Does it support DOM-based XSS detection?

Yes, it includes specific workflows for identifying vulnerable JavaScript sinks and user-controllable sources like location.hash or postMessage data.

What kind of payloads does the skill provide?

It offers a wide range of payloads for cookie theft, session hijacking, keylogging, and UI redressing, as well as various encoding bypasses for filtered inputs.

Can I use this skill on any website?

No, you must have explicit written authorization and legal permission before performing security testing on any application or domain.

Does it provide remediation advice?

Yes, the skill includes detailed recommendations for input sanitization, context-aware output encoding, and robust Content Security Policy (CSP) configurations.

Is this skill safe for production environments?

While the skill includes guardrails advising against damaging payloads, security testing should ideally be conducted in staging or dedicated lab environments to avoid disrupting real users.

XSS & HTML Injection Security Testing

Name: XSS & HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

•

安全与测试

Identifies, exploits, and remediates cross-site scripting and HTML injection vulnerabilities in web applications using advanced detection and bypass techniques.

This skill provides a systematic framework for security professionals and developers to conduct comprehensive client-side injection assessments. It covers the full lifecycle of vulnerability management—from the initial detection of reflected, stored, and DOM-based XSS to the development of proof-of-concept payloads and the implementation of robust remediation strategies like Content Security Policy (CSP). It is an essential tool during penetration testing or security audits to ensure web applications are resilient against session hijacking, credential theft, and unauthorized content manipulation while providing detailed guidance on modern filter bypasses and encoding techniques.

主要功能

01Extensive library of bypass techniques for WAFs and input filters

02Practical exploitation templates for session hijacking and cookie theft demonstrations

03Comprehensive detection workflows for Stored, Reflected, and DOM-based XSS

04Detailed remediation guidance including CSP configurations and encoding best practices

05Advanced HTML injection patterns for phishing and UI redressing testing

061 GitHub stars

使用场景

01Conducting professional web application penetration tests and security audits

02Validating the effectiveness of input sanitization and output encoding mechanisms

03Demonstrating the business impact of client-side vulnerabilities through safe Proof-of-Concepts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill