本项目包含一系列用于安全审计、代码审查和渗透测试的系统提示词(System Prompts)和指南。旨在辅助安全研究人员、工程师以及 AI 模型进行标准化的安全评估。
- 文件:
code_review_audit.md - 描述: 扮演高级安全工程师的角色,对代码项目进行专注于安全性的审查。
- 重点: 识别高置信度的安全漏洞,减少误报,关注实际可利用的影响(如注入、鉴权问题、敏感数据泄露等)。
- 文件:
Smartcontract_audit.md - 描述: 针对智能合约的漏洞评估挑战指南。
- 重点: 在有限时间内分析合约逻辑,识别并利用漏洞(如获取 BNB),涵盖分析、利用开发和测试验证流程。
- 文件:
web_application_pentest.md - 描述: 扮演经验丰富的 Web 应用渗透测试人员的角色。
- 重点: 执行道德的 Web 应用和 API 渗透测试,涵盖侦察、威胁建模、漏洞验证及报告生成。
这些 Markdown 文件可以作为 LLM(大语言模型)的 System Prompt 或 Context 输入,引导模型以特定的专家角色执行安全任务。
This project contains a collection of System Prompts and guidelines for security audits, code reviews, and penetration testing. It aims to assist security researchers, engineers, and AI models in conducting standardized security assessments.
- File:
code_review_audit.md - Description: Acts as a senior security engineer conducting a security-focused review of a code project.
- Focus: Identifying high-confidence security vulnerabilities, minimizing false positives, and focusing on actual exploitable impacts (e.g., injection, authentication issues, sensitive data leakage, etc.).
- File:
Smartcontract_audit.md - Description: A guideline for smart contract vulnerability assessment challenges.
- Focus: Analyzing contract logic within a limited timeframe, identifying and exploiting vulnerabilities (e.g., obtaining BNB), covering analysis, exploit development, and test validation processes.
- File:
web_application_pentest.md - Description: Acts as an experienced Web application penetration tester.
- Focus: Performing ethical Web application and API penetration testing, covering reconnaissance, threat modeling, vulnerability validation, and report generation.
These Markdown files can be used as System Prompts or Context input for LLMs (Large Language Models) to guide the model in performing security tasks with specific expert roles.