muaddib-scanner 1.4.3 → 1.5.0

package/docker/Dockerfile

@@ -1,7 +1,7 @@
 FROM node:20-alpine
 
 # Outils de monitoring
-RUN apk add --no-cache strace curl tcpdump
+RUN apk add --no-cache strace curl tcpdump coreutils findutils jq
 
 # User non-root
 RUN adduser -D sandboxuser

package/docker/sandbox-runner.sh

@@ -1,26 +1,154 @@
 #!/bin/sh
-PACKAGE=$1
+PACKAGE="$1"
 
-echo "[SANDBOX] Installing $PACKAGE..."
+if [ -z "$PACKAGE" ]; then
+  echo "Usage: sandbox-runner.sh <package-name>" >&2
+  exit 1
+fi
 
-# Capturer les connexions réseau en background
-tcpdump -i any -w /tmp/network.pcap 2>/dev/null &
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+START_MS=$(date +%s%3N 2>/dev/null || echo 0)
+
+# ── 1. Filesystem snapshot BEFORE install ──
+echo "[SANDBOX] Snapshot filesystem before install..." >&2
+find / -type f 2>/dev/null | sort > /tmp/fs-before.txt
+
+# ── 2. tcpdump in background (DNS + HTTP + HTTPS) ──
+echo "[SANDBOX] Starting network capture..." >&2
+tcpdump -i any -nn 'port 53 or port 80 or port 443' -l > /tmp/network.log 2>/dev/null &
 TCPDUMP_PID=$!
+sleep 1
+
+# ── 3. npm install with strace ──
+echo "[SANDBOX] Installing $PACKAGE..." >&2
+strace -f -e trace=network,process,open,openat,connect,execve,sendto,recvfrom \
+  -o /tmp/strace.log \
+  npm install "$PACKAGE" --ignore-scripts=false > /tmp/install.log 2>&1
+EXIT_CODE=$?
+
+# ── 4. Filesystem snapshot AFTER install ──
+echo "[SANDBOX] Snapshot filesystem after install..." >&2
+find / -type f 2>/dev/null | sort > /tmp/fs-after.txt
+
+# Stop tcpdump
+kill "$TCPDUMP_PID" 2>/dev/null
+wait "$TCPDUMP_PID" 2>/dev/null
+
+END_MS=$(date +%s%3N 2>/dev/null || echo 0)
+DURATION_MS=$((END_MS - START_MS))
+[ "$DURATION_MS" -lt 0 ] 2>/dev/null && DURATION_MS=0
+
+# ── 5. Filesystem diff (exclude /sandbox/node_modules/) ──
+echo "[SANDBOX] Analyzing filesystem changes..." >&2
+comm -13 /tmp/fs-before.txt /tmp/fs-after.txt | grep -v '^/sandbox/node_modules/' | grep -v '^/tmp/fs-\|^/tmp/install.log\|^/tmp/network.log\|^/tmp/strace.log\|^/tmp/sensitive-\|^/tmp/suspicious-cmds\|^/tmp/connections.txt\|^/tmp/dns-queries\|^/tmp/fs-created\|^/tmp/fs-deleted' > /tmp/fs-created.txt
+comm -23 /tmp/fs-before.txt /tmp/fs-after.txt | grep -v '^/sandbox/node_modules/' > /tmp/fs-deleted.txt
+
+# ── 6. Parse strace ──
+echo "[SANDBOX] Parsing strace..." >&2
+
+SENSITIVE='\.npmrc|\.ssh/|\.aws/|\.env|/etc/passwd|/etc/shadow|\.gitconfig|\.bash_history'
+
+# 6a. Sensitive file access (read)
+grep -E 'openat\(' /tmp/strace.log 2>/dev/null | \
+  grep -E "$SENSITIVE" | \
+  grep 'O_RDONLY' | \
+  sed 's/.*openat([^,]*, "\([^"]*\)".*/\1/' | \
+  sort -u > /tmp/sensitive-read.txt
+
+# 6b. Sensitive file access (write)
+grep -E 'openat\(' /tmp/strace.log 2>/dev/null | \
+  grep -E "$SENSITIVE" | \
+  grep -E 'O_WRONLY|O_RDWR|O_CREAT' | \
+  sed 's/.*openat([^,]*, "\([^"]*\)".*/\1/' | \
+  sort -u > /tmp/sensitive-written.txt
+
+# 6c. Suspicious execve (exclude node, npm, npx, sh, git)
+grep 'execve(' /tmp/strace.log 2>/dev/null | \
+  grep '= 0' | \
+  grep -vE 'execve\("[^"]*/(node|npm|npx|sh|git)"' | \
+  sed -n 's/.*\[pid \([0-9]*\)\].*execve("\([^"]*\)".*/\1\t\2/p' > /tmp/suspicious-cmds.txt
+
+grep 'execve(' /tmp/strace.log 2>/dev/null | \
+  grep '= 0' | \
+  grep -vE 'execve\("[^"]*/(node|npm|npx|sh|git)"' | \
+  grep -v '\[pid' | \
+  sed -n 's/.*execve("\([^"]*\)".*/0\t\1/p' >> /tmp/suspicious-cmds.txt
+
+# 6d. Outgoing connections (AF_INET, successful)
+grep 'connect(' /tmp/strace.log 2>/dev/null | \
+  grep 'AF_INET' | grep -v 'AF_INET6' | \
+  grep '= 0' | \
+  sed -n 's/.*sin_port=htons(\([0-9]*\)).*sin_addr=inet_addr("\([^"]*\)").*/\2\t\1/p' | \
+  grep -v '	65535$' | \
+  grep -v '^127\.' | \
+  sort -u > /tmp/connections.txt
+
+# ── 7. Parse tcpdump ──
+echo "[SANDBOX] Parsing network capture..." >&2
+
+grep -oE '(A|AAAA)\? [^ ]+' /tmp/network.log 2>/dev/null | \
+  awk '{print $2}' | \
+  sed 's/\.$//' | \
+  sort -u > /tmp/dns-queries.txt
+
+# ── 8. Build JSON with jq ──
+echo "[SANDBOX] Building report..." >&2
 
-# Installer le package avec strace pour capturer les appels système
-strace -f -e trace=network,process,file -o /tmp/strace.log npm install "$PACKAGE" --ignore-scripts=false 2>&1
+# Ensure all temp files exist
+touch /tmp/fs-created.txt /tmp/fs-deleted.txt /tmp/dns-queries.txt \
+  /tmp/sensitive-read.txt /tmp/sensitive-written.txt \
+  /tmp/connections.txt /tmp/suspicious-cmds.txt /tmp/install.log
 
-# Arrêter tcpdump
-kill $TCPDUMP_PID 2>/dev/null
+INSTALL_OUTPUT=$(head -c 5000 /tmp/install.log)
 
-# Analyser les résultats
-echo "[SANDBOX] === NETWORK CONNECTIONS ==="
-grep -E "connect|sendto" /tmp/strace.log | head -20
+FS_CREATED=$(jq -R -s 'split("\n") | map(select(length > 0))' < /tmp/fs-created.txt)
+FS_DELETED=$(jq -R -s 'split("\n") | map(select(length > 0))' < /tmp/fs-deleted.txt)
+DNS=$(jq -R -s 'split("\n") | map(select(length > 0))' < /tmp/dns-queries.txt)
+SENS_READ=$(jq -R -s 'split("\n") | map(select(length > 0))' < /tmp/sensitive-read.txt)
+SENS_WRITTEN=$(jq -R -s 'split("\n") | map(select(length > 0))' < /tmp/sensitive-written.txt)
 
-echo "[SANDBOX] === PROCESS SPAWNS ==="
-grep -E "execve|clone" /tmp/strace.log | head -20
+CONNS=$(jq -R -s 'split("\n") | map(select(length > 0)) | map(
+  split("\t") | {host: .[0], port: (.[1] | tonumber), protocol: "TCP"}
+)' < /tmp/connections.txt)
 
-echo "[SANDBOX] === FILE ACCESS ==="
-grep -E "openat.*npmrc|openat.*ssh|openat.*aws" /tmp/strace.log | head -20
+PROCS=$(jq -R -s 'split("\n") | map(select(length > 0)) | map(
+  split("\t") | {command: .[1], pid: (.[0] | tonumber)}
+)' < /tmp/suspicious-cmds.txt)
 
-echo "[SANDBOX] Done."
+# ── Final JSON (ONLY output on stdout) ──
+jq -n \
+  --arg package "$PACKAGE" \
+  --arg timestamp "$TIMESTAMP" \
+  --argjson duration "${DURATION_MS:-0}" \
+  --argjson fs_created "$FS_CREATED" \
+  --argjson fs_deleted "$FS_DELETED" \
+  --argjson dns "$DNS" \
+  --argjson connections "$CONNS" \
+  --argjson processes "$PROCS" \
+  --argjson sensitive_read "$SENS_READ" \
+  --argjson sensitive_written "$SENS_WRITTEN" \
+  --arg install_output "$INSTALL_OUTPUT" \
+  --argjson exit_code "${EXIT_CODE:-1}" \
+  '{
+    package: $package,
+    timestamp: $timestamp,
+    duration_ms: $duration,
+    filesystem: {
+      created: $fs_created,
+      deleted: $fs_deleted,
+      modified: []
+    },
+    network: {
+      dns_queries: $dns,
+      http_connections: $connections
+    },
+    processes: {
+      spawned: $processes
+    },
+    sensitive_files: {
+      read: $sensitive_read,
+      written: $sensitive_written
+    },
+    install_output: $install_output,
+    exit_code: $exit_code
+  }'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "1.4.3",
+  "version": "1.5.0",
   "description": "Supply-chain threat detection & response for npm",
   "main": "src/index.js",
   "bin": {

package/src/index.js

@@ -150,6 +150,27 @@ async function run(targetPath, options = {}) {
     threats.push(...paranoidThreats);
   }
 
+  // Sandbox integration
+  let sandboxData = null;
+  if (options.sandboxResult && options.sandboxResult.findings) {
+    const sr = options.sandboxResult;
+    const pkg = sr.raw_report?.package || 'unknown';
+    sandboxData = {
+      package: pkg,
+      score: sr.score,
+      severity: sr.severity,
+      findings: sr.findings
+    };
+    for (const f of sr.findings) {
+      threats.push({
+        type: 'sandbox_' + f.type,
+        severity: f.severity,
+        message: f.detail,
+        file: `[SANDBOX] ${pkg}`
+      });
+    }
+  }
+
   // Deduplicate: same file + same type + same message = show once with count
   const deduped = [];
   const seen = new Map();
@@ -209,7 +230,8 @@ async function run(targetPath, options = {}) {
       low: lowCount,
       riskScore: riskScore,
       riskLevel: riskLevel
-    }
+    },
+    sandbox: sandboxData
   };
 
   // JSON output
@@ -252,6 +274,22 @@ async function run(targetPath, options = {}) {
         console.log('');
       });
     }
+
+    // Sandbox section (explain)
+    if (sandboxData) {
+      console.log(`\n[SANDBOX] Dynamic analysis — ${sandboxData.package}`);
+      console.log(`  Score:    ${sandboxData.score}/100`);
+      console.log(`  Severity: ${sandboxData.severity}`);
+      if (sandboxData.findings.length === 0) {
+        console.log('  No suspicious behavior detected.\n');
+      } else {
+        console.log(`  ${sandboxData.findings.length} finding(s):`);
+        sandboxData.findings.forEach(f => {
+          console.log(`    [${f.severity}] ${f.type}: ${f.detail}`);
+        });
+        console.log('');
+      }
+    }
   }
   // Normal output
   else {
@@ -279,6 +317,22 @@ async function run(targetPath, options = {}) {
         }
       });
     }
+
+    // Sandbox section (normal)
+    if (sandboxData) {
+      console.log(`[SANDBOX] Dynamic analysis — ${sandboxData.package}`);
+      console.log(`  Score:    ${sandboxData.score}/100`);
+      console.log(`  Severity: ${sandboxData.severity}`);
+      if (sandboxData.findings.length === 0) {
+        console.log('  No suspicious behavior detected.\n');
+      } else {
+        console.log(`  ${sandboxData.findings.length} finding(s):`);
+        sandboxData.findings.forEach(f => {
+          console.log(`    [${f.severity}] ${f.type}: ${f.detail}`);
+        });
+        console.log('');
+      }
+    }
   }
 
   // Send webhook if configured

package/src/ioc/data/iocs.json

@@ -17564,7 +17564,7 @@
     "pigS3cr3ts.json"
   ],
   "files": [],
-  "updated": "2026-02-10T18:17:09.546Z",
+  "updated": "2026-02-10T20:05:07.831Z",
   "sources": [
     "shai-hulud-detector",
     "datadog-consolidated",

package/src/report.js

@@ -91,6 +91,31 @@ function generateHTML(results) {
       color: #4ecdc4;
       font-size: 24px;
     }
+    .sandbox-section {
+      background: #16213e;
+      padding: 20px;
+      border-radius: 8px;
+      margin-top: 30px;
+      border-left: 4px solid #9b59b6;
+    }
+    .sandbox-section h2 {
+      color: #9b59b6;
+      margin-top: 0;
+    }
+    .sandbox-meta {
+      display: flex;
+      gap: 30px;
+      margin-bottom: 15px;
+    }
+    .sandbox-meta span {
+      color: #aaa;
+    }
+    .sandbox-finding {
+      padding: 8px 12px;
+      margin: 4px 0;
+      border-radius: 4px;
+      background: rgba(155, 89, 182, 0.1);
+    }
   </style>
 </head>
 <body>
@@ -133,6 +158,24 @@ function generateHTML(results) {
     </table>
     ` : '<div class="ok">No threats detected</div>'}
 
+    ${results.sandbox ? `
+    <div class="sandbox-section">
+      <h2>[SANDBOX] Dynamic Analysis</h2>
+      <div class="sandbox-meta">
+        <span>Package: <strong>${escapeHtml(results.sandbox.package)}</strong></span>
+        <span>Score: <strong>${escapeHtml(String(results.sandbox.score))}/100</strong></span>
+        <span>Severity: <strong>${escapeHtml(results.sandbox.severity)}</strong></span>
+      </div>
+      ${results.sandbox.findings.length === 0
+        ? '<p style="color: #4ecdc4;">No suspicious behavior detected.</p>'
+        : results.sandbox.findings.map(f => `
+          <div class="sandbox-finding">
+            <strong>[${escapeHtml(f.severity)}]</strong> ${escapeHtml(f.type)}: ${escapeHtml(f.detail)}
+          </div>
+        `).join('')}
+    </div>
+    ` : ''}
+
     <div class="meta">
       <p>Target: ${escapeHtml(target)}</p>
       <p>Date: ${escapeHtml(timestamp)}</p>

package/src/rules/index.js

@@ -363,6 +363,80 @@ const RULES = {
     references: ['https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions'],
     mitre: 'T1195.002'
   },
+
+  // Sandbox detections
+  sandbox_sensitive_file_read: {
+    id: 'MUADDIB-SANDBOX-001',
+    name: 'Sandbox: Sensitive File Read',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Package reads sensitive credential files during install',
+    references: ['https://blog.phylum.io/shai-hulud-npm-worm'],
+    mitre: 'T1552.001'
+  },
+  sandbox_sensitive_file_write: {
+    id: 'MUADDIB-SANDBOX-002',
+    name: 'Sandbox: Sensitive File Write',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Package writes to sensitive credential files during install',
+    references: ['https://blog.phylum.io/shai-hulud-npm-worm'],
+    mitre: 'T1565.001'
+  },
+  sandbox_suspicious_filesystem: {
+    id: 'MUADDIB-SANDBOX-003',
+    name: 'Sandbox: Suspicious Filesystem Change',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'Package creates files in suspicious system locations during install',
+    references: ['https://attack.mitre.org/techniques/T1543/'],
+    mitre: 'T1543'
+  },
+  sandbox_suspicious_dns: {
+    id: 'MUADDIB-SANDBOX-004',
+    name: 'Sandbox: Suspicious DNS Query',
+    severity: 'HIGH',
+    confidence: 'medium',
+    description: 'Package resolves non-registry domain during install',
+    references: ['https://attack.mitre.org/techniques/T1071/'],
+    mitre: 'T1071'
+  },
+  sandbox_suspicious_connection: {
+    id: 'MUADDIB-SANDBOX-005',
+    name: 'Sandbox: Suspicious Network Connection',
+    severity: 'HIGH',
+    confidence: 'medium',
+    description: 'Package makes TCP connection to non-registry host during install',
+    references: ['https://attack.mitre.org/techniques/T1071/'],
+    mitre: 'T1071'
+  },
+  sandbox_suspicious_process: {
+    id: 'MUADDIB-SANDBOX-006',
+    name: 'Sandbox: Dangerous Process Spawned',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Package spawns dangerous command during install (curl, wget, nc, etc.)',
+    references: ['https://attack.mitre.org/techniques/T1059/'],
+    mitre: 'T1059'
+  },
+  sandbox_unknown_process: {
+    id: 'MUADDIB-SANDBOX-007',
+    name: 'Sandbox: Unknown Process Spawned',
+    severity: 'MEDIUM',
+    confidence: 'low',
+    description: 'Package spawns unrecognized process during install',
+    references: ['https://attack.mitre.org/techniques/T1059/'],
+    mitre: 'T1059'
+  },
+  sandbox_timeout: {
+    id: 'MUADDIB-SANDBOX-008',
+    name: 'Sandbox: Container Timeout',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Package install exceeded sandbox timeout - possible infinite loop or resource exhaustion',
+    references: ['https://attack.mitre.org/techniques/T1499/'],
+    mitre: 'T1499'
+  },
 };
 
 function getRule(type) {

package/src/sandbox.js

@@ -1,158 +1,295 @@
-const { spawn } = require('child_process');
+const { execSync, spawn } = require('child_process');
 const path = require('path');
 
 const DOCKER_IMAGE = 'muaddib-sandbox';
+const CONTAINER_TIMEOUT = 120000; // 120 seconds
+
+// Domains excluded from network findings (false positives)
+const SAFE_DOMAINS = [
+  'registry.npmjs.org',
+  'github.com',
+  'objects.githubusercontent.com'
+];
+
+// IPs/ports excluded from connection findings (false positives)
+const SAFE_IPS = ['127.0.0.1', '0.0.0.0'];
+const PROBE_PORTS = [65535]; // Node.js internal connectivity checks
+
+// Commands that are always suspicious in a sandbox
+const DANGEROUS_CMDS = ['curl', 'wget', 'nc', 'netcat', 'python', 'python3', 'bash', 'sh'];
+
+// ── Docker availability checks ──
+
+function isDockerAvailable() {
+  try {
+    execSync('docker info', { stdio: 'pipe', timeout: 10000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function imageExists() {
+  try {
+    execSync(`docker image inspect ${DOCKER_IMAGE}`, { stdio: 'pipe', timeout: 10000 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// ── Build image (with cache) ──
 
 async function buildSandboxImage() {
+  if (!isDockerAvailable()) {
+    console.log('[SANDBOX] Docker is not installed or not running. Skipping sandbox analysis.');
+    return false;
+  }
+
+  if (imageExists()) {
+    console.log('[SANDBOX] Using cached Docker image.');
+    return true;
+  }
+
   console.log('[SANDBOX] Building Docker image...');
-  
-  return new Promise((resolve, reject) => {
+
+  return new Promise((resolve) => {
     const dockerfilePath = path.join(__dirname, '..', 'docker');
     const proc = spawn('docker', ['build', '-t', DOCKER_IMAGE, dockerfilePath], {
       stdio: 'inherit'
     });
-    
+
     proc.on('close', (code) => {
       if (code === 0) {
         console.log('[SANDBOX] Image built successfully.');
-        resolve();
+        resolve(true);
       } else {
-        reject(new Error(`Docker build failed with code ${code}`));
+        console.log('[SANDBOX] Docker build failed.');
+        resolve(false);
       }
     });
-    
-    proc.on('error', reject);
+
+    proc.on('error', () => {
+      console.log('[SANDBOX] Docker error during build.');
+      resolve(false);
+    });
   });
 }
 
+// ── Run sandbox analysis ──
+
 async function runSandbox(packageName) {
-  console.log(`\n[SANDBOX] Analyzing "${packageName}" in isolated container...\n`);
-  
-  const results = {
-    package: packageName,
-    timestamp: new Date().toISOString(),
-    network: [],
-    processes: [],
-    fileAccess: [],
-    suspicious: false,
-    threats: [],
-    exitCode: null,
-    rawOutput: ''
-  };
-  
-  return new Promise((resolve, reject) => {
+  const cleanResult = { score: 0, severity: 'CLEAN', findings: [], raw_report: null, suspicious: false };
+
+  if (!isDockerAvailable()) {
+    console.log('[SANDBOX] Docker is not installed or not running. Skipping.');
+    return cleanResult;
+  }
+
+  console.log(`[SANDBOX] Analyzing "${packageName}" in isolated container...`);
+
+  return new Promise((resolve) => {
+    let stdout = '';
+    let timedOut = false;
+    const containerName = `muaddib-sandbox-${Date.now()}`;
+
     const proc = spawn('docker', [
       'run',
       '--rm',
+      `--name=${containerName}`,
       '--network=bridge',
       '--memory=512m',
       '--cpus=1',
       '--pids-limit=100',
+      '--cap-drop=ALL',
+      '--cap-add=SYS_PTRACE',
+      '--security-opt', 'no-new-privileges',
       DOCKER_IMAGE,
       packageName
     ]);
-    
-    let currentSection = null;
 
-    proc.stdout.on('data', (data) => {
-      const text = data.toString();
-      results.rawOutput += text;
-      process.stdout.write(text);
-      
-      // Parse sections
-      if (text.includes('=== NETWORK CONNECTIONS ===')) {
-        currentSection = 'network';
-      } else if (text.includes('=== PROCESS SPAWNS ===')) {
-        currentSection = 'processes';
-      } else if (text.includes('=== FILE ACCESS ===')) {
-        currentSection = 'fileAccess';
-      } else if (currentSection && text.trim()) {
-        results[currentSection].push(text.trim());
+    // Timeout: kill container after 120s
+    const timer = setTimeout(() => {
+      timedOut = true;
+      console.log('[SANDBOX] Timeout (120s). Killing container...');
+      try {
+        execSync(`docker kill ${containerName}`, { stdio: 'pipe', timeout: 5000 });
+      } catch {
+        proc.kill('SIGKILL');
       }
+    }, CONTAINER_TIMEOUT);
+
+    proc.stdout.on('data', (data) => {
+      stdout += data.toString();
     });
-    
+
     proc.stderr.on('data', (data) => {
-      process.stderr.write(data);
-    });
-    
-    proc.on('close', (code) => {
-      // Store exit code
-      results.exitCode = code;
-
-      // Analyze results
-      results.suspicious = analyzeResults(results);
-      
-      if (results.suspicious) {
-        console.log('\n[SANDBOX] ⚠️  SUSPICIOUS BEHAVIOR DETECTED!\n');
-        for (const threat of results.threats) {
-          console.log(`  [${threat.severity}] ${threat.message}`);
+      // Forward sandbox progress logs
+      const text = data.toString();
+      for (const line of text.split('\n')) {
+        if (line.includes('[SANDBOX]')) {
+          console.log(line.trim());
         }
-      } else {
-        console.log('\n[SANDBOX] ✓ No suspicious behavior detected.\n');
       }
-      
-      resolve(results);
     });
-    
+
+    proc.on('close', () => {
+      clearTimeout(timer);
+
+      if (timedOut) {
+        const result = {
+          score: 100,
+          severity: 'CRITICAL',
+          findings: [{
+            type: 'timeout',
+            severity: 'CRITICAL',
+            detail: 'Container exceeded 120s timeout',
+            evidence: `Killed after ${CONTAINER_TIMEOUT}ms`
+          }],
+          raw_report: null,
+          suspicious: true
+        };
+        displayResults(result);
+        resolve(result);
+        return;
+      }
+
+      // Parse JSON from container stdout
+      let report;
+      try {
+        report = JSON.parse(stdout);
+      } catch {
+        console.log('[SANDBOX] Failed to parse container output.');
+        resolve(cleanResult);
+        return;
+      }
+
+      const { score, findings } = scoreFindings(report);
+      const severity = getSeverity(score);
+      const result = { score, severity, findings, raw_report: report, suspicious: score > 0 };
+
+      displayResults(result);
+      resolve(result);
+    });
+
     proc.on('error', (err) => {
-      if (err.message.includes('ENOENT')) {
-        reject(new Error('Docker not found. Please install Docker Desktop.'));
+      clearTimeout(timer);
+      if (err.code === 'ENOENT') {
+        console.log('[SANDBOX] Docker not found. Please install Docker.');
       } else {
-        reject(err);
+        console.log(`[SANDBOX] Error: ${err.message}`);
       }
+      resolve(cleanResult);
     });
   });
 }
 
-function analyzeResults(results) {
-  let suspicious = false;
-  
-  // Check for suspicious network connections
-  const suspiciousHosts = ['pastebin', 'discord.com/api/webhooks', 'ngrok', 'burpcollaborator'];
-  for (const conn of results.network) {
-    for (const host of suspiciousHosts) {
-      if (conn.toLowerCase().includes(host)) {
-        results.threats.push({
-          severity: 'CRITICAL',
-          type: 'suspicious_network',
-          message: `Connection to suspicious host: ${host}`
-        });
-        suspicious = true;
-      }
+// ── Scoring engine ──
+
+function scoreFindings(report) {
+  let score = 0;
+  const findings = [];
+
+  // 1. Sensitive file reads
+  for (const file of (report.sensitive_files?.read || [])) {
+    if (/\.npmrc/.test(file) || /\.ssh/.test(file) || /\.aws/.test(file)) {
+      score += 40;
+      findings.push({ type: 'sensitive_file_read', severity: 'CRITICAL', detail: `Read credential file: ${file}`, evidence: file });
+    } else if (/\/etc\/passwd/.test(file) || /\/etc\/shadow/.test(file)) {
+      score += 25;
+      findings.push({ type: 'sensitive_file_read', severity: 'HIGH', detail: `Read system file: ${file}`, evidence: file });
+    } else if (/\.env/.test(file) || /\.gitconfig/.test(file) || /\.bash_history/.test(file)) {
+      score += 15;
+      findings.push({ type: 'sensitive_file_read', severity: 'MEDIUM', detail: `Read config file: ${file}`, evidence: file });
     }
   }
-  
-  // Check for credential file access
-  const sensitiveFiles = ['.npmrc', '.ssh', '.aws', '.gitconfig', '.env'];
-  for (const access of results.fileAccess) {
-    for (const file of sensitiveFiles) {
-      if (access.includes(file)) {
-        results.threats.push({
-          severity: 'HIGH',
-          type: 'credential_access',
-          message: `Access to sensitive file: ${file}`
-        });
-        suspicious = true;
-      }
+
+  // 2. Sensitive file writes (from strace)
+  for (const file of (report.sensitive_files?.written || [])) {
+    if (/\.npmrc/.test(file) || /\.ssh/.test(file) || /\.aws/.test(file)) {
+      score += 40;
+      findings.push({ type: 'sensitive_file_write', severity: 'CRITICAL', detail: `Write to credential file: ${file}`, evidence: file });
+    } else if (/\/etc\/passwd/.test(file) || /\/etc\/shadow/.test(file)) {
+      score += 25;
+      findings.push({ type: 'sensitive_file_write', severity: 'HIGH', detail: `Write to system file: ${file}`, evidence: file });
+    } else {
+      score += 15;
+      findings.push({ type: 'sensitive_file_write', severity: 'MEDIUM', detail: `Write to sensitive file: ${file}`, evidence: file });
     }
   }
-  
-  // Check for suspicious process spawns
-  const suspiciousProcesses = ['curl ', 'wget ', '/nc ', 'netcat', 'bash -c', 'sh -c', 'powershell'];
-  for (const proc of results.processes) {
-    for (const suspicious_proc of suspiciousProcesses) {
-      if (proc.toLowerCase().includes(suspicious_proc)) {
-        results.threats.push({
-          severity: 'HIGH',
-          type: 'suspicious_process',
-          message: `Suspicious process spawn: ${suspicious_proc}`
-        });
-        suspicious = true;
-      }
+
+  // 3. Filesystem changes — files created in suspicious locations
+  for (const file of (report.filesystem?.created || [])) {
+    if (/^\/usr\/bin\//.test(file) || /crontab/.test(file) || /\/cron\.d\//.test(file)) {
+      score += 50;
+      findings.push({ type: 'suspicious_filesystem', severity: 'CRITICAL', detail: `File created in system path: ${file}`, evidence: file });
+    } else if (/^\/tmp\//.test(file)) {
+      score += 30;
+      findings.push({ type: 'suspicious_filesystem', severity: 'HIGH', detail: `File created in /tmp: ${file}`, evidence: file });
+    }
+  }
+
+  // 4. DNS queries (exclude safe domains)
+  for (const domain of (report.network?.dns_queries || [])) {
+    if (isSafeDomain(domain)) continue;
+    score += 20;
+    findings.push({ type: 'suspicious_dns', severity: 'HIGH', detail: `DNS query to non-registry domain: ${domain}`, evidence: domain });
+  }
+
+  // 5. TCP connections (exclude safe hosts, probe ports, localhost)
+  for (const conn of (report.network?.http_connections || [])) {
+    if (isSafeHost(conn.host)) continue;
+    if (SAFE_IPS.includes(conn.host)) continue;
+    if (PROBE_PORTS.includes(conn.port)) continue;
+    score += 25;
+    findings.push({ type: 'suspicious_connection', severity: 'HIGH', detail: `TCP connection to ${conn.host}:${conn.port}`, evidence: `${conn.host}:${conn.port}` });
+  }
+
+  // 6. Suspicious processes
+  for (const p of (report.processes?.spawned || [])) {
+    const cmd = p.command || '';
+    const basename = cmd.split('/').pop();
+    if (DANGEROUS_CMDS.some(d => basename === d)) {
+      score += 40;
+      findings.push({ type: 'suspicious_process', severity: 'CRITICAL', detail: `Dangerous command spawned: ${cmd}`, evidence: cmd });
+    } else if (cmd) {
+      score += 15;
+      findings.push({ type: 'unknown_process', severity: 'MEDIUM', detail: `Unknown process spawned: ${cmd}`, evidence: cmd });
+    }
+  }
+
+  score = Math.min(100, score);
+  return { score, findings };
+}
+
+// ── Helpers ──
+
+function isSafeDomain(domain) {
+  return SAFE_DOMAINS.some(safe => domain === safe || domain.endsWith('.' + safe));
+}
+
+function isSafeHost(host) {
+  return SAFE_DOMAINS.some(safe => host === safe || host.endsWith('.' + safe));
+}
+
+function getSeverity(score) {
+  if (score === 0) return 'CLEAN';
+  if (score <= 20) return 'LOW';
+  if (score <= 50) return 'MEDIUM';
+  if (score <= 80) return 'HIGH';
+  return 'CRITICAL';
+}
+
+function displayResults(result) {
+  console.log(`\n[SANDBOX] Score: ${result.score}/100 — ${result.severity}`);
+  if (result.findings.length === 0) {
+    console.log('[SANDBOX] No suspicious behavior detected.');
+  } else {
+    console.log(`[SANDBOX] ${result.findings.length} finding(s):`);
+    for (const f of result.findings) {
+      console.log(`  [${f.severity}] ${f.type}: ${f.detail}`);
     }
   }
-  
-  return suspicious;
 }
 
-module.exports = { buildSandboxImage, runSandbox };
+module.exports = { buildSandboxImage, runSandbox };