Hermes-agent

This commit is contained in:
Zakaria
2026-06-14 14:30:48 -04:00
commit dac4b88b94
5058 changed files with 1884848 additions and 0 deletions
@@ -0,0 +1,69 @@
# Engagement Authorization
Fill out before any active testing. Save to `engagement/authorization.md`.
---
**Engagement ID:** <UUID or short slug>
**Operator:** <name of the person driving this Hermes session>
**Date opened:** <ISO 8601 timestamp>
**Engagement window:** <start ISO timestamp> through <end ISO timestamp>
## Target
- Primary URL(s):
- https://...
- Primary IP(s):
- X.X.X.X
- Hostnames covered:
- host.example.com
- api.host.example.com
- Networks covered (CIDR):
- 10.0.0.0/24 (internal lab)
## Authorization Basis
(Pick one — record evidence in writing for anything but ownership.)
- [ ] Operator owns the application and infrastructure being tested.
- [ ] Written authorization from <name, role, organization, date>.
Document stored at: <path or link to signed authorization>.
- [ ] Hermes Agent dashboard, running on this same workstation, used
as a self-test target. Operator confirms no other user is
connected to the dashboard instance during the engagement.
## Out of Scope (must not be tested)
- Production systems unless explicitly listed above
- Third-party APIs / SaaS the application calls into
- Other tenants if the target is multi-tenant
- Cloud metadata endpoints (169.254.169.254, etc.) unless explicitly
included above
- Destructive payloads (DROP, DELETE, file writes outside test
directories) without per-payload approval
- Active social engineering, phishing, physical security
## Constraints
- Rate limit: <N> req/s per host. Default 5/s (200ms gap).
- Hours: <none> | <only between HH:MM and HH:MM local>
- Notify-before for: <list of categories> e.g. "any payload that
writes data," "any traffic that touches the auth endpoint after
10pm local"
## Acknowledgement
By approving this engagement, the operator confirms:
1. The targets listed above are authorized for active testing by the
listed authorization basis.
2. Testing may produce HTTP 4xx/5xx responses, log noise, alert
notifications, and rate-limit triggers in monitoring systems.
3. The operator is responsible for any consequences of testing
targets that are NOT correctly authorized.
4. The operator will revoke authorization (by stopping the agent) if
the scope changes, the time window ends, or any unexpected
off-scope behavior is observed.
**Operator signature (typed name):** ________________
**Confirmed at:** <ISO 8601 timestamp>
@@ -0,0 +1,34 @@
{
"schema": "hermes-web-pentest exploitation-queue v1",
"vuln_class": "injection|xss|auth|authz|ssrf|infra",
"generated_at": "ISO 8601 timestamp",
"engagement_id": "<engagement slug>",
"candidates": [
{
"id": "INJ-001",
"vuln_subclass": "sql_injection|command_injection|path_traversal|ssti|lfi|rfi|deserialization",
"endpoint": {
"method": "GET",
"url": "https://target.example/api/items",
"parameter": "id",
"location": "query|body|header|cookie|path"
},
"source_ref": "path/to/file.py:123",
"slot_type": "SQL-val|CMD-argument|PATH-segment|...",
"suspected_defense": "none|parameterized|escape|allowlist|...",
"verdict": "identified|partial|confirmed|critical|false_positive",
"confidence": 0.7,
"witness_payload": "' AND 1=1--",
"witness_response_signal": "row count change | timing | reflected marker | ...",
"bypass_attempts": [
{
"payload": "%2527%20OR%201=1--",
"blocked": true,
"notes": "WAF returned 403 on encoded variant"
}
],
"notes": "free text",
"next_action": "send_witness | escalate_to_L3 | classify_FP | abort_scope_concern"
}
]
}
@@ -0,0 +1,178 @@
# Penetration Test Report
**Target:** <name + URL>
**Engagement ID:** <slug>
**Engagement window:** <start> <end>
**Operator:** <name>
**Tester:** Hermes Agent + operator
**Report generated:** <ISO 8601 timestamp>
---
## Executive Summary
<2-4 paragraph plain-language summary. Focus on:
- What was tested
- What was found (count by severity)
- Most critical finding in one sentence
- High-level remediation recommendation>
| Severity | Count |
|----------|-------|
| Critical | 0 |
| High | 0 |
| Medium | 0 |
| Low | 0 |
| Info | 0 |
---
## Engagement Scope
In-scope targets (from `engagement/scope.txt`):
- <host or CIDR>
Out of scope: see `engagement/authorization.md`.
Authorization basis: see `engagement/authorization.md`.
## Methodology
Approach was based on the Hermes `web-pentest` skill (a Hermes Agent
adaptation of the OWASP Testing Guide with elements of Shannon's
proof-based methodology). Phases performed:
- [ ] Pre-recon (source code review)
- [ ] Recon (live, read-only)
- [ ] Vulnerability analysis (one queue per OWASP class)
- [ ] Exploitation (proof-based)
- [ ] Reporting
Tools used: <nmap, whatweb, curl, Hermes browser tool, ...>.
## Findings (L3/L4 — Verified Exploitable)
> Every finding in this section has a reproducible proof-of-concept.
> L1/L2 candidates that were not promoted to confirmed exploitation
> are listed in the "Not Exploited" section.
### F-001: <Title>
- **Severity:** Critical | High | Medium | Low
- **CVSS 3.1 vector:** `CVSS:3.1/AV:N/AC:L/...`
- **CVSS 3.1 base score:** N.N
- **CWE:** CWE-XX
- **Affected endpoint(s):** `GET https://target.example/api/...`
- **Affected parameter(s):** `id`
- **Discovered:** <date>
#### Description
<What is the bug, in plain language.>
#### Proof
Request:
```http
GET /api/items?id=1%27%20OR%201=1-- HTTP/1.1
Host: target.example
Cookie: session=...
```
Response (excerpt):
```http
HTTP/1.1 200 OK
Content-Type: application/json
```
#### Reproduction
```bash
curl -sS 'https://target.example/api/items?id=1%27%20OR%201=1--' \
-H 'Cookie: session=YOUR_TEST_SESSION'
```
#### Impact
<What an attacker gains. Be specific. "Could allow data extraction" is
worse than "Allowed extraction of all 4 columns from the `users` table
in our test (PoC redacted PII), and the same query shape applies to
any other parameter using the same code path.">
#### Remediation
<Specific, actionable. "Use parameterized queries" is better than
"sanitize inputs." Include code example if possible.>
#### Verification (post-fix)
To verify the fix, re-run the reproduction command. The response
should be HTTP 400, an empty result, or a result containing only the
record matching `id=1` literally.
---
(repeat per finding)
---
## Not Exploited (L1/L2 candidates)
Candidates that pattern-matched but were not promoted to L3 within
the engagement window. Listed for completeness; do NOT report these
as confirmed vulnerabilities.
| ID | Class | Endpoint | Status | Why not promoted |
|----|-------|----------|--------|------------------|
| INJ-002 | SQLi | `/api/search?q=` | L2 partial | Bypass set exhausted; appears to use parameterized binding |
| XSS-003 | reflected | `/error?msg=` | L1 identified | Could not produce executable context — output is JSON-encoded |
---
## Out-of-Scope Observations
(Findings or hints noticed but NOT tested because they were outside
scope. These are documentation, not findings. The operator decides
whether to extend scope and re-test.)
- The application sends to `https://third-party.example/...` — payload
could trigger third-party-side bugs but third party is out of scope.
---
## Limitations
What was NOT tested, and why:
- <Class of test>: <reason>
Examples:
- DDoS / stress testing — explicitly excluded by engagement scope.
- Authenticated business-logic flows requiring billing — no test
credit card available.
- Mobile API surfaces — out of scope.
---
## Appendices
- A: `engagement/authorization.md` — authorization on file
- B: `engagement/scope.txt` — machine-readable scope
- C: `engagement/request-log.jsonl` — every active request issued
- D: `findings/*-queue.json` — per-class candidate queues
- E: `evidence/` — raw captures (request/response pairs)
---
## Disclaimer
This report describes vulnerabilities discovered during a
time-bounded penetration test against the listed targets within the
listed scope. Absence of a finding in this report does not imply the
target is secure; only that no exploitable issue was found in scope
X within time T using methods Y.
X within time T using methods Y.