NeuroSploit

CalvinBackup/NeuroSploit

Fork 0

mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 07:15:30 +02:00

Commit Graph

Author	SHA1	Message	Date
CyberSecurityUP	f8d70ce9c5	v3.5.1: infra/host engagements — IP + SSH/Windows-AD creds + Linux/Win/AD agents + REPL context bar Infra: - creds.yaml gains `ssh:` (host/port/user/password/key) and `windows:`/`ad:` (host/user/password/domain/ntlm-hash) blocks; multi-block YAML parser. host_instruction() tells agents how to authenticate to the host. - 14 infra agents (agents_md/infra/): port/service scan, SMB enum, Linux privesc/ sudo/cron/SSH, Windows privesc/SMB-signing/WinRM, AD kerberoast/asreproast/ACL/ DCSync/default-creds. Loader gains `infra` category → 317 agents total. - run_host pipeline + `neurosploit host <ip> --creds creds.yaml` (and Mode::Host in run_mode/TUI): host recon (nmap/netexec) → infra agent selection → test → validate → chain → report, with host tooling doctrine + supplied creds. REPL: - Context/status bar above the prompt: "model auth · cwd · mode▸target" (e.g. claude-opus-4-8 sub · /opt/projeto · black-box▸app.acme.com). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 22:17:14 -03:00
CyberSecurityUP	7b1be0b424	v3.5.0: greybox (code + live) pipeline + credentials (creds.yaml / JWT / auth) - New GREYBOX mode: review a repo's source AND exploit the running app in one pipeline — code-review findings become LEADS injected into live exploitation. CLI: `neurosploit greybox <repo> --url <app> [--creds creds.yaml] [--focus ...]` REPL: set both /repo and /target → greybox auto-selected. - Credentials (harness/src/creds.rs, dependency-free YAML subset): jwt / header / cookie, or an automated `login:` flow. Derives an auth header and/or a "authenticate first via curl" directive injected into prompts so agents test authenticated. --creds flag + /creds command + creds.example.yaml. - RunConfig gains `repo`; run_engagement refactored to a Mode enum (Black/White/Grey). - Verified offline: greybox loads creds, combines repo+URL, runs pipeline, writes report. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 20:11:39 -03:00

Author

SHA1

Message

Date

CyberSecurityUP

f8d70ce9c5

v3.5.1: infra/host engagements — IP + SSH/Windows-AD creds + Linux/Win/AD agents + REPL context bar

Infra:
- creds.yaml gains `ssh:` (host/port/user/password/key) and `windows:`/`ad:`
  (host/user/password/domain/ntlm-hash) blocks; multi-block YAML parser.
  host_instruction() tells agents how to authenticate to the host.
- 14 infra agents (agents_md/infra/): port/service scan, SMB enum, Linux privesc/
  sudo/cron/SSH, Windows privesc/SMB-signing/WinRM, AD kerberoast/asreproast/ACL/
  DCSync/default-creds. Loader gains `infra` category → 317 agents total.
- run_host pipeline + `neurosploit host <ip> --creds creds.yaml` (and Mode::Host
  in run_mode/TUI): host recon (nmap/netexec) → infra agent selection → test →
  validate → chain → report, with host tooling doctrine + supplied creds.

REPL:
- Context/status bar above the prompt: "model auth · cwd · mode▸target"
  (e.g. claude-opus-4-8 sub · /opt/projeto · black-box▸app.acme.com).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 22:17:14 -03:00

CyberSecurityUP

7b1be0b424

v3.5.0: greybox (code + live) pipeline + credentials (creds.yaml / JWT / auth)

- New GREYBOX mode: review a repo's source AND exploit the running app in one
  pipeline — code-review findings become LEADS injected into live exploitation.
  CLI: `neurosploit greybox <repo> --url <app> [--creds creds.yaml] [--focus ...]`
  REPL: set both /repo and /target → greybox auto-selected.
- Credentials (harness/src/creds.rs, dependency-free YAML subset): jwt / header /
  cookie, or an automated `login:` flow. Derives an auth header and/or a
  "authenticate first via curl" directive injected into prompts so agents test
  authenticated. --creds flag + /creds command + creds.example.yaml.
- RunConfig gains `repo`; run_engagement refactored to a Mode enum (Black/White/Grey).
- Verified offline: greybox loads creds, combines repo+URL, runs pipeline, writes report.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 20:11:39 -03:00

2 Commits