pentest-outbound-interaction-oob-detection
9
总安装量
9
周安装量
#32923
全站排名
安装命令
npx skills add https://github.com/crtvrffnrt/skills --skill pentest-outbound-interaction-oob-detection
Agent 安装分布
gemini-cli
9
amp
7
github-copilot
7
codex
7
kimi-cli
7
opencode
7
Skill 文档
Outbound Interaction & OOB Detection
Activation Triggers (Positive)
ssrf callbackblind xsswebhook abuseoobdns interactionasynchronous callbackxxe out of band
Exclusion Triggers (Negative)
fully in-band exploitstatic code review onlyreport drafting only
Output Schema
- Callback correlation table:
token,payload path,timestamp,source context - Validation verdict:
confirmed,not confirmed,inconclusive - Follow-on exploitation opportunities from confirmed outbound behavior
Instructions
- Generate unique per-test correlation identifiers before sending payloads.
- Ensure callback listener scope and retention are sufficient for delayed events.
- Correlate callbacks by token, path, and time window before confirmation.
- Differentiate noisy background traffic from test-linked interactions.
- Use control payloads to reduce false positives.
- Pass confirmed primitives to exploit or logic skills with full correlation evidence.
Should Do
- Treat OOB validation as evidence discipline, not only payload dispatch.
- Preserve immutable callback logs for auditability.
- Include both positive and negative control outcomes.
Should Not Do
- Do not claim confirmation without deterministic correlation.
- Do not reuse tokens across unrelated tests.
- Do not expose real secrets in callback payloads.