Forge Exploits

Exploits execute an action or harness other tools to perform a workflow.

User View

What exploits are

An exploit module does work.

• It runs a workflow rather than just producing payload text.
• It may drive browsers, external tooling, or environment-specific logic.
• It can depend on additional Python or system packages.

In practical terms:

• Generators create payload content.
• Exploits perform execution workflows or orchestrate tooling.

Common workflows

List exploit kinds:

reach forge --list-exploits
reach forge exploit --list

Describe one exploit kind:

reach forge exploit --list --kind web_local_storage_replay

Run an exploit:

reach forge exploit run web_local_storage_replay \
  --exploit-kwarg origin=http://127.0.0.1:8000

Check exploit dependencies:

reach forge exploit check --all
reach forge exploit check --kind web_local_storage_replay

Install exploit dependencies:

reach forge exploit install --all --upgrade
reach forge exploit install --kind web_local_storage_replay --dry-run

Built-in example

• Built-in exploit: src/reach/forge/exploits/web/local_storage_replay

Dev

Exploit-specific modules:

• CLI: reach.cli.forge.exploit
• Runtime API: reach.forge.api
• Built-in exploit registry: reach.forge.exploits

Entrypoint pattern:

def run(*, origin: str, **kwargs) -> dict[str, object]:
    ...

Implementation notes:

• Exploits return structured execution results rather than generated payload strings.
• Dependency checks/install are first-class because exploit modules often rely on external tooling.
• Manifest-driven exploit packages define entry, entrypoint, dependency files, and metadata just like generators.