Skip to content

feat(prompts): add 6 new vulnerability prompt modules #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Mr-Neutr0n wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(prompts): add 6 new vulnerability prompt modules #204

Mr-Neutr0n wants to merge 1 commit into from

Conversation

@Mr-Neutr0n
Copy link

@Mr-Neutr0n Mr-Neutr0n commented Dec 21, 2025

Summary

This PR adds 6 comprehensive vulnerability prompt modules to enhance Strix agent capabilities for common but previously missing vulnerability classes.

New Modules

1. NoSQL Injection (nosql_injection.jinja)

Covers MongoDB, CouchDB, Redis, DynamoDB, and Elasticsearch with:

  • Operator injection ($ne, $gt, $regex, $where)
  • Authentication bypass techniques
  • Blind injection (time-based, boolean-based)
  • Framework-specific patterns (Mongoose, PyMongo, PHP)

2. CORS Misconfiguration (cors_misconfiguration.jinja)

Comprehensive CORS testing with:

  • Origin reflection vulnerability patterns
  • Null origin and subdomain exploitation
  • Cache poisoning attacks
  • Framework-specific vectors (Express, Flask, Django, Spring, Nginx)

3. SSTI - Server-Side Template Injection (ssti.jinja)

Coverage for 9+ template engines:

  • Detection and fingerprinting payloads
  • RCE chains for Jinja2, Twig, Freemarker, Velocity, Thymeleaf, Pebble, ERB, Handlebars, Smarty
  • Sandbox escape techniques
  • Blind SSTI exploitation

4. Prototype Pollution (prototype_pollution.jinja)

JavaScript/Node.js focused with:

  • RCE gadget chains (EJS, Pug, Handlebars, child_process)
  • Authentication bypass patterns
  • Vulnerable npm package identification
  • Framework vectors (Express, NestJS, Fastify)

5. WebSocket Security (websocket_security.jinja)

Real-time application testing:

  • Cross-Site WebSocket Hijacking (CSWSH)
  • Origin validation bypass
  • Per-message authorization testing
  • Library patterns (Socket.io, SignalR, Action Cable, GraphQL subscriptions)

6. Clickjacking (clickjacking.jinja)

UI redressing attacks with:

  • X-Frame-Options and CSP frame-ancestors analysis
  • Frame-buster bypass (sandbox attribute)
  • OAuth authorization clickjacking
  • Multi-click and cursor manipulation attacks

Module Structure

Each module follows the established format:

  • Critical overview and scope definition
  • Comprehensive discovery techniques
  • Multiple exploitation patterns
  • Bypass techniques for common defenses
  • Validation steps for confirmed findings
  • False positive identification
  • Impact assessment
  • Actionable pro tips

Testing

All modules follow the Jinja template format consistent with existing modules like csrf.jinja, idor.jinja, and sql_injection.jinja.

Checklist

  • Consistent XML structure with existing modules
  • Practical, actionable payloads and techniques
  • Framework-specific guidance included
  • Validation and false positive sections
  • No sensitive/real credentials in examples

@hxrikp1729
feat(prompts): add 6 new vulnerability prompt modules
d436675 
Add comprehensive prompt modules for commonly exploited vulnerabilities:

## New Vulnerability Modules

### 1. NoSQL Injection (nosql_injection.jinja)
- MongoDB, CouchDB, Redis, DynamoDB, Elasticsearch coverage
- Operator injection ($ne, $gt, $regex, $where)
- Authentication bypass techniques
- Blind injection methods
- Framework-specific exploitation (Mongoose, PyMongo)

### 2. CORS Misconfiguration (cors_misconfiguration.jinja)
- Origin reflection vulnerabilities
- Null origin exploitation
- Cache poisoning via CORS
- Framework-specific patterns (Express, Flask, Django, Spring)
- PoC template for data exfiltration

### 3. SSTI - Server-Side Template Injection (ssti.jinja)
- Engine detection and fingerprinting payloads
- Exploitation for Jinja2, Twig, Freemarker, Velocity, Thymeleaf, Pebble, ERB, Handlebars, Smarty
- Sandbox escape techniques
- Blind SSTI methods

### 4. Prototype Pollution (prototype_pollution.jinja)
- JavaScript/Node.js exploitation
- RCE gadget chains (EJS, Pug, Handlebars)
- Authentication bypass patterns
- Vulnerable function identification
- Framework-specific vectors (Express, NestJS)

### 5. WebSocket Security (websocket_security.jinja)
- Cross-Site WebSocket Hijacking (CSWSH)
- Origin validation bypass
- Per-message authorization testing
- Library-specific patterns (Socket.io, SignalR, Action Cable)
- GraphQL subscriptions security

### 6. Clickjacking (clickjacking.jinja)
- X-Frame-Options and CSP analysis
- Frame-buster bypass techniques
- OAuth clickjacking
- Multi-click and cursor manipulation attacks
- PoC templates

Each module follows the established XML structure with:
- Critical overview and scope
- Discovery and exploitation techniques
- Bypass methods
- Validation steps
- False positive identification
- Impact assessment
- Pro tips
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mr-Neutr0n @hxrikp1729