The Agent Skills Directory

[DATA_EXFILTRATION]: Provides JavaScript payloads designed to capture user form data and transmit it to an external domain (e.g., attacker.com) via the fetch API.
[COMMAND_EXECUTION]: Includes various shell command injection payloads (e.g., ;whoami, $(whoami), and backticks) intended to execute arbitrary system commands on target environments.
[REMOTE_CODE_EXECUTION]: Contains PHP web shell snippets (e.g., <?php system($_GET['cmd']); ?>) intended for execution on a server after exploiting file upload vulnerabilities.
[DATA_EXFILTRATION]: Identifies highly sensitive local file paths as targets for exploitation, including SSH private keys (~/.ssh/id_rsa), the system shadow file (/etc/shadow), and shell history files.
[COMMAND_EXECUTION]: Suggests the use of curl and nslookup as methods for blind detection of command injection vulnerabilities by triggering external network requests.

testing-web-applications