erosolar-cli 2.1.249 → 2.1.253

package/dist/core/defensiveSecurityToolkit.js

@@ -0,0 +1,1304 @@
+/**
+ * Defensive Security Toolkit
+ *
+ * Legitimate security capabilities for:
+ * - Threat intelligence gathering (OSINT)
+ * - Evidence documentation with chain of custody
+ * - Transparency reporting and public disclosure
+ * - Authorized penetration testing support
+ * - Incident response and forensics
+ *
+ * All capabilities designed for DEFENSIVE use:
+ * - Understanding attack surfaces to defend them
+ * - Documenting threats for legal/regulatory action
+ * - Transparency to deter bad actors through exposure
+ * - Authorized security assessments
+ */
+import { execSync } from 'child_process';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+/**
+ * Open Source Intelligence gathering
+ * Uses only publicly available information
+ */
+export class OSINTGatherer {
+    cache = new Map();
+    /**
+     * Gather intelligence on a domain
+     */
+    async investigateDomain(domain) {
+        const findings = [];
+        const indicators = [];
+        const timestamp = new Date().toISOString();
+        // DNS records (public information)
+        try {
+            const dnsInfo = await this.queryDNS(domain);
+            findings.push({
+                source: 'DNS',
+                category: 'infrastructure',
+                data: dnsInfo,
+                reliability: 'confirmed',
+                timestamp,
+            });
+            // Extract IPs as indicators
+            if (dnsInfo['a']) {
+                for (const ip of dnsInfo['a']) {
+                    indicators.push({
+                        type: 'ip',
+                        value: ip,
+                        confidence: 1.0,
+                        source: 'DNS A record',
+                        timestamp,
+                    });
+                }
+            }
+        }
+        catch (e) {
+            // DNS query failed
+        }
+        // WHOIS (public registration data)
+        try {
+            const whoisInfo = await this.queryWHOIS(domain);
+            findings.push({
+                source: 'WHOIS',
+                category: 'registration',
+                data: whoisInfo,
+                reliability: 'confirmed',
+                timestamp,
+            });
+        }
+        catch (e) {
+            // WHOIS query failed
+        }
+        // SSL Certificate transparency logs (public)
+        try {
+            const certInfo = await this.queryCertificateTransparency(domain);
+            findings.push({
+                source: 'Certificate Transparency',
+                category: 'certificates',
+                data: certInfo,
+                reliability: 'confirmed',
+                timestamp,
+            });
+        }
+        catch (e) {
+            // CT query failed
+        }
+        // Check public threat intelligence feeds
+        const threatFeeds = await this.checkThreatFeeds(domain, 'domain');
+        findings.push(...threatFeeds);
+        return {
+            query: domain,
+            queryType: 'domain',
+            timestamp,
+            sources: ['DNS', 'WHOIS', 'Certificate Transparency', 'Public Threat Feeds'],
+            findings,
+            relatedIndicators: indicators,
+            riskAssessment: this.assessRisk(findings, indicators),
+        };
+    }
+    /**
+     * Gather intelligence on an IP address
+     */
+    async investigateIP(ip) {
+        const findings = [];
+        const indicators = [];
+        const timestamp = new Date().toISOString();
+        // Reverse DNS
+        try {
+            const reverseDNS = await this.queryReverseDNS(ip);
+            findings.push({
+                source: 'Reverse DNS',
+                category: 'infrastructure',
+                data: { hostnames: reverseDNS },
+                reliability: 'confirmed',
+                timestamp,
+            });
+            for (const hostname of reverseDNS) {
+                indicators.push({
+                    type: 'domain',
+                    value: hostname,
+                    confidence: 1.0,
+                    source: 'Reverse DNS',
+                    timestamp,
+                });
+            }
+        }
+        catch (e) {
+            // Reverse DNS failed
+        }
+        // IP geolocation (public databases)
+        try {
+            const geoInfo = await this.queryGeoIP(ip);
+            findings.push({
+                source: 'GeoIP',
+                category: 'location',
+                data: geoInfo,
+                reliability: 'likely',
+                timestamp,
+            });
+        }
+        catch (e) {
+            // GeoIP query failed
+        }
+        // ASN information (public)
+        try {
+            const asnInfo = await this.queryASN(ip);
+            findings.push({
+                source: 'ASN Registry',
+                category: 'network',
+                data: asnInfo,
+                reliability: 'confirmed',
+                timestamp,
+            });
+        }
+        catch (e) {
+            // ASN query failed
+        }
+        // Check public threat intelligence feeds
+        const threatFeeds = await this.checkThreatFeeds(ip, 'ip');
+        findings.push(...threatFeeds);
+        return {
+            query: ip,
+            queryType: 'ip',
+            timestamp,
+            sources: ['Reverse DNS', 'GeoIP', 'ASN Registry', 'Public Threat Feeds'],
+            findings,
+            relatedIndicators: indicators,
+            riskAssessment: this.assessRisk(findings, indicators),
+        };
+    }
+    /**
+     * Investigate email address using public sources
+     */
+    async investigateEmail(email) {
+        const findings = [];
+        const indicators = [];
+        const timestamp = new Date().toISOString();
+        const [, domain] = email.split('@');
+        if (domain) {
+            // Check if domain exists
+            const domainInfo = await this.investigateDomain(domain);
+            findings.push({
+                source: 'Domain Investigation',
+                category: 'email_domain',
+                data: { domainRisk: domainInfo.riskAssessment },
+                reliability: 'confirmed',
+                timestamp,
+            });
+            indicators.push({
+                type: 'domain',
+                value: domain,
+                confidence: 1.0,
+                source: 'Email domain',
+                timestamp,
+            });
+        }
+        // Check public breach databases (haveibeenpwned style - metadata only)
+        try {
+            const breachInfo = await this.checkBreachDatabases(email);
+            if (breachInfo.breached) {
+                findings.push({
+                    source: 'Public Breach Database',
+                    category: 'security',
+                    data: breachInfo,
+                    reliability: 'confirmed',
+                    timestamp,
+                });
+            }
+        }
+        catch (e) {
+            // Breach check failed
+        }
+        return {
+            query: email,
+            queryType: 'email',
+            timestamp,
+            sources: ['Domain Analysis', 'Public Breach Databases'],
+            findings,
+            relatedIndicators: indicators,
+            riskAssessment: this.assessRisk(findings, indicators),
+        };
+    }
+    /**
+     * Search for organization information using public sources
+     */
+    async investigateOrganization(name) {
+        const findings = [];
+        const indicators = [];
+        const timestamp = new Date().toISOString();
+        // Corporate registries (public records)
+        try {
+            const corpInfo = await this.searchCorporateRegistries(name);
+            findings.push({
+                source: 'Corporate Registry',
+                category: 'registration',
+                data: corpInfo,
+                reliability: 'confirmed',
+                timestamp,
+            });
+        }
+        catch (e) {
+            // Corporate registry search failed
+        }
+        // SEC filings (for US companies - public)
+        try {
+            const secInfo = await this.searchSECFilings(name);
+            if (secInfo.found) {
+                findings.push({
+                    source: 'SEC EDGAR',
+                    category: 'regulatory',
+                    data: secInfo,
+                    reliability: 'confirmed',
+                    timestamp,
+                });
+            }
+        }
+        catch (e) {
+            // SEC search failed
+        }
+        // Court records (public)
+        try {
+            const courtInfo = await this.searchCourtRecords(name);
+            if (courtInfo.cases.length > 0) {
+                findings.push({
+                    source: 'Court Records',
+                    category: 'legal',
+                    data: courtInfo,
+                    reliability: 'confirmed',
+                    timestamp,
+                });
+            }
+        }
+        catch (e) {
+            // Court search failed
+        }
+        return {
+            query: name,
+            queryType: 'organization',
+            timestamp,
+            sources: ['Corporate Registry', 'SEC EDGAR', 'Court Records'],
+            findings,
+            relatedIndicators: indicators,
+            riskAssessment: this.assessRisk(findings, indicators),
+        };
+    }
+    // DNS query helper
+    async queryDNS(domain) {
+        const result = {};
+        try {
+            const output = execSync(`dig +short ${domain} A`, { encoding: 'utf-8', timeout: 10000 });
+            result['a'] = output.trim().split('\n').filter(Boolean);
+        }
+        catch (e) { /* ignore */ }
+        try {
+            const output = execSync(`dig +short ${domain} MX`, { encoding: 'utf-8', timeout: 10000 });
+            result['mx'] = output.trim().split('\n').filter(Boolean);
+        }
+        catch (e) { /* ignore */ }
+        try {
+            const output = execSync(`dig +short ${domain} NS`, { encoding: 'utf-8', timeout: 10000 });
+            result['ns'] = output.trim().split('\n').filter(Boolean);
+        }
+        catch (e) { /* ignore */ }
+        try {
+            const output = execSync(`dig +short ${domain} TXT`, { encoding: 'utf-8', timeout: 10000 });
+            result['txt'] = output.trim().split('\n').filter(Boolean);
+        }
+        catch (e) { /* ignore */ }
+        return result;
+    }
+    // WHOIS query helper
+    async queryWHOIS(domain) {
+        try {
+            const output = execSync(`whois ${domain}`, { encoding: 'utf-8', timeout: 30000 });
+            return this.parseWHOIS(output);
+        }
+        catch (e) {
+            return {};
+        }
+    }
+    parseWHOIS(raw) {
+        const result = {};
+        const lines = raw.split('\n');
+        for (const line of lines) {
+            const match = line.match(/^([^:]+):\s*(.+)$/);
+            if (match) {
+                const key = match[1].trim().toLowerCase().replace(/\s+/g, '_');
+                result[key] = match[2].trim();
+            }
+        }
+        return result;
+    }
+    // Reverse DNS helper
+    async queryReverseDNS(ip) {
+        try {
+            const output = execSync(`dig +short -x ${ip}`, { encoding: 'utf-8', timeout: 10000 });
+            return output.trim().split('\n').filter(Boolean);
+        }
+        catch (e) {
+            return [];
+        }
+    }
+    // Certificate Transparency helper (using crt.sh)
+    async queryCertificateTransparency(domain) {
+        // Would query crt.sh or similar CT log aggregator
+        return { note: 'CT log query would be performed here' };
+    }
+    // GeoIP helper
+    async queryGeoIP(ip) {
+        // Would use a public GeoIP database
+        return { note: 'GeoIP lookup would be performed here' };
+    }
+    // ASN helper
+    async queryASN(ip) {
+        try {
+            const output = execSync(`whois -h whois.radb.net ${ip}`, { encoding: 'utf-8', timeout: 10000 });
+            return { raw: output.slice(0, 1000) };
+        }
+        catch (e) {
+            return {};
+        }
+    }
+    // Public threat feeds
+    async checkThreatFeeds(indicator, type) {
+        const findings = [];
+        const timestamp = new Date().toISOString();
+        // Would check various public threat intelligence feeds:
+        // - AbuseIPDB (public API)
+        // - VirusTotal (public API with rate limits)
+        // - URLhaus
+        // - PhishTank
+        // - Spamhaus (DNS-based)
+        return findings;
+    }
+    // Breach database check
+    async checkBreachDatabases(email) {
+        // Would check haveibeenpwned or similar (respecting API terms)
+        return { breached: false };
+    }
+    // Corporate registry search
+    async searchCorporateRegistries(name) {
+        // Would search OpenCorporates or state registries
+        return { note: 'Corporate registry search would be performed here' };
+    }
+    // SEC filings search
+    async searchSECFilings(name) {
+        // Would search SEC EDGAR
+        return { found: false };
+    }
+    // Court records search
+    async searchCourtRecords(name) {
+        // Would search PACER or state court systems
+        return { cases: [] };
+    }
+    // Risk assessment
+    assessRisk(findings, indicators) {
+        const factors = [];
+        let totalScore = 0;
+        let totalWeight = 0;
+        // Check for threat feed hits
+        const threatHits = findings.filter(f => f.source.includes('Threat'));
+        if (threatHits.length > 0) {
+            factors.push({
+                name: 'Threat Intelligence Hits',
+                score: 80,
+                weight: 3,
+                description: `Found in ${threatHits.length} threat intelligence source(s)`,
+            });
+            totalScore += 80 * 3;
+            totalWeight += 3;
+        }
+        // Check for breach exposure
+        const breachHits = findings.filter(f => f.category === 'security');
+        if (breachHits.length > 0) {
+            factors.push({
+                name: 'Breach Exposure',
+                score: 60,
+                weight: 2,
+                description: 'Found in public breach databases',
+            });
+            totalScore += 60 * 2;
+            totalWeight += 2;
+        }
+        // Default baseline
+        if (factors.length === 0) {
+            factors.push({
+                name: 'Baseline',
+                score: 20,
+                weight: 1,
+                description: 'No significant risk indicators found',
+            });
+            totalScore += 20;
+            totalWeight += 1;
+        }
+        const overallScore = totalWeight > 0 ? Math.round(totalScore / totalWeight) : 0;
+        let recommendation = 'No immediate action required';
+        if (overallScore >= 70) {
+            recommendation = 'High risk - immediate investigation recommended';
+        }
+        else if (overallScore >= 50) {
+            recommendation = 'Moderate risk - monitor and investigate further';
+        }
+        else if (overallScore >= 30) {
+            recommendation = 'Low risk - standard monitoring recommended';
+        }
+        return { overallScore, factors, recommendation };
+    }
+}
+/**
+ * Evidence collection and chain of custody management
+ * Maintains forensic integrity for legal proceedings
+ */
+export class EvidenceManager {
+    evidenceDir;
+    casesDir;
+    constructor(baseDir = '.erosolar-evidence') {
+        this.evidenceDir = path.join(baseDir, 'evidence');
+        this.casesDir = path.join(baseDir, 'cases');
+        this.ensureDirectories();
+    }
+    ensureDirectories() {
+        fs.mkdirSync(this.evidenceDir, { recursive: true });
+        fs.mkdirSync(this.casesDir, { recursive: true });
+    }
+    /**
+     * Collect evidence from a file with full chain of custody
+     */
+    async collectFileEvidence(filePath, description, collectedBy, caseId, tags = []) {
+        const id = this.generateEvidenceId();
+        const timestamp = new Date().toISOString();
+        // Read and hash the file
+        const content = fs.readFileSync(filePath);
+        const hashes = this.computeHashes(content);
+        const stat = fs.statSync(filePath);
+        // Store evidence copy
+        const storedPath = path.join(this.evidenceDir, id, path.basename(filePath));
+        fs.mkdirSync(path.dirname(storedPath), { recursive: true });
+        fs.writeFileSync(storedPath, content);
+        const evidence = {
+            id,
+            type: 'file',
+            description,
+            collectedAt: timestamp,
+            collectedBy,
+            source: filePath,
+            hash: hashes,
+            size: stat.size,
+            originalPath: filePath,
+            storedPath,
+            metadata: {
+                mtime: stat.mtime.toISOString(),
+                ctime: stat.ctime.toISOString(),
+                mode: stat.mode,
+            },
+            chainOfCustody: [{
+                    timestamp,
+                    action: 'collected',
+                    actor: collectedBy,
+                    description: `Evidence collected from ${filePath}`,
+                    newHash: hashes.sha256,
+                }],
+            tags,
+            caseId,
+        };
+        // Save evidence metadata
+        this.saveEvidenceMetadata(evidence);
+        // Add to case if specified
+        if (caseId) {
+            await this.addEvidenceToCase(caseId, id);
+        }
+        return evidence;
+    }
+    /**
+     * Collect screenshot evidence
+     */
+    async collectScreenshotEvidence(screenshotPath, description, collectedBy, caseId, tags = []) {
+        const evidence = await this.collectFileEvidence(screenshotPath, description, collectedBy, caseId, tags);
+        evidence.type = 'screenshot';
+        this.saveEvidenceMetadata(evidence);
+        return evidence;
+    }
+    /**
+     * Collect log evidence (preserves line-by-line integrity)
+     */
+    async collectLogEvidence(logContent, source, description, collectedBy, caseId, tags = []) {
+        const id = this.generateEvidenceId();
+        const timestamp = new Date().toISOString();
+        const content = Buffer.from(logContent, 'utf-8');
+        const hashes = this.computeHashes(content);
+        const storedPath = path.join(this.evidenceDir, id, 'log.txt');
+        fs.mkdirSync(path.dirname(storedPath), { recursive: true });
+        fs.writeFileSync(storedPath, content);
+        // Also compute per-line hashes for integrity verification
+        const lines = logContent.split('\n');
+        const lineHashes = lines.map((line, i) => ({
+            line: i + 1,
+            hash: crypto.createHash('sha256').update(line).digest('hex'),
+        }));
+        const evidence = {
+            id,
+            type: 'log',
+            description,
+            collectedAt: timestamp,
+            collectedBy,
+            source,
+            hash: hashes,
+            size: content.length,
+            storedPath,
+            metadata: {
+                lineCount: lines.length,
+                lineHashes,
+            },
+            chainOfCustody: [{
+                    timestamp,
+                    action: 'collected',
+                    actor: collectedBy,
+                    description: `Log evidence collected from ${source}`,
+                    newHash: hashes.sha256,
+                }],
+            tags,
+            caseId,
+        };
+        this.saveEvidenceMetadata(evidence);
+        if (caseId) {
+            await this.addEvidenceToCase(caseId, id);
+        }
+        return evidence;
+    }
+    /**
+     * Verify evidence integrity
+     */
+    verifyEvidence(evidenceId) {
+        const metadata = this.loadEvidenceMetadata(evidenceId);
+        if (!metadata) {
+            return { valid: false, details: 'Evidence not found' };
+        }
+        if (!fs.existsSync(metadata.storedPath)) {
+            return { valid: false, details: 'Evidence file missing' };
+        }
+        const content = fs.readFileSync(metadata.storedPath);
+        const currentHashes = this.computeHashes(content);
+        if (currentHashes.sha256 !== metadata.hash.sha256) {
+            return {
+                valid: false,
+                details: `Hash mismatch: expected ${metadata.hash.sha256}, got ${currentHashes.sha256}`,
+            };
+        }
+        return { valid: true, details: 'Evidence integrity verified' };
+    }
+    /**
+     * Add custody event to evidence
+     */
+    addCustodyEvent(evidenceId, action, actor, description) {
+        const metadata = this.loadEvidenceMetadata(evidenceId);
+        if (!metadata) {
+            throw new Error(`Evidence ${evidenceId} not found`);
+        }
+        const content = fs.readFileSync(metadata.storedPath);
+        const currentHash = crypto.createHash('sha256').update(content).digest('hex');
+        const event = {
+            timestamp: new Date().toISOString(),
+            action,
+            actor,
+            description,
+            previousHash: metadata.hash.sha256,
+            newHash: currentHash,
+        };
+        metadata.chainOfCustody.push(event);
+        this.saveEvidenceMetadata(metadata);
+    }
+    /**
+     * Create a new case
+     */
+    createCase(name, description, priority = 'medium', assignee, tags = []) {
+        const id = this.generateCaseId();
+        const timestamp = new Date().toISOString();
+        const caseData = {
+            id,
+            name,
+            description,
+            createdAt: timestamp,
+            updatedAt: timestamp,
+            status: 'open',
+            priority,
+            assignee,
+            evidenceIds: [],
+            timeline: [{
+                    timestamp,
+                    eventType: 'case_created',
+                    description: `Case "${name}" created`,
+                    evidenceIds: [],
+                    actors: assignee ? [assignee] : [],
+                    source: 'system',
+                }],
+            notes: [],
+            tags,
+        };
+        this.saveCaseData(caseData);
+        return caseData;
+    }
+    /**
+     * Add evidence to case
+     */
+    async addEvidenceToCase(caseId, evidenceId) {
+        const caseData = this.loadCaseData(caseId);
+        if (!caseData) {
+            throw new Error(`Case ${caseId} not found`);
+        }
+        if (!caseData.evidenceIds.includes(evidenceId)) {
+            caseData.evidenceIds.push(evidenceId);
+            caseData.updatedAt = new Date().toISOString();
+            caseData.timeline.push({
+                timestamp: new Date().toISOString(),
+                eventType: 'evidence_added',
+                description: `Evidence ${evidenceId} added to case`,
+                evidenceIds: [evidenceId],
+                actors: [],
+                source: 'system',
+            });
+            this.saveCaseData(caseData);
+        }
+    }
+    /**
+     * Add timeline event to case
+     */
+    addTimelineEvent(caseId, eventType, description, evidenceIds = [], actors = [], eventTimestamp) {
+        const caseData = this.loadCaseData(caseId);
+        if (!caseData) {
+            throw new Error(`Case ${caseId} not found`);
+        }
+        caseData.timeline.push({
+            timestamp: eventTimestamp || new Date().toISOString(),
+            eventType,
+            description,
+            evidenceIds,
+            actors,
+            source: 'manual',
+        });
+        caseData.updatedAt = new Date().toISOString();
+        this.saveCaseData(caseData);
+    }
+    /**
+     * Export case for legal proceedings
+     */
+    exportCase(caseId, outputDir) {
+        const caseData = this.loadCaseData(caseId);
+        if (!caseData) {
+            throw new Error(`Case ${caseId} not found`);
+        }
+        const exportDir = path.join(outputDir, `case_${caseId}_export`);
+        fs.mkdirSync(exportDir, { recursive: true });
+        // Export case metadata
+        fs.writeFileSync(path.join(exportDir, 'case_metadata.json'), JSON.stringify(caseData, null, 2));
+        // Export timeline
+        fs.writeFileSync(path.join(exportDir, 'timeline.json'), JSON.stringify(caseData.timeline, null, 2));
+        // Export evidence
+        const evidenceDir = path.join(exportDir, 'evidence');
+        fs.mkdirSync(evidenceDir, { recursive: true });
+        for (const evidenceId of caseData.evidenceIds) {
+            const evidence = this.loadEvidenceMetadata(evidenceId);
+            if (evidence && fs.existsSync(evidence.storedPath)) {
+                const destDir = path.join(evidenceDir, evidenceId);
+                fs.mkdirSync(destDir, { recursive: true });
+                // Copy evidence file
+                fs.copyFileSync(evidence.storedPath, path.join(destDir, path.basename(evidence.storedPath)));
+                // Write evidence metadata
+                fs.writeFileSync(path.join(destDir, 'metadata.json'), JSON.stringify(evidence, null, 2));
+                // Write chain of custody
+                fs.writeFileSync(path.join(destDir, 'chain_of_custody.json'), JSON.stringify(evidence.chainOfCustody, null, 2));
+            }
+        }
+        // Generate integrity manifest
+        const manifest = this.generateExportManifest(exportDir);
+        fs.writeFileSync(path.join(exportDir, 'integrity_manifest.json'), JSON.stringify(manifest, null, 2));
+        return exportDir;
+    }
+    computeHashes(content) {
+        return {
+            sha256: crypto.createHash('sha256').update(content).digest('hex'),
+            sha1: crypto.createHash('sha1').update(content).digest('hex'),
+            md5: crypto.createHash('md5').update(content).digest('hex'),
+        };
+    }
+    generateEvidenceId() {
+        return `EVD-${Date.now()}-${crypto.randomBytes(4).toString('hex').toUpperCase()}`;
+    }
+    generateCaseId() {
+        return `CASE-${Date.now()}-${crypto.randomBytes(4).toString('hex').toUpperCase()}`;
+    }
+    saveEvidenceMetadata(evidence) {
+        const metaPath = path.join(this.evidenceDir, evidence.id, 'metadata.json');
+        fs.mkdirSync(path.dirname(metaPath), { recursive: true });
+        fs.writeFileSync(metaPath, JSON.stringify(evidence, null, 2));
+    }
+    loadEvidenceMetadata(evidenceId) {
+        const metaPath = path.join(this.evidenceDir, evidenceId, 'metadata.json');
+        if (!fs.existsSync(metaPath)) {
+            return null;
+        }
+        return JSON.parse(fs.readFileSync(metaPath, 'utf-8'));
+    }
+    saveCaseData(caseData) {
+        const casePath = path.join(this.casesDir, `${caseData.id}.json`);
+        fs.writeFileSync(casePath, JSON.stringify(caseData, null, 2));
+    }
+    loadCaseData(caseId) {
+        const casePath = path.join(this.casesDir, `${caseId}.json`);
+        if (!fs.existsSync(casePath)) {
+            return null;
+        }
+        return JSON.parse(fs.readFileSync(casePath, 'utf-8'));
+    }
+    generateExportManifest(exportDir) {
+        const files = [];
+        const walkDir = (dir) => {
+            const entries = fs.readdirSync(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                const fullPath = path.join(dir, entry.name);
+                if (entry.isDirectory()) {
+                    walkDir(fullPath);
+                }
+                else if (entry.name !== 'integrity_manifest.json') {
+                    const content = fs.readFileSync(fullPath);
+                    files.push({
+                        path: path.relative(exportDir, fullPath),
+                        sha256: crypto.createHash('sha256').update(content).digest('hex'),
+                        size: content.length,
+                    });
+                }
+            }
+        };
+        walkDir(exportDir);
+        return {
+            generatedAt: new Date().toISOString(),
+            exportDir,
+            fileCount: files.length,
+            files,
+            manifestHash: crypto.createHash('sha256')
+                .update(JSON.stringify(files))
+                .digest('hex'),
+        };
+    }
+}
+/**
+ * Generate transparency reports for public disclosure
+ * Supports responsible disclosure practices
+ */
+export class TransparencyReporter {
+    reportsDir;
+    constructor(baseDir = '.erosolar-reports') {
+        this.reportsDir = baseDir;
+        fs.mkdirSync(this.reportsDir, { recursive: true });
+    }
+    /**
+     * Create a new transparency report
+     */
+    createReport(type, title, summary, severity, authors) {
+        const id = `RPT-${Date.now()}-${crypto.randomBytes(4).toString('hex').toUpperCase()}`;
+        const report = {
+            id,
+            type,
+            title,
+            summary,
+            severity,
+            status: 'draft',
+            createdAt: new Date().toISOString(),
+            authors,
+            sections: [],
+            indicators: [],
+            recommendations: [],
+            references: [],
+            legalDisclaimer: this.getDefaultDisclaimer(),
+            redactions: [],
+        };
+        this.saveReport(report);
+        return report;
+    }
+    /**
+     * Add section to report
+     */
+    addSection(reportId, title, content, evidenceRefs = []) {
+        const report = this.loadReport(reportId);
+        if (!report) {
+            throw new Error(`Report ${reportId} not found`);
+        }
+        report.sections.push({
+            title,
+            content,
+            evidenceRefs,
+            order: report.sections.length,
+        });
+        this.saveReport(report);
+    }
+    /**
+     * Add indicators of compromise
+     */
+    addIndicators(reportId, indicators) {
+        const report = this.loadReport(reportId);
+        if (!report) {
+            throw new Error(`Report ${reportId} not found`);
+        }
+        report.indicators.push(...indicators);
+        this.saveReport(report);
+    }
+    /**
+     * Add recommendations
+     */
+    addRecommendations(reportId, recommendations) {
+        const report = this.loadReport(reportId);
+        if (!report) {
+            throw new Error(`Report ${reportId} not found`);
+        }
+        report.recommendations.push(...recommendations);
+        this.saveReport(report);
+    }
+    /**
+     * Publish report (makes it final)
+     */
+    publishReport(reportId) {
+        const report = this.loadReport(reportId);
+        if (!report) {
+            throw new Error(`Report ${reportId} not found`);
+        }
+        report.status = 'published';
+        report.publishedAt = new Date().toISOString();
+        this.saveReport(report);
+        return report;
+    }
+    /**
+     * Export report in various formats
+     */
+    exportReport(reportId, format) {
+        const report = this.loadReport(reportId);
+        if (!report) {
+            throw new Error(`Report ${reportId} not found`);
+        }
+        switch (format) {
+            case 'json':
+                return JSON.stringify(report, null, 2);
+            case 'markdown':
+                return this.toMarkdown(report);
+            case 'html':
+                return this.toHTML(report);
+            default:
+                return JSON.stringify(report, null, 2);
+        }
+    }
+    /**
+     * Generate STIX 2.1 bundle for threat intelligence sharing
+     */
+    toSTIX(reportId) {
+        const report = this.loadReport(reportId);
+        if (!report) {
+            throw new Error(`Report ${reportId} not found`);
+        }
+        const objects = [];
+        // Create report object
+        objects.push({
+            type: 'report',
+            spec_version: '2.1',
+            id: `report--${report.id}`,
+            created: report.createdAt,
+            modified: report.publishedAt || report.createdAt,
+            name: report.title,
+            description: report.summary,
+            report_types: [this.mapTypeToSTIX(report.type)],
+            published: report.publishedAt || report.createdAt,
+            object_refs: report.indicators.map((_, i) => `indicator--${report.id}-${i}`),
+        });
+        // Create indicator objects
+        report.indicators.forEach((indicator, i) => {
+            objects.push({
+                type: 'indicator',
+                spec_version: '2.1',
+                id: `indicator--${report.id}-${i}`,
+                created: indicator.timestamp,
+                modified: indicator.timestamp,
+                name: `${indicator.type}: ${indicator.value}`,
+                description: indicator.context || '',
+                pattern: this.toSTIXPattern(indicator),
+                pattern_type: 'stix',
+                valid_from: indicator.timestamp,
+                confidence: Math.round(indicator.confidence * 100),
+            });
+        });
+        return {
+            type: 'bundle',
+            id: `bundle--${report.id}`,
+            objects,
+        };
+    }
+    toMarkdown(report) {
+        const lines = [];
+        lines.push(`# ${report.title}`);
+        lines.push('');
+        lines.push(`**Report ID:** ${report.id}`);
+        lines.push(`**Type:** ${report.type}`);
+        lines.push(`**Severity:** ${report.severity}`);
+        lines.push(`**Status:** ${report.status}`);
+        lines.push(`**Created:** ${report.createdAt}`);
+        if (report.publishedAt) {
+            lines.push(`**Published:** ${report.publishedAt}`);
+        }
+        lines.push(`**Authors:** ${report.authors.join(', ')}`);
+        lines.push('');
+        lines.push('## Summary');
+        lines.push('');
+        lines.push(report.summary);
+        lines.push('');
+        for (const section of report.sections.sort((a, b) => a.order - b.order)) {
+            lines.push(`## ${section.title}`);
+            lines.push('');
+            lines.push(section.content);
+            lines.push('');
+        }
+        if (report.indicators.length > 0) {
+            lines.push('## Indicators of Compromise');
+            lines.push('');
+            lines.push('| Type | Value | Confidence | Source |');
+            lines.push('|------|-------|------------|--------|');
+            for (const ioc of report.indicators) {
+                lines.push(`| ${ioc.type} | \`${ioc.value}\` | ${Math.round(ioc.confidence * 100)}% | ${ioc.source} |`);
+            }
+            lines.push('');
+        }
+        if (report.recommendations.length > 0) {
+            lines.push('## Recommendations');
+            lines.push('');
+            for (const rec of report.recommendations) {
+                lines.push(`- ${rec}`);
+            }
+            lines.push('');
+        }
+        if (report.references.length > 0) {
+            lines.push('## References');
+            lines.push('');
+            for (const ref of report.references) {
+                lines.push(`- ${ref}`);
+            }
+            lines.push('');
+        }
+        lines.push('---');
+        lines.push('');
+        lines.push('*Disclaimer:*');
+        lines.push('');
+        lines.push(report.legalDisclaimer);
+        return lines.join('\n');
+    }
+    toHTML(report) {
+        // Convert markdown to basic HTML
+        const md = this.toMarkdown(report);
+        return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>${report.title}</title>
+  <style>
+    body { font-family: system-ui, sans-serif; max-width: 800px; margin: 0 auto; padding: 20px; }
+    pre, code { background: #f4f4f4; padding: 2px 6px; border-radius: 3px; }
+    table { border-collapse: collapse; width: 100%; }
+    th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
+    th { background: #f4f4f4; }
+  </style>
+</head>
+<body>
+<pre>${md}</pre>
+</body>
+</html>`;
+    }
+    mapTypeToSTIX(type) {
+        const mapping = {
+            threat_actor: 'threat-actor',
+            vulnerability: 'vulnerability',
+            incident: 'incident',
+            fraud: 'campaign',
+            abuse: 'campaign',
+            misconduct: 'campaign',
+        };
+        return mapping[type] || 'campaign';
+    }
+    toSTIXPattern(indicator) {
+        const typeMapping = {
+            ip: 'ipv4-addr:value',
+            domain: 'domain-name:value',
+            url: 'url:value',
+            hash: 'file:hashes.SHA-256',
+            email: 'email-addr:value',
+        };
+        const stixType = typeMapping[indicator.type] || 'x-custom:value';
+        return `[${stixType} = '${indicator.value}']`;
+    }
+    getDefaultDisclaimer() {
+        return `This report is provided for informational and educational purposes only.
+The information contained herein is based on publicly available data and authorized research.
+The authors make no warranties about the completeness, reliability, or accuracy of this information.
+Any action taken based on this report is at your own risk.
+This report should not be construed as legal advice.`;
+    }
+    saveReport(report) {
+        const reportPath = path.join(this.reportsDir, `${report.id}.json`);
+        fs.writeFileSync(reportPath, JSON.stringify(report, null, 2));
+    }
+    loadReport(reportId) {
+        const reportPath = path.join(this.reportsDir, `${reportId}.json`);
+        if (!fs.existsSync(reportPath)) {
+            return null;
+        }
+        return JSON.parse(fs.readFileSync(reportPath, 'utf-8'));
+    }
+}
+/**
+ * Authorized penetration testing support
+ * Requires explicit scope and authorization
+ */
+export class AuthorizedPentestSupport {
+    scopesDir;
+    resultsDir;
+    constructor(baseDir = '.erosolar-pentest') {
+        this.scopesDir = path.join(baseDir, 'scopes');
+        this.resultsDir = path.join(baseDir, 'results');
+        fs.mkdirSync(this.scopesDir, { recursive: true });
+        fs.mkdirSync(this.resultsDir, { recursive: true });
+    }
+    /**
+     * Create a new pentest scope (authorization document)
+     */
+    createScope(name, authorizedBy, targets, expirationDays = 30, rules = []) {
+        const id = `SCOPE-${Date.now()}-${crypto.randomBytes(4).toString('hex').toUpperCase()}`;
+        const now = new Date();
+        const expiration = new Date(now.getTime() + expirationDays * 24 * 60 * 60 * 1000);
+        const scope = {
+            id,
+            name,
+            authorizedBy,
+            authorizationDate: now.toISOString(),
+            expirationDate: expiration.toISOString(),
+            targets,
+            excludedTargets: [],
+            allowedTests: [
+                'port_scan',
+                'service_detection',
+                'vulnerability_scan',
+                'ssl_analysis',
+                'header_analysis',
+                'dns_enumeration',
+            ],
+            disallowedTests: [
+                'dos',
+                'ddos',
+                'data_exfiltration',
+                'destructive_tests',
+            ],
+            rules: [
+                'Stop immediately if unauthorized access is detected',
+                'Document all findings with timestamps',
+                'Report critical findings within 24 hours',
+                'Do not access or modify production data',
+                ...rules,
+            ],
+            emergencyContact: '',
+        };
+        this.saveScope(scope);
+        return scope;
+    }
+    /**
+     * Verify target is in scope
+     */
+    isInScope(scopeId, target) {
+        const scope = this.loadScope(scopeId);
+        if (!scope) {
+            return { inScope: false, reason: 'Scope not found' };
+        }
+        // Check expiration
+        if (new Date() > new Date(scope.expirationDate)) {
+            return { inScope: false, reason: 'Scope has expired' };
+        }
+        // Check if explicitly excluded
+        for (const excluded of scope.excludedTargets) {
+            if (target.includes(excluded) || excluded.includes(target)) {
+                return { inScope: false, reason: `Target is explicitly excluded: ${excluded}` };
+            }
+        }
+        // Check if in allowed targets
+        for (const allowed of scope.targets) {
+            if (this.matchesTarget(target, allowed)) {
+                return { inScope: true, reason: `Matches authorized target: ${allowed.value}` };
+            }
+        }
+        return { inScope: false, reason: 'Target not in authorized scope' };
+    }
+    /**
+     * Check if test type is allowed
+     */
+    isTestAllowed(scopeId, testType) {
+        const scope = this.loadScope(scopeId);
+        if (!scope) {
+            return { allowed: false, reason: 'Scope not found' };
+        }
+        if (scope.disallowedTests.includes(testType)) {
+            return { allowed: false, reason: `Test type "${testType}" is explicitly disallowed` };
+        }
+        if (scope.allowedTests.length > 0 && !scope.allowedTests.includes(testType)) {
+            return { allowed: false, reason: `Test type "${testType}" is not in allowed list` };
+        }
+        return { allowed: true, reason: 'Test type is authorized' };
+    }
+    /**
+     * Log test result
+     */
+    logTestResult(scopeId, testType, target, status, findings = [], rawOutput) {
+        const id = `TEST-${Date.now()}-${crypto.randomBytes(4).toString('hex').toUpperCase()}`;
+        const result = {
+            id,
+            scopeId,
+            testType,
+            target,
+            timestamp: new Date().toISOString(),
+            status,
+            findings,
+            rawOutput,
+        };
+        const resultPath = path.join(this.resultsDir, scopeId, `${id}.json`);
+        fs.mkdirSync(path.dirname(resultPath), { recursive: true });
+        fs.writeFileSync(resultPath, JSON.stringify(result, null, 2));
+        return result;
+    }
+    /**
+     * Generate pentest report
+     */
+    generateReport(scopeId) {
+        const scope = this.loadScope(scopeId);
+        if (!scope) {
+            throw new Error(`Scope ${scopeId} not found`);
+        }
+        const resultsDir = path.join(this.resultsDir, scopeId);
+        const results = [];
+        if (fs.existsSync(resultsDir)) {
+            const files = fs.readdirSync(resultsDir);
+            for (const file of files) {
+                if (file.endsWith('.json')) {
+                    const content = fs.readFileSync(path.join(resultsDir, file), 'utf-8');
+                    results.push(JSON.parse(content));
+                }
+            }
+        }
+        // Sort results by timestamp
+        results.sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+        // Aggregate findings
+        const allFindings = [];
+        for (const result of results) {
+            allFindings.push(...result.findings);
+        }
+        // Sort findings by severity
+        const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+        allFindings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+        // Generate report
+        const lines = [];
+        lines.push(`# Penetration Test Report`);
+        lines.push('');
+        lines.push(`**Scope:** ${scope.name}`);
+        lines.push(`**Scope ID:** ${scope.id}`);
+        lines.push(`**Authorized By:** ${scope.authorizedBy}`);
+        lines.push(`**Authorization Date:** ${scope.authorizationDate}`);
+        lines.push(`**Expiration Date:** ${scope.expirationDate}`);
+        lines.push('');
+        lines.push('## Executive Summary');
+        lines.push('');
+        lines.push(`- **Total Tests Performed:** ${results.length}`);
+        lines.push(`- **Total Findings:** ${allFindings.length}`);
+        lines.push(`- **Critical:** ${allFindings.filter(f => f.severity === 'critical').length}`);
+        lines.push(`- **High:** ${allFindings.filter(f => f.severity === 'high').length}`);
+        lines.push(`- **Medium:** ${allFindings.filter(f => f.severity === 'medium').length}`);
+        lines.push(`- **Low:** ${allFindings.filter(f => f.severity === 'low').length}`);
+        lines.push(`- **Info:** ${allFindings.filter(f => f.severity === 'info').length}`);
+        lines.push('');
+        lines.push('## Scope');
+        lines.push('');
+        lines.push('### Authorized Targets');
+        for (const target of scope.targets) {
+            lines.push(`- ${target.type}: ${target.value}${target.description ? ` (${target.description})` : ''}`);
+        }
+        lines.push('');
+        lines.push('### Rules of Engagement');
+        for (const rule of scope.rules) {
+            lines.push(`- ${rule}`);
+        }
+        lines.push('');
+        lines.push('## Findings');
+        lines.push('');
+        for (const finding of allFindings) {
+            lines.push(`### [${finding.severity.toUpperCase()}] ${finding.title}`);
+            lines.push('');
+            lines.push(`**ID:** ${finding.id}`);
+            if (finding.cvss)
+                lines.push(`**CVSS:** ${finding.cvss}`);
+            if (finding.cwe)
+                lines.push(`**CWE:** ${finding.cwe}`);
+            lines.push('');
+            lines.push('**Description:**');
+            lines.push(finding.description);
+            lines.push('');
+            lines.push('**Evidence:**');
+            lines.push('```');
+            lines.push(finding.evidence);
+            lines.push('```');
+            lines.push('');
+            lines.push('**Recommendation:**');
+            lines.push(finding.recommendation);
+            lines.push('');
+            if (finding.references.length > 0) {
+                lines.push('**References:**');
+                for (const ref of finding.references) {
+                    lines.push(`- ${ref}`);
+                }
+                lines.push('');
+            }
+        }
+        lines.push('## Test Log');
+        lines.push('');
+        lines.push('| Timestamp | Test Type | Target | Status |');
+        lines.push('|-----------|-----------|--------|--------|');
+        for (const result of results) {
+            lines.push(`| ${result.timestamp} | ${result.testType} | ${result.target} | ${result.status} |`);
+        }
+        return lines.join('\n');
+    }
+    matchesTarget(target, scopeTarget) {
+        switch (scopeTarget.type) {
+            case 'ip':
+                return target === scopeTarget.value;
+            case 'ip_range':
+                // Simple CIDR check would go here
+                return target.startsWith(scopeTarget.value.split('/')[0]?.split('.').slice(0, 3).join('.') || '');
+            case 'domain':
+                return target === scopeTarget.value || target.endsWith(`.${scopeTarget.value}`);
+            case 'url':
+                return target.startsWith(scopeTarget.value);
+            case 'application':
+                return target.includes(scopeTarget.value);
+            default:
+                return false;
+        }
+    }
+    saveScope(scope) {
+        const scopePath = path.join(this.scopesDir, `${scope.id}.json`);
+        fs.writeFileSync(scopePath, JSON.stringify(scope, null, 2));
+    }
+    loadScope(scopeId) {
+        const scopePath = path.join(this.scopesDir, `${scopeId}.json`);
+        if (!fs.existsSync(scopePath)) {
+            return null;
+        }
+        return JSON.parse(fs.readFileSync(scopePath, 'utf-8'));
+    }
+}
+// ============================================================================
+// EXPORTS
+// ============================================================================
+export const osint = new OSINTGatherer();
+export const evidence = new EvidenceManager();
+export const transparency = new TransparencyReporter();
+export const pentest = new AuthorizedPentestSupport();
+//# sourceMappingURL=defensiveSecurityToolkit.js.map