## https://sploitus.com/exploit?id=725BD184-BC44-56DB-922B-DED296747B36
# Exploit Chain Generator
> **Turn Noise into Signal: Correlate SCA & SAST Findings to Uncover Real Attack Paths.**
The **Exploit Chain Generator** is an advanced security prototype that bridges the gap between **Software Composition Analysis (SCA)** and **Static Application Security Testing (SAST)**.
By analyzing dependency vulnerabilities (from **Grype**) and code-level weaknesses (from **Semgrep**), it constructs "Exploit Chains"βvalidated attack paths that show not just *what* is vulnerable, but *how* it might be exploited in your specific codebase.
---
## π Key Features
* **π Intelligent Correlation**: Uses heuristic analysis to link vulnerable libraries (e.g., Log4j) with specific code usages (e.g., `logger.info()`), distinguishing actual threats from dormant dependencies.
* **π Risk Scoring Engine**: Prioritizes findings using a composite score of CVSS, EPSS (Exploit Prediction Scoring System), CISA KEV status, and code context.
* **π§ͺ Automated PoC Generation**: Automatically generates Python Proof-of-Concept scripts for high-confidence chains to help red teams and developers validate risks.
* **π₯οΈ Modern Web Interface**: A clean React-based UI to upload reports, visualize attack chains, and inspect generated PoC code.
* **β Zero-False-Positive Handling**: Gracefully handles clean reports ("No vulnerabilities found") with clear user feedback.
* **π³ Dockerized Deployment**: Full container support for instant setup.
---
## π οΈ How It Works
The system operates on a 4-stage pipeline:
1. **Ingestion**: Parses `.xlsx` reports from **Grype** (dependencies) and **Semgrep** (code). It handles missing columns and empty states gracefully.
2. **Scoring**:
* **Dependencies**: Scored based on CVSS + EPSS boost + CISA KEV (Known Exploited Vulnerabilities) override.
* **Code**: Scored based on Severity and Critical CWE presence (e.g., Deserialization, SQLi).
3. **Chain Building**: A graph-based engine (`networkx`) links nodes if:
* **Direct Match**: The package name appears in the code warning.
* **Context Match**: Heuristics match vulnerability types (e.g., "Deserialization") with relevant library usage (e.g., "Jackson", "SnakeYAML").
4. **Reporting**: Generates a JSON summary for the UI and downloadable Python PoC scripts for validation.
---
## β‘ Quick Start (Docker)
The easiest way to run the application is using Docker Compose.
### Prerequisites
* Docker & Docker Compose installed.
### Steps
1. **Clone the repository**:
```bash
git clone
cd exploit-chain-generator
```
2. **Start the services**:
```bash
docker-compose up --build -d
```
3. **Access the Application**:
* **Frontend (UI)**: [http://localhost](http://localhost) (or port 80)
* **Backend (API)**: [http://localhost:5001](http://localhost:5001)
---
## π§ Manual Setup (Development)
If you prefer to run the services locally without Docker:
### 1. Backend (Python/Flask)
```bash
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Run the server
python server.py
```
*Server runs on port 5001.*
### 2. Frontend (React/Vite)
```bash
cd frontend
# Install dependencies
npm install
# Run the dev server
npm run dev
```
*Frontend runs on http://localhost:5173 (proxies API requests to 5001).*
---
## π Usage Guide
1. **Prepare Reports**:
* Run **Grype** on your project and export as Excel (or use the sample generator).
* Run **Semgrep** on your source code and export as Excel.
2. **Upload**:
* Go to the Web UI.
* Drag & drop your Grype `.xlsx` and Semgrep `.xlsx` files into the respective zones.
3. **Analyze**:
* Click **"Generate Exploit Paths"**.
4. **Review Results**:
* **Chains Found**: View the list of high-risk paths.
* **Details**: Click on a chain to see the specific file, line number, and reasoning.
* **PoC**: Click "View PoC" to copy the generated Python exploit script.
* **Clean Reports**: If no vulnerabilities are found, a green success banner will appear.
---
## π Project Structure
```
exploit-chain-generator/
βββ docker-compose.yml # Container orchestration
βββ main.py # CLI Entry point (Legacy/Script mode)
βββ server.py # Flask API Backend
βββ requirements.txt # Python dependencies
βββ src/ # Core Logic
β βββ chain_builder.py # Graph & linking logic
β βββ ingestor.py # Excel parsing & normalization
β βββ scoring.py # Risk calculation engine
β βββ generate_sample_data.py # Test data generator
βββ frontend/ # React Application
β βββ src/ # UI Components
β βββ Dockerfile.frontend # Nginx container for UI
β βββ vite.config.js # Build config
βββ output/ # Generated artifacts (CLI mode)
```
---
## β οΈ Input Data format
The ingestor expects standard Excel outputs, but attempts to normalize column names.
* **Grype**: `Vulnerability ID`, `Package Name`, `Severity`, `CVSS Score`
* **Semgrep**: `Check ID`, `File Path`, `Message`, `Start Line`
*Note: If you are testing, you can generate valid dummy data by running `python src/generate_sample_data.py`.*
---
## π€ Contributing
Contributions are welcome! Please fork the repository and submit a pull request for:
* New heuristic rules in `src/chain_builder.py`.
* Support for additional scanners (Trivy, Snyk, SonarQube).
* UI enhancements.
---
## π License
This project is licensed under the MIT License.