wormclaude 1.0.184 → 1.0.185
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/theme.js +1 -1
- package/dist/tools.js +3 -3
- package/package.json +1 -1
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -230,7 +230,7 @@ export const toolSchemas = [
|
|
|
230
230
|
parameters: {
|
|
231
231
|
type: 'object',
|
|
232
232
|
properties: {
|
|
233
|
-
tool: { type: 'string', enum: ['full', 'recon', 'scan', 'xss', 'sqli', 'dirscan'], description: 'full → tam kapsamlı (recon+xss+sqli tek seferde, kapsamlı
|
|
233
|
+
tool: { type: 'string', enum: ['full', 'recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor'], description: 'full → tam kapsamlı (recon+dirscan+xss+sqli+idor + tüm şablonlar tek seferde, kapsamlı için BUNU kullan); recon/scan/dirscan → domain; xss/sqli/idor → parameterized URL (idor = yetkisiz nesne erişimi, id-benzeri param gerekir)' },
|
|
234
234
|
target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
|
|
235
235
|
cookie: { type: 'string', description: 'Optional. Session cookie for AUTHENTICATED / behind-login scanning, e.g. "sessionid=abc123; csrftoken=xyz". The user copies it from their logged-in browser (DevTools → Application → Cookies, or the Cookie request header). Sent only to the target from the user IP — never stored on the server. Provide it whenever the user wants to scan pages behind a login.' },
|
|
236
236
|
auth_header: { type: 'string', description: 'Optional. Authorization header value for token-based authenticated scanning, e.g. "Bearer eyJhbGci..." or "Basic dXNlcjpwYXNz". Use instead of / together with cookie when the site authenticates via a token header.' },
|
|
@@ -737,7 +737,7 @@ async function execOne(call, hooks) {
|
|
|
737
737
|
if (call.name === 'SecurityScan') {
|
|
738
738
|
let tool = String(args?.tool || '').toLowerCase().trim();
|
|
739
739
|
const target = String(args?.target || '').trim();
|
|
740
|
-
if (!['recon', 'scan', 'xss', 'sqli', 'dirscan', 'full', 'fullscan'].includes(tool) || !target) {
|
|
740
|
+
if (!['recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'full', 'fullscan'].includes(tool) || !target) {
|
|
741
741
|
return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan|full) ve target gerekli.', args };
|
|
742
742
|
}
|
|
743
743
|
if (tool === 'scan')
|
|
@@ -780,7 +780,7 @@ async function execOne(call, hooks) {
|
|
|
780
780
|
const all = [];
|
|
781
781
|
// PROFESYONEL KAPSAM: çekirdek (recon+dirscan+xss+sqli) + sunucudaki TÜM şablon tarayıcıları
|
|
782
782
|
// (SSRF/XXE/SSTI/LFI/LDAP/open-redirect/CRLF/graphql/exposed-files/waf-detect …). /fullscan ile aynı.
|
|
783
|
-
const _steps = ['recon', 'dirscan', 'xss', 'sqli'];
|
|
783
|
+
const _steps = ['recon', 'dirscan', 'xss', 'sqli', 'idor'];
|
|
784
784
|
try {
|
|
785
785
|
const _pt = await fetchPtTools(cfg());
|
|
786
786
|
for (const tm of ((_pt && _pt.templates) || [])) {
|