hunt-nextjs

Community

Hunt high-impact Next.js and SSR vulnerabilities

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the problem of identifying hard-to-detect, framework-specific vulnerabilities in Next.js 13/15 and React SSR applications that generic web scanners miss, reducing the risk of missing critical flaws like auth bypasses, SSRF, and data leakage during authorized security assessments.

Core Features & Use Cases

  • Next.js-Specific Vulnerability Detection: Identifies high-impact flaws including Server Actions auth bypass, Middleware bypass via static asset paths, ISR cache poisoning, Image Optimization SSRF, RSC payload leakage, and debug endpoint exposure.
  • Targeted Attack Surface Mapping: Pinpoints Next.js-specific endpoints (/_next/image, /_next/data/, NEXT_DATA) and version-specific weaknesses using disclosed CVEs (e.g., CVE-2024-34351) and official framework advisories.
  • Use Case: Use during authorized penetration tests or red team engagements of Next.js applications to uncover critical vulnerabilities that can lead to admin access, cloud compromise, or sensitive user data exfiltration.

Quick Start

Use the hunt-nextjs skill to scan a target Next.js application for Server Actions auth bypass, Image SSRF, and Middleware bypass vulnerabilities, then validate findings with out-of-band callbacks to confirm exploitability.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: hunt-nextjs
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hunt-nextjs

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.