hunt-mass-assignment
CommunityDetect mass assignment flaws to prevent privilege escalation.
System Documentation
What problem does it solve?
Mass assignment vulnerabilities allow attackers to inject sensitive, unexposed fields (like isAdmin, role, or ownerId) into API endpoints to escalate privileges, bypass payment controls, or take over resources owned by other users, creating critical security risks for web applications and backend systems.
Core Features & Use Cases
- Multi-framework testing: Covers mass assignment patterns across Rails ActiveRecord, Laravel Eloquent, Django ORM, Mongoose, and Prisma frameworks.
- Comprehensive payload library: Includes a curated dictionary of high-impact sensitive fields and multiple payload formats (JSON, form-encoded, JSON Patch, GraphQL) to test different endpoint types.
- Use case: Penetration testers can use this skill during API security assessments to identify unvalidated field binding flaws that lead to unauthorized access or data manipulation.
Quick Start
Use the hunt-mass-assignment skill to test a target API's user profile update endpoint for mass assignment vulnerabilities by injecting sensitive administrative and role-related fields to check for unauthorized persistence.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-mass-assignment Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hunt-mass-assignment Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.