Command Injection → RCE Proof

Name: Command Injection → RCE Proof
Author: vigolium

Prove OS command injection by generating OAST callbacks and a single safe follow-on data retrieval (file read or env dump) — non-destructive RCE proofing for se

triggers:command injectionrce proofoast callbackcwe-78os command injectionexploit proof

GitHub SKILL.md

What it does

This skill guides an agent through responsibly proving OS command injection vulnerabilities. It focuses on obtaining an OAST (Out-Of-Band) callback to prove execution and then running one non-destructive follow-on action (e.g., read a single file line or env dump) to size impact. The workflow prioritises safety and compliance: no destructive commands, no persistence.

When to use it

Use this skill during penetration tests, DAST runs, or security audits when a parameter appears to reach a shell or child process (e.g., endpoints tied to ping, convert, ffmpeg, or user-supplied filenames). Trigger when metacharacters like ;, |, &&, backticks, or $() change responses, or when stack traces reveal execution binaries.

What's included

Scripts/Tools: guidance to use oast_mint and oast_poll, attack_kit payload patterns, and replay_request probes.
References: CWE mapping (CWE-78/CWE-77) and reporting templates for a critical finding.
Instructions: step-by-step confirmation probes, OAST payload construction, follow-on data retrieval techniques, cautionary notes on egress limitations and sandboxing.

Compatible agents

Agents with network/OAST tooling and HTTP/DNS callback support (security scanning agents, DAST frameworks, or OpenClaw agents extended with oast utilities).

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: vigolium
Stars: 649
Installs: 0

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

Back to Skills

Command Injection → RCE Proof

from vigolium649

Prove OS command injection by generating OAST callbacks and a single safe follow-on data retrieval (file read or env dump) — non-destructive RCE proofing for se

triggers:command injectionrce proofoast callbackcwe-78os command injectionexploit proof

GitHub SKILL.md

What it does

When to use it

What's included

Scripts/Tools: guidance to use oast_mint and oast_poll, attack_kit payload patterns, and replay_request probes.
References: CWE mapping (CWE-78/CWE-77) and reporting templates for a critical finding.
Instructions: step-by-step confirmation probes, OAST payload construction, follow-on data retrieval techniques, cautionary notes on egress limitations and sandboxing.

Compatible agents

Agents with network/OAST tooling and HTTP/DNS callback support (security scanning agents, DAST frameworks, or OpenClaw agents extended with oast utilities).

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: vigolium
Stars: 649
Installs: 0

Related Skills

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Bash Pro

Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

Command Injection → RCE Proof

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills

Command Injection → RCE Proof

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills