nox-openclaw-hunter 1.0.0

package/dist/mdm/templates/detect.sh.js

@@ -0,0 +1,474 @@
+/**
+ * Shell detection script template for MDM deployment.
+ * Targets macOS and Linux systems.
+ */
+import { VERSION, COMPANY } from '../../branding.js';
+/**
+ * Escape a string for safe use in shell scripts.
+ * Escapes characters that could enable shell injection.
+ */
+function escapeShellString(str) {
+    // Remove null bytes
+    let escaped = str.replace(/\0/g, '');
+    // Escape backslashes first, then single quotes
+    escaped = escaped.replace(/\\/g, '\\\\');
+    escaped = escaped.replace(/'/g, "'\\''");
+    // Escape special shell characters
+    escaped = escaped.replace(/\$/g, '\\$');
+    escaped = escaped.replace(/`/g, '\\`');
+    escaped = escaped.replace(/"/g, '\\"');
+    escaped = escaped.replace(/!/g, '\\!');
+    return escaped;
+}
+/**
+ * Validate URL format for MDM scripts.
+ */
+function validateMdmUrl(url) {
+    try {
+        const parsed = new URL(url);
+        if (!['http:', 'https:'].includes(parsed.protocol)) {
+            throw new Error('Invalid protocol');
+        }
+        return escapeShellString(url);
+    }
+    catch {
+        throw new Error(`Invalid webhook URL: ${url}`);
+    }
+}
+/**
+ * Generate detection shell script.
+ */
+export function generateDetectShellScript(options = {}) {
+    const { webhookUrl, webhookToken, gatewayPort = 18789, verbose = false } = options;
+    // Validate and sanitize inputs to prevent shell injection
+    const safeWebhookUrl = webhookUrl ? validateMdmUrl(webhookUrl) : undefined;
+    const safeWebhookToken = webhookToken ? escapeShellString(webhookToken) : undefined;
+    // Validate gateway port
+    if (gatewayPort < 1 || gatewayPort > 65535 || !Number.isInteger(gatewayPort)) {
+        throw new Error(`Invalid gateway port: ${gatewayPort}`);
+    }
+    const webhookSection = safeWebhookUrl
+        ? `
+# Webhook configuration
+WEBHOOK_URL="${safeWebhookUrl}"
+${safeWebhookToken ? `WEBHOOK_TOKEN="${safeWebhookToken}"` : 'WEBHOOK_TOKEN=""'}
+
+send_webhook() {
+    local status="$1"
+    local severity="$2"
+    local details="$3"
+    
+    local payload
+    payload=$(cat <<PAYLOAD
+{
+    "event": "openclaw.detection",
+    "version": "1.0",
+    "timestamp": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
+    "status": "$status",
+    "severity": "$severity",
+    "host": {
+        "hostname": "$(hostname)",
+        "os": "$(uname -s)",
+        "arch": "$(uname -m)",
+        "user": "$USER"
+    },
+    "details": "$details",
+    "source": {
+        "tool": "nox-openclaw-detector",
+        "version": "${VERSION}",
+        "vendor": "${COMPANY}"
+    }
+}
+PAYLOAD
+)
+
+    local auth_header=""
+    if [[ -n "$WEBHOOK_TOKEN" ]]; then
+        auth_header="-H \\"Authorization: Bearer $WEBHOOK_TOKEN\\""
+    fi
+    
+    curl -s -X POST "$WEBHOOK_URL" \\
+        -H "Content-Type: application/json" \\
+        $auth_header \\
+        -d "$payload" \\
+        --connect-timeout 10 \\
+        --max-time 30 > /dev/null 2>&1 || true
+}
+`
+        : '';
+    const verboseLog = verbose
+        ? `
+log_verbose() {
+    echo "[DEBUG] $(date '+%Y-%m-%d %H:%M:%S') $1"
+}
+`
+        : `
+log_verbose() { :; }  # No-op when not verbose
+`;
+    return `#!/bin/bash
+# ==============================================================================
+# Nox OpenClaw Detection Script
+# ==============================================================================
+# Generated by ${VERSION}
+# ${COMPANY} - https://nox.security
+#
+# This script detects OpenClaw AI agent installations on macOS and Linux.
+#
+# Exit Codes:
+#   0 - OpenClaw NOT detected (clean)
+#   1 - OpenClaw DETECTED
+#   2 - Script error
+#
+# Usage:
+#   ./detect-openclaw.sh
+#   ./detect-openclaw.sh --verbose
+# ==============================================================================
+
+set -euo pipefail
+
+# Configuration
+GATEWAY_PORT=${gatewayPort}
+OPENCLAW_FOUND=0
+DETECTION_DETAILS=()
+${verboseLog}
+${webhookSection}
+
+# Add detection detail
+add_detail() {
+    DETECTION_DETAILS+=("$1")
+    log_verbose "Detection: $1"
+}
+
+# Check if running as expected user
+check_environment() {
+    log_verbose "Running as user: $USER"
+    log_verbose "Operating system: $(uname -s) $(uname -r)"
+    log_verbose "Architecture: $(uname -m)"
+}
+
+# Check if nox CLI is available and use it
+check_nox_cli() {
+    if command -v nox &>/dev/null; then
+        log_verbose "Nox CLI found, using for detection"
+        local result
+        if result=$(nox scan --quiet --json 2>/dev/null); then
+            local summary
+            summary=$(echo "$result" | grep -o '"summary":"[^"]*"' | cut -d'"' -f4 || echo "")
+            if [[ "$summary" != "not-installed" && -n "$summary" ]]; then
+                OPENCLAW_FOUND=1
+                add_detail "Detected via nox CLI: $summary"
+            fi
+            return 0
+        fi
+    fi
+    return 1
+}
+
+# Check for CLI binary in common locations
+check_cli_binary() {
+    log_verbose "Checking for CLI binary..."
+    
+    local cli_paths=(
+        "/usr/local/bin/openclaw"
+        "/opt/homebrew/bin/openclaw"
+        "/usr/bin/openclaw"
+        "$HOME/.local/bin/openclaw"
+        "$HOME/bin/openclaw"
+    )
+    
+    for cli_path in "\${cli_paths[@]}"; do
+        if [[ -f "$cli_path" ]]; then
+            OPENCLAW_FOUND=1
+            local version=""
+            if version=$("$cli_path" --version 2>/dev/null); then
+                add_detail "CLI binary found at $cli_path (version: $version)"
+            else
+                add_detail "CLI binary found at $cli_path"
+            fi
+            return
+        fi
+    done
+    
+    # Check PATH
+    if command -v openclaw &>/dev/null; then
+        local cli_path
+        cli_path=$(command -v openclaw)
+        OPENCLAW_FOUND=1
+        add_detail "CLI binary found in PATH: $cli_path"
+    fi
+}
+
+# Check for macOS app bundle
+check_app_bundle() {
+    log_verbose "Checking for macOS app bundle..."
+    
+    local app_paths=(
+        "/Applications/OpenClaw.app"
+        "$HOME/Applications/OpenClaw.app"
+    )
+    
+    for app_path in "\${app_paths[@]}"; do
+        if [[ -d "$app_path" ]]; then
+            OPENCLAW_FOUND=1
+            local version=""
+            local plist="$app_path/Contents/Info.plist"
+            if [[ -f "$plist" ]] && command -v defaults &>/dev/null; then
+                version=$(defaults read "$plist" CFBundleShortVersionString 2>/dev/null || echo "")
+            fi
+            if [[ -n "$version" ]]; then
+                add_detail "App bundle found at $app_path (version: $version)"
+            else
+                add_detail "App bundle found at $app_path"
+            fi
+        fi
+    done
+}
+
+# Check for configuration directory
+check_config_directory() {
+    log_verbose "Checking for configuration directories..."
+    
+    # Check current user
+    if [[ -d "$HOME/.openclaw" ]]; then
+        OPENCLAW_FOUND=1
+        local config_file="$HOME/.openclaw/openclaw.json"
+        if [[ -f "$config_file" ]]; then
+            add_detail "Config directory found at $HOME/.openclaw (with config file)"
+        else
+            add_detail "Config directory found at $HOME/.openclaw"
+        fi
+    fi
+    
+    # Check other users (requires root)
+    if [[ $EUID -eq 0 ]]; then
+        for user_home in /Users/* /home/*; do
+            if [[ -d "$user_home/.openclaw" && "$user_home" != "$HOME" ]]; then
+                OPENCLAW_FOUND=1
+                add_detail "Config directory found at $user_home/.openclaw"
+            fi
+        done
+    fi
+}
+
+# Check for running processes
+check_processes() {
+    log_verbose "Checking for running processes..."
+    
+    local pids
+    if pids=$(pgrep -f "openclaw" 2>/dev/null); then
+        OPENCLAW_FOUND=1
+        local count
+        count=$(echo "$pids" | wc -l | tr -d ' ')
+        add_detail "OpenClaw processes running (count: $count, PIDs: $(echo $pids | tr '\\n' ' '))"
+    fi
+}
+
+# Check for gateway port
+check_gateway_port() {
+    log_verbose "Checking for gateway port $GATEWAY_PORT..."
+    
+    # Try netcat first
+    if command -v nc &>/dev/null; then
+        if nc -z localhost "$GATEWAY_PORT" 2>/dev/null; then
+            OPENCLAW_FOUND=1
+            add_detail "Gateway port $GATEWAY_PORT is listening"
+            return
+        fi
+    fi
+    
+    # Try lsof
+    if command -v lsof &>/dev/null; then
+        if lsof -i ":$GATEWAY_PORT" -sTCP:LISTEN &>/dev/null; then
+            OPENCLAW_FOUND=1
+            add_detail "Gateway port $GATEWAY_PORT is listening (via lsof)"
+            return
+        fi
+    fi
+    
+    # Try /dev/tcp (bash built-in)
+    if (echo >/dev/tcp/localhost/$GATEWAY_PORT) 2>/dev/null; then
+        OPENCLAW_FOUND=1
+        add_detail "Gateway port $GATEWAY_PORT is listening"
+    fi
+}
+
+# Check for launchd service (macOS)
+check_launchd_service() {
+    if [[ "$(uname -s)" != "Darwin" ]]; then
+        return
+    fi
+    
+    log_verbose "Checking for launchd services..."
+    
+    local plist_patterns=(
+        "bot.molt"
+        "openclaw"
+    )
+    
+    local search_dirs=(
+        "$HOME/Library/LaunchAgents"
+        "/Library/LaunchAgents"
+        "/Library/LaunchDaemons"
+    )
+    
+    for dir in "\${search_dirs[@]}"; do
+        if [[ -d "$dir" ]]; then
+            for pattern in "\${plist_patterns[@]}"; do
+                for plist in "$dir"/*"$pattern"*.plist; do
+                    if [[ -f "$plist" ]]; then
+                        OPENCLAW_FOUND=1
+                        local loaded=""
+                        if launchctl list | grep -q "$pattern" 2>/dev/null; then
+                            loaded=" (loaded)"
+                        fi
+                        add_detail "LaunchAgent/Daemon found: $plist$loaded"
+                    fi
+                done
+            done
+        fi
+    done
+}
+
+# Check for systemd service (Linux)
+check_systemd_service() {
+    if ! command -v systemctl &>/dev/null; then
+        return
+    fi
+    
+    log_verbose "Checking for systemd services..."
+    
+    local service_names=(
+        "openclaw"
+        "openclaw.service"
+        "bot.molt.gateway"
+    )
+    
+    for service in "\${service_names[@]}"; do
+        if systemctl list-unit-files "$service" &>/dev/null; then
+            local status
+            status=$(systemctl is-active "$service" 2>/dev/null || echo "inactive")
+            if [[ "$status" != "inactive" ]] || systemctl is-enabled "$service" &>/dev/null; then
+                OPENCLAW_FOUND=1
+                add_detail "Systemd service found: $service (status: $status)"
+            fi
+        fi
+    done
+    
+    # Check for service files directly
+    local service_paths=(
+        "/etc/systemd/system/openclaw.service"
+        "/usr/lib/systemd/system/openclaw.service"
+        "$HOME/.config/systemd/user/openclaw.service"
+    )
+    
+    for service_path in "\${service_paths[@]}"; do
+        if [[ -f "$service_path" ]]; then
+            OPENCLAW_FOUND=1
+            add_detail "Systemd service file found: $service_path"
+        fi
+    done
+}
+
+# Check for Docker containers and images
+check_docker() {
+    if ! command -v docker &>/dev/null; then
+        return
+    fi
+    
+    log_verbose "Checking for Docker artifacts..."
+    
+    # Check running containers
+    local containers
+    if containers=$(docker ps --filter "name=openclaw" --format "{{.Names}}" 2>/dev/null); then
+        if [[ -n "$containers" ]]; then
+            OPENCLAW_FOUND=1
+            add_detail "Docker containers running: $containers"
+        fi
+    fi
+    
+    # Check stopped containers
+    if containers=$(docker ps -a --filter "name=openclaw" --filter "status=exited" --format "{{.Names}}" 2>/dev/null); then
+        if [[ -n "$containers" ]]; then
+            OPENCLAW_FOUND=1
+            add_detail "Docker containers (stopped): $containers"
+        fi
+    fi
+    
+    # Check images
+    local images
+    if images=$(docker images --filter "reference=*openclaw*" --format "{{.Repository}}:{{.Tag}}" 2>/dev/null); then
+        if [[ -n "$images" ]]; then
+            OPENCLAW_FOUND=1
+            add_detail "Docker images found: $images"
+        fi
+    fi
+}
+
+# Main detection routine
+main() {
+    check_environment
+    
+    # Try nox CLI first (most comprehensive)
+    if check_nox_cli; then
+        # Nox CLI handled detection
+        :
+    else
+        # Fallback to individual checks
+        check_cli_binary
+        check_app_bundle
+        check_config_directory
+        check_processes
+        check_gateway_port
+        check_launchd_service
+        check_systemd_service
+        check_docker
+    fi
+    
+    # Compile results
+    local details_string=""
+    if [[ \${#DETECTION_DETAILS[@]} -gt 0 ]]; then
+        details_string=$(IFS="; "; echo "\${DETECTION_DETAILS[*]}")
+    fi
+    
+    # Send webhook notification
+    ${safeWebhookUrl ? `
+    if [[ $OPENCLAW_FOUND -eq 1 ]]; then
+        send_webhook "detected" "high" "$details_string"
+    else
+        send_webhook "clean" "info" "No OpenClaw installation detected"
+    fi
+    ` : ''}
+    
+    # Output results
+    if [[ $OPENCLAW_FOUND -eq 1 ]]; then
+        echo "OPENCLAW DETECTED"
+        echo "Details: $details_string"
+        exit 1
+    else
+        echo "OpenClaw not detected"
+        exit 0
+    fi
+}
+
+# Run main function
+main "$@"
+`;
+}
+/**
+ * Get script metadata for documentation.
+ */
+export function getDetectShellMetadata() {
+    return {
+        filename: 'detect-openclaw.sh',
+        extension: '.sh',
+        platform: 'unix',
+        description: 'Shell detection script for macOS and Linux',
+        requirements: ['bash 4.0+', 'Standard Unix utilities (grep, pgrep, nc)'],
+        exitCodes: {
+            0: 'OpenClaw not detected (clean)',
+            1: 'OpenClaw detected',
+            2: 'Script error',
+        },
+    };
+}
+//# sourceMappingURL=detect.sh.js.map

package/dist/mdm/templates/detect.sh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.sh.js","sourceRoot":"","sources":["../../../src/mdm/templates/detect.sh.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AASrD;;;GAGG;AACH,SAAS,iBAAiB,CAAC,GAAW;IACpC,oBAAoB;IACpB,IAAI,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACrC,+CAA+C;IAC/C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACzC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACzC,kCAAkC;IAClC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACxC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,UAA8B,EAAE;IACxE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,GAAG,KAAK,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAEnF,0DAA0D;IAC1D,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3E,MAAM,gBAAgB,GAAG,YAAY,CAAC,CAAC,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEpF,wBAAwB;IACxB,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,GAAG,KAAK,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,yBAAyB,WAAW,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,cAAc,GAAG,cAAc;QACnC,CAAC,CAAC;;eAES,cAAc;EAC3B,gBAAgB,CAAC,CAAC,CAAC,kBAAkB,gBAAgB,GAAG,CAAC,CAAC,CAAC,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;sBAwBzD,OAAO;qBACR,OAAO;;;;;;;;;;;;;;;;;;CAkB3B;QACG,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,UAAU,GAAG,OAAO;QACxB,CAAC,CAAC;;;;CAIL;QACG,CAAC,CAAC;;CAEL,CAAC;IAEA,OAAO;;;;iBAIQ,OAAO;IACpB,OAAO;;;;;;;;;;;;;;;;;eAiBI,WAAW;;;EAGxB,UAAU;EACV,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MA4SV,cAAc,CAAC,CAAC,CAAC;;;;;;KAMlB,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;CAeT,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO;QACL,QAAQ,EAAE,oBAAoB;QAC9B,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4CAA4C;QACzD,YAAY,EAAE,CAAC,WAAW,EAAE,2CAA2C,CAAC;QACxE,SAAS,EAAE;YACT,CAAC,EAAE,+BAA+B;YAClC,CAAC,EAAE,mBAAmB;YACtB,CAAC,EAAE,cAAc;SAClB;KACF,CAAC;AACJ,CAAC"}

package/dist/mdm/templates/enforce.ps1.d.ts

@@ -0,0 +1,33 @@
+/**
+ * PowerShell enforcement script template for MDM deployment.
+ * Targets Windows systems.
+ */
+export interface EnforcePowerShellOptions {
+    webhookUrl?: string;
+    webhookToken?: string;
+    gatewayPort?: number;
+    verbose?: boolean;
+    dryRun?: boolean;
+    quarantine?: boolean;
+}
+/**
+ * Generate enforcement PowerShell script.
+ */
+export declare function generateEnforcePowerShellScript(options?: EnforcePowerShellOptions): string;
+/**
+ * Get script metadata for documentation.
+ */
+export declare function getEnforcePowerShellMetadata(): {
+    filename: string;
+    extension: string;
+    platform: string;
+    description: string;
+    requirements: string[];
+    exitCodes: {
+        0: string;
+        1: string;
+        2: string;
+        3: string;
+    };
+};
+//# sourceMappingURL=enforce.ps1.d.ts.map

package/dist/mdm/templates/enforce.ps1.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforce.ps1.d.ts","sourceRoot":"","sources":["../../../src/mdm/templates/enforce.ps1.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,WAAW,wBAAwB;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAiCD;;GAEG;AACH,wBAAgB,+BAA+B,CAAC,OAAO,GAAE,wBAA6B,GAAG,MAAM,CAooB9F;AAED;;GAEG;AACH,wBAAgB,4BAA4B;;;;;;;;;;;;EAc3C"}