ghost-dragon 4.2.1

package/src/commands/memory.ts

@@ -0,0 +1,229 @@
+/**
+ * dragon memory — Phantom Memory (the moat)
+ *
+ * - memory list                  — every known target with summary
+ * - memory show <target>         — full dossier
+ * - memory context <target>      — plaintext brain-context prompt
+ * - memory reindex               — rebuild memory from reports/
+ * - memory verify                — diff reports/ vs Phantom Memory
+ */
+
+import type { Command } from 'commander'
+import type { DragonConfig } from '../config.js'
+import { fetchJSON, label, success, error, info, warn, table } from '../utils.js'
+import chalk from 'chalk'
+
+function api(config: DragonConfig, path: string): string {
+  const port = config.products.pentest.controlPort ?? 4091
+  return `http://localhost:${port}${path}`
+}
+
+interface TargetSummary {
+  display: string
+  scan_count: number
+  last_scan_at: string | null
+  latest_findings: number | null
+  latest_risk: string | null
+  osint_count: number
+  entity_count: number
+  cred_count: number
+  last_seen_at: string
+}
+
+export function registerMemoryCommands(program: Command, config: DragonConfig) {
+  const mem = program.command('memory').description('Phantom Memory — persistent engagement memory')
+
+  // --- list ---
+  mem
+    .command('list')
+    .description('List every target Phantom Memory has ever touched')
+    .action(async () => {
+      console.log(label('Phantom Memory'), 'Known targets:\n')
+      try {
+        const d = await fetchJSON<{ targets: TargetSummary[] }>(api(config, '/v1/memory'))
+        if (d.targets.length === 0) {
+          info('No targets in memory yet — run a scan to seed.')
+          return
+        }
+        table(d.targets.map((t) => ({
+          Target: t.display,
+          Scans: String(t.scan_count),
+          Findings: String(t.latest_findings ?? '—'),
+          Risk: t.latest_risk ?? '—',
+          OSINT: String(t.osint_count),
+          Entities: String(t.entity_count),
+          Creds: String(t.cred_count),
+          'Last seen': new Date(t.last_seen_at).toLocaleDateString(),
+        })))
+      } catch (e) {
+        error('Could not reach control_api. Is PhantomDragon Control running? `dragon serve`')
+        info(String(e))
+      }
+    })
+
+  // --- show ---
+  mem
+    .command('show <target>')
+    .description('Full memory dossier on a target')
+    .action(async (target) => {
+      console.log(label('Phantom Memory'), `Dossier on ${chalk.white(target)}\n`)
+      try {
+        const d: any = await fetchJSON<any>(api(config, `/v1/memory/target/${encodeURIComponent(target)}`))
+        if (!d.exists) {
+          info(`No memory for ${target} yet.`)
+          return
+        }
+        const s = d.summary
+        info(`First seen ${d.first_seen_at}, last touched ${d.last_seen_at}`)
+        info(`${s.scan_count} scans · ${s.persistent_finding_count} persistent findings · ${s.tech_count} techs · ${s.investigation_count} OSINT investigations · ${s.entity_count} entities · ${s.credential_exposure_count} cred exposures\n`)
+
+        if (d.scans?.length) {
+          console.log(chalk.dim('── Scans ──'))
+          table(d.scans.slice(0, 5).map((sc: any) => ({
+            ID: sc.scan_id.slice(-22),
+            Mode: sc.mode || '?',
+            Findings: String(sc.total_findings),
+            Critical: String(sc.severity_counts?.CRITICAL ?? 0),
+            High: String(sc.severity_counts?.HIGH ?? 0),
+            Risk: sc.risk_rating ?? '?',
+            Started: sc.started_at?.slice(0, 16) ?? '?',
+          })))
+          console.log()
+        }
+        if (d.persistent_findings?.length) {
+          console.log(chalk.dim('── Persistent findings (≥2 scans) ──'))
+          d.persistent_findings.slice(0, 10).forEach((f: any) => {
+            console.log(`  ${chalk.bold(f.severity?.padEnd(8))} ${f.title}  ${chalk.dim('· ' + f.category)}`)
+          })
+          console.log()
+        }
+        if (d.new_findings?.length) {
+          console.log(chalk.red('── Regressions (new in latest scan) ──'))
+          d.new_findings.slice(0, 8).forEach((f: any) => {
+            console.log(`  ${chalk.red(f.severity?.padEnd(8))} ${f.title}`)
+          })
+          console.log()
+        }
+        if (d.resolved_findings?.length) {
+          console.log(chalk.green('── Resolved (vs prior scan) ──'))
+          d.resolved_findings.slice(0, 8).forEach((f: any) => {
+            console.log(`  ${chalk.green(f.severity?.padEnd(8))} ${f.title}`)
+          })
+          console.log()
+        }
+        if (d.tech_observations?.length) {
+          console.log(chalk.dim('── Tech observations ──'))
+          console.log('  ' + d.tech_observations.map((t: any) => `${t.tech}×${t.occurrences}`).join(', '))
+          console.log()
+        }
+        if (d.osint_entity_type_counts && Object.keys(d.osint_entity_type_counts).length) {
+          console.log(chalk.dim('── OSINT entities by type ──'))
+          console.log('  ' + Object.entries(d.osint_entity_type_counts)
+            .sort((a: any, b: any) => b[1] - a[1])
+            .map(([t, n]: any) => `${t}×${n}`).join(', '))
+        }
+      } catch (e) {
+        error('Fetch failed.')
+        info(String(e))
+      }
+    })
+
+  // --- context ---
+  mem
+    .command('context <target>')
+    .description('Plaintext brain-context prompt for the AI brain')
+    .action(async (target) => {
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const res = await fetch(`http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/context`)
+        if (!res.ok) {
+          error(`HTTP ${res.status}`); return
+        }
+        const txt = await res.text()
+        console.log(txt)
+      } catch (e) {
+        error('Could not reach control_api.')
+        info(String(e))
+      }
+    })
+
+  // --- reindex ---
+  mem
+    .command('reindex')
+    .description('Rebuild Phantom Memory from reports/ directory')
+    .action(async () => {
+      console.log(label('Phantom Memory'), 'Reindexing...\n')
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const res = await fetch(`http://localhost:${port}/v1/memory/reindex`, { method: 'POST' })
+        if (!res.ok) { error(`HTTP ${res.status}`); return }
+        const d = await res.json() as { scans_ingested: number; skipped: number }
+        success(`Ingested ${d.scans_ingested} scans (skipped ${d.skipped})`)
+      } catch (e) {
+        error('Reindex failed.')
+        info(String(e))
+      }
+    })
+
+  // --- copilot ---
+  mem
+    .command('copilot <target>')
+    .description('What next? — rule-based suggestions from Phantom Memory state')
+    .action(async (target) => {
+      try {
+        const d = await fetchJSON<{ suggestions: Array<{ verb: string; title: string; rationale: string; command: string }> }>(
+          api(config, `/v1/memory/target/${encodeURIComponent(target)}/copilot`),
+        )
+        console.log(label('Dragon Copilot'), `Next actions for ${chalk.white(target)}:\n`)
+        d.suggestions.forEach((s) => {
+          const icon = s.verb === 'alert' ? chalk.red('▲') :
+                       s.verb === 'scan' ? chalk.green('▶') :
+                       s.verb === 'osint' ? chalk.cyan('🔍') :
+                       chalk.dim('●')
+          console.log(`  ${icon} ${chalk.bold(s.title)}`)
+          console.log(`    ${chalk.dim(s.rationale)}`)
+          console.log(`    ${chalk.cyan('$')} ${s.command}\n`)
+        })
+      } catch (e) {
+        error('Copilot fetch failed.')
+        info(String(e))
+      }
+    })
+
+  // --- brief ---
+  mem
+    .command('brief <target>')
+    .description('Generate client-deliverable engagement brief (Markdown)')
+    .option('--as-of <date>', 'Time-travel: brief as of given ISO date')
+    .action(async (target, opts) => {
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const params = new URLSearchParams()
+        if (opts.asOf) params.set('as_of', opts.asOf)
+        const url = `http://localhost:${port}/v1/memory/target/${encodeURIComponent(target)}/brief${params.size ? `?${params}` : ''}`
+        const res = await fetch(url)
+        if (!res.ok) { error(`HTTP ${res.status}`); return }
+        const md = await res.text()
+        process.stdout.write(md)
+      } catch (e) {
+        error('Brief fetch failed.')
+        info(String(e))
+      }
+    })
+
+  // --- verify ---
+  mem
+    .command('verify')
+    .description('Diff reports/ vs Phantom Memory (TODO: full implementation; for now triggers reindex)')
+    .action(async () => {
+      warn('Full diff verification is a deferred feature. Triggering reindex as the safe surrogate.')
+      try {
+        const port = config.products.pentest.controlPort ?? 4091
+        const res = await fetch(`http://localhost:${port}/v1/memory/reindex`, { method: 'POST' })
+        const d = await res.json() as { scans_ingested: number; skipped: number }
+        info(`Reindex result: ${d.scans_ingested} scans ingested, ${d.skipped} skipped.`)
+      } catch (e) {
+        error(String(e))
+      }
+    })
+}

package/src/commands/osint.ts

@@ -0,0 +1,171 @@
+/**
+ * dragon osint — DragonNet OSINT Investigation Platform
+ *
+ * - osint open <target>        — open a new investigation seeded with target
+ * - osint list                 — list known investigations
+ * - osint show <id>            — fetch entities + edges for an investigation
+ * - osint search <q>           — cross-investigation entity search
+ * - osint serve                — start the DragonNet API + dashboard
+ * - osint legal-posture <jdx>  — print per-collector legal posture
+ */
+
+import type { Command } from 'commander'
+import type { DragonConfig } from '../config.js'
+import { getProductPath } from '../config.js'
+import { run, fetchJSON, label, success, error, info, warn, table } from '../utils.js'
+import chalk from 'chalk'
+
+function api(config: DragonConfig, path: string): string {
+  const port = config.products.net.apiPort ?? 4080
+  return `http://localhost:${port}${path}`
+}
+
+function ui(config: DragonConfig, path: string): string {
+  const port = config.products.net.uiPort ?? 4081
+  return `http://localhost:${port}${path}`
+}
+
+const LEGAL_POSTURES: Record<string, Record<string, string>> = {
+  lk: {
+    TORWATCH:    "defensible if seeds are public services and operator records authorization (CCA 2007)",
+    PASTEDRAGNET: "defensible (public paste sites only)",
+    TELEGAZER:   "defensible (public previews only); GDPR if EU subjects appear",
+    NIGHTGLASS:  "operator-bears-responsibility; corpus provenance required",
+  },
+  us: {
+    TORWATCH:    "defensible under CFAA if no authentication is bypassed; document seeds",
+    PASTEDRAGNET: "defensible (public surface)",
+    TELEGAZER:   "defensible (public previews)",
+    NIGHTGLASS:  "operator-bears-responsibility; possessing breach data is grey-area",
+  },
+  eu: {
+    TORWATCH:    "defensible; GDPR data-controller obligations apply on EU subjects",
+    PASTEDRAGNET: "defensible; honour right-to-erasure",
+    TELEGAZER:   "defensible; GDPR data-controller obligations apply",
+    NIGHTGLASS:  "operator-bears-responsibility; GDPR retention rules apply",
+  },
+}
+
+export function registerOsintCommands(program: Command, config: DragonConfig) {
+  const osint = program.command('osint').description('DragonNet — OSINT investigations (no external API deps)')
+
+  // --- open ---
+  osint
+    .command('open <target>')
+    .description('Open a new DragonNet investigation seeded with the target (opens browser)')
+    .action(async (target) => {
+      const url = ui(config, `/?seed_target=${encodeURIComponent(target)}&autocreate=1`)
+      console.log(label('DragonNet'), `Opening investigation seeded with ${chalk.white(target)}`)
+      console.log(`  → ${chalk.dim(url)}`)
+      // Best-effort open in browser
+      const opener = process.platform === 'darwin' ? 'open' :
+                     process.platform === 'win32' ? 'start' : 'xdg-open'
+      try { await run(opener, [url], process.cwd()) } catch { /* no opener */ }
+      success('Browser launched (or URL printed)')
+    })
+
+  // --- list ---
+  osint
+    .command('list')
+    .description('List investigations (requires DragonNet API auth via browser session)')
+    .action(async () => {
+      console.log(label('DragonNet'), 'Investigations:\n')
+      try {
+        const d = await fetchJSON<{ investigations: Array<{ id: string; name: string; status: string; created_at: number }> }>(
+          api(config, '/v1/investigations'),
+        )
+        if (d.investigations.length === 0) {
+          info('No investigations yet — try: dragon osint open <target>')
+          return
+        }
+        table(d.investigations.map((i) => ({
+          ID: i.id.slice(-12),
+          Name: i.name,
+          Status: i.status,
+          Created: new Date(i.created_at).toLocaleDateString(),
+        })))
+      } catch (e) {
+        error('Could not reach DragonNet API. Is it running? `dragon osint serve`')
+        info(String(e))
+      }
+    })
+
+  // --- show ---
+  osint
+    .command('show <id>')
+    .description('Show an investigation graph summary (entities + edges)')
+    .action(async (id) => {
+      console.log(label('DragonNet'), `Investigation ${chalk.white(id.slice(-8))}\n`)
+      try {
+        const d = await fetchJSON<{ entities: any[]; edges: any[]; counts: { entities: number; edges: number } }>(
+          api(config, `/v1/entities/investigation/${id}/graph`),
+        )
+        info(`Entities: ${d.counts.entities}  Edges: ${d.counts.edges}`)
+        const byType: Record<string, number> = {}
+        for (const e of d.entities) byType[e.type] = (byType[e.type] ?? 0) + 1
+        Object.entries(byType).sort((a, b) => b[1] - a[1]).forEach(([t, n]) => {
+          console.log(`  ${chalk.green(t.padEnd(20))} ${n}`)
+        })
+      } catch (e) {
+        error('Fetch failed (auth required, or DragonNet API offline).')
+        info(String(e))
+      }
+    })
+
+  // --- search ---
+  osint
+    .command('search <q>')
+    .description('Cross-investigation entity search')
+    .option('-t, --type <type>', 'Filter by entity type')
+    .action(async (q, opts) => {
+      const params = new URLSearchParams({ q, limit: '50' })
+      if (opts.type) params.set('type', opts.type)
+      console.log(label('DragonNet'), `Searching for: ${chalk.white(q)}\n`)
+      try {
+        const d = await fetchJSON<{ results: any[] }>(
+          api(config, `/v1/entities/search?${params}`),
+        )
+        if (d.results.length === 0) {
+          info('No hits')
+          return
+        }
+        table(d.results.map((r: any) => ({
+          Type: r.type,
+          Name: r.display_name,
+          Investigation: r.investigation_name,
+          Created: new Date(r.created_at).toLocaleDateString(),
+        })))
+      } catch (e) {
+        error('Search failed (auth required, or DragonNet API offline).')
+        info(String(e))
+      }
+    })
+
+  // --- serve ---
+  osint
+    .command('serve')
+    .description('Start DragonNet API + dashboard (foreground; Ctrl-C to stop)')
+    .action(async () => {
+      const path = getProductPath(config, 'net')
+      console.log(label('DragonNet'), 'Starting API + dashboard...\n')
+      info(`API:       http://localhost:${config.products.net.apiPort}`)
+      info(`Dashboard: http://localhost:${config.products.net.uiPort}\n`)
+      await run('pnpm', ['dev'], path)
+    })
+
+  // --- legal-posture ---
+  osint
+    .command('legal-posture [jurisdiction]')
+    .description('Print per-collector legal posture for a jurisdiction (lk|us|eu)')
+    .action((jurisdiction = 'lk') => {
+      const jdx = jurisdiction.toLowerCase()
+      const postures = LEGAL_POSTURES[jdx]
+      if (!postures) {
+        error(`Unknown jurisdiction "${jdx}". Supported: ${Object.keys(LEGAL_POSTURES).join(', ')}`)
+        return
+      }
+      console.log(label('Legal Posture'), `Jurisdiction: ${chalk.white(jdx.toUpperCase())}\n`)
+      table(Object.entries(postures).map(([k, v]) => ({ Collector: k, Posture: v })))
+      warn('This is not legal advice. The operator is responsible for compliance in their jurisdiction.')
+    })
+}

package/src/commands/pentest.ts

@@ -0,0 +1,140 @@
+/**
+ * dragon pentest — PhantomDragon Penetration Testing
+ * 
+ * Manages security scans:
+ * - Run scans against targets
+ * - View/export reports
+ * - Update payloads
+ * - Configure scan profiles
+ */
+
+import type { Command } from 'commander'
+import type { DragonConfig } from '../config.js'
+import { getProductPath } from '../config.js'
+import { run, label, success, error, info } from '../utils.js'
+import chalk from 'chalk'
+import { existsSync, readdirSync } from 'fs'
+import { join } from 'path'
+
+export function registerPentestCommands(program: Command, config: DragonConfig) {
+  const pentest = program
+    .command('pentest')
+    .description('PhantomDragon — Web application security scanner')
+
+  // --- scan ---
+  pentest
+    .command('scan <target>')
+    .description('Run a security scan against a target URL')
+    .option('-p, --profile <profile>', 'Scan profile: quick|standard|full|api_only|auth_only', 'standard')
+    .option('-m, --mode <mode>', 'Scan mode: safe|standard|aggressive|chaos', 'safe')
+    .option('-o, --output <dir>', 'Output directory for reports')
+    .option('--no-spider', 'Skip crawling/spidering')
+    .action(async (target, opts) => {
+      const path = getProductPath(config, 'pentest')
+      console.log(label('PhantomDragon'), `Scanning ${chalk.white(target)}`)
+      console.log(`  Profile: ${chalk.dim(opts.profile)}  Mode: ${chalk.dim(opts.mode)}\n`)
+
+      const args = ['phantomdragon.py', '-t', target, '--profile', opts.profile, '--mode', opts.mode]
+      if (opts.output) args.push('-o', opts.output)
+      if (opts.noSpider === false) args.push('--no-spider')
+
+      const code = await run('python3', args, path)
+      code === 0 ? success('Scan complete') : error(`Scan failed (exit ${code})`)
+    })
+
+  // --- quick ---
+  pentest
+    .command('quick <target>')
+    .description('Quick scan (shortcut for --profile quick --mode safe)')
+    .action(async (target) => {
+      const path = getProductPath(config, 'pentest')
+      console.log(label('PhantomDragon'), `Quick scan: ${chalk.white(target)}\n`)
+      const code = await run('python3', ['phantomdragon.py', '-t', target, '--profile', 'quick', '--mode', 'safe'], path)
+      code === 0 ? success('Quick scan complete') : error(`Scan failed (exit ${code})`)
+    })
+
+  // --- reports ---
+  pentest
+    .command('reports')
+    .description('List generated reports')
+    .action(async () => {
+      const path = getProductPath(config, 'pentest')
+      const reportsDir = join(path, 'reports')
+      if (!existsSync(reportsDir)) {
+        info('No reports directory')
+        return
+      }
+      console.log(label('PhantomDragon'), 'Reports:\n')
+      const entries = readdirSync(reportsDir, { withFileTypes: true })
+      const dirs = entries.filter(e => e.isDirectory()).sort((a, b) => b.name.localeCompare(a.name))
+      const files = entries.filter(e => e.isFile() && e.name.endsWith('.md'))
+
+      for (const d of dirs) {
+        console.log(`  ${chalk.green('📁')} ${d.name}`)
+      }
+      for (const f of files) {
+        console.log(`  ${chalk.dim('📄')} ${f.name}`)
+      }
+      if (dirs.length === 0 && files.length === 0) {
+        info('No reports found')
+      }
+    })
+
+  // --- payloads ---
+  pentest
+    .command('payloads')
+    .description('Show payload statistics')
+    .action(async () => {
+      const path = getProductPath(config, 'pentest')
+      const payloadsDir = join(path, 'payloads')
+      if (!existsSync(payloadsDir)) {
+        info('No payloads directory')
+        return
+      }
+      console.log(label('PhantomDragon'), 'Payload inventory:\n')
+      const categories = readdirSync(payloadsDir, { withFileTypes: true }).filter(e => e.isDirectory())
+      const { readFileSync: rf } = await import('fs')
+      let total = 0
+      for (const cat of categories) {
+        const catPath = join(payloadsDir, cat.name)
+        const files = readdirSync(catPath).filter(f => f.endsWith('.txt') || f.endsWith('.json'))
+        let count = 0
+        for (const f of files) {
+          try {
+            // Safe line count — no shell interpolation of filename
+            const body = rf(join(catPath, f), 'utf-8')
+            count += body.length === 0 ? 0 : body.split('\n').length
+          } catch { /* skip */ }
+        }
+        total += count
+        console.log(`  ${chalk.green(cat.name.padEnd(20))} ${chalk.white(String(count).padStart(5))} payloads  ${chalk.dim(`(${files.length} files)`)}`)
+      }
+      console.log(chalk.dim(`\n  Total: ${total} payloads`))
+    })
+
+  // --- config ---
+  pentest
+    .command('config')
+    .description('Show current scan configuration')
+    .action(async () => {
+      const path = getProductPath(config, 'pentest')
+      const configFile = join(path, 'config/pentest.json')
+      if (!existsSync(configFile)) {
+        error('Config not found: config/pentest.json')
+        return
+      }
+      console.log(label('PhantomDragon'), 'Configuration:\n')
+      await run('cat', [configFile], path)
+    })
+
+  // --- update ---
+  pentest
+    .command('update')
+    .description('Update PhantomDragon (git pull)')
+    .action(async () => {
+      const path = getProductPath(config, 'pentest')
+      console.log(label('PhantomDragon'), 'Updating...\n')
+      const code = await run('git', ['pull', '--rebase'], path)
+      code === 0 ? success('Updated') : error(`Update failed (exit ${code})`)
+    })
+}