hunt-mass-assignment

Community

Detect mass assignment flaws to prevent privilege escalation.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Mass assignment vulnerabilities allow attackers to inject sensitive, unexposed fields (like isAdmin, role, or ownerId) into API endpoints to escalate privileges, bypass payment controls, or take over resources owned by other users, creating critical security risks for web applications and backend systems.

Core Features & Use Cases

  • Multi-framework testing: Covers mass assignment patterns across Rails ActiveRecord, Laravel Eloquent, Django ORM, Mongoose, and Prisma frameworks.
  • Comprehensive payload library: Includes a curated dictionary of high-impact sensitive fields and multiple payload formats (JSON, form-encoded, JSON Patch, GraphQL) to test different endpoint types.
  • Use case: Penetration testers can use this skill during API security assessments to identify unvalidated field binding flaws that lead to unauthorized access or data manipulation.

Quick Start

Use the hunt-mass-assignment skill to test a target API's user profile update endpoint for mass assignment vulnerabilities by injecting sensitive administrative and role-related fields to check for unauthorized persistence.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: hunt-mass-assignment
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hunt-mass-assignment

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.