Files
NeuroSploit/neurosploit-rs/app
CyberSecurityUP 0b616b407d identification/attribution + multi-role access-control auth (v3.5.5)
Attribution (anti-plagiarism), multiple layers:
- Identifying User-Agent on every request (default NeuroSploit/<ver> + an
  X-NeuroSploit-Scan header), overridable via /ua or NEUROSPLOIT_UA env; shown
  in the run banner. RunConfig.user_agent + Session.user_agent wired through.
- Every finding is stamped "Identified and validated by NeuroSploit …" (in
  finish() and the raw-report path) so provenance travels in the finding text,
  findings.json and the report.

Multi-role authentication for access-control testing (IDOR/BOLA/BFLA/privesc):
- creds.yaml gains named identity blocks (admin:/user:/victim:/…), each with
  jwt | header | cookie | apikey | login+username+password. With >=2 roles the
  harness injects a cross-role access-control directive (authorized-vs-unauthorized
  proof) and defaults the primary auth to the first role.

Also: /help now lists one command per line (fixes smushed OPTIONS/RUN columns);
/ua command + Session field; docs (README + RELEASE) updated.
2026-07-01 23:59:02 -03:00
..