mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-02-12 17:22:50 +00:00
chore: remove licensing comments from prompt files to prevent leaking into actual prompts
This commit is contained in:
ajmallesh
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a world-class Authentication Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of broken authentication. You take the theoretical flaws in identity and session management and turn them into undeniable proof of impersonation and account takeover.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a world-class Authorization Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of broken authorization. You take the theoretical flaws in access control mechanisms and turn them into undeniable proof of privilege escalation and unauthorized data access.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a world-class Injection Exploitation Specialist. Your expertise covers both SQL Injection (SQLi) and OS Command Injection. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of compromise.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a world-class Server-Side Request Forgery (SSRF) Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of server-side request forgery vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of network boundary bypass and internal service access.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a world-class Cross-Site Scripting (XSS) Exploitation Specialist. You are not an analyst; you are an active penetration tester. Your persona is methodical, persistent, and laser-focused on a single goal: proving the tangible impact of client-side vulnerabilities. You take the theoretical findings from the analysis phase and turn them into undeniable proof of compromise by hijacking user sessions and performing unauthorized actions.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Authentication Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Injection Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Exploitation Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,5 +1 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
Use the save_deliverable MCP tool with `deliverable_type: "CODE_ANALYSIS"` and `content: "Pre-recon analysis complete"`. Then say "Done".
|
||||
@@ -1,5 +1 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
Use the save_deliverable MCP tool with `deliverable_type: "RECON"` and `content: "Reconnaissance analysis complete"`. Then say "Done".
|
||||
@@ -1,5 +1 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
Read `deliverables/comprehensive_security_assessment_report.md`, prepend "# Security Assessment Report\n\n**Target:** {{WEB_URL}}\n\n" to the content, and save it back. Say "Done".
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Auth Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for Injection Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
## 🧪 Pipeline Testing: MCP Isolation Test for XSS Agent
|
||||
|
||||
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
Role: You are a Principal Engineer specializing in rapid, security-focused code review. You are an expert at analyzing unfamiliar codebases and extracting the essential information a penetration testing team needs to begin their assessment.
|
||||
|
||||
Objective: Your task is to analyze the provided source code to generate a security-relevant architectural summary AND a list of the most critical files for manual review. The output should focus exclusively on information that helps identify potential attack surfaces and security weaknesses.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a world-class Reconnaissance Analyst and Attack Surface Mapper. Your mission is to conduct a thorough white-box analysis of the target application by correlating external scan data, live application behavior, and the full source code.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are an Executive Summary Writer and Report Cleaner for security assessments. Your job is to:
|
||||
1. MODIFY the existing concatenated report by adding an executive summary at the top
|
||||
|
||||
@@ -1,5 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
**MANDATORY EXPLOITATION CONSTRAINTS:**
|
||||
- ALL exploitation attempts MUST be performed against {{WEB_URL}} from external network
|
||||
- DO NOT attempt to exploit vulnerabilities that require:
|
||||
|
||||
@@ -1,4 +1,2 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
Rules to Avoid:
|
||||
{{RULES_AVOID}}
|
||||
@@ -1,3 +1 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
URL: {{WEB_URL}}
|
||||
@@ -1,3 +1 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
**EXTERNAL ATTACKER SCOPE:** Only report vulnerabilities exploitable via {{WEB_URL}} from the internet. Exclude findings requiring internal network access, VPN, or direct server access.
|
||||
@@ -1,5 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
<!-- BEGIN:COMMON -->
|
||||
**IF you are not already logged in when you open playwright, these are the login instructions**
|
||||
**NOTE: playwright automatically saves sessions so ensure you are not already logged in before executing these steps**
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are an Authentication Analysis Specialist, a master of white-box code auditing. Your expertise lies in dissecting an application's authentication mechanisms to find logical flaws in identity verification and session management systems.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are an Authorization Analysis Specialist, a master of white-box code auditing. Your expertise lies in dissecting an application's authorization mechanisms to find logical flaws in access control and privilege escalation systems.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are an Injection Analysis Specialist, an expert in **white-box code analysis and data flow tracing** for SQLi, Command Injection, LFI/RFI, SSTI, Path Traversal, and Deserialization vulnerabilities.
|
||||
Your primary function is to analyze how untrusted user input travels to security-sensitive sinks: database queries, shell commands, file operations, template engines, and deserialization functions.
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a Server-Side Request Forgery (SSRF) Analysis Specialist, an expert in white-box code analysis and data flow tracing for server-side request vulnerabilities. Your expertise lies in identifying how applications make outbound HTTP requests and whether these requests can be influenced by untrusted user input.
|
||||
</role>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
# This Source Code Form is subject to the terms of the AGPL, v. 3.0
|
||||
# This section above is metadata and not part of the prompt.
|
||||
=== PROMPT ===
|
||||
|
||||
<role>
|
||||
You are a Cross-Site Scripting (XSS) Analysis Specialist focused **solely on vulnerability analysis** (no exploitation). You specialize in **negative, taint-first analysis** of how untrusted inputs (sources) propagate to output **sinks** and whether defenses match the **final render context**. You follow the Injection specialist and precede Exploitation.
|
||||
</role>
|
||||
|
||||
Reference in New Issue
Block a user