wormclaude 1.0.152 → 1.0.154
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +66 -14
- package/dist/i18n.js +18 -0
- package/dist/theme.js +1 -1
- package/dist/tui.js +11 -1
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -116,11 +116,29 @@ function tsStamp() {
|
|
|
116
116
|
return `${d.getFullYear()}${p(d.getMonth() + 1)}${p(d.getDate())}-${p(d.getHours())}${p(d.getMinutes())}${p(d.getSeconds())}`;
|
|
117
117
|
}
|
|
118
118
|
// Komut yürütücü. true → komut işlendi, false → komut değil (normal mesaj).
|
|
119
|
-
|
|
119
|
+
// Kullanıcı metni: VARSAYILAN İngilizce; yalnız dil 'tr' ise Türkçe. [[language-consistency]]
|
|
120
|
+
const tt = (en, tr) => (getLang() === 'tr' ? tr : en);
|
|
121
|
+
const PT_LABELS_EN = {
|
|
122
|
+
recon: 'Recon (subdomains + headers + exposure)', scan: 'General scan (recon)',
|
|
123
|
+
xss: 'XSS scan', sqli: 'SQL injection scan',
|
|
124
|
+
};
|
|
125
|
+
const PT_LABELS_TR = {
|
|
120
126
|
recon: 'Keşif (alt-alan + başlık + ifşa)', scan: 'Genel tarama (keşif)',
|
|
121
127
|
xss: 'XSS taraması', sqli: 'SQL injection taraması',
|
|
122
128
|
};
|
|
123
|
-
const
|
|
129
|
+
const ptLabel = (tool) => (getLang() === 'tr' ? PT_LABELS_TR : PT_LABELS_EN)[tool] || tool;
|
|
130
|
+
const PT_REASON_EN = {
|
|
131
|
+
trust_required: 'This command requires a Verified Researcher (level 3+). Apply: /dogrula',
|
|
132
|
+
scope_required: 'Authorization confirmation required.',
|
|
133
|
+
no_quota: 'No scan quota this month (upgrade your plan).',
|
|
134
|
+
quota_exceeded: 'Monthly scan quota exhausted.',
|
|
135
|
+
invalid_target: 'Invalid target. Give a URL/domain (e.g. https://test.com/p?id=1).',
|
|
136
|
+
unknown_tool: 'Unknown tool.',
|
|
137
|
+
auth: 'Login required. /config key <key>',
|
|
138
|
+
timeout: 'Server timeout.',
|
|
139
|
+
upstream_error: 'Could not reach the server.',
|
|
140
|
+
};
|
|
141
|
+
const PT_REASON_TR = {
|
|
124
142
|
trust_required: 'Bu komut Doğrulanmış Araştırmacı (seviye 3+) gerektirir. Başvuru: /dogrula',
|
|
125
143
|
scope_required: 'Yetki onayı gerekli.',
|
|
126
144
|
no_quota: 'Bu ay tarama kotan yok (planını yükselt).',
|
|
@@ -131,6 +149,7 @@ const PT_REASON = {
|
|
|
131
149
|
timeout: 'Sunucu zaman aşımı.',
|
|
132
150
|
upstream_error: 'Sunucuya ulaşılamadı.',
|
|
133
151
|
};
|
|
152
|
+
const ptReason = (r) => (getLang() === 'tr' ? PT_REASON_TR : PT_REASON_EN)[r] || r;
|
|
134
153
|
// Bekleyen tarama onayı — kullanıcı uyarıdan sonra sadece "run"/"onayla" yazınca çalıştırmak için.
|
|
135
154
|
const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli']);
|
|
136
155
|
let pendingPentest = null;
|
|
@@ -148,22 +167,41 @@ function formatFinding(x) {
|
|
|
148
167
|
if (x.type === 'sqli')
|
|
149
168
|
return `${sev}SQLi (${x.technique || '?'}) · param ${x.param || '?'} — ${x.evidence || ''}`;
|
|
150
169
|
if (x.type === 'subdomain')
|
|
151
|
-
return
|
|
170
|
+
return `${tt('subdomain', 'alt-alan')}: ${x.value}`;
|
|
152
171
|
if (x.type === 'host')
|
|
153
172
|
return `${x.status || ''} ${x.url || ''}${x.title ? ' · ' + x.title : ''}${x.server ? ' · ' + x.server : ''}`;
|
|
154
173
|
if (x.type === 'tech')
|
|
155
|
-
return
|
|
174
|
+
return `${tt('tech', 'teknoloji')}: ${x.value}`;
|
|
156
175
|
if (x.type === 'weak_headers')
|
|
157
|
-
return `${sev}eksik güvenlik
|
|
176
|
+
return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
|
|
158
177
|
if (x.type === 'cors')
|
|
159
|
-
return `${sev}CORS yanlış yapılandırma: ${x.url || ''} — ${x.evidence || ''}`;
|
|
178
|
+
return `${sev}${tt('CORS misconfiguration', 'CORS yanlış yapılandırma')}: ${x.url || ''} — ${x.evidence || ''}`;
|
|
160
179
|
if (x.type === 'exposure')
|
|
161
|
-
return `${sev}ifşa: ${x.url || ''} — ${x.evidence || ''}`;
|
|
180
|
+
return `${sev}${tt('exposure', 'ifşa')}: ${x.url || ''} — ${x.evidence || ''}`;
|
|
162
181
|
if (x.value)
|
|
163
182
|
return `${x.value}`;
|
|
164
183
|
return JSON.stringify(x);
|
|
165
184
|
}
|
|
166
185
|
// /recon /scan /xss /sqli — ince runner'ı sürer. Zorunlu yetki onayı + trust 3+ teaser.
|
|
186
|
+
// Slash'sız komut tespiti: kullanıcı "recon target.com" (slash'sız) yazınca "/recon target.com" öner.
|
|
187
|
+
// FALSE-POZİTİF guard: ilk kelime tam komut adı + argüman var + soru DEĞİL ("recon nedir?" tetiklemez).
|
|
188
|
+
const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'exploit', 'harden', 'agent', 'agents']);
|
|
189
|
+
const _QUESTION_WORDS = new Set(['nedir', 'ne', 'nasıl', 'nasil', 'neden', 'mi', 'mu', 'mı', 'mü', 'what', 'how', 'why', 'is', 'are', 'about', 'açıkla', 'acikla', 'explain', 'hakkında', 'hakkinda', 'anlat']);
|
|
190
|
+
export function detectBareCommand(input) {
|
|
191
|
+
const s = (input || '').trim();
|
|
192
|
+
if (!s || s.startsWith('/') || s.includes('?') || s.includes('\n'))
|
|
193
|
+
return null;
|
|
194
|
+
const parts = s.split(/\s+/);
|
|
195
|
+
if (parts.length < 2)
|
|
196
|
+
return null; // tek kelime → düz mesaj olabilir
|
|
197
|
+
const first = parts[0].toLowerCase();
|
|
198
|
+
if (!_BARE_CMDS.has(first))
|
|
199
|
+
return null;
|
|
200
|
+
if (_QUESTION_WORDS.has(parts[1].toLowerCase()))
|
|
201
|
+
return null; // "recon nedir" → komut değil
|
|
202
|
+
const cmd = first === 'agents' ? 'agent' : (first === 'scan' ? 'scan' : first);
|
|
203
|
+
return '/' + cmd + ' ' + parts.slice(1).join(' ');
|
|
204
|
+
}
|
|
167
205
|
async function pentestCmd(tool, arg, ctx) {
|
|
168
206
|
if (tool === 'scan')
|
|
169
207
|
tool = 'recon'; // genel tarama = keşif+başlıklar
|
|
@@ -173,20 +211,34 @@ async function pentestCmd(tool, arg, ctx) {
|
|
|
173
211
|
scopeAck = true;
|
|
174
212
|
parts.pop();
|
|
175
213
|
}
|
|
176
|
-
|
|
177
|
-
const
|
|
214
|
+
// Ana sayfadaki kozmetik flag'leri (--scope authorized, --cve X, --emit yara,sigma) yok say → hedef temiz kalsın
|
|
215
|
+
const cleaned = [];
|
|
216
|
+
for (let i = 0; i < parts.length; i++) {
|
|
217
|
+
if (parts[i].startsWith('-')) {
|
|
218
|
+
if (parts[i + 1] && !parts[i + 1].startsWith('-'))
|
|
219
|
+
i++;
|
|
220
|
+
continue;
|
|
221
|
+
}
|
|
222
|
+
cleaned.push(parts[i]);
|
|
223
|
+
}
|
|
224
|
+
const target = cleaned.join(' ').trim();
|
|
225
|
+
const label = ptLabel(tool);
|
|
178
226
|
if (!target) {
|
|
179
|
-
ctx.note(`${label}\
|
|
227
|
+
ctx.note(`${label}\n${tt('Usage', 'Kullanım')}: /${tool} <${tt('target', 'hedef')}>\n${tt('Example', 'Örnek')}: /${tool} https://test.com/page?id=1`);
|
|
180
228
|
return;
|
|
181
229
|
}
|
|
182
230
|
if (!scopeAck) {
|
|
183
231
|
const reRun = PT_BUILTIN.has(tool) ? `/${tool} ${target} run` : `/skill ${tool} ${target} run`;
|
|
184
232
|
pendingPentest = reRun;
|
|
185
|
-
ctx.note(`⚠️
|
|
233
|
+
ctx.note(tt(`⚠️ AUTHORIZATION REQUIRED — ${label}\n` +
|
|
234
|
+
`Target: ${target}\n\n` +
|
|
235
|
+
`This scan sends REAL requests to the target and the traffic comes from YOUR IP. Run it only on systems\n` +
|
|
236
|
+
`you own or have written permission/engagement for. Unauthorized scanning is illegal and is logged.\n\n` +
|
|
237
|
+
`To confirm, just type "run" (Enter) · or the full command: ${reRun}`, `⚠️ YETKİ ONAYI GEREKLİ — ${label}\n` +
|
|
186
238
|
`Hedef: ${target}\n\n` +
|
|
187
239
|
`Bu tarama hedefe GERÇEK istekler gönderir ve trafik SENİN IP'nden çıkar. Yalnız sahibi olduğun ya da\n` +
|
|
188
240
|
`yazılı izin/angajman bulunan sistemlerde çalıştır. Yetkisiz tarama yasa dışıdır ve kayıt altına alınır.\n\n` +
|
|
189
|
-
`Onaylamak için sadece "run" yaz (Enter) · ya da tam komut: ${reRun}`);
|
|
241
|
+
`Onaylamak için sadece "run" yaz (Enter) · ya da tam komut: ${reRun}`));
|
|
190
242
|
return;
|
|
191
243
|
}
|
|
192
244
|
pendingPentest = null; // tarama başladı → bekleyen onayı temizle
|
|
@@ -194,10 +246,10 @@ async function pentestCmd(tool, arg, ctx) {
|
|
|
194
246
|
const out = await runPentest(ctx.config, tool, target, true, (s) => ctx.note(s));
|
|
195
247
|
if (!out.ok) {
|
|
196
248
|
const r = out.reason || out.plan?.reason || 'error';
|
|
197
|
-
let msg =
|
|
249
|
+
let msg = ptReason(r);
|
|
198
250
|
if (r === 'quota_exceeded' && out.plan)
|
|
199
251
|
msg += ` (${out.plan.used}/${out.plan.quota})`;
|
|
200
|
-
ctx.note(
|
|
252
|
+
ctx.note(`${tt('Scan failed', 'Tarama yapılamadı')}: ${msg}`);
|
|
201
253
|
return;
|
|
202
254
|
}
|
|
203
255
|
const rep = out.report || {};
|
package/dist/i18n.js
CHANGED
|
@@ -100,6 +100,7 @@ const STR = {
|
|
|
100
100
|
'tui.userCancel': 'kullanıcı iptal etti',
|
|
101
101
|
'tui.cmdErr': 'Komut hatası: {0}',
|
|
102
102
|
'tui.langSet': 'Dil değiştirildi: Türkçe',
|
|
103
|
+
'tui.useSlash': 'Komutlar / ile başlar. Şunu mu demek istediniz: {0} · çalıştırmak için Enter\'a bas',
|
|
103
104
|
},
|
|
104
105
|
en: {
|
|
105
106
|
'lang.title': 'Select language / Dil seçin',
|
|
@@ -166,6 +167,7 @@ const STR = {
|
|
|
166
167
|
'tui.userCancel': 'user cancelled',
|
|
167
168
|
'tui.cmdErr': 'Command error: {0}',
|
|
168
169
|
'tui.langSet': 'Language changed: English',
|
|
170
|
+
'tui.useSlash': 'Commands start with /. Did you mean: {0} · press Enter to run',
|
|
169
171
|
},
|
|
170
172
|
};
|
|
171
173
|
// Komut açıklamaları (slash menüsü + /help)
|
|
@@ -224,6 +226,22 @@ const CMD_DESC = {
|
|
|
224
226
|
'/multi-agent': 'parallel multi-agent coordination: /multi-agent <task>',
|
|
225
227
|
'/export': 'save the conversation to a file',
|
|
226
228
|
'/resume': 'load the most recently saved session',
|
|
229
|
+
'/cd': 'change/create the working folder: /cd <path>',
|
|
230
|
+
'/plan': 'plan mode — research & plan, writing disabled (/plan off to apply)',
|
|
231
|
+
'/checkpoints': 'list recent file checkpoints',
|
|
232
|
+
'/rewind': 'undo a file change / restore a checkpoint: /rewind [last|<id>|all]',
|
|
233
|
+
'/copy': 'copy the last answer to the clipboard',
|
|
234
|
+
'/kopyala': 'copy the last answer to the clipboard',
|
|
235
|
+
'/izinler': 'show / change command permissions',
|
|
236
|
+
'/dogrula': 'Verified Researcher Program — apply / show status',
|
|
237
|
+
'/program': 'Verified Researcher Program — show your trust level',
|
|
238
|
+
'/skill': 'security scan skills: /skill xss|sqli|recon <target> (level 3+)',
|
|
239
|
+
'/recon': '[level 3+] recon on an authorized target (subdomains/hosts/headers/exposure): /recon <domain>',
|
|
240
|
+
'/scan': '[level 3+] general scan on an authorized target (recon + headers): /scan <domain>',
|
|
241
|
+
'/xss': '[level 3+] XSS scan on an authorized target (our own engine): /xss <url>',
|
|
242
|
+
'/sqli': '[level 3+] SQLi scan on an authorized target (our own engine): /sqli <url>',
|
|
243
|
+
'/exploit': 'generate a verified PoC for authorized testing: /exploit <cve|description>',
|
|
244
|
+
'/harden': 'generate defenses (YARA/Sigma + patch advice): /harden <target|threat>',
|
|
227
245
|
'/quit': 'exit',
|
|
228
246
|
},
|
|
229
247
|
};
|
package/dist/theme.js
CHANGED
package/dist/tui.js
CHANGED
|
@@ -15,7 +15,7 @@ import { itemAnsi, markdownAnsi } from './ansi.js';
|
|
|
15
15
|
import { theme, VERSION } from './theme.js';
|
|
16
16
|
import { cleanModelText } from './textclean.js';
|
|
17
17
|
import { stripInlineToolCalls, stripEchoBlocks } from './inlinetools.js';
|
|
18
|
-
import { COMMANDS, runSlashCommand, getPendingPentestCommand, buildExploitPrompt, buildHardenPrompt } from './commands.js';
|
|
18
|
+
import { COMMANDS, runSlashCommand, getPendingPentestCommand, buildExploitPrompt, buildHardenPrompt, detectBareCommand } from './commands.js';
|
|
19
19
|
import { cmdDesc, t, setLang, loadLang, getLang } from './i18n.js';
|
|
20
20
|
import { getSkill, getSkills, buildSkillPrompt } from './skills.js';
|
|
21
21
|
import { getExtCommand, getExtCommands, buildExtCommandPrompt } from './extensions.js';
|
|
@@ -878,6 +878,16 @@ export async function runTui() {
|
|
|
878
878
|
runCommand(v);
|
|
879
879
|
return;
|
|
880
880
|
}
|
|
881
|
+
// Slash'sız komut mu? ("recon target.com" → "/recon target.com" öner, slash kullanımına yönlendir)
|
|
882
|
+
const _bare = detectBareCommand(v);
|
|
883
|
+
if (_bare) {
|
|
884
|
+
printItem({ kind: 'note', text: t('tui.useSlash', _bare) });
|
|
885
|
+
inputBuf = _bare;
|
|
886
|
+
inputCur = _bare.length;
|
|
887
|
+
cmdSel = 0;
|
|
888
|
+
refresh();
|
|
889
|
+
return;
|
|
890
|
+
}
|
|
881
891
|
// 🖼 Görsel sürükle-bırak — girdide resim yolu varsa VL modeline gönder (vision turu)
|
|
882
892
|
const _vis = extractImages(v);
|
|
883
893
|
if (_vis.images.length) {
|