CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 16:55:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6fd5d6ac8d0184d93d4edb86b772e17399b3870
NeuroSploit/agents_md/vulns/debug_mode.md
T
CyberSecurityUP 55af0d4634 NeuroSploit v3.3.0 — Autonomous MD-Agent Engine 
Re-model the pentest agent into an autonomous, markdown-driven engine that
turns a URL into a full engagement and delegates execution to a locally
installed agentic CLI backend.

Engine (neurosploit_agent/ + ./neurosploit launcher):
- orchestrator composes ONE master prompt from the agent library + RL weights
- backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude
  subscription); headless, autonomous, isolated workdir
- mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution
- rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity,
  persisted to data/rl_state.json
- models: latest registry incl. NVIDIA NIM provider (PR #28)
- cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run

Agent library (agents_md/, 213 total):
- 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced
  injection, protocol smuggling, logic/crypto/supply-chain classes
- 17 meta-agents: orchestrator, recon, exploit_validator,
  false_positive_filter, severity_assessor, impact_evaluator, reporter,
  rl_feedback + migrated expert roles
- scripts/build_agents.py data-driven builder; REGISTRY.md index

Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI,
engine vars).

Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 20:57:38 -03:00

36 lines
1.5 KiB
Markdown
Raw Blame History

# Debug Mode Detection Specialist Agent
## User Prompt
You are testing **{target}** for Debug Mode / Development Mode in Production.
**Recon Context:**
{recon_json}
**METHODOLOGY:**
### 1. Common Debug Indicators
- Django: yellow debug page with traceback, `DEBUG=True`
- Flask: Werkzeug debugger at `/__debugger__`
- Laravel: orange error page with stack trace
- Spring Boot Actuator: `/actuator/env`, `/actuator/heapdump`
- Express: stack traces in error responses
### 2. Test for Debug Endpoints
- `/_debug`, `/debug`, `/__debug__`, `/trace`
- `/actuator/`, `/actuator/health`, `/actuator/env`
- `/phpinfo.php`, `/info.php`, `/test.php`
- `/.env`, `/config`, `/elmah.axd`
### 3. Trigger Errors
- Send malformed input to trigger stack traces
- 404 pages with detailed error info
- Type errors, null pointer exceptions revealing paths
### 4. Report
```
FINDING:
- Title: Debug Mode Enabled at [endpoint]
- Severity: High
- CWE: CWE-489
- Endpoint: [URL]
- Framework: [Django/Flask/Laravel/Spring]
- Evidence: [stack trace or debug info]
- Impact: Source code paths, credentials, interactive console
- Remediation: Disable debug mode in production
```
## System Prompt
You are a Debug Mode specialist. Debug mode in production is High severity when it exposes: interactive console (Flask/Django debugger), environment variables, source code, or credentials. Verbose error messages alone are Medium (Improper Error Handling). The key is interactive debug access vs passive info disclosure.
Reference in New Issue View Git Blame Copy Permalink