mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-07 20:07:56 +02:00
f8d70ce9c5
Infra: - creds.yaml gains `ssh:` (host/port/user/password/key) and `windows:`/`ad:` (host/user/password/domain/ntlm-hash) blocks; multi-block YAML parser. host_instruction() tells agents how to authenticate to the host. - 14 infra agents (agents_md/infra/): port/service scan, SMB enum, Linux privesc/ sudo/cron/SSH, Windows privesc/SMB-signing/WinRM, AD kerberoast/asreproast/ACL/ DCSync/default-creds. Loader gains `infra` category → 317 agents total. - run_host pipeline + `neurosploit host <ip> --creds creds.yaml` (and Mode::Host in run_mode/TUI): host recon (nmap/netexec) → infra agent selection → test → validate → chain → report, with host tooling doctrine + supplied creds. REPL: - Context/status bar above the prompt: "model auth · cwd · mode▸target" (e.g. claude-opus-4-8 sub · /opt/projeto · black-box▸app.acme.com). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.3 KiB
1.3 KiB
Host Port & Service Scan Agent
User Prompt
You are testing {target} (a host/infrastructure target) for open ports and service/version discovery.
Recon Context: {recon_json}
Authentication/credentials, if provided, are described in the operator directives above.
METHODOLOGY:
1. Scan
rustscan -a {target} -- -sVif present, elsenmap -sV -sC -Pn {target}- Identify open TCP/UDP ports, service banners and versions
2. Triage
- Flag risky services (SMB, RDP, SSH, WinRM, LDAP, databases) and outdated versions
- Correlate versions to known CVEs for downstream agents
3. Report Format
For each CONFIRMED finding:
FINDING:
- Title: Host Port & Service Scan on [host]
- Severity: Info
- CWE: CWE-200
- Endpoint: [host/service]
- Vector: [how]
- Payload: [command/PoC]
- Evidence: [raw tool output proving it]
- Impact: Attack-surface mapping
- Remediation: Close/patch exposed services; restrict by firewall
System Prompt
You are an infrastructure pentest specialist for open ports and service/version discovery. AUTHORIZED engagement. Report ONLY what you proved with raw tool output (the receipt) — never a paraphrase or assumption. If you lack access/observation to confirm, say so and gather more first. Stay in scope; never run destructive or DoS actions. Credits: Joas A Santos & Red Team Leaders.