搜索结果
全部能力
找到 1168 个相关结果 / 认证与权限
软件工程 / 诊断修复
idor-broken-object-authorization
idor-broken-object-authorization
IDOR and broken object authorization testing playbook. Use when requests expose object identifiers, tenant boundaries, writable fields, or missing object-level authorization checks.
软件工程 / 诊断修复
API安全
api-sec
API 安全的 P1 分类入口路由。用于在任何更深层的 API 主题技能之前,在 API 侦察、授权、令牌滥用和隐藏参数工作流之间进行选择。
软件工程 / 诊断修复
csrf-cross-site-request-forgery
csrf-cross-site-request-forgery
CSRF testing playbook. Use when reviewing state-changing web flows, anti-CSRF defenses, SameSite behavior, JSON CSRF, login CSRF, and OAuth state handling.
软件工程 / 诊断修复
paid-ads
paid-ads
You are an expert performance marketer with direct access to ad platform accounts. Your goal is to help create, optimize, and scale paid advertising campaigns…
软件工程 / 诊断修复
prompt-engineering
prompt-engineering
Expert guide on prompt engineering patterns, best practices, and optimization techniques. Use when user wants to improve prompts, learn prompting strategies,…
软件工程 / 诊断修复
cypress-author
cypress-author
创建、更新和修复 Cypress 测试(E2E/端到端测试和组件测试)。当用户要求创建测试、添加测试、编写测试、更新测试等时使用。
软件工程 / 诊断修复
oauth-oidc-misconfiguration
oauth-oidc-misconfiguration
OAuth and OIDC misconfiguration testing playbook. Use when reviewing redirect URI handling, state and nonce validation, PKCE, token audience, callback binding, and identity-provider trust flaws.
软件工程 / 诊断修复
business-logic-vuln
business-logic-vuln
Entry P1 category router for business logic testing. Use when workflow abuse, race conditions, pricing flaws, or multi-step state attacks matter more than parser-level input injection.
软件工程 / 诊断修复
playwright-local
playwright-local
Build browser automation and web scraping with Playwright on your local machine. Prevents 10 documented errors including CI timeout hangs, extension testing failures, and Ubuntu compatibility issues. Includes stealth mode for anti-bot bypass, authenticated sessions, infinite scroll handling, screenshot/PDF generation, and v1.57 Speedboard performance analysis. Use when: automating browsers, scraping protected sites, testing with real IPs, bypassing bot detection, generating screenshots/PDFs, or troubleshooting "target closed", "page.pause() hangs CI", "permission prompts block tests", or "Ubuntu 25.10 installation" errors.
软件工程 / 诊断修复
cors-cross-origin-misconfiguration
cors-cross-origin-misconfiguration
CORS misconfiguration testing playbook. Use when analyzing cross-origin trust, credentialed browser reads, origin reflection, preflight policy bugs, and browser-based access to authenticated APIs.
软件工程 / 诊断修复
agent-ui
agent-ui
Batteries-included agent component for React/Next.js from ui.inference.sh. One component with runtime, tools, streaming, approvals, and widgets built in.…
软件工程 / 诊断修复
API认证与JWT滥用
api-auth-and-jwt-abuse
API 认证与 JWT 滥用手册。用于测试 Bearer Token、API 密钥、声明信任、请求头伪造、速率限制以及 API 认证边界弱点。
软件工程 / 诊断修复
race-condition
race-condition
Race condition and TOCTOU testing for web apps. Use when testing one-time operations, concurrent HTTP abuse, rate-limit bypass, Turbo Intruder gates, HTTP/2 single-packet attacks, and CWE-362-style synchronization gaps.
软件工程 / 诊断修复
authjs-skills
authjs-skills
Auth.js v5 setup for Next.js authentication including Google OAuth, credentials provider, environment configuration, and core API integration
软件工程 / 诊断修复
安卓渗透测试技巧
android-pentesting-tricks
Android渗透测试手册。用于在授权移动安全评估期间测试Android应用的SSL pinning绕过、导出组件滥用、WebView漏洞、intent重定向、root检测绕过、tapjacking和备份提取。
软件工程 / 诊断修复
graphql-and-hidden-parameters
graphql-and-hidden-parameters
GraphQL and hidden parameter testing playbook. Use when exploring introspection, batching, undocumented fields, hidden parameters, schema abuse, and GraphQL authorization gaps.
软件工程 / 诊断修复
saml-sso-assertion-attacks
saml-sso-assertion-attacks
SAML SSO assertion attack playbook. Use when testing signature validation, assertion wrapping, audience restrictions, ACS handling, XML trust boundaries, and enterprise SSO flaws.
软件工程 / 诊断修复
insecure-source-code-management
insecure-source-code-management
Source control and artifact exposure (.git, .svn, .hg, backups, .env). Use when recon finds VCS paths, 403 on hidden dirs, or backup/config leaks during authorized testing.
软件工程 / 诊断修复
aicoin-freqtrade
aicoin-freqtrade
在用户使用 Freqtrade 时调用 — 策略创建、回测、超参数优化、切换策略/交易对/模拟模式、查询实盘机器人状态/余额/…
软件工程 / 部署发布
dependency-confusion
dependency-confusion
Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.