diff --git a/README.md b/README.md index 86873bd..dc454b9 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -

๐Ÿง  NeuroSploit v3.5.3

+

๐Ÿง  NeuroSploit v3.5.4

Stars @@ -8,7 +8,7 @@

- + @@ -24,12 +24,14 @@ > > ๐Ÿ“– **New here? Read the [full Tutorial & User Guide โ†’](TUTORIAL.md)** โ€” every mode, flag, config and example explained. -> ๐Ÿ†• **New in v3.5.3 โ€” Integrations:** connect **GitHub / GitLab** (clone private -> repos, review a **Pull Request's** code, **watch** a branch and re-review on -> every commit) and **Jira** (open a vulnerability **card per finding**). Toggle -> them with **`/integrations`** in the REPL or `neurosploit integrations`. Full -> setup in **[TUTORIAL-INTEGRATION.md](TUTORIAL-INTEGRATION.md)**. -> *(v3.5.2 added the DEPTH doctrine + report-hygiene pass โ€” see [RELEASE.md](RELEASE.md).)* +> ๐Ÿ†• **New in v3.5.4 โ€” Robust attack chaining + fewer false positives:** a +> multi-round, decision-driven **post-exploitation** engine takes each confirmed +> foothold and expands new directions (cred reuse, privesc, lateral movement, +> exfil, new surface), carrying **loot** forward across rounds (`--chain-depth`). +> Validation is now **severity-aware** (High/Critical need โ‰ฅ2 validators & โ‰ฅ2/3 +> agreement) with an **adversarial refute pass** that drops findings that can't +> withstand a skeptic. +> *(v3.5.3 added GitHub/GitLab/Jira **[integrations](TUTORIAL-INTEGRATION.md)**; v3.5.2 the DEPTH doctrine + report-hygiene pass โ€” see [RELEASE.md](RELEASE.md).)* --- diff --git a/RELEASE.md b/RELEASE.md index e7f37df..16730f9 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,3 +1,65 @@ +# NeuroSploit v3.5.4 โ€” Release Notes + +**Release Date:** July 2026 +**Codename:** Robust Attack Chaining & False-Positive Reduction +**License:** MIT +**Credits:** Joas A Santos & Red Team Leaders + +--- + +## TL;DR + +v3.5.4 makes NeuroSploit both **deeper** and **more precise**: a real multi-round +**post-exploitation attack-chaining** engine that expands each foothold in new +directions, plus stronger **false-positive** controls so what it reports is +trustworthy. + +## Attack chaining (robust, decision-driven) + +Replaces the old single-shot chainer with **`attack_chain()`** โ€” an iterative, +per-foothold pivot engine: + +- **Per-foothold decisions.** Each round takes the newest confirmed footholds + (best-first, capped per round) and, for **each one**, an agent decides which + directions to expand and proves new impact: **post-exploitation** (loot + creds/keys/config/source), **credential reuse**, **privilege escalation** + (horizontal & vertical), **lateral movement** to adjacent services/hosts, + **data exfiltration**, and **new attack surface** the foothold exposes. +- **Loot carried forward.** Credentials/tokens/hosts/endpoints discovered in one + round are passed to later rounds and reused (agent returns + `{"findings":[...],"loot":[...]}`), so the engine genuinely pivots in new + directions instead of re-testing the same spot. +- **No pivoting off false positives.** Each round's new findings are validated + before they become the next round's footholds. +- **Convergence.** Runs up to `chain_depth` rounds **or** stops when a round finds + nothing new (loop-until-dry). +- **Control.** New `RunConfig.chain_depth` (default **2**) and a `--chain-depth` + flag on every engagement command (`0` disables). + +## False-positive reduction + +- **Robust verdict parsing** (`pool::parse_verdict`) โ€” whitespace-insensitive, + checks explicit rejection first, counts only explicit confirmations; ambiguous + replies are *not* counted as confirmed. Replaces the fragile exact-JSON / + loose-`yes` matching. +- **Severity-aware quorum** (`pool::quorum_confirmed`) โ€” **High/Critical now need + โ‰ฅ2 validators AND โ‰ฅ2/3 agreement** (a single vote can no longer confirm a + Critical); lower severities need a strict majority. Single-model panels fall + back to majority so they aren't nuked. +- **Adversarial refute pass** โ€” every confirmed High/Critical is re-examined by a + skeptical panel that assumes false-positive; findings that can't withstand a + majority of skeptics are dropped. +- **Stronger validator prompt** with an explicit false-positive checklist + (reflected-not-executed, version/banner guesses, self-XSS, error-as-injection, + thin evidence, inflated severity). + +## Notes + +- Additive and back-compatible; defaults keep behavior sensible if you change + nothing. Unit tests cover verdict parsing, quorum, and report-hygiene logic. + +--- + # NeuroSploit v3.5.3 โ€” Release Notes **Release Date:** June 2026 diff --git a/TUTORIAL.md b/TUTORIAL.md index e7ca7ee..ed7df65 100644 --- a/TUTORIAL.md +++ b/TUTORIAL.md @@ -1,4 +1,4 @@ -# NeuroSploit โ€” Tutorial & User Guide (v3.5.3) +# NeuroSploit โ€” Tutorial & User Guide (v3.5.4) A complete, hands-on guide to installing, configuring and running NeuroSploit โ€” the autonomous, multi-model penetration-testing harness. @@ -98,7 +98,7 @@ Agents **degrade gracefully**: if `rustscan` is absent they use `nmap`; if neith ### Verify ```bash -neurosploit --version # neurosploit 3.5.3 +neurosploit --version # neurosploit 3.5.4 neurosploit agents # {"vulns":196,...,"chains":12,"total":329} neurosploit models # all providers & models ``` diff --git a/install.ps1 b/install.ps1 index 984b340..dde8d2e 100644 --- a/install.ps1 +++ b/install.ps1 @@ -11,7 +11,7 @@ function Ok ($m) { Write-Host " + $m" -ForegroundColor Green } function Warn($m){ Write-Host " ! $m" -ForegroundColor Yellow } Write-Host "" -Write-Host " NeuroSploit installer (Windows) โ€” v3.5.3" -ForegroundColor Cyan +Write-Host " NeuroSploit installer (Windows) โ€” v3.5.4" -ForegroundColor Cyan $arch = $env:PROCESSOR_ARCHITECTURE Say "Platform: Windows / $arch" diff --git a/neurosploit-rs/Cargo.lock b/neurosploit-rs/Cargo.lock index 52c74de..581f826 100644 --- a/neurosploit-rs/Cargo.lock +++ b/neurosploit-rs/Cargo.lock @@ -871,7 +871,7 @@ dependencies = [ [[package]] name = "neurosploit" -version = "3.5.3" +version = "3.5.4" dependencies = [ "anyhow", "clap", @@ -888,7 +888,7 @@ dependencies = [ [[package]] name = "neurosploit-harness" -version = "3.5.3" +version = "3.5.4" dependencies = [ "anyhow", "futures", diff --git a/neurosploit-rs/Cargo.toml b/neurosploit-rs/Cargo.toml index 13bb0ae..f94ca56 100644 --- a/neurosploit-rs/Cargo.toml +++ b/neurosploit-rs/Cargo.toml @@ -3,7 +3,7 @@ members = ["crates/harness", "app"] resolver = "2" [workspace.package] -version = "3.5.3" +version = "3.5.4" edition = "2021" license = "MIT" repository = "https://github.com/JoasASantos/NeuroSploit" diff --git a/neurosploit-rs/app/src/main.rs b/neurosploit-rs/app/src/main.rs index 1ce102f..c23b2a4 100644 --- a/neurosploit-rs/app/src/main.rs +++ b/neurosploit-rs/app/src/main.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.3 โ€” interactive harness + CLI (`run` / `whitebox` / `agents` / `models`). +//! NeuroSploit v3.5.4 โ€” interactive harness + CLI (`run` / `whitebox` / `agents` / `models`). mod repl; mod tui; @@ -11,8 +11,8 @@ use std::path::{Path, PathBuf}; #[command( name = "neurosploit", version, - about = "NeuroSploit v3.5.3 โ€” multi-model autonomous pentest harness", - long_about = "NeuroSploit v3.5.3 โ€” a Rust multi-model harness that drives a pool of LLMs \ + about = "NeuroSploit v3.5.4 โ€” multi-model autonomous pentest harness", + long_about = "NeuroSploit v3.5.4 โ€” a Rust multi-model harness that drives a pool of LLMs \ (API key or local subscription: Claude/Codex/Gemini/Grok) to autonomously test a target. \ After recon it INTELLIGENTLY selects only the agents matching the discovered surface, runs \ them in parallel, then validates every finding by cross-model voting before reporting.\n\n\ @@ -534,7 +534,7 @@ pub(crate) fn spawn_engagement(base: &Path, mut cfg: RunConfig, mcp: bool, mode: cfg.rl_path = Some(base.join("data").join("rl_state_rs.json").display().to_string()); write_status(&workdir, "running", &format!("\"target\":{:?}", cfg.target)); - println!(" โ”Œโ”€ NeuroSploit v3.5.3 ยท by Joas A Santos & Red Team Leaders"); + println!(" โ”Œโ”€ NeuroSploit v3.5.4 ยท by Joas A Santos & Red Team Leaders"); println!(" โ”‚ run id : {run_id}"); println!(" โ”‚ target : {}", cfg.target); println!(" โ”‚ models : {}", cfg.models.join(", ")); diff --git a/neurosploit-rs/app/src/repl.rs b/neurosploit-rs/app/src/repl.rs index c5662a1..8db9e51 100644 --- a/neurosploit-rs/app/src/repl.rs +++ b/neurosploit-rs/app/src/repl.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.3 โ€” interactive session (Claude-Code / Codex / Cursor-CLI style). +//! NeuroSploit v3.5.4 โ€” interactive session (Claude-Code / Codex / Cursor-CLI style). //! //! Launched when `neurosploit` runs with no subcommand. A persistent REPL with //! real line editing (arrow-key history recall, Ctrl-A/E/K, paste), model @@ -299,7 +299,7 @@ pub async fn repl(base: &Path) -> anyhow::Result<()> { let backends = harness::installed_cli_backends(); println!("\x1b[1m"); println!(" โ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—"); - println!(" โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ•โ•โ–ˆโ–ˆโ•— NeuroSploit v3.5.3"); + println!(" โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ•โ•โ–ˆโ–ˆโ•— NeuroSploit v3.5.4"); println!(" โ–ˆโ–ˆโ•”โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘ interactive harness"); println!(" โ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ• โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘ by Joas A Santos"); println!(" โ–ˆโ–ˆโ•‘ โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ• & Red Team Leaders"); diff --git a/neurosploit-rs/app/src/tui.rs b/neurosploit-rs/app/src/tui.rs index 19828df..1b4b36d 100644 --- a/neurosploit-rs/app/src/tui.rs +++ b/neurosploit-rs/app/src/tui.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.3 โ€” TUI "Mission Control" mode. +//! NeuroSploit v3.5.4 โ€” TUI "Mission Control" mode. //! //! Concurrent panels that update live while the engagement runs in the //! background, with a composer input that stays active during execution: diff --git a/neurosploit-rs/crates/harness/src/belief.rs b/neurosploit-rs/crates/harness/src/belief.rs index 4ed9b1f..1a4ef9b 100644 --- a/neurosploit-rs/crates/harness/src/belief.rs +++ b/neurosploit-rs/crates/harness/src/belief.rs @@ -1,4 +1,4 @@ -//! POMDP belief-state world model (v3.5.3). +//! POMDP belief-state world model (v3.5.4). //! //! The target is only partially observable, so we don't track booleans โ€” we //! track a **belief**: a property graph whose nodes (host / service / vuln / diff --git a/neurosploit-rs/crates/harness/src/grounding.rs b/neurosploit-rs/crates/harness/src/grounding.rs index 4a3bd32..6b679b3 100644 --- a/neurosploit-rs/crates/harness/src/grounding.rs +++ b/neurosploit-rs/crates/harness/src/grounding.rs @@ -1,4 +1,4 @@ -//! Verification / grounding engine (v3.5.3). +//! Verification / grounding engine (v3.5.4). //! //! Hard rule: **no claim enters the world model without a tool receipt** โ€” raw //! tool output, not the LLM's paraphrase. This is the empirical anti-hallucination diff --git a/neurosploit-rs/crates/harness/src/lib.rs b/neurosploit-rs/crates/harness/src/lib.rs index 01a3a7c..9734231 100644 --- a/neurosploit-rs/crates/harness/src/lib.rs +++ b/neurosploit-rs/crates/harness/src/lib.rs @@ -1,4 +1,4 @@ -//! NeuroSploit v3.5.3 harness โ€” a robust multi-model runtime for the +//! NeuroSploit v3.5.4 harness โ€” a robust multi-model runtime for the //! markdown-driven autonomous pentest engine. //! //! The harness loads the `agents_md/` library, drives a *pool* of LLM models diff --git a/neurosploit-rs/crates/harness/src/pomdp.rs b/neurosploit-rs/crates/harness/src/pomdp.rs index b94a78f..544f9a6 100644 --- a/neurosploit-rs/crates/harness/src/pomdp.rs +++ b/neurosploit-rs/crates/harness/src/pomdp.rs @@ -1,4 +1,4 @@ -//! POMDP decision layer (v3.5.3): value-of-information planning + the +//! POMDP decision layer (v3.5.4): value-of-information planning + the //! anti-hallucination gate. //! //! The choice "scan more vs exploit now" is **not** a heuristic here โ€” it falls diff --git a/neurosploit-rs/crates/harness/src/report.rs b/neurosploit-rs/crates/harness/src/report.rs index e9ea22e..b6e62b7 100644 --- a/neurosploit-rs/crates/harness/src/report.rs +++ b/neurosploit-rs/crates/harness/src/report.rs @@ -97,9 +97,9 @@ pub fn html(target: &str, findings: &[Finding]) -> String { h4{{margin:12px 0 3px;font-size:12px;text-transform:uppercase;letter-spacing:.5px;color:#8b5cf6}}\ .b{{color:#8b5cf6;font-weight:800}}\

NeuroSploit Penetration Test Report

\ -
Target: {t} ยท v3.5.3 Rust harness ยท multi-model validated
\ +
Target: {t} ยท v3.5.4 Rust harness ยท multi-model validated
\
{chips}
{graph_block}

Findings ({n})

{body}\ -

Authorized testing only. Findings confirmed by multi-model adversarial voting.
NeuroSploit v3.5.3 ยท by Joas A Santos & Red Team Leaders

", +

Authorized testing only. Findings confirmed by multi-model adversarial voting.
NeuroSploit v3.5.4 ยท by Joas A Santos & Red Team Leaders

", t = esc(target), chips = chips, n = sorted.len(), body = body, graph_block = graph_block, ) } @@ -135,7 +135,7 @@ pub fn typst_report(target: &str, findings: &[Finding], dir: &Path) -> std::io:: let mut data = String::new(); data.push_str(&format!( "#let meta = (target: {}, run_id: {}, generated: {}, model: {})\n", - tq(target), tq(&run_id), tq("NeuroSploit v3.5.3"), tq("multi-model") + tq(target), tq(&run_id), tq("NeuroSploit v3.5.4"), tq("multi-model") )); data.push_str("#let findings = (\n"); for f in sorted_findings(findings) { diff --git a/setup.sh b/setup.sh index 181a3fc..8ab20a2 100755 --- a/setup.sh +++ b/setup.sh @@ -25,7 +25,7 @@ cat <<'BANNER' โ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ•โ•โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•”โ•โ•โ•โ–ˆโ–ˆโ•— NeuroSploit installer - โ–ˆโ–ˆโ•”โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘ v3.5.3 โ€” Rust harness + โ–ˆโ–ˆโ•”โ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•— โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘ v3.5.4 โ€” Rust harness โ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ• โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ•”โ•โ•โ–ˆโ–ˆโ•—โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘ by Joas A Santos โ–ˆโ–ˆโ•‘ โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ•‘โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•—โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ•โ–ˆโ–ˆโ•‘ โ–ˆโ–ˆโ•‘โ•šโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ•”โ• & Red Team Leaders โ•šโ•โ• โ•šโ•โ•โ•โ•โ•šโ•โ•โ•โ•โ•โ•โ• โ•šโ•โ•โ•โ•โ•โ• โ•šโ•โ• โ•šโ•โ• โ•šโ•โ•โ•โ•โ•โ•