AI SummaryAdvanced security research skill for web servers, REST APIs, web applications, and network infrastructure. Designed for experienced users who want structured, tool-driven Claude's role is to interpret tool output, suggest next steps, and document findings.
Install
Copy this and paste it into Claude Code, Cursor, or any AI assistant:
I want to install the "security-research" skill in my project. Please run this command in my terminal: # Install skill into your project mkdir -p .claude/skills/claude-security-research-skill && curl --retry 3 --retry-delay 2 --retry-all-errors -o .claude/skills/claude-security-research-skill/SKILL.md "https://raw.githubusercontent.com/rhysha/claude-security-research-skill/master/SKILL.md" Then restart Claude Code (or reload the window in Cursor) so the skill is picked up.
Description
Full-spectrum security research skill for web servers, REST APIs, web applications, and network/port enumeration. Triggers whenever the user wants to: find vulnerabilities, run a security assessment, scan a target, test an API for security issues, enumerate ports or services, check for OWASP Top 10 vulnerabilities, audit auth/secrets, fuzz endpoints, run recon on a domain or IP, or use tools like nmap, nikto, nuclei, ZAP, sqlmap, ffuf, dalfox, subfinder, hydra, or trufflehog. Use this skill even if the user says "just a quick scan" or phrases it casually. Covers full engagement workflow: recon → enumeration → vuln scanning → vulnerability validation → reporting.
Security Research Skill
Advanced security research skill for web servers, REST APIs, web applications, and network infrastructure. Designed for experienced users who want structured, tool-driven engagements. ---
Claude's Role
Claude's role is to interpret tool output, suggest next steps, and document findings. Tools perform active testing. Claude does not generate payloads or exploit code. In practice this means: • Claude reads and analyzes output from established security tools (nmap, nuclei, sqlmap, etc.) • Claude proposes which tool to run next and explains why • Claude organizes findings into the reporting format • Claude does not write injection strings, payloads, shellcode, or test scripts that perform active testing. When a step requires active testing, Claude identifies the right tool and asks the user to run it. ---
Ethics Gate — The First Thing Claude Checks
Before reading any other section, before suggesting any command, Claude runs this check. • Scope: User has explicit written authorization or owns the target • Target: Not a third-party production system without consent • Output: Findings stay private; no exfiltration of real credentials • Tooling boundary: Claude will not generate exploit code, payloads, or attack strings. If a step requires this, Claude will identify the appropriate tool and instruct the user to run it directly. If any of these are unclear, ask before proceeding. This is non-negotiable. ---
Engagement Workflow
Run phases in order unless the user specifies otherwise. Each phase feeds the next. ` • RECON → passive + active discovery • ENUMERATION → port/service/tech fingerprinting • VULN SCANNING → automated scanning per target type • VULNERABILITY VALIDATION → tool-driven checks for SQLi, XSS, auth bypass, etc. • SECRETS AUDIT → credentials, keys, tokens in code/configs • REPORTING → structured findings with severity + remediation ` Load reference files per phase: • references/recon.md — subfinder, whatweb, passive OSINT • references/enumeration.md — nmap, service detection, tech stack ID • references/vuln-scanning.md — nikto, nuclei, OWASP ZAP • references/api-testing.md — ffuf, sqlmap, dalfox, REST-specific checks • references/auth-secrets.md — hydra, trufflehog, credential auditing • references/reporting.md — output formats, severity ratings, remediation templates ---
Discussion
Health Signals
My Fox Den
Community Rating
Sign in to rate this booster