vulnerability-scanner
Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
Documentation
Vulnerability Scanner
Think like an attacker, defend like an expert. 2025 threat landscape awareness.
š§ Runtime Scripts
Execute for automated validation:
| Script | Purpose | Usage |
|---|---|---|
scripts/security_scan.py | Validate security principles applied | python scripts/security_scan.py <project_path> |
š Reference Files
| File | Purpose |
|---|---|
| checklists.md | OWASP Top 10, Auth, API, Data protection checklists |
1. Security Expert Mindset
Core Principles
| Principle | Application |
|---|---|
| Assume Breach | Design as if attacker already inside |
| Zero Trust | Never trust, always verify |
| Defense in Depth | Multiple layers, no single point |
| Least Privilege | Minimum required access only |
| Fail Secure | On error, deny access |
Threat Modeling Questions
Before scanning, ask:
- What are we protecting? (Assets)
- Who would attack? (Threat actors)
- How would they attack? (Attack vectors)
- What's the impact? (Business risk)
2. OWASP Top 10:2025
Risk Categories
| Rank | Category | Think About |
|---|---|---|
| A01 | Broken Access Control | Who can access what? IDOR, SSRF |
| A02 | Security Misconfiguration | Defaults, headers, exposed services |
| A03 | Software Supply Chain š | Dependencies, CI/CD, build integrity |
| A04 | Cryptographic Failures | Weak crypto, exposed secrets |
| A05 | Injection | User input ā system commands |
| A06 | Insecure Design | Flawed architecture |
| A07 | Authentication Failures | Session, credential management |
| A08 | Integrity Failures | Unsigned updates, tampered data |
| A09 | Logging & Alerting | Blind spots, no monitoring |
| A10 | Exceptional Conditions š | Error handling, fail-open states |
2025 Key Changes
2021 ā 2025 Shifts:
āāā SSRF merged into A01 (Access Control)
āāā A02 elevated (Cloud/Container configs)
āāā A03 NEW: Supply Chain (major focus)
āāā A10 NEW: Exceptional Conditions
āāā Focus shift: Root causes > Symptoms
3. Supply Chain Security (A03)
Attack Surface
| Vector | Risk | Question to Ask |
|---|---|---|
| Dependencies | Malicious packages | Do we audit new deps? |
| Lock files | Integrity attacks | Are they committed? |
| Build pipeline | CI/CD compromise | Who can modify? |
| Registry | Typosquatting | Verified sources? |
Defense Principles
- Verify package integrity (checksums)
- Pin versions, audit updates
- Use private registries for critical deps
- Sign and verify artifacts
4. Attack Surface Mapping
What to Map
| Category | Elements |
|---|---|
| Entry Points | APIs, forms, file uploads |
| Data Flows | Input ā Process ā Output |
| Trust Boundaries | Where auth/authz checked |
| Assets | Secrets, PII, business data |
Prioritization Matrix
Risk = Likelihood Ć Impact
High Impact + High Likelihood ā CRITICAL
High Impact + Low Likelihood ā HIGH
Low Impact + High Likelihood ā MEDIUM
Low Impact + Low Likelihood ā LOW
5. Risk Prioritization
CVSS + Context
| Factor | Weight | Question |
|---|---|---|
| CVSS Score | Base severity | How severe is the vuln? |
| EPSS Score | Exploit likelihood | Is it being exploited? |
| Asset Value | Business context | What's at risk? |
| Exposure | Attack surface | Internet-facing? |
Prioritization Decision Tree
Is it actively exploited (EPSS >0.5)?
āāā YES ā CRITICAL: Immediate action
āāā NO ā Check CVSS
āāā CVSS ā„9.0 ā HIGH
āāā CVSS 7.0-8.9 ā Consider asset value
āāā CVSS <7.0 ā Schedule for later
6. Exceptional Conditions (A10 - New)
Fail-Open vs Fail-Closed
| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |
|---|---|---|
| Auth error | Allow access | Deny access |
| Parsing fails | Accept input | Reject input |
| Timeout | Retry forever | Limit + abort |
What to Check
- Exception handlers that catch-all and ignore
- Missing error handling on security operations
- Race conditions in auth/authz
- Resource exhaustion scenarios
7. Scanning Methodology
Phase-Based Approach
1. RECONNAISSANCE
āāā Understand the target
āāā Technology stack
āāā Entry points
āāā Data flows
2. DISCOVERY
āāā Identify potential issues
āāā Configuration review
āāā Dependency analysis
āāā Code pattern search
3. ANALYSIS
āāā Validate and prioritize
āāā False positive elimination
āāā Risk scoring
āāā Attack chain mapping
4. REPORTING
āāā Actionable findings
āāā Clear reproduction steps
āāā Business impact
āāā Remediation guidance
8. Code Pattern Analysis
High-Risk Patterns
| Pattern | Risk | Look For | |---------
Quick Info
- Source
- antigravity
- Category
- Security & Systems
- Repository
- View Repo
- Scraped At
- Jan 26, 2026
Tags
Related Skills
Active Directory Attacks
This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.
anti-reversing-techniques
Understand anti-reversing, obfuscation, and protection techniques encountered during software analysis. Use when analyzing protected binaries, bypassing anti-debugging for authorized analysis, or understanding software protection mechanisms.
API Fuzzing for Bug Bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.