pentesting 0.12.4 → 0.12.12

package/README.md

@@ -11,34 +11,69 @@
                   A U T O N O M O U S   S E C U R I T Y   A G E N T
 ```
 
-**v0.12.0 | Multi-Agent System | 50+ Security Tools**
+**v0.12.10 | Multi-Agent System | 50+ Security Tools**
 
 [![npm](https://img.shields.io/badge/npm-pentesting-red)](https://www.npmjs.org/package/pentesting)
-[![Docker](https://img.shields.io/badge/docker-agnusdei1207%2Fpentesting-red)](https://hub.docker.com/r/agnusdei1207/pentesting)
+[![Docker](https://img.shields.io/badge/docker-kalilinux%2Fkali--rolling-blue)](https://hub.docker.com/r/kalilinux/kali-rolling)
 [![License: MIT](https://img.shields.io/badge/License-MIT-red.svg)](https://opensource.org/licenses/MIT)
 
 </div>
 
 ---
 
+## ⚠️ Requirements
+
+**This agent requires Kali Linux environment for full functionality.**
+
+### Option 1: Native Kali Linux (Recommended)
+```bash
+# On Kali Linux
+sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
+npm install -g pentesting
+pentesting
+```
+
+### Option 2: Docker with Kali Image
+```bash
+# Pull official Kali Linux image
+docker pull kalilinux/kali-rolling
+
+# Run with full tools
+docker run -it --rm --network host \
+  -e PENTEST_API_KEY="your_key" \
+  -e PENTEST_BASE_URL="https://api.openai.com/v1" \
+  -e PENTEST_MODEL="gpt-4-turbo" \
+  kalilinux/kali-rolling bash -c "
+    apt update && apt install -y nodejs npm kali-tools-top10 && \
+    npm install -g pentesting && \
+    pentesting
+  "
+```
+
+### Option 3: Kali on WSL2 (Windows)
+```bash
+# Install Kali from Microsoft Store, then:
+sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
+sudo npm install -g pentesting
+pentesting
+```
+
+---
+
 ## Quick Start
 
 ```bash
 npm install -g pentesting
 
+# requirements
 export PENTEST_API_KEY="your_api_key"
-
-# Optional: Custom LLM endpoint
 export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
-export PENTEST_MODEL="glm-4-plus"
+export PENTEST_MODEL="glm-4.7"
 
 pentesting
 ```
 
-**Docker:**
-```bash
-docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
-```
+**Note:** If a security tool is not installed, the agent will automatically attempt to install it using `apt`.
 
 ---
 
@@ -49,6 +84,7 @@ docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
 | **Multi-Agent System** | 5 specialist agents (Recon, Web, Exploit, PrivEsc, Lateral) |
 | **Autonomous Orchestration** | Strategic planning, self-diagnostics, quality gates |
 | **50+ Security Tools** | nmap, sqlmap, ffuf, gobuster, hydra, metasploit... |
+| **Auto-Install** | Missing tools are automatically installed via apt |
 | **CTF Research** | Writeup search (0xdf, IppSec), scenario-based research |
 | **Audit & Safety** | Tool execution logging, risk scoring, approval system |
 
@@ -77,6 +113,38 @@ docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
 
 ---
 
+## Supported Tools
+
+The agent supports 50+ security tools. If a tool is missing, it will be installed automatically:
+
+| Category | Tools |
+|----------|-------|
+| **Reconnaissance** | nmap, rustscan, masscan, subfinder, amass |
+| **Web** | ffuf, gobuster, nikto, nuclei, sqlmap, whatweb |
+| **Exploitation** | metasploit, searchsploit, msfvenom |
+| **Credential** | hydra, john, hashcat, crackmapexec |
+| **Windows/AD** | impacket-*, bloodhound, kerbrute, enum4linux |
+| **Utilities** | netcat, socat, chisel, proxychains |
+
+---
+
+## Web Research (Playwright)
+
+The agent includes a powerful **Playwright-based web research** engine:
+
+- **CAPTCHA bypass** - Headless browser avoids detection
+- **Deep search** - Follows links and extracts content
+- **Multi-source** - Google, DuckDuckGo, exploit-db, CVE databases
+- **CTF research** - Searches 0xdf, ippsec, HackTheBox writeups
+
+```bash
+# Features available in autonomous mode:
+# - searchGoogle(query)
+# - deepSearch(query, { depth: 2 })
+# - searchWriteups("htb box name")
+# - ctfResearch("Lame", "linux")
+```
+
 ## Documentation
 
 - **[ARCHITECTURE.md](docs/ARCHITECTURE.md)** - System architecture

package/dist/{auto-update-GKO64QMO.js → auto-update-QJJRAZRM.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-M5JWJSPW.js";
-import "./chunk-JXR7HH4V.js";
+} from "./chunk-5K7T4DZW.js";
+import "./chunk-6GEXOEUI.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/dist/{chunk-M5JWJSPW.js → chunk-5K7T4DZW.js}

@@ -1,7 +1,7 @@
 import {
   APP_NAME,
   APP_VERSION
-} from "./chunk-JXR7HH4V.js";
+} from "./chunk-6GEXOEUI.js";
 
 // src/core/update/auto-update.ts
 import { execSync } from "child_process";

package/dist/chunk-6GEXOEUI.js

@@ -0,0 +1,525 @@
+// src/config/agent-constants.ts
+var AGENT_STATUS = {
+  IDLE: "idle",
+  RUNNING: "running",
+  PAUSED: "paused",
+  STUCK: "stuck",
+  WAITING_INPUT: "waiting_input",
+  COMPLETED: "completed"
+};
+var PHASE_ID = {
+  RECON: "recon",
+  SCAN: "scan",
+  ENUM: "enum",
+  VULN: "vuln",
+  EXPLOIT: "exploit",
+  PRIVESC: "privesc",
+  PIVOT: "pivot",
+  PERSIST: "persist",
+  EXFIL: "exfil",
+  REPORT: "report"
+};
+var PHASE_STATUS = {
+  PENDING: "pending",
+  IN_PROGRESS: "in_progress",
+  COMPLETED: "completed",
+  FAILED: "failed",
+  SKIPPED: "skipped"
+};
+var THOUGHT_TYPE = {
+  THINKING: "thinking",
+  // LLM text streaming
+  REASONING: "reasoning",
+  // LLM extended thinking
+  PLANNING: "planning",
+  // Strategic planning
+  OBSERVATION: "observation",
+  // Observing results
+  HYPOTHESIS: "hypothesis",
+  // Forming hypothesis
+  REFLECTION: "reflection",
+  // Self-reflection
+  ACTION: "action",
+  // Taking action
+  RESULT: "result",
+  // Action result
+  STUCK: "stuck",
+  // Detected stuck state
+  BREAKTHROUGH: "breakthrough"
+  // Found breakthrough
+};
+var AGENT_EVENT = {
+  // Lifecycle
+  PLUGINS_LOADED: "plugins_loaded",
+  HOOKS_LOADED: "hooks_loaded",
+  COMMANDS_LOADED: "commands_loaded",
+  MCP_SERVER_ADDED: "mcp_server_added",
+  // Execution
+  ITERATION: "iteration",
+  THOUGHT: "thought",
+  RESPONSE: "response",
+  TOOL_CALL: "tool_call",
+  TOOL_RESULT: "tool_result",
+  COMMAND_EXECUTE: "command_execute",
+  APPROVAL_NEEDED: "approval_needed",
+  TOKEN_USAGE: "token_usage",
+  LLM_START: "llm_start",
+  LLM_END: "llm_end",
+  // State changes
+  TARGET_SET: "target_set",
+  PHASE_CHANGE: "phase_change",
+  AGENT_SWITCH: "agent_switch",
+  PAUSED: "paused",
+  RESUMED: "resumed",
+  RESET: "reset",
+  // Discoveries
+  FINDING: "finding",
+  CREDENTIAL: "credential",
+  COMPROMISED: "compromised",
+  // Completion
+  COMPLETE: "complete",
+  REPORT: "report",
+  ERROR: "error",
+  HINT_RECEIVED: "hint_received",
+  CONTEXT_COMPACTED: "context_compacted"
+};
+var CLI_COMMAND = {
+  HELP: "help",
+  TARGET: "target",
+  START: "start",
+  STOP: "stop",
+  FINDINGS: "findings",
+  CLEAR: "clear",
+  EXIT: "exit"
+};
+var MESSAGE_TYPE = {
+  USER: "user",
+  ASSISTANT: "assistant",
+  TOOL: "tool",
+  THINKING: "thinking",
+  ERROR: "error",
+  SYSTEM: "system",
+  RESULT: "result"
+};
+var TOOL_NAME = {
+  // System
+  BASH: "bash",
+  READ_FILE: "read_file",
+  WRITE_FILE: "write_file",
+  LIST_DIRECTORY: "list_directory",
+  SET_TARGET: "set_target",
+  // Network - Basic Connectivity
+  PING: "ping",
+  TRACEROUTE: "traceroute",
+  MTR: "mtr",
+  RUSTSCAN: "rustscan",
+  NMAP_SCAN: "nmap_scan",
+  MASSCAN: "masscan",
+  TCPDUMP_CAPTURE: "tcpdump_capture",
+  TSHARK: "tshark",
+  NGREP: "ngrep",
+  ARP_SCAN: "arp_scan",
+  NETCAT: "netcat",
+  SOCAT: "socat",
+  // DNS & Subdomain
+  DIG: "dig",
+  HOST: "host",
+  NSLOOKUP: "nslookup",
+  WHOIS: "whois",
+  SUBFINDER: "subfinder",
+  AMASS: "amass",
+  DNSENUM: "dnsenum",
+  DNSRECON: "dnsrecon",
+  DNSMAP: "dnsmap",
+  ZONE_TRANSFER: "zone_transfer",
+  // Service Enumeration
+  SNMP_WALK: "snmp_walk",
+  SNMP_CHECK: "snmp_check",
+  ONESIXTYONE: "onesixtyone",
+  FTP_ENUM: "ftp_enum",
+  FTP_ANON: "ftp_anon",
+  NBTSCAN: "nbtscan",
+  RPC_INFO: "rpc_info",
+  SHOWMOUNT: "showmount",
+  TELNET: "telnet",
+  // Web Recon & Tech Identification
+  WHATWEB: "whatweb",
+  HTTPX: "httpx",
+  NUCLEI: "nuclei",
+  NIKTO: "nikto",
+  FFUF: "ffuf",
+  GOBUSTER: "gobuster",
+  DIRB: "dirb",
+  FEROXBUSTER: "feroxbuster",
+  WAYBACKURLS: "waybackurls",
+  WAFW00F: "wafw00f",
+  GOWITNESS: "gowitness",
+  // Windows/SMB/AD
+  SMB_ENUM: "smb_enum",
+  SMBMAP: "smbmap",
+  ENUM4LINUX: "enum4linux",
+  CRACKMAPEXEC: "crackmapexec",
+  SMBCLIENT: "smbclient",
+  RPCCLIENT: "rpcclient",
+  WINRM: "winrm",
+  RDP_CHECK: "rdp_check",
+  LDAP_SEARCH: "ldap_search",
+  KERBRUTE: "kerbrute",
+  BLOODHOUND: "bloodhound",
+  // Database Clients  
+  MSSQL_CLIENT: "mssql_client",
+  MYSQL_CLIENT: "mysql_client",
+  PSQL_CLIENT: "psql_client",
+  REDIS_CLI: "redis_cli",
+  MONGO_CLIENT: "mongo_client",
+  // Web
+  WEB_REQUEST: "web_request",
+  DIRECTORY_BRUTEFORCE: "directory_bruteforce",
+  SQL_INJECTION: "sql_injection",
+  BROWSER_AUTOMATION: "browser_automation",
+  // Exploit
+  SEARCHSPLOIT: "searchsploit",
+  METASPLOIT: "metasploit",
+  GENERATE_PAYLOAD: "generate_payload",
+  // Credential
+  BRUTEFORCE_LOGIN: "bruteforce_login",
+  CRACK_HASH: "crack_hash",
+  JOHN: "john",
+  HASHCAT: "hashcat",
+  HASHID: "hashid",
+  DUMP_CREDENTIALS: "dump_credentials",
+  HYDRA: "hydra",
+  MEDUSA: "medusa",
+  // Privilege Escalation
+  CHECK_SUDO: "check_sudo",
+  FIND_SUID: "find_suid",
+  RUN_PRIVESC_ENUM: "run_privesc_enum",
+  // Post-Exploitation & Tunneling
+  SSH: "ssh",
+  SSH_KEYGEN: "ssh_keygen",
+  SETUP_TUNNEL: "setup_tunnel",
+  CHISEL: "chisel",
+  PROXYCHAINS: "proxychains",
+  LATERAL_MOVEMENT: "lateral_movement",
+  REVERSE_SHELL: "reverse_shell",
+  // Listener & Payload Delivery
+  NC_LISTENER: "nc_listener",
+  PYTHON_HTTP_SERVER: "python_http_server",
+  MSFVENOM: "msfvenom",
+  RLWRAP: "rlwrap",
+  PWNCAT: "pwncat",
+  // Forensics
+  BINWALK: "binwalk",
+  FOREMOST: "foremost",
+  STEGHIDE: "steghide",
+  EXIFTOOL: "exiftool",
+  // Reversing
+  GDB: "gdb",
+  RADARE2: "radare2",
+  // Impacket Tools
+  IMPACKET_SECRETSDUMP: "impacket_secretsdump",
+  IMPACKET_PSEXEC: "impacket_psexec",
+  IMPACKET_WMIEXEC: "impacket_wmiexec",
+  IMPACKET_SMBEXEC: "impacket_smbexec",
+  IMPACKET_ATEXEC: "impacket_atexec",
+  IMPACKET_DCOMEXEC: "impacket_dcomexec",
+  IMPACKET_GETNPUSERS: "impacket_getnpusers",
+  IMPACKET_GETUSERSPNS: "impacket_getuserspns",
+  // Reporting
+  REPORT_FINDING: "report_finding",
+  TAKE_SCREENSHOT: "take_screenshot",
+  // Research & Writeups
+  SEARCH_WRITEUPS: "search_writeups",
+  SEARCH_MACHINE: "search_machine",
+  SEARCH_BY_SCENARIO: "search_by_scenario",
+  SEARCH_AD_WRITEUPS: "search_ad_writeups",
+  SEARCH_LINUX_PRIVESC: "search_linux_privesc",
+  SEARCH_WINDOWS_PRIVESC: "search_windows_privesc",
+  CTF_RESEARCH: "ctf_research",
+  SECURITY_RESEARCH: "security_research"
+};
+var APT_PACKAGE = {
+  // Network
+  NMAP: "nmap",
+  RUSTSCAN: "rustscan",
+  MASSCAN: "masscan",
+  TCPDUMP: "tcpdump",
+  TSHARK: "tshark",
+  NGREP: "ngrep",
+  ARP_SCAN: "arp-scan",
+  SOCAT: "socat",
+  NETCAT: "netcat-traditional",
+  IPUTILS_PING: "iputils-ping",
+  TRACEROUTE: "traceroute",
+  MTR: "mtr-tiny",
+  // DNS
+  DNSUTILS: "dnsutils",
+  WHOIS: "whois",
+  SUBFINDER: "subfinder",
+  AMASS: "amass",
+  DNSENUM: "dnsenum",
+  DNSRECON: "dnsrecon",
+  // Service Enum
+  SNMP: "snmp",
+  ONESIXTYONE: "onesixtyone",
+  NBTSCAN: "nbtscan",
+  RPCBIND: "rpcbind",
+  NFS_COMMON: "nfs-common",
+  TELNET: "telnet",
+  // Web
+  FFUF: "ffuf",
+  GOBUSTER: "gobuster",
+  DIRB: "dirb",
+  FEROXBUSTER: "feroxbuster",
+  WHATWEB: "whatweb",
+  HTTPX: "httpx-toolkit",
+  NUCLEI: "nuclei",
+  NIKTO: "nikto",
+  WAFW00F: "wafw00f",
+  SQLMAP: "sqlmap",
+  // Windows/SMB/AD
+  SMBCLIENT: "smbclient",
+  SMBMAP: "smbmap",
+  ENUM4LINUX: "enum4linux",
+  CRACKMAPEXEC: "crackmapexec",
+  EVIL_WINRM: "evil-winrm",
+  LDAP_UTILS: "ldap-utils",
+  KERBRUTE: "kerbrute",
+  BLOODHOUND: "bloodhound",
+  // Database
+  IMPACKET_SCRIPTS: "impacket-scripts",
+  MYSQL_CLIENT: "default-mysql-client",
+  POSTGRESQL_CLIENT: "postgresql-client",
+  REDIS_TOOLS: "redis-tools",
+  MONGODB_CLIENTS: "mongodb-clients",
+  // Credential
+  HYDRA: "hydra",
+  MEDUSA: "medusa",
+  JOHN: "john",
+  HASHCAT: "hashcat",
+  HASHID: "hashid",
+  // Exploit
+  EXPLOITDB: "exploitdb",
+  METASPLOIT_FRAMEWORK: "metasploit-framework",
+  // Post-Exploitation
+  OPENSSH_CLIENT: "openssh-client",
+  CHISEL: "chisel",
+  PROXYCHAINS4: "proxychains4",
+  RLWRAP: "rlwrap",
+  PWNCAT: "pwncat",
+  // Forensics
+  BINWALK: "binwalk",
+  FOREMOST: "foremost",
+  STEGHIDE: "steghide",
+  EXIFTOOL: "libimage-exiftool-perl",
+  // Reversing
+  GDB: "gdb",
+  RADARE2: "radare2"
+};
+var TOOL_TO_APT = {
+  // System (no apt package needed)
+  [TOOL_NAME.BASH]: null,
+  [TOOL_NAME.READ_FILE]: null,
+  [TOOL_NAME.WRITE_FILE]: null,
+  [TOOL_NAME.LIST_DIRECTORY]: null,
+  [TOOL_NAME.SET_TARGET]: null,
+  // Network - Basic Connectivity
+  [TOOL_NAME.PING]: APT_PACKAGE.IPUTILS_PING,
+  [TOOL_NAME.TRACEROUTE]: APT_PACKAGE.TRACEROUTE,
+  [TOOL_NAME.MTR]: APT_PACKAGE.MTR,
+  [TOOL_NAME.RUSTSCAN]: APT_PACKAGE.RUSTSCAN,
+  [TOOL_NAME.NMAP_SCAN]: APT_PACKAGE.NMAP,
+  [TOOL_NAME.MASSCAN]: APT_PACKAGE.MASSCAN,
+  [TOOL_NAME.TCPDUMP_CAPTURE]: APT_PACKAGE.TCPDUMP,
+  [TOOL_NAME.TSHARK]: APT_PACKAGE.TSHARK,
+  [TOOL_NAME.NGREP]: APT_PACKAGE.NGREP,
+  [TOOL_NAME.ARP_SCAN]: APT_PACKAGE.ARP_SCAN,
+  [TOOL_NAME.NETCAT]: APT_PACKAGE.NETCAT,
+  [TOOL_NAME.SOCAT]: APT_PACKAGE.SOCAT,
+  // DNS & Subdomain
+  [TOOL_NAME.DIG]: APT_PACKAGE.DNSUTILS,
+  [TOOL_NAME.HOST]: APT_PACKAGE.DNSUTILS,
+  [TOOL_NAME.NSLOOKUP]: APT_PACKAGE.DNSUTILS,
+  [TOOL_NAME.WHOIS]: APT_PACKAGE.WHOIS,
+  [TOOL_NAME.SUBFINDER]: APT_PACKAGE.SUBFINDER,
+  [TOOL_NAME.AMASS]: APT_PACKAGE.AMASS,
+  [TOOL_NAME.DNSENUM]: APT_PACKAGE.DNSENUM,
+  [TOOL_NAME.DNSRECON]: APT_PACKAGE.DNSRECON,
+  [TOOL_NAME.DNSMAP]: APT_PACKAGE.DNSRECON,
+  [TOOL_NAME.ZONE_TRANSFER]: APT_PACKAGE.DNSUTILS,
+  // Service Enumeration
+  [TOOL_NAME.SNMP_WALK]: APT_PACKAGE.SNMP,
+  [TOOL_NAME.SNMP_CHECK]: APT_PACKAGE.SNMP,
+  [TOOL_NAME.ONESIXTYONE]: APT_PACKAGE.ONESIXTYONE,
+  [TOOL_NAME.FTP_ENUM]: null,
+  [TOOL_NAME.FTP_ANON]: null,
+  [TOOL_NAME.NBTSCAN]: APT_PACKAGE.NBTSCAN,
+  [TOOL_NAME.RPC_INFO]: APT_PACKAGE.RPCBIND,
+  [TOOL_NAME.SHOWMOUNT]: APT_PACKAGE.NFS_COMMON,
+  [TOOL_NAME.TELNET]: APT_PACKAGE.TELNET,
+  // Web Recon & Tech Identification
+  [TOOL_NAME.WHATWEB]: APT_PACKAGE.WHATWEB,
+  [TOOL_NAME.HTTPX]: APT_PACKAGE.HTTPX,
+  [TOOL_NAME.NUCLEI]: APT_PACKAGE.NUCLEI,
+  [TOOL_NAME.NIKTO]: APT_PACKAGE.NIKTO,
+  [TOOL_NAME.FFUF]: APT_PACKAGE.FFUF,
+  [TOOL_NAME.GOBUSTER]: APT_PACKAGE.GOBUSTER,
+  [TOOL_NAME.DIRB]: APT_PACKAGE.DIRB,
+  [TOOL_NAME.FEROXBUSTER]: APT_PACKAGE.FEROXBUSTER,
+  [TOOL_NAME.WAYBACKURLS]: null,
+  [TOOL_NAME.WAFW00F]: APT_PACKAGE.WAFW00F,
+  [TOOL_NAME.GOWITNESS]: null,
+  // Windows/SMB/AD
+  [TOOL_NAME.SMB_ENUM]: APT_PACKAGE.SMBCLIENT,
+  [TOOL_NAME.SMBMAP]: APT_PACKAGE.SMBMAP,
+  [TOOL_NAME.ENUM4LINUX]: APT_PACKAGE.ENUM4LINUX,
+  [TOOL_NAME.CRACKMAPEXEC]: APT_PACKAGE.CRACKMAPEXEC,
+  [TOOL_NAME.SMBCLIENT]: APT_PACKAGE.SMBCLIENT,
+  [TOOL_NAME.RPCCLIENT]: APT_PACKAGE.SMBCLIENT,
+  [TOOL_NAME.WINRM]: APT_PACKAGE.EVIL_WINRM,
+  [TOOL_NAME.RDP_CHECK]: null,
+  [TOOL_NAME.LDAP_SEARCH]: APT_PACKAGE.LDAP_UTILS,
+  [TOOL_NAME.KERBRUTE]: APT_PACKAGE.KERBRUTE,
+  [TOOL_NAME.BLOODHOUND]: APT_PACKAGE.BLOODHOUND,
+  // Database Clients
+  [TOOL_NAME.MSSQL_CLIENT]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.MYSQL_CLIENT]: APT_PACKAGE.MYSQL_CLIENT,
+  [TOOL_NAME.PSQL_CLIENT]: APT_PACKAGE.POSTGRESQL_CLIENT,
+  [TOOL_NAME.REDIS_CLI]: APT_PACKAGE.REDIS_TOOLS,
+  [TOOL_NAME.MONGO_CLIENT]: APT_PACKAGE.MONGODB_CLIENTS,
+  // Web Attack
+  [TOOL_NAME.WEB_REQUEST]: null,
+  [TOOL_NAME.DIRECTORY_BRUTEFORCE]: APT_PACKAGE.GOBUSTER,
+  [TOOL_NAME.SQL_INJECTION]: APT_PACKAGE.SQLMAP,
+  [TOOL_NAME.BROWSER_AUTOMATION]: null,
+  // Exploit
+  [TOOL_NAME.SEARCHSPLOIT]: APT_PACKAGE.EXPLOITDB,
+  [TOOL_NAME.METASPLOIT]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
+  [TOOL_NAME.GENERATE_PAYLOAD]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
+  // Credential
+  [TOOL_NAME.BRUTEFORCE_LOGIN]: APT_PACKAGE.HYDRA,
+  [TOOL_NAME.CRACK_HASH]: APT_PACKAGE.JOHN,
+  [TOOL_NAME.JOHN]: APT_PACKAGE.JOHN,
+  [TOOL_NAME.HASHCAT]: APT_PACKAGE.HASHCAT,
+  [TOOL_NAME.HASHID]: APT_PACKAGE.HASHID,
+  [TOOL_NAME.DUMP_CREDENTIALS]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.HYDRA]: APT_PACKAGE.HYDRA,
+  [TOOL_NAME.MEDUSA]: APT_PACKAGE.MEDUSA,
+  // Privilege Escalation
+  [TOOL_NAME.CHECK_SUDO]: null,
+  [TOOL_NAME.FIND_SUID]: null,
+  [TOOL_NAME.RUN_PRIVESC_ENUM]: null,
+  // Post-Exploitation & Tunneling
+  [TOOL_NAME.SSH]: APT_PACKAGE.OPENSSH_CLIENT,
+  [TOOL_NAME.SSH_KEYGEN]: APT_PACKAGE.OPENSSH_CLIENT,
+  [TOOL_NAME.SETUP_TUNNEL]: APT_PACKAGE.CHISEL,
+  [TOOL_NAME.CHISEL]: APT_PACKAGE.CHISEL,
+  [TOOL_NAME.PROXYCHAINS]: APT_PACKAGE.PROXYCHAINS4,
+  [TOOL_NAME.LATERAL_MOVEMENT]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.REVERSE_SHELL]: APT_PACKAGE.NETCAT,
+  // Listener & Payload Delivery
+  [TOOL_NAME.NC_LISTENER]: APT_PACKAGE.NETCAT,
+  [TOOL_NAME.PYTHON_HTTP_SERVER]: null,
+  [TOOL_NAME.MSFVENOM]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
+  [TOOL_NAME.RLWRAP]: APT_PACKAGE.RLWRAP,
+  [TOOL_NAME.PWNCAT]: APT_PACKAGE.PWNCAT,
+  // Impacket Tools
+  [TOOL_NAME.IMPACKET_SECRETSDUMP]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_PSEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_WMIEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_SMBEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_ATEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_DCOMEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_GETNPUSERS]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_GETUSERSPNS]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  // Forensics
+  [TOOL_NAME.BINWALK]: APT_PACKAGE.BINWALK,
+  [TOOL_NAME.FOREMOST]: APT_PACKAGE.FOREMOST,
+  [TOOL_NAME.STEGHIDE]: APT_PACKAGE.STEGHIDE,
+  [TOOL_NAME.EXIFTOOL]: APT_PACKAGE.EXIFTOOL,
+  // Reversing
+  [TOOL_NAME.GDB]: APT_PACKAGE.GDB,
+  [TOOL_NAME.RADARE2]: APT_PACKAGE.RADARE2,
+  // Reporting (no apt package)
+  [TOOL_NAME.REPORT_FINDING]: null,
+  [TOOL_NAME.TAKE_SCREENSHOT]: null,
+  // Research (no apt package)
+  [TOOL_NAME.SEARCH_WRITEUPS]: null,
+  [TOOL_NAME.SEARCH_MACHINE]: null,
+  [TOOL_NAME.SEARCH_BY_SCENARIO]: null,
+  [TOOL_NAME.SEARCH_AD_WRITEUPS]: null,
+  [TOOL_NAME.SEARCH_LINUX_PRIVESC]: null,
+  [TOOL_NAME.SEARCH_WINDOWS_PRIVESC]: null,
+  [TOOL_NAME.CTF_RESEARCH]: null,
+  [TOOL_NAME.SECURITY_RESEARCH]: null
+};
+var SENSITIVE_TOOLS = [
+  TOOL_NAME.WRITE_FILE,
+  TOOL_NAME.BRUTEFORCE_LOGIN,
+  TOOL_NAME.METASPLOIT,
+  TOOL_NAME.SQL_INJECTION,
+  TOOL_NAME.DUMP_CREDENTIALS,
+  TOOL_NAME.GENERATE_PAYLOAD,
+  TOOL_NAME.LATERAL_MOVEMENT
+];
+
+// src/config/constants.ts
+var APP_NAME = "pentesting";
+var APP_VERSION = "0.12.12";
+var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
+var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
+var LLM_MODEL = process.env.PENTEST_MODEL || "claude-sonnet-4-20250514";
+var LLM_MAX_TOKENS = parseInt(process.env.PENTEST_MAX_TOKENS || "16384", 10);
+var CONTEXT_WINDOW = {
+  maxTokens: 2e5,
+  // Claude's context window size
+  compactionThreshold: 15e4,
+  // Trigger compaction at 75% usage
+  reservedTokens: 4e3
+  // Reserved for system prompt
+};
+var AGENT_CONFIG = {
+  maxIterations: 200,
+  maxToolCallsPerIteration: 10,
+  autoApprove: false,
+  sensitiveTools: SENSITIVE_TOOLS,
+  defaultTimeout: 6e4,
+  longRunningTimeout: 6e5,
+  stuckThreshold: 5,
+  stuckTimeThreshold: 3e5,
+  maxPhaseAttempts: 20
+};
+var PENTEST_PHASES = [
+  { id: PHASE_ID.RECON, name: "Reconnaissance", description: "Information gathering" },
+  { id: PHASE_ID.SCAN, name: "Scanning", description: "Port and service scanning" },
+  { id: PHASE_ID.ENUM, name: "Enumeration", description: "Deep service enumeration" },
+  { id: PHASE_ID.VULN, name: "Vulnerability Analysis", description: "Vulnerability identification" },
+  { id: PHASE_ID.EXPLOIT, name: "Exploitation", description: "Gaining access" },
+  { id: PHASE_ID.PRIVESC, name: "Privilege Escalation", description: "Elevating privileges" },
+  { id: PHASE_ID.PIVOT, name: "Pivoting", description: "Lateral movement" },
+  { id: PHASE_ID.PERSIST, name: "Persistence", description: "Maintaining access" },
+  { id: PHASE_ID.EXFIL, name: "Data Exfiltration", description: "Data extraction" },
+  { id: PHASE_ID.REPORT, name: "Reporting", description: "Documentation" }
+];
+
+export {
+  AGENT_STATUS,
+  PHASE_ID,
+  PHASE_STATUS,
+  THOUGHT_TYPE,
+  AGENT_EVENT,
+  CLI_COMMAND,
+  MESSAGE_TYPE,
+  TOOL_NAME,
+  TOOL_TO_APT,
+  APP_NAME,
+  APP_VERSION,
+  APP_DESCRIPTION,
+  LLM_API_KEY,
+  LLM_BASE_URL,
+  LLM_MODEL,
+  LLM_MAX_TOKENS,
+  CONTEXT_WINDOW,
+  AGENT_CONFIG
+};