npm - pentesting - Versions diffs - 0.12.7 → 0.12.13 - Mend

pentesting 0.12.7 → 0.12.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +77 -9
package/dist/{auto-update-GKO64QMO.js → auto-update-6CLBRLE3.js} +2 -2
package/dist/{chunk-M5JWJSPW.js → chunk-5IKQY4A4.js} +1 -1
package/dist/chunk-6IXHQS2A.js +525 -0
package/dist/chunk-AOJBE232.js +457 -0
package/dist/index.js +1267 -939
package/dist/{update-UMRID565.js → update-34NDFWS3.js} +2 -2
package/dist/web-search-XQYEM24B.js +43 -0
package/package.json +6 -6
package/dist/chunk-JXR7HH4V.js +0 -308
package/dist/mcp/mcp-server.d.ts +0 -2
package/dist/mcp/mcp-server.js +0 -0

package/README.md CHANGED Viewed

@@ -11,34 +11,69 @@
                   A U T O N O M O U S   S E C U R I T Y   A G E N T
 ```
-**v0.12.0 | Multi-Agent System | 50+ Security Tools**
+**v0.12.10 | Multi-Agent System | 50+ Security Tools**
 [![npm](https://img.shields.io/badge/npm-pentesting-red)](https://www.npmjs.org/package/pentesting)
-[![Docker](https://img.shields.io/badge/docker-agnusdei1207%2Fpentesting-red)](https://hub.docker.com/r/agnusdei1207/pentesting)
+[![Docker](https://img.shields.io/badge/docker-kalilinux%2Fkali--rolling-blue)](https://hub.docker.com/r/kalilinux/kali-rolling)
 [![License: MIT](https://img.shields.io/badge/License-MIT-red.svg)](https://opensource.org/licenses/MIT)
 </div>
 ---
+## ⚠️ Requirements
+**This agent requires Kali Linux environment for full functionality.**
+### Option 1: Native Kali Linux (Recommended)
+```bash
+# On Kali Linux
+sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
+npm install -g pentesting
+pentesting
+```
+### Option 2: Docker with Kali Image
+```bash
+# Pull official Kali Linux image
+docker pull kalilinux/kali-rolling
+# Run with full tools
+docker run -it --rm --network host \
+  -e PENTEST_API_KEY="your_key" \
+  -e PENTEST_BASE_URL="https://api.openai.com/v1" \
+  -e PENTEST_MODEL="gpt-4-turbo" \
+  kalilinux/kali-rolling bash -c "
+    apt update && apt install -y nodejs npm kali-tools-top10 && \
+    npm install -g pentesting && \
+    pentesting
+  "
+```
+### Option 3: Kali on WSL2 (Windows)
+```bash
+# Install Kali from Microsoft Store, then:
+sudo apt update && sudo apt install -y kali-linux-headless nodejs npm
+sudo npm install -g pentesting
+pentesting
+```
+---
 ## Quick Start
 ```bash
 npm install -g pentesting
+# requirements
 export PENTEST_API_KEY="your_api_key"
-# Optional: Custom LLM endpoint
 export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
-export PENTEST_MODEL="glm-4-plus"
+export PENTEST_MODEL="glm-4.7"
 pentesting
 ```
-**Docker:**
-```bash
-docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
-```
+**Note:** If a security tool is not installed, the agent will automatically attempt to install it using `apt`.
 ---
@@ -49,6 +84,7 @@ docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
 | **Multi-Agent System** | 5 specialist agents (Recon, Web, Exploit, PrivEsc, Lateral) |
 | **Autonomous Orchestration** | Strategic planning, self-diagnostics, quality gates |
 | **50+ Security Tools** | nmap, sqlmap, ffuf, gobuster, hydra, metasploit... |
+| **Auto-Install** | Missing tools are automatically installed via apt |
 | **CTF Research** | Writeup search (0xdf, IppSec), scenario-based research |
 | **Audit & Safety** | Tool execution logging, risk scoring, approval system |
@@ -77,6 +113,38 @@ docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
 ---
+## Supported Tools
+The agent supports 50+ security tools. If a tool is missing, it will be installed automatically:
+| Category | Tools |
+|----------|-------|
+| **Reconnaissance** | nmap, rustscan, masscan, subfinder, amass |
+| **Web** | ffuf, gobuster, nikto, nuclei, sqlmap, whatweb |
+| **Exploitation** | metasploit, searchsploit, msfvenom |
+| **Credential** | hydra, john, hashcat, crackmapexec |
+| **Windows/AD** | impacket-*, bloodhound, kerbrute, enum4linux |
+| **Utilities** | netcat, socat, chisel, proxychains |
+---
+## Web Research (Playwright)
+The agent includes a powerful **Playwright-based web research** engine:
+- **CAPTCHA bypass** - Headless browser avoids detection
+- **Deep search** - Follows links and extracts content
+- **Multi-source** - Google, DuckDuckGo, exploit-db, CVE databases
+- **CTF research** - Searches 0xdf, ippsec, HackTheBox writeups
+```bash
+# Features available in autonomous mode:
+# - searchGoogle(query)
+# - deepSearch(query, { depth: 2 })
+# - searchWriteups("htb box name")
+# - ctfResearch("Lame", "linux")
+```
 ## Documentation
 - **[ARCHITECTURE.md](docs/ARCHITECTURE.md)** - System architecture

package/dist/{auto-update-GKO64QMO.js → auto-update-6CLBRLE3.js} RENAMED Viewed

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-M5JWJSPW.js";
-import "./chunk-JXR7HH4V.js";
+} from "./chunk-5IKQY4A4.js";
+import "./chunk-6IXHQS2A.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/dist/{chunk-M5JWJSPW.js → chunk-5IKQY4A4.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import {
   APP_NAME,
   APP_VERSION
-} from "./chunk-JXR7HH4V.js";
+} from "./chunk-6IXHQS2A.js";
 // src/core/update/auto-update.ts
 import { execSync } from "child_process";

package/dist/chunk-6IXHQS2A.js ADDED Viewed

@@ -0,0 +1,525 @@
+// src/config/agent-constants.ts
+var AGENT_STATUS = {
+  IDLE: "idle",
+  RUNNING: "running",
+  PAUSED: "paused",
+  STUCK: "stuck",
+  WAITING_INPUT: "waiting_input",
+  COMPLETED: "completed"
+};
+var PHASE_ID = {
+  RECON: "recon",
+  SCAN: "scan",
+  ENUM: "enum",
+  VULN: "vuln",
+  EXPLOIT: "exploit",
+  PRIVESC: "privesc",
+  PIVOT: "pivot",
+  PERSIST: "persist",
+  EXFIL: "exfil",
+  REPORT: "report"
+};
+var PHASE_STATUS = {
+  PENDING: "pending",
+  IN_PROGRESS: "in_progress",
+  COMPLETED: "completed",
+  FAILED: "failed",
+  SKIPPED: "skipped"
+};
+var THOUGHT_TYPE = {
+  THINKING: "thinking",
+  // LLM text streaming
+  REASONING: "reasoning",
+  // LLM extended thinking
+  PLANNING: "planning",
+  // Strategic planning
+  OBSERVATION: "observation",
+  // Observing results
+  HYPOTHESIS: "hypothesis",
+  // Forming hypothesis
+  REFLECTION: "reflection",
+  // Self-reflection
+  ACTION: "action",
+  // Taking action
+  RESULT: "result",
+  // Action result
+  STUCK: "stuck",
+  // Detected stuck state
+  BREAKTHROUGH: "breakthrough"
+  // Found breakthrough
+};
+var AGENT_EVENT = {
+  // Lifecycle
+  PLUGINS_LOADED: "plugins_loaded",
+  HOOKS_LOADED: "hooks_loaded",
+  COMMANDS_LOADED: "commands_loaded",
+  MCP_SERVER_ADDED: "mcp_server_added",
+  // Execution
+  ITERATION: "iteration",
+  THOUGHT: "thought",
+  RESPONSE: "response",
+  TOOL_CALL: "tool_call",
+  TOOL_RESULT: "tool_result",
+  COMMAND_EXECUTE: "command_execute",
+  APPROVAL_NEEDED: "approval_needed",
+  TOKEN_USAGE: "token_usage",
+  LLM_START: "llm_start",
+  LLM_END: "llm_end",
+  // State changes
+  TARGET_SET: "target_set",
+  PHASE_CHANGE: "phase_change",
+  AGENT_SWITCH: "agent_switch",
+  PAUSED: "paused",
+  RESUMED: "resumed",
+  RESET: "reset",
+  // Discoveries
+  FINDING: "finding",
+  CREDENTIAL: "credential",
+  COMPROMISED: "compromised",
+  // Completion
+  COMPLETE: "complete",
+  REPORT: "report",
+  ERROR: "error",
+  HINT_RECEIVED: "hint_received",
+  CONTEXT_COMPACTED: "context_compacted"
+};
+var CLI_COMMAND = {
+  HELP: "help",
+  TARGET: "target",
+  START: "start",
+  STOP: "stop",
+  FINDINGS: "findings",
+  CLEAR: "clear",
+  EXIT: "exit"
+};
+var MESSAGE_TYPE = {
+  USER: "user",
+  ASSISTANT: "assistant",
+  TOOL: "tool",
+  THINKING: "thinking",
+  ERROR: "error",
+  SYSTEM: "system",
+  RESULT: "result"
+};
+var TOOL_NAME = {
+  // System
+  BASH: "bash",
+  READ_FILE: "read_file",
+  WRITE_FILE: "write_file",
+  LIST_DIRECTORY: "list_directory",
+  SET_TARGET: "set_target",
+  // Network - Basic Connectivity
+  PING: "ping",
+  TRACEROUTE: "traceroute",
+  MTR: "mtr",
+  RUSTSCAN: "rustscan",
+  NMAP_SCAN: "nmap_scan",
+  MASSCAN: "masscan",
+  TCPDUMP_CAPTURE: "tcpdump_capture",
+  TSHARK: "tshark",
+  NGREP: "ngrep",
+  ARP_SCAN: "arp_scan",
+  NETCAT: "netcat",
+  SOCAT: "socat",
+  // DNS & Subdomain
+  DIG: "dig",
+  HOST: "host",
+  NSLOOKUP: "nslookup",
+  WHOIS: "whois",
+  SUBFINDER: "subfinder",
+  AMASS: "amass",
+  DNSENUM: "dnsenum",
+  DNSRECON: "dnsrecon",
+  DNSMAP: "dnsmap",
+  ZONE_TRANSFER: "zone_transfer",
+  // Service Enumeration
+  SNMP_WALK: "snmp_walk",
+  SNMP_CHECK: "snmp_check",
+  ONESIXTYONE: "onesixtyone",
+  FTP_ENUM: "ftp_enum",
+  FTP_ANON: "ftp_anon",
+  NBTSCAN: "nbtscan",
+  RPC_INFO: "rpc_info",
+  SHOWMOUNT: "showmount",
+  TELNET: "telnet",
+  // Web Recon & Tech Identification
+  WHATWEB: "whatweb",
+  HTTPX: "httpx",
+  NUCLEI: "nuclei",
+  NIKTO: "nikto",
+  FFUF: "ffuf",
+  GOBUSTER: "gobuster",
+  DIRB: "dirb",
+  FEROXBUSTER: "feroxbuster",
+  WAYBACKURLS: "waybackurls",
+  WAFW00F: "wafw00f",
+  GOWITNESS: "gowitness",
+  // Windows/SMB/AD
+  SMB_ENUM: "smb_enum",
+  SMBMAP: "smbmap",
+  ENUM4LINUX: "enum4linux",
+  CRACKMAPEXEC: "crackmapexec",
+  SMBCLIENT: "smbclient",
+  RPCCLIENT: "rpcclient",
+  WINRM: "winrm",
+  RDP_CHECK: "rdp_check",
+  LDAP_SEARCH: "ldap_search",
+  KERBRUTE: "kerbrute",
+  BLOODHOUND: "bloodhound",
+  // Database Clients
+  MSSQL_CLIENT: "mssql_client",
+  MYSQL_CLIENT: "mysql_client",
+  PSQL_CLIENT: "psql_client",
+  REDIS_CLI: "redis_cli",
+  MONGO_CLIENT: "mongo_client",
+  // Web
+  WEB_REQUEST: "web_request",
+  DIRECTORY_BRUTEFORCE: "directory_bruteforce",
+  SQL_INJECTION: "sql_injection",
+  BROWSER_AUTOMATION: "browser_automation",
+  // Exploit
+  SEARCHSPLOIT: "searchsploit",
+  METASPLOIT: "metasploit",
+  GENERATE_PAYLOAD: "generate_payload",
+  // Credential
+  BRUTEFORCE_LOGIN: "bruteforce_login",
+  CRACK_HASH: "crack_hash",
+  JOHN: "john",
+  HASHCAT: "hashcat",
+  HASHID: "hashid",
+  DUMP_CREDENTIALS: "dump_credentials",
+  HYDRA: "hydra",
+  MEDUSA: "medusa",
+  // Privilege Escalation
+  CHECK_SUDO: "check_sudo",
+  FIND_SUID: "find_suid",
+  RUN_PRIVESC_ENUM: "run_privesc_enum",
+  // Post-Exploitation & Tunneling
+  SSH: "ssh",
+  SSH_KEYGEN: "ssh_keygen",
+  SETUP_TUNNEL: "setup_tunnel",
+  CHISEL: "chisel",
+  PROXYCHAINS: "proxychains",
+  LATERAL_MOVEMENT: "lateral_movement",
+  REVERSE_SHELL: "reverse_shell",
+  // Listener & Payload Delivery
+  NC_LISTENER: "nc_listener",
+  PYTHON_HTTP_SERVER: "python_http_server",
+  MSFVENOM: "msfvenom",
+  RLWRAP: "rlwrap",
+  PWNCAT: "pwncat",
+  // Forensics
+  BINWALK: "binwalk",
+  FOREMOST: "foremost",
+  STEGHIDE: "steghide",
+  EXIFTOOL: "exiftool",
+  // Reversing
+  GDB: "gdb",
+  RADARE2: "radare2",
+  // Impacket Tools
+  IMPACKET_SECRETSDUMP: "impacket_secretsdump",
+  IMPACKET_PSEXEC: "impacket_psexec",
+  IMPACKET_WMIEXEC: "impacket_wmiexec",
+  IMPACKET_SMBEXEC: "impacket_smbexec",
+  IMPACKET_ATEXEC: "impacket_atexec",
+  IMPACKET_DCOMEXEC: "impacket_dcomexec",
+  IMPACKET_GETNPUSERS: "impacket_getnpusers",
+  IMPACKET_GETUSERSPNS: "impacket_getuserspns",
+  // Reporting
+  REPORT_FINDING: "report_finding",
+  TAKE_SCREENSHOT: "take_screenshot",
+  // Research & Writeups
+  SEARCH_WRITEUPS: "search_writeups",
+  SEARCH_MACHINE: "search_machine",
+  SEARCH_BY_SCENARIO: "search_by_scenario",
+  SEARCH_AD_WRITEUPS: "search_ad_writeups",
+  SEARCH_LINUX_PRIVESC: "search_linux_privesc",
+  SEARCH_WINDOWS_PRIVESC: "search_windows_privesc",
+  CTF_RESEARCH: "ctf_research",
+  SECURITY_RESEARCH: "security_research"
+};
+var APT_PACKAGE = {
+  // Network
+  NMAP: "nmap",
+  RUSTSCAN: "rustscan",
+  MASSCAN: "masscan",
+  TCPDUMP: "tcpdump",
+  TSHARK: "tshark",
+  NGREP: "ngrep",
+  ARP_SCAN: "arp-scan",
+  SOCAT: "socat",
+  NETCAT: "netcat-traditional",
+  IPUTILS_PING: "iputils-ping",
+  TRACEROUTE: "traceroute",
+  MTR: "mtr-tiny",
+  // DNS
+  DNSUTILS: "dnsutils",
+  WHOIS: "whois",
+  SUBFINDER: "subfinder",
+  AMASS: "amass",
+  DNSENUM: "dnsenum",
+  DNSRECON: "dnsrecon",
+  // Service Enum
+  SNMP: "snmp",
+  ONESIXTYONE: "onesixtyone",
+  NBTSCAN: "nbtscan",
+  RPCBIND: "rpcbind",
+  NFS_COMMON: "nfs-common",
+  TELNET: "telnet",
+  // Web
+  FFUF: "ffuf",
+  GOBUSTER: "gobuster",
+  DIRB: "dirb",
+  FEROXBUSTER: "feroxbuster",
+  WHATWEB: "whatweb",
+  HTTPX: "httpx-toolkit",
+  NUCLEI: "nuclei",
+  NIKTO: "nikto",
+  WAFW00F: "wafw00f",
+  SQLMAP: "sqlmap",
+  // Windows/SMB/AD
+  SMBCLIENT: "smbclient",
+  SMBMAP: "smbmap",
+  ENUM4LINUX: "enum4linux",
+  CRACKMAPEXEC: "crackmapexec",
+  EVIL_WINRM: "evil-winrm",
+  LDAP_UTILS: "ldap-utils",
+  KERBRUTE: "kerbrute",
+  BLOODHOUND: "bloodhound",
+  // Database
+  IMPACKET_SCRIPTS: "impacket-scripts",
+  MYSQL_CLIENT: "default-mysql-client",
+  POSTGRESQL_CLIENT: "postgresql-client",
+  REDIS_TOOLS: "redis-tools",
+  MONGODB_CLIENTS: "mongodb-clients",
+  // Credential
+  HYDRA: "hydra",
+  MEDUSA: "medusa",
+  JOHN: "john",
+  HASHCAT: "hashcat",
+  HASHID: "hashid",
+  // Exploit
+  EXPLOITDB: "exploitdb",
+  METASPLOIT_FRAMEWORK: "metasploit-framework",
+  // Post-Exploitation
+  OPENSSH_CLIENT: "openssh-client",
+  CHISEL: "chisel",
+  PROXYCHAINS4: "proxychains4",
+  RLWRAP: "rlwrap",
+  PWNCAT: "pwncat",
+  // Forensics
+  BINWALK: "binwalk",
+  FOREMOST: "foremost",
+  STEGHIDE: "steghide",
+  EXIFTOOL: "libimage-exiftool-perl",
+  // Reversing
+  GDB: "gdb",
+  RADARE2: "radare2"
+};
+var TOOL_TO_APT = {
+  // System (no apt package needed)
+  [TOOL_NAME.BASH]: null,
+  [TOOL_NAME.READ_FILE]: null,
+  [TOOL_NAME.WRITE_FILE]: null,
+  [TOOL_NAME.LIST_DIRECTORY]: null,
+  [TOOL_NAME.SET_TARGET]: null,
+  // Network - Basic Connectivity
+  [TOOL_NAME.PING]: APT_PACKAGE.IPUTILS_PING,
+  [TOOL_NAME.TRACEROUTE]: APT_PACKAGE.TRACEROUTE,
+  [TOOL_NAME.MTR]: APT_PACKAGE.MTR,
+  [TOOL_NAME.RUSTSCAN]: APT_PACKAGE.RUSTSCAN,
+  [TOOL_NAME.NMAP_SCAN]: APT_PACKAGE.NMAP,
+  [TOOL_NAME.MASSCAN]: APT_PACKAGE.MASSCAN,
+  [TOOL_NAME.TCPDUMP_CAPTURE]: APT_PACKAGE.TCPDUMP,
+  [TOOL_NAME.TSHARK]: APT_PACKAGE.TSHARK,
+  [TOOL_NAME.NGREP]: APT_PACKAGE.NGREP,
+  [TOOL_NAME.ARP_SCAN]: APT_PACKAGE.ARP_SCAN,
+  [TOOL_NAME.NETCAT]: APT_PACKAGE.NETCAT,
+  [TOOL_NAME.SOCAT]: APT_PACKAGE.SOCAT,
+  // DNS & Subdomain
+  [TOOL_NAME.DIG]: APT_PACKAGE.DNSUTILS,
+  [TOOL_NAME.HOST]: APT_PACKAGE.DNSUTILS,
+  [TOOL_NAME.NSLOOKUP]: APT_PACKAGE.DNSUTILS,
+  [TOOL_NAME.WHOIS]: APT_PACKAGE.WHOIS,
+  [TOOL_NAME.SUBFINDER]: APT_PACKAGE.SUBFINDER,
+  [TOOL_NAME.AMASS]: APT_PACKAGE.AMASS,
+  [TOOL_NAME.DNSENUM]: APT_PACKAGE.DNSENUM,
+  [TOOL_NAME.DNSRECON]: APT_PACKAGE.DNSRECON,
+  [TOOL_NAME.DNSMAP]: APT_PACKAGE.DNSRECON,
+  [TOOL_NAME.ZONE_TRANSFER]: APT_PACKAGE.DNSUTILS,
+  // Service Enumeration
+  [TOOL_NAME.SNMP_WALK]: APT_PACKAGE.SNMP,
+  [TOOL_NAME.SNMP_CHECK]: APT_PACKAGE.SNMP,
+  [TOOL_NAME.ONESIXTYONE]: APT_PACKAGE.ONESIXTYONE,
+  [TOOL_NAME.FTP_ENUM]: null,
+  [TOOL_NAME.FTP_ANON]: null,
+  [TOOL_NAME.NBTSCAN]: APT_PACKAGE.NBTSCAN,
+  [TOOL_NAME.RPC_INFO]: APT_PACKAGE.RPCBIND,
+  [TOOL_NAME.SHOWMOUNT]: APT_PACKAGE.NFS_COMMON,
+  [TOOL_NAME.TELNET]: APT_PACKAGE.TELNET,
+  // Web Recon & Tech Identification
+  [TOOL_NAME.WHATWEB]: APT_PACKAGE.WHATWEB,
+  [TOOL_NAME.HTTPX]: APT_PACKAGE.HTTPX,
+  [TOOL_NAME.NUCLEI]: APT_PACKAGE.NUCLEI,
+  [TOOL_NAME.NIKTO]: APT_PACKAGE.NIKTO,
+  [TOOL_NAME.FFUF]: APT_PACKAGE.FFUF,
+  [TOOL_NAME.GOBUSTER]: APT_PACKAGE.GOBUSTER,
+  [TOOL_NAME.DIRB]: APT_PACKAGE.DIRB,
+  [TOOL_NAME.FEROXBUSTER]: APT_PACKAGE.FEROXBUSTER,
+  [TOOL_NAME.WAYBACKURLS]: null,
+  [TOOL_NAME.WAFW00F]: APT_PACKAGE.WAFW00F,
+  [TOOL_NAME.GOWITNESS]: null,
+  // Windows/SMB/AD
+  [TOOL_NAME.SMB_ENUM]: APT_PACKAGE.SMBCLIENT,
+  [TOOL_NAME.SMBMAP]: APT_PACKAGE.SMBMAP,
+  [TOOL_NAME.ENUM4LINUX]: APT_PACKAGE.ENUM4LINUX,
+  [TOOL_NAME.CRACKMAPEXEC]: APT_PACKAGE.CRACKMAPEXEC,
+  [TOOL_NAME.SMBCLIENT]: APT_PACKAGE.SMBCLIENT,
+  [TOOL_NAME.RPCCLIENT]: APT_PACKAGE.SMBCLIENT,
+  [TOOL_NAME.WINRM]: APT_PACKAGE.EVIL_WINRM,
+  [TOOL_NAME.RDP_CHECK]: null,
+  [TOOL_NAME.LDAP_SEARCH]: APT_PACKAGE.LDAP_UTILS,
+  [TOOL_NAME.KERBRUTE]: APT_PACKAGE.KERBRUTE,
+  [TOOL_NAME.BLOODHOUND]: APT_PACKAGE.BLOODHOUND,
+  // Database Clients
+  [TOOL_NAME.MSSQL_CLIENT]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.MYSQL_CLIENT]: APT_PACKAGE.MYSQL_CLIENT,
+  [TOOL_NAME.PSQL_CLIENT]: APT_PACKAGE.POSTGRESQL_CLIENT,
+  [TOOL_NAME.REDIS_CLI]: APT_PACKAGE.REDIS_TOOLS,
+  [TOOL_NAME.MONGO_CLIENT]: APT_PACKAGE.MONGODB_CLIENTS,
+  // Web Attack
+  [TOOL_NAME.WEB_REQUEST]: null,
+  [TOOL_NAME.DIRECTORY_BRUTEFORCE]: APT_PACKAGE.GOBUSTER,
+  [TOOL_NAME.SQL_INJECTION]: APT_PACKAGE.SQLMAP,
+  [TOOL_NAME.BROWSER_AUTOMATION]: null,
+  // Exploit
+  [TOOL_NAME.SEARCHSPLOIT]: APT_PACKAGE.EXPLOITDB,
+  [TOOL_NAME.METASPLOIT]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
+  [TOOL_NAME.GENERATE_PAYLOAD]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
+  // Credential
+  [TOOL_NAME.BRUTEFORCE_LOGIN]: APT_PACKAGE.HYDRA,
+  [TOOL_NAME.CRACK_HASH]: APT_PACKAGE.JOHN,
+  [TOOL_NAME.JOHN]: APT_PACKAGE.JOHN,
+  [TOOL_NAME.HASHCAT]: APT_PACKAGE.HASHCAT,
+  [TOOL_NAME.HASHID]: APT_PACKAGE.HASHID,
+  [TOOL_NAME.DUMP_CREDENTIALS]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.HYDRA]: APT_PACKAGE.HYDRA,
+  [TOOL_NAME.MEDUSA]: APT_PACKAGE.MEDUSA,
+  // Privilege Escalation
+  [TOOL_NAME.CHECK_SUDO]: null,
+  [TOOL_NAME.FIND_SUID]: null,
+  [TOOL_NAME.RUN_PRIVESC_ENUM]: null,
+  // Post-Exploitation & Tunneling
+  [TOOL_NAME.SSH]: APT_PACKAGE.OPENSSH_CLIENT,
+  [TOOL_NAME.SSH_KEYGEN]: APT_PACKAGE.OPENSSH_CLIENT,
+  [TOOL_NAME.SETUP_TUNNEL]: APT_PACKAGE.CHISEL,
+  [TOOL_NAME.CHISEL]: APT_PACKAGE.CHISEL,
+  [TOOL_NAME.PROXYCHAINS]: APT_PACKAGE.PROXYCHAINS4,
+  [TOOL_NAME.LATERAL_MOVEMENT]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.REVERSE_SHELL]: APT_PACKAGE.NETCAT,
+  // Listener & Payload Delivery
+  [TOOL_NAME.NC_LISTENER]: APT_PACKAGE.NETCAT,
+  [TOOL_NAME.PYTHON_HTTP_SERVER]: null,
+  [TOOL_NAME.MSFVENOM]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
+  [TOOL_NAME.RLWRAP]: APT_PACKAGE.RLWRAP,
+  [TOOL_NAME.PWNCAT]: APT_PACKAGE.PWNCAT,
+  // Impacket Tools
+  [TOOL_NAME.IMPACKET_SECRETSDUMP]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_PSEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_WMIEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_SMBEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_ATEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_DCOMEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_GETNPUSERS]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  [TOOL_NAME.IMPACKET_GETUSERSPNS]: APT_PACKAGE.IMPACKET_SCRIPTS,
+  // Forensics
+  [TOOL_NAME.BINWALK]: APT_PACKAGE.BINWALK,
+  [TOOL_NAME.FOREMOST]: APT_PACKAGE.FOREMOST,
+  [TOOL_NAME.STEGHIDE]: APT_PACKAGE.STEGHIDE,
+  [TOOL_NAME.EXIFTOOL]: APT_PACKAGE.EXIFTOOL,
+  // Reversing
+  [TOOL_NAME.GDB]: APT_PACKAGE.GDB,
+  [TOOL_NAME.RADARE2]: APT_PACKAGE.RADARE2,
+  // Reporting (no apt package)
+  [TOOL_NAME.REPORT_FINDING]: null,
+  [TOOL_NAME.TAKE_SCREENSHOT]: null,
+  // Research (no apt package)
+  [TOOL_NAME.SEARCH_WRITEUPS]: null,
+  [TOOL_NAME.SEARCH_MACHINE]: null,
+  [TOOL_NAME.SEARCH_BY_SCENARIO]: null,
+  [TOOL_NAME.SEARCH_AD_WRITEUPS]: null,
+  [TOOL_NAME.SEARCH_LINUX_PRIVESC]: null,
+  [TOOL_NAME.SEARCH_WINDOWS_PRIVESC]: null,
+  [TOOL_NAME.CTF_RESEARCH]: null,
+  [TOOL_NAME.SECURITY_RESEARCH]: null
+};
+var SENSITIVE_TOOLS = [
+  TOOL_NAME.WRITE_FILE,
+  TOOL_NAME.BRUTEFORCE_LOGIN,
+  TOOL_NAME.METASPLOIT,
+  TOOL_NAME.SQL_INJECTION,
+  TOOL_NAME.DUMP_CREDENTIALS,
+  TOOL_NAME.GENERATE_PAYLOAD,
+  TOOL_NAME.LATERAL_MOVEMENT
+];
+// src/config/constants.ts
+var APP_NAME = "pentesting";
+var APP_VERSION = "0.12.13";
+var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
+var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
+var LLM_MODEL = process.env.PENTEST_MODEL || "claude-sonnet-4-20250514";
+var LLM_MAX_TOKENS = parseInt(process.env.PENTEST_MAX_TOKENS || "16384", 10);
+var CONTEXT_WINDOW = {
+  maxTokens: 2e5,
+  // Claude's context window size
+  compactionThreshold: 15e4,
+  // Trigger compaction at 75% usage
+  reservedTokens: 4e3
+  // Reserved for system prompt
+};
+var AGENT_CONFIG = {
+  maxIterations: 200,
+  maxToolCallsPerIteration: 10,
+  autoApprove: false,
+  sensitiveTools: SENSITIVE_TOOLS,
+  defaultTimeout: 6e4,
+  longRunningTimeout: 6e5,
+  stuckThreshold: 5,
+  stuckTimeThreshold: 3e5,
+  maxPhaseAttempts: 20
+};
+var PENTEST_PHASES = [
+  { id: PHASE_ID.RECON, name: "Reconnaissance", description: "Information gathering" },
+  { id: PHASE_ID.SCAN, name: "Scanning", description: "Port and service scanning" },
+  { id: PHASE_ID.ENUM, name: "Enumeration", description: "Deep service enumeration" },
+  { id: PHASE_ID.VULN, name: "Vulnerability Analysis", description: "Vulnerability identification" },
+  { id: PHASE_ID.EXPLOIT, name: "Exploitation", description: "Gaining access" },
+  { id: PHASE_ID.PRIVESC, name: "Privilege Escalation", description: "Elevating privileges" },
+  { id: PHASE_ID.PIVOT, name: "Pivoting", description: "Lateral movement" },
+  { id: PHASE_ID.PERSIST, name: "Persistence", description: "Maintaining access" },
+  { id: PHASE_ID.EXFIL, name: "Data Exfiltration", description: "Data extraction" },
+  { id: PHASE_ID.REPORT, name: "Reporting", description: "Documentation" }
+];
+export {
+  AGENT_STATUS,
+  PHASE_ID,
+  PHASE_STATUS,
+  THOUGHT_TYPE,
+  AGENT_EVENT,
+  CLI_COMMAND,
+  MESSAGE_TYPE,
+  TOOL_NAME,
+  TOOL_TO_APT,
+  APP_NAME,
+  APP_VERSION,
+  APP_DESCRIPTION,
+  LLM_API_KEY,
+  LLM_BASE_URL,
+  LLM_MODEL,
+  LLM_MAX_TOKENS,
+  CONTEXT_WINDOW,
+  AGENT_CONFIG
+};