Files
NeuroSploit/neurosploit-rs
CyberSecurityUP d931ce09a6 browser-driven testing doctrine + 8 SPA/API agents (Juice Shop-ready)
- tool_doctrine: agents now actively DRIVE the browser on JS/SPA targets — use
  the Playwright MCP (render, read live DOM, click client-side routes, watch the
  network to find the real API, screenshot proof); when no MCP, use the Playwright
  CLI (write+run a small script / npx playwright screenshot) to render and capture
  XHR/fetch traffic — complementing curl (which only sees the empty shell).
- probe: detect SPAs (<app-root>, ng-version, near-empty body + linked scripts →
  Angular/React/Vue/SPA) and note in recon that the browser is required, so the
  SPA agents get selected.
- +8 SPA/API agents (library 383): spa_api_discovery, spa_hidden_admin,
  login_sqli_bypass, dom_xss_spa, api_bola_numeric_ids,
  register_privilege_mass_assign, jwt_forgery_spa, spa_business_logic.
- Docs: README/RELEASE/TUTORIAL counts + notes.
2026-07-05 16:25:34 -03:00
..