mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-07-05 02:47:52 +02:00
639c2209f7
Chaining: - agents_md/chains/ (12 multi-stage exploitation playbooks): SQLi→RCE→LPE, SSRF→AWS-creds, SSRF→RCE, upload→RCE, upload→LFI→RCE→LPE, XSS→ATO, IDOR→ATO, SSTI→RCE→cloud, default-creds→domain, deserialization→RCE, exposed-git→RCE, subdomain-takeover→trusted-abuse. Each stage proven by a tool receipt before advancing; reports chains_from edges. - Loaded as a `chains` category (→ 329 agents). chain_round now injects the chain recipes as a menu so the LLM applies proven multi-stage paths. Persistence (no DB — structured state): - Per-project `<cwd>/.neurosploit/` holding session.json (config), runs.json (history), history.txt (readline). REPL resumes target/repo/auth/focus/models on reopen; saves on /run and /quit. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
87 lines
2.8 KiB
Rust
87 lines
2.8 KiB
Rust
use regex::Regex;
|
|
use serde::Serialize;
|
|
use std::path::Path;
|
|
use walkdir::WalkDir;
|
|
|
|
/// One markdown specialist/meta agent.
|
|
#[derive(Clone, Debug, Serialize)]
|
|
pub struct Agent {
|
|
pub name: String,
|
|
pub title: String,
|
|
pub cwe: String,
|
|
pub kind: String, // "vuln" | "meta"
|
|
#[serde(skip)]
|
|
pub system: String,
|
|
#[serde(skip)]
|
|
pub user: String,
|
|
}
|
|
|
|
/// The loaded `agents_md/` library.
|
|
#[derive(Default)]
|
|
pub struct Library {
|
|
pub vulns: Vec<Agent>,
|
|
pub meta: Vec<Agent>,
|
|
pub recon: Vec<Agent>,
|
|
pub code: Vec<Agent>,
|
|
pub infra: Vec<Agent>,
|
|
pub chains: Vec<Agent>,
|
|
}
|
|
|
|
impl Library {
|
|
pub fn total(&self) -> usize {
|
|
self.vulns.len() + self.meta.len() + self.recon.len() + self.code.len()
|
|
+ self.infra.len() + self.chains.len()
|
|
}
|
|
}
|
|
|
|
/// Load `<base>/agents_md/{vulns,meta,recon,code}/*.md`.
|
|
pub fn load(base: &Path) -> Library {
|
|
let root = base.join("agents_md");
|
|
Library {
|
|
vulns: load_dir(&root.join("vulns"), "vuln"),
|
|
meta: load_dir(&root.join("meta"), "meta"),
|
|
recon: load_dir(&root.join("recon"), "recon"),
|
|
code: load_dir(&root.join("code"), "code"),
|
|
infra: load_dir(&root.join("infra"), "infra"),
|
|
chains: load_dir(&root.join("chains"), "chain"),
|
|
}
|
|
}
|
|
|
|
fn load_dir(dir: &Path, kind: &str) -> Vec<Agent> {
|
|
let title_re = Regex::new(r"(?m)^#\s+(.+?)\s*$").unwrap();
|
|
let cwe_re = Regex::new(r"CWE-\d+").unwrap();
|
|
let user_re = Regex::new(r"(?s)##\s*User Prompt\s*\n(.*?)(?:\n##\s|\z)").unwrap();
|
|
let sys_re = Regex::new(r"(?s)##\s*System Prompt\s*\n(.*?)(?:\n##\s|\z)").unwrap();
|
|
let mut out = Vec::new();
|
|
if !dir.is_dir() {
|
|
return out;
|
|
}
|
|
for entry in WalkDir::new(dir).max_depth(1).into_iter().flatten() {
|
|
let path = entry.path();
|
|
if path.extension().and_then(|e| e.to_str()) != Some("md") {
|
|
continue;
|
|
}
|
|
let text = std::fs::read_to_string(path).unwrap_or_default();
|
|
let name = path.file_stem().and_then(|s| s.to_str()).unwrap_or("").to_string();
|
|
let title = title_re
|
|
.captures(&text)
|
|
.and_then(|c| c.get(1))
|
|
.map(|m| m.as_str().trim().to_string())
|
|
.unwrap_or_else(|| name.clone());
|
|
let cwe = cwe_re.find(&text).map(|m| m.as_str().to_string()).unwrap_or_default();
|
|
let user = user_re
|
|
.captures(&text)
|
|
.and_then(|c| c.get(1))
|
|
.map(|m| m.as_str().trim().to_string())
|
|
.unwrap_or_default();
|
|
let system = sys_re
|
|
.captures(&text)
|
|
.and_then(|c| c.get(1))
|
|
.map(|m| m.as_str().trim().to_string())
|
|
.unwrap_or_default();
|
|
out.push(Agent { name, title, cwe, kind: kind.to_string(), system, user });
|
|
}
|
|
out.sort_by(|a, b| a.name.cmp(&b.name));
|
|
out
|
|
}
|