CyberSecurityUP
5f1573ac7f
misconfig/CVE/PoC/rate-limit agents, data-safety guardrail, Burp proxy, PoC dir
...
Agents (+10 → library 375): absurd-misconfig hunters (exposed .git/.env/backups,
debug/actuator, default creds, dir listing, ops dashboards, permissive CORS,
verbose errors), a CVE Hunter (fingerprint → correlate → safe PoC), a PoC
Developer (writes runnable scripts to the run's pocs/), and a Rate-Limit tester.
Doctrine (pipeline):
- SAFETY_DOCTRINE injected into every exploit/chain/host prompt: no modify/delete/
exfiltrate/state-change without permission; on PII prove with a masked sample +
count, never dump.
- tool_doctrine adds: smart targeted nuclei (fingerprint-first, -tags/-id, rate/
timeouts), misconfig hunting, rate-limit control checks, authorized tool
download (git clone PoC repos / fetch scanners), Burp/ZAP proxy routing, and a
per-run PoC workspace.
Harness/CLI/REPL:
- RunConfig.proxy; spawn_engagement creates <workdir>/pocs and exports
NEUROSPLOIT_POCS + NEUROSPLOIT_PROXY (proxy from cfg or the env var).
- REPL /proxy <url> and /burp (Session.proxy); /show shows proxy.
Docs: README highlights + Cloud/counts (375), RELEASE v3.5.5 sections.
2026-07-01 23:40:47 -03:00
CyberSecurityUP
2e25809a93
v3.5.5 — cloud infrastructure testing + REPL polish
...
Cloud testing:
- +17 cloud agents (agents_md/infra/) for AWS/GCP/Azure: IAM/RBAC privesc,
storage exposure (S3/GCS/Blob), compute & network exposure + IMDS, secrets
(Secrets Manager / Secret Manager / Key Vault), SA/SP key abuse, Entra ID
enum, and a multi-cloud footprint/identity recon agent. Library 348 -> 365.
- creds.yaml gains aws:/gcp:/azure: blocks (Creds::cloud). The harness exports
provider env vars (AWS_*, GOOGLE_APPLICATION_CREDENTIALS, AZURE_* SP) so
aws/gcloud/az authenticate automatically, and injects a cloud directive. GCP
inline JSON is written to a temp file. Best-practice auth per provider.
REPL polish:
- /chain <n> (attack-chain depth, wired to Session.chain_depth), /agents list
(library category counts incl. infra/cloud); /show now shows chain-depth and
enabled integrations. Tab-completion + help updated.
Docs: README badges (365 agents / 14 providers), new "Cloud credentials" section;
RELEASE notes. Version 3.5.4 -> 3.5.5.
2026-07-01 22:38:27 -03:00
CyberSecurityUP
e4efa9bbb0
v3.5.2 — Exploitation Depth & Report Hygiene
...
Distilled from reviewing real AI-pentest output that kept stopping at "exposed"
instead of "exploited". Pure-additive, back-compatible.
Behavior (injected into black/grey/chain exploit prompts via DEPTH_DOCTRINE):
- Exposed → exploited: any info-disclosure / exposed service/WSDL / leaked
credential|token / reachable dev host MUST be used before it's a finding;
otherwise it's a lead, not a confirmed High/Critical.
- Chain across modules: reuse obtained session/JWT/cookie/credential and pivot
to IDOR/privesc/exfil; report the chain, not isolated parts.
- Decode & fingerprint → CVE; audit tokens (alg-confusion/none/kid/JWKS, weak
HS256 secret cracking, lifecycle).
Deterministic post-pass (new crates/harness/src/hygiene.rs, wired into finish()):
- calibrate severity to PROVEN impact — unproven High/Critical (hedged, no
payload, thin evidence) capped to Medium and re-titled "(potential)";
- depth_audit — flag exposures on a host with no real exploit;
- hygiene_summary — advise consolidating hygiene classes repeated across assets.
Unit tests cover calibration + depth audit.
5 new doctrine meta-agents (scripts/build_methodology_v352.py → agents_md/meta/):
exploit_depth_doctrine, finding_chainer, artifact_decoder, token_auditor,
report_calibrator (meta 17→22, total 343→348).
Version bumped 3.5.1 → 3.5.2 across crates/app/installers/docs; RELEASE/README
updated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-26 11:31:11 -03:00
CyberSecurityUP
eb4e13efea
v3.5.1: live findings + /finding + Ctrl+O/expand + 3-way /stop (soft validate) + report URL + structured Typst + IIS/CMS/CVE agents
...
REPL interactivity & findings:
- Live findings registered during a run: /results shows them accumulating;
/finding opens a selection menu with FULL details (PoC, command, evidence,
CVSS, OWASP/CWE, remediation). Past runs too.
- /expand (and Ctrl+O) dump the last full, untruncated commands.
- Findings colored by severity in the feed (not all-yellow); confirmed vote = green.
Stop & report:
- CRITICAL: /stop no longer kills validation. New SOFT stop (pool.soft) halts
launching new agents but lets in-flight + VALIDATION finish — so confirmed
findings are kept. /stop now asks 3 ways: [1] validate then report,
[2] report raw (no validation), [3] discard.
- Report file:// URL printed on completion/stop.
Report:
- Typst report restructured: executive summary, a Vulnerability Summary TABLE
(#, vuln, severity, CVSS, OWASP/CWE), and per-finding sections with criticality,
CVSS, OWASP/CWE, description/impact, PoC, evidence, remediation. owasp passed through.
Agents: +14 app-stack/CVE (IIS tilde/WebDAV/ViewState/debug/handler-bypass,
CMS fingerprint + WordPress/Joomla/Drupal/default-admin, app-server consoles,
exposed VCS, known-CVE & outdated-component exploitation) → 343 total.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-24 23:21:43 -03:00
CyberSecurityUP
639c2209f7
v3.5.1: attack-chain agents (12) + per-project .neurosploit/ persistence & resume
...
Chaining:
- agents_md/chains/ (12 multi-stage exploitation playbooks): SQLi→RCE→LPE,
SSRF→AWS-creds, SSRF→RCE, upload→RCE, upload→LFI→RCE→LPE, XSS→ATO, IDOR→ATO,
SSTI→RCE→cloud, default-creds→domain, deserialization→RCE, exposed-git→RCE,
subdomain-takeover→trusted-abuse. Each stage proven by a tool receipt before
advancing; reports chains_from edges.
- Loaded as a `chains` category (→ 329 agents). chain_round now injects the chain
recipes as a menu so the LLM applies proven multi-stage paths.
Persistence (no DB — structured state):
- Per-project `<cwd>/.neurosploit/` holding session.json (config), runs.json
(history), history.txt (readline). REPL resumes target/repo/auth/focus/models
on reopen; saves on /run and /quit.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-24 22:30:22 -03:00
CyberSecurityUP
f8d70ce9c5
v3.5.1: infra/host engagements — IP + SSH/Windows-AD creds + Linux/Win/AD agents + REPL context bar
...
Infra:
- creds.yaml gains `ssh:` (host/port/user/password/key) and `windows:`/`ad:`
(host/user/password/domain/ntlm-hash) blocks; multi-block YAML parser.
host_instruction() tells agents how to authenticate to the host.
- 14 infra agents (agents_md/infra/): port/service scan, SMB enum, Linux privesc/
sudo/cron/SSH, Windows privesc/SMB-signing/WinRM, AD kerberoast/asreproast/ACL/
DCSync/default-creds. Loader gains `infra` category → 317 agents total.
- run_host pipeline + `neurosploit host <ip> --creds creds.yaml` (and Mode::Host
in run_mode/TUI): host recon (nmap/netexec) → infra agent selection → test →
validate → chain → report, with host tooling doctrine + supplied creds.
REPL:
- Context/status bar above the prompt: "model auth · cwd · mode▸target"
(e.g. claude-opus-4-8 sub · /opt/projeto · black-box▸app.acme.com).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-24 22:17:14 -03:00
CyberSecurityUP
0a2cf58d9e
v3.4.1: slim Rust-only branch
...
Keep only the Rust harness (neurosploit-rs/) + the agent library (agents_md/) it
loads at runtime, plus docs. Remove the Python engine, web GUIs, legacy stack,
docker, build scripts and scratch test files from THIS branch only (other
branches keep everything). Rust-focused README with Kali/Docker + tool-install
guidance and testphp/DVWA usage examples.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-24 19:36:16 -03:00
CyberSecurityUP
3ca3f269ee
v3.4.x: intelligent agent selection, whitebox, recon/code agents, Gemini, artifacts, RL, XBOW GUI
...
Harness intelligence:
- After recon, the model SELECTS which specialist agents match the target
(select_agents) — runs the relevant subset, not blindly top-N
- RL reward store (rl.rs): per-agent weights persist to data/rl_state_rs.json,
reward validated findings (severity-weighted), decay idle, bias next run
- Run artifacts persisted as JSON + MD (recon, exploitation transcript,
findings, html report) under runs/<target>-<ts>/ for reuse by other AIs
Whitebox mode:
- run_whitebox: walks a repo, builds bounded source context, runs code agents,
validates by adversarial vote. CLI `whitebox <path>` + web "White-box" mode
Agents: +12 recon (subdomain/tech/js/api/secrets/dns/content/param/waf/cloud/
graphql/osint) and +24 code SAST reviewers (sqli/cmdi/path/ssrf/xss/deser/
secrets/crypto/authz/idor/xxe/redirect/ssti/race/eval/csrf/random/logging/
upload/mass-assign/jwt/cors). Loader gains recon/ + code/ categories → 249 total
Models: +Google Gemini provider (API + gemini CLI subscription); installed_cli_
backends now detects gemini; chat_cli handles gemini/codex/grok + optional
Playwright MCP (.mcp.json) on the subscription path with autonomy flags
GUI: full XBOW-style redesign — sidebar (Operate/Library), topbar status, mode
segment (black-box/white-box), model panel, live console, severity cards,
agent browser with category filters, models view; responsive + aligned
Verified: cargo build --release clean; CLI agents/whitebox; LIVE subscription
run shows model selecting 23→4 agents, RL update, artifacts written; GUI +
white-box toggle in Playwright.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-23 11:39:56 -03:00
CyberSecurityUP
3de357bf18
Merge NeuroSploit v3.3.0 — Autonomous MD-Agent Engine into main
...
# Conflicts:
# prompts/task_library.json
2026-06-14 21:41:26 -03:00
CyberSecurityUP
55af0d4634
NeuroSploit v3.3.0 — Autonomous MD-Agent Engine
...
Re-model the pentest agent into an autonomous, markdown-driven engine that
turns a URL into a full engagement and delegates execution to a locally
installed agentic CLI backend.
Engine (neurosploit_agent/ + ./neurosploit launcher):
- orchestrator composes ONE master prompt from the agent library + RL weights
- backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude
subscription); headless, autonomous, isolated workdir
- mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution
- rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity,
persisted to data/rl_state.json
- models: latest registry incl. NVIDIA NIM provider (PR #28 )
- cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run
Agent library (agents_md/, 213 total):
- 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced
injection, protocol smuggling, logic/crypto/supply-chain classes
- 17 meta-agents: orchestrator, recon, exploit_validator,
false_positive_filter, severity_assessor, impact_evaluator, reporter,
rl_feedback + migrated expert roles
- scripts/build_agents.py data-driven builder; REGISTRY.md index
Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI,
engine vars).
Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-14 20:57:38 -03:00
hasan72341
806d1bcbe1
feat: 2026 UI overhaul, stability fixes, and NVIDIA NIM support
...
- Overhauled frontend with 2026 hacking HUD aesthetic (neon colors, glassmorphism)
- Added native support for NVIDIA NIM as a Tier 2 provider
- Fixed critical backend crashes in autonomous_agent.py and knowledge_processor.py
- Updated Kali sandbox build to Go 1.26 and fixed health check reliability
- Integrated Space Grotesk and JetBrains Mono fonts
2026-04-29 00:57:04 +05:30
CyberSecurityUP
e0935793c5
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
...
116 modules | 100 vuln types | 18 API routes | 18 frontend pages
Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
2026-02-22 17:59:28 -03:00