## https://sploitus.com/exploit?id=34B10CFE-B82F-5221-9085-5ECC8E017A30
# Exploitable Conditions Agent
A GitHub Copilot agent that analyzes CVE vulnerabilities to extract specific, actionable exploitation prerequisites and conditions. Goes beyond CVSS scores to identify the exact configuration flags, software states, network conditions, and dependency requirements that must be true for a vulnerability to be exploitable.
## Purpose
Security teams often need more than a CVSS score to prioritize vulnerabilities. This agent answers:
- **What specific conditions must be met** for a CVE to be exploitable?
- **Is the vulnerability exploitable with a default configuration**, or does it require explicit changes?
- **What single mitigation** would block the most attack paths?
## How It Works
The agent is built as a [GitHub Copilot Agent](https://docs.github.com/en/copilot/building-copilot-extensions/building-a-copilot-agent) using VS Code agent/skill definitions:
1. **Agent definition** โ [`.github/agents/exploitable-conditions.agent.md`](.github/agents/exploitable-conditions.agent.md) defines the agent persona, data-gathering procedure, and output format.
2. **Skill definition** โ [`.github/skills/exploitable-conditions-analysis/SKILL.md`](.github/skills/exploitable-conditions-analysis/SKILL.md) provides the detailed analysis methodology (phases 1โ5).
3. **Reference files** โ Condition taxonomy and output templates in [`.github/skills/exploitable-conditions-analysis/references/`](.github/skills/exploitable-conditions-analysis/references/).
### Data Sources (in order)
| Source | What It Provides |
|--------|-----------------|
| NVD API | Official CVE description, CVSS vectors, CWE, CPE, references |
| Snyk Advisories | Ecosystem-specific advisory text, package-level scope |
| GitHub Security Advisories (GHSA) | Advisory summary, affected packages, version ranges |
| EPSS API | Exploitation probability score |
| CISA KEV | Active exploitation status |
| Vendor Advisories | Specific configuration conditions, workarounds |
| Security Research | PoC analysis, real-world exploitation details |
### Condition Types
Each extracted condition is classified as:
- **`CONFIGURATION_REQUIRED`** โ A specific setting, feature flag, or module must be in a particular state
- **`DEPENDENCY_CHAIN`** โ Specific runtime, platform, or environmental prerequisites must be present
Each condition includes: default state assessment, confidence level, evidence citations, and source code check hints for downstream verification.
## Output
Analysis results are stored in `output/` as structured JSON files (one per CVE), plus a summary CSV. Each JSON contains:
- CVE metadata (CVSS, CWE, EPSS, CISA KEV status)
- Detailed exploitation conditions with evidence
- Source code check hints for automated verification
- Overall exploitability assessment
## Usage
Invoke the agent in VS Code Copilot Chat:
```
@exploitable-conditions Analyze CVE-2021-44228
```
The agent will gather data from all sources and produce both human-readable markdown and a machine-readable JSON output.
## Project Structure
```
.github/
agents/
exploitable-conditions.agent.md # Agent definition
skills/
exploitable-conditions-analysis/
SKILL.md # Detailed analysis methodology
references/
condition-taxonomy.md # Condition type reference with examples
output-template.md # Expected output format and JSON schema
output/ # Analysis results (JSON + CSV)
```
## License
Internal use only.