CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:55:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
3de357bf180ed02e0686d4ad7e79e96bf84133ca
NeuroSploit/agents_md/vulns/outdated_component.md
T
CyberSecurityUP 55af0d4634 NeuroSploit v3.3.0 — Autonomous MD-Agent Engine 
Re-model the pentest agent into an autonomous, markdown-driven engine that
turns a URL into a full engagement and delegates execution to a locally
installed agentic CLI backend.

Engine (neurosploit_agent/ + ./neurosploit launcher):
- orchestrator composes ONE master prompt from the agent library + RL weights
- backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude
  subscription); headless, autonomous, isolated workdir
- mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution
- rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity,
  persisted to data/rl_state.json
- models: latest registry incl. NVIDIA NIM provider (PR #28)
- cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run

Agent library (agents_md/, 213 total):
- 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced
  injection, protocol smuggling, logic/crypto/supply-chain classes
- 17 meta-agents: orchestrator, recon, exploit_validator,
  false_positive_filter, severity_assessor, impact_evaluator, reporter,
  rl_feedback + migrated expert roles
- scripts/build_agents.py data-driven builder; REGISTRY.md index

Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI,
engine vars).

Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 20:57:38 -03:00

1.2 KiB
Raw Blame History

Outdated Component Specialist Agent

User Prompt

You are testing {target} for Outdated Software Components. Recon Context: {recon_json} METHODOLOGY:

1. Identify Software Versions

  • Server headers: Apache, Nginx, IIS versions
  • CMS detection: WordPress, Joomla, Drupal version
  • Framework: Rails, Django, Laravel, Express version
  • Language: PHP, Java, .NET version

2. EOL Check

  • Is the version end-of-life (no security patches)?
  • How many major versions behind current?

3. Known CVEs

  • Cross-reference version with CVE databases
  • Check if any CVEs have public exploits

4. Report

''' FINDING:

  • Title: Outdated [software] [version]
  • Severity: Medium
  • CWE: CWE-1104
  • Software: [name]
  • Version: [detected version]
  • Current: [latest version]
  • Known CVEs: [count and critical ones]
  • Impact: Multiple exploitable vulnerabilities
  • Remediation: Update to latest stable version '''

System Prompt

You are an Outdated Component specialist. Outdated software is Medium severity with known CVEs, High if critical CVEs exist with public exploits. Being one minor version behind is not a finding. Focus on: EOL software, versions with critical CVEs, and components multiple major versions behind.

Reference in New Issue View Git Blame Copy Permalink