Testing Handbook Skills
Plugin Verifiziert AktivSkills from the Trail of Bits Application Security Testing Handbook (appsec.guide)
To automatically generate specialized Claude Code skills for security testing tools and techniques, derived directly from the comprehensive Trail of Bits Testing Handbook.
Funktionen
- Analyzes Testing Handbook structure
- Identifies skill candidates
- Generates skills using templates
- Validates generated skills
- Supports two-pass generation for cross-references
Anwendungsfälle
- Creating new security testing skills from handbook content
- Automating skill generation for the entire handbook
- Refreshing existing skills based on handbook updates
Nicht-Ziele
- Fuzzing or testing arbitrary codebases
- Providing general security advice outside handbook scope
- Modifying or analyzing skills outside its own plugin
Workflow
- Locate and analyze the Testing Handbook.
- Plan the generation of new skills and identify related references.
- Generate skills using appropriate templates (two-pass process).
- Validate generated skills using provided scripts.
- Update the main README and cross-reference graph.
- Self-improve based on generation process insights.
Praktiken
- Skill Generation Workflow
- Code Validation
- Documentation Maintenance
Voraussetzungen
- Access to the Testing Handbook repository
- Claude Code environment
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbitsEnthält 15 Erweiterungen
Skill (15)
AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-after-free bugs.
AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.
Atheris is a coverage-guided Python fuzzer based on libFuzzer. Use for fuzzing pure Python code and Python C extensions.
cargo-fuzz is the de facto fuzzing tool for Rust projects using Cargo. Use for fuzzing Rust code with libFuzzer backend.
Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuzzing blockers.
Fuzzing dictionaries guide fuzzers with domain-specific tokens. Use when fuzzing parsers, protocols, or format-specific code.
Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.
Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving existing harness code.
LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets.
Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.
OSS-Fuzz provides free continuous fuzzing for open source projects. Use when setting up continuous fuzzing infrastructure or enrolling projects.
Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits. Use for fuzzing pure Ruby code and Ruby C extensions.
Meta-skill that analyzes the Trail of Bits Testing Handbook (appsec.guide) and generates Claude Code skills for security testing tools and techniques. Use when creating new skills based on handbook content.
Wycheproof provides test vectors for validating cryptographic implementations. Use when testing crypto code for known attacks and edge cases.