[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-3a256e1c-24fe-4627-81ce-745c65dd5e15":3,"$f5xTXIVnyP3UFjReUcQGJ-SnSNVKGJGC5hM0PXKCzMe4":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"3a256e1c-24fe-4627-81ce-745c65dd5e15","vulnerability-scanner","高级漏洞分析原则。OWASP 2025，供应链安全，攻击面映射，风险优先级。","cat_coding_review","mod_coding","sickn33,coding","---\nname: vulnerability-scanner\ndescription: \"Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.\"\nrisk: unknown\nsource: community\ndate_added: \"2026-02-27\"\n---\n\n# Vulnerability Scanner\n\n> Think like an attacker, defend like an expert. 2025 threat landscape awareness.\n\n## 🔧 Runtime Scripts\n\n**Execute for automated validation:**\n\n| Script | Purpose | Usage |\n|--------|---------|-------|\n| `scripts\u002Fsecurity_scan.py` | Validate security principles applied | `python scripts\u002Fsecurity_scan.py \u003Cproject_path>` |\n\n## 📋 Reference Files\n\n| File | Purpose |\n|------|---------|\n| [checklists.md](checklists.md) | OWASP Top 10, Auth, API, Data protection checklists |\n\n---\n\n## 1. Security Expert Mindset\n\n### Core Principles\n\n| Principle | Application |\n|-----------|-------------|\n| **Assume Breach** | Design as if attacker already inside |\n| **Zero Trust** | Never trust, always verify |\n| **Defense in Depth** | Multiple layers, no single point |\n| **Least Privilege** | Minimum required access only |\n| **Fail Secure** | On error, deny access |\n\n### Threat Modeling Questions\n\nBefore scanning, ask:\n1. What are we protecting? (Assets)\n2. Who would attack? (Threat actors)\n3. How would they attack? (Attack vectors)\n4. What's the impact? (Business risk)\n\n---\n\n## 2. OWASP Top 10:2025\n\n### Risk Categories\n\n| Rank | Category | Think About |\n|------|----------|-------------|\n| **A01** | Broken Access Control | Who can access what? IDOR, SSRF |\n| **A02** | Security Misconfiguration | Defaults, headers, exposed services |\n| **A03** | Software Supply Chain 🆕 | Dependencies, CI\u002FCD, build integrity |\n| **A04** | Cryptographic Failures | Weak crypto, exposed secrets |\n| **A05** | Injection | User input → system commands |\n| **A06** | Insecure Design | Flawed architecture |\n| **A07** | Authentication Failures | Session, credential management |\n| **A08** | Integrity Failures | Unsigned updates, tampered data |\n| **A09** | Logging & Alerting | Blind spots, no monitoring |\n| **A10** | Exceptional Conditions 🆕 | Error handling, fail-open states |\n\n### 2025 Key Changes\n\n```\n2021 → 2025 Shifts:\n├── SSRF merged into A01 (Access Control)\n├── A02 elevated (Cloud\u002FContainer configs)\n├── A03 NEW: Supply Chain (major focus)\n├── A10 NEW: Exceptional Conditions\n└── Focus shift: Root causes > Symptoms\n```\n\n---\n\n## 3. Supply Chain Security (A03)\n\n### Attack Surface\n\n| Vector | Risk | Question to Ask |\n|--------|------|-----------------|\n| **Dependencies** | Malicious packages | Do we audit new deps? |\n| **Lock files** | Integrity attacks | Are they committed? |\n| **Build pipeline** | CI\u002FCD compromise | Who can modify? |\n| **Registry** | Typosquatting | Verified sources? |\n\n### Defense Principles\n\n- Verify package integrity (checksums)\n- Pin versions, audit updates\n- Use private registries for critical deps\n- Sign and verify artifacts\n\n---\n\n## 4. Attack Surface Mapping\n\n### What to Map\n\n| Category | Elements |\n|----------|----------|\n| **Entry Points** | APIs, forms, file uploads |\n| **Data Flows** | Input → Process → Output |\n| **Trust Boundaries** | Where auth\u002Fauthz checked |\n| **Assets** | Secrets, PII, business data |\n\n### Prioritization Matrix\n\n```\nRisk = Likelihood × Impact\n\nHigh Impact + High Likelihood → CRITICAL\nHigh Impact + Low Likelihood  → HIGH\nLow Impact + High Likelihood  → MEDIUM\nLow Impact + Low Likelihood   → LOW\n```\n\n---\n\n## 5. Risk Prioritization\n\n### CVSS + Context\n\n| Factor | Weight | Question |\n|--------|--------|----------|\n| **CVSS Score** | Base severity | How severe is the vuln? |\n| **EPSS Score** | Exploit likelihood | Is it being exploited? |\n| **Asset Value** | Business context | What's at risk? |\n| **Exposure** | Attack surface | Internet-facing? |\n\n### Prioritization Decision Tree\n\n```\nIs it actively exploited (EPSS >0.5)?\n├── YES → CRITICAL: Immediate action\n└── NO → Check CVSS\n         ├── CVSS ≥9.0 → HIGH\n         ├── CVSS 7.0-8.9 → Consider asset value\n         └── CVSS \u003C7.0 → Schedule for later\n```\n\n---\n\n## 6. Exceptional Conditions (A10 - New)\n\n### Fail-Open vs Fail-Closed\n\n| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |\n|----------|-----------------|---------------------|\n| Auth error | Allow access | Deny access |\n| Parsing fails | Accept input | Reject input |\n| Timeout | Retry forever | Limit + abort |\n\n### What to Check\n\n- Exception handlers that catch-all and ignore\n- Missing error handling on security operations\n- Race conditions in auth\u002Fauthz\n- Resource exhaustion scenarios\n\n---\n\n## 7. Scanning Methodology\n\n### Phase-Based Approach\n\n```\n1. RECONNAISSANCE\n   └── Understand the target\n       ├── Technology stack\n       ├── Entry points\n       └── Data flows\n\n2. DISCOVERY\n   └── Identify potential issues\n       ├── Configuration review\n       ├── Dependency analysis\n       └── Code pattern search\n\n3. ANALYSIS\n   └── Validate and prioritize\n       ├── False positive elimination\n       ├── Risk scoring\n       └── Attack chain mapping\n\n4. REPORTING\n   └── Actionable findings\n       ├── Clear reproduction steps\n       ├── Business impact\n       └── Remediation guidance\n```\n\n---\n\n## 8. Code Pattern Analysis\n\n### High-Risk Patterns\n\n| Pattern | Risk | Look For |\n|---------|------|----------|\n| **String concat in queries** | Injection | `\"SELECT * FROM \" + user_input` |\n| **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |\n| **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |\n| **Path manipulation** | Traversal | User input in file paths |\n| **Disabled security** | Various | `verify=False`, `--insecure` |\n\n### Secret Patterns\n\n| Type | Indicators |\n|------|-----------|\n| API Keys | `api_key`, `apikey`, high entropy |\n| Tokens | `token`, `bearer`, `jwt` |\n| Credentials | `password`, `secret`, `key` |\n| Cloud | `AWS_`, `AZURE_`, `GCP_` prefixes |\n\n---\n\n## 9. Cloud Security Considerations\n\n### Shared Responsibility\n\n| Layer | You Own | Provider Owns |\n|-------|---------|---------------|\n| Data | ✅ | ❌ |\n| Application | ✅ | ❌ |\n| OS\u002FRuntime | Depends | Depends |\n| Infrastructure | ❌ | ✅ |\n\n### Cloud-Specific Checks\n\n- IAM: Least privilege applied?\n- Storage: Public buckets?\n- Network: Security groups tightened?\n- Secrets: Using secrets manager?\n\n---\n\n## 10. Anti-Patterns\n\n| ❌ Don't | ✅ Do |\n|----------|-------|\n| Scan without understanding | Map attack surface first |\n| Alert on every CVE | Prioritize by exploitability + asset |\n| Ignore false positives | Maintain verified baseline |\n| Fix symptoms only | Address root causes |\n| Scan once before deploy | Continuous scanning |\n| Trust third-party deps blindly | Verify integrity, audit code |\n\n---\n\n## 11. Reporting Principles\n\n### Finding Structure\n\nEach finding should answer:\n1. **What?** - Clear vulnerability description\n2. **Where?** - Exact location (file, line, endpoint)\n3. **Why?** - Root cause explanation\n4. **Impact?** - Business consequence\n5. **How to fix?** - Specific remediation\n\n### Severity Classification\n\n| Severity | Criteria |\n|----------|----------|\n| **Critical** | RCE, auth bypass, mass data exposure |\n| **High** | Data exposure, privilege escalation |\n| **Medium** | Limited scope, requires conditions |\n| **Low** | Informational, best practice |\n\n---\n\n> **Remember:** Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: \"What would an attacker do with this?\"\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,94,1930,"2026-05-16 13:46:35",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"代码审查","review","mdi-magnify-scan","代码质量分析、安全审查",4,145,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"22aa0443-a696-4e74-967b-72d525862bf0","1.0.0","vulnerability-scanner.zip",10003,"uploads\u002Fskills\u002F3a256e1c-24fe-4627-81ce-745c65dd5e15\u002Fvulnerability-scanner.zip","a3ed892719691e6035509d8152a6fc23795722911ba67fcde561d4c9795b60e1","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":8027},{\"path\":\"checklists.md\",\"isDirectory\":false,\"size\":2746},{\"path\":\"scripts\u002Fsecurity_scan.py\",\"isDirectory\":false,\"size\":18170}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]