rtexit-method 0.1.13 → 0.1.15

package/packaged-assets/.agents/skills/rt-mobile-static-deep/SKILL.md

@@ -0,0 +1,262 @@
+---
+name: rt-mobile-static-deep
+description: "Deep static analysis of mobile apps — MobSF automated scanning, manual jadx source review, secret scanning (API keys, tokens, hardcoded creds), native library analysis (.so files with Ghidra/radare2), third-party SDK vulnerability hunting, obfuscation bypass, APK/IPA binary analysis. Foundation of every mobile pentest before dynamic testing."
+---
+
+> 🐳 **Docker Environment (Recommended):** `docker exec -it rtexit-kali bash`
+
+# rt-mobile-static-deep — Mobile App Static Analysis
+
+## Overview
+
+Static analysis reveals hardcoded secrets, insecure code patterns, weak cryptography, and attack surfaces before running a single line of code. Should be the FIRST step in any mobile pentest.
+
+**What you find:**
+- Hardcoded API keys, tokens, passwords
+- Backend endpoints and internal hostnames
+- Cryptographic weaknesses
+- Exported components and deep links
+- Third-party SDK vulnerabilities
+- Native library vulnerabilities
+
+---
+
+## Phase 1: MobSF — Automated Full Scan
+
+```bash
+docker exec rtexit-kali bash -c "
+# Run MobSF Docker (fastest setup)
+docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
+
+# Upload APK/IPA via browser: http://localhost:8000
+# Or via API:
+curl -s 'http://localhost:8000/api/v1/upload' \
+  -H 'Authorization: YOUR_API_KEY' \
+  -F 'file=@target.apk' > /tmp/upload.json
+
+SCAN_HASH=\$(cat /tmp/upload.json | python3 -c \"import json,sys; print(json.load(sys.stdin)['hash'])\")
+
+# Run scan
+curl -s 'http://localhost:8000/api/v1/scan' \
+  -H 'Authorization: YOUR_API_KEY' \
+  -d \"scan_type=apk&file_name=target.apk&hash=\${SCAN_HASH}\"
+
+# Get JSON report
+curl -s \"http://localhost:8000/api/v1/report_json\" \
+  -H 'Authorization: YOUR_API_KEY' \
+  -d \"hash=\${SCAN_HASH}\" > /tmp/mobsf_report.json
+
+# Extract key findings
+python3 -c \"
+import json
+r = json.load(open('/tmp/mobsf_report.json'))
+print('=== Hardcoded Secrets ===')
+for s in r.get('secrets', []): print(' -', s)
+print('=== URLs ===')  
+for u in r.get('urls', []): print(' -', u['url'])
+print('=== HIGH findings ===')
+for k, v in r.get('code_analysis', {}).get('findings', {}).items():
+    if v.get('level') == 'high': print(' -', k, ':', v.get('cvss'))
+\"
+"
+```
+
+---
+
+## Phase 2: Secret Scanning
+
+```bash
+docker exec rtexit-kali bash -c "
+# Decompile APK
+apktool d target.apk -o /tmp/target_dc
+jadx -d /tmp/target_java target.apk 2>/dev/null
+
+# Comprehensive secret scan
+# Tool: trufflehog
+pip3 install trufflehog3 2>/dev/null
+trufflehog filesystem /tmp/target_java/ --json > /tmp/secrets.json
+cat /tmp/secrets.json | python3 -m json.tool | grep -A3 'reason\|stringsFound'
+
+# Manual grep patterns
+echo '=== API Keys ==='
+grep -rE '(api[_-]?key|apikey)\s*[=:]\s*[\"'\'']\w{20,}' /tmp/target_java/ -i
+echo '=== AWS Keys ==='
+grep -rE 'AKIA[0-9A-Z]{16}' /tmp/target_java/
+echo '=== JWT Tokens ==='
+grep -rE 'eyJ[A-Za-z0-9+/=]{10,}\.[A-Za-z0-9+/=]{10,}' /tmp/target_java/
+echo '=== Hardcoded passwords ==='
+grep -rE '(password|passwd|pwd)\s*[=:]\s*[\"'\'']\w{4,}' /tmp/target_java/ -i
+echo '=== Private keys ==='
+grep -r 'BEGIN.*PRIVATE KEY\|BEGIN RSA\|BEGIN EC' /tmp/target_java/ -l
+echo '=== Firebase URLs ==='
+grep -rE 'firebaseio\.com|firebase\.google\.com' /tmp/target_java/
+echo '=== Google Maps API Key ==='
+grep -rE 'AIza[0-9A-Za-z-_]{35}' /tmp/target_java/
+"
+```
+
+---
+
+## Phase 3: Endpoint Discovery
+
+```bash
+docker exec rtexit-kali bash -c "
+# Extract all URLs and endpoints from source
+echo '=== HTTPS Endpoints ==='
+grep -rEoh 'https?://[^\"'\'')\s]{10,}' /tmp/target_java/ | sort -u | grep -v 'schema\|xmlns\|android\|google.com/design'
+
+echo '=== API Base URLs ==='
+grep -rEi 'base_?url|api_?url|endpoint|host_?url' /tmp/target_java/ | grep -oE '\"[^\"]*\"' | sort -u
+
+echo '=== IP Addresses ==='
+grep -rEoh '\b([0-9]{1,3}\.){3}[0-9]{1,3}(:[0-9]+)?\b' /tmp/target_java/ | grep -v '0\.0\.0\|127\.0\.0\|255\.255' | sort -u
+
+echo '=== WebSocket URLs ==='
+grep -rEoh 'wss?://[^\"'\'')\s]+' /tmp/target_java/ | sort -u
+"
+```
+
+---
+
+## Phase 4: AndroidManifest Deep Analysis
+
+```bash
+docker exec rtexit-kali bash -c "
+MANIFEST=/tmp/target_dc/AndroidManifest.xml
+
+echo '=== Package + Permissions ==='
+grep 'package\|uses-permission' \$MANIFEST | sort
+
+echo '=== DANGEROUS permissions ==='
+grep 'uses-permission' \$MANIFEST | grep -iE 'READ_SMS|READ_CONTACTS|READ_CALL_LOG|CAMERA|RECORD_AUDIO|ACCESS_FINE_LOCATION|PROCESS_OUTGOING_CALLS|BIND_ACCESSIBILITY'
+
+echo '=== Exported components (attack surface) ==='
+grep -E 'activity|service|receiver|provider' \$MANIFEST | grep 'exported=\"true\"'
+
+echo '=== Deep links / intent filters ==='
+grep -A5 'intent-filter' \$MANIFEST | grep -E 'scheme|host|path'
+
+echo '=== Debuggable flag ==='
+grep 'debuggable' \$MANIFEST
+
+echo '=== Backup flag ==='
+grep 'allowBackup' \$MANIFEST
+
+echo '=== Network security config ==='
+grep 'networkSecurityConfig' \$MANIFEST
+"
+```
+
+---
+
+## Phase 5: Native Library Analysis
+
+```bash
+docker exec rtexit-kali bash -c "
+# Extract and analyze .so files
+unzip target.apk 'lib/arm64-v8a/*.so' -d /tmp/libs/
+ls /tmp/libs/lib/arm64-v8a/
+
+# Quick strings analysis on each .so
+for lib in /tmp/libs/lib/arm64-v8a/*.so; do
+  echo \"=== \$lib ===\"
+  strings \"\$lib\" | grep -iE 'password|secret|api[_-]?key|token|http|base64|des|aes|rsa' | head -20
+done
+
+# Check for known vulnerable native libraries
+strings /tmp/libs/lib/arm64-v8a/*.so | grep -E 'OpenSSL|libcurl' | head -5
+# Look up CVEs for the versions found
+
+# Deeper analysis with radare2
+r2 /tmp/libs/lib/arm64-v8a/libapp.so
+# In r2:
+# aaa       → analyze all
+# afl       → list all functions
+# pdf @sym.verify_pin   → disassemble specific function
+"
+```
+
+---
+
+## Phase 6: Cryptographic Analysis
+
+```bash
+docker exec rtexit-kali bash -c "
+# Find cryptographic usage patterns in source
+echo '=== Weak algorithms ==='
+grep -rE 'DES[^3]|MD5|SHA1[^_]|RC4|ECB' /tmp/target_java/ -i | grep -v '//\|test\|Test'
+
+echo '=== Hardcoded IV / Keys ==='
+grep -rE 'IvParameterSpec|SecretKeySpec' /tmp/target_java/ -A2 | grep -E 'new byte\[\]|getBytes'
+
+echo '=== Insecure random ==='
+grep -rE 'new Random\(\)|Math\.random' /tmp/target_java/ | grep -v 'SecureRandom'
+
+echo '=== Keystore usage (secure vs insecure) ==='
+grep -rE 'KeyStore|AndroidKeyStore|KeyGenerator' /tmp/target_java/ -l
+# If NOT using AndroidKeyStore → keys stored insecurely
+"
+```
+
+---
+
+## Phase 7: Third-Party SDK Vulnerability Check
+
+```bash
+docker exec rtexit-kali bash -c "
+# Extract all third-party SDKs/libraries
+grep -r 'implementation\|compile' /tmp/target_java/ 2>/dev/null | grep -oE \"'[^']+:[^']+:[^']+'\"|sort -u
+
+# Check for known vulnerable SDKs from strings in APK
+strings /tmp/target_apk/classes*.dex | grep -E 'com\.(facebook|google|firebase|amazonaws|stripe|braintree|okhttp|retrofit)' | sort -u | head -30
+
+# Check OkHttp version (critical — many CVEs)
+grep -r 'okhttp' /tmp/target_java/ | grep -oE 'okhttp:[0-9]+\.[0-9]+\.[0-9]+' | sort -u
+"
+```
+
+---
+
+## iOS Static Analysis
+
+```bash
+docker exec rtexit-kali bash -c "
+# Extract IPA
+unzip target.ipa -d /tmp/ipa_extracted/
+APP_DIR=\$(find /tmp/ipa_extracted/Payload -name '*.app' -type d)
+
+# Binary analysis
+file \$APP_DIR/TargetApp
+# Check: encryption, architecture
+
+# Strings
+strings \$APP_DIR/TargetApp | grep -iE 'api[_-]?key|secret|password|http|token' | head -50
+
+# class-dump (get all Obj-C class declarations)
+class-dump \$APP_DIR/TargetApp > /tmp/classes.h
+grep -i 'password\|token\|pin\|secret\|auth' /tmp/classes.h | head -30
+
+# Check Info.plist (often has API keys, URLs)
+plutil -p \$APP_DIR/Info.plist 2>/dev/null || python3 -c \"
+import plistlib
+with open('\$APP_DIR/Info.plist', 'rb') as f:
+    plist = plistlib.load(f)
+    for k, v in plist.items():
+        if any(x in k.lower() for x in ['key', 'secret', 'token', 'url', 'api']):
+            print(k, '=', v)
+\"
+"
+```
+
+---
+
+## Related Skills
+- `rt-exploit-android` — dynamic testing following static findings
+- `rt-exploit-ios` — iOS dynamic testing
+- `rt-frida-advanced` — confirm static findings at runtime
+- `rt-android-intent-exploitation` — exploit exported components found in manifest
+
+## References
+- https://github.com/MobSF/Mobile-Security-Framework-MobSF
+- https://owasp.org/www-project-mobile-application-security-design-guide/
+- https://attack.mitre.org/techniques/T1418/ — Software Discovery

package/tools/installer/commands/install.js

@@ -3,6 +3,7 @@ const { resolveRepoRoot, resolveTargetRoot } = require('../lib/paths');
 const { copyPackagedAssets } = require('../lib/copy-assets');
 const { writeUserConfig } = require('../lib/write-config');
 const { askInstallQuestions } = require('../lib/prompts');
+const { resolveSkillSet } = require('../lib/profiles');
 
 async function installCommand(options = {}) {
   const repoRoot = options.repoRoot || resolveRepoRoot();
@@ -21,7 +22,8 @@ async function installCommand(options = {}) {
   const targetRoot = resolveTargetRoot(answers.targetDirectory);
 
   const ides = answers.ides && answers.ides.length ? answers.ides : ['agents'];
-  await copyPackagedAssets({ repoRoot, targetRoot, ides });
+  const allowedSkills = resolveSkillSet(answers.profiles || ['all']);
+  await copyPackagedAssets({ repoRoot, targetRoot, ides, allowedSkills });
   await writeUserConfig({
     targetRoot,
     answers: {
@@ -36,7 +38,7 @@ async function installCommand(options = {}) {
   });
 
   io.log('RTExit installed successfully.');
-  io.log(`Skills installed into: ${ideFolders.join(', ')}`);
+  io.log(`Skills installed: ${allowedSkills.size} skills into ${ideFolders.join(', ')}`);
   io.log('Next steps:');
   io.log('1. Open _rtexit/config.user.toml and complete client/project details');
   io.log('2. Open your AI IDE in this project');

package/tools/installer/lib/asset-manifest.js

@@ -5,12 +5,17 @@ const IDE_SKILL_FOLDERS = {
   codex:  '.codex/skills',
 };
 
-function getInstallEntries(ides = ['agents']) {
+/**
+ * @param {string[]} ides
+ * @param {Set<string>|null} allowedSkills — if null, install everything
+ */
+function getInstallEntries(ides = ['agents'], allowedSkills = null) {
   const skillEntries = ides.map((ide) => ({
     type: 'glob-dir-prefix',
     base: 'packaged-assets/.agents/skills',
     targetBase: IDE_SKILL_FOLDERS[ide] || `.${ide}/skills`,
     prefix: 'rt-',
+    allowedSkills,
   }));
 
   return [

package/tools/installer/lib/copy-assets.js

@@ -17,8 +17,8 @@ function copyRecursive(source, target) {
   fs.copyFileSync(source, target);
 }
 
-async function copyPackagedAssets({ repoRoot, targetRoot, ides }) {
-  for (const entry of getInstallEntries(ides)) {
+async function copyPackagedAssets({ repoRoot, targetRoot, ides, allowedSkills = null }) {
+  for (const entry of getInstallEntries(ides, allowedSkills)) {
     if (entry.type === 'path') {
       const sourcePath = path.join(repoRoot, entry.value);
       const targetPath = path.join(targetRoot, entry.target || entry.value);
@@ -29,12 +29,12 @@ async function copyPackagedAssets({ repoRoot, targetRoot, ides }) {
     const skillsRoot = path.join(repoRoot, entry.base);
     const targetBase = entry.targetBase || entry.base;
     for (const name of fs.readdirSync(skillsRoot)) {
-      if (name.startsWith(entry.prefix)) {
-        copyRecursive(
-          path.join(skillsRoot, name),
-          path.join(targetRoot, targetBase, name)
-        );
-      }
+      if (!name.startsWith(entry.prefix)) continue;
+      if (entry.allowedSkills && !entry.allowedSkills.has(name)) continue;
+      copyRecursive(
+        path.join(skillsRoot, name),
+        path.join(targetRoot, targetBase, name)
+      );
     }
   }
 }

package/tools/installer/lib/profiles.js

@@ -0,0 +1,250 @@
+/**
+ * Install profiles — each profile maps to a set of skill folder names.
+ * Skills in CORE are always installed regardless of profile selection.
+ * Users pick one or more profiles; they get CORE + selected profiles.
+ */
+
+const CORE = [
+  // Agents
+  'rt-agent-breaker',
+  'rt-agent-commander',
+  'rt-agent-ghost',
+  'rt-agent-navigator',
+  'rt-agent-phantom',
+  'rt-agent-scout',
+  'rt-agent-scribe',
+  // Base methodology
+  'rt-help',
+  'rt-status',
+  'rt-party-mode',
+  'rt-scope-definition',
+  'rt-rules-of-engagement',
+  'rt-methodology-selector',
+  // Recon & mapping
+  'rt-active-recon',
+  'rt-osint',
+  'rt-shodan-recon',
+  'rt-attack-surface-map',
+  'rt-subdomain-enum',
+  'rt-subdomain-takeover',
+  'rt-wordlist-generation',
+  'rt-password-spray',
+  // Infrastructure
+  'rt-c2-operations',
+  'rt-redteam-infra',
+  // Core execution
+  'rt-defense-evasion',
+  'rt-lateral-movement',
+  'rt-persistence',
+  'rt-post-exploitation',
+  'rt-privilege-escalation',
+  'rt-credential-access',
+  'rt-credential-hunt',
+  'rt-lsass-dumping',
+  'rt-data-exfiltration',
+];
+
+const PROFILES = {
+  web: {
+    label: 'Web & API',
+    description: 'Web apps, APIs, injection, auth, OWASP Top 10',
+    skills: [
+      'rt-exploit-web',
+      'rt-exploit-injection',
+      'rt-exploit-xss',
+      'rt-exploit-ssrf',
+      'rt-exploit-auth',
+      'rt-exploit-idor',
+      'rt-exploit-api',
+      'rt-exploit-jwt',
+      'rt-exploit-file-upload',
+      'rt-cors-csrf',
+      'rt-clickjacking',
+      'rt-dom-attacks',
+      'rt-cache-attacks',
+      'rt-business-logic',
+      'rt-race-conditions',
+      'rt-request-smuggling',
+      'rt-path-traversal',
+      'rt-deserialization',
+      'rt-prototype-pollution',
+      'rt-http-parameter-pollution',
+      'rt-ldap-xpath-injection',
+      'rt-xxe',
+      'rt-oauth-oidc',
+      'rt-websockets-grpc',
+      'rt-js-analysis',
+      'rt-browser-exploitation',
+      'rt-exploit-wordpress',
+      'rt-exploit-nodejs',
+      'rt-exploit-php',
+      'rt-exploit-python',
+      'rt-exploit-java',
+      'rt-exploit-dotnet',
+      'rt-exploit-ruby',
+      'rt-exploit-frameworks',
+      'rt-exploit-electron',
+      'rt-exploit-firebase',
+      'rt-supabase',
+      'rt-exploit-osticket',
+      'rt-exploit-bec',
+      'rt-serverless',
+      'rt-exploit-elasticsearch',
+      'rt-exploit-databases',
+      'rt-exploit-mongodb',
+      'rt-exploit-mssql',
+      'rt-exploit-mysql',
+      'rt-exploit-postgresql',
+      'rt-exploit-redis',
+      'rt-ai-llm-security',
+      'rt-crypto-attacks',
+      'rt-exploit-fuzzing',
+    ],
+  },
+
+  mobile: {
+    label: 'Mobile',
+    description: 'Android, iOS, BLE, Frida, SSL bypass, cross-platform, C2',
+    skills: [
+      // Core mobile
+      'rt-exploit-android',
+      'rt-exploit-ios',
+      'rt-bluetooth-ble',
+      // Advanced mobile (new)
+      'rt-frida-advanced',
+      'rt-mobile-ssl-pinning',
+      'rt-apk-repackaging',
+      'rt-android-intent-exploitation',
+      'rt-cross-platform-mobile',
+      'rt-mobile-malware-c2',
+      'rt-mobile-static-deep',
+    ],
+  },
+
+  cloud: {
+    label: 'Cloud',
+    description: 'AWS, Azure, GCP, Kubernetes, containers',
+    skills: [
+      'rt-exploit-cloud-aws',
+      'rt-exploit-cloud-azure',
+      'rt-exploit-cloud-gcp',
+      'rt-kubernetes',
+      'rt-exploit-containers',
+      'rt-serverless',
+      'rt-supply-chain',
+      'rt-exploit-firebase',
+      'rt-supabase',
+      'rt-exploit-elasticsearch',
+    ],
+  },
+
+  ad: {
+    label: 'Active Directory & Windows',
+    description: 'AD, ADCS, Kerberos, lateral movement, EDR bypass, APT techniques',
+    skills: [
+      'rt-exploit-active-directory',
+      'rt-exploit-adcs',
+      'rt-adcs-esc9-13',
+      'rt-adfs',
+      'rt-azure-ad',
+      'rt-exchange-sharepoint',
+      'rt-exploit-desktop-win',
+      'rt-exploit-desktop-mac',
+      'rt-printer-attacks',
+      'rt-network-segmentation',
+      'rt-exploit-network',
+      'rt-ssl-mitm',
+      'rt-citrix-vdi',
+      // Nation-state / APT
+      'rt-kerberos-relay',
+      'rt-diamond-sapphire-tickets',
+      'rt-zerologon',
+      'rt-printnightmare-rce',
+      'rt-golden-saml',
+      'rt-skeleton-key',
+      'rt-syscall-bypass',
+      'rt-etw-bypass',
+      'rt-process-injection-advanced',
+      'rt-ppid-spoofing',
+      'rt-beacon-sleep-masking',
+      'rt-clm-jea-escape',
+    ],
+  },
+
+  reporting: {
+    label: 'Reporting & Documentation',
+    description: 'Reports, findings, CVSS, MITRE, scenarios, compliance',
+    skills: [
+      'rt-technical-report',
+      'rt-executive-report',
+      'rt-finding-document',
+      'rt-finding-tracker',
+      'rt-autodoc',
+      'rt-create-sead',
+      'rt-evidence-chain',
+      'rt-compliance-mapper',
+      'rt-cvss-calculator',
+      'rt-poc-writer',
+      'rt-risk-matrix',
+      'rt-mitre-map',
+      'rt-kill-chain-map',
+      'rt-remediation-roadmap',
+      'rt-attack-chain-builder',
+      'rt-timeline',
+      'rt-threat-model',
+      'rt-scenario-library',
+      'rt-scenario-c001', 'rt-scenario-c002', 'rt-scenario-c003', 'rt-scenario-c004', 'rt-scenario-c005',
+      'rt-scenario-d001', 'rt-scenario-d002', 'rt-scenario-d003', 'rt-scenario-d004', 'rt-scenario-d005',
+      'rt-scenario-m001', 'rt-scenario-m002', 'rt-scenario-m003', 'rt-scenario-m004', 'rt-scenario-m005',
+      'rt-scenario-n001', 'rt-scenario-n002', 'rt-scenario-n003', 'rt-scenario-n004', 'rt-scenario-n005',
+      'rt-scenario-w001', 'rt-scenario-w002', 'rt-scenario-w003', 'rt-scenario-w004', 'rt-scenario-w005',
+      'rt-scenario-w006', 'rt-scenario-w007', 'rt-scenario-w008', 'rt-scenario-w009', 'rt-scenario-w010',
+    ],
+  },
+
+  specialist: {
+    label: 'Specialist',
+    description: 'SCADA/ICS, IoT, hardware, physical, social engineering, wireless',
+    skills: [
+      'rt-exploit-scada',
+      'rt-exploit-iot',
+      'rt-hardware-hacking',
+      'rt-exploit-wireless',
+      'rt-wireless-rogue-ap',
+      'rt-exploit-physical',
+      'rt-exploit-phishing',
+      'rt-exploit-vishing',
+      'rt-social-engineering',
+      'rt-voip-sip',
+      'rt-traffic-analysis',
+      'rt-binary-reverse-engineering',
+      'rt-sap-exploitation',
+      'rt-steganography',
+    ],
+  },
+};
+
+/**
+ * Resolve the full set of skill folder names to install.
+ * @param {string[]|'all'} selectedProfiles — array of profile keys or 'all'
+ * @returns {Set<string>} — set of skill folder names
+ */
+function resolveSkillSet(selectedProfiles) {
+  if (selectedProfiles === 'all' || (Array.isArray(selectedProfiles) && selectedProfiles.includes('all'))) {
+    const all = new Set(CORE);
+    for (const profile of Object.values(PROFILES)) {
+      for (const s of profile.skills) all.add(s);
+    }
+    return all;
+  }
+
+  const result = new Set(CORE);
+  for (const key of selectedProfiles) {
+    if (PROFILES[key]) {
+      for (const s of PROFILES[key].skills) result.add(s);
+    }
+  }
+  return result;
+}
+
+module.exports = { PROFILES, CORE, resolveSkillSet };

package/tools/installer/lib/prompts.js

@@ -1,4 +1,5 @@
 const prompts = require('@clack/prompts');
+const { PROFILES } = require('./profiles');
 
 async function askInstallQuestions({ cwd }) {
   const targetDirectory = await prompts.text({
@@ -34,12 +35,28 @@ async function askInstallQuestions({ cwd }) {
     required: true,
   });
 
+  const profileOptions = [
+    { value: 'all', label: 'All Skills (Full install — everything)', hint: 'recommended for full red team ops' },
+    ...Object.entries(PROFILES).map(([key, p]) => ({
+      value: key,
+      label: `${p.label}`,
+      hint: p.description,
+    })),
+  ];
+
+  const profiles = await prompts.multiselect({
+    message: 'Which skill profiles do you need? (space to select, enter to confirm)',
+    options: profileOptions,
+    initialValues: ['all'],
+    required: true,
+  });
+
   const confirmed = await prompts.confirm({
     message: `Install RTExit into ${targetDirectory}?`,
     initialValue: true,
   });
 
-  return { targetDirectory, language, document_output_language, ides, confirmed };
+  return { targetDirectory, language, document_output_language, ides, profiles, confirmed };
 }
 
 module.exports = { askInstallQuestions };