dast-scanner
CommunityDetect runtime web app vulnerabilities with Nuclei & ZAP.
Software Engineering#security scanning#devsecops#vulnerability detection#nuclei#dast#web app testing#owasp zap
Authorcamgrimsec
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the challenge of identifying exploitable vulnerabilities in running web applications without source code access, reducing noise from static scans by focusing on dynamic, black-box testing to uncover real-world risks like SQL injection and XSS.
Core Features & Use Cases
- Nuclei Quick Scans: Rapid template-based detection of CVEs, misconfigurations, and exposures tailored to the app's tech stack.
- ZAP Deep Scans: Comprehensive active and passive testing including spidering, injection attacks, and API-aware analysis for OWASP Top 10 coverage.
- Finding Correlation & Reporting: Deduplicates results from both tools, maps to CWE/OWASP, and generates unified markdown reports with remediation guidance.
- Use Case: After deploying a web app via Docker Compose, use this Skill to scan for runtime issues, correlate with prior static analysis, and produce a PR-ready security report for the dev team.
Quick Start
Run a full DAST scan on the live application at https://example-app.com including Nuclei for exposures and ZAP for active testing.
Dependency Matrix
Required Modules
requestsxmltodict
Components
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: dast-scanner Download link: https://github.com/camgrimsec/grimsec-suite/archive/main.zip#dast-scanner Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.