Skills
.Work. You
Rest

hunt-csrf

Community

Find CSRF weaknesses that enable account takeover

Software Engineering#oauth#web security#csrf#saml#token validation#account takeover#sameSite
AuthorCarlos-Reyes-UTP
Version1.0.0
Installs0

System Documentation

What problem does it solve?

It helps security teams identify Cross-Site Request Forgery (CSRF) flaws that let an attacker perform state-changing actions on behalf of a victim, potentially leading to account takeover, financial impact, or persistent account linking.

Core Features & Use Cases

  • CSRF target prioritization: Focuses on high-value flows like account linking/unlinking, OAuth/SAML callback handling, authentication infrastructure, and cross-origin POST JSON APIs.
  • Attack surface discovery signals: Pinpoints risky patterns such as missing/weak SameSite cookie attributes, weak Origin/Referer/CORS posture, token staticness or omission, and JSON endpoints that accept cross-origin “simple” requests.
  • Reproducible hunting workflow: Provides a step-by-step methodology to validate exploitability quickly and build impact-driven proof-of-concept evidence.

Quick Start

Use the hunt-csrf skill to systematically test an authenticated web application for exploitable CSRF by validating cookie SameSite behavior, CSRF token correctness, and OAuth/SAML or JSON endpoint state changes.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: hunt-csrf
Download link: https://github.com/Carlos-Reyes-UTP/Desarrollo-de-Sistema-de-Ventas-Empresas-de-Moda/archive/main.zip#hunt-csrf

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.