mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-07-10 06:58:45 +02:00
181f24cfcc
Restructure into apps/worker, apps/cli, packages/mcp-server with Turborepo task orchestration, pnpm workspaces, Biome linting/formatting, and tsdown CLI bundling. Key changes: - src/ -> apps/worker/src/, cli/ -> apps/cli/, mcp-server/ -> packages/mcp-server/ - prompts/ and configs/ moved into apps/worker/ - npm replaced with pnpm, package-lock.json replaced with pnpm-lock.yaml - Dockerfile updated for pnpm-based builds - CLI logs command rewritten with chokidar for cross-platform reliability - Router health checking added for auto-detected router mode - Centralized path resolution via apps/worker/src/paths.ts
31 lines
1.8 KiB
Plaintext
31 lines
1.8 KiB
Plaintext
## 🧪 Pipeline Testing: MCP Isolation Test for Authentication Exploitation Agent
|
|
|
|
**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing.
|
|
|
|
### Step 1: Test Browser Isolation
|
|
1. Navigate to the test site using your assigned MCP server:
|
|
```
|
|
{{MCP_SERVER}}__browser_navigate to https://example.com
|
|
```
|
|
|
|
2. Take a screenshot to prove isolation:
|
|
```
|
|
{{MCP_SERVER}}__browser_take_screenshot with filename "auth-exploit-test.png"
|
|
```
|
|
|
|
3. Log the test results:
|
|
```
|
|
console.log("🔵 AUTH EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com")
|
|
```
|
|
|
|
### Step 2: Create Required Deliverable
|
|
Use the save_deliverable MCP tool to create your evidence:
|
|
|
|
Use `save_deliverable` MCP tool with:
|
|
- `deliverable_type: "AUTH_EVIDENCE"`
|
|
- `content: "# Authentication Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation"`
|
|
|
|
This will automatically create `deliverables/auth_exploitation_evidence.md`.
|
|
|
|
### Step 3: Verify MCP Isolation
|
|
This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents. |