pentesting 0.49.4 → 0.51.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -7
- package/dist/cloud/prompt.md +1 -1
- package/dist/file-sharing/prompt.md +2 -2
- package/dist/main.js +1506 -1463
- package/dist/network/prompt.md +1 -1
- package/dist/prompts/base.md +24 -37
- package/dist/prompts/infra.md +1 -1
- package/dist/prompts/vuln.md +3 -3
- package/dist/web/prompt.md +2 -2
- package/dist/wireless/prompt.md +8 -8
- package/package.json +1 -1
- package/dist/orchestrator/orchestrator.md +0 -71
package/README.md
CHANGED
|
@@ -24,28 +24,54 @@
|
|
|
24
24
|
|---------|-----------------|
|
|
25
25
|
|  |  |
|
|
26
26
|
|
|
27
|
-
|
|
28
27
|
---
|
|
29
28
|
|
|
30
29
|
## Purpose
|
|
31
30
|
|
|
32
31
|
Pentesting support tool
|
|
33
32
|
|
|
34
|
-
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## Quick Start
|
|
36
|
+
|
|
37
|
+
### z.ai — GLM Coding Plan Max (Recommended)
|
|
38
|
+
|
|
39
|
+
Web search is included in the subscription — **no separate Search API key required**.
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
docker run -it --rm \
|
|
43
|
+
-e PENTEST_API_KEY="your_z_ai_key" \
|
|
44
|
+
-e PENTEST_BASE_URL="https://api.z.ai/api/anthropic" \
|
|
45
|
+
-e PENTEST_MODEL="glm-4.7" \
|
|
46
|
+
agnusdei1207/pentesting
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
### External Search API (Optional)
|
|
50
|
+
|
|
51
|
+
For providers other than z.ai, or to use a dedicated search backend.
|
|
35
52
|
|
|
36
53
|
```bash
|
|
37
54
|
docker run -it --rm \
|
|
38
|
-
-e PENTEST_API_KEY="
|
|
55
|
+
-e PENTEST_API_KEY="your_api_key" \
|
|
39
56
|
-e PENTEST_BASE_URL="https://open.bigmodel.cn/api/paas/v4" \
|
|
40
|
-
-e PENTEST_MODEL="glm-
|
|
57
|
+
-e PENTEST_MODEL="glm-4-plus" \
|
|
41
58
|
-e SEARCH_API_KEY="your_brave_api_key" \
|
|
42
59
|
-e SEARCH_API_URL="https://api.search.brave.com/res/v1/web/search" \
|
|
43
|
-
-v ./pentest-data:/root/.pentest \
|
|
44
60
|
agnusdei1207/pentesting
|
|
45
61
|
```
|
|
46
62
|
|
|
47
|
-
|
|
63
|
+
### Environment Variables
|
|
48
64
|
|
|
49
|
-
|
|
65
|
+
| Variable | Required | Description |
|
|
66
|
+
|----------|----------|-------------|
|
|
67
|
+
| `PENTEST_API_KEY` | ✅ | LLM API key |
|
|
68
|
+
| `PENTEST_BASE_URL` | ✅ | API endpoint (web search auto-enabled when URL contains `z.ai`) |
|
|
69
|
+
| `PENTEST_MODEL` | ✅ | Model name (e.g. `glm-4.7`) |
|
|
70
|
+
| `SEARCH_API_KEY` | ❌ | External search API key (not needed with z.ai) |
|
|
71
|
+
| `SEARCH_API_URL` | ❌ | External search API URL (not needed with z.ai) |
|
|
50
72
|
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## Issue
|
|
51
76
|
|
|
77
|
+
email: agnusdei1207@gmail.com
|
package/dist/cloud/prompt.md
CHANGED
|
@@ -16,7 +16,7 @@ curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMeta
|
|
|
16
16
|
|
|
17
17
|
# S3 Bucket Enumeration
|
|
18
18
|
aws s3 ls s3://<bucket> --no-sign-request
|
|
19
|
-
aws s3 cp s3://<bucket>/sensitive.txt .pentesting/
|
|
19
|
+
aws s3 cp s3://<bucket>/sensitive.txt .pentesting/workspace/ --no-sign-request
|
|
20
20
|
|
|
21
21
|
# Azure Storage
|
|
22
22
|
curl -s "https://<account>.blob.core.windows.net/<container>?restype=container&comp=list"
|
|
@@ -38,8 +38,8 @@ hydra -L users.txt -P passwords.txt <target> ftp
|
|
|
38
38
|
showmount -e <target>
|
|
39
39
|
nmap -p 2049 --script nfs-ls,nfs-showmount,nfs-statfs <target>
|
|
40
40
|
# NFS Mount
|
|
41
|
-
mkdir -p .pentesting/
|
|
42
|
-
ls -la .pentesting/
|
|
41
|
+
mkdir -p .pentesting/workspace/nfs && mount -t nfs <target>:/<export> .pentesting/workspace/nfs
|
|
42
|
+
ls -la .pentesting/workspace/nfs/
|
|
43
43
|
|
|
44
44
|
# WebDAV
|
|
45
45
|
davtest -url http://<target>/webdav/
|