mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-06 03:17:52 +02:00
misconfig/CVE/PoC/rate-limit agents, data-safety guardrail, Burp proxy, PoC dir
Agents (+10 → library 375): absurd-misconfig hunters (exposed .git/.env/backups, debug/actuator, default creds, dir listing, ops dashboards, permissive CORS, verbose errors), a CVE Hunter (fingerprint → correlate → safe PoC), a PoC Developer (writes runnable scripts to the run's pocs/), and a Rate-Limit tester. Doctrine (pipeline): - SAFETY_DOCTRINE injected into every exploit/chain/host prompt: no modify/delete/ exfiltrate/state-change without permission; on PII prove with a masked sample + count, never dump. - tool_doctrine adds: smart targeted nuclei (fingerprint-first, -tags/-id, rate/ timeouts), misconfig hunting, rate-limit control checks, authorized tool download (git clone PoC repos / fetch scanners), Burp/ZAP proxy routing, and a per-run PoC workspace. Harness/CLI/REPL: - RunConfig.proxy; spawn_engagement creates <workdir>/pocs and exports NEUROSPLOIT_POCS + NEUROSPLOIT_PROXY (proxy from cfg or the env var). - REPL /proxy <url> and /burp (Session.proxy); /show shows proxy. Docs: README highlights + Cloud/counts (375), RELEASE v3.5.5 sections.
This commit is contained in:
+30
-5
@@ -10,14 +10,16 @@
|
||||
## TL;DR
|
||||
|
||||
v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class
|
||||
credential connection and **17 new cloud agents**, a much more capable and
|
||||
navigable **REPL** (idle guardrail, multi-target, results browser), **deeper
|
||||
recon** (downloads & analyzes JS, request/response differentials), and a fix for
|
||||
garbled interactive line-editing.
|
||||
credential connection, **27 new agents** (17 cloud + 10 misconfig/CVE/PoC/rate-
|
||||
limit → library **375**), a much more capable and navigable **REPL** (idle
|
||||
guardrail, multi-target, results browser), **deeper recon** (downloads & analyzes
|
||||
JS, request/response differentials, smart nuclei), **Burp/ZAP proxy** support, a
|
||||
**PoC** workspace, a strict **data-safety/PII guardrail**, and a fix for garbled
|
||||
interactive line-editing.
|
||||
|
||||
## Cloud testing
|
||||
|
||||
- **+17 cloud agents (library now 365).** AWS, GCP and Azure specialists in
|
||||
- **+17 cloud agents.** AWS, GCP and Azure specialists in
|
||||
`agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure
|
||||
(S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager /
|
||||
Secret Manager / Key Vault), service-account & service-principal abuse, and
|
||||
@@ -67,6 +69,29 @@ garbled interactive line-editing.
|
||||
all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and
|
||||
valid-vs-invalid comparisons) — applied to both recon and exploitation.
|
||||
|
||||
## Exploitation depth, safety & Burp
|
||||
|
||||
- **+10 exploitation agents.** Absurd-misconfig hunters (exposed `.git`/`.env`/
|
||||
backups, debug/actuator endpoints, default creds, directory listing, exposed
|
||||
ops dashboards, permissive CORS, verbose errors), a **CVE Hunter** (fingerprint
|
||||
→ correlate → safe PoC), a **PoC Developer** (writes runnable exploit scripts),
|
||||
and a **Rate-Limit / Anti-Automation** tester.
|
||||
- **Data-safety / PII guardrail** injected into every exploit/chain/host prompt:
|
||||
no modifying, deleting, exfiltrating data or changing state without explicit
|
||||
permission; on PII, prove with a single **masked** sample + a count — never
|
||||
dump. When unsure an action is safe, don't do it.
|
||||
- **Smart nuclei in recon** — fingerprint first, then run nuclei on **targeted**
|
||||
templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan).
|
||||
- **Burp/ZAP proxy** — `/proxy <url>` (or `/burp`, default `:8080`) in the REPL,
|
||||
or the `NEUROSPLOIT_PROXY` env var. Agents route curl through it (`--proxy … -k`)
|
||||
so you can inspect/replay traffic in Burp Suite while the test runs.
|
||||
- **PoC workspace** — each run gets a `pocs/` directory (`$NEUROSPLOIT_POCS`);
|
||||
agents save custom, reproducible exploit scripts there and cite them as evidence.
|
||||
- **Tool download** (authorized) — agents may `git clone` a specific public PoC/
|
||||
exploit repo or download a scanner when needed (reputable/pinned, reviewed).
|
||||
- **Rate-limit testing** is a first-class control check (small non-disruptive
|
||||
burst → look for 429/lockout/Retry-After), never a DoS.
|
||||
|
||||
## Notes
|
||||
|
||||
- Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
|
||||
|
||||
Reference in New Issue
Block a user