npm - sicario-red-team - Versions diffs - 0.5.6 → 0.5.7 - Mend

sicario-red-team 0.5.6 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sicario-red-team",
-  "version": "0.5.6",
+  "version": "0.5.7",
   "type": "module",
   "description": "Autonomous Agentic Red-Teaming Swarm Protocol",
   "repository": {

package/src-cli/nodes/breacher.js CHANGED Viewed

@@ -41,6 +41,11 @@ export async function runBreacher(elements, personaType = 'GENERAL') {
 You are a specialized node in the Sicario Autonomous Swarm.
 ${personaContext}
+### VULNERABILITY TARGETING:
+Pay special attention to inputs where type='hidden' or marked as isHighValueTarget.
+These often control critical business logic like pricing, user IDs, or privilege levels.
+Hunt for logic flaws by attempting to mutate these hidden values (e.g., set price/quantity to 0 or negative, change account roles to 'admin', or swap user session IDs).
 ### PHASE 1: REASONING (THINK OUT LOUD)
 Before providing JSON, analyze the DOM elements according to your specific persona.

package/src-cli/nodes/scout.js CHANGED Viewed

@@ -82,12 +82,18 @@ export async function runScout(url, options = {}) {
             const extracted = [];
             elements.forEach((el) => {
-                if (el.offsetWidth > 0 && el.offsetHeight > 0) {
+                // Scraping visibility check: visible elements OR high-value hidden inputs
+                const isHiddenInput = el.tagName === 'INPUT' && el.type === 'hidden';
+                const isVisible = el.offsetWidth > 0 && el.offsetHeight > 0;
+                if (isVisible || isHiddenInput) {
                     extracted.push({
                         tag: el.tagName.toLowerCase(),
                         id: el.id || null,
                         name: el.name || null,
                         type: el.type || null,
+                        value: el.value || null,
+                        isHighValueTarget: isHiddenInput && el.value !== '',
                         text: el.innerText ? el.innerText.trim().substring(0, 50) : null,
                         href: el.href || null
                     });