npm - cipher-security - Versions diffs - 2.0.3 → 2.0.5 - Mend

cipher-security 2.0.3 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/bin/cipher.js +113 -18
package/lib/bot/bot.js +1 -1
package/lib/commands.js +1 -3
package/lib/gateway/commands.js +125 -50
package/lib/gateway/index.js +3 -0
package/lib/mcp/server.js +250 -13
package/lib/pipeline/index.js +3 -1
package/lib/pipeline/osint.js +488 -239
package/lib/pipeline/scanner.js +67 -3
package/package.json +1 -1
package/lib/complexity.js +0 -377

package/lib/pipeline/scanner.js CHANGED Viewed

@@ -361,7 +361,10 @@ class NucleiRunner {
     if (effTags.length) cmd.push('-tags', effTags.join(','));
     if (effSev.length) cmd.push('-severity', effSev.join(','));
     cmd.push('-rl', String(sp.rateLimit), '-bs', String(sp.bulkSize));
+    if (sp.concurrency) cmd.push('-c', String(sp.concurrency));
+    if (sp.requestTimeout) cmd.push('-timeout', String(sp.requestTimeout));
     if (sp.headless) cmd.push('-headless');
+    if (sp.extraArgs) cmd.push(...sp.extraArgs);
     return this._execute(cmd, target, opts.timeout ?? DEFAULT_TIMEOUT);
   }
@@ -374,14 +377,75 @@ class NucleiRunner {
    * @param {number} [opts.timeout=600]
    * @returns {Promise<ScanResult>}
    */
+  /**
+   * Run Nuclei with explicit template paths (synchronous — for quick scans).
+   * Uses execFileSync to avoid Go pipe-buffering issues with spawn.
+   * @param {string} target
+   * @param {object} opts
+   * @param {string[]} [opts.templatePaths]
+   * @param {number} [opts.timeout=30]
+   * @param {number} [opts.rateLimit=150]
+   * @param {number} [opts.concurrency=25]
+   * @param {number} [opts.requestTimeout=10]
+   * @returns {Promise<ScanResult>}
+   */
   scanWithTemplates(target, opts = {}) {
     if (!this.available) return Promise.resolve(this._fail(target));
     const bin = this._resolved || this.nucleiPath;
-    const cmd = [bin, '-jsonl', '-silent', '-u', target];
+    const args = ['-jsonl', '-silent', '-u', target];
     for (const tp of opts.templatePaths ?? []) {
-      cmd.push('-t', tp);
+      args.push('-t', tp);
+    }
+    args.push('-rl', String(opts.rateLimit ?? 150));
+    args.push('-c', String(opts.concurrency ?? 25));
+    args.push('-timeout', String(opts.requestTimeout ?? 10));
+    const start = Date.now();
+    try {
+      const out = execFileSync(bin, args, {
+        encoding: 'utf-8',
+        timeout: (opts.timeout ?? 30) * 1000,
+        maxBuffer: 50 * 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+      const elapsed = (Date.now() - start) / 1000;
+      const findings = [];
+      for (const line of out.split('\n')) {
+        if (line.startsWith('{')) {
+          try { findings.push(Finding.fromNucleiJson(JSON.parse(line))); }
+          catch { /* skip parse errors */ }
+        }
+      }
+      const sevCounts = {};
+      for (const f of findings) sevCounts[f.severity] = (sevCounts[f.severity] || 0) + 1;
+      return Promise.resolve(new ScanResult({
+        target, findings,
+        stats: { total: findings.length, ...sevCounts },
+        command: `${bin} ${args.join(' ')}`,
+        durationSeconds: Math.round(elapsed * 100) / 100,
+        success: true,
+      }));
+    } catch (err) {
+      const elapsed = (Date.now() - start) / 1000;
+      const timedOut = err.killed || err.signal === 'SIGTERM';
+      // Even on timeout, capture any partial output
+      const out = err.stdout || '';
+      const findings = [];
+      for (const line of out.split('\n')) {
+        if (line.startsWith('{')) {
+          try { findings.push(Finding.fromNucleiJson(JSON.parse(line))); }
+          catch { /* skip */ }
+        }
+      }
+      return Promise.resolve(new ScanResult({
+        target, findings,
+        stats: { total: findings.length },
+        errors: timedOut ? [`Scan timed out after ${opts.timeout ?? 30}s`] : [err.message],
+        command: `${bin} ${args.join(' ')}`,
+        durationSeconds: Math.round(elapsed * 100) / 100,
+        success: !timedOut && findings.length > 0,
+      }));
     }
-    return this._execute(cmd, target, opts.timeout ?? DEFAULT_TIMEOUT);
   }
   /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cipher-security",
-  "version": "2.0.3",
+  "version": "2.0.5",
   "description": "CIPHER — AI Security Engineering Platform CLI",
   "type": "module",
   "engines": {

package/lib/complexity.js DELETED Viewed

@@ -1,377 +0,0 @@
-// Copyright (c) 2026 defconxt. All rights reserved.
-// Licensed under AGPL-3.0 — see LICENSE file for details.
-// CIPHER is a trademark of defconxt.
-/**
- * Smart routing complexity classifier for CIPHER CLI.
- *
- * Evaluates multiple heuristic signals to determine query complexity and
- * route to the appropriate backend (Ollama for simple/moderate, Claude for
- * complex/expert).
- *
- * Ported from src/gateway/complexity.py — all keyword dictionaries, regex
- * patterns, score thresholds, and scoring logic are identical.
- *
- * @example
- * import { classify, routeBackend, classifyAndRoute, COMPLEXITY } from './complexity.js';
- *
- * const level = classify("design a zero trust architecture for AWS");
- * const backend = routeBackend(level); // "claude"
- *
- * const [lvl, be] = classifyAndRoute("what port does SSH use");
- * // lvl === 1 (SIMPLE), be === "ollama"
- */
-// ---------------------------------------------------------------------------
-// Complexity enum
-// ---------------------------------------------------------------------------
-/** Query complexity levels, ordered by increasing difficulty. */
-export const COMPLEXITY = Object.freeze({
-  SIMPLE: 1,   // Factual lookups, single-concept questions → Ollama
-  MODERATE: 2, // Multi-part but bounded questions → Ollama
-  COMPLEX: 3,  // Deep reasoning, threat models, architecture → Claude
-  EXPERT: 4,   // Cross-domain, multi-framework, advanced analysis → Claude
-});
-const _NAMES = Object.freeze({
-  [COMPLEXITY.SIMPLE]: 'SIMPLE',
-  [COMPLEXITY.MODERATE]: 'MODERATE',
-  [COMPLEXITY.COMPLEX]: 'COMPLEX',
-  [COMPLEXITY.EXPERT]: 'EXPERT',
-});
-/**
- * Reverse lookup: complexity level integer → human-readable name.
- * @param {number} level
- * @returns {string}
- */
-export function nameOf(level) {
-  return _NAMES[level] ?? 'UNKNOWN';
-}
-// ---------------------------------------------------------------------------
-// Tunable weights — adjust these to change routing sensitivity
-// ---------------------------------------------------------------------------
-/** Points thresholds for each complexity level. */
-export const THRESHOLDS = Object.freeze({
-  moderate: 3,  // >= 3 points → MODERATE
-  complex: 6,   // >= 6 points → COMPLEX
-  expert: 10,   // >= 10 points → EXPERT
-});
-/** Message length breakpoints (characters) and their point values. */
-export const LENGTH_SCORES = Object.freeze([
-  [500, 4], // Very long queries are likely complex
-  [300, 3], // Long queries
-  [150, 2], // Medium queries
-  [80, 1],  // Short but not trivial
-]);
-// ---------------------------------------------------------------------------
-// Keyword sets — each match adds the specified points
-// ---------------------------------------------------------------------------
-/** Simple indicators (negative points — pull toward Ollama). */
-export const SIMPLE_KEYWORDS = Object.freeze({
-  'what is': -2,
-  'what are': -1,
-  'what does': -2,
-  'what port': -3,
-  'which port': -3,
-  'default port': -3,
-  'how to install': -2,
-  'how to start': -2,
-  'how to run': -2,
-  'syntax for': -2,
-  'command for': -2,
-  'define ': -2,
-  'definition of': -2,
-  'meaning of': -2,
-  'example of': -1,
-  'list of': -1,
-  'difference between': -1,
-});
-/** Domain complexity indicators (positive points — push toward Claude). */
-export const COMPLEX_KEYWORDS = Object.freeze({
-  // Architecture & design
-  'threat model': 4,
-  'architecture': 3,
-  'design': 2,
-  'zero trust': 3,
-  'blast radius': 3,
-  'compensating control': 3,
-  'defense in depth': 2,
-  'security architecture': 4,
-  'data flow diagram': 3,
-  'trust boundary': 3,
-  // Risk & compliance
-  'dpia': 4,
-  'risk assessment': 4,
-  'risk analysis': 3,
-  'compliance mapping': 4,
-  'gap analysis': 3,
-  'maturity assessment': 3,
-  'audit finding': 3,
-  'control mapping': 3,
-  // Analysis & reasoning
-  'analyze': 2,
-  'analyse': 2,
-  'evaluate': 2,
-  'compare and contrast': 3,
-  'trade-off': 2,
-  'tradeoff': 2,
-  'pros and cons': 2,
-  'impact analysis': 3,
-  'root cause': 3,
-  // Offensive / red team
-  'attack chain': 4,
-  'attack path': 3,
-  'kill chain': 3,
-  'exploitation chain': 4,
-  'lateral movement': 2,
-  'privilege escalation': 2,
-  'privesc': 2,
-  'post-exploitation': 3,
-  'evasion technique': 3,
-  'bypass': 1,
-  // Incident response
-  'incident analysis': 4,
-  'incident': 2,
-  'forensic analysis': 4,
-  'forensic': 2,
-  'timeline reconstruction': 4,
-  'indicator of compromise': 2,
-  'ioc': 1,
-  'beacon': 2,
-  'cobalt strike': 3,
-  'mimikatz': 2,
-  'dcsync': 3,
-  'triage': 2,
-  'containment strategy': 3,
-  'eradication plan': 3,
-  'breach': 2,
-  'malware analysis': 3,
-  'reverse engineer': 3,
-  // Detection engineering
-  'detection logic': 3,
-  'sigma rule': 2,
-  'detection coverage': 3,
-  'false positive': 2,
-  'detection gap': 3,
-  'correlation rule': 3,
-  'hunting hypothesis': 3,
-  // Multi-step / planning
-  'strategy': 2,
-  'roadmap': 3,
-  'implementation plan': 3,
-  'step by step': 1,
-  'runbook': 2,
-  'playbook': 2,
-  'workflow': 1,
-});
-/** Framework references — signal expert-level queries. */
-export const FRAMEWORK_KEYWORDS = Object.freeze({
-  'nist': 2,
-  'nist 800-53': 3,
-  'nist 800-171': 3,
-  'nist csf': 3,
-  'mitre att&ck': 3,
-  'mitre attack': 3,
-  'stride': 3,
-  'pasta': 3,
-  'dread': 3,
-  'owasp': 2,
-  'owasp top 10': 2,
-  'cis controls': 2,
-  'cis benchmark': 2,
-  'iso 27001': 3,
-  'iso 27002': 3,
-  'soc 2': 2,
-  'pci dss': 3,
-  'hipaa': 2,
-  'gdpr': 2,
-  'ccpa': 2,
-  'fedramp': 3,
-  'cmmc': 3,
-  'cve-': 1,
-  'cwe-': 1,
-});
-// ---------------------------------------------------------------------------
-// Structural patterns — regex-based signals
-// ---------------------------------------------------------------------------
-/** Multi-part query indicators (each match adds points). */
-export const STRUCTURE_PATTERNS = Object.freeze([
-  // Conjunctions joining distinct requests
-  [/\b(?:and also|and then|additionally|furthermore|moreover)\b/, 2],
-  // Numbered lists in the query
-  [/(?:^|\n)\s*\d+[.)]\s/, 2],
-  // Conditional logic
-  [/\bif\s+.+\bthen\b/, 2],
-  [/\bwhat if\b/, 2],
-  [/\bassuming\b/, 1],
-  [/\bgiven that\b/, 1],
-  // Comparison requests
-  [/\bvs\.?\b/, 1],
-  [/\bversus\b/, 1],
-  [/\bcompare\b/, 2],
-  // Scope amplifiers
-  [/\b(?:comprehensive|exhaustive|thorough|detailed|in-depth|end-to-end)\b/, 2],
-  [/\b(?:enterprise|organization-wide|company-wide|across all)\b/, 2],
-  // Multiple question marks (multiple questions)
-  [/\?.*\?/, 2],
-]);
-/** Count of "and" conjunctions — many ands suggest multi-part queries. */
-export const AND_CONJUNCTION_THRESHOLD = 3;
-export const AND_CONJUNCTION_POINTS = 2;
-// ---------------------------------------------------------------------------
-// Scoring functions
-// ---------------------------------------------------------------------------
-/**
- * Score based on message length.
- * @param {string} message
- * @returns {number}
- */
-export function scoreLength(message) {
-  const length = message.length;
-  for (const [threshold, points] of LENGTH_SCORES) {
-    if (length >= threshold) {
-      return points;
-    }
-  }
-  return 0;
-}
-/**
- * Score based on keyword presence. Returns sum of matched keyword points.
- * @param {string} lower — lowercased message
- * @param {Record<string, number>} keywordSet
- * @returns {number}
- */
-export function scoreKeywords(lower, keywordSet) {
-  let total = 0;
-  for (const [keyword, points] of Object.entries(keywordSet)) {
-    if (lower.includes(keyword)) {
-      total += points;
-    }
-  }
-  return total;
-}
-/**
- * Score based on query structure patterns.
- * @param {string} lower — lowercased message
- * @returns {number}
- */
-export function scoreStructure(lower) {
-  let total = 0;
-  for (const [pattern, points] of STRUCTURE_PATTERNS) {
-    if (pattern.test(lower)) {
-      total += points;
-    }
-  }
-  // Count "and" conjunctions
-  const andMatches = lower.match(/\band\b/g);
-  const andCount = andMatches ? andMatches.length : 0;
-  if (andCount > AND_CONJUNCTION_THRESHOLD) {
-    total += AND_CONJUNCTION_POINTS;
-  }
-  return total;
-}
-/**
- * Bonus points when multiple frameworks are referenced.
- * @param {string} lower — lowercased message
- * @returns {number}
- */
-export function scoreFrameworkDensity(lower) {
-  let matches = 0;
-  let totalPoints = 0;
-  for (const [keyword, points] of Object.entries(FRAMEWORK_KEYWORDS)) {
-    if (lower.includes(keyword)) {
-      matches += 1;
-      totalPoints += points;
-    }
-  }
-  // Bonus for cross-framework queries (referencing 3+ frameworks)
-  if (matches >= 3) {
-    totalPoints += 3;
-  }
-  return totalPoints;
-}
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-/**
- * Classify a query's complexity based on multiple heuristic signals.
- * @param {string} message — The user's query string.
- * @returns {number} Complexity level (1=SIMPLE, 2=MODERATE, 3=COMPLEX, 4=EXPERT).
- */
-export function classify(message) {
-  const lower = message.toLowerCase();
-  let score = 0;
-  score += scoreLength(message);
-  score += scoreKeywords(lower, SIMPLE_KEYWORDS);
-  score += scoreKeywords(lower, COMPLEX_KEYWORDS);
-  score += scoreStructure(lower);
-  score += scoreFrameworkDensity(lower);
-  // Floor at 0 — negative scores are still SIMPLE
-  score = Math.max(score, 0);
-  if (score >= THRESHOLDS.expert) {
-    return COMPLEXITY.EXPERT;
-  }
-  if (score >= THRESHOLDS.complex) {
-    return COMPLEXITY.COMPLEX;
-  }
-  if (score >= THRESHOLDS.moderate) {
-    return COMPLEXITY.MODERATE;
-  }
-  return COMPLEXITY.SIMPLE;
-}
-/**
- * Map a complexity level to a backend name.
- *
- * COMPLEX and EXPERT → "claude", SIMPLE and MODERATE → "ollama".
- * The "litellm" backend is user-configured, not auto-routed.
- *
- * @param {number} level — The classified complexity level.
- * @returns {string} Backend string: "ollama" or "claude".
- */
-export function routeBackend(level) {
-  if (level >= COMPLEXITY.COMPLEX) {
-    return 'claude';
-  }
-  return 'ollama';
-}
-/**
- * Classify a message and return both the complexity level and backend.
- *
- * Convenience function combining classify() and routeBackend().
- *
- * @param {string} message — The user's query string.
- * @returns {[number, string]} Tuple of [complexity level, backend name].
- */
-export function classifyAndRoute(message) {
-  const level = classify(message);
-  const backend = routeBackend(level);
-  return [level, backend];
-}