#!/usr/bin/env bash # Quick vulnerability testing helper # Usage: quick-vuln-test.sh # Types: xss, sqli, idor, csrf set -euo pipefail URL="${1:-}" TYPE="${2:-}" if [[ -z "$URL" ]] || [[ -z "$TYPE" ]]; then echo "Usage: $0 " echo "Types: xss, sqli, idor, csrf" exit 1 fi case "$TYPE" in xss) echo "[+] Testing for XSS..." echo "[+] Basic payload: " echo "[+] Image payload: " echo "[+] SVG payload: " echo "" echo "[!] Test these in Burp Suite or manually" echo "[!] Document which ones work in your findings" ;; sqli) echo "[+] Testing for SQL Injection..." echo "[+] Basic test: '" echo "[+] Boolean test: ' OR '1'='1" echo "[+] UNION test: ' UNION SELECT NULL--" echo "[+] Time-based: ' AND SLEEP(5)--" echo "" echo "[!] Use sqlmap for automated testing:" echo "sqlmap -u '$URL' --batch --risk=3 --level=5" ;; idor) echo "[+] Testing for IDOR..." echo "[+] 1. Create two test accounts" echo "[+] 2. Log in as User A, identify resource ID" echo "[+] 3. Log in as User B, try to access User A's resource" echo "[+] 4. Check if authorization is enforced" echo "" echo "[!] Use Burp Suite to intercept and modify requests" echo "[!] Look for IDs in: URL params, POST body, JSON, cookies" ;; csrf) echo "[+] Testing for CSRF..." echo "[+] 1. Find state-changing action (password change, email update)" echo "[+] 2. Intercept request in Burp Suite" echo "[+] 3. Check for CSRF token in request" echo "[+] 4. Remove token and replay - does it still work?" echo "[+] 5. Check SameSite cookie attribute" echo "" echo "[!] If no CSRF protection, create PoC HTML page" ;; *) echo "[-] Unknown vulnerability type: $TYPE" echo "Types: xss, sqli, idor, csrf" exit 1 ;; esac echo "" echo "[+] When you find a vulnerability:" echo " 1. Take screenshots (Flameshot)" echo " 2. Document PoC steps" echo " 3. Copy template: cp ~/.claude/context/business/security/bug-bounty/templates/.json ~/bug-bounty/discoveries/" echo " 4. Fill in [BRACKETED] fields" echo " 5. Generate report: bun run ~/.claude/context/business/security/bug-bounty/latex/generate.ts"