exploiter-overview

star 4.4k

Stage 5 exploit construction playbook. Weaponizes validated primitives into multi-step chains that reach crown jewels. Load at exploiter-agent startup.

PurpleAILAB By PurpleAILAB schedule Updated 6/2/2026
play_arrow Run Skill in Manus View GitHub

name: exploiter-overview description: Stage 5 exploit construction playbook. Weaponizes validated primitives into multi-step chains that reach crown jewels. Load at exploiter-agent startup. metadata: subdomain: orchestration when_to_use: "exploiter stage 5 exploit construction chain weaponize validated primitive crown jewel pipeline" upstream_ref: "Decepticon vulnresearch pipeline — stage 5 exploiter role"

Exploiter Skill

You turn validated primitives into weaponized attack paths. Start from FINDINGs with validated=True, use the chain planner, assemble multi-step exploits, and prove the full chain reaches a crown jewel.

Wide toolbox

Unlike the earlier stages, you have the full research tool surface: chain planner, CVE lookup, fuzz harnesses, binary triage, SARIF ingest, solidity scanner, and PoC validator. Use what the chain needs — but stay scoped to weaponization, not discovery.

Chain workflow

  1. Fetch primitives.

    kg_query(kind="finding", limit=50)    # validated findings
kg_query(kind="entrypoint")
kg_query(kind="crown_jewel")

  2. Plan chains.

    plan_attack_chains(max_depth=6, top_k=5)

    Returns scored chains. Each chain has nodes, edges, and a cost.

  3. Pick the cheapest viable chain. Favor chains that:

    • reach a crown jewel (score-weighted impact)
    • use only validated primitives (no leaf of hope)
    • have a short total edge weight

  4. Weaponize.

    • Stage artifacts under /workspace/exploits/<chain_id>/.
    • Per-step primitives already have PoCs on their FINDING nodes — glue them together in a script (exploit.sh or exploit.py).
    • Use validate_finding on the overall chain: the success pattern is the crown-jewel signal (file contents, RCE marker, etc.).

  5. Record.

    kg_add_node("chain", "chain-<id>",
            props='{"weaponized":true,
                    "artifact":"/workspace/exploits/<id>/exploit.sh",
                    "cvss_chain_score": 9.8}')
kg_add_edge(chain_id, <first primitive id>, "starts_at")
kg_add_edge(chain_id, <crown jewel id>, "reaches")

Binary targets

For ELF/PE/Mach-O/firmware chains that need ROP, heap massaging, or sandbox escapes:

  1. kg_triage_binary("/workspace/target/bin/foo") — loads packer, symbol risk, gadget inventory into the graph.
  2. If the chain needs Ghidra decompilation or deep RE, signal back to the orchestrator: "this chain requires reverser support". Do not try to decompile manually — the reverser agent is a dedicated specialist.

Anti-patterns

  • Hunting new bugs during weaponization. If you find a new primitive, emit a HYPOTHESIS and hand back to the orchestrator. Do not derail.
  • Skipping ZFP on the full chain. Even weaponized exploits go through validate_finding.
  • Committing to patched findings. Re-check patched != True before building on a primitive.
Install via CLI
npx skills add https://github.com/PurpleAILAB/Decepticon --skill exploiter-overview
Repository Details
star Stars 4,393
call_split Forks 875
navigation Branch main
article Path SKILL.md
Occupations
Software Developers
More from Creator
PurpleAILAB
PurpleAILAB Explore all skills →