ssrf AI Agent Skills

Browse 30 skills related to ssrf

AWS Penetration Testing

21.9k
davila7davila7

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

132 days ago

AWS Penetration Testing

3.5k
zebbernzebbern

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

132 days ago

openclaw-sec

1.8k
Openclaw Skills Openclaw SecOpenclaw Skills Openclaw Sec

AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations

133 days ago

clawdefender

1.8k
openclawopenclaw

Security scanner and input sanitizer for AI agents. Detects prompt injection, command injection, SSRF, credential exfiltration, and path traversal attacks. Use when (1) installing new skills from ClawHub, (2) processing external input like emails, calendar events, Trello cards, or API responses, (3) validating URLs before fetching, (4) running security audits on your workspace. Protects agents from malicious content in untrusted data sources.

133 days ago

ssrf-testing

879
Ed1s0nZEd1s0nZ

Professional skills and methodologies for SSRF server-side request forgery testing

132 days ago

ssrf

365
Yhy0 Chying Agent SsrfYhy0 Chying Agent Ssrf

服务端请求伪造漏洞检测与利用。当目标存在 URL 参数、远程文件加载、Webhook、PDF 生成、URL 预览功能时使用。

132 days ago

xxe-testing

253
Anshumanbh Securevibes Xxe TestingAnshumanbh Securevibes Xxe Testing

Validate XML External Entity (XXE) injection vulnerabilities including file disclosure, SSRF, denial of service, and blind XXE via out-of-band channels. Test by injecting malicious XML with external entity references into endpoints that parse XML. Use when testing CWE-611 (XXE), CWE-827 (Improper Control of Document Type Definition), or related XML parsing vulnerabilities.

132 days ago

security-practices

83
esereser

Security practices including secrets management, input validation, SSRF prevention, and production hardening. Use for security-sensitive code.

133 days ago

pentest

43
transilienceaitransilienceai

Penetration testing orchestrator that coordinates specialized attack agents. Provides attack indexes, methodology frameworks, and documentation. Execution delegated to specialized agents (SQL Injection, XSS, SSRF, etc.). Use for engagement planning and attack coordination.

132 days ago

CTF Web Solver

16
Tokeii0Tokeii0

当用户正在进行 CTF 比赛或练习,遇到 Web 类型题目时触发此 Skill。 适用场景包括: - 用户描述了 SQL 注入、XSS、SSRF、SSTI、XXE、文件包含、命令执行等 Web 安全问题 - 用户需要进行信息搜集、目录扫描、端口扫描等渗透前期工作 - 用户遇到 PHP 特性利用、反序列化、JWT 伪造等高级攻击场景 - 用户提及 "CTF"、"Web"、"渗透"、"注入"、"绕过"、"漏洞" 等关键词 - 用户需要分析 Java 代码审计、区块链安全、组件漏洞利用等问题 - 用户需要构造 payload、编写 exploit、分析 WAF 绕过策略

133 days ago

AWS Penetration Testing

14
zebbernzebbern

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

awscloud-securitypenetration-testing+4
132 days ago

api-security

13
williamzujkowskiwilliamzujkowski

1. Broken Object Level Authorization (BOLA) - API fails to validate user access to objects 2. Broken Authentication - Weak or missing authentication mechanisms 3. Broken Object Property Level Authorization - Missing field-level access control 4. Unrestricted Resource Consumption - No rate limiting or throttling 5. Broken Function Level Authorization - Missing authorization checks on endpoints 6. Unrestricted Access to Sensitive Business Flows - Automated abuse of legitimate workflows 7. Server Side Request Forgery (SSRF) - API accepts URLs without validation 8. Security Misconfiguration - Insecure default configs, verbose errors 9. Improper Inventory Management - Undocumented/deprecated APIs in production 10. Unsafe Consumption of APIs - Trusting third-party API data without validation

132 days ago

testing-web-applications

5
trilwutrilwu

Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, and API flaws. Use when pentesting web apps, analyzing authentication, or exploiting OWASP Top 10 vulnerabilities.

132 days ago

AWS Penetration Testing

5
agent-skills-hubagent-skills-hub

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

132 days ago

audit-security

4
pwittchenpwittchen

Quick security audit checking for hardcoded secrets, SSRF vectors, injection points, dependency issues, and missing security headers

132 days ago

exploiting-server-side-request-forgery

2
mukul975mukul975

Identifying and exploiting SSRF vulnerabilities to access internal services, cloud metadata, and restricted network resources during authorized penetration tests.

penetration-testingssrfowasp+3
132 days ago

conducting-cloud-penetration-testing

2
mukul975mukul975

This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.

cloud-pentestingoffensive-securityaws-exploitation+2
132 days ago

performing-blind-ssrf-exploitation

2
mukul975mukul975

Detect and exploit blind Server-Side Request Forgery vulnerabilities using out-of-band techniques, DNS interactions, and timing analysis to access internal services and cloud metadata endpoints.

blind-ssrfssrfout-of-band+4
132 days ago

exploiting-api-injection-vulnerabilities

2
mukul975mukul975

Tests APIs for injection vulnerabilities including SQL injection, NoSQL injection, OS command injection, LDAP injection, and Server-Side Request Forgery (SSRF) through API parameters, headers, and request bodies. The tester crafts malicious payloads targeting different backend technologies and injection contexts to extract data, execute commands, or access internal services. Maps to OWASP API8:2023 Security Misconfiguration and API7:2023 SSRF. Activates for requests involving API injection testing, SQLi in APIs, NoSQL injection, SSRF testing, or API input validation assessment.

api-securityowaspinjection+4
132 days ago

testing-for-xxe-injection-vulnerabilities

2
mukul975mukul975

Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.

penetration-testingxxexml-injection+3
132 days ago

testing-for-host-header-injection

2
mukul975mukul975

Test web applications for HTTP Host header injection vulnerabilities to identify password reset poisoning, web cache poisoning, SSRF, and virtual host routing manipulation risks.

host-header-injectionpassword-reset-poisoningcache-poisoning+4
132 days ago

AWS Penetration Testing

haniakrim21haniakrim21

Use this skill when a user asks to 'pentest AWS', 'test AWS security', 'enumerate IAM', 'exploit cloud infrastructure', 'AWS privilege escalation', 'S3 bucket testing', 'metadata SSRF', 'Lambda exploitation', or needs guidance on Amazon Web Services security assessment.

132 days ago

Secure Code Review

narlyseorgnarlyseorg

Use when reviewing source code for security vulnerabilities, performing static analysis of a codebase, or auditing code for injection flaws, authentication issues, cryptographic weaknesses, insecure deserialization, SSRF, path traversal, memory-safety bugs, hardcoded secrets, or misconfigurations. Use when the user asks to find security bugs in code, assess code quality from a security perspective, review pull requests for security implications, perform dependency audits, run secrets scans, or review application configuration in source.

132 days ago

AWS Penetration Testing

oki3505Foki3505F

This skill should be used when the user asks to "pentest AWS", "test AWS security", "enumerate IAM", "exploit cloud infrastructure", "AWS privilege escalation", "S3 bucket testing", "metadata SSRF", "Lambda exploitation", or needs guidance on Amazon Web Services security assessment.

132 days ago

API Pentest

Poatan222Poatan222

Targeted API penetration testing using a GTFO-first approach: find the highest-impact vulnerability fast, prove it with a PoC, and move on. Covers five attack families: AuthN/AuthZ, BOLA/IDOR, Input Validation, SSRF, and Business Logic. Each family is a loadable module with specific test cases, payloads, and PoC templates. Trigger when user mentions "API pentest", "API security test", "test this API", "find vulnerabilities in this endpoint", "BOLA", "IDOR", "broken auth", "injection test", "SSRF", "business logic flaw", "API attack", or shares API docs, Swagger/OpenAPI specs, Postman collections, or curl commands.

132 days ago

webapp-pentesting

narlyseorgnarlyseorg

Use when testing web applications for security vulnerabilities, performing webapp penetration tests, assessing OWASP Top 10 risks, testing for XSS/SQLi/CSRF/SSRF/IDOR/auth bypass, fuzzing web endpoints, scanning web servers, intercepting HTTP traffic, testing file uploads, evaluating session management, or when the target is a browser-accessible web application requiring comprehensive security assessment.

132 days ago

remediation

DryRunSecurityDryRunSecurity

Helps fix security vulnerabilities identified by DryRunSecurity. Activates when the user shares a DryRunSecurity comment (from a GitHub PR or GitLab MR) or asks for help fixing any security finding including SQL injection, XSS, CSRF, SSRF, path traversal, command injection, authentication bypass, authorization flaws, and prompt injection. Researches authoritative sources and applies fixes grounded in the user's specific codebase context.

132 days ago

openclaw-sec

BJS-Innovation-LabBJS-Innovation-Lab

AI Agent Security Suite - Real-time protection against prompt injection, command injection, SSRF, path traversal, secrets exposure, and content policy violations

132 days ago

gcp-ssrf

hminooeihminooei

Use this skill when users need to audit, detect, or remediate Server-Side Request Forgery (OWASP A10:2021) vulnerabilities on Google Cloud Platform. This includes auditing VPC firewall rules for overly permissive egress, reviewing VPC Service Controls perimeter configuration, deploying Cloud Armor rules to block SSRF attack patterns, and protecting against metadata endpoint abuse. Activate for SSRF protection, egress control, VPC firewall hardening, VPC Service Controls configuration, or OWASP A10 compliance.

132 days ago

security-best-practices

lklimeklklimek

Secure programming best practices based on the OWASP Cheat Sheet Series. Use this skill whenever writing, reviewing, or discussing application security, input validation, authentication, authorization, cryptography, session management, error handling, logging, or any code that handles user input, secrets, HTTP headers, file uploads, or API endpoints. Also use when someone asks about preventing common vulnerabilities (XSS, SQL injection, CSRF, SSRF, etc.), securing infrastructure (Docker, Kubernetes, CI/CD), or reviewing dependencies for supply chain risks. This skill should be consulted proactively during code review and security audit tasks, even if the user does not explicitly mention security.

132 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network