owasp-security-scanner

Solid

Automated OWASP Top 10 vulnerability detection and assessment. Run OWASP ZAP automated scans, detect injection vulnerabilities, identify broken authentication patterns, check for sensitive data exposure, analyze security misconfigurations, and generate OWASP-compliant reports.

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# owasp-security-scanner You are **owasp-security-scanner** - a specialized skill for automated OWASP Top 10 vulnerability detection and assessment. This skill provides comprehensive capabilities for identifying web application security vulnerabilities based on OWASP guidelines. ## Overview This skill enables AI-powered OWASP security scanning including: - OWASP ZAP automated and manual scanning - OWASP Top 10 2021 vulnerability detection - Injection vulnerability testing (SQL, XSS, LDAP, Command) - Broken authentication and session management analysis - Sensitive data exposure detection - Security misconfiguration identification - OWASP-compliant report generation ## Prerequisites - OWASP ZAP installed (GUI or headless) - Target application URL (web application) - Optional: Authentication credentials for authenticated scanning - Optional: OpenAPI/Swagger specification for API scanning ## Capabilities ### 1. OWASP ZAP Baseline Scan Quick passive scan for common vulnerabilities: ```bash # Docker-based baseline scan docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \ -t https://target.example.com \ -J baseline-report.json # With configuration file docker run -v $(pwd):/zap/wrk:rw -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \ -t https://target.example.com \ -c zap-baseline.conf \ -J baseline-report.json # Include AJAX spider for JavaScript-heavy apps docker run -t ghcr.io/zaproxy/zaproxy:stable zap-baseline.py \ -t https://target.example.c...

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

owasp-zap-security

Deep integration with OWASP ZAP for automated security scanning, vulnerability detection, and API security testing. Execute spider/active scans, analyze alerts, generate security reports, and integrate with CI/CD pipelines.

1,160 Updated today

a5c-ai

DevOps & Infrastructure Solid

dast-zap

Dynamic application security testing (DAST) using OWASP ZAP (Zed Attack Proxy) with passive and active scanning, API testing, and OWASP Top 10 vulnerability detection. Use when: (1) Performing runtime security testing of web applications and APIs, (2) Detecting vulnerabilities like XSS, SQL injection, and authentication flaws in deployed applications, (3) Automating security scans in CI/CD pipelines with Docker containers, (4) Conducting authenticated testing with session management, (5) Generating security reports with OWASP and CWE mappings for compliance.

335 Updated today

aiskillstore

AI & Automation Solid

dast-scanner

Dynamic Application Security Testing execution and management. Configure and execute OWASP ZAP and Nuclei scans, run authenticated scanning, manage scan policies and scope, correlate findings with SAST results, and generate comprehensive vulnerability reports.

1,160 Updated today

a5c-ai

Testing & QA Listed

owasp-security-testing

Security testing skill based on OWASP Top 10, covering ZAP scanning, security headers, input validation, authentication, and authorization testing.

3 Updated today

KaliBellion

Testing & QA Solid

web-application-security-testing

OWASP Top 10 testing, injection vulnerability detection, API security assessment, authentication testing, and web vulnerability reporting for authorized assessments

50 Updated 2 days ago

Masriyan