hunt-file-upload
CommunityIdentify and test file-upload bugs in web apps.
Authorsseshachala
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Hunt-file-upload helps security testers quickly identify and validate common and evasive file-upload vulnerabilities in web applications, including RCE via uploaded shells, stored XSS via SVG or HTML, SSRF via embedded entities, and path-traversal via crafted filenames across various upload points.
Core Features & Use Cases
- Detects upload endpoints like /upload, /avatar, /profile-picture, /attachment, /import and catalogs potential weaknesses.
- Provides a catalog of bypass techniques (double extension, null byte, case variants, SVG/HTML payloads, ZIP slip) with mitigation guidance.
- Outlines end-to-end test scenarios for RCE, XSS, SSRF, and archive traversal, with validation steps and evidence capture.
Quick Start
Scan the target web app for upload endpoints and generate a reproducible test plan for file-upload vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-file-upload Download link: https://github.com/sseshachala/Claude-BugHunter-archive/archive/main.zip#hunt-file-upload Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.