pentesting 0.46.11 → 0.46.12

package/dist/main.js

@@ -311,7 +311,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.46.11";
+var APP_VERSION = "0.46.12";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -10110,11 +10110,17 @@ Phase: ${phase} | Targets: ${targets} | Findings: ${findings} | Tools executed:
 
 ${direction}
 
+ESCALATION CHAIN \u2014 follow this order:
+1. web_search: Search for techniques, bypasses, default creds, CVEs, HackTricks
+2. BYPASS: Try alternative approaches \u2014 different protocols, ports, encodings, methods
+3. ZERO-DAY EXPLORATION: Probe for unknown vulns \u2014 fuzz parameters, test edge cases, analyze error responses for leaks
+4. BRUTE-FORCE: Wordlists, credential stuffing, common passwords, custom password lists from context
+5. ask_user: ONLY as last resort \u2014 ask the user for hints, wordlists, or guidance
+
 RULES:
 - Every turn MUST have tool calls
-- If stuck: search for techniques (web_search)
-- If failed: try a DIFFERENT approach
-- ACT NOW \u2014 do not plan or explain`
+- NEVER silently give up \u2014 exhaust ALL 5 steps above first
+- ACT NOW \u2014 do not plan, do not explain, do not summarize. EXECUTE.`
           });
         }
       } catch (error) {
@@ -10232,11 +10238,6 @@ Please decide how to handle this error and continue.`;
     const stepDuration = Date.now() - stepStartTime;
     const tokens = response.usage ? { input: response.usage.input_tokens, output: response.usage.output_tokens } : void 0;
     if (!response.toolCalls?.length) {
-      const hasDoneMeaningfulWork = (progress?.totalToolsExecuted ?? 0) > 0;
-      if (hasDoneMeaningfulWork) {
-        this.emitComplete(response.content, iteration, 0, stepDuration, tokens);
-        return { output: response.content, toolsExecuted: 0, isCompleted: true };
-      }
       return { output: response.content, toolsExecuted: 0, isCompleted: false };
     }
     const results = await this.processToolCalls(response.toolCalls, progress);
@@ -12938,22 +12939,43 @@ ${procData.stdout || "(no output)"}
     setInputRequest({ status: "inactive" });
     setSecretInput("");
   }, [addMessage, setInputRequest]);
+  const ctrlCTimerRef = useRef5(null);
+  const ctrlCPressedRef = useRef5(false);
+  const handleCtrlC = useCallback4(() => {
+    if (ctrlCPressedRef.current) {
+      if (ctrlCTimerRef.current) clearTimeout(ctrlCTimerRef.current);
+      handleExit();
+      return;
+    }
+    ctrlCPressedRef.current = true;
+    addMessage("system", "\u26A0\uFE0F Press Ctrl+C again within 3 seconds to exit.");
+    if (isProcessingRef.current) abort();
+    ctrlCTimerRef.current = setTimeout(() => {
+      ctrlCPressedRef.current = false;
+      ctrlCTimerRef.current = null;
+    }, 3e3);
+  }, [handleExit, addMessage, abort]);
+  useEffect4(() => {
+    return () => {
+      if (ctrlCTimerRef.current) clearTimeout(ctrlCTimerRef.current);
+    };
+  }, []);
   useInput2(useCallback4((ch, key) => {
     if (key.escape) {
       if (inputRequestRef.current.status === "active") cancelInputRequest();
       else if (isProcessingRef.current) abort();
     }
-    if (key.ctrl && ch === "c") handleExit();
-  }, [cancelInputRequest, abort, handleExit]));
+    if (key.ctrl && ch === "c") handleCtrlC();
+  }, [cancelInputRequest, abort, handleCtrlC]));
   useEffect4(() => {
-    const onSignal = () => handleExit();
+    const onSignal = () => handleCtrlC();
     process.on("SIGINT", onSignal);
     process.on("SIGTERM", onSignal);
     return () => {
       process.off("SIGINT", onSignal);
       process.off("SIGTERM", onSignal);
     };
-  }, [handleExit]);
+  }, [handleCtrlC]);
   return /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", paddingX: 1, children: [
     /* @__PURE__ */ jsx7(Box6, { flexDirection: "column", marginBottom: 1, flexGrow: 1, children: /* @__PURE__ */ jsx7(MessageList, { messages }) }),
     /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", children: [

package/dist/prompts/base.md

@@ -78,7 +78,8 @@ What target would you like me to attack? (IP, domain, or CTF challenge)
    - **Update objectives**: Use `update_mission` to keep the operation summary and checklist current when needed
    - Is it time to move to the next step, or dig deeper at the current one?
 
-This loop **repeats continuously** until the task is complete. **Never stop.**
+This loop **repeats continuously** until the task is complete. **Never stop on your own.**
+If you believe you have exhausted all approaches → use `ask_user` to confirm with the user before stopping.
 
 ## Absolute Rules
 
@@ -87,12 +88,13 @@ This loop **repeats continuously** until the task is complete. **Never stop.**
 - Record findings immediately with add_finding
 - **Execute tasks immediately without unnecessary confirmations/questions**
 - If no results → **try a different approach** (never repeat the same method)
-- ask_user is **only for physically unobtainable information** (passwords, SSH keys, API tokens)
+- ask_user is for: (1) physically unobtainable information (passwords, SSH keys, API tokens), (2) **confirming you're truly done** when all vectors are exhausted
 
 ### 2. ask_user Rules
 - Use received values **immediately in the next command** — receiving and not using is forbidden
 - Once received → **reuse** — never ask for the same thing again
 - Confirmation requests like "Can I do this?" are forbidden
+- **WHEN TO ASK**: If you believe all attack vectors are exhausted and want to stop, you MUST `ask_user` to confirm. The user may have hints, custom wordlists, or additional context. **Never silently give up.**
 
 ### 3. Self-Correction on Errors (MANDATORY)
 When an error occurs, read the `[TOOL ERROR ANALYSIS]` section and fix immediately:
@@ -223,16 +225,21 @@ Don't agonize. **The world's best methodologies are already on the web.** Search
 When you find a PoC → verify code with `browse_url` → save with `write_file` → modify for environment → execute with `run_cmd`.
 **Searching is not a waste of time — it's a prerequisite for accurate attacks.**
 
-### When Stuck — Autonomous Breakthrough Principles
+### When Stuck — Escalation Chain (follow in order)
 
-1. **Same method fails twice → immediately switch approaches** (don't wait for 3)
-2. **Search when you don't know** — the answer is in HackTricks, PayloadsAllTheThings, GTFOBins
-3. **Install the tool or write code yourself if unavailable** — tool absence is not a reason to stop attacking
-4. **Approach from a completely different angle** — web fails → network, network fails → different service, service fails → different target
-5. **Errors are information** — extract version, path, and configuration hints from error messages
-6. **Use your judgment** — "Can I do this?" is forbidden. Act and see the results
-7. **When you find a PoC → read → save → execute** — you must know how to modify code
-8. **If you have a shell, use it for everything** — tool download, script execution, additional recon all possible
+**Same method fails twice → immediately switch approaches** (don't wait for 3).
+**Errors are information** — extract version, path, and configuration hints from error messages.
+
+1. **🔍 SEARCH** — `web_search` for techniques, bypasses, default creds, CVEs, HackTricks, PayloadsAllTheThings, GTFOBins
+2. **🔄 BYPASS** — Try completely different angles: different protocol, port, encoding, different service, different target. Install missing tools or write your own code
+3. **🧬 ZERO-DAY EXPLORATION** — Probe for unknown vulns: fuzz parameters, test edge cases, analyze error responses for information leaks, try unconventional inputs
+4. **🔨 BRUTE-FORCE** — Wordlists, credential stuffing, common passwords, custom password lists built from discovered context (usernames, company names, service names)
+5. **❓ ask_user** — ONLY as absolute last resort. Ask the user for hints, custom wordlists, or guidance. **Never silently give up.**
+
+Additional principles:
+- **If you have a shell, use it for everything** — tool download, script execution, additional recon
+- **When you find a PoC → read → save → execute** — modify code for the environment
+- **Tool absence is not a reason to stop** — write equivalent scripts yourself
 
 ### PoC Acquisition and Execution Protocol
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.46.11",
+  "version": "0.46.12",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",
@@ -28,7 +28,7 @@
     "release:patch": "npm version patch && npm run build && npm run publish:token",
     "release:minor": "npm version minor && npm run build && npm run publish:token",
     "release:major": "npm version major && npm run build && npm run publish:token",
-    "release:docker": "docker buildx build --platform linux/amd64,linux/arm64 -t agnusdei1207/pentesting:latest --push .",
+    "release:docker": "docker buildx build --platform linux/amd64,linux/arm64 -t agnusdei1207/pentesting:latest --push . && docker system prune -af",
     "check": "TMPDIR=/tmp npm run test && npm run build && npm run release:docker && bash test.sh"
   },
   "repository": {