feat(prompts): add 6 new vulnerability prompt modules#204
Open
Mr-Neutr0n wants to merge 1 commit intousestrix:mainfrom
Open
feat(prompts): add 6 new vulnerability prompt modules#204Mr-Neutr0n wants to merge 1 commit intousestrix:mainfrom
Mr-Neutr0n wants to merge 1 commit intousestrix:mainfrom
Conversation
Add comprehensive prompt modules for commonly exploited vulnerabilities: ## New Vulnerability Modules ### 1. NoSQL Injection (nosql_injection.jinja) - MongoDB, CouchDB, Redis, DynamoDB, Elasticsearch coverage - Operator injection ($ne, $gt, $regex, $where) - Authentication bypass techniques - Blind injection methods - Framework-specific exploitation (Mongoose, PyMongo) ### 2. CORS Misconfiguration (cors_misconfiguration.jinja) - Origin reflection vulnerabilities - Null origin exploitation - Cache poisoning via CORS - Framework-specific patterns (Express, Flask, Django, Spring) - PoC template for data exfiltration ### 3. SSTI - Server-Side Template Injection (ssti.jinja) - Engine detection and fingerprinting payloads - Exploitation for Jinja2, Twig, Freemarker, Velocity, Thymeleaf, Pebble, ERB, Handlebars, Smarty - Sandbox escape techniques - Blind SSTI methods ### 4. Prototype Pollution (prototype_pollution.jinja) - JavaScript/Node.js exploitation - RCE gadget chains (EJS, Pug, Handlebars) - Authentication bypass patterns - Vulnerable function identification - Framework-specific vectors (Express, NestJS) ### 5. WebSocket Security (websocket_security.jinja) - Cross-Site WebSocket Hijacking (CSWSH) - Origin validation bypass - Per-message authorization testing - Library-specific patterns (Socket.io, SignalR, Action Cable) - GraphQL subscriptions security ### 6. Clickjacking (clickjacking.jinja) - X-Frame-Options and CSP analysis - Frame-buster bypass techniques - OAuth clickjacking - Multi-click and cursor manipulation attacks - PoC templates Each module follows the established XML structure with: - Critical overview and scope - Discovery and exploitation techniques - Bypass methods - Validation steps - False positive identification - Impact assessment - Pro tips
Author
|
Hi! Friendly follow-up on this PR adding 6 new vulnerability prompt modules. Let me know if there's anything I should update or if you need more context. Thanks! |
Ahmex000
pushed a commit
to Ahmex000/strix
that referenced
this pull request
Mar 21, 2026
Checkpoint / resume fixes (bot review on PR usestrix#380): - cli.py: skip checkpoint save when scan completed cleanly (agent.state.completed) to prevent stale checkpoint re-creating after base_agent.py deletes it - tui.py: same completed guard in both _save_checkpoint_on_interrupt and action_custom_quit to cover all TUI exit paths - checkpoint_restore.py: fix infinite recursion in _depth() for cyclic parent_id references in corrupted checkpoints — mark node before recursing - config.py: restore original shell-env-wins precedence for LLM vars; cli-config.json only applies when the shell var is absent, preventing silent override of rotated keys managed via shell environment New vulnerability skills (from upstream PRs usestrix#204 and usestrix#334): - clickjacking, cors_misconfiguration, nosql_injection, prototype_pollution, ssti, websocket_security (PR usestrix#204) - mfa_bypass, edge_cases (PR usestrix#334) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds 6 comprehensive vulnerability prompt modules to enhance Strix agent capabilities for common but previously missing vulnerability classes.
New Modules
1. NoSQL Injection (
nosql_injection.jinja)Covers MongoDB, CouchDB, Redis, DynamoDB, and Elasticsearch with:
2. CORS Misconfiguration (
cors_misconfiguration.jinja)Comprehensive CORS testing with:
3. SSTI - Server-Side Template Injection (
ssti.jinja)Coverage for 9+ template engines:
4. Prototype Pollution (
prototype_pollution.jinja)JavaScript/Node.js focused with:
5. WebSocket Security (
websocket_security.jinja)Real-time application testing:
6. Clickjacking (
clickjacking.jinja)UI redressing attacks with:
Module Structure
Each module follows the established format:
Testing
All modules follow the Jinja template format consistent with existing modules like
csrf.jinja,idor.jinja, andsql_injection.jinja.Checklist