pentesting 0.8.44 → 0.12.3

package/README.md

@@ -1,185 +1,88 @@
 <div align="center">
 
 ```
-   ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗██╗███╗   ██╗ ██████╗ 
-   ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║████╗  ██║██╔════╝ 
-   ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   ██║██╔██╗ ██║██║  ███╗
-   ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██║██║╚██╗██║██║   ██║
-   ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ██║██║ ╚████║╚██████╔╝
-   ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚═╝╚═╝  ╚═══╝ ╚═════╝ 
+  ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗██╗███╗   ██╗ ██████╗ 
+  ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝██║████╗  ██║██╔════╝ 
+  ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   ██║██╔██╗ ██║██║  ███╗
+  ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ██║██║╚██╗██║██║   ██║
+  ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ██║██║ ╚████║╚██████╔╝
+  ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ╚═╝╚═╝  ╚═══╝ ╚═════╝ 
+  ────────────────────────────────────────────────────────────────────────────────
+                  A U T O N O M O U S   S E C U R I T Y   A G E N T
 ```
 
-**Autonomous AI Penetration Testing Agent**
+**v0.12.0 | Multi-Agent System | 50+ Security Tools**
 
-[![npm version](https://badge.fury.io/js/pentesting.svg)](https://www.npmjs.com/package/pentesting)
-[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![npm](https://img.shields.io/badge/npm-pentesting-red)](https://www.npmjs.org/package/pentesting)
+[![Docker](https://img.shields.io/badge/docker-agnusdei1207%2Fpentesting-red)](https://hub.docker.com/r/agnusdei1207/pentesting)
+[![License: MIT](https://img.shields.io/badge/License-MIT-red.svg)](https://opensource.org/licenses/MIT)
 
 </div>
 
 ---
 
-## Philosophy
-
-> **Think → Plan → Collaborate → Execute → Reflect → Adapt**
-
-Pentesting is not just a tool execution agent. It aims for **AGI-level autonomous thinking**:
-
-- 🧠 **Autonomous Decision** - Decide and act without asking the user
-- 🎯 **BFS First** - Breadth over depth, map the attack surface first
-- 🤝 **Agent Collaboration** - 9 specialist agents share knowledge and collaborate
-- 🔄 **Continuous Reflection** - Learn from failures and adjust strategy
-- 💾 **Shared Memory** - All agents share discoveries
-
----
-
 ## Quick Start
 
 ```bash
-# Docker required for security tools
 npm install -g pentesting
 
-# Set API key
 export PENTEST_API_KEY="your_api_key"
 
-# Optional: Custom API endpoint
-export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"   
-export PENTEST_MODEL="glm-4.7"                       
+# Optional: Custom LLM endpoint
+export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
+export PENTEST_MODEL="glm-4-plus"
 
 pentesting
 ```
 
----
-
-## Architecture
-
-```
-┌─────────────────────────────────────────────────────────────┐
-│                    SUPERVISOR AGENT                          │
-│              (Task Planning & Coordination)                  │
-└─────────────────────────────────────────────────────────────┘
-                            │
-                            ▼
-┌─────────────────────────────────────────────────────────────┐
-│                     SHARED MEMORY                            │
-│     Short-Term │ Long-Term │ Episodic │ Attack Surface      │
-└─────────────────────────────────────────────────────────────┘
-                            │
-        ┌───────────────────┼───────────────────┐
-        ▼                   ▼                   ▼
-┌───────────────┐   ┌───────────────┐   ┌───────────────┐
-│target-explorer│   │exploit-research│   │ privesc-master │
-│   web-hacker  │   │ crypto-solver │   │forensics-analyst│
-│reverse-engineer│  │attack-architect│  │finding-reviewer│
-└───────────────┘   └───────────────┘   └───────────────┘
+**Docker:**
+```bash
+docker run -it --rm -e PENTEST_API_KEY="your_key" agnusdei1207/pentesting:latest
 ```
 
-### Core Components
-
-| Component | Role |
-|-----------|------|
-| **Supervisor Agent** | Task planning, agent selection, strategy adjustment |
-| **Shared Memory** | Cross-agent context sharing, failure recording |
-| **9 Specialists** | Domain expert agents |
-| **Orchestrator** | Parallel execution, result consolidation |
-
 ---
 
-## Features
-
-- **Multi-Agent Orchestration** - 9 specialist agents collaborate
-- **Shared Memory System** - Cross-agent knowledge sharing
-- **Strategic Planning** - BFS-based attack surface mapping
-- **Self-Reflection** - Auto strategy change when stuck
-- **Handoff Protocol** - Context transfer between agents
-- **80%+ Confidence Filter** - Report only high-confidence findings
-- **50+ Security Tools** - nmap, sqlmap, gobuster, hydra...
-
----
+## Core Features
 
-## Environment Variables
-
-| Variable | Required | Default | Description |
-|----------|----------|---------|-------------|
-| `PENTEST_API_KEY` | ✅ | - | API key |
-| `PENTEST_BASE_URL` | | - | Custom API endpoint |
-| `PENTEST_MODEL` | | `claude-sonnet-4-20250514` | LLM model |
-| `PENTEST_MAX_TOKENS` | | `16384` | Max response tokens |
-
----
-
-## Commands
-
-| Command | Description |
+| Feature | Description |
 |---------|-------------|
-| `/target <ip>` | Set target |
-| `/start [objective]` | Start autonomous pentest |
-| `/agent <name>` | Switch to specialist agent |
-| `/plan` | Show current attack plan |
-| `/memory` | Show shared memory state |
-| `/findings` | Show findings |
-| `/status` | Status |
-| `/yolo` | Toggle auto-approve |
-| `/help` | Help |
+| **Multi-Agent System** | 5 specialist agents (Recon, Web, Exploit, PrivEsc, Lateral) |
+| **Autonomous Orchestration** | Strategic planning, self-diagnostics, quality gates |
+| **50+ Security Tools** | nmap, sqlmap, ffuf, gobuster, hydra, metasploit... |
+| **CTF Research** | Writeup search (0xdf, IppSec), scenario-based research |
+| **Audit & Safety** | Tool execution logging, risk scoring, approval system |
 
 ---
 
-## Specialized Agents
-
-| Agent | Specialty |
-|-------|-----------|
-| `target-explorer` | Recon, OSINT, Enumeration |
-| `exploit-researcher` | CVE, Exploit Development |
-| `privesc-master` | Linux/Windows Privilege Escalation |
-| `web-hacker` | Web Vulnerabilities, Injection |
-| `crypto-solver` | Hash Cracking, Cryptography |
-| `forensics-analyst` | Memory/File Analysis |
-| `reverse-engineer` | Binary Analysis, PWN |
-| `attack-architect` | Strategy, Attack Chains |
-| `finding-reviewer` | Validation, Confidence Scoring |
-
----
+## TUI Commands
 
-## Programmatic Usage
-
-```typescript
-import { 
-    getSupervisor, 
-    getAgentMemory, 
-    AutonomousHackingAgent 
-} from 'pentesting';
-
-// High-level: Supervisor orchestration
-const supervisor = getSupervisor();
-const plan = await supervisor.createPlan('Get root access', '10.10.10.5');
-const findings = await supervisor.executePlan();
-
-// Direct agent usage
-const agent = new AutonomousHackingAgent();
-await agent.start('Enumerate web application', 'http://target.com');
+```
+/target <ip>      Set target
+/start            Start autonomous pentest
+/research <box>   Search writeups & exploits  
+/findings         Show findings
+/yolo             Toggle auto-approve
+/help             Show all commands
 ```
 
 ---
 
-## Documentation
+## Environment
 
-- [Architecture](docs/architecture.md) - System architecture details
-- [API Reference](docs/api-reference.md) - Programming interface
-- [Troubleshooting](docs/troubleshooting.md) - Problem solving
+| Variable | Description |
+|----------|-------------|
+| `PENTEST_API_KEY` | API key (required) |
+| `PENTEST_BASE_URL` | Custom API endpoint |
+| `PENTEST_MODEL` | LLM model (default: claude-sonnet-4-20250514) |
 
 ---
 
-## Design Principles
+## Documentation
 
-1. **BFS Over DFS** - Map attack surface completely first
-2. **Fail Fast, Pivot Quick** - Switch to alternative after 3 attempts
-3. **Shared Context** - All agents share discoveries
-4. **Confidence-Based** - Prioritize high-confidence findings
-5. **AGI-like Autonomy** - Decide without asking
+- **[ARCHITECTURE.md](docs/ARCHITECTURE.md)** - System architecture
 
 ---
 
 ## License
 
-MIT
-
-⚠️ **For authorized security testing only.**
+MIT | ⚠️ **For authorized security testing and CTF competitions only.**

package/dist/{auto-update-RJK3Y5UW.js → auto-update-GKO64QMO.js}

@@ -8,8 +8,8 @@ import {
   readVersionCache,
   semverTuple,
   writeVersionCache
-} from "./chunk-TTQCHK5V.js";
-import "./chunk-UCB4BWTB.js";
+} from "./chunk-M5JWJSPW.js";
+import "./chunk-JXR7HH4V.js";
 import "./chunk-3RG5ZIWI.js";
 export {
   checkForUpdate,

package/dist/{chunk-UCB4BWTB.js → chunk-JXR7HH4V.js}

@@ -111,11 +111,16 @@ var TOOL_NAME = {
   // Network - Basic Connectivity
   PING: "ping",
   TRACEROUTE: "traceroute",
+  MTR: "mtr",
   RUSTSCAN: "rustscan",
   NMAP_SCAN: "nmap_scan",
   MASSCAN: "masscan",
   TCPDUMP_CAPTURE: "tcpdump_capture",
+  TSHARK: "tshark",
+  NGREP: "ngrep",
+  ARP_SCAN: "arp_scan",
   NETCAT: "netcat",
+  SOCAT: "socat",
   // DNS & Subdomain
   DIG: "dig",
   HOST: "host",
@@ -124,6 +129,8 @@ var TOOL_NAME = {
   SUBFINDER: "subfinder",
   AMASS: "amass",
   DNSENUM: "dnsenum",
+  DNSRECON: "dnsrecon",
+  DNSMAP: "dnsmap",
   ZONE_TRANSFER: "zone_transfer",
   // Service Enumeration
   SNMP_WALK: "snmp_walk",
@@ -141,10 +148,15 @@ var TOOL_NAME = {
   NUCLEI: "nuclei",
   NIKTO: "nikto",
   FFUF: "ffuf",
+  GOBUSTER: "gobuster",
+  DIRB: "dirb",
   FEROXBUSTER: "feroxbuster",
   WAYBACKURLS: "waybackurls",
+  WAFW00F: "wafw00f",
+  GOWITNESS: "gowitness",
   // Windows/SMB/AD
   SMB_ENUM: "smb_enum",
+  SMBMAP: "smbmap",
   ENUM4LINUX: "enum4linux",
   CRACKMAPEXEC: "crackmapexec",
   SMBCLIENT: "smbclient",
@@ -172,16 +184,47 @@ var TOOL_NAME = {
   // Credential
   BRUTEFORCE_LOGIN: "bruteforce_login",
   CRACK_HASH: "crack_hash",
+  JOHN: "john",
+  HASHCAT: "hashcat",
+  HASHID: "hashid",
   DUMP_CREDENTIALS: "dump_credentials",
   HYDRA: "hydra",
+  MEDUSA: "medusa",
   // Privilege Escalation
   CHECK_SUDO: "check_sudo",
   FIND_SUID: "find_suid",
   RUN_PRIVESC_ENUM: "run_privesc_enum",
-  // Post-Exploitation
+  // Post-Exploitation & Tunneling
+  SSH: "ssh",
+  SSH_KEYGEN: "ssh_keygen",
   SETUP_TUNNEL: "setup_tunnel",
+  CHISEL: "chisel",
+  PROXYCHAINS: "proxychains",
   LATERAL_MOVEMENT: "lateral_movement",
   REVERSE_SHELL: "reverse_shell",
+  // Listener & Payload Delivery
+  NC_LISTENER: "nc_listener",
+  PYTHON_HTTP_SERVER: "python_http_server",
+  MSFVENOM: "msfvenom",
+  RLWRAP: "rlwrap",
+  PWNCAT: "pwncat",
+  // Forensics
+  BINWALK: "binwalk",
+  FOREMOST: "foremost",
+  STEGHIDE: "steghide",
+  EXIFTOOL: "exiftool",
+  // Reversing
+  GDB: "gdb",
+  RADARE2: "radare2",
+  // Impacket Tools
+  IMPACKET_SECRETSDUMP: "impacket_secretsdump",
+  IMPACKET_PSEXEC: "impacket_psexec",
+  IMPACKET_WMIEXEC: "impacket_wmiexec",
+  IMPACKET_SMBEXEC: "impacket_smbexec",
+  IMPACKET_ATEXEC: "impacket_atexec",
+  IMPACKET_DCOMEXEC: "impacket_dcomexec",
+  IMPACKET_GETNPUSERS: "impacket_getnpusers",
+  IMPACKET_GETUSERSPNS: "impacket_getuserspns",
   // Reporting
   REPORT_FINDING: "report_finding",
   TAKE_SCREENSHOT: "take_screenshot"
@@ -198,7 +241,7 @@ var SENSITIVE_TOOLS = [
 
 // src/config/constants.ts
 import { createRequire } from "module";
-var pkgVersion = "0.8.0";
+var pkgVersion = "0.12.0";
 try {
   const require2 = createRequire(import.meta.url);
   const pkg = require2("../../package.json");

package/dist/{chunk-TTQCHK5V.js → chunk-M5JWJSPW.js}

@@ -1,7 +1,7 @@
 import {
   APP_NAME,
   APP_VERSION
-} from "./chunk-UCB4BWTB.js";
+} from "./chunk-JXR7HH4V.js";
 
 // src/core/update/auto-update.ts
 import { execSync } from "child_process";