### Create CyberStrike Server and Client Programmatically Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Example demonstrating how to start a CyberStrike server instance and create a client connected to it. Includes TUI launch and project path configuration. ```typescript import { createCyberstrikeServer, createCyberstrikeTui, createCyberstrikeClient } from "@cyberstrike-io/sdk"; // Start a server instance const server = await createCyberstrikeServer({ hostname: "127.0.0.1", port: 4096, timeout: 10000, config: { logLevel: "debug", default_model: "anthropic/claude-sonnet-4-20250514" } }); console.log(`Server running at: ${server.url}`); // Create a client connected to the server const client = createCyberstrikeClient({ baseUrl: server.url, directory: "/path/to/target/project" // Sets working directory for file operations }); // Get project information const paths = await client.path.get(); console.log("Working directory:", paths.directory); console.log("Git worktree:", paths.worktree); // Launch TUI programmatically (for interactive use) const tui = createCyberstrikeTui({ project: "/path/to/target", model: "anthropic/claude-sonnet-4-20250514", session: "ses_existing_session_id", // Resume existing session agent: "internal-network" }); // Cleanup server.close(); tui.close(); ``` -------------------------------- ### Initialize and Run CyberStrike Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/CONTRIBUTING.md Standard commands to clone the repository, install dependencies, and start the development environment. ```bash git clone https://github.com/CyberStrikeus/CyberStrike.git cd CyberStrike bun install bun dev ``` -------------------------------- ### Initialize CyberStrike SDK Client and Server Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Quick start example for creating both a CyberStrike server and client. Configure connection details and logging level. ```typescript import { createCyberstrike, createCyberstrikeClient, createCyberstrikeServer } from "@cyberstrike-io/sdk"; // Quick start - creates both server and client const { client, server } = await createCyberstrike({ hostname: "127.0.0.1", port: 4096, timeout: 5000, config: { logLevel: "info" } }); // List available agents const agents = await client.app.agents(); console.log("Available agents:", agents.map(a => a.name)); // Output: ["cyberstrike", "web-application", "mobile-application", "cloud-security", "internal-network", ...] // Create a new penetration testing session const session = await client.session.create({ agent: "web-application", model: { providerID: "anthropic", modelID: "claude-sonnet-4-20250514" } }); // Send a prompt to start testing await client.session.prompt({ sessionId: session.id, content: "Test https://api.example.com for IDOR vulnerabilities" }); // Get vulnerabilities discovered in session const vulns = await client.session.vulnerabilities({ sessionId: session.id }); for (const vuln of vulns) { console.log(`[${vuln.severity}] ${vuln.title}`); console.log(`CWE: ${vuln.cwe_id}`); console.log(`PoC: ${vuln.poc}`); } // Clean up server.close(); ``` -------------------------------- ### Analyze GET Request Entry Points Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-06.md Example of a standard GET request showing query string parameters, cookies, and HTTP headers as potential entry points. ```http GET /app/search?query=test&category=all&page=1&sort=desc HTTP/1.1 Host: target.com Cookie: session=abc123; preference=dark User-Agent: Mozilla/5.0 Referer: https://target.com/home X-Requested-With: XMLHttpRequest ``` -------------------------------- ### Subjack Usage Examples Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-10.md Common commands for installing and running the Subjack takeover scanner. ```bash # Install go install github.com/haccer/subjack@latest # Basic scan subjack -w subdomains.txt -t 100 -timeout 30 -ssl # With output subjack -w subdomains.txt -t 100 -timeout 30 -ssl -o results.txt # Verbose subjack -w subdomains.txt -t 100 -timeout 30 -ssl -v ``` -------------------------------- ### Install wafw00f Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-10.md Install the wafw00f tool using pip. ```bash # Install pip install wafw00f ``` -------------------------------- ### File Path Parameters Examples Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/agent/prompt/vuln/file-attacks/prompt.txt Illustrates how file paths can be passed as parameters in GET requests. Test various path formats and encodings. ```http GET /api/download?file=report.pdf ``` ```http GET /api/template?path=templates/default.html ``` ```http GET /include?page=about ``` -------------------------------- ### Install cyberstrike CLI Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/github/README.md Run this command in the terminal to begin the installation process. ```bash cyberstrike github install ``` -------------------------------- ### Install and Use ParamSpider Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-06.md Commands to clone, install, and execute ParamSpider for parameter discovery. ```bash git clone https://github.com/devanshbatham/paramspider cd paramspider pip3 install -r requirements.txt ``` ```bash python3 paramspider.py -d target.com ``` ```bash python3 paramspider.py -d target.com -e js,css,png ``` ```bash python3 paramspider.py -d target.com -o params.txt ``` -------------------------------- ### Install CyberStrike with npm Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/README.md Install CyberStrike globally using npm. This is the recommended installation method. ```bash # npm (recommended) npm i -g @cyberstrike-io/cyberstrike@latest ``` -------------------------------- ### Install and Use x8 Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-06.md Commands for installing and running the x8 hidden parameter discovery tool. ```bash cargo install x8 ``` ```bash x8 -u https://target.com/page -w params.txt ``` ```bash x8 -u https://target.com/api -X POST -b '{"test":"value"}' ``` -------------------------------- ### Development Setup Commands Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/sdks/vscode/README.md Commands required to initialize and run the extension development environment. ```bash code sdks/vscode ``` ```bash bun install ``` -------------------------------- ### Post-Installation Security Checklist Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-ATHN/WSTG-ATHN-02.md A list of essential security hardening steps to perform after application installation. ```markdown ## Post-Installation Security Checklist 1. [ ] Change all default passwords 2. [ ] Remove or disable default accounts 3. [ ] Disable installation/setup pages 4. [ ] Remove default API keys/tokens 5. [ ] Change database default credentials 6. [ ] Update default encryption keys 7. [ ] Review and change default configurations 8. [ ] Remove sample/demo content 9. [ ] Disable debug modes 10. [ ] Enable logging and monitoring ``` -------------------------------- ### Install and Run CyberStrike Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/README.it.md Installs the CyberStrike package globally via npm and initializes the agent. ```bash npm i -g @cyberstrike-io/cyberstrike@latest && cyberstrike # "Esegui una valutazione completa OWASP WSTG su https://target.com" ``` -------------------------------- ### Install CyberStrike with bun, pnpm, or yarn Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/README.md Install CyberStrike globally using bun, pnpm, or yarn. ```bash # bun / pnpm / yarn bun add -g @cyberstrike-io/cyberstrike@latest ``` -------------------------------- ### Install CyberStrike Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/README.md Installation commands for various package managers and operating systems. ```bash # npm (recommended) npm i -g @cyberstrike-io/cyberstrike@latest # bun / pnpm / yarn bun add -g @cyberstrike-io/cyberstrike@latest # macOS (Homebrew) brew install CyberStrikeus/tap/cyberstrike # Windows (Scoop) scoop install cyberstrike # Linux / macOS (curl) curl -fsSL https://cyberstrike.io/install | bash ``` -------------------------------- ### Install CyberStrike on Windows with Scoop Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/README.md Install CyberStrike on Windows using the Scoop package manager. ```bash # Windows (Scoop) scoop install cyberstrike ``` -------------------------------- ### Example Patch Operations Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/tool/apply_patch.txt This example demonstrates the syntax for adding, updating, and deleting files using the Cyberstrike patch language. Note the specific headers and line prefixes required for each operation. ```patch *** Begin Patch *** Add File: hello.txt +Hello world *** Update File: src/app.py *** Move to: src/main.py @@ def greet(): -print("Hi") +print("Hello, world!") *** Delete File: obsolete.txt *** End Patch ``` -------------------------------- ### Install and Use Parsero for robots.txt Analysis Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-03.md This snippet shows how to install the Parsero tool using pip and provides a basic command for analyzing a website's robots.txt file. Parsero is a specialized tool for this purpose. ```bash # Install pip install parsero # Basic usage parsero -u https://target.com ``` -------------------------------- ### CSP Implementation and Configuration Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-12.md Examples for defining strict CSP headers and configuring them on web servers. ```http # Recommended strict policy (nonce-based) Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-{random}' 'strict-dynamic'; style-src 'self' 'nonce-{random}'; img-src 'self' data: https:; font-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; ``` ```apache Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-ancestors 'self';" ``` ```nginx add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-ancestors 'self';" always; ``` ```http # Test policy without breaking functionality Content-Security-Policy-Report-Only: default-src 'self'; report-uri /csp-report ``` -------------------------------- ### Apache SSI Directive Examples Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INPV/WSTG-INPV-08.md Examples of common Server-Side Includes (SSI) directives for displaying variables, including files, executing commands, and configuring SSI behavior. ```apache # SSI Directives # Echo - Display variables # Include - Include files # Exec - Execute commands/CGI # Config - Configure SSI behavior # Printenv - Print environment # Set - Set variables # If/Elif/Else - Conditionals Admin content # Flastmod - File last modified # Fsize - File size ``` -------------------------------- ### Start ACP Server Programmatically Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/acp/README.md Import and start the ACPServer from the local implementation. Ensure the path to the server is correct. ```typescript import { ACPServer } from "./acp/server" await ACPServer.start() ``` -------------------------------- ### Automated Discovery Commands Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-06.md Command-line examples for automated security discovery tools. ```bash java -jar asd.jar ``` ```bash arjun -u https://target.com ``` ```bash x8 -u https://target.com ``` ```bash paramspider -d target.com ``` -------------------------------- ### Document GraphQL Entry Points Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-06.md Example GraphQL query and mutation structures for interacting with an API. ```graphql # GraphQL query entry points query { user(id: 123) { name email orders { id total } } } mutation { updateUser(id: 123, role: "admin") { success } } ``` -------------------------------- ### Continuous Monitoring Setup Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-10.md Example cron configuration for automated scanning. ```bash # Set up regular scanning # Add to cron: 0 0 * * * /path/to/takeover_scan.sh target.com # Use OWASP Domain Protect or similar ``` -------------------------------- ### Start development server Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/console/app/README.md Run the development server to preview the application, optionally opening it automatically in the browser. ```bash npm run dev # or start the server and open the app in a new browser tab npm run dev -- --open ``` -------------------------------- ### Initialize a Solid project Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/console/app/README.md Use the Solid CLI to scaffold a new project in the current directory or a specified folder. ```bash # create a new project in the current directory npm init solid@latest # create a new project in my-app npm init solid@latest my-app ``` -------------------------------- ### Remove Default Tomcat Examples Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-02.md Commands to remove the default examples web application from Tomcat installations. This helps in securing the Tomcat server by removing potentially vulnerable components. ```bash # Tomcat - remove examples rm -rf $CATALINA_HOME/webapps/examples/ rm -rf $CATALINA_HOME/webapps/docs/ ``` -------------------------------- ### Start the Slack bot Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/slack/README.md Run the development server after configuring the required environment variables in .env. ```bash # Edit .env with your Slack app credentials bun dev ``` -------------------------------- ### Identify URL Parameters in Query Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/agent/prompt/vuln/ssrf/prompt.txt Examples of GET request parameters that may be vulnerable to SSRF. ```http GET /api/proxy?url=https://example.com GET /api/fetch?link=https://example.com GET /redirect?target=https://example.com ``` -------------------------------- ### Perform Initial Application Discovery Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-07.md Use these commands to spider an application for discovery purposes. ```bash # Spider the application # Using OWASP ZAP zap-cli spider https://target.com # Using Burp Suite # Target > Site map > Spider # Using wget for basic crawling wget --spider -r -l 3 https://target.com 2>&1 | grep '^--' ``` -------------------------------- ### Run Web Application Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/CONTRIBUTING.md Commands to launch the server and the web interface separately. ```bash bun dev serve bun run --cwd packages/app dev ``` -------------------------------- ### Burp Autorize Setup Script Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-IDNT/WSTG-IDNT-01.md A Python comment-based guide for configuring and using the Burp Suite Autorize extension to identify authorization vulnerabilities by testing access with low-privileged sessions. ```python # Burp Autorize configuration # 1. Install Autorize extension # 2. Configure low-privileged session cookie # 3. Enable interception # 4. Browse as admin # 5. Review color-coded results: # - Green: Access denied (correct) # - Red: Access granted (vulnerability) # - Yellow: Different response (investigate) ``` -------------------------------- ### Install CyberStrike on Linux/macOS with curl Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/README.md Install CyberStrike on Linux or macOS by piping the install script to bash via curl. ```bash # Linux / macOS (curl) curl -fsSL https://cyberstrike.io/install | bash ``` -------------------------------- ### Run Backend and App Development Servers Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/app/AGENTS.md Commands to launch the backend and frontend servers separately for local UI development. ```bash bun run --conditions=browser ./src/index.ts serve --port 4096 ``` ```bash bun dev -- --port 4444 ``` -------------------------------- ### Run Nuclei Infrastructure Templates Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-01.md Installs and runs Nuclei with various infrastructure-focused template categories. Ensure Go is installed for installation. ```bash # Install nuclei go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest # Run infrastructure templates nuclei -u https://target.com -t cves/ nuclei -u https://target.com -t misconfigurations/ nuclei -u https://target.com -t default-logins/ nuclei -u https://target.com -t exposed-panels/ ``` -------------------------------- ### Configure LLM Providers Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Set up API keys and default models using environment variables, the API, or the configuration file. ```bash # Set API keys via environment variables export ANTHROPIC_API_KEY=sk-ant-xxx export OPENAI_API_KEY=sk-xxx export GOOGLE_GENERATIVE_AI_API_KEY=xxx # Or configure via API curl -X PUT "http://localhost:4096/auth/anthropic" \ -H "Content-Type: application/json" \ -d '{"type": "api", "key": "sk-ant-xxx"}' # List available models curl -X GET "http://localhost:4096/provider/model" # Set default model in config # cyberstrike.jsonc { "default_model": "anthropic/claude-sonnet-4-20250514" } ``` -------------------------------- ### Discover Default and Sample Files Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-02.md Iterates through a list of common default or sample files to check for their existence on the target server. ```bash # Common default/sample files for file in \ /examples/ \ /samples/ \ /docs/ \ /manual/ \ /test/ \ /phpinfo.php \ /info.php \ /test.php \ /server-status \ /server-info \ /.htaccess \ /web.config \ /crossdomain.xml \ /clientaccesspolicy.xml; do status=$(curl -s -o /dev/null -w "%{http_code}" "https://target.com$file") if [ "$status" != "404" ]; then echo "Found: $file - Status: $status" fi done ``` -------------------------------- ### Virtual Host Discovery with ffuf and httpx Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-04.md Automate virtual host discovery using ffuf and verify live hosts with httpx. ```bash echo "[+] Virtual Host Discovery..." ffuf -u https://$TARGET -H "Host: FUZZ.$TARGET" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -o vhosts.txt -fs 0 # 7. Verify all discovered hosts echo "[+] Verifying Hosts..." cat subdomains.txt | httpx -silent -title -status-code -tech-detect -o live_hosts.txt echo "[+] Enumeration Complete" ``` -------------------------------- ### File Upload Parameters Example Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/agent/prompt/vuln/file-attacks/prompt.txt Demonstrates the structure for uploading files using multipart/form-data. Ensure the Content-Type header is set correctly. ```http Content-Type: multipart/form-data POST /api/upload Content-Disposition: form-data; name="file"; filename="document.pdf" ``` -------------------------------- ### Install CyberStrike on macOS with Homebrew Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/README.md Install CyberStrike on macOS using the Homebrew package manager. ```bash # macOS (Homebrew) brew install CyberStrikeus/tap/cyberstrike ``` -------------------------------- ### Install Project Dependencies Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/app/README.md Install required project dependencies using your preferred package manager. ```bash $ npm install # or pnpm install or yarn install ``` -------------------------------- ### Network Segmentation Example Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-04.md Conceptual example of segmenting network traffic for different application types. ```text # Example: Separate admin interfaces - Public applications: DMZ segment - Admin interfaces: Internal network only - Development: Isolated segment ``` -------------------------------- ### robots.txt Best Practices Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INFO/WSTG-INFO-03.md Examples of good and bad robots.txt configurations. Avoid disallowing sensitive paths directly, as this can reveal their existence. ```text # Good - Generic exclusions User-agent: * Disallow: /cgi-bin/ Disallow: /tmp/ # Bad - Reveals sensitive paths User-agent: * Disallow: /admin-secret-panel/ Disallow: /backup-20240115/ Disallow: /api/v2/internal/ ``` -------------------------------- ### Launch Web Interface Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/README.md Starts the CyberStrike web server and establishes a secure tunnel for remote access. ```bash export CYBERSTRIKE_SERVER_PASSWORD=your-secure-password cyberstrike web # In another terminal: cloudflared tunnel --url http://localhost:4096 run your-tunnel ``` -------------------------------- ### Install and Launch CyberStrike Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/README.md Installs the latest version of the CyberStrike package globally and launches the terminal user interface. ```bash npm i -g @cyberstrike-io/cyberstrike@latest && cyberstrike ``` -------------------------------- ### Initialize MultiChannelTester Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-ATHN/WSTG-ATHN-10.md Instantiate the tester with a dictionary of channel names and their base URLs. This sets up the channels to be tested. ```python class MultiChannelTester: def __init__(self, channels): """ channels: dict of channel_name -> base_url """ self.channels = channels self.results = {} ``` -------------------------------- ### Install CyberStrike CLI Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Install CyberStrike globally using npm, bun, Homebrew, or Scoop. Ensure you use the latest version. ```bash # Install globally via npm (recommended) npm i -g @cyberstrike-io/cyberstrike@latest ``` ```bash # Alternative package managers bun add -g @cyberstrike-io/cyberstrike@latest ``` ```bash brew install CyberStrikeus/tap/cyberstrike # macOS ``` ```bash scoop install cyberstrike # Windows ``` -------------------------------- ### Get Session Vulnerabilities via API Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Fetch discovered vulnerabilities for a specific session by making a GET request to the /session/{session_id}/vulnerability endpoint. ```bash # Get discovered vulnerabilities from a session curl -X GET "http://localhost:4096/session/ses_01HXYZ123456/vulnerability" ``` -------------------------------- ### Get Session Messages via API Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Retrieve all messages associated with a specific session by sending a GET request to the /session/{session_id}/message endpoint. ```bash # Get session messages curl -X GET "http://localhost:4096/session/ses_01HXYZ123456/message" ``` -------------------------------- ### Launch Web Interface Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/README.md Starts the CyberStrike web server with a required password for secure remote access. ```bash export CYBERSTRIKE_SERVER_PASSWORD=your-secure-password cyberstrike web ``` -------------------------------- ### Test Registration/Onboarding Bypass - Skip 2FA Setup Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-BUSL/WSTG-BUSL-06.md Attempt to access sensitive data with a token that does not have 2FA enabled, checking if 2FA setup can be skipped. ```bash # Try skipping 2FA setup if required curl -s "https://target.com/api/sensitive-data" \ -H "Authorization: Bearer $NO_2FA_TOKEN" ``` -------------------------------- ### Start ACP Server Command Line Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/acp/README.md Use this command to start the ACP server in the current directory. For a specific directory, use the --cwd flag. ```bash cyberstrike acp ``` ```bash cyberstrike acp --cwd /path/to/project ``` -------------------------------- ### ReAct Reasoning Cycle Example Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/src/agent/prompt/cyberstrike.txt Demonstrates the required Thought-Action-Observation cycle for verifying potential vulnerabilities like user enumeration. ```text Thought: The login endpoint accepts POST with username/password. The error messages differ between "invalid username" and "invalid password". This suggests user enumeration is possible. Let me verify. Action: curl -s -o /dev/null -w "%{http_code}" -X POST https://target.com/api/login -d '{"username":"nonexistent","password":"x"}' Observation: Got 404 with "User not found". A valid username returns 401 with "Invalid password". This confirms username enumeration via differential error responses. Severity: Medium. Next: check if rate limiting exists on this endpoint. ``` -------------------------------- ### Build CI Container Images Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/containers/README.md Use these commands to build the container images. The `--push` flag publishes multi-arch images. ```bash REGISTRY=ghcr.io/anomalyco TAG=24.04 bun ./packages/containers/script/build.ts ``` ```bash REGISTRY=ghcr.io/anomalyco TAG=24.04 bun ./packages/containers/script/build.ts --push ``` -------------------------------- ### Analyze crossdomain.xml Configurations Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CLNT/WSTG-CLNT-08.md These XML snippets illustrate vulnerable and secure configurations for crossdomain.xml. The vulnerable example uses a wildcard, while the secure example restricts access to trusted domains. ```xml ``` ```xml ``` -------------------------------- ### Analyze Flash crossdomain.xml Policy Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-08.md Examine the `crossdomain.xml` file for security misconfigurations. The vulnerable example allows access from any domain (`*`), while the secure example restricts access to specific trusted domains. ```xml ``` -------------------------------- ### Discover Supported HTTP Methods Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-06.md Use the OPTIONS method to query the server for allowed HTTP verbs. ```bash # Send OPTIONS request curl -X OPTIONS -I https://target.com/ # Check Allow header curl -X OPTIONS -sI https://target.com/ | grep -i "allow" # Example response: # Allow: GET, HEAD, POST, OPTIONS ``` -------------------------------- ### Analyze Silverlight clientaccesspolicy.xml Policy Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CONF/WSTG-CONF-08.md Review the `clientaccesspolicy.xml` file for security flaws. The vulnerable example permits access from any domain (`*`), whereas the secure example limits access to a specific domain and path. ```xml ``` -------------------------------- ### Initialize Browser Storage Tester Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CLNT/WSTG-CLNT-12.md Sets up the Selenium WebDriver for headless Chrome and initializes the storage analysis process for a given URL. ```python class BrowserStorageTester: def __init__(self, url): self.url = url self.findings = [] self.setup_browser() def setup_browser(self): """Setup headless Chrome""" options = Options() options.add_argument('--headless') options.add_argument('--no-sandbox') self.driver = webdriver.Chrome(options=options) ``` -------------------------------- ### Automated WebSocket Security Testing with Python Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-CLNT/WSTG-CLNT-10.md This Python script automates testing for WebSocket vulnerabilities including origin validation, authentication, and injection flaws. Ensure the 'websockets' library is installed (`pip install websockets`). ```python #!/usr/bin/env python3 import asyncio import websockets import json class WebSocketTester: def __init__(self, ws_url): self.ws_url = ws_url self.findings = [] async def test_origin(self): """Test origin validation""" print("[*] Testing origin validation...") origins = [ "https://evil.com", "null", "", ] for origin in origins: try: headers = {"Origin": origin} async with websockets.connect( self.ws_url, extra_headers=headers ) as ws: print(f"[VULN] Accepted origin: {origin}") self.findings.append({ "issue": f"Accepts origin: {origin}", "severity": "High" }) except Exception as e: print(f"[OK] Rejected origin: {origin}") async def test_no_auth(self): """Test if authentication is required""" print("\n[*] Testing authentication...") try: async with websockets.connect(self.ws_url) as ws: # Try sending a message without auth await ws.send(json.dumps({"action": "get_data"})) response = await asyncio.wait_for(ws.recv(), timeout=5) print(f"[VULN] No authentication required") print(f" Response: {response[:100]}") self.findings.append({ "issue": "No WebSocket authentication", "severity": "High" }) except Exception as e: print(f"[INFO] Connection result: {e}") async def test_injection(self): """Test for injection vulnerabilities""" print("\n[*] Testing injection...") payloads = [ '{"message": ""}', '{"query": "1 OR 1=1"}', '{"path": "../../../etc/passwd"}', ] try: async with websockets.connect(self.ws_url) as ws: for payload in payloads: await ws.send(payload) try: response = await asyncio.wait_for(ws.recv(), timeout=2) print(f" Payload: {payload[:30]}") print(f" Response: {response[:50]}") except: pass except Exception as e: pass async def run_tests(self): await self.test_origin() await self.test_no_auth() await self.test_injection() # Usage tester = WebSocketTester("wss://target.com/ws") asyncio.run(tester.run_tests()) ``` -------------------------------- ### Custom Initialization and Extra Data Access Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/packages/cyberstrike/test/AGENTS.md Demonstrates how to use a custom initialization function with `tmpdir` to set up specific files and access returned data via `tmp.extra`. The `init` function receives the directory path and returns a value. ```typescript await using tmp = await tmpdir({ init: async (dir) => { await Bun.write(path.join(dir, "file.txt"), "content") return "extra data" }, }) // Access extra data via tmp.extra console.log(tmp.extra) // "extra data" ``` -------------------------------- ### Run SSRF Tests Source: https://github.com/cyberstrikeus/cyberstrike/blob/main/knowledge/web-application/WSTG-INPV/WSTG-INPV-19.md Initializes the SSRFTester with a target URL and parameter, then runs all defined SSRF test methods, including localhost access, cloud metadata, internal network, protocols, and bypass techniques. Finally, it generates a report of any findings. ```python tester = SSRFTester("https://target.com/fetch", param='url') tester.run_tests() ``` -------------------------------- ### Start CyberStrike Web Server Source: https://context7.com/cyberstrikeus/cyberstrike/llms.txt Start the CyberStrike server with the web UI enabled. A password is required for security, especially for remote access. The server binds to localhost:4096 by default. For remote access, use Cloudflare Tunnel. ```bash # Start web server (requires password for security) export CYBERSTRIKE_SERVER_PASSWORD=your-secure-password cyberstrike web ``` ```bash # For remote access via Cloudflare Tunnel: # Terminal 1: export CYBERSTRIKE_SERVER_PASSWORD=your-secure-password cyberstrike web # Terminal 2: cloudflared tunnel --url http://localhost:4096 run your-tunnel ``` ```bash # Custom hostname and port cyberstrike web --hostname 0.0.0.0 --port 8080 ``` ```bash # Enable mDNS discovery for local network cyberstrike web --mdns --mdns-domain cyberstrike.local ```