NeuroSploit

CalvinBackup/NeuroSploit

Fork 0

mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 07:15:30 +02:00

Commit Graph

Author	SHA1	Message	Date
CyberSecurityUP	e4efa9bbb0	v3.5.2 — Exploitation Depth & Report Hygiene Distilled from reviewing real AI-pentest output that kept stopping at "exposed" instead of "exploited". Pure-additive, back-compatible. Behavior (injected into black/grey/chain exploit prompts via DEPTH_DOCTRINE): - Exposed → exploited: any info-disclosure / exposed service/WSDL / leaked credential\|token / reachable dev host MUST be used before it's a finding; otherwise it's a lead, not a confirmed High/Critical. - Chain across modules: reuse obtained session/JWT/cookie/credential and pivot to IDOR/privesc/exfil; report the chain, not isolated parts. - Decode & fingerprint → CVE; audit tokens (alg-confusion/none/kid/JWKS, weak HS256 secret cracking, lifecycle). Deterministic post-pass (new crates/harness/src/hygiene.rs, wired into finish()): - calibrate severity to PROVEN impact — unproven High/Critical (hedged, no payload, thin evidence) capped to Medium and re-titled "(potential)"; - depth_audit — flag exposures on a host with no real exploit; - hygiene_summary — advise consolidating hygiene classes repeated across assets. Unit tests cover calibration + depth audit. 5 new doctrine meta-agents (scripts/build_methodology_v352.py → agents_md/meta/): exploit_depth_doctrine, finding_chainer, artifact_decoder, token_auditor, report_calibrator (meta 17→22, total 343→348). Version bumped 3.5.1 → 3.5.2 across crates/app/installers/docs; RELEASE/README updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-26 11:31:11 -03:00
CyberSecurityUP	16e45eb0a3	v3.5.1: robust README + detailed TUTORIAL.md + cross-platform install (Linux/macOS/Windows · x64/arm64) - README rewritten: engagement-modes table, highlights, supported-platforms matrix, agents 329, links to the tutorial. - TUTORIAL.md: full user guide — concepts, install, auth (API/subscription), models, all modes (black/white/grey/host), REPL, TUI, creds.yaml, steering, outputs/reports, per-project memory, POMDP/grounding/chaining, agent library, MCP, troubleshooting, command/flag reference. - setup.sh: detect OS (Linux/macOS/Windows) + arch (x64/arm64); v3.5.1 banner. - install.ps1: native Windows PowerShell one-liner (winget/rustup, build, PATH). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 22:39:10 -03:00
CyberSecurityUP	702f22a87a	v3.5.0: REPL quick-wins (Tab-complete, @file/@dir/@line, multiline, /theme, /attach, /context) + installer + README REPL (rustyline Helper): - Tab autocomplete for /commands and @filesystem-paths. - @path attach: @file, @folder, @file:LINE / @file:START-END fold scope files / stack traces into the agent context; /attach <path> and /context to manage. - Multiline input: end a line with `\` to continue (validator-driven). - /theme color\|mono, /config (=/show); history (↑/↓) persists as before. - Attachments are merged into the run's instruction context. Install: - setup.sh: `curl … \| bash` — auto-installs Rust, clones to ~/.neurosploit, builds release, links neurosploit into ~/.local/bin; idempotent; env-tunable. README: v3.5.0, 🧠 (back to "neuro"), one-line install section, neurosploit-on-PATH usage. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-24 21:19:56 -03:00

Author

SHA1

Message

Date

CyberSecurityUP

e4efa9bbb0

v3.5.2 — Exploitation Depth & Report Hygiene

Distilled from reviewing real AI-pentest output that kept stopping at "exposed"
instead of "exploited". Pure-additive, back-compatible.

Behavior (injected into black/grey/chain exploit prompts via DEPTH_DOCTRINE):
- Exposed → exploited: any info-disclosure / exposed service/WSDL / leaked
  credential|token / reachable dev host MUST be used before it's a finding;
  otherwise it's a lead, not a confirmed High/Critical.
- Chain across modules: reuse obtained session/JWT/cookie/credential and pivot
  to IDOR/privesc/exfil; report the chain, not isolated parts.
- Decode & fingerprint → CVE; audit tokens (alg-confusion/none/kid/JWKS, weak
  HS256 secret cracking, lifecycle).

Deterministic post-pass (new crates/harness/src/hygiene.rs, wired into finish()):
- calibrate severity to PROVEN impact — unproven High/Critical (hedged, no
  payload, thin evidence) capped to Medium and re-titled "(potential)";
- depth_audit — flag exposures on a host with no real exploit;
- hygiene_summary — advise consolidating hygiene classes repeated across assets.
Unit tests cover calibration + depth audit.

5 new doctrine meta-agents (scripts/build_methodology_v352.py → agents_md/meta/):
exploit_depth_doctrine, finding_chainer, artifact_decoder, token_auditor,
report_calibrator (meta 17→22, total 343→348).

Version bumped 3.5.1 → 3.5.2 across crates/app/installers/docs; RELEASE/README
updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-26 11:31:11 -03:00

CyberSecurityUP

16e45eb0a3

v3.5.1: robust README + detailed TUTORIAL.md + cross-platform install (Linux/macOS/Windows · x64/arm64)

- README rewritten: engagement-modes table, highlights, supported-platforms
  matrix, agents 329, links to the tutorial.
- TUTORIAL.md: full user guide — concepts, install, auth (API/subscription),
  models, all modes (black/white/grey/host), REPL, TUI, creds.yaml, steering,
  outputs/reports, per-project memory, POMDP/grounding/chaining, agent library,
  MCP, troubleshooting, command/flag reference.
- setup.sh: detect OS (Linux/macOS/Windows) + arch (x64/arm64); v3.5.1 banner.
- install.ps1: native Windows PowerShell one-liner (winget/rustup, build, PATH).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 22:39:10 -03:00

CyberSecurityUP

702f22a87a

v3.5.0: REPL quick-wins (Tab-complete, @file/@dir/@line, multiline, /theme, /attach, /context) + installer + README

REPL (rustyline Helper):
- Tab autocomplete for /commands and @filesystem-paths.
- @path attach: @file, @folder, @file:LINE / @file:START-END fold scope files /
  stack traces into the agent context; /attach <path> and /context to manage.
- Multiline input: end a line with `\` to continue (validator-driven).
- /theme color|mono, /config (=/show); history (↑/↓) persists as before.
- Attachments are merged into the run's instruction context.

Install:
- setup.sh: `curl … | bash` — auto-installs Rust, clones to ~/.neurosploit,
  builds release, links neurosploit into ~/.local/bin; idempotent; env-tunable.

README: v3.5.0, 🧠 (back to "neuro"), one-line install section, neurosploit-on-PATH usage.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-24 21:19:56 -03:00

3 Commits