rtexit-method 0.1.0

package/_rtexit/scripts/finding_tracker.py

@@ -0,0 +1,251 @@
+#!/usr/bin/env python3
+"""
+RTExit Finding Tracker
+Manages findings across a Red Team engagement.
+Usage:
+  python3 finding_tracker.py add "SQL Injection" CRITICAL 9.8 "target.com/login"
+  python3 finding_tracker.py list [--severity CRITICAL]
+  python3 finding_tracker.py show F-001
+  python3 finding_tracker.py export [--format html|md|csv]
+  python3 finding_tracker.py stats
+"""
+
+import argparse
+import csv
+import datetime
+import json
+import os
+import sys
+
+
+FINDINGS_CSV = os.path.join(
+    os.environ.get('RTEXIT_OUTPUT', '_rtexit-output'),
+    'docs', 'findings', 'findings-master.csv'
+)
+
+SEVERITY_ORDER = {'CRITICAL': 0, 'HIGH': 1, 'MEDIUM': 2, 'LOW': 3, 'INFO': 4}
+SEVERITY_ICONS = {'CRITICAL': '🔴', 'HIGH': '🟠', 'MEDIUM': '🟡', 'LOW': '🔵', 'INFO': '⚪'}
+
+FIELDNAMES = [
+    'id', 'title', 'severity', 'cvss', 'status', 'asset',
+    'cwe', 'cve', 'mitre', 'phase', 'date', 'operator', 'notes'
+]
+
+
+def ensure_csv():
+    os.makedirs(os.path.dirname(FINDINGS_CSV), exist_ok=True)
+    if not os.path.exists(FINDINGS_CSV):
+        with open(FINDINGS_CSV, 'w', newline='', encoding='utf-8') as f:
+            writer = csv.DictWriter(f, fieldnames=FIELDNAMES)
+            writer.writeheader()
+
+
+def load_findings() -> list:
+    ensure_csv()
+    with open(FINDINGS_CSV, 'r', encoding='utf-8') as f:
+        return list(csv.DictReader(f))
+
+
+def save_findings(findings: list):
+    ensure_csv()
+    with open(FINDINGS_CSV, 'w', newline='', encoding='utf-8') as f:
+        writer = csv.DictWriter(f, fieldnames=FIELDNAMES)
+        writer.writeheader()
+        writer.writerows(findings)
+
+
+def next_id(findings: list) -> str:
+    if not findings:
+        return 'F-001'
+    last = sorted([f['id'] for f in findings if f['id'].startswith('F-')])[-1]
+    num = int(last.split('-')[1]) + 1
+    return f'F-{num:03d}'
+
+
+def cmd_add(args):
+    findings = load_findings()
+    fid = next_id(findings)
+    finding = {
+        'id': fid,
+        'title': args.title,
+        'severity': args.severity.upper(),
+        'cvss': args.cvss,
+        'status': args.status or 'CONFIRMED',
+        'asset': args.asset or '',
+        'cwe': args.cwe or '',
+        'cve': args.cve or '',
+        'mitre': args.mitre or '',
+        'phase': args.phase or '',
+        'date': datetime.date.today().isoformat(),
+        'operator': args.operator or '',
+        'notes': args.notes or '',
+    }
+    findings.append(finding)
+    save_findings(findings)
+
+    # Create individual finding MD file
+    md_path = os.path.join(os.path.dirname(FINDINGS_CSV), f'{fid}.md')
+    icon = SEVERITY_ICONS.get(finding['severity'], '⚪')
+    with open(md_path, 'w', encoding='utf-8') as f:
+        f.write(f"""---
+id: {fid}
+title: "{finding['title']}"
+severity: {finding['severity']}
+cvss: {finding['cvss']}
+status: {finding['status']}
+asset: {finding['asset']}
+cwe: {finding['cwe']}
+cve: {finding['cve']}
+mitre: {finding['mitre']}
+date: {finding['date']}
+---
+
+# {icon} {fid} — {finding['title']}
+
+## Summary
+> **Severity:** {finding['severity']} | **CVSS:** {finding['cvss']} | **Asset:** {finding['asset']}
+
+## Description
+<!-- Describe the vulnerability in detail -->
+
+## Technical Evidence
+```
+<!-- Paste command output, HTTP requests/responses, screenshots references -->
+```
+
+## Impact
+<!-- Business and technical impact -->
+
+## Reproduction Steps
+1.
+2.
+3.
+
+## Remediation
+### Immediate (0-24 hours)
+-
+
+### Short-term (1-30 days)
+-
+
+### Long-term
+-
+
+## References
+- CWE: https://cwe.mitre.org/data/definitions/{finding['cwe'].replace('CWE-', '')}.html
+- MITRE ATT&CK: https://attack.mitre.org/techniques/{finding['mitre']}/
+""")
+
+    print(f"✅ Added: {fid} — {finding['title']} [{finding['severity']}]")
+    print(f"   File: {md_path}")
+
+
+def cmd_list(args):
+    findings = load_findings()
+    if args.severity:
+        findings = [f for f in findings if f['severity'] == args.severity.upper()]
+    if args.status:
+        findings = [f for f in findings if f['status'] == args.status.upper()]
+
+    findings.sort(key=lambda f: SEVERITY_ORDER.get(f['severity'], 99))
+
+    if not findings:
+        print("No findings found.")
+        return
+
+    print(f"\n{'ID':<8} {'SEVERITY':<10} {'CVSS':<6} {'STATUS':<12} {'TITLE'}")
+    print("-" * 80)
+    for f in findings:
+        icon = SEVERITY_ICONS.get(f['severity'], '⚪')
+        print(f"{f['id']:<8} {icon} {f['severity']:<8} {f['cvss']:<6} {f['status']:<12} {f['title']}")
+    print(f"\nTotal: {len(findings)} findings")
+
+
+def cmd_stats(args):
+    findings = load_findings()
+    counts = {}
+    for f in findings:
+        counts[f['severity']] = counts.get(f['severity'], 0) + 1
+
+    print("\n=== Finding Statistics ===")
+    for sev in ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO']:
+        icon = SEVERITY_ICONS.get(sev, '⚪')
+        count = counts.get(sev, 0)
+        bar = '█' * count
+        print(f"{icon} {sev:<10}: {count:>3}  {bar}")
+    print(f"\n   TOTAL    : {len(findings)}")
+
+
+def cmd_export(args):
+    findings = load_findings()
+    fmt = args.format or 'md'
+
+    if fmt == 'csv':
+        print(open(FINDINGS_CSV).read())
+
+    elif fmt == 'json':
+        print(json.dumps(findings, indent=2))
+
+    elif fmt == 'md':
+        print("# Findings Summary\n")
+        print(f"| ID | Severity | CVSS | Title | Asset | Status |")
+        print(f"|----|---------:|-----:|-------|-------|--------|")
+        for f in sorted(findings, key=lambda x: SEVERITY_ORDER.get(x['severity'], 99)):
+            icon = SEVERITY_ICONS.get(f['severity'], '⚪')
+            print(f"| {f['id']} | {icon} {f['severity']} | {f['cvss']} | {f['title']} | {f['asset']} | {f['status']} |")
+
+    elif fmt == 'html':
+        print("<table>")
+        print("<tr><th>ID</th><th>Severity</th><th>CVSS</th><th>Title</th><th>Asset</th></tr>")
+        for f in findings:
+            print(f"<tr><td>{f['id']}</td><td>{f['severity']}</td><td>{f['cvss']}</td>"
+                  f"<td>{f['title']}</td><td>{f['asset']}</td></tr>")
+        print("</table>")
+
+
+def main():
+    parser = argparse.ArgumentParser(description='RTExit Finding Tracker')
+    sub = parser.add_subparsers(dest='command')
+
+    # add
+    p_add = sub.add_parser('add', help='Add a new finding')
+    p_add.add_argument('title', help='Finding title')
+    p_add.add_argument('severity', help='CRITICAL/HIGH/MEDIUM/LOW/INFO')
+    p_add.add_argument('cvss', help='CVSS score (e.g. 9.8)')
+    p_add.add_argument('asset', nargs='?', help='Affected asset URL/IP')
+    p_add.add_argument('--status', default='CONFIRMED')
+    p_add.add_argument('--cwe', default='')
+    p_add.add_argument('--cve', default='')
+    p_add.add_argument('--mitre', default='')
+    p_add.add_argument('--phase', default='')
+    p_add.add_argument('--operator', default='')
+    p_add.add_argument('--notes', default='')
+
+    # list
+    p_list = sub.add_parser('list', help='List findings')
+    p_list.add_argument('--severity', help='Filter by severity')
+    p_list.add_argument('--status', help='Filter by status')
+
+    # stats
+    sub.add_parser('stats', help='Show finding statistics')
+
+    # export
+    p_exp = sub.add_parser('export', help='Export findings')
+    p_exp.add_argument('--format', choices=['md', 'csv', 'json', 'html'], default='md')
+
+    args = parser.parse_args()
+
+    if args.command == 'add':
+        cmd_add(args)
+    elif args.command == 'list':
+        cmd_list(args)
+    elif args.command == 'stats':
+        cmd_stats(args)
+    elif args.command == 'export':
+        cmd_export(args)
+    else:
+        parser.print_help()
+
+
+if __name__ == '__main__':
+    main()

package/_rtexit/scripts/resolve_config.py

@@ -0,0 +1,127 @@
+#!/usr/bin/env python3
+"""
+RTExit Configuration Resolver
+Merges 4 config layers (base → user → team → personal) into final config.
+Usage: python3 resolve_config.py --project-root /path [--key section]
+"""
+
+import argparse
+import json
+import os
+import sys
+
+try:
+    import tomllib
+except ImportError:
+    try:
+        import tomli as tomllib
+    except ImportError:
+        # Fallback: simple TOML parser for basic key=value
+        tomllib = None
+
+
+def parse_simple_toml(content: str) -> dict:
+    """Simple TOML parser for basic key=value pairs (no dependencies)."""
+    result = {}
+    current_section = result
+
+    for line in content.splitlines():
+        line = line.strip()
+        if not line or line.startswith('#'):
+            continue
+        if line.startswith('[') and line.endswith(']'):
+            section_path = line[1:-1].split('.')
+            current_section = result
+            for part in section_path:
+                if part not in current_section:
+                    current_section[part] = {}
+                current_section = current_section[part]
+        elif '=' in line:
+            key, _, value = line.partition('=')
+            key = key.strip()
+            value = value.strip().strip('"').strip("'")
+            if value.lower() == 'true':
+                value = True
+            elif value.lower() == 'false':
+                value = False
+            current_section[key] = value
+
+    return result
+
+
+def load_toml(path: str) -> dict:
+    if not os.path.exists(path):
+        return {}
+    with open(path, 'rb') as f:
+        content = f.read()
+    if tomllib:
+        return tomllib.loads(content.decode('utf-8'))
+    return parse_simple_toml(content.decode('utf-8'))
+
+
+def deep_merge(base: dict, override: dict) -> dict:
+    """Deep merge two dicts. Override values win."""
+    result = dict(base)
+    for key, value in override.items():
+        if key in result and isinstance(result[key], dict) and isinstance(value, dict):
+            result[key] = deep_merge(result[key], value)
+        elif key in result and isinstance(result[key], list) and isinstance(value, list):
+            result[key] = result[key] + value
+        elif value != '' and value is not None:
+            result[key] = value
+    return result
+
+
+def resolve_config(project_root: str) -> dict:
+    """Merge 4 config layers."""
+    layers = [
+        os.path.join(project_root, '_rtexit', 'config.toml'),
+        os.path.join(project_root, '_rtexit', 'config.user.toml'),
+        os.path.join(project_root, '_rtexit', 'custom', 'config.toml'),
+        os.path.join(project_root, '_rtexit', 'custom', 'config.user.toml'),
+    ]
+
+    config = {}
+    for layer in layers:
+        layer_config = load_toml(layer)
+        config = deep_merge(config, layer_config)
+
+    # Resolve path templates
+    config = resolve_templates(config, project_root)
+    return config
+
+
+def resolve_templates(obj, project_root: str):
+    """Replace {project-root} and other templates in string values."""
+    if isinstance(obj, dict):
+        return {k: resolve_templates(v, project_root) for k, v in obj.items()}
+    elif isinstance(obj, list):
+        return [resolve_templates(i, project_root) for i in obj]
+    elif isinstance(obj, str):
+        dir_name = os.path.basename(os.path.abspath(project_root))
+        return obj.replace('{project-root}', project_root).replace('{dir-name}', dir_name)
+    return obj
+
+
+def main():
+    parser = argparse.ArgumentParser(description='RTExit Config Resolver')
+    parser.add_argument('--project-root', required=True, help='Project root directory')
+    parser.add_argument('--key', help='Specific config section to return')
+    args = parser.parse_args()
+
+    config = resolve_config(args.project_root)
+
+    if args.key:
+        # Navigate nested keys like "agents.commander"
+        parts = args.key.split('.')
+        result = config
+        for part in parts:
+            result = result.get(part, {})
+    else:
+        result = config
+
+    print(json.dumps(result, indent=2))
+
+
+if __name__ == '__main__':
+    main()

package/_rtexit/scripts/resolve_customization.py

@@ -0,0 +1,154 @@
+#!/usr/bin/env python3
+"""
+RTExit Skill Customization Resolver
+Merges skill's customize.toml with team/user overrides.
+Usage: python3 resolve_customization.py --skill /path/to/skill --key agent
+"""
+
+import argparse
+import json
+import os
+import sys
+
+
+def parse_simple_toml(content: str) -> dict:
+    """Simple TOML parser."""
+    result = {}
+    current_section = result
+    current_section_path = []
+
+    for line in content.splitlines():
+        line = line.strip()
+        if not line or line.startswith('#'):
+            continue
+
+        if line.startswith('[[') and line.endswith(']]'):
+            # Array of tables
+            section_path = line[2:-2].split('.')
+            current_section_path = section_path
+            current_obj = result
+            for part in section_path[:-1]:
+                if part not in current_obj:
+                    current_obj[part] = {}
+                current_obj = current_obj[part]
+            last_key = section_path[-1]
+            if last_key not in current_obj:
+                current_obj[last_key] = []
+            new_item = {}
+            current_obj[last_key].append(new_item)
+            current_section = new_item
+
+        elif line.startswith('[') and line.endswith(']'):
+            section_path = line[1:-1].split('.')
+            current_section_path = section_path
+            current_section = result
+            for part in section_path:
+                if part not in current_section:
+                    current_section[part] = {}
+                current_section = current_section[part]
+
+        elif '=' in line:
+            key, _, value = line.partition('=')
+            key = key.strip()
+            value = value.strip()
+            if value.startswith('"') or value.startswith("'"):
+                value = value.strip('"').strip("'")
+            elif value.startswith('['):
+                # Array: parse inline
+                value = [v.strip().strip('"').strip("'")
+                         for v in value.strip('[]').split(',') if v.strip()]
+            elif value.lower() == 'true':
+                value = True
+            elif value.lower() == 'false':
+                value = False
+            current_section[key] = value
+
+    return result
+
+
+def load_toml(path: str) -> dict:
+    if not os.path.exists(path):
+        return {}
+    with open(path, 'r', encoding='utf-8') as f:
+        content = f.read()
+    try:
+        import tomllib
+        with open(path, 'rb') as fb:
+            return tomllib.load(fb)
+    except ImportError:
+        pass
+    try:
+        import tomli
+        with open(path, 'rb') as fb:
+            return tomli.load(fb)
+    except ImportError:
+        pass
+    return parse_simple_toml(content)
+
+
+def deep_merge(base: dict, override: dict) -> dict:
+    result = dict(base)
+    for key, value in override.items():
+        if key in result and isinstance(result[key], dict) and isinstance(value, dict):
+            result[key] = deep_merge(result[key], value)
+        elif key in result and isinstance(result[key], list) and isinstance(value, list):
+            # Merge arrays of tables by 'code' key
+            merged = list(result[key])
+            for new_item in value:
+                if isinstance(new_item, dict) and 'code' in new_item:
+                    existing_idx = next(
+                        (i for i, x in enumerate(merged)
+                         if isinstance(x, dict) and x.get('code') == new_item['code']),
+                        None
+                    )
+                    if existing_idx is not None:
+                        merged[existing_idx] = deep_merge(merged[existing_idx], new_item)
+                    else:
+                        merged.append(new_item)
+                else:
+                    merged.append(new_item)
+            result[key] = merged
+        elif value not in ('', None, []):
+            result[key] = value
+    return result
+
+
+def resolve_customization(skill_root: str, project_root: str = None) -> dict:
+    """Load and merge customize.toml layers for a skill."""
+    skill_name = os.path.basename(os.path.abspath(skill_root))
+
+    layers = [os.path.join(skill_root, 'customize.toml')]
+
+    if project_root:
+        layers += [
+            os.path.join(project_root, '_rtexit', 'custom', f'{skill_name}.toml'),
+            os.path.join(project_root, '_rtexit', 'custom', f'{skill_name}.user.toml'),
+        ]
+
+    config = {}
+    for layer in layers:
+        layer_config = load_toml(layer)
+        config = deep_merge(config, layer_config)
+
+    return config
+
+
+def main():
+    parser = argparse.ArgumentParser(description='RTExit Customization Resolver')
+    parser.add_argument('--skill', required=True, help='Skill root directory')
+    parser.add_argument('--project-root', help='Project root (for custom overrides)')
+    parser.add_argument('--key', help='Specific section to return (e.g. agent)')
+    args = parser.parse_args()
+
+    config = resolve_customization(args.skill, args.project_root)
+
+    if args.key:
+        result = config.get(args.key, {})
+    else:
+        result = config
+
+    print(json.dumps(result, indent=2))
+
+
+if __name__ == '__main__':
+    main()

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "rtexit-method",
+  "version": "0.1.0",
+  "description": "RTExit - AI-assisted Red Team methodology installer",
+  "license": "MIT",
+  "author": "Exit Code",
+  "bin": {
+    "rt": "tools/installer/rt-cli.js",
+    "rtexit": "tools/installer/rt-cli.js"
+  },
+  "main": "tools/installer/rt-cli.js",
+  "files": [
+    ".agents/skills/rt-*",
+    "_rtexit",
+    "resources",
+    "templates",
+    "tools/installer",
+    "RTEXIT.md"
+  ],
+  "scripts": {
+    "test": "node --test test/*.test.js",
+    "test:cli": "node --test test/cli-help.test.js",
+    "test:install": "node --test test/install-command.test.js test/copy-assets.test.js test/write-config.test.js"
+  },
+  "dependencies": {
+    "@clack/prompts": "^1.4.0",
+    "commander": "^14.0.0"
+  },
+  "engines": {
+    "node": ">=20.12.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/exit-code-eg/RTExit.git"
+  },
+  "homepage": "https://www.exitcode.me/",
+  "bugs": {
+    "url": "https://github.com/exit-code-eg/RTExit/issues"
+  },
+  "keywords": [
+    "red-team",
+    "red-teaming",
+    "security",
+    "pentest",
+    "cli",
+    "ai",
+    "methodology",
+    "rtexit"
+  ],
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/resources/certifications.md

@@ -0,0 +1,21 @@
+# RTExit Learning Path and Certifications
+
+## Foundations
+
+| Area | Suggested Learning |
+|---|---|
+| Web security | OWASP WSTG, PortSwigger Web Security Academy |
+| Mobile security | OWASP MASVS/MSTG |
+| Cloud security | AWS/Azure/GCP security fundamentals |
+| Active Directory | Windows security fundamentals and AD lab practice |
+| Reporting | CVSS 4.0, MITRE ATT&CK, executive writing |
+
+## Certification Map
+
+| Level | Examples |
+|---|---|
+| Beginner | Security+, eJPT |
+| Intermediate | PNPT, eCPPT, Burp Suite Certified Practitioner |
+| Advanced | OSCP, CRTO, CARTP |
+| Expert | OSEP, OSED, cloud specialty certifications |
+

package/resources/payloads.md

@@ -0,0 +1,21 @@
+# RTExit Payload Reference
+
+This repository intentionally keeps payload references defensive and low-risk.
+
+## Rules
+
+- Prefer harmless markers over exploit payloads.
+- Use lab-only payloads outside production.
+- Do not store real credentials, web shells, malware, or client data in this repository.
+- Every payload class used in a report must include remediation guidance.
+
+## Safe Marker Examples
+
+| Class | Marker |
+|---|---|
+| XSS | `RTEXIT_XSS_MARKER` |
+| SSTI | `RTEXIT_TEMPLATE_MARKER` |
+| SQLi | Boolean behavior probe against test data |
+| SSRF | Controlled callback URL |
+| File upload | Text file with known hash |
+

package/resources/tools.md

@@ -0,0 +1,53 @@
+# RTExit Tool Reference
+
+Use tools only inside the authorized scope and record commands through the autodoc workflow.
+
+## Planning and Reporting
+
+| Tool | Purpose | Notes |
+|---|---|---|
+| Markdown | Engagement docs and reports | Keep evidence links relative to `_rtexit-output/docs/` |
+| Python 3 | Automation scripts | Used by config resolver, tracker, autodoc |
+| Pandoc | Report conversion | Optional for PDF/DOCX export |
+
+## Reconnaissance
+
+| Tool | Purpose | Notes |
+|---|---|---|
+| Amass | Passive/active asset discovery | Respect active mode authorization |
+| Subfinder | Passive subdomain discovery | Good first-pass inventory |
+| httpx | HTTP probing | Capture title, status, tech, TLS |
+| Nmap | Network and service discovery | Stage scans and obey rate limits |
+| Nuclei | Template-based validation | Review templates before running |
+| Shodan/Censys | Internet exposure search | Passive external visibility |
+
+## Web and API
+
+| Tool | Purpose | Notes |
+|---|---|---|
+| Burp Suite | Proxy, repeater, scanner, evidence | Save project files per engagement |
+| OWASP ZAP | Proxy/scanner alternative | Useful for baseline scans |
+| ffuf | Content and parameter discovery | Use scoped wordlists and rate limits |
+| sqlmap | SQL injection validation | Use only with explicit approval |
+| jwt-cli/jq | Token and JSON inspection | Do not forge production tokens |
+
+## Mobile and Desktop
+
+| Tool | Purpose | Notes |
+|---|---|---|
+| apktool | Android package inspection | Static analysis |
+| jadx | Android decompilation | Source review |
+| Frida | Dynamic instrumentation | Requires explicit authorization |
+| MobSF | Mobile assessment platform | Good triage and reporting |
+| dnSpy/ILSpy | .NET inspection | Desktop/.NET review |
+
+## Cloud and Infrastructure
+
+| Tool | Purpose | Notes |
+|---|---|---|
+| AWS CLI | AWS inventory and validation | Use read-only roles where possible |
+| Azure CLI | Azure inventory and validation | Respect tenant boundaries |
+| gcloud | GCP inventory and validation | Use scoped projects |
+| ScoutSuite/Prowler | Cloud posture review | Validate findings manually |
+| kubectl | Kubernetes review | Use scoped kubeconfig |
+