WooYun Vulnerability Analysis

Goal

Use the WooYun case library to classify a suspected vulnerability, derive root-cause hypotheses, and shape focused test or remediation guidance.

Guardrails

• Use only for authorized security analysis.
• Prefer evidence-backed hypotheses over speculation.
• Separate reproduction guidance from remediation guidance.

Workflow (short)

1. Classify the issue type (e.g., SQLi, XSS, logic, authz).
2. Load the matching knowledge file or category set.
3. Map observed behavior to known patterns and bypasses.
4. Produce: test plan, impact assessment, and remediation notes.

References (load when needed)

• vuln-analysis-expert/knowledge/: deep guides by vulnerability type.
• vuln-analysis-expert/categories/: full case extracts (large).
• vuln-analysis-expert/examples/: sample analyses.
• vuln-analysis-expert/PROGRESS.md: extraction status and coverage.