wormclaude 1.0.90 → 1.0.91
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +21 -9
- package/dist/pentest.js +15 -0
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -15,7 +15,7 @@ import { isLearnEnabled, setLearnEnabled, getLearnFile, getLearnCount } from './
|
|
|
15
15
|
import { saveMemoryFact, getMemoryPath, loadMemoryContext } from './memory.js';
|
|
16
16
|
import { fetchAccount, getVerifyStatus, submitVerification } from './api.js';
|
|
17
17
|
import { programText, tier } from './program.js';
|
|
18
|
-
import { runPentest } from './pentest.js';
|
|
18
|
+
import { runPentest, fetchPtTools } from './pentest.js';
|
|
19
19
|
export const COMMANDS = [
|
|
20
20
|
{ name: '/help', desc: 'komutları ve ipuçlarını göster' },
|
|
21
21
|
{ name: '/clear', desc: 'sohbeti ve geçmişi temizle' },
|
|
@@ -748,14 +748,26 @@ export async function runSlashCommand(input, ctx) {
|
|
|
748
748
|
await pentestCmd(sub, m.join(' '), ctx);
|
|
749
749
|
return true;
|
|
750
750
|
}
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
751
|
+
// Canlı liste: dahili komutlar + admin'in eklediği özel şablonlar
|
|
752
|
+
const t = await fetchPtTools(ctx.config);
|
|
753
|
+
const lines = ['🛡️ Güvenlik tarama skill\'leri (motor sunucuda gizli):'];
|
|
754
|
+
if (t && !t.eligible) {
|
|
755
|
+
lines.push(` ⚠ Seviyen ${t.trust} — gerekli: ${t.min_trust}+. Başvuru: /dogrula`);
|
|
756
|
+
}
|
|
757
|
+
else if (t) {
|
|
758
|
+
lines.push(` Aylık kota: ${t.used}/${t.quota}`);
|
|
759
|
+
}
|
|
760
|
+
lines.push(' Dahili:');
|
|
761
|
+
const builtins = (t && t.tools) || { xss: 'reflected XSS', sqli: 'SQL injection', recon: 'keşif + ifşa' };
|
|
762
|
+
for (const [id, name] of Object.entries(builtins))
|
|
763
|
+
lines.push(` /skill ${id} <hedef> run ${name}`);
|
|
764
|
+
if (t && (t.templates || []).length) {
|
|
765
|
+
lines.push(' Özel şablonlar (admin):');
|
|
766
|
+
for (const tm of t.templates)
|
|
767
|
+
lines.push(` /skill ${tm.id} <hedef> run ${tm.name || ''}${tm.severity ? ' [' + tm.severity + ']' : ''}`);
|
|
768
|
+
}
|
|
769
|
+
lines.push('Örnek: /skill xss https://site/p?id=1 run · kısa yol: /xss /sqli /recon');
|
|
770
|
+
ctx.note(lines.join('\n'));
|
|
759
771
|
return true;
|
|
760
772
|
}
|
|
761
773
|
case '/export': {
|
package/dist/pentest.js
CHANGED
|
@@ -1,4 +1,19 @@
|
|
|
1
1
|
const MAX_BODY = 262_144; // 256 KB cevap gövdesi üst sınırı
|
|
2
|
+
// Kullanılabilir tarama skill'leri + kota durumu (dahili + admin şablonları) — keşif için.
|
|
3
|
+
export async function fetchPtTools(config) {
|
|
4
|
+
try {
|
|
5
|
+
const r = await fetch(`${config.baseUrl}/pentest/tools`, {
|
|
6
|
+
headers: { ...(config.apiKey ? { Authorization: `Bearer ${config.apiKey}` } : {}) },
|
|
7
|
+
signal: AbortSignal.timeout(10000),
|
|
8
|
+
});
|
|
9
|
+
if (!r.ok)
|
|
10
|
+
return null;
|
|
11
|
+
return await r.json();
|
|
12
|
+
}
|
|
13
|
+
catch {
|
|
14
|
+
return null;
|
|
15
|
+
}
|
|
16
|
+
}
|
|
2
17
|
async function postJson(config, p, body, timeoutMs) {
|
|
3
18
|
try {
|
|
4
19
|
const r = await fetch(`${config.baseUrl}${p}`, {
|