mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-09 20:58:38 +02:00
v3.3.0 GUI dashboard + reports + model expansion + root fix
Engine:
- Fix: inject IS_SANDBOX=1 so Claude Code's --dangerously-skip-permissions
works under root (real backend runs were exiting rc=1 immediately)
- models: expand to 40 models / 13 providers, tagged CLI vs API
(NVIDIA NIM, DeepSeek, Mistral, Qwen/DashScope, Groq, Together, OpenRouter,
Ollama, Gemini) — Qwen/DeepSeek/Llama usable via API
- backends: on_start callback surfaces the exact argv ("what runs behind it")
- orchestrator: require a Playwright screenshot per confirmed finding; collect
results/activity.json; auto-generate reports after a run
- report.py: HTML always + PDF via Typst engine (.typ source emitted too)
Web dashboard (webgui/, stdlib only — no npm/build):
- Sidebar dashboard (PentAGI-style): Run / Agents / Insights / Reports / Settings
- Multi-target runs; live execution console + per-task activity; finding cards
with screenshots; backend+provider+model pickers (CLI & API)
- Agents tab: browse 213 + add new .md agents from the UI
- Insights: interactive RL-weight + severity charts
- Reports: download/preview PDF + HTML
- Settings/API: execution mode, per-provider API keys, orchestrator, verbosity
- Endpoints: /api/agents (GET/POST), /api/rl, /api/config, /api/reports,
/reports/* + /shots/* static serving
Cleanup: retire replaced web stack (frontend React, FastAPI backend, core
orchestration, old test) to legacy/. Active engine + GUI are fully standalone.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Executable
+94
@@ -0,0 +1,94 @@
|
||||
"""
|
||||
NeuroSploit v3 - Vulnerability Lab Challenge Model
|
||||
|
||||
Tracks isolated vulnerability testing sessions (labs, CTFs, PortSwigger, etc.)
|
||||
"""
|
||||
from datetime import datetime
|
||||
from typing import Optional, List
|
||||
from sqlalchemy import String, Integer, Float, Boolean, DateTime, Text, JSON, ForeignKey
|
||||
from sqlalchemy.orm import Mapped, mapped_column
|
||||
from backend.db.database import Base
|
||||
import uuid
|
||||
|
||||
|
||||
class VulnLabChallenge(Base):
|
||||
"""Individual vulnerability lab/challenge test record"""
|
||||
__tablename__ = "vuln_lab_challenges"
|
||||
|
||||
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
|
||||
|
||||
# Target info
|
||||
target_url: Mapped[str] = mapped_column(Text)
|
||||
challenge_name: Mapped[Optional[str]] = mapped_column(String(255), nullable=True)
|
||||
|
||||
# Vulnerability scope
|
||||
vuln_type: Mapped[str] = mapped_column(String(100)) # e.g. xss_reflected, sqli_union
|
||||
vuln_category: Mapped[Optional[str]] = mapped_column(String(50), nullable=True) # injection, auth, client_side, etc.
|
||||
|
||||
# Authentication
|
||||
auth_type: Mapped[Optional[str]] = mapped_column(String(20), nullable=True) # cookie, bearer, basic, header
|
||||
auth_value: Mapped[Optional[str]] = mapped_column(Text, nullable=True)
|
||||
|
||||
# Execution state
|
||||
status: Mapped[str] = mapped_column(String(20), default="pending") # pending, running, completed, failed, stopped
|
||||
result: Mapped[Optional[str]] = mapped_column(String(20), nullable=True) # detected, not_detected, error
|
||||
|
||||
# Agent linkage
|
||||
agent_id: Mapped[Optional[str]] = mapped_column(String(36), nullable=True)
|
||||
scan_id: Mapped[Optional[str]] = mapped_column(String(36), nullable=True)
|
||||
|
||||
# Results
|
||||
findings_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
critical_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
high_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
medium_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
low_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
info_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
|
||||
# Findings detail (JSON list of finding summaries)
|
||||
findings_detail: Mapped[List] = mapped_column(JSON, default=list)
|
||||
|
||||
# Timing
|
||||
started_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
|
||||
completed_at: Mapped[Optional[datetime]] = mapped_column(DateTime, nullable=True)
|
||||
duration: Mapped[Optional[int]] = mapped_column(Integer, nullable=True) # seconds
|
||||
|
||||
# Notes
|
||||
notes: Mapped[Optional[str]] = mapped_column(Text, nullable=True)
|
||||
|
||||
# Logs (JSON list of log entries persisted after completion)
|
||||
logs: Mapped[List] = mapped_column(JSON, default=list)
|
||||
|
||||
# Endpoints discovered count
|
||||
endpoints_count: Mapped[int] = mapped_column(Integer, default=0)
|
||||
|
||||
# Timestamps
|
||||
created_at: Mapped[datetime] = mapped_column(DateTime, default=datetime.utcnow)
|
||||
|
||||
def to_dict(self) -> dict:
|
||||
return {
|
||||
"id": self.id,
|
||||
"target_url": self.target_url,
|
||||
"challenge_name": self.challenge_name,
|
||||
"vuln_type": self.vuln_type,
|
||||
"vuln_category": self.vuln_category,
|
||||
"auth_type": self.auth_type,
|
||||
"status": self.status,
|
||||
"result": self.result,
|
||||
"agent_id": self.agent_id,
|
||||
"scan_id": self.scan_id,
|
||||
"findings_count": self.findings_count,
|
||||
"critical_count": self.critical_count,
|
||||
"high_count": self.high_count,
|
||||
"medium_count": self.medium_count,
|
||||
"low_count": self.low_count,
|
||||
"info_count": self.info_count,
|
||||
"findings_detail": self.findings_detail or [],
|
||||
"started_at": self.started_at.isoformat() if self.started_at else None,
|
||||
"completed_at": self.completed_at.isoformat() if self.completed_at else None,
|
||||
"duration": self.duration,
|
||||
"notes": self.notes,
|
||||
"logs": self.logs or [],
|
||||
"endpoints_count": self.endpoints_count,
|
||||
"created_at": self.created_at.isoformat() if self.created_at else None,
|
||||
}
|
||||
Reference in New Issue
Block a user