npm - pentesting - Versions diffs - 0.14.1 → 0.16.2 - Mend

pentesting 0.14.1 → 0.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +105 -21
package/dist/main.js +3103 -0
package/package.json +8 -8
package/dist/chunk-3RG5ZIWI.js +0 -10
package/dist/chunk-5KIJPRTS.js +0 -832
package/dist/chunk-M2IFHZDV.js +0 -602
package/dist/index.js +0 -18815
package/dist/skill-NGH4KQUH.js +0 -611
package/dist/web-search-IOD4SUIR.js +0 -49
package/src/agents/specs/crypto.yaml +0 -79
package/src/agents/specs/default.yaml +0 -60
package/src/agents/specs/exploit.yaml +0 -70
package/src/agents/specs/privesc.yaml +0 -83
package/src/agents/specs/recon.yaml +0 -65
package/src/agents/specs/web.yaml +0 -73
/package/dist/{index.d.ts → main.d.ts} +0 -0

package/dist/chunk-5KIJPRTS.js DELETED Viewed

@@ -1,832 +0,0 @@
-// src/config/agent-constants.ts
-var AGENT_STATUS = {
-  IDLE: "idle",
-  RUNNING: "running",
-  PAUSED: "paused",
-  STUCK: "stuck",
-  WAITING_INPUT: "waiting_input",
-  COMPLETED: "completed",
-  STOPPED: "stopped"
-};
-var PHASE_ID = {
-  RECON: "recon",
-  SCAN: "scan",
-  ENUM: "enum",
-  VULN: "vuln",
-  EXPLOIT: "exploit",
-  PRIVESC: "privesc",
-  PIVOT: "pivot",
-  PERSIST: "persist",
-  EXFIL: "exfil",
-  REPORT: "report"
-};
-var PHASE_STATUS = {
-  PENDING: "pending",
-  IN_PROGRESS: "in_progress",
-  COMPLETED: "completed",
-  FAILED: "failed",
-  SKIPPED: "skipped"
-};
-var THOUGHT_TYPE = {
-  THINKING: "thinking",
-  // LLM text streaming
-  REASONING: "reasoning",
-  // LLM extended thinking
-  PLANNING: "planning",
-  // Strategic planning
-  OBSERVATION: "observation",
-  // Observing results
-  HYPOTHESIS: "hypothesis",
-  // Forming hypothesis
-  REFLECTION: "reflection",
-  // Self-reflection
-  ACTION: "action",
-  // Taking action
-  RESULT: "result",
-  // Action result
-  STUCK: "stuck",
-  // Detected stuck state
-  BREAKTHROUGH: "breakthrough"
-  // Found breakthrough
-};
-var AGENT_EVENT = {
-  // Lifecycle
-  PLUGINS_LOADED: "plugins_loaded",
-  HOOKS_LOADED: "hooks_loaded",
-  COMMANDS_LOADED: "commands_loaded",
-  MCP_SERVER_ADDED: "mcp_server_added",
-  // Execution
-  ITERATION: "iteration",
-  THOUGHT: "thought",
-  RESPONSE: "response",
-  TOOL_CALL: "tool_call",
-  TOOL_RESULT: "tool_result",
-  COMMAND_EXECUTE: "command_execute",
-  APPROVAL_NEEDED: "approval_needed",
-  TOKEN_USAGE: "token_usage",
-  LLM_START: "llm_start",
-  LLM_END: "llm_end",
-  // State changes
-  TARGET_SET: "target_set",
-  PHASE_CHANGE: "phase_change",
-  AGENT_SWITCH: "agent_switch",
-  PAUSED: "paused",
-  RESUMED: "resumed",
-  RESET: "reset",
-  STATUS_CHANGED: "status_changed",
-  // Discoveries
-  FINDING: "finding",
-  CREDENTIAL: "credential",
-  COMPROMISED: "compromised",
-  // Completion
-  COMPLETE: "complete",
-  REPORT: "report",
-  ERROR: "error",
-  HINT_RECEIVED: "hint_received",
-  CONTEXT_COMPACTED: "context_compacted"
-};
-var CLI_COMMAND = {
-  HELP: "help",
-  TARGET: "target",
-  START: "start",
-  STOP: "stop",
-  FINDINGS: "findings",
-  CLEAR: "clear",
-  EXIT: "exit"
-};
-var MESSAGE_TYPE = {
-  USER: "user",
-  ASSISTANT: "assistant",
-  TOOL: "tool",
-  THINKING: "thinking",
-  ERROR: "error",
-  SYSTEM: "system",
-  RESULT: "result"
-};
-var DEFAULTS = {
-  MAX_ITERATIONS: 200,
-  MAX_TOOL_CALLS_PER_ITERATION: 10,
-  DEFAULT_TIMEOUT: 6e4,
-  LONG_RUNNING_TIMEOUT: 6e5,
-  STUCK_THRESHOLD: 5,
-  STUCK_TIME_THRESHOLD: 3e5,
-  MAX_PHASE_ATTEMPTS: 20,
-  APPROVAL_TIMEOUT: 3e5
-  // 5 minutes
-};
-var TOOL_NAME = {
-  // System
-  BASH: "bash",
-  READ_FILE: "read_file",
-  WRITE_FILE: "write_file",
-  LIST_DIRECTORY: "list_directory",
-  SET_TARGET: "set_target",
-  // Network - Basic Connectivity
-  PING: "ping",
-  TRACEROUTE: "traceroute",
-  MTR: "mtr",
-  RUSTSCAN: "rustscan",
-  NMAP_SCAN: "nmap_scan",
-  MASSCAN: "masscan",
-  TCPDUMP_CAPTURE: "tcpdump_capture",
-  TSHARK: "tshark",
-  NGREP: "ngrep",
-  ARP_SCAN: "arp_scan",
-  NETCAT: "netcat",
-  SOCAT: "socat",
-  // DNS & Subdomain
-  DIG: "dig",
-  HOST: "host",
-  NSLOOKUP: "nslookup",
-  WHOIS: "whois",
-  SUBFINDER: "subfinder",
-  AMASS: "amass",
-  DNSENUM: "dnsenum",
-  DNSRECON: "dnsrecon",
-  DNSMAP: "dnsmap",
-  ZONE_TRANSFER: "zone_transfer",
-  // Service Enumeration
-  SNMP_WALK: "snmp_walk",
-  SNMP_CHECK: "snmp_check",
-  ONESIXTYONE: "onesixtyone",
-  FTP_ENUM: "ftp_enum",
-  FTP_ANON: "ftp_anon",
-  NBTSCAN: "nbtscan",
-  RPC_INFO: "rpc_info",
-  SHOWMOUNT: "showmount",
-  TELNET: "telnet",
-  // Web Recon & Tech Identification
-  WHATWEB: "whatweb",
-  HTTPX: "httpx",
-  NUCLEI: "nuclei",
-  NIKTO: "nikto",
-  FFUF: "ffuf",
-  GOBUSTER: "gobuster",
-  DIRB: "dirb",
-  FEROXBUSTER: "feroxbuster",
-  WAYBACKURLS: "waybackurls",
-  WAFW00F: "wafw00f",
-  GOWITNESS: "gowitness",
-  // Windows/SMB/AD
-  SMB_ENUM: "smb_enum",
-  SMBMAP: "smbmap",
-  ENUM4LINUX: "enum4linux",
-  CRACKMAPEXEC: "crackmapexec",
-  SMBCLIENT: "smbclient",
-  RPCCLIENT: "rpcclient",
-  WINRM: "winrm",
-  RDP_CHECK: "rdp_check",
-  LDAP_SEARCH: "ldap_search",
-  KERBRUTE: "kerbrute",
-  BLOODHOUND: "bloodhound",
-  // Database Clients
-  MSSQL_CLIENT: "mssql_client",
-  MYSQL_CLIENT: "mysql_client",
-  PSQL_CLIENT: "psql_client",
-  REDIS_CLI: "redis_cli",
-  MONGO_CLIENT: "mongo_client",
-  // Web
-  WEB_REQUEST: "web_request",
-  DIRECTORY_BRUTEFORCE: "directory_bruteforce",
-  SQL_INJECTION: "sql_injection",
-  BROWSER_AUTOMATION: "browser_automation",
-  // Exploit
-  SEARCHSPLOIT: "searchsploit",
-  METASPLOIT: "metasploit",
-  GENERATE_PAYLOAD: "generate_payload",
-  // Credential
-  BRUTEFORCE_LOGIN: "bruteforce_login",
-  CRACK_HASH: "crack_hash",
-  JOHN: "john",
-  HASHCAT: "hashcat",
-  HASHID: "hashid",
-  DUMP_CREDENTIALS: "dump_credentials",
-  HYDRA: "hydra",
-  MEDUSA: "medusa",
-  // Privilege Escalation
-  CHECK_SUDO: "check_sudo",
-  FIND_SUID: "find_suid",
-  RUN_PRIVESC_ENUM: "run_privesc_enum",
-  // Post-Exploitation & Tunneling
-  SSH: "ssh",
-  SSH_KEYGEN: "ssh_keygen",
-  SETUP_TUNNEL: "setup_tunnel",
-  CHISEL: "chisel",
-  PROXYCHAINS: "proxychains",
-  LATERAL_MOVEMENT: "lateral_movement",
-  REVERSE_SHELL: "reverse_shell",
-  // Listener & Payload Delivery
-  NC_LISTENER: "nc_listener",
-  PYTHON_HTTP_SERVER: "python_http_server",
-  MSFVENOM: "msfvenom",
-  RLWRAP: "rlwrap",
-  PWNCAT: "pwncat",
-  // Forensics
-  BINWALK: "binwalk",
-  FOREMOST: "foremost",
-  STEGHIDE: "steghide",
-  EXIFTOOL: "exiftool",
-  // Reversing
-  GDB: "gdb",
-  RADARE2: "radare2",
-  // Impacket Tools
-  IMPACKET_SECRETSDUMP: "impacket_secretsdump",
-  IMPACKET_PSEXEC: "impacket_psexec",
-  IMPACKET_WMIEXEC: "impacket_wmiexec",
-  IMPACKET_SMBEXEC: "impacket_smbexec",
-  IMPACKET_ATEXEC: "impacket_atexec",
-  IMPACKET_DCOMEXEC: "impacket_dcomexec",
-  IMPACKET_GETNPUSERS: "impacket_getnpusers",
-  IMPACKET_GETUSERSPNS: "impacket_getuserspns",
-  // Reporting
-  REPORT_FINDING: "report_finding",
-  TAKE_SCREENSHOT: "take_screenshot",
-  // Research & Writeups
-  SEARCH_WRITEUPS: "search_writeups",
-  SEARCH_MACHINE: "search_machine",
-  SEARCH_BY_SCENARIO: "search_by_scenario",
-  SEARCH_AD_WRITEUPS: "search_ad_writeups",
-  SEARCH_LINUX_PRIVESC: "search_linux_privesc",
-  SEARCH_WINDOWS_PRIVESC: "search_windows_privesc",
-  CTF_RESEARCH: "ctf_research",
-  SECURITY_RESEARCH: "security_research",
-  // Advanced Web Tools
-  XSSTRIKE: "xsstrike",
-  ARJUN: "arjun",
-  PARAMSPIDER: "paramspider",
-  COMMIX: "commix",
-  WPSCAN: "wpscan",
-  JOOMSCAN: "joomscan",
-  DROOPESCAN: "droopescan",
-  DALFOX: "dalfox",
-  SSRFMAP: "ssrfmap",
-  NOSQLMAP: "nosqlmap",
-  JWT_TOOL: "jwt_tool",
-  GITDUMPER: "gitdumper",
-  // Advanced Network & AD Tools
-  RESPONDER: "responder",
-  LIGOLO: "ligolo",
-  EVIL_WINRM: "evil_winrm",
-  NETEXEC: "netexec",
-  CERTIPY: "certipy",
-  RUBEUS: "rubeus",
-  MIMIKATZ: "mimikatz",
-  COVENANT: "covenant",
-  PYPYKATZ: "pypykatz",
-  LDEEP: "ldeep",
-  ADIDNSDUMP: "adidnsdump",
-  PETITPOTAM: "petitpotam",
-  PRINTERBUG: "printerbug",
-  // Advanced Exploitation
-  PWNTOOLS: "pwntools",
-  ROPPER: "ropper",
-  CHECKSEC: "checksec",
-  ONE_GADGET: "one_gadget",
-  ANGR: "angr",
-  GHIDRA: "ghidra",
-  // Deep Research
-  SEARCH_CVE: "search_cve",
-  SEARCH_EXPLOIT_DB: "search_exploit_db",
-  DEEP_SEARCH: "deep_search",
-  FETCH_URL: "fetch_url",
-  // Advanced Web Exploitation (SSTI, Prototype Pollution, GraphQL, SSRF)
-  TPLMAP: "tplmap",
-  // SSTI exploitation
-  GRAPHQLMAP: "graphqlmap",
-  // GraphQL introspection & exploitation
-  CORS_SCANNER: "cors_scanner",
-  // CORS misconfiguration
-  CRLFUZZ: "crlfuzz",
-  // CRLF injection
-  SMUGGLER: "smuggler",
-  // HTTP request smuggling
-  YSOSERIAL: "ysoserial",
-  // Java deserialization
-  // Cloud & Container
-  CLOUDFOX: "cloudfox",
-  // AWS/Azure/GCP enumeration
-  PACU: "pacu",
-  // AWS exploitation framework
-  SCOUT_SUITE: "scout_suite",
-  // Multi-cloud security audit
-  TRIVY: "trivy",
-  // Container vulnerability scanner
-  KUBECTL: "kubectl",
-  // Kubernetes exploitation
-  DOCKER_ESCAPE: "docker_escape",
-  // Docker breakout tools
-  // Zero-Day Research & Fuzzing
-  AFL_FUZZ: "afl_fuzz",
-  // American Fuzzy Lop
-  BOOFUZZ: "boofuzz",
-  // Network protocol fuzzing
-  SYZKALLER: "syzkaller",
-  // Kernel fuzzing
-  // Recursive Web Search
-  RECURSIVE_SEARCH: "recursive_search",
-  // Deep recursive URL crawling
-  WAYBACK_MACHINE: "wayback_machine",
-  // Wayback Machine deep dive
-  UNIFIED_SEARCH: "unified_search",
-  // Multi-engine unified search
-  ZERO_DAY_RESEARCH: "zero_day_research",
-  // Multi-source 0day/PoC research
-  // Mobile & API Testing
-  FRIDA: "frida",
-  // Dynamic instrumentation
-  OBJECTION: "objection",
-  // Runtime mobile exploration
-  APKTOOL: "apktool",
-  // Android APK reverse engineering
-  MITMPROXY: "mitmproxy",
-  // TLS interception proxy
-  POSTMAN: "postman",
-  // API endpoint testing
-  // Wireless & Network MITM
-  AIRCRACK_NG: "aircrack_ng",
-  // Wireless cracking suite
-  REAVER: "reaver",
-  // WPS brute force
-  BETTERCAP: "bettercap",
-  // Network attack & monitoring
-  WIFITE: "wifite",
-  // Automated wireless attack
-  // Active Directory — Advanced
-  COERCER: "coercer",
-  // Authentication coercion (PetitPotam/PrinterBug unified)
-  NTLMRELAYX: "ntlmrelayx",
-  // NTLM relay attacks
-  KRBRELAYX: "krbrelayx",
-  // Kerberos relay attacks
-  NOPAC: "nopac",
-  // SAM-Account-Name spoofing (CVE-2021-42278/42287)
-  ZEROLOGON: "zerologon",
-  // ZeroLogon exploit (CVE-2020-1472)
-  // Social Engineering & Phishing
-  GOPHISH: "gophish",
-  // Phishing framework
-  EVILGINX: "evilginx",
-  // Adversary-in-the-middle phishing
-  // Advanced Code Analysis & Research
-  CODEQL: "codeql",
-  // Semantic code analysis for vulns
-  SEMGREP: "semgrep",
-  // Static analysis pattern matching
-  RET2DLRESOLVE: "ret2dlresolve",
-  // Return-oriented exploitation
-  KERNEL_EXPLOIT: "kernel_exploit",
-  // Kernel exploitation toolkit
-  // Continuous Persistent Search
-  CONTINUOUS_SEARCH: "continuous_search",
-  // Persistent background research
-  EXPLOIT_CHAIN_RESEARCH: "exploit_chain_research"
-  // Multi-stage exploit chain discovery
-};
-var APT_PACKAGE = {
-  // Network
-  NMAP: "nmap",
-  RUSTSCAN: "rustscan",
-  MASSCAN: "masscan",
-  TCPDUMP: "tcpdump",
-  TSHARK: "tshark",
-  NGREP: "ngrep",
-  ARP_SCAN: "arp-scan",
-  SOCAT: "socat",
-  NETCAT: "netcat-traditional",
-  IPUTILS_PING: "iputils-ping",
-  TRACEROUTE: "traceroute",
-  MTR: "mtr-tiny",
-  // DNS
-  DNSUTILS: "dnsutils",
-  WHOIS: "whois",
-  SUBFINDER: "subfinder",
-  AMASS: "amass",
-  DNSENUM: "dnsenum",
-  DNSRECON: "dnsrecon",
-  // Service Enum
-  SNMP: "snmp",
-  ONESIXTYONE: "onesixtyone",
-  NBTSCAN: "nbtscan",
-  RPCBIND: "rpcbind",
-  NFS_COMMON: "nfs-common",
-  TELNET: "telnet",
-  // Web
-  FFUF: "ffuf",
-  GOBUSTER: "gobuster",
-  DIRB: "dirb",
-  FEROXBUSTER: "feroxbuster",
-  WHATWEB: "whatweb",
-  HTTPX: "httpx-toolkit",
-  NUCLEI: "nuclei",
-  NIKTO: "nikto",
-  WAFW00F: "wafw00f",
-  SQLMAP: "sqlmap",
-  // Windows/SMB/AD
-  SMBCLIENT: "smbclient",
-  SMBMAP: "smbmap",
-  ENUM4LINUX: "enum4linux",
-  CRACKMAPEXEC: "crackmapexec",
-  EVIL_WINRM: "evil-winrm",
-  LDAP_UTILS: "ldap-utils",
-  KERBRUTE: "kerbrute",
-  BLOODHOUND: "bloodhound",
-  // Database
-  IMPACKET_SCRIPTS: "impacket-scripts",
-  MYSQL_CLIENT: "default-mysql-client",
-  POSTGRESQL_CLIENT: "postgresql-client",
-  REDIS_TOOLS: "redis-tools",
-  MONGODB_CLIENTS: "mongodb-clients",
-  // Credential
-  HYDRA: "hydra",
-  MEDUSA: "medusa",
-  JOHN: "john",
-  HASHCAT: "hashcat",
-  HASHID: "hashid",
-  // Exploit
-  EXPLOITDB: "exploitdb",
-  METASPLOIT_FRAMEWORK: "metasploit-framework",
-  // Post-Exploitation
-  OPENSSH_CLIENT: "openssh-client",
-  CHISEL: "chisel",
-  PROXYCHAINS4: "proxychains4",
-  RLWRAP: "rlwrap",
-  PWNCAT: "pwncat",
-  // Forensics
-  BINWALK: "binwalk",
-  FOREMOST: "foremost",
-  STEGHIDE: "steghide",
-  EXIFTOOL: "libimage-exiftool-perl",
-  // Reversing
-  GDB: "gdb",
-  RADARE2: "radare2"
-};
-var TOOL_TO_APT = {
-  // System (no apt package needed)
-  [TOOL_NAME.BASH]: null,
-  [TOOL_NAME.READ_FILE]: null,
-  [TOOL_NAME.WRITE_FILE]: null,
-  [TOOL_NAME.LIST_DIRECTORY]: null,
-  [TOOL_NAME.SET_TARGET]: null,
-  // Network - Basic Connectivity
-  [TOOL_NAME.PING]: APT_PACKAGE.IPUTILS_PING,
-  [TOOL_NAME.TRACEROUTE]: APT_PACKAGE.TRACEROUTE,
-  [TOOL_NAME.MTR]: APT_PACKAGE.MTR,
-  [TOOL_NAME.RUSTSCAN]: APT_PACKAGE.RUSTSCAN,
-  [TOOL_NAME.NMAP_SCAN]: APT_PACKAGE.NMAP,
-  [TOOL_NAME.MASSCAN]: APT_PACKAGE.MASSCAN,
-  [TOOL_NAME.TCPDUMP_CAPTURE]: APT_PACKAGE.TCPDUMP,
-  [TOOL_NAME.TSHARK]: APT_PACKAGE.TSHARK,
-  [TOOL_NAME.NGREP]: APT_PACKAGE.NGREP,
-  [TOOL_NAME.ARP_SCAN]: APT_PACKAGE.ARP_SCAN,
-  [TOOL_NAME.NETCAT]: APT_PACKAGE.NETCAT,
-  [TOOL_NAME.SOCAT]: APT_PACKAGE.SOCAT,
-  // DNS & Subdomain
-  [TOOL_NAME.DIG]: APT_PACKAGE.DNSUTILS,
-  [TOOL_NAME.HOST]: APT_PACKAGE.DNSUTILS,
-  [TOOL_NAME.NSLOOKUP]: APT_PACKAGE.DNSUTILS,
-  [TOOL_NAME.WHOIS]: APT_PACKAGE.WHOIS,
-  [TOOL_NAME.SUBFINDER]: APT_PACKAGE.SUBFINDER,
-  [TOOL_NAME.AMASS]: APT_PACKAGE.AMASS,
-  [TOOL_NAME.DNSENUM]: APT_PACKAGE.DNSENUM,
-  [TOOL_NAME.DNSRECON]: APT_PACKAGE.DNSRECON,
-  [TOOL_NAME.DNSMAP]: APT_PACKAGE.DNSRECON,
-  [TOOL_NAME.ZONE_TRANSFER]: APT_PACKAGE.DNSUTILS,
-  // Service Enumeration
-  [TOOL_NAME.SNMP_WALK]: APT_PACKAGE.SNMP,
-  [TOOL_NAME.SNMP_CHECK]: APT_PACKAGE.SNMP,
-  [TOOL_NAME.ONESIXTYONE]: APT_PACKAGE.ONESIXTYONE,
-  [TOOL_NAME.FTP_ENUM]: null,
-  [TOOL_NAME.FTP_ANON]: null,
-  [TOOL_NAME.NBTSCAN]: APT_PACKAGE.NBTSCAN,
-  [TOOL_NAME.RPC_INFO]: APT_PACKAGE.RPCBIND,
-  [TOOL_NAME.SHOWMOUNT]: APT_PACKAGE.NFS_COMMON,
-  [TOOL_NAME.TELNET]: APT_PACKAGE.TELNET,
-  // Web Recon & Tech Identification
-  [TOOL_NAME.WHATWEB]: APT_PACKAGE.WHATWEB,
-  [TOOL_NAME.HTTPX]: APT_PACKAGE.HTTPX,
-  [TOOL_NAME.NUCLEI]: APT_PACKAGE.NUCLEI,
-  [TOOL_NAME.NIKTO]: APT_PACKAGE.NIKTO,
-  [TOOL_NAME.FFUF]: APT_PACKAGE.FFUF,
-  [TOOL_NAME.GOBUSTER]: APT_PACKAGE.GOBUSTER,
-  [TOOL_NAME.DIRB]: APT_PACKAGE.DIRB,
-  [TOOL_NAME.FEROXBUSTER]: APT_PACKAGE.FEROXBUSTER,
-  [TOOL_NAME.WAYBACKURLS]: null,
-  [TOOL_NAME.WAFW00F]: APT_PACKAGE.WAFW00F,
-  [TOOL_NAME.GOWITNESS]: null,
-  // Windows/SMB/AD
-  [TOOL_NAME.SMB_ENUM]: APT_PACKAGE.SMBCLIENT,
-  [TOOL_NAME.SMBMAP]: APT_PACKAGE.SMBMAP,
-  [TOOL_NAME.ENUM4LINUX]: APT_PACKAGE.ENUM4LINUX,
-  [TOOL_NAME.CRACKMAPEXEC]: APT_PACKAGE.CRACKMAPEXEC,
-  [TOOL_NAME.SMBCLIENT]: APT_PACKAGE.SMBCLIENT,
-  [TOOL_NAME.RPCCLIENT]: APT_PACKAGE.SMBCLIENT,
-  [TOOL_NAME.WINRM]: APT_PACKAGE.EVIL_WINRM,
-  [TOOL_NAME.RDP_CHECK]: null,
-  [TOOL_NAME.LDAP_SEARCH]: APT_PACKAGE.LDAP_UTILS,
-  [TOOL_NAME.KERBRUTE]: APT_PACKAGE.KERBRUTE,
-  [TOOL_NAME.BLOODHOUND]: APT_PACKAGE.BLOODHOUND,
-  // Database Clients
-  [TOOL_NAME.MSSQL_CLIENT]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.MYSQL_CLIENT]: APT_PACKAGE.MYSQL_CLIENT,
-  [TOOL_NAME.PSQL_CLIENT]: APT_PACKAGE.POSTGRESQL_CLIENT,
-  [TOOL_NAME.REDIS_CLI]: APT_PACKAGE.REDIS_TOOLS,
-  [TOOL_NAME.MONGO_CLIENT]: APT_PACKAGE.MONGODB_CLIENTS,
-  // Web Attack
-  [TOOL_NAME.WEB_REQUEST]: null,
-  [TOOL_NAME.DIRECTORY_BRUTEFORCE]: APT_PACKAGE.GOBUSTER,
-  [TOOL_NAME.SQL_INJECTION]: APT_PACKAGE.SQLMAP,
-  [TOOL_NAME.BROWSER_AUTOMATION]: null,
-  // Exploit
-  [TOOL_NAME.SEARCHSPLOIT]: APT_PACKAGE.EXPLOITDB,
-  [TOOL_NAME.METASPLOIT]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
-  [TOOL_NAME.GENERATE_PAYLOAD]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
-  // Credential
-  [TOOL_NAME.BRUTEFORCE_LOGIN]: APT_PACKAGE.HYDRA,
-  [TOOL_NAME.CRACK_HASH]: APT_PACKAGE.JOHN,
-  [TOOL_NAME.JOHN]: APT_PACKAGE.JOHN,
-  [TOOL_NAME.HASHCAT]: APT_PACKAGE.HASHCAT,
-  [TOOL_NAME.HASHID]: APT_PACKAGE.HASHID,
-  [TOOL_NAME.DUMP_CREDENTIALS]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.HYDRA]: APT_PACKAGE.HYDRA,
-  [TOOL_NAME.MEDUSA]: APT_PACKAGE.MEDUSA,
-  // Privilege Escalation
-  [TOOL_NAME.CHECK_SUDO]: null,
-  [TOOL_NAME.FIND_SUID]: null,
-  [TOOL_NAME.RUN_PRIVESC_ENUM]: null,
-  // Post-Exploitation & Tunneling
-  [TOOL_NAME.SSH]: APT_PACKAGE.OPENSSH_CLIENT,
-  [TOOL_NAME.SSH_KEYGEN]: APT_PACKAGE.OPENSSH_CLIENT,
-  [TOOL_NAME.SETUP_TUNNEL]: APT_PACKAGE.CHISEL,
-  [TOOL_NAME.CHISEL]: APT_PACKAGE.CHISEL,
-  [TOOL_NAME.PROXYCHAINS]: APT_PACKAGE.PROXYCHAINS4,
-  [TOOL_NAME.LATERAL_MOVEMENT]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.REVERSE_SHELL]: APT_PACKAGE.NETCAT,
-  // Listener & Payload Delivery
-  [TOOL_NAME.NC_LISTENER]: APT_PACKAGE.NETCAT,
-  [TOOL_NAME.PYTHON_HTTP_SERVER]: null,
-  [TOOL_NAME.MSFVENOM]: APT_PACKAGE.METASPLOIT_FRAMEWORK,
-  [TOOL_NAME.RLWRAP]: APT_PACKAGE.RLWRAP,
-  [TOOL_NAME.PWNCAT]: APT_PACKAGE.PWNCAT,
-  // Impacket Tools
-  [TOOL_NAME.IMPACKET_SECRETSDUMP]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_PSEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_WMIEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_SMBEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_ATEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_DCOMEXEC]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_GETNPUSERS]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  [TOOL_NAME.IMPACKET_GETUSERSPNS]: APT_PACKAGE.IMPACKET_SCRIPTS,
-  // Forensics
-  [TOOL_NAME.BINWALK]: APT_PACKAGE.BINWALK,
-  [TOOL_NAME.FOREMOST]: APT_PACKAGE.FOREMOST,
-  [TOOL_NAME.STEGHIDE]: APT_PACKAGE.STEGHIDE,
-  [TOOL_NAME.EXIFTOOL]: APT_PACKAGE.EXIFTOOL,
-  // Reversing
-  [TOOL_NAME.GDB]: APT_PACKAGE.GDB,
-  [TOOL_NAME.RADARE2]: APT_PACKAGE.RADARE2,
-  // Reporting (no apt package)
-  [TOOL_NAME.REPORT_FINDING]: null,
-  [TOOL_NAME.TAKE_SCREENSHOT]: null,
-  // Research (no apt package)
-  [TOOL_NAME.SEARCH_WRITEUPS]: null,
-  [TOOL_NAME.SEARCH_MACHINE]: null,
-  [TOOL_NAME.SEARCH_BY_SCENARIO]: null,
-  [TOOL_NAME.SEARCH_AD_WRITEUPS]: null,
-  [TOOL_NAME.SEARCH_LINUX_PRIVESC]: null,
-  [TOOL_NAME.SEARCH_WINDOWS_PRIVESC]: null,
-  [TOOL_NAME.CTF_RESEARCH]: null,
-  [TOOL_NAME.SECURITY_RESEARCH]: null,
-  // Advanced Web Tools (pip/go install)
-  [TOOL_NAME.XSSTRIKE]: null,
-  [TOOL_NAME.ARJUN]: null,
-  [TOOL_NAME.PARAMSPIDER]: null,
-  [TOOL_NAME.COMMIX]: null,
-  [TOOL_NAME.WPSCAN]: null,
-  [TOOL_NAME.JOOMSCAN]: null,
-  [TOOL_NAME.DROOPESCAN]: null,
-  [TOOL_NAME.DALFOX]: null,
-  [TOOL_NAME.SSRFMAP]: null,
-  [TOOL_NAME.NOSQLMAP]: null,
-  [TOOL_NAME.JWT_TOOL]: null,
-  [TOOL_NAME.GITDUMPER]: null,
-  // Advanced Network & AD Tools
-  [TOOL_NAME.RESPONDER]: null,
-  [TOOL_NAME.LIGOLO]: null,
-  [TOOL_NAME.EVIL_WINRM]: APT_PACKAGE.EVIL_WINRM,
-  [TOOL_NAME.NETEXEC]: null,
-  [TOOL_NAME.CERTIPY]: null,
-  [TOOL_NAME.RUBEUS]: null,
-  [TOOL_NAME.MIMIKATZ]: null,
-  [TOOL_NAME.COVENANT]: null,
-  [TOOL_NAME.PYPYKATZ]: null,
-  [TOOL_NAME.LDEEP]: null,
-  [TOOL_NAME.ADIDNSDUMP]: null,
-  [TOOL_NAME.PETITPOTAM]: null,
-  [TOOL_NAME.PRINTERBUG]: null,
-  // Advanced Exploitation
-  [TOOL_NAME.PWNTOOLS]: null,
-  [TOOL_NAME.ROPPER]: null,
-  [TOOL_NAME.CHECKSEC]: null,
-  [TOOL_NAME.ONE_GADGET]: null,
-  [TOOL_NAME.ANGR]: null,
-  [TOOL_NAME.GHIDRA]: null,
-  // Deep Research (no apt package)
-  [TOOL_NAME.SEARCH_CVE]: null,
-  [TOOL_NAME.SEARCH_EXPLOIT_DB]: null,
-  [TOOL_NAME.DEEP_SEARCH]: null,
-  [TOOL_NAME.FETCH_URL]: null,
-  // Advanced Web Exploitation
-  [TOOL_NAME.TPLMAP]: null,
-  [TOOL_NAME.GRAPHQLMAP]: null,
-  [TOOL_NAME.CORS_SCANNER]: null,
-  [TOOL_NAME.CRLFUZZ]: null,
-  [TOOL_NAME.SMUGGLER]: null,
-  [TOOL_NAME.YSOSERIAL]: null,
-  // Cloud & Container
-  [TOOL_NAME.CLOUDFOX]: null,
-  [TOOL_NAME.PACU]: null,
-  [TOOL_NAME.SCOUT_SUITE]: null,
-  [TOOL_NAME.TRIVY]: null,
-  [TOOL_NAME.KUBECTL]: null,
-  [TOOL_NAME.DOCKER_ESCAPE]: null,
-  // Zero-Day Research & Fuzzing
-  [TOOL_NAME.AFL_FUZZ]: null,
-  [TOOL_NAME.BOOFUZZ]: null,
-  [TOOL_NAME.SYZKALLER]: null,
-  // Recursive Web Search
-  [TOOL_NAME.RECURSIVE_SEARCH]: null,
-  [TOOL_NAME.WAYBACK_MACHINE]: null,
-  [TOOL_NAME.UNIFIED_SEARCH]: null,
-  [TOOL_NAME.ZERO_DAY_RESEARCH]: null,
-  // Mobile & API Testing
-  [TOOL_NAME.FRIDA]: null,
-  // pip install frida-tools
-  [TOOL_NAME.OBJECTION]: null,
-  // pip install objection
-  [TOOL_NAME.APKTOOL]: null,
-  // binary install
-  [TOOL_NAME.MITMPROXY]: null,
-  // pip install mitmproxy
-  [TOOL_NAME.POSTMAN]: null,
-  // binary install
-  // Wireless & Network MITM
-  [TOOL_NAME.AIRCRACK_NG]: "aircrack-ng",
-  [TOOL_NAME.REAVER]: "reaver",
-  [TOOL_NAME.BETTERCAP]: null,
-  // go install
-  [TOOL_NAME.WIFITE]: null,
-  // pip install
-  // Active Directory — Advanced
-  [TOOL_NAME.COERCER]: null,
-  // pip install
-  [TOOL_NAME.NTLMRELAYX]: null,
-  // impacket
-  [TOOL_NAME.KRBRELAYX]: null,
-  // pip install
-  [TOOL_NAME.NOPAC]: null,
-  // python script
-  [TOOL_NAME.ZEROLOGON]: null,
-  // python script
-  // Social Engineering & Phishing
-  [TOOL_NAME.GOPHISH]: null,
-  // binary install
-  [TOOL_NAME.EVILGINX]: null,
-  // go install
-  // Advanced Code Analysis & Research
-  [TOOL_NAME.CODEQL]: null,
-  // binary install
-  [TOOL_NAME.SEMGREP]: null,
-  // pip install
-  [TOOL_NAME.RET2DLRESOLVE]: null,
-  [TOOL_NAME.KERNEL_EXPLOIT]: null,
-  // Continuous Persistent Search
-  [TOOL_NAME.CONTINUOUS_SEARCH]: null,
-  [TOOL_NAME.EXPLOIT_CHAIN_RESEARCH]: null
-};
-var SENSITIVE_TOOLS = [
-  TOOL_NAME.WRITE_FILE,
-  TOOL_NAME.BRUTEFORCE_LOGIN,
-  TOOL_NAME.METASPLOIT,
-  TOOL_NAME.SQL_INJECTION,
-  TOOL_NAME.DUMP_CREDENTIALS,
-  TOOL_NAME.GENERATE_PAYLOAD,
-  TOOL_NAME.LATERAL_MOVEMENT
-];
-var RESOURCE_THRESHOLD = {
-  MEMORY_WARNING: 0.7,
-  MEMORY_CRITICAL: 0.85,
-  CONTEXT_TOKEN_LIMIT: 1e5,
-  CHECK_INTERVAL_MS: 1e4
-};
-var AGENT_CONFIG = {
-  // Core
-  MAX_ITERATIONS: 200,
-  MAX_TOOL_CALLS_PER_ITERATION: 10,
-  DEFAULT_TIMEOUT: 6e4,
-  LONG_RUNNING_TIMEOUT: 6e5,
-  // Stuck Detection
-  STUCK_THRESHOLD: 5,
-  STUCK_TIME_THRESHOLD: 3e5,
-  MAX_PHASE_ATTEMPTS: 20,
-  // Context Management
-  MAX_CONTEXT_TOKENS: 1e5,
-  CONTEXT_COMPACTION_THRESHOLD: 0.8,
-  // Resource Management
-  MEMORY_WARNING_THRESHOLD: 0.7,
-  MEMORY_CRITICAL_THRESHOLD: 0.85,
-  RESOURCE_CHECK_INTERVAL: 1e4,
-  // Approval
-  APPROVAL_TIMEOUT: 6e4,
-  // Audit
-  AUDIT_MAX_ENTRIES: 1e3,
-  AUDIT_RETENTION_DAYS: 7
-};
-// src/config/constants.ts
-import { homedir } from "os";
-import { join } from "path";
-var PENTEST_ROOT = join(homedir(), ".pentesting");
-var PATHS = {
-  /** Root directory for all pentesting data: ~/.pentesting */
-  ROOT: PENTEST_ROOT,
-  /** Session snapshots and wire logs */
-  SESSIONS: join(PENTEST_ROOT, "sessions"),
-  /** Self-reflection learning data */
-  LEARNING: join(PENTEST_ROOT, "learning"),
-  /** Audit logs */
-  AUDIT: join(PENTEST_ROOT, "audit"),
-  /** User skill definitions (SKILL.md files) */
-  SKILLS: join(PENTEST_ROOT, "skills"),
-  /** Context checkpoints for undo/revert */
-  CHECKPOINTS: join(PENTEST_ROOT, "checkpoints"),
-  /** Config files (config.toml / config.json) */
-  CONFIG_TOML: join(PENTEST_ROOT, "config.toml"),
-  CONFIG_JSON: join(PENTEST_ROOT, "config.json"),
-  /** Agent spec YAML files */
-  AGENT_SPECS: join("src", "agents", "specs")
-};
-function getPath(base, ...segments) {
-  return join(base, ...segments);
-}
-var APP_VERSION = "0.14.1";
-var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
-var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
-var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
-var LLM_MODEL = process.env.PENTEST_MODEL || "claude-sonnet-4-20250514";
-var LLM_MAX_TOKENS = parseInt(process.env.PENTEST_MAX_TOKENS || "16384", 10);
-var CONTEXT_WINDOW = {
-  maxTokens: 2e5,
-  // Claude's context window size
-  compactionThreshold: 15e4,
-  // Trigger compaction at 75% usage
-  reservedTokens: 4e3
-  // Reserved for system prompt
-};
-var AGENT_CONFIG2 = {
-  maxIterations: 200,
-  maxToolCallsPerIteration: 10,
-  autoApprove: false,
-  sensitiveTools: SENSITIVE_TOOLS,
-  defaultTimeout: 6e4,
-  longRunningTimeout: 6e5,
-  stuckThreshold: 5,
-  stuckTimeThreshold: 3e5,
-  maxPhaseAttempts: 20
-};
-var PENTEST_PHASES = [
-  { id: PHASE_ID.RECON, name: "Reconnaissance", description: "Information gathering" },
-  { id: PHASE_ID.SCAN, name: "Scanning", description: "Port and service scanning" },
-  { id: PHASE_ID.ENUM, name: "Enumeration", description: "Deep service enumeration" },
-  { id: PHASE_ID.VULN, name: "Vulnerability Analysis", description: "Vulnerability identification" },
-  { id: PHASE_ID.EXPLOIT, name: "Exploitation", description: "Gaining access" },
-  { id: PHASE_ID.PRIVESC, name: "Privilege Escalation", description: "Elevating privileges" },
-  { id: PHASE_ID.PIVOT, name: "Pivoting", description: "Lateral movement" },
-  { id: PHASE_ID.PERSIST, name: "Persistence", description: "Maintaining access" },
-  { id: PHASE_ID.EXFIL, name: "Data Exfiltration", description: "Data extraction" },
-  { id: PHASE_ID.REPORT, name: "Reporting", description: "Documentation" }
-];
-export {
-  AGENT_STATUS,
-  PHASE_ID,
-  PHASE_STATUS,
-  THOUGHT_TYPE,
-  AGENT_EVENT,
-  CLI_COMMAND,
-  MESSAGE_TYPE,
-  DEFAULTS,
-  TOOL_NAME,
-  TOOL_TO_APT,
-  RESOURCE_THRESHOLD,
-  AGENT_CONFIG,
-  PATHS,
-  getPath,
-  APP_VERSION,
-  APP_DESCRIPTION,
-  LLM_API_KEY,
-  LLM_BASE_URL,
-  LLM_MODEL,
-  LLM_MAX_TOKENS,
-  CONTEXT_WINDOW,
-  AGENT_CONFIG2
-};