pentesting 0.2.1 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -10
- package/dist/index.js +17 -16
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -31,15 +31,14 @@ npm install -g pentesting
|
|
|
31
31
|
### Configure
|
|
32
32
|
|
|
33
33
|
```bash
|
|
34
|
-
#
|
|
34
|
+
# Required: API Key (either works)
|
|
35
|
+
export PENTEST_API_KEY=your_api_key
|
|
36
|
+
# or
|
|
35
37
|
export ANTHROPIC_API_KEY=your_api_key
|
|
36
38
|
|
|
37
|
-
#
|
|
38
|
-
export
|
|
39
|
-
export
|
|
40
|
-
|
|
41
|
-
# Optional
|
|
42
|
-
export PENTEST_MODEL=claude-sonnet-4-20250514 # or your model
|
|
39
|
+
# For other providers (GLM, OpenRouter, etc.)
|
|
40
|
+
export PENTEST_BASE_URL=https://your-api-endpoint.com/v1
|
|
41
|
+
export PENTEST_MODEL=your-model-name
|
|
43
42
|
export PENTEST_MAX_TOKENS=16384
|
|
44
43
|
```
|
|
45
44
|
|
|
@@ -198,9 +197,9 @@ await agent.addMCPServer('security-tools', 'docker', [
|
|
|
198
197
|
|
|
199
198
|
| Variable | Description | Default |
|
|
200
199
|
|----------|-------------|---------|
|
|
201
|
-
|
|
|
202
|
-
|
|
|
203
|
-
| PENTEST_MODEL |
|
|
200
|
+
| PENTEST_API_KEY | API key (alternative: ANTHROPIC_API_KEY) | Required |
|
|
201
|
+
| PENTEST_BASE_URL | API endpoint URL (for GLM, etc.) | - |
|
|
202
|
+
| PENTEST_MODEL | Model name | claude-sonnet-4-20250514 |
|
|
204
203
|
| PENTEST_MAX_TOKENS | Max response tokens | 16384 |
|
|
205
204
|
| PENTESTING_DOCKER | Force Docker execution | 0 |
|
|
206
205
|
| PENTESTING_CONTAINER | Docker container name | pentesting-tools |
|
package/dist/index.js
CHANGED
|
@@ -1374,11 +1374,12 @@ const { chromium } = require('playwright');
|
|
|
1374
1374
|
}
|
|
1375
1375
|
|
|
1376
1376
|
// src/config/constants.ts
|
|
1377
|
-
var APP_VERSION = "0.2.
|
|
1377
|
+
var APP_VERSION = "0.2.3";
|
|
1378
1378
|
var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
|
|
1379
|
-
var
|
|
1380
|
-
var
|
|
1381
|
-
var
|
|
1379
|
+
var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
|
|
1380
|
+
var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
|
|
1381
|
+
var LLM_MODEL = process.env.PENTEST_MODEL || "claude-sonnet-4-20250514";
|
|
1382
|
+
var LLM_MAX_TOKENS = parseInt(process.env.PENTEST_MAX_TOKENS || "16384", 10);
|
|
1382
1383
|
var AGENT_CONFIG = {
|
|
1383
1384
|
maxIterations: 200,
|
|
1384
1385
|
maxToolCallsPerIteration: 10,
|
|
@@ -1885,8 +1886,8 @@ async function compactHistory(client, messages, keepRecent = 4) {
|
|
|
1885
1886
|
return `[${msg.role.toUpperCase()}]: ${content}`;
|
|
1886
1887
|
}).join("\n\n");
|
|
1887
1888
|
const response = await client.messages.create({
|
|
1888
|
-
model:
|
|
1889
|
-
max_tokens:
|
|
1889
|
+
model: LLM_MODEL,
|
|
1890
|
+
max_tokens: LLM_MAX_TOKENS,
|
|
1890
1891
|
system: COMPACTION_PROMPT,
|
|
1891
1892
|
messages: [{
|
|
1892
1893
|
role: "user",
|
|
@@ -2979,8 +2980,8 @@ var AutonomousHackingAgent = class extends EventEmitter3 {
|
|
|
2979
2980
|
constructor(apiKey, config) {
|
|
2980
2981
|
super();
|
|
2981
2982
|
this.client = new Anthropic({
|
|
2982
|
-
apiKey: apiKey || process.env.
|
|
2983
|
-
baseURL:
|
|
2983
|
+
apiKey: apiKey || LLM_API_KEY || process.env.PENTEST_API_KEY,
|
|
2984
|
+
baseURL: LLM_BASE_URL
|
|
2984
2985
|
});
|
|
2985
2986
|
this.config = { ...AGENT_CONFIG, ...config };
|
|
2986
2987
|
this.tools = ALL_TOOLS;
|
|
@@ -3234,7 +3235,7 @@ Current situation:
|
|
|
3234
3235
|
What went wrong and what different approach should be tried?
|
|
3235
3236
|
`;
|
|
3236
3237
|
const response = await this.client.messages.create({
|
|
3237
|
-
model:
|
|
3238
|
+
model: LLM_MODEL,
|
|
3238
3239
|
max_tokens: 4096,
|
|
3239
3240
|
messages: [{ role: "user", content: reflectionPrompt }]
|
|
3240
3241
|
});
|
|
@@ -3382,8 +3383,8 @@ Goal: Deep penetration to obtain root/system privileges, extract internal data,
|
|
|
3382
3383
|
}
|
|
3383
3384
|
const response = await withRetry(
|
|
3384
3385
|
() => this.client.messages.create({
|
|
3385
|
-
model:
|
|
3386
|
-
max_tokens:
|
|
3386
|
+
model: LLM_MODEL,
|
|
3387
|
+
max_tokens: LLM_MAX_TOKENS,
|
|
3387
3388
|
system: systemPrompt,
|
|
3388
3389
|
tools: this.tools,
|
|
3389
3390
|
messages
|
|
@@ -3670,8 +3671,8 @@ ${this.state.findings.filter((f) => f.severity !== "info").map((f) => `- Address
|
|
|
3670
3671
|
try {
|
|
3671
3672
|
const systemPrompt = this.buildContextualPrompt();
|
|
3672
3673
|
const response = await this.client.messages.create({
|
|
3673
|
-
model:
|
|
3674
|
-
max_tokens:
|
|
3674
|
+
model: LLM_MODEL,
|
|
3675
|
+
max_tokens: LLM_MAX_TOKENS,
|
|
3675
3676
|
system: systemPrompt,
|
|
3676
3677
|
messages: this.state.history,
|
|
3677
3678
|
tools: this.tools
|
|
@@ -3703,8 +3704,8 @@ ${this.state.findings.filter((f) => f.severity !== "info").map((f) => `- Address
|
|
|
3703
3704
|
}
|
|
3704
3705
|
if (hasToolCalls && response.stop_reason === "tool_use") {
|
|
3705
3706
|
const followUp = await this.client.messages.create({
|
|
3706
|
-
model:
|
|
3707
|
-
max_tokens:
|
|
3707
|
+
model: LLM_MODEL,
|
|
3708
|
+
max_tokens: LLM_MAX_TOKENS,
|
|
3708
3709
|
system: systemPrompt,
|
|
3709
3710
|
messages: this.state.history,
|
|
3710
3711
|
tools: this.tools
|
|
@@ -4761,7 +4762,7 @@ ${chalk.hex(THEME.status.warning)("Examples:")}
|
|
|
4761
4762
|
|
|
4762
4763
|
${chalk.hex(THEME.status.warning)("Environment:")}
|
|
4763
4764
|
|
|
4764
|
-
${chalk.hex(THEME.text.accent)("
|
|
4765
|
+
${chalk.hex(THEME.text.accent)("PENTEST_API_KEY")} Required - LLM API key
|
|
4765
4766
|
${chalk.hex(THEME.text.accent)("PENTEST_MODEL")} Optional - Model override
|
|
4766
4767
|
|
|
4767
4768
|
${chalk.hex(THEME.text.muted)("For ethical hacking and authorized testing only.")}
|