cve-poc-generator
CVE PoC Generator
Research a CVE by ID, generate a standalone Python proof-of-concept script, and produce a detailed vulnerability report.
Workflow
- NVD Lookup - Query NVD API v2.0 for the CVE ID. Extract CVSS v3.1 score/vector, CWE IDs, CPE matches, advisory URLs, and patch links.
- Advisory Research - Deep-dive vendor advisories, GitHub security advisories, Exploit-DB, and published write-ups. Identify root cause, affected versions, and attack vector details.
- PoC Generation - Write a standalone Python script (
poc.py) that demonstrates the vulnerability safely. Follow the script standards inreference/poc-methodology.md. - Report Generation - Write a comprehensive markdown report (
report.md) with metadata, root cause analysis, risk assessment, and remediation guidance.
NVD Data to Collect
| Field | Source | Usage |
|---|---|---|
| CVE ID | NVD | Primary identifier |
| CVSS v3.1 Score + Vector | NVD | Risk scoring |
| CWE ID(s) | NVD | Vulnerability classification |
| CPE Matches | NVD | Affected products and versions |
| Advisory URLs | NVD references | Research sources |
| Patch Links | NVD references / vendor | Remediation guidance |
| Description | NVD | Vulnerability summary |
| Published / Modified dates | NVD | Timeline |
Output
{OUTPUT_DIR}/
artifacts/cve-pocs/CVE-XXXX-XXXXX/
poc.py # Standalone Python PoC script
reports/cve-pocs/CVE-XXXX-XXXXX/
report.md # Detailed vulnerability report
Invocation
/cve-poc-generator CVE-2024-XXXXX
The skill accepts a single CVE ID as argument. Multiple CVEs should be processed with separate invocations.
Rules
- Least harm - PoC scripts MUST demonstrate vulnerability without causing damage. Use detection/verification checks, not destructive payloads.
- Standalone scripts - PoC must run independently with only standard Python libraries plus
requests. No framework dependencies. - Accurate scoring - Use the exact CVSS score and vector from NVD. Do not fabricate or estimate scores.
- Source attribution - Every claim in the report must cite its source (NVD, vendor advisory, CVE description).
- No emoji - Use text severity labels only (CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL).
- Verified data only - Do not hallucinate CVE details. If NVD data is unavailable, state it explicitly.
- Safe defaults - PoC scripts must default to read-only, non-destructive operations. Any potentially harmful action requires explicit
--confirmflag.
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
50reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
40ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
38osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
37social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
37source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
35