AI Assistance
Review details on using AI to help generate templates for Nuclei and PDCP
The Template Editor has AI to generate templates for vulnerability reports. This document helps to guide you through the process, offering usagwe tips and examples.
Overview
Powered by ProjectDiscovery’s deep library of public Nuclei templates and a rich CVE data set, the AI understands a broad array of security vulnerabilities. First, the system interprets the user’s prompt to identify a specific vulnerability. Then, it generates a template based on the steps required to reproduce the vulnerability along with all the necessary meta information to reproduce and remediate.
Initial Setup
Kick start your AI Assistance experience with these steps:
- Provide Detailed Information: Construct comprehensive Proof of Concepts (PoCs) for vulnerabilities like Cross-Site Scripting (XSS), and others.
- Understand the Template Format: Get to grips with the format to appropriately handle and modify the generated template.
- Validation and Linting: Use the integrated linter to guarantee the template’s validity.
- Test the Template: Evaluate the template against a test target ensuring its accuracy.
Best Practices
- Precision Matters: Detailed prompts yield superior templates.
- Review and Validate: Consistently check matchers’ accuracy.
- Template Verification: Validate the template on known vulnerable targets before deployment.
Example Prompts
The following examples demonstrate different vulnerabilities and the corresponding Prompt.
Vulnerability: Open Redirect
Vulnerability: Open Redirect
Open redirect vulnerability identified in a web application. Here’s the PoC:
HTTP Request:
HTTP Response:
The application redirects the user to the URL specified in the url parameter, leading to an open redirect vulnerability.
Vulnerability: SQL Injection
Vulnerability: SQL Injection
SQL Injection vulnerability in a login form. Here’s the PoC:
HTTP Request:
HTTP Response:
The application improperly handles user input in the password field, leading to an SQL Injection vulnerability.
Vulnerability: Business logic (negative cart balance)
Vulnerability: Business logic (negative cart balance)
Business Logic vulnerability in a web application’s shopping cart function allows for negative quantities, leading to credit. Here’s the PoC:
HTTP Request:
HTTP Response:
The application fails to validate the quantity parameter, resulting in a Business Logic vulnerability.
Vulnerability: Server-side Template Injection (SSTI)
Vulnerability: Server-side Template Injection (SSTI)
Server-side Template Injection (SSTI) vulnerability through a web application’s custom greeting card function. Here’s the PoC:
The application processes the message parameter as a template, leading to an SSTI vulnerability.
Vulnerability: Insecure Direct Object Reference (IDOR)
Vulnerability: Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference (IDOR) vulnerability discovered in a website’s user profile page. Here’s the PoC:
The application exposes sensitive information of a user (ID: 2) who is not the authenticated user (session: abcd1234), leading to an IDOR vulnerability.
Vulnerability: Path Traversal
Vulnerability: Path Traversal
Path Traversal vulnerability identified in a web application’s file download function. Here’s the PoC:
The application fetches the file specified in the file parameter from the server file system, leading to a Path Traversal vulnerability.
Vulnerability: Business logic (extend VIP subscription)
Vulnerability: Business logic (extend VIP subscription)
Business logic vulnerability in a web application’s VIP subscription function allows users to extend the trial period indefinitely. Here’s the PoC:
The application does not limit the number of times the trial period can be extended, leading to a business logic vulnerability.
Each of these examples provides HTTP Requests and Responses to illustrate the vulnerabilities.
Limitations
Please note that the current AI is trained primarily on HTTP data. Template generation for non-HTTP protocols is not supported at this time. Support for additional protocols is under development and will be available soon.