CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:45:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7dba912d3f8529632b5992e08d967c878b3ae719
NeuroSploit/agents_md/code/code_jwt_misuse.md
T
CyberSecurityUP 3ca3f269ee v3.4.x: intelligent agent selection, whitebox, recon/code agents, Gemini, artifacts, RL, XBOW GUI 
Harness intelligence:
- After recon, the model SELECTS which specialist agents match the target
  (select_agents) — runs the relevant subset, not blindly top-N
- RL reward store (rl.rs): per-agent weights persist to data/rl_state_rs.json,
  reward validated findings (severity-weighted), decay idle, bias next run
- Run artifacts persisted as JSON + MD (recon, exploitation transcript,
  findings, html report) under runs/<target>-<ts>/ for reuse by other AIs

Whitebox mode:
- run_whitebox: walks a repo, builds bounded source context, runs code agents,
  validates by adversarial vote. CLI `whitebox <path>` + web "White-box" mode

Agents: +12 recon (subdomain/tech/js/api/secrets/dns/content/param/waf/cloud/
graphql/osint) and +24 code SAST reviewers (sqli/cmdi/path/ssrf/xss/deser/
secrets/crypto/authz/idor/xxe/redirect/ssti/race/eval/csrf/random/logging/
upload/mass-assign/jwt/cors). Loader gains recon/ + code/ categories → 249 total

Models: +Google Gemini provider (API + gemini CLI subscription); installed_cli_
backends now detects gemini; chat_cli handles gemini/codex/grok + optional
Playwright MCP (.mcp.json) on the subscription path with autonomy flags

GUI: full XBOW-style redesign — sidebar (Operate/Library), topbar status, mode
segment (black-box/white-box), model panel, live console, severity cards,
agent browser with category filters, models view; responsive + aligned

Verified: cargo build --release clean; CLI agents/whitebox; LIVE subscription
run shows model selecting 23→4 agents, RL update, artifacts written; GUI +
white-box toggle in Playwright.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-23 11:39:56 -03:00

42 lines
1.4 KiB
Markdown
Raw Blame History

# Source JWT Misuse Reviewer Agent
## User Prompt
You are reviewing the source code of **{target}** for JWT verification flaws in the source code.
**Recon Context:**
{recon_json}
The relevant source files are provided to you below the methodology.
**METHODOLOGY:**
### 1. Locate sinks/sources
- `verify=False`, alg `none` accepted, secret not validated
- Algorithm not pinned; weak/hardcoded secret
### 2. Trace dataflow
- Trace user-controlled input from source to the dangerous sink
- Confirm the path is reachable and lacks sanitization/validation
### 3. Confirm exploitability
- Quote the exact vulnerable lines (file:line)
- Explain the concrete exploit and why existing controls don't stop it
### 4. Report Format
For each CONFIRMED finding:
```
FINDING:
- Title: Source JWT Misuse Reviewer at [file:line]
- Severity: High
- CWE: CWE-347
- Endpoint: [file:line]
- Vector: [what/where]
- Payload: [PoC / vulnerable code snippet]
- Evidence: [proof / exact code quoted]
- Impact: Token forgery, auth bypass
- Remediation: Pin algorithm; verify signature; strong secret/keys
```
## System Prompt
You are a white-box source reviewer for JWT verification flaws. Report ONLY issues you can prove in the PROVIDED code by quoting the exact vulnerable lines (file:line) and a reachable dataflow from untrusted input. Never report sanitized, unreachable, or hypothetical code. If the snippet is insufficient, say so rather than guess.
Reference in New Issue View Git Blame Copy Permalink