Skip to content

hxResearch

hxresearch/ is the planned internal research and expertise repository for the hxEASM project.

It is not application runtime code. It is the knowledge layer: a long-term home for project-maintained security research, detection content, advisories, writeups, proof-of-concepts, datasets, and future proprietary expertise.

Purpose

The platform has several moving parts:

  • platform code
  • plugin wrappers
  • configuration
  • scan profiles
  • report generation
  • future AI agents
  • research knowledge

hxresearch/ is the dedicated place for the research knowledge layer. It should grow independently from backend and frontend application code so proprietary detections, advisories, and research material can evolve without turning the application tree into a mixed code-and-research archive.

Use hxresearch/ for:

  • custom detection templates
  • proprietary security research
  • project-authored advisories
  • vulnerability writeups
  • proof-of-concept material
  • validation datasets
  • reference material
  • future expert knowledge used by plugins or agents

Planned Structure

hxresearch/
├── README.md
├── nuclei/
├── advisories/
├── writeups/
├── poc/
└── datasets/

nuclei/

Custom Nuclei templates maintained by the project.

This directory is intended for internal or project-authored templates, including templates for newly researched vulnerabilities, product-specific detections, and validation checks that are not part of the standard ProjectDiscovery template set.

advisories/

Security advisories authored by the project team.

Advisories should describe affected products, versions, impact, remediation, disclosure timeline, references, and detection guidance where appropriate.

writeups/

Research reports and technical analyses.

Writeups can include root-cause analysis, exploitability notes, detection strategy, reproduction details, and operational guidance.

poc/

Proof-of-concept exploit code and validation material.

PoC content must be handled carefully. Keep it clearly labeled, scoped, and separated from production scanning code. Do not wire PoCs into automated scan paths unless a future task explicitly designs that integration with safety controls.

datasets/

Research datasets and collected reference material.

Examples include fingerprint references, normalized test cases, sample banners, anonymized response snippets, and other data useful for detection engineering.

Philosophy

hxresearch/ should be:

  • research-first, not application-first
  • structured enough to support long-term maintenance
  • explicit about source, confidence, and limitations
  • safe by default
  • useful to detection engineers, plugin authors, operators, and future AI agents

The repository should avoid mixing secrets, customer data, raw sensitive captures, or uncontrolled exploit automation into the project tree.

Ownership

Research content should have clear ownership metadata where practical:

  • author or maintainer
  • creation date
  • last reviewed date
  • affected product or technology
  • source references
  • confidence level
  • validation status

For detection content, include whether it is experimental, validated, deprecated, or production-ready.

Contribution Guidelines

When adding research content:

  1. Place it in the correct directory.
  2. Use stable filenames.
  3. Include a short summary and scope.
  4. Keep API paths, CVE IDs, template IDs, and product names exact.
  5. Document required authentication, privileges, or environment assumptions.
  6. Avoid committing secrets, tokens, private customer data, or uncontrolled exploit payloads.
  7. Mark experimental content clearly.
  8. Add references when public sources exist.
  9. Add validation notes when a detection has been tested.

Future Integrations

The current application does not automatically consume hxresearch/.

Planned future integrations may include:

  • nuclei_expert: run templates from hxresearch/nuclei
  • nuclei_hybrid: run standard ProjectDiscovery templates plus hxresearch/nuclei
  • advisory engines that read hxresearch/advisories
  • future AI agents that use curated hxresearch context
  • report sections referencing internal advisories and detection provenance
  • plugin wrappers that consume datasets from hxresearch/datasets

These integrations are future/planned. They are not implemented yet.

Nuclei Modes Roadmap

Current behavior:

nuclei -> standard ProjectDiscovery templates

Planned future modes:

nuclei_expert -> templates stored in hxresearch/nuclei
nuclei_hybrid -> ProjectDiscovery templates + hxresearch templates

The future modes should be designed with explicit configuration, safety controls, template provenance, and clear scan profile behavior.

Relationship to Application Code

hxresearch/ should not replace plugin wrappers or scan profile configuration.

Instead:

  • plugin wrappers define how tools execute
  • scan profiles define which plugins run
  • configuration defines runtime behavior
  • hxresearch/ stores expert knowledge and research assets that future plugins may consume

This separation keeps the platform maintainable while allowing the research corpus to grow.