npm - sicario-red-team - Versions diffs - 0.1.0 → 0.1.2 - Mend

sicario-red-team 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src-cli/commands/hit.js +69 -25
package/src-cli/nodes/breacher.js +34 -20

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sicario-red-team",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Autonomous Agentic Red-Teaming Swarm Protocol",
   "type": "module",
   "files": [

package/src-cli/commands/hit.js CHANGED Viewed

@@ -76,48 +76,92 @@ export async function hitCommand(target, options) {
         // 5. [Breacher] Analysis
         log.step('[Breacher] : Analyzing DOM for logic flaws via Cerebras...');
         if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: 'Analyzing DOM for logic flaws via Cerebras...' });
         try {
-            breachReport = await runBreacher(elements);
-            log.success('[Breacher] : Analysis complete.');
-            if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: 'Analysis complete.' });
+            let breachReports = [];
+            if (options.swarm) {
+                log.info(pc.magenta('🛸 [System] : Deploying Specialized Task Force Swarm...'));
+                const results = await Promise.all([
+                    runBreacher(elements, 'ACCOUNTANT'),
+                    runBreacher(elements, 'ADMIN'),
+                    runBreacher(elements, 'CHAOS_MONKEY')
+                ]);
+                breachReports = results.filter(r => r.vulnerabilityFound);
+            } else {
+                const singleReport = await runBreacher(elements);
+                if (singleReport.vulnerabilityFound) breachReports.push(singleReport);
+            }
-            if (breachReport.vulnerabilityFound) {
-                console.log('\n' + theme.exploit(`${breachReport.title} locked on ${breachReport.targetElement}`));
-                console.log(pc.red(`Vector: ${breachReport.vector}`));
-                console.log(pc.red(`Severity: ${breachReport.severity}\n`));
+            log.success(`[Breacher] : Analysis complete. ${breachReports.length} vulnerabilities isolated.`);
+            if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: `Analysis complete. Found ${breachReports.length} vectors.` });
+            for (const breachReport of breachReports) {
+                // 6. Sanitization Layer (The Anti-Crash Upgrade)
+                const sanitize = (raw) => ({
+                    title: raw.title || "Unknown Logic Flaw",
+                    vector: raw.vector || "Vector analysis inconclusive.",
+                    severity: raw.severity || "MEDIUM",
+                    targetElement: raw.targetElement || "General DOM Context",
+                    mitigation: raw.mitigation || "Implement standard server-side validation guards.",
+                    thoughtProcess: raw.thoughtProcess || "Reasoning engine offline."
+                });
+                const clean = sanitize(breachReport);
+                console.log('\n' + theme.exploit(`${clean.title} locked on ${clean.targetElement}`));
+                console.log(pc.red(`Vector: ${clean.vector}`));
+                console.log(pc.red(`Severity: ${clean.severity}\n`));
                 if (client && missionId) {
                     await client.mutation('handler:logExploit', {
                         missionId,
-                        title: breachReport.title,
-                        vector: breachReport.vector,
-                        severity: breachReport.severity,
-                        target: breachReport.targetElement,
-                        mitigation: breachReport.mitigation // Ensure backend supports this
+                        ...clean
                     });
                 }
-                if (breachReport.mitigation) {
-                    note(pc.cyan(breachReport.mitigation), 'FIX RECOMMENDATION');
+                const mitigation = clean.mitigation;
+                const thoughtProcess = clean.thoughtProcess;
+                if (clean.mitigation) {
+                    const boxWidth = 60;
+                    const wrap = (str, width) => str.match(new RegExp(`.{1,${width}}(\\s|$)`, 'g')) || [str];
+                    const drawBoxRow = (content, width) => `│ ${content.trim().padEnd(width - 4)} │`;
+                    const thoughtLines = wrap(thoughtProcess, boxWidth - 4);
+                    const mitLines = wrap(mitigation, boxWidth - 4);
+                    console.log(pc.cyan(`◇  SICARIO REASONING [${breachReport.title}] ${'─'.repeat(boxWidth - 21 - breachReport.title.length)}╮`));
+                    thoughtLines.forEach(line => console.log(pc.cyan(drawBoxRow(line, boxWidth))));
+                    console.log(pc.cyan(`├${'─'.repeat(boxWidth - 2)}┤`));
+                    console.log(pc.cyan(`│ ${pc.bold('FIX RECOMMENDATION').padEnd(boxWidth - 4)} │`));
+                    mitLines.forEach(line => console.log(pc.cyan(drawBoxRow(line, boxWidth))));
+                    console.log(pc.cyan(`├${'─'.repeat(boxWidth - 2)}╯`) + '\n');
                 }
-            } else {
+            }
+            if (breachReports.length === 0) {
                 log.info(theme.dim('No high-value business logic targets identified.'));
             }
+            // 6. Mission Dossier
+            const summaryLines = [
+                `${theme.dim('Target')}           ${theme.bold(finalTarget)}`,
+                `${theme.dim('Nodes Recalled')}   ${theme.bold(options.swarm ? '5 (Scout, Ghost, Accountant, Admin, Chaos)' : '3 (Scout, Ghost, Breacher)')}`,
+                `${theme.dim('Breaches Found')}    ${breachReports.length > 0 ? pc.red(pc.bold(breachReports.length)) : theme.bold('0')}`,
+                `${theme.dim('Status')}           ${theme.success('MISSION SUCCESSFUL')}`
+            ];
+            console.log(pc.green('\n┌  MISSION DOSSIER ───────────────────────────────────────╮'));
+            summaryLines.forEach(line => console.log(pc.green(`│  ${line.padEnd(54)} │`)));
+            console.log(pc.green(`└  Mission complete. Trace extraction successful.          ╯`));
         } catch (error) {
             log.error('[Breacher] : Analysis node failure.');
             log.error(error.message);
         }
-        // 6. Mission Dossier
-        const summaryLines = [
-            `${theme.dim('Target')}           ${theme.bold(finalTarget)}`,
-            `${theme.dim('Nodes Recalled')}   ${theme.bold('3 (Scout, Ghost, Breacher)')}`,
-            `${theme.dim('Breaches Found')}    ${breachReport.vulnerabilityFound ? pc.red(pc.bold('1')) : theme.bold('0')}`,
-            `${theme.dim('Status')}           ${theme.success('MISSION SUCCESSFUL')}`
-        ];
-        note(summaryLines.join('\n'), 'MISSION DOSSIER');
     } catch (error) {
         log.error(`Mission failed: ${error.message}`);
     } finally {

package/src-cli/nodes/breacher.js CHANGED Viewed

@@ -1,41 +1,55 @@
 import Cerebras from '@cerebras/cerebras_cloud_sdk';
 import 'dotenv/config';
+const PERSONAS = {
+    ACCOUNTANT: `
+        You are 'The Accountant' node. Your primary focus is on financial logic, pricing, and quantities.
+        Look for: Negative value injections, Scientific notation (1e10) bypasses, Currency-decimal manipulation, and Action Limit overruns in financial flows.
+    `,
+    ADMIN: `
+        You are 'The Admin' node. Your focus is on Privilege Escalation and Access Control.
+        Look for: Hidden /admin navigation links, accessible settings panels meant for high-privilege users, IDOR vectors in the DOM structure, and authentication bypass hints.
+    `,
+    CHAOS_MONKEY: `
+        You are 'The Chaos Monkey'. Your focus is on Input Resilience and Error Handling bypasses.
+        Look for: Fields that lack character limits, unhandled edge-case inputs (emojis, 1GB strings), and state-manipulation vectors that could lead to crashes or unhandled server-side exceptions.
+    `
+};
 /**
- * Breacher Node: Analyzes interactive elements for OWASP Business Logic Abuse vectors.
- * Uses Cerebras AI to hypothesize vulnerabilities.
- * @param {Array} domElements - Array of extracted DOM elements.
+ * Breacher Node: Analyzes the context and attempts to identify business logic flaws.
+ * @param {Array} elements - Array of extracted DOM elements.
+ * @param {string} [personaType='GENERAL'] - The type of persona to use (e.g., 'ACCOUNTANT', 'ADMIN', 'CHAOS_MONKEY', or 'GENERAL').
  * @returns {Promise<Object>} - A strict JSON report of findings.
  */
-export async function runBreacher(domElements) {
+export async function runBreacher(elements, personaType = 'GENERAL') {
     const client = new Cerebras({
         apiKey: process.env.CEREBRAS_API_KEY,
     });
-    const systemPrompt = `
-You are 'The Breacher', an elite, autonomous SecOps AI. Your sole objective is to analyze a JSON array of web elements (DOM) and identify critical OWASP Business Logic vulnerabilities.
+    const personaContext = PERSONAS[personaType] || "Evaluate the DOM for general business logic vulnerabilities.";
-### YOUR RULES OF ENGAGEMENT:
-1. FOCUS ONLY ON BUSINESS LOGIC: Look for vectors allowing Action Limit Overruns (using coupons multiple times), Concurrent Workflow Bypassing (skipping checkout steps), or Price/State Manipulation.
-2. NO BASIC FLAWS: DO NOT report standard XSS, SQLi, or CSRF vulnerabilities.
-3. GROUNDED REALITY: You may only formulate an attack if the specific elements required (e.g., a checkout button, a promo code input) exist in the provided JSON array.
-4. ZERO HALLUCINATIONS: If the DOM array does not contain high-value business logic targets (e.g., it is just a simple blog or static page), you MUST report no vulnerabilities.
+    const systemPrompt = `
+You are a specialized node in the Sicario Autonomous Swarm.
+${personaContext}
-### MANDATORY OUTPUT FORMAT:
-You must respond ONLY with a valid, raw JSON object. Do not include markdown formatting, conversational text, or explanations outside the JSON structure.
+### PHASE 1: REASONING (THINK OUT LOUD)
+Before providing JSON, analyze the DOM elements according to your specific persona.
-Use this exact schema:
+### PHASE 2: DATA STRUCTURE
+Return a VALID JSON object. DO NOT use "null".
 {
   "vulnerabilityFound": boolean,
-  "title": string | null,
-  "targetElement": string | null, // The ID or Name of the exploited element
-  "vector": string | null, // A strict, 1-sentence technical explanation of the logic flaw
-  "severity": "LOW" | "MEDIUM" | "HIGH" | "CRITICAL" | null,
-  "mitigation": string | null // A brief, 2-sentence technical recommendation for fixing the logic flaw
+  "thoughtProcess": "Your specialized step-by-step reasoning",
+  "title": "Persona-specific flaw name",
+  "vector": "Technical path",
+  "severity": "LOW|MEDIUM|HIGH|CRITICAL",
+  "targetElement": "CSS selector or name",
+  "mitigation": "Code-level fix"
 }
 `;
-    const userPrompt = `DOM Elements: ${JSON.stringify(domElements)}`;
+    const userPrompt = `DOM Elements: ${JSON.stringify(elements)}`;
     try {
         const completion = await client.chat.completions.create({