mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-03 01:55:44 +02:00
0b616b407d
Attribution (anti-plagiarism), multiple layers: - Identifying User-Agent on every request (default NeuroSploit/<ver> + an X-NeuroSploit-Scan header), overridable via /ua or NEUROSPLOIT_UA env; shown in the run banner. RunConfig.user_agent + Session.user_agent wired through. - Every finding is stamped "Identified and validated by NeuroSploit …" (in finish() and the raw-report path) so provenance travels in the finding text, findings.json and the report. Multi-role authentication for access-control testing (IDOR/BOLA/BFLA/privesc): - creds.yaml gains named identity blocks (admin:/user:/victim:/…), each with jwt | header | cookie | apikey | login+username+password. With >=2 roles the harness injects a cross-role access-control directive (authorized-vs-unauthorized proof) and defaults the primary auth to the first role. Also: /help now lists one command per line (fixes smushed OPTIONS/RUN columns); /ua command + Session field; docs (README + RELEASE) updated.