npm - @cyberstrike-io/cyberstrike - Versions diffs - 1.1.10 → 1.1.11 - Mend

@cyberstrike-io/cyberstrike 1.1.10 → 1.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
 <p align="center">
   Automated penetration testing from your terminal — plug in your Claude, GPT, or any LLM subscription<br>
-  and turn it into an autonomous red team agent with 13+ specialized agents and 120+ OWASP test cases.
+  and turn it into an autonomous red team agent with 7,300+ security skills across MITRE ATT&CK, CIS, OWASP, and NIST.
 </p>
 <p align="center">
@@ -38,7 +38,7 @@
 npm i -g @cyberstrike-io/cyberstrike@latest && cyberstrike
 ```
-That's it. CyberStrike launches a TUI in your terminal, asks for your LLM provider and API key on first run, and you're ready to go. Tell it what to test — it handles reconnaissance, vulnerability discovery, exploitation, and reporting autonomously.
+That's it. CyberStrike launches a TUI in your terminal, asks for your LLM provider and API key on first run, and you're ready to go. Tell it what to test — it loads relevant skills from 7,300+ MITRE ATT&CK, CIS, OWASP, and NIST test procedures, then handles reconnaissance, vulnerability discovery, exploitation, and reporting autonomously.
 > **Already have a Claude Code or OpenAI subscription?** CyberStrike's intelligence layer sits on top of your existing AI subscription. No separate API costs — your current plan powers an entire pentest toolkit.
@@ -82,15 +82,51 @@ CyberStrike isn't just a wrapper around an LLM. It's an intelligence layer that
 ---
+### Skills System — 7,300+ Actionable Security Tests
+CyberStrike doesn't just give agents generic security knowledge — it loads domain-specific skills on-demand with zero context pollution.
+**What's a skill?** A skill is a structured test procedure that includes:
+- Target methodology (OWASP WSTG, MITRE ATT&CK, CIS Benchmark, NIST)
+- Copy-paste ready test commands
+- Tool references and dependencies
+- Remediation guidance
+- CWE mappings and severity ratings
+**Coverage:**
+| Framework              | Skills | What It Includes                                                                     |
+| ---------------------- | ------ | ------------------------------------------------------------------------------------ |
+| **MITRE ATT&CK**       | 691    | Enterprise tactics + 2,000+ Atomic Red Team tests (Kerberoasting, LSASS dump, etc.) |
+| **CIS Benchmarks**     | 1,500+ | Cloud (AWS/Azure/GCP), Containers (Docker/K8s), OS (Ubuntu), Server (Apache/Nginx)  |
+| **OWASP WSTG**         | 125    | Web app security testing (XSS, SQLi, AuthN, AuthZ, Session, API)                    |
+| **NIST**               | 200+   | Security controls and compliance frameworks                                          |
+**Lazy Loading** — Skills load only when needed. An agent testing for Kerberoasting pulls T1558.003 skill (7 Atomic tests) into context, runs the tests, then discards it. Next test = new skill. Zero bloat.
+**Search & Discovery** — Built-in skill search with relevance scoring. Query by keyword, tech stack, CWE ID, or category. 7,633 skills indexed in-memory.
+```bash
+# Example: Agent loads T1558.003 Kerberoasting skill
+Skill: T1558.003 - Kerberoasting
+Tests: 7 Atomic Red Team test scenarios
+Tools: Invoke-Kerberoast.ps1, Rubeus, setspn
+Platforms: Windows
+```
+Read more: [MITRE ATT&CK Integration](https://github.com/CyberStrikeus/CyberStrike/blob/main/.cyberstrike/skill/mitre_attack/), [CIS Benchmarks](https://github.com/CyberStrikeus/CyberStrike/tree/main/.cyberstrike/skill/CIS_benchmarks)
+---
 ### What Makes It Different
 <table>
 <tr>
 <td width="50%">
-**Specialized Security Agents, Not Generic Chat**
+**7,300+ Security Skills, Not Generic Prompts**
-CyberStrike ships with 13+ agents purpose-built for security domains. Each agent carries domain-specific methodology, tool knowledge, and testing patterns. The web-application agent follows OWASP WSTG. The cloud-security agent knows CIS benchmarks. The mobile agent uses Frida and follows MASTG/MASVS. They don't guess — they follow proven offensive security frameworks.
+CyberStrike agents don't improvise — they follow proven methodologies with lazy-loaded skills. Testing for Kerberoasting? Load T1558.003 (7 Atomic Red Team tests). Auditing Docker? Load CIS Docker v1.8.0 (118 controls). Agents pull exactly what they need, execute structured test procedures with copy-paste commands, then discard. Zero context pollution. Real pentest frameworks: MITRE ATT&CK, CIS Benchmarks, OWASP WSTG, NIST.
 </td>
 <td width="50%">
@@ -270,9 +306,9 @@ Read the [Contributing Guide](https://github.com/CyberStrikeus/CyberStrike/blob/
 CyberStrike is the core platform. These MCP servers extend its capabilities:
-| Project                                                                | Domain                                  | Tools                                 |
-| ---------------------------------------------------------------------- | --------------------------------------- | ------------------------------------- |
-| **CyberStrike**                                                        | **Autonomous offensive security agent** | **13+ agents, 120+ OWASP test cases** |
+| Project                                                                | Domain                                  | Tools                                       |
+| ---------------------------------------------------------------------- | --------------------------------------- | ------------------------------------------- |
+| **CyberStrike**                                                        | **Autonomous offensive security agent** | **7,300+ skills (MITRE, CIS, OWASP, NIST)** |
 | [hackbrowser-mcp](https://github.com/badchars/hackbrowser-mcp)         | Browser-based security testing          | 39 tools, Firefox, injection testing  |
 | [cloud-audit-mcp](https://github.com/badchars/cloud-audit-mcp)         | Cloud security (AWS/Azure/GCP)          | 38 tools, 60+ checks                  |
 | [github-security-mcp](https://github.com/badchars/github-security-mcp) | GitHub security posture                 | 39 tools, 45 checks                   |

package/package.json CHANGED Viewed

@@ -7,7 +7,7 @@
   "scripts": {
     "postinstall": "bun ./postinstall.mjs || node ./postinstall.mjs"
   },
-  "version": "1.1.10",
+  "version": "1.1.11",
   "license": "AGPL-3.0-only",
   "keywords": [
     "cyberstrike",
@@ -37,6 +37,6 @@
     "url": "https://github.com/CyberStrikeus/CyberStrike.git"
   },
   "optionalDependencies": {
-    "@cyberstrike-io/cyberstrike-darwin-arm64": "1.1.10"
+    "@cyberstrike-io/cyberstrike-darwin-arm64": "1.1.11"
   }
 }

package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-00/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: []
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 4f43b64c753941a02b8a96fb2f44fffb703580811399d5189b3be5c8f56ac117
-signature: kqgvhutFBk2CCB3rGDw5fMuCwic/SKDxstql6yLd13M1VbSutmkKyUr/6P4UqHp6IDRgOLMw05RN4GvwBYAMDQ==
-signed_by: cyberstrike-official
 ---
 # wstg-apit-00
@@ -291,9 +288,6 @@ checker.generate_report()
 - [OWASP API Security Project](https://owasp.org/www-project-api-security/)
 - [OWASP API Security Top 10](https://owasp.org/API-Security/)
-sha256: 768a448379b0c063f426709baf29af46fa2625a88efc4903656dd85475177ee2
-signature: 0qBtqJ6I41/YA8XF+pwUkg8yTgBgWdNspvadHDximF+TKdRp5OOU9WZKL3ojDphNqBOdM3qw8TOehF6B5ftwAQ==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-01/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: c7d107ce8e755ccadedc8c858d2eff8b475c41b97bd208f89b9d1302f7cd2c74
-signature: MnxtEkDDds08P6RTfcVmcer5MO7lLUjg0PMVGixyZecoqe3WusVplkpTsqFM2R0s4ONYxd9toqI+mzjGzmWGDw==
-signed_by: cyberstrike-official
 ---
 # wstg-apit-01
@@ -235,9 +232,6 @@ recon.generate_report()
 | **Kiterunner** | API endpoint discovery |
 | **Postman**    | API documentation      |
-sha256: 5b39d63bef5bb4a60966269ab3629b12e6eaf1603691748ca478afbec684fc6b
-signature: NuDXQcXPkj2H2QOo7Oy6gZMpjyoUVbuVDIU6rYZSn1roOixlHd2YW8Xg3yQp31T39o/NpTAhmu/lOcbbGgztDg==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-02/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-200]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 6b746ddc83cd43bd714e47aec29662768b3c5b417dd16bf206fc297a43864f47
-signature: NRBaz8UBJbNsMYV/YmyHg95gv6v+eWstGujofZLNb16okn1I2yqfBQXl+/IIsEu+rDj04ZG2cPlT7L84Bwm5BA==
-signed_by: cyberstrike-official
 ---
 # wstg-apit-02
@@ -190,9 +187,6 @@ def get_user(user_id):
 | ----------- | ------------------------------------------------ |
 | **CWE-639** | Authorization Bypass Through User-Controlled Key |
-sha256: 85b1f34398bc46c141a16d575e73fa5751fed1292dfd01d152e9e77a86b0091c
-signature: tRmtoRIdpKrdd2rRzxrDqXh4C3r1yQvl56K0ELd2a0rIAmnqpsXyHRM0Eg1J5vviNpZiqMDQ2qKv2Govq9+WBQ==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-apit-99/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: []
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 25aa529370230c3018db4dd48cd44b7c8f0ba49577c1c2622799d8ecdfeb91e0
-signature: DaX7ETbjWCsjKkFtou6JlU9CvHdyvCM3FdzfCHYhoykOtF0SHDNfANzudEB2+vCGKyZ6+pAJL3KSKn/71CY+DQ==
-signed_by: cyberstrike-official
 ---
 # wstg-apit-99
@@ -311,9 +308,6 @@ schema.execute(query, validation_rules=[depth_limit_validator(5)])
 | Authorization bypass  | 7.5  | High     |
 | SQL injection         | 9.8  | Critical |
-sha256: 4d5c4222de15e8989a70b2c182cd4e05e4a20555b2aa93d30d46c0344d474ec5
-signature: rhjIn3LHncxmSxQqmx7jZzQlJ1nZ3b1IFa3bbomGQs6HMresDYR+94rsIlupXpZRZYA481Rs8KkPjNK1FqWfBg==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-01/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-522]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: d951fd147a888a7a9adaf859ef12a7beb02a36e0d6cbef663ec94a70801f9dee
-signature: QcOffusU8CwW/mP86avPuaMBkhBw9YA/qOgs9umoQwnPsBlkXLZOIyJlnPAmOecR5sbt4IKwqozEmm+ufD4/Cg==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-01
@@ -412,9 +409,6 @@ def enforce_https():
 - [OWASP TLS Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Security_Cheat_Sheet.html)
 - [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org/)
-sha256: 26e534a6784d714b302771e0d92d1b1024380e6f3e4c5b5509d56859ad15a83a
-signature: KCqLEn1gQ25ro4IW8whTQLDukvc6c2w1iAxbVj6bMDPKUQOuT1dyyHy3sSh8vI4uAZbWm848UDd0B+hA898xBg==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-02/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-640]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 9220089a488bec31c663fc2b2edee9c304ef60948f4e9748117d4fb2aaff4308
-signature: VU5hMLTPI08A/XbS8n/hTWkSTiFEr3gplxHCo6f3ErYxoykWLJSLh2Bf2z3uEipMacwDuL2iU3K6SRfRrWLiDA==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-02
@@ -566,9 +563,6 @@ def login():
 - [CIRT.net Default Passwords](https://cirt.net/passwords)
 - [SecLists Default Credentials](https://github.com/danielmiessler/SecLists/tree/master/Passwords/Default-Credentials)
-sha256: 2c049c9de339c37db13f3b6480f6c4004d609d7731253b27f1fb49e7a7acb2ad
-signature: pioWjRtSbZUnHBKKDtifs67FSSzSxjNen2mNAboud9NX2HMm8WdOShXsa6z8H1n8c6nJYGBqhlWZ1P4o0r4yCA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-03/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-304]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 3b27532dc86e637c368fa58000f7b38696ed0b732d281405182458fcf6a2f2e2
-signature: EKUVYNin45vE6t37pY0NONZ5o4FV29cZGw4rOE4+zqnibecPU25C5/E7HnT/yEGxrM9yLhVUtyoAKlB1gvUKAw==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-03
@@ -619,9 +616,6 @@ class SmartLockout:
 - [OWASP Authentication Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html)
 - [NIST Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)
-sha256: 37eb49c2b53823ccc694d04bb78e1ac8e21ca8339922248b3742faf8bd1d85a7
-signature: iqSf1Ii2VYQFQtC3OQQON5Z6THkzOF90sF1fo06tt0kp9Q96zbxCX981UQ+gByRObR+J0EH4YVlykN5UAU4rCw==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-04/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-307]
 chains_with: [wstg-athn-05, wstg-athn-02]
 prerequisites: [wstg-idnt-01]
 severity_boost: {}
-sha256: 10e3783f68b981c2a52df2b67c45996b6b926e58c0e18fb9b8aad341287dc054
-signature: zsE4l08gBZXtouiYoGgmwFGGTCsd4hhC4Lpuhxi+FnUnslTelOjHR1z+AomSne1ydd2mhTFDrKbYj8ZHCpvbCA==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-04
@@ -604,9 +601,6 @@ def check_authorization():
 - [OWASP Testing for SQL Injection](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection)
 - [JWT Security Best Practices](https://auth0.com/blog/a-look-at-the-latest-draft-for-jwt-bcp/)
-sha256: a83aebb18a437addda90c660d546bf5d956c78bf97c3cdde60830dc55d1ae72d
-signature: 6mH83LUNhn9oOtS8daxUSF4GBdMHOPNQpFoEVqrRhi5ARXPHZViAOERbuZhwtXHtW3RABgw9uuyhBjsFnwb4Cw==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-05/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-287]
 chains_with: [wstg-authz-02, wstg-sess-01]
 prerequisites: [wstg-idnt-01]
 severity_boost: {}
-sha256: b2103d443831b38bcd75fc464d5bdfbba5fc54dd26aa8811ed2ccaf6b3ed3c2a
-signature: pZ0rSLgAT527caB6PAEz/wUatl8NDC4QcQnLlm+SrwpoYjqsitwos1IuduQxKor8vlpoTBVZENwDzodXC+oGBA==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-05
@@ -613,9 +610,6 @@ def verify_and_rotate_token(token, user_agent, ip_address):
 - [OWASP WSTG - Testing for Vulnerable Remember Password](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/05-Testing_for_Vulnerable_Remember_Password)
 - [OWASP Session Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html)
-sha256: 788307eec8af978f02d6e86b4b4d1aee6611c4ac31da5843704eca0094b70ecd
-signature: z2UBTGq4QSFnb8Zhh6kcMY2/U4ms++r1ikyxq2Ufjp7L8dDuFE5GvJaugdVZ6pbqZc1jExgzoi8RQspRQCx4BQ==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-06/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-613]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 8231cbdde950559c7049ebd4c196819ac1a9b2b4e28daf1f883943f6db8daf87
-signature: jttl9TEbSJgB5KEjxFvVqwuEQjGWlZDaQuAQkOZmHYu+PNokyshQfpGPpA5CXF0xOynLAhET0zTqmGQi16UYCg==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-06
@@ -528,9 +525,6 @@ def logout():
 - [MDN Cache-Control](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control)
 - [OWASP Secure Headers](https://owasp.org/www-project-secure-headers/)
-sha256: 7674261a5a15ef9f1fd9dc70bed5123dec1bbfe6124434df2ae00311100212e5
-signature: oM30zN5U/oAh0l54YRtSqGfvAu8tI7Lo8PiNI/tMO6IvtW01nAN9O/W6V5EyOIfkoHwaO63uOtlOPoo/5TpBBA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-07/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-287]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 167aa0a24360ebb3b93f1ff9bc508ebb647279d294b4fd8b5f9fc76760dc757e
-signature: OyVIQHH+cDrK28Ez3yx07B3YH+9AsJQqQ886YyGXqMl370vQnk8WBtiar/whteDRE2Z3v5lw4a/gpfXMJlHhCQ==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-07
@@ -623,9 +620,6 @@ document.getElementById("password").addEventListener("input", (e) => {
 - [NIST Password Guidelines](https://pages.nist.gov/800-63-3/sp800-63b.html)
 - [OWASP Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
-sha256: a45b1c9bc3ef4b9a3de56e882f4d3db454cc19d5e97849e752173c7beba425b7
-signature: XpgfojS+Wp3wGH8qq5AshuBQctZiXg01oglB7v+ntXKhVEZezss+eV0RrXeGP4GZbDogVO4jnQB+eyzaTOrnCA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-08/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-287]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: d1e2668af3394a8e8e9bc00083d5f658ef35e1fe4e6da10fcc1545f861b61e12
-signature: Ig5qn6SSJm+RaZRf/xcyoPVi1y0Gx5ujV2Lsgas/k+ssuYYAvqVweCZJ+nzbqNQHzxqm3ohVfCEEvPyOnOUTAw==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-08
@@ -500,9 +497,6 @@ class DynamicKBA:
 - [OWASP Forgot Password Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html)
 - [NIST Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)
-sha256: ef57168360ba5fbb9b6ae88faa47bc7efdaa06449204267305c0dc6c34fdf004
-signature: TUZgeWj3QSTpjWbwwiZXu4Z9KTnts8lR9DAkzkQnyKcQyL0p+on5Q8r+gnHIS0RbvirQ/asKQkztWkm/d9lDDA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-09/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-521]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: c10dbd24592d3f25f845a192375155c4035689c6ea0e68da0fabff218d036c1e
-signature: 8++e/Koe0GqGy0x07g6fHuicd0UofQAN10JxbCbD+7jkiwmsvxXmixH4maTQ0JIBsgH4s1LeBcdumtJPWvn9BQ==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-09
@@ -613,9 +610,6 @@ def change_password():
 - [OWASP Forgot Password Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html)
 - [Password Reset Poisoning](https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning)
-sha256: 8c3953dff1d9452bb6aec9e50e892fd31895332d0c7e80912182e0e4646d1d5f
-signature: qvg1R6PiF5RxBTV/cMQ0B0PpS0vw0AcQCVfcM1EVzuWpUJ0n7yt8vFI1Wh9bN5ksyhSRftzrChJkXLBHPVIyDw==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-10/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-287]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 8a17d906573a312c4390b628cb28bcc46e971db22525ecb9f2cd4aae0509ef36
-signature: OD+1cjGkVJepAl6CrqaESxK2lw3Hj8gpUihNaI6PMKUPanZZSSTq3oPjDv/1iClwLSwKO7aLuZl//td6QnGnBA==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-10
@@ -606,9 +603,6 @@ routes:
 - [OWASP WSTG - Testing for Weaker Authentication in Alternative Channel](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/10-Testing_for_Weaker_Authentication_in_Alternative_Channel)
 - [OWASP API Security Top 10](https://owasp.org/API-Security/)
-sha256: 8e8e1b1af0186d1f7e969788fe6cc86f318475ada14811b9fd45d75c33874462
-signature: NAYu+b3bzUO9mD11KB9SKMMMyuV2RuqHGV3GpGBEd4zjeK6bl73YEQKw7A7bGBAl4bzIajnNerp3X5sPXI4uCA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-athn-11/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: []
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: b1292a990dda462ace68727609c573c3be321ae8d4d0b605c6f1ebcea72f5f47
-signature: qKE7Oif56+C6xqV2F3VqUBLrYa3NSuvVdA7s/RWeeu/TWYJ/YitmGSZW+oCJDEzMwgo8BEGeZA/TcjMeCk7tCg==
-signed_by: cyberstrike-official
 ---
 # wstg-athn-11
@@ -681,9 +678,6 @@ def disable_mfa():
 - [OWASP MFA Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Multifactor_Authentication_Cheat_Sheet.html)
 - [NIST Digital Identity Guidelines - MFA](https://pages.nist.gov/800-63-3/)
-sha256: a27a05f1c08961839641255491547e4cc555762d5ba17e3ff026f793c0378f62
-signature: J9E7kjrjHPkN8oQoZ8suOq6mRaXpNexc+u4y1iXsiwU8lTIYmd8YpmlXQ3OGZhDq5iukKs9W5TmKhQn/ZsvXBQ==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-auth-session/SKILL.md CHANGED Viewed

@@ -3,9 +3,6 @@ name: wstg-auth-session
 description: WSTG identity, authentication, authorization, and session management testing
 tags: [auth, session, idor, csrf, jwt, wstg]
 version: "1.0"
-sha256: 52334e0da9dd27e3dd3a2458d15d1dd3639dab437c064d4ba55fdfbdfcd5573c
-signature: cJNsT7SWkFbMsNex/4UyBfoYUVjiKleXtdV4nRQgZLHXm46Lp023xzpkLKKpVKk/3375ZUuzvJg44k9hBLZ1Dg==
-signed_by: cyberstrike-official
 ---
 # Auth & Session Testing (WSTG-IDNT + ATHN + AUTHZ + SESS)

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-01/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-639]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: b413bf5c4fdcc6988a587ac3650fa2c62972766d23b20071bc4223a671e01f9e
-signature: vP84LNLvVwyA7njvOoPosfpvD9WuhYw4HL7YQ0tDaMkcEo6bxRiCAf2fIU2YiByXwNzqWqT/0EIrH5Dv97hiAg==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-01
@@ -469,9 +466,6 @@ def download_file(file_id):
 - [CWE-22: Path Traversal](https://cwe.mitre.org/data/definitions/22.html)
 - [PortSwigger Path Traversal](https://portswigger.net/web-security/file-path-traversal)
-sha256: 19ff9d17e3628913af7e50f7081bcbe8ebe56d70ae5fad8e5353e2e5136a3b13
-signature: V/shRZP9WjRjy/lgkxfaKzNxTiLBriJRTnPMVNoBAd4Y6amhi6xOfQytjH+K1cQ/ybrfOkrNdNVQzoV922QCCg==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-02/SKILL.md CHANGED Viewed

@@ -13,9 +13,6 @@ prerequisites: [wstg-athn-01]
 severity_boost:
   wstg-inpv-05: "IDOR + SQLi = Mass Data Breach (Critical)"
   wstg-authz-03: "IDOR + Privilege Escalation = Admin Access (Critical)"
-sha256: cc00ec0f97544ebfffb86e3bb34523ed748da290a15dc8800bf85097d8b0e23d
-signature: uXpqcjGyjB3iwNVKYuKngkzVCbTJuFsa4XXBSrqCvRAGbtLBe2f6R9EJhp+Lt6G855Xwzxm2K2umvavoP3vnCQ==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-02
@@ -658,9 +655,6 @@ can_access = policy.evaluate(
 - [OWASP Authorization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html)
 - [Autorize Burp Extension](https://github.com/Quitten/Autorize)
-sha256: 19c2f77d3a6cfb31744efa997bde6408afa65a36d2cbf7ae9abb4a7b4daf9059
-signature: PP/7jr5+RRvrjV4bpQ5ZwsIxYa1w3Q3O2LnGsD3rRHL+0ttgSkgqdkd+oaph7fUz0VhPyWdb3DzI7l8hWZ5PCA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-03/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-269]
 chains_with: [wstg-authz-02, wstg-athn-05]
 prerequisites: [wstg-athn-01, wstg-idnt-01]
 severity_boost: {}
-sha256: bb97bbba933ec9f29d9e2ffdaac5be414fdeec7b855fd94934f57cbb4429d5e6
-signature: zi45nMRiI8w7kaTaMgnrEsSYZwL/o5aOEGLMqszF7j2XI+OcWaiWYI4EOyODINREOWyyGb97ecwXonYa9wn/Aw==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-03
@@ -686,9 +683,6 @@ class SecureJWT:
 - [OWASP Authorization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html)
 - [JWT Security Best Practices](https://datatracker.ietf.org/doc/html/rfc8725)
-sha256: a3589f045c257536a2e90ceea426c5b1c1bd391b5445bf1ea7de3a4f7d231ff4
-signature: kuEL070bQwg1NVSZ3BXHEyLZSjQEhYeUKC57lNvu+Vi1HPoUMSipI6dJprQvrKJ5kHSA0J8Oi9rpe/Uew5gxAQ==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-04/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-639]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 95fef305e021b35c811797c860559eb078fed2686bd5d0e21d280ebdfa9c6969
-signature: 698vX3EEniQcPItgu2DzUfnLQYEcZx7eKE7YbGiRE+7tgbVa1NnCPTvaEaTjnmNdBufndsU/Jsi+gxkGNp26Ag==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-04
@@ -699,9 +696,6 @@ class Document(db.Model):
 - [OWASP IDOR Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html)
 - [PortSwigger IDOR](https://portswigger.net/web-security/access-control/idor)
-sha256: 68f2e733533bb47fac884640757f35f8db93393ad3c51acb5b8be5066f40da78
-signature: wOSrHeXqw+zAjxRUpurAZzoWNq8yMWjcQNLhlDYIlFMJkO/r6rA7NYlAWwJha5YKScoAJPUdKTpRKYpUGhlBDA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-05/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: []
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: fb401c0171017c18b7349e0135907e939075336b6b25c82f4ddc54d0582f6a16
-signature: W1yP1RHzTUt4lENQnJ8ipKkGTKpso/iYqPAHGJQTBVXdh33A7+gfCG25dU4zRzusB6veA7jHM7oMUYnnx5kGDw==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-05
@@ -697,9 +694,6 @@ def token():
 - [RFC 7636 - PKCE](https://tools.ietf.org/html/rfc7636)
 - [PortSwigger OAuth](https://portswigger.net/web-security/oauth)
-sha256: 3b19018e4af8b4abcc3c85002ef6c3c307f010624994614bd79272975246f88c
-signature: vCSbqopW6TmiDM7znrgTmKcF7oSNhWy5NB4yaLYO+eAIwezYJBhBq0JbzXqFu1DlWZbxxOEXD7Wsaus0986aAA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-05.1/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: []
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 5ef76e2369f25641062545dd2821fdcacad619931b9778e6157aeb1d32f05134
-signature: 6Bn9NjW3dUULRO2RzFWvAyY3AFpdG+qSEpI6R3c7ZPMdCohbvr6YQDLXQBFLGc3arOJVjxs9b9Vwg7K9sKMHAw==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-05.1
@@ -631,9 +628,6 @@ class ConsentManager:
 - [OAuth 2.0 Security Best Practices](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics)
 - [OAuth 2.0 for Native Apps](https://tools.ietf.org/html/rfc8252)
-sha256: 2a3727475941d12048207e6e9bb019e8a89c357dc0cf8536097aeb74f400e020
-signature: z6Jk7WReaS3L1V88a5PpEFq6scFgxv9CzT0ruPz4iBIPmLMte2cTYByWr+2s8VZEadPNlbCAWwGs0jK3rbjRCw==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-authz-05.2/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: []
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 3dcfd065b38bb8be9a90965eb4ebcb02f21ac7a35679100a59109cf364baa647
-signature: FbzMn/MG8q4MUdwaqi22N4C7wu00aXhZknVmAq0LpH+1cOZnIP0LVul84YGrIAhd4tAjn5xkUdzFriodGPe4Bg==
-signed_by: cyberstrike-official
 ---
 # wstg-authz-05.2
@@ -734,9 +731,6 @@ def oauth_callback():
 - [PKCE RFC 7636](https://tools.ietf.org/html/rfc7636)
 - [OAuth Security Best Practices](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics)
-sha256: 0b09b97cdb042d02c224dfc0a1085fbfa77238563e6e1f72c765323012f2f75a
-signature: 17Xb+wv7+Hm61jAWmVkptrwImyB7fIKsHs6r84b/xfTsu7p2JX+cjmdtb0Y4YS1BjkGWaZGW+I4jwojua2TXBA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-01/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-840]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: addecbd9610ab1e7d87758345e76d397614b9b5d832e227eff40b73c7d66c9d9
-signature: KC18T/SnzkEoVz+4QBNy7AgWEwbythupmhDDen4FYHWTWemZPg/YgoTb/n2nLpDAgyyLEwvsAVlBVFx0QnotAA==
-signed_by: cyberstrike-official
 ---
 # wstg-busl-01
@@ -570,9 +567,6 @@ def checkout():
 - [OWASP WSTG - Test Business Logic Data Validation](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/01-Test_Business_Logic_Data_Validation)
 - [OWASP Testing for Business Logic](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/10-Business_Logic_Testing/)
-sha256: 19cd8c5603aaae2b15cd089d2f7147f96f3e30c948fd116bafd5a4fcc69e21c8
-signature: tpl/WiocBobUqaCZFfbKFRFnEJyRWGsha8b10QyagzE3lFpIVFDyEjX1v/MCO9krz4ElaEW2IYp0H4zE4Pz5Bw==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-02/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-840]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: 49d458138625666e2c5e83ef28d5cc66497603a8fae67b4d55c7c8a5f4ccb85e
-signature: Q4S7tfBQdHpvpnYPfL9b7Nm6thYD2nyvfJQc4q2MtHzwTbz1mok+fNeMmMnQusdJyBT3wVyFtVyBXexBRW0KDg==
-signed_by: cyberstrike-official
 ---
 # wstg-busl-02
@@ -589,9 +586,6 @@ def process_payment():
 - [OWASP CSRF Prevention](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html)
 - [OWASP Testing for CSRF](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/05-Testing_for_Cross_Site_Request_Forgery)
-sha256: abb9ab0acdf025ebf39d299736f0200f86162e78ac9a339d284c3bfb21814eb6
-signature: NIdaQGPnJit0qXxrWSBzIOlXsdzd5snueiyeuYddnUGgTHys0mo+NQiwfaXrzomGuKM3KsMNWoxef5MB1yeqDA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-03/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-840]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: cd7395a094b388c0e52be12a6959480d76bbd58e414612374f47a5e55ad36d7f
-signature: 8XU1noHfH3PCElqMzoFEFuoz+cwsxqx4jAwVJgW9j+3stX8rE0HalawLpbmYS+gCK9oaO4mLb+NTZHgDh6JRBQ==
-signed_by: cyberstrike-official
 ---
 # wstg-busl-03
@@ -578,9 +575,6 @@ def decrypt_and_verify(encrypted_data):
 - [OWASP Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)
 - [NIST Hash Functions](https://csrc.nist.gov/projects/hash-functions)
-sha256: 00ba48d13046e0caafed20898007619d3643e92cf4131c3496ac3ec5b4d8fcd0
-signature: Xwuz52rkxh3WWKKxJ/r7enSE2aHp+TyAc4xWuWXXdS2pkyb06rLLZMoEKY6e2fUYDWPwCfkdTmCNOtMbgmkgAA==
-signed_by: cyberstrike-official
 ---

package/skill/WEB/OWASP_WSTG_4.2/wstg-busl-04/SKILL.md CHANGED Viewed

@@ -11,9 +11,6 @@ cwe_ids: [CWE-840]
 chains_with: []
 prerequisites: []
 severity_boost: {}
-sha256: dae2f3d04e93ff245052ec3ae0ae084f276d5b1e1b85af8f31df1b92b9acfbcc
-signature: EpuA2BmQrbOYXWZM2P5ugDkoQ7Y3zM7xoETkcenK16/npKNcBn+Sja2eeeIwbr11Jedoi3h7ykZVVe2Au8wTAw==
-signed_by: cyberstrike-official
 ---
 # wstg-busl-04
@@ -701,9 +698,6 @@ def process_payment_idempotent(idempotency_key, payment_data):
 - [PortSwigger - Race Conditions](https://portswigger.net/web-security/race-conditions)
 - [Turbo Intruder](https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack)
-sha256: dde787187aac991b12d9713f255386adee860ee0cec93e55c202a12b949b3327
-signature: BlW6ej/nbuBgnrchL3VK22nQi7ic94q4jM6zhXCSiF62Qd8Q5cPfaNfFcx9dd2d3a/SJYer+OsFyZ3xtPNdlDQ==
-signed_by: cyberstrike-official
 ---