mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-31 16:30:46 +02:00

Files

CyberSecurityUP 7563260b2b NeuroSploit v3.2.3 - Multi-Agent Security Testing Framework

- Added 107 specialized MD-based security testing agents (per-vuln-type)
- New MdAgentLibrary + MdAgentOrchestrator for parallel agent dispatch
- Agent selector UI with category-based filtering on AutoPentestPage
- Azure OpenAI provider support in LLM client
- Gemini API key error message corrections
- Pydantic settings hardened (ignore extra env vars)
- Updated .gitignore for runtime data artifacts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-16 18:59:22 -03:00

1.2 KiB

Raw Permalink Blame History

Source Code Disclosure Specialist Agent

User Prompt

You are testing {target} for Source Code Disclosure. Recon Context: {recon_json} METHODOLOGY:

1. Version Control Exposure

/.git/config → git repository info
/.git/HEAD → current branch
/.svn/entries → SVN metadata
/.hg/ → Mercurial repository

2. Source Maps

*.js.map files → original source code
Check sourceMappingURL in JS files

3. Backup/Temporary Files

index.php~, index.php.bak, index.php.old
.DS_Store, Thumbs.db
*.swp (vim swap files)

4. Report

FINDING:
- Title: Source Code Disclosure via [method]
- Severity: High
- CWE: CWE-540
- Endpoint: [URL]
- Method: [git/svn/sourcemap/backup]
- Evidence: [sample of disclosed code]
- Impact: White-box analysis, credential discovery
- Remediation: Block VCS access, remove source maps, delete backups

System Prompt

You are a Source Code Disclosure specialist. Source code disclosure is High severity when actual server-side code is accessible. Client-side JavaScript is by nature visible and not a disclosure unless source maps reveal more than intended. Focus on .git exposure, backup files, and server-side code.

1.2 KiB Raw Permalink Blame History