npm - pentesting - Versions diffs - 0.7.6 → 0.7.8 - Mend

pentesting 0.7.6 → 0.7.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,13 +1,13 @@
 ```
-   ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗
-   ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝
-   ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║
-   ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║
-   ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║
-   ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝
+   ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗██╗███╗   ██╗ ██████╗
+   ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║████╗  ██║██╔════╝
+   ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   ██║██╔██╗ ██║██║  ███╗
+   ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██║██║╚██╗██║██║   ██║
+   ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ██║██║ ╚████║╚██████╔╝
+   ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚═╝╚═╝  ╚═══╝ ╚═════╝
 ```
-⚠️ **For authorized penetration testing only. Unauthorized use is illegal.**
+**Autonomous AI Penetration Testing Agent**
 [![npm version](https://badge.fury.io/js/pentesting.svg)](https://www.npmjs.com/package/pentesting)
 [![Docker](https://img.shields.io/badge/Docker-pentesting--tools-blue)](https://hub.docker.com/r/agnusdei1207/pentesting-tools)
@@ -36,67 +36,116 @@ pentesting
 ### Core Capabilities
 - **10-Phase Attack Workflow**: Recon → Scan → Enum → Vuln Analysis → Exploitation → PrivEsc → Pivot → Persist → Exfil → Report
 - **9 Specialized Agents**: Built-in domain experts for security testing
-- **Ralph Loop**: Autonomous iteration until objective is achieved
+- **Multi-Target Attack**: Register multiple targets and attack them sequentially
+- **Auto-Target Detection**: Automatically sets targets from user input
 - **Streaming Responses**: Real-time LLM output display
 - **Session Persistence**: Save/resume pentesting sessions
-- **Tool Approval**: Manual confirmation for dangerous commands
+- **ESC Interrupt**: Stop execution anytime with ESC key
 - **MCP Integration**: Extend with Model Context Protocol tools
 - **Docker Toolkit**: 50+ pre-installed pentesting tools
 - **Provider Agnostic**: Works with any OpenAI-compatible API
-### v0.4+ New Features (kimi-cli inspired)
-- **Context Checkpoints**: Save/restore conversation states with `/checkpoint`, `/undo`, `/revert`
-- **Flow Skills**: Mermaid/D2 diagram-based workflow automation
-- **Session Replay**: Review past sessions from wire recordings
-- **Auto-Update**: Background version checking with update notifications
-- **Vision Analysis**: Analyze images from clipboard with `/paste`
-- **Wire Logging**: Detailed session recording in JSONL format
-- **Rich TUI**: Premium ASCII banner, organized help, status reports
+### v0.7+ New Features
+- **Multi-Target Management**: `/target add`, `/target list`, `/target clear`
+- **Batch Attack**: `/start all` to attack all registered targets
+- **set_target Tool**: Agent can set targets directly via tool call
+- **Enhanced ESC**: Properly interrupts even during tool execution
+- **UI State Sync**: Real-time status bar updates for findings/creds/targets
 ---
 ## 📖 CLI Commands
-### Core
+### Target Management
 ```bash
-/target <ip>        Set target IP/hostname
-/start [objective]  Start autonomous pentest
-/stop               Stop current operation
-/status             Show status report
+/target <domain|ip>     Set primary target
+/target add <t>         Add target to list
+/target list            Show all targets (★ = primary)
+/target rm <t>          Remove target from list
+/target set <t>         Set as primary target
+/target clear           Remove ALL targets
+```
+### Attack Execution
+```bash
+/start [objective]      Start pentest on primary target
+/start all              Attack ALL registered targets sequentially
+/stop                   Stop current operation
+/status                 Show status report
 ```
 ### Session Management
 ```bash
-/checkpoint [desc]  Create checkpoint with optional description
-/checkpoints        List all checkpoints
-/undo               Undo to last checkpoint
-/revert <id>        Revert to specific checkpoint
-/compact            Compact context (keep last 3 messages)
-/sessions           List saved sessions
-/resume [id]        Resume a session
-/replay             Show session recordings
+/checkpoint [desc]      Create checkpoint with optional description
+/checkpoints            List all checkpoints
+/undo                   Undo to last checkpoint
+/revert <id>            Revert to specific checkpoint
+/compact                Compact context (keep last 3 messages)
+/sessions               List saved sessions
+/resume [id]            Resume a session
+/replay                 Show session recordings
 ```
 ### Skills & Extras
 ```bash
-/skills             List available skills
-/update             Check for updates
-/update now         Install update
+/skills                 List available skills
+/update                 Check for updates
+/update now             Install update
 ```
 ### Findings & Reports
 ```bash
-/findings           Show discovered findings
-/report             Generate pentest report
+/findings               Show discovered findings
+/report                 Generate pentest report
 ```
 ### Utility
 ```bash
-/paste              Paste from clipboard (text or image)
-/yolo               Toggle auto-approve mode
-/clear              Clear screen
-/exit               Exit
-/y /n /ya           Approve/Deny/Always approve (for pending tools)
+/paste                  Paste from clipboard (text or image)
+/yolo                   Toggle auto-approve mode
+/clear                  Clear screen
+/exit                   Exit
+/y /n /ya               Approve/Deny/Always approve (for pending tools)
+```
+---
+## 🎯 Multi-Target Workflow
+```bash
+# Start pentesting CLI
+pentesting
+# Register multiple targets
+/target add example1.com
+/target add example2.com
+/target add 192.168.1.1
+/target add internal.corp
+# View registered targets
+/target list
+🎯 Targets (4):
+  1. ★ example1.com
+  2.   example2.com
+  3.   192.168.1.1
+  4.   internal.corp
+# Attack all targets sequentially
+/start all
+🚀 Starting multi-target attack on 4 targets
+━━━ [1/4] example1.com ━━━
+📁 Session: session-1707325423
+... reconnaissance & exploitation ...
+━━━ [2/4] example2.com ━━━
+...
+# Press ESC to stop between targets
+⏸ Stopped at target 2/4
+✓ Multi-target attack complete
 ```
 ---
@@ -137,35 +186,38 @@ pentesting
 ## 💻 Programmatic Usage
 ```typescript
-import { PentestingAgent, PENTEST_EVENT } from 'pentesting';
+import { AutonomousHackingAgent, AGENT_EVENT } from 'pentesting';
-const agent = new PentestingAgent({
-    yoloMode: false,          // Require approval for dangerous tools
-    useStreaming: true,       // Enable streaming responses
-    maxIterations: 100,       // Max Ralph loop iterations
-    autoSave: true,           // Auto-save session state
+const agent = new AutonomousHackingAgent(undefined, {
+    autoApprove: false,       // Require approval for dangerous tools
+    maxIterations: 100,       // Max loop iterations
 });
+// Multi-target setup
+agent.addTarget('example1.com');
+agent.addTarget('example2.com');
+agent.setTarget('example1.com');
 // Listen for events
-agent.on(PENTEST_EVENT.FINDING, (finding) => {
+agent.on(AGENT_EVENT.FINDING, (finding) => {
     console.log(`Found: ${finding.title} (${finding.severity})`);
 });
-agent.on(PENTEST_EVENT.APPROVAL_NEEDED, (request) => {
-    console.log(`Approval needed for: ${request.toolName}`);
-    agent.approveToolCall(request.id, 'approve');
+agent.on(AGENT_EVENT.TARGET_SET, (target) => {
+    console.log(`Target set: ${target}`);
 });
-agent.on(PENTEST_EVENT.TEXT_DELTA, (text) => {
-    process.stdout.write(text);
+agent.on(AGENT_EVENT.TOOL_CALL, ({ name, input }) => {
+    console.log(`Tool: ${name}`);
 });
 // Start pentesting
-await agent.start('Get root access', '192.168.1.100');
+await agent.runAutonomous('Get root access');
-// Or use individual commands
-const scanResult = await agent.chat('/scan 10.10.10.1');
-const exploitResult = await agent.chat('/exploit Apache 2.4.49');
+// Control execution
+agent.pause();    // Pause (ESC key equivalent)
+agent.resume();   // Resume
+agent.abort();    // Complete stop
 ```
 ---
@@ -185,6 +237,15 @@ docker run -d --name pentesting-tools --network host \
 docker exec -it pentesting-tools nmap -sCV 10.0.0.1
 ```
+### Included Tools
+- **Network**: nmap, rustscan, masscan, netcat
+- **Web**: ffuf, nikto, sqlmap, httpx
+- **Discovery**: subfinder, amass, nuclei
+- **Service**: snmpwalk, nbtscan, hydra, smbclient
+- **AD/Windows**: impacket, crackmapexec
+- **Database**: mysql-client, postgresql-client, redis-tools
+- **Utilities**: curl, wget, jq, python3
 ---
 ## 🔌 MCP Integration
@@ -192,7 +253,7 @@ docker exec -it pentesting-tools nmap -sCV 10.0.0.1
 Extend with additional MCP servers:
 ```typescript
-const agent = new PentestingAgent();
+const agent = new AutonomousHackingAgent();
 // Add filesystem access
 await agent.addMCPServer('filesystem', 'npx', [
@@ -213,8 +274,12 @@ await agent.addMCPServer('security-tools', 'docker', [
 ┌─────────────────────────────────────────────────────────────────┐
 │                         TUI (app.tsx)                            │
 │  ┌──────────────┐ ┌──────────────┐ ┌──────────────────────────┐ │
-│  │ WireLogger   │ │ContextMgr   │ │ SlashCommandRegistry     │ │
-│  │ (Recording)  │ │(Checkpoints)│ │ (Command Handling)       │ │
+│  │ WireLogger   │ │ContextMgr   │ │ Multi-Target Handler     │ │
+│  │ (Recording)  │ │(Checkpoints)│ │ (add/list/rm/clear/all)  │ │
+│  └──────────────┘ └──────────────┘ └──────────────────────────┘ │
+│  ┌──────────────┐ ┌──────────────┐ ┌──────────────────────────┐ │
+│  │ KeyboardLstn │ │ ForceUpdate  │ │ SlashCommandRegistry     │ │
+│  │ (ESC/Ctrl+C) │ │ (UI Refresh) │ │ (Command Handling)       │ │
 │  └──────────────┘ └──────────────┘ └──────────────────────────┘ │
 └────────────────────────────┬────────────────────────────────────┘
                              │ Events
@@ -224,6 +289,10 @@ await agent.addMCPServer('security-tools', 'docker', [
 │  │ HookExecutor │ │ MCPManager   │ │ApprovalMgr   │             │
 │  │ (Lifecycle)  │ │ (Extensions) │ │(Tool Safety) │             │
 │  └──────────────┘ └──────────────┘ └──────────────┘             │
+│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐             │
+│  │ TargetMgr    │ │ PauseMgr     │ │ContextMgr    │             │
+│  │ (Multi-Tgt)  │ │ (ESC/Abort)  │ │ (Compaction) │             │
+│  └──────────────┘ └──────────────┘ └──────────────┘             │
 │                                                                  │
 │  ┌────────────────────────────────────────────────────────────┐ │
 │  │            9 Built-in Specialized Agents                   │ │
@@ -240,34 +309,6 @@ await agent.addMCPServer('security-tools', 'docker', [
      └─────────┘       └─────────┘       └─────────┘
 ```
-### Module Connectivity
-```
-Core Modules (src/core/):
-├── agent/           AutonomousHackingAgent, PentestingAgent, AgentOrchestrator
-├── approval/        ApprovalManager - tool execution safety
-├── commands/        SlashCommandRegistry - command handling
-├── context/         ContextManager (checkpoints) + Compaction (tokens)
-├── display/         DisplayBlocks - rich output formatting
-├── hooks/           HookExecutor - lifecycle events
-├── loop/            RalphLoop - autonomous iteration
-├── prompts/         System prompts for agents
-├── replay/          SessionReplay - wire file parsing
-├── session/         SessionManager - persistence
-├── skill/           SkillManager + FlowExecutor - workflow automation
-├── streaming/       StreamingAgent - real-time output
-├── tools/           Tool definitions, executor, registry
-└── update/          AutoUpdate - version management
-Support Modules:
-├── wire/            WireLogger (JSONL recording) + Wire Protocol
-├── mcp/             MCPManager, MCPClient - extensions
-├── utils/           Clipboard, Retry utilities
-├── agents/          9 built-in specialized agents
-├── commands/        Built-in slash commands
-└── config/          Constants, Theme, Agent configuration
-```
 ---
 ## 📁 Project Structure
@@ -276,8 +317,9 @@ Support Modules:
 src/
 ├── index.tsx              # CLI entry point
 ├── cli/
-│   ├── app.tsx            # TUI with streaming, approval, sessions
-│   └── components/        # Rich display components
+│   ├── app.tsx            # TUI with streaming, multi-target, approval
+│   ├── components/        # Rich display components
+│   └── utils/             # Keyboard listener
 ├── core/
 │   ├── agent/             # Agent implementations
 │   ├── approval/          # Tool approval system
@@ -322,19 +364,24 @@ npm run dev
 ---
-## 📚 Documentation
-- [Architecture](docs/architecture.md) - System design and components
-- [API Reference](docs/api-reference.md) - Full API documentation
-- [Troubleshooting](docs/troubleshooting.md) - Common issues
+## 📚 Changelog
----
+### v0.7.7
+- Multi-target management (`/target add/list/rm/clear`)
+- Batch attack (`/start all`)
+- `set_target` tool for agent
-## ⚠️ Legal
+### v0.7.6
+- ESC interrupt improvements
+- UI state sync for findings/creds/phase
-**Only use on systems you own or have explicit permission to test.**
+### v0.7.5
+- `set_target` tool integration
+- `forceUpdate` mechanism for React state
-This tool is for authorized penetration testing and CTF competitions only. Unauthorized access to computer systems is illegal.
+### v0.7.4
+- Removed all legal/permission prompts
+- Auto-target detection from user input
 ---

package/dist/index.js CHANGED Viewed

@@ -4501,6 +4501,20 @@ ${prompt}`
     }
     return targets;
   }
+  /**
+   * Clear all targets
+   */
+  clearTargets() {
+    this.state.target.primary = "";
+    this.state.target.discovered = [];
+    this.emit(AGENT_EVENT.TARGET_SET, { action: "cleared" });
+  }
+  /**
+   * Get target count
+   */
+  getTargetCount() {
+    return this.getAllTargets().length;
+  }
   // ===== Phase Management =====
   getCurrentPhase() {
     return this.state.phases.find((p) => p.id === this.state.currentPhase);
@@ -6761,9 +6775,12 @@ var App = ({ autoApprove = false, target }) => {
           addMessage(
             MESSAGE_TYPE.SYSTEM,
             `\u2500\u2500 Core \u2500\u2500
-/target [domain|ip]  Set/show targets
-  add <t>  list  rm <t>  set <t>
-/start [goal]    Start autonomous pentest
+/target [domain|ip]  Set primary target
+  add <t>   Add to list    rm <t>    Remove
+  list      Show all       set <t>   Set primary
+  clear     Remove all targets
+/start [goal]    Pentest primary target
+/start all       Attack ALL targets
 /stop            Stop operation
 /status          Show status report
@@ -6861,10 +6878,17 @@ ${list}`);
               if (args[1]) {
                 agent.setTarget(args[1]);
                 addMessage(MESSAGE_TYPE.SYSTEM, `\u2605 Primary target \u2192 ${args[1]}`);
+                forceUpdate((n) => n + 1);
               } else {
                 addMessage(MESSAGE_TYPE.ERROR, "Usage: /target set <domain|ip>");
               }
               break;
+            case "clear":
+            case "reset":
+              agent.clearTargets();
+              addMessage(MESSAGE_TYPE.SYSTEM, "\u2713 All targets cleared");
+              forceUpdate((n) => n + 1);
+              break;
             default:
               agent.setTarget(subCmd);
               addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F3AF} Target \u2192 ${subCmd}`);
@@ -6872,6 +6896,41 @@ ${list}`);
           return;
         case CLI_COMMAND.START:
         case "s":
+          if (args[0]?.toLowerCase() === "all") {
+            const allTargets = agent.getAllTargets();
+            if (allTargets.length === 0) {
+              addMessage(MESSAGE_TYPE.ERROR, "No targets registered. Use /target add <domain|ip> first");
+              return;
+            }
+            setIsProcessing(true);
+            startTimer();
+            const allObjective = args.slice(1).join(" ") || "Perform comprehensive penetration testing";
+            addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F680} Starting multi-target attack on ${allTargets.length} targets`);
+            for (let i = 0; i < allTargets.length; i++) {
+              const currentTarget = allTargets[i];
+              if (agent.shouldStop()) {
+                addMessage(MESSAGE_TYPE.SYSTEM, `\u23F8 Stopped at target ${i + 1}/${allTargets.length}`);
+                break;
+              }
+              agent.setTarget(currentTarget);
+              addMessage(MESSAGE_TYPE.SYSTEM, `
+\u2501\u2501\u2501 [${i + 1}/${allTargets.length}] ${currentTarget} \u2501\u2501\u2501`);
+              forceUpdate((n) => n + 1);
+              try {
+                const session = await sessionManager2.createSession(allObjective, currentTarget);
+                addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4C1} Session: ${session.id}`);
+                agent.resume();
+                await agent.runAutonomous(allObjective);
+              } catch (e) {
+                addMessage(MESSAGE_TYPE.ERROR, `${currentTarget}: ${e instanceof Error ? e.message : String(e)}`);
+              }
+            }
+            stopTimer();
+            setIsProcessing(false);
+            setCurrentStatus("");
+            addMessage(MESSAGE_TYPE.SYSTEM, `\u2713 Multi-target attack complete`);
+            return;
+          }
           let startObjective = args.join(" ");
           const firstArg = args[0];
           if (firstArg && (firstArg.includes(".") || /^\d+\.\d+\.\d+\.\d+$/.test(firstArg))) {
@@ -7251,7 +7310,7 @@ ${list}`);
     if (key.ctrl && input2 === "x") {
       const newMode = mode === "agent" ? "shell" : "agent";
       setMode(newMode);
-      addMessage(MESSAGE_TYPE.SYSTEM, `Mode: ${newMode === "agent" ? "\u{1F916} Agent" : "$ Shell"}`);
+      addMessage(MESSAGE_TYPE.SYSTEM, `Mode: ${newMode === "agent" ? "Agent" : "Shell"}`);
     }
   });
   const getStyle = (type) => {
@@ -7350,8 +7409,6 @@ ${list}`);
     ] }),
     /* @__PURE__ */ jsxs2(Box2, { marginTop: 1, justifyContent: "space-between", children: [
       /* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
-        mode === "agent" ? "\u{1F916}" : "$",
-        " ",
         state.target.primary || "No target",
         state.target.discovered.length > 1 && ` (+${state.target.discovered.length - 1})`,
         " \u2502",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.7.6",
+  "version": "0.7.8",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",