d351b14ae7
- Add professional, realistic multiline examples to all tool schemas - finish_scan: Complete pentest report with SSRF/access control findings - create_vulnerability_report: Full SSRF writeup with cloud metadata PoC - file_edit, notes, thinking: Realistic security testing examples - Remove XML terminology from system prompt and tool descriptions - All examples use real newlines (not literal \n) to demonstrate correct usage
55 lines
2.2 KiB
XML
55 lines
2.2 KiB
XML
<tools>
|
|
<tool name="think">
|
|
<description>Use the tool to think about something. It will not obtain new information or change the
|
|
database. Use it when complex reasoning or some cache memory is needed.</description>
|
|
<details>This tool creates dedicated space for structured thinking during complex tasks,
|
|
particularly useful for:
|
|
- Tool output analysis: When you need to carefully process the output of previous tool calls
|
|
- Policy-heavy environments: When you need to follow detailed guidelines and verify compliance
|
|
- Sequential decision making: When each action builds on previous ones and mistakes are costly
|
|
- Multi-step problem solving: When you need to break down complex problems into manageable steps</details>
|
|
<parameters>
|
|
<parameter name="thought" type="string" required="true">
|
|
<description>The thought or reasoning to record</description>
|
|
</parameter>
|
|
</parameters>
|
|
<returns type="Dict[str, Any]">
|
|
<description>Response containing: - success: Whether the thought was recorded successfully - message: Confirmation message with character count or error details</description>
|
|
</returns>
|
|
<examples>
|
|
# Planning and strategy
|
|
<function=think>
|
|
<parameter=thought>Analysis of the login endpoint SQL injection:
|
|
|
|
Current State:
|
|
- Confirmed SQL injection in POST /api/v1/auth/login
|
|
- Backend database is PostgreSQL 14.2
|
|
- Application user has full CRUD privileges
|
|
|
|
Exploitation Strategy:
|
|
1. First, enumerate database structure using UNION-based injection
|
|
2. Extract user table schema and credentials
|
|
3. Check for password hashing (MD5? bcrypt?)
|
|
4. Look for admin accounts and API keys
|
|
|
|
Risk Assessment:
|
|
- CVSS Base Score: 9.8 (Critical)
|
|
- Attack Vector: Network (remotely exploitable)
|
|
- Privileges Required: None
|
|
- Impact: Full database compromise
|
|
|
|
Evidence Collected:
|
|
- Error-based injection confirms PostgreSQL
|
|
- Time-based payload: admin' AND pg_sleep(5)-- caused 5s delay
|
|
- UNION injection reveals 8 columns in users table
|
|
|
|
Next Actions:
|
|
1. Write PoC exploit script in Python
|
|
2. Extract password hashes for analysis
|
|
3. Create vulnerability report with full details
|
|
4. Test if same vulnerability exists in other endpoints</parameter>
|
|
</function>
|
|
</examples>
|
|
</tool>
|
|
</tools>
|