gkt-node 3.3.0

package/assets/.agent/skills/broken-authentication/SKILL.md

@@ -0,0 +1,476 @@
+---
+name: Broken Authentication Testing
+description: This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
+metadata:
+  author: zebbern
+  version: "1.1"
+---
+
+# Broken Authentication Testing
+
+## Purpose
+
+Identify and exploit authentication and session management vulnerabilities in web applications. Broken authentication consistently ranks in the OWASP Top 10 and can lead to account takeover, identity theft, and unauthorized access to sensitive systems. This skill covers testing methodologies for password policies, session handling, multi-factor authentication, and credential management.
+
+## Prerequisites
+
+### Required Knowledge
+- HTTP protocol and session mechanisms
+- Authentication types (SFA, 2FA, MFA)
+- Cookie and token handling
+- Common authentication frameworks
+
+### Required Tools
+- Burp Suite Professional or Community
+- Hydra or similar brute-force tools
+- Custom wordlists for credential testing
+- Browser developer tools
+
+### Required Access
+- Target application URL
+- Test account credentials
+- Written authorization for testing
+
+## Outputs and Deliverables
+
+1. **Authentication Assessment Report** - Document all identified vulnerabilities
+2. **Credential Testing Results** - Brute-force and dictionary attack outcomes
+3. **Session Security Analysis** - Token randomness and timeout evaluation
+4. **Remediation Recommendations** - Security hardening guidance
+
+## Core Workflow
+
+### Phase 1: Authentication Mechanism Analysis
+
+Understand the application's authentication architecture:
+
+```
+# Identify authentication type
+- Password-based (forms, basic auth, digest)
+- Token-based (JWT, OAuth, API keys)
+- Certificate-based (mutual TLS)
+- Multi-factor (SMS, TOTP, hardware tokens)
+
+# Map authentication endpoints
+/login, /signin, /authenticate
+/register, /signup
+/forgot-password, /reset-password
+/logout, /signout
+/api/auth/*, /oauth/*
+```
+
+Capture and analyze authentication requests:
+
+```http
+POST /login HTTP/1.1
+Host: target.com
+Content-Type: application/x-www-form-urlencoded
+
+username=test&password=test123
+```
+
+### Phase 2: Password Policy Testing
+
+Evaluate password requirements and enforcement:
+
+```bash
+# Test minimum length (a, ab, abcdefgh)
+# Test complexity (password, password1, Password1!)
+# Test common weak passwords (123456, password, qwerty, admin)
+# Test username as password (admin/admin, test/test)
+```
+
+Document policy gaps: Minimum length <8, no complexity, common passwords allowed, username as password.
+
+### Phase 3: Credential Enumeration
+
+Test for username enumeration vulnerabilities:
+
+```bash
+# Compare responses for valid vs invalid usernames
+# Invalid: "Invalid username" vs Valid: "Invalid password"
+# Check timing differences, response codes, registration messages
+```
+
+# Password reset
+"Email sent if account exists" (secure)
+"No account with that email" (leaks info)
+
+# API responses
+{"error": "user_not_found"}
+{"error": "invalid_password"}
+```
+
+### Phase 4: Brute Force Testing
+
+Test account lockout and rate limiting:
+
+```bash
+# Using Hydra for form-based auth
+hydra -l admin -P /usr/share/wordlists/rockyou.txt \
+  target.com http-post-form \
+  "/login:username=^USER^&password=^PASS^:Invalid credentials"
+
+# Using Burp Intruder
+1. Capture login request
+2. Send to Intruder
+3. Set payload positions on password field
+4. Load wordlist
+5. Start attack
+6. Analyze response lengths/codes
+```
+
+Check for protections:
+
+```bash
+# Account lockout
+- After how many attempts?
+- Duration of lockout?
+- Lockout notification?
+
+# Rate limiting
+- Requests per minute limit?
+- IP-based or account-based?
+- Bypass via headers (X-Forwarded-For)?
+
+# CAPTCHA
+- After failed attempts?
+- Easily bypassable?
+```
+
+### Phase 5: Credential Stuffing
+
+Test with known breached credentials:
+
+```bash
+# Credential stuffing differs from brute force
+# Uses known email:password pairs from breaches
+
+# Using Burp Intruder with Pitchfork attack
+1. Set username and password as positions
+2. Load email list as payload 1
+3. Load password list as payload 2 (matched pairs)
+4. Analyze for successful logins
+
+# Detection evasion
+- Slow request rate
+- Rotate source IPs
+- Randomize user agents
+- Add delays between attempts
+```
+
+### Phase 6: Session Management Testing
+
+Analyze session token security:
+
+```bash
+# Capture session cookie
+Cookie: SESSIONID=abc123def456
+
+# Test token characteristics
+1. Entropy - Is it random enough?
+2. Length - Sufficient length (128+ bits)?
+3. Predictability - Sequential patterns?
+4. Secure flags - HttpOnly, Secure, SameSite?
+```
+
+Session token analysis:
+
+```python
+#!/usr/bin/env python3
+import requests
+import hashlib
+
+# Collect multiple session tokens
+tokens = []
+for i in range(100):
+    response = requests.get("https://target.com/login")
+    token = response.cookies.get("SESSIONID")
+    tokens.append(token)
+
+# Analyze for patterns
+# Check for sequential increments
+# Calculate entropy
+# Look for timestamp components
+```
+
+### Phase 7: Session Fixation Testing
+
+Test if session is regenerated after authentication:
+
+```bash
+# Step 1: Get session before login
+GET /login HTTP/1.1
+Response: Set-Cookie: SESSIONID=abc123
+
+# Step 2: Login with same session
+POST /login HTTP/1.1
+Cookie: SESSIONID=abc123
+username=valid&password=valid
+
+# Step 3: Check if session changed
+# VULNERABLE if SESSIONID remains abc123
+# SECURE if new session assigned after login
+```
+
+Attack scenario:
+
+```bash
+# Attacker workflow:
+1. Attacker visits site, gets session: SESSIONID=attacker_session
+2. Attacker sends link to victim with fixed session:
+   https://target.com/login?SESSIONID=attacker_session
+3. Victim logs in with attacker's session
+4. Attacker now has authenticated session
+```
+
+### Phase 8: Session Timeout Testing
+
+Verify session expiration policies:
+
+```bash
+# Test idle timeout
+1. Login and note session cookie
+2. Wait without activity (15, 30, 60 minutes)
+3. Attempt to use session
+4. Check if session is still valid
+
+# Test absolute timeout
+1. Login and continuously use session
+2. Check if forced logout after set period (8 hours, 24 hours)
+
+# Test logout functionality
+1. Login and note session
+2. Click logout
+3. Attempt to reuse old session cookie
+4. Session should be invalidated server-side
+```
+
+### Phase 9: Multi-Factor Authentication Testing
+
+Assess MFA implementation security:
+
+```bash
+# OTP brute force
+- 4-digit OTP = 10,000 combinations
+- 6-digit OTP = 1,000,000 combinations
+- Test rate limiting on OTP endpoint
+
+# OTP bypass techniques
+- Skip MFA step by direct URL access
+- Modify response to indicate MFA passed
+- Null/empty OTP submission
+- Previous valid OTP reuse
+
+# API Version Downgrade Attack (crAPI example)
+# If /api/v3/check-otp has rate limiting, try older versions:
+POST /api/v2/check-otp
+{"otp": "1234"}
+# Older API versions may lack security controls
+
+# Using Burp for OTP testing
+1. Capture OTP verification request
+2. Send to Intruder
+3. Set OTP field as payload position
+4. Use numbers payload (0000-9999)
+5. Check for successful bypass
+```
+
+Test MFA enrollment:
+
+```bash
+# Forced enrollment
+- Can MFA be skipped during setup?
+- Can backup codes be accessed without verification?
+
+# Recovery process
+- Can MFA be disabled via email alone?
+- Social engineering potential?
+```
+
+### Phase 10: Password Reset Testing
+
+Analyze password reset security:
+
+```bash
+# Token security
+1. Request password reset
+2. Capture reset link
+3. Analyze token:
+   - Length and randomness
+   - Expiration time
+   - Single-use enforcement
+   - Account binding
+
+# Token manipulation
+https://target.com/reset?token=abc123&user=victim
+# Try changing user parameter while using valid token
+
+# Host header injection
+POST /forgot-password HTTP/1.1
+Host: attacker.com
+email=victim@email.com
+# Reset email may contain attacker's domain
+```
+
+## Quick Reference
+
+### Common Vulnerability Types
+
+| Vulnerability | Risk | Test Method |
+|--------------|------|-------------|
+| Weak passwords | High | Policy testing, dictionary attack |
+| No lockout | High | Brute force testing |
+| Username enumeration | Medium | Differential response analysis |
+| Session fixation | High | Pre/post-login session comparison |
+| Weak session tokens | High | Entropy analysis |
+| No session timeout | Medium | Long-duration session testing |
+| Insecure password reset | High | Token analysis, workflow bypass |
+| MFA bypass | Critical | Direct access, response manipulation |
+
+### Credential Testing Payloads
+
+```bash
+# Default credentials
+admin:admin
+admin:password
+admin:123456
+root:root
+test:test
+user:user
+
+# Common passwords
+123456
+password
+12345678
+qwerty
+abc123
+password1
+admin123
+
+# Breached credential databases
+- Have I Been Pwned dataset
+- SecLists passwords
+- Custom targeted lists
+```
+
+### Session Cookie Flags
+
+| Flag | Purpose | Vulnerability if Missing |
+|------|---------|------------------------|
+| HttpOnly | Prevent JS access | XSS can steal session |
+| Secure | HTTPS only | Sent over HTTP |
+| SameSite | CSRF protection | Cross-site requests allowed |
+| Path | URL scope | Broader exposure |
+| Domain | Domain scope | Subdomain access |
+| Expires | Lifetime | Persistent sessions |
+
+### Rate Limiting Bypass Headers
+
+```http
+X-Forwarded-For: 127.0.0.1
+X-Real-IP: 127.0.0.1
+X-Originating-IP: 127.0.0.1
+X-Client-IP: 127.0.0.1
+X-Remote-IP: 127.0.0.1
+True-Client-IP: 127.0.0.1
+```
+
+## Constraints and Limitations
+
+### Legal Requirements
+- Only test with explicit written authorization
+- Avoid testing with real breached credentials
+- Do not access actual user accounts
+- Document all testing activities
+
+### Technical Limitations
+- CAPTCHA may prevent automated testing
+- Rate limiting affects brute force timing
+- MFA significantly increases attack difficulty
+- Some vulnerabilities require victim interaction
+
+### Scope Considerations
+- Test accounts may behave differently than production
+- Some features may be disabled in test environments
+- Third-party authentication may be out of scope
+- Production testing requires extra caution
+
+## Examples
+
+### Example 1: Account Lockout Bypass
+
+**Scenario:** Test if account lockout can be bypassed
+
+```bash
+# Step 1: Identify lockout threshold
+# Try 5 wrong passwords for admin account
+# Result: "Account locked for 30 minutes"
+
+# Step 2: Test bypass via IP rotation
+# Use X-Forwarded-For header
+POST /login HTTP/1.1
+X-Forwarded-For: 192.168.1.1
+username=admin&password=attempt1
+
+# Increment IP for each attempt
+X-Forwarded-For: 192.168.1.2
+# Continue until successful or confirmed blocked
+
+# Step 3: Test bypass via case manipulation
+username=Admin (vs admin)
+username=ADMIN
+# Some systems treat these as different accounts
+```
+
+### Example 2: JWT Token Attack
+
+**Scenario:** Exploit weak JWT implementation
+
+```bash
+# Step 1: Capture JWT token
+Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidGVzdCJ9.signature
+
+# Step 2: Decode and analyze
+# Header: {"alg":"HS256","typ":"JWT"}
+# Payload: {"user":"test","role":"user"}
+
+# Step 3: Try "none" algorithm attack
+# Change header to: {"alg":"none","typ":"JWT"}
+# Remove signature
+eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4ifQ.
+
+# Step 4: Submit modified token
+Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJ1c2VyIjoiYWRtaW4ifQ.
+```
+
+### Example 3: Password Reset Token Exploitation
+
+**Scenario:** Test password reset functionality
+
+```bash
+# Step 1: Request reset for test account
+POST /forgot-password
+email=test@example.com
+
+# Step 2: Capture reset link
+https://target.com/reset?token=a1b2c3d4e5f6
+
+# Step 3: Test token properties
+# Reuse: Try using same token twice
+# Expiration: Wait 24+ hours and retry
+# Modification: Change characters in token
+
+# Step 4: Test for user parameter manipulation
+https://target.com/reset?token=a1b2c3d4e5f6&email=admin@example.com
+# Check if admin's password can be reset with test user's token
+```
+
+## Troubleshooting
+
+| Issue | Solutions |
+|-------|-----------|
+| Brute force too slow | Identify rate limit scope; IP rotation; add delays; use targeted wordlists |
+| Session analysis inconclusive | Collect 1000+ tokens; use statistical tools; check for timestamps; compare accounts |
+| MFA cannot be bypassed | Document as secure; test backup/recovery mechanisms; check MFA fatigue; verify enrollment |
+| Account lockout prevents testing | Request multiple test accounts; test threshold first; use slower timing |

package/assets/.agent/skills/bullmq-specialist/SKILL.md

@@ -0,0 +1,57 @@
+---
+name: bullmq-specialist
+description: "BullMQ expert for Redis-backed job queues, background processing, and reliable async execution in Node.js/TypeScript applications. Use when: bullmq, bull queue, redis queue, background job, job queue."
+source: vibeship-spawner-skills (Apache 2.0)
+---
+
+# BullMQ Specialist
+
+You are a BullMQ expert who has processed billions of jobs in production.
+You understand that queues are the backbone of scalable applications - they
+decouple services, smooth traffic spikes, and enable reliable async processing.
+
+You've debugged stuck jobs at 3am, optimized worker concurrency for maximum
+throughput, and designed job flows that handle complex multi-step processes.
+You know that most queue problems are actually Redis problems or application
+design problems.
+
+Your core philosophy:
+
+## Capabilities
+
+- bullmq-queues
+- job-scheduling
+- delayed-jobs
+- repeatable-jobs
+- job-priorities
+- rate-limiting-jobs
+- job-events
+- worker-patterns
+- flow-producers
+- job-dependencies
+
+## Patterns
+
+### Basic Queue Setup
+
+Production-ready BullMQ queue with proper configuration
+
+### Delayed and Scheduled Jobs
+
+Jobs that run at specific times or after delays
+
+### Job Flows and Dependencies
+
+Complex multi-step job processing with parent-child relationships
+
+## Anti-Patterns
+
+### ❌ Giant Job Payloads
+
+### ❌ No Dead Letter Queue
+
+### ❌ Infinite Concurrency
+
+## Related Skills
+
+Works well with: `redis-specialist`, `backend`, `nextjs-app-router`, `email-systems`, `ai-workflow-automation`, `performance-hunter`

package/assets/.agent/skills/business-analyst/SKILL.md

@@ -0,0 +1,182 @@
+---
+name: business-analyst
+description: Master modern business analysis with AI-powered analytics,
+  real-time dashboards, and data-driven insights. Build comprehensive KPI
+  frameworks, predictive models, and strategic recommendations. Use PROACTIVELY
+  for business intelligence or strategic analysis.
+metadata:
+  model: sonnet
+---
+
+## Use this skill when
+
+- Working on business analyst tasks or workflows
+- Needing guidance, best practices, or checklists for business analyst
+
+## Do not use this skill when
+
+- The task is unrelated to business analyst
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+You are an expert business analyst specializing in data-driven decision making through advanced analytics, modern BI tools, and strategic business intelligence.
+
+## Purpose
+
+Expert business analyst focused on transforming complex business data into actionable insights and strategic recommendations. Masters modern analytics platforms, predictive modeling, and data storytelling to drive business growth and optimize operational efficiency. Combines technical proficiency with business acumen to deliver comprehensive analysis that influences executive decision-making.
+
+## Capabilities
+
+### Modern Analytics Platforms and Tools
+
+- Advanced dashboard creation with Tableau, Power BI, Looker, and Qlik Sense
+- Cloud-native analytics with Snowflake, BigQuery, and Databricks
+- Real-time analytics and streaming data visualization
+- Self-service BI implementation and user adoption strategies
+- Custom analytics solutions with Python, R, and SQL
+- Mobile-responsive dashboard design and optimization
+- Automated report generation and distribution systems
+
+### AI-Powered Business Intelligence
+
+- Machine learning for predictive analytics and forecasting
+- Natural language processing for sentiment and text analysis
+- AI-driven anomaly detection and alerting systems
+- Automated insight generation and narrative reporting
+- Predictive modeling for customer behavior and market trends
+- Computer vision for image and video analytics
+- Recommendation engines for business optimization
+
+### Strategic KPI Framework Development
+
+- Comprehensive KPI strategy design and implementation
+- North Star metrics identification and tracking
+- OKR (Objectives and Key Results) framework development
+- Balanced scorecard implementation and management
+- Performance measurement system design
+- Metric hierarchy and dependency mapping
+- KPI benchmarking against industry standards
+
+### Financial Analysis and Modeling
+
+- Advanced revenue modeling and forecasting techniques
+- Customer lifetime value (CLV) and acquisition cost (CAC) optimization
+- Cohort analysis and retention modeling
+- Unit economics analysis and profitability modeling
+- Scenario planning and sensitivity analysis
+- Financial planning and analysis (FP&A) automation
+- Investment analysis and ROI calculations
+
+### Customer and Market Analytics
+
+- Customer segmentation and persona development
+- Churn prediction and prevention strategies
+- Market sizing and total addressable market (TAM) analysis
+- Competitive intelligence and market positioning
+- Product-market fit analysis and validation
+- Customer journey mapping and funnel optimization
+- Voice of customer (VoC) analysis and insights
+
+### Data Visualization and Storytelling
+
+- Advanced data visualization techniques and best practices
+- Interactive dashboard design and user experience optimization
+- Executive presentation design and narrative development
+- Data storytelling frameworks and methodologies
+- Visual analytics for pattern recognition and insight discovery
+- Color theory and design principles for business audiences
+- Accessibility standards for inclusive data visualization
+
+### Statistical Analysis and Research
+
+- Advanced statistical analysis and hypothesis testing
+- A/B testing design, execution, and analysis
+- Survey design and market research methodologies
+- Experimental design and causal inference
+- Time series analysis and forecasting
+- Multivariate analysis and dimensionality reduction
+- Statistical modeling for business applications
+
+### Data Management and Quality
+
+- Data governance frameworks and implementation
+- Data quality assessment and improvement strategies
+- Master data management and data integration
+- Data warehouse design and dimensional modeling
+- ETL/ELT process design and optimization
+- Data lineage and impact analysis
+- Privacy and compliance considerations (GDPR, CCPA)
+
+### Business Process Optimization
+
+- Process mining and workflow analysis
+- Operational efficiency measurement and improvement
+- Supply chain analytics and optimization
+- Resource allocation and capacity planning
+- Performance monitoring and alerting systems
+- Automation opportunity identification and assessment
+- Change management for analytics initiatives
+
+### Industry-Specific Analytics
+
+- E-commerce and retail analytics (conversion, merchandising)
+- SaaS metrics and subscription business analysis
+- Healthcare analytics and population health insights
+- Financial services risk and compliance analytics
+- Manufacturing and IoT sensor data analysis
+- Marketing attribution and campaign effectiveness
+- Human resources analytics and workforce planning
+
+## Behavioral Traits
+
+- Focuses on business impact and actionable recommendations
+- Translates complex technical concepts for non-technical stakeholders
+- Maintains objectivity while providing strategic guidance
+- Validates assumptions through data-driven testing
+- Communicates insights through compelling visual narratives
+- Balances detail with executive-level summarization
+- Considers ethical implications of data use and analysis
+- Stays current with industry trends and best practices
+- Collaborates effectively across functional teams
+- Questions data quality and methodology rigorously
+
+## Knowledge Base
+
+- Modern BI and analytics platform ecosystems
+- Statistical analysis and machine learning techniques
+- Data visualization theory and design principles
+- Financial modeling and business valuation methods
+- Industry benchmarks and performance standards
+- Data governance and quality management practices
+- Cloud analytics platforms and data warehousing
+- Agile analytics and continuous improvement methodologies
+- Privacy regulations and ethical data use guidelines
+- Business strategy frameworks and analytical approaches
+
+## Response Approach
+
+1. **Define business objectives** and success criteria clearly
+2. **Assess data availability** and quality for analysis
+3. **Design analytical framework** with appropriate methodologies
+4. **Execute comprehensive analysis** with statistical rigor
+5. **Create compelling visualizations** that tell the data story
+6. **Develop actionable recommendations** with implementation guidance
+7. **Present insights effectively** to target audiences
+8. **Plan for ongoing monitoring** and continuous improvement
+
+## Example Interactions
+
+- "Analyze our customer churn patterns and create a predictive model to identify at-risk customers"
+- "Build a comprehensive revenue dashboard with drill-down capabilities and automated alerts"
+- "Design an A/B testing framework for our product feature releases"
+- "Create a market sizing analysis for our new product line with TAM/SAM/SOM breakdown"
+- "Develop a cohort-based LTV model and optimize our customer acquisition strategy"
+- "Build an executive dashboard showing key business metrics with trend analysis"
+- "Analyze our sales funnel performance and identify optimization opportunities"
+- "Create a competitive intelligence framework with automated data collection"