pentesting 0.40.6 → 0.40.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/main.js +10 -7
- package/package.json +1 -1
package/dist/main.js
CHANGED
|
@@ -306,7 +306,7 @@ var ORPHAN_PROCESS_NAMES = [
|
|
|
306
306
|
|
|
307
307
|
// src/shared/constants/agent.ts
|
|
308
308
|
var APP_NAME = "Pentest AI";
|
|
309
|
-
var APP_VERSION = "0.40.
|
|
309
|
+
var APP_VERSION = "0.40.7";
|
|
310
310
|
var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
|
|
311
311
|
var LLM_ROLES = {
|
|
312
312
|
SYSTEM: "system",
|
|
@@ -2128,7 +2128,8 @@ var StateSerializer = class {
|
|
|
2128
2128
|
if (important.length > 0) {
|
|
2129
2129
|
lines.push(` Important Findings:`);
|
|
2130
2130
|
for (const f of important.slice(0, DISPLAY_LIMITS.FINDING_PREVIEW)) {
|
|
2131
|
-
|
|
2131
|
+
const tactic = f.attackPattern ? ` [ATT&CK:${f.attackPattern}]` : "";
|
|
2132
|
+
lines.push(` [${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})${tactic}`);
|
|
2132
2133
|
}
|
|
2133
2134
|
}
|
|
2134
2135
|
}
|
|
@@ -4515,11 +4516,12 @@ Detail: ${detail}
|
|
|
4515
4516
|
},
|
|
4516
4517
|
{
|
|
4517
4518
|
name: TOOL_NAMES.ADD_FINDING,
|
|
4518
|
-
description: "Add a security finding",
|
|
4519
|
+
description: "Add a security finding. Always include attackPattern for MITRE ATT&CK mapping.",
|
|
4519
4520
|
parameters: {
|
|
4520
4521
|
title: { type: "string", description: "Finding title" },
|
|
4521
|
-
severity: { type: "string", description: "Severity" },
|
|
4522
|
-
affected: { type: "array", items: { type: "string" }, description: "Affected host:port" }
|
|
4522
|
+
severity: { type: "string", description: "Severity: critical, high, medium, low, info" },
|
|
4523
|
+
affected: { type: "array", items: { type: "string" }, description: "Affected host:port" },
|
|
4524
|
+
attackPattern: { type: "string", description: "MITRE ATT&CK tactic: initial_access, execution, persistence, privilege_escalation, defense_evasion, credential_access, discovery, lateral_movement, collection, exfiltration, command_and_control, impact" }
|
|
4523
4525
|
},
|
|
4524
4526
|
required: ["title", "severity"],
|
|
4525
4527
|
execute: async (p) => {
|
|
@@ -4537,7 +4539,8 @@ Detail: ${detail}
|
|
|
4537
4539
|
evidence,
|
|
4538
4540
|
isVerified: validation.isVerified,
|
|
4539
4541
|
remediation: "",
|
|
4540
|
-
foundAt: Date.now()
|
|
4542
|
+
foundAt: Date.now(),
|
|
4543
|
+
...p.attackPattern ? { attackPattern: p.attackPattern } : {}
|
|
4541
4544
|
});
|
|
4542
4545
|
const hasExploit = validation.isVerified;
|
|
4543
4546
|
const target = affected[0] || "unknown";
|
|
@@ -11715,7 +11718,7 @@ var App = ({ autoApprove = false, target }) => {
|
|
|
11715
11718
|
break;
|
|
11716
11719
|
}
|
|
11717
11720
|
addMessage("system", `--- ${findings.length} Findings ---`);
|
|
11718
|
-
findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}`));
|
|
11721
|
+
findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}${f.attackPattern ? ` (ATT&CK: ${f.attackPattern})` : ""}`));
|
|
11719
11722
|
break;
|
|
11720
11723
|
case UI_COMMANDS.ASSETS:
|
|
11721
11724
|
case UI_COMMANDS.ASSETS_SHORT:
|