2.3.0 - 2026-03-14

[samugit83]

Added

• Global Settings Page — new /settings page (gear icon in header) for managing all user-level configuration through the UI. AI provider keys and Tavily API key are configured exclusively here — no .env file needed. Two sections:

  • LLM Providers — add, edit, delete, and test LLM provider configurations stored per-user in the database. Supports five provider types:
    • OpenAI, Anthropic, OpenRouter — enter API key, all models auto-discovered
    • AWS Bedrock — enter AWS credentials + region, foundation models auto-discovered
    • OpenAI-Compatible — single endpoint+model configuration with presets for Ollama, vLLM, LM Studio, Groq, Together AI, Fireworks AI, Mistral AI, and Deepinfra. Supports custom base URL, headers, timeout, temperature, and max tokens
  • Tool API Keys — Tavily API key (web search), Shodan API key (internet-wide OSINT), and SerpAPI key (Google dorking)

• Test Connection — each LLM provider can be tested before saving with a "Test Connection" button that sends a simple message and shows the response

• DB-only settings — AI provider keys and Tavily API key are stored exclusively in the database (per-user). No env-var fallback — .env is reserved for infrastructure variables only (NVD, tunneling, database credentials, ports)

• Prisma schema — added UserLlmProvider and UserSettings models with relations to User

• Centralized LLM setup — CypherFix triage and codefix orchestrators now use the shared setup_llm() function instead of duplicating provider routing logic

• Pentest Report Generation — generate professional, client-ready penetration testing reports as self-contained HTML files from the /reports page. Reports compile all reconnaissance data, vulnerability findings, CVE intelligence, attack chain results, and remediation recommendations into an 11-section document (Cover, Executive Summary, Scope & Methodology, Risk Summary, Findings, Other Vulnerability Details, Attack Surface, CVE Intelligence, GitHub Secrets, Attack Chains, Recommendations, Appendix). Features include:

  • LLM-generated narratives — when an AI model is configured, six report sections receive detailed prose: executive summary (8–12 paragraphs), scope, risk analysis, findings context, attack surface analysis, and exhaustive prioritized remediation triage. Falls back gracefully to data-only reports when no LLM is available
  • Security Posture Radar — inline SVG 6-axis radar chart in the Risk Summary section showing Attack Surface, Vulnerability Density, Exploitability, Certificate Health, Injectable Parameters, and Security Header coverage using logarithmic normalization
  • Security Headers Gap Analysis — per-header weighted coverage bars (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy) with color-coded thresholds
  • CISA KEV Callout — prominent alert box highlighting Known Exploited Vulnerabilities when present
  • Injectable Parameters Breakdown — summary and per-position injection risk analysis with visual bars
  • Attack Flow Chains — Technology → CVE → CWE → CAPEC flow table showing complete attack paths
  • CDN Coverage visualization — ratio of CDN-fronted vs directly exposed IPs in the Attack Surface section
  • Project-specific generation — dedicated project selector dropdown on the reports page (independent of the top bar selection)
  • Download and Open — separate buttons to save the HTML file locally or open in a new browser tab
  • Print/PDF optimized — page breaks, print-friendly CSS, and clean SVG/CSS bar rendering for Ctrl+P export
  • Export/Import support — reports (metadata + HTML files) are included in project export ZIP archives and fully restored on import
  • Wiki documentation — new Pentest Reports wiki page with example report download

• Target Guardrail — LLM-based safety check that prevents targeting unauthorized domains and IPs. Blocks government sites (.gov, .mil), major tech companies, financial institutions, social media platforms, and other well-known public services. Two layers: project creation (fail-open) and agent initialization (fail-closed). For IP mode, public IPs are resolved via reverse DNS before evaluation; private/RFC1918 IPs are auto-allowed. Blocked targets show a centered modal with the reason.

• Expanded CPE Technology Mappings — CPE_MAPPINGS table in recon/helpers/cve_helpers.py expanded from 82 to 133 entries, significantly improving CVE lookup accuracy for Wappalyzer-detected technologies. New coverage includes:

  • CMS: Magento, Ghost, TYPO3, Concrete CMS, Craft CMS, Strapi, Umbraco, Adobe Experience Manager, Sitecore, DNN, Kentico
  • Web Frameworks: CodeIgniter, Symfony, CakePHP, Yii, Nuxt.js, Apache Struts, Adobe ColdFusion
  • JavaScript Libraries: Moment.js, Lodash, Handlebars, Ember.js, Backbone.js, Dojo, CKEditor, TinyMCE, Prototype
  • E-commerce: PrestaShop, OpenCart, osCommerce, Zen Cart, WooCommerce
  • Message Boards / Community: Discourse, phpBB, vBulletin, MyBB, Flarum, NodeBB, Mastodon, Mattermost
  • Wikis: MediaWiki, Atlassian Confluence, DokuWiki, XWiki
  • Issue Trackers / DevOps: Atlassian Jira, Atlassian Bitbucket, Bugzilla, Redmine, Gitea, TeamCity, Artifactory
  • Hosting Panels: cPanel, Plesk, DirectAdmin
  • Web Servers: OpenResty, Deno, Tengine
  • Databases: SQLite, Apache Solr, Adminer
  • Security / Network: Kong, F5 BIG-IP, Pulse Secure
  • Webmail: Zimbra, SquirrelMail
  • 29 new normalize_product_name() aliases for Wappalyzer output variations (e.g., "Atlassian Jira" → "jira", "Moment" → "moment.js", "Concrete5" → "concrete cms")
  • 6 new skip_list entries (Cloudflare, Google Analytics, Google Tag Manager, Facebook Pixel, Hotjar, Google Font API) to avoid wasting NVD API calls on SaaS/CDN technologies

• Insights Dashboard — Real-time analytics page (/insights) with interactive charts and tables covering attack chains, exploit successes, finding severity, targets attacked, strategic decisions, vulnerability distributions, attack surface composition, and agent activity. All data is pulled directly from the Neo4j graph and organized into sections: Attack Chains & Exploits, Attack Surface, Vulnerabilities & CVE Intelligence, Graph Overview, and Activity & Timeline.

• Rules of Engagement (RoE) — upload a RoE document (PDF, TXT, MD, DOCX) at project creation and an LLM auto-parses it into structured settings enforced across the entire platform:

  • Document upload & parsing — file upload area in the RoE tab of the project form (create mode only). The agent extracts client info, scope, exclusions, time windows, testing permissions, rate limits, data handling policies, compliance frameworks, and more into 30+ structured fields
  • Three enforcement layers — (1) agent prompt injection: structured RULES OF ENGAGEMENT (MANDATORY) section injected into every reasoning step with excluded hosts, permissions, and constraints; (2) hard gate in execute_tool_node: deterministic code blocks forbidden tools, forbidden categories, permission flags, and phase cap violations regardless of LLM output; (3) recon pipeline: excluded hosts filtered from target lists, rate limits capped via min(tool_rate, global_max), time window blocks scan starts outside allowed hours
  • 30+ RoE project fields — client & engagement info, excluded hosts with reasons, time windows (days/hours/timezone), 6 testing permission toggles (DoS, social engineering, physical access, data exfiltration, account lockout, production testing), forbidden tool/category lists, max severity phase cap, global rate limit, sensitive data handling policy, data retention, encryption requirements, status update frequency, critical finding notification, incident procedure, compliance frameworks, third-party providers, and free-text notes
  • RoE Viewer tab on the graph dashboard — formatted read-only view with cards for engagement, scope, exclusions, time window (live ACTIVE/OUTSIDE WINDOW status), testing permissions (green/red badge grid), constraints, data handling, communication, compliance, and notes. Download button for the original uploaded document
  • RoE toolbar badge — blue "RoE" badge on the graph toolbar when engagement guardrails are active
  • Smart tool restriction parsing — only explicitly banned tools (e.g., "do not use Hydra") are disabled; "discouraged" or "use with caution" language is noted in the prompt but does not disable tools. Phase restrictions use roeMaxSeverityPhase instead of stripping phases from individual tools
  • Export/import support — RoE document binary is base64-encoded in project exports and restored on import. All RoE fields are included in the export ZIP
  • Cascade deletion — all RoE data (fields + document binary) deleted with the project via Prisma cascade
  • One-way at creation only — RoE settings become read-only after project creation to prevent mid-engagement modification
  • Based on industry standards: PTES, SANS, NIST SP 800-115, Microsoft RoE, HackerOne, Red Team Guide

• Emergency PAUSE ALL button — red/yellow danger-styled button on the Graph toolbar that instantly freezes every running pipeline (Recon, GVM, GitHub Hunt) and stops all AI agent conversations in one click. Shows "PAUSING..." with spinner during operation. Always visible on the toolbar, disabled when nothing is running. New POST /emergency-stop-all endpoint on the agent service cancels all active agent tasks via the WebSocket manager

• Wave Runner (Parallel Tool Plans) — when the LLM identifies two or more independent tools that don't depend on each other's outputs, it groups them into a wave and executes them concurrently via asyncio.gather() instead of sequentially. Key components:

  • New LLM action: plan_tools alongside use_tool — the LLM emits a ToolPlan with multiple ToolPlanStep entries and a plan rationale
  • New LangGraph node: execute_plan runs all steps in parallel, each with its own RoE gate check, tool_start/tool_complete streaming, and progress updates
  • Combined wave analysis: after all tools finish, the think node analyzes all outputs together in a single LLM call, producing consolidated findings and next steps
  • Three new WebSocket events: plan_start (wave begins with tool list), plan_complete (success/failure counts), plan_analysis (LLM interpretation). Existing tool_start, tool_output_chunk, and tool_complete events carry an optional wave_id to group tools within a wave
  • Frontend PlanWaveCard: grouped card in AgentTimeline showing all wave tools nested together with status badge (Running/Success/Partial/Error), plan rationale, combined analysis, actionable findings, and recommended next steps
  • State management: new ToolPlan and ToolPlanStep Pydantic models, _current_plan field in AgentState
  • Graceful fallback: empty tool_plan objects or plans with no steps are automatically downgraded to sequential use_tool execution

• Attack Skills System — modular attack path management with built-in and user-uploaded skills:

  • Built-in Attack Skills — three core skills (CVE Exploit, Brute Force, Phishing / Social Engineering) can now be individually enabled or disabled per project via toggles in the new Attack Skills section of Project Settings. Disabling a skill prevents the agent from classifying requests into that attack type and removes its prompts from the system prompt. Sub-settings (Hydra config, SMTP config) are shown inline when the corresponding skill is enabled
  • User Attack Skills — upload custom .md files defining attack workflows from Global Settings. Each skill file contains a full workflow description that the agent follows across all three phases (informational, exploitation, post-exploitation). User skills are stored per-user in the database (UserAttackSkill model) and become available as toggles in all project settings
  • Skill Management in Global Settings — dedicated "Attack Skills" section with upload button (accepts .md files, max 50KB), skill list with download and delete actions, and a name-entry modal on upload
  • Per-project skill toggles — attackSkillConfig JSON field in the project stores { builtIn: { skill_id: bool }, user: { skill_id: bool } } controlling which skills are active. Built-in skills default to enabled; user skills default to enabled when present
  • Agent integration — LLM classifier routes requests to user skills via user_skill:<id> attack path type. Skill .md content is injected into the system prompt for all three phases with phase-appropriate guidance. Falls back to unclassified workflow if skill content is missing
  • API endpoints — GET/POST /api/users/[id]/attack-skills (list/create), GET/DELETE /api/users/[id]/attack-skills/[skillId] (read/delete), GET /api/users/[id]/attack-skills/available (with content for agent consumption)
  • Max 20 skills per user, 50KB per skill file

• Kali Shell — Library Installation Control — new prompt-based setting in Agent Behaviour to control whether the agent can install packages via pip install or apt install in kali_shell during a pentest:

  • Toggle: "Allow Library Installation" — when disabled (default), the system prompt instructs the agent to only use pre-installed tools and libraries. When enabled, the agent may install packages as needed for specific attacks
  • Authorized Packages (whitelist) — comma-separated list. When non-empty, only these packages may be installed; the agent is instructed not to install anything outside the list
  • Forbidden Packages (blacklist) — comma-separated list. These packages must never be installed, regardless of the whitelist
  • Installed packages are ephemeral — lost on container restart. Prompt-based control only (no server-side enforcement)
  • Conditional UI: whitelist and blacklist textareas only appear when the toggle is enabled
  • build_kali_install_prompt() dynamically generates the installation rules section, injected into the system prompt whenever kali_shell is in the allowed tools for the current phase

• Shodan OSINT Integration — full Shodan integration at two levels: automated recon pipeline and interactive AI agent tool:

  • Pipeline enrichment — new recon/shodan_enrich.py module runs after domain/IP discovery, before port scanning. Four independently toggled features: Host Lookup (IP geolocation, OS, ISP, open ports, services, banners), Reverse DNS (hostname discovery), Domain DNS (subdomain enumeration + DNS records, paid plan), and Passive CVEs (extract known CVEs from host data)
  • InternetDB fallback — when the Shodan API returns 403 (free key), host lookup and reverse DNS automatically fall back to Shodan's free InternetDB API (internetdb.shodan.io) which provides ports, hostnames, CPEs, CVEs, and tags without requiring a paid plan
  • Graph database ingestion — update_graph_from_shodan() in neo4j_client.py creates/updates IP nodes (os, isp, org, country, city), Port + Service nodes, Subdomain nodes from reverse DNS, DNSRecord nodes from domain DNS, and Vulnerability + CVE nodes from passive CVEs — all using MERGE for deduplication with existing pipeline data
  • Agent tool — unified shodan tool with 5 actions: search (device search, paid key), host (detailed IP info), dns_reverse (reverse DNS), dns_domain (DNS records + subdomains, paid key), and count (host count without search credits). Available in all agent phases
  • Project settings — 4 pipeline toggles in the Integrations tab (ShodanSection.tsx): Host Lookup, Reverse DNS, Domain DNS, Passive CVEs. Toggles are disabled with a warning banner when no Shodan API key is configured in Global Settings
  • Graceful error handling — ShodanApiKeyError exception for immediate abort on invalid keys (401); per-function 403 handling with InternetDB fallback; pipeline continues even if Shodan enrichment fails entirely

• Google Dork Tool (SerpAPI) — new google_dork agent tool for passive OSINT via Google advanced search operators. Uses the SerpAPI Google engine to find exposed files (filetype:sql, filetype:env), admin panels (inurl:admin), directory listings (intitle:"index of"), and sensitive data leaks (intext:password). Returns up to 10 results with titles, URLs, snippets, and total result count. SerpAPI key configured in Global Settings. No packets are sent to the target — purely passive reconnaissance

• Deep Think (Strategic Reasoning) — automatic strategic analysis at key decision points during agent operation. Triggers on: first iteration (initial strategy), phase transitions (re-evaluation), failure loops (3+ consecutive failures trigger pivot), and agent self-request (when stuck or going in circles). Produces structured JSON analysis with situation assessment, identified attack vectors, recommended approach with rationale, priority-ordered action steps, and risk mitigations. The analysis is injected into subsequent reasoning steps to guide the agent's strategy:

  • Toggle: DEEP_THINK_ENABLED in Agent Behaviour settings (default: off)
  • Self-request: agent can set "need_deep_think": true in its output to trigger a strategic re-evaluation on the next iteration
  • Frontend card: DeepThinkCard in the Agent Timeline displays the analysis with trigger reason, situation assessment, attack vectors, recommended approach, priority steps, and risks — collapsible with a lightbulb icon
  • WebSocket event: deep_think event streams the analysis result to the frontend in real-time

• Inline Agent Settings — Agent Behaviour, Tool Matrix, and Attack Skills sections are now accessible directly from the AI Assistant drawer via a gear icon in the toolbar. Opens a modal overlay for quick configuration changes without navigating away from the graph page. Changes are saved to the project and take effect on the next agent iteration

• Inline API Key Configuration — when an agent tool is unavailable due to a missing API key (web_search, shodan, google_dork), the AI Assistant drawer shows a warning badge with a one-click modal to enter the key directly. No need to navigate to Global Settings

• Tool Registry Overhaul — compressed and restructured the agent's tool registry descriptions for all tools (query_graph, web_search, shodan, google_dork, curl, nmap, kali_shell, hydra, metasploit_command). Descriptions are more concise with inline argument formats and usage examples, reducing prompt token usage while maintaining clarity

Fixed

• Project export/import missing Remediations — The Remediation table (CypherFix vulnerability remediations, code fixes, GitHub PR integrations, file changes) was not included in project export/import. Exports now include remediations/remediations.json in the ZIP archive, and imports restore all remediation records under the new project. Backward-compatible with older exports that lack the remediations file.

Changed

• Docker CLI upgrade in recon container — Replaced Debian's docker.io package with docker-ce-cli from Docker's official APT repository. Fixes compatibility issues with newer host Docker daemons (closes Recon Tools not running | Naabu | httpx | katana | nuclei | gau #30, based on Use newer docker install to work with later version of ubuntu #35). Only the CLI is installed — no full engine, containerd, or compose plugins.

---

---

This discussion was created from the release 2.3.0 - 2026-03-14.