Share
## https://sploitus.com/exploit?id=8FA3B0FD-36D1-53CD-924A-93BDDF018437
# AAA CVE-2024-32964 SSRF Assessment
Agentified Agent Assessment (AAA) for CVE-2024-32964 SSRF vulnerability in LobeChat, built on Google's A2A protocol.
## Supports
- **A2A Protocol**: Agent-to-Agent communication via JSON-RPC 2.0 over HTTP
- **AAA Pattern**: Assessor (Green Agent) and Assessee (White Agent) architecture
- **Docker Integration**: Automated target environment setup and teardown
- **LLM Evaluation**: Automated assessment of exploitation results
## Setup
```bash
# Install dependencies
pip install -e .
# Configure API key
cp .env.example .env
# Edit .env with your OPENAI_API_KEY
```
## Usage
### Full Evaluation (Recommended)
```bash
python main.py launch --task-id task-cve-2024-32964-ssrf
```
This runs the complete A2A evaluation:
1. Starts Green Agent (port 9001) and White Agent (port 9002)
2. Green Agent sets up Docker environment
3. Green Agent sends task to White Agent via A2A
4. White Agent executes SSRF exploit
5. Green Agent evaluates results with LLM
6. Cleanup and report
### Individual Components
```bash
# Start Green Agent only (Assessor)
python main.py green --port 9001
# Start White Agent only (Assessee)
python main.py white --port 9002
# Docker environment management
python main.py docker-up --task-id cve-2024-32964-ssrf
python main.py docker-down --task-id cve-2024-32964-ssrf
```
## Output
Results are printed to stdout. To save:
```bash
python main.py launch 2>&1 | tee evaluation_output.txt
```
Example output:
```
=== Assessment Results ===
โ
Success: True
Score: 100/100
Time: 10.03s
```