wormclaude 1.0.166 → 1.0.167
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +64 -9
- package/dist/theme.js +1 -1
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -263,19 +263,71 @@ function formatFinding(x) {
|
|
|
263
263
|
return `${sev}SQLi (${x.technique || '?'}) · param ${x.param || '?'} — ${x.evidence || ''}`;
|
|
264
264
|
if (x.type === 'subdomain')
|
|
265
265
|
return `${tt('subdomain', 'alt-alan')}: ${x.value}`;
|
|
266
|
+
if (x.type === 'subdomain_takeover')
|
|
267
|
+
return `${sev}${tt('subdomain takeover', 'subdomain takeover')}: ${x.url || ''}${x.service ? ' (' + x.service + ')' : ''}`;
|
|
266
268
|
if (x.type === 'host')
|
|
267
269
|
return `${x.status || ''} ${x.url || ''}${x.title ? ' · ' + x.title : ''}${x.server ? ' · ' + x.server : ''}`;
|
|
268
270
|
if (x.type === 'tech')
|
|
269
271
|
return `${tt('tech', 'teknoloji')}: ${x.value}`;
|
|
270
272
|
if (x.type === 'weak_headers')
|
|
271
273
|
return `${sev}${tt('missing security headers', 'eksik güvenlik başlıkları')}: ${(x.missing || []).join(', ')}`;
|
|
272
|
-
if (x.type === '
|
|
273
|
-
return `${sev}${tt('
|
|
274
|
-
if (x.type === 'exposure')
|
|
275
|
-
return `${sev}${tt('exposure', 'ifşa')}: ${x.url || ''} — ${x.evidence || ''}`;
|
|
274
|
+
if (x.type === 'path')
|
|
275
|
+
return `${sev}${tt('path', 'yol')} ${x.url || ''} → ${x.status || ''}`;
|
|
276
276
|
if (x.value)
|
|
277
277
|
return `${x.value}`;
|
|
278
|
-
|
|
278
|
+
// GENEL: şablon bulguları (ssrf/ssti/lfi/ldap/cmd-injection/nosql/open-redirect/crlf/graphql/cors/exposure…)
|
|
279
|
+
const r = _REMED[x.type];
|
|
280
|
+
const label = (r && r.t) || x.name || x.type;
|
|
281
|
+
let s = `${sev}${label}`;
|
|
282
|
+
if (x.param)
|
|
283
|
+
s += ` · param ${x.param}`;
|
|
284
|
+
if (x.url)
|
|
285
|
+
s += ` — ${x.url}`;
|
|
286
|
+
return s;
|
|
287
|
+
}
|
|
288
|
+
// Tarama sonrası YORUMLU özet — ne ciddi, ne minör, ne yapmalı (deterministik, _REMED'den; uydurma yok).
|
|
289
|
+
export function summarizeScan(target, findings) {
|
|
290
|
+
const L = getLang() === 'tr';
|
|
291
|
+
const bySev = (s) => findings.filter((f) => f.severity === s && f.type !== 'reflection');
|
|
292
|
+
const high = bySev('high'), med = bySev('medium'), low = bySev('low'), info = bySev('info');
|
|
293
|
+
// tip bazında grupla → "XSS ×4 (searchTerm) — <etki>"
|
|
294
|
+
const grp = (list, withImpact) => {
|
|
295
|
+
const byType = {};
|
|
296
|
+
for (const f of list)
|
|
297
|
+
(byType[f.type] = byType[f.type] || []).push(f);
|
|
298
|
+
return Object.entries(byType).map(([t, fs]) => {
|
|
299
|
+
const r = _REMED[t];
|
|
300
|
+
const label = (r && r.t) || (fs[0] && fs[0].name) || t;
|
|
301
|
+
const params = [...new Set(fs.map((f) => f.param).filter(Boolean))];
|
|
302
|
+
const where = params.length ? ` (${params.join(', ')})` : '';
|
|
303
|
+
const head = `${label}${fs.length > 1 ? ` ×${fs.length}` : ''}${where}`;
|
|
304
|
+
return withImpact && r ? ` • ${head} — ${r.impact}` : ` • ${head}`;
|
|
305
|
+
});
|
|
306
|
+
};
|
|
307
|
+
const out = [];
|
|
308
|
+
out.push(L ? `📋 ÖZET — ${target}` : `📋 SUMMARY — ${target}`);
|
|
309
|
+
if (high.length) {
|
|
310
|
+
out.push(L ? `🔴 ${high.length} YÜKSEK risk (acil, sömürülebilir):` : `🔴 ${high.length} HIGH (urgent, exploitable):`);
|
|
311
|
+
out.push(...grp(high, true));
|
|
312
|
+
}
|
|
313
|
+
if (med.length) {
|
|
314
|
+
out.push(L ? `🟠 ${med.length} ORTA:` : `🟠 ${med.length} MEDIUM:`);
|
|
315
|
+
out.push(...grp(med, true));
|
|
316
|
+
}
|
|
317
|
+
if (low.length)
|
|
318
|
+
out.push((L ? `🔵 ${low.length} düşük (minör): ` : `🔵 ${low.length} low (minor): `) + grp(low, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
|
|
319
|
+
if (info.length)
|
|
320
|
+
out.push((L ? `⚪ ${info.length} bilgi (korumalı/bilgilendirme): ` : `⚪ ${info.length} info: `) + grp(info, false).map((s) => s.replace(/^ {2}• /, '')).join('; '));
|
|
321
|
+
// verdict
|
|
322
|
+
if (high.length)
|
|
323
|
+
out.push(L ? `\n➤ Sonuç: ${high.length} GERÇEK yüksek-risk açık — acil düzeltilmeli. Detaylı rapor için: /report`
|
|
324
|
+
: `\n➤ Verdict: ${high.length} REAL high-risk issues — fix urgently. Full report: /report`);
|
|
325
|
+
else if (med.length)
|
|
326
|
+
out.push(L ? `\n➤ Sonuç: orta-risk bulgu(lar) var, gözden geçir. Rapor: /report` : `\n➤ Verdict: medium-risk findings, review. Report: /report`);
|
|
327
|
+
else
|
|
328
|
+
out.push(L ? `\n➤ Sonuç: yüksek/orta açık yok; test edilen yüzey büyük ölçüde temiz. (Stored/DOM/auth-arkası kapsam dışı — "temiz" ≠ "%100 güvenli")`
|
|
329
|
+
: `\n➤ Verdict: no high/medium issues; tested surface largely clean. (Stored/DOM/behind-auth out of scope)`);
|
|
330
|
+
return out;
|
|
279
331
|
}
|
|
280
332
|
// /recon /scan /xss /sqli — ince runner'ı sürer. Zorunlu yetki onayı + trust 3+ teaser.
|
|
281
333
|
// Slash'sız komut tespiti: kullanıcı "recon target.com" (slash'sız) yazınca "/recon target.com" öner.
|
|
@@ -429,13 +481,16 @@ async function fullScanCmd(arg, ctx) {
|
|
|
429
481
|
const order = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
|
|
430
482
|
all.sort((a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9));
|
|
431
483
|
setLastScan(target, all); // /report için sakla
|
|
432
|
-
const lines = [
|
|
484
|
+
const lines = [];
|
|
433
485
|
if (!all.length) {
|
|
434
|
-
lines.push(tt('
|
|
486
|
+
lines.push(`✓ ${tt('Full scan complete', 'Tam tarama tamamlandı')} — ${target}`);
|
|
487
|
+
lines.push(tt('No findings across all scanners. Target looks clean or was unreachable. ("clean" ≠ "100% secure")', 'Tüm tarayıcılarda bulgu yok. Hedef temiz görünüyor ya da erişilemedi. ("temiz" ≠ "%100 güvenli")'));
|
|
435
488
|
}
|
|
436
489
|
else {
|
|
437
|
-
|
|
438
|
-
lines.push(
|
|
490
|
+
// ÖNCE yorumlu özet (ne ciddi/ne minör/ne yapmalı), SONRA detay liste.
|
|
491
|
+
lines.push(...summarizeScan(target, all));
|
|
492
|
+
lines.push('');
|
|
493
|
+
lines.push(`— ${tt('details', 'detay')} (${all.length} ${tt('finding(s)', 'bulgu')}) —`);
|
|
439
494
|
for (const x of all.slice(0, 60))
|
|
440
495
|
lines.push(' ' + formatFinding(x));
|
|
441
496
|
if (all.length > 60)
|
package/dist/theme.js
CHANGED