mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-08 20:37:52 +02:00
identification/attribution + multi-role access-control auth (v3.5.5)
Attribution (anti-plagiarism), multiple layers: - Identifying User-Agent on every request (default NeuroSploit/<ver> + an X-NeuroSploit-Scan header), overridable via /ua or NEUROSPLOIT_UA env; shown in the run banner. RunConfig.user_agent + Session.user_agent wired through. - Every finding is stamped "Identified and validated by NeuroSploit …" (in finish() and the raw-report path) so provenance travels in the finding text, findings.json and the report. Multi-role authentication for access-control testing (IDOR/BOLA/BFLA/privesc): - creds.yaml gains named identity blocks (admin:/user:/victim:/…), each with jwt | header | cookie | apikey | login+username+password. With >=2 roles the harness injects a cross-role access-control directive (authorized-vs-unauthorized proof) and defaults the primary auth to the first role. Also: /help now lists one command per line (fixes smushed OPTIONS/RUN columns); /ua command + Session field; docs (README + RELEASE) updated.
This commit is contained in:
+29
@@ -92,6 +92,35 @@ interactive line-editing.
|
||||
- **Rate-limit testing** is a first-class control check (small non-disruptive
|
||||
burst → look for 429/lockout/Retry-After), never a DoS.
|
||||
|
||||
## Multi-role auth & access-control testing
|
||||
|
||||
- **Named identities in `creds.yaml`** for IDOR / BOLA / BFLA / privilege-escalation
|
||||
testing. Define two or more roles and the agent authenticates as each and tests
|
||||
**cross-role access** (control vs unauthorized request):
|
||||
```yaml
|
||||
admin:
|
||||
jwt: eyJ... # or header:/cookie:/apikey:/login+username+password
|
||||
user:
|
||||
apikey: abc123 # → X-Api-Key: abc123
|
||||
victim:
|
||||
cookie: "session=..."
|
||||
```
|
||||
Supported per role: `jwt`, `header` (raw), `cookie`, `apikey`, or a
|
||||
`login`/`username`/`password` self-login. With ≥2 roles the harness injects an
|
||||
access-control directive (capture one role's object IDs/functions, attempt them
|
||||
as another role, prove authorized-vs-denied) under the data-safety guardrail.
|
||||
|
||||
## Attribution & identification (anti-plagiarism)
|
||||
|
||||
- **Identifying User-Agent** on every request — default
|
||||
`NeuroSploit/<ver> (authorized security assessment; +github…)`, plus an
|
||||
`X-NeuroSploit-Scan` header. Change it with **`/ua <string>`** (REPL) or the
|
||||
`NEUROSPLOIT_UA` env var; the run banner shows it.
|
||||
- **Attribution stamped into every finding** ("Identified and validated by
|
||||
NeuroSploit — multi-model adversarial validation …") so provenance travels with
|
||||
the finding across the report, `findings.json` and any copy — in the traffic,
|
||||
the finding text, and the report footer, so the work can't be silently re-badged.
|
||||
|
||||
## Notes
|
||||
|
||||
- Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
|
||||
|
||||
Reference in New Issue
Block a user