eva-exploit 3.4__tar.gz → 3.4.2__tar.gz

{eva_exploit-3.4 → eva_exploit-3.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: eva-exploit
-Version: 3.4
+Version: 3.4.2
 Summary: Exploit Vector Agent
 Author: ARCANGEL0
 License: MIT

{eva_exploit-3.4 → eva_exploit-3.4.2}/config.py

@@ -10,7 +10,7 @@ from pathlib import Path
 
 # ================= CONFIG =================
 APP_NAME = "EVA"
-APP_VERSION = "3.4"
+APP_VERSION = "3.4.2"
 GITHUB_REPO = "arcangel0/EVA"
 PYPI_PACKAGE = "eva-exploit"
 API_ENDPOINT = "NOT_SET"

{eva_exploit-3.4 → eva_exploit-3.4.2}/eva.py

@@ -166,7 +166,7 @@ def cli():
     parser.add_argument("-v", "--version", action="store_true", help="Show EVA version")
     parser.add_argument("-d", "--delete", action="store_true", help="Delete stored sessions & files")
     parser.add_argument("-c", "--config", action="store_true", help="Open EVA config.py in your default editor")
-    parser.add_argument("--custom-api", action="store_true", help="Open custom API configuration wizard")
+    parser.add_argument("--custom-api", action="store_true", help="Open the active custom API handler file")
     parser.add_argument(
         "-s",
         "--search",

{eva_exploit-3.4 → eva_exploit-3.4.2}/eva_exploit.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: eva-exploit
-Version: 3.4
+Version: 3.4.2
 Summary: Exploit Vector Agent
 Author: ARCANGEL0
 License: MIT

{eva_exploit-3.4 → eva_exploit-3.4.2}/modules/llm.py

@@ -41,6 +41,7 @@ LAST_OUTPUT_CHUNK_SIZE = 2800
 OLLAMA_HTTP_CONNECT_TIMEOUT = 5
 OLLAMA_HTTP_READ_TIMEOUT = 240
 OLLAMA_RUN_TIMEOUT = 240
+OLLAMA_STREAM_POLL_DELAY = 0.01
 STREAM_HIDE_MARKERS = [
     "[:::] analysis_output:",
     "output valid json only",
@@ -68,6 +69,10 @@ REFUSAL_PATTERNS = [
     r"\bviolate\b.*\bguidelines\b",
 ]
 DEBUG_LOG_PATH = "/tmp/eva_query.log"
+DEFAULT_COMMAND_FALLBACK = (
+    "printf '[EVA_NOTICE] No model command inferred; collecting baseline evidence.\\n' "
+    "&& whoami && id && uname -a"
+)
 
 
 def _is_followup_analysis_request(user_msg):
@@ -97,6 +102,22 @@ def _build_no_output_analysis(last_output):
     )
 
 
+def _ensure_commands(commands, analysis="", last_output=""):
+    merged = _coerce_commands(commands)
+    if not merged:
+        merged = extract_commands_anywhere(str(analysis or ""))
+    if merged:
+        return _dedupe_keep_order(merged)[:3]
+
+    if "[EVA_NOTICE] Command produced no stdout/stderr" in str(last_output or ""):
+        return [
+            "printf '[EVA_NOTICE] Previous step had no visible output; collecting observable host evidence.\\n' "
+            "&& pwd && ls -la | head -n 40 && id"
+        ]
+
+    return [DEFAULT_COMMAND_FALLBACK]
+
+
 def _dedupe_keep_order(items):
     out = []
     seen = set()
@@ -324,6 +345,12 @@ def _clean_analysis_text(text):
         parts = re.split(marker, cleaned, maxsplit=1)
         cleaned = parts[0]
 
+    cleaned = re.sub(
+        r"(?im)^\s*(?:\[\s*sudo\s*\]\s*password\s+for\s+\S+\s*:|password\s+for\s+\S+\s*:|sudo:\s+a\s+password\s+is\s+required)\s*$",
+        "",
+        cleaned,
+    )
+    cleaned = re.sub(r"(?im)^\s*root@[\w.-]+:[^#\n]*#\s*$", "", cleaned)
     cleaned = re.sub(r"```(?:json)?\s*\{.*?\}\s*```", "", cleaned, flags=re.DOTALL | re.IGNORECASE)
     cleaned = re.sub(r"```(?:bash|sh|shell)?\s*.*?```", "", cleaned, flags=re.DOTALL | re.IGNORECASE)
     cleaned = re.sub(r"\n{3,}", "\n\n", cleaned)
@@ -431,38 +458,154 @@ def _stream_visible_fragment(text, pending, suppress_output):
 
 def _ollama_chat(messages, on_stream_start=None):
     def _ollama_run_stream_fallback(prompt):
+        proc = None
         try:
-            proc = subprocess.run(
+            proc = subprocess.Popen(
                 ["ollama", "run", OLLAMA_MODEL],
-                input=prompt,
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,
                 text=True,
-                capture_output=True,
-                timeout=OLLAMA_RUN_TIMEOUT,
+                bufsize=1,
             )
-            raw = proc.stdout or proc.stderr or ""
-            if raw and on_stream_start:
-                on_stream_start()
-            return raw, False
-        except subprocess.TimeoutExpired:
+            raw_parts = []
+            pending = ""
+            suppress_output = False
+            stream_started = False
+            style_open = False
+            printed = False
+            started_at = time.monotonic()
+
+            if proc.stdin:
+                proc.stdin.write(prompt)
+                if not prompt.endswith("\n"):
+                    proc.stdin.write("\n")
+                proc.stdin.close()
+
+            while True:
+                if time.monotonic() - started_at > OLLAMA_RUN_TIMEOUT:
+                    proc.kill()
+                    break
+                chunk = proc.stdout.read(1) if proc.stdout else ""
+                if chunk:
+                    raw_parts.append(chunk)
+                    if on_stream_start:
+                        visible, pending, suppress_output = _stream_visible_fragment(
+                            chunk,
+                            pending,
+                            suppress_output,
+                        )
+                        if visible:
+                            if not stream_started:
+                                on_stream_start()
+                                stream_started = True
+                            if not style_open:
+                                print(Style.BRIGHT + Fore.CYAN, end="", flush=True)
+                                style_open = True
+                            print(visible, end="", flush=True)
+                            printed = True
+                    continue
+                if proc.poll() is not None:
+                    break
+                time.sleep(OLLAMA_STREAM_POLL_DELAY)
+
+            if on_stream_start and pending and not suppress_output:
+                if not stream_started:
+                    on_stream_start()
+                    stream_started = True
+                if not style_open:
+                    print(Style.BRIGHT + Fore.CYAN, end="", flush=True)
+                    style_open = True
+                print(pending, end="", flush=True)
+                printed = True
+
+            if style_open:
+                print(Style.RESET_ALL, end="", flush=True)
+            if printed:
+                print()
+
+            return "".join(raw_parts), printed
+        except OSError:
             return "", False
         except KeyboardInterrupt:
+            try:
+                proc.kill()
+            except Exception:
+                pass
             raise
-    payload = {"model": OLLAMA_MODEL, "messages": messages, "stream": False}
+
+    payload = {"model": OLLAMA_MODEL, "messages": messages, "stream": True}
+    r = None
     try:
         r = requests.post(
             "http://127.0.0.1:11434/api/chat",
             json=payload,
             timeout=(OLLAMA_HTTP_CONNECT_TIMEOUT, OLLAMA_HTTP_READ_TIMEOUT),
+            stream=True,
         )
         r.raise_for_status()
-        data = r.json()
-        raw = data.get("message", {}).get("content", "") or data.get("response", "")
-        if raw and on_stream_start:
-            on_stream_start()
+
+        raw_parts = []
+        pending = ""
+        suppress_output = False
+        stream_started = False
+        style_open = False
+        printed = False
+
+        for line in r.iter_lines(decode_unicode=True):
+            if not line:
+                continue
+            try:
+                data = json.loads(line)
+            except json.JSONDecodeError:
+                continue
+
+            chunk = data.get("message", {}).get("content", "") or data.get("response", "")
+            if not chunk:
+                continue
+
+            raw_parts.append(chunk)
+            if on_stream_start:
+                visible, pending, suppress_output = _stream_visible_fragment(
+                    chunk,
+                    pending,
+                    suppress_output,
+                )
+                if visible:
+                    if not stream_started:
+                        on_stream_start()
+                        stream_started = True
+                    if not style_open:
+                        print(Style.BRIGHT + Fore.CYAN, end="", flush=True)
+                        style_open = True
+                    print(visible, end="", flush=True)
+                    printed = True
+
+        if on_stream_start and pending and not suppress_output:
+            if not stream_started:
+                on_stream_start()
+                stream_started = True
+            if not style_open:
+                print(Style.BRIGHT + Fore.CYAN, end="", flush=True)
+                style_open = True
+            print(pending, end="", flush=True)
+            printed = True
+
+        if style_open:
+            print(Style.RESET_ALL, end="", flush=True)
+        if printed:
+            print()
+
+        raw = "".join(raw_parts)
         if raw:
-            return raw, False
-    except (requests.RequestException, json.JSONDecodeError):
+            return raw, printed
+    except requests.RequestException:
         pass
+    finally:
+        try:
+            r.close()
+        except Exception:
+            pass
 
     prompt = messages[-1].get("content", "") if messages else ""
     return _ollama_run_stream_fallback(prompt)
@@ -560,8 +703,10 @@ def _query_g4f(history):
     return ""
 
 
-def _query_custom_api(history):
+def _query_custom_api(history, prompt_text=""):
     endpoint = str(getattr(config_module, "API_ENDPOINT", API_ENDPOINT) or "").strip()
+    if endpoint == "NOT_SET":
+        endpoint = ""
     handler_path = str(getattr(config_module, "CUSTOM_API_HANDLER", CUSTOM_API_HANDLER) or "").strip()
 
     if handler_path and handler_path != "NOT_SET":
@@ -576,12 +721,18 @@ def _query_custom_api(history):
                     query_fn = getattr(module, "query_custom_api", None)
                     if callable(query_fn):
                         try:
-                            result = query_fn(history=history, endpoint=endpoint)
+                            result = query_fn(history=history, endpoint=endpoint, prompt=prompt_text)
                         except TypeError:
                             try:
-                                result = query_fn(history, endpoint)
+                                result = query_fn(history=history, endpoint=endpoint)
                             except TypeError:
-                                result = query_fn(history)
+                                try:
+                                    result = query_fn(history, endpoint, prompt_text)
+                                except TypeError:
+                                    try:
+                                        result = query_fn(history, endpoint)
+                                    except TypeError:
+                                        result = query_fn(history)
                         if isinstance(result, (dict, list)):
                             return json.dumps(result)
                         if result is None:
@@ -594,7 +745,8 @@ def _query_custom_api(history):
         print(Fore.RED + "⚠️ Custom API endpoint is not configured.")
         return ""
 
-    r = requests.post(endpoint, json={"conversation": history}, timeout=None)
+    payload = {"conversation": history, "prompt": prompt_text}
+    r = requests.post(endpoint, json=payload, timeout=None)
     return r.text
 
 
@@ -714,9 +866,11 @@ class LLM:
             or "[EVA_NOTICE] Command produced no stdout/stderr" in str(last_output or "")
         ):
             analysis = _build_no_output_analysis(last_output)
+            commands = _ensure_commands([], analysis=analysis, last_output=last_output)
             self.history.append({"role": "user", "content": user_msg})
-            self.history.append({"role": "assistant", "content": analysis})
-            return {"analysis": analysis, "commands": [], "__streamed": False}
+            assistant_memory = analysis + "\n\nCommands:\n" + "\n".join(commands)
+            self.history.append({"role": "assistant", "content": assistant_memory})
+            return {"analysis": analysis, "commands": commands, "__streamed": False}
 
         system_prompt = build_system_prompt(
             _context_for_system_prompt(last_output),
@@ -763,7 +917,7 @@ class LLM:
             elif self.backend == "g4f":
                 raw = _query_g4f(request_messages)
             elif self.backend == "api":
-                raw = _query_custom_api(request_messages)
+                raw = _query_custom_api(request_messages, prompt_text=prompt)
             elif self.backend == "gpt":
                 raw = _query_openai(request_messages)
             elif self.backend == "anthropic":
@@ -813,7 +967,7 @@ class LLM:
                 if _save_parse_debug_log(self.backend, user_msg, last_output, raw):
                     print(Style.BRIGHT + Fore.RED + f"A debug log has been saved in {DEBUG_LOG_PATH}")
                 else:
-                    print(Style.BRIGHT + Fore.YELOW + "Could not save debug log to /tmp/eva_query.log")
+                    print(Style.BRIGHT + Fore.YELLOW + "Could not save debug log to /tmp/eva_query.log")
         elif not data.get("commands"):
             data["commands"] = inferred_commands
 
@@ -826,6 +980,11 @@ class LLM:
                 str(data.get("analysis", "")),
             )
         data["analysis"] = _clean_analysis_text(data.get("analysis", ""))
+        data["commands"] = _ensure_commands(
+            data.get("commands"),
+            analysis=data.get("analysis", ""),
+            last_output=last_output,
+        )
         data["__streamed"] = streamed
 
         assistant_memory = data["analysis"]

{eva_exploit-3.4 → eva_exploit-3.4.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "eva-exploit"
-version = "3.4"
+version = "3.4.2"
 description = "Exploit Vector Agent"
 readme = "README.md"
 requires-python = ">=3.10"

{eva_exploit-3.4 → eva_exploit-3.4.2}/sessions/eva_session.py

@@ -45,6 +45,29 @@ from utils.system import (
 from utils.ui import cyber, menu, raw_input, spinner_start, spinner_stop
 
 ANSI_ESCAPE_RE = re.compile(r"\x1B\[[0-?]*[ -/]*[@-~]")
+CONTROL_CHARS_RE = re.compile(r"[\x00-\x08\x0b-\x1f\x7f]")
+SUDO_PASSWORD_PROMPT_RE = re.compile(
+    r"^\s*(?:\[\s*sudo\s*\]\s*password\s+for\s+\S+\s*:|password\s+for\s+\S+\s*:|sudo:\s+a\s+password\s+is\s+required)\s*$",
+    flags=re.IGNORECASE,
+)
+ROOT_PROMPT_LINE_RE = re.compile(r"^\s*root@[\w.-]+:[^#\n]*#\s*$", flags=re.IGNORECASE)
+
+
+def _sanitize_command_output(text):
+    cleaned = ANSI_ESCAPE_RE.sub("", str(text or ""))
+    cleaned = cleaned.replace("\r\n", "\n").replace("\r", "\n")
+    cleaned = CONTROL_CHARS_RE.sub("", cleaned)
+
+    out_lines = []
+    for line in cleaned.split("\n"):
+        stripped = line.strip()
+        if stripped and (SUDO_PASSWORD_PROMPT_RE.match(stripped) or ROOT_PROMPT_LINE_RE.match(stripped)):
+            continue
+        out_lines.append(line)
+
+    sanitized = "\n".join(out_lines)
+    sanitized = re.sub(r"\n{3,}", "\n\n", sanitized)
+    return sanitized
 
 
 # +-------------------------------------------+
@@ -244,13 +267,21 @@ class Eva:
                 proc.stdin.flush()
                 proc.stdin.close()
             for line in proc.stdout:
-                print(line, end="")
-                out += line
+                safe_line = _sanitize_command_output(line)
+                if not safe_line:
+                    continue
+                if not safe_line.endswith("\n"):
+                    safe_line += "\n"
+                print(safe_line, end="")
+                out += safe_line
             return_code = proc.wait()
         except KeyboardInterrupt:
             os.killpg(os.getpgid(proc.pid), signal.SIGINT)
             print(Fore.RED + "\n/// 🜂 Command stopped by user.")
             return_code = proc.wait()
+        out = _sanitize_command_output(out)
+        if out and not out.endswith("\n"):
+            out += "\n"
         if not out.strip():
             notice = f"[EVA_NOTICE] Command produced no stdout/stderr. exit_code={return_code if return_code is not None else 'unknown'}"
             out = notice + "\n"
@@ -368,7 +399,7 @@ class Eva:
 
             elif item["type"] == "command":
                 cyber(f"EXECUTED → {item['cmd']}", color=Fore.CYAN)
-                print(item["output"] + "\n")
+                print(_sanitize_command_output(item["output"]) + "\n")
 
     def chat(self):
         self._render_session_header()
@@ -452,7 +483,7 @@ class Eva:
                 if raw_search_output:
                     print(raw_search_output, end="" if raw_search_output.endswith("\n") else "\n")
 
-                clean_output = ANSI_ESCAPE_RE.sub("", raw_search_output or "").strip()
+                clean_output = _sanitize_command_output(raw_search_output).strip()
                 if not clean_output:
                     clean_output = f"[EVA_NOTICE] /search returned no output. exit_code={rc}"
 

{eva_exploit-3.4 → eva_exploit-3.4.2}/utils/system.py

@@ -70,14 +70,19 @@ def _custom_api_template(endpoint):
         "#!/usr/bin/env python3\n"
         "import requests\n\n"
         f"API_ENDPOINT = {json.dumps(target)}\n\n"
-        "def query_custom_api(history, endpoint=None):\n"
+        "def query_custom_api(history, endpoint=None, prompt=None):\n"
         "    target = endpoint or API_ENDPOINT\n"
-        "    question = \"\"\n"
-        "    for item in reversed(history):\n"
-        "        if item.get(\"role\") == \"user\":\n"
-        "            question = str(item.get(\"content\", \"\"))\n"
-        "            break\n"
-        "    payload = {\"prompt\": question, \"session\": \"eva-session\"}\n"
+        "    compiled_prompt = str(prompt or \"\").strip()\n"
+        "    if not compiled_prompt:\n"
+        "        for item in reversed(history):\n"
+        "            if item.get(\"role\") == \"user\":\n"
+        "                compiled_prompt = str(item.get(\"content\", \"\")).strip()\n"
+        "                break\n"
+        "    payload = {\n"
+        "        \"prompt\": compiled_prompt,\n"
+        "        \"conversation\": history,\n"
+        "        \"session\": \"eva-session\",\n"
+        "    }\n"
         "    r = requests.post(target, json=payload, timeout=None)\n"
         "    try:\n"
         "        data = r.json()\n"
@@ -102,23 +107,16 @@ def _ensure_custom_api_handler_file(path, endpoint):
 
 def configure_custom_api(open_handler=True):
     endpoint_current = str(getattr(config_module, "API_ENDPOINT", API_ENDPOINT) or "").strip()
-    if endpoint_current == "NOT_SET":
-        endpoint_current = ""
     handler_current = str(getattr(config_module, "CUSTOM_API_HANDLER", CUSTOM_API_HANDLER) or "").strip()
     if not handler_current or handler_current == "NOT_SET":
         handler_current = str(_default_custom_api_handler_path())
+        _persist_key_to_config("CUSTOM_API_HANDLER", handler_current)
+        setattr(config_module, "CUSTOM_API_HANDLER", handler_current)
 
     clear()
-    cyber("CUSTOM API CONFIGURATION", color=Fore.CYAN)
-    endpoint_input = input(f"Custom API endpoint [{endpoint_current}] > ").strip()
-    endpoint_value = endpoint_input or endpoint_current or "NOT_SET"
-    _persist_key_to_config("API_ENDPOINT", endpoint_value)
-    setattr(config_module, "API_ENDPOINT", endpoint_value)
-
-    handler_input = input(f"Custom API handler file [{handler_current}] > ").strip()
-    handler_value = handler_input or handler_current
-    _persist_key_to_config("CUSTOM_API_HANDLER", handler_value)
-    setattr(config_module, "CUSTOM_API_HANDLER", handler_value)
+    cyber("CUSTOM API HANDLER", color=Fore.CYAN)
+    endpoint_value = endpoint_current or "NOT_SET"
+    handler_value = handler_current
 
     try:
         handler_path = _ensure_custom_api_handler_file(handler_value, endpoint_value)
@@ -385,27 +383,14 @@ def run_self_update():
             branch = _git_branch()
             pull_result = subprocess.run(
                 ["git", "pull", "--tags", "origin", branch],
-                stdout=devnull,
-                stderr=devnull,
                 text=True
             )
             updated = pull_result.returncode == 0
         else:
             pip_result = subprocess.run(
-                [
-                    sys.executable,
-                    "-m",
-                    "pip",
-                    "install",
-                    "--upgrade",
-                    PYPI_PACKAGE,
-                    "--break-system-packages",
-                    "-q",
-                ],
-                stdout=devnull,
-                stderr=devnull,
-                text=True
-            )
+        [sys.executable, "-m", "pip", "install", "--upgrade", PYPI_PACKAGE,"--break-system-packages"],
+        text=True
+    )
             updated = pip_result.returncode == 0
 
     print(Fore.CYAN + "Almost done . . . . ")