@etcsec-com/etc-collector 1.4.0

package/dist/types/adcs.types.d.ts

@@ -0,0 +1,58 @@
+export interface ADCSCertificateTemplate {
+    dn: string;
+    name: string;
+    displayName?: string;
+    'msPKI-Cert-Template-OID'?: string;
+    'msPKI-Certificate-Name-Flag'?: number;
+    'msPKI-Enrollment-Flag'?: number;
+    'msPKI-Private-Key-Flag'?: number;
+    'msPKI-RA-Signature'?: number;
+    'msPKI-Template-Schema-Version'?: number;
+    pKIExtendedKeyUsage?: string[];
+    nTSecurityDescriptor?: Buffer;
+    cn?: string;
+}
+export interface ADCSCertificateAuthority {
+    dn: string;
+    name: string;
+    dNSHostName: string;
+    certificateTemplates?: string[];
+    cACertificate?: Buffer;
+    nTSecurityDescriptor?: Buffer;
+}
+export declare const CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT = 1;
+export declare const CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME = 65536;
+export declare const CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH = 2147483648;
+export declare const CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME = 1073741824;
+export declare const CT_FLAG_SUBJECT_REQUIRE_EMAIL = 536870912;
+export declare const CT_FLAG_SUBJECT_REQUIRE_DNS_AS_CN = 268435456;
+export declare const CT_FLAG_SUBJECT_ALT_REQUIRE_UPN = 33554432;
+export declare const CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL = 67108864;
+export declare const CT_FLAG_SUBJECT_ALT_REQUIRE_SPN = 8388608;
+export declare const CT_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID = 16777216;
+export declare const CT_FLAG_SUBJECT_ALT_REQUIRE_DNS = 134217728;
+export declare const CT_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS = 4194304;
+export declare const CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS = 1;
+export declare const CT_FLAG_PEND_ALL_REQUESTS = 2;
+export declare const CT_FLAG_PUBLISH_TO_KRA_CONTAINER = 4;
+export declare const CT_FLAG_PUBLISH_TO_DS = 8;
+export declare const CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE = 16;
+export declare const CT_FLAG_AUTO_ENROLLMENT = 32;
+export declare const CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT = 64;
+export declare const CT_FLAG_USER_INTERACTION_REQUIRED = 256;
+export declare const CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE = 1024;
+export declare const CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF = 2048;
+export declare const CT_FLAG_ADD_OCSP_NOCHECK = 4096;
+export declare const CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL = 8192;
+export declare const CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS = 16384;
+export declare const CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS = 32768;
+export declare const CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT = 65536;
+export declare const CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST = 131072;
+export declare const EKU_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2";
+export declare const EKU_PKIINIT_CLIENT_AUTH = "1.3.6.1.5.2.3.4";
+export declare const EKU_SMART_CARD_LOGON = "1.3.6.1.4.1.311.20.2.2";
+export declare const EKU_ANY_PURPOSE = "2.5.29.37.0";
+export declare const EKU_CERTIFICATE_REQUEST_AGENT = "1.3.6.1.4.1.311.20.2.1";
+export declare const EKU_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
+export type ESCVulnerabilityType = 'ESC1' | 'ESC2' | 'ESC3' | 'ESC4' | 'ESC5' | 'ESC6' | 'ESC7' | 'ESC8' | 'ESC9' | 'ESC10' | 'ESC11';
+//# sourceMappingURL=adcs.types.d.ts.map

package/dist/types/adcs.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adcs.types.d.ts","sourceRoot":"","sources":["../../src/types/adcs.types.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAGnC,6BAA6B,CAAC,EAAE,MAAM,CAAC;IACvC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,+BAA+B,CAAC,EAAE,MAAM,CAAC;IAGzC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAG/B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAG9B,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAKD,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IAGpB,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAGD,eAAO,MAAM,iCAAiC,IAAa,CAAC;AAC5D,eAAO,MAAM,0CAA0C,QAAa,CAAC;AACrE,eAAO,MAAM,sCAAsC,aAAa,CAAC;AACjE,eAAO,MAAM,mCAAmC,aAAa,CAAC;AAC9D,eAAO,MAAM,6BAA6B,YAAa,CAAC;AACxD,eAAO,MAAM,iCAAiC,YAAa,CAAC;AAC5D,eAAO,MAAM,+BAA+B,WAAa,CAAC;AAC1D,eAAO,MAAM,iCAAiC,WAAa,CAAC;AAC5D,eAAO,MAAM,+BAA+B,UAAa,CAAC;AAC1D,eAAO,MAAM,0CAA0C,WAAa,CAAC;AACrE,eAAO,MAAM,+BAA+B,YAAa,CAAC;AAC1D,eAAO,MAAM,sCAAsC,UAAa,CAAC;AAGjE,eAAO,MAAM,oCAAoC,IAAa,CAAC;AAC/D,eAAO,MAAM,yBAAyB,IAAa,CAAC;AACpD,eAAO,MAAM,gCAAgC,IAAa,CAAC;AAC3D,eAAO,MAAM,qBAAqB,IAAa,CAAC;AAChD,eAAO,MAAM,iDAAiD,KAAa,CAAC;AAC5E,eAAO,MAAM,uBAAuB,KAAa,CAAC;AAClD,eAAO,MAAM,+CAA+C,KAAa,CAAC;AAC1E,eAAO,MAAM,iCAAiC,MAAa,CAAC;AAC5D,eAAO,MAAM,sDAAsD,OAAa,CAAC;AACjF,eAAO,MAAM,iCAAiC,OAAa,CAAC;AAC5D,eAAO,MAAM,wBAAwB,OAAa,CAAC;AACnD,eAAO,MAAM,wDAAwD,OAAa,CAAC;AACnF,eAAO,MAAM,qCAAqC,QAAa,CAAC;AAChE,eAAO,MAAM,8CAA8C,QAAa,CAAC;AACzE,eAAO,MAAM,qEAAqE,QAAa,CAAC;AAChG,eAAO,MAAM,sCAAsC,SAAa,CAAC;AAGjE,eAAO,MAAM,eAAe,sBAAsB,CAAC;AACnD,eAAO,MAAM,uBAAuB,oBAAoB,CAAC;AACzD,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAC7D,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAC7C,eAAO,MAAM,6BAA6B,2BAA2B,CAAC;AACtE,eAAO,MAAM,eAAe,sBAAsB,CAAC;AAKnD,MAAM,MAAM,oBAAoB,GAC5B,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,GACN,MAAM,GACN,OAAO,GACP,OAAO,CAAC"}

package/dist/types/adcs.types.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EKU_SERVER_AUTH = exports.EKU_CERTIFICATE_REQUEST_AGENT = exports.EKU_ANY_PURPOSE = exports.EKU_SMART_CARD_LOGON = exports.EKU_PKIINIT_CLIENT_AUTH = exports.EKU_CLIENT_AUTH = exports.CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST = exports.CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT = exports.CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS = exports.CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS = exports.CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL = exports.CT_FLAG_ADD_OCSP_NOCHECK = exports.CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF = exports.CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE = exports.CT_FLAG_USER_INTERACTION_REQUIRED = exports.CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT = exports.CT_FLAG_AUTO_ENROLLMENT = exports.CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE = exports.CT_FLAG_PUBLISH_TO_DS = exports.CT_FLAG_PUBLISH_TO_KRA_CONTAINER = exports.CT_FLAG_PEND_ALL_REQUESTS = exports.CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS = exports.CT_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS = exports.CT_FLAG_SUBJECT_ALT_REQUIRE_DNS = exports.CT_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID = exports.CT_FLAG_SUBJECT_ALT_REQUIRE_SPN = exports.CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL = exports.CT_FLAG_SUBJECT_ALT_REQUIRE_UPN = exports.CT_FLAG_SUBJECT_REQUIRE_DNS_AS_CN = exports.CT_FLAG_SUBJECT_REQUIRE_EMAIL = exports.CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME = exports.CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH = exports.CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME = exports.CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT = void 0;
+exports.CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT = 0x00000001;
+exports.CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME = 0x00010000;
+exports.CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH = 0x80000000;
+exports.CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME = 0x40000000;
+exports.CT_FLAG_SUBJECT_REQUIRE_EMAIL = 0x20000000;
+exports.CT_FLAG_SUBJECT_REQUIRE_DNS_AS_CN = 0x10000000;
+exports.CT_FLAG_SUBJECT_ALT_REQUIRE_UPN = 0x02000000;
+exports.CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL = 0x04000000;
+exports.CT_FLAG_SUBJECT_ALT_REQUIRE_SPN = 0x00800000;
+exports.CT_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID = 0x01000000;
+exports.CT_FLAG_SUBJECT_ALT_REQUIRE_DNS = 0x08000000;
+exports.CT_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS = 0x00400000;
+exports.CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS = 0x00000001;
+exports.CT_FLAG_PEND_ALL_REQUESTS = 0x00000002;
+exports.CT_FLAG_PUBLISH_TO_KRA_CONTAINER = 0x00000004;
+exports.CT_FLAG_PUBLISH_TO_DS = 0x00000008;
+exports.CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE = 0x00000010;
+exports.CT_FLAG_AUTO_ENROLLMENT = 0x00000020;
+exports.CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT = 0x00000040;
+exports.CT_FLAG_USER_INTERACTION_REQUIRED = 0x00000100;
+exports.CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE = 0x00000400;
+exports.CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF = 0x00000800;
+exports.CT_FLAG_ADD_OCSP_NOCHECK = 0x00001000;
+exports.CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL = 0x00002000;
+exports.CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS = 0x00004000;
+exports.CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS = 0x00008000;
+exports.CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT = 0x00010000;
+exports.CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST = 0x00020000;
+exports.EKU_CLIENT_AUTH = '1.3.6.1.5.5.7.3.2';
+exports.EKU_PKIINIT_CLIENT_AUTH = '1.3.6.1.5.2.3.4';
+exports.EKU_SMART_CARD_LOGON = '1.3.6.1.4.1.311.20.2.2';
+exports.EKU_ANY_PURPOSE = '2.5.29.37.0';
+exports.EKU_CERTIFICATE_REQUEST_AGENT = '1.3.6.1.4.1.311.20.2.1';
+exports.EKU_SERVER_AUTH = '1.3.6.1.5.5.7.3.1';
+//# sourceMappingURL=adcs.types.js.map

package/dist/types/adcs.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adcs.types.js","sourceRoot":"","sources":["../../src/types/adcs.types.ts"],"names":[],"mappings":";;;AAqDa,QAAA,iCAAiC,GAAG,UAAU,CAAC;AAC/C,QAAA,0CAA0C,GAAG,UAAU,CAAC;AACxD,QAAA,sCAAsC,GAAG,UAAU,CAAC;AACpD,QAAA,mCAAmC,GAAG,UAAU,CAAC;AACjD,QAAA,6BAA6B,GAAG,UAAU,CAAC;AAC3C,QAAA,iCAAiC,GAAG,UAAU,CAAC;AAC/C,QAAA,+BAA+B,GAAG,UAAU,CAAC;AAC7C,QAAA,iCAAiC,GAAG,UAAU,CAAC;AAC/C,QAAA,+BAA+B,GAAG,UAAU,CAAC;AAC7C,QAAA,0CAA0C,GAAG,UAAU,CAAC;AACxD,QAAA,+BAA+B,GAAG,UAAU,CAAC;AAC7C,QAAA,sCAAsC,GAAG,UAAU,CAAC;AAGpD,QAAA,oCAAoC,GAAG,UAAU,CAAC;AAClD,QAAA,yBAAyB,GAAG,UAAU,CAAC;AACvC,QAAA,gCAAgC,GAAG,UAAU,CAAC;AAC9C,QAAA,qBAAqB,GAAG,UAAU,CAAC;AACnC,QAAA,iDAAiD,GAAG,UAAU,CAAC;AAC/D,QAAA,uBAAuB,GAAG,UAAU,CAAC;AACrC,QAAA,+CAA+C,GAAG,UAAU,CAAC;AAC7D,QAAA,iCAAiC,GAAG,UAAU,CAAC;AAC/C,QAAA,sDAAsD,GAAG,UAAU,CAAC;AACpE,QAAA,iCAAiC,GAAG,UAAU,CAAC;AAC/C,QAAA,wBAAwB,GAAG,UAAU,CAAC;AACtC,QAAA,wDAAwD,GAAG,UAAU,CAAC;AACtE,QAAA,qCAAqC,GAAG,UAAU,CAAC;AACnD,QAAA,8CAA8C,GAAG,UAAU,CAAC;AAC5D,QAAA,qEAAqE,GAAG,UAAU,CAAC;AACnF,QAAA,sCAAsC,GAAG,UAAU,CAAC;AAGpD,QAAA,eAAe,GAAG,mBAAmB,CAAC;AACtC,QAAA,uBAAuB,GAAG,iBAAiB,CAAC;AAC5C,QAAA,oBAAoB,GAAG,wBAAwB,CAAC;AAChD,QAAA,eAAe,GAAG,aAAa,CAAC;AAChC,QAAA,6BAA6B,GAAG,wBAAwB,CAAC;AACzD,QAAA,eAAe,GAAG,mBAAmB,CAAC"}

package/dist/types/attack-graph.types.d.ts

@@ -0,0 +1,135 @@
+export type AttackNodeType = 'user' | 'group' | 'computer' | 'gpo' | 'ou' | 'domain';
+export type AttackPathRisk = 'critical' | 'high' | 'medium' | 'low';
+export type AttackPathType = 'ACL_ABUSE' | 'KERBEROASTING' | 'ASREP_ROASTING' | 'DELEGATION_ABUSE' | 'LATERAL_MOVEMENT' | 'CERTIFICATE_ABUSE' | 'GROUP_MEMBERSHIP' | 'DCSYNC' | 'OWNERSHIP_ABUSE';
+export type AttackRelationType = 'MemberOf' | 'GenericAll' | 'WriteDacl' | 'WriteOwner' | 'GenericWrite' | 'ForceChangePassword' | 'AddMember' | 'DCSync' | 'AllowedToDelegate' | 'AllowedToAct' | 'HasSPN' | 'NoPreauth' | 'Owns' | 'AdminTo' | 'HasSession' | 'CanPSRemote' | 'CanRDP' | 'ExecuteDCOM' | 'SQLAdmin' | 'ReadLAPSPassword' | 'ReadGMSAPassword' | 'Contains' | 'GPLink' | 'TrustedBy';
+export interface AttackGraphNode {
+    id: string;
+    name: string;
+    type: AttackNodeType;
+    sid?: string;
+    dn?: string;
+    domain?: string;
+    isEnabled?: boolean;
+    isPrivileged?: boolean;
+}
+export interface AttackGraphRelation {
+    relation: AttackRelationType;
+    isAbusable: boolean;
+    accessMask?: number;
+    objectType?: string;
+    description?: string;
+}
+export type AttackChainElement = AttackGraphNode | AttackGraphRelation;
+export interface AttackEntryPointProperties {
+    hasSPN?: boolean;
+    noPreauth?: boolean;
+    passwordNotExpire?: boolean;
+    unconstrained?: boolean;
+    constrained?: boolean;
+    rbcd?: boolean;
+    adminCount?: boolean;
+    enabled?: boolean;
+}
+export interface AttackEntryPoint {
+    id: string;
+    name: string;
+    type: AttackNodeType;
+    properties: AttackEntryPointProperties;
+}
+export interface AttackPath {
+    id: string;
+    risk: AttackPathRisk;
+    type: AttackPathType;
+    hops: number;
+    description: string;
+    chain: AttackChainElement[];
+    entryPoint: AttackEntryPoint;
+    target: AttackGraphNode;
+    mitigation: string;
+}
+export interface AttackTarget {
+    id: string;
+    name: string;
+    type: AttackNodeType;
+    sid?: string;
+    dn?: string;
+    reason: string;
+}
+export interface AttackGraphStats {
+    totalPaths: number;
+    byRisk: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    byType: Record<AttackPathType, number>;
+    averageHops: number;
+    shortestPath: number;
+    longestPath: number;
+}
+export interface AttackGraphUniqueNode {
+    id: string;
+    name: string;
+    type: AttackNodeType;
+    pathCount: number;
+    sid?: string;
+}
+export interface AttackGraphExport {
+    version: string;
+    generatedAt: string;
+    domain: string;
+    targets: AttackTarget[];
+    paths: AttackPath[];
+    stats: AttackGraphStats;
+    uniqueNodes: AttackGraphUniqueNode[];
+}
+export declare const ACL_GUIDS: {
+    readonly FORCE_CHANGE_PASSWORD: "00299570-246d-11d0-a768-00aa006e0529";
+    readonly DS_REPLICATION_GET_CHANGES: "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2";
+    readonly DS_REPLICATION_GET_CHANGES_ALL: "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2";
+    readonly DS_REPLICATION_GET_CHANGES_IN_FILTERED_SET: "89e95b76-444d-4c62-991a-0facbeda640c";
+    readonly SELF_MEMBERSHIP: "bf9679c0-0de6-11d0-a285-00aa003049e2";
+    readonly LAPS_PASSWORD: "e91556f8-b3c8-4b66-b3c8-4b0c8ac2c45b";
+    readonly CERTIFICATE_ENROLLMENT: "0e10c968-78fb-11d2-90d4-00c04f79dc55";
+    readonly CERTIFICATE_AUTOENROLLMENT: "a05b8cc2-17bc-4802-a710-e7c15ab866a2";
+};
+export declare const ACCESS_MASK: {
+    readonly GENERIC_READ: 2147483648;
+    readonly GENERIC_WRITE: 1073741824;
+    readonly GENERIC_EXECUTE: 536870912;
+    readonly GENERIC_ALL: 268435456;
+    readonly MAXIMUM_ALLOWED: 33554432;
+    readonly ACCESS_SYSTEM_SECURITY: 16777216;
+    readonly SYNCHRONIZE: 1048576;
+    readonly WRITE_OWNER: 524288;
+    readonly WRITE_DACL: 262144;
+    readonly READ_CONTROL: 131072;
+    readonly DELETE: 65536;
+    readonly WRITE_PROPERTY: 32;
+    readonly READ_PROPERTY: 16;
+    readonly SELF: 8;
+    readonly LIST_OBJECT: 128;
+    readonly DELETE_TREE: 64;
+    readonly CONTROL_ACCESS: 256;
+};
+export declare const PRIVILEGED_SID_SUFFIXES: {
+    readonly DOMAIN_ADMINS: "-512";
+    readonly DOMAIN_USERS: "-513";
+    readonly DOMAIN_GUESTS: "-514";
+    readonly DOMAIN_COMPUTERS: "-515";
+    readonly DOMAIN_CONTROLLERS: "-516";
+    readonly SCHEMA_ADMINS: "-518";
+    readonly ENTERPRISE_ADMINS: "-519";
+    readonly GROUP_POLICY_CREATOR_OWNERS: "-520";
+    readonly KEY_ADMINS: "-526";
+    readonly ENTERPRISE_KEY_ADMINS: "-527";
+    readonly ADMINISTRATORS: "-544";
+    readonly BACKUP_OPERATORS: "-551";
+    readonly ACCOUNT_OPERATORS: "-548";
+    readonly SERVER_OPERATORS: "-549";
+    readonly PRINT_OPERATORS: "-550";
+};
+export declare function isAttackGraphNode(element: AttackChainElement): element is AttackGraphNode;
+export declare function isAttackGraphRelation(element: AttackChainElement): element is AttackGraphRelation;
+//# sourceMappingURL=attack-graph.types.d.ts.map

package/dist/types/attack-graph.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attack-graph.types.d.ts","sourceRoot":"","sources":["../../src/types/attack-graph.types.ts"],"names":[],"mappings":"AAUA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,GAAG,KAAK,GAAG,IAAI,GAAG,QAAQ,CAAC;AAKrF,MAAM,MAAM,cAAc,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAKpE,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,eAAe,GACf,gBAAgB,GAChB,kBAAkB,GAClB,kBAAkB,GAClB,mBAAmB,GACnB,kBAAkB,GAClB,QAAQ,GACR,iBAAiB,CAAC;AAKtB,MAAM,MAAM,kBAAkB,GAC1B,UAAU,GACV,YAAY,GACZ,WAAW,GACX,YAAY,GACZ,cAAc,GACd,qBAAqB,GACrB,WAAW,GACX,QAAQ,GACR,mBAAmB,GACnB,cAAc,GACd,QAAQ,GACR,WAAW,GACX,MAAM,GACN,SAAS,GACT,YAAY,GACZ,aAAa,GACb,QAAQ,GACR,aAAa,GACb,UAAU,GACV,kBAAkB,GAClB,kBAAkB,GAClB,UAAU,GACV,QAAQ,GACR,WAAW,CAAC;AAKhB,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,cAAc,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAKD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAKD,MAAM,MAAM,kBAAkB,GAAG,eAAe,GAAG,mBAAmB,CAAC;AAKvE,MAAM,WAAW,0BAA0B;IACzC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAKD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,cAAc,CAAC;IACrB,UAAU,EAAE,0BAA0B,CAAC;CACxC;AAKD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,kBAAkB,EAAE,CAAC;IAC5B,UAAU,EAAE,gBAAgB,CAAC;IAC7B,MAAM,EAAE,eAAe,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAKD,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,cAAc,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAKD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE;QACN,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,MAAM,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAKD,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAKD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,KAAK,EAAE,gBAAgB,CAAC;IACxB,WAAW,EAAE,qBAAqB,EAAE,CAAC;CACtC;AAKD,eAAO,MAAM,SAAS;;;;;;;;;CAgBZ,CAAC;AAKX,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;CAkBd,CAAC;AAKX,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;CAgB1B,CAAC;AAKX,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,IAAI,eAAe,CAEzF;AAKD,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,IAAI,mBAAmB,CAEjG"}

package/dist/types/attack-graph.types.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PRIVILEGED_SID_SUFFIXES = exports.ACCESS_MASK = exports.ACL_GUIDS = void 0;
+exports.isAttackGraphNode = isAttackGraphNode;
+exports.isAttackGraphRelation = isAttackGraphRelation;
+exports.ACL_GUIDS = {
+    FORCE_CHANGE_PASSWORD: '00299570-246d-11d0-a768-00aa006e0529',
+    DS_REPLICATION_GET_CHANGES: '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2',
+    DS_REPLICATION_GET_CHANGES_ALL: '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2',
+    DS_REPLICATION_GET_CHANGES_IN_FILTERED_SET: '89e95b76-444d-4c62-991a-0facbeda640c',
+    SELF_MEMBERSHIP: 'bf9679c0-0de6-11d0-a285-00aa003049e2',
+    LAPS_PASSWORD: 'e91556f8-b3c8-4b66-b3c8-4b0c8ac2c45b',
+    CERTIFICATE_ENROLLMENT: '0e10c968-78fb-11d2-90d4-00c04f79dc55',
+    CERTIFICATE_AUTOENROLLMENT: 'a05b8cc2-17bc-4802-a710-e7c15ab866a2',
+};
+exports.ACCESS_MASK = {
+    GENERIC_READ: 0x80000000,
+    GENERIC_WRITE: 0x40000000,
+    GENERIC_EXECUTE: 0x20000000,
+    GENERIC_ALL: 0x10000000,
+    MAXIMUM_ALLOWED: 0x02000000,
+    ACCESS_SYSTEM_SECURITY: 0x01000000,
+    SYNCHRONIZE: 0x00100000,
+    WRITE_OWNER: 0x00080000,
+    WRITE_DACL: 0x00040000,
+    READ_CONTROL: 0x00020000,
+    DELETE: 0x00010000,
+    WRITE_PROPERTY: 0x00000020,
+    READ_PROPERTY: 0x00000010,
+    SELF: 0x00000008,
+    LIST_OBJECT: 0x00000080,
+    DELETE_TREE: 0x00000040,
+    CONTROL_ACCESS: 0x00000100,
+};
+exports.PRIVILEGED_SID_SUFFIXES = {
+    DOMAIN_ADMINS: '-512',
+    DOMAIN_USERS: '-513',
+    DOMAIN_GUESTS: '-514',
+    DOMAIN_COMPUTERS: '-515',
+    DOMAIN_CONTROLLERS: '-516',
+    SCHEMA_ADMINS: '-518',
+    ENTERPRISE_ADMINS: '-519',
+    GROUP_POLICY_CREATOR_OWNERS: '-520',
+    KEY_ADMINS: '-526',
+    ENTERPRISE_KEY_ADMINS: '-527',
+    ADMINISTRATORS: '-544',
+    BACKUP_OPERATORS: '-551',
+    ACCOUNT_OPERATORS: '-548',
+    SERVER_OPERATORS: '-549',
+    PRINT_OPERATORS: '-550',
+};
+function isAttackGraphNode(element) {
+    return 'type' in element && 'name' in element && !('relation' in element);
+}
+function isAttackGraphRelation(element) {
+    return 'relation' in element;
+}
+//# sourceMappingURL=attack-graph.types.js.map

package/dist/types/attack-graph.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attack-graph.types.js","sourceRoot":"","sources":["../../src/types/attack-graph.types.ts"],"names":[],"mappings":";;;AA0PA,8CAEC;AAKD,sDAEC;AA1EY,QAAA,SAAS,GAAG;IAEvB,qBAAqB,EAAE,sCAAsC;IAC7D,0BAA0B,EAAE,sCAAsC;IAClE,8BAA8B,EAAE,sCAAsC;IACtE,0CAA0C,EAAE,sCAAsC;IAGlF,eAAe,EAAE,sCAAsC;IAGvD,aAAa,EAAE,sCAAsC;IAGrD,sBAAsB,EAAE,sCAAsC;IAC9D,0BAA0B,EAAE,sCAAsC;CAC1D,CAAC;AAKE,QAAA,WAAW,GAAG;IACzB,YAAY,EAAE,UAAU;IACxB,aAAa,EAAE,UAAU;IACzB,eAAe,EAAE,UAAU;IAC3B,WAAW,EAAE,UAAU;IACvB,eAAe,EAAE,UAAU;IAC3B,sBAAsB,EAAE,UAAU;IAClC,WAAW,EAAE,UAAU;IACvB,WAAW,EAAE,UAAU;IACvB,UAAU,EAAE,UAAU;IACtB,YAAY,EAAE,UAAU;IACxB,MAAM,EAAE,UAAU;IAClB,cAAc,EAAE,UAAU;IAC1B,aAAa,EAAE,UAAU;IACzB,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,UAAU;IACvB,WAAW,EAAE,UAAU;IACvB,cAAc,EAAE,UAAU;CAClB,CAAC;AAKE,QAAA,uBAAuB,GAAG;IACrC,aAAa,EAAE,MAAM;IACrB,YAAY,EAAE,MAAM;IACpB,aAAa,EAAE,MAAM;IACrB,gBAAgB,EAAE,MAAM;IACxB,kBAAkB,EAAE,MAAM;IAC1B,aAAa,EAAE,MAAM;IACrB,iBAAiB,EAAE,MAAM;IACzB,2BAA2B,EAAE,MAAM;IACnC,UAAU,EAAE,MAAM;IAClB,qBAAqB,EAAE,MAAM;IAC7B,cAAc,EAAE,MAAM;IACtB,gBAAgB,EAAE,MAAM;IACxB,iBAAiB,EAAE,MAAM;IACzB,gBAAgB,EAAE,MAAM;IACxB,eAAe,EAAE,MAAM;CACf,CAAC;AAKX,SAAgB,iBAAiB,CAAC,OAA2B;IAC3D,OAAO,MAAM,IAAI,OAAO,IAAI,MAAM,IAAI,OAAO,IAAI,CAAC,CAAC,UAAU,IAAI,OAAO,CAAC,CAAC;AAC5E,CAAC;AAKD,SAAgB,qBAAqB,CAAC,OAA2B;IAC/D,OAAO,UAAU,IAAI,OAAO,CAAC;AAC/B,CAAC"}

package/dist/types/audit.types.d.ts

@@ -0,0 +1,34 @@
+import { Finding } from './finding.types';
+export type Provider = 'active-directory' | 'azure';
+export interface AuditOptions {
+    includeDetails?: boolean;
+    includeComputers?: boolean;
+    includeConfig?: boolean;
+}
+export interface AuditSummary {
+    totalFindings: number;
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    riskScore: number;
+    categoryScores?: Record<string, number>;
+}
+export interface AuditMetadata {
+    auditId: string;
+    provider: Provider;
+    timestamp: string;
+    duration: number;
+    objectsCounted?: {
+        users?: number;
+        groups?: number;
+        computers?: number;
+        policies?: number;
+    };
+}
+export interface AuditResult {
+    metadata: AuditMetadata;
+    summary: AuditSummary;
+    findings: Finding[];
+}
+//# sourceMappingURL=audit.types.d.ts.map

package/dist/types/audit.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.types.d.ts","sourceRoot":"","sources":["../../src/types/audit.types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAM1C,MAAM,MAAM,QAAQ,GAAG,kBAAkB,GAAG,OAAO,CAAC;AAEpD,MAAM,WAAW,YAAY;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,aAAa,CAAC;IACxB,OAAO,EAAE,YAAY,CAAC;IACtB,QAAQ,EAAE,OAAO,EAAE,CAAC;CACrB"}

package/dist/types/audit.types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=audit.types.js.map

package/dist/types/audit.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.types.js","sourceRoot":"","sources":["../../src/types/audit.types.ts"],"names":[],"mappings":""}

package/dist/types/azure.types.d.ts

@@ -0,0 +1,61 @@
+export interface AzureUser {
+    id: string;
+    userPrincipalName: string;
+    displayName?: string;
+    mail?: string;
+    givenName?: string;
+    surname?: string;
+    jobTitle?: string;
+    department?: string;
+    companyName?: string;
+    manager?: {
+        id?: string;
+        displayName?: string;
+    } | string;
+    officeLocation?: string;
+    employeeId?: string;
+    createdDateTime?: string;
+    lastSignInDateTime?: string;
+    lastPasswordChangeDateTime?: string;
+    accountEnabled: boolean;
+    userType?: string;
+    riskLevel?: string;
+    riskState?: string;
+    isMfaRegistered?: boolean;
+    strongAuthenticationMethods?: unknown[];
+    assignedLicenses?: Array<{
+        skuId?: string;
+    }>;
+    memberOf?: Array<{
+        id?: string;
+        displayName?: string;
+    }> | string[];
+    passwordPolicies?: string;
+    [key: string]: unknown;
+}
+export interface AzureGroup {
+    id: string;
+    displayName: string;
+    mailEnabled: boolean;
+    securityEnabled: boolean;
+    groupTypes?: string[];
+    members?: string[];
+    [key: string]: unknown;
+}
+export interface AzureApp {
+    id: string;
+    appId: string;
+    displayName: string;
+    createdDateTime?: string;
+    signInAudience?: string;
+    [key: string]: unknown;
+}
+export interface AzurePolicy {
+    id: string;
+    displayName: string;
+    state?: string;
+    conditions?: unknown;
+    grantControls?: unknown;
+    [key: string]: unknown;
+}
+//# sourceMappingURL=azure.types.d.ts.map

package/dist/types/azure.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure.types.d.ts","sourceRoot":"","sources":["../../src/types/azure.types.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,SAAS;IAExB,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IAGjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM,CAAC;IACzD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IAGpC,cAAc,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,2BAA2B,CAAC,EAAE,OAAO,EAAE,CAAC;IACxC,gBAAgB,CAAC,EAAE,KAAK,CAAC;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7C,QAAQ,CAAC,EAAE,KAAK,CAAC;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,MAAM,EAAE,CAAC;IACnE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAG1B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}

package/dist/types/azure.types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=azure.types.js.map

package/dist/types/azure.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure.types.js","sourceRoot":"","sources":["../../src/types/azure.types.ts"],"names":[],"mappings":""}

package/dist/types/config.types.d.ts

@@ -0,0 +1,63 @@
+export interface ServerConfig {
+    port: number;
+    nodeEnv: 'development' | 'production' | 'test';
+}
+export interface JWTConfig {
+    privateKeyPath: string;
+    publicKeyPath: string;
+    tokenExpiry: string;
+    tokenMaxUses: number;
+}
+export interface InfoEndpointsConfig {
+    tokenInfoEnabled: boolean;
+    providersInfoEnabled: boolean;
+}
+export interface LDAPConfig {
+    url: string;
+    bindDN: string;
+    bindPassword: string;
+    baseDN: string;
+    tlsVerify: boolean;
+    caCertPath?: string;
+    timeout: number;
+    skipHostnameVerification?: boolean;
+    tlsServername?: string;
+}
+export interface AzureConfig {
+    enabled: boolean;
+    tenantId?: string;
+    tenantName?: string;
+    clientId?: string;
+    clientSecret?: string;
+}
+export interface SMBConfig {
+    enabled: boolean;
+    username?: string;
+    password?: string;
+    timeout: number;
+}
+export interface AzureProviderConfig {
+    tenantId: string;
+    clientId: string;
+    clientSecret: string;
+}
+export interface LoggingConfig {
+    level: 'error' | 'warn' | 'info' | 'debug';
+    format: 'json' | 'simple';
+}
+export interface DatabaseConfig {
+    path: string;
+    enableWAL: boolean;
+    busyTimeout: number;
+}
+export interface AppConfig {
+    server: ServerConfig;
+    infoEndpoints: InfoEndpointsConfig;
+    jwt: JWTConfig;
+    ldap: LDAPConfig;
+    azure: AzureConfig;
+    smb: SMBConfig;
+    logging: LoggingConfig;
+    database: DatabaseConfig;
+}
+//# sourceMappingURL=config.types.d.ts.map

package/dist/types/config.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.types.d.ts","sourceRoot":"","sources":["../../src/types/config.types.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,aAAa,GAAG,YAAY,GAAG,MAAM,CAAC;CAChD;AAED,MAAM,WAAW,SAAS;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,OAAO,CAAC;IAEjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,OAAO,EAAE,MAAM,CAAC;CACjB;AAGD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAC3C,MAAM,EAAE,MAAM,GAAG,QAAQ,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,YAAY,CAAC;IACrB,aAAa,EAAE,mBAAmB,CAAC;IACnC,GAAG,EAAE,SAAS,CAAC;IACf,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,WAAW,CAAC;IACnB,GAAG,EAAE,SAAS,CAAC;IACf,OAAO,EAAE,aAAa,CAAC;IACvB,QAAQ,EAAE,cAAc,CAAC;CAC1B"}

package/dist/types/config.types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=config.types.js.map

package/dist/types/config.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.types.js","sourceRoot":"","sources":["../../src/types/config.types.ts"],"names":[],"mappings":""}

package/dist/types/error.types.d.ts

@@ -0,0 +1,33 @@
+export declare class BaseError extends Error {
+    statusCode: number;
+    isOperational: boolean;
+    constructor(message: string, statusCode?: number, isOperational?: boolean);
+}
+export declare class AuthenticationError extends BaseError {
+    constructor(message?: string);
+}
+export declare class AuthorizationError extends BaseError {
+    constructor(message?: string);
+}
+export declare class ValidationError extends BaseError {
+    constructor(message?: string);
+}
+export declare class NotFoundError extends BaseError {
+    constructor(message?: string);
+}
+export declare class LDAPConnectionError extends BaseError {
+    constructor(message?: string);
+}
+export declare class GraphAPIError extends BaseError {
+    constructor(message?: string);
+}
+export declare class AuditExecutionError extends BaseError {
+    constructor(message?: string);
+}
+export declare class TokenExpiredError extends BaseError {
+    constructor(message?: string);
+}
+export declare class RateLimitError extends BaseError {
+    constructor(message?: string);
+}
+//# sourceMappingURL=error.types.d.ts.map

package/dist/types/error.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.types.d.ts","sourceRoot":"","sources":["../../src/types/error.types.ts"],"names":[],"mappings":"AAIA,qBAAa,SAAU,SAAQ,KAAK;IAGzB,UAAU,EAAE,MAAM;IAClB,aAAa,EAAE,OAAO;gBAF7B,OAAO,EAAE,MAAM,EACR,UAAU,GAAE,MAAY,EACxB,aAAa,GAAE,OAAc;CAMvC;AAED,qBAAa,mBAAoB,SAAQ,SAAS;gBACpC,OAAO,SAA0B;CAG9C;AAED,qBAAa,kBAAmB,SAAQ,SAAS;gBACnC,OAAO,SAA6B;CAGjD;AAED,qBAAa,eAAgB,SAAQ,SAAS;gBAChC,OAAO,SAAsB;CAG1C;AAED,qBAAa,aAAc,SAAQ,SAAS;gBAC9B,OAAO,SAAuB;CAG3C;AAED,qBAAa,mBAAoB,SAAQ,SAAS;gBACpC,OAAO,SAA2B;CAG/C;AAED,qBAAa,aAAc,SAAQ,SAAS;gBAC9B,OAAO,SAA6B;CAGjD;AAED,qBAAa,mBAAoB,SAAQ,SAAS;gBACpC,OAAO,SAA2B;CAG/C;AAED,qBAAa,iBAAkB,SAAQ,SAAS;gBAClC,OAAO,SAAsB;CAG1C;AAED,qBAAa,cAAe,SAAQ,SAAS;gBAC/B,OAAO,SAAwB;CAG5C"}

package/dist/types/error.types.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimitError = exports.TokenExpiredError = exports.AuditExecutionError = exports.GraphAPIError = exports.LDAPConnectionError = exports.NotFoundError = exports.ValidationError = exports.AuthorizationError = exports.AuthenticationError = exports.BaseError = void 0;
+class BaseError extends Error {
+    statusCode;
+    isOperational;
+    constructor(message, statusCode = 500, isOperational = true) {
+        super(message);
+        this.statusCode = statusCode;
+        this.isOperational = isOperational;
+        this.name = this.constructor.name;
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+exports.BaseError = BaseError;
+class AuthenticationError extends BaseError {
+    constructor(message = 'Authentication failed') {
+        super(message, 401);
+    }
+}
+exports.AuthenticationError = AuthenticationError;
+class AuthorizationError extends BaseError {
+    constructor(message = 'Insufficient permissions') {
+        super(message, 403);
+    }
+}
+exports.AuthorizationError = AuthorizationError;
+class ValidationError extends BaseError {
+    constructor(message = 'Validation failed') {
+        super(message, 400);
+    }
+}
+exports.ValidationError = ValidationError;
+class NotFoundError extends BaseError {
+    constructor(message = 'Resource not found') {
+        super(message, 404);
+    }
+}
+exports.NotFoundError = NotFoundError;
+class LDAPConnectionError extends BaseError {
+    constructor(message = 'LDAP connection failed') {
+        super(message, 503);
+    }
+}
+exports.LDAPConnectionError = LDAPConnectionError;
+class GraphAPIError extends BaseError {
+    constructor(message = 'Graph API request failed') {
+        super(message, 502);
+    }
+}
+exports.GraphAPIError = GraphAPIError;
+class AuditExecutionError extends BaseError {
+    constructor(message = 'Audit execution failed') {
+        super(message, 500);
+    }
+}
+exports.AuditExecutionError = AuditExecutionError;
+class TokenExpiredError extends BaseError {
+    constructor(message = 'Token has expired') {
+        super(message, 401);
+    }
+}
+exports.TokenExpiredError = TokenExpiredError;
+class RateLimitError extends BaseError {
+    constructor(message = 'Rate limit exceeded') {
+        super(message, 429);
+    }
+}
+exports.RateLimitError = RateLimitError;
+//# sourceMappingURL=error.types.js.map

package/dist/types/error.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.types.js","sourceRoot":"","sources":["../../src/types/error.types.ts"],"names":[],"mappings":";;;AAIA,MAAa,SAAU,SAAQ,KAAK;IAGzB;IACA;IAHT,YACE,OAAe,EACR,aAAqB,GAAG,EACxB,gBAAyB,IAAI;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAHR,eAAU,GAAV,UAAU,CAAc;QACxB,kBAAa,GAAb,aAAa,CAAgB;QAGpC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;QAClC,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAClD,CAAC;CACF;AAVD,8BAUC;AAED,MAAa,mBAAoB,SAAQ,SAAS;IAChD,YAAY,OAAO,GAAG,uBAAuB;QAC3C,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,kDAIC;AAED,MAAa,kBAAmB,SAAQ,SAAS;IAC/C,YAAY,OAAO,GAAG,0BAA0B;QAC9C,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,gDAIC;AAED,MAAa,eAAgB,SAAQ,SAAS;IAC5C,YAAY,OAAO,GAAG,mBAAmB;QACvC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,0CAIC;AAED,MAAa,aAAc,SAAQ,SAAS;IAC1C,YAAY,OAAO,GAAG,oBAAoB;QACxC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,sCAIC;AAED,MAAa,mBAAoB,SAAQ,SAAS;IAChD,YAAY,OAAO,GAAG,wBAAwB;QAC5C,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,kDAIC;AAED,MAAa,aAAc,SAAQ,SAAS;IAC1C,YAAY,OAAO,GAAG,0BAA0B;QAC9C,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,sCAIC;AAED,MAAa,mBAAoB,SAAQ,SAAS;IAChD,YAAY,OAAO,GAAG,wBAAwB;QAC5C,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,kDAIC;AAED,MAAa,iBAAkB,SAAQ,SAAS;IAC9C,YAAY,OAAO,GAAG,mBAAmB;QACvC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,8CAIC;AAED,MAAa,cAAe,SAAQ,SAAS;IAC3C,YAAY,OAAO,GAAG,qBAAqB;QACzC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;CACF;AAJD,wCAIC"}