Skills

offensive-toctou

Installation
SKILL.md

TOCTOU — Time-of-Check / Time-of-Use Exploitation

A TOCTOU bug exists wherever code checks a property (file owner, path target, token validity, balance) and then acts on it as if the property still holds. Between check and use is a window — your job is to widen it and swap the underlying object.

Quick Workflow

  1. Identify the check (syscall, function, validation step) and the use (the privileged action)
  2. Confirm the check and use don't operate on the same kernel object (FD, inode, atomic snapshot)
  3. Build a primitive that swaps the object between check and use (symlink, mount, mv, parallel request)
  4. Widen the window with FUSE, slow filesystems, scheduler tricks, or single-packet HTTP/2
  5. Run a tight loop and confirm the post-use state corresponds to the swapped target

The Core Pattern

Installs
30
Repository
snailsploit/claude-red
GitHub Stars
2.3K
First Seen
May 8, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
offensive-toctou — snailsploit/claude-red