erosolar-cli 2.1.245 → 2.1.247
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/capabilities/index.d.ts +1 -0
- package/dist/capabilities/index.d.ts.map +1 -1
- package/dist/capabilities/index.js +1 -0
- package/dist/capabilities/index.js.map +1 -1
- package/dist/capabilities/orchestrationCapability.d.ts +27 -0
- package/dist/capabilities/orchestrationCapability.d.ts.map +1 -0
- package/dist/capabilities/orchestrationCapability.js +298 -0
- package/dist/capabilities/orchestrationCapability.js.map +1 -0
- package/dist/core/agentOrchestrator.d.ts +115 -0
- package/dist/core/agentOrchestrator.d.ts.map +1 -1
- package/dist/core/agentOrchestrator.js +360 -0
- package/dist/core/agentOrchestrator.js.map +1 -1
- package/dist/core/unifiedFraudOrchestrator.d.ts +74 -0
- package/dist/core/unifiedFraudOrchestrator.d.ts.map +1 -1
- package/dist/core/unifiedFraudOrchestrator.js +1013 -0
- package/dist/core/unifiedFraudOrchestrator.js.map +1 -1
- package/dist/tools/taoTools.d.ts.map +1 -1
- package/dist/tools/taoTools.js +855 -0
- package/dist/tools/taoTools.js.map +1 -1
- package/package.json +1 -1
package/dist/tools/taoTools.js
CHANGED
|
@@ -17251,6 +17251,861 @@ For authorized red team exercises and security research only.`,
|
|
|
17251
17251
|
}
|
|
17252
17252
|
},
|
|
17253
17253
|
},
|
|
17254
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
17255
|
+
// GLOBAL UNIFIED ORCHESTRATOR
|
|
17256
|
+
// All companies, governments, products, defense systems in one tool
|
|
17257
|
+
// ═══════════════════════════════════════════════════════════════════════════
|
|
17258
|
+
{
|
|
17259
|
+
name: 'GlobalOrchestrator',
|
|
17260
|
+
description: `Unified orchestrator for ALL target categories: enterprises, governments, defense systems, products, and critical infrastructure.
|
|
17261
|
+
|
|
17262
|
+
Target Categories:
|
|
17263
|
+
- ENTERPRISE: Tech giants, financial institutions, healthcare, retail, media
|
|
17264
|
+
- GOVERNMENT: Federal agencies, state/local, intelligence, law enforcement
|
|
17265
|
+
- DEFENSE: Military branches, contractors, weapons systems, C4ISR
|
|
17266
|
+
- PRODUCTS: Cloud platforms, enterprise software, security tools, networking
|
|
17267
|
+
- INFRASTRUCTURE: Power grid, water, telecom, transportation, financial systems
|
|
17268
|
+
|
|
17269
|
+
Regions: US, EU, Five Eyes, Russia, China, Middle East, Asia Pacific, Global
|
|
17270
|
+
|
|
17271
|
+
For authorized red team exercises, security research, and penetration testing only.`,
|
|
17272
|
+
parameters: {
|
|
17273
|
+
type: 'object',
|
|
17274
|
+
required: ['operation'],
|
|
17275
|
+
properties: {
|
|
17276
|
+
operation: {
|
|
17277
|
+
type: 'string',
|
|
17278
|
+
enum: [
|
|
17279
|
+
'list_targets', 'get_target_profile', 'plan_operation',
|
|
17280
|
+
'execute_operation', 'get_attack_surface', 'map_dependencies',
|
|
17281
|
+
'identify_weakpoints', 'generate_playbook', 'cross_reference',
|
|
17282
|
+
'supply_chain_analysis', 'insider_threat_vectors', 'full_spectrum',
|
|
17283
|
+
],
|
|
17284
|
+
},
|
|
17285
|
+
category: {
|
|
17286
|
+
type: 'string',
|
|
17287
|
+
enum: ['enterprise', 'government', 'defense', 'products', 'infrastructure', 'all'],
|
|
17288
|
+
},
|
|
17289
|
+
subcategory: { type: 'string', description: 'Specific subcategory within category' },
|
|
17290
|
+
target: { type: 'string', description: 'Specific target name or identifier' },
|
|
17291
|
+
region: {
|
|
17292
|
+
type: 'string',
|
|
17293
|
+
enum: ['us', 'eu', 'five_eyes', 'russia', 'china', 'middle_east', 'asia_pacific', 'global'],
|
|
17294
|
+
},
|
|
17295
|
+
depth: { type: 'string', enum: ['surface', 'standard', 'deep', 'comprehensive'] },
|
|
17296
|
+
stealth: { type: 'string', enum: ['loud', 'moderate', 'quiet', 'ghost'] },
|
|
17297
|
+
objectives: { type: 'array', items: { type: 'string' } },
|
|
17298
|
+
},
|
|
17299
|
+
},
|
|
17300
|
+
handler: async (args) => {
|
|
17301
|
+
const operation = args['operation'];
|
|
17302
|
+
const category = args['category'] || 'all';
|
|
17303
|
+
const subcategory = args['subcategory'];
|
|
17304
|
+
const target = args['target'];
|
|
17305
|
+
const region = args['region'] || 'global';
|
|
17306
|
+
const depth = args['depth'] || 'standard';
|
|
17307
|
+
const stealth = args['stealth'] || 'moderate';
|
|
17308
|
+
const objectives = args['objectives'] || [];
|
|
17309
|
+
// ═══════════════════════════════════════════════════════════════════════
|
|
17310
|
+
// COMPREHENSIVE TARGET DATABASE
|
|
17311
|
+
// ═══════════════════════════════════════════════════════════════════════
|
|
17312
|
+
const targetDatabase = {
|
|
17313
|
+
enterprise: {
|
|
17314
|
+
tech_giants: {
|
|
17315
|
+
targets: [
|
|
17316
|
+
{ name: 'Google/Alphabet', sectors: ['search', 'cloud', 'android', 'ads'], employees: 190000, revenue: '$307B' },
|
|
17317
|
+
{ name: 'Microsoft', sectors: ['windows', 'azure', 'office365', 'github'], employees: 221000, revenue: '$211B' },
|
|
17318
|
+
{ name: 'Amazon/AWS', sectors: ['ecommerce', 'cloud', 'logistics'], employees: 1540000, revenue: '$574B' },
|
|
17319
|
+
{ name: 'Apple', sectors: ['devices', 'ios', 'services', 'payments'], employees: 164000, revenue: '$394B' },
|
|
17320
|
+
{ name: 'Meta/Facebook', sectors: ['social', 'messaging', 'vr', 'ads'], employees: 86000, revenue: '$134B' },
|
|
17321
|
+
{ name: 'Oracle', sectors: ['database', 'cloud', 'enterprise'], employees: 143000, revenue: '$50B' },
|
|
17322
|
+
{ name: 'Salesforce', sectors: ['crm', 'cloud', 'analytics'], employees: 79000, revenue: '$34B' },
|
|
17323
|
+
{ name: 'SAP', sectors: ['erp', 'enterprise', 'cloud'], employees: 107000, revenue: '$32B' },
|
|
17324
|
+
{ name: 'IBM', sectors: ['consulting', 'cloud', 'ai', 'mainframe'], employees: 288000, revenue: '$60B' },
|
|
17325
|
+
{ name: 'Cisco', sectors: ['networking', 'security', 'collaboration'], employees: 83000, revenue: '$57B' },
|
|
17326
|
+
],
|
|
17327
|
+
attack_vectors: ['cloud_misconfig', 'api_abuse', 'supply_chain', 'insider', 'zero_day'],
|
|
17328
|
+
common_vulns: ['SSRF', 'IDOR', 'OAuth_bypass', 'API_key_exposure', 'subdomain_takeover'],
|
|
17329
|
+
},
|
|
17330
|
+
financial: {
|
|
17331
|
+
targets: [
|
|
17332
|
+
{ name: 'JPMorgan Chase', type: 'bank', assets: '$3.7T', employees: 293000 },
|
|
17333
|
+
{ name: 'Bank of America', type: 'bank', assets: '$3.2T', employees: 217000 },
|
|
17334
|
+
{ name: 'Citigroup', type: 'bank', assets: '$2.4T', employees: 240000 },
|
|
17335
|
+
{ name: 'Wells Fargo', type: 'bank', assets: '$1.9T', employees: 234000 },
|
|
17336
|
+
{ name: 'Goldman Sachs', type: 'investment', assets: '$1.6T', employees: 49000 },
|
|
17337
|
+
{ name: 'Morgan Stanley', type: 'investment', assets: '$1.2T', employees: 82000 },
|
|
17338
|
+
{ name: 'BlackRock', type: 'asset_mgmt', aum: '$10T', employees: 19800 },
|
|
17339
|
+
{ name: 'Visa', type: 'payments', transactions: '259B/year', employees: 26500 },
|
|
17340
|
+
{ name: 'Mastercard', type: 'payments', transactions: '143B/year', employees: 29900 },
|
|
17341
|
+
{ name: 'PayPal', type: 'fintech', users: '435M', employees: 27800 },
|
|
17342
|
+
],
|
|
17343
|
+
attack_vectors: ['swift_compromise', 'atm_jackpot', 'wire_fraud', 'insider_trading', 'ransomware'],
|
|
17344
|
+
regulations: ['PCI-DSS', 'SOX', 'GLBA', 'FFIEC', 'NYDFS'],
|
|
17345
|
+
},
|
|
17346
|
+
healthcare: {
|
|
17347
|
+
targets: [
|
|
17348
|
+
{ name: 'UnitedHealth', type: 'insurance', revenue: '$324B', members: '152M' },
|
|
17349
|
+
{ name: 'CVS Health', type: 'pharmacy', revenue: '$322B', locations: 9900 },
|
|
17350
|
+
{ name: 'McKesson', type: 'distributor', revenue: '$276B' },
|
|
17351
|
+
{ name: 'AmerisourceBergen', type: 'distributor', revenue: '$238B' },
|
|
17352
|
+
{ name: 'Cigna', type: 'insurance', revenue: '$180B', members: '190M' },
|
|
17353
|
+
{ name: 'Cardinal Health', type: 'distributor', revenue: '$181B' },
|
|
17354
|
+
{ name: 'Anthem/Elevance', type: 'insurance', revenue: '$156B', members: '47M' },
|
|
17355
|
+
{ name: 'HCA Healthcare', type: 'hospitals', facilities: 182, employees: 275000 },
|
|
17356
|
+
{ name: 'Pfizer', type: 'pharma', revenue: '$100B', products: 350 },
|
|
17357
|
+
{ name: 'Johnson & Johnson', type: 'pharma', revenue: '$95B' },
|
|
17358
|
+
],
|
|
17359
|
+
attack_vectors: ['phi_exfil', 'ransomware', 'medical_device', 'ehr_compromise', 'supply_chain'],
|
|
17360
|
+
regulations: ['HIPAA', 'HITECH', 'FDA_21CFR11', 'GDPR'],
|
|
17361
|
+
},
|
|
17362
|
+
retail: {
|
|
17363
|
+
targets: [
|
|
17364
|
+
{ name: 'Walmart', revenue: '$611B', stores: 10500, employees: 2300000 },
|
|
17365
|
+
{ name: 'Amazon', revenue: '$574B', warehouses: 1137 },
|
|
17366
|
+
{ name: 'Costco', revenue: '$242B', stores: 861 },
|
|
17367
|
+
{ name: 'Home Depot', revenue: '$157B', stores: 2317 },
|
|
17368
|
+
{ name: 'Target', revenue: '$109B', stores: 1948 },
|
|
17369
|
+
{ name: 'Lowes', revenue: '$97B', stores: 1738 },
|
|
17370
|
+
{ name: 'Best Buy', revenue: '$46B', stores: 1144 },
|
|
17371
|
+
{ name: 'Walgreens', revenue: '$133B', stores: 8900 },
|
|
17372
|
+
{ name: 'Kroger', revenue: '$148B', stores: 2719 },
|
|
17373
|
+
{ name: 'Albertsons', revenue: '$77B', stores: 2271 },
|
|
17374
|
+
],
|
|
17375
|
+
attack_vectors: ['pos_malware', 'magecart', 'loyalty_fraud', 'inventory_manipulation', 'gift_card'],
|
|
17376
|
+
data_types: ['PCI', 'PII', 'loyalty_data', 'inventory', 'pricing'],
|
|
17377
|
+
},
|
|
17378
|
+
media_telecom: {
|
|
17379
|
+
targets: [
|
|
17380
|
+
{ name: 'AT&T', type: 'telecom', subscribers: '242M', revenue: '$121B' },
|
|
17381
|
+
{ name: 'Verizon', type: 'telecom', subscribers: '143M', revenue: '$137B' },
|
|
17382
|
+
{ name: 'T-Mobile', type: 'telecom', subscribers: '117M', revenue: '$80B' },
|
|
17383
|
+
{ name: 'Comcast', type: 'cable', subscribers: '32M', revenue: '$121B' },
|
|
17384
|
+
{ name: 'Disney', type: 'media', subscribers: '235M', revenue: '$88B' },
|
|
17385
|
+
{ name: 'Netflix', type: 'streaming', subscribers: '238M', revenue: '$33B' },
|
|
17386
|
+
{ name: 'Warner Bros Discovery', type: 'media', revenue: '$41B' },
|
|
17387
|
+
{ name: 'Paramount', type: 'media', revenue: '$30B' },
|
|
17388
|
+
{ name: 'News Corp', type: 'media', revenue: '$10B' },
|
|
17389
|
+
{ name: 'Charter', type: 'cable', subscribers: '32M', revenue: '$54B' },
|
|
17390
|
+
],
|
|
17391
|
+
attack_vectors: ['ss7_exploit', 'sim_swap', 'cdn_poison', 'content_injection', 'subscriber_fraud'],
|
|
17392
|
+
},
|
|
17393
|
+
},
|
|
17394
|
+
government: {
|
|
17395
|
+
us_federal: {
|
|
17396
|
+
executive: [
|
|
17397
|
+
{ name: 'White House / EOP', classification: 'TS/SCI', employees: 1800 },
|
|
17398
|
+
{ name: 'Department of Defense', budget: '$886B', employees: 3400000 },
|
|
17399
|
+
{ name: 'Department of State', budget: '$58B', embassies: 275 },
|
|
17400
|
+
{ name: 'Department of Justice', budget: '$38B', employees: 115000 },
|
|
17401
|
+
{ name: 'Department of Homeland Security', budget: '$60B', employees: 240000 },
|
|
17402
|
+
{ name: 'Department of Treasury', budget: '$16B', employees: 100000 },
|
|
17403
|
+
{ name: 'Department of Energy', budget: '$48B', national_labs: 17 },
|
|
17404
|
+
{ name: 'Department of Health & Human Services', budget: '$1.7T', employees: 80000 },
|
|
17405
|
+
{ name: 'Department of Transportation', budget: '$105B', employees: 55000 },
|
|
17406
|
+
{ name: 'Department of Veterans Affairs', budget: '$301B', employees: 412000 },
|
|
17407
|
+
],
|
|
17408
|
+
intelligence: [
|
|
17409
|
+
{ name: 'CIA', focus: 'HUMINT', budget: 'classified', employees: 21000 },
|
|
17410
|
+
{ name: 'NSA', focus: 'SIGINT', budget: 'classified', employees: 40000 },
|
|
17411
|
+
{ name: 'DIA', focus: 'military_intel', employees: 16500 },
|
|
17412
|
+
{ name: 'NGA', focus: 'GEOINT', employees: 14500 },
|
|
17413
|
+
{ name: 'NRO', focus: 'satellite', budget: 'classified' },
|
|
17414
|
+
{ name: 'FBI', focus: 'counterintel', employees: 35000 },
|
|
17415
|
+
{ name: 'DEA', focus: 'narcotics', employees: 10000 },
|
|
17416
|
+
{ name: 'CISA', focus: 'cyber_defense', employees: 3000 },
|
|
17417
|
+
{ name: 'Secret Service', focus: 'protection', employees: 7000 },
|
|
17418
|
+
{ name: 'ATF', focus: 'firearms', employees: 5000 },
|
|
17419
|
+
],
|
|
17420
|
+
law_enforcement: [
|
|
17421
|
+
{ name: 'FBI', field_offices: 56, employees: 35000 },
|
|
17422
|
+
{ name: 'US Marshals', districts: 94, employees: 5500 },
|
|
17423
|
+
{ name: 'ICE', focus: 'immigration', employees: 20000 },
|
|
17424
|
+
{ name: 'CBP', ports: 328, employees: 60000 },
|
|
17425
|
+
{ name: 'DEA', offices: 239, employees: 10000 },
|
|
17426
|
+
],
|
|
17427
|
+
attack_vectors: ['spearphishing', 'supply_chain', 'insider', 'zero_day', 'physical'],
|
|
17428
|
+
networks: ['JWICS', 'SIPRNet', 'NIPRNet', 'NSANet', 'IC_networks'],
|
|
17429
|
+
},
|
|
17430
|
+
us_state_local: {
|
|
17431
|
+
state_systems: [
|
|
17432
|
+
'DMV databases', 'Tax systems', 'Vital records', 'Court systems',
|
|
17433
|
+
'Election systems', 'Unemployment', 'Medicaid', 'Child welfare',
|
|
17434
|
+
'Law enforcement (CJIS)', 'Emergency services (911/CAD)',
|
|
17435
|
+
],
|
|
17436
|
+
attack_vectors: ['ransomware', 'voter_data', 'tax_fraud', 'identity_theft'],
|
|
17437
|
+
},
|
|
17438
|
+
five_eyes: {
|
|
17439
|
+
uk: [
|
|
17440
|
+
{ name: 'GCHQ', focus: 'SIGINT', employees: 6000 },
|
|
17441
|
+
{ name: 'MI5', focus: 'domestic', employees: 4400 },
|
|
17442
|
+
{ name: 'MI6/SIS', focus: 'foreign', employees: 3600 },
|
|
17443
|
+
{ name: 'MOD', budget: '£54B' },
|
|
17444
|
+
],
|
|
17445
|
+
canada: [
|
|
17446
|
+
{ name: 'CSE', focus: 'SIGINT' },
|
|
17447
|
+
{ name: 'CSIS', focus: 'intel' },
|
|
17448
|
+
{ name: 'RCMP', focus: 'federal_law' },
|
|
17449
|
+
],
|
|
17450
|
+
australia: [
|
|
17451
|
+
{ name: 'ASD', focus: 'SIGINT' },
|
|
17452
|
+
{ name: 'ASIO', focus: 'domestic' },
|
|
17453
|
+
{ name: 'ASIS', focus: 'foreign' },
|
|
17454
|
+
],
|
|
17455
|
+
new_zealand: [
|
|
17456
|
+
{ name: 'GCSB', focus: 'SIGINT' },
|
|
17457
|
+
{ name: 'NZSIS', focus: 'intel' },
|
|
17458
|
+
],
|
|
17459
|
+
},
|
|
17460
|
+
adversary_nations: {
|
|
17461
|
+
russia: [
|
|
17462
|
+
{ name: 'FSB', focus: 'domestic/cyber', apt_groups: ['APT28', 'APT29', 'Sandworm'] },
|
|
17463
|
+
{ name: 'SVR', focus: 'foreign', apt_groups: ['Cozy Bear'] },
|
|
17464
|
+
{ name: 'GRU', focus: 'military', apt_groups: ['Fancy Bear', 'Sandworm'] },
|
|
17465
|
+
],
|
|
17466
|
+
china: [
|
|
17467
|
+
{ name: 'MSS', focus: 'intel', apt_groups: ['APT1', 'APT10', 'APT41'] },
|
|
17468
|
+
{ name: 'PLA SSF', focus: 'cyber', apt_groups: ['Unit 61398', 'Unit 61486'] },
|
|
17469
|
+
{ name: 'MPS', focus: 'domestic' },
|
|
17470
|
+
],
|
|
17471
|
+
iran: [
|
|
17472
|
+
{ name: 'IRGC', apt_groups: ['APT33', 'APT34', 'APT35'] },
|
|
17473
|
+
{ name: 'MOIS', focus: 'intel' },
|
|
17474
|
+
],
|
|
17475
|
+
north_korea: [
|
|
17476
|
+
{ name: 'RGB', apt_groups: ['Lazarus', 'APT37', 'APT38', 'Kimsuky'] },
|
|
17477
|
+
],
|
|
17478
|
+
},
|
|
17479
|
+
},
|
|
17480
|
+
defense: {
|
|
17481
|
+
us_military: {
|
|
17482
|
+
branches: [
|
|
17483
|
+
{ name: 'US Army', personnel: 485000, budget: '$185B' },
|
|
17484
|
+
{ name: 'US Navy', personnel: 349000, ships: 290, budget: '$232B' },
|
|
17485
|
+
{ name: 'US Air Force', personnel: 329000, aircraft: 5200, budget: '$194B' },
|
|
17486
|
+
{ name: 'US Marine Corps', personnel: 177000, budget: '$52B' },
|
|
17487
|
+
{ name: 'US Space Force', personnel: 8600, budget: '$26B' },
|
|
17488
|
+
{ name: 'US Coast Guard', personnel: 44000, budget: '$14B' },
|
|
17489
|
+
],
|
|
17490
|
+
commands: [
|
|
17491
|
+
{ name: 'US Cyber Command', focus: 'cyber_ops', location: 'Fort Meade' },
|
|
17492
|
+
{ name: 'US Strategic Command', focus: 'nuclear', location: 'Offutt AFB' },
|
|
17493
|
+
{ name: 'US Indo-Pacific Command', focus: 'asia_pacific', location: 'Hawaii' },
|
|
17494
|
+
{ name: 'US European Command', focus: 'europe', location: 'Stuttgart' },
|
|
17495
|
+
{ name: 'US Central Command', focus: 'middle_east', location: 'Tampa' },
|
|
17496
|
+
{ name: 'US Special Operations Command', focus: 'spec_ops', location: 'Tampa' },
|
|
17497
|
+
{ name: 'US Transportation Command', focus: 'logistics', location: 'Scott AFB' },
|
|
17498
|
+
{ name: 'US Northern Command', focus: 'homeland', location: 'Peterson SFB' },
|
|
17499
|
+
{ name: 'US Southern Command', focus: 'latin_america', location: 'Miami' },
|
|
17500
|
+
{ name: 'US Africa Command', focus: 'africa', location: 'Stuttgart' },
|
|
17501
|
+
],
|
|
17502
|
+
},
|
|
17503
|
+
defense_contractors: {
|
|
17504
|
+
primes: [
|
|
17505
|
+
{ name: 'Lockheed Martin', revenue: '$67B', programs: ['F-35', 'F-22', 'C-130', 'Aegis', 'THAAD'] },
|
|
17506
|
+
{ name: 'RTX (Raytheon)', revenue: '$69B', programs: ['Patriot', 'Tomahawk', 'AMRAAM', 'Stinger'] },
|
|
17507
|
+
{ name: 'Northrop Grumman', revenue: '$37B', programs: ['B-21', 'B-2', 'Global Hawk', 'E-2D'] },
|
|
17508
|
+
{ name: 'Boeing Defense', revenue: '$23B', programs: ['F-15', 'F/A-18', 'KC-46', 'Apache', 'Chinook'] },
|
|
17509
|
+
{ name: 'General Dynamics', revenue: '$40B', programs: ['Abrams', 'Stryker', 'Virginia-class', 'Columbia-class'] },
|
|
17510
|
+
{ name: 'L3Harris', revenue: '$18B', focus: 'C4ISR' },
|
|
17511
|
+
{ name: 'BAE Systems', revenue: '$25B', programs: ['Bradley', 'M777', 'Typhoon'] },
|
|
17512
|
+
{ name: 'Leidos', revenue: '$15B', focus: 'IT/cyber' },
|
|
17513
|
+
{ name: 'SAIC', revenue: '$7B', focus: 'IT/intel' },
|
|
17514
|
+
{ name: 'Booz Allen Hamilton', revenue: '$9B', focus: 'consulting/cyber' },
|
|
17515
|
+
],
|
|
17516
|
+
cyber_defense: [
|
|
17517
|
+
{ name: 'Mandiant (Google)', focus: 'threat_intel' },
|
|
17518
|
+
{ name: 'CrowdStrike', focus: 'endpoint' },
|
|
17519
|
+
{ name: 'Palo Alto Networks', focus: 'network' },
|
|
17520
|
+
{ name: 'Fortinet', focus: 'firewall' },
|
|
17521
|
+
{ name: 'Splunk', focus: 'SIEM' },
|
|
17522
|
+
],
|
|
17523
|
+
},
|
|
17524
|
+
weapons_systems: {
|
|
17525
|
+
nuclear: ['Minuteman III', 'Trident II D5', 'B-52', 'B-2', 'B-21', 'Ohio-class', 'Columbia-class'],
|
|
17526
|
+
air_defense: ['Patriot', 'THAAD', 'Aegis', 'NASAMS', 'Stinger', 'SHORAD'],
|
|
17527
|
+
aircraft: ['F-35', 'F-22', 'F-15', 'F-16', 'F/A-18', 'B-1B', 'B-52', 'B-2', 'B-21', 'A-10'],
|
|
17528
|
+
missiles: ['Tomahawk', 'JASSM', 'AMRAAM', 'Sidewinder', 'Hellfire', 'Javelin', 'HIMARS/GMLRS'],
|
|
17529
|
+
naval: ['Gerald R. Ford-class', 'Nimitz-class', 'Arleigh Burke-class', 'Virginia-class', 'Zumwalt-class'],
|
|
17530
|
+
ground: ['Abrams M1A2', 'Bradley M2', 'Stryker', 'JLTV', 'Paladin M109A7'],
|
|
17531
|
+
space: ['GPS III', 'SBIRS', 'AEHF', 'WGS', 'Space Fence', 'X-37B'],
|
|
17532
|
+
cyber: ['USCYBERCOM tools', 'Equation Group', 'TAO'],
|
|
17533
|
+
},
|
|
17534
|
+
c4isr: {
|
|
17535
|
+
command_control: ['GCCS', 'DCGS', 'ABCS', 'TBMCS', 'JADOCS'],
|
|
17536
|
+
communications: ['MILSATCOM', 'SINCGARS', 'JTRS', 'WIN-T', 'MUOS'],
|
|
17537
|
+
computers: ['DISA networks', 'cloud_one', 'JWCC'],
|
|
17538
|
+
intelligence: ['DCGS', 'DGS', 'SIGINT platforms', 'ISR aircraft'],
|
|
17539
|
+
surveillance: ['Global Hawk', 'Predator/Reaper', 'JSTARS', 'Rivet Joint'],
|
|
17540
|
+
reconnaissance: ['U-2', 'SR-72', 'satellites'],
|
|
17541
|
+
},
|
|
17542
|
+
},
|
|
17543
|
+
products: {
|
|
17544
|
+
cloud_platforms: {
|
|
17545
|
+
iaas_paas: [
|
|
17546
|
+
{ name: 'AWS', services: 200, regions: 32, market_share: '31%' },
|
|
17547
|
+
{ name: 'Azure', services: 200, regions: 60, market_share: '24%' },
|
|
17548
|
+
{ name: 'Google Cloud', services: 150, regions: 37, market_share: '11%' },
|
|
17549
|
+
{ name: 'Oracle Cloud', services: 80, regions: 45 },
|
|
17550
|
+
{ name: 'IBM Cloud', services: 170, regions: 20 },
|
|
17551
|
+
{ name: 'Alibaba Cloud', regions: 28, market_share: '4%' },
|
|
17552
|
+
],
|
|
17553
|
+
saas: [
|
|
17554
|
+
{ name: 'Salesforce', users: '150K orgs', focus: 'CRM' },
|
|
17555
|
+
{ name: 'Microsoft 365', users: '345M', focus: 'productivity' },
|
|
17556
|
+
{ name: 'Google Workspace', users: '9M orgs', focus: 'productivity' },
|
|
17557
|
+
{ name: 'ServiceNow', focus: 'ITSM' },
|
|
17558
|
+
{ name: 'Workday', focus: 'HR/finance' },
|
|
17559
|
+
{ name: 'Slack', users: '20M', focus: 'messaging' },
|
|
17560
|
+
{ name: 'Zoom', users: '300M', focus: 'video' },
|
|
17561
|
+
{ name: 'Dropbox', users: '700M', focus: 'storage' },
|
|
17562
|
+
{ name: 'Box', focus: 'enterprise_storage' },
|
|
17563
|
+
{ name: 'Atlassian', focus: 'dev_tools' },
|
|
17564
|
+
],
|
|
17565
|
+
attack_vectors: ['iam_misconfig', 'ssrf', 'metadata_service', 'storage_bucket', 'api_key'],
|
|
17566
|
+
},
|
|
17567
|
+
enterprise_software: {
|
|
17568
|
+
erp: ['SAP S/4HANA', 'Oracle ERP Cloud', 'Microsoft Dynamics', 'Workday', 'Infor'],
|
|
17569
|
+
databases: ['Oracle DB', 'SQL Server', 'PostgreSQL', 'MySQL', 'MongoDB', 'Redis', 'Elasticsearch'],
|
|
17570
|
+
middleware: ['WebLogic', 'WebSphere', 'JBoss', 'Tomcat', 'IIS'],
|
|
17571
|
+
identity: ['Active Directory', 'Azure AD', 'Okta', 'Ping Identity', 'ForgeRock', 'CyberArk'],
|
|
17572
|
+
virtualization: ['VMware vSphere', 'Microsoft Hyper-V', 'Citrix', 'Nutanix', 'Proxmox'],
|
|
17573
|
+
containers: ['Kubernetes', 'Docker', 'OpenShift', 'Rancher', 'EKS', 'AKS', 'GKE'],
|
|
17574
|
+
},
|
|
17575
|
+
security_products: {
|
|
17576
|
+
endpoint: ['CrowdStrike', 'SentinelOne', 'Microsoft Defender', 'Carbon Black', 'Cylance', 'Sophos'],
|
|
17577
|
+
network: ['Palo Alto', 'Fortinet', 'Cisco', 'Check Point', 'Juniper', 'F5'],
|
|
17578
|
+
siem_soar: ['Splunk', 'Microsoft Sentinel', 'IBM QRadar', 'Elastic', 'Sumo Logic', 'Chronicle'],
|
|
17579
|
+
identity: ['Okta', 'Azure AD', 'CyberArk', 'BeyondTrust', 'Sailpoint'],
|
|
17580
|
+
email: ['Proofpoint', 'Mimecast', 'Microsoft Defender', 'Abnormal Security'],
|
|
17581
|
+
vulnerability: ['Qualys', 'Tenable', 'Rapid7', 'CrowdStrike'],
|
|
17582
|
+
attack_vectors: ['bypass_techniques', 'edr_unhook', 'amsi_bypass', 'etw_blind'],
|
|
17583
|
+
},
|
|
17584
|
+
networking: {
|
|
17585
|
+
routers_switches: ['Cisco', 'Juniper', 'Arista', 'HPE/Aruba', 'Extreme'],
|
|
17586
|
+
firewalls: ['Palo Alto', 'Fortinet', 'Cisco ASA/FTD', 'Check Point', 'Sophos'],
|
|
17587
|
+
load_balancers: ['F5', 'Citrix ADC', 'AWS ALB/NLB', 'Azure LB', 'HAProxy'],
|
|
17588
|
+
vpn: ['Cisco AnyConnect', 'Palo Alto GlobalProtect', 'Pulse Secure', 'Fortinet', 'OpenVPN'],
|
|
17589
|
+
sd_wan: ['Cisco Viptela', 'VMware VeloCloud', 'Palo Alto Prisma', 'Fortinet', 'Zscaler'],
|
|
17590
|
+
wifi: ['Cisco Meraki', 'Aruba', 'Ubiquiti', 'Ruckus', 'Fortinet'],
|
|
17591
|
+
attack_vectors: ['firmware_vuln', 'default_creds', 'config_leak', 'bgp_hijack', 'vlan_hop'],
|
|
17592
|
+
},
|
|
17593
|
+
},
|
|
17594
|
+
infrastructure: {
|
|
17595
|
+
energy: {
|
|
17596
|
+
power_grid: {
|
|
17597
|
+
entities: ['ISO-NE', 'NYISO', 'PJM', 'MISO', 'SPP', 'ERCOT', 'CAISO', 'WECC'],
|
|
17598
|
+
utilities: ['Duke Energy', 'Southern Company', 'Dominion', 'Exelon', 'AEP', 'NextEra'],
|
|
17599
|
+
protocols: ['DNP3', 'IEC 61850', 'IEC 60870-5-104', 'Modbus', 'OPC UA'],
|
|
17600
|
+
systems: ['SCADA', 'EMS', 'DMS', 'OMS', 'AMI', 'DER'],
|
|
17601
|
+
attack_scenarios: ['blackout', 'load_manipulation', 'generation_trip', 'cascading_failure'],
|
|
17602
|
+
},
|
|
17603
|
+
oil_gas: {
|
|
17604
|
+
majors: ['ExxonMobil', 'Chevron', 'Shell', 'BP', 'ConocoPhillips', 'TotalEnergies'],
|
|
17605
|
+
pipelines: ['Colonial', 'Kinder Morgan', 'Energy Transfer', 'Williams', 'Enbridge'],
|
|
17606
|
+
systems: ['SCADA', 'DCS', 'PLC', 'RTU', 'HMI'],
|
|
17607
|
+
protocols: ['Modbus', 'OPC', 'EtherNet/IP', 'HART', 'Foundation Fieldbus'],
|
|
17608
|
+
},
|
|
17609
|
+
nuclear: {
|
|
17610
|
+
operators: ['Exelon', 'Duke Energy', 'Southern Company', 'Dominion', 'Entergy'],
|
|
17611
|
+
reactors: 93,
|
|
17612
|
+
regulations: ['NRC', '10 CFR 73.54', 'NERC CIP'],
|
|
17613
|
+
systems: ['DCS', 'safety_systems', 'I&C', 'physical_security'],
|
|
17614
|
+
},
|
|
17615
|
+
},
|
|
17616
|
+
water: {
|
|
17617
|
+
systems: ['SCADA', 'PLC', 'RTU', 'HMI', 'chlorination', 'filtration'],
|
|
17618
|
+
attack_scenarios: ['chemical_dosing', 'pressure_manipulation', 'pump_damage'],
|
|
17619
|
+
examples: ['Oldsmar FL incident'],
|
|
17620
|
+
},
|
|
17621
|
+
transportation: {
|
|
17622
|
+
aviation: {
|
|
17623
|
+
systems: ['ATC', 'NextGen', 'SWIM', 'TFMS', 'ERAM', 'STARS'],
|
|
17624
|
+
airlines: ['Delta', 'United', 'American', 'Southwest', 'JetBlue'],
|
|
17625
|
+
airports: ['ATL', 'LAX', 'ORD', 'DFW', 'DEN', 'JFK'],
|
|
17626
|
+
},
|
|
17627
|
+
rail: {
|
|
17628
|
+
freight: ['BNSF', 'Union Pacific', 'CSX', 'Norfolk Southern'],
|
|
17629
|
+
passenger: ['Amtrak', 'commuter_rail', 'metro_systems'],
|
|
17630
|
+
systems: ['PTC', 'SCADA', 'signaling', 'dispatch'],
|
|
17631
|
+
},
|
|
17632
|
+
maritime: {
|
|
17633
|
+
ports: ['LA/Long Beach', 'NY/NJ', 'Savannah', 'Houston', 'Seattle'],
|
|
17634
|
+
systems: ['AIS', 'VTS', 'TWIC', 'port_management'],
|
|
17635
|
+
},
|
|
17636
|
+
},
|
|
17637
|
+
financial_systems: {
|
|
17638
|
+
payment_networks: ['SWIFT', 'Fedwire', 'CHIPS', 'ACH', 'RTP'],
|
|
17639
|
+
exchanges: ['NYSE', 'NASDAQ', 'CME', 'ICE', 'CBOE'],
|
|
17640
|
+
clearinghouses: ['DTCC', 'OCC', 'CME Clearing', 'ICE Clear'],
|
|
17641
|
+
attack_scenarios: ['wire_fraud', 'market_manipulation', 'trading_halt'],
|
|
17642
|
+
},
|
|
17643
|
+
communications: {
|
|
17644
|
+
telecom: ['AT&T', 'Verizon', 'T-Mobile', 'Lumen', 'Comcast'],
|
|
17645
|
+
internet: ['Level 3/Lumen', 'Cogent', 'GTT', 'Hurricane Electric', 'NTT'],
|
|
17646
|
+
dns: ['Verisign', 'ICANN', 'root_servers', 'major_resolvers'],
|
|
17647
|
+
systems: ['SS7', '5G core', 'IMS', 'BGP', 'DNS'],
|
|
17648
|
+
attack_scenarios: ['bgp_hijack', 'dns_poison', 'ss7_intercept', '5g_imsi'],
|
|
17649
|
+
},
|
|
17650
|
+
},
|
|
17651
|
+
};
|
|
17652
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
17653
|
+
const getTargetData = (cat, subcat) => {
|
|
17654
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
17655
|
+
const catData = targetDatabase[cat];
|
|
17656
|
+
if (!catData)
|
|
17657
|
+
return null;
|
|
17658
|
+
if (subcat) {
|
|
17659
|
+
return catData[subcat] || null;
|
|
17660
|
+
}
|
|
17661
|
+
return catData;
|
|
17662
|
+
};
|
|
17663
|
+
switch (operation) {
|
|
17664
|
+
case 'list_targets': {
|
|
17665
|
+
if (category === 'all') {
|
|
17666
|
+
return JSON.stringify({
|
|
17667
|
+
categories: Object.keys(targetDatabase),
|
|
17668
|
+
subcategories: Object.fromEntries(Object.entries(targetDatabase).map(([k, v]) => [k, Object.keys(v)])),
|
|
17669
|
+
total_targets: 'Comprehensive coverage of global attack surface',
|
|
17670
|
+
}, null, 2);
|
|
17671
|
+
}
|
|
17672
|
+
const data = getTargetData(category, subcategory);
|
|
17673
|
+
return JSON.stringify({
|
|
17674
|
+
category,
|
|
17675
|
+
subcategory: subcategory || 'all',
|
|
17676
|
+
data: data || { error: 'Category not found' },
|
|
17677
|
+
}, null, 2);
|
|
17678
|
+
}
|
|
17679
|
+
case 'get_target_profile': {
|
|
17680
|
+
if (!target) {
|
|
17681
|
+
return JSON.stringify({ error: 'Target name required' });
|
|
17682
|
+
}
|
|
17683
|
+
// Search across all categories
|
|
17684
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
17685
|
+
let found = null;
|
|
17686
|
+
let foundCategory = '';
|
|
17687
|
+
let foundSubcategory = '';
|
|
17688
|
+
for (const [cat, catData] of Object.entries(targetDatabase)) {
|
|
17689
|
+
for (const [subcat, subcatData] of Object.entries(catData)) {
|
|
17690
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
17691
|
+
const searchArray = subcatData.targets || subcatData.primes ||
|
|
17692
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
17693
|
+
subcatData.branches || subcatData.executive || [];
|
|
17694
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
17695
|
+
const match = searchArray.find((t) => t.name?.toLowerCase().includes(target.toLowerCase()));
|
|
17696
|
+
if (match) {
|
|
17697
|
+
found = match;
|
|
17698
|
+
foundCategory = cat;
|
|
17699
|
+
foundSubcategory = subcat;
|
|
17700
|
+
break;
|
|
17701
|
+
}
|
|
17702
|
+
}
|
|
17703
|
+
if (found)
|
|
17704
|
+
break;
|
|
17705
|
+
}
|
|
17706
|
+
if (!found) {
|
|
17707
|
+
return JSON.stringify({ error: 'Target not found', searched: target });
|
|
17708
|
+
}
|
|
17709
|
+
return JSON.stringify({
|
|
17710
|
+
target: found,
|
|
17711
|
+
category: foundCategory,
|
|
17712
|
+
subcategory: foundSubcategory,
|
|
17713
|
+
attack_surface: {
|
|
17714
|
+
external: ['web_apps', 'apis', 'email', 'vpn', 'cloud'],
|
|
17715
|
+
internal: ['active_directory', 'databases', 'file_shares', 'internal_apps'],
|
|
17716
|
+
supply_chain: ['vendors', 'contractors', 'software_dependencies'],
|
|
17717
|
+
physical: ['offices', 'data_centers', 'employees'],
|
|
17718
|
+
},
|
|
17719
|
+
recommended_approach: depth === 'comprehensive' ? 'full_spectrum' : 'targeted',
|
|
17720
|
+
}, null, 2);
|
|
17721
|
+
}
|
|
17722
|
+
case 'plan_operation': {
|
|
17723
|
+
const targetData = getTargetData(category, subcategory);
|
|
17724
|
+
return JSON.stringify({
|
|
17725
|
+
operation_plan: {
|
|
17726
|
+
target_category: category,
|
|
17727
|
+
subcategory: subcategory || 'all',
|
|
17728
|
+
region,
|
|
17729
|
+
depth,
|
|
17730
|
+
stealth,
|
|
17731
|
+
objectives,
|
|
17732
|
+
phases: [
|
|
17733
|
+
{ phase: 'reconnaissance', duration: depth === 'comprehensive' ? '2-4 weeks' : '3-7 days' },
|
|
17734
|
+
{ phase: 'initial_access', duration: '1-2 weeks' },
|
|
17735
|
+
{ phase: 'establish_persistence', duration: '2-3 days' },
|
|
17736
|
+
{ phase: 'privilege_escalation', duration: '3-5 days' },
|
|
17737
|
+
{ phase: 'internal_recon', duration: '1-2 weeks' },
|
|
17738
|
+
{ phase: 'lateral_movement', duration: '1-2 weeks' },
|
|
17739
|
+
{ phase: 'objective_execution', duration: 'varies' },
|
|
17740
|
+
{ phase: 'exfiltration', duration: '3-7 days' },
|
|
17741
|
+
{ phase: 'cleanup', duration: '1-2 days' },
|
|
17742
|
+
],
|
|
17743
|
+
attack_vectors: targetData?.attack_vectors || ['standard_vectors'],
|
|
17744
|
+
tools_required: ['recon_tools', 'exploit_frameworks', 'c2_infrastructure', 'exfil_channels'],
|
|
17745
|
+
risk_assessment: {
|
|
17746
|
+
detection_probability: stealth === 'ghost' ? 'low' : stealth === 'quiet' ? 'medium-low' : 'medium',
|
|
17747
|
+
attribution_risk: stealth === 'ghost' ? 'low' : 'medium',
|
|
17748
|
+
legal_exposure: 'HIGH - Ensure authorization',
|
|
17749
|
+
},
|
|
17750
|
+
},
|
|
17751
|
+
}, null, 2);
|
|
17752
|
+
}
|
|
17753
|
+
case 'execute_operation': {
|
|
17754
|
+
return JSON.stringify({
|
|
17755
|
+
status: 'operation_plan_generated',
|
|
17756
|
+
note: 'Use UnifiedAttackChain tool with execute_full_chain operation for actual execution',
|
|
17757
|
+
recommended_command: {
|
|
17758
|
+
tool: 'UnifiedAttackChain',
|
|
17759
|
+
operation: 'execute_full_chain',
|
|
17760
|
+
params: {
|
|
17761
|
+
targets: [target || category],
|
|
17762
|
+
depth,
|
|
17763
|
+
stealth_level: stealth,
|
|
17764
|
+
objectives,
|
|
17765
|
+
},
|
|
17766
|
+
},
|
|
17767
|
+
}, null, 2);
|
|
17768
|
+
}
|
|
17769
|
+
case 'get_attack_surface': {
|
|
17770
|
+
const targetData = getTargetData(category, subcategory);
|
|
17771
|
+
return JSON.stringify({
|
|
17772
|
+
category,
|
|
17773
|
+
subcategory,
|
|
17774
|
+
attack_surface: {
|
|
17775
|
+
external_perimeter: {
|
|
17776
|
+
web_applications: ['corporate_site', 'customer_portals', 'partner_portals', 'apis'],
|
|
17777
|
+
email: ['exchange', 'o365', 'google_workspace'],
|
|
17778
|
+
remote_access: ['vpn', 'rdp', 'citrix', 'ssh'],
|
|
17779
|
+
cloud: ['aws', 'azure', 'gcp', 'saas_apps'],
|
|
17780
|
+
mobile: ['mdm', 'byod', 'mobile_apps'],
|
|
17781
|
+
},
|
|
17782
|
+
internal_network: {
|
|
17783
|
+
identity: ['active_directory', 'ldap', 'okta', 'azure_ad'],
|
|
17784
|
+
servers: ['windows', 'linux', 'databases', 'file_servers'],
|
|
17785
|
+
workstations: ['windows', 'macos', 'linux'],
|
|
17786
|
+
network_devices: ['routers', 'switches', 'firewalls', 'load_balancers'],
|
|
17787
|
+
ot_ics: targetData?.protocols || [],
|
|
17788
|
+
},
|
|
17789
|
+
data_targets: {
|
|
17790
|
+
pii: ['customer_data', 'employee_data'],
|
|
17791
|
+
financial: ['transactions', 'accounts', 'trading'],
|
|
17792
|
+
intellectual_property: ['source_code', 'designs', 'research'],
|
|
17793
|
+
operational: ['configs', 'credentials', 'keys'],
|
|
17794
|
+
},
|
|
17795
|
+
human_targets: {
|
|
17796
|
+
executives: ['ceo', 'cfo', 'ciso', 'board'],
|
|
17797
|
+
it_staff: ['admins', 'developers', 'security'],
|
|
17798
|
+
finance: ['controllers', 'treasury', 'ap_ar'],
|
|
17799
|
+
},
|
|
17800
|
+
},
|
|
17801
|
+
}, null, 2);
|
|
17802
|
+
}
|
|
17803
|
+
case 'map_dependencies': {
|
|
17804
|
+
return JSON.stringify({
|
|
17805
|
+
target: target || category,
|
|
17806
|
+
dependencies: {
|
|
17807
|
+
technology: {
|
|
17808
|
+
cloud_providers: ['aws', 'azure', 'gcp'],
|
|
17809
|
+
saas: ['o365', 'salesforce', 'workday', 'slack'],
|
|
17810
|
+
security: ['crowdstrike', 'okta', 'zscaler'],
|
|
17811
|
+
infrastructure: ['cisco', 'vmware', 'palo_alto'],
|
|
17812
|
+
},
|
|
17813
|
+
business: {
|
|
17814
|
+
suppliers: ['tier1_vendors', 'tier2_vendors'],
|
|
17815
|
+
customers: ['enterprise', 'government', 'consumer'],
|
|
17816
|
+
partners: ['integrators', 'resellers', 'alliances'],
|
|
17817
|
+
},
|
|
17818
|
+
operational: {
|
|
17819
|
+
utilities: ['power', 'water', 'internet', 'telecom'],
|
|
17820
|
+
logistics: ['shipping', 'transportation', 'warehousing'],
|
|
17821
|
+
financial: ['banks', 'payment_processors', 'insurance'],
|
|
17822
|
+
},
|
|
17823
|
+
},
|
|
17824
|
+
supply_chain_risk: {
|
|
17825
|
+
software: ['npm', 'pypi', 'maven', 'nuget', 'docker_hub'],
|
|
17826
|
+
hardware: ['chip_manufacturers', 'oems', 'distributors'],
|
|
17827
|
+
services: ['msp', 'mssp', 'consultants'],
|
|
17828
|
+
},
|
|
17829
|
+
}, null, 2);
|
|
17830
|
+
}
|
|
17831
|
+
case 'identify_weakpoints': {
|
|
17832
|
+
const targetData = getTargetData(category, subcategory);
|
|
17833
|
+
return JSON.stringify({
|
|
17834
|
+
category,
|
|
17835
|
+
common_weakpoints: {
|
|
17836
|
+
technical: [
|
|
17837
|
+
'Legacy systems with known vulnerabilities',
|
|
17838
|
+
'Misconfigured cloud resources',
|
|
17839
|
+
'Exposed APIs without proper authentication',
|
|
17840
|
+
'Unpatched VPN/remote access systems',
|
|
17841
|
+
'Default credentials on network devices',
|
|
17842
|
+
'Overprivileged service accounts',
|
|
17843
|
+
'Missing MFA on critical systems',
|
|
17844
|
+
],
|
|
17845
|
+
human: [
|
|
17846
|
+
'Executives with high access, low security awareness',
|
|
17847
|
+
'IT admins with excessive privileges',
|
|
17848
|
+
'Contractors with persistent access',
|
|
17849
|
+
'Help desk susceptible to social engineering',
|
|
17850
|
+
'Developers with production access',
|
|
17851
|
+
],
|
|
17852
|
+
process: [
|
|
17853
|
+
'Weak change management',
|
|
17854
|
+
'Inadequate logging/monitoring',
|
|
17855
|
+
'Slow patch management',
|
|
17856
|
+
'Poor network segmentation',
|
|
17857
|
+
'Insufficient backup/DR testing',
|
|
17858
|
+
],
|
|
17859
|
+
third_party: [
|
|
17860
|
+
'MSP/MSSP with admin access',
|
|
17861
|
+
'SaaS apps with excessive permissions',
|
|
17862
|
+
'Legacy vendor connections',
|
|
17863
|
+
'Acquired companies not fully integrated',
|
|
17864
|
+
],
|
|
17865
|
+
},
|
|
17866
|
+
category_specific: targetData?.attack_vectors || [],
|
|
17867
|
+
}, null, 2);
|
|
17868
|
+
}
|
|
17869
|
+
case 'generate_playbook': {
|
|
17870
|
+
return JSON.stringify({
|
|
17871
|
+
playbook: {
|
|
17872
|
+
name: `${category}_${subcategory || 'general'}_playbook`,
|
|
17873
|
+
target_profile: { category, subcategory, region },
|
|
17874
|
+
phases: {
|
|
17875
|
+
phase_1_recon: {
|
|
17876
|
+
duration: '1-2 weeks',
|
|
17877
|
+
objectives: ['Map external attack surface', 'Identify employees', 'Find exposed credentials'],
|
|
17878
|
+
techniques: ['OSINT', 'DNS enum', 'port scan', 'web fingerprinting', 'social engineering recon'],
|
|
17879
|
+
tools: ['Shodan', 'Censys', 'LinkedIn', 'Hunter.io', 'theHarvester'],
|
|
17880
|
+
},
|
|
17881
|
+
phase_2_initial_access: {
|
|
17882
|
+
duration: '1-2 weeks',
|
|
17883
|
+
primary_vectors: ['Spearphishing', 'Exposed services', 'Valid credentials'],
|
|
17884
|
+
backup_vectors: ['Supply chain', 'Physical access', 'Insider'],
|
|
17885
|
+
tools: ['Gophish', 'Metasploit', 'Cobalt Strike'],
|
|
17886
|
+
},
|
|
17887
|
+
phase_3_establish: {
|
|
17888
|
+
duration: '3-5 days',
|
|
17889
|
+
objectives: ['Deploy persistent implant', 'Establish C2', 'Create backup access'],
|
|
17890
|
+
techniques: ['Scheduled tasks', 'Services', 'Registry', 'WMI'],
|
|
17891
|
+
tools: ['Cobalt Strike', 'Covenant', 'Sliver'],
|
|
17892
|
+
},
|
|
17893
|
+
phase_4_escalate: {
|
|
17894
|
+
duration: '3-5 days',
|
|
17895
|
+
objectives: ['Get DA/EA', 'Access crown jewels'],
|
|
17896
|
+
techniques: ['Kerberoasting', 'DCSync', 'Token manipulation', 'Credential theft'],
|
|
17897
|
+
tools: ['Mimikatz', 'Rubeus', 'BloodHound'],
|
|
17898
|
+
},
|
|
17899
|
+
phase_5_lateral: {
|
|
17900
|
+
duration: '1-2 weeks',
|
|
17901
|
+
objectives: ['Map internal network', 'Access key systems', 'Find data'],
|
|
17902
|
+
techniques: ['PsExec', 'WMI', 'WinRM', 'RDP', 'SSH'],
|
|
17903
|
+
tools: ['CrackMapExec', 'Evil-WinRM', 'Impacket'],
|
|
17904
|
+
},
|
|
17905
|
+
phase_6_objective: {
|
|
17906
|
+
duration: 'Varies',
|
|
17907
|
+
objectives: objectives.length > 0 ? objectives : ['Data exfiltration', 'Access maintenance'],
|
|
17908
|
+
techniques: ['Data collection', 'Staging', 'Compression', 'Encryption'],
|
|
17909
|
+
},
|
|
17910
|
+
phase_7_exfil: {
|
|
17911
|
+
duration: '3-7 days',
|
|
17912
|
+
channels: ['HTTPS', 'DNS', 'Cloud storage', 'Email'],
|
|
17913
|
+
considerations: ['Rate limiting', 'DLP bypass', 'Timing'],
|
|
17914
|
+
},
|
|
17915
|
+
},
|
|
17916
|
+
opsec_considerations: {
|
|
17917
|
+
stealth_level: stealth,
|
|
17918
|
+
c2_infrastructure: stealth === 'ghost' ? 'domain_fronting' : 'https_redirectors',
|
|
17919
|
+
timing: stealth === 'ghost' ? 'business_hours_only' : 'continuous',
|
|
17920
|
+
cleanup: 'Remove all artifacts after operation',
|
|
17921
|
+
},
|
|
17922
|
+
},
|
|
17923
|
+
}, null, 2);
|
|
17924
|
+
}
|
|
17925
|
+
case 'cross_reference': {
|
|
17926
|
+
return JSON.stringify({
|
|
17927
|
+
cross_reference: {
|
|
17928
|
+
category,
|
|
17929
|
+
related_targets: {
|
|
17930
|
+
suppliers: ['upstream_vendors', 'software_providers', 'service_providers'],
|
|
17931
|
+
customers: ['downstream_consumers', 'enterprise_clients'],
|
|
17932
|
+
partners: ['joint_ventures', 'alliances', 'integrations'],
|
|
17933
|
+
competitors: ['industry_peers', 'market_rivals'],
|
|
17934
|
+
},
|
|
17935
|
+
shared_infrastructure: {
|
|
17936
|
+
cloud: ['shared_tenancy_risks', 'common_saas_apps'],
|
|
17937
|
+
network: ['shared_bgp_peers', 'common_dns_providers'],
|
|
17938
|
+
physical: ['shared_data_centers', 'common_isps'],
|
|
17939
|
+
},
|
|
17940
|
+
pivot_opportunities: [
|
|
17941
|
+
'Compromise supplier to reach target',
|
|
17942
|
+
'Compromise customer to pivot back',
|
|
17943
|
+
'Leverage shared infrastructure',
|
|
17944
|
+
'Island hop through trusted connections',
|
|
17945
|
+
],
|
|
17946
|
+
},
|
|
17947
|
+
}, null, 2);
|
|
17948
|
+
}
|
|
17949
|
+
case 'supply_chain_analysis': {
|
|
17950
|
+
return JSON.stringify({
|
|
17951
|
+
supply_chain_analysis: {
|
|
17952
|
+
target: target || category,
|
|
17953
|
+
software_supply_chain: {
|
|
17954
|
+
package_managers: ['npm', 'pypi', 'maven', 'nuget', 'rubygems'],
|
|
17955
|
+
container_registries: ['docker_hub', 'gcr', 'ecr', 'acr'],
|
|
17956
|
+
ci_cd: ['github_actions', 'jenkins', 'gitlab_ci', 'azure_devops'],
|
|
17957
|
+
attack_vectors: ['dependency_confusion', 'typosquatting', 'compromised_maintainer', 'build_injection'],
|
|
17958
|
+
},
|
|
17959
|
+
hardware_supply_chain: {
|
|
17960
|
+
components: ['chips', 'motherboards', 'network_cards', 'storage'],
|
|
17961
|
+
manufacturers: ['taiwan_fabs', 'china_assembly', 'us_design'],
|
|
17962
|
+
attack_vectors: ['hardware_implant', 'firmware_backdoor', 'counterfeit_parts'],
|
|
17963
|
+
},
|
|
17964
|
+
service_supply_chain: {
|
|
17965
|
+
providers: ['msp', 'mssp', 'consultants', 'contractors'],
|
|
17966
|
+
access_types: ['vpn', 'admin_portals', 'api_access', 'physical_access'],
|
|
17967
|
+
attack_vectors: ['credential_theft', 'session_hijack', 'insider_threat'],
|
|
17968
|
+
},
|
|
17969
|
+
notable_incidents: [
|
|
17970
|
+
{ name: 'SolarWinds', type: 'software', impact: '18000+ orgs' },
|
|
17971
|
+
{ name: 'Kaseya', type: 'msp', impact: '1500+ orgs' },
|
|
17972
|
+
{ name: 'Log4Shell', type: 'library', impact: 'millions' },
|
|
17973
|
+
{ name: 'Codecov', type: 'ci_cd', impact: '29000+ orgs' },
|
|
17974
|
+
],
|
|
17975
|
+
},
|
|
17976
|
+
}, null, 2);
|
|
17977
|
+
}
|
|
17978
|
+
case 'insider_threat_vectors': {
|
|
17979
|
+
return JSON.stringify({
|
|
17980
|
+
insider_threat_analysis: {
|
|
17981
|
+
target: target || category,
|
|
17982
|
+
high_risk_roles: [
|
|
17983
|
+
{ role: 'System Administrators', access: 'Full infrastructure', risk: 'critical' },
|
|
17984
|
+
{ role: 'Database Administrators', access: 'All data', risk: 'critical' },
|
|
17985
|
+
{ role: 'Security Team', access: 'Security controls', risk: 'high' },
|
|
17986
|
+
{ role: 'Executives', access: 'Strategic data', risk: 'high' },
|
|
17987
|
+
{ role: 'Finance', access: 'Financial systems', risk: 'high' },
|
|
17988
|
+
{ role: 'Developers', access: 'Source code, prod', risk: 'medium-high' },
|
|
17989
|
+
{ role: 'Help Desk', access: 'Password resets', risk: 'medium' },
|
|
17990
|
+
{ role: 'Contractors', access: 'Varies', risk: 'medium-high' },
|
|
17991
|
+
],
|
|
17992
|
+
recruitment_vectors: [
|
|
17993
|
+
'Financial pressure (debt, gambling)',
|
|
17994
|
+
'Ideological motivation',
|
|
17995
|
+
'Coercion/blackmail',
|
|
17996
|
+
'Ego/recognition',
|
|
17997
|
+
'Disgruntlement',
|
|
17998
|
+
],
|
|
17999
|
+
insider_techniques: [
|
|
18000
|
+
'Data exfiltration via personal email',
|
|
18001
|
+
'USB/removable media',
|
|
18002
|
+
'Cloud storage sync',
|
|
18003
|
+
'Screenshots/photos',
|
|
18004
|
+
'Credential sharing',
|
|
18005
|
+
'Backdoor account creation',
|
|
18006
|
+
'Audit log manipulation',
|
|
18007
|
+
],
|
|
18008
|
+
detection_gaps: [
|
|
18009
|
+
'Legitimate access makes detection hard',
|
|
18010
|
+
'Encrypted exfil channels',
|
|
18011
|
+
'Physical data theft',
|
|
18012
|
+
'Slow/patient exfiltration',
|
|
18013
|
+
'Trusted role exploitation',
|
|
18014
|
+
],
|
|
18015
|
+
},
|
|
18016
|
+
}, null, 2);
|
|
18017
|
+
}
|
|
18018
|
+
case 'full_spectrum': {
|
|
18019
|
+
// Comprehensive full-spectrum operation plan
|
|
18020
|
+
return JSON.stringify({
|
|
18021
|
+
full_spectrum_operation: {
|
|
18022
|
+
target: target || category,
|
|
18023
|
+
region,
|
|
18024
|
+
classification: 'OPERATIONAL PLAN',
|
|
18025
|
+
timestamp: new Date().toISOString(),
|
|
18026
|
+
intelligence_preparation: {
|
|
18027
|
+
osint: ['Corporate filings', 'Social media', 'Job postings', 'Patents', 'News'],
|
|
18028
|
+
technical: ['DNS', 'BGP', 'SSL certs', 'Shodan', 'Code repos'],
|
|
18029
|
+
human: ['LinkedIn', 'Conferences', 'Publications', 'Former employees'],
|
|
18030
|
+
physical: ['Locations', 'Data centers', 'Travel patterns'],
|
|
18031
|
+
},
|
|
18032
|
+
attack_vectors: {
|
|
18033
|
+
cyber: {
|
|
18034
|
+
external: ['Web apps', 'Email', 'VPN', 'Cloud misconfig'],
|
|
18035
|
+
supply_chain: ['Software deps', 'MSP', 'Hardware'],
|
|
18036
|
+
internal: ['AD compromise', 'Lateral movement', 'Data access'],
|
|
18037
|
+
},
|
|
18038
|
+
physical: {
|
|
18039
|
+
access: ['Social engineering', 'Tailgating', 'Fake credentials'],
|
|
18040
|
+
devices: ['USB drops', 'Rogue devices', 'Hardware implants'],
|
|
18041
|
+
},
|
|
18042
|
+
human: {
|
|
18043
|
+
social_engineering: ['Phishing', 'Vishing', 'Pretexting'],
|
|
18044
|
+
recruitment: ['Insider development', 'Contractor placement'],
|
|
18045
|
+
},
|
|
18046
|
+
},
|
|
18047
|
+
kill_chain_mapping: {
|
|
18048
|
+
reconnaissance: { duration: '2-4 weeks', resources: 'OSINT team' },
|
|
18049
|
+
weaponization: { duration: '1-2 weeks', resources: 'Exploit dev' },
|
|
18050
|
+
delivery: { duration: '1 week', resources: 'Red team' },
|
|
18051
|
+
exploitation: { duration: '1-2 days', resources: 'Red team' },
|
|
18052
|
+
installation: { duration: '1-2 days', resources: 'Red team' },
|
|
18053
|
+
command_control: { duration: 'Continuous', resources: 'Infrastructure' },
|
|
18054
|
+
actions_on_objectives: { duration: 'Varies', resources: 'Full team' },
|
|
18055
|
+
},
|
|
18056
|
+
infrastructure_requirements: {
|
|
18057
|
+
c2: ['Primary domain', 'Redirectors', 'Fallback channels'],
|
|
18058
|
+
staging: ['VPS servers', 'Cloud accounts', 'Bulletproof hosting'],
|
|
18059
|
+
exfil: ['DNS tunneling', 'HTTPS', 'Cloud storage', 'Steganography'],
|
|
18060
|
+
opsec: ['VPNs', 'Tor', 'Burner accounts', 'Attribution prevention'],
|
|
18061
|
+
},
|
|
18062
|
+
success_criteria: objectives.length > 0 ? objectives : [
|
|
18063
|
+
'Achieve persistent access to target network',
|
|
18064
|
+
'Obtain domain admin or equivalent',
|
|
18065
|
+
'Access and exfiltrate priority data',
|
|
18066
|
+
'Maintain access for specified duration',
|
|
18067
|
+
'Avoid detection and attribution',
|
|
18068
|
+
],
|
|
18069
|
+
risk_matrix: {
|
|
18070
|
+
detection: stealth === 'ghost' ? 'LOW' : stealth === 'quiet' ? 'MEDIUM-LOW' : 'MEDIUM',
|
|
18071
|
+
attribution: stealth === 'ghost' ? 'LOW' : 'MEDIUM',
|
|
18072
|
+
legal: 'ENSURE PROPER AUTHORIZATION',
|
|
18073
|
+
operational: 'Standard red team risks',
|
|
18074
|
+
},
|
|
18075
|
+
execution_notes: [
|
|
18076
|
+
'Coordinate with UnifiedAttackChain tool for phase execution',
|
|
18077
|
+
'Use appropriate stealth profile throughout',
|
|
18078
|
+
'Document all access for cleanup phase',
|
|
18079
|
+
'Maintain operational security at all times',
|
|
18080
|
+
'Report findings through proper channels',
|
|
18081
|
+
],
|
|
18082
|
+
next_steps: {
|
|
18083
|
+
tool: 'UnifiedAttackChain',
|
|
18084
|
+
operation: 'execute_full_chain',
|
|
18085
|
+
recommended_params: {
|
|
18086
|
+
targets: [target || category],
|
|
18087
|
+
depth,
|
|
18088
|
+
stealth_level: stealth,
|
|
18089
|
+
objectives,
|
|
18090
|
+
},
|
|
18091
|
+
},
|
|
18092
|
+
},
|
|
18093
|
+
}, null, 2);
|
|
18094
|
+
}
|
|
18095
|
+
default:
|
|
18096
|
+
return JSON.stringify({
|
|
18097
|
+
error: 'Unknown operation',
|
|
18098
|
+
available_operations: [
|
|
18099
|
+
'list_targets', 'get_target_profile', 'plan_operation', 'execute_operation',
|
|
18100
|
+
'get_attack_surface', 'map_dependencies', 'identify_weakpoints',
|
|
18101
|
+
'generate_playbook', 'cross_reference', 'supply_chain_analysis',
|
|
18102
|
+
'insider_threat_vectors', 'full_spectrum',
|
|
18103
|
+
],
|
|
18104
|
+
categories: Object.keys(targetDatabase),
|
|
18105
|
+
});
|
|
18106
|
+
}
|
|
18107
|
+
},
|
|
18108
|
+
},
|
|
17254
18109
|
],
|
|
17255
18110
|
};
|
|
17256
18111
|
}
|