Share
## https://sploitus.com/exploit?id=12388B01-153A-54F4-AD26-248E6451D6DE
# jChain-Static

**Vulnerability Chain Playbook Generator for Penetration Testing**

jChain-Static is a static database of known vulnerability exploitation chains. Given an entry point (e.g., XSS, SQLi, SSRF), it generates step-by-step playbooks showing possible paths to escalate from that entry point to critical impact (RCE, data breach, account takeover).

---

## Features

- **42 Static Chains** across 3 layers:
  - **Universal** (21): DB-agnostic chains (SQLi, LFI, SSRF, XXE, XSS, IDOR, JWT, Deserialization, SSTI)
  - **Framework** (13): Laravel, Django, Spring Boot, WordPress, Rails, Express, Next.js, Flask
  - **Cloud** (8): AWS, GCP, Azure, Kubernetes, Docker

- **Entry Point Focused**: You found XSS/SQLi/LFI -- jChain tells you where it could lead
- **Step-by-Step Playbooks**: Each chain has 5 steps with payload, success indicator, and notes
- **Risk Assessment**: Success rate, noise level, detection risk per chain
- **Mitigations Included**: Defensive recommendations for each chain

---

## Installation

```bash
git clone 
cd jchain-static
# Ensure Python 3.7+ is installed
chmod +x jchain.py
```

---

## Usage

### List Available Entry Points
```bash
python3 jchain.py entries
```

### List All Chains for an Entry Point
```bash
python3 jchain.py list --entry xss
python3 jchain.py list --entry sqli --subtype blind
python3 jchain.py list --layer framework
```

### Show Full Chain Details
```bash
python3 jchain.py show uni-xss-001
python3 jchain.py show fw-laravel-001
```

### Generate Playbook Report
```bash
# Print to stdout
python3 jchain.py report --entry xss

# Save to file
python3 jchain.py report --entry sqli --target-tech "PHP, MySQL, Laravel" -o sqli-playbook.md
```

### Search Chains
```bash
python3 jchain.py search "aws"
python3 jchain.py search "rce"
```

---

## Example Workflow

```bash
# You found reflected XSS on /search?q=
$ python3 jchain.py report --entry xss --target-tech "PHP, Apache" -o xss-chains.md

# Report shows 5 possible chains:
#   1. XSS -> Session Hijacking -> Account Takeover
#   2. XSS -> Admin Compromise -> RCE via Admin Panel
#   3. XSS -> CSRF Bypass -> Privilege Escalation
#   4. XSS -> Keylogger -> Credential Harvesting
#   5. XSS -> WebSocket Hijacking -> Real-time Data Theft

# You pick chain #2, follow step-by-step payloads
# Each step has: action, payload, success indicator, notes
```

---

## Chain Database Structure

```
chains.json
โ”œโ”€โ”€ universal (21 chains)
โ”‚   โ”œโ”€โ”€ sqli: error-based, blind, union-based, stacked-queries, postgresql
โ”‚   โ”œโ”€โ”€ lfi: log-poisoning, php-wrapper, proc-environ
โ”‚   โ”œโ”€โ”€ ssrf: cloud-metadata, internal-api
โ”‚   โ”œโ”€โ”€ xxe: file-read
โ”‚   โ”œโ”€โ”€ xss: reflected, stored, csrf-bypass, keylogger, websocket
โ”‚   โ”œโ”€โ”€ idor: sequential-id, file-reference
โ”‚   โ”œโ”€โ”€ jwt: weak-secret
โ”‚   โ”œโ”€โ”€ deserialization: java
โ”‚   โ””โ”€โ”€ ssti: template-engine
โ”œโ”€โ”€ framework (13 chains)
โ”‚   โ”œโ”€โ”€ laravel: debug-mode, sqli
โ”‚   โ”œโ”€โ”€ django: debug-mode
โ”‚   โ”œโ”€โ”€ spring-boot: actuator (2 chains)
โ”‚   โ”œโ”€โ”€ wordpress: plugin-vuln, theme-editor
โ”‚   โ”œโ”€โ”€ rails: debug-mode, activestorage
โ”‚   โ”œโ”€โ”€ express: prototype-pollution
โ”‚   โ”œโ”€โ”€ nextjs: ssrf
โ”‚   โ””โ”€โ”€ flask: debug-mode, ssti
โ””โ”€โ”€ cloud (8 chains)
    โ”œโ”€โ”€ aws: imdsv1, s3-misconfig, lambda-env
    โ”œโ”€โ”€ gcp: metadata
    โ”œโ”€โ”€ azure: metadata
    โ”œโ”€โ”€ kubernetes: serviceaccount, etcd
    โ””โ”€โ”€ docker: socket-mount
```

---

## Coverage Limitations

**What jChain-Static covers:**
- Standard technical vulnerability chains
- Common framework misconfigurations
- Cloud metadata service exploitation
- Container escape techniques

**What it does NOT cover:**
- Custom business logic flaws (unique per application)
- Zero-day vulnerabilities
- Adaptive/evasive techniques (WAF bypass, rate limit evasion)
- Multi-application chain composition (requires human analysis)

---

## Extending the Database

Add new chains to `chains.json` following this structure:

```json
{
  "id": "uni-custom-001",
  "name": "Entry -> Step1 -> Step2 -> Final Impact",
  "entry": "vulnerability-type",
  "entry_subtype": "specific-variant",
  "prerequisites": ["Requirement 1", "Requirement 2"],
  "steps": [
    {
      "step": 1,
      "action": "What to do",
      "payload": "The actual payload/command",
      "indicator": "How to know it worked",
      "notes": "Additional context"
    }
  ],
  "final_impact": "Maximum achievable impact",
  "severity": "Critical|High|Medium|Low",
  "success_rate": "High|Medium|Low",
  "noise_level": "High|Medium|Low",
  "detection_risk": "High|Medium|Low",
  "mitigations": ["Defense 1", "Defense 2"]
}
```

---

## Disclaimer

This tool is for **authorized penetration testing and security research only**. Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing.

---

## License

MIT License