common-dast-tooling
Standardize usage of Dynamic Application Security Testing (DAST) tools (ZAP, Nuclei, Nikto) and custom AI-driven curl probes for adversarial system testing. Use when advising on or running dynamic security scans on local/staging environments. (triggers: DAST, dynamic scan, zap, nuclei, nikto, curl probe, pentest, dynamic analysis)
Best use case
common-dast-tooling is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Standardize usage of Dynamic Application Security Testing (DAST) tools (ZAP, Nuclei, Nikto) and custom AI-driven curl probes for adversarial system testing. Use when advising on or running dynamic security scans on local/staging environments. (triggers: DAST, dynamic scan, zap, nuclei, nikto, curl probe, pentest, dynamic analysis)
Teams using common-dast-tooling should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/common-dast-tooling/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How common-dast-tooling Compares
| Feature / Agent | common-dast-tooling | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Standardize usage of Dynamic Application Security Testing (DAST) tools (ZAP, Nuclei, Nikto) and custom AI-driven curl probes for adversarial system testing. Use when advising on or running dynamic security scans on local/staging environments. (triggers: DAST, dynamic scan, zap, nuclei, nikto, curl probe, pentest, dynamic analysis)
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# DAST Tooling Standard ## **Priority: P1 (OPERATIONAL)** ## Always-Apply Rules - **No Scanning Production**: Never run DAST tools against live production environments. Use local or staging replicas only. - **No Uncapped Scans**: Always set `max-depth` or `max-duration` to avoid infinite loops on dynamic routes. - **No Anonymous Probing**: Use authenticated headers (`Authorization`) to test protected surfaces, not just public ones. ## 1. Automated DAST Tools Follow [implementation guide](references/implementation.md) for command-line setup. - **Nuclei**: Best for fast, template-based CVE/Misconfiguration scanning. - **ZAP-CLI**: Best for deep spidering and web vulnerability scanning (SQLi, XSS, etc.). - **Nikto**: Quick scan for insecure server configurations and outdated software. ## 2. Adversarial `curl` Probing (Manual) When tools are unavailable, use the AI to generate targeted `curl` probes: - **Bypassing Guards**: Probe protected routes with manipulated headers (`X-Forwarded-For`, `X-Custom-Auth`). - **Data Leakage**: Request `/metrics`, `/health`, or `.git` directories to find exposed metadata. - **Parameter Tampering**: Modify payload types (String -> Object) or inject large payloads to test limits. ## Scoring Impact | Finding | Severity | Deduction | | --------------------------------------- | -------- | --------- | | Unauthenticated access to private data | P0 | -25 | | Successful SQLi/RCE via probe | P0 | -20 | | Info Leakage (Server versions/Env vars) | P1 | -10 | | Missing security headers (CSP/HSTS) | P2 | -5 | ## Anti-Patterns - **No relying solely on static analysis**: Pentesting MUST include dynamic execution feedback. - **No ignoring non-web protocols**: Check Docker ports, SSH banners, and internal gRPC/RMQ listeners. ## References - [DAST Tooling Implementation](references/implementation.md) - [OWASP Dynamic Scanning Guide](https://owasp.org/www-community/Vulnerability_Scanning)
Related Skills
swift-tooling
Configure SPM packages, SwiftLint, and build settings for Swift projects. Use when managing Swift packages with SPM, configuring build settings, or enforcing Swift code quality. (triggers: Package.swift, .swiftlint.yml, package, target, dependency)
react-tooling
Configure debugging, bundle analysis, and ecosystem tools for React applications. Use when setting up Vite/webpack build tooling, analyzing bundle size, debugging re-renders with React DevTools, or configuring ESLint and StrictMode for React projects. (triggers: package.json, devtool, bundle, strict mode, profile)
php-tooling
Configure PHP ecosystem tooling, dependency management, and static analysis. Use when managing Composer dependencies, running PHPStan, or configuring PHP build tools. (triggers: composer.json, composer, lock, phpstan, xdebug)
nextjs-tooling
Configure Next.js build tooling, deployment, and developer workflow. Use when setting up Turbopack, standalone Docker output, bundle analysis, CI caching, environment variable validation, or ESLint integration for Next.js projects. (triggers: next.config.js, package.json, Dockerfile, turbopack, output, standalone, lint, telemetry)
laravel-tooling
Configure Laravel ecosystem with custom Artisan commands, Vite asset bundling, Pint code styling, and Horizon queue monitoring. Use when creating Artisan commands, migrating from Mix to Vite, or configuring Pint code standards. (triggers: package.json, composer.json, vite.config.js, artisan, vite, horizon, pint, blade)
kotlin-tooling
Configure Gradle Kotlin DSL, Version Catalogs, and MockK for Kotlin projects. Use when configuring build.gradle.kts, setting up libs.versions.toml, adding MockK for tests, or choosing between Kotlin-compatible test assertion libraries. (triggers: build.gradle.kts, libs.versions.toml, detekt.yml, mockk, kts, version catalog, kotest)
JavaScript Tooling
Configure development tools, linting, and testing for JavaScript projects. Use when configuring ESLint, Prettier, or test runners for JavaScript projects. (triggers: .eslintrc.*, jest.config.*, package.json, eslint, prettier, jest, test, lint, build)
java-tooling
Configure Maven, Gradle, and static analysis for Java projects. Use when setting up Java build tooling, configuring Spotless or Checkstyle, managing JDK versions with sdkman, writing Dockerfiles for Java services, or adding SpotBugs/SonarLint. (triggers: pom.xml, build.gradle, build.gradle.kts, mvnw, gradlew, .sdkmanrc, spotbugs, checkstyle, spotless, eclipse-temurin)
golang-tooling
Go developer toolchain — gopls LSP diagnostics, linting, formatting, and vet. Use when setting up Go tooling, running linters, or integrating gopls with Claude Code. (triggers: gopls, golangci-lint, golangci.yml, go vet, goimports, staticcheck, go tooling, go lint)
dart-tooling
Dart static analysis, linting, formatting, and code-generation standards. Use when touching analysis_options.yaml, running build_runner, configuring dart format line length, setting up DCM metrics, or adding pre-commit hooks via lefthook — and whenever a CI job fails on analyze or format steps. (triggers: analysis_options.yaml, build.yaml, build_runner, lefthook.yml, dart format, dart_code_metrics)
common-observability
Enforce structured JSON logging, OpenTelemetry distributed tracing, and RED metrics across backend services. Use when adding request correlation, setting up tracing spans, defining SLO burn-rate alerts, or instrumenting middleware. (triggers: **/*.service.ts, **/*.handler.ts, **/*.middleware.ts, **/*.interceptor.ts, **/*.go, **/*.java, **/*.kt, **/*.py, logging, tracing, metrics, opentelemetry, observability, slo)
common-mobile-ux-core
Enforce universal mobile UX principles for touch-first interfaces including touch targets, safe areas, and mobile-specific interaction patterns. Use when building mobile screens, handling touch interactions, or validating safe area compliance. (triggers: **/*_page.dart, **/*_screen.dart, **/*_view.dart, **/*.swift, **/*Activity.kt, **/*Screen.tsx, mobile, responsive, SafeArea, touch, gesture, viewport)