vchirrav
@vchirrav
Public Skills
api-security-spectral
by vchirrav
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
license-scan-scancode
by vchirrav
Run ScanCode Toolkit for comprehensive license and copyright detection. Identifies license types, copyright holders, and compliance obligations across codebases.
dast-nuclei
by vchirrav
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
iac-scan-checkov
by vchirrav
Run Checkov to scan Infrastructure as Code for misconfigurations. Supports Terraform, CloudFormation, Kubernetes, Helm, ARM, Ansible, and Dockerfiles.
container-scan-dockle
by vchirrav
Run Dockle to audit container images against CIS Docker Benchmark and best practices. Checks for running as root, sensitive files, HEALTHCHECK, and more.
sast-detekt
by vchirrav
Run detekt static analysis on Kotlin code with security-focused rules. Detects hardcoded secrets, insecure crypto, and code quality issues affecting security.
sast-cargo-audit
by vchirrav
Run cargo-audit and cargo-geiger on Rust code. Audits dependencies for known vulnerabilities and detects unsafe code usage for memory safety review.
network-scan-nmap
by vchirrav
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
dast-zap
by vchirrav
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
container-scan-hadolint
by vchirrav
Run Hadolint to lint Dockerfiles for best practices and security issues. Validates against Docker and ShellCheck rules.
sca-npm-audit
by vchirrav
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
malware-scan-yara
by vchirrav
Run YARA rules for pattern-based malware identification. Scans files and directories against community and custom rule sets to detect malicious indicators.
cloud-security-prowler
by vchirrav
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
sast-gosec
by vchirrav
Run gosec SAST scans on Go code. Detects SQL injection, hardcoded credentials, insecure TLS, command injection, and other Go security issues.
api-security-schemathesis
by vchirrav
Run Schemathesis for property-based API security testing. Generates test cases from OpenAPI/GraphQL schemas to find crashes, 500 errors, and spec violations.
sast-spotbugs
by vchirrav
Run SpotBugs with Find Security Bugs plugin on Java code. Detects injection flaws, XXE, insecure crypto, SSRF, deserialization, and other JVM security bugs.
sast-bandit
by vchirrav
Run Bandit SAST scans on Python code. Detects common security issues like SQL injection, hardcoded passwords, exec usage, and insecure crypto.
iac-scan-tfsec
by vchirrav
Run tfsec (now part of Trivy) to scan Terraform code for security misconfigurations. Deep HCL analysis with support for Terraform modules, variables, and expressions.
sast-psalm
by vchirrav
Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.
cloud-security-scoutsuite
by vchirrav
Run ScoutSuite for multi-cloud security auditing. Collects configuration data from AWS, Azure, GCP, Oracle, and Alibaba Cloud and generates an interactive security report.
sca-osv-scanner
by vchirrav
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.
mobile-security-mobsf
by vchirrav
Run MobSF (Mobile Security Framework) for automated static and dynamic analysis of Android and iOS apps. Detects insecure storage, weak crypto, hardcoded secrets, and permission issues.
secret-scan-trufflehog
by vchirrav
Run TruffleHog to detect secrets in git repos, filesystems, and S3 buckets. Uses verification to confirm if detected secrets are live/active.
sast-brakeman
by vchirrav
Run Brakeman SAST scans on Ruby on Rails applications. Detects SQL injection, XSS, mass assignment, CSRF, command injection, and other Rails-specific vulnerabilities.
sast-eslint-security
by vchirrav
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
sbom-syft
by vchirrav
Run Syft to generate Software Bill of Materials (SBOM) from container images and filesystems. Outputs CycloneDX or SPDX formats for supply chain compliance.
sast-semgrep
by vchirrav
Run Semgrep SAST scans on code. Supports 30+ languages with OWASP, security, and custom rulesets. Parses results and provides remediation guidance.
tls-scan-testssl
by vchirrav
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
sast-flawfinder
by vchirrav
Run Flawfinder SAST scans on C/C++ code. Detects buffer overflows, format string vulnerabilities, race conditions, and other memory safety issues.
secure-coding-audit
by vchirrav
Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.
secret-scan-gitleaks
by vchirrav
Run Gitleaks to detect hardcoded secrets in git repositories. Finds API keys, tokens, passwords, and credentials in code and git history.
container-scan-trivy
by vchirrav
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
iac-scan-kube-linter
by vchirrav
Run KubeLinter to lint Kubernetes YAML and Helm charts for security best practices. Checks pod security, resource limits, network policies, and RBAC.
sca-grype
by vchirrav
Run Anchore Grype for SCA vulnerability scanning on filesystems and container images. Matches dependencies against multiple vulnerability databases (NVD, GitHub, OS advisories).
dependency-confusion-detect
by vchirrav
Run Confused and GuardDog to detect dependency confusion and typosquatting risks. Checks if internal package names exist on public registries and identifies malicious packages.
secure-coding-generate
by vchirrav
Generate secure code following OWASP Secure Coding rules. Automatically detects the security domain and produces code with inline Rule ID citations (e.g., [INPUT-04], [AUTH-07]) plus a rules-applied summary.
sca-pip-audit
by vchirrav
Run pip-audit for Python dependency vulnerability scanning. Checks installed packages and requirements files against the OSV and PyPI advisory databases.
api-security-spectral
by vchirrav
Run Spectral to lint OpenAPI and AsyncAPI specs for security issues. Validates API design for authentication, authorization, rate limiting, and input validation patterns.
container-scan-hadolint
by vchirrav
Run Hadolint to lint Dockerfiles for best practices and security issues. Validates against Docker and ShellCheck rules.
dependency-confusion-detect
by vchirrav
Run Confused and GuardDog to detect dependency confusion and typosquatting risks. Checks if internal package names exist on public registries and identifies malicious packages.
mobile-security-mobsf
by vchirrav
Run MobSF (Mobile Security Framework) for automated static and dynamic analysis of Android and iOS apps. Detects insecure storage, weak crypto, hardcoded secrets, and permission issues.
sast-gosec
by vchirrav
Run gosec SAST scans on Go code. Detects SQL injection, hardcoded credentials, insecure TLS, command injection, and other Go security issues.
sast-brakeman
by vchirrav
Run Brakeman SAST scans on Ruby on Rails applications. Detects SQL injection, XSS, mass assignment, CSRF, command injection, and other Rails-specific vulnerabilities.
secure-coding-audit
by vchirrav
Audit code for security vulnerabilities using OWASP Secure Coding rules. Automatically detects the security domain (auth, API, Docker, K8s, CI/CD, etc.) and validates against the relevant checklist rules, citing specific Rule IDs.
license-scan-scancode
by vchirrav
Run ScanCode Toolkit for comprehensive license and copyright detection. Identifies license types, copyright holders, and compliance obligations across codebases.
sca-grype
by vchirrav
Run Anchore Grype for SCA vulnerability scanning on filesystems and container images. Matches dependencies against multiple vulnerability databases (NVD, GitHub, OS advisories).
cloud-security-prowler
by vchirrav
Run Prowler for comprehensive cloud security posture assessment. Audits AWS, Azure, and GCP against CIS Benchmarks, PCI-DSS, HIPAA, GDPR, and other compliance frameworks.
iac-scan-checkov
by vchirrav
Run Checkov to scan Infrastructure as Code for misconfigurations. Supports Terraform, CloudFormation, Kubernetes, Helm, ARM, Ansible, and Dockerfiles.
container-scan-trivy
by vchirrav
Run Trivy to scan container images for OS and library vulnerabilities, misconfigurations, and secrets. Comprehensive multi-target security scanner.
network-scan-nmap
by vchirrav
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
secure-coding-generate
by vchirrav
Generate secure code following OWASP Secure Coding rules. Automatically detects the security domain and produces code with inline Rule ID citations (e.g., [INPUT-04], [AUTH-07]) plus a rules-applied summary.
iac-scan-kube-linter
by vchirrav
Run KubeLinter to lint Kubernetes YAML and Helm charts for security best practices. Checks pod security, resource limits, network policies, and RBAC.
sast-eslint-security
by vchirrav
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
sca-npm-audit
by vchirrav
Run npm audit for Node.js dependency vulnerability scanning. Built-in SCA for npm projects with automatic fix suggestions.
secret-scan-gitleaks
by vchirrav
Run Gitleaks to detect hardcoded secrets in git repositories. Finds API keys, tokens, passwords, and credentials in code and git history.
sast-spotbugs
by vchirrav
Run SpotBugs with Find Security Bugs plugin on Java code. Detects injection flaws, XXE, insecure crypto, SSRF, deserialization, and other JVM security bugs.
cloud-security-scoutsuite
by vchirrav
Run ScoutSuite for multi-cloud security auditing. Collects configuration data from AWS, Azure, GCP, Oracle, and Alibaba Cloud and generates an interactive security report.
dast-nuclei
by vchirrav
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
sast-cargo-audit
by vchirrav
Run cargo-audit and cargo-geiger on Rust code. Audits dependencies for known vulnerabilities and detects unsafe code usage for memory safety review.
sbom-syft
by vchirrav
Run Syft to generate Software Bill of Materials (SBOM) from container images and filesystems. Outputs CycloneDX or SPDX formats for supply chain compliance.
tls-scan-testssl
by vchirrav
Run testssl.sh to analyze TLS/SSL configurations. Checks cipher suites, protocols, certificate validity, known vulnerabilities (Heartbleed, POODLE, ROBOT), and compliance.
api-security-schemathesis
by vchirrav
Run Schemathesis for property-based API security testing. Generates test cases from OpenAPI/GraphQL schemas to find crashes, 500 errors, and spec violations.
secret-scan-trufflehog
by vchirrav
Run TruffleHog to detect secrets in git repos, filesystems, and S3 buckets. Uses verification to confirm if detected secrets are live/active.
sca-osv-scanner
by vchirrav
Run Google's OSV-Scanner for Software Composition Analysis. Scans lockfiles and SBOMs across all major ecosystems (npm, PyPI, Maven, Go, Cargo, NuGet, RubyGems) for known vulnerabilities.
malware-scan-yara
by vchirrav
Run YARA rules for pattern-based malware identification. Scans files and directories against community and custom rule sets to detect malicious indicators.
sast-psalm
by vchirrav
Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.
sca-pip-audit
by vchirrav
Run pip-audit for Python dependency vulnerability scanning. Checks installed packages and requirements files against the OSV and PyPI advisory databases.
iac-scan-tfsec
by vchirrav
Run tfsec (now part of Trivy) to scan Terraform code for security misconfigurations. Deep HCL analysis with support for Terraform modules, variables, and expressions.
sast-bandit
by vchirrav
Run Bandit SAST scans on Python code. Detects common security issues like SQL injection, hardcoded passwords, exec usage, and insecure crypto.
dast-zap
by vchirrav
Run OWASP ZAP for Dynamic Application Security Testing. Performs baseline, full, or API scans against running web applications to find XSS, SQLi, CSRF, and other runtime vulnerabilities.
sast-semgrep
by vchirrav
Run Semgrep SAST scans on code. Supports 30+ languages with OWASP, security, and custom rulesets. Parses results and provides remediation guidance.
sast-flawfinder
by vchirrav
Run Flawfinder SAST scans on C/C++ code. Detects buffer overflows, format string vulnerabilities, race conditions, and other memory safety issues.
container-scan-dockle
by vchirrav
Run Dockle to audit container images against CIS Docker Benchmark and best practices. Checks for running as root, sensitive files, HEALTHCHECK, and more.
sast-detekt
by vchirrav
Run detekt static analysis on Kotlin code with security-focused rules. Detects hardcoded secrets, insecure crypto, and code quality issues affecting security.