pentesting 0.47.2 → 0.47.3

package/README.md

@@ -33,17 +33,74 @@ Pentesting support tool
 
 ## Quick Start with Docker (Recommended)
 
+### Using GLM (Default - Recommended)
+
+GLM Web Search uses the same API key as the model, so no extra configuration needed:
+
+```bash
+# One-time use (data deleted after exit)
+docker run -it --rm \
+  -e PENTEST_API_KEY="your_glm_api_key" \
+  -e PENTEST_BASE_URL="https://open.bigmodel.cn/api/paas/v4" \
+  -e PENTEST_MODEL="glm-5" \
+  agnusdei1207/pentesting
+
+# Persistent data (saved to ./pentest-data/)
+docker run -it --rm \
+  -e PENTEST_API_KEY="your_glm_api_key" \
+  -e PENTEST_BASE_URL="https://open.bigmodel.cn/api/paas/v4" \
+  -e PENTEST_MODEL="glm-5" \
+  -v ./pentest-data:/root/.pentest \
+  agnusdei1207/pentesting
+```
+
+Web search is automatically configured to use GLM Web Search with your `PENTEST_API_KEY`.
+
+### Using Brave Search
+
 ```bash
 docker run -it --rm \
-  -e PENTEST_API_KEY="your_api_key" \
-  -e PENTEST_BASE_URL="https://api.z.ai/api/anthropic" \
+  -e PENTEST_API_KEY="your_glm_api_key" \
+  -e PENTEST_BASE_URL="https://open.bigmodel.cn/api/paas/v4" \
   -e PENTEST_MODEL="glm-5" \
-  -e SEARCH_API_KEY="your_api_key" \
-  -e SEARCH_API_URL="https://open.bigmodel.cn/api/paas/v4/tools/web-search-pro" \
-  -v pentest-data:/root/.pentest \
+  -e SEARCH_API_KEY="your_brave_api_key" \
+  -e SEARCH_API_URL="https://api.search.brave.com/res/v1/web/search" \
+  -v ./pentest-data:/root/.pentest \
   agnusdei1207/pentesting
 ```
 
+Get Brave Search API key at: https://brave.com/search/api/
+
+### Using Serper (Google Search)
+
+```bash
+docker run -it --rm \
+  -e PENTEST_API_KEY="your_glm_api_key" \
+  -e PENTEST_BASE_URL="https://open.bigmodel.cn/api/paas/v4" \
+  -e PENTEST_MODEL="glm-5" \
+  -e SEARCH_API_KEY="your_serper_api_key" \
+  -e SEARCH_API_URL="https://google.serper.dev/search" \
+  -v ./pentest-data:/root/.pentest \
+  agnusdei1207/pentesting
+```
+
+Get Serper API key at: https://serper.dev/
+
+## Environment Variables
+
+| Variable | Required | Default | Description |
+|----------|----------|---------|-------------|
+| `PENTEST_API_KEY` | ✅ Yes | - | LLM API key (also used for web search if `SEARCH_API_KEY` not set) |
+| `PENTEST_BASE_URL` | No | - | Custom API endpoint URL |
+| `PENTEST_MODEL` | No | - | Model name (e.g., `glm-5`) |
+| `SEARCH_API_KEY` | No | Uses `PENTEST_API_KEY` | Web search API key (optional, falls back to main key) |
+| `SEARCH_API_URL` | No | GLM Web Search | Web search API URL |
+
+### Web Search Defaults
+
+- **Default**: GLM Web Search (`https://open.bigmodel.cn/api/paas/v4/tools/web-search-pro`)
+- **API Key**: Falls back to `PENTEST_API_KEY` if `SEARCH_API_KEY` not set
+
 ## Issue
 
 email: agnusdei1207@gmail.com

package/dist/cloud/prompt.md

@@ -16,7 +16,7 @@ curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMeta
 
 # S3 Bucket Enumeration
 aws s3 ls s3://<bucket> --no-sign-request
-aws s3 cp s3://<bucket>/sensitive.txt /tmp/ --no-sign-request
+aws s3 cp s3://<bucket>/sensitive.txt .pentesting/tmp/ --no-sign-request
 
 # Azure Storage
 curl -s "https://<account>.blob.core.windows.net/<container>?restype=container&comp=list"

package/dist/file-sharing/prompt.md

@@ -38,8 +38,8 @@ hydra -L users.txt -P passwords.txt <target> ftp
 showmount -e <target>
 nmap -p 2049 --script nfs-ls,nfs-showmount,nfs-statfs <target>
 # NFS Mount
-mkdir /tmp/nfs && mount -t nfs <target>:/<export> /tmp/nfs
-ls -la /tmp/nfs/
+mkdir -p .pentesting/tmp/nfs && mount -t nfs <target>:/<export> .pentesting/tmp/nfs
+ls -la .pentesting/tmp/nfs/
 
 # WebDAV
 davtest -url http://<target>/webdav/