pentesting 0.1.0

package/README.md

@@ -0,0 +1,210 @@
+# Pentest
+
+Autonomous Penetration Testing AI Agent.
+
+```
+██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗
+██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝
+██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   
+██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   
+██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   
+╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   
+```
+
+## Features
+
+- **Autonomous AI Agent**: Analyzes, plans, executes tools, and interprets results automatically
+- **PTES Methodology**: Systematic penetration testing following industry standards
+- **30+ Integrated Tools**: Nmap, SQLmap, Metasploit, Burp Suite, and more
+- **Privilege Escalation**: Built-in Linux/Windows rooting techniques
+- **Rabbit Hole Detection**: Self-reflection when stuck, tries alternative approaches
+- **Real-time Thinking Display**: Watch the agent's thought process in TUI
+
+## Requirements
+
+- Node.js 18+
+- Anthropic API Key
+- Kali Linux or macOS (for pentesting tools)
+
+## Installation
+
+### 1. Clone and Install
+
+```bash
+git clone https://github.com/agnusdei1207/pentesting.git
+cd pentesting
+npm install
+```
+
+### 2. Install SecLists and Wordlists
+
+```bash
+# SecLists (required for directory bruteforce, fuzzing, etc.)
+git clone --depth 1 https://github.com/danielmiessler/SecLists.git /opt/SecLists
+
+# Alternative: Using apt (Kali/Debian)
+sudo apt install -y seclists
+
+# RockYou wordlist (for password cracking)
+sudo apt install -y wordlists
+sudo gunzip /usr/share/wordlists/rockyou.txt.gz 2>/dev/null || true
+```
+
+### 3. Install Pentest Tools
+
+```bash
+# Core tools
+sudo apt install -y nmap masscan gobuster nikto sqlmap hydra john hashcat
+
+# Web tools
+sudo apt install -y ffuf nuclei whatweb wfuzz
+
+# Exploitation
+sudo apt install -y metasploit-framework exploitdb
+
+# Post-exploitation
+sudo apt install -y crackmapexec evil-winrm impacket-scripts chisel
+
+# Browser automation
+npm install -g playwright
+npx playwright install chromium
+```
+
+### 4. Set API Key
+
+```bash
+export ANTHROPIC_API_KEY="your-api-key"
+```
+
+## Build
+
+```bash
+npm run build
+```
+
+## Global Installation
+
+```bash
+npm run build
+npm link
+```
+
+Now you can run `pentesting` from anywhere.
+
+## Usage
+
+### Quick Start
+
+```bash
+# Interactive mode
+pentesting
+
+# With target
+pentesting -t 192.168.1.1
+
+# Auto-approve all tools (dangerous!)
+pentesting --dangerously-skip-permissions
+```
+
+### CLI Commands
+
+| Command | Description |
+|---------|-------------|
+| `pentesting` | Start interactive TUI |
+| `pentesting -t <ip>` | Start with target |
+| `pentesting --dangerously-skip-permissions` | Auto-approve all tool executions |
+| `pentesting run <objective>` | Run single objective |
+| `pentesting scan <target>` | Quick scan target |
+
+### Interactive Commands
+
+| Command | Description |
+|---------|-------------|
+| `/target <ip>` | Set target IP or hostname |
+| `/start` | Start autonomous mode |
+| `/start <objective>` | Start with specific objective |
+| `/hint <text>` | Provide hint to agent |
+| `/pause` | Pause execution |
+| `/resume` | Resume execution |
+| `/findings` | Show discovered vulnerabilities |
+| `/reset` | Reset session |
+
+### Keyboard Shortcuts
+
+| Key | Action |
+|-----|--------|
+| `T` | Toggle thought display |
+| `P` | Pause |
+| `R` | Resume |
+| `Ctrl+C` | Exit |
+
+### Examples
+
+```bash
+# Full autonomous mode (auto-approve everything)
+pentesting --dangerously-skip-permissions -t 10.10.10.5
+
+# Run specific objective
+pentesting run "Find SQL injection vulnerabilities" -t http://target.com -o report.json
+
+# Quick vulnerability scan
+pentesting scan 192.168.1.1 -s vuln
+```
+
+## Attack Phases
+
+1. **Reconnaissance** - OSINT, DNS, subdomain enumeration
+2. **Scanning** - Port scanning, service detection
+3. **Enumeration** - Deep service enumeration, user discovery
+4. **Vulnerability Analysis** - CVE mapping, vulnerability scanning
+5. **Exploitation** - Initial access, web attacks
+6. **Privilege Escalation** - Linux/Windows rooting
+7. **Pivoting** - Internal network discovery, tunneling
+8. **Persistence** - Backdoor installation
+9. **Data Exfiltration** - Sensitive data extraction
+10. **Reporting** - Findings documentation
+
+## Project Structure
+
+```
+pentesting/
+├── src/
+│   ├── cli/                    # TUI components
+│   ├── config/                 # Constants, theme
+│   ├── core/
+│   │   ├── agent/              # Autonomous agent
+│   │   ├── prompts/            # AI prompts
+│   │   └── tools/              # Tool definitions
+│   └── mcp/                    # MCP server config
+├── skills/                     # Pentest skill files
+└── dist/                       # Build output
+```
+
+## Integrated Tools
+
+| Category | Tools |
+|----------|-------|
+| Reconnaissance | nmap, masscan, rustscan, theHarvester, amass |
+| Web | gobuster, ffuf, nikto, sqlmap, nuclei |
+| Exploitation | metasploit, searchsploit, hydra |
+| PrivEsc | linpeas, winpeas, mimikatz, bloodhound |
+| Post-Exploit | chisel, impacket, crackmapexec |
+
+## Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `ANTHROPIC_API_KEY` | Anthropic API key (required) |
+| `PENTEST_MODEL` | Model override (default: claude-sonnet-4-20250514) |
+
+## Disclaimer
+
+**This tool is for authorized penetration testing and security research only.**
+
+- Always obtain written permission before testing
+- Unauthorized testing is illegal
+- Developers are not responsible for misuse
+
+## License
+
+MIT License

package/dist/index.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node