xxe AI Agent Skills
Browse 10 skills related to xxe
xxe-testing
XXE XML外部实体注入测试的专业技能和方法论
xxe-testing
Validate XML External Entity (XXE) injection vulnerabilities including file disclosure, SSRF, denial of service, and blind XXE via out-of-band channels. Test by injecting malicious XML with external entity references into endpoints that parse XML. Use when testing CWE-611 (XXE), CWE-827 (Improper Control of Document Type Definition), or related XML parsing vulnerabilities.
CTF Web Solver
当用户正在进行 CTF 比赛或练习,遇到 Web 类型题目时触发此 Skill。 适用场景包括: - 用户描述了 SQL 注入、XSS、SSRF、SSTI、XXE、文件包含、命令执行等 Web 安全问题 - 用户需要进行信息搜集、目录扫描、端口扫描等渗透前期工作 - 用户遇到 PHP 特性利用、反序列化、JWT 伪造等高级攻击场景 - 用户提及 "CTF"、"Web"、"渗透"、"注入"、"绕过"、"漏洞" 等关键词 - 用户需要分析 Java 代码审计、区块链安全、组件漏洞利用等问题 - 用户需要构造 payload、编写 exploit、分析 WAF 绕过策略
security-audit
Security audit patterns for PHP/OWASP. Use when conducting security assessments, identifying vulnerabilities (XXE, SQL injection, XSS), or CVSS scoring.
testing-web-applications
Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, and API flaws. Use when pentesting web apps, analyzing authentication, or exploiting OWASP Top 10 vulnerabilities.
pentest-injection-engine
Systematically test authorized targets for SQL, XSS, SSTI, XXE, command, and request-smuggling injection classes.
performing-soap-web-service-security-testing
Perform security testing of SOAP web services by analyzing WSDL definitions and testing for XML injection, XXE, WS-Security bypass, and SOAPAction spoofing.
testing-for-xxe-injection-vulnerabilities
Discovering and exploiting XML External Entity injection vulnerabilities to read server files, perform SSRF, and exfiltrate data during authorized penetration tests.
testing-for-xml-injection-vulnerabilities
Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.
irify-sast
IRify SAST — AI-powered static application security testing. Compile source code into SSA IR, then use SyntaxFlow DSL to trace data flow across function boundaries, detect vulnerabilities (SQLi, RCE, XXE), and answer questions like "where does user input go?". Supports 7 languages (Java, PHP, JS, Go, Python, C, Yak) and incremental compilation via ProgramOverLay. Requires yaklang MCP server: yak mcp -t ssa