Can this skill help with Remote Code Execution (RCE)?

Yes, this skill includes advanced workflows for escalating Local File Inclusion (LFI) to RCE through techniques like log poisoning, PHP wrappers, and session file inclusion.

Which security tools are integrated into this workflow?

The methodology utilizes industry-standard tools including Burp Suite, ffuf, dotdotpwn, curl, and SecLists for automated and manual testing.

Does this skill support both Linux and Windows servers?

Yes, it provides specific payloads and targets high-value files for both operating systems, including /etc/passwd for Linux and win.ini for Windows.

Is it safe to use these commands on production servers?

These techniques should only be performed on systems you are authorized to test. The skill is designed for security professionals working within the scope of a penetration testing agreement.

What is directory traversal testing?

Directory traversal testing is the process of checking if a web application's file-handling parameters allow an attacker to access sensitive files outside of the intended directory, such as system configuration or password files.

Directory Traversal Security Testing

Name: Directory Traversal Security Testing
Author: mukul975

bymukul975

•

4,120

•

安全与测试

Identifies and exploits path traversal and Local File Inclusion (LFI) vulnerabilities in web applications to protect sensitive server data.

This skill provides a comprehensive framework for security professionals to test web applications for directory traversal and file inclusion vulnerabilities. It covers identifying vulnerable parameters, applying advanced encoding bypass techniques, and automating discovery with industry-standard tools like ffuf and dotdotpwn. Beyond simple discovery, it guides users through escalating Local File Inclusion (LFI) to Remote Code Execution (RCE) and identifying high-value system files on both Linux and Windows environments, ensuring a thorough security assessment.

主要功能

014,120 GitHub stars

02Advanced encoding bypass techniques including URL, UTF-8, and Null Byte injection

03Comprehensive payload sets for Linux and Windows path traversal

04Automation workflows for ffuf, dotdotpwn, and Burp Suite Professional

05LFI to RCE escalation methods using log poisoning and PHP wrappers

06Standardized reporting format for documenting and remediating security findings

使用场景

01Conducting authorized penetration tests on file-handling web endpoints and APIs

02Verifying the effectiveness of WAF filters and input validation against traversal attacks

03Auditing web application templates and image processing logic for path validation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-directory-traversal-testing

For use in Claude.ai and ChatGPT

主要功能

014,120 GitHub stars

02Advanced encoding bypass techniques including URL, UTF-8, and Null Byte injection

03Comprehensive payload sets for Linux and Windows path traversal

04Automation workflows for ffuf, dotdotpwn, and Burp Suite Professional

05LFI to RCE escalation methods using log poisoning and PHP wrappers

06Standardized reporting format for documenting and remediating security findings

使用场景

01Conducting authorized penetration tests on file-handling web endpoints and APIs

02Verifying the effectiveness of WAF filters and input validation against traversal attacks

03Auditing web application templates and image processing logic for path validation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-directory-traversal-testing

For use in Claude.ai and ChatGPT