What is SecLists Fuzzing (Curated)?

A curated subset of SecLists fuzzing payloads focused on SQLi, command injection, and special-character fuzzing for vulnerability testing.

Is it legal to use this skill?

Only on systems you are authorized to test; follow all scope, policy, and legal requirements for the engagement.

How do I start using it effectively?

Obtain authorization, load payload files from the skill, integrate them into your testing workflow, run tests within scope, and review logs to document findings.

SecLists Fuzzing (Curated)

Scanned

npx machina-cli add skill Eyadkelleh/awesome-claude-skills-security/fuzzing --openclaw

Files (1)

SKILL.md

2.5 KB

SecLists Fuzzing (Curated)

Description

Essential fuzzing payloads: SQL injection, command injection, special characters. Curated essentials for vulnerability testing.

Source: SecLists/Fuzzing Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

SQL injection testing
Command injection testing
Input validation testing
LDAP injection
NoSQL injection

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

quick-SQLi.txt - Quick SQL injection tests
Generic-SQLi.txt - Generic SQL injection
sqli.auth.bypass.txt - Authentication bypass
MySQL.fuzzdb.txt - MySQL-specific payloads
NoSQL.txt - NoSQL injection payloads
command-injection-commix.txt - Command injection

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Fuzzing"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

Authorized penetration testing with written permission
Bug bounty programs (within scope)
CTF competitions
Security research in controlled environments
Testing your own systems
Educational demonstrations

Prohibited Use Cases ❌

Unauthorized access attempts
Testing without permission
Malicious activities
Privacy violations
Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:

Full repository: https://github.com/danielmiessler/SecLists
Size: 4.5 GB with 6,000+ files
All categories: Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous

Generated by Skill Seeker | SecLists Fuzzing Collection License: MIT - Use responsibly with proper authorization

Source

git clone https://github.com/Eyadkelleh/awesome-claude-skills-security/blob/main/seclists-categories fuzzing/fuzzing/SKILL.md

View on GitHub

Overview

This skill provides essential SecLists fuzzing payloads for testing injections and input handling. It focuses on SQL injection, command injection, and special-character fuzzing to help uncover vulnerabilities. Use it in authorized security testing contexts such as bug bounties, CTFs, or educational labs.

How This Skill Works

Payload lists from SecLists/Fuzzing (e.g., quick-SQLi.txt, Generic-SQLi.txt, sqli.auth.bypass.txt, MySQL.fuzzdb.txt, NoSQL.txt, command-injection-commix.txt) are loaded and iterated against target endpoints. The workflow analyzes responses to identify indicators of injection or input-validation weaknesses, enabling classification of vulnerabilities and guiding remediation.

When to Use It

During web application security assessments targeting SQL injection and command injection
When validating input handling and encoding robustness across forms and APIs
For testing LDAP and NoSQL injection surfaces in enterprise apps
In bug bounty programs or CTFs within an authorized scope
For educational demonstrations and controlled lab exercises

Quick Start

Step 1: Confirm you have written authorization and define the testing scope
Step 2: Load the curated payload files from the skill directory (e.g., quick-SQLi.txt, NoSQL.txt, command-injection-commix.txt)
Step 3: Execute payloads against targets, capture responses, and categorize findings with evidence

Best Practices

Obtain written authorization and define the testing scope before using payloads
Test in staging or isolated environments and maintain backups
Start with safe, non-destructive payloads and monitor server behavior
Log all payloads and responses for audit trails and reproducibility
Cross-verify findings with multiple payload families (SQLi, NoSQL, command-injection)

Example Use Cases

Using quick-SQLi.txt against a login form to reveal authentication-related SQLi indicators
Running command-injection-commix.txt against a vulnerable script to observe shell access signals
Applying NoSQL.txt payloads to a MongoDB-backed endpoint to uncover NoSQL injection
Employing Generic-SQLi.txt to identify error-based SQLi patterns and payload reach
Testing input validation by sending payloads with special characters and encodings

Frequently Asked Questions

Add this skill to your agents