swarmhack-cli 0.1.0 → 0.1.1

package/README.md

@@ -1,34 +1,73 @@
-# @prancer/swarmhack
+# swarmhack-cli
 
 Neural swarm-based penetration testing framework.
 
+## What's New in v0.2.0
+
+- **Runtime Modes**: Choose between `local` (direct execution) or `docker` (containerized) mode
+- **OCSF 1.1.0 Reports**: Industry-standard vulnerability reports with optimized JSON structure
+- **Prancer Portal Integration**: Secure authentication with Prancer Portal
+- **Bundled Configuration**: Default config file included - no manual setup required
+- **Multi-Platform Support**: Linux, macOS, and Windows binaries
+
 ## Installation
 
 ```bash
-npm install -g @prancer/swarmhack
+npm install -g swarmhack-cli
 ```
 
 Or use npx:
 
 ```bash
-npx @prancer/swarmhack --help
+npx swarmhack-cli --help
 ```
 
+## Configuration
+
+SwarmHack includes a default configuration file (`config/swarmhack.yaml`) that is automatically used when running commands. You can override it by:
+
+1. **Using your own config file:**
+   ```bash
+   swarmhack spawn --config /path/to/your/config.yaml --target "http://example.com"
+   ```
+
+2. **Creating a local config in your project:**
+   Place `config/swarmhack.yaml` in your project root - it will be automatically detected.
+
+3. **Customizing the bundled config:**
+   Copy the bundled config to your project and modify it:
+   ```bash
+   cp $(npm root -g)/swarmhack-cli/config/swarmhack.yaml ./config/
+   ```
+
 ## CLI Usage
 
 ```bash
-# Run SQL injection scan
+# Run SQL injection scan (local mode - default)
 swarmhack spawn --agents sqli \
   --target "http://example.com" \
   --customer "your-customer" \
   --token "your-token"
 
+# Run in Docker mode (isolated execution)
+swarmhack spawn --agents sqli \
+  --target "http://example.com" \
+  --runtime docker \
+  --docker-image "swarmhack/pentest:latest"
+
 # Run multiple agents
 swarmhack spawn --agents sqli,xss,csrf \
   --target "http://example.com" \
   --customer "your-customer" \
   --token "your-token"
 
+# Run in Docker with custom image and volumes
+swarmhack spawn --agents sqli \
+  --target "http://example.com" \
+  --runtime docker \
+  --docker-image "myregistry/swarmhack:v1.0" \
+  --docker-volume "/host/reports:/app/reports"
+
 # List available agents
 swarmhack agents list
 
@@ -36,10 +75,47 @@ swarmhack agents list
 swarmhack doctor
 ```
 
+## Runtime Modes
+
+SwarmHack supports two runtime modes:
+
+| Mode | Description | Use Case |
+|------|-------------|----------|
+| `local` | Run directly on host system | Development, CI/CD with pre-installed tools |
+| `docker` | Run inside Docker containers | Production, isolated execution, portable |
+
+### CLI Runtime Options
+
+| Option | Description |
+|--------|-------------|
+| `--runtime` | Runtime mode: `local` (default) or `docker` |
+| `--docker-image` | Docker image to use (overrides config) |
+| `--docker-container` | Custom container name |
+| `--docker-volume` | Additional volumes (can be repeated) |
+| `--docker-env` | Environment variables (format: KEY=VALUE) |
+
+### Config File Runtime Options
+
+```yaml
+# In config/swarmhack.yaml
+runtime:
+  mode: docker  # or "local"
+  docker_image: swarmhack/pentest:latest
+  docker_auto_remove: true
+  docker_volumes:
+    - /host/reports:/app/reports
+  docker_env:
+    CUSTOM_VAR: value
+  docker_network: bridge
+  docker_resources:
+    memory: 1g
+    cpus: "1"
+```
+
 ## Node.js API
 
 ```javascript
-const swarmhack = require('@prancer/swarmhack');
+const swarmhack = require('swarmhack-cli');
 
 // Run a scan
 const results = await swarmhack.scan({
@@ -93,11 +169,56 @@ docker run --rm \
 | `auth_bypass` | Authentication bypass |
 | `cmdi` | Command injection |
 
+## OCSF Reports
+
+SwarmHack generates reports in [OCSF 1.1.0](https://schema.ocsf.io/) format, the industry standard for security findings:
+
+```json
+{
+  "scan_info": {
+    "scanner": { "name": "SwarmHack", "vendor": "Prancer" },
+    "customer": "your-customer",
+    "target": "http://example.com",
+    "duration_formatted": "3m 11s",
+    "summary": { "findings_count": 5, "crown_jewels_count": 12 }
+  },
+  "class_name": "Vulnerability Finding",
+  "class_uid": 6001,
+  "findings": [...]
+}
+```
+
+## Authentication
+
+SwarmHack requires Prancer Portal authentication:
+
+```bash
+swarmhack spawn \
+  --target "http://example.com" \
+  --agents sqli,xss \
+  --customer "your-customer" \
+  --token "your-32-char-token"
+```
+
+Get your token from [Prancer Portal](https://portal.prancer.io) → Settings → Access Tokens.
+
 ## Requirements
 
 - Node.js 16+
 - Prancer Portal account (for `--token` and `--customer`)
 
+## Changelog
+
+### v0.2.0
+- Added runtime mode selection (local/docker)
+- Added OCSF 1.1.0 report generation
+- Added Prancer Portal authentication
+- Bundled default configuration file
+- Multi-platform binary support
+
+### v0.1.0
+- Initial release
+
 ## License
 
 MIT

package/bin/swarmhack.js

@@ -65,9 +65,37 @@ Or use Docker instead:
 // Get binary path
 const binaryPath = getBinaryPath();
 
+// Get config path - bundled with npm package
+function getConfigPath() {
+  // Check if user already specified --config
+  const args = process.argv.slice(2);
+  if (args.includes('--config') || args.includes('-c')) {
+    return null; // User specified their own config
+  }
+
+  // Check for local config first (user's project)
+  const localConfig = path.join(process.cwd(), 'config', 'swarmhack.yaml');
+  if (fs.existsSync(localConfig)) {
+    return localConfig;
+  }
+
+  // Use bundled config from npm package
+  const bundledConfig = path.join(__dirname, '..', 'config', 'swarmhack.yaml');
+  if (fs.existsSync(bundledConfig)) {
+    return bundledConfig;
+  }
+
+  return null;
+}
+
 // Spawn the binary with all arguments
 const args = process.argv.slice(2);
-const child = spawn(binaryPath, args, {
+const configPath = getConfigPath();
+
+// Add config flag if we have a bundled config and user didn't specify one
+const finalArgs = configPath ? ['--config', configPath, ...args] : args;
+
+const child = spawn(binaryPath, finalArgs, {
   stdio: 'inherit',
   env: {
     ...process.env,

package/config/swarmhack.yaml

@@ -0,0 +1,445 @@
+# ========== RUNTIME ENVIRONMENT CONFIGURATION ==========
+# Controls whether SwarmHack runs locally or inside Docker containers
+runtime:
+  # Runtime mode: "local" or "docker"
+  # - local: Run directly on the host system (default, requires tools installed)
+  # - docker: Run inside Docker containers (portable, isolated)
+  mode: local
+
+  # Docker image to use when mode is "docker"
+  docker_image: swarmhack/pentest:latest
+
+  # Docker container name prefix
+  docker_container_prefix: swarmhack
+
+  # Auto-remove containers after execution
+  docker_auto_remove: true
+
+  # Additional Docker volumes (format: /host/path:/container/path)
+  docker_volumes: []
+
+  # Additional environment variables for Docker containers
+  docker_env: {}
+
+  # Docker network mode (bridge, host, none, or custom network name)
+  docker_network: bridge
+
+  # Pull policy: always, missing, never
+  docker_pull_policy: missing
+
+  # Docker socket path
+  docker_socket: /var/run/docker.sock
+
+  # Resource limits for Docker containers
+  docker_resources:
+    memory: 1g
+    cpus: "1"
+
+queen:
+  topology: hierarchical  # CHANGED: mesh → hierarchical for parent-child agent coordination
+  max_agents: 50
+  consensus_threshold: 0.67
+  spawn_strategy: dynamic
+
+# ========== AUTHENTICATION DETECTION CONFIGURATION ==========
+# BUG #11 FIX: Generic authentication detection patterns (NO HARDCODING)
+authentication:
+  # Patterns indicating FAILED authentication (redirect to these = invalid session)
+  failed_auth_indicators:
+    - "/login"
+    - "/signin"
+    - "/auth"
+    - "/authenticate"
+    - "?login"
+    - "?signin"
+
+  # Patterns indicating SUCCESSFUL authentication (content contains these = valid session)
+  successful_auth_indicators:
+    - "logout"
+    - "sign out"
+    - "log out"
+    - "account"
+    - "dashboard"
+    - "profile"
+    - "settings"
+
+  # Negative indicators (if content has these, NOT authenticated)
+  negative_auth_indicators:
+    - "please log in"
+    - "please sign in"
+    - "authentication required"
+    - "please login"
+    - "login to continue"
+    - "<input[^>]*name=['\"]username"
+    - "<input[^>]*name=['\"]password"
+    - "<input[^>]*type=['\"]password"
+
+  # Cookie name patterns (regex)
+  session_cookie_patterns:
+    - ".*SESSIONID.*"
+    - ".*SID.*"
+    - ".*session.*"
+    - ".*token.*"
+    - ".*auth.*"
+
+  # Max redirects to follow
+  max_redirect_hops: 3
+
+  # Content-based authentication scoring
+  auth_score_threshold: 2
+
+# ========== CREDENTIAL SYNTHESIS CONFIGURATION ==========
+# BUG #11 FIX PHASE 2B: Generate potential credentials when SQLi yields 0 valid sessions
+credential_synthesis:
+  enabled: true
+
+  # Default credentials by technology
+  default_credentials:
+    altoromutual:
+      - username: "admin"
+        password: "admin"
+      - username: "jsmith"
+        password: "demo1234"
+    demo_apps:
+      - username: "admin"
+        password: "password"
+      - username: "test"
+        password: "test"
+
+  # Common patterns
+  common_patterns:
+    - "admin:admin"
+    - "admin:password"
+    - "test:test"
+    - "demo:demo"
+    - "user:user"
+
+  # Field name mappings
+  field_mappings:
+    username_fields: ["uid", "username", "user", "login", "email"]
+    password_fields: ["passw", "password", "pass", "pwd"]
+
+  # Confidence scores
+  confidence:
+    form_inferred: 0.5
+    default_creds: 0.8  # BUG #11 FIX: Increased from 0.6 to 0.8 to ensure default credentials pass filtering
+    common_patterns: 0.3
+    vuln_context: 0.7
+
+agents:
+  sqli:
+    enabled: true
+    databases: [mysql, postgresql, mssql, oracle, mongodb, sqlite]  # ENHANCED: Added mssql, oracle, mongodb, sqlite
+    attack_types: [boolean, error, union, time, blind, stacked]  # ENHANCED: Added union, time, blind, stacked
+    attack_mode: balanced
+    pentest_mode: true  # Depth-first: stop after first SQLi, exploit deep (DB/tables/data extraction)
+  xss:
+    enabled: true
+    contexts: [html, javascript, attribute, url, css, json]  # ENHANCED: Added javascript, attribute, url, css, json
+    attack_types: [reflected, stored, dom, blind]  # ENHANCED: Added stored, dom, blind
+    attack_mode: balanced
+    pentest_mode: true  # Depth-first: stop after first XSS, exploit deep (session hijack/cookie theft)
+  csrf:
+    enabled: true
+    attack_types: [form_submission, json_request, xml_request, multipart, ajax]  # ENHANCED: Added json_request, xml_request, multipart, ajax
+    attack_mode: balanced
+  idor:
+    enabled: true
+    attack_types: [sequential, uuid, hash, encoded]  # ENHANCED: Added uuid, hash, encoded
+    attack_mode: balanced
+  auth_bypass:
+    enabled: true
+    attack_types: [brute_force, sql_injection, logic_flaw, default_creds, credential_stuffing, session_hijack, jwt_manipulation]  # ENHANCED: Added sql_injection, logic_flaw, default_creds, credential_stuffing, session_hijack, jwt_manipulation
+    attack_mode: balanced
+  cmdi:
+    enabled: true
+    attack_types: [time_based, output_based, error_based, blind]
+    operating_systems: [linux, windows, unix]
+    max_payloads: 100
+    time_delay: 5
+    attack_mode: balanced
+  crawler:
+    enabled: true
+    report_info_findings: false  # Suppress API endpoint/tech fingerprint info findings
+    max_depth: 3
+    max_pages: 1000
+    requests_per_second: 10.0
+
+memory:
+  agentdb:
+    vector_size: 384
+    hnsw_m: 16
+    hnsw_ef_construction: 200
+    quantization_enabled: false
+    persistence_path: .agentdb/vectors.db
+    use_real_embeddings: true
+    embedding_model: sentence-transformers/all-MiniLM-L6-v2
+  reasoningbank:
+    distillation_frequency: 100
+    min_trajectories: 50
+    confidence_threshold: 0.7
+    persistence_path: .reasoningbank/trajectories.db
+
+pretraining:
+  enabled: false
+  data_directory: data/pretraining
+  quality_threshold: 80
+  enable_deduplication: true
+  enable_cognitive_tagging: true
+
+evasion:
+  enable_firewall_evasion: false
+  enable_waf_bypass: false
+  enable_neural_generation: false
+  enable_autonomous_learning: false
+  timing_mode: sneaky
+  fragmentation_mtu: 1500
+  max_adaptation_attempts: 3
+
+neural:
+  enable_neural_generation: false
+  enable_autonomous_learning: false
+  learning_rate: 0.01
+  mutation_count: 10
+
+kill_chain:
+  phases: [recon, discovery, exploitation]
+
+containers:
+  image: swarmhack/unified-pentest:latest
+  pool_size: 10
+  idle_timeout_seconds: 300
+  startup_timeout_seconds: 30
+
+targets:
+  urls: []
+  domains: []
+  ip_ranges: []
+  exclusions: []
+
+crown_jewels:
+  # ENHANCED: Comprehensive crown jewel detection patterns (4 → 60+ patterns)
+  patterns:
+    # Credentials & Passwords
+    - password
+    - passwd
+    - pwd
+    - pass
+    - credential
+    - credentials
+    - login
+    - username
+    - user_name
+
+    # API Keys & Secrets
+    - api_key
+    - apikey
+    - api-key
+    - api_secret
+    - secret
+    - secret_key
+    - client_secret
+    - app_secret
+
+    # Tokens & Authentication
+    - token
+    - access_token
+    - refresh_token
+    - auth_token
+    - bearer
+    - jwt
+    - session
+    - session_id
+    - cookie
+    - auth_cookie
+
+    # Private Keys & Certificates
+    - private_key
+    - privatekey
+    - private-key
+    - public_key
+    - certificate
+    - cert
+    - encryption_key
+    - signing_key
+    - ssh_key
+
+    # Database Connections
+    - connection_string
+    - db_password
+    - database_url
+    - database_password
+    - mongodb_uri
+    - redis_password
+    - postgres_password
+    - mysql_password
+
+    # Cloud Provider Credentials
+    - aws_access_key
+    - aws_secret_key
+    - aws_access_key_id
+    - aws_secret_access_key
+    - s3_bucket
+    - iam_role
+    - azure_key
+    - gcp_key
+    - google_api_key
+
+    # Payment Information
+    - credit_card
+    - creditcard
+    - card_number
+    - cvv
+    - card_cvv
+    - stripe_key
+    - paypal
+    - payment_token
+
+    # Personal Identifiable Information (PII)
+    - ssn
+    - social_security
+    - tax_id
+    - passport
+    - driver_license
+    - national_id
+    - phone_number
+    - email_address
+
+    # OAuth & Third-party
+    - oauth_token
+    - oauth_secret
+    - client_id
+    - client_credentials
+    - webhook_secret
+    - github_token
+    - gitlab_token
+
+  confidence_threshold: 0.8
+  max_extractions: 10000  # ENHANCED: Increased from 1000 to 10000 for comprehensive extraction
+
+logging:
+  level: info
+  format: json
+  output_path: logs/swarmhack.log
+
+rate_limiting:
+  requests_per_second: 10
+  burst_size: 20
+  algorithm: token_bucket
+  retry:
+    max_retries: 5
+    backoff_base_ms: 1000
+    max_backoff_ms: 16000
+    jitter_ms: 100
+
+# ========== HYBRID MODE CONFIGURATION ==========
+# Orchestrates Kill Chain → Extract Crown Jewels → AEL Amplification workflow
+hybrid_mode:
+  # Enable hybrid mode (3-phase workflow)
+  enabled: true
+  
+  # Minimum jewels required to trigger AEL phase (if fewer, return Kill Chain results only)
+  min_jewels_for_ael: 1
+  
+  # Minimum confidence for extracting jewels from vulnerabilities
+  jewel_extraction_confidence_threshold: 0.7
+  
+  # Target amplification factor (logging/metrics only, not enforced)
+  amplification_target: 5.0
+  
+  # Vulnerability categories to extract crown jewels from
+  extraction_categories:
+    - sqli
+    - auth_bypass
+    - xss
+    - idor
+    - lfi
+    - rce
+  
+  # Kill Chain phase timeout (seconds)
+  kill_chain_timeout_secs: 900
+  
+  # AEL phase timeout (seconds)
+  ael_phase_timeout_secs: 1200
+  
+  # Enable jewel type conversion (KC jewels → AEL jewels)
+  enable_type_conversion: true
+  
+  # Conversion strictness (lenient|moderate|strict)
+  conversion_strictness: moderate
+  
+  # Parallel execution for phases
+  enable_parallel_execution: true
+  
+  # Deduplicate jewels between phases
+  deduplicate_jewels: true
+  
+  # Merge strategy for final results (union|kill_chain_priority|ael_priority)
+  result_merge_strategy: union
+  
+  # Report both individual phase results
+  report_phase_breakdown: true
+
+# ========== EXTRACTION CONFIGURATION ==========
+# SQL Injection Data Extraction System (enabled for testphp.vulnweb.com test)
+extraction:
+  enabled: true
+  
+  # Authorized targets for extraction (security control)
+  authorized_targets:
+    - "testphp.vulnweb.com"
+    - "*.vulnweb.com"
+  
+  # Require explicit authorization flag
+  require_explicit_authorization: false
+  
+  # Union-based extraction
+  union:
+    enabled: true
+    max_columns: 50
+    timeout_seconds: 30
+    max_rows: 1000
+  
+  # Error-based extraction
+  error:
+    enabled: true
+    max_extractions: 100
+    databases: [mysql, postgresql, mssql]
+    timeout_seconds: 20
+  
+  # Blind extraction
+  blind:
+    enabled: true
+    charset: "abcdefghijklmnopqrstuvwxyz0123456789_@.-"
+    max_length: 100
+    timeout_seconds: 60
+    binary_search: true
+  
+  # Performance controls
+  max_concurrent_extractions: 3
+  total_timeout_seconds: 300
+  
+  # Audit logging
+  audit:
+    enabled: true
+    log_path: logs/extraction_audit.log
+    include_data: true
+
+# ========== OCSF REPORT OPTIMIZATION ==========
+# Phase 1: Quick wins for report size reduction
+reporting:
+  ocsf:
+    # Response body truncation (bytes, 0 = no truncation)
+    max_response_body_bytes: 500
+
+    # Verification steps limit (0 = no limit)
+    max_verification_steps: 3
+
+    # Deduplicate similar findings (Phase 2)
+    deduplicate_findings: true
+
+    # Include form fields in per-finding details
+    include_form_fields_per_finding: false
+
+    # Keep only security-relevant HTTP headers
+    security_headers_only: true

package/index.js

@@ -31,10 +31,30 @@ function getBinaryPath() {
   throw new Error(`SwarmHack binary not found for ${platform}-${arch}`);
 }
 
+/**
+ * Get path to bundled config file
+ */
+function getConfigPath() {
+  // Check for local config first (user's project)
+  const localConfig = path.join(process.cwd(), 'config', 'swarmhack.yaml');
+  if (fs.existsSync(localConfig)) {
+    return localConfig;
+  }
+
+  // Use bundled config from npm package
+  const bundledConfig = path.join(__dirname, 'config', 'swarmhack.yaml');
+  if (fs.existsSync(bundledConfig)) {
+    return bundledConfig;
+  }
+
+  return null;
+}
+
 /**
  * Run SwarmHack with arguments
  * @param {string[]} args - Command line arguments
  * @param {object} options - Spawn options
+ * @param {boolean} options.useConfig - Whether to use bundled config (default: true)
  * @returns {Promise<{code: number, stdout: string, stderr: string}>}
  */
 function run(args = [], options = {}) {
@@ -43,7 +63,16 @@ function run(args = [], options = {}) {
     const stdout = [];
     const stderr = [];
 
-    const child = spawn(binaryPath, args, {
+    // Add config flag if not already specified and useConfig is true (default)
+    let finalArgs = args;
+    if (options.useConfig !== false && !args.includes('--config') && !args.includes('-c')) {
+      const configPath = getConfigPath();
+      if (configPath) {
+        finalArgs = ['--config', configPath, ...args];
+      }
+    }
+
+    const child = spawn(binaryPath, finalArgs, {
       ...options,
       env: { ...process.env, ...options.env },
     });
@@ -134,4 +163,5 @@ module.exports = {
   version,
   doctor,
   getBinaryPath,
+  getConfigPath,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "swarmhack-cli",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "SwarmHack - Neural swarm-based penetration testing framework",
   "author": "Prancer <support@prancer.io>",
   "license": "MIT",
@@ -25,6 +25,8 @@
   "files": [
     "bin/",
     "scripts/",
+    "native/",
+    "config/",
     "index.js",
     "README.md"
   ],

package/scripts/postinstall.js

@@ -78,6 +78,23 @@ async function main() {
   const platformKey = getPlatformKey();
   const remoteBinary = PLATFORM_MAP[platformKey];
 
+  const nativeDir = path.join(__dirname, '..', 'native', platformKey);
+  const binaryPath = path.join(nativeDir, getBinaryName());
+
+  // Skip if already exists (bundled in package)
+  if (fs.existsSync(binaryPath)) {
+    // Make sure it's executable
+    if (os.platform() !== 'win32') {
+      try {
+        fs.chmodSync(binaryPath, 0o755);
+      } catch (e) {
+        // Ignore permission errors
+      }
+    }
+    console.log(`✓ SwarmHack binary ready: ${binaryPath}`);
+    return;
+  }
+
   if (!remoteBinary) {
     console.log(`
 ╔════════════════════════════════════════════════════════════╗
@@ -98,15 +115,6 @@ async function main() {
     return;
   }
 
-  const nativeDir = path.join(__dirname, '..', 'native', platformKey);
-  const binaryPath = path.join(nativeDir, getBinaryName());
-
-  // Skip if already exists
-  if (fs.existsSync(binaryPath)) {
-    console.log(`SwarmHack binary already exists: ${binaryPath}`);
-    return;
-  }
-
   // Create directory
   fs.mkdirSync(nativeDir, { recursive: true });