pentesting 0.7.0 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +120 -84
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -1299,41 +1299,77 @@ var execAsync = promisify(exec);
1299
1299
  var DOCKER_CONTAINER = process.env.PENTESTING_CONTAINER || "pentesting-tools";
1300
1300
  var FORCE_DOCKER = process.env.PENTESTING_DOCKER === "1";
1301
1301
  var DOCKER_TOOLS = [
1302
- "rustscan",
1303
- "nmap",
1304
- "masscan",
1305
- "gobuster",
1306
- "ffuf",
1307
- "nikto",
1308
- "sqlmap",
1309
- "dirb",
1310
- "hydra",
1311
- "john",
1312
- "hashcat",
1313
- "medusa",
1314
- "searchsploit",
1315
- "msfconsole",
1316
- "msfvenom",
1317
- "tshark",
1318
- "tcpdump",
1319
- "ngrep",
1320
- "chisel",
1321
- "proxychains",
1322
- "evil-winrm",
1323
- "binwalk",
1324
- "foremost",
1325
- "steghide",
1326
- "exiftool",
1327
- "volatility3",
1328
- "gdb",
1329
- "radare2",
1330
- "r2",
1331
- "subfinder",
1332
- "httpx",
1333
- "nuclei",
1334
- "impacket-psexec",
1335
- "impacket-wmiexec",
1336
- "impacket-smbexec"
1302
+ // Network scanning
1303
+ TOOL_NAME.RUSTSCAN,
1304
+ TOOL_NAME.NMAP_SCAN,
1305
+ TOOL_NAME.MASSCAN,
1306
+ TOOL_NAME.TCPDUMP_CAPTURE,
1307
+ TOOL_NAME.PING,
1308
+ TOOL_NAME.TRACEROUTE,
1309
+ TOOL_NAME.NETCAT,
1310
+ // DNS & Subdomain
1311
+ TOOL_NAME.DIG,
1312
+ TOOL_NAME.HOST,
1313
+ TOOL_NAME.NSLOOKUP,
1314
+ TOOL_NAME.WHOIS,
1315
+ TOOL_NAME.SUBFINDER,
1316
+ TOOL_NAME.AMASS,
1317
+ TOOL_NAME.DNSENUM,
1318
+ TOOL_NAME.ZONE_TRANSFER,
1319
+ // Service Enumeration
1320
+ TOOL_NAME.SNMP_WALK,
1321
+ TOOL_NAME.SNMP_CHECK,
1322
+ TOOL_NAME.ONESIXTYONE,
1323
+ TOOL_NAME.FTP_ENUM,
1324
+ TOOL_NAME.FTP_ANON,
1325
+ TOOL_NAME.NBTSCAN,
1326
+ TOOL_NAME.RPC_INFO,
1327
+ TOOL_NAME.SHOWMOUNT,
1328
+ TOOL_NAME.TELNET,
1329
+ // Web tools
1330
+ TOOL_NAME.FFUF,
1331
+ TOOL_NAME.FEROXBUSTER,
1332
+ TOOL_NAME.WHATWEB,
1333
+ TOOL_NAME.HTTPX,
1334
+ TOOL_NAME.NUCLEI,
1335
+ TOOL_NAME.NIKTO,
1336
+ TOOL_NAME.DIRECTORY_BRUTEFORCE,
1337
+ TOOL_NAME.SQL_INJECTION,
1338
+ TOOL_NAME.WAYBACKURLS,
1339
+ // Windows/SMB/AD
1340
+ TOOL_NAME.SMB_ENUM,
1341
+ TOOL_NAME.ENUM4LINUX,
1342
+ TOOL_NAME.CRACKMAPEXEC,
1343
+ TOOL_NAME.SMBCLIENT,
1344
+ TOOL_NAME.RPCCLIENT,
1345
+ TOOL_NAME.WINRM,
1346
+ TOOL_NAME.RDP_CHECK,
1347
+ TOOL_NAME.LDAP_SEARCH,
1348
+ TOOL_NAME.KERBRUTE,
1349
+ TOOL_NAME.BLOODHOUND,
1350
+ // Database
1351
+ TOOL_NAME.MSSQL_CLIENT,
1352
+ TOOL_NAME.MYSQL_CLIENT,
1353
+ TOOL_NAME.PSQL_CLIENT,
1354
+ TOOL_NAME.REDIS_CLI,
1355
+ TOOL_NAME.MONGO_CLIENT,
1356
+ // Bruteforce
1357
+ TOOL_NAME.HYDRA,
1358
+ TOOL_NAME.BRUTEFORCE_LOGIN,
1359
+ TOOL_NAME.CRACK_HASH,
1360
+ // Exploitation
1361
+ TOOL_NAME.SEARCHSPLOIT,
1362
+ TOOL_NAME.METASPLOIT,
1363
+ TOOL_NAME.GENERATE_PAYLOAD,
1364
+ // Post-exploitation
1365
+ TOOL_NAME.SETUP_TUNNEL,
1366
+ TOOL_NAME.LATERAL_MOVEMENT,
1367
+ TOOL_NAME.REVERSE_SHELL,
1368
+ TOOL_NAME.DUMP_CREDENTIALS,
1369
+ // Privesc
1370
+ TOOL_NAME.RUN_PRIVESC_ENUM,
1371
+ TOOL_NAME.CHECK_SUDO,
1372
+ TOOL_NAME.FIND_SUID
1337
1373
  ];
1338
1374
  async function isDockerAvailable() {
1339
1375
  try {
@@ -1372,27 +1408,27 @@ async function executeToolCall(toolName, input) {
1372
1408
  let result;
1373
1409
  switch (toolName) {
1374
1410
  // system tool
1375
- case "bash":
1411
+ case TOOL_NAME.BASH:
1376
1412
  result = await executeBash(input.command, {
1377
1413
  timeout: input.timeout || 6e4,
1378
1414
  background: input.background
1379
1415
  });
1380
1416
  break;
1381
- case "read_file":
1417
+ case TOOL_NAME.READ_FILE:
1382
1418
  result = await readFile2(
1383
1419
  input.path,
1384
1420
  input.start_line,
1385
1421
  input.end_line
1386
1422
  );
1387
1423
  break;
1388
- case "write_file":
1424
+ case TOOL_NAME.WRITE_FILE:
1389
1425
  result = await writeFile2(
1390
1426
  input.path,
1391
1427
  input.content,
1392
1428
  input.overwrite
1393
1429
  );
1394
1430
  break;
1395
- case "list_directory":
1431
+ case TOOL_NAME.LIST_DIRECTORY:
1396
1432
  result = await listDirectory(
1397
1433
  input.path,
1398
1434
  input.recursive,
@@ -1400,147 +1436,147 @@ async function executeToolCall(toolName, input) {
1400
1436
  );
1401
1437
  break;
1402
1438
  // network scanning
1403
- case "rustscan":
1439
+ case TOOL_NAME.RUSTSCAN:
1404
1440
  result = await executeRustscan(input);
1405
1441
  break;
1406
- case "nmap_scan":
1442
+ case TOOL_NAME.NMAP_SCAN:
1407
1443
  result = await executeNmapScan(input);
1408
1444
  break;
1409
- case "tcpdump_capture":
1445
+ case TOOL_NAME.TCPDUMP_CAPTURE:
1410
1446
  result = await executeTcpdump(input);
1411
1447
  break;
1412
1448
  // Web Tools
1413
- case "web_request":
1449
+ case TOOL_NAME.WEB_REQUEST:
1414
1450
  result = await executeWebRequest(input);
1415
1451
  break;
1416
- case "directory_bruteforce":
1452
+ case TOOL_NAME.DIRECTORY_BRUTEFORCE:
1417
1453
  result = await executeDirBruteforce(input);
1418
1454
  break;
1419
- case "sql_injection":
1455
+ case TOOL_NAME.SQL_INJECTION:
1420
1456
  result = await executeSqlmap(input);
1421
1457
  break;
1422
- case "browser_automation":
1458
+ case TOOL_NAME.BROWSER_AUTOMATION:
1423
1459
  result = await executeBrowserAutomation(input);
1424
1460
  break;
1425
1461
  // Exploitation Tools
1426
- case "searchsploit":
1462
+ case TOOL_NAME.SEARCHSPLOIT:
1427
1463
  result = await executeSearchsploit(input);
1428
1464
  break;
1429
- case "metasploit":
1465
+ case TOOL_NAME.METASPLOIT:
1430
1466
  result = await executeMetasploit(input);
1431
1467
  break;
1432
- case "generate_payload":
1468
+ case TOOL_NAME.GENERATE_PAYLOAD:
1433
1469
  result = await generatePayload(input);
1434
1470
  break;
1435
1471
  // Credential Tools
1436
- case "bruteforce_login":
1472
+ case TOOL_NAME.BRUTEFORCE_LOGIN:
1437
1473
  result = await executeBruteforce(input);
1438
1474
  break;
1439
- case "crack_hash":
1475
+ case TOOL_NAME.CRACK_HASH:
1440
1476
  result = await executeCrackHash(input);
1441
1477
  break;
1442
1478
  // permission escalation
1443
- case "run_privesc_enum":
1479
+ case TOOL_NAME.RUN_PRIVESC_ENUM:
1444
1480
  result = await executePrivescEnum(input);
1445
1481
  break;
1446
- case "check_sudo":
1482
+ case TOOL_NAME.CHECK_SUDO:
1447
1483
  result = await checkSudo(input);
1448
1484
  break;
1449
- case "find_suid":
1485
+ case TOOL_NAME.FIND_SUID:
1450
1486
  result = await findSuid(input);
1451
1487
  break;
1452
1488
  // Post-Exploitation
1453
- case "setup_tunnel":
1489
+ case TOOL_NAME.SETUP_TUNNEL:
1454
1490
  result = await setupTunnel(input);
1455
1491
  break;
1456
- case "dump_credentials":
1492
+ case TOOL_NAME.DUMP_CREDENTIALS:
1457
1493
  result = await dumpCredentials(input);
1458
1494
  break;
1459
- case "lateral_movement":
1495
+ case TOOL_NAME.LATERAL_MOVEMENT:
1460
1496
  result = await executeLateralMovement(input);
1461
1497
  break;
1462
1498
  // Windows / SMB / AD Tools
1463
- case "netcat":
1499
+ case TOOL_NAME.NETCAT:
1464
1500
  result = await executeNetcat(input);
1465
1501
  break;
1466
- case "smb_enum":
1502
+ case TOOL_NAME.SMB_ENUM:
1467
1503
  result = await executeSmbEnum(input);
1468
1504
  break;
1469
- case "enum4linux":
1505
+ case TOOL_NAME.ENUM4LINUX:
1470
1506
  result = await executeEnum4linux(input);
1471
1507
  break;
1472
- case "crackmapexec":
1508
+ case TOOL_NAME.CRACKMAPEXEC:
1473
1509
  result = await executeCrackmapexec(input);
1474
1510
  break;
1475
- case "smbclient":
1511
+ case TOOL_NAME.SMBCLIENT:
1476
1512
  result = await executeSmbclient(input);
1477
1513
  break;
1478
- case "rpcclient":
1514
+ case TOOL_NAME.RPCCLIENT:
1479
1515
  result = await executeRpcclient(input);
1480
1516
  break;
1481
- case "winrm":
1517
+ case TOOL_NAME.WINRM:
1482
1518
  result = await executeWinrm(input);
1483
1519
  break;
1484
- case "rdp_check":
1520
+ case TOOL_NAME.RDP_CHECK:
1485
1521
  result = await executeRdpCheck(input);
1486
1522
  break;
1487
- case "ldap_search":
1523
+ case TOOL_NAME.LDAP_SEARCH:
1488
1524
  result = await executeLdapSearch(input);
1489
1525
  break;
1490
- case "kerbrute":
1526
+ case TOOL_NAME.KERBRUTE:
1491
1527
  result = await executeKerbrute(input);
1492
1528
  break;
1493
- case "bloodhound":
1529
+ case TOOL_NAME.BLOODHOUND:
1494
1530
  result = await executeBloodhound(input);
1495
1531
  break;
1496
- case "mssql_client":
1532
+ case TOOL_NAME.MSSQL_CLIENT:
1497
1533
  result = await executeMssqlClient(input);
1498
1534
  break;
1499
- case "mysql_client":
1535
+ case TOOL_NAME.MYSQL_CLIENT:
1500
1536
  result = await executeMysqlClient(input);
1501
1537
  break;
1502
- case "reverse_shell":
1538
+ case TOOL_NAME.REVERSE_SHELL:
1503
1539
  result = await executeReverseShell(input);
1504
1540
  break;
1505
1541
  // Service Enumeration Tools
1506
- case "zone_transfer":
1542
+ case TOOL_NAME.ZONE_TRANSFER:
1507
1543
  result = await executeZoneTransfer(input);
1508
1544
  break;
1509
- case "snmp_walk":
1545
+ case TOOL_NAME.SNMP_WALK:
1510
1546
  result = await executeSnmpWalk(input);
1511
1547
  break;
1512
- case "snmp_check":
1548
+ case TOOL_NAME.SNMP_CHECK:
1513
1549
  result = await executeSnmpCheck(input);
1514
1550
  break;
1515
- case "onesixtyone":
1551
+ case TOOL_NAME.ONESIXTYONE:
1516
1552
  result = await executeOnesixtyone(input);
1517
1553
  break;
1518
- case "ftp_enum":
1554
+ case TOOL_NAME.FTP_ENUM:
1519
1555
  result = await executeFtpEnum(input);
1520
1556
  break;
1521
- case "ftp_anon":
1557
+ case TOOL_NAME.FTP_ANON:
1522
1558
  result = await executeFtpAnon(input);
1523
1559
  break;
1524
- case "nbtscan":
1560
+ case TOOL_NAME.NBTSCAN:
1525
1561
  result = await executeNbtscan(input);
1526
1562
  break;
1527
- case "rpc_info":
1563
+ case TOOL_NAME.RPC_INFO:
1528
1564
  result = await executeRpcInfo(input);
1529
1565
  break;
1530
- case "showmount":
1566
+ case TOOL_NAME.SHOWMOUNT:
1531
1567
  result = await executeShowmount(input);
1532
1568
  break;
1533
- case "telnet":
1569
+ case TOOL_NAME.TELNET:
1534
1570
  result = await executeTelnet(input);
1535
1571
  break;
1536
- case "hydra":
1572
+ case TOOL_NAME.HYDRA:
1537
1573
  result = await executeHydra(input);
1538
1574
  break;
1539
1575
  // report
1540
- case "report_finding":
1576
+ case TOOL_NAME.REPORT_FINDING:
1541
1577
  result = await reportFinding(input);
1542
1578
  break;
1543
- case "take_screenshot":
1579
+ case TOOL_NAME.TAKE_SCREENSHOT:
1544
1580
  result = await takeScreenshot(input);
1545
1581
  break;
1546
1582
  default:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pentesting",
3
- "version": "0.7.0",
3
+ "version": "0.7.2",
4
4
  "description": "Autonomous Penetration Testing AI Agent",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",