pentesting 0.6.0 → 0.7.0

package/dist/{auto-update-QFDCCKMW.js → auto-update-NF5LOTTR.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-LP7NNB7C.js";
-import "./chunk-CJOLRYUP.js";
+} from "./chunk-NHTHJVRJ.js";
+import "./chunk-FWXRDTSB.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/dist/{chunk-CJOLRYUP.js → chunk-FWXRDTSB.js}

@@ -93,11 +93,41 @@ var TOOL_NAME = {
   READ_FILE: "read_file",
   WRITE_FILE: "write_file",
   LIST_DIRECTORY: "list_directory",
-  // Network - Basic
+  // Network - Basic Connectivity
+  PING: "ping",
+  TRACEROUTE: "traceroute",
   RUSTSCAN: "rustscan",
   NMAP_SCAN: "nmap_scan",
+  MASSCAN: "masscan",
   TCPDUMP_CAPTURE: "tcpdump_capture",
   NETCAT: "netcat",
+  // DNS & Subdomain
+  DIG: "dig",
+  HOST: "host",
+  NSLOOKUP: "nslookup",
+  WHOIS: "whois",
+  SUBFINDER: "subfinder",
+  AMASS: "amass",
+  DNSENUM: "dnsenum",
+  ZONE_TRANSFER: "zone_transfer",
+  // Service Enumeration
+  SNMP_WALK: "snmp_walk",
+  SNMP_CHECK: "snmp_check",
+  ONESIXTYONE: "onesixtyone",
+  FTP_ENUM: "ftp_enum",
+  FTP_ANON: "ftp_anon",
+  NBTSCAN: "nbtscan",
+  RPC_INFO: "rpc_info",
+  SHOWMOUNT: "showmount",
+  TELNET: "telnet",
+  // Web Recon & Tech Identification
+  WHATWEB: "whatweb",
+  HTTPX: "httpx",
+  NUCLEI: "nuclei",
+  NIKTO: "nikto",
+  FFUF: "ffuf",
+  FEROXBUSTER: "feroxbuster",
+  WAYBACKURLS: "waybackurls",
   // Windows/SMB/AD
   SMB_ENUM: "smb_enum",
   ENUM4LINUX: "enum4linux",
@@ -109,9 +139,12 @@ var TOOL_NAME = {
   LDAP_SEARCH: "ldap_search",
   KERBRUTE: "kerbrute",
   BLOODHOUND: "bloodhound",
-  // Database
+  // Database Clients  
   MSSQL_CLIENT: "mssql_client",
   MYSQL_CLIENT: "mysql_client",
+  PSQL_CLIENT: "psql_client",
+  REDIS_CLI: "redis_cli",
+  MONGO_CLIENT: "mongo_client",
   // Web
   WEB_REQUEST: "web_request",
   DIRECTORY_BRUTEFORCE: "directory_bruteforce",
@@ -125,6 +158,7 @@ var TOOL_NAME = {
   BRUTEFORCE_LOGIN: "bruteforce_login",
   CRACK_HASH: "crack_hash",
   DUMP_CREDENTIALS: "dump_credentials",
+  HYDRA: "hydra",
   // Privilege Escalation
   CHECK_SUDO: "check_sudo",
   FIND_SUID: "find_suid",

package/dist/{chunk-LP7NNB7C.js → chunk-NHTHJVRJ.js}

@@ -1,7 +1,7 @@
 import {
   APP_NAME,
   APP_VERSION
-} from "./chunk-CJOLRYUP.js";
+} from "./chunk-FWXRDTSB.js";
 
 // src/core/update/auto-update.ts
 import { execSync } from "child_process";

package/dist/index.js

@@ -15,7 +15,7 @@ import {
   PHASE_STATUS,
   THOUGHT_TYPE,
   TOOL_NAME
-} from "./chunk-CJOLRYUP.js";
+} from "./chunk-FWXRDTSB.js";
 import {
   __require
 } from "./chunk-3RG5ZIWI.js";
@@ -365,6 +365,225 @@ Use for:
     }
   }
 ];
+var SERVICE_TOOLS = [
+  {
+    name: TOOL_NAME.ZONE_TRANSFER,
+    description: `DNS Zone Transfer (AXFR) - Extract all DNS records from a nameserver.
+
+PORT: 53/TCP
+
+USAGE:
+- dig axfr @ns.target.com target.com
+- host -l target.com ns.target.com
+- dnsrecon -d target.com -t axfr
+
+REVEALS: All subdomains, A records, MX, NS, TXT records`,
+    input_schema: {
+      type: "object",
+      properties: {
+        domain: { type: "string", description: "Target domain" },
+        nameserver: { type: "string", description: "Nameserver to query" }
+      },
+      required: ["domain", "nameserver"]
+    }
+  },
+  {
+    name: TOOL_NAME.SNMP_WALK,
+    description: `SNMP enumeration - Walk through SNMP MIB tree.
+
+PORT: 161/UDP
+
+COMMON COMMUNITY STRINGS: public, private, manager, cisco
+
+USAGE:
+- snmpwalk -v1 -c public target
+- snmpwalk -v2c -c public target
+- snmpbulkwalk -v2c -c public target
+
+EXTRACTS: Users, Processes, Network config, Installed software, ARP table`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        community: { type: "string", description: "Community string (default: public)" },
+        version: { type: "string", enum: ["1", "2c", "3"], description: "SNMP version" },
+        oid: { type: "string", description: "OID to walk (default: all)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.SNMP_CHECK,
+    description: `snmp-check - Enumerate SNMP devices for information.
+
+Extracts: System info, User accounts, Network info, Routing, TCP/UDP connections`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        community: { type: "string", description: "Community string" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.ONESIXTYONE,
+    description: `onesixtyone - Fast SNMP community string bruteforcer.
+
+PORT: 161/UDP
+
+USAGE: onesixtyone -c community_list.txt target`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/range" },
+        wordlist: { type: "string", description: "Community strings wordlist" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.FTP_ENUM,
+    description: `FTP enumeration and testing.
+
+PORT: 21/TCP
+
+CHECKS:
+- Version detection (nmap -sV -p21)
+- Anonymous login
+- User enumeration
+- Known vulnerabilities`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username to test" },
+        password: { type: "string", description: "Password to test" },
+        check_anon: { type: "boolean", description: "Check anonymous login" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.FTP_ANON,
+    description: `Test FTP anonymous login and list files.
+
+USAGE: ftp -n target << EOF
+user anonymous anonymous@
+ls -la
+bye
+EOF`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        download: { type: "string", description: "File to download" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.NBTSCAN,
+    description: `NetBIOS enumeration - Scan for NetBIOS name information.
+
+PORTS: 137-139/TCP,UDP
+
+EXTRACTS: Computer names, Workgroup/Domain, MAC addresses, Logged-in users
+
+USAGE: nbtscan -r target/24`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/range" },
+        verbose: { type: "boolean", description: "Verbose output" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.RPC_INFO,
+    description: `RPC enumeration - Query RPC services.
+
+PORT: 111/TCP,UDP (portmapper), 135/TCP (Windows)
+
+USAGE:
+- rpcinfo -p target
+- rpcdump.py target
+
+REVEALS: Available RPC services and their ports`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.SHOWMOUNT,
+    description: `NFS enumeration - Show NFS exports.
+
+PORT: 2049/TCP,UDP (NFS), 111 (portmapper)
+
+USAGE: showmount -e target
+
+MOUNT: mount -t nfs target:/share /mnt/nfs`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        all: { type: "boolean", description: "Show all info (-a)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.TELNET,
+    description: `Telnet connection - Banner grab and service interaction.
+
+USAGE for banner grab: echo "quit" | timeout 5 telnet target port`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        port: { type: "number", description: "Port number" }
+      },
+      required: ["target", "port"]
+    }
+  },
+  {
+    name: TOOL_NAME.HYDRA,
+    description: `Hydra - Fast network logon cracker.
+
+PROTOCOLS: ssh, ftp, telnet, http-get, http-post, smb, rdp, mysql, mssql, vnc, etc.
+
+USAGE:
+- hydra -l user -P wordlist.txt target ssh
+- hydra -L users.txt -p password target ftp
+- hydra -l admin -P rockyou.txt target http-post-form "/login:user=^USER^&pass=^PASS^:F=failed"
+
+OPTIONS:
+- -t 4: Number of parallel tasks
+- -V: Verbose
+- -f: Exit after first found
+- -s PORT: Specify port`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/hostname" },
+        protocol: { type: "string", description: "Protocol (ssh, ftp, http-post-form, etc.)" },
+        username: { type: "string", description: "Username or -L for file" },
+        password: { type: "string", description: "Password or -P for wordlist" },
+        userlist: { type: "string", description: "Username wordlist file" },
+        passlist: { type: "string", description: "Password wordlist file" },
+        port: { type: "number", description: "Target port" },
+        threads: { type: "number", description: "Parallel tasks (default: 16)" },
+        extra: { type: "string", description: "Extra options (e.g., http form data)" }
+      },
+      required: ["target", "protocol"]
+    }
+  }
+];
 var WINDOWS_TOOLS = [
   {
     name: TOOL_NAME.NETCAT,
@@ -1061,6 +1280,7 @@ var REPORT_TOOLS = [
 var ALL_TOOLS = [
   ...SYSTEM_TOOLS,
   ...NETWORK_TOOLS,
+  ...SERVICE_TOOLS,
   ...WINDOWS_TOOLS,
   ...WEB_TOOLS,
   ...EXPLOIT_TOOLS,
@@ -1282,6 +1502,40 @@ async function executeToolCall(toolName, input) {
       case "reverse_shell":
         result = await executeReverseShell(input);
         break;
+      // Service Enumeration Tools
+      case "zone_transfer":
+        result = await executeZoneTransfer(input);
+        break;
+      case "snmp_walk":
+        result = await executeSnmpWalk(input);
+        break;
+      case "snmp_check":
+        result = await executeSnmpCheck(input);
+        break;
+      case "onesixtyone":
+        result = await executeOnesixtyone(input);
+        break;
+      case "ftp_enum":
+        result = await executeFtpEnum(input);
+        break;
+      case "ftp_anon":
+        result = await executeFtpAnon(input);
+        break;
+      case "nbtscan":
+        result = await executeNbtscan(input);
+        break;
+      case "rpc_info":
+        result = await executeRpcInfo(input);
+        break;
+      case "showmount":
+        result = await executeShowmount(input);
+        break;
+      case "telnet":
+        result = await executeTelnet(input);
+        break;
+      case "hydra":
+        result = await executeHydra(input);
+        break;
       // report
       case "report_finding":
         result = await reportFinding(input);
@@ -1933,6 +2187,98 @@ Listener: nc -lvnp ${lport}`,
     duration: 0
   };
 }
+async function executeZoneTransfer(input) {
+  const { domain, nameserver } = input;
+  return executeBash(`dig axfr @${nameserver} ${domain}`, { timeout: 6e4 });
+}
+async function executeSnmpWalk(input) {
+  const { target, community = "public", version = "2c", oid } = input;
+  let cmd = `snmpwalk -v${version} -c "${community}" ${target}`;
+  if (oid) cmd += ` ${oid}`;
+  return executeBash(cmd, { timeout: 12e4 });
+}
+async function executeSnmpCheck(input) {
+  const { target, community = "public" } = input;
+  return executeBash(`snmp-check -c "${community}" ${target}`, { timeout: 12e4 });
+}
+async function executeOnesixtyone(input) {
+  const { target, wordlist } = input;
+  const wl = wordlist || "/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt";
+  return executeBash(`onesixtyone -c "${wl}" ${target}`, { timeout: 12e4 });
+}
+async function executeFtpEnum(input) {
+  const { target, username, password, check_anon } = input;
+  const commands = [];
+  commands.push(`nmap -sV -p21 --script=ftp-anon,ftp-bounce,ftp-syst ${target}`);
+  if (check_anon) {
+    commands.push(`echo -e "open ${target}\\nuser anonymous anonymous@\\nls\\nbye" | ftp -n 2>/dev/null || echo "Anonymous login failed"`);
+  }
+  if (username && password) {
+    commands.push(`echo -e "open ${target}\\nuser ${username} ${password}\\nls\\nbye" | ftp -n 2>/dev/null`);
+  }
+  return executeBash(commands.join(' && echo "---" && '), { timeout: 6e4 });
+}
+async function executeFtpAnon(input) {
+  const { target, download } = input;
+  let cmd = `ftp -n ${target} << 'EOF'
+user anonymous anonymous@
+binary
+ls -la
+`;
+  if (download) {
+    cmd += `get ${download}
+`;
+  }
+  cmd += `bye
+EOF`;
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeNbtscan(input) {
+  const { target, verbose } = input;
+  let cmd = "nbtscan";
+  if (verbose) cmd += " -v";
+  cmd += ` -r ${target}`;
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeRpcInfo(input) {
+  const { target } = input;
+  return executeBash(`rpcinfo -p ${target}`, { timeout: 3e4 });
+}
+async function executeShowmount(input) {
+  const { target, all } = input;
+  let cmd = "showmount";
+  if (all) {
+    cmd += " -a";
+  } else {
+    cmd += " -e";
+  }
+  cmd += ` ${target}`;
+  return executeBash(cmd, { timeout: 3e4 });
+}
+async function executeTelnet(input) {
+  const { target, port } = input;
+  return executeBash(`echo "quit" | timeout 10 telnet ${target} ${port} 2>&1 || true`, { timeout: 15e3 });
+}
+async function executeHydra(input) {
+  const { target, protocol, username, password, userlist, passlist, port, threads = 16, extra } = input;
+  let cmd = "hydra";
+  if (threads) cmd += ` -t ${threads}`;
+  if (port) cmd += ` -s ${port}`;
+  if (userlist) {
+    cmd += ` -L "${userlist}"`;
+  } else if (username) {
+    cmd += ` -l "${username}"`;
+  }
+  if (passlist) {
+    cmd += ` -P "${passlist}"`;
+  } else if (password) {
+    cmd += ` -p "${password}"`;
+  }
+  cmd += ` ${target} ${protocol}`;
+  if (extra) cmd += ` "${extra}"`;
+  cmd += " -V -f";
+  return executeBash(cmd, { timeout: 6e5 });
+}
 
 // src/core/hooks/hook-executor.ts
 import { spawn as spawn2 } from "child_process";
@@ -2303,23 +2649,133 @@ var HIGH_RISK_PATTERNS = [
   /meterpreter/i,
   /mimikatz/i
 ];
+var LOW_RISK_TOOLS = [
+  "ping",
+  "traceroute",
+  "tracert",
+  "mtr",
+  "dig",
+  "host",
+  "nslookup",
+  "whois",
+  "dnsenum",
+  "zone_transfer",
+  "curl",
+  "wget",
+  "httpx",
+  "whatweb",
+  "rustscan",
+  "nmap_scan",
+  "nmap",
+  "masscan",
+  "subfinder",
+  "amass",
+  "assetfinder",
+  "ffuf",
+  "gobuster",
+  "feroxbuster",
+  "dirsearch",
+  "smbclient",
+  "rpcclient",
+  "enum4linux",
+  "ldapsearch",
+  "netcat",
+  "nc",
+  "telnet",
+  "ftp",
+  "ftp_enum",
+  "ftp_anon",
+  "snmp_walk",
+  "snmp_check",
+  "onesixtyone",
+  "nbtscan",
+  "rpc_info",
+  "showmount",
+  "read_file",
+  "list_directory",
+  "cat",
+  "ls",
+  "find",
+  "grep",
+  "searchsploit",
+  "nikto",
+  "nuclei",
+  "web_request",
+  "directory_bruteforce"
+];
+var LOW_RISK_PATTERNS = [
+  /^ping\s/i,
+  /^traceroute\s/i,
+  /^tracert\s/i,
+  /^mtr\s/i,
+  /^dig\s/i,
+  /^host\s/i,
+  /^nslookup\s/i,
+  /^whois\s/i,
+  /^curl\s/i,
+  /^wget\s/i,
+  /^nmap\s/i,
+  /^rustscan\s/i,
+  /^masscan\s/i,
+  /^subfinder/i,
+  /^amass\s/i,
+  /^ffuf\s/i,
+  /^gobuster\s/i,
+  /^feroxbuster\s/i,
+  /^whatweb\s/i,
+  /^httpx\s/i,
+  /^nikto\s/i,
+  /^nuclei\s/i,
+  /^smbclient\s/i,
+  /^rpcclient\s/i,
+  /^enum4linux\s/i,
+  /^ldapsearch\s/i,
+  /^crackmapexec\s.*--shares/i,
+  /^crackmapexec\s.*--users/i,
+  /^searchsploit\s/i,
+  /^cat\s/i,
+  /^ls\s/i,
+  /^find\s/i,
+  /^grep\s/i,
+  /^head\s/i,
+  /^tail\s/i,
+  /^file\s/i,
+  /^strings\s/i,
+  /^netstat/i,
+  /^ss\s/i,
+  /^arp\s/i,
+  /^ip\s+a/i,
+  /^ifconfig/i,
+  /^id$/i,
+  /^whoami$/i,
+  /^uname/i,
+  /^hostname/i,
+  /^pwd$/i,
+  /^env$/i,
+  /^echo\s/i
+];
 function assessRisk(toolName, toolInput) {
   const inputStr = JSON.stringify(toolInput).toLowerCase();
+  const command = toolInput.command || "";
   for (const pattern of HIGH_RISK_PATTERNS) {
-    if (pattern.test(inputStr)) {
+    if (pattern.test(inputStr) || pattern.test(command)) {
       return "critical";
     }
   }
-  if (CRITICAL_TOOLS.includes(toolName)) {
-    return "high";
+  if (LOW_RISK_TOOLS.includes(toolName)) {
+    return "low";
   }
-  if (toolName.includes("script") || toolName.includes("exec")) {
-    return "medium";
+  if (toolName === "bash" && command) {
+    for (const pattern of LOW_RISK_PATTERNS) {
+      if (pattern.test(command.trim())) {
+        return "low";
+      }
+    }
   }
-  if (toolName.includes("scan") || toolName.includes("request")) {
-    return "medium";
+  if (CRITICAL_TOOLS.includes(toolName)) {
+    return "high";
   }
-  return "low";
+  return "medium";
 }
 function generateRequestId() {
   return `approval_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
@@ -5951,7 +6407,7 @@ var App = ({ autoApprove = false, target }) => {
         setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
       }
     });
-    import("./auto-update-QFDCCKMW.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
+    import("./auto-update-NF5LOTTR.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
       checkForUpdateAsync().then((result) => {
         if (result.hasUpdate) {
           const notification = formatUpdateNotification(result);
@@ -6545,7 +7001,7 @@ ${list}`);
           return;
         case "update":
           try {
-            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-OI7M5ERV.js");
+            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-WBBD5QMK.js");
             const result = checkForUpdate(true);
             if (result.hasUpdate) {
               const notification = formatUpdateNotification(result);

package/dist/{update-OI7M5ERV.js → update-WBBD5QMK.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-LP7NNB7C.js";
-import "./chunk-CJOLRYUP.js";
+} from "./chunk-NHTHJVRJ.js";
+import "./chunk-FWXRDTSB.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.6.0",
+  "version": "0.7.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",