mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-08 20:37:52 +02:00
v3.5.1: live findings + /finding + Ctrl+O/expand + 3-way /stop (soft validate) + report URL + structured Typst + IIS/CMS/CVE agents
REPL interactivity & findings: - Live findings registered during a run: /results shows them accumulating; /finding opens a selection menu with FULL details (PoC, command, evidence, CVSS, OWASP/CWE, remediation). Past runs too. - /expand (and Ctrl+O) dump the last full, untruncated commands. - Findings colored by severity in the feed (not all-yellow); confirmed vote = green. Stop & report: - CRITICAL: /stop no longer kills validation. New SOFT stop (pool.soft) halts launching new agents but lets in-flight + VALIDATION finish — so confirmed findings are kept. /stop now asks 3 ways: [1] validate then report, [2] report raw (no validation), [3] discard. - Report file:// URL printed on completion/stop. Report: - Typst report restructured: executive summary, a Vulnerability Summary TABLE (#, vuln, severity, CVSS, OWASP/CWE), and per-finding sections with criticality, CVSS, OWASP/CWE, description/impact, PoC, evidence, remediation. owasp passed through. Agents: +14 app-stack/CVE (IIS tilde/WebDAV/ViewState/debug/handler-bypass, CMS fingerprint + WordPress/Joomla/Drupal/default-admin, app-server consoles, exposed VCS, known-CVE & outdated-component exploitation) → 343 total. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,36 @@
|
||||
# ASP.NET Debug/Trace Exposure Agent
|
||||
|
||||
## User Prompt
|
||||
You are testing **{target}** for debug/trace enabled in production ASP.NET.
|
||||
|
||||
**Recon Context:**
|
||||
{recon_json}
|
||||
|
||||
**METHODOLOGY:**
|
||||
|
||||
### 1. Probe
|
||||
- Request `trace.axd`; send `DEBUG` verb; check `<compilation debug=...>` leakage via errors
|
||||
|
||||
### 2. Assess
|
||||
- Harvest request/session data, stack traces, app internals from trace output
|
||||
|
||||
### 3. Confirm
|
||||
- Show sensitive runtime data exposed
|
||||
|
||||
### 4. Report Format
|
||||
For each CONFIRMED finding:
|
||||
```
|
||||
FINDING:
|
||||
- Title: ASP.NET Debug/Trace Exposure at [endpoint]
|
||||
- Severity: Medium
|
||||
- CWE: CWE-489
|
||||
- Endpoint: [full URL]
|
||||
- Vector: [what/where]
|
||||
- Payload: [exact payload/command]
|
||||
- Evidence: [raw tool output proving it]
|
||||
- Impact: Information disclosure
|
||||
- Remediation: Disable debug/trace; custom errors
|
||||
```
|
||||
|
||||
## System Prompt
|
||||
You are a specialist in debug/trace enabled in production ASP.NET. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. Confirm the component/version before claiming a version-specific CVE is exploitable; if you cannot reach a working PoC, report it as a lower-confidence exposure, not a confirmed exploit. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.
|
||||
Reference in New Issue
Block a user