pentest-exploit-validation
8
总安装量
6
周安装量
#35089
全站排名
安装命令
npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-exploit-validation
Agent 安装分布
claude-code
6
github-copilot
6
codex
6
amp
6
kimi-cli
6
gemini-cli
6
Skill 文档
Pentest Exploit Validation
Purpose
Validate vulnerability findings through proof-driven exploitation using Shannon’s 4-level evidence system. Consumes the exploitation queue from white-box code review, attempts structured exploitation with bypass exhaustion, collects mandatory evidence per vulnerability type, and classifies each finding as EXPLOITED, POTENTIAL, or FALSE_POSITIVE.
Prerequisites
Authorization Requirements
- Written authorization with explicit scope for active exploitation testing
- Exploitation queue JSON from pentest-whitebox-code-review output
- Test accounts at multiple privilege levels for authz testing
- Data exfiltration approval â confirm acceptable proof-of-concept scope
- Rollback plan for any data-mutating exploits
Environment Setup
- sqlmap for automated SQL injection exploitation
- Burp Suite Professional with Repeater, Intruder, and Turbo Intruder
- curl for manual HTTP request crafting
- Playwright for browser-based exploitation (XSS, CSRF)
- nuclei with custom templates for automated validation
- Isolated testing environment or explicit production testing approval
Core Workflow
- Queue Intake: Parse exploitation queue JSON, validate schema, prioritize by confidence score and impact severity. Group findings by vulnerability type for parallel exploitation.
- Injection Exploitation: Confirm injectable parameter â fingerprint backend (DB type, OS) â enumerate databases/tables â demonstrate data exfiltration with minimal footprint.
- XSS Exploitation: Graph traversal from source â processing â sanitization â sink. Craft context-appropriate payload, demonstrate session hijack or DOM manipulation.
- Auth Exploitation: Attack authentication weaknesses â demonstrate account takeover via credential stuffing, token forgery, or session hijack.
- Authz Exploitation: Horizontal access (cross-user data) â vertical escalation (admin functions) â workflow bypass (state manipulation).
- SSRF Exploitation: Internal service access â cloud metadata retrieval (169.254.169.254) â internal network reconnaissance.
- Bypass Exhaustion: For each finding, attempt 3 initial payloads â if blocked, escalate to 8-10 bypass variations â if still blocked, deploy automated tool variants.
- Impact Escalation: Escalate from proof-of-concept to real impact demonstration â data exfiltration, session hijacking, or remote code execution.
- Evidence Collection: Collect mandatory evidence per vulnerability type using per-type checklists.
- Classification: Assign final classification â EXPLOITED, POTENTIAL, or FALSE_POSITIVE â based on 4-level proof system.
4-Level Proof System
| Level | Description | Classification |
|---|---|---|
| L1 | Weakness identified in code but not confirmed exploitable | POTENTIAL |
| L2 | Partial bypass achieved but full exploitation not demonstrated | POTENTIAL |
| L3 | Vulnerability confirmed with reproducible evidence | EXPLOITED |
| L4 | Critical impact demonstrated (data exfil, RCE, account takeover) | EXPLOITED CRITICAL |
Classification Criteria
| Classification | Criteria |
|---|---|
| EXPLOITED | Reproducible proof with evidence: HTTP request/response, extracted data, or demonstrated impact |
| POTENTIAL | Code-level weakness confirmed but exploitation blocked by defense-in-depth or environment constraints |
| FALSE_POSITIVE | Taint analysis flagged but manual review confirms effective sanitization or unreachable code path |
Tool Categories
| Category | Tools | Purpose |
|---|---|---|
| SQL Injection | sqlmap, manual payloads | Automated and manual SQLi exploitation |
| Request Crafting | Burp Repeater, curl | Manual HTTP request manipulation |
| Fuzzing | Burp Intruder, Turbo Intruder | Payload variation and bypass testing |
| Browser Exploitation | Playwright | XSS demonstration, session hijack |
| Automation | nuclei, custom scripts | Template-based vulnerability validation |
| Evidence Capture | Burp Logger, screenshot tools | Request/response logging and proof |
References
references/tools.md– Tool function signatures and parametersreferences/workflows.md– Exploitation workflows, evidence checklists, and classification tree