feat: migrate to use MCP tools instead of helper scripts
This commit is contained in:
@@ -19,30 +19,11 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Use the save_deliverable script to create your evidence:
|
||||
Use the save_deliverable MCP tool to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js AUTH_EVIDENCE '# Authentication Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** auth-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test authentication vulnerability
|
||||
- **Method:** Authentication bypass via parameter manipulation
|
||||
- **Evidence:** Successfully bypassed login using admin=true parameter
|
||||
- **Impact:** Demonstrated unauthorized access to protected resources
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** AUTH-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Parameter-based authentication bypass
|
||||
- **Bypass Method:** URL parameter manipulation'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTH_EVIDENCE"`
|
||||
- `content: "# Authentication Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation"`
|
||||
|
||||
This will automatically create `deliverables/auth_exploitation_evidence.md`.
|
||||
|
||||
|
||||
@@ -19,30 +19,11 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Use the save_deliverable script to create your evidence:
|
||||
Use the save_deliverable MCP tool to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_EVIDENCE '# Authorization Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** authz-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test authorization vulnerability
|
||||
- **Method:** Privilege escalation via direct object reference
|
||||
- **Evidence:** Successfully accessed admin panel with user-level privileges
|
||||
- **Impact:** Demonstrated unauthorized access to privileged functionality
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** AUTHZ-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Insecure Direct Object Reference (IDOR)
|
||||
- **Escalation Method:** User ID manipulation in API calls'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTHZ_EVIDENCE"`
|
||||
- `content: "# Authorization Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls"`
|
||||
|
||||
This will automatically create `deliverables/authz_exploitation_evidence.md`.
|
||||
|
||||
|
||||
@@ -19,28 +19,11 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Use the save_deliverable script to create your evidence:
|
||||
Use the save_deliverable MCP tool to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js INJECTION_EVIDENCE '# Injection Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** injection-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test injection vulnerability
|
||||
- **Method:** SQL injection via query parameter
|
||||
- **Evidence:** Successfully executed test payload `'"'"'; DROP TABLE users; --`
|
||||
- **Impact:** Demonstrated ability to manipulate database queries
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** INJ-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "INJECTION_EVIDENCE"`
|
||||
- `content: "# Injection Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Method:** SQL injection via query parameter\n- **Evidence:** Successfully executed test payload `'; DROP TABLE users; --`\n- **Impact:** Demonstrated ability to manipulate database queries\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}"`
|
||||
|
||||
This will automatically create `deliverables/injection_exploitation_evidence.md`.
|
||||
|
||||
|
||||
@@ -19,30 +19,11 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Use the save_deliverable script to create your evidence:
|
||||
Use the save_deliverable MCP tool to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js SSRF_EVIDENCE '# SSRF Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** ssrf-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test SSRF vulnerability
|
||||
- **Method:** Server-Side Request Forgery via URL parameter
|
||||
- **Evidence:** Successfully forced server to make request to internal network
|
||||
- **Impact:** Demonstrated access to internal services and potential data exfiltration
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** SSRF-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** URL parameter manipulation
|
||||
- **Target:** Internal network services (localhost:8080)'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "SSRF_EVIDENCE"`
|
||||
- `content: "# SSRF Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)"`
|
||||
|
||||
This will automatically create `deliverables/ssrf_exploitation_evidence.md`.
|
||||
|
||||
|
||||
@@ -19,29 +19,11 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverable
|
||||
Use the save_deliverable script to create your evidence:
|
||||
Use the save_deliverable MCP tool to create your evidence:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js XSS_EVIDENCE '# XSS Exploitation Evidence (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** xss-exploit-test.png
|
||||
**Status:** Browser isolation test successful
|
||||
|
||||
## Exploitation Results
|
||||
- **Target:** Test XSS vulnerability
|
||||
- **Method:** Reflected XSS via search parameter
|
||||
- **Evidence:** Successfully executed payload `<script>alert('"'"'XSS'"'"')</script>`
|
||||
- **Impact:** Demonstrated JavaScript code execution in user context
|
||||
- **Proof:** Pipeline testing mode - simulated successful exploitation
|
||||
|
||||
## Technical Details
|
||||
- **Vulnerability ID:** XSS-VULN-01
|
||||
- **Exploitation Status:** Simulated Success (Pipeline Test)
|
||||
- **MCP Instance:** {{MCP_SERVER}}
|
||||
- **Attack Vector:** Reflected XSS in search functionality'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "XSS_EVIDENCE"`
|
||||
- `content: "# XSS Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** xss-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test XSS vulnerability\n- **Method:** Reflected XSS via search parameter\n- **Evidence:** Successfully executed payload `<script>alert('XSS')</script>`\n- **Impact:** Demonstrated JavaScript code execution in user context\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** XSS-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Reflected XSS in search functionality"`
|
||||
|
||||
This will automatically create `deliverables/xss_exploitation_evidence.md`.
|
||||
|
||||
|
||||
@@ -1,6 +1 @@
|
||||
Run this command and do nothing else:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js CODE_ANALYSIS 'Pre-recon analysis complete'
|
||||
```
|
||||
Then say "Done".
|
||||
Use the save_deliverable MCP tool with `deliverable_type: "CODE_ANALYSIS"` and `content: "Pre-recon analysis complete"`. Then say "Done".
|
||||
@@ -1,6 +1 @@
|
||||
Run this command and do nothing else:
|
||||
|
||||
```bash
|
||||
node save_deliverable.js RECON 'Reconnaissance analysis complete'
|
||||
```
|
||||
Then say "Done".
|
||||
Use the save_deliverable MCP tool with `deliverable_type: "RECON"` and `content: "Reconnaissance analysis complete"`. Then say "Done".
|
||||
@@ -19,38 +19,19 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
Use the save_deliverable MCP tool to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js AUTH_ANALYSIS '# Auth Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.net
|
||||
**Screenshot:** auth-agent-test.png
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTH_ANALYSIS"`
|
||||
- `content: "# Auth Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.net\n**Screenshot:** auth-agent-test.png\n**Status:** Browser isolation test successful"`
|
||||
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js AUTH_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "AUTH-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test auth vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "Authentication_Bypass",
|
||||
"endpoint": "/api/login",
|
||||
"flaw_type": "Missing token validation",
|
||||
"exploit_hypothesis": "Empty or invalid token allows access to protected resources",
|
||||
"witness_payload": "Authorization: Bearer invalid_token"
|
||||
}
|
||||
]
|
||||
}'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTH_QUEUE"`
|
||||
- `content: {"vulnerabilities": [{"ID": "AUTH-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test auth vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "Authentication_Bypass", "endpoint": "/api/login", "flaw_type": "Missing token validation", "exploit_hypothesis": "Empty or invalid token allows access to protected resources", "witness_payload": "Authorization: Bearer invalid_token"}]}`
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
These tools will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.net independently of other parallel agents.
|
||||
@@ -19,37 +19,19 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
Use the save_deliverable MCP tool to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_ANALYSIS '# Authorization Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://jsonplaceholder.typicode.com
|
||||
**Screenshot:** authz-agent-test.png
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTHZ_ANALYSIS"`
|
||||
- `content: "# Authorization Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://jsonplaceholder.typicode.com\n**Screenshot:** authz-agent-test.png\n**Status:** Browser isolation test successful"`
|
||||
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js AUTHZ_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "AUTHZ-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test authz vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "Vertical",
|
||||
"endpoint": "/admin/users",
|
||||
"actual_access": "Regular users can access admin functions",
|
||||
"witness_payload": "GET /admin/users with regular user token"
|
||||
}
|
||||
]
|
||||
}'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "AUTHZ_QUEUE"`
|
||||
- `content: {"vulnerabilities": [{"ID": "AUTHZ-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test authz vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "Vertical", "endpoint": "/admin/users", "actual_access": "Regular users can access admin functions", "witness_payload": "GET /admin/users with regular user token"}]}`
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
These tools will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to jsonplaceholder.typicode.com independently of other parallel agents.
|
||||
@@ -19,40 +19,19 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
Use the save_deliverable MCP tool to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js INJECTION_ANALYSIS '# Injection Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.com
|
||||
**Screenshot:** injection-agent-test.png
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "INJECTION_ANALYSIS"`
|
||||
- `content: "# Injection Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** injection-agent-test.png\n**Status:** Browser isolation test successful"`
|
||||
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js INJECTION_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "INJ-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "SQLi",
|
||||
"source": "query parameter at app.js:15",
|
||||
"path": "controller → db.query",
|
||||
"sink_call": "db.query at app.js:20",
|
||||
"slot_type": "SQL-val",
|
||||
"mismatch_reason": "User input directly concatenated into SQL query",
|
||||
"witness_payload": "'"'"'; DROP TABLE users; --"
|
||||
}
|
||||
]
|
||||
}'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "INJECTION_QUEUE"`
|
||||
- `content: {"vulnerabilities": [{"ID": "INJ-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "SQLi", "source": "query parameter at app.js:15", "path": "controller → db.query", "sink_call": "db.query at app.js:20", "slot_type": "SQL-val", "mismatch_reason": "User input directly concatenated into SQL query", "witness_payload": "'; DROP TABLE users; --"}]}`
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
These tools will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel agents.
|
||||
@@ -19,37 +19,19 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
Use the save_deliverable MCP tool to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js SSRF_ANALYSIS '# SSRF Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://httpbin.org
|
||||
**Screenshot:** ssrf-agent-test.png
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "SSRF_ANALYSIS"`
|
||||
- `content: "# SSRF Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://httpbin.org\n**Screenshot:** ssrf-agent-test.png\n**Status:** Browser isolation test successful"`
|
||||
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js SSRF_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "SSRF-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test SSRF vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "URL_Manipulation",
|
||||
"source": "url parameter in /api/fetch",
|
||||
"outbound_call": "fetch() at api.js:45",
|
||||
"witness_payload": "http://internal.localhost/admin"
|
||||
}
|
||||
]
|
||||
}'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "SSRF_QUEUE"`
|
||||
- `content: {"vulnerabilities": [{"ID": "SSRF-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test SSRF vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "URL_Manipulation", "source": "url parameter in /api/fetch", "outbound_call": "fetch() at api.js:45", "witness_payload": "http://internal.localhost/admin"}]}`
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
These tools will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to httpbin.org independently of other parallel agents.
|
||||
@@ -19,39 +19,19 @@
|
||||
```
|
||||
|
||||
### Step 2: Create Required Deliverables
|
||||
Use the save_deliverable script to create both deliverables:
|
||||
Use the save_deliverable MCP tool to create both deliverables:
|
||||
|
||||
**1. Analysis Report:**
|
||||
```bash
|
||||
node save_deliverable.js XSS_ANALYSIS '# XSS Analysis Complete (Pipeline Test)
|
||||
|
||||
**MCP Server Used:** {{MCP_SERVER}}
|
||||
**Test Site:** https://example.org
|
||||
**Screenshot:** xss-agent-test.png
|
||||
**Status:** Browser isolation test successful'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "XSS_ANALYSIS"`
|
||||
- `content: "# XSS Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.org\n**Screenshot:** xss-agent-test.png\n**Status:** Browser isolation test successful"`
|
||||
|
||||
**2. Exploitation Queue:**
|
||||
```bash
|
||||
node save_deliverable.js XSS_QUEUE '{
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"ID": "XSS-VULN-01",
|
||||
"verdict": "vulnerable",
|
||||
"confidence": "high",
|
||||
"notes": "Test XSS vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
|
||||
"vulnerability_type": "Reflected",
|
||||
"source": "search parameter",
|
||||
"sink_function": "template.render at search.js:25",
|
||||
"render_context": "HTML_BODY",
|
||||
"mismatch_reason": "User input rendered without HTML encoding",
|
||||
"witness_payload": "<script>alert(1)</script>"
|
||||
}
|
||||
]
|
||||
}'
|
||||
```
|
||||
Use `save_deliverable` MCP tool with:
|
||||
- `deliverable_type: "XSS_QUEUE"`
|
||||
- `content: {"vulnerabilities": [{"ID": "XSS-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test XSS vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "Reflected", "source": "search parameter", "sink_function": "template.render at search.js:25", "render_context": "HTML_BODY", "mismatch_reason": "User input rendered without HTML encoding", "witness_payload": "<script>alert(1)</script>"}]}`
|
||||
|
||||
These commands will automatically create the correct files in `deliverables/`.
|
||||
These tools will automatically create the correct files in `deliverables/`.
|
||||
|
||||
### Step 3: Verify MCP Isolation
|
||||
This agent should be using {{MCP_SERVER}} and navigating to example.org independently of other parallel agents.
|
||||
Reference in New Issue
Block a user