pentesting 0.7.13 → 0.7.15

package/README.md

@@ -222,29 +222,43 @@ agent.abort();    // Complete stop
 
 ---
 
-## 🐳 Docker Environment
+## 🐳 Docker Toolkit (Auto-Managed)
+
+Pentesting automatically manages a Docker container with 50+ pre-installed tools.
+
+### Automatic Setup
+
+**No manual Docker setup required!** When you run a command that needs tools like `nmap` or `rustscan`:
+
+1. Pentesting checks if tool exists locally
+2. If not, it automatically pulls `agnusdei1207/pentesting-tools:latest`
+3. Starts container `pentesting-tools` with host network
+4. Executes command via `docker exec`
+
+### Manual Docker Control
 
 ```bash
-# Pull pre-built toolkit (50+ tools)
-docker pull agnusdei1207/pentesting-tools:latest
+# Force all commands through Docker
+export PENTESTING_DOCKER=1
 
-# Run with host network (required for target access)
-docker run -d --name pentesting-tools --network host \
-  -v $(pwd)/workspace:/pentest \
-  agnusdei1207/pentesting-tools:latest
+# Use custom container name
+export PENTESTING_CONTAINER=my-pentest-container
 
-# Execute tools
-docker exec -it pentesting-tools nmap -sCV 10.0.0.1
+# Manual pull (optional - auto-pulled on first use)
+docker pull agnusdei1207/pentesting-tools:latest
 ```
 
-### Included Tools
-- **Network**: nmap, rustscan, masscan, netcat
-- **Web**: ffuf, nikto, sqlmap, httpx
-- **Discovery**: subfinder, amass, nuclei
-- **Service**: snmpwalk, nbtscan, hydra, smbclient
-- **AD/Windows**: impacket, crackmapexec
-- **Database**: mysql-client, postgresql-client, redis-tools
-- **Utilities**: curl, wget, jq, python3
+### Included Tools (50+)
+
+| Category | Tools |
+|----------|-------|
+| **Network** | nmap, rustscan, masscan, netcat, tcpdump |
+| **Web** | ffuf, nikto, sqlmap, httpx, whatweb |
+| **Discovery** | subfinder, amass, nuclei, dnsrecon |
+| **Bruteforce** | hydra, hashcat, john |
+| **AD/Windows** | impacket, crackmapexec, smbclient |
+| **Database** | mysql-client, postgresql-client, redis-tools |
+| **Utilities** | curl, wget, jq, python3, go |
 
 ---
 

package/dist/index.js

@@ -1317,8 +1317,10 @@ import { promisify } from "util";
 import * as fs from "fs/promises";
 import * as path from "path";
 var execAsync = promisify(exec);
+var DOCKER_IMAGE = "agnusdei1207/pentesting-tools:latest";
 var DOCKER_CONTAINER = process.env.PENTESTING_CONTAINER || "pentesting-tools";
 var FORCE_DOCKER = process.env.PENTESTING_DOCKER === "1";
+var dockerStarted = false;
 var DOCKER_TOOLS = [
   // Network scanning
   TOOL_NAME.RUSTSCAN,
@@ -1392,14 +1394,37 @@ var DOCKER_TOOLS = [
   TOOL_NAME.CHECK_SUDO,
   TOOL_NAME.FIND_SUID
 ];
-async function isDockerAvailable() {
+async function ensureDockerContainer() {
+  if (dockerStarted) return true;
   try {
-    await execAsync(`docker inspect ${DOCKER_CONTAINER} --format='{{.State.Running}}'`);
+    const { stdout } = await execAsync(`docker inspect ${DOCKER_CONTAINER} --format='{{.State.Running}}'`);
+    if (stdout.trim() === "true") {
+      dockerStarted = true;
+      return true;
+    }
+    await execAsync(`docker start ${DOCKER_CONTAINER}`);
+    dockerStarted = true;
+    console.log(`[Docker] Started container: ${DOCKER_CONTAINER}`);
     return true;
   } catch {
-    return false;
+    try {
+      console.log(`[Docker] Pulling and starting ${DOCKER_IMAGE}...`);
+      await execAsync(`docker run -d --name ${DOCKER_CONTAINER} --network host ${DOCKER_IMAGE}`, {
+        timeout: 12e4
+        // 2 min timeout for pull
+      });
+      dockerStarted = true;
+      console.log(`[Docker] Container ready: ${DOCKER_CONTAINER}`);
+      return true;
+    } catch (err) {
+      console.error(`[Docker] Failed to start container: ${err}`);
+      return false;
+    }
   }
 }
+async function isDockerAvailable() {
+  return await ensureDockerContainer();
+}
 async function commandExists(cmd) {
   try {
     await execAsync(`which ${cmd}`);
@@ -4885,11 +4910,20 @@ Use report_finding tool for important discoveries.
             toolInput,
             riskLevel: risk
           });
-          const decision = await this.approvalManager.requestApproval(
-            toolName,
-            toolInput,
-            `Executing ${toolName} (${risk} risk)`
-          );
+          const decision = await new Promise((resolve) => {
+            const handler = (response2) => {
+              if (response2.requestId === block.id) {
+                this.approvalManager.removeListener("approval_response", handler);
+                if (response2.decision === "approve_always") {
+                  this.approvalManager.autoApprovedTools?.add(toolName);
+                  resolve("approve");
+                } else {
+                  resolve(response2.decision);
+                }
+              }
+            };
+            this.approvalManager.on("approval_response", handler);
+          });
           if (decision === "deny") {
             this.think(THOUGHT_TYPE.STUCK, `Tool denied by user: ${toolName}`);
             this.emit(AGENT_EVENT.TOOL_RESULT, {
@@ -7406,7 +7440,7 @@ ${list}`);
         state.target.discovered.length > 1 && ` (+${state.target.discovered.length - 1})`,
         state.findings.length > 0 && ` \u2502 ${state.findings.length} findings`,
         state.credentials.length > 0 && ` \u2502 ${state.credentials.length} creds`,
-        tokenUsage.total > 0 && ` \u2502 ${(tokenUsage.total / 1e3).toFixed(0)}k`
+        tokenUsage.total > 0 && ` \u2502 ${(tokenUsage.total / 1e3).toFixed(0)}k tok`
       ] }),
       /* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
         isProcessing && currentStatus && `${currentStatus.slice(0, 40)} \u2502 `,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.7.13",
+  "version": "0.7.15",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",