cmd-injection
OfficialDetect and exploit OS command injection.
Authorsecurityfortech
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps identify and exploit vulnerabilities where user input is passed unsanitized to a system shell, allowing attackers to execute arbitrary commands on the server.
Core Features & Use Cases
- Vulnerability Detection: Identifies parameters susceptible to command injection by testing shell metacharacters and time-delay payloads.
- Exploitation: Provides methods for data exfiltration and command execution in blind injection scenarios.
- Use Case: A pentester can use this skill to confirm if a web application parameter that accepts hostnames is vulnerable to command injection, and then attempt to read sensitive files like
/etc/passwd.
Quick Start
Use the cmd-injection skill to test the parameter 'host' on the target URL 'http://example.com/ping' for command injection vulnerabilities.
Dependency Matrix
Required Modules
curlcommixburp-suiteowasp-zap
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: cmd-injection Download link: https://github.com/securityfortech/hacking-skills/archive/main.zip#cmd-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.