erosolar-cli 1.5.2 → 1.5.4

package/scripts/deploy-security-capabilities.js

@@ -0,0 +1,178 @@
+#!/usr/bin/env node
+
+/**
+ * Security Capabilities Deployment Script
+ * 
+ * Deploys and configures complete security testing capabilities.
+ */
+
+import { UltimateSecurityCapabilityModule } from '../dist/capabilities/ultimateSecurityCapability.js';
+import { AuthorizationManager } from '../dist/security/authorization.js';
+
+/**
+ * Deploy security capabilities
+ */
+async function deploySecurityCapabilities() {
+  console.log('🚀 DEPLOYING SECURITY CAPABILITIES');
+  console.log('='.repeat(60));
+
+  try {
+    // Check environment configuration
+    console.log('\n🔧 Checking Environment Configuration...');
+    
+    const authToken = process.env.SECURITY_AUTHORIZATION_TOKEN;
+    const bypassAuth = process.env.BYPASS_AUTHORIZATION === 'true';
+    
+    if (!authToken && !bypassAuth) {
+      console.warn('⚠️  SECURITY_AUTHORIZATION_TOKEN not set in environment');
+      console.log('💡 Set environment variable: export SECURITY_AUTHORIZATION_TOKEN="your-token"');
+      console.log('💡 Or set BYPASS_AUTHORIZATION=true for development (NOT RECOMMENDED)');
+    } else if (bypassAuth) {
+      console.warn('⚠️  AUTHORIZATION BYPASSED - FOR DEVELOPMENT ONLY');
+    } else {
+      console.log('✅ Authorization token configured');
+    }
+
+    // Create authorization manager
+    console.log('\n🔐 Creating Authorization Manager...');
+    const authManager = new AuthorizationManager();
+
+    // Create ultimate security capability
+    console.log('\n🏗️ Creating Ultimate Security Capability...');
+    const ultimateSecurity = new UltimateSecurityCapabilityModule({
+      enableExploitation: true,
+      enableAdvancedExploitation: true,
+      enablePayloadGeneration: true,
+      requireAuthorization: true,
+      authorizationManager: authManager,
+      description: 'Complete security testing capabilities deployed via script'
+    });
+
+    // Display deployment summary
+    console.log('\n📊 DEPLOYMENT SUMMARY');
+    console.log('-'.repeat(40));
+    console.log(`Capability ID: ${ultimateSecurity.id}`);
+    console.log('Configuration:');
+    console.log('  - enableExploitation: true');
+    console.log('  - enableAdvancedExploitation: true');
+    console.log('  - enablePayloadGeneration: true');
+    console.log('  - requireAuthorization: true');
+
+    console.log('\n🔧 Available Tools:');
+    console.log('  Authorization Tools (3):');
+    console.log('    - request_security_authorization');
+    console.log('    - get_authorization_status');
+    console.log('    - generate_authorization_report');
+
+    console.log('\n  Real Security Tools (11):');
+    console.log('    - real_scan_network');
+    console.log('    - real_scan_vulnerabilities');
+    console.log('    - real_exploit_sql_injection');
+    console.log('    - real_exploit_xss');
+    console.log('    - real_exploit_ssh');
+    console.log('    - real_exploit_ftp');
+    console.log('    - real_exploit_smb');
+    console.log('    - real_implement_persistence');
+    console.log('    - real_detect_persistence');
+    console.log('    - real_remove_persistence');
+    console.log('    - real_generate_security_report');
+
+    console.log('\n  Offensive Security Tools (8):');
+    console.log('    - generate_reverse_shell');
+    console.log('    - create_fileless_persistence');
+    console.log('    - deploy_web_shell');
+    console.log('    - create_scheduled_persistence');
+    console.log('    - generate_obfuscated_payloads');
+    console.log('    - setup_dns_tunneling');
+    console.log('    - generate_phishing_templates');
+    console.log('    - create_backdoor_user');
+
+    console.log('\n📋 Total: 22 Security Testing Tools');
+
+    // Test authorization status
+    console.log('\n🔍 Testing Authorization Status...');
+    const authStatus = authManager.getAuthorizationStatus();
+    console.log(`Authorization Status: ${authStatus.authorized ? 'AUTHORIZED' : 'NOT AUTHORIZED'}`);
+    if (authStatus.reason) {
+      console.log(`Reason: ${authStatus.reason}`);
+    }
+
+    // Generate deployment report
+    console.log('\n📄 Generating Deployment Report...');
+    const deploymentReport = generateDeploymentReport(ultimateSecurity, authManager);
+    console.log(deploymentReport);
+
+    console.log('\n✅ SECURITY CAPABILITIES DEPLOYMENT COMPLETED');
+    console.log('='.repeat(60));
+
+    console.log('\n💡 Next Steps:');
+    console.log('   1. Request authorization using request_security_authorization');
+    console.log('   2. Define testing scope and targets');
+    console.log('   3. Begin security testing activities');
+    console.log('   4. Generate comprehensive reports');
+    console.log('   5. Follow responsible disclosure practices');
+
+  } catch (error) {
+    console.error('❌ Deployment failed:', error);
+    process.exit(1);
+  }
+}
+
+/**
+ * Generate deployment report
+ */
+function generateDeploymentReport(capability, authManager) {
+  let report = 'SECURITY CAPABILITIES DEPLOYMENT REPORT\n';
+  report += '='.repeat(50) + '\n';
+  report += `Deployment Time: ${new Date().toISOString()}\n`;
+  report += `Capability ID: ${capability.id}\n`;
+  report += `\nConfiguration:\n`;
+  report += `  - enableExploitation: true\n`;
+  report += `  - enableAdvancedExploitation: true\n`;
+  report += `  - enablePayloadGeneration: true\n`;
+  report += `  - requireAuthorization: true\n`;
+  
+  const authStatus = authManager.getAuthorizationStatus();
+  report += `\nAuthorization Status: ${authStatus.authorized ? 'ACTIVE' : 'INACTIVE'}\n`;
+  if (authStatus.reason) {
+    report += `Authorization Reason: ${authStatus.reason}\n`;
+  }
+  
+  report += `\nAvailable Tools: 22\n`;
+  report += `  - Authorization: 3 tools\n`;
+  report += `  - Real Security: 11 tools\n`;
+  report += `  - Offensive Security: 8 tools\n`;
+  
+  report += `\nLegal Notice:\n`;
+  report += `All security testing tools require explicit authorization and scope definition.\n`;
+  report += `Intended for legitimate security testing, red team exercises, and authorized penetration testing only.\n`;
+  report += `Unauthorized use is illegal and unethical.\n`;
+  
+  return report;
+}
+
+/**
+ * Main deployment function
+ */
+async function main() {
+  console.log('🔒 Erosolar CLI Security Capabilities Deployment');
+  console.log('='.repeat(60));
+  
+  await deploySecurityCapabilities();
+  
+  console.log('\n🎉 Deployment completed successfully!');
+  console.log('\n📚 Documentation:');
+  console.log('   - docs/OFFENSIVE_SECURITY_CAPABILITIES.md');
+  console.log('   - examples/ultimate-security-testing.ts');
+  console.log('   - config/security-deployment.json');
+}
+
+// Run deployment
+if (import.meta.url === `file://${process.argv[1]}`) {
+  main().catch(error => {
+    console.error('❌ Deployment failed:', error);
+    process.exit(1);
+  });
+}
+
+export { deploySecurityCapabilities };