# NeuroSploit v3.5.5 — Release Notes **Release Date:** July 2026 **Codename:** Cloud Testing, REPL Navigation & Deeper Recon **License:** MIT **Credits:** Joas A Santos & Red Team Leaders --- ## TL;DR v3.5.5 adds **cloud infrastructure testing** (AWS / GCP / Azure) with first-class credential connection, **27 new agents** (17 cloud + 10 misconfig/CVE/PoC/rate- limit → library **375**), a much more capable and navigable **REPL** (idle guardrail, multi-target, results browser), **deeper recon** (downloads & analyzes JS, request/response differentials, smart nuclei), **Burp/ZAP proxy** support, a **PoC** workspace, a strict **data-safety/PII guardrail**, and a fix for garbled interactive line-editing. ## Cloud testing - **+17 cloud agents.** AWS, GCP and Azure specialists in `agents_md/infra/`: IAM/RBAC privilege escalation, storage exposure (S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager / Secret Manager / Key Vault), service-account & service-principal abuse, and Entra ID enumeration — plus a multi-cloud footprint/identity recon agent. Read-only-first, non-destructive. - **Connect cloud credentials via `creds.yaml`** (`aws:`, `gcp:`, `azure:` blocks). The harness exports the right env vars so `aws` / `gcloud` / `az` pick them up automatically, and tells the agents how to authenticate & what to enumerate: - **AWS** — `access_key_id`/`secret_access_key`[/`session_token`]/`region`, or a `profile`. - **GCP** — a service-account JSON (`service_account_json`, path recommended) → `GOOGLE_APPLICATION_CREDENTIALS` + project. - **Azure** — a **service principal** (`tenant_id`/`client_id`/`client_secret`/ `subscription_id`) → `az login --service-principal`. - Secrets are never written to disk beyond your `creds.yaml`; inline GCP JSON is materialized to a temp file only to satisfy the SDK/CLI. ## REPL — navigation & control - **Idle guardrail — `/timeout `.** If no NEW finding lands within the window, the run soft-stops and validates what was found (`/timeout 1` = 1 min, `10` = 10 min, `60` = 1 hour, `0` = off). **Default 5 min.** - **Multiple targets — `/target url1,url2,url3`.** A comma-separated list; `/run` tests them **sequentially** (a queue auto-advances to the next when the current finishes) — one report per URL. - **`/results` navigation browser** (interactive): pick a **target/run** → pick a **vulnerability** → see full detail; **Esc steps back a level** (vuln → target → back to the live session). - **`/report` selection**: with multiple runs, choose which report to open from a menu. - **`/chain `** (attack-chain depth), **`/agents list`** (library category counts incl. infra/cloud); **`/show`** now shows chain-depth, idle-stop and enabled integrations. - **Fix:** the interactive prompt no longer embeds ANSI/newline, so line editing (typing, backspace, history, cursor, multiline) is no longer garbled in a real terminal (the readline prompt is plain; color is applied via the highlighter). ## Deeper recon & analysis (agent prompts) - **RECON_SYS** now crawls pages/params/headers/cookies, **downloads the linked JavaScript and analyzes it** (API endpoints, hidden params, GraphQL, secrets / keys / tokens, `sourceMappingURL` → recover original source), fingerprints **exact** stack versions, and does response-differential analysis; richer JSON schema (`js_findings`, `secrets`, `hosts`, …). - **tool_doctrine** adds JS-analysis (linkfinder / gau / katana + grep for endpoints/secrets/source-maps) and request/response-analysis guidance (status, all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and valid-vs-invalid comparisons) — applied to both recon and exploitation. ## Exploitation depth, safety & Burp - **+10 exploitation agents.** Absurd-misconfig hunters (exposed `.git`/`.env`/ backups, debug/actuator endpoints, default creds, directory listing, exposed ops dashboards, permissive CORS, verbose errors), a **CVE Hunter** (fingerprint → correlate → safe PoC), a **PoC Developer** (writes runnable exploit scripts), and a **Rate-Limit / Anti-Automation** tester. - **Data-safety / PII guardrail** injected into every exploit/chain/host prompt: no modifying, deleting, exfiltrating data or changing state without explicit permission; on PII, prove with a single **masked** sample + a count — never dump. When unsure an action is safe, don't do it. - **Smart nuclei in recon** — fingerprint first, then run nuclei on **targeted** templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan). - **Burp/ZAP proxy** — `/proxy ` (or `/burp`, default `:8080`) in the REPL, or the `NEUROSPLOIT_PROXY` env var. Agents route curl through it (`--proxy … -k`) so you can inspect/replay traffic in Burp Suite while the test runs. - **PoC workspace** — each run gets a `pocs/` directory (`$NEUROSPLOIT_POCS`); agents save custom, reproducible exploit scripts there and cite them as evidence. - **Tool download** (authorized) — agents may `git clone` a specific public PoC/ exploit repo or download a scanner when needed (reputable/pinned, reviewed). - **Rate-limit testing** is a first-class control check (small non-disruptive burst → look for 429/lockout/Retry-After), never a DoS. ## Multi-role auth & access-control testing - **Named identities in `creds.yaml`** for IDOR / BOLA / BFLA / privilege-escalation testing. Define two or more roles and the agent authenticates as each and tests **cross-role access** (control vs unauthorized request): ```yaml admin: jwt: eyJ... # or header:/cookie:/apikey:/login+username+password user: apikey: abc123 # → X-Api-Key: abc123 victim: cookie: "session=..." ``` Supported per role: `jwt`, `header` (raw), `cookie`, `apikey`, or a `login`/`username`/`password` self-login. With ≥2 roles the harness injects an access-control directive (capture one role's object IDs/functions, attempt them as another role, prove authorized-vs-denied) under the data-safety guardrail. ## Attribution & identification (anti-plagiarism) - **Identifying User-Agent** on every request — default `NeuroSploit/ (authorized security assessment; +github…)`, plus an `X-NeuroSploit-Scan` header. Change it with **`/ua `** (REPL) or the `NEUROSPLOIT_UA` env var; the run banner shows it. - **Attribution stamped into every finding** ("Identified and validated by NeuroSploit — multi-model adversarial validation …") so provenance travels with the finding across the report, `findings.json` and any copy — in the traffic, the finding text, and the report footer, so the work can't be silently re-badged. ## Notes - Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2). See the README "Cloud credentials" section for a full `creds.yaml` example. --- # NeuroSploit v3.5.4 — Release Notes **Release Date:** July 2026 **Codename:** Robust Attack Chaining & False-Positive Reduction **License:** MIT **Credits:** Joas A Santos & Red Team Leaders --- ## TL;DR v3.5.4 makes NeuroSploit both **deeper** and **more precise**: a real multi-round **post-exploitation attack-chaining** engine that expands each foothold in new directions, plus stronger **false-positive** controls so what it reports is trustworthy. ## Attack chaining (robust, decision-driven) Replaces the old single-shot chainer with **`attack_chain()`** — an iterative, per-foothold pivot engine: - **Per-foothold decisions.** Each round takes the newest confirmed footholds (best-first, capped per round) and, for **each one**, an agent decides which directions to expand and proves new impact: **post-exploitation** (loot creds/keys/config/source), **credential reuse**, **privilege escalation** (horizontal & vertical), **lateral movement** to adjacent services/hosts, **data exfiltration**, and **new attack surface** the foothold exposes. - **Loot carried forward.** Credentials/tokens/hosts/endpoints discovered in one round are passed to later rounds and reused (agent returns `{"findings":[...],"loot":[...]}`), so the engine genuinely pivots in new directions instead of re-testing the same spot. - **No pivoting off false positives.** Each round's new findings are validated before they become the next round's footholds. - **Convergence.** Runs up to `chain_depth` rounds **or** stops when a round finds nothing new (loop-until-dry). - **Control.** New `RunConfig.chain_depth` (default **2**) and a `--chain-depth` flag on every engagement command (`0` disables). ## False-positive reduction - **Robust verdict parsing** (`pool::parse_verdict`) — whitespace-insensitive, checks explicit rejection first, counts only explicit confirmations; ambiguous replies are *not* counted as confirmed. Replaces the fragile exact-JSON / loose-`yes` matching. - **Severity-aware quorum** (`pool::quorum_confirmed`) — **High/Critical now need ≥2 validators AND ≥2/3 agreement** (a single vote can no longer confirm a Critical); lower severities need a strict majority. Single-model panels fall back to majority so they aren't nuked. - **Adversarial refute pass** — every confirmed High/Critical is re-examined by a skeptical panel that assumes false-positive; findings that can't withstand a majority of skeptics are dropped. - **Stronger validator prompt** with an explicit false-positive checklist (reflected-not-executed, version/banner guesses, self-XSS, error-as-injection, thin evidence, inflated severity). ## Notes - Additive and back-compatible; defaults keep behavior sensible if you change nothing. Unit tests cover verdict parsing, quorum, and report-hygiene logic. --- # NeuroSploit v3.5.3 — Release Notes **Release Date:** June 2026 **Codename:** Integrations (GitHub · GitLab · Jira) **License:** MIT **Credits:** Joas A Santos & Red Team Leaders --- ## TL;DR v3.5.3 plugs NeuroSploit into your SDLC: review **private** GitHub/GitLab repos and **Pull Requests**, **watch** a branch and re-review on every commit, and open a **Jira card per finding** — all toggleable via a new `/integrations` command. ## Highlights - **GitHub integration** - **Private repos**: when enabled, `whitebox` / `greybox --repo` / `tui --repo` inject your `GITHUB_TOKEN` into the clone URL (token never printed/stored). - **`neurosploit pr `** — clones the **PR head** (`refs/pull/N/head`), runs a white-box review, optionally **posts a summary comment** back on the PR (`--comment`) and/or **opens Jira cards** (`--jira`). - **`neurosploit watch --branch --interval `** — polls the branch and runs a white-box review **each time a new commit lands**. - **GitLab integration** — private clone (token-injected) for `whitebox`/`greybox` against `gitlab.com` or a self-hosted base. - **Jira integration** — `--jira` on any engagement (or `pr`/`watch`) opens **one card per finding** (summary, severity, CVSS, CWE, location, PoC, evidence, remediation) in your project via the Jira REST API. - **`/integrations` (REPL) + `neurosploit integrations` (CLI)** — `show`, `enable`/`disable `, and `setup ` (interactive). Config persists to `/.neurosploit/integrations.json`. **Secrets are never stored** — only the env-var *name* is saved; values come from the environment at use time. - New harness module `integrations` + app commands `pr` / `watch` / `integrations`, plus a `--jira` flag on `run` / `whitebox`. ## Setup Step-by-step for tokens, scopes and configuration is in **[TUTORIAL-INTEGRATION.md](TUTORIAL-INTEGRATION.md)** and summarized in the README. ## Notes - Additive and back-compatible: all existing modes/flags are unchanged; if no integration is enabled the behavior is identical to v3.5.2. - Tokens use env vars: `GITHUB_TOKEN`, `GITLAB_TOKEN`, `JIRA_EMAIL` + `JIRA_API_TOKEN` (names configurable per integration). --- # NeuroSploit v3.5.2 — Release Notes **Release Date:** June 2026 **Codename:** Exploitation Depth & Report Hygiene **License:** MIT **Credits:** Joas A Santos & Red Team Leaders --- ## TL;DR v3.5.2 hard-codes the discipline that separates a great pentest from a noisy one — distilled from reviewing real AI-pentest output that kept stopping at *"exposed"* instead of *"exploited"*. The engine now pushes every exposure to demonstrated impact, **chains** findings, decodes/fingerprints artifacts and correlates CVEs, audits tokens, and keeps the final report honest (deduplicated and severity-calibrated). ## Highlights - **DEPTH doctrine (exploit, don't just expose).** A new doctrine is injected into every exploitation prompt (black/grey/chain): any info-disclosure, exposed service/catalog/WSDL, leaked credential/token, or reachable dev host **must be USED** before it can be a finding — call it, decode it, log in, hit the dev host. If it was only observed, it's reported as a **lead**, not a confirmed High/Critical. - **Finding chaining.** Reuse any session/JWT/cookie/credential obtained in one step across all other modules; pivot access into IDOR/privesc/exfil and report the **chain**, not isolated parts (e.g. captcha-bypass→admin JWT→authenticated surface; enum + no-rate-limit→password spraying). - **Decode & fingerprint → CVE.** Decode opaque tokens/paths (base64/JSON/marshal) and pin exact library/gem/plugin/CMS versions, then correlate to known CVEs and attempt a safe PoC. - **Token auditor.** JWT alg-confusion (RS→HS), `alg:none`, kid/jku injection, real signature verification, **weak HS256 secret cracking**, and token lifecycle (logout/expiry/refresh). - **Report-hygiene & depth pass (deterministic, in the harness).** After validation the run now: - **calibrates severity to proven impact** — an unproven High/Critical (hedged language, no payload, thin evidence) is capped to Medium and re-titled "(potential)"; - flags **"exposed → exploited" gaps** — exposures on a host with no actual exploit get an advisory to go use them; - advises **consolidating hygiene** classes (headers/cookies/TLS/HSTS/ clickjacking/disclosure) repeated across many assets into ONE finding with an affected-asset table, instead of inflating the count one-per-host. - **5 new doctrine meta-agents** (`agents_md/meta/`): `exploit_depth_doctrine`, `finding_chainer`, `artifact_decoder`, `token_auditor`, `report_calibrator` (meta agents 17 → 22; total library 343 → 348). - **Source from a GitHub URL.** `whitebox` / `greybox --repo` (and the REPL `/repo`) now accept a **git URL** (`https://github.com/owner/repo[.git]`) or an `owner/repo` shorthand — the repo is cloned (shallow) into `/repos/` and reviewed automatically, no manual `git clone` needed: ```bash neurosploit whitebox https://github.com/digininja/DVWA \ --subscription --model anthropic:claude-opus-4-8 -v ``` - **Azure OpenAI provider** (resolves #21). OpenAI-compatible: set `AZURE_OPENAI_ENDPOINT` (+ optional `AZURE_OPENAI_API_VERSION`, default `2024-10-21`) and `AZURE_OPENAI_API_KEY`, then `--model azure:` (the model name is your Azure *deployment* name; auth via the `api-key` header). - **`GOOGLE_API_KEY` alias for Gemini** (resolves #25 confusion). Gemini's API path reads `GEMINI_API_KEY`, and now also accepts `GOOGLE_API_KEY` (Google's standard env var) when the former is unset. Local providers (ollama/litellm) still need **no** key at all. ## Notes - Pure-additive and back-compatible: existing modes, REPL, TUI, pause/continue, crash-recovery and reports are unchanged. The hygiene pass only annotates and down-calibrates unproven severities — it never invents or drops findings. - New unit tests cover the calibration and depth-audit logic (`harness::hygiene`). --- # NeuroSploit v3.5.1 — Release Notes **Release Date:** June 2026 **Codename:** Interactive POMDP Harness **License:** MIT **Credits:** Joas A Santos & Red Team Leaders --- ## TL;DR The 3.5.x line turns the Rust harness into a full **interactive REPL** (Claude Code / Codex / Cursor-CLI style) on top of the multi-model engine: pick models with arrow-keys, configure API keys per provider, set target/repo/auth/creds and free-text instructions that steer the agents, then `/run` engagements **in the background** while you keep typing. v3.5.1 adds a **POMDP belief spine** with anti-hallucination grounding ("no claim without a tool receipt"), **infra/host** testing (IP + SSH + Windows/AD) with Linux/Windows/AD agents, **attack-chain agents**, a **Mission-Control TUI**, structured **Typst** reports, and resilient run control (live checkpointing, pause-on-quota, instant stop). ## Highlights - **Interactive REPL** (`neurosploit` with no subcommand): real line editing (history ↑/↓, Ctrl-A/E/K, multiline), Tab-completion of `/commands` and `@filesystem-paths` (Claude-Code-style file menu), arrow-key model multi-select, per-provider API-key config, and a live context bar (`model · cwd · mode▸target`). - **Engagement modes**: **black-box** (`run`), **white-box** SAST (`whitebox`, set `/repo`), **grey-box** (`greybox`, `/repo` + `/target`), **host/infra** (`/target ` + `/creds` for SSH / Windows / AD), plus the **TUI** dashboard. - **POMDP belief state** (`belief.rs`, `pomdp.rs`): a property-graph with probabilities + Bayesian update + Shannon-entropy uncertainty, a value-of-information planner, and a **grounding gate** (`grounding.rs`, `may_assert`) — findings must carry an empirical/symbolic **tool receipt**. - **Infra / credentials** (`creds.rs`): multi-block YAML (jwt/header/cookie, HTTP login, SSH, Windows/AD); real automated login; Linux/Windows/AD agents. - **Attack-chain agents**: sqli→rce→lpe, ssrf→aws, upload→lfi→rce, and more — injected as chain recipes during exploitation. - **App-stack & CVE hunting**: IIS/.NET (tilde shortname, WebDAV, ViewState), CMS (WordPress/Joomla/Drupal), app-server consoles, known-CVE exploitation. - **13 providers** incl. **LiteLLM** proxy and Gemini/xAI alongside the existing OpenAI-compatible set; **subscription mode** drives local agentic CLIs (claude/codex/gemini/grok) via stream-json. - **Mission-Control TUI** (`ratatui`): concurrent activity/findings/targets panels with a non-blocking composer active during the run. - **Structured Typst report**: executive summary, vulnerability-summary table, and per-finding sections (criticality, CVSS, OWASP/CWE, PoC, evidence, remediation) + an attack-graph / kill-chain mapping (OWASP/CWE/MITRE). - **Per-project persistence** (`.neurosploit/`, no database): `session.json`, `runs.json`, `history.txt` — resumes automatically on reopen. ## Run control (new in 3.5.1) - **Background `/run`** with a live progress bar, severity-colored findings, and the full `file://` report URL on completion/stop. - **3-way `/stop`**: **[1]** validate findings so far → report · **[2]** raw report **now** without validating · **[3]** discard. Raw/discard abort in-flight agents immediately (running CLI children are killed via `kill_on_drop`); validate soft-stops so the validator still runs. - **Crash/quit recovery**: every finding is checkpointed live to `.neurosploit/active_run.json`; an interrupted run is recovered into `/runs` on the next launch, so `/results`, `/finding` and `/report` keep working. - **Pause-on-exhaustion**: when all models are rate-limited / out of quota the run **parks** (state kept) and prints `⏸ token/quota exhausted … PAUSED`. Resume with **`/continue`** when your quota renews, or switch with **`/model `** (or the `/model` selector) then **`/continue`**. - **Inspection**: `/results` (live findings), `/finding` (pick one → full command + PoC + evidence), `/expand` / Ctrl-O (full untruncated commands), `/status`, `/diff`, `/retest`. ## Usage ```bash cd neurosploit-rs && cargo build --release ./target/release/neurosploit # interactive REPL ./target/release/neurosploit run http://target -v --model anthropic:claude-opus-4-8 ./target/release/neurosploit whitebox --repo /path/to/code # white-box SAST ./target/release/neurosploit greybox --repo /path --target http://target # grey-box ./target/release/neurosploit run --creds creds.yaml # host / infra ./target/release/neurosploit tui http://target --subscription --mcp ``` Cross-platform install (Linux / macOS / Windows, x64 + arm64) via `setup.sh` and `install.ps1`. See **README.md** and **TUTORIAL.md** for the full walkthrough. --- # NeuroSploit v3.4.0 — Release Notes **Release Date:** June 2026 **Codename:** Rust Multi-Model Harness **License:** MIT --- ## TL;DR A new **Rust harness** (`neurosploit-rs/`) re-implements the autonomous runtime as a single, fast binary built on `tokio` + `axum`. It drives a **pool of LLM models** with concurrency limits, **provider failover**, and **N-model validator voting** — multiple models must independently agree a finding is real before it is reported — then serves its own solid web dashboard. It reuses the existing `agents_md/` library (213 agents) unchanged. ## Highlights - **`neurosploit-rs/` cargo workspace**: `harness` lib crate + `neurosploit` binary. `cargo build --release` → one static-ish binary. - **Multi-model pool** (`pool.rs`): bounded concurrency + automatic **failover** across providers; the same panel is reused as the **validator voting** jury. - **Pipeline** (`pipeline.rs`): recon → parallel agent exploitation (semaphore bounded) → **N-model adversarial vote** → score → report. Streams live progress over a channel. - **11 providers / 31 models** (`models.rs`), all OpenAI-compatible: Anthropic, OpenAI, xAI, NVIDIA NIM, DeepSeek, Mistral, Qwen, Groq, Together, OpenRouter, Ollama. Models like **Qwen / DeepSeek / Llama** usable directly. - **Axum web dashboard** (`app/`): multi-model selection panel, live execution console, findings, agent browser, embedded HTML report. Single binary serves the SPA — no npm/build. - **CLI**: `neurosploit serve | run | agents | models`, plus `--offline` mode to exercise the full pipeline without any API keys. ## Usage ```bash cd neurosploit-rs && cargo build --release ./target/release/neurosploit serve # → http://127.0.0.1:8788 ./target/release/neurosploit run https://t.example \ --model anthropic:claude-opus-4-8 --model openai:gpt-5.1 --vote-n 3 ``` --- # NeuroSploit v3.3.0 — Release Notes **Release Date:** June 2026 **Codename:** Autonomous MD-Agent Engine **License:** MIT --- ## TL;DR NeuroSploit's pentest agent has been **re-modeled into an autonomous, markdown-driven engine**. You give it a URL; it composes a master prompt from a curated library of **213 markdown agents** and drives a locally-installed **agentic CLI backend** (Claude Code / Codex / Grok CLI, or a Claude subscription) to run the engagement end-to-end — with **Playwright MCP** for proof-of-execution and a **reinforcement-learning** loop that adapts agent selection across runs. The old Python orchestration was retired to `legacy/`. ## Highlights - **New engine `neurosploit_agent/`** + `./neurosploit` terminal launcher. Interactive (`./neurosploit`) or one-shot (`./neurosploit run `). - **213-agent markdown library (`agents_md/`)**: **196 vulnerability specialists** (now covering LLM/AI, cloud/K8s, modern API/auth, advanced injection, protocol smuggling, logic/crypto/supply-chain) + **17 meta-agents**. - **Meta-agents for quality**: `recon`, `exploit_validator`, `false_positive_filter`, `severity_assessor`, `impact_evaluator`, `reporter`, and `rl_feedback` — the pipeline validates and adversarially refutes every candidate before it can become a finding. - **Pluggable agentic CLI backends** with auto-detection: Claude Code, Codex, Grok CLI; **subscription mode** via Claude Code login. - **Playwright MCP** wired in (`.mcp.json`) so agents prove client-side execution (XSS/CSTI) and capture DOM/network/screenshots instead of trusting reflection. - **Reinforcement learning** (`neurosploit_agent/rl.py` + `meta/rl_feedback.md`): bounded per-agent weights with per-tech-stack affinity, persisted to `data/rl_state.json`. - **Latest model registry** (`neurosploit_agent/models.py`): Anthropic Claude 4.x, OpenAI, xAI Grok, Gemini, OpenRouter, Ollama, and **NVIDIA NIM** (PR #28, OpenAI-compatible `integrate.api.nvidia.com`, `nvapi-` keys). - **Data-driven agent builder** `scripts/build_agents.py` for extending the library without boilerplate. ## Breaking changes - The monolithic `neurosploit.py` orchestrator and Python agent classes moved to `legacy/` and are no longer the supported entrypoint. Use `./neurosploit`. - Primary agent library moved from `prompts/agents/` to `agents_md/` (originals preserved; meta/role prompts split into `agents_md/meta/`). ## Upgrade notes 1. Install at least one agentic CLI: Claude Code, Codex, or Grok CLI. 2. `npx` (Node) is required for Playwright MCP. 3. Copy `.env.example` → `.env`; set a provider key (or use Claude subscription). 4. `./neurosploit backends` to confirm detection, then `./neurosploit`. --- # NeuroSploit v3.0.0 — Release Notes **Release Date:** February 2026 **Codename:** Autonomous Pentester **License:** MIT --- ## Overview NeuroSploit v3 is a ground-up overhaul of the AI-powered penetration testing platform. This release transforms the tool from a scanner into an autonomous pentesting agent — capable of reasoning, adapting strategy in real-time, chaining exploits, validating findings with anti-hallucination safeguards, and executing tools inside isolated Kali Linux containers. ### By the Numbers | Metric | Count | |--------|-------| | Vulnerability types supported | 100 | | Payload libraries | 107 | | Total payloads | 477+ | | Kali sandbox tools | 55 | | Backend core modules | 63 Python files | | Backend core code | 37,546 lines | | Autonomous agent | 7,592 lines | | AI decision prompts | 100 (per-vuln-type) | | Anti-hallucination prompts | 12 composable templates | | Proof-of-execution rules | 100 (per-vuln-type) | | Known CVE signatures | 400 | | EOL version checks | 19 | | WAF signatures | 16 | | WAF bypass techniques | 12 | | Exploit chain rules | 10+ | | Frontend pages | 14 | | API endpoints | 111+ | | LLM providers supported | 6 | --- ## Architecture ``` +---------------------+ | React/TypeScript | | Frontend (14p) | +----------+----------+ | WebSocket + REST | +----------v----------+ | FastAPI Backend | | 14 API routers | +----------+----------+ | +---------+--------+--------+---------+ | | | | | +----v---+ +---v----+ +v------+ +v------+ +v--------+ | LLM | | Vuln | | Agent | | Kali | | Report | | Manager| | Engine | | Core | |Sandbox| | Engine | | 6 provs| | 100typ | |7592 ln| | 55 tl | | 2 fmts | +--------+ +--------+ +-------+ +-------+ +---------+ ``` **Stack:** Python 3.10+ / FastAPI / SQLAlchemy (async) / React 18 / TypeScript / Tailwind CSS / Vite / Docker --- ## Core Engine: 100 Vulnerability Types The vulnerability engine covers 100 distinct vulnerability types organized in 10 categories with dedicated testers, payloads, AI prompts, and proof-of-execution rules for each. ### Categories & Types | Category | Types | Examples | |----------|-------|---------| | **Injection** | 12 | SQLi (error, union, blind, time-based), Command Injection, SSTI, NoSQL, LDAP, XPath, Expression Language, HTTP Parameter Pollution | | **XSS** | 3 | Reflected, Stored (two-phase form+display), DOM-based | | **Authentication** | 7 | Auth Bypass, JWT Manipulation, Session Fixation, Weak Password, Default Credentials, 2FA Bypass, OAuth Misconfig | | **Authorization** | 5 | IDOR, BOLA, BFLA, Privilege Escalation, Mass Assignment, Forced Browsing | | **Client-Side** | 9 | CORS, Clickjacking, Open Redirect, DOM Clobbering, PostMessage, WebSocket Hijack, Prototype Pollution, CSS Injection, Tabnabbing | | **File Access** | 5 | LFI, RFI, Path Traversal, XXE, File Upload | | **Request Forgery** | 3 | SSRF, SSRF Cloud (AWS/GCP/Azure metadata), CSRF | | **Infrastructure** | 7 | Security Headers, SSL/TLS, HTTP Methods, Directory Listing, Debug Mode, Exposed Admin, Exposed API Docs, Insecure Cookies | | **Advanced** | 9 | Race Condition, Business Logic, Rate Limit Bypass, Type Juggling, Timing Attack, Host Header Injection, HTTP Smuggling, Cache Poisoning, CRLF | | **Data Exposure** | 6 | Sensitive Data, Information Disclosure, API Key Exposure, Source Code Disclosure, Backup Files, Version Disclosure | | **Cloud & Supply Chain** | 6 | S3 Misconfig, Cloud Metadata, Subdomain Takeover, Vulnerable Dependency, Container Escape, Serverless Misconfig | ### Injection Routing Every vulnerability type is routed to the correct injection point: - **Parameter injection** (default): SQLi, XSS, IDOR, SSRF, etc. - **Header injection**: CRLF, Host Header, HTTP Smuggling - **Body injection**: XXE - **Path injection**: Path Traversal, LFI - **Both (param + path)**: LFI, directory traversal variants ### XSS Pipeline (Reflected) The reflected XSS engine is a multi-stage pipeline: 1. **Canary probe** — unique marker per endpoint+param to detect reflection 2. **Context analysis** — 8 contexts: html_body, attribute_value, script_string, script_block, html_comment, url_context, style_context, event_handler 3. **Filter detection** — batch probe to map allowed/blocked chars, tags, events 4. **AI payload generation** — LLM generates context-aware bypass payloads 5. **Escalation payloads** — WAF/encoding bypass variants 6. **Testing** — up to 30 payloads per param with per-payload dedup 7. **Browser validation** — Playwright popup/cookie/DOM/event verification (optional) ### POST Form Support - HTML forms detected during recon with method, action, all input fields (including `