npm - pentesting - Versions diffs - 0.73.3 → 0.73.4 - Mend

pentesting 0.73.3 → 0.73.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +121 -0
package/dist/{agent-tool-JEFUBDZE.js → agent-tool-MP274HWD.js} +3 -3
package/dist/{chunk-BKWCGMSV.js → chunk-3KWJPPYB.js} +46 -11
package/dist/{chunk-UB7RW6LM.js → chunk-7E2VUIFU.js} +194 -63
package/dist/chunk-I52SWXYV.js +1122 -0
package/dist/main.js +1635 -1005
package/dist/{persistence-2WKQHGOL.js → persistence-BNVN3WW6.js} +2 -2
package/dist/{process-registry-QIW7ZIUT.js → process-registry-BI7BKPHN.js} +1 -1
package/package.json +3 -4
package/dist/chunk-GLO6TOJN.js +0 -333

package/README.md CHANGED Viewed

@@ -120,3 +120,124 @@ we don't stop until the flag is captured.
 <br/>
 </div>
+---
+## Research References
+This section collects representative papers matched to the design themes reflected in `pentesting`.
+It is an inference-based reconstruction from topic overlap, not a verbatim personal reading log.
+### Mapping
+- Offensive security agent papers inform the autonomous pentest workflow.
+- Planner-executor and heterogeneous collaboration papers inform task decomposition and coordination.
+- Multi-agent orchestration papers inform role separation, delegation, and control topology.
+- Benchmark and evaluation papers inform capability framing and validation strategy.
+### Offensive Security Agents
+1. [PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing](https://www.usenix.org/conference/usenixsecurity24/presentation/deng)
+   USENIX Security 2024
+   Relevance: autonomous pentest loop and operator-assist workflow.
+2. [D-CIPHER: Dynamic Collaborative Intelligent Agents with Planning and Heterogeneous Execution for Enhanced Reasoning in Offensive Security](https://arxiv.org/abs/2502.10931)
+   arXiv 2025
+   Relevance: collaborative offensive agents, planning, and heterogeneous execution roles.
+3. [Towards Automated Software Security Testing: Augmenting Penetration Testing through LLMs](https://conf.researchr.org/room/ssbse-2023/fse-2023-venue-golden-gate-c1)
+   ESEC/FSE 2023
+   Relevance: LLM-augmented penetration testing as a software engineering workflow.
+4. [LLMs as Hackers: Autonomous Linux Privilege Escalation Attacks](https://arxiv.org/abs/2310.11409)
+   arXiv 2023
+   Relevance: offensive autonomy in post-exploitation and privilege escalation.
+5. [Can LLMs Hack Enterprise Networks? Autonomous Assumed Breach Penetration-Testing Active Directory Networks](https://arxiv.org/abs/2502.04227)
+   arXiv 2025
+   Relevance: enterprise network movement and AD-focused agent behavior.
+6. [LLM Agents can Autonomously Hack Websites](https://arxiv.org/abs/2402.06664)
+   arXiv 2024
+   Relevance: web exploitation agents and end-to-end task execution.
+7. [LLM Agents can Autonomously Exploit One-day Vulnerabilities](https://arxiv.org/abs/2404.08144)
+   arXiv 2024
+   Relevance: exploit execution against known-vulnerability targets.
+8. [Teams of LLM Agents can Exploit Zero-Day Vulnerabilities](https://arxiv.org/abs/2406.01637)
+   arXiv 2024
+   Relevance: multi-agent offensive workflows for harder vulnerability exploitation.
+9. [AutoPentester: An LLM Agent-based Framework for Automated Pentesting](https://arxiv.org/abs/2510.05605)
+   arXiv 2025
+   Relevance: explicit automated pentesting framework alignment.
+### Benchmarks and Cyber Evaluation
+10. [AutoPenBench: A Vulnerability Testing Benchmark for Generative Agents](https://aclanthology.org/2025.emnlp-industry.114/)
+    EMNLP Industry 2025
+    Relevance: benchmark framing for generative vulnerability-testing agents.
+11. [Training Language Model Agents to Find Vulnerabilities with CTF-Dojo](https://arxiv.org/abs/2508.18370)
+    arXiv 2025
+    Relevance: CTF-grounded vulnerability discovery and training/eval setup.
+12. [Cybench: A Framework for Evaluating Cybersecurity Capabilities and Risks of Language Models](https://arxiv.org/abs/2408.08926)
+    arXiv 2024
+    Relevance: evaluation of cybersecurity capability and misuse risk.
+13. [CyberGym: Evaluating AI Agents' Cybersecurity Capabilities with Real-World Vulnerabilities at Scale](https://arxiv.org/abs/2506.02548)
+    arXiv 2025
+    Relevance: large-scale realistic vulnerability evaluation.
+14. [CyberSecEval 2: A Wide-Ranging Cybersecurity Evaluation Suite for Large Language Models](https://arxiv.org/abs/2404.13161)
+    arXiv 2024
+    Relevance: broad cyber eval framing and safety measurement.
+15. [When LLMs Meet Cybersecurity: A Systematic Literature Review](https://arxiv.org/abs/2405.03644)
+    arXiv 2024
+    Relevance: survey grounding across offensive and defensive use cases.
+16. [Large Language Models in Cybersecurity: State-of-the-Art](https://arxiv.org/abs/2402.00891)
+    arXiv 2024
+    Relevance: landscape overview for positioning the project.
+### Multi-Agent Collaboration and Orchestration
+17. [A Survey on Large Language Model based Autonomous Agents](https://arxiv.org/abs/2308.11432)
+    arXiv 2023
+    Relevance: agent architecture baseline and terminology.
+18. [Large Language Model based Multi-Agents: A Survey of Progress and Challenges](https://arxiv.org/abs/2402.01680)
+    arXiv 2024
+    Relevance: multi-agent coordination patterns and failure modes.
+19. [AutoGen: Enabling Next-Gen LLM Applications via Multi-Agent Conversation](https://arxiv.org/abs/2308.08155)
+    arXiv 2023
+    Relevance: role-based dialogue and tool-using multi-agent orchestration.
+20. [MetaGPT: Meta Programming for A Multi-Agent Collaborative Framework](https://arxiv.org/abs/2308.00352)
+    arXiv 2023
+    Relevance: structured role decomposition and pipeline-style collaboration.
+21. [ChatDev: Communicative Agents for Software Development](https://aclanthology.org/2024.acl-long.810/)
+    ACL 2024
+    Relevance: communication protocol and software-task role separation.
+22. [CAMEL: Communicative Agents for "Mind" Exploration of Large Language Model Society](https://arxiv.org/abs/2303.17760)
+    arXiv 2023
+    Relevance: agent role prompting and cooperative interaction patterns.
+23. [AgentVerse: Facilitating Multi-Agent Collaboration and Exploring Emergent Behaviors](https://arxiv.org/abs/2308.10848)
+    arXiv 2023
+    Relevance: multi-agent environment framing and emergent collaboration.
+24. [Scaling Large-Language-Model-based Multi-Agent Collaboration](https://arxiv.org/abs/2406.07155)
+    arXiv 2024
+    Relevance: scale behavior and coordination bottlenecks.
+25. [Multi-Agent Collaboration via Evolving Orchestration](https://arxiv.org/abs/2505.19591)
+    arXiv 2025
+    Relevance: orchestration policy evolution and adaptive coordination.

package/dist/{agent-tool-JEFUBDZE.js → agent-tool-MP274HWD.js} RENAMED Viewed

@@ -5,7 +5,7 @@ import {
   createContextExtractor,
   getLLMClient,
   getShellSupervisorLifecycleSnapshot
-} from "./chunk-BKWCGMSV.js";
+} from "./chunk-3KWJPPYB.js";
 import {
   AGENT_ROLES,
   EVENT_TYPES,
@@ -13,14 +13,14 @@ import {
   TOOL_NAMES,
   getProcessOutput,
   listBackgroundProcesses
-} from "./chunk-UB7RW6LM.js";
+} from "./chunk-7E2VUIFU.js";
 import {
   DETECTION_PATTERNS,
   PROCESS_EVENTS,
   PROCESS_ROLES,
   getActiveProcessSummary,
   getProcessEventLog
-} from "./chunk-GLO6TOJN.js";
+} from "./chunk-I52SWXYV.js";
 // src/engine/agent-tool/completion-box.ts
 function createCompletionBox() {

package/dist/{chunk-BKWCGMSV.js → chunk-3KWJPPYB.js} RENAMED Viewed

@@ -53,6 +53,9 @@ import {
   getTorBrowserArgs,
   getUsedPorts,
   listBackgroundProcesses,
+  llmNodeCooldownPolicy,
+  llmNodeOutputParsing,
+  llmNodeSystemPrompt,
   promoteToShell,
   readFileContent,
   runCommand,
@@ -61,7 +64,7 @@ import {
   startBackgroundProcess,
   stopBackgroundProcess,
   writeFileContent
-} from "./chunk-UB7RW6LM.js";
+} from "./chunk-7E2VUIFU.js";
 import {
   DETECTION_PATTERNS,
   HEALTH_CONFIG,
@@ -74,11 +77,8 @@ import {
   SYSTEM_LIMITS,
   __require,
   getProcessEventLog,
-  llmNodeCooldownPolicy,
-  llmNodeOutputParsing,
-  llmNodeSystemPrompt,
   logEvent
-} from "./chunk-GLO6TOJN.js";
+} from "./chunk-I52SWXYV.js";
 // src/shared/utils/config/env.ts
 var ENV_KEYS = {
@@ -2887,7 +2887,7 @@ var CoreAgent = class _CoreAgent {
     );
     return { output: "", toolsExecuted, isCompleted: false };
   }
-  // ─── AgentController Methods for Dynamic YAML Pipeline ────────────────────
+  // ─── AgentController Methods for Dynamic Runtime Pipeline ─────────────────
   async runLLMInference(ctx, systemPrompt) {
     const iteration = ctx.memory.iteration || 0;
     const progress = ctx.memory.progress;
@@ -3438,14 +3438,28 @@ var shellTools = [
     ["process_id"],
     async (params) => {
       const processId = params.process_id;
+      const profile = params.profile;
       const result = await handleInteractAction(
         processId,
-        getShellCheckCommand(params.profile),
+        getShellCheckCommand(profile),
         params.wait_ms
       );
-      if (result.success && params.profile === "stability" && outputLooksStabilized(result.output)) {
+      if (result.success && profile === "stability") {
+        logEvent(processId, PROCESS_EVENTS.SHELL_STABILITY_CHECKED, "Shell stability probe executed by shell_check");
+      }
+      if (result.success && profile === "stability" && outputLooksStabilized(result.output)) {
         logEvent(processId, PROCESS_EVENTS.SHELL_STABILIZED, "Shell stability confirmed by shell_check");
       }
+      if (result.success && profile === "stability" && !outputLooksStabilized(result.output)) {
+        logEvent(
+          processId,
+          PROCESS_EVENTS.SHELL_STABILITY_INCOMPLETE,
+          "Shell stability probe did not confirm a stable PTY"
+        );
+      }
+      if (result.success && profile === "post") {
+        logEvent(processId, PROCESS_EVENTS.POST_EXPLOITATION_ACTIVITY, "Post-exploitation probe executed by shell_check");
+      }
       return result;
     }
   ),
@@ -3498,6 +3512,10 @@ var offensiveBoundedTools = [
     TOOL_NAMES.EXPLOIT_FOOTHOLD_CHECK,
     "Run a bounded foothold confirmation probe after an exploit chain appears to land access."
   ),
+  createBoundedCommandTool(
+    TOOL_NAMES.EXPLOIT_VECTOR_CHECK,
+    "Run a bounded exploit vector reachability or service confirmation probe before changing vectors."
+  ),
   createBoundedCommandTool(
     TOOL_NAMES.PWN_CRASH_REPRO,
     "Run a bounded pwn crash reproduction command from the preserved crash state."
@@ -11879,7 +11897,7 @@ After completion: record key loot/findings from the sub-agent output to canonica
         workerType: params["worker_type"],
         resumeTaskId: params["resume_task_id"]
       };
-      const { AgentTool } = await import("./agent-tool-JEFUBDZE.js");
+      const { AgentTool } = await import("./agent-tool-MP274HWD.js");
       const executor = new AgentTool(state, events, scopeGuard, approvalGate);
       const result = await executor.execute(input);
       state.recordDelegatedTask({
@@ -12027,6 +12045,9 @@ function hasEvent(processId, eventName) {
     (event) => event.processId === processId && event.event === eventName
   );
 }
+function getLatestEventTimestamp(processId, eventName) {
+  return getProcessEventLog().filter((event) => event.processId === processId && event.event === eventName).reduce((latest, event) => Math.max(latest, event.timestamp), 0);
+}
 function isPtyUpgradeCommand(detail) {
   return detail.includes("pty.spawn(") || detail.includes("import pty; pty.spawn(") || detail.includes("script -qc") || detail.includes("script -q /dev/null -c /bin/bash") || detail.includes("script /dev/null -c bash") || detail.includes("stty raw -echo") || detail.includes("export term=") || detail.includes("export shell=") || detail.includes("stty rows") || detail.includes("stty columns") || detail.includes("tty") || detail.includes("/usr/bin/expect -c") || detail.includes('exec "/bin/bash"');
 }
@@ -12039,6 +12060,11 @@ function isShellStabilized(stdout, commandDetails) {
 function isPostExploitationCommand(detail) {
   return detail.includes("sudo -l") || detail.includes("ip a") || detail.includes("ip route") || detail.includes("ps aux") || detail.includes("ss -tlnp") || detail.includes("netstat -tlnp") || detail.includes("env | grep") || detail.includes("find / -perm -4000") || detail.includes("getcap -r /") || detail.includes("cat /etc/os-release") || detail.includes("uname -a") || detail.includes("whoami && hostname");
 }
+function hasRecentEvent(processId, eventName) {
+  return getProcessEventLog().some(
+    (event) => event.processId === processId && event.event === eventName
+  );
+}
 function getShellSupervisorLifecycleSnapshot() {
   const processes = listBackgroundProcesses().filter(
     (process2) => process2.isRunning && (process2.role === PROCESS_ROLES.ACTIVE_SHELL || process2.role === PROCESS_ROLES.LISTENER)
@@ -12047,7 +12073,9 @@ function getShellSupervisorLifecycleSnapshot() {
   if (activeShell) {
     const output = getProcessOutput(activeShell.id);
     const commandDetails = getRecentCommandDetails(activeShell.id);
-    if (commandDetails.some(isPostExploitationCommand)) {
+    const lastStabilizedAt = getLatestEventTimestamp(activeShell.id, PROCESS_EVENTS.SHELL_STABILIZED);
+    const lastIncompleteAt = getLatestEventTimestamp(activeShell.id, PROCESS_EVENTS.SHELL_STABILITY_INCOMPLETE);
+    if (hasRecentEvent(activeShell.id, PROCESS_EVENTS.POST_EXPLOITATION_ACTIVITY) || commandDetails.some(isPostExploitationCommand)) {
       return {
         phase: "post_exploitation_active",
         activeShellId: activeShell.id,
@@ -12055,13 +12083,20 @@ function getShellSupervisorLifecycleSnapshot() {
       };
     }
     if (hasEvent(activeShell.id, PROCESS_EVENTS.SHELL_STABILIZED) || output && isShellStabilized(output.stdout, commandDetails)) {
+      if (lastIncompleteAt > lastStabilizedAt) {
+        return {
+          phase: "active_shell_stabilizing",
+          activeShellId: activeShell.id,
+          recommendation: `Active shell ${activeShell.id} lost stable PTY confirmation after the last probe. Re-run shell upgrade and verify TERM/TTY quality again before broad enumeration.`
+        };
+      }
       return {
         phase: "active_shell_stabilized",
         activeShellId: activeShell.id,
         recommendation: `Active shell ${activeShell.id} appears stabilized. Reuse it for controlled enumeration and follow-up operations.`
       };
     }
-    if (hasEvent(activeShell.id, PROCESS_EVENTS.SHELL_UPGRADE_ATTEMPTED) || commandDetails.some(isPtyUpgradeCommand)) {
+    if (hasEvent(activeShell.id, PROCESS_EVENTS.SHELL_UPGRADE_ATTEMPTED) || hasRecentEvent(activeShell.id, PROCESS_EVENTS.SHELL_STABILITY_INCOMPLETE) || hasRecentEvent(activeShell.id, PROCESS_EVENTS.SHELL_STABILITY_CHECKED) || commandDetails.some(isPtyUpgradeCommand)) {
       return {
         phase: "active_shell_stabilizing",
         activeShellId: activeShell.id,