wormclaude 1.0.163 → 1.0.165
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +16 -7
- package/dist/theme.js +1 -1
- package/dist/tools.js +4 -4
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -57,6 +57,7 @@ export const COMMANDS = [
|
|
|
57
57
|
{ name: '/scan', desc: '[seviye 3+] yetkili hedefte genel tarama (keşif+başlıklar): /scan <alan>' },
|
|
58
58
|
{ name: '/xss', desc: '[seviye 3+] yetkili hedefte XSS taraması (kendi motorumuz): /xss <url>' },
|
|
59
59
|
{ name: '/sqli', desc: '[seviye 3+] yetkili hedefte SQLi taraması (kendi motorumuz): /sqli <url>' },
|
|
60
|
+
{ name: '/dirscan', desc: '[seviye 3+] dizin/içerik keşfi (yönetim/api/yedek/sızıntı yolları): /dirscan <alan>' },
|
|
60
61
|
{ name: '/fullscan', desc: '[seviye 3+] tam kapsamlı DETERMİNİSTİK tarama: recon+XSS+SQLi tek komutta: /fullscan <hedef>' },
|
|
61
62
|
{ name: '/exploit', desc: 'yetkili testte doğrulanmış PoC üret: /exploit <cve|açıklama>' },
|
|
62
63
|
{ name: '/harden', desc: 'savunma çıktısı üret (YARA/Sigma + yama önerisi): /harden <hedef|tehdit>' },
|
|
@@ -121,11 +122,11 @@ function tsStamp() {
|
|
|
121
122
|
const tt = (en, tr) => (getLang() === 'tr' ? tr : en);
|
|
122
123
|
const PT_LABELS_EN = {
|
|
123
124
|
recon: 'Recon (subdomains + headers + exposure)', scan: 'General scan (recon)',
|
|
124
|
-
xss: 'XSS scan', sqli: 'SQL injection scan',
|
|
125
|
+
xss: 'XSS scan', sqli: 'SQL injection scan', dirscan: 'Directory/content discovery',
|
|
125
126
|
};
|
|
126
127
|
const PT_LABELS_TR = {
|
|
127
128
|
recon: 'Keşif (alt-alan + başlık + ifşa)', scan: 'Genel tarama (keşif)',
|
|
128
|
-
xss: 'XSS taraması', sqli: 'SQL injection taraması',
|
|
129
|
+
xss: 'XSS taraması', sqli: 'SQL injection taraması', dirscan: 'Dizin/içerik keşfi',
|
|
129
130
|
};
|
|
130
131
|
const ptLabel = (tool) => (getLang() === 'tr' ? PT_LABELS_TR : PT_LABELS_EN)[tool] || tool;
|
|
131
132
|
const PT_REASON_EN = {
|
|
@@ -152,7 +153,7 @@ const PT_REASON_TR = {
|
|
|
152
153
|
};
|
|
153
154
|
const ptReason = (r) => (getLang() === 'tr' ? PT_REASON_TR : PT_REASON_EN)[r] || r;
|
|
154
155
|
// Bekleyen tarama onayı — kullanıcı uyarıdan sonra sadece "run"/"onayla" yazınca çalıştırmak için.
|
|
155
|
-
const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli']);
|
|
156
|
+
const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli', 'dirscan']);
|
|
156
157
|
let pendingPentest = null;
|
|
157
158
|
export function getPendingPentestCommand(input) {
|
|
158
159
|
if (!pendingPentest)
|
|
@@ -188,7 +189,7 @@ function formatFinding(x) {
|
|
|
188
189
|
// FALSE-POZİTİF guard: ilk kelime tam komut adı + argüman var + soru DEĞİL ("recon nedir?" tetiklemez).
|
|
189
190
|
// Yalnız hedef-alan komutları; ve hedef URL/domain GİBİ görünmeli ("xss ile tara" → komut DEĞİL,
|
|
190
191
|
// model SecurityScan ile halleder). "?'li URL kabul edilir (parametreli xss/sqli hedefi).
|
|
191
|
-
const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'fullscan']);
|
|
192
|
+
const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'fullscan', 'dirscan']);
|
|
192
193
|
const _TARGET_RE = /(^https?:\/\/)|(\.[a-z]{2,})|(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i;
|
|
193
194
|
export function detectBareCommand(input) {
|
|
194
195
|
const s = (input || '').trim();
|
|
@@ -304,8 +305,15 @@ async function fullScanCmd(arg, ctx) {
|
|
|
304
305
|
return;
|
|
305
306
|
}
|
|
306
307
|
pendingPentest = null;
|
|
307
|
-
|
|
308
|
-
const steps = [['recon', ptLabel('recon')], ['
|
|
308
|
+
// Çekirdek (recon+XSS+SQLi, crawl'lı) + sunucudaki TÜM şablon tarayıcıları (SSRF/XXE/SSTI/LFI/…).
|
|
309
|
+
const steps = [['recon', ptLabel('recon')], ['dirscan', ptLabel('dirscan')],
|
|
310
|
+
['xss', ptLabel('xss')], ['sqli', ptLabel('sqli')]];
|
|
311
|
+
const ptInfo = await fetchPtTools(ctx.config);
|
|
312
|
+
for (const tm of ((ptInfo && ptInfo.templates) || [])) {
|
|
313
|
+
if (tm && tm.id)
|
|
314
|
+
steps.push([String(tm.id), String(tm.name || tm.id)]);
|
|
315
|
+
}
|
|
316
|
+
ctx.note(tt(`Full scan starting — ${target} (${steps.length} scanners: recon + XSS + SQLi + templates, deterministic)`, `Tam tarama başlıyor — ${target} (${steps.length} tarayıcı: recon + XSS + SQLi + şablonlar, deterministik)`));
|
|
309
317
|
const all = [];
|
|
310
318
|
for (const [tool, label] of steps) {
|
|
311
319
|
ctx.note(`▶ ${label} …`);
|
|
@@ -328,7 +336,7 @@ async function fullScanCmd(arg, ctx) {
|
|
|
328
336
|
all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
|
|
329
337
|
const lines = [`✓ ${tt('Full scan complete', 'Tam tarama tamamlandı')} — ${target}`];
|
|
330
338
|
if (!all.length) {
|
|
331
|
-
lines.push(tt('No findings
|
|
339
|
+
lines.push(tt('No findings across all scanners. Target looks clean or was unreachable.', 'Tüm tarayıcılarda bulgu yok. Hedef temiz görünüyor ya da erişilemedi.'));
|
|
332
340
|
}
|
|
333
341
|
else {
|
|
334
342
|
const sev = (s) => all.filter((x) => x.severity === s).length;
|
|
@@ -963,6 +971,7 @@ export async function runSlashCommand(input, ctx) {
|
|
|
963
971
|
case '/scan':
|
|
964
972
|
case '/xss':
|
|
965
973
|
case '/sqli':
|
|
974
|
+
case '/dirscan':
|
|
966
975
|
await pentestCmd(cmd.slice(1), arg, ctx);
|
|
967
976
|
return true;
|
|
968
977
|
case '/fullscan':
|
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -226,8 +226,8 @@ export const toolSchemas = [
|
|
|
226
226
|
parameters: {
|
|
227
227
|
type: 'object',
|
|
228
228
|
properties: {
|
|
229
|
-
tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli'], description: 'recon/scan → domain; xss/sqli → parameterized URL' },
|
|
230
|
-
target: { type: 'string', description: 'Domain for recon/scan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
|
|
229
|
+
tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli', 'dirscan'], description: 'recon/scan/dirscan → domain; xss/sqli → parameterized URL' },
|
|
230
|
+
target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
|
|
231
231
|
},
|
|
232
232
|
required: ['tool', 'target'],
|
|
233
233
|
},
|
|
@@ -728,8 +728,8 @@ async function execOne(call, hooks) {
|
|
|
728
728
|
if (call.name === 'SecurityScan') {
|
|
729
729
|
let tool = String(args?.tool || '').toLowerCase().trim();
|
|
730
730
|
const target = String(args?.target || '').trim();
|
|
731
|
-
if (!['recon', 'scan', 'xss', 'sqli'].includes(tool) || !target) {
|
|
732
|
-
return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli) ve target gerekli.', args };
|
|
731
|
+
if (!['recon', 'scan', 'xss', 'sqli', 'dirscan'].includes(tool) || !target) {
|
|
732
|
+
return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan) ve target gerekli.', args };
|
|
733
733
|
}
|
|
734
734
|
if (tool === 'scan')
|
|
735
735
|
tool = 'recon'; // "scan" genel tarama → motorun bildiği "recon" (slash ile aynı)
|