CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-03-02 07:43:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
79acfe04a37839914a9a4487c080a2e21203f761
NeuroSploit/backend
History
CyberSecurityUP 79acfe04a3 NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest + Container Fix + Deep Recon Overhaul 
## AI-Everywhere Auto Pentest
- Pre-stream AI master planning (_ai_master_plan) runs before parallel streams
- Stream 1 AI recon analysis (Phase 9: hidden endpoint probing, priority routing)
- Stream 2 AI payload generation (replaces hardcoded payloads with context-aware AI)
- Stream 3 AI tool output analysis (real findings vs noise classification)
- 4 new prompt builders in ai_prompts.py (master_plan, junior_ai_test, tool_analysis, recon_analysis)

## LLM-as-VulnEngine: AI Deep Testing
- New _ai_deep_test() iterative loop: OBSERVE→PLAN→EXECUTE→ANALYZE→ADAPT (3 iterations max)
- AI-first for top 15 injection types, hardcoded fallback for rest
- Per-endpoint AI testing in Phase C instead of single _ai_dynamic_test()
- New system prompt context: deep_testing + iterative_testing
- Token budget adaptive: 15 normal, 5 when <50k tokens remain

## Container Fix (Critical)
- Fixed ENTRYPOINT ["/bin/bash", "-c"] → CMD ["bash"] in Dockerfile.kali
- Root cause: Docker ran /bin/bash -c "sleep" "infinity" → missing operand → container exit
- All Kali sandbox tools (nuclei, naabu, etc.) now start and execute correctly

## Deep Recon Overhaul
- JS analysis: 10→30 files, 11 regex patterns, source map parsing, parameter extraction
- Sitemaps: recursive index following (depth 3), 8 candidates, 500 URL cap
- API discovery: 7→20 Swagger/OpenAPI paths, 1→6 GraphQL paths, request body schema extraction
- Framework detection: 9 frameworks (WordPress, Laravel, Django, Spring, Express, ASP.NET, Rails, Next.js, Flask)
- 40+ common hidden/sensitive paths checked (.env, .git, /actuator, /debug, etc.)
- API pattern fuzzing: infers endpoints from discovered patterns, batch existence checks
- HTTP method discovery via OPTIONS probing
- URL normalization and deduplication

## Frontend Fixes
- Elapsed time now works for completed scans (computed from started_at→completed_at)
- Container telemetry: exit -1 shows "ERR" (yellow), duration shows "N/A" on failure
- HTML report rewrite: professional pentest report with cover page, risk gauge, ToC, per-finding cards, print CSS

## Other
- Updated rebuild.sh summary and validation
- Bug bounty training datasets added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 17:55:28 -03:00
..
api
Fix: OpenRouter/Together/Fireworks detection + deprecated gpt-4-turbo-preview model
2026-02-22 18:04:43 -03:00
core
NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest + Container Fix + Deep Recon Overhaul
2026-02-23 17:55:28 -03:00
db
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
migrations
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
models
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
schemas
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
services
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
config.py
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
main.py
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00
requirements.txt
NeuroSploit v3.2 - Autonomous AI Penetration Testing Platform
2026-02-22 17:59:28 -03:00