Conversation
pkg/tools/internetdb.go
Outdated
There was a problem hiding this comment.
can't that be done using just a webReader tool?
There was a problem hiding this comment.
probably, didn't tested it
pkg/tools/shodan.go
Outdated
| http.DefaultClient, | ||
| true, // use API v1 | ||
| ) | ||
| //ctx = context.Background() |
There was a problem hiding this comment.
fuck, my bad, yes, it should be Shodan_key from config
There was a problem hiding this comment.
lgtm, yet idk how i feel about excessive autogenerated comments
There was a problem hiding this comment.
I guess it could be removed unless necessary
pkg/tools/shodan.go
Outdated
| "query": map[string]any{ | ||
| "type": "object", | ||
| "properties": map[string]any{ | ||
| "domain": map[string]any{"type": "string"}, |
There was a problem hiding this comment.
there is no such parameter "domain"
see https://github.com/shadowscatcher/shodan/blob/master/search/query.go
pkg/tools/shodan.go
Outdated
| // The actual search term | ||
| "query": map[string]any{ | ||
| "type": "object", | ||
| "properties": map[string]any{ |
There was a problem hiding this comment.
there is a lot more properties, see https://github.com/shadowscatcher/shodan/blob/master/search/query.go
they are NOT JSON compatible (most of them can be converted without tags, but that's unreliable to do)
pkg/tools/shodan.go
Outdated
| "type": "object", | ||
| "properties": map[string]any{ | ||
| "domain": map[string]any{"type": "string"}, | ||
| "product": map[string]any{"type": "string"}, |
There was a problem hiding this comment.
lack of description field (which can be just copy-pasted from https://github.com/shadowscatcher/shodan/blob/master/search/query.go) results as lack of context for llm to generate tool call
pkg/tools/shodan.go
Outdated
| client, _ := shodanclient.GetClient( | ||
| os.Getenv("SHODAN_API_KEY"), // <-- your key | ||
| http.DefaultClient, | ||
| true, // use API v1 |
There was a problem hiding this comment.
agents/hacker/scanner/main.go
Outdated
| @@ -66,11 +71,24 @@ func main() { | |||
|
|
|||
| fmt.Println(rhost, lhost) | |||
|
|
|||
| //return | |||
| shodan_key, exists := os.LookupEnv("SHDN_KEY") | |||
There was a problem hiding this comment.
that is clearly not the local for example variable and should be used in shodan tool initialization
pkg/tools/shodan.go
Outdated
|
|
||
| // 2. Build a client – the library expects an API key in an env var. | ||
| client, _ := shodanclient.GetClient( | ||
| os.Getenv("SHODAN_API_KEY"), // <-- your key |
There was a problem hiding this comment.
api key from the ShodanTool should be put there
pkg/tools/shodan.go
Outdated
| // ------------------------------------------------------------------- | ||
| // 3️⃣ Tool type (empty; only used for method receiver). | ||
| // ------------------------------------------------------------------- | ||
| type ShodanTool struct{} |
There was a problem hiding this comment.
this is the place for the APIKey storage, which can be initialized in init() function
| if cfg.ShodanDisable { | ||
| return nil, nil | ||
| } | ||
|
|
There was a problem hiding this comment.
cfg already have Shodan_key field (do not use underscores in go), and it should be passed to ShodanTool{} here, with error return if it's empty (see semantic search for example)
pkg/tools/shodan.go
Outdated
| // ------------------------------------------------------------------- | ||
| func (s ShodanTool) Call(ctx context.Context, input string) (string, error) { | ||
| // 1. Unmarshal incoming JSON into our args struct | ||
| shodanArgs := ShodanToolArgs{} |
There was a problem hiding this comment.
sadly shodan query structure is no meant to be json serialized at all
agents/hacker/scanner/main.go
Outdated
|
|
||
| // const Prompt = ` Please scan %s for open ports and generate Metasploit search queries for any found services. Firstly try to use nmap with only -F argument. After that try to continiously exploit target, using %s as LHOST and target address as RHOST and module(s) found from metasploit search. Use cmd/unix/reverse as payload.'` | ||
| const Prompt = ` Please lookup for IP of %s. You can use different tools such as dig, internetdb and shodan to find out IP addresses of target. Then try to use nmap with only -F argument for each of found addresses if any. After that create metasploit queries for each of found open ports if any using msf_search tool.` | ||
| const Prompt = ` Please lookup for IP of %s. You can use different tools such as dig, internetdb and shodan to find out IP addresses of target.Always try to use dig using command caller first. Then try to process whatever result is returned from dig and if there are any IP's then try to use nmap with those IP. DO not forget that nmap accept only correct IP addresses foramt so do not forget to sanitize dig output first. Then try to use nmap with only -F argument for each of found addresses if any.` |
agents/hacker/scanner/main.go
Outdated
| const Prompt = ` Please lookup for IP of %s. You can use different tools such as dig, internetdb and shodan to find out IP addresses of target.Always try to use dig using command caller first. Then try to process whatever result is returned from dig and if there are any IP's then try to use nmap with those IP. DO not forget that nmap accept only correct IP addresses foramt so do not forget to sanitize dig output first. Then try to use nmap with only -F argument for each of found addresses if any.` | ||
|
|
||
| type NmapToolArgs struct { | ||
| type NmapToolArgs struct { // ??? -- it should not be here |
There was a problem hiding this comment.
yup, seems like the remains of copypasting
mintyleaf
left a comment
There was a problem hiding this comment.
examples is not agents
this is still examples, and that library meant to be used inside completely another project to do actual agent
c1f309e to
6039deb
Compare
dig and internet_db tools (domain - ip lookup)
shodan search tool
I need tests for those tools