Skip to content

Releases: JoasASantos/NeuroSploit

NeuroSploit v3.5.5 — Cloud Testing & REPL polish

Choose a tag to compare

@JoasASantos JoasASantos released this 02 Jul 01:38

NeuroSploit v3.5.5 — Release Notes

Release Date: July 2026
Codename: Cloud Testing, REPL Navigation & Deeper Recon
License: MIT
Credits: Joas A Santos & Red Team Leaders


TL;DR

v3.5.5 adds cloud infrastructure testing (AWS / GCP / Azure) with first-class
credential connection, 27 new agents (17 cloud + 10 misconfig/CVE/PoC/rate-
limit → library 375), a much more capable and navigable REPL (idle
guardrail, multi-target, results browser), deeper recon (downloads & analyzes
JS, request/response differentials, smart nuclei), Burp/ZAP proxy support, a
PoC workspace, a strict data-safety/PII guardrail, and a fix for garbled
interactive line-editing.

Cloud testing

  • +17 cloud agents. AWS, GCP and Azure specialists in
    agents_md/infra/: IAM/RBAC privilege escalation, storage exposure
    (S3 / GCS / Blob), compute & network exposure + IMDS, secrets (Secrets Manager /
    Secret Manager / Key Vault), service-account & service-principal abuse, and
    Entra ID enumeration — plus a multi-cloud footprint/identity recon agent.
    Read-only-first, non-destructive.
  • Connect cloud credentials via creds.yaml (aws:, gcp:, azure:
    blocks). The harness exports the right env vars so aws / gcloud / az pick
    them up automatically, and tells the agents how to authenticate & what to
    enumerate:
    • AWSaccess_key_id/secret_access_key[/session_token]/region, or a profile.
    • GCP — a service-account JSON (service_account_json, path recommended) →
      GOOGLE_APPLICATION_CREDENTIALS + project.
    • Azure — a service principal (tenant_id/client_id/client_secret/
      subscription_id) → az login --service-principal.
    • Secrets are never written to disk beyond your creds.yaml; inline GCP JSON is
      materialized to a temp file only to satisfy the SDK/CLI.

REPL — navigation & control

  • Idle guardrail — /timeout <min>. If no NEW finding lands within the
    window, the run soft-stops and validates what was found (/timeout 1 = 1 min,
    10 = 10 min, 60 = 1 hour, 0 = off). Default 5 min.
  • Multiple targets — /target url1,url2,url3. A comma-separated list; /run
    tests them sequentially (a queue auto-advances to the next when the current
    finishes) — one report per URL.
  • /results navigation browser (interactive): pick a target/run → pick a
    vulnerability → see full detail; Esc steps back a level (vuln → target →
    back to the live session).
  • /report selection: with multiple runs, choose which report to open from a
    menu.
  • /chain <n> (attack-chain depth), /agents list (library category
    counts incl. infra/cloud); /show now shows chain-depth, idle-stop and
    enabled integrations.
  • Fix: the interactive prompt no longer embeds ANSI/newline, so line editing
    (typing, backspace, history, cursor, multiline) is no longer garbled in a real
    terminal (the readline prompt is plain; color is applied via the highlighter).

Deeper recon & analysis (agent prompts)

  • Deterministic HTTP probe (native, harness::probe). Before the model
    recon, the harness performs a real request/response analysis of the target
    and injects the observed facts into recon so agent-selection and exploitation
    decisions are grounded in evidence (more robust — works even when the model's
    recon is weak): status & redirect, Server/X-Powered-By/content-type, the 6
    security headers (present/missing), cookie flags (HttpOnly/Secure/SameSite),
    CORS reflection test (arbitrary Origin + credentials), tech fingerprint,
    linked scripts, form count, a 404 baseline for soft-404 differentials, and
    a few high-signal paths (/robots.txt, /.git/config, /.env, …). Best-effort
    (never fatal), honors the identifying User-Agent and the Burp/ZAP proxy.
  • RECON_SYS now crawls pages/params/headers/cookies, downloads the linked
    JavaScript and analyzes it
    (API endpoints, hidden params, GraphQL, secrets /
    keys / tokens, sourceMappingURL → recover original source), fingerprints
    exact stack versions, and does response-differential analysis; richer JSON
    schema (js_findings, secrets, hosts, …).
  • tool_doctrine adds JS-analysis (linkfinder / gau / katana + grep for
    endpoints/secrets/source-maps) and request/response-analysis guidance (status,
    all headers, Set-Cookie flags, timing/length differentials, auth-vs-anon and
    valid-vs-invalid comparisons) — applied to both recon and exploitation.

Exploitation depth, safety & Burp

  • +10 exploitation agents. Absurd-misconfig hunters (exposed .git/.env/
    backups, debug/actuator endpoints, default creds, directory listing, exposed
    ops dashboards, permissive CORS, verbose errors), a CVE Hunter (fingerprint
    → correlate → safe PoC), a PoC Developer (writes runnable exploit scripts),
    and a Rate-Limit / Anti-Automation tester.
  • Data-safety / PII guardrail injected into every exploit/chain/host prompt:
    no modifying, deleting, exfiltrating data or changing state without explicit
    permission; on PII, prove with a single masked sample + a count — never
    dump. When unsure an action is safe, don't do it.
  • Smart nuclei in recon — fingerprint first, then run nuclei on targeted
    templates/tags/CVE ids with rate/timeouts (fast, never a blind full scan).
  • Burp/ZAP proxy/proxy <url> (or /burp, default :8080) in the REPL,
    or the NEUROSPLOIT_PROXY env var. Agents route curl through it (--proxy … -k)
    so you can inspect/replay traffic in Burp Suite while the test runs.
  • PoC workspace — each run gets a pocs/ directory ($NEUROSPLOIT_POCS);
    agents save custom, reproducible exploit scripts there and cite them as evidence.
  • Tool download (authorized) — agents may git clone a specific public PoC/
    exploit repo or download a scanner when needed (reputable/pinned, reviewed).
  • Rate-limit testing is a first-class control check (small non-disruptive
    burst → look for 429/lockout/Retry-After), never a DoS.

Multi-role auth & access-control testing

  • Named identities in creds.yaml for IDOR / BOLA / BFLA / privilege-escalation
    testing. Define two or more roles and the agent authenticates as each and tests
    cross-role access (control vs unauthorized request):
    admin:
      jwt: eyJ...              # or header:/cookie:/apikey:/login+username+password
    user:
      apikey: abc123          # → X-Api-Key: abc123
    victim:
      cookie: "session=..."
    Supported per role: jwt, header (raw), cookie, apikey, or a
    login/username/password self-login. With ≥2 roles the harness injects an
    access-control directive (capture one role's object IDs/functions, attempt them
    as another role, prove authorized-vs-denied) under the data-safety guardrail.

Attribution & identification (anti-plagiarism)

  • Identifying User-Agent on every request — default
    NeuroSploit/<ver> (authorized security assessment; +github…), plus an
    X-NeuroSploit-Scan header. Change it with /ua <string> (REPL) or the
    NEUROSPLOIT_UA env var; the run banner shows it.
  • Attribution stamped into every finding ("Identified and validated by
    NeuroSploit — multi-model adversarial validation …") so provenance travels with
    the finding across the report, findings.json and any copy — in the traffic,
    the finding text, and the report footer, so the work can't be silently re-badged.

Notes

  • Additive/back-compatible. Provider count is 14 (Azure OpenAI added in v3.5.2).
    See the README "Cloud credentials" section for a full creds.yaml example.

NeuroSploit v3.5.4 — Robust Attack Chaining & False-Positive Reduction

Choose a tag to compare

@JoasASantos JoasASantos released this 01 Jul 22:01

NeuroSploit v3.5.4 — Release Notes

Release Date: July 2026
Codename: Robust Attack Chaining & False-Positive Reduction
License: MIT
Credits: Joas A Santos & Red Team Leaders


TL;DR

v3.5.4 makes NeuroSploit both deeper and more precise: a real multi-round
post-exploitation attack-chaining engine that expands each foothold in new
directions, plus stronger false-positive controls so what it reports is
trustworthy.

Attack chaining (robust, decision-driven)

Replaces the old single-shot chainer with attack_chain() — an iterative,
per-foothold pivot engine:

  • Per-foothold decisions. Each round takes the newest confirmed footholds
    (best-first, capped per round) and, for each one, an agent decides which
    directions to expand and proves new impact: post-exploitation (loot
    creds/keys/config/source), credential reuse, privilege escalation
    (horizontal & vertical), lateral movement to adjacent services/hosts,
    data exfiltration, and new attack surface the foothold exposes.
  • Loot carried forward. Credentials/tokens/hosts/endpoints discovered in one
    round are passed to later rounds and reused (agent returns
    {"findings":[...],"loot":[...]}), so the engine genuinely pivots in new
    directions instead of re-testing the same spot.
  • No pivoting off false positives. Each round's new findings are validated
    before they become the next round's footholds.
  • Convergence. Runs up to chain_depth rounds or stops when a round finds
    nothing new (loop-until-dry).
  • Control. New RunConfig.chain_depth (default 2) and a --chain-depth
    flag on every engagement command (0 disables).

False-positive reduction

  • Robust verdict parsing (pool::parse_verdict) — whitespace-insensitive,
    checks explicit rejection first, counts only explicit confirmations; ambiguous
    replies are not counted as confirmed. Replaces the fragile exact-JSON /
    loose-yes matching.
  • Severity-aware quorum (pool::quorum_confirmed) — High/Critical now need
    ≥2 validators AND ≥2/3 agreement
    (a single vote can no longer confirm a
    Critical); lower severities need a strict majority. Single-model panels fall
    back to majority so they aren't nuked.
  • Adversarial refute pass — every confirmed High/Critical is re-examined by a
    skeptical panel that assumes false-positive; findings that can't withstand a
    majority of skeptics are dropped.
  • Stronger validator prompt with an explicit false-positive checklist
    (reflected-not-executed, version/banner guesses, self-XSS, error-as-injection,
    thin evidence, inflated severity).

Notes

  • Additive and back-compatible; defaults keep behavior sensible if you change
    nothing. Unit tests cover verdict parsing, quorum, and report-hygiene logic.

NeuroSploit v3.5.3 — Integrations (GitHub · GitLab · Jira)

Choose a tag to compare

@JoasASantos JoasASantos released this 27 Jun 04:58

NeuroSploit v3.5.3 — Release Notes

Release Date: June 2026
Codename: Integrations (GitHub · GitLab · Jira)
License: MIT
Credits: Joas A Santos & Red Team Leaders


TL;DR

v3.5.3 plugs NeuroSploit into your SDLC: review private GitHub/GitLab repos
and Pull Requests, watch a branch and re-review on every commit, and open
a Jira card per finding — all toggleable via a new /integrations command.

Highlights

  • GitHub integration
    • Private repos: when enabled, whitebox / greybox --repo / tui --repo
      inject your GITHUB_TOKEN into the clone URL (token never printed/stored).
    • neurosploit pr <owner/repo> <number> — clones the PR head
      (refs/pull/N/head), runs a white-box review, optionally posts a summary
      comment
      back on the PR (--comment) and/or opens Jira cards (--jira).
    • neurosploit watch <owner/repo> --branch <b> --interval <s> — polls the
      branch and runs a white-box review each time a new commit lands.
  • GitLab integration — private clone (token-injected) for whitebox/greybox
    against gitlab.com or a self-hosted base.
  • Jira integration--jira on any engagement (or pr/watch) opens one
    card per finding
    (summary, severity, CVSS, CWE, location, PoC, evidence,
    remediation) in your project via the Jira REST API.
  • /integrations (REPL) + neurosploit integrations (CLI)show,
    enable/disable <github|gitlab|jira>, and setup <jira|gitlab|github>
    (interactive). Config persists to <project>/.neurosploit/integrations.json.
    Secrets are never stored — only the env-var name is saved; values come
    from the environment at use time.
  • New harness module integrations + app commands pr / watch /
    integrations, plus a --jira flag on run / whitebox.

Setup

Step-by-step for tokens, scopes and configuration is in
TUTORIAL-INTEGRATION.md and summarized in the README.

Notes

  • Additive and back-compatible: all existing modes/flags are unchanged; if no
    integration is enabled the behavior is identical to v3.5.2.
  • Tokens use env vars: GITHUB_TOKEN, GITLAB_TOKEN, JIRA_EMAIL +
    JIRA_API_TOKEN (names configurable per integration).

NeuroSploit v3.5.2 — Exploitation Depth & Report Hygiene

Choose a tag to compare

@JoasASantos JoasASantos released this 26 Jun 14:31

NeuroSploit v3.5.2 — Release Notes

Release Date: June 2026
Codename: Exploitation Depth & Report Hygiene
License: MIT
Credits: Joas A Santos & Red Team Leaders


TL;DR

v3.5.2 hard-codes the discipline that separates a great pentest from a noisy
one — distilled from reviewing real AI-pentest output that kept stopping at
"exposed" instead of "exploited". The engine now pushes every exposure to
demonstrated impact, chains findings, decodes/fingerprints artifacts and
correlates CVEs, audits tokens, and keeps the final report honest (deduplicated
and severity-calibrated).

Highlights

  • DEPTH doctrine (exploit, don't just expose). A new doctrine is injected
    into every exploitation prompt (black/grey/chain): any info-disclosure,
    exposed service/catalog/WSDL, leaked credential/token, or reachable dev host
    must be USED before it can be a finding — call it, decode it, log in, hit
    the dev host. If it was only observed, it's reported as a lead, not a
    confirmed High/Critical.
  • Finding chaining. Reuse any session/JWT/cookie/credential obtained in one
    step across all other modules; pivot access into IDOR/privesc/exfil and report
    the chain, not isolated parts (e.g. captcha-bypass→admin JWT→authenticated
    surface; enum + no-rate-limit→password spraying).
  • Decode & fingerprint → CVE. Decode opaque tokens/paths (base64/JSON/marshal)
    and pin exact library/gem/plugin/CMS versions, then correlate to known CVEs and
    attempt a safe PoC.
  • Token auditor. JWT alg-confusion (RS→HS), alg:none, kid/jku injection,
    real signature verification, weak HS256 secret cracking, and token
    lifecycle (logout/expiry/refresh).
  • Report-hygiene & depth pass (deterministic, in the harness). After
    validation the run now:
    • calibrates severity to proven impact — an unproven High/Critical
      (hedged language, no payload, thin evidence) is capped to Medium and
      re-titled "(potential)";
    • flags "exposed → exploited" gaps — exposures on a host with no actual
      exploit get an advisory to go use them;
    • advises consolidating hygiene classes (headers/cookies/TLS/HSTS/
      clickjacking/disclosure) repeated across many assets into ONE finding with
      an affected-asset table, instead of inflating the count one-per-host.
  • 5 new doctrine meta-agents (agents_md/meta/): exploit_depth_doctrine,
    finding_chainer, artifact_decoder, token_auditor, report_calibrator
    (meta agents 17 → 22; total library 343 → 348).
  • Source from a GitHub URL. whitebox / greybox --repo (and the REPL
    /repo) now accept a git URL (https://github.com/owner/repo[.git]) or an
    owner/repo shorthand — the repo is cloned (shallow) into <base>/repos/ and
    reviewed automatically, no manual git clone needed:
    neurosploit whitebox https://github.com/digininja/DVWA \
      --subscription --model anthropic:claude-opus-4-8 -v
  • Azure OpenAI provider (resolves #21). OpenAI-compatible: set
    AZURE_OPENAI_ENDPOINT (+ optional AZURE_OPENAI_API_VERSION, default
    2024-10-21) and AZURE_OPENAI_API_KEY, then --model azure:<deployment>
    (the model name is your Azure deployment name; auth via the api-key
    header).
  • GOOGLE_API_KEY alias for Gemini (resolves #25 confusion). Gemini's API
    path reads GEMINI_API_KEY, and now also accepts GOOGLE_API_KEY (Google's
    standard env var) when the former is unset. Local providers (ollama/litellm)
    still need no key at all.

Notes

  • Pure-additive and back-compatible: existing modes, REPL, TUI, pause/continue,
    crash-recovery and reports are unchanged. The hygiene pass only annotates and
    down-calibrates unproven severities — it never invents or drops findings.
  • New unit tests cover the calibration and depth-audit logic
    (harness::hygiene).

NeuroSploit v3.5.1

Choose a tag to compare

@JoasASantos JoasASantos released this 25 Jun 12:34

NeuroSploit v3.5.1 — Release Notes

Release Date: June 2026
Codename: Interactive POMDP Harness
License: MIT
Credits: Joas A Santos & Red Team Leaders


TL;DR

The 3.5.x line turns the Rust harness into a full interactive REPL (Claude
Code / Codex / Cursor-CLI style) on top of the multi-model engine: pick models
with arrow-keys, configure API keys per provider, set target/repo/auth/creds and
free-text instructions that steer the agents, then /run engagements in the
background
while you keep typing. v3.5.1 adds a POMDP belief spine with
anti-hallucination grounding ("no claim without a tool receipt"), infra/host
testing (IP + SSH + Windows/AD) with Linux/Windows/AD agents, attack-chain
agents
, a Mission-Control TUI, structured Typst reports, and resilient
run control (live checkpointing, pause-on-quota, instant stop).

Highlights

  • Interactive REPL (neurosploit with no subcommand): real line editing
    (history ↑/↓, Ctrl-A/E/K, multiline), Tab-completion of /commands and
    @filesystem-paths (Claude-Code-style file menu), arrow-key model multi-select,
    per-provider API-key config, and a live context bar (model · cwd · mode▸target).
  • Engagement modes: black-box (run), white-box SAST (whitebox,
    set /repo), grey-box (greybox, /repo + /target), host/infra
    (/target <ip> + /creds for SSH / Windows / AD), plus the TUI dashboard.
  • POMDP belief state (belief.rs, pomdp.rs): a property-graph with
    probabilities + Bayesian update + Shannon-entropy uncertainty, a
    value-of-information planner, and a grounding gate (grounding.rs,
    may_assert) — findings must carry an empirical/symbolic tool receipt.
  • Infra / credentials (creds.rs): multi-block YAML (jwt/header/cookie,
    HTTP login, SSH, Windows/AD); real automated login; Linux/Windows/AD agents.
  • Attack-chain agents: sqli→rce→lpe, ssrf→aws, upload→lfi→rce, and more —
    injected as chain recipes during exploitation.
  • App-stack & CVE hunting: IIS/.NET (tilde shortname, WebDAV, ViewState),
    CMS (WordPress/Joomla/Drupal), app-server consoles, known-CVE exploitation.
  • 13 providers incl. LiteLLM proxy and Gemini/xAI alongside the existing
    OpenAI-compatible set; subscription mode drives local agentic CLIs
    (claude/codex/gemini/grok) via stream-json.
  • Mission-Control TUI (ratatui): concurrent activity/findings/targets panels
    with a non-blocking composer active during the run.
  • Structured Typst report: executive summary, vulnerability-summary table,
    and per-finding sections (criticality, CVSS, OWASP/CWE, PoC, evidence,
    remediation) + an attack-graph / kill-chain mapping (OWASP/CWE/MITRE).
  • Per-project persistence (.neurosploit/, no database): session.json,
    runs.json, history.txt — resumes automatically on reopen.

Run control (new in 3.5.1)

  • Background /run with a live progress bar, severity-colored findings, and
    the full file:// report URL on completion/stop.
  • 3-way /stop: [1] validate findings so far → report · [2] raw
    report now without validating · [3] discard. Raw/discard abort
    in-flight agents immediately (running CLI children are killed via
    kill_on_drop); validate soft-stops so the validator still runs.
  • Crash/quit recovery: every finding is checkpointed live to
    .neurosploit/active_run.json; an interrupted run is recovered into /runs
    on the next launch, so /results, /finding and /report keep working.
  • Pause-on-exhaustion: when all models are rate-limited / out of quota the
    run parks (state kept) and prints ⏸ token/quota exhausted … PAUSED.
    Resume with /continue when your quota renews, or switch with
    /model <provider:model> (or the /model selector) then /continue.
  • Inspection: /results (live findings), /finding (pick one → full
    command + PoC + evidence), /expand / Ctrl-O (full untruncated commands),
    /status, /diff, /retest.

Usage

cd neurosploit-rs && cargo build --release
./target/release/neurosploit                              # interactive REPL
./target/release/neurosploit run http://target -v --model anthropic:claude-opus-4-8
./target/release/neurosploit whitebox --repo /path/to/code   # white-box SAST
./target/release/neurosploit greybox  --repo /path --target http://target  # grey-box
./target/release/neurosploit run <ip> --creds creds.yaml     # host / infra
./target/release/neurosploit tui http://target --subscription --mcp

Cross-platform install (Linux / macOS / Windows, x64 + arm64) via setup.sh and
install.ps1. See README.md and TUTORIAL.md for the full walkthrough.


NeuroSploit v3.2.2 - Full LLM Pentest Mode

Choose a tag to compare

@JoasASantos JoasASantos released this 24 Feb 03:29

Full LLM Pentest Mode

New feature where the LLM drives the entire penetration test cycle autonomously — like a human pentester using Burp Suite / curl.

How it works

  1. User enters target URL in the Full LLM Pentest page
  2. The LLM receives the full methodology prompt + target
  3. LLM plans HTTP requests (up to 10 per round)
  4. System executes those requests and returns real responses
  5. LLM analyzes responses, identifies vulnerabilities, adapts strategy
  6. Repeat for up to 30 rounds across 4 phases

Phases

  • AI Recon (0-25%) — Technology fingerprinting, endpoint discovery, attack surface mapping
  • AI Testing (25-70%) — SQLi, XSS, LFI, Command Injection, SSRF, CSRF, IDOR, and more
  • Post-Exploitation (70-85%) — Vulnerability chaining, data extraction, privilege escalation
  • Report (85-100%) — Professional pentest report generation

Key Features

  • Anti-hallucination: Findings without real response evidence are automatically rejected
  • Full validation pipeline: All findings go through ValidationJudge (negative controls + proof of execution + confidence scoring)
  • Methodology injection: 118KB comprehensive pentest methodology (OWASP WSTG, PTES) injected into AI context
  • No Kali sandbox required: Uses system HTTP client directly
  • Any LLM provider: Works with Claude, GPT, Gemini, Ollama, LMStudio via SmartRouter

Files Changed

  • backend/core/autonomous_agent.py — New _run_full_llm_pentest() + helpers (+454 lines)
  • backend/core/vuln_engine/ai_prompts.py — 3 new prompt functions (+219 lines)
  • backend/api/v1/agent.py — New FULL_LLM_PENTEST mode
  • frontend/src/pages/FullIATestingPage.tsx — Updated UI for LLM-driven phases

NeuroSploit v3.2.1 - AI-Everywhere Auto Pentest

Choose a tag to compare

@JoasASantos JoasASantos released this 23 Feb 21:36

NeuroSploit v3.2.1

🤖 AI-Everywhere Auto Pentest

  • Pre-stream AI Master Plan: Strategic AI planning runs before parallel streams, producing target profile, priority vulns, recon guidance, and tool recommendations shared across all 3 streams
  • Stream 1 AI Recon Analysis: AI analyzes discovered endpoints for hidden surfaces, priority routing, and attack chain identification
  • Stream 2 AI Payload Generation: Context-aware AI-generated payloads replace hardcoded 3-payload approach, using master plan context, WAF info, and tech stack
  • Stream 3 AI Tool Analysis: AI classifies raw tool stdout/stderr into real findings vs noise, queues follow-up test endpoints

🧠 LLM-as-VulnEngine: AI Deep Testing

  • New _ai_deep_test() iterative loop: OBSERVE → PLAN → EXECUTE → ANALYZE → ADAPT (3 iterations max)
  • AI-first for top 15 injection types with hardcoded fallback
  • Per-endpoint AI testing with rich context (baseline, WAF, playbook, RAG, memory)
  • Anti-hallucination: all findings through ValidationJudge pipeline
  • Token budget adaptive: 15 calls normal, 5 when <50k tokens remain

🐛 Critical Container Fix

  • Root cause: ENTRYPOINT ["/bin/bash", "-c"] in Dockerfile conflicted with command="sleep infinity" → container exited immediately → all tools showed exit -1, 0.0s, 0 findings
  • Fix: Changed to CMD ["bash"] — all Kali sandbox tools (nuclei, naabu, etc.) now work correctly

🔍 Deep Recon Overhaul

  • JS analysis: 10→30 files, 11 regex patterns, source map (.map) parsing, parameter extraction
  • Sitemaps: recursive index following (depth 3), 8 candidates, 500 URL cap
  • API discovery: 7→20 Swagger/OpenAPI paths, 1→6 GraphQL paths, request body schema extraction
  • 9 framework detectors: WordPress (16 paths), Laravel, Django, Spring Boot, Express, ASP.NET, Rails, Next.js, Flask
  • 40+ hidden/sensitive paths checked (.env, .git, /actuator, /debug, /metrics, etc.)
  • API pattern fuzzing: infers endpoints from discovered patterns (37 common resources × CRUD variants)
  • HTTP method discovery via OPTIONS probing
  • URL normalization and deduplication

🎨 Frontend Improvements

  • Elapsed time now works for completed scans (computed from started_at → completed_at)
  • Container telemetry: exit -1 shows "ERR" (yellow), duration shows "N/A" on container failure
  • Professional HTML report: cover page, risk gauge, severity breakdown, table of contents, per-finding cards with evidence/PoC/confidence, print-friendly CSS

📊 Stats

  • +4,290 lines across 12 files
  • 4 new AI prompt builders: master_plan, junior_ai_test, tool_analysis, recon_analysis
  • 3 new deep recon methods: framework discovery, API fuzzing, method probing
  • Bug bounty training datasets included

Installation

git clone https://github.com/CyberSecurityUP/NeuroSploit.git
cd NeuroSploit
pip install -r requirements.txt
# Rebuild Kali sandbox image (IMPORTANT for container fix):
docker build -f docker/Dockerfile.kali -t neurosploit-kali:latest docker/

Full Changelog: v3.2...v3.2.1

NeuroSploit v3.0.0

Choose a tag to compare

@JoasASantos JoasASantos released this 15 Feb 01:15
43d892e

NeuroSploit v3.0.0 — Release Notes

Release Date: February 2026
Codename: Autonomous Pentester
License: MIT


Overview

NeuroSploit v3 is a ground-up overhaul of the AI-powered penetration testing platform. This release transforms the tool from a scanner into an autonomous pentesting agent — capable of reasoning, adapting strategy in real-time, chaining exploits, validating findings with anti-hallucination safeguards, and executing tools inside isolated Kali Linux containers.

By the Numbers

Metric Count
Vulnerability types supported 100
Payload libraries 107
Total payloads 477+
Kali sandbox tools 55
Backend core modules 63 Python files
Backend core code 37,546 lines
Autonomous agent 7,592 lines
AI decision prompts 100 (per-vuln-type)
Anti-hallucination prompts 12 composable templates
Proof-of-execution rules 100 (per-vuln-type)
Known CVE signatures 400
EOL version checks 19
WAF signatures 16
WAF bypass techniques 12
Exploit chain rules 10+
Frontend pages 14
API endpoints 111+
LLM providers supported 6

Architecture

                      +---------------------+
                      |   React/TypeScript   |
                      |     Frontend (14p)   |
                      +----------+----------+
                                 |
                           WebSocket + REST
                                 |
                      +----------v----------+
                      |   FastAPI Backend    |
                      |   14 API routers     |
                      +----------+----------+
                                 |
              +---------+--------+--------+---------+
              |         |        |        |         |
         +----v---+ +---v----+ +v------+ +v------+ +v--------+
         | LLM    | | Vuln   | | Agent | | Kali  | | Report  |
         | Manager| | Engine | | Core  | |Sandbox| | Engine  |
         | 6 provs| | 100typ | |7592 ln| | 55 tl | | 2 fmts  |
         +--------+ +--------+ +-------+ +-------+ +---------+

Stack: Python 3.10+ / FastAPI / SQLAlchemy (async) / React 18 / TypeScript / Tailwind CSS / Vite / Docker


Core Engine: 100 Vulnerability Types

The vulnerability engine covers 100 distinct vulnerability types organized in 10 categories with dedicated testers, payloads, AI prompts, and proof-of-execution rules for each.

Categories & Types

Category Types Examples
Injection 12 SQLi (error, union, blind, time-based), Command Injection, SSTI, NoSQL, LDAP, XPath, Expression Language, HTTP Parameter Pollution
XSS 3 Reflected, Stored (two-phase form+display), DOM-based
Authentication 7 Auth Bypass, JWT Manipulation, Session Fixation, Weak Password, Default Credentials, 2FA Bypass, OAuth Misconfig
Authorization 5 IDOR, BOLA, BFLA, Privilege Escalation, Mass Assignment, Forced Browsing
Client-Side 9 CORS, Clickjacking, Open Redirect, DOM Clobbering, PostMessage, WebSocket Hijack, Prototype Pollution, CSS Injection, Tabnabbing
File Access 5 LFI, RFI, Path Traversal, XXE, File Upload
Request Forgery 3 SSRF, SSRF Cloud (AWS/GCP/Azure metadata), CSRF
Infrastructure 7 Security Headers, SSL/TLS, HTTP Methods, Directory Listing, Debug Mode, Exposed Admin, Exposed API Docs, Insecure Cookies
Advanced 9 Race Condition, Business Logic, Rate Limit Bypass, Type Juggling, Timing Attack, Host Header Injection, HTTP Smuggling, Cache Poisoning, CRLF
Data Exposure 6 Sensitive Data, Information Disclosure, API Key Exposure, Source Code Disclosure, Backup Files, Version Disclosure
Cloud & Supply Chain 6 S3 Misconfig, Cloud Metadata, Subdomain Takeover, Vulnerable Dependency, Container Escape, Serverless Misconfig

Injection Routing

Every vulnerability type is routed to the correct injection point:

  • Parameter injection (default): SQLi, XSS, IDOR, SSRF, etc.
  • Header injection: CRLF, Host Header, HTTP Smuggling
  • Body injection: XXE
  • Path injection: Path Traversal, LFI
  • Both (param + path): LFI, directory traversal variants

XSS Pipeline (Reflected)

The reflected XSS engine is a multi-stage pipeline:

  1. Canary probe — unique marker per endpoint+param to detect reflection
  2. Context analysis — 8 contexts: html_body, attribute_value, script_string, script_block, html_comment, url_context, style_context, event_handler
  3. Filter detection — batch probe to map allowed/blocked chars, tags, events
  4. AI payload generation — LLM generates context-aware bypass payloads
  5. Escalation payloads — WAF/encoding bypass variants
  6. Testing — up to 30 payloads per param with per-payload dedup
  7. Browser validation — Playwright popup/cookie/DOM/event verification (optional)

POST Form Support

  • HTML forms detected during recon with method, action, all input fields (including <select>, <textarea>, hidden fields)
  • POST form testing includes all form fields (CSRF tokens, hidden inputs) — not just the parameter under test
  • Redirect following for POST responses (search forms that redirect to results)
  • Full HTTP method support: GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD

Autonomous Agent Architecture

3-Stream Parallel Auto-Pentest

The agent runs 3 concurrent streams via asyncio.gather():

Stream 1: Recon          Stream 2: Junior Tester      Stream 3: Tool Runner
  - Crawl target           - Immediate target test       - Nuclei + Naabu
  - Extract forms           - Consume endpoint queue      - AI-selected tools
  - JS analysis             - 3 payloads/endpoint         - Dynamic install
  - Deep fingerprint        - AI-prioritized types        - Process findings
  - Push to queue           - Skip tested types           - Feed back to recon
        |                         |                             |
        +----------+--------------+-----------------------------+
                   |
            Deep Analysis (50-75%)
            Researcher AI (75%)    ← NEW
            Finalization (75-100%)

Reasoning Engine (ReACT)

AI reasoning at strategic checkpoints (50%, 75%):

  • Think: analyze situation, available data, findings so far
  • Plan: recommend next actions, prioritize vuln types
  • Reflect: evaluate results, adjust strategy

Token budget tracking with graceful degradation:

  • 0-60% budget: full AI (reasoning + verification + enhancement)
  • 60-80%: reduced (skip enhancement)
  • 80-95%: minimal (verification only)
  • 95%+: technical only (no AI calls)

Strategy Adaptation

  • Dead endpoint detection: skip after 5+ consecutive errors
  • Diminishing returns: reduce testing on low-yield endpoints
  • Priority recomputation: re-rank vuln types based on results
  • Pattern propagation: IDOR on /users/1 automatically queues /orders/1, /accounts/1
  • Checkpoint refinement: at 30%/60%/90% refine attack strategy

Exploit Chaining

10+ chain rules for multi-step attack paths:

  • SSRF -> Internal service access -> Data extraction
  • SQLi -> Database-specific escalation (MySQL, PostgreSQL, MSSQL)
  • XSS -> Session hijacking -> Account takeover
  • LFI -> Source code disclosure -> Credential extraction
  • Auth bypass -> Privilege escalation -> Admin access

AI-driven chain discovery during finalization phase.


Validation & Anti-Hallucination Pipeline

4-Layer Verification

Every finding passes through 4 independent verification layers before confirmation:

Finding Signal
    |
    v
[1] Negative Controls  — Send benign/empty probes. Same response = false positive (-60 penalty)
    |
    v
[2] Proof of Execution — Per-vuln-type proof checks (25+ methods). XSS: context analyzer.
    |                      SSRF: metadata markers. SQLi: DB error patterns. Score 0-60.
    v
[3] AI Interpretation  — LLM analyzes with anti-hallucination system prompt + per-type
    |                      proof requirements. Speculative language rejected.
    v
[4] Confidence Scorer  — Numeric 0-100 score. >=90 confirmed, >=60 likely, <60 rejected.
    |
    v
ValidationJudge (sole authority for finding approval)

Anti-Hallucination System Prompts

12 composable anti-hallucination prompt templates injected into all 17 LLM call sites:

Prompt Purpose
anti_hallucination Core: never claim vuln without concrete proof
anti_scanner Don't behave like a scanner — reason like a pentester
negative_controls Explain control test methodology
think_like_pentester Manual testing mindset
proof_of_execution What constitutes real proof per vuln type
frontend_backend_correlation Don't confuse client-side vs server-side
multi_phase_tests Two-phase testing (submit + verify)
final_judgment Conservative final decision framework
confidence_score Numeric scoring calibration
anti_severity_inflation Don't inflate severity
operational_humility Acknowledge uncertainty
access_control_intelligence Data comparison, not status code diff

100 per-vuln-type proof requirements (e.g., SSRF requires metadata content, not just status diff).

Cross-Validation

  • _cross_validate_ai_claim() — independent check for XSS, SQLi, SSRF, IDOR, open redirect, CRLF, XXE, NoSQL
  • _evidence_in_response() — verify AI claim matches actual HTTP response
  • Speculative language rejection ("might be", "could be", "possibly")
  • Default False — findings rejected unless positively proven

Access Control Intelligence

  • BOLA/BFLA/IDOR use ...
Read more

NeuroSploitv2 - v1.2.0

Choose a tag to compare

@JoasASantos JoasASantos released this 14 Jan 19:23
5e73003

📘 Summary of Changes

The README has been updated with the following improvements and additions compared to the previous version (v2.2):

🆕 New or Expanded Sections

  • Adaptive AI Mode described with more detail in workflow and features.
  • 3 Execution Modes (CLI, Interactive, Experience/Wizard) clearly outlined with examples.
  • Consolidated Recon & Context-Based Analysis sections expanded, explaining how reconnaissance outputs are merged and reused without redundant tool runs.
  • LLM Providers & Profiles documentation expanded — listing support for multiple providers and how profiles are configured.
  • Agent Roles section expanded with examples of built-in roles and custom agent creation steps.

🛠 Improvements in Documentation

  • Installation instructions added clarity, including prerequisites, environment setup, and example commands.
  • Quick Start examples now include recommended workflows (Wizard, Two-Step Workflow, Interactive).
  • Detailed CLI Reference section was refined, showing flags, options, and usage patterns.
  • Reconnaissance & Tool Usage details improved with descriptions of included tools and execution.
  • Output Files & Reporting explained with output types (JSON, context, HTML), including report features like charts and summaries.

📜 Structural & Content Enhancements

  • Expanded Workflow Diagrams and Examples to guide users through typical recon → AI analysis → reporting flows.
  • Added Security Notice and responsible usage guidance in README to emphasize authorized testing only.
  • More comprehensive Architecture Overview listing directory structure and key components.

✨ Key Improvements

Improved adaptive intelligence descriptions to clarify how NeuroSploit decides when to run tools vs. AI analysis.

Documentation now includes more agent examples and explains how to customize capabilities via prompts.

Overall documentation flow has been made more user-friendly for both beginners and advanced users.

🐛 Bug & Docs Fixes

Fixed typos and improved consistency in command examples across sections.

Resolved ambiguities in installation steps and environment variable guidance.

NeuroSploitv2 - v1.1.0

Choose a tag to compare

@JoasASantos JoasASantos released this 12 Jan 12:05
866bb45

🚀 NeuroSploitv2 - v1.1.0

This release introduces NeuroSploitv2, an AI-powered penetration testing framework designed to automate and enhance offensive security operations using specialized agent roles and flexible large language model integration. The project focuses on combining structured automation, AI-assisted reasoning, and real-world security tooling while maintaining strong ethical guardrails and operational safety principles

✨ Key Features

Modular AI agent roles for Red Team, Blue Team, Bug Bounty, Malware Analysis, and more
Support for multiple LLM providers (Gemini, Claude, GPT, Ollama, LM Studio) with per-agent profiles
Markdown-based prompt system enabling contextual and role-specific AI behavior
Hallucination mitigation strategies, guardrails, and safety checks
Tool chaining for complex reconnaissance and attack workflows

🧠 AI & Automation Capabilities

Granular LLM profiles with control over model, temperature, token limits, caching, and context
Agent-based permission system defining allowed tools per role
Interactive CLI mode and direct command-line execution
AI-assisted planning, analysis, and reporting

🛠️ Built-in Tooling

Reconnaissance modules (OSINT collection, subdomain discovery, DNS enumeration)
Lateral movement helpers (SMB and SSH)
Persistence modules for Linux (cron) and Windows (registry)
Secure execution of external tools such as Nmap, Metasploit, Subfinder, Nuclei, SQLMap, and others

📊 Output & Reporting

Structured JSON campaign results
Automatically generated, human-readable HTML reports
Detailed logging and error handling