adaptive_strategy
Generate penetration testing strategies by analyzing detected services, technologies, and vulnerabilities to create targeted security assessments.
Instructions
Generate adaptive penetration testing strategy based on detected services and OS
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ports | Yes | Array of open ports and services | |
| technologies | Yes | Array of detected technologies | |
| existing_vulns | No | Array of existing vulnerabilities (optional) |
Implementation Reference
- src/engines/adaptive-strategy.ts:73-141 (handler)Core handler function that executes the adaptive_strategy tool logic: detects OS, profiles services, analyzes attack vectors, plans testing phases, identifies priority targets, and assesses risk based on input ports and technologies.async generateStrategy( ports: PortScanResult[], technologies: TechDetectionResult[], existingVulns?: VulnerabilityResult[], existingCVEs?: CVEResult[] ): Promise<ScanResult> { try { console.error('🧠 Generating adaptive penetration testing strategy...'); // Phase 1: OS Detection const osDetection = this.detectOperatingSystem(ports); console.error(` Detected OS: ${osDetection.os_family} (${osDetection.confidence}% confidence)`); // Phase 2: Service Profiling const serviceProfiles = this.profileServices(ports, osDetection); console.error(` Profiled ${serviceProfiles.length} services`); // Phase 3: Attack Vector Analysis const attackVectors = this.analyzeAttackVectors(ports, technologies, serviceProfiles, osDetection); console.error(` Identified ${attackVectors.length} attack vectors`); // Phase 4: Testing Phase Planning const testingPhases = this.planTestingPhases(attackVectors, serviceProfiles, technologies); console.error(` Planned ${testingPhases.length} testing phases`); // Phase 5: Priority Target Identification const priorityTargets = this.identifyPriorityTargets(serviceProfiles, technologies, existingVulns); console.error(` Identified ${priorityTargets.length} priority targets`); // Phase 6: Risk Assessment const riskAssessment = this.assessRisk(ports, technologies, attackVectors, existingVulns, existingCVEs); console.error(` Overall risk level: ${riskAssessment.overall_risk}`); const strategy: AdaptiveStrategy = { target: 'adaptive_strategy', os_detection: osDetection, service_profiles: serviceProfiles, technology_stack: technologies, attack_vectors: attackVectors, testing_phases: testingPhases, priority_targets: priorityTargets, risk_assessment: riskAssessment }; return { target: 'adaptive_strategy', timestamp: new Date().toISOString(), tool: 'adaptive_strategy_engine', results: { strategy, execution_plan: this.generateExecutionPlan(strategy), estimated_duration: this.calculateEstimatedDuration(testingPhases), resource_requirements: this.calculateResourceRequirements(testingPhases), success_metrics: this.defineSuccessMetrics(strategy) }, status: 'success' }; } catch (error) { return { target: 'adaptive_strategy', timestamp: new Date().toISOString(), tool: 'adaptive_strategy_engine', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:341-364 (schema)Input schema definition for the adaptive_strategy tool, specifying required ports and technologies arrays.name: "adaptive_strategy", description: "Generate adaptive penetration testing strategy based on detected services and OS", inputSchema: { type: "object", properties: { ports: { type: "array", items: { type: "object" }, description: "Array of open ports and services" }, technologies: { type: "array", items: { type: "object" }, description: "Array of detected technologies" }, existing_vulns: { type: "array", items: { type: "object" }, description: "Array of existing vulnerabilities (optional)" } }, required: ["ports", "technologies"] } },
- src/index.ts:567-572 (registration)Tool call dispatch/registration in the main switch handler, invoking AdaptiveStrategyEngine.generateStrategy.case "adaptive_strategy": return respond(await this.adaptiveStrategy.generateStrategy( args.ports, args.technologies, args.existing_vulns ));
- src/index.ts:65-65 (registration)Instantiation of AdaptiveStrategyEngine used by the tool handler.this.adaptiveStrategy = new AdaptiveStrategyEngine();
- Helper method for OS detection, key part of strategy generation.private detectOperatingSystem(ports: PortScanResult[]): OSDetectionResult { const evidence: string[] = []; let osFamily: 'windows' | 'linux' | 'unix' | 'mac' | 'unknown' = 'unknown'; let confidence = 0; let osVersion: string | undefined; // Windows indicators const windowsPorts = [135, 139, 445, 3389, 5985, 5986]; // RPC, NetBIOS, SMB, RDP, WinRM const windowsServices = ['microsoft-ds', 'msrpc', 'rdp', 'winrm']; const windowsPortsFound = ports.filter(p => windowsPorts.includes(p.port)); const windowsServicesFound = ports.filter(p => windowsServices.some(ws => p.service.toLowerCase().includes(ws)) ); if (windowsPortsFound.length > 0 || windowsServicesFound.length > 0) { osFamily = 'windows'; confidence += windowsPortsFound.length * 20 + windowsServicesFound.length * 25; if (windowsPortsFound.some(p => p.port === 445)) { evidence.push('SMB service detected (port 445)'); } if (windowsPortsFound.some(p => p.port === 3389)) { evidence.push('RDP service detected (port 3389)'); } if (windowsPortsFound.some(p => p.port === 135)) { evidence.push('RPC endpoint mapper detected (port 135)'); } // Try to detect Windows version from service versions const smbService = ports.find(p => p.port === 445); if (smbService?.version) { if (smbService.version.includes('Windows Server 2019')) { osVersion = 'Windows Server 2019'; } else if (smbService.version.includes('Windows Server 2016')) { osVersion = 'Windows Server 2016'; } else if (smbService.version.includes('Windows 10')) { osVersion = 'Windows 10'; } else if (smbService.version.includes('Windows Server 2012')) { osVersion = 'Windows Server 2012'; } } } // Linux indicators const linuxPorts = [22, 80, 443, 25, 53, 110, 143, 993, 995]; // SSH, HTTP, SMTP, DNS, POP3, IMAP const linuxServices = ['openssh', 'apache', 'nginx', 'postfix', 'dovecot', 'bind']; const linuxPortsFound = ports.filter(p => linuxPorts.includes(p.port)); const linuxServicesFound = ports.filter(p => linuxServices.some(ls => p.service.toLowerCase().includes(ls) || p.version?.toLowerCase().includes(ls)) ); if (linuxServicesFound.length > 0) { if (osFamily === 'unknown' || confidence < 50) { osFamily = 'linux'; confidence = linuxServicesFound.length * 15 + linuxPortsFound.length * 5; evidence.push('Linux services detected'); // Try to detect specific distributions const sshService = ports.find(p => p.port === 22); if (sshService?.version) { if (sshService.version.includes('Ubuntu')) { osVersion = 'Ubuntu Linux'; evidence.push('Ubuntu SSH banner detected'); } else if (sshService.version.includes('Debian')) { osVersion = 'Debian Linux'; evidence.push('Debian SSH banner detected'); } else if (sshService.version.includes('CentOS') || sshService.version.includes('RHEL')) { osVersion = 'RedHat/CentOS Linux'; evidence.push('RedHat/CentOS SSH banner detected'); } } } } // macOS indicators const macServices = ['afp', 'apple-filing']; const macServicesFound = ports.filter(p => macServices.some(ms => p.service.toLowerCase().includes(ms)) ); if (macServicesFound.length > 0) { osFamily = 'mac'; confidence = macServicesFound.length * 30; evidence.push('Apple Filing Protocol detected'); } // Generic Unix indicators const unixPorts = [513, 514, 515]; // rsh, syslog, printer const unixPortsFound = ports.filter(p => unixPorts.includes(p.port)); if (unixPortsFound.length > 0 && osFamily === 'unknown') { osFamily = 'unix'; confidence = unixPortsFound.length * 20; evidence.push('Unix services detected'); } // Confidence normalization confidence = Math.min(confidence, 95); // Cap at 95% if (confidence < 30) { osFamily = 'unknown'; evidence.push('Insufficient evidence for OS detection'); } return { os_family: osFamily, os_version: osVersion, confidence, evidence }; }