mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-02 17:45:46 +02:00
v3.5.4 — Robust attack chaining & false-positive reduction
Bundles the multi-round post-exploitation attack-chaining engine (attack_chain: per-foothold decisions, loot carried forward, validate-before-pivot, loop-until- dry, --chain-depth) and the false-positive controls (robust verdict parsing, severity-aware quorum, adversarial refute pass, stronger validator prompt). Version bumped 3.5.3 -> 3.5.4; README/RELEASE updated.
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
<h1 align="center">🧠 NeuroSploit v3.5.3</h1>
|
||||
<h1 align="center">🧠 NeuroSploit v3.5.4</h1>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://github.com/JoasASantos/NeuroSploit/stargazers"><img src="https://img.shields.io/github/stars/JoasASantos/NeuroSploit?style=for-the-badge&logo=github&color=8b5cf6" alt="Stars"></a>
|
||||
@@ -8,7 +8,7 @@
|
||||
</p>
|
||||
|
||||
<p align="center">
|
||||
<img src="https://img.shields.io/badge/Version-3.5.3-blue?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Version-3.5.4-blue?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/Harness-Rust%20%7C%20tokio-e6b673?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/License-MIT-green?style=flat-square">
|
||||
<img src="https://img.shields.io/badge/MD%20Agents-329-red?style=flat-square">
|
||||
@@ -24,12 +24,14 @@
|
||||
>
|
||||
> 📖 **New here? Read the [full Tutorial & User Guide →](TUTORIAL.md)** — every mode, flag, config and example explained.
|
||||
|
||||
> 🆕 **New in v3.5.3 — Integrations:** connect **GitHub / GitLab** (clone private
|
||||
> repos, review a **Pull Request's** code, **watch** a branch and re-review on
|
||||
> every commit) and **Jira** (open a vulnerability **card per finding**). Toggle
|
||||
> them with **`/integrations`** in the REPL or `neurosploit integrations`. Full
|
||||
> setup in **[TUTORIAL-INTEGRATION.md](TUTORIAL-INTEGRATION.md)**.
|
||||
> *(v3.5.2 added the DEPTH doctrine + report-hygiene pass — see [RELEASE.md](RELEASE.md).)*
|
||||
> 🆕 **New in v3.5.4 — Robust attack chaining + fewer false positives:** a
|
||||
> multi-round, decision-driven **post-exploitation** engine takes each confirmed
|
||||
> foothold and expands new directions (cred reuse, privesc, lateral movement,
|
||||
> exfil, new surface), carrying **loot** forward across rounds (`--chain-depth`).
|
||||
> Validation is now **severity-aware** (High/Critical need ≥2 validators & ≥2/3
|
||||
> agreement) with an **adversarial refute pass** that drops findings that can't
|
||||
> withstand a skeptic.
|
||||
> *(v3.5.3 added GitHub/GitLab/Jira **[integrations](TUTORIAL-INTEGRATION.md)**; v3.5.2 the DEPTH doctrine + report-hygiene pass — see [RELEASE.md](RELEASE.md).)*
|
||||
|
||||
---
|
||||
|
||||
|
||||
+62
@@ -1,3 +1,65 @@
|
||||
# NeuroSploit v3.5.4 — Release Notes
|
||||
|
||||
**Release Date:** July 2026
|
||||
**Codename:** Robust Attack Chaining & False-Positive Reduction
|
||||
**License:** MIT
|
||||
**Credits:** Joas A Santos & Red Team Leaders
|
||||
|
||||
---
|
||||
|
||||
## TL;DR
|
||||
|
||||
v3.5.4 makes NeuroSploit both **deeper** and **more precise**: a real multi-round
|
||||
**post-exploitation attack-chaining** engine that expands each foothold in new
|
||||
directions, plus stronger **false-positive** controls so what it reports is
|
||||
trustworthy.
|
||||
|
||||
## Attack chaining (robust, decision-driven)
|
||||
|
||||
Replaces the old single-shot chainer with **`attack_chain()`** — an iterative,
|
||||
per-foothold pivot engine:
|
||||
|
||||
- **Per-foothold decisions.** Each round takes the newest confirmed footholds
|
||||
(best-first, capped per round) and, for **each one**, an agent decides which
|
||||
directions to expand and proves new impact: **post-exploitation** (loot
|
||||
creds/keys/config/source), **credential reuse**, **privilege escalation**
|
||||
(horizontal & vertical), **lateral movement** to adjacent services/hosts,
|
||||
**data exfiltration**, and **new attack surface** the foothold exposes.
|
||||
- **Loot carried forward.** Credentials/tokens/hosts/endpoints discovered in one
|
||||
round are passed to later rounds and reused (agent returns
|
||||
`{"findings":[...],"loot":[...]}`), so the engine genuinely pivots in new
|
||||
directions instead of re-testing the same spot.
|
||||
- **No pivoting off false positives.** Each round's new findings are validated
|
||||
before they become the next round's footholds.
|
||||
- **Convergence.** Runs up to `chain_depth` rounds **or** stops when a round finds
|
||||
nothing new (loop-until-dry).
|
||||
- **Control.** New `RunConfig.chain_depth` (default **2**) and a `--chain-depth`
|
||||
flag on every engagement command (`0` disables).
|
||||
|
||||
## False-positive reduction
|
||||
|
||||
- **Robust verdict parsing** (`pool::parse_verdict`) — whitespace-insensitive,
|
||||
checks explicit rejection first, counts only explicit confirmations; ambiguous
|
||||
replies are *not* counted as confirmed. Replaces the fragile exact-JSON /
|
||||
loose-`yes` matching.
|
||||
- **Severity-aware quorum** (`pool::quorum_confirmed`) — **High/Critical now need
|
||||
≥2 validators AND ≥2/3 agreement** (a single vote can no longer confirm a
|
||||
Critical); lower severities need a strict majority. Single-model panels fall
|
||||
back to majority so they aren't nuked.
|
||||
- **Adversarial refute pass** — every confirmed High/Critical is re-examined by a
|
||||
skeptical panel that assumes false-positive; findings that can't withstand a
|
||||
majority of skeptics are dropped.
|
||||
- **Stronger validator prompt** with an explicit false-positive checklist
|
||||
(reflected-not-executed, version/banner guesses, self-XSS, error-as-injection,
|
||||
thin evidence, inflated severity).
|
||||
|
||||
## Notes
|
||||
|
||||
- Additive and back-compatible; defaults keep behavior sensible if you change
|
||||
nothing. Unit tests cover verdict parsing, quorum, and report-hygiene logic.
|
||||
|
||||
---
|
||||
|
||||
# NeuroSploit v3.5.3 — Release Notes
|
||||
|
||||
**Release Date:** June 2026
|
||||
|
||||
+2
-2
@@ -1,4 +1,4 @@
|
||||
# NeuroSploit — Tutorial & User Guide (v3.5.3)
|
||||
# NeuroSploit — Tutorial & User Guide (v3.5.4)
|
||||
|
||||
A complete, hands-on guide to installing, configuring and running NeuroSploit —
|
||||
the autonomous, multi-model penetration-testing harness.
|
||||
@@ -98,7 +98,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith
|
||||
### Verify
|
||||
|
||||
```bash
|
||||
neurosploit --version # neurosploit 3.5.3
|
||||
neurosploit --version # neurosploit 3.5.4
|
||||
neurosploit agents # {"vulns":196,...,"chains":12,"total":329}
|
||||
neurosploit models # all providers & models
|
||||
```
|
||||
|
||||
+1
-1
@@ -11,7 +11,7 @@ function Ok ($m) { Write-Host " + $m" -ForegroundColor Green }
|
||||
function Warn($m){ Write-Host " ! $m" -ForegroundColor Yellow }
|
||||
|
||||
Write-Host ""
|
||||
Write-Host " NeuroSploit installer (Windows) — v3.5.3" -ForegroundColor Cyan
|
||||
Write-Host " NeuroSploit installer (Windows) — v3.5.4" -ForegroundColor Cyan
|
||||
$arch = $env:PROCESSOR_ARCHITECTURE
|
||||
Say "Platform: Windows / $arch"
|
||||
|
||||
|
||||
Generated
+2
-2
@@ -871,7 +871,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "neurosploit"
|
||||
version = "3.5.3"
|
||||
version = "3.5.4"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"clap",
|
||||
@@ -888,7 +888,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "neurosploit-harness"
|
||||
version = "3.5.3"
|
||||
version = "3.5.4"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"futures",
|
||||
|
||||
@@ -3,7 +3,7 @@ members = ["crates/harness", "app"]
|
||||
resolver = "2"
|
||||
|
||||
[workspace.package]
|
||||
version = "3.5.3"
|
||||
version = "3.5.4"
|
||||
edition = "2021"
|
||||
license = "MIT"
|
||||
repository = "https://github.com/JoasASantos/NeuroSploit"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! NeuroSploit v3.5.3 — interactive harness + CLI (`run` / `whitebox` / `agents` / `models`).
|
||||
//! NeuroSploit v3.5.4 — interactive harness + CLI (`run` / `whitebox` / `agents` / `models`).
|
||||
|
||||
mod repl;
|
||||
mod tui;
|
||||
@@ -11,8 +11,8 @@ use std::path::{Path, PathBuf};
|
||||
#[command(
|
||||
name = "neurosploit",
|
||||
version,
|
||||
about = "NeuroSploit v3.5.3 — multi-model autonomous pentest harness",
|
||||
long_about = "NeuroSploit v3.5.3 — a Rust multi-model harness that drives a pool of LLMs \
|
||||
about = "NeuroSploit v3.5.4 — multi-model autonomous pentest harness",
|
||||
long_about = "NeuroSploit v3.5.4 — a Rust multi-model harness that drives a pool of LLMs \
|
||||
(API key or local subscription: Claude/Codex/Gemini/Grok) to autonomously test a target. \
|
||||
After recon it INTELLIGENTLY selects only the agents matching the discovered surface, runs \
|
||||
them in parallel, then validates every finding by cross-model voting before reporting.\n\n\
|
||||
@@ -534,7 +534,7 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode:
|
||||
cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string());
|
||||
write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target));
|
||||
|
||||
println!(" ┌─ NeuroSploit v3.5.3 · by Joas A Santos & Red Team Leaders");
|
||||
println!(" ┌─ NeuroSploit v3.5.4 · by Joas A Santos & Red Team Leaders");
|
||||
println!(" │ run id : {run_id}");
|
||||
println!(" │ target : {}", cfg.target);
|
||||
println!(" │ models : {}", cfg.models.join(", "));
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! NeuroSploit v3.5.3 — interactive session (Claude-Code / Codex / Cursor-CLI style).
|
||||
//! NeuroSploit v3.5.4 — interactive session (Claude-Code / Codex / Cursor-CLI style).
|
||||
//!
|
||||
//! Launched when `neurosploit` runs with no subcommand. A persistent REPL with
|
||||
//! real line editing (arrow-key history recall, Ctrl-A/E/K, paste), model
|
||||
@@ -299,7 +299,7 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> {
|
||||
let backends = harness::installed_cli_backends();
|
||||
println!("\x1b[1m");
|
||||
println!(" ███╗ ██╗███████╗██╗ ██╗██████╗ ██████╗");
|
||||
println!(" ████╗ ██║██╔════╝██║ ██║██╔══██╗██╔═══██╗ NeuroSploit v3.5.3");
|
||||
println!(" ████╗ ██║██╔════╝██║ ██║██╔══██╗██╔═══██╗ NeuroSploit v3.5.4");
|
||||
println!(" ██╔██╗ ██║█████╗ ██║ ██║██████╔╝██║ ██║ interactive harness");
|
||||
println!(" ██║╚██╗██║██╔══╝ ██║ ██║██╔══██╗██║ ██║ by Joas A Santos");
|
||||
println!(" ██║ ╚████║███████╗╚██████╔╝██║ ██║╚██████╔╝ & Red Team Leaders");
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! NeuroSploit v3.5.3 — TUI "Mission Control" mode.
|
||||
//! NeuroSploit v3.5.4 — TUI "Mission Control" mode.
|
||||
//!
|
||||
//! Concurrent panels that update live while the engagement runs in the
|
||||
//! background, with a composer input that stays active during execution:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! POMDP belief-state world model (v3.5.3).
|
||||
//! POMDP belief-state world model (v3.5.4).
|
||||
//!
|
||||
//! The target is only partially observable, so we don't track booleans — we
|
||||
//! track a **belief**: a property graph whose nodes (host / service / vuln /
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! Verification / grounding engine (v3.5.3).
|
||||
//! Verification / grounding engine (v3.5.4).
|
||||
//!
|
||||
//! Hard rule: **no claim enters the world model without a tool receipt** — raw
|
||||
//! tool output, not the LLM's paraphrase. This is the empirical anti-hallucination
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! NeuroSploit v3.5.3 harness — a robust multi-model runtime for the
|
||||
//! NeuroSploit v3.5.4 harness — a robust multi-model runtime for the
|
||||
//! markdown-driven autonomous pentest engine.
|
||||
//!
|
||||
//! The harness loads the `agents_md/` library, drives a *pool* of LLM models
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
//! POMDP decision layer (v3.5.3): value-of-information planning + the
|
||||
//! POMDP decision layer (v3.5.4): value-of-information planning + the
|
||||
//! anti-hallucination gate.
|
||||
//!
|
||||
//! The choice "scan more vs exploit now" is **not** a heuristic here — it falls
|
||||
|
||||
@@ -97,9 +97,9 @@ pub fn html(target: &str, findings: &[Finding]) -> String {
|
||||
h4{{margin:12px 0 3px;font-size:12px;text-transform:uppercase;letter-spacing:.5px;color:#8b5cf6}}\
|
||||
.b{{color:#8b5cf6;font-weight:800}}</style></head><body>\
|
||||
<h1><span class=b>NeuroSploit</span> Penetration Test Report</h1>\
|
||||
<div class=meta>Target: <b>{t}</b> · v3.5.3 Rust harness · multi-model validated</div>\
|
||||
<div class=meta>Target: <b>{t}</b> · v3.5.4 Rust harness · multi-model validated</div>\
|
||||
<div>{chips}</div>{graph_block}<h2>Findings ({n})</h2>{body}\
|
||||
<p class=meta>Authorized testing only. Findings confirmed by multi-model adversarial voting.<br>NeuroSploit v3.5.3 · by <b>Joas A Santos</b> & <b>Red Team Leaders</b></p></body></html>",
|
||||
<p class=meta>Authorized testing only. Findings confirmed by multi-model adversarial voting.<br>NeuroSploit v3.5.4 · by <b>Joas A Santos</b> & <b>Red Team Leaders</b></p></body></html>",
|
||||
t = esc(target), chips = chips, n = sorted.len(), body = body, graph_block = graph_block,
|
||||
)
|
||||
}
|
||||
@@ -135,7 +135,7 @@ pub fn typst_report(target: &str, findings: &[Finding], dir: &Path) -> std::io::
|
||||
let mut data = String::new();
|
||||
data.push_str(&format!(
|
||||
"#let meta = (target: {}, run_id: {}, generated: {}, model: {})\n",
|
||||
tq(target), tq(&run_id), tq("NeuroSploit v3.5.3"), tq("multi-model")
|
||||
tq(target), tq(&run_id), tq("NeuroSploit v3.5.4"), tq("multi-model")
|
||||
));
|
||||
data.push_str("#let findings = (\n");
|
||||
for f in sorted_findings(findings) {
|
||||
|
||||
@@ -25,7 +25,7 @@ cat <<'BANNER'
|
||||
|
||||
███╗ ██╗███████╗██╗ ██╗██████╗ ██████╗
|
||||
████╗ ██║██╔════╝██║ ██║██╔══██╗██╔═══██╗ NeuroSploit installer
|
||||
██╔██╗ ██║█████╗ ██║ ██║██████╔╝██║ ██║ v3.5.3 — Rust harness
|
||||
██╔██╗ ██║█████╗ ██║ ██║██████╔╝██║ ██║ v3.5.4 — Rust harness
|
||||
██║╚██╗██║██╔══╝ ██║ ██║██╔══██╗██║ ██║ by Joas A Santos
|
||||
██║ ╚████║███████╗╚██████╔╝██║ ██║╚██████╔╝ & Red Team Leaders
|
||||
╚═╝ ╚═══╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝
|
||||
|
||||
Reference in New Issue
Block a user