mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-08 20:37:52 +02:00
e4efa9bbb0
Distilled from reviewing real AI-pentest output that kept stopping at "exposed" instead of "exploited". Pure-additive, back-compatible. Behavior (injected into black/grey/chain exploit prompts via DEPTH_DOCTRINE): - Exposed → exploited: any info-disclosure / exposed service/WSDL / leaked credential|token / reachable dev host MUST be used before it's a finding; otherwise it's a lead, not a confirmed High/Critical. - Chain across modules: reuse obtained session/JWT/cookie/credential and pivot to IDOR/privesc/exfil; report the chain, not isolated parts. - Decode & fingerprint → CVE; audit tokens (alg-confusion/none/kid/JWKS, weak HS256 secret cracking, lifecycle). Deterministic post-pass (new crates/harness/src/hygiene.rs, wired into finish()): - calibrate severity to PROVEN impact — unproven High/Critical (hedged, no payload, thin evidence) capped to Medium and re-titled "(potential)"; - depth_audit — flag exposures on a host with no real exploit; - hygiene_summary — advise consolidating hygiene classes repeated across assets. Unit tests cover calibration + depth audit. 5 new doctrine meta-agents (scripts/build_methodology_v352.py → agents_md/meta/): exploit_depth_doctrine, finding_chainer, artifact_decoder, token_auditor, report_calibrator (meta 17→22, total 343→348). Version bumped 3.5.1 → 3.5.2 across crates/app/installers/docs; RELEASE/README updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
32 lines
1005 B
Rust
32 lines
1005 B
Rust
//! NeuroSploit v3.5.2 harness — a robust multi-model runtime for the
|
|
//! markdown-driven autonomous pentest engine.
|
|
//!
|
|
//! The harness loads the `agents_md/` library, drives a *pool* of LLM models
|
|
//! (any OpenAI-compatible provider) with concurrency + provider failover, runs
|
|
//! the specialist agents in parallel, then validates every candidate finding by
|
|
//! **N-model voting** before scoring and reporting.
|
|
|
|
pub mod agents;
|
|
pub mod attack_graph;
|
|
pub mod belief;
|
|
pub mod creds;
|
|
pub mod grounding;
|
|
pub mod hygiene;
|
|
pub mod pomdp;
|
|
pub mod models;
|
|
pub mod pipeline;
|
|
pub mod pool;
|
|
pub mod report;
|
|
pub mod rl;
|
|
pub mod types;
|
|
|
|
pub use agents::{Agent, Library};
|
|
pub use models::{
|
|
cli_binary_for, ensure_playwright_mcp, installed_cli_backends, mcp_supported, provider_for,
|
|
providers, write_mcp_config, ChatClient, ModelRef, Provider,
|
|
};
|
|
pub use pipeline::{run_greybox, run_host, run_whitebox, RunOutput};
|
|
pub use pipeline::run;
|
|
pub use pool::{ModelPool, Task};
|
|
pub use types::{Finding, RunConfig};
|