Security Testing

This skill automates the creation of Claude Code skills from the Trail of Bits Testing Handbook (appsec.guide). It analyzes handbook content for security testing tools (static analysis, fuzzers), techniques (sanitizers, coverage), and domains (cryptography, web security), then generates properly structured skills using templates. The generator includes a two-pass system for content and cross-references, automated validation, and self-improvement workflows.

Ruzzy is a reference skill that teaches how to use Trail of Bits' coverage-guided Ruby fuzzer. It provides installation instructions, harness writing patterns, and sanitizer configuration for finding memory corruption bugs in Ruby code and C extensions.

OSS-Fuzz is a technique skill that guides users through setting up continuous fuzzing for open source projects using Google's free distributed infrastructure. It covers project enrollment, running harnesses locally with the helper.py CLI, coverage analysis, and integrating with multiple fuzzing engines including libFuzzer, AFL++, and Atheris for Python projects.

A comprehensive reference guide for libFuzzer, the LLVM-integrated coverage-guided fuzzer for C/C++ projects. Covers harness writing, compilation, corpus management, sanitizer integration, and running fuzzing campaigns with practical examples and troubleshooting tips.

LibAFL is a comprehensive guide for using the modular LibAFL fuzzing library. It covers installation, writing fuzz harnesses, building custom fuzzers in Rust, and running fuzzing campaigns with features like multi-core support, dictionary fuzzing, and crash deduplication.

A comprehensive guide for writing effective fuzzing harnesses in C++, Rust, and Go. Covers harness patterns, input structuring with FuzzedDataProvider, tool-specific guidance for libFuzzer, AFL++, cargo-fuzz, and go-fuzz, plus troubleshooting tips.

This skill teaches developers techniques for modifying source code to overcome common fuzzing obstacles. It covers conditional compilation patterns in C/C++ and Rust to bypass checksums, deterministic PRNG seeding, and validation checks during fuzzing builds while preserving production behavior.

This skill provides comprehensive guidance on creating fuzzing dictionaries - specialized files containing domain-specific tokens that help fuzzers discover bugs in parsers, protocols, and file format handlers. It covers dictionary format syntax, generation methods from various sources (LLM, headers, binaries), and integration with popular fuzzers like libFuzzer, AFL++, and cargo-fuzz.

A comprehensive guide to code coverage analysis during fuzzing. It explains how to instrument code with LLVM or GCC coverage flags, generate coverage reports, and interpret results to improve fuzzing harness effectiveness and identify hard-to-reach code paths.

A comprehensive guide for auditing cryptographic code for timing side-channel vulnerabilities. It covers constant-time testing theory, common vulnerability patterns like secret-dependent branches and cache-timing attacks, and provides practical workflows using tools like dudect for statistical analysis and timecop for dynamic tracing.

A comprehensive guide for fuzzing Rust projects using cargo-fuzz with libFuzzer backend. Covers installation, harness writing, sanitizer integration, coverage analysis, and provides real-world examples for finding bugs in Rust code.

Atheris is a comprehensive reference skill for Python fuzzing using Google's Atheris library. It provides installation guides, harness writing patterns, Docker configurations, corpus management strategies, and AddressSanitizer integration for detecting memory corruption in Python code and C extensions.

AFL++ is a documentation skill that teaches how to use the AFL++ fuzzer for finding bugs in C/C++ code. It covers installation, harness writing, compilation, multi-core fuzzing campaigns, sanitizer integration, and coverage analysis with practical examples.

This skill provides comprehensive documentation on AddressSanitizer (ASan), a memory error detection tool used during software testing and fuzzing. It covers compilation flags, configuration options, integration with popular fuzzing tools (libFuzzer, AFL++, cargo-fuzz, honggfuzz), and troubleshooting guidance.

A comprehensive security reference skill that provides OWASP security patterns, secrets management best practices, and automated security testing workflows. It includes code examples for input validation, authentication, JWT handling, password hashing, and security headers, along with GitHub Actions templates for CI/CD security scanning.