CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-04-21 18:36:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
63 Commits 13 Branches 6 Tags
e5857d00c1701eeea28095853a396d04baec829a
Commit Graph

63 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CyberSecurityUP e5857d00c1 NeuroSploit v3.2.2 - Full LLM Pentest Mode 
New feature: Full LLM Pentest mode where the AI drives the entire
penetration test cycle autonomously. The LLM plans HTTP requests,
the system executes them, and the LLM analyzes real responses to
identify vulnerabilities — like a human pentester using Burp Suite.

- New OperationMode.FULL_LLM_PENTEST + AgentMode enum
- _run_full_llm_pentest(): 30-round ReACT loop (plan→execute→analyze→adapt)
- 3 new prompt functions in ai_prompts.py (system, round, report)
- Anti-hallucination: findings without real evidence are rejected
- All findings routed through ValidationJudge pipeline
- FullIATestingPage updated: 4-phase UI (Recon→Testing→PostExploit→Report)
- No Kali sandbox required — uses system HTTP client directly
- Methodology injection from pentestcompleto_en.md (118KB)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v3.2.2 		2026-02-24 00:28:26 -03:00
CyberSecurityUP 79acfe04a3 NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest + Container Fix + Deep Recon Overhaul 
## AI-Everywhere Auto Pentest
- Pre-stream AI master planning (_ai_master_plan) runs before parallel streams
- Stream 1 AI recon analysis (Phase 9: hidden endpoint probing, priority routing)
- Stream 2 AI payload generation (replaces hardcoded payloads with context-aware AI)
- Stream 3 AI tool output analysis (real findings vs noise classification)
- 4 new prompt builders in ai_prompts.py (master_plan, junior_ai_test, tool_analysis, recon_analysis)

## LLM-as-VulnEngine: AI Deep Testing
- New _ai_deep_test() iterative loop: OBSERVE→PLAN→EXECUTE→ANALYZE→ADAPT (3 iterations max)
- AI-first for top 15 injection types, hardcoded fallback for rest
- Per-endpoint AI testing in Phase C instead of single _ai_dynamic_test()
- New system prompt context: deep_testing + iterative_testing
- Token budget adaptive: 15 normal, 5 when <50k tokens remain

## Container Fix (Critical)
- Fixed ENTRYPOINT ["/bin/bash", "-c"] → CMD ["bash"] in Dockerfile.kali
- Root cause: Docker ran /bin/bash -c "sleep" "infinity" → missing operand → container exit
- All Kali sandbox tools (nuclei, naabu, etc.) now start and execute correctly

## Deep Recon Overhaul
- JS analysis: 10→30 files, 11 regex patterns, source map parsing, parameter extraction
- Sitemaps: recursive index following (depth 3), 8 candidates, 500 URL cap
- API discovery: 7→20 Swagger/OpenAPI paths, 1→6 GraphQL paths, request body schema extraction
- Framework detection: 9 frameworks (WordPress, Laravel, Django, Spring, Express, ASP.NET, Rails, Next.js, Flask)
- 40+ common hidden/sensitive paths checked (.env, .git, /actuator, /debug, etc.)
- API pattern fuzzing: infers endpoints from discovered patterns, batch existence checks
- HTTP method discovery via OPTIONS probing
- URL normalization and deduplication

## Frontend Fixes
- Elapsed time now works for completed scans (computed from started_at→completed_at)
- Container telemetry: exit -1 shows "ERR" (yellow), duration shows "N/A" on failure
- HTML report rewrite: professional pentest report with cover page, risk gauge, ToC, per-finding cards, print CSS

## Other
- Updated rebuild.sh summary and validation
- Bug bounty training datasets added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
v3.2.1 		2026-02-23 17:55:28 -03:00
CyberSecurityUP b056f6962a Merge main into v3.2 (ours strategy) - prepare main override 
Merging main history to maintain lineage before replacing main
with v3.2 content. The v3.2 branch is the definitive release.
 2026-02-22 18:09:27 -03:00
CyberSecurityUP 9f47108876 Fix: remove last gpt-4-turbo-preview fallback in generate() method 
Missed occurrence in the OpenAI chat.completions.create() call
inside generate(). Now uses gpt-4o consistently.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:05:26 -03:00
CyberSecurityUP 4041018397 Fix: OpenRouter/Together/Fireworks detection + deprecated gpt-4-turbo-preview model 
Issues fixed:
- OpenRouter API key not recognized: _set_no_provider_error() now checks all 7
  provider keys (was only checking Anthropic/OpenAI/Google), so users with only
  OPENROUTER_API_KEY set no longer get "No API keys configured" error
- Error message now lists all 8 providers (added OpenRouter, Together, Fireworks)
  instead of only 5 (Anthropic, OpenAI, Google, Ollama, LM Studio)
- gpt-4-turbo-preview (deprecated by OpenAI, 404 error) replaced with gpt-4o
  as default OpenAI model in LLMClient init and generate() fallback
- Settings API model list updated: removed gpt-4-turbo-preview and o1-preview/mini,
  added gpt-4.1, gpt-4.1-mini, o3-mini
- .env.example comment updated to reference gpt-4o instead of gpt-4-turbo

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 18:04:43 -03:00
CyberSecurityUP e0935793c5 NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform 
116 modules | 100 vuln types | 18 API routes | 18 frontend pages

Major features:
- VulnEngine: 100 vuln types, 526+ payloads, 12 testers, anti-hallucination prompts
- Autonomous Agent: 3-stream auto pentest, multi-session (5 concurrent), pause/resume/stop
- CLI Agent: Claude Code / Gemini CLI / Codex CLI inside Kali containers
- Validation Pipeline: negative controls, proof of execution, confidence scoring, judge
- AI Reasoning: ReACT engine, token budget, endpoint classifier, CVE hunter, deep recon
- Multi-Agent: 5 specialists + orchestrator + researcher AI + vuln type agents
- RAG System: BM25/TF-IDF/ChromaDB vectorstore, few-shot, reasoning templates
- Smart Router: 20 providers (8 CLI OAuth + 12 API), tier failover, token refresh
- Kali Sandbox: container-per-scan, 56 tools, VPN support, on-demand install
- Full IA Testing: methodology-driven comprehensive pentest sessions
- Notifications: Discord, Telegram, WhatsApp/Twilio multi-channel alerts
- Frontend: React/TypeScript with 18 pages, real-time WebSocket updates
 2026-02-22 17:59:28 -03:00
Joas A Santos 4fc98f8d2e Update README.md 2026-02-18 13:05:08 -03:00
Joas A Santos d40cc383fe Update README.md 2026-02-14 22:51:45 -03:00
Joas A Santos 43d892e7cb Update README.md 3.0.0 2026-02-14 18:59:29 -03:00
Joas A Santos 40f9579f56 Update .env 2026-02-11 10:58:49 -03:00
Joas A Santos 1afb937363 Merge pull request #16 from CyberSecurityUP/v3.1 
V3.1
 2026-02-11 10:57:18 -03:00
Joas A Santos e861cd667a Add files via upload 2026-02-11 10:56:31 -03:00
Joas A Santos f0fa49a06a Update .env 2026-02-11 10:54:43 -03:00
Joas A Santos 337410bca8 Add files via upload 2026-02-11 10:53:50 -03:00
Joas A Santos e1ff8a8355 Add files via upload 2026-02-11 10:52:07 -03:00
Joas A Santos aac5b8f365 Add files via upload 2026-02-11 10:50:37 -03:00
Joas A Santos 30acd5afc7 Add files via upload 2026-02-11 10:47:33 -03:00
Joas A Santos e32573a950 Merge pull request #15 from CyberSecurityUP/v3.0 
V3.0
 2026-01-23 15:50:21 -03:00
Joas A Santos d4ce4d2ff7 Add files via upload 2026-01-23 15:49:46 -03:00
Joas A Santos f9e4ec16ec Add files via upload 2026-01-23 15:46:05 -03:00
Joas A Santos a2d6453a3b Update README.md 2026-01-20 01:11:03 -03:00
Joas A Santos 9676d488fb Merge pull request #12 from CyberSecurityUP/v3.0 
V3.0
 2026-01-19 23:03:28 -03:00
Joas A Santos 2a5e9b139a Add files via upload 2026-01-19 23:01:11 -03:00
Joas A Santos 3c4aa7de7d Create .env 2026-01-19 22:52:25 -03:00
Joas A Santos 4e89764740 Add files via upload 2026-01-19 19:24:02 -03:00
Joas A Santos e7f1e75803 Add files via upload 2026-01-19 19:23:10 -03:00
Joas A Santos bdd6c91f50 Add files via upload 2026-01-19 19:22:35 -03:00
Joas A Santos 5a8a1fc0d7 Add files via upload 2026-01-19 19:21:57 -03:00
Joas A Santos b966ba658a Merge pull request #9 from Ahson-Shaikh/main 
Added Use-Cases Section
 2026-01-15 10:51:24 -03:00
Joas A Santos 5e73003971 Merge pull request #11 from CyberSecurityUP/v2.3 
V2.3
1.2.0 		2026-01-14 16:00:06 -03:00
Joas A Santos 0f9950944f Update README.md 2026-01-14 15:59:38 -03:00
Joas A Santos 4b9b0d22be Add files via upload 2026-01-14 15:58:19 -03:00
Joas A Santos 866bb455d7 Update __init__.py 1.1.0 2026-01-11 20:37:58 -03:00
Joas A Santos 22f7a29938 Merge pull request #10 from CyberSecurityUP/v2.2 
V2.2
 2026-01-09 22:51:00 -03:00
Joas A Santos fd6ef4d258 Add files via upload 2026-01-09 22:50:30 -03:00
Joas A Santos d5899c19f4 Add files via upload 2026-01-09 22:48:39 -03:00
Joas A Santos c447313578 Add files via upload 2026-01-09 22:47:52 -03:00
Joas A Santos a3b58f8b5c Add files via upload 2026-01-09 22:45:49 -03:00
Joas A Santos e1241a0f06 Add files via upload 2026-01-09 22:45:32 -03:00
Ahson Shaikh 3a31df3c44 Merge branch 'CyberSecurityUP:main' into main 2026-01-09 17:59:18 +05:00
Ahson Shaikh e3b397cec8 Added Usecase with ZAP Authenticated Testing 2026-01-09 17:58:19 +05:00
Joas A Santos 8e07eb940b Update README.md 2026-01-08 08:51:00 -03:00
Joas A Santos c246030349 Merge pull request #6 from YatinChaubal/main 
fix: handle missing placeholders in prompt template formatting
 2026-01-06 10:37:38 -03:00
YatinChaubal ee3232d843 fix: handle missing placeholders in prompt template formatting 2026-01-04 19:45:51 +05:30
Joas A Santos 411627a9a6 Update README.md 1.0.0 2026-01-02 12:13:48 -03:00
Joas A Santos 599f4a95c2 Update QUICKSTART.md 2026-01-02 12:13:06 -03:00
Joas A Santos 49af66aa55 Add files via upload 2026-01-02 11:59:16 -03:00
Joas A Santos 9aab47c4fc Update base_agent.py 2026-01-02 11:51:24 -03:00
Joas A Santos 744c1f5113 Update README.md 2026-01-01 19:26:50 -03:00
Joas A Santos 35622198d5 Add files via upload 2026-01-01 19:26:00 -03:00