npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/src/types/adcs.types.ts ADDED Viewed

@@ -0,0 +1,107 @@
+/**
+ * ADCS (AD Certificate Services) Types
+ *
+ * Types for certificate templates and CAs used in ESC1-ESC11 vulnerability detection.
+ */
+/**
+ * ADCS Certificate Template
+ */
+export interface ADCSCertificateTemplate {
+  dn: string;
+  name: string;
+  displayName?: string;
+  // Template OID
+  'msPKI-Cert-Template-OID'?: string;
+  // Flags
+  'msPKI-Certificate-Name-Flag'?: number;
+  'msPKI-Enrollment-Flag'?: number;
+  'msPKI-Private-Key-Flag'?: number;
+  'msPKI-RA-Signature'?: number;
+  // Schema version (1 = legacy, 2+ = newer with security extension support)
+  'msPKI-Template-Schema-Version'?: number;
+  // Extended Key Usage OIDs
+  pKIExtendedKeyUsage?: string[];
+  // Security descriptor for ACL analysis
+  nTSecurityDescriptor?: Buffer;
+  // cn field (used for matching)
+  cn?: string;
+}
+/**
+ * ADCS Certificate Authority
+ */
+export interface ADCSCertificateAuthority {
+  dn: string;
+  name: string;
+  dNSHostName: string;
+  // CA configuration
+  certificateTemplates?: string[];
+  cACertificate?: Buffer;
+  // Security descriptor
+  nTSecurityDescriptor?: Buffer;
+}
+// Certificate Name Flags (msPKI-Certificate-Name-Flag)
+export const CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT = 0x00000001;
+export const CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT_ALT_NAME = 0x00010000;
+export const CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH = 0x80000000;
+export const CT_FLAG_SUBJECT_REQUIRE_COMMON_NAME = 0x40000000;
+export const CT_FLAG_SUBJECT_REQUIRE_EMAIL = 0x20000000;
+export const CT_FLAG_SUBJECT_REQUIRE_DNS_AS_CN = 0x10000000;
+export const CT_FLAG_SUBJECT_ALT_REQUIRE_UPN = 0x02000000;
+export const CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL = 0x04000000;
+export const CT_FLAG_SUBJECT_ALT_REQUIRE_SPN = 0x00800000;
+export const CT_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID = 0x01000000;
+export const CT_FLAG_SUBJECT_ALT_REQUIRE_DNS = 0x08000000;
+export const CT_FLAG_SUBJECT_ALT_REQUIRE_DOMAIN_DNS = 0x00400000;
+// Enrollment Flags (msPKI-Enrollment-Flag)
+export const CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS = 0x00000001;
+export const CT_FLAG_PEND_ALL_REQUESTS = 0x00000002; // Manager approval required
+export const CT_FLAG_PUBLISH_TO_KRA_CONTAINER = 0x00000004;
+export const CT_FLAG_PUBLISH_TO_DS = 0x00000008;
+export const CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE = 0x00000010;
+export const CT_FLAG_AUTO_ENROLLMENT = 0x00000020;
+export const CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT = 0x00000040;
+export const CT_FLAG_USER_INTERACTION_REQUIRED = 0x00000100;
+export const CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE = 0x00000400;
+export const CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF = 0x00000800;
+export const CT_FLAG_ADD_OCSP_NOCHECK = 0x00001000;
+export const CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL = 0x00002000;
+export const CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS = 0x00004000;
+export const CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS = 0x00008000;
+export const CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT = 0x00010000;
+export const CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST = 0x00020000;
+// Common Extended Key Usage OIDs
+export const EKU_CLIENT_AUTH = '1.3.6.1.5.5.7.3.2';
+export const EKU_PKIINIT_CLIENT_AUTH = '1.3.6.1.5.2.3.4';
+export const EKU_SMART_CARD_LOGON = '1.3.6.1.4.1.311.20.2.2';
+export const EKU_ANY_PURPOSE = '2.5.29.37.0';
+export const EKU_CERTIFICATE_REQUEST_AGENT = '1.3.6.1.4.1.311.20.2.1'; // Enrollment Agent
+export const EKU_SERVER_AUTH = '1.3.6.1.5.5.7.3.1';
+/**
+ * ESC vulnerability type enum
+ */
+export type ESCVulnerabilityType =
+  | 'ESC1'
+  | 'ESC2'
+  | 'ESC3'
+  | 'ESC4'
+  | 'ESC5'
+  | 'ESC6'
+  | 'ESC7'
+  | 'ESC8'
+  | 'ESC9'
+  | 'ESC10'
+  | 'ESC11';

package/src/types/attack-graph.types.ts ADDED Viewed

@@ -0,0 +1,260 @@
+/**
+ * Attack Graph Export Types
+ *
+ * Types for exporting attack path data in a format suitable
+ * for visualization tools like BloodHound or custom graph UIs.
+ */
+/**
+ * Node types in the attack graph
+ */
+export type AttackNodeType = 'user' | 'group' | 'computer' | 'gpo' | 'ou' | 'domain';
+/**
+ * Risk levels for attack paths
+ */
+export type AttackPathRisk = 'critical' | 'high' | 'medium' | 'low';
+/**
+ * Types of attack paths
+ */
+export type AttackPathType =
+  | 'ACL_ABUSE'
+  | 'KERBEROASTING'
+  | 'ASREP_ROASTING'
+  | 'DELEGATION_ABUSE'
+  | 'LATERAL_MOVEMENT'
+  | 'CERTIFICATE_ABUSE'
+  | 'GROUP_MEMBERSHIP'
+  | 'DCSYNC'
+  | 'OWNERSHIP_ABUSE';
+/**
+ * Relation types between nodes
+ */
+export type AttackRelationType =
+  | 'MemberOf'
+  | 'GenericAll'
+  | 'WriteDacl'
+  | 'WriteOwner'
+  | 'GenericWrite'
+  | 'ForceChangePassword'
+  | 'AddMember'
+  | 'DCSync'
+  | 'AllowedToDelegate'
+  | 'AllowedToAct'
+  | 'HasSPN'
+  | 'NoPreauth'
+  | 'Owns'
+  | 'AdminTo'
+  | 'HasSession'
+  | 'CanPSRemote'
+  | 'CanRDP'
+  | 'ExecuteDCOM'
+  | 'SQLAdmin'
+  | 'ReadLAPSPassword'
+  | 'ReadGMSAPassword'
+  | 'Contains'
+  | 'GPLink'
+  | 'TrustedBy';
+/**
+ * A node in the attack graph
+ */
+export interface AttackGraphNode {
+  id: string; // SID or unique identifier
+  name: string; // sAMAccountName or displayName
+  type: AttackNodeType;
+  sid?: string;
+  dn?: string;
+  domain?: string;
+  isEnabled?: boolean;
+  isPrivileged?: boolean;
+}
+/**
+ * A relation in the attack chain
+ */
+export interface AttackGraphRelation {
+  relation: AttackRelationType;
+  isAbusable: boolean;
+  accessMask?: number;
+  objectType?: string;
+  description?: string;
+}
+/**
+ * Chain element - either a node or a relation
+ */
+export type AttackChainElement = AttackGraphNode | AttackGraphRelation;
+/**
+ * Entry point properties for an attack path
+ */
+export interface AttackEntryPointProperties {
+  hasSPN?: boolean;
+  noPreauth?: boolean;
+  passwordNotExpire?: boolean;
+  unconstrained?: boolean;
+  constrained?: boolean;
+  rbcd?: boolean;
+  adminCount?: boolean;
+  enabled?: boolean;
+}
+/**
+ * Entry point for an attack path
+ */
+export interface AttackEntryPoint {
+  id: string;
+  name: string;
+  type: AttackNodeType;
+  properties: AttackEntryPointProperties;
+}
+/**
+ * A complete attack path
+ */
+export interface AttackPath {
+  id: string; // path-001, path-002, etc.
+  risk: AttackPathRisk;
+  type: AttackPathType;
+  hops: number;
+  description: string;
+  chain: AttackChainElement[];
+  entryPoint: AttackEntryPoint;
+  target: AttackGraphNode;
+  mitigation: string;
+}
+/**
+ * Target information
+ */
+export interface AttackTarget {
+  id: string;
+  name: string;
+  type: AttackNodeType;
+  sid?: string;
+  dn?: string;
+  reason: string; // Why this is a target (e.g., "Domain Admins", "adminCount=1")
+}
+/**
+ * Statistics for the attack graph
+ */
+export interface AttackGraphStats {
+  totalPaths: number;
+  byRisk: {
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+  };
+  byType: Record<AttackPathType, number>;
+  averageHops: number;
+  shortestPath: number;
+  longestPath: number;
+}
+/**
+ * Unique node with path count
+ */
+export interface AttackGraphUniqueNode {
+  id: string;
+  name: string;
+  type: AttackNodeType;
+  pathCount: number; // Number of paths this node appears in
+  sid?: string;
+}
+/**
+ * Complete attack graph export format
+ */
+export interface AttackGraphExport {
+  version: string;
+  generatedAt: string; // ISO 8601 timestamp
+  domain: string;
+  targets: AttackTarget[];
+  paths: AttackPath[];
+  stats: AttackGraphStats;
+  uniqueNodes: AttackGraphUniqueNode[];
+}
+/**
+ * ACL GUIDs for specific rights
+ */
+export const ACL_GUIDS = {
+  // Extended rights
+  FORCE_CHANGE_PASSWORD: '00299570-246d-11d0-a768-00aa006e0529',
+  DS_REPLICATION_GET_CHANGES: '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2',
+  DS_REPLICATION_GET_CHANGES_ALL: '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2',
+  DS_REPLICATION_GET_CHANGES_IN_FILTERED_SET: '89e95b76-444d-4c62-991a-0facbeda640c',
+  // Property sets
+  SELF_MEMBERSHIP: 'bf9679c0-0de6-11d0-a285-00aa003049e2', // Add self to group
+  // Schema objects for LAPS
+  LAPS_PASSWORD: 'e91556f8-b3c8-4b66-b3c8-4b0c8ac2c45b',
+  // Certificate enrollment
+  CERTIFICATE_ENROLLMENT: '0e10c968-78fb-11d2-90d4-00c04f79dc55',
+  CERTIFICATE_AUTOENROLLMENT: 'a05b8cc2-17bc-4802-a710-e7c15ab866a2',
+} as const;
+/**
+ * Access mask bits for ACL analysis
+ */
+export const ACCESS_MASK = {
+  GENERIC_READ: 0x80000000,
+  GENERIC_WRITE: 0x40000000,
+  GENERIC_EXECUTE: 0x20000000,
+  GENERIC_ALL: 0x10000000,
+  MAXIMUM_ALLOWED: 0x02000000,
+  ACCESS_SYSTEM_SECURITY: 0x01000000,
+  SYNCHRONIZE: 0x00100000,
+  WRITE_OWNER: 0x00080000,
+  WRITE_DACL: 0x00040000,
+  READ_CONTROL: 0x00020000,
+  DELETE: 0x00010000,
+  WRITE_PROPERTY: 0x00000020,
+  READ_PROPERTY: 0x00000010,
+  SELF: 0x00000008,
+  LIST_OBJECT: 0x00000080,
+  DELETE_TREE: 0x00000040,
+  CONTROL_ACCESS: 0x00000100, // Extended right
+} as const;
+/**
+ * Well-known privileged SID suffixes (relative to domain SID)
+ */
+export const PRIVILEGED_SID_SUFFIXES = {
+  DOMAIN_ADMINS: '-512',
+  DOMAIN_USERS: '-513',
+  DOMAIN_GUESTS: '-514',
+  DOMAIN_COMPUTERS: '-515',
+  DOMAIN_CONTROLLERS: '-516',
+  SCHEMA_ADMINS: '-518',
+  ENTERPRISE_ADMINS: '-519',
+  GROUP_POLICY_CREATOR_OWNERS: '-520',
+  KEY_ADMINS: '-526',
+  ENTERPRISE_KEY_ADMINS: '-527',
+  ADMINISTRATORS: '-544',
+  BACKUP_OPERATORS: '-551',
+  ACCOUNT_OPERATORS: '-548',
+  SERVER_OPERATORS: '-549',
+  PRINT_OPERATORS: '-550',
+} as const;
+/**
+ * Check if a node element in chain
+ */
+export function isAttackGraphNode(element: AttackChainElement): element is AttackGraphNode {
+  return 'type' in element && 'name' in element && !('relation' in element);
+}
+/**
+ * Check if a relation element in chain
+ */
+export function isAttackGraphRelation(element: AttackChainElement): element is AttackGraphRelation {
+  return 'relation' in element;
+}

package/src/types/audit.types.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { Finding } from './finding.types';
+/**
+ * Audit Types
+ */
+export type Provider = 'active-directory' | 'azure';
+export interface AuditOptions {
+  includeDetails?: boolean;
+  includeComputers?: boolean;
+  includeConfig?: boolean;
+}
+export interface AuditSummary {
+  totalFindings: number;
+  critical: number;
+  high: number;
+  medium: number;
+  low: number;
+  riskScore: number;
+  categoryScores?: Record<string, number>;
+}
+export interface AuditMetadata {
+  auditId: string;
+  provider: Provider;
+  timestamp: string;
+  duration: number; // milliseconds
+  objectsCounted?: {
+    users?: number;
+    groups?: number;
+    computers?: number;
+    policies?: number;
+  };
+}
+export interface AuditResult {
+  metadata: AuditMetadata;
+  summary: AuditSummary;
+  findings: Finding[];
+}

package/src/types/azure.types.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Azure AD Types
+ */
+export interface AzureUser {
+  // Core identity
+  id: string;
+  userPrincipalName: string;
+  displayName?: string;
+  mail?: string;
+  givenName?: string;
+  surname?: string;
+  // Organization
+  jobTitle?: string;
+  department?: string;
+  companyName?: string;
+  manager?: { id?: string; displayName?: string } | string;
+  officeLocation?: string;
+  employeeId?: string;
+  // Dates
+  createdDateTime?: string;
+  lastSignInDateTime?: string;
+  lastPasswordChangeDateTime?: string;
+  // Security
+  accountEnabled: boolean;
+  userType?: string; // "Member" | "Guest"
+  riskLevel?: string;
+  riskState?: string;
+  isMfaRegistered?: boolean;
+  strongAuthenticationMethods?: unknown[];
+  assignedLicenses?: Array<{ skuId?: string }>;
+  memberOf?: Array<{ id?: string; displayName?: string }> | string[];
+  passwordPolicies?: string;
+  // Allow additional attributes
+  [key: string]: unknown;
+}
+export interface AzureGroup {
+  id: string;
+  displayName: string;
+  mailEnabled: boolean;
+  securityEnabled: boolean;
+  groupTypes?: string[];
+  members?: string[];
+  [key: string]: unknown;
+}
+export interface AzureApp {
+  id: string;
+  appId: string;
+  displayName: string;
+  createdDateTime?: string;
+  signInAudience?: string;
+  [key: string]: unknown;
+}
+export interface AzurePolicy {
+  id: string;
+  displayName: string;
+  state?: string;
+  conditions?: unknown;
+  grantControls?: unknown;
+  [key: string]: unknown;
+}

package/src/types/config.types.ts ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * Configuration Types
+ */
+export interface ServerConfig {
+  port: number;
+  nodeEnv: 'development' | 'production' | 'test';
+}
+export interface JWTConfig {
+  privateKeyPath: string;
+  publicKeyPath: string;
+  tokenExpiry: string;
+  tokenMaxUses: number;
+}
+export interface InfoEndpointsConfig {
+  tokenInfoEnabled: boolean;
+  providersInfoEnabled: boolean;
+}
+export interface LDAPConfig {
+  url: string;
+  bindDN: string;
+  bindPassword: string;
+  baseDN: string;
+  tlsVerify: boolean;
+  caCertPath?: string;
+  timeout: number;
+  skipHostnameVerification?: boolean;
+  tlsServername?: string;
+}
+export interface AzureConfig {
+  enabled: boolean;
+  tenantId?: string;
+  tenantName?: string;
+  clientId?: string;
+  clientSecret?: string;
+}
+export interface SMBConfig {
+  enabled: boolean;
+  /** Username for SMB auth (defaults to LDAP user if not set) */
+  username?: string;
+  /** Password for SMB auth (defaults to LDAP password if not set) */
+  password?: string;
+  /** Connection timeout in ms */
+  timeout: number;
+}
+/** Azure config with required credentials (for GraphProvider) */
+export interface AzureProviderConfig {
+  tenantId: string;
+  clientId: string;
+  clientSecret: string;
+}
+export interface LoggingConfig {
+  level: 'error' | 'warn' | 'info' | 'debug';
+  format: 'json' | 'simple';
+}
+export interface DatabaseConfig {
+  path: string;
+  enableWAL: boolean;
+  busyTimeout: number;
+}
+export interface AppConfig {
+  server: ServerConfig;
+  infoEndpoints: InfoEndpointsConfig;
+  jwt: JWTConfig;
+  ldap: LDAPConfig;
+  azure: AzureConfig;
+  smb: SMBConfig;
+  logging: LoggingConfig;
+  database: DatabaseConfig;
+}

package/src/types/error.types.ts ADDED Viewed

@@ -0,0 +1,69 @@
+/**
+ * Custom Error Classes
+ */
+export class BaseError extends Error {
+  constructor(
+    message: string,
+    public statusCode: number = 500,
+    public isOperational: boolean = true
+  ) {
+    super(message);
+    this.name = this.constructor.name;
+    Error.captureStackTrace(this, this.constructor);
+  }
+}
+export class AuthenticationError extends BaseError {
+  constructor(message = 'Authentication failed') {
+    super(message, 401);
+  }
+}
+export class AuthorizationError extends BaseError {
+  constructor(message = 'Insufficient permissions') {
+    super(message, 403);
+  }
+}
+export class ValidationError extends BaseError {
+  constructor(message = 'Validation failed') {
+    super(message, 400);
+  }
+}
+export class NotFoundError extends BaseError {
+  constructor(message = 'Resource not found') {
+    super(message, 404);
+  }
+}
+export class LDAPConnectionError extends BaseError {
+  constructor(message = 'LDAP connection failed') {
+    super(message, 503);
+  }
+}
+export class GraphAPIError extends BaseError {
+  constructor(message = 'Graph API request failed') {
+    super(message, 502);
+  }
+}
+export class AuditExecutionError extends BaseError {
+  constructor(message = 'Audit execution failed') {
+    super(message, 500);
+  }
+}
+export class TokenExpiredError extends BaseError {
+  constructor(message = 'Token has expired') {
+    super(message, 401);
+  }
+}
+export class RateLimitError extends BaseError {
+  constructor(message = 'Rate limit exceeded') {
+    super(message, 429);
+  }
+}