nsauditor-ai 0.1.28 → 0.1.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +65 -0
- package/package.json +1 -1
package/cli.mjs
CHANGED
|
@@ -522,6 +522,14 @@ async function maybeSendToOpenAI({ host, results, conclusion, promptMode = 'basi
|
|
|
522
522
|
async function parseArgs(argv) {
|
|
523
523
|
const args = { cmd: 'scan', host: undefined, plugins: 'all', insecureHttps: false };
|
|
524
524
|
const a = argv.slice(2);
|
|
525
|
+
// Help: bare `--help`/`-h`/`help` or completely empty invocation.
|
|
526
|
+
// Recognized before the scan-default so it doesn't crash with
|
|
527
|
+
// "--host or --host-file is required" on a help request.
|
|
528
|
+
if (a.length === 0 || a[0] === '--help' || a[0] === '-h' || a[0] === 'help' ||
|
|
529
|
+
a.includes('--help') || a.includes('-h')) {
|
|
530
|
+
args.cmd = 'help';
|
|
531
|
+
return args;
|
|
532
|
+
}
|
|
525
533
|
if (a.length && !a[0].startsWith('--')) args.cmd = a[0];
|
|
526
534
|
|
|
527
535
|
const get = (name) => {
|
|
@@ -750,6 +758,63 @@ function maxSeverityInConclusion(conclusion) {
|
|
|
750
758
|
async function main() {
|
|
751
759
|
const { cmd, host, plugins, insecureHttps, hostFile, parallel, failOn, outputFormat, watch, intervalMinutes, webhookUrl, alertSeverity, ports, compliance, complianceScope } = await parseArgs(process.argv);
|
|
752
760
|
|
|
761
|
+
// Help: handled before license verification so it works without a key.
|
|
762
|
+
if (cmd === 'help') {
|
|
763
|
+
console.log(`nsauditor-ai — Modular AI-assisted network security audit platform
|
|
764
|
+
|
|
765
|
+
Usage:
|
|
766
|
+
nsauditor-ai [scan] --host <ip|cidr|hostname> [options]
|
|
767
|
+
nsauditor-ai [scan] --host-file <path> [options]
|
|
768
|
+
nsauditor-ai license <subcommand>
|
|
769
|
+
nsauditor-ai security <subcommand>
|
|
770
|
+
nsauditor-ai validate
|
|
771
|
+
nsauditor-ai help
|
|
772
|
+
|
|
773
|
+
Scan options:
|
|
774
|
+
--host, --ip, --target <h> Target host, IP, or CIDR
|
|
775
|
+
--host-file <path> File with one host per line
|
|
776
|
+
--plugins <list|all> Plugins to run (e.g. 001,003,020 or "all"; default: all)
|
|
777
|
+
--ports <range> Override port list (e.g. 22,80,443 or 1-1000)
|
|
778
|
+
--out <dir> Output directory for scan artifacts
|
|
779
|
+
--parallel <n> Parallel host concurrency (default 1)
|
|
780
|
+
--fail-on <severity> Exit non-zero if any finding ≥ severity
|
|
781
|
+
--output-format <fmt> Additional report format: sarif | csv | md
|
|
782
|
+
--insecure-https Skip TLS validation on probed HTTPS targets
|
|
783
|
+
--watch CTEM continuous mode
|
|
784
|
+
--interval <minutes> Watch interval (default 60)
|
|
785
|
+
--webhook-url <url> Send delta alerts (must be public; private/loopback blocked)
|
|
786
|
+
--alert-severity <sev> Min severity to alert on (default: high)
|
|
787
|
+
--compliance <framework> Run compliance mapping (e.g. soc2). Enterprise only.
|
|
788
|
+
--compliance-scope <path> JSON file describing the assessment scope
|
|
789
|
+
|
|
790
|
+
License subcommands:
|
|
791
|
+
nsauditor-ai license --status Show active tier, org, seats, expiry
|
|
792
|
+
nsauditor-ai license --capabilities List active capabilities for current tier
|
|
793
|
+
|
|
794
|
+
Security subcommands (macOS Keychain):
|
|
795
|
+
nsauditor-ai security set <KEY> Store a secret (read from stdin)
|
|
796
|
+
nsauditor-ai security delete <KEY> Remove a secret
|
|
797
|
+
nsauditor-ai security list List stored secrets (masked)
|
|
798
|
+
nsauditor-ai security get <KEY> Echo a secret (avoid in shared shells)
|
|
799
|
+
|
|
800
|
+
Environment:
|
|
801
|
+
NSAUDITOR_LICENSE_KEY Pro/Enterprise license JWT (env var; takes precedence)
|
|
802
|
+
NSA_ALLOW_ALL_HOSTS=1 Permit RFC1918 / loopback (local-network auditing)
|
|
803
|
+
CLOUD_PROVIDER=aws|gcp|azure Required for cloud scanner plugins (020/021/022)
|
|
804
|
+
AI_PROVIDER=openai|claude|ollama AI provider for report generation
|
|
805
|
+
COMPLIANCE_TSA_URL RFC 3161 timestamp authority for SOC 2 attestation
|
|
806
|
+
|
|
807
|
+
Examples:
|
|
808
|
+
nsauditor-ai scan --host 10.0.0.1 --plugins all
|
|
809
|
+
CLOUD_PROVIDER=aws AWS_PROFILE=default \\
|
|
810
|
+
nsauditor-ai scan --host aws --plugins 020
|
|
811
|
+
nsauditor-ai scan --host 10.0.0.0/24 --plugins all --compliance soc2
|
|
812
|
+
nsauditor-ai license --status
|
|
813
|
+
|
|
814
|
+
Docs: https://www.nsauditor.com/ai/ | Pricing: https://www.nsauditor.com/ai/pricing/`);
|
|
815
|
+
process.exit(0);
|
|
816
|
+
}
|
|
817
|
+
|
|
753
818
|
// Verify license JWT at startup (~5ms for ES256). Populates _verifiedTier
|
|
754
819
|
// so all subsequent getTierFromEnv() calls return the cryptographically
|
|
755
820
|
// validated tier instead of relying on prefix detection alone.
|