npm - pentesting - Versions diffs - 0.56.2 → 0.56.3 - Mend

pentesting 0.56.2 → 0.56.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/main.js +121 -24
package/package.json +1 -1

package/dist/main.js CHANGED Viewed

@@ -711,7 +711,7 @@ var INPUT_PROMPT_PATTERNS = [
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.56.2";
+var APP_VERSION = "0.56.3";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -14929,6 +14929,15 @@ var boxLine = (content, width) => {
   const truncated = content.length > inner ? content.slice(0, inner - 1) + "\u2026" : content;
   return `\u2502 ${truncated.padEnd(inner - 1)}`;
 };
+var formatTargetLine = (target) => {
+  if (target.ports.length === 0) return target.ip;
+  const portList = target.ports.map((p) => `${p.port}`).join(", ");
+  return `${target.ip} \u2192 ${target.ip}:${portList}`;
+};
+var formatServiceLabel = (target, port) => {
+  const svc = port.version ? `${port.service}/${port.version}` : port.service;
+  return `${target.ip}:${port.port} (${svc})`;
+};
 var formatFindingsWithFlags = (findings, flags) => {
   const findingsOutput = formatFindings(findings);
   const flagsOutput = formatFlags(flags);
@@ -14938,41 +14947,108 @@ ${flagsOutput}`;
   }
   return findingsOutput;
 };
-var formatGraphWithSummary = (_graphASCII, findings, flags) => {
+var formatGraphWithSummary = (state, findings, flags) => {
   const lines = [];
   const w = getBoxWidth();
   const innerDash = w - 2;
-  lines.push(`\u250C${"\u2500".repeat(innerDash)}\u2510`);
-  lines.push(boxLine(`\u{1F5A5} 1  \u26A0 ${findings.length}  \u2699 1`, w));
-  lines.push(boxLine("", w));
-  lines.push(boxLine("\u{1F5A5} HOST (1)", w));
-  lines.push(boxLine(`  \u25CB 138.2.89.94 \u2192 138.2.89.94:443`, w));
+  const targets = state.getAllTargets();
+  const graphStats = state.attackGraph.getStats();
+  const allNodes = state.attackGraph.getAllNodes();
+  const hostNodes = allNodes.filter((n) => n.type === NODE_TYPE.HOST);
+  const serviceNodes = allNodes.filter((n) => n.type === NODE_TYPE.SERVICE);
+  const vulnNodes = allNodes.filter((n) => n.type === NODE_TYPE.VULNERABILITY);
+  const hostCount = hostNodes.length || targets.length;
+  const serviceCount = serviceNodes.length || targets.reduce((sum, t) => sum + t.ports.length, 0);
+  const vulnCount = findings.length;
+  const topTitle = "\u2500\u2500\u2500 Attack Graph ";
+  lines.push(`\u250C${topTitle}${"\u2500".repeat(Math.max(0, innerDash - topTitle.length))}\u2510`);
+  lines.push(boxLine(`\u{1F5A5} ${hostCount}  \u26A0 ${vulnCount}  \u2699 ${serviceCount}`, w));
   lines.push(boxLine("", w));
-  lines.push(boxLine(`\u26A0 VULNERABILITY (${findings.length})`, w));
-  const sortedFindings = [...findings].sort((a, b) => b.confidence - a.confidence).slice(0, 5);
-  for (const f of sortedFindings) {
-    const icon = confIcon(f.confidence);
-    const cat = f.category ? ` \u2502 ${f.category}` : "";
-    lines.push(boxLine(`  \u25CB ${icon} ${f.title.slice(0, 60)}${f.title.length > 60 ? "..." : ""}`, w));
-    lines.push(boxLine(`      ${confLabel(f.confidence).toUpperCase()} \u2502 ${f.severity.toUpperCase()}${cat}`, w));
+  lines.push(boxLine(`\u{1F5A5} HOST (${hostCount})`, w));
+  if (targets.length > 0) {
+    for (const t of targets.slice(0, 5)) {
+      lines.push(boxLine(`  \u25CB ${formatTargetLine(t)}`, w));
+    }
+    if (targets.length > 5) {
+      lines.push(boxLine(`  ... and ${targets.length - 5} more hosts`, w));
+    }
+  } else if (hostNodes.length > 0) {
+    for (const node of hostNodes.slice(0, 5)) {
+      lines.push(boxLine(`  \u25CB ${node.label}`, w));
+    }
+    if (hostNodes.length > 5) {
+      lines.push(boxLine(`  ... and ${hostNodes.length - 5} more hosts`, w));
+    }
+  } else {
+    lines.push(boxLine("  (no hosts discovered)", w));
   }
-  if (findings.length > 5) {
-    lines.push(boxLine(`  ... and ${findings.length - 5} more findings`, w));
+  lines.push(boxLine("", w));
+  lines.push(boxLine(`\u26A0 VULNERABILITY (${vulnCount})`, w));
+  if (findings.length > 0) {
+    const sortedFindings = [...findings].sort((a, b) => b.confidence - a.confidence).slice(0, 5);
+    for (const f of sortedFindings) {
+      const icon = confIcon(f.confidence);
+      const cat = f.category ? ` \u2502 ${f.category}` : "";
+      lines.push(boxLine(`  \u25CB ${icon} ${f.title.slice(0, 60)}${f.title.length > 60 ? "..." : ""}`, w));
+      lines.push(boxLine(`      ${confLabel(f.confidence).toUpperCase()} \u2502 ${f.severity.toUpperCase()}${cat}`, w));
+    }
+    if (findings.length > 5) {
+      lines.push(boxLine(`  ... and ${findings.length - 5} more findings`, w));
+    }
+  } else if (vulnNodes.length > 0) {
+    for (const node of vulnNodes.slice(0, 5)) {
+      lines.push(boxLine(`  \u25CB ${node.label}`, w));
+    }
+    if (vulnNodes.length > 5) {
+      lines.push(boxLine(`  ... and ${vulnNodes.length - 5} more`, w));
+    }
+  } else {
+    lines.push(boxLine("  (no vulnerabilities found)", w));
   }
   const cveFindings = findings.filter((f) => f.title.includes("CVE"));
   if (cveFindings.length > 0) {
-    lines.push(boxLine(`  \u25CB CVE search: https nginx/1.24.0 (Ubuntu) -> Apache CouchDB 3.5.1`, w));
+    const cveList = cveFindings.slice(0, 3).map((f) => f.title.match(/CVE-\d{4}-\d+/)?.[0] ?? f.title).join(", ");
+    const suffix = cveFindings.length > 3 ? ` (+${cveFindings.length - 3} more)` : "";
+    lines.push(boxLine(`  \u25CB CVE found: ${cveList}${suffix}`, w));
   }
   lines.push(boxLine("", w));
-  lines.push(boxLine("\u2699 SERVICE (1)", w));
-  lines.push(boxLine(`  \u25CB 138.2.89.94:443 (nginx/1.24.0 (Ubuntu) -> Apache CouchDB 3.5.1)`, w));
+  lines.push(boxLine(`\u2699 SERVICE (${serviceCount})`, w));
+  if (targets.length > 0) {
+    let shownServices = 0;
+    const maxShow = 5;
+    for (const t of targets) {
+      for (const p of t.ports) {
+        if (shownServices >= maxShow) break;
+        lines.push(boxLine(`  \u25CB ${formatServiceLabel(t, p)}`, w));
+        shownServices++;
+      }
+      if (shownServices >= maxShow) break;
+    }
+    const totalServices = targets.reduce((sum, t) => sum + t.ports.length, 0);
+    if (totalServices > maxShow) {
+      lines.push(boxLine(`  ... and ${totalServices - maxShow} more services`, w));
+    }
+  } else if (serviceNodes.length > 0) {
+    for (const node of serviceNodes.slice(0, 5)) {
+      lines.push(boxLine(`  \u25CB ${node.label}`, w));
+    }
+    if (serviceNodes.length > 5) {
+      lines.push(boxLine(`  ... and ${serviceNodes.length - 5} more`, w));
+    }
+  } else {
+    lines.push(boxLine("  (no services discovered)", w));
+  }
   if (flags.length > 0) {
     lines.push(boxLine("", w));
     lines.push(boxLine(`\u{1F3F4} Captured: ${flags.length}`, w));
   }
   lines.push(boxLine("", w));
-  lines.push(`\u251C${"\u2500".repeat(innerDash)}\u2524`);
-  lines.push(boxLine(`Nodes: ${findings.length + 2} | Edges: 2 | Succeeded: 0 | Failed: 0 | Chains: 0`, w));
+  const midTitle = "\u2500\u2500\u2500 Summary ";
+  lines.push(`\u251C${midTitle}${"\u2500".repeat(Math.max(0, innerDash - midTitle.length))}\u2524`);
+  lines.push(boxLine(
+    `Nodes: ${graphStats.nodes} | Edges: ${graphStats.edges} | Succeeded: ${graphStats.succeeded} | Failed: ${graphStats.failed} | Chains: ${graphStats.chains}`,
+    w
+  ));
   lines.push(`\u2514${"\u2500".repeat(innerDash)}\u2518`);
   return lines.join("\n");
 };
@@ -15031,7 +15107,7 @@ ${procData.stdout || "(no output)"}
     const flags = state.getFlags();
     const graphASCII = state.attackGraph.toASCII();
     if (state.attackGraph.isEmpty() && (findings.length > 0 || flags.length > 0)) {
-      ctx.showModal("graph", formatGraphWithSummary(graphASCII, findings, flags));
+      ctx.showModal("graph", formatGraphWithSummary(state, findings, flags));
     } else {
       let output = graphASCII;
       if (flags.length > 0) {
@@ -15046,7 +15122,7 @@ ${procData.stdout || "(no output)"}
     const flags = state.getFlags();
     const graphASCII = state.attackGraph.toASCII();
     if (state.attackGraph.isEmpty() && (findings.length > 0 || flags.length > 0)) {
-      ctx.showModal("graph", formatGraphWithSummary(graphASCII, findings, flags));
+      ctx.showModal("graph", formatGraphWithSummary(state, findings, flags));
     } else {
       let output = graphASCII;
       if (flags.length > 0) {
@@ -16306,6 +16382,27 @@ var ChatInput = memo10(({
     setSelectedIdx(0);
     setInputKey((k) => k + 1);
   }, []);
+  const onSubmitRef = useRef8(onSubmit);
+  onSubmitRef.current = onSubmit;
+  const wrappedOnSubmit = useCallback9((val) => {
+    if (showPreviewRef.current) {
+      const sug = suggestionsRef.current;
+      if (!sug.length) {
+        onSubmitRef.current(val);
+        return;
+      }
+      const best = sug[Math.min(selectedIdxRef.current, sug.length - 1)];
+      if (best.args) {
+        completeCommand(selectedIdxRef.current);
+      } else {
+        const completed = `/${best.name}`;
+        onChangeRef.current(completed);
+        onSubmitRef.current(completed);
+      }
+      return;
+    }
+    onSubmitRef.current(val);
+  }, [completeCommand]);
   useInput3(useCallback9((_input, key) => {
     if (inputRequestRef.current.status === "active") return;
     const sug = suggestionsRef.current;
@@ -16349,7 +16446,7 @@ var ChatInput = memo10(({
           inputKey,
           value,
           onChange,
-          onSubmit,
+          onSubmit: wrappedOnSubmit,
           placeholder
         }
       )

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.56.2",
+  "version": "0.56.3",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",