CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-30 16:10:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform

Browse Source 
116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
This commit is contained in:
CyberSecurityUP
2026-02-22 17:58:12 -03:00
commit e0935793c5
271 changed files with 132462 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
config/config-example.json Executable file
View File

@@ -0,0 +1,50 @@
{
"llm": {
"provider": "gemini",
"model": "gemini-pro",
"api_key": "",
"temperature": 0.7,
"max_tokens": 4096
},
"agents": {
"recon": {
"enabled": true,
"priority": 1
},
"exploitation": {
"enabled": true,
"priority": 2
},
"privilege_escalation": {
"enabled": true,
"priority": 3
},
"persistence": {
"enabled": true,
"priority": 4
},
"lateral_movement": {
"enabled": true,
"priority": 5
}
},
"methodologies": {
"owasp_top10": true,
"cwe_top25": true,
"network_pentest": true,
"ad_pentest": true,
"web_security": true
},
"tools": {
"nmap": "/usr/bin/nmap",
"metasploit": "/usr/bin/msfconsole",
"burpsuite": "/usr/bin/burpsuite",
"sqlmap": "/usr/bin/sqlmap",
"hydra": "/usr/bin/hydra"
},
"output": {
"format": "json",
"verbose": true,
"save_artifacts": true
}
}

114
config/config.json Executable file
View File

@@ -0,0 +1,114 @@
{
"llm": {
"default_profile": "gemini_pro_default",
"profiles": {
"gemini_pro_default": {
"provider": "gemini",
"model": "gemini-pro",
"api_key": "${GEMINI_API_KEY}",
"temperature": 0.7,
"max_tokens": 4096,
"input_token_limit": 30720,
"output_token_limit": 2048,
"cache_enabled": true,
"search_context_level": "medium",
"pdf_support_enabled": true,
"guardrails_enabled": true,
"hallucination_mitigation_strategy": "consistency_check"
}
}
},
"agent_roles": {
"pentest_generalist": {
"enabled": true,
"tools_allowed": [
"nmap",
"metasploit",
"burpsuite",
"sqlmap",
"hydra"
],
"description": "Performs comprehensive penetration tests across various domains.",
"methodology": ["OWASP-WSTG", "PTES", "OWASP-Top10-2021"],
"default_prompt": "auto_pentest",
"vuln_coverage": 100,
"ai_prompts": true
},
"bug_bounty_hunter": {
"enabled": true,
"tools_allowed": [
"subfinder",
"nuclei",
"burpsuite",
"sqlmap"
],
"description": "Focuses on web application vulnerabilities with 100 vuln types.",
"methodology": ["OWASP-WSTG", "OWASP-Top10-2021"],
"default_prompt": "auto_pentest",
"vuln_coverage": 100,
"ai_prompts": true
}
},
"methodologies": {
"owasp_top10": true,
"cwe_top25": true,
"network_pentest": true,
"ad_pentest": true,
"web_security": true
},
"tools": {
"nmap": "/usr/bin/nmap",
"metasploit": "/usr/bin/msfconsole",
"burpsuite": "/usr/bin/burpsuite",
"sqlmap": "/usr/bin/sqlmap",
"hydra": "/usr/bin/hydra"
},
"mcp_servers": {
"neurosploit_tools": {
"transport": "stdio",
"command": "python3",
"args": ["-m", "core.mcp_server"],
"description": "NeuroSploit pentest tools: screenshots, payload delivery, DNS, port scan, tech detect, subdomain enum, findings, AI prompts, Nuclei scanner, Naabu port scanner, sandbox execution"
}
},
"sandbox": {
"enabled": false,
"mode": "per_scan",
"image": "neurosploit-sandbox:latest",
"container_name": "neurosploit-sandbox",
"auto_start": false,
"kali": {
"enabled": true,
"image": "neurosploit-kali:latest",
"max_concurrent": 5,
"container_ttl_minutes": 60,
"auto_cleanup_orphans": true
},
"resources": {
"memory_limit": "2g",
"cpu_limit": 2.0
},
"tools": [
"nuclei", "naabu", "nmap", "httpx", "subfinder", "katana",
"dnsx", "ffuf", "gobuster", "dalfox", "nikto", "sqlmap",
"whatweb", "curl", "dig", "whois", "masscan", "dirsearch",
"wfuzz", "arjun", "wafw00f", "waybackurls"
],
"nuclei": {
"rate_limit": 150,
"timeout": 600,
"severity_filter": "critical,high,medium",
"auto_update_templates": true
},
"naabu": {
"rate": 1000,
"top_ports": 1000,
"timeout": 300
}
},
"output": {
"format": "json",
"verbose": true,
"save_artifacts": true
}
}

154
config/config2.json Executable file
View File

@@ -0,0 +1,154 @@
{
"llm": {
"default_profile": "gemini_pro_default",
"profiles": {
"ollama_llama3_default": {
"provider": "ollama",
"model": "llama3:8b",
"api_key": "",
"temperature": 0.7,
"max_tokens": 4096,
"input_token_limit": 8000,
"output_token_limit": 4000,
"cache_enabled": true,
"search_context_level": "medium",
"pdf_support_enabled": false,
"guardrails_enabled": true,
"hallucination_mitigation_strategy": null
},
"gemini_pro_default": {
"provider": "gemini",
"model": "gemini-pro",
"api_key": "${GEMINI_API_KEY}",
"temperature": 0.7,
"max_tokens": 4096,
"input_token_limit": 30720,
"output_token_limit": 2048,
"cache_enabled": true,
"search_context_level": "medium",
"pdf_support_enabled": true,
"guardrails_enabled": true,
"hallucination_mitigation_strategy": "consistency_check"
},
"claude_opus_default": {
"provider": "claude",
"model": "claude-3-opus-20240229",
"api_key": "${ANTHROPIC_API_KEY}",
"temperature": 0.7,
"max_tokens": 4096,
"input_token_limit": 200000,
"output_token_limit": 4096,
"cache_enabled": true,
"search_context_level": "high",
"pdf_support_enabled": true,
"guardrails_enabled": true,
"hallucination_mitigation_strategy": "self_reflection"
},
"gpt_4o_default": {
"provider": "gpt",
"model": "gpt-4o",
"api_key": "${OPENAI_API_KEY}",
"temperature": 0.7,
"max_tokens": 4096,
"input_token_limit": 128000,
"output_token_limit": 4096,
"cache_enabled": true,
"search_context_level": "high",
"pdf_support_enabled": true,
"guardrails_enabled": true,
"hallucination_mitigation_strategy": "consistency_check"
}
}
},
"agent_roles": {
"bug_bounty_hunter": {
"enabled": true,
"tools_allowed": [
"subfinder",
"nuclei",
"burpsuite",
"sqlmap"
],
"description": "Focuses on web application vulnerabilities, leveraging recon and exploitation tools."
},
"blue_team_agent": {
"enabled": true,
"tools_allowed": [],
"description": "Analyzes logs and telemetry for threats, provides defensive strategies."
},
"exploit_expert": {
"enabled": true,
"tools_allowed": [
"metasploit",
"nmap"
],
"description": "Devises exploitation strategies and payloads for identified vulnerabilities."
},
"red_team_agent": {
"enabled": true,
"tools_allowed": [
"nmap",
"metasploit",
"hydra"
],
"description": "Plans and executes simulated attacks to test an organization's defenses."
},
"replay_attack_specialist": {
"enabled": true,
"tools_allowed": [
"burpsuite"
],
"description": "Identifies and leverages replay attack vectors in network traffic or authentication."
},
"pentest_generalist": {
"enabled": true,
"tools_allowed": [
"nmap",
"subfinder",
"nuclei",
"metasploit",
"burpsuite",
"sqlmap",
"hydra"
],
"description": "Performs comprehensive penetration tests across various domains."
},
"owasp_expert": {
"enabled": true,
"tools_allowed": [
"burpsuite",
"sqlmap"
],
"description": "Specializes in assessing web applications against OWASP Top 10 vulnerabilities."
},
"cwe_expert": {
"enabled": true,
"tools_allowed": [],
"description": "Analyzes code and reports for weaknesses based on MITRE CWE Top 25."
},
"malware_analyst": {
"enabled": true,
"tools_allowed": [],
"description": "Examines malware samples to understand functionality and identify IOCs."
}
},
"methodologies": {
"owasp_top10": true,
"cwe_top25": true,
"network_pentest": true,
"ad_pentest": true,
"web_security": true
},
"tools": {
"nmap": "/usr/bin/nmap",
"metasploit": "/usr/bin/msfconsole",
"burpsuite": "/usr/bin/burpsuite",
"sqlmap": "/usr/bin/sqlmap",
"hydra": "/usr/bin/hydra"
},
"output": {
"format": "json",
"verbose": true,
"save_artifacts": true
}
}