vuln-chain-composerlisted

# Vuln Chain Composer The strategic brain. Correlates individual vulnerabilities into devastating multi-step exploit chains. ## Important CRITICAL: This skill produces offensive security analysis. Only use with explicit authorization on the target systems. ## Instructions ### Step 1: Import Findings Accept vulnerability data from: 1. JSON output from webapp-exploit-hunter, api-breaker, cloud-pivot-finder 2. Manual finding descriptions from the user 3. Attack tree data from attack-path-architect 4. Mixed sources - consolidate everything ```bash python scripts/import_findings.py --input {findings_dir_or_files} ``` Normalize all findings to a common format: - Vulnerability type (SQLi, XSS, SSRF, IDOR, etc.) - Location (domain, URL, parameter) - Severity (standalone) - PoC (if available) - Prerequisites (authentication level, specific conditions) ### Step 2: Cross-Domain Correlation ```bash python scripts/correlate.py --findings {normalized_findings} ``` Analyze relationships between findings: **Same-Origin Chains:** - XSS on subdomain A + sensitive cookies scoped to parent domain = session hijack on all subdomains - SSRF on subdomain B + internal API access = data exfiltration via internal endpoints - Open redirect on auth endpoint + OAuth callback = token theft **Trust-Based Chains:** - Subdomain takeover + same cookie scope = full session hijack - CI/CD access + deployment pipeline = production RCE - Cloud metadata via SSRF + IAM overprivilege = full cloud compromi