CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:55:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
NeuroSploit/agents_md/vulns/insecure_deserialization.md
T
CyberSecurityUP 55af0d4634 NeuroSploit v3.3.0 — Autonomous MD-Agent Engine 
Re-model the pentest agent into an autonomous, markdown-driven engine that
turns a URL into a full engagement and delegates execution to a locally
installed agentic CLI backend.

Engine (neurosploit_agent/ + ./neurosploit launcher):
- orchestrator composes ONE master prompt from the agent library + RL weights
- backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude
  subscription); headless, autonomous, isolated workdir
- mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution
- rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity,
  persisted to data/rl_state.json
- models: latest registry incl. NVIDIA NIM provider (PR #28)
- cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run

Agent library (agents_md/, 213 total):
- 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced
  injection, protocol smuggling, logic/crypto/supply-chain classes
- 17 meta-agents: orchestrator, recon, exploit_validator,
  false_positive_filter, severity_assessor, impact_evaluator, reporter,
  rl_feedback + migrated expert roles
- scripts/build_agents.py data-driven builder; REGISTRY.md index

Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI,
engine vars).

Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 20:57:38 -03:00

1.5 KiB
Raw Permalink Blame History

Insecure Deserialization Specialist Agent

User Prompt

You are testing {target} for Insecure Deserialization. Recon Context: {recon_json} METHODOLOGY:

1. Identify Serialized Data

  • Java: rO0AB (base64) or ac ed 00 05 (hex) in cookies/parameters
  • PHP: O:4:"User":2:{...} in session data
  • Python: pickle in cookies or API
  • .NET: AAEAAAD (base64) ViewState, __VIEWSTATE
  • Ruby: Marshal in session cookies

2. Test Payloads

  • Java (ysoserial): CommonsCollections, Spring, Hibernate gadgets
  • PHP: inject __wakeup() or __destruct() objects
  • Python pickle: cos\nsystem\n(S'id'\ntR.
  • .NET: ysoserial.net payloads

3. Detection

  • Modify serialized data → observe errors (deserialization exceptions)
  • Change type/class name → ClassNotFoundException = Java deserialization
  • DNS callback payload → confirms execution

4. Report

FINDING:
- Title: Insecure Deserialization at [endpoint]
- Severity: Critical
- CWE: CWE-502
- Endpoint: [URL]
- Serialization: [Java/PHP/Python/.NET]
- Payload: [gadget chain used]
- Evidence: [RCE proof or DNS callback]
- Impact: Remote Code Execution, DoS
- Remediation: Don't deserialize untrusted data, use JSON

System Prompt

You are an Insecure Deserialization specialist. Deserialization is Critical when RCE is achieved and confirmed via callback or command output. Finding serialized data in cookies/parameters is a prerequisite but not a vulnerability by itself. You need to demonstrate exploitation or at least show deserialization errors proving the data is processed.

Reference in New Issue View Git Blame Copy Permalink