pentesting 0.73.3 → 0.73.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +121 -0
- package/dist/{agent-tool-JEFUBDZE.js → agent-tool-6JOB2JB6.js} +3 -3
- package/dist/{chunk-UB7RW6LM.js → chunk-EIPVHHPI.js} +194 -63
- package/dist/chunk-I52SWXYV.js +1122 -0
- package/dist/{chunk-BKWCGMSV.js → chunk-ULP6TF2X.js} +46 -11
- package/dist/main.js +1635 -1005
- package/dist/{persistence-2WKQHGOL.js → persistence-EFKMGPYS.js} +2 -2
- package/dist/{process-registry-QIW7ZIUT.js → process-registry-BI7BKPHN.js} +1 -1
- package/package.json +3 -4
- package/dist/chunk-GLO6TOJN.js +0 -333
|
@@ -53,6 +53,9 @@ import {
|
|
|
53
53
|
getTorBrowserArgs,
|
|
54
54
|
getUsedPorts,
|
|
55
55
|
listBackgroundProcesses,
|
|
56
|
+
llmNodeCooldownPolicy,
|
|
57
|
+
llmNodeOutputParsing,
|
|
58
|
+
llmNodeSystemPrompt,
|
|
56
59
|
promoteToShell,
|
|
57
60
|
readFileContent,
|
|
58
61
|
runCommand,
|
|
@@ -61,7 +64,7 @@ import {
|
|
|
61
64
|
startBackgroundProcess,
|
|
62
65
|
stopBackgroundProcess,
|
|
63
66
|
writeFileContent
|
|
64
|
-
} from "./chunk-
|
|
67
|
+
} from "./chunk-EIPVHHPI.js";
|
|
65
68
|
import {
|
|
66
69
|
DETECTION_PATTERNS,
|
|
67
70
|
HEALTH_CONFIG,
|
|
@@ -74,11 +77,8 @@ import {
|
|
|
74
77
|
SYSTEM_LIMITS,
|
|
75
78
|
__require,
|
|
76
79
|
getProcessEventLog,
|
|
77
|
-
llmNodeCooldownPolicy,
|
|
78
|
-
llmNodeOutputParsing,
|
|
79
|
-
llmNodeSystemPrompt,
|
|
80
80
|
logEvent
|
|
81
|
-
} from "./chunk-
|
|
81
|
+
} from "./chunk-I52SWXYV.js";
|
|
82
82
|
|
|
83
83
|
// src/shared/utils/config/env.ts
|
|
84
84
|
var ENV_KEYS = {
|
|
@@ -2887,7 +2887,7 @@ var CoreAgent = class _CoreAgent {
|
|
|
2887
2887
|
);
|
|
2888
2888
|
return { output: "", toolsExecuted, isCompleted: false };
|
|
2889
2889
|
}
|
|
2890
|
-
// ─── AgentController Methods for Dynamic
|
|
2890
|
+
// ─── AgentController Methods for Dynamic Runtime Pipeline ─────────────────
|
|
2891
2891
|
async runLLMInference(ctx, systemPrompt) {
|
|
2892
2892
|
const iteration = ctx.memory.iteration || 0;
|
|
2893
2893
|
const progress = ctx.memory.progress;
|
|
@@ -3438,14 +3438,28 @@ var shellTools = [
|
|
|
3438
3438
|
["process_id"],
|
|
3439
3439
|
async (params) => {
|
|
3440
3440
|
const processId = params.process_id;
|
|
3441
|
+
const profile = params.profile;
|
|
3441
3442
|
const result = await handleInteractAction(
|
|
3442
3443
|
processId,
|
|
3443
|
-
getShellCheckCommand(
|
|
3444
|
+
getShellCheckCommand(profile),
|
|
3444
3445
|
params.wait_ms
|
|
3445
3446
|
);
|
|
3446
|
-
if (result.success &&
|
|
3447
|
+
if (result.success && profile === "stability") {
|
|
3448
|
+
logEvent(processId, PROCESS_EVENTS.SHELL_STABILITY_CHECKED, "Shell stability probe executed by shell_check");
|
|
3449
|
+
}
|
|
3450
|
+
if (result.success && profile === "stability" && outputLooksStabilized(result.output)) {
|
|
3447
3451
|
logEvent(processId, PROCESS_EVENTS.SHELL_STABILIZED, "Shell stability confirmed by shell_check");
|
|
3448
3452
|
}
|
|
3453
|
+
if (result.success && profile === "stability" && !outputLooksStabilized(result.output)) {
|
|
3454
|
+
logEvent(
|
|
3455
|
+
processId,
|
|
3456
|
+
PROCESS_EVENTS.SHELL_STABILITY_INCOMPLETE,
|
|
3457
|
+
"Shell stability probe did not confirm a stable PTY"
|
|
3458
|
+
);
|
|
3459
|
+
}
|
|
3460
|
+
if (result.success && profile === "post") {
|
|
3461
|
+
logEvent(processId, PROCESS_EVENTS.POST_EXPLOITATION_ACTIVITY, "Post-exploitation probe executed by shell_check");
|
|
3462
|
+
}
|
|
3449
3463
|
return result;
|
|
3450
3464
|
}
|
|
3451
3465
|
),
|
|
@@ -3498,6 +3512,10 @@ var offensiveBoundedTools = [
|
|
|
3498
3512
|
TOOL_NAMES.EXPLOIT_FOOTHOLD_CHECK,
|
|
3499
3513
|
"Run a bounded foothold confirmation probe after an exploit chain appears to land access."
|
|
3500
3514
|
),
|
|
3515
|
+
createBoundedCommandTool(
|
|
3516
|
+
TOOL_NAMES.EXPLOIT_VECTOR_CHECK,
|
|
3517
|
+
"Run a bounded exploit vector reachability or service confirmation probe before changing vectors."
|
|
3518
|
+
),
|
|
3501
3519
|
createBoundedCommandTool(
|
|
3502
3520
|
TOOL_NAMES.PWN_CRASH_REPRO,
|
|
3503
3521
|
"Run a bounded pwn crash reproduction command from the preserved crash state."
|
|
@@ -11879,7 +11897,7 @@ After completion: record key loot/findings from the sub-agent output to canonica
|
|
|
11879
11897
|
workerType: params["worker_type"],
|
|
11880
11898
|
resumeTaskId: params["resume_task_id"]
|
|
11881
11899
|
};
|
|
11882
|
-
const { AgentTool } = await import("./agent-tool-
|
|
11900
|
+
const { AgentTool } = await import("./agent-tool-6JOB2JB6.js");
|
|
11883
11901
|
const executor = new AgentTool(state, events, scopeGuard, approvalGate);
|
|
11884
11902
|
const result = await executor.execute(input);
|
|
11885
11903
|
state.recordDelegatedTask({
|
|
@@ -12027,6 +12045,9 @@ function hasEvent(processId, eventName) {
|
|
|
12027
12045
|
(event) => event.processId === processId && event.event === eventName
|
|
12028
12046
|
);
|
|
12029
12047
|
}
|
|
12048
|
+
function getLatestEventTimestamp(processId, eventName) {
|
|
12049
|
+
return getProcessEventLog().filter((event) => event.processId === processId && event.event === eventName).reduce((latest, event) => Math.max(latest, event.timestamp), 0);
|
|
12050
|
+
}
|
|
12030
12051
|
function isPtyUpgradeCommand(detail) {
|
|
12031
12052
|
return detail.includes("pty.spawn(") || detail.includes("import pty; pty.spawn(") || detail.includes("script -qc") || detail.includes("script -q /dev/null -c /bin/bash") || detail.includes("script /dev/null -c bash") || detail.includes("stty raw -echo") || detail.includes("export term=") || detail.includes("export shell=") || detail.includes("stty rows") || detail.includes("stty columns") || detail.includes("tty") || detail.includes("/usr/bin/expect -c") || detail.includes('exec "/bin/bash"');
|
|
12032
12053
|
}
|
|
@@ -12039,6 +12060,11 @@ function isShellStabilized(stdout, commandDetails) {
|
|
|
12039
12060
|
function isPostExploitationCommand(detail) {
|
|
12040
12061
|
return detail.includes("sudo -l") || detail.includes("ip a") || detail.includes("ip route") || detail.includes("ps aux") || detail.includes("ss -tlnp") || detail.includes("netstat -tlnp") || detail.includes("env | grep") || detail.includes("find / -perm -4000") || detail.includes("getcap -r /") || detail.includes("cat /etc/os-release") || detail.includes("uname -a") || detail.includes("whoami && hostname");
|
|
12041
12062
|
}
|
|
12063
|
+
function hasRecentEvent(processId, eventName) {
|
|
12064
|
+
return getProcessEventLog().some(
|
|
12065
|
+
(event) => event.processId === processId && event.event === eventName
|
|
12066
|
+
);
|
|
12067
|
+
}
|
|
12042
12068
|
function getShellSupervisorLifecycleSnapshot() {
|
|
12043
12069
|
const processes = listBackgroundProcesses().filter(
|
|
12044
12070
|
(process2) => process2.isRunning && (process2.role === PROCESS_ROLES.ACTIVE_SHELL || process2.role === PROCESS_ROLES.LISTENER)
|
|
@@ -12047,7 +12073,9 @@ function getShellSupervisorLifecycleSnapshot() {
|
|
|
12047
12073
|
if (activeShell) {
|
|
12048
12074
|
const output = getProcessOutput(activeShell.id);
|
|
12049
12075
|
const commandDetails = getRecentCommandDetails(activeShell.id);
|
|
12050
|
-
|
|
12076
|
+
const lastStabilizedAt = getLatestEventTimestamp(activeShell.id, PROCESS_EVENTS.SHELL_STABILIZED);
|
|
12077
|
+
const lastIncompleteAt = getLatestEventTimestamp(activeShell.id, PROCESS_EVENTS.SHELL_STABILITY_INCOMPLETE);
|
|
12078
|
+
if (hasRecentEvent(activeShell.id, PROCESS_EVENTS.POST_EXPLOITATION_ACTIVITY) || commandDetails.some(isPostExploitationCommand)) {
|
|
12051
12079
|
return {
|
|
12052
12080
|
phase: "post_exploitation_active",
|
|
12053
12081
|
activeShellId: activeShell.id,
|
|
@@ -12055,13 +12083,20 @@ function getShellSupervisorLifecycleSnapshot() {
|
|
|
12055
12083
|
};
|
|
12056
12084
|
}
|
|
12057
12085
|
if (hasEvent(activeShell.id, PROCESS_EVENTS.SHELL_STABILIZED) || output && isShellStabilized(output.stdout, commandDetails)) {
|
|
12086
|
+
if (lastIncompleteAt > lastStabilizedAt) {
|
|
12087
|
+
return {
|
|
12088
|
+
phase: "active_shell_stabilizing",
|
|
12089
|
+
activeShellId: activeShell.id,
|
|
12090
|
+
recommendation: `Active shell ${activeShell.id} lost stable PTY confirmation after the last probe. Re-run shell upgrade and verify TERM/TTY quality again before broad enumeration.`
|
|
12091
|
+
};
|
|
12092
|
+
}
|
|
12058
12093
|
return {
|
|
12059
12094
|
phase: "active_shell_stabilized",
|
|
12060
12095
|
activeShellId: activeShell.id,
|
|
12061
12096
|
recommendation: `Active shell ${activeShell.id} appears stabilized. Reuse it for controlled enumeration and follow-up operations.`
|
|
12062
12097
|
};
|
|
12063
12098
|
}
|
|
12064
|
-
if (hasEvent(activeShell.id, PROCESS_EVENTS.SHELL_UPGRADE_ATTEMPTED) || commandDetails.some(isPtyUpgradeCommand)) {
|
|
12099
|
+
if (hasEvent(activeShell.id, PROCESS_EVENTS.SHELL_UPGRADE_ATTEMPTED) || hasRecentEvent(activeShell.id, PROCESS_EVENTS.SHELL_STABILITY_INCOMPLETE) || hasRecentEvent(activeShell.id, PROCESS_EVENTS.SHELL_STABILITY_CHECKED) || commandDetails.some(isPtyUpgradeCommand)) {
|
|
12065
12100
|
return {
|
|
12066
12101
|
phase: "active_shell_stabilizing",
|
|
12067
12102
|
activeShellId: activeShell.id,
|