Skills

hunt-nodejs

Installation
SKILL.md

HUNT-NODEJS — Node.js Specific Vulnerabilities

Crown Jewel Targets

Prototype Pollution reaching a sink in Node.js backend = Critical RCE.

Highest-value chains:

  • Prototype Pollution → RCE__proto__ injection via lodash.merge / Object.assign → polluted prototype reaches child_process.exec or vm.runInNewContext sink
  • Express trust proxyapp.set('trust proxy', true) without validation → attacker sets X-Forwarded-For to bypass IP allowlists or rate limits
  • EJS/Pug SSTI — template engine receives user input → {{= process.mainModule.require('child_process').execSync('id') }}
  • child_process injection — user input interpolated into shell command string → OS command injection
  • require() path traversal — attacker-controlled module path → load arbitrary file as JS

Attack Surface Signals

Installs
9
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
Jun 5, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-nodejs — elementalsouls/claude-bughunter