sicario-red-team 0.1.1 → 0.1.3

package/bin/sicario.js

@@ -28,7 +28,7 @@ const program = new Command();
 program
   .name('sicario')
   .description('Autonomous Agentic Red-Teaming Swarm Protocol')
-  .version('0.1.0');
+  .version('0.1.3');
 
 // Use a more robust way to import the command logic relative to this file
 const hitCommandPath = pathToFileURL(path.join(__dirname, '../src-cli/commands/hit.js')).href;
@@ -36,12 +36,12 @@ const hitCommandPath = pathToFileURL(path.join(__dirname, '../src-cli/commands/h
 program
   .command('hit')
   .description('Launch an autonomous swarm attack on a target')
-  .option('-t, --target <url>', 'Target URL')
-  .option('-a, --agents <number>', 'Number of agents to deploy', (val) => parseInt(val), 3)
-  .option('-d, --debug', 'Enable verbose debug logging', false)
+  .argument('<target>', 'Target URL')
+  .option('--swarm', 'Deploy multiple specialized nodes in parallel')
   .option('--auth <string>', 'Session token or cookie string for authenticated scans')
-  .action(async (options) => {
+  .action(async (target, options) => {
     try {
+      options.target = target;
       // API Key Check & Viral Hook
       let apiKey = process.env.CEREBRAS_API_KEY || getApiKey();
       

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sicario-red-team",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Autonomous Agentic Red-Teaming Swarm Protocol",
   "type": "module",
   "files": [

package/src-cli/commands/hit.js

@@ -76,12 +76,27 @@ export async function hitCommand(target, options) {
         // 5. [Breacher] Analysis
         log.step('[Breacher] : Analyzing DOM for logic flaws via Cerebras...');
         if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: 'Analyzing DOM for logic flaws via Cerebras...' });
+        
         try {
-            breachReport = await runBreacher(elements);
-            log.success('[Breacher] : Analysis complete.');
-            if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: 'Analysis complete.' });
+            let breachReports = [];
+            
+            if (options.swarm) {
+                log.info(pc.magenta('🛸 [System] : Deploying Specialized Task Force Swarm...'));
+                const results = await Promise.all([
+                    runBreacher(elements, 'ACCOUNTANT'),
+                    runBreacher(elements, 'ADMIN'),
+                    runBreacher(elements, 'CHAOS_MONKEY')
+                ]);
+                breachReports = results.filter(r => r.vulnerabilityFound);
+            } else {
+                const singleReport = await runBreacher(elements);
+                if (singleReport.vulnerabilityFound) breachReports.push(singleReport);
+            }
 
-            if (breachReport.vulnerabilityFound) {
+            log.success(`[Breacher] : Analysis complete. ${breachReports.length} vulnerabilities isolated.`);
+            if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Breacher', message: `Analysis complete. Found ${breachReports.length} vectors.` });
+
+            for (const breachReport of breachReports) {
                 // 6. Sanitization Layer (The Anti-Crash Upgrade)
                 const sanitize = (raw) => ({
                     title: raw.title || "Unknown Logic Flaw",
@@ -117,31 +132,36 @@ export async function hitCommand(target, options) {
                     const thoughtLines = wrap(thoughtProcess, boxWidth - 4);
                     const mitLines = wrap(mitigation, boxWidth - 4);
                     
-                    console.log('\n' + pc.cyan(`◇  SICARIO REASONING ${'─'.repeat(boxWidth - 21)}╮`));
+                    console.log(pc.cyan(`◇  SICARIO REASONING [${breachReport.title}] ${'─'.repeat(boxWidth - 21 - breachReport.title.length)}╮`));
                     thoughtLines.forEach(line => console.log(pc.cyan(drawBoxRow(line, boxWidth))));
                     console.log(pc.cyan(`├${'─'.repeat(boxWidth - 2)}┤`));
                     console.log(pc.cyan(`│ ${pc.bold('FIX RECOMMENDATION').padEnd(boxWidth - 4)} │`));
                     mitLines.forEach(line => console.log(pc.cyan(drawBoxRow(line, boxWidth))));
                     console.log(pc.cyan(`├${'─'.repeat(boxWidth - 2)}╯`) + '\n');
                 }
-            } else {
+            }
+            
+            if (breachReports.length === 0) {
                 log.info(theme.dim('No high-value business logic targets identified.'));
             }
+
+            // 6. Mission Dossier
+            const summaryLines = [
+                `${theme.dim('Target')}           ${theme.bold(finalTarget)}`,
+                `${theme.dim('Nodes Recalled')}   ${theme.bold(options.swarm ? '5 (Scout, Ghost, Accountant, Admin, Chaos)' : '3 (Scout, Ghost, Breacher)')}`,
+                `${theme.dim('Breaches Found')}    ${breachReports.length > 0 ? pc.red(pc.bold(breachReports.length)) : theme.bold('0')}`,
+                `${theme.dim('Status')}           ${theme.success('MISSION SUCCESSFUL')}`
+            ];
+
+            console.log(pc.green('\n┌  MISSION DOSSIER ───────────────────────────────────────╮'));
+            summaryLines.forEach(line => console.log(pc.green(`│  ${line.padEnd(54)} │`)));
+            console.log(pc.green(`└  Mission complete. Trace extraction successful.          ╯`));
+
         } catch (error) {
             log.error('[Breacher] : Analysis node failure.');
             log.error(error.message);
         }
 
-        // 6. Mission Dossier
-        const summaryLines = [
-            `${theme.dim('Target')}           ${theme.bold(finalTarget)}`,
-            `${theme.dim('Nodes Recalled')}   ${theme.bold('3 (Scout, Ghost, Breacher)')}`,
-            `${theme.dim('Breaches Found')}    ${breachReport.vulnerabilityFound ? pc.red(pc.bold('1')) : theme.bold('0')}`,
-            `${theme.dim('Status')}           ${theme.success('MISSION SUCCESSFUL')}`
-        ];
-
-        note(summaryLines.join('\n'), 'MISSION DOSSIER');
-
     } catch (error) {
         log.error(`Mission failed: ${error.message}`);
     } finally {

package/src-cli/nodes/breacher.js

@@ -1,38 +1,55 @@
 import Cerebras from '@cerebras/cerebras_cloud_sdk';
 import 'dotenv/config';
 
+const PERSONAS = {
+    ACCOUNTANT: `
+        You are 'The Accountant' node. Your primary focus is on financial logic, pricing, and quantities.
+        Look for: Negative value injections, Scientific notation (1e10) bypasses, Currency-decimal manipulation, and Action Limit overruns in financial flows.
+    `,
+    ADMIN: `
+        You are 'The Admin' node. Your focus is on Privilege Escalation and Access Control.
+        Look for: Hidden /admin navigation links, accessible settings panels meant for high-privilege users, IDOR vectors in the DOM structure, and authentication bypass hints.
+    `,
+    CHAOS_MONKEY: `
+        You are 'The Chaos Monkey'. Your focus is on Input Resilience and Error Handling bypasses.
+        Look for: Fields that lack character limits, unhandled edge-case inputs (emojis, 1GB strings), and state-manipulation vectors that could lead to crashes or unhandled server-side exceptions.
+    `
+};
+
 /**
- * Breacher Node: Analyzes interactive elements for OWASP Business Logic Abuse vectors.
- * Uses Cerebras AI to hypothesize vulnerabilities.
- * @param {Array} domElements - Array of extracted DOM elements.
+ * Breacher Node: Analyzes the context and attempts to identify business logic flaws.
+ * @param {Array} elements - Array of extracted DOM elements.
+ * @param {string} [personaType='GENERAL'] - The type of persona to use (e.g., 'ACCOUNTANT', 'ADMIN', 'CHAOS_MONKEY', or 'GENERAL').
  * @returns {Promise<Object>} - A strict JSON report of findings.
  */
-export async function runBreacher(domElements) {
+export async function runBreacher(elements, personaType = 'GENERAL') {
     const client = new Cerebras({
         apiKey: process.env.CEREBRAS_API_KEY,
     });
 
+    const personaContext = PERSONAS[personaType] || "Evaluate the DOM for general business logic vulnerabilities.";
+
     const systemPrompt = `
-You are the "Breacher" node of the Sicario Autonomous Swarm. 
-Your goal is to identify Business Logic Flaws that automated scanners miss.
+You are a specialized node in the Sicario Autonomous Swarm. 
+${personaContext}
 
 ### PHASE 1: REASONING (THINK OUT LOUD)
-Before providing JSON, analyze the DOM elements for state-changing flows, manipulation vectors, and missing validation guards.
+Before providing JSON, analyze the DOM elements according to your specific persona.
 
 ### PHASE 2: DATA STRUCTURE
 Return a VALID JSON object. DO NOT use "null".
 {
   "vulnerabilityFound": boolean,
-  "thoughtProcess": "Step-by-step logic on how you'd exploit this...",
-  "title": "Clear name of flaw",
-  "vector": "Technical exploit path",
+  "thoughtProcess": "Your specialized step-by-step reasoning",
+  "title": "Persona-specific flaw name",
+  "vector": "Technical path",
   "severity": "LOW|MEDIUM|HIGH|CRITICAL",
-  "targetElement": "The CSS selector or element name",
-  "mitigation": "Detailed code fix recommendation"
+  "targetElement": "CSS selector or name",
+  "mitigation": "Code-level fix"
 }
 `;
 
-    const userPrompt = `DOM Elements: ${JSON.stringify(domElements)}`;
+    const userPrompt = `DOM Elements: ${JSON.stringify(elements)}`;
 
     try {
         const completion = await client.chat.completions.create({