NeuroSploit

CalvinBackup/NeuroSploit

Fork 0

mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:35:34 +02:00

Commit Graph

Author	SHA1	Message	Date
CyberSecurityUP	435463979b	v3.5.0: Claude-Code-style interactive harness (REPL) + instruction-steered testing - New persistent interactive session (app/src/repl.rs), launched when run with no args: banner, model selection, API-key config (/key) or subscription (/sub), then a live session to set /target, /repo, /auth, and free-text /focus instructions (or just type them) that STEER which agents run and how. - Slash-commands: /model /providers /key /sub /target /repo /auth /focus /mcp /votes /agents /show /run /quit (+ bare text = focus). - RunConfig gains `instructions` and `auth`: * instructions bias both LLM agent-selection and the heuristic (focus keywords → injection/access-control/etc. agents get a strong boost) * operator directives (focus + auth) injected into recon and exploit prompts so agents test as an authenticated user and prioritise the requested vuln classes - bump 3.4.1 → 3.5.0 (CLI, harness, reports, credits) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 19:58:35 -03:00
CyberSecurityUP	96f00c1c68	v3.4.1: CLI-only Rust harness — interactive wizard, smart selection, tool doctrine, Typst, status - Remove Rust web server (axum/tower-http); CLI-only binary - Verbose logging (-v) + unique run-id output folder runs/ns-<ts>-<target>/ - status.json lifecycle (running → complete) + ✓ COMPLETE summary - Interactive wizard when run with no args; detailed --help with testphp/DVWA examples + Kali tip - Tool-usage doctrine injected into recon/exploit prompts: curl + rustscan/nmap (apt/brew/cargo install guidance) + browser via Playwright when present, else curl - Smart recon-aware selection: map recon signals → agent categories, only run matching agents; heuristic fallback when LLM selection is empty - Cross-model false-positive validation: voting prefers a model other than the finder - Playwright MCP auto-provision (npx) + per-backend support (claude/codex; gemini/grok degrade) - Gemini provider (API + gemini CLI subscription) - Typst report (report.typ + compiled report.pdf) via blank structured template - Lenient finding parsing (confidence as word/number) — fixes empty-results bug - bump version 3.4.0 -> 3.4.1 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 19:34:13 -03:00
CyberSecurityUP	56d3f0c723	NeuroSploit v3.4.0 — Rust multi-model harness + Axum dashboard New cargo workspace `neurosploit-rs/` (single `neurosploit` binary): harness crate: - models.rs: 11 OpenAI-compatible providers / 31 models (Claude, GPT, Grok, NVIDIA NIM, DeepSeek, Mistral, Qwen, Groq, Together, OpenRouter, Ollama) - pool.rs: ModelPool with bounded concurrency, provider failover, and N-model validator voting (the panel doubles as the jury) - agents.rs: loads the existing agents_md/ library (213 agents) - pipeline.rs: recon → parallel exploit (semaphore-bounded) → N-model adversarial vote → score; streams live progress over a channel - report.rs: HTML report - tokio + reqwest(rustls); offline mode runs the pipeline without API keys app binary: - clap CLI: serve \| run \| agents \| models (run supports --model x N, --vote-n, --max-agents, --offline) - axum web dashboard with multi-model panel, live console, findings, agent browser, embedded report; single binary serves the SPA (no npm/build) Verified: cargo build clean; agents/models/offline-run CLI; server endpoints (/api/info, /api/run lifecycle, /report); dashboard + live run in Playwright. Docs: README v3.4.0 callout + RELEASE.md notes. target/ gitignored. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-21 19:58:43 -03:00

Author

SHA1

Message

Date

CyberSecurityUP

435463979b

v3.5.0: Claude-Code-style interactive harness (REPL) + instruction-steered testing

- New persistent interactive session (app/src/repl.rs), launched when run with no args:
  banner, model selection, API-key config (/key) or subscription (/sub), then a live
  session to set /target, /repo, /auth, and free-text /focus instructions (or just type
  them) that STEER which agents run and how.
- Slash-commands: /model /providers /key /sub /target /repo /auth /focus /mcp /votes
  /agents /show /run /quit  (+ bare text = focus).
- RunConfig gains `instructions` and `auth`:
  * instructions bias both LLM agent-selection and the heuristic (focus keywords →
    injection/access-control/etc. agents get a strong boost)
  * operator directives (focus + auth) injected into recon and exploit prompts so agents
    test as an authenticated user and prioritise the requested vuln classes
- bump 3.4.1 → 3.5.0 (CLI, harness, reports, credits)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 19:58:35 -03:00

CyberSecurityUP

96f00c1c68

v3.4.1: CLI-only Rust harness — interactive wizard, smart selection, tool doctrine, Typst, status

- Remove Rust web server (axum/tower-http); CLI-only binary
- Verbose logging (-v) + unique run-id output folder runs/ns-<ts>-<target>/
- status.json lifecycle (running → complete) + ✓ COMPLETE summary
- Interactive wizard when run with no args; detailed --help with testphp/DVWA examples + Kali tip
- Tool-usage doctrine injected into recon/exploit prompts: curl + rustscan/nmap
  (apt/brew/cargo install guidance) + browser via Playwright when present, else curl
- Smart recon-aware selection: map recon signals → agent categories, only run
  matching agents; heuristic fallback when LLM selection is empty
- Cross-model false-positive validation: voting prefers a model other than the finder
- Playwright MCP auto-provision (npx) + per-backend support (claude/codex; gemini/grok degrade)
- Gemini provider (API + gemini CLI subscription)
- Typst report (report.typ + compiled report.pdf) via blank structured template
- Lenient finding parsing (confidence as word/number) — fixes empty-results bug
- bump version 3.4.0 -> 3.4.1

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 19:34:13 -03:00

CyberSecurityUP

56d3f0c723

NeuroSploit v3.4.0 — Rust multi-model harness + Axum dashboard

New cargo workspace `neurosploit-rs/` (single `neurosploit` binary):

harness crate:
- models.rs: 11 OpenAI-compatible providers / 31 models (Claude, GPT, Grok,
  NVIDIA NIM, DeepSeek, Mistral, Qwen, Groq, Together, OpenRouter, Ollama)
- pool.rs: ModelPool with bounded concurrency, provider failover, and N-model
  validator voting (the panel doubles as the jury)
- agents.rs: loads the existing agents_md/ library (213 agents)
- pipeline.rs: recon → parallel exploit (semaphore-bounded) → N-model
  adversarial vote → score; streams live progress over a channel
- report.rs: HTML report
- tokio + reqwest(rustls); offline mode runs the pipeline without API keys

app binary:
- clap CLI: serve | run | agents | models  (run supports --model x N, --vote-n,
  --max-agents, --offline)
- axum web dashboard with multi-model panel, live console, findings, agent
  browser, embedded report; single binary serves the SPA (no npm/build)

Verified: cargo build clean; agents/models/offline-run CLI; server endpoints
(/api/info, /api/run lifecycle, /report); dashboard + live run in Playwright.

Docs: README v3.4.0 callout + RELEASE.md notes. target/ gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-21 19:58:43 -03:00

3 Commits