mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-06-30 16:55:34 +02:00
CyberSecurityUP
7b1be0b424
- New GREYBOX mode: review a repo's source AND exploit the running app in one pipeline — code-review findings become LEADS injected into live exploitation. CLI: `neurosploit greybox <repo> --url <app> [--creds creds.yaml] [--focus ...]` REPL: set both /repo and /target → greybox auto-selected. - Credentials (harness/src/creds.rs, dependency-free YAML subset): jwt / header / cookie, or an automated `login:` flow. Derives an auth header and/or a "authenticate first via curl" directive injected into prompts so agents test authenticated. --creds flag + /creds command + creds.example.yaml. - RunConfig gains `repo`; run_engagement refactored to a Mode enum (Black/White/Grey). - Verified offline: greybox loads creds, combines repo+URL, runs pipeline, writes report. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
23 lines
881 B
YAML
23 lines
881 B
YAML
# NeuroSploit — example credentials file for authenticated testing.
|
|
# Pass with: neurosploit greybox <repo> --url <app> --creds creds.yaml
|
|
# or: neurosploit run <url> --creds creds.yaml (after adding --creds support)
|
|
# or in the interactive session: /creds creds.yaml
|
|
#
|
|
# Provide ANY of the auth materials below (first match wins), and/or a `login`
|
|
# flow the agents will perform with curl before testing.
|
|
|
|
# --- direct auth material (pick one) ---
|
|
jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4ifQ.signature
|
|
# header: "X-Api-Key: 0123456789abcdef"
|
|
# cookie: "session=deadbeef; role=admin"
|
|
|
|
# --- OR an automated login flow ---
|
|
login:
|
|
url: http://localhost:8080/login
|
|
method: POST
|
|
username_field: username
|
|
password_field: password
|
|
username: admin
|
|
password: password
|
|
success: Logout # text that appears on a successful login
|