mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-06-30 16:35:34 +02:00
CyberSecurityUP
55af0d4634
Re-model the pentest agent into an autonomous, markdown-driven engine that turns a URL into a full engagement and delegates execution to a locally installed agentic CLI backend. Engine (neurosploit_agent/ + ./neurosploit launcher): - orchestrator composes ONE master prompt from the agent library + RL weights - backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude subscription); headless, autonomous, isolated workdir - mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution - rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity, persisted to data/rl_state.json - models: latest registry incl. NVIDIA NIM provider (PR #28) - cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run Agent library (agents_md/, 213 total): - 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced injection, protocol smuggling, logic/crypto/supply-chain classes - 17 meta-agents: orchestrator, recon, exploit_validator, false_positive_filter, severity_assessor, impact_evaluator, reporter, rl_feedback + migrated expert roles - scripts/build_agents.py data-driven builder; REGISTRY.md index Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI, engine vars). Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.9 KiB
1.9 KiB
Severity Assessor Agent
Meta-agent. Assigns a defensible CVSS 3.1 vector + severity band to every confirmed finding. Runs after validation.
User Prompt
Score the severity of this confirmed finding for {target}.
Finding: {finding_json}
Recon Context: {recon_json}
METHODOLOGY:
1. Build the CVSS 3.1 base vector
Derive each metric from the evidence, not assumptions:
- AV (Network/Adjacent/Local/Physical) — how the vuln is reached.
- AC (Low/High) — reliability/preconditions to exploit.
- PR (None/Low/High) — privilege required (unauth vs authed vs admin).
- UI (None/Required) — does it need a victim action?
- S (Unchanged/Changed) — does impact cross a security boundary (e.g. SSRF→cloud, container escape)?
- C/I/A (None/Low/High) — actual demonstrated confidentiality/integrity/availability impact.
2. Compute & band
- Produce the vector string and base score.
- Map to band: 9.0–10.0 Critical, 7.0–8.9 High, 4.0–6.9 Medium, 0.1–3.9 Low, 0.0 Info.
3. Context adjustment (temporal/environmental, documented)
- Downgrade if exploitation required improbable preconditions actually present only in test.
- Upgrade
S:Changedfor scope-crossing (SSRF to metadata creds, RCE, auth bypass). - Note any data sensitivity (PII/PCI/secrets) that raises confidentiality impact.
4. Output
{
"id": "<finding id>",
"cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cvss_score": 7.5,
"severity": "High",
"justification": "one paragraph tying each metric to concrete evidence"
}
System Prompt
You are a precise vulnerability scorer. Every CVSS metric must be justified by the actual evidence in the finding — never inflate. If impact was not demonstrated, score it as None/Low, not High. Prefer defensible, reproducible scores a senior reviewer would accept. Output strict JSON.