docs: RELEASE.md + README updated with v3.5.5 additions (cloud, REPL nav, recon)

This commit is contained in:
CyberSecurityUP
2026-07-01 23:20:05 -03:00
parent c7e756ffa3
commit 58aa8698cd
2 changed files with 66 additions and 33 deletions
+11 -8
View File
@@ -24,14 +24,17 @@
>
> 📖 **New here? Read the [full Tutorial & User Guide →](TUTORIAL.md)** — every mode, flag, config and example explained.
> 🆕 **New in v3.5.5 — Robust attack chaining + fewer false positives:** a
> multi-round, decision-driven **post-exploitation** engine takes each confirmed
> foothold and expands new directions (cred reuse, privesc, lateral movement,
> exfil, new surface), carrying **loot** forward across rounds (`--chain-depth`).
> Validation is now **severity-aware** (High/Critical need ≥2 validators & ≥2/3
> agreement) with an **adversarial refute pass** that drops findings that can't
> withstand a skeptic.
> *(v3.5.3 added GitHub/GitLab/Jira **[integrations](TUTORIAL-INTEGRATION.md)**; v3.5.2 the DEPTH doctrine + report-hygiene pass — see [RELEASE.md](RELEASE.md).)*
> 🆕 **New in v3.5.5 — Cloud testing + REPL navigation + deeper recon:**
> **AWS/GCP/Azure** agents (+17 → **365** total) with credentials wired through
> `creds.yaml`; a more navigable **REPL** — **`/timeout`** idle guardrail,
> **multi-target** `/target a,b,c` (sequential), an interactive **`/results`**
> browser (target → vuln → detail, Esc to go back) and **`/report`** picker; and
> **deeper recon** that downloads & analyzes JavaScript (endpoints, secrets,
> source maps) and does request/response differential analysis. Interactive
> line-editing prompt bug fixed.
> *(v3.5.4 added robust attack chaining + false-positive reduction; v3.5.3
> GitHub/GitLab/Jira **[integrations](TUTORIAL-INTEGRATION.md)**; v3.5.2 the DEPTH
> doctrine + report-hygiene — see [RELEASE.md](RELEASE.md).)*
---
+55 -25
View File
@@ -1,7 +1,7 @@
# NeuroSploit v3.5.5 — Release Notes
**Release Date:** July 2026
**Codename:** Cloud Testing & REPL polish
**Codename:** Cloud Testing, REPL Navigation & Deeper Recon
**License:** MIT
**Credits:** Joas A Santos & Red Team Leaders
@@ -10,37 +10,67 @@
## TL;DR
v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class
credential connection, **17 new cloud agents**, and a nicer REPL.
credential connection and **17 new cloud agents**, a much more capable and
navigable **REPL** (idle guardrail, multi-target, results browser), **deeper
recon** (downloads & analyzes JS, request/response differentials), and a fix for
garbled interactive line-editing.
## Highlights
## Cloud testing
- **Cloud test agents (+17 → library now 365 agents).** AWS, GCP and Azure
specialists in `agents_md/infra/` covering IAM privilege escalation, storage
exposure (S3 / GCS / Blob), compute & network exposure, secrets (Secrets
Manager / Secret Manager / Key Vault), service-account & service-principal
abuse, and Entra ID enumeration — plus a multi-cloud footprint/identity recon
agent. They drive the provider CLIs read-only-first, non-destructive.
- **Connect cloud credentials via `creds.yaml`.** New `aws:`, `gcp:`, `azure:`
blocks. The harness exports the right env vars so `aws` / `gcloud` / `az` pick
them up automatically, and injects a directive telling the agents how to
authenticate and what to enumerate:
- **+17 cloud agents (library now 365).** AWS, GCP and Azure specialists in
`agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure
(S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager /
Secret Manager / Key Vault), service-account & service-principal abuse, and
Entra ID enumeration — plus a multi-cloud footprint/identity recon agent.
Read-only-first, non-destructive.
- **Connect cloud credentials via `creds.yaml`** (`aws:`, `gcp:`, `azure:`
blocks). The harness exports the right env vars so `aws` / `gcloud` / `az` pick
them up automatically, and tells the agents how to authenticate & what to
enumerate:
- **AWS** — `access_key_id`/`secret_access_key`[/`session_token`]/`region`, or a `profile`.
- **GCP** — a service-account JSON (`service_account_json`, path recommended;
inline single-line also works) → `GOOGLE_APPLICATION_CREDENTIALS` + project.
- **GCP** — a service-account JSON (`service_account_json`, path recommended) →
`GOOGLE_APPLICATION_CREDENTIALS` + project.
- **Azure** — a **service principal** (`tenant_id`/`client_id`/`client_secret`/
`subscription_id`) → `az login --service-principal` (best practice for
non-interactive automation).
- **REPL polish.** New **`/chain <n>`** (attack-chain depth) and **`/agents list`**
(library category counts incl. infra/cloud); **`/show`** now displays
chain-depth and enabled integrations; help updated.
- Cloud creds are never written to disk beyond your `creds.yaml`; inline GCP JSON
is materialized to a temp file only to satisfy the SDK/CLI.
`subscription_id`) → `az login --service-principal`.
- Secrets are never written to disk beyond your `creds.yaml`; inline GCP JSON is
materialized to a temp file only to satisfy the SDK/CLI.
## REPL — navigation & control
- **Idle guardrail — `/timeout <min>`.** If no NEW finding lands within the
window, the run soft-stops and validates what was found (`/timeout 1` = 1 min,
`10` = 10 min, `60` = 1 hour, `0` = off). **Default 5 min.**
- **Multiple targets — `/target url1,url2,url3`.** A comma-separated list; `/run`
tests them **sequentially** (a queue auto-advances to the next when the current
finishes) — one report per URL.
- **`/results` navigation browser** (interactive): pick a **target/run** → pick a
**vulnerability** → see full detail; **Esc steps back a level** (vuln → target →
back to the live session).
- **`/report` selection**: with multiple runs, choose which report to open from a
menu.
- **`/chain <n>`** (attack-chain depth), **`/agents list`** (library category
counts incl. infra/cloud); **`/show`** now shows chain-depth, idle-stop and
enabled integrations.
- **Fix:** the interactive prompt no longer embeds ANSI/newline, so line editing
(typing, backspace, history, cursor, multiline) is no longer garbled in a real
terminal (the readline prompt is plain; color is applied via the highlighter).
## Deeper recon & analysis (agent prompts)
- **RECON_SYS** now crawls pages/params/headers/cookies, **downloads the linked
JavaScript and analyzes it** (API endpoints, hidden params, GraphQL, secrets /
keys / tokens, `sourceMappingURL` → recover original source), fingerprints
**exact** stack versions, and does response-differential analysis; richer JSON
schema (`js_findings`, `secrets`, `hosts`, …).
- **tool_doctrine** adds JS-analysis (linkfinder / gau / katana + grep for
endpoints/secrets/source-maps) and request/response-analysis guidance (status,
all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and
valid-vs-invalid comparisons) — applied to both recon and exploitation.
## Notes
- Additive/back-compatible. Provider count is now 14 (Azure OpenAI added in
v3.5.2). See the README "Cloud credentials" section for a full `creds.yaml`
example.
- Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
See the README "Cloud credentials" section for a full `creds.yaml` example.
---