From 3ca3f269ee36139b6711c82ca0ba79c38f1ddca1 Mon Sep 17 00:00:00 2001 From: CyberSecurityUP Date: Tue, 23 Jun 2026 11:39:56 -0300 Subject: [PATCH] v3.4.x: intelligent agent selection, whitebox, recon/code agents, Gemini, artifacts, RL, XBOW GUI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Harness intelligence: - After recon, the model SELECTS which specialist agents match the target (select_agents) — runs the relevant subset, not blindly top-N - RL reward store (rl.rs): per-agent weights persist to data/rl_state_rs.json, reward validated findings (severity-weighted), decay idle, bias next run - Run artifacts persisted as JSON + MD (recon, exploitation transcript, findings, html report) under runs/-/ for reuse by other AIs Whitebox mode: - run_whitebox: walks a repo, builds bounded source context, runs code agents, validates by adversarial vote. CLI `whitebox ` + web "White-box" mode Agents: +12 recon (subdomain/tech/js/api/secrets/dns/content/param/waf/cloud/ graphql/osint) and +24 code SAST reviewers (sqli/cmdi/path/ssrf/xss/deser/ secrets/crypto/authz/idor/xxe/redirect/ssti/race/eval/csrf/random/logging/ upload/mass-assign/jwt/cors). Loader gains recon/ + code/ categories → 249 total Models: +Google Gemini provider (API + gemini CLI subscription); installed_cli_ backends now detects gemini; chat_cli handles gemini/codex/grok + optional Playwright MCP (.mcp.json) on the subscription path with autonomy flags GUI: full XBOW-style redesign — sidebar (Operate/Library), topbar status, mode segment (black-box/white-box), model panel, live console, severity cards, agent browser with category filters, models view; responsive + aligned Verified: cargo build --release clean; CLI agents/whitebox; LIVE subscription run shows model selecting 23→4 agents, RL update, artifacts written; GUI + white-box toggle in Playwright. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitignore | 4 + agents_md/code/code_auth_flaws.md | 41 + agents_md/code/code_command_injection.md | 41 + agents_md/code/code_cors_misconfig.md | 41 + agents_md/code/code_csrf_missing.md | 41 + agents_md/code/code_file_upload.md | 41 + agents_md/code/code_hardcoded_secrets.md | 41 + agents_md/code/code_idor_access.md | 41 + .../code/code_insecure_deserialization.md | 41 + agents_md/code/code_insecure_random.md | 41 + agents_md/code/code_jwt_misuse.md | 41 + agents_md/code/code_logging_sensitive.md | 41 + agents_md/code/code_mass_assignment.md | 41 + agents_md/code/code_open_redirect.md | 41 + agents_md/code/code_path_traversal.md | 41 + agents_md/code/code_race_condition.md | 41 + agents_md/code/code_sql_orm_raw.md | 41 + agents_md/code/code_sqli.md | 41 + agents_md/code/code_ssrf.md | 41 + agents_md/code/code_ssrf_redirect.md | 41 + agents_md/code/code_template_injection.md | 41 + agents_md/code/code_unsafe_eval.md | 41 + agents_md/code/code_weak_crypto.md | 41 + agents_md/code/code_xss.md | 41 + agents_md/code/code_xxe.md | 41 + agents_md/recon/api_discovery.md | 36 + agents_md/recon/cloud_asset_discovery.md | 36 + agents_md/recon/content_discovery.md | 36 + agents_md/recon/dns_recon.md | 36 + agents_md/recon/graphql_discovery.md | 36 + agents_md/recon/js_analysis.md | 36 + agents_md/recon/osint_employee.md | 36 + agents_md/recon/parameter_discovery.md | 36 + agents_md/recon/secret_scanning.md | 36 + agents_md/recon/subdomain_enum.md | 38 + agents_md/recon/tech_fingerprint.md | 37 + agents_md/recon/waf_cdn_detection.md | 36 + neurosploit-rs/app/src/main.rs | 123 +- neurosploit-rs/app/src/web.rs | 45 +- neurosploit-rs/app/web/index.html | 409 ++++-- neurosploit-rs/crates/harness/src/agents.rs | 8 +- neurosploit-rs/crates/harness/src/lib.rs | 5 +- neurosploit-rs/crates/harness/src/models.rs | 52 +- neurosploit-rs/crates/harness/src/pipeline.rs | 300 ++++- neurosploit-rs/crates/harness/src/pool.rs | 19 +- neurosploit-rs/crates/harness/src/rl.rs | 60 + neurosploit-rs/crates/harness/src/types.rs | 8 + neurosploit-rs/hs_hdr.txt | 24 + neurosploit-rs/hs_index.html | 1094 +++++++++++++++++ neurosploit-rs/hs_robots.txt | 8 + neurosploit-rs/hs_sitemap.xml | 1 + neurosploit-rs/rl_codes.txt | 100 ++ scripts/build_agents_v34.py | 214 ++++ 53 files changed, 3684 insertions(+), 209 deletions(-) create mode 100644 agents_md/code/code_auth_flaws.md create mode 100644 agents_md/code/code_command_injection.md create mode 100644 agents_md/code/code_cors_misconfig.md create mode 100644 agents_md/code/code_csrf_missing.md create mode 100644 agents_md/code/code_file_upload.md create mode 100644 agents_md/code/code_hardcoded_secrets.md create mode 100644 agents_md/code/code_idor_access.md create mode 100644 agents_md/code/code_insecure_deserialization.md create mode 100644 agents_md/code/code_insecure_random.md create mode 100644 agents_md/code/code_jwt_misuse.md create mode 100644 agents_md/code/code_logging_sensitive.md create mode 100644 agents_md/code/code_mass_assignment.md create mode 100644 agents_md/code/code_open_redirect.md create mode 100644 agents_md/code/code_path_traversal.md create mode 100644 agents_md/code/code_race_condition.md create mode 100644 agents_md/code/code_sql_orm_raw.md create mode 100644 agents_md/code/code_sqli.md create mode 100644 agents_md/code/code_ssrf.md create mode 100644 agents_md/code/code_ssrf_redirect.md create mode 100644 agents_md/code/code_template_injection.md create mode 100644 agents_md/code/code_unsafe_eval.md create mode 100644 agents_md/code/code_weak_crypto.md create mode 100644 agents_md/code/code_xss.md create mode 100644 agents_md/code/code_xxe.md create mode 100644 agents_md/recon/api_discovery.md create mode 100644 agents_md/recon/cloud_asset_discovery.md create mode 100644 agents_md/recon/content_discovery.md create mode 100644 agents_md/recon/dns_recon.md create mode 100644 agents_md/recon/graphql_discovery.md create mode 100644 agents_md/recon/js_analysis.md create mode 100644 agents_md/recon/osint_employee.md create mode 100644 agents_md/recon/parameter_discovery.md create mode 100644 agents_md/recon/secret_scanning.md create mode 100644 agents_md/recon/subdomain_enum.md create mode 100644 agents_md/recon/tech_fingerprint.md create mode 100644 agents_md/recon/waf_cdn_detection.md create mode 100644 neurosploit-rs/crates/harness/src/rl.rs create mode 100644 neurosploit-rs/hs_hdr.txt create mode 100644 neurosploit-rs/hs_index.html create mode 100644 neurosploit-rs/hs_robots.txt create mode 100644 neurosploit-rs/hs_sitemap.xml create mode 100644 neurosploit-rs/rl_codes.txt create mode 100644 scripts/build_agents_v34.py diff --git a/.gitignore b/.gitignore index 7bc8957..b440439 100644 --- a/.gitignore +++ b/.gitignore @@ -96,3 +96,7 @@ reports/*.pdf neurosploit-rs/target/ reports/*.html reports/report_rs.html +runs/ +data/rl_state_rs.json +neurosploit-rs/runs/ +v34_gui.png diff --git a/agents_md/code/code_auth_flaws.md b/agents_md/code/code_auth_flaws.md new file mode 100644 index 0000000..620e3f2 --- /dev/null +++ b/agents_md/code/code_auth_flaws.md @@ -0,0 +1,41 @@ +# Source Authentication/Authorization Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for broken authentication/authorization in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Missing auth checks on sensitive routes; client-trusted role flags +- Comparisons of secrets without constant-time; weak session handling + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Authentication/Authorization Reviewer at [file:line] +- Severity: High +- CWE: CWE-287 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Privilege escalation, account takeover +- Remediation: Enforce server-side authz on every action; harden sessions +``` + +## System Prompt +You are a white-box source reviewer for broken authentication/authorization. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_command_injection.md b/agents_md/code/code_command_injection.md new file mode 100644 index 0000000..e6d3564 --- /dev/null +++ b/agents_md/code/code_command_injection.md @@ -0,0 +1,41 @@ +# Source Command Injection Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for OS command injection in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `os.system`, `subprocess(..., shell=True)`, `exec`, backticks with user input +- Unsanitized input concatenated into shell strings + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Command Injection Reviewer at [file:line] +- Severity: Critical +- CWE: CWE-78 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Remote code execution on the host +- Remediation: Avoid shells; pass argument arrays; validate input +``` + +## System Prompt +You are a white-box source reviewer for OS command injection. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_cors_misconfig.md b/agents_md/code/code_cors_misconfig.md new file mode 100644 index 0000000..9f3d513 --- /dev/null +++ b/agents_md/code/code_cors_misconfig.md @@ -0,0 +1,41 @@ +# Source CORS Misconfiguration Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for permissive CORS in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `Access-Control-Allow-Origin: *` with credentials; reflecting Origin +- Wildcard or unchecked origin allowlists + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source CORS Misconfiguration Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-942 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Cross-origin data theft +- Remediation: Strict origin allowlist; never reflect Origin with credentials +``` + +## System Prompt +You are a white-box source reviewer for permissive CORS. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_csrf_missing.md b/agents_md/code/code_csrf_missing.md new file mode 100644 index 0000000..040743c --- /dev/null +++ b/agents_md/code/code_csrf_missing.md @@ -0,0 +1,41 @@ +# Source CSRF Protection Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for missing CSRF protection in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- State-changing POST/PUT/DELETE without CSRF tokens +- CSRF protection globally disabled + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source CSRF Protection Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-352 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Unauthorized state-changing actions +- Remediation: Enable anti-CSRF tokens / SameSite cookies +``` + +## System Prompt +You are a white-box source reviewer for missing CSRF protection. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_file_upload.md b/agents_md/code/code_file_upload.md new file mode 100644 index 0000000..f25b133 --- /dev/null +++ b/agents_md/code/code_file_upload.md @@ -0,0 +1,41 @@ +# Source File Upload Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for insecure file upload handling in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- No type/extension/content validation; user-controlled filenames/paths +- Uploads served from executable directories + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source File Upload Reviewer at [file:line] +- Severity: High +- CWE: CWE-434 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Webshell upload, RCE +- Remediation: Validate type/size; randomize names; store outside webroot +``` + +## System Prompt +You are a white-box source reviewer for insecure file upload handling. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_hardcoded_secrets.md b/agents_md/code/code_hardcoded_secrets.md new file mode 100644 index 0000000..9a69bfc --- /dev/null +++ b/agents_md/code/code_hardcoded_secrets.md @@ -0,0 +1,41 @@ +# Source Hardcoded Secrets Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for hardcoded credentials/keys in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- API keys, passwords, tokens, private keys committed in source/config +- High-entropy strings assigned to credential-like names + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Hardcoded Secrets Reviewer at [file:line] +- Severity: High +- CWE: CWE-798 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Credential/key compromise +- Remediation: Move secrets to a vault/env; rotate exposed values +``` + +## System Prompt +You are a white-box source reviewer for hardcoded credentials/keys. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_idor_access.md b/agents_md/code/code_idor_access.md new file mode 100644 index 0000000..62a8eeb --- /dev/null +++ b/agents_md/code/code_idor_access.md @@ -0,0 +1,41 @@ +# Source IDOR / Access Control Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for insecure direct object references in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Object lookups by user-supplied id without ownership checks +- Direct DB fetch on `request.id` with no scoping + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source IDOR / Access Control Reviewer at [file:line] +- Severity: High +- CWE: CWE-639 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Cross-account data access +- Remediation: Enforce per-object ownership/authorization checks +``` + +## System Prompt +You are a white-box source reviewer for insecure direct object references. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_insecure_deserialization.md b/agents_md/code/code_insecure_deserialization.md new file mode 100644 index 0000000..934d442 --- /dev/null +++ b/agents_md/code/code_insecure_deserialization.md @@ -0,0 +1,41 @@ +# Source Insecure Deserialization Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for unsafe deserialization in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `pickle.loads`, `yaml.load` (unsafe), Java/PHP native deserialization on untrusted data +- Object deserialization of request data + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Insecure Deserialization Reviewer at [file:line] +- Severity: Critical +- CWE: CWE-502 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Remote code execution +- Remediation: Use safe formats/loaders; never deserialize untrusted data +``` + +## System Prompt +You are a white-box source reviewer for unsafe deserialization. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_insecure_random.md b/agents_md/code/code_insecure_random.md new file mode 100644 index 0000000..c08cf1c --- /dev/null +++ b/agents_md/code/code_insecure_random.md @@ -0,0 +1,41 @@ +# Source Insecure Randomness Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for predictable randomness for security in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `random`/`Math.random` used for tokens, IDs, passwords, OTPs +- Seeded or time-based randomness for secrets + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Insecure Randomness Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-330 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Token/session prediction +- Remediation: Use a CSPRNG (secrets, crypto.randomBytes) +``` + +## System Prompt +You are a white-box source reviewer for predictable randomness for security. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_jwt_misuse.md b/agents_md/code/code_jwt_misuse.md new file mode 100644 index 0000000..21c39de --- /dev/null +++ b/agents_md/code/code_jwt_misuse.md @@ -0,0 +1,41 @@ +# Source JWT Misuse Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for JWT verification flaws in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `verify=False`, alg `none` accepted, secret not validated +- Algorithm not pinned; weak/hardcoded secret + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source JWT Misuse Reviewer at [file:line] +- Severity: High +- CWE: CWE-347 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Token forgery, auth bypass +- Remediation: Pin algorithm; verify signature; strong secret/keys +``` + +## System Prompt +You are a white-box source reviewer for JWT verification flaws. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_logging_sensitive.md b/agents_md/code/code_logging_sensitive.md new file mode 100644 index 0000000..55141af --- /dev/null +++ b/agents_md/code/code_logging_sensitive.md @@ -0,0 +1,41 @@ +# Source Sensitive Logging Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for sensitive data in logs in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Logging passwords, tokens, PII, full requests +- Debug logging of secrets in production paths + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Sensitive Logging Reviewer at [file:line] +- Severity: Low +- CWE: CWE-532 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Credential/PII exposure via logs +- Remediation: Redact sensitive fields; scope debug logging +``` + +## System Prompt +You are a white-box source reviewer for sensitive data in logs. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_mass_assignment.md b/agents_md/code/code_mass_assignment.md new file mode 100644 index 0000000..d13fce0 --- /dev/null +++ b/agents_md/code/code_mass_assignment.md @@ -0,0 +1,41 @@ +# Source Mass Assignment Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for mass assignment / over-binding in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Binding whole request body to models (`Model(**request)`, `update_attributes`) +- No allowlist of bindable fields + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Mass Assignment Reviewer at [file:line] +- Severity: High +- CWE: CWE-915 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Privilege escalation via hidden fields +- Remediation: Allowlist bindable fields; use DTOs +``` + +## System Prompt +You are a white-box source reviewer for mass assignment / over-binding. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_open_redirect.md b/agents_md/code/code_open_redirect.md new file mode 100644 index 0000000..c442f32 --- /dev/null +++ b/agents_md/code/code_open_redirect.md @@ -0,0 +1,41 @@ +# Source Open Redirect Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for open redirect in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Redirects built from user input (redirect(request.param)) +- No allowlist of redirect destinations + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Open Redirect Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-601 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Phishing, OAuth token theft +- Remediation: Allowlist redirect targets; use relative paths +``` + +## System Prompt +You are a white-box source reviewer for open redirect. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_path_traversal.md b/agents_md/code/code_path_traversal.md new file mode 100644 index 0000000..2302393 --- /dev/null +++ b/agents_md/code/code_path_traversal.md @@ -0,0 +1,41 @@ +# Source Path Traversal Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for path traversal / arbitrary file access in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- User input in file paths (open/read/sendFile) without normalization +- Missing checks for `../` and absolute paths + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Path Traversal Reviewer at [file:line] +- Severity: High +- CWE: CWE-22 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Arbitrary file read/write +- Remediation: Canonicalize and confine paths to a safe base directory +``` + +## System Prompt +You are a white-box source reviewer for path traversal / arbitrary file access. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_race_condition.md b/agents_md/code/code_race_condition.md new file mode 100644 index 0000000..5a1fba7 --- /dev/null +++ b/agents_md/code/code_race_condition.md @@ -0,0 +1,41 @@ +# Source Race Condition Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for TOCTOU / concurrency flaws in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Check-then-act on shared state without locking +- Non-atomic balance/quota/idempotency updates + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Race Condition Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-362 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Double-spend, state corruption +- Remediation: Use atomic operations, locks, or transactions +``` + +## System Prompt +You are a white-box source reviewer for TOCTOU / concurrency flaws. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_sql_orm_raw.md b/agents_md/code/code_sql_orm_raw.md new file mode 100644 index 0000000..5289dc5 --- /dev/null +++ b/agents_md/code/code_sql_orm_raw.md @@ -0,0 +1,41 @@ +# Source ORM Raw-Query Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for unsafe raw ORM queries in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `.raw()`, `.extra()`, query builders with string interpolation +- Raw fragments mixing user input + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source ORM Raw-Query Reviewer at [file:line] +- Severity: High +- CWE: CWE-89 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: SQL injection via ORM +- Remediation: Use parameter binding even in raw queries +``` + +## System Prompt +You are a white-box source reviewer for unsafe raw ORM queries. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_sqli.md b/agents_md/code/code_sqli.md new file mode 100644 index 0000000..002568a --- /dev/null +++ b/agents_md/code/code_sqli.md @@ -0,0 +1,41 @@ +# Source SQL Injection Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for SQL injection in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- String concatenation/interpolation into SQL (f-strings, +, .format) passed to execute() +- Raw queries bypassing the ORM; `.raw(`, `cursor.execute(... % ...)` + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source SQL Injection Reviewer at [file:line] +- Severity: Critical +- CWE: CWE-89 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Database compromise, data exfiltration +- Remediation: Use parameterized queries / ORM bindings +``` + +## System Prompt +You are a white-box source reviewer for SQL injection. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_ssrf.md b/agents_md/code/code_ssrf.md new file mode 100644 index 0000000..bd6a826 --- /dev/null +++ b/agents_md/code/code_ssrf.md @@ -0,0 +1,41 @@ +# Source SSRF Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for server-side request forgery in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- User-controlled URLs passed to HTTP clients (requests/fetch/curl) +- No allowlist or scheme/host validation + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source SSRF Reviewer at [file:line] +- Severity: High +- CWE: CWE-918 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Internal network access, cloud metadata theft +- Remediation: Allowlist destinations; block internal ranges and redirects +``` + +## System Prompt +You are a white-box source reviewer for server-side request forgery. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_ssrf_redirect.md b/agents_md/code/code_ssrf_redirect.md new file mode 100644 index 0000000..6e0ad63 --- /dev/null +++ b/agents_md/code/code_ssrf_redirect.md @@ -0,0 +1,41 @@ +# Source SSRF-via-Redirect Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for SSRF through redirect following in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- HTTP clients following redirects to user-controlled URLs +- No re-validation of redirect targets against allowlist + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source SSRF-via-Redirect Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-918 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Internal access via redirect +- Remediation: Disable/limit redirects; re-validate each hop +``` + +## System Prompt +You are a white-box source reviewer for SSRF through redirect following. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_template_injection.md b/agents_md/code/code_template_injection.md new file mode 100644 index 0000000..796f34f --- /dev/null +++ b/agents_md/code/code_template_injection.md @@ -0,0 +1,41 @@ +# Source Template Injection Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for server-side template injection in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- User input concatenated into template strings then rendered +- `render_template_string`, dynamic template construction + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Template Injection Reviewer at [file:line] +- Severity: Critical +- CWE: CWE-1336 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Remote code execution +- Remediation: Never render user input as templates; sandbox +``` + +## System Prompt +You are a white-box source reviewer for server-side template injection. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_unsafe_eval.md b/agents_md/code/code_unsafe_eval.md new file mode 100644 index 0000000..b4c09bc --- /dev/null +++ b/agents_md/code/code_unsafe_eval.md @@ -0,0 +1,41 @@ +# Source Unsafe Eval Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for dynamic code evaluation in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- `eval`, `exec`, `Function()`, `setTimeout(string)` on user input +- Dynamic import/require of user-controlled names + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Unsafe Eval Reviewer at [file:line] +- Severity: Critical +- CWE: CWE-95 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Remote code execution +- Remediation: Eliminate dynamic eval; use safe parsers/dispatch tables +``` + +## System Prompt +You are a white-box source reviewer for dynamic code evaluation. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_weak_crypto.md b/agents_md/code/code_weak_crypto.md new file mode 100644 index 0000000..bf7138f --- /dev/null +++ b/agents_md/code/code_weak_crypto.md @@ -0,0 +1,41 @@ +# Source Weak Cryptography Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for weak or misused cryptography in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- MD5/SHA1 for passwords; ECB mode; static IV/salt; hardcoded keys +- Custom/rolled crypto; weak random for security tokens + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source Weak Cryptography Reviewer at [file:line] +- Severity: Medium +- CWE: CWE-327 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Data exposure, token forgery +- Remediation: Use vetted algorithms (bcrypt/argon2, AES-GCM), random IVs, CSPRNG +``` + +## System Prompt +You are a white-box source reviewer for weak or misused cryptography. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_xss.md b/agents_md/code/code_xss.md new file mode 100644 index 0000000..75fe4a5 --- /dev/null +++ b/agents_md/code/code_xss.md @@ -0,0 +1,41 @@ +# Source XSS Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for cross-site scripting (output encoding) in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- Unescaped user input rendered to HTML (innerHTML, dangerouslySetInnerHTML, `|safe`, `v-html`) +- Template autoescaping disabled + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source XSS Reviewer at [file:line] +- Severity: High +- CWE: CWE-79 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Session theft, account takeover +- Remediation: Context-aware output encoding; keep autoescaping on; CSP +``` + +## System Prompt +You are a white-box source reviewer for cross-site scripting (output encoding). Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/code/code_xxe.md b/agents_md/code/code_xxe.md new file mode 100644 index 0000000..b1eaa5a --- /dev/null +++ b/agents_md/code/code_xxe.md @@ -0,0 +1,41 @@ +# Source XXE Reviewer Agent + +## User Prompt +You are reviewing the source code of **{target}** for XML external entity processing in the source code. + +**Recon Context:** +{recon_json} + +The relevant source files are provided to you below the methodology. + +**METHODOLOGY:** + +### 1. Locate sinks/sources +- XML parsers with external entities/DTDs enabled on untrusted input +- `resolve_entities=True`, default-config parsers + +### 2. Trace dataflow +- Trace user-controlled input from source to the dangerous sink +- Confirm the path is reachable and lacks sanitization/validation + +### 3. Confirm exploitability +- Quote the exact vulnerable lines (file:line) +- Explain the concrete exploit and why existing controls don't stop it + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Source XXE Reviewer at [file:line] +- Severity: High +- CWE: CWE-611 +- Endpoint: [file:line] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: File disclosure, SSRF +- Remediation: Disable DTDs/external entities; use hardened parsers +``` + +## System Prompt +You are a white-box source reviewer for XML external entity processing. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess. diff --git a/agents_md/recon/api_discovery.md b/agents_md/recon/api_discovery.md new file mode 100644 index 0000000..40595cc --- /dev/null +++ b/agents_md/recon/api_discovery.md @@ -0,0 +1,36 @@ +# API Surface Discovery Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to enumerate REST/GraphQL/gRPC/WebSocket surfaces. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Find specs +- Probe /openapi.json, /swagger, /graphql, /.well-known, /v1 /v2 prefixes + +### 2. Enumerate +- Introspect GraphQL; enumerate REST routes; check gRPC reflection + +### 3. Catalog +- Record methods, params, auth requirements per endpoint + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: API Surface Discovery Specialist at [asset/endpoint] +- Severity: Info +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Undocumented API endpoints widen attack surface +- Remediation: Gate non-public APIs; remove exposed schemas +``` + +## System Prompt +You are an API-recon specialist. Report only endpoints you confirmed respond, with method and a sample response signature. No speculation. diff --git a/agents_md/recon/cloud_asset_discovery.md b/agents_md/recon/cloud_asset_discovery.md new file mode 100644 index 0000000..f661bba --- /dev/null +++ b/agents_md/recon/cloud_asset_discovery.md @@ -0,0 +1,36 @@ +# Cloud Asset Discovery Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to discover cloud buckets, functions and metadata surfaces. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Discover +- Find S3/GCS/Azure references; permutate bucket names; detect cloud provider + +### 2. Probe +- Check public list/read on storage; note SSRF-to-metadata potential + +### 3. Catalog +- Record provider, asset, and access level + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Cloud Asset Discovery Specialist at [asset/endpoint] +- Severity: Low +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Exposed cloud assets and SSRF/metadata vectors +- Remediation: Lock down public cloud assets; enforce IMDSv2 +``` + +## System Prompt +You are a cloud-recon specialist. Report only assets you confirmed exist with their observed access level. No guessed buckets. diff --git a/agents_md/recon/content_discovery.md b/agents_md/recon/content_discovery.md new file mode 100644 index 0000000..a063a21 --- /dev/null +++ b/agents_md/recon/content_discovery.md @@ -0,0 +1,36 @@ +# Content & Path Discovery Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to discover hidden files, directories and backups. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Crawl +- Spider with katana; parse robots.txt/sitemap.xml/.well-known + +### 2. Fuzz +- `ffuf` directories/files with sensible wordlists and extensions (.bak,.old,.zip,.sql) + +### 3. Triage +- Flag admin, backup, config, and source-leak paths + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Content & Path Discovery Specialist at [asset/endpoint] +- Severity: Low +- CWE: CWE-538 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Exposure of admin panels, backups, configs +- Remediation: Remove sensitive files from web root; enforce authz +``` + +## System Prompt +You are a content-discovery specialist. Report only paths that returned a meaningful status/body, with the evidence. No 404s as findings. diff --git a/agents_md/recon/dns_recon.md b/agents_md/recon/dns_recon.md new file mode 100644 index 0000000..581240a --- /dev/null +++ b/agents_md/recon/dns_recon.md @@ -0,0 +1,36 @@ +# DNS Reconnaissance Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to map DNS records and infrastructure relationships. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Records +- Enumerate A/AAAA/CNAME/MX/TXT/NS/SOA; check SPF/DMARC/DKIM + +### 2. Misconfig +- Test zone transfer (AXFR), wildcard records, dangling CNAMEs + +### 3. Relate +- Cluster shared infrastructure and providers + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: DNS Reconnaissance Specialist at [asset/endpoint] +- Severity: Info +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Infra mapping; zone/record misconfig discovery +- Remediation: Harden DNS; disable zone transfers +``` + +## System Prompt +You are a DNS-recon specialist. Report only records you actually resolved, with the query evidence. diff --git a/agents_md/recon/graphql_discovery.md b/agents_md/recon/graphql_discovery.md new file mode 100644 index 0000000..1173017 --- /dev/null +++ b/agents_md/recon/graphql_discovery.md @@ -0,0 +1,36 @@ +# GraphQL Discovery Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to map the GraphQL schema and sensitive operations. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Locate +- Find /graphql endpoints and test introspection + +### 2. Map +- If introspection off, use field-suggestion (clairvoyance) to reconstruct types + +### 3. Flag +- Mark mutations and sensitive queries for the API agents + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: GraphQL Discovery Specialist at [asset/endpoint] +- Severity: Low +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Schema exposure aids targeted attacks +- Remediation: Disable introspection/suggestions in production +``` + +## System Prompt +You are a GraphQL-recon specialist. Report only schema elements you actually recovered, with the query/response evidence. diff --git a/agents_md/recon/js_analysis.md b/agents_md/recon/js_analysis.md new file mode 100644 index 0000000..5f98cdf --- /dev/null +++ b/agents_md/recon/js_analysis.md @@ -0,0 +1,36 @@ +# JavaScript Analysis Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to extract endpoints, secrets and logic from client-side JS. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Collect +- Gather all JS bundles and sourcemaps; `katana`/`gau` for URLs + +### 2. Extract +- Regex for API paths, fetch/axios calls, API keys (sk-, AIza, nvapi-), tokens + +### 3. Map +- Build an endpoint + parameter inventory from the JS for downstream agents + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: JavaScript Analysis Specialist at [asset/endpoint] +- Severity: Low +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Hidden endpoints and leaked secrets in bundles +- Remediation: Strip secrets from client code; restrict sourcemaps +``` + +## System Prompt +You are a JS-recon specialist. Report only endpoints/secrets actually present in the served JS, quoting the snippet. Validated secrets only; never invent. diff --git a/agents_md/recon/osint_employee.md b/agents_md/recon/osint_employee.md new file mode 100644 index 0000000..b737477 --- /dev/null +++ b/agents_md/recon/osint_employee.md @@ -0,0 +1,36 @@ +# OSINT & Exposure Mapping Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to map public exposure (leaked creds, repos, docs) for the target org. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Sources +- Search public code (GitHub), paste sites, breach indices (in scope) + +### 2. Correlate +- Link leaked emails/creds/repos to the target's assets + +### 3. Report +- Summarize exposure relevant to the engagement + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: OSINT & Exposure Mapping Specialist at [asset/endpoint] +- Severity: Low +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Public exposure enabling targeted attacks +- Remediation: Monitor and remediate public exposure +``` + +## System Prompt +You are an OSINT specialist operating strictly within authorized scope. Report only verifiable public exposure tied to the target, citing the source. No private data harvesting. diff --git a/agents_md/recon/parameter_discovery.md b/agents_md/recon/parameter_discovery.md new file mode 100644 index 0000000..88b1162 --- /dev/null +++ b/agents_md/recon/parameter_discovery.md @@ -0,0 +1,36 @@ +# Parameter Discovery Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to enumerate hidden request parameters and inputs. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Mine +- Extract params from JS, forms, history (gau), and docs + +### 2. Bruteforce +- Use arjun/param-miner style discovery with reflection detection + +### 3. Hand off +- Provide the param inventory to injection specialists + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Parameter Discovery Specialist at [asset/endpoint] +- Severity: Info +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Hidden params enable injection/logic attacks +- Remediation: Validate and document all accepted parameters +``` + +## System Prompt +You are a parameter-discovery specialist. Report only parameters you confirmed the app accepts/reflects, with evidence. diff --git a/agents_md/recon/secret_scanning.md b/agents_md/recon/secret_scanning.md new file mode 100644 index 0000000..5e2ee94 --- /dev/null +++ b/agents_md/recon/secret_scanning.md @@ -0,0 +1,36 @@ +# Exposed Secret Scanning Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to find leaked credentials and keys across exposed assets. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Sweep +- Scan JS, .env, .git, backups, CI logs, comments with trufflehog-style regex + +### 2. Validate +- Confirm key format and (in scope) liveness without abusing it + +### 3. Classify +- Tag provider and privilege of each secret + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Exposed Secret Scanning Specialist at [asset/endpoint] +- Severity: High +- CWE: CWE-522 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Credential/key exposure enabling account or cloud takeover +- Remediation: Rotate exposed secrets; remove from public assets +``` + +## System Prompt +You are a secret-scanning specialist. Report only real, validly-formatted secrets you actually found, quoting location. Never abuse keys beyond a minimal validity check. diff --git a/agents_md/recon/subdomain_enum.md b/agents_md/recon/subdomain_enum.md new file mode 100644 index 0000000..2568f8c --- /dev/null +++ b/agents_md/recon/subdomain_enum.md @@ -0,0 +1,38 @@ +# Subdomain Enumeration Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to discover all subdomains and expand the attack surface. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Passive sources +- Query crt.sh, certificate transparency, Shodan, and passive DNS +- Run `subfinder -d {target}` and `amass enum -passive -d {target}` + +### 2. Active resolution +- Resolve and probe with `httpx -title -tech-detect -status-code` +- Bruteforce with a curated wordlist where in scope + +### 3. Triage +- Flag dev/staging/admin/api hosts and dangling CNAMEs (subdomain takeover candidates) + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Subdomain Enumeration Specialist at [asset/endpoint] +- Severity: Info +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Wider attack surface, forgotten/staging hosts +- Remediation: Inventory and decommission stale DNS records +``` + +## System Prompt +You are a recon specialist. Report only resolvable, in-scope subdomains you actually observed, with the resolution evidence. Do not invent hosts. diff --git a/agents_md/recon/tech_fingerprint.md b/agents_md/recon/tech_fingerprint.md new file mode 100644 index 0000000..aa96605 --- /dev/null +++ b/agents_md/recon/tech_fingerprint.md @@ -0,0 +1,37 @@ +# Technology Fingerprinting Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to identify the full technology stack and versions. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Fingerprint +- Inspect headers, cookies, error pages, favicon hash +- Run `whatweb`, `nuclei -t technologies`, and Wappalyzer-style detection + +### 2. Version map +- Map server, framework, language, CMS, JS libs and their versions + +### 3. CVE correlation +- Correlate detected versions to known CVEs for later exploitation + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Technology Fingerprinting Specialist at [asset/endpoint] +- Severity: Info +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Targeted exploitation of known-vulnerable components +- Remediation: Hide version banners; keep components patched +``` + +## System Prompt +You are a fingerprinting specialist. Report only technologies you positively detected with the supporting evidence (header/banner/hash). Mark version guesses as uncertain. diff --git a/agents_md/recon/waf_cdn_detection.md b/agents_md/recon/waf_cdn_detection.md new file mode 100644 index 0000000..28acada --- /dev/null +++ b/agents_md/recon/waf_cdn_detection.md @@ -0,0 +1,36 @@ +# WAF/CDN Detection Specialist Agent + +## User Prompt +You are performing reconnaissance on **{target}** to identify WAF/CDN and inform evasion strategy. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Detect +- Fingerprint WAF/CDN via headers, cookies, block pages, `wafw00f` + +### 2. Origin +- Search for origin IP leaks (DNS history, SSL SANs, headers) + +### 3. Strategy +- Note effective encodings/paths for later, in-scope testing + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: WAF/CDN Detection Specialist at [asset/endpoint] +- Severity: Info +- CWE: CWE-200 +- Endpoint: [URL/host] +- Vector: [what/where] +- Payload: [PoC / vulnerable code snippet] +- Evidence: [proof / exact code quoted] +- Impact: Informs bypass strategy; reveals origin exposure +- Remediation: Ensure origin is not directly reachable +``` + +## System Prompt +You are a WAF/CDN specialist. Report only positively-identified protections and any verified origin exposure, with evidence. diff --git a/neurosploit-rs/app/src/main.rs b/neurosploit-rs/app/src/main.rs index d764bd2..c424f90 100644 --- a/neurosploit-rs/app/src/main.rs +++ b/neurosploit-rs/app/src/main.rs @@ -3,8 +3,8 @@ mod web; use clap::{Parser, Subcommand}; -use harness::{agents, models::ModelRef, pool::ModelPool, report, types::RunConfig}; -use std::path::PathBuf; +use harness::{agents, models::ModelRef, pool::ModelPool, types::RunConfig, RunOutput}; +use std::path::{Path, PathBuf}; #[derive(Parser)] #[command(name = "neurosploit", version, about = "NeuroSploit v3.4.0 — multi-model autonomous pentest harness")] @@ -37,6 +37,24 @@ enum Cmd { /// instead of HTTP API keys. #[arg(long)] subscription: bool, + /// Enable Playwright MCP (browser proof) on the subscription/CLI path. + #[arg(long)] + mcp: bool, + }, + /// White-box: analyse a local repository's source code for vulnerabilities. + Whitebox { + /// Path to the repository to analyse. + path: String, + #[arg(long = "model")] + models: Vec, + #[arg(long, default_value_t = 0)] + max_agents: usize, + #[arg(long, default_value_t = 2)] + vote_n: usize, + #[arg(long)] + offline: bool, + #[arg(long)] + subscription: bool, }, /// Show agent library counts. Agents, @@ -88,7 +106,7 @@ async fn main() -> anyhow::Result<()> { } } } - Cmd::Run { url, models, max_agents, vote_n, offline, subscription } => { + Cmd::Run { url, models, max_agents, vote_n, offline, subscription, mcp } => { let url = if url.starts_with("http") { url } else { format!("https://{url}") }; let mut cfg = RunConfig::new(&url); cfg.max_agents = max_agents; @@ -98,26 +116,20 @@ async fn main() -> anyhow::Result<()> { if !models.is_empty() { cfg.models = models; } - let lib = agents::load(&base); - let refs: Vec = cfg.models.iter().map(|s| ModelRef::parse(s)).collect(); - let pool = ModelPool::with_auth(refs, cfg.concurrency, cfg.subscription); - - let (tx, mut rx) = tokio::sync::mpsc::channel::(256); - let printer = tokio::spawn(async move { - while let Some(line) = rx.recv().await { - println!(" [*] {line}"); - } - }); - let out = harness::run(cfg.clone(), &lib, &pool, tx).await; - let _ = printer.await; - - println!("\n=== {} validated finding(s) ===", out.findings.len()); - println!("{}", serde_json::to_string_pretty(&out.findings)?); - let html = report::html(&url, &out.findings); - std::fs::create_dir_all(base.join("reports")).ok(); - let rp = base.join("reports").join("report_rs.html"); - std::fs::write(&rp, html).ok(); - println!("report → {}", rp.display()); + let out = run_engagement(&base, cfg, mcp, false).await?; + print_findings(&out); + } + Cmd::Whitebox { path, models, max_agents, vote_n, offline, subscription } => { + let mut cfg = RunConfig::new(&path); + cfg.max_agents = max_agents; + cfg.vote_n = vote_n; + cfg.offline = offline; + cfg.subscription = subscription; + if !models.is_empty() { + cfg.models = models; + } + let out = run_engagement(&base, cfg, false, true).await?; + print_findings(&out); } Cmd::Serve { port } => { web::serve(base, port).await?; @@ -125,3 +137,68 @@ async fn main() -> anyhow::Result<()> { } Ok(()) } + +/// Shared engagement runner for CLI `run` / `whitebox`. +async fn run_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, whitebox: bool) -> anyhow::Result { + let lib = agents::load(base); + let workdir = base.join("runs").join(format!("{}-{}", sanitize(&cfg.target), now_ts())); + cfg.workdir = Some(workdir.display().to_string()); + cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string()); + + let mcp_config = if mcp && cfg.subscription { + match harness::write_mcp_config(&workdir) { + Ok(p) => { + println!(" [*] Playwright MCP enabled → {}", p.display()); + Some(p.display().to_string()) + } + Err(e) => { + eprintln!(" [!] MCP config failed: {e}"); + None + } + } + } else { + None + }; + + let refs: Vec = cfg.models.iter().map(|s| ModelRef::parse(s)).collect(); + let pool = ModelPool::with_auth(refs, cfg.concurrency, cfg.subscription, mcp_config); + + let (tx, mut rx) = tokio::sync::mpsc::channel::(256); + let printer = tokio::spawn(async move { + while let Some(line) = rx.recv().await { + println!(" [*] {line}"); + } + }); + let out = if whitebox { + harness::run_whitebox(cfg, &lib, &pool, tx).await + } else { + harness::run(cfg, &lib, &pool, tx).await + }; + let _ = printer.await; + Ok(out) +} + +fn print_findings(out: &RunOutput) { + println!("\n=== {} validated finding(s) ===", out.findings.len()); + println!("{}", serde_json::to_string_pretty(&out.findings).unwrap_or_default()); + if !out.artifacts.is_empty() { + println!("artifacts: {}", out.artifacts.join(", ")); + } +} + +fn sanitize(s: &str) -> String { + let s = s.replace("https://", "").replace("http://", ""); + let mut o: String = s.chars().map(|c| if c.is_alphanumeric() { c } else { '_' }).collect(); + o.truncate(50); + let o = o.trim_matches('_').to_string(); + if o.is_empty() { + "target".into() + } else { + o + } +} + +fn now_ts() -> u64 { + use std::time::{SystemTime, UNIX_EPOCH}; + SystemTime::now().duration_since(UNIX_EPOCH).map(|d| d.as_secs()).unwrap_or(0) +} diff --git a/neurosploit-rs/app/src/web.rs b/neurosploit-rs/app/src/web.rs index 374f010..88fe43e 100644 --- a/neurosploit-rs/app/src/web.rs +++ b/neurosploit-rs/app/src/web.rs @@ -57,7 +57,7 @@ async fn info(State(st): State>) -> Json { .collect(); Json(json!({ "version": "3.4.0", - "agents": {"vulns": lib.vulns.len(), "meta": lib.meta.len(), "total": lib.total()}, + "agents": {"vulns": lib.vulns.len(), "meta": lib.meta.len(), "recon": lib.recon.len(), "code": lib.code.len(), "total": lib.total()}, "providers": provs, "cli_backends": harness::installed_cli_backends(), })) @@ -68,6 +68,8 @@ async fn agents_list(State(st): State>) -> Json { let v: Vec = lib .vulns .iter() + .chain(lib.recon.iter()) + .chain(lib.code.iter()) .chain(lib.meta.iter()) .map(|a| json!({"name": a.name, "title": a.title, "cwe": a.cwe, "kind": a.kind})) .collect(); @@ -128,6 +130,16 @@ async fn run(State(st): State>, Json(body): Json) -> Json = if models.is_empty() { @@ -135,7 +147,13 @@ async fn run(State(st): State>, Json(body): Json) -> Json(256); let stf = st2.clone(); @@ -163,8 +181,14 @@ async fn run(State(st): State>, Json(body): Json) -> Json, State(st): State>) -> let g = st.runs.lock().unwrap(); Html(g.get(&id).and_then(|r| r.report.clone()).unwrap_or_else(|| "

no report

".into())) } + +fn slug(s: &str) -> String { + let s = s.replace("https://", "").replace("http://", ""); + let mut o: String = s.chars().map(|c| if c.is_alphanumeric() { c } else { '_' }).collect(); + o.truncate(50); + let o = o.trim_matches('_').to_string(); + if o.is_empty() { "target".into() } else { o } +} + +fn now_ts() -> u64 { + use std::time::{SystemTime, UNIX_EPOCH}; + SystemTime::now().duration_since(UNIX_EPOCH).map(|d| d.as_secs()).unwrap_or(0) +} diff --git a/neurosploit-rs/app/web/index.html b/neurosploit-rs/app/web/index.html index 41f968e..dfc1a8a 100644 --- a/neurosploit-rs/app/web/index.html +++ b/neurosploit-rs/app/web/index.html @@ -3,171 +3,324 @@ -NeuroSploit v3.4.0 +NeuroSploit +
+
-
-

Run engagement

Parallel agents · provider failover · N-model validator voting.
-
-
-
-
-
-
-
-
- - -
-
-
-
-
+
+

Engagement

Configure and launch an autonomous run
+
online
+
+ + +
+
+ +
-
-
-

Agent library

-
-
-
-

Models

OpenAI-compatible providers — CLI & API.
-
-
-
-

Report

Last engagement.
-
Run an engagement to generate a report.
-
+
+
+
+

Target

+
One or more URLs — the harness recons each, then intelligently selects matching agents.
+
+ +
+
+
+
+
+ + + +
+
+
+
+
+
+
+

Model panel

+
1st = primary · others fail over & form the validator jury.
+
+
+
+
+
+

Live execution

+
Recon → intelligent agent selection → parallel exploitation → N-model voting → report. Artifacts saved to runs/.
+
— idle. Launch an engagement to stream activity. —
+
+
+ + +
+
+

Validated findings

+
Only findings confirmed by multi-model adversarial voting appear here.
+
+
No findings yet — run an engagement.
+
+
+ + +
+
+

Report

+
HTML report + JSON/MD artifacts for reuse by other tools/AIs.
+
Run an engagement to generate a report.
+
+
+ + +
+
+

Agent library

+
+
+ + + + + + +
+
+
+
+ + +
+
+

Providers & models

+
Use via API key or subscription (local CLI login). CLI-capable providers are tagged.
+
+
+
+
diff --git a/neurosploit-rs/crates/harness/src/agents.rs b/neurosploit-rs/crates/harness/src/agents.rs index 66fed7c..8b0f0a3 100644 --- a/neurosploit-rs/crates/harness/src/agents.rs +++ b/neurosploit-rs/crates/harness/src/agents.rs @@ -21,20 +21,24 @@ pub struct Agent { pub struct Library { pub vulns: Vec, pub meta: Vec, + pub recon: Vec, + pub code: Vec, } impl Library { pub fn total(&self) -> usize { - self.vulns.len() + self.meta.len() + self.vulns.len() + self.meta.len() + self.recon.len() + self.code.len() } } -/// Load `/agents_md/{vulns,meta}/*.md`. +/// Load `/agents_md/{vulns,meta,recon,code}/*.md`. pub fn load(base: &Path) -> Library { let root = base.join("agents_md"); Library { vulns: load_dir(&root.join("vulns"), "vuln"), meta: load_dir(&root.join("meta"), "meta"), + recon: load_dir(&root.join("recon"), "recon"), + code: load_dir(&root.join("code"), "code"), } } diff --git a/neurosploit-rs/crates/harness/src/lib.rs b/neurosploit-rs/crates/harness/src/lib.rs index 372425f..d3622b1 100644 --- a/neurosploit-rs/crates/harness/src/lib.rs +++ b/neurosploit-rs/crates/harness/src/lib.rs @@ -11,12 +11,15 @@ pub mod models; pub mod pipeline; pub mod pool; pub mod report; +pub mod rl; pub mod types; pub use agents::{Agent, Library}; pub use models::{ - cli_binary_for, installed_cli_backends, provider_for, providers, ChatClient, ModelRef, Provider, + cli_binary_for, installed_cli_backends, provider_for, providers, write_mcp_config, ChatClient, + ModelRef, Provider, }; +pub use pipeline::{run_whitebox, RunOutput}; pub use pipeline::run; pub use pool::ModelPool; pub use types::{Finding, RunConfig}; diff --git a/neurosploit-rs/crates/harness/src/models.rs b/neurosploit-rs/crates/harness/src/models.rs index 8659dfe..0e2ee9b 100644 --- a/neurosploit-rs/crates/harness/src/models.rs +++ b/neurosploit-rs/crates/harness/src/models.rs @@ -28,6 +28,8 @@ pub fn providers() -> Vec { models: vec!["gpt-5.1", "o4"] }, Provider { key: "xai", label: "xAI Grok", base_url: "https://api.x.ai/v1", env_key: "XAI_API_KEY", kind: "cli", models: vec!["grok-4", "grok-4-fast"] }, + Provider { key: "gemini", label: "Google Gemini", base_url: "https://generativelanguage.googleapis.com/v1beta/openai", env_key: "GEMINI_API_KEY", kind: "cli", + models: vec!["gemini-2.5-pro", "gemini-2.5-flash", "gemini-2.0-flash"] }, Provider { key: "nvidia_nim", label: "NVIDIA NIM", base_url: "https://integrate.api.nvidia.com/v1", env_key: "NVIDIA_NIM_API_KEY", kind: "api", models: vec!["nvidia/llama-3.3-nemotron-super-49b-v1", "deepseek-ai/deepseek-r1", "qwen/qwen2.5-coder-32b-instruct"] }, Provider { key: "deepseek", label: "DeepSeek", base_url: "https://api.deepseek.com/v1", env_key: "DEEPSEEK_API_KEY", kind: "api", @@ -124,9 +126,20 @@ impl ChatClient { impl ChatClient { /// Complete via a locally-installed **agentic CLI subscription** (Claude - /// Code / Codex / Grok) instead of an API key. This uses the user's logged-in - /// subscription, so no provider key is required. - pub async fn chat_cli(&self, provider: &str, model: &str, system: &str, user: &str) -> Result { + /// Code / Codex / Grok / Gemini) instead of an API key. This uses the user's + /// logged-in subscription, so no provider key is required. + /// + /// When `mcp_config` is set (a path to an `.mcp.json`), Claude/Codex run with + /// the MCP servers enabled and tool autonomy, so agents can actually drive + /// **Playwright** (browse, execute JS, screenshot) during execution. + pub async fn chat_cli( + &self, + provider: &str, + model: &str, + system: &str, + user: &str, + mcp_config: Option<&str>, + ) -> Result { let bin = cli_binary_for(provider) .ok_or_else(|| anyhow!("no CLI/subscription backend for provider '{}'", provider))?; let prompt = format!("{system}\n\n{user}"); @@ -135,10 +148,24 @@ impl ChatClient { // Claude Code headless print mode (uses the Claude subscription login). "claude" => { cmd.arg("-p").arg("--model").arg(model); + if let Some(mcp) = mcp_config { + cmd.arg("--mcp-config").arg(mcp).arg("--dangerously-skip-permissions"); + // Required to allow tool autonomy when running as root. + cmd.env("IS_SANDBOX", "1"); + } } // Codex non-interactive exec (uses the ChatGPT/Codex login), prompt on stdin. "codex" => { - cmd.arg("exec").arg("--model").arg(model).arg("-"); + cmd.arg("exec").arg("--model").arg(model); + if let Some(mcp) = mcp_config { + cmd.arg("--config").arg(format!("mcp_config_file={mcp}")) + .arg("--dangerously-bypass-approvals-and-sandbox"); + } + cmd.arg("-"); + } + // Google Gemini CLI (uses the Gemini subscription login). + "gemini" => { + cmd.arg("-m").arg(model); } // Grok CLI, prompt on stdin (best-effort flags). "grok" => { @@ -166,6 +193,7 @@ pub fn cli_binary_for(provider: &str) -> Option<&'static str> { "anthropic" => Some("claude"), "openai" => Some("codex"), "xai" => Some("grok"), + "gemini" => Some("gemini"), _ => None, } } @@ -179,7 +207,21 @@ pub fn binary_in_path(name: &str) -> bool { /// Which subscription CLI backends are installed locally. pub fn installed_cli_backends() -> Vec<&'static str> { - ["claude", "codex", "grok"].into_iter().filter(|b| binary_in_path(b)).collect() + ["claude", "codex", "grok", "gemini"].into_iter().filter(|b| binary_in_path(b)).collect() +} + +/// Write a Playwright `.mcp.json` into `dir` and return its path, so the agentic +/// CLI can drive a real browser (DOM/JS/network/screenshots) during execution. +pub fn write_mcp_config(dir: &std::path::Path) -> std::io::Result { + std::fs::create_dir_all(dir)?; + let path = dir.join(".mcp.json"); + let cfg = r#"{ + "mcpServers": { + "playwright": { "command": "npx", "args": ["-y", "@playwright/mcp@latest", "--headless", "--isolated"] } + } +}"#; + std::fs::write(&path, cfg)?; + Ok(path) } impl Default for ChatClient { diff --git a/neurosploit-rs/crates/harness/src/pipeline.rs b/neurosploit-rs/crates/harness/src/pipeline.rs index 41d26bc..c3f54df 100644 --- a/neurosploit-rs/crates/harness/src/pipeline.rs +++ b/neurosploit-rs/crates/harness/src/pipeline.rs @@ -1,8 +1,11 @@ use crate::agents::{Agent, Library}; use crate::pool::ModelPool; +use crate::rl::{severity_reward, RlState}; use crate::types::{Finding, RunConfig}; +use crate::report; use futures::stream::{self, StreamExt}; use serde::Serialize; +use std::path::{Path, PathBuf}; use tokio::sync::mpsc::Sender; /// Result of an engagement run. @@ -11,26 +14,28 @@ pub struct RunOutput { pub findings: Vec, pub agents_ran: Vec, pub candidates: usize, + pub recon: String, + /// Paths to persisted artifacts (recon/exploit/findings/report), if any. + pub artifacts: Vec, } const RECON_SYS: &str = "You are a web recon specialist. Map the target's attack surface and reply with a compact JSON object (tech, endpoints, auth, apis, ai_features). No prose."; const VOTE_SYS: &str = "You are an adversarial security validator. Decide if the candidate finding is a REAL, reproducible, exploitable vulnerability with proof. Reply with JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}. Default to rejected when uncertain."; +const CODE_VOTE_SYS: &str = "You are an adversarial source-code reviewer. Decide if the reported issue is a REAL vulnerability in the provided code (reachable, exploitable, not a false positive). Reply JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}."; -/// Run the full harness pipeline, streaming human-readable progress over `tx`. +/// Black-box web engagement: recon → parallel exploit → N-model vote → report. pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender) -> RunOutput { let _ = tx .send(format!( - "Loaded {} agents ({} vuln / {} meta) · models: {} · vote_n={} · concurrency={}", - lib.total(), - lib.vulns.len(), - lib.meta.len(), + "Loaded {} agents ({} vuln / {} recon / {} code / {} meta) · models: {} · vote_n={} · concurrency={}{}", + lib.total(), lib.vulns.len(), lib.recon.len(), lib.code.len(), lib.meta.len(), pool.candidates.iter().map(|m| m.label()).collect::>().join(", "), - cfg.vote_n, - cfg.concurrency, + cfg.vote_n, cfg.concurrency, + if pool.mcp_config.is_some() { " · Playwright MCP ON" } else { "" }, )) .await; - // ---- 1. Recon ------------------------------------------------------- + // ---- 1. Recon ------------------------------------------------------ let recon = if cfg.offline { let _ = tx.send("recon: offline mode — skipping model calls".into()).await; "{}".to_string() @@ -47,23 +52,42 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender 0 { cfg.max_agents } else { lib.vulns.len() }; - let selected: Vec = lib.vulns.iter().take(cap).cloned().collect(); - let _ = tx.send(format!("selected {} specialist agents", selected.len())).await; + // ---- 2. Intelligent, RL-ranked agent selection --------------------- + let mut rl = cfg.rl_path.as_ref().map(|p| RlState::load(Path::new(p))).unwrap_or_default(); + let mut ranked: Vec = lib.vulns.clone(); + ranked.sort_by(|a, b| rl.weight(&b.name).partial_cmp(&rl.weight(&a.name)).unwrap_or(std::cmp::Ordering::Equal)); + let cap = if cfg.max_agents > 0 { cfg.max_agents.min(ranked.len()) } else { ranked.len() }; if cfg.offline { - let _ = tx.send("offline: no exploitation performed (provide API keys to run live)".into()).await; - return RunOutput { - findings: vec![], - agents_ran: selected.iter().map(|a| a.name.clone()).collect(), - candidates: 0, - }; + let selected: Vec = ranked.into_iter().take(cap).collect(); + let _ = tx.send(format!("selected {} specialist agents (RL-ranked)", selected.len())).await; + let _ = tx.send("offline: no exploitation performed (provide API keys or --subscription to run live)".into()).await; + let artifacts = persist(&cfg, &recon, "", &[]); + return RunOutput { findings: vec![], agents_ran: selected.iter().map(|a| a.name.clone()).collect(), candidates: 0, recon, artifacts }; } - // ---- 3. Exploit (parallel, bounded by the pool semaphore) ---------- + // Use the model to pick the agents whose preconditions match the recon — + // the harness reasons about *which* specialists to run, not all of them. + let chosen = select_agents(pool, &recon, &ranked, &tx).await; + let selected: Vec = { + let mut sel: Vec = if chosen.is_empty() { + ranked.clone() + } else { + ranked.iter().filter(|a| chosen.iter().any(|c| c == &a.name)).cloned().collect() + }; + if sel.is_empty() { + sel = ranked.clone(); + } + sel.into_iter().take(cap).collect() + }; + let _ = tx + .send(format!("intelligently selected {} agent(s) matching recon: {}", selected.len(), + selected.iter().map(|a| a.name.clone()).collect::>().join(", "))) + .await; + + // ---- 3. Exploit (parallel) ----------------------------------------- let target = cfg.target.clone(); - let candidates: Vec = stream::iter(selected.iter().cloned()) + let raw: Vec<(String, String, Vec)> = stream::iter(selected.iter().cloned()) .map(|ag| { let target = target.clone(); let recon = recon.clone(); @@ -77,64 +101,221 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender { let f = extract_findings(&text, &ag.name); - let _ = txc - .send(format!("exploit {} via {} → {} candidate(s)", ag.name, m.label(), f.len())) - .await; - f + let _ = txc.send(format!("exploit {} via {} → {} candidate(s)", ag.name, m.label(), f.len())).await; + (ag.name.clone(), text, f) } Err(e) => { let _ = txc.send(format!("exploit {} failed: {e}", ag.name)).await; - vec![] + (ag.name.clone(), format!("ERROR: {e}"), vec![]) } } } }) .buffer_unordered(cfg.concurrency) - .collect::>>() - .await - .into_iter() - .flatten() - .collect(); + .collect() + .await; + let transcript = transcript_of(&raw); + let candidates: Vec = raw.iter().flat_map(|(_, _, f)| f.clone()).collect(); let _ = tx.send(format!("{} candidate finding(s) — validating by {}-model vote", candidates.len(), cfg.vote_n)).await; // ---- 4. Validate by N-model voting --------------------------------- - let vote_n = cfg.vote_n; + let findings = validate(candidates, pool, VOTE_SYS, cfg.vote_n, &tx).await; + finish(cfg, lib, recon, transcript, findings, selected, &mut rl, tx).await +} + +/// White-box engagement: analyse a repository's source for vulnerabilities. +pub async fn run_whitebox(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender) -> RunOutput { + let _ = tx.send(format!("WHITEBOX · repo: {} · {} code agents · models: {}", cfg.target, lib.code.len(), + pool.candidates.iter().map(|m| m.label()).collect::>().join(", "))).await; + + let context = collect_repo_context(Path::new(&cfg.target), 200, 120_000); + let bytes = context.len(); + let _ = tx.send(format!("collected {} bytes of source context", bytes)).await; + if bytes == 0 { + let _ = tx.send("no readable source found at the given path".into()).await; + } + + let mut rl = cfg.rl_path.as_ref().map(|p| RlState::load(Path::new(p))).unwrap_or_default(); + let mut ranked: Vec = if lib.code.is_empty() { lib.vulns.clone() } else { lib.code.clone() }; + ranked.sort_by(|a, b| rl.weight(&b.name).partial_cmp(&rl.weight(&a.name)).unwrap_or(std::cmp::Ordering::Equal)); + let cap = if cfg.max_agents > 0 { cfg.max_agents.min(ranked.len()) } else { ranked.len() }; + let selected: Vec = ranked.into_iter().take(cap).collect(); + let _ = tx.send(format!("selected {} code-analysis agents", selected.len())).await; + + if cfg.offline || bytes == 0 { + let artifacts = persist(&cfg, "{}", &context, &[]); + return RunOutput { findings: vec![], agents_ran: selected.iter().map(|a| a.name.clone()).collect(), candidates: 0, recon: String::new(), artifacts }; + } + + let raw: Vec<(String, String, Vec)> = stream::iter(selected.iter().cloned()) + .map(|ag| { + let ctx = context.clone(); + let txc = tx.clone(); + async move { + let user = format!( + "{}\n\nSOURCE CODE TO REVIEW:\n```\n{}\n```\n\nReply ONLY with a JSON array of findings (may be empty []). \ + Each item: {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}} \ + where `endpoint` is the file:line and `evidence` quotes the vulnerable code.", + ag.user.replace("{target}", "the provided repository").replace("{recon_json}", "{}"), + ctx + ); + match pool.complete(&ag.system, &user).await { + Ok((m, text)) => { + let f = extract_findings(&text, &ag.name); + let _ = txc.send(format!("analyze {} via {} → {} candidate(s)", ag.name, m.label(), f.len())).await; + (ag.name.clone(), text, f) + } + Err(e) => { + let _ = txc.send(format!("analyze {} failed: {e}", ag.name)).await; + (ag.name.clone(), format!("ERROR: {e}"), vec![]) + } + } + } + }) + .buffer_unordered(cfg.concurrency) + .collect() + .await; + + let transcript = transcript_of(&raw); + let candidates: Vec = raw.iter().flat_map(|(_, _, f)| f.clone()).collect(); + let _ = tx.send(format!("{} candidate finding(s) — validating", candidates.len())).await; + let findings = validate(candidates, pool, CODE_VOTE_SYS, cfg.vote_n, &tx).await; + finish(cfg, lib, "{}".into(), transcript, findings, selected, &mut rl, tx).await +} + +// --------------------------------------------------------------------------- shared + +const SELECT_SYS: &str = "You are a penetration-test orchestrator. Given recon of a target and a catalog of specialist agents, choose ONLY the agents whose preconditions clearly match the target's attack surface. Be selective. Reply with a JSON array of agent names (strings) drawn exactly from the catalog. No prose."; + +/// Ask the model which agents to run for this recon. Returns chosen agent names +/// (empty on failure → caller falls back to RL-ranked agents). +async fn select_agents(pool: &ModelPool, recon: &str, catalog: &[Agent], tx: &Sender) -> Vec { + let list = catalog + .iter() + .map(|a| format!("{} — {} [{}]", a.name, a.title.replace(" Agent", ""), a.cwe)) + .collect::>() + .join("\n"); + let user = format!("RECON:\n{recon}\n\nAGENT CATALOG (name — title [cwe]):\n{list}\n\nReturn a JSON array of agent names to run."); + match pool.complete(SELECT_SYS, &user).await { + Ok((m, text)) => { + let names = parse_string_array(&text); + let _ = tx.send(format!("agent selection via {} → {} agent(s) chosen", m.label(), names.len())).await; + names + } + Err(e) => { + let _ = tx.send(format!("agent selection failed ({e}) — falling back to RL ranking")).await; + vec![] + } + } +} + +fn parse_string_array(text: &str) -> Vec { + match (text.find('['), text.rfind(']')) { + (Some(a), Some(b)) if b > a => serde_json::from_str::>(&text[a..=b]).unwrap_or_default(), + _ => vec![], + } +} + +async fn validate(candidates: Vec, pool: &ModelPool, sys: &str, vote_n: usize, tx: &Sender) -> Vec { let validated: Vec = stream::iter(candidates.into_iter()) .map(|mut f| { let txc = tx.clone(); async move { let q = format!( - "Finding: {} | severity {} | {} | endpoint {} | payload {} | evidence {}", + "Finding: {} | severity {} | {} | at {} | payload {} | evidence {}", f.title, f.severity, f.cwe, f.endpoint, f.payload, f.evidence ); - let (yes, total) = pool.vote(VOTE_SYS, &q, vote_n).await; + let (yes, total) = pool.vote(sys, &q, vote_n).await; f.validated = total > 0 && yes * 2 >= total; f.votes = format!("{yes}/{total}"); if f.confidence == 0.0 && total > 0 { f.confidence = yes as f64 / total as f64; } - let _ = txc - .send(format!("vote {} → {} ({})", f.title, if f.validated { "CONFIRMED" } else { "rejected" }, f.votes)) - .await; + let _ = txc.send(format!("vote {} → {} ({})", f.title, if f.validated { "CONFIRMED" } else { "rejected" }, f.votes)).await; f } }) - .buffer_unordered(cfg.concurrency) - .collect::>() + .buffer_unordered(pool.candidates.len().max(2)) + .collect() .await; + validated.into_iter().filter(|f| f.validated).collect() +} - let candidates = validated.len(); - let findings: Vec = validated.into_iter().filter(|f| f.validated).collect(); +async fn finish(cfg: RunConfig, _lib: &Library, recon: String, transcript: String, findings: Vec, + selected: Vec, rl: &mut RlState, tx: Sender) -> RunOutput { let _ = tx.send(format!("{} validated finding(s)", findings.len())).await; + // RL update: reward agents that produced validated findings; gently decay idle. + let hit: std::collections::HashMap<&str, f64> = findings.iter().fold(Default::default(), |mut m, f| { + let e = m.entry(f.agent.as_str()).or_insert(0.0); + *e = (*e + severity_reward(&f.severity)).min(1.0); + m + }); + for a in &selected { + let r = hit.get(a.name.as_str()).copied().unwrap_or(-0.05); + rl.update(&a.name, r); + } + rl.runs += 1; + if let Some(p) = &cfg.rl_path { + rl.save(Path::new(p)); + let _ = tx.send("RL rewards updated".into()).await; + } + + let artifacts = persist(&cfg, &recon, &transcript, &findings); + if !artifacts.is_empty() { + let _ = tx.send(format!("artifacts saved: {}", artifacts.join(", "))).await; + } + RunOutput { + candidates: findings.len(), findings, agents_ran: selected.iter().map(|a| a.name.clone()).collect(), - candidates, + recon, + artifacts, } } +/// Write recon/exploit/findings/report as json+md for downstream reuse. +fn persist(cfg: &RunConfig, recon: &str, transcript: &str, findings: &[Finding]) -> Vec { + let Some(dir) = &cfg.workdir else { return vec![] }; + let dir = PathBuf::from(dir); + if std::fs::create_dir_all(&dir).is_err() { + return vec![]; + } + let mut written = Vec::new(); + let mut put = |name: &str, content: String| { + let p = dir.join(name); + if std::fs::write(&p, content).is_ok() { + written.push(p.display().to_string()); + } + }; + put("recon.json", recon.to_string()); + put("recon.md", format!("# Recon — {}\n\n```json\n{}\n```\n", cfg.target, recon)); + if !transcript.is_empty() { + put("exploitation.md", format!("# Agent transcript — {}\n\n{}", cfg.target, transcript)); + } + put("findings.json", serde_json::to_string_pretty(findings).unwrap_or_else(|_| "[]".into())); + put("findings.md", findings_md(&cfg.target, findings)); + put("report.html", report::html(&cfg.target, findings)); + written +} + +fn findings_md(target: &str, findings: &[Finding]) -> String { + let mut s = format!("# NeuroSploit findings — {}\n\n{} validated finding(s).\n", target, findings.len()); + for (i, f) in findings.iter().enumerate() { + s.push_str(&format!( + "\n## {}. [{}] {}\n- agent: `{}` CWE: {} CVSS: {} votes: {} confidence: {:.2}\n- endpoint: {}\n\n**Payload**\n```\n{}\n```\n\n**Evidence**\n{}\n\n**Impact:** {}\n\n**Remediation:** {}\n", + i + 1, f.severity, f.title, f.agent, f.cwe, f.cvss, f.votes, f.confidence, f.endpoint, f.payload, f.evidence, f.impact, f.remediation + )); + } + s +} + +fn transcript_of(raw: &[(String, String, Vec)]) -> String { + raw.iter().map(|(n, t, f)| format!("## {} ({} candidate)\n\n{}\n", n, f.len(), t)).collect::>().join("\n") +} + /// Pull a JSON array (or object) of findings out of a model's reply. fn extract_findings(text: &str, agent: &str) -> Vec { let slice = match (text.find('['), text.rfind(']')) { @@ -154,7 +335,42 @@ fn extract_findings(text: &str, agent: &str) -> Vec { for f in out.iter_mut() { f.agent = agent.to_string(); if f.id.is_empty() { - f.id = format!("{}-{}", agent, &f.title.chars().take(12).collect::()); + f.id = format!("{}-{}", agent, f.title.chars().take(12).collect::()); + } + } + out +} + +/// Concatenate source files under `root` into a bounded review context. +fn collect_repo_context(root: &Path, max_files: usize, max_bytes: usize) -> String { + const EXTS: &[&str] = &[ + "rs", "py", "js", "ts", "tsx", "jsx", "go", "java", "php", "rb", "c", "cc", "cpp", "h", "hpp", + "cs", "kt", "swift", "scala", "sh", "sql", "html", "vue", "yml", "yaml", "tf", + ]; + let mut out = String::new(); + let mut files = 0usize; + if !root.exists() { + return out; + } + for entry in walkdir::WalkDir::new(root).max_depth(8).into_iter().flatten() { + if files >= max_files || out.len() >= max_bytes { + break; + } + let path = entry.path(); + let s = path.to_string_lossy(); + if s.contains("/.git/") || s.contains("/node_modules/") || s.contains("/target/") || s.contains("/vendor/") { + continue; + } + let ext = path.extension().and_then(|e| e.to_str()).unwrap_or(""); + if !EXTS.contains(&ext) { + continue; + } + if let Ok(content) = std::fs::read_to_string(path) { + let rel = path.strip_prefix(root).unwrap_or(path).to_string_lossy(); + let budget = max_bytes.saturating_sub(out.len()); + let take = content.len().min(budget).min(8_000); + out.push_str(&format!("\n// ===== file: {} =====\n{}\n", rel, &content[..take])); + files += 1; } } out diff --git a/neurosploit-rs/crates/harness/src/pool.rs b/neurosploit-rs/crates/harness/src/pool.rs index 4403705..6c28805 100644 --- a/neurosploit-rs/crates/harness/src/pool.rs +++ b/neurosploit-rs/crates/harness/src/pool.rs @@ -13,14 +13,21 @@ pub struct ModelPool { sem: Arc, pub candidates: Vec, pub subscription: bool, + /// Path to an `.mcp.json` (Playwright) used on the subscription/CLI path. + pub mcp_config: Option, } impl ModelPool { pub fn new(models: Vec, concurrency: usize) -> Self { - Self::with_auth(models, concurrency, false) + Self::with_auth(models, concurrency, false, None) } - pub fn with_auth(models: Vec, concurrency: usize, subscription: bool) -> Self { + pub fn with_auth( + models: Vec, + concurrency: usize, + subscription: bool, + mcp_config: Option, + ) -> Self { let concurrency = concurrency.max(1); ModelPool { client: ChatClient::new(), @@ -31,13 +38,17 @@ impl ModelPool { models }, subscription, + mcp_config, } } - /// One completion for a model, via subscription CLI or HTTP API. + /// One completion for a model, via subscription CLI (optionally with MCP) or HTTP API. async fn one(&self, m: &ModelRef, system: &str, user: &str) -> Result { if self.subscription && cli_binary_for(&m.provider).is_some() { - return self.client.chat_cli(&m.provider, &m.model, system, user).await; + return self + .client + .chat_cli(&m.provider, &m.model, system, user, self.mcp_config.as_deref()) + .await; } self.client.chat(m, system, user).await } diff --git a/neurosploit-rs/crates/harness/src/rl.rs b/neurosploit-rs/crates/harness/src/rl.rs new file mode 100644 index 0000000..0cf9366 --- /dev/null +++ b/neurosploit-rs/crates/harness/src/rl.rs @@ -0,0 +1,60 @@ +//! Lightweight reinforcement-learning reward store for the harness. +//! +//! Each agent carries a weight in [0.05, 1.0]; validated findings reward it, +//! idle runs decay it slightly. Weights bias agent ordering on future runs and +//! persist to a JSON file so the harness gets sharper over time. + +use serde::{Deserialize, Serialize}; +use std::collections::HashMap; +use std::path::Path; + +#[derive(Default, Serialize, Deserialize)] +pub struct RlState { + #[serde(default)] + pub weights: HashMap, + #[serde(default)] + pub runs: u64, +} + +const ALPHA: f64 = 0.3; +const WMIN: f64 = 0.05; +const WMAX: f64 = 1.0; + +impl RlState { + pub fn load(path: &Path) -> RlState { + std::fs::read_to_string(path) + .ok() + .and_then(|s| serde_json::from_str(&s).ok()) + .unwrap_or_default() + } + + pub fn weight(&self, agent: &str) -> f64 { + *self.weights.get(agent).unwrap_or(&0.5) + } + + /// Reward in [-1, 1]; e.g. severity-weighted hits positive, idle negative. + pub fn update(&mut self, agent: &str, reward: f64) { + let w = self.weights.entry(agent.to_string()).or_insert(0.5); + *w = (*w + ALPHA * (reward - *w)).clamp(WMIN, WMAX); + } + + pub fn save(&self, path: &Path) { + if let Some(parent) = path.parent() { + let _ = std::fs::create_dir_all(parent); + } + if let Ok(s) = serde_json::to_string_pretty(self) { + let _ = std::fs::write(path, s); + } + } +} + +/// Severity → reward weight. +pub fn severity_reward(sev: &str) -> f64 { + match sev { + "Critical" => 1.0, + "High" => 0.7, + "Medium" => 0.4, + "Low" => 0.2, + _ => 0.05, + } +} diff --git a/neurosploit-rs/crates/harness/src/types.rs b/neurosploit-rs/crates/harness/src/types.rs index 591cda9..66d0594 100644 --- a/neurosploit-rs/crates/harness/src/types.rs +++ b/neurosploit-rs/crates/harness/src/types.rs @@ -74,6 +74,12 @@ pub struct RunConfig { /// of HTTP API keys. #[serde(default)] pub subscription: bool, + /// Directory to persist run artifacts (recon/exploit/findings json+md). + #[serde(default)] + pub workdir: Option, + /// Path to the RL reward state file. + #[serde(default)] + pub rl_path: Option, } fn default_vote() -> usize { @@ -93,6 +99,8 @@ impl RunConfig { max_agents: 0, offline: false, subscription: false, + workdir: None, + rl_path: None, } } } diff --git a/neurosploit-rs/hs_hdr.txt b/neurosploit-rs/hs_hdr.txt new file mode 100644 index 0000000..3bc067d --- /dev/null +++ b/neurosploit-rs/hs_hdr.txt @@ -0,0 +1,24 @@ +HTTP/2 200 +date: Mon, 22 Jun 2026 20:03:23 GMT +content-type: text/html; charset=UTF-8 +cf-ray: a0fddb2608004cf7-GRU +cf-cache-status: DYNAMIC +cache-control: no-store, no-cache, must-revalidate +expires: Thu, 19 Nov 1981 08:52:00 GMT +server: cloudflare +set-cookie: PHPSESSID=8e1ac50a4f9a4bec19d456ecc11ba781; path=/; secure; HttpOnly; SameSite=Lax +set-cookie: user_language=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/ +set-cookie: user_language=pt; expires=Tue, 22 Jun 2027 20:03:23 GMT; Max-Age=31536000; path=/; domain=.hackersec.com; secure; HttpOnly; SameSite=Lax +strict-transport-security: max-age=15552000; includeSubDomains; preload +vary: Accept-Encoding +pragma: no-cache +content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://snap.licdn.com https://px.ads.linkedin.com; frame-src 'self' https://www.googletagmanager.com https://td.doubleclick.net https://vars.hotjar.com https://www.google.com https://maps.google.com https://www.google.com/maps/embed; frame-ancestors 'self'; form-action 'self'; base-uri 'self' +expect-ct: max-age=86400, enforce +referrer-policy: same-origin +x-content-type-options: nosniff +x-frame-options: SAMEORIGIN +x-xss-protection: 1; mode=block +report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VHXHHEFxf1FeB7p%2FSZOs6ttzdPjv0%2BZKnuq964Yjrm44aGqGaLbxIKorQ46QqRSB1aJH40Lg5h5k0Opf%2FbY8%2Fqt1bz2b4uVVdD0G4CU%2B4Yf1ACKi%2F1z8YD90k2RTk7U%3D"}]} +nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} +alt-svc: h3=":443"; ma=86400 + diff --git a/neurosploit-rs/hs_index.html b/neurosploit-rs/hs_index.html new file mode 100644 index 0000000..dcc534b --- /dev/null +++ b/neurosploit-rs/hs_index.html @@ -0,0 +1,1094 @@ + + + + + + + + HackerSec - Empresa de Pentest e Cibersegurança Ofensiva + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+ Plataforma HAS + Agente de IA (Yaga) + Pentest AI-First + Pentest AI-Native + Integrações +
+
+ Serviços + Parceiros + Academy + Blog + Sobre Nós + +
+ +
+ Português + English + Español +
+
+
+ + +
+ +
+
+
+
+
+
+
+
+
+
+
+
+

Descubra vulnerabilidades
antes dos atacantes

+

+ Realize testes ofensivos que simulam ciberataques reais.

+
+ Como Funciona +
+
+
+
+
+500
+
Empresas protegidas
+
+
+
+250K
+
Vulnerabilidades reportadas
+
+
+
+1000
+
Testes realizados por ano
+
+
+
+200K
+
Seguidores pelo mundo
+
+
+
+ +
+ + + +
+
+
+
Como funciona
+

Pentest descomplicado, do jeito que deveria ser.

+

+ Solicite pentests a qualquer momento, a cada atualização, lançamento ou exigência de compliance. Da solicitação à validação das correções, tudo em um fluxo simples.

+
+
+
+
+
01
+
+

Escolha o que Testar

+

Defina o escopo direto na plataforma e solicite seu pentest em minutos.

+
+
+
+
+
02
+
+

IA + Humanos testam

+

Os agentes de IA e pentesters humanos encontram vulnerabilidades reais.

+
+
+
+
+
03
+
+

Receba Vulnerabilidades

+

Cada falha documentada com evidências, nível de risco e instruções de correção.

+
+
+
+
+
04
+
+

Corrija Rápido

+

Correções guiadas passo a passo para sua equipe resolver com agilidade.

+
+
+
+
+
+ + + +
+
+ +
+ + +
+
+
Agente de IA
+

Ataques cibernéticos potencializados por uma IA ofensiva de verdade

+

IA para potencializar ataques e humanos para aprofundar.
A combinação perfeita.

+
+
+
+ + +
+
+
+
Ambientes
+

Teste qualquer estrutura cibernética

+

+ Testes ofensivos em qualquer ambiente, seja ele moderno, crítico ou legado. Descubra onde você está exposto antes que alguém aproveite.

+
+
+
+
+ + Aplicações Web +
+
+
+
+ + APIs +
+
+
+
+ + Aplicativos Mobile +
+
+
+
+ + IA / LLM +
+
+
+
+ + Cloud +
+
+
+
+ + Rede Externa +
+
+
+
+ + Rede Interna +
+
+
+
+ + IoT +
+
+
+
+ Metodologias: +
+ OWASP + NIST + PCI DSS + ISO 27001 + PTES + MITRE ATT&CK + SOC 2 + HIPAA +
+
+
+ Solicitar Teste Agora +
+
+
+ + +
+
+
+
Plataforma HAS
+

Do pentest à correção, tudo em um só lugar

+

Solicite testes, receba vulnerabilidades com evidências e acompanhe cada correção até o reteste final.

+
+
+
+
+
+
+
+
+
+
app.hackersec.com/has
+
+
+ +
+
+
Crítica
+
1
+
+
+
Alta
+
3
+
+
+
Média
+
5
+
+
+
Baixa
+
2
+
+
+ +
+
Solicitar Novo Teste
+
+ +
+
+
+
+
SQL Injection em /api/v2/users
+
api.pagamentos.techcorp.com.br
+
+ Crítica + Reportada +
+
+
+
+
IDOR em endpoint de perfil
+
api.pagamentos.techcorp.com.br
+
+ Alta + Em correção +
+
+
+
+
JWT Algorithm Confusion
+
auth.techcorp.com.br
+
+ Alta + Reteste +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Conhecer a plataforma +
+
+
+ + +
+
+
+
Diferenciais
+

Pentest moderno

+

Processo simplificado, resultado profissional. Sem a burocracia do mercado tradicional.

+
+ +
+
+
+ Aspecto + HackerSec + Mercado Tradicional +
+
+ Tempo para começar + 24 horas + 2-4 semanas +
+
+ Acompanhamento + Tempo real + Só no final +
+
+ Reteste + Incluso + Cobrado à parte +
+
+ Reuniões de escopo + Opcional + Várias calls +
+
+ Resultados + Plataforma + Relatórios Personalizados + Relatório estático +
+
+ Contato com pentester + Direto + Via gerente +
+
+
+
+ Começar agora +
+
+
+ + +
+
+
+
Planos
+

Escolha o melhor plano

+

+ Opções flexíveis que se adaptam ao tamanho e necessidade da sua empresa.

+
+
+
+
+
Pontual
+

Para empresas com poucas atualizações. Teste quando precisar.

+
    +
  • Ativos únicos
    • +
  • Testes AI-Native e AI-First
    • +
  • Reteste de vulnerabilidades até corrigir
    • +
  • Relatórios prontos para compliance
    • +
  • Integrações
    • +
+ Solicitar Agora +
+
+
+
+
Contínuo
+

Para empresas com atualizações frequentes. Solicite testes de forma contínua.

+
    +
  • Ativos renováveis mensalmente
    • +
  • Programe seus testes
    • +
  • Testes AI-Native e AI-First
    • +
  • Retestes de vulnerabilidades ilimitados
    • +
  • Relatórios prontos para compliance
    • +
  • Integrações
    • +
+ Solicitar Agora +
+
+
+
+
+ + + + + + + + + + + + + + + + + + + diff --git a/neurosploit-rs/hs_robots.txt b/neurosploit-rs/hs_robots.txt new file mode 100644 index 0000000..86a06d1 --- /dev/null +++ b/neurosploit-rs/hs_robots.txt @@ -0,0 +1,8 @@ +# HackerSec - Robots.txt +# https://hackersec.com + +User-agent: * +Allow: / + +# Sitemap +Sitemap: https://hackersec.com/sitemap.php diff --git a/neurosploit-rs/hs_sitemap.xml b/neurosploit-rs/hs_sitemap.xml new file mode 100644 index 0000000..19abe6d --- /dev/null +++ b/neurosploit-rs/hs_sitemap.xml @@ -0,0 +1 @@ +Just a moment...
\ No newline at end of file diff --git a/neurosploit-rs/rl_codes.txt b/neurosploit-rs/rl_codes.txt new file mode 100644 index 0000000..642bf33 --- /dev/null +++ b/neurosploit-rs/rl_codes.txt @@ -0,0 +1,100 @@ +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 +200 diff --git a/scripts/build_agents_v34.py b/scripts/build_agents_v34.py new file mode 100644 index 0000000..d83ba6c --- /dev/null +++ b/scripts/build_agents_v34.py @@ -0,0 +1,214 @@ +#!/usr/bin/env python3 +""" +NeuroSploit v3.4.x — recon + whitebox(code) agent builder. + +Emits two new categories the Rust harness loads: + agents_md/recon/ — information-gathering specialists + agents_md/code/ — white-box source-code (SAST) review specialists + +Usage: python3 scripts/build_agents_v34.py +""" +import os + +ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + + +def render(a, code=False): + L = [f"# {a['title']} Agent\n", "## User Prompt"] + if code: + L.append(f"You are reviewing the source code of **{{target}}** for {a['for']}.\n") + L.append("**Recon Context:**\n{recon_json}\n") + L.append("The relevant source files are provided to you below the methodology.\n") + else: + L.append(f"You are performing reconnaissance on **{{target}}** to {a['for']}.\n") + L.append("**Recon Context:**\n{recon_json}\n") + L.append("**METHODOLOGY:**\n") + for i, (s, bs) in enumerate(a["steps"], 1): + L.append(f"### {i}. {s}") + L += [f"- {b}" for b in bs] + L.append("") + n = len(a["steps"]) + 1 + L.append(f"### {n}. Report Format") + L.append("For each CONFIRMED finding:") + L.append("```") + L.append("FINDING:") + L.append(f"- Title: {a['title']} at [{'file:line' if code else 'asset/endpoint'}]") + L.append(f"- Severity: {a['sev']}") + L.append(f"- CWE: {a['cwe']}") + L.append(f"- Endpoint: [{'file:line' if code else 'URL/host'}]") + L.append("- Vector: [what/where]") + L.append("- Payload: [PoC / vulnerable code snippet]") + L.append("- Evidence: [proof / exact code quoted]") + L.append(f"- Impact: {a['impact']}") + L.append(f"- Remediation: {a['fix']}") + L.append("```\n") + L.append("## System Prompt") + L.append(a["system"]) + return "\n".join(L) + "\n" + + +RECON = [ +{"name":"subdomain_enum","title":"Subdomain Enumeration Specialist","for":"discover all subdomains and expand the attack surface","sev":"Info","cwe":"CWE-200","impact":"Wider attack surface, forgotten/staging hosts","fix":"Inventory and decommission stale DNS records", + "steps":[("Passive sources",["Query crt.sh, certificate transparency, Shodan, and passive DNS","Run `subfinder -d {target}` and `amass enum -passive -d {target}`"]), + ("Active resolution",["Resolve and probe with `httpx -title -tech-detect -status-code`","Bruteforce with a curated wordlist where in scope"]), + ("Triage",["Flag dev/staging/admin/api hosts and dangling CNAMEs (subdomain takeover candidates)"])], + "system":"You are a recon specialist. Report only resolvable, in-scope subdomains you actually observed, with the resolution evidence. Do not invent hosts."}, +{"name":"tech_fingerprint","title":"Technology Fingerprinting Specialist","for":"identify the full technology stack and versions","sev":"Info","cwe":"CWE-200","impact":"Targeted exploitation of known-vulnerable components","fix":"Hide version banners; keep components patched", + "steps":[("Fingerprint",["Inspect headers, cookies, error pages, favicon hash","Run `whatweb`, `nuclei -t technologies`, and Wappalyzer-style detection"]), + ("Version map",["Map server, framework, language, CMS, JS libs and their versions"]), + ("CVE correlation",["Correlate detected versions to known CVEs for later exploitation"])], + "system":"You are a fingerprinting specialist. Report only technologies you positively detected with the supporting evidence (header/banner/hash). Mark version guesses as uncertain."}, +{"name":"js_analysis","title":"JavaScript Analysis Specialist","for":"extract endpoints, secrets and logic from client-side JS","sev":"Low","cwe":"CWE-200","impact":"Hidden endpoints and leaked secrets in bundles","fix":"Strip secrets from client code; restrict sourcemaps", + "steps":[("Collect",["Gather all JS bundles and sourcemaps; `katana`/`gau` for URLs"]), + ("Extract",["Regex for API paths, fetch/axios calls, API keys (sk-, AIza, nvapi-), tokens"]), + ("Map",["Build an endpoint + parameter inventory from the JS for downstream agents"])], + "system":"You are a JS-recon specialist. Report only endpoints/secrets actually present in the served JS, quoting the snippet. Validated secrets only; never invent."}, +{"name":"api_discovery","title":"API Surface Discovery Specialist","for":"enumerate REST/GraphQL/gRPC/WebSocket surfaces","sev":"Info","cwe":"CWE-200","impact":"Undocumented API endpoints widen attack surface","fix":"Gate non-public APIs; remove exposed schemas", + "steps":[("Find specs",["Probe /openapi.json, /swagger, /graphql, /.well-known, /v1 /v2 prefixes"]), + ("Enumerate",["Introspect GraphQL; enumerate REST routes; check gRPC reflection"]), + ("Catalog",["Record methods, params, auth requirements per endpoint"])], + "system":"You are an API-recon specialist. Report only endpoints you confirmed respond, with method and a sample response signature. No speculation."}, +{"name":"secret_scanning","title":"Exposed Secret Scanning Specialist","for":"find leaked credentials and keys across exposed assets","sev":"High","cwe":"CWE-522","impact":"Credential/key exposure enabling account or cloud takeover","fix":"Rotate exposed secrets; remove from public assets", + "steps":[("Sweep",["Scan JS, .env, .git, backups, CI logs, comments with trufflehog-style regex"]), + ("Validate",["Confirm key format and (in scope) liveness without abusing it"]), + ("Classify",["Tag provider and privilege of each secret"])], + "system":"You are a secret-scanning specialist. Report only real, validly-formatted secrets you actually found, quoting location. Never abuse keys beyond a minimal validity check."}, +{"name":"dns_recon","title":"DNS Reconnaissance Specialist","for":"map DNS records and infrastructure relationships","sev":"Info","cwe":"CWE-200","impact":"Infra mapping; zone/record misconfig discovery","fix":"Harden DNS; disable zone transfers", + "steps":[("Records",["Enumerate A/AAAA/CNAME/MX/TXT/NS/SOA; check SPF/DMARC/DKIM"]), + ("Misconfig",["Test zone transfer (AXFR), wildcard records, dangling CNAMEs"]), + ("Relate",["Cluster shared infrastructure and providers"])], + "system":"You are a DNS-recon specialist. Report only records you actually resolved, with the query evidence."}, +{"name":"content_discovery","title":"Content & Path Discovery Specialist","for":"discover hidden files, directories and backups","sev":"Low","cwe":"CWE-538","impact":"Exposure of admin panels, backups, configs","fix":"Remove sensitive files from web root; enforce authz", + "steps":[("Crawl",["Spider with katana; parse robots.txt/sitemap.xml/.well-known"]), + ("Fuzz",["`ffuf` directories/files with sensible wordlists and extensions (.bak,.old,.zip,.sql)"]), + ("Triage",["Flag admin, backup, config, and source-leak paths"])], + "system":"You are a content-discovery specialist. Report only paths that returned a meaningful status/body, with the evidence. No 404s as findings."}, +{"name":"parameter_discovery","title":"Parameter Discovery Specialist","for":"enumerate hidden request parameters and inputs","sev":"Info","cwe":"CWE-200","impact":"Hidden params enable injection/logic attacks","fix":"Validate and document all accepted parameters", + "steps":[("Mine",["Extract params from JS, forms, history (gau), and docs"]), + ("Bruteforce",["Use arjun/param-miner style discovery with reflection detection"]), + ("Hand off",["Provide the param inventory to injection specialists"])], + "system":"You are a parameter-discovery specialist. Report only parameters you confirmed the app accepts/reflects, with evidence."}, +{"name":"waf_cdn_detection","title":"WAF/CDN Detection Specialist","for":"identify WAF/CDN and inform evasion strategy","sev":"Info","cwe":"CWE-200","impact":"Informs bypass strategy; reveals origin exposure","fix":"Ensure origin is not directly reachable", + "steps":[("Detect",["Fingerprint WAF/CDN via headers, cookies, block pages, `wafw00f`"]), + ("Origin",["Search for origin IP leaks (DNS history, SSL SANs, headers)"]), + ("Strategy",["Note effective encodings/paths for later, in-scope testing"])], + "system":"You are a WAF/CDN specialist. Report only positively-identified protections and any verified origin exposure, with evidence."}, +{"name":"cloud_asset_discovery","title":"Cloud Asset Discovery Specialist","for":"discover cloud buckets, functions and metadata surfaces","sev":"Low","cwe":"CWE-200","impact":"Exposed cloud assets and SSRF/metadata vectors","fix":"Lock down public cloud assets; enforce IMDSv2", + "steps":[("Discover",["Find S3/GCS/Azure references; permutate bucket names; detect cloud provider"]), + ("Probe",["Check public list/read on storage; note SSRF-to-metadata potential"]), + ("Catalog",["Record provider, asset, and access level"])], + "system":"You are a cloud-recon specialist. Report only assets you confirmed exist with their observed access level. No guessed buckets."}, +{"name":"graphql_discovery","title":"GraphQL Discovery Specialist","for":"map the GraphQL schema and sensitive operations","sev":"Low","cwe":"CWE-200","impact":"Schema exposure aids targeted attacks","fix":"Disable introspection/suggestions in production", + "steps":[("Locate",["Find /graphql endpoints and test introspection"]), + ("Map",["If introspection off, use field-suggestion (clairvoyance) to reconstruct types"]), + ("Flag",["Mark mutations and sensitive queries for the API agents"])], + "system":"You are a GraphQL-recon specialist. Report only schema elements you actually recovered, with the query/response evidence."}, +{"name":"osint_employee","title":"OSINT & Exposure Mapping Specialist","for":"map public exposure (leaked creds, repos, docs) for the target org","sev":"Low","cwe":"CWE-200","impact":"Public exposure enabling targeted attacks","fix":"Monitor and remediate public exposure", + "steps":[("Sources",["Search public code (GitHub), paste sites, breach indices (in scope)"]), + ("Correlate",["Link leaked emails/creds/repos to the target's assets"]), + ("Report",["Summarize exposure relevant to the engagement"])], + "system":"You are an OSINT specialist operating strictly within authorized scope. Report only verifiable public exposure tied to the target, citing the source. No private data harvesting."}, +] + + +def _code(name, title, vc, cwe, sev, patterns, fix, impact): + return {"name": name, "title": title, "for": f"{vc} in the source code", "sev": sev, "cwe": cwe, + "impact": impact, "fix": fix, + "steps": [("Locate sinks/sources", patterns), + ("Trace dataflow", ["Trace user-controlled input from source to the dangerous sink", + "Confirm the path is reachable and lacks sanitization/validation"]), + ("Confirm exploitability", ["Quote the exact vulnerable lines (file:line)", + "Explain the concrete exploit and why existing controls don't stop it"])], + "system": f"You are a white-box source reviewer for {vc}. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess."} + + +CODE = [ +_code("code_sqli","Source SQL Injection Reviewer","SQL injection","CWE-89","Critical", + ["String concatenation/interpolation into SQL (f-strings, +, .format) passed to execute()","Raw queries bypassing the ORM; `.raw(`, `cursor.execute(... % ...)`"], + "Use parameterized queries / ORM bindings","Database compromise, data exfiltration"), +_code("code_command_injection","Source Command Injection Reviewer","OS command injection","CWE-78","Critical", + ["`os.system`, `subprocess(..., shell=True)`, `exec`, backticks with user input","Unsanitized input concatenated into shell strings"], + "Avoid shells; pass argument arrays; validate input","Remote code execution on the host"), +_code("code_path_traversal","Source Path Traversal Reviewer","path traversal / arbitrary file access","CWE-22","High", + ["User input in file paths (open/read/sendFile) without normalization","Missing checks for `../` and absolute paths"], + "Canonicalize and confine paths to a safe base directory","Arbitrary file read/write"), +_code("code_ssrf","Source SSRF Reviewer","server-side request forgery","CWE-918","High", + ["User-controlled URLs passed to HTTP clients (requests/fetch/curl)","No allowlist or scheme/host validation"], + "Allowlist destinations; block internal ranges and redirects","Internal network access, cloud metadata theft"), +_code("code_xss","Source XSS Reviewer","cross-site scripting (output encoding)","CWE-79","High", + ["Unescaped user input rendered to HTML (innerHTML, dangerouslySetInnerHTML, `|safe`, `v-html`)","Template autoescaping disabled"], + "Context-aware output encoding; keep autoescaping on; CSP","Session theft, account takeover"), +_code("code_insecure_deserialization","Source Insecure Deserialization Reviewer","unsafe deserialization","CWE-502","Critical", + ["`pickle.loads`, `yaml.load` (unsafe), Java/PHP native deserialization on untrusted data","Object deserialization of request data"], + "Use safe formats/loaders; never deserialize untrusted data","Remote code execution"), +_code("code_hardcoded_secrets","Source Hardcoded Secrets Reviewer","hardcoded credentials/keys","CWE-798","High", + ["API keys, passwords, tokens, private keys committed in source/config","High-entropy strings assigned to credential-like names"], + "Move secrets to a vault/env; rotate exposed values","Credential/key compromise"), +_code("code_weak_crypto","Source Weak Cryptography Reviewer","weak or misused cryptography","CWE-327","Medium", + ["MD5/SHA1 for passwords; ECB mode; static IV/salt; hardcoded keys","Custom/rolled crypto; weak random for security tokens"], + "Use vetted algorithms (bcrypt/argon2, AES-GCM), random IVs, CSPRNG","Data exposure, token forgery"), +_code("code_auth_flaws","Source Authentication/Authorization Reviewer","broken authentication/authorization","CWE-287","High", + ["Missing auth checks on sensitive routes; client-trusted role flags","Comparisons of secrets without constant-time; weak session handling"], + "Enforce server-side authz on every action; harden sessions","Privilege escalation, account takeover"), +_code("code_idor_access","Source IDOR / Access Control Reviewer","insecure direct object references","CWE-639","High", + ["Object lookups by user-supplied id without ownership checks","Direct DB fetch on `request.id` with no scoping"], + "Enforce per-object ownership/authorization checks","Cross-account data access"), +_code("code_xxe","Source XXE Reviewer","XML external entity processing","CWE-611","High", + ["XML parsers with external entities/DTDs enabled on untrusted input","`resolve_entities=True`, default-config parsers"], + "Disable DTDs/external entities; use hardened parsers","File disclosure, SSRF"), +_code("code_open_redirect","Source Open Redirect Reviewer","open redirect","CWE-601","Medium", + ["Redirects built from user input (redirect(request.param))","No allowlist of redirect destinations"], + "Allowlist redirect targets; use relative paths","Phishing, OAuth token theft"), +_code("code_template_injection","Source Template Injection Reviewer","server-side template injection","CWE-1336","Critical", + ["User input concatenated into template strings then rendered","`render_template_string`, dynamic template construction"], + "Never render user input as templates; sandbox","Remote code execution"), +_code("code_race_condition","Source Race Condition Reviewer","TOCTOU / concurrency flaws","CWE-362","Medium", + ["Check-then-act on shared state without locking","Non-atomic balance/quota/idempotency updates"], + "Use atomic operations, locks, or transactions","Double-spend, state corruption"), +_code("code_unsafe_eval","Source Unsafe Eval Reviewer","dynamic code evaluation","CWE-95","Critical", + ["`eval`, `exec`, `Function()`, `setTimeout(string)` on user input","Dynamic import/require of user-controlled names"], + "Eliminate dynamic eval; use safe parsers/dispatch tables","Remote code execution"), +_code("code_csrf_missing","Source CSRF Protection Reviewer","missing CSRF protection","CWE-352","Medium", + ["State-changing POST/PUT/DELETE without CSRF tokens","CSRF protection globally disabled"], + "Enable anti-CSRF tokens / SameSite cookies","Unauthorized state-changing actions"), +_code("code_insecure_random","Source Insecure Randomness Reviewer","predictable randomness for security","CWE-330","Medium", + ["`random`/`Math.random` used for tokens, IDs, passwords, OTPs","Seeded or time-based randomness for secrets"], + "Use a CSPRNG (secrets, crypto.randomBytes)","Token/session prediction"), +_code("code_logging_sensitive","Source Sensitive Logging Reviewer","sensitive data in logs","CWE-532","Low", + ["Logging passwords, tokens, PII, full requests","Debug logging of secrets in production paths"], + "Redact sensitive fields; scope debug logging","Credential/PII exposure via logs"), +_code("code_sql_orm_raw","Source ORM Raw-Query Reviewer","unsafe raw ORM queries","CWE-89","High", + ["`.raw()`, `.extra()`, query builders with string interpolation","Raw fragments mixing user input"], + "Use parameter binding even in raw queries","SQL injection via ORM"), +_code("code_file_upload","Source File Upload Reviewer","insecure file upload handling","CWE-434","High", + ["No type/extension/content validation; user-controlled filenames/paths","Uploads served from executable directories"], + "Validate type/size; randomize names; store outside webroot","Webshell upload, RCE"), +_code("code_mass_assignment","Source Mass Assignment Reviewer","mass assignment / over-binding","CWE-915","High", + ["Binding whole request body to models (`Model(**request)`, `update_attributes`)","No allowlist of bindable fields"], + "Allowlist bindable fields; use DTOs","Privilege escalation via hidden fields"), +_code("code_jwt_misuse","Source JWT Misuse Reviewer","JWT verification flaws","CWE-347","High", + ["`verify=False`, alg `none` accepted, secret not validated","Algorithm not pinned; weak/hardcoded secret"], + "Pin algorithm; verify signature; strong secret/keys","Token forgery, auth bypass"), +_code("code_cors_misconfig","Source CORS Misconfiguration Reviewer","permissive CORS","CWE-942","Medium", + ["`Access-Control-Allow-Origin: *` with credentials; reflecting Origin","Wildcard or unchecked origin allowlists"], + "Strict origin allowlist; never reflect Origin with credentials","Cross-origin data theft"), +_code("code_ssrf_redirect","Source SSRF-via-Redirect Reviewer","SSRF through redirect following","CWE-918","Medium", + ["HTTP clients following redirects to user-controlled URLs","No re-validation of redirect targets against allowlist"], + "Disable/limit redirects; re-validate each hop","Internal access via redirect"), +] + + +def main(): + rdir = os.path.join(ROOT, "agents_md", "recon") + cdir = os.path.join(ROOT, "agents_md", "code") + os.makedirs(rdir, exist_ok=True) + os.makedirs(cdir, exist_ok=True) + for a in RECON: + open(os.path.join(rdir, a["name"] + ".md"), "w").write(render(a, code=False)) + for a in CODE: + open(os.path.join(cdir, a["name"] + ".md"), "w").write(render(a, code=True)) + print(f"recon agents: {len(RECON)} | code agents: {len(CODE)}") + + +if __name__ == "__main__": + main()