CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-02 07:43:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
62 Commits 11 Branches 6 Tags
79acfe04a37839914a9a4487c080a2e21203f761
Commit Graph

62 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CyberSecurityUP
79acfe04a3 NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest + Container Fix + Deep Recon Overhaul 
## AI-Everywhere Auto Pentest
- Pre-stream AI master planning (_ai_master_plan) runs before parallel streams
- Stream 1 AI recon analysis (Phase 9: hidden endpoint probing, priority routing)
- Stream 2 AI payload generation (replaces hardcoded payloads with context-aware AI)
- Stream 3 AI tool output analysis (real findings vs noise classification)
- 4 new prompt builders in ai_prompts.py (master_plan, junior_ai_test, tool_analysis, recon_analysis)

## LLM-as-VulnEngine: AI Deep Testing
- New _ai_deep_test() iterative loop: OBSERVE→PLAN→EXECUTE→ANALYZE→ADAPT (3 iterations max)
- AI-first for top 15 injection types, hardcoded fallback for rest
- Per-endpoint AI testing in Phase C instead of single _ai_dynamic_test()
- New system prompt context: deep_testing + iterative_testing
- Token budget adaptive: 15 normal, 5 when <50k tokens remain

## Container Fix (Critical)
- Fixed ENTRYPOINT ["/bin/bash", "-c"] → CMD ["bash"] in Dockerfile.kali
- Root cause: Docker ran /bin/bash -c "sleep" "infinity" → missing operand → container exit
- All Kali sandbox tools (nuclei, naabu, etc.) now start and execute correctly

## Deep Recon Overhaul
- JS analysis: 10→30 files, 11 regex patterns, source map parsing, parameter extraction
- Sitemaps: recursive index following (depth 3), 8 candidates, 500 URL cap
- API discovery: 7→20 Swagger/OpenAPI paths, 1→6 GraphQL paths, request body schema extraction
- Framework detection: 9 frameworks (WordPress, Laravel, Django, Spring, Express, ASP.NET, Rails, Next.js, Flask)
- 40+ common hidden/sensitive paths checked (.env, .git, /actuator, /debug, etc.)
- API pattern fuzzing: infers endpoints from discovered patterns, batch existence checks
- HTTP method discovery via OPTIONS probing
- URL normalization and deduplication

## Frontend Fixes
- Elapsed time now works for completed scans (computed from started_at→completed_at)
- Container telemetry: exit -1 shows "ERR" (yellow), duration shows "N/A" on failure
- HTML report rewrite: professional pentest report with cover page, risk gauge, ToC, per-finding cards, print CSS

## Other
- Updated rebuild.sh summary and validation
- Bug bounty training datasets added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v3.2.1 		2026-02-23 17:55:28 -03:00
CyberSecurityUP
b056f6962a Merge main into v3.2 (ours strategy) - prepare main override 
Merging main history to maintain lineage before replacing main
with v3.2 content. The v3.2 branch is the definitive release.
 2026-02-22 18:09:27 -03:00
CyberSecurityUP
9f47108876 Fix: remove last gpt-4-turbo-preview fallback in generate() method 
Missed occurrence in the OpenAI chat.completions.create() call
inside generate(). Now uses gpt-4o consistently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:05:26 -03:00
CyberSecurityUP
4041018397 Fix: OpenRouter/Together/Fireworks detection + deprecated gpt-4-turbo-preview model 
Issues fixed:
- OpenRouter API key not recognized: _set_no_provider_error() now checks all 7
  provider keys (was only checking Anthropic/OpenAI/Google), so users with only
  OPENROUTER_API_KEY set no longer get "No API keys configured" error
- Error message now lists all 8 providers (added OpenRouter, Together, Fireworks)
  instead of only 5 (Anthropic, OpenAI, Google, Ollama, LM Studio)
- gpt-4-turbo-preview (deprecated by OpenAI, 404 error) replaced with gpt-4o
  as default OpenAI model in LLMClient init and generate() fallback
- Settings API model list updated: removed gpt-4-turbo-preview and o1-preview/mini,
  added gpt-4.1, gpt-4.1-mini, o3-mini
- .env.example comment updated to reference gpt-4o instead of gpt-4-turbo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:04:43 -03:00
CyberSecurityUP
e0935793c5 NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform 
116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
 2026-02-22 17:59:28 -03:00
Joas A Santos
4fc98f8d2e Update README.md 2026-02-18 13:05:08 -03:00
Joas A Santos
d40cc383fe Update README.md 2026-02-14 22:51:45 -03:00
Joas A Santos
43d892e7cb Update README.md 3.0.0 2026-02-14 18:59:29 -03:00
Joas A Santos
40f9579f56 Update .env 2026-02-11 10:58:49 -03:00
Joas A Santos
1afb937363 Merge pull request #16 from CyberSecurityUP/v3.1 
V3.1
 2026-02-11 10:57:18 -03:00
Joas A Santos
e861cd667a Add files via upload 2026-02-11 10:56:31 -03:00
Joas A Santos
f0fa49a06a Update .env 2026-02-11 10:54:43 -03:00
Joas A Santos
337410bca8 Add files via upload 2026-02-11 10:53:50 -03:00
Joas A Santos
e1ff8a8355 Add files via upload 2026-02-11 10:52:07 -03:00
Joas A Santos
aac5b8f365 Add files via upload 2026-02-11 10:50:37 -03:00
Joas A Santos
30acd5afc7 Add files via upload 2026-02-11 10:47:33 -03:00
Joas A Santos
e32573a950 Merge pull request #15 from CyberSecurityUP/v3.0 
V3.0
 2026-01-23 15:50:21 -03:00
Joas A Santos
d4ce4d2ff7 Add files via upload 2026-01-23 15:49:46 -03:00
Joas A Santos
f9e4ec16ec Add files via upload 2026-01-23 15:46:05 -03:00
Joas A Santos
a2d6453a3b Update README.md 2026-01-20 01:11:03 -03:00
Joas A Santos
9676d488fb Merge pull request #12 from CyberSecurityUP/v3.0 
V3.0
 2026-01-19 23:03:28 -03:00
Joas A Santos
2a5e9b139a Add files via upload 2026-01-19 23:01:11 -03:00
Joas A Santos
3c4aa7de7d Create .env 2026-01-19 22:52:25 -03:00
Joas A Santos
4e89764740 Add files via upload 2026-01-19 19:24:02 -03:00
Joas A Santos
e7f1e75803 Add files via upload 2026-01-19 19:23:10 -03:00
Joas A Santos
bdd6c91f50 Add files via upload 2026-01-19 19:22:35 -03:00
Joas A Santos
5a8a1fc0d7 Add files via upload 2026-01-19 19:21:57 -03:00
Joas A Santos
b966ba658a Merge pull request #9 from Ahson-Shaikh/main 
Added Use-Cases Section
 2026-01-15 10:51:24 -03:00
Joas A Santos
5e73003971 Merge pull request #11 from CyberSecurityUP/v2.3 
V2.3
1.2.0 		2026-01-14 16:00:06 -03:00
Joas A Santos
0f9950944f Update README.md 2026-01-14 15:59:38 -03:00
Joas A Santos
4b9b0d22be Add files via upload 2026-01-14 15:58:19 -03:00
Joas A Santos
866bb455d7 Update __init__.py 1.1.0 2026-01-11 20:37:58 -03:00
Joas A Santos
22f7a29938 Merge pull request #10 from CyberSecurityUP/v2.2 
V2.2
 2026-01-09 22:51:00 -03:00
Joas A Santos
fd6ef4d258 Add files via upload 2026-01-09 22:50:30 -03:00
Joas A Santos
d5899c19f4 Add files via upload 2026-01-09 22:48:39 -03:00
Joas A Santos
c447313578 Add files via upload 2026-01-09 22:47:52 -03:00
Joas A Santos
a3b58f8b5c Add files via upload 2026-01-09 22:45:49 -03:00
Joas A Santos
e1241a0f06 Add files via upload 2026-01-09 22:45:32 -03:00
Ahson Shaikh
3a31df3c44 Merge branch 'CyberSecurityUP:main' into main 2026-01-09 17:59:18 +05:00
Ahson Shaikh
e3b397cec8 Added Usecase with ZAP Authenticated Testing 2026-01-09 17:58:19 +05:00
Joas A Santos
8e07eb940b Update README.md 2026-01-08 08:51:00 -03:00
Joas A Santos
c246030349 Merge pull request #6 from YatinChaubal/main 
fix: handle missing placeholders in prompt template formatting
 2026-01-06 10:37:38 -03:00
YatinChaubal
ee3232d843 fix: handle missing placeholders in prompt template formatting 2026-01-04 19:45:51 +05:30
Joas A Santos
411627a9a6 Update README.md 1.0.0 2026-01-02 12:13:48 -03:00
Joas A Santos
599f4a95c2 Update QUICKSTART.md 2026-01-02 12:13:06 -03:00
Joas A Santos
49af66aa55 Add files via upload 2026-01-02 11:59:16 -03:00
Joas A Santos
9aab47c4fc Update base_agent.py 2026-01-02 11:51:24 -03:00
Joas A Santos
744c1f5113 Update README.md 2026-01-01 19:26:50 -03:00
Joas A Santos
35622198d5 Add files via upload 2026-01-01 19:26:00 -03:00
Joas A Santos
0f756f6ef8 Update README.md 2025-12-19 13:26:50 -03:00