npm - pentesting - Versions diffs - 0.40.1 → 0.40.2 - Mend

pentesting 0.40.1 → 0.40.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/main.js +117 -112
package/package.json +1 -1

package/dist/main.js CHANGED Viewed

@@ -305,10 +305,8 @@ var ORPHAN_PROCESS_NAMES = [
 ];
 // src/shared/constants/agent.ts
-var ID_LENGTH = AGENT_LIMITS.ID_LENGTH;
-var ID_RADIX = AGENT_LIMITS.ID_RADIX;
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.40.1";
+var APP_VERSION = "0.40.2";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -591,7 +589,7 @@ var DEFAULTS = {
 // src/engine/process-manager.ts
 import { spawn as spawn3, execSync as execSync2 } from "child_process";
-import { readFileSync as readFileSync2, existsSync as existsSync3, unlinkSync, writeFileSync as writeFileSync3, appendFileSync as appendFileSync2 } from "fs";
+import { readFileSync as readFileSync2, existsSync as existsSync3, unlinkSync as unlinkSync2, writeFileSync as writeFileSync3, appendFileSync as appendFileSync2 } from "fs";
 // src/engine/tools-base.ts
 import { spawn as spawn2 } from "child_process";
@@ -1520,58 +1518,8 @@ function createTempFile(suffix = "") {
   return join2(tmpdir(), generateTempFilename(suffix));
 }
-// src/engine/process-detector.ts
-function detectProcessRole(command) {
-  const tags = [];
-  let port;
-  let role = PROCESS_ROLES.BACKGROUND;
-  let isInteractive = false;
-  const cmd = command.toLowerCase();
-  if (cmd.includes("-lvnp") || cmd.includes("-nlvp") || cmd.includes("-lp") || cmd.includes("nc") && cmd.includes("listen")) {
-    tags.push(PROCESS_ROLES.LISTENER);
-    role = PROCESS_ROLES.LISTENER;
-    isInteractive = true;
-    const portMatch = command.match(DETECTION_PATTERNS.LISTENER);
-    if (portMatch) port = parseInt(portMatch[1], 10);
-  }
-  if (cmd.includes("http.server") || cmd.includes("simplehttpserver") || cmd.includes("httpd") || cmd.includes("php -s")) {
-    tags.push(PROCESS_ROLES.SERVER);
-    role = PROCESS_ROLES.SERVER;
-    const portMatch = command.match(DETECTION_PATTERNS.HTTP_SERVER);
-    if (portMatch) port = parseInt(portMatch[1], 10);
-    if (!port) {
-      const genericPort = command.match(DETECTION_PATTERNS.GENERIC_PORT);
-      if (genericPort) port = parseInt(genericPort[1], 10);
-      else if (cmd.includes("http.server")) port = SYSTEM_LIMITS.WEB_PORT_RANGE.MIN;
-    }
-  }
-  if (cmd.includes("tcpdump") || cmd.includes("tshark")) {
-    tags.push(PROCESS_ROLES.SNIFFER);
-    role = PROCESS_ROLES.SNIFFER;
-  }
-  if (cmd.includes("arpspoof") || cmd.includes("dnsspoof") || cmd.includes("ettercap")) {
-    tags.push(PROCESS_ROLES.SPOOFER);
-    role = PROCESS_ROLES.SPOOFER;
-  }
-  if (cmd.includes("mitm") || cmd.includes("proxy") || cmd.includes("intercept")) {
-    tags.push(PROCESS_ROLES.PROXY);
-    role = PROCESS_ROLES.PROXY;
-  }
-  if (cmd.includes("callback") || cmd.includes("oob")) {
-    tags.push(PROCESS_ROLES.CALLBACK);
-    role = PROCESS_ROLES.CALLBACK;
-  }
-  if (cmd.includes("socat") && cmd.includes("listen")) {
-    tags.push(PROCESS_ROLES.LISTENER);
-    role = PROCESS_ROLES.LISTENER;
-    isInteractive = true;
-  }
-  if (tags.length === 0) tags.push(PROCESS_ROLES.BACKGROUND);
-  return { tags, port, role, isInteractive };
-}
-function detectConnection(stdout) {
-  return DETECTION_PATTERNS.CONNECTION.some((p) => p.test(stdout));
-}
+// src/engine/process-cleanup.ts
+import { unlinkSync } from "fs";
 // src/engine/process-tree.ts
 import { execSync } from "child_process";
@@ -1657,9 +1605,99 @@ function killProcessTreeSync(pid, childPids) {
   }
 }
+// src/engine/process-cleanup.ts
+function syncCleanupAllProcesses(processMap) {
+  for (const [, proc] of processMap) {
+    if (!proc.hasExited) {
+      killProcessTreeSync(proc.pid, proc.childPids);
+    }
+    try {
+      unlinkSync(proc.stdoutFile);
+    } catch {
+    }
+    try {
+      unlinkSync(proc.stderrFile);
+    } catch {
+    }
+    try {
+      unlinkSync(proc.stdinFile);
+    } catch {
+    }
+  }
+}
+function registerExitHandlers(processMap) {
+  process.on("exit", () => {
+    syncCleanupAllProcesses(processMap);
+  });
+  process.on("SIGINT", () => {
+    syncCleanupAllProcesses(processMap);
+    processMap.clear();
+    process.exit(EXIT_CODES.SIGINT);
+  });
+  process.on("SIGTERM", () => {
+    syncCleanupAllProcesses(processMap);
+    processMap.clear();
+    process.exit(EXIT_CODES.SIGTERM);
+  });
+}
+// src/engine/process-detector.ts
+function detectProcessRole(command) {
+  const tags = [];
+  let port;
+  let role = PROCESS_ROLES.BACKGROUND;
+  let isInteractive = false;
+  const cmd = command.toLowerCase();
+  if (cmd.includes("-lvnp") || cmd.includes("-nlvp") || cmd.includes("-lp") || cmd.includes("nc") && cmd.includes("listen")) {
+    tags.push(PROCESS_ROLES.LISTENER);
+    role = PROCESS_ROLES.LISTENER;
+    isInteractive = true;
+    const portMatch = command.match(DETECTION_PATTERNS.LISTENER);
+    if (portMatch) port = parseInt(portMatch[1], 10);
+  }
+  if (cmd.includes("http.server") || cmd.includes("simplehttpserver") || cmd.includes("httpd") || cmd.includes("php -s")) {
+    tags.push(PROCESS_ROLES.SERVER);
+    role = PROCESS_ROLES.SERVER;
+    const portMatch = command.match(DETECTION_PATTERNS.HTTP_SERVER);
+    if (portMatch) port = parseInt(portMatch[1], 10);
+    if (!port) {
+      const genericPort = command.match(DETECTION_PATTERNS.GENERIC_PORT);
+      if (genericPort) port = parseInt(genericPort[1], 10);
+      else if (cmd.includes("http.server")) port = SYSTEM_LIMITS.WEB_PORT_RANGE.MIN;
+    }
+  }
+  if (cmd.includes("tcpdump") || cmd.includes("tshark")) {
+    tags.push(PROCESS_ROLES.SNIFFER);
+    role = PROCESS_ROLES.SNIFFER;
+  }
+  if (cmd.includes("arpspoof") || cmd.includes("dnsspoof") || cmd.includes("ettercap")) {
+    tags.push(PROCESS_ROLES.SPOOFER);
+    role = PROCESS_ROLES.SPOOFER;
+  }
+  if (cmd.includes("mitm") || cmd.includes("proxy") || cmd.includes("intercept")) {
+    tags.push(PROCESS_ROLES.PROXY);
+    role = PROCESS_ROLES.PROXY;
+  }
+  if (cmd.includes("callback") || cmd.includes("oob")) {
+    tags.push(PROCESS_ROLES.CALLBACK);
+    role = PROCESS_ROLES.CALLBACK;
+  }
+  if (cmd.includes("socat") && cmd.includes("listen")) {
+    tags.push(PROCESS_ROLES.LISTENER);
+    role = PROCESS_ROLES.LISTENER;
+    isInteractive = true;
+  }
+  if (tags.length === 0) tags.push(PROCESS_ROLES.BACKGROUND);
+  return { tags, port, role, isInteractive };
+}
+function detectConnection(stdout) {
+  return DETECTION_PATTERNS.CONNECTION.some((p) => p.test(stdout));
+}
 // src/engine/process-manager.ts
 var backgroundProcesses = /* @__PURE__ */ new Map();
 var cleanupDone = false;
+registerExitHandlers(backgroundProcesses);
 var processEventLog = [];
 function logEvent(processId, event, detail) {
   processEventLog.push({ timestamp: Date.now(), processId, event, detail });
@@ -1833,15 +1871,15 @@ async function stopBackgroundProcess(processId) {
     await killProcessTree(proc.pid, proc.childPids);
   }
   try {
-    unlinkSync(proc.stdoutFile);
+    unlinkSync2(proc.stdoutFile);
   } catch {
   }
   try {
-    unlinkSync(proc.stderrFile);
+    unlinkSync2(proc.stderrFile);
   } catch {
   }
   try {
-    unlinkSync(proc.stdinFile);
+    unlinkSync2(proc.stdinFile);
   } catch {
   }
   logEvent(processId, PROCESS_EVENTS.STOPPED, `Stopped ${proc.role} (PID:${proc.pid}, children:${proc.childPids.length})`);
@@ -1939,15 +1977,15 @@ async function cleanupAllProcesses() {
   }
   for (const [, proc] of backgroundProcesses) {
     try {
-      unlinkSync(proc.stdoutFile);
+      unlinkSync2(proc.stdoutFile);
     } catch {
     }
     try {
-      unlinkSync(proc.stderrFile);
+      unlinkSync2(proc.stderrFile);
     } catch {
     }
     try {
-      unlinkSync(proc.stdinFile);
+      unlinkSync2(proc.stdinFile);
     } catch {
     }
   }
@@ -2033,39 +2071,6 @@ Ports In Use: ${ports.join(", ")}`);
   }
   return lines.join("\n");
 }
-function syncCleanupAllProcesses() {
-  for (const [, proc] of backgroundProcesses) {
-    if (!proc.hasExited) {
-      killProcessTreeSync(proc.pid, proc.childPids);
-    }
-    try {
-      unlinkSync(proc.stdoutFile);
-    } catch {
-    }
-    try {
-      unlinkSync(proc.stderrFile);
-    } catch {
-    }
-    try {
-      unlinkSync(proc.stdinFile);
-    } catch {
-    }
-  }
-}
-process.on("exit", () => {
-  syncCleanupAllProcesses();
-});
-process.on("SIGINT", () => {
-  syncCleanupAllProcesses();
-  backgroundProcesses.clear();
-  process.exit(EXIT_CODES.SIGINT);
-});
-process.on("SIGTERM", () => {
-  syncCleanupAllProcesses();
-  backgroundProcesses.clear();
-  process.exit(EXIT_CODES.SIGTERM);
-});
-var stopProcess = stopBackgroundProcess;
 // src/engine/state-serializer.ts
 var StateSerializer = class {
@@ -2852,7 +2857,7 @@ var SharedState = class {
   }
   addMissionChecklistItems(items) {
     for (const text of items) {
-      const id = generateId(ID_RADIX, ID_LENGTH);
+      const id = generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH);
       this.data.missionChecklist.push({ id, text, isCompleted: false });
     }
   }
@@ -2872,7 +2877,7 @@ var SharedState = class {
       this.data.engagement.scope = scope;
     } else {
       this.data.engagement = {
-        id: generateId(ID_RADIX, ID_LENGTH),
+        id: generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH),
         name: DEFAULTS.ENGAGEMENT_NAME,
         client: DEFAULTS.ENGAGEMENT_CLIENT,
         scope,
@@ -2932,7 +2937,7 @@ var SharedState = class {
   }
   // --- TODO Management ---
   addTodo(content, priority = PRIORITIES.MEDIUM) {
-    const id = generateId(ID_RADIX, ID_LENGTH);
+    const id = generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH);
     const item = { id, content, status: TODO_STATUSES.PENDING, priority };
     this.data.todo.push(item);
     return id;
@@ -2950,7 +2955,7 @@ var SharedState = class {
   // --- Logs & Phase ---
   logAction(action) {
     this.data.actionLog.push({
-      id: generateId(ID_RADIX, ID_LENGTH),
+      id: generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH),
       timestamp: Date.now(),
       ...action
     });
@@ -4130,7 +4135,7 @@ Next steps:
         }
         case "stop": {
           if (!processId) return { success: false, output: "", error: "Missing process_id" };
-          return stopProcess(processId);
+          return stopBackgroundProcess(processId);
         }
         case "stop_all": {
           const procs = listBackgroundProcesses();
@@ -4464,7 +4469,7 @@ Detail: ${detail}
       const affected = p.affected || [];
       const validation = validateFinding(evidence, severity);
       state.addFinding({
-        id: generateId(ID_RADIX, ID_LENGTH),
+        id: generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH),
         title,
         severity,
         affected,
@@ -4659,7 +4664,7 @@ async function installPlaywright() {
 // src/engine/tools/web-browser-script.ts
 import { spawn as spawn5 } from "child_process";
-import { writeFileSync as writeFileSync5, unlinkSync as unlinkSync2 } from "fs";
+import { writeFileSync as writeFileSync5, unlinkSync as unlinkSync3 } from "fs";
 import { join as join5 } from "path";
 import { tmpdir as tmpdir2 } from "os";
 function safeJsString(str) {
@@ -4695,7 +4700,7 @@ function runPlaywrightScript(script, timeout, scriptPrefix) {
     child.stderr.on("data", (data) => stderr += data);
     child.on("close", (code) => {
       try {
-        unlinkSync2(scriptPath);
+        unlinkSync3(scriptPath);
       } catch {
       }
       if (code !== 0) {
@@ -4722,7 +4727,7 @@ function runPlaywrightScript(script, timeout, scriptPrefix) {
     });
     child.on("error", (err) => {
       try {
-        unlinkSync2(scriptPath);
+        unlinkSync3(scriptPath);
       } catch {
       }
       resolve({
@@ -6469,7 +6474,7 @@ Combine with packet_sniff to capture intercepted traffic.`,
       });
       await new Promise((r) => setTimeout(r, (duration + NETWORK_CONFIG.WAIT_BUFFER_SECONDS) * 1e3));
       const output = getProcessOutput(proc.id);
-      await stopProcess(proc.id);
+      await stopBackgroundProcess(proc.id);
       await runCommand(NETWORK_COMMANDS.IP_FORWARD_DISABLE);
       return {
         success: true,
@@ -6523,7 +6528,7 @@ Requires root/sudo privileges.`,
       });
       await new Promise((r) => setTimeout(r, (duration + NETWORK_CONFIG.WAIT_BUFFER_SECONDS) * 1e3));
       const captureOutput = getProcessOutput(proc.id);
-      await stopProcess(proc.id);
+      await stopBackgroundProcess(proc.id);
       let output = `Packet Capture Results:
 Interface: ${iface}
 Filter: ${filter || "none"}
@@ -6610,7 +6615,7 @@ ${spoofIp}	*.${domain}
       });
       await new Promise((r) => setTimeout(r, (duration + NETWORK_CONFIG.WAIT_BUFFER_SECONDS) * 1e3));
       const output = getProcessOutput(proc.id);
-      await stopProcess(proc.id);
+      await stopBackgroundProcess(proc.id);
       return {
         success: true,
         output: `DNS Spoofing Results:
@@ -6662,7 +6667,7 @@ Combine with arp_spoof for transparent proxying.`,
       });
       await new Promise((r) => setTimeout(r, (duration + NETWORK_CONFIG.WAIT_BUFFER_SECONDS) * 1e3));
       const procOutput = getProcessOutput(proc.id);
-      await stopProcess(proc.id);
+      await stopBackgroundProcess(proc.id);
       let flowSummary = "";
       const readFlows = await runCommand(`mitmdump -r ${outputFile} -n 2>&1 | head -50`);
       if (readFlows.success && readFlows.output) {
@@ -6731,7 +6736,7 @@ This is a high-level tool that combines tcpdump capture with protocol analysis.`
         description: `Traffic intercept on ${target}`
       });
       await new Promise((r) => setTimeout(r, (duration + NETWORK_CONFIG.WAIT_BUFFER_SECONDS) * 1e3));
-      await stopProcess(proc.id);
+      await stopBackgroundProcess(proc.id);
       let output = `Traffic Interception Report
 ${"=".repeat(50)}
 Target: ${target}
@@ -7063,7 +7068,7 @@ If killOrphans is true, also cleans up child processes whose parent has died.`,
     async execute(params) {
       const results = [];
       if (params.processId) {
-        const procResult = await stopProcess(params.processId);
+        const procResult = await stopBackgroundProcess(params.processId);
         results.push(`Stopped ${params.processId}: ${procResult.success ? "success" : "failed"}`);
         if (procResult.output) {
           results.push(procResult.output.slice(0, PROCESS_OUTPUT_TRUNCATION_LIMIT));
@@ -7971,7 +7976,7 @@ var __filename2 = fileURLToPath3(import.meta.url);
 var __dirname3 = dirname4(__filename2);
 // src/engine/state-persistence.ts
-import { writeFileSync as writeFileSync6, readFileSync as readFileSync4, existsSync as existsSync6, readdirSync, statSync, unlinkSync as unlinkSync3 } from "fs";
+import { writeFileSync as writeFileSync6, readFileSync as readFileSync4, existsSync as existsSync6, readdirSync, statSync, unlinkSync as unlinkSync4 } from "fs";
 import { join as join9 } from "path";
 function saveState(state) {
   const sessionsDir = WORKSPACE.SESSIONS;
@@ -8006,7 +8011,7 @@ function pruneOldSessions(sessionsDir) {
     })).sort((a, b) => b.mtime - a.mtime);
     const toDelete = sessionFiles.slice(AGENT_LIMITS.MAX_SESSION_FILES);
     for (const file of toDelete) {
-      unlinkSync3(file.path);
+      unlinkSync4(file.path);
     }
   } catch {
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.40.1",
+  "version": "0.40.2",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",