pentesting 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{auto-update-QFDCCKMW.js → auto-update-23RX6SWZ.js} +2 -2
- package/dist/{chunk-LP7NNB7C.js → chunk-6MCOPWPF.js} +1 -1
- package/dist/{chunk-CJOLRYUP.js → chunk-6RVVWSNN.js} +24 -2
- package/dist/index.js +112 -11
- package/dist/{update-OI7M5ERV.js → update-6I3E5PSP.js} +2 -2
- package/package.json +1 -1
|
@@ -8,8 +8,8 @@ import {
|
|
|
8
8
|
readVersionCache,
|
|
9
9
|
semverTuple,
|
|
10
10
|
writeVersionCache
|
|
11
|
-
} from "./chunk-
|
|
12
|
-
import "./chunk-
|
|
11
|
+
} from "./chunk-6MCOPWPF.js";
|
|
12
|
+
import "./chunk-6RVVWSNN.js";
|
|
13
13
|
import "./chunk-3RG5ZIWI.js";
|
|
14
14
|
export {
|
|
15
15
|
checkForUpdate,
|
|
@@ -93,11 +93,30 @@ var TOOL_NAME = {
|
|
|
93
93
|
READ_FILE: "read_file",
|
|
94
94
|
WRITE_FILE: "write_file",
|
|
95
95
|
LIST_DIRECTORY: "list_directory",
|
|
96
|
-
// Network - Basic
|
|
96
|
+
// Network - Basic Connectivity
|
|
97
|
+
PING: "ping",
|
|
98
|
+
TRACEROUTE: "traceroute",
|
|
97
99
|
RUSTSCAN: "rustscan",
|
|
98
100
|
NMAP_SCAN: "nmap_scan",
|
|
101
|
+
MASSCAN: "masscan",
|
|
99
102
|
TCPDUMP_CAPTURE: "tcpdump_capture",
|
|
100
103
|
NETCAT: "netcat",
|
|
104
|
+
// DNS & Subdomain
|
|
105
|
+
DIG: "dig",
|
|
106
|
+
HOST: "host",
|
|
107
|
+
NSLOOKUP: "nslookup",
|
|
108
|
+
WHOIS: "whois",
|
|
109
|
+
SUBFINDER: "subfinder",
|
|
110
|
+
AMASS: "amass",
|
|
111
|
+
DNSENUM: "dnsenum",
|
|
112
|
+
// Web Recon & Tech Identification
|
|
113
|
+
WHATWEB: "whatweb",
|
|
114
|
+
HTTPX: "httpx",
|
|
115
|
+
NUCLEI: "nuclei",
|
|
116
|
+
NIKTO: "nikto",
|
|
117
|
+
FFUF: "ffuf",
|
|
118
|
+
FEROXBUSTER: "feroxbuster",
|
|
119
|
+
WAYBACKURLS: "waybackurls",
|
|
101
120
|
// Windows/SMB/AD
|
|
102
121
|
SMB_ENUM: "smb_enum",
|
|
103
122
|
ENUM4LINUX: "enum4linux",
|
|
@@ -109,9 +128,12 @@ var TOOL_NAME = {
|
|
|
109
128
|
LDAP_SEARCH: "ldap_search",
|
|
110
129
|
KERBRUTE: "kerbrute",
|
|
111
130
|
BLOODHOUND: "bloodhound",
|
|
112
|
-
// Database
|
|
131
|
+
// Database Clients
|
|
113
132
|
MSSQL_CLIENT: "mssql_client",
|
|
114
133
|
MYSQL_CLIENT: "mysql_client",
|
|
134
|
+
PSQL_CLIENT: "psql_client",
|
|
135
|
+
REDIS_CLI: "redis_cli",
|
|
136
|
+
MONGO_CLIENT: "mongo_client",
|
|
115
137
|
// Web
|
|
116
138
|
WEB_REQUEST: "web_request",
|
|
117
139
|
DIRECTORY_BRUTEFORCE: "directory_bruteforce",
|
package/dist/index.js
CHANGED
|
@@ -15,7 +15,7 @@ import {
|
|
|
15
15
|
PHASE_STATUS,
|
|
16
16
|
THOUGHT_TYPE,
|
|
17
17
|
TOOL_NAME
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-6RVVWSNN.js";
|
|
19
19
|
import {
|
|
20
20
|
__require
|
|
21
21
|
} from "./chunk-3RG5ZIWI.js";
|
|
@@ -2303,23 +2303,124 @@ var HIGH_RISK_PATTERNS = [
|
|
|
2303
2303
|
/meterpreter/i,
|
|
2304
2304
|
/mimikatz/i
|
|
2305
2305
|
];
|
|
2306
|
+
var LOW_RISK_TOOLS = [
|
|
2307
|
+
"ping",
|
|
2308
|
+
"traceroute",
|
|
2309
|
+
"tracert",
|
|
2310
|
+
"mtr",
|
|
2311
|
+
"dig",
|
|
2312
|
+
"host",
|
|
2313
|
+
"nslookup",
|
|
2314
|
+
"whois",
|
|
2315
|
+
"dnsenum",
|
|
2316
|
+
"curl",
|
|
2317
|
+
"wget",
|
|
2318
|
+
"httpx",
|
|
2319
|
+
"whatweb",
|
|
2320
|
+
"rustscan",
|
|
2321
|
+
"nmap_scan",
|
|
2322
|
+
"nmap",
|
|
2323
|
+
"masscan",
|
|
2324
|
+
"subfinder",
|
|
2325
|
+
"amass",
|
|
2326
|
+
"assetfinder",
|
|
2327
|
+
"ffuf",
|
|
2328
|
+
"gobuster",
|
|
2329
|
+
"feroxbuster",
|
|
2330
|
+
"dirsearch",
|
|
2331
|
+
"smbclient",
|
|
2332
|
+
"rpcclient",
|
|
2333
|
+
"enum4linux",
|
|
2334
|
+
"ldapsearch",
|
|
2335
|
+
"netcat",
|
|
2336
|
+
"nc",
|
|
2337
|
+
"telnet",
|
|
2338
|
+
"ftp",
|
|
2339
|
+
"read_file",
|
|
2340
|
+
"list_directory",
|
|
2341
|
+
"cat",
|
|
2342
|
+
"ls",
|
|
2343
|
+
"find",
|
|
2344
|
+
"grep",
|
|
2345
|
+
"searchsploit",
|
|
2346
|
+
"nikto",
|
|
2347
|
+
"nuclei",
|
|
2348
|
+
"web_request",
|
|
2349
|
+
"directory_bruteforce"
|
|
2350
|
+
];
|
|
2351
|
+
var LOW_RISK_PATTERNS = [
|
|
2352
|
+
/^ping\s/i,
|
|
2353
|
+
/^traceroute\s/i,
|
|
2354
|
+
/^tracert\s/i,
|
|
2355
|
+
/^mtr\s/i,
|
|
2356
|
+
/^dig\s/i,
|
|
2357
|
+
/^host\s/i,
|
|
2358
|
+
/^nslookup\s/i,
|
|
2359
|
+
/^whois\s/i,
|
|
2360
|
+
/^curl\s/i,
|
|
2361
|
+
/^wget\s/i,
|
|
2362
|
+
/^nmap\s/i,
|
|
2363
|
+
/^rustscan\s/i,
|
|
2364
|
+
/^masscan\s/i,
|
|
2365
|
+
/^subfinder/i,
|
|
2366
|
+
/^amass\s/i,
|
|
2367
|
+
/^ffuf\s/i,
|
|
2368
|
+
/^gobuster\s/i,
|
|
2369
|
+
/^feroxbuster\s/i,
|
|
2370
|
+
/^whatweb\s/i,
|
|
2371
|
+
/^httpx\s/i,
|
|
2372
|
+
/^nikto\s/i,
|
|
2373
|
+
/^nuclei\s/i,
|
|
2374
|
+
/^smbclient\s/i,
|
|
2375
|
+
/^rpcclient\s/i,
|
|
2376
|
+
/^enum4linux\s/i,
|
|
2377
|
+
/^ldapsearch\s/i,
|
|
2378
|
+
/^crackmapexec\s.*--shares/i,
|
|
2379
|
+
/^crackmapexec\s.*--users/i,
|
|
2380
|
+
/^searchsploit\s/i,
|
|
2381
|
+
/^cat\s/i,
|
|
2382
|
+
/^ls\s/i,
|
|
2383
|
+
/^find\s/i,
|
|
2384
|
+
/^grep\s/i,
|
|
2385
|
+
/^head\s/i,
|
|
2386
|
+
/^tail\s/i,
|
|
2387
|
+
/^file\s/i,
|
|
2388
|
+
/^strings\s/i,
|
|
2389
|
+
/^netstat/i,
|
|
2390
|
+
/^ss\s/i,
|
|
2391
|
+
/^arp\s/i,
|
|
2392
|
+
/^ip\s+a/i,
|
|
2393
|
+
/^ifconfig/i,
|
|
2394
|
+
/^id$/i,
|
|
2395
|
+
/^whoami$/i,
|
|
2396
|
+
/^uname/i,
|
|
2397
|
+
/^hostname/i,
|
|
2398
|
+
/^pwd$/i,
|
|
2399
|
+
/^env$/i,
|
|
2400
|
+
/^echo\s/i
|
|
2401
|
+
];
|
|
2306
2402
|
function assessRisk(toolName, toolInput) {
|
|
2307
2403
|
const inputStr = JSON.stringify(toolInput).toLowerCase();
|
|
2404
|
+
const command = toolInput.command || "";
|
|
2308
2405
|
for (const pattern of HIGH_RISK_PATTERNS) {
|
|
2309
|
-
if (pattern.test(inputStr)) {
|
|
2406
|
+
if (pattern.test(inputStr) || pattern.test(command)) {
|
|
2310
2407
|
return "critical";
|
|
2311
2408
|
}
|
|
2312
2409
|
}
|
|
2313
|
-
if (
|
|
2314
|
-
return "
|
|
2410
|
+
if (LOW_RISK_TOOLS.includes(toolName)) {
|
|
2411
|
+
return "low";
|
|
2315
2412
|
}
|
|
2316
|
-
if (toolName
|
|
2317
|
-
|
|
2413
|
+
if (toolName === "bash" && command) {
|
|
2414
|
+
for (const pattern of LOW_RISK_PATTERNS) {
|
|
2415
|
+
if (pattern.test(command.trim())) {
|
|
2416
|
+
return "low";
|
|
2417
|
+
}
|
|
2418
|
+
}
|
|
2318
2419
|
}
|
|
2319
|
-
if (
|
|
2320
|
-
return "
|
|
2420
|
+
if (CRITICAL_TOOLS.includes(toolName)) {
|
|
2421
|
+
return "high";
|
|
2321
2422
|
}
|
|
2322
|
-
return "
|
|
2423
|
+
return "medium";
|
|
2323
2424
|
}
|
|
2324
2425
|
function generateRequestId() {
|
|
2325
2426
|
return `approval_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
|
|
@@ -5951,7 +6052,7 @@ var App = ({ autoApprove = false, target }) => {
|
|
|
5951
6052
|
setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
|
|
5952
6053
|
}
|
|
5953
6054
|
});
|
|
5954
|
-
import("./auto-update-
|
|
6055
|
+
import("./auto-update-23RX6SWZ.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
|
|
5955
6056
|
checkForUpdateAsync().then((result) => {
|
|
5956
6057
|
if (result.hasUpdate) {
|
|
5957
6058
|
const notification = formatUpdateNotification(result);
|
|
@@ -6545,7 +6646,7 @@ ${list}`);
|
|
|
6545
6646
|
return;
|
|
6546
6647
|
case "update":
|
|
6547
6648
|
try {
|
|
6548
|
-
const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-
|
|
6649
|
+
const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-6I3E5PSP.js");
|
|
6549
6650
|
const result = checkForUpdate(true);
|
|
6550
6651
|
if (result.hasUpdate) {
|
|
6551
6652
|
const notification = formatUpdateNotification(result);
|
|
@@ -8,8 +8,8 @@ import {
|
|
|
8
8
|
readVersionCache,
|
|
9
9
|
semverTuple,
|
|
10
10
|
writeVersionCache
|
|
11
|
-
} from "./chunk-
|
|
12
|
-
import "./chunk-
|
|
11
|
+
} from "./chunk-6MCOPWPF.js";
|
|
12
|
+
import "./chunk-6RVVWSNN.js";
|
|
13
13
|
import "./chunk-3RG5ZIWI.js";
|
|
14
14
|
export {
|
|
15
15
|
checkForUpdate,
|