Share
## https://sploitus.com/exploit?id=12388B01-153A-54F4-AD26-248E6451D6DE
# jChain-Static
**Vulnerability Chain Playbook Generator for Penetration Testing**
jChain-Static is a static database of known vulnerability exploitation chains. Given an entry point (e.g., XSS, SQLi, SSRF), it generates step-by-step playbooks showing possible paths to escalate from that entry point to critical impact (RCE, data breach, account takeover).
---
## Features
- **42 Static Chains** across 3 layers:
- **Universal** (21): DB-agnostic chains (SQLi, LFI, SSRF, XXE, XSS, IDOR, JWT, Deserialization, SSTI)
- **Framework** (13): Laravel, Django, Spring Boot, WordPress, Rails, Express, Next.js, Flask
- **Cloud** (8): AWS, GCP, Azure, Kubernetes, Docker
- **Entry Point Focused**: You found XSS/SQLi/LFI -- jChain tells you where it could lead
- **Step-by-Step Playbooks**: Each chain has 5 steps with payload, success indicator, and notes
- **Risk Assessment**: Success rate, noise level, detection risk per chain
- **Mitigations Included**: Defensive recommendations for each chain
---
## Installation
```bash
git clone
cd jchain-static
# Ensure Python 3.7+ is installed
chmod +x jchain.py
```
---
## Usage
### List Available Entry Points
```bash
python3 jchain.py entries
```
### List All Chains for an Entry Point
```bash
python3 jchain.py list --entry xss
python3 jchain.py list --entry sqli --subtype blind
python3 jchain.py list --layer framework
```
### Show Full Chain Details
```bash
python3 jchain.py show uni-xss-001
python3 jchain.py show fw-laravel-001
```
### Generate Playbook Report
```bash
# Print to stdout
python3 jchain.py report --entry xss
# Save to file
python3 jchain.py report --entry sqli --target-tech "PHP, MySQL, Laravel" -o sqli-playbook.md
```
### Search Chains
```bash
python3 jchain.py search "aws"
python3 jchain.py search "rce"
```
---
## Example Workflow
```bash
# You found reflected XSS on /search?q=
$ python3 jchain.py report --entry xss --target-tech "PHP, Apache" -o xss-chains.md
# Report shows 5 possible chains:
# 1. XSS -> Session Hijacking -> Account Takeover
# 2. XSS -> Admin Compromise -> RCE via Admin Panel
# 3. XSS -> CSRF Bypass -> Privilege Escalation
# 4. XSS -> Keylogger -> Credential Harvesting
# 5. XSS -> WebSocket Hijacking -> Real-time Data Theft
# You pick chain #2, follow step-by-step payloads
# Each step has: action, payload, success indicator, notes
```
---
## Chain Database Structure
```
chains.json
โโโ universal (21 chains)
โ โโโ sqli: error-based, blind, union-based, stacked-queries, postgresql
โ โโโ lfi: log-poisoning, php-wrapper, proc-environ
โ โโโ ssrf: cloud-metadata, internal-api
โ โโโ xxe: file-read
โ โโโ xss: reflected, stored, csrf-bypass, keylogger, websocket
โ โโโ idor: sequential-id, file-reference
โ โโโ jwt: weak-secret
โ โโโ deserialization: java
โ โโโ ssti: template-engine
โโโ framework (13 chains)
โ โโโ laravel: debug-mode, sqli
โ โโโ django: debug-mode
โ โโโ spring-boot: actuator (2 chains)
โ โโโ wordpress: plugin-vuln, theme-editor
โ โโโ rails: debug-mode, activestorage
โ โโโ express: prototype-pollution
โ โโโ nextjs: ssrf
โ โโโ flask: debug-mode, ssti
โโโ cloud (8 chains)
โโโ aws: imdsv1, s3-misconfig, lambda-env
โโโ gcp: metadata
โโโ azure: metadata
โโโ kubernetes: serviceaccount, etcd
โโโ docker: socket-mount
```
---
## Coverage Limitations
**What jChain-Static covers:**
- Standard technical vulnerability chains
- Common framework misconfigurations
- Cloud metadata service exploitation
- Container escape techniques
**What it does NOT cover:**
- Custom business logic flaws (unique per application)
- Zero-day vulnerabilities
- Adaptive/evasive techniques (WAF bypass, rate limit evasion)
- Multi-application chain composition (requires human analysis)
---
## Extending the Database
Add new chains to `chains.json` following this structure:
```json
{
"id": "uni-custom-001",
"name": "Entry -> Step1 -> Step2 -> Final Impact",
"entry": "vulnerability-type",
"entry_subtype": "specific-variant",
"prerequisites": ["Requirement 1", "Requirement 2"],
"steps": [
{
"step": 1,
"action": "What to do",
"payload": "The actual payload/command",
"indicator": "How to know it worked",
"notes": "Additional context"
}
],
"final_impact": "Maximum achievable impact",
"severity": "Critical|High|Medium|Low",
"success_rate": "High|Medium|Low",
"noise_level": "High|Medium|Low",
"detection_risk": "High|Medium|Low",
"mitigations": ["Defense 1", "Defense 2"]
}
```
---
## Disclaimer
This tool is for **authorized penetration testing and security research only**. Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing.
---
## License
MIT License