training.extract_from_writeup
Extract training patterns from bug bounty writeups to identify vulnerability types and improve security testing methodologies.
Instructions
Extract training patterns from bug bounty writeup text
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| writeupText | Yes | Bug bounty writeup text | |
| vulnerabilityType | Yes | Type of vulnerability | |
| source | No | Source of writeup | custom |
Implementation Reference
- src/tools/training_extractor.ts:312-391 (handler)The main execution logic for the 'training.extract_from_writeup' tool. Parses writeup text to extract target patterns, payloads, success/failure indicators, calculates severity score, saves to database via saveTrainingData, and returns formatted result.async (params: any): Promise<ToolResult> => { try { const text = params.writeupText.toLowerCase(); const vulnType = params.vulnerabilityType; // Extract URLs/endpoints const urlPattern = /https?:\/\/[^\s"<>]+/gi; const urls = text.match(urlPattern) || []; const targetPattern = urls[0]?.split('?')[0] || ''; // Extract payloads const payloadPatterns = [ /payload[:\s]+([^\n]+)/gi, /exploit[:\s]+([^\n]+)/gi, /<script[^>]*>([^<]+)<\/script>/gi, /'[^']*'/g, /"[^"]*"/g, ]; let payloadPattern = ''; for (const pattern of payloadPatterns) { const matches = text.match(pattern); if (matches && matches.length > 0) { payloadPattern = matches[0].substring(0, 100); break; } } // Extract success indicators const successPatterns = [ /success|vulnerable|exploited|confirmed|poc|proof of concept/gi, /alert\(|xss|injection|bypass/gi, ]; let successPattern = 'success|vulnerable|exploited'; for (const pattern of successPatterns) { if (pattern.test(text)) { successPattern = pattern.source.replace(/[\\^$.*+?()[\]{}|]/g, ''); break; } } // Extract failure indicators const failurePattern = 'error|blocked|filtered|sanitized'; // Calculate score based on keywords let score = 5; if (text.includes('critical') || text.includes('rce') || text.includes('takeover')) { score = 10; } else if (text.includes('high') || text.includes('sql injection') || text.includes('auth bypass')) { score = 9; } else if (text.includes('xss') || text.includes('csrf')) { score = 7; } const id = await saveTrainingData( params.source || 'custom', `writeup-${Date.now()}`, vulnType, targetPattern, payloadPattern, successPattern, failurePattern, { extractedFrom: 'writeup', originalText: params.writeupText.substring(0, 500) }, score ); return formatToolResult(true, { id, extracted: { targetPattern, payloadPattern, successPattern, failurePattern, score, }, }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
- Input schema defining parameters for the tool: writeupText (required string), vulnerabilityType (required string), source (optional string).inputSchema: { type: 'object', properties: { writeupText: { type: 'string', description: 'Bug bounty writeup text' }, vulnerabilityType: { type: 'string', description: 'Type of vulnerability' }, source: { type: 'string', description: 'Source of writeup', default: 'custom' }, }, required: ['writeupText', 'vulnerabilityType'], },
- src/tools/training_extractor.ts:298-311 (registration)Direct registration of the 'training.extract_from_writeup' tool on the MCP server, specifying name, description, input schema, and handler reference.server.tool( 'training.extract_from_writeup', { description: 'Extract training patterns from bug bounty writeup text', inputSchema: { type: 'object', properties: { writeupText: { type: 'string', description: 'Bug bounty writeup text' }, vulnerabilityType: { type: 'string', description: 'Type of vulnerability' }, source: { type: 'string', description: 'Source of writeup', default: 'custom' }, }, required: ['writeupText', 'vulnerabilityType'], }, },
- src/index.ts:48-48 (registration)Top-level invocation of registerTrainingExtractorTools on the main server instance, which registers the 'training.extract_from_writeup' tool among other training extractor tools.registerTrainingExtractorTools(server);