Which programming languages does Route Analyzer support?

It supports a wide range of web development languages including Java (Spring, Shiro), Python (Django, Flask, FastAPI), Node.js (Express, NestJS), Go (Gin, Echo), and PHP (Laravel, Symfony).

Does this skill provide security fixes for vulnerabilities?

No, Route Analyzer focuses on objective discovery and reporting. It provides a map of the current security state but does not suggest code changes or remediation strategies.

How does it differentiate between PreAuth and PostAuth?

The skill analyzes the project's authentication boundaries—including global filters, decorators, and middleware configurations—to determine if a specific route requires a valid session or token or is exposed to the public.

Can it detect hidden endpoints in third-party modules?

Yes, the skill is configured to scan the entire project structure, including third-party directory contents, to ensure a complete and exhaustive routing map is generated.

Route Analyzer for Security Audits

Name: Route Analyzer for Security Audits
Author: H4cking2theGate

byH4cking2theGate

•

Security & Testing

Analyzes web project authentication architectures and API endpoints to generate detailed PreAuth and PostAuth security classification reports.

Route Analyzer is a specialized Claude Code skill designed for security researchers and developers to systematically map a web application's attack surface. It identifies authentication boundaries across various layers—including frameworks, middlewares, and interceptors—to categorize every API route as either PreAuth (publicly accessible) or PostAuth (requiring authentication). By automating the discovery of auth bypasses and unprotected endpoints across Java, Python, Node.js, Go, and PHP projects, it provides a comprehensive security overview that is essential for penetration testing reconnaissance and deep code audits.

Key Features

01Standardized security reporting for audit documentation and prioritization

02Automated classification of routes into PreAuth and PostAuth security categories

03Multi-language support for Java, Python, Node.js, Go, and PHP frameworks

04Full-path API endpoint mapping to eliminate hidden attack surfaces

054 GitHub stars

06Deep-dive identification of authentication boundaries in middleware and interceptors

Use Cases

01Systematic identification of unauthorized access vulnerabilities in complex API structures

02Security code audits to establish an access control baseline for unfamiliar codebases

03Reconnaissance for penetration testing to identify unauthenticated entry points

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add h4cking2thegate/auditskills analyzing-routes

For use in Claude.ai and ChatGPT

Download Skill