Skip to content

Tags: JoasASantos/NeuroSploit

Tags

v3.6.3

Toggle v3.6.3's commit message
v3.6.3: resumable interrupted runs + crash-proof mid-run browsing

- /continue (and /resume) now relaunch a recovered interrupted run on the same
  target, carrying its findings forward and steering agents to widen coverage /
  chain from them instead of re-reporting. Offer shown at launch; a fresh /run
  supersedes it. Findings merge (dedup by title+endpoint) across both runs.
- Opening /results, /finding or /report while a run streams no longer corrupts
  the terminal: live background output is paused for the picker (still captured
  in /logs) and restored on exit, so Ctrl-C in a picker can't take the process
  down mid-run.

v3.6.2

Toggle v3.6.2's commit message
recon: time-box tool installs and skip on failure — never stall on a …

…download

A missing or un-downloadable recon tool must never block the run. Both the recon
intensity directive and the general tool doctrine now instruct agents to:
- wrap every install in `timeout 90 <install> || echo skip` and run non-interactively
- try each tool install at most once; on failure/no-package/no-network/hang, skip
  immediately and fall back to an installed alternative or curl/nc/dig/python3
- never wait on, retry, or block the whole recon for a single tool download

v3.6.1

Toggle v3.6.1's commit message
repl: richer /status (works during recon) + new /logs activity feed

- /status now shows progress in EVERY phase: a real bar once agents are selected,
  otherwise the current pre-exploit phase + counters (cmds, activity lines), plus
  a "last:" sign-of-life line (the latest activity) and the actual full findings.
  Before, the bar only appeared after agent selection, so a long recon looked
  frozen. Findings count now uses the full list.
- New /logs [n] — dump the recent activity feed (recon/tools/findings) of the
  running test; useful with non-streaming CLIs (codex) or after scrolling. Backed
  by a capped feed ring buffer + last/lines counters in RunLive.

v3.6.0

Toggle v3.6.0's commit message
recon: intense multi-round active recon (deep_recon) with tool auto-i…

…nstall

Recon was a single quick model pass — now it's deep and iterative:
- deep_recon(): an initial deep enumeration pass then follow-up EXPANSION rounds
  that chase discovered subdomains/hosts/endpoints/params, converging when a
  round finds nothing new. Rounds scale with intensity.
- recon_intensity_directive(): tells the agent HOW hard to recon and to INSTALL
  the tools it needs (apt/pip/go/npm/cargo) — subfinder/amass/httpx/gau/katana/
  gf/arjun/ffuf/nuclei/nmap/dnsx/linkfinder/whatweb/nikto/testssl — chained
  (subfinder->httpx->katana/gau->gf->ffuf); covers subdomains, crawl+wayback, JS,
  content/param discovery, ports, versions, API, exposures, TLS/headers.
- RunConfig.recon_intensity (default 3) + REPL /recon <1-4> + CLI --recon <1-4>
  (1 quick .. 4 exhaustive); shown in /show.

v3.5.6

Toggle v3.5.6's commit message
v3.5.6 — bug-bounty corpus grounding + 2FA bypass agent; Trendshift b…

…adge

- Fetched & analysed real public writeup corpora (Awesome-Bugbounty-Writeups,
  bug-bounty-reference); the technique distribution (XSS/RCE/CSRF/SSRF/2FA/…)
  validates the methodology agent's priorities. Added explicit 2FA/MFA bypass and
  SAML/SSO sections to bugbounty_methodology.
- New agent twofa_bypass_techniques (library 399): full 2FA-bypass playbook
  (rate-limit brute, reuse, response manipulation, step skip, null/default,
  backup/remember-me, race, disable-2FA IDOR, SSO side door).
- README: Trendshift badge.
- Version bumped 3.5.5 -> 3.5.6 across crates/app/installers/docs; RELEASE section.

v3.5.5

Toggle v3.5.5's commit message
train agent with bug-bounty techniques: methodology meta-agent + reco…

…n tricks

- New meta/bugbounty_methodology.md (library 398): distilled high-signal techniques
  from public writeups (HackerOne Hacktivity, KingOfBugBounty, Awesome-Bugbounty-
  Writeups, bug-bounty-reference, top hunters) — hunter mindset + per-class tricks
  (IDOR/BOLA, 403 bypass, account takeover, SSRF->cloud, business logic/race, cache
  poisoning, subdomain takeover, GraphQL), chaining and reporting.
- RECON_SYS gains KingOfBugBounty-style recon: subdomain enum (crt.sh/subfinder/
  amass->httpx), historical URLs (gau/waybackurls/katana), gf patterns, param mining
  (arjun+JS/wayback), content discovery (ffuf/feroxbuster), classic exposure checks
  (.git/.env/swagger/actuator, dangling CNAMEs). Degrades to installed tools.
- Docs: counts 397->398, RELEASE note.

v3.5.4

Toggle v3.5.4's commit message
v3.5.4 — Robust attack chaining & false-positive reduction

Bundles the multi-round post-exploitation attack-chaining engine (attack_chain:
per-foothold decisions, loot carried forward, validate-before-pivot, loop-until-
dry, --chain-depth) and the false-positive controls (robust verdict parsing,
severity-aware quorum, adversarial refute pass, stronger validator prompt).
Version bumped 3.5.3 -> 3.5.4; README/RELEASE updated.

v3.5.3

Toggle v3.5.3's commit message
Add MIT LICENSE

Credits: Joas A Santos & Red Team Leaders.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

v3.5.2

Toggle v3.5.2's commit message
Add MIT LICENSE (+ cross-platform release build workflow)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

v3.5.1

Toggle v3.5.1's commit message
Add MIT LICENSE (+ cross-platform release build workflow)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>