clawsec 0.0.1

package/dist/src/detectors/exfiltration/network-detector.js

@@ -0,0 +1,504 @@
+/**
+ * Network Exfiltration Detector
+ * Detects raw network commands used for data exfiltration (netcat, socat, /dev/tcp, etc.)
+ */
+/**
+ * Netcat patterns for data exfiltration
+ */
+const NETCAT_PATTERNS = [
+    // nc -e (execute shell - often used for reverse shells)
+    {
+        pattern: /\b(?:nc|netcat|ncat)\s+(?:[^|;]+\s+)?-e\s+(\S+)/i,
+        tool: 'netcat',
+        description: 'netcat with shell execution',
+        critical: true,
+    },
+    // nc with output redirection (sending file contents)
+    {
+        pattern: /\bcat\s+([^\s|]+)\s*\|\s*(?:nc|netcat|ncat)\s+([^\s]+)\s+(\d+)/i,
+        tool: 'netcat',
+        description: 'file piped to netcat',
+    },
+    // nc reading from file directly
+    {
+        pattern: /\b(?:nc|netcat|ncat)\s+(?:[^|;]+\s+)?<\s*([^\s]+)/i,
+        tool: 'netcat',
+        description: 'netcat with file input',
+    },
+    // Any command piped to nc with host and port
+    {
+        pattern: /\|\s*(?:nc|netcat|ncat)\s+(-[^\s]+\s+)*([^\s]+)\s+(\d+)/i,
+        tool: 'netcat',
+        description: 'piped data to netcat',
+    },
+    // nc -q (quiet mode - data transfer)
+    {
+        pattern: /\b(?:nc|netcat)\s+(?:[^|;]+\s+)?-q\s+\d+\s+([^\s]+)\s+(\d+)/i,
+        tool: 'netcat',
+        description: 'netcat data transfer',
+    },
+    // ncat with --send-only or --recv-only
+    {
+        pattern: /\bncat\s+(?:[^|;]+\s+)?--(?:send-only|exec)\s+/i,
+        tool: 'ncat',
+        description: 'ncat data transfer',
+        critical: true,
+    },
+];
+/**
+ * Bash /dev/tcp patterns (direct TCP connections)
+ */
+const DEV_TCP_PATTERNS = [
+    // exec /dev/tcp (check first as it's most critical)
+    {
+        pattern: /\bexec\s+\d+<>\/dev\/tcp\/([^\/]+)\/(\d+)/i,
+        tool: '/dev/tcp',
+        description: 'bash TCP file descriptor',
+        critical: true,
+    },
+    // Redirecting to /dev/tcp
+    {
+        pattern: />\s*\/dev\/tcp\/([^\/]+)\/(\d+)/i,
+        tool: '/dev/tcp',
+        description: 'bash TCP redirect (outbound)',
+    },
+    // Reading and sending via /dev/tcp
+    {
+        pattern: /\bcat\s+([^\s]+)\s*>\s*\/dev\/tcp\/([^\/]+)\/(\d+)/i,
+        tool: '/dev/tcp',
+        description: 'file sent via bash TCP',
+    },
+    // /dev/udp patterns
+    {
+        pattern: />\s*\/dev\/udp\/([^\/]+)\/(\d+)/i,
+        tool: '/dev/udp',
+        description: 'bash UDP redirect (outbound)',
+    },
+];
+/**
+ * Socat patterns
+ */
+const SOCAT_PATTERNS = [
+    // socat sending file to TCP
+    {
+        pattern: /\bsocat\s+(?:[^|;]+\s+)?(?:FILE|OPEN):([^\s,]+)\s+TCP(?:4|6)?:([^:]+):(\d+)/i,
+        tool: 'socat',
+        description: 'socat file to TCP',
+    },
+    // socat with EXEC (shell execution)
+    {
+        pattern: /\bsocat\s+(?:[^|;]+\s+)?TCP(?:4|6)?:([^:]+):(\d+)\s+EXEC:/i,
+        tool: 'socat',
+        description: 'socat TCP with exec',
+        critical: true,
+    },
+    // socat stdin to TCP
+    {
+        pattern: /\bsocat\s+(?:[^|;]+\s+)?-\s+TCP(?:4|6)?:([^:]+):(\d+)/i,
+        tool: 'socat',
+        description: 'socat stdin to TCP',
+    },
+    // Piped data to socat
+    {
+        pattern: /\|\s*socat\s+(?:[^|;]+\s+)?-\s+TCP(?:4|6)?:([^:]+):(\d+)/i,
+        tool: 'socat',
+        description: 'piped data to socat',
+    },
+];
+/**
+ * Telnet patterns
+ */
+const TELNET_PATTERNS = [
+    // Piping data to telnet
+    {
+        pattern: /\|\s*telnet\s+([^\s]+)\s+(\d+)/i,
+        tool: 'telnet',
+        description: 'piped data to telnet',
+    },
+    // File redirected to telnet
+    {
+        pattern: /\btelnet\s+([^\s]+)\s+(\d+)\s*<\s*([^\s]+)/i,
+        tool: 'telnet',
+        description: 'file input to telnet',
+    },
+    // expect script with telnet
+    {
+        pattern: /\bexpect\s+.*telnet\s+([^\s]+)\s+(\d+)/i,
+        tool: 'telnet/expect',
+        description: 'automated telnet session',
+    },
+];
+/**
+ * SSH/SCP exfiltration patterns
+ */
+const SSH_EXFIL_PATTERNS = [
+    // scp upload: local file to remote (local path first, then user@host:remote)
+    // Detect pattern like: scp /local/file user@host:/remote/
+    {
+        pattern: /\bscp\s+(?:-[^\s]+\s+)*([^\s@:]+)\s+(\S+@[^:\s]+):(\S*)/i,
+        tool: 'scp',
+        description: 'scp upload to remote',
+    },
+    // rsync upload: local to remote
+    {
+        pattern: /\brsync\s+(?:-[^\s]+\s+)*([^\s@:]+)\s+(\S+@[^:\s]+):(\S*)/i,
+        tool: 'rsync',
+        description: 'rsync upload to remote',
+    },
+    // ssh with piped input
+    {
+        pattern: /\bcat\s+([^\s|]+)\s*\|\s*ssh\s+([^@\s]+@)?([^\s]+)/i,
+        tool: 'ssh',
+        description: 'file piped to ssh',
+    },
+    // sftp put command
+    {
+        pattern: /\bsftp\s+(?:[^|;]+\s+)?.*\bput\s+([^\s]+)/i,
+        tool: 'sftp',
+        description: 'sftp file upload',
+    },
+];
+/**
+ * DNS exfiltration patterns
+ */
+const DNS_EXFIL_PATTERNS = [
+    // nslookup/dig with long subdomain (potential data encoding)
+    {
+        pattern: /\b(?:nslookup|dig|host)\s+([a-zA-Z0-9]{30,})\./i,
+        tool: 'dns',
+        description: 'potential DNS exfiltration',
+    },
+    // dig with TXT record query
+    {
+        pattern: /\bdig\s+(?:[^|;]+\s+)?TXT\s+([^\s]+)/i,
+        tool: 'dns/txt',
+        description: 'DNS TXT record query',
+    },
+];
+/**
+ * Other network exfiltration patterns
+ */
+const OTHER_NETWORK_PATTERNS = [
+    // xxd/hexdump to network
+    {
+        pattern: /\b(?:xxd|hexdump)\s+[^\|]+\|\s*(?:nc|netcat|ncat|curl)/i,
+        tool: 'hex-encoded',
+        description: 'hex-encoded network exfiltration',
+    },
+    // openssl s_client for data transfer
+    {
+        pattern: /\bopenssl\s+s_client\s+(?:[^|;]+\s+)?-connect\s+([^:]+):(\d+)/i,
+        tool: 'openssl',
+        description: 'openssl encrypted connection',
+    },
+    // Python network exfiltration
+    {
+        pattern: /\bsocket\.(?:connect|sendto|send)\s*\(/i,
+        tool: 'python-socket',
+        description: 'Python socket connection',
+    },
+];
+/**
+ * Extract host and port from match
+ */
+function extractDestination(match, _pattern) {
+    // Different patterns capture host/port in different positions
+    const groups = match.slice(1);
+    let host;
+    let port;
+    for (const group of groups) {
+        if (!group)
+            continue;
+        // Check if it looks like a port (all digits)
+        if (/^\d+$/.test(group)) {
+            port = group;
+        }
+        // Check if it looks like a host/IP
+        else if (/^[a-zA-Z0-9.-]+$/.test(group) && !group.match(/^\//) && group.length < 256) {
+            host = group;
+        }
+    }
+    return { host, port };
+}
+/**
+ * Match netcat patterns
+ */
+export function matchNetcatCommand(command) {
+    for (const { pattern, tool, description, critical } of NETCAT_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            const { host, port } = extractDestination(match, { pattern, tool });
+            const dataSource = match[1] && !match[1].match(/^\d+$/) && !match[1].match(/^-/)
+                ? match[1]
+                : undefined;
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: host,
+                port,
+                dataSource,
+                confidence: critical ? 0.95 : 0.9,
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match /dev/tcp patterns
+ */
+export function matchDevTcpPattern(command) {
+    for (const entry of DEV_TCP_PATTERNS) {
+        const { pattern, tool, description } = entry;
+        const critical = 'critical' in entry ? entry.critical : false;
+        const match = command.match(pattern);
+        if (match) {
+            // For /dev/tcp, match[1] is typically the host, match[2] is the port
+            const host = match.find((m, i) => i > 0 && m && !m.match(/^\d+$/) && m.length < 256);
+            const port = match.find((m, i) => i > 0 && m && /^\d+$/.test(m));
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: host,
+                port,
+                confidence: critical ? 0.95 : 0.9,
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match socat patterns
+ */
+export function matchSocatCommand(command) {
+    for (const { pattern, tool, description, critical } of SOCAT_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            const { host, port } = extractDestination(match, { pattern, tool });
+            const dataSource = match[1] && !match[1].match(/^\d+$/) && !match[1].match(/^[a-zA-Z0-9.-]+$/)
+                ? match[1]
+                : undefined;
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: host,
+                port,
+                dataSource,
+                confidence: critical ? 0.95 : 0.85,
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match telnet patterns
+ */
+export function matchTelnetCommand(command) {
+    for (const { pattern, tool, description } of TELNET_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: match[1],
+                port: match[2],
+                dataSource: match[3],
+                confidence: 0.85,
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match SSH/SCP exfiltration patterns
+ */
+export function matchSshExfiltration(command) {
+    for (const { pattern, tool, description } of SSH_EXFIL_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            // Extract user@host
+            const userHost = match.find((m, i) => i > 0 && m && m.includes('@'));
+            const host = userHost?.split('@')[1] || match[2] || match[3];
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: host,
+                dataSource: match[1],
+                confidence: 0.85,
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match DNS exfiltration patterns
+ */
+export function matchDnsExfiltration(command) {
+    for (const { pattern, tool, description } of DNS_EXFIL_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: match[1],
+                confidence: 0.7, // Lower confidence as this could be legitimate
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match other network exfiltration patterns
+ */
+export function matchOtherNetworkPattern(command) {
+    for (const { pattern, tool, description } of OTHER_NETWORK_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            return {
+                matched: true,
+                command,
+                tool,
+                destination: match[1],
+                port: match[2],
+                confidence: 0.8,
+                description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Comprehensive network exfiltration matching
+ */
+export function matchNetworkExfiltration(text) {
+    // Try netcat patterns first
+    const ncResult = matchNetcatCommand(text);
+    if (ncResult.matched) {
+        return ncResult;
+    }
+    // Try /dev/tcp patterns
+    const devTcpResult = matchDevTcpPattern(text);
+    if (devTcpResult.matched) {
+        return devTcpResult;
+    }
+    // Try socat patterns
+    const socatResult = matchSocatCommand(text);
+    if (socatResult.matched) {
+        return socatResult;
+    }
+    // Try telnet patterns
+    const telnetResult = matchTelnetCommand(text);
+    if (telnetResult.matched) {
+        return telnetResult;
+    }
+    // Try SSH/SCP patterns
+    const sshResult = matchSshExfiltration(text);
+    if (sshResult.matched) {
+        return sshResult;
+    }
+    // Try DNS exfiltration patterns
+    const dnsResult = matchDnsExfiltration(text);
+    if (dnsResult.matched) {
+        return dnsResult;
+    }
+    // Try other patterns
+    const otherResult = matchOtherNetworkPattern(text);
+    if (otherResult.matched) {
+        return otherResult;
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Network exfiltration detector class
+ */
+export class NetworkDetector {
+    severity;
+    constructor(severity = 'high') {
+        this.severity = severity;
+    }
+    /**
+     * Extract text content from tool context
+     */
+    extractContent(context) {
+        const input = context.toolInput;
+        // Direct command field
+        if (typeof input.command === 'string') {
+            return input.command;
+        }
+        // Shell/bash command field
+        if (typeof input.shell === 'string') {
+            return input.shell;
+        }
+        if (typeof input.bash === 'string') {
+            return input.bash;
+        }
+        // Script field
+        if (typeof input.script === 'string') {
+            return input.script;
+        }
+        // Code field
+        if (typeof input.code === 'string') {
+            return input.code;
+        }
+        // Text content
+        if (typeof input.text === 'string') {
+            return input.text;
+        }
+        // Content field
+        if (typeof input.content === 'string') {
+            return input.content;
+        }
+        // Body field
+        if (typeof input.body === 'string') {
+            return input.body;
+        }
+        return null;
+    }
+    detect(context) {
+        const content = this.extractContent(context);
+        if (!content) {
+            return null;
+        }
+        const result = matchNetworkExfiltration(content);
+        if (!result.matched) {
+            return null;
+        }
+        const destInfo = result.destination
+            ? ` to ${result.destination}${result.port ? ':' + result.port : ''}`
+            : '';
+        const srcInfo = result.dataSource ? ` (source: ${result.dataSource})` : '';
+        return {
+            detected: true,
+            category: 'exfiltration',
+            severity: this.severity,
+            confidence: result.confidence,
+            reason: `Network exfiltration detected: ${result.description || result.tool}${destInfo}${srcInfo}`,
+            metadata: {
+                method: 'network',
+                destination: result.destination
+                    ? (result.port ? `${result.destination}:${result.port}` : result.destination)
+                    : undefined,
+                dataSource: result.dataSource,
+                command: result.command,
+            },
+        };
+    }
+}
+/**
+ * Create a network detector with the given severity
+ */
+export function createNetworkDetector(severity = 'high') {
+    return new NetworkDetector(severity);
+}
+//# sourceMappingURL=network-detector.js.map

package/dist/src/detectors/exfiltration/network-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-detector.js","sourceRoot":"","sources":["../../../../src/detectors/exfiltration/network-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,wDAAwD;IACxD;QACE,OAAO,EAAE,kDAAkD;QAC3D,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,6BAA6B;QAC1C,QAAQ,EAAE,IAAI;KACf;IACD,qDAAqD;IACrD;QACE,OAAO,EAAE,iEAAiE;QAC1E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,sBAAsB;KACpC;IACD,gCAAgC;IAChC;QACE,OAAO,EAAE,oDAAoD;QAC7D,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,wBAAwB;KACtC;IACD,6CAA6C;IAC7C;QACE,OAAO,EAAE,0DAA0D;QACnE,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,sBAAsB;KACpC;IACD,qCAAqC;IACrC;QACE,OAAO,EAAE,8DAA8D;QACvE,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,sBAAsB;KACpC;IACD,uCAAuC;IACvC;QACE,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,oBAAoB;QACjC,QAAQ,EAAE,IAAI;KACf;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,oDAAoD;IACpD;QACE,OAAO,EAAE,4CAA4C;QACrD,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,0BAA0B;QACvC,QAAQ,EAAE,IAAI;KACf;IACD,0BAA0B;IAC1B;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,8BAA8B;KAC5C;IACD,mCAAmC;IACnC;QACE,OAAO,EAAE,qDAAqD;QAC9D,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,wBAAwB;KACtC;IACD,oBAAoB;IACpB;QACE,OAAO,EAAE,kCAAkC;QAC3C,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,8BAA8B;KAC5C;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,4BAA4B;IAC5B;QACE,OAAO,EAAE,8EAA8E;QACvF,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,mBAAmB;KACjC;IACD,oCAAoC;IACpC;QACE,OAAO,EAAE,4DAA4D;QACrE,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,qBAAqB;QAClC,QAAQ,EAAE,IAAI;KACf;IACD,qBAAqB;IACrB;QACE,OAAO,EAAE,wDAAwD;QACjE,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,oBAAoB;KAClC;IACD,sBAAsB;IACtB;QACE,OAAO,EAAE,2DAA2D;QACpE,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,qBAAqB;KACnC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,wBAAwB;IACxB;QACE,OAAO,EAAE,iCAAiC;QAC1C,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,sBAAsB;KACpC;IACD,4BAA4B;IAC5B;QACE,OAAO,EAAE,6CAA6C;QACtD,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,sBAAsB;KACpC;IACD,4BAA4B;IAC5B;QACE,OAAO,EAAE,yCAAyC;QAClD,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,0BAA0B;KACxC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,6EAA6E;IAC7E,0DAA0D;IAC1D;QACE,OAAO,EAAE,0DAA0D;QACnE,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,sBAAsB;KACpC;IACD,gCAAgC;IAChC;QACE,OAAO,EAAE,4DAA4D;QACrE,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,wBAAwB;KACtC;IACD,uBAAuB;IACvB;QACE,OAAO,EAAE,qDAAqD;QAC9D,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,mBAAmB;KACjC;IACD,mBAAmB;IACnB;QACE,OAAO,EAAE,4CAA4C;QACrD,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,kBAAkB;KAChC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,6DAA6D;IAC7D;QACE,OAAO,EAAE,iDAAiD;QAC1D,IAAI,EAAE,KAAK;QACX,WAAW,EAAE,4BAA4B;KAC1C;IACD,4BAA4B;IAC5B;QACE,OAAO,EAAE,uCAAuC;QAChD,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,yBAAyB;IACzB;QACE,OAAO,EAAE,yDAAyD;QAClE,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,kCAAkC;KAChD;IACD,qCAAqC;IACrC;QACE,OAAO,EAAE,gEAAgE;QACzE,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,8BAA8B;KAC5C;IACD,8BAA8B;IAC9B;QACE,OAAO,EAAE,yCAAyC;QAClD,IAAI,EAAE,eAAe;QACrB,WAAW,EAAE,0BAA0B;KACxC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAuB,EAAE,QAGpD;IACC,8DAA8D;IAC9D,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,IAAwB,CAAC;IAC7B,IAAI,IAAwB,CAAC;IAE7B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,6CAA6C;QAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,IAAI,GAAG,KAAK,CAAC;QACf,CAAC;QACD,mCAAmC;aAC9B,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACrF,IAAI,GAAG,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,eAAe,EAAE,CAAC;QACvE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,kBAAkB,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;gBAC9E,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACV,CAAC,CAAC,SAAS,CAAC;YAEd,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,IAAI;gBACjB,IAAI;gBACJ,UAAU;gBACV,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG;gBACjC,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACrC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC;QAC7C,MAAM,QAAQ,GAAG,UAAU,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;QAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,qEAAqE;YACrE,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;YACrF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAEjE,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,IAAI;gBACjB,IAAI;gBACJ,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG;gBACjC,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,cAAc,EAAE,CAAC;QACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,kBAAkB,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC;gBAC5F,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACV,CAAC,CAAC,SAAS,CAAC;YAEd,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,IAAI;gBACjB,IAAI;gBACJ,UAAU;gBACV,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;gBAClC,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,eAAe,EAAE,CAAC;QAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpB,UAAU,EAAE,IAAI;gBAChB,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,kBAAkB,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,oBAAoB;YACpB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,MAAM,IAAI,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,IAAI;gBACjB,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpB,UAAU,EAAE,IAAI;gBAChB,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,kBAAkB,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,UAAU,EAAE,GAAG,EAAE,+CAA+C;gBAChE,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAe;IACtD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,sBAAsB,EAAE,CAAC;QACpE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,IAAI;gBACJ,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;gBACrB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;gBACd,UAAU,EAAE,GAAG;gBACf,WAAW;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAAY;IACnD,4BAA4B;IAC5B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC1C,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,wBAAwB;IACxB,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,qBAAqB;IACrB,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,uBAAuB;IACvB,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,gCAAgC;IAChC,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,qBAAqB;IACrB,MAAM,WAAW,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAClB,QAAQ,CAAW;IAE3B,YAAY,WAAqB,MAAM;QACrC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,OAAyB;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC;QAEhC,uBAAuB;QACvB,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,eAAe;QACf,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC,MAAM,CAAC;QACtB,CAAC;QAED,aAAa;QACb,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,eAAe;QACf,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,gBAAgB;QAChB,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC;QAED,aAAa;QACb,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,OAAyB;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QAEjD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW;YACjC,CAAC,CAAC,OAAO,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACpE,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAE3E,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,cAAc;YACxB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,kCAAkC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,GAAG,QAAQ,GAAG,OAAO,EAAE;YAClG,QAAQ,EAAE;gBACR,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC7B,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;oBAC7E,CAAC,CAAC,SAAS;gBACb,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,WAAqB,MAAM;IAC/D,OAAO,IAAI,eAAe,CAAC,QAAQ,CAAC,CAAC;AACvC,CAAC"}

package/dist/src/detectors/exfiltration/types.d.ts

@@ -0,0 +1,139 @@
+/**
+ * Exfiltration Detector Types
+ * Type definitions for detecting data exfiltration attempts
+ */
+import type { Severity, Action } from '../../config/index.js';
+/**
+ * Detection context passed to detectors
+ */
+export interface DetectionContext {
+    /** Name of the tool being invoked */
+    toolName: string;
+    /** Input parameters to the tool */
+    toolInput: Record<string, unknown>;
+    /** URL being accessed (for browser/navigation tools) */
+    url?: string;
+}
+/**
+ * Method of exfiltration detected
+ */
+export type ExfiltrationMethod = 'http' | 'cloud' | 'network' | 'encoded';
+/**
+ * Result of an exfiltration detection
+ */
+export interface ExfiltrationDetectionResult {
+    /** Whether exfiltration was detected */
+    detected: boolean;
+    /** Category of the detection */
+    category: 'exfiltration';
+    /** Severity level of the detection */
+    severity: Severity;
+    /** Confidence score from 0 to 1 */
+    confidence: number;
+    /** Human-readable reason for the detection */
+    reason: string;
+    /** Additional metadata about the detection */
+    metadata?: {
+        /** Method of exfiltration */
+        method: ExfiltrationMethod;
+        /** Destination URL, IP, or hostname */
+        destination?: string;
+        /** What data is being sent */
+        dataSource?: string;
+        /** The command that triggered detection */
+        command?: string;
+    };
+}
+/**
+ * Configuration for the exfiltration detector
+ */
+export interface ExfiltrationDetectorConfig {
+    /** Whether the detector is enabled */
+    enabled: boolean;
+    /** Severity level to assign to detections */
+    severity: Severity;
+    /** Action to take when exfiltration is detected */
+    action: Action;
+}
+/**
+ * Interface for the main exfiltration detector
+ */
+export interface ExfiltrationDetector {
+    /**
+     * Detect exfiltration attempts
+     * @param context Detection context with tool information
+     * @returns Detection result
+     */
+    detect(context: DetectionContext): Promise<ExfiltrationDetectionResult>;
+}
+/**
+ * Interface for sub-detectors (http, cloud, network)
+ */
+export interface SubDetector {
+    /**
+     * Check if the given context matches this detector's patterns
+     * @param context Detection context
+     * @returns Detection result or null if no match
+     */
+    detect(context: DetectionContext): ExfiltrationDetectionResult | null;
+}
+/**
+ * HTTP exfiltration match result
+ */
+export interface HttpMatchResult {
+    /** Whether a match was found */
+    matched: boolean;
+    /** The command or code that matched */
+    command?: string;
+    /** The HTTP method used (POST, PUT) */
+    httpMethod?: string;
+    /** The destination URL */
+    destination?: string;
+    /** What data is being sent */
+    dataSource?: string;
+    /** Confidence score */
+    confidence: number;
+    /** Description of the exfiltration attempt */
+    description?: string;
+}
+/**
+ * Cloud upload match result
+ */
+export interface CloudUploadMatchResult {
+    /** Whether a match was found */
+    matched: boolean;
+    /** The command that matched */
+    command?: string;
+    /** The cloud provider (aws, gcp, azure) */
+    provider?: string;
+    /** The operation detected (cp, sync) */
+    operation?: string;
+    /** The destination (S3 bucket, GCS bucket, etc.) */
+    destination?: string;
+    /** The source file/directory being uploaded */
+    dataSource?: string;
+    /** Confidence score */
+    confidence: number;
+}
+/**
+ * Network exfiltration match result
+ */
+export interface NetworkMatchResult {
+    /** Whether a match was found */
+    matched: boolean;
+    /** The command that matched */
+    command?: string;
+    /** The tool used (nc, netcat, socat, etc.) */
+    tool?: string;
+    /** The destination host/IP */
+    destination?: string;
+    /** The port being used */
+    port?: string;
+    /** What data is being sent */
+    dataSource?: string;
+    /** Confidence score */
+    confidence: number;
+    /** Description of the exfiltration attempt */
+    description?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/detectors/exfiltration/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/detectors/exfiltration/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,wDAAwD;IACxD,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,wCAAwC;IACxC,QAAQ,EAAE,OAAO,CAAC;IAClB,gCAAgC;IAChC,QAAQ,EAAE,cAAc,CAAC;IACzB,sCAAsC;IACtC,QAAQ,EAAE,QAAQ,CAAC;IACnB,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,8CAA8C;IAC9C,QAAQ,CAAC,EAAE;QACT,6BAA6B;QAC7B,MAAM,EAAE,kBAAkB,CAAC;QAC3B,uCAAuC;QACvC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,8BAA8B;QAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,2CAA2C;QAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,6CAA6C;IAC7C,QAAQ,EAAE,QAAQ,CAAC;IACnB,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC;CACzE;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;OAIG;IACH,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,2BAA2B,GAAG,IAAI,CAAC;CACvE;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uCAAuC;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uBAAuB;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/src/detectors/exfiltration/types.js

@@ -0,0 +1,6 @@
+/**
+ * Exfiltration Detector Types
+ * Type definitions for detecting data exfiltration attempts
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/detectors/exfiltration/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/detectors/exfiltration/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}