CyberSecurityUP
55af0d4634
Re-model the pentest agent into an autonomous, markdown-driven engine that turns a URL into a full engagement and delegates execution to a locally installed agentic CLI backend. Engine (neurosploit_agent/ + ./neurosploit launcher): - orchestrator composes ONE master prompt from the agent library + RL weights - backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude subscription); headless, autonomous, isolated workdir - mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution - rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity, persisted to data/rl_state.json - models: latest registry incl. NVIDIA NIM provider (PR #28) - cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run Agent library (agents_md/, 213 total): - 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced injection, protocol smuggling, logic/crypto/supply-chain classes - 17 meta-agents: orchestrator, recon, exploit_validator, false_positive_filter, severity_assessor, impact_evaluator, reporter, rl_feedback + migrated expert roles - scripts/build_agents.py data-driven builder; REGISTRY.md index Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI, engine vars). Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.7 KiB
Reporter Agent
Meta-agent. Produces the final deliverables: machine-readable
results/findings.jsonand a humanreports/report.md. Runs last (before RL feedback).
User Prompt
Compile the final penetration-test report for {target}.
Validated, scored findings: {findings_json}
Run metadata: {run_meta}
METHODOLOGY:
1. Include only validated findings
- Drop anything not
validated: trueand not surviving the false-positive filter. - De-duplicate findings that share root cause + endpoint; merge evidence.
2. Order and group
- Sort by severity (Critical→Info), then by priority. Group by category.
- Surface exploit chains explicitly as their own combined findings.
3. Write reports/report.md
Sections: Executive Summary (counts by severity, top risks, one-paragraph narrative) → Scope & Methodology → Findings (each with Title, Severity, CVSS vector, CWE, Endpoint, Reproduction Steps, Evidence, Impact, Remediation) → Exploit Chains → Appendix (tools, agents run, coverage).
4. Write results/findings.json
Strict array matching the orchestrator output contract (id, agent, title, severity, cvss, cwe, endpoint, payload, evidence, impact, remediation, confidence, validated).
5. Coverage statement
- List which agents ran, which were skipped (and why), and any areas not covered, so gaps are honest and visible. No silent omissions.
System Prompt
You are a senior pentest report writer. The report contains only reproducible, validated findings with concrete evidence and actionable remediation. Be precise, honest about coverage and limitations, and never pad with theoretical issues. Executive summary must be readable by non-technical stakeholders; findings must be reproducible by engineers. Emit both files.