windshock/sec-audit-dast
plugins/oh-my-secuaudit/skills/sec-audit-dast/SKILL.md
DAST/ASM workflow for external asset discovery, probing, and scanning with SARIF output. Use for runtime/endpoint-based assessments and asset management scanning.
$ install --global
skillsauthnpx skillsauth add windshock/oh-my-secuaudit sec-audit-dastInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 2:24 AM123.8s15 files scanned
SKILL.md
- name:
- sec-audit-dast
- description:
- DAST/ASM workflow for external asset discovery, probing, and scanning with SARIF output. Use for runtime/endpoint-based assessments and asset management scanning.
Sec Audit DAST
Overview
Run DAST/ASM pipelines (URL track and IP track) and produce SARIF outputs for findings. Use this when scanning live targets or external surfaces.
Workflow
- Read DAST references:
references/asm_sources.mdfor canonical docs and process context.references/asm_scripts.mdfor the script entrypoints.references/asm_csv.mdfor CSV extraction from ASM outputs.references/sarif_conversion.mdfor CSV->SARIF conversion when needed.references/severity_criteria.mdplusreferences/severity_criteria_detail.mdfor risk mapping.references/reporting_summary.mdfor the cross-skill summary index format.
- Execute the appropriate track:
- URL Track: discovery -> probing -> scanners -> SARIF output.
- IP Track: IP list -> service/daemon detection -> SARIF output.
- Normalize outputs to SARIF for reporting.
- When producing JSON findings (or SARIF-to-JSON normalization), require:
provenancewith one ofbinary-confirmed|source-confirmed|runtime-confirmed|not-confirmedimpacted_flowwith one or more architecture flow IDs (F1,F2, ...)
Reporting
- Primary output: SARIF (
.sarif) per scan batch. - Use severity mapping from
references/severity_criteria.mdand detailed criteria inreferences/severity_criteria_detail.md. - Produce a common summary JSON using
schemas/reporting_summary_schema.jsonin this skill directory. - Use local scripts in this skill directory for conversion and summary generation.
- If task/finding JSON is emitted, validate against
schemas/task_output_schema.jsonandschemas/finding_schema.json.
Resources
references/
references/asm_sources.mdreferences/asm_scripts.mdreferences/asm_csv.mdreferences/sarif_conversion.mdreferences/severity_criteria.mdreferences/severity_criteria_detail.mdreferences/reporting_summary.md
scripts/
scripts/asm_findings_to_csv.pyscripts/sarif_from_csv.pyscripts/generate_reporting_summary.py
schemas/
schemas/reporting_summary_schema.jsonschemas/task_output_schema.jsonschemas/finding_schema.json
Related Skills
windshock/sec-reference-retrieval
testing
VerifiedTrustedCommunity
Query multi-source AppSec catalogs (CWE / OWASP Cheat Sheet Series / GitHub Advisory Database / AppSec.fyi) for a given security finding and propose a synthesis row to the security-field-notes synthesis-ledger via PR. Use when a producer skill (sec-audit-static, sec-audit-dast, external-software-analysis) emits a finding that needs external reference enrichment, or when packaging an assessment finding for downstream remediation context.
2SKILL.mdUpdated May 22, 2026
windshock/security-testing-as-code
development
VerifiedTrustedCommunity
Transform security assessment deliverables from static documents (Word/Excel/portal) into version-controlled, executable projects. PoCs replace narrative claims; saved HTTP requests replace checkboxes; commit hashes enable exact-state reproduction. Use when scoping methodology for an audit, when an existing assessment needs to be made reproducible, or when assessment outputs must be inheritable across teams.
2SKILL.mdUpdated May 19, 2026
windshock/security-architecture-review
development
VerifiedTrustedCommunity
Security architecture review for codebases, producing Data Flow Diagram (DFD) with trust boundaries, Attack Flow overlay, scoped attack surface inventory, sensitive data map, and risk summary grounded in code. Use when asked to perform architecture-focused security review, reconstruct security design from code, or produce DFD/attack-flow documentation.
2SKILL.mdUpdated May 19, 2026
windshock/sec-cluster
development
VerifiedTrustedCommunity
Dataflow-based code clustering for security assessments. Groups (Endpoint, Sink) paths by shared review strategy so reviewers sample representative cases instead of exhaustively reviewing every path. Use when scoping manual review on a codebase with 50+ endpoints, repetitive sanitization patterns, or after initial SAST/SCA produces large finding sets that need triage.
2SKILL.mdUpdated May 19, 2026