npm - pentesting - Versions diffs - 0.40.4 → 0.40.7 - Mend

pentesting 0.40.4 → 0.40.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/main.js +19 -12
package/package.json +1 -1

package/dist/main.js CHANGED Viewed

@@ -306,7 +306,7 @@ var ORPHAN_PROCESS_NAMES = [
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.40.4";
+var APP_VERSION = "0.40.7";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -2128,7 +2128,8 @@ var StateSerializer = class {
       if (important.length > 0) {
         lines.push(`  Important Findings:`);
         for (const f of important.slice(0, DISPLAY_LIMITS.FINDING_PREVIEW)) {
-          lines.push(`    [${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})`);
+          const tactic = f.attackPattern ? ` [ATT&CK:${f.attackPattern}]` : "";
+          lines.push(`    [${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})${tactic}`);
         }
       }
     }
@@ -4515,11 +4516,12 @@ Detail: ${detail}
   },
   {
     name: TOOL_NAMES.ADD_FINDING,
-    description: "Add a security finding",
+    description: "Add a security finding. Always include attackPattern for MITRE ATT&CK mapping.",
     parameters: {
       title: { type: "string", description: "Finding title" },
-      severity: { type: "string", description: "Severity" },
-      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" }
+      severity: { type: "string", description: "Severity: critical, high, medium, low, info" },
+      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" },
+      attackPattern: { type: "string", description: "MITRE ATT&CK tactic: initial_access, execution, persistence, privilege_escalation, defense_evasion, credential_access, discovery, lateral_movement, collection, exfiltration, command_and_control, impact" }
     },
     required: ["title", "severity"],
     execute: async (p) => {
@@ -4537,7 +4539,8 @@ Detail: ${detail}
         evidence,
         isVerified: validation.isVerified,
         remediation: "",
-        foundAt: Date.now()
+        foundAt: Date.now(),
+        ...p.attackPattern ? { attackPattern: p.attackPattern } : {}
       });
       const hasExploit = validation.isVerified;
       const target = affected[0] || "unknown";
@@ -11475,7 +11478,7 @@ import { useState as useState3, useEffect as useEffect3 } from "react";
 import { Text as Text3 } from "ink";
 import { jsx as jsx3 } from "react/jsx-runtime";
 var FRAMES = ["\u2669", "\u266A", "\u266B", "\u266C", "\u266B", "\u266A"];
-var INTERVAL = 150;
+var INTERVAL = 400;
 var MusicSpinner = ({ color }) => {
   const [index, setIndex] = useState3(0);
   useEffect3(() => {
@@ -11657,6 +11660,10 @@ var App = ({ autoApprove = false, target }) => {
     cancelInputRequest,
     addMessage
   } = useAgent(autoApproveMode, target);
+  const isProcessingRef = useRef3(isProcessing);
+  isProcessingRef.current = isProcessing;
+  const autoApproveModeRef = useRef3(autoApproveMode);
+  autoApproveModeRef.current = autoApproveMode;
   const inputRequestRef = useRef3(inputRequest);
   inputRequestRef.current = inputRequest;
   const handleExit = useCallback3(() => {
@@ -11693,7 +11700,7 @@ var App = ({ autoApprove = false, target }) => {
           addMessage("error", "Set target first: /target <ip>");
           break;
         }
-        if (!autoApproveMode) {
+        if (!autoApproveModeRef.current) {
           setAutoApproveMode(true);
           agent.setAutoApprove(true);
           addMessage("system", "\u{1F680} Autonomous mode enabled (auto-approve ON)");
@@ -11711,7 +11718,7 @@ var App = ({ autoApprove = false, target }) => {
           break;
         }
         addMessage("system", `--- ${findings.length} Findings ---`);
-        findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}`));
+        findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}${f.attackPattern ? ` (ATT&CK: ${f.attackPattern})` : ""}`));
         break;
       case UI_COMMANDS.ASSETS:
       case UI_COMMANDS.ASSETS_SHORT:
@@ -11752,7 +11759,7 @@ ${procData.stdout || "(no output)"}
       default:
         addMessage("error", `Unknown command: /${cmd}`);
     }
-  }, [agent, addMessage, executeTask, setMessages, handleExit, autoApproveMode]);
+  }, [agent, addMessage, executeTask, setMessages, handleExit]);
   const handleSubmit = useCallback3(async (value) => {
     const trimmed = value.trim();
     if (!trimmed) return;
@@ -11778,10 +11785,10 @@ ${procData.stdout || "(no output)"}
   useInput(useCallback3((ch, key) => {
     if (key.escape) {
       if (inputRequestRef.current.isActive) cancelInputRequest();
-      else if (isProcessing) abort();
+      else if (isProcessingRef.current) abort();
     }
     if (key.ctrl && ch === "c") handleExit();
-  }, [cancelInputRequest, isProcessing, abort, handleExit]));
+  }, [cancelInputRequest, abort, handleExit]));
   useEffect4(() => {
     const onSignal = () => handleExit();
     process.on("SIGINT", onSignal);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.40.4",
+  "version": "0.40.7",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",