Share
## https://sploitus.com/exploit?id=33E6F54E-7332-5EA6-948D-18C4B807B34C
# Exploit Chain Suggestor
A CLI tool for penetration testers and bug bounty hunters to discover, build, and validate exploit chains based on discovered vulnerabilities.
---
## Installation
```bash
git clone https://github.com/jakeloai/Exploit-Chain-Suggestor
cd Exploit-Chain-Suggestor
python3 ecs.py --help
```
No external dependencies required. Uses Python standard library only.
---
## Quick Start
```bash
# List all exploit primitives
python3 ecs.py exploits
# List all entry points
python3 ecs.py entries
# Suggest chains from SQLi (stealth mode)
python3 ecs.py suggest --entry sqli --stealth
# Show full chain details
python3 ecs.py show uni-sqli-004
# Search for Laravel-related chains
python3 ecs.py search laravel
# Generate playbook report
python3 ecs.py report --entry sqli --tech "MSSQL,IIS" -o playbook.md
# Build custom chain
python3 ecs.py chain --steps "recon,lfi,log-poison,rce"
# Validate chain against target constraints
python3 ecs.py validate --chain uni-sqli-004 --constraints "no-stacked,firewall"
# Auto-suggest next step
python3 ecs.py fuzz --current "sqli-found" --tech "MySQL,PHP"
# Parse tech stack for entry points
python3 ecs.py scan --tech "PHP,MySQL,Apache,WordPress"
```
---
## Commands
| Command | Description |
|---------|-------------|
| `exploits` | List all exploit primitives (with filtering) |
| `entries` | List all available entry points |
| `list` | List chains with filters (entry, layer, subtype, impact) |
| `show` | Display full details of a specific chain |
| `suggest` | Suggest chains from a given entry point |
| `chain` | Build a custom chain from multiple exploits |
| `report` | Generate a playbook report for target |
| `search` | Search chains by keyword, CVE, or technique |
| `validate` | Check if a chain is possible given target constraints |
| `fuzz` | Auto-suggest next step based on current findings |
| `scan` | Parse recon output and suggest entry points |
---
## Database Coverage
| Layer | Chains | Description |
|-------|--------|-------------|
| Universal | 34 | Database/framework-agnostic chains |
| Framework | 13 | Laravel, Django, Spring Boot, WordPress, Rails, Express, Next.js, Flask |
| Cloud | 8 | AWS, GCP, Azure, Kubernetes, Docker |
| Network | 2 | Recon, web fuzzing |
**Total: 57 chains across 30 exploit primitives**
### Exploit Primitives Covered
- **Injection**: SQLi, Command Injection, XSS, SSTI, XXE, GraphQL Injection
- **File**: LFI, RFI, File Upload
- **Server-Side**: SSRF, Host Header Injection, Cache Poisoning, HTTP Request Smuggling
- **Web**: CSRF, Clickjacking, Open Redirect
- **Authentication**: Brute Force, Broken Authentication, JWT Weak Secret
- **API**: IDOR, Mass Assignment
- **Deserialization**: Java Deserialization, PHP Deserialization, Prototype Pollution
- **Cloud**: AWS IMDS/S3/Lambda, GCP Metadata, Azure MSI, K8s SA Token, K8s etcd, Docker Escape
- **Recon**: Information Gathering, Web Fuzzing
---
## Chain Structure
Each chain contains:
- **Prerequisites** โ What must be true for the chain to work
- **Steps** โ Numbered exploitation steps with payload, indicator, and notes
- **Final Impact** โ The end result (e.g., RCE, Account Takeover)
- **Severity / Success Rate / Noise / Detection Risk** โ For risk assessment
- **Mitigations** โ Defensive recommendations
- **Tags** โ For searching and categorization
---
## Author
**jakeloai**
---
## License
GPL-3.0 license
For educational and authorized penetration testing purposes only.