Stats
Actions
Tags
From communitytools
Guides testing for server-side vulnerabilities including SSRF, HTTP request smuggling, path traversal, file upload, insecure deserialization, and host header injection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/communitytools:server-sideThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.
reference/INDEX.mdreference/file-upload-resources.mdreference/http-host-header-resources.mdreference/http-request-smuggling-resources.mdreference/insecure-deserialization-resources.mdreference/protocol-coercion.mdreference/scenarios/deserialization/dotnet-deserialization.mdreference/scenarios/deserialization/java-deserialization.mdreference/scenarios/deserialization/nodejs-deserialization.mdreference/scenarios/deserialization/php-deserialization.mdreference/scenarios/deserialization/python-and-ruby.mdreference/scenarios/deserialization/react-server-components-flight.mdreference/scenarios/deserialization/tools/aspnet_viewstate_build.pyreference/scenarios/file-upload/content-type-and-magic-bytes.mdreference/scenarios/file-upload/defense-evasion-and-yara.mdreference/scenarios/file-upload/extension-bypass.mdreference/scenarios/file-upload/ntfs-junction-write-redirect.mdreference/scenarios/file-upload/ntlm-hash-leak-via-media-upload.mdreference/scenarios/file-upload/path-traversal-and-htaccess.mdreference/scenarios/file-upload/polyglot-and-metadata-injection.mdTest for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.
| Type | Key Vectors |
|---|---|
| SSRF | Internal service access, cloud metadata, protocol smuggling |
| HTTP Smuggling | CL.TE, TE.CL, TE.TE, CL.0, H2.CL, h2c, multi-layer proxy chains, connection pooling desync |
| Path Traversal | Directory traversal, null bytes, encoding bypass |
| File Upload | Extension bypass, content-type manipulation, polyglot files |
| Deserialization | Java, PHP, Python, .NET gadget chains |
| Host Header | Password reset poisoning, cache poisoning, routing-based SSRF |
| CUPS / cups-browsed | CVE-2024-47076/47175/47176/47177 — UDP browse → IPP injection → PPD injection → foomatic-rip RCE (see skills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md) |
reference/scenarios/ssrf/*.md - SSRF techniques and labsreference/http-request-smuggling*.md - Smuggling techniquesreference/scenarios/path-traversal/*.md - Path traversal bypass methodsreference/file-upload*.md - File upload exploitationreference/insecure-deserialization*.md - Deserialization attacksreference/http-host-header*.md - Host header injectionskills/infrastructure/reference/scenarios/network-recon/cups-browsed-rce.md - CUPS RCE chain (CVE-2024-47076/175/176/177); ipptool false positives vs libcups runtime parser; ippserver Python lib version-1.1 hardcode bugnpx claudepluginhub transilienceai/communitytoolsProvides a detailed RCE testing checklist covering OS command injection, SSTI, deserialization, file upload, XXE with SSRF, dependency confusion, and CVE patterns for web app pentests and bug bounty.
Guides SSRF penetration testing in web apps: identifies URL input risks, exploits internal/cloud metadata access, blind SSRF via OOB, bypasses like IP tricks/DNS rebinding, checklists, and impact evaluation.
Tests file upload endpoints for RCE, XSS, SSRF, and path traversal. Covers 10 bypass techniques including extension tricks, magic bytes, XXE in DOCX, and ZIP slip.