aisec-cli 0.1.0

package/README.md

@@ -0,0 +1,54 @@
+# @aisec-foundation/cli
+
+CLI for **aisec** — AI-powered web security scanner.
+
+## Quick Start
+
+```bash
+npx @aisec-foundation/cli scan https://target.com --token YOUR_TOKEN
+```
+
+Or install globally:
+
+```bash
+npm i -g @aisec-foundation/cli
+```
+
+## Authentication
+
+Get your token at [app.aisec.tools/developer](https://app.aisec.tools/developer).
+
+```bash
+export AISEC_TOKEN=ask_...
+aisec scan https://target.com
+```
+
+## Commands
+
+### `aisec scan <target>`
+
+```bash
+aisec scan https://target.com              # Default balanced scan
+aisec scan https://target.com --full       # Aggressive + subdomains
+aisec scan https://target.com --aggressive # Full port scan, sqlmap
+aisec scan https://target.com --stealth    # WAF evasion, slow
+```
+
+Options: `--engine`, `--model`, `--temperature`, `--max-iterations`, `--scope`, `--timeout`, `--skip-recon`, `--skip-browser`, `--username`, `--password`, `--cookies`, `--proxy`, `--headers`
+
+### `aisec scans`
+
+```bash
+aisec scans           # Last 10 scans
+aisec scans -l 20     # Last 20 scans
+```
+
+### `aisec status`
+
+```bash
+aisec status          # Check connection & auth
+```
+
+## License
+
+MIT

package/bin/aisec.mjs

@@ -0,0 +1,53 @@
+#!/usr/bin/env node
+
+import { program } from "commander";
+import { cmdScan } from "../lib/scan.mjs";
+import { cmdScans } from "../lib/scans.mjs";
+import { cmdStatus } from "../lib/status.mjs";
+
+program
+  .name("aisec")
+  .description("AI-powered web security scanner")
+  .version("0.1.0");
+
+program
+  .command("scan <target>")
+  .description("Launch a security scan against a target URL")
+  .option("--stealth", "Stealth profile — slower, WAF evasion")
+  .option("--aggressive", "Aggressive — full port scan, brute force, sqlmap")
+  .option("--full", "Full — aggressive + subdomain scope + 50 iterations")
+  .option("-e, --engine <engine>", "AI engine: claude or ollama", "claude")
+  .option("-m, --model <model>", "Model name")
+  .option("--temperature <temp>", "AI temperature 0.0-1.0", parseFloat)
+  .option("-n, --max-iterations <n>", "Max AI iterations", parseInt)
+  .option("--scope <scope>", "Scan scope: target, domain, subdomain")
+  .option("-t, --timeout <minutes>", "Timeout in minutes, 0=unlimited", parseInt)
+  .option("--skip-recon", "Skip infrastructure recon")
+  .option("--skip-browser", "Skip browser-based recon")
+  .option("-u, --username <user>", "Username for auth scanning")
+  .option("-p, --password <pass>", "Password for auth scanning")
+  .option("--cookies <json>", "Session cookies as JSON or @file")
+  .option("--proxy <url>", "Proxy URL")
+  .option("--headers <headers>", "Custom headers: 'Key:Val,Key2:Val2' or @file")
+  .option("--fail-on <severity>", "Exit 1 if findings at this severity or above (critical, high, medium, low)")
+  .option("--source <source>", "Scan source identifier (cli, ci, api)", "cli")
+  .option("--token <token>", "API token (or AISEC_TOKEN env)")
+  .option("--api <url>", "API URL override")
+  .action(cmdScan);
+
+program
+  .command("scans")
+  .description("List recent scans")
+  .option("-l, --limit <n>", "Number of scans to show", parseInt, 10)
+  .option("--token <token>", "API token (or AISEC_TOKEN env)")
+  .option("--api <url>", "API URL override")
+  .action(cmdScans);
+
+program
+  .command("status")
+  .description("Check API connection and authentication")
+  .option("--token <token>", "API token (or AISEC_TOKEN env)")
+  .option("--api <url>", "API URL override")
+  .action(cmdStatus);
+
+program.parse();

package/lib/api.mjs

@@ -0,0 +1,31 @@
+import chalk from "chalk";
+
+export async function request(apiUrl, path, token, opts = {}) {
+  const url = `${apiUrl}${path}`;
+  const headers = {
+    "Authorization": `Bearer ${token}`,
+    "Content-Type": "application/json",
+  };
+
+  const res = await fetch(url, { ...opts, headers: { ...headers, ...opts.headers } });
+
+  if (!res.ok) {
+    if (res.status === 401) {
+      console.error(chalk.red("Invalid API token."));
+      process.exit(1);
+    }
+    const body = await res.text();
+    throw new Error(`${res.status} ${res.statusText}: ${body}`);
+  }
+
+  return res.json();
+}
+
+export async function healthCheck(apiUrl) {
+  try {
+    const res = await fetch(`${apiUrl}/health`, { signal: AbortSignal.timeout(5000) });
+    return res.ok;
+  } catch {
+    return false;
+  }
+}

package/lib/config.mjs

@@ -0,0 +1,24 @@
+import chalk from "chalk";
+
+const DEFAULT_API = "https://api.aisec.tools";
+
+export function resolveAuth(opts) {
+  const token = opts.token || process.env.AISEC_TOKEN;
+  if (!token) {
+    console.error(chalk.red("No API token provided."));
+    console.error(
+      `Set ${chalk.cyan("AISEC_TOKEN")} env var or pass ${chalk.cyan("--token")}\n` +
+      `Get your token at ${chalk.underline("https://app.aisec.tools/developer")}`
+    );
+    process.exit(1);
+  }
+  return token;
+}
+
+export function resolveApi(opts) {
+  return (opts.api || process.env.AISEC_API || DEFAULT_API).replace(/\/$/, "");
+}
+
+export function wsUrl(apiUrl) {
+  return apiUrl.replace(/^http/, "ws");
+}

package/lib/scan.mjs

@@ -0,0 +1,313 @@
+import chalk from "chalk";
+import WebSocket from "ws";
+import { readFileSync } from "fs";
+import { resolveAuth, resolveApi, wsUrl } from "./config.mjs";
+import { request, healthCheck } from "./api.mjs";
+
+function resolveProfile(opts) {
+  if (opts.full) return "full";
+  if (opts.aggressive) return "aggressive";
+  if (opts.stealth) return "stealth";
+  return undefined;
+}
+
+function parseHeaders(raw) {
+  if (!raw) return undefined;
+  if (raw.startsWith("@")) {
+    raw = readFileSync(raw.slice(1), "utf-8").trim();
+  }
+  const headers = {};
+  for (const pair of raw.split(",")) {
+    const idx = pair.indexOf(":");
+    if (idx > 0) headers[pair.slice(0, idx).trim()] = pair.slice(idx + 1).trim();
+  }
+  return headers;
+}
+
+function parseCookies(raw) {
+  if (!raw) return undefined;
+  if (raw.startsWith("@")) {
+    return readFileSync(raw.slice(1), "utf-8").trim();
+  }
+  return raw;
+}
+
+function buildBody(target, opts) {
+  const body = { target, source: opts.source || "cli" };
+  const profile = resolveProfile(opts);
+  if (profile) body.profile = profile;
+  if (opts.engine !== "claude") body.engine = opts.engine;
+  if (opts.model) body.model = opts.model;
+  if (opts.temperature != null) body.temperature = opts.temperature;
+  if (opts.maxIterations) body.max_iterations = opts.maxIterations;
+  if (opts.scope) body.scope = opts.scope;
+  if (opts.timeout != null) body.timeout_minutes = opts.timeout;
+  if (opts.skipRecon) body.skip_recon = true;
+  if (opts.skipBrowser) body.skip_browser = true;
+  if (opts.username) body.username = opts.username;
+  if (opts.password) body.password = opts.password;
+  if (opts.proxy) body.proxy = opts.proxy;
+  const cookies = parseCookies(opts.cookies);
+  if (cookies) body.cookies_json = cookies;
+  const headers = parseHeaders(opts.headers);
+  if (headers) body.custom_headers = headers;
+  return body;
+}
+
+function formatDuration(seconds) {
+  const m = Math.floor(seconds / 60);
+  const s = seconds % 60;
+  return m > 0 ? `${m}m ${s}s` : `${s}s`;
+}
+
+const SEV_RANK = { critical: 4, high: 3, medium: 2, low: 1, info: 0 };
+
+function sevAboveThreshold(finding, threshold) {
+  if (!threshold) return false;
+  const fRank = SEV_RANK[(finding || "").toLowerCase()] ?? -1;
+  const tRank = SEV_RANK[threshold.toLowerCase()] ?? 99;
+  return fRank >= tRank;
+}
+
+const THINKING_VERBS = [
+  "Thinking", "Analyzing", "Probing", "Investigating", "Evaluating",
+  "Inspecting", "Scanning", "Crafting", "Assessing", "Examining",
+  "Mapping", "Enumerating", "Fingerprinting", "Strategizing",
+];
+const SPINNER_FRAMES = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
+
+function createThinkingSpinner() {
+  let interval = null;
+  let frame = 0;
+  let verb = THINKING_VERBS[Math.floor(Math.random() * THINKING_VERBS.length)];
+  let verbInterval = null;
+
+  return {
+    start() {
+      this.stop();
+      verb = THINKING_VERBS[Math.floor(Math.random() * THINKING_VERBS.length)];
+      frame = 0;
+      interval = setInterval(() => {
+        const f = SPINNER_FRAMES[frame % SPINNER_FRAMES.length];
+        process.stdout.write(`\r${chalk.cyan(f)} ${chalk.dim.italic(verb)}  `);
+        frame++;
+      }, 80);
+      verbInterval = setInterval(() => {
+        verb = THINKING_VERBS[Math.floor(Math.random() * THINKING_VERBS.length)];
+      }, 3000 + Math.random() * 2000);
+    },
+    stop() {
+      if (interval) {
+        clearInterval(interval);
+        interval = null;
+        process.stdout.write("\r" + " ".repeat(40) + "\r");
+      }
+      if (verbInterval) {
+        clearInterval(verbInterval);
+        verbInterval = null;
+      }
+    },
+  };
+}
+
+export async function cmdScan(target, opts) {
+  if (!/^https?:\/\//i.test(target)) {
+    console.error(chalk.red(`Target must start with http:// or https://`));
+    process.exit(1);
+  }
+
+  const token = resolveAuth(opts);
+  const apiUrl = resolveApi(opts);
+
+  const ok = await healthCheck(apiUrl);
+  if (!ok) {
+    console.error(chalk.red(`API unreachable at ${apiUrl}`));
+    process.exit(1);
+  }
+
+  const body = buildBody(target, opts);
+  const profile = resolveProfile(opts) || "default";
+
+  // Fetch account info before scan
+  let accountPlan = "?";
+  let accountCredits = "?";
+  try {
+    const me = await request(apiUrl, "/api/v1/auth/me", token);
+    accountPlan = me.plan || "free";
+    accountCredits = parseFloat(me.credits_balance || 0).toFixed(1);
+  } catch {}
+
+  console.log(
+    chalk.red("━".repeat(50)) + "\n" +
+    chalk.bold.red(" aisec") + chalk.dim(" — AI security scanner\n") +
+    chalk.dim(` Target:  `) + chalk.white(target) + "\n" +
+    chalk.dim(` Account: `) + chalk.white(accountPlan) + chalk.dim(" · ") + chalk.yellow.bold(accountCredits) + chalk.dim(" credits") + "\n" +
+    chalk.dim(` Profile: `) + chalk.cyan(profile) + "\n" +
+    chalk.dim(` Engine:  `) + chalk.cyan(opts.engine || "claude") + "\n" +
+    chalk.red("━".repeat(50))
+  );
+
+  let scan;
+  try {
+    scan = await request(apiUrl, "/api/v1/scans", token, {
+      method: "POST",
+      body: JSON.stringify(body),
+    });
+  } catch (err) {
+    console.error(chalk.red(`Failed to create scan: ${err.message}`));
+    process.exit(1);
+  }
+
+  const scanId = scan.id;
+  console.log(chalk.dim(`Scan ${scanId.slice(0, 8)}... created`));
+
+  // Expose scan ID for CI (GitHub Actions, etc.)
+  if (process.env.GITHUB_OUTPUT) {
+    const { appendFileSync } = await import("fs");
+    appendFileSync(process.env.GITHUB_OUTPUT, `scan-id=${scanId}\n`);
+  }
+
+  if (scan.queue_position && scan.queue_position > 0) {
+    console.log(chalk.yellow(`Queued at position ${scan.queue_position}`));
+  }
+
+  // WebSocket streaming
+  const wsBase = wsUrl(apiUrl);
+  const wsUrlFull = `${wsBase}/ws/scans/${scanId}?token=${token}`;
+
+  const ws = new WebSocket(wsUrlFull);
+  let cancelled = false;
+  const foundFindings = [];   // track severities for --fail-on
+  let exitCode = 0;
+
+  const cancel = async () => {
+    if (cancelled) process.exit(1);
+    cancelled = true;
+    console.log(chalk.yellow("\nCancelling scan..."));
+    try {
+      await request(apiUrl, `/api/v1/scans/${scanId}/cancel`, token, { method: "POST" });
+    } catch {}
+    setTimeout(() => process.exit(0), 2000);
+  };
+
+  process.on("SIGINT", cancel);
+  process.on("SIGTERM", cancel);
+
+  ws.on("open", () => {
+    // keepalive
+    const ping = setInterval(() => {
+      if (ws.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify({ type: "ping" }));
+      } else {
+        clearInterval(ping);
+      }
+    }, 30_000);
+    ws.once("close", () => clearInterval(ping));
+  });
+
+  const spinner = createThinkingSpinner();
+
+  ws.on("message", async (data) => {
+    let msg;
+    try {
+      msg = JSON.parse(data.toString());
+    } catch {
+      return;
+    }
+
+    switch (msg.type) {
+      case "thinking":
+        if (msg.data?.status === "start") spinner.start();
+        else spinner.stop();
+        break;
+
+      case "console":
+        spinner.stop();
+        if (msg.data?.text) process.stdout.write(msg.data.text + "\n");
+        break;
+
+      case "finding":
+        spinner.stop();
+        console.log(chalk.bold.yellow(`\n[FINDING] ${msg.data?.title || "Vulnerability found"}`));
+        if (msg.data?.severity) {
+          console.log(chalk.dim(`  Severity: ${msg.data.severity}`));
+          foundFindings.push(msg.data.severity);
+        }
+        break;
+
+      case "credits_update":
+      case "cost_update":
+        {
+          const cr = msg.data?.credits_used ?? msg.data?.cost;
+          if (cr != null) {
+            process.stdout.write(chalk.dim(`  [${cr.toFixed(1)} credits]\r`));
+          }
+        }
+        break;
+
+      case "error":
+        spinner.stop();
+        console.error(chalk.red(`\nError: ${msg.data?.message || "Unknown error"}`));
+        break;
+
+      case "scan_complete": {
+        spinner.stop();
+        const d = msg.data || {};
+        const duration = d.duration ? formatDuration(d.duration) : "?";
+        const creditsUsed = (d.credits_used ?? d.cost ?? 0).toFixed(1);
+
+        // Fetch remaining credits
+        let remaining = "?";
+        try {
+          const me = await request(apiUrl, "/api/v1/auth/me", token);
+          remaining = parseFloat(me.credits_balance || 0).toFixed(1);
+        } catch {}
+
+        const reportUrl = `https://app.aisec.tools/scans/${scanId}`;
+        console.log(
+          "\n" + chalk.green("━".repeat(50)) + "\n" +
+          chalk.bold.green(" Scan complete\n") +
+          chalk.dim(` Findings: `) + chalk.white(d.findings ?? 0) + "\n" +
+          chalk.dim(` Credits:  `) + chalk.white(creditsUsed) + chalk.dim(" used · ") + chalk.yellow.bold(remaining) + chalk.dim(" remaining") + "\n" +
+          chalk.dim(` Duration: `) + chalk.white(duration) + "\n" +
+          chalk.dim(` Report:   `) + chalk.underline.cyan(reportUrl) + "\n" +
+          chalk.green("━".repeat(50))
+        );
+
+        // CI outputs
+        if (process.env.GITHUB_OUTPUT) {
+          const { appendFileSync } = await import("fs");
+          appendFileSync(process.env.GITHUB_OUTPUT, `findings=${d.findings ?? 0}\n`);
+          appendFileSync(process.env.GITHUB_OUTPUT, `report-url=${reportUrl}\n`);
+        }
+
+        // --fail-on check
+        if (opts.failOn) {
+          const failed = foundFindings.some(s => sevAboveThreshold(s, opts.failOn));
+          if (failed) {
+            console.log(chalk.red(`\n✗ Findings at ${opts.failOn}+ severity detected — exiting with code 1`));
+            exitCode = 1;
+          } else {
+            console.log(chalk.green(`\n✓ No findings at ${opts.failOn}+ severity`));
+          }
+        }
+
+        ws.close();
+        break;
+      }
+
+      case "scan_started":
+        console.log(chalk.cyan("Scan started, streaming output...\n"));
+        break;
+    }
+  });
+
+  ws.on("error", (err) => {
+    console.error(chalk.red(`WebSocket error: ${err.message}`));
+  });
+
+  ws.on("close", () => {
+    spinner.stop();
+    if (!cancelled) process.exit(exitCode);
+  });
+}

package/lib/scans.mjs

@@ -0,0 +1,62 @@
+import chalk from "chalk";
+import { resolveAuth, resolveApi } from "./config.mjs";
+import { request } from "./api.mjs";
+
+const STATUS_COLORS = {
+  running: chalk.green,
+  completed: chalk.blue,
+  failed: chalk.red,
+  cancelled: chalk.dim,
+  pending: chalk.yellow,
+  queued: chalk.yellow,
+};
+
+export async function cmdScans(opts) {
+  const token = resolveAuth(opts);
+  const apiUrl = resolveApi(opts);
+  const limit = opts.limit || 10;
+
+  let data;
+  try {
+    data = await request(apiUrl, `/api/v1/scans?limit=${limit}`, token);
+  } catch (err) {
+    console.error(chalk.red(`Failed to fetch scans: ${err.message}`));
+    process.exit(1);
+  }
+
+  const scans = Array.isArray(data) ? data : data.items || data.scans || [];
+
+  if (scans.length === 0) {
+    console.log(chalk.dim("No scans found."));
+    return;
+  }
+
+  console.log(
+    chalk.dim("Status".padEnd(12)) +
+    chalk.dim("Domain".padEnd(30)) +
+    chalk.dim("Finds".padStart(6)) +
+    chalk.dim("Cost".padStart(9)) +
+    chalk.dim("Date".padStart(13)) +
+    chalk.dim("ID".padStart(11))
+  );
+  console.log(chalk.dim("─".repeat(81)));
+
+  for (const s of scans) {
+    const color = STATUS_COLORS[s.status] || chalk.white;
+    const domain = (s.target || "").replace(/^https?:\/\//, "").slice(0, 28);
+    const findings = String(s.findings_count ?? s.total_findings ?? 0);
+    const cr = s.credits_used ?? s.total_cost;
+    const cost = cr != null ? `${cr.toFixed(1)}` : "-";
+    const date = s.created_at ? s.created_at.slice(0, 10) : "-";
+    const id = (s.id || "").slice(0, 8);
+
+    console.log(
+      color(s.status.padEnd(12)) +
+      chalk.white(domain.padEnd(30)) +
+      chalk.white(findings.padStart(6)) +
+      chalk.white(cost.padStart(9)) +
+      chalk.dim(date.padStart(13)) +
+      chalk.dim(id.padStart(11))
+    );
+  }
+}

package/lib/status.mjs

@@ -0,0 +1,28 @@
+import chalk from "chalk";
+import { resolveAuth, resolveApi } from "./config.mjs";
+import { request, healthCheck } from "./api.mjs";
+
+export async function cmdStatus(opts) {
+  const token = resolveAuth(opts);
+  const apiUrl = resolveApi(opts);
+
+  const ok = await healthCheck(apiUrl);
+  if (!ok) {
+    console.error(chalk.red(`API unreachable at ${apiUrl}`));
+    process.exit(1);
+  }
+  console.log(chalk.green(`✓ API reachable at ${apiUrl}`));
+
+  try {
+    const stats = await request(apiUrl, "/api/v1/stats", token);
+    console.log(chalk.green("✓ Authenticated"));
+    const scans = stats.total_scans ?? "?";
+    const findings = stats.total_findings ?? "?";
+    const cr = stats.credits_used ?? stats.total_cost;
+    const credits = cr != null ? cr.toFixed(1) : "?";
+    console.log(chalk.dim(`Scans: ${scans} | Findings: ${findings} | Credits: ${credits}`));
+  } catch (err) {
+    console.error(chalk.red(`Auth check failed: ${err.message}`));
+    process.exit(1);
+  }
+}

package/package.json

@@ -0,0 +1,33 @@
+{
+  "name": "aisec-cli",
+  "version": "0.1.0",
+  "description": "CLI for aisec — AI-powered web security scanner",
+  "type": "module",
+  "bin": {
+    "aisec": "./bin/aisec.mjs"
+  },
+  "files": [
+    "bin/",
+    "lib/"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "security",
+    "scanner",
+    "pentest",
+    "ai",
+    "cli"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/aisec-foundation/cli-node.git"
+  },
+  "dependencies": {
+    "commander": "^12.1.0",
+    "chalk": "^5.3.0",
+    "ws": "^8.18.0"
+  }
+}