mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-06 19:37:57 +02:00
decision-driven deep exploitation: DECISION doctrine, multi-role /auth, +6 agents
- DECISION_DOCTRINE injected into exploit/grey/chain prompts: analyse responses to pick the technique; map & connect routes (endpoint output → next endpoint input); hunt sensitive flows; mine parameters (incl. hidden from JS/source maps) and test per-param; mock realistic (non-PII) data to reach deeper logic; exploit the authenticated surface after login and compare roles; build PoCs when a proof needs an artifact; bypass 401/403/redirect controls. - REPL /auth now supports multiple named identities (/auth admin <hdr>, /auth user <hdr>; bare token → Bearer). With >=2 roles the run gets the access-control directive (IDOR/BOLA/BFLA/privesc, authorized-vs-unauthorized) and tests both. - +6 decision agents (library 389): param_miner, endpoint_flow_linker, authenticated_surface_exploit, clickjacking_poc (HTML PoC), csrf_poc (HTML PoC), access_control_bypass. - Docs: counts 383->389, RELEASE + /auth help updated.
This commit is contained in:
@@ -11,7 +11,7 @@
|
||||
<img src="https://img.shields.io/badge/Version-3.5.5-blue?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Harness-Rust%20%7C%20tokio-e6b673?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/License-MIT-green?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/MD%20Agents-383-red?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/MD%20Agents-389-red?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Models-14%20providers-success?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Modes-Black%20%7C%20White%20%7C%20Grey%20%7C%20Host-9cf?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Auth-API%20key%20%7C%20Subscription-orange?style=flat-square">
|
||||
@@ -44,7 +44,7 @@ LLMs** — via **API key** or local **subscription** (Claude Code / Codex / Gemi
|
||||
Grok) — recons the target, **intelligently selects only the agents that match the
|
||||
discovered surface**, runs them in parallel, **chains** findings into deeper
|
||||
impact, and **validates every claim by cross-model voting + tool-receipt
|
||||
grounding** before reporting. It ships **383 markdown agents** and a **Mission
|
||||
grounding** before reporting. It ships **389 markdown agents** and a **Mission
|
||||
Control TUI**.
|
||||
|
||||
### Engagement modes
|
||||
|
||||
+20
@@ -102,6 +102,26 @@ interactive line-editing.
|
||||
- **Rate-limit testing** is a first-class control check (small non-disruptive
|
||||
burst → look for 429/lockout/Retry-After), never a DoS.
|
||||
|
||||
## Decision-driven deep exploitation
|
||||
|
||||
- **DECISION doctrine** injected into every exploit/grey/chain prompt: analyse
|
||||
responses FIRST and let the evidence pick the technique; **map & connect
|
||||
routes** (one endpoint's output feeds another's input) and hunt sensitive flows
|
||||
(auth, reset, payment, upload, admin, export); **mine parameters**
|
||||
(query/body/header/cookie + hidden ones from JS/source maps) and test the
|
||||
fitting attack per param; **mock realistic data** to reach deeper logic (never
|
||||
real PII); **exploit the authenticated surface** after logging in and compare
|
||||
each role; **build PoCs** when a proof needs an artifact; and **bypass controls**
|
||||
(verb/path/encoding/header tricks) on anything blocked.
|
||||
- **Multi-role `/auth`** — set several identities in the REPL:
|
||||
`/auth admin <hdr>` · `/auth user <hdr>` (Bearer/cookie/API-key; a bare token
|
||||
becomes `Authorization: Bearer …`). With ≥2 roles the run gets the access-control
|
||||
directive (IDOR/BOLA/BFLA/privesc, authorized-vs-unauthorized proof) and tests
|
||||
both scenarios. (Same as the `creds.yaml` role blocks, now one command away.)
|
||||
- **+6 decision agents** (library **389**): `param_miner`, `endpoint_flow_linker`,
|
||||
`authenticated_surface_exploit`, `clickjacking_poc` (writes a framing HTML PoC),
|
||||
`csrf_poc` (writes an auto-submitting HTML PoC), and `access_control_bypass`.
|
||||
|
||||
## Browser-driven testing & SPA agents (Juice Shop-ready)
|
||||
|
||||
- **Agents now actively drive the browser while testing.** The tool doctrine was
|
||||
|
||||
+3
-3
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
|
||||
|
||||
1. **Recons** the target with real tools (curl/nmap/…).
|
||||
2. **Intelligently selects** only the agents whose preconditions match the recon
|
||||
(it does *not* blindly run all 383).
|
||||
(it does *not* blindly run all 389).
|
||||
3. **Exploits** in parallel — each agent works in a ReAct loop and must prove its
|
||||
claim with a **tool receipt** (raw output).
|
||||
4. **Validates** every candidate by **cross-model voting** (a different model
|
||||
@@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
|
||||
|
||||
```bash
|
||||
neurosploit --version # neurosploit 3.5.5
|
||||
neurosploit agents # {"vulns":196,...,"chains":12,"total":383}
|
||||
neurosploit agents # {"vulns":196,...,"chains":12,"total":389}
|
||||
neurosploit models # all providers & models
|
||||
```
|
||||
|
||||
@@ -535,7 +535,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
|
||||
|
||||
## 13. The agent library
|
||||
|
||||
`agents_md/` holds **383** markdown agents in categories:
|
||||
`agents_md/` holds **389** markdown agents in categories:
|
||||
|
||||
| Category | Dir | Count | Purpose |
|
||||
|----------|-----|-------|---------|
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
# Access-Control Bypass Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for bypassing 401/403/redirect and other access controls.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Find the block
|
||||
- Identify endpoints that return 401/403/redirect or are hidden from your role
|
||||
|
||||
### 2. Try bypasses
|
||||
- Verb tampering (GET↔POST↔PUT, HEAD, OPTIONS), path/case/encoding normalization (`//`, `/.`, `%2e`, trailing dot, `;`), header spoofing (X-Original-URL, X-Rewrite-URL, X-Forwarded-For/Host, Referer), missing-vs-invalid token, and direct object/API access behind the UI
|
||||
|
||||
### 3. Confirm
|
||||
- Show the two requests (blocked vs bypassed) and the protected data/action reached via the bypass
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Access-Control Bypass at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-284
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request / PoC file path]
|
||||
- Evidence: [raw request+response / PoC output proving it]
|
||||
- Impact: Unauthorized access to protected resources/actions
|
||||
- Remediation: Consistent server-side authorization independent of method/path formatting/headers; canonicalize before authz
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in bypassing 401/403/redirect and other access controls. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Authenticated Surface Exploitation Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for vulnerabilities reachable only after authentication.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Authenticate
|
||||
- Use the provided creds/roles or perform the login flow; capture and REUSE the session/JWT/cookie
|
||||
|
||||
### 2. Enumerate authed surface
|
||||
- List endpoints/params only reachable while logged in (account, settings, orders, admin, API); mock realistic data where a valid body is needed to go deeper
|
||||
|
||||
### 3. Exploit & compare roles
|
||||
- Test those authenticated endpoints for IDOR/injection/mass-assignment/logic; if you have multiple roles (user AND admin), run as each and compare who can reach what
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Authenticated Surface Exploitation at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-306
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request / PoC file path]
|
||||
- Evidence: [raw request+response / PoC output proving it]
|
||||
- Impact: High-impact bugs on the privileged surface
|
||||
- Remediation: Authorize every authenticated endpoint by the session user/role; least privilege
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in vulnerabilities reachable only after authentication. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Clickjacking PoC Builder Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for clickjacking / UI redress on state-changing pages.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Check framing
|
||||
- Inspect X-Frame-Options and CSP frame-ancestors on sensitive/state-changing pages; if absent or permissive, the page is framable
|
||||
|
||||
### 2. Build a PoC
|
||||
- WRITE an HTML PoC to $NEUROSPLOIT_POCS that frames the target page with a decoy overlay (an `<iframe src=... style=opacity:.0001>` under a bait button), and open/render it to prove the page loads inside the frame — capture a screenshot
|
||||
|
||||
### 3. Confirm impact
|
||||
- Show the framed page hosts a sensitive action (delete, transfer, change email) that a user could be tricked into clicking
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Clickjacking PoC Builder at [endpoint]
|
||||
- Severity: Medium
|
||||
- CWE: CWE-1021
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request / PoC file path]
|
||||
- Evidence: [raw request+response / PoC output proving it]
|
||||
- Impact: Tricked state-changing actions / account changes
|
||||
- Remediation: Send X-Frame-Options: DENY or CSP frame-ancestors 'none'/'self' on all sensitive pages
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in clickjacking / UI redress on state-changing pages. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# CSRF PoC Builder Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for cross-site request forgery on state-changing requests.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Find state-changing requests
|
||||
- Identify POST/PUT/DELETE/PATCH that change state; check for an anti-CSRF token and SameSite cookie attributes
|
||||
|
||||
### 2. Assess protection
|
||||
- Determine if the request succeeds WITHOUT a valid token / from a cross-site context (missing token, token not validated, SameSite=None or absent)
|
||||
|
||||
### 3. Build a PoC
|
||||
- WRITE an auto-submitting HTML form PoC to $NEUROSPLOIT_POCS that replays the request cross-site; confirm the state change occurs (prove with the resulting response — never cause real damage)
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: CSRF PoC Builder at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-352
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request / PoC file path]
|
||||
- Evidence: [raw request+response / PoC output proving it]
|
||||
- Impact: Unauthorized state change on the victim's behalf
|
||||
- Remediation: Require a validated anti-CSRF token; set SameSite=Lax/Strict on session cookies; re-auth sensitive actions
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in cross-site request forgery on state-changing requests. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Endpoint Flow & Chain Analyst Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for sensitive multi-step flows built by linking endpoints.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Map the graph
|
||||
- Build the route/endpoint graph; note which endpoint's output (id, token, filename, URL) feeds another endpoint's input
|
||||
|
||||
### 2. Find sensitive flows
|
||||
- Trace flows through auth, password reset, payment, file up/download, account/role change, admin, export — the ones with real impact
|
||||
|
||||
### 3. Attack the seam
|
||||
- Tamper the value passed between steps (swap an id/token, skip a step, replay, reorder) and see if the server accepts an invalid state; connect the finding to what it unlocks downstream
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Endpoint Flow & Chain Analyst at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-840
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request / PoC file path]
|
||||
- Evidence: [raw request+response / PoC output proving it]
|
||||
- Impact: Broken workflow → data access / privilege abuse
|
||||
- Remediation: Enforce server-side authorization & state validation at EVERY step; sign/scope inter-step tokens
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in sensitive multi-step flows built by linking endpoints. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Parameter Discovery & Testing Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for hidden/undocumented parameters and per-parameter vulnerabilities.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Discover
|
||||
- Enumerate query/body/header/cookie params from responses, JS bundles, source maps and forms; add plausible ones the API may accept (id, user, role, admin, debug, redirect, file, callback, format)
|
||||
|
||||
### 2. Reason per param
|
||||
- For each param, infer its purpose from the response and pick the fitting test: IDOR (ids), injection (queries/filters), path traversal (file/path), open-redirect (url/next/redirect), SSRF (url/callback), mass-assignment (role/isAdmin)
|
||||
|
||||
### 3. Test & confirm
|
||||
- Send the targeted payload; use response DIFFERENTIALS (valid vs invalid, present vs absent) to confirm the parameter is exploitable
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Parameter Discovery & Testing at [endpoint]
|
||||
- Severity: Medium
|
||||
- CWE: CWE-20
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request / PoC file path]
|
||||
- Evidence: [raw request+response / PoC output proving it]
|
||||
- Impact: Varies by parameter — up to injection / IDOR / SSRF
|
||||
- Remediation: Validate & allow-list every parameter server-side; never trust hidden/undocumented inputs
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in hidden/undocumented parameters and per-parameter vulnerabilities. AUTHORIZED engagement. ANALYSE responses first, then act — let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -225,6 +225,8 @@ struct Session {
|
||||
target: Option<String>,
|
||||
repo: Option<String>,
|
||||
auth: Option<String>,
|
||||
/// Named identities for multi-role access-control testing (name, header line).
|
||||
roles: Vec<(String, String)>,
|
||||
creds: Option<String>,
|
||||
instructions: Option<String>,
|
||||
attachments: Vec<String>,
|
||||
@@ -247,6 +249,7 @@ impl Default for Session {
|
||||
target: None,
|
||||
repo: None,
|
||||
auth: None,
|
||||
roles: Vec::new(),
|
||||
creds: None,
|
||||
instructions: None,
|
||||
attachments: Vec::new(),
|
||||
@@ -500,9 +503,32 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> {
|
||||
}
|
||||
}
|
||||
"/auth" => {
|
||||
if arg.is_empty() { println!(" auth: {}", s.auth.clone().unwrap_or_else(|| "(none) — set with /auth <header>, clear with /auth clear".into())); }
|
||||
else if arg == "clear" { s.auth = None; println!(" auth cleared"); }
|
||||
else { s.auth = Some(arg.to_string()); println!(" auth set: {arg}"); }
|
||||
if arg.is_empty() {
|
||||
match s.auth.clone() {
|
||||
Some(a) => println!(" auth: {a}"),
|
||||
None => println!(" auth: (none) — /auth <header> · or roles: /auth admin <hdr> · /auth user <hdr>"),
|
||||
}
|
||||
for (n, v) in &s.roles { println!(" role {n}: {v}"); }
|
||||
if s.roles.len() >= 2 { println!(" \x1b[2m{} identities → access-control testing (IDOR/BOLA/BFLA) on /run\x1b[0m", s.roles.len()); }
|
||||
}
|
||||
else if arg == "clear" { s.auth = None; s.roles.clear(); println!(" auth + roles cleared"); }
|
||||
else {
|
||||
// "<role> <value>" if the first token is a bare identifier (no ':').
|
||||
let mut it = arg.splitn(2, char::is_whitespace);
|
||||
let first = it.next().unwrap_or("");
|
||||
let rest = it.next().unwrap_or("").trim();
|
||||
let is_role = !first.contains(':') && !rest.is_empty()
|
||||
&& first.chars().all(|c| c.is_ascii_alphanumeric() || c == '_' || c == '-');
|
||||
if is_role {
|
||||
let val = normalize_auth(rest);
|
||||
s.roles.retain(|(n, _)| n != first);
|
||||
s.roles.push((first.to_string(), val.clone()));
|
||||
if s.auth.is_none() { s.auth = Some(val); } // first role also = primary session
|
||||
println!(" role '{first}' set ({} identit{}) — test both scenarios on /run", s.roles.len(), if s.roles.len() == 1 { "y" } else { "ies" });
|
||||
} else {
|
||||
s.auth = Some(arg.to_string()); println!(" auth set: {arg}");
|
||||
}
|
||||
}
|
||||
}
|
||||
"/creds" => {
|
||||
if arg.is_empty() { println!(" creds file: {}", s.creds.clone().unwrap_or_else(|| "(none) — set with /creds <file.yaml>".into())); }
|
||||
@@ -847,6 +873,11 @@ async fn run(base: &Path, s: &Session, history: &mut Vec<RunRecord>) {
|
||||
}
|
||||
};
|
||||
cfg.auth = s.auth.clone();
|
||||
// Multiple /auth identities → prepend the access-control (IDOR/BOLA/BFLA) directive.
|
||||
if let Some(rd) = roles_directive(&s.roles) {
|
||||
let base = cfg.instructions.clone().unwrap_or_default();
|
||||
cfg.instructions = Some(format!("{rd}{base}"));
|
||||
}
|
||||
if let M::Grey { repo, .. } = &m {
|
||||
cfg.repo = Some(repo.clone());
|
||||
}
|
||||
@@ -1374,7 +1405,7 @@ fn help() {
|
||||
println!("\n \x1b[2mTARGET & SCOPE\x1b[0m");
|
||||
h("/target <url[,..]>", "black-box target URL (comma-separated = multi-target, sequential)");
|
||||
h("/repo <path|url>", "analyse a repo — path or GitHub URL (repo + target = greybox)");
|
||||
h("/auth <value>", "auth header, e.g. 'Authorization: Bearer <jwt>' (no arg = show)");
|
||||
h("/auth <value>", "auth header (Bearer/cookie/key). Roles: /auth admin <hdr> · /auth user <hdr>");
|
||||
h("/creds <file.yaml>", "creds: jwt/header/cookie/login + ssh/windows + aws/gcp/azure + roles");
|
||||
h("/focus <text>", "steer the tests (or just type the instruction)");
|
||||
h("@path @dir @f:1-20", "attach a file/folder/line-range to context (Tab → menu)");
|
||||
@@ -1503,6 +1534,30 @@ const PROMPT: &str = "neurosploit› ";
|
||||
/// exiting (instead of losing an active run to a stray interrupt).
|
||||
const CTRL_C: &str = "\u{0}__ctrl_c__";
|
||||
|
||||
/// Turn a role value into a header line: a full `Header: value` is used as-is;
|
||||
/// a bare token becomes `Authorization: Bearer <token>`.
|
||||
fn normalize_auth(v: &str) -> String {
|
||||
let v = v.trim();
|
||||
if v.contains(':') { v.to_string() } else { format!("Authorization: Bearer {v}") }
|
||||
}
|
||||
|
||||
/// Build the multi-role access-control directive from the session roles (mirrors
|
||||
/// creds.yaml roles). Empty when fewer than 2 identities.
|
||||
fn roles_directive(roles: &[(String, String)]) -> Option<String> {
|
||||
if roles.len() < 2 { return None; }
|
||||
let list = roles.iter().map(|(n, v)| format!(" - {n} → send `{v}`")).collect::<Vec<_>>().join("\n");
|
||||
Some(format!(
|
||||
"MULTI-ROLE ACCESS CONTROL — you have {} identities:\n{list}\n\
|
||||
Authenticate as EACH identity (send its header on every request). Test broken access control ACROSS roles and \
|
||||
compare authorized vs unauthorized:\n\
|
||||
- BOLA/IDOR: as a low-privilege role capture your own object IDs, then read/modify another role's objects by ID.\n\
|
||||
- BFLA: call admin-only functions/endpoints/HTTP methods with a low-privilege role's session.\n\
|
||||
- Privilege escalation: mass-assignment of role/permission fields, or reaching admin routes.\n\
|
||||
Prove each with the two requests (authorized role succeeds, unauthorized role should be denied but isn't). \
|
||||
Read-only proof; mask any PII.\n\n",
|
||||
roles.len()))
|
||||
}
|
||||
|
||||
/// Split the session target into one or more URLs (comma-separated list).
|
||||
fn session_targets(s: &Session) -> Vec<String> {
|
||||
s.target.as_deref().map(|t| t.split(',').map(|x| x.trim().to_string()).filter(|x| !x.is_empty()).collect())
|
||||
|
||||
@@ -201,6 +201,18 @@ const DEPTH_DOCTRINE: &str = "DEPTH (exploit, don't just expose):\n\
|
||||
- Audit tokens: for any JWT, check alg-confusion (RS→HS), alg:none, kid/jku injection, whether the signature is actually verified, and weak/guessable HS256 secrets.\n\
|
||||
- Calibrate honestly: claim High/Critical ONLY when impact is DEMONSTRATED; unproven DoS/abuse is Low/Info or a lead, never inflated.\n\n";
|
||||
|
||||
/// DECISION doctrine (v3.5.5): make the agent REASON about where to attack from
|
||||
/// the observed responses, map & connect routes, mine parameters, test both auth
|
||||
/// levels, and build PoCs — instead of blindly firing a fixed payload list.
|
||||
const DECISION_DOCTRINE: &str = "DECIDE WHERE TO ATTACK (analyse, then act):\n\
|
||||
- Analyse responses FIRST: read status, headers, content-type, body, redirects and TIMING; let the evidence pick the technique (e.g. SQL error → SQLi; reflected input → XSS; numeric id in JSON → IDOR; missing X-Frame-Options → clickjacking; state-changing POST without a token → CSRF). Don't run payloads that the response makes irrelevant.\n\
|
||||
- Map & CONNECT routes: build the route/endpoint graph and link one endpoint to another — an id/token/filename returned by endpoint A is the input to endpoint B; follow multi-step flows (login → profile → order → admin) and hunt the SENSITIVE ones (auth, password reset, payment, file upload/download, account/role changes, admin, export).\n\
|
||||
- Mine PARAMETERS: enumerate query/body/header/cookie params (incl. hidden ones from JS/source maps); for each, reason about what it does and test the fitting attack (IDOR, injection, path traversal, mass-assignment, open-redirect, SSRF). Add plausible params the API might accept (id, user, role, admin, debug, redirect, file, callback).\n\
|
||||
- MOCK realistic data: when a request needs valid-looking input to reach deeper logic, synthesize believable test data (emails, names, CPFs/SSNs with valid checksums, phone numbers, UUIDs, tokens, JSON bodies) so the flow proceeds — never use real PII.\n\
|
||||
- Authenticated testing: if you can authenticate (given creds/roles or a login you performed), REUSE the session and exploit the AUTHENTICATED surface — the endpoints/params only reachable while logged in are where the high-impact bugs live. Test as EACH role you have (e.g. normal user AND admin) and compare.\n\
|
||||
- Build PoCs when needed: for issues that need an artifact to prove (clickjacking → an HTML page that frames the target; CSRF → an auto-submitting HTML form; a multi-step or timing exploit → a script), WRITE the PoC to the run's PoC dir, run/validate it, and cite the file in the evidence.\n\
|
||||
- Test control BYPASSES: when something returns 401/403/redirect or is 'blocked', try to bypass it (verb tampering, path/case/encoding normalization, X-Original-URL / X-Rewrite-URL / X-Forwarded-* headers, missing-vs-invalid token, direct object/API access) and confirm the bypass with the two requests.\n\n";
|
||||
|
||||
/// Black-box web engagement: recon → parallel exploit → N-model vote → report.
|
||||
pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender<String>) -> RunOutput {
|
||||
pool.set_progress(tx.clone());
|
||||
@@ -313,13 +325,13 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender<Str
|
||||
let user = format!(
|
||||
"AUTHORIZED engagement — you have explicit permission to test {target}. \
|
||||
Do not ask for confirmation — proceed and PROVE each issue.\n\n\
|
||||
{directives}{react}{depth}{safety}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
|
||||
{directives}{react}{depth}{decision}{safety}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
|
||||
Each item: {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}. \
|
||||
`evidence` must contain the concrete proof (request/response excerpt).",
|
||||
target = target,
|
||||
directives = directives,
|
||||
react = REACT_DOCTRINE,
|
||||
depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE,
|
||||
depth = DEPTH_DOCTRINE, decision = DECISION_DOCTRINE, safety = SAFETY_DOCTRINE,
|
||||
doctrine = tool_doctrine(mcp_on),
|
||||
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
|
||||
);
|
||||
@@ -535,11 +547,11 @@ pub async fn run_greybox(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Se
|
||||
}
|
||||
let user = format!(
|
||||
"AUTHORIZED greybox engagement on {target} — you also have the source review below. \
|
||||
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{safety}{doctrine}{body}\n\n\
|
||||
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{decision}{safety}{doctrine}{body}\n\n\
|
||||
Reply ONLY a JSON array of confirmed findings (may be []): \
|
||||
{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
|
||||
target = target, directives = directives, leads = leads,
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(mcp_on),
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, decision = DECISION_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(mcp_on),
|
||||
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
|
||||
);
|
||||
match pool.complete_routed(Task::Exploit, &ag.name, &ag.system, &user).await {
|
||||
@@ -683,13 +695,13 @@ async fn chain_from_seed(pool: &ModelPool, target: &str, directives: &str, recon
|
||||
};
|
||||
let short: String = seed.title.chars().take(28).collect();
|
||||
let user = format!(
|
||||
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{safety}{doctrine}\
|
||||
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{decision}{safety}{doctrine}\
|
||||
FOOTHOLD TO EXPAND (round {round}/{max}):\n- [{}] {} @ {} ({})\n payload: {}\n evidence: {}\n\n\
|
||||
LOOT GATHERED (reuse it):\n{loot_block}\n\n{recipe_block}RECON:\n{recon_ctx}\n\n\
|
||||
From THIS foothold, DECIDE the best directions and PROVE new impact — post-exploitation (loot creds/keys/config/source), credential reuse, privilege escalation (horizontal & vertical), lateral movement to adjacent services/hosts, data exfiltration, and NEW attack surface it exposes. Every claim needs a real tool receipt.\n\n\
|
||||
Reply ONLY JSON: {{\"findings\":[{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}],\"loot\":[\"cred:user:pass@host\",\"token:...\",\"host:10.0.0.5\",\"endpoint:/internal/api\"]}} (empty arrays are fine).",
|
||||
seed.severity, seed.title, seed.endpoint, seed.cwe, seed.payload, seed.evidence,
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, decision = DECISION_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
|
||||
);
|
||||
let label = format!("chain:{short}");
|
||||
match pool.complete_routed(Task::Exploit, &label, CHAIN_SYS, &user).await {
|
||||
|
||||
@@ -0,0 +1,121 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
NeuroSploit v3.5.5 — decision / deep-exploitation agents.
|
||||
|
||||
Response-analysis-driven agents that reason about WHERE to attack, connect
|
||||
endpoints, mine parameters, test both auth levels, build PoCs (HTML for
|
||||
clickjacking/CSRF, scripts for multi-step), and bypass controls. Read-only-first,
|
||||
non-destructive, authorized only; PII masked. Credits: Joas A Santos & Red Team Leaders.
|
||||
"""
|
||||
import os
|
||||
|
||||
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
OUT = os.path.join(ROOT, "agents_md", "vulns")
|
||||
|
||||
|
||||
def render(a):
|
||||
L = [f"# {a['title']} Agent\n", "## User Prompt",
|
||||
f"You are testing **{{target}}** for {a['for']}.\n",
|
||||
"**Recon Context:**\n{recon_json}\n", "**METHODOLOGY:**\n"]
|
||||
for i, (s, bs) in enumerate(a["steps"], 1):
|
||||
L.append(f"### {i}. {s}")
|
||||
L += [f"- {b}" for b in bs]
|
||||
L.append("")
|
||||
n = len(a["steps"]) + 1
|
||||
L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:",
|
||||
f"- Title: {a['title']} at [endpoint]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}",
|
||||
"- Endpoint: [full URL]", "- Vector: [what/where]", "- Payload: [exact request / PoC file path]",
|
||||
"- Evidence: [raw request+response / PoC output proving it]", f"- Impact: {a['impact']}",
|
||||
f"- Remediation: {a['fix']}", "```\n", "## System Prompt", a["system"]]
|
||||
return "\n".join(L) + "\n"
|
||||
|
||||
|
||||
def A(name, title, vc, cwe, sev, steps, fix, impact):
|
||||
return {"name": name, "title": title, "for": vc, "sev": sev, "cwe": cwe, "impact": impact, "fix": fix,
|
||||
"steps": steps,
|
||||
"system": (f"You are a specialist in {vc}. AUTHORIZED engagement. ANALYSE responses first, then act — "
|
||||
"let the evidence pick the technique. Connect endpoints and reuse any session you obtain. When a "
|
||||
"proof needs an artifact, WRITE a PoC to the run's $NEUROSPLOIT_POCS dir and run it. Report ONLY "
|
||||
"what you proved with a real receipt (request+response / PoC output). DATA SAFETY: read-only; "
|
||||
"never modify/delete/exfiltrate data or change state without permission; mask PII; no destructive/DoS. "
|
||||
"Credits: Joas A Santos and Red Team Leaders.")}
|
||||
|
||||
|
||||
AGENTS = [
|
||||
A("param_miner", "Parameter Discovery & Testing", "hidden/undocumented parameters and per-parameter vulnerabilities",
|
||||
"CWE-20", "Medium",
|
||||
[("Discover", ["Enumerate query/body/header/cookie params from responses, JS bundles, source maps and forms; add "
|
||||
"plausible ones the API may accept (id, user, role, admin, debug, redirect, file, callback, format)"]),
|
||||
("Reason per param", ["For each param, infer its purpose from the response and pick the fitting test: IDOR (ids), "
|
||||
"injection (queries/filters), path traversal (file/path), open-redirect (url/next/redirect), "
|
||||
"SSRF (url/callback), mass-assignment (role/isAdmin)"]),
|
||||
("Test & confirm", ["Send the targeted payload; use response DIFFERENTIALS (valid vs invalid, present vs absent) to "
|
||||
"confirm the parameter is exploitable"])],
|
||||
"Validate & allow-list every parameter server-side; never trust hidden/undocumented inputs",
|
||||
"Varies by parameter — up to injection / IDOR / SSRF"),
|
||||
|
||||
A("endpoint_flow_linker", "Endpoint Flow & Chain Analyst", "sensitive multi-step flows built by linking endpoints",
|
||||
"CWE-840", "High",
|
||||
[("Map the graph", ["Build the route/endpoint graph; note which endpoint's output (id, token, filename, URL) feeds "
|
||||
"another endpoint's input"]),
|
||||
("Find sensitive flows", ["Trace flows through auth, password reset, payment, file up/download, account/role change, "
|
||||
"admin, export — the ones with real impact"]),
|
||||
("Attack the seam", ["Tamper the value passed between steps (swap an id/token, skip a step, replay, reorder) and see "
|
||||
"if the server accepts an invalid state; connect the finding to what it unlocks downstream"])],
|
||||
"Enforce server-side authorization & state validation at EVERY step; sign/scope inter-step tokens",
|
||||
"Broken workflow → data access / privilege abuse"),
|
||||
|
||||
A("authenticated_surface_exploit", "Authenticated Surface Exploitation", "vulnerabilities reachable only after authentication",
|
||||
"CWE-306", "High",
|
||||
[("Authenticate", ["Use the provided creds/roles or perform the login flow; capture and REUSE the session/JWT/cookie"]),
|
||||
("Enumerate authed surface", ["List endpoints/params only reachable while logged in (account, settings, orders, "
|
||||
"admin, API); mock realistic data where a valid body is needed to go deeper"]),
|
||||
("Exploit & compare roles", ["Test those authenticated endpoints for IDOR/injection/mass-assignment/logic; if you "
|
||||
"have multiple roles (user AND admin), run as each and compare who can reach what"])],
|
||||
"Authorize every authenticated endpoint by the session user/role; least privilege",
|
||||
"High-impact bugs on the privileged surface"),
|
||||
|
||||
A("clickjacking_poc", "Clickjacking PoC Builder", "clickjacking / UI redress on state-changing pages",
|
||||
"CWE-1021", "Medium",
|
||||
[("Check framing", ["Inspect X-Frame-Options and CSP frame-ancestors on sensitive/state-changing pages; if absent or "
|
||||
"permissive, the page is framable"]),
|
||||
("Build a PoC", ["WRITE an HTML PoC to $NEUROSPLOIT_POCS that frames the target page with a decoy overlay (an "
|
||||
"`<iframe src=... style=opacity:.0001>` under a bait button), and open/render it to prove the page "
|
||||
"loads inside the frame — capture a screenshot"]),
|
||||
("Confirm impact", ["Show the framed page hosts a sensitive action (delete, transfer, change email) that a user could "
|
||||
"be tricked into clicking"])],
|
||||
"Send X-Frame-Options: DENY or CSP frame-ancestors 'none'/'self' on all sensitive pages",
|
||||
"Tricked state-changing actions / account changes"),
|
||||
|
||||
A("csrf_poc", "CSRF PoC Builder", "cross-site request forgery on state-changing requests",
|
||||
"CWE-352", "High",
|
||||
[("Find state-changing requests", ["Identify POST/PUT/DELETE/PATCH that change state; check for an anti-CSRF token and "
|
||||
"SameSite cookie attributes"]),
|
||||
("Assess protection", ["Determine if the request succeeds WITHOUT a valid token / from a cross-site context (missing "
|
||||
"token, token not validated, SameSite=None or absent)"]),
|
||||
("Build a PoC", ["WRITE an auto-submitting HTML form PoC to $NEUROSPLOIT_POCS that replays the request cross-site; "
|
||||
"confirm the state change occurs (prove with the resulting response — never cause real damage)"])],
|
||||
"Require a validated anti-CSRF token; set SameSite=Lax/Strict on session cookies; re-auth sensitive actions",
|
||||
"Unauthorized state change on the victim's behalf"),
|
||||
|
||||
A("access_control_bypass", "Access-Control Bypass", "bypassing 401/403/redirect and other access controls",
|
||||
"CWE-284", "High",
|
||||
[("Find the block", ["Identify endpoints that return 401/403/redirect or are hidden from your role"]),
|
||||
("Try bypasses", ["Verb tampering (GET↔POST↔PUT, HEAD, OPTIONS), path/case/encoding normalization (`//`, `/.`, "
|
||||
"`%2e`, trailing dot, `;`), header spoofing (X-Original-URL, X-Rewrite-URL, X-Forwarded-For/Host, "
|
||||
"Referer), missing-vs-invalid token, and direct object/API access behind the UI"]),
|
||||
("Confirm", ["Show the two requests (blocked vs bypassed) and the protected data/action reached via the bypass"])],
|
||||
"Consistent server-side authorization independent of method/path formatting/headers; canonicalize before authz",
|
||||
"Unauthorized access to protected resources/actions"),
|
||||
]
|
||||
|
||||
|
||||
def main():
|
||||
os.makedirs(OUT, exist_ok=True)
|
||||
for a in AGENTS:
|
||||
open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a))
|
||||
print(f"wrote {len(AGENTS)} decision/deep-exploitation agents to {OUT}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user