diff --git a/.gitignore b/.gitignore index cf122ae..be64726 100644 --- a/.gitignore +++ b/.gitignore @@ -91,3 +91,6 @@ logs/webgui.log # generated reports reports/report.* reports/*.pdf + +# Rust build artifacts (v3.4.0) +neurosploit-rs/target/ diff --git a/README.md b/README.md index c7128c2..5a70bc7 100755 --- a/README.md +++ b/README.md @@ -19,6 +19,21 @@ and a **reinforcement-learning** loop that gets smarter every run. > The previous Python orchestration now lives in [`legacy/`](legacy/README.md). +> **πŸ¦€ v3.4.0 β€” Rust multi-model harness.** A new high-performance harness lives +> in [`neurosploit-rs/`](neurosploit-rs/): a single Rust binary (`tokio` + `axum`) +> that drives a **pool of LLM models** with concurrency, **provider failover**, +> and **N-model validator voting** (N models must agree a finding is real before +> it counts). It serves its own solid web dashboard. Build & run: +> ```bash +> cd neurosploit-rs && cargo build --release +> ./target/release/neurosploit serve # web dashboard β†’ :8788 +> ./target/release/neurosploit run https://target.example --model anthropic:claude-opus-4-8 --model openai:gpt-5.1 +> ./target/release/neurosploit run https://t.example --offline # pipeline self-test, no API keys +> ``` +> 11 OpenAI-compatible providers / 31 models (Claude, GPT, Grok, NVIDIA NIM, +> DeepSeek, Mistral, Qwen, Groq, Together, OpenRouter, Ollama). Reads the same +> `agents_md/` library (213 agents). + --- ## Why this architecture diff --git a/RELEASE.md b/RELEASE.md index 78ad5cb..f13ea68 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,49 @@ +# NeuroSploit v3.4.0 β€” Release Notes + +**Release Date:** June 2026 +**Codename:** Rust Multi-Model Harness +**License:** MIT + +--- + +## TL;DR + +A new **Rust harness** (`neurosploit-rs/`) re-implements the autonomous runtime +as a single, fast binary built on `tokio` + `axum`. It drives a **pool of LLM +models** with concurrency limits, **provider failover**, and **N-model validator +voting** β€” multiple models must independently agree a finding is real before it +is reported β€” then serves its own solid web dashboard. It reuses the existing +`agents_md/` library (213 agents) unchanged. + +## Highlights + +- **`neurosploit-rs/` cargo workspace**: `harness` lib crate + `neurosploit` + binary. `cargo build --release` β†’ one static-ish binary. +- **Multi-model pool** (`pool.rs`): bounded concurrency + automatic **failover** + across providers; the same panel is reused as the **validator voting** jury. +- **Pipeline** (`pipeline.rs`): recon β†’ parallel agent exploitation (semaphore + bounded) β†’ **N-model adversarial vote** β†’ score β†’ report. Streams live + progress over a channel. +- **11 providers / 31 models** (`models.rs`), all OpenAI-compatible: Anthropic, + OpenAI, xAI, NVIDIA NIM, DeepSeek, Mistral, Qwen, Groq, Together, OpenRouter, + Ollama. Models like **Qwen / DeepSeek / Llama** usable directly. +- **Axum web dashboard** (`app/`): multi-model selection panel, live execution + console, findings, agent browser, embedded HTML report. Single binary serves + the SPA β€” no npm/build. +- **CLI**: `neurosploit serve | run | agents | models`, plus `--offline` + mode to exercise the full pipeline without any API keys. + +## Usage + +```bash +cd neurosploit-rs && cargo build --release +./target/release/neurosploit serve # β†’ http://127.0.0.1:8788 +./target/release/neurosploit run https://t.example \ + --model anthropic:claude-opus-4-8 --model openai:gpt-5.1 --vote-n 3 +``` + +--- + # NeuroSploit v3.3.0 β€” Release Notes **Release Date:** June 2026 diff --git a/neurosploit-rs/Cargo.lock b/neurosploit-rs/Cargo.lock new file mode 100644 index 0000000..3d1d7ef --- /dev/null +++ b/neurosploit-rs/Cargo.lock @@ -0,0 +1,2019 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys 0.61.2", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "async-trait" +version = "0.1.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "axum" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f" +dependencies = [ + "async-trait", + "axum-core", + "base64", + "bytes", + "futures-util", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-util", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "rustversion", + "serde", + "serde_json", + "serde_path_to_error", + "serde_urlencoded", + "sha1", + "sync_wrapper", + "tokio", + "tokio-tungstenite", + "tower", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-core" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199" +dependencies = [ + "async-trait", + "bytes", + "futures-util", + "http", + "http-body", + "http-body-util", + "mime", + "pin-project-lite", + "rustversion", + "sync_wrapper", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "bitflags" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4388bee8683e3d04af747c73422af53102d2bd24d9eadb6cbc100baef4b43f8" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.20.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72f5acc6cb2ba439de613abc23857ec3d78374d8ed5ac84e9d11336e87da8649" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "bytes" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ae3f5d315924270530207e2a68396c3cc547f6dca3fbdca317cfb1a51edb593" + +[[package]] +name = "cc" +version = "1.2.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e228eec9be7c17ccb640b59b36a5cd805ea2a564a4c5e162c2f659fea30d3b96" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + +[[package]] +name = "clap" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2ce8604710f6733aa641a2b3731eaa1e8b3d9973d5e3565da11800813f997a9" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "data-encoding" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4ae5f15dda3c708c0ade84bfee31ccab44a3da4f88015ed22f63732abe300c8" + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", +] + +[[package]] +name = "displaydoc" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ac70aa55017e108007fbaf5aa0f54b021c98f92ff8af59d42eda9da96e3dd4f" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-executor" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718" + +[[package]] +name = "futures-macro" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-macro", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "slab", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "r-efi 5.3.0", + "wasip2", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "300e883d756b2e4ec94e02791f39b04b522276138852cfc41d9fb7e904106099" +dependencies = [ + "cfg-if", + "libc", + "r-efi 6.0.0", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "http" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6970f50e31d6fc17d3fa27329444bfa74e196cf62e95052a3f6fee181dba6425" +dependencies = [ + "bytes", + "itoa", +] + +[[package]] +name = "http-body" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" +dependencies = [ + "bytes", + "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hyper" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55281c53a1894c864990125767da440a4e630446785086f52523b20033b74498" +dependencies = [ + "atomic-waker", + "bytes", + "futures-channel", + "futures-core", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "smallvec", + "tokio", + "want", +] + +[[package]] +name = "hyper-rustls" +version = "0.27.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33ca68d021ef39cf6463ab54c1d0f5daf03377b70561305bb89a8f83aab66e0f" +dependencies = [ + "http", + "hyper", + "hyper-util", + "rustls", + "tokio", + "tokio-rustls", + "tower-service", + "webpki-roots", +] + +[[package]] +name = "hyper-util" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +dependencies = [ + "base64", + "bytes", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "ipnet", + "libc", + "percent-encoding", + "pin-project-lite", + "socket2", + "tokio", + "tower-service", + "tracing", +] + +[[package]] +name = "icu_collections" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c" +dependencies = [ + "displaydoc", + "potential_utf", + "utf8_iter", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38" + +[[package]] +name = "icu_properties" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14" + +[[package]] +name = "icu_provider" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "ipnet" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "js-sys" +version = "0.3.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03d04c30968dffe80775bd4d7fb676131cd04a1fb46d2686dbffbaec2d9dfd31" +dependencies = [ + "cfg-if", + "futures-util", + "wasm-bindgen", +] + +[[package]] +name = "libc" +version = "0.2.186" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" + +[[package]] +name = "litemap" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ceec5bc11778974d1bcb055b18002eba7f4b3518b6a0081b3af5f21666da9ad" + +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + +[[package]] +name = "matchit" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94" + +[[package]] +name = "memchr" +version = "2.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88904434abc2901f197fe8cc55f0445e7ded921dba5911dad2e2b39b48e663c4" + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "mio" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02bd0af71c67b473010cbbc60715ee815645a4dc942899111f494b4b737d6fda" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "neurosploit" +version = "3.4.0" +dependencies = [ + "anyhow", + "axum", + "clap", + "futures", + "neurosploit-harness", + "serde", + "serde_json", + "tokio", + "tower-http 0.5.2", + "uuid", +] + +[[package]] +name = "neurosploit-harness" +version = "3.4.0" +dependencies = [ + "anyhow", + "futures", + "regex", + "reqwest", + "serde", + "serde_json", + "tokio", + "walkdir", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "potential_utf" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564" +dependencies = [ + "zerovec", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2", + "thiserror 2.0.18", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +dependencies = [ + "bytes", + "getrandom 0.3.4", + "lru-slab", + "rand 0.9.4", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "slab", + "thiserror 2.0.18", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.60.2", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "rand" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rand_core" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +dependencies = [ + "getrandom 0.3.4", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "regex" +version = "1.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1292b7759ae1cb9ec195452d1390a074f0cd8541ab7a5a8c31cd6db45d4a6ba" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6f6ff9a378485b298a5286656da665ba74413d36db0979633275d2e708145d4" + +[[package]] +name = "reqwest" +version = "0.12.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +dependencies = [ + "base64", + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-rustls", + "hyper-util", + "js-sys", + "log", + "percent-encoding", + "pin-project-lite", + "quinn", + "rustls", + "rustls-pki-types", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tokio-rustls", + "tower", + "tower-http 0.6.11", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", + "webpki-roots", +] + +[[package]] +name = "ring" +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +dependencies = [ + "cc", + "cfg-if", + "getrandom 0.2.17", + "libc", + "untrusted", + "windows-sys 0.52.0", +] + +[[package]] +name = "rustc-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe" + +[[package]] +name = "rustls" +version = "0.23.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b" +dependencies = [ + "once_cell", + "ring", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-pki-types" +version = "1.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30a7197ae7eb376e574fe940d068c30fe0462554a3ddbe4eca7838e049c937a9" +dependencies = [ + "web-time", + "zeroize", +] + +[[package]] +name = "rustls-webpki" +version = "0.103.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.150" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8014e44b4736ed0538adeecded0fce2a272f22dc9578a7eb6b2d9993c74cfb9" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_path_to_error" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" +dependencies = [ + "itoa", + "serde", + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha1" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "shlex" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8fadd59c855ef2080decdef8ff161eb6661b86933c9d82e5ba29dc602a55aba" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ed6a63f02c8539c91a8685a86f4099661ba3da017932f6ebbea6de3f0fa7c90" + +[[package]] +name = "socket2" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52d1cfed4120b4d927bf7c0f86d2087a4a7d6027c906d9f9d525a80573b9be51" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9ae57f904213ebb649ce6895b8a66c66f0203b9319718f69a5612a065b1422" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" +dependencies = [ + "futures-core", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl 1.0.69", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl 2.0.18", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tinystr" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.52.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-rustls" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61" +dependencies = [ + "rustls", + "tokio", +] + +[[package]] +name = "tokio-tungstenite" +version = "0.24.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edc5f74e248dc973e0dbb7b74c7e0d6fcc301c694ff50049504004ef4d0cdcd9" +dependencies = [ + "futures-util", + "log", + "tokio", + "tungstenite", +] + +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-http" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5" +dependencies = [ + "bitflags", + "bytes", + "http", + "http-body", + "http-body-util", + "pin-project-lite", + "tower-layer", + "tower-service", +] + +[[package]] +name = "tower-http" +version = "0.6.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cfcf7e2740e6fc6d4d688b4ef00650406bb94adf4731e43c096c3a19fe40840" +dependencies = [ + "bitflags", + "bytes", + "futures-util", + "http", + "http-body", + "pin-project-lite", + "tower", + "tower-layer", + "tower-service", + "url", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-core", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + +[[package]] +name = "tungstenite" +version = "0.24.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18e5b8366ee7a95b16d32197d0b2604b43a0be89dc5fac9f8e96ccafbaedda8a" +dependencies = [ + "byteorder", + "bytes", + "data-encoding", + "http", + "httparse", + "log", + "rand 0.8.6", + "sha1", + "thiserror 1.0.69", + "utf-8", +] + +[[package]] +name = "typenum" +version = "1.20.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6f5e870be6c3b371b77fe0ee0bafb859fa4964b4404c27de1d380043c4dda20" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "utf-8" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "uuid" +version = "1.23.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "144d6b123cef80b301b8f72a9e2ca4370ddec21950d0a103dd22c437006d2db7" +dependencies = [ + "getrandom 0.4.3", + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.4+wasi-0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b67efb37e106e55ce722a510d6b5f9c17f083e5fc79afc2badeb12cc313d9487" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.125" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ddb3f79143bced6de84270411622a2699cee572fc0875aeaf1e7867cf9fca1a" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.75" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "503b14d284f2c8dac03b819967e155ea753f573586193b2b2c95990cb5d69280" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.125" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e21a184b13fb19e157296e2c46056aec9092264fab83e4ba59e68c61b323c3d" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.125" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fecefd9c35bd935a20fc3fc344b5f29138961e4f47fb03297d88f2587afb5ebd" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.125" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23939e44bb9a5d7576fa2b563dc2e136628f1224e88a8deed09e04858b77871f" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "web-sys" +version = "0.3.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6430a72df5eb332242960fe84b3002a241163998241eb596d4f739b9757061d" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "1.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf85cb06032201fa7c6f829d7db5a7e5aa45bcc0655327713065f6f0576731bf" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "winapi-util" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" +dependencies = [ + "windows-targets 0.53.5", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm 0.52.6", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.53.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" +dependencies = [ + "windows-link", + "windows_aarch64_gnullvm 0.53.1", + "windows_aarch64_msvc 0.53.1", + "windows_i686_gnu 0.53.1", + "windows_i686_gnullvm 0.53.1", + "windows_i686_msvc 0.53.1", + "windows_x86_64_gnu 0.53.1", + "windows_x86_64_gnullvm 0.53.1", + "windows_x86_64_msvc 0.53.1", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "writeable" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4" + +[[package]] +name = "yoke" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "709fe23a0424b6a435d82152b1bd3fdfb0833487d5fa90d05d42762a9891fef5" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.52" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce1022995ff5ff5d841ad7d994facc23098cd40152f2c1d11cd607c6f530653f" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.52" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ae7f38b72ec2a254e2b87ef277cf2cd4fb97cbebf944faa6f33354da0867930" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ec05a11813ea801ff6d75110ad09cd0824ddba17dfe17128ea0d5f68e6c5272" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13c156562582aa81c60cb29407084cdb54c4164760106ab78e6c5b0858cf64e" + +[[package]] +name = "zerotrie" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/neurosploit-rs/Cargo.toml b/neurosploit-rs/Cargo.toml new file mode 100644 index 0000000..e9aa091 --- /dev/null +++ b/neurosploit-rs/Cargo.toml @@ -0,0 +1,21 @@ +[workspace] +members = ["crates/harness", "app"] +resolver = "2" + +[workspace.package] +version = "3.4.0" +edition = "2021" +license = "MIT" +repository = "https://github.com/JoasASantos/NeuroSploit" + +[workspace.dependencies] +serde = { version = "1", features = ["derive"] } +serde_json = "1" +tokio = { version = "1", features = ["full"] } +reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] } +anyhow = "1" +futures = "0.3" + +[profile.release] +opt-level = 2 +lto = "thin" diff --git a/neurosploit-rs/app/Cargo.toml b/neurosploit-rs/app/Cargo.toml new file mode 100644 index 0000000..0cb2b19 --- /dev/null +++ b/neurosploit-rs/app/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "neurosploit" +version.workspace = true +edition.workspace = true +license.workspace = true + +[[bin]] +name = "neurosploit" +path = "src/main.rs" + +[dependencies] +harness = { package = "neurosploit-harness", path = "../crates/harness" } +serde.workspace = true +serde_json.workspace = true +tokio.workspace = true +anyhow.workspace = true +futures.workspace = true +axum = { version = "0.7", features = ["ws"] } +tower-http = { version = "0.5", features = ["cors"] } +clap = { version = "4", features = ["derive"] } +uuid = { version = "1", features = ["v4"] } diff --git a/neurosploit-rs/app/src/main.rs b/neurosploit-rs/app/src/main.rs new file mode 100644 index 0000000..fa86e1f --- /dev/null +++ b/neurosploit-rs/app/src/main.rs @@ -0,0 +1,122 @@ +//! NeuroSploit v3.4.0 β€” single binary: `serve` (web dashboard) or `run` (CLI). + +mod web; + +use clap::{Parser, Subcommand}; +use harness::{agents, models::ModelRef, pool::ModelPool, report, types::RunConfig}; +use std::path::PathBuf; + +#[derive(Parser)] +#[command(name = "neurosploit", version, about = "NeuroSploit v3.4.0 β€” multi-model autonomous pentest harness")] +struct Cli { + #[command(subcommand)] + cmd: Cmd, +} + +#[derive(Subcommand)] +enum Cmd { + /// Start the web dashboard. + Serve { + #[arg(long, default_value_t = 8788)] + port: u16, + }, + /// Run an engagement from the CLI. + Run { + url: String, + /// Models as provider:model (repeatable). First is primary; rest fail over + vote. + #[arg(long = "model")] + models: Vec, + #[arg(long, default_value_t = 0)] + max_agents: usize, + #[arg(long, default_value_t = 3)] + vote_n: usize, + /// Exercise the pipeline without calling any model API. + #[arg(long)] + offline: bool, + }, + /// Show agent library counts. + Agents, + /// List providers and models. + Models, +} + +/// Locate the repo root that holds `agents_md/` (walk up from CWD, then fall +/// back to the crate's compile-time location). +fn find_base() -> PathBuf { + if let Ok(b) = std::env::var("NEUROSPLOIT_BASE") { + return PathBuf::from(b); + } + if let Ok(cwd) = std::env::current_dir() { + let mut dir = cwd.as_path(); + for _ in 0..6 { + if dir.join("agents_md").is_dir() { + return dir.to_path_buf(); + } + match dir.parent() { + Some(p) => dir = p, + None => break, + } + } + } + // crate is at /neurosploit-rs/app β†’ root is two levels up + PathBuf::from(env!("CARGO_MANIFEST_DIR")) + .parent() + .and_then(|p| p.parent()) + .map(|p| p.to_path_buf()) + .unwrap_or_else(|| PathBuf::from(".")) +} + +#[tokio::main] +async fn main() -> anyhow::Result<()> { + let cli = Cli::parse(); + let base = find_base(); + + match cli.cmd { + Cmd::Agents => { + let lib = agents::load(&base); + println!("{{\"vulns\":{},\"meta\":{},\"total\":{}}}", lib.vulns.len(), lib.meta.len(), lib.total()); + } + Cmd::Models => { + for p in harness::providers() { + println!("{:<4} {:<14} {} models [{}]", p.kind, p.key, p.models.len(), p.label); + for m in &p.models { + println!(" {}:{}", p.key, m); + } + } + } + Cmd::Run { url, models, max_agents, vote_n, offline } => { + let url = if url.starts_with("http") { url } else { format!("https://{url}") }; + let mut cfg = RunConfig::new(&url); + cfg.max_agents = max_agents; + cfg.vote_n = vote_n; + cfg.offline = offline; + if !models.is_empty() { + cfg.models = models; + } + let lib = agents::load(&base); + let refs: Vec = cfg.models.iter().map(|s| ModelRef::parse(s)).collect(); + let pool = ModelPool::new(refs, cfg.concurrency); + + let (tx, mut rx) = tokio::sync::mpsc::channel::(256); + let printer = tokio::spawn(async move { + while let Some(line) = rx.recv().await { + println!(" [*] {line}"); + } + }); + let out = harness::run(cfg.clone(), &lib, &pool, tx).await; + let _ = printer.await; + + println!("\n=== {} validated finding(s) ===", out.findings.len()); + println!("{}", serde_json::to_string_pretty(&out.findings)?); + let html = report::html(&url, &out.findings); + std::fs::create_dir_all(base.join("reports")).ok(); + let rp = base.join("reports").join("report_rs.html"); + std::fs::write(&rp, html).ok(); + println!("report β†’ {}", rp.display()); + } + Cmd::Serve { port } => { + web::serve(base, port).await?; + } + } + Ok(()) +} diff --git a/neurosploit-rs/app/src/web.rs b/neurosploit-rs/app/src/web.rs new file mode 100644 index 0000000..488fa73 --- /dev/null +++ b/neurosploit-rs/app/src/web.rs @@ -0,0 +1,196 @@ +//! Axum web dashboard for the v3.4.0 harness. + +use axum::{ + extract::{Path, State}, + response::Html, + routing::{get, post}, + Json, Router, +}; +use harness::{agents, models::ModelRef, pool::ModelPool, report, types::RunConfig}; +use serde_json::{json, Value}; +use std::{ + collections::HashMap, + path::PathBuf, + sync::{Arc, Mutex}, +}; + +struct RunState { + log: Vec, + done: bool, + result: Option, + report: Option, +} + +pub struct AppState { + base: PathBuf, + runs: Mutex>, +} + +pub async fn serve(base: PathBuf, port: u16) -> anyhow::Result<()> { + let state = Arc::new(AppState { base, runs: Mutex::new(HashMap::new()) }); + let app = Router::new() + .route("/", get(index)) + .route("/api/info", get(info)) + .route("/api/agents", get(agents_list)) + .route("/api/models", get(models_list)) + .route("/api/run", post(run)) + .route("/api/status/:id", get(status)) + .route("/report/:id", get(report_html)) + .with_state(state); + + let addr = format!("127.0.0.1:{port}"); + println!("NeuroSploit v3.4.0 dashboard β†’ http://{addr}"); + let listener = tokio::net::TcpListener::bind(&addr).await?; + axum::serve(listener, app).await?; + Ok(()) +} + +async fn index() -> Html<&'static str> { + Html(include_str!("../web/index.html")) +} + +async fn info(State(st): State>) -> Json { + let lib = agents::load(&st.base); + let provs: Vec = harness::providers() + .iter() + .map(|p| json!({"key": p.key, "label": p.label, "kind": p.kind, "models": p.models})) + .collect(); + Json(json!({ + "version": "3.4.0", + "agents": {"vulns": lib.vulns.len(), "meta": lib.meta.len(), "total": lib.total()}, + "providers": provs, + })) +} + +async fn agents_list(State(st): State>) -> Json { + let lib = agents::load(&st.base); + let v: Vec = lib + .vulns + .iter() + .chain(lib.meta.iter()) + .map(|a| json!({"name": a.name, "title": a.title, "cwe": a.cwe, "kind": a.kind})) + .collect(); + Json(json!({ "agents": v })) +} + +async fn models_list() -> Json { + let provs: Vec = harness::providers() + .iter() + .map(|p| json!({"key": p.key, "label": p.label, "kind": p.kind, "models": p.models})) + .collect(); + Json(json!({ "providers": provs })) +} + +fn norm(u: &str) -> String { + if u.starts_with("http") { + u.to_string() + } else { + format!("https://{u}") + } +} + +async fn run(State(st): State>, Json(body): Json) -> Json { + let id = uuid::Uuid::new_v4().to_string(); + st.runs + .lock() + .unwrap() + .insert(id.clone(), RunState { log: vec![], done: false, result: None, report: None }); + + let st2 = st.clone(); + let id2 = id.clone(); + tokio::spawn(async move { + let base = st2.base.clone(); + + let mut targets: Vec = Vec::new(); + if let Some(arr) = body.get("targets").and_then(|v| v.as_array()) { + for t in arr { + if let Some(s) = t.as_str() { + if !s.trim().is_empty() { + targets.push(norm(s.trim())); + } + } + } + } + if targets.is_empty() { + if let Some(u) = body.get("url").and_then(|v| v.as_str()) { + if !u.trim().is_empty() { + targets.push(norm(u.trim())); + } + } + } + let models: Vec = body + .get("models") + .and_then(|v| v.as_array()) + .map(|a| a.iter().filter_map(|x| x.as_str().map(|s| s.to_string())).collect()) + .unwrap_or_default(); + let vote_n = body.get("vote_n").and_then(|v| v.as_u64()).unwrap_or(3) as usize; + let max_agents = body.get("max_agents").and_then(|v| v.as_u64()).unwrap_or(0) as usize; + let offline = body.get("offline").and_then(|v| v.as_bool()).unwrap_or(false); + + let lib = agents::load(&base); + let refs: Vec = if models.is_empty() { + vec![ModelRef::parse("anthropic:claude-opus-4-8")] + } else { + models.iter().map(|s| ModelRef::parse(s)).collect() + }; + let pool = ModelPool::new(refs, 8); + + let (tx, mut rx) = tokio::sync::mpsc::channel::(256); + let stf = st2.clone(); + let idf = id2.clone(); + let fwd = tokio::spawn(async move { + while let Some(line) = rx.recv().await { + if let Ok(mut g) = stf.runs.lock() { + if let Some(r) = g.get_mut(&idf) { + r.log.push(line); + } + } + } + }); + + let mut all_findings = Vec::new(); + let mut all_ran = Vec::new(); + for url in &targets { + let mut cfg = RunConfig::new(url); + cfg.models = if models.is_empty() { + vec!["anthropic:claude-opus-4-8".into()] + } else { + models.clone() + }; + cfg.vote_n = vote_n; + cfg.max_agents = max_agents; + cfg.offline = offline; + let _ = tx.send(format!("=== target: {url} ===")).await; + let out = harness::run(cfg, &lib, &pool, tx.clone()).await; + all_findings.extend(out.findings); + all_ran.extend(out.agents_ran); + } + drop(tx); + let _ = fwd.await; + + let report_html = report::html(targets.first().map(|s| s.as_str()).unwrap_or(""), &all_findings); + let result = json!({"findings": all_findings, "agents_ran": all_ran, "targets": targets}); + if let Ok(mut g) = st2.runs.lock() { + if let Some(r) = g.get_mut(&id2) { + r.result = Some(result); + r.report = Some(report_html); + r.done = true; + } + } + }); + + Json(json!({ "run_id": id })) +} + +async fn status(Path(id): Path, State(st): State>) -> Json { + let g = st.runs.lock().unwrap(); + match g.get(&id) { + Some(r) => Json(json!({"log": r.log, "done": r.done, "result": r.result, "has_report": r.report.is_some()})), + None => Json(json!({"error": "unknown run"})), + } +} + +async fn report_html(Path(id): Path, State(st): State>) -> Html { + let g = st.runs.lock().unwrap(); + Html(g.get(&id).and_then(|r| r.report.clone()).unwrap_or_else(|| "

no report

".into())) +} diff --git a/neurosploit-rs/app/web/index.html b/neurosploit-rs/app/web/index.html new file mode 100644 index 0000000..4365761 --- /dev/null +++ b/neurosploit-rs/app/web/index.html @@ -0,0 +1,170 @@ + + + + + +NeuroSploit v3.4.0 + + + + +
+
+

Run engagement

Parallel agents Β· provider failover Β· N-model validator voting.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

Agent library

…
+
+
+
+

Models

OpenAI-compatible providers β€” CLI & API.
+
+
+
+

Report

Last engagement.
+
Run an engagement to generate a report.
+
+
+ + + diff --git a/neurosploit-rs/crates/harness/Cargo.toml b/neurosploit-rs/crates/harness/Cargo.toml new file mode 100644 index 0000000..dcc226b --- /dev/null +++ b/neurosploit-rs/crates/harness/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "neurosploit-harness" +version.workspace = true +edition.workspace = true +license.workspace = true + +[lib] +name = "harness" +path = "src/lib.rs" + +[dependencies] +serde.workspace = true +serde_json.workspace = true +tokio.workspace = true +reqwest.workspace = true +anyhow.workspace = true +futures.workspace = true +walkdir = "2" +regex = "1" diff --git a/neurosploit-rs/crates/harness/src/agents.rs b/neurosploit-rs/crates/harness/src/agents.rs new file mode 100644 index 0000000..66fed7c --- /dev/null +++ b/neurosploit-rs/crates/harness/src/agents.rs @@ -0,0 +1,77 @@ +use regex::Regex; +use serde::Serialize; +use std::path::Path; +use walkdir::WalkDir; + +/// One markdown specialist/meta agent. +#[derive(Clone, Debug, Serialize)] +pub struct Agent { + pub name: String, + pub title: String, + pub cwe: String, + pub kind: String, // "vuln" | "meta" + #[serde(skip)] + pub system: String, + #[serde(skip)] + pub user: String, +} + +/// The loaded `agents_md/` library. +#[derive(Default)] +pub struct Library { + pub vulns: Vec, + pub meta: Vec, +} + +impl Library { + pub fn total(&self) -> usize { + self.vulns.len() + self.meta.len() + } +} + +/// Load `/agents_md/{vulns,meta}/*.md`. +pub fn load(base: &Path) -> Library { + let root = base.join("agents_md"); + Library { + vulns: load_dir(&root.join("vulns"), "vuln"), + meta: load_dir(&root.join("meta"), "meta"), + } +} + +fn load_dir(dir: &Path, kind: &str) -> Vec { + let title_re = Regex::new(r"(?m)^#\s+(.+?)\s*$").unwrap(); + let cwe_re = Regex::new(r"CWE-\d+").unwrap(); + let user_re = Regex::new(r"(?s)##\s*User Prompt\s*\n(.*?)(?:\n##\s|\z)").unwrap(); + let sys_re = Regex::new(r"(?s)##\s*System Prompt\s*\n(.*?)(?:\n##\s|\z)").unwrap(); + let mut out = Vec::new(); + if !dir.is_dir() { + return out; + } + for entry in WalkDir::new(dir).max_depth(1).into_iter().flatten() { + let path = entry.path(); + if path.extension().and_then(|e| e.to_str()) != Some("md") { + continue; + } + let text = std::fs::read_to_string(path).unwrap_or_default(); + let name = path.file_stem().and_then(|s| s.to_str()).unwrap_or("").to_string(); + let title = title_re + .captures(&text) + .and_then(|c| c.get(1)) + .map(|m| m.as_str().trim().to_string()) + .unwrap_or_else(|| name.clone()); + let cwe = cwe_re.find(&text).map(|m| m.as_str().to_string()).unwrap_or_default(); + let user = user_re + .captures(&text) + .and_then(|c| c.get(1)) + .map(|m| m.as_str().trim().to_string()) + .unwrap_or_default(); + let system = sys_re + .captures(&text) + .and_then(|c| c.get(1)) + .map(|m| m.as_str().trim().to_string()) + .unwrap_or_default(); + out.push(Agent { name, title, cwe, kind: kind.to_string(), system, user }); + } + out.sort_by(|a, b| a.name.cmp(&b.name)); + out +} diff --git a/neurosploit-rs/crates/harness/src/lib.rs b/neurosploit-rs/crates/harness/src/lib.rs new file mode 100644 index 0000000..d77586d --- /dev/null +++ b/neurosploit-rs/crates/harness/src/lib.rs @@ -0,0 +1,20 @@ +//! NeuroSploit v3.4.0 harness β€” a robust multi-model runtime for the +//! markdown-driven autonomous pentest engine. +//! +//! The harness loads the `agents_md/` library, drives a *pool* of LLM models +//! (any OpenAI-compatible provider) with concurrency + provider failover, runs +//! the specialist agents in parallel, then validates every candidate finding by +//! **N-model voting** before scoring and reporting. + +pub mod agents; +pub mod models; +pub mod pipeline; +pub mod pool; +pub mod report; +pub mod types; + +pub use agents::{Agent, Library}; +pub use models::{provider_for, providers, ChatClient, ModelRef, Provider}; +pub use pipeline::run; +pub use pool::ModelPool; +pub use types::{Finding, RunConfig}; diff --git a/neurosploit-rs/crates/harness/src/models.rs b/neurosploit-rs/crates/harness/src/models.rs new file mode 100644 index 0000000..d6420a8 --- /dev/null +++ b/neurosploit-rs/crates/harness/src/models.rs @@ -0,0 +1,134 @@ +use anyhow::{anyhow, Result}; +use serde::Serialize; +use std::time::Duration; + +/// A model provider exposing an OpenAI-compatible `/chat/completions` endpoint. +#[derive(Clone, Debug, Serialize)] +pub struct Provider { + pub key: &'static str, + pub label: &'static str, + pub base_url: &'static str, + pub env_key: &'static str, + /// "cli" (also drivable by an agentic CLI) | "api" + pub kind: &'static str, + pub models: Vec<&'static str>, +} + +/// The full provider registry. Every entry speaks the OpenAI chat schema +/// (Anthropic, xAI, NVIDIA NIM, DeepSeek, Mistral, Qwen, Groq, Together, +/// OpenRouter, Gemini-compat, Ollama). +pub fn providers() -> Vec { + vec![ + Provider { key: "anthropic", label: "Anthropic Claude", base_url: "https://api.anthropic.com/v1", env_key: "ANTHROPIC_API_KEY", kind: "cli", + models: vec!["claude-opus-4-8", "claude-sonnet-4-6", "claude-haiku-4-5"] }, + Provider { key: "openai", label: "OpenAI", base_url: "https://api.openai.com/v1", env_key: "OPENAI_API_KEY", kind: "cli", + models: vec!["gpt-5.1", "o4"] }, + Provider { key: "xai", label: "xAI Grok", base_url: "https://api.x.ai/v1", env_key: "XAI_API_KEY", kind: "cli", + models: vec!["grok-4", "grok-4-fast"] }, + Provider { key: "nvidia_nim", label: "NVIDIA NIM", base_url: "https://integrate.api.nvidia.com/v1", env_key: "NVIDIA_NIM_API_KEY", kind: "api", + models: vec!["nvidia/llama-3.3-nemotron-super-49b-v1", "deepseek-ai/deepseek-r1", "qwen/qwen2.5-coder-32b-instruct"] }, + Provider { key: "deepseek", label: "DeepSeek", base_url: "https://api.deepseek.com/v1", env_key: "DEEPSEEK_API_KEY", kind: "api", + models: vec!["deepseek-reasoner", "deepseek-chat"] }, + Provider { key: "mistral", label: "Mistral", base_url: "https://api.mistral.ai/v1", env_key: "MISTRAL_API_KEY", kind: "api", + models: vec!["mistral-large-latest", "codestral-latest"] }, + Provider { key: "qwen", label: "Qwen (DashScope)", base_url: "https://dashscope-intl.aliyuncs.com/compatible-mode/v1", env_key: "DASHSCOPE_API_KEY", kind: "api", + models: vec!["qwen-max", "qwen2.5-coder-32b-instruct", "qwq-plus"] }, + Provider { key: "groq", label: "Groq", base_url: "https://api.groq.com/openai/v1", env_key: "GROQ_API_KEY", kind: "api", + models: vec!["llama-3.3-70b-versatile", "qwen-2.5-coder-32b"] }, + Provider { key: "together", label: "Together AI", base_url: "https://api.together.xyz/v1", env_key: "TOGETHER_API_KEY", kind: "api", + models: vec!["Qwen/Qwen2.5-Coder-32B-Instruct", "deepseek-ai/DeepSeek-R1", "meta-llama/Llama-3.3-70B-Instruct-Turbo"] }, + Provider { key: "openrouter", label: "OpenRouter", base_url: "https://openrouter.ai/api/v1", env_key: "OPENROUTER_API_KEY", kind: "api", + models: vec!["anthropic/claude-opus-4-8", "qwen/qwen-2.5-coder-32b-instruct", "deepseek/deepseek-r1", "meta-llama/llama-3.3-70b-instruct"] }, + Provider { key: "ollama", label: "Ollama (local)", base_url: "http://localhost:11434/v1", env_key: "OLLAMA_API_KEY", kind: "api", + models: vec!["qwen2.5-coder:32b", "qwq:32b", "deepseek-r1:32b", "llama3.3:70b"] }, + ] +} + +pub fn provider_for(key: &str) -> Option { + providers().into_iter().find(|p| p.key == key) +} + +/// A `provider:model` selection. +#[derive(Clone, Debug)] +pub struct ModelRef { + pub provider: String, + pub model: String, +} + +impl ModelRef { + pub fn parse(s: &str) -> ModelRef { + match s.split_once(':') { + Some((p, m)) => ModelRef { provider: p.to_string(), model: m.to_string() }, + None => ModelRef { provider: "anthropic".into(), model: s.to_string() }, + } + } + pub fn label(&self) -> String { + format!("{}:{}", self.provider, self.model) + } +} + +/// OpenAI-compatible chat client shared across the model pool. +#[derive(Clone)] +pub struct ChatClient { + http: reqwest::Client, +} + +impl ChatClient { + pub fn new() -> Self { + let http = reqwest::Client::builder() + .timeout(Duration::from_secs(120)) + .build() + .unwrap_or_else(|_| reqwest::Client::new()); + ChatClient { http } + } + + /// One chat completion. Errors (missing key, network, non-2xx) propagate so + /// the pool can fail over to the next candidate model. + pub async fn chat(&self, m: &ModelRef, system: &str, user: &str) -> Result { + let p = provider_for(&m.provider) + .ok_or_else(|| anyhow!("unknown provider '{}'", m.provider))?; + let key = std::env::var(p.env_key).unwrap_or_default(); + if key.is_empty() && p.key != "ollama" { + return Err(anyhow!("no API key ({}) for provider '{}'", p.env_key, p.key)); + } + let url = format!("{}/chat/completions", p.base_url.trim_end_matches('/')); + let body = serde_json::json!({ + "model": m.model, + "max_tokens": 4096, + "temperature": 0.2, + "messages": [ + {"role": "system", "content": system}, + {"role": "user", "content": user} + ] + }); + let mut req = self.http.post(&url).json(&body); + if !key.is_empty() { + req = req.bearer_auth(&key); + } + let resp = req.send().await?; + let status = resp.status(); + let text = resp.text().await.unwrap_or_default(); + if !status.is_success() { + return Err(anyhow!("{} returned {}: {}", p.key, status, truncate(&text, 200))); + } + let v: serde_json::Value = serde_json::from_str(&text)?; + let content = v["choices"][0]["message"]["content"] + .as_str() + .ok_or_else(|| anyhow!("no content in response"))?; + Ok(content.to_string()) + } +} + +impl Default for ChatClient { + fn default() -> Self { + Self::new() + } +} + +fn truncate(s: &str, n: usize) -> String { + if s.len() <= n { + s.to_string() + } else { + format!("{}…", &s[..n]) + } +} diff --git a/neurosploit-rs/crates/harness/src/pipeline.rs b/neurosploit-rs/crates/harness/src/pipeline.rs new file mode 100644 index 0000000..41d26bc --- /dev/null +++ b/neurosploit-rs/crates/harness/src/pipeline.rs @@ -0,0 +1,161 @@ +use crate::agents::{Agent, Library}; +use crate::pool::ModelPool; +use crate::types::{Finding, RunConfig}; +use futures::stream::{self, StreamExt}; +use serde::Serialize; +use tokio::sync::mpsc::Sender; + +/// Result of an engagement run. +#[derive(Default, Serialize)] +pub struct RunOutput { + pub findings: Vec, + pub agents_ran: Vec, + pub candidates: usize, +} + +const RECON_SYS: &str = "You are a web recon specialist. Map the target's attack surface and reply with a compact JSON object (tech, endpoints, auth, apis, ai_features). No prose."; +const VOTE_SYS: &str = "You are an adversarial security validator. Decide if the candidate finding is a REAL, reproducible, exploitable vulnerability with proof. Reply with JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}. Default to rejected when uncertain."; + +/// Run the full harness pipeline, streaming human-readable progress over `tx`. +pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender) -> RunOutput { + let _ = tx + .send(format!( + "Loaded {} agents ({} vuln / {} meta) Β· models: {} Β· vote_n={} Β· concurrency={}", + lib.total(), + lib.vulns.len(), + lib.meta.len(), + pool.candidates.iter().map(|m| m.label()).collect::>().join(", "), + cfg.vote_n, + cfg.concurrency, + )) + .await; + + // ---- 1. Recon ------------------------------------------------------- + let recon = if cfg.offline { + let _ = tx.send("recon: offline mode β€” skipping model calls".into()).await; + "{}".to_string() + } else { + match pool.complete(RECON_SYS, &format!("Target: {}", cfg.target)).await { + Ok((m, t)) => { + let _ = tx.send(format!("recon complete via {}", m.label())).await; + t + } + Err(e) => { + let _ = tx.send(format!("recon failed ({e}) β€” continuing with empty recon")).await; + "{}".to_string() + } + } + }; + + // ---- 2. Select agents ---------------------------------------------- + let cap = if cfg.max_agents > 0 { cfg.max_agents } else { lib.vulns.len() }; + let selected: Vec = lib.vulns.iter().take(cap).cloned().collect(); + let _ = tx.send(format!("selected {} specialist agents", selected.len())).await; + + if cfg.offline { + let _ = tx.send("offline: no exploitation performed (provide API keys to run live)".into()).await; + return RunOutput { + findings: vec![], + agents_ran: selected.iter().map(|a| a.name.clone()).collect(), + candidates: 0, + }; + } + + // ---- 3. Exploit (parallel, bounded by the pool semaphore) ---------- + let target = cfg.target.clone(); + let candidates: Vec = stream::iter(selected.iter().cloned()) + .map(|ag| { + let target = target.clone(); + let recon = recon.clone(); + let txc = tx.clone(); + async move { + let user = format!( + "{}\n\nReply ONLY with a JSON array of confirmed findings (may be empty []). \ + Each item: {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.", + ag.user.replace("{target}", &target).replace("{recon_json}", &recon) + ); + match pool.complete(&ag.system, &user).await { + Ok((m, text)) => { + let f = extract_findings(&text, &ag.name); + let _ = txc + .send(format!("exploit {} via {} β†’ {} candidate(s)", ag.name, m.label(), f.len())) + .await; + f + } + Err(e) => { + let _ = txc.send(format!("exploit {} failed: {e}", ag.name)).await; + vec![] + } + } + } + }) + .buffer_unordered(cfg.concurrency) + .collect::>>() + .await + .into_iter() + .flatten() + .collect(); + + let _ = tx.send(format!("{} candidate finding(s) β€” validating by {}-model vote", candidates.len(), cfg.vote_n)).await; + + // ---- 4. Validate by N-model voting --------------------------------- + let vote_n = cfg.vote_n; + let validated: Vec = stream::iter(candidates.into_iter()) + .map(|mut f| { + let txc = tx.clone(); + async move { + let q = format!( + "Finding: {} | severity {} | {} | endpoint {} | payload {} | evidence {}", + f.title, f.severity, f.cwe, f.endpoint, f.payload, f.evidence + ); + let (yes, total) = pool.vote(VOTE_SYS, &q, vote_n).await; + f.validated = total > 0 && yes * 2 >= total; + f.votes = format!("{yes}/{total}"); + if f.confidence == 0.0 && total > 0 { + f.confidence = yes as f64 / total as f64; + } + let _ = txc + .send(format!("vote {} β†’ {} ({})", f.title, if f.validated { "CONFIRMED" } else { "rejected" }, f.votes)) + .await; + f + } + }) + .buffer_unordered(cfg.concurrency) + .collect::>() + .await; + + let candidates = validated.len(); + let findings: Vec = validated.into_iter().filter(|f| f.validated).collect(); + let _ = tx.send(format!("{} validated finding(s)", findings.len())).await; + + RunOutput { + findings, + agents_ran: selected.iter().map(|a| a.name.clone()).collect(), + candidates, + } +} + +/// Pull a JSON array (or object) of findings out of a model's reply. +fn extract_findings(text: &str, agent: &str) -> Vec { + let slice = match (text.find('['), text.rfind(']')) { + (Some(a), Some(b)) if b > a => &text[a..=b], + _ => match (text.find('{'), text.rfind('}')) { + (Some(a), Some(b)) if b > a => &text[a..=b], + _ => return vec![], + }, + }; + let mut out: Vec = if let Ok(v) = serde_json::from_str::>(slice) { + v + } else if let Ok(one) = serde_json::from_str::(slice) { + vec![one] + } else { + return vec![]; + }; + for f in out.iter_mut() { + f.agent = agent.to_string(); + if f.id.is_empty() { + f.id = format!("{}-{}", agent, &f.title.chars().take(12).collect::()); + } + } + out +} diff --git a/neurosploit-rs/crates/harness/src/pool.rs b/neurosploit-rs/crates/harness/src/pool.rs new file mode 100644 index 0000000..d47f7b6 --- /dev/null +++ b/neurosploit-rs/crates/harness/src/pool.rs @@ -0,0 +1,68 @@ +use crate::models::{ChatClient, ModelRef}; +use anyhow::{anyhow, Result}; +use std::sync::Arc; +use tokio::sync::Semaphore; + +/// A pool of candidate models with a global concurrency cap and provider +/// failover. The same panel of models is reused for validator voting. +pub struct ModelPool { + client: ChatClient, + sem: Arc, + pub candidates: Vec, +} + +impl ModelPool { + pub fn new(models: Vec, concurrency: usize) -> Self { + let concurrency = concurrency.max(1); + ModelPool { + client: ChatClient::new(), + sem: Arc::new(Semaphore::new(concurrency)), + candidates: if models.is_empty() { + vec![ModelRef::parse("anthropic:claude-opus-4-8")] + } else { + models + }, + } + } + + /// Complete a prompt, trying each candidate model until one succeeds. + /// Returns the model that answered and its text. + pub async fn complete(&self, system: &str, user: &str) -> Result<(ModelRef, String)> { + let _permit = self.sem.acquire().await.expect("semaphore closed"); + let mut last = anyhow!("no candidate models"); + for m in &self.candidates { + match self.client.chat(m, system, user).await { + Ok(text) => return Ok((m.clone(), text)), + Err(e) => last = e, + } + } + Err(last) + } + + /// Ask up to `n` distinct models the same yes/no validation question and + /// return (confirmations, total_votes). A model answering "yes"/"confirmed" + /// counts as a confirmation. Used to cut false positives. + pub async fn vote(&self, system: &str, user: &str, n: usize) -> (usize, usize) { + let panel: Vec = self.candidates.iter().take(n.max(1)).cloned().collect(); + let mut confirmed = 0usize; + let mut total = 0usize; + for m in &panel { + let _permit = match self.sem.acquire().await { + Ok(p) => p, + Err(_) => break, + }; + if let Ok(text) = self.client.chat(m, system, user).await { + total += 1; + let t = text.to_lowercase(); + if t.contains("\"verdict\": \"confirmed\"") + || t.trim_start().starts_with("yes") + || t.contains("confirmed: true") + || t.contains("is_real\": true") + { + confirmed += 1; + } + } + } + (confirmed, total) + } +} diff --git a/neurosploit-rs/crates/harness/src/report.rs b/neurosploit-rs/crates/harness/src/report.rs new file mode 100644 index 0000000..111d9bd --- /dev/null +++ b/neurosploit-rs/crates/harness/src/report.rs @@ -0,0 +1,82 @@ +use crate::types::Finding; + +fn sev_rank(s: &str) -> u8 { + match s { + "Critical" => 0, + "High" => 1, + "Medium" => 2, + "Low" => 3, + _ => 4, + } +} + +fn sev_color(s: &str) -> &'static str { + match s { + "Critical" => "#c0392b", + "High" => "#e67e22", + "Medium" => "#f1c40f", + "Low" => "#3498db", + _ => "#7f8c8d", + } +} + +fn esc(s: &str) -> String { + s.replace('&', "&").replace('<', "<").replace('>', ">") +} + +/// Render an HTML report for the validated findings. +pub fn html(target: &str, findings: &[Finding]) -> String { + let mut sorted = findings.to_vec(); + sorted.sort_by_key(|f| sev_rank(&f.severity)); + + let mut counts: std::collections::BTreeMap<&str, usize> = Default::default(); + for f in &sorted { + *counts.entry(f.severity.as_str()).or_default() += 1; + } + let chips: String = if counts.is_empty() { + "No validated findings".into() + } else { + counts + .iter() + .map(|(s, n)| format!("{}: {}", sev_color(s), s, n)) + .collect() + }; + + let rows: String = sorted + .iter() + .enumerate() + .map(|(i, f)| { + format!( + "

{} {}. {}

\ +
{} Β· {} Β· CVSS {} Β· votes {} Β· conf {:.2}
\ +
Endpoint: {}
\ +

Payload

{}

Evidence

{}
\ +

Impact

{}

Remediation

{}

", + sev_color(&f.severity), esc(&f.severity), i + 1, esc(&f.title), + esc(&f.agent), esc(&f.cwe), esc(&f.cvss), esc(&f.votes), f.confidence, + esc(&f.endpoint), esc(&f.payload), esc(&f.evidence), esc(&f.impact), esc(&f.remediation), + ) + }) + .collect(); + let body = if rows.is_empty() { + "

No validated findings were produced for this engagement.

".to_string() + } else { + rows + }; + + format!( + "NeuroSploit Report β€” {t}\ +

NeuroSploit Penetration Test Report

\ +
Target: {t} Β· v3.4.0 Rust harness Β· multi-model validated
\ +
{chips}

Findings ({n})

{body}\ +

Authorized testing only. Findings confirmed by multi-model adversarial voting.

", + t = esc(target), chips = chips, n = sorted.len(), body = body, + ) +} diff --git a/neurosploit-rs/crates/harness/src/types.rs b/neurosploit-rs/crates/harness/src/types.rs new file mode 100644 index 0000000..ed49fcf --- /dev/null +++ b/neurosploit-rs/crates/harness/src/types.rs @@ -0,0 +1,93 @@ +use serde::{Deserialize, Serialize}; + +/// A validated (or candidate) security finding. +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct Finding { + pub id: String, + pub agent: String, + pub title: String, + pub severity: String, + #[serde(default)] + pub cwe: String, + #[serde(default)] + pub cvss: String, + #[serde(default)] + pub endpoint: String, + #[serde(default)] + pub payload: String, + #[serde(default)] + pub evidence: String, + #[serde(default)] + pub impact: String, + #[serde(default)] + pub remediation: String, + #[serde(default)] + pub confidence: f64, + #[serde(default)] + pub validated: bool, + /// Per-model vote summary, e.g. "3/4 confirmed". + #[serde(default)] + pub votes: String, +} + +impl Default for Finding { + fn default() -> Self { + Finding { + id: String::new(), + agent: String::new(), + title: String::new(), + severity: "Info".into(), + cwe: String::new(), + cvss: String::new(), + endpoint: String::new(), + payload: String::new(), + evidence: String::new(), + impact: String::new(), + remediation: String::new(), + confidence: 0.0, + validated: false, + votes: String::new(), + } + } +} + +/// Configuration for a single engagement run. +#[derive(Debug, Clone, Serialize, Deserialize)] +pub struct RunConfig { + pub target: String, + /// Model references in `provider:model` form. The first is primary; the + /// rest are failover candidates and also the voting panel. + pub models: Vec, + /// Number of models that cross-check each candidate finding. + #[serde(default = "default_vote")] + pub vote_n: usize, + /// Max concurrent model calls. + #[serde(default = "default_concurrency")] + pub concurrency: usize, + /// Cap on specialist agents to run (0 = all). + #[serde(default)] + pub max_agents: usize, + /// Offline mode: exercise the full pipeline without calling any model API. + #[serde(default)] + pub offline: bool, +} + +fn default_vote() -> usize { + 3 +} +fn default_concurrency() -> usize { + 8 +} + +impl RunConfig { + pub fn new(target: impl Into) -> Self { + RunConfig { + target: target.into(), + models: vec!["anthropic:claude-opus-4-8".into()], + vote_n: 3, + concurrency: 8, + max_agents: 0, + offline: false, + } + } +} diff --git a/reports/report_rs.html b/reports/report_rs.html new file mode 100644 index 0000000..c368607 --- /dev/null +++ b/reports/report_rs.html @@ -0,0 +1 @@ +NeuroSploit Report β€” https://demo.testfire.net

NeuroSploit Penetration Test Report

Target: https://demo.testfire.net Β· v3.4.0 Rust harness Β· multi-model validated
No validated findings

Findings (0)

No validated findings were produced for this engagement.

Authorized testing only. Findings confirmed by multi-model adversarial voting.

\ No newline at end of file