mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-06 03:17:52 +02:00
harness: deterministic HTTP probe grounds recon & decisions (more robust)
New harness::probe runs a real request/response analysis of the target BEFORE the model recon and injects the observed facts into recon, so agent-selection and exploitation decisions are grounded in evidence (robust even when model recon is weak): - status & redirect, Server/X-Powered-By/content-type, 6 security headers, cookie flags (HttpOnly/Secure/SameSite), CORS reflection test (arbitrary Origin + credentials), tech fingerprint, linked scripts, form count, a 404 baseline for soft-404 differentials, and high-signal paths (/robots.txt, /.git/config, /.env, /sitemap.xml, /.well-known/security.txt). - Best-effort (never fatal — degrades to a note on network failure), honors the identifying User-Agent and the Burp/ZAP proxy. Wired into black-box run() and greybox recon. A one-line probe summary streams to the live feed.
This commit is contained in:
@@ -68,6 +68,11 @@ Control TUI**.
|
||||
- 🧾 **Grounding** — hard rule: **no claim without a tool receipt** (raw tool
|
||||
output, not paraphrase). Empirical for black-box, symbolic (`file:line`) for
|
||||
white-box; ungrounded claims are demoted.
|
||||
- 🔬 **Deterministic HTTP probe** — before the model recon, the harness runs a
|
||||
**real** request/response analysis (status/redirects, security headers, cookie
|
||||
flags, CORS reflection, tech fingerprint, linked JS, 404 baseline, high-signal
|
||||
paths) and feeds those observed facts into recon, so agent selection and
|
||||
exploitation decisions are grounded in evidence — not the model's guess.
|
||||
- 🔗 **Attack chaining** — 12 multi-stage chain agents (SQLi→RCE→LPE, SSRF→AWS
|
||||
creds, upload→LFI→RCE→LPE, default-creds→domain, …); each stage proven before
|
||||
advancing.
|
||||
|
||||
Reference in New Issue
Block a user