ghostonbutterbread/skills/lfi
skills/lfi/SKILL.md
# LFI — Local File Inclusion Bypass ## What It Does Tests LFI bypass techniques: path traversal, null bytes, wrappers, log poisoning. Load `general-security-testing-policy`, `live-testing-policy`, and `injection-testing-policy` before live testing. For file/path sinks, absence of an immediate file read or response delta is not a stop reason by itself; use the policy to reason about path normalization, extension allowlists, wrappers, encoding, parser differences, and stack-specific proof ladder
tools
Updated Jun 6, 2026
$ install --global
skillsauthnpx skillsauth add ghostonbutterbread/bug-bounty-harness skills/lfiInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 6, 2026, 2:26 AM49.4s2 files scanned
SKILL.md
LFI — Local File Inclusion Bypass
What It Does
Tests LFI bypass techniques: path traversal, null bytes, wrappers, log poisoning.
Load general-security-testing-policy, live-testing-policy, and
injection-testing-policy before live testing. For file/path sinks, absence of
an immediate file read or response delta is not a stop reason by itself; use
the policy to reason about path normalization, extension allowlists, wrappers,
encoding, parser differences, and stack-specific proof ladders.
Invocation
/lfi <target> [--param <param_name>] [--program <program>]
Harness Location
Uses /bypass harness: ~/projects/bug_bounty_harness/agents/bypass_harness.py
Example
/lfi https://target.com/download?file=test.pdf
/lfi https://target.com/view?path=/etc/passwd --param path
Techniques
- Path traversal:
../../etc/passwd,%2e%2e%2f - Null bytes:
%00,%2500 - Wrappers:
php://filter/,data://,expect:// - Log files:
/var/log/apache2/access.log - Proc:
/proc/self/environ,/proc/[pid]/fd/*
Related Skills
ghostonbutterbread/stored-xss
documentation
VerifiedTrustedCommunity
Use when attacker-controlled input is saved and rendered later in a profile, comment, title, notification, admin view, export, email, feed, upload metadata, or other stored render surface.
SKILL.mdUpdated Jun 6, 2026
ghostonbutterbread/reflected-xss
content-media
VerifiedTrustedCommunity
Use when attacker-controlled input appears in the immediate HTTP response or browser-rendered page and needs reflected XSS context classification, payload selection, mutation, and browser verification.
SKILL.mdUpdated Jun 6, 2026
ghostonbutterbread/pwnfox
data-ai
VerifiedTrustedCommunity
Use when inspecting proxy traffic from PwnFox-profiled browser sessions, filtering Caido/Burp/proxy history by X-PwnFox-Color, or interpreting user phrases like 'Red session' as a distinct browser/auth/profile lane.
SKILL.mdUpdated Jun 6, 2026
ghostonbutterbread/dom-xss
tools
VerifiedTrustedCommunity
Use when XSS depends on browser-side sources and sinks such as URL/query/hash, router state, local/session storage, cookies, postMessage, DOM parsing, framework render paths, or client-side sanitizer behavior.
SKILL.mdUpdated Jun 6, 2026