pentesting 0.5.4 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{auto-update-IDSABTT4.js → auto-update-CVZG3YKL.js} +2 -2
- package/dist/{chunk-FHPP7RP2.js → chunk-CKXQT3ON.js} +1 -0
- package/dist/{chunk-ZC53SMRU.js → chunk-TK3QEEDA.js} +1 -1
- package/dist/index.js +189 -14
- package/dist/{update-OWR4FHRQ.js → update-B6HRINH6.js} +2 -2
- package/package.json +1 -1
|
@@ -8,8 +8,8 @@ import {
|
|
|
8
8
|
readVersionCache,
|
|
9
9
|
semverTuple,
|
|
10
10
|
writeVersionCache
|
|
11
|
-
} from "./chunk-
|
|
12
|
-
import "./chunk-
|
|
11
|
+
} from "./chunk-TK3QEEDA.js";
|
|
12
|
+
import "./chunk-CKXQT3ON.js";
|
|
13
13
|
import "./chunk-3RG5ZIWI.js";
|
|
14
14
|
export {
|
|
15
15
|
checkForUpdate,
|
package/dist/index.js
CHANGED
|
@@ -15,7 +15,7 @@ import {
|
|
|
15
15
|
PHASE_STATUS,
|
|
16
16
|
THOUGHT_TYPE,
|
|
17
17
|
TOOL_NAME
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-CKXQT3ON.js";
|
|
19
19
|
import {
|
|
20
20
|
__require
|
|
21
21
|
} from "./chunk-3RG5ZIWI.js";
|
|
@@ -284,16 +284,46 @@ IMPORTANT:
|
|
|
284
284
|
}
|
|
285
285
|
];
|
|
286
286
|
var NETWORK_TOOLS = [
|
|
287
|
+
{
|
|
288
|
+
name: TOOL_NAME.RUSTSCAN,
|
|
289
|
+
description: `Ultra-fast port scanner written in Rust. Use as FIRST scan for quick discovery.
|
|
290
|
+
|
|
291
|
+
Rustscan is 10x faster than nmap for port discovery. Strategy:
|
|
292
|
+
1. Run rustscan first to find open ports quickly
|
|
293
|
+
2. Then use nmap with -sV on discovered ports for service detection
|
|
294
|
+
|
|
295
|
+
BATCH SIZES:
|
|
296
|
+
- 5000: Safe for most networks
|
|
297
|
+
- 10000: Fast, may miss some ports
|
|
298
|
+
- 65535: Full scan, slower but comprehensive`,
|
|
299
|
+
input_schema: {
|
|
300
|
+
type: "object",
|
|
301
|
+
properties: {
|
|
302
|
+
target: { type: "string", description: "Target IP/hostname/CIDR" },
|
|
303
|
+
ports: { type: "string", description: 'Port range (e.g., "1-65535" or "22,80,443")' },
|
|
304
|
+
batch_size: { type: "number", description: "Batch size (default: 5000)" },
|
|
305
|
+
timeout: { type: "number", description: "Timeout in ms (default: 1500)" },
|
|
306
|
+
ulimit: { type: "number", description: "File descriptor limit (default: 5000)" },
|
|
307
|
+
greppable: { type: "boolean", description: "Output in greppable format" },
|
|
308
|
+
nmap_args: { type: "string", description: 'Additional args to pass to nmap (e.g., "-sV -sC")' }
|
|
309
|
+
},
|
|
310
|
+
required: ["target"]
|
|
311
|
+
}
|
|
312
|
+
},
|
|
287
313
|
{
|
|
288
314
|
name: TOOL_NAME.NMAP_SCAN,
|
|
289
|
-
description: `Network scanning with nmap.
|
|
315
|
+
description: `Network scanning with nmap. Use AFTER rustscan for detailed service detection.
|
|
290
316
|
|
|
317
|
+
RECOMMENDED WORKFLOW:
|
|
318
|
+
1. rustscan first \u2192 fast port discovery
|
|
319
|
+
2. nmap -sV -sC on discovered ports \u2192 service/version detection
|
|
320
|
+
|
|
291
321
|
SCAN TYPES:
|
|
292
322
|
- discovery: Host discovery only (-sn)
|
|
293
|
-
- quick: Fast port scan (-F -T4)
|
|
294
|
-
- full: All 65535 ports (-p-)
|
|
323
|
+
- quick: Fast port scan (-F -T4)
|
|
324
|
+
- full: All 65535 ports (-p-) - USE RUSTSCAN INSTEAD
|
|
295
325
|
- stealth: SYN scan with slow timing (-sS -T2)
|
|
296
|
-
- service: Version detection (-sV -sC)
|
|
326
|
+
- service: Version detection (-sV -sC) - USE ON OPEN PORTS
|
|
297
327
|
- vuln: Vulnerability scripts (--script vuln)
|
|
298
328
|
- udp: UDP scan (-sU --top-ports 100)
|
|
299
329
|
- aggressive: Full aggressive scan (-A)`,
|
|
@@ -688,6 +718,7 @@ var execAsync = promisify(exec);
|
|
|
688
718
|
var DOCKER_CONTAINER = process.env.PENTESTING_CONTAINER || "pentesting-tools";
|
|
689
719
|
var FORCE_DOCKER = process.env.PENTESTING_DOCKER === "1";
|
|
690
720
|
var DOCKER_TOOLS = [
|
|
721
|
+
"rustscan",
|
|
691
722
|
"nmap",
|
|
692
723
|
"masscan",
|
|
693
724
|
"gobuster",
|
|
@@ -788,6 +819,9 @@ async function executeToolCall(toolName, input) {
|
|
|
788
819
|
);
|
|
789
820
|
break;
|
|
790
821
|
// network scanning
|
|
822
|
+
case "rustscan":
|
|
823
|
+
result = await executeRustscan(input);
|
|
824
|
+
break;
|
|
791
825
|
case "nmap_scan":
|
|
792
826
|
result = await executeNmapScan(input);
|
|
793
827
|
break;
|
|
@@ -958,6 +992,35 @@ async function listDirectory(dirPath, recursive = false, hidden = false) {
|
|
|
958
992
|
return { success: false, output: "", error: error.message, duration: 0 };
|
|
959
993
|
}
|
|
960
994
|
}
|
|
995
|
+
async function executeRustscan(input) {
|
|
996
|
+
const { target, ports, batch_size, timeout, ulimit, greppable, nmap_args } = input;
|
|
997
|
+
let cmd = `rustscan -a ${target}`;
|
|
998
|
+
if (ports) {
|
|
999
|
+
cmd += ` -p ${ports}`;
|
|
1000
|
+
} else {
|
|
1001
|
+
cmd += ` -r 1-65535`;
|
|
1002
|
+
}
|
|
1003
|
+
if (batch_size) {
|
|
1004
|
+
cmd += ` -b ${batch_size}`;
|
|
1005
|
+
} else {
|
|
1006
|
+
cmd += ` -b 5000`;
|
|
1007
|
+
}
|
|
1008
|
+
if (timeout) {
|
|
1009
|
+
cmd += ` -t ${timeout}`;
|
|
1010
|
+
} else {
|
|
1011
|
+
cmd += ` -t 1500`;
|
|
1012
|
+
}
|
|
1013
|
+
if (ulimit) {
|
|
1014
|
+
cmd += ` -u ${ulimit}`;
|
|
1015
|
+
}
|
|
1016
|
+
if (greppable) {
|
|
1017
|
+
cmd += ` -g`;
|
|
1018
|
+
}
|
|
1019
|
+
if (nmap_args) {
|
|
1020
|
+
cmd += ` -- ${nmap_args}`;
|
|
1021
|
+
}
|
|
1022
|
+
return executeBash(cmd, { timeout: 3e5 });
|
|
1023
|
+
}
|
|
961
1024
|
async function executeNmapScan(input) {
|
|
962
1025
|
const { target, scan_type, ports, scripts, output_file } = input;
|
|
963
1026
|
const scanFlags = {
|
|
@@ -3232,9 +3295,53 @@ ${prompt}`
|
|
|
3232
3295
|
// ===== Target Setting =====
|
|
3233
3296
|
setTarget(target) {
|
|
3234
3297
|
this.state.target.primary = target;
|
|
3298
|
+
if (!this.state.target.discovered.includes(target)) {
|
|
3299
|
+
this.state.target.discovered.push(target);
|
|
3300
|
+
}
|
|
3235
3301
|
this.think(THOUGHT_TYPE.OBSERVATION, `Target Setting: ${target}`);
|
|
3236
3302
|
this.emit(AGENT_EVENT.TARGET_SET, target);
|
|
3237
3303
|
}
|
|
3304
|
+
/**
|
|
3305
|
+
* Add a target to the discovered list (multi-target support)
|
|
3306
|
+
*/
|
|
3307
|
+
addTarget(target) {
|
|
3308
|
+
if (this.state.target.discovered.includes(target)) {
|
|
3309
|
+
return false;
|
|
3310
|
+
}
|
|
3311
|
+
this.state.target.discovered.push(target);
|
|
3312
|
+
if (!this.state.target.primary) {
|
|
3313
|
+
this.state.target.primary = target;
|
|
3314
|
+
}
|
|
3315
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Target added: ${target}`);
|
|
3316
|
+
this.emit(AGENT_EVENT.TARGET_SET, { target, action: "added" });
|
|
3317
|
+
return true;
|
|
3318
|
+
}
|
|
3319
|
+
/**
|
|
3320
|
+
* Remove a target from the discovered list
|
|
3321
|
+
*/
|
|
3322
|
+
removeTarget(target) {
|
|
3323
|
+
const index = this.state.target.discovered.indexOf(target);
|
|
3324
|
+
if (index === -1) {
|
|
3325
|
+
return false;
|
|
3326
|
+
}
|
|
3327
|
+
this.state.target.discovered.splice(index, 1);
|
|
3328
|
+
if (this.state.target.primary === target) {
|
|
3329
|
+
this.state.target.primary = this.state.target.discovered[0] || "";
|
|
3330
|
+
}
|
|
3331
|
+
this.think(THOUGHT_TYPE.OBSERVATION, `Target removed: ${target}`);
|
|
3332
|
+
this.emit(AGENT_EVENT.TARGET_SET, { target, action: "removed" });
|
|
3333
|
+
return true;
|
|
3334
|
+
}
|
|
3335
|
+
/**
|
|
3336
|
+
* Get all targets (primary + discovered)
|
|
3337
|
+
*/
|
|
3338
|
+
getAllTargets() {
|
|
3339
|
+
const targets = [...this.state.target.discovered];
|
|
3340
|
+
if (this.state.target.primary && !targets.includes(this.state.target.primary)) {
|
|
3341
|
+
targets.unshift(this.state.target.primary);
|
|
3342
|
+
}
|
|
3343
|
+
return targets;
|
|
3344
|
+
}
|
|
3238
3345
|
// ===== Phase Management =====
|
|
3239
3346
|
getCurrentPhase() {
|
|
3240
3347
|
return this.state.phases.find((p) => p.id === this.state.currentPhase);
|
|
@@ -5240,7 +5347,7 @@ var App = ({ autoApprove = false, target }) => {
|
|
|
5240
5347
|
setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
|
|
5241
5348
|
}
|
|
5242
5349
|
});
|
|
5243
|
-
import("./auto-update-
|
|
5350
|
+
import("./auto-update-CVZG3YKL.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
|
|
5244
5351
|
checkForUpdateAsync().then((result) => {
|
|
5245
5352
|
if (result.hasUpdate) {
|
|
5246
5353
|
const notification = formatUpdateNotification(result);
|
|
@@ -5461,7 +5568,8 @@ var App = ({ autoApprove = false, target }) => {
|
|
|
5461
5568
|
addMessage(
|
|
5462
5569
|
MESSAGE_TYPE.SYSTEM,
|
|
5463
5570
|
`\u2500\u2500 Core \u2500\u2500
|
|
5464
|
-
/target
|
|
5571
|
+
/target [domain|ip] Set/show targets
|
|
5572
|
+
add <t> list rm <t> set <t>
|
|
5465
5573
|
/start [goal] Start autonomous pentest
|
|
5466
5574
|
/stop Stop operation
|
|
5467
5575
|
/status Show status report
|
|
@@ -5497,11 +5605,76 @@ pentesting v${APP_VERSION}`
|
|
|
5497
5605
|
return;
|
|
5498
5606
|
case CLI_COMMAND.TARGET:
|
|
5499
5607
|
case "t":
|
|
5500
|
-
|
|
5501
|
-
|
|
5502
|
-
|
|
5503
|
-
|
|
5504
|
-
|
|
5608
|
+
const subCmd = args[0]?.toLowerCase();
|
|
5609
|
+
const targetArg = args.slice(1).join(" ") || args[0];
|
|
5610
|
+
if (!subCmd) {
|
|
5611
|
+
const allTargets = agent.getAllTargets();
|
|
5612
|
+
if (allTargets.length === 0) {
|
|
5613
|
+
addMessage(MESSAGE_TYPE.SYSTEM, `
|
|
5614
|
+
\u{1F3AF} No targets set
|
|
5615
|
+
|
|
5616
|
+
Usage:
|
|
5617
|
+
/target <domain|ip> Set primary target
|
|
5618
|
+
/target add <target> Add target to list
|
|
5619
|
+
/target list Show all targets
|
|
5620
|
+
/target rm <target> Remove target
|
|
5621
|
+
/target set <target> Set as primary`);
|
|
5622
|
+
} else {
|
|
5623
|
+
const primary = agent.getState().target.primary;
|
|
5624
|
+
const targetList = allTargets.map(
|
|
5625
|
+
(t) => t === primary ? ` \u2605 ${t} (primary)` : ` ${t}`
|
|
5626
|
+
).join("\n");
|
|
5627
|
+
addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F3AF} Targets:
|
|
5628
|
+
${targetList}`);
|
|
5629
|
+
}
|
|
5630
|
+
return;
|
|
5631
|
+
}
|
|
5632
|
+
switch (subCmd) {
|
|
5633
|
+
case "add":
|
|
5634
|
+
case "+":
|
|
5635
|
+
if (args[1]) {
|
|
5636
|
+
const added = agent.addTarget(args[1]);
|
|
5637
|
+
addMessage(MESSAGE_TYPE.SYSTEM, added ? `\u2713 Target added: ${args[1]}` : `Already exists: ${args[1]}`);
|
|
5638
|
+
} else {
|
|
5639
|
+
addMessage(MESSAGE_TYPE.ERROR, "Usage: /target add <domain|ip>");
|
|
5640
|
+
}
|
|
5641
|
+
break;
|
|
5642
|
+
case "list":
|
|
5643
|
+
case "ls":
|
|
5644
|
+
const targets = agent.getAllTargets();
|
|
5645
|
+
if (targets.length === 0) {
|
|
5646
|
+
addMessage(MESSAGE_TYPE.SYSTEM, "No targets");
|
|
5647
|
+
} else {
|
|
5648
|
+
const primary = agent.getState().target.primary;
|
|
5649
|
+
const list = targets.map(
|
|
5650
|
+
(t, i) => t === primary ? ` ${i + 1}. \u2605 ${t}` : ` ${i + 1}. ${t}`
|
|
5651
|
+
).join("\n");
|
|
5652
|
+
addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F3AF} Targets (${targets.length}):
|
|
5653
|
+
${list}`);
|
|
5654
|
+
}
|
|
5655
|
+
break;
|
|
5656
|
+
case "rm":
|
|
5657
|
+
case "remove":
|
|
5658
|
+
case "-":
|
|
5659
|
+
if (args[1]) {
|
|
5660
|
+
const removed = agent.removeTarget(args[1]);
|
|
5661
|
+
addMessage(MESSAGE_TYPE.SYSTEM, removed ? `\u2713 Target removed: ${args[1]}` : `Not found: ${args[1]}`);
|
|
5662
|
+
} else {
|
|
5663
|
+
addMessage(MESSAGE_TYPE.ERROR, "Usage: /target rm <domain|ip>");
|
|
5664
|
+
}
|
|
5665
|
+
break;
|
|
5666
|
+
case "set":
|
|
5667
|
+
case "primary":
|
|
5668
|
+
if (args[1]) {
|
|
5669
|
+
agent.setTarget(args[1]);
|
|
5670
|
+
addMessage(MESSAGE_TYPE.SYSTEM, `\u2605 Primary target \u2192 ${args[1]}`);
|
|
5671
|
+
} else {
|
|
5672
|
+
addMessage(MESSAGE_TYPE.ERROR, "Usage: /target set <domain|ip>");
|
|
5673
|
+
}
|
|
5674
|
+
break;
|
|
5675
|
+
default:
|
|
5676
|
+
agent.setTarget(subCmd);
|
|
5677
|
+
addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F3AF} Target \u2192 ${subCmd}`);
|
|
5505
5678
|
}
|
|
5506
5679
|
return;
|
|
5507
5680
|
case CLI_COMMAND.START:
|
|
@@ -5768,7 +5941,7 @@ pentesting v${APP_VERSION}`
|
|
|
5768
5941
|
return;
|
|
5769
5942
|
case "update":
|
|
5770
5943
|
try {
|
|
5771
|
-
const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-
|
|
5944
|
+
const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-B6HRINH6.js");
|
|
5772
5945
|
const result = checkForUpdate(true);
|
|
5773
5946
|
if (result.hasUpdate) {
|
|
5774
5947
|
const notification = formatUpdateNotification(result);
|
|
@@ -5987,12 +6160,14 @@ pentesting v${APP_VERSION}`
|
|
|
5987
6160
|
mode === "agent" ? "\u{1F916}" : "$",
|
|
5988
6161
|
" ",
|
|
5989
6162
|
state.target.primary || "No target",
|
|
6163
|
+
state.target.discovered.length > 1 && ` (+${state.target.discovered.length - 1})`,
|
|
5990
6164
|
" \u2502",
|
|
5991
6165
|
state.findings.length,
|
|
5992
6166
|
" findings \u2502",
|
|
5993
6167
|
state.credentials.length,
|
|
5994
6168
|
" creds \u2502",
|
|
5995
|
-
|
|
6169
|
+
`${(tokenUsage.total / 1e3).toFixed(1)}k tokens`,
|
|
6170
|
+
" \u2502",
|
|
5996
6171
|
state.currentPhase !== AGENT_STATUS.IDLE && ` ${state.currentPhase} \u2502`
|
|
5997
6172
|
] }),
|
|
5998
6173
|
/* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
|
|
@@ -8,8 +8,8 @@ import {
|
|
|
8
8
|
readVersionCache,
|
|
9
9
|
semverTuple,
|
|
10
10
|
writeVersionCache
|
|
11
|
-
} from "./chunk-
|
|
12
|
-
import "./chunk-
|
|
11
|
+
} from "./chunk-TK3QEEDA.js";
|
|
12
|
+
import "./chunk-CKXQT3ON.js";
|
|
13
13
|
import "./chunk-3RG5ZIWI.js";
|
|
14
14
|
export {
|
|
15
15
|
checkForUpdate,
|