diff --git a/README.md b/README.md
index 1e0652c..34ba0aa 100755
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
-
+
@@ -25,7 +25,7 @@
> π **New here? Read the [full Tutorial & User Guide β](TUTORIAL.md)** β every mode, flag, config and example explained.
> π **New in v3.5.5 β Cloud testing + REPL navigation + deeper recon:**
-> **AWS/GCP/Azure** agents (+17 β **365** total) with credentials wired through
+> **AWS/GCP/Azure** agents (+17 β **375** total) with credentials wired through
> `creds.yaml`; a more navigable **REPL** β **`/timeout`** idle guardrail,
> **multi-target** `/target a,b,c` (sequential), an interactive **`/results`**
> browser (target β vuln β detail, Esc to go back) and **`/report`** picker; and
@@ -44,7 +44,7 @@ LLMs** β via **API key** or local **subscription** (Claude Code / Codex / Gemi
Grok) β recons the target, **intelligently selects only the agents that match the
discovered surface**, runs them in parallel, **chains** findings into deeper
impact, and **validates every claim by cross-model voting + tool-receipt
-grounding** before reporting. It ships **365 markdown agents** and a **Mission
+grounding** before reporting. It ships **375 markdown agents** and a **Mission
Control TUI**.
### Engagement modes
@@ -75,6 +75,14 @@ Control TUI**.
(`aws`/`gcloud`/`az`). Connect via `creds.yaml`: AWS keys, a Google
service-account JSON, or an Azure service principal β see
[Cloud credentials](#cloud-credentials-awsgcpazure).
+- π§° **Misconfig & CVE hunting, safely** β dedicated agents for absurd
+ misconfigs (exposed `.git`/`.env`, debug/actuator, default creds, dashboards,
+ CORS), a **CVE Hunter** (smart, targeted `nuclei`), a **PoC Developer** (writes
+ reproducible scripts to the run's `pocs/`), and **rate-limit** testing β all
+ under a strict **data-safety/PII guardrail** (no destructive or state-changing
+ actions; PII proven with a masked sample, never dumped).
+- π΅οΈ **Burp/ZAP proxy** β `/proxy ` (or `/burp`) routes agent traffic
+ through your local intercepting proxy so you can inspect & replay in Burp.
- πΊοΈ **Attack graph & kill chain** β findings mapped to OWASP / CWE / MITRE
ATT&CK / stage; rendered as a Mermaid graph in the report.
- β
**Cross-model validation** β a different model adjudicates each finding;
diff --git a/RELEASE.md b/RELEASE.md
index 624e7bc..ffa5bcd 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -10,14 +10,16 @@
## TL;DR
v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class
-credential connection and **17 new cloud agents**, a much more capable and
-navigable **REPL** (idle guardrail, multi-target, results browser), **deeper
-recon** (downloads & analyzes JS, request/response differentials), and a fix for
-garbled interactive line-editing.
+credential connection, **27 new agents** (17 cloud + 10 misconfig/CVE/PoC/rate-
+limit β library **375**), a much more capable and navigable **REPL** (idle
+guardrail, multi-target, results browser), **deeper recon** (downloads & analyzes
+JS, request/response differentials, smart nuclei), **Burp/ZAP proxy** support, a
+**PoC** workspace, a strict **data-safety/PII guardrail**, and a fix for garbled
+interactive line-editing.
## Cloud testing
-- **+17 cloud agents (library now 365).** AWS, GCP and Azure specialists in
+- **+17 cloud agents.** AWS, GCP and Azure specialists in
`agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure
(S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager /
Secret Manager / Key Vault), service-account & service-principal abuse, and
@@ -67,6 +69,29 @@ garbled interactive line-editing.
all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and
valid-vs-invalid comparisons) β applied to both recon and exploitation.
+## Exploitation depth, safety & Burp
+
+- **+10 exploitation agents.** Absurd-misconfig hunters (exposed `.git`/`.env`/
+ backups, debug/actuator endpoints, default creds, directory listing, exposed
+ ops dashboards, permissive CORS, verbose errors), a **CVE Hunter** (fingerprint
+ β correlate β safe PoC), a **PoC Developer** (writes runnable exploit scripts),
+ and a **Rate-Limit / Anti-Automation** tester.
+- **Data-safety / PII guardrail** injected into every exploit/chain/host prompt:
+ no modifying, deleting, exfiltrating data or changing state without explicit
+ permission; on PII, prove with a single **masked** sample + a count β never
+ dump. When unsure an action is safe, don't do it.
+- **Smart nuclei in recon** β fingerprint first, then run nuclei on **targeted**
+ templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan).
+- **Burp/ZAP proxy** β `/proxy ` (or `/burp`, default `:8080`) in the REPL,
+ or the `NEUROSPLOIT_PROXY` env var. Agents route curl through it (`--proxy β¦ -k`)
+ so you can inspect/replay traffic in Burp Suite while the test runs.
+- **PoC workspace** β each run gets a `pocs/` directory (`$NEUROSPLOIT_POCS`);
+ agents save custom, reproducible exploit scripts there and cite them as evidence.
+- **Tool download** (authorized) β agents may `git clone` a specific public PoC/
+ exploit repo or download a scanner when needed (reputable/pinned, reviewed).
+- **Rate-limit testing** is a first-class control check (small non-disruptive
+ burst β look for 429/lockout/Retry-After), never a DoS.
+
## Notes
- Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
diff --git a/TUTORIAL.md b/TUTORIAL.md
index 6f068c8..92e6f7a 100644
--- a/TUTORIAL.md
+++ b/TUTORIAL.md
@@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It:
1. **Recons** the target with real tools (curl/nmap/β¦).
2. **Intelligently selects** only the agents whose preconditions match the recon
- (it does *not* blindly run all 365).
+ (it does *not* blindly run all 375).
3. **Exploits** in parallel β each agent works in a ReAct loop and must prove its
claim with a **tool receipt** (raw output).
4. **Validates** every candidate by **cross-model voting** (a different model
@@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
```bash
neurosploit --version # neurosploit 3.5.5
-neurosploit agents # {"vulns":196,...,"chains":12,"total":365}
+neurosploit agents # {"vulns":196,...,"chains":12,"total":375}
neurosploit models # all providers & models
```
@@ -468,7 +468,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state
## 13. The agent library
-`agents_md/` holds **365** markdown agents in categories:
+`agents_md/` holds **375** markdown agents in categories:
| Category | Dir | Count | Purpose |
|----------|-----|-------|---------|
diff --git a/agents_md/vulns/cve_hunter.md b/agents_md/vulns/cve_hunter.md
new file mode 100644
index 0000000..320943a
--- /dev/null
+++ b/agents_md/vulns/cve_hunter.md
@@ -0,0 +1,39 @@
+# CVE Hunter Agent
+
+## User Prompt
+You are testing **{target}** for known CVEs affecting the detected components.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Fingerprint
+- From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)
+
+### 2. Correlate
+- Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` and the NVD; note CVE id + CVSS
+
+### 3. Reproduce safely
+- Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; if a working public PoC exists you MAY clone it (git clone) and adapt β never a destructive payload
+
+### 4. Confirm
+- Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'
+
+### 5. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: CVE Hunter at [endpoint]
+- Severity: Critical
+- CWE: CWE-1395
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Depends on CVE β up to full compromise
+- Remediation: Patch/upgrade affected components; apply vendor advisories
+```
+
+## System Prompt
+You are a specialist in known CVEs affecting the detected components. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_debug_endpoints.md b/agents_md/vulns/misconfig_debug_endpoints.md
new file mode 100644
index 0000000..46b678c
--- /dev/null
+++ b/agents_md/vulns/misconfig_debug_endpoints.md
@@ -0,0 +1,36 @@
+# Debug / Management Endpoints Exposed Agent
+
+## User Prompt
+You are testing **{target}** for exposed debug and management endpoints.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Probe
+- Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, `/metrics`, `/__debug__/`, `/console`, framework debug panels
+
+### 2. Assess
+- Harvest env vars/secrets, internal routes, heap/thread dumps, config
+
+### 3. Confirm
+- Show sensitive runtime data or an actionable management action reachable unauthenticated
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Debug / Management Endpoints Exposed at [endpoint]
+- Severity: High
+- CWE: CWE-489
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Info disclosure β RCE/takeover
+- Remediation: Disable debug/management in prod; authenticate & network-restrict them
+```
+
+## System Prompt
+You are a specialist in exposed debug and management endpoints. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_default_creds.md b/agents_md/vulns/misconfig_default_creds.md
new file mode 100644
index 0000000..fd5ae50
--- /dev/null
+++ b/agents_md/vulns/misconfig_default_creds.md
@@ -0,0 +1,36 @@
+# Default / Weak Credentials on Panels Agent
+
+## User Prompt
+You are testing **{target}** for default or weak credentials on exposed panels.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Locate
+- Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)
+
+### 2. Test (in scope)
+- Try vendor defaults & the supplied test creds; respect lockout/ROE β no out-of-scope brute force
+
+### 3. Confirm
+- Show authenticated access with a benign read
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Default / Weak Credentials on Panels at [endpoint]
+- Severity: High
+- CWE: CWE-1392
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Full component/app compromise
+- Remediation: Remove defaults; enforce strong creds + MFA; restrict panel exposure
+```
+
+## System Prompt
+You are a specialist in default or weak credentials on exposed panels. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_dir_listing.md b/agents_md/vulns/misconfig_dir_listing.md
new file mode 100644
index 0000000..95f4153
--- /dev/null
+++ b/agents_md/vulns/misconfig_dir_listing.md
@@ -0,0 +1,33 @@
+# Directory Listing Enabled Agent
+
+## User Prompt
+You are testing **{target}** for directory listing / index-of exposure.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Probe
+- Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`
+
+### 2. Confirm
+- Show a listing revealing sensitive files; fetch one to prove readability
+
+### 3. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Directory Listing Enabled at [endpoint]
+- Severity: Medium
+- CWE: CWE-548
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Information disclosure
+- Remediation: Disable autoindex (Options -Indexes / autoindex off); restrict access
+```
+
+## System Prompt
+You are a specialist in directory listing / index-of exposure. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_exposed_dashboards.md b/agents_md/vulns/misconfig_exposed_dashboards.md
new file mode 100644
index 0000000..f3de042
--- /dev/null
+++ b/agents_md/vulns/misconfig_exposed_dashboards.md
@@ -0,0 +1,36 @@
+# Exposed Ops Dashboards Agent
+
+## User Prompt
+You are testing **{target}** for unauthenticated ops dashboards & consoles.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Discover
+- Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, Prometheus, Consul, Swagger UI, GraphQL playground
+
+### 2. Assess
+- Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)
+
+### 3. Confirm
+- Demonstrate a read proving exposure (β often data leak or RCE)
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Exposed Ops Dashboards at [endpoint]
+- Severity: High
+- CWE: CWE-1188
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Data leak / RCE / takeover
+- Remediation: Authenticate & network-restrict all ops UIs; least privilege
+```
+
+## System Prompt
+You are a specialist in unauthenticated ops dashboards & consoles. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_exposed_files.md b/agents_md/vulns/misconfig_exposed_files.md
new file mode 100644
index 0000000..1557aa4
--- /dev/null
+++ b/agents_md/vulns/misconfig_exposed_files.md
@@ -0,0 +1,36 @@
+# Exposed Sensitive Files & Backups Agent
+
+## User Prompt
+You are testing **{target}** for absurd misconfigurations exposing sensitive files.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Probe
+- Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, `/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`
+
+### 2. Confirm
+- Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)
+
+### 3. Loot
+- Extract secrets/creds and hand them to the chainer for reuse β do not exfiltrate beyond proof
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Exposed Sensitive Files & Backups at [endpoint]
+- Severity: High
+- CWE: CWE-538
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Source/secret disclosure β credential reuse / RCE
+- Remediation: Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets
+```
+
+## System Prompt
+You are a specialist in absurd misconfigurations exposing sensitive files. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_permissive_cors.md b/agents_md/vulns/misconfig_permissive_cors.md
new file mode 100644
index 0000000..0d4aba7
--- /dev/null
+++ b/agents_md/vulns/misconfig_permissive_cors.md
@@ -0,0 +1,36 @@
+# Permissive CORS Misconfiguration Agent
+
+## User Prompt
+You are testing **{target}** for insecure CORS allowing cross-origin credentialed reads.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Test reflection
+- Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` and `Access-Control-Allow-Credentials`
+
+### 2. Classify
+- Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low
+
+### 3. Confirm
+- On authenticated endpoints, show a cross-origin credentialed read returning the victim's data
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Permissive CORS Misconfiguration at [endpoint]
+- Severity: High
+- CWE: CWE-942
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Cross-origin data theft
+- Remediation: Allowlist origins server-side; never reflect Origin with credentials
+```
+
+## System Prompt
+You are a specialist in insecure CORS allowing cross-origin credentialed reads. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/misconfig_verbose_errors.md b/agents_md/vulns/misconfig_verbose_errors.md
new file mode 100644
index 0000000..c30de8b
--- /dev/null
+++ b/agents_md/vulns/misconfig_verbose_errors.md
@@ -0,0 +1,36 @@
+# Verbose Errors / Stack Traces Agent
+
+## User Prompt
+You are testing **{target}** for verbose error handling leaking internals.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Trigger
+- Send malformed input / bad methods / type confusion to force errors
+
+### 2. Assess
+- Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors
+
+### 3. Confirm
+- Show a response leaking internal implementation detail
+
+### 4. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Verbose Errors / Stack Traces at [endpoint]
+- Severity: Low
+- CWE: CWE-209
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Info disclosure aiding targeted attacks
+- Remediation: Generic error pages in prod; log details server-side only
+```
+
+## System Prompt
+You are a specialist in verbose error handling leaking internals. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/poc_developer.md b/agents_md/vulns/poc_developer.md
new file mode 100644
index 0000000..088ef66
--- /dev/null
+++ b/agents_md/vulns/poc_developer.md
@@ -0,0 +1,39 @@
+# Exploit PoC Developer Agent
+
+## User Prompt
+You are testing **{target}** for issues that require a custom multi-step exploit or script to prove.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Decide
+- When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, or a public CVE PoC is needed), develop a proof-of-concept script
+
+### 2. Build
+- Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment (target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists β review it first
+
+### 3. Run & confirm
+- Execute the PoC against the authorized target with benign/non-destructive payloads; capture output
+
+### 4. Report
+- Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)
+
+### 5. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Exploit PoC Developer at [endpoint]
+- Severity: High
+- CWE: CWE-1395
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Reproducible proof of the underlying vulnerability
+- Remediation: N/A (methodology agent) β remediation follows the underlying issue
+```
+
+## System Prompt
+You are a specialist in issues that require a custom multi-step exploit or script to prove. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/agents_md/vulns/rate_limit_abuse.md b/agents_md/vulns/rate_limit_abuse.md
new file mode 100644
index 0000000..18b5d82
--- /dev/null
+++ b/agents_md/vulns/rate_limit_abuse.md
@@ -0,0 +1,39 @@
+# Rate Limiting & Anti-Automation Agent
+
+## User Prompt
+You are testing **{target}** for missing rate limiting / anti-automation on sensitive flows.
+
+**Recon Context:**
+{recon_json}
+
+**METHODOLOGY:**
+
+### 1. Target the right endpoints
+- Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any expensive or messaging endpoint
+
+### 2. Controlled burst
+- Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, Retry-After, progressive delay, or captcha β keep it non-disruptive (a control check, not DoS)
+
+### 3. Check headers
+- Inspect for `RateLimit-*` / `Retry-After`; note their absence
+
+### 4. Confirm
+- Report absence of throttling with the observed status distribution; chain with user-enumeration for password-spraying feasibility (do not actually brute-force out of scope)
+
+### 5. Report Format
+For each CONFIRMED finding:
+```
+FINDING:
+- Title: Rate Limiting & Anti-Automation at [endpoint]
+- Severity: Medium
+- CWE: CWE-307
+- Endpoint: [full URL/resource]
+- Vector: [what/where]
+- Payload: [exact request/command]
+- Evidence: [raw tool output proving it]
+- Impact: Brute force / credential stuffing / password spraying / resource abuse
+- Remediation: Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA
+```
+
+## System Prompt
+You are a specialist in missing rate limiting / anti-automation on sensitive flows. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
diff --git a/neurosploit-rs/app/src/main.rs b/neurosploit-rs/app/src/main.rs
index da2c2da..2737593 100644
--- a/neurosploit-rs/app/src/main.rs
+++ b/neurosploit-rs/app/src/main.rs
@@ -550,6 +550,19 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode:
std::fs::create_dir_all(&workdir).ok();
cfg.workdir = Some(workdir.display().to_string());
cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string());
+ // PoC scratch dir: agents write custom exploit scripts here (see doctrine).
+ let pocs = workdir.join("pocs");
+ std::fs::create_dir_all(&pocs).ok();
+ std::env::set_var("NEUROSPLOIT_POCS", pocs.display().to_string());
+ // Local intercepting proxy (Burp/ZAP): agents route HTTP through it. Comes
+ // from cfg.proxy (REPL /proxy) or the NEUROSPLOIT_PROXY env var (CLI).
+ let proxy = cfg.proxy.clone()
+ .or_else(|| std::env::var("NEUROSPLOIT_PROXY").ok())
+ .filter(|p| !p.trim().is_empty());
+ if let Some(p) = proxy {
+ std::env::set_var("NEUROSPLOIT_PROXY", &p);
+ println!(" β proxy : {p} (traffic routed to Burp/ZAP for inspection)");
+ }
write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target));
println!(" ββ NeuroSploit v3.5.5 Β· by Joas A Santos & Red Team Leaders");
diff --git a/neurosploit-rs/app/src/repl.rs b/neurosploit-rs/app/src/repl.rs
index 389aa56..070c3f2 100644
--- a/neurosploit-rs/app/src/repl.rs
+++ b/neurosploit-rs/app/src/repl.rs
@@ -119,7 +119,7 @@ struct LiveCheckpoint {
const COMMANDS: &[&str] = &[
"/help", "/show", "/config", "/providers", "/model", "/key", "/sub", "/target",
"/repo", "/auth", "/creds", "/focus", "/attach", "/context", "/mcp", "/offline",
- "/votes", "/chain", "/timeout", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report",
+ "/votes", "/chain", "/timeout", "/proxy", "/burp", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report",
"/status", "/diff", "/retest", "/integrations", "/quit",
];
@@ -217,6 +217,8 @@ struct Session {
/// Idle guardrail: stop a run if no NEW finding lands in this many seconds
/// (0 = disabled). Set in minutes via `/timeout `.
idle_secs: u64,
+ /// Local intercepting proxy (Burp/ZAP), e.g. http://127.0.0.1:8080.
+ proxy: Option,
offline: bool,
target: Option,
repo: Option,
@@ -237,6 +239,7 @@ impl Default for Session {
max_agents: 0,
chain_depth: 2,
idle_secs: 300, // 5-minute idle guardrail by default
+ proxy: None,
offline: false,
target: None,
repo: None,
@@ -438,6 +441,15 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> {
else { println!(" idle guardrail: stop if no new finding in {mins} min"); }
}
}
+ "/proxy" | "/burp" => {
+ match arg {
+ "" => println!(" proxy: {}", s.proxy.clone().unwrap_or_else(|| "(none) β route traffic to Burp/ZAP with /proxy , e.g. /proxy http://127.0.0.1:8080".into())),
+ "off" | "clear" | "none" => { s.proxy = None; println!(" proxy cleared β traffic goes direct"); }
+ "on" => { s.proxy = Some("http://127.0.0.1:8080".into()); println!(" proxy: http://127.0.0.1:8080 (default Burp) β agents route curl through it"); }
+ u => { let p = if u.starts_with("http") { u.to_string() } else { format!("http://{u}") };
+ s.proxy = Some(p.clone()); println!(" proxy: {p} β agents route HTTP through it so you can inspect/replay in Burp"); }
+ }
+ }
"/repo" => {
if arg.is_empty() { println!(" repo: {}", s.repo.clone().unwrap_or_else(|| "(none) β set with /repo , clear with /repo clear".into())); }
else if arg == "clear" { s.repo = None; println!(" repo cleared"); }
@@ -742,6 +754,7 @@ async fn run(base: &Path, s: &Session, history: &mut Vec) {
cfg.subscription = s.subscription;
cfg.vote_n = s.vote_n;
cfg.chain_depth = s.chain_depth;
+ cfg.proxy = s.proxy.clone();
cfg.max_agents = s.max_agents;
cfg.verbose = true;
cfg.offline = s.offline;
@@ -795,6 +808,7 @@ async fn start_background(base: &Path, s: &Session, reader: &mut Reader,
cfg.subscription = s.subscription;
cfg.vote_n = s.vote_n;
cfg.chain_depth = s.chain_depth;
+ cfg.proxy = s.proxy.clone();
cfg.max_agents = s.max_agents;
cfg.verbose = true;
cfg.offline = s.offline;
@@ -1228,6 +1242,7 @@ fn show(s: &Session) {
println!(" β repo : {}", s.repo.clone().unwrap_or_else(|| "(none)".into()));
println!(" β auth : {}", s.auth.clone().unwrap_or_else(|| "(none)".into()));
println!(" β creds : {}", s.creds.clone().unwrap_or_else(|| "(none)".into()));
+ println!(" β proxy : {}", s.proxy.clone().unwrap_or_else(|| "(none β /proxy for Burp/ZAP)".into()));
println!(" β focus : {}", s.instructions.clone().unwrap_or_else(|| "(none β tests everything)".into()));
println!(" β opts : mcp={} offline={} votes={} chain-depth={} max-agents={} idle-stop={}",
onoff(s.mcp), onoff(s.offline), s.vote_n, s.chain_depth, s.max_agents,
@@ -1289,6 +1304,7 @@ fn help() {
h("/mcp on|off", "Playwright MCP browser /offline on|off self-test");
h("/votes ", "validator votes /chain attack-chain depth");
h("/timeout ", "idle guardrail: stop if no new finding in (0 = off)");
+ h("/proxy |off", "route agent HTTP through Burp/ZAP (/burp = default :8080)");
h("/agents |list", "cap agents Β· list counts /theme color|mono");
h("/show (config)", "/clear /quit");
diff --git a/neurosploit-rs/crates/harness/src/pipeline.rs b/neurosploit-rs/crates/harness/src/pipeline.rs
index 8ca5121..4ba0a4d 100644
--- a/neurosploit-rs/crates/harness/src/pipeline.rs
+++ b/neurosploit-rs/crates/harness/src/pipeline.rs
@@ -68,11 +68,61 @@ fn tool_doctrine(mcp_on: bool) -> String {
Prefer `linkfinder`/`gau`/`katana` to harvest more URLs when present, else regex with `grep -Eo`.\n\
- REQUEST/RESPONSE ANALYSIS: read status codes, every header, Set-Cookie flags, content-type, body length \
and response timing; use DIFFERENTIALS (authenticated vs anonymous, valid vs invalid input, existing vs \
- missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence.\n\
+ missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence. \
+ Save full request/response pairs when they matter for the PoC.\n\
+ - NUCLEI (fast, targeted β never a blind full scan): first fingerprint the stack, then run nuclei ONLY on \
+ relevant templates, e.g. `nuclei -u -tags -severity critical,high,medium \
+ -rl 50 -timeout 8 -retries 1` (or `-t ` for a suspected CVE). Prefer targeted \
+ `-id`/`-tags` over the whole template set so it stays quick; confirm any hit manually with curl.\n\
+ - MISCONFIG HUNTING: probe for absurd-but-common misconfigurations β exposed `.git`/`.env`/backup & config \
+ files, directory listing, debug/actuator/trace endpoints, default & weak credentials, open admin panels, \
+ permissive CORS, verbose stack traces, exposed dashboards (Kibana/Grafana/Jenkins/phpMyAdmin), and cloud \
+ metadata (169.254.169.254) via SSRF.\n\
+ - RATE-LIMIT / ANTI-AUTOMATION: on auth, password-reset, OTP and sensitive endpoints, send a controlled \
+ burst (e.g. ~20-30 requests) and check for 429/lockout/Retry-After/backoff; report absence as a finding. \
+ Keep bursts small and non-disruptive β this is a control check, not a DoS.\n\
+ - TOOL DOWNLOAD (authorized): when a public PoC or scanner is needed you MAY `git clone` a specific PoC/exploit \
+ repo or download a tool (`git clone`, `wget`, `pip install`, `go install`, `cargo install`) β use pinned, \
+ reputable sources; review before running; never run destructive payloads.\n\
- {browser}\n\
- Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n"
+ - {proxy}{pocs}\
+ Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n",
+ proxy = proxy_line(),
+ pocs = pocs_line(),
)
}
+
+/// If a local proxy is configured (Burp/ZAP), tell agents to route HTTP through
+/// it so the operator can inspect/replay traffic in Burp Suite.
+fn proxy_line() -> String {
+ match std::env::var("NEUROSPLOIT_PROXY").ok().filter(|v| !v.trim().is_empty()) {
+ Some(p) => format!(
+ "PROXY: route ALL HTTP through the local intercepting proxy at {p} (Burp/ZAP) so the operator can \
+ inspect & replay in Burp β add `--proxy {p} -k` to every curl (and set http(s)_proxy for other tools). \
+ Send anything noteworthy through it for manual review.\n "),
+ None => String::new(),
+ }
+}
+
+/// If a PoC directory is set, tell agents to save custom exploit scripts there.
+fn pocs_line() -> String {
+ match std::env::var("NEUROSPLOIT_POCS").ok().filter(|v| !v.trim().is_empty()) {
+ Some(d) => format!(
+ "POCS: when an issue needs a custom multi-step exploit/script to prove it, WRITE a runnable PoC \
+ (curl/python/bash) to {d}/ with a short header comment (target, what it proves, usage), run it to \
+ confirm, and reference the file path in the finding evidence.\n "),
+ None => String::new(),
+ }
+}
+
+/// Data-safety guardrail prepended to every exploit/chain prompt.
+const SAFETY_DOCTRINE: &str = "DATA SAFETY (strict): prove impact WITHOUT harming data. Do NOT modify, delete, \
+overwrite, encrypt or exfiltrate data, create/alter/escalate accounts, or change configuration/state β unless the \
+operator has explicitly authorized that specific action. Read-only, minimal proof. If you encounter PII (names, \
+emails, CPF/SSN, phones, cards, tokens): confirm access with the SMALLEST possible sample and REDACT it in the \
+report (e.g. show 1 masked record + a count) β never dump, store, or transmit the dataset. Prefer benign markers \
+and OOB/echo checks over any state-changing payload. When unsure whether an action is safe, don't do it β report \
+it as reachable and stop.\n\n";
const VOTE_SYS: &str = "You are an adversarial security validator. Decide if the candidate finding is a REAL, reproducible, exploitable vulnerability whose EVIDENCE actually proves impact. Reject common false positives: input merely reflected but not executed; version/banner guesses with no working PoC; self-XSS; theoretical issues; an error message or stack trace mistaken for injection; missing, generic, or non-reproducible evidence; severity inflated beyond what the evidence demonstrates. Confirm only if the provided evidence (request/response) concretely proves the vulnerability. Reply with JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}. Default to rejected when uncertain.";
/// Adversarial second pass for High/Critical findings: assume false positive
/// until the evidence forces otherwise. A finding that can't withstand the
@@ -195,13 +245,13 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender,
}
fn default_vote() -> usize {
@@ -159,6 +164,7 @@ impl RunConfig {
repo: None,
pinned: Vec::new(),
chain_depth: 2,
+ proxy: None,
}
}
}
diff --git a/scripts/build_exploit_agents_v355.py b/scripts/build_exploit_agents_v355.py
new file mode 100644
index 0000000..bc9a586
--- /dev/null
+++ b/scripts/build_exploit_agents_v355.py
@@ -0,0 +1,136 @@
+#!/usr/bin/env python3
+"""
+NeuroSploit v3.5.5 β misconfiguration, CVE-hunting, PoC-development & rate-limit
+exploitation agents. Written to agents_md/vulns/. Read-only-first, non-destructive,
+authorized only; PII must be handled per the data-safety guardrail.
+Credits: Joas A Santos & Red Team Leaders.
+"""
+import os
+
+ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+OUT = os.path.join(ROOT, "agents_md", "vulns")
+
+
+def render(a):
+ L = [f"# {a['title']} Agent\n", "## User Prompt",
+ f"You are testing **{{target}}** for {a['for']}.\n",
+ "**Recon Context:**\n{recon_json}\n", "**METHODOLOGY:**\n"]
+ for i, (s, bs) in enumerate(a["steps"], 1):
+ L.append(f"### {i}. {s}")
+ L += [f"- {b}" for b in bs]
+ L.append("")
+ n = len(a["steps"]) + 1
+ L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:",
+ f"- Title: {a['title']} at [endpoint]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}",
+ "- Endpoint: [full URL/resource]", "- Vector: [what/where]", "- Payload: [exact request/command]",
+ "- Evidence: [raw tool output proving it]", f"- Impact: {a['impact']}",
+ f"- Remediation: {a['fix']}", "```\n", "## System Prompt", a["system"]]
+ return "\n".join(L) + "\n"
+
+
+def A(name, title, vc, cwe, sev, steps, fix, impact):
+ return {"name": name, "title": title, "for": vc, "sev": sev, "cwe": cwe, "impact": impact,
+ "fix": fix, "steps": steps,
+ "system": (f"You are a specialist in {vc}. AUTHORIZED engagement. Report ONLY what you proved with a "
+ "real tool receipt (raw output) β never a paraphrase or assumption. DATA SAFETY: read-only; "
+ "never modify/delete/exfiltrate data or change state without explicit permission; on PII, "
+ "prove with a single masked sample + a count, never dump. No destructive/DoS actions. "
+ "Credits: Joas A Santos and Red Team Leaders.")}
+
+
+AGENTS = [
+ # ---------- absurd misconfigurations ----------
+ A("misconfig_exposed_files", "Exposed Sensitive Files & Backups", "absurd misconfigurations exposing sensitive files",
+ "CWE-538", "High",
+ [("Probe", ["Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, "
+ "`/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`"]),
+ ("Confirm", ["Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)"]),
+ ("Loot", ["Extract secrets/creds and hand them to the chainer for reuse β do not exfiltrate beyond proof"])],
+ "Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets",
+ "Source/secret disclosure β credential reuse / RCE"),
+ A("misconfig_debug_endpoints", "Debug / Management Endpoints Exposed", "exposed debug and management endpoints",
+ "CWE-489", "High",
+ [("Probe", ["Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, "
+ "`/metrics`, `/__debug__/`, `/console`, framework debug panels"]),
+ ("Assess", ["Harvest env vars/secrets, internal routes, heap/thread dumps, config"]),
+ ("Confirm", ["Show sensitive runtime data or an actionable management action reachable unauthenticated"])],
+ "Disable debug/management in prod; authenticate & network-restrict them", "Info disclosure β RCE/takeover"),
+ A("misconfig_default_creds", "Default / Weak Credentials on Panels", "default or weak credentials on exposed panels",
+ "CWE-1392", "High",
+ [("Locate", ["Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)"]),
+ ("Test (in scope)", ["Try vendor defaults & the supplied test creds; respect lockout/ROE β no out-of-scope brute force"]),
+ ("Confirm", ["Show authenticated access with a benign read"])],
+ "Remove defaults; enforce strong creds + MFA; restrict panel exposure", "Full component/app compromise"),
+ A("misconfig_dir_listing", "Directory Listing Enabled", "directory listing / index-of exposure",
+ "CWE-548", "Medium",
+ [("Probe", ["Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`"]),
+ ("Confirm", ["Show a listing revealing sensitive files; fetch one to prove readability"])],
+ "Disable autoindex (Options -Indexes / autoindex off); restrict access", "Information disclosure"),
+ A("misconfig_exposed_dashboards", "Exposed Ops Dashboards", "unauthenticated ops dashboards & consoles",
+ "CWE-1188", "High",
+ [("Discover", ["Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, "
+ "Prometheus, Consul, Swagger UI, GraphQL playground"]),
+ ("Assess", ["Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)"]),
+ ("Confirm", ["Demonstrate a read proving exposure (β often data leak or RCE)"])],
+ "Authenticate & network-restrict all ops UIs; least privilege", "Data leak / RCE / takeover"),
+ A("misconfig_permissive_cors", "Permissive CORS Misconfiguration", "insecure CORS allowing cross-origin credentialed reads",
+ "CWE-942", "High",
+ [("Test reflection", ["Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` "
+ "and `Access-Control-Allow-Credentials`"]),
+ ("Classify", ["Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low"]),
+ ("Confirm", ["On authenticated endpoints, show a cross-origin credentialed read returning the victim's data"])],
+ "Allowlist origins server-side; never reflect Origin with credentials", "Cross-origin data theft"),
+ A("misconfig_verbose_errors", "Verbose Errors / Stack Traces", "verbose error handling leaking internals",
+ "CWE-209", "Low",
+ [("Trigger", ["Send malformed input / bad methods / type confusion to force errors"]),
+ ("Assess", ["Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors"]),
+ ("Confirm", ["Show a response leaking internal implementation detail"])],
+ "Generic error pages in prod; log details server-side only", "Info disclosure aiding targeted attacks"),
+
+ # ---------- CVE hunting ----------
+ A("cve_hunter", "CVE Hunter", "known CVEs affecting the detected components",
+ "CWE-1395", "Critical",
+ [("Fingerprint", ["From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)"]),
+ ("Correlate", ["Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED "
+ "templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` "
+ "and the NVD; note CVE id + CVSS"]),
+ ("Reproduce safely", ["Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; "
+ "if a working public PoC exists you MAY clone it (git clone) and adapt β never a destructive payload"]),
+ ("Confirm", ["Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'"])],
+ "Patch/upgrade affected components; apply vendor advisories", "Depends on CVE β up to full compromise"),
+
+ # ---------- PoC development ----------
+ A("poc_developer", "Exploit PoC Developer", "issues that require a custom multi-step exploit or script to prove",
+ "CWE-1395", "High",
+ [("Decide", ["When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, "
+ "or a public CVE PoC is needed), develop a proof-of-concept script"]),
+ ("Build", ["Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment "
+ "(target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists β review it first"]),
+ ("Run & confirm", ["Execute the PoC against the authorized target with benign/non-destructive payloads; capture output"]),
+ ("Report", ["Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)"])],
+ "N/A (methodology agent) β remediation follows the underlying issue", "Reproducible proof of the underlying vulnerability"),
+
+ # ---------- rate limiting / anti-automation ----------
+ A("rate_limit_abuse", "Rate Limiting & Anti-Automation", "missing rate limiting / anti-automation on sensitive flows",
+ "CWE-307", "Medium",
+ [("Target the right endpoints", ["Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any "
+ "expensive or messaging endpoint"]),
+ ("Controlled burst", ["Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, "
+ "Retry-After, progressive delay, or captcha β keep it non-disruptive (a control check, not DoS)"]),
+ ("Check headers", ["Inspect for `RateLimit-*` / `Retry-After`; note their absence"]),
+ ("Confirm", ["Report absence of throttling with the observed status distribution; chain with user-enumeration "
+ "for password-spraying feasibility (do not actually brute-force out of scope)"])],
+ "Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA",
+ "Brute force / credential stuffing / password spraying / resource abuse"),
+]
+
+
+def main():
+ os.makedirs(OUT, exist_ok=True)
+ for a in AGENTS:
+ open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a))
+ print(f"wrote {len(AGENTS)} exploit/misconfig/CVE/poc/rate-limit agents to {OUT}")
+
+
+if __name__ == "__main__":
+ main()