@pensar/apex 2.1.2 → 2.1.3-canary.082299eb
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/{agent-737mxp3v.js → agent-25rra8mk.js} +9 -8
- package/build/agent-qa4kk7v1.js +27 -0
- package/build/agent-xpddb5yz.js +19 -0
- package/build/{apps-j0bwey0w.js → apps-c4rdprzp.js} +17 -16
- package/build/{auth-5stxpmga.js → auth-cm0s3an4.js} +17 -16
- package/build/authentication-k8303p1y.js +19 -0
- package/build/blackboxAgent-8mpqbggt.js +19 -0
- package/build/{blackboxPentest-2edr9rj3.js → blackboxPentest-b1dqrv93.js} +15 -14
- package/build/{cli-hj3t87r2.js → cli-0kg01x44.js} +1 -1
- package/build/{cli-6wwpk9d9.js → cli-35rkgbhd.js} +1 -1
- package/build/{cli-f7d23ded.js → cli-3k1x5rn3.js} +936 -1775
- package/build/{cli-9z6vwf30.js → cli-7bzzjw1f.js} +1 -1
- package/build/{cli-tw3fe8bj.js → cli-7g8n2kkk.js} +2 -2
- package/build/{cli-yjbkaqvy.js → cli-8256tzw9.js} +79 -23
- package/build/{cli-jd0c0b91.js → cli-bh3e0th8.js} +1 -1
- package/build/{cli-xnnkeg5p.js → cli-bp7f8nyk.js} +1 -1
- package/build/{cli-v1aqbv58.js → cli-d28z7z1b.js} +29267 -25585
- package/build/{cli-dqkdnd3c.js → cli-db434rd0.js} +88 -49
- package/build/{cli-ks60cc3h.js → cli-f5javz2k.js} +30 -30
- package/build/{cli-gbkj2has.js → cli-nfnfwfcn.js} +5 -3
- package/build/{cli-6vs0mtsb.js → cli-nn5rxhvz.js} +4 -2
- package/build/{cli-whtdyc0e.js → cli-qdvef4qc.js} +6 -4
- package/build/cli-sekg25pa.js +195 -0
- package/build/{cli-35czfv00.js → cli-w5vt3svr.js} +70869 -79383
- package/build/{cli-0gk2x2sc.js → cli-wdahap6k.js} +18 -18
- package/build/{cli-9vzc18m5.js → cli-y4csaqh2.js} +53 -204
- package/build/cli.js +120 -90
- package/build/{config-s5ryv5ez.js → config-6hkn23py.js} +3 -3
- package/build/{doctor-f08gegwc.js → doctor-0prby1f0.js} +7 -7
- package/build/fastStrike-qts85kag.js +156 -0
- package/build/{fixes-qf4s92z2.js → fixes-kza6ej38.js} +17 -16
- package/build/{index-x4xefngs.js → index-6r19ej49.js} +3 -3
- package/build/{index-exvkbve0.js → index-7y1pwazv.js} +4 -4
- package/build/{index-mgng15va.js → index-gq9h8j5j.js} +909 -456
- package/build/{index-c6qz0gve.js → index-h6rxj451.js} +7 -7
- package/build/{index-s8gw83d6.js → index-m9djasp6.js} +19 -11
- package/build/{index-gakk2t5q.js → index-vjh370rj.js} +23 -19
- package/build/{index-5h1hjhzw.js → index-vk0czqw7.js} +10 -10
- package/build/{index-sqjve2bm.js → index-xzb9yxtf.js} +2 -2
- package/build/{issues-5anqrh2j.js → issues-35784nvy.js} +17 -16
- package/build/{logs-q6ankt6m.js → logs-14xzc32f.js} +17 -16
- package/build/{main-3zneyg7p.js → main-3d7dfdvs.js} +17 -93
- package/build/{offesecAgent-hsej0pfc.js → offesecAgent-767xjskr.js} +9 -9
- package/build/pentest-hf3hejjq.js +29 -0
- package/build/{pentests-hyx3c3qa.js → pentests-7zy73b60.js} +17 -16
- package/build/targetedPentest-m3ypnmfk.js +44 -0
- package/build/{targets-9cqrshet.js → targets-nay3vmqy.js} +17 -16
- package/build/threatModel-p8khw8tr.js +27 -0
- package/build/{uninstall-1j469qj7.js → uninstall-acg2vcpm.js} +1 -1
- package/build/{upload-ymvhkyq5.js → upload-pjr2zgys.js} +7 -7
- package/build/{utils-d1ed6jzf.js → utils-v0mj3yrn.js} +6 -6
- package/package.json +30 -30
- package/build/agent-8w9h3tnw.js +0 -19
- package/build/agent-vdrtakz4.js +0 -25
- package/build/authentication-qswvctj4.js +0 -19
- package/build/blackboxAgent-vwm9t3h4.js +0 -19
- package/build/pentest-1e30q7rs.js +0 -28
- package/build/targetedPentest-ws0a7frk.js +0 -36
- package/build/threatModel-z9b213x8.js +0 -26
|
@@ -4,27 +4,27 @@ import {
|
|
|
4
4
|
OffensiveSecurityAgent,
|
|
5
5
|
SKILL_TOOL_NAMES,
|
|
6
6
|
buildBaseSystemPrompt
|
|
7
|
-
} from "./cli-
|
|
7
|
+
} from "./cli-w5vt3svr.js";
|
|
8
8
|
import {
|
|
9
9
|
init_dist,
|
|
10
10
|
init_session,
|
|
11
11
|
sessions,
|
|
12
12
|
stepCountIs
|
|
13
|
-
} from "./cli-
|
|
13
|
+
} from "./cli-d28z7z1b.js";
|
|
14
14
|
import {
|
|
15
15
|
ensureValidToken,
|
|
16
16
|
getPensarApiUrl,
|
|
17
17
|
init_auth,
|
|
18
18
|
init_constants
|
|
19
|
-
} from "./cli-
|
|
19
|
+
} from "./cli-0kg01x44.js";
|
|
20
20
|
import {
|
|
21
21
|
exports_external,
|
|
22
22
|
init_zod
|
|
23
|
-
} from "./cli-
|
|
23
|
+
} from "./cli-3k1x5rn3.js";
|
|
24
24
|
import {
|
|
25
25
|
config,
|
|
26
26
|
init_config
|
|
27
|
-
} from "./cli-
|
|
27
|
+
} from "./cli-7bzzjw1f.js";
|
|
28
28
|
import {
|
|
29
29
|
__commonJS,
|
|
30
30
|
__require
|
|
@@ -583,6 +583,8 @@ var require_Alias = __commonJS((exports) => {
|
|
|
583
583
|
});
|
|
584
584
|
}
|
|
585
585
|
resolve(doc, ctx) {
|
|
586
|
+
if (ctx?.maxAliasCount === 0)
|
|
587
|
+
throw new ReferenceError("Alias resolution is disabled");
|
|
586
588
|
let nodes;
|
|
587
589
|
if (ctx?.aliasResolveCache) {
|
|
588
590
|
nodes = ctx.aliasResolveCache;
|
|
@@ -1362,6 +1364,7 @@ var require_stringify = __commonJS((exports) => {
|
|
|
1362
1364
|
nullStr: "null",
|
|
1363
1365
|
simpleKeys: false,
|
|
1364
1366
|
singleQuote: null,
|
|
1367
|
+
trailingComma: false,
|
|
1365
1368
|
trueStr: "true",
|
|
1366
1369
|
verifyAliasOrder: true
|
|
1367
1370
|
}, doc.schema.toStringOptions, options);
|
|
@@ -1631,18 +1634,18 @@ var require_merge = __commonJS((exports) => {
|
|
|
1631
1634
|
};
|
|
1632
1635
|
var isMergeKey = (ctx, key) => (merge.identify(key) || identity.isScalar(key) && (!key.type || key.type === Scalar.Scalar.PLAIN) && merge.identify(key.value)) && ctx?.doc.schema.tags.some((tag) => tag.tag === merge.tag && tag.default);
|
|
1633
1636
|
function addMergeToJSMap(ctx, map, value) {
|
|
1634
|
-
|
|
1635
|
-
if (identity.isSeq(
|
|
1636
|
-
for (const it of
|
|
1637
|
+
const source = resolveAliasValue(ctx, value);
|
|
1638
|
+
if (identity.isSeq(source))
|
|
1639
|
+
for (const it of source.items)
|
|
1637
1640
|
mergeValue(ctx, map, it);
|
|
1638
|
-
else if (Array.isArray(
|
|
1639
|
-
for (const it of
|
|
1641
|
+
else if (Array.isArray(source))
|
|
1642
|
+
for (const it of source)
|
|
1640
1643
|
mergeValue(ctx, map, it);
|
|
1641
1644
|
else
|
|
1642
|
-
mergeValue(ctx, map,
|
|
1645
|
+
mergeValue(ctx, map, source);
|
|
1643
1646
|
}
|
|
1644
1647
|
function mergeValue(ctx, map, value) {
|
|
1645
|
-
const source = ctx
|
|
1648
|
+
const source = resolveAliasValue(ctx, value);
|
|
1646
1649
|
if (!identity.isMap(source))
|
|
1647
1650
|
throw new Error("Merge sources must be maps or map aliases");
|
|
1648
1651
|
const srcMap = source.toJSON(null, ctx, Map);
|
|
@@ -1663,6 +1666,9 @@ var require_merge = __commonJS((exports) => {
|
|
|
1663
1666
|
}
|
|
1664
1667
|
return map;
|
|
1665
1668
|
}
|
|
1669
|
+
function resolveAliasValue(ctx, value) {
|
|
1670
|
+
return ctx && identity.isAlias(value) ? value.resolve(ctx.doc, ctx) : value;
|
|
1671
|
+
}
|
|
1666
1672
|
exports.addMergeToJSMap = addMergeToJSMap;
|
|
1667
1673
|
exports.isMergeKey = isMergeKey;
|
|
1668
1674
|
exports.merge = merge;
|
|
@@ -1870,13 +1876,20 @@ ${indent}${line}` : `
|
|
|
1870
1876
|
if (comment)
|
|
1871
1877
|
reqNewline = true;
|
|
1872
1878
|
let str = stringify.stringify(item, itemCtx, () => comment = null);
|
|
1873
|
-
|
|
1879
|
+
reqNewline || (reqNewline = lines.length > linesAtValue || str.includes(`
|
|
1880
|
+
`));
|
|
1881
|
+
if (i < items.length - 1) {
|
|
1874
1882
|
str += ",";
|
|
1883
|
+
} else if (ctx.options.trailingComma) {
|
|
1884
|
+
if (ctx.options.lineWidth > 0) {
|
|
1885
|
+
reqNewline || (reqNewline = lines.reduce((sum, line) => sum + line.length + 2, 2) + (str.length + 2) > ctx.options.lineWidth);
|
|
1886
|
+
}
|
|
1887
|
+
if (reqNewline) {
|
|
1888
|
+
str += ",";
|
|
1889
|
+
}
|
|
1890
|
+
}
|
|
1875
1891
|
if (comment)
|
|
1876
1892
|
str += stringifyComment.lineComment(str, itemIndent, commentString(comment));
|
|
1877
|
-
if (!reqNewline && (lines.length > linesAtValue || str.includes(`
|
|
1878
|
-
`)))
|
|
1879
|
-
reqNewline = true;
|
|
1880
1893
|
lines.push(str);
|
|
1881
1894
|
linesAtValue = lines.length;
|
|
1882
1895
|
}
|
|
@@ -2231,7 +2244,7 @@ var require_stringifyNumber = __commonJS((exports) => {
|
|
|
2231
2244
|
if (!isFinite(num))
|
|
2232
2245
|
return isNaN(num) ? ".nan" : num < 0 ? "-.inf" : ".inf";
|
|
2233
2246
|
let n = Object.is(value, -0) ? "-0" : JSON.stringify(value);
|
|
2234
|
-
if (!format && minFractionDigits && (!tag || tag === "tag:yaml.org,2002:float") &&
|
|
2247
|
+
if (!format && minFractionDigits && (!tag || tag === "tag:yaml.org,2002:float") && /^-?\d/.test(n) && !n.includes("e")) {
|
|
2235
2248
|
let i = n.indexOf(".");
|
|
2236
2249
|
if (i < 0) {
|
|
2237
2250
|
i = n.length;
|
|
@@ -4456,7 +4469,7 @@ var require_resolve_flow_scalar = __commonJS((exports) => {
|
|
|
4456
4469
|
while (next === " " || next === "\t")
|
|
4457
4470
|
next = source[++i + 1];
|
|
4458
4471
|
} else if (next === "x" || next === "u" || next === "U") {
|
|
4459
|
-
const length =
|
|
4472
|
+
const length = next === "x" ? 2 : next === "u" ? 4 : 8;
|
|
4460
4473
|
res += parseCharCode(source, i + 1, length, onError);
|
|
4461
4474
|
i += length;
|
|
4462
4475
|
} else {
|
|
@@ -4525,12 +4538,13 @@ var require_resolve_flow_scalar = __commonJS((exports) => {
|
|
|
4525
4538
|
const cc = source.substr(offset, length);
|
|
4526
4539
|
const ok = cc.length === length && /^[0-9a-fA-F]+$/.test(cc);
|
|
4527
4540
|
const code = ok ? parseInt(cc, 16) : NaN;
|
|
4528
|
-
|
|
4541
|
+
try {
|
|
4542
|
+
return String.fromCodePoint(code);
|
|
4543
|
+
} catch {
|
|
4529
4544
|
const raw = source.substr(offset - 2, length + 2);
|
|
4530
4545
|
onError(offset - 2, "BAD_DQ_ESCAPE", `Invalid escape sequence ${raw}`);
|
|
4531
4546
|
return raw;
|
|
4532
4547
|
}
|
|
4533
|
-
return String.fromCodePoint(code);
|
|
4534
4548
|
}
|
|
4535
4549
|
exports.resolveFlowScalar = resolveFlowScalar;
|
|
4536
4550
|
});
|
|
@@ -4671,17 +4685,22 @@ var require_compose_node = __commonJS((exports) => {
|
|
|
4671
4685
|
case "block-map":
|
|
4672
4686
|
case "block-seq":
|
|
4673
4687
|
case "flow-collection":
|
|
4674
|
-
|
|
4675
|
-
|
|
4676
|
-
|
|
4688
|
+
try {
|
|
4689
|
+
node = composeCollection.composeCollection(CN, ctx, token, props, onError);
|
|
4690
|
+
if (anchor)
|
|
4691
|
+
node.anchor = anchor.source.substring(1);
|
|
4692
|
+
} catch (error) {
|
|
4693
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
4694
|
+
onError(token, "RESOURCE_EXHAUSTION", message);
|
|
4695
|
+
}
|
|
4677
4696
|
break;
|
|
4678
4697
|
default: {
|
|
4679
4698
|
const message = token.type === "error" ? token.message : `Unsupported token (type: ${token.type})`;
|
|
4680
4699
|
onError(token, "UNEXPECTED_TOKEN", message);
|
|
4681
|
-
node = composeEmptyNode(ctx, token.offset, undefined, null, props, onError);
|
|
4682
4700
|
isSrcToken = false;
|
|
4683
4701
|
}
|
|
4684
4702
|
}
|
|
4703
|
+
node ?? (node = composeEmptyNode(ctx, token.offset, undefined, null, props, onError));
|
|
4685
4704
|
if (anchor && node.anchor === "")
|
|
4686
4705
|
onError(anchor, "BAD_ALIAS", "Anchor cannot be an empty string");
|
|
4687
4706
|
if (atKey && ctx.options.stringKeys && (!identity.isScalar(node) || typeof node.value !== "string" || node.tag && node.tag !== "tag:yaml.org,2002:str")) {
|
|
@@ -4864,8 +4883,10 @@ ${cb}` : comment;
|
|
|
4864
4883
|
}
|
|
4865
4884
|
}
|
|
4866
4885
|
if (afterDoc) {
|
|
4867
|
-
|
|
4868
|
-
|
|
4886
|
+
for (let i = 0;i < this.errors.length; ++i)
|
|
4887
|
+
doc.errors.push(this.errors[i]);
|
|
4888
|
+
for (let i = 0;i < this.warnings.length; ++i)
|
|
4889
|
+
doc.warnings.push(this.warnings[i]);
|
|
4869
4890
|
} else {
|
|
4870
4891
|
doc.errors = this.errors;
|
|
4871
4892
|
doc.warnings = this.warnings;
|
|
@@ -5577,7 +5598,7 @@ var require_lexer = __commonJS((exports) => {
|
|
|
5577
5598
|
const n = (yield* this.pushCount(1)) + (yield* this.pushSpaces(true));
|
|
5578
5599
|
this.indentNext = this.indentValue + 1;
|
|
5579
5600
|
this.indentValue += n;
|
|
5580
|
-
return
|
|
5601
|
+
return "block-start";
|
|
5581
5602
|
}
|
|
5582
5603
|
return "doc";
|
|
5583
5604
|
}
|
|
@@ -5884,26 +5905,37 @@ var require_lexer = __commonJS((exports) => {
|
|
|
5884
5905
|
return 0;
|
|
5885
5906
|
}
|
|
5886
5907
|
*pushIndicators() {
|
|
5887
|
-
|
|
5888
|
-
|
|
5889
|
-
|
|
5890
|
-
|
|
5891
|
-
|
|
5892
|
-
|
|
5893
|
-
|
|
5894
|
-
|
|
5895
|
-
|
|
5896
|
-
|
|
5897
|
-
|
|
5898
|
-
|
|
5899
|
-
|
|
5900
|
-
|
|
5901
|
-
|
|
5902
|
-
|
|
5908
|
+
let n = 0;
|
|
5909
|
+
loop:
|
|
5910
|
+
while (true) {
|
|
5911
|
+
switch (this.charAt(0)) {
|
|
5912
|
+
case "!":
|
|
5913
|
+
n += yield* this.pushTag();
|
|
5914
|
+
n += yield* this.pushSpaces(true);
|
|
5915
|
+
continue loop;
|
|
5916
|
+
case "&":
|
|
5917
|
+
n += yield* this.pushUntil(isNotAnchorChar);
|
|
5918
|
+
n += yield* this.pushSpaces(true);
|
|
5919
|
+
continue loop;
|
|
5920
|
+
case "-":
|
|
5921
|
+
case "?":
|
|
5922
|
+
case ":": {
|
|
5923
|
+
const inFlow = this.flowLevel > 0;
|
|
5924
|
+
const ch1 = this.charAt(1);
|
|
5925
|
+
if (isEmpty(ch1) || inFlow && flowIndicatorChars.has(ch1)) {
|
|
5926
|
+
if (!inFlow)
|
|
5927
|
+
this.indentNext = this.indentValue + 1;
|
|
5928
|
+
else if (this.flowKey)
|
|
5929
|
+
this.flowKey = false;
|
|
5930
|
+
n += yield* this.pushCount(1);
|
|
5931
|
+
n += yield* this.pushSpaces(true);
|
|
5932
|
+
continue loop;
|
|
5933
|
+
}
|
|
5934
|
+
}
|
|
5903
5935
|
}
|
|
5936
|
+
break loop;
|
|
5904
5937
|
}
|
|
5905
|
-
|
|
5906
|
-
return 0;
|
|
5938
|
+
return n;
|
|
5907
5939
|
}
|
|
5908
5940
|
*pushTag() {
|
|
5909
5941
|
if (this.charAt(1) === "<") {
|
|
@@ -6057,6 +6089,13 @@ var require_parser = __commonJS((exports) => {
|
|
|
6057
6089
|
while (prev[++i]?.type === "space") {}
|
|
6058
6090
|
return prev.splice(i, prev.length);
|
|
6059
6091
|
}
|
|
6092
|
+
function arrayPushArray(target, source) {
|
|
6093
|
+
if (source.length < 1e5)
|
|
6094
|
+
Array.prototype.push.apply(target, source);
|
|
6095
|
+
else
|
|
6096
|
+
for (let i = 0;i < source.length; ++i)
|
|
6097
|
+
target.push(source[i]);
|
|
6098
|
+
}
|
|
6060
6099
|
function fixFlowSeqItems(fc) {
|
|
6061
6100
|
if (fc.start.type === "flow-seq-start") {
|
|
6062
6101
|
for (const it of fc.items) {
|
|
@@ -6066,11 +6105,11 @@ var require_parser = __commonJS((exports) => {
|
|
|
6066
6105
|
delete it.key;
|
|
6067
6106
|
if (isFlowToken(it.value)) {
|
|
6068
6107
|
if (it.value.end)
|
|
6069
|
-
|
|
6108
|
+
arrayPushArray(it.value.end, it.sep);
|
|
6070
6109
|
else
|
|
6071
6110
|
it.value.end = it.sep;
|
|
6072
6111
|
} else
|
|
6073
|
-
|
|
6112
|
+
arrayPushArray(it.start, it.sep);
|
|
6074
6113
|
delete it.sep;
|
|
6075
6114
|
}
|
|
6076
6115
|
}
|
|
@@ -6410,7 +6449,7 @@ var require_parser = __commonJS((exports) => {
|
|
|
6410
6449
|
const prev = map.items[map.items.length - 2];
|
|
6411
6450
|
const end = prev?.value?.end;
|
|
6412
6451
|
if (Array.isArray(end)) {
|
|
6413
|
-
|
|
6452
|
+
arrayPushArray(end, it.start);
|
|
6414
6453
|
end.push(this.sourceToken);
|
|
6415
6454
|
map.items.pop();
|
|
6416
6455
|
return;
|
|
@@ -6598,7 +6637,7 @@ var require_parser = __commonJS((exports) => {
|
|
|
6598
6637
|
const prev = seq.items[seq.items.length - 2];
|
|
6599
6638
|
const end = prev?.value?.end;
|
|
6600
6639
|
if (Array.isArray(end)) {
|
|
6601
|
-
|
|
6640
|
+
arrayPushArray(end, it.start);
|
|
6602
6641
|
end.push(this.sourceToken);
|
|
6603
6642
|
seq.items.pop();
|
|
6604
6643
|
return;
|
|
@@ -11,50 +11,50 @@ var init_package = __esm(() => {
|
|
|
11
11
|
pensar: "./bin/pensar.js"
|
|
12
12
|
},
|
|
13
13
|
dependencies: {
|
|
14
|
-
"@ai-sdk/amazon-bedrock": "^4.0.
|
|
15
|
-
"@ai-sdk/anthropic": "^3.0.
|
|
16
|
-
"@ai-sdk/google": "^3.0.
|
|
14
|
+
"@ai-sdk/amazon-bedrock": "^4.0.119",
|
|
15
|
+
"@ai-sdk/anthropic": "^3.0.85",
|
|
16
|
+
"@ai-sdk/google": "^3.0.83",
|
|
17
17
|
"@ai-sdk/openai": "3.0.46",
|
|
18
|
-
"@ai-sdk/openai-compatible": "^2.0.
|
|
19
|
-
"@ai-sdk/provider": "^3.0.
|
|
20
|
-
"@daytonaio/sdk": "^0.112.
|
|
21
|
-
"@googleapis/gmail": "^16.1.
|
|
18
|
+
"@ai-sdk/openai-compatible": "^2.0.51",
|
|
19
|
+
"@ai-sdk/provider": "^3.0.10",
|
|
20
|
+
"@daytonaio/sdk": "^0.112.3",
|
|
21
|
+
"@googleapis/gmail": "^16.1.2",
|
|
22
22
|
"@microsoft/microsoft-graph-client": "^3.0.7",
|
|
23
|
-
"@modelcontextprotocol/sdk": "^1.
|
|
24
|
-
"@openrouter/ai-sdk-provider": "^2.
|
|
25
|
-
"@opentelemetry/api": "^1.9.
|
|
23
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
24
|
+
"@openrouter/ai-sdk-provider": "^2.9.1",
|
|
25
|
+
"@opentelemetry/api": "^1.9.1",
|
|
26
26
|
"@opentui/core": "^0.1.107",
|
|
27
27
|
"@opentui/react": "^0.1.107",
|
|
28
28
|
"@pensar/surface": "0.2.2",
|
|
29
29
|
"@playwright/mcp": "^0.0.54",
|
|
30
|
-
ai: "^6.0.
|
|
30
|
+
ai: "^6.0.208",
|
|
31
31
|
"camoufox-js": "^0.11.1",
|
|
32
|
-
glob: "^13.0.
|
|
32
|
+
glob: "^13.0.6",
|
|
33
33
|
"highlight.js": "^11.11.1",
|
|
34
|
-
imapflow: "^1.2
|
|
35
|
-
mailparser: "^3.9.
|
|
36
|
-
marked: "^16.4.
|
|
34
|
+
imapflow: "^1.4.2",
|
|
35
|
+
mailparser: "^3.9.11",
|
|
36
|
+
marked: "^16.4.2",
|
|
37
37
|
"mime-types": "^3.0.2",
|
|
38
|
-
nodemailer: "^8.0.
|
|
39
|
-
"p-limit": "^7.
|
|
40
|
-
react: "^19.2.
|
|
41
|
-
sharp: "^0.34.
|
|
42
|
-
tldts: "^7.
|
|
43
|
-
yaml: "^2.
|
|
44
|
-
zod: "^4.
|
|
38
|
+
nodemailer: "^8.0.11",
|
|
39
|
+
"p-limit": "^7.3.0",
|
|
40
|
+
react: "^19.2.7",
|
|
41
|
+
sharp: "^0.34.5",
|
|
42
|
+
tldts: "^7.4.3",
|
|
43
|
+
yaml: "^2.9.0",
|
|
44
|
+
zod: "^4.4.3"
|
|
45
45
|
},
|
|
46
46
|
description: "AI-powered penetration testing CLI tool with terminal UI",
|
|
47
47
|
devDependencies: {
|
|
48
48
|
"@biomejs/biome": "2.4.14",
|
|
49
|
-
"@types/bun": "^1.3.
|
|
49
|
+
"@types/bun": "^1.3.14",
|
|
50
50
|
"@types/mailparser": "^3.4.6",
|
|
51
51
|
"@types/mime-types": "^3.0.1",
|
|
52
|
-
"@types/nodemailer": "^8.0.
|
|
53
|
-
"@types/react": "^19.2.
|
|
54
|
-
dotenv: "^17.2
|
|
55
|
-
knip: "^6.
|
|
56
|
-
prettier: "^3.8.
|
|
57
|
-
vitest: "^2.1.
|
|
52
|
+
"@types/nodemailer": "^8.0.1",
|
|
53
|
+
"@types/react": "^19.2.17",
|
|
54
|
+
dotenv: "^17.4.2",
|
|
55
|
+
knip: "^6.17.1",
|
|
56
|
+
prettier: "^3.8.4",
|
|
57
|
+
vitest: "^2.1.9"
|
|
58
58
|
},
|
|
59
59
|
engines: {
|
|
60
60
|
bun: ">=1.0.0",
|
|
@@ -120,7 +120,7 @@ var init_package = __esm(() => {
|
|
|
120
120
|
tsc: "tsc --noEmit"
|
|
121
121
|
},
|
|
122
122
|
type: "module",
|
|
123
|
-
version: "2.1.
|
|
123
|
+
version: "2.1.3-canary.082299eb"
|
|
124
124
|
};
|
|
125
125
|
});
|
|
126
126
|
|
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
import {
|
|
2
2
|
OffensiveSecurityAgent
|
|
3
|
-
} from "./cli-
|
|
3
|
+
} from "./cli-w5vt3svr.js";
|
|
4
4
|
import {
|
|
5
5
|
hasToolCall,
|
|
6
6
|
init_dist
|
|
7
|
-
} from "./cli-
|
|
7
|
+
} from "./cli-d28z7z1b.js";
|
|
8
8
|
import {
|
|
9
9
|
exports_external,
|
|
10
10
|
init_zod,
|
|
11
11
|
tool
|
|
12
|
-
} from "./cli-
|
|
12
|
+
} from "./cli-3k1x5rn3.js";
|
|
13
13
|
|
|
14
14
|
// src/core/agents/specialized/whiteboxAttackSurface/agent.ts
|
|
15
15
|
init_dist();
|
|
@@ -400,6 +400,7 @@ class WhiteboxAttackSurfaceAgent extends OffensiveSecurityAgent {
|
|
|
400
400
|
attackSurfaceRegistry,
|
|
401
401
|
domains,
|
|
402
402
|
enableThinking,
|
|
403
|
+
thinkingEffort,
|
|
403
404
|
openAIReasoningEffort
|
|
404
405
|
} = opts;
|
|
405
406
|
let capturedResult = null;
|
|
@@ -426,6 +427,7 @@ This ends the agent run — make sure all data is included.`,
|
|
|
426
427
|
subagentId,
|
|
427
428
|
attackSurfaceRegistry,
|
|
428
429
|
enableThinking,
|
|
430
|
+
thinkingEffort,
|
|
429
431
|
openAIReasoningEffort,
|
|
430
432
|
activeTools: [
|
|
431
433
|
"read_file",
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import {
|
|
2
2
|
OffensiveSecurityAgent
|
|
3
|
-
} from "./cli-
|
|
3
|
+
} from "./cli-w5vt3svr.js";
|
|
4
4
|
import {
|
|
5
5
|
init_dist,
|
|
6
6
|
stepCountIs
|
|
7
|
-
} from "./cli-
|
|
7
|
+
} from "./cli-d28z7z1b.js";
|
|
8
8
|
|
|
9
9
|
// src/core/agents/specialized/codeAgent/agent.ts
|
|
10
10
|
init_dist();
|
|
@@ -79,6 +79,7 @@ class CodeAgent extends OffensiveSecurityAgent {
|
|
|
79
79
|
attackSurfaceRegistry,
|
|
80
80
|
excludeTools,
|
|
81
81
|
enableThinking,
|
|
82
|
+
thinkingEffort,
|
|
82
83
|
openAIReasoningEffort,
|
|
83
84
|
projectThreatModel
|
|
84
85
|
} = opts;
|
|
@@ -124,6 +125,7 @@ class CodeAgent extends OffensiveSecurityAgent {
|
|
|
124
125
|
subagentId,
|
|
125
126
|
attackSurfaceRegistry,
|
|
126
127
|
enableThinking,
|
|
128
|
+
thinkingEffort,
|
|
127
129
|
openAIReasoningEffort,
|
|
128
130
|
projectThreatModel,
|
|
129
131
|
stopWhen: stopWhen ?? stepCountIs(1e4),
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
import {
|
|
2
2
|
OffensiveSecurityAgent
|
|
3
|
-
} from "./cli-
|
|
3
|
+
} from "./cli-w5vt3svr.js";
|
|
4
4
|
import {
|
|
5
5
|
detectOSAndEnhancePrompt
|
|
6
|
-
} from "./cli-
|
|
6
|
+
} from "./cli-35rkgbhd.js";
|
|
7
7
|
import {
|
|
8
8
|
hasToolCall,
|
|
9
9
|
init_dist,
|
|
10
10
|
stepCountIs
|
|
11
|
-
} from "./cli-
|
|
11
|
+
} from "./cli-d28z7z1b.js";
|
|
12
12
|
|
|
13
13
|
// src/core/agents/specialized/attackSurface/blackboxAgent.ts
|
|
14
14
|
init_dist();
|
|
@@ -387,6 +387,7 @@ class BlackboxAttackSurfaceAgent extends OffensiveSecurityAgent {
|
|
|
387
387
|
eventBus,
|
|
388
388
|
subagentId,
|
|
389
389
|
enableThinking,
|
|
390
|
+
thinkingEffort,
|
|
390
391
|
openAIReasoningEffort
|
|
391
392
|
} = opts;
|
|
392
393
|
const target = opts.target ?? opts.cwd;
|
|
@@ -416,6 +417,7 @@ class BlackboxAttackSurfaceAgent extends OffensiveSecurityAgent {
|
|
|
416
417
|
eventBus,
|
|
417
418
|
subagentId,
|
|
418
419
|
enableThinking,
|
|
420
|
+
thinkingEffort,
|
|
419
421
|
openAIReasoningEffort,
|
|
420
422
|
messages: opts.messages,
|
|
421
423
|
activeTools: [
|
|
@@ -479,7 +481,7 @@ ${authenticationInstructions}
|
|
|
479
481
|
authBlock = `⚠️ AUTHENTICATION CREDENTIALS PROVIDED — YOU MUST LOG IN FIRST.
|
|
480
482
|
|
|
481
483
|
Your FIRST tool call must be: browser_navigate to ${loginTarget}
|
|
482
|
-
Then use browser tools to authenticate. Pass the credentialId to
|
|
484
|
+
Then use browser tools to authenticate. Pass the credentialId to delegate_to_auth_subagent — secrets are resolved automatically.
|
|
483
485
|
For browser_fill on password/secret fields, use credentialId + credentialField instead of raw values.
|
|
484
486
|
|
|
485
487
|
Do NOT run curl, nmap, dig, or any other command before completing login.
|
|
@@ -0,0 +1,195 @@
|
|
|
1
|
+
import {
|
|
2
|
+
EvidenceFileEntrySchema
|
|
3
|
+
} from "./cli-7g8n2kkk.js";
|
|
4
|
+
import {
|
|
5
|
+
CweEntrySchema,
|
|
6
|
+
ValidatedCweEntrySchema,
|
|
7
|
+
hasCanonicalName
|
|
8
|
+
} from "./cli-w5vt3svr.js";
|
|
9
|
+
import {
|
|
10
|
+
exports_external,
|
|
11
|
+
init_zod
|
|
12
|
+
} from "./cli-3k1x5rn3.js";
|
|
13
|
+
|
|
14
|
+
// src/core/report/schemas.ts
|
|
15
|
+
init_zod();
|
|
16
|
+
var PentestReportFindingSchema = exports_external.object({
|
|
17
|
+
title: exports_external.string(),
|
|
18
|
+
severity: exports_external.enum(["CRITICAL", "HIGH", "MEDIUM", "LOW"]),
|
|
19
|
+
description: exports_external.string(),
|
|
20
|
+
impact: exports_external.string(),
|
|
21
|
+
evidence: exports_external.string(),
|
|
22
|
+
endpoint: exports_external.string(),
|
|
23
|
+
pocPath: exports_external.string(),
|
|
24
|
+
remediation: exports_external.string(),
|
|
25
|
+
references: exports_external.string().optional(),
|
|
26
|
+
cwes: exports_external.array(ValidatedCweEntrySchema.or(CweEntrySchema)).optional(),
|
|
27
|
+
rootCauseGroup: exports_external.string().optional(),
|
|
28
|
+
relatedFindings: exports_external.array(exports_external.string()).optional(),
|
|
29
|
+
rootCauseLead: exports_external.boolean().optional(),
|
|
30
|
+
evidenceFiles: exports_external.array(EvidenceFileEntrySchema).optional()
|
|
31
|
+
});
|
|
32
|
+
var PentestReportSchema = exports_external.object({
|
|
33
|
+
version: exports_external.string().regex(/^1\.\d+$/),
|
|
34
|
+
metadata: exports_external.object({
|
|
35
|
+
target: exports_external.string(),
|
|
36
|
+
model: exports_external.string(),
|
|
37
|
+
timestamp: exports_external.string(),
|
|
38
|
+
sessionId: exports_external.string(),
|
|
39
|
+
mode: exports_external.enum(["blackbox", "whitebox", "targeted"])
|
|
40
|
+
}),
|
|
41
|
+
summary: exports_external.object({
|
|
42
|
+
totalFindings: exports_external.number(),
|
|
43
|
+
bySeverity: exports_external.object({
|
|
44
|
+
CRITICAL: exports_external.number(),
|
|
45
|
+
HIGH: exports_external.number(),
|
|
46
|
+
MEDIUM: exports_external.number(),
|
|
47
|
+
LOW: exports_external.number()
|
|
48
|
+
})
|
|
49
|
+
}),
|
|
50
|
+
findings: exports_external.array(PentestReportFindingSchema)
|
|
51
|
+
});
|
|
52
|
+
var REPORT_VERSION = "1.0";
|
|
53
|
+
|
|
54
|
+
// src/core/report/builder.ts
|
|
55
|
+
var SEVERITY_ORDER = ["CRITICAL", "HIGH", "MEDIUM", "LOW"];
|
|
56
|
+
function buildPentestReport(findings, context) {
|
|
57
|
+
const sorted = [...findings].sort((a, b) => SEVERITY_ORDER.indexOf(a.severity) - SEVERITY_ORDER.indexOf(b.severity));
|
|
58
|
+
const bySeverity = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
|
|
59
|
+
for (const f of findings) {
|
|
60
|
+
bySeverity[f.severity]++;
|
|
61
|
+
}
|
|
62
|
+
return {
|
|
63
|
+
version: REPORT_VERSION,
|
|
64
|
+
metadata: {
|
|
65
|
+
target: context.target,
|
|
66
|
+
model: context.model,
|
|
67
|
+
timestamp: new Date().toISOString(),
|
|
68
|
+
sessionId: context.sessionId,
|
|
69
|
+
mode: context.mode
|
|
70
|
+
},
|
|
71
|
+
summary: {
|
|
72
|
+
totalFindings: findings.length,
|
|
73
|
+
bySeverity
|
|
74
|
+
},
|
|
75
|
+
findings: sorted.map((f) => ({
|
|
76
|
+
title: f.title,
|
|
77
|
+
severity: f.severity,
|
|
78
|
+
description: f.description,
|
|
79
|
+
impact: f.impact,
|
|
80
|
+
evidence: f.evidence,
|
|
81
|
+
endpoint: f.endpoint,
|
|
82
|
+
pocPath: f.pocPath,
|
|
83
|
+
remediation: f.remediation,
|
|
84
|
+
references: f.references,
|
|
85
|
+
cwes: f.cwes,
|
|
86
|
+
rootCauseGroup: f.rootCauseGroup,
|
|
87
|
+
relatedFindings: f.relatedFindings,
|
|
88
|
+
rootCauseLead: f.rootCauseLead,
|
|
89
|
+
evidenceFiles: f.evidenceFiles
|
|
90
|
+
}))
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
// src/core/report/renderers/json.ts
|
|
95
|
+
function renderJson(report) {
|
|
96
|
+
return JSON.stringify(report, null, 2);
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
// src/core/report/renderers/markdown.ts
|
|
100
|
+
function renderMarkdown(report) {
|
|
101
|
+
const { metadata, findings, summary } = report;
|
|
102
|
+
const header = [
|
|
103
|
+
`# Pentest Report — ${metadata.target}`,
|
|
104
|
+
"",
|
|
105
|
+
`**Date:** ${metadata.timestamp} `,
|
|
106
|
+
`**Session:** ${metadata.sessionId} `,
|
|
107
|
+
`**Model:** ${metadata.model} `,
|
|
108
|
+
`**Mode:** ${metadata.mode}`,
|
|
109
|
+
"",
|
|
110
|
+
`**Findings:** ${summary.totalFindings}`,
|
|
111
|
+
""
|
|
112
|
+
];
|
|
113
|
+
if (findings.length === 0) {
|
|
114
|
+
return [
|
|
115
|
+
...header,
|
|
116
|
+
"No findings were identified during this assessment.",
|
|
117
|
+
""
|
|
118
|
+
].join(`
|
|
119
|
+
`);
|
|
120
|
+
}
|
|
121
|
+
const body = findings.map((finding) => renderFinding(finding, metadata)).join(`
|
|
122
|
+
`);
|
|
123
|
+
return [...header, body].join(`
|
|
124
|
+
`);
|
|
125
|
+
}
|
|
126
|
+
function renderFinding(finding, metadata) {
|
|
127
|
+
const lines = [
|
|
128
|
+
`# ${finding.title}`,
|
|
129
|
+
"",
|
|
130
|
+
`**Severity:** ${finding.severity} `,
|
|
131
|
+
`**Target:** ${metadata.target} `,
|
|
132
|
+
`**Endpoint:** ${finding.endpoint} `,
|
|
133
|
+
`**Date:** ${metadata.timestamp} `,
|
|
134
|
+
`**Session:** ${metadata.sessionId}`,
|
|
135
|
+
"",
|
|
136
|
+
"## Description",
|
|
137
|
+
"",
|
|
138
|
+
finding.description,
|
|
139
|
+
"",
|
|
140
|
+
"## Impact",
|
|
141
|
+
"",
|
|
142
|
+
finding.impact,
|
|
143
|
+
"",
|
|
144
|
+
"## Evidence",
|
|
145
|
+
"",
|
|
146
|
+
"```",
|
|
147
|
+
finding.evidence,
|
|
148
|
+
"```",
|
|
149
|
+
"",
|
|
150
|
+
...finding.evidenceFiles?.length ? [
|
|
151
|
+
"## Evidence Files",
|
|
152
|
+
"",
|
|
153
|
+
...finding.evidenceFiles.map((ef) => `- **[${ef.type}]** \`${ef.path}\` — ${ef.description}`),
|
|
154
|
+
""
|
|
155
|
+
] : [],
|
|
156
|
+
...finding.cwes?.length ? [
|
|
157
|
+
"## CWE Classification",
|
|
158
|
+
"",
|
|
159
|
+
...finding.cwes.map((cwe) => `- **${cwe.id}**${hasCanonicalName(cwe) ? `: ${cwe.name}` : ""} — ${cwe.reasoning}`),
|
|
160
|
+
""
|
|
161
|
+
] : [],
|
|
162
|
+
...finding.rootCauseGroup ? [
|
|
163
|
+
"## Root Cause Group",
|
|
164
|
+
"",
|
|
165
|
+
`**Group:** \`${finding.rootCauseGroup}\``,
|
|
166
|
+
...finding.relatedFindings?.length ? [
|
|
167
|
+
"",
|
|
168
|
+
"**Related Findings:**",
|
|
169
|
+
...finding.relatedFindings.map((rf) => `- ${rf}`)
|
|
170
|
+
] : [],
|
|
171
|
+
""
|
|
172
|
+
] : [],
|
|
173
|
+
"## POC",
|
|
174
|
+
"",
|
|
175
|
+
`Path: \`${finding.pocPath}\``,
|
|
176
|
+
"",
|
|
177
|
+
"## Remediation",
|
|
178
|
+
"",
|
|
179
|
+
finding.remediation,
|
|
180
|
+
...finding.references ? ["", `## References`, "", finding.references] : [],
|
|
181
|
+
"",
|
|
182
|
+
"---",
|
|
183
|
+
"",
|
|
184
|
+
"*This finding was automatically documented by the Pensar penetration testing agent.*",
|
|
185
|
+
""
|
|
186
|
+
];
|
|
187
|
+
return lines.join(`
|
|
188
|
+
`);
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
// src/core/report/index.ts
|
|
192
|
+
var REPORT_FILENAME_MD = "pentest-report.md";
|
|
193
|
+
var REPORT_FILENAME_JSON = "pentest-report.json";
|
|
194
|
+
|
|
195
|
+
export { buildPentestReport, renderJson, renderMarkdown, REPORT_FILENAME_MD, REPORT_FILENAME_JSON };
|