Vuln Chain Composer
Multi-step exploit chain composition from correlated vulnerability findings.
What It Does
Imports vulnerability findings from multiple tools (nuclei, ZAP, custom testers), correlates related vulns across domains, builds multi-step exploit chains, calculates composite CVSS impact scores using chained exploitability metrics, and generates end-to-end proof-of-concept scripts and bug-bounty-ready reports.
Scripts
| Script | Description |
|---|---|
import_findings | Findings ingestion — parses JSON/XML from nuclei, ZAP, Burp, and AllySec scanners |
correlate | Cross-finding correlation — links vulns by asset, parameter, endpoint, and attack surface |
build_chains | Chain construction — maps vulnerability prerequisites to outcomes, builds DAGs |
calculate_impact | Composite CVSS calculation — combines scores across chain steps with exploitability |
generate_chain_poc | Chain PoC generation — end-to-end exploit from entry point to critical impact |
generate_report | Structured chain report — bug bounty format, timeline visualization, remediation path |
When to Use
Use after multiple vulnerability scans have completed and you have findings to correlate. Feed findings from webapp-exploit-hunter, api-breaker, and cloud-pivot-finder into import_findings, then correlate and build_chains.
Usage
RedTeamScript(skill="vuln-chain-composer", script="import_findings", args="--input nuclei-results.json,zap-results.json --output findings-corpus.json")