ReddRadar
Agent skill
server-side
Server-side vulnerability testing - SSRF, HTTP Request Smuggling, Path Traversal, File Upload, Insecure Deserialization, and Host Header injection.
Install this agent skill to your Project
npx add-skill https://github.com/transilienceai/communitytools/tree/main/projects/pentest/.claude/skills/server-side
SKILL.md
Server-Side
Test for server-side vulnerabilities that allow unauthorized access, RCE, or data exfiltration.
Techniques
| Type | Key Vectors |
|---|---|
| SSRF | Internal service access, cloud metadata, protocol smuggling |
| HTTP Smuggling | CL.TE, TE.CL, TE.TE, CL.0, H2.CL, h2c, multi-layer proxy chains, connection pooling desync |
| Path Traversal | Directory traversal, null bytes, encoding bypass |
| File Upload | Extension bypass, content-type manipulation, polyglot files |
| Deserialization | Java, PHP, Python, .NET gadget chains |
| Host Header | Password reset poisoning, cache poisoning, routing-based SSRF |
Workflow
- Identify server-side processing points
- Test for vulnerability class indicators
- Bypass protections (WAF, allowlists, encoding filters)
- Demonstrate impact (file read, RCE, internal access)
- Capture evidence with PoC
Reference
reference/ssrf*.md- SSRF techniques and labsreference/http-request-smuggling*.md- Smuggling techniquesreference/path-traversal*.md- Path traversal bypass methodsreference/file-upload*.md- File upload exploitationreference/insecure-deserialization*.md- Deserialization attacksreference/http-host-header*.md- Host header injection
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
transilienceai/communitytools
techstack-identification
OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.
transilienceai/communitytools
conflict_resolver
transilienceai/communitytools
web-archive-analysis
Uses Wayback Machine to detect technology migrations over time
transilienceai/communitytools
evidence_formatter
transilienceai/communitytools
signal_correlator
transilienceai/communitytools
dns-intelligence
Extracts technology signals from DNS records (MX, TXT, NS, CNAME, SRV)
Didn't find tool you were looking for?