← Back to list
web-security
by kiwamizamurai
CTF (Capture The Flag) learning workspace with writeups and solution scripts
⭐ 1🍴 0📅 Jan 22, 2026
Run in ManusSKILL.md
name: web-security description: Exploits web application vulnerabilities. Use when working with SQL injection, XSS, SSRF, SSTI, command injection, path traversal, authentication bypass, deserialization, or any web-based CTF challenge. allowed-tools: Bash, Read, Write, Grep, Glob
Web Security Skill
Quick Workflow
Progress:
- [ ] Identify technology stack
- [ ] Check common files (robots.txt, .git)
- [ ] Test injection points (SQLi, XSS, SSTI)
- [ ] Check authentication/session flaws
- [ ] Develop exploit
- [ ] Extract flag
Quick Recon
# Directory enumeration
gobuster dir -u http://target -w /usr/share/wordlists/dirb/common.txt
ffuf -u http://target/FUZZ -w wordlist.txt
# Technology detection
whatweb http://target
curl -I http://target
# Check robots.txt, .git exposure
curl http://target/robots.txt
curl http://target/.git/HEAD
Vulnerability Reference
| Vulnerability | Reference File |
|---|---|
| SQL Injection | reference/sqli.md |
| XSS | reference/xss.md |
| SSTI | reference/ssti.md |
| Command Injection | reference/command-injection.md |
| SSRF / Path Traversal | reference/ssrf-lfi.md |
| Auth Bypass / Deserialization | reference/auth-deser.md |
Tools Quick Reference
| Tool | Purpose | Command |
|---|---|---|
| sqlmap | SQLi automation | sqlmap -u URL --dbs |
| commix | Command injection | commix -u URL |
| tplmap | SSTI automation | tplmap -u URL |
| ffuf | Fuzzing | ffuf -u URL/FUZZ -w wordlist |
| Burp Suite | Proxy/intercept | GUI |
| jwt_tool | JWT attacks | jwt_tool TOKEN |
Score
Total Score
55/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
○説明文
100文字以上の説明がある
0/10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
