sicario-red-team 0.5.8 → 0.5.10

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sicario-red-team",
-  "version": "0.5.8",
+  "version": "0.5.10",
   "type": "module",
   "description": "Autonomous Agentic Red-Teaming Swarm Protocol",
   "repository": {

package/src-cli/commands/hit.js

@@ -76,10 +76,14 @@ export async function hitCommand(target, options) {
         log.step('[Scout] : Initiating live reconnaissance...');
         if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Scout', message: 'Initiating live reconnaissance...' });
         let elements = [];
+        let scoutMetadata = {};
         try {
-            elements = await runScout(finalTarget, { auth: options.auth });
-            log.success('[Scout] : Perimeter mapped.');
-            if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Scout', message: 'Perimeter mapped.' });
+            const scoutResult = await runScout(finalTarget, { auth: options.auth, vault: options.vault });
+            elements = scoutResult.elements;
+            scoutMetadata = scoutResult.metadata;
+            
+            log.success(`[Scout] : Perimeter mapped. Tech Stack: ${scoutMetadata.techStack}`);
+            if (client && missionId) await client.mutation('handler:logMessage', { missionId, type: 'Scout', message: `Perimeter mapped. Stack: ${scoutMetadata.techStack}` });
             
             if (client && missionId) {
                 await client.mutation('handler:syncPerimeter', { 
@@ -177,7 +181,7 @@ export async function hitCommand(target, options) {
                 let scribePatch = null;
                 if (isReal) {
                     log.step(`[Scribe] : Automating remedial code patch...`);
-                    scribePatch = await runScribe(breachReport, audit);
+                    scribePatch = await runScribe(breachReport, audit, scoutMetadata);
                 }
 
                 console.log('\n' + pc.bold(pc.red(` ⚠ EXPLOIT SUCCESSFUL [${clean.title}]`)));

package/src-cli/commands/watch.js

@@ -1,6 +1,8 @@
 import { hitCommand } from './hit.js';
 import { runScout } from '../nodes/scout.js';
-import clack from '@clack/prompts';
+import { createRequire } from 'module';
+const require = createRequire(import.meta.url);
+const clack = require('@clack/prompts');
 const { log } = clack;
 import pc from 'picocolors';
 
@@ -23,7 +25,7 @@ export async function watchCommand(target, options) {
     while (true) {
         try {
             // 1. Silent Recon (Scout node - browser based, but local cost)
-            const elements = await runScout(target, options);
+            const { elements } = await runScout(target, options);
             
             // Generate a structural hash (tags, types, and names)
             const structuralElements = elements.map(e => ({ 

package/src-cli/nodes/breacher.js

@@ -41,10 +41,11 @@ export async function runBreacher(elements, personaType = 'GENERAL') {
 You are a specialized node in the Sicario Autonomous Swarm. 
 ${personaContext}
 
-### VULNERABILITY TARGETING:
-Pay special attention to inputs where type='hidden' or marked as isHighValueTarget. 
-These often control critical business logic like pricing, user IDs, or privilege levels. 
-Hunt for logic flaws by attempting to mutate these hidden values (e.g., set price/quantity to 0 or negative, change account roles to 'admin', or swap user session IDs).
+### VULNERABILITY TARGETING (DOM SUPREMACY MODE):
+1. PIERCE THE SHADOW: Elements marked as 'isShadow: true' are encapsulated. Developers often leave internal fields (like price or user_id) unvalidated within custom Web Components.
+2. BEHAVIORAL MAPPING: Analyze elements with custom roles (role="button") or pointer cursors. These are modern SPA action points that bypass traditional form-crawling scanners.
+3. BEHAVIORAL TRIGGERS: Identify the specific trigger selector required to submit the payload (e.g., a <div> with role="button" or an ID like #sync-profile).
+4. THE SNIPER RULE: Always prioritize basic Parameter Tampering. Mutate hidden HTML inputs (type='hidden') related to pricing, IDs, or roles to 0, "", or admin before attempting complex JS exploitation.
     
 ### PHASE 1: REASONING (THINK OUT LOUD)
 Before providing JSON, analyze the DOM elements according to your specific persona.
@@ -60,7 +61,8 @@ Return a VALID JSON object. DO NOT use "null".
   "targetElement": "CSS selector or name",
   "mutation": {
     "selector": "The CSS selector for the hidden field or input to target",
-    "value": "The malicious value to inject (e.g. 0, -1, 'admin', '1e10')"
+    "value": "The malicious value to inject (e.g. 0, -1, 'admin', '1e10')",
+    "trigger": "The CSS selector for the trigger element to click (div[role='button'], #submit, etc.)"
   },
   "mitigation": "Code-level fix"
 }
@@ -74,7 +76,8 @@ Return a VALID JSON object. DO NOT use "null".
                 { role: 'system', content: systemPrompt },
                 { role: 'user', content: userPrompt }
             ],
-            model: 'llama3.1-8b', // Adjust model as needed
+            model: 'llama3.1-8b', 
+            temperature: 0,
             response_format: { type: 'json_object' }
         });
 

package/src-cli/nodes/critic.js

@@ -118,18 +118,29 @@ export class CriticNode {
       BREACHER REASONING: ${finding.thoughtProcess}
       DOM CONTEXT: ${domSummary}
       
+      ACTIVE EXPLOIT EVIDENCE (SERVER RESPONSE): 
+      ${finding.body || "No active fire evidence provided. Base judgment on DOM theorizing."}
+
       CRITERIA: 
-      1. Can this bypass authentication or financial logic?
-      2. Is it a real техническая vulnerability or just a best-practice bug?
+      1. Can this bypass authentication or financial logic? (e.g. getting a $499 plan for $0 is a CRITICAL BREACH).
+      2. If "ACTIVE EXPLOIT EVIDENCE" indicates a success message for an unauthorized action (like a price mutation), it is EXPLOITABLE.
+      3. Is it a real technical vulnerability or just a best-practice bug?
       
       VERDICT: Provide a 1-sentence technical explanation, followed by "VERDICT: EXPLOITABLE" or "VERDICT: SAFE".
     `;
 
     try {
+      // Autopsy Log for debugging False Negatives
+      console.log(pc.magenta("\n--- AUTOPSY LOG: WHAT THE CRITIC SEES ---"));
+      console.log(pc.cyan(`Finding: ${finding.title}`));
+      console.log(pc.cyan(`Mutation Payload: ${JSON.stringify(finding.mutation || {})}`));
+      console.log(pc.cyan(`Server Evidence: ${finding.body ? finding.body.substring(0, 500) : "EMPTY (Possible Race Condition)"}`));
+      console.log(pc.magenta("------------------------------------------\n"));
+
       const response = await this.ai.chat.completions.create({
         model: this.qwenModel,
         messages: [{ role: 'user', content: prompt }],
-        temperature: 0.2
+        temperature: 0
       });
       
       return response.choices[0].message.content;

package/src-cli/nodes/executor.js

@@ -26,33 +26,61 @@ export async function runExecutor(targetUrl, breachReport, options = {}) {
         if (selector && value !== undefined) {
             console.log(pc.yellow(`   [Executor] : Mutating ${selector} -> ${value}`));
             
-            // Apply the mutation to the target element
-            await page.$eval(selector, (el, v) => {
+            // 1. Shadow-Piercing Mutation
+            const targetLocator = page.locator(selector);
+            await targetLocator.evaluate((el, v) => {
                 el.value = v;
-                // Trigger change events if any
+                // Trigger events to bypass React/Next.js state listeners
                 el.dispatchEvent(new Event('change', { bubbles: true }));
                 el.dispatchEvent(new Event('input', { bubbles: true }));
             }, value);
 
-            // Pull the trigger: Find the nearest submit button
-            console.log(pc.red(`   [Executor] : Pulling the trigger (Live POST/PUT)...`));
+            // 2. The Wiretap: Listen for background API traffic (DOM Supremacy)
+            let interceptedNetworkTraffic = "";
+            const responseHandler = async (response) => {
+                const resType = response.request().resourceType();
+                if (resType === 'fetch' || resType === 'xhr') {
+                    try {
+                        const body = await response.text();
+                        // Capture URL and condensed body to bridge the Asynchronous State gap
+                        interceptedNetworkTraffic += `[${response.status()}] ${response.url().split('/').pop()}: ${body.substring(0, 500)} | `;
+                    } catch (e) {
+                        // Ignore opaque or failed body reads
+                    }
+                }
+            };
+            page.on('response', responseHandler);
+
+            // 3. Behavioral Trigger Pull
+            const triggerSelector = mutation.trigger || 'button[type="submit"], input[type="submit"], [role="button"], button';
+            console.log(pc.red(`   [Executor] : Pulling the trigger (${triggerSelector})...`));
             
             await Promise.all([
-                page.waitForNavigation({ timeout: 10000 }).catch(() => {}),
-                page.click('button[type="submit"], input[type="submit"], [form] button').catch(async () => {
-                    // Fallback to form submit
+                // Wait for either navigation or network to go quiet
+                Promise.all([
+                  page.waitForNavigation({ timeout: 10000 }).catch(() => {}),
+                  page.waitForLoadState('networkidle', { timeout: 10000 }).catch(() => {})
+                ]),
+                // Use locator.click() to natively pierce Shadow DOM
+                page.locator(triggerSelector).first().click().catch(async () => {
+                    // Fallback to legacy form submit
                     await page.$eval('form', f => f.submit()).catch(() => {});
                 })
             ]);
 
-            // Capture the response
-            const responseText = await page.innerText('body');
+            // 4. Capture Window (Wait for async logic to resolve)
+            await new Promise(r => setTimeout(r, 1000));
+            page.off('response', responseHandler);
+
+            // 5. Final Intelligence Accumulation
+            const domText = await page.innerText('body');
+            const serverEvidence = `| NETWORK TRAFFIC |\n${interceptedNetworkTraffic || "No AJAX traffic detected."}\n\n| DOM TEXT |\n${domText}`;
             const screenshot = await page.screenshot({ type: 'jpeg', quality: 20 });
 
             await browser.close();
             return {
                 success: true,
-                evidence: responseText.substring(0, 2000), // Limit data
+                evidence: serverEvidence.substring(0, 3000), // Larger limit for network data
                 screenshot
             };
         } else {

package/src-cli/nodes/scout.js

@@ -63,48 +63,79 @@ export async function runScout(url, options = {}) {
 
     try {
         // 1. Go to the URL
-        await page.goto(url, { waitUntil: 'networkidle' });
-
+        const response = await page.goto(url, { waitUntil: 'networkidle' });
+        const headers = response ? response.headers() : {};
+        
+        // Identify tech stack from headers
+        let techStack = 'Unknown';
+        if (headers['x-powered-by']) techStack = headers['x-powered-by'];
+        if (headers['server']) techStack += ` (${headers['server']})`;
+        if (headers['x-nextjs-cache']) techStack = 'Next.js';
+        
         // 2. THE FIX: Wait for the SPA to actually render UI elements.
-        // We tell Playwright to wait until it sees at least one button or input.
-        await page.waitForSelector('button, input', { timeout: 10000 }).catch(() => {
-            // If it times out, it might just be a static page, so we proceed anyway.
-        });
+        await page.waitForSelector('button, input', { timeout: 10000 }).catch(() => {});
 
-        // Optional: Juice Shop has a massive "Dismiss" popup on first load.
-        // A true Scout will try to close modals to see the DOM underneath.
+        // Optional: Close modals
         const dismissButton = await page.$('button.close-dialog');
         if (dismissButton) await dismissButton.click();
 
-        // 3. Extract the DOM
+        // 3. Extract the DOM (DOM Supremacy: Shadow Piercing & Behavioral Mapping)
         const interactiveElements = await page.evaluate(() => {
-            const elements = document.querySelectorAll('button, input, a, form');
             const extracted = [];
+            const processedNodes = new Set(); // Prevent duplicates from recursion
 
-            elements.forEach((el) => {
-                // Scraping visibility check: visible elements OR high-value hidden inputs
-                const isHiddenInput = el.tagName === 'INPUT' && el.type === 'hidden';
-                const isVisible = el.offsetWidth > 0 && el.offsetHeight > 0;
+            const walk = (root) => {
+                const nodes = root.querySelectorAll('*');
+                nodes.forEach(el => {
+                    if (processedNodes.has(el)) return;
+                    processedNodes.add(el);
 
-                if (isVisible || isHiddenInput) {
-                    extracted.push({
-                        tag: el.tagName.toLowerCase(),
-                        id: el.id || null,
-                        name: el.name || null,
-                        type: el.type || null,
-                        value: el.value || null,
-                        isHighValueTarget: isHiddenInput && el.value !== '',
-                        text: el.innerText ? el.innerText.trim().substring(0, 50) : null,
-                        href: el.href || null
-                    });
-                }
-            });
+                    const tag = el.tagName.toLowerCase();
+                    const style = window.getComputedStyle(el);
+                    
+                    // Behavioral Hooks
+                    const isClickable = style.cursor === 'pointer' || el.getAttribute('onclick') || el.onclick;
+                    const hasRole = ['button', 'link', 'input', 'form', 'checkbox', 'radio'].includes(el.getAttribute('role'));
+                    const isInput = ['input', 'select', 'textarea', 'button'].includes(tag);
+                    const isAnchor = tag === 'a';
+                    const isHiddenInput = tag === 'input' && el.type === 'hidden';
+                    const isVisible = el.offsetWidth > 0 && el.offsetHeight > 0;
 
+                    if ((isVisible && (isInput || isAnchor || isClickable || hasRole)) || isHiddenInput) {
+                        extracted.push({
+                            tag,
+                            id: el.id || null,
+                            name: el.name || null,
+                            type: el.type || null,
+                            value: el.value || null,
+                            role: el.getAttribute('role') || null,
+                            isHighValueTarget: isHiddenInput && el.value !== '',
+                            text: el.innerText ? el.innerText.trim().substring(0, 50) : null,
+                            href: el.href || null,
+                            isShadow: root !== document
+                        });
+                    }
+
+                    // Shadow DOM: Pierce the boundary
+                    if (el.shadowRoot) {
+                        walk(el.shadowRoot);
+                    }
+                });
+            };
+
+            walk(document);
             return extracted;
         });
 
         await browser.close();
-        return interactiveElements;
+        return {
+            elements: interactiveElements,
+            metadata: {
+                techStack,
+                url,
+                timestamp: new Date().toISOString()
+            }
+        };
 
     } catch (error) {
         await browser.close();

package/src-cli/nodes/scribe.js

@@ -5,11 +5,13 @@ import 'dotenv/config';
  * The Scribe Node: Generates "Cursor-ready" patches and remediation prompts.
  * Strictly gated by the Critic node to stay within Cerebras Free Tier limits.
  */
-export async function runScribe(breachReport, audit) {
+export async function runScribe(breachReport, audit, metadata = {}) {
     const client = new Cerebras({
         apiKey: process.env.CEREBRAS_API_KEY,
     });
 
+    const techStack = metadata.techStack || 'Unknown';
+
     const systemPrompt = `
 You are 'The Scribe' node of the Sicario Red-Teaming Swarm. 
 Your goal is to provide a "Cursor-ready" remediation prompt that a developer can paste into their AI code editor to fix a confirmed vulnerability.
@@ -17,11 +19,14 @@ Your goal is to provide a "Cursor-ready" remediation prompt that a developer can
 VULNERABILITY: ${breachReport.title}
 VECTOR: ${breachReport.vector}
 CRITIC JUSTIFICATION: ${audit.reasoning}
+TARGET TECH STACK: ${techStack}
 
 INSTRUCTIONS:
 1. Provide a concise, clinical description of the fix.
 2. Provide a "Cursor Prompt" (a prompt for another AI to use) enclosed in triple backticks.
 3. Keep it brief to save on outbound tokens.
+4. IMPORTANT: Ensure the remediation code snippet matches the Target Tech Stack. 
+5. If the Tech Stack is unknown or generic, default to JavaScript/Node.js (Express).
 `;
 
     try {
@@ -31,7 +36,7 @@ INSTRUCTIONS:
                 { role: 'user', content: 'Generate remediation prompt.' }
             ],
             model: 'llama3.1-8b', // Using the faster, cheaper 8B model as requested
-            temperature: 0.1,
+            temperature: 0,
             max_tokens: 300
         });
 

package/src-cli/utils/llm.js

@@ -26,7 +26,7 @@ REPLY ONLY WITH A COMMA-SEPARATED LIST OF 5 BRIEF TECHNICAL VECTORS.
                 { role: 'user', content: 'Generate tactical vectors.' }
             ],
             model: 'llama3.1-8b',
-            temperature: 0.1,
+            temperature: 0,
             max_tokens: 100
         });