implexa
back to leaderboard
YA

@yaklang

contributor on implexa, with 102 skills ranked by SkillRank across 1 source.

yaklang on githubpublishes to skills.sh
skills
102
avg SkillRank
3.8
47 scored / 102 total
total stars
across 1 repo
total installs
across 1 repo

skills, ranked by SkillRank

scoresourceskill
6.2skills.sh
xslt-injection
xslt-injection covers server-side xslt processing vulnerabilities across processor families (java, .net, php, libxslt) via document(), external entities, exslt, and extension functions. includes fingerprinting techniques and platform-specific escalation chains.
5.8skills.sh
graphql-and-hidden-parameters
graphql-and-hidden-parameters covers introspection queries, schema discovery, and parameter enumeration techniques for graphql endpoints. handles batching and undocumented field exploration when introspection is available or partially restricted.
5.2skills.sh
saml-sso-assertion-attacks
saml-sso-assertion-attacks covers signature validation, binding confusion, and trust model weaknesses in enterprise saml login flows. focuses on identifying misconfigured assertion signing, weak audience validation, and account mapping risks.
5.2skills.sh
classical-cipher-analysis
classical-cipher-analysis documents identification and attack methods for historical ciphers including Caesar, Vigenere, Enigma, and transposition types. incomplete procedure documentation limits operational utility.
4.9skills.sh
memory-forensics-volatility
memory-forensics-volatility documents volatility 2 and 3 techniques for memory acquisition, process analysis, injection detection, and credential extraction, but lacks procedural depth and executable runbooks.
4.5skills.sh
expression-language-injection
expression-language-injection documents detection and exploitation vectors for java el evaluation in spring, struts2, and jsp/jsf contexts, distinguishing them from template injection attacks.
4.3skills.sh
business-logic-vuln
business-logic-vuln routes vulnerability assessment toward state machine and workflow abuse patterns. it identifies check-then-act timing issues and multi-step authorization gaps without detailed procedural guidance.
4.2skills.sh
smart-contract-vulnerabilities
smart-contract-vulnerabilities catalogs attack patterns across reentrancy, integer overflow, access control, and delegatecall. lacks actionable audit procedures and decision trees for practitioners applying these patterns to real contracts.
4.2skills.sh
prototype-pollution-advanced
prototype-pollution-advanced covers server-side rce escalation via template engines and node.js gadgets, but lacks complete step-by-step procedures and concrete detection examples.
4.2skills.sh
tunneling-and-pivoting
tunneling-and-pivoting covers ssh port forwarding, socks proxies, transparent tunneling tools (chisel, ligolo-ng, socat), and windows pivoting techniques with cross-layer chaining guidance.
4.2skills.sh
dangling-markup-injection
dangling-markup-injection documents exfiltration via unclosed html tags when script execution is blocked, routing to csp-bypass and csrf scenarios, but lacks actionable procedure and concrete examples.
4.2skills.sh
linux-lateral-movement
linux-lateral-movement documents ssh agent hijacking, credential harvesting, and privilege reuse techniques for moving between linux hosts. covers ssh_auth_sock exploitation, sudo session hijacking via ptrace, and service escalation patterns with incomplete procedural detail.
4.2skills.sh
linux-privilege-escalation
linux-privilege-escalation documents enumeration and exploitation vectors including suid binaries, capabilities, cron abuse, and kernel exploits, but lacks actionable step-by-step procedures and concrete decision logic.
4.2skills.sh
recon-and-methodology
recon-and-methodology outlines a hierarchical bug bounty reconnaissance framework covering asset discovery through endpoint mapping, but lacks actionable procedural steps and specific trigger conditions for deployment.
4.2skills.sh
heap-exploitation
heap-exploitation documents ptmalloc2 internals and glibc version constraints but lacks actionable step-by-step procedures for actual exploitation chains. references are present but the skill stops at structure enumeration rather than delivering executable attack workflows.
4.2skills.sh
websocket-security
websocket-security covers protocol headers, cswsh risk patterns, and vulnerability classes relevant to websocket implementations. fragments included; no complete procedure or decision logic present.
4.2skills.sh
auth-sec
auth-sec is a routing skill that categorizes auth and authorization issues into testing buckets (bypass, idor, jwt, oauth, csrf, cors, saml) without prescriptive steps or concrete procedures.
4.2skills.sh
api-authorization-and-bola
api-authorization-and-bola covers broken object and function-level authorization testing through cross-account token replay, object id manipulation, and http verb abuse patterns.
4.2skills.sh
traffic-analysis-pcap
traffic-analysis-pcap sketches forensic PCAP workflows including repair, Wireshark filters, and protocol analysis, but lacks actionable procedures, executable decision trees, and concrete output contracts.
4.2skills.sh
401-403-bypass-techniques
401-403-bypass-techniques catalogs path normalization, http method override, and header-based access control evasion tactics, with emphasis on proxy-backend desynchronization vectors.
3.9skills.sh
clickjacking
clickjacking covers ui redress attack mechanics including iframe transparency, header bypass techniques, and multi-step chaining, positioned as offensive exploitation rather than defensive mitigation.
3.9skills.sh
rsa-attack-techniques
rsa-attack-techniques outlines cryptanalytic approaches for rsa including factorization, small exponent, lattice-based, broadcast, and padding oracle attacks. lacks procedural depth and actionable steps.
3.9skills.sh
reverse-shell-techniques
reverse-shell-techniques documents attack patterns for establishing reverse and bind shells, covering encryption, web shells, pty upgrades, and payload generation. lacks procedural depth and actionable step sequences.
3.8skills.sh
file-access-vuln
file-access-vuln is a routing entry point that categorizes file-related vulnerabilities into path traversal/lfi and upload validation issues, but lacks concrete procedural steps for exploitation or remediation.
3.8skills.sh
jndi-injection
jndi-injection documents java naming and directory interface exploitation covering rmi/ldap class loading and log4shell attack surface, but procedure is incomplete and lacks execution guidance.
3.8skills.sh
upload-insecure-files
upload-insecure-files documents attack patterns for file upload validation bypass and storage abuse across multiple platforms, but lacks actionable step-by-step procedure and concrete decision logic.
3.8skills.sh
hash-attack-techniques
hash-attack-techniques documents cryptanalytic attack patterns including length extension, collision generation, and timing side channels, but lacks executable procedures and decision logic to guide practitioners through attack selection and implementation.
3.7skills.sh
lattice-crypto-attacks
lattice-crypto-attacks documents expert cryptanalysis techniques including lll/bkz reduction and coppersmith methods but lacks actionable procedures, concrete decision trees, or outcome validation criteria.
3.6skills.sh
sandbox-escape-techniques
sandbox-escape-techniques documents attack patterns across python, lua, seccomp, chroot and container contexts but lacks actionable procedures, decision frameworks, and clear failure mode handling.
3.6skills.sh
symbolic-execution-tools
symbolic-execution-tools documents angr, Z3, and Unicorn Engine techniques for CTF challenges, but lacks concrete procedures, trigger specificity, and actionable guidance beyond abstract problem areas.
3.5skills.sh
csp-bypass-advanced
csp-bypass-advanced outlines attack surface categories (nonce abuse, trusted cdn exploitation, directive gaps) and cross-references related attack chains, but lacks procedural depth and actionable exploitation steps.
3.5skills.sh
waf-bypass-techniques
waf-bypass-techniques outlines generic evasion categories and references product-specific matrices, but lacks procedural depth, numbered steps, and concrete decision logic beyond category names.
3.4skills.sh
steganography-techniques
steganography-techniques catalogues detection methods across image, audio, file, and text domains but lacks actionable procedures, concrete trigger conditions, and explicit failure handling.
3.2skills.sh
path-traversal-lfi
path-traversal-lfi documents attack techniques including encoding bypass and filter evasion, but the skill is incomplete and lacks actionable procedure depth needed for consistent execution.
3.2skills.sh
format-string-exploitation
format string exploitation covers attack patterns including stack reading, arbitrary writes via %n, and protection bypass techniques, but lacks actionable procedural steps and concrete decision logic.
3.2skills.sh
deserialization-insecure
deserialization-insecure documents attack surface across multiple languages and frameworks but lacks procedural steps, decision logic, and concrete outcome signals needed for reproducible execution.
3.2skills.sh
browser-exploitation-v8
browser-exploitation-v8 documents v8 engine internals and exploitation primitives (addrof, fakeobj, pointer compression) but lacks actionable procedures, concrete examples, or decision logic to execute actual attacks.
3.2skills.sh
unauthorized-access-common-services
unauthorized-access-common-services documents exploitation techniques for unauthenticated infrastructure services including redis, rsync, php-fpm, ajp, and hadoop yarn. lacks actionable procedures, decision logic, and failure handling.
3.2skills.sh
network-protocol-attacks
network-protocol-attacks lists attack surface areas (arp spoofing, dns poisoning, vlan hopping, ipv6 attacks) but provides no actionable procedures, decision trees, or outcome signals. references related skills without defining its own boundary or execution model.
3.2skills.sh
stack-overflow-and-rop
stack-overflow-and-rop documents rop chain construction and stack exploitation techniques including buffer overflow, ret2libc, gadget selection, and canary bypass, but lacks actionable procedures.
3.2skills.sh
ios-pentesting-tricks
ios-pentesting-tricks outlines attack surface areas for ios application security testing including jailbreak methodology, keychain extraction, and runtime hooking, but lacks actionable procedures and decision logic.
2.8skills.sh
active-directory-acl-abuse
active-directory-acl-abuse references advanced attack vectors like bloodhound enumeration and dangerous acl primitives but lacks procedural depth, actionable steps, and explicit failure modes needed for reliable execution.
2.8skills.sh
http2-specific-attacks
http2-specific-attacks documents protocol-level attack techniques including h2c smuggling, pseudo-header manipulation, hpack attacks, and downgrade injection, but the skill file is incomplete and cuts off mid-section.
2.5skills.sh
ghost-bits-cast-attack
ghost-bits-cast-attack describes a java unicode-to-ascii byte narrowing technique for bypassing waf/ids filters in injection attacks. incomplete implementation guidance and vague on concrete steps.
2.3skills.sh
hack
routing skill for security testing that delegates to specialized techniques. lacks concrete methodology, trigger phrases, and actionable procedure steps.
2.3skills.sh
kernel-exploitation
kernel-exploitation claims expertise in kernel attack techniques but provides no actual exploit steps, decision trees, input specifications, or working examples. content is a partial outline without actionable procedure.
2.3skills.sh
active-directory-certificate-services
active-directory-certificate-services documents ad cs attack variants (esc1-esc13) and certificate persistence techniques, but lacks actionable procedure, decision logic, and concrete output contracts.
skills.sh
cors-cross-origin-misconfiguration
CORS misconfiguration testing playbook. Use when analyzing cross-origin trust, credentialed browser reads, origin reflection, preflight policy bugs, and…
skills.sh
csrf-cross-site-request-forgery
CSRF testing playbook. Use when reviewing state-changing web flows, anti-CSRF defenses, SameSite behavior, JSON CSRF, login CSRF, and OAuth state handling.
skills.sh
oauth-oidc-misconfiguration
OAuth and OIDC misconfiguration testing playbook. Use when reviewing redirect URI handling, state and nonce validation, PKCE, token audience, callback binding,…
skills.sh
recon-for-sec
Entry P1 category router for reconnaissance and methodology. Use when mapping scope, discovering assets, fingerprinting technology, building endpoint…
skills.sh
kubernetes-pentesting
Kubernetes penetration testing playbook. Use when targeting Kubernetes clusters via API server, RBAC enumeration, service account abuse, etcd access, Kubelet…
skills.sh
idor-broken-object-authorization
IDOR and broken object authorization testing playbook. Use when requests expose object identifiers, tenant boundaries, writable fields, or missing object-level…
skills.sh
injection-checking
Entry P1 category router for injection testing. Use when routing between XSS, SQLi, SSRF, XXE, SSTI, command injection, and NoSQL injection workflows based on…
skills.sh
authbypass-authentication-flaws
Authentication bypass testing playbook. Use when assessing login flows, password reset logic, account recovery, MFA bypass, token predictability, brute-force…
skills.sh
jwt-oauth-token-attacks
JWT and OAuth token attack playbook. Use when validating token trust, signing algorithms, key handling, claim abuse, bearer flows, and OAuth account-binding…
skills.sh
business-logic-vulnerabilities
Business logic vulnerability playbook. Use when reasoning about workflows, race conditions, price manipulation, coupon abuse, state machines, and multi-step…
skills.sh
api-auth-and-jwt-abuse
API authentication and JWT abuse playbook. Use when testing bearer tokens, API keys, claim trust, header spoofing, rate limits, and API auth boundary…
skills.sh
api-recon-and-docs
API reconnaissance and documentation review playbook. Use when discovering endpoints, schemas, versions, OpenAPI specs, hidden docs, and surface area for API…
skills.sh
ssrf-server-side-request-forgery
SSRF playbook. Use when the server fetches URLs, resolves hostnames, imports remote content, or can be driven toward internal networks, cloud metadata, or…
skills.sh
xss-cross-site-scripting
XSS playbook. Use when user-controlled content reaches HTML, attributes, JavaScript, DOM sinks, uploads, or multi-context rendering paths.
skills.sh
api-sec
Entry P1 category router for API security. Use when choosing between API recon, authorization, token abuse, and hidden-parameter workflows before any deeper…
skills.sh
android-pentesting-tricks
Android pentesting playbook. Use when testing Android applications for SSL pinning bypass, exported component abuse, WebView vulnerabilities, intent…
skills.sh
code-obfuscation-deobfuscation
Code obfuscation analysis and deobfuscation playbook. Use when reversing binaries protected by junk code, opaque predicates, self-modifying code, control flow…
skills.sh
sqli-sql-injection
SQL injection playbook. Use when input reaches SQL queries, authentication logic, sorting, filtering, reporting, or DB-specific blind and out-of-band execution…
skills.sh
binary-protection-bypass
Binary protection bypass playbook. Use when identifying and bypassing ASLR, PIE, NX/DEP, stack canary, RELRO, FORTIFY_SOURCE, CET, and MTE protections in ELF…
skills.sh
request-smuggling
HTTP request smuggling and desynchronization testing. Use when front proxies, CDNs, or load balancers disagree with the origin on message framing…
skills.sh
crlf-injection
CRLF injection playbook. Use when user input reaches HTTP response headers, Location redirects, Set-Cookie values, or log files where carriage-return/line-feed…
skills.sh
insecure-source-code-management
Source control and artifact exposure (.git, .svn, .hg, backups, .env). Use when recon finds VCS paths, 403 on hidden dirs, or backup/config leaks during…
skills.sh
http-parameter-pollution
HTTP Parameter Pollution (HPP): duplicate query/body keys parsed differently by servers, proxies, WAFs, and app frameworks. Use when filters and application…
skills.sh
llm-prompt-injection
LLM prompt injection playbook. Use when testing AI/LLM applications for direct injection, indirect injection via RAG/browsing, tool abuse, data exfiltration,…
skills.sh
open-redirect
Open redirect playbook. Use when URL parameters, form actions, or JavaScript sinks control navigation targets and may redirect users to attacker-controlled…
skills.sh
xxe-xml-external-entity
XXE playbook. Use when XML, SVG, OOXML, SOAP, or parser-driven imports may resolve external entities, files, or internal network resources.
skills.sh
ssti-server-side-template-injection
SSTI playbook. Use when template expressions, server-side rendering, preview features, or templating engines may evaluate attacker-controlled content.
skills.sh
cmdi-command-injection
Command injection playbook. Use when user input may reach shell commands, process execution, converters, import pipelines, or blind out-of-band command sinks.
skills.sh
csv-formula-injection
>-
skills.sh
nosql-injection
>-
skills.sh
macos-process-injection
>-
skills.sh
macos-security-bypass
>-
skills.sh
symmetric-cipher-attacks
>-
skills.sh
container-escape-techniques
>-
skills.sh
dns-rebinding-attacks
>-
skills.sh
linux-security-bypass
>-
skills.sh
subdomain-takeover
>-
skills.sh
mobile-ssl-pinning-bypass
>-
skills.sh
defi-attack-patterns
>-
skills.sh
windows-lateral-movement
>-
skills.sh
ntlm-relay-coercion
ntlm-relay-coercion — an installable skill for AI agents, published by yaklang/hack-skills.
skills.sh
windows-privilege-escalation
windows-privilege-escalation — an installable skill for AI agents, published by yaklang/hack-skills.
skills.sh
ai-ml-security
>-
skills.sh
windows-av-evasion
>-
skills.sh
active-directory-kerberos-attacks
>-
skills.sh
anti-debugging-techniques
>-
skills.sh
vm-and-bytecode-reverse
>-
skills.sh
arbitrary-write-to-rce
>-
skills.sh
email-header-injection
>-
skills.sh
race-condition
>-
skills.sh
dependency-confusion
>-
skills.sh
http-host-header-attacks
>-
skills.sh
prototype-pollution
>-
skills.sh
type-juggling
>-
skills.sh
web-cache-deception
>-
yaklang (102 skills ranked by SkillRank) | implexa