erosolar-cli 1.5.2 → 1.5.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/security-deployment.json +54 -0
- package/dist/bin/adapters/node/index.js +33 -0
- package/dist/bin/adapters/types.js +1 -0
- package/dist/bin/alpha-zero/agentWrapper.js +165 -0
- package/dist/bin/alpha-zero/codeEvaluator.js +272 -0
- package/dist/bin/alpha-zero/competitiveRunner.js +219 -0
- package/dist/bin/alpha-zero/index.js +98 -0
- package/dist/bin/alpha-zero/introspection.js +298 -0
- package/dist/bin/alpha-zero/metricsTracker.js +207 -0
- package/dist/bin/alpha-zero/security/core.js +269 -0
- package/dist/bin/alpha-zero/security/google.js +308 -0
- package/dist/bin/alpha-zero/security/googleLoader.js +40 -0
- package/dist/bin/alpha-zero/security/index.js +31 -0
- package/dist/bin/alpha-zero/security/simulation.js +274 -0
- package/dist/bin/alpha-zero/selfModification.js +231 -0
- package/dist/bin/alpha-zero/types.js +30 -0
- package/dist/bin/bin/erosolar-optimized.js +205 -0
- package/dist/bin/capabilities/agentSpawningCapability.js +116 -0
- package/dist/bin/capabilities/bashCapability.js +22 -0
- package/dist/bin/capabilities/cloudCapability.js +36 -0
- package/dist/bin/capabilities/codeAnalysisCapability.js +22 -0
- package/dist/bin/capabilities/codeQualityCapability.js +23 -0
- package/dist/bin/capabilities/dependencySecurityCapability.js +22 -0
- package/dist/bin/capabilities/devCapability.js +22 -0
- package/dist/bin/capabilities/editCapability.js +28 -0
- package/dist/bin/capabilities/emailCapability.js +20 -0
- package/dist/bin/capabilities/enhancedGitCapability.js +221 -0
- package/dist/bin/capabilities/filesystemCapability.js +22 -0
- package/dist/bin/capabilities/globCapability.js +28 -0
- package/dist/bin/capabilities/interactionCapability.js +20 -0
- package/dist/bin/capabilities/learnCapability.js +22 -0
- package/dist/bin/capabilities/mcpCapability.js +20 -0
- package/dist/bin/capabilities/notebookCapability.js +28 -0
- package/dist/bin/capabilities/planningCapability.js +27 -0
- package/dist/bin/capabilities/refactoringCapability.js +23 -0
- package/dist/bin/capabilities/repoChecksCapability.js +22 -0
- package/dist/bin/capabilities/searchCapability.js +22 -0
- package/dist/bin/capabilities/skillCapability.js +76 -0
- package/dist/bin/capabilities/taskManagementCapability.js +20 -0
- package/dist/bin/capabilities/testingCapability.js +23 -0
- package/dist/bin/capabilities/toolManifest.js +159 -0
- package/dist/bin/capabilities/toolRegistry.js +114 -0
- package/dist/bin/capabilities/webCapability.js +20 -0
- package/dist/bin/config.js +139 -0
- package/dist/bin/contracts/v1/agent.js +7 -0
- package/dist/bin/contracts/v1/agentProfileManifest.js +8 -0
- package/dist/bin/contracts/v1/agentRules.js +9 -0
- package/dist/bin/contracts/v1/toolAccess.js +8 -0
- package/dist/bin/core/agent.js +362 -0
- package/dist/bin/core/agentProfileManifest.js +187 -0
- package/dist/bin/core/agentProfiles.js +34 -0
- package/dist/bin/core/agentRulebook.js +135 -0
- package/dist/bin/core/agentSchemaLoader.js +233 -0
- package/dist/bin/core/contextManager.js +412 -0
- package/dist/bin/core/contextWindow.js +122 -0
- package/dist/bin/core/customCommands.js +80 -0
- package/dist/bin/core/errors/apiKeyErrors.js +114 -0
- package/dist/bin/core/errors/errorTypes.js +340 -0
- package/dist/bin/core/errors/safetyValidator.js +304 -0
- package/dist/bin/core/errors.js +32 -0
- package/dist/bin/core/modelDiscovery.js +755 -0
- package/dist/bin/core/preferences.js +224 -0
- package/dist/bin/core/schemaValidator.js +92 -0
- package/dist/bin/core/secretStore.js +199 -0
- package/dist/bin/core/sessionStore.js +187 -0
- package/dist/bin/core/toolRuntime.js +290 -0
- package/dist/bin/core/types.js +1 -0
- package/dist/bin/erosolar-optimized.d.ts +12 -0
- package/dist/bin/erosolar-optimized.d.ts.map +1 -0
- package/dist/bin/erosolar-optimized.js +239 -0
- package/dist/bin/erosolar-optimized.js.map +1 -0
- package/dist/bin/erosolar.js +14 -0
- package/dist/bin/erosolar.js.map +1 -1
- package/dist/bin/headless/headlessApp.js +172 -0
- package/dist/bin/mcp/config.js +202 -0
- package/dist/bin/mcp/stdioClient.js +172 -0
- package/dist/bin/mcp/toolBridge.js +104 -0
- package/dist/bin/mcp/types.js +1 -0
- package/dist/bin/plugins/index.js +113 -0
- package/dist/bin/plugins/providers/anthropic/index.js +25 -0
- package/dist/bin/plugins/providers/deepseek/index.js +24 -0
- package/dist/bin/plugins/providers/google/index.js +26 -0
- package/dist/bin/plugins/providers/index.js +19 -0
- package/dist/bin/plugins/providers/ollama/index.js +59 -0
- package/dist/bin/plugins/providers/openai/index.js +26 -0
- package/dist/bin/plugins/providers/xai/index.js +24 -0
- package/dist/bin/plugins/tools/agentSpawning/agentSpawningPlugin.js +8 -0
- package/dist/bin/plugins/tools/bash/localBashPlugin.js +13 -0
- package/dist/bin/plugins/tools/checks/localRepoChecksPlugin.js +13 -0
- package/dist/bin/plugins/tools/cloud/cloudPlugin.js +13 -0
- package/dist/bin/plugins/tools/codeAnalysis/codeAnalysisPlugin.js +13 -0
- package/dist/bin/plugins/tools/codeQuality/codeQualityPlugin.js +13 -0
- package/dist/bin/plugins/tools/dependency/dependencyPlugin.js +11 -0
- package/dist/bin/plugins/tools/development/devPlugin.js +13 -0
- package/dist/bin/plugins/tools/edit/editPlugin.js +14 -0
- package/dist/bin/plugins/tools/email/emailPlugin.js +11 -0
- package/dist/bin/plugins/tools/enhancedGit/enhancedGitPlugin.js +8 -0
- package/dist/bin/plugins/tools/filesystem/localFilesystemPlugin.js +13 -0
- package/dist/bin/plugins/tools/glob/globPlugin.js +14 -0
- package/dist/bin/plugins/tools/index.js +2 -0
- package/dist/bin/plugins/tools/interaction/interactionPlugin.js +11 -0
- package/dist/bin/plugins/tools/learn/learnPlugin.js +13 -0
- package/dist/bin/plugins/tools/mcp/mcpPlugin.js +8 -0
- package/dist/bin/plugins/tools/nodeDefaults.js +56 -0
- package/dist/bin/plugins/tools/notebook/notebookPlugin.js +14 -0
- package/dist/bin/plugins/tools/planning/planningPlugin.js +14 -0
- package/dist/bin/plugins/tools/refactoring/refactoringPlugin.js +11 -0
- package/dist/bin/plugins/tools/registry.js +57 -0
- package/dist/bin/plugins/tools/search/localSearchPlugin.js +13 -0
- package/dist/bin/plugins/tools/skills/skillPlugin.js +8 -0
- package/dist/bin/plugins/tools/taskManagement/taskManagementPlugin.js +11 -0
- package/dist/bin/plugins/tools/testing/testingPlugin.js +11 -0
- package/dist/bin/plugins/tools/web/webPlugin.js +11 -0
- package/dist/bin/providers/anthropicProvider.js +329 -0
- package/dist/bin/providers/googleProvider.js +203 -0
- package/dist/bin/providers/openaiChatCompletionsProvider.js +208 -0
- package/dist/bin/providers/openaiResponsesProvider.js +249 -0
- package/dist/bin/providers/providerFactory.js +24 -0
- package/dist/bin/runtime/agentController.js +321 -0
- package/dist/bin/runtime/agentHost.js +153 -0
- package/dist/bin/runtime/agentSession.js +195 -0
- package/dist/bin/runtime/node.js +10 -0
- package/dist/bin/runtime/universal.js +28 -0
- package/dist/bin/shell/bracketedPasteManager.js +350 -0
- package/dist/bin/shell/fileChangeTracker.js +65 -0
- package/dist/bin/shell/interactiveShell.js +2908 -0
- package/dist/bin/shell/liveStatus.js +78 -0
- package/dist/bin/shell/shellApp.js +290 -0
- package/dist/bin/shell/systemPrompt.js +60 -0
- package/dist/bin/shell/updateManager.js +108 -0
- package/dist/bin/skills/skillRepository.js +236 -0
- package/dist/bin/skills/types.js +1 -0
- package/dist/bin/subagents/taskRunner.js +269 -0
- package/dist/bin/tools/backgroundBashTools.js +211 -0
- package/dist/bin/tools/bashTools.js +159 -0
- package/dist/bin/tools/cloudTools.js +864 -0
- package/dist/bin/tools/codeAnalysisTools.js +641 -0
- package/dist/bin/tools/codeQualityTools.js +294 -0
- package/dist/bin/tools/dependencyTools.js +282 -0
- package/dist/bin/tools/devTools.js +238 -0
- package/dist/bin/tools/diffUtils.js +137 -0
- package/dist/bin/tools/editTools.js +134 -0
- package/dist/bin/tools/emailTools.js +448 -0
- package/dist/bin/tools/fileTools.js +282 -0
- package/dist/bin/tools/globTools.js +173 -0
- package/dist/bin/tools/grepTools.js +332 -0
- package/dist/bin/tools/interactionTools.js +170 -0
- package/dist/bin/tools/learnTools.js +1818 -0
- package/dist/bin/tools/notebookEditTools.js +196 -0
- package/dist/bin/tools/planningTools.js +46 -0
- package/dist/bin/tools/refactoringTools.js +293 -0
- package/dist/bin/tools/repoChecksTools.js +160 -0
- package/dist/bin/tools/searchTools.js +206 -0
- package/dist/bin/tools/skillTools.js +177 -0
- package/dist/bin/tools/taskManagementTools.js +156 -0
- package/dist/bin/tools/testingTools.js +232 -0
- package/dist/bin/tools/webTools.js +480 -0
- package/dist/bin/ui/ShellUIAdapter.js +459 -0
- package/dist/bin/ui/UnifiedUIController.js +183 -0
- package/dist/bin/ui/animation/AnimationScheduler.js +430 -0
- package/dist/bin/ui/codeHighlighter.js +854 -0
- package/dist/bin/ui/designSystem.js +121 -0
- package/dist/bin/ui/display.js +1222 -0
- package/dist/bin/ui/interrupts/InterruptManager.js +437 -0
- package/dist/bin/ui/layout.js +139 -0
- package/dist/bin/ui/orchestration/StatusOrchestrator.js +403 -0
- package/dist/bin/ui/outputMode.js +38 -0
- package/dist/bin/ui/persistentPrompt.js +183 -0
- package/dist/bin/ui/richText.js +338 -0
- package/dist/bin/ui/shortcutsHelp.js +87 -0
- package/dist/bin/ui/telemetry/UITelemetry.js +443 -0
- package/dist/bin/ui/textHighlighter.js +210 -0
- package/dist/bin/ui/theme.js +116 -0
- package/dist/bin/ui/toolDisplay.js +423 -0
- package/dist/bin/ui/toolDisplayAdapter.js +357 -0
- package/dist/bin/workspace.js +106 -0
- package/dist/bin/workspace.validator.js +213 -0
- package/dist/capabilities/cloudCapability.d.ts +13 -0
- package/dist/capabilities/cloudCapability.d.ts.map +1 -0
- package/dist/capabilities/cloudCapability.js +38 -0
- package/dist/capabilities/cloudCapability.js.map +1 -0
- package/dist/capabilities/index.d.ts +1 -0
- package/dist/capabilities/index.d.ts.map +1 -1
- package/dist/capabilities/index.js +1 -0
- package/dist/capabilities/index.js.map +1 -1
- package/dist/capabilities/offensiveSecurityCapability.d.ts +26 -0
- package/dist/capabilities/offensiveSecurityCapability.d.ts.map +1 -0
- package/dist/capabilities/offensiveSecurityCapability.js +58 -0
- package/dist/capabilities/offensiveSecurityCapability.js.map +1 -0
- package/dist/capabilities/realSecurityCapability.d.ts +26 -0
- package/dist/capabilities/realSecurityCapability.d.ts.map +1 -0
- package/dist/capabilities/realSecurityCapability.js +53 -0
- package/dist/capabilities/realSecurityCapability.js.map +1 -0
- package/dist/capabilities/securityCapability.d.ts +32 -0
- package/dist/capabilities/securityCapability.d.ts.map +1 -0
- package/dist/capabilities/securityCapability.js +57 -0
- package/dist/capabilities/securityCapability.js.map +1 -0
- package/dist/capabilities/ultimateSecurityCapability.d.ts +42 -0
- package/dist/capabilities/ultimateSecurityCapability.d.ts.map +1 -0
- package/dist/capabilities/ultimateSecurityCapability.js +96 -0
- package/dist/capabilities/ultimateSecurityCapability.js.map +1 -0
- package/dist/core/LazyLoader.d.ts +129 -0
- package/dist/core/LazyLoader.d.ts.map +1 -0
- package/dist/core/LazyLoader.js +240 -0
- package/dist/core/LazyLoader.js.map +1 -0
- package/dist/core/intelligenceTools.d.ts +19 -0
- package/dist/core/intelligenceTools.d.ts.map +1 -0
- package/dist/core/intelligenceTools.js +453 -0
- package/dist/core/intelligenceTools.js.map +1 -0
- package/dist/core/operationalTools.d.ts +19 -0
- package/dist/core/operationalTools.d.ts.map +1 -0
- package/dist/core/operationalTools.js +467 -0
- package/dist/core/operationalTools.js.map +1 -0
- package/dist/offensive/core/offensive-engine.d.ts +171 -0
- package/dist/offensive/core/offensive-engine.d.ts.map +1 -0
- package/dist/offensive/core/offensive-engine.js +345 -0
- package/dist/offensive/core/offensive-engine.js.map +1 -0
- package/dist/offensive/core/offensive-integration.d.ts +129 -0
- package/dist/offensive/core/offensive-integration.d.ts.map +1 -0
- package/dist/offensive/core/offensive-integration.js +364 -0
- package/dist/offensive/core/offensive-integration.js.map +1 -0
- package/dist/offensive/core/offensive-tools.d.ts +55 -0
- package/dist/offensive/core/offensive-tools.d.ts.map +1 -0
- package/dist/offensive/core/offensive-tools.js +438 -0
- package/dist/offensive/core/offensive-tools.js.map +1 -0
- package/dist/offensive/offensive-cli.d.ts +48 -0
- package/dist/offensive/offensive-cli.d.ts.map +1 -0
- package/dist/offensive/offensive-cli.js +233 -0
- package/dist/offensive/offensive-cli.js.map +1 -0
- package/dist/plugins/index.d.ts +1 -1
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +2 -0
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/tools/cloud/cloudPlugin.d.ts +3 -0
- package/dist/plugins/tools/cloud/cloudPlugin.d.ts.map +1 -0
- package/dist/plugins/tools/cloud/cloudPlugin.js +14 -0
- package/dist/plugins/tools/cloud/cloudPlugin.js.map +1 -0
- package/dist/plugins/tools/nodeDefaults.d.ts.map +1 -1
- package/dist/plugins/tools/nodeDefaults.js +2 -0
- package/dist/plugins/tools/nodeDefaults.js.map +1 -1
- package/dist/security/advanced-persistence-research.d.ts +92 -0
- package/dist/security/advanced-persistence-research.d.ts.map +1 -0
- package/dist/security/advanced-persistence-research.js +195 -0
- package/dist/security/advanced-persistence-research.js.map +1 -0
- package/dist/security/apt-simulation-cli.d.ts +57 -0
- package/dist/security/apt-simulation-cli.d.ts.map +1 -0
- package/dist/security/apt-simulation-cli.js +278 -0
- package/dist/security/apt-simulation-cli.js.map +1 -0
- package/dist/security/apt-simulation-engine-complete.d.ts +97 -0
- package/dist/security/apt-simulation-engine-complete.d.ts.map +1 -0
- package/dist/security/apt-simulation-engine-complete.js +441 -0
- package/dist/security/apt-simulation-engine-complete.js.map +1 -0
- package/dist/security/apt-simulation-engine.d.ts +97 -0
- package/dist/security/apt-simulation-engine.d.ts.map +1 -0
- package/dist/security/apt-simulation-engine.js +441 -0
- package/dist/security/apt-simulation-engine.js.map +1 -0
- package/dist/security/assessment/vulnerabilityAssessment.d.ts +104 -0
- package/dist/security/assessment/vulnerabilityAssessment.d.ts.map +1 -0
- package/dist/security/assessment/vulnerabilityAssessment.js +315 -0
- package/dist/security/assessment/vulnerabilityAssessment.js.map +1 -0
- package/dist/security/authorization/securityAuthorization.d.ts +88 -0
- package/dist/security/authorization/securityAuthorization.d.ts.map +1 -0
- package/dist/security/authorization/securityAuthorization.js +172 -0
- package/dist/security/authorization/securityAuthorization.js.map +1 -0
- package/dist/security/authorization.d.ts +45 -0
- package/dist/security/authorization.d.ts.map +1 -0
- package/dist/security/authorization.js +128 -0
- package/dist/security/authorization.js.map +1 -0
- package/dist/security/comprehensive-security-research.d.ts +84 -0
- package/dist/security/comprehensive-security-research.d.ts.map +1 -0
- package/dist/security/comprehensive-security-research.js +211 -0
- package/dist/security/comprehensive-security-research.js.map +1 -0
- package/dist/security/offensive/exploitationEngine.d.ts +54 -0
- package/dist/security/offensive/exploitationEngine.d.ts.map +1 -0
- package/dist/security/offensive/exploitationEngine.js +263 -0
- package/dist/security/offensive/exploitationEngine.js.map +1 -0
- package/dist/security/persistence-analyzer.d.ts +56 -0
- package/dist/security/persistence-analyzer.d.ts.map +1 -0
- package/dist/security/persistence-analyzer.js +187 -0
- package/dist/security/persistence-analyzer.js.map +1 -0
- package/dist/security/persistence-cli.d.ts +36 -0
- package/dist/security/persistence-cli.d.ts.map +1 -0
- package/dist/security/persistence-cli.js +160 -0
- package/dist/security/persistence-cli.js.map +1 -0
- package/dist/security/persistence-research.d.ts +100 -0
- package/dist/security/persistence-research.d.ts.map +1 -0
- package/dist/security/persistence-research.js +372 -0
- package/dist/security/persistence-research.js.map +1 -0
- package/dist/security/real/networkExploitation.d.ts +92 -0
- package/dist/security/real/networkExploitation.d.ts.map +1 -0
- package/dist/security/real/networkExploitation.js +316 -0
- package/dist/security/real/networkExploitation.js.map +1 -0
- package/dist/security/real/persistenceImplementation.d.ts +62 -0
- package/dist/security/real/persistenceImplementation.d.ts.map +1 -0
- package/dist/security/real/persistenceImplementation.js +323 -0
- package/dist/security/real/persistenceImplementation.js.map +1 -0
- package/dist/security/real/vulnerabilityScanner.d.ts +73 -0
- package/dist/security/real/vulnerabilityScanner.d.ts.map +1 -0
- package/dist/security/real/vulnerabilityScanner.js +341 -0
- package/dist/security/real/vulnerabilityScanner.js.map +1 -0
- package/dist/security/research/persistenceResearch.d.ts +97 -0
- package/dist/security/research/persistenceResearch.d.ts.map +1 -0
- package/dist/security/research/persistenceResearch.js +282 -0
- package/dist/security/research/persistenceResearch.js.map +1 -0
- package/dist/security/security-testing-framework.d.ts +120 -0
- package/dist/security/security-testing-framework.d.ts.map +1 -0
- package/dist/security/security-testing-framework.js +372 -0
- package/dist/security/security-testing-framework.js.map +1 -0
- package/dist/security/simulation/attackSimulation.d.ts +93 -0
- package/dist/security/simulation/attackSimulation.d.ts.map +1 -0
- package/dist/security/simulation/attackSimulation.js +341 -0
- package/dist/security/simulation/attackSimulation.js.map +1 -0
- package/dist/shell/bracketedPasteManager.d.ts +76 -0
- package/dist/shell/bracketedPasteManager.d.ts.map +1 -1
- package/dist/shell/bracketedPasteManager.js +267 -9
- package/dist/shell/bracketedPasteManager.js.map +1 -1
- package/dist/shell/interactiveShell.d.ts +34 -1
- package/dist/shell/interactiveShell.d.ts.map +1 -1
- package/dist/shell/interactiveShell.js +304 -24
- package/dist/shell/interactiveShell.js.map +1 -1
- package/dist/shell/taskCompletionDetector.d.ts +101 -0
- package/dist/shell/taskCompletionDetector.d.ts.map +1 -0
- package/dist/shell/taskCompletionDetector.js +343 -0
- package/dist/shell/taskCompletionDetector.js.map +1 -0
- package/dist/tools/cloudTools.d.ts +57 -0
- package/dist/tools/cloudTools.d.ts.map +1 -0
- package/dist/tools/cloudTools.js +865 -0
- package/dist/tools/cloudTools.js.map +1 -0
- package/dist/tools/enhancedSecurityTools.d.ts +19 -0
- package/dist/tools/enhancedSecurityTools.d.ts.map +1 -0
- package/dist/tools/enhancedSecurityTools.js +215 -0
- package/dist/tools/enhancedSecurityTools.js.map +1 -0
- package/dist/tools/offensiveSecurityTools.d.ts +16 -0
- package/dist/tools/offensiveSecurityTools.d.ts.map +1 -0
- package/dist/tools/offensiveSecurityTools.js +285 -0
- package/dist/tools/offensiveSecurityTools.js.map +1 -0
- package/dist/tools/realSecurityTools.d.ts +18 -0
- package/dist/tools/realSecurityTools.d.ts.map +1 -0
- package/dist/tools/realSecurityTools.js +468 -0
- package/dist/tools/realSecurityTools.js.map +1 -0
- package/dist/tools/securityTools.d.ts +20 -0
- package/dist/tools/securityTools.d.ts.map +1 -0
- package/dist/tools/securityTools.js +449 -0
- package/dist/tools/securityTools.js.map +1 -0
- package/package.json +27 -12
- package/scripts/deploy-security-capabilities.js +178 -0
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Authorization Framework for Security Testing
|
|
3
|
+
*
|
|
4
|
+
* Provides authorization validation and scope management for security tools.
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* Authorization Manager for Security Testing
|
|
8
|
+
*/
|
|
9
|
+
export class AuthorizationManager {
|
|
10
|
+
activeAuthorizations = new Map();
|
|
11
|
+
/**
|
|
12
|
+
* Request authorization for security testing
|
|
13
|
+
*/
|
|
14
|
+
requestAuthorization(scope, authorizationToken) {
|
|
15
|
+
// In production, this would validate against an authorization service
|
|
16
|
+
// For now, we'll use environment variables for demo
|
|
17
|
+
const envToken = process.env.SECURITY_AUTHORIZATION_TOKEN;
|
|
18
|
+
const bypassAuth = process.env.BYPASS_AUTHORIZATION === 'true';
|
|
19
|
+
if (bypassAuth) {
|
|
20
|
+
console.warn('⚠️ AUTHORIZATION BYPASSED - FOR DEVELOPMENT ONLY');
|
|
21
|
+
this.activeAuthorizations.set('default', scope);
|
|
22
|
+
return { authorized: true, scope };
|
|
23
|
+
}
|
|
24
|
+
if (!envToken && !authorizationToken) {
|
|
25
|
+
return {
|
|
26
|
+
authorized: false,
|
|
27
|
+
reason: 'No authorization token provided. Set SECURITY_AUTHORIZATION_TOKEN environment variable.'
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
if (authorizationToken && authorizationToken !== envToken) {
|
|
31
|
+
return {
|
|
32
|
+
authorized: false,
|
|
33
|
+
reason: 'Invalid authorization token'
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
// Validate scope
|
|
37
|
+
if (scope.endTime < new Date()) {
|
|
38
|
+
return {
|
|
39
|
+
authorized: false,
|
|
40
|
+
reason: 'Authorization scope has expired'
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
if (scope.targets.length === 0) {
|
|
44
|
+
return {
|
|
45
|
+
authorized: false,
|
|
46
|
+
reason: 'No targets specified in authorization scope'
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
this.activeAuthorizations.set('default', scope);
|
|
50
|
+
return { authorized: true, scope };
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Validate if a specific operation is authorized
|
|
54
|
+
*/
|
|
55
|
+
validateOperation(target, technique) {
|
|
56
|
+
const scope = this.activeAuthorizations.get('default');
|
|
57
|
+
if (!scope) {
|
|
58
|
+
return {
|
|
59
|
+
authorized: false,
|
|
60
|
+
reason: 'No active authorization scope found'
|
|
61
|
+
};
|
|
62
|
+
}
|
|
63
|
+
// Check if target is authorized
|
|
64
|
+
const targetAuthorized = scope.targets.some(authorizedTarget => target.includes(authorizedTarget) || authorizedTarget === '*');
|
|
65
|
+
if (!targetAuthorized) {
|
|
66
|
+
return {
|
|
67
|
+
authorized: false,
|
|
68
|
+
reason: `Target '${target}' not authorized in scope`
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
// Check if technique is authorized
|
|
72
|
+
const techniqueAuthorized = scope.techniques.some(authorizedTechnique => technique.includes(authorizedTechnique) || authorizedTechnique === '*');
|
|
73
|
+
if (!techniqueAuthorized) {
|
|
74
|
+
return {
|
|
75
|
+
authorized: false,
|
|
76
|
+
reason: `Technique '${technique}' not authorized in scope`
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
// Check time validity
|
|
80
|
+
const now = new Date();
|
|
81
|
+
if (now < scope.startTime || now > scope.endTime) {
|
|
82
|
+
return {
|
|
83
|
+
authorized: false,
|
|
84
|
+
reason: 'Authorization scope time window invalid'
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
return { authorized: true, scope };
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Get current authorization status
|
|
91
|
+
*/
|
|
92
|
+
getAuthorizationStatus() {
|
|
93
|
+
const scope = this.activeAuthorizations.get('default');
|
|
94
|
+
if (!scope) {
|
|
95
|
+
return {
|
|
96
|
+
authorized: false,
|
|
97
|
+
reason: 'No active authorization'
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
return { authorized: true, scope };
|
|
101
|
+
}
|
|
102
|
+
/**
|
|
103
|
+
* Clear current authorization
|
|
104
|
+
*/
|
|
105
|
+
clearAuthorization() {
|
|
106
|
+
this.activeAuthorizations.delete('default');
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Generate authorization report
|
|
110
|
+
*/
|
|
111
|
+
generateAuthorizationReport() {
|
|
112
|
+
const scope = this.activeAuthorizations.get('default');
|
|
113
|
+
if (!scope) {
|
|
114
|
+
return 'No active authorization';
|
|
115
|
+
}
|
|
116
|
+
let report = 'SECURITY AUTHORIZATION REPORT\n';
|
|
117
|
+
report += '='.repeat(50) + '\n';
|
|
118
|
+
report += `Authorized By: ${scope.authorizedBy}\n`;
|
|
119
|
+
report += `Contact: ${scope.contactInfo}\n`;
|
|
120
|
+
report += `Start Time: ${scope.startTime.toISOString()}\n`;
|
|
121
|
+
report += `End Time: ${scope.endTime.toISOString()}\n`;
|
|
122
|
+
report += `\nAuthorized Targets: ${scope.targets.join(', ')}\n`;
|
|
123
|
+
report += `Authorized Techniques: ${scope.techniques.join(', ')}\n`;
|
|
124
|
+
report += `\nStatus: ACTIVE\n`;
|
|
125
|
+
return report;
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
//# sourceMappingURL=authorization.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorization.js","sourceRoot":"","sources":["../../src/security/authorization.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAiBH;;GAEG;AACH,MAAM,OAAO,oBAAoB;IACvB,oBAAoB,GAAoC,IAAI,GAAG,EAAE,CAAC;IAE1E;;OAEG;IACH,oBAAoB,CAClB,KAAyB,EACzB,kBAA2B;QAE3B,sEAAsE;QACtE,oDAAoD;QAEpD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM,CAAC;QAE/D,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YAClE,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAChD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,QAAQ,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACrC,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,yFAAyF;aAClG,CAAC;QACJ,CAAC;QAED,IAAI,kBAAkB,IAAI,kBAAkB,KAAK,QAAQ,EAAE,CAAC;YAC1D,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,6BAA6B;aACtC,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,IAAI,KAAK,CAAC,OAAO,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC/B,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,iCAAiC;aAC1C,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,6CAA6C;aACtD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAEhD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,iBAAiB,CACf,MAAc,EACd,SAAiB;QAEjB,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,qCAAqC;aAC9C,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAC7D,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,KAAK,GAAG,CAC9D,CAAC;QAEF,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,WAAW,MAAM,2BAA2B;aACrD,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,mBAAmB,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,CACtE,SAAS,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,mBAAmB,KAAK,GAAG,CACvE,CAAC;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,cAAc,SAAS,2BAA2B;aAC3D,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,KAAK,CAAC,SAAS,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;YACjD,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,yCAAyC;aAClD,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,yBAAyB;aAClC,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,2BAA2B;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEvD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,yBAAyB,CAAC;QACnC,CAAC;QAED,IAAI,MAAM,GAAG,iCAAiC,CAAC;QAC/C,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC;QAChC,MAAM,IAAI,kBAAkB,KAAK,CAAC,YAAY,IAAI,CAAC;QACnD,MAAM,IAAI,YAAY,KAAK,CAAC,WAAW,IAAI,CAAC;QAC5C,MAAM,IAAI,eAAe,KAAK,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC;QAC3D,MAAM,IAAI,aAAa,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC;QACvD,MAAM,IAAI,yBAAyB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAChE,MAAM,IAAI,0BAA0B,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QACpE,MAAM,IAAI,oBAAoB,CAAC;QAE/B,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Comprehensive Security Research Framework
|
|
3
|
+
*
|
|
4
|
+
* Unified security research toolkit for authorized penetration testing,
|
|
5
|
+
* red team exercises, and security research across enterprise, cloud,
|
|
6
|
+
* and infrastructure environments.
|
|
7
|
+
*
|
|
8
|
+
* This framework integrates:
|
|
9
|
+
* - Advanced persistence research
|
|
10
|
+
* - Attack simulation capabilities
|
|
11
|
+
* - Cloud security testing
|
|
12
|
+
* - Network infrastructure analysis
|
|
13
|
+
* - Detection evasion research
|
|
14
|
+
*
|
|
15
|
+
* LEGAL NOTICE:
|
|
16
|
+
* For authorized security research, penetration testing, and red team exercises only.
|
|
17
|
+
* Requires explicit authorization and scope definition.
|
|
18
|
+
*/
|
|
19
|
+
import { AuthorizationRecord } from '../alpha-zero/security/core.js';
|
|
20
|
+
import { AttackCategory } from '../alpha-zero/security/simulation.js';
|
|
21
|
+
import { Platform, PersistenceCategory } from './advanced-persistence-research.js';
|
|
22
|
+
export interface SecurityResearchScope {
|
|
23
|
+
targetDomains: string[];
|
|
24
|
+
platforms: Platform[];
|
|
25
|
+
categories: PersistenceCategory[];
|
|
26
|
+
attackCategories: AttackCategory[];
|
|
27
|
+
stealthRequirements: number;
|
|
28
|
+
complexityLimit: 'low' | 'medium' | 'high' | 'advanced';
|
|
29
|
+
}
|
|
30
|
+
export interface SecurityResearchReport {
|
|
31
|
+
authorization: AuthorizationRecord;
|
|
32
|
+
scope: SecurityResearchScope;
|
|
33
|
+
persistenceAnalysis: string;
|
|
34
|
+
attackSimulationResults: string;
|
|
35
|
+
recommendations: string[];
|
|
36
|
+
riskAssessment: string;
|
|
37
|
+
generatedAt: string;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Comprehensive Security Research Engine
|
|
41
|
+
*/
|
|
42
|
+
export declare class ComprehensiveSecurityResearchEngine {
|
|
43
|
+
private persistenceEngine;
|
|
44
|
+
private attackSimulator?;
|
|
45
|
+
private authorization;
|
|
46
|
+
constructor(authorization: AuthorizationRecord);
|
|
47
|
+
/**
|
|
48
|
+
* Initialize attack simulation capabilities
|
|
49
|
+
*/
|
|
50
|
+
initializeAttackSimulation(): void;
|
|
51
|
+
/**
|
|
52
|
+
* Generate comprehensive security research report
|
|
53
|
+
*/
|
|
54
|
+
generateComprehensiveReport(scope: SecurityResearchScope): Promise<SecurityResearchReport>;
|
|
55
|
+
/**
|
|
56
|
+
* Generate attack simulation report
|
|
57
|
+
*/
|
|
58
|
+
private generateAttackSimulationReport;
|
|
59
|
+
/**
|
|
60
|
+
* Generate security recommendations
|
|
61
|
+
*/
|
|
62
|
+
private generateRecommendations;
|
|
63
|
+
/**
|
|
64
|
+
* Generate risk assessment
|
|
65
|
+
*/
|
|
66
|
+
private generateRiskAssessment;
|
|
67
|
+
/**
|
|
68
|
+
* Export report to file
|
|
69
|
+
*/
|
|
70
|
+
exportReportToFile(report: SecurityResearchReport, filePath: string): Promise<void>;
|
|
71
|
+
/**
|
|
72
|
+
* Format report for export
|
|
73
|
+
*/
|
|
74
|
+
private formatReportForExport;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Create security research engine with bug bounty authorization
|
|
78
|
+
*/
|
|
79
|
+
export declare function createBugBountyResearchEngine(targetDomain: string, programName: string, scopeLimitations?: string[], outOfScope?: string[]): ComprehensiveSecurityResearchEngine;
|
|
80
|
+
/**
|
|
81
|
+
* Example usage for security research
|
|
82
|
+
*/
|
|
83
|
+
export declare function runExampleSecurityResearch(): Promise<SecurityResearchReport>;
|
|
84
|
+
//# sourceMappingURL=comprehensive-security-research.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"comprehensive-security-research.d.ts","sourceRoot":"","sources":["../../src/security/comprehensive-security-research.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,mBAAmB,EAAoD,MAAM,gCAAgC,CAAC;AACvH,OAAO,EAAmB,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACvF,OAAO,EAAqC,QAAQ,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEtH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,gBAAgB,EAAE,cAAc,EAAE,CAAC;IACnC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,eAAe,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CACzD;AAED,MAAM,WAAW,sBAAsB;IACrC,aAAa,EAAE,mBAAmB,CAAC;IACnC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,uBAAuB,EAAE,MAAM,CAAC;IAChC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,qBAAa,mCAAmC;IAC9C,OAAO,CAAC,iBAAiB,CAAoC;IAC7D,OAAO,CAAC,eAAe,CAAC,CAAkB;IAC1C,OAAO,CAAC,aAAa,CAAsB;gBAE/B,aAAa,EAAE,mBAAmB;IAK9C;;OAEG;IACH,0BAA0B,IAAI,IAAI;IAIlC;;OAEG;IACG,2BAA2B,CAAC,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA4BhG;;OAEG;YACW,8BAA8B;IAmC5C;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0C/B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IA4B9B;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE,sBAAsB,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IASzF;;OAEG;IACH,OAAO,CAAC,qBAAqB;CAiC9B;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAC3C,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,gBAAgB,GAAE,MAAM,EAAO,EAC/B,UAAU,GAAE,MAAM,EAAO,GACxB,mCAAmC,CASrC;AAED;;GAEG;AACH,wBAAsB,0BAA0B,oCA6B/C"}
|
|
@@ -0,0 +1,211 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Comprehensive Security Research Framework
|
|
3
|
+
*
|
|
4
|
+
* Unified security research toolkit for authorized penetration testing,
|
|
5
|
+
* red team exercises, and security research across enterprise, cloud,
|
|
6
|
+
* and infrastructure environments.
|
|
7
|
+
*
|
|
8
|
+
* This framework integrates:
|
|
9
|
+
* - Advanced persistence research
|
|
10
|
+
* - Attack simulation capabilities
|
|
11
|
+
* - Cloud security testing
|
|
12
|
+
* - Network infrastructure analysis
|
|
13
|
+
* - Detection evasion research
|
|
14
|
+
*
|
|
15
|
+
* LEGAL NOTICE:
|
|
16
|
+
* For authorized security research, penetration testing, and red team exercises only.
|
|
17
|
+
* Requires explicit authorization and scope definition.
|
|
18
|
+
*/
|
|
19
|
+
import { createBugBountyAuthorization } from '../alpha-zero/security/core.js';
|
|
20
|
+
import { AttackSimulator, AttackCategory } from '../alpha-zero/security/simulation.js';
|
|
21
|
+
import { AdvancedPersistenceResearchEngine, Platform, PersistenceCategory } from './advanced-persistence-research.js';
|
|
22
|
+
/**
|
|
23
|
+
* Comprehensive Security Research Engine
|
|
24
|
+
*/
|
|
25
|
+
export class ComprehensiveSecurityResearchEngine {
|
|
26
|
+
persistenceEngine;
|
|
27
|
+
attackSimulator;
|
|
28
|
+
authorization;
|
|
29
|
+
constructor(authorization) {
|
|
30
|
+
this.persistenceEngine = new AdvancedPersistenceResearchEngine();
|
|
31
|
+
this.authorization = authorization;
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Initialize attack simulation capabilities
|
|
35
|
+
*/
|
|
36
|
+
initializeAttackSimulation() {
|
|
37
|
+
this.attackSimulator = new AttackSimulator(this.authorization);
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Generate comprehensive security research report
|
|
41
|
+
*/
|
|
42
|
+
async generateComprehensiveReport(scope) {
|
|
43
|
+
const report = {
|
|
44
|
+
authorization: this.authorization,
|
|
45
|
+
scope,
|
|
46
|
+
persistenceAnalysis: '',
|
|
47
|
+
attackSimulationResults: '',
|
|
48
|
+
recommendations: [],
|
|
49
|
+
riskAssessment: '',
|
|
50
|
+
generatedAt: new Date().toISOString()
|
|
51
|
+
};
|
|
52
|
+
// Generate persistence analysis
|
|
53
|
+
report.persistenceAnalysis = this.persistenceEngine.generateResearchReport(scope.platforms);
|
|
54
|
+
// Generate attack simulation results if simulator is available
|
|
55
|
+
if (this.attackSimulator) {
|
|
56
|
+
report.attackSimulationResults = await this.generateAttackSimulationReport(scope);
|
|
57
|
+
}
|
|
58
|
+
// Generate recommendations
|
|
59
|
+
report.recommendations = this.generateRecommendations(scope);
|
|
60
|
+
// Generate risk assessment
|
|
61
|
+
report.riskAssessment = this.generateRiskAssessment(scope);
|
|
62
|
+
return report;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Generate attack simulation report
|
|
66
|
+
*/
|
|
67
|
+
async generateAttackSimulationReport(scope) {
|
|
68
|
+
if (!this.attackSimulator)
|
|
69
|
+
return 'Attack simulation not initialized';
|
|
70
|
+
const results = [];
|
|
71
|
+
results.push('ATTACK SIMULATION RESULTS');
|
|
72
|
+
results.push('='.repeat(60));
|
|
73
|
+
// Simulate attacks based on scope
|
|
74
|
+
for (const category of scope.attackCategories) {
|
|
75
|
+
const vectors = this.attackSimulator.getVectorsByCategory(category);
|
|
76
|
+
if (vectors.length > 0) {
|
|
77
|
+
results.push(`\n## ${category.toUpperCase()} ATTACKS`);
|
|
78
|
+
for (const vector of vectors.slice(0, 3)) { // Limit to top 3 per category
|
|
79
|
+
results.push(`\n### ${vector.name}`);
|
|
80
|
+
results.push(`- **Description**: ${vector.description}`);
|
|
81
|
+
results.push(`- **Stealth**: ${vector.stealthRating}/5`);
|
|
82
|
+
results.push(`- **Complexity**: ${vector.complexity}`);
|
|
83
|
+
// Generate payloads for demonstration
|
|
84
|
+
const payloads = this.attackSimulator.generatePayloads(vector.id);
|
|
85
|
+
if (payloads.length > 0) {
|
|
86
|
+
results.push('\nSample Payloads:');
|
|
87
|
+
payloads.slice(0, 2).forEach(payload => {
|
|
88
|
+
results.push(` - ${payload}`);
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
return results.join('\n');
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* Generate security recommendations
|
|
98
|
+
*/
|
|
99
|
+
generateRecommendations(scope) {
|
|
100
|
+
const recommendations = [];
|
|
101
|
+
// Platform-specific recommendations
|
|
102
|
+
if (scope.platforms.includes(Platform.WINDOWS)) {
|
|
103
|
+
recommendations.push('Implement Credential Guard and LSA protection for Windows environments', 'Regularly rotate krbtgt account password (twice) to prevent Golden Ticket attacks', 'Monitor for ACL modifications on sensitive domain objects', 'Use Microsoft ATA or Azure Sentinel for advanced threat detection');
|
|
104
|
+
}
|
|
105
|
+
if (scope.platforms.includes(Platform.AWS) || scope.platforms.includes(Platform.AZURE) || scope.platforms.includes(Platform.GCP)) {
|
|
106
|
+
recommendations.push('Implement least privilege for cloud IAM roles and service accounts', 'Monitor cloud audit logs for suspicious activity', 'Disable service account key creation where possible', 'Use cloud security posture management tools');
|
|
107
|
+
}
|
|
108
|
+
if (scope.platforms.includes(Platform.KUBERNETES) || scope.platforms.includes(Platform.DOCKER)) {
|
|
109
|
+
recommendations.push('Implement Pod Security Standards for Kubernetes', 'Use admission controllers (OPA Gatekeeper) for policy enforcement', 'Scan container images for vulnerabilities', 'Monitor for privileged container deployments');
|
|
110
|
+
}
|
|
111
|
+
// General recommendations
|
|
112
|
+
recommendations.push('Implement comprehensive logging and monitoring', 'Conduct regular security assessments and penetration tests', 'Establish incident response procedures', 'Provide security awareness training');
|
|
113
|
+
return recommendations;
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Generate risk assessment
|
|
117
|
+
*/
|
|
118
|
+
generateRiskAssessment(scope) {
|
|
119
|
+
const risks = [];
|
|
120
|
+
let overallRisk = 'LOW';
|
|
121
|
+
// Assess risk based on scope
|
|
122
|
+
if (scope.platforms.includes(Platform.WINDOWS)) {
|
|
123
|
+
risks.push('Active Directory environments are high-value targets for persistence');
|
|
124
|
+
overallRisk = 'HIGH';
|
|
125
|
+
}
|
|
126
|
+
if (scope.platforms.includes(Platform.AWS) || scope.platforms.includes(Platform.AZURE) || scope.platforms.includes(Platform.GCP)) {
|
|
127
|
+
risks.push('Cloud misconfigurations can lead to widespread compromise');
|
|
128
|
+
overallRisk = overallRisk === 'LOW' ? 'MEDIUM' : overallRisk;
|
|
129
|
+
}
|
|
130
|
+
if (scope.platforms.includes(Platform.KUBERNETES)) {
|
|
131
|
+
risks.push('Container orchestration platforms provide extensive attack surface');
|
|
132
|
+
overallRisk = overallRisk === 'LOW' ? 'MEDIUM' : overallRisk;
|
|
133
|
+
}
|
|
134
|
+
if (scope.stealthRequirements >= 4) {
|
|
135
|
+
risks.push('High stealth requirements indicate advanced threat actor capabilities');
|
|
136
|
+
overallRisk = 'HIGH';
|
|
137
|
+
}
|
|
138
|
+
return `Overall Risk: ${overallRisk}\n\nKey Risk Factors:\n${risks.map(risk => `- ${risk}`).join('\n')}`;
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Export report to file
|
|
142
|
+
*/
|
|
143
|
+
async exportReportToFile(report, filePath) {
|
|
144
|
+
const reportContent = this.formatReportForExport(report);
|
|
145
|
+
// In a real implementation, this would write to file
|
|
146
|
+
// For now, we'll just log it
|
|
147
|
+
console.log(`Report would be exported to: ${filePath}`);
|
|
148
|
+
console.log(reportContent);
|
|
149
|
+
}
|
|
150
|
+
/**
|
|
151
|
+
* Format report for export
|
|
152
|
+
*/
|
|
153
|
+
formatReportForExport(report) {
|
|
154
|
+
const lines = [];
|
|
155
|
+
lines.push('COMPREHENSIVE SECURITY RESEARCH REPORT');
|
|
156
|
+
lines.push('='.repeat(80));
|
|
157
|
+
lines.push(`Generated: ${report.generatedAt}`);
|
|
158
|
+
lines.push(`Authorization: ${report.authorization.authorizedBy}`);
|
|
159
|
+
lines.push(`Scope: ${report.authorization.scope}`);
|
|
160
|
+
lines.push('');
|
|
161
|
+
lines.push('1. PERSISTENCE ANALYSIS');
|
|
162
|
+
lines.push('-'.repeat(40));
|
|
163
|
+
lines.push(report.persistenceAnalysis);
|
|
164
|
+
lines.push('');
|
|
165
|
+
lines.push('2. ATTACK SIMULATION RESULTS');
|
|
166
|
+
lines.push('-'.repeat(40));
|
|
167
|
+
lines.push(report.attackSimulationResults);
|
|
168
|
+
lines.push('');
|
|
169
|
+
lines.push('3. SECURITY RECOMMENDATIONS');
|
|
170
|
+
lines.push('-'.repeat(40));
|
|
171
|
+
report.recommendations.forEach((rec, index) => {
|
|
172
|
+
lines.push(`${index + 1}. ${rec}`);
|
|
173
|
+
});
|
|
174
|
+
lines.push('');
|
|
175
|
+
lines.push('4. RISK ASSESSMENT');
|
|
176
|
+
lines.push('-'.repeat(40));
|
|
177
|
+
lines.push(report.riskAssessment);
|
|
178
|
+
return lines.join('\n');
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
/**
|
|
182
|
+
* Create security research engine with bug bounty authorization
|
|
183
|
+
*/
|
|
184
|
+
export function createBugBountyResearchEngine(targetDomain, programName, scopeLimitations = [], outOfScope = []) {
|
|
185
|
+
const authorization = createBugBountyAuthorization(targetDomain, programName, scopeLimitations, outOfScope);
|
|
186
|
+
return new ComprehensiveSecurityResearchEngine(authorization);
|
|
187
|
+
}
|
|
188
|
+
/**
|
|
189
|
+
* Example usage for security research
|
|
190
|
+
*/
|
|
191
|
+
export async function runExampleSecurityResearch() {
|
|
192
|
+
// Create research engine with bug bounty authorization
|
|
193
|
+
const researchEngine = createBugBountyResearchEngine('example.com', 'Example Bug Bounty Program', ['Production systems only', 'No destructive testing'], ['Staging environments', 'Third-party services']);
|
|
194
|
+
// Initialize attack simulation
|
|
195
|
+
researchEngine.initializeAttackSimulation();
|
|
196
|
+
// Define research scope
|
|
197
|
+
const scope = {
|
|
198
|
+
targetDomains: ['example.com'],
|
|
199
|
+
platforms: [Platform.WINDOWS, Platform.AWS, Platform.KUBERNETES],
|
|
200
|
+
categories: [PersistenceCategory.ENTERPRISE, PersistenceCategory.CLOUD, PersistenceCategory.CONTAINER],
|
|
201
|
+
attackCategories: [AttackCategory.WEB_APPLICATION, AttackCategory.AUTHENTICATION, AttackCategory.INJECTION],
|
|
202
|
+
stealthRequirements: 4,
|
|
203
|
+
complexityLimit: 'high'
|
|
204
|
+
};
|
|
205
|
+
// Generate comprehensive report
|
|
206
|
+
const report = await researchEngine.generateComprehensiveReport(scope);
|
|
207
|
+
// Export report
|
|
208
|
+
await researchEngine.exportReportToFile(report, './security-research-report.txt');
|
|
209
|
+
return report;
|
|
210
|
+
}
|
|
211
|
+
//# sourceMappingURL=comprehensive-security-research.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"comprehensive-security-research.js","sourceRoot":"","sources":["../../src/security/comprehensive-security-research.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAA2C,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACvH,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACvF,OAAO,EAAE,iCAAiC,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAqBtH;;GAEG;AACH,MAAM,OAAO,mCAAmC;IACtC,iBAAiB,CAAoC;IACrD,eAAe,CAAmB;IAClC,aAAa,CAAsB;IAE3C,YAAY,aAAkC;QAC5C,IAAI,CAAC,iBAAiB,GAAG,IAAI,iCAAiC,EAAE,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,0BAA0B;QACxB,IAAI,CAAC,eAAe,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,2BAA2B,CAAC,KAA4B;QAC5D,MAAM,MAAM,GAA2B;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,KAAK;YACL,mBAAmB,EAAE,EAAE;YACvB,uBAAuB,EAAE,EAAE;YAC3B,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,EAAE;YAClB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC;QAEF,gCAAgC;QAChC,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC,iBAAiB,CAAC,sBAAsB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAE5F,+DAA+D;QAC/D,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,CAAC,uBAAuB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,KAAK,CAAC,CAAC;QACpF,CAAC;QAED,2BAA2B;QAC3B,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAE7D,2BAA2B;QAC3B,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE3D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,8BAA8B,CAAC,KAA4B;QACvE,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAO,mCAAmC,CAAC;QAEtE,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAE7B,kCAAkC;QAClC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAEpE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CAAC,QAAQ,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;gBAEvD,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,8BAA8B;oBACxE,OAAO,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;oBACrC,OAAO,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;oBACzD,OAAO,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;oBACzD,OAAO,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;oBAEvD,sCAAsC;oBACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAgB,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACnE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACxB,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;wBACnC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;4BACrC,OAAO,CAAC,IAAI,CAAC,OAAO,OAAO,EAAE,CAAC,CAAC;wBACjC,CAAC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,KAA4B;QAC1D,MAAM,eAAe,GAAa,EAAE,CAAC;QAErC,oCAAoC;QACpC,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/C,eAAe,CAAC,IAAI,CAClB,wEAAwE,EACxE,mFAAmF,EACnF,2DAA2D,EAC3D,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjI,eAAe,CAAC,IAAI,CAClB,oEAAoE,EACpE,kDAAkD,EAClD,qDAAqD,EACrD,6CAA6C,CAC9C,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/F,eAAe,CAAC,IAAI,CAClB,iDAAiD,EACjD,mEAAmE,EACnE,2CAA2C,EAC3C,8CAA8C,CAC/C,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,eAAe,CAAC,IAAI,CAClB,gDAAgD,EAChD,4DAA4D,EAC5D,wCAAwC,EACxC,qCAAqC,CACtC,CAAC;QAEF,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,KAA4B;QACzD,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,WAAW,GAAG,KAAK,CAAC;QAExB,6BAA6B;QAC7B,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAC;YACnF,WAAW,GAAG,MAAM,CAAC;QACvB,CAAC;QAED,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjI,KAAK,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;YACxE,WAAW,GAAG,WAAW,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;QAC/D,CAAC;QAED,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;YACjF,WAAW,GAAG,WAAW,KAAK,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;QAC/D,CAAC;QAED,IAAI,KAAK,CAAC,mBAAmB,IAAI,CAAC,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;YACpF,WAAW,GAAG,MAAM,CAAC;QACvB,CAAC;QAED,OAAO,iBAAiB,WAAW,0BAA0B,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IAC3G,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAA8B,EAAE,QAAgB;QACvE,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAEzD,qDAAqD;QACrD,6BAA6B;QAC7B,OAAO,CAAC,GAAG,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,MAA8B;QAC1D,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QACrD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC,CAAC;QACnD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YAC5C,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAElC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,6BAA6B,CAC3C,YAAoB,EACpB,WAAmB,EACnB,mBAA6B,EAAE,EAC/B,aAAuB,EAAE;IAEzB,MAAM,aAAa,GAAG,4BAA4B,CAChD,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,UAAU,CACX,CAAC;IAEF,OAAO,IAAI,mCAAmC,CAAC,aAAa,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,uDAAuD;IACvD,MAAM,cAAc,GAAG,6BAA6B,CAClD,aAAa,EACb,4BAA4B,EAC5B,CAAC,yBAAyB,EAAE,wBAAwB,CAAC,EACrD,CAAC,sBAAsB,EAAE,sBAAsB,CAAC,CACjD,CAAC;IAEF,+BAA+B;IAC/B,cAAc,CAAC,0BAA0B,EAAE,CAAC;IAE5C,wBAAwB;IACxB,MAAM,KAAK,GAA0B;QACnC,aAAa,EAAE,CAAC,aAAa,CAAC;QAC9B,SAAS,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC;QAChE,UAAU,EAAE,CAAC,mBAAmB,CAAC,UAAU,EAAE,mBAAmB,CAAC,KAAK,EAAE,mBAAmB,CAAC,SAAS,CAAC;QACtG,gBAAgB,EAAE,CAAC,cAAc,CAAC,eAAe,EAAE,cAAc,CAAC,cAAc,EAAE,cAAc,CAAC,SAAS,CAAC;QAC3G,mBAAmB,EAAE,CAAC;QACtB,eAAe,EAAE,MAAM;KACxB,CAAC;IAEF,gCAAgC;IAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,2BAA2B,CAAC,KAAK,CAAC,CAAC;IAEvE,gBAAgB;IAChB,MAAM,cAAc,CAAC,kBAAkB,CAAC,MAAM,EAAE,gCAAgC,CAAC,CAAC;IAElF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Offensive Exploitation Engine
|
|
3
|
+
*
|
|
4
|
+
* Advanced exploitation capabilities for security testing.
|
|
5
|
+
*/
|
|
6
|
+
export interface ExploitResult {
|
|
7
|
+
success: boolean;
|
|
8
|
+
output: string;
|
|
9
|
+
evidence: string;
|
|
10
|
+
technique: string;
|
|
11
|
+
}
|
|
12
|
+
export interface Payload {
|
|
13
|
+
type: string;
|
|
14
|
+
content: string;
|
|
15
|
+
platform: string;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Offensive Exploitation Engine
|
|
19
|
+
*/
|
|
20
|
+
export declare class OffensiveExploitationEngine {
|
|
21
|
+
/**
|
|
22
|
+
* Generate reverse shell payloads
|
|
23
|
+
*/
|
|
24
|
+
generateReverseShell(target: string, port: number): Payload[];
|
|
25
|
+
/**
|
|
26
|
+
* Create fileless persistence
|
|
27
|
+
*/
|
|
28
|
+
createFilelessPersistence(): Promise<ExploitResult>;
|
|
29
|
+
/**
|
|
30
|
+
* Deploy web shell
|
|
31
|
+
*/
|
|
32
|
+
deployWebShell(targetPath: string, password?: string): Promise<ExploitResult>;
|
|
33
|
+
/**
|
|
34
|
+
* Create persistence via scheduled tasks
|
|
35
|
+
*/
|
|
36
|
+
createScheduledPersistence(): Promise<ExploitResult>;
|
|
37
|
+
/**
|
|
38
|
+
* Generate obfuscated payloads
|
|
39
|
+
*/
|
|
40
|
+
generateObfuscatedPayloads(): Payload[];
|
|
41
|
+
/**
|
|
42
|
+
* Create DNS tunneling setup
|
|
43
|
+
*/
|
|
44
|
+
setupDnsTunneling(domain: string): Promise<ExploitResult>;
|
|
45
|
+
/**
|
|
46
|
+
* Generate phishing templates
|
|
47
|
+
*/
|
|
48
|
+
generatePhishingTemplates(): Payload[];
|
|
49
|
+
/**
|
|
50
|
+
* Create backdoor user account
|
|
51
|
+
*/
|
|
52
|
+
createBackdoorUser(username: string, password: string): Promise<ExploitResult>;
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=exploitationEngine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exploitationEngine.d.ts","sourceRoot":"","sources":["../../../src/security/offensive/exploitationEngine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,qBAAa,2BAA2B;IAEtC;;OAEG;IACH,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,EAAE;IAkC7D;;OAEG;IACG,yBAAyB,IAAI,OAAO,CAAC,aAAa,CAAC;IAsCzD;;OAEG;IACG,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IAgC9F;;OAEG;IACG,0BAA0B,IAAI,OAAO,CAAC,aAAa,CAAC;IAqC1D;;OAEG;IACH,0BAA0B,IAAI,OAAO,EAAE;IA8BvC;;OAEG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAsB/D;;OAEG;IACH,yBAAyB,IAAI,OAAO,EAAE;IAsBtC;;OAEG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;CAoCrF"}
|