How does this skill help bypass WAFs and filters?

It includes a variety of encoding and obfuscation techniques such as URL encoding, double encoding, Unicode/UTF-8 variations, and nested traversal sequences to evade simple pattern-matching security filters.

Can I use this skill to fix vulnerabilities?

Yes, the skill provides secure coding best practices, including input validation, whitelisting, and path canonicalization examples in languages like PHP and Python to prevent traversal attacks.

Which operating systems are supported by this skill?

The skill provides specific payloads and high-value target file paths for both Linux (e.g., /etc/shadow, /proc/self/environ) and Windows (e.g., win.ini, boot.ini) environments.

What is file path traversal testing?

File path traversal testing is a security assessment process used to determine if a web application allows users to access files and directories stored outside the web root folder by manipulating variables that reference files.

File Path Traversal Testing

Name: File Path Traversal Testing
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Identifies, exploits, and remediates directory traversal and Local File Inclusion (LFI) vulnerabilities using structured testing methodologies.

关于

The File Path Traversal Testing skill provides Claude with a specialized framework for conducting security audits on web applications that handle filesystem operations. It covers the entire lifecycle of a traversal attack, from identifying vulnerable parameters like file, path, or template, to executing complex bypasses involving encoding, null bytes, and PHP wrappers. This skill is ideal for security researchers and developers who need to verify if an application can be forced to disclose sensitive files like /etc/passwd or Windows configuration files, and it offers actionable remediation code to secure these endpoints against unauthorized access.

主要功能

Secure coding guidelines and remediation patterns for multiple languages
Comprehensive payload library for directory traversal and LFI
OS-specific target lists for Linux and Windows system files
Advanced filter bypass techniques including double encoding and null bytes
Methodologies for escalating LFI to Remote Code Execution (RCE)
0 GitHub stars

使用场景

Auditing legacy web applications for insecure file inclusion patterns
Performing penetration tests on file upload and download functionalities
Generating proof-of-concept payloads for security vulnerability reports

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter file-path-traversal

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于