mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-06-30 16:05:31 +02:00
CyberSecurityUP
a5badefc29
Engine:
- Fix: inject IS_SANDBOX=1 so Claude Code's --dangerously-skip-permissions
works under root (real backend runs were exiting rc=1 immediately)
- models: expand to 40 models / 13 providers, tagged CLI vs API
(NVIDIA NIM, DeepSeek, Mistral, Qwen/DashScope, Groq, Together, OpenRouter,
Ollama, Gemini) — Qwen/DeepSeek/Llama usable via API
- backends: on_start callback surfaces the exact argv ("what runs behind it")
- orchestrator: require a Playwright screenshot per confirmed finding; collect
results/activity.json; auto-generate reports after a run
- report.py: HTML always + PDF via Typst engine (.typ source emitted too)
Web dashboard (webgui/, stdlib only — no npm/build):
- Sidebar dashboard (PentAGI-style): Run / Agents / Insights / Reports / Settings
- Multi-target runs; live execution console + per-task activity; finding cards
with screenshots; backend+provider+model pickers (CLI & API)
- Agents tab: browse 213 + add new .md agents from the UI
- Insights: interactive RL-weight + severity charts
- Reports: download/preview PDF + HTML
- Settings/API: execution mode, per-provider API keys, orchestrator, verbosity
- Endpoints: /api/agents (GET/POST), /api/rl, /api/config, /api/reports,
/reports/* + /shots/* static serving
Cleanup: retire replaced web stack (frontend React, FastAPI backend, core
orchestration, old test) to legacy/. Active engine + GUI are fully standalone.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
143 lines
4.1 KiB
Python
Executable File
143 lines
4.1 KiB
Python
Executable File
"""
|
|
NeuroSploit v3 - Targets API Endpoints
|
|
"""
|
|
from typing import List
|
|
from fastapi import APIRouter, Depends, HTTPException, UploadFile, File
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
from urllib.parse import urlparse
|
|
import re
|
|
|
|
from backend.db.database import get_db
|
|
from backend.schemas.target import TargetCreate, TargetBulkCreate, TargetValidation, TargetResponse
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
def validate_url(url: str) -> TargetValidation:
|
|
"""Validate and parse a URL"""
|
|
url = url.strip()
|
|
|
|
if not url:
|
|
return TargetValidation(url=url, valid=False, error="URL is empty")
|
|
|
|
# URL pattern
|
|
url_pattern = re.compile(
|
|
r'^https?://'
|
|
r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|'
|
|
r'localhost|'
|
|
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
|
|
r'(?::\d+)?'
|
|
r'(?:/?|[/?]\S+)$', re.IGNORECASE)
|
|
|
|
# Try with the URL as-is
|
|
if url_pattern.match(url):
|
|
normalized = url
|
|
elif url_pattern.match(f"https://{url}"):
|
|
normalized = f"https://{url}"
|
|
else:
|
|
return TargetValidation(url=url, valid=False, error="Invalid URL format")
|
|
|
|
# Parse URL
|
|
parsed = urlparse(normalized)
|
|
|
|
return TargetValidation(
|
|
url=url,
|
|
valid=True,
|
|
normalized_url=normalized,
|
|
hostname=parsed.hostname,
|
|
port=parsed.port or (443 if parsed.scheme == "https" else 80),
|
|
protocol=parsed.scheme
|
|
)
|
|
|
|
|
|
@router.post("/validate", response_model=TargetValidation)
|
|
async def validate_target(target: TargetCreate):
|
|
"""Validate a single target URL"""
|
|
return validate_url(target.url)
|
|
|
|
|
|
@router.post("/validate/bulk", response_model=List[TargetValidation])
|
|
async def validate_targets_bulk(targets: TargetBulkCreate):
|
|
"""Validate multiple target URLs"""
|
|
results = []
|
|
for url in targets.urls:
|
|
results.append(validate_url(url))
|
|
return results
|
|
|
|
|
|
@router.post("/upload", response_model=List[TargetValidation])
|
|
async def upload_targets(file: UploadFile = File(...)):
|
|
"""Upload a file with URLs (one per line)"""
|
|
if not file.filename:
|
|
raise HTTPException(status_code=400, detail="No file provided")
|
|
|
|
# Check file extension
|
|
allowed_extensions = {".txt", ".csv", ".lst"}
|
|
ext = "." + file.filename.split(".")[-1].lower() if "." in file.filename else ""
|
|
if ext not in allowed_extensions:
|
|
raise HTTPException(
|
|
status_code=400,
|
|
detail=f"Invalid file type. Allowed: {', '.join(allowed_extensions)}"
|
|
)
|
|
|
|
# Read file content
|
|
content = await file.read()
|
|
try:
|
|
text = content.decode("utf-8")
|
|
except UnicodeDecodeError:
|
|
try:
|
|
text = content.decode("latin-1")
|
|
except Exception:
|
|
raise HTTPException(status_code=400, detail="Unable to decode file")
|
|
|
|
# Parse URLs (one per line, or comma-separated)
|
|
urls = []
|
|
for line in text.split("\n"):
|
|
line = line.strip()
|
|
if not line or line.startswith("#"):
|
|
continue
|
|
# Handle comma-separated URLs
|
|
if "," in line and "://" in line:
|
|
for url in line.split(","):
|
|
url = url.strip()
|
|
if url:
|
|
urls.append(url)
|
|
else:
|
|
urls.append(line)
|
|
|
|
if not urls:
|
|
raise HTTPException(status_code=400, detail="No URLs found in file")
|
|
|
|
# Validate all URLs
|
|
results = []
|
|
for url in urls:
|
|
results.append(validate_url(url))
|
|
|
|
return results
|
|
|
|
|
|
@router.post("/parse-input", response_model=List[TargetValidation])
|
|
async def parse_target_input(input_text: str):
|
|
"""Parse target input (comma-separated or newline-separated)"""
|
|
urls = []
|
|
|
|
# Split by newlines first
|
|
for line in input_text.split("\n"):
|
|
line = line.strip()
|
|
if not line:
|
|
continue
|
|
# Then split by commas
|
|
for url in line.split(","):
|
|
url = url.strip()
|
|
if url:
|
|
urls.append(url)
|
|
|
|
if not urls:
|
|
raise HTTPException(status_code=400, detail="No URLs provided")
|
|
|
|
results = []
|
|
for url in urls:
|
|
results.append(validate_url(url))
|
|
|
|
return results
|