Can this skill help with automated security scans?

Yes, it provides patterns for using industry-standard tools like Burp Suite and OWASP ZAP, along with custom Python fuzzing scripts for automated vulnerability detection.

Does it provide remediation advice for developers?

Absolutely, the skill includes secure coding practices for PHP, Python, and JavaScript to properly sanitize user inputs and encode outputs using context-aware escaping.

What is the difference between HTML injection and XSS?

While both involve injecting content, HTML injection focuses on rendering HTML tags to change page appearance or create phishing forms, whereas XSS involves executing malicious JavaScript code in the browser.

What types of injection does this cover?

It covers stored injection, reflected (GET/POST) injection, and URL-based injection, including advanced CSS, meta tag, and iframe injection techniques.

HTML Injection Security Testing

Name: HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Identifies and exploits HTML injection vulnerabilities to secure web applications against content manipulation and phishing attacks.

关于

This skill provides a comprehensive framework for security professionals and developers to detect, test, and remediate HTML injection vulnerabilities. It guides users through mapping potential injection surfaces—such as search bars, user profiles, and URL parameters—and provides a vast library of payloads for testing defacement, phishing overlays, and filter bypasses. By integrating both manual methodologies and automated testing patterns, the skill helps ensure web applications are resilient against malicious content injection, credential theft, and unauthorized site modifications.

主要功能

Phishing simulation techniques using injected forms and overlays
Advanced filter bypass strategies for escaping WAFs and sanitizers
Comprehensive payload library for reflected and stored HTML injection
0 GitHub stars
Remediation guidance with secure coding practices for multiple languages
Step-by-step methodologies for manual and automated security auditing

使用场景

Implementing secure input validation and output encoding to prevent vulnerabilities
Performing security audits on web application input fields and URL parameters
Simulating phishing and defacement attacks during penetration testing

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于