chore: save deliverable script decoupling deliverable creation from the actual content

This commit is contained in:
ajmallesh
2025-10-22 11:31:58 -07:00
parent 66c549f3b7
commit ac682b0172
27 changed files with 529 additions and 181 deletions
+7 -4
View File
@@ -19,9 +19,10 @@
```
### Step 2: Create Required Deliverable
Create file `deliverables/auth_exploitation_evidence.md` with content:
```
# Authentication Exploitation Evidence (Pipeline Test)
Use the save_deliverable script to create your evidence:
```bash
node save_deliverable.js AUTH_EVIDENCE '# Authentication Exploitation Evidence (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
@@ -40,8 +41,10 @@ Create file `deliverables/auth_exploitation_evidence.md` with content:
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** Parameter-based authentication bypass
- **Bypass Method:** URL parameter manipulation
- **Bypass Method:** URL parameter manipulation'
```
This will automatically create `deliverables/auth_exploitation_evidence.md`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
+7 -4
View File
@@ -19,9 +19,10 @@
```
### Step 2: Create Required Deliverable
Create file `deliverables/authz_exploitation_evidence.md` with content:
```
# Authorization Exploitation Evidence (Pipeline Test)
Use the save_deliverable script to create your evidence:
```bash
node save_deliverable.js AUTHZ_EVIDENCE '# Authorization Exploitation Evidence (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
@@ -40,8 +41,10 @@ Create file `deliverables/authz_exploitation_evidence.md` with content:
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** Insecure Direct Object Reference (IDOR)
- **Escalation Method:** User ID manipulation in API calls
- **Escalation Method:** User ID manipulation in API calls'
```
This will automatically create `deliverables/authz_exploitation_evidence.md`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
@@ -19,9 +19,10 @@
```
### Step 2: Create Required Deliverable
Create file `deliverables/injection_exploitation_evidence.md` with content:
```
# Injection Exploitation Evidence (Pipeline Test)
Use the save_deliverable script to create your evidence:
```bash
node save_deliverable.js INJECTION_EVIDENCE '# Injection Exploitation Evidence (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
@@ -31,15 +32,17 @@ Create file `deliverables/injection_exploitation_evidence.md` with content:
## Exploitation Results
- **Target:** Test injection vulnerability
- **Method:** SQL injection via query parameter
- **Evidence:** Successfully executed test payload `'; DROP TABLE users; --`
- **Evidence:** Successfully executed test payload `'"'"'; DROP TABLE users; --`
- **Impact:** Demonstrated ability to manipulate database queries
- **Proof:** Pipeline testing mode - simulated successful exploitation
## Technical Details
- **Vulnerability ID:** INJ-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **MCP Instance:** {{MCP_SERVER}}'
```
This will automatically create `deliverables/injection_exploitation_evidence.md`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
+7 -4
View File
@@ -19,9 +19,10 @@
```
### Step 2: Create Required Deliverable
Create file `deliverables/ssrf_exploitation_evidence.md` with content:
```
# SSRF Exploitation Evidence (Pipeline Test)
Use the save_deliverable script to create your evidence:
```bash
node save_deliverable.js SSRF_EVIDENCE '# SSRF Exploitation Evidence (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
@@ -40,8 +41,10 @@ Create file `deliverables/ssrf_exploitation_evidence.md` with content:
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** URL parameter manipulation
- **Target:** Internal network services (localhost:8080)
- **Target:** Internal network services (localhost:8080)'
```
This will automatically create `deliverables/ssrf_exploitation_evidence.md`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
+8 -5
View File
@@ -19,9 +19,10 @@
```
### Step 2: Create Required Deliverable
Create file `deliverables/xss_exploitation_evidence.md` with content:
```
# XSS Exploitation Evidence (Pipeline Test)
Use the save_deliverable script to create your evidence:
```bash
node save_deliverable.js XSS_EVIDENCE '# XSS Exploitation Evidence (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
@@ -31,7 +32,7 @@ Create file `deliverables/xss_exploitation_evidence.md` with content:
## Exploitation Results
- **Target:** Test XSS vulnerability
- **Method:** Reflected XSS via search parameter
- **Evidence:** Successfully executed payload `<script>alert('XSS')</script>`
- **Evidence:** Successfully executed payload `<script>alert('"'"'XSS'"'"')</script>`
- **Impact:** Demonstrated JavaScript code execution in user context
- **Proof:** Pipeline testing mode - simulated successful exploitation
@@ -39,8 +40,10 @@ Create file `deliverables/xss_exploitation_evidence.md` with content:
- **Vulnerability ID:** XSS-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** Reflected XSS in search functionality
- **Attack Vector:** Reflected XSS in search functionality'
```
This will automatically create `deliverables/xss_exploitation_evidence.md`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
+7 -1
View File
@@ -1 +1,7 @@
Create file `deliverables/code_analysis_deliverable.md` with content "Pre-recon analysis complete".
Use the save_deliverable script to create your deliverable:
```bash
node save_deliverable.js CODE_ANALYSIS 'Pre-recon analysis complete'
```
This will automatically create `deliverables/code_analysis_deliverable.md` with the correct filename.
+7 -1
View File
@@ -1 +1,7 @@
Create file `deliverables/recon_deliverable.md` with content "Reconnaissance analysis complete".
Use the save_deliverable script to create your deliverable:
```bash
node save_deliverable.js RECON 'Reconnaissance analysis complete'
```
This will automatically create `deliverables/recon_deliverable.md` with the correct filename.
+12 -9
View File
@@ -19,20 +19,21 @@
```
### Step 2: Create Required Deliverables
Create these 2 files:
1. `deliverables/auth_analysis_deliverable.md` with content:
```
# Auth Analysis Complete (Pipeline Test)
Use the save_deliverable script to create both deliverables:
**1. Analysis Report:**
```bash
node save_deliverable.js AUTH_ANALYSIS '# Auth Analysis Complete (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.net
**Screenshot:** auth-agent-test.png
**Status:** Browser isolation test successful
**Status:** Browser isolation test successful'
```
2. `deliverables/auth_exploitation_queue.json` with content:
```json
{
**2. Exploitation Queue:**
```bash
node save_deliverable.js AUTH_QUEUE '{
"vulnerabilities": [
{
"ID": "AUTH-VULN-01",
@@ -46,8 +47,10 @@ Create these 2 files:
"witness_payload": "Authorization: Bearer invalid_token"
}
]
}
}'
```
These commands will automatically create the correct files in `deliverables/`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.net independently of other parallel agents.
+12 -9
View File
@@ -19,20 +19,21 @@
```
### Step 2: Create Required Deliverables
Create these 2 files:
1. `deliverables/authz_analysis_deliverable.md` with content:
```
# Authorization Analysis Complete (Pipeline Test)
Use the save_deliverable script to create both deliverables:
**1. Analysis Report:**
```bash
node save_deliverable.js AUTHZ_ANALYSIS '# Authorization Analysis Complete (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://jsonplaceholder.typicode.com
**Screenshot:** authz-agent-test.png
**Status:** Browser isolation test successful
**Status:** Browser isolation test successful'
```
2. `deliverables/authz_exploitation_queue.json` with content:
```json
{
**2. Exploitation Queue:**
```bash
node save_deliverable.js AUTHZ_QUEUE '{
"vulnerabilities": [
{
"ID": "AUTHZ-VULN-01",
@@ -45,8 +46,10 @@ Create these 2 files:
"witness_payload": "GET /admin/users with regular user token"
}
]
}
}'
```
These commands will automatically create the correct files in `deliverables/`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to jsonplaceholder.typicode.com independently of other parallel agents.
+13 -10
View File
@@ -19,20 +19,21 @@
```
### Step 2: Create Required Deliverables
Create these 2 files:
1. `deliverables/injection_analysis_deliverable.md` with content:
```
# Injection Analysis Complete (Pipeline Test)
Use the save_deliverable script to create both deliverables:
**1. Analysis Report:**
```bash
node save_deliverable.js INJECTION_ANALYSIS '# Injection Analysis Complete (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.com
**Screenshot:** injection-agent-test.png
**Status:** Browser isolation test successful
**Status:** Browser isolation test successful'
```
2. `deliverables/injection_exploitation_queue.json` with content:
```json
{
**2. Exploitation Queue:**
```bash
node save_deliverable.js INJECTION_QUEUE '{
"vulnerabilities": [
{
"ID": "INJ-VULN-01",
@@ -45,11 +46,13 @@ Create these 2 files:
"sink_call": "db.query at app.js:20",
"slot_type": "SQL-val",
"mismatch_reason": "User input directly concatenated into SQL query",
"witness_payload": "'; DROP TABLE users; --"
"witness_payload": "'"'"'; DROP TABLE users; --"
}
]
}
}'
```
These commands will automatically create the correct files in `deliverables/`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel agents.
+12 -9
View File
@@ -19,20 +19,21 @@
```
### Step 2: Create Required Deliverables
Create these 2 files:
1. `deliverables/ssrf_analysis_deliverable.md` with content:
```
# SSRF Analysis Complete (Pipeline Test)
Use the save_deliverable script to create both deliverables:
**1. Analysis Report:**
```bash
node save_deliverable.js SSRF_ANALYSIS '# SSRF Analysis Complete (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://httpbin.org
**Screenshot:** ssrf-agent-test.png
**Status:** Browser isolation test successful
**Status:** Browser isolation test successful'
```
2. `deliverables/ssrf_exploitation_queue.json` with content:
```json
{
**2. Exploitation Queue:**
```bash
node save_deliverable.js SSRF_QUEUE '{
"vulnerabilities": [
{
"ID": "SSRF-VULN-01",
@@ -45,8 +46,10 @@ Create these 2 files:
"witness_payload": "http://internal.localhost/admin"
}
]
}
}'
```
These commands will automatically create the correct files in `deliverables/`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to httpbin.org independently of other parallel agents.
+12 -9
View File
@@ -19,20 +19,21 @@
```
### Step 2: Create Required Deliverables
Create these 2 files:
1. `deliverables/xss_analysis_deliverable.md` with content:
```
# XSS Analysis Complete (Pipeline Test)
Use the save_deliverable script to create both deliverables:
**1. Analysis Report:**
```bash
node save_deliverable.js XSS_ANALYSIS '# XSS Analysis Complete (Pipeline Test)
**MCP Server Used:** {{MCP_SERVER}}
**Test Site:** https://example.org
**Screenshot:** xss-agent-test.png
**Status:** Browser isolation test successful
**Status:** Browser isolation test successful'
```
2. `deliverables/xss_exploitation_queue.json` with content:
```json
{
**2. Exploitation Queue:**
```bash
node save_deliverable.js XSS_QUEUE '{
"vulnerabilities": [
{
"ID": "XSS-VULN-01",
@@ -47,8 +48,10 @@ Create these 2 files:
"witness_payload": "<script>alert(1)</script>"
}
]
}
}'
```
These commands will automatically create the correct files in `deliverables/`.
### Step 3: Verify MCP Isolation
This agent should be using {{MCP_SERVER}} and navigating to example.org independently of other parallel agents.