npm - pentesting - Versions diffs - 0.7.44 → 0.7.45 - Mend

pentesting 0.7.44 → 0.7.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +55 -130
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -189,48 +189,27 @@ Complete
 ---
-## 🤖 Agentic System (Dual Architecture)
-### YAML-Based Agents (Primary)
-New agents defined in `src/agents/specs/*.yaml` with auto-switching:
-| YAML Agent | Phase | Description |
-|------------|-------|-------------|
-| `recon` | RECON, SCAN | Information gathering, port scanning |
-| `web` | ENUM | Web application security, OWASP Top 10 |
-| `exploit` | VULN, EXPLOIT | CVE research, exploit execution |
-| `privesc` | PRIVESC, PIVOT, PERSIST | Privilege escalation techniques |
-| `crypto` | EXFIL | Hash cracking, encryption analysis |
-### Built-in Agents (Fallback)
-| Agent | Specialty |
-|-------|-----------|
-| `target-explorer` | Network reconnaissance, service enumeration |
-| `exploit-researcher` | CVE research, exploit development |
-| `privesc-master` | Linux/Windows privilege escalation |
-| `web-hacker` | OWASP Top 10, SQLi, XSS, SSRF |
-| `crypto-solver` | Hash cracking, cipher analysis |
-| `forensics-analyst` | Memory forensics, file carving |
-| `reverse-engineer` | Binary analysis, exploit development |
-| `attack-architect` | Attack strategy planning |
-| `finding-reviewer` | Vulnerability validation |
-### Agent Orchestration Flow
+## 🤖 AI Agents
-```
-User Request → AutonomousHackingAgent
-       ↓
-Phase Change Detected (RECON → SCAN → ENUM → ...)
-       ↓
-autoSwitchAgentForPhase(phaseId)
-       ├── Try YAML Agent First (SpecOrchestrator)
-       └── Fallback to Builtin Agent
-       ↓
-System Prompt = Base + Agent-Specific Instructions
-       ↓
-LLM Call with Specialized Context
-```
+Pentesting automatically switches between specialized AI agents based on the current attack phase:
+| Phase | Agent | What it does |
+|-------|-------|--------------|
+| Reconnaissance | **Recon Agent** | Discovers hosts, ports, services, subdomains |
+| Web Scanning | **Web Agent** | Tests for OWASP Top 10, SQLi, XSS, SSRF |
+| Exploitation | **Exploit Agent** | Researches CVEs, selects and runs exploits |
+| Privilege Escalation | **PrivEsc Agent** | Finds SUID, sudo misconfigs, kernel exploits |
+| Data Extraction | **Crypto Agent** | Cracks hashes, analyzes encryption |
+### How it works
+1. **You set a target** → Agent starts in Recon mode
+2. **Finds web services** → Automatically switches to Web Agent
+3. **Discovers vulnerability** → Switches to Exploit Agent
+4. **Gets shell access** → Switches to PrivEsc Agent
+5. **Finds password hashes** → Crypto Agent takes over
+> No manual agent switching needed. The system automatically picks the best agent for each situation.
 ---
@@ -249,44 +228,15 @@ LLM Call with Specialized Context
 > **Note**: `ANTHROPIC_API_KEY` is also accepted as fallback for `PENTEST_API_KEY`.
----
-## 💻 Programmatic Usage
-```typescript
-import { AutonomousHackingAgent, AGENT_EVENT } from 'pentesting';
-const agent = new AutonomousHackingAgent(undefined, {
-    autoApprove: false,       // Require approval for dangerous tools
-    maxIterations: 100,       // Max loop iterations
-});
-// Multi-target setup
-agent.addTarget('example1.com');
-agent.addTarget('example2.com');
-agent.setTarget('example1.com');
-// Listen for events
-agent.on(AGENT_EVENT.FINDING, (finding) => {
-    console.log(`Found: ${finding.title} (${finding.severity})`);
-});
-agent.on(AGENT_EVENT.TARGET_SET, (target) => {
-    console.log(`Target set: ${target}`);
-});
+---
-agent.on(AGENT_EVENT.TOOL_CALL, ({ name, input }) => {
-    console.log(`Tool: ${name}`);
-});
+## 💻 For Developers
-// Start pentesting
-await agent.runAutonomous('Get root access');
-// Control execution
-agent.pause();    // Pause (ESC key equivalent)
-agent.resume();   // Resume
-agent.abort();    // Complete stop
-```
+Pentesting can be used as a library in your own projects. See [Architecture Docs](./docs/architecture.md) for:
+- API Reference
+- Event System
+- Custom Agent Integration
 ---
@@ -332,63 +282,39 @@ docker pull agnusdei1207/pentesting-tools:latest
 ## 🔌 MCP Integration
-Extend with additional MCP servers:
-```typescript
-const agent = new AutonomousHackingAgent();
-// Add filesystem access
-await agent.addMCPServer('filesystem', 'npx', [
-    '-y', '@modelcontextprotocol/server-filesystem', '/'
-]);
-// Add custom security tools
-await agent.addMCPServer('security-tools', 'docker', [
-    'exec', '-i', 'pentesting-tools', '/bin/bash'
-]);
-```
+Pentesting supports MCP (Model Context Protocol) for extending capabilities with additional tools and servers. See [Architecture Docs](./docs/architecture.md) for integration details.
 ---
-## 🏗️ Architecture
+## 🏗️ How It Works
 ```
-┌─────────────────────────────────────────────────────────────────┐
-│                         TUI (app.tsx)                            │
-│  ┌──────────────┐ ┌──────────────┐ ┌──────────────────────────┐ │
-│  │ WireLogger   │ │ContextMgr   │ │ Multi-Target Handler     │ │
-│  │ (Recording)  │ │(Checkpoints)│ │ (add/list/rm/clear/all)  │ │
-│  └──────────────┘ └──────────────┘ └──────────────────────────┘ │
-│  ┌──────────────┐ ┌──────────────┐ ┌──────────────────────────┐ │
-│  │ KeyboardLstn │ │ ForceUpdate  │ │ SlashCommandRegistry     │ │
-│  │ (ESC/Ctrl+C) │ │ (UI Refresh) │ │ (Command Handling)       │ │
-│  └──────────────┘ └──────────────┘ └──────────────────────────┘ │
-└────────────────────────────┬────────────────────────────────────┘
-                             │ Events
-┌────────────────────────────▼────────────────────────────────────┐
-│              AutonomousHackingAgent (Core Engine)                │
-│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐             │
-│  │ HookExecutor │ │ MCPManager   │ │ApprovalMgr   │             │
-│  │ (Lifecycle)  │ │ (Extensions) │ │(Tool Safety) │             │
-│  └──────────────┘ └──────────────┘ └──────────────┘             │
-│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐             │
-│  │ TargetMgr    │ │ PauseMgr     │ │ContextMgr    │             │
-│  │ (Multi-Tgt)  │ │ (ESC/Abort)  │ │ (Compaction) │             │
-│  └──────────────┘ └──────────────┘ └──────────────┘             │
-│                                                                  │
-│  ┌────────────────────────────────────────────────────────────┐ │
-│  │            9 Built-in Specialized Agents                   │ │
-│  │  target-explorer • exploit-researcher • privesc-master     │ │
-│  │  web-hacker • crypto-solver • forensics-analyst            │ │
-│  │  reverse-engineer • attack-architect • finding-reviewer    │ │
-│  └────────────────────────────────────────────────────────────┘ │
-└────────────────────────────┬────────────────────────────────────┘
-                             │
-          ┌──────────────────┼──────────────────┐
-     ┌────▼────┐       ┌────▼────┐       ┌────▼────┐
-     │  Tool   │       │  Bash   │       │   MCP   │
-     │Executor │       │Commands │       │ Servers │
-     └─────────┘       └─────────┘       └─────────┘
+┌──────────────────────────────────────────────┐
+│              Your Terminal                    │
+│  ┌────────────────────────────────────────┐  │
+│  │  pentesting CLI (Interactive TUI)      │  │
+│  │  - Target management                   │  │
+│  │  - Session recording                   │  │
+│  │  - Real-time output                   │  │
+│  └────────────────────────────────────────┘  │
+└─────────────────────┬────────────────────────┘
+                      ▼
+┌──────────────────────────────────────────────┐
+│              AI Agent Core                    │
+│  ┌────────────────────────────────────────┐  │
+│  │  5 Specialized Agents (auto-switching) │  │
+│  │  Recon → Web → Exploit → PrivEsc → Crypto│
+│  └────────────────────────────────────────┘  │
+└─────────────────────┬────────────────────────┘
+                      ▼
+┌──────────────────────────────────────────────┐
+│              Tool Execution                   │
+│  ┌──────────┐  ┌──────────┐  ┌──────────┐   │
+│  │  Docker  │  │  Local   │  │   MCP    │   │
+│  │  (50+    │  │  Tools   │  │  Servers │   │
+│  │  tools)  │  │          │  │          │   │
+│  └──────────┘  └──────────┘  └──────────┘   │
+└──────────────────────────────────────────────┘
 ```
 ---
@@ -410,7 +336,6 @@ npm run build
 npm run dev
 ```
-## 📄 License
 ## Documentation
 - [Architecture](./docs/ARCHITECTURE.md) - System design and components
@@ -418,6 +343,6 @@ npm run dev
 ---
-## �📄 License
+## 📄 License
 MIT

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.7.44",
+  "version": "0.7.45",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",