CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 07:15:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
49dde7c637ed50268722e1f6d8ec7b9658261968
NeuroSploit/scripts/build_chain_agents.py
T
CyberSecurityUP 639c2209f7 v3.5.1: attack-chain agents (12) + per-project .neurosploit/ persistence & resume 
Chaining:
- agents_md/chains/ (12 multi-stage exploitation playbooks): SQLi→RCE→LPE,
  SSRF→AWS-creds, SSRF→RCE, upload→RCE, upload→LFI→RCE→LPE, XSS→ATO, IDOR→ATO,
  SSTI→RCE→cloud, default-creds→domain, deserialization→RCE, exposed-git→RCE,
  subdomain-takeover→trusted-abuse. Each stage proven by a tool receipt before
  advancing; reports chains_from edges.
- Loaded as a `chains` category (→ 329 agents). chain_round now injects the chain
  recipes as a menu so the LLM applies proven multi-stage paths.

Persistence (no DB — structured state):
- Per-project `<cwd>/.neurosploit/` holding session.json (config), runs.json
  (history), history.txt (readline). REPL resumes target/repo/auth/focus/models
  on reopen; saves on /run and /quit.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-24 22:30:22 -03:00

202 lines
13 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
NeuroSploit v3.5.1 — attack-chain agents.
Each agent is a multi-stage exploitation-chaining playbook: take a confirmed
entry-point weakness and escalate it through concrete stages to deeper impact
(e.g. SQLi → RCE → local privilege escalation). Writes agents_md/chains/*.md.
Credits: Joas A Santos & Red Team Leaders.
"""
import os
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
OUT = os.path.join(ROOT, "agents_md", "chains")
def render(a):
L = [f"# {a['title']} Agent\n", "## User Prompt",
f"You are executing a multi-stage ATTACK CHAIN against **{{target}}**: {a['chain']}.\n",
"**Recon Context / prior findings:**\n{recon_json}\n",
f"**GOAL:** {a['goal']}\n",
"**CHAIN — advance stage by stage; each stage's output is the next stage's input. "
"Use the ReAct loop and PROVE every stage with raw tool output before advancing:**\n"]
for i, (stage, bs) in enumerate(a["stages"], 1):
L.append(f"### Stage {i}. {stage}")
L += [f"- {b}" for b in bs]
L.append("")
n = len(a["stages"]) + 1
L += [f"### {n}. Report Format",
"Report the chain as ONE finding (plus per-stage evidence):", "```", "FINDING:",
f"- Title: {a['title']}", f"- Severity: {a['sev']}", f"- CWE: {a['cwe']}",
"- Endpoint: [entry point]", "- Vector: [the full chain, stage by stage]",
"- Payload: [the key payloads/commands per stage]",
"- Evidence: [raw output proving EACH stage actually executed]",
f"- Impact: {a['impact']}", f"- Remediation: {a['fix']}",
"- chains_from: [ids of the prerequisite findings this builds on]", "```\n",
"## System Prompt", a["system"]]
return "\n".join(L) + "\n"
def A(name, title, chain, goal, cwe, sev, impact, fix, stages):
return {"name": name, "title": title, "chain": chain, "goal": goal, "cwe": cwe,
"sev": sev, "impact": impact, "fix": fix, "stages": stages,
"system": ("You are an exploit-chaining specialist. Only advance a stage after the PREVIOUS one is "
"proven with a real tool receipt (raw output) — never assume a stage worked. If a stage "
"can't be proven, stop and report the chain up to the last proven stage; do not claim the "
"full chain. AUTHORIZED engagement; no destructive/DoS actions. Each reported stage must "
"carry its own evidence. Credits: Joas A Santos & Red Team Leaders.")}
CHAINS = [
A("chain_sqli_to_rce_to_lpe",
"SQLi → RCE → Local PrivEsc Chain",
"SQL injection → command execution → local privilege escalation",
"Turn a database-layer injection into root/SYSTEM on the host.",
"CWE-89", "Critical",
"Full host compromise originating from a web injection",
"Parameterize queries; least-privilege DB account; harden host; patch local vectors",
[("Exploit the SQL injection", ["Confirm injection (error/boolean/time); identify DBMS and privileges",
"Enumerate whether stacked queries / FILE / xp_cmdshell / INTO OUTFILE are available"]),
("Pivot SQLi → RCE", ["MSSQL: enable & use `xp_cmdshell`; MySQL: `INTO OUTFILE` a webshell to a known web path; PostgreSQL: `COPY ... PROGRAM`",
"Confirm OS command execution with `id`/`whoami` output"]),
("Establish a foothold", ["Drop/upgrade to a stable shell as the web/db service user"]),
("Local privilege escalation", ["Enumerate SUID/sudo/cron/kernel (Linux) or token/service/unquoted-path (Windows)",
"Escalate to root/SYSTEM and prove with a privileged command output"])]),
A("chain_ssrf_to_aws_compromise",
"SSRF → AWS Credential Compromise Chain",
"SSRF → cloud metadata → IAM credentials → cloud account access",
"Convert a server-side request forgery into valid AWS credentials and account access.",
"CWE-918", "Critical",
"Cloud account compromise via stolen IAM role credentials",
"Enforce IMDSv2 hop-limit=1; egress allowlists; SSRF input validation; scoped IAM roles",
[("Confirm the SSRF primitive", ["Find a server-side fetch you control (url/webhook/import/pdf/image param)",
"Prove it reaches an attacker-controlled / internal host"]),
("Reach the metadata service", ["IMDSv2: PUT `/latest/api/token` then GET with the token header; else IMDSv1 GET",
"Retrieve `/latest/meta-data/iam/security-credentials/<role>`"]),
("Harvest IAM credentials", ["Capture AccessKeyId/SecretAccessKey/Token from the metadata response"]),
("Use the credentials (in scope)", ["`aws sts get-caller-identity` to confirm; enumerate permitted actions read-only",
"Prove access to at least one resource the role can reach"])]),
A("chain_ssrf_to_rce",
"SSRF → RCE Chain",
"SSRF → internal service abuse → remote code execution",
"Escalate an SSRF into code execution via a reachable internal service.",
"CWE-918", "Critical",
"Remote code execution pivoted through an internal service",
"Egress controls; authenticate internal services; SSRF allowlists",
[("Confirm SSRF + map internals", ["Prove the SSRF; port-scan internal hosts through it (gopher/http)",
"Identify exploitable internal services (Redis, unauth admin, CI, internal API)"]),
("Weaponize the internal service", ["e.g. Redis → write SSH key/cron/module; internal Jenkins/Actuator → job/exec; gopher:// to craft raw protocol payloads"]),
("Achieve RCE", ["Trigger command execution on the internal/back-end host"]),
("Confirm", ["Prove execution with an OOB callback or command output tied to a unique marker"])]),
A("chain_upload_to_rce",
"File Upload → RCE Chain",
"insecure file upload → webshell → remote code execution",
"Turn an unrestricted/insecure upload into code execution.",
"CWE-434", "Critical",
"Remote code execution via uploaded executable content",
"Validate type by content; randomize names; store outside webroot; non-exec storage",
[("Probe the upload", ["Map accepted types/extensions, storage path, and how files are served",
"Test bypasses: double extension, content-type spoof, magic-byte prefix, null byte, .htaccess/.phar"]),
("Upload a payload", ["Place a minimal webshell/handler in a web-served, executable location"]),
("Locate & trigger", ["Find the served URL of the upload; request it to execute"]),
("Confirm RCE", ["Run `id`/`whoami`; capture output proving execution"])]),
A("chain_upload_lfi_rce_lpe",
"Upload → LFI → RCE → LPE Chain",
"file upload + local file inclusion → log/session poisoning → RCE → privilege escalation",
"Chain a benign upload and an LFI into code execution and then root.",
"CWE-98", "Critical",
"Host compromise from a non-executable upload chained through LFI",
"Fix LFI (allowlist includes); validate uploads; harden host",
[("Confirm the LFI", ["Prove local file inclusion (read /etc/passwd or app config); identify wrappers (php://, data://, zip://)"]),
("Plant controllable content via upload", ["Upload a file whose path/content you can later include (image with PHP, zip for zip:// , or use the LFI to read your uploaded file)"]),
("LFI → RCE", ["Include the planted file, or poison logs/session/`/proc/self/environ` then include it to execute code"]),
("Confirm RCE then escalate", ["Prove command execution; then enumerate and perform local privilege escalation to root/SYSTEM"])]),
A("chain_xss_to_account_takeover",
"XSS → Session/Account Takeover Chain",
"stored/reflected XSS → session or token theft → account takeover",
"Escalate XSS into full takeover of a victim (incl. admin) account.",
"CWE-79", "High",
"Account takeover (incl. privileged) via client-side execution",
"Output encoding + CSP; HttpOnly/SameSite cookies; rotate tokens",
[("Prove execution", ["Confirm the payload executes in the victim's browser context (Playwright: alert/DOM), not just reflects"]),
("Steal the session", ["Exfiltrate the session cookie/JWT/CSRF token to a collaborator, or perform actions in-context if HttpOnly"]),
("Take over the account", ["Replay the stolen session, or change email/password/MFA via in-context requests"]),
("Confirm + escalate", ["Prove control of the victim account; target an admin for privilege escalation"])]),
A("chain_idor_to_takeover",
"IDOR → Mass Account Takeover Chain",
"IDOR → cross-account data → credential/role manipulation → takeover",
"Chain object-level authz failure into taking over arbitrary accounts.",
"CWE-639", "High",
"Mass account takeover via broken object-level authorization",
"Enforce per-object ownership on every endpoint; indirect references",
[("Confirm the IDOR", ["Access another user's object with your session, proven by their data"]),
("Find a state-changing IDOR", ["Locate IDOR on email/password/role/API-key endpoints"]),
("Manipulate the victim account", ["Change a victim's email or reset token / elevate role via the IDOR"]),
("Confirm takeover", ["Log in as / act as the victim; demonstrate control"])]),
A("chain_ssti_to_rce_to_cloud",
"SSTI → RCE → Cloud Pivot Chain",
"template injection → RCE → host creds → cloud/lateral movement",
"Go from template injection to code execution to cloud or lateral access.",
"CWE-1336", "Critical",
"Cloud/lateral compromise originating from template injection",
"Never render user input as templates; sandbox; scope host IAM/creds",
[("Confirm SSTI → RCE", ["Fingerprint the engine (`{{7*7}}` etc.); use the gadget to execute a command; prove with output"]),
("Loot the host", ["Read env/config/instance metadata for cloud creds, DB creds, tokens"]),
("Pivot", ["Use recovered creds against cloud APIs or adjacent internal hosts"]),
("Confirm impact", ["Prove access to a cloud resource or a second host with evidence"])]),
A("chain_default_creds_to_domain",
"Default Creds → Foothold → Domain Compromise Chain",
"default/weak creds → host foothold → AD escalation → domain dominance",
"Chain an exposed credential into Active Directory domain compromise.",
"CWE-798", "Critical",
"Domain compromise from a single weak/default credential",
"Rotate defaults; unique strong passwords; tiered admin; monitor",
[("Get the foothold", ["Authenticate with the default/weak/reused credential (SSH/WinRM/SMB/web)"]),
("Enumerate AD", ["From the foothold, run BloodHound/netexec; map attack paths, roastable accounts, ACLs"]),
("Escalate in AD", ["Kerberoast/AS-REP-roast, abuse an ACL edge, or relay — recover higher-priv creds"]),
("Reach domain dominance", ["Demonstrate DCSync or DA-equivalent access (single test account) proving the path"])]),
A("chain_deserialization_to_rce",
"Insecure Deserialization → RCE Chain",
"untrusted deserialization → gadget chain → remote code execution",
"Turn a deserialization sink into reliable code execution.",
"CWE-502", "Critical",
"Remote code execution via unsafe object deserialization",
"Never deserialize untrusted data; allowlist types; safe formats",
[("Locate the sink", ["Identify where attacker data is deserialized (cookie/param/file/RPC); fingerprint the format/library"]),
("Build the gadget", ["Select a working gadget chain (ysoserial/ysoserial.net/PyYAML/pickle) for the target stack"]),
("Execute", ["Deliver the payload to the sink"]),
("Confirm", ["Prove execution via OOB callback or command output with a unique marker"])]),
A("chain_exposed_git_to_rce",
"Exposed .git/.env → Secret → RCE Chain",
"exposed source/secrets → recovered credentials → authenticated RCE",
"Chain leaked source/secrets into authenticated code execution.",
"CWE-527", "High",
"Code execution using credentials recovered from exposed source/secrets",
"Block dotfiles from web; rotate leaked secrets; vault storage",
[("Recover the source/secrets", ["Dump exposed `.git` (git-dumper) or read `.env`/config; extract keys/creds/tokens"]),
("Validate the secrets", ["Confirm a recovered credential/key is live (admin panel, cloud, DB, CI)"]),
("Gain execution", ["Use the access to deploy code / run a CI job / write a webshell / exec via admin feature"]),
("Confirm RCE", ["Prove command execution with output"])]),
A("chain_subdomain_takeover_to_phishing",
"Subdomain Takeover → Trusted Phishing/Cookie Chain",
"dangling DNS → subdomain takeover → trusted-origin abuse",
"Chain a dangling record into hosting attacker content on a trusted subdomain.",
"CWE-350", "High",
"Trusted-origin abuse (cookie theft / phishing / OAuth) via a taken-over subdomain",
"Remove dangling DNS; monitor; scope cookies/CSP per-host",
[("Find the dangling record", ["Identify a CNAME/A pointing to an unclaimed provider resource"]),
("Claim it", ["Register the resource so the subdomain serves your content (benign PoC)"]),
("Abuse the trust", ["Show impact: wildcard-cookie capture, OAuth redirect trust, or CSP allowlist bypass"]),
("Confirm", ["Demonstrate the concrete trusted-origin abuse with evidence"])]),
]
def main():
os.makedirs(OUT, exist_ok=True)
for a in CHAINS:
open(os.path.join(OUT, a["name"] + ".md"), "w").write(render(a))
print(f"wrote {len(CHAINS)} chain agents to {OUT}")
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink