wormclaude 1.0.187 → 1.0.188
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/theme.js +1 -1
- package/dist/tools.js +2 -2
- package/package.json +1 -1
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -230,7 +230,7 @@ export const toolSchemas = [
|
|
|
230
230
|
parameters: {
|
|
231
231
|
type: 'object',
|
|
232
232
|
properties: {
|
|
233
|
-
tool: { type: 'string', enum: ['full', 'recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'portscan'], description: 'full → tam kapsamlı web taraması (recon+dirscan+xss+sqli+idor + tüm şablonlar); recon/scan/dirscan/portscan → domain/host; xss/sqli/idor → parameterized URL. portscan = TCP port/servis
|
|
233
|
+
tool: { type: 'string', enum: ['full', 'recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'portscan', 'osint'], description: 'full → tam kapsamlı web taraması (recon+dirscan+xss+sqli+idor + tüm şablonlar); recon/scan/dirscan/portscan/osint → domain/host; xss/sqli/idor → parameterized URL. portscan = TCP port/servis taraması. osint = DNS istihbaratı + e-posta güvenliği (SPF/DMARC/DKIM, spoofing/phishing duruşu; "osint"/"dns kayıtları"/"spf dmarc"/"mail spoofing" denince, pasif)' },
|
|
234
234
|
target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
|
|
235
235
|
cookie: { type: 'string', description: 'Optional. Session cookie for AUTHENTICATED / behind-login scanning, e.g. "sessionid=abc123; csrftoken=xyz". The user copies it from their logged-in browser (DevTools → Application → Cookies, or the Cookie request header). Sent only to the target from the user IP — never stored on the server. Provide it whenever the user wants to scan pages behind a login.' },
|
|
236
236
|
auth_header: { type: 'string', description: 'Optional. Authorization header value for token-based authenticated scanning, e.g. "Bearer eyJhbGci..." or "Basic dXNlcjpwYXNz". Use instead of / together with cookie when the site authenticates via a token header.' },
|
|
@@ -737,7 +737,7 @@ async function execOne(call, hooks) {
|
|
|
737
737
|
if (call.name === 'SecurityScan') {
|
|
738
738
|
let tool = String(args?.tool || '').toLowerCase().trim();
|
|
739
739
|
const target = String(args?.target || '').trim();
|
|
740
|
-
if (!['recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'portscan', 'full', 'fullscan'].includes(tool) || !target) {
|
|
740
|
+
if (!['recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'portscan', 'osint', 'full', 'fullscan'].includes(tool) || !target) {
|
|
741
741
|
return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan|full) ve target gerekli.', args };
|
|
742
742
|
}
|
|
743
743
|
if (tool === 'scan')
|