chore: save deliverable script decoupling deliverable creation from the actual content
This commit is contained in:
@@ -19,9 +19,10 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/auth_exploitation_evidence.md` with content:
|
||||
```
|
||||
# Authentication Exploitation Evidence (Pipeline Test)
|
||||
Use the save_deliverable script to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js AUTH_EVIDENCE '# Authentication Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
@@ -40,8 +41,10 @@ Create file `deliverables/auth_exploitation_evidence.md` with content:
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Parameter-based authentication bypass
|
||||
- **Bypass Method:** URL parameter manipulation
|
||||
- **Bypass Method:** URL parameter manipulation'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/auth_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -19,9 +19,10 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/authz_exploitation_evidence.md` with content:
|
||||
```
|
||||
# Authorization Exploitation Evidence (Pipeline Test)
|
||||
Use the save_deliverable script to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_EVIDENCE '# Authorization Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
@@ -40,8 +41,10 @@ Create file `deliverables/authz_exploitation_evidence.md` with content:
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Insecure Direct Object Reference (IDOR)
|
||||
- **Escalation Method:** User ID manipulation in API calls
|
||||
- **Escalation Method:** User ID manipulation in API calls'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/authz_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -19,9 +19,10 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/injection_exploitation_evidence.md` with content:
|
||||
```
|
||||
# Injection Exploitation Evidence (Pipeline Test)
|
||||
Use the save_deliverable script to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js INJECTION_EVIDENCE '# Injection Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
@@ -31,15 +32,17 @@ Create file `deliverables/injection_exploitation_evidence.md` with content:
|
||||
## Exploitation Results
|
||||
- **Target:** Test injection vulnerability
|
||||
- **Method:** SQL injection via query parameter
|
||||
- **Evidence:** Successfully executed test payload `'; DROP TABLE users; --`
|
||||
- **Evidence:** Successfully executed test payload `'"'"'; DROP TABLE users; --`
|
||||
- **Impact:** Demonstrated ability to manipulate database queries
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** INJ-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **MCP Instance:** {{MCP_SERVER}}'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/injection_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -19,9 +19,10 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/ssrf_exploitation_evidence.md` with content:
|
||||
```
|
||||
# SSRF Exploitation Evidence (Pipeline Test)
|
||||
Use the save_deliverable script to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js SSRF_EVIDENCE '# SSRF Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
@@ -40,8 +41,10 @@ Create file `deliverables/ssrf_exploitation_evidence.md` with content:
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** URL parameter manipulation
|
||||
- **Target:** Internal network services (localhost:8080)
|
||||
- **Target:** Internal network services (localhost:8080)'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/ssrf_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -19,9 +19,10 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Create file `deliverables/xss_exploitation_evidence.md` with content:
|
||||
```
|
||||
# XSS Exploitation Evidence (Pipeline Test)
|
||||
Use the save_deliverable script to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js XSS_EVIDENCE '# XSS Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
@@ -31,7 +32,7 @@ Create file `deliverables/xss_exploitation_evidence.md` with content:
|
||||
## Exploitation Results
|
||||
- **Target:** Test XSS vulnerability
|
||||
- **Method:** Reflected XSS via search parameter
|
||||
- **Evidence:** Successfully executed payload `<script>alert('XSS')</script>`
|
||||
- **Evidence:** Successfully executed payload `<script>alert('"'"'XSS'"'"')</script>`
|
||||
- **Impact:** Demonstrated JavaScript code execution in user context
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
@@ -39,8 +40,10 @@ Create file `deliverables/xss_exploitation_evidence.md` with content:
|
||||
- **Vulnerability ID:** XSS-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Reflected XSS in search functionality
|
||||
- **Attack Vector:** Reflected XSS in search functionality'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/xss_exploitation_evidence.md`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents.
|
||||
@@ -1 +1,7 @@
|
||||
Create file `deliverables/code_analysis_deliverable.md` with content "Pre-recon analysis complete".
|
||||
Use the save_deliverable script to create your deliverable:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js CODE_ANALYSIS 'Pre-recon analysis complete'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/code_analysis_deliverable.md` with the correct filename.
|
||||
@@ -1 +1,7 @@
|
||||
Create file `deliverables/recon_deliverable.md` with content "Reconnaissance analysis complete".
|
||||
Use the save_deliverable script to create your deliverable:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js RECON 'Reconnaissance analysis complete'
|
||||
```
|
||||
|
||||
This will automatically create `deliverables/recon_deliverable.md` with the correct filename.
|
||||
@@ -19,20 +19,21 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/auth_analysis_deliverable.md` with content:
|
||||
```
|
||||
# Auth Analysis Complete (Pipeline Test)
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js AUTH_ANALYSIS '# Auth Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.net
|
||||
**Screenshot:** auth-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
|
||||
2. `deliverables/auth_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js AUTH_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "AUTH-VULN-01",
|
||||
@@ -46,8 +47,10 @@ Create these 2 files:
|
||||
"witness_payload": "Authorization: Bearer invalid_token"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
```
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.net independently of other parallel agents.
|
||||
@@ -19,20 +19,21 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/authz_analysis_deliverable.md` with content:
|
||||
```
|
||||
# Authorization Analysis Complete (Pipeline Test)
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_ANALYSIS '# Authorization Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://jsonplaceholder.typicode.com
|
||||
**Screenshot:** authz-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
|
||||
2. `deliverables/authz_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "AUTHZ-VULN-01",
|
||||
@@ -45,8 +46,10 @@ Create these 2 files:
|
||||
"witness_payload": "GET /admin/users with regular user token"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
```
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to jsonplaceholder.typicode.com independently of other parallel agents.
|
||||
@@ -19,20 +19,21 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/injection_analysis_deliverable.md` with content:
|
||||
```
|
||||
# Injection Analysis Complete (Pipeline Test)
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js INJECTION_ANALYSIS '# Injection Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** injection-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
|
||||
2. `deliverables/injection_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js INJECTION_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "INJ-VULN-01",
|
||||
@@ -45,11 +46,13 @@ Create these 2 files:
|
||||
"sink_call": "db.query at app.js:20",
|
||||
"slot_type": "SQL-val",
|
||||
"mismatch_reason": "User input directly concatenated into SQL query",
|
||||
"witness_payload": "'; DROP TABLE users; --"
|
||||
"witness_payload": "'"'"'; DROP TABLE users; --"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
```
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel agents.
|
||||
@@ -19,20 +19,21 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/ssrf_analysis_deliverable.md` with content:
|
||||
```
|
||||
# SSRF Analysis Complete (Pipeline Test)
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js SSRF_ANALYSIS '# SSRF Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://httpbin.org
|
||||
**Screenshot:** ssrf-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
|
||||
2. `deliverables/ssrf_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js SSRF_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "SSRF-VULN-01",
|
||||
@@ -45,8 +46,10 @@ Create these 2 files:
|
||||
"witness_payload": "http://internal.localhost/admin"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
```
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to httpbin.org independently of other parallel agents.
|
||||
@@ -19,20 +19,21 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Create these 2 files:
|
||||
1. `deliverables/xss_analysis_deliverable.md` with content:
|
||||
```
|
||||
# XSS Analysis Complete (Pipeline Test)
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js XSS_ANALYSIS '# XSS Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.org
|
||||
**Screenshot:** xss-agent-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
|
||||
2. `deliverables/xss_exploitation_queue.json` with content:
|
||||
```json
|
||||
{
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js XSS_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "XSS-VULN-01",
|
||||
@@ -47,8 +48,10 @@ Create these 2 files:
|
||||
"witness_payload": "<script>alert(1)</script>"
|
||||
}
|
||||
]
|
||||
}
|
||||
}'
|
||||
```
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.org independently of other parallel agents.
|
||||
Reference in New Issue
Block a user