Does this skill work for DOM-based XSS?

Yes, it identifies dangerous sinks like innerHTML and sources like location.hash to map and test DOM-based vulnerabilities.

What types of injection does it cover?

The skill covers Stored XSS, Reflected XSS, DOM-based XSS, and various forms of HTML injection including content and form hijacking.

Can it bypass Content Security Policies (CSP)?

It provides techniques to identify CSP weaknesses and craft specific payloads designed to test and bypass restrictive security headers.

Does it provide remediation advice?

Yes, every assessment includes specific recommendations for input validation, output encoding, and secure configuration of security headers.

XSS & HTML Injection Security Testing

Name: XSS & HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Performs comprehensive security assessments to detect, exploit, and remediate Cross-Site Scripting (XSS) and HTML injection vulnerabilities in web applications.

This skill equips Claude with a robust framework for identifying and validating client-side injection flaws across stored, reflected, and DOM-based vectors. It provides a systematic workflow for security researchers to craft proof-of-concept payloads, test filter bypasses, and demonstrate the impact of session hijacking or credential theft in controlled environments. Beyond exploitation, it offers detailed remediation strategies, including Content Security Policy (CSP) configurations and input sanitization best practices, to help developers harden their applications against modern web attacks.

主要功能

01Demonstration templates for session hijacking and data exfiltration

02Advanced bypass techniques for filters, WAFs, and encoding schemes

03Automated identification of input reflection points and vulnerable sinks

040 GitHub stars

05Comprehensive payload library for Stored, Reflected, and DOM-based XSS

06Detailed remediation guidance including CSP and output encoding

使用场景

01Generating proof-of-concept exploits for vulnerability reporting

02Validating the effectiveness of input sanitization and WAF rules

03Conducting security audits on web application input fields and forms

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill