wormclaude 1.0.163 → 1.0.165

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands.js CHANGED
@@ -57,6 +57,7 @@ export const COMMANDS = [
57
57
  { name: '/scan', desc: '[seviye 3+] yetkili hedefte genel tarama (keşif+başlıklar): /scan <alan>' },
58
58
  { name: '/xss', desc: '[seviye 3+] yetkili hedefte XSS taraması (kendi motorumuz): /xss <url>' },
59
59
  { name: '/sqli', desc: '[seviye 3+] yetkili hedefte SQLi taraması (kendi motorumuz): /sqli <url>' },
60
+ { name: '/dirscan', desc: '[seviye 3+] dizin/içerik keşfi (yönetim/api/yedek/sızıntı yolları): /dirscan <alan>' },
60
61
  { name: '/fullscan', desc: '[seviye 3+] tam kapsamlı DETERMİNİSTİK tarama: recon+XSS+SQLi tek komutta: /fullscan <hedef>' },
61
62
  { name: '/exploit', desc: 'yetkili testte doğrulanmış PoC üret: /exploit <cve|açıklama>' },
62
63
  { name: '/harden', desc: 'savunma çıktısı üret (YARA/Sigma + yama önerisi): /harden <hedef|tehdit>' },
@@ -121,11 +122,11 @@ function tsStamp() {
121
122
  const tt = (en, tr) => (getLang() === 'tr' ? tr : en);
122
123
  const PT_LABELS_EN = {
123
124
  recon: 'Recon (subdomains + headers + exposure)', scan: 'General scan (recon)',
124
- xss: 'XSS scan', sqli: 'SQL injection scan',
125
+ xss: 'XSS scan', sqli: 'SQL injection scan', dirscan: 'Directory/content discovery',
125
126
  };
126
127
  const PT_LABELS_TR = {
127
128
  recon: 'Keşif (alt-alan + başlık + ifşa)', scan: 'Genel tarama (keşif)',
128
- xss: 'XSS taraması', sqli: 'SQL injection taraması',
129
+ xss: 'XSS taraması', sqli: 'SQL injection taraması', dirscan: 'Dizin/içerik keşfi',
129
130
  };
130
131
  const ptLabel = (tool) => (getLang() === 'tr' ? PT_LABELS_TR : PT_LABELS_EN)[tool] || tool;
131
132
  const PT_REASON_EN = {
@@ -152,7 +153,7 @@ const PT_REASON_TR = {
152
153
  };
153
154
  const ptReason = (r) => (getLang() === 'tr' ? PT_REASON_TR : PT_REASON_EN)[r] || r;
154
155
  // Bekleyen tarama onayı — kullanıcı uyarıdan sonra sadece "run"/"onayla" yazınca çalıştırmak için.
155
- const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli']);
156
+ const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli', 'dirscan']);
156
157
  let pendingPentest = null;
157
158
  export function getPendingPentestCommand(input) {
158
159
  if (!pendingPentest)
@@ -188,7 +189,7 @@ function formatFinding(x) {
188
189
  // FALSE-POZİTİF guard: ilk kelime tam komut adı + argüman var + soru DEĞİL ("recon nedir?" tetiklemez).
189
190
  // Yalnız hedef-alan komutları; ve hedef URL/domain GİBİ görünmeli ("xss ile tara" → komut DEĞİL,
190
191
  // model SecurityScan ile halleder). "?'li URL kabul edilir (parametreli xss/sqli hedefi).
191
- const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'fullscan']);
192
+ const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'fullscan', 'dirscan']);
192
193
  const _TARGET_RE = /(^https?:\/\/)|(\.[a-z]{2,})|(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i;
193
194
  export function detectBareCommand(input) {
194
195
  const s = (input || '').trim();
@@ -304,8 +305,15 @@ async function fullScanCmd(arg, ctx) {
304
305
  return;
305
306
  }
306
307
  pendingPentest = null;
307
- ctx.note(tt(`Full scan starting — ${target} (reconXSSSQLi, deterministic, repeatable)`, `Tam tarama başlıyor ${target} (recon → XSS → SQLi, deterministik, tekrarlanabilir)`));
308
- const steps = [['recon', ptLabel('recon')], ['xss', ptLabel('xss')], ['sqli', ptLabel('sqli')]];
308
+ // Çekirdek (recon+XSS+SQLi, crawl'lı) + sunucudaki TÜM şablon tarayıcıları (SSRF/XXE/SSTI/LFI/…).
309
+ const steps = [['recon', ptLabel('recon')], ['dirscan', ptLabel('dirscan')],
310
+ ['xss', ptLabel('xss')], ['sqli', ptLabel('sqli')]];
311
+ const ptInfo = await fetchPtTools(ctx.config);
312
+ for (const tm of ((ptInfo && ptInfo.templates) || [])) {
313
+ if (tm && tm.id)
314
+ steps.push([String(tm.id), String(tm.name || tm.id)]);
315
+ }
316
+ ctx.note(tt(`Full scan starting — ${target} (${steps.length} scanners: recon + XSS + SQLi + templates, deterministic)`, `Tam tarama başlıyor — ${target} (${steps.length} tarayıcı: recon + XSS + SQLi + şablonlar, deterministik)`));
309
317
  const all = [];
310
318
  for (const [tool, label] of steps) {
311
319
  ctx.note(`▶ ${label} …`);
@@ -328,7 +336,7 @@ async function fullScanCmd(arg, ctx) {
328
336
  all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
329
337
  const lines = [`✓ ${tt('Full scan complete', 'Tam tarama tamamlandı')} — ${target}`];
330
338
  if (!all.length) {
331
- lines.push(tt('No findings on the tested surface (recon/XSS/SQLi). Target looks clean or was unreachable.', 'Test edilen yüzeyde bulgu yok (recon/XSS/SQLi). Hedef temiz görünüyor ya da erişilemedi.'));
339
+ lines.push(tt('No findings across all scanners. Target looks clean or was unreachable.', 'Tüm tarayıcılarda bulgu yok. Hedef temiz görünüyor ya da erişilemedi.'));
332
340
  }
333
341
  else {
334
342
  const sev = (s) => all.filter((x) => x.severity === s).length;
@@ -963,6 +971,7 @@ export async function runSlashCommand(input, ctx) {
963
971
  case '/scan':
964
972
  case '/xss':
965
973
  case '/sqli':
974
+ case '/dirscan':
966
975
  await pentestCmd(cmd.slice(1), arg, ctx);
967
976
  return true;
968
977
  case '/fullscan':
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.163';
19
+ export const VERSION = '1.0.165';
package/dist/tools.js CHANGED
@@ -226,8 +226,8 @@ export const toolSchemas = [
226
226
  parameters: {
227
227
  type: 'object',
228
228
  properties: {
229
- tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli'], description: 'recon/scan → domain; xss/sqli → parameterized URL' },
230
- target: { type: 'string', description: 'Domain for recon/scan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
229
+ tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli', 'dirscan'], description: 'recon/scan/dirscan → domain; xss/sqli → parameterized URL' },
230
+ target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
231
231
  },
232
232
  required: ['tool', 'target'],
233
233
  },
@@ -728,8 +728,8 @@ async function execOne(call, hooks) {
728
728
  if (call.name === 'SecurityScan') {
729
729
  let tool = String(args?.tool || '').toLowerCase().trim();
730
730
  const target = String(args?.target || '').trim();
731
- if (!['recon', 'scan', 'xss', 'sqli'].includes(tool) || !target) {
732
- return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli) ve target gerekli.', args };
731
+ if (!['recon', 'scan', 'xss', 'sqli', 'dirscan'].includes(tool) || !target) {
732
+ return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan) ve target gerekli.', args };
733
733
  }
734
734
  if (tool === 'scan')
735
735
  tool = 'recon'; // "scan" genel tarama → motorun bildiği "recon" (slash ile aynı)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.163",
3
+ "version": "1.0.165",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {