npm - opencode-api-security-testing - Versions diffs - 3.0.9 → 3.0.10 - Mend

opencode-api-security-testing 3.0.9 → 3.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/agents/api-cyber-supervisor.md +22 -19
package/agents/api-probing-miner.md +34 -10
package/agents/api-resource-specialist.md +49 -20
package/agents/api-vuln-verifier.md +69 -18
package/package.json +1 -1
package/postinstall.mjs +1 -0
package/preuninstall.mjs +43 -32
package/src/index.ts +6 -3
package/README.md +0 -74
package/SKILL.md +0 -1797
package/core/advanced_recon.py +0 -788
package/core/agentic_analyzer.py +0 -445
package/core/analyzers/api_parser.py +0 -210
package/core/analyzers/response_analyzer.py +0 -212
package/core/analyzers/sensitive_finder.py +0 -184
package/core/api_fuzzer.py +0 -422
package/core/api_interceptor.py +0 -525
package/core/api_parser.py +0 -955
package/core/browser_tester.py +0 -479
package/core/cloud_storage_tester.py +0 -1330
package/core/collectors/__init__.py +0 -23
package/core/collectors/api_path_finder.py +0 -300
package/core/collectors/browser_collect.py +0 -645
package/core/collectors/browser_collector.py +0 -411
package/core/collectors/http_client.py +0 -111
package/core/collectors/js_collector.py +0 -490
package/core/collectors/js_parser.py +0 -780
package/core/collectors/url_collector.py +0 -319
package/core/context_manager.py +0 -682
package/core/deep_api_tester_v35.py +0 -844
package/core/deep_api_tester_v55.py +0 -366
package/core/dynamic_api_analyzer.py +0 -532
package/core/http_client.py +0 -179
package/core/models.py +0 -296
package/core/orchestrator.py +0 -890
package/core/prerequisite.py +0 -227
package/core/reasoning_engine.py +0 -1042
package/core/response_classifier.py +0 -606
package/core/runner.py +0 -938
package/core/scan_engine.py +0 -599
package/core/skill_executor.py +0 -435
package/core/skill_executor_v2.py +0 -670
package/core/skill_executor_v3.py +0 -704
package/core/smart_analyzer.py +0 -687
package/core/strategy_pool.py +0 -707
package/core/testers/auth_tester.py +0 -264
package/core/testers/idor_tester.py +0 -200
package/core/testers/sqli_tester.py +0 -211
package/core/testing_loop.py +0 -655
package/core/utils/base_path_dict.py +0 -255
package/core/utils/payload_lib.py +0 -167
package/core/utils/ssrf_detector.py +0 -220
package/core/verifiers/vuln_verifier.py +0 -536
package/references/README.md +0 -72
package/references/asset-discovery.md +0 -119
package/references/fuzzing-patterns.md +0 -129
package/references/graphql-guidance.md +0 -108
package/references/intake.md +0 -84
package/references/pua-agent.md +0 -192
package/references/report-template.md +0 -156
package/references/rest-guidance.md +0 -76
package/references/severity-model.md +0 -76
package/references/test-matrix.md +0 -86
package/references/validation.md +0 -78
package/references/vulnerabilities/01-sqli-tests.md +0 -1128
package/references/vulnerabilities/02-user-enum-tests.md +0 -423
package/references/vulnerabilities/03-jwt-tests.md +0 -499
package/references/vulnerabilities/04-idor-tests.md +0 -362
package/references/vulnerabilities/05-sensitive-data-tests.md +0 -466
package/references/vulnerabilities/06-biz-logic-tests.md +0 -501
package/references/vulnerabilities/07-security-config-tests.md +0 -511
package/references/vulnerabilities/08-brute-force-tests.md +0 -457
package/references/vulnerabilities/09-vulnerability-chains.md +0 -465
package/references/vulnerabilities/10-auth-tests.md +0 -537
package/references/vulnerabilities/11-graphql-tests.md +0 -355
package/references/vulnerabilities/12-ssrf-tests.md +0 -396
package/references/vulnerabilities/README.md +0 -148
package/references/workflows.md +0 -192

package/core/orchestrator.py DELETED Viewed

@@ -1,890 +0,0 @@
-#!/usr/bin/env python3
-"""
-Agentic Orchestrator - 智能编排器 v3.0
-集成组件:
-- ReasoningEngine: 多层级推理引擎
-- ContextManager: 上下文管理器
-- StrategyPool: 策略池系统
-- InsightDrivenLoop: 洞察驱动测试循环
-核心理念：
-1. 每个模块输出后，理解其含义
-2. 根据当前状态，动态调整策略
-3. 不是按顺序执行，而是按需执行
-4. 失败时理解原因，而不是简单地继续
-"""
-import re
-import time
-import json
-from datetime import datetime
-from typing import Dict, List, Set, Tuple, Optional, Any, Callable
-from dataclasses import dataclass, field, asdict
-from enum import Enum
-import logging
-try:
-    import requests
-    HAS_REQUESTS = True
-except ImportError:
-    HAS_REQUESTS = False
-try:
-    from .reasoning_engine import (
-        Reasoner, Insight, InsightType, UnderstandingLevel,
-        Observation, Finding, InsightStore, create_reasoner
-    )
-    from .context_manager import (
-        ContextManager, GlobalContext, TechStackContext,
-        NetworkContext, SecurityContext, ContentContext,
-        Endpoint, TestPhase, RateLimitStatus, ExposureLevel,
-        DataClassification, create_context_manager
-    )
-    from .strategy_pool import (
-        StrategyPool, Strategy, Strategist, StrategyContext,
-        Action, Condition, StrategyState, create_strategy_pool, create_strategist
-    )
-    from .testing_loop import (
-        InsightDrivenLoop, Validator, LoopState, TestAction,
-        ActionResult, Validation, LoopProgress, create_test_loop
-    )
-except ImportError:
-    from reasoning_engine import (
-        Reasoner, Insight, InsightType, UnderstandingLevel,
-        Observation, Finding, InsightStore, create_reasoner
-    )
-    from context_manager import (
-        ContextManager, GlobalContext, TechStackContext,
-        NetworkContext, SecurityContext, ContentContext,
-        Endpoint, TestPhase, RateLimitStatus, ExposureLevel,
-        DataClassification, create_context_manager
-    )
-    from strategy_pool import (
-        StrategyPool, Strategy, Strategist, StrategyContext,
-        Action, Condition, StrategyState, create_strategy_pool, create_strategist
-    )
-    from testing_loop import (
-        InsightDrivenLoop, Validator, LoopState, TestAction,
-        ActionResult, Validation, LoopProgress, create_test_loop
-    )
-logger = logging.getLogger(__name__)
-class StageStatus(Enum):
-    """阶段状态"""
-    PENDING = "pending"
-    RUNNING = "running"
-    COMPLETED = "completed"
-    FAILED = "failed"
-    SKIPPED = "skipped"
-    ADAPTED = "adapted"
-@dataclass
-class StageResult:
-    """阶段结果"""
-    name: str
-    status: StageStatus
-    duration: float = 0.0
-    data: Any = None
-    insights: List[Dict] = field(default_factory=list)
-    problems: List[str] = field(default_factory=list)
-    suggestions: List[str] = field(default_factory=list)
-    next_stages: List[str] = field(default_factory=list)
-    def summary(self) -> str:
-        return f"{self.name}: {self.status.value} ({self.duration:.1f}s)"
-    def to_dict(self) -> Dict:
-        return {
-            'name': self.name,
-            'status': self.status.value,
-            'duration': self.duration,
-            'insights': self.insights,
-            'problems': self.problems,
-            'suggestions': self.suggestions,
-            'next_stages': self.next_stages
-        }
-class EnhancedAgenticOrchestrator:
-    """
-    增强型 Agentic Orchestrator v3.0
-    集成组件：
-    - ReasoningEngine: 多层级推理引擎
-    - ContextManager: 上下文管理器
-    - StrategyPool: 策略池系统
-    - InsightDrivenLoop: 洞察驱动测试循环
-    """
-    def __init__(self, target: str, session: 'requests.Session' = None):
-        self.target = target
-        self.session = session or (requests.Session() if HAS_REQUESTS else None)
-        self.reasoner = create_reasoner()
-        self.context_manager = create_context_manager(target)
-        self.strategy_pool = create_strategy_pool()
-        self.strategist = create_strategist(self.strategy_pool)
-        self.testing_loop: Optional[InsightDrivenLoop] = None
-        self.stage_results: Dict[str, StageResult] = {}
-        self.callbacks: Dict[str, List[Callable]] = {
-            'stage_start': [],
-            'stage_complete': [],
-            'insight_generated': [],
-            'strategy_changed': [],
-            'blocker_detected': [],
-            'vulnerability_found': [],
-        }
-        self._configure_callbacks()
-    def _configure_callbacks(self):
-        """配置内部回调"""
-        def on_insight(insight_data):
-            logger.info(f"Insight generated: {insight_data.get('content', '')[:50]}")
-        def on_blocker(blocker_data):
-            logger.warning(f"Blocker detected: {blocker_data}")
-        def on_vuln(vuln_data):
-            logger.info(f"Vulnerability found: {vuln_data}")
-        self.callbacks['insight_generated'].append(on_insight)
-        self.callbacks['blocker_detected'].append(on_blocker)
-        self.callbacks['vulnerability_found'].append(on_vuln)
-    def on(self, event: str, callback: Callable):
-        """注册事件回调"""
-        if event in self.callbacks:
-            self.callbacks[event].append(callback)
-    def _emit(self, event: str, data: Any):
-        """触发事件"""
-        for callback in self.callbacks.get(event, []):
-            try:
-                callback(data)
-            except Exception as e:
-                logger.warning(f"Callback error for {event}: {e}")
-    def execute(
-        self,
-        max_iterations: int = 100,
-        max_duration: float = 3600.0,
-        enable_fuzzing: bool = True,
-        enable_testing: bool = True
-    ) -> Dict:
-        """
-        执行增强型编排
-        Args:
-            max_iterations: 最大迭代次数
-            max_duration: 最大运行时长（秒）
-            enable_fuzzing: 是否启用 fuzzing
-            enable_testing: 是否启用漏洞测试
-        """
-        print("=" * 70)
-        print(" Enhanced Agentic Security Testing v3.0")
-        print("=" * 70)
-        print(f"Target: {self.target}")
-        print(f"Components: Reasoner + ContextManager + StrategyPool + TestingLoop")
-        print("=" * 70)
-        start_time = time.time()
-        self.context_manager.set_phase(TestPhase.RECON)
-        self._stage_reconnaissance()
-        self._stage_context_analysis()
-        if self._has_blockers():
-            self._handle_blockers()
-            if self._should_abort():
-                return self._generate_report(time.time() - start_time, "blocked")
-        self._stage_discovery()
-        self._stage_reasoning()
-        if enable_fuzzing and not self._has_blockers():
-            self._stage_fuzzing()
-        else:
-            self.stage_results['fuzzing'] = StageResult(
-                name="fuzzing",
-                status=StageStatus.SKIPPED,
-                suggestions=["后端不可达，跳过 fuzzing"] if self._has_blockers() else []
-            )
-        if enable_testing and not self._has_blockers():
-            self._stage_testing()
-        else:
-            self.stage_results['testing'] = StageResult(
-                name="testing",
-                status=StageStatus.SKIPPED,
-                suggestions=["后端不可达，跳过测试"] if self._has_blockers() else []
-            )
-        duration = time.time() - start_time
-        return self._generate_report(duration)
-    def _stage_reconnaissance(self):
-        """阶段 1: 侦察"""
-        print("\n[*] Phase 1: 侦察")
-        self._emit('stage_start', {'stage': 'reconnaissance'})
-        start = time.time()
-        test_urls = [
-            self.target,
-            f"{self.target}/login",
-            f"{self.target}/admin",
-            f"{self.target}/api",
-            f"{self.target}/api-docs",
-            f"{self.target}/swagger.json",
-        ]
-        for url in test_urls:
-            try:
-                resp = self.session.get(url, timeout=10, allow_redirects=True)
-                response_data = {
-                    'url': url,
-                    'method': 'GET',
-                    'status_code': resp.status_code,
-                    'content_type': resp.headers.get('Content-Type', ''),
-                    'content': resp.text[:1000],
-                    'headers': dict(resp.headers),
-                    'response_time': resp.elapsed.total_seconds(),
-                    'source': 'recon'
-                }
-                insights = self.reasoner.observe_and_reason(response_data)
-                for insight in insights:
-                    self._process_insight(insight)
-                self.context_manager.update_network_status(True)
-                self.context_manager.update_network_status(
-                    True,
-                    reason=f"{resp.status_code} from {url}"
-                )
-                if 'tech_fingerprints' in response_data:
-                    pass
-            except Exception as e:
-                logger.warning(f"Recon error for {url}: {e}")
-                self.context_manager.update_network_status(False, reason=str(e))
-        duration = time.time() - start
-        insights_data = [i.to_dict() for i in self.reasoner.insight_store.get_active()]
-        self.stage_results['reconnaissance'] = StageResult(
-            name="reconnaissance",
-            status=StageStatus.COMPLETED,
-            duration=duration,
-            insights=insights_data
-        )
-        print(f"    完成 ({duration:.1f}s)")
-        print(f"    观察数: {len(self.reasoner.get_observations())}")
-        print(f"    洞察数: {len(insights_data)}")
-        self._emit('stage_complete', {'stage': 'reconnaissance', 'duration': duration})
-    def _stage_context_analysis(self):
-        """阶段 2: 上下文分析"""
-        print("\n[*] Phase 2: 上下文分析")
-        self._emit('stage_start', {'stage': 'context_analysis'})
-        start = time.time()
-        for obs in self.reasoner.get_observations()[-10:]:
-            if obs.tech_fingerprints:
-                self.context_manager.update_tech_stack(obs.tech_fingerprints)
-            if obs.spa_indicators:
-                self.context_manager.set_spa_mode(True)
-            if obs.api_indicators:
-                for url in obs.url:
-                    if 'swagger' in url.lower() or 'api-docs' in url.lower():
-                        self.context_manager.add_swagger_url(url)
-            if obs.security_indicators:
-                if any('error' in ind for ind in obs.security_indicators):
-                    self.context_manager.add_error_leak('|'.join(obs.security_indicators))
-        duration = time.time() - start
-        context_summary = self.context_manager.get_summary()
-        self.stage_results['context_analysis'] = StageResult(
-            name="context_analysis",
-            status=StageStatus.COMPLETED,
-            duration=duration,
-            data=context_summary,
-            insights=[{
-                'type': 'context_summary',
-                'content': f"技术栈: {context_summary.get('tech_stack', {})}"
-            }]
-        )
-        print(f"    完成 ({duration:.1f}s)")
-        print(f"    技术栈: {context_summary.get('tech_stack', {})}")
-        print(f"    SPA: {context_summary.get('content', {}).get('is_spa', False)}")
-        self._emit('stage_complete', {'stage': 'context_analysis'})
-    def _discover_js_files(self) -> List[str]:
-        """发现目标站点的 JS 文件"""
-        import re
-        js_files = []
-        try:
-            # 获取首页 HTML
-            resp = self.session.get(self.target, timeout=10)
-            html = resp.text
-            # 提取所有 JS 文件 URL
-            patterns = [
-                r'<script[^>]+src=["\']([^"\']+\.js[^"\']*)["\']',
-                r'src=["\']([^"\']+\.js[^"\']*)["\']',
-            ]
-            for pattern in patterns:
-                matches = re.findall(pattern, html)
-                for match in matches:
-                    if match.startswith('//'):
-                        js_url = 'https:' + match
-                    elif match.startswith('/'):
-                        js_url = self.target.rstrip('/') + match
-                    elif match.startswith('http'):
-                        js_url = match
-                    else:
-                        continue
-                    # 只添加本地 JS 文件
-                    if self.target.replace('http://', '').replace('https://', '').split('/')[0] in js_url:
-                        if js_url not in js_files:
-                            js_files.append(js_url)
-            # 尝试常见 JS 路径
-            common_js_paths = [
-                '/static/js/app.js',
-                '/static/js/main.js',
-                '/js/app.js',
-                '/js/main.js',
-                '/assets/js/app.js',
-            ]
-            for path in common_js_paths:
-                url = self.target.rstrip('/') + path
-                try:
-                    resp = self.session.head(url, timeout=5)
-                    if resp.status_code == 200:
-                        if url not in js_files:
-                            js_files.append(url)
-                except:
-                    pass
-        except Exception as e:
-            logger.warning(f"JS 文件发现失败: {e}")
-        return js_files
-    def _stage_discovery(self):
-        """阶段 3: API 发现 (整合 V35JSAnalyzer)"""
-        print("\n[*] Phase 3: API 发现")
-        self._emit('stage_start', {'stage': 'discovery'})
-        start = time.time()
-        discovered_paths = set()
-        # 方式 1: 从 reasoning engine 获取 (原有逻辑)
-        for obs in self.reasoner.get_observations():
-            if obs.api_indicators:
-                discovered_paths.add(obs.url)
-        # 方式 2: Swagger/API文档发现 (原有逻辑)
-        if self.context_manager.context.content.swagger_urls:
-            for url in self.context_manager.context.content.swagger_urls:
-                endpoint = Endpoint(
-                    path=url,
-                    method='GET',
-                    source='swagger',
-                    score=8,
-                    is_high_value=True
-                )
-                self.context_manager.add_discovered_endpoint(endpoint)
-        # 方式 3: V35JSAnalyzer JS 文件分析 (新增整合)
-        print("    [V35JSAnalyzer] 开始 JS 文件分析...")
-        try:
-            # 延迟导入避免循环依赖
-            from core.deep_api_tester_v55 import V35JSAnalyzer
-            js_analyzer = V35JSAnalyzer(self.target, self.session)
-            # 发现 JS 文件
-            js_files = self._discover_js_files()
-            print(f"    [V35JSAnalyzer] 发现 {len(js_files)} 个 JS 文件")
-            # 分析每个 JS 文件
-            js_endpoints = []
-            for js_url in js_files:
-                result = js_analyzer.analyze_js(js_url)
-                js_endpoints.extend(result['endpoints'])
-                if result['endpoints']:
-                    print(f"    [V35JSAnalyzer] {js_url.split('/')[-1]}: 发现 {len(result['endpoints'])} 个端点")
-            # 去重并添加到 context
-            seen = set()
-            for ep in js_endpoints:
-                # 标准化路径
-                path = ep.url.replace(self.target.rstrip('/'), '')
-                key = f'{ep.method}:{path}'
-                if key not in seen and len(path) > 1:
-                    seen.add(key)
-                    endpoint = Endpoint(
-                        path=path,
-                        method=ep.method,
-                        source=f'v35js_{ep.discovered_by}',
-                        score=7,
-                        is_high_value=True
-                    )
-                    self.context_manager.add_discovered_endpoint(endpoint)
-                    discovered_paths.add(path)
-            print(f"    [V35JSAnalyzer] 共发现 {len(js_endpoints)} 个 API 端点")
-        except Exception as e:
-            logger.warning(f"V35JSAnalyzer 分析失败: {e}")
-            print(f"    [WARN] V35JSAnalyzer 分析失败: {e}")
-        # 方式 4: 基于上下文的智能猜测 (新增)
-        if self.context_manager.context.content.is_spa:
-            print("    [智能猜测] SPA 模式，猜测常见 API 路径...")
-            common_api_paths = [
-                '/api/users', '/api/user', '/api/admin', '/api/auth',
-                '/api/login', '/api/logout', '/api/profile', '/api/settings',
-                '/auth/login', '/auth/logout', '/auth/token',
-                '/user/info', '/user/list', '/user/profile',
-                '/admin/users', '/admin/config', '/admin/settings',
-            ]
-            for path in common_api_paths:
-                if path not in discovered_paths:
-                    try:
-                        resp = self.session.get(
-                            self.target.rstrip('/') + path,
-                            timeout=5
-                        )
-                        if resp.status_code == 200:
-                            ct = resp.headers.get('Content-Type', '')
-                            if 'json' in ct.lower() or '{' in resp.text[:100]:
-                                endpoint = Endpoint(
-                                    path=path,
-                                    method='GET',
-                                    source='intelligent_guess',
-                                    score=6,
-                                    is_high_value=True
-                                )
-                                self.context_manager.add_discovered_endpoint(endpoint)
-                                discovered_paths.add(path)
-                                print(f"    [发现] {path}")
-                    except:
-                        pass
-        duration = time.time() - start
-        self.stage_results['discovery'] = StageResult(
-            name="discovery",
-            status=StageStatus.COMPLETED,
-            duration=duration,
-            data={
-                'total_endpoints': len(self.context_manager.context.discovered_endpoints),
-                'high_value': len(self.context_manager.get_high_value_endpoints())
-            }
-        )
-        print(f"    完成 ({duration:.1f}s)")
-        print(f"    发现端点: {len(self.context_manager.context.discovered_endpoints)}")
-        self._emit('stage_complete', {'stage': 'discovery'})
-    def _stage_reasoning(self):
-        """阶段 4: 推理分析"""
-        print("\n[*] Phase 4: 推理分析")
-        self._emit('stage_start', {'stage': 'reasoning'})
-        start = time.time()
-        insights = self.reasoner.insight_store.get_active()
-        for insight in insights:
-            if insight.type == InsightType.BLOCKER:
-                self._emit('blocker_detected', insight.to_dict())
-            if insight.findings:
-                for finding in insight.findings:
-                    if 'strategy' in finding.strategy:
-                        pass
-        context = StrategyContext({
-            'insights': insights,
-            'tech_stack': self.context_manager.context.tech_stack.to_dict(),
-            'network_status': self.context_manager.context.network.rate_limit_status.value,
-            'is_spa': self.context_manager.context.content.is_spa,
-            'has_internal_ips': bool(self.context_manager.context.content.internal_ips),
-            'waf_detected': self.context_manager.context.tech_stack.waf
-        })
-        selected_strategy = self.strategy_pool.select_strategy(context, insights)
-        self.strategist.current_plan = self.strategist.create_strategy_plan(context, insights)
-        duration = time.time() - start
-        self.stage_results['reasoning'] = StageResult(
-            name="reasoning",
-            status=StageStatus.COMPLETED,
-            duration=duration,
-            data={
-                'strategy_selected': selected_strategy.id,
-                'strategy_name': selected_strategy.name,
-                'insights_count': len(insights)
-            },
-            insights=[i.to_dict() for i in insights]
-        )
-        print(f"    完成 ({duration:.1f}s)")
-        print(f"    选择策略: {selected_strategy.name} ({selected_strategy.id})")
-        self._emit('stage_complete', {'stage': 'reasoning'})
-    def _stage_fuzzing(self):
-        """阶段 5: 智能 Fuzzing"""
-        print("\n[*] Phase 5: 智能 Fuzzing")
-        self._emit('stage_start', {'stage': 'fuzzing'})
-        start = time.time()
-        print("    使用增强型推理引擎进行智能 Fuzzing")
-        fuzz_targets = []
-        for endpoint in self.context_manager.get_high_value_endpoints():
-            full_url = f"{self.target}{endpoint.path}"
-            fuzz_targets.append({
-                'url': full_url,
-                'method': endpoint.method,
-                'score': endpoint.score
-            })
-        fuzz_results = []
-        for target in fuzz_targets[:20]:
-            try:
-                resp = self.session.get(
-                    target['url'],
-                    timeout=5,
-                    allow_redirects=False
-                )
-                fuzz_results.append({
-                    'url': target['url'],
-                    'status': resp.status_code,
-                    'length': len(resp.content)
-                })
-                response_data = {
-                    'url': target['url'],
-                    'method': 'GET',
-                    'status_code': resp.status_code,
-                    'content_type': resp.headers.get('Content-Type', ''),
-                    'content': resp.text[:500],
-                    'response_time': resp.elapsed.total_seconds(),
-                    'source': 'fuzzing'
-                }
-                insights = self.reasoner.observe_and_reason(response_data)
-                for insight in insights:
-                    self._process_insight(insight)
-            except Exception as e:
-                logger.debug(f"Fuzz error for {target['url']}: {e}")
-        duration = time.time() - start
-        alive_count = sum(1 for r in fuzz_results if r['status'] < 500)
-        self.stage_results['fuzzing'] = StageResult(
-            name="fuzzing",
-            status=StageStatus.COMPLETED,
-            duration=duration,
-            data={
-                'targets_tested': len(fuzz_targets),
-                'alive': alive_count,
-                'results': fuzz_results[:10]
-            }
-        )
-        print(f"    完成 ({duration:.1f}s)")
-        print(f"    测试目标: {len(fuzz_targets)}, 存活: {alive_count}")
-        self._emit('stage_complete', {'stage': 'fuzzing'})
-    def _stage_testing(self):
-        """阶段 6: 漏洞测试"""
-        print("\n[*] Phase 6: 漏洞测试")
-        self._emit('stage_start', {'stage': 'testing'})
-        start = time.time()
-        print("    使用洞察驱动循环进行漏洞测试")
-        if self.testing_loop is None:
-            self.testing_loop = create_test_loop(
-                self.reasoner,
-                self.strategist,
-                self.context_manager,
-                executor=self._create_executor()
-            )
-        for endpoint in self.context_manager.get_high_value_endpoints()[:5]:
-            self.testing_loop.add_action(TestAction(
-                id=f"test_{endpoint.path}",
-                type='GET',
-                target=f"{self.target}{endpoint.path}",
-                priority=endpoint.score,
-                expected_outcome='2xx'
-            ))
-        report = self.testing_loop.run(max_iterations=20)
-        duration = time.time() - start
-        self.stage_results['testing'] = StageResult(
-            name="testing",
-            status=StageStatus.COMPLETED if report['state'] != 'blocked' else StageStatus.FAILED,
-            duration=duration,
-            data=report,
-            insights=[report]
-        )
-        print(f"    完成 ({duration:.1f}s)")
-        print(f"    状态: {report['state']}")
-        print(f"    漏洞发现: {report['progress'].get('vulnerabilities_found', 0)}")
-        self._emit('stage_complete', {'stage': 'testing'})
-    def _create_executor(self) -> Callable:
-        """创建执行器"""
-        def execute(action: TestAction) -> Dict:
-            try:
-                resp = self.session.request(
-                    action.type,
-                    action.target,
-                    timeout=action.timeout,
-                    allow_redirects=False
-                )
-                return {
-                    'status': resp.status_code,
-                    'content': resp.text[:500],
-                    'time': resp.elapsed.total_seconds(),
-                    'headers': dict(resp.headers)
-                }
-            except Exception as e:
-                return {
-                    'status': 0,
-                    'content': '',
-                    'time': 0,
-                    'error': str(e)
-                }
-        return execute
-    def _process_insight(self, insight: Insight):
-        """处理洞察"""
-        self._emit('insight_generated', insight.to_dict())
-        if insight.type == InsightType.BLOCKER:
-            self._emit('blocker_detected', insight.to_dict())
-        if insight.type.value == 'opportunity' and 'swagger' in insight.content.lower():
-            for finding in insight.findings:
-                if finding.evidence:
-                    self.context_manager.add_swagger_url(finding.evidence[0])
-    def _has_blockers(self) -> bool:
-        """是否有阻碍因素"""
-        blockers = self.reasoner.insight_store.get_by_type(InsightType.BLOCKER)
-        return len(blockers) > 0
-    def _should_abort(self) -> bool:
-        """是否应该中止"""
-        if self.context_manager.is_rate_limited():
-            return True
-        internal_ips = self.context_manager.get_internal_addresses()
-        if internal_ips and not self.context_manager.context.network.requires_proxy:
-            return True
-        return False
-    def _handle_blockers(self):
-        """处理阻碍因素"""
-        blockers = self.reasoner.insight_store.get_by_type(InsightType.BLOCKER)
-        print(f"\n[!] 发现 {len(blockers)} 个阻碍因素:")
-        for blocker in blockers:
-            print(f"    - {blocker.content}")
-            for finding in blocker.findings:
-                if finding.strategy:
-                    print(f"      建议: {finding.strategy[:100]}...")
-    def _generate_report(self, duration: float, early_termination: Optional[str] = None) -> Dict:
-        """生成报告"""
-        print("\n" + "=" * 70)
-        print(" Enhanced Agentic Analysis Report v3.0")
-        print("=" * 70)
-        print(f"\n执行时间: {duration:.1f}s")
-        print(f"目标: {self.target}")
-        if early_termination:
-            print(f"提前终止: {early_termination}")
-        print(f"\n组件状态:")
-        print(f"  - Reasoner: {len(self.reasoner.insight_store.get_active())} 活跃洞察")
-        print(f"  - ContextManager: {len(self.context_manager.context.discovered_endpoints)} 端点")
-        print(f"  - StrategyPool: {len(self.strategy_pool.get_all_strategies())} 策略")
-        insights = self.reasoner.insight_store.get_active()
-        if insights:
-            print(f"\n洞察 ({len(insights)} 个):")
-            for i, insight in enumerate(insights[:10], 1):
-                icon = {
-                    InsightType.OBSERVATION: "[O]",
-                    InsightType.PATTERN: "[P]",
-                    InsightType.INFERENCE: "[I]",
-                    InsightType.BLOCKER: "[X]",
-                    InsightType.OPPORTUNITY: "[*]",
-                    InsightType.STRATEGY_CHANGE: "[S]",
-                }.get(insight.type, "[-]")
-                print(f"  {icon} {insight.content[:70]}...")
-        blockers = self.reasoner.insight_store.get_by_type(InsightType.BLOCKER)
-        if blockers:
-            print(f"\n阻碍因素 ({len(blockers)}):")
-            for b in blockers:
-                print(f"  [X] {b.content}")
-        opportunities = self.reasoner.insight_store.get_by_type(InsightType.OPPORTUNITY)
-        if opportunities:
-            print(f"\n机会 ({len(opportunities)}):")
-            for o in opportunities:
-                print(f"  [*] {o.content}")
-        print(f"\n上下文摘要:")
-        summary = self.context_manager.get_summary()
-        print(f"  技术栈: {summary.get('tech_stack', {})}")
-        print(f"  网络: {summary.get('network', {})}")
-        print(f"  SPA: {summary.get('content', {}).get('is_spa', False)}")
-        print(f"  API文档: {summary.get('content', {}).get('has_api_docs', False)}")
-        print("\n" + "=" * 70)
-        return {
-            'target': self.target,
-            'duration': duration,
-            'early_termination': early_termination,
-            'components': {
-                'reasoner': {
-                    'total_insights': len(self.reasoner.insight_store.insights),
-                    'active_insights': len(self.reasoner.insight_store.get_active())
-                },
-                'context_manager': summary,
-                'strategy_pool': {
-                    'strategies': len(self.strategy_pool.get_all_strategies()),
-                    'selected': self.strategist.current_plan.primary_strategy.id if self.strategist.current_plan else None
-                }
-            },
-            'stage_results': {k: v.to_dict() for k, v in self.stage_results.items()},
-            'insights': [i.to_dict() for i in insights],
-            'blockers': [b.to_dict() for b in blockers],
-            'opportunities': [o.to_dict() for o in opportunities]
-        }
-    def get_context(self) -> Dict:
-        """获取当前上下文"""
-        return self.context_manager.export_context()
-    def get_insights(self) -> List[Dict]:
-        """获取所有洞察"""
-        return [i.to_dict() for i in self.reasoner.insight_store.insights]
-    def save_state(self, filepath: str):
-        """保存状态"""
-        state = {
-            'target': self.target,
-            'context': self.context_manager.export_context(),
-            'insights': self.get_insights(),
-            'stage_results': {k: v.to_dict() for k, v in self.stage_results.items()}
-        }
-        with open(filepath, 'w') as f:
-            json.dump(state, f, indent=2, default=str)
-    @classmethod
-    def load_state(cls, filepath: str) -> 'EnhancedAgenticOrchestrator':
-        """加载状态"""
-        with open(filepath, 'r') as f:
-            state = json.load(f)
-        orchestrator = cls(state['target'])
-        return orchestrator
-def run_enhanced_agentic_test(
-    target: str,
-    max_iterations: int = 100,
-    max_duration: float = 3600.0
-) -> Dict:
-    """运行增强型 Agentic 测试"""
-    orchestrator = EnhancedAgenticOrchestrator(target)
-    return orchestrator.execute(
-        max_iterations=max_iterations,
-        max_duration=max_duration
-    )
-if __name__ == "__main__":
-    import sys
-    target = sys.argv[1] if len(sys.argv) > 1 else "http://example.com"
-    result = run_enhanced_agentic_test(target, max_iterations=20)
-    print("\n[JSON Output]")
-    print(json.dumps(result, indent=2, default=str))