From 2e25809a93877cc0b10734fb9eda8d9f03a33cc0 Mon Sep 17 00:00:00 2001 From: CyberSecurityUP Date: Wed, 1 Jul 2026 22:38:27 -0300 Subject: [PATCH] =?UTF-8?q?v3.5.5=20=E2=80=94=20cloud=20infrastructure=20t?= =?UTF-8?q?esting=20+=20REPL=20polish?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cloud testing: - +17 cloud agents (agents_md/infra/) for AWS/GCP/Azure: IAM/RBAC privesc, storage exposure (S3/GCS/Blob), compute & network exposure + IMDS, secrets (Secrets Manager / Secret Manager / Key Vault), SA/SP key abuse, Entra ID enum, and a multi-cloud footprint/identity recon agent. Library 348 -> 365. - creds.yaml gains aws:/gcp:/azure: blocks (Creds::cloud). The harness exports provider env vars (AWS_*, GOOGLE_APPLICATION_CREDENTIALS, AZURE_* SP) so aws/gcloud/az authenticate automatically, and injects a cloud directive. GCP inline JSON is written to a temp file. Best-practice auth per provider. REPL polish: - /chain (attack-chain depth, wired to Session.chain_depth), /agents list (library category counts incl. infra/cloud); /show now shows chain-depth and enabled integrations. Tab-completion + help updated. Docs: README badges (365 agents / 14 providers), new "Cloud credentials" section; RELEASE notes. Version 3.5.4 -> 3.5.5. --- README.md | 60 +++++- RELEASE.md | 46 +++++ TUTORIAL.md | 10 +- agents_md/infra/aws_compute_exposure.md | 38 ++++ agents_md/infra/aws_iam_privesc.md | 38 ++++ agents_md/infra/aws_identity_scope.md | 39 ++++ agents_md/infra/aws_lambda_review.md | 38 ++++ agents_md/infra/aws_s3_exposure.md | 38 ++++ agents_md/infra/aws_secrets_exposure.md | 38 ++++ agents_md/infra/azure_compute_identity.md | 38 ++++ agents_md/infra/azure_entra_enum.md | 38 ++++ agents_md/infra/azure_keyvault_access.md | 38 ++++ agents_md/infra/azure_rbac_privesc.md | 38 ++++ agents_md/infra/azure_storage_exposure.md | 38 ++++ agents_md/infra/cloud_recon_footprint.md | 40 ++++ agents_md/infra/gcp_compute_exposure.md | 38 ++++ agents_md/infra/gcp_iam_privesc.md | 38 ++++ agents_md/infra/gcp_secrets_functions.md | 38 ++++ agents_md/infra/gcp_serviceaccount_keys.md | 38 ++++ agents_md/infra/gcp_storage_exposure.md | 38 ++++ install.ps1 | 2 +- neurosploit-rs/Cargo.lock | 4 +- neurosploit-rs/Cargo.toml | 2 +- neurosploit-rs/app/src/main.rs | 26 ++- neurosploit-rs/app/src/repl.rs | 41 +++- neurosploit-rs/app/src/tui.rs | 2 +- neurosploit-rs/crates/harness/src/belief.rs | 2 +- neurosploit-rs/crates/harness/src/creds.rs | 126 ++++++++++++- .../crates/harness/src/grounding.rs | 2 +- neurosploit-rs/crates/harness/src/lib.rs | 2 +- neurosploit-rs/crates/harness/src/pomdp.rs | 2 +- neurosploit-rs/crates/harness/src/report.rs | 6 +- scripts/build_cloud_agents.py | 177 ++++++++++++++++++ setup.sh | 2 +- 34 files changed, 1123 insertions(+), 38 deletions(-) create mode 100644 agents_md/infra/aws_compute_exposure.md create mode 100644 agents_md/infra/aws_iam_privesc.md create mode 100644 agents_md/infra/aws_identity_scope.md create mode 100644 agents_md/infra/aws_lambda_review.md create mode 100644 agents_md/infra/aws_s3_exposure.md create mode 100644 agents_md/infra/aws_secrets_exposure.md create mode 100644 agents_md/infra/azure_compute_identity.md create mode 100644 agents_md/infra/azure_entra_enum.md create mode 100644 agents_md/infra/azure_keyvault_access.md create mode 100644 agents_md/infra/azure_rbac_privesc.md create mode 100644 agents_md/infra/azure_storage_exposure.md create mode 100644 agents_md/infra/cloud_recon_footprint.md create mode 100644 agents_md/infra/gcp_compute_exposure.md create mode 100644 agents_md/infra/gcp_iam_privesc.md create mode 100644 agents_md/infra/gcp_secrets_functions.md create mode 100644 agents_md/infra/gcp_serviceaccount_keys.md create mode 100644 agents_md/infra/gcp_storage_exposure.md create mode 100644 scripts/build_cloud_agents.py diff --git a/README.md b/README.md index dc454b9..fb02452 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -

🧠 NeuroSploit v3.5.4

+

🧠 NeuroSploit v3.5.5

Stars @@ -8,11 +8,11 @@

- + - - + +

@@ -24,7 +24,7 @@ > > πŸ“– **New here? Read the [full Tutorial & User Guide β†’](TUTORIAL.md)** β€” every mode, flag, config and example explained. -> πŸ†• **New in v3.5.4 β€” Robust attack chaining + fewer false positives:** a +> πŸ†• **New in v3.5.5 β€” Robust attack chaining + fewer false positives:** a > multi-round, decision-driven **post-exploitation** engine takes each confirmed > foothold and expands new directions (cred reuse, privesc, lateral movement, > exfil, new surface), carrying **loot** forward across rounds (`--chain-depth`). @@ -41,7 +41,7 @@ LLMs** β€” via **API key** or local **subscription** (Claude Code / Codex / Gemi Grok) β€” recons the target, **intelligently selects only the agents that match the discovered surface**, runs them in parallel, **chains** findings into deeper impact, and **validates every claim by cross-model voting + tool-receipt -grounding** before reporting. It ships **329 markdown agents** and a **Mission +grounding** before reporting. It ships **365 markdown agents** and a **Mission Control TUI**. ### Engagement modes @@ -51,7 +51,7 @@ Control TUI**. | **Black-box** | `neurosploit run ` | recon β†’ select β†’ exploit β†’ vote β†’ report | | **White-box** | `neurosploit whitebox ` | source/SAST review (file:line evidence) | | **Grey-box** | `neurosploit greybox --url ` | code review **+** live exploitation together | -| **Host/Infra** | `neurosploit host --creds creds.yaml` | Linux / Windows / Active Directory testing | +| **Host/Infra** | `neurosploit host --creds creds.yaml` | Linux / Windows / AD **and cloud** (AWS/GCP/Azure) testing | | **Mission Control** | `neurosploit tui ` | live TUI panels + composer during the run | | **Interactive** | `neurosploit` | persistent REPL session (resumes per project) | @@ -68,6 +68,10 @@ Control TUI**. - πŸ”— **Attack chaining** β€” 12 multi-stage chain agents (SQLiβ†’RCEβ†’LPE, SSRFβ†’AWS creds, uploadβ†’LFIβ†’RCEβ†’LPE, default-credsβ†’domain, …); each stage proven before advancing. +- ☁️ **Cloud testing** β€” AWS / GCP / Azure agents that drive the provider CLIs + (`aws`/`gcloud`/`az`). Connect via `creds.yaml`: AWS keys, a Google + service-account JSON, or an Azure service principal β€” see + [Cloud credentials](#cloud-credentials-awsgcpazure). - πŸ—ΊοΈ **Attack graph & kill chain** β€” findings mapped to OWASP / CWE / MITRE ATT&CK / stage; rendered as a Mermaid graph in the report. - βœ… **Cross-model validation** β€” a different model adjudicates each finding; @@ -186,6 +190,48 @@ neurosploit whitebox https://github.com/myorg/app --jira --subscription --model --- +## ☁️ Cloud credentials (AWS/GCP/Azure) + +Add a cloud block to `creds.yaml` and the harness exports the right env vars so +the AWS/GCP/Azure agents can drive `aws` / `gcloud` / `az`. Secrets stay in your +file/secret-manager; agents do **read-only enumeration first, never destructive**. + +```yaml +# --- AWS: static keys (or a named profile) --- +aws: + access_key_id: AKIA... + secret_access_key: ... + # session_token: ... # if using temporary creds + region: us-east-1 + # profile: my-sso-profile # alternative to keys + +# --- GCP: service-account JSON (path recommended; inline single-line also works) --- +gcp: + service_account_json: /path/to/sa.json + project: my-project-id + +# --- Azure: service principal (recommended for automation) --- +azure: + tenant_id: ... + client_id: ... + client_secret: ... + subscription_id: ... +``` + +```bash +neurosploit host my-cloud-account --creds creds.yaml \ + --subscription --model anthropic:claude-opus-4-8 -v +``` + +Agents cover IAM privilege-escalation, storage exposure (S3/GCS/Blob), compute & +network exposure, secrets (Secrets Manager / Secret Manager / Key Vault), +service-account/SP abuse, and identity enumeration (Entra ID). Best-practice +auth: **AWS** access keys or profile; **GCP** a service-account JSON +(`GOOGLE_APPLICATION_CREDENTIALS`); **Azure** a service principal +(`az login --service-principal`). + +--- + ## Build ```bash diff --git a/RELEASE.md b/RELEASE.md index 16730f9..31b102d 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,49 @@ +# NeuroSploit v3.5.5 β€” Release Notes + +**Release Date:** July 2026 +**Codename:** Cloud Testing & REPL polish +**License:** MIT +**Credits:** Joas A Santos & Red Team Leaders + +--- + +## TL;DR + +v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class +credential connection, **17 new cloud agents**, and a nicer REPL. + +## Highlights + +- **Cloud test agents (+17 β†’ library now 365 agents).** AWS, GCP and Azure + specialists in `agents_md/infra/` covering IAM privilege escalation, storage + exposure (S3 / GCS / Blob), compute & network exposure, secrets (Secrets + Manager / Secret Manager / Key Vault), service-account & service-principal + abuse, and Entra ID enumeration β€” plus a multi-cloud footprint/identity recon + agent. They drive the provider CLIs read-only-first, non-destructive. +- **Connect cloud credentials via `creds.yaml`.** New `aws:`, `gcp:`, `azure:` + blocks. The harness exports the right env vars so `aws` / `gcloud` / `az` pick + them up automatically, and injects a directive telling the agents how to + authenticate and what to enumerate: + - **AWS** β€” `access_key_id`/`secret_access_key`[/`session_token`]/`region`, or a `profile`. + - **GCP** β€” a service-account JSON (`service_account_json`, path recommended; + inline single-line also works) β†’ `GOOGLE_APPLICATION_CREDENTIALS` + project. + - **Azure** β€” a **service principal** (`tenant_id`/`client_id`/`client_secret`/ + `subscription_id`) β†’ `az login --service-principal` (best practice for + non-interactive automation). +- **REPL polish.** New **`/chain `** (attack-chain depth) and **`/agents list`** + (library category counts incl. infra/cloud); **`/show`** now displays + chain-depth and enabled integrations; help updated. +- Cloud creds are never written to disk beyond your `creds.yaml`; inline GCP JSON + is materialized to a temp file only to satisfy the SDK/CLI. + +## Notes + +- Additive/back-compatible. Provider count is now 14 (Azure OpenAI added in + v3.5.2). See the README "Cloud credentials" section for a full `creds.yaml` + example. + +--- + # NeuroSploit v3.5.4 β€” Release Notes **Release Date:** July 2026 diff --git a/TUTORIAL.md b/TUTORIAL.md index ed7df65..6f068c8 100644 --- a/TUTORIAL.md +++ b/TUTORIAL.md @@ -1,4 +1,4 @@ -# NeuroSploit β€” Tutorial & User Guide (v3.5.4) +# NeuroSploit β€” Tutorial & User Guide (v3.5.5) A complete, hands-on guide to installing, configuring and running NeuroSploit β€” the autonomous, multi-model penetration-testing harness. @@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It: 1. **Recons** the target with real tools (curl/nmap/…). 2. **Intelligently selects** only the agents whose preconditions match the recon - (it does *not* blindly run all 329). + (it does *not* blindly run all 365). 3. **Exploits** in parallel β€” each agent works in a ReAct loop and must prove its claim with a **tool receipt** (raw output). 4. **Validates** every candidate by **cross-model voting** (a different model @@ -98,8 +98,8 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith ### Verify ```bash -neurosploit --version # neurosploit 3.5.4 -neurosploit agents # {"vulns":196,...,"chains":12,"total":329} +neurosploit --version # neurosploit 3.5.5 +neurosploit agents # {"vulns":196,...,"chains":12,"total":365} neurosploit models # all providers & models ``` @@ -468,7 +468,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state ## 13. The agent library -`agents_md/` holds **329** markdown agents in categories: +`agents_md/` holds **365** markdown agents in categories: | Category | Dir | Count | Purpose | |----------|-----|-------|---------| diff --git a/agents_md/infra/aws_compute_exposure.md b/agents_md/infra/aws_compute_exposure.md new file mode 100644 index 0000000..b5d9279 --- /dev/null +++ b/agents_md/infra/aws_compute_exposure.md @@ -0,0 +1,38 @@ +# AWS EC2 / Network Exposure & IMDS Agent + +## User Prompt +You are testing the **AWS** cloud account/target **{target}** for exposed compute, permissive security groups and IMDSv1 SSRF risk. + +**Recon Context:** +{recon_json} + +**ACCESS:** AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`. + +**METHODOLOGY:** + +### 1. Enumerate +- `aws ec2 describe-instances`, `describe-security-groups`, `describe-snapshots --owner-ids self`, `describe-images` + +### 2. Assess +- Find 0.0.0.0/0 ingress on sensitive ports, public instances, public EBS snapshots/AMIs, and instances allowing IMDSv1 + +### 3. Confirm +- Show a concrete exposure (e.g. an SG open to the world, a public snapshot, or IMDSv1 enabled enabling SSRF cred theft) + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: AWS EC2 / Network Exposure & IMDS - [resource] +- Severity: High +- CWE: CWE-284 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Network exposure / credential theft via SSRF +- Remediation: Restrict SGs; require IMDSv2; make snapshots/AMIs private +``` + +## System Prompt +You are a AWS cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/aws_iam_privesc.md b/agents_md/infra/aws_iam_privesc.md new file mode 100644 index 0000000..ead51ed --- /dev/null +++ b/agents_md/infra/aws_iam_privesc.md @@ -0,0 +1,38 @@ +# AWS IAM Privilege Escalation Agent + +## User Prompt +You are testing the **AWS** cloud account/target **{target}** for IAM privilege-escalation paths. + +**Recon Context:** +{recon_json} + +**ACCESS:** AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`. + +**METHODOLOGY:** + +### 1. Enumerate +- List users, roles, groups, policies and pass-role / attach-policy / create-* permissions + +### 2. Find paths +- Check known escalation primitives: iam:PassRole+lambda/ec2, CreatePolicyVersion, AttachUserPolicy, UpdateAssumeRolePolicy, sts:AssumeRole chains + +### 3. Confirm safely +- Prove a path with a non-destructive check (e.g. simulate-principal-policy) or a benign read via the escalated role β€” never persist changes + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: AWS IAM Privilege Escalation - [resource] +- Severity: High +- CWE: CWE-269 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Escalation from low-privilege creds to admin +- Remediation: Remove dangerous IAM permissions from non-admin principals; monitor iam:* and sts:AssumeRole +``` + +## System Prompt +You are a AWS cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/aws_identity_scope.md b/agents_md/infra/aws_identity_scope.md new file mode 100644 index 0000000..a63b6ad --- /dev/null +++ b/agents_md/infra/aws_identity_scope.md @@ -0,0 +1,39 @@ +# AWS Credential Scope & Caller Identity Agent + +## User Prompt +You are testing the **AWS** cloud account/target **{target}** for over-privileged or unexpected credential scope. + +**Recon Context:** +{recon_json} + +**ACCESS:** AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`. + +**METHODOLOGY:** + +### 1. Who am I +- `aws sts get-caller-identity`; resolve the attached identity (user/role) + +### 2. What can I do +- Enumerate attached and inline policies (`aws iam list-attached-*-policies`, `get-*-policy`, `list-policies`) +- Simulate key actions with `aws iam simulate-principal-policy` where allowed + +### 3. Confirm +- Show the identity holds broad or admin-equivalent permissions it should not + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: AWS Credential Scope & Caller Identity - [resource] +- Severity: Medium +- CWE: CWE-269 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Excessive permissions β†’ account compromise +- Remediation: Apply least privilege; remove wildcard `*` actions/resources; rotate long-lived keys +``` + +## System Prompt +You are a AWS cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/aws_lambda_review.md b/agents_md/infra/aws_lambda_review.md new file mode 100644 index 0000000..f948e1b --- /dev/null +++ b/agents_md/infra/aws_lambda_review.md @@ -0,0 +1,38 @@ +# AWS Lambda & Resource-Policy Review Agent + +## User Prompt +You are testing the **AWS** cloud account/target **{target}** for insecure Lambda configuration and permissive resource policies. + +**Recon Context:** +{recon_json} + +**ACCESS:** AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`. + +**METHODOLOGY:** + +### 1. Enumerate +- `aws lambda list-functions`, `get-policy`, `get-function-configuration` (env vars) + +### 2. Assess +- Look for secrets in env vars, public/loose resource policies, over-privileged execution roles + +### 3. Confirm +- Show a function with a permissive policy or plaintext secret + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: AWS Lambda & Resource-Policy Review - [resource] +- Severity: Medium +- CWE: CWE-732 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Secret disclosure / unauthorized invoke +- Remediation: Remove secrets from env; scope resource policies & execution roles +``` + +## System Prompt +You are a AWS cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/aws_s3_exposure.md b/agents_md/infra/aws_s3_exposure.md new file mode 100644 index 0000000..4095284 --- /dev/null +++ b/agents_md/infra/aws_s3_exposure.md @@ -0,0 +1,38 @@ +# AWS S3 Bucket Exposure Agent + +## User Prompt +You are testing the **AWS** cloud account/target **{target}** for public or misconfigured S3 buckets. + +**Recon Context:** +{recon_json} + +**ACCESS:** AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`. + +**METHODOLOGY:** + +### 1. Enumerate buckets +- `aws s3 ls`; for each: `get-bucket-policy`, `get-bucket-acl`, `get-public-access-block` + +### 2. Assess exposure +- Identify buckets readable/writable by AllUsers/AuthenticatedUsers or a permissive policy + +### 3. Confirm +- List/read a sensitive object to prove exposure (no exfiltration beyond proof) + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: AWS S3 Bucket Exposure - [resource] +- Severity: High +- CWE: CWE-732 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Data exposure / tampering +- Remediation: Enable S3 Block Public Access; tighten bucket policies/ACLs; least-privilege access +``` + +## System Prompt +You are a AWS cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/aws_secrets_exposure.md b/agents_md/infra/aws_secrets_exposure.md new file mode 100644 index 0000000..e45c0df --- /dev/null +++ b/agents_md/infra/aws_secrets_exposure.md @@ -0,0 +1,38 @@ +# AWS Secrets & Parameter Exposure Agent + +## User Prompt +You are testing the **AWS** cloud account/target **{target}** for secrets accessible to the current identity. + +**Recon Context:** +{recon_json} + +**ACCESS:** AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`. + +**METHODOLOGY:** + +### 1. Enumerate +- `aws secretsmanager list-secrets`, `aws ssm describe-parameters` (and get-parameter --with-decryption where allowed) + +### 2. Assess +- Determine which secrets/parameters the identity can read + +### 3. Confirm +- Show a readable high-value secret (redact the value in the report; prove access only) + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: AWS Secrets & Parameter Exposure - [resource] +- Severity: High +- CWE: CWE-522 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Credential/secret disclosure β†’ lateral movement +- Remediation: Restrict secret resource policies; scope kms:Decrypt; audit access +``` + +## System Prompt +You are a AWS cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/azure_compute_identity.md b/agents_md/infra/azure_compute_identity.md new file mode 100644 index 0000000..498f485 --- /dev/null +++ b/agents_md/infra/azure_compute_identity.md @@ -0,0 +1,38 @@ +# Azure VM, NSG & Managed Identity Agent + +## User Prompt +You are testing the **Azure** cloud account/target **{target}** for exposed VMs, permissive NSGs and abusable managed identities. + +**Recon Context:** +{recon_json} + +**ACCESS:** An Azure service principal is exported. Authenticate: `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then use `az`. + +**METHODOLOGY:** + +### 1. Enumerate +- `az vm list`, `az network nsg list`, check public IPs and attached managed identities + +### 2. Assess +- Find NSGs open to 0.0.0.0/0 on sensitive ports, public VMs, and managed identities with broad roles (IMDS token abuse) + +### 3. Confirm +- Show a world-open NSG rule or a VM identity with excessive scope + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Azure VM, NSG & Managed Identity - [resource] +- Severity: High +- CWE: CWE-284 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Network exposure / identity abuse +- Remediation: Restrict NSGs; least-privilege managed identities; Just-in-Time VM access +``` + +## System Prompt +You are a Azure cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/azure_entra_enum.md b/agents_md/infra/azure_entra_enum.md new file mode 100644 index 0000000..50496d5 --- /dev/null +++ b/agents_md/infra/azure_entra_enum.md @@ -0,0 +1,38 @@ +# Azure Entra ID (AAD) Enumeration Agent + +## User Prompt +You are testing the **Azure** cloud account/target **{target}** for Entra ID app/service-principal weaknesses. + +**Recon Context:** +{recon_json} + +**ACCESS:** An Azure service principal is exported. Authenticate: `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then use `az`. + +**METHODOLOGY:** + +### 1. Enumerate +- `az ad sp list`, `az ad app list`; review app credentials, API permissions and consent + +### 2. Assess +- Find apps with excessive Graph permissions, expired-but-present secrets, or dangerous consent + +### 3. Confirm +- Show an over-permissioned or mis-consented app registration + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Azure Entra ID (AAD) Enumeration - [resource] +- Severity: Medium +- CWE: CWE-284 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Tenant-wide permission abuse / phishing consent +- Remediation: Review app API permissions & consent; rotate SP secrets; conditional access +``` + +## System Prompt +You are a Azure cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/azure_keyvault_access.md b/agents_md/infra/azure_keyvault_access.md new file mode 100644 index 0000000..d6db856 --- /dev/null +++ b/agents_md/infra/azure_keyvault_access.md @@ -0,0 +1,38 @@ +# Azure Key Vault Access Agent + +## User Prompt +You are testing the **Azure** cloud account/target **{target}** for over-permissive Key Vault access to secrets/keys/certs. + +**Recon Context:** +{recon_json} + +**ACCESS:** An Azure service principal is exported. Authenticate: `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then use `az`. + +**METHODOLOGY:** + +### 1. Enumerate +- `az keyvault list`; check access policies / RBAC and network rules + +### 2. Assess +- Determine which vault secrets/keys the SP can read + +### 3. Confirm +- Show a readable secret (prove access; redact value) + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Azure Key Vault Access - [resource] +- Severity: High +- CWE: CWE-522 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Secret/key disclosure +- Remediation: Least-privilege vault RBAC/policies; firewall; purge protection +``` + +## System Prompt +You are a Azure cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/azure_rbac_privesc.md b/agents_md/infra/azure_rbac_privesc.md new file mode 100644 index 0000000..d4afc39 --- /dev/null +++ b/agents_md/infra/azure_rbac_privesc.md @@ -0,0 +1,38 @@ +# Azure RBAC Privilege Escalation Agent + +## User Prompt +You are testing the **Azure** cloud account/target **{target}** for role-assignment weaknesses and escalation paths. + +**Recon Context:** +{recon_json} + +**ACCESS:** An Azure service principal is exported. Authenticate: `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then use `az`. + +**METHODOLOGY:** + +### 1. Enumerate +- `az role assignment list --all`, `az role definition list`; resolve the SP's roles/scope + +### 2. Find paths +- Check for Owner/Contributor/User Access Administrator, or roles allowing Microsoft.Authorization/roleAssignments/write + +### 3. Confirm safely +- Prove escalation potential via a benign read at the escalated scope β€” never assign roles + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Azure RBAC Privilege Escalation - [resource] +- Severity: High +- CWE: CWE-269 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Escalation to subscription owner +- Remediation: Least-privilege RBAC; avoid Owner/UAA for automation SPs; PIM +``` + +## System Prompt +You are a Azure cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/azure_storage_exposure.md b/agents_md/infra/azure_storage_exposure.md new file mode 100644 index 0000000..0658292 --- /dev/null +++ b/agents_md/infra/azure_storage_exposure.md @@ -0,0 +1,38 @@ +# Azure Storage Account Exposure Agent + +## User Prompt +You are testing the **Azure** cloud account/target **{target}** for public blob containers and weak storage access. + +**Recon Context:** +{recon_json} + +**ACCESS:** An Azure service principal is exported. Authenticate: `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then use `az`. + +**METHODOLOGY:** + +### 1. Enumerate +- `az storage account list`; check `allowBlobPublicAccess`, network rules, list containers + +### 2. Assess +- Find containers set to public (blob/container) or accounts allowing public network access + +### 3. Confirm +- List/read a blob in a public container to prove exposure + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Azure Storage Account Exposure - [resource] +- Severity: High +- CWE: CWE-732 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Data exposure +- Remediation: Disable public blob access; use private endpoints; SAS with least scope +``` + +## System Prompt +You are a Azure cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/cloud_recon_footprint.md b/agents_md/infra/cloud_recon_footprint.md new file mode 100644 index 0000000..cbfe3ec --- /dev/null +++ b/agents_md/infra/cloud_recon_footprint.md @@ -0,0 +1,40 @@ +# Cloud Footprint & Identity Recon Agent + +## User Prompt +You are testing the **multi-cloud** cloud account/target **{target}** for identifying the provider, current identity and reachable resources. + +**Recon Context:** +{recon_json} + +**ACCESS:** Whichever provider CLI has credentials exported (aws/gcloud/az). + +**METHODOLOGY:** + +### 1. Identify identity +- Determine the active principal: `aws sts get-caller-identity`, `gcloud auth list`+`gcloud config get project`, or `az account show` +- Note account/subscription/project id and whether it's a user, role or service principal + +### 2. Map reachable services +- Enumerate what the identity can list across IAM, storage, compute, secrets, functions +- Record every service that returns data vs AccessDenied β€” this scopes the blast radius + +### 3. Prioritise +- Flag high-value reachable resources (secrets, storage, admin roles) for the specialist agents + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Cloud Footprint & Identity Recon - [resource] +- Severity: Info +- CWE: CWE-1008 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Reconnaissance baseline for cloud attack surface +- Remediation: Scope credentials to least privilege; alert on broad list/describe from unexpected principals +``` + +## System Prompt +You are a multi-cloud cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/gcp_compute_exposure.md b/agents_md/infra/gcp_compute_exposure.md new file mode 100644 index 0000000..8c7e874 --- /dev/null +++ b/agents_md/infra/gcp_compute_exposure.md @@ -0,0 +1,38 @@ +# GCP Compute & Firewall Exposure Agent + +## User Prompt +You are testing the **GCP** cloud account/target **{target}** for permissive firewall rules and exposed VMs/metadata. + +**Recon Context:** +{recon_json} + +**ACCESS:** A GCP service account is active via $GOOGLE_APPLICATION_CREDENTIALS. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS`, then use `gcloud`/`gsutil`. + +**METHODOLOGY:** + +### 1. Enumerate +- `gcloud compute firewall-rules list`, `instances list`, check metadata & OS Login + +### 2. Assess +- Find 0.0.0.0/0 ingress, public IPs on sensitive services, project-wide SSH keys, permissive metadata + +### 3. Confirm +- Show a world-open firewall rule or an exposed instance + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: GCP Compute & Firewall Exposure - [resource] +- Severity: High +- CWE: CWE-284 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Network exposure / compromise +- Remediation: Restrict firewall source ranges; least-privilege metadata; OS Login +``` + +## System Prompt +You are a GCP cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/gcp_iam_privesc.md b/agents_md/infra/gcp_iam_privesc.md new file mode 100644 index 0000000..b0e237c --- /dev/null +++ b/agents_md/infra/gcp_iam_privesc.md @@ -0,0 +1,38 @@ +# GCP IAM Privilege Escalation Agent + +## User Prompt +You are testing the **GCP** cloud account/target **{target}** for IAM binding weaknesses and privilege-escalation paths. + +**Recon Context:** +{recon_json} + +**ACCESS:** A GCP service account is active via $GOOGLE_APPLICATION_CREDENTIALS. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS`, then use `gcloud`/`gsutil`. + +**METHODOLOGY:** + +### 1. Enumerate +- `gcloud projects get-iam-policy $PROJECT`, list roles/bindings for the active SA + +### 2. Find paths +- Check escalation primitives: iam.serviceAccounts.actAs/getAccessToken, setIamPolicy, roles.update, deploymentmanager, cloudfunctions deploy as a privileged SA + +### 3. Confirm safely +- Prove a path (e.g. impersonate a more-privileged SA with `--impersonate-service-account`) with a benign read + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: GCP IAM Privilege Escalation - [resource] +- Severity: High +- CWE: CWE-269 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Escalation to project owner +- Remediation: Remove actAs/setIamPolicy from low-priv SAs; least privilege; audit bindings +``` + +## System Prompt +You are a GCP cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/gcp_secrets_functions.md b/agents_md/infra/gcp_secrets_functions.md new file mode 100644 index 0000000..a29eb61 --- /dev/null +++ b/agents_md/infra/gcp_secrets_functions.md @@ -0,0 +1,38 @@ +# GCP Secret Manager & Cloud Functions Agent + +## User Prompt +You are testing the **GCP** cloud account/target **{target}** for readable secrets and insecure Cloud Functions. + +**Recon Context:** +{recon_json} + +**ACCESS:** A GCP service account is active via $GOOGLE_APPLICATION_CREDENTIALS. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS`, then use `gcloud`/`gsutil`. + +**METHODOLOGY:** + +### 1. Enumerate +- `gcloud secrets list` (+ versions access), `gcloud functions list` (+ get-iam-policy, env) + +### 2. Assess +- Find secrets the SA can access and functions with public invoker or secrets in env + +### 3. Confirm +- Show a readable secret or a public/loose function + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: GCP Secret Manager & Cloud Functions - [resource] +- Severity: High +- CWE: CWE-522 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Secret disclosure / unauthorized invoke +- Remediation: Scope secret accessor roles; remove allUsers invoker; no secrets in env +``` + +## System Prompt +You are a GCP cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/gcp_serviceaccount_keys.md b/agents_md/infra/gcp_serviceaccount_keys.md new file mode 100644 index 0000000..fc21ac6 --- /dev/null +++ b/agents_md/infra/gcp_serviceaccount_keys.md @@ -0,0 +1,38 @@ +# GCP Service Account Key & Impersonation Agent + +## User Prompt +You are testing the **GCP** cloud account/target **{target}** for service-account key abuse and impersonation. + +**Recon Context:** +{recon_json} + +**ACCESS:** A GCP service account is active via $GOOGLE_APPLICATION_CREDENTIALS. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS`, then use `gcloud`/`gsutil`. + +**METHODOLOGY:** + +### 1. Enumerate +- List SAs and keys (`gcloud iam service-accounts list`, `keys list`); check actAs/tokenCreator bindings + +### 2. Assess +- Identify SAs the identity can impersonate or mint keys for + +### 3. Confirm +- Mint a short-lived token via impersonation (non-destructive) to prove access + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: GCP Service Account Key & Impersonation - [resource] +- Severity: High +- CWE: CWE-522 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Identity theft / lateral movement +- Remediation: Disable SA key creation; use workload identity; restrict tokenCreator +``` + +## System Prompt +You are a GCP cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/infra/gcp_storage_exposure.md b/agents_md/infra/gcp_storage_exposure.md new file mode 100644 index 0000000..2a3404e --- /dev/null +++ b/agents_md/infra/gcp_storage_exposure.md @@ -0,0 +1,38 @@ +# GCP Cloud Storage Exposure Agent + +## User Prompt +You are testing the **GCP** cloud account/target **{target}** for public or misconfigured GCS buckets. + +**Recon Context:** +{recon_json} + +**ACCESS:** A GCP service account is active via $GOOGLE_APPLICATION_CREDENTIALS. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS`, then use `gcloud`/`gsutil`. + +**METHODOLOGY:** + +### 1. Enumerate +- `gsutil ls`; `gsutil iam get gs://` for each + +### 2. Assess +- Find buckets granting allUsers/allAuthenticatedUsers read/write + +### 3. Confirm +- List/read a sensitive object to prove exposure + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: GCP Cloud Storage Exposure - [resource] +- Severity: High +- CWE: CWE-732 +- Endpoint: [cloud resource ARN/URI/id] +- Vector: [what/where] +- Payload: [exact CLI command run] +- Evidence: [raw CLI output proving it] +- Impact: Data exposure / tampering +- Remediation: Enforce uniform bucket-level access; remove allUsers bindings; VPC-SC +``` + +## System Prompt +You are a GCP cloud-security specialist. AUTHORIZED engagement. Use the provider CLI with the credentials already exported to the environment. Do READ-ONLY enumeration first; never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI receipt (raw output) β€” never assume. Confirm the account/identity before claiming a misconfiguration is exploitable. Credits: Joas A Santos and Red Team Leaders. diff --git a/install.ps1 b/install.ps1 index dde8d2e..9b5947f 100644 --- a/install.ps1 +++ b/install.ps1 @@ -11,7 +11,7 @@ function Ok ($m) { Write-Host " + $m" -ForegroundColor Green } function Warn($m){ Write-Host " ! $m" -ForegroundColor Yellow } Write-Host "" -Write-Host " NeuroSploit installer (Windows) β€” v3.5.4" -ForegroundColor Cyan +Write-Host " NeuroSploit installer (Windows) β€” v3.5.5" -ForegroundColor Cyan $arch = $env:PROCESSOR_ARCHITECTURE Say "Platform: Windows / $arch" diff --git a/neurosploit-rs/Cargo.lock b/neurosploit-rs/Cargo.lock index 581f826..cf7b400 100644 --- a/neurosploit-rs/Cargo.lock +++ b/neurosploit-rs/Cargo.lock @@ -871,7 +871,7 @@ dependencies = [ [[package]] name = "neurosploit" -version = "3.5.4" +version = "3.5.5" dependencies = [ "anyhow", "clap", @@ -888,7 +888,7 @@ dependencies = [ [[package]] name = "neurosploit-harness" -version = "3.5.4" +version = "3.5.5" dependencies = [ "anyhow", "futures", diff --git a/neurosploit-rs/Cargo.toml b/neurosploit-rs/Cargo.toml index f94ca56..ff1d261 100644 --- a/neurosploit-rs/Cargo.toml +++ b/neurosploit-rs/Cargo.toml @@ -3,7 +3,7 @@ members = ["crates/harness", "app"] resolver = "2" [workspace.package] -version = "3.5.4" +version = "3.5.5" edition = "2021" license = "MIT" repository = "https://github.com/JoasASantos/NeuroSploit" diff --git a/neurosploit-rs/app/src/main.rs b/neurosploit-rs/app/src/main.rs index c23b2a4..da2c2da 100644 --- a/neurosploit-rs/app/src/main.rs +++ b/neurosploit-rs/app/src/main.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.4 β€” interactive harness + CLI (`run` / `whitebox` / `agents` / `models`). +//! NeuroSploit v3.5.5 β€” interactive harness + CLI (`run` / `whitebox` / `agents` / `models`). mod repl; mod tui; @@ -11,8 +11,8 @@ use std::path::{Path, PathBuf}; #[command( name = "neurosploit", version, - about = "NeuroSploit v3.5.4 β€” multi-model autonomous pentest harness", - long_about = "NeuroSploit v3.5.4 β€” a Rust multi-model harness that drives a pool of LLMs \ + about = "NeuroSploit v3.5.5 β€” multi-model autonomous pentest harness", + long_about = "NeuroSploit v3.5.5 β€” a Rust multi-model harness that drives a pool of LLMs \ (API key or local subscription: Claude/Codex/Gemini/Grok) to autonomously test a target. \ After recon it INTELLIGENTLY selects only the agents matching the discovered surface, runs \ them in parallel, then validates every finding by cross-model voting before reporting.\n\n\ @@ -474,6 +474,24 @@ pub(crate) async fn apply_creds(cfg: &mut RunConfig, path: Option<&str>) { cfg.instructions = Some(format!("{hi}\n{base}")); println!(" [*] host credentials loaded (SSH/Windows-AD)"); } + // Cloud credentials (AWS / GCP / Azure) β†’ export env for the provider CLIs + // and tell the agents how to authenticate & what to enumerate. + let cloud_env = c.cloud_env(); + if !cloud_env.is_empty() { + for (k, v) in &cloud_env { + std::env::set_var(k, v); + } + let names: Vec<&str> = [ + (!c.cloud.as_ref().map(|x| x.aws_access_key_id.is_empty() && x.aws_profile.is_empty()).unwrap_or(true), "AWS"), + (!c.cloud.as_ref().map(|x| x.gcp_sa_json.is_empty()).unwrap_or(true), "GCP"), + (!c.cloud.as_ref().map(|x| x.azure_client_id.is_empty()).unwrap_or(true), "Azure"), + ].iter().filter(|(on, _)| *on).map(|(_, n)| *n).collect(); + println!(" [*] cloud credentials loaded ({}) β€” {} env var(s) exported", names.join("/"), cloud_env.len()); + if let Some(ci) = c.cloud_instruction() { + let base = cfg.instructions.clone().unwrap_or_default(); + cfg.instructions = Some(format!("{ci}\n{base}")); + } + } // No direct material but a login flow β†’ perform it now. if cfg.auth.is_none() { if let Some(login) = &c.login { @@ -534,7 +552,7 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode: cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string()); write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target)); - println!(" β”Œβ”€ NeuroSploit v3.5.4 Β· by Joas A Santos & Red Team Leaders"); + println!(" β”Œβ”€ NeuroSploit v3.5.5 Β· by Joas A Santos & Red Team Leaders"); println!(" β”‚ run id : {run_id}"); println!(" β”‚ target : {}", cfg.target); println!(" β”‚ models : {}", cfg.models.join(", ")); diff --git a/neurosploit-rs/app/src/repl.rs b/neurosploit-rs/app/src/repl.rs index 8db9e51..0f33421 100644 --- a/neurosploit-rs/app/src/repl.rs +++ b/neurosploit-rs/app/src/repl.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.4 β€” interactive session (Claude-Code / Codex / Cursor-CLI style). +//! NeuroSploit v3.5.5 β€” interactive session (Claude-Code / Codex / Cursor-CLI style). //! //! Launched when `neurosploit` runs with no subcommand. A persistent REPL with //! real line editing (arrow-key history recall, Ctrl-A/E/K, paste), model @@ -119,7 +119,7 @@ struct LiveCheckpoint { const COMMANDS: &[&str] = &[ "/help", "/show", "/config", "/providers", "/model", "/key", "/sub", "/target", "/repo", "/auth", "/creds", "/focus", "/attach", "/context", "/mcp", "/offline", - "/votes", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report", + "/votes", "/chain", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report", "/status", "/diff", "/retest", "/integrations", "/quit", ]; @@ -198,6 +198,7 @@ struct Session { mcp: bool, vote_n: usize, max_agents: usize, + chain_depth: usize, offline: bool, target: Option, repo: Option, @@ -216,6 +217,7 @@ impl Default for Session { mcp: false, vote_n: 3, max_agents: 0, + chain_depth: 2, offline: false, target: None, repo: None, @@ -299,7 +301,7 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> { let backends = harness::installed_cli_backends(); println!("\x1b[1m"); println!(" β–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—"); - println!(" β–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•— NeuroSploit v3.5.4"); + println!(" β–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•— NeuroSploit v3.5.5"); println!(" β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ interactive harness"); println!(" β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β• β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ by Joas A Santos"); println!(" β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β• & Red Team Leaders"); @@ -432,7 +434,22 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> { "/offline" => { s.offline = !matches!(arg, "off" | "false" | "0" | "no"); println!(" offline: {}", onoff(s.offline)); } "/integrations" | "/integration" => integrations_cmd(arg), "/votes" => { s.vote_n = arg.parse().unwrap_or(s.vote_n); println!(" votes: {}", s.vote_n); } - "/agents" => { s.max_agents = arg.parse().unwrap_or(s.max_agents); println!(" max agents: {}", s.max_agents); } + "/chain" => { + if arg.is_empty() { println!(" attack-chain depth: {} (0 disables) β€” set with /chain ", s.chain_depth); } + else { s.chain_depth = arg.parse().unwrap_or(s.chain_depth); println!(" attack-chain depth: {}", s.chain_depth); } + } + "/agents" => { + if arg == "list" || arg == "ls" { + let lib = agents::load(base); + println!(" agent library ({} total):", lib.total()); + println!(" vulns {} Β· code {} Β· infra/cloud {} Β· recon {} Β· chains {} Β· meta {}", + lib.vulns.len(), lib.code.len(), lib.infra.len(), lib.recon.len(), lib.chains.len(), lib.meta.len()); + } else if arg.is_empty() { + println!(" max agents: {} (0 = all) β€” set with /agents , or /agents list for counts", s.max_agents); + } else { + s.max_agents = arg.parse().unwrap_or(s.max_agents); println!(" max agents: {}", s.max_agents); + } + } "/clear" => { print!("\x1b[2J\x1b[H"); } "/run" | "/go" => { if active.as_ref().map(|a| !a.done.load(Ordering::Relaxed)).unwrap_or(false) { @@ -667,6 +684,7 @@ async fn run(base: &Path, s: &Session, history: &mut Vec) { cfg.models = s.models.clone(); cfg.subscription = s.subscription; cfg.vote_n = s.vote_n; + cfg.chain_depth = s.chain_depth; cfg.max_agents = s.max_agents; cfg.verbose = true; cfg.offline = s.offline; @@ -716,6 +734,7 @@ async fn start_background(base: &Path, s: &Session, reader: &mut Reader, cfg.models = s.models.clone(); cfg.subscription = s.subscription; cfg.vote_n = s.vote_n; + cfg.chain_depth = s.chain_depth; cfg.max_agents = s.max_agents; cfg.verbose = true; cfg.offline = s.offline; @@ -1062,7 +1081,14 @@ fn show(s: &Session) { println!(" β”‚ auth : {}", s.auth.clone().unwrap_or_else(|| "(none)".into())); println!(" β”‚ creds : {}", s.creds.clone().unwrap_or_else(|| "(none)".into())); println!(" β”‚ focus : {}", s.instructions.clone().unwrap_or_else(|| "(none β€” tests everything)".into())); - println!(" β”‚ opts : mcp={} offline={} votes={} max-agents={}", onoff(s.mcp), onoff(s.offline), s.vote_n, s.max_agents); + println!(" β”‚ opts : mcp={} offline={} votes={} chain-depth={} max-agents={}", onoff(s.mcp), onoff(s.offline), s.vote_n, s.chain_depth, s.max_agents); + // Integrations at a glance (see /integrations for detail). + { + let ig = harness::integrations::Integrations::load(&proj_dir()); + let on: Vec<&str> = [(ig.github.enabled, "github"), (ig.gitlab.enabled, "gitlab"), (ig.jira.enabled, "jira")] + .iter().filter(|(e, _)| *e).map(|(_, n)| *n).collect(); + println!(" β”‚ integr. : {}", if on.is_empty() { "(none β€” /integrations)".into() } else { on.join(", ") }); + } // API-key status for the providers your selected models need. if !s.subscription { let provs: std::collections::BTreeSet = s.models.iter() @@ -1111,8 +1137,9 @@ fn help() { println!("\n \x1b[2mOPTIONS\x1b[0m"); h("/mcp on|off", "Playwright MCP browser /offline on|off self-test"); - h("/votes ", "validator votes /agents cap agents"); - h("/theme color|mono", "/show (config) /clear /quit"); + h("/votes ", "validator votes /chain attack-chain depth"); + h("/agents |list", "cap agents Β· list counts /theme color|mono"); + h("/show (config)", "/clear /quit"); println!("\n \x1b[2mMODES β€” black-box: set /target Β· white-box: set /repo Β· grey-box: set BOTH /repo + /target Β· host: /target + /creds\x1b[0m"); println!(" \x1b[2mFindings are checkpointed live to .neurosploit/ β€” quit/crash mid-run and they're recovered into /runs next launch.\x1b[0m"); diff --git a/neurosploit-rs/app/src/tui.rs b/neurosploit-rs/app/src/tui.rs index 1b4b36d..f48c75c 100644 --- a/neurosploit-rs/app/src/tui.rs +++ b/neurosploit-rs/app/src/tui.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.4 β€” TUI "Mission Control" mode. +//! NeuroSploit v3.5.5 β€” TUI "Mission Control" mode. //! //! Concurrent panels that update live while the engagement runs in the //! background, with a composer input that stays active during execution: diff --git a/neurosploit-rs/crates/harness/src/belief.rs b/neurosploit-rs/crates/harness/src/belief.rs index 1a4ef9b..e88c616 100644 --- a/neurosploit-rs/crates/harness/src/belief.rs +++ b/neurosploit-rs/crates/harness/src/belief.rs @@ -1,4 +1,4 @@ -//! POMDP belief-state world model (v3.5.4). +//! POMDP belief-state world model (v3.5.5). //! //! The target is only partially observable, so we don't track booleans β€” we //! track a **belief**: a property graph whose nodes (host / service / vuln / diff --git a/neurosploit-rs/crates/harness/src/creds.rs b/neurosploit-rs/crates/harness/src/creds.rs index 789cf49..1916aa0 100644 --- a/neurosploit-rs/crates/harness/src/creds.rs +++ b/neurosploit-rs/crates/harness/src/creds.rs @@ -51,6 +51,35 @@ pub struct Win { pub hash: String, // NTLM hash for pass-the-hash (LM:NT or NT) } +/// Cloud provider credentials for cloud-infra testing (AWS / GCP / Azure). +/// Secrets are read from `creds.yaml` and exported to the process environment so +/// the `aws` / `gcloud` / `az` CLIs the agents use pick them up automatically. +#[derive(Default, Debug, Clone)] +pub struct Cloud { + // AWS β€” static keys (access key + secret [+ session token]) OR a named profile. + pub aws_access_key_id: String, + pub aws_secret_access_key: String, + pub aws_session_token: String, + pub aws_region: String, + pub aws_profile: String, + // GCP β€” a service-account JSON (path, recommended) or inline single-line JSON. + pub gcp_sa_json: String, + pub gcp_project: String, + // Azure β€” a service principal (recommended for non-interactive automation). + pub azure_tenant_id: String, + pub azure_client_id: String, + pub azure_client_secret: String, + pub azure_subscription_id: String, +} + +impl Cloud { + fn is_empty(&self) -> bool { + self.aws_access_key_id.is_empty() && self.aws_profile.is_empty() + && self.gcp_sa_json.is_empty() + && self.azure_client_id.is_empty() + } +} + #[derive(Default, Debug, Clone)] pub struct Creds { pub jwt: Option, @@ -59,6 +88,7 @@ pub struct Creds { pub login: Option, pub ssh: Option, pub win: Option, + pub cloud: Option, } impl Creds { @@ -68,8 +98,9 @@ impl Creds { let mut login = Login { method: "POST".into(), ..Default::default() }; let mut ssh = Ssh { port: "22".into(), ..Default::default() }; let mut win = Win::default(); + let mut cloud = Cloud::default(); let (mut have_login, mut have_ssh, mut have_win) = (false, false, false); - let mut block = ""; // "", "login", "ssh", "windows" + let mut block = ""; // "", "login", "ssh", "windows", "aws", "gcp", "azure" for raw in text.lines() { let line = raw.split('#').next().unwrap_or(""); if line.trim().is_empty() { @@ -86,6 +117,9 @@ impl Creds { "login" => { have_login = true; "login" } "ssh" => { have_ssh = true; "ssh" } "windows" | "win" | "ad" => { have_win = true; "windows" } + "aws" => "aws", + "gcp" | "google" | "gcloud" => "gcp", + "azure" | "az" => "azure", _ => "", }; continue; @@ -118,6 +152,26 @@ impl Creds { "hash" | "ntlm" => win.hash = v, _ => {} }, + "aws" => match k.as_str() { + "access_key_id" | "access_key" | "key" => cloud.aws_access_key_id = v, + "secret_access_key" | "secret" => cloud.aws_secret_access_key = v, + "session_token" | "token" => cloud.aws_session_token = v, + "region" => cloud.aws_region = v, + "profile" => cloud.aws_profile = v, + _ => {} + }, + "gcp" => match k.as_str() { + "service_account_json" | "sa_json" | "key" | "keyfile" | "credentials" => cloud.gcp_sa_json = v, + "project" | "project_id" => cloud.gcp_project = v, + _ => {} + }, + "azure" => match k.as_str() { + "tenant_id" | "tenant" => cloud.azure_tenant_id = v, + "client_id" | "app_id" => cloud.azure_client_id = v, + "client_secret" | "secret" | "password" => cloud.azure_client_secret = v, + "subscription_id" | "subscription" => cloud.azure_subscription_id = v, + _ => {} + }, _ => {} } continue; @@ -133,13 +187,81 @@ impl Creds { if have_login && !login.url.is_empty() { c.login = Some(login); } if have_ssh && !ssh.host.is_empty() { c.ssh = Some(ssh); } if have_win && !win.host.is_empty() { c.win = Some(win); } + if !cloud.is_empty() { c.cloud = Some(cloud); } if c.jwt.is_none() && c.header.is_none() && c.cookie.is_none() - && c.login.is_none() && c.ssh.is_none() && c.win.is_none() { + && c.login.is_none() && c.ssh.is_none() && c.win.is_none() && c.cloud.is_none() { return None; } Some(c) } + /// Environment variables to export so the `aws`/`gcloud`/`az` CLIs the agents + /// run pick up the cloud credentials automatically. For inline GCP JSON the + /// content is written to a temp file and that path is returned. + pub fn cloud_env(&self) -> Vec<(String, String)> { + let mut e: Vec<(String, String)> = Vec::new(); + let Some(c) = &self.cloud else { return e }; + // AWS + if !c.aws_access_key_id.is_empty() { + e.push(("AWS_ACCESS_KEY_ID".into(), c.aws_access_key_id.clone())); + e.push(("AWS_SECRET_ACCESS_KEY".into(), c.aws_secret_access_key.clone())); + if !c.aws_session_token.is_empty() { + e.push(("AWS_SESSION_TOKEN".into(), c.aws_session_token.clone())); + } + } + if !c.aws_profile.is_empty() { e.push(("AWS_PROFILE".into(), c.aws_profile.clone())); } + if !c.aws_region.is_empty() { + e.push(("AWS_DEFAULT_REGION".into(), c.aws_region.clone())); + e.push(("AWS_REGION".into(), c.aws_region.clone())); + } + // GCP β€” path (recommended) or inline JSON written to a temp file. + if !c.gcp_sa_json.is_empty() { + let path = if c.gcp_sa_json.trim_start().starts_with('{') { + let p = std::env::temp_dir().join("neurosploit-gcp-sa.json"); + let _ = std::fs::write(&p, c.gcp_sa_json.as_bytes()); + p.display().to_string() + } else { + c.gcp_sa_json.clone() + }; + e.push(("GOOGLE_APPLICATION_CREDENTIALS".into(), path)); + } + if !c.gcp_project.is_empty() { + e.push(("GOOGLE_CLOUD_PROJECT".into(), c.gcp_project.clone())); + e.push(("CLOUDSDK_CORE_PROJECT".into(), c.gcp_project.clone())); + } + // Azure β€” service principal env (consumed by `az login --service-principal`). + if !c.azure_tenant_id.is_empty() { e.push(("AZURE_TENANT_ID".into(), c.azure_tenant_id.clone())); } + if !c.azure_client_id.is_empty() { e.push(("AZURE_CLIENT_ID".into(), c.azure_client_id.clone())); } + if !c.azure_client_secret.is_empty() { e.push(("AZURE_CLIENT_SECRET".into(), c.azure_client_secret.clone())); } + if !c.azure_subscription_id.is_empty() { + e.push(("AZURE_SUBSCRIPTION_ID".into(), c.azure_subscription_id.clone())); + e.push(("ARM_SUBSCRIPTION_ID".into(), c.azure_subscription_id.clone())); + } + e + } + + /// A directive telling the agents which cloud creds are available and how to + /// authenticate the provider CLI, so they enumerate/test the cloud account. + pub fn cloud_instruction(&self) -> Option { + let c = self.cloud.as_ref()?; + let mut s = String::new(); + if !c.aws_access_key_id.is_empty() || !c.aws_profile.is_empty() { + s.push_str(&format!( + "AWS ACCESS: credentials are set in the environment{}. Use the `aws` CLI to enumerate and test the account β€” start with `aws sts get-caller-identity`, then IAM (users/roles/policies, privilege escalation paths), S3 (public/misconfigured buckets), EC2/SG, Lambda, Secrets Manager. Read-only enumeration first; never destructive.\n", + if c.aws_region.is_empty() { String::new() } else { format!(" (region {})", c.aws_region) })); + } + if !c.gcp_sa_json.is_empty() { + s.push_str(&format!( + "GCP ACCESS: a service account is available via $GOOGLE_APPLICATION_CREDENTIALS{}. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS` first, then enumerate with `gcloud`/`gsutil` β€” IAM bindings & privilege escalation, buckets, compute, service accounts/keys, Cloud Functions.\n", + if c.gcp_project.is_empty() { String::new() } else { format!(" (project {})", c.gcp_project) })); + } + if !c.azure_client_id.is_empty() { + s.push_str( + "AZURE ACCESS: a service principal is set in the environment. Authenticate with `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then enumerate with `az` β€” role assignments (RBAC) & escalation, storage accounts/containers, VMs, Key Vaults, managed identities.\n"); + } + if s.is_empty() { None } else { Some(s) } + } + /// A directive describing the host credentials available to the agents, so /// they can authenticate to Linux (SSH) / Windows (AD) hosts. pub fn host_instruction(&self) -> Option { diff --git a/neurosploit-rs/crates/harness/src/grounding.rs b/neurosploit-rs/crates/harness/src/grounding.rs index 6b679b3..7a4a259 100644 --- a/neurosploit-rs/crates/harness/src/grounding.rs +++ b/neurosploit-rs/crates/harness/src/grounding.rs @@ -1,4 +1,4 @@ -//! Verification / grounding engine (v3.5.4). +//! Verification / grounding engine (v3.5.5). //! //! Hard rule: **no claim enters the world model without a tool receipt** β€” raw //! tool output, not the LLM's paraphrase. This is the empirical anti-hallucination diff --git a/neurosploit-rs/crates/harness/src/lib.rs b/neurosploit-rs/crates/harness/src/lib.rs index 9734231..54da095 100644 --- a/neurosploit-rs/crates/harness/src/lib.rs +++ b/neurosploit-rs/crates/harness/src/lib.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.4 harness β€” a robust multi-model runtime for the +//! NeuroSploit v3.5.5 harness β€” a robust multi-model runtime for the //! markdown-driven autonomous pentest engine. //! //! The harness loads the `agents_md/` library, drives a *pool* of LLM models diff --git a/neurosploit-rs/crates/harness/src/pomdp.rs b/neurosploit-rs/crates/harness/src/pomdp.rs index 544f9a6..0aabb61 100644 --- a/neurosploit-rs/crates/harness/src/pomdp.rs +++ b/neurosploit-rs/crates/harness/src/pomdp.rs @@ -1,4 +1,4 @@ -//! POMDP decision layer (v3.5.4): value-of-information planning + the +//! POMDP decision layer (v3.5.5): value-of-information planning + the //! anti-hallucination gate. //! //! The choice "scan more vs exploit now" is **not** a heuristic here β€” it falls diff --git a/neurosploit-rs/crates/harness/src/report.rs b/neurosploit-rs/crates/harness/src/report.rs index b6e62b7..ef337ad 100644 --- a/neurosploit-rs/crates/harness/src/report.rs +++ b/neurosploit-rs/crates/harness/src/report.rs @@ -97,9 +97,9 @@ pub fn html(target: &str, findings: &[Finding]) -> String { h4{{margin:12px 0 3px;font-size:12px;text-transform:uppercase;letter-spacing:.5px;color:#8b5cf6}}\ .b{{color:#8b5cf6;font-weight:800}}\

NeuroSploit Penetration Test Report

\ -
Target: {t} Β· v3.5.4 Rust harness Β· multi-model validated
\ +
Target: {t} Β· v3.5.5 Rust harness Β· multi-model validated
\
{chips}
{graph_block}

Findings ({n})

{body}\ -

Authorized testing only. Findings confirmed by multi-model adversarial voting.
NeuroSploit v3.5.4 Β· by Joas A Santos & Red Team Leaders

", +

Authorized testing only. Findings confirmed by multi-model adversarial voting.
NeuroSploit v3.5.5 Β· by Joas A Santos & Red Team Leaders

", t = esc(target), chips = chips, n = sorted.len(), body = body, graph_block = graph_block, ) } @@ -135,7 +135,7 @@ pub fn typst_report(target: &str, findings: &[Finding], dir: &Path) -> std::io:: let mut data = String::new(); data.push_str(&format!( "#let meta = (target: {}, run_id: {}, generated: {}, model: {})\n", - tq(target), tq(&run_id), tq("NeuroSploit v3.5.4"), tq("multi-model") + tq(target), tq(&run_id), tq("NeuroSploit v3.5.5"), tq("multi-model") )); data.push_str("#let findings = (\n"); for f in sorted_findings(findings) { diff --git a/scripts/build_cloud_agents.py b/scripts/build_cloud_agents.py new file mode 100644 index 0000000..483610a --- /dev/null +++ b/scripts/build_cloud_agents.py @@ -0,0 +1,177 @@ +#!/usr/bin/env python3 +""" +NeuroSploit v3.5.5 β€” cloud infrastructure test agents. + +Adds AWS / GCP / Azure cloud-security agents to agents_md/infra/. They drive the +provider CLIs (`aws`, `gcloud`/`gsutil`, `az`) using credentials the operator +supplies via creds.yaml (aws:/gcp:/azure: blocks, exported to the environment). +Read-only enumeration first, non-destructive, authorized only. +Credits: Joas A Santos & Red Team Leaders. +""" +import os + +ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +OUT = os.path.join(ROOT, "agents_md", "infra") +CREDITS = "Credits: Joas A Santos and Red Team Leaders." + + +def render(a): + L = [f"# {a['title']} Agent\n", "## User Prompt", + f"You are testing the **{a['cloud']}** cloud account/target **{{target}}** for {a['for']}.\n", + "**Recon Context:**\n{recon_json}\n", + f"**ACCESS:** {a['access']}\n", + "**METHODOLOGY:**\n"] + for i, (s, bs) in enumerate(a["steps"], 1): + L.append(f"### {i}. {s}") + L += [f"- {b}" for b in bs] + L.append("") + n = len(a["steps"]) + 1 + L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:", + f"- Title: {a['title']} - [resource]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}", + "- Endpoint: [cloud resource ARN/URI/id]", "- Vector: [what/where]", + "- Payload: [exact CLI command run]", "- Evidence: [raw CLI output proving it]", + f"- Impact: {a['impact']}", f"- Remediation: {a['fix']}", "```\n", + "## System Prompt", a["system"]] + return "\n".join(L) + "\n" + + +def A(name, title, cloud, vc, cwe, sev, access, steps, fix, impact): + return {"name": name, "title": title, "cloud": cloud, "for": vc, "sev": sev, "cwe": cwe, + "impact": impact, "fix": fix, "steps": steps, "access": access, + "system": (f"You are a {cloud} cloud-security specialist. AUTHORIZED engagement. Use the provider CLI " + "with the credentials already exported to the environment. Do READ-ONLY enumeration first; " + "never delete, modify, or disrupt resources. Report ONLY what you proved with a real CLI " + "receipt (raw output) β€” never assume. Confirm the account/identity before claiming a " + f"misconfiguration is exploitable. {CREDITS}")} + + +AWS_ACCESS = "AWS credentials are exported (AWS_ACCESS_KEY_ID/SECRET[/SESSION_TOKEN], region). Use the `aws` CLI; start with `aws sts get-caller-identity`." +GCP_ACCESS = "A GCP service account is active via $GOOGLE_APPLICATION_CREDENTIALS. Run `gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS`, then use `gcloud`/`gsutil`." +AZ_ACCESS = "An Azure service principal is exported. Authenticate: `az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_CLIENT_SECRET --tenant $AZURE_TENANT_ID`, then use `az`." + +AGENTS = [ + # ---------- generic ---------- + A("cloud_recon_footprint", "Cloud Footprint & Identity Recon", "multi-cloud", + "identifying the provider, current identity and reachable resources", "CWE-1008", "Info", + "Whichever provider CLI has credentials exported (aws/gcloud/az).", + [("Identify identity", ["Determine the active principal: `aws sts get-caller-identity`, `gcloud auth list`+`gcloud config get project`, or `az account show`", + "Note account/subscription/project id and whether it's a user, role or service principal"]), + ("Map reachable services", ["Enumerate what the identity can list across IAM, storage, compute, secrets, functions", + "Record every service that returns data vs AccessDenied β€” this scopes the blast radius"]), + ("Prioritise", ["Flag high-value reachable resources (secrets, storage, admin roles) for the specialist agents"])], + "Scope credentials to least privilege; alert on broad list/describe from unexpected principals", "Reconnaissance baseline for cloud attack surface"), + + # ---------- AWS ---------- + A("aws_identity_scope", "AWS Credential Scope & Caller Identity", "AWS", + "over-privileged or unexpected credential scope", "CWE-269", "Medium", AWS_ACCESS, + [("Who am I", ["`aws sts get-caller-identity`; resolve the attached identity (user/role)"]), + ("What can I do", ["Enumerate attached and inline policies (`aws iam list-attached-*-policies`, `get-*-policy`, `list-policies`)", + "Simulate key actions with `aws iam simulate-principal-policy` where allowed"]), + ("Confirm", ["Show the identity holds broad or admin-equivalent permissions it should not"])], + "Apply least privilege; remove wildcard `*` actions/resources; rotate long-lived keys", "Excessive permissions β†’ account compromise"), + A("aws_iam_privesc", "AWS IAM Privilege Escalation", "AWS", + "IAM privilege-escalation paths", "CWE-269", "High", AWS_ACCESS, + [("Enumerate", ["List users, roles, groups, policies and pass-role / attach-policy / create-* permissions"]), + ("Find paths", ["Check known escalation primitives: iam:PassRole+lambda/ec2, CreatePolicyVersion, AttachUserPolicy, UpdateAssumeRolePolicy, sts:AssumeRole chains"]), + ("Confirm safely", ["Prove a path with a non-destructive check (e.g. simulate-principal-policy) or a benign read via the escalated role β€” never persist changes"])], + "Remove dangerous IAM permissions from non-admin principals; monitor iam:* and sts:AssumeRole", "Escalation from low-privilege creds to admin"), + A("aws_s3_exposure", "AWS S3 Bucket Exposure", "AWS", + "public or misconfigured S3 buckets", "CWE-732", "High", AWS_ACCESS, + [("Enumerate buckets", ["`aws s3 ls`; for each: `get-bucket-policy`, `get-bucket-acl`, `get-public-access-block`"]), + ("Assess exposure", ["Identify buckets readable/writable by AllUsers/AuthenticatedUsers or a permissive policy"]), + ("Confirm", ["List/read a sensitive object to prove exposure (no exfiltration beyond proof)"])], + "Enable S3 Block Public Access; tighten bucket policies/ACLs; least-privilege access", "Data exposure / tampering"), + A("aws_secrets_exposure", "AWS Secrets & Parameter Exposure", "AWS", + "secrets accessible to the current identity", "CWE-522", "High", AWS_ACCESS, + [("Enumerate", ["`aws secretsmanager list-secrets`, `aws ssm describe-parameters` (and get-parameter --with-decryption where allowed)"]), + ("Assess", ["Determine which secrets/parameters the identity can read"]), + ("Confirm", ["Show a readable high-value secret (redact the value in the report; prove access only)"])], + "Restrict secret resource policies; scope kms:Decrypt; audit access", "Credential/secret disclosure β†’ lateral movement"), + A("aws_compute_exposure", "AWS EC2 / Network Exposure & IMDS", "AWS", + "exposed compute, permissive security groups and IMDSv1 SSRF risk", "CWE-284", "High", AWS_ACCESS, + [("Enumerate", ["`aws ec2 describe-instances`, `describe-security-groups`, `describe-snapshots --owner-ids self`, `describe-images`"]), + ("Assess", ["Find 0.0.0.0/0 ingress on sensitive ports, public instances, public EBS snapshots/AMIs, and instances allowing IMDSv1"]), + ("Confirm", ["Show a concrete exposure (e.g. an SG open to the world, a public snapshot, or IMDSv1 enabled enabling SSRF cred theft)"])], + "Restrict SGs; require IMDSv2; make snapshots/AMIs private", "Network exposure / credential theft via SSRF"), + A("aws_lambda_review", "AWS Lambda & Resource-Policy Review", "AWS", + "insecure Lambda configuration and permissive resource policies", "CWE-732", "Medium", AWS_ACCESS, + [("Enumerate", ["`aws lambda list-functions`, `get-policy`, `get-function-configuration` (env vars)"]), + ("Assess", ["Look for secrets in env vars, public/loose resource policies, over-privileged execution roles"]), + ("Confirm", ["Show a function with a permissive policy or plaintext secret"])], + "Remove secrets from env; scope resource policies & execution roles", "Secret disclosure / unauthorized invoke"), + + # ---------- GCP ---------- + A("gcp_iam_privesc", "GCP IAM Privilege Escalation", "GCP", + "IAM binding weaknesses and privilege-escalation paths", "CWE-269", "High", GCP_ACCESS, + [("Enumerate", ["`gcloud projects get-iam-policy $PROJECT`, list roles/bindings for the active SA"]), + ("Find paths", ["Check escalation primitives: iam.serviceAccounts.actAs/getAccessToken, setIamPolicy, roles.update, deploymentmanager, cloudfunctions deploy as a privileged SA"]), + ("Confirm safely", ["Prove a path (e.g. impersonate a more-privileged SA with `--impersonate-service-account`) with a benign read"])], + "Remove actAs/setIamPolicy from low-priv SAs; least privilege; audit bindings", "Escalation to project owner"), + A("gcp_storage_exposure", "GCP Cloud Storage Exposure", "GCP", + "public or misconfigured GCS buckets", "CWE-732", "High", GCP_ACCESS, + [("Enumerate", ["`gsutil ls`; `gsutil iam get gs://` for each"]), + ("Assess", ["Find buckets granting allUsers/allAuthenticatedUsers read/write"]), + ("Confirm", ["List/read a sensitive object to prove exposure"])], + "Enforce uniform bucket-level access; remove allUsers bindings; VPC-SC", "Data exposure / tampering"), + A("gcp_serviceaccount_keys", "GCP Service Account Key & Impersonation", "GCP", + "service-account key abuse and impersonation", "CWE-522", "High", GCP_ACCESS, + [("Enumerate", ["List SAs and keys (`gcloud iam service-accounts list`, `keys list`); check actAs/tokenCreator bindings"]), + ("Assess", ["Identify SAs the identity can impersonate or mint keys for"]), + ("Confirm", ["Mint a short-lived token via impersonation (non-destructive) to prove access"])], + "Disable SA key creation; use workload identity; restrict tokenCreator", "Identity theft / lateral movement"), + A("gcp_compute_exposure", "GCP Compute & Firewall Exposure", "GCP", + "permissive firewall rules and exposed VMs/metadata", "CWE-284", "High", GCP_ACCESS, + [("Enumerate", ["`gcloud compute firewall-rules list`, `instances list`, check metadata & OS Login"]), + ("Assess", ["Find 0.0.0.0/0 ingress, public IPs on sensitive services, project-wide SSH keys, permissive metadata"]), + ("Confirm", ["Show a world-open firewall rule or an exposed instance"])], + "Restrict firewall source ranges; least-privilege metadata; OS Login", "Network exposure / compromise"), + A("gcp_secrets_functions", "GCP Secret Manager & Cloud Functions", "GCP", + "readable secrets and insecure Cloud Functions", "CWE-522", "High", GCP_ACCESS, + [("Enumerate", ["`gcloud secrets list` (+ versions access), `gcloud functions list` (+ get-iam-policy, env)"]), + ("Assess", ["Find secrets the SA can access and functions with public invoker or secrets in env"]), + ("Confirm", ["Show a readable secret or a public/loose function"])], + "Scope secret accessor roles; remove allUsers invoker; no secrets in env", "Secret disclosure / unauthorized invoke"), + + # ---------- Azure ---------- + A("azure_rbac_privesc", "Azure RBAC Privilege Escalation", "Azure", + "role-assignment weaknesses and escalation paths", "CWE-269", "High", AZ_ACCESS, + [("Enumerate", ["`az role assignment list --all`, `az role definition list`; resolve the SP's roles/scope"]), + ("Find paths", ["Check for Owner/Contributor/User Access Administrator, or roles allowing Microsoft.Authorization/roleAssignments/write"]), + ("Confirm safely", ["Prove escalation potential via a benign read at the escalated scope β€” never assign roles"])], + "Least-privilege RBAC; avoid Owner/UAA for automation SPs; PIM", "Escalation to subscription owner"), + A("azure_storage_exposure", "Azure Storage Account Exposure", "Azure", + "public blob containers and weak storage access", "CWE-732", "High", AZ_ACCESS, + [("Enumerate", ["`az storage account list`; check `allowBlobPublicAccess`, network rules, list containers"]), + ("Assess", ["Find containers set to public (blob/container) or accounts allowing public network access"]), + ("Confirm", ["List/read a blob in a public container to prove exposure"])], + "Disable public blob access; use private endpoints; SAS with least scope", "Data exposure"), + A("azure_keyvault_access", "Azure Key Vault Access", "Azure", + "over-permissive Key Vault access to secrets/keys/certs", "CWE-522", "High", AZ_ACCESS, + [("Enumerate", ["`az keyvault list`; check access policies / RBAC and network rules"]), + ("Assess", ["Determine which vault secrets/keys the SP can read"]), + ("Confirm", ["Show a readable secret (prove access; redact value)"])], + "Least-privilege vault RBAC/policies; firewall; purge protection", "Secret/key disclosure"), + A("azure_compute_identity", "Azure VM, NSG & Managed Identity", "Azure", + "exposed VMs, permissive NSGs and abusable managed identities", "CWE-284", "High", AZ_ACCESS, + [("Enumerate", ["`az vm list`, `az network nsg list`, check public IPs and attached managed identities"]), + ("Assess", ["Find NSGs open to 0.0.0.0/0 on sensitive ports, public VMs, and managed identities with broad roles (IMDS token abuse)"]), + ("Confirm", ["Show a world-open NSG rule or a VM identity with excessive scope"])], + "Restrict NSGs; least-privilege managed identities; Just-in-Time VM access", "Network exposure / identity abuse"), + A("azure_entra_enum", "Azure Entra ID (AAD) Enumeration", "Azure", + "Entra ID app/service-principal weaknesses", "CWE-284", "Medium", AZ_ACCESS, + [("Enumerate", ["`az ad sp list`, `az ad app list`; review app credentials, API permissions and consent"]), + ("Assess", ["Find apps with excessive Graph permissions, expired-but-present secrets, or dangerous consent"]), + ("Confirm", ["Show an over-permissioned or mis-consented app registration"])], + "Review app API permissions & consent; rotate SP secrets; conditional access", "Tenant-wide permission abuse / phishing consent"), +] + + +def main(): + os.makedirs(OUT, exist_ok=True) + for a in AGENTS: + open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a)) + print(f"wrote {len(AGENTS)} cloud agents to {OUT}") + + +if __name__ == "__main__": + main() diff --git a/setup.sh b/setup.sh index 8ab20a2..99afcfa 100755 --- a/setup.sh +++ b/setup.sh @@ -25,7 +25,7 @@ cat <<'BANNER' β–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•— NeuroSploit installer - β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ v3.5.4 β€” Rust harness + β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ v3.5.5 β€” Rust harness β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β• β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ by Joas A Santos β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β• & Red Team Leaders β•šβ•β• β•šβ•β•β•β•β•šβ•β•β•β•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β• β•šβ•β• β•šβ•β•β•β•β•β•