From 5f1573ac7fbbc21370deb410288fd67b7a4ed0d0 Mon Sep 17 00:00:00 2001 From: CyberSecurityUP Date: Wed, 1 Jul 2026 23:40:47 -0300 Subject: [PATCH] misconfig/CVE/PoC/rate-limit agents, data-safety guardrail, Burp proxy, PoC dir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Agents (+10 β†’ library 375): absurd-misconfig hunters (exposed .git/.env/backups, debug/actuator, default creds, dir listing, ops dashboards, permissive CORS, verbose errors), a CVE Hunter (fingerprint β†’ correlate β†’ safe PoC), a PoC Developer (writes runnable scripts to the run's pocs/), and a Rate-Limit tester. Doctrine (pipeline): - SAFETY_DOCTRINE injected into every exploit/chain/host prompt: no modify/delete/ exfiltrate/state-change without permission; on PII prove with a masked sample + count, never dump. - tool_doctrine adds: smart targeted nuclei (fingerprint-first, -tags/-id, rate/ timeouts), misconfig hunting, rate-limit control checks, authorized tool download (git clone PoC repos / fetch scanners), Burp/ZAP proxy routing, and a per-run PoC workspace. Harness/CLI/REPL: - RunConfig.proxy; spawn_engagement creates /pocs and exports NEUROSPLOIT_POCS + NEUROSPLOIT_PROXY (proxy from cfg or the env var). - REPL /proxy and /burp (Session.proxy); /show shows proxy. Docs: README highlights + Cloud/counts (375), RELEASE v3.5.5 sections. --- README.md | 14 +- RELEASE.md | 35 ++++- TUTORIAL.md | 6 +- agents_md/vulns/cve_hunter.md | 39 +++++ agents_md/vulns/misconfig_debug_endpoints.md | 36 +++++ agents_md/vulns/misconfig_default_creds.md | 36 +++++ agents_md/vulns/misconfig_dir_listing.md | 33 +++++ .../vulns/misconfig_exposed_dashboards.md | 36 +++++ agents_md/vulns/misconfig_exposed_files.md | 36 +++++ agents_md/vulns/misconfig_permissive_cors.md | 36 +++++ agents_md/vulns/misconfig_verbose_errors.md | 36 +++++ agents_md/vulns/poc_developer.md | 39 +++++ agents_md/vulns/rate_limit_abuse.md | 39 +++++ neurosploit-rs/app/src/main.rs | 13 ++ neurosploit-rs/app/src/repl.rs | 18 ++- neurosploit-rs/crates/harness/src/pipeline.rs | 70 +++++++-- neurosploit-rs/crates/harness/src/types.rs | 6 + scripts/build_exploit_agents_v355.py | 136 ++++++++++++++++++ 18 files changed, 642 insertions(+), 22 deletions(-) create mode 100644 agents_md/vulns/cve_hunter.md create mode 100644 agents_md/vulns/misconfig_debug_endpoints.md create mode 100644 agents_md/vulns/misconfig_default_creds.md create mode 100644 agents_md/vulns/misconfig_dir_listing.md create mode 100644 agents_md/vulns/misconfig_exposed_dashboards.md create mode 100644 agents_md/vulns/misconfig_exposed_files.md create mode 100644 agents_md/vulns/misconfig_permissive_cors.md create mode 100644 agents_md/vulns/misconfig_verbose_errors.md create mode 100644 agents_md/vulns/poc_developer.md create mode 100644 agents_md/vulns/rate_limit_abuse.md create mode 100644 scripts/build_exploit_agents_v355.py diff --git a/README.md b/README.md index 1e0652c..34ba0aa 100755 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ - + @@ -25,7 +25,7 @@ > πŸ“– **New here? Read the [full Tutorial & User Guide β†’](TUTORIAL.md)** β€” every mode, flag, config and example explained. > πŸ†• **New in v3.5.5 β€” Cloud testing + REPL navigation + deeper recon:** -> **AWS/GCP/Azure** agents (+17 β†’ **365** total) with credentials wired through +> **AWS/GCP/Azure** agents (+17 β†’ **375** total) with credentials wired through > `creds.yaml`; a more navigable **REPL** β€” **`/timeout`** idle guardrail, > **multi-target** `/target a,b,c` (sequential), an interactive **`/results`** > browser (target β†’ vuln β†’ detail, Esc to go back) and **`/report`** picker; and @@ -44,7 +44,7 @@ LLMs** β€” via **API key** or local **subscription** (Claude Code / Codex / Gemi Grok) β€” recons the target, **intelligently selects only the agents that match the discovered surface**, runs them in parallel, **chains** findings into deeper impact, and **validates every claim by cross-model voting + tool-receipt -grounding** before reporting. It ships **365 markdown agents** and a **Mission +grounding** before reporting. It ships **375 markdown agents** and a **Mission Control TUI**. ### Engagement modes @@ -75,6 +75,14 @@ Control TUI**. (`aws`/`gcloud`/`az`). Connect via `creds.yaml`: AWS keys, a Google service-account JSON, or an Azure service principal β€” see [Cloud credentials](#cloud-credentials-awsgcpazure). +- 🧰 **Misconfig & CVE hunting, safely** β€” dedicated agents for absurd + misconfigs (exposed `.git`/`.env`, debug/actuator, default creds, dashboards, + CORS), a **CVE Hunter** (smart, targeted `nuclei`), a **PoC Developer** (writes + reproducible scripts to the run's `pocs/`), and **rate-limit** testing β€” all + under a strict **data-safety/PII guardrail** (no destructive or state-changing + actions; PII proven with a masked sample, never dumped). +- πŸ•΅οΈ **Burp/ZAP proxy** β€” `/proxy ` (or `/burp`) routes agent traffic + through your local intercepting proxy so you can inspect & replay in Burp. - πŸ—ΊοΈ **Attack graph & kill chain** β€” findings mapped to OWASP / CWE / MITRE ATT&CK / stage; rendered as a Mermaid graph in the report. - βœ… **Cross-model validation** β€” a different model adjudicates each finding; diff --git a/RELEASE.md b/RELEASE.md index 624e7bc..ffa5bcd 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -10,14 +10,16 @@ ## TL;DR v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class -credential connection and **17 new cloud agents**, a much more capable and -navigable **REPL** (idle guardrail, multi-target, results browser), **deeper -recon** (downloads & analyzes JS, request/response differentials), and a fix for -garbled interactive line-editing. +credential connection, **27 new agents** (17 cloud + 10 misconfig/CVE/PoC/rate- +limit β†’ library **375**), a much more capable and navigable **REPL** (idle +guardrail, multi-target, results browser), **deeper recon** (downloads & analyzes +JS, request/response differentials, smart nuclei), **Burp/ZAP proxy** support, a +**PoC** workspace, a strict **data-safety/PII guardrail**, and a fix for garbled +interactive line-editing. ## Cloud testing -- **+17 cloud agents (library now 365).** AWS, GCP and Azure specialists in +- **+17 cloud agents.** AWS, GCP and Azure specialists in `agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure (S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager / Secret Manager / Key Vault), service-account & service-principal abuse, and @@ -67,6 +69,29 @@ garbled interactive line-editing. all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and valid-vs-invalid comparisons) β€” applied to both recon and exploitation. +## Exploitation depth, safety & Burp + +- **+10 exploitation agents.** Absurd-misconfig hunters (exposed `.git`/`.env`/ + backups, debug/actuator endpoints, default creds, directory listing, exposed + ops dashboards, permissive CORS, verbose errors), a **CVE Hunter** (fingerprint + β†’ correlate β†’ safe PoC), a **PoC Developer** (writes runnable exploit scripts), + and a **Rate-Limit / Anti-Automation** tester. +- **Data-safety / PII guardrail** injected into every exploit/chain/host prompt: + no modifying, deleting, exfiltrating data or changing state without explicit + permission; on PII, prove with a single **masked** sample + a count β€” never + dump. When unsure an action is safe, don't do it. +- **Smart nuclei in recon** β€” fingerprint first, then run nuclei on **targeted** + templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan). +- **Burp/ZAP proxy** β€” `/proxy ` (or `/burp`, default `:8080`) in the REPL, + or the `NEUROSPLOIT_PROXY` env var. Agents route curl through it (`--proxy … -k`) + so you can inspect/replay traffic in Burp Suite while the test runs. +- **PoC workspace** β€” each run gets a `pocs/` directory (`$NEUROSPLOIT_POCS`); + agents save custom, reproducible exploit scripts there and cite them as evidence. +- **Tool download** (authorized) β€” agents may `git clone` a specific public PoC/ + exploit repo or download a scanner when needed (reputable/pinned, reviewed). +- **Rate-limit testing** is a first-class control check (small non-disruptive + burst β†’ look for 429/lockout/Retry-After), never a DoS. + ## Notes - Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2). diff --git a/TUTORIAL.md b/TUTORIAL.md index 6f068c8..92e6f7a 100644 --- a/TUTORIAL.md +++ b/TUTORIAL.md @@ -40,7 +40,7 @@ You give NeuroSploit a **target** (URL, repo, app, or host/IP). It: 1. **Recons** the target with real tools (curl/nmap/…). 2. **Intelligently selects** only the agents whose preconditions match the recon - (it does *not* blindly run all 365). + (it does *not* blindly run all 375). 3. **Exploits** in parallel β€” each agent works in a ReAct loop and must prove its claim with a **tool receipt** (raw output). 4. **Validates** every candidate by **cross-model voting** (a different model @@ -99,7 +99,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith ```bash neurosploit --version # neurosploit 3.5.5 -neurosploit agents # {"vulns":196,...,"chains":12,"total":365} +neurosploit agents # {"vulns":196,...,"chains":12,"total":375} neurosploit models # all providers & models ``` @@ -468,7 +468,7 @@ built from SAST/dataflow), so uncertainty becomes *path reachability*, not state ## 13. The agent library -`agents_md/` holds **365** markdown agents in categories: +`agents_md/` holds **375** markdown agents in categories: | Category | Dir | Count | Purpose | |----------|-----|-------|---------| diff --git a/agents_md/vulns/cve_hunter.md b/agents_md/vulns/cve_hunter.md new file mode 100644 index 0000000..320943a --- /dev/null +++ b/agents_md/vulns/cve_hunter.md @@ -0,0 +1,39 @@ +# CVE Hunter Agent + +## User Prompt +You are testing **{target}** for known CVEs affecting the detected components. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Fingerprint +- From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs) + +### 2. Correlate +- Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` and the NVD; note CVE id + CVSS + +### 3. Reproduce safely +- Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; if a working public PoC exists you MAY clone it (git clone) and adapt β€” never a destructive payload + +### 4. Confirm +- Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)' + +### 5. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: CVE Hunter at [endpoint] +- Severity: Critical +- CWE: CWE-1395 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Depends on CVE β€” up to full compromise +- Remediation: Patch/upgrade affected components; apply vendor advisories +``` + +## System Prompt +You are a specialist in known CVEs affecting the detected components. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_debug_endpoints.md b/agents_md/vulns/misconfig_debug_endpoints.md new file mode 100644 index 0000000..46b678c --- /dev/null +++ b/agents_md/vulns/misconfig_debug_endpoints.md @@ -0,0 +1,36 @@ +# Debug / Management Endpoints Exposed Agent + +## User Prompt +You are testing **{target}** for exposed debug and management endpoints. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Probe +- Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, `/metrics`, `/__debug__/`, `/console`, framework debug panels + +### 2. Assess +- Harvest env vars/secrets, internal routes, heap/thread dumps, config + +### 3. Confirm +- Show sensitive runtime data or an actionable management action reachable unauthenticated + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Debug / Management Endpoints Exposed at [endpoint] +- Severity: High +- CWE: CWE-489 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Info disclosure β†’ RCE/takeover +- Remediation: Disable debug/management in prod; authenticate & network-restrict them +``` + +## System Prompt +You are a specialist in exposed debug and management endpoints. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_default_creds.md b/agents_md/vulns/misconfig_default_creds.md new file mode 100644 index 0000000..fd5ae50 --- /dev/null +++ b/agents_md/vulns/misconfig_default_creds.md @@ -0,0 +1,36 @@ +# Default / Weak Credentials on Panels Agent + +## User Prompt +You are testing **{target}** for default or weak credentials on exposed panels. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Locate +- Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels) + +### 2. Test (in scope) +- Try vendor defaults & the supplied test creds; respect lockout/ROE β€” no out-of-scope brute force + +### 3. Confirm +- Show authenticated access with a benign read + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Default / Weak Credentials on Panels at [endpoint] +- Severity: High +- CWE: CWE-1392 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Full component/app compromise +- Remediation: Remove defaults; enforce strong creds + MFA; restrict panel exposure +``` + +## System Prompt +You are a specialist in default or weak credentials on exposed panels. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_dir_listing.md b/agents_md/vulns/misconfig_dir_listing.md new file mode 100644 index 0000000..95f4153 --- /dev/null +++ b/agents_md/vulns/misconfig_dir_listing.md @@ -0,0 +1,33 @@ +# Directory Listing Enabled Agent + +## User Prompt +You are testing **{target}** for directory listing / index-of exposure. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Probe +- Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /` + +### 2. Confirm +- Show a listing revealing sensitive files; fetch one to prove readability + +### 3. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Directory Listing Enabled at [endpoint] +- Severity: Medium +- CWE: CWE-548 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Information disclosure +- Remediation: Disable autoindex (Options -Indexes / autoindex off); restrict access +``` + +## System Prompt +You are a specialist in directory listing / index-of exposure. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_exposed_dashboards.md b/agents_md/vulns/misconfig_exposed_dashboards.md new file mode 100644 index 0000000..f3de042 --- /dev/null +++ b/agents_md/vulns/misconfig_exposed_dashboards.md @@ -0,0 +1,36 @@ +# Exposed Ops Dashboards Agent + +## User Prompt +You are testing **{target}** for unauthenticated ops dashboards & consoles. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Discover +- Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, Prometheus, Consul, Swagger UI, GraphQL playground + +### 2. Assess +- Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.) + +### 3. Confirm +- Demonstrate a read proving exposure (β†’ often data leak or RCE) + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Exposed Ops Dashboards at [endpoint] +- Severity: High +- CWE: CWE-1188 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Data leak / RCE / takeover +- Remediation: Authenticate & network-restrict all ops UIs; least privilege +``` + +## System Prompt +You are a specialist in unauthenticated ops dashboards & consoles. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_exposed_files.md b/agents_md/vulns/misconfig_exposed_files.md new file mode 100644 index 0000000..1557aa4 --- /dev/null +++ b/agents_md/vulns/misconfig_exposed_files.md @@ -0,0 +1,36 @@ +# Exposed Sensitive Files & Backups Agent + +## User Prompt +You are testing **{target}** for absurd misconfigurations exposing sensitive files. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Probe +- Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, `/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa` + +### 2. Confirm +- Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path) + +### 3. Loot +- Extract secrets/creds and hand them to the chainer for reuse β€” do not exfiltrate beyond proof + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Exposed Sensitive Files & Backups at [endpoint] +- Severity: High +- CWE: CWE-538 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Source/secret disclosure β†’ credential reuse / RCE +- Remediation: Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets +``` + +## System Prompt +You are a specialist in absurd misconfigurations exposing sensitive files. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_permissive_cors.md b/agents_md/vulns/misconfig_permissive_cors.md new file mode 100644 index 0000000..0d4aba7 --- /dev/null +++ b/agents_md/vulns/misconfig_permissive_cors.md @@ -0,0 +1,36 @@ +# Permissive CORS Misconfiguration Agent + +## User Prompt +You are testing **{target}** for insecure CORS allowing cross-origin credentialed reads. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Test reflection +- Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` and `Access-Control-Allow-Credentials` + +### 2. Classify +- Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low + +### 3. Confirm +- On authenticated endpoints, show a cross-origin credentialed read returning the victim's data + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Permissive CORS Misconfiguration at [endpoint] +- Severity: High +- CWE: CWE-942 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Cross-origin data theft +- Remediation: Allowlist origins server-side; never reflect Origin with credentials +``` + +## System Prompt +You are a specialist in insecure CORS allowing cross-origin credentialed reads. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/misconfig_verbose_errors.md b/agents_md/vulns/misconfig_verbose_errors.md new file mode 100644 index 0000000..c30de8b --- /dev/null +++ b/agents_md/vulns/misconfig_verbose_errors.md @@ -0,0 +1,36 @@ +# Verbose Errors / Stack Traces Agent + +## User Prompt +You are testing **{target}** for verbose error handling leaking internals. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Trigger +- Send malformed input / bad methods / type confusion to force errors + +### 2. Assess +- Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors + +### 3. Confirm +- Show a response leaking internal implementation detail + +### 4. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Verbose Errors / Stack Traces at [endpoint] +- Severity: Low +- CWE: CWE-209 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Info disclosure aiding targeted attacks +- Remediation: Generic error pages in prod; log details server-side only +``` + +## System Prompt +You are a specialist in verbose error handling leaking internals. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/poc_developer.md b/agents_md/vulns/poc_developer.md new file mode 100644 index 0000000..088ef66 --- /dev/null +++ b/agents_md/vulns/poc_developer.md @@ -0,0 +1,39 @@ +# Exploit PoC Developer Agent + +## User Prompt +You are testing **{target}** for issues that require a custom multi-step exploit or script to prove. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Decide +- When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, or a public CVE PoC is needed), develop a proof-of-concept script + +### 2. Build +- Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment (target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists β€” review it first + +### 3. Run & confirm +- Execute the PoC against the authorized target with benign/non-destructive payloads; capture output + +### 4. Report +- Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction) + +### 5. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Exploit PoC Developer at [endpoint] +- Severity: High +- CWE: CWE-1395 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Reproducible proof of the underlying vulnerability +- Remediation: N/A (methodology agent) β€” remediation follows the underlying issue +``` + +## System Prompt +You are a specialist in issues that require a custom multi-step exploit or script to prove. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/agents_md/vulns/rate_limit_abuse.md b/agents_md/vulns/rate_limit_abuse.md new file mode 100644 index 0000000..18b5d82 --- /dev/null +++ b/agents_md/vulns/rate_limit_abuse.md @@ -0,0 +1,39 @@ +# Rate Limiting & Anti-Automation Agent + +## User Prompt +You are testing **{target}** for missing rate limiting / anti-automation on sensitive flows. + +**Recon Context:** +{recon_json} + +**METHODOLOGY:** + +### 1. Target the right endpoints +- Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any expensive or messaging endpoint + +### 2. Controlled burst +- Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, Retry-After, progressive delay, or captcha β€” keep it non-disruptive (a control check, not DoS) + +### 3. Check headers +- Inspect for `RateLimit-*` / `Retry-After`; note their absence + +### 4. Confirm +- Report absence of throttling with the observed status distribution; chain with user-enumeration for password-spraying feasibility (do not actually brute-force out of scope) + +### 5. Report Format +For each CONFIRMED finding: +``` +FINDING: +- Title: Rate Limiting & Anti-Automation at [endpoint] +- Severity: Medium +- CWE: CWE-307 +- Endpoint: [full URL/resource] +- Vector: [what/where] +- Payload: [exact request/command] +- Evidence: [raw tool output proving it] +- Impact: Brute force / credential stuffing / password spraying / resource abuse +- Remediation: Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA +``` + +## System Prompt +You are a specialist in missing rate limiting / anti-automation on sensitive flows. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; never modify/delete/exfiltrate data or change state without explicit permission; on PII, prove with a single masked sample + a count, never dump. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders. diff --git a/neurosploit-rs/app/src/main.rs b/neurosploit-rs/app/src/main.rs index da2c2da..2737593 100644 --- a/neurosploit-rs/app/src/main.rs +++ b/neurosploit-rs/app/src/main.rs @@ -550,6 +550,19 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode: std::fs::create_dir_all(&workdir).ok(); cfg.workdir = Some(workdir.display().to_string()); cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string()); + // PoC scratch dir: agents write custom exploit scripts here (see doctrine). + let pocs = workdir.join("pocs"); + std::fs::create_dir_all(&pocs).ok(); + std::env::set_var("NEUROSPLOIT_POCS", pocs.display().to_string()); + // Local intercepting proxy (Burp/ZAP): agents route HTTP through it. Comes + // from cfg.proxy (REPL /proxy) or the NEUROSPLOIT_PROXY env var (CLI). + let proxy = cfg.proxy.clone() + .or_else(|| std::env::var("NEUROSPLOIT_PROXY").ok()) + .filter(|p| !p.trim().is_empty()); + if let Some(p) = proxy { + std::env::set_var("NEUROSPLOIT_PROXY", &p); + println!(" β”‚ proxy : {p} (traffic routed to Burp/ZAP for inspection)"); + } write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target)); println!(" β”Œβ”€ NeuroSploit v3.5.5 Β· by Joas A Santos & Red Team Leaders"); diff --git a/neurosploit-rs/app/src/repl.rs b/neurosploit-rs/app/src/repl.rs index 389aa56..070c3f2 100644 --- a/neurosploit-rs/app/src/repl.rs +++ b/neurosploit-rs/app/src/repl.rs @@ -119,7 +119,7 @@ struct LiveCheckpoint { const COMMANDS: &[&str] = &[ "/help", "/show", "/config", "/providers", "/model", "/key", "/sub", "/target", "/repo", "/auth", "/creds", "/focus", "/attach", "/context", "/mcp", "/offline", - "/votes", "/chain", "/timeout", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report", + "/votes", "/chain", "/timeout", "/proxy", "/burp", "/agents", "/theme", "/clear", "/run", "/stop", "/continue", "/runs", "/results", "/report", "/status", "/diff", "/retest", "/integrations", "/quit", ]; @@ -217,6 +217,8 @@ struct Session { /// Idle guardrail: stop a run if no NEW finding lands in this many seconds /// (0 = disabled). Set in minutes via `/timeout `. idle_secs: u64, + /// Local intercepting proxy (Burp/ZAP), e.g. http://127.0.0.1:8080. + proxy: Option, offline: bool, target: Option, repo: Option, @@ -237,6 +239,7 @@ impl Default for Session { max_agents: 0, chain_depth: 2, idle_secs: 300, // 5-minute idle guardrail by default + proxy: None, offline: false, target: None, repo: None, @@ -438,6 +441,15 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> { else { println!(" idle guardrail: stop if no new finding in {mins} min"); } } } + "/proxy" | "/burp" => { + match arg { + "" => println!(" proxy: {}", s.proxy.clone().unwrap_or_else(|| "(none) β€” route traffic to Burp/ZAP with /proxy , e.g. /proxy http://127.0.0.1:8080".into())), + "off" | "clear" | "none" => { s.proxy = None; println!(" proxy cleared β€” traffic goes direct"); } + "on" => { s.proxy = Some("http://127.0.0.1:8080".into()); println!(" proxy: http://127.0.0.1:8080 (default Burp) β€” agents route curl through it"); } + u => { let p = if u.starts_with("http") { u.to_string() } else { format!("http://{u}") }; + s.proxy = Some(p.clone()); println!(" proxy: {p} β€” agents route HTTP through it so you can inspect/replay in Burp"); } + } + } "/repo" => { if arg.is_empty() { println!(" repo: {}", s.repo.clone().unwrap_or_else(|| "(none) β€” set with /repo , clear with /repo clear".into())); } else if arg == "clear" { s.repo = None; println!(" repo cleared"); } @@ -742,6 +754,7 @@ async fn run(base: &Path, s: &Session, history: &mut Vec) { cfg.subscription = s.subscription; cfg.vote_n = s.vote_n; cfg.chain_depth = s.chain_depth; + cfg.proxy = s.proxy.clone(); cfg.max_agents = s.max_agents; cfg.verbose = true; cfg.offline = s.offline; @@ -795,6 +808,7 @@ async fn start_background(base: &Path, s: &Session, reader: &mut Reader, cfg.subscription = s.subscription; cfg.vote_n = s.vote_n; cfg.chain_depth = s.chain_depth; + cfg.proxy = s.proxy.clone(); cfg.max_agents = s.max_agents; cfg.verbose = true; cfg.offline = s.offline; @@ -1228,6 +1242,7 @@ fn show(s: &Session) { println!(" β”‚ repo : {}", s.repo.clone().unwrap_or_else(|| "(none)".into())); println!(" β”‚ auth : {}", s.auth.clone().unwrap_or_else(|| "(none)".into())); println!(" β”‚ creds : {}", s.creds.clone().unwrap_or_else(|| "(none)".into())); + println!(" β”‚ proxy : {}", s.proxy.clone().unwrap_or_else(|| "(none β€” /proxy for Burp/ZAP)".into())); println!(" β”‚ focus : {}", s.instructions.clone().unwrap_or_else(|| "(none β€” tests everything)".into())); println!(" β”‚ opts : mcp={} offline={} votes={} chain-depth={} max-agents={} idle-stop={}", onoff(s.mcp), onoff(s.offline), s.vote_n, s.chain_depth, s.max_agents, @@ -1289,6 +1304,7 @@ fn help() { h("/mcp on|off", "Playwright MCP browser /offline on|off self-test"); h("/votes ", "validator votes /chain attack-chain depth"); h("/timeout ", "idle guardrail: stop if no new finding in (0 = off)"); + h("/proxy |off", "route agent HTTP through Burp/ZAP (/burp = default :8080)"); h("/agents |list", "cap agents Β· list counts /theme color|mono"); h("/show (config)", "/clear /quit"); diff --git a/neurosploit-rs/crates/harness/src/pipeline.rs b/neurosploit-rs/crates/harness/src/pipeline.rs index 8ca5121..4ba0a4d 100644 --- a/neurosploit-rs/crates/harness/src/pipeline.rs +++ b/neurosploit-rs/crates/harness/src/pipeline.rs @@ -68,11 +68,61 @@ fn tool_doctrine(mcp_on: bool) -> String { Prefer `linkfinder`/`gau`/`katana` to harvest more URLs when present, else regex with `grep -Eo`.\n\ - REQUEST/RESPONSE ANALYSIS: read status codes, every header, Set-Cookie flags, content-type, body length \ and response timing; use DIFFERENTIALS (authenticated vs anonymous, valid vs invalid input, existing vs \ - missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence.\n\ + missing resource) and reflected input / verbose errors to infer behavior and CONFIRM issues with evidence. \ + Save full request/response pairs when they matter for the PoC.\n\ + - NUCLEI (fast, targeted β€” never a blind full scan): first fingerprint the stack, then run nuclei ONLY on \ + relevant templates, e.g. `nuclei -u -tags -severity critical,high,medium \ + -rl 50 -timeout 8 -retries 1` (or `-t ` for a suspected CVE). Prefer targeted \ + `-id`/`-tags` over the whole template set so it stays quick; confirm any hit manually with curl.\n\ + - MISCONFIG HUNTING: probe for absurd-but-common misconfigurations β€” exposed `.git`/`.env`/backup & config \ + files, directory listing, debug/actuator/trace endpoints, default & weak credentials, open admin panels, \ + permissive CORS, verbose stack traces, exposed dashboards (Kibana/Grafana/Jenkins/phpMyAdmin), and cloud \ + metadata (169.254.169.254) via SSRF.\n\ + - RATE-LIMIT / ANTI-AUTOMATION: on auth, password-reset, OTP and sensitive endpoints, send a controlled \ + burst (e.g. ~20-30 requests) and check for 429/lockout/Retry-After/backoff; report absence as a finding. \ + Keep bursts small and non-disruptive β€” this is a control check, not a DoS.\n\ + - TOOL DOWNLOAD (authorized): when a public PoC or scanner is needed you MAY `git clone` a specific PoC/exploit \ + repo or download a tool (`git clone`, `wget`, `pip install`, `go install`, `cargo install`) β€” use pinned, \ + reputable sources; review before running; never run destructive payloads.\n\ - {browser}\n\ - Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n" + - {proxy}{pocs}\ + Use only what is installed; degrade gracefully. Never run destructive or DoS actions.\n\n", + proxy = proxy_line(), + pocs = pocs_line(), ) } + +/// If a local proxy is configured (Burp/ZAP), tell agents to route HTTP through +/// it so the operator can inspect/replay traffic in Burp Suite. +fn proxy_line() -> String { + match std::env::var("NEUROSPLOIT_PROXY").ok().filter(|v| !v.trim().is_empty()) { + Some(p) => format!( + "PROXY: route ALL HTTP through the local intercepting proxy at {p} (Burp/ZAP) so the operator can \ + inspect & replay in Burp β€” add `--proxy {p} -k` to every curl (and set http(s)_proxy for other tools). \ + Send anything noteworthy through it for manual review.\n "), + None => String::new(), + } +} + +/// If a PoC directory is set, tell agents to save custom exploit scripts there. +fn pocs_line() -> String { + match std::env::var("NEUROSPLOIT_POCS").ok().filter(|v| !v.trim().is_empty()) { + Some(d) => format!( + "POCS: when an issue needs a custom multi-step exploit/script to prove it, WRITE a runnable PoC \ + (curl/python/bash) to {d}/ with a short header comment (target, what it proves, usage), run it to \ + confirm, and reference the file path in the finding evidence.\n "), + None => String::new(), + } +} + +/// Data-safety guardrail prepended to every exploit/chain prompt. +const SAFETY_DOCTRINE: &str = "DATA SAFETY (strict): prove impact WITHOUT harming data. Do NOT modify, delete, \ +overwrite, encrypt or exfiltrate data, create/alter/escalate accounts, or change configuration/state β€” unless the \ +operator has explicitly authorized that specific action. Read-only, minimal proof. If you encounter PII (names, \ +emails, CPF/SSN, phones, cards, tokens): confirm access with the SMALLEST possible sample and REDACT it in the \ +report (e.g. show 1 masked record + a count) β€” never dump, store, or transmit the dataset. Prefer benign markers \ +and OOB/echo checks over any state-changing payload. When unsure whether an action is safe, don't do it β€” report \ +it as reachable and stop.\n\n"; const VOTE_SYS: &str = "You are an adversarial security validator. Decide if the candidate finding is a REAL, reproducible, exploitable vulnerability whose EVIDENCE actually proves impact. Reject common false positives: input merely reflected but not executed; version/banner guesses with no working PoC; self-XSS; theoretical issues; an error message or stack trace mistaken for injection; missing, generic, or non-reproducible evidence; severity inflated beyond what the evidence demonstrates. Confirm only if the provided evidence (request/response) concretely proves the vulnerability. Reply with JSON {\"verdict\":\"confirmed\"|\"rejected\",\"reason\":\"...\"}. Default to rejected when uncertain."; /// Adversarial second pass for High/Critical findings: assume false positive /// until the evidence forces otherwise. A finding that can't withstand the @@ -195,13 +245,13 @@ pub async fn run(cfg: RunConfig, lib: &Library, pool: &ModelPool, tx: Sender, } fn default_vote() -> usize { @@ -159,6 +164,7 @@ impl RunConfig { repo: None, pinned: Vec::new(), chain_depth: 2, + proxy: None, } } } diff --git a/scripts/build_exploit_agents_v355.py b/scripts/build_exploit_agents_v355.py new file mode 100644 index 0000000..bc9a586 --- /dev/null +++ b/scripts/build_exploit_agents_v355.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python3 +""" +NeuroSploit v3.5.5 β€” misconfiguration, CVE-hunting, PoC-development & rate-limit +exploitation agents. Written to agents_md/vulns/. Read-only-first, non-destructive, +authorized only; PII must be handled per the data-safety guardrail. +Credits: Joas A Santos & Red Team Leaders. +""" +import os + +ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) +OUT = os.path.join(ROOT, "agents_md", "vulns") + + +def render(a): + L = [f"# {a['title']} Agent\n", "## User Prompt", + f"You are testing **{{target}}** for {a['for']}.\n", + "**Recon Context:**\n{recon_json}\n", "**METHODOLOGY:**\n"] + for i, (s, bs) in enumerate(a["steps"], 1): + L.append(f"### {i}. {s}") + L += [f"- {b}" for b in bs] + L.append("") + n = len(a["steps"]) + 1 + L += [f"### {n}. Report Format", "For each CONFIRMED finding:", "```", "FINDING:", + f"- Title: {a['title']} at [endpoint]", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}", + "- Endpoint: [full URL/resource]", "- Vector: [what/where]", "- Payload: [exact request/command]", + "- Evidence: [raw tool output proving it]", f"- Impact: {a['impact']}", + f"- Remediation: {a['fix']}", "```\n", "## System Prompt", a["system"]] + return "\n".join(L) + "\n" + + +def A(name, title, vc, cwe, sev, steps, fix, impact): + return {"name": name, "title": title, "for": vc, "sev": sev, "cwe": cwe, "impact": impact, + "fix": fix, "steps": steps, + "system": (f"You are a specialist in {vc}. AUTHORIZED engagement. Report ONLY what you proved with a " + "real tool receipt (raw output) β€” never a paraphrase or assumption. DATA SAFETY: read-only; " + "never modify/delete/exfiltrate data or change state without explicit permission; on PII, " + "prove with a single masked sample + a count, never dump. No destructive/DoS actions. " + "Credits: Joas A Santos and Red Team Leaders.")} + + +AGENTS = [ + # ---------- absurd misconfigurations ---------- + A("misconfig_exposed_files", "Exposed Sensitive Files & Backups", "absurd misconfigurations exposing sensitive files", + "CWE-538", "High", + [("Probe", ["Request common leaks: `/.env`, `/.git/config`, `/.git/HEAD`, `/config.php~`, `/wp-config.php.bak`, " + "`/backup.zip`, `/db.sql`, `/.htpasswd`, `/docker-compose.yml`, `/.aws/credentials`, `/id_rsa`"]), + ("Confirm", ["Show a 200 returning real secret/config/source content (differentiate from soft-404 with a random path)"]), + ("Loot", ["Extract secrets/creds and hand them to the chainer for reuse β€” do not exfiltrate beyond proof"])], + "Block dotfiles/backups at the web server/WAF; remove them from webroot; rotate leaked secrets", + "Source/secret disclosure β†’ credential reuse / RCE"), + A("misconfig_debug_endpoints", "Debug / Management Endpoints Exposed", "exposed debug and management endpoints", + "CWE-489", "High", + [("Probe", ["Check `/actuator/*` (env,heapdump,mappings), `/debug`, `/trace`, `/phpinfo.php`, `/server-status`, " + "`/metrics`, `/__debug__/`, `/console`, framework debug panels"]), + ("Assess", ["Harvest env vars/secrets, internal routes, heap/thread dumps, config"]), + ("Confirm", ["Show sensitive runtime data or an actionable management action reachable unauthenticated"])], + "Disable debug/management in prod; authenticate & network-restrict them", "Info disclosure β†’ RCE/takeover"), + A("misconfig_default_creds", "Default / Weak Credentials on Panels", "default or weak credentials on exposed panels", + "CWE-1392", "High", + [("Locate", ["Find admin/login panels (`/admin`, `/manager/html`, `/wp-login.php`, `/user/login`, device panels)"]), + ("Test (in scope)", ["Try vendor defaults & the supplied test creds; respect lockout/ROE β€” no out-of-scope brute force"]), + ("Confirm", ["Show authenticated access with a benign read"])], + "Remove defaults; enforce strong creds + MFA; restrict panel exposure", "Full component/app compromise"), + A("misconfig_dir_listing", "Directory Listing Enabled", "directory listing / index-of exposure", + "CWE-548", "Medium", + [("Probe", ["Request likely dirs (`/uploads/`, `/backup/`, `/files/`, `/.well-known/`, `/static/`) looking for `Index of /`"]), + ("Confirm", ["Show a listing revealing sensitive files; fetch one to prove readability"])], + "Disable autoindex (Options -Indexes / autoindex off); restrict access", "Information disclosure"), + A("misconfig_exposed_dashboards", "Exposed Ops Dashboards", "unauthenticated ops dashboards & consoles", + "CWE-1188", "High", + [("Discover", ["Probe Kibana/Elasticsearch (`/_cat/indices`), Grafana, Jenkins (`/script`), phpMyAdmin, RabbitMQ, " + "Prometheus, Consul, Swagger UI, GraphQL playground"]), + ("Assess", ["Determine unauthenticated access & sensitivity (data, RCE via Jenkins script console, etc.)"]), + ("Confirm", ["Demonstrate a read proving exposure (β†’ often data leak or RCE)"])], + "Authenticate & network-restrict all ops UIs; least privilege", "Data leak / RCE / takeover"), + A("misconfig_permissive_cors", "Permissive CORS Misconfiguration", "insecure CORS allowing cross-origin credentialed reads", + "CWE-942", "High", + [("Test reflection", ["Send `Origin: https://evil.example` and a `null` origin; inspect `Access-Control-Allow-Origin` " + "and `Access-Control-Allow-Credentials`"]), + ("Classify", ["Reflected arbitrary origin + credentials = exploitable; literal `*` without creds = low"]), + ("Confirm", ["On authenticated endpoints, show a cross-origin credentialed read returning the victim's data"])], + "Allowlist origins server-side; never reflect Origin with credentials", "Cross-origin data theft"), + A("misconfig_verbose_errors", "Verbose Errors / Stack Traces", "verbose error handling leaking internals", + "CWE-209", "Low", + [("Trigger", ["Send malformed input / bad methods / type confusion to force errors"]), + ("Assess", ["Capture stack traces, framework/class names, file paths, SQL, versions, tokens in errors"]), + ("Confirm", ["Show a response leaking internal implementation detail"])], + "Generic error pages in prod; log details server-side only", "Info disclosure aiding targeted attacks"), + + # ---------- CVE hunting ---------- + A("cve_hunter", "CVE Hunter", "known CVEs affecting the detected components", + "CWE-1395", "Critical", + [("Fingerprint", ["From recon, list each component with its EXACT version (server, framework, CMS, plugins, JS libs)"]), + ("Correlate", ["Map versions to known CVEs; prioritise unauth RCE / SQLi / auth-bypass. Use `nuclei` with TARGETED " + "templates/tags for the detected tech & CVE ids (fast, not a blind full scan), plus `searchsploit` " + "and the NVD; note CVE id + CVSS"]), + ("Reproduce safely", ["Run a benign, non-destructive PoC (version/echo/OOB) to confirm the CVE is actually present; " + "if a working public PoC exists you MAY clone it (git clone) and adapt β€” never a destructive payload"]), + ("Confirm", ["Report the CVE ONLY with concrete proof; otherwise 'potentially vulnerable (version match, unconfirmed)'"])], + "Patch/upgrade affected components; apply vendor advisories", "Depends on CVE β€” up to full compromise"), + + # ---------- PoC development ---------- + A("poc_developer", "Exploit PoC Developer", "issues that require a custom multi-step exploit or script to prove", + "CWE-1395", "High", + [("Decide", ["When a candidate issue can't be shown with a single curl (multi-step, timing, encoding, chaining, " + "or a public CVE PoC is needed), develop a proof-of-concept script"]), + ("Build", ["Write a runnable PoC (bash/python/curl) to the run's `$NEUROSPLOIT_POCS` directory with a header comment " + "(target, what it proves, usage). Reuse a reputable public PoC via `git clone` when one exists β€” review it first"]), + ("Run & confirm", ["Execute the PoC against the authorized target with benign/non-destructive payloads; capture output"]), + ("Report", ["Reference the PoC file path in the finding evidence; keep it reproducible and safe (no data destruction)"])], + "N/A (methodology agent) β€” remediation follows the underlying issue", "Reproducible proof of the underlying vulnerability"), + + # ---------- rate limiting / anti-automation ---------- + A("rate_limit_abuse", "Rate Limiting & Anti-Automation", "missing rate limiting / anti-automation on sensitive flows", + "CWE-307", "Medium", + [("Target the right endpoints", ["Login, password-reset/forgot, OTP/2FA verify, registration, token/refresh, and any " + "expensive or messaging endpoint"]), + ("Controlled burst", ["Send a small controlled burst (~20-30 requests) and watch for 429, temporary lockout, " + "Retry-After, progressive delay, or captcha β€” keep it non-disruptive (a control check, not DoS)"]), + ("Check headers", ["Inspect for `RateLimit-*` / `Retry-After`; note their absence"]), + ("Confirm", ["Report absence of throttling with the observed status distribution; chain with user-enumeration " + "for password-spraying feasibility (do not actually brute-force out of scope)"])], + "Rate limit per IP/account/session; lockout + backoff; captcha; 429 + Retry-After; MFA", + "Brute force / credential stuffing / password spraying / resource abuse"), +] + + +def main(): + os.makedirs(OUT, exist_ok=True) + for a in AGENTS: + open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a)) + print(f"wrote {len(AGENTS)} exploit/misconfig/CVE/poc/rate-limit agents to {OUT}") + + +if __name__ == "__main__": + main()