@feardread/fear 1.0.1

package/libs/agent/modules/security/monitor.js

@@ -0,0 +1,360 @@
+// modules/traffic-monitor.js - Real-time Network Traffic Monitor
+const { spawn } = require('child_process');
+const fs = require('fs').promises;
+const os = require('os');
+
+class Monitor {
+  constructor() {
+    this.monitoring = false;
+    this.tcpdumpProcess = null;
+    this.stats = {
+      startTime: null,
+      packets: {
+        total: 0,
+        tcp: 0,
+        udp: 0,
+        icmp: 0,
+        other: 0
+      },
+      protocols: {
+        http: 0,
+        https: 0,
+        dns: 0,
+        ssh: 0,
+        ftp: 0
+      },
+      traffic: {
+        incoming: 0,
+        outgoing: 0,
+        totalBytes: 0
+      },
+      suspicious: [],
+      connections: new Map()
+    };
+  }
+
+  async startMonitoring(args) {
+    if (this.monitoring) {
+      console.log('⚠️  Traffic monitoring is already running. Use "stop-monitor" first.\n');
+      return;
+    }
+
+    const iface = args[0] || this.getDefaultInterface();
+    
+    console.log(`\n������ Starting Traffic Monitor`);
+    console.log(`═══════════════════════════════════════`);
+    console.log(`Interface: ${iface}`);
+    console.log(`Time: ${new Date().toLocaleString()}`);
+    console.log(`\nMonitoring... (Press Ctrl+C or use "stop-monitor" to stop)\n`);
+    
+    this.monitoring = true;
+    this.stats.startTime = Date.now();
+    
+    // Check if we have tcpdump or use fallback
+    const hasTcpdump = await this.checkCommand('tcpdump');
+    
+    if (hasTcpdump) {
+      this.startTcpdumpMonitor(iface);
+    } else {
+      console.log('⚠️  tcpdump not found. Using fallback monitoring...\n');
+      this.startFallbackMonitor();
+    }
+  }
+
+  async checkCommand(cmd) {
+    return new Promise((resolve) => {
+      const proc = spawn('which', [cmd]);
+      proc.on('close', (code) => resolve(code === 0));
+    });
+  }
+
+  startTcpdumpMonitor(iface) {
+    // tcpdump -i interface -n -l
+    // Note: May require sudo privileges
+    this.tcpdumpProcess = spawn('tcpdump', [
+      '-i', iface,
+      '-n',  // Don't resolve hostnames
+      '-l',  // Line buffered
+      '-tttt' // Human readable timestamps
+    ]);
+
+    this.tcpdumpProcess.stdout.on('data', (data) => {
+      const lines = data.toString().split('\n');
+      lines.forEach(line => this.parsePacket(line));
+    });
+
+    this.tcpdumpProcess.stderr.on('data', (data) => {
+      const msg = data.toString();
+      if (msg.includes('Permission denied')) {
+        console.log('❌ Permission denied. Try running with sudo.\n');
+        this.stopMonitoring();
+      } else if (!msg.includes('listening on')) {
+        console.error(`⚠️  ${msg}`);
+      }
+    });
+
+    this.tcpdumpProcess.on('close', () => {
+      this.monitoring = false;
+    });
+  }
+
+  startFallbackMonitor() {
+    // Fallback: Monitor using netstat
+    this.monitorInterval = setInterval(() => {
+      this.sampleNetworkActivity();
+    }, 2000);
+  }
+
+  async sampleNetworkActivity() {
+    const proc = spawn('netstat', ['-an']);
+    let output = '';
+
+    proc.stdout.on('data', (data) => {
+      output += data.toString();
+    });
+
+    proc.on('close', () => {
+      const lines = output.split('\n');
+      let established = 0;
+      
+      lines.forEach(line => {
+        if (line.includes('ESTABLISHED')) {
+          established++;
+          this.stats.packets.total++;
+          
+          // Basic protocol detection
+          if (line.includes(':80 ') || line.includes(':8080 ')) {
+            this.stats.protocols.http++;
+          } else if (line.includes(':443 ') || line.includes(':8443 ')) {
+            this.stats.protocols.https++;
+          } else if (line.includes(':22 ')) {
+            this.stats.protocols.ssh++;
+          } else if (line.includes(':53 ')) {
+            this.stats.protocols.dns++;
+          }
+        }
+      });
+
+      if (established > 0) {
+        console.log(`������ Active connections: ${established}`);
+      }
+    });
+  }
+
+  parsePacket(line) {
+    if (!line.trim()) return;
+
+    this.stats.packets.total++;
+
+    // Parse protocol
+    if (line.includes('TCP') || line.includes('tcp')) {
+      this.stats.packets.tcp++;
+    } else if (line.includes('UDP') || line.includes('udp')) {
+      this.stats.packets.udp++;
+    } else if (line.includes('ICMP') || line.includes('icmp')) {
+      this.stats.packets.icmp++;
+    } else {
+      this.stats.packets.other++;
+    }
+
+    // Parse ports for protocol detection
+    if (line.match(/\.80\s|\.80:/)) {
+      this.stats.protocols.http++;
+    } else if (line.match(/\.443\s|\.443:/)) {
+      this.stats.protocols.https++;
+    } else if (line.match(/\.53\s|\.53:/)) {
+      this.stats.protocols.dns++;
+    } else if (line.match(/\.22\s|\.22:/)) {
+      this.stats.protocols.ssh++;
+    } else if (line.match(/\.21\s|\.21:/)) {
+      this.stats.protocols.ftp++;
+    }
+
+    // Detect suspicious patterns
+    this.detectSuspicious(line);
+
+    // Display packet (rate limited)
+    if (this.stats.packets.total % 50 === 0) {
+      this.displayLiveStats();
+    }
+  }
+
+  detectSuspicious(line) {
+    const suspicious = [];
+
+    // Port scanning detection (many connections from same IP)
+    const ipMatch = line.match(/(\d+\.\d+\.\d+\.\d+)/);
+    if (ipMatch) {
+      const ip = ipMatch[1];
+      const count = this.stats.connections.get(ip) || 0;
+      this.stats.connections.set(ip, count + 1);
+
+      if (count > 100) {
+        suspicious.push({
+          type: 'Port Scan',
+          detail: `Multiple connections from ${ip}`,
+          timestamp: new Date()
+        });
+      }
+    }
+
+    // Unusual ports
+    if (line.match(/\.(666|1337|31337|4444|5555)\s/)) {
+      suspicious.push({
+        type: 'Suspicious Port',
+        detail: 'Connection to uncommon port',
+        timestamp: new Date()
+      });
+    }
+
+    // FTP (unencrypted)
+    if (line.includes('.21 ') || line.includes(':21 ')) {
+      suspicious.push({
+        type: 'Unencrypted Protocol',
+        detail: 'FTP traffic detected (consider SFTP)',
+        timestamp: new Date()
+      });
+    }
+
+    // Telnet (unencrypted)
+    if (line.includes('.23 ') || line.includes(':23 ')) {
+      suspicious.push({
+        type: 'Unencrypted Protocol',
+        detail: 'Telnet traffic detected (use SSH)',
+        timestamp: new Date()
+      });
+    }
+
+    if (suspicious.length > 0) {
+      suspicious.forEach(s => {
+        this.stats.suspicious.push(s);
+        console.log(`������ ${s.type}: ${s.detail}`);
+      });
+    }
+  }
+
+  displayLiveStats() {
+    console.log(`\n������ Live Stats (${this.stats.packets.total} packets)`);
+    console.log(`  TCP: ${this.stats.packets.tcp} | UDP: ${this.stats.packets.udp} | ICMP: ${this.stats.packets.icmp}`);
+    console.log(`  HTTP: ${this.stats.protocols.http} | HTTPS: ${this.stats.protocols.https} | DNS: ${this.stats.protocols.dns}`);
+  }
+
+  stopMonitoring() {
+    if (!this.monitoring) {
+      console.log('ℹ️  Traffic monitoring is not running.\n');
+      return;
+    }
+
+    if (this.tcpdumpProcess) {
+      this.tcpdumpProcess.kill();
+      this.tcpdumpProcess = null;
+    }
+
+    if (this.monitorInterval) {
+      clearInterval(this.monitorInterval);
+      this.monitorInterval = null;
+    }
+
+    this.monitoring = false;
+    console.log('\n✅ Traffic monitoring stopped.\n');
+  }
+
+  showStats() {
+    if (!this.stats.startTime) {
+      console.log('ℹ️  No monitoring data available. Start monitoring first.\n');
+      return;
+    }
+
+    const duration = Math.floor((Date.now() - this.stats.startTime) / 1000);
+    const minutes = Math.floor(duration / 60);
+    const seconds = duration % 60;
+
+    console.log(`\n������ Traffic Statistics`);
+    console.log(`═══════════════════════════════════════`);
+    console.log(`Duration: ${minutes}m ${seconds}s`);
+    console.log(`Status: ${this.monitoring ? '������ Active' : '������ Stopped'}\n`);
+
+    console.log(`Packets:`);
+    console.log(`  Total: ${this.stats.packets.total}`);
+    console.log(`  TCP: ${this.stats.packets.tcp} (${this.getPercentage(this.stats.packets.tcp, this.stats.packets.total)}%)`);
+    console.log(`  UDP: ${this.stats.packets.udp} (${this.getPercentage(this.stats.packets.udp, this.stats.packets.total)}%)`);
+    console.log(`  ICMP: ${this.stats.packets.icmp} (${this.getPercentage(this.stats.packets.icmp, this.stats.packets.total)}%)`);
+    console.log(`  Other: ${this.stats.packets.other}\n`);
+
+    console.log(`Protocols:`);
+    console.log(`  HTTP: ${this.stats.protocols.http}`);
+    console.log(`  HTTPS: ${this.stats.protocols.https}`);
+    console.log(`  DNS: ${this.stats.protocols.dns}`);
+    console.log(`  SSH: ${this.stats.protocols.ssh}`);
+    console.log(`  FTP: ${this.stats.protocols.ftp}\n`);
+
+    if (this.stats.suspicious.length > 0) {
+      console.log(`������ Suspicious Activity (${this.stats.suspicious.length} events):`);
+      const recent = this.stats.suspicious.slice(-10);
+      recent.forEach(s => {
+        console.log(`  [${s.timestamp.toLocaleTimeString()}] ${s.type}: ${s.detail}`);
+      });
+      console.log();
+    }
+
+    // Top talkers
+    if (this.stats.connections.size > 0) {
+      console.log(`Top Connections:`);
+      const sorted = Array.from(this.stats.connections.entries())
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, 5);
+      
+      sorted.forEach(([ip, count]) => {
+        console.log(`  ${ip}: ${count} packets`);
+      });
+      console.log();
+    }
+  }
+
+  getPercentage(value, total) {
+    if (total === 0) return 0;
+    return ((value / total) * 100).toFixed(1);
+  }
+
+  async exportData(args) {
+    const filename = args[0] || `traffic-export-${Date.now()}.json`;
+
+    const exportData = {
+      exportTime: new Date().toISOString(),
+      monitoringDuration: this.stats.startTime ? Date.now() - this.stats.startTime : 0,
+      statistics: {
+        packets: this.stats.packets,
+        protocols: this.stats.protocols,
+        traffic: this.stats.traffic
+      },
+      suspicious: this.stats.suspicious,
+      topConnections: Array.from(this.stats.connections.entries())
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, 20)
+        .map(([ip, count]) => ({ ip, packetCount: count }))
+    };
+
+    try {
+      await fs.writeFile(filename, JSON.stringify(exportData, null, 2));
+      console.log(`\n✅ Traffic data exported to: ${filename}\n`);
+    } catch (err) {
+      console.log(`❌ Export failed: ${err.message}\n`);
+    }
+  }
+
+  getDefaultInterface() {
+    const platform = os.platform();
+    
+    if (platform === 'darwin') {
+      return 'en0';
+    } else if (platform === 'linux') {
+      return 'eth0';
+    } else if (platform === 'win32') {
+      return 'Ethernet';
+    }
+    
+    return 'any';
+  }
+}
+
+module.exports = Monitor;

package/libs/agent/modules/security/scanner.js

@@ -0,0 +1,300 @@
+// modules/scanner.js - Network and Security Scanner
+const net = require('net');
+const fs = require('fs').promises;
+const path = require('path');
+const os = require('os');
+
+const Scanner = function() {
+    this.commonPorts = {
+      20: 'FTP Data',
+      21: 'FTP Control',
+      22: 'SSH',
+      23: 'Telnet',
+      25: 'SMTP',
+      53: 'DNS',
+      80: 'HTTP',
+      110: 'POP3',
+      143: 'IMAP',
+      443: 'HTTPS',
+      445: 'SMB',
+      3306: 'MySQL',
+      3389: 'RDP',
+      5432: 'PostgreSQL',
+      6379: 'Redis',
+      8080: 'HTTP Alt',
+      8443: 'HTTPS Alt',
+      27017: 'MongoDB'
+    };
+}
+
+Scanner.prototype = {
+
+  async scanPorts(args) {
+    const host = args[0] || '127.0.0.1';
+    const startPort = parseInt(args[1]) || 1;
+    const endPort = parseInt(args[2]) || 1024;
+    
+    console.log(`\n������ Port Scan Report`);
+    console.log(`═══════════════════════════════════════`);
+    console.log(`Target: ${host}`);
+    console.log(`Range: ${startPort}-${endPort}`);
+    console.log(`Started: ${new Date().toLocaleString()}\n`);
+    
+    const startTime = Date.now();
+    const openPorts = [];
+    const promises = [];
+    let scanned = 0;
+    const total = endPort - startPort + 1;
+    
+    for (let port = startPort; port <= endPort; port++) {
+      promises.push(
+        this.checkPort(host, port)
+          .then(isOpen => {
+            scanned++;
+            if (isOpen) {
+              const service = this.commonPorts[port] || 'Unknown';
+              openPorts.push({ port, service });
+              console.log(`✅ Port ${port} OPEN - ${service}`);
+            }
+            // Progress indicator
+            if (scanned % 100 === 0) {
+              process.stdout.write(`\r⏳ Progress: ${scanned}/${total} ports scanned...`);
+            }
+          })
+          .catch(() => {})
+      );
+      
+      // Limit concurrent connections
+      if (promises.length >= 100) {
+        await Promise.all(promises);
+        promises.length = 0;
+      }
+    }
+    
+    await Promise.all(promises);
+    
+    const duration = ((Date.now() - startTime) / 1000).toFixed(2);
+    
+    console.log(`\n\n������ Scan Summary`);
+    console.log(`═══════════════════════════════════════`);
+    console.log(`Total ports scanned: ${total}`);
+    console.log(`Open ports: ${openPorts.length}`);
+    console.log(`Duration: ${duration}s`);
+    
+    if (openPorts.length > 0) {
+      console.log(`\n⚠️  Security Notes:`);
+      openPorts.forEach(({ port, service }) => {
+        if ([21, 23, 445, 3389].includes(port)) {
+          console.log(`  ������ Port ${port} (${service}) - Consider closing if unused`);
+        }
+      });
+    }
+    console.log();
+  },
+
+  checkPort(host, port, timeout = 1000) {
+    return new Promise((resolve) => {
+      const socket = new net.Socket();
+      
+      socket.setTimeout(timeout);
+      socket.on('connect', () => {
+        socket.destroy();
+        resolve(true);
+      });
+      
+      socket.on('timeout', () => {
+        socket.destroy();
+        resolve(false);
+      });
+      
+      socket.on('error', () => {
+        resolve(false);
+      });
+      
+      socket.connect(port, host);
+    });
+  },
+
+  async checkDependencies(args) {
+    const dir = args[0] || '.';
+    const pkgPath = path.join(dir, 'package.json');
+    
+    try {
+      const data = await fs.readFile(pkgPath, 'utf8');
+      const pkg = JSON.parse(data);
+      
+      console.log('\n������ Dependency Analysis');
+      console.log(`═══════════════════════════════════════`);
+      console.log(`Project: ${pkg.name || 'Unknown'}`);
+      console.log(`Version: ${pkg.version || 'Unknown'}`);
+      console.log(`License: ${pkg.license || 'Not specified'}\n`);
+      
+      const deps = pkg.dependencies || {};
+      const devDeps = pkg.devDependencies || {};
+      
+      if (Object.keys(deps).length > 0) {
+        console.log('������ Production Dependencies:');
+        Object.entries(deps).forEach(([name, ver]) => {
+          console.log(`  • ${name}: ${ver}`);
+        });
+        console.log();
+      }
+      
+      if (Object.keys(devDeps).length > 0) {
+        console.log('������ Dev Dependencies:');
+        Object.entries(devDeps).forEach(([name, ver]) => {
+          console.log(`  • ${name}: ${ver}`);
+        });
+        console.log();
+      }
+      
+      console.log('Recommendations:');
+      console.log('  • Run "npm audit" for vulnerability scan');
+      console.log('  • Run "npm outdated" to check for updates');
+      console.log('  • Consider using "npm audit fix" for auto-fixes\n');
+      
+    } catch (err) {
+      console.log(`❌ Could not read package.json: ${err.message}\n`);
+    }
+  },
+
+  async getNetworkInfo() {
+    const interfaces = os.networkInterfaces();
+    
+    console.log('\n������ Network Interface Information');
+    console.log(`═══════════════════════════════════════`);
+    console.log(`Hostname: ${os.hostname()}`);
+    console.log(`Platform: ${os.platform()} ${os.arch()}\n`);
+    
+    Object.entries(interfaces).forEach(([name, addrs]) => {
+      console.log(`������ ${name}:`);
+      addrs.forEach(addr => {
+        const status = addr.internal ? '(Internal)' : '(External)';
+        console.log(`  ${addr.family.padEnd(6)} ${addr.address.padEnd(40)} ${status}`);
+        if (addr.mac && addr.mac !== '00:00:00:00:00:00') {
+          console.log(`  MAC: ${addr.mac}`);
+        }
+      });
+      console.log();
+    });
+  },
+
+  async securityAudit(args) {
+    const dir = args[0] || '.';
+    
+    console.log('\n������ Security Audit Report');
+    console.log(`═══════════════════════════════════════`);
+    console.log(`Directory: ${path.resolve(dir)}`);
+    console.log(`Date: ${new Date().toLocaleString()}\n`);
+    
+    const checks = [];
+    
+    // Check Node.js version
+    const nodeVer = process.version;
+    const majorVer = parseInt(nodeVer.slice(1).split('.')[0]);
+    checks.push({
+      category: 'Runtime',
+      name: 'Node.js Version',
+      status: majorVer >= 18 ? 'PASS' : 'WARN',
+      value: nodeVer,
+      note: majorVer < 18 ? 'Consider upgrading to LTS version' : null
+    });
+    
+    // Check for security files
+    const securityFiles = [
+      { file: '.gitignore', critical: true },
+      { file: '.env.example', critical: false },
+      { file: 'README.md', critical: false },
+      { file: 'SECURITY.md', critical: false },
+      { file: '.npmrc', critical: false }
+    ];
+    
+    for (const { file, critical } of securityFiles) {
+      try {
+        await fs.access(path.join(dir, file));
+        checks.push({
+          category: 'Files',
+          name: file,
+          status: 'PASS',
+          value: 'Present'
+        });
+      } catch {
+        checks.push({
+          category: 'Files',
+          name: file,
+          status: critical ? 'FAIL' : 'INFO',
+          value: 'Missing',
+          note: critical ? 'Recommended' : 'Optional'
+        });
+      }
+    }
+    
+    // Check .gitignore for sensitive patterns
+    try {
+      const gitignore = await fs.readFile(path.join(dir, '.gitignore'), 'utf8');
+      const patterns = ['.env', 'node_modules', '*.log', '.DS_Store'];
+      
+      patterns.forEach(pattern => {
+        checks.push({
+          category: 'GitIgnore',
+          name: pattern,
+          status: gitignore.includes(pattern) ? 'PASS' : 'WARN',
+          value: gitignore.includes(pattern) ? 'Ignored' : 'Not ignored'
+        });
+      });
+    } catch {
+      // Already reported missing .gitignore
+    }
+    
+    // Check for .env file (should exist, but be gitignored)
+    try {
+      await fs.access(path.join(dir, '.env'));
+      checks.push({
+        category: 'Environment',
+        name: '.env file',
+        status: 'INFO',
+        value: 'Present',
+        note: 'Ensure it\'s in .gitignore'
+      });
+    } catch {
+      checks.push({
+        category: 'Environment',
+        name: '.env file',
+        status: 'INFO',
+        value: 'Not found'
+      });
+    }
+    
+    // Display results
+    const grouped = {};
+    checks.forEach(check => {
+      if (!grouped[check.category]) grouped[check.category] = [];
+      grouped[check.category].push(check);
+    });
+    
+    Object.entries(grouped).forEach(([category, items]) => {
+      console.log(`\n${category}:`);
+      items.forEach(item => {
+        const icon = item.status === 'PASS' ? '✅' : 
+                     item.status === 'WARN' ? '⚠️' : 
+                     item.status === 'FAIL' ? '❌' : 'ℹ️';
+        console.log(`  ${icon} ${item.name}: ${item.value}`);
+        if (item.note) {
+          console.log(`     └─ ${item.note}`);
+        }
+      });
+    });
+    
+    console.log('\n\n������ Security Recommendations:');
+    console.log('  • Keep Node.js and dependencies updated');
+    console.log('  • Use environment variables for secrets');
+    console.log('  • Implement HTTPS in production');
+    console.log('  • Enable rate limiting on APIs');
+    console.log('  • Use security headers (helmet.js)');
+    console.log('  • Implement proper input validation');
+    console.log('  • Use parameterized queries for databases');
+    console.log('  • Enable CORS properly\n');
+  },
+}
+
+module.exports = Scanner;