Module: PWN::AI::Agent::VulnGen

Defined in:

lib/pwn/ai/agent/vuln_gen.rb

Overview

This module is an AI agent designed to analyze generic vulnerability descriptions and generate detailed security findings following the exact bug bounty writeup structure:

1. Detailed finding description with technical depth and PoC when possible

2. Business impact

3. Remediation recommendations, including compensating controls / stop gaps

4. CVSS score, vector string, and first.org calculator URI

5. CWE category, brief description, and CWE URI

6. Relevant NIST 800-53 control

It leverages the PWN::AI::Introspection.reflect_on method. Defaults to Jira for existing workflow compatibility.

Class Method Summary

• .analyze(opts = {}) ⇒ Object

  Supported Method Parameters

  ai_analysis = PWN::AI::Agent::VulnGen.analyze( request: ‘required - high level description of vulnerability discovered (e.g. “Discovered a SQLi vulnerability in /login”’, markup_type: ‘optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)’, output_path: ‘optional - path to save the generated markdown report’ ).

• .authors ⇒ Object

  Author(s)

  0day Inc.

• .help ⇒ Object

  Display Usage for this Module.

Class Method Details

.analyze(opts = {}) ⇒ Object

Supported Method Parameters

ai_analysis = PWN::AI::Agent::VulnGen.analyze(

request: 'required - high level description of vulnerability discovered (e.g. "Discovered a SQLi vulnerability in /login"',
markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)',
output_path: 'optional - path to save the generated markdown report'

)

# File 'lib/pwn/ai/agent/vuln_gen.rb', line 24

public_class_method def self.analyze(opts = {})
  request = opts[:request]
  output_path = opts[:output_path]
  raise 'ERROR: request parameter is required' if request.nil? || request.empty?

  markup_type = opts[:markup_type] ||= :jira

  markup = ''
  case markup_type
  when :jira
    markup = 'Jira Wiki Markup'
  when :markdown
    markup = 'Markdown'
  when :html
    markup = 'HTML'
  when :confluence
    markup = 'Confluence Wiki Markup'
  when :xml
    markup = 'XML'
  else
    raise "ERROR: Unsupported markup_type '#{markup_type}'. Supported types are :jira, :markdown, :html, :confluence, :xml."
  end

  system_role_content = "
  _ALWAYS_ Generate #{markup} security findings for the message provided using **EXACTLY** this structure and section headers:

  1. Detailed Finding Description: This should be a deep, detailed technical description that should include exploit proof-of-concepts when possible.  The description should be technical in nature and provide enough information for a security engineer to understand the vulnerability and how it can be exploited.  Code snippets should be included where applicable to demonstrate the vulnerability and potential exploit paths.

  2. Business Impact: This should describe, in business terms, the importance of fixing the issue.  Reputational and/or financial impact should be considered for this section.

  3. Remediation Recommendations:  Targeted towards technical engineers that can ascertain a reasonable approach to fix the vulnerability based upon common security remediation patterns.  Be sure to consider compensating controls / stop gaps that can be implemented (e.g. WAF, additional logging, etc.) until such time the vulnerability can be fixed.  Provide examples in cases where code fixes may be required.

  4. CVSS Score (Severity), Base CVSS Vector string as /AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`, and first.org CVSS calculator URI as https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`.  The Vector string must be formatted like: `/AV:%s/AC:%s/PR:%s/UI:%s/S:%s/C:%s/I:%s/A:%s`.  _Ensure the CVSS score and severity aligns with the vector string calculation._

  5. CWE Category, Brief CWE description, and CWE URI

  6. NIST 800-53 Security Control that is impacted by this vulnerability.
  "

  analysis = PWN::AI::Introspection.reflect_on(
    system_role_content: system_role_content,
    request: request,
    suppress_pii_warning: true
  )

  if output_path
    FileUtils.mkdir_p(File.dirname(output_path))
    File.write(output_path, analysis.to_s)
    puts "\nVulnerability report written to: #{output_path}"
  end

  analysis
rescue StandardError => e
  raise e
end

.authors ⇒ Object

Author(s)

0day Inc. <support@0dayinc.com>

# File 'lib/pwn/ai/agent/vuln_gen.rb', line 82

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <support@0dayinc.com>
  "
end

.help ⇒ Object

Display Usage for this Module

# File 'lib/pwn/ai/agent/vuln_gen.rb', line 90

public_class_method def self.help
  puts "USAGE:
    ai_analysis = #{self}.analyze(
      request: 'required - high level description of vulnerability discovered (e.g. \"Discovered a SQLi vulnerability in /login\"',
      markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)',
      output_path: 'optional - full path to save the generated report as .md (e.g. /home/claw/reports/sqli-finding.md)'
    )

    #{self}.authors
  "
end