Skills

Exploit Development & Payload Engineering

Installation
SKILL.md

💥 Exploit Development & Payload Engineering

Overview

This skill enables Claude to assist security professionals with authorized exploit development, proof-of-concept creation, payload engineering, and vulnerability exploitation research. All activities must be performed within authorized scope and legal boundaries.

⚠️ CRITICAL: This skill is intended for authorized penetration testing, vulnerability research, and educational purposes ONLY. Unauthorized use is illegal. Always obtain written authorization before developing or using exploits.

Prerequisites

Required

  • Python 3.8+
  • pwntools, struct, socket

Optional

  • pwntools — Binary exploitation framework
  • msfvenom — Payload generation (Metasploit)
  • ROPgadget — ROP chain discovery
  • GDB with PEDA/GEF — Debugging exploitation
pip install pwntools keystone-engine capstone

Core Capabilities

1. Proof-of-Concept (PoC) Development

Claude can help develop PoCs for known vulnerabilities:

When the user asks to create a PoC:

  1. Research the CVE or vulnerability details (description, affected versions, attack vector)
  2. Identify the vulnerability class (buffer overflow, injection, deserialization, etc.)
  3. Determine the exploitation path and prerequisites
  4. Write a structured PoC script with clear documentation
  5. Include safety checks and authorization warnings
  6. Add usage instructions and expected output
  7. Document remediation steps alongside the exploit

PoC Structure Template:

#!/usr/bin/env python3
"""
PoC for CVE-YYYY-XXXX: [Vulnerability Title]
Affected: [Software] [Versions]
Type: [Vulnerability Class]
CVSS: [Score]

DISCLAIMER: For authorized security testing only.
"""

import argparse
import sys

def check_vulnerable(target):
    """Check if target is vulnerable without exploitation."""
    pass

def exploit(target, payload):
    """Execute the exploitation chain."""
    pass

def main():
    parser = argparse.ArgumentParser(description="PoC for CVE-YYYY-XXXX")
    parser.add_argument("--target", required=True)
    parser.add_argument("--check-only", action="store_true")
    args = parser.parse_args()

    if args.check_only:
        check_vulnerable(args.target)
    else:
        exploit(args.target, payload=None)

if __name__ == "__main__":
    main()

2. Payload Generation

Claude can help craft payloads for various scenarios:

When the user asks to generate payloads:

  1. Determine the target architecture (x86, x64, ARM, MIPS)
  2. Identify the target OS (Linux, Windows, macOS)
  3. Select the payload type (reverse shell, bind shell, meterpreter, custom)
  4. Apply encoding/evasion if needed (XOR, base64, polymorphic)
  5. Test for null bytes and bad characters
  6. Generate in appropriate format (raw, C, Python, hex)
  7. Document usage and connection details

Supported Payload Types:

Type Description
Reverse Shell Connect back to attacker
Bind Shell Listen on target port
Staged Small stager + full payload
Stageless Self-contained payload
Web Shell PHP/JSP/ASPX shells
Command Execution Execute single commands

3. Buffer Overflow Exploitation

Claude can guide through buffer overflow exploitation:

When the user asks about buffer overflows:

  1. Identify the vulnerable function and input vector
  2. Calculate buffer size and offset to EIP/RIP
  3. Identify bad characters through fuzzing
  4. Locate usable gadgets (JMP ESP, ROP gadgets)
  5. Generate appropriate shellcode or ROP chain
  6. Construct the exploit payload
  7. Handle ASLR, DEP, and stack canary bypasses

4. Web Exploitation Payloads

Claude can create web-focused exploitation payloads:

When the user asks for web exploit payloads:

  1. SQL Injection payloads (Union, Blind, Time-based, Error-based)
  2. XSS payloads (Reflected, Stored, DOM-based)
  3. SSRF payloads with protocol handlers
  4. Template injection payloads (SSTI)
  5. Command injection payloads with filter bypasses
  6. Deserialization exploit chains
  7. Path traversal sequences

5. Evasion Techniques

Claude can apply evasion techniques to payloads:

When the user asks about evasion:

  1. AV/EDR evasion through encoding and obfuscation
  2. WAF bypass techniques for web payloads
  3. Network-level evasion (fragmentation, tunneling)
  4. Process injection techniques
  5. Living-off-the-land (LOLBins) techniques
  6. Encrypted/encoded payload delivery

Usage Instructions

Example Prompts

> Help me develop a PoC for CVE-2024-XXXX (I have written authorization)
> Generate a Python reverse shell payload for Linux x64
> Walk me through exploiting a stack buffer overflow step by step
> Create SQL injection payloads for a MySQL backend with WAF bypass
> Help me understand ROP chain construction for this binary

Script Reference

payload_generator.py

python scripts/payload_generator.py --type reverse_shell --os linux --arch x64 --lhost 10.0.0.1 --lport 4444
python scripts/payload_generator.py --type bind_shell --os windows --arch x86 --port 4444
python scripts/payload_generator.py --list-types

poc_template.py

python scripts/poc_template.py --cve CVE-2024-XXXX --output poc_cve2024xxxx.py

Integration Guide

Chaining with Other Skills

  • ← Vulnerability Scanner (02): Receive confirmed vulnerabilities for PoC development
  • ← Reverse Engineering (04): Use binary analysis results to identify exploit targets
  • → Red Team Operations (14): Deliver exploits within red team engagement context
  • → Blue Team Defense (15): Generate detection signatures from developed exploits

References

Related skills

More from masriyan/claude-code-cybersecurity-skill

Installs
Repository
masriyan/claude…ty-skill
GitHub Stars
15
First Seen