Share
## https://sploitus.com/exploit?id=0E56AE0B-EEDF-5FC8-8129-11337AB15ECE
# Web Vulnerability to POC Generator

Web Vulnerability to POC Generator based on Large Model APIs

[! [Python](https://img.shields.io/badge/Python-3.8+-blue.svg)](https://www.python.org)
[! [FastAPI](https://img.shields.io/badge/FastAPI-0.110+-green.svg)](https://fastapi.tiangolo.com)
[! [License](https://img.shields.io/badge/License-Educational-red.svg)](LICENSE)

## โš ๏ธ IMPORTANT NOTICE

**This tool is intended to be used only for authorized security testing and research purposes**

- โœ… Use only on explicitly authorized systems
- โŒ Unauthorized testing may violate the law
- ๐Ÿ“‹ Users are responsible for their actions
- ๐ŸŽ“ Recommended for security education and CTF competitions

---

## Catalog

- [Functional Features](#Functional Features)
- [Project Architecture](#Project Architecture)
- [Implementation methods](#Implementation methods)
- [Quickstart](#Quickstart)
- [API documentation](#api documentation)
- [Configuration Notes](#configuration notes)
- [Supported Vulnerability Types](#Supported Vulnerability Types)
- [Usage Examples](#Usage Examples)
- [Developer's Guide](#Developer's Guide)
- [Frequently Asked Questions](#Frequently Asked Questions)

---

## Functionality

### Core Features
- ๐Ÿค– **Intelligent POC Generation** - Automatically analyze vulnerabilities and generate validation code based on large model APIs
- ๐Ÿ” **Vulnerability Type Recognition** - Automatically identify web vulnerabilities such as SQL injection, XSS, CSRF, file upload, etc.
- ๐Ÿ“ฆ **Multi-format Input** - Supports multiple inputs such as text descriptions, CVE numbers, HTTP packets, etc.
- ๐Ÿ“ **Full Output** - Returns POC code, usage instructions, risk alerts and raw vulnerability information

### Technical Features
- โšก **High-performance asynchronous** - based on FastAPI asynchronous framework, supports high concurrency
- ๐ŸŒ **CORS support** - Built-in cross-domain support for easy front-end integration
- ๐Ÿ“š **Automated Documentation** - Swagger UI + ReDoc dual documentation system
- ๐Ÿ”ง **Flexible Configuration** - Supports multiple big model APIs (OpenAI compatible interfaces)
- ๐Ÿ“Š **Detailed logging** - complete request logging and bug tracking

---

## Project Architecture

### Catalog structure

``
yanwutang_test1/
โ”œโ”€โ”€ main.py # FastAPI application entry, server startup
โ”œโ”€โ”€ config.py # Global configuration (API, big model settings)
โ”œโ”€โ”€ requirements.txt # Python dependencies list
โ”œโ”€โ”€ README.md # Project documentation
โ”œโ”€โ”€ api_server.log # Runtime log file
โ”‚ api_server.log
โ”œโ”€โ”€ api/ # API layer - routing and endpoint definitions
โ”‚ โ”œโ”€โ”€ __init__.py
โ”‚ โ””โ”€โ”€ routes.py # API routes (/generate-poc, /health)
โ”‚
โ”œโ”€โ”€ models/ # Data layer - Pydantic model definition
โ”‚ โ”œโ”€โ”€ __init__.py
โ”‚ โ””โ”€โ”€ schemas.py # Request/response data model
โ”‚
โ”œโ”€โ”€ services/ # Business Layer - Core Business Logic โ”‚ โ”œโ”€โ”€ __init__.py โ”‚ โ””โ”€โ”€ schemas.py
โ”‚ โ”œโ”€โ”€ __init__.py
โ”‚ โ””โ”€โ”€ llm_service.py # Big model API call service
โ”‚ โ””โ”€ __init__.py โ”‚ โ”€โ”€ llm_service.py
โ””โ”€ frontend/ # Frontend Layer - Web UI
โ”œโ”€โ”€ index.html # Main page (single page application)
โ”œโ”€โ”€ css/
โ”‚ โ””โ”€โ”€ style.css # Full style sheet (970 lines)
โ””โ”€ js/
โ””โ”€โ”€ app.js # Interaction logic (480 lines)
```

### Technology stack

#### Backend tech stack

| Components | Technology Selection | Description |
|------|---------|------|
| Web Frameworks | FastAPI | High Performance Asynchronous Frameworks |
| HTTP Server | Uvicorn | ASGI Server |
| Data Validation | Pydantic | Data Modeling and Validation |
| LLM Integration | OpenAI SDK | Support for OpenAI-compatible APIs | | Logging
| Logging | Logging | Python standard logging library |
| StaticFiles | StaticFiles | FastAPI Static File Service |

#### Front End Technology Stack

| Components | Technology Selection | Description |
| ------| ---------| ------|
| Page Structure | HTML5 | Semantic Tags, Modern Web Standards |
| Styling | CSS3 | CSS Variables, Grid, Flexbox, Animation |
| Interaction Logic | Vanilla JavaScript | Native ES6+ with no framework dependencies |
| HTTP Requests | Fetch API | Modern asynchronous request interface |
| Icons Library | Font Awesome 6.4 | Vector Icons (CDN) |
| Design Styles | Dark Themes | Modern dark UI design |

---

## Implementation method

### Back-end implementation

The back-end uses FastAPI framework to build RESTful API, the main implementation steps:

1. **Project Architecture Design**: Adopt layered architecture to separate API routing, data modeling, and business logic.
2. **API endpoint development**: realize POC generation interface (`/api/generate-poc`) and health check interface (`/api/health`)
3. **Big Model Integration**: invoke compatible big model APIs via OpenAI SDK and use well-designed prompts to guide the model to generate safe POC code
4. **Request Handling Process**:
- Receive vulnerability and target information from user input
- Construct structured cue words to send to the big model.
- Parses the JSON response returned by the big model.
- Extract POC code, vulnerability type, usage instructions and other information.
- Return a formatted response to the front-end.

### Front-end implementation

Front-end using a pure native technology stack , no framework dependencies , implementation steps:

1. **Page structure (HTML5)**:
- Use semanticized tags to build a clear document structure
- Split into navigation bar, warning banner, Hero area, generator body, functional features, footer and other modules
- Input and output column layout, the left side of the input vulnerability information, the right side to display the generation results

2. ** style design (CSS3)**:
- Thematization using CSS custom properties (CSS Variables)
- Dark theme design, using gradient colors and glow effects
- Grid and Flexbox layouts for responsive design.
- CSS animations for loading states, background particle effects, button interactions, etc.
- Fully adaptive to mobile and desktop

3. **Interaction Logic (JavaScript)**:
- Use the Fetch API to call the back-end RESTful interface.
- Implement state management: empty state, loading state, result display state.
- Quick example buttons: preset SQL injection, XSS, file uploads, SSRF and other examples
- Code operation: copy to clipboard, download as .py file.
- Toast notification system provides operation feedback
- Smooth scrolling and navigation bar activation status tracking

4. **Front-end and back-end integration**:
- FastAPI mounts front-end static resources via `StaticFiles` middleware
- `/` root path returns `index.html`, `/css`, and `/css`.
- `/css`, `/js`, `/assets` mount the corresponding static file directories.
- CORS middleware configuration to allow cross-domain access

---

## Quick start

### Environmental requirements

- Python 3.8 or higher
- pip package manager
- Valid Big Model API key (OpenAI or compatible service)

### 1. clone project (if applicable)

```bash
cd yanwutang_test1
```

### 2. Install dependencies

```bash
pip install -r requirements.txt
``

**Dependent package descriptions:**
- `fastapi>=0.110.0` - Web Framework
- `uvicorn[standard]>=0.27.0` - ASGI server
- `pydantic>=2.6.0` - data validation
- `openai>=1.0.0` - OpenAI SDK
- `python-dotenv>=1.0.0` - environment variable management

### 3. Configuring the API key

#### Method 1: Modify config.py (for development environment)

Edit the `config.py` file and modify the following configuration:

``python
LLM_API_KEY: str = "your-api-key-here"
LLM_API_BASE: str = "https://api.siliconflow.cn/v1" # or other compatible services
LLM_MODEL: str = "moonshotai/Kimi-K2-Instruct-0905" # or other models
``

#### Method 2: Use environment variables (recommended for production environments)

Create `.env` file:

``bash
LLM_API_KEY=your-api-key-here
LLM_API_BASE=https://api.openai.com/v1
LLM_MODEL=gpt-4
``

### 4. Start the service

```bash
python main.py
``

**After a successful startup, you will see:**

```
โš ๏ธ WARNING: This tool is intended for authorized security testing and research purposes only!
- Use only on explicitly authorized systems
- Unauthorized testing may violate the law
- Users are responsible for their actions.

๐Ÿš€ Startup server: http://127.0.0.1:8000
๐Ÿ“š API documentation: http://127.0.0.1:8000/docs
```

### 5. Accessing the Web Interface

Open it in a browser:

- **Web Interface (recommended)**: http://127.0.0.1:8000/
- **Swagger UI**: http://127.0.0.1:8000/docs
- **ReDoc**: http://127.0.0.1:8000/redoc

### 6. Using the Web Interface to Generate a POC

#### Way 1: Enter vulnerability information directly

1. Input the vulnerability description in the "Vulnerability Information Input" text box, support:
- **Vulnerability Description**: e.g. "The target website http://example.com/login has a SQL injection vulnerability in the username parameter".
- **CVE number**: e.g. "CVE-2017-5638: Apache Struts2 Remote Code Execution Vulnerability".
- **HTTP packet**: full request packet and response information

2. (Optional) Fill in the target system information in the "Target Information" input box: e.g. "MySQL 5.7 - PHP 7.4".

3. Click the "Generate POC Code" button and wait for the AI to analyze it.

4. View the generated results:
- **Vulnerability Type Label**: the type of vulnerability that is automatically recognized.
- **POC validation code**: complete Python validation code.
- **Usage instructions**: code description and usage

5. code operation:
- **Copy code**: Click the "Copy" button to copy the code to the clipboard.
- **Download POC**: Click the "Download POC" button to save as a .py file.
- **New POC**: Click "New POC" to clear the form and start a new generation.

#### Way 2: Use Quick Example

The web interface provides 4 preset examples, which can be loaded quickly by clicking on them:

- **SQL Injection**: MySQL Time Blind Injection Example
- **XSS cross-site**: Reflective XSS example
- **File Upload**: PHP backdoor upload example
- **SSRF**: Server Side Request Forgery Example

#### Web Interface Features

- โœ… **Responsive design**: supports desktop and mobile access.
- โœ… **Dark theme**: modern dark UI for eye protection
- โœ… **Real-time feedback**: Toast notification alerts the result of operation.
- โœ… **Loading animation**: step-by-step display of AI processing progress
- โœ… **Code highlighting**: professional code display formatting
- โœ… **Shortcut support**: Ctrl+Enter to submit forms

---

## API Documentation

### 1. Generating POC code

**Endpoint**: `POST /api/generate-poc`

**Function**: Generate POC validation code based on vulnerability information

#### Request Parameters

| Parameter | Type | Required | Description |
|------|------|------|------|------|
| `vulnerability_info` | string โœ… | Vulnerability Information (Description/CVE/Packet) |
| `target_info` | string | โŒ | Target System Information |

#### Request Example 1 - Vulnerability Description

```json
{
"vulnerability_info": "The target website http://example.com/login suffers from a SQL injection vulnerability in the username parameter located on the login page, where the use of single quotes can trigger a database error",
"target_info": "Web Application - MySQL Database - PHP Backend"
}
``

#### Request Example 2 - HTTP Packet

```json
{
"vulnerability_info": "POST /login HTTP/1.1\nHost: example.com\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin'& password=123456\n\nResponse: You have an error in your SQL syntax", "target_info": "target_info".
"target_info": "MySQL 5.7"
}
``

#### Request Example 3 - CVE Information

```json
{
"vulnerability_info": "CVE-2017-5638: Apache Struts2 Remote Code Execution Vulnerability, version 2.3.5-2.3.31, allows injection of OGNL expressions via the Content-Type header.",
"target_info": "Apache Struts 2.3.28"
}
``

#### Response Parameters

| field | type | description |
|------|------|------|
| `success` | boolean | Whether successfully generated |
| `vulnerability_type` | string | The type of vulnerability recognized |
| `original_vulnerability_info` | string | Original vulnerability information |
| `poc_code` | string | Generated Python POC code |
| `explanation` | string | Code Description and Usage |
| `error` | string | Error message (on failure) |
| `warning` | string | Security warnings |

#### Sample response

``json
{
"success": true,
"vulnerability_type": "SQL Injection",
"original_vulnerability_info": "The target website http://example.com/login has a SQL Injection vulnerability..." ,
"poc_code": "import requests\nimport time\n\n# POC validation code - SQL Injection (Time Blind) \nurl = 'http://example.com/login'\n\n# Secure validation payload\npayload = \"admin' AND SLEEP(3)--\"\ndata = {'username': payload, 'password': '123456'}\n\nstart_time = time.time()\nresponse = requests.post(url, data=data)\n nend_time = time.time()\n\nif (end_time - start_time) >= 3:\n print('[+] Vulnerability exists: SQL Injection Vulnerability Detected')\nelse:\n print('[-] Vulnerability does not exist')", "explanation":"\n".
"explanation": "This POC is used to validate SQL injection vulnerabilities..." ,
"error": null,
"warning":"โš ๏ธ WARNING: This tool is intended for authorized security testing and research purposes only"
}
``

### 2. Health check

**endpoint**: ``GET /api/health``

**Function**: Check the status of the service

#### Sample response

```json
{
"status": "healthy",
"service": "Vulnerability to POC Generator",
"version": "1.0.0"
}
``

---

## Configuration notes

### config.py configuration items

The following parameters can be adjusted in `config.py`:

#### API service configuration

| Parameters | Default | Description |
|------|--------|------|
| `API_HOST` | `127.0.0.1` | Service Listening Address |
| `API_PORT` | `8000` | Service Port |

#### Large Model Configuration

| Parameters | Default | Description |
|------|--------|------|
| `LLM_API_KEY` | Environment Variables or Defaults | API Key |
| `LLM_API_BASE` | `https://api.siliconflow.cn/v1` | API Base URL |
| `LLM_MODEL` | `moonshotai/Kimi-K2-Instruct-0905` | Models Used |
| `LLM_TEMPERATURE` | `0.7` | Generate randomness (0-1) |
| `LLM_MAX_TOKENS` | `2000` | Maximum generation length |

### Supported large model services

This system supports all services compatible with the OpenAI API format:

#### International services
- **OpenAI**: GPT-4, GPT-3.5-turbo
- **Anthropic**: Claude (compatible layer required)
- **Google**: Gemini (requires compatibility layer)

#### Domestic Services
- **Silicon Flow**: Kimi, Qwen, DeepSeek, etc.
- **Tongyiqianqian**: qwen-turbo, qwen-plus
- **Baidu Wenshin**: ERNIE series
- **Wisdom Spectrum AI**: GLM series

#### Local Deployment
- **Ollama**: run open source models locally
- **LM Studio**: Local modeling service
- **vLLM**: High performance inference service

---

## Supported vulnerability types

### Injection type vulnerabilities
- โœ… **SQL Injection** - Database Query Injection (Union Injection, Blind Injection, Error Reporting Injection)
- โœ… **Command Injection** - System Command Execution (OS Command Injection)
- โœ… **LDAP Injection** - LDAP Query Injection
- โœ… **XPath Injection** - XML Path Language Injection
- โœ… **Template Injection** (SSTI) - Server Side Template Injection
- โœ… **NoSQL Injection** - MongoDB and other NoSQL database injection

### Cross-site Class Vulnerability
- โœ… **XSS** - Cross-site scripting attacks
- Reflective XSS
- Stored XSS
- DOM-type XSS
- โœ… **CSRF** - Cross-Site Request Forgery

### File Type Vulnerability
- โœ… **File Upload** - Arbitrary File Upload Vulnerability
- โœ… **File Inclusion** - Local/Remote File Inclusion (LFI/RFI)
- โœ… **Path Traversal** - Directory Traversal (Path Traversal)
- โœ… **File Download** - Arbitrary File Reading

### Logic Class Vulnerability
- โœ… **Override Access** - Horizontal/Vertical Override (IDOR)
- โœ… **Business Logic Vulnerability** - Payment Bypass, Coupon Abuse, etc.
- โœ… **Authentication Bypass** - Login Authentication Flaw
- โœ… **Session Management** - Session fixation, hijacking

### Other Web Vulnerabilities
- โœ… **SSRF** - server-side request forgery
- โœ… **XXE** - XML external entity injection
- โœ… **Deserialization** - Insecure deserialization
- โœ… **JWT Vulnerability** - Token Forgery/Tampering
- โœ… **API Vulnerability** - REST/GraphQL API security issues
- โœ… **CORS misconfiguration** - Cross-domain resource sharing vulnerability

---

## Usage Examples

### Python Calling Examples

``` Python
import requests
import json

# API endpoints
url = "http://127.0.0.1:8000/api/generate-poc"

# Build the request data
payload = {
"vulnerability_info": "SQL injection vulnerability exists in the username parameter of the login page on the target website",
"target_info": "MySQL 5.7 - PHP 7.4"
}

# Send a POST request
response = requests.post(url, json=payload)
result = response.json()

# Process the response
if result["success"].
print("=" * 60)
print(f "Vulnerability type: {result['vulnerability_type']}")
print("=" * 60)
print("\nPOC code:")
print(result['poc_code'])
print("\n" + "=" * 60)
print("Explanation of use:")
print(result['explanation'])
print("=" * 60)
else.
print(f "Generation failed: {result['error']}")
``

### JavaScript/TypeScript Examples

```javascript
// Fetch API
async function generatePoc(vulnerabilityInfo, targetInfo = null) {
const response = await fetch('http://127.0.0.1:8000/api/generate-poc', {
method: 'POST', {
headers: {
'Content-Type': 'application/json',
}, { body: JSON.stringify(JSON.stringify)
body: JSON.stringify({
vulnerability_info: vulnerabilityInfo, target_info: targetInfo, }, body: JSON.stringify({
target_info: targetInfo
})
}).

const result = await response.json();

if (result.success) {
console.log('Vulnerability type:', result.vulnerability_type);
console.log('POC code:\n', result.poc_code);
console.log('Explanation of use:', result.explanation);
} else {
console.error('Generation failed:', result.error); } else {
}

return result; } else { console.error('Failed to generate:', result.error); }
}

// Example usage
generatePoc(
"XSS vulnerability exists on the target site, located in the search box parameter q", "
"http://example.com/search?q="
).
``

### cURL Example

```bash
curl -X POST "http://127.0.0.1:8000/api/generate-poc" \
-H "Content-Type: application/json" \
-d '{
"vulnerability_info": "SQL injection vulnerability exists on the target site, located in the username parameter of the login page",
"target_info": "MySQL database"
}'
``.

---

## Developer's Guide

### Adding new features

#### 1. Add new data models

Edit `models/schemas.py`.

``python
class NewRequest(BaseModel).
"""NewRequestModel""""
field1: str
field2: Optional[int] = None
```

#### 2. Create a new service

Create a new file in the `services/` directory.

``python
class NewService.
async def process(self, data).
# Business logic
pass
``

#### 3. Add a new route

Edit `api/routes.py`.

``python
@router.post("/new-endpoint")
async def new_endpoint(request: NewRequest).
# Call the service
result = await new_service.process(request)
return result
``

### Run the test

``##bash
## Install the test dependencies
pip install pytest pytest-asyncio httpx

# Create test file tests/test_api.py
# Run the tests
pytest tests/ -v
``

### Code specification

- Use **Black** to format code
- Use **flake8** for code quality checking
- Type checking with **mypy**

```bash
pip install black flake8 mypy
black .
flake8 .
mypy .
```

---

## Frequently asked questions

### Q1: API call fails with authentication error

**A**: Check the following points:
1. whether the API key is correctly configured in `config.py
2. Whether the API service provider supports the selected model
3. Check network connection and proxy settings
4. Check `api_server.log` for detailed errors.

### Q2: Incomplete POC code generated

**A**: Possible causes:
1. `LLM_MAX_TOKENS` setting is too small, suggest to set it to `2000` or higher.
2. model capability limitations, it is recommended to use a more powerful model (such as GPT-4)
3. Vulnerability information is not clear enough, please provide more detailed information.

### Q3: How can I change the server address and port?

**A**: Edit `config.py`.

``python
API_HOST: str = "0.0.0.0" # listen on all interfaces
API_PORT: int = 9000 # change to another port
```

### Q4: What big models are supported?

**A**: All services compatible with OpenAI API format are supported:
- OpenAI: GPT-4, GPT-3.5
- Domestic services such as Silicon Flow, Tongyi Qianqian, Wenxin Yiyin, etc.
- Ollama, LM Studio and other local deployment services

Just modify `LLM_API_BASE` and `LLM_MODEL`.

### Q5: How to protect API security?

**A**: It is recommended to add the following security measures:
1. **Add authentication**: use JWT or API Key
2. **Rate limiting**: Use `slowapi` to limit the frequency of requests.
3. **CORS Configuration**: Set specific allowed domains in `main.py`.
4. **HTTPS**: Configure SSL certificates using a reverse proxy (Nginx).

---

## Security Recommendations

### Development Environment
- โœ… Use test data and virtual environments
- โœ… Don't expose the development server on the public network
- โœ… Update dependency packages regularly

### Production environment
- โœ… Configure firewalls and access control
- โœ… Use HTTPS encrypted transmission
- โœ… Implement user authentication and authorization
- โœ… Add request frequency limits
- โœ… Record detailed audit logs
- โœ… Regular backups and security audits

### API key management
- โœ… Use environment variables or key management services
- โŒ Don't hardcode keys in code
- โŒ Don't commit `.env` files to version control
- โœ… Rotate API keys regularly

---

## Contribution Guidelines

Issue and Pull Request submissions are welcome!

### Submit an Issue
- Describe the issue or suggestion in detail
- Provide reproduction steps and environment information
- Attach relevant logs and screenshots

### Submit PR
1. Fork the project
2. Create a feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request

---

## License

This program is intended for safety research and educational purposes only. Users are required to comply with relevant laws and regulations.

**Prohibited use for:**
- Unauthorized security testing
- Malicious attacks and sabotage
- Other illegal uses

---

## Contact information

For questions or suggestions, please submit an Issue or contact the project maintainer.

---

## Changelog

### v1.0.0 (2025-01-01)
- ๐ŸŽ‰ First release
- โœจ Support POC generation based on large models
- โœจ Support multiple web vulnerability types
- โœจ Complete API documentation
- โœจ Detailed logging

---

**โš ๏ธ FINAL REMINDER: This tool is intended for authorized security testing and research purposes only, and users are responsible for their actions! **