Is remediation advice included in the output?

Yes, every assessment provides actionable remediation recommendations, ranging from output encoding best practices to specific Content Security Policy (CSP) directives.

Can this skill detect DOM-based XSS vulnerabilities?

Yes, it specifically targets DOM-based XSS by identifying dangerous sinks like innerHTML and eval() and matching them with user-controllable sources like location.hash.

Does it provide payloads for bypassing security filters?

Absolutely. It includes a comprehensive library of bypass techniques including HTML entity encoding, JavaScript obfuscation, and malformed tag variations to test filter robustness.

Can I use this for automated security scanning?

While the skill provides the logic and payloads for testing, it is designed to be used by a developer or security professional to guide manual or semi-automated security audits.

XSS & HTML Injection Security Testing

Name: XSS & HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Conducts comprehensive security audits to identify, exploit, and remediate Cross-Site Scripting and HTML injection vulnerabilities in web applications.

关于

This skill provides a systematic framework for security researchers and developers to perform deep-dive client-side injection assessments. It covers the entire vulnerability lifecycle, from identifying reflection points and sources in the DOM to crafting advanced bypass payloads for stored, reflected, and DOM-based XSS. By simulating real-world attack vectors like session hijacking and credential theft, it helps teams validate their sanitization logic and Content Security Policy (CSP) implementations to ensure production environments remain resilient against malicious script execution.

主要功能

Systematic detection of stored, reflected, and DOM-based XSS vectors
HTML injection testing for content manipulation and form hijacking
Advanced filter bypass techniques using encoding, obfuscation, and tag variations
0 GitHub stars
Proof-of-concept payload generation for session hijacking and data exfiltration
Remediation guidance with specific encoding and CSP configuration strategies

使用场景

Generating detailed security reports and PoCs for bug bounty submissions
Performing pre-deployment security audits on web application input fields
Validating the effectiveness of custom WAF rules or sanitization libraries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于