What are 'Shadow Endpoints'?

Shadow endpoints are undocumented, debug, or legacy routes that may be active in the application code but are not officially tracked, potentially posing a security risk.

Can I export the results for documentation?

Yes, the skill supports multiple output formats including plain text, Markdown for wiki exports, and JSON for integration with other security tools.

How does the Attack Surface skill identify routes?

It scans the codebase for framework-specific patterns such as Express decorators, Django URL patterns, and OpenAPI specifications to build a complete inventory of entry points.

Does it work with different programming languages?

Yes, it supports major frameworks across JavaScript, Python, Java, Ruby, Go, and C#, as well as schema definitions like GraphQL and gRPC.

Attack Surface Mapping

Name: Attack Surface Mapping
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Maps and inventories every application entry point to identify potential security exposure and undocumented interfaces.

The Attack Surface Mapping skill provides comprehensive visibility into an application's security posture by systematically discovering all external data entry points. It scans for HTTP routes, API endpoints, form handlers, file uploads, and WebSocket listeners across a wide variety of frameworks including Express, Django, and Spring. By classifying each interface based on authentication, authorization, and validation levels, it generates a ranked inventory that highlights critical exposure points and shadow endpoints, helping developers secure their applications through proactive discovery.

Key Features

01Risk ranking (CRITICAL to LOW) based on exposure level and trust boundaries

026 GitHub stars

03Automated classification of entry points by authentication and input type

04Identification of shadow endpoints including undocumented or debug routes

05Multi-framework route extraction for Express, Django, Flask, Spring, Rails, and more

06Support for modern protocols including GraphQL, gRPC, and WebSockets

Use Cases

01Documenting an inherited codebase's external interfaces for security compliance

02Performing a security audit to find unauthenticated or sensitive API endpoints

03Identifying legacy or debug routes that should be disabled before production deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code attack-surface

For use in Claude.ai and ChatGPT

Download Skill