pentesting 0.55.3 → 0.55.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/main.js +1126 -506
  2. package/dist/prompts/base.md +25 -1
  3. package/package.json +2 -2
package/dist/prompts/base.md CHANGED
@@ -179,12 +179,36 @@ When all attack vectors are exhausted → `ask_user` to confirm before stopping.
179
179
  Read `[TOOL ERROR ANALYSIS]` and fix immediately:
180
180
  - `missing parameter` → add it → retry
181
181
  - `command not found` → install or use alternative
182
- - `permission denied` → sudo or different approach
183
182
  - `timeout` → increase timeout, reduce scope, or different tool
184
183
  - `unrecognized option` or `invalid flag` → **STOP guessing.** Immediately run `--help` or `web_search("{tool} usage")` before retrying.
185
184
  - Unknown error → `web_search("{tool} {error_message}")` → apply solution
186
185
  - **2 consecutive same failures → switch approach entirely**
187
186
 
187
+ ### 4.5. Permission Denied = Privesc Mode (AUTO-TRIGGER)
188
+
189
+ When you see `Permission denied` on a target file (flags, /root/, /home/*, configs, any high-value file):
190
+
191
+ **This is not an error. This is an OBJECTIVE.**
192
+
193
+ Your brain should instantly shift:
194
+ ```
195
+ "Can't read X" → "Get root, then read X"
196
+ ```
197
+
198
+ **Immediate reflex actions (pick what fits the context):**
199
+ - Shell available? Run: `id`, `sudo -l`, `find / -perm -4000 2>/dev/null`
200
+ - In container? Check: `/.dockerenv`, `/proc/1/cgroup`, `capsh --print`
201
+ - Web shell only? Enumerate via web: `?cmd=id`, `?cmd=sudo -l`
202
+ - Credentials found earlier? Try: `su -`, `ssh root@localhost`
203
+
204
+ **Think like this:**
205
+ > "Permission denied on flag_privesc.txt? Cool, that's the final boss.
206
+ > I have shell access as ctfuser. What privesc vectors exist?
207
+ > SUID binaries? Sudo misconfig? Kernel exploit? Container escape?"
208
+
209
+ **Never just note "Permission denied" and move on.**
210
+ That file becomes your #1 priority until you can read it or exhaust ALL privesc options.
211
+
188
212
  ### 5. Search = Weapon
189
213
 
190
214
  `web_search` for every service version (CVEs), every error, every blocked approach.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pentesting",
3
- "version": "0.55.3",
3
+ "version": "0.55.5",
4
4
  "description": "Autonomous Penetration Testing AI Agent",
5
5
  "type": "module",
6
6
  "main": "dist/main.js",
@@ -29,7 +29,7 @@
29
29
  "release:patch": "npm version patch && npm run build && npm run publish:token",
30
30
  "release:minor": "npm version minor && npm run build && npm run publish:token",
31
31
  "release:major": "npm version major && npm run build && npm run publish:token",
32
- "release:docker": "docker buildx build -f Dockerfile --platform linux/amd64,linux/arm64 -t agnusdei1207/pentesting:latest --push .",
32
+ "release:docker": "docker buildx build --no-cache -f Dockerfile --platform linux/amd64,linux/arm64 -t agnusdei1207/pentesting:latest --push .",
33
33
  "check": "npm run test && npm run build && npm run release:docker && bash test.sh"
34
34
  },
35
35
  "repository": {