kramscan 0.1.0 → 0.2.0

package/dist/commands/scan.js

@@ -1,124 +1,304 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.registerScanCommand = registerScanCommand;
-const chalk_1 = __importDefault(require("chalk"));
+const commander_1 = require("commander");
 const scanner_1 = require("../core/scanner");
+const scan_index_1 = require("../core/scan-index");
+const scan_storage_1 = require("../core/scan-storage");
+const config_1 = require("../core/config");
+const PdfGenerator_1 = require("../reports/PdfGenerator");
+const theme_1 = require("../utils/theme");
 const logger_1 = require("../utils/logger");
 const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = __importDefault(require("path"));
-const os_1 = __importDefault(require("os"));
 function registerScanCommand(program) {
     program
         .command("scan <url>")
         .description("Scan a target URL for vulnerabilities")
-        .option("-d, --depth <number>", "Crawl depth", "2")
-        .option("-t, --timeout <ms>", "Request timeout", "30000")
+        .option("--profile <name>", "Scan profile: quick|balanced|deep", "balanced")
+        .option("-d, --depth <number>", "Crawl depth (overrides profile)")
+        .option("-t, --timeout <ms>", "Request timeout (overrides profile)")
+        .option("--max-pages <number>", "Maximum pages to crawl (overrides profile)")
+        .option("--max-links-per-page <number>", "Maximum links to follow per page (overrides profile)")
+        .option("--include <regex...>", "Only include URLs matching these regex patterns")
+        .option("--exclude <regex...>", "Exclude URLs matching these regex patterns")
+        .option("--no-pdf", "Disable automatic PDF report generation")
+        .option("--json", "Output scan results as JSON to stdout (CI/CD mode)")
         .option("-o, --output <file>", "Save results to file")
         .option("--headless", "Run in headless mode", true)
+        .option("--no-plugins", "Disable plugin-based scanning (use legacy mode)")
         .action(async (url, options) => {
-        console.log("");
-        console.log(chalk_1.default.bold.cyan("🔍 Starting Security Scan"));
-        console.log(chalk_1.default.gray("─".repeat(50)));
-        console.log("");
+        const jsonMode = options.json === true;
+        if (!jsonMode) {
+            console.log("");
+            console.log(theme_1.theme.brand.bold("🔍 Starting Security Scan"));
+            console.log(theme_1.theme.gray("─".repeat(50)));
+            console.log("");
+        }
         // Validate URL
         try {
             new URL(url);
         }
         catch (error) {
-            logger_1.logger.error(`Invalid URL: ${url}`);
+            if (jsonMode) {
+                console.log(JSON.stringify({ error: `Invalid URL: ${url}` }));
+            }
+            else {
+                logger_1.logger.error(`Invalid URL: ${url}`);
+            }
             process.exit(1);
         }
-        const spinner = logger_1.logger.spinner("Initializing scanner...");
+        const spinner = jsonMode ? null : logger_1.logger.spinner("Initializing scanner...");
         try {
-            const scanner = new scanner_1.Scanner();
-            spinner.text = `Scanning ${url}...`;
-            const result = await scanner.scan(url, {
-                depth: parseInt(options.depth),
-                timeout: parseInt(options.timeout),
-                headless: options.headless,
+            const profile = String(options.profile || "balanced").toLowerCase();
+            const defaults = config_1.scanProfiles[profile] || config_1.scanProfiles.balanced;
+            const parsedDepth = Number.parseInt(options.depth ?? String(defaults.depth), 10);
+            const parsedTimeout = Number.parseInt(options.timeout ?? String(defaults.timeout), 10);
+            const parsedMaxPages = Number.parseInt(options.maxPages ?? String(defaults.maxPages), 10);
+            const parsedMaxLinksPerPage = Number.parseInt(options.maxLinksPerPage ?? String(defaults.maxLinksPerPage), 10);
+            if (!Number.isFinite(parsedDepth) || parsedDepth < 1 || parsedDepth > 5) {
+                throw new Error("Depth must be a number between 1 and 5.");
+            }
+            if (!Number.isFinite(parsedTimeout) || parsedTimeout < 1000) {
+                throw new Error("Timeout must be a positive number (milliseconds).");
+            }
+            if (!Number.isFinite(parsedMaxPages) || parsedMaxPages < 1) {
+                throw new Error("max-pages must be a positive number.");
+            }
+            if (!Number.isFinite(parsedMaxLinksPerPage) || parsedMaxLinksPerPage < 1) {
+                throw new Error("max-links-per-page must be a positive number.");
+            }
+            // Display scan estimate
+            if (!jsonMode) {
+                const estimateMap = {
+                    quick: "~15–30s",
+                    balanced: "~30–90s",
+                    deep: "~2–5min",
+                };
+                const estimate = estimateMap[profile] || estimateMap.balanced;
+                console.log(theme_1.theme.gray(`  ⏱  Estimated duration: ${estimate} (${profile} profile)`));
+                console.log("");
+            }
+            const scanner = new scanner_1.Scanner(options.plugins !== false);
+            // Set up event listeners for progress feedback
+            let currentStage = "initializing";
+            let vulnerabilitiesFound = 0;
+            scanner.on("scan:start", () => {
+                if (spinner)
+                    spinner.text = `Starting scan of ${url}...`;
+                currentStage = "scanning";
+            });
+            scanner.on("crawl:page", (data) => {
+                if (spinner)
+                    spinner.text = `Crawling: ${data.url} (${data.crawledCount}/${data.maxPages})`;
+                currentStage = "crawling";
+            });
+            scanner.on("form:test", (data) => {
+                if (spinner)
+                    spinner.text = `Testing forms on ${data.url} (${data.formCount} forms)...`;
+                currentStage = "testing forms";
             });
-            spinner.succeed("Scan complete!");
+            scanner.on("vuln:found", (data) => {
+                vulnerabilitiesFound++;
+                if (spinner) {
+                    spinner.stopAndPersist({
+                        symbol: theme_1.theme.warning("⚠️"),
+                        text: `Found ${data.vulnerability.severity} vulnerability: ${data.vulnerability.title}`
+                    });
+                    spinner.start(`Continuing scan (${vulnerabilitiesFound} vulns found)...`);
+                }
+            });
+            scanner.on("scan:complete", () => {
+                if (spinner)
+                    spinner.text = "Finalizing scan results...";
+            });
+            scanner.on("crawl:error", (data) => {
+                if (!jsonMode)
+                    logger_1.logger.warn(`Failed to crawl ${data.url}: ${data.error.message}`);
+            });
+            const scanOptions = {
+                depth: parsedDepth,
+                timeout: parsedTimeout,
+                headless: options.headless,
+                maxPages: parsedMaxPages,
+                maxLinksPerPage: parsedMaxLinksPerPage,
+                include: options.include,
+                exclude: options.exclude,
+                profile,
+            };
+            const result = await scanner.scan(url, scanOptions);
+            if (spinner)
+                spinner.succeed("Scan complete!");
             // Save results
-            const scanDir = path_1.default.join(os_1.default.homedir(), ".kramscan", "scans");
-            await promises_1.default.mkdir(scanDir, { recursive: true });
+            const scanDir = await (0, scan_storage_1.ensureScansDirectory)();
             const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
             const filename = options.output || `scan-${timestamp}.json`;
             const filepath = path_1.default.isAbsolute(filename)
                 ? filename
                 : path_1.default.join(scanDir, filename);
-            await promises_1.default.writeFile(filepath, JSON.stringify(result, null, 2));
-            // Display summary
-            console.log("");
-            console.log(chalk_1.default.bold("📊 Scan Summary"));
-            console.log(chalk_1.default.gray("─".repeat(50)));
-            console.log("");
-            console.log(chalk_1.default.white("Target:"), chalk_1.default.cyan(result.target));
-            console.log(chalk_1.default.white("Duration:"), chalk_1.default.cyan(`${(result.duration / 1000).toFixed(2)}s`));
-            console.log(chalk_1.default.white("URLs Crawled:"), chalk_1.default.cyan(result.metadata.crawledUrls));
-            console.log(chalk_1.default.white("Forms Tested:"), chalk_1.default.cyan(result.metadata.testedForms));
-            console.log(chalk_1.default.white("Requests Made:"), chalk_1.default.cyan(result.metadata.requestsMade));
-            console.log("");
-            // Vulnerability summary
-            console.log(chalk_1.default.bold("🛡️  Vulnerabilities Found"));
-            console.log(chalk_1.default.gray("─".repeat(50)));
-            console.log("");
-            const { summary } = result;
-            if (summary.total === 0) {
-                console.log(chalk_1.default.green("✓ No vulnerabilities found!"));
+            // Include error data in JSON
+            const scanErrors = scanner.getScanErrors();
+            const pluginErrors = scanner.getPluginErrors();
+            const resultWithErrors = {
+                ...result,
+                errors: {
+                    scan: scanErrors,
+                    plugins: Object.fromEntries(pluginErrors),
+                },
+            };
+            await promises_1.default.writeFile(filepath, JSON.stringify(resultWithErrors, null, 2));
+            // In JSON mode, output the result to stdout and exit
+            if (jsonMode) {
+                console.log(JSON.stringify(resultWithErrors, null, 2));
+                return;
             }
-            else {
-                if (summary.critical > 0)
-                    console.log(chalk_1.default.red(`  ${summary.critical} Critical`), chalk_1.default.gray("- Immediate action required"));
-                if (summary.high > 0)
-                    console.log(chalk_1.default.red(`  ${summary.high} High`), chalk_1.default.gray("- Should be fixed soon"));
-                if (summary.medium > 0)
-                    console.log(chalk_1.default.yellow(`  ${summary.medium} Medium`), chalk_1.default.gray("- Fix when possible"));
-                if (summary.low > 0)
-                    console.log(chalk_1.default.blue(`  ${summary.low} Low`), chalk_1.default.gray("- Minor issues"));
-                if (summary.info > 0)
-                    console.log(chalk_1.default.gray(`  ${summary.info} Info`), chalk_1.default.gray("- Informational"));
+            let pdfPath = null;
+            if (options.pdf !== false) {
+                const pdfSpinner = logger_1.logger.spinner("Generating PDF report...");
+                try {
+                    const pdfData = {
+                        scanResult: result,
+                        scanErrors,
+                        pluginErrors,
+                    };
+                    pdfPath = await PdfGenerator_1.pdfGenerator.generate(pdfData);
+                    pdfSpinner.succeed("PDF report generated!");
+                }
+                catch (error) {
+                    pdfSpinner.fail("PDF report generation failed");
+                    logger_1.logger.warn(`Could not generate PDF automatically: ${error.message}`);
+                }
             }
-            console.log("");
-            console.log(chalk_1.default.gray("Results saved to:"), chalk_1.default.white(filepath));
-            console.log("");
-            // Show top vulnerabilities
-            if (result.vulnerabilities.length > 0) {
-                console.log(chalk_1.default.bold("🔴 Top Findings"));
-                console.log(chalk_1.default.gray("─".repeat(50)));
+            try {
+                const target = new URL(result.target);
+                await (0, scan_index_1.addScanToIndex)({
+                    target: result.target,
+                    hostname: target.hostname || "unknown",
+                    timestamp: result.timestamp,
+                    jsonPath: filepath,
+                    pdfPath: pdfPath || undefined,
+                    summary: result.summary,
+                });
+            }
+            catch (error) {
+                logger_1.logger.debug(`Failed to update scan index: ${error.message}`);
+            }
+            // Display summary using theme
+            (0, theme_1.displayScanSummary)({
+                target: result.target,
+                duration: result.duration,
+                metadata: result.metadata,
+                summary: result.summary,
+                vulnerabilities: result.vulnerabilities,
+                filepath,
+                pdfPath,
+            });
+            // Display any scan errors
+            const scanErrorsList = scanner.getScanErrors();
+            const pluginErrorsMap = scanner.getPluginErrors();
+            if (scanErrorsList.length > 0 || pluginErrorsMap.size > 0) {
+                console.log(theme_1.theme.warning("⚠️  Some URLs/plugins encountered errors:"));
+                if (scanErrorsList.length > 0) {
+                    console.log(theme_1.theme.yellow("  Crawl Errors:"));
+                    for (const error of scanErrorsList.slice(0, 5)) {
+                        console.log(theme_1.theme.gray(`    - ${error.url}: ${error.error}`));
+                    }
+                    if (scanErrorsList.length > 5) {
+                        console.log(theme_1.theme.gray(`    ... and ${scanErrorsList.length - 5} more`));
+                    }
+                }
+                if (pluginErrorsMap.size > 0) {
+                    console.log(theme_1.theme.yellow("  Plugin Errors:"));
+                    for (const [pluginName, errors] of pluginErrorsMap) {
+                        console.log(theme_1.theme.gray(`    ${pluginName}:`));
+                        for (const error of errors.slice(0, 3)) {
+                            console.log(theme_1.theme.gray(`      - ${error.url}: ${error.error}`));
+                        }
+                        if (errors.length > 3) {
+                            console.log(theme_1.theme.gray(`      ... and ${errors.length - 3} more`));
+                        }
+                    }
+                    const totalPluginErrors = Array.from(pluginErrorsMap.values()).reduce((sum, errs) => sum + errs.length, 0);
+                    if (totalPluginErrors > 10) {
+                        console.log(theme_1.theme.gray(`  Total plugin errors: ${totalPluginErrors}`));
+                    }
+                }
                 console.log("");
-                const topVulns = result.vulnerabilities
-                    .sort((a, b) => {
-                    const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
-                    return severityOrder[a.severity] - severityOrder[b.severity];
-                })
-                    .slice(0, 5);
-                for (const vuln of topVulns) {
-                    const severityColor = vuln.severity === "critical" || vuln.severity === "high"
-                        ? chalk_1.default.red
-                        : vuln.severity === "medium"
-                            ? chalk_1.default.yellow
-                            : chalk_1.default.blue;
-                    console.log(severityColor(`[${vuln.severity.toUpperCase()}]`), chalk_1.default.bold(vuln.title));
-                    console.log(chalk_1.default.gray(`  ${vuln.url}`));
-                    console.log(chalk_1.default.white(`  ${vuln.description}`));
-                    console.log("");
+            }
+            // Add "What's Next" interactive prompt
+            if (!jsonMode) {
+                const inquirer = (await Promise.resolve().then(() => __importStar(require("inquirer")))).default;
+                const { nextAction } = await inquirer.prompt([
+                    {
+                        type: "list",
+                        name: "nextAction",
+                        message: theme_1.theme.cyan("Scan complete! What would you like to do next?"),
+                        choices: [
+                            { name: "🧠  Analyze findings with AI", value: "analyze" },
+                            { name: "📄  Generate a professional report", value: "report" },
+                            { name: "👋  Exit to main menu", value: "exit" }
+                        ]
+                    }
+                ]);
+                if (nextAction === "analyze") {
+                    const { registerAnalyzeCommand } = await Promise.resolve().then(() => __importStar(require("./analyze")));
+                    const analyzeProgram = new commander_1.Command();
+                    registerAnalyzeCommand(analyzeProgram);
+                    await analyzeProgram.parseAsync(["node", "kramscan", "analyze", filepath]);
                 }
-                if (result.vulnerabilities.length > 5) {
-                    console.log(chalk_1.default.gray(`  ... and ${result.vulnerabilities.length - 5} more`));
-                    console.log("");
+                else if (nextAction === "report") {
+                    const { registerReportCommand } = await Promise.resolve().then(() => __importStar(require("./report")));
+                    const reportProgram = new commander_1.Command();
+                    registerReportCommand(reportProgram);
+                    await reportProgram.parseAsync(["node", "kramscan", "report", filepath]);
                 }
             }
-            console.log(chalk_1.default.cyan("💡 Next steps:"));
-            console.log(chalk_1.default.white(`  1. Run ${chalk_1.default.cyan(`kramscan analyze ${filepath}`)} for AI-powered insights`));
-            console.log(chalk_1.default.white(`  2. Run ${chalk_1.default.cyan(`kramscan report ${filepath}`)} to generate a report`));
-            console.log("");
         }
         catch (error) {
-            spinner.fail("Scan failed");
-            logger_1.logger.error(error.message);
+            if (spinner)
+                spinner.fail("Scan failed");
+            if (jsonMode) {
+                console.log(JSON.stringify({ error: error.message }));
+            }
+            else {
+                logger_1.logger.error(error.message);
+            }
             process.exit(1);
         }
     });

package/dist/commands/scans.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerScansCommand(program: Command): void;

package/dist/commands/scans.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerScansCommand = registerScansCommand;
+const chalk_1 = __importDefault(require("chalk"));
+const scan_index_1 = require("../core/scan-index");
+const logger_1 = require("../utils/logger");
+function registerScansCommand(program) {
+    const scans = program.command("scans").description("Manage saved scans");
+    scans
+        .command("list")
+        .description("List recent scans")
+        .option("-n, --limit <number>", "How many scans to show", "20")
+        .action(async (options) => {
+        const limit = Number.parseInt(options.limit, 10);
+        const entries = await (0, scan_index_1.listScans)(Number.isFinite(limit) ? limit : 20);
+        if (entries.length === 0) {
+            logger_1.logger.warn("No scans found in index yet. Run 'kramscan scan <url>' first.");
+            return;
+        }
+        console.log("");
+        console.log(chalk_1.default.bold.cyan("Recent Scans"));
+        console.log(chalk_1.default.gray("-".repeat(60)));
+        for (const entry of entries) {
+            console.log(chalk_1.default.white(entry.timestamp), chalk_1.default.gray("-"), chalk_1.default.cyan(entry.hostname));
+            console.log(chalk_1.default.gray("  JSON:"), chalk_1.default.white(entry.jsonPath));
+            if (entry.pdfPath) {
+                console.log(chalk_1.default.gray("  PDF :"), chalk_1.default.white(entry.pdfPath));
+            }
+            console.log(chalk_1.default.gray("  Findings:"), chalk_1.default.white(`${entry.summary.total} total (${entry.summary.critical}C ${entry.summary.high}H ${entry.summary.medium}M ${entry.summary.low}L ${entry.summary.info}I)`));
+            console.log("");
+        }
+    });
+    scans
+        .command("latest")
+        .description("Show the latest scan paths")
+        .action(async () => {
+        const latest = await (0, scan_index_1.getLatestScan)();
+        if (!latest) {
+            logger_1.logger.warn("No scans found in index yet. Run 'kramscan scan <url>' first.");
+            return;
+        }
+        console.log(chalk_1.default.bold("Latest scan:"));
+        console.log(chalk_1.default.gray("Target:"), chalk_1.default.cyan(latest.target));
+        console.log(chalk_1.default.gray("Time  :"), chalk_1.default.white(latest.timestamp));
+        console.log(chalk_1.default.gray("JSON  :"), chalk_1.default.white(latest.jsonPath));
+        console.log(chalk_1.default.gray("PDF   :"), chalk_1.default.white(latest.pdfPath || "N/A"));
+    });
+}

package/dist/core/ai-client.d.ts

@@ -1,3 +1,4 @@
+import { ScanResult } from "./vulnerability-detector";
 export interface AIResponse {
     content: string;
     usage?: {
@@ -7,6 +8,10 @@ export interface AIResponse {
     };
 }
 export interface AIClient {
-    analyze(prompt: string): Promise<AIResponse>;
+    analyze(prompt: string, systemPrompt?: string): Promise<AIResponse>;
 }
-export declare function createAIClient(): AIClient;
+export declare function createAIClient(): Promise<AIClient>;
+/**
+ * Generates a high-level executive summary of the scan results using AI.
+ */
+export declare function generateExecutiveSummary(client: AIClient, result: ScanResult): Promise<string>;