Agent SkillsUnclecheng-li/VulnClaw › rapid-checklist

rapid-checklist

GitHub

用于渗透测试中路由明确后的快速Payload查找与验证顺序确认。涵盖Web注入、认证逻辑、AI/MCP及CTF专项速查,提供绕过方向与常见测试卡片,不替代方法论决策。

vulnclaw/skills/specialized/rapid-checklist/SKILL.md Unclecheng-li/VulnClaw

Trigger Scenarios

已知漏洞类型需快速筛选Payload 需要确认JWT、SSRF等特定技术验证顺序 CTF题目遇到PHP弱比较或RSA攻击场景

Install

npx skills add Unclecheng-li/VulnClaw --skill rapid-checklist -g -y
More Options

Non-standard path

npx skills add https://github.com/Unclecheng-li/VulnClaw/tree/main/vulnclaw/skills/specialized/rapid-checklist -g -y

Use without installing

npx skills use Unclecheng-li/VulnClaw@rapid-checklist

指定 Agent (Claude Code)

npx skills add Unclecheng-li/VulnClaw --skill rapid-checklist -a claude-code -g -y

安装 repo 全部 skill

npx skills add Unclecheng-li/VulnClaw --all -g -y

预览 repo 内 skill

npx skills add Unclecheng-li/VulnClaw --list

SKILL.md

Frontmatter
{
    "name": "rapid-checklist",
    "description": "渗透速查与Payload — 快速Payload家族、绕过提醒、验证顺序、常见测试卡片,适用于已知测试方向后快速查找"
}

渗透速查与 Payload Skill

仅在路由已明确后使用。本 Skill 用于快速查找,不替代方法论或工作流选择。

使用场景

  • 快速回忆某类漏洞或阻塞点应该先看什么
  • 快速筛选 Payload 家族、绕过方向和验证顺序
  • 快速确认 AI、MCP、容器、WebSocket、JWT、文件、认证、SSRF 等常见测试卡片
  • 从"我知道要测什么"进入"我先从哪一类验证开始"

不适用场景

  • 替代场景分流 → 用 pentest-flow
  • 替代方法论决策 → 用对应专项 Skill
  • 请求未抓到、重放未稳定时盲测 → 先用 client-reverse

CTF 专项速查

CTF 题目优先用 ctf-web / ctf-crypto / ctf-misc Skill,以下为快速卡片:

场景 快速定位
PHP 弱比较 → 0e 开头 MD5 值 ctf-webphp-bypass-cheatsheet.md
命令注入空格绕过 → ${IFS}/$IFS$9/< ctf-webcommand-injection-bypass.md
eval 无回显 → 写文件/DNS 外带 ctf-webeval-and-rce-techniques.md
RSA 小指数 → 立方根/Coppersmith ctf-cryptorsa-attacks-cheatsheet.md
Python Jail → __import__/func_globals ctf-miscpython-jail-escape.md
编码链 → base64→hex→ROT13 多层 ctf-miscencoding-chain-reference.md

快速路由卡片

Web 注入 / 输出执行

  • SQLi → ', ", ), 布尔差异, 时间差异, 报错差异
  • XSS → <script>, <img onerror>, javascript:, DOM sink
  • 命令注入 → ;id, |id, `id`, $(id)
  • SSTI → {{7*7}}, ${7*7}, <%= 7*7 %>, 模板引擎指纹
  • XXE → <!ENTITY>, 参数实体, OOB 外带

认证 / 逻辑 / Token

  • JWT → none算法, 算法篡改, 密钥爆破, jku/x5u 注入
  • CSRF → 缺少 Token, Token 可预测, Referer 校验缺陷
  • IDOR → 修改 ID 参数, 批量遍历
  • 支付逻辑 → 金额篡改, 负数, 竞态

浏览器签名 / 反爬

  • 先用 client-reverse 稳定重放
  • 阶段: locate → recover → runtime → validation

安卓运行态 / 签名恢复

  • 先用 client-reverse runtime-first 路径
  • 只有抓不到包/加密/无法重放时再逆向

AI / MCP

  • Prompt 注入 → 直接/间接/CoT 干扰
  • 工具滥用 → MCP 投毒/指令覆盖
  • 身份逃逸 → 角色越界/权限漂移

内网 / AD

  • 先用 intranet-pentest-advanced
  • 工具不确定时补看 pentest-tools

参考文档

  • references/08-rapid-checklists-and-payloads.md — 速查与 Payload 整合参考
  • references/testing-methodology.md — 测试方法论

Version History

  • 47fd4a0 Current 2026-07-05 09:19

Same Skill Collection

vulnclaw/skills/specialized/ai-mcp-security/SKILL.md
vulnclaw/skills/specialized/client-reverse/SKILL.md
vulnclaw/skills/specialized/crypto-toolkit/SKILL.md
vulnclaw/skills/specialized/ctf-crypto/SKILL.md
vulnclaw/skills/specialized/ctf-misc/SKILL.md
vulnclaw/skills/specialized/ctf-web/SKILL.md
vulnclaw/skills/specialized/cve-triage/SKILL.md
vulnclaw/skills/specialized/hackerone/SKILL.md
vulnclaw/skills/specialized/intranet-pentest-advanced/SKILL.md
vulnclaw/skills/specialized/osint-recon/SKILL.md
vulnclaw/skills/specialized/pentest-tools/SKILL.md
vulnclaw/skills/specialized/web-pentest/SKILL.md
vulnclaw/skills/specialized/web-security-advanced/SKILL.md
vulnclaw/skills/specialized/android-pentest/SKILL.md
vulnclaw/skills/specialized/secknowledge-skill/SKILL.md

Metadata

Files
0
Version
fcad047
Hash
e696e8d9
Indexed
2026-07-05 09:19

Accueil - Wiki
Copyright © 2011-2026 iteam. Current version is 2.155.2. UTC+08:00, 2026-07-11 21:43
浙ICP备14020137号-1 $Carte des visiteurs$