mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-02 17:45:46 +02:00
misconfig/CVE/PoC/rate-limit agents, data-safety guardrail, Burp proxy, PoC dir
Agents (+10 → library 375): absurd-misconfig hunters (exposed .git/.env/backups, debug/actuator, default creds, dir listing, ops dashboards, permissive CORS, verbose errors), a CVE Hunter (fingerprint → correlate → safe PoC), a PoC Developer (writes runnable scripts to the run's pocs/), and a Rate-Limit tester. Doctrine (pipeline): - SAFETY_DOCTRINE injected into every exploit/chain/host prompt: no modify/delete/ exfiltrate/state-change without permission; on PII prove with a masked sample + count, never dump. - tool_doctrine adds: smart targeted nuclei (fingerprint-first, -tags/-id, rate/ timeouts), misconfig hunting, rate-limit control checks, authorized tool download (git clone PoC repos / fetch scanners), Burp/ZAP proxy routing, and a per-run PoC workspace. Harness/CLI/REPL: - RunConfig.proxy; spawn_engagement creates <workdir>/pocs and exports NEUROSPLOIT_POCS + NEUROSPLOIT_PROXY (proxy from cfg or the env var). - REPL /proxy <url> and /burp (Session.proxy); /show shows proxy. Docs: README highlights + Cloud/counts (375), RELEASE v3.5.5 sections.
This commit is contained in:
@@ -11,7 +11,7 @@
|
||||
<img src="https://img.shields.io/badge/Version-3.5.5-blue?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Harness-Rust%20%7C%20tokio-e6b673?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/License-MIT-green?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/MD%20Agents-365-red?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/MD%20Agents-375-red?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Models-14%20providers-success?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Modes-Black%20%7C%20White%20%7C%20Grey%20%7C%20Host-9cf?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Auth-API%20key%20%7C%20Subscription-orange?style=flat-square">
|
||||
@@ -25,7 +25,7 @@
|
||||
> 📖 **New here? Read the [full Tutorial & User Guide →](TUTORIAL.md)** — every mode, flag, config and example explained.
|
||||
|
||||
> 🆕 **New in v3.5.5 — Cloud testing + REPL navigation + deeper recon:**
|
||||
> **AWS/GCP/Azure** agents (+17 → **365** total) with credentials wired through
|
||||
> **AWS/GCP/Azure** agents (+17 → **375** total) with credentials wired through
|
||||
> `creds.yaml`; a more navigable **REPL** — **`/timeout`** idle guardrail,
|
||||
> **multi-target** `/target a,b,c` (sequential), an interactive **`/results`**
|
||||
> browser (target → vuln → detail, Esc to go back) and **`/report`** picker; and
|
||||
@@ -44,7 +44,7 @@ LLMs** — via **API key** or local **subscription** (Claude Code / Codex / Gemi
|
||||
Grok) — recons the target, **intelligently selects only the agents that match the
|
||||
discovered surface**, runs them in parallel, **chains** findings into deeper
|
||||
impact, and **validates every claim by cross-model voting + tool-receipt
|
||||
grounding** before reporting. It ships **365 markdown agents** and a **Mission
|
||||
grounding** before reporting. It ships **375 markdown agents** and a **Mission
|
||||
Control TUI**.
|
||||
|
||||
### Engagement modes
|
||||
@@ -75,6 +75,14 @@ Control TUI**.
|
||||
(`aws`/`gcloud`/`az`). Connect via `creds.yaml`: AWS keys, a Google
|
||||
service-account JSON, or an Azure service principal — see
|
||||
[Cloud credentials](#cloud-credentials-awsgcpazure).
|
||||
- 🧰 **Misconfig & CVE hunting, safely** — dedicated agents for absurd
|
||||
misconfigs (exposed `.git`/`.env`, debug/actuator, default creds, dashboards,
|
||||
CORS), a **CVE Hunter** (smart, targeted `nuclei`), a **PoC Developer** (writes
|
||||
reproducible scripts to the run's `pocs/`), and **rate-limit** testing — all
|
||||
under a strict **data-safety/PII guardrail** (no destructive or state-changing
|
||||
actions; PII proven with a masked sample, never dumped).
|
||||
- 🕵️ **Burp/ZAP proxy** — `/proxy <url>` (or `/burp`) routes agent traffic
|
||||
through your local intercepting proxy so you can inspect & replay in Burp.
|
||||
- 🗺️ **Attack graph & kill chain** — findings mapped to OWASP / CWE / MITRE
|
||||
ATT&CK / stage; rendered as a Mermaid graph in the report.
|
||||
- ✅ **Cross-model validation** — a different model adjudicates each finding;
|
||||
|
||||
+30
-5
@@ -10,14 +10,16 @@
|
||||
## TL;DR
|
||||
|
||||
v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class
|
||||
credential connection and **17 new cloud agents**, a much more capable and
|
||||
navigable **REPL** (idle guardrail, multi-target, results browser), **deeper
|
||||
recon** (downloads & analyzes JS, request/response differentials), and a fix for
|
||||
garbled interactive line-editing.
|
||||
credential connection, **27 new agents** (17 cloud + 10 misconfig/CVE/PoC/rate-
|
||||
limit → library **375**), a much more capable and navigable **REPL** (idle
|
||||
guardrail, multi-target, results browser), **deeper recon** (downloads & analyzes
|
||||
JS, request/response differentials, smart nuclei), **Burp/ZAP proxy** support, a
|
||||
**PoC** workspace, a strict **data-safety/PII guardrail**, and a fix for garbled
|
||||
interactive line-editing.
|
||||
|
||||
## Cloud testing
|
||||
|
||||
- **+17 cloud agents (library now 365).** AWS, GCP and Azure specialists in
|
||||
- **+17 cloud agents.** AWS, GCP and Azure specialists in
|
||||
`agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure
|
||||
(S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager /
|
||||
Secret Manager / Key Vault), service-account & service-principal abuse, and
|
||||
@@ -67,6 +69,29 @@ garbled interactive line-editing.
|
||||
all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and
|
||||
valid-vs-invalid comparisons) — applied to both recon and exploitation.
|
||||
|
||||
## Exploitation depth, safety & Burp
|
||||
|
||||
- **+10 exploitation agents.** Absurd-misconfig hunters (exposed `.git`/`.env`/
|
||||
backups, debug/actuator endpoints, default creds, directory listing, exposed
|
||||
ops dashboards, permissive CORS, verbose errors), a **CVE Hunter** (fingerprint
|
||||
→ correlate → safe PoC), a **PoC Developer** (writes runnable exploit scripts),
|
||||
and a **Rate-Limit / Anti-Automation** tester.
|
||||
- **Data-safety / PII guardrail** injected into every exploit/chain/host prompt:
|
||||
no modifying, deleting, exfiltrating data or changing state without explicit
|
||||
permission; on PII, prove with a single **masked** sample + a count — never
|
||||
dump. When unsure an action is safe, don't do it.
|
||||
- **Smart nuclei in recon** — fingerprint first, then run nuclei on **targeted**
|
||||
templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan).
|
||||
- **Burp/ZAP proxy** — `/proxy <url>` (or `/burp`, default `:8080`) in the REPL,
|
||||
or the `NEUROSPLOIT_PROXY` env var. Agents route curl through it (`--proxy … -k`)
|
||||
so you can inspect/replay traffic in Burp Suite while the test runs.
|
||||
- **PoC workspace** — each run gets a `pocs/` directory (`$NEUROSPLOIT_POCS`);
|
||||
agents save custom, reproducible exploit scripts there and cite them as evidence.
|
||||
- **Tool download** (authorized) — agents may `git clone` a specific public PoC/
|
||||
exploit repo or download a scanner when needed (reputable/pinned, reviewed).
|
||||
- **Rate-limit testing** is a first-class control check (small non-disruptive
|
||||
burst → look for 429/lockout/Retry-After), never a DoS.
|
||||
|
||||
## Notes
|
||||
|
||||
- Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
|
||||
|
||||
+3
-3
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
|
||||
|
||||
1. **Recons** the target with real tools (curl/nmap/…).
|
||||
2. **Intelligently selects** only the agents whose preconditions match the recon
|
||||
(it does *not* blindly run all 365).
|
||||
(it does *not* blindly run all 375).
|
||||
3. **Exploits** in parallel — each agent works in a ReAct loop and must prove its
|
||||
claim with a **tool receipt** (raw output).
|
||||
4. **Validates** every candidate by **cross-model voting** (a different model
|
||||
@@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
|
||||
|
||||
```bash
|
||||
neurosploit --version # neurosploit 3.5.5
|
||||
neurosploit agents # {"vulns":196,...,"chains":12,"total":365}
|
||||
neurosploit agents # {"vulns":196,...,"chains":12,"total":375}
|
||||
neurosploit models # all providers & models
|
||||
```
|
||||
|
||||
@@ -468,7 +468,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
|
||||
|
||||
## 13. The agent library
|
||||
|
||||
`agents_md/` holds **365** markdown agents in categories:
|
||||
`agents_md/` holds **375** markdown agents in categories:
|
||||
|
||||
| Category | Dir | Count | Purpose |
|
||||
|----------|-----|-------|---------|
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
# CVE Hunter Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for known CVEs affecting the detected components.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Fingerprint
|
||||
- From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)
|
||||
|
||||
### 2. Correlate
|
||||
- Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` and the NVD; note CVE id + CVSS
|
||||
|
||||
### 3. Reproduce safely
|
||||
- Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; if a working public PoC exists you MAY clone it (git clone) and adapt — never a destructive payload
|
||||
|
||||
### 4. Confirm
|
||||
- Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'
|
||||
|
||||
### 5. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: CVE Hunter at [endpoint]
|
||||
- Severity: Critical
|
||||
- CWE: CWE-1395
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Depends on CVE — up to full compromise
|
||||
- Remediation: Patch/upgrade affected components; apply vendor advisories
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in known CVEs affecting the detected components. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Debug / Management Endpoints Exposed Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for exposed debug and management endpoints.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Probe
|
||||
- Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, `/metrics`, `/__debug__/`, `/console`, framework debug panels
|
||||
|
||||
### 2. Assess
|
||||
- Harvest env vars/secrets, internal routes, heap/thread dumps, config
|
||||
|
||||
### 3. Confirm
|
||||
- Show sensitive runtime data or an actionable management action reachable unauthenticated
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Debug / Management Endpoints Exposed at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-489
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Info disclosure → RCE/takeover
|
||||
- Remediation: Disable debug/management in prod; authenticate & network-restrict them
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in exposed debug and management endpoints. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Default / Weak Credentials on Panels Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for default or weak credentials on exposed panels.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Locate
|
||||
- Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)
|
||||
|
||||
### 2. Test (in scope)
|
||||
- Try vendor defaults & the supplied test creds; respect lockout/ROE — no out-of-scope brute force
|
||||
|
||||
### 3. Confirm
|
||||
- Show authenticated access with a benign read
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Default / Weak Credentials on Panels at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-1392
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Full component/app compromise
|
||||
- Remediation: Remove defaults; enforce strong creds + MFA; restrict panel exposure
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in default or weak credentials on exposed panels. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,33 @@
|
||||
# Directory Listing Enabled Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for directory listing / index-of exposure.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Probe
|
||||
- Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`
|
||||
|
||||
### 2. Confirm
|
||||
- Show a listing revealing sensitive files; fetch one to prove readability
|
||||
|
||||
### 3. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Directory Listing Enabled at [endpoint]
|
||||
- Severity: Medium
|
||||
- CWE: CWE-548
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Information disclosure
|
||||
- Remediation: Disable autoindex (Options -Indexes / autoindex off); restrict access
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in directory listing / index-of exposure. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Exposed Ops Dashboards Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for unauthenticated ops dashboards & consoles.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Discover
|
||||
- Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, Prometheus, Consul, Swagger UI, GraphQL playground
|
||||
|
||||
### 2. Assess
|
||||
- Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)
|
||||
|
||||
### 3. Confirm
|
||||
- Demonstrate a read proving exposure (→ often data leak or RCE)
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Exposed Ops Dashboards at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-1188
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Data leak / RCE / takeover
|
||||
- Remediation: Authenticate & network-restrict all ops UIs; least privilege
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in unauthenticated ops dashboards & consoles. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Exposed Sensitive Files & Backups Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for absurd misconfigurations exposing sensitive files.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Probe
|
||||
- Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, `/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`
|
||||
|
||||
### 2. Confirm
|
||||
- Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)
|
||||
|
||||
### 3. Loot
|
||||
- Extract secrets/creds and hand them to the chainer for reuse — do not exfiltrate beyond proof
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Exposed Sensitive Files & Backups at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-538
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Source/secret disclosure → credential reuse / RCE
|
||||
- Remediation: Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in absurd misconfigurations exposing sensitive files. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Permissive CORS Misconfiguration Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for insecure CORS allowing cross-origin credentialed reads.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Test reflection
|
||||
- Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` and `Access-Control-Allow-Credentials`
|
||||
|
||||
### 2. Classify
|
||||
- Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low
|
||||
|
||||
### 3. Confirm
|
||||
- On authenticated endpoints, show a cross-origin credentialed read returning the victim's data
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Permissive CORS Misconfiguration at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-942
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Cross-origin data theft
|
||||
- Remediation: Allowlist origins server-side; never reflect Origin with credentials
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in insecure CORS allowing cross-origin credentialed reads. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,36 @@
|
||||
# Verbose Errors / Stack Traces Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for verbose error handling leaking internals.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Trigger
|
||||
- Send malformed input / bad methods / type confusion to force errors
|
||||
|
||||
### 2. Assess
|
||||
- Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors
|
||||
|
||||
### 3. Confirm
|
||||
- Show a response leaking internal implementation detail
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Verbose Errors / Stack Traces at [endpoint]
|
||||
- Severity: Low
|
||||
- CWE: CWE-209
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Info disclosure aiding targeted attacks
|
||||
- Remediation: Generic error pages in prod; log details server-side only
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in verbose error handling leaking internals. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,39 @@
|
||||
# Exploit PoC Developer Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for issues that require a custom multi-step exploit or script to prove.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Decide
|
||||
- When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, or a public CVE PoC is needed), develop a proof-of-concept script
|
||||
|
||||
### 2. Build
|
||||
- Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment (target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists — review it first
|
||||
|
||||
### 3. Run & confirm
|
||||
- Execute the PoC against the authorized target with benign/non-destructive payloads; capture output
|
||||
|
||||
### 4. Report
|
||||
- Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)
|
||||
|
||||
### 5. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Exploit PoC Developer at [endpoint]
|
||||
- Severity: High
|
||||
- CWE: CWE-1395
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Reproducible proof of the underlying vulnerability
|
||||
- Remediation: N/A (methodology agent) — remediation follows the underlying issue
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in issues that require a custom multi-step exploit or script to prove. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -0,0 +1,39 @@
|
||||
# Rate Limiting & Anti-Automation Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for missing rate limiting / anti-automation on sensitive flows.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Target the right endpoints
|
||||
- Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any expensive or messaging endpoint
|
||||
|
||||
### 2. Controlled burst
|
||||
- Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, Retry-After, progressive delay, or captcha — keep it non-disruptive (a control check, not DoS)
|
||||
|
||||
### 3. Check headers
|
||||
- Inspect for `RateLimit-*` / `Retry-After`; note their absence
|
||||
|
||||
### 4. Confirm
|
||||
- Report absence of throttling with the observed status distribution; chain with user-enumeration for password-spraying feasibility (do not actually brute-force out of scope)
|
||||
|
||||
### 5. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: Rate Limiting & Anti-Automation at [endpoint]
|
||||
- Severity: Medium
|
||||
- CWE: CWE-307
|
||||
- Endpoint: [full URL/resource]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact request/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Brute force / credential stuffing / password spraying / resource abuse
|
||||
- Remediation: Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in missing rate limiting / anti-automation on sensitive flows. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
@@ -550,6 +550,19 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode:
|
||||
std::fs::create_dir_all(&workdir).ok();
|
||||
cfg.workdir = Some(workdir.display().to_string());
|
||||
cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string());
|
||||
// PoC scratch dir: agents write custom exploit scripts here (see doctrine).
|
||||
let pocs = workdir.join("pocs");
|
||||
std::fs::create_dir_all(&pocs).ok();
|
||||
std::env::set_var("NEUROSPLOIT_POCS", pocs.display().to_string());
|
||||
// Local intercepting proxy (Burp/ZAP): agents route HTTP through it. Comes
|
||||
// from cfg.proxy (REPL /proxy) or the NEUROSPLOIT_PROXY env var (CLI).
|
||||
let proxy = cfg.proxy.clone()
|
||||
.or_else(|| std::env::var("NEUROSPLOIT_PROXY").ok())
|
||||
.filter(|p| !p.trim().is_empty());
|
||||
if let Some(p) = proxy {
|
||||
std::env::set_var("NEUROSPLOIT_PROXY", &p);
|
||||
println!(" │ proxy : {p} (traffic routed to Burp/ZAP for inspection)");
|
||||
}
|
||||
write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target));
|
||||
|
||||
println!(" ┌─ NeuroSploit v3.5.5 · by Joas A Santos & Red Team Leaders");
|
||||
|
||||
@@ -119,7 +119,7 @@ struct LiveCheckpoint {
|
||||
const COMMANDS: &[&str] = &[
|
||||
"/help", "/show", "/config", "/providers", "/model", "/key", "/sub", "/target",
|
||||
"/repo", "/auth", "/creds", "/focus", "/attach", "/context", "/mcp", "/offline",
|
||||
"/votes", "/chain", "/timeout", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report",
|
||||
"/votes", "/chain", "/timeout", "/proxy", "/burp", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report",
|
||||
"/status", "/diff", "/retest", "/integrations", "/quit",
|
||||
];
|
||||
|
||||
@@ -217,6 +217,8 @@ struct Session {
|
||||
/// Idle guardrail: stop a run if no NEW finding lands in this many seconds
|
||||
/// (0 = disabled). Set in minutes via `/timeout <mins>`.
|
||||
idle_secs: u64,
|
||||
/// Local intercepting proxy (Burp/ZAP), e.g. http://127.0.0.1:8080.
|
||||
proxy: Option<String>,
|
||||
offline: bool,
|
||||
target: Option<String>,
|
||||
repo: Option<String>,
|
||||
@@ -237,6 +239,7 @@ impl Default for Session {
|
||||
max_agents: 0,
|
||||
chain_depth: 2,
|
||||
idle_secs: 300, // 5-minute idle guardrail by default
|
||||
proxy: None,
|
||||
offline: false,
|
||||
target: None,
|
||||
repo: None,
|
||||
@@ -438,6 +441,15 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> {
|
||||
else { println!(" idle guardrail: stop if no new finding in {mins} min"); }
|
||||
}
|
||||
}
|
||||
"/proxy" | "/burp" => {
|
||||
match arg {
|
||||
"" => println!(" proxy: {}", s.proxy.clone().unwrap_or_else(|| "(none) — route traffic to Burp/ZAP with /proxy <url>, e.g. /proxy http://127.0.0.1:8080".into())),
|
||||
"off" | "clear" | "none" => { s.proxy = None; println!(" proxy cleared — traffic goes direct"); }
|
||||
"on" => { s.proxy = Some("http://127.0.0.1:8080".into()); println!(" proxy: http://127.0.0.1:8080 (default Burp) — agents route curl through it"); }
|
||||
u => { let p = if u.starts_with("http") { u.to_string() } else { format!("http://{u}") };
|
||||
s.proxy = Some(p.clone()); println!(" proxy: {p} — agents route HTTP through it so you can inspect/replay in Burp"); }
|
||||
}
|
||||
}
|
||||
"/repo" => {
|
||||
if arg.is_empty() { println!(" repo: {}", s.repo.clone().unwrap_or_else(|| "(none) — set with /repo <path | github-url | owner/repo>, clear with /repo clear".into())); }
|
||||
else if arg == "clear" { s.repo = None; println!(" repo cleared"); }
|
||||
@@ -742,6 +754,7 @@ async fn run(base: &Path, s: &Session, history: &mut Vec<RunRecord>) {
|
||||
cfg.subscription = s.subscription;
|
||||
cfg.vote_n = s.vote_n;
|
||||
cfg.chain_depth = s.chain_depth;
|
||||
cfg.proxy = s.proxy.clone();
|
||||
cfg.max_agents = s.max_agents;
|
||||
cfg.verbose = true;
|
||||
cfg.offline = s.offline;
|
||||
@@ -795,6 +808,7 @@ async fn start_background(base: &Path, s: &Session, reader: &mut Reader,
|
||||
cfg.subscription = s.subscription;
|
||||
cfg.vote_n = s.vote_n;
|
||||
cfg.chain_depth = s.chain_depth;
|
||||
cfg.proxy = s.proxy.clone();
|
||||
cfg.max_agents = s.max_agents;
|
||||
cfg.verbose = true;
|
||||
cfg.offline = s.offline;
|
||||
@@ -1228,6 +1242,7 @@ fn show(s: &Session) {
|
||||
println!(" │ repo : {}", s.repo.clone().unwrap_or_else(|| "(none)".into()));
|
||||
println!(" │ auth : {}", s.auth.clone().unwrap_or_else(|| "(none)".into()));
|
||||
println!(" │ creds : {}", s.creds.clone().unwrap_or_else(|| "(none)".into()));
|
||||
println!(" │ proxy : {}", s.proxy.clone().unwrap_or_else(|| "(none — /proxy for Burp/ZAP)".into()));
|
||||
println!(" │ focus : {}", s.instructions.clone().unwrap_or_else(|| "(none — tests everything)".into()));
|
||||
println!(" │ opts : mcp={} offline={} votes={} chain-depth={} max-agents={} idle-stop={}",
|
||||
onoff(s.mcp), onoff(s.offline), s.vote_n, s.chain_depth, s.max_agents,
|
||||
@@ -1289,6 +1304,7 @@ fn help() {
|
||||
h("/mcp on|off", "Playwright MCP browser /offline on|off self-test");
|
||||
h("/votes <n>", "validator votes /chain <n> attack-chain depth");
|
||||
h("/timeout <min>", "idle guardrail: stop if no new finding in <min> (0 = off)");
|
||||
h("/proxy <url>|off", "route agent HTTP through Burp/ZAP (/burp = default :8080)");
|
||||
h("/agents <n>|list", "cap agents · list counts /theme color|mono");
|
||||
h("/show (config)", "/clear /quit");
|
||||
|
||||
|
||||
@@ -68,11 +68,61 @@ fn tool_doctrine(mcp_on: bool) -> String {
|
||||
Prefer `linkfinder`/`gau`/`katana` to harvest more URLs when present, else regex with `grep -Eo`.\n\
|
||||
- REQUEST/RESPONSE ANALYSIS: read status codes, every header, Set-Cookie flags, content-type, body length \
|
||||
and response timing; use DIFFERENTIALS (authenticated vs anonymous, valid vs invalid input, existing vs \
|
||||
missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence.\n\
|
||||
missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence. \
|
||||
Save full request/response pairs when they matter for the PoC.\n\
|
||||
- NUCLEI (fast, targeted — never a blind full scan): first fingerprint the stack, then run nuclei ONLY on \
|
||||
relevant templates, e.g. `nuclei -u <target> -tags <detected-tech,cve> -severity critical,high,medium \
|
||||
-rl 50 -timeout 8 -retries 1` (or `-t <specific-template>` for a suspected CVE). Prefer targeted \
|
||||
`-id`/`-tags` over the whole template set so it stays quick; confirm any hit manually with curl.\n\
|
||||
- MISCONFIG HUNTING: probe for absurd-but-common misconfigurations — exposed `.git`/`.env`/backup & config \
|
||||
files, directory listing, debug/actuator/trace endpoints, default & weak credentials, open admin panels, \
|
||||
permissive CORS, verbose stack traces, exposed dashboards (Kibana/Grafana/Jenkins/phpMyAdmin), and cloud \
|
||||
metadata (169.254.169.254) via SSRF.\n\
|
||||
- RATE-LIMIT / ANTI-AUTOMATION: on auth, password-reset, OTP and sensitive endpoints, send a controlled \
|
||||
burst (e.g. ~20-30 requests) and check for 429/lockout/Retry-After/backoff; report absence as a finding. \
|
||||
Keep bursts small and non-disruptive — this is a control check, not a DoS.\n\
|
||||
- TOOL DOWNLOAD (authorized): when a public PoC or scanner is needed you MAY `git clone` a specific PoC/exploit \
|
||||
repo or download a tool (`git clone`, `wget`, `pip install`, `go install`, `cargo install`) — use pinned, \
|
||||
reputable sources; review before running; never run destructive payloads.\n\
|
||||
- {browser}\n\
|
||||
Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n"
|
||||
- {proxy}{pocs}\
|
||||
Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n",
|
||||
proxy = proxy_line(),
|
||||
pocs = pocs_line(),
|
||||
)
|
||||
}
|
||||
|
||||
/// If a local proxy is configured (Burp/ZAP), tell agents to route HTTP through
|
||||
/// it so the operator can inspect/replay traffic in Burp Suite.
|
||||
fn proxy_line() -> String {
|
||||
match std::env::var("NEUROSPLOIT_PROXY").ok().filter(|v| !v.trim().is_empty()) {
|
||||
Some(p) => format!(
|
||||
"PROXY: route ALL HTTP through the local intercepting proxy at {p} (Burp/ZAP) so the operator can \
|
||||
inspect & replay in Burp — add `--proxy {p} -k` to every curl (and set http(s)_proxy for other tools). \
|
||||
Send anything noteworthy through it for manual review.\n "),
|
||||
None => String::new(),
|
||||
}
|
||||
}
|
||||
|
||||
/// If a PoC directory is set, tell agents to save custom exploit scripts there.
|
||||
fn pocs_line() -> String {
|
||||
match std::env::var("NEUROSPLOIT_POCS").ok().filter(|v| !v.trim().is_empty()) {
|
||||
Some(d) => format!(
|
||||
"POCS: when an issue needs a custom multi-step exploit/script to prove it, WRITE a runnable PoC \
|
||||
(curl/python/bash) to {d}/ with a short header comment (target, what it proves, usage), run it to \
|
||||
confirm, and reference the file path in the finding evidence.\n "),
|
||||
None => String::new(),
|
||||
}
|
||||
}
|
||||
|
||||
/// Data-safety guardrail prepended to every exploit/chain prompt.
|
||||
const SAFETY_DOCTRINE: &str = "DATA SAFETY (strict): prove impact WITHOUT harming data. Do NOT modify, delete, \
|
||||
overwrite, encrypt or exfiltrate data, create/alter/escalate accounts, or change configuration/state — unless the \
|
||||
operator has explicitly authorized that specific action. Read-only, minimal proof. If you encounter PII (names, \
|
||||
emails, CPF/SSN, phones, cards, tokens): confirm access with the SMALLEST possible sample and REDACT it in the \
|
||||
report (e.g. show 1 masked record + a count) — never dump, store, or transmit the dataset. Prefer benign markers \
|
||||
and OOB/echo checks over any state-changing payload. When unsure whether an action is safe, don't do it — report \
|
||||
it as reachable and stop.\n\n";
|
||||
const VOTE_SYS: &str = "You are an adversarial security validator. Decide if the candidate finding is a REAL, reproducible, exploitable vulnerability whose EVIDENCE actually proves impact. Reject common false positives: input merely reflected but not executed; version/banner guesses with no working PoC; self-XSS; theoretical issues; an error message or stack trace mistaken for injection; missing, generic, or non-reproducible evidence; severity inflated beyond what the evidence demonstrates. Confirm only if the provided evidence (request/response) concretely proves the vulnerability. Reply with JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}. Default to rejected when uncertain.";
|
||||
/// Adversarial second pass for High/Critical findings: assume false positive
|
||||
/// until the evidence forces otherwise. A finding that can't withstand the
|
||||
@@ -195,13 +245,13 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender<Str
|
||||
let user = format!(
|
||||
"AUTHORIZED engagement — you have explicit permission to test {target}. \
|
||||
Do not ask for confirmation — proceed and PROVE each issue.\n\n\
|
||||
{directives}{react}{depth}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
|
||||
{directives}{react}{depth}{safety}{doctrine}{body}\n\nWhen done, reply with ONLY a JSON array of confirmed findings (may be empty []). \
|
||||
Each item: {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}. \
|
||||
`evidence` must contain the concrete proof (request/response excerpt).",
|
||||
target = target,
|
||||
directives = directives,
|
||||
react = REACT_DOCTRINE,
|
||||
depth = DEPTH_DOCTRINE,
|
||||
depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE,
|
||||
doctrine = tool_doctrine(mcp_on),
|
||||
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
|
||||
);
|
||||
@@ -413,11 +463,11 @@ pub async fn run_greybox(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Se
|
||||
}
|
||||
let user = format!(
|
||||
"AUTHORIZED greybox engagement on {target} — you also have the source review below. \
|
||||
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{doctrine}{body}\n\n\
|
||||
Proceed and PROVE each issue against the LIVE app.\n\n{directives}{leads}{react}{depth}{safety}{doctrine}{body}\n\n\
|
||||
Reply ONLY a JSON array of confirmed findings (may be []): \
|
||||
{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
|
||||
target = target, directives = directives, leads = leads,
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, doctrine = tool_doctrine(mcp_on),
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(mcp_on),
|
||||
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
|
||||
);
|
||||
match pool.complete_routed(Task::Exploit, &ag.name, &ag.system, &user).await {
|
||||
@@ -561,13 +611,13 @@ async fn chain_from_seed(pool: &ModelPool, target: &str, directives: &str, recon
|
||||
};
|
||||
let short: String = seed.title.chars().take(28).collect();
|
||||
let user = format!(
|
||||
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{doctrine}\
|
||||
"AUTHORIZED engagement on {target}.\n\n{directives}{react}{depth}{safety}{doctrine}\
|
||||
FOOTHOLD TO EXPAND (round {round}/{max}):\n- [{}] {} @ {} ({})\n payload: {}\n evidence: {}\n\n\
|
||||
LOOT GATHERED (reuse it):\n{loot_block}\n\n{recipe_block}RECON:\n{recon_ctx}\n\n\
|
||||
From THIS foothold, DECIDE the best directions and PROVE new impact — post-exploitation (loot creds/keys/config/source), credential reuse, privilege escalation (horizontal & vertical), lateral movement to adjacent services/hosts, data exfiltration, and NEW attack surface it exposes. Every claim needs a real tool receipt.\n\n\
|
||||
Reply ONLY JSON: {{\"findings\":[{{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}],\"loot\":[\"cred:user:pass@host\",\"token:...\",\"host:10.0.0.5\",\"endpoint:/internal/api\"]}} (empty arrays are fine).",
|
||||
seed.severity, seed.title, seed.endpoint, seed.cwe, seed.payload, seed.evidence,
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
|
||||
react = REACT_DOCTRINE, depth = DEPTH_DOCTRINE, safety = SAFETY_DOCTRINE, doctrine = tool_doctrine(pool.mcp_config.is_some()),
|
||||
);
|
||||
let label = format!("chain:{short}");
|
||||
match pool.complete_routed(Task::Exploit, &label, CHAIN_SYS, &user).await {
|
||||
@@ -1124,8 +1174,8 @@ pub async fn run_host(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sende
|
||||
let _ = txc.send(format!(" ▶ launching agent: {} ({})", ag.name, ag.title.replace(" Agent", ""))).await;
|
||||
}
|
||||
let user = format!(
|
||||
"AUTHORIZED host engagement on {target}. Proceed and PROVE each issue with raw tool output.\n\n{directives}{tooling}{react}{body}\n\nReply ONLY a JSON array of confirmed findings (may be []): {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
|
||||
target = target, directives = directives, tooling = HOST_TOOLING, react = REACT_DOCTRINE,
|
||||
"AUTHORIZED host engagement on {target}. Proceed and PROVE each issue with raw tool output.\n\n{directives}{tooling}{react}{safety}{body}\n\nReply ONLY a JSON array of confirmed findings (may be []): {{id,title,severity,cwe,endpoint,payload,evidence,impact,remediation,confidence}}.",
|
||||
target = target, directives = directives, tooling = HOST_TOOLING, react = REACT_DOCTRINE, safety = SAFETY_DOCTRINE,
|
||||
body = ag.user.replace("{target}", &target).replace("{recon_json}", &recon),
|
||||
);
|
||||
match pool.complete_routed(Task::Exploit, &ag.name, &ag.system, &user).await {
|
||||
|
||||
@@ -128,6 +128,11 @@ pub struct RunConfig {
|
||||
/// newest footholds in new directions, carrying discovered loot forward.
|
||||
#[serde(default = "default_chain_depth")]
|
||||
pub chain_depth: usize,
|
||||
/// Optional local intercepting proxy (Burp/ZAP), e.g. http://127.0.0.1:8080.
|
||||
/// When set, agents route HTTP through it so the operator can inspect/replay
|
||||
/// traffic in Burp Suite.
|
||||
#[serde(default)]
|
||||
pub proxy: Option<String>,
|
||||
}
|
||||
|
||||
fn default_vote() -> usize {
|
||||
@@ -159,6 +164,7 @@ impl RunConfig {
|
||||
repo: None,
|
||||
pinned: Vec::new(),
|
||||
chain_depth: 2,
|
||||
proxy: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,136 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
NeuroSploit v3.5.5 — misconfiguration, CVE-hunting, PoC-development & rate-limit
|
||||
exploitation agents. Written to agents_md/vulns/. Read-only-first, non-destructive,
|
||||
authorized only; PII must be handled per the data-safety guardrail.
|
||||
Credits: Joas A Santos & Red Team Leaders.
|
||||
"""
|
||||
import os
|
||||
|
||||
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
OUT = os.path.join(ROOT, "agents_md", "vulns")
|
||||
|
||||
|
||||
def render(a):
|
||||
L = [f"# {a['title']} Agent\n", "## User Prompt",
|
||||
f"You are testing **{{target}}** for {a['for']}.\n",
|
||||
"**Recon Context:**\n{recon_json}\n", "**METHODOLOGY:**\n"]
|
||||
for i, (s, bs) in enumerate(a["steps"], 1):
|
||||
L.append(f"### {i}. {s}")
|
||||
L += [f"- {b}" for b in bs]
|
||||
L.append("")
|
||||
n = len(a["steps"]) + 1
|
||||
L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:",
|
||||
f"- Title: {a['title']} at [endpoint]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}",
|
||||
"- Endpoint: [full URL/resource]", "- Vector: [what/where]", "- Payload: [exact request/command]",
|
||||
"- Evidence: [raw tool output proving it]", f"- Impact: {a['impact']}",
|
||||
f"- Remediation: {a['fix']}", "```\n", "## System Prompt", a["system"]]
|
||||
return "\n".join(L) + "\n"
|
||||
|
||||
|
||||
def A(name, title, vc, cwe, sev, steps, fix, impact):
|
||||
return {"name": name, "title": title, "for": vc, "sev": sev, "cwe": cwe, "impact": impact,
|
||||
"fix": fix, "steps": steps,
|
||||
"system": (f"You are a specialist in {vc}. AUTHORIZED engagement. Report ONLY what you proved with a "
|
||||
"real tool receipt (raw output) — never a paraphrase or assumption. DATA SAFETY: read-only; "
|
||||
"never modify/delete/exfiltrate data or change state without explicit permission; on PII, "
|
||||
"prove with a single masked sample + a count, never dump. No destructive/DoS actions. "
|
||||
"Credits: Joas A Santos and Red Team Leaders.")}
|
||||
|
||||
|
||||
AGENTS = [
|
||||
# ---------- absurd misconfigurations ----------
|
||||
A("misconfig_exposed_files", "Exposed Sensitive Files & Backups", "absurd misconfigurations exposing sensitive files",
|
||||
"CWE-538", "High",
|
||||
[("Probe", ["Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, "
|
||||
"`/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`"]),
|
||||
("Confirm", ["Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)"]),
|
||||
("Loot", ["Extract secrets/creds and hand them to the chainer for reuse — do not exfiltrate beyond proof"])],
|
||||
"Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets",
|
||||
"Source/secret disclosure → credential reuse / RCE"),
|
||||
A("misconfig_debug_endpoints", "Debug / Management Endpoints Exposed", "exposed debug and management endpoints",
|
||||
"CWE-489", "High",
|
||||
[("Probe", ["Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, "
|
||||
"`/metrics`, `/__debug__/`, `/console`, framework debug panels"]),
|
||||
("Assess", ["Harvest env vars/secrets, internal routes, heap/thread dumps, config"]),
|
||||
("Confirm", ["Show sensitive runtime data or an actionable management action reachable unauthenticated"])],
|
||||
"Disable debug/management in prod; authenticate & network-restrict them", "Info disclosure → RCE/takeover"),
|
||||
A("misconfig_default_creds", "Default / Weak Credentials on Panels", "default or weak credentials on exposed panels",
|
||||
"CWE-1392", "High",
|
||||
[("Locate", ["Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)"]),
|
||||
("Test (in scope)", ["Try vendor defaults & the supplied test creds; respect lockout/ROE — no out-of-scope brute force"]),
|
||||
("Confirm", ["Show authenticated access with a benign read"])],
|
||||
"Remove defaults; enforce strong creds + MFA; restrict panel exposure", "Full component/app compromise"),
|
||||
A("misconfig_dir_listing", "Directory Listing Enabled", "directory listing / index-of exposure",
|
||||
"CWE-548", "Medium",
|
||||
[("Probe", ["Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`"]),
|
||||
("Confirm", ["Show a listing revealing sensitive files; fetch one to prove readability"])],
|
||||
"Disable autoindex (Options -Indexes / autoindex off); restrict access", "Information disclosure"),
|
||||
A("misconfig_exposed_dashboards", "Exposed Ops Dashboards", "unauthenticated ops dashboards & consoles",
|
||||
"CWE-1188", "High",
|
||||
[("Discover", ["Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, "
|
||||
"Prometheus, Consul, Swagger UI, GraphQL playground"]),
|
||||
("Assess", ["Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)"]),
|
||||
("Confirm", ["Demonstrate a read proving exposure (→ often data leak or RCE)"])],
|
||||
"Authenticate & network-restrict all ops UIs; least privilege", "Data leak / RCE / takeover"),
|
||||
A("misconfig_permissive_cors", "Permissive CORS Misconfiguration", "insecure CORS allowing cross-origin credentialed reads",
|
||||
"CWE-942", "High",
|
||||
[("Test reflection", ["Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` "
|
||||
"and `Access-Control-Allow-Credentials`"]),
|
||||
("Classify", ["Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low"]),
|
||||
("Confirm", ["On authenticated endpoints, show a cross-origin credentialed read returning the victim's data"])],
|
||||
"Allowlist origins server-side; never reflect Origin with credentials", "Cross-origin data theft"),
|
||||
A("misconfig_verbose_errors", "Verbose Errors / Stack Traces", "verbose error handling leaking internals",
|
||||
"CWE-209", "Low",
|
||||
[("Trigger", ["Send malformed input / bad methods / type confusion to force errors"]),
|
||||
("Assess", ["Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors"]),
|
||||
("Confirm", ["Show a response leaking internal implementation detail"])],
|
||||
"Generic error pages in prod; log details server-side only", "Info disclosure aiding targeted attacks"),
|
||||
|
||||
# ---------- CVE hunting ----------
|
||||
A("cve_hunter", "CVE Hunter", "known CVEs affecting the detected components",
|
||||
"CWE-1395", "Critical",
|
||||
[("Fingerprint", ["From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)"]),
|
||||
("Correlate", ["Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED "
|
||||
"templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` "
|
||||
"and the NVD; note CVE id + CVSS"]),
|
||||
("Reproduce safely", ["Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; "
|
||||
"if a working public PoC exists you MAY clone it (git clone) and adapt — never a destructive payload"]),
|
||||
("Confirm", ["Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'"])],
|
||||
"Patch/upgrade affected components; apply vendor advisories", "Depends on CVE — up to full compromise"),
|
||||
|
||||
# ---------- PoC development ----------
|
||||
A("poc_developer", "Exploit PoC Developer", "issues that require a custom multi-step exploit or script to prove",
|
||||
"CWE-1395", "High",
|
||||
[("Decide", ["When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, "
|
||||
"or a public CVE PoC is needed), develop a proof-of-concept script"]),
|
||||
("Build", ["Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment "
|
||||
"(target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists — review it first"]),
|
||||
("Run & confirm", ["Execute the PoC against the authorized target with benign/non-destructive payloads; capture output"]),
|
||||
("Report", ["Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)"])],
|
||||
"N/A (methodology agent) — remediation follows the underlying issue", "Reproducible proof of the underlying vulnerability"),
|
||||
|
||||
# ---------- rate limiting / anti-automation ----------
|
||||
A("rate_limit_abuse", "Rate Limiting & Anti-Automation", "missing rate limiting / anti-automation on sensitive flows",
|
||||
"CWE-307", "Medium",
|
||||
[("Target the right endpoints", ["Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any "
|
||||
"expensive or messaging endpoint"]),
|
||||
("Controlled burst", ["Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, "
|
||||
"Retry-After, progressive delay, or captcha — keep it non-disruptive (a control check, not DoS)"]),
|
||||
("Check headers", ["Inspect for `RateLimit-*` / `Retry-After`; note their absence"]),
|
||||
("Confirm", ["Report absence of throttling with the observed status distribution; chain with user-enumeration "
|
||||
"for password-spraying feasibility (do not actually brute-force out of scope)"])],
|
||||
"Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA",
|
||||
"Brute force / credential stuffing / password spraying / resource abuse"),
|
||||
]
|
||||
|
||||
|
||||
def main():
|
||||
os.makedirs(OUT, exist_ok=True)
|
||||
for a in AGENTS:
|
||||
open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a))
|
||||
print(f"wrote {len(AGENTS)} exploit/misconfig/CVE/poc/rate-limit agents to {OUT}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user