forked from Zakaria/hermes-agent
Hermes-agent
This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
# Engagement Authorization
|
||||
|
||||
Fill out before any active testing. Save to `engagement/authorization.md`.
|
||||
|
||||
---
|
||||
|
||||
**Engagement ID:** <UUID or short slug>
|
||||
**Operator:** <name of the person driving this Hermes session>
|
||||
**Date opened:** <ISO 8601 timestamp>
|
||||
**Engagement window:** <start ISO timestamp> through <end ISO timestamp>
|
||||
|
||||
## Target
|
||||
|
||||
- Primary URL(s):
|
||||
- https://...
|
||||
- Primary IP(s):
|
||||
- X.X.X.X
|
||||
- Hostnames covered:
|
||||
- host.example.com
|
||||
- api.host.example.com
|
||||
- Networks covered (CIDR):
|
||||
- 10.0.0.0/24 (internal lab)
|
||||
|
||||
## Authorization Basis
|
||||
|
||||
(Pick one — record evidence in writing for anything but ownership.)
|
||||
|
||||
- [ ] Operator owns the application and infrastructure being tested.
|
||||
- [ ] Written authorization from <name, role, organization, date>.
|
||||
Document stored at: <path or link to signed authorization>.
|
||||
- [ ] Hermes Agent dashboard, running on this same workstation, used
|
||||
as a self-test target. Operator confirms no other user is
|
||||
connected to the dashboard instance during the engagement.
|
||||
|
||||
## Out of Scope (must not be tested)
|
||||
|
||||
- Production systems unless explicitly listed above
|
||||
- Third-party APIs / SaaS the application calls into
|
||||
- Other tenants if the target is multi-tenant
|
||||
- Cloud metadata endpoints (169.254.169.254, etc.) unless explicitly
|
||||
included above
|
||||
- Destructive payloads (DROP, DELETE, file writes outside test
|
||||
directories) without per-payload approval
|
||||
- Active social engineering, phishing, physical security
|
||||
|
||||
## Constraints
|
||||
|
||||
- Rate limit: <N> req/s per host. Default 5/s (200ms gap).
|
||||
- Hours: <none> | <only between HH:MM and HH:MM local>
|
||||
- Notify-before for: <list of categories> e.g. "any payload that
|
||||
writes data," "any traffic that touches the auth endpoint after
|
||||
10pm local"
|
||||
|
||||
## Acknowledgement
|
||||
|
||||
By approving this engagement, the operator confirms:
|
||||
|
||||
1. The targets listed above are authorized for active testing by the
|
||||
listed authorization basis.
|
||||
2. Testing may produce HTTP 4xx/5xx responses, log noise, alert
|
||||
notifications, and rate-limit triggers in monitoring systems.
|
||||
3. The operator is responsible for any consequences of testing
|
||||
targets that are NOT correctly authorized.
|
||||
4. The operator will revoke authorization (by stopping the agent) if
|
||||
the scope changes, the time window ends, or any unexpected
|
||||
off-scope behavior is observed.
|
||||
|
||||
**Operator signature (typed name):** ________________
|
||||
**Confirmed at:** <ISO 8601 timestamp>
|
||||
@@ -0,0 +1,34 @@
|
||||
{
|
||||
"schema": "hermes-web-pentest exploitation-queue v1",
|
||||
"vuln_class": "injection|xss|auth|authz|ssrf|infra",
|
||||
"generated_at": "ISO 8601 timestamp",
|
||||
"engagement_id": "<engagement slug>",
|
||||
"candidates": [
|
||||
{
|
||||
"id": "INJ-001",
|
||||
"vuln_subclass": "sql_injection|command_injection|path_traversal|ssti|lfi|rfi|deserialization",
|
||||
"endpoint": {
|
||||
"method": "GET",
|
||||
"url": "https://target.example/api/items",
|
||||
"parameter": "id",
|
||||
"location": "query|body|header|cookie|path"
|
||||
},
|
||||
"source_ref": "path/to/file.py:123",
|
||||
"slot_type": "SQL-val|CMD-argument|PATH-segment|...",
|
||||
"suspected_defense": "none|parameterized|escape|allowlist|...",
|
||||
"verdict": "identified|partial|confirmed|critical|false_positive",
|
||||
"confidence": 0.7,
|
||||
"witness_payload": "' AND 1=1--",
|
||||
"witness_response_signal": "row count change | timing | reflected marker | ...",
|
||||
"bypass_attempts": [
|
||||
{
|
||||
"payload": "%2527%20OR%201=1--",
|
||||
"blocked": true,
|
||||
"notes": "WAF returned 403 on encoded variant"
|
||||
}
|
||||
],
|
||||
"notes": "free text",
|
||||
"next_action": "send_witness | escalate_to_L3 | classify_FP | abort_scope_concern"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,178 @@
|
||||
# Penetration Test Report
|
||||
|
||||
**Target:** <name + URL>
|
||||
**Engagement ID:** <slug>
|
||||
**Engagement window:** <start> – <end>
|
||||
**Operator:** <name>
|
||||
**Tester:** Hermes Agent + operator
|
||||
**Report generated:** <ISO 8601 timestamp>
|
||||
|
||||
---
|
||||
|
||||
## Executive Summary
|
||||
|
||||
<2-4 paragraph plain-language summary. Focus on:
|
||||
- What was tested
|
||||
- What was found (count by severity)
|
||||
- Most critical finding in one sentence
|
||||
- High-level remediation recommendation>
|
||||
|
||||
| Severity | Count |
|
||||
|----------|-------|
|
||||
| Critical | 0 |
|
||||
| High | 0 |
|
||||
| Medium | 0 |
|
||||
| Low | 0 |
|
||||
| Info | 0 |
|
||||
|
||||
---
|
||||
|
||||
## Engagement Scope
|
||||
|
||||
In-scope targets (from `engagement/scope.txt`):
|
||||
|
||||
- <host or CIDR>
|
||||
|
||||
Out of scope: see `engagement/authorization.md`.
|
||||
|
||||
Authorization basis: see `engagement/authorization.md`.
|
||||
|
||||
## Methodology
|
||||
|
||||
Approach was based on the Hermes `web-pentest` skill (a Hermes Agent
|
||||
adaptation of the OWASP Testing Guide with elements of Shannon's
|
||||
proof-based methodology). Phases performed:
|
||||
|
||||
- [ ] Pre-recon (source code review)
|
||||
- [ ] Recon (live, read-only)
|
||||
- [ ] Vulnerability analysis (one queue per OWASP class)
|
||||
- [ ] Exploitation (proof-based)
|
||||
- [ ] Reporting
|
||||
|
||||
Tools used: <nmap, whatweb, curl, Hermes browser tool, ...>.
|
||||
|
||||
## Findings (L3/L4 — Verified Exploitable)
|
||||
|
||||
> Every finding in this section has a reproducible proof-of-concept.
|
||||
> L1/L2 candidates that were not promoted to confirmed exploitation
|
||||
> are listed in the "Not Exploited" section.
|
||||
|
||||
### F-001: <Title>
|
||||
|
||||
- **Severity:** Critical | High | Medium | Low
|
||||
- **CVSS 3.1 vector:** `CVSS:3.1/AV:N/AC:L/...`
|
||||
- **CVSS 3.1 base score:** N.N
|
||||
- **CWE:** CWE-XX
|
||||
- **Affected endpoint(s):** `GET https://target.example/api/...`
|
||||
- **Affected parameter(s):** `id`
|
||||
- **Discovered:** <date>
|
||||
|
||||
#### Description
|
||||
|
||||
<What is the bug, in plain language.>
|
||||
|
||||
#### Proof
|
||||
|
||||
Request:
|
||||
|
||||
```http
|
||||
GET /api/items?id=1%27%20OR%201=1-- HTTP/1.1
|
||||
Host: target.example
|
||||
Cookie: session=...
|
||||
```
|
||||
|
||||
Response (excerpt):
|
||||
|
||||
```http
|
||||
HTTP/1.1 200 OK
|
||||
Content-Type: application/json
|
||||
|
||||
```
|
||||
|
||||
#### Reproduction
|
||||
|
||||
```bash
|
||||
curl -sS 'https://target.example/api/items?id=1%27%20OR%201=1--' \
|
||||
-H 'Cookie: session=YOUR_TEST_SESSION'
|
||||
```
|
||||
|
||||
#### Impact
|
||||
|
||||
<What an attacker gains. Be specific. "Could allow data extraction" is
|
||||
worse than "Allowed extraction of all 4 columns from the `users` table
|
||||
in our test (PoC redacted PII), and the same query shape applies to
|
||||
any other parameter using the same code path.">
|
||||
|
||||
#### Remediation
|
||||
|
||||
<Specific, actionable. "Use parameterized queries" is better than
|
||||
"sanitize inputs." Include code example if possible.>
|
||||
|
||||
#### Verification (post-fix)
|
||||
|
||||
To verify the fix, re-run the reproduction command. The response
|
||||
should be HTTP 400, an empty result, or a result containing only the
|
||||
record matching `id=1` literally.
|
||||
|
||||
---
|
||||
|
||||
(repeat per finding)
|
||||
|
||||
---
|
||||
|
||||
## Not Exploited (L1/L2 candidates)
|
||||
|
||||
Candidates that pattern-matched but were not promoted to L3 within
|
||||
the engagement window. Listed for completeness; do NOT report these
|
||||
as confirmed vulnerabilities.
|
||||
|
||||
| ID | Class | Endpoint | Status | Why not promoted |
|
||||
|----|-------|----------|--------|------------------|
|
||||
| INJ-002 | SQLi | `/api/search?q=` | L2 partial | Bypass set exhausted; appears to use parameterized binding |
|
||||
| XSS-003 | reflected | `/error?msg=` | L1 identified | Could not produce executable context — output is JSON-encoded |
|
||||
|
||||
---
|
||||
|
||||
## Out-of-Scope Observations
|
||||
|
||||
(Findings or hints noticed but NOT tested because they were outside
|
||||
scope. These are documentation, not findings. The operator decides
|
||||
whether to extend scope and re-test.)
|
||||
|
||||
- The application sends to `https://third-party.example/...` — payload
|
||||
could trigger third-party-side bugs but third party is out of scope.
|
||||
|
||||
---
|
||||
|
||||
## Limitations
|
||||
|
||||
What was NOT tested, and why:
|
||||
|
||||
- <Class of test>: <reason>
|
||||
|
||||
Examples:
|
||||
- DDoS / stress testing — explicitly excluded by engagement scope.
|
||||
- Authenticated business-logic flows requiring billing — no test
|
||||
credit card available.
|
||||
- Mobile API surfaces — out of scope.
|
||||
|
||||
---
|
||||
|
||||
## Appendices
|
||||
|
||||
- A: `engagement/authorization.md` — authorization on file
|
||||
- B: `engagement/scope.txt` — machine-readable scope
|
||||
- C: `engagement/request-log.jsonl` — every active request issued
|
||||
- D: `findings/*-queue.json` — per-class candidate queues
|
||||
- E: `evidence/` — raw captures (request/response pairs)
|
||||
|
||||
---
|
||||
|
||||
## Disclaimer
|
||||
|
||||
This report describes vulnerabilities discovered during a
|
||||
time-bounded penetration test against the listed targets within the
|
||||
listed scope. Absence of a finding in this report does not imply the
|
||||
target is secure; only that no exploitable issue was found in scope
|
||||
X within time T using methods Y.
|
||||
X within time T using methods Y.
|
||||
Reference in New Issue
Block a user