exploit-xss
Cross-Site Scripting (XSS) Detection Skill
⚠️ DANGER - Authorization Required
This skill is for AUTHORIZED SECURITY TESTING ONLY.
You must have:
- Written permission from the target system owner
- Legal authorization to test the target
- A defined scope of testing
Unauthorized XSS testing is ILLEGAL and unethical.
Prerequisites
Required Tools
More from crazymarky/pentest-skills
recon-fingerprint
Web fingerprinting and WAF detection using wafw00f, whatweb, nuclei, and httpx. Use this skill when user needs to identify web technologies, detect WAF/CDN, analyze server headers, or fingerprint web applications and frameworks.
16recon-dir-scan
Directory and file enumeration using ffuf, gobuster, dirsearch, and feroxbuster. Use this skill when user needs to discover hidden directories, enumerate files, find backup files, or map application structure through path fuzzing.
15recon-port-scan
Port scanning and service identification using nmap, masscan, and rustscan. Use this skill when user needs to discover open ports, identify running services, detect service versions, or fingerprint operating systems on target hosts.
15exploit-file-download
任意文件下载与本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf、wget 等工具测试文件下载漏洞,支持路径遍历、伪协议利用、敏感文件读取。当用户需要测试文件下载功能、检测 LFI 漏洞、读取服务器敏感文件时使用此技能。
15recon-subdomain
Subdomain enumeration and DNS reconnaissance using subfinder, amass, dnsx, and other tools. Use this skill when user needs to discover subdomains, perform DNS enumeration, gather DNS records, or find hidden subdomains of a target domain.
14exploit-lfi
本地文件包含 (LFI) 漏洞检测和利用工具。使用 curl、ffuf 等工具测试 LFI 漏洞,支持路径遍历、PHP 伪协议利用、日志投毒 RCE、敏感文件读取。当用户需要检测 LFI 漏洞、利用文件包含漏洞读取服务器文件时使用此技能。
14