vulcn 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +29 -0
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,34 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.3.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 51d69b7: ### Auto-Crawl: Automated Form Discovery & Session Generation
|
|
8
|
+
|
|
9
|
+
Adds a new **auto-crawl** capability to the browser driver — automatically discovers injectable forms, inputs, and submit buttons on a target URL, then generates ready-to-run `Session[]` objects. This replaces the need to manually record sessions for basic form testing.
|
|
10
|
+
|
|
11
|
+
#### `@vulcn/engine`
|
|
12
|
+
- **`CrawlOptions` type** — new interface for crawl configuration (`maxDepth`, `maxPages`, `pageTimeout`, `sameOrigin`, `onPageCrawled` callback)
|
|
13
|
+
- **`RecorderDriver.crawl()`** — optional method on the recorder interface, so only drivers that support auto-discovery need to implement it
|
|
14
|
+
- **`DriverManager.crawl()`** — new top-level method that dispatches to the driver's crawl implementation, with clear errors when a driver doesn't support it
|
|
15
|
+
- **Test coverage** — 4 new tests for the crawl flow (success, arg passthrough, missing driver, unsupported driver), coverage at 62.88%
|
|
16
|
+
|
|
17
|
+
#### `@vulcn/driver-browser`
|
|
18
|
+
- **`BrowserCrawler`** — new module (`crawler.ts`) that performs BFS-based crawling using Playwright:
|
|
19
|
+
- Discovers explicit `<form>` elements with their inputs and submit buttons
|
|
20
|
+
- Discovers standalone inputs not inside a `<form>` (common in SPAs)
|
|
21
|
+
- Identifies injectable text-like input types (text, search, url, email, tel, password, textarea)
|
|
22
|
+
- Finds submit triggers (submit buttons, untyped buttons, or falls back to Enter keypress)
|
|
23
|
+
- Follows same-origin links with configurable depth control
|
|
24
|
+
- Generates proper `navigate → input → submit` step sequences per form
|
|
25
|
+
- **`recorder.crawl()`** — wired into the browser driver's recorder interface
|
|
26
|
+
- **Exported** — `crawlAndBuildSessions` available for direct programmatic use
|
|
27
|
+
|
|
28
|
+
#### Architecture
|
|
29
|
+
- Removed standalone `@vulcn/crawler` package — crawler is now a core part of `@vulcn/driver-browser`, consistent with the driver-based architecture
|
|
30
|
+
- Cleaned up `pnpm-workspace.yaml` to remove the deleted crawler entry
|
|
31
|
+
|
|
3
32
|
## 0.3.1
|
|
4
33
|
|
|
5
34
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "vulcn",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.2",
|
|
4
4
|
"description": "Modern, fast penetration testing CLI — record browser interactions once, replay with security payloads, and find vulnerabilities like XSS and SQLi automatically. A lightweight, pluggable alternative to legacy security scanners.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -72,10 +72,10 @@
|
|
|
72
72
|
"chalk": "^5.4.0",
|
|
73
73
|
"ora": "^8.2.0",
|
|
74
74
|
"yaml": "^2.7.0",
|
|
75
|
-
"@vulcn/engine": "0.3.
|
|
76
|
-
"@vulcn/driver-browser": "0.1.
|
|
77
|
-
"@vulcn/plugin-payloads": "0.2.1",
|
|
75
|
+
"@vulcn/engine": "0.3.2",
|
|
76
|
+
"@vulcn/driver-browser": "0.1.2",
|
|
78
77
|
"@vulcn/plugin-detect-xss": "0.2.1",
|
|
78
|
+
"@vulcn/plugin-payloads": "0.2.1",
|
|
79
79
|
"@vulcn/plugin-report": "0.1.1"
|
|
80
80
|
},
|
|
81
81
|
"devDependencies": {
|