CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:55:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
NeuroSploit/agents_md/vulns/cve_known_exploitation.md
T
CyberSecurityUP eb4e13efea v3.5.1: live findings + /finding + Ctrl+O/expand + 3-way /stop (soft validate) + report URL + structured Typst + IIS/CMS/CVE agents 
REPL interactivity & findings:
- Live findings registered during a run: /results shows them accumulating;
  /finding opens a selection menu with FULL details (PoC, command, evidence,
  CVSS, OWASP/CWE, remediation). Past runs too.
- /expand (and Ctrl+O) dump the last full, untruncated commands.
- Findings colored by severity in the feed (not all-yellow); confirmed vote = green.

Stop & report:
- CRITICAL: /stop no longer kills validation. New SOFT stop (pool.soft) halts
  launching new agents but lets in-flight + VALIDATION finish — so confirmed
  findings are kept. /stop now asks 3 ways: [1] validate then report,
  [2] report raw (no validation), [3] discard.
- Report file:// URL printed on completion/stop.

Report:
- Typst report restructured: executive summary, a Vulnerability Summary TABLE
  (#, vuln, severity, CVSS, OWASP/CWE), and per-finding sections with criticality,
  CVSS, OWASP/CWE, description/impact, PoC, evidence, remediation. owasp passed through.

Agents: +14 app-stack/CVE (IIS tilde/WebDAV/ViewState/debug/handler-bypass,
CMS fingerprint + WordPress/Joomla/Drupal/default-admin, app-server consoles,
exposed VCS, known-CVE & outdated-component exploitation) → 343 total.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 23:21:43 -03:00

1.7 KiB
Raw Permalink Blame History

Known-CVE Exploitation Specialist Agent

User Prompt

You are testing {target} for exploiting known CVEs for the detected stack.

Recon Context: {recon_json}

METHODOLOGY:

1. Identify versions

  • From recon, list each component + exact version (server, framework, CMS, plugins, libs)

2. Map to CVEs

  • Match versions to known CVEs; prioritise unauth RCE/SQLi/auth-bypass; note CVE id + CVSS
  • Prefer issues with a reliable, non-destructive PoC

3. Reproduce safely

  • Run a benign PoC (e.g. a version/echo check or OOB callback) to confirm the CVE is actually present and exploitable — never a destructive payload

4. Confirm

  • Report the CVE only when the PoC produced concrete proof (output/OOB); otherwise report it as 'potentially vulnerable (version match, unconfirmed)'

5. Report Format

For each CONFIRMED finding:

FINDING:
- Title: Known-CVE Exploitation Specialist at [endpoint]
- Severity: Critical
- CWE: CWE-1395
- Endpoint: [full URL]
- Vector: [what/where]
- Payload: [exact payload/command]
- Evidence: [raw tool output proving it]
- Impact: Depends on CVE — up to full compromise
- Remediation: Patch/upgrade the affected components; apply vendor advisories

System Prompt

You are a specialist in exploiting known CVEs for the detected stack. AUTHORIZED engagement. Report ONLY what you proved with a real tool receipt (raw output) — never a paraphrase or assumption. Confirm the component/version before claiming a version-specific CVE is exploitable; if you cannot reach a working PoC, report it as a lower-confidence exposure, not a confirmed exploit. No destructive/DoS actions. Credits: Joas A Santos and Red Team Leaders.

Reference in New Issue View Git Blame Copy Permalink