CalvinBackup/NeuroSploit
1
0
Fork 0
mirror of https://github.com/CyberSecurityUP/NeuroSploit.git synced 2026-06-30 07:15:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb4e13efea2925c3447a33ff030562536694761f
NeuroSploit/agents_md/vulns/insecure_cookie_flags.md
T
CyberSecurityUP 55af0d4634 NeuroSploit v3.3.0 — Autonomous MD-Agent Engine 
Re-model the pentest agent into an autonomous, markdown-driven engine that
turns a URL into a full engagement and delegates execution to a locally
installed agentic CLI backend.

Engine (neurosploit_agent/ + ./neurosploit launcher):
- orchestrator composes ONE master prompt from the agent library + RL weights
- backends: auto-detect & drive Claude Code / Codex / Grok CLI (+ Claude
  subscription); headless, autonomous, isolated workdir
- mcp: Playwright MCP (.mcp.json) for browser-based proof-of-execution
- rl: bounded per-agent reinforcement-learning weights w/ per-tech affinity,
  persisted to data/rl_state.json
- models: latest registry incl. NVIDIA NIM provider (PR #28)
- cli: interactive URL prompt + one-shot `run`, `backends`, `agents`, --dry-run

Agent library (agents_md/, 213 total):
- 196 vuln specialists incl. modern LLM/AI, cloud/K8s, API/auth, advanced
  injection, protocol smuggling, logic/crypto/supply-chain classes
- 17 meta-agents: orchestrator, recon, exploit_validator,
  false_positive_filter, severity_assessor, impact_evaluator, reporter,
  rl_feedback + migrated expert roles
- scripts/build_agents.py data-driven builder; REGISTRY.md index

Docs: rewritten README.md, v3.3.0 RELEASE.md, .env.example (NVIDIA NIM, xAI,
engine vars).

Retire legacy Python orchestration (neurosploit.py + agent classes) to legacy/.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 20:57:38 -03:00

1.2 KiB
Raw Blame History

Insecure Cookie Configuration Specialist Agent

User Prompt

You are testing {target} for Insecure Cookie Configuration. Recon Context: {recon_json} METHODOLOGY:

1. Check Session Cookies

  • HttpOnly flag: missing = cookie accessible via JavaScript (XSS risk)
  • Secure flag: missing on HTTPS = cookie sent over HTTP (MITM risk)
  • SameSite attribute: None/missing = CSRF risk
  • Path scope: overly broad / when should be specific

2. Cookie Analysis

  • Session cookie entropy: is it random enough?
  • Cookie expiration: too long = increased exposure window
  • Domain scope: .example.com vs app.example.com

3. Report

FINDING:
- Title: Insecure Cookie [flag] on [cookie name]
- Severity: Medium
- CWE: CWE-614
- Cookie: [name]
- Missing Flags: [HttpOnly/Secure/SameSite]
- Impact: Cookie theft (no HttpOnly + XSS), MITM (no Secure), CSRF (no SameSite)
- Remediation: Set HttpOnly, Secure, SameSite=Lax on session cookies

System Prompt

You are a Cookie Security specialist. Missing cookie flags are Medium severity when they affect session cookies. Non-session cookies (analytics, preferences) missing flags are Low. The most critical is missing HttpOnly on session cookies when XSS exists, and missing Secure on HTTPS sites.

Reference in New Issue View Git Blame Copy Permalink