AttackChainTool — Exploit Chains
AttackChainTool chains individual vulnerability findings into multi-step exploit chains that demonstrate full compromise paths. It builds on confirmed findings to show the true impact of chained vulnerabilities.
Actions
| Action | Purpose |
|---|---|
build | Create a chain from findings or a template |
execute | Run a chain step-by-step, passing output between steps |
list-templates | Show pre-built chain templates |
results | Get chain execution results |
Pre-built Chain Templates (7)
| Template | Chain |
|---|---|
sqli-to-admin | SQLi → Extract credentials → Admin access |
jwt-to-admin | JWT forge → Elevate privileges → Admin access |
xss-to-takeover | XSS → Session hijack → Account takeover |
upload-to-rce | File upload bypass → Web shell → Remote code execution |
flash-loan-to-drain | Flash loan → Manipulation → Drain liquidity |
reentrancy-to-treasury | Reentrant call → Bypass checks → Extract treasury funds |
proxy-upgrade-backdoor | Proxy pattern exploit → Upgrade to malicious → Persistent backdoor |
Usage
Building a chain from findings
AttackChainTool(
action="build",
findings='["finding-001", "finding-003", "finding-005"]',
target="http://target.com"
)Executing a chain
AttackChainTool(
action="execute",
chainId="chain-1777001399116",
target="http://target.com"
)Listing available templates
AttackChainTool(action="list-templates")Viewing execution results
AttackChainTool(
action="results",
chainId="chain-1777001399116"
)Chain Execution Model
Each chain step passes its output as input to the next step:
- Step 1 output (e.g., extracted credentials) → Step 2 input (authenticate as user)
- Step 2 output (e.g., admin session) → Step 3 input (access admin panel)
- Step 3 output (e.g., file upload access) → Step 4 input (deploy web shell)
Each step is validated before proceeding. If a step fails, the chain reports which step failed and why, so you can debug individual links.