Tags: JoasASantos/NeuroSploit
Tags
v3.6.3: resumable interrupted runs + crash-proof mid-run browsing - /continue (and /resume) now relaunch a recovered interrupted run on the same target, carrying its findings forward and steering agents to widen coverage / chain from them instead of re-reporting. Offer shown at launch; a fresh /run supersedes it. Findings merge (dedup by title+endpoint) across both runs. - Opening /results, /finding or /report while a run streams no longer corrupts the terminal: live background output is paused for the picker (still captured in /logs) and restored on exit, so Ctrl-C in a picker can't take the process down mid-run.
recon: time-box tool installs and skip on failure — never stall on a … …download A missing or un-downloadable recon tool must never block the run. Both the recon intensity directive and the general tool doctrine now instruct agents to: - wrap every install in `timeout 90 <install> || echo skip` and run non-interactively - try each tool install at most once; on failure/no-package/no-network/hang, skip immediately and fall back to an installed alternative or curl/nc/dig/python3 - never wait on, retry, or block the whole recon for a single tool download
repl: richer /status (works during recon) + new /logs activity feed - /status now shows progress in EVERY phase: a real bar once agents are selected, otherwise the current pre-exploit phase + counters (cmds, activity lines), plus a "last:" sign-of-life line (the latest activity) and the actual full findings. Before, the bar only appeared after agent selection, so a long recon looked frozen. Findings count now uses the full list. - New /logs [n] — dump the recent activity feed (recon/tools/findings) of the running test; useful with non-streaming CLIs (codex) or after scrolling. Backed by a capped feed ring buffer + last/lines counters in RunLive.
recon: intense multi-round active recon (deep_recon) with tool auto-i… …nstall Recon was a single quick model pass — now it's deep and iterative: - deep_recon(): an initial deep enumeration pass then follow-up EXPANSION rounds that chase discovered subdomains/hosts/endpoints/params, converging when a round finds nothing new. Rounds scale with intensity. - recon_intensity_directive(): tells the agent HOW hard to recon and to INSTALL the tools it needs (apt/pip/go/npm/cargo) — subfinder/amass/httpx/gau/katana/ gf/arjun/ffuf/nuclei/nmap/dnsx/linkfinder/whatweb/nikto/testssl — chained (subfinder->httpx->katana/gau->gf->ffuf); covers subdomains, crawl+wayback, JS, content/param discovery, ports, versions, API, exposures, TLS/headers. - RunConfig.recon_intensity (default 3) + REPL /recon <1-4> + CLI --recon <1-4> (1 quick .. 4 exhaustive); shown in /show.
v3.5.6 — bug-bounty corpus grounding + 2FA bypass agent; Trendshift b… …adge - Fetched & analysed real public writeup corpora (Awesome-Bugbounty-Writeups, bug-bounty-reference); the technique distribution (XSS/RCE/CSRF/SSRF/2FA/…) validates the methodology agent's priorities. Added explicit 2FA/MFA bypass and SAML/SSO sections to bugbounty_methodology. - New agent twofa_bypass_techniques (library 399): full 2FA-bypass playbook (rate-limit brute, reuse, response manipulation, step skip, null/default, backup/remember-me, race, disable-2FA IDOR, SSO side door). - README: Trendshift badge. - Version bumped 3.5.5 -> 3.5.6 across crates/app/installers/docs; RELEASE section.
train agent with bug-bounty techniques: methodology meta-agent + reco… …n tricks - New meta/bugbounty_methodology.md (library 398): distilled high-signal techniques from public writeups (HackerOne Hacktivity, KingOfBugBounty, Awesome-Bugbounty- Writeups, bug-bounty-reference, top hunters) — hunter mindset + per-class tricks (IDOR/BOLA, 403 bypass, account takeover, SSRF->cloud, business logic/race, cache poisoning, subdomain takeover, GraphQL), chaining and reporting. - RECON_SYS gains KingOfBugBounty-style recon: subdomain enum (crt.sh/subfinder/ amass->httpx), historical URLs (gau/waybackurls/katana), gf patterns, param mining (arjun+JS/wayback), content discovery (ffuf/feroxbuster), classic exposure checks (.git/.env/swagger/actuator, dangling CNAMEs). Degrades to installed tools. - Docs: counts 397->398, RELEASE note.
v3.5.4 — Robust attack chaining & false-positive reduction Bundles the multi-round post-exploitation attack-chaining engine (attack_chain: per-foothold decisions, loot carried forward, validate-before-pivot, loop-until- dry, --chain-depth) and the false-positive controls (robust verdict parsing, severity-aware quorum, adversarial refute pass, stronger validator prompt). Version bumped 3.5.3 -> 3.5.4; README/RELEASE updated.
PreviousNext