vudovn

vulnerability-scanner

@vudovn/vulnerability-scanner
vudovn
972
202 forks
Updated 1/18/2026
View on GitHub

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

Installation

$skills install @vudovn/vulnerability-scanner
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryvudovn/antigravity-kit
Path.agent/skills/vulnerability-scanner/SKILL.md
Branchmain
Scoped Name@vudovn/vulnerability-scanner

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: vulnerability-scanner description: Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization. allowed-tools: Read, Glob, Grep, Bash

Vulnerability Scanner

Think like an attacker, defend like an expert. 2025 threat landscape awareness.

🔧 Runtime Scripts

Execute for automated validation:

ScriptPurposeUsage
scripts/security_scan.pyValidate security principles appliedpython scripts/security_scan.py <project_path>

📋 Reference Files

FilePurpose
checklists.mdOWASP Top 10, Auth, API, Data protection checklists

1. Security Expert Mindset

Core Principles

PrincipleApplication
Assume BreachDesign as if attacker already inside
Zero TrustNever trust, always verify
Defense in DepthMultiple layers, no single point
Least PrivilegeMinimum required access only
Fail SecureOn error, deny access

Threat Modeling Questions

Before scanning, ask:

  1. What are we protecting? (Assets)
  2. Who would attack? (Threat actors)
  3. How would they attack? (Attack vectors)
  4. What's the impact? (Business risk)

2. OWASP Top 10:2025

Risk Categories

RankCategoryThink About
A01Broken Access ControlWho can access what? IDOR, SSRF
A02Security MisconfigurationDefaults, headers, exposed services
A03Software Supply Chain 🆕Dependencies, CI/CD, build integrity
A04Cryptographic FailuresWeak crypto, exposed secrets
A05InjectionUser input → system commands
A06Insecure DesignFlawed architecture
A07Authentication FailuresSession, credential management
A08Integrity FailuresUnsigned updates, tampered data
A09Logging & AlertingBlind spots, no monitoring
A10Exceptional Conditions 🆕Error handling, fail-open states

2025 Key Changes

2021 → 2025 Shifts:
├── SSRF merged into A01 (Access Control)
├── A02 elevated (Cloud/Container configs)
├── A03 NEW: Supply Chain (major focus)
├── A10 NEW: Exceptional Conditions
└── Focus shift: Root causes > Symptoms

3. Supply Chain Security (A03)

Attack Surface

VectorRiskQuestion to Ask
DependenciesMalicious packagesDo we audit new deps?
Lock filesIntegrity attacksAre they committed?
Build pipelineCI/CD compromiseWho can modify?
RegistryTyposquattingVerified sources?

Defense Principles

  • Verify package integrity (checksums)
  • Pin versions, audit updates
  • Use private registries for critical deps
  • Sign and verify artifacts

4. Attack Surface Mapping

What to Map

CategoryElements
Entry PointsAPIs, forms, file uploads
Data FlowsInput → Process → Output
Trust BoundariesWhere auth/authz checked
AssetsSecrets, PII, business data

Prioritization Matrix

Risk = Likelihood × Impact

High Impact + High Likelihood → CRITICAL
High Impact + Low Likelihood  → HIGH
Low Impact + High Likelihood  → MEDIUM
Low Impact + Low Likelihood   → LOW

5. Risk Prioritization

CVSS + Context

FactorWeightQuestion
CVSS ScoreBase severityHow severe is the vuln?
EPSS ScoreExploit likelihoodIs it being exploited?
Asset ValueBusiness contextWhat's at risk?
ExposureAttack surfaceInternet-facing?

Prioritization Decision Tree

Is it actively exploited (EPSS >0.5)?
├── YES → CRITICAL: Immediate action
└── NO → Check CVSS
         ├── CVSS ≥9.0 → HIGH
         ├── CVSS 7.0-8.9 → Consider asset value
         └── CVSS <7.0 → Schedule for later

6. Exceptional Conditions (A10 - New)

Fail-Open vs Fail-Closed

ScenarioFail-Open (BAD)Fail-Closed (GOOD)
Auth errorAllow accessDeny access
Parsing failsAccept inputReject input
TimeoutRetry foreverLimit + abort

What to Check

  • Exception handlers that catch-all and ignore
  • Missing error handling on security operations
  • Race conditions in auth/authz
  • Resource exhaustion scenarios

7. Scanning Methodology

Phase-Based Approach

1. RECONNAISSANCE
   └── Understand the target
       ├── Technology stack
       ├── Entry points
       └── Data flows

2. DISCOVERY
   └── Identify potential issues
       ├── Configuration review
       ├── Dependency analysis
       └── Code pattern search

3. ANALYSIS
   └── Validate and prioritize
       ├── False positive elimination
       ├── Risk scoring
       └── Attack chain mapping

4. REPORTING
   └── Actionable findings
       ├── Clear reproduction steps
       ├── Business impact
       └── Remediation guidance

8. Code Pattern Analysis

High-Risk Patterns

PatternRiskLook For
String concat in queriesInjection"SELECT * FROM " + user_input
Dynamic code executionRCEeval(), exec(), Function()
Unsafe deserializationRCEpickle.loads(), unserialize()
Path manipulationTraversalUser input in file paths
Disabled securityVariousverify=False, --insecure

Secret Patterns

TypeIndicators
API Keysapi_key, apikey, high entropy
Tokenstoken, bearer, jwt
Credentialspassword, secret, key
CloudAWS_, AZURE_, GCP_ prefixes

9. Cloud Security Considerations

Shared Responsibility

LayerYou OwnProvider Owns
Data
Application
OS/RuntimeDependsDepends
Infrastructure

Cloud-Specific Checks

  • IAM: Least privilege applied?
  • Storage: Public buckets?
  • Network: Security groups tightened?
  • Secrets: Using secrets manager?

10. Anti-Patterns

❌ Don't✅ Do
Scan without understandingMap attack surface first
Alert on every CVEPrioritize by exploitability + asset
Ignore false positivesMaintain verified baseline
Fix symptoms onlyAddress root causes
Scan once before deployContinuous scanning
Trust third-party deps blindlyVerify integrity, audit code

11. Reporting Principles

Finding Structure

Each finding should answer:

  1. What? - Clear vulnerability description
  2. Where? - Exact location (file, line, endpoint)
  3. Why? - Root cause explanation
  4. Impact? - Business consequence
  5. How to fix? - Specific remediation

Severity Classification

SeverityCriteria
CriticalRCE, auth bypass, mass data exposure
HighData exposure, privilege escalation
MediumLimited scope, requires conditions
LowInformational, best practice

Remember: Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: "What would an attacker do with this?"

More by vudovn

View all
python-patterns
972

Python development principles and decision-making. Framework selection, async patterns, type hints, project structure. Teaches thinking, not copying.

game-audio
972

Game audio principles. Sound design, music integration, adaptive audio systems.

powershell-windows
972

PowerShell Windows patterns. Critical pitfalls, operator syntax, error handling.

i18n-localization
972

Internationalization and localization patterns. Detecting hardcoded strings, managing translations, locale files, RTL support.