pentest
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChinesePentest — Clearwing Security Scanner
渗透测试 — Clearwing安全扫描器
Authorization Check
授权检查
Before any scanning, confirm authorization with the user. Ask:
- Is this target owned by you or your organization?
- Do you have written authorization to test it?
- What is the scope (source code only, network, or both)?
If authorization is unclear, STOP and do not proceed.
**在进行任何扫描之前,请与用户确认授权。**询问:
- 该目标是否归您或您的组织所有?
- 您是否拥有测试该目标的书面授权?
- 测试范围是什么(仅源代码、网络,还是两者都包含)?
如果授权不明确,请停止操作,不要继续。
Prerequisites
前提条件
Check if clearwing is installed:
bash
command -v clearwing && clearwing --versionIf not installed:
bash
uv tool install clearwing
clearwing setup # Interactive LLM provider configurationRequires: Python 3.10+, uv, Rust toolchain (for native bridge).
检查是否已安装clearwing:
bash
command -v clearwing && clearwing --version如果未安装:
bash
uv tool install clearwing
clearwing setup # 交互式LLM提供商配置所需环境:Python 3.10+、uv、Rust工具链(用于原生桥接)。
Mode 1: Source Code Analysis
模式1:源代码分析
Hunt vulnerabilities in source code using the 11-stage pipeline:
bash
undefined使用11阶段流程排查源代码中的漏洞:
bash
undefinedStandard depth — recommended starting point
标准深度 — 推荐起始选项
clearwing sourcehunt <path-to-repo> --depth standard
clearwing sourcehunt <path-to-repo> --depth standard
Quick scan — faster, less thorough
快速扫描 — 速度更快,全面性较低
clearwing sourcehunt <path-to-repo> --depth quick
clearwing sourcehunt <path-to-repo> --depth quick
Deep scan — comprehensive, takes longer
深度扫描 — 全面彻底,耗时较长
clearwing sourcehunt <path-to-repo> --depth deep
The pipeline: preprocess → rank files → generate fuzzing harnesses → tiered hunt (6 specialists) → adversarial verification → patch oracle → variant loop → exploit triage → auto-patch → report.
Evidence levels (ascending confidence):
1. `suspicion` — pattern match, needs investigation
2. `static_corroboration` — confirmed by static analysis
3. `crash_reproduced` — fuzzer triggered a crash
4. `root_cause_explained` — mechanism understood
5. `exploit_demonstrated` — exploitability confirmed
6. `patch_validated` — fix verifiedclearwing sourcehunt <path-to-repo> --depth deep
流程步骤:预处理 → 文件排序 → 生成模糊测试harness → 分层排查(6个专项模块)→ 对抗性验证 → 补丁验证 → 变体循环 → 利用分类 → 自动补丁 → 报告。
证据级别(置信度从低到高):
1. `suspicion` — 匹配到可疑模式,需进一步调查
2. `static_corroboration` — 经静态分析确认
3. `crash_reproduced` — 模糊测试触发崩溃
4. `root_cause_explained` — 已理解漏洞机制
5. `exploit_demonstrated` — 已确认可被利用
6. `patch_validated` — 修复方案已验证Mode 2: Network Scanning
模式2:网络扫描
Scan a live target for service vulnerabilities:
bash
undefined扫描在线目标以查找服务漏洞:
bash
undefinedSingle host
单个主机
clearwing scan <target-ip-or-hostname>
clearwing scan <target-ip-or-hostname>
CIDR block (concurrent)
CIDR地址块(并发扫描)
clearwing parallel <CIDR> --max-concurrent 5
undefinedclearwing parallel <CIDR> --max-concurrent 5
undefinedOutput
输出
Results are stored in SQLite and exported as:
- SARIF — for GitHub Code Scanning integration
- Markdown — human-readable report
- JSON — machine-readable findings
结果存储在SQLite中,并可导出为以下格式:
- SARIF — 用于集成GitHub代码扫描
- Markdown — 人类可读的报告
- JSON — 机器可读的检测结果
Interactive Mode
交互模式
For guided exploration:
bash
clearwing interactive
clearwing interactive --resume <session_id>如需引导式探索:
bash
clearwing interactive
clearwing interactive --resume <session_id>CI Integration
CI集成
bash
clearwing ci --sarif-output results.sarifbash
clearwing ci --sarif-output results.sarif