CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-01 23:33:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
63 Commits 11 Branches 6 Tags
e5857d00c1701eeea28095853a396d04baec829a
Commit Graph

63 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CyberSecurityUP
e5857d00c1 NeuroSploit v3.2.2 - Full LLM Pentest Mode 
New feature: Full LLM Pentest mode where the AI drives the entire
penetration test cycle autonomously. The LLM plans HTTP requests,
the system executes them, and the LLM analyzes real responses to
identify vulnerabilities — like a human pentester using Burp Suite.

- New OperationMode.FULL_LLM_PENTEST + AgentMode enum
- _run_full_llm_pentest(): 30-round ReACT loop (plan→execute→analyze→adapt)
- 3 new prompt functions in ai_prompts.py (system, round, report)
- Anti-hallucination: findings without real evidence are rejected
- All findings routed through ValidationJudge pipeline
- FullIATestingPage updated: 4-phase UI (Recon→Testing→PostExploit→Report)
- No Kali sandbox required — uses system HTTP client directly
- Methodology injection from pentestcompleto_en.md (118KB)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v3.2.2 		2026-02-24 00:28:26 -03:00
CyberSecurityUP
79acfe04a3 NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest + Container Fix + Deep Recon Overhaul 
## AI-Everywhere Auto Pentest
- Pre-stream AI master planning (_ai_master_plan) runs before parallel streams
- Stream 1 AI recon analysis (Phase 9: hidden endpoint probing, priority routing)
- Stream 2 AI payload generation (replaces hardcoded payloads with context-aware AI)
- Stream 3 AI tool output analysis (real findings vs noise classification)
- 4 new prompt builders in ai_prompts.py (master_plan, junior_ai_test, tool_analysis, recon_analysis)

## LLM-as-VulnEngine: AI Deep Testing
- New _ai_deep_test() iterative loop: OBSERVE→PLAN→EXECUTE→ANALYZE→ADAPT (3 iterations max)
- AI-first for top 15 injection types, hardcoded fallback for rest
- Per-endpoint AI testing in Phase C instead of single _ai_dynamic_test()
- New system prompt context: deep_testing + iterative_testing
- Token budget adaptive: 15 normal, 5 when <50k tokens remain

## Container Fix (Critical)
- Fixed ENTRYPOINT ["/bin/bash", "-c"] → CMD ["bash"] in Dockerfile.kali
- Root cause: Docker ran /bin/bash -c "sleep" "infinity" → missing operand → container exit
- All Kali sandbox tools (nuclei, naabu, etc.) now start and execute correctly

## Deep Recon Overhaul
- JS analysis: 10→30 files, 11 regex patterns, source map parsing, parameter extraction
- Sitemaps: recursive index following (depth 3), 8 candidates, 500 URL cap
- API discovery: 7→20 Swagger/OpenAPI paths, 1→6 GraphQL paths, request body schema extraction
- Framework detection: 9 frameworks (WordPress, Laravel, Django, Spring, Express, ASP.NET, Rails, Next.js, Flask)
- 40+ common hidden/sensitive paths checked (.env, .git, /actuator, /debug, etc.)
- API pattern fuzzing: infers endpoints from discovered patterns, batch existence checks
- HTTP method discovery via OPTIONS probing
- URL normalization and deduplication

## Frontend Fixes
- Elapsed time now works for completed scans (computed from started_at→completed_at)
- Container telemetry: exit -1 shows "ERR" (yellow), duration shows "N/A" on failure
- HTML report rewrite: professional pentest report with cover page, risk gauge, ToC, per-finding cards, print CSS

## Other
- Updated rebuild.sh summary and validation
- Bug bounty training datasets added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v3.2.1 		2026-02-23 17:55:28 -03:00
CyberSecurityUP
b056f6962a Merge main into v3.2 (ours strategy) - prepare main override 
Merging main history to maintain lineage before replacing main
with v3.2 content. The v3.2 branch is the definitive release.
 2026-02-22 18:09:27 -03:00
CyberSecurityUP
9f47108876 Fix: remove last gpt-4-turbo-preview fallback in generate() method 
Missed occurrence in the OpenAI chat.completions.create() call
inside generate(). Now uses gpt-4o consistently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:05:26 -03:00
CyberSecurityUP
4041018397 Fix: OpenRouter/Together/Fireworks detection + deprecated gpt-4-turbo-preview model 
Issues fixed:
- OpenRouter API key not recognized: _set_no_provider_error() now checks all 7
  provider keys (was only checking Anthropic/OpenAI/Google), so users with only
  OPENROUTER_API_KEY set no longer get "No API keys configured" error
- Error message now lists all 8 providers (added OpenRouter, Together, Fireworks)
  instead of only 5 (Anthropic, OpenAI, Google, Ollama, LM Studio)
- gpt-4-turbo-preview (deprecated by OpenAI, 404 error) replaced with gpt-4o
  as default OpenAI model in LLMClient init and generate() fallback
- Settings API model list updated: removed gpt-4-turbo-preview and o1-preview/mini,
  added gpt-4.1, gpt-4.1-mini, o3-mini
- .env.example comment updated to reference gpt-4o instead of gpt-4-turbo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:04:43 -03:00
CyberSecurityUP
e0935793c5 NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform 
116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
 2026-02-22 17:59:28 -03:00
Joas A Santos
4fc98f8d2e Update README.md 2026-02-18 13:05:08 -03:00
Joas A Santos
d40cc383fe Update README.md 2026-02-14 22:51:45 -03:00
Joas A Santos
43d892e7cb Update README.md 3.0.0 2026-02-14 18:59:29 -03:00
Joas A Santos
40f9579f56 Update .env 2026-02-11 10:58:49 -03:00
Joas A Santos
1afb937363 Merge pull request #16 from CyberSecurityUP/v3.1 
V3.1
 2026-02-11 10:57:18 -03:00
Joas A Santos
e861cd667a Add files via upload 2026-02-11 10:56:31 -03:00
Joas A Santos
f0fa49a06a Update .env 2026-02-11 10:54:43 -03:00
Joas A Santos
337410bca8 Add files via upload 2026-02-11 10:53:50 -03:00
Joas A Santos
e1ff8a8355 Add files via upload 2026-02-11 10:52:07 -03:00
Joas A Santos
aac5b8f365 Add files via upload 2026-02-11 10:50:37 -03:00
Joas A Santos
30acd5afc7 Add files via upload 2026-02-11 10:47:33 -03:00
Joas A Santos
e32573a950 Merge pull request #15 from CyberSecurityUP/v3.0 
V3.0
 2026-01-23 15:50:21 -03:00
Joas A Santos
d4ce4d2ff7 Add files via upload 2026-01-23 15:49:46 -03:00
Joas A Santos
f9e4ec16ec Add files via upload 2026-01-23 15:46:05 -03:00
Joas A Santos
a2d6453a3b Update README.md 2026-01-20 01:11:03 -03:00
Joas A Santos
9676d488fb Merge pull request #12 from CyberSecurityUP/v3.0 
V3.0
 2026-01-19 23:03:28 -03:00
Joas A Santos
2a5e9b139a Add files via upload 2026-01-19 23:01:11 -03:00
Joas A Santos
3c4aa7de7d Create .env 2026-01-19 22:52:25 -03:00
Joas A Santos
4e89764740 Add files via upload 2026-01-19 19:24:02 -03:00
Joas A Santos
e7f1e75803 Add files via upload 2026-01-19 19:23:10 -03:00
Joas A Santos
bdd6c91f50 Add files via upload 2026-01-19 19:22:35 -03:00
Joas A Santos
5a8a1fc0d7 Add files via upload 2026-01-19 19:21:57 -03:00
Joas A Santos
b966ba658a Merge pull request #9 from Ahson-Shaikh/main 
Added Use-Cases Section
 2026-01-15 10:51:24 -03:00
Joas A Santos
5e73003971 Merge pull request #11 from CyberSecurityUP/v2.3 
V2.3
1.2.0 		2026-01-14 16:00:06 -03:00
Joas A Santos
0f9950944f Update README.md 2026-01-14 15:59:38 -03:00
Joas A Santos
4b9b0d22be Add files via upload 2026-01-14 15:58:19 -03:00
Joas A Santos
866bb455d7 Update __init__.py 1.1.0 2026-01-11 20:37:58 -03:00
Joas A Santos
22f7a29938 Merge pull request #10 from CyberSecurityUP/v2.2 
V2.2
 2026-01-09 22:51:00 -03:00
Joas A Santos
fd6ef4d258 Add files via upload 2026-01-09 22:50:30 -03:00
Joas A Santos
d5899c19f4 Add files via upload 2026-01-09 22:48:39 -03:00
Joas A Santos
c447313578 Add files via upload 2026-01-09 22:47:52 -03:00
Joas A Santos
a3b58f8b5c Add files via upload 2026-01-09 22:45:49 -03:00
Joas A Santos
e1241a0f06 Add files via upload 2026-01-09 22:45:32 -03:00
Ahson Shaikh
3a31df3c44 Merge branch 'CyberSecurityUP:main' into main 2026-01-09 17:59:18 +05:00
Ahson Shaikh
e3b397cec8 Added Usecase with ZAP Authenticated Testing 2026-01-09 17:58:19 +05:00
Joas A Santos
8e07eb940b Update README.md 2026-01-08 08:51:00 -03:00
Joas A Santos
c246030349 Merge pull request #6 from YatinChaubal/main 
fix: handle missing placeholders in prompt template formatting
 2026-01-06 10:37:38 -03:00
YatinChaubal
ee3232d843 fix: handle missing placeholders in prompt template formatting 2026-01-04 19:45:51 +05:30
Joas A Santos
411627a9a6 Update README.md 1.0.0 2026-01-02 12:13:48 -03:00
Joas A Santos
599f4a95c2 Update QUICKSTART.md 2026-01-02 12:13:06 -03:00
Joas A Santos
49af66aa55 Add files via upload 2026-01-02 11:59:16 -03:00
Joas A Santos
9aab47c4fc Update base_agent.py 2026-01-02 11:51:24 -03:00
Joas A Santos
744c1f5113 Update README.md 2026-01-01 19:26:50 -03:00
Joas A Santos
35622198d5 Add files via upload 2026-01-01 19:26:00 -03:00