Skip to content

Releases: s0ld13rr/pentestcode

v0.1.7

Choose a tag to compare

@s0ld13rr s0ld13rr released this 10 Jul 09:05

What's Changed

  • Lowercase logo — redesigned TUI logo with lowercase block letters
    • d now has a clear full-block ascender, unmistakably different from o
    • p has a descender, t has narrow crossbar style
    • Consistent letter forms across both words
  • Red + white colors — "pentest" in red, "code" in white bold
  • Cleaner look — removed shadow marks from right side letters
  • Includes Wave 3 completion (attack path derivation, agent context carry, inter-agent communication)

Full Changelog: v0.1.5...v0.1.7

v0.1.5

Choose a tag to compare

@s0ld13rr s0ld13rr released this 09 Jul 14:06

What's New

Competitive Gap Closure

  • Decision memory context injection — last 5 decisions + failure escalation in prompt every turn
  • Evidence chain extensionreasoning, source_agent, attempt_number, verification_status on every finding
  • 3 webapp tools: sqlmap_parse, xss_detect, jwt_analyze
  • 2 pivot/tunnel tools: tunnel_manage, pivot_suggest (BFS path-finding over relationship graph)
  • Benchmark infrastructure: bench/verify-claims.ts — 32/32 checks, 5 challenge definitions
  • NetExec migration: all crackmapexec references → netexec

Session Critique Fixes (from real Standoff365 testing)

  • Mandatory parser workflow — all 9 agent prompts now bind bash commands to parser tools (nmap→nmap_parse, netexec→cme_parse, nuclei→nuclei_parse, etc.)
  • Batch state_update — new batch action accepts {operations: [{action,data},...]} (max 100). Turns 40 sequential LLM steps into 1.
  • Context size reduction — caps on vulns/host, services/host, relationships. OODA deduplication. Conditional injection: full state every 8 turns, summary on others. ~75% token reduction.
  • Parallel dispatch strengthening — CORRECT/WRONG examples in orchestrator-mode.txt and pentest.txt

Fixes

  • Uninstall now auto-removes binary instead of asking user to rm manually

Full Changelog

v0.1.4...v0.1.5

v0.1.4

Choose a tag to compare

@s0ld13rr s0ld13rr released this 09 Jul 13:57

What's New

Competitive Gap Closure

  • Decision memory context injection — last 5 decisions + failure escalation in prompt every turn
  • Evidence chain extensionreasoning, source_agent, attempt_number, verification_status on every finding
  • 3 webapp tools: sqlmap_parse, xss_detect, jwt_analyze
  • 2 pivot/tunnel tools: tunnel_manage, pivot_suggest (BFS path-finding over relationship graph)
  • Benchmark infrastructure: bench/verify-claims.ts — 32/32 checks, 5 challenge definitions
  • NetExec migration: all crackmapexec references → netexec

Session Critique Fixes (from real Standoff365 testing)

  • Mandatory parser workflow — all 9 agent prompts now bind bash commands to parser tools (nmap→nmap_parse, netexec→cme_parse, nuclei→nuclei_parse, etc.). Anti-patterns documented.
  • Batch state_update — new batch action accepts {operations: [{action,data},...]} (max 100). Turns 40 sequential LLM steps into 1 for initial engagement setup.
  • Context size reductiontoCompactContext() caps: 10 vulns/host, 15 services/host, 30 relationships. OODA fields deduplicated. Conditional injection: full state every 8 turns, summary on others. ~75% token reduction.
  • Parallel dispatch strengthening — CORRECT/WRONG examples in orchestrator-mode.txt and pentest.txt

Full Changelog

v0.1.3...v0.1.4

v0.1.3

Choose a tag to compare

@s0ld13rr s0ld13rr released this 09 Jul 08:46

PentestCode v0.1.3

AI penetration testing agent for the terminal.

What's New

  • Wave 1: Confidence scoring, structured evidence, changelog
  • Wave 2: State diff injection, auto-critic, entity relationships, phase quality gates
  • Wave 3: Decision memory, alert queue, OODA structured reasoning
  • Agent Quality: Tool knowledge in prompts, inter-agent communication, session/shell tracking, network segmentation model
  • Full rename: @opencode-ai@pentestcode across entire codebase
  • 12 specialist agents: pentest, recon, scanner, enumerator, exploiter, reporter, identity, infrastructure, post_exploit, exploit_dev, critic, webapp

Install

Linux/macOS:

curl -fsSL https://github.com/s0ld13rr/pentestcode/releases/latest/download/install.sh | sh

Windows (PowerShell):

irm https://github.com/s0ld13rr/pentestcode/releases/latest/download/install.ps1 | iex

Or download the binary for your platform below.