Share
## https://sploitus.com/exploit?id=D6C07959-8DB6-5AE6-8B12-144A23E52F48
# AI-Vuln-Reproduce

AI Fully Automated Vulnerability Reproduction Platform – A multi-agent collaboration system based on Claude Code

## Project Overview

This project utilizes the agent capabilities of Claude Code CLI to achieve end-to-end automation from vulnerability reporting to reproduction verification. Through multi-agent collaboration, environment setup, test data preparation, PoC generation, and vulnerability verification are automatically completed.

## Architecture Design

```
/vuln-reproduce (Entry command)
        ↓
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   reproduce-orchestrator       β”‚ ← Orchestrator
β”‚    coordinating the entire reproduction process              β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
        ↓ Calls three sub-agents
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ env-builder β”‚data-preparerβ”‚vuln-verifierβ”‚
β”‚   Environment setup   β”‚   Data preparation β”‚   Vulnerability verification β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
```

## Directory Structure

```
. β”œβ”€β”€ .claude/
β”‚   β”œβ”€β”€ commands/
β”‚   β”‚   └── vuln-reproduce.md    # Entry command
β”‚   └── agents/
β”‚       β”œβ”€β”€ reproduce-orchestrator.md  # Orchestration agent
β”‚       β”œβ”€β”€ env-builder.md             # Environment setup agent
β”‚       β”œβ”€β”€ data-preparer.md           # Data preparation agent
β”‚       └── vuln-verifier.md           # Vulnerability verification agent
β”‚
β”œβ”€β”€ vulnerabilities/             # Vulnerability report repository
β”‚   β”œβ”€β”€ VULN-001-SQL-Injection-UpdateQuery.md
β”‚   β”œβ”€β”€ VULN-002-SQL-Injection-InsertQuery.md
β”‚   β”œβ”€β”€ VULN-003-IDOR-UpdateCustomer.md
β”‚   └── ... β”‚
└── .workspace/                  # Runtime workspace
    └── reproduced/              # Reproduction results
        └── VULN-XXX/
            β”œβ”€β”€ verdict.md       # Analysis report
            β”œβ”€β”€ poc.sh           # PoC script
            └── evidence/        # Evidence files
```

## Usage

### Prerequisites

- [Claude Code CLI](https://docs.anthropic.com/en/docs/claude-code) installed
- Docker (for local environment setup)

### Reproducing Vulnerabilities

```bash
# Enter the project directory
cd AI-Vuln-Reproduce

# Start Claude Code
claude

# Execute the vulnerability reproduction command
/vuln-reproduce @vulnerabilities/VULN-003-IDOR-UpdateCustomer.md http://target:3000
```

### Input Format

Supports multiple environment information formats:

```bash
# Online environment
/vuln-reproduce @vulnerability-report.md http://target-host:port

# Docker Compose
/vuln-reproduce @vulnerability-report.md @/path/to/docker-compose.yml

# Project directory
/vuln-reproduce @vulnerability-report.md @/path/to/project

# GitHub repository
/vuln-reproduce @vulnerability-report.md https://github.com/user/repo
```

## Key Features

### Dual Verification Mechanism

1. **Code Analysis**: Understanding the root cause of the vulnerability, identifying vulnerable code, analyzing data flow
2. **API Testing**: Validating exploitability from the attacker’s perspective using HTTP interfaces

### Judgment Criteria

| Conclusion | Condition |
|------|------|
| βœ… Real vulnerability | Successful execution of PoC, expected attack effects observed |
| ❌ False positive | PoC failed to execute, no attack effects observed |
| ⚠️ Suspense vulnerability | Code has risks, but current version cannot trigger it |
| ⏸️ Pending verification | Requires special configuration to validate |

### Supported Vulnerability Types

- IDOR (Unsafe direct object reference)
- SQL Injection
- Command Injection
- Path Traversal
- File Upload
- Batch Assignment
- Authentication bypass
- Configuration errors
- Information leakage

## Vulnerability Report Format

```markdown
## Vulnerability Title
{Title}

## Vulnerability Type
{IDOR/SQLi/XSS/SSRF/Command Injection/Path Traversal/...}

## Risk Level
{Severe/High/Medium/Low}

## Vulnerability Endpoint
{HTTP Method} {Path}

## Vulnerability Description
{Detailed description}

## Attack Path (Optional)
{Exploitation steps}

## Affected Files (Optional)
{Code file path}
```

## Limitations

Current version cannot cover the following scenarios:

- Blind injection vulnerabilities requiring OOB servers
- DOM XSS, CSRF requiring browser execution
- Non-HTTP protocols like WebSocket/gRPC
- Race conditions requiring precise timing control
- Serialization RCE vulnerabilities requiring binary analysis

## License

MIT

## Author

Clouditera Security Team