NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform

116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates

tools/lateral_movement/__init__.py

@@ -0,0 +1,9 @@
+"""
+Lateral Movement Tools
+Contains modules for moving laterally across networks
+"""
+
+from .smb_lateral import SMBLateral
+from .ssh_lateral import SSHLateral
+
+__all__ = ['SMBLateral', 'SSHLateral']

tools/lateral_movement/smb_lateral.py

@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+"""
+SMB Lateral Movement - Techniques for lateral movement via SMB/CIFS
+"""
+import logging
+from typing import Dict, List
+
+logger = logging.getLogger(__name__)
+
+class SMBLateral:
+    """
+    SMB-based lateral movement techniques including
+    pass-the-hash, share enumeration, and remote execution.
+    """
+    def __init__(self, config: Dict):
+        """
+        Initializes SMBLateral movement module.
+
+        Args:
+            config (Dict): Configuration dictionary
+        """
+        self.config = config
+        logger.info("SMBLateral module initialized")
+
+    def enumerate_shares(self, target: str, username: str = None, password: str = None) -> Dict:
+        """
+        Enumerate SMB shares on target system.
+
+        Args:
+            target (str): Target IP or hostname
+            username (str): Username for authentication
+            password (str): Password for authentication
+
+        Returns:
+            Dict: Share enumeration results
+        """
+        logger.info(f"Enumerating SMB shares on {target}")
+
+        # This is a framework method - actual implementation would use
+        # tools like smbclient, crackmapexec, or impacket
+        results = {
+            "target": target,
+            "shares": [],
+            "accessible_shares": [],
+            "notes": "SMB enumeration requires external tools (smbclient, crackmapexec, impacket)"
+        }
+
+        logger.warning("SMB share enumeration requires external tools to be configured")
+        return results
+
+    def pass_the_hash(self, target: str, username: str, ntlm_hash: str) -> Dict:
+        """
+        Attempt pass-the-hash authentication.
+
+        Args:
+            target (str): Target IP or hostname
+            username (str): Username
+            ntlm_hash (str): NTLM hash
+
+        Returns:
+            Dict: Authentication attempt results
+        """
+        logger.info(f"Attempting pass-the-hash to {target} as {username}")
+
+        results = {
+            "target": target,
+            "username": username,
+            "method": "pass-the-hash",
+            "success": False,
+            "notes": "Implementation requires impacket or crackmapexec"
+        }
+
+        logger.warning("Pass-the-hash requires external tools (impacket, crackmapexec)")
+        return results
+
+    def execute_remote_command(self, target: str, command: str, credentials: Dict) -> Dict:
+        """
+        Execute command remotely via SMB.
+
+        Args:
+            target (str): Target IP or hostname
+            command (str): Command to execute
+            credentials (Dict): Authentication credentials
+
+        Returns:
+            Dict: Command execution results
+        """
+        logger.info(f"Attempting remote command execution on {target}")
+
+        results = {
+            "target": target,
+            "command": command,
+            "output": "",
+            "success": False,
+            "notes": "Remote execution requires psexec/wmiexec (impacket)"
+        }
+
+        logger.warning("Remote command execution requires external tools")
+        return results

tools/lateral_movement/ssh_lateral.py

@@ -0,0 +1,107 @@
+#!/usr/bin/env python3
+"""
+SSH Lateral Movement - Techniques for lateral movement via SSH
+"""
+import logging
+from typing import Dict, List
+import socket
+
+logger = logging.getLogger(__name__)
+
+class SSHLateral:
+    """
+    SSH-based lateral movement techniques including
+    key-based authentication, password spraying, and tunneling.
+    """
+    def __init__(self, config: Dict):
+        """
+        Initializes SSHLateral movement module.
+
+        Args:
+            config (Dict): Configuration dictionary
+        """
+        self.config = config
+        logger.info("SSHLateral module initialized")
+
+    def check_ssh_access(self, target: str, port: int = 22) -> bool:
+        """
+        Check if SSH is accessible on target.
+
+        Args:
+            target (str): Target IP or hostname
+            port (int): SSH port (default 22)
+
+        Returns:
+            bool: True if SSH is accessible
+        """
+        try:
+            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            sock.settimeout(5)
+            result = sock.connect_ex((target, port))
+            sock.close()
+
+            if result == 0:
+                logger.info(f"SSH port {port} is open on {target}")
+                return True
+            else:
+                logger.info(f"SSH port {port} is closed on {target}")
+                return False
+        except Exception as e:
+            logger.error(f"Error checking SSH access: {e}")
+            return False
+
+    def enumerate_ssh_keys(self, target: str, username: str) -> Dict:
+        """
+        Enumerate potential SSH key locations.
+
+        Args:
+            target (str): Target IP or hostname
+            username (str): Target username
+
+        Returns:
+            Dict: SSH key enumeration results
+        """
+        logger.info(f"Enumerating SSH keys for {username}@{target}")
+
+        common_key_paths = [
+            f"/home/{username}/.ssh/id_rsa",
+            f"/home/{username}/.ssh/id_ed25519",
+            f"/home/{username}/.ssh/id_ecdsa",
+            f"/root/.ssh/id_rsa",
+            f"/root/.ssh/authorized_keys"
+        ]
+
+        results = {
+            "target": target,
+            "username": username,
+            "common_paths": common_key_paths,
+            "notes": "Key extraction requires existing access to target system"
+        }
+
+        return results
+
+    def create_ssh_tunnel(self, target: str, local_port: int, remote_host: str, remote_port: int) -> Dict:
+        """
+        Create SSH tunnel for pivoting.
+
+        Args:
+            target (str): SSH server to tunnel through
+            local_port (int): Local port to bind
+            remote_host (str): Remote host to reach
+            remote_port (int): Remote port to reach
+
+        Returns:
+            Dict: Tunnel creation results
+        """
+        logger.info(f"Creating SSH tunnel: localhost:{local_port} -> {target} -> {remote_host}:{remote_port}")
+
+        results = {
+            "tunnel_type": "ssh_forward",
+            "local_port": local_port,
+            "remote_host": remote_host,
+            "remote_port": remote_port,
+            "notes": "SSH tunneling requires paramiko or external ssh command"
+        }
+
+        logger.warning("SSH tunneling requires paramiko library or ssh binary")
+        return results