pentesting 0.6.1 → 0.7.1

package/dist/{auto-update-23RX6SWZ.js → auto-update-NF5LOTTR.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-6MCOPWPF.js";
-import "./chunk-6RVVWSNN.js";
+} from "./chunk-NHTHJVRJ.js";
+import "./chunk-FWXRDTSB.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/dist/{chunk-6RVVWSNN.js → chunk-FWXRDTSB.js}

@@ -109,6 +109,17 @@ var TOOL_NAME = {
   SUBFINDER: "subfinder",
   AMASS: "amass",
   DNSENUM: "dnsenum",
+  ZONE_TRANSFER: "zone_transfer",
+  // Service Enumeration
+  SNMP_WALK: "snmp_walk",
+  SNMP_CHECK: "snmp_check",
+  ONESIXTYONE: "onesixtyone",
+  FTP_ENUM: "ftp_enum",
+  FTP_ANON: "ftp_anon",
+  NBTSCAN: "nbtscan",
+  RPC_INFO: "rpc_info",
+  SHOWMOUNT: "showmount",
+  TELNET: "telnet",
   // Web Recon & Tech Identification
   WHATWEB: "whatweb",
   HTTPX: "httpx",
@@ -147,6 +158,7 @@ var TOOL_NAME = {
   BRUTEFORCE_LOGIN: "bruteforce_login",
   CRACK_HASH: "crack_hash",
   DUMP_CREDENTIALS: "dump_credentials",
+  HYDRA: "hydra",
   // Privilege Escalation
   CHECK_SUDO: "check_sudo",
   FIND_SUID: "find_suid",

package/dist/{chunk-6MCOPWPF.js → chunk-NHTHJVRJ.js}

@@ -1,7 +1,7 @@
 import {
   APP_NAME,
   APP_VERSION
-} from "./chunk-6RVVWSNN.js";
+} from "./chunk-FWXRDTSB.js";
 
 // src/core/update/auto-update.ts
 import { execSync } from "child_process";

package/dist/index.js

@@ -15,7 +15,7 @@ import {
   PHASE_STATUS,
   THOUGHT_TYPE,
   TOOL_NAME
-} from "./chunk-6RVVWSNN.js";
+} from "./chunk-FWXRDTSB.js";
 import {
   __require
 } from "./chunk-3RG5ZIWI.js";
@@ -365,6 +365,225 @@ Use for:
     }
   }
 ];
+var SERVICE_TOOLS = [
+  {
+    name: TOOL_NAME.ZONE_TRANSFER,
+    description: `DNS Zone Transfer (AXFR) - Extract all DNS records from a nameserver.
+
+PORT: 53/TCP
+
+USAGE:
+- dig axfr @ns.target.com target.com
+- host -l target.com ns.target.com
+- dnsrecon -d target.com -t axfr
+
+REVEALS: All subdomains, A records, MX, NS, TXT records`,
+    input_schema: {
+      type: "object",
+      properties: {
+        domain: { type: "string", description: "Target domain" },
+        nameserver: { type: "string", description: "Nameserver to query" }
+      },
+      required: ["domain", "nameserver"]
+    }
+  },
+  {
+    name: TOOL_NAME.SNMP_WALK,
+    description: `SNMP enumeration - Walk through SNMP MIB tree.
+
+PORT: 161/UDP
+
+COMMON COMMUNITY STRINGS: public, private, manager, cisco
+
+USAGE:
+- snmpwalk -v1 -c public target
+- snmpwalk -v2c -c public target
+- snmpbulkwalk -v2c -c public target
+
+EXTRACTS: Users, Processes, Network config, Installed software, ARP table`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        community: { type: "string", description: "Community string (default: public)" },
+        version: { type: "string", enum: ["1", "2c", "3"], description: "SNMP version" },
+        oid: { type: "string", description: "OID to walk (default: all)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.SNMP_CHECK,
+    description: `snmp-check - Enumerate SNMP devices for information.
+
+Extracts: System info, User accounts, Network info, Routing, TCP/UDP connections`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        community: { type: "string", description: "Community string" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.ONESIXTYONE,
+    description: `onesixtyone - Fast SNMP community string bruteforcer.
+
+PORT: 161/UDP
+
+USAGE: onesixtyone -c community_list.txt target`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/range" },
+        wordlist: { type: "string", description: "Community strings wordlist" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.FTP_ENUM,
+    description: `FTP enumeration and testing.
+
+PORT: 21/TCP
+
+CHECKS:
+- Version detection (nmap -sV -p21)
+- Anonymous login
+- User enumeration
+- Known vulnerabilities`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        username: { type: "string", description: "Username to test" },
+        password: { type: "string", description: "Password to test" },
+        check_anon: { type: "boolean", description: "Check anonymous login" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.FTP_ANON,
+    description: `Test FTP anonymous login and list files.
+
+USAGE: ftp -n target << EOF
+user anonymous anonymous@
+ls -la
+bye
+EOF`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        download: { type: "string", description: "File to download" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.NBTSCAN,
+    description: `NetBIOS enumeration - Scan for NetBIOS name information.
+
+PORTS: 137-139/TCP,UDP
+
+EXTRACTS: Computer names, Workgroup/Domain, MAC addresses, Logged-in users
+
+USAGE: nbtscan -r target/24`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/range" },
+        verbose: { type: "boolean", description: "Verbose output" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.RPC_INFO,
+    description: `RPC enumeration - Query RPC services.
+
+PORT: 111/TCP,UDP (portmapper), 135/TCP (Windows)
+
+USAGE:
+- rpcinfo -p target
+- rpcdump.py target
+
+REVEALS: Available RPC services and their ports`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.SHOWMOUNT,
+    description: `NFS enumeration - Show NFS exports.
+
+PORT: 2049/TCP,UDP (NFS), 111 (portmapper)
+
+USAGE: showmount -e target
+
+MOUNT: mount -t nfs target:/share /mnt/nfs`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        all: { type: "boolean", description: "Show all info (-a)" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.TELNET,
+    description: `Telnet connection - Banner grab and service interaction.
+
+USAGE for banner grab: echo "quit" | timeout 5 telnet target port`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP" },
+        port: { type: "number", description: "Port number" }
+      },
+      required: ["target", "port"]
+    }
+  },
+  {
+    name: TOOL_NAME.HYDRA,
+    description: `Hydra - Fast network logon cracker.
+
+PROTOCOLS: ssh, ftp, telnet, http-get, http-post, smb, rdp, mysql, mssql, vnc, etc.
+
+USAGE:
+- hydra -l user -P wordlist.txt target ssh
+- hydra -L users.txt -p password target ftp
+- hydra -l admin -P rockyou.txt target http-post-form "/login:user=^USER^&pass=^PASS^:F=failed"
+
+OPTIONS:
+- -t 4: Number of parallel tasks
+- -V: Verbose
+- -f: Exit after first found
+- -s PORT: Specify port`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target IP/hostname" },
+        protocol: { type: "string", description: "Protocol (ssh, ftp, http-post-form, etc.)" },
+        username: { type: "string", description: "Username or -L for file" },
+        password: { type: "string", description: "Password or -P for wordlist" },
+        userlist: { type: "string", description: "Username wordlist file" },
+        passlist: { type: "string", description: "Password wordlist file" },
+        port: { type: "number", description: "Target port" },
+        threads: { type: "number", description: "Parallel tasks (default: 16)" },
+        extra: { type: "string", description: "Extra options (e.g., http form data)" }
+      },
+      required: ["target", "protocol"]
+    }
+  }
+];
 var WINDOWS_TOOLS = [
   {
     name: TOOL_NAME.NETCAT,
@@ -1061,6 +1280,7 @@ var REPORT_TOOLS = [
 var ALL_TOOLS = [
   ...SYSTEM_TOOLS,
   ...NETWORK_TOOLS,
+  ...SERVICE_TOOLS,
   ...WINDOWS_TOOLS,
   ...WEB_TOOLS,
   ...EXPLOIT_TOOLS,
@@ -1152,27 +1372,27 @@ async function executeToolCall(toolName, input) {
     let result;
     switch (toolName) {
       // system tool
-      case "bash":
+      case TOOL_NAME.BASH:
         result = await executeBash(input.command, {
           timeout: input.timeout || 6e4,
           background: input.background
         });
         break;
-      case "read_file":
+      case TOOL_NAME.READ_FILE:
         result = await readFile2(
           input.path,
           input.start_line,
           input.end_line
         );
         break;
-      case "write_file":
+      case TOOL_NAME.WRITE_FILE:
         result = await writeFile2(
           input.path,
           input.content,
           input.overwrite
         );
         break;
-      case "list_directory":
+      case TOOL_NAME.LIST_DIRECTORY:
         result = await listDirectory(
           input.path,
           input.recursive,
@@ -1180,113 +1400,147 @@ async function executeToolCall(toolName, input) {
         );
         break;
       // network scanning
-      case "rustscan":
+      case TOOL_NAME.RUSTSCAN:
         result = await executeRustscan(input);
         break;
-      case "nmap_scan":
+      case TOOL_NAME.NMAP_SCAN:
         result = await executeNmapScan(input);
         break;
-      case "tcpdump_capture":
+      case TOOL_NAME.TCPDUMP_CAPTURE:
         result = await executeTcpdump(input);
         break;
       // Web Tools
-      case "web_request":
+      case TOOL_NAME.WEB_REQUEST:
         result = await executeWebRequest(input);
         break;
-      case "directory_bruteforce":
+      case TOOL_NAME.DIRECTORY_BRUTEFORCE:
         result = await executeDirBruteforce(input);
         break;
-      case "sql_injection":
+      case TOOL_NAME.SQL_INJECTION:
         result = await executeSqlmap(input);
         break;
-      case "browser_automation":
+      case TOOL_NAME.BROWSER_AUTOMATION:
         result = await executeBrowserAutomation(input);
         break;
       // Exploitation Tools
-      case "searchsploit":
+      case TOOL_NAME.SEARCHSPLOIT:
         result = await executeSearchsploit(input);
         break;
-      case "metasploit":
+      case TOOL_NAME.METASPLOIT:
         result = await executeMetasploit(input);
         break;
-      case "generate_payload":
+      case TOOL_NAME.GENERATE_PAYLOAD:
         result = await generatePayload(input);
         break;
       // Credential Tools
-      case "bruteforce_login":
+      case TOOL_NAME.BRUTEFORCE_LOGIN:
         result = await executeBruteforce(input);
         break;
-      case "crack_hash":
+      case TOOL_NAME.CRACK_HASH:
         result = await executeCrackHash(input);
         break;
       // permission escalation
-      case "run_privesc_enum":
+      case TOOL_NAME.RUN_PRIVESC_ENUM:
         result = await executePrivescEnum(input);
         break;
-      case "check_sudo":
+      case TOOL_NAME.CHECK_SUDO:
         result = await checkSudo(input);
         break;
-      case "find_suid":
+      case TOOL_NAME.FIND_SUID:
         result = await findSuid(input);
         break;
       // Post-Exploitation
-      case "setup_tunnel":
+      case TOOL_NAME.SETUP_TUNNEL:
         result = await setupTunnel(input);
         break;
-      case "dump_credentials":
+      case TOOL_NAME.DUMP_CREDENTIALS:
         result = await dumpCredentials(input);
         break;
-      case "lateral_movement":
+      case TOOL_NAME.LATERAL_MOVEMENT:
         result = await executeLateralMovement(input);
         break;
       // Windows / SMB / AD Tools
-      case "netcat":
+      case TOOL_NAME.NETCAT:
         result = await executeNetcat(input);
         break;
-      case "smb_enum":
+      case TOOL_NAME.SMB_ENUM:
         result = await executeSmbEnum(input);
         break;
-      case "enum4linux":
+      case TOOL_NAME.ENUM4LINUX:
         result = await executeEnum4linux(input);
         break;
-      case "crackmapexec":
+      case TOOL_NAME.CRACKMAPEXEC:
         result = await executeCrackmapexec(input);
         break;
-      case "smbclient":
+      case TOOL_NAME.SMBCLIENT:
         result = await executeSmbclient(input);
         break;
-      case "rpcclient":
+      case TOOL_NAME.RPCCLIENT:
         result = await executeRpcclient(input);
         break;
-      case "winrm":
+      case TOOL_NAME.WINRM:
         result = await executeWinrm(input);
         break;
-      case "rdp_check":
+      case TOOL_NAME.RDP_CHECK:
         result = await executeRdpCheck(input);
         break;
-      case "ldap_search":
+      case TOOL_NAME.LDAP_SEARCH:
         result = await executeLdapSearch(input);
         break;
-      case "kerbrute":
+      case TOOL_NAME.KERBRUTE:
         result = await executeKerbrute(input);
         break;
-      case "bloodhound":
+      case TOOL_NAME.BLOODHOUND:
         result = await executeBloodhound(input);
         break;
-      case "mssql_client":
+      case TOOL_NAME.MSSQL_CLIENT:
         result = await executeMssqlClient(input);
         break;
-      case "mysql_client":
+      case TOOL_NAME.MYSQL_CLIENT:
         result = await executeMysqlClient(input);
         break;
-      case "reverse_shell":
+      case TOOL_NAME.REVERSE_SHELL:
         result = await executeReverseShell(input);
         break;
+      // Service Enumeration Tools
+      case TOOL_NAME.ZONE_TRANSFER:
+        result = await executeZoneTransfer(input);
+        break;
+      case TOOL_NAME.SNMP_WALK:
+        result = await executeSnmpWalk(input);
+        break;
+      case TOOL_NAME.SNMP_CHECK:
+        result = await executeSnmpCheck(input);
+        break;
+      case TOOL_NAME.ONESIXTYONE:
+        result = await executeOnesixtyone(input);
+        break;
+      case TOOL_NAME.FTP_ENUM:
+        result = await executeFtpEnum(input);
+        break;
+      case TOOL_NAME.FTP_ANON:
+        result = await executeFtpAnon(input);
+        break;
+      case TOOL_NAME.NBTSCAN:
+        result = await executeNbtscan(input);
+        break;
+      case TOOL_NAME.RPC_INFO:
+        result = await executeRpcInfo(input);
+        break;
+      case TOOL_NAME.SHOWMOUNT:
+        result = await executeShowmount(input);
+        break;
+      case TOOL_NAME.TELNET:
+        result = await executeTelnet(input);
+        break;
+      case TOOL_NAME.HYDRA:
+        result = await executeHydra(input);
+        break;
       // report
-      case "report_finding":
+      case TOOL_NAME.REPORT_FINDING:
         result = await reportFinding(input);
         break;
-      case "take_screenshot":
+      case TOOL_NAME.TAKE_SCREENSHOT:
         result = await takeScreenshot(input);
         break;
       default:
@@ -1933,6 +2187,98 @@ Listener: nc -lvnp ${lport}`,
     duration: 0
   };
 }
+async function executeZoneTransfer(input) {
+  const { domain, nameserver } = input;
+  return executeBash(`dig axfr @${nameserver} ${domain}`, { timeout: 6e4 });
+}
+async function executeSnmpWalk(input) {
+  const { target, community = "public", version = "2c", oid } = input;
+  let cmd = `snmpwalk -v${version} -c "${community}" ${target}`;
+  if (oid) cmd += ` ${oid}`;
+  return executeBash(cmd, { timeout: 12e4 });
+}
+async function executeSnmpCheck(input) {
+  const { target, community = "public" } = input;
+  return executeBash(`snmp-check -c "${community}" ${target}`, { timeout: 12e4 });
+}
+async function executeOnesixtyone(input) {
+  const { target, wordlist } = input;
+  const wl = wordlist || "/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt";
+  return executeBash(`onesixtyone -c "${wl}" ${target}`, { timeout: 12e4 });
+}
+async function executeFtpEnum(input) {
+  const { target, username, password, check_anon } = input;
+  const commands = [];
+  commands.push(`nmap -sV -p21 --script=ftp-anon,ftp-bounce,ftp-syst ${target}`);
+  if (check_anon) {
+    commands.push(`echo -e "open ${target}\\nuser anonymous anonymous@\\nls\\nbye" | ftp -n 2>/dev/null || echo "Anonymous login failed"`);
+  }
+  if (username && password) {
+    commands.push(`echo -e "open ${target}\\nuser ${username} ${password}\\nls\\nbye" | ftp -n 2>/dev/null`);
+  }
+  return executeBash(commands.join(' && echo "---" && '), { timeout: 6e4 });
+}
+async function executeFtpAnon(input) {
+  const { target, download } = input;
+  let cmd = `ftp -n ${target} << 'EOF'
+user anonymous anonymous@
+binary
+ls -la
+`;
+  if (download) {
+    cmd += `get ${download}
+`;
+  }
+  cmd += `bye
+EOF`;
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeNbtscan(input) {
+  const { target, verbose } = input;
+  let cmd = "nbtscan";
+  if (verbose) cmd += " -v";
+  cmd += ` -r ${target}`;
+  return executeBash(cmd, { timeout: 6e4 });
+}
+async function executeRpcInfo(input) {
+  const { target } = input;
+  return executeBash(`rpcinfo -p ${target}`, { timeout: 3e4 });
+}
+async function executeShowmount(input) {
+  const { target, all } = input;
+  let cmd = "showmount";
+  if (all) {
+    cmd += " -a";
+  } else {
+    cmd += " -e";
+  }
+  cmd += ` ${target}`;
+  return executeBash(cmd, { timeout: 3e4 });
+}
+async function executeTelnet(input) {
+  const { target, port } = input;
+  return executeBash(`echo "quit" | timeout 10 telnet ${target} ${port} 2>&1 || true`, { timeout: 15e3 });
+}
+async function executeHydra(input) {
+  const { target, protocol, username, password, userlist, passlist, port, threads = 16, extra } = input;
+  let cmd = "hydra";
+  if (threads) cmd += ` -t ${threads}`;
+  if (port) cmd += ` -s ${port}`;
+  if (userlist) {
+    cmd += ` -L "${userlist}"`;
+  } else if (username) {
+    cmd += ` -l "${username}"`;
+  }
+  if (passlist) {
+    cmd += ` -P "${passlist}"`;
+  } else if (password) {
+    cmd += ` -p "${password}"`;
+  }
+  cmd += ` ${target} ${protocol}`;
+  if (extra) cmd += ` "${extra}"`;
+  cmd += " -V -f";
+  return executeBash(cmd, { timeout: 6e5 });
+}
 
 // src/core/hooks/hook-executor.ts
 import { spawn as spawn2 } from "child_process";
@@ -2313,6 +2659,7 @@ var LOW_RISK_TOOLS = [
   "nslookup",
   "whois",
   "dnsenum",
+  "zone_transfer",
   "curl",
   "wget",
   "httpx",
@@ -2336,6 +2683,14 @@ var LOW_RISK_TOOLS = [
   "nc",
   "telnet",
   "ftp",
+  "ftp_enum",
+  "ftp_anon",
+  "snmp_walk",
+  "snmp_check",
+  "onesixtyone",
+  "nbtscan",
+  "rpc_info",
+  "showmount",
   "read_file",
   "list_directory",
   "cat",
@@ -6052,7 +6407,7 @@ var App = ({ autoApprove = false, target }) => {
         setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
       }
     });
-    import("./auto-update-23RX6SWZ.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
+    import("./auto-update-NF5LOTTR.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
       checkForUpdateAsync().then((result) => {
         if (result.hasUpdate) {
           const notification = formatUpdateNotification(result);
@@ -6646,7 +7001,7 @@ ${list}`);
           return;
         case "update":
           try {
-            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-6I3E5PSP.js");
+            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-WBBD5QMK.js");
             const result = checkForUpdate(true);
             if (result.hasUpdate) {
               const notification = formatUpdateNotification(result);

package/dist/{update-6I3E5PSP.js → update-WBBD5QMK.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-6MCOPWPF.js";
-import "./chunk-6RVVWSNN.js";
+} from "./chunk-NHTHJVRJ.js";
+import "./chunk-FWXRDTSB.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.6.1",
+  "version": "0.7.1",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",