Search Results

Source: ~/.claude/skills/tob-static-analysis/skills/sarif-parsing/SKILL.md name: sarif-parsing description: Parse, analyze, and process SARIF (Static Analysis Results Interchange Format) files. Use when reading security scan results, aggregating findings from...

Source: ~/.claude/skills/tob-static-analysis/skills/semgrep/SKILL.md name: semgrep description: Run Semgrep static analysis scan on a codebase using parallel subagents. Automatically detects and uses Semgrep Pro for cross-file analysis when available. Use whe...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/address-sanitizer/SKILL.md name: address-sanitizer type: technique description: > AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-a...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/aflpp/SKILL.md name: aflpp type: fuzzer description: > AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects. AFL++ AFL++ is a for...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/atheris/SKILL.md name: atheris type: fuzzer description: > Atheris is a coverage-guided Python fuzzer based on libFuzzer. Use for fuzzing pure Python code and Python C extensions. Atheris Atheris is ...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/cargo-fuzz/SKILL.md name: cargo-fuzz type: fuzzer description: > cargo-fuzz is the de facto fuzzing tool for Rust projects using Cargo. Use for fuzzing Rust code with libFuzzer backend. cargo-fuzz ca...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/constant-time-testing/SKILL.md name: constant-time-testing type: domain description: > Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementatio...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/coverage-analysis/SKILL.md name: coverage-analysis type: technique description: > Coverage analysis measures code exercised during fuzzing. Use when assessing harness effectiveness or identifying fuz...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md name: fuzzing-dictionary type: technique description: > Fuzzing dictionaries guide fuzzers with domain-specific tokens. Use when fuzzing parsers, protocols, or format-spec...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md name: fuzzing-obstacles type: technique description: > Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/harness-writing/SKILL.md name: harness-writing type: technique description: > Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving exis...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/libafl/SKILL.md name: libafl type: fuzzer description: > LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targ...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/libfuzzer/SKILL.md name: libfuzzer type: fuzzer description: > Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang. libFuzzer libFuzz...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/ossfuzz/SKILL.md name: ossfuzz type: technique description: > OSS-Fuzz provides free continuous fuzzing for open source projects. Use when setting up continuous fuzzing infrastructure or enrolling pr...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/ruzzy/SKILL.md name: ruzzy type: fuzzer description: > Ruzzy is a coverage-guided Ruby fuzzer by Trail of Bits. Use for fuzzing pure Ruby code and Ruby C extensions. Ruzzy Ruzzy is a coverage-guided ...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/testing-handbook-generator/SKILL.md name: testing-handbook-generator description: > Meta-skill that analyzes the Trail of Bits Testing Handbook (appsec.guide) and generates Claude Code skills for sec...

Source: ~/.claude/skills/tob-testing-handbook-skills/skills/wycheproof/SKILL.md name: wycheproof type: domain description: > Wycheproof provides test vectors for validating cryptographic implementations. Use when testing crypto code for known attacks and edge...

Source: ~/.claude/skills/tob-variant-analysis/skills/variant-analysis/SKILL.md name: variant-analysis description: Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep quer...