misconfig/CVE/PoC/rate-limit agents, data-safety guardrail, Burp proxy, PoC dir

Agents (+10 → library 375): absurd-misconfig hunters (exposed .git/.env/backups,
debug/actuator, default creds, dir listing, ops dashboards, permissive CORS,
verbose errors), a CVE Hunter (fingerprint → correlate → safe PoC), a PoC
Developer (writes runnable scripts to the run's pocs/), and a Rate-Limit tester.

Doctrine (pipeline):
- SAFETY_DOCTRINE injected into every exploit/chain/host prompt: no modify/delete/
  exfiltrate/state-change without permission; on PII prove with a masked sample +
  count, never dump.
- tool_doctrine adds: smart targeted nuclei (fingerprint-first, -tags/-id, rate/
  timeouts), misconfig hunting, rate-limit control checks, authorized tool
  download (git clone PoC repos / fetch scanners), Burp/ZAP proxy routing, and a
  per-run PoC workspace.

Harness/CLI/REPL:
- RunConfig.proxy; spawn_engagement creates <workdir>/pocs and exports
  NEUROSPLOIT_POCS + NEUROSPLOIT_PROXY (proxy from cfg or the env var).
- REPL /proxy <url> and /burp (Session.proxy); /show shows proxy.

Docs: README highlights + Cloud/counts (375), RELEASE v3.5.5 sections.
This commit is contained in:
CyberSecurityUP
2026-07-01 23:40:47 -03:00
parent 58aa8698cd
commit 5f1573ac7f
18 changed files with 642 additions and 22 deletions
+11 -3
View File
@@ -11,7 +11,7 @@
<img src="https://img.shields.io/badge/Version-3.5.5-blue?style=flat-square">
<img src="https://img.shields.io/badge/Harness-Rust%20%7C%20tokio-e6b673?style=flat-square">
<img src="https://img.shields.io/badge/License-MIT-green?style=flat-square">
<img src="https://img.shields.io/badge/MD%20Agents-365-red?style=flat-square">
<img src="https://img.shields.io/badge/MD%20Agents-375-red?style=flat-square">
<img src="https://img.shields.io/badge/Models-14%20providers-success?style=flat-square">
<img src="https://img.shields.io/badge/Modes-Black%20%7C%20White%20%7C%20Grey%20%7C%20Host-9cf?style=flat-square">
<img src="https://img.shields.io/badge/Auth-API%20key%20%7C%20Subscription-orange?style=flat-square">
@@ -25,7 +25,7 @@
> 📖 **New here? Read the [full Tutorial & User Guide →](TUTORIAL.md)** — every mode, flag, config and example explained.
> 🆕 **New in v3.5.5 — Cloud testing + REPL navigation + deeper recon:**
> **AWS/GCP/Azure** agents (+17 → **365** total) with credentials wired through
> **AWS/GCP/Azure** agents (+17 → **375** total) with credentials wired through
> `creds.yaml`; a more navigable **REPL** — **`/timeout`** idle guardrail,
> **multi-target** `/target a,b,c` (sequential), an interactive **`/results`**
> browser (target → vuln → detail, Esc to go back) and **`/report`** picker; and
@@ -44,7 +44,7 @@ LLMs** — via **API key** or local **subscription** (Claude Code / Codex / Gemi
Grok) — recons the target, **intelligently selects only the agents that match the
discovered surface**, runs them in parallel, **chains** findings into deeper
impact, and **validates every claim by cross-model voting + tool-receipt
grounding** before reporting. It ships **365 markdown agents** and a **Mission
grounding** before reporting. It ships **375 markdown agents** and a **Mission
Control TUI**.
### Engagement modes
@@ -75,6 +75,14 @@ Control TUI**.
(`aws`/`gcloud`/`az`). Connect via `creds.yaml`: AWS keys, a Google
service-account JSON, or an Azure service principal — see
[Cloud credentials](#cloud-credentials-awsgcpazure).
- 🧰 **Misconfig & CVE hunting, safely** — dedicated agents for absurd
misconfigs (exposed `.git`/`.env`, debug/actuator, default creds, dashboards,
CORS), a **CVE Hunter** (smart, targeted `nuclei`), a **PoC Developer** (writes
reproducible scripts to the run's `pocs/`), and **rate-limit** testing — all
under a strict **data-safety/PII guardrail** (no destructive or state-changing
actions; PII proven with a masked sample, never dumped).
- 🕵️ **Burp/ZAP proxy**`/proxy <url>` (or `/burp`) routes agent traffic
through your local intercepting proxy so you can inspect & replay in Burp.
- 🗺️ **Attack graph & kill chain** — findings mapped to OWASP / CWE / MITRE
ATT&CK / stage; rendered as a Mermaid graph in the report.
-**Cross-model validation** — a different model adjudicates each finding;
+30 -5
View File
@@ -10,14 +10,16 @@
## TL;DR
v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class
credential connection and **17 new cloud agents**, a much more capable and
navigable **REPL** (idle guardrail, multi-target, results browser), **deeper
recon** (downloads & analyzes JS, request/response differentials), and a fix for
garbled interactive line-editing.
credential connection, **27 new agents** (17 cloud + 10 misconfig/CVE/PoC/rate-
limit → library **375**), a much more capable and navigable **REPL** (idle
guardrail, multi-target, results browser), **deeper recon** (downloads & analyzes
JS, request/response differentials, smart nuclei), **Burp/ZAP proxy** support, a
**PoC** workspace, a strict **data-safety/PII guardrail**, and a fix for garbled
interactive line-editing.
## Cloud testing
- **+17 cloud agents (library now 365).** AWS, GCP and Azure specialists in
- **+17 cloud agents.** AWS, GCP and Azure specialists in
`agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure
(S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager /
Secret Manager / Key Vault), service-account & service-principal abuse, and
@@ -67,6 +69,29 @@ garbled interactive line-editing.
all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and
valid-vs-invalid comparisons) — applied to both recon and exploitation.
## Exploitation depth, safety & Burp
- **+10 exploitation agents.** Absurd-misconfig hunters (exposed `.git`/`.env`/
backups, debug/actuator endpoints, default creds, directory listing, exposed
ops dashboards, permissive CORS, verbose errors), a **CVE Hunter** (fingerprint
→ correlate → safe PoC), a **PoC Developer** (writes runnable exploit scripts),
and a **Rate-Limit / Anti-Automation** tester.
- **Data-safety / PII guardrail** injected into every exploit/chain/host prompt:
no modifying, deleting, exfiltrating data or changing state without explicit
permission; on PII, prove with a single **masked** sample + a count — never
dump. When unsure an action is safe, don't do it.
- **Smart nuclei in recon** — fingerprint first, then run nuclei on **targeted**
templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan).
- **Burp/ZAP proxy** — `/proxy <url>` (or `/burp`, default `:8080`) in the REPL,
or the `NEUROSPLOIT_PROXY` env var. Agents route curl through it (`--proxy … -k`)
so you can inspect/replay traffic in Burp Suite while the test runs.
- **PoC workspace** — each run gets a `pocs/` directory (`$NEUROSPLOIT_POCS`);
agents save custom, reproducible exploit scripts there and cite them as evidence.
- **Tool download** (authorized) — agents may `git clone` a specific public PoC/
exploit repo or download a scanner when needed (reputable/pinned, reviewed).
- **Rate-limit testing** is a first-class control check (small non-disruptive
burst → look for 429/lockout/Retry-After), never a DoS.
## Notes
- Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
+3 -3
View File
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
1. **Recons** the target with real tools (curl/nmap/…).
2. **Intelligently selects** only the agents whose preconditions match the recon
(it does *not* blindly run all 365).
(it does *not* blindly run all 375).
3. **Exploits** in parallel — each agent works in a ReAct loop and must prove its
claim with a **tool receipt** (raw output).
4. **Validates** every candidate by **cross-model voting** (a different model
@@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
```bash
neurosploit --version # neurosploit 3.5.5
neurosploit agents # {"vulns":196,...,"chains":12,"total":365}
neurosploit agents # {"vulns":196,...,"chains":12,"total":375}
neurosploit models # all providers & models
```
@@ -468,7 +468,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
## 13. The agent library
`agents_md/` holds **365** markdown agents in categories:
`agents_md/` holds **375** markdown agents in categories:
| Category | Dir | Count | Purpose |
|----------|-----|-------|---------|
+39
View File
@@ -0,0 +1,39 @@
# CVE Hunter Agent
## User Prompt
You are testing **{target}** for known CVEs affecting the detected components.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Fingerprint
- From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)
### 2. Correlate
- Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` and the NVD; note CVE id + CVSS
### 3. Reproduce safely
- Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; if a working public PoC exists you MAY clone it (git clone) and adapt — never a destructive payload
### 4. Confirm
- Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'
### 5. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: CVE Hunter at [endpoint]
- Severity: Critical
- CWE: CWE-1395
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Depends on CVE — up to full compromise
- Remediation: Patch/upgrade affected components; apply vendor advisories
```
## System Prompt
You are a specialist in known CVEs affecting the detected components. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Debug / Management Endpoints Exposed Agent
## User Prompt
You are testing **{target}** for exposed debug and management endpoints.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Probe
- Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, `/metrics`, `/__debug__/`, `/console`, framework debug panels
### 2. Assess
- Harvest env vars/secrets, internal routes, heap/thread dumps, config
### 3. Confirm
- Show sensitive runtime data or an actionable management action reachable unauthenticated
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Debug / Management Endpoints Exposed at [endpoint]
- Severity: High
- CWE: CWE-489
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Info disclosure → RCE/takeover
- Remediation: Disable debug/management in prod; authenticate & network-restrict them
```
## System Prompt
You are a specialist in exposed debug and management endpoints. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Default / Weak Credentials on Panels Agent
## User Prompt
You are testing **{target}** for default or weak credentials on exposed panels.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Locate
- Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)
### 2. Test (in scope)
- Try vendor defaults & the supplied test creds; respect lockout/ROE — no out-of-scope brute force
### 3. Confirm
- Show authenticated access with a benign read
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Default / Weak Credentials on Panels at [endpoint]
- Severity: High
- CWE: CWE-1392
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Full component/app compromise
- Remediation: Remove defaults; enforce strong creds + MFA; restrict panel exposure
```
## System Prompt
You are a specialist in default or weak credentials on exposed panels. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
+33
View File
@@ -0,0 +1,33 @@
# Directory Listing Enabled Agent
## User Prompt
You are testing **{target}** for directory listing / index-of exposure.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Probe
- Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`
### 2. Confirm
- Show a listing revealing sensitive files; fetch one to prove readability
### 3. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Directory Listing Enabled at [endpoint]
- Severity: Medium
- CWE: CWE-548
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Information disclosure
- Remediation: Disable autoindex (Options -Indexes / autoindex off); restrict access
```
## System Prompt
You are a specialist in directory listing / index-of exposure. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Exposed Ops Dashboards Agent
## User Prompt
You are testing **{target}** for unauthenticated ops dashboards & consoles.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Discover
- Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, Prometheus, Consul, Swagger UI, GraphQL playground
### 2. Assess
- Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)
### 3. Confirm
- Demonstrate a read proving exposure (→ often data leak or RCE)
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Exposed Ops Dashboards at [endpoint]
- Severity: High
- CWE: CWE-1188
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Data leak / RCE / takeover
- Remediation: Authenticate & network-restrict all ops UIs; least privilege
```
## System Prompt
You are a specialist in unauthenticated ops dashboards & consoles. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Exposed Sensitive Files & Backups Agent
## User Prompt
You are testing **{target}** for absurd misconfigurations exposing sensitive files.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Probe
- Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, `/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`
### 2. Confirm
- Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)
### 3. Loot
- Extract secrets/creds and hand them to the chainer for reuse — do not exfiltrate beyond proof
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Exposed Sensitive Files & Backups at [endpoint]
- Severity: High
- CWE: CWE-538
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Source/secret disclosure → credential reuse / RCE
- Remediation: Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets
```
## System Prompt
You are a specialist in absurd misconfigurations exposing sensitive files. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Permissive CORS Misconfiguration Agent
## User Prompt
You are testing **{target}** for insecure CORS allowing cross-origin credentialed reads.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Test reflection
- Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` and `Access-Control-Allow-Credentials`
### 2. Classify
- Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low
### 3. Confirm
- On authenticated endpoints, show a cross-origin credentialed read returning the victim's data
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Permissive CORS Misconfiguration at [endpoint]
- Severity: High
- CWE: CWE-942
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Cross-origin data theft
- Remediation: Allowlist origins server-side; never reflect Origin with credentials
```
## System Prompt
You are a specialist in insecure CORS allowing cross-origin credentialed reads. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
@@ -0,0 +1,36 @@
# Verbose Errors / Stack Traces Agent
## User Prompt
You are testing **{target}** for verbose error handling leaking internals.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Trigger
- Send malformed input / bad methods / type confusion to force errors
### 2. Assess
- Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors
### 3. Confirm
- Show a response leaking internal implementation detail
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Verbose Errors / Stack Traces at [endpoint]
- Severity: Low
- CWE: CWE-209
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Info disclosure aiding targeted attacks
- Remediation: Generic error pages in prod; log details server-side only
```
## System Prompt
You are a specialist in verbose error handling leaking internals. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
+39
View File
@@ -0,0 +1,39 @@
# Exploit PoC Developer Agent
## User Prompt
You are testing **{target}** for issues that require a custom multi-step exploit or script to prove.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Decide
- When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, or a public CVE PoC is needed), develop a proof-of-concept script
### 2. Build
- Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment (target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists — review it first
### 3. Run & confirm
- Execute the PoC against the authorized target with benign/non-destructive payloads; capture output
### 4. Report
- Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)
### 5. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Exploit PoC Developer at [endpoint]
- Severity: High
- CWE: CWE-1395
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Reproducible proof of the underlying vulnerability
- Remediation: N/A (methodology agent) — remediation follows the underlying issue
```
## System Prompt
You are a specialist in issues that require a custom multi-step exploit or script to prove. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
+39
View File
@@ -0,0 +1,39 @@
# Rate Limiting & Anti-Automation Agent
## User Prompt
You are testing **{target}** for missing rate limiting / anti-automation on sensitive flows.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Target the right endpoints
- Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any expensive or messaging endpoint
### 2. Controlled burst
- Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, Retry-After, progressive delay, or captcha — keep it non-disruptive (a control check, not DoS)
### 3. Check headers
- Inspect for `RateLimit-*` / `Retry-After`; note their absence
### 4. Confirm
- Report absence of throttling with the observed status distribution; chain with user-enumeration for password-spraying feasibility (do not actually brute-force out of scope)
### 5. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Rate Limiting & Anti-Automation at [endpoint]
- Severity: Medium
- CWE: CWE-307
- Endpoint: [full URL/resource]
- Vector: [what/where]
- Payload: [exact request/command]
- Evidence: [raw tool output proving it]
- Impact: Brute force / credential stuffing / password spraying / resource abuse
- Remediation: Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA
```
## System Prompt
You are a specialist in missing rate limiting / anti-automation on sensitive flows. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
+13
View File
@@ -550,6 +550,19 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode:
std::fs::create_dir_all(&workdir).ok();
cfg.workdir = Some(workdir.display().to_string());
cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string());
// PoC scratch dir: agents write custom exploit scripts here (see doctrine).
let pocs = workdir.join("pocs");
std::fs::create_dir_all(&pocs).ok();
std::env::set_var("NEUROSPLOIT_POCS", pocs.display().to_string());
// Local intercepting proxy (Burp/ZAP): agents route HTTP through it. Comes
// from cfg.proxy (REPL /proxy) or the NEUROSPLOIT_PROXY env var (CLI).
let proxy = cfg.proxy.clone()
.or_else(|| std::env::var("NEUROSPLOIT_PROXY").ok())
.filter(|p| !p.trim().is_empty());
if let Some(p) = proxy {
std::env::set_var("NEUROSPLOIT_PROXY", &p);
println!(" │ proxy : {p} (traffic routed to Burp/ZAP for inspection)");
}
write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target));
println!(" ┌─ NeuroSploit v3.5.5 · by Joas A Santos & Red Team Leaders");
+17 -1
View File
@@ -119,7 +119,7 @@ struct LiveCheckpoint {
const COMMANDS: &[&str] = &[
"/help", "/show", "/config", "/providers", "/model", "/key", "/sub", "/target",
"/repo", "/auth", "/creds", "/focus", "/attach", "/context", "/mcp", "/offline",
"/votes", "/chain", "/timeout", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report",
"/votes", "/chain", "/timeout", "/proxy", "/burp", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report",
"/status", "/diff", "/retest", "/integrations", "/quit",
];
@@ -217,6 +217,8 @@ struct Session {
/// Idle guardrail: stop a run if no NEW finding lands in this many seconds
/// (0 = disabled). Set in minutes via `/timeout <mins>`.
idle_secs: u64,
/// Local intercepting proxy (Burp/ZAP), e.g. http://127.0.0.1:8080.
proxy: Option<String>,
offline: bool,
target: Option<String>,
repo: Option<String>,
@@ -237,6 +239,7 @@ impl Default for Session {
max_agents: 0,
chain_depth: 2,
idle_secs: 300, // 5-minute idle guardrail by default
proxy: None,
offline: false,
target: None,
repo: None,
@@ -438,6 +441,15 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> {
else { println!(" idle guardrail: stop if no new finding in {mins} min"); }
}
}
"/proxy" | "/burp" => {
match arg {
"" => println!(" proxy: {}", s.proxy.clone().unwrap_or_else(|| "(none) — route traffic to Burp/ZAP with /proxy <url>, e.g. /proxy http://127.0.0.1:8080".into())),
"off" | "clear" | "none" => { s.proxy = None; println!(" proxy cleared — traffic goes direct"); }
"on" => { s.proxy = Some("http://127.0.0.1:8080".into()); println!(" proxy: http://127.0.0.1:8080 (default Burp) — agents route curl through it"); }
u => { let p = if u.starts_with("http") { u.to_string() } else { format!("http://{u}") };
s.proxy = Some(p.clone()); println!(" proxy: {p} — agents route HTTP through it so you can inspect/replay in Burp"); }
}
}
"/repo" => {
if arg.is_empty() { println!(" repo: {}", s.repo.clone().unwrap_or_else(|| "(none) — set with /repo <path | github-url | owner/repo>, clear with /repo clear".into())); }
else if arg == "clear" { s.repo = None; println!(" repo cleared"); }
@@ -742,6 +754,7 @@ async fn run(base: &Path, s: &Session, history: &mut Vec<RunRecord>) {
cfg.subscription = s.subscription;
cfg.vote_n = s.vote_n;
cfg.chain_depth = s.chain_depth;
cfg.proxy = s.proxy.clone();
cfg.max_agents = s.max_agents;
cfg.verbose = true;
cfg.offline = s.offline;
@@ -795,6 +808,7 @@ async fn start_background(base: &Path, s: &Session, reader: &mut Reader,
cfg.subscription = s.subscription;
cfg.vote_n = s.vote_n;
cfg.chain_depth = s.chain_depth;
cfg.proxy = s.proxy.clone();
cfg.max_agents = s.max_agents;
cfg.verbose = true;
cfg.offline = s.offline;
@@ -1228,6 +1242,7 @@ fn show(s: &Session) {
println!(" │ repo : {}", s.repo.clone().unwrap_or_else(|| "(none)".into()));
println!(" │ auth : {}", s.auth.clone().unwrap_or_else(|| "(none)".into()));
println!(" │ creds : {}", s.creds.clone().unwrap_or_else(|| "(none)".into()));
println!(" │ proxy : {}", s.proxy.clone().unwrap_or_else(|| "(none — /proxy for Burp/ZAP)".into()));
println!(" │ focus : {}", s.instructions.clone().unwrap_or_else(|| "(none — tests everything)".into()));
println!(" │ opts : mcp={} offline={} votes={} chain-depth={} max-agents={} idle-stop={}",
onoff(s.mcp), onoff(s.offline), s.vote_n, s.chain_depth, s.max_agents,
@@ -1289,6 +1304,7 @@ fn help() {
h("/mcp on|off", "Playwright MCP browser /offline on|off self-test");
h("/votes <n>", "validator votes /chain <n> attack-chain depth");
h("/timeout <min>", "idle guardrail: stop if no new finding in <min> (0 = off)");
h("/proxy <url>|off", "route agent HTTP through Burp/ZAP (/burp = default :8080)");
h("/agents <n>|list", "cap agents · list counts /theme color|mono");
h("/show (config)", "/clear /quit");
+60 -10
View File
@@ -68,11 +68,61 @@ fn tool_doctrine(mcp_on: bool) -> String {
Prefer `linkfinder`/`gau`/`katana` to harvest more URLs when present, else regex with `grep -Eo`.\n\
- REQUEST/RESPONSE ANALYSIS: read status codes, every header, Set-Cookie flags, content-type, body length \
and response timing; use DIFFERENTIALS (authenticated vs anonymous, valid vs invalid input, existing vs \
missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence.\n\
missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence. \
Save full request/response pairs when they matter for the PoC.\n\
- NUCLEI (fast, targeted — never a blind full scan): first fingerprint the stack, then run nuclei ONLY on \
relevant templates, e.g. `nuclei -u <target> -tags <detected-tech,cve> -severity critical,high,medium \
-rl 50 -timeout 8 -retries 1` (or `-t <specific-template>` for a suspected CVE). Prefer targeted \
`-id`/`-tags` over the whole template set so it stays quick; confirm any hit manually with curl.\n\
- MISCONFIG HUNTING: probe for absurd-but-common misconfigurations — exposed `.git`/`.env`/backup & config \
files, directory listing, debug/actuator/trace endpoints, default & weak credentials, open admin panels, \
permissive CORS, verbose stack traces, exposed dashboards (Kibana/Grafana/Jenkins/phpMyAdmin), and cloud \
metadata (169.254.169.254) via SSRF.\n\
- RATE-LIMIT / ANTI-AUTOMATION: on auth, password-reset, OTP and sensitive endpoints, send a controlled \
burst (e.g. ~20-30 requests) and check for 429/lockout/Retry-After/backoff; report absence as a finding. \
Keep bursts small and non-disruptive — this is a control check, not a DoS.\n\
- TOOL DOWNLOAD (authorized): when a public PoC or scanner is needed you MAY `git clone` a specific PoC/exploit \
repo or download a tool (`git clone`, `wget`, `pip install`, `go install`, `cargo install`) — use pinned, \
reputable sources; review before running; never run destructive payloads.\n\
- {browser}\n\
Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n"
- {proxy}{pocs}\
Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n",
proxy = proxy_line(),
pocs = pocs_line(),
)
}
/// If a local proxy is configured (Burp/ZAP), tell agents to route HTTP through
/// it so the operator can inspect/replay traffic in Burp Suite.
fn proxy_line() -> String {
match std::env::var("NEUROSPLOIT_PROXY").ok().filter(|v| !v.trim().is_empty()) {
Some(p) => format!(
"PROXY: route ALL HTTP through the local intercepting proxy at {p} (Burp/ZAP) so the operator can \
inspect & replay in Burp — add `--proxy {p} -k` to every curl (and set http(s)_proxy for other tools). \
Send anything noteworthy through it for manual review.\n "),
None => String::new(),
}
}
/// If a PoC directory is set, tell agents to save custom exploit scripts there.
fn pocs_line() -> String {
match std::env::var("NEUROSPLOIT_POCS").ok().filter(|v| !v.trim().is_empty()) {
Some(d) => format!(
"POCS: when an issue needs a custom multi-step exploit/script to prove it, WRITE a runnable PoC \
(curl/python/bash) to {d}/ with a short header comment (target, what it proves, usage), run it to \
confirm, and reference the file path in the finding evidence.\n "),
None => String::new(),
}
}
/// Data-safety guardrail prepended to every exploit/chain prompt.
const SAFETY_DOCTRINE: &str = "DATA SAFETY (strict): prove impact WITHOUT harming data. Do NOT modify, delete, \
overwrite, encrypt or exfiltrate data, create/alter/escalate accounts, or change configuration/state — unless the \
operator has explicitly authorized that specific action. Read-only, minimal proof. If you encounter PII (names, \
emails, CPF/SSN, phones, cards, tokens): confirm access with the SMALLEST possible sample and REDACT it in the \
report (e.g. show 1 masked record + a count) — never dump, store, or transmit the dataset. Prefer benign markers \
and OOB/echo checks over any state-changing payload. When unsure whether an action is safe, don't do it — report \
it as reachable and stop.\n\n";
const VOTE_SYS: &str = "You are an adversarial security validator. Decide if the candidate finding is a REAL, reproducible, exploitable vulnerability whose EVIDENCE actually proves impact. Reject common false positives: input merely reflected but not executed; version/banner guesses with no working PoC; self-XSS; theoretical issues; an error message or stack trace mistaken for injection; missing, generic, or non-reproducible evidence; severity inflated beyond what the evidence demonstrates. Confirm only if the provided evidence (request/response) concretely proves the vulnerability. Reply with JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}. Default to rejected when uncertain.";
/// Adversarial second pass for High/Critical findings: assume false positive
/// until the evidence forces otherwise. A finding that can't withstand the
@@ -195,13 +245,13 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender<Str
let user = format!(
"AUTHORIZED engagement — you have explicit permission to test {target}. \
Do not ask for confirmation — proceed and PROVE each issue.\n\n\
{directives}{react}{depth}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
{directives}{react}{depth}{safety}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
Each item: {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}. \
`evidence` must contain the concrete proof (request/response excerpt).",
target = target,
directives = directives,
react = REACT_DOCTRINE,
depth = DEPTH_DOCTRINE,
depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE,
doctrine = tool_doctrine(mcp_on),
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
);
@@ -413,11 +463,11 @@ pub async fn run_greybox(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Se
}
let user = format!(
"AUTHORIZED greybox engagement on {target} — you also have the source review below. \
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{doctrine}{body}\n\n\
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{safety}{doctrine}{body}\n\n\
Reply ONLY a JSON array of confirmed findings (may be []): \
{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
target = target, directives = directives, leads = leads,
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, doctrine = tool_doctrine(mcp_on),
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(mcp_on),
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
);
match pool.complete_routed(Task::Exploit, &ag.name, &ag.system, &user).await {
@@ -561,13 +611,13 @@ async fn chain_from_seed(pool: &ModelPool, target: &str, directives: &str, recon
};
let short: String = seed.title.chars().take(28).collect();
let user = format!(
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{doctrine}\
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{safety}{doctrine}\
FOOTHOLD TO EXPAND (round {round}/{max}):\n- [{}] {} @ {} ({})\n payload: {}\n evidence: {}\n\n\
LOOT GATHERED (reuse it):\n{loot_block}\n\n{recipe_block}RECON:\n{recon_ctx}\n\n\
From THIS foothold, DECIDE the best directions and PROVE new impact — post-exploitation (loot creds/keys/config/source), credential reuse, privilege escalation (horizontal & vertical), lateral movement to adjacent services/hosts, data exfiltration, and NEW attack surface it exposes. Every claim needs a real tool receipt.\n\n\
Reply ONLY JSON: {{\"findings\":[{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}],\"loot\":[\"cred:user:pass@host\",\"token:...\",\"host:10.0.0.5\",\"endpoint:/internal/api\"]}} (empty arrays are fine).",
seed.severity, seed.title, seed.endpoint, seed.cwe, seed.payload, seed.evidence,
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
);
let label = format!("chain:{short}");
match pool.complete_routed(Task::Exploit, &label, CHAIN_SYS, &user).await {
@@ -1124,8 +1174,8 @@ pub async fn run_host(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sende
let _ = txc.send(format!(" ▶ launching agent: {} ({})", ag.name, ag.title.replace(" Agent", ""))).await;
}
let user = format!(
"AUTHORIZED host engagement on {target}. Proceed and PROVE each issue with raw tool output.\n\n{directives}{tooling}{react}{body}\n\nReply ONLY a JSON array of confirmed findings (may be []): {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
target = target, directives = directives, tooling = HOST_TOOLING, react = REACT_DOCTRINE,
"AUTHORIZED host engagement on {target}. Proceed and PROVE each issue with raw tool output.\n\n{directives}{tooling}{react}{safety}{body}\n\nReply ONLY a JSON array of confirmed findings (may be []): {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
target = target, directives = directives, tooling = HOST_TOOLING, react = REACT_DOCTRINE, safety = SAFETY_DOCTRINE,
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
);
match pool.complete_routed(Task::Exploit, &ag.name, &ag.system, &user).await {
@@ -128,6 +128,11 @@ pub struct RunConfig {
/// newest footholds in new directions, carrying discovered loot forward.
#[serde(default = "default_chain_depth")]
pub chain_depth: usize,
/// Optional local intercepting proxy (Burp/ZAP), e.g. http://127.0.0.1:8080.
/// When set, agents route HTTP through it so the operator can inspect/replay
/// traffic in Burp Suite.
#[serde(default)]
pub proxy: Option<String>,
}
fn default_vote() -> usize {
@@ -159,6 +164,7 @@ impl RunConfig {
repo: None,
pinned: Vec::new(),
chain_depth: 2,
proxy: None,
}
}
}
+136
View File
@@ -0,0 +1,136 @@
#!/usr/bin/env python3
"""
NeuroSploit v3.5.5 misconfiguration, CVE-hunting, PoC-development & rate-limit
exploitation agents. Written to agents_md/vulns/. Read-only-first, non-destructive,
authorized only; PII must be handled per the data-safety guardrail.
Credits: Joas A Santos & Red Team Leaders.
"""
import os
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
OUT = os.path.join(ROOT, "agents_md", "vulns")
def render(a):
L = [f"# {a['title']} Agent\n", "## User Prompt",
f"You are testing **{{target}}** for {a['for']}.\n",
"**Recon Context:**\n{recon_json}\n", "**METHODOLOGY:**\n"]
for i, (s, bs) in enumerate(a["steps"], 1):
L.append(f"### {i}. {s}")
L += [f"- {b}" for b in bs]
L.append("")
n = len(a["steps"]) + 1
L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:",
f"- Title: {a['title']} at [endpoint]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}",
"- Endpoint: [full URL/resource]", "- Vector: [what/where]", "- Payload: [exact request/command]",
"- Evidence: [raw tool output proving it]", f"- Impact: {a['impact']}",
f"- Remediation: {a['fix']}", "```\n", "## System Prompt", a["system"]]
return "\n".join(L) + "\n"
def A(name, title, vc, cwe, sev, steps, fix, impact):
return {"name": name, "title": title, "for": vc, "sev": sev, "cwe": cwe, "impact": impact,
"fix": fix, "steps": steps,
"system": (f"You are a specialist in {vc}. AUTHORIZED engagement. Report ONLY what you proved with a "
"real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; "
"never modify/delete/exfiltrate data or change state without explicit permission; on PII, "
"prove with a single masked sample + a count, never dump. No destructive/DoS actions. "
"Credits: Joas A Santos and Red Team Leaders.")}
AGENTS = [
# ---------- absurd misconfigurations ----------
A("misconfig_exposed_files", "Exposed Sensitive Files & Backups", "absurd misconfigurations exposing sensitive files",
"CWE-538", "High",
[("Probe", ["Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, "
"`/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`"]),
("Confirm", ["Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)"]),
("Loot", ["Extract secrets/creds and hand them to the chainer for reuse — do not exfiltrate beyond proof"])],
"Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets",
"Source/secret disclosure → credential reuse / RCE"),
A("misconfig_debug_endpoints", "Debug / Management Endpoints Exposed", "exposed debug and management endpoints",
"CWE-489", "High",
[("Probe", ["Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, "
"`/metrics`, `/__debug__/`, `/console`, framework debug panels"]),
("Assess", ["Harvest env vars/secrets, internal routes, heap/thread dumps, config"]),
("Confirm", ["Show sensitive runtime data or an actionable management action reachable unauthenticated"])],
"Disable debug/management in prod; authenticate & network-restrict them", "Info disclosure → RCE/takeover"),
A("misconfig_default_creds", "Default / Weak Credentials on Panels", "default or weak credentials on exposed panels",
"CWE-1392", "High",
[("Locate", ["Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)"]),
("Test (in scope)", ["Try vendor defaults & the supplied test creds; respect lockout/ROE — no out-of-scope brute force"]),
("Confirm", ["Show authenticated access with a benign read"])],
"Remove defaults; enforce strong creds + MFA; restrict panel exposure", "Full component/app compromise"),
A("misconfig_dir_listing", "Directory Listing Enabled", "directory listing / index-of exposure",
"CWE-548", "Medium",
[("Probe", ["Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`"]),
("Confirm", ["Show a listing revealing sensitive files; fetch one to prove readability"])],
"Disable autoindex (Options -Indexes / autoindex off); restrict access", "Information disclosure"),
A("misconfig_exposed_dashboards", "Exposed Ops Dashboards", "unauthenticated ops dashboards & consoles",
"CWE-1188", "High",
[("Discover", ["Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, "
"Prometheus, Consul, Swagger UI, GraphQL playground"]),
("Assess", ["Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)"]),
("Confirm", ["Demonstrate a read proving exposure (→ often data leak or RCE)"])],
"Authenticate & network-restrict all ops UIs; least privilege", "Data leak / RCE / takeover"),
A("misconfig_permissive_cors", "Permissive CORS Misconfiguration", "insecure CORS allowing cross-origin credentialed reads",
"CWE-942", "High",
[("Test reflection", ["Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` "
"and `Access-Control-Allow-Credentials`"]),
("Classify", ["Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low"]),
("Confirm", ["On authenticated endpoints, show a cross-origin credentialed read returning the victim's data"])],
"Allowlist origins server-side; never reflect Origin with credentials", "Cross-origin data theft"),
A("misconfig_verbose_errors", "Verbose Errors / Stack Traces", "verbose error handling leaking internals",
"CWE-209", "Low",
[("Trigger", ["Send malformed input / bad methods / type confusion to force errors"]),
("Assess", ["Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors"]),
("Confirm", ["Show a response leaking internal implementation detail"])],
"Generic error pages in prod; log details server-side only", "Info disclosure aiding targeted attacks"),
# ---------- CVE hunting ----------
A("cve_hunter", "CVE Hunter", "known CVEs affecting the detected components",
"CWE-1395", "Critical",
[("Fingerprint", ["From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)"]),
("Correlate", ["Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED "
"templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` "
"and the NVD; note CVE id + CVSS"]),
("Reproduce safely", ["Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; "
"if a working public PoC exists you MAY clone it (git clone) and adapt — never a destructive payload"]),
("Confirm", ["Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'"])],
"Patch/upgrade affected components; apply vendor advisories", "Depends on CVE — up to full compromise"),
# ---------- PoC development ----------
A("poc_developer", "Exploit PoC Developer", "issues that require a custom multi-step exploit or script to prove",
"CWE-1395", "High",
[("Decide", ["When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, "
"or a public CVE PoC is needed), develop a proof-of-concept script"]),
("Build", ["Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment "
"(target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists — review it first"]),
("Run & confirm", ["Execute the PoC against the authorized target with benign/non-destructive payloads; capture output"]),
("Report", ["Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)"])],
"N/A (methodology agent) — remediation follows the underlying issue", "Reproducible proof of the underlying vulnerability"),
# ---------- rate limiting / anti-automation ----------
A("rate_limit_abuse", "Rate Limiting & Anti-Automation", "missing rate limiting / anti-automation on sensitive flows",
"CWE-307", "Medium",
[("Target the right endpoints", ["Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any "
"expensive or messaging endpoint"]),
("Controlled burst", ["Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, "
"Retry-After, progressive delay, or captcha — keep it non-disruptive (a control check, not DoS)"]),
("Check headers", ["Inspect for `RateLimit-*` / `Retry-After`; note their absence"]),
("Confirm", ["Report absence of throttling with the observed status distribution; chain with user-enumeration "
"for password-spraying feasibility (do not actually brute-force out of scope)"])],
"Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA",
"Brute force / credential stuffing / password spraying / resource abuse"),
]
def main():
os.makedirs(OUT, exist_ok=True)
for a in AGENTS:
open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a))
print(f"wrote {len(AGENTS)} exploit/misconfig/CVE/poc/rate-limit agents to {OUT}")
if __name__ == "__main__":
main()