kuri-agent
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinesekuri-agent — Agentic Chrome CLI
kuri-agent — Agentic Chrome CLI
kuri-agent~/.kuri/session.jsonkuri-agent~/.kuri/session.jsonBinary location
二进制文件位置
After building:
After installing to PATH:
./zig-out/bin/kuri-agentkuri-agentBuild:
zig build agent -Doptimize=ReleaseFast编译后路径:
安装到系统PATH后可直接使用:
./zig-out/bin/kuri-agentkuri-agent编译命令:
zig build agent -Doptimize=ReleaseFastWorkflow
工作流程
Every session follows this pattern:
bash
undefined所有会话都遵循如下流程:
bash
undefined1. Find a Chrome tab
1. 查找Chrome标签页
kuri-agent tabs
kuri-agent tabs
→ [{"id":"ABC...","url":"https://...","ws":"ws://127.0.0.1:9222/devtools/page/ABC..."}]
→ [{"id":"ABC...","url":"https://...","ws":"ws://127.0.0.1:9222/devtools/page/ABC..."}]
2. Attach to a tab
2. 关联到指定标签页
kuri-agent use ws://127.0.0.1:9222/devtools/page/ABC...
kuri-agent use ws://127.0.0.1:9222/devtools/page/ABC...
3. Navigate + interact
3. 页面导航+交互
kuri-agent go https://example.com
kuri-agent snap --interactive # get clickable elements as @eN refs
kuri-agent click e2
kuri-agent type e3 "hello world"
kuri-agent shot # screenshot → ~/.kuri/screenshots/<ts>.png
undefinedkuri-agent go https://example.com
kuri-agent snap --interactive # 获取可点击元素的@eN格式引用
kuri-agent click e2
kuri-agent type e3 "hello world"
kuri-agent shot # 截图保存到 ~/.kuri/screenshots/<ts>.png
undefinedAll commands
全部命令
Discovery & session
发现与会话管理
bash
kuri-agent tabs [--port N] # list Chrome tabs (default port 9222)
kuri-agent use <ws_url> # attach to tab, save session
kuri-agent status # show current sessionbash
kuri-agent tabs [--port N] # 列出Chrome标签页,默认端口9222
kuri-agent use <ws_url> # 关联标签页,保存会话
kuri-agent status # 展示当前会话状态Navigation
页面导航
bash
kuri-agent go <url>
kuri-agent back / forward / reloadbash
kuri-agent go <url>
kuri-agent back / forward / reloadPage inspection
页面检查
bash
kuri-agent snap # full a11y snapshot (JSON with @eN refs)
kuri-agent snap --interactive # only interactive elements
kuri-agent snap --text # plain text output
kuri-agent snap --depth 3 # limit tree depth
kuri-agent text # get all page text
kuri-agent text "css-selector" # get text of a specific element
kuri-agent eval "document.title" # run JavaScript
kuri-agent shot [--out path.png] # take screenshotbash
kuri-agent snap # 全量a11y快照,返回带@eN引用的JSON
kuri-agent snap --interactive # 仅返回可交互元素
kuri-agent snap --text # 返回纯文本结果
kuri-agent snap --depth 3 # 限制元素树深度
kuri-agent text # 获取页面全部文本
kuri-agent text "css-selector" # 获取指定元素的文本
kuri-agent eval "document.title" # 执行JavaScript代码
kuri-agent shot [--out path.png] # 截取截图Actions (require a prior snap)
交互操作(需要先执行snap命令)
bash
kuri-agent click <ref> # ref is @e3 or e3
kuri-agent type <ref> <text>
kuri-agent fill <ref> <value>
kuri-agent select <ref> <value>
kuri-agent hover <ref>
kuri-agent focus <ref>
kuri-agent scrollbash
kuri-agent click <ref> # 引用格式为@e3或e3
kuri-agent type <ref> <text>
kuri-agent fill <ref> <value>
kuri-agent select <ref> <value>
kuri-agent hover <ref>
kuri-agent focus <ref>
kuri-agent scrollSecurity testing
安全测试
bash
kuri-agent cookies # list cookies with [Secure] [HttpOnly] [SameSite] flags
kuri-agent headers # check security response headers (CSP, HSTS, X-Frame-Options)
kuri-agent audit # full audit: HTTPS + headers + JS-visible cookies, outputs score/issues
kuri-agent storage [local|session|all] # dump localStorage / sessionStorage
kuri-agent jwt # scan storage+cookies for JWTs, decode and print payloads
kuri-agent fetch <METHOD> <url> [--data <json>] # authenticated fetch using session cookies + headers
kuri-agent probe <url-template> <start> <end> # IDOR probe: replaces {id} with start..endbash
kuri-agent cookies # 列出Cookie,带[Secure] [HttpOnly] [SameSite]标记
kuri-agent headers # 检查安全响应头(CSP、HSTS、X-Frame-Options)
kuri-agent audit # 全量审计:HTTPS+响应头+JS可见Cookie,输出得分和问题
kuri-agent storage [local|session|all] # 导出localStorage / sessionStorage内容
kuri-agent jwt # 扫描存储和Cookie中的JWT,解码并输出payload
kuri-agent fetch <METHOD> <url> [--data <json>] # 使用会话Cookie和请求头发起认证请求
kuri-agent probe <url-template> <start> <end> # IDOR探测:将{id}替换为start到end的数值进行测试Auth headers (persisted across commands)
认证头(跨命令持久化生效)
bash
kuri-agent set-header Authorization "Bearer eyJ..."
kuri-agent set-header X-Custom-Auth "my-token"
kuri-agent show-headers # print stored headers
kuri-agent clear-headers # remove all stored headersHeaders set with set-header are automatically applied via Network.setExtraHTTPHeaders on every subsequent CDP connection.
bash
kuri-agent set-header Authorization "Bearer eyJ..."
kuri-agent set-header X-Custom-Auth "my-token"
kuri-agent show-headers # 打印已存储的请求头
kuri-agent clear-headers # 清空所有已存储的请求头通过set-header设置的请求头,会在后续所有CDP连接中通过Network.setExtraHTTPHeaders自动生效。
Security trajectory examples
安全测试路径示例
Enumerate cookies after login
登录后枚举Cookie
bash
kuri-agent go https://target.example.com
kuri-agent cookiesbash
kuri-agent go https://target.example.com
kuri-agent cookiescookies (2):
cookies (2):
session_id domain=.example.com [Secure] [HttpOnly] [SameSite=Strict]
session_id domain=.example.com [Secure] [HttpOnly] [SameSite=Strict]
csrf_token domain=.example.com [Secure] [!HttpOnly]
csrf_token domain=.example.com [Secure] [!HttpOnly]
undefinedundefinedFull security audit
全量安全审计
bash
kuri-agent auditbash
kuri-agent audit→ {"protocol":"https:","score":4,"issues":["MISSING:content-security-policy","COOKIES_EXPOSED_TO_JS:2"]}
→ {"protocol":"https:","score":4,"issues":["MISSING:content-security-policy","COOKIES_EXPOSED_TO_JS:2"]}
undefinedundefinedFind and decode JWTs
查找并解码JWT
bash
kuri-agent jwtbash
kuri-agent jwt→ {"found":1,"tokens":[{"source":"localStorage:token","payload":{"sub":"123","role":"student"}}]}
→ {"found":1,"tokens":[{"source":"localStorage:token","payload":{"sub":"123","role":"student"}}]}
undefinedundefinedIDOR probe — enumerate resource IDs
IDOR探测——枚举资源ID
bash
kuri-agent set-header Authorization "Bearer eyJ..."
kuri-agent probe "https://api.example.com/v2/courses/{id}/assessments" 30 40bash
kuri-agent set-header Authorization "Bearer eyJ..."
kuri-agent probe "https://api.example.com/v2/courses/{id}/assessments" 30 40→ [{"id":30,"status":403},{"id":34,"status":200},{"id":35,"status":403}]
→ [{"id":30,"status":403},{"id":34,"status":200},{"id":35,"status":403}]
undefinedundefinedAuthenticated fetch with different token
使用不同令牌发起认证请求
bash
kuri-agent fetch GET "https://api.example.com/v2/user"
kuri-agent fetch POST "https://api.example.com/v2/submissions" --data '{"score":100}'bash
kuri-agent fetch GET "https://api.example.com/v2/user"
kuri-agent fetch POST "https://api.example.com/v2/submissions" --data '{"score":100}'Output tips
输出提示
All commands output JSON. audit and headers return CDP wrapper — extract with:
bash
kuri-agent audit | jq '.result.result.value | fromjson'
kuri-agent headers | jq '.result.result.value | fromjson | .headers'所有命令都输出JSON格式结果。audit和headers命令返回CDP封装结果,可以通过如下方式提取:
bash
kuri-agent audit | jq '.result.result.value | fromjson'
kuri-agent headers | jq '.result.result.value | fromjson | .headers'Tips
使用提示
- Always run snap before using click/type/fill — it saves the @eN refs to session
- set-header is persistent — set auth token once, all fetch/probe/go commands use it
- Use eval for arbitrary JS: kuri-agent eval "localStorage.getItem('token')"
- probe reports status per ID — look for 200s on IDs you should not have access to
- Chain commands in shell scripts for automated security trajectories
- 使用click/type/fill等交互命令前务必先执行snap命令——它会将@eN格式的元素引用保存到会话中
- set-header设置的内容是持久化的——只需设置一次认证令牌,后续所有fetch/probe/go命令都会自动使用
- 使用eval命令执行任意JS:kuri-agent eval "localStorage.getItem('token')"
- probe命令会返回每个ID的请求状态——重点关注你本没有权限访问的ID返回200状态码的情况
- 可以在shell脚本中串联多个命令,实现自动化安全测试路径