erosolar-cli 1.7.334 → 1.7.336

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (323) hide show
  1. package/README.md +24 -148
  2. package/dist/bin/erosolar.js +5 -21
  3. package/dist/bin/erosolar.js.map +1 -1
  4. package/dist/capabilities/agentSpawningCapability.d.ts.map +1 -1
  5. package/dist/capabilities/agentSpawningCapability.js +56 -31
  6. package/dist/capabilities/agentSpawningCapability.js.map +1 -1
  7. package/dist/contracts/agent-schemas.json +0 -15
  8. package/dist/contracts/tools.schema.json +0 -9
  9. package/dist/core/agent.d.ts +2 -2
  10. package/dist/core/agent.d.ts.map +1 -1
  11. package/dist/core/agent.js.map +1 -1
  12. package/dist/core/customCommands.d.ts +1 -0
  13. package/dist/core/customCommands.d.ts.map +1 -1
  14. package/dist/core/customCommands.js +3 -0
  15. package/dist/core/customCommands.js.map +1 -1
  16. package/dist/core/hooks.d.ts +113 -0
  17. package/dist/core/hooks.d.ts.map +1 -0
  18. package/dist/core/hooks.js +267 -0
  19. package/dist/core/hooks.js.map +1 -0
  20. package/dist/core/metricsTracker.d.ts +122 -0
  21. package/dist/core/metricsTracker.d.ts.map +1 -0
  22. package/dist/{alpha-zero → core}/metricsTracker.js +2 -5
  23. package/dist/core/metricsTracker.js.map +1 -0
  24. package/dist/core/securityAssessment.d.ts +91 -0
  25. package/dist/core/securityAssessment.d.ts.map +1 -0
  26. package/dist/core/securityAssessment.js +580 -0
  27. package/dist/core/securityAssessment.js.map +1 -0
  28. package/dist/core/toolPreconditions.d.ts.map +1 -1
  29. package/dist/core/toolPreconditions.js +0 -14
  30. package/dist/core/toolPreconditions.js.map +1 -1
  31. package/dist/core/toolRuntime.d.ts +22 -1
  32. package/dist/core/toolRuntime.d.ts.map +1 -1
  33. package/dist/core/toolRuntime.js +0 -5
  34. package/dist/core/toolRuntime.js.map +1 -1
  35. package/dist/core/toolValidation.d.ts.map +1 -1
  36. package/dist/core/toolValidation.js +14 -3
  37. package/dist/core/toolValidation.js.map +1 -1
  38. package/dist/core/validationRunner.d.ts +1 -3
  39. package/dist/core/validationRunner.d.ts.map +1 -1
  40. package/dist/core/validationRunner.js.map +1 -1
  41. package/dist/core/verification.d.ts +137 -0
  42. package/dist/core/verification.d.ts.map +1 -0
  43. package/dist/core/verification.js +323 -0
  44. package/dist/core/verification.js.map +1 -0
  45. package/dist/headless/headlessApp.d.ts.map +1 -1
  46. package/dist/headless/headlessApp.js +21 -0
  47. package/dist/headless/headlessApp.js.map +1 -1
  48. package/dist/mcp/sseClient.d.ts.map +1 -1
  49. package/dist/mcp/sseClient.js +9 -18
  50. package/dist/mcp/sseClient.js.map +1 -1
  51. package/dist/plugins/tools/build/buildPlugin.d.ts +0 -6
  52. package/dist/plugins/tools/build/buildPlugin.d.ts.map +1 -1
  53. package/dist/plugins/tools/build/buildPlugin.js +4 -10
  54. package/dist/plugins/tools/build/buildPlugin.js.map +1 -1
  55. package/dist/plugins/tools/nodeDefaults.d.ts.map +1 -1
  56. package/dist/plugins/tools/nodeDefaults.js +0 -2
  57. package/dist/plugins/tools/nodeDefaults.js.map +1 -1
  58. package/dist/runtime/agentSession.d.ts +2 -2
  59. package/dist/runtime/agentSession.d.ts.map +1 -1
  60. package/dist/runtime/agentSession.js +2 -2
  61. package/dist/runtime/agentSession.js.map +1 -1
  62. package/dist/shell/interactiveShell.d.ts +16 -7
  63. package/dist/shell/interactiveShell.d.ts.map +1 -1
  64. package/dist/shell/interactiveShell.js +235 -166
  65. package/dist/shell/interactiveShell.js.map +1 -1
  66. package/dist/shell/shellApp.d.ts +2 -0
  67. package/dist/shell/shellApp.d.ts.map +1 -1
  68. package/dist/shell/shellApp.js +40 -9
  69. package/dist/shell/shellApp.js.map +1 -1
  70. package/dist/shell/systemPrompt.d.ts.map +1 -1
  71. package/dist/shell/systemPrompt.js +1 -4
  72. package/dist/shell/systemPrompt.js.map +1 -1
  73. package/dist/shell/terminalInput.d.ts +149 -118
  74. package/dist/shell/terminalInput.d.ts.map +1 -1
  75. package/dist/shell/terminalInput.js +638 -532
  76. package/dist/shell/terminalInput.js.map +1 -1
  77. package/dist/shell/terminalInputAdapter.d.ts +79 -21
  78. package/dist/shell/terminalInputAdapter.d.ts.map +1 -1
  79. package/dist/shell/terminalInputAdapter.js +99 -30
  80. package/dist/shell/terminalInputAdapter.js.map +1 -1
  81. package/dist/subagents/agentConfig.d.ts +27 -0
  82. package/dist/subagents/agentConfig.d.ts.map +1 -0
  83. package/dist/subagents/agentConfig.js +89 -0
  84. package/dist/subagents/agentConfig.js.map +1 -0
  85. package/dist/subagents/agentRegistry.d.ts +33 -0
  86. package/dist/subagents/agentRegistry.d.ts.map +1 -0
  87. package/dist/subagents/agentRegistry.js +162 -0
  88. package/dist/subagents/agentRegistry.js.map +1 -0
  89. package/dist/subagents/taskRunner.d.ts +7 -1
  90. package/dist/subagents/taskRunner.d.ts.map +1 -1
  91. package/dist/subagents/taskRunner.js +180 -47
  92. package/dist/subagents/taskRunner.js.map +1 -1
  93. package/dist/ui/ShellUIAdapter.d.ts.map +1 -1
  94. package/dist/ui/ShellUIAdapter.js +13 -12
  95. package/dist/ui/ShellUIAdapter.js.map +1 -1
  96. package/dist/ui/display.d.ts +24 -45
  97. package/dist/ui/display.d.ts.map +1 -1
  98. package/dist/ui/display.js +140 -259
  99. package/dist/ui/display.js.map +1 -1
  100. package/dist/ui/theme.d.ts.map +1 -1
  101. package/dist/ui/theme.js +6 -8
  102. package/dist/ui/theme.js.map +1 -1
  103. package/dist/ui/toolDisplay.d.ts +0 -158
  104. package/dist/ui/toolDisplay.d.ts.map +1 -1
  105. package/dist/ui/toolDisplay.js +0 -348
  106. package/dist/ui/toolDisplay.js.map +1 -1
  107. package/dist/ui/unified/layout.d.ts +1 -0
  108. package/dist/ui/unified/layout.d.ts.map +1 -1
  109. package/dist/ui/unified/layout.js +15 -25
  110. package/dist/ui/unified/layout.js.map +1 -1
  111. package/dist/utils/frontmatter.d.ts +10 -0
  112. package/dist/utils/frontmatter.d.ts.map +1 -0
  113. package/dist/utils/frontmatter.js +78 -0
  114. package/dist/utils/frontmatter.js.map +1 -0
  115. package/package.json +4 -4
  116. package/dist/alpha-zero/agentWrapper.d.ts +0 -84
  117. package/dist/alpha-zero/agentWrapper.d.ts.map +0 -1
  118. package/dist/alpha-zero/agentWrapper.js +0 -171
  119. package/dist/alpha-zero/agentWrapper.js.map +0 -1
  120. package/dist/alpha-zero/codeEvaluator.d.ts +0 -25
  121. package/dist/alpha-zero/codeEvaluator.d.ts.map +0 -1
  122. package/dist/alpha-zero/codeEvaluator.js +0 -273
  123. package/dist/alpha-zero/codeEvaluator.js.map +0 -1
  124. package/dist/alpha-zero/competitiveRunner.d.ts +0 -66
  125. package/dist/alpha-zero/competitiveRunner.d.ts.map +0 -1
  126. package/dist/alpha-zero/competitiveRunner.js +0 -224
  127. package/dist/alpha-zero/competitiveRunner.js.map +0 -1
  128. package/dist/alpha-zero/index.d.ts +0 -67
  129. package/dist/alpha-zero/index.d.ts.map +0 -1
  130. package/dist/alpha-zero/index.js +0 -99
  131. package/dist/alpha-zero/index.js.map +0 -1
  132. package/dist/alpha-zero/introspection.d.ts +0 -128
  133. package/dist/alpha-zero/introspection.d.ts.map +0 -1
  134. package/dist/alpha-zero/introspection.js +0 -300
  135. package/dist/alpha-zero/introspection.js.map +0 -1
  136. package/dist/alpha-zero/metricsTracker.d.ts +0 -71
  137. package/dist/alpha-zero/metricsTracker.d.ts.map +0 -1
  138. package/dist/alpha-zero/metricsTracker.js.map +0 -1
  139. package/dist/alpha-zero/security/core.d.ts +0 -125
  140. package/dist/alpha-zero/security/core.d.ts.map +0 -1
  141. package/dist/alpha-zero/security/core.js +0 -271
  142. package/dist/alpha-zero/security/core.js.map +0 -1
  143. package/dist/alpha-zero/security/google.d.ts +0 -125
  144. package/dist/alpha-zero/security/google.d.ts.map +0 -1
  145. package/dist/alpha-zero/security/google.js +0 -311
  146. package/dist/alpha-zero/security/google.js.map +0 -1
  147. package/dist/alpha-zero/security/googleLoader.d.ts +0 -17
  148. package/dist/alpha-zero/security/googleLoader.d.ts.map +0 -1
  149. package/dist/alpha-zero/security/googleLoader.js +0 -41
  150. package/dist/alpha-zero/security/googleLoader.js.map +0 -1
  151. package/dist/alpha-zero/security/index.d.ts +0 -29
  152. package/dist/alpha-zero/security/index.d.ts.map +0 -1
  153. package/dist/alpha-zero/security/index.js +0 -32
  154. package/dist/alpha-zero/security/index.js.map +0 -1
  155. package/dist/alpha-zero/security/simulation.d.ts +0 -124
  156. package/dist/alpha-zero/security/simulation.d.ts.map +0 -1
  157. package/dist/alpha-zero/security/simulation.js +0 -277
  158. package/dist/alpha-zero/security/simulation.js.map +0 -1
  159. package/dist/alpha-zero/selfModification.d.ts +0 -109
  160. package/dist/alpha-zero/selfModification.d.ts.map +0 -1
  161. package/dist/alpha-zero/selfModification.js +0 -233
  162. package/dist/alpha-zero/selfModification.js.map +0 -1
  163. package/dist/alpha-zero/types.d.ts +0 -170
  164. package/dist/alpha-zero/types.d.ts.map +0 -1
  165. package/dist/alpha-zero/types.js +0 -31
  166. package/dist/alpha-zero/types.js.map +0 -1
  167. package/dist/capabilities/securityTestingCapability.d.ts +0 -13
  168. package/dist/capabilities/securityTestingCapability.d.ts.map +0 -1
  169. package/dist/capabilities/securityTestingCapability.js +0 -25
  170. package/dist/capabilities/securityTestingCapability.js.map +0 -1
  171. package/dist/core/aiFlowOptimizer.d.ts +0 -26
  172. package/dist/core/aiFlowOptimizer.d.ts.map +0 -1
  173. package/dist/core/aiFlowOptimizer.js +0 -31
  174. package/dist/core/aiFlowOptimizer.js.map +0 -1
  175. package/dist/core/aiOptimizationEngine.d.ts +0 -158
  176. package/dist/core/aiOptimizationEngine.d.ts.map +0 -1
  177. package/dist/core/aiOptimizationEngine.js +0 -428
  178. package/dist/core/aiOptimizationEngine.js.map +0 -1
  179. package/dist/core/aiOptimizationIntegration.d.ts +0 -93
  180. package/dist/core/aiOptimizationIntegration.d.ts.map +0 -1
  181. package/dist/core/aiOptimizationIntegration.js +0 -250
  182. package/dist/core/aiOptimizationIntegration.js.map +0 -1
  183. package/dist/core/enhancedErrorRecovery.d.ts +0 -100
  184. package/dist/core/enhancedErrorRecovery.d.ts.map +0 -1
  185. package/dist/core/enhancedErrorRecovery.js +0 -345
  186. package/dist/core/enhancedErrorRecovery.js.map +0 -1
  187. package/dist/core/hooksSystem.d.ts +0 -65
  188. package/dist/core/hooksSystem.d.ts.map +0 -1
  189. package/dist/core/hooksSystem.js +0 -273
  190. package/dist/core/hooksSystem.js.map +0 -1
  191. package/dist/core/memorySystem.d.ts +0 -48
  192. package/dist/core/memorySystem.d.ts.map +0 -1
  193. package/dist/core/memorySystem.js +0 -271
  194. package/dist/core/memorySystem.js.map +0 -1
  195. package/dist/core/unified/errors.d.ts +0 -189
  196. package/dist/core/unified/errors.d.ts.map +0 -1
  197. package/dist/core/unified/errors.js +0 -497
  198. package/dist/core/unified/errors.js.map +0 -1
  199. package/dist/core/unified/index.d.ts +0 -19
  200. package/dist/core/unified/index.d.ts.map +0 -1
  201. package/dist/core/unified/index.js +0 -68
  202. package/dist/core/unified/index.js.map +0 -1
  203. package/dist/core/unified/schema.d.ts +0 -101
  204. package/dist/core/unified/schema.d.ts.map +0 -1
  205. package/dist/core/unified/schema.js +0 -350
  206. package/dist/core/unified/schema.js.map +0 -1
  207. package/dist/core/unified/toolRuntime.d.ts +0 -179
  208. package/dist/core/unified/toolRuntime.d.ts.map +0 -1
  209. package/dist/core/unified/toolRuntime.js +0 -517
  210. package/dist/core/unified/toolRuntime.js.map +0 -1
  211. package/dist/core/unified/tools.d.ts +0 -127
  212. package/dist/core/unified/tools.d.ts.map +0 -1
  213. package/dist/core/unified/tools.js +0 -1333
  214. package/dist/core/unified/tools.js.map +0 -1
  215. package/dist/core/unified/types.d.ts +0 -352
  216. package/dist/core/unified/types.d.ts.map +0 -1
  217. package/dist/core/unified/types.js +0 -12
  218. package/dist/core/unified/types.js.map +0 -1
  219. package/dist/core/unified/version.d.ts +0 -209
  220. package/dist/core/unified/version.d.ts.map +0 -1
  221. package/dist/core/unified/version.js +0 -454
  222. package/dist/core/unified/version.js.map +0 -1
  223. package/dist/plugins/tools/security/securityPlugin.d.ts +0 -3
  224. package/dist/plugins/tools/security/securityPlugin.d.ts.map +0 -1
  225. package/dist/plugins/tools/security/securityPlugin.js +0 -12
  226. package/dist/plugins/tools/security/securityPlugin.js.map +0 -1
  227. package/dist/security/active-stack-security.d.ts +0 -112
  228. package/dist/security/active-stack-security.d.ts.map +0 -1
  229. package/dist/security/active-stack-security.js +0 -296
  230. package/dist/security/active-stack-security.js.map +0 -1
  231. package/dist/security/advanced-persistence-research.d.ts +0 -92
  232. package/dist/security/advanced-persistence-research.d.ts.map +0 -1
  233. package/dist/security/advanced-persistence-research.js +0 -195
  234. package/dist/security/advanced-persistence-research.js.map +0 -1
  235. package/dist/security/advanced-targeting.d.ts +0 -119
  236. package/dist/security/advanced-targeting.d.ts.map +0 -1
  237. package/dist/security/advanced-targeting.js +0 -233
  238. package/dist/security/advanced-targeting.js.map +0 -1
  239. package/dist/security/assessment/vulnerabilityAssessment.d.ts +0 -104
  240. package/dist/security/assessment/vulnerabilityAssessment.d.ts.map +0 -1
  241. package/dist/security/assessment/vulnerabilityAssessment.js +0 -315
  242. package/dist/security/assessment/vulnerabilityAssessment.js.map +0 -1
  243. package/dist/security/authorization/securityAuthorization.d.ts +0 -88
  244. package/dist/security/authorization/securityAuthorization.d.ts.map +0 -1
  245. package/dist/security/authorization/securityAuthorization.js +0 -172
  246. package/dist/security/authorization/securityAuthorization.js.map +0 -1
  247. package/dist/security/comprehensive-targeting.d.ts +0 -85
  248. package/dist/security/comprehensive-targeting.d.ts.map +0 -1
  249. package/dist/security/comprehensive-targeting.js +0 -438
  250. package/dist/security/comprehensive-targeting.js.map +0 -1
  251. package/dist/security/global-security-integration.d.ts +0 -91
  252. package/dist/security/global-security-integration.d.ts.map +0 -1
  253. package/dist/security/global-security-integration.js +0 -218
  254. package/dist/security/global-security-integration.js.map +0 -1
  255. package/dist/security/index.d.ts +0 -38
  256. package/dist/security/index.d.ts.map +0 -1
  257. package/dist/security/index.js +0 -47
  258. package/dist/security/index.js.map +0 -1
  259. package/dist/security/persistence-analyzer.d.ts +0 -56
  260. package/dist/security/persistence-analyzer.d.ts.map +0 -1
  261. package/dist/security/persistence-analyzer.js +0 -187
  262. package/dist/security/persistence-analyzer.js.map +0 -1
  263. package/dist/security/persistence-cli.d.ts +0 -36
  264. package/dist/security/persistence-cli.d.ts.map +0 -1
  265. package/dist/security/persistence-cli.js +0 -160
  266. package/dist/security/persistence-cli.js.map +0 -1
  267. package/dist/security/persistence-research.d.ts +0 -92
  268. package/dist/security/persistence-research.d.ts.map +0 -1
  269. package/dist/security/persistence-research.js +0 -364
  270. package/dist/security/persistence-research.js.map +0 -1
  271. package/dist/security/research/persistenceResearch.d.ts +0 -97
  272. package/dist/security/research/persistenceResearch.d.ts.map +0 -1
  273. package/dist/security/research/persistenceResearch.js +0 -282
  274. package/dist/security/research/persistenceResearch.js.map +0 -1
  275. package/dist/security/security-integration.d.ts +0 -74
  276. package/dist/security/security-integration.d.ts.map +0 -1
  277. package/dist/security/security-integration.js +0 -137
  278. package/dist/security/security-integration.js.map +0 -1
  279. package/dist/security/security-testing-framework.d.ts +0 -112
  280. package/dist/security/security-testing-framework.d.ts.map +0 -1
  281. package/dist/security/security-testing-framework.js +0 -364
  282. package/dist/security/security-testing-framework.js.map +0 -1
  283. package/dist/security/simulation/attackSimulation.d.ts +0 -93
  284. package/dist/security/simulation/attackSimulation.d.ts.map +0 -1
  285. package/dist/security/simulation/attackSimulation.js +0 -341
  286. package/dist/security/simulation/attackSimulation.js.map +0 -1
  287. package/dist/security/strategic-operations.d.ts +0 -100
  288. package/dist/security/strategic-operations.d.ts.map +0 -1
  289. package/dist/security/strategic-operations.js +0 -276
  290. package/dist/security/strategic-operations.js.map +0 -1
  291. package/dist/security/tool-security-wrapper.d.ts +0 -58
  292. package/dist/security/tool-security-wrapper.d.ts.map +0 -1
  293. package/dist/security/tool-security-wrapper.js +0 -156
  294. package/dist/security/tool-security-wrapper.js.map +0 -1
  295. package/dist/shell/claudeCodeStreamHandler.d.ts +0 -145
  296. package/dist/shell/claudeCodeStreamHandler.d.ts.map +0 -1
  297. package/dist/shell/claudeCodeStreamHandler.js +0 -322
  298. package/dist/shell/claudeCodeStreamHandler.js.map +0 -1
  299. package/dist/shell/inputQueueManager.d.ts +0 -144
  300. package/dist/shell/inputQueueManager.d.ts.map +0 -1
  301. package/dist/shell/inputQueueManager.js +0 -290
  302. package/dist/shell/inputQueueManager.js.map +0 -1
  303. package/dist/shell/metricsTracker.d.ts +0 -60
  304. package/dist/shell/metricsTracker.d.ts.map +0 -1
  305. package/dist/shell/metricsTracker.js +0 -119
  306. package/dist/shell/metricsTracker.js.map +0 -1
  307. package/dist/shell/streamingOutputManager.d.ts +0 -115
  308. package/dist/shell/streamingOutputManager.d.ts.map +0 -1
  309. package/dist/shell/streamingOutputManager.js +0 -225
  310. package/dist/shell/streamingOutputManager.js.map +0 -1
  311. package/dist/tools/securityTools.d.ts +0 -22
  312. package/dist/tools/securityTools.d.ts.map +0 -1
  313. package/dist/tools/securityTools.js +0 -448
  314. package/dist/tools/securityTools.js.map +0 -1
  315. package/dist/ui/persistentPrompt.d.ts +0 -50
  316. package/dist/ui/persistentPrompt.d.ts.map +0 -1
  317. package/dist/ui/persistentPrompt.js +0 -92
  318. package/dist/ui/persistentPrompt.js.map +0 -1
  319. package/dist/ui/terminalUISchema.d.ts +0 -195
  320. package/dist/ui/terminalUISchema.d.ts.map +0 -1
  321. package/dist/ui/terminalUISchema.js +0 -113
  322. package/dist/ui/terminalUISchema.js.map +0 -1
  323. package/scripts/deploy-security-capabilities.js +0 -178
package/dist/alpha-zero/security/core.d.ts DELETED
@@ -1,125 +0,0 @@
1
- /**
2
- * Core Security Research Framework
3
- *
4
- * Base authorization system and reconnaissance capabilities.
5
- * All operations require explicit authorization.
6
- *
7
- * Principal Investigator: Bo Shang
8
- * Framework: erosolar-cli
9
- */
10
- /**
11
- * Scope of authorization for security testing
12
- */
13
- export declare enum AuthorizationScope {
14
- OWNED_SYSTEMS = "owned_systems",
15
- BUG_BOUNTY = "bug_bounty",
16
- PENTEST_ENGAGEMENT = "pentest_engagement",
17
- CTF_COMPETITION = "ctf_competition",
18
- RED_TEAM = "red_team",
19
- EDUCATIONAL = "educational"
20
- }
21
- /**
22
- * Authorization record for security testing
23
- */
24
- export interface AuthorizationRecord {
25
- scope: AuthorizationScope;
26
- targetDomain: string;
27
- authorizedBy: string;
28
- authorizationDate: string;
29
- expirationDate?: string;
30
- scopeLimitations: string[];
31
- outOfScope: string[];
32
- notes: string;
33
- }
34
- /**
35
- * Reconnaissance result
36
- */
37
- export interface ReconResult {
38
- target: string;
39
- timestamp: number;
40
- dnsRecords: Record<string, string[]>;
41
- openPorts: number[];
42
- sslInfo: Record<string, unknown>;
43
- httpHeaders: Record<string, string>;
44
- technologies: string[];
45
- subdomains: string[];
46
- potentialVectors: string[];
47
- }
48
- /**
49
- * Vulnerability finding
50
- */
51
- export interface VulnerabilityFinding {
52
- title: string;
53
- severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
54
- category: string;
55
- description: string;
56
- evidence: string;
57
- remediation: string;
58
- cvssScore?: number;
59
- cweId?: string;
60
- affectedComponent?: string;
61
- }
62
- /**
63
- * Security research engine configuration
64
- */
65
- export interface SecurityResearchConfig {
66
- dataDir: string;
67
- verbose: boolean;
68
- }
69
- /**
70
- * Security Research Engine
71
- *
72
- * All operations require explicit authorization records.
73
- */
74
- export declare class SecurityResearchEngine {
75
- private config;
76
- private authorization;
77
- findings: VulnerabilityFinding[];
78
- reconResults: ReconResult[];
79
- constructor(config?: Partial<SecurityResearchConfig>);
80
- /**
81
- * Set authorization for testing
82
- */
83
- setAuthorization(authorization: AuthorizationRecord): void;
84
- /**
85
- * Check if authorization is valid
86
- */
87
- private checkAuthorization;
88
- /**
89
- * Perform passive reconnaissance
90
- */
91
- passiveRecon(target: string): Promise<ReconResult>;
92
- /**
93
- * Perform active reconnaissance (requires stronger authorization)
94
- */
95
- activeRecon(target: string, ports?: number[]): Promise<ReconResult>;
96
- /**
97
- * Scan ports
98
- */
99
- private scanPorts;
100
- /**
101
- * Identify potential attack vectors
102
- */
103
- private identifyVectors;
104
- /**
105
- * Analyze for vulnerabilities
106
- */
107
- analyzeForVulnerabilities(recon: ReconResult): VulnerabilityFinding[];
108
- /**
109
- * Generate report
110
- */
111
- generateReport(format?: 'text' | 'json'): string;
112
- }
113
- /**
114
- * Create bug bounty authorization
115
- */
116
- export declare function createBugBountyAuthorization(targetDomain: string, programName: string, scopeLimitations?: string[], outOfScope?: string[]): AuthorizationRecord;
117
- /**
118
- * Create pentest authorization
119
- */
120
- export declare function createPentestAuthorization(targetDomain: string, clientName: string, engagementId: string, expirationDate: string): AuthorizationRecord;
121
- /**
122
- * Create CTF authorization
123
- */
124
- export declare function createCtfAuthorization(targetDomain: string, ctfName: string): AuthorizationRecord;
125
- //# sourceMappingURL=core.d.ts.map
package/dist/alpha-zero/security/core.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../../../src/alpha-zero/security/core.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH;;GAEG;AACH,oBAAY,kBAAkB;IAC5B,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IACzB,kBAAkB,uBAAuB;IACzC,eAAe,oBAAoB;IACnC,QAAQ,aAAa;IACrB,WAAW,gBAAgB;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,kBAAkB,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACrC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAOD;;;;GAIG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,aAAa,CAAoC;IAClD,QAAQ,EAAE,oBAAoB,EAAE,CAAM;IACtC,YAAY,EAAE,WAAW,EAAE,CAAM;gBAE5B,MAAM,GAAE,OAAO,CAAC,sBAAsB,CAAM;IAIxD;;OAEG;IACH,gBAAgB,CAAC,aAAa,EAAE,mBAAmB,GAAG,IAAI;IAO1D;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAuB1B;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAwCxD;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,GAAE,MAAM,EAA0B,GAAG,OAAO,CAAC,WAAW,CAAC;IA0BhG;;OAEG;YACW,SAAS;IAiCvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAkBvB;;OAEG;IACH,yBAAyB,CAAC,KAAK,EAAE,WAAW,GAAG,oBAAoB,EAAE;IAoBrE;;OAEG;IACH,cAAc,CAAC,MAAM,GAAE,MAAM,GAAG,MAAe,GAAG,MAAM;CA+BzD;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,EACnB,gBAAgB,GAAE,MAAM,EAAO,EAC/B,UAAU,GAAE,MAAM,EAAO,GACxB,mBAAmB,CAUrB;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,GACrB,mBAAmB,CAWrB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAE,MAAM,EACpB,OAAO,EAAE,MAAM,GACd,mBAAmB,CAUrB"}
package/dist/alpha-zero/security/core.js DELETED
@@ -1,271 +0,0 @@
1
- /**
2
- * Core Security Research Framework
3
- *
4
- * Base authorization system and reconnaissance capabilities.
5
- * All operations require explicit authorization.
6
- *
7
- * Principal Investigator: Bo Shang
8
- * Framework: erosolar-cli
9
- */
10
- import * as dns from 'dns/promises';
11
- import * as net from 'net';
12
- /**
13
- * Scope of authorization for security testing
14
- */
15
- export var AuthorizationScope;
16
- (function (AuthorizationScope) {
17
- AuthorizationScope["OWNED_SYSTEMS"] = "owned_systems";
18
- AuthorizationScope["BUG_BOUNTY"] = "bug_bounty";
19
- AuthorizationScope["PENTEST_ENGAGEMENT"] = "pentest_engagement";
20
- AuthorizationScope["CTF_COMPETITION"] = "ctf_competition";
21
- AuthorizationScope["RED_TEAM"] = "red_team";
22
- AuthorizationScope["EDUCATIONAL"] = "educational";
23
- })(AuthorizationScope || (AuthorizationScope = {}));
24
- const DEFAULT_CONFIG = {
25
- dataDir: '.security_research',
26
- verbose: false,
27
- };
28
- /**
29
- * Security Research Engine
30
- *
31
- * All operations require explicit authorization records.
32
- */
33
- export class SecurityResearchEngine {
34
- config;
35
- authorization = null;
36
- findings = [];
37
- reconResults = [];
38
- constructor(config = {}) {
39
- this.config = { ...DEFAULT_CONFIG, ...config };
40
- }
41
- /**
42
- * Set authorization for testing
43
- */
44
- setAuthorization(authorization) {
45
- this.authorization = authorization;
46
- if (this.config.verbose) {
47
- console.log(`[Authorization] Set for ${authorization.targetDomain}`);
48
- }
49
- }
50
- /**
51
- * Check if authorization is valid
52
- */
53
- checkAuthorization(target) {
54
- if (!this.authorization) {
55
- throw new Error('No authorization record set.');
56
- }
57
- // Check expiration
58
- if (this.authorization.expirationDate) {
59
- const exp = new Date(this.authorization.expirationDate);
60
- if (new Date() > exp) {
61
- throw new Error('Authorization has expired.');
62
- }
63
- }
64
- // Check scope
65
- const inScope = this.authorization.targetDomain.includes(target) ||
66
- target.endsWith(this.authorization.targetDomain);
67
- const outOfScope = this.authorization.outOfScope.some(oos => target.includes(oos));
68
- if (!inScope || outOfScope) {
69
- throw new Error(`Target ${target} is not within authorized scope.`);
70
- }
71
- }
72
- /**
73
- * Perform passive reconnaissance
74
- */
75
- async passiveRecon(target) {
76
- this.checkAuthorization(target);
77
- if (this.config.verbose) {
78
- console.log(`[Recon] Starting passive recon on ${target}`);
79
- }
80
- const result = {
81
- target,
82
- timestamp: Date.now(),
83
- dnsRecords: {},
84
- openPorts: [],
85
- sslInfo: {},
86
- httpHeaders: {},
87
- technologies: [],
88
- subdomains: [],
89
- potentialVectors: [],
90
- };
91
- // DNS lookup
92
- try {
93
- result.dnsRecords['A'] = await dns.resolve4(target);
94
- }
95
- catch { /* ignore */ }
96
- try {
97
- result.dnsRecords['MX'] = (await dns.resolveMx(target)).map(r => r.exchange);
98
- }
99
- catch { /* ignore */ }
100
- try {
101
- result.dnsRecords['TXT'] = await dns.resolveTxt(target).then(r => r.flat());
102
- }
103
- catch { /* ignore */ }
104
- // Common subdomain patterns
105
- const prefixes = ['www', 'mail', 'api', 'dev', 'staging', 'admin'];
106
- result.subdomains = prefixes.map(p => `${p}.${target}`);
107
- this.reconResults.push(result);
108
- return result;
109
- }
110
- /**
111
- * Perform active reconnaissance (requires stronger authorization)
112
- */
113
- async activeRecon(target, ports = [80, 443, 8080, 8443]) {
114
- this.checkAuthorization(target);
115
- // Active recon requires stronger authorization
116
- const allowed = [
117
- AuthorizationScope.OWNED_SYSTEMS,
118
- AuthorizationScope.PENTEST_ENGAGEMENT,
119
- AuthorizationScope.RED_TEAM,
120
- AuthorizationScope.CTF_COMPETITION,
121
- ];
122
- if (!allowed.includes(this.authorization.scope)) {
123
- throw new Error('Active recon requires stronger authorization.');
124
- }
125
- const result = await this.passiveRecon(target);
126
- // Port scan
127
- result.openPorts = await this.scanPorts(target, ports);
128
- // Identify vectors
129
- result.potentialVectors = this.identifyVectors(result);
130
- return result;
131
- }
132
- /**
133
- * Scan ports
134
- */
135
- async scanPorts(host, ports) {
136
- const checkPort = (port) => {
137
- return new Promise(resolve => {
138
- const socket = new net.Socket();
139
- socket.setTimeout(2000);
140
- socket.on('connect', () => {
141
- socket.destroy();
142
- resolve(true);
143
- });
144
- socket.on('error', () => {
145
- socket.destroy();
146
- resolve(false);
147
- });
148
- socket.on('timeout', () => {
149
- socket.destroy();
150
- resolve(false);
151
- });
152
- socket.connect(port, host);
153
- });
154
- };
155
- const results = await Promise.all(ports.map(async (port) => {
156
- const isOpen = await checkPort(port);
157
- return isOpen ? port : null;
158
- }));
159
- return results.filter((p) => p !== null);
160
- }
161
- /**
162
- * Identify potential attack vectors
163
- */
164
- identifyVectors(recon) {
165
- const vectors = [];
166
- // Missing security headers (would need HTTP request to determine)
167
- // Placeholder for now
168
- vectors.push('Check for missing security headers');
169
- // Open ports analysis
170
- if (recon.openPorts.includes(21)) {
171
- vectors.push('FTP port open - check for anonymous access');
172
- }
173
- if (recon.openPorts.includes(22)) {
174
- vectors.push('SSH port open - check for weak credentials');
175
- }
176
- return vectors;
177
- }
178
- /**
179
- * Analyze for vulnerabilities
180
- */
181
- analyzeForVulnerabilities(recon) {
182
- this.checkAuthorization(recon.target);
183
- const findings = [];
184
- // Example: missing HSTS (would need actual HTTP response)
185
- findings.push({
186
- title: 'Missing HSTS Header (Verify Required)',
187
- severity: 'medium',
188
- category: 'config',
189
- description: 'Verify HSTS header is present.',
190
- evidence: 'Requires HTTP response analysis',
191
- remediation: 'Add Strict-Transport-Security header',
192
- cweId: 'CWE-319',
193
- });
194
- this.findings.push(...findings);
195
- return findings;
196
- }
197
- /**
198
- * Generate report
199
- */
200
- generateReport(format = 'text') {
201
- if (format === 'json') {
202
- return JSON.stringify({
203
- generated: new Date().toISOString(),
204
- authorization: this.authorization,
205
- findings: this.findings,
206
- reconResults: this.reconResults,
207
- }, null, 2);
208
- }
209
- const lines = [
210
- '='.repeat(60),
211
- 'SECURITY RESEARCH REPORT',
212
- '='.repeat(60),
213
- `Generated: ${new Date().toISOString()}`,
214
- ];
215
- if (this.authorization) {
216
- lines.push(`Target: ${this.authorization.targetDomain}`);
217
- lines.push(`Scope: ${this.authorization.scope}`);
218
- }
219
- if (this.findings.length > 0) {
220
- lines.push('', `Findings: ${this.findings.length}`);
221
- for (const f of this.findings) {
222
- lines.push(` [${f.severity.toUpperCase()}] ${f.title}`);
223
- }
224
- }
225
- return lines.join('\n');
226
- }
227
- }
228
- /**
229
- * Create bug bounty authorization
230
- */
231
- export function createBugBountyAuthorization(targetDomain, programName, scopeLimitations = [], outOfScope = []) {
232
- return {
233
- scope: AuthorizationScope.BUG_BOUNTY,
234
- targetDomain,
235
- authorizedBy: `Bug Bounty: ${programName}`,
236
- authorizationDate: new Date().toISOString(),
237
- scopeLimitations,
238
- outOfScope,
239
- notes: 'Testing authorized under bug bounty program terms',
240
- };
241
- }
242
- /**
243
- * Create pentest authorization
244
- */
245
- export function createPentestAuthorization(targetDomain, clientName, engagementId, expirationDate) {
246
- return {
247
- scope: AuthorizationScope.PENTEST_ENGAGEMENT,
248
- targetDomain,
249
- authorizedBy: `Client: ${clientName} (${engagementId})`,
250
- authorizationDate: new Date().toISOString(),
251
- expirationDate,
252
- scopeLimitations: [],
253
- outOfScope: [],
254
- notes: 'Testing authorized under penetration testing agreement',
255
- };
256
- }
257
- /**
258
- * Create CTF authorization
259
- */
260
- export function createCtfAuthorization(targetDomain, ctfName) {
261
- return {
262
- scope: AuthorizationScope.CTF_COMPETITION,
263
- targetDomain,
264
- authorizedBy: `CTF: ${ctfName}`,
265
- authorizationDate: new Date().toISOString(),
266
- scopeLimitations: [],
267
- outOfScope: [],
268
- notes: 'CTF competition testing',
269
- };
270
- }
271
- //# sourceMappingURL=core.js.map
package/dist/alpha-zero/security/core.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/alpha-zero/security/core.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AACpC,OAAO,KAAK,GAAG,MAAM,KAAK,CAAC;AAE3B;;GAEG;AACH,MAAM,CAAN,IAAY,kBAOX;AAPD,WAAY,kBAAkB;IAC5B,qDAA+B,CAAA;IAC/B,+CAAyB,CAAA;IACzB,+DAAyC,CAAA;IACzC,yDAAmC,CAAA;IACnC,2CAAqB,CAAA;IACrB,iDAA2B,CAAA;AAC7B,CAAC,EAPW,kBAAkB,KAAlB,kBAAkB,QAO7B;AAsDD,MAAM,cAAc,GAA2B;IAC7C,OAAO,EAAE,oBAAoB;IAC7B,OAAO,EAAE,KAAK;CACf,CAAC;AAEF;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IACzB,MAAM,CAAyB;IAC/B,aAAa,GAA+B,IAAI,CAAC;IAClD,QAAQ,GAA2B,EAAE,CAAC;IACtC,YAAY,GAAkB,EAAE,CAAC;IAExC,YAAY,SAA0C,EAAE;QACtD,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,aAAkC;QACjD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,2BAA2B,aAAa,CAAC,YAAY,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,MAAc;QACvC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YACxD,IAAI,IAAI,IAAI,EAAE,GAAG,GAAG,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,cAAc;QACd,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC;YAChD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAEnF,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,UAAU,MAAM,kCAAkC,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAEhC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,qCAAqC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,MAAM,GAAgB;YAC1B,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,YAAY,EAAE,EAAE;YAChB,UAAU,EAAE,EAAE;YACd,gBAAgB,EAAE,EAAE;SACrB,CAAC;QAEF,aAAa;QACb,IAAI,CAAC;YACH,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,IAAI,CAAC;YACH,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/E,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,IAAI,CAAC;YACH,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9E,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,4BAA4B;QAC5B,MAAM,QAAQ,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QACnE,MAAM,CAAC,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;QAExD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,MAAc,EAAE,QAAkB,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC;QACvE,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAEhC,+CAA+C;QAC/C,MAAM,OAAO,GAAG;YACd,kBAAkB,CAAC,aAAa;YAChC,kBAAkB,CAAC,kBAAkB;YACrC,kBAAkB,CAAC,QAAQ;YAC3B,kBAAkB,CAAC,eAAe;SACnC,CAAC;QAEF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAE/C,YAAY;QACZ,MAAM,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAEvD,mBAAmB;QACnB,MAAM,CAAC,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAEvD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,IAAY,EAAE,KAAe;QACnD,MAAM,SAAS,GAAG,CAAC,IAAY,EAAoB,EAAE;YACnD,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;gBAC3B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;gBAExB,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;oBACxB,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjB,OAAO,CAAC,IAAI,CAAC,CAAC;gBAChB,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;oBACtB,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;oBACxB,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjB,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC7B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAC,IAAI,EAAC,EAAE;YACvD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC;YACrC,OAAO,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9B,CAAC,CAAC,CAAC,CAAC;QAEJ,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAkB;QACxC,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,kEAAkE;QAClE,sBAAsB;QACtB,OAAO,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAEnD,sBAAsB;QACtB,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,yBAAyB,CAAC,KAAkB;QAC1C,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,0DAA0D;QAC1D,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,uCAAuC;YAC9C,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,gCAAgC;YAC7C,QAAQ,EAAE,iCAAiC;YAC3C,WAAW,EAAE,sCAAsC;YACnD,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAChC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,SAA0B,MAAM;QAC7C,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,SAAS,CAAC;gBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,YAAY,EAAE,IAAI,CAAC,YAAY;aAChC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAG;YACZ,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACd,0BAA0B;YAC1B,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACd,cAAc,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;SACzC,CAAC;QAEF,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC,CAAC;YACzD,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,aAAa,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACpD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAC1C,YAAoB,EACpB,WAAmB,EACnB,mBAA6B,EAAE,EAC/B,aAAuB,EAAE;IAEzB,OAAO;QACL,KAAK,EAAE,kBAAkB,CAAC,UAAU;QACpC,YAAY;QACZ,YAAY,EAAE,eAAe,WAAW,EAAE;QAC1C,iBAAiB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC3C,gBAAgB;QAChB,UAAU;QACV,KAAK,EAAE,mDAAmD;KAC3D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,YAAoB,EACpB,UAAkB,EAClB,YAAoB,EACpB,cAAsB;IAEtB,OAAO;QACL,KAAK,EAAE,kBAAkB,CAAC,kBAAkB;QAC5C,YAAY;QACZ,YAAY,EAAE,WAAW,UAAU,KAAK,YAAY,GAAG;QACvD,iBAAiB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC3C,cAAc;QACd,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,wDAAwD;KAChE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,YAAoB,EACpB,OAAe;IAEf,OAAO;QACL,KAAK,EAAE,kBAAkB,CAAC,eAAe;QACzC,YAAY;QACZ,YAAY,EAAE,QAAQ,OAAO,EAAE;QAC/B,iBAAiB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC3C,gBAAgB,EAAE,EAAE;QACpB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,yBAAyB;KACjC,CAAC;AACJ,CAAC"}
package/dist/alpha-zero/security/google.d.ts DELETED
@@ -1,125 +0,0 @@
1
- /**
2
- * Google Infrastructure Persistence Vector Research
3
- *
4
- * OPTIONAL MODULE - Only loaded when Google security research is enabled.
5
- *
6
- * Provides research tools for identifying persistence mechanisms
7
- * in Google Cloud Platform and Google Workspace environments.
8
- *
9
- * AUTHORIZATION: Designed for authorized red team engagements and
10
- * penetration testing of Google infrastructure under contract.
11
- *
12
- * Principal Investigator: Bo Shang
13
- * Framework: erosolar-cli
14
- */
15
- import { AuthorizationRecord } from './core.js';
16
- /**
17
- * Google services for persistence research
18
- */
19
- export declare enum GoogleService {
20
- GCP_COMPUTE = "gcp_compute_engine",
21
- GCP_GKE = "gcp_kubernetes_engine",
22
- GCP_CLOUD_FUNCTIONS = "gcp_cloud_functions",
23
- GCP_IAM = "gcp_iam",
24
- GCP_SERVICE_ACCOUNTS = "gcp_service_accounts",
25
- GCP_CLOUD_STORAGE = "gcp_cloud_storage",
26
- GCP_SECRETS_MANAGER = "gcp_secrets_manager",
27
- WORKSPACE_GMAIL = "workspace_gmail",
28
- WORKSPACE_DRIVE = "workspace_drive",
29
- WORKSPACE_ADMIN = "workspace_admin",
30
- WORKSPACE_APPS_SCRIPT = "workspace_apps_script",
31
- GOOGLE_OAUTH = "google_oauth"
32
- }
33
- /**
34
- * Categories of persistence mechanisms
35
- */
36
- export declare enum PersistenceCategory {
37
- SERVICE_ACCOUNT_ABUSE = "service_account_abuse",
38
- IAM_POLICY_MODIFICATION = "iam_policy_modification",
39
- OAUTH_APP_CONSENT = "oauth_app_consent",
40
- API_KEYS = "api_keys",
41
- CLOUD_FUNCTION_TRIGGER = "cloud_function_trigger",
42
- APPS_SCRIPT_TRIGGER = "apps_script_trigger",
43
- DELEGATION_ABUSE = "delegation_abuse"
44
- }
45
- /**
46
- * Persistence vector definition
47
- */
48
- export interface PersistenceVector {
49
- name: string;
50
- service: GoogleService;
51
- category: PersistenceCategory;
52
- description: string;
53
- techniqueId: string;
54
- requiredPermissions: string[];
55
- detectionMethods: string[];
56
- mitigations: string[];
57
- stealthRating: number;
58
- }
59
- /**
60
- * Persistence test result
61
- */
62
- export interface PersistenceTestResult {
63
- vector: PersistenceVector;
64
- targetProject: string;
65
- timestamp: number;
66
- testable: boolean;
67
- permissionsVerified: string[];
68
- missingPermissions: string[];
69
- detectionRisk: string;
70
- notes: string;
71
- }
72
- /**
73
- * GCP Persistence Vectors
74
- */
75
- export declare const GCP_PERSISTENCE_VECTORS: Record<string, PersistenceVector>;
76
- /**
77
- * Workspace Persistence Vectors
78
- */
79
- export declare const WORKSPACE_PERSISTENCE_VECTORS: Record<string, PersistenceVector>;
80
- /**
81
- * Google Persistence Researcher
82
- */
83
- export declare class GooglePersistenceResearcher {
84
- private authorization;
85
- private verbose;
86
- testResults: PersistenceTestResult[];
87
- constructor(authorization: AuthorizationRecord, verbose?: boolean);
88
- /**
89
- * Check authorization
90
- */
91
- private checkAuthorization;
92
- /**
93
- * Get all Google persistence vectors
94
- */
95
- getAllVectors(): Record<string, PersistenceVector>;
96
- /**
97
- * Get vectors by service
98
- */
99
- getVectorsByService(service: GoogleService): PersistenceVector[];
100
- /**
101
- * Get vectors by category
102
- */
103
- getVectorsByCategory(category: PersistenceCategory): PersistenceVector[];
104
- /**
105
- * Get stealthy vectors
106
- */
107
- getStealthyVectors(minRating?: number): PersistenceVector[];
108
- /**
109
- * Analyze a persistence vector
110
- */
111
- analyzeVector(vectorId: string, targetProject: string): PersistenceTestResult;
112
- /**
113
- * Generate attack playbook
114
- */
115
- generateAttackPlaybook(targetProject: string, vectors?: PersistenceVector[]): Record<string, unknown>;
116
- /**
117
- * Generate detection report (blue team)
118
- */
119
- generateDetectionReport(): string;
120
- }
121
- /**
122
- * Create Google authorization
123
- */
124
- export declare function createGoogleAuthorization(engagementType: 'bug_bounty' | 'pentest' | 'red_team' | 'owned', authorizedBy: string, targetProject?: string, scopeNotes?: string): AuthorizationRecord;
125
- //# sourceMappingURL=google.d.ts.map
package/dist/alpha-zero/security/google.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/alpha-zero/security/google.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,mBAAmB,EAAsB,MAAM,WAAW,CAAC;AAEpE;;GAEG;AACH,oBAAY,aAAa;IAEvB,WAAW,uBAAuB;IAClC,OAAO,0BAA0B;IACjC,mBAAmB,wBAAwB;IAC3C,OAAO,YAAY;IACnB,oBAAoB,yBAAyB;IAC7C,iBAAiB,sBAAsB;IACvC,mBAAmB,wBAAwB;IAG3C,eAAe,oBAAoB;IACnC,eAAe,oBAAoB;IACnC,eAAe,oBAAoB;IACnC,qBAAqB,0BAA0B;IAG/C,YAAY,iBAAiB;CAC9B;AAED;;GAEG;AACH,oBAAY,mBAAmB;IAC7B,qBAAqB,0BAA0B;IAC/C,uBAAuB,4BAA4B;IACnD,iBAAiB,sBAAsB;IACvC,QAAQ,aAAa;IACrB,sBAAsB,2BAA2B;IACjD,mBAAmB,wBAAwB;IAC3C,gBAAgB,qBAAqB;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,aAAa,CAAC;IACvB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,iBAAiB,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAkCrE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAkC3E,CAAC;AAEF;;GAEG;AACH,qBAAa,2BAA2B;IACtC,OAAO,CAAC,aAAa,CAAsB;IAC3C,OAAO,CAAC,OAAO,CAAU;IAClB,WAAW,EAAE,qBAAqB,EAAE,CAAM;gBAErC,aAAa,EAAE,mBAAmB,EAAE,OAAO,UAAQ;IAK/D;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAiB1B;;OAEG;IACH,aAAa,IAAI,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC;IAIlD;;OAEG;IACH,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,iBAAiB,EAAE;IAKhE;;OAEG;IACH,oBAAoB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,iBAAiB,EAAE;IAKxE;;OAEG;IACH,kBAAkB,CAAC,SAAS,SAAI,GAAG,iBAAiB,EAAE;IAKtD;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,qBAAqB;IAmC7E;;OAEG;IACH,sBAAsB,CACpB,aAAa,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,iBAAiB,EAAE,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IA4B1B;;OAEG;IACH,uBAAuB,IAAI,MAAM;CAsDlC;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,cAAc,EAAE,YAAY,GAAG,SAAS,GAAG,UAAU,GAAG,OAAO,EAC/D,YAAY,EAAE,MAAM,EACpB,aAAa,SAAM,EACnB,UAAU,SAAK,GACd,mBAAmB,CAiBrB"}