wormclaude 1.0.166 → 1.0.167

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/commands.js CHANGED
@@ -263,19 +263,71 @@ function formatFinding(x) {
263
263
  return `${sev}SQLi (${x.technique || '?'}) · param ${x.param || '?'} — ${x.evidence || ''}`;
264
264
  if (x.type === 'subdomain')
265
265
  return `${tt('subdomain', 'alt-alan')}: ${x.value}`;
266
+ if (x.type === 'subdomain_takeover')
267
+ return `${sev}${tt('subdomain takeover', 'subdomain takeover')}: ${x.url || ''}${x.service ? ' (' + x.service + ')' : ''}`;
266
268
  if (x.type === 'host')
267
269
  return `${x.status || ''} ${x.url || ''}${x.title ? ' · ' + x.title : ''}${x.server ? ' · ' + x.server : ''}`;
268
270
  if (x.type === 'tech')
269
271
  return `${tt('tech', 'teknoloji')}: ${x.value}`;
270
272
  if (x.type === 'weak_headers')
271
273
  return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
272
- if (x.type === 'cors')
273
- return `${sev}${tt('CORS misconfiguration', 'CORS yanlış yapılandırma')}: ${x.url || ''} ${x.evidence || ''}`;
274
- if (x.type === 'exposure')
275
- return `${sev}${tt('exposure', 'ifşa')}: ${x.url || ''} — ${x.evidence || ''}`;
274
+ if (x.type === 'path')
275
+ return `${sev}${tt('path', 'yol')} ${x.url || ''} ${x.status || ''}`;
276
276
  if (x.value)
277
277
  return `${x.value}`;
278
- return JSON.stringify(x);
278
+ // GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
279
+ const r = _REMED[x.type];
280
+ const label = (r && r.t) || x.name || x.type;
281
+ let s = `${sev}${label}`;
282
+ if (x.param)
283
+ s += ` · param ${x.param}`;
284
+ if (x.url)
285
+ s += ` — ${x.url}`;
286
+ return s;
287
+ }
288
+ // Tarama sonrası YORUMLU özet — ne ciddi, ne minör, ne yapmalı (deterministik, _REMED'den; uydurma yok).
289
+ export function summarizeScan(target, findings) {
290
+ const L = getLang() === 'tr';
291
+ const bySev = (s) => findings.filter((f) => f.severity === s && f.type !== 'reflection');
292
+ const high = bySev('high'), med = bySev('medium'), low = bySev('low'), info = bySev('info');
293
+ // tip bazında grupla → "XSS ×4 (searchTerm) — <etki>"
294
+ const grp = (list, withImpact) => {
295
+ const byType = {};
296
+ for (const f of list)
297
+ (byType[f.type] = byType[f.type] || []).push(f);
298
+ return Object.entries(byType).map(([t, fs]) => {
299
+ const r = _REMED[t];
300
+ const label = (r && r.t) || (fs[0] && fs[0].name) || t;
301
+ const params = [...new Set(fs.map((f) => f.param).filter(Boolean))];
302
+ const where = params.length ? ` (${params.join(', ')})` : '';
303
+ const head = `${label}${fs.length > 1 ? ` ×${fs.length}` : ''}${where}`;
304
+ return withImpact && r ? ` • ${head} — ${r.impact}` : ` • ${head}`;
305
+ });
306
+ };
307
+ const out = [];
308
+ out.push(L ? `📋 ÖZET — ${target}` : `📋 SUMMARY — ${target}`);
309
+ if (high.length) {
310
+ out.push(L ? `🔴 ${high.length} YÜKSEK risk (acil, sömürülebilir):` : `🔴 ${high.length} HIGH (urgent, exploitable):`);
311
+ out.push(...grp(high, true));
312
+ }
313
+ if (med.length) {
314
+ out.push(L ? `🟠 ${med.length} ORTA:` : `🟠 ${med.length} MEDIUM:`);
315
+ out.push(...grp(med, true));
316
+ }
317
+ if (low.length)
318
+ out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
319
+ if (info.length)
320
+ out.push((L ? `⚪ ${info.length} bilgi (korumalı/bilgilendirme): ` : `⚪ ${info.length} info: `) + grp(info, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
321
+ // verdict
322
+ if (high.length)
323
+ out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
324
+ : `\n➤ Verdict: ${high.length} REAL high-risk issues — fix urgently. Full report: /report`);
325
+ else if (med.length)
326
+ out.push(L ? `\n➤ Sonuç: orta-risk bulgu(lar) var, gözden geçir. Rapor: /report` : `\n➤ Verdict: medium-risk findings, review. Report: /report`);
327
+ else
328
+ out.push(L ? `\n➤ Sonuç: yüksek/orta açık yok; test edilen yüzey büyük ölçüde temiz. (Stored/DOM/auth-arkası kapsam dışı — "temiz" ≠ "%100 güvenli")`
329
+ : `\n➤ Verdict: no high/medium issues; tested surface largely clean. (Stored/DOM/behind-auth out of scope)`);
330
+ return out;
279
331
  }
280
332
  // /recon /scan /xss /sqli — ince runner'ı sürer. Zorunlu yetki onayı + trust 3+ teaser.
281
333
  // Slash'sız komut tespiti: kullanıcı "recon target.com" (slash'sız) yazınca "/recon target.com" öner.
@@ -429,13 +481,16 @@ async function fullScanCmd(arg, ctx) {
429
481
  const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
430
482
  all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
431
483
  setLastScan(target, all); // /report için sakla
432
- const lines = [`✓ ${tt('Full scan complete', 'Tam tarama tamamlandı')} — ${target}`];
484
+ const lines = [];
433
485
  if (!all.length) {
434
- lines.push(tt('No findings across all scanners. Target looks clean or was unreachable.', 'Tüm tarayıcılarda bulgu yok. Hedef temiz görünüyor ya da erişilemedi.'));
486
+ lines.push(`✓ ${tt('Full scan complete', 'Tam tarama tamamlandı')} ${target}`);
487
+ lines.push(tt('No findings across all scanners. Target looks clean or was unreachable. ("clean" ≠ "100% secure")', 'Tüm tarayıcılarda bulgu yok. Hedef temiz görünüyor ya da erişilemedi. ("temiz" ≠ "%100 güvenli")'));
435
488
  }
436
489
  else {
437
- const sev = (s) => all.filter((x) => x.severity === s).length;
438
- lines.push(`${all.length} ${tt('finding(s)', 'bulgu')} — high:${sev('high')} medium:${sev('medium')} low:${sev('low')} info:${sev('info')}`);
490
+ // ÖNCE yorumlu özet (ne ciddi/ne minör/ne yapmalı), SONRA detay liste.
491
+ lines.push(...summarizeScan(target, all));
492
+ lines.push('');
493
+ lines.push(`— ${tt('details', 'detay')} (${all.length} ${tt('finding(s)', 'bulgu')}) —`);
439
494
  for (const x of all.slice(0, 60))
440
495
  lines.push(' ' + formatFinding(x));
441
496
  if (all.length > 60)
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.166';
19
+ export const VERSION = '1.0.167';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.166",
3
+ "version": "1.0.167",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {