decision-driven deep exploitation: DECISION doctrine, multi-role /auth, +6 agents

- DECISION_DOCTRINE injected into exploit/grey/chain prompts: analyse responses to
  pick the technique; map & connect routes (endpoint output → next endpoint input);
  hunt sensitive flows; mine parameters (incl. hidden from JS/source maps) and test
  per-param; mock realistic (non-PII) data to reach deeper logic; exploit the
  authenticated surface after login and compare roles; build PoCs when a proof
  needs an artifact; bypass 401/403/redirect controls.
- REPL /auth now supports multiple named identities (/auth admin <hdr>, /auth user
  <hdr>; bare token → Bearer). With >=2 roles the run gets the access-control
  directive (IDOR/BOLA/BFLA/privesc, authorized-vs-unauthorized) and tests both.
- +6 decision agents (library 389): param_miner, endpoint_flow_linker,
  authenticated_surface_exploit, clickjacking_poc (HTML PoC), csrf_poc (HTML PoC),
  access_control_bypass.
- Docs: counts 383->389, RELEASE + /auth help updated.
This commit is contained in:
CyberSecurityUP
2026-07-06 10:52:40 -03:00
parent a064b4e497
commit 39c28b541b
12 changed files with 439 additions and 15 deletions
+2 -2
View File
@@ -11,7 +11,7 @@
<img src="https://img.shields.io/badge/Version-3.5.5-blue?style=flat-square">
<img src="https://img.shields.io/badge/Harness-Rust%20%7C%20tokio-e6b673?style=flat-square">
<img src="https://img.shields.io/badge/License-MIT-green?style=flat-square">
<img src="https://img.shields.io/badge/MD%20Agents-383-red?style=flat-square">
<img src="https://img.shields.io/badge/MD%20Agents-389-red?style=flat-square">
<img src="https://img.shields.io/badge/Models-14%20providers-success?style=flat-square">
<img src="https://img.shields.io/badge/Modes-Black%20%7C%20White%20%7C%20Grey%20%7C%20Host-9cf?style=flat-square">
<img src="https://img.shields.io/badge/Auth-API%20key%20%7C%20Subscription-orange?style=flat-square">
@@ -44,7 +44,7 @@ LLMs** — via **API key** or local **subscription** (Claude Code / Codex / Gemi
Grok) — recons the target, **intelligently selects only the agents that match the
discovered surface**, runs them in parallel, **chains** findings into deeper
impact, and **validates every claim by cross-model voting + tool-receipt
grounding** before reporting. It ships **383 markdown agents** and a **Mission
grounding** before reporting. It ships **389 markdown agents** and a **Mission
Control TUI**.
### Engagement modes
+20
View File
@@ -102,6 +102,26 @@ interactive line-editing.
- **Rate-limit testing** is a first-class control check (small non-disruptive
burst → look for 429/lockout/Retry-After), never a DoS.
## Decision-driven deep exploitation
- **DECISION doctrine** injected into every exploit/grey/chain prompt: analyse
responses FIRST and let the evidence pick the technique; **map & connect
routes** (one endpoint's output feeds another's input) and hunt sensitive flows
(auth, reset, payment, upload, admin, export); **mine parameters**
(query/body/header/cookie + hidden ones from JS/source maps) and test the
fitting attack per param; **mock realistic data** to reach deeper logic (never
real PII); **exploit the authenticated surface** after logging in and compare
each role; **build PoCs** when a proof needs an artifact; and **bypass controls**
(verb/path/encoding/header tricks) on anything blocked.
- **Multi-role `/auth`** — set several identities in the REPL:
`/auth admin <hdr>` · `/auth user <hdr>` (Bearer/cookie/API-key; a bare token
becomes `Authorization: Bearer …`). With ≥2 roles the run gets the access-control
directive (IDOR/BOLA/BFLA/privesc, authorized-vs-unauthorized proof) and tests
both scenarios. (Same as the `creds.yaml` role blocks, now one command away.)
- **+6 decision agents** (library **389**): `param_miner`, `endpoint_flow_linker`,
`authenticated_surface_exploit`, `clickjacking_poc` (writes a framing HTML PoC),
`csrf_poc` (writes an auto-submitting HTML PoC), and `access_control_bypass`.
## Browser-driven testing & SPA agents (Juice Shop-ready)
- **Agents now actively drive the browser while testing.** The tool doctrine was
+3 -3
View File
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
1. **Recons** the target with real tools (curl/nmap/…).
2. **Intelligently selects** only the agents whose preconditions match the recon
(it does *not* blindly run all 383).
(it does *not* blindly run all 389).
3. **Exploits** in parallel — each agent works in a ReAct loop and must prove its
claim with a **tool receipt** (raw output).
4. **Validates** every candidate by **cross-model voting** (a different model
@@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
```bash
neurosploit --version # neurosploit 3.5.5
neurosploit agents # {"vulns":196,...,"chains":12,"total":383}
neurosploit agents # {"vulns":196,...,"chains":12,"total":389}
neurosploit models # all providers & models
```
@@ -535,7 +535,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
## 13. The agent library
`agents_md/` holds **383** markdown agents in categories:
`agents_md/` holds **389** markdown agents in categories:
| Category | Dir | Count | Purpose |
|----------|-----|-------|---------|
+36
View File
@@ -0,0 +1,36 @@
# Access-Control Bypass Agent
## User Prompt
You are testing **{target}** for bypassing 401/403/redirect and other access controls.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Find the block
- Identify endpoints that return 401/403/redirect or are hidden from your role
### 2. Try bypasses
- Verb tampering (GET↔POST↔PUT, HEAD, OPTIONS), path/case/encoding normalization (`//`, `/.`, `%2e`, trailing dot, `;`), header spoofing (X-Original-URL, X-Rewrite-URL, X-Forwarded-For/Host, Referer), missing-vs-invalid token, and direct object/API access behind the UI
### 3. Confirm
- Show the two requests (blocked vs bypassed) and the protected data/action reached via the bypass
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Access-Control Bypass at [endpoint]
- Severity: High
- CWE: CWE-284
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact request / PoC file path]
- Evidence: [raw request+response / PoC output proving it]
- Impact: Unauthorized access to protected resources/actions
- Remediation: Consistent server-side authorization independent of method/path formatting/headers; canonicalize before authz
```
## System Prompt
You are a specialist in bypassing 401/403/redirect and other access controls. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Authenticated Surface Exploitation Agent
## User Prompt
You are testing **{target}** for vulnerabilities reachable only after authentication.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Authenticate
- Use the provided creds/roles or perform the login flow; capture and REUSE the session/JWT/cookie
### 2. Enumerate authed surface
- List endpoints/params only reachable while logged in (account, settings, orders, admin, API); mock realistic data where a valid body is needed to go deeper
### 3. Exploit & compare roles
- Test those authenticated endpoints for IDOR/injection/mass-assignment/logic; if you have multiple roles (user AND admin), run as each and compare who can reach what
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Authenticated Surface Exploitation at [endpoint]
- Severity: High
- CWE: CWE-306
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact request / PoC file path]
- Evidence: [raw request+response / PoC output proving it]
- Impact: High-impact bugs on the privileged surface
- Remediation: Authorize every authenticated endpoint by the session user/role; least privilege
```
## System Prompt
You are a specialist in vulnerabilities reachable only after authentication. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
+36
View File
@@ -0,0 +1,36 @@
# Clickjacking PoC Builder Agent
## User Prompt
You are testing **{target}** for clickjacking / UI redress on state-changing pages.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Check framing
- Inspect X-Frame-Options and CSP frame-ancestors on sensitive/state-changing pages; if absent or permissive, the page is framable
### 2. Build a PoC
- WRITE an HTML PoC to $NEUROSPLOIT_POCS that frames the target page with a decoy overlay (an `<iframe src=... style=opacity:.0001>` under a bait button), and open/render it to prove the page loads inside the frame — capture a screenshot
### 3. Confirm impact
- Show the framed page hosts a sensitive action (delete, transfer, change email) that a user could be tricked into clicking
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Clickjacking PoC Builder at [endpoint]
- Severity: Medium
- CWE: CWE-1021
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact request / PoC file path]
- Evidence: [raw request+response / PoC output proving it]
- Impact: Tricked state-changing actions / account changes
- Remediation: Send X-Frame-Options: DENY or CSP frame-ancestors 'none'/'self' on all sensitive pages
```
## System Prompt
You are a specialist in clickjacking / UI redress on state-changing pages. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
+36
View File
@@ -0,0 +1,36 @@
# CSRF PoC Builder Agent
## User Prompt
You are testing **{target}** for cross-site request forgery on state-changing requests.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Find state-changing requests
- Identify POST/PUT/DELETE/PATCH that change state; check for an anti-CSRF token and SameSite cookie attributes
### 2. Assess protection
- Determine if the request succeeds WITHOUT a valid token / from a cross-site context (missing token, token not validated, SameSite=None or absent)
### 3. Build a PoC
- WRITE an auto-submitting HTML form PoC to $NEUROSPLOIT_POCS that replays the request cross-site; confirm the state change occurs (prove with the resulting response — never cause real damage)
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: CSRF PoC Builder at [endpoint]
- Severity: High
- CWE: CWE-352
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact request / PoC file path]
- Evidence: [raw request+response / PoC output proving it]
- Impact: Unauthorized state change on the victim's behalf
- Remediation: Require a validated anti-CSRF token; set SameSite=Lax/Strict on session cookies; re-auth sensitive actions
```
## System Prompt
You are a specialist in cross-site request forgery on state-changing requests. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
+36
View File
@@ -0,0 +1,36 @@
# Endpoint Flow & Chain Analyst Agent
## User Prompt
You are testing **{target}** for sensitive multi-step flows built by linking endpoints.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Map the graph
- Build the route/endpoint graph; note which endpoint's output (id, token, filename, URL) feeds another endpoint's input
### 2. Find sensitive flows
- Trace flows through auth, password reset, payment, file up/download, account/role change, admin, export — the ones with real impact
### 3. Attack the seam
- Tamper the value passed between steps (swap an id/token, skip a step, replay, reorder) and see if the server accepts an invalid state; connect the finding to what it unlocks downstream
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Endpoint Flow & Chain Analyst at [endpoint]
- Severity: High
- CWE: CWE-840
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact request / PoC file path]
- Evidence: [raw request+response / PoC output proving it]
- Impact: Broken workflow → data access / privilege abuse
- Remediation: Enforce server-side authorization & state validation at EVERY step; sign/scope inter-step tokens
```
## System Prompt
You are a specialist in sensitive multi-step flows built by linking endpoints. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
+36
View File
@@ -0,0 +1,36 @@
# Parameter Discovery & Testing Agent
## User Prompt
You are testing **{target}** for hidden/undocumented parameters and per-parameter vulnerabilities.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Discover
- Enumerate query/body/header/cookie params from responses, JS bundles, source maps and forms; add plausible ones the API may accept (id, user, role, admin, debug, redirect, file, callback, format)
### 2. Reason per param
- For each param, infer its purpose from the response and pick the fitting test: IDOR (ids), injection (queries/filters), path traversal (file/path), open-redirect (url/next/redirect), SSRF (url/callback), mass-assignment (role/isAdmin)
### 3. Test & confirm
- Send the targeted payload; use response DIFFERENTIALS (valid vs invalid, present vs absent) to confirm the parameter is exploitable
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Parameter Discovery & Testing at [endpoint]
- Severity: Medium
- CWE: CWE-20
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact request / PoC file path]
- Evidence: [raw request+response / PoC output proving it]
- Impact: Varies by parameter — up to injection / IDOR / SSRF
- Remediation: Validate & allow-list every parameter server-side; never trust hidden/undocumented inputs
```
## System Prompt
You are a specialist in hidden/undocumented parameters and per-parameter vulnerabilities. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
+59 -4
View File
@@ -225,6 +225,8 @@ struct Session {
target: Option<String>,
repo: Option<String>,
auth: Option<String>,
/// Named identities for multi-role access-control testing (name, header line).
roles: Vec<(String, String)>,
creds: Option<String>,
instructions: Option<String>,
attachments: Vec<String>,
@@ -247,6 +249,7 @@ impl Default for Session {
target: None,
repo: None,
auth: None,
roles: Vec::new(),
creds: None,
instructions: None,
attachments: Vec::new(),
@@ -500,9 +503,32 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> {
}
}
"/auth" => {
if arg.is_empty() { println!(" auth: {}", s.auth.clone().unwrap_or_else(|| "(none) — set with /auth <header>, clear with /auth clear".into())); }
else if arg == "clear" { s.auth = None; println!(" auth cleared"); }
else { s.auth = Some(arg.to_string()); println!(" auth set: {arg}"); }
if arg.is_empty() {
match s.auth.clone() {
Some(a) => println!(" auth: {a}"),
None => println!(" auth: (none) — /auth <header> · or roles: /auth admin <hdr> · /auth user <hdr>"),
}
for (n, v) in &s.roles { println!(" role {n}: {v}"); }
if s.roles.len() >= 2 { println!(" \x1b[2m{} identities → access-control testing (IDOR/BOLA/BFLA) on /run\x1b[0m", s.roles.len()); }
}
else if arg == "clear" { s.auth = None; s.roles.clear(); println!(" auth + roles cleared"); }
else {
// "<role> <value>" if the first token is a bare identifier (no ':').
let mut it = arg.splitn(2, char::is_whitespace);
let first = it.next().unwrap_or("");
let rest = it.next().unwrap_or("").trim();
let is_role = !first.contains(':') && !rest.is_empty()
&& first.chars().all(|c| c.is_ascii_alphanumeric() || c == '_' || c == '-');
if is_role {
let val = normalize_auth(rest);
s.roles.retain(|(n, _)| n != first);
s.roles.push((first.to_string(), val.clone()));
if s.auth.is_none() { s.auth = Some(val); } // first role also = primary session
println!(" role '{first}' set ({} identit{}) — test both scenarios on /run", s.roles.len(), if s.roles.len() == 1 { "y" } else { "ies" });
} else {
s.auth = Some(arg.to_string()); println!(" auth set: {arg}");
}
}
}
"/creds" => {
if arg.is_empty() { println!(" creds file: {}", s.creds.clone().unwrap_or_else(|| "(none) — set with /creds <file.yaml>".into())); }
@@ -847,6 +873,11 @@ async fn run(base: &Path, s: &Session, history: &mut Vec<RunRecord>) {
}
};
cfg.auth = s.auth.clone();
// Multiple /auth identities → prepend the access-control (IDOR/BOLA/BFLA) directive.
if let Some(rd) = roles_directive(&s.roles) {
let base = cfg.instructions.clone().unwrap_or_default();
cfg.instructions = Some(format!("{rd}{base}"));
}
if let M::Grey { repo, .. } = &m {
cfg.repo = Some(repo.clone());
}
@@ -1374,7 +1405,7 @@ fn help() {
println!("\n \x1b[2mTARGET & SCOPE\x1b[0m");
h("/target <url[,..]>", "black-box target URL (comma-separated = multi-target, sequential)");
h("/repo <path|url>", "analyse a repo — path or GitHub URL (repo + target = greybox)");
h("/auth <value>", "auth header, e.g. 'Authorization: Bearer <jwt>' (no arg = show)");
h("/auth <value>", "auth header (Bearer/cookie/key). Roles: /auth admin <hdr> · /auth user <hdr>");
h("/creds <file.yaml>", "creds: jwt/header/cookie/login + ssh/windows + aws/gcp/azure + roles");
h("/focus <text>", "steer the tests (or just type the instruction)");
h("@path @dir @f:1-20", "attach a file/folder/line-range to context (Tab → menu)");
@@ -1503,6 +1534,30 @@ const PROMPT: &str = "neurosploit ";
/// exiting (instead of losing an active run to a stray interrupt).
const CTRL_C: &str = "\u{0}__ctrl_c__";
/// Turn a role value into a header line: a full `Header: value` is used as-is;
/// a bare token becomes `Authorization: Bearer <token>`.
fn normalize_auth(v: &str) -> String {
let v = v.trim();
if v.contains(':') { v.to_string() } else { format!("Authorization: Bearer {v}") }
}
/// Build the multi-role access-control directive from the session roles (mirrors
/// creds.yaml roles). Empty when fewer than 2 identities.
fn roles_directive(roles: &[(String, String)]) -> Option<String> {
if roles.len() < 2 { return None; }
let list = roles.iter().map(|(n, v)| format!(" - {n} → send `{v}`")).collect::<Vec<_>>().join("\n");
Some(format!(
"MULTI-ROLE ACCESS CONTROL — you have {} identities:\n{list}\n\
Authenticate as EACH identity (send its header on every request). Test broken access control ACROSS roles and \
compare authorized vs unauthorized:\n\
- BOLA/IDOR: as a low-privilege role capture your own object IDs, then read/modify another role's objects by ID.\n\
- BFLA: call admin-only functions/endpoints/HTTP methods with a low-privilege role's session.\n\
- Privilege escalation: mass-assignment of role/permission fields, or reaching admin routes.\n\
Prove each with the two requests (authorized role succeeds, unauthorized role should be denied but isn't). \
Read-only proof; mask any PII.\n\n",
roles.len()))
}
/// Split the session target into one or more URLs (comma-separated list).
fn session_targets(s: &Session) -> Vec<String> {
s.target.as_deref().map(|t| t.split(',').map(|x| x.trim().to_string()).filter(|x| !x.is_empty()).collect())
+18 -6
View File
@@ -201,6 +201,18 @@ const DEPTH_DOCTRINE: &str = "DEPTH (exploit, don't just expose):\n\
- Audit tokens: for any JWT, check alg-confusion (RSHS), alg:none, kid/jku injection, whether the signature is actually verified, and weak/guessable HS256 secrets.\n\
- Calibrate honestly: claim High/Critical ONLY when impact is DEMONSTRATED; unproven DoS/abuse is Low/Info or a lead, never inflated.\n\n";
/// DECISION doctrine (v3.5.5): make the agent REASON about where to attack from
/// the observed responses, map & connect routes, mine parameters, test both auth
/// levels, and build PoCs — instead of blindly firing a fixed payload list.
const DECISION_DOCTRINE: &str = "DECIDE WHERE TO ATTACK (analyse, then act):\n\
- Analyse responses FIRST: read status, headers, content-type, body, redirects and TIMING; let the evidence pick the technique (e.g. SQL error SQLi; reflected input XSS; numeric id in JSON IDOR; missing X-Frame-Options clickjacking; state-changing POST without a token CSRF). Don't run payloads that the response makes irrelevant.\n\
- Map & CONNECT routes: build the route/endpoint graph and link one endpoint to another an id/token/filename returned by endpoint A is the input to endpoint B; follow multi-step flows (login profile order admin) and hunt the SENSITIVE ones (auth, password reset, payment, file upload/download, account/role changes, admin, export).\n\
- Mine PARAMETERS: enumerate query/body/header/cookie params (incl. hidden ones from JS/source maps); for each, reason about what it does and test the fitting attack (IDOR, injection, path traversal, mass-assignment, open-redirect, SSRF). Add plausible params the API might accept (id, user, role, admin, debug, redirect, file, callback).\n\
- MOCK realistic data: when a request needs valid-looking input to reach deeper logic, synthesize believable test data (emails, names, CPFs/SSNs with valid checksums, phone numbers, UUIDs, tokens, JSON bodies) so the flow proceeds never use real PII.\n\
- Authenticated testing: if you can authenticate (given creds/roles or a login you performed), REUSE the session and exploit the AUTHENTICATED surface the endpoints/params only reachable while logged in are where the high-impact bugs live. Test as EACH role you have (e.g. normal user AND admin) and compare.\n\
- Build PoCs when needed: for issues that need an artifact to prove (clickjacking an HTML page that frames the target; CSRF an auto-submitting HTML form; a multi-step or timing exploit a script), WRITE the PoC to the run's PoC dir, run/validate it, and cite the file in the evidence.\n\
- Test control BYPASSES: when something returns 401/403/redirect or is 'blocked', try to bypass it (verb tampering, path/case/encoding normalization, X-Original-URL / X-Rewrite-URL / X-Forwarded-* headers, missing-vs-invalid token, direct object/API access) and confirm the bypass with the two requests.\n\n";
/// Black-box web engagement: recon → parallel exploit → N-model vote → report.
pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender<String>) -> RunOutput {
pool.set_progress(tx.clone());
@@ -313,13 +325,13 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender<Str
let user = format!(
"AUTHORIZED engagement — you have explicit permission to test {target}. \
Do not ask for confirmation proceed and PROVE each issue.\n\n\
{directives}{react}{depth}{safety}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
{directives}{react}{depth}{decision}{safety}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
Each item: {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}. \
`evidence` must contain the concrete proof (request/response excerpt).",
target = target,
directives = directives,
react = REACT_DOCTRINE,
depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE,
depth = DEPTH_DOCTRINE, decision = DECISION_DOCTRINE, safety = SAFETY_DOCTRINE,
doctrine = tool_doctrine(mcp_on),
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
);
@@ -535,11 +547,11 @@ pub async fn run_greybox(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Se
}
let user = format!(
"AUTHORIZED greybox engagement on {target} — you also have the source review below. \
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{safety}{doctrine}{body}\n\n\
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{decision}{safety}{doctrine}{body}\n\n\
Reply ONLY a JSON array of confirmed findings (may be []): \
{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
target = target, directives = directives, leads = leads,
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(mcp_on),
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, decision = DECISION_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(mcp_on),
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
);
match pool.complete_routed(Task::Exploit, &ag.name, &ag.system, &user).await {
@@ -683,13 +695,13 @@ async fn chain_from_seed(pool: &ModelPool, target: &str, directives: &str, recon
};
let short: String = seed.title.chars().take(28).collect();
let user = format!(
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{safety}{doctrine}\
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{decision}{safety}{doctrine}\
FOOTHOLD TO EXPAND (round {round}/{max}):\n- [{}] {} @ {} ({})\n payload: {}\n evidence: {}\n\n\
LOOT GATHERED (reuse it):\n{loot_block}\n\n{recipe_block}RECON:\n{recon_ctx}\n\n\
From THIS foothold, DECIDE the best directions and PROVE new impact post-exploitation (loot creds/keys/config/source), credential reuse, privilege escalation (horizontal & vertical), lateral movement to adjacent services/hosts, data exfiltration, and NEW attack surface it exposes. Every claim needs a real tool receipt.\n\n\
Reply ONLY JSON: {{\"findings\":[{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}],\"loot\":[\"cred:user:pass@host\",\"token:...\",\"host:10.0.0.5\",\"endpoint:/internal/api\"]}} (empty arrays are fine).",
seed.severity, seed.title, seed.endpoint, seed.cwe, seed.payload, seed.evidence,
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, decision = DECISION_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
);
let label = format!("chain:{short}");
match pool.complete_routed(Task::Exploit, &label, CHAIN_SYS, &user).await {
+121
View File
@@ -0,0 +1,121 @@
#!/usr/bin/env python3
"""
NeuroSploit v3.5.5 decision / deep-exploitation agents.
Response-analysis-driven agents that reason about WHERE to attack, connect
endpoints, mine parameters, test both auth levels, build PoCs (HTML for
clickjacking/CSRF, scripts for multi-step), and bypass controls. Read-only-first,
non-destructive, authorized only; PII masked. Credits: Joas A Santos & Red Team Leaders.
"""
import os
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
OUT = os.path.join(ROOT, "agents_md", "vulns")
def render(a):
L = [f"# {a['title']} Agent\n", "## User Prompt",
f"You are testing **{{target}}** for {a['for']}.\n",
"**Recon Context:**\n{recon_json}\n", "**METHODOLOGY:**\n"]
for i, (s, bs) in enumerate(a["steps"], 1):
L.append(f"### {i}. {s}")
L += [f"- {b}" for b in bs]
L.append("")
n = len(a["steps"]) + 1
L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:",
f"- Title: {a['title']} at [endpoint]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}",
"- Endpoint: [full URL]", "- Vector: [what/where]", "- Payload: [exact request / PoC file path]",
"- Evidence: [raw request+response / PoC output proving it]", f"- Impact: {a['impact']}",
f"- Remediation: {a['fix']}", "```\n", "## System Prompt", a["system"]]
return "\n".join(L) + "\n"
def A(name, title, vc, cwe, sev, steps, fix, impact):
return {"name": name, "title": title, "for": vc, "sev": sev, "cwe": cwe, "impact": impact, "fix": fix,
"steps": steps,
"system": (f"You are a specialist in {vc}. AUTHORIZED engagement. ANALYSE responses first, then act — "
"let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a "
"proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY "
"what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; "
"never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. "
"Credits: Joas A Santos and Red Team Leaders.")}
AGENTS = [
A("param_miner", "Parameter Discovery & Testing", "hidden/undocumented parameters and per-parameter vulnerabilities",
"CWE-20", "Medium",
[("Discover", ["Enumerate query/body/header/cookie params from responses, JS bundles, source maps and forms; add "
"plausible ones the API may accept (id, user, role, admin, debug, redirect, file, callback, format)"]),
("Reason per param", ["For each param, infer its purpose from the response and pick the fitting test: IDOR (ids), "
"injection (queries/filters), path traversal (file/path), open-redirect (url/next/redirect), "
"SSRF (url/callback), mass-assignment (role/isAdmin)"]),
("Test & confirm", ["Send the targeted payload; use response DIFFERENTIALS (valid vs invalid, present vs absent) to "
"confirm the parameter is exploitable"])],
"Validate & allow-list every parameter server-side; never trust hidden/undocumented inputs",
"Varies by parameter — up to injection / IDOR / SSRF"),
A("endpoint_flow_linker", "Endpoint Flow & Chain Analyst", "sensitive multi-step flows built by linking endpoints",
"CWE-840", "High",
[("Map the graph", ["Build the route/endpoint graph; note which endpoint's output (id, token, filename, URL) feeds "
"another endpoint's input"]),
("Find sensitive flows", ["Trace flows through auth, password reset, payment, file up/download, account/role change, "
"admin, export — the ones with real impact"]),
("Attack the seam", ["Tamper the value passed between steps (swap an id/token, skip a step, replay, reorder) and see "
"if the server accepts an invalid state; connect the finding to what it unlocks downstream"])],
"Enforce server-side authorization & state validation at EVERY step; sign/scope inter-step tokens",
"Broken workflow → data access / privilege abuse"),
A("authenticated_surface_exploit", "Authenticated Surface Exploitation", "vulnerabilities reachable only after authentication",
"CWE-306", "High",
[("Authenticate", ["Use the provided creds/roles or perform the login flow; capture and REUSE the session/JWT/cookie"]),
("Enumerate authed surface", ["List endpoints/params only reachable while logged in (account, settings, orders, "
"admin, API); mock realistic data where a valid body is needed to go deeper"]),
("Exploit & compare roles", ["Test those authenticated endpoints for IDOR/injection/mass-assignment/logic; if you "
"have multiple roles (user AND admin), run as each and compare who can reach what"])],
"Authorize every authenticated endpoint by the session user/role; least privilege",
"High-impact bugs on the privileged surface"),
A("clickjacking_poc", "Clickjacking PoC Builder", "clickjacking / UI redress on state-changing pages",
"CWE-1021", "Medium",
[("Check framing", ["Inspect X-Frame-Options and CSP frame-ancestors on sensitive/state-changing pages; if absent or "
"permissive, the page is framable"]),
("Build a PoC", ["WRITE an HTML PoC to $NEUROSPLOIT_POCS that frames the target page with a decoy overlay (an "
"`<iframe src=... style=opacity:.0001>` under a bait button), and open/render it to prove the page "
"loads inside the frame — capture a screenshot"]),
("Confirm impact", ["Show the framed page hosts a sensitive action (delete, transfer, change email) that a user could "
"be tricked into clicking"])],
"Send X-Frame-Options: DENY or CSP frame-ancestors 'none'/'self' on all sensitive pages",
"Tricked state-changing actions / account changes"),
A("csrf_poc", "CSRF PoC Builder", "cross-site request forgery on state-changing requests",
"CWE-352", "High",
[("Find state-changing requests", ["Identify POST/PUT/DELETE/PATCH that change state; check for an anti-CSRF token and "
"SameSite cookie attributes"]),
("Assess protection", ["Determine if the request succeeds WITHOUT a valid token / from a cross-site context (missing "
"token, token not validated, SameSite=None or absent)"]),
("Build a PoC", ["WRITE an auto-submitting HTML form PoC to $NEUROSPLOIT_POCS that replays the request cross-site; "
"confirm the state change occurs (prove with the resulting response — never cause real damage)"])],
"Require a validated anti-CSRF token; set SameSite=Lax/Strict on session cookies; re-auth sensitive actions",
"Unauthorized state change on the victim's behalf"),
A("access_control_bypass", "Access-Control Bypass", "bypassing 401/403/redirect and other access controls",
"CWE-284", "High",
[("Find the block", ["Identify endpoints that return 401/403/redirect or are hidden from your role"]),
("Try bypasses", ["Verb tampering (GET↔POST↔PUT, HEAD, OPTIONS), path/case/encoding normalization (`//`, `/.`, "
"`%2e`, trailing dot, `;`), header spoofing (X-Original-URL, X-Rewrite-URL, X-Forwarded-For/Host, "
"Referer), missing-vs-invalid token, and direct object/API access behind the UI"]),
("Confirm", ["Show the two requests (blocked vs bypassed) and the protected data/action reached via the bypass"])],
"Consistent server-side authorization independent of method/path formatting/headers; canonicalize before authz",
"Unauthorized access to protected resources/actions"),
]
def main():
os.makedirs(OUT, exist_ok=True)
for a in AGENTS:
open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a))
print(f"wrote {len(AGENTS)} decision/deep-exploitation agents to {OUT}")
if __name__ == "__main__":
main()