Share
## https://sploitus.com/exploit?id=D04F16C7-2751-571F-B789-A6E5B1B2634B
# Vuln-Poc-Research Skill

## Chinese

`vuln-poc-research` is a global Codex skill designed for vulnerability intelligence work. It offers a reusable workflow and source list for enriching vulnerability knowledge bases, verifying public PoC/EXP evidence, matching CVE/CNVD/CNNVD identifiers, and replacing login-gated PoC references with public alternatives. This skill is suitable for the following tasks:

- Searching for public vulnerabilities, PoCs, exploits, reproduction steps, and detection templates.
- Enriching Excel/CSV vulnerability lists with Chinese descriptions, affected products, disclosure dates, PoC URLs, and evidence.
- Mapping local vulnerability databases to sources like Exploit-DB, GitHub PoC repositories, nuclei templates, and Chinese PoC repositories.
- Identifying CVE, CNVD, CNNVD, Exploit-DB IDs, and CISA KEV identifiers.
- Finding alternative sources when sites like ddpoc, Seebug, or ThreatBook require login, verification codes, or hidden PoCs.

## Structure

```
. β”œβ”€β”€ SKILL.md
β”œβ”€β”€ README.md
β”œβ”€β”€ LICENSE
β”œβ”€β”€ SECURITY.md
β”œβ”€β”€ CONTRIBUTING.md
β”œβ”€β”€ CHANGELOG.md
β”œβ”€β”€ agents/
β”‚   └── openai.yaml
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ INSTALL.md
β”‚   └── MAINTENANCE.md
β”œβ”€β”€ references/
β”‚   └── poc_sources.md
└── scripts/
    β”œβ”€β”€ fetch_exploitdb_csv.py
    └── refresh_github_sources.py
```

## Installation

Install the skill into the Codex global skills directory:

```bash
mkdir -p ~/.codex/skills/vuln-poc-research
rsync -av --delete ./ ~/.codex/skills/vuln-poc-research/
```

After installation, in new Codex sessions, when tasks involve vulnerability information retrieval, PoC/EXP verification, vulnerability knowledge base enrichment, or identifier matching, the skill will be loaded based on the conditions defined in `SKILL.md`.

## Usage

Trigger the skill using natural language commands, such as:

```text
Help me verify whether these vulnerabilities have corresponding CVE/CNVD/CNNVD identifiers, and add public PoC URLs.
```

```text
The PoCs on ddpoc require login. Help me find alternative PoCs from GitHub, Exploit-DB, Packet Storm, or other public sources.
```

```text
Compare this vulnerability list with Exploit-DB, nuclei-templates, Awesome-POC.
```

## Core Workflow

1. Extract target details: product, vendor, interface path, vulnerability type, year, and identifier.
2. Local deduplication: Compare with existing lists, knowledge bases, identifiers, and source URLs.
3. Hierarchical retrieval: First search structured high-confidence sources, then Chinese PoC repositories, and finally supplementary sources.
4. Identifier verification: Prioritize official sources like CVE/NVD/CVEProject, CNVD, CNNVD; indicate restrictions when encountering verification codes.
5. Alternative sources for login-gated sites: Continue searching for public sources based on interface paths, function names, product models, and title fragments.
6. Evidence recording: Retain source URLs, only retain necessary fragments of PoC content, and remove sensitive values like real IPs, domain names, sessions, and keys.

## Supporting Scripts

**Validate repository structure:**

```bash
python3 scripts/validate_skill.py
```

**Refresh Exploit-DB CSV:**

```bash
python3 scripts/fetch_exploitdb_csv.py ./data
```

**Refresh GitHub PoC statistics:**

```bash
python3 scripts/refresh_github_sources.py ./data/github_poc_sources_stats.json
```

These scripts are used solely for public data statistics and indexing and do not execute any PoCs.

## Security Guidelines

- Do not execute unknown PoCs, exploits, detection templates, or malicious samples.
- Do not save real target addresses, login status, cookies, tokens, private keys, or passwords.
- Mask sensitive information in output PoCs using placeholders like β€œ___”.
- Prioritize merging vulnerabilities that already have CVE/CNVD/CNNVD identifiers; avoid adding duplicates as β€œunlisted vulnerabilities”.
- Use this skill exclusively for authorized security research, vulnerability knowledge base development, and defensive analysis.

- Matching local vulnerability records against Exploit-DB, GitHub PoC repositories, nuclei templates, and Chinese PoC collections.  
- Validating CVE, CNVD, CNNVD, Exploit-DB IDs, CISA KEV, and other identifiers.  
- Finding public alternatives when sources like ddpoc, Seebug, ThreatBook, or similar sources hide PoC content behind login or captcha.  

## Installation  
Install into the global Codex skills directory:  
```bash
mkdir -p ~/.codex/skills/vuln-poc-research  
rsync -av --delete ./~/.codex/skills/vuln-poc-research/  
```  
After installation, new Codex sessions can load the skill whenever a task involves vulnerability research, PoC validation, vulnerability spreadsheet enrichment, or identifier matching.  

## Usage  
Trigger it naturally:  
```bash
Verify whether these vulnerabilities have CVE/CNVD/CNNVD IDs and add public PoC URLs.  
```  
The ddpoc page requires login. Find an equivalent public PoC from GitHub, Exploit-DB, Packet Storm, or another public source.  
```  
Match this vulnerability list against Exploit-DB, nuclei-templates, and Awesome-POC.  
```  

## Workflow  
1. Extract target details: product, vendor, endpoint, vulnerability type, year, and known IDs.  
2. Deduplicate locally against existing spreadsheets, knowledge bases, identifiers, and source URLs.  
3. Search in tiers: structured high-signal sources first, Chinese PoC repositories second, supplemental sources last.  
4. Validate identifiers against official CVE/NVD/CVEProject, CNVD, and CNNVD sources when accessible.  
5. Replace login-gated sources by searching endpoint paths, function names, product models, title fragments, and internal IDs.  
6. Record evidence with source URLs and sanitized PoC snippets.  

## Helper Scripts  
Validate the package structure:  
```bash
python3 scripts/validate_skill.py  
```  
Fetch the official Exploit-DB CSV:  
```bash
python3 scripts/fetch_exploitdb_csv.py ./data  
```  
Refresh GitHub PoC source statistics:  
```bash
python3 scripts/refresh_github_sources.py ./data/github_poc_sources_stats.json  
```  
These scripts support indexing and statistics only. They do not execute PoCs.  

## Safety  
- Do not execute unknown PoCs, exploits, templates, or samples.  
- Do not store real target addresses, sessions, cookies, tokens, private keys, or passwords.  
- Sanitize PoC snippets with placeholders such as ``, ``, and ``.  
- Prefer merging vulnerabilities that already have CVE/CNVD/CNNVD identifiers instead of adding duplicates.  
- Use only for authorized security research, vulnerability knowledge-base work, and defensive analysis.