explainx.ainewsletter3.4k
tag

penetration-testing

44 indexed skills · max 10 per page

skills (44)

testing-for-xxe-injection-vulnerabilities

mukul975/Anthropic-Cybersecurity-Skills · testing-for-xxe-injection-vulnerabilities

1

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.

intercepting-mobile-traffic-with-burpsuite

mukul975/Anthropic-Cybersecurity-Skills · intercepting-mobile-traffic-with-burpsuite

0

Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure API communications, authentication flaws, data leakage, and server-side vulnerabilities. Use when performing mobile application penetration testing, assessing API security, or evaluating client-server communication patterns. Activates for requests involving mobile traffic interception, Burp Suite mobile proxy, API security testing, or mobile HTTPS analysis.

exploiting-vulnerabilities-with-metasploit-framework

mukul975/Anthropic-Cybersecurity-Skills · exploiting-vulnerabilities-with-metasploit-framework

0

The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules

testing-mobile-api-authentication

mukul975/Anthropic-Cybersecurity-Skills · testing-mobile-api-authentication

0

Tests authentication and authorization mechanisms in mobile application APIs to identify broken authentication, insecure token management, session fixation, privilege escalation, and IDOR vulnerabilities. Use when performing API security assessments against mobile app backends, testing JWT implementations, evaluating OAuth flows, or assessing session management. Activates for requests involving mobile API auth testing, token security assessment, OAuth mobile flow testing, or API authorization bypass.

performing-mobile-app-certificate-pinning-bypass

mukul975/Anthropic-Cybersecurity-Skills · performing-mobile-app-certificate-pinning-bypass

0

Bypasses SSL/TLS certificate pinning implementations in Android and iOS applications to enable traffic interception during authorized security assessments. Covers OkHttp, TrustManager, NSURLSession, and third-party pinning library bypass techniques using Frida, Objection, and custom scripts. Activates for requests involving certificate pinning bypass, SSL pinning defeat, mobile TLS interception, or proxy-resistant app testing.

exploiting-deeplink-vulnerabilities

mukul975/Anthropic-Cybersecurity-Skills · exploiting-deeplink-vulnerabilities

0

Tests and exploits deep link (URL scheme and App Link) vulnerabilities in Android and iOS mobile applications to identify unauthorized access, data injection, intent hijacking, and redirect manipulation. Use when assessing mobile app attack surface through custom URI schemes, Android App Links, iOS Universal Links, or intent-based navigation. Activates for requests involving deep link security testing, URL scheme exploitation, mobile intent abuse, or link hijacking.

performing-graphql-security-assessment

mukul975/Anthropic-Cybersecurity-Skills · performing-graphql-security-assessment

0

Assessing GraphQL API endpoints for introspection leaks, injection attacks, authorization flaws, and denial-of-service vulnerabilities during authorized security tests.

performing-jwt-none-algorithm-attack

mukul975/Anthropic-Cybersecurity-Skills · performing-jwt-none-algorithm-attack

0

Execute and test the JWT none algorithm attack to bypass signature verification by manipulating the alg header field in JSON Web Tokens.

exploiting-insecure-data-storage-in-mobile

mukul975/Anthropic-Cybersecurity-Skills · exploiting-insecure-data-storage-in-mobile

0

Identifies and exploits insecure local data storage vulnerabilities in Android and iOS mobile applications including unencrypted databases, world-readable files, insecure SharedPreferences, plaintext credential storage, and improper keychain/keystore usage. Use when performing mobile penetration testing focused on OWASP M9 (Insecure Data Storage) or assessing compliance with MASVS-STORAGE requirements. Activates for requests involving mobile data storage security, local storage exploitation, SharedPreferences analysis, or mobile data leakage assessment.

exploiting-template-injection-vulnerabilities

mukul975/Anthropic-Cybersecurity-Skills · exploiting-template-injection-vulnerabilities

0

Detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities across Jinja2, Twig, Freemarker, and other template engines to achieve remote code execution.

prevpage 1 / 5next