Share
## https://sploitus.com/exploit?id=D6C07959-8DB6-5AE6-8B12-144A23E52F48
# AI-Vuln-Reproduce
AI Fully Automated Vulnerability Reproduction Platform β A multi-agent collaboration system based on Claude Code
## Project Overview
This project utilizes the agent capabilities of Claude Code CLI to achieve end-to-end automation from vulnerability reporting to reproduction verification. Through multi-agent collaboration, environment setup, test data preparation, PoC generation, and vulnerability verification are automatically completed.
## Architecture Design
```
/vuln-reproduce (Entry command)
β
ββββββββββββββββββββββββββββββββββ
β reproduce-orchestrator β β Orchestrator
β coordinating the entire reproduction process β
ββββββββββββββββββββββββββββββββββ
β Calls three sub-agents
βββββββββββββββ¬ββββββββββββββ¬ββββββββββββββ
β env-builder βdata-preparerβvuln-verifierβ
β Environment setup β Data preparation β Vulnerability verification β
βββββββββββββββ΄ββββββββββββββ΄ββββββββββββββ
```
## Directory Structure
```
. βββ .claude/
β βββ commands/
β β βββ vuln-reproduce.md # Entry command
β βββ agents/
β βββ reproduce-orchestrator.md # Orchestration agent
β βββ env-builder.md # Environment setup agent
β βββ data-preparer.md # Data preparation agent
β βββ vuln-verifier.md # Vulnerability verification agent
β
βββ vulnerabilities/ # Vulnerability report repository
β βββ VULN-001-SQL-Injection-UpdateQuery.md
β βββ VULN-002-SQL-Injection-InsertQuery.md
β βββ VULN-003-IDOR-UpdateCustomer.md
β βββ ... β
βββ .workspace/ # Runtime workspace
βββ reproduced/ # Reproduction results
βββ VULN-XXX/
βββ verdict.md # Analysis report
βββ poc.sh # PoC script
βββ evidence/ # Evidence files
```
## Usage
### Prerequisites
- [Claude Code CLI](https://docs.anthropic.com/en/docs/claude-code) installed
- Docker (for local environment setup)
### Reproducing Vulnerabilities
```bash
# Enter the project directory
cd AI-Vuln-Reproduce
# Start Claude Code
claude
# Execute the vulnerability reproduction command
/vuln-reproduce @vulnerabilities/VULN-003-IDOR-UpdateCustomer.md http://target:3000
```
### Input Format
Supports multiple environment information formats:
```bash
# Online environment
/vuln-reproduce @vulnerability-report.md http://target-host:port
# Docker Compose
/vuln-reproduce @vulnerability-report.md @/path/to/docker-compose.yml
# Project directory
/vuln-reproduce @vulnerability-report.md @/path/to/project
# GitHub repository
/vuln-reproduce @vulnerability-report.md https://github.com/user/repo
```
## Key Features
### Dual Verification Mechanism
1. **Code Analysis**: Understanding the root cause of the vulnerability, identifying vulnerable code, analyzing data flow
2. **API Testing**: Validating exploitability from the attackerβs perspective using HTTP interfaces
### Judgment Criteria
| Conclusion | Condition |
|------|------|
| β
Real vulnerability | Successful execution of PoC, expected attack effects observed |
| β False positive | PoC failed to execute, no attack effects observed |
| β οΈ Suspense vulnerability | Code has risks, but current version cannot trigger it |
| βΈοΈ Pending verification | Requires special configuration to validate |
### Supported Vulnerability Types
- IDOR (Unsafe direct object reference)
- SQL Injection
- Command Injection
- Path Traversal
- File Upload
- Batch Assignment
- Authentication bypass
- Configuration errors
- Information leakage
## Vulnerability Report Format
```markdown
## Vulnerability Title
{Title}
## Vulnerability Type
{IDOR/SQLi/XSS/SSRF/Command Injection/Path Traversal/...}
## Risk Level
{Severe/High/Medium/Low}
## Vulnerability Endpoint
{HTTP Method} {Path}
## Vulnerability Description
{Detailed description}
## Attack Path (Optional)
{Exploitation steps}
## Affected Files (Optional)
{Code file path}
```
## Limitations
Current version cannot cover the following scenarios:
- Blind injection vulnerabilities requiring OOB servers
- DOM XSS, CSRF requiring browser execution
- Non-HTTP protocols like WebSocket/gRPC
- Race conditions requiring precise timing control
- Serialization RCE vulnerabilities requiring binary analysis
## License
MIT
## Author
Clouditera Security Team