Cisco Researcher Toolkit

AI-powered guidance for effective vulnerability reporting to Cisco's Bug Bounty and VDP programs

⚠️ IMPORTANT DISCLAIMER

By participating in Cisco's security research programs, you acknowledge and agree you are registered with Bugcrowd and bound by their Code of Conduct and Standard Disclosure Terms and are authorized in advance by such terms and the applicable program briefs to search for vulnerabilities.

🎯 Overview

The Cisco Researcher Toolkit is a comprehensive, AI-powered utility designed to assist security researchers in identifying, classifying, and reporting vulnerabilities to Cisco's various Bug Bounty and Vulnerability Disclosure Programs (VDPs).

Built around the PIRR Value Framework (Product Impact, Infrastructure Research, Relationship Building, Revenue Risk), this toolkit demystifies the submission process by embedding Cisco's program priorities directly into an intuitive interface.

🎬 Quick Demo

# Clone and run the CLI
git clone https://github.com/yourusername/cisco-researcher-toolkit
cd cisco-researcher-toolkit
export GEMINI_API_KEY="your-api-key-here"
python3 ciscoresearchertoolkit.py

✨ Key Features

🔄 Dual Interface Options

• CLI Tool: Full-featured command-line interface with complete AI support
• Web Interface: Modern, responsive single-page application

🤖 Multi-AI Provider Support

• Google Gemini (gemini-2.0-flash)
• Anthropic Claude (claude-3-7-sonnet-20250219)
• OpenAI GPT (gpt-4o)
• Intelligent Fallback: Automatic provider switching on failure
• Session Management: Secure API key storage and management

🛠 Core Research Tools

Tool	Description	AI Enhanced	Testing Guide Integration
Vulnerability Triage	PIRR-based classification and program routing	❌	❌
Submission Quality Analyzer	Report quality scoring and enhancement	✅	❌
Research Area Suggester	AI-powered attack vector brainstorming with methodology detection	✅	✅
Testing Guides	Links to industry-standard OWASP methodologies	❌	✅

🎯 Smart Routing

• High-Impact Findings → Cisco Meraki Bug Bounty Program
• Production Vulnerabilities → Relevant Bug Bounty Programs
• Demo/Test Environment Issues → VDP Programs
• Out-of-Scope High-Impact → Discretionary Submissions

🚀 Quick Start

Prerequisites

• Python 3.7+ (for CLI)
• Modern Web Browser (for web interface)
• API Key from at least one supported AI provider

1. Setup Environment

# Clone the repository
git clone https://github.com/yourusername/cisco-researcher-toolkit
cd cisco-researcher-toolkit

# Install dependencies (CLI only)
pip install requests

# Set API keys (choose one or more)
export GEMINI_API_KEY="your-gemini-key"
export CLAUDE_API_KEY="your-claude-key"  
export OPENAI_API_KEY="your-openai-key"

# Optional: Set default provider
export DEFAULT_AI_PROVIDER="gemini"  # or "claude" or "openai"

2. Run the CLI

python3 ciscoresearchertoolkit.py

3. Use the Web Interface

Open Cisco Researcher Toolkit.html in your browser and configure API keys in the AI Configuration tab.

📊 Interface Comparison

Feature	CLI	Web Interface
Vulnerability Triage	✅ Full Support	✅ Full Support
Quality Analysis	✅ Full Support	✅ Full Support
AI Report Enhancement	✅ All Providers	⚠️ Limited (CORS)
Research Suggestions	✅ All Providers	⚠️ Limited (CORS)
Provider Fallback	✅ Automatic	✅ Automatic
API Key Management	🔧 Environment Variables	🖱️ GUI Configuration
Offline Usage	✅ Yes (without AI)	✅ Yes (without AI)
Release Data Sync	✅ Writes to releases.json	✅ Reads from releases.json

🔑 AI Provider Setup

Google Gemini

1. Visit Google AI Studio
2. Create a new API key
3. Set environment variable: export GEMINI_API_KEY="your-key"

CLI Support: ✅ Full
Browser Support: ✅ Full (CORS enabled)

Anthropic Claude

1. Visit Anthropic Console
2. Generate an API key
3. Set environment variable: export CLAUDE_API_KEY="your-key"

CLI Support: ✅ Full
Browser Support: ✅ Full (with CORS workaround header)

OpenAI

1. Visit OpenAI Platform
2. Create a new API key
3. Set environment variable: export OPENAI_API_KEY="your-key"

CLI Support: ✅ Full
Browser Support: ❌ CORS Blocked (requires backend proxy)

💡 Recommendation: Use CLI for full functionality across all providers. Web interface works best with Gemini and Claude (with CORS workaround).

🔧 Configuration Options

Environment Variables

# API Keys
export GEMINI_API_KEY="your-gemini-key"
export CLAUDE_API_KEY="your-claude-key"
export OPENAI_API_KEY="your-openai-key"

# Default Provider (optional)
export DEFAULT_AI_PROVIDER="gemini"  # Options: gemini, claude, openai

# Provider Fallback Order (automatic)
# 1. Preferred provider (if specified)
# 2. Current default provider
# 3. Remaining available providers

Web Interface Configuration

• Open the AI Configuration tab
• Enter API keys for desired providers
• Select default provider
• Keys are stored in browser session only (not permanent)

Release Data Synchronization

The CLI and web interface share Cisco release data through releases.json:

How it works:

1. CLI fetches live data from Cisco/Meraki community forums
2. Automatically writes to releases.json when successful
3. Web interface reads from releases.json on "Refresh Data"
4. Both interfaces stay synced without manual updates

To update release data:

python3 ciscoresearchertoolkit.py
# Fetches live data and updates releases.json

In the web interface:

• Click "🔄 Refresh Data" to reload from releases.json
• If no releases.json exists, falls back to hardcoded data

📝 Usage Examples

Vulnerability Triage Workflow

# Start CLI
python3 ciscoresearchertoolkit.py

# Select: [1] Vulnerability Triage Tool
# Answer guided questions:
# - Finding type: "Hardcoded credentials in GitHub repo"
# - Product: "Meraki Dashboard"  
# - Impact: "Critical (RCE)"
# - Infrastructure: "Cisco-owned cloud"
# - Business Risk: "Yes"

# Result: "High Impact Finding: Report to Bug Bounty"
# Recommendation: Cisco Meraki Bug Bounty Program
# URL: https://bugcrowd.com/ciscomeraki

AI Security Testing Workflow

# Select: [3] Suggested Research Areas  
# Enter topic: "Cisco AI Canvas"

# System Response:
📋 Recommended Testing Methodologies:
OWASP AI Testing Guide
   For AI/ML systems, LLMs, and intelligent assistants
   Key areas: Model Security, Prompt Injection, Privacy & Ethics, Runtime Behavior
   URL: https://github.com/OWASP/www-project-ai-testing-guide

🎯 AI-Generated Attack Vectors:
1. Training data extraction through crafted prompts
2. Model poisoning via malicious input injection  
3. Prompt injection to bypass safety filters
4. Adversarial examples to manipulate model outputs
5. Privacy attacks to extract sensitive training data
6. Bias exploitation in model recommendations
7. Hallucination induction for misinformation attacks

🔗 Learn More:
• OWASP AI Testing Guide - AI security, prompt injection, model vulnerabilities

AI-Enhanced Report Generation

# Select: [2] Submission Quality Analyzer
# Complete checklist (5/5 for best results)
# Enter technical notes:

"Found SQL injection in Meraki dashboard user search. 
Parameter 'username' not sanitized. 
PoC: username=' OR 1=1-- returns all users"

# AI generates professional report with:
# - Executive Summary
# - Technical Description  
# - Proof of Concept
# - Business Impact Assessment

Research Area Discovery

# Select: [3] Suggested Research Areas
# Enter topic: "Cisco AI Assistant"

# System detects: AI Testing Guide methodology
# Recommended Testing Methodologies:
# 📋 OWASP AI Testing Guide
#    For AI/ML systems, LLMs, and intelligent assistants
#    Key areas: Model Security, Prompt Injection, Privacy & Ethics, Runtime Behavior

# AI suggests attack vectors:
# 1. Prompt injection bypassing safety filters
# 2. Training data extraction through conversation
# 3. Model hallucination exploitation
# 4. Bias exploitation in recommendations
# 5. Jailbreaking conversational boundaries

🏗️ Architecture

Project Structure

cisco-researcher-toolkit/
├── ciscoresearchertoolkit.py      # CLI application
├── Cisco Researcher Toolkit.html  # Web interface  
├── SPECIFICATIONS.md               # Detailed requirements
├── README.md                      # This file
└── requirements.txt               # Python dependencies

🧠 Smart Methodology Detection

The toolkit automatically detects the most appropriate OWASP testing methodologies based on research topics:

• IoT/Hardware Topics → OWASP ISTG (IoT Security Testing Guide)
• Firmware Topics → OWASP FSTM (Firmware Security Testing Methodology)
• AI/ML Topics → OWASP AI Testing Guide (AI Canvas, AI Assistant)
• Web/API Topics → OWASP WSTG (Web Security Testing Guide)

Keyword Detection Examples:

# AI Testing Guide triggers
"Cisco AI Assistant" → AI Testing Guide
"AI Canvas model" → AI Testing Guide
"LLM vulnerabilities" → AI Testing Guide

# IoT Testing Guide triggers  
"Meraki device" → ISTG + WSTG
"Hardware security" → ISTG + FSTM

# Multiple methodologies
"Meraki firmware API" → ISTG + FSTM + WSTG

AI Abstraction Layer

class AIManager:
    """Manages multiple AI providers with fallback capabilities"""
    
    # Supported providers
    providers = {
        'gemini': GeminiProvider(),
        'claude': ClaudeProvider(), 
        'openai': OpenAIProvider()
    }
    
    # Automatic fallback chain
    def call_ai(prompt, preferred_provider=None):
        # Try preferred → default → remaining providers
        # Return first successful response

Security Model

• CLI: Environment variables (secure)
• Web: Session storage only (not persistent)
• API Keys: Never transmitted except to respective AI services
• No Backend: All processing client-side

🔒 Security Best Practices

API Key Management

# ✅ Secure: Environment variables
export GEMINI_API_KEY="your-key"

# ✅ Secure: .env file (add to .gitignore)
echo "GEMINI_API_KEY=your-key" >> .env

# ❌ Insecure: Hardcoded in source
api_key = "your-key-here"  # Never do this!

Browser Security

• API keys stored in session storage only
• Keys cleared when browser session ends
• No persistent storage of credentials
• Direct API communication (no intermediary servers)

Shared Computer Usage

• CLI: Use temporary environment variables
• Web: Clear API keys before closing browser
• Always: Use the "Clear All API Keys" button when done

🛠️ Troubleshooting

Common Issues

Issue	Cause	Solution
"No AI providers configured"	Missing API keys	Set environment variables or configure in web UI
"Failed to fetch" (Claude)	Browser CORS policy	Automatic CORS workaround header applied; if persistent, use CLI
"CORS blocked" (OpenAI)	Browser CORS policy	Use CLI or implement backend proxy
CLI crashes on startup	Invalid DEFAULT_AI_PROVIDER	Remove variable or use valid value
"Invalid API key" errors	Incorrect/expired key	Verify key is correct and active

Browser Compatibility Status

• Gemini: ✅ Full browser support with native CORS
• Claude: ✅ Full browser support with CORS workaround header
• OpenAI: ❌ Browser blocked, CLI recommended

Error Messages Guide

# ✅ Expected: No providers configured
"⚠️ AI Status: No providers configured"

# ✅ Expected: Providers available  
"AI Status: 2 provider(s) available | Using: Gemini"

# ❌ Error: Invalid API key
"Error: API request to gemini failed: 400 Client Error"

# ❌ Error: Network issue
"Error: API request to claude failed: ConnectionError"

Debug Mode

# Enable verbose output
python3 ciscoresearchertoolkit.py --debug

# Check provider status
python3 -c "
import ciscoresearchertoolkit
manager = ciscoresearchertoolkit.ai_manager
print('Available:', manager.list_available_providers())
print('Current:', manager.current_provider)
"

🧪 Testing

Functionality Tests

# Test basic CLI functionality
echo "6" | python3 ciscoresearchertoolkit.py

# Test with API key
export GEMINI_API_KEY="test-key"
echo -e "2\ny\ny\ny\ny\ny\ntest\n\n6" | python3 ciscoresearchertoolkit.py

# Test provider switching
export DEFAULT_AI_PROVIDER="claude"
echo "6" | python3 ciscoresearchertoolkit.py

Web Interface Tests

1. Open Cisco Researcher Toolkit.html in browser
2. Navigate to AI Configuration tab
3. Enter test API keys
4. Test each tool functionality
5. Verify provider switching works

🤝 Contributing

Development Setup

# Clone repository
git clone https://github.com/yourusername/cisco-researcher-toolkit
cd cisco-researcher-toolkit

# Install development dependencies
pip install -r requirements.txt

# Run tests
python3 -m pytest tests/

# Lint code
python3 -m flake8 ciscoresearchertoolkit.py

Adding New AI Providers

1. Update AIProvider enum:

class AIProvider(Enum):
    GEMINI = "gemini"
    CLAUDE = "claude"
    OPENAI = "openai"
    NEWPROVIDER = "newprovider"  # Add here

2. Add API configuration:

API_CONFIGS = {
    AIProvider.NEWPROVIDER: {
        "url": "https://api.newprovider.com/v1/generate",
        "headers": {"Content-Type": "application/json"}
    }
}

3. Implement payload/response handling:

def _create_payload(self, prompt, provider):
    elif provider == AIProvider.NEWPROVIDER:
        return {"prompt": prompt, "max_tokens": 4000}

def _extract_response(self, result, provider):
    elif provider == AIProvider.NEWPROVIDER:
        return result.get("text", "")

Code Style

• Follow PEP 8 guidelines
• Use type hints where applicable
• Add docstrings for all functions
• Keep functions focused and small
• Handle errors gracefully

📊 Performance Considerations

Rate Limiting

• Gemini: 15 requests per minute (free tier)
• Claude: 5 requests per minute (free tier)
• OpenAI: 3 requests per minute (free tier)
• Fallback: Automatic switching when rate limited

Response Times

• Gemini: ~2-5 seconds (fastest)
• Claude: ~3-8 seconds (moderate)
• OpenAI: ~4-10 seconds (variable)

Cost Optimization

• Use environment variable DEFAULT_AI_PROVIDER for preferred model
• Implement provider switching based on cost preferences
• Monitor usage through respective provider dashboards

📚 References

OWASP Testing Guides

• IoT Security Testing Guide (ISTG)
• Firmware Security Testing Methodology (FSTM)
• AI Testing Guide
• Web Security Testing Guide (WSTG)

Cisco Programs

• Cisco Bug Bounty Program Hub
• Cisco Meraki Bug Bounty
• Cisco Meraki VDP Pro
• Cisco Security VDP

AI Provider Documentation

• Google Gemini API
• Anthropic Claude API
• OpenAI API

📄 License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

🙏 Acknowledgments

• Cisco Network Device Security Team for program guidance and framework development
• OWASP Community for comprehensive testing methodologies
• AI Providers (Google, Anthropic, OpenAI) for enabling enhanced functionality
• Security Research Community for feedback and testing

📞 Support

• Issues: GitHub Issues
• Discussions: GitHub Discussions

---

Built for security researchers, by security researchers 🛡️

Happy hunting and responsible disclosure! 🎯