erosolar-cli 1.7.327 → 1.7.329

package/dist/alpha-zero/security/google.js

@@ -0,0 +1,311 @@
+/**
+ * Google Infrastructure Persistence Vector Research
+ *
+ * OPTIONAL MODULE - Only loaded when Google security research is enabled.
+ *
+ * Provides research tools for identifying persistence mechanisms
+ * in Google Cloud Platform and Google Workspace environments.
+ *
+ * AUTHORIZATION: Designed for authorized red team engagements and
+ * penetration testing of Google infrastructure under contract.
+ *
+ * Principal Investigator: Bo Shang
+ * Framework: erosolar-cli
+ */
+import { AuthorizationScope } from './core.js';
+/**
+ * Google services for persistence research
+ */
+export var GoogleService;
+(function (GoogleService) {
+    // Google Cloud Platform
+    GoogleService["GCP_COMPUTE"] = "gcp_compute_engine";
+    GoogleService["GCP_GKE"] = "gcp_kubernetes_engine";
+    GoogleService["GCP_CLOUD_FUNCTIONS"] = "gcp_cloud_functions";
+    GoogleService["GCP_IAM"] = "gcp_iam";
+    GoogleService["GCP_SERVICE_ACCOUNTS"] = "gcp_service_accounts";
+    GoogleService["GCP_CLOUD_STORAGE"] = "gcp_cloud_storage";
+    GoogleService["GCP_SECRETS_MANAGER"] = "gcp_secrets_manager";
+    // Google Workspace
+    GoogleService["WORKSPACE_GMAIL"] = "workspace_gmail";
+    GoogleService["WORKSPACE_DRIVE"] = "workspace_drive";
+    GoogleService["WORKSPACE_ADMIN"] = "workspace_admin";
+    GoogleService["WORKSPACE_APPS_SCRIPT"] = "workspace_apps_script";
+    // Google Identity
+    GoogleService["GOOGLE_OAUTH"] = "google_oauth";
+})(GoogleService || (GoogleService = {}));
+/**
+ * Categories of persistence mechanisms
+ */
+export var PersistenceCategory;
+(function (PersistenceCategory) {
+    PersistenceCategory["SERVICE_ACCOUNT_ABUSE"] = "service_account_abuse";
+    PersistenceCategory["IAM_POLICY_MODIFICATION"] = "iam_policy_modification";
+    PersistenceCategory["OAUTH_APP_CONSENT"] = "oauth_app_consent";
+    PersistenceCategory["API_KEYS"] = "api_keys";
+    PersistenceCategory["CLOUD_FUNCTION_TRIGGER"] = "cloud_function_trigger";
+    PersistenceCategory["APPS_SCRIPT_TRIGGER"] = "apps_script_trigger";
+    PersistenceCategory["DELEGATION_ABUSE"] = "delegation_abuse";
+})(PersistenceCategory || (PersistenceCategory = {}));
+/**
+ * GCP Persistence Vectors
+ */
+export const GCP_PERSISTENCE_VECTORS = {
+    sa_key_creation: {
+        name: 'Service Account Key Creation',
+        service: GoogleService.GCP_SERVICE_ACCOUNTS,
+        category: PersistenceCategory.SERVICE_ACCOUNT_ABUSE,
+        description: 'Create keys for service accounts to maintain API access',
+        techniqueId: 'T1098.001',
+        requiredPermissions: ['iam.serviceAccountKeys.create'],
+        detectionMethods: ['Cloud Audit Logs', 'Security Command Center'],
+        mitigations: ['Use Workload Identity', 'Key rotation policies'],
+        stealthRating: 2,
+    },
+    iam_binding: {
+        name: 'IAM Policy Binding',
+        service: GoogleService.GCP_IAM,
+        category: PersistenceCategory.IAM_POLICY_MODIFICATION,
+        description: 'Add IAM bindings for persistent access',
+        techniqueId: 'T1098.001',
+        requiredPermissions: ['resourcemanager.projects.setIamPolicy'],
+        detectionMethods: ['IAM audit logs', 'Policy monitoring'],
+        mitigations: ['IAM Recommender', 'Least privilege'],
+        stealthRating: 1,
+    },
+    cloud_function_backdoor: {
+        name: 'Cloud Function Backdoor',
+        service: GoogleService.GCP_CLOUD_FUNCTIONS,
+        category: PersistenceCategory.CLOUD_FUNCTION_TRIGGER,
+        description: 'Deploy function as persistent callback',
+        techniqueId: 'T1059',
+        requiredPermissions: ['cloudfunctions.functions.create'],
+        detectionMethods: ['Function deployment logs', 'Network monitoring'],
+        mitigations: ['Function allowlisting', 'Binary authorization'],
+        stealthRating: 3,
+    },
+};
+/**
+ * Workspace Persistence Vectors
+ */
+export const WORKSPACE_PERSISTENCE_VECTORS = {
+    oauth_consent: {
+        name: 'OAuth App Consent Persistence',
+        service: GoogleService.GOOGLE_OAUTH,
+        category: PersistenceCategory.OAUTH_APP_CONSENT,
+        description: 'Persist via OAuth app with broad scope consent',
+        techniqueId: 'T1550.001',
+        requiredPermissions: ['OAuth consent grant'],
+        detectionMethods: ['OAuth audit logs', 'App access reviews'],
+        mitigations: ['OAuth app restrictions', 'Consent monitoring'],
+        stealthRating: 4,
+    },
+    apps_script_trigger: {
+        name: 'Apps Script Trigger Persistence',
+        service: GoogleService.WORKSPACE_APPS_SCRIPT,
+        category: PersistenceCategory.APPS_SCRIPT_TRIGGER,
+        description: 'Create time/event triggers in Apps Script',
+        techniqueId: 'T1053',
+        requiredPermissions: ['Script Editor access'],
+        detectionMethods: ['Apps Script audit logs', 'Trigger inventory'],
+        mitigations: ['Apps Script restrictions', 'Trigger monitoring'],
+        stealthRating: 4,
+    },
+    drive_sharing: {
+        name: 'Drive Sharing Persistence',
+        service: GoogleService.WORKSPACE_DRIVE,
+        category: PersistenceCategory.DELEGATION_ABUSE,
+        description: 'Maintain access via shared drive permissions',
+        techniqueId: 'T1213',
+        requiredPermissions: ['Drive sharing permissions'],
+        detectionMethods: ['Drive audit logs', 'Sharing reports'],
+        mitigations: ['External sharing restrictions', 'DLP policies'],
+        stealthRating: 3,
+    },
+};
+/**
+ * Google Persistence Researcher
+ */
+export class GooglePersistenceResearcher {
+    authorization;
+    verbose;
+    testResults = [];
+    constructor(authorization, verbose = false) {
+        this.authorization = authorization;
+        this.verbose = verbose;
+    }
+    /**
+     * Check authorization
+     */
+    checkAuthorization() {
+        if (!this.authorization) {
+            throw new Error('No authorization record.');
+        }
+        const allowed = [
+            AuthorizationScope.OWNED_SYSTEMS,
+            AuthorizationScope.PENTEST_ENGAGEMENT,
+            AuthorizationScope.RED_TEAM,
+            AuthorizationScope.BUG_BOUNTY,
+        ];
+        if (!allowed.includes(this.authorization.scope)) {
+            throw new Error('Google research requires pentest/red team authorization.');
+        }
+    }
+    /**
+     * Get all Google persistence vectors
+     */
+    getAllVectors() {
+        return { ...GCP_PERSISTENCE_VECTORS, ...WORKSPACE_PERSISTENCE_VECTORS };
+    }
+    /**
+     * Get vectors by service
+     */
+    getVectorsByService(service) {
+        const all = this.getAllVectors();
+        return Object.values(all).filter(v => v.service === service);
+    }
+    /**
+     * Get vectors by category
+     */
+    getVectorsByCategory(category) {
+        const all = this.getAllVectors();
+        return Object.values(all).filter(v => v.category === category);
+    }
+    /**
+     * Get stealthy vectors
+     */
+    getStealthyVectors(minRating = 3) {
+        const all = this.getAllVectors();
+        return Object.values(all).filter(v => v.stealthRating >= minRating);
+    }
+    /**
+     * Analyze a persistence vector
+     */
+    analyzeVector(vectorId, targetProject) {
+        this.checkAuthorization();
+        const allVectors = this.getAllVectors();
+        if (!(vectorId in allVectors)) {
+            throw new Error(`Unknown vector: ${vectorId}`);
+        }
+        const vector = allVectors[vectorId];
+        if (!vector) {
+            throw new Error(`Unknown vector ID: ${vectorId}`);
+        }
+        const result = {
+            vector,
+            targetProject,
+            timestamp: Date.now(),
+            testable: true,
+            permissionsVerified: [],
+            missingPermissions: [],
+            detectionRisk: vector.stealthRating < 3 ? 'medium' : 'low',
+            notes: `Analysis for ${vector.name}`,
+        };
+        if (this.verbose) {
+            console.log(`[Google] Analyzing ${vector.name}`);
+            console.log(`  Service: ${vector.service}`);
+            console.log(`  Stealth: ${vector.stealthRating}/5`);
+        }
+        this.testResults.push(result);
+        return result;
+    }
+    /**
+     * Generate attack playbook
+     */
+    generateAttackPlaybook(targetProject, vectors) {
+        this.checkAuthorization();
+        const useVectors = vectors || Object.values(this.getAllVectors());
+        // Sort by stealth rating (stealthiest first)
+        const sorted = [...useVectors].sort((a, b) => b.stealthRating - a.stealthRating);
+        return {
+            target: targetProject,
+            generated: new Date().toISOString(),
+            authorization: {
+                scope: this.authorization.scope,
+                authorizedBy: this.authorization.authorizedBy,
+            },
+            vectors: sorted.map(v => ({
+                name: v.name,
+                service: v.service,
+                category: v.category,
+                stealthRating: v.stealthRating,
+                requiredPermissions: v.requiredPermissions,
+                detectionMethods: v.detectionMethods,
+            })),
+            recommendedOrder: sorted.map(v => v.name),
+            detectionCoverage: Array.from(new Set(sorted.flatMap(v => v.detectionMethods))),
+        };
+    }
+    /**
+     * Generate detection report (blue team)
+     */
+    generateDetectionReport() {
+        this.checkAuthorization();
+        const allVectors = this.getAllVectors();
+        const lines = [
+            '# Google Infrastructure Detection Guide',
+            '',
+            `Generated: ${new Date().toISOString()}`,
+            '',
+            '## Overview',
+            '',
+            `This guide covers ${Object.keys(allVectors).length} persistence vectors.`,
+            '',
+            '## Detection Methods',
+            '',
+        ];
+        // Group by detection method
+        const detectionMap = {};
+        for (const vector of Object.values(allVectors)) {
+            for (const method of vector.detectionMethods) {
+                if (!detectionMap[method]) {
+                    detectionMap[method] = [];
+                }
+                detectionMap[method].push(vector.name);
+            }
+        }
+        for (const [method, vectorNames] of Object.entries(detectionMap).sort()) {
+            lines.push(`### ${method}`);
+            lines.push('');
+            lines.push('Detects:');
+            for (const name of vectorNames) {
+                lines.push(`- ${name}`);
+            }
+            lines.push('');
+        }
+        lines.push('## Vectors by Stealth Rating');
+        lines.push('');
+        for (let rating = 5; rating >= 1; rating--) {
+            const vectorsAtRating = Object.values(allVectors).filter(v => v.stealthRating === rating);
+            if (vectorsAtRating.length > 0) {
+                lines.push(`### Stealth ${rating}/5`);
+                for (const v of vectorsAtRating) {
+                    lines.push(`- ${v.name} (${v.service})`);
+                }
+                lines.push('');
+            }
+        }
+        return lines.join('\n');
+    }
+}
+/**
+ * Create Google authorization
+ */
+export function createGoogleAuthorization(engagementType, authorizedBy, targetProject = '*', scopeNotes = '') {
+    const scopeMap = {
+        bug_bounty: AuthorizationScope.BUG_BOUNTY,
+        pentest: AuthorizationScope.PENTEST_ENGAGEMENT,
+        red_team: AuthorizationScope.RED_TEAM,
+        owned: AuthorizationScope.OWNED_SYSTEMS,
+    };
+    return {
+        scope: scopeMap[engagementType] || AuthorizationScope.PENTEST_ENGAGEMENT,
+        targetDomain: `*.googleapis.com,${targetProject}.iam.gserviceaccount.com`,
+        authorizedBy,
+        authorizationDate: new Date().toISOString(),
+        scopeLimitations: [],
+        outOfScope: [],
+        notes: scopeNotes || `Google ${engagementType} engagement`,
+    };
+}
+//# sourceMappingURL=google.js.map

package/dist/alpha-zero/security/google.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.js","sourceRoot":"","sources":["../../../src/alpha-zero/security/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAuB,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEpE;;GAEG;AACH,MAAM,CAAN,IAAY,aAkBX;AAlBD,WAAY,aAAa;IACvB,wBAAwB;IACxB,mDAAkC,CAAA;IAClC,kDAAiC,CAAA;IACjC,4DAA2C,CAAA;IAC3C,oCAAmB,CAAA;IACnB,8DAA6C,CAAA;IAC7C,wDAAuC,CAAA;IACvC,4DAA2C,CAAA;IAE3C,mBAAmB;IACnB,oDAAmC,CAAA;IACnC,oDAAmC,CAAA;IACnC,oDAAmC,CAAA;IACnC,gEAA+C,CAAA;IAE/C,kBAAkB;IAClB,8CAA6B,CAAA;AAC/B,CAAC,EAlBW,aAAa,KAAb,aAAa,QAkBxB;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,mBAQX;AARD,WAAY,mBAAmB;IAC7B,sEAA+C,CAAA;IAC/C,0EAAmD,CAAA;IACnD,8DAAuC,CAAA;IACvC,4CAAqB,CAAA;IACrB,wEAAiD,CAAA;IACjD,kEAA2C,CAAA;IAC3C,4DAAqC,CAAA;AACvC,CAAC,EARW,mBAAmB,KAAnB,mBAAmB,QAQ9B;AA+BD;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAsC;IACxE,eAAe,EAAE;QACf,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,aAAa,CAAC,oBAAoB;QAC3C,QAAQ,EAAE,mBAAmB,CAAC,qBAAqB;QACnD,WAAW,EAAE,yDAAyD;QACtE,WAAW,EAAE,WAAW;QACxB,mBAAmB,EAAE,CAAC,+BAA+B,CAAC;QACtD,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,yBAAyB,CAAC;QACjE,WAAW,EAAE,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;QAC/D,aAAa,EAAE,CAAC;KACjB;IACD,WAAW,EAAE;QACX,IAAI,EAAE,oBAAoB;QAC1B,OAAO,EAAE,aAAa,CAAC,OAAO;QAC9B,QAAQ,EAAE,mBAAmB,CAAC,uBAAuB;QACrD,WAAW,EAAE,wCAAwC;QACrD,WAAW,EAAE,WAAW;QACxB,mBAAmB,EAAE,CAAC,uCAAuC,CAAC;QAC9D,gBAAgB,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;QACzD,WAAW,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;QACnD,aAAa,EAAE,CAAC;KACjB;IACD,uBAAuB,EAAE;QACvB,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,aAAa,CAAC,mBAAmB;QAC1C,QAAQ,EAAE,mBAAmB,CAAC,sBAAsB;QACpD,WAAW,EAAE,wCAAwC;QACrD,WAAW,EAAE,OAAO;QACpB,mBAAmB,EAAE,CAAC,iCAAiC,CAAC;QACxD,gBAAgB,EAAE,CAAC,0BAA0B,EAAE,oBAAoB,CAAC;QACpE,WAAW,EAAE,CAAC,uBAAuB,EAAE,sBAAsB,CAAC;QAC9D,aAAa,EAAE,CAAC;KACjB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAsC;IAC9E,aAAa,EAAE;QACb,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,aAAa,CAAC,YAAY;QACnC,QAAQ,EAAE,mBAAmB,CAAC,iBAAiB;QAC/C,WAAW,EAAE,gDAAgD;QAC7D,WAAW,EAAE,WAAW;QACxB,mBAAmB,EAAE,CAAC,qBAAqB,CAAC;QAC5C,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;QAC5D,WAAW,EAAE,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;QAC7D,aAAa,EAAE,CAAC;KACjB;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,aAAa,CAAC,qBAAqB;QAC5C,QAAQ,EAAE,mBAAmB,CAAC,mBAAmB;QACjD,WAAW,EAAE,2CAA2C;QACxD,WAAW,EAAE,OAAO;QACpB,mBAAmB,EAAE,CAAC,sBAAsB,CAAC;QAC7C,gBAAgB,EAAE,CAAC,wBAAwB,EAAE,mBAAmB,CAAC;QACjE,WAAW,EAAE,CAAC,0BAA0B,EAAE,oBAAoB,CAAC;QAC/D,aAAa,EAAE,CAAC;KACjB;IACD,aAAa,EAAE;QACb,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,aAAa,CAAC,eAAe;QACtC,QAAQ,EAAE,mBAAmB,CAAC,gBAAgB;QAC9C,WAAW,EAAE,8CAA8C;QAC3D,WAAW,EAAE,OAAO;QACpB,mBAAmB,EAAE,CAAC,2BAA2B,CAAC;QAClD,gBAAgB,EAAE,CAAC,kBAAkB,EAAE,iBAAiB,CAAC;QACzD,WAAW,EAAE,CAAC,+BAA+B,EAAE,cAAc,CAAC;QAC9D,aAAa,EAAE,CAAC;KACjB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,OAAO,2BAA2B;IAC9B,aAAa,CAAsB;IACnC,OAAO,CAAU;IAClB,WAAW,GAA4B,EAAE,CAAC;IAEjD,YAAY,aAAkC,EAAE,OAAO,GAAG,KAAK;QAC7D,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,kBAAkB;QACxB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,OAAO,GAAG;YACd,kBAAkB,CAAC,aAAa;YAChC,kBAAkB,CAAC,kBAAkB;YACrC,kBAAkB,CAAC,QAAQ;YAC3B,kBAAkB,CAAC,UAAU;SAC9B,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,EAAE,GAAG,uBAAuB,EAAE,GAAG,6BAA6B,EAAE,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,OAAsB;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,QAA6B;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,SAAS,GAAG,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,SAAS,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB,EAAE,aAAqB;QACnD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,QAAQ,IAAI,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,MAAM,GAA0B;YACpC,MAAM;YACN,aAAa;YACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,QAAQ,EAAE,IAAI;YACd,mBAAmB,EAAE,EAAE;YACvB,kBAAkB,EAAE,EAAE;YACtB,aAAa,EAAE,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;YAC1D,KAAK,EAAE,gBAAgB,MAAM,CAAC,IAAI,EAAE;SACrC,CAAC;QAEF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,sBAAsB,CACpB,aAAqB,EACrB,OAA6B;QAE7B,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,MAAM,UAAU,GAAG,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;QAElE,6CAA6C;QAC7C,MAAM,MAAM,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC;QAEjF,OAAO;YACL,MAAM,EAAE,aAAa;YACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,aAAa,EAAE;gBACb,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;gBAC/B,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;aAC9C;YACD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,mBAAmB,EAAE,CAAC,CAAC,mBAAmB;gBAC1C,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;aACrC,CAAC,CAAC;YACH,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACzC,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC;SAChF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,uBAAuB;QACrB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG;YACZ,yCAAyC;YACzC,EAAE;YACF,cAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;YACxC,EAAE;YACF,aAAa;YACb,EAAE;YACF,qBAAqB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,uBAAuB;YAC1E,EAAE;YACF,sBAAsB;YACtB,EAAE;SACH,CAAC;QAEF,4BAA4B;QAC5B,MAAM,YAAY,GAA6B,EAAE,CAAC;QAClD,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;gBAC7C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1B,YAAY,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAC5B,CAAC;gBACD,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAED,KAAK,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACxE,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;YAC1B,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,MAAM,CAAC,CAAC;YAC1F,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,IAAI,CAAC,CAAC;gBACtC,KAAK,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;oBAChC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC;gBAC3C,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,cAA+D,EAC/D,YAAoB,EACpB,aAAa,GAAG,GAAG,EACnB,UAAU,GAAG,EAAE;IAEf,MAAM,QAAQ,GAAuC;QACnD,UAAU,EAAE,kBAAkB,CAAC,UAAU;QACzC,OAAO,EAAE,kBAAkB,CAAC,kBAAkB;QAC9C,QAAQ,EAAE,kBAAkB,CAAC,QAAQ;QACrC,KAAK,EAAE,kBAAkB,CAAC,aAAa;KACxC,CAAC;IAEF,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,cAAc,CAAC,IAAI,kBAAkB,CAAC,kBAAkB;QACxE,YAAY,EAAE,oBAAoB,aAAa,0BAA0B;QACzE,YAAY;QACZ,iBAAiB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC3C,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,UAAU,IAAI,UAAU,cAAc,aAAa;KAC3D,CAAC;AACJ,CAAC"}

package/dist/alpha-zero/security/googleLoader.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Google Security Module Loader
+ *
+ * Provides lazy loading for the optional Google security research module.
+ *
+ * Principal Investigator: Bo Shang
+ * Framework: erosolar-cli
+ */
+/**
+ * Check if Google security research module is available
+ */
+export declare function isGoogleEnabled(): boolean;
+/**
+ * Get the Google security research module (lazy load)
+ */
+export declare function getGoogleModule(): Promise<typeof import("./google.js")>;
+//# sourceMappingURL=googleLoader.d.ts.map

package/dist/alpha-zero/security/googleLoader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"googleLoader.d.ts","sourceRoot":"","sources":["../../../src/alpha-zero/security/googleLoader.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;GAEG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAWzC;AAED;;GAEG;AACH,wBAAsB,eAAe,0CAYpC"}

package/dist/alpha-zero/security/googleLoader.js

@@ -0,0 +1,41 @@
+/**
+ * Google Security Module Loader
+ *
+ * Provides lazy loading for the optional Google security research module.
+ *
+ * Principal Investigator: Bo Shang
+ * Framework: erosolar-cli
+ */
+let googleModule = null;
+/**
+ * Check if Google security research module is available
+ */
+export function isGoogleEnabled() {
+    if (googleModule !== null) {
+        return true;
+    }
+    try {
+        // Dynamic import check would go here
+        // For now, return true since we're creating the module
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get the Google security research module (lazy load)
+ */
+export async function getGoogleModule() {
+    if (googleModule === null) {
+        try {
+            googleModule = await import('./google.js');
+        }
+        catch (error) {
+            throw new Error('Google security research module not available. ' +
+                'Ensure google.ts is built and available.');
+        }
+    }
+    return googleModule;
+}
+//# sourceMappingURL=googleLoader.js.map

package/dist/alpha-zero/security/googleLoader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"googleLoader.js","sourceRoot":"","sources":["../../../src/alpha-zero/security/googleLoader.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,IAAI,YAAY,GAAwC,IAAI,CAAC;AAE7D;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,qCAAqC;QACrC,uDAAuD;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,iDAAiD;gBACjD,0CAA0C,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/alpha-zero/security/index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Security Research Module for Alpha Zero 2
+ *
+ * OPTIONAL MODULE - Only loaded when security research is enabled.
+ *
+ * A modular security research framework with optional provider-specific extensions.
+ * All capabilities require explicit authorization.
+ *
+ * LEGAL NOTICE:
+ * These tools are intended for:
+ * - Authorized penetration testing engagements
+ * - Bug bounty programs with explicit scope
+ * - CTF competitions and security training
+ * - Red team exercises with written authorization
+ * - Security research on systems you own or have permission to test
+ *
+ * Structure:
+ * - core: Base authorization and reconnaissance (always available)
+ * - simulation: Attack simulation framework (always available)
+ * - google: Google Cloud/Workspace persistence research (optional)
+ *
+ * Principal Investigator: Bo Shang
+ * Framework: erosolar-cli
+ */
+export { AuthorizationScope, type AuthorizationRecord, type ReconResult, type VulnerabilityFinding, SecurityResearchEngine, createBugBountyAuthorization, createPentestAuthorization, createCtfAuthorization, } from './core.js';
+export { AttackCategory, AttackPhase, type AttackVector, type AttackSimulationResult, AttackSimulator, PayloadGenerator, ATTACK_VECTORS, } from './simulation.js';
+export { isGoogleEnabled, getGoogleModule } from './googleLoader.js';
+export declare const SECURITY_VERSION = "1.0.0";
+//# sourceMappingURL=index.d.ts.map

package/dist/alpha-zero/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/alpha-zero/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAGH,OAAO,EACL,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,sBAAsB,EACtB,4BAA4B,EAC5B,0BAA0B,EAC1B,sBAAsB,GACvB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,cAAc,EACd,WAAW,EACX,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,eAAe,EACf,gBAAgB,EAChB,cAAc,GACf,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAErE,eAAO,MAAM,gBAAgB,UAAU,CAAC"}

package/dist/alpha-zero/security/index.js

@@ -0,0 +1,32 @@
+/**
+ * Security Research Module for Alpha Zero 2
+ *
+ * OPTIONAL MODULE - Only loaded when security research is enabled.
+ *
+ * A modular security research framework with optional provider-specific extensions.
+ * All capabilities require explicit authorization.
+ *
+ * LEGAL NOTICE:
+ * These tools are intended for:
+ * - Authorized penetration testing engagements
+ * - Bug bounty programs with explicit scope
+ * - CTF competitions and security training
+ * - Red team exercises with written authorization
+ * - Security research on systems you own or have permission to test
+ *
+ * Structure:
+ * - core: Base authorization and reconnaissance (always available)
+ * - simulation: Attack simulation framework (always available)
+ * - google: Google Cloud/Workspace persistence research (optional)
+ *
+ * Principal Investigator: Bo Shang
+ * Framework: erosolar-cli
+ */
+// Re-export core security components
+export { AuthorizationScope, SecurityResearchEngine, createBugBountyAuthorization, createPentestAuthorization, createCtfAuthorization, } from './core.js';
+// Re-export simulation components
+export { AttackCategory, AttackPhase, AttackSimulator, PayloadGenerator, ATTACK_VECTORS, } from './simulation.js';
+// Google module is optional - export checker function
+export { isGoogleEnabled, getGoogleModule } from './googleLoader.js';
+export const SECURITY_VERSION = '1.0.0';
+//# sourceMappingURL=index.js.map

package/dist/alpha-zero/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/alpha-zero/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,qCAAqC;AACrC,OAAO,EACL,kBAAkB,EAIlB,sBAAsB,EACtB,4BAA4B,EAC5B,0BAA0B,EAC1B,sBAAsB,GACvB,MAAM,WAAW,CAAC;AAEnB,kCAAkC;AAClC,OAAO,EACL,cAAc,EACd,WAAW,EAGX,eAAe,EACf,gBAAgB,EAChB,cAAc,GACf,MAAM,iBAAiB,CAAC;AAEzB,sDAAsD;AACtD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAErE,MAAM,CAAC,MAAM,gBAAgB,GAAG,OAAO,CAAC"}

package/dist/alpha-zero/security/simulation.d.ts

@@ -0,0 +1,124 @@
+/**
+ * Attack Simulation Framework
+ *
+ * Provides controlled attack simulations for red team exercises.
+ * All simulations require explicit authorization.
+ *
+ * Principal Investigator: Bo Shang
+ * Framework: erosolar-cli
+ */
+import { AuthorizationRecord } from './core.js';
+/**
+ * Categories of attack simulations
+ */
+export declare enum AttackCategory {
+    RECONNAISSANCE = "reconnaissance",
+    WEB_APPLICATION = "web_application",
+    AUTHENTICATION = "authentication",
+    INJECTION = "injection",
+    MISCONFIGURATION = "misconfiguration",
+    PRIVILEGE_ESCALATION = "privilege_escalation",
+    DATA_EXFILTRATION = "data_exfiltration"
+}
+/**
+ * MITRE ATT&CK inspired attack phases
+ */
+export declare enum AttackPhase {
+    INITIAL_ACCESS = "initial_access",
+    EXECUTION = "execution",
+    PERSISTENCE = "persistence",
+    PRIVILEGE_ESCALATION = "privilege_escalation",
+    DEFENSE_EVASION = "defense_evasion",
+    CREDENTIAL_ACCESS = "credential_access",
+    DISCOVERY = "discovery",
+    LATERAL_MOVEMENT = "lateral_movement",
+    COLLECTION = "collection",
+    EXFILTRATION = "exfiltration",
+    IMPACT = "impact"
+}
+/**
+ * Attack vector definition
+ */
+export interface AttackVector {
+    name: string;
+    category: AttackCategory;
+    phase: AttackPhase;
+    description: string;
+    techniqueId: string;
+    prerequisites: string[];
+    detectionMethods: string[];
+    mitigations: string[];
+}
+/**
+ * Attack simulation result
+ */
+export interface AttackSimulationResult {
+    vector: AttackVector;
+    target: string;
+    timestamp: number;
+    success: boolean;
+    evidence: string[];
+    artifacts: Record<string, unknown>;
+    detectionTriggered: boolean;
+    durationMs: number;
+    notes: string;
+}
+/**
+ * Common attack vectors based on OWASP Top 10 and MITRE ATT&CK
+ */
+export declare const ATTACK_VECTORS: Record<string, AttackVector>;
+/**
+ * Payload generator for security testing
+ */
+export declare class PayloadGenerator {
+    /**
+     * Generate SQL injection test payloads
+     */
+    static sqlInjectionPayloads(): string[];
+    /**
+     * Generate XSS test payloads
+     */
+    static xssPayloads(): string[];
+    /**
+     * Generate path traversal test payloads
+     */
+    static pathTraversalPayloads(): string[];
+    /**
+     * Encode payload
+     */
+    static encodePayload(payload: string, encoding: 'base64' | 'url' | 'hex' | 'none'): string;
+}
+/**
+ * Attack simulator
+ */
+export declare class AttackSimulator {
+    private authorization;
+    private verbose;
+    results: AttackSimulationResult[];
+    constructor(authorization: AuthorizationRecord, verbose?: boolean);
+    /**
+     * Check authorization
+     */
+    private checkAuthorization;
+    /**
+     * Simulate an attack vector
+     */
+    simulateAttack(target: string, vectorId: string, dryRun?: boolean): Promise<AttackSimulationResult>;
+    /**
+     * Get payloads for a vector
+     */
+    private getPayloadsForVector;
+    /**
+     * Get vectors by category
+     */
+    getVectorsByCategory(category: AttackCategory): AttackVector[];
+    /**
+     * Get vectors by phase
+     */
+    getVectorsByPhase(phase: AttackPhase): AttackVector[];
+    /**
+     * Generate report
+     */
+    generateReport(): string;
+}
+//# sourceMappingURL=simulation.d.ts.map

package/dist/alpha-zero/security/simulation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"simulation.d.ts","sourceRoot":"","sources":["../../../src/alpha-zero/security/simulation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAsB,MAAM,WAAW,CAAC;AAEpE;;GAEG;AACH,oBAAY,cAAc;IACxB,cAAc,mBAAmB;IACjC,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,SAAS,cAAc;IACvB,gBAAgB,qBAAqB;IACrC,oBAAoB,yBAAyB;IAC7C,iBAAiB,sBAAsB;CACxC;AAED;;GAEG;AACH,oBAAY,WAAW;IACrB,cAAc,mBAAmB;IACjC,SAAS,cAAc;IACvB,WAAW,gBAAgB;IAC3B,oBAAoB,yBAAyB;IAC7C,eAAe,oBAAoB;IACnC,iBAAiB,sBAAsB;IACvC,SAAS,cAAc;IACvB,gBAAgB,qBAAqB;IACrC,UAAU,eAAe;IACzB,YAAY,iBAAiB;IAC7B,MAAM,WAAW;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,WAAW,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,YAAY,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAmDvD,CAAC;AAEF;;GAEG;AACH,qBAAa,gBAAgB;IAC3B;;OAEG;IACH,MAAM,CAAC,oBAAoB,IAAI,MAAM,EAAE;IAUvC;;OAEG;IACH,MAAM,CAAC,WAAW,IAAI,MAAM,EAAE;IAS9B;;OAEG;IACH,MAAM,CAAC,qBAAqB,IAAI,MAAM,EAAE;IASxC;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM;CAY3F;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,aAAa,CAAsB;IAC3C,OAAO,CAAC,OAAO,CAAU;IAClB,OAAO,EAAE,sBAAsB,EAAE,CAAM;gBAElC,aAAa,EAAE,mBAAmB,EAAE,OAAO,UAAQ;IAK/D;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAyB1B;;OAEG;IACG,cAAc,CAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,MAAM,UAAO,GACZ,OAAO,CAAC,sBAAsB,CAAC;IA6ClC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,cAAc,GAAG,YAAY,EAAE;IAI9D;;OAEG;IACH,iBAAiB,CAAC,KAAK,EAAE,WAAW,GAAG,YAAY,EAAE;IAIrD;;OAEG;IACH,cAAc,IAAI,MAAM;CAwBzB"}