中文 | English
Wuyun 是一个面向 AI 编码助手的漏洞研究 Skill 套件。它把“安全审计”拆成可复用的研究流程:先理解系统,再发现攻击面、生成假设、低影响验证、输出可修复报告。
核心目标:让 Codex/Claude 这类 Agent 在合法授权、CTF/Lab、本地代码审计、防御性评估中更像研究员,而不是只跑扫描器。
curl -fsSL https://raw.githubusercontent.com/Aimer-zero/wuyun/main/install.sh | bash -s -- --target codex重启/刷新 AI Agent 后,直接复制一个提示词:
使用 $wuyun,mode code-audit。
目标:当前本地仓库。
请先被动理解架构和信任边界,再列出攻击面、生成漏洞假设,最后只报告有证据的 confirmed/likely/speculative 结果和修复建议。
更新时重新运行安装命令即可。只安装到 Claude:
curl -fsSL https://raw.githubusercontent.com/Aimer-zero/wuyun/main/install.sh | bash -s -- --target claude固定发布版本安装(当前发布:v0.3.0):
curl -fsSL https://raw.githubusercontent.com/Aimer-zero/wuyun/main/install.sh | bash -s -- --version v0.3.0本地开发安装当前 checkout:
./install.sh --source-dir . --target codex- 会路由:
$wuyun根据任务自动选择 Web/API、云、JS 逆向、浏览器运行时、协议、认证、AI 安全、Recon、红队计划、PoC 辅助等子 skill。 - 重证据:输出区分 confirmed / likely / speculative / ruled-out,减少“扫描器式误报”。
- 低影响默认:优先本地、被动、dry-run、canary marker、合成数据和 owner-assisted 验证。
- 可落地:每个模块自带 references 和 scripts,能产出路线、wordlist、HAR 分析、OpenAPI 分析、JWT 离线审计、PoC 计划和报告模板。
- 可组合:chain mode 和 redteam-ops 能把 recon、JS、HAR、Web/API、auth、cloud 等结果合成下一步验证路线和 attack-path matrix。
- 可接入工程流:支持 skill/MCP 安全审计、供应链/CI-CD 检查、PR diff review、scanner JSON 归一、SARIF/HTML/Markdown 导出。
使用 $wuyun,对 https://example.com 进行 Web/API 审计。低影响、低频率,只输出有证据的发现。
使用 $wuyun,分析本地 /path/to/bundle.js,提取 API、WebSocket、GraphQL、签名逻辑和后续验证假设。
使用 $wuyun,chain mode,聚合 recon.json、js-surface.json、har-analysis.json,推荐下一步 skill 和安全验证路线。
使用 $wuyun-exploit-assist,把已确认的 SSTI/SQLi/反序列化线索整理成 canary-safe 最小 PoC 计划;不要生成 webshell、反弹 shell、数据导出或 WAF 绕过 payload。
使用 $wuyun-redteam-ops,mode redteam-ops。目标:一次已授权的 Web+Cloud 紫队演练。请先确认 ROE 和停止条件,再输出 attack-path matrix、安全验证步骤、紫队检测映射、检测机会和修复/复测计划;不要生成恶意代码、持久化、凭据窃取或 WAF 绕过 payload。
示例提示词保留在本文档;本地 examples/ 目录可自建但不会提交到仓库。
wuyun/ # 主 Skill:router、研究方法、chain mode、质量门禁
wuyun-web-api-audit/ # Web/API 审计:BOLA/IDOR、BFLA、注入、SSRF、上传、业务逻辑
wuyun-exploit-assist/ # Canary-safe PoC/reproducer 计划:SSTI、SQLi、反序列化、XXE/SSRF
wuyun-cloud-vuln/ # 云安全:SSRF、metadata、STS/CAM/IAM、对象存储
wuyun-js-reverse/ # 前端 JS 逆向:API 资产、签名逻辑、sourcemap、WebSocket/GraphQL
wuyun-js-deobfuscation/ # JS AST 反混淆:字符串数组、控制流、WASM、签名协议
wuyun-browser-runtime/ # 浏览器运行时:HAR/DevTools、Service Worker、CDN/WAF/风控归因
wuyun-protocol-analysis/ # 协议分析:WebSocket、GraphQL、SSE、JSON-RPC、gRPC/protobuf
wuyun-auth-audit/ # 认证授权:JWT、OAuth/OIDC、SAML、Session、Cookie、多租户权限
wuyun-ai-audit/ # AI 安全:LLM/RAG/Agent、提示注入、工具边界、输出 Sink
wuyun-recon/ # Recon:范围规划、dork、CT/subdomain、路由字典、工具导出
wuyun-evasion/ # 防御性检测健壮性:规范化差异、parser mismatch、origin exposure 计划
wuyun-redteam-ops/ # 红队/紫队计划:ROE、attack-path matrix、紫队检测映射、修复/复测闭环
wuyun-skill-security-audit/ # Skill/MCP/插件安全:prompt supply-chain、权限、敏感文件、远程执行
wuyun-supply-chain-audit/ # 供应链/CI-CD:依赖、scanner 输出归一、PR review、language packs
python3 wuyun/scripts/validate_skill.py .
python3 wuyun/scripts/run_eval.py .
python3 wuyun/scripts/benchmark_suite.py --suite all
python3 wuyun/scripts/quality_gate.py . --skip-preflight
bash -n install.shrun_eval.py 是纯离线回归套件,会覆盖核心 helper、常用 companion helper、敏感值脱敏、Cloudflare 归因和 CLI 路由。评测夹具在运行时临时生成,eval/fixtures/ 不提交到仓库。
常用 CLI:
python3 wuyun/scripts/wuyun_cli.py version --json
python3 wuyun/scripts/wuyun_cli.py playbooks
python3 wuyun/scripts/wuyun_cli.py catalog --check --json
python3 wuyun/scripts/wuyun_cli.py eval .
python3 wuyun/scripts/wuyun_cli.py audit /path/to/repo --code-only
python3 wuyun/scripts/wuyun_cli.py skill-audit /path/to/skill-or-plugin --json
python3 wuyun/scripts/wuyun_cli.py supply-chain /path/to/repo --json
python3 wuyun/scripts/wuyun_cli.py pr-review --path . --base origin/main --json --sarif wuyun-pr.sarif
python3 wuyun/scripts/wuyun_cli.py tool-output semgrep.json --tool semgrep --json
python3 wuyun/scripts/wuyun_cli.py language-pack /path/to/repo --json
python3 wuyun/scripts/wuyun_cli.py export-findings findings.json --format sarif --output findings.sarif
python3 wuyun/scripts/wuyun_cli.py benchmark --suite all
python3 wuyun/scripts/wuyun_cli.py js-reverse /path/to/dist --json
python3 wuyun/scripts/wuyun_cli.py chain recon.json js-surface.json har-analysis.json
python3 wuyun/scripts/wuyun_cli.py cloudflare -- --har capture.har
python3 wuyun/scripts/wuyun_cli.py ssti-probes --engine all
python3 wuyun/scripts/wuyun_cli.py redteam-plan --profile web --profile cloud --asset api.example.invalid --json
python3 wuyun/scripts/wuyun_cli.py attack-matrix recon.json js-surface.json audit.json --json
python3 wuyun/scripts/wuyun_cli.py purple-map attack-matrix.json --owner security --json- 本地源码 / 配置安全审计
- Web / API 在线安全测试和生产安全复核
- 前端 JS 逆向、反混淆、签名协议分析
- 浏览器运行时复现、HAR 证据分析
- 跨模块发现聚合、chain mode 下一步路线规划
- 已授权红队 / 紫队演练的 ROE、attack-path matrix、紫队检测映射、检测机会和修复闭环
- 第三方 Skill / MCP / 插件 / AGENTS.md 安全审计
- 供应链、依赖、CI/CD、PR diff 安全审计和 scanner 输出归一
- WAF/CDN/AI 策略的防御性检测健壮性评估
- JWT / OAuth / SAML / 多租户权限专项
- LLM / RAG / Agent 安全评估
- 云安全分析、SSRF、临时凭证影响判断
- CTF / 靶场 / 实验环境
- 已确认线索的 canary-safe PoC/reproducer 计划
- 违法、违规或超出授权范围的测试
- 公网批量扫描、大规模探测、高频 fuzz
- 未经授权的主动 payload 投递或业务数据访问
- Webshell、反弹 shell、持久化、恶意程序、破坏性 payload
- WAF 绕过 payload 包、请求指纹伪装、CAPTCHA 自动化、代理轮换、AI 内容过滤绕过变体库
- 获取、保留或输出无关用户数据、密钥、Token、数据库内容
MIT License. See LICENSE.
中文 | English
Wuyun is a vulnerability-research skill suite for AI coding agents. It turns “security review” into reusable workflows: understand the system, map attack surface, form hypotheses, validate with low impact, and report remediation-focused findings.
Its goal is to make Codex/Claude behave more like a careful researcher than a scanner for authorized assessments, CTF/lab work, local code audits, and defensive security reviews.
curl -fsSL https://raw.githubusercontent.com/Aimer-zero/wuyun/main/install.sh | bash -s -- --target codexRestart/reload your AI agent, then paste:
Use $wuyun, mode code-audit.
Target: the current local repository.
Please passively understand architecture and trust boundaries first, then map attack surface, generate vulnerability hypotheses, and report only confirmed/likely/speculative findings with evidence and remediation.
Rerun the installer to update. Install only for Claude:
curl -fsSL https://raw.githubusercontent.com/Aimer-zero/wuyun/main/install.sh | bash -s -- --target claudeInstall a fixed release (current release: v0.3.0):
curl -fsSL https://raw.githubusercontent.com/Aimer-zero/wuyun/main/install.sh | bash -s -- --version v0.3.0Install from a local checkout:
./install.sh --source-dir . --target codex- Routing:
$wuyunselects the right companion skill for Web/API, cloud, JS reverse, browser runtime, protocol, auth, AI security, recon, red-team planning, and PoC assistance. - Evidence-first: outputs separate confirmed / likely / speculative / ruled-out items to reduce scanner-style false positives.
- Low-impact by default: prefers local/passive/dry-run workflows, canary markers, synthetic data, and owner-assisted validation.
- Practical: bundled references and scripts produce plans, wordlists, HAR analysis, OpenAPI review, JWT offline audit, PoC plans, and report templates.
- Composable: chain mode and redteam-ops combine recon, JS, HAR, Web/API, auth, and cloud outputs into safe validation paths and attack-path matrices.
- Engineering-friendly: skill/MCP security audit, supply-chain/CI-CD review, PR diff review, scanner JSON normalization, and SARIF/HTML/Markdown export.
Use $wuyun to audit https://example.com for Web/API vulnerabilities. Keep testing low-impact and low-rate; report only evidence-backed findings.
Use $wuyun to analyze /path/to/bundle.js and extract APIs, WebSockets, GraphQL, signing logic, and follow-up validation hypotheses.
Use $wuyun, chain mode, to combine recon.json, js-surface.json, and har-analysis.json into next-skill recommendations and safe validation steps.
Use $wuyun-exploit-assist to turn a confirmed SSTI/SQLi/deserialization lead into a canary-safe minimal PoC plan; do not generate webshells, reverse shells, data-dumping, or WAF-bypass payloads.
Use $wuyun-redteam-ops, mode redteam-ops, for an authorized Web+Cloud purple-team exercise. Confirm ROE and stop conditions first, then produce an attack-path matrix, safe validation steps, purple-team detection mapping, detection opportunities, and remediation/retest plan without malware, persistence, credential theft, or WAF-bypass payloads.
Reusable prompt examples are kept in this README; local examples/ directories may be created but are not committed.
wuyun/ # Main skill: router, research method, chain mode, quality gates
wuyun-web-api-audit/ # Web/API audit: BOLA/IDOR, BFLA, injection, SSRF, upload, business logic
wuyun-exploit-assist/ # Canary-safe PoC/reproducer planning: SSTI, SQLi, deserialization, XXE/SSRF
wuyun-cloud-vuln/ # Cloud security: SSRF, metadata, STS/CAM/IAM, object storage
wuyun-js-reverse/ # Frontend JS reverse: API assets, signatures, sourcemaps, WebSocket/GraphQL
wuyun-js-deobfuscation/ # JS AST deobfuscation: string arrays, control flow, WASM, signing protocols
wuyun-browser-runtime/ # Browser runtime: HAR/DevTools, Service Worker, CDN/WAF/risk-control attribution
wuyun-protocol-analysis/ # Protocol analysis: WebSocket, GraphQL, SSE, JSON-RPC, gRPC/protobuf
wuyun-auth-audit/ # Auth: JWT, OAuth/OIDC, SAML, session, cookie, tenant authorization
wuyun-ai-audit/ # AI security: LLM/RAG/Agent, prompt injection, tool boundaries, output sinks
wuyun-recon/ # Recon: scoped plans, dorks, CT/subdomains, route wordlists, tool artifacts
wuyun-evasion/ # Defensive detection resilience: canonicalization, parser mismatch, origin exposure plans
wuyun-redteam-ops/ # Red/purple-team planning: ROE, attack paths, purple-team mapping, remediation/retest loop
wuyun-skill-security-audit/ # Skill/MCP/plugin security: prompt supply chain, permissions, sensitive files
wuyun-supply-chain-audit/ # Supply chain/CI-CD: dependencies, scanner adapters, PR review, language packs
python3 wuyun/scripts/validate_skill.py .
python3 wuyun/scripts/run_eval.py .
python3 wuyun/scripts/benchmark_suite.py --suite all
python3 wuyun/scripts/quality_gate.py . --skip-preflight
bash -n install.shrun_eval.py is a local-only regression suite covering core helpers, common companion helpers, redaction guarantees, Cloudflare attribution, and CLI routing. Eval fixtures are generated at runtime; eval/fixtures/ is not committed.
Useful CLI commands:
python3 wuyun/scripts/wuyun_cli.py version --json
python3 wuyun/scripts/wuyun_cli.py playbooks
python3 wuyun/scripts/wuyun_cli.py catalog --check --json
python3 wuyun/scripts/wuyun_cli.py eval .
python3 wuyun/scripts/wuyun_cli.py audit /path/to/repo --code-only
python3 wuyun/scripts/wuyun_cli.py skill-audit /path/to/skill-or-plugin --json
python3 wuyun/scripts/wuyun_cli.py supply-chain /path/to/repo --json
python3 wuyun/scripts/wuyun_cli.py pr-review --path . --base origin/main --json --sarif wuyun-pr.sarif
python3 wuyun/scripts/wuyun_cli.py tool-output semgrep.json --tool semgrep --json
python3 wuyun/scripts/wuyun_cli.py language-pack /path/to/repo --json
python3 wuyun/scripts/wuyun_cli.py export-findings findings.json --format sarif --output findings.sarif
python3 wuyun/scripts/wuyun_cli.py benchmark --suite all
python3 wuyun/scripts/wuyun_cli.py js-reverse /path/to/dist --json
python3 wuyun/scripts/wuyun_cli.py chain recon.json js-surface.json har-analysis.json
python3 wuyun/scripts/wuyun_cli.py cloudflare -- --har capture.har
python3 wuyun/scripts/wuyun_cli.py ssti-probes --engine all
python3 wuyun/scripts/wuyun_cli.py redteam-plan --profile web --profile cloud --asset api.example.invalid --json
python3 wuyun/scripts/wuyun_cli.py attack-matrix recon.json js-surface.json audit.json --json
python3 wuyun/scripts/wuyun_cli.py purple-map attack-matrix.json --owner security --json- Local source/config security review
- Online Web/API testing and production-safe review
- Frontend JS reverse engineering, deobfuscation, and signing protocol analysis
- Browser runtime reproduction and HAR evidence analysis
- Cross-module finding synthesis and chain-mode next-step planning
- Authorized red-team/purple-team ROE, attack-path matrixing, purple-team detection mapping, and remediation loop
- Third-party Skill / MCP / plugin / AGENTS.md security review
- Supply-chain, dependency, CI/CD, PR diff review, and scanner-output normalization
- Defensive WAF/CDN/AI-policy detection-resilience assessment
- JWT/OAuth/SAML/session/tenant authorization review
- LLM/RAG/agent security assessment
- Cloud security analysis, SSRF, and temporary credential impact triage
- CTF/lab/sandbox research
- Canary-safe PoC/reproducer planning for identified leads
- Illegal, abusive, or out-of-scope testing
- Internet-wide scanning, mass probing, or high-volume fuzzing
- Unauthorized active payload delivery or business-data access
- Webshells, reverse shells, persistence, malware, or destructive payloads
- WAF-bypass payload packs, request fingerprint spoofing, CAPTCHA automation, proxy rotation, or AI filter bypass variants
- Collecting, retaining, or outputting unrelated user data, secrets, tokens, or database contents
MIT License. See LICENSE.