rtexit-method 0.1.0

package/resources/wordlists.md

@@ -0,0 +1,15 @@
+# RTExit Wordlist Reference
+
+Keep wordlists local and versioned by source. Avoid running large lists without explicit rate limits.
+
+| Category | Common Source | Use Case |
+|---|---|---|
+| Subdomains | SecLists DNS | Passive/active DNS discovery |
+| Web content | SecLists Discovery/Web-Content | Directory and file discovery |
+| API routes | SecLists API lists | API endpoint discovery |
+| Usernames | SecLists Usernames | Authorized password-policy testing only |
+| Passwords | rockyou or client-provided | Only when credential testing is approved |
+| XSS markers | Custom harmless markers | Context validation |
+
+Recommended paths can be overridden in `_rtexit/config.user.toml`.
+

package/templates/attack-chain-template.md

@@ -0,0 +1,33 @@
+# Attack Chain
+
+| Field | Value |
+|---|---|
+| Chain ID | CHAIN-001 |
+| Objective | [Objective] |
+| Starting Access | [External/Internal/User/etc.] |
+| Final Impact | [Impact] |
+| Confidence | [Low/Medium/High] |
+
+## Narrative
+
+[Explain how independent findings combine into a realistic business-impact path.]
+
+## Chain Steps
+
+| Step | Finding | Technique | Evidence | Control Gap |
+|---:|---|---|---|---|
+| 1 | [F-XXX] | [Technique] | [Evidence] | [Gap] |
+
+## MITRE ATT&CK Map
+
+| Step | Tactic | Technique | Detection Opportunity |
+|---:|---|---|---|
+| 1 | [Tactic] | [Technique] | [Detection] |
+
+## Break Points
+
+List the controls that would break the chain earliest and reduce blast radius.
+
+## Mitigations
+
+- [Mitigation]

package/templates/executive-report-template.md

@@ -0,0 +1,64 @@
+# PENETRATION TEST EXECUTIVE REPORT
+
+---
+
+| Field | Value |
+|-------|-------|
+| **Engagement Reference** | [REF-NUMBER] |
+| **Client** | [CLIENT NAME] |
+| **Report Date** | [DATE] |
+| **Classification** | STRICTLY CONFIDENTIAL |
+| **Distribution** | [List authorized recipients] |
+
+---
+
+## EXECUTIVE SUMMARY
+
+### Overall Risk Rating: 🔴 CRITICAL
+
+[2-3 paragraph non-technical summary of findings and business risk]
+
+### Key Findings
+
+| Severity | Count | Business Impact |
+|----------|-------|-----------------|
+| 🔴 Critical | X | Immediate threat to business operations |
+| 🟠 High | X | Significant risk requiring priority attention |
+| 🟡 Medium | X | Moderate risk to be addressed within 30 days |
+| 🔵 Low | X | Minor issues for scheduled remediation |
+
+### Critical Business Risks Identified
+
+1. **[Risk 1]**: [Plain language description of highest risk]
+2. **[Risk 2]**: [Second highest risk]
+3. **[Risk 3]**: [Third highest risk]
+
+---
+
+## ATTACK NARRATIVE
+
+*The following describes how an attacker with no prior access could compromise [CLIENT]'s systems:*
+
+[Tell the attack story in plain language — no technical jargon]
+
+An attacker beginning with only publicly available information would first [Phase 1 description]...
+
+This initial access would then enable [Phase 2 description]...
+
+Ultimately, an attacker could [impact description — what they could do with full access]...
+
+---
+
+## PRIORITIZED REMEDIATION ROADMAP
+
+| Priority | Finding | Risk | Timeline | Owner |
+|----------|---------|------|----------|-------|
+| 1 | [Critical finding] | Business disruption | 24 hours | Security/IT |
+| 2 | [High finding] | Data breach risk | 7 days | Development |
+| 3 | [High finding] | Compliance violation | 30 days | IT/Security |
+
+---
+
+## CONCLUSION
+
+[2-3 paragraphs on overall security posture, positive findings, and path forward]

package/templates/executive-report.md

@@ -0,0 +1,27 @@
+# Executive Report
+
+## Executive Summary
+
+[Plain-language summary of business risk, scope, and overall posture.]
+
+## Risk Overview
+
+| Severity | Count | Business Meaning |
+|---|---:|---|
+| Critical | 0 | Immediate business risk |
+| High | 0 | Priority remediation needed |
+| Medium | 0 | Scheduled remediation |
+| Low | 0 | Improvement opportunity |
+
+## Key Risks
+
+1. [Risk title]: [business impact]
+2. [Risk title]: [business impact]
+3. [Risk title]: [business impact]
+
+## Priority Roadmap
+
+| Priority | Action | Owner | Target Date |
+|---:|---|---|---|
+| 1 | [Action] | [Owner] | [Date] |
+

package/templates/finding-template.md

@@ -0,0 +1,74 @@
+---
+id: F-XXX
+title: ""
+severity: CRITICAL
+cvss: 9.8
+cvss_vector: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
+cwe: CWE-XXX
+cve: ""
+mitre: TXXXX.XXX
+kill_chain: Exploitation
+asset: ""
+status: CONFIRMED
+date: ""
+operator: ""
+---
+
+# 🔴 F-XXX — [Finding Title]
+
+> **Severity:** CRITICAL | **CVSS:** 9.8 | **Asset:** [URL/IP]
+
+## Description
+
+[Clear, concise description of the vulnerability — what it is and why it exists]
+
+## Technical Evidence
+
+```
+[Paste command output, HTTP request/response, or tool output here]
+```
+
+**Screenshot:** [reference to screenshots/F-XXX-evidence-01.png]
+
+## Impact
+
+**Business Impact:** [What happens to the business if exploited]
+**Technical Impact:** [Data exposed, systems compromised, services affected]
+**Affected Users:** [How many users/systems affected]
+
+## Reproduction Steps
+
+**Prerequisites:** [What is needed to reproduce]
+
+1. Navigate to [URL]
+2. [Exact step with command or action]
+3. [Expected result]
+4. [Observed result demonstrating the vulnerability]
+
+```bash
+# Exact command to reproduce
+[command here]
+```
+
+Expected output:
+```
+[paste expected output]
+```
+
+## Remediation
+
+### Immediate (0-24 hours)
+- [ ] [Specific immediate action]
+
+### Short-term (1-30 days)
+- [ ] [Code fix or configuration change]
+
+### Long-term
+- [ ] [Architecture improvement or policy change]
+
+## References
+
+- CWE: https://cwe.mitre.org/data/definitions/XXX.html
+- OWASP: [relevant OWASP page]
+- CVE: [link if applicable]
+- Vendor Advisory: [link if applicable]

package/templates/remediation-roadmap.md

@@ -0,0 +1,31 @@
+# Remediation Roadmap
+
+## Prioritization Model
+
+Priority is based on severity, exploitability, exposed data, business process impact, internet exposure, and whether a finding enables another attack path.
+
+| Priority | Finding | Recommended Action | Owner | Timeline | Dependency |
+|---:|---|---|---|---|---|
+| 1 | [F-XXX] | [Action] | [Owner] | 0-7 days | [None/F-YYY] |
+
+## Immediate Actions: 0-7 Days
+
+- [ ] Contain exposed systems or disable risky functionality.
+- [ ] Rotate exposed credentials and invalidate affected sessions.
+- [ ] Apply tactical configuration fixes for critical findings.
+
+## Short-Term Actions: 8-30 Days
+
+- [ ] Patch vulnerable components.
+- [ ] Add server-side authorization checks.
+- [ ] Harden identity, MFA, logging, and alerting controls.
+
+## Long-Term Actions: 31-90 Days
+
+- [ ] Add secure design review gates.
+- [ ] Improve asset inventory and attack surface monitoring.
+- [ ] Add regression tests for fixed vulnerability classes.
+
+## Validation
+
+Each remediation item should be retested and linked to closure evidence in `_rtexit-output/docs/evidence/`.

package/templates/sead-template.md

@@ -0,0 +1,73 @@
+# Statement of Engagement Authorization
+
+| Field | Value |
+|---|---|
+| Engagement Reference | [REF] |
+| Client | [CLIENT] |
+| Client Sponsor | [NAME / ROLE / CONTACT] |
+| Authorized Operator(s) | [NAMES] |
+| Start Date | [YYYY-MM-DD] |
+| End Date | [YYYY-MM-DD] |
+| Scope Type | [blackbox/greybox/whitebox] |
+| Methodology | [PTES/NIST/OWASP/TIBER/CBEST] |
+| Classification | Confidential |
+
+## 1. Purpose
+
+This document authorizes RTExit operators to perform security testing against the assets, time windows, and techniques explicitly listed below.
+
+## 2. Authorized Scope
+
+| Asset | Type | Environment | Testing Window | Notes |
+|---|---|---|---|---|
+| [domain/app/IP] | [web/api/cloud/etc.] | [prod/stage/lab] | [window] | [notes] |
+
+## 3. Exclusions
+
+| Exclusion | Reason | Contact for Exception |
+|---|---|---|
+| [asset/technique/data] | [reason] | [contact] |
+
+## 4. Approved Testing Categories
+
+- [ ] Planning and documentation
+- [ ] Passive reconnaissance
+- [ ] Active reconnaissance
+- [ ] Web/API testing
+- [ ] Mobile/Desktop testing
+- [ ] Network/Internal testing
+- [ ] Cloud configuration review
+- [ ] Active Directory testing
+- [ ] Social engineering simulation
+- [ ] Physical security assessment
+- [ ] Post-exploitation validation
+
+## 5. Rules of Engagement
+
+| Rule | Value |
+|---|---|
+| Rate limits | [requests/sec, scan windows] |
+| Accounts provided | [test users/roles] |
+| Data access limits | [no PII dump, sample-only, etc.] |
+| Destructive testing | [allowed/not allowed] |
+| Social engineering | [allowed/not allowed and conditions] |
+| Emergency stop contact | [name/phone/email] |
+| Daily status cadence | [time/channel] |
+
+## 6. Evidence Handling
+
+Evidence must be stored under `_rtexit-output/docs/evidence/`, hashed with SHA-256 where practical, and referenced from findings by relative path.
+
+## 7. Stop Conditions
+
+Testing must pause immediately if service instability, unauthorized data exposure, legal uncertainty, client request, or safety concerns are observed.
+
+## 8. Authorization
+
+Client representative:
+
+Signature/date:
+
+RTExit operator:
+
+Signature/date:

package/templates/technical-report.md

@@ -0,0 +1,63 @@
+# Technical Report
+
+## Document Control
+
+| Field | Value |
+|---|---|
+| Reference | [REF] |
+| Client | [CLIENT] |
+| Report Date | [YYYY-MM-DD] |
+| Classification | Confidential |
+| Methodology | [PTES/NIST/OWASP/etc.] |
+| Operators | [NAMES] |
+
+## Scope
+
+| Asset | Type | Environment | Status |
+|---|---|---|---|
+| [asset] | [web/api/cloud/etc.] | [prod/stage/lab] | In scope |
+
+## Exclusions and Constraints
+
+[Document excluded systems, unsafe techniques, testing windows, data handling limits, and assumptions.]
+
+## Methodology
+
+Testing followed the approved SEAD and Rules of Engagement. Activities were grouped into planning, reconnaissance, exploitation validation, post-exploitation impact analysis, and reporting.
+
+## Tooling Summary
+
+| Category | Tools | Purpose |
+|---|---|---|
+| Reconnaissance | [tools] | Asset discovery and exposure review |
+| Web/API | [tools] | Manual and assisted validation |
+| Cloud/Infra | [tools] | Configuration and identity review |
+| Reporting | RTExit scripts | Evidence, findings, and report generation |
+
+## Findings Summary
+
+| ID | Title | Severity | CVSS | Asset | Status |
+|---|---|---|---:|---|---|
+| F-001 | [Title] | [Severity] | [Score] | [Asset] | [Status] |
+
+## Detailed Findings
+
+Each finding should include description, affected assets, evidence, reproduction steps, impact, CVSS vector, MITRE mapping, and remediation.
+
+## Attack Chains
+
+| Chain | Findings | Objective | Business Impact |
+|---|---|---|---|
+| CHAIN-001 | [F-001, F-002] | [objective] | [impact] |
+
+## Remediation Plan
+
+Prioritize fixes by exploitability, business impact, exposed data, and dependency relationships.
+
+## Appendices
+
+- Evidence index
+- Chain of custody
+- MITRE ATT&CK mapping
+- CVSS vectors
+- Raw tool output references

package/tools/installer/commands/install.js

@@ -0,0 +1,40 @@
+const { renderBanner } = require('../lib/banner');
+const { resolveRepoRoot, resolveTargetRoot } = require('../lib/paths');
+const { copyPackagedAssets } = require('../lib/copy-assets');
+const { writeUserConfig } = require('../lib/write-config');
+const { askInstallQuestions } = require('../lib/prompts');
+
+async function installCommand(options = {}) {
+  const repoRoot = options.repoRoot || resolveRepoRoot();
+  const cwd = options.cwd || process.cwd();
+  const io = options.io || console;
+  const promptAdapter = options.promptAdapter || askInstallQuestions;
+
+  io.log(renderBanner());
+
+  const answers = await promptAdapter({ cwd });
+  if (!answers.confirmed) {
+    io.log('RTExit install cancelled.');
+    return;
+  }
+
+  const targetRoot = resolveTargetRoot(answers.targetDirectory);
+
+  await copyPackagedAssets({ repoRoot, targetRoot });
+  await writeUserConfig({
+    targetRoot,
+    answers: {
+      language: answers.language,
+      document_output_language: answers.document_output_language,
+      skill_level: answers.skill_level,
+    },
+  });
+
+  io.log('RTExit installed successfully.');
+  io.log('Next steps:');
+  io.log('1. Open _rtexit/config.user.toml and complete client/project details');
+  io.log('2. Open your AI IDE in this project');
+  io.log('3. Start with rt-help');
+}
+
+module.exports = { installCommand };

package/tools/installer/lib/asset-manifest.js

@@ -0,0 +1,11 @@
+function getInstallEntries() {
+  return [
+    { type: 'glob-dir-prefix', base: '.agents/skills', prefix: 'rt-' },
+    { type: 'path', value: '_rtexit' },
+    { type: 'path', value: 'templates' },
+    { type: 'path', value: 'resources' },
+    { type: 'path', value: 'RTEXIT.md' }
+  ];
+}
+
+module.exports = { getInstallEntries };

package/tools/installer/lib/banner.js

@@ -0,0 +1,12 @@
+function renderBanner() {
+  return [
+    '+------------------------------------------------------------------------------+',
+    '| RTExit                                                                      |',
+    '| AI-Assisted Red Team Methodology                                            |',
+    '| Install official RTExit framework assets into your project.                 |',
+    '| Website: https://www.exitcode.me/                                           |',
+    '+------------------------------------------------------------------------------+',
+  ].join('\n');
+}
+
+module.exports = { renderBanner };

package/tools/installer/lib/config-template.js

@@ -0,0 +1,29 @@
+function buildConfigTemplate({ language, document_output_language, skill_level }) {
+  return [
+    '# RTExit User Configuration - Override base config here',
+    '',
+    '[core]',
+    'operator_name = ""',
+    'operator_email = ""',
+    'company = ""',
+    `language = "${language}"`,
+    `document_output_language = "${document_output_language}"`,
+    `skill_level = "${skill_level}"`,
+    '',
+    '[engagement]',
+    'ref = ""',
+    'client_name = ""',
+    'start_date = ""',
+    'end_date = ""',
+    'scope_type = ""',
+    'methodology = ""',
+    'primary_domain = ""',
+    '',
+    '[tools]',
+    '',
+    '[wordlists]',
+    '',
+  ].join('\n');
+}
+
+module.exports = { buildConfigTemplate };

package/tools/installer/lib/copy-assets.js

@@ -0,0 +1,39 @@
+const fs = require('node:fs');
+const path = require('node:path');
+const { getInstallEntries } = require('./asset-manifest');
+
+function copyRecursive(source, target) {
+  const stats = fs.statSync(source);
+
+  if (stats.isDirectory()) {
+    fs.mkdirSync(target, { recursive: true });
+    for (const entry of fs.readdirSync(source)) {
+      copyRecursive(path.join(source, entry), path.join(target, entry));
+    }
+    return;
+  }
+
+  fs.mkdirSync(path.dirname(target), { recursive: true });
+  fs.copyFileSync(source, target);
+}
+
+async function copyPackagedAssets({ repoRoot, targetRoot }) {
+  for (const entry of getInstallEntries()) {
+    if (entry.type === 'path') {
+      copyRecursive(path.join(repoRoot, entry.value), path.join(targetRoot, entry.value));
+      continue;
+    }
+
+    const skillsRoot = path.join(repoRoot, entry.base);
+    for (const name of fs.readdirSync(skillsRoot)) {
+      if (name.startsWith(entry.prefix)) {
+        copyRecursive(
+          path.join(skillsRoot, name),
+          path.join(targetRoot, entry.base, name)
+        );
+      }
+    }
+  }
+}
+
+module.exports = { copyPackagedAssets };

package/tools/installer/lib/paths.js

@@ -0,0 +1,11 @@
+const path = require('node:path');
+
+function resolveRepoRoot() {
+  return path.resolve(__dirname, '..', '..', '..');
+}
+
+function resolveTargetRoot(targetDirectory) {
+  return path.resolve(targetDirectory || process.cwd());
+}
+
+module.exports = { resolveRepoRoot, resolveTargetRoot };

package/tools/installer/lib/prompts.js

@@ -0,0 +1,43 @@
+const prompts = require('@clack/prompts');
+
+async function askInstallQuestions({ cwd }) {
+  const targetDirectory = await prompts.text({
+    message: 'Install RTExit into which directory?',
+    initialValue: cwd,
+  });
+
+  const language = await prompts.select({
+    message: 'Choose interface language',
+    options: [
+      { value: 'en', label: 'English' },
+      { value: 'ar', label: 'Arabic' },
+    ],
+  });
+
+  const document_output_language = await prompts.select({
+    message: 'Choose report language',
+    options: [
+      { value: 'en', label: 'English' },
+      { value: 'ar', label: 'Arabic' },
+    ],
+  });
+
+  const skill_level = await prompts.select({
+    message: 'Choose skill level',
+    options: [
+      { value: 'beginner', label: 'Beginner' },
+      { value: 'intermediate', label: 'Intermediate' },
+      { value: 'advanced', label: 'Advanced' },
+      { value: 'expert', label: 'Expert' },
+    ],
+  });
+
+  const confirmed = await prompts.confirm({
+    message: `Install RTExit into ${targetDirectory}?`,
+    initialValue: true,
+  });
+
+  return { targetDirectory, language, document_output_language, skill_level, confirmed };
+}
+
+module.exports = { askInstallQuestions };

package/tools/installer/lib/write-config.js

@@ -0,0 +1,32 @@
+const fs = require('node:fs');
+const path = require('node:path');
+const { buildConfigTemplate } = require('./config-template');
+
+function upsertKey(content, key, value) {
+  const pattern = new RegExp(`^${key}\\s*=\\s*".*"$`, 'm');
+  const replacement = `${key} = "${value}"`;
+  return pattern.test(content)
+    ? content.replace(pattern, replacement)
+    : `${content.trimEnd()}\n${replacement}\n`;
+}
+
+async function writeUserConfig({ targetRoot, answers }) {
+  const configDir = path.join(targetRoot, '_rtexit');
+  const configPath = path.join(configDir, 'config.user.toml');
+
+  fs.mkdirSync(configDir, { recursive: true });
+
+  if (!fs.existsSync(configPath)) {
+    fs.writeFileSync(configPath, `${buildConfigTemplate(answers)}\n`);
+    return configPath;
+  }
+
+  let content = fs.readFileSync(configPath, 'utf8');
+  content = upsertKey(content, 'language', answers.language);
+  content = upsertKey(content, 'document_output_language', answers.document_output_language);
+  content = upsertKey(content, 'skill_level', answers.skill_level);
+  fs.writeFileSync(configPath, content);
+  return configPath;
+}
+
+module.exports = { writeUserConfig };

package/tools/installer/rt-cli.js

@@ -0,0 +1,20 @@
+#!/usr/bin/env node
+const { program } = require('commander');
+const packageJson = require('../../package.json');
+const { installCommand } = require('./commands/install');
+
+program
+  .name('rtexit')
+  .description('RTExit CLI - AI-assisted Red Team methodology installer')
+  .version(packageJson.version);
+
+program
+  .command('install')
+  .description('Install RTExit into the current project')
+  .action(() => installCommand());
+
+program.parse(process.argv);
+
+if (process.argv.slice(2).length === 0) {
+  program.outputHelp();
+}