Share
## https://sploitus.com/exploit?id=4C2167FE-0CF4-52E1-A15F-4639F3E976C7
# Xray POC Converter Skill

This skill converts POC content from the internet (such as HTTP request packets and vulnerability descriptions) into YAML POC rules suitable for Xray. ## Features

- โœ… Converts HTTP request packets into Xray POC YAML format.
- โœ… Generates fully functional POCs based on vulnerability descriptions.
- โœ… Optimizes existing POCs to meet high-quality standards.
- โœ… Converts POCs in other formats (e.g., Nuclei, Goby) into Xray format.

## Supported Vulnerability Types

- File reading/path traversal
- SQL injection (error-based/boolean blind injection/time blind injection/combinated injection)
- Command execution
- Deserialization
- XXE
- SSRF
- Unauthorized access
- Other common vulnerability types

## Directory Structure

```
xray-poc-converter/
โ”œโ”€โ”€ SKILL.md                          # Main skill file
โ”œโ”€โ”€ README.md                         # This file
โ”œโ”€โ”€ references/
    โ”œโ”€โ”€ poc_template.md               # POC template reference
    โ”œโ”€โ”€ expression_functions.md       # Expression function reference
    โ””โ”€โ”€ best_practices.md             # High-quality writing guidelines
```

## How to Use

### 1. Converting HTTP Request Packets to POC

**Input:**
```http
GET /download?file=../../../etc/passwd HTTP/1.1
Host: target.com
```

**Output:**
```yaml
name: poc-yaml-example-file-read
transport: http
rules:
  r0:
    request:
      cache: true
      method: GET
      path: /download?file=..%2f..%2f..%2f..%2fetc%2fpasswd
    expression: |
      response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".matches(response.body_string)
  r1:
    request:
      cache: true
      method: GET
      path: /download?file=..%2f..%2f..%2f..%2fc:%2fwindows%2fwin.ini
    expression: |
      response.status == 200 && response.body_string.contains("for 16-bit app support")
expression: |
  r0() || r1()
detail:
  author: xray-poc-converter
  links:
    - https://example.com
```

### 2. Converting Vulnerability Descriptions to POC

**Input:**
```
A system has a command execution vulnerability at the /api/exec interface. The POST request contains the parameter โ€œcmdโ€. After executing the command, the result is returned in the response body.
```

**Output:**
```yaml
name: poc-yaml-example-system-rce
transport: http
set:
  s1: randomInt(100000, 200000)
  s2: randomInt(10000, 20000)
rules:
  r0:
    request:
      cache: true
      method: POST
      path: /api/exec
      headers:
        Content-Type: application/x-www-form-urlencoded
      body: |
        cmd=expr%20{{s1}}%20-%20{{s2}}
    expression: |
      response.status == 200 && response.body_string.contains(string(s1 - s2))
expression: |
  r0()
detail:
  author: xray-poc-converter
  links: []
```

## Core Principles

The conversion must follow these principles:

1. **Innocence** โ€“ POCs should not perform destructive operations (such as deleting files, changing passwords, etc.).
2. **Randomness** โ€“ Use random values for validation to avoid fixed values.
3. **Uniqueness** โ€“ Matching rules must be unique to avoid false positives.
4. **Versatility** โ€“ Support multiple platforms (Linux/Windows) and versions.

## Reference Documents

- [POC Template Reference](references/poc_template.md) โ€“ POC templates for various vulnerabilities.
- [Expression Functions](references/expression_functions.md) โ€“ Xray-supported expression functions.
- [High-Quality Guidelines](references/best_practices.md) โ€“ Best practices for writing POCs.

## Installation and Usage

### Using as an OpenCode Skill

Simply place this skill in the `opencode/skills/xray-poc-converter/` directory to use it. ### Manual Usage

Refer directly to the documentation in the `references/` directory to manually create POCs. ## Related Links

- [Longting Xray Official Documentation](https://docs.xray.cool/)
- [Xray POC Writing Guide](https://docs.xray.cool/#/guide/poc)

## License

MIT License

## Author

OpenWork Community