mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-06-30 07:15:30 +02:00
CyberSecurityUP
3ca3f269ee
Harness intelligence: - After recon, the model SELECTS which specialist agents match the target (select_agents) — runs the relevant subset, not blindly top-N - RL reward store (rl.rs): per-agent weights persist to data/rl_state_rs.json, reward validated findings (severity-weighted), decay idle, bias next run - Run artifacts persisted as JSON + MD (recon, exploitation transcript, findings, html report) under runs/<target>-<ts>/ for reuse by other AIs Whitebox mode: - run_whitebox: walks a repo, builds bounded source context, runs code agents, validates by adversarial vote. CLI `whitebox <path>` + web "White-box" mode Agents: +12 recon (subdomain/tech/js/api/secrets/dns/content/param/waf/cloud/ graphql/osint) and +24 code SAST reviewers (sqli/cmdi/path/ssrf/xss/deser/ secrets/crypto/authz/idor/xxe/redirect/ssti/race/eval/csrf/random/logging/ upload/mass-assign/jwt/cors). Loader gains recon/ + code/ categories → 249 total Models: +Google Gemini provider (API + gemini CLI subscription); installed_cli_ backends now detects gemini; chat_cli handles gemini/codex/grok + optional Playwright MCP (.mcp.json) on the subscription path with autonomy flags GUI: full XBOW-style redesign — sidebar (Operate/Library), topbar status, mode segment (black-box/white-box), model panel, live console, severity cards, agent browser with category filters, models view; responsive + aligned Verified: cargo build --release clean; CLI agents/whitebox; LIVE subscription run shows model selecting 23→4 agents, RL update, artifacts written; GUI + white-box toggle in Playwright. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
328 lines
23 KiB
HTML
328 lines
23 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta charset="utf-8"/>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
||
<title>NeuroSploit</title>
|
||
<style>
|
||
:root{
|
||
--bg:#0a0b0f;--bg2:#0e1016;--panel:#13151d;--panel2:#191c26;--panel3:#1e2230;
|
||
--line:#242838;--line2:#2e3346;--text:#eef1f6;--muted:#9aa1b4;--dim:#6b7186;
|
||
--accent:#7c5cff;--accent2:#a855f7;--cy:#2dd4bf;--ok:#34d399;--warn:#fbbf24;
|
||
--crit:#f5556d;--high:#fb923c;--med:#fbbf24;--low:#38bdf8;--info:#94a3b8;
|
||
--radius:14px;--shadow:0 16px 50px rgba(0,0,0,.5);
|
||
}
|
||
*{box-sizing:border-box;margin:0;padding:0}
|
||
html{scroll-behavior:smooth}
|
||
body{background:var(--bg);color:var(--text);font:14px/1.55 ui-sans-serif,system-ui,-apple-system,"Segoe UI",Roboto,sans-serif;
|
||
-webkit-font-smoothing:antialiased}
|
||
::-webkit-scrollbar{width:9px;height:9px}::-webkit-scrollbar-thumb{background:var(--line2);border-radius:9px}
|
||
.app{display:grid;grid-template-columns:240px 1fr;min-height:100vh}
|
||
/* ===== sidebar ===== */
|
||
.side{background:linear-gradient(180deg,var(--bg2),#08090d);border-right:1px solid var(--line);
|
||
padding:22px 16px;display:flex;flex-direction:column;gap:3px;position:sticky;top:0;height:100vh}
|
||
.brand{display:flex;align-items:center;gap:11px;margin:2px 6px 24px}
|
||
.logo{width:38px;height:38px;border-radius:11px;background:linear-gradient(135deg,var(--accent),var(--accent2));
|
||
display:grid;place-items:center;font-weight:800;font-size:19px;color:#fff;box-shadow:0 8px 26px rgba(124,92,255,.45)}
|
||
.brand .nm{font-size:16px;font-weight:700;letter-spacing:.2px}
|
||
.brand .vr{font-size:10.5px;color:var(--muted);margin-top:-1px}
|
||
.badge-rs{font-size:8.5px;font-weight:800;color:#1a1209;background:#e6b673;border-radius:4px;padding:1px 5px;margin-left:6px;vertical-align:middle}
|
||
.navlabel{font-size:10px;text-transform:uppercase;letter-spacing:1px;color:var(--dim);margin:16px 10px 6px}
|
||
.nav{display:flex;align-items:center;gap:11px;padding:10px 12px;border-radius:10px;color:var(--muted);
|
||
cursor:pointer;font-size:13.5px;font-weight:500;transition:.13s}
|
||
.nav .ic{width:18px;height:18px;opacity:.8;flex:none}
|
||
.nav:hover{background:var(--panel);color:var(--text)}
|
||
.nav.on{background:linear-gradient(135deg,rgba(124,92,255,.2),rgba(168,85,247,.08));color:#fff;
|
||
box-shadow:inset 0 0 0 1px rgba(124,92,255,.32)}
|
||
.nav.on .ic{opacity:1}
|
||
.side .foot{margin-top:auto;border-top:1px solid var(--line);padding-top:12px;font-size:11px;color:var(--dim)}
|
||
.stat{display:flex;justify-content:space-between;padding:3px 8px}.stat b{color:var(--text)}
|
||
/* ===== main ===== */
|
||
main{padding:0;overflow:hidden}
|
||
.topbar{display:flex;align-items:center;justify-content:space-between;padding:18px 32px;border-bottom:1px solid var(--line);
|
||
background:rgba(14,16,22,.6);backdrop-filter:blur(8px);position:sticky;top:0;z-index:5}
|
||
.topbar h1{font-size:18px;font-weight:650}.topbar .crumb{color:var(--dim);font-size:12.5px;margin-top:2px}
|
||
.chipline{display:flex;gap:8px}
|
||
.mono{font-family:ui-monospace,"SF Mono",Menlo,monospace}
|
||
.wrap{padding:28px 32px;max-width:1180px}
|
||
.view{display:none;animation:fade .25s ease}.view.on{display:block}
|
||
@keyframes fade{from{opacity:0;transform:translateY(6px)}to{opacity:1;transform:none}}
|
||
.grid2{display:grid;grid-template-columns:1.55fr 1fr;gap:20px;align-items:start}
|
||
@media(max-width:980px){.app{grid-template-columns:1fr}.side{position:static;height:auto;flex-direction:row;flex-wrap:wrap}
|
||
.grid2{grid-template-columns:1fr}.navlabel{display:none}.side .foot{display:none}}
|
||
.card{background:var(--panel);border:1px solid var(--line);border-radius:var(--radius);padding:22px;margin-bottom:20px}
|
||
.card h2{font-size:14px;font-weight:650;margin-bottom:4px;display:flex;align-items:center;gap:8px}
|
||
.card .desc{color:var(--muted);font-size:12.5px;margin-bottom:16px}
|
||
label{display:block;font-size:11px;color:var(--muted);text-transform:uppercase;letter-spacing:.5px;margin:0 0 7px;font-weight:600}
|
||
.field{margin-bottom:16px}
|
||
input,select,textarea{width:100%;background:var(--panel2);border:1px solid var(--line2);color:var(--text);
|
||
border-radius:10px;padding:11px 13px;font-size:13.5px;outline:none;font-family:inherit;transition:.14s}
|
||
textarea{resize:vertical;min-height:76px;font-family:ui-monospace,Menlo,monospace;font-size:12.5px}
|
||
input:focus,select:focus,textarea:focus{border-color:var(--accent);box-shadow:0 0 0 3px rgba(124,92,255,.13)}
|
||
.row{display:flex;gap:13px;flex-wrap:wrap}.row>*{flex:1;min-width:120px}
|
||
/* segmented mode switch */
|
||
.seg{display:inline-flex;background:var(--panel2);border:1px solid var(--line2);border-radius:10px;padding:3px;gap:3px;margin-bottom:18px}
|
||
.seg button{background:transparent;border:0;color:var(--muted);padding:8px 16px;border-radius:8px;font-size:13px;font-weight:600;cursor:pointer;transition:.13s}
|
||
.seg button.on{background:linear-gradient(135deg,var(--accent),var(--accent2));color:#fff}
|
||
.toggles{display:flex;gap:10px;flex-wrap:wrap;margin:4px 0 18px}
|
||
.tg{display:flex;align-items:center;gap:9px;background:var(--panel2);border:1px solid var(--line2);border-radius:10px;
|
||
padding:10px 13px;cursor:pointer;font-size:12.5px;user-select:none;transition:.13s}
|
||
.tg.on{border-color:var(--accent);background:rgba(124,92,255,.1);color:#fff}
|
||
.tg input{accent-color:var(--accent);width:15px;height:15px}
|
||
.btns{display:flex;gap:11px}
|
||
button.act{border:0;border-radius:11px;padding:12px 18px;font-size:14px;font-weight:650;cursor:pointer;transition:.13s}
|
||
.primary{background:linear-gradient(135deg,var(--accent),var(--accent2));color:#fff;flex:1;box-shadow:0 8px 22px rgba(124,92,255,.3)}
|
||
.primary:hover{filter:brightness(1.09)}
|
||
.ghost{background:var(--panel2);color:var(--text);border:1px solid var(--line2)}.ghost:hover{border-color:var(--accent)}
|
||
button:disabled{opacity:.5;cursor:not-allowed}
|
||
.chip{display:inline-flex;align-items:center;gap:6px;background:var(--panel2);border:1px solid var(--line2);
|
||
border-radius:999px;padding:4px 11px;font-size:11.5px;color:var(--muted)}
|
||
.chip b{color:var(--text)}.dot{width:7px;height:7px;border-radius:50%;background:var(--ok);box-shadow:0 0 8px var(--ok)}
|
||
/* model panel */
|
||
.mpanel{max-height:230px;overflow:auto;border:1px solid var(--line2);border-radius:10px;padding:5px;background:var(--bg2)}
|
||
.mopt{display:flex;align-items:center;gap:9px;padding:7px 9px;border-radius:8px;font-size:12.5px;cursor:pointer}
|
||
.mopt:hover{background:var(--panel2)}.mopt input{accent-color:var(--accent)}
|
||
.tag{font-size:9px;font-weight:700;padding:2px 6px;border-radius:5px;text-transform:uppercase;letter-spacing:.4px}
|
||
.tag.cli{background:rgba(124,92,255,.2);color:#c4b5fd}.tag.api{background:rgba(45,212,191,.15);color:var(--cy)}
|
||
.tag.meta{background:rgba(45,212,191,.15);color:var(--cy)}.tag.recon{background:rgba(56,189,248,.16);color:var(--low)}
|
||
.tag.code{background:rgba(251,146,60,.16);color:var(--high)}.tag.vuln{background:rgba(245,85,109,.15);color:var(--crit)}
|
||
/* console */
|
||
.term{background:#070810;border:1px solid var(--line2);border-radius:12px;padding:14px 16px;
|
||
font:12px/1.65 ui-monospace,Menlo,monospace;max-height:340px;overflow:auto;white-space:pre-wrap;color:#c3cad8;min-height:120px}
|
||
.term .h{color:var(--accent2);font-weight:600}.term .ok{color:var(--ok)}.term .e{color:var(--crit)}
|
||
.term .v{color:var(--cy)}.term .s{color:var(--warn)}
|
||
.term .empty{color:var(--dim)}
|
||
/* findings */
|
||
.sevbar{display:flex;gap:9px;flex-wrap:wrap;margin-bottom:14px}
|
||
.scount{display:flex;flex-direction:column;align-items:center;background:var(--panel2);border:1px solid var(--line2);
|
||
border-radius:10px;padding:9px 16px;min-width:74px}
|
||
.scount .n{font-size:20px;font-weight:750}.scount .l{font-size:10px;text-transform:uppercase;letter-spacing:.5px;color:var(--muted)}
|
||
.scount.Critical .n{color:var(--crit)}.scount.High .n{color:var(--high)}.scount.Medium .n{color:var(--med)}
|
||
.scount.Low .n{color:var(--low)}.scount.Info .n{color:var(--info)}
|
||
.find{border:1px solid var(--line2);border-left-width:3px;border-radius:11px;padding:15px 17px;margin:11px 0;background:var(--panel2)}
|
||
.find.Critical{border-left-color:var(--crit)}.find.High{border-left-color:var(--high)}.find.Medium{border-left-color:var(--med)}
|
||
.find.Low{border-left-color:var(--low)}.find.Info{border-left-color:var(--info)}
|
||
.find h4{font-size:14px;margin-bottom:5px;display:flex;align-items:center;gap:9px}
|
||
.sev{font-size:10px;font-weight:700;padding:3px 8px;border-radius:6px;text-transform:uppercase}
|
||
.sev.Critical{background:rgba(245,85,109,.18);color:var(--crit)}.sev.High{background:rgba(251,146,60,.18);color:var(--high)}
|
||
.sev.Medium{background:rgba(251,191,36,.16);color:var(--med)}.sev.Low{background:rgba(56,189,248,.16);color:var(--low)}
|
||
.sev.Info{background:rgba(148,163,184,.16);color:var(--info)}
|
||
.find .m{color:var(--muted);font-size:11.5px;margin-bottom:6px}
|
||
.find pre{background:#070810;border:1px solid var(--line);border-radius:8px;padding:10px;font-size:11.5px;overflow:auto;margin:7px 0}
|
||
.empty-state{text-align:center;color:var(--dim);padding:36px 10px;font-size:13px}
|
||
/* agents list */
|
||
.toolbar{display:flex;gap:10px;margin-bottom:14px;flex-wrap:wrap}.toolbar input{flex:1;min-width:160px}
|
||
.fbtn{background:var(--panel2);border:1px solid var(--line2);color:var(--muted);border-radius:8px;padding:8px 13px;font-size:12px;cursor:pointer;font-weight:600}
|
||
.fbtn.on{border-color:var(--accent);color:#fff;background:rgba(124,92,255,.12)}
|
||
.alist{max-height:560px;overflow:auto;border:1px solid var(--line2);border-radius:11px}
|
||
.arow{display:flex;gap:11px;padding:10px 14px;border-bottom:1px solid var(--line);font-size:13px;align-items:center}
|
||
.arow:last-child{border:0}.arow:hover{background:var(--panel2)}.arow code{color:var(--accent2);font-size:12.5px}
|
||
.arow .t{color:var(--muted);margin-left:auto;font-size:11.5px;text-align:right}
|
||
.muted{color:var(--muted)}.dim{color:var(--dim)}a{color:var(--accent2);text-decoration:none}a:hover{text-decoration:underline}
|
||
.dl{display:inline-flex;gap:8px;background:var(--panel2);border:1px solid var(--line2);border-radius:9px;padding:9px 14px;margin:0 9px 9px 0;color:var(--text);font-size:12.5px}
|
||
.dl:hover{border-color:var(--accent);text-decoration:none}
|
||
iframe{width:100%;height:560px;border:1px solid var(--line2);border-radius:11px;background:#fff;margin-top:12px}
|
||
.mcard{padding:14px 16px;border:1px solid var(--line2);border-radius:11px;margin-bottom:11px;background:var(--panel2)}
|
||
.mcard h3{font-size:13.5px;margin-bottom:7px;display:flex;align-items:center;gap:8px}
|
||
.keyrow{display:flex;align-items:center;gap:8px;margin:5px 0;font-size:12px;color:var(--muted)}
|
||
.progress{height:3px;background:var(--line);border-radius:3px;overflow:hidden;margin-top:14px;display:none}
|
||
.progress.on{display:block}.progress .bar{height:100%;width:30%;background:linear-gradient(90deg,var(--accent),var(--accent2));
|
||
border-radius:3px;animation:slide 1.1s infinite ease-in-out}
|
||
@keyframes slide{0%{margin-left:-30%}100%{margin-left:100%}}
|
||
</style>
|
||
</head>
|
||
<body>
|
||
<div class="app">
|
||
<aside class="side">
|
||
<div class="brand"><div class="logo">N</div><div><div class="nm">NeuroSploit<span class="badge-rs">RUST</span></div><div class="vr">v3.4.0 · Multi-Model Harness</div></div></div>
|
||
<div class="navlabel">Operate</div>
|
||
<div class="nav on" data-v="run"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polygon points="5 3 19 12 5 21 5 3"/></svg> Engagement</div>
|
||
<div class="nav" data-v="findings"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> Findings</div>
|
||
<div class="nav" data-v="report"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/></svg> Report</div>
|
||
<div class="navlabel">Library</div>
|
||
<div class="nav" data-v="agents"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="3"/><path d="M12 1v6m0 6v6m11-7h-6m-6 0H1"/></svg> Agents</div>
|
||
<div class="nav" data-v="models"><svg class="ic" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="18" height="18" rx="2"/><path d="M9 9h6v6H9z"/></svg> Models</div>
|
||
<div class="foot">
|
||
<div class="stat"><span>Agents</span><b id="sf-agents">—</b></div>
|
||
<div class="stat"><span>Providers</span><b id="sf-prov">—</b></div>
|
||
<div class="stat"><span>Backends</span><b id="sf-cli">—</b></div>
|
||
</div>
|
||
</aside>
|
||
|
||
<main>
|
||
<div class="topbar">
|
||
<div><h1 id="bar-title">Engagement</h1><div class="crumb" id="bar-crumb">Configure and launch an autonomous run</div></div>
|
||
<div class="chipline"><span class="chip"><span class="dot"></span> <b>online</b></span><span class="chip mono" id="chip-models">—</span></div>
|
||
</div>
|
||
|
||
<!-- ENGAGEMENT -->
|
||
<section class="view on" id="v-run"><div class="wrap">
|
||
<div class="seg" id="modeSeg">
|
||
<button class="on" data-m="web">🌐 Black-box (URL)</button>
|
||
<button data-m="whitebox">📦 White-box (repo)</button>
|
||
</div>
|
||
<div class="grid2">
|
||
<div>
|
||
<div class="card">
|
||
<h2>Target</h2>
|
||
<div class="desc" id="targetDesc">One or more URLs — the harness recons each, then intelligently selects matching agents.</div>
|
||
<div class="field" id="urlField"><label>Targets (one per line)</label><textarea id="targets" placeholder="https://target-one.example https://target-two.example"></textarea></div>
|
||
<div class="field" id="repoField" style="display:none"><label>Repository path (local)</label><input id="repo" placeholder="/path/to/repo"/></div>
|
||
<div class="row">
|
||
<div class="field"><label>Validator votes (N)</label><input id="voten" type="number" value="3" min="1" max="9"/></div>
|
||
<div class="field"><label>Max agents (0 = all)</label><input id="maxa" type="number" value="0" min="0"/></div>
|
||
</div>
|
||
<div class="toggles">
|
||
<label class="tg on" id="tg-off"><input type="checkbox" id="offline" checked/> Offline self-test</label>
|
||
<label class="tg" id="tg-sub"><input type="checkbox" id="subscription"/> Subscription (Claude/Codex/Gemini login)</label>
|
||
<label class="tg" id="tg-mcp"><input type="checkbox" id="mcp"/> Playwright MCP</label>
|
||
</div>
|
||
<div class="btns"><button class="act primary" id="go">▶ Launch engagement</button></div>
|
||
<div class="progress" id="prog"><div class="bar"></div></div>
|
||
</div>
|
||
</div>
|
||
<div>
|
||
<div class="card">
|
||
<h2>Model panel</h2>
|
||
<div class="desc">1st = primary · others fail over & form the validator jury.</div>
|
||
<div class="mpanel" id="mpanel"></div>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<div class="card">
|
||
<h2>Live execution</h2>
|
||
<div class="desc">Recon → intelligent agent selection → parallel exploitation → N-model voting → report. Artifacts saved to <span class="mono">runs/</span>.</div>
|
||
<div class="term" id="term"><span class="empty">— idle. Launch an engagement to stream activity. —</span></div>
|
||
</div>
|
||
</div></section>
|
||
|
||
<!-- FINDINGS -->
|
||
<section class="view" id="v-findings"><div class="wrap">
|
||
<div class="card">
|
||
<h2>Validated findings</h2>
|
||
<div class="desc">Only findings confirmed by multi-model adversarial voting appear here.</div>
|
||
<div class="sevbar" id="sevbar"></div>
|
||
<div id="findings"><div class="empty-state">No findings yet — run an engagement.</div></div>
|
||
</div>
|
||
</div></section>
|
||
|
||
<!-- REPORT -->
|
||
<section class="view" id="v-report"><div class="wrap">
|
||
<div class="card">
|
||
<h2>Report</h2>
|
||
<div class="desc">HTML report + JSON/MD artifacts for reuse by other tools/AIs.</div>
|
||
<div id="reportcard"><div class="empty-state">Run an engagement to generate a report.</div></div>
|
||
</div>
|
||
</div></section>
|
||
|
||
<!-- AGENTS -->
|
||
<section class="view" id="v-agents"><div class="wrap">
|
||
<div class="card">
|
||
<h2>Agent library</h2>
|
||
<div class="desc" id="agentsub">…</div>
|
||
<div class="toolbar">
|
||
<input id="asearch" placeholder="🔎 filter by name / title / CWE"/>
|
||
<button class="fbtn on" data-k="all">All</button>
|
||
<button class="fbtn" data-k="vuln">Vuln</button>
|
||
<button class="fbtn" data-k="recon">Recon</button>
|
||
<button class="fbtn" data-k="code">Code</button>
|
||
<button class="fbtn" data-k="meta">Meta</button>
|
||
</div>
|
||
<div class="alist" id="alist"></div>
|
||
</div>
|
||
</div></section>
|
||
|
||
<!-- MODELS -->
|
||
<section class="view" id="v-models"><div class="wrap">
|
||
<div class="card">
|
||
<h2>Providers & models</h2>
|
||
<div class="desc">Use via <b>API</b> key or <b>subscription</b> (local CLI login). CLI-capable providers are tagged.</div>
|
||
<div id="modelcard"></div>
|
||
</div>
|
||
</div></section>
|
||
</main>
|
||
</div>
|
||
<script>
|
||
const $=s=>document.querySelector(s),$$=s=>[...document.querySelectorAll(s)];
|
||
let INFO=null,AGENTS=[],lastRun=null,mode='web',filter='all';
|
||
|
||
const TITLES={run:['Engagement','Configure and launch an autonomous run'],findings:['Findings','Validated, multi-model-confirmed results'],
|
||
report:['Report','Generated deliverables & artifacts'],agents:['Agents','The markdown agent library'],models:['Models','Providers, models & auth']};
|
||
$$('.nav').forEach(n=>n.onclick=()=>{$$('.nav').forEach(x=>x.classList.remove('on'));n.classList.add('on');
|
||
$$('.view').forEach(v=>v.classList.remove('on'));$('#v-'+n.dataset.v).classList.add('on');
|
||
const t=TITLES[n.dataset.v];$('#bar-title').textContent=t[0];$('#bar-crumb').textContent=t[1];});
|
||
|
||
// mode switch
|
||
$$('#modeSeg button').forEach(b=>b.onclick=()=>{$$('#modeSeg button').forEach(x=>x.classList.remove('on'));b.classList.add('on');
|
||
mode=b.dataset.m;const wb=mode==='whitebox';
|
||
$('#urlField').style.display=wb?'none':'';$('#repoField').style.display=wb?'':'none';
|
||
$('#targetDesc').textContent=wb?'A local repository path — code agents review the source for vulnerabilities.':'One or more URLs — the harness recons each, then intelligently selects matching agents.';});
|
||
// toggles
|
||
['off','sub','mcp'].forEach(k=>{const map={off:'offline',sub:'subscription',mcp:'mcp'};
|
||
$('#'+map[k]).onchange=e=>$('#tg-'+k).classList.toggle('on',e.target.checked);});
|
||
|
||
async function init(){
|
||
INFO=await (await fetch('/api/info')).json();
|
||
const a=INFO.agents;
|
||
$('#sf-agents').textContent=a.total;$('#sf-prov').textContent=INFO.providers.length;
|
||
$('#sf-cli').textContent=(INFO.cli_backends||[]).length;
|
||
$('#chip-models').textContent=(INFO.cli_backends||[]).join(' · ')||'api-only';
|
||
$('#agentsub').textContent=`${a.vulns} vuln · ${a.recon||0} recon · ${a.code||0} code · ${a.meta} meta — ${a.total} total`;
|
||
let mh='',first=true;
|
||
INFO.providers.forEach(p=>p.models.forEach(m=>{const id=p.key+':'+m;
|
||
mh+=`<label class="mopt"><input type="checkbox" value="${id}" ${first?'checked':''}/> <span class="tag ${p.kind}">${p.kind}</span> <code>${id}</code></label>`;first=false;}));
|
||
$('#mpanel').innerHTML=mh;
|
||
$('#modelcard').innerHTML=INFO.providers.map(p=>`<div class="mcard"><h3><span class="tag ${p.kind}">${p.kind}</span> ${p.label}
|
||
${(INFO.cli_backends||[]).some(b=>['claude','codex','grok','gemini'].includes(b))&&p.kind==='cli'?'<span class="dim" style="font-size:11px">· subscription-capable</span>':''}</h3>
|
||
<div class="muted" style="font-size:12px">${p.models.map(m=>'<code>'+m+'</code>').join(' · ')}</div></div>`).join('');
|
||
AGENTS=(await (await fetch('/api/agents')).json()).agents;renderAgents();
|
||
}
|
||
function selectedModels(){return $$('#mpanel input:checked').map(i=>i.value);}
|
||
function logLine(t){const T=$('#term');if(T.querySelector('.empty'))T.innerHTML='';const d=document.createElement('div');
|
||
d.className=t.startsWith('===')?'h':t.includes('CONFIRMED')||t.includes('validated finding')||t.includes('updated')||t.startsWith('artifacts')?'ok':
|
||
t.includes('failed')||t.startsWith('ERROR')?'e':t.startsWith('recon')||t.startsWith('exploit')||t.startsWith('analyze')||t.startsWith('intelligently')||t.startsWith('agent selection')?'v':
|
||
t.startsWith('selected')||t.includes('candidate')?'s':'';
|
||
d.textContent='› '+t;T.appendChild(d);T.scrollTop=T.scrollHeight;}
|
||
let seen=0;
|
||
async function run(){
|
||
let body={models:selectedModels(),vote_n:+$('#voten').value,max_agents:+$('#maxa').value,
|
||
offline:$('#offline').checked,subscription:$('#subscription').checked,mcp:$('#mcp').checked,mode};
|
||
if(mode==='whitebox'){const r=$('#repo').value.trim();if(!r){$('#repo').focus();$('#repo').style.borderColor='var(--crit)';return;}body.repo=r;}
|
||
else{const t=$('#targets').value.split('\n').map(s=>s.trim()).filter(Boolean);if(!t.length){$('#targets').focus();$('#targets').style.borderColor='var(--crit)';return;}body.targets=t;}
|
||
$('#go').disabled=true;$('#prog').classList.add('on');$('#term').innerHTML='';seen=0;
|
||
logLine((mode==='whitebox'?'White-box repo: '+body.repo:'Black-box targets: '+body.targets.length)+' · panel: '+(body.models.join(', ')||'default'));
|
||
const r=await (await fetch('/api/run',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify(body)})).json();
|
||
if(r.error){logLine('ERROR: '+r.error);$('#go').disabled=false;$('#prog').classList.remove('on');return;}
|
||
poll(r.run_id);
|
||
}
|
||
async function poll(id){
|
||
const st=await (await fetch('/api/status/'+id)).json();
|
||
(st.log||[]).slice(seen).forEach(logLine);seen=(st.log||[]).length;
|
||
if(!st.done){setTimeout(()=>poll(id),600);return;}
|
||
$('#go').disabled=false;$('#prog').classList.remove('on');lastRun=id;render(st.result||{});
|
||
logLine('done.');
|
||
}
|
||
function render(res){
|
||
const f=res.findings||[],by={Critical:0,High:0,Medium:0,Low:0,Info:0};f.forEach(x=>by[x.severity]=(by[x.severity]||0)+1);
|
||
$('#sevbar').innerHTML=Object.entries(by).map(([k,v])=>`<div class="scount ${k}"><span class="n">${v}</span><span class="l">${k}</span></div>`).join('');
|
||
$('#findings').innerHTML=f.length?f.map(x=>`<div class="find ${x.severity}"><h4><span class="sev ${x.severity}">${x.severity}</span> ${esc(x.title||'')}</h4>
|
||
<div class="m mono">${esc(x.agent||'')} · ${esc(x.cwe||'')} · votes ${esc(x.votes||'-')} · conf ${(x.confidence||0).toFixed(2)} · ${esc(x.endpoint||'')}</div>
|
||
${x.payload?`<pre>${esc(x.payload)}</pre>`:''}${x.evidence?`<div class="m">Evidence: ${esc(x.evidence)}</div>`:''}
|
||
${x.remediation?`<div class="m">Fix: ${esc(x.remediation)}</div>`:''}</div>`).join('')
|
||
:`<div class="empty-state">✓ Run complete — ${(res.agents_ran||[]).length} agents ran, 0 validated findings.<br><span class="dim">${$('#offline').checked?'Offline mode performs no exploitation — enable a model (API key or subscription) to find issues.':''}</span></div>`;
|
||
$('#reportcard').innerHTML=`<a class="dl" href="/report/${lastRun}" target="_blank">⬇ Open HTML report</a><iframe src="/report/${lastRun}"></iframe>`;
|
||
}
|
||
function esc(s){return (s+'').replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>');}
|
||
$$('.fbtn').forEach(b=>b.onclick=()=>{$$('.fbtn').forEach(x=>x.classList.remove('on'));b.classList.add('on');filter=b.dataset.k;renderAgents();});
|
||
function renderAgents(){const q=$('#asearch').value.toLowerCase();
|
||
const rows=AGENTS.filter(a=>(filter==='all'||a.kind===filter)&&(!q||(a.name+a.title+a.cwe).toLowerCase().includes(q)));
|
||
$('#alist').innerHTML=rows.slice(0,500).map(a=>`<div class="arow"><span class="tag ${a.kind}">${a.kind}</span> <code>${a.name}</code>
|
||
<span class="t">${esc((a.title||'').replace(' Agent',''))} ${a.cwe?'· '+a.cwe:''}</span></div>`).join('')||'<div class="arow muted">no match</div>';}
|
||
$('#asearch').oninput=renderAgents;
|
||
$('#go').onclick=run;
|
||
$('#targets').oninput=()=>$('#targets').style.borderColor='';$('#repo').oninput=()=>$('#repo').style.borderColor='';
|
||
init();
|
||
</script>
|
||
</body>
|
||
</html>
|