wormclaude 1.0.153 → 1.0.154
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +36 -13
- package/dist/i18n.js +16 -0
- package/dist/theme.js +1 -1
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -116,11 +116,29 @@ function tsStamp() {
|
|
|
116
116
|
return `${d.getFullYear()}${p(d.getMonth() + 1)}${p(d.getDate())}-${p(d.getHours())}${p(d.getMinutes())}${p(d.getSeconds())}`;
|
|
117
117
|
}
|
|
118
118
|
// Komut yürütücü. true → komut işlendi, false → komut değil (normal mesaj).
|
|
119
|
-
|
|
119
|
+
// Kullanıcı metni: VARSAYILAN İngilizce; yalnız dil 'tr' ise Türkçe. [[language-consistency]]
|
|
120
|
+
const tt = (en, tr) => (getLang() === 'tr' ? tr : en);
|
|
121
|
+
const PT_LABELS_EN = {
|
|
122
|
+
recon: 'Recon (subdomains + headers + exposure)', scan: 'General scan (recon)',
|
|
123
|
+
xss: 'XSS scan', sqli: 'SQL injection scan',
|
|
124
|
+
};
|
|
125
|
+
const PT_LABELS_TR = {
|
|
120
126
|
recon: 'Keşif (alt-alan + başlık + ifşa)', scan: 'Genel tarama (keşif)',
|
|
121
127
|
xss: 'XSS taraması', sqli: 'SQL injection taraması',
|
|
122
128
|
};
|
|
123
|
-
const
|
|
129
|
+
const ptLabel = (tool) => (getLang() === 'tr' ? PT_LABELS_TR : PT_LABELS_EN)[tool] || tool;
|
|
130
|
+
const PT_REASON_EN = {
|
|
131
|
+
trust_required: 'This command requires a Verified Researcher (level 3+). Apply: /dogrula',
|
|
132
|
+
scope_required: 'Authorization confirmation required.',
|
|
133
|
+
no_quota: 'No scan quota this month (upgrade your plan).',
|
|
134
|
+
quota_exceeded: 'Monthly scan quota exhausted.',
|
|
135
|
+
invalid_target: 'Invalid target. Give a URL/domain (e.g. https://test.com/p?id=1).',
|
|
136
|
+
unknown_tool: 'Unknown tool.',
|
|
137
|
+
auth: 'Login required. /config key <key>',
|
|
138
|
+
timeout: 'Server timeout.',
|
|
139
|
+
upstream_error: 'Could not reach the server.',
|
|
140
|
+
};
|
|
141
|
+
const PT_REASON_TR = {
|
|
124
142
|
trust_required: 'Bu komut Doğrulanmış Araştırmacı (seviye 3+) gerektirir. Başvuru: /dogrula',
|
|
125
143
|
scope_required: 'Yetki onayı gerekli.',
|
|
126
144
|
no_quota: 'Bu ay tarama kotan yok (planını yükselt).',
|
|
@@ -131,6 +149,7 @@ const PT_REASON = {
|
|
|
131
149
|
timeout: 'Sunucu zaman aşımı.',
|
|
132
150
|
upstream_error: 'Sunucuya ulaşılamadı.',
|
|
133
151
|
};
|
|
152
|
+
const ptReason = (r) => (getLang() === 'tr' ? PT_REASON_TR : PT_REASON_EN)[r] || r;
|
|
134
153
|
// Bekleyen tarama onayı — kullanıcı uyarıdan sonra sadece "run"/"onayla" yazınca çalıştırmak için.
|
|
135
154
|
const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli']);
|
|
136
155
|
let pendingPentest = null;
|
|
@@ -148,17 +167,17 @@ function formatFinding(x) {
|
|
|
148
167
|
if (x.type === 'sqli')
|
|
149
168
|
return `${sev}SQLi (${x.technique || '?'}) · param ${x.param || '?'} — ${x.evidence || ''}`;
|
|
150
169
|
if (x.type === 'subdomain')
|
|
151
|
-
return
|
|
170
|
+
return `${tt('subdomain', 'alt-alan')}: ${x.value}`;
|
|
152
171
|
if (x.type === 'host')
|
|
153
172
|
return `${x.status || ''} ${x.url || ''}${x.title ? ' · ' + x.title : ''}${x.server ? ' · ' + x.server : ''}`;
|
|
154
173
|
if (x.type === 'tech')
|
|
155
|
-
return
|
|
174
|
+
return `${tt('tech', 'teknoloji')}: ${x.value}`;
|
|
156
175
|
if (x.type === 'weak_headers')
|
|
157
|
-
return `${sev}eksik güvenlik
|
|
176
|
+
return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
|
|
158
177
|
if (x.type === 'cors')
|
|
159
|
-
return `${sev}CORS yanlış yapılandırma: ${x.url || ''} — ${x.evidence || ''}`;
|
|
178
|
+
return `${sev}${tt('CORS misconfiguration', 'CORS yanlış yapılandırma')}: ${x.url || ''} — ${x.evidence || ''}`;
|
|
160
179
|
if (x.type === 'exposure')
|
|
161
|
-
return `${sev}ifşa: ${x.url || ''} — ${x.evidence || ''}`;
|
|
180
|
+
return `${sev}${tt('exposure', 'ifşa')}: ${x.url || ''} — ${x.evidence || ''}`;
|
|
162
181
|
if (x.value)
|
|
163
182
|
return `${x.value}`;
|
|
164
183
|
return JSON.stringify(x);
|
|
@@ -203,19 +222,23 @@ async function pentestCmd(tool, arg, ctx) {
|
|
|
203
222
|
cleaned.push(parts[i]);
|
|
204
223
|
}
|
|
205
224
|
const target = cleaned.join(' ').trim();
|
|
206
|
-
const label =
|
|
225
|
+
const label = ptLabel(tool);
|
|
207
226
|
if (!target) {
|
|
208
|
-
ctx.note(`${label}\
|
|
227
|
+
ctx.note(`${label}\n${tt('Usage', 'Kullanım')}: /${tool} <${tt('target', 'hedef')}>\n${tt('Example', 'Örnek')}: /${tool} https://test.com/page?id=1`);
|
|
209
228
|
return;
|
|
210
229
|
}
|
|
211
230
|
if (!scopeAck) {
|
|
212
231
|
const reRun = PT_BUILTIN.has(tool) ? `/${tool} ${target} run` : `/skill ${tool} ${target} run`;
|
|
213
232
|
pendingPentest = reRun;
|
|
214
|
-
ctx.note(`⚠️
|
|
233
|
+
ctx.note(tt(`⚠️ AUTHORIZATION REQUIRED — ${label}\n` +
|
|
234
|
+
`Target: ${target}\n\n` +
|
|
235
|
+
`This scan sends REAL requests to the target and the traffic comes from YOUR IP. Run it only on systems\n` +
|
|
236
|
+
`you own or have written permission/engagement for. Unauthorized scanning is illegal and is logged.\n\n` +
|
|
237
|
+
`To confirm, just type "run" (Enter) · or the full command: ${reRun}`, `⚠️ YETKİ ONAYI GEREKLİ — ${label}\n` +
|
|
215
238
|
`Hedef: ${target}\n\n` +
|
|
216
239
|
`Bu tarama hedefe GERÇEK istekler gönderir ve trafik SENİN IP'nden çıkar. Yalnız sahibi olduğun ya da\n` +
|
|
217
240
|
`yazılı izin/angajman bulunan sistemlerde çalıştır. Yetkisiz tarama yasa dışıdır ve kayıt altına alınır.\n\n` +
|
|
218
|
-
`Onaylamak için sadece "run" yaz (Enter) · ya da tam komut: ${reRun}`);
|
|
241
|
+
`Onaylamak için sadece "run" yaz (Enter) · ya da tam komut: ${reRun}`));
|
|
219
242
|
return;
|
|
220
243
|
}
|
|
221
244
|
pendingPentest = null; // tarama başladı → bekleyen onayı temizle
|
|
@@ -223,10 +246,10 @@ async function pentestCmd(tool, arg, ctx) {
|
|
|
223
246
|
const out = await runPentest(ctx.config, tool, target, true, (s) => ctx.note(s));
|
|
224
247
|
if (!out.ok) {
|
|
225
248
|
const r = out.reason || out.plan?.reason || 'error';
|
|
226
|
-
let msg =
|
|
249
|
+
let msg = ptReason(r);
|
|
227
250
|
if (r === 'quota_exceeded' && out.plan)
|
|
228
251
|
msg += ` (${out.plan.used}/${out.plan.quota})`;
|
|
229
|
-
ctx.note(
|
|
252
|
+
ctx.note(`${tt('Scan failed', 'Tarama yapılamadı')}: ${msg}`);
|
|
230
253
|
return;
|
|
231
254
|
}
|
|
232
255
|
const rep = out.report || {};
|
package/dist/i18n.js
CHANGED
|
@@ -226,6 +226,22 @@ const CMD_DESC = {
|
|
|
226
226
|
'/multi-agent': 'parallel multi-agent coordination: /multi-agent <task>',
|
|
227
227
|
'/export': 'save the conversation to a file',
|
|
228
228
|
'/resume': 'load the most recently saved session',
|
|
229
|
+
'/cd': 'change/create the working folder: /cd <path>',
|
|
230
|
+
'/plan': 'plan mode — research & plan, writing disabled (/plan off to apply)',
|
|
231
|
+
'/checkpoints': 'list recent file checkpoints',
|
|
232
|
+
'/rewind': 'undo a file change / restore a checkpoint: /rewind [last|<id>|all]',
|
|
233
|
+
'/copy': 'copy the last answer to the clipboard',
|
|
234
|
+
'/kopyala': 'copy the last answer to the clipboard',
|
|
235
|
+
'/izinler': 'show / change command permissions',
|
|
236
|
+
'/dogrula': 'Verified Researcher Program — apply / show status',
|
|
237
|
+
'/program': 'Verified Researcher Program — show your trust level',
|
|
238
|
+
'/skill': 'security scan skills: /skill xss|sqli|recon <target> (level 3+)',
|
|
239
|
+
'/recon': '[level 3+] recon on an authorized target (subdomains/hosts/headers/exposure): /recon <domain>',
|
|
240
|
+
'/scan': '[level 3+] general scan on an authorized target (recon + headers): /scan <domain>',
|
|
241
|
+
'/xss': '[level 3+] XSS scan on an authorized target (our own engine): /xss <url>',
|
|
242
|
+
'/sqli': '[level 3+] SQLi scan on an authorized target (our own engine): /sqli <url>',
|
|
243
|
+
'/exploit': 'generate a verified PoC for authorized testing: /exploit <cve|description>',
|
|
244
|
+
'/harden': 'generate defenses (YARA/Sigma + patch advice): /harden <target|threat>',
|
|
229
245
|
'/quit': 'exit',
|
|
230
246
|
},
|
|
231
247
|
};
|
package/dist/theme.js
CHANGED