ghost-bits-cast-attack

Community

Bypass WAF/IDS in Java services with Ghost Bits/Cast Attack

Authorbingook
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps bypass WAF/IDS in Java services where 16-bit char is silently narrowed to 8-bit byte, enabling attacks like SQL injection, deserialization RCE, file upload, path traversal, CRLF injection, request smuggling, and SMTP injection.

Core Features & Use Cases

  • WAF Bypass: Use Ghost Bits to bypass WAF/IDS for SQL injection, deserialization RCE, file upload, path traversal, CRLF injection, request smuggling, and SMTP injection.
  • Java Backend Attacks: Affects Tomcat, Spring, Jetty, Undertow, Vert.x, Jackson, Fastjson, Apache Commons BCEL, Apache HttpClient, Angus Mail, JDK HttpServer, Lettuce, Jodd, XMLWriter, and re-enables many "patched" CVEs through WAF bypass.
  • Use Case: When attacking a Java service with a WAF/IDS, use Ghost Bits to test for vulnerabilities that may be blocked by the WAF.

Quick Start

Use the ghost-bits-cast-attack skill to test for SQL injection vulnerabilities in a Java service.

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ghost-bits-cast-attack
Download link: https://github.com/bingook/bingo/archive/main.zip#ghost-bits-cast-attack

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.