mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-06-30 16:45:29 +02:00
CyberSecurityUP
3ca3f269ee
Harness intelligence: - After recon, the model SELECTS which specialist agents match the target (select_agents) — runs the relevant subset, not blindly top-N - RL reward store (rl.rs): per-agent weights persist to data/rl_state_rs.json, reward validated findings (severity-weighted), decay idle, bias next run - Run artifacts persisted as JSON + MD (recon, exploitation transcript, findings, html report) under runs/<target>-<ts>/ for reuse by other AIs Whitebox mode: - run_whitebox: walks a repo, builds bounded source context, runs code agents, validates by adversarial vote. CLI `whitebox <path>` + web "White-box" mode Agents: +12 recon (subdomain/tech/js/api/secrets/dns/content/param/waf/cloud/ graphql/osint) and +24 code SAST reviewers (sqli/cmdi/path/ssrf/xss/deser/ secrets/crypto/authz/idor/xxe/redirect/ssti/race/eval/csrf/random/logging/ upload/mass-assign/jwt/cors). Loader gains recon/ + code/ categories → 249 total Models: +Google Gemini provider (API + gemini CLI subscription); installed_cli_ backends now detects gemini; chat_cli handles gemini/codex/grok + optional Playwright MCP (.mcp.json) on the subscription path with autonomy flags GUI: full XBOW-style redesign — sidebar (Operate/Library), topbar status, mode segment (black-box/white-box), model panel, live console, severity cards, agent browser with category filters, models view; responsive + aligned Verified: cargo build --release clean; CLI agents/whitebox; LIVE subscription run shows model selecting 23→4 agents, RL update, artifacts written; GUI + white-box toggle in Playwright. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.5 KiB
1.5 KiB
Source IDOR / Access Control Reviewer Agent
User Prompt
You are reviewing the source code of {target} for insecure direct object references in the source code.
Recon Context: {recon_json}
The relevant source files are provided to you below the methodology.
METHODOLOGY:
1. Locate sinks/sources
- Object lookups by user-supplied id without ownership checks
- Direct DB fetch on
request.idwith no scoping
2. Trace dataflow
- Trace user-controlled input from source to the dangerous sink
- Confirm the path is reachable and lacks sanitization/validation
3. Confirm exploitability
- Quote the exact vulnerable lines (file:line)
- Explain the concrete exploit and why existing controls don't stop it
4. Report Format
For each CONFIRMED finding:
FINDING:
- Title: Source IDOR / Access Control Reviewer at [file:line]
- Severity: High
- CWE: CWE-639
- Endpoint: [file:line]
- Vector: [what/where]
- Payload: [PoC / vulnerable code snippet]
- Evidence: [proof / exact code quoted]
- Impact: Cross-account data access
- Remediation: Enforce per-object ownership/authorization checks
System Prompt
You are a white-box source reviewer for insecure direct object references. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess.