npm - opencode-api-security-testing - Versions diffs - 3.0.8 → 3.0.10 - Mend

opencode-api-security-testing 3.0.8 → 3.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/agents/api-cyber-supervisor.md +9 -3
package/agents/api-probing-miner.md +10 -2
package/agents/api-resource-specialist.md +44 -35
package/agents/api-vuln-verifier.md +56 -24
package/package.json +1 -1
package/postinstall.mjs +1 -0
package/preuninstall.mjs +43 -32
package/src/index.ts +3 -100
package/README.md +0 -74
package/SKILL.md +0 -1797
package/core/advanced_recon.py +0 -788
package/core/agentic_analyzer.py +0 -445
package/core/analyzers/api_parser.py +0 -210
package/core/analyzers/response_analyzer.py +0 -212
package/core/analyzers/sensitive_finder.py +0 -184
package/core/api_fuzzer.py +0 -422
package/core/api_interceptor.py +0 -525
package/core/api_parser.py +0 -955
package/core/browser_tester.py +0 -479
package/core/cloud_storage_tester.py +0 -1330
package/core/collectors/__init__.py +0 -23
package/core/collectors/api_path_finder.py +0 -300
package/core/collectors/browser_collect.py +0 -645
package/core/collectors/browser_collector.py +0 -411
package/core/collectors/http_client.py +0 -111
package/core/collectors/js_collector.py +0 -490
package/core/collectors/js_parser.py +0 -780
package/core/collectors/url_collector.py +0 -319
package/core/context_manager.py +0 -682
package/core/deep_api_tester_v35.py +0 -844
package/core/deep_api_tester_v55.py +0 -366
package/core/dynamic_api_analyzer.py +0 -532
package/core/http_client.py +0 -179
package/core/models.py +0 -296
package/core/orchestrator.py +0 -890
package/core/prerequisite.py +0 -227
package/core/reasoning_engine.py +0 -1042
package/core/response_classifier.py +0 -606
package/core/runner.py +0 -938
package/core/scan_engine.py +0 -599
package/core/skill_executor.py +0 -435
package/core/skill_executor_v2.py +0 -670
package/core/skill_executor_v3.py +0 -704
package/core/smart_analyzer.py +0 -687
package/core/strategy_pool.py +0 -707
package/core/testers/auth_tester.py +0 -264
package/core/testers/idor_tester.py +0 -200
package/core/testers/sqli_tester.py +0 -211
package/core/testing_loop.py +0 -655
package/core/utils/base_path_dict.py +0 -255
package/core/utils/payload_lib.py +0 -167
package/core/utils/ssrf_detector.py +0 -220
package/core/verifiers/vuln_verifier.py +0 -536
package/references/README.md +0 -72
package/references/asset-discovery.md +0 -119
package/references/fuzzing-patterns.md +0 -129
package/references/graphql-guidance.md +0 -108
package/references/intake.md +0 -84
package/references/pua-agent.md +0 -192
package/references/report-template.md +0 -156
package/references/rest-guidance.md +0 -76
package/references/severity-model.md +0 -76
package/references/test-matrix.md +0 -86
package/references/validation.md +0 -78
package/references/vulnerabilities/01-sqli-tests.md +0 -1128
package/references/vulnerabilities/02-user-enum-tests.md +0 -423
package/references/vulnerabilities/03-jwt-tests.md +0 -499
package/references/vulnerabilities/04-idor-tests.md +0 -362
package/references/vulnerabilities/05-sensitive-data-tests.md +0 -466
package/references/vulnerabilities/06-biz-logic-tests.md +0 -501
package/references/vulnerabilities/07-security-config-tests.md +0 -511
package/references/vulnerabilities/08-brute-force-tests.md +0 -457
package/references/vulnerabilities/09-vulnerability-chains.md +0 -465
package/references/vulnerabilities/10-auth-tests.md +0 -537
package/references/vulnerabilities/11-graphql-tests.md +0 -355
package/references/vulnerabilities/12-ssrf-tests.md +0 -396
package/references/vulnerabilities/README.md +0 -148
package/references/workflows.md +0 -192
package/src/hooks/directory-agents-injector.ts +0 -106

package/core/prerequisite.py DELETED Viewed

@@ -1,227 +0,0 @@
-"""
-前置检查模块 - Playwright 依赖检测与自动修复
-检测顺序:
-1. Playwright (首选)
-2. Pyppeteer (异步无头浏览器)
-3. Selenium (多浏览器支持)
-4. MCP: headless_browser
-5. Skill: headless_browser skill
-自动修复:
-- playwright install-deps
-- playwright install chromium
-- pip install playwright
-"""
-import subprocess
-import sys
-def check_playwright():
-    """检查 Playwright 是否可用"""
-    try:
-        from playwright.sync_api import sync_playwright
-        with sync_playwright() as p:
-            browser = p.chromium.launch(headless=True)
-            browser.close()
-        return True, "playwright"
-    except ImportError:
-        return False, "playwright_not_installed"
-    except Exception as e:
-        return False, f"playwright_error: {e}"
-def check_pyppeteer():
-    """检查 Pyppeteer 是否可用"""
-    try:
-        import pyppeteer
-        return True, "pyppeteer"
-    except ImportError:
-        return False, "pyppeteer_not_installed"
-    except Exception as e:
-        return False, f"pyppeteer_error: {e}"
-def check_selenium():
-    """检查 Selenium 是否可用"""
-    try:
-        from selenium import webdriver
-        from selenium.webdriver.chrome.options import Options
-        options = Options()
-        options.add_argument('--headless')
-        options.add_argument('--no-sandbox')
-        driver = webdriver.Chrome(options=options)
-        driver.quit()
-        return True, "selenium"
-    except ImportError:
-        return False, "selenium_not_installed"
-    except Exception as e:
-        return False, f"selenium_error: {e}"
-def check_mcp_headless_browser():
-    """检查 MCP: headless_browser 是否可用"""
-    try:
-        import mcp
-        # 尝试导入 headless_browser MCP
-        from mcp.server import Server
-        return True, "mcp_headless_browser"
-    except ImportError:
-        return False, "mcp_not_installed"
-    except Exception as e:
-        return False, f"mcp_error: {e}"
-def check_skill_headless_browser():
-    """检查 headless_browser skill 是否存在"""
-    import os
-    skill_paths = [
-        "/root/.claude/skills/headless_browser/SKILL.md",
-        "./skills/headless_browser/SKILL.md",
-        "../headless_browser/SKILL.md",
-    ]
-    for path in skill_paths:
-        if os.path.exists(path):
-            return True, f"headless_browser_skill: {path}"
-    return False, "headless_browser_skill_not_found"
-def auto_install_playwright():
-    """自动安装 Playwright"""
-    print("  [尝试自动安装 Playwright...]")
-    commands = [
-        ["pip", "install", "playwright"],
-        ["playwright", "install-deps", "chromium"],
-        ["playwright", "install", "chromium"],
-    ]
-    for cmd in commands:
-        try:
-            print(f"  [执行] {' '.join(cmd)}")
-            result = subprocess.run(
-                cmd,
-                capture_output=True,
-                text=True,
-                timeout=120
-            )
-            if result.returncode == 0:
-                print(f"  [OK] {' '.join(cmd)}")
-            else:
-                print(f"  [FAIL] {' '.join(cmd)}: {result.stderr[:100]}")
-        except subprocess.TimeoutExpired:
-            print(f"  [TIMEOUT] {' '.join(cmd)}")
-        except Exception as e:
-            print(f"  [ERROR] {' '.join(cmd)}: {e}")
-    # 验证安装
-    available, reason = check_playwright()
-    if available:
-        print("  [OK] Playwright 安装成功!")
-        return True
-    else:
-        print(f"  [FAIL] Playwright 仍不可用: {reason}")
-        return False
-def check_browser_alternatives():
-    """
-    检测无头浏览器平替方案
-    Returns:
-        (available, browser_type, can_proceed)
-    """
-    print("\n[无头浏览器检测]")
-    print("-" * 40)
-    # 1. 检查 Playwright
-    available, reason = check_playwright()
-    if available:
-        print(f"  [OK] Playwright 可用")
-        return True, "playwright", True
-    print(f"  [FAIL] Playwright 不可用: {reason}")
-    # 2. 检查平替方案
-    alternatives = [
-        ("Pyppeteer", check_pyppeteer),
-        ("Selenium", check_selenium),
-        ("MCP: headless_browser", check_mcp_headless_browser),
-        ("Skill: headless_browser", check_skill_headless_browser),
-    ]
-    found_alternatives = []
-    for name, check_func in alternatives:
-        available, reason = check_func()
-        if available:
-            print(f"  [发现平替] {name}")
-            found_alternatives.append(name)
-        else:
-            print(f"  [未发现] {name}: {reason}")
-    # 3. 尝试自动安装 Playwright
-    print("\n[尝试自动安装...]")
-    if auto_install_playwright():
-        return True, "playwright", True
-    # 4. 如果有平替方案，提示用户
-    if found_alternatives:
-        print(f"\n  [提示] 发现 {len(found_alternatives)} 个平替方案:")
-        for alt in found_alternatives:
-            print(f"    - {alt}")
-        print("  [建议] 可以使用平替方案继续测试")
-        return False, found_alternatives[0], True
-    # 5. 无任何方案
-    print("\n  [FATAL] 没有任何可用的无头浏览器方案")
-    print("  [建议] 请手动安装 Playwright:")
-    print("    pip install playwright")
-    print("    playwright install-deps chromium")
-    print("    playwright install chromium")
-    return False, None, False
-def prerequisite_check():
-    """
-    前置检查主函数
-    Returns:
-        (playwright_available, browser_type, can_proceed)
-    """
-    print("\n" + "=" * 50)
-    print("  [0] 前置检查")
-    print("=" * 50)
-    # 检查 requests
-    print("\n[Requests 检测]")
-    try:
-        import requests
-        print("  [OK] requests 可用")
-        requests_available = True
-    except ImportError:
-        print("  [FAIL] requests 未安装")
-        requests_available = False
-    if not requests_available:
-        print("\n  [FATAL] requests 是必需依赖")
-        print("  [建议] pip install requests")
-        return False, None, False
-    # 检查无头浏览器
-    playwright_available, browser_type, can_proceed = check_browser_alternatives()
-    print("\n" + "=" * 50)
-    print("  前置检查结果:")
-    print(f"    requests: {'OK' if requests_available else 'FAIL'}")
-    print(f"    无头浏览器: {'OK' if playwright_available else 'FAIL'}")
-    if browser_type:
-        print(f"    浏览器类型: {browser_type}")
-    print("=" * 50 + "\n")
-    return playwright_available, browser_type, can_proceed
-if __name__ == "__main__":
-    prerequisite_check()