wormclaude 1.0.164 → 1.0.165

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands.js CHANGED
@@ -57,6 +57,7 @@ export const COMMANDS = [
57
57
  { name: '/scan', desc: '[seviye 3+] yetkili hedefte genel tarama (keşif+başlıklar): /scan <alan>' },
58
58
  { name: '/xss', desc: '[seviye 3+] yetkili hedefte XSS taraması (kendi motorumuz): /xss <url>' },
59
59
  { name: '/sqli', desc: '[seviye 3+] yetkili hedefte SQLi taraması (kendi motorumuz): /sqli <url>' },
60
+ { name: '/dirscan', desc: '[seviye 3+] dizin/içerik keşfi (yönetim/api/yedek/sızıntı yolları): /dirscan <alan>' },
60
61
  { name: '/fullscan', desc: '[seviye 3+] tam kapsamlı DETERMİNİSTİK tarama: recon+XSS+SQLi tek komutta: /fullscan <hedef>' },
61
62
  { name: '/exploit', desc: 'yetkili testte doğrulanmış PoC üret: /exploit <cve|açıklama>' },
62
63
  { name: '/harden', desc: 'savunma çıktısı üret (YARA/Sigma + yama önerisi): /harden <hedef|tehdit>' },
@@ -121,11 +122,11 @@ function tsStamp() {
121
122
  const tt = (en, tr) => (getLang() === 'tr' ? tr : en);
122
123
  const PT_LABELS_EN = {
123
124
  recon: 'Recon (subdomains + headers + exposure)', scan: 'General scan (recon)',
124
- xss: 'XSS scan', sqli: 'SQL injection scan',
125
+ xss: 'XSS scan', sqli: 'SQL injection scan', dirscan: 'Directory/content discovery',
125
126
  };
126
127
  const PT_LABELS_TR = {
127
128
  recon: 'Keşif (alt-alan + başlık + ifşa)', scan: 'Genel tarama (keşif)',
128
- xss: 'XSS taraması', sqli: 'SQL injection taraması',
129
+ xss: 'XSS taraması', sqli: 'SQL injection taraması', dirscan: 'Dizin/içerik keşfi',
129
130
  };
130
131
  const ptLabel = (tool) => (getLang() === 'tr' ? PT_LABELS_TR : PT_LABELS_EN)[tool] || tool;
131
132
  const PT_REASON_EN = {
@@ -152,7 +153,7 @@ const PT_REASON_TR = {
152
153
  };
153
154
  const ptReason = (r) => (getLang() === 'tr' ? PT_REASON_TR : PT_REASON_EN)[r] || r;
154
155
  // Bekleyen tarama onayı — kullanıcı uyarıdan sonra sadece "run"/"onayla" yazınca çalıştırmak için.
155
- const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli']);
156
+ const PT_BUILTIN = new Set(['recon', 'scan', 'xss', 'sqli', 'dirscan']);
156
157
  let pendingPentest = null;
157
158
  export function getPendingPentestCommand(input) {
158
159
  if (!pendingPentest)
@@ -188,7 +189,7 @@ function formatFinding(x) {
188
189
  // FALSE-POZİTİF guard: ilk kelime tam komut adı + argüman var + soru DEĞİL ("recon nedir?" tetiklemez).
189
190
  // Yalnız hedef-alan komutları; ve hedef URL/domain GİBİ görünmeli ("xss ile tara" → komut DEĞİL,
190
191
  // model SecurityScan ile halleder). "?'li URL kabul edilir (parametreli xss/sqli hedefi).
191
- const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'fullscan']);
192
+ const _BARE_CMDS = new Set(['recon', 'scan', 'xss', 'sqli', 'fullscan', 'dirscan']);
192
193
  const _TARGET_RE = /(^https?:\/\/)|(\.[a-z]{2,})|(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/i;
193
194
  export function detectBareCommand(input) {
194
195
  const s = (input || '').trim();
@@ -305,7 +306,8 @@ async function fullScanCmd(arg, ctx) {
305
306
  }
306
307
  pendingPentest = null;
307
308
  // Çekirdek (recon+XSS+SQLi, crawl'lı) + sunucudaki TÜM şablon tarayıcıları (SSRF/XXE/SSTI/LFI/…).
308
- const steps = [['recon', ptLabel('recon')], ['xss', ptLabel('xss')], ['sqli', ptLabel('sqli')]];
309
+ const steps = [['recon', ptLabel('recon')], ['dirscan', ptLabel('dirscan')],
310
+ ['xss', ptLabel('xss')], ['sqli', ptLabel('sqli')]];
309
311
  const ptInfo = await fetchPtTools(ctx.config);
310
312
  for (const tm of ((ptInfo && ptInfo.templates) || [])) {
311
313
  if (tm && tm.id)
@@ -969,6 +971,7 @@ export async function runSlashCommand(input, ctx) {
969
971
  case '/scan':
970
972
  case '/xss':
971
973
  case '/sqli':
974
+ case '/dirscan':
972
975
  await pentestCmd(cmd.slice(1), arg, ctx);
973
976
  return true;
974
977
  case '/fullscan':
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.164';
19
+ export const VERSION = '1.0.165';
package/dist/tools.js CHANGED
@@ -226,8 +226,8 @@ export const toolSchemas = [
226
226
  parameters: {
227
227
  type: 'object',
228
228
  properties: {
229
- tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli'], description: 'recon/scan → domain; xss/sqli → parameterized URL' },
230
- target: { type: 'string', description: 'Domain for recon/scan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
229
+ tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli', 'dirscan'], description: 'recon/scan/dirscan → domain; xss/sqli → parameterized URL' },
230
+ target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
231
231
  },
232
232
  required: ['tool', 'target'],
233
233
  },
@@ -728,8 +728,8 @@ async function execOne(call, hooks) {
728
728
  if (call.name === 'SecurityScan') {
729
729
  let tool = String(args?.tool || '').toLowerCase().trim();
730
730
  const target = String(args?.target || '').trim();
731
- if (!['recon', 'scan', 'xss', 'sqli'].includes(tool) || !target) {
732
- return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli) ve target gerekli.', args };
731
+ if (!['recon', 'scan', 'xss', 'sqli', 'dirscan'].includes(tool) || !target) {
732
+ return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan) ve target gerekli.', args };
733
733
  }
734
734
  if (tool === 'scan')
735
735
  tool = 'recon'; // "scan" genel tarama → motorun bildiği "recon" (slash ile aynı)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.164",
3
+ "version": "1.0.165",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {