wormclaude 1.0.153 → 1.0.154

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands.js CHANGED
@@ -116,11 +116,29 @@ function tsStamp() {
116
116
  return `${d.getFullYear()}${p(d.getMonth() + 1)}${p(d.getDate())}-${p(d.getHours())}${p(d.getMinutes())}${p(d.getSeconds())}`;
117
117
  }
118
118
  // Komut yürütücü. true → komut işlendi, false → komut değil (normal mesaj).
119
- const PT_LABELS = {
119
+ // Kullanıcı metni: VARSAYILAN İngilizce; yalnız dil 'tr' ise Türkçe. [[language-consistency]]
120
+ const tt = (en, tr) => (getLang() === 'tr' ? tr : en);
121
+ const PT_LABELS_EN = {
122
+ recon: 'Recon (subdomains + headers + exposure)', scan: 'General scan (recon)',
123
+ xss: 'XSS scan', sqli: 'SQL injection scan',
124
+ };
125
+ const PT_LABELS_TR = {
120
126
  recon: 'Keşif (alt-alan + başlık + ifşa)', scan: 'Genel tarama (keşif)',
121
127
  xss: 'XSS taraması', sqli: 'SQL injection taraması',
122
128
  };
123
- const PT_REASON = {
129
+ const ptLabel = (tool) => (getLang() === 'tr' ? PT_LABELS_TR : PT_LABELS_EN)[tool] || tool;
130
+ const PT_REASON_EN = {
131
+ trust_required: 'This command requires a Verified Researcher (level 3+). Apply: /dogrula',
132
+ scope_required: 'Authorization confirmation required.',
133
+ no_quota: 'No scan quota this month (upgrade your plan).',
134
+ quota_exceeded: 'Monthly scan quota exhausted.',
135
+ invalid_target: 'Invalid target. Give a URL/domain (e.g. https://test.com/p?id=1).',
136
+ unknown_tool: 'Unknown tool.',
137
+ auth: 'Login required. /config key <key>',
138
+ timeout: 'Server timeout.',
139
+ upstream_error: 'Could not reach the server.',
140
+ };
141
+ const PT_REASON_TR = {
124
142
  trust_required: 'Bu komut Doğrulanmış Araştırmacı (seviye 3+) gerektirir. Başvuru: /dogrula',
125
143
  scope_required: 'Yetki onayı gerekli.',
126
144
  no_quota: 'Bu ay tarama kotan yok (planını yükselt).',
@@ -131,6 +149,7 @@ const PT_REASON = {
131
149
  timeout: 'Sunucu zaman aşımı.',
132
150
  upstream_error: 'Sunucuya ulaşılamadı.',
133
151
  };
152
+ const ptReason = (r) => (getLang() === 'tr' ? PT_REASON_TR : PT_REASON_EN)[r] || r;
134
153
  // Bekleyen tarama onayı — kullanıcı uyarıdan sonra sadece "run"/"onayla" yazınca çalıştırmak için.
135
154
  const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli']);
136
155
  let pendingPentest = null;
@@ -148,17 +167,17 @@ function formatFinding(x) {
148
167
  if (x.type === 'sqli')
149
168
  return `${sev}SQLi (${x.technique || '?'}) · param ${x.param || '?'} — ${x.evidence || ''}`;
150
169
  if (x.type === 'subdomain')
151
- return `alt-alan: ${x.value}`;
170
+ return `${tt('subdomain', 'alt-alan')}: ${x.value}`;
152
171
  if (x.type === 'host')
153
172
  return `${x.status || ''} ${x.url || ''}${x.title ? ' · ' + x.title : ''}${x.server ? ' · ' + x.server : ''}`;
154
173
  if (x.type === 'tech')
155
- return `teknoloji: ${x.value}`;
174
+ return `${tt('tech', 'teknoloji')}: ${x.value}`;
156
175
  if (x.type === 'weak_headers')
157
- return `${sev}eksik güvenlik başlıkları: ${(x.missing || []).join(', ')}`;
176
+ return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
158
177
  if (x.type === 'cors')
159
- return `${sev}CORS yanlış yapılandırma: ${x.url || ''} — ${x.evidence || ''}`;
178
+ return `${sev}${tt('CORS misconfiguration', 'CORS yanlış yapılandırma')}: ${x.url || ''} — ${x.evidence || ''}`;
160
179
  if (x.type === 'exposure')
161
- return `${sev}ifşa: ${x.url || ''} — ${x.evidence || ''}`;
180
+ return `${sev}${tt('exposure', 'ifşa')}: ${x.url || ''} — ${x.evidence || ''}`;
162
181
  if (x.value)
163
182
  return `${x.value}`;
164
183
  return JSON.stringify(x);
@@ -203,19 +222,23 @@ async function pentestCmd(tool, arg, ctx) {
203
222
  cleaned.push(parts[i]);
204
223
  }
205
224
  const target = cleaned.join(' ').trim();
206
- const label = PT_LABELS[tool] || tool;
225
+ const label = ptLabel(tool);
207
226
  if (!target) {
208
- ctx.note(`${label}\nKullanım: /${tool} <hedef>\nÖrnek: /${tool} https://test.com/sayfa?id=1`);
227
+ ctx.note(`${label}\n${tt('Usage', 'Kullanım')}: /${tool} <${tt('target', 'hedef')}>\n${tt('Example', 'Örnek')}: /${tool} https://test.com/page?id=1`);
209
228
  return;
210
229
  }
211
230
  if (!scopeAck) {
212
231
  const reRun = PT_BUILTIN.has(tool) ? `/${tool} ${target} run` : `/skill ${tool} ${target} run`;
213
232
  pendingPentest = reRun;
214
- ctx.note(`⚠️ YETKİ ONAYI GEREKLİ — ${label}\n` +
233
+ ctx.note(tt(`⚠️ AUTHORIZATION REQUIRED — ${label}\n` +
234
+ `Target: ${target}\n\n` +
235
+ `This scan sends REAL requests to the target and the traffic comes from YOUR IP. Run it only on systems\n` +
236
+ `you own or have written permission/engagement for. Unauthorized scanning is illegal and is logged.\n\n` +
237
+ `To confirm, just type "run" (Enter) · or the full command: ${reRun}`, `⚠️ YETKİ ONAYI GEREKLİ — ${label}\n` +
215
238
  `Hedef: ${target}\n\n` +
216
239
  `Bu tarama hedefe GERÇEK istekler gönderir ve trafik SENİN IP'nden çıkar. Yalnız sahibi olduğun ya da\n` +
217
240
  `yazılı izin/angajman bulunan sistemlerde çalıştır. Yetkisiz tarama yasa dışıdır ve kayıt altına alınır.\n\n` +
218
- `Onaylamak için sadece "run" yaz (Enter) · ya da tam komut: ${reRun}`);
241
+ `Onaylamak için sadece "run" yaz (Enter) · ya da tam komut: ${reRun}`));
219
242
  return;
220
243
  }
221
244
  pendingPentest = null; // tarama başladı → bekleyen onayı temizle
@@ -223,10 +246,10 @@ async function pentestCmd(tool, arg, ctx) {
223
246
  const out = await runPentest(ctx.config, tool, target, true, (s) => ctx.note(s));
224
247
  if (!out.ok) {
225
248
  const r = out.reason || out.plan?.reason || 'error';
226
- let msg = PT_REASON[r] || r;
249
+ let msg = ptReason(r);
227
250
  if (r === 'quota_exceeded' && out.plan)
228
251
  msg += ` (${out.plan.used}/${out.plan.quota})`;
229
- ctx.note(`Tarama yapılamadı: ${msg}`);
252
+ ctx.note(`${tt('Scan failed', 'Tarama yapılamadı')}: ${msg}`);
230
253
  return;
231
254
  }
232
255
  const rep = out.report || {};
package/dist/i18n.js CHANGED
@@ -226,6 +226,22 @@ const CMD_DESC = {
226
226
  '/multi-agent': 'parallel multi-agent coordination: /multi-agent <task>',
227
227
  '/export': 'save the conversation to a file',
228
228
  '/resume': 'load the most recently saved session',
229
+ '/cd': 'change/create the working folder: /cd <path>',
230
+ '/plan': 'plan mode — research & plan, writing disabled (/plan off to apply)',
231
+ '/checkpoints': 'list recent file checkpoints',
232
+ '/rewind': 'undo a file change / restore a checkpoint: /rewind [last|<id>|all]',
233
+ '/copy': 'copy the last answer to the clipboard',
234
+ '/kopyala': 'copy the last answer to the clipboard',
235
+ '/izinler': 'show / change command permissions',
236
+ '/dogrula': 'Verified Researcher Program — apply / show status',
237
+ '/program': 'Verified Researcher Program — show your trust level',
238
+ '/skill': 'security scan skills: /skill xss|sqli|recon <target> (level 3+)',
239
+ '/recon': '[level 3+] recon on an authorized target (subdomains/hosts/headers/exposure): /recon <domain>',
240
+ '/scan': '[level 3+] general scan on an authorized target (recon + headers): /scan <domain>',
241
+ '/xss': '[level 3+] XSS scan on an authorized target (our own engine): /xss <url>',
242
+ '/sqli': '[level 3+] SQLi scan on an authorized target (our own engine): /sqli <url>',
243
+ '/exploit': 'generate a verified PoC for authorized testing: /exploit <cve|description>',
244
+ '/harden': 'generate defenses (YARA/Sigma + patch advice): /harden <target|threat>',
229
245
  '/quit': 'exit',
230
246
  },
231
247
  };
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.153';
19
+ export const VERSION = '1.0.154';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.153",
3
+ "version": "1.0.154",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {