Files
NeuroSploit/neurosploit-rs
CyberSecurityUP 3ca04498a9 harness: deterministic HTTP probe grounds recon & decisions (more robust)
New harness::probe runs a real request/response analysis of the target BEFORE
the model recon and injects the observed facts into recon, so agent-selection
and exploitation decisions are grounded in evidence (robust even when model
recon is weak):
- status & redirect, Server/X-Powered-By/content-type, 6 security headers,
  cookie flags (HttpOnly/Secure/SameSite), CORS reflection test (arbitrary
  Origin + credentials), tech fingerprint, linked scripts, form count, a 404
  baseline for soft-404 differentials, and high-signal paths (/robots.txt,
  /.git/config, /.env, /sitemap.xml, /.well-known/security.txt).
- Best-effort (never fatal — degrades to a note on network failure), honors the
  identifying User-Agent and the Burp/ZAP proxy. Wired into black-box run() and
  greybox recon. A one-line probe summary streams to the live feed.
2026-07-02 13:48:04 -03:00
..