v3.5.5 — cloud infrastructure testing + REPL polish

Cloud testing:
- +17 cloud agents (agents_md/infra/) for AWS/GCP/Azure: IAM/RBAC privesc,
  storage exposure (S3/GCS/Blob), compute & network exposure + IMDS, secrets
  (Secrets Manager / Secret Manager / Key Vault), SA/SP key abuse, Entra ID
  enum, and a multi-cloud footprint/identity recon agent. Library 348 -> 365.
- creds.yaml gains aws:/gcp:/azure: blocks (Creds::cloud). The harness exports
  provider env vars (AWS_*, GOOGLE_APPLICATION_CREDENTIALS, AZURE_* SP) so
  aws/gcloud/az authenticate automatically, and injects a cloud directive. GCP
  inline JSON is written to a temp file. Best-practice auth per provider.

REPL polish:
- /chain <n> (attack-chain depth, wired to Session.chain_depth), /agents list
  (library category counts incl. infra/cloud); /show now shows chain-depth and
  enabled integrations. Tab-completion + help updated.

Docs: README badges (365 agents / 14 providers), new "Cloud credentials" section;
RELEASE notes. Version 3.5.4 -> 3.5.5.
This commit is contained in:
CyberSecurityUP
2026-07-01 22:38:27 -03:00
parent e5c607f467
commit 2e25809a93
34 changed files with 1123 additions and 38 deletions
+5 -5
View File
@@ -1,4 +1,4 @@
# NeuroSploit — Tutorial & User Guide (v3.5.4)
# NeuroSploit — Tutorial & User Guide (v3.5.5)
A complete, hands-on guide to installing, configuring and running NeuroSploit —
the autonomous, multi-model penetration-testing harness.
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
1. **Recons** the target with real tools (curl/nmap/…).
2. **Intelligently selects** only the agents whose preconditions match the recon
(it does *not* blindly run all 329).
(it does *not* blindly run all 365).
3. **Exploits** in parallel — each agent works in a ReAct loop and must prove its
claim with a **tool receipt** (raw output).
4. **Validates** every candidate by **cross-model voting** (a different model
@@ -98,8 +98,8 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
### Verify
```bash
neurosploit --version # neurosploit 3.5.4
neurosploit agents # {"vulns":196,...,"chains":12,"total":329}
neurosploit --version # neurosploit 3.5.5
neurosploit agents # {"vulns":196,...,"chains":12,"total":365}
neurosploit models # all providers & models
```
@@ -468,7 +468,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
## 13. The agent library
`agents_md/` holds **329** markdown agents in categories:
`agents_md/` holds **365** markdown agents in categories:
| Category | Dir | Count | Purpose |
|----------|-----|-------|---------|