CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-19 16:54:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
62 Commits 12 Branches 6 Tags
79acfe04a37839914a9a4487c080a2e21203f761
Commit Graph

4 Commits

Author SHA1 Message Date
CyberSecurityUP
79acfe04a3 NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest + Container Fix + Deep Recon Overhaul 
## AI-Everywhere Auto Pentest
- Pre-stream AI master planning (_ai_master_plan) runs before parallel streams
- Stream 1 AI recon analysis (Phase 9: hidden endpoint probing, priority routing)
- Stream 2 AI payload generation (replaces hardcoded payloads with context-aware AI)
- Stream 3 AI tool output analysis (real findings vs noise classification)
- 4 new prompt builders in ai_prompts.py (master_plan, junior_ai_test, tool_analysis, recon_analysis)

## LLM-as-VulnEngine: AI Deep Testing
- New _ai_deep_test() iterative loop: OBSERVE→PLAN→EXECUTE→ANALYZE→ADAPT (3 iterations max)
- AI-first for top 15 injection types, hardcoded fallback for rest
- Per-endpoint AI testing in Phase C instead of single _ai_dynamic_test()
- New system prompt context: deep_testing + iterative_testing
- Token budget adaptive: 15 normal, 5 when <50k tokens remain

## Container Fix (Critical)
- Fixed ENTRYPOINT ["/bin/bash", "-c"] → CMD ["bash"] in Dockerfile.kali
- Root cause: Docker ran /bin/bash -c "sleep" "infinity" → missing operand → container exit
- All Kali sandbox tools (nuclei, naabu, etc.) now start and execute correctly

## Deep Recon Overhaul
- JS analysis: 10→30 files, 11 regex patterns, source map parsing, parameter extraction
- Sitemaps: recursive index following (depth 3), 8 candidates, 500 URL cap
- API discovery: 7→20 Swagger/OpenAPI paths, 1→6 GraphQL paths, request body schema extraction
- Framework detection: 9 frameworks (WordPress, Laravel, Django, Spring, Express, ASP.NET, Rails, Next.js, Flask)
- 40+ common hidden/sensitive paths checked (.env, .git, /actuator, /debug, etc.)
- API pattern fuzzing: infers endpoints from discovered patterns, batch existence checks
- HTTP method discovery via OPTIONS probing
- URL normalization and deduplication

## Frontend Fixes
- Elapsed time now works for completed scans (computed from started_at→completed_at)
- Container telemetry: exit -1 shows "ERR" (yellow), duration shows "N/A" on failure
- HTML report rewrite: professional pentest report with cover page, risk gauge, ToC, per-finding cards, print CSS

## Other
- Updated rebuild.sh summary and validation
- Bug bounty training datasets added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 17:55:28 -03:00
CyberSecurityUP
9f47108876 Fix: remove last gpt-4-turbo-preview fallback in generate() method 
Missed occurrence in the OpenAI chat.completions.create() call
inside generate(). Now uses gpt-4o consistently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:05:26 -03:00
CyberSecurityUP
4041018397 Fix: OpenRouter/Together/Fireworks detection + deprecated gpt-4-turbo-preview model 
Issues fixed:
- OpenRouter API key not recognized: _set_no_provider_error() now checks all 7
  provider keys (was only checking Anthropic/OpenAI/Google), so users with only
  OPENROUTER_API_KEY set no longer get "No API keys configured" error
- Error message now lists all 8 providers (added OpenRouter, Together, Fireworks)
  instead of only 5 (Anthropic, OpenAI, Google, Ollama, LM Studio)
- gpt-4-turbo-preview (deprecated by OpenAI, 404 error) replaced with gpt-4o
  as default OpenAI model in LLMClient init and generate() fallback
- Settings API model list updated: removed gpt-4-turbo-preview and o1-preview/mini,
  added gpt-4.1, gpt-4.1-mini, o3-mini
- .env.example comment updated to reference gpt-4o instead of gpt-4-turbo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:04:43 -03:00
CyberSecurityUP
e0935793c5 NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform 
116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
 2026-02-22 17:59:28 -03:00