@jshookmcp/jshook 0.2.5 → 0.2.6

package/workflows/challenge-detector/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "noEmit": false,
+    "outDir": "dist",
+    "rootDir": ".",
+    "strict": true,
+    "skipLibCheck": true,
+    "types": ["node"]
+  },
+  "include": ["workflow.ts"],
+  "exclude": ["dist", "node_modules"]
+}

package/workflows/challenge-detector/workflow.ts

@@ -0,0 +1,298 @@
+import {
+  createWorkflow,
+  type WorkflowExecutionContext,
+  SequenceNodeBuilder,
+} from '@jshookmcp/extension-sdk/workflow';
+
+const workflowId = 'workflow.challenge-detector.v2';
+
+export default createWorkflow(workflowId, 'Challenge Detector')
+  .description(
+    'Detects and classifies browser challenges: Cloudflare Turnstile/JS Challenge, hCaptcha, reCAPTCHA, DataDome, Akamai Bot Manager, PerimeterX, Kasada, CTF platforms (JuiceShop, DVWA, HackTheBox, TryHackMe, OverTheWire, picoCTF), and custom JS detection scripts — producing a challenge report with bypass difficulty assessment.',
+  )
+  .tags(['reverse', 'captcha', 'challenge', 'cloudflare', 'antibot', 'detection', 'turnstile', 'mission', 'ctf', 'juiceshop', 'dvwa', 'hackthebox'])
+  .timeoutMs(8 * 60_000)
+  .defaultMaxConcurrency(4)
+  .buildGraph((ctx: WorkflowExecutionContext) => {
+    const prefix = 'workflows.challengeDetector';
+    const url = String(ctx.getConfig(`${prefix}.url`, 'https://example.com'));
+    const waitUntil = String(ctx.getConfig(`${prefix}.waitUntil`, 'networkidle0'));
+    const requestTail = Number(ctx.getConfig(`${prefix}.requestTail`, 50));
+    const maxConcurrency = Number(ctx.getConfig(`${prefix}.parallel.maxConcurrency`, 4));
+
+    const challengeProbeScript = `
+(function() {
+  const challenges = {};
+
+  // === Security Challenges (Bot Detection) ===
+  // Cloudflare
+  challenges.cfTurnstile = !!document.querySelector('[data-sitekey]') || !!document.querySelector('.cf-turnstile');
+  challenges.cfChallenge = !!document.querySelector('#cf-challenge-running') || !!document.getElementById('challenge-form');
+  challenges.cfRay = document.querySelector('meta[name="cf-ray"]')?.content || null;
+  // reCAPTCHA
+  challenges.recaptcha = !!document.querySelector('.g-recaptcha') || !!document.querySelector('[data-sitekey]');
+  challenges.recaptchaV3 = typeof grecaptcha !== 'undefined';
+  // hCaptcha
+  challenges.hcaptcha = !!document.querySelector('.h-captcha') || !!document.querySelector('[data-hcaptcha-widget-id]');
+  // DataDome
+  challenges.datadome = !!document.querySelector('[data-dd]') || document.cookie.includes('datadome');
+  // Akamai Bot Manager
+  challenges.akamai = !!document.querySelector('script[src*="akamai"]') || !!document.querySelector('script[src*="bm/"]');
+  // PerimeterX / HUMAN
+  challenges.perimeterx = !!document.querySelector('script[src*="px"]') || !!window._pxUuid;
+  // Kasada
+  challenges.kasada = !!document.querySelector('script[src*="ips.js"]') || !!window.__kasada;
+  // Generic JS challenge signals
+  challenges.hasIframeChallenge = !!document.querySelector('iframe[src*="challenge"]');
+  challenges.hasNoscript = !!document.querySelector('noscript');
+  challenges.httpStatus = document.querySelector('meta[http-equiv="status"]')?.content || null;
+
+  // === CTF Platform Challenges ===
+  // OWASP Juice Shop
+  challenges.juiceShop = {
+    detected: !!document.querySelector('juice-shop-app') ||
+              !!document.querySelector('[ng-app="juiceShop"]') ||
+              !!document.querySelector('mat-toolbar[color="warn"]') ||
+              document.title.includes('OWASP Juice Shop'),
+    challenges: [],
+    score: null,
+    user: null
+  };
+  if (challenges.juiceShop.detected) {
+    try {
+      // Extract challenge list from localStorage or DOM
+      const completedChallenges = JSON.parse(localStorage.getItem('completedChallenges') || '[]');
+      const totalChallenges = document.querySelectorAll('[id^="challenge-"]').length ||
+                             document.querySelectorAll('.challenge-item').length ||
+                             document.querySelectorAll('mat-card').length || 0;
+      challenges.juiceShop.challenges = {
+        completed: Array.isArray(completedChallenges) ? completedChallenges.length : 0,
+        total: totalChallenges,
+        percentage: totalChallenges > 0 ? Math.round((completedChallenges.length / totalChallenges) * 100) : 0
+      };
+      // Try to get current user/score
+      const token = localStorage.getItem('token');
+      if (token) {
+        try {
+          const payload = JSON.parse(atob(token.split('.')[1]));
+          challenges.juiceShop.user = payload?.email || payload?.username || null;
+        } catch(e) {}
+      }
+      // Score board link
+      challenges.juiceShop.scoreBoardLink = !!document.querySelector('a[href="/#/score-board"]');
+    } catch(e) {
+      challenges.juiceShop.error = e.message;
+    }
+  }
+
+  // DVWA (Damn Vulnerable Web Application)
+  challenges.dvwa = {
+    detected: !!document.querySelector('div#main_navbar') ||
+              document.title.includes('Damn Vulnerable Web Application') ||
+              !!document.querySelector('img[src*="dvwa"]') ||
+              !!document.querySelector('a[href="vulnerabilities/xss_d/"]'),
+    securityLevel: null,
+    currentVulnerability: null
+  };
+  if (challenges.dvwa.detected) {
+    try {
+      // Extract security level from session cookie or DOM
+      const securityCookie = document.cookie.match(/security=([^;]+)/);
+      challenges.dvwa.securityLevel = securityCookie ? securityCookie[1] : null;
+      // Current page/vulnerability
+      const currentPage = new URLSearchParams(window.location.search).get('page');
+      challenges.dvwa.currentVulnerability = currentPage || window.location.pathname;
+      // Menu items indicate available vulnerabilities
+      const menuItems = document.querySelectorAll('li[id*="_menu"]');
+      challenges.dvwa.availableModules = menuItems.length;
+    } catch(e) {
+      challenges.dvwa.error = e.message;
+    }
+  }
+
+  // HackTheBox
+  challenges.hackthebox = {
+    detected: !!document.querySelector('[class*="htb"]') ||
+              document.title.includes('Hack The Box') ||
+              !!document.querySelector('a[href*="hackthebox"]') ||
+              !!document.querySelector('meta[property="og:site_name"][content*="Hack The Box"]'),
+    machineName: null,
+    machineType: null,
+    progress: null
+  };
+  if (challenges.hackthebox.detected) {
+    try {
+      // Try to extract machine info from DOM
+      const machineTitle = document.querySelector('h1[class*="machine"]')?.textContent ||
+                          document.querySelector('[class*="machine-name"]')?.textContent;
+      challenges.hackthebox.machineName = machineTitle?.trim() || null;
+      // Progress bar
+      const progressBar = document.querySelector('[role="progressbar"]')?.getAttribute('aria-valuenow');
+      challenges.hackthebox.progress = progressBar ? parseInt(progressBar) : null;
+    } catch(e) {
+      challenges.hackthebox.error = e.message;
+    }
+  }
+
+  // TryHackMe
+  challenges.tryhackme = {
+    detected: !!document.querySelector('[class*="tryhackme"]') ||
+              document.title.includes('TryHackMe') ||
+              !!document.querySelector('a[href*="tryhackme.com"]') ||
+              !!document.querySelector('[data-testid="task-content"]'),
+    roomName: null,
+    taskProgress: null
+  };
+  if (challenges.tryhackme.detected) {
+    try {
+      const roomTitle = document.querySelector('h1[class*="room"]')?.textContent ||
+                       document.querySelector('[class*="room-title"]')?.textContent;
+      challenges.tryhackme.roomName = roomTitle?.trim() || null;
+      // Task completion
+      const completedTasks = document.querySelectorAll('[data-complete="true"]').length;
+      const totalTasks = document.querySelectorAll('[data-task-id]').length;
+      if (totalTasks > 0) {
+        challenges.tryhackme.taskProgress = { completed: completedTasks, total: totalTasks };
+      }
+    } catch(e) {
+      challenges.tryhackme.error = e.message;
+    }
+  }
+
+  // OverTheWire / wargame platforms
+  challenges.overthewire = {
+    detected: document.title.includes('OverTheWire') ||
+              document.title.includes('wargame') ||
+              document.title.includes('bandit') ||
+              !!document.querySelector('pre[class*="terminal"]'),
+    gameName: null,
+    level: null
+  };
+  if (challenges.overthewire.detected) {
+    try {
+      const titleMatch = document.title.match(/([\\w]+)\\s*[:\\-]?/i);
+      challenges.overthewire.gameName = titleMatch ? titleMatch[1] : null;
+    } catch(e) {
+      challenges.overthewire.error = e.message;
+    }
+  }
+
+  // picoCTF
+  challenges.picoctf = {
+    detected: document.title.includes('picoCTF') ||
+              !!document.querySelector('[class*="pico"]') ||
+              !!document.querySelector('a[href*="picoctf"]'),
+    challengeName: null,
+    category: null,
+    solved: null
+  };
+  if (challenges.picoctf.detected) {
+    try {
+      challenges.picoctf.challengeName = document.querySelector('h1[class*="challenge"]')?.textContent?.trim() || null;
+      challenges.picoctf.category = document.querySelector('[class*="category"]')?.textContent?.trim() || null;
+      // Check for solved indicator
+      const solvedIndicator = document.querySelector('[class*="solved"]') ||
+                             document.querySelector('[class*="correct"]');
+      challenges.picoctf.solved = !!solvedIndicator;
+    } catch(e) {
+      challenges.picoctf.error = e.message;
+    }
+  }
+
+  // Root-Me
+  challenges.rootme = {
+    detected: document.title.includes('Root-Me') ||
+              !!document.querySelector('a[href*="root-me.org"]') ||
+              !!document.querySelector('[class*="rm-"]'),
+    challengeInfo: null
+  };
+  if (challenges.rootme.detected) {
+    try {
+      const validationForm = document.querySelector('form[name="validation"]');
+      challenges.rootme.canSubmit = !!validationForm;
+    } catch(e) {
+      challenges.rootme.error = e.message;
+    }
+  }
+
+  // Generic metadata
+  challenges.title = document.title;
+  challenges.bodyTextLength = document.body?.innerText?.length || 0;
+  challenges.url = window.location.href;
+
+  return challenges;
+})()`;
+
+    const root = new SequenceNodeBuilder('challenge-detector-root');
+
+    root
+      // Phase 1: Network & Navigate
+      .tool('enable-network', 'network_enable', { input: { enableExceptions: true } })
+      .tool('navigate', 'page_navigate', { input: { url, waitUntil } })
+
+      // Phase 2: Challenge Probe
+      .tool('probe-challenges', 'page_evaluate', {
+        input: { expression: challengeProbeScript },
+      })
+
+      // Phase 3: Parallel Analysis
+      .parallel('analyse-challenges', (p) => {
+        p.maxConcurrency(maxConcurrency)
+          .failFast(false)
+          .tool('get-requests', 'network_get_requests', { input: { tail: requestTail } })
+          .tool('captcha-detect', 'captcha_detect', { input: {} })
+          .tool('search-challenge-scripts', 'search_in_scripts', {
+            input: { query: 'challenge,captcha,turnstile,datadome,akamai,perimeterx,kasada,botmanager', matchType: 'any' },
+          })
+          .tool('search-ctf-keywords', 'search_in_scripts', {
+            input: { query: 'juiceshop,dvwa,hackthebox,tryhackme,overthewire,picoctf,rootme,flag,ctf', matchType: 'any' },
+          })
+          .tool('screenshot', 'page_screenshot', { input: { fullPage: true } })
+          .tool('detect-obfuscation', 'detect_obfuscation', { input: {} })
+          .tool('stealth-verify', 'stealth_verify', { input: { categories: 'webdriver,navigator,timing,canvas' } })
+          .tool('get-localstorage', 'page_get_local_storage', { input: {} })
+          .tool('dom-structure', 'dom_get_structure', { input: { maxDepth: 2, includeText: false } });
+      })
+
+      // Phase 4: Response Analysis
+      .tool('get-network-stats', 'network_get_stats', { input: {} })
+      .tool('get-cookies', 'page_get_cookies')
+
+      // Phase 5: Evidence Recording
+      .tool('create-evidence-session', 'instrumentation_session_create', {
+        input: {
+          name: `challenge-detection-${new Date().toISOString().slice(0, 10)}`,
+          metadata: { url, workflowId },
+        },
+      })
+      .tool('record-artifact', 'instrumentation_artifact_record', {
+        input: {
+          type: 'challenge_detection_report',
+          label: `Challenge detection for ${url}`,
+          metadata: { url },
+        },
+      })
+
+      // Phase 6: Session Insight
+      .tool('emit-insight', 'append_session_insight', {
+        input: {
+          insight: JSON.stringify({
+            status: 'challenge_detector_complete',
+            workflowId,
+            url,
+          }),
+        },
+      });
+
+    return root;
+  })
+  .onStart((ctx) => {
+    ctx.emitMetric('workflow_runs_total', 1, 'counter', { workflowId, mission: 'challenge_detector', stage: 'start' });
+  })
+  .onFinish((ctx) => {
+    ctx.emitMetric('workflow_runs_total', 1, 'counter', { workflowId, mission: 'challenge_detector', stage: 'finish' });
+  })
+  .onError((ctx, error) => {
+    ctx.emitMetric('workflow_errors_total', 1, 'counter', { workflowId, mission: 'challenge_detector', stage: 'error', error: error.name });
+  })
+  .build();

package/workflows/deobfuscation-pipeline/.jshook-install.json

@@ -0,0 +1,14 @@
+{
+  "version": 1,
+  "kind": "workflow",
+  "slug": "deobfuscation-pipeline",
+  "id": "workflow.deobfuscation-pipeline.v1",
+  "source": {
+    "type": "git",
+    "repo": "https://github.com/vmoranv/jshook_workflow_deobfuscation_pipeline",
+    "ref": "main",
+    "commit": "97f3401d7e1ba446423a84e66be190d633f7d463",
+    "subpath": ".",
+    "entry": "workflow.ts"
+  }
+}

package/workflows/deobfuscation-pipeline/meta.yaml

@@ -0,0 +1,6 @@
+name: deobfuscation-pipeline
+description: JSHook workflow for deobfuscation-pipeline
+author: vmoranv
+tags:
+  - workflow
+  - deobfuscation-pipeline

package/workflows/deobfuscation-pipeline/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "jshook-workflow-deobfuscation-pipeline",
+  "private": true,
+  "version": "0.1.0",
+  "description": "jshookmcp workflow: deobfuscation-pipeline",
+  "type": "module",
+  "packageManager": "pnpm@10.28.2",
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "check": "tsc -p tsconfig.json --noEmit"
+  },
+  "dependencies": {
+    "@jshookmcp/extension-sdk": "^0.3.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.0",
+    "typescript": "^5.9.3"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}