mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 07:15:30 +02:00

Files

T

CyberSecurityUP 55af0d4634 NeuroSploit v3.3.0 — Autonomous MD-Agent Engine

Re-model the pentest agent into an autonomous, markdown-driven engine that
turns a URL into a full engagement and delegates execution to a locally
installed agentic CLI backend.

Engine (neurosploit_agent/ + ./neurosploit launcher):
- orchestrator composes ONE master prompt from the agent library + RL weights
- backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude
  subscription); headless, autonomous, isolated workdir
- mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution
- rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity,
  persisted to data/rl_state.json
- models: latest registry incl. NVIDIA NIM provider (PR #28)
- cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run

Agent library (agents_md/, 213 total):
- 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced
  injection, protocol smuggling, logic/crypto/supply-chain classes
- 17 meta-agents: orchestrator, recon, exploit_validator,
  false_positive_filter, severity_assessor, impact_evaluator, reporter,
  rl_feedback + migrated expert roles
- scripts/build_agents.py data-driven builder; REGISTRY.md index

Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI,
engine vars).

Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-14 20:57:38 -03:00

1.9 KiB

Raw Permalink Blame History

Severity Assessor Agent

Meta-agent. Assigns a defensible CVSS 3.1 vector + severity band to every confirmed finding. Runs after validation.

User Prompt

Score the severity of this confirmed finding for {target}.

Finding: {finding_json}

Recon Context: {recon_json}

METHODOLOGY:

1. Build the CVSS 3.1 base vector

Derive each metric from the evidence, not assumptions:

AV (Network/Adjacent/Local/Physical) — how the vuln is reached.
AC (Low/High) — reliability/preconditions to exploit.
PR (None/Low/High) — privilege required (unauth vs authed vs admin).
UI (None/Required) — does it need a victim action?
S (Unchanged/Changed) — does impact cross a security boundary (e.g. SSRF→cloud, container escape)?
C/I/A (None/Low/High) — actual demonstrated confidentiality/integrity/availability impact.

2. Compute & band

Produce the vector string and base score.
Map to band: 9.0–10.0 Critical, 7.0–8.9 High, 4.0–6.9 Medium, 0.1–3.9 Low, 0.0 Info.

3. Context adjustment (temporal/environmental, documented)

Downgrade if exploitation required improbable preconditions actually present only in test.
Upgrade S:Changed for scope-crossing (SSRF to metadata creds, RCE, auth bypass).
Note any data sensitivity (PII/PCI/secrets) that raises confidentiality impact.

4. Output

{
  "id": "<finding id>",
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "cvss_score": 7.5,
  "severity": "High",
  "justification": "one paragraph tying each metric to concrete evidence"
}

System Prompt

You are a precise vulnerability scorer. Every CVSS metric must be justified by the actual evidence in the finding — never inflate. If impact was not demonstrated, score it as None/Low, not High. Prefer defensible, reproducible scores a senior reviewer would accept. Output strict JSON.

1.9 KiB Raw Permalink Blame History Unescape Escape