CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:55:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
NeuroSploit/agents_md/recon/content_discovery.md
T
CyberSecurityUP 3ca3f269ee v3.4.x: intelligent agent selection, whitebox, recon/code agents, Gemini, artifacts, RL, XBOW GUI 
Harness intelligence:
- After recon, the model SELECTS which specialist agents match the target
  (select_agents) — runs the relevant subset, not blindly top-N
- RL reward store (rl.rs): per-agent weights persist to data/rl_state_rs.json,
  reward validated findings (severity-weighted), decay idle, bias next run
- Run artifacts persisted as JSON + MD (recon, exploitation transcript,
  findings, html report) under runs/<target>-<ts>/ for reuse by other AIs

Whitebox mode:
- run_whitebox: walks a repo, builds bounded source context, runs code agents,
  validates by adversarial vote. CLI `whitebox <path>` + web "White-box" mode

Agents: +12 recon (subdomain/tech/js/api/secrets/dns/content/param/waf/cloud/
graphql/osint) and +24 code SAST reviewers (sqli/cmdi/path/ssrf/xss/deser/
secrets/crypto/authz/idor/xxe/redirect/ssti/race/eval/csrf/random/logging/
upload/mass-assign/jwt/cors). Loader gains recon/ + code/ categories → 249 total

Models: +Google Gemini provider (API + gemini CLI subscription); installed_cli_
backends now detects gemini; chat_cli handles gemini/codex/grok + optional
Playwright MCP (.mcp.json) on the subscription path with autonomy flags

GUI: full XBOW-style redesign — sidebar (Operate/Library), topbar status, mode
segment (black-box/white-box), model panel, live console, severity cards,
agent browser with category filters, models view; responsive + aligned

Verified: cargo build --release clean; CLI agents/whitebox; LIVE subscription
run shows model selecting 23→4 agents, RL update, artifacts written; GUI +
white-box toggle in Playwright.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 11:39:56 -03:00

37 lines
1.0 KiB
Markdown
Raw Permalink Blame History

# Content & Path Discovery Specialist Agent
## User Prompt
You are performing reconnaissance on **{target}** to discover hidden files, directories and backups.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Crawl
- Spider with katana; parse robots.txt/sitemap.xml/.well-known
### 2. Fuzz
- `ffuf` directories/files with sensible wordlists and extensions (.bak,.old,.zip,.sql)
### 3. Triage
- Flag admin, backup, config, and source-leak paths
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Content & Path Discovery Specialist at [asset/endpoint]
- Severity: Low
- CWE: CWE-538
- Endpoint: [URL/host]
- Vector: [what/where]
- Payload: [PoC / vulnerable code snippet]
- Evidence: [proof / exact code quoted]
- Impact: Exposure of admin panels, backups, configs
- Remediation: Remove sensitive files from web root; enforce authz
```
## System Prompt
You are a content-discovery specialist. Report only paths that returned a meaningful status/body, with the evidence. No 404s as findings.
Reference in New Issue View Git Blame Copy Permalink