npm - pentesting - Versions diffs - 0.16.2 → 0.16.4 - Mend

pentesting 0.16.2 → 0.16.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -30,113 +30,6 @@ export PENTEST_MODEL="glm-4.7"
 pentesting
 ```
----
-## Features
-### 🤖 Multi-Agent Architecture
-Autonomous penetration testing with specialized agents:
-```
-Orchestrator → Recon → Vuln → Exploit → Post
-                ↓         ↓        ↓       ↓
-              Web      Infra    Report
-```
-Each agent is a simple `while(true) { think → tool → observe }` loop with:
-- **Specialized prompts** (not code)
-- **Dedicated tool sets**
-- **State slicing** for token efficiency
-### 🎯 CTF Expert Knowledge
-Built-in security expertise including:
-- **Essential options**: `nmap -Pn` (never forget)
-- **CVE detection**: Apache 2.4.49 → CVE-2021-41773
-- **Service-specific exploits**: Samba, VSFTPD, MS17-010
-- **Web attack vectors**: SQLi, XSS, SSRF, XXE
-- **AD infrastructure**: BloodHound, CrackMapExec
-### 🔍 Transparent Execution
-Full visibility into agent decision-making:
-```
-Orchestrator agentLoop
-│ think: "Start with reconnaissance"
-│ tool_call: delegate('recon', 'Subnet scan')
-│
-├─▶ RECON agentLoop
-│   │ tool_call: nmap -Pn 10.10.10.0/24 [confirm → y]
-│   │ observe: 3 hosts discovered
-│   │ escalate ↑: recon → vuln
-│   └─▶ return "Apache 2.4.49 found"
-│
-└─▶ VULN agentLoop
-    │ tool_call: curl --path-as-is ... [review → yes]
-    │ observe: /etc/passwd exposure confirmed
-    └─▶ return "CVE-2021-41773 Critical confirmed"
-```
-### 🛡️ Safety First
-- **Scope enforcement**: Never attack outside approved targets
-- **Approval gates**: `auto` / `confirm` / `review`
-- **Audit logging**: Every action recorded
-- **Authorized users only**: No unnecessary prompt defenses
----
-## TUI Commands
-```
-/target <cidr>        Set engagement scope
-/start                Start autonomous pentest
-/findings             Show all findings
-/loot                 Show credentials & sessions
-/state                Show current engagement state
-/yolo                 Toggle auto-approve mode
-/exit                 Exit session
-/help                 Show all commands
-```
----
-## Environment
-| Variable | Description | Default |
-|----------|-------------|---------|
-| `PENTEST_API_KEY` | API key (required) | - |
-| `PENTEST_BASE_URL` | Custom API endpoint | - |
-| `PENTEST_MODEL` | LLM model | `glm-4.7` |
----
-## Architecture
-```
-┌─────────────────────────────────────────────────────────────┐
-│                      Orchestrator                           │
-│  "Delegate, don't execute directly"                         │
-│  • delegate_to_agent • escalate • get_state • set_scope   │
-└────────────┬────────────────────────────────────────────────┘
-             │
-    ┌────────┼────────┬────────┬────────┬────────┐
-    │        │        │        │        │        │
-    ▼        ▼        ▼        ▼        ▼        ▼
-  Recon    Vuln   Exploit    Post     Web    Infra
-  "Info"    "Verify" "Approved" "Shell"  "Web"   "AD"
-```
-**Key principles:**
-1. Agent = `while(true) { think → tool → observe }`
-2. Agent difference = prompt + tool set (not code)
-3. Communication = danger↑ via Orchestrator, ↓ direct call
-4. All prompts get Scope + State injection
-5. Approval = `auto` | `confirm` | `review`
 ---
 ## Issue Report