pentesting 0.1.9 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +238 -143
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -200,10 +200,139 @@ Analyze your situation honestly:
|
|
|
200
200
|
|
|
201
201
|
Based on this reflection, propose 3 completely different approaches to try next.`;
|
|
202
202
|
|
|
203
|
+
// src/config/agent-constants.ts
|
|
204
|
+
var AGENT_STATUS = {
|
|
205
|
+
IDLE: "idle",
|
|
206
|
+
RUNNING: "running",
|
|
207
|
+
PAUSED: "paused",
|
|
208
|
+
STUCK: "stuck",
|
|
209
|
+
WAITING_INPUT: "waiting_input",
|
|
210
|
+
COMPLETED: "completed"
|
|
211
|
+
};
|
|
212
|
+
var PHASE_ID = {
|
|
213
|
+
RECON: "recon",
|
|
214
|
+
SCAN: "scan",
|
|
215
|
+
ENUM: "enum",
|
|
216
|
+
VULN: "vuln",
|
|
217
|
+
EXPLOIT: "exploit",
|
|
218
|
+
PRIVESC: "privesc",
|
|
219
|
+
PIVOT: "pivot",
|
|
220
|
+
PERSIST: "persist",
|
|
221
|
+
EXFIL: "exfil",
|
|
222
|
+
REPORT: "report"
|
|
223
|
+
};
|
|
224
|
+
var PHASE_STATUS = {
|
|
225
|
+
PENDING: "pending",
|
|
226
|
+
IN_PROGRESS: "in_progress",
|
|
227
|
+
COMPLETED: "completed",
|
|
228
|
+
FAILED: "failed",
|
|
229
|
+
SKIPPED: "skipped"
|
|
230
|
+
};
|
|
231
|
+
var THOUGHT_TYPE = {
|
|
232
|
+
OBSERVATION: "observation",
|
|
233
|
+
HYPOTHESIS: "hypothesis",
|
|
234
|
+
PLAN: "plan",
|
|
235
|
+
ACTION: "action",
|
|
236
|
+
RESULT: "result",
|
|
237
|
+
REFLECTION: "reflection",
|
|
238
|
+
STUCK: "stuck",
|
|
239
|
+
BREAKTHROUGH: "breakthrough"
|
|
240
|
+
};
|
|
241
|
+
var AGENT_EVENT = {
|
|
242
|
+
// Lifecycle
|
|
243
|
+
PLUGINS_LOADED: "plugins_loaded",
|
|
244
|
+
HOOKS_LOADED: "hooks_loaded",
|
|
245
|
+
COMMANDS_LOADED: "commands_loaded",
|
|
246
|
+
MCP_SERVER_ADDED: "mcp_server_added",
|
|
247
|
+
// Execution
|
|
248
|
+
ITERATION: "iteration",
|
|
249
|
+
THOUGHT: "thought",
|
|
250
|
+
RESPONSE: "response",
|
|
251
|
+
TOOL_CALL: "tool_call",
|
|
252
|
+
TOOL_RESULT: "tool_result",
|
|
253
|
+
COMMAND_EXECUTE: "command_execute",
|
|
254
|
+
// State changes
|
|
255
|
+
TARGET_SET: "target_set",
|
|
256
|
+
PHASE_CHANGE: "phase_change",
|
|
257
|
+
AGENT_SWITCH: "agent_switch",
|
|
258
|
+
PAUSED: "paused",
|
|
259
|
+
RESUMED: "resumed",
|
|
260
|
+
RESET: "reset",
|
|
261
|
+
// Discoveries
|
|
262
|
+
FINDING: "finding",
|
|
263
|
+
CREDENTIAL: "credential",
|
|
264
|
+
COMPROMISED: "compromised",
|
|
265
|
+
// Completion
|
|
266
|
+
COMPLETE: "complete",
|
|
267
|
+
REPORT: "report",
|
|
268
|
+
ERROR: "error",
|
|
269
|
+
HINT_RECEIVED: "hint_received"
|
|
270
|
+
};
|
|
271
|
+
var CLI_COMMAND = {
|
|
272
|
+
HELP: "help",
|
|
273
|
+
TARGET: "target",
|
|
274
|
+
START: "start",
|
|
275
|
+
STOP: "stop",
|
|
276
|
+
FINDINGS: "findings",
|
|
277
|
+
CLEAR: "clear",
|
|
278
|
+
EXIT: "exit"
|
|
279
|
+
};
|
|
280
|
+
var MESSAGE_TYPE = {
|
|
281
|
+
USER: "user",
|
|
282
|
+
ASSISTANT: "assistant",
|
|
283
|
+
TOOL: "tool",
|
|
284
|
+
THINKING: "thinking",
|
|
285
|
+
ERROR: "error",
|
|
286
|
+
SYSTEM: "system",
|
|
287
|
+
RESULT: "result"
|
|
288
|
+
};
|
|
289
|
+
var TOOL_NAME = {
|
|
290
|
+
// System
|
|
291
|
+
BASH: "bash",
|
|
292
|
+
READ_FILE: "read_file",
|
|
293
|
+
WRITE_FILE: "write_file",
|
|
294
|
+
LIST_DIRECTORY: "list_directory",
|
|
295
|
+
// Network
|
|
296
|
+
NMAP_SCAN: "nmap_scan",
|
|
297
|
+
TCPDUMP_CAPTURE: "tcpdump_capture",
|
|
298
|
+
// Web
|
|
299
|
+
WEB_REQUEST: "web_request",
|
|
300
|
+
DIRECTORY_BRUTEFORCE: "directory_bruteforce",
|
|
301
|
+
SQL_INJECTION: "sql_injection",
|
|
302
|
+
BROWSER_AUTOMATION: "browser_automation",
|
|
303
|
+
// Exploit
|
|
304
|
+
SEARCHSPLOIT: "searchsploit",
|
|
305
|
+
METASPLOIT: "metasploit",
|
|
306
|
+
GENERATE_PAYLOAD: "generate_payload",
|
|
307
|
+
// Credential
|
|
308
|
+
BRUTEFORCE_LOGIN: "bruteforce_login",
|
|
309
|
+
CRACK_HASH: "crack_hash",
|
|
310
|
+
DUMP_CREDENTIALS: "dump_credentials",
|
|
311
|
+
// Privilege Escalation
|
|
312
|
+
CHECK_SUDO: "check_sudo",
|
|
313
|
+
FIND_SUID: "find_suid",
|
|
314
|
+
RUN_PRIVESC_ENUM: "run_privesc_enum",
|
|
315
|
+
// Post-Exploitation
|
|
316
|
+
SETUP_TUNNEL: "setup_tunnel",
|
|
317
|
+
LATERAL_MOVEMENT: "lateral_movement",
|
|
318
|
+
// Reporting
|
|
319
|
+
REPORT_FINDING: "report_finding",
|
|
320
|
+
TAKE_SCREENSHOT: "take_screenshot"
|
|
321
|
+
};
|
|
322
|
+
var SENSITIVE_TOOLS = [
|
|
323
|
+
TOOL_NAME.WRITE_FILE,
|
|
324
|
+
TOOL_NAME.BRUTEFORCE_LOGIN,
|
|
325
|
+
TOOL_NAME.METASPLOIT,
|
|
326
|
+
TOOL_NAME.SQL_INJECTION,
|
|
327
|
+
TOOL_NAME.DUMP_CREDENTIALS,
|
|
328
|
+
TOOL_NAME.GENERATE_PAYLOAD,
|
|
329
|
+
TOOL_NAME.LATERAL_MOVEMENT
|
|
330
|
+
];
|
|
331
|
+
|
|
203
332
|
// src/core/tools/tool-definitions.ts
|
|
204
333
|
var SYSTEM_TOOLS = [
|
|
205
334
|
{
|
|
206
|
-
name:
|
|
335
|
+
name: TOOL_NAME.BASH,
|
|
207
336
|
description: `Execute any bash command. This is your primary tool for interacting with the system.
|
|
208
337
|
|
|
209
338
|
IMPORTANT:
|
|
@@ -224,7 +353,7 @@ IMPORTANT:
|
|
|
224
353
|
}
|
|
225
354
|
},
|
|
226
355
|
{
|
|
227
|
-
name:
|
|
356
|
+
name: TOOL_NAME.READ_FILE,
|
|
228
357
|
description: "Read file contents. Use for configs, source code, logs, data files.",
|
|
229
358
|
input_schema: {
|
|
230
359
|
type: "object",
|
|
@@ -237,7 +366,7 @@ IMPORTANT:
|
|
|
237
366
|
}
|
|
238
367
|
},
|
|
239
368
|
{
|
|
240
|
-
name:
|
|
369
|
+
name: TOOL_NAME.WRITE_FILE,
|
|
241
370
|
description: "Write content to file. Use for scripts, payloads, configs, reports.",
|
|
242
371
|
input_schema: {
|
|
243
372
|
type: "object",
|
|
@@ -250,7 +379,7 @@ IMPORTANT:
|
|
|
250
379
|
}
|
|
251
380
|
},
|
|
252
381
|
{
|
|
253
|
-
name:
|
|
382
|
+
name: TOOL_NAME.LIST_DIRECTORY,
|
|
254
383
|
description: "List directory contents with file details.",
|
|
255
384
|
input_schema: {
|
|
256
385
|
type: "object",
|
|
@@ -265,7 +394,7 @@ IMPORTANT:
|
|
|
265
394
|
];
|
|
266
395
|
var NETWORK_TOOLS = [
|
|
267
396
|
{
|
|
268
|
-
name:
|
|
397
|
+
name: TOOL_NAME.NMAP_SCAN,
|
|
269
398
|
description: `Network scanning with nmap.
|
|
270
399
|
|
|
271
400
|
SCAN TYPES:
|
|
@@ -294,7 +423,7 @@ SCAN TYPES:
|
|
|
294
423
|
}
|
|
295
424
|
},
|
|
296
425
|
{
|
|
297
|
-
name:
|
|
426
|
+
name: TOOL_NAME.TCPDUMP_CAPTURE,
|
|
298
427
|
description: `Capture network traffic with tcpdump.
|
|
299
428
|
|
|
300
429
|
Use for:
|
|
@@ -317,7 +446,7 @@ Use for:
|
|
|
317
446
|
];
|
|
318
447
|
var WEB_TOOLS = [
|
|
319
448
|
{
|
|
320
|
-
name:
|
|
449
|
+
name: TOOL_NAME.WEB_REQUEST,
|
|
321
450
|
description: `Make HTTP requests with full control. Use curl under the hood.
|
|
322
451
|
|
|
323
452
|
Use for:
|
|
@@ -340,7 +469,7 @@ Use for:
|
|
|
340
469
|
}
|
|
341
470
|
},
|
|
342
471
|
{
|
|
343
|
-
name:
|
|
472
|
+
name: TOOL_NAME.DIRECTORY_BRUTEFORCE,
|
|
344
473
|
description: `Directory/file bruteforcing with gobuster or ffuf.
|
|
345
474
|
|
|
346
475
|
MODES:
|
|
@@ -361,7 +490,7 @@ MODES:
|
|
|
361
490
|
}
|
|
362
491
|
},
|
|
363
492
|
{
|
|
364
|
-
name:
|
|
493
|
+
name: TOOL_NAME.SQL_INJECTION,
|
|
365
494
|
description: `SQL injection testing with sqlmap.
|
|
366
495
|
|
|
367
496
|
Automatically:
|
|
@@ -384,7 +513,7 @@ Automatically:
|
|
|
384
513
|
}
|
|
385
514
|
},
|
|
386
515
|
{
|
|
387
|
-
name:
|
|
516
|
+
name: TOOL_NAME.BROWSER_AUTOMATION,
|
|
388
517
|
description: `Headless browser automation with Playwright.
|
|
389
518
|
|
|
390
519
|
Use for:
|
|
@@ -413,7 +542,7 @@ Use for:
|
|
|
413
542
|
];
|
|
414
543
|
var EXPLOIT_TOOLS = [
|
|
415
544
|
{
|
|
416
|
-
name:
|
|
545
|
+
name: TOOL_NAME.SEARCHSPLOIT,
|
|
417
546
|
description: "Search Exploit-DB for exploits matching service/version.",
|
|
418
547
|
input_schema: {
|
|
419
548
|
type: "object",
|
|
@@ -427,7 +556,7 @@ var EXPLOIT_TOOLS = [
|
|
|
427
556
|
}
|
|
428
557
|
},
|
|
429
558
|
{
|
|
430
|
-
name:
|
|
559
|
+
name: TOOL_NAME.METASPLOIT,
|
|
431
560
|
description: `Execute Metasploit commands.
|
|
432
561
|
|
|
433
562
|
Use for:
|
|
@@ -444,7 +573,7 @@ Use for:
|
|
|
444
573
|
}
|
|
445
574
|
},
|
|
446
575
|
{
|
|
447
|
-
name:
|
|
576
|
+
name: TOOL_NAME.GENERATE_PAYLOAD,
|
|
448
577
|
description: `Generate custom payloads with msfvenom.
|
|
449
578
|
|
|
450
579
|
PAYLOAD TYPES:
|
|
@@ -469,7 +598,7 @@ PAYLOAD TYPES:
|
|
|
469
598
|
];
|
|
470
599
|
var CREDENTIAL_TOOLS = [
|
|
471
600
|
{
|
|
472
|
-
name:
|
|
601
|
+
name: TOOL_NAME.BRUTEFORCE_LOGIN,
|
|
473
602
|
description: `Password bruteforce attack with hydra.
|
|
474
603
|
|
|
475
604
|
SERVICES: ssh, ftp, telnet, http-get, http-post-form, smb, rdp, mysql, mssql, vnc`,
|
|
@@ -488,7 +617,7 @@ SERVICES: ssh, ftp, telnet, http-get, http-post-form, smb, rdp, mysql, mssql, vn
|
|
|
488
617
|
}
|
|
489
618
|
},
|
|
490
619
|
{
|
|
491
|
-
name:
|
|
620
|
+
name: TOOL_NAME.CRACK_HASH,
|
|
492
621
|
description: `Crack password hashes with john or hashcat.
|
|
493
622
|
|
|
494
623
|
HASH MODES (hashcat):
|
|
@@ -513,7 +642,7 @@ HASH MODES (hashcat):
|
|
|
513
642
|
];
|
|
514
643
|
var PRIVESC_TOOLS = [
|
|
515
644
|
{
|
|
516
|
-
name:
|
|
645
|
+
name: TOOL_NAME.RUN_PRIVESC_ENUM,
|
|
517
646
|
description: `Run privilege escalation enumeration scripts.
|
|
518
647
|
|
|
519
648
|
SCRIPTS:
|
|
@@ -532,7 +661,7 @@ SCRIPTS:
|
|
|
532
661
|
}
|
|
533
662
|
},
|
|
534
663
|
{
|
|
535
|
-
name:
|
|
664
|
+
name: TOOL_NAME.CHECK_SUDO,
|
|
536
665
|
description: "Check sudo permissions and potential escalation paths.",
|
|
537
666
|
input_schema: {
|
|
538
667
|
type: "object",
|
|
@@ -542,7 +671,7 @@ SCRIPTS:
|
|
|
542
671
|
}
|
|
543
672
|
},
|
|
544
673
|
{
|
|
545
|
-
name:
|
|
674
|
+
name: TOOL_NAME.FIND_SUID,
|
|
546
675
|
description: "Find SUID/SGID binaries and check for escalation.",
|
|
547
676
|
input_schema: {
|
|
548
677
|
type: "object",
|
|
@@ -554,7 +683,7 @@ SCRIPTS:
|
|
|
554
683
|
];
|
|
555
684
|
var POST_EXPLOIT_TOOLS = [
|
|
556
685
|
{
|
|
557
|
-
name:
|
|
686
|
+
name: TOOL_NAME.SETUP_TUNNEL,
|
|
558
687
|
description: `Set up network tunneling for pivoting.
|
|
559
688
|
|
|
560
689
|
TOOLS:
|
|
@@ -574,7 +703,7 @@ TOOLS:
|
|
|
574
703
|
}
|
|
575
704
|
},
|
|
576
705
|
{
|
|
577
|
-
name:
|
|
706
|
+
name: TOOL_NAME.DUMP_CREDENTIALS,
|
|
578
707
|
description: `Extract credentials from compromised system.
|
|
579
708
|
|
|
580
709
|
METHODS:
|
|
@@ -593,7 +722,7 @@ METHODS:
|
|
|
593
722
|
}
|
|
594
723
|
},
|
|
595
724
|
{
|
|
596
|
-
name:
|
|
725
|
+
name: TOOL_NAME.LATERAL_MOVEMENT,
|
|
597
726
|
description: `Move laterally to other systems.
|
|
598
727
|
|
|
599
728
|
METHODS:
|
|
@@ -617,7 +746,7 @@ METHODS:
|
|
|
617
746
|
];
|
|
618
747
|
var REPORT_TOOLS = [
|
|
619
748
|
{
|
|
620
|
-
name:
|
|
749
|
+
name: TOOL_NAME.REPORT_FINDING,
|
|
621
750
|
description: "Document a security finding with proper categorization.",
|
|
622
751
|
input_schema: {
|
|
623
752
|
type: "object",
|
|
@@ -635,7 +764,7 @@ var REPORT_TOOLS = [
|
|
|
635
764
|
}
|
|
636
765
|
},
|
|
637
766
|
{
|
|
638
|
-
name:
|
|
767
|
+
name: TOOL_NAME.TAKE_SCREENSHOT,
|
|
639
768
|
description: "Capture evidence screenshot of terminal or browser.",
|
|
640
769
|
input_schema: {
|
|
641
770
|
type: "object",
|
|
@@ -1252,13 +1381,25 @@ var AGENT_CONFIG = {
|
|
|
1252
1381
|
maxIterations: 200,
|
|
1253
1382
|
maxToolCallsPerIteration: 10,
|
|
1254
1383
|
autoApprove: false,
|
|
1255
|
-
sensitiveTools:
|
|
1384
|
+
sensitiveTools: SENSITIVE_TOOLS,
|
|
1256
1385
|
defaultTimeout: 6e4,
|
|
1257
1386
|
longRunningTimeout: 6e5,
|
|
1258
1387
|
stuckThreshold: 5,
|
|
1259
1388
|
stuckTimeThreshold: 3e5,
|
|
1260
1389
|
maxPhaseAttempts: 20
|
|
1261
1390
|
};
|
|
1391
|
+
var PENTEST_PHASES = [
|
|
1392
|
+
{ id: PHASE_ID.RECON, name: "Reconnaissance", description: "Information gathering" },
|
|
1393
|
+
{ id: PHASE_ID.SCAN, name: "Scanning", description: "Port and service scanning" },
|
|
1394
|
+
{ id: PHASE_ID.ENUM, name: "Enumeration", description: "Deep service enumeration" },
|
|
1395
|
+
{ id: PHASE_ID.VULN, name: "Vulnerability Analysis", description: "Vulnerability identification" },
|
|
1396
|
+
{ id: PHASE_ID.EXPLOIT, name: "Exploitation", description: "Gaining access" },
|
|
1397
|
+
{ id: PHASE_ID.PRIVESC, name: "Privilege Escalation", description: "Elevating privileges" },
|
|
1398
|
+
{ id: PHASE_ID.PIVOT, name: "Pivoting", description: "Lateral movement" },
|
|
1399
|
+
{ id: PHASE_ID.PERSIST, name: "Persistence", description: "Maintaining access" },
|
|
1400
|
+
{ id: PHASE_ID.EXFIL, name: "Data Exfiltration", description: "Data extraction" },
|
|
1401
|
+
{ id: PHASE_ID.REPORT, name: "Reporting", description: "Documentation" }
|
|
1402
|
+
];
|
|
1262
1403
|
|
|
1263
1404
|
// src/core/agent/agent-loader.ts
|
|
1264
1405
|
import * as fs2 from "fs/promises";
|
|
@@ -1923,36 +2064,36 @@ var AutonomousHackingAgent = class extends EventEmitter3 {
|
|
|
1923
2064
|
try {
|
|
1924
2065
|
const agentsDir = new URL("../../../../plugins/pentesting-core/agents", import.meta.url).pathname;
|
|
1925
2066
|
this.pluginAgents = await loadAllAgents(agentsDir);
|
|
1926
|
-
this.emit(
|
|
2067
|
+
this.emit(AGENT_EVENT.PLUGINS_LOADED, { agents: this.pluginAgents.length });
|
|
1927
2068
|
await this.hookExecutor.initialize();
|
|
1928
|
-
this.emit(
|
|
2069
|
+
this.emit(AGENT_EVENT.HOOKS_LOADED);
|
|
1929
2070
|
await this.commandRegistry.initialize();
|
|
1930
|
-
this.emit(
|
|
2071
|
+
this.emit(AGENT_EVENT.COMMANDS_LOADED);
|
|
1931
2072
|
} catch {
|
|
1932
2073
|
}
|
|
1933
2074
|
}
|
|
1934
2075
|
// Add MCP server at runtime
|
|
1935
2076
|
async addMCPServer(name, command, args) {
|
|
1936
2077
|
await this.mcpManager.addServer(name, { command, args });
|
|
1937
|
-
this.emit(
|
|
2078
|
+
this.emit(AGENT_EVENT.MCP_SERVER_ADDED, { name });
|
|
1938
2079
|
}
|
|
1939
2080
|
// Web search capabilities
|
|
1940
2081
|
async webSearch(query) {
|
|
1941
|
-
this.think(
|
|
2082
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Web search: ${query}`);
|
|
1942
2083
|
const results = await searchDuckDuckGo(query);
|
|
1943
|
-
this.think(
|
|
2084
|
+
this.think(THOUGHT_TYPE.RESULT, `Found ${results.length} results`);
|
|
1944
2085
|
return results;
|
|
1945
2086
|
}
|
|
1946
2087
|
async searchForCVE(query) {
|
|
1947
|
-
this.think(
|
|
2088
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `CVE search: ${query}`);
|
|
1948
2089
|
const results = await searchCVE(query);
|
|
1949
|
-
this.think(
|
|
2090
|
+
this.think(THOUGHT_TYPE.RESULT, `Found ${results.length} CVE results`);
|
|
1950
2091
|
return results;
|
|
1951
2092
|
}
|
|
1952
2093
|
async searchForExploits(query) {
|
|
1953
|
-
this.think(
|
|
2094
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Exploit search: ${query}`);
|
|
1954
2095
|
const results = await searchExploits(query);
|
|
1955
|
-
this.think(
|
|
2096
|
+
this.think(THOUGHT_TYPE.RESULT, `Found ${results.length} exploit results`);
|
|
1956
2097
|
return results;
|
|
1957
2098
|
}
|
|
1958
2099
|
// Process slash command
|
|
@@ -1964,8 +2105,8 @@ var AutonomousHackingAgent = class extends EventEmitter3 {
|
|
|
1964
2105
|
return `Unknown command: /${parsed.command}
|
|
1965
2106
|
${await this.commandRegistry.getHelp()}`;
|
|
1966
2107
|
}
|
|
1967
|
-
this.think(
|
|
1968
|
-
this.emit(
|
|
2108
|
+
this.think(THOUGHT_TYPE.PLAN, `Executing command: /${cmd.name}`);
|
|
2109
|
+
this.emit(AGENT_EVENT.COMMAND_EXECUTE, { command: cmd.name, args: parsed.rawArgs });
|
|
1969
2110
|
return cmd.content;
|
|
1970
2111
|
}
|
|
1971
2112
|
// Switch to specialized agent
|
|
@@ -1975,8 +2116,8 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
1975
2116
|
);
|
|
1976
2117
|
if (agent) {
|
|
1977
2118
|
this.currentAgent = agent;
|
|
1978
|
-
this.think(
|
|
1979
|
-
this.emit(
|
|
2119
|
+
this.think(THOUGHT_TYPE.PLAN, `Switching to specialized agent: ${agent.name}`);
|
|
2120
|
+
this.emit(AGENT_EVENT.AGENT_SWITCH, agent);
|
|
1980
2121
|
return true;
|
|
1981
2122
|
}
|
|
1982
2123
|
return false;
|
|
@@ -1988,7 +2129,7 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
1988
2129
|
// ===== State Management =====
|
|
1989
2130
|
createInitialState() {
|
|
1990
2131
|
return {
|
|
1991
|
-
status:
|
|
2132
|
+
status: AGENT_STATUS.IDLE,
|
|
1992
2133
|
target: {
|
|
1993
2134
|
primary: "",
|
|
1994
2135
|
discovered: [],
|
|
@@ -2015,7 +2156,7 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
2015
2156
|
return { ...this.state };
|
|
2016
2157
|
}
|
|
2017
2158
|
getPhaseProgress() {
|
|
2018
|
-
const completed = this.state.phases.filter((p) => p.status ===
|
|
2159
|
+
const completed = this.state.phases.filter((p) => p.status === PHASE_STATUS.COMPLETED).length;
|
|
2019
2160
|
return {
|
|
2020
2161
|
completed,
|
|
2021
2162
|
full: this.state.phases.length,
|
|
@@ -2032,13 +2173,13 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
2032
2173
|
phase: this.state.currentPhase
|
|
2033
2174
|
};
|
|
2034
2175
|
this.state.thoughts.push(thought);
|
|
2035
|
-
this.emit(
|
|
2176
|
+
this.emit(AGENT_EVENT.THOUGHT, thought);
|
|
2036
2177
|
}
|
|
2037
2178
|
// ===== Target Setting =====
|
|
2038
2179
|
setTarget(target) {
|
|
2039
2180
|
this.state.target.primary = target;
|
|
2040
|
-
this.think(
|
|
2041
|
-
this.emit(
|
|
2181
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Target Setting: ${target}`);
|
|
2182
|
+
this.emit(AGENT_EVENT.TARGET_SET, target);
|
|
2042
2183
|
}
|
|
2043
2184
|
// ===== Phase Management =====
|
|
2044
2185
|
getCurrentPhase() {
|
|
@@ -2051,21 +2192,21 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
2051
2192
|
phase.status = status;
|
|
2052
2193
|
if (status === "in_progress" && !phase.startTime) {
|
|
2053
2194
|
phase.startTime = /* @__PURE__ */ new Date();
|
|
2054
|
-
} else if ((status ===
|
|
2195
|
+
} else if ((status === PHASE_STATUS.COMPLETED || status === PHASE_STATUS.FAILED) && !phase.endTime) {
|
|
2055
2196
|
phase.endTime = /* @__PURE__ */ new Date();
|
|
2056
2197
|
}
|
|
2057
|
-
this.emit(
|
|
2058
|
-
this.think(
|
|
2198
|
+
this.emit(AGENT_EVENT.PHASE_CHANGE, { phaseId, oldStatus, newStatus: status });
|
|
2199
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Phase status changed: ${phase.shortName} (${oldStatus} \u2192 ${status})`);
|
|
2059
2200
|
}
|
|
2060
2201
|
}
|
|
2061
2202
|
advanceToNextPhase() {
|
|
2062
2203
|
const currentIndex = this.state.phases.findIndex((p) => p.id === this.state.currentPhase);
|
|
2063
2204
|
if (currentIndex < this.state.phases.length - 1) {
|
|
2064
2205
|
const nextPhase = this.state.phases[currentIndex + 1];
|
|
2065
|
-
this.setPhaseStatus(this.state.currentPhase,
|
|
2206
|
+
this.setPhaseStatus(this.state.currentPhase, PHASE_STATUS.COMPLETED);
|
|
2066
2207
|
this.state.currentPhase = nextPhase.id;
|
|
2067
2208
|
this.setPhaseStatus(nextPhase.id, "in_progress");
|
|
2068
|
-
this.think(
|
|
2209
|
+
this.think(THOUGHT_TYPE.PLAN, `Advancing to next phase: ${nextPhase.shortName}`);
|
|
2069
2210
|
this.resetStuckCounter();
|
|
2070
2211
|
return true;
|
|
2071
2212
|
}
|
|
@@ -2075,16 +2216,16 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
2075
2216
|
checkIfStuck() {
|
|
2076
2217
|
const currentPhase = this.getCurrentPhase();
|
|
2077
2218
|
if (currentPhase.attempts > this.MAX_PHASE_ATTEMPTS) {
|
|
2078
|
-
this.think(
|
|
2219
|
+
this.think(THOUGHT_TYPE.STUCK, `[!] Rabbit hole detected: ${currentPhase.attempts} attempts in ${currentPhase.shortName} phase`);
|
|
2079
2220
|
return true;
|
|
2080
2221
|
}
|
|
2081
2222
|
const timeSinceProgress = Date.now() - this.state.lastProgressTime.getTime();
|
|
2082
2223
|
if (timeSinceProgress > this.STUCK_TIME_THRESHOLD) {
|
|
2083
|
-
this.think(
|
|
2224
|
+
this.think(THOUGHT_TYPE.STUCK, `[!] Rabbit hole detected: No progress for ${Math.round(timeSinceProgress / 6e4)} minutes`);
|
|
2084
2225
|
return true;
|
|
2085
2226
|
}
|
|
2086
2227
|
if (this.state.stuckCounter > this.STUCK_THRESHOLD) {
|
|
2087
|
-
this.think(
|
|
2228
|
+
this.think(THOUGHT_TYPE.STUCK, `[!] Rabbit hole detected: Same pattern ${this.state.stuckCounter} times repeated`);
|
|
2088
2229
|
return true;
|
|
2089
2230
|
}
|
|
2090
2231
|
return false;
|
|
@@ -2103,7 +2244,7 @@ ${await this.commandRegistry.getHelp()}`;
|
|
|
2103
2244
|
}
|
|
2104
2245
|
// ===== Self Reflection =====
|
|
2105
2246
|
async performSelfReflection() {
|
|
2106
|
-
this.think(
|
|
2247
|
+
this.think(THOUGHT_TYPE.REFLECTION, "[reflect] Starting self-reflection...");
|
|
2107
2248
|
const reflectionPrompt = `
|
|
2108
2249
|
${SELF_REFLECTION_PROMPT}
|
|
2109
2250
|
|
|
@@ -2124,7 +2265,7 @@ What went wrong and what different approach should be tried?
|
|
|
2124
2265
|
messages: [{ role: "user", content: reflectionPrompt }]
|
|
2125
2266
|
});
|
|
2126
2267
|
const reflection = response.content.filter((b) => b.type === "text").map((b) => b.text).join("\n");
|
|
2127
|
-
this.think(
|
|
2268
|
+
this.think(THOUGHT_TYPE.REFLECTION, reflection);
|
|
2128
2269
|
return reflection;
|
|
2129
2270
|
}
|
|
2130
2271
|
// ===== Progress Detection =====
|
|
@@ -2133,16 +2274,16 @@ What went wrong and what different approach should be tried?
|
|
|
2133
2274
|
this.state.lastProgressTime = /* @__PURE__ */ new Date();
|
|
2134
2275
|
switch (type) {
|
|
2135
2276
|
case "discovery":
|
|
2136
|
-
this.think(
|
|
2277
|
+
this.think(THOUGHT_TYPE.BREAKTHROUGH, "[target] New target discovered!");
|
|
2137
2278
|
break;
|
|
2138
2279
|
case "credential":
|
|
2139
|
-
this.think(
|
|
2280
|
+
this.think(THOUGHT_TYPE.BREAKTHROUGH, "[cred] Credential obtained!");
|
|
2140
2281
|
break;
|
|
2141
2282
|
case "access":
|
|
2142
|
-
this.think(
|
|
2283
|
+
this.think(THOUGHT_TYPE.BREAKTHROUGH, "[access] Access obtained!");
|
|
2143
2284
|
break;
|
|
2144
2285
|
case "exploit":
|
|
2145
|
-
this.think(
|
|
2286
|
+
this.think(THOUGHT_TYPE.BREAKTHROUGH, "[exploit] Exploit successful!");
|
|
2146
2287
|
this.state.successfulExploits++;
|
|
2147
2288
|
break;
|
|
2148
2289
|
}
|
|
@@ -2156,7 +2297,7 @@ What went wrong and what different approach should be tried?
|
|
|
2156
2297
|
};
|
|
2157
2298
|
this.state.findings.push(newFinding);
|
|
2158
2299
|
this.getCurrentPhase().findings.push(newFinding);
|
|
2159
|
-
this.emit(
|
|
2300
|
+
this.emit(AGENT_EVENT.FINDING, newFinding);
|
|
2160
2301
|
if (finding.severity === "critical" || finding.severity === "high") {
|
|
2161
2302
|
this.recordProgress("discovery");
|
|
2162
2303
|
}
|
|
@@ -2164,55 +2305,55 @@ What went wrong and what different approach should be tried?
|
|
|
2164
2305
|
addCredential(cred) {
|
|
2165
2306
|
this.state.target.credentials.push(cred);
|
|
2166
2307
|
this.recordProgress("credential");
|
|
2167
|
-
this.emit(
|
|
2168
|
-
this.think(
|
|
2308
|
+
this.emit(AGENT_EVENT.CREDENTIAL, cred);
|
|
2309
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Credential obtained: ${cred.type} - ${cred.username || "unknown"}@${cred.source}`);
|
|
2169
2310
|
}
|
|
2170
2311
|
addCompromisedHost(host) {
|
|
2171
2312
|
if (!this.state.target.compromised.includes(host)) {
|
|
2172
2313
|
this.state.target.compromised.push(host);
|
|
2173
2314
|
this.recordProgress("access");
|
|
2174
|
-
this.emit(
|
|
2175
|
-
this.think(
|
|
2315
|
+
this.emit(AGENT_EVENT.COMPROMISED, host);
|
|
2316
|
+
this.think(THOUGHT_TYPE.BREAKTHROUGH, `Host compromised: ${host}`);
|
|
2176
2317
|
}
|
|
2177
2318
|
}
|
|
2178
2319
|
// ===== Main Autonomous Execution Loop =====
|
|
2179
2320
|
async runAutonomous(objective) {
|
|
2180
2321
|
if (!this.state.target.primary) {
|
|
2181
|
-
this.emit(
|
|
2322
|
+
this.emit(AGENT_EVENT.ERROR, new Error("Target not set"));
|
|
2182
2323
|
return;
|
|
2183
2324
|
}
|
|
2184
|
-
this.state.status =
|
|
2325
|
+
this.state.status = AGENT_STATUS.RUNNING;
|
|
2185
2326
|
this.setPhaseStatus("recon", "in_progress");
|
|
2186
2327
|
const mainObjective = objective || `
|
|
2187
2328
|
Target ${this.state.target.primary} - performing full penetration test.
|
|
2188
2329
|
Goal: Deep penetration to obtain root/system privileges, extract internal data, map entire network.
|
|
2189
2330
|
`;
|
|
2190
|
-
this.think(
|
|
2331
|
+
this.think(THOUGHT_TYPE.PLAN, `Autonomous hacking started: ${mainObjective}`);
|
|
2191
2332
|
this.state.history.push({
|
|
2192
2333
|
role: "user",
|
|
2193
2334
|
content: mainObjective
|
|
2194
2335
|
});
|
|
2195
2336
|
let iteration = 0;
|
|
2196
2337
|
const maxIterations = this.config.maxIterations;
|
|
2197
|
-
while (iteration < maxIterations && this.state.status ===
|
|
2338
|
+
while (iteration < maxIterations && this.state.status === AGENT_STATUS.RUNNING) {
|
|
2198
2339
|
iteration++;
|
|
2199
2340
|
this.state.iteration = iteration;
|
|
2200
2341
|
this.getCurrentPhase().attempts++;
|
|
2201
2342
|
this.state.fullAttempts++;
|
|
2202
|
-
this.emit(
|
|
2343
|
+
this.emit(AGENT_EVENT.ITERATION, { current: iteration, max: maxIterations, phase: this.state.currentPhase });
|
|
2203
2344
|
try {
|
|
2204
2345
|
if (this.checkIfStuck()) {
|
|
2205
|
-
this.state.status =
|
|
2346
|
+
this.state.status = AGENT_STATUS.STUCK;
|
|
2206
2347
|
const reflection = await this.performSelfReflection();
|
|
2207
2348
|
const shouldSkip = await this.decideNextAction(reflection);
|
|
2208
2349
|
if (shouldSkip) {
|
|
2209
2350
|
this.setPhaseStatus(this.state.currentPhase, "skipped");
|
|
2210
2351
|
if (!this.advanceToNextPhase()) {
|
|
2211
|
-
this.think(
|
|
2352
|
+
this.think(THOUGHT_TYPE.OBSERVATION, "All phases completed or skipped");
|
|
2212
2353
|
break;
|
|
2213
2354
|
}
|
|
2214
2355
|
}
|
|
2215
|
-
this.state.status =
|
|
2356
|
+
this.state.status = AGENT_STATUS.RUNNING;
|
|
2216
2357
|
this.resetStuckCounter();
|
|
2217
2358
|
continue;
|
|
2218
2359
|
}
|
|
@@ -2220,25 +2361,25 @@ Goal: Deep penetration to obtain root/system privileges, extract internal data,
|
|
|
2220
2361
|
await this.analyzeResponse(response);
|
|
2221
2362
|
if (this.shouldAdvancePhase()) {
|
|
2222
2363
|
if (!this.advanceToNextPhase()) {
|
|
2223
|
-
this.think(
|
|
2364
|
+
this.think(THOUGHT_TYPE.OBSERVATION, "[done] All phases completed!");
|
|
2224
2365
|
break;
|
|
2225
2366
|
}
|
|
2226
2367
|
}
|
|
2227
2368
|
} catch (error) {
|
|
2228
2369
|
this.state.failedAttempts++;
|
|
2229
|
-
this.think(
|
|
2230
|
-
this.emit(
|
|
2370
|
+
this.think(THOUGHT_TYPE.RESULT, `[-] Error: ${error.message}`);
|
|
2371
|
+
this.emit(AGENT_EVENT.ERROR, error);
|
|
2231
2372
|
await this.attemptRecovery(error);
|
|
2232
2373
|
}
|
|
2233
2374
|
}
|
|
2234
|
-
this.state.status =
|
|
2375
|
+
this.state.status = AGENT_STATUS.COMPLETED;
|
|
2235
2376
|
await this.generateFinalReport();
|
|
2236
|
-
this.emit(
|
|
2377
|
+
this.emit(AGENT_EVENT.COMPLETE, this.getSummary());
|
|
2237
2378
|
}
|
|
2238
2379
|
// ===== Step Execution =====
|
|
2239
2380
|
async executeStep() {
|
|
2240
2381
|
const contextPrompt = this.buildContextPrompt();
|
|
2241
|
-
this.think(
|
|
2382
|
+
this.think(THOUGHT_TYPE.PLAN, "Deciding next action...");
|
|
2242
2383
|
const historyMessages = this.state.history.map(toMessageParam);
|
|
2243
2384
|
const messages = [
|
|
2244
2385
|
...historyMessages,
|
|
@@ -2266,7 +2407,7 @@ Goal: Deep penetration to obtain root/system privileges, extract internal data,
|
|
|
2266
2407
|
=== Current Status ===
|
|
2267
2408
|
Target: ${this.state.target.primary}
|
|
2268
2409
|
Current phase: ${phase.shortName} (${phase.name})
|
|
2269
|
-
Phase progress: ${this.state.phases.filter((p) => p.status ===
|
|
2410
|
+
Phase progress: ${this.state.phases.filter((p) => p.status === PHASE_STATUS.COMPLETED).length}/${this.state.phases.length}
|
|
2270
2411
|
Compromised hosts: ${this.state.target.compromised.join(", ") || "none"}
|
|
2271
2412
|
|
|
2272
2413
|
=== Discovered Services ===
|
|
@@ -2293,8 +2434,8 @@ Use report_finding tool for important discoveries.
|
|
|
2293
2434
|
if (block.type === "text") {
|
|
2294
2435
|
textResponse += block.text;
|
|
2295
2436
|
contentBlocks.push({ type: "text", text: block.text });
|
|
2296
|
-
this.think(
|
|
2297
|
-
this.emit(
|
|
2437
|
+
this.think(THOUGHT_TYPE.OBSERVATION, block.text.slice(0, 500));
|
|
2438
|
+
this.emit(AGENT_EVENT.RESPONSE, block.text);
|
|
2298
2439
|
} else if (block.type === "tool_use") {
|
|
2299
2440
|
const toolName = block.name;
|
|
2300
2441
|
const toolInput = block.input;
|
|
@@ -2306,15 +2447,15 @@ Use report_finding tool for important discoveries.
|
|
|
2306
2447
|
});
|
|
2307
2448
|
const actionKey = `${toolName}:${JSON.stringify(toolInput).slice(0, 100)}`;
|
|
2308
2449
|
this.trackAction(actionKey);
|
|
2309
|
-
this.think(
|
|
2310
|
-
this.emit(
|
|
2450
|
+
this.think(THOUGHT_TYPE.ACTION, `[tool] Tool execution: ${toolName}`);
|
|
2451
|
+
this.emit(AGENT_EVENT.TOOL_CALL, { id: block.id, name: toolName, input: toolInput });
|
|
2311
2452
|
const result = await executeToolCall(toolName, toolInput);
|
|
2312
2453
|
const resultType = result.success ? "result" : "result";
|
|
2313
2454
|
this.think(
|
|
2314
2455
|
resultType,
|
|
2315
2456
|
result.success ? `[+] ${toolName} Success: ${result.output.slice(0, 200)}...` : `[-] ${toolName} Failed: ${result.error}`
|
|
2316
2457
|
);
|
|
2317
|
-
this.emit(
|
|
2458
|
+
this.emit(AGENT_EVENT.TOOL_RESULT, { id: block.id, name: toolName, result });
|
|
2318
2459
|
this.extractIntelligence(toolName, result);
|
|
2319
2460
|
this.state.history.push({
|
|
2320
2461
|
role: "assistant",
|
|
@@ -2378,14 +2519,14 @@ Use report_finding tool for important discoveries.
|
|
|
2378
2519
|
passwordPatterns.forEach((pattern) => {
|
|
2379
2520
|
const matches = result.output.match(pattern);
|
|
2380
2521
|
if (matches) {
|
|
2381
|
-
this.think(
|
|
2522
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Potential credentials found: ${matches.slice(0, 3).join(", ")}`);
|
|
2382
2523
|
}
|
|
2383
2524
|
});
|
|
2384
2525
|
}
|
|
2385
2526
|
const cveMatches = result.output.match(/CVE-\d{4}-\d+/gi);
|
|
2386
2527
|
if (cveMatches) {
|
|
2387
2528
|
cveMatches.forEach((cve) => {
|
|
2388
|
-
this.think(
|
|
2529
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `CVE found: ${cve}`);
|
|
2389
2530
|
});
|
|
2390
2531
|
}
|
|
2391
2532
|
if (output.includes("meterpreter") || output.includes("shell session") || output.includes("www-data") || output.includes("uid=")) {
|
|
@@ -2431,11 +2572,11 @@ Use report_finding tool for important discoveries.
|
|
|
2431
2572
|
}
|
|
2432
2573
|
// ===== Recovery Attempt =====
|
|
2433
2574
|
async attemptRecovery(error) {
|
|
2434
|
-
this.think(
|
|
2575
|
+
this.think(THOUGHT_TYPE.REFLECTION, `Attempting recovery: ${error.message}`);
|
|
2435
2576
|
if (error.message.includes("timeout")) {
|
|
2436
|
-
this.think(
|
|
2577
|
+
this.think(THOUGHT_TYPE.PLAN, "Timeout - retrying with shorter command");
|
|
2437
2578
|
} else if (error.message.includes("permission")) {
|
|
2438
|
-
this.think(
|
|
2579
|
+
this.think(THOUGHT_TYPE.PLAN, "Permission error - trying different approach");
|
|
2439
2580
|
}
|
|
2440
2581
|
}
|
|
2441
2582
|
// ===== Final Report Generation =====
|
|
@@ -2480,8 +2621,8 @@ ${this.state.phases.map((p) => `- **${p.shortName}**: ${p.status} (${p.attempts}
|
|
|
2480
2621
|
Based on the findings, the following remediation steps are recommended:
|
|
2481
2622
|
${this.state.findings.filter((f) => f.severity !== "info").map((f) => `- Address: ${f.title}`).join("\n")}
|
|
2482
2623
|
`;
|
|
2483
|
-
this.setPhaseStatus(
|
|
2484
|
-
this.emit(
|
|
2624
|
+
this.setPhaseStatus(PHASE_ID.REPORT, PHASE_STATUS.COMPLETED);
|
|
2625
|
+
this.emit(AGENT_EVENT.REPORT, report);
|
|
2485
2626
|
return report;
|
|
2486
2627
|
}
|
|
2487
2628
|
// ===== Summary =====
|
|
@@ -2499,29 +2640,29 @@ ${this.state.findings.filter((f) => f.severity !== "info").map((f) => `- Address
|
|
|
2499
2640
|
}
|
|
2500
2641
|
// ===== User Hint Processing =====
|
|
2501
2642
|
async processUserHint(hint) {
|
|
2502
|
-
this.think(
|
|
2643
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `User hint: ${hint}`);
|
|
2503
2644
|
this.state.history.push({
|
|
2504
2645
|
role: "user",
|
|
2505
2646
|
content: `[User hint] ${hint}`
|
|
2506
2647
|
});
|
|
2507
2648
|
this.resetStuckCounter();
|
|
2508
|
-
this.emit(
|
|
2649
|
+
this.emit(AGENT_EVENT.HINT_RECEIVED, hint);
|
|
2509
2650
|
}
|
|
2510
2651
|
// ===== Pause/Resume =====
|
|
2511
2652
|
pause() {
|
|
2512
|
-
this.state.status =
|
|
2513
|
-
this.emit(
|
|
2653
|
+
this.state.status = AGENT_STATUS.PAUSED;
|
|
2654
|
+
this.emit(AGENT_EVENT.PAUSED);
|
|
2514
2655
|
}
|
|
2515
2656
|
resume() {
|
|
2516
|
-
if (this.state.status ===
|
|
2517
|
-
this.state.status =
|
|
2518
|
-
this.emit(
|
|
2657
|
+
if (this.state.status === AGENT_STATUS.PAUSED) {
|
|
2658
|
+
this.state.status = AGENT_STATUS.RUNNING;
|
|
2659
|
+
this.emit(AGENT_EVENT.RESUMED);
|
|
2519
2660
|
}
|
|
2520
2661
|
}
|
|
2521
2662
|
// ===== Reset =====
|
|
2522
2663
|
reset() {
|
|
2523
2664
|
this.state = this.createInitialState();
|
|
2524
|
-
this.emit(
|
|
2665
|
+
this.emit(AGENT_EVENT.RESET);
|
|
2525
2666
|
}
|
|
2526
2667
|
};
|
|
2527
2668
|
|
|
@@ -2610,52 +2751,6 @@ var ASCII_BANNER = `
|
|
|
2610
2751
|
\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
|
|
2611
2752
|
`;
|
|
2612
2753
|
|
|
2613
|
-
// src/config/agent-constants.ts
|
|
2614
|
-
var AGENT_EVENT = {
|
|
2615
|
-
// Lifecycle
|
|
2616
|
-
PLUGINS_LOADED: "plugins_loaded",
|
|
2617
|
-
HOOKS_LOADED: "hooks_loaded",
|
|
2618
|
-
COMMANDS_LOADED: "commands_loaded",
|
|
2619
|
-
MCP_SERVER_ADDED: "mcp_server_added",
|
|
2620
|
-
// Execution
|
|
2621
|
-
ITERATION: "iteration",
|
|
2622
|
-
THOUGHT: "thought",
|
|
2623
|
-
RESPONSE: "response",
|
|
2624
|
-
TOOL_CALL: "tool_call",
|
|
2625
|
-
TOOL_RESULT: "tool_result",
|
|
2626
|
-
COMMAND_EXECUTE: "command_execute",
|
|
2627
|
-
// State changes
|
|
2628
|
-
TARGET_SET: "target_set",
|
|
2629
|
-
PHASE_CHANGE: "phase_change",
|
|
2630
|
-
AGENT_SWITCH: "agent_switch",
|
|
2631
|
-
// Discoveries
|
|
2632
|
-
FINDING: "finding",
|
|
2633
|
-
CREDENTIAL: "credential",
|
|
2634
|
-
COMPROMISED: "compromised",
|
|
2635
|
-
// Completion
|
|
2636
|
-
COMPLETE: "complete",
|
|
2637
|
-
REPORT: "report",
|
|
2638
|
-
ERROR: "error"
|
|
2639
|
-
};
|
|
2640
|
-
var CLI_COMMAND = {
|
|
2641
|
-
HELP: "help",
|
|
2642
|
-
TARGET: "target",
|
|
2643
|
-
START: "start",
|
|
2644
|
-
STOP: "stop",
|
|
2645
|
-
FINDINGS: "findings",
|
|
2646
|
-
CLEAR: "clear",
|
|
2647
|
-
EXIT: "exit"
|
|
2648
|
-
};
|
|
2649
|
-
var MESSAGE_TYPE = {
|
|
2650
|
-
USER: "user",
|
|
2651
|
-
ASSISTANT: "assistant",
|
|
2652
|
-
TOOL: "tool",
|
|
2653
|
-
THINKING: "thinking",
|
|
2654
|
-
ERROR: "error",
|
|
2655
|
-
SYSTEM: "system",
|
|
2656
|
-
RESULT: "result"
|
|
2657
|
-
};
|
|
2658
|
-
|
|
2659
2754
|
// src/cli/app.tsx
|
|
2660
2755
|
import { jsx, jsxs } from "react/jsx-runtime";
|
|
2661
2756
|
var App = ({ autoApprove = false, target }) => {
|