pentesting 0.7.16 → 0.7.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +45 -35
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -34,23 +34,23 @@ pentesting
34
34
  ## ✨ Features
35
35
 
36
36
  ### Core Capabilities
37
+ - **Intelligent Agent**: Self-reflection and decision framework (inspired by Claude Code)
38
+ - **Confidence Scoring**: Only acts on actions with >50% success probability
37
39
  - **10-Phase Attack Workflow**: Recon → Scan → Enum → Vuln Analysis → Exploitation → PrivEsc → Pivot → Persist → Exfil → Report
38
- - **9 Specialized Agents**: Built-in domain experts for security testing
40
+ - **Auto Docker Management**: Automatically pulls and starts `pentesting-tools` container
39
41
  - **Multi-Target Attack**: Register multiple targets and attack them sequentially
40
- - **Auto-Target Detection**: Automatically sets targets from user input
41
- - **Streaming Responses**: Real-time LLM output display
42
- - **Session Persistence**: Save/resume pentesting sessions
42
+ - **Real-time Feedback**: See thinking process, tool calls, and results live
43
43
  - **ESC Interrupt**: Stop execution anytime with ESC key
44
- - **MCP Integration**: Extend with Model Context Protocol tools
45
- - **Docker Toolkit**: 50+ pre-installed pentesting tools
46
- - **Provider Agnostic**: Works with any OpenAI-compatible API
44
+ - **Rainbow Spinner**: Visual feedback with cycling colors
47
45
 
48
- ### v0.7+ New Features
49
- - **Multi-Target Management**: `/target add`, `/target list`, `/target clear`
50
- - **Batch Attack**: `/start all` to attack all registered targets
51
- - **set_target Tool**: Agent can set targets directly via tool call
52
- - **Enhanced ESC**: Properly interrupts even during tool execution
53
- - **UI State Sync**: Real-time status bar updates for findings/creds/targets
46
+ ### v0.7.16 New Features
47
+ - **Self-Reflection**: Agent asks "Is this the fastest way?" before every action
48
+ - **Decision Framework**: Value = (Probability × Impact) / Time Cost
49
+ - **Concrete Tool Commands**: Exact ffuf, nmap, hydra syntax with wordlist paths
50
+ - **Auto Docker**: Container starts automatically when tools are missing
51
+ - **Thinking Display**: See `[thinking]` and `[reasoning]` messages
52
+ - **Token Label**: Status bar shows `3k tok` instead of just `3k`
53
+ - **Approval Fix**: "Approve always" now works correctly (no repeat prompts)
54
54
 
55
55
  ---
56
56
 
@@ -110,7 +110,7 @@ pentesting
110
110
 
111
111
  ---
112
112
 
113
- ## 🎯 Multi-Target Workflow
113
+ ## Multi-Target Workflow
114
114
 
115
115
  ```bash
116
116
  # Start pentesting CLI
@@ -124,8 +124,8 @@ pentesting
124
124
 
125
125
  # View registered targets
126
126
  /target list
127
- 🎯 Targets (4):
128
- 1. example1.com
127
+ Targets (4):
128
+ 1. * example1.com (primary)
129
129
  2. example2.com
130
130
  3. 192.168.1.1
131
131
  4. internal.corp
@@ -133,19 +133,19 @@ pentesting
133
133
  # Attack all targets sequentially
134
134
  /start all
135
135
 
136
- 🚀 Starting multi-target attack on 4 targets
136
+ Starting multi-target attack on 4 targets
137
137
 
138
- ━━━ [1/4] example1.com ━━━
139
- 📁 Session: session-1707325423
138
+ --- [1/4] example1.com ---
139
+ Session: session-1707325423
140
140
  ... reconnaissance & exploitation ...
141
141
 
142
- ━━━ [2/4] example2.com ━━━
142
+ --- [2/4] example2.com ---
143
143
  ...
144
144
 
145
145
  # Press ESC to stop between targets
146
- Stopped at target 2/4
146
+ Stopped at target 2/4
147
147
 
148
- ✓ Multi-target attack complete
148
+ Complete
149
149
  ```
150
150
 
151
151
  ---
@@ -378,25 +378,35 @@ npm run dev
378
378
 
379
379
  ---
380
380
 
381
- ## 📚 Changelog
381
+ ## Changelog
382
+
383
+ ### v0.7.16
384
+ - Self-reflection framework (Claude Code inspired)
385
+ - Confidence scoring (0-100) for decisions
386
+ - Decision framework: Value = (Probability × Impact) / Time Cost
387
+ - Concrete tool commands with wordlist paths
388
+ - Efficiency rules and stop conditions
389
+
390
+ ### v0.7.15
391
+ - Comprehensive prompt improvements
392
+ - Approval fix (double popup bug)
393
+ - Token label in status bar (`3k tok`)
394
+
395
+ ### v0.7.14
396
+ - Auto Docker management
397
+ - Container auto-start on first use
398
+
399
+ ### v0.7.13
400
+ - Rainbow spinner
401
+ - Thinking/reasoning display
402
+ - Monochrome theme
403
+ - Tab mode toggle
382
404
 
383
405
  ### v0.7.7
384
406
  - Multi-target management (`/target add/list/rm/clear`)
385
407
  - Batch attack (`/start all`)
386
408
  - `set_target` tool for agent
387
409
 
388
- ### v0.7.6
389
- - ESC interrupt improvements
390
- - UI state sync for findings/creds/phase
391
-
392
- ### v0.7.5
393
- - `set_target` tool integration
394
- - `forceUpdate` mechanism for React state
395
-
396
- ### v0.7.4
397
- - Removed all legal/permission prompts
398
- - Auto-target detection from user input
399
-
400
410
  ---
401
411
 
402
412
  ## 📄 License
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pentesting",
3
- "version": "0.7.16",
3
+ "version": "0.7.17",
4
4
  "description": "Autonomous Penetration Testing AI Agent",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",