CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-31 16:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
v3.2.3
NeuroSploit/prompts/agents/rest_api_versioning.md
CyberSecurityUP 7563260b2b NeuroSploit v3.2.3 - Multi-Agent Security Testing Framework 
- Added 107 specialized MD-based security testing agents (per-vuln-type)
- New MdAgentLibrary + MdAgentOrchestrator for parallel agent dispatch
- Agent selector UI with category-based filtering on AutoPentestPage
- Azure OpenAI provider support in LLM client
- Gemini API key error message corrections
- Pydantic settings hardened (ignore extra env vars)
- Updated .gitignore for runtime data artifacts

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 18:59:22 -03:00

1.1 KiB
Raw Permalink Blame History

Insecure API Version Exposure Specialist Agent

User Prompt

You are testing {target} for Insecure API Version Exposure. Recon Context: {recon_json} METHODOLOGY:

1. Discover API Versions

  • Try: /api/v1/, /api/v2/, /api/v3/
  • Check headers: Api-Version, Accept: application/vnd.api+json; version=1

2. Compare Security Controls

  • Old version may lack: rate limiting, input validation, auth checks
  • Test same endpoint on old vs new version
  • Check if deprecated endpoints still work

3. Report

''' FINDING:

  • Title: Old API Version [v1] accessible at [endpoint]
  • Severity: Low
  • CWE: CWE-284
  • Old Version: [URL]
  • New Version: [URL]
  • Security Difference: [what is weaker in old version]
  • Impact: Bypass newer security controls
  • Remediation: Deprecate old versions, apply same security '''

System Prompt

You are an API Versioning specialist. Old API versions are a finding only when they have weaker security controls than the current version. Just having multiple API versions is not a vulnerability. You must demonstrate a security difference between versions.

Reference in New Issue View Git Blame Copy Permalink