npm - rtexit-method - Versions diffs - 0.1.17 → 0.1.19 - Mend

rtexit-method 0.1.17 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json +1 -1
package/packaged-assets/docker/Dockerfile +1324 -0
package/packaged-assets/docker/README.md +107 -0
package/packaged-assets/docker/aliases.sh +410 -0
package/packaged-assets/docker/docker-compose.yml +64 -0
package/packaged-assets/docker/entrypoint.sh +22 -0
package/packaged-assets/docker/verify-tools.sh +319 -0
package/packaged-assets/scripts/rt-native-install.sh +438 -0
package/tools/installer/commands/install.js +91 -48
package/tools/installer/lib/asset-manifest.js +1 -0

package/packaged-assets/docker/Dockerfile ADDED Viewed

@@ -0,0 +1,1324 @@
+# RTExit Kali Linux — Full Red Team Environment
+# All tools referenced in 167 RTExit skills pre-installed
+# Usage: docker build -t rtexit/kali . && docker run -it rtexit/kali
+# Or:    docker run -it ghcr.io/exit-code-eg/rtexit-kali:latest
+FROM kalilinux/kali-rolling
+LABEL maintainer="RTExit <https://github.com/exit-code-eg/RTExit>"
+LABEL description="RTExit Kali — Complete Red Team Environment (189 skills)"
+LABEL version="3.0.0"
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TERM=xterm-256color
+ENV RTEXIT_HOME=/opt/rtexit
+# Block broken mirrors + force reliable mirror
+RUN printf 'deb http://mirrors.ocf.berkeley.edu/kali kali-rolling main contrib non-free non-free-firmware\n' \
+    > /etc/apt/sources.list
+# Configure apt retries
+RUN printf 'Acquire::Retries "3";\nAcquire::http::Timeout "20";\n' \
+    > /etc/apt/apt.conf.d/99-rtexit
+# ─────────────────────────────────────────────
+# System Update (split into chunks for reliable caching)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get upgrade -y && apt-get clean
+# Install all tools — --fix-missing continues even if a mirror is down
+RUN apt-get install -y --no-install-recommends --fix-missing \
+    curl wget git vim nano tmux screen \
+    file xxd hexedit zip unzip p7zip-full tar jq \
+    build-essential python3 python3-pip python3-venv \
+    libssl-dev libffi-dev libpcap-dev \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
+    golang-go nodejs npm default-jdk ruby ruby-dev \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
+    nmap ncat netcat-openbsd tcpdump tshark \
+    net-tools iproute2 iputils-ping bind9-dnsutils \
+    socat proxychains4 openvpn \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
+    hashcat john hydra cewl crunch \
+    sqlmap nikto wfuzz dirb whatweb \
+    masscan aircrack-ng wireless-tools rfkill \
+    smbclient ldap-utils \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
+    steghide exiftool gdb radare2 ltrace strace \
+    iodine hping3 dsniff macchanger \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
+    responder bettercap sipvicious apache2 nginx php php-curl \
+    2>/dev/null; apt-get clean && rm -rf /var/lib/apt/lists/* ; true
+# ─────────────────────────────────────────────
+# Python Environment
+# ─────────────────────────────────────────────
+RUN python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel --break-system-packages 2>/dev/null || \
+    pip3 install --no-cache-dir --break-system-packages --upgrade pip setuptools wheel --break-system-packages 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Recon & OSINT Tools
+# (rt-osint, rt-subdomain-enum, rt-active-recon, rt-shodan-recon, rt-js-analysis)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    amass subfinder \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN pip3 install --no-cache-dir --break-system-packages \
+    theHarvester shodan censys trufflehog stegoveritas
+# recon-ng from source (not on PyPI)
+RUN git clone https://github.com/lanmaster53/recon-ng /opt/recon-ng 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/recon-ng/REQUIREMENTS 2>/dev/null; \
+    ln -sf /opt/recon-ng/recon-ng /usr/local/bin/recon-ng 2>/dev/null; true
+# httpx, nuclei, subfinder, naabu, katana via Go
+# Go tools — each separate so one failure doesn't stop others
+RUN go install github.com/projectdiscovery/httpx/cmd/httpx@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/katana/cmd/katana@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest 2>/dev/null || true
+RUN go install github.com/hakluke/hakrawler@latest 2>/dev/null || true
+RUN go install github.com/tomnomnom/waybackurls@latest 2>/dev/null || true
+RUN go install github.com/lc/gau/v2/cmd/gau@latest 2>/dev/null || true
+RUN go install github.com/ffuf/ffuf/v2@latest 2>/dev/null || true
+RUN go install github.com/OJ/gobuster/v3@latest 2>/dev/null || true
+RUN go install github.com/ropnop/kerbrute@latest 2>/dev/null || true
+RUN go install github.com/hahwul/dalfox/v2@latest 2>/dev/null || true
+RUN go install github.com/LukaSikic/subzy@latest 2>/dev/null || true
+# gitleaks
+RUN curl -sSfL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz | \
+    tar xz -C /usr/local/bin && chmod +x /usr/local/bin/gitleaks || true
+# Nuclei templates
+RUN nuclei -update-templates -update-template-dir /opt/nuclei-templates 2>/dev/null || true
+# sherlock
+RUN pip3 install --no-cache-dir --break-system-packages sherlock-project 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Web Application Tools
+# (rt-exploit-web, rt-exploit-injection, rt-exploit-xss, rt-exploit-ssrf,
+#  rt-exploit-auth, rt-exploit-file-upload, rt-exploit-api, rt-exploit-jwt,
+#  rt-request-smuggling, rt-cache-attacks, rt-xxe, rt-path-traversal)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    sqlmap \
+    nikto \
+    wfuzz \
+    dirb \
+    whatweb \
+    wafw00f \
+    testssl.sh \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN pip3 install --no-cache-dir --break-system-packages \
+    mitmproxy impacket requests pwntools \
+    PyJWT python-jose \
+    grpcio grpcio-tools websocket-client scapy stegano
+RUN pip3 install --no-cache-dir --break-system-packages blackboxprotobuf 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages padding-oracle-attacker 2>/dev/null || true
+# padbuster from source (not on PyPI)
+RUN git clone https://github.com/AonCyberLabs/PadBuster /opt/PadBuster 2>/dev/null && \
+    chmod +x /opt/PadBuster/padBuster.pl 2>/dev/null && \
+    ln -sf /opt/PadBuster/padBuster.pl /usr/local/bin/padbuster 2>/dev/null || true
+# jwt_tool
+RUN git clone https://github.com/ticarpi/jwt_tool /opt/jwt_tool 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/jwt_tool/requirements.txt 2>/dev/null; \
+    ln -sf /opt/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool 2>/dev/null; \
+    chmod +x /opt/jwt_tool/jwt_tool.py 2>/dev/null; true
+# smuggler (HTTP Request Smuggling)
+RUN git clone https://github.com/defparam/smuggler /opt/smuggler && \
+    chmod +x /opt/smuggler/smuggler.py && \
+    ln -s /opt/smuggler/smuggler.py /usr/local/bin/smuggler
+# Param Miner / arjun (hidden parameter discovery)
+RUN pip3 install --no-cache-dir --break-system-packages arjun 2>/dev/null || true
+# kxss (XSS scanning)
+RUN go install github.com/tomnomnom/qsreplace@latest 2>/dev/null || true
+RUN go install github.com/Emoe/kxss@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/mapcidr/cmd/mapcidr@latest 2>/dev/null || true
+RUN go install github.com/projectdiscovery/chaos-client/cmd/chaos@latest 2>/dev/null || true
+# x8 — better hidden parameter discovery
+RUN go install github.com/Sh1Yo/x8@latest 2>/dev/null || true
+# LinkFinder (JS analysis)
+RUN git clone https://github.com/GerbenJavado/LinkFinder /opt/LinkFinder 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/LinkFinder/requirements.txt 2>/dev/null; \
+    ln -sf /opt/LinkFinder/linkfinder.py /usr/local/bin/linkfinder 2>/dev/null; true
+# Burp Suite Community (headless)
+RUN curl -L "https://portswigger.net/burp/releases/download?product=community&type=jar" \
+    -o /opt/burpsuite.jar 2>/dev/null || true
+# grpcurl
+RUN go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest
+# ─────────────────────────────────────────────
+# Password & Credential Tools
+# (rt-password-spray, rt-wordlist-generation, rt-lsass-dumping, rt-credential-access)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    hashcat \
+    john \
+    hydra \
+    medusa \
+    cewl \
+    crunch \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+# pypykatz (LSASS parsing on Linux)
+RUN pip3 install --no-cache-dir --break-system-packages pypykatz 2>/dev/null || true
+# CUPP (password profiling)
+RUN git clone https://github.com/Mebus/cupp /opt/cupp && \
+    ln -s /opt/cupp/cupp.py /usr/local/bin/cupp && \
+    chmod +x /opt/cupp/cupp.py
+# SecLists
+RUN git clone --depth 1 https://github.com/danielmiessler/SecLists /opt/SecLists
+# kwprocessor (keyboard walks)
+RUN go install github.com/hashcat/kwprocessor@latest 2>/dev/null || \
+    git clone https://github.com/hashcat/kwprocessor /opt/kwprocessor
+# ─────────────────────────────────────────────
+# Active Directory Tools
+# (rt-exploit-active-directory, rt-exploit-adcs, rt-lateral-movement,
+#  rt-privilege-escalation, rt-persistence, rt-adfs)
+# ─────────────────────────────────────────────
+# AD tools — installed separately to avoid dependency conflicts
+RUN pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages bloodhound 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages ldap3 pyOpenSSL 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages certipy-ad 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages pywhisker 2>/dev/null || true
+# netexec (crackmapexec successor)
+RUN pip3 install --no-cache-dir --break-system-packages netexec 2>/dev/null || true
+# evil-winrm
+RUN gem install evil-winrm 2>/dev/null || true
+# BloodHound Python ingestor
+RUN pip3 install --no-cache-dir --break-system-packages bloodhound 2>/dev/null || true
+# Kerbrute (already installed via Go)
+# bloodyAD
+RUN pip3 install --no-cache-dir --break-system-packages bloodyAD 2>/dev/null || true
+# PKINITtools
+RUN git clone https://github.com/dirkjanm/PKINITtools /opt/PKINITtools && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/PKINITtools/requirements.txt 2>/dev/null || true
+# PetitPotam
+RUN git clone https://github.com/topotam/PetitPotam /opt/PetitPotam
+# ─────────────────────────────────────────────
+# Cloud Tools
+# (rt-exploit-cloud-aws, rt-exploit-cloud-azure, rt-exploit-cloud-gcp,
+#  rt-kubernetes, rt-serverless, rt-exploit-containers)
+# ─────────────────────────────────────────────
+# AWS CLI
+RUN pip3 install --no-cache-dir --break-system-packages awscli boto3 2>/dev/null || true
+# Azure CLI
+RUN pip3 install --no-cache-dir --break-system-packages azure-cli 2>/dev/null || \
+    curl -sL https://aka.ms/InstallAzureCLIDeb | bash 2>/dev/null || true
+# GCP CLI
+RUN pip3 install --no-cache-dir --break-system-packages google-cloud-storage google-auth 2>/dev/null || true
+# Pacu (AWS exploitation)
+RUN git clone https://github.com/RhinoSecurityLabs/pacu /opt/pacu 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages \
+    $(ls /opt/pacu/requirements*.txt 2>/dev/null | head -1 | xargs -I{} echo "-r {}") \
+    2>/dev/null; \
+    pip3 install --no-cache-dir --break-system-packages pacu 2>/dev/null; \
+    ln -sf /opt/pacu/cli.py /usr/local/bin/pacu 2>/dev/null; true
+# ScoutSuite (multi-cloud)
+RUN pip3 install --no-cache-dir --break-system-packages scoutsuite 2>/dev/null || true
+# CloudFox
+RUN go install github.com/BishopFox/cloudfox@latest 2>/dev/null || true
+# kubectl
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+    install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \
+    rm kubectl
+# kube-hunter
+RUN pip3 install --no-cache-dir --break-system-packages kube-hunter 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Post-Exploitation & C2 Tools
+# (rt-post-exploitation, rt-c2-operations, rt-defense-evasion,
+#  rt-lateral-movement, rt-persistence, rt-data-exfiltration)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    metasploit-framework \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+# Sliver C2
+RUN curl https://sliver.sh/install | sudo bash 2>/dev/null || \
+    go install github.com/BishopFox/sliver/client/cmd/sliver-client@latest 2>/dev/null || true
+# Chisel (TCP tunneling)
+RUN go install github.com/jpillora/chisel@latest
+# Ligolo-ng (Layer 3 tunneling)
+RUN go install github.com/nicocha30/ligolo-ng/cmd/proxy@latest 2>/dev/null || true
+RUN go install github.com/nicocha30/ligolo-ng/cmd/agent@latest 2>/dev/null || true
+# iodine (DNS tunneling)
+RUN apt-get update && apt-get install -y --no-install-recommends iodine && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+# dnscat2
+RUN git clone https://github.com/iagox86/dnscat2 /opt/dnscat2 && \
+    cd /opt/dnscat2/client && make 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Network & Protocol Tools
+# (rt-network-segmentation, rt-ssl-mitm, rt-traffic-analysis, rt-exploit-wireless)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    responder \
+    bettercap \
+    ettercap-text-only \
+    dsniff \
+    sslstrip \
+    hping3 \
+    yersinia \
+    proxychains4 \
+    ptunnel-ng \
+    socat \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+# zeek (traffic analysis)
+RUN apt-get update && apt-get install -y --no-install-recommends zeek 2>/dev/null || true && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# PCredz (credential extraction from pcap)
+RUN git clone https://github.com/lgandx/PCredz /opt/PCredz && \
+    pip3 install --no-cache-dir --break-system-packages Cython 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Social Engineering & Phishing
+# (rt-social-engineering, rt-exploit-phishing)
+# ─────────────────────────────────────────────
+# GoPhish
+RUN wget -q "https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip" \
+    -O /tmp/gophish.zip 2>/dev/null && \
+    unzip -q /tmp/gophish.zip -d /opt/gophish 2>/dev/null && \
+    chmod +x /opt/gophish/gophish 2>/dev/null && \
+    ln -s /opt/gophish/gophish /usr/local/bin/gophish 2>/dev/null && \
+    rm /tmp/gophish.zip 2>/dev/null || true
+# SET (Social Engineering Toolkit)
+RUN git clone https://github.com/trustedsec/social-engineer-toolkit /opt/setoolkit && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/setoolkit/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Deserialization Tools
+# (rt-deserialization)
+# ─────────────────────────────────────────────
+# ysoserial
+RUN mkdir -p /opt/ysoserial && \
+    wget -q "https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar" \
+    -O /opt/ysoserial/ysoserial.jar && \
+    echo '#!/bin/bash\njava -jar /opt/ysoserial/ysoserial.jar "$@"' > /usr/local/bin/ysoserial && \
+    chmod +x /usr/local/bin/ysoserial
+# phpggc
+RUN git clone https://github.com/ambionics/phpggc /opt/phpggc && \
+    ln -s /opt/phpggc/phpggc /usr/local/bin/phpggc && \
+    chmod +x /opt/phpggc/phpggc
+# ─────────────────────────────────────────────
+# Binary Analysis & Reverse Engineering
+# (rt-binary-reverse-engineering)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gdb \
+    radare2 \
+    ltrace strace \
+    binutils \
+    patchelf \
+    nasm \
+    ghidra 2>/dev/null || true \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+# Ghidra (if not in apt)
+RUN if ! command -v ghidra &>/dev/null; then \
+    wget -q "https://github.com/NationalSecurityAgency/ghidra/releases/latest/download/ghidra_11.1_PUBLIC_20240607.zip" \
+    -O /tmp/ghidra.zip 2>/dev/null && \
+    unzip -q /tmp/ghidra.zip -d /opt && \
+    ln -s /opt/ghidra_*/ghidraRun /usr/local/bin/ghidra && \
+    rm /tmp/ghidra.zip 2>/dev/null; fi || true
+# floss (string deobfuscation)
+RUN pip3 install --no-cache-dir --break-system-packages floss 2>/dev/null || true
+# pwndbg (GDB enhancement)
+RUN git clone https://github.com/pwndbg/pwndbg /opt/pwndbg && \
+    cd /opt/pwndbg && ./setup.sh 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Fuzzing Tools
+# (rt-exploit-fuzzing)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    afl++ \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+# radamsa — build from source (not in Kali repos)
+RUN git clone https://gitlab.com/akihe/radamsa /opt/radamsa && \
+    cd /opt/radamsa && make 2>/dev/null && \
+    ln -sf /opt/radamsa/bin/radamsa /usr/local/bin/radamsa 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages boofuzz 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Hardware & IoT Tools
+# (rt-hardware-hacking, rt-exploit-iot, rt-exploit-scada)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    openocd \
+    flashrom \
+    avrdude \
+    minicom \
+    screen \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN pip3 install --no-cache-dir --break-system-packages \
+    bleak \
+    pyserial \
+    pyModbusTCP 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Steganography & Covert Channels
+# (rt-steganography)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    steghide sox binwalk exiftool \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+# outguess — not in Kali repos, build from source
+RUN git clone https://github.com/crorvick/outguess /opt/outguess && \
+    cd /opt/outguess && autoreconf -i && ./configure && make && make install 2>/dev/null || true
+RUN gem install zsteg 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages stegoveritas 2>/dev/null || true
+# ─────────────────────────────────────────────
+# VoIP Tools
+# (rt-voip-sip)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    sipvicious 2>/dev/null || true \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages sipvicious 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Crypto Attack Tools
+# (rt-crypto-attacks)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages \
+    pycryptodome \
+    hashpumpy \
+    cryptography \
+    padding-oracle-attacker 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Web Proxy & Interception
+# (rt-ssl-mitm)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages mitmproxy 2>/dev/null || true
+# OWASP ZAP (Burp Suite alternative)
+RUN wget -q "https://github.com/zaproxy/zaproxy/releases/latest/download/ZAP_LINUX_PACKAGE.tar.gz" \
+    -O /tmp/zap.tar.gz 2>/dev/null && \
+    tar xf /tmp/zap.tar.gz -C /opt/ && \
+    ln -s /opt/ZAP_*/zap.sh /usr/local/bin/zap && \
+    rm /tmp/zap.tar.gz 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Azure AD — ROADtools (Azure AD enumeration)
+# (rt-azure-ad, rt-adfs)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages roadtools roadrecon 2>/dev/null || true
+# ─────────────────────────────────────────────
+# AWS IAM — PMapper (privilege escalation paths)
+# (rt-exploit-cloud-aws)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages principalmapper 2>/dev/null || \
+    git clone https://github.com/nccgroup/PMapper /opt/PMapper && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/PMapper/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Email Breach Hunting — h8mail
+# (rt-osint, rt-credential-hunt)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages h8mail 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Frida + Objection
+# (rt-exploit-android, rt-exploit-ios)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages \
+    frida-tools \
+    objection \
+    apkleaks 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Phishing — Evilginx3 (MFA-bypassing reverse proxy)
+# (rt-social-engineering, rt-exploit-phishing)
+# ─────────────────────────────────────────────
+RUN go install github.com/kgretzky/evilginx2@latest 2>/dev/null || \
+    git clone https://github.com/kgretzky/evilginx2 /opt/evilginx3 && \
+    cd /opt/evilginx3 && go build -o /usr/local/bin/evilginx3 . 2>/dev/null || true
+# ─────────────────────────────────────────────
+# AI/LLM Tools
+# (rt-ai-llm-security)
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages \
+    garak \
+    openai \
+    anthropic \
+    requests 2>/dev/null || true
+# ─────────────────────────────────────────────
+# C2 Frameworks (Additional)
+# Havoc C2, Empire, PoshC2
+# ─────────────────────────────────────────────
+RUN git clone https://github.com/BC-SECURITY/Empire /opt/Empire 2>/dev/null; \
+    [ -f /opt/Empire/requirements.txt ] && pip3 install --no-cache-dir --break-system-packages -r /opt/Empire/requirements.txt 2>/dev/null; \
+    ln -sf /opt/Empire/empire /usr/local/bin/empire 2>/dev/null; true
+RUN git clone https://github.com/nettitude/PoshC2 /opt/PoshC2 && \
+    cd /opt/PoshC2 && pip3 install --no-cache-dir --break-system-packages -r requirements.txt 2>/dev/null || true
+# Villain C2 (lightweight)
+RUN git clone https://github.com/t3l3machus/Villain /opt/Villain && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/Villain/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Web Testing (Additional)
+# Caido, Ghauri, GraphQL tools, CORScanner
+# ─────────────────────────────────────────────
+# Caido — modern Burp alternative
+RUN curl -fsSL "https://caido.io/download/latest/linux" -o /usr/local/bin/caido 2>/dev/null && \
+    chmod +x /usr/local/bin/caido 2>/dev/null || true
+# Ghauri — advanced SQLi tool
+RUN pip3 install --no-cache-dir --break-system-packages ghauri 2>/dev/null; \
+    git clone https://github.com/r0oth3x49/ghauri /opt/ghauri 2>/dev/null; \
+    [ -f /opt/ghauri/requirements.txt ] && pip3 install --no-cache-dir --break-system-packages -r /opt/ghauri/requirements.txt 2>/dev/null; \
+    ln -sf /opt/ghauri/ghauri.py /usr/local/bin/ghauri 2>/dev/null; true
+# GraphQL tools
+RUN pip3 install --no-cache-dir --break-system-packages graphw00f 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages clairvoyance 2>/dev/null || true
+# CORScanner
+RUN git clone https://github.com/chenjj/CORScanner /opt/CORScanner && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/CORScanner/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Active Directory (Additional)
+# coercer, mitm6, KrbRelayUp, NoPac, DonPAPI
+# ─────────────────────────────────────────────
+# coercer — unified auth coercion (EFS, MS-RPRN, MS-DFSNM, etc.)
+RUN pip3 install --no-cache-dir --break-system-packages coercer 2>/dev/null || \
+    git clone https://github.com/p0dalirius/Coercer /opt/Coercer && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/Coercer/requirements.txt 2>/dev/null || true
+# mitm6 — IPv6 MITM + DNS takeover
+RUN pip3 install --no-cache-dir --break-system-packages mitm6 2>/dev/null || true
+# DonPAPI — DPAPI credential hunting
+RUN git clone https://github.com/login-securite/DonPAPI /opt/DonPAPI && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/DonPAPI/requirements.txt 2>/dev/null || true
+# NoPac — CVE-2021-42278/42427
+RUN git clone https://github.com/Ridter/noPac /opt/noPac && \
+    pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true
+# pyrdp — RDP MITM
+RUN pip3 install --no-cache-dir --break-system-packages pyrdp 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Container Escape Tools
+# CDK, deepce, botb
+# ─────────────────────────────────────────────
+# CDK — Container escape toolkit
+RUN go install github.com/cdk-team/CDK/cmd/cdk@latest 2>/dev/null || \
+    curl -sSL https://github.com/cdk-team/CDK/releases/latest/download/cdk_linux_amd64 \
+    -o /usr/local/bin/cdk && chmod +x /usr/local/bin/cdk 2>/dev/null || true
+# deepce — Docker escape
+RUN curl -sSL https://github.com/stealthcopter/deepce/releases/latest/download/deepce \
+    -o /usr/local/bin/deepce && chmod +x /usr/local/bin/deepce 2>/dev/null || true
+# botb — Break Out The Box
+RUN go install github.com/brompwnie/botb@latest 2>/dev/null || true
+# Trivy — container/image vulnerability scanning
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | \
+    sh -s -- -b /usr/local/bin 2>/dev/null || \
+    apt-get install -y trivy 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Cloud (Additional)
+# Prowler, Steampipe, Stratus Red Team, TeamFiltration
+# ─────────────────────────────────────────────
+# Prowler — AWS/GCP/Azure compliance audit
+RUN pip3 install --no-cache-dir --break-system-packages prowler 2>/dev/null || true
+# Stratus Red Team — cloud attack for detection testing
+RUN go install github.com/DataDog/stratus-red-team/v2/cmd/stratus@latest 2>/dev/null || true
+# TeamFiltration — M365 user enum and spray
+RUN curl -sSL "https://github.com/Flangvik/TeamFiltration/releases/latest/download/TeamFiltration_Linux" \
+    -o /usr/local/bin/teamfiltration && chmod +x /usr/local/bin/teamfiltration 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Payload Generation & Evasion
+# Veil-Evasion, macro_pack, Donut, ScareCrow
+# ─────────────────────────────────────────────
+# Veil-Evasion
+RUN git clone https://github.com/Veil-Framework/Veil /opt/Veil && \
+    cd /opt/Veil/setup && bash setup.sh -s 2>/dev/null || true
+# macro_pack — Office macro obfuscation
+RUN git clone https://github.com/sevagas/macro_pack /opt/macro_pack 2>/dev/null || true
+# Donut — shellcode generation
+RUN pip3 install --no-cache-dir --break-system-packages donut-shellcode 2>/dev/null || \
+    go install github.com/Binject/go-donut/cmd/godonuts@latest 2>/dev/null || true
+# ─────────────────────────────────────────────
+# OSINT (Additional)
+# SpiderFoot, Maigret, Holehe, GHunt, CrossLinked
+# ─────────────────────────────────────────────
+RUN pip3 install --no-cache-dir --break-system-packages \
+    spiderfoot 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages \
+    maigret \
+    holehe \
+    ghunt \
+    socialscan 2>/dev/null || true
+# CrossLinked — LinkedIn username generation
+RUN git clone https://github.com/m8sec/CrossLinked /opt/CrossLinked && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/CrossLinked/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Core Tools
+# apktool, jadx, dex2jar, adb
+# (rt-exploit-android, rt-exploit-ios, rt-apk-repackaging)
+# ─────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    apktool \
+    dex2jar \
+    android-tools-adb \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# jadx — Java decompiler
+RUN mkdir -p /opt/jadx && \
+    curl -sSL "https://github.com/skylot/jadx/releases/latest/download/jadx-1.5.0.zip" \
+    -o /tmp/jadx.zip 2>/dev/null && \
+    unzip -q /tmp/jadx.zip -d /opt/jadx && \
+    ln -sf /opt/jadx/bin/jadx /usr/local/bin/jadx && \
+    ln -sf /opt/jadx/bin/jadx-gui /usr/local/bin/jadx-gui && \
+    rm /tmp/jadx.zip 2>/dev/null || true
+# uber-apk-signer — sign + zipalign APKs in one command
+# (rt-apk-repackaging — required for repackaged APK signing)
+RUN mkdir -p /opt/uber-apk-signer && \
+    curl -sSL "https://github.com/patrickfav/uber-apk-signer/releases/download/v1.3.0/uber-apk-signer-1.3.0.jar" \
+    -o /opt/uber-apk-signer/uber-apk-signer.jar 2>/dev/null && \
+    echo '#!/bin/bash\nexec java -jar /opt/uber-apk-signer/uber-apk-signer.jar "$@"' \
+    > /usr/local/bin/uber-apk-signer && \
+    chmod +x /usr/local/bin/uber-apk-signer 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Advanced Dynamic Analysis
+# Frida, Objection, reFlutter
+# (rt-frida-advanced, rt-mobile-ssl-pinning)
+# ─────────────────────────────────────────────
+# frida-tools + objection + apkleaks (already in base section, ensure latest)
+RUN pip3 install --no-cache-dir --break-system-packages \
+    frida-tools \
+    objection \
+    apkleaks 2>/dev/null || true
+# reFlutter — patches libflutter.so to remove SSL pinning + redirect to Burp
+# (rt-mobile-ssl-pinning, rt-cross-platform-mobile — Flutter apps)
+RUN pip3 install --no-cache-dir --break-system-packages reFlutter 2>/dev/null || \
+    git clone https://github.com/Impact-I/reFlutter /opt/reFlutter && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/reFlutter/requirements.txt 2>/dev/null || true
+# apk-mitm — automatic SSL unpinning for APKs (no Frida needed)
+# (rt-mobile-ssl-pinning — when Frida/Objection bypass fails)
+RUN npm install -g apk-mitm 2>/dev/null || true
+# frida-server helper script — pulls correct frida-server for connected device
+# Usage: setup-frida-server [device_ip:port]
+# (rt-frida-advanced)
+RUN cat > /usr/local/bin/setup-frida-server << 'SCRIPT'
+#!/bin/bash
+set -e
+FRIDA_VER=$(python3 -c "import frida; print(frida.__version__)" 2>/dev/null || pip3 show frida | grep Version | awk '{print $2}')
+DEVICE=${1:-"usb"}
+if [ "$DEVICE" != "usb" ]; then
+    adb connect "$DEVICE"
+fi
+ARCH=$(adb shell getprop ro.product.cpu.abi 2>/dev/null | tr -d '\r')
+case $ARCH in
+    arm64-v8a) ARCH_NAME="arm64" ;;
+    armeabi-v7a) ARCH_NAME="arm" ;;
+    x86_64) ARCH_NAME="x86_64" ;;
+    x86) ARCH_NAME="x86" ;;
+    *) echo "Unknown arch: $ARCH"; exit 1 ;;
+esac
+echo "[*] Frida version: $FRIDA_VER | Device arch: $ARCH_NAME"
+URL="https://github.com/frida/frida/releases/download/${FRIDA_VER}/frida-server-${FRIDA_VER}-android-${ARCH_NAME}.xz"
+echo "[*] Downloading: $URL"
+wget -q "$URL" -O /tmp/frida-server.xz
+unxz /tmp/frida-server.xz
+mv /tmp/frida-server "/tmp/frida-server-${ARCH_NAME}"
+adb push "/tmp/frida-server-${ARCH_NAME}" /data/local/tmp/frida-server
+adb shell chmod 755 /data/local/tmp/frida-server
+echo "[+] Installed. Start with: adb shell /data/local/tmp/frida-server &"
+SCRIPT
+RUN chmod +x /usr/local/bin/setup-frida-server 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Cross-Platform App Analysis
+# React Native (Hermes), Flutter (Dart), Xamarin
+# (rt-cross-platform-mobile)
+# ─────────────────────────────────────────────
+# hermes-dec — decompile Hermes bytecode (React Native compiled bundles)
+RUN pip3 install --no-cache-dir --break-system-packages hermes-dec 2>/dev/null || true
+# hbctool — alternative Hermes bytecode disassembler
+RUN pip3 install --no-cache-dir --break-system-packages hbctool 2>/dev/null || true
+# js-beautify — prettify plain React Native JS bundles
+RUN npm install -g js-beautify 2>/dev/null || true
+# doldrums — extract Dart code from Flutter kernel_blob.bin
+RUN pip3 install --no-cache-dir --break-system-packages doldrums 2>/dev/null || \
+    git clone https://github.com/nicowillis/doldrums /opt/doldrums && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/doldrums/requirements.txt 2>/dev/null || true
+# Mono + monodis — decompile Xamarin .NET assemblies
+# monodis = IL disassembler for .NET DLLs from Xamarin apps
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    mono-complete \
+    mono-utils \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ilspycmd — .NET decompiler (better than monodis for Xamarin DLL source)
+RUN dotnet tool install --global ilspycmd 2>/dev/null || true
+# lz4 — decompress Xamarin LZ4-compressed assemblies (XALZ format)
+RUN pip3 install --no-cache-dir --break-system-packages lz4 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Static Analysis Deep
+# MobSF (via Docker), androguard, trufflehog, secret scanning
+# (rt-mobile-static-deep)
+# ─────────────────────────────────────────────
+# androguard — Python library for APK analysis (imports, permissions, code)
+RUN pip3 install --no-cache-dir --break-system-packages androguard 2>/dev/null || true
+# apkleaks — scan APK for leaked secrets, endpoints, API keys
+RUN pip3 install --no-cache-dir --break-system-packages apkleaks 2>/dev/null || true
+# trufflehog3 — secret scanning on decompiled source
+RUN pip3 install --no-cache-dir --break-system-packages trufflehog3 2>/dev/null || true
+# MobSF — NOTE: MobSF is too heavy for the base image (~2GB)
+# Run separately: docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf
+# Or add to your docker-compose.yml alongside rtexit-kali
+RUN echo '# MobSF: docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf' \
+    >> /etc/profile.d/rtexit-aliases.sh 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Malware & C2
+# msfvenom (already installed), TheFatRat, AhMyth, qrcode
+# (rt-mobile-malware-c2)
+# ─────────────────────────────────────────────
+# qrcode — generate QR codes for APK delivery URLs
+RUN pip3 install --no-cache-dir --break-system-packages "qrcode[pil]" Pillow 2>/dev/null || true
+# TheFatRat — FUD payload generator (APK + exe + more)
+RUN git clone https://github.com/Screetsec/TheFatRat /opt/TheFatRat 2>/dev/null && \
+    chmod +x /opt/TheFatRat/fatrat 2>/dev/null || true
+# NOTE: TheFatRat requires setup.sh on first use: cd /opt/TheFatRat && bash setup.sh
+# AhMyth RAT — NOTE: Electron GUI app, cannot run headless in Docker
+# Download on attacker machine: https://github.com/AhMyth/AhMyth-Android-RAT/releases
+RUN echo '# AhMyth: download GUI from https://github.com/AhMyth/AhMyth-Android-RAT/releases' \
+    >> /etc/profile.d/rtexit-aliases.sh 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Mobile Testing — Intent Exploitation
+# Drozer (already installed), adb (already installed)
+# (rt-android-intent-exploitation)
+# ─────────────────────────────────────────────
+# drozer — already installed above, ensure agent JAR is available
+RUN pip3 install --no-cache-dir --break-system-packages drozer 2>/dev/null || true
+# Download drozer agent APK for device installation
+RUN mkdir -p /opt/drozer && \
+    curl -sSL "https://github.com/WithSecureLabs/drozer/releases/latest/download/drozer-agent.apk" \
+    -o /opt/drozer/drozer-agent.apk 2>/dev/null && \
+    echo "[*] Install on device: adb install /opt/drozer/drozer-agent.apk" >> /opt/drozer/README.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Purple Team / Detection Testing
+# Atomic Red Team, Caldera
+# ─────────────────────────────────────────────
+# Atomic Red Team — MITRE ATT&CK tests
+RUN git clone https://github.com/redcanaryco/atomic-red-team /opt/atomic-red-team 2>/dev/null || true
+# Caldera — MITRE adversary simulation
+RUN git clone https://github.com/mitre/caldera /opt/caldera && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/caldera/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Missing Tools (Gap Analysis v1)
+# ─────────────────────────────────────────────
+# Android — Drozer (component enumeration)
+RUN pip3 install --no-cache-dir --break-system-packages drozer 2>/dev/null || true
+# BLE — crackle + GATTacker
+RUN git clone https://github.com/mikeryan/crackle /opt/crackle && \
+    cd /opt/crackle && make 2>/dev/null || true
+RUN npm install -g gattacker 2>/dev/null || true
+# VoIP — rtpbreak + pjsua (install individually to avoid block on missing pkg)
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends rtpbreak 2>/dev/null || true && \
+    apt-get install -y --no-install-recommends pjsua 2>/dev/null || true && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# Steganography — zsteg
+RUN gem install zsteg 2>/dev/null || true
+# Browser Exploitation — BeEF
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends beef-xss 2>/dev/null || true && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# Electron — electronegativity
+RUN npm install -g @doyensec/electronegativity 2>/dev/null || true
+# AI/LLM — promptfoo
+RUN npm install -g promptfoo 2>/dev/null || true
+# Supply Chain — Dive (Docker layer inspector)
+RUN curl -sSfL https://raw.githubusercontent.com/wagoodman/dive/main/get-dive.sh | sh 2>/dev/null || \
+    wget -qO /tmp/dive.tar.gz "https://github.com/wagoodman/dive/releases/latest/download/dive_linux_amd64.tar.gz" && \
+    tar xf /tmp/dive.tar.gz -C /usr/local/bin dive 2>/dev/null && rm /tmp/dive.tar.gz 2>/dev/null || true
+# VoIP — ucsniff (SIP/RTP sniffer)
+RUN git clone https://github.com/hevnsnt/ucsniff /opt/ucsniff 2>/dev/null || true
+# SCADA — complete pip installs for ICS tools
+RUN [ -f /opt/plcscan/requirements.txt ] && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/plcscan/requirements.txt 2>/dev/null || true
+RUN [ -f /opt/isf/requirements.txt ] && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/isf/requirements.txt 2>/dev/null || true
+# Steganography — StegSolve JAR
+RUN wget -q "https://github.com/zardus/ctf-tools/raw/master/stegsolve/install" \
+    -O /tmp/stegsolve_install 2>/dev/null || true && \
+    mkdir -p /opt/stegsolve && \
+    wget -q "http://www.caesum.com/handbook/Stegsolve.jar" \
+    -O /opt/stegsolve/stegsolve.jar 2>/dev/null || true && \
+    echo '#!/bin/bash\njava -jar /opt/stegsolve/stegsolve.jar "$@"' > /usr/local/bin/stegsolve && \
+    chmod +x /usr/local/bin/stegsolve 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Missing CLI Tools (Gap Analysis v2)
+# ─────────────────────────────────────────────
+# Information Gathering — missing CLI tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    fierce \
+    dnsrecon \
+    dnsenum \
+    nbtscan \
+    smbmap \
+    enum4linux \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages \
+    enum4linux-ng 2>/dev/null || true
+# Password Attacks — missing tools
+RUN pip3 install --no-cache-dir --break-system-packages \
+    patator 2>/dev/null || true
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    onesixtyone \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# Exploitation — searchsploit + routersploit + weevely + king-phisher
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    exploitdb \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages \
+    routersploit \
+    weevely 2>/dev/null || true
+RUN git clone https://github.com/rsmusllp/king-phisher /opt/king-phisher && \
+    pip3 install --no-cache-dir --break-system-packages \
+    -r /opt/king-phisher/requirements.txt 2>/dev/null || true
+# Forensics — CLI tools (all work in container)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    foremost \
+    dc3dd \
+    testdisk \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    bulk-extractor \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# Volatility3 — memory forensics
+RUN git clone https://github.com/volatilityfoundation/volatility3 /opt/volatility3 && \
+    pip3 install --no-cache-dir --break-system-packages \
+    -r /opt/volatility3/requirements.txt 2>/dev/null && \
+    ln -sf /opt/volatility3/vol.py /usr/local/bin/vol 2>/dev/null || true
+# Sniffing — missing CLI tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    arpwatch \
+    netsniff-ng \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Missing Tools (adb + peirates + ScareCrow)
+# ─────────────────────────────────────────────
+RUN apt-get install -y --no-install-recommends android-tools-adb 2>/dev/null || true
+RUN go install github.com/inguardians/peirates@latest 2>/dev/null || \
+    ( git clone https://github.com/inguardians/peirates /opt/peirates && \
+      cd /opt/peirates && go build -o /usr/local/bin/peirates . ) 2>/dev/null || true
+RUN git clone https://github.com/optiv/ScareCrow /opt/ScareCrow 2>/dev/null && \
+    cd /opt/ScareCrow && go build -o /usr/local/bin/ScareCrow . 2>/dev/null || true
+# ═════════════════════════════════════════════
+# GAP ANALYSIS v3 — Advanced Professional Tools
+# All gaps identified from skills audit
+# ═════════════════════════════════════════════
+# ─────────────────────────────────────────────
+# Web & API — Advanced Tools
+# (rt-exploit-web, rt-js-analysis, rt-exploit-graphql)
+# ─────────────────────────────────────────────
+# semgrep — source-assisted web testing, find code patterns
+RUN pip3 install --no-cache-dir --break-system-packages semgrep 2>/dev/null || true
+# jsbeautifier — prettify minified JS from web apps + React Native bundles
+RUN pip3 install --no-cache-dir --break-system-packages jsbeautifier 2>/dev/null || true
+# wappalyzer-cli — technology fingerprinting
+RUN npm install -g wappalyzer-cli 2>/dev/null || true
+# graphql-cop — GraphQL security audit tool
+RUN pip3 install --no-cache-dir --break-system-packages graphql-cop 2>/dev/null || \
+    git clone https://github.com/nicowillis/graphql-cop /opt/graphql-cop 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/graphql-cop/requirements.txt 2>/dev/null || true
+# InQL — GraphQL introspection and attack tool
+RUN pip3 install --no-cache-dir --break-system-packages inql 2>/dev/null || true
+# XXEinjector — automated XXE exploitation
+RUN git clone https://github.com/enjoiz/XXEinjector /opt/XXEinjector 2>/dev/null || true
+# tplmap — Server-Side Template Injection (SSTI) scanner
+RUN git clone https://github.com/epinna/tplmap /opt/tplmap && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/tplmap/requirements.txt 2>/dev/null && \
+    ln -sf /opt/tplmap/tplmap.py /usr/local/bin/tplmap && \
+    chmod +x /opt/tplmap/tplmap.py 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Active Directory — Advanced Tools
+# (rt-exploit-active-directory, rt-kerberos-relay, rt-syscall-bypass)
+# ─────────────────────────────────────────────
+# Rubeus — compiled binary for Kerberos attacks (from GhostPack)
+# NOTE: Windows-only binary, but needed for documentation reference
+# In real engagements: transfer to Windows target via C2
+RUN mkdir -p /opt/GhostPack && \
+    echo "# GhostPack tools (Windows binaries) — transfer to target via C2" > /opt/GhostPack/README.txt && \
+    echo "# Rubeus: https://github.com/GhostPack/Rubeus/releases" >> /opt/GhostPack/README.txt && \
+    echo "# SharpHound: https://github.com/BloodHoundAD/SharpHound/releases" >> /opt/GhostPack/README.txt && \
+    echo "# Seatbelt: https://github.com/GhostPack/Seatbelt/releases" >> /opt/GhostPack/README.txt && \
+    echo "# SharpUp: https://github.com/GhostPack/SharpUp/releases" >> /opt/GhostPack/README.txt
+# KrbRelayUp — Kerberos relay local PrivEsc
+RUN git clone https://github.com/Dec0ne/KrbRelayUp /opt/KrbRelayUp 2>/dev/null || true
+# CVE-2020-1472 Zerologon exploit
+RUN git clone https://github.com/dirkjanm/CVE-2020-1472 /opt/CVE-2020-1472 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true
+# PrintNightmare CVE-2021-1675
+RUN git clone https://github.com/cube0x0/CVE-2021-1675 /opt/PrintNightmare 2>/dev/null || true
+# krbrelayx — Kerberos relay attack framework
+RUN git clone https://github.com/dirkjanm/krbrelayx /opt/krbrelayx && \
+    pip3 install --no-cache-dir --break-system-packages dnspython ldap3 pyOpenSSL 2>/dev/null || true
+# ADFSpoof — Golden SAML attack
+RUN git clone https://github.com/fireeye/ADFSpoof /opt/ADFSpoof 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/ADFSpoof/requirements.txt 2>/dev/null || true
+# pyGPOAbuse — GPO abuse for persistence
+RUN git clone https://github.com/Hackndo/pyGPOAbuse /opt/pyGPOAbuse && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/pyGPOAbuse/requirements.txt 2>/dev/null || true
+# SysWhispers3 — direct syscall bypass generator
+RUN git clone https://github.com/klezVirus/SysWhispers3 /opt/SysWhispers3 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Cloud — Advanced Tools
+# (rt-exploit-cloud-aws, rt-exploit-cloud-azure, rt-exploit-cloud-gcp)
+# ─────────────────────────────────────────────
+# enumerate-iam — AWS IAM permission enumeration without admin
+RUN git clone https://github.com/andresriancho/enumerate-iam /opt/enumerate-iam && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/enumerate-iam/requirements.txt 2>/dev/null && \
+    ln -sf /opt/enumerate-iam/enumerate-iam.py /usr/local/bin/enumerate-iam && \
+    chmod +x /opt/enumerate-iam/enumerate-iam.py 2>/dev/null || true
+# aws-whoami — identify current AWS identity + permissions
+RUN go install github.com/liamg/awswhoami@latest 2>/dev/null || true
+# azcopy — Azure blob/file exfiltration
+RUN curl -sSL "https://aka.ms/downloadazcopy-v10-linux" | tar xz --strip-components=1 -C /usr/local/bin/ 2>/dev/null || true
+# checkov — IaC misconfiguration scanner (Terraform, K8s, ARM)
+RUN pip3 install --no-cache-dir --break-system-packages checkov 2>/dev/null || true
+# steampipe — SQL queries against cloud APIs (AWS/Azure/GCP)
+RUN curl -sSL https://raw.githubusercontent.com/turbot/steampipe/main/etc/install.sh | sh 2>/dev/null || true
+# cloud_enum — multi-cloud asset enumeration
+RUN git clone https://github.com/initstring/cloud_enum /opt/cloud_enum && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/cloud_enum/requirements.txt 2>/dev/null || true
+# s3scanner — public S3 bucket enumeration
+RUN pip3 install --no-cache-dir --break-system-packages s3scanner 2>/dev/null || true
+# gcp_scanner — GCP service account + resource enumeration
+RUN pip3 install --no-cache-dir --break-system-packages gcp-scanner 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Kubernetes — Advanced Tools
+# (rt-kubernetes, rt-exploit-containers)
+# ─────────────────────────────────────────────
+# kubectx + kubens — context and namespace switching
+RUN git clone https://github.com/ahmetb/kubectx /opt/kubectx && \
+    ln -sf /opt/kubectx/kubectx /usr/local/bin/kubectx && \
+    ln -sf /opt/kubectx/kubens /usr/local/bin/kubens 2>/dev/null || true
+# kube-bench — CIS Kubernetes benchmark scanner
+RUN go install github.com/aquasecurity/kube-bench@latest 2>/dev/null || true
+# helm — Kubernetes package manager (for chart-based attacks)
+RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash 2>/dev/null || true
+# kubesploit — Kubernetes-specific post-exploitation framework
+RUN go install github.com/cyberark/kubesploit@latest 2>/dev/null || \
+    git clone https://github.com/cyberark/kubesploit /opt/kubesploit 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Recon & OSINT — Advanced
+# (rt-osint, rt-active-recon, rt-shodan-recon, rt-github-recon)
+# ─────────────────────────────────────────────
+# zmap — fast internet-wide scanner
+RUN apt-get update && apt-get install -y --no-install-recommends zmap \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# git-dumper — dump exposed .git directories
+RUN pip3 install --no-cache-dir --break-system-packages git-dumper 2>/dev/null || true
+# trufflehog — git + S3 + GitHub secret scanning
+RUN pip3 install --no-cache-dir --break-system-packages trufflehog 2>/dev/null || true
+# github-recon tools
+RUN pip3 install --no-cache-dir --break-system-packages PyGithub 2>/dev/null || true
+RUN go install github.com/gwen001/github-subdomains@latest 2>/dev/null || true
+RUN go install github.com/d3mondev/puredns/v2@latest 2>/dev/null || true
+# ipinfo + abuseipdb — IP intelligence
+RUN pip3 install --no-cache-dir --break-system-packages ipinfo 2>/dev/null || true
+# duckduckgo-search — passive recon
+RUN pip3 install --no-cache-dir --break-system-packages duckduckgo-search 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Binary Analysis & Exploitation — Advanced
+# (rt-binary-reverse-engineering, rt-crypto-attacks)
+# ─────────────────────────────────────────────
+# capstone + keystone + unicorn — disassembly/assembly/emulation Python libs
+RUN pip3 install --no-cache-dir --break-system-packages \
+    capstone keystone-engine unicorn 2>/dev/null || true
+# ROPgadget — ROP chain builder
+RUN pip3 install --no-cache-dir --break-system-packages ropgadget 2>/dev/null || true
+# ropper — alternative ROP gadget finder
+RUN pip3 install --no-cache-dir --break-system-packages ropper 2>/dev/null || true
+# GEF — GDB Enhanced Features (better than pwndbg for some scenarios)
+RUN bash -c "$(curl -sSL https://gef.blah.cat/sh)" 2>/dev/null || true
+# angr — binary analysis framework (program analysis, symbolic execution)
+RUN pip3 install --no-cache-dir --break-system-packages angr 2>/dev/null || true
+# YARA — malware pattern matching
+RUN apt-get update && apt-get install -y --no-install-recommends yara \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages yara-python 2>/dev/null || true
+# YARA rules — community malware signatures
+RUN git clone https://github.com/Yara-Rules/rules /opt/yara-rules 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Cryptography — Advanced Math Tools
+# (rt-crypto-attacks)
+# ─────────────────────────────────────────────
+# sympy — symbolic math for RSA attacks, factorization, number theory
+RUN pip3 install --no-cache-dir --break-system-packages sympy 2>/dev/null || true
+# ecdsa + gmpy2 — elliptic curve attacks
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libgmp-dev libmpfr-dev libmpc-dev \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages ecdsa gmpy2 2>/dev/null || true
+# sage — math library for crypto attacks (optional, large)
+# Skipped — too large (~4GB). Use online SageMath when needed.
+# ─────────────────────────────────────────────
+# Wireless — Advanced Tools
+# (rt-exploit-wireless, rt-wifi-attacks)
+# ─────────────────────────────────────────────
+# wifite2 — automated WiFi cracking (WPA2, PMKID, WPS)
+RUN pip3 install --no-cache-dir --break-system-packages wifite2 2>/dev/null || true
+# hcxtools + hcxdumptool — modern WiFi PMKID capture
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    hcxtools \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+RUN git clone https://github.com/ZerBea/hcxdumptool /opt/hcxdumptool && \
+    cd /opt/hcxdumptool && make && make install 2>/dev/null || true
+# hostapd-wpe — Evil Twin / WPA Enterprise attack
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    hostapd-wpe \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ubertooth — Bluetooth classic sniffing hardware tool
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ubertooth \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Phishing & Social Engineering — Advanced
+# (rt-exploit-phishing, rt-social-engineering)
+# ─────────────────────────────────────────────
+# phishery — inject URL into Office documents
+RUN git clone https://github.com/ryhanson/phishery /opt/phishery 2>/dev/null || true
+# o365spray — O365 user enumeration + spray
+RUN pip3 install --no-cache-dir --break-system-packages o365spray 2>/dev/null || \
+    git clone https://github.com/0xZDH/o365spray /opt/o365spray && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/o365spray/requirements.txt 2>/dev/null || true
+# msf-phishing — generate malicious Office documents
+RUN gem install msf-phishing 2>/dev/null || true
+# credSniper — phishing framework with 2FA bypass
+RUN git clone https://github.com/ustayready/CredSniper /opt/CredSniper && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/CredSniper/requirements.txt 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Post-Exploitation — Advanced
+# (rt-c2-operations, rt-lateral-movement, rt-persistence)
+# ─────────────────────────────────────────────
+# Merlin C2 — HTTP/2 + TLS C2 (harder to detect than standard HTTPS)
+RUN go install github.com/Ne0nd0g/merlin-agent/cmd/merlinagent@latest 2>/dev/null || true
+# DeathStar — automated BloodHound path exploitation
+RUN pip3 install --no-cache-dir --break-system-packages deathstar 2>/dev/null || \
+    git clone https://github.com/byt3bl33d3r/DeathStar /opt/DeathStar && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/DeathStar/requirements.txt 2>/dev/null || true
+# ldeep — LDAP enumeration with less noise
+RUN pip3 install --no-cache-dir --break-system-packages ldeep 2>/dev/null || true
+# windapsearch — LDAP enumeration
+RUN go install github.com/ropnop/windapsearch@latest 2>/dev/null || \
+    git clone https://github.com/ropnop/windapsearch /opt/windapsearch 2>/dev/null || true
+# impacket suite — ensure all scripts are in PATH
+RUN pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Supply Chain & Code Analysis
+# (rt-supply-chain, rt-github-recon)
+# ─────────────────────────────────────────────
+# syft — SBOM (Software Bill of Materials) generator
+RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin 2>/dev/null || true
+# grype — vulnerability scanner for container images
+RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin 2>/dev/null || true
+# dependency-check — OWASP SCA tool
+RUN mkdir -p /opt/dependency-check && \
+    curl -sSL "https://github.com/jeremylong/DependencyCheck/releases/latest/download/dependency-check-bin.zip" \
+    -o /tmp/dc.zip 2>/dev/null && \
+    unzip -q /tmp/dc.zip -d /opt/ && \
+    ln -sf /opt/dependency-check/bin/dependency-check.sh /usr/local/bin/dependency-check && \
+    rm /tmp/dc.zip 2>/dev/null || true
+# ─────────────────────────────────────────────
+# DFIR & Memory Forensics
+# (rt-binary-reverse-engineering, purple team)
+# ─────────────────────────────────────────────
+# sleuthkit — disk image forensics (fls, icat, mactime)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    sleuthkit autopsy \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# strings + binutils extras
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    binutils-multiarch \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ─────────────────────────────────────────────
+# AI/LLM Security — Advanced
+# (rt-ai-llm-security)
+# ─────────────────────────────────────────────
+# promptfoo — LLM red-teaming framework
+RUN npm install -g promptfoo 2>/dev/null || true
+# llm-security tools
+RUN pip3 install --no-cache-dir --break-system-packages \
+    garak \
+    langchain \
+    openai \
+    anthropic \
+    transformers 2>/dev/null || true
+# ─────────────────────────────────────────────
+# Network — Advanced Tools
+# (rt-network-segmentation, rt-traffic-analysis)
+# ─────────────────────────────────────────────
+# suricata — IDS/IPS for traffic analysis
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    suricata \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ncrack — network authentication cracker
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ncrack \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# ─────────────────────────────────────────────
+# RTExit Framework Installation
+# ─────────────────────────────────────────────
+RUN mkdir -p $RTEXIT_HOME
+# Install RTExit skills
+RUN npx --yes rtexit-method install --non-interactive 2>/dev/null || true
+# Custom aliases for RTExit workflow
+COPY aliases.sh /etc/profile.d/rtexit-aliases.sh
+RUN chmod +x /etc/profile.d/rtexit-aliases.sh
+# RTExit scripts
+# Nuclei RTExit custom templates
+# Update Go path
+ENV PATH="/root/go/bin:${PATH}"
+ENV GOPATH="/root/go"
+# ─────────────────────────────────────────────
+# Final Setup
+# ─────────────────────────────────────────────
+WORKDIR /workspace
+# Verify tool installation
+COPY verify-tools.sh /opt/rtexit/verify-tools.sh
+RUN chmod +x /opt/rtexit/verify-tools.sh
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+EXPOSE 8080 4444 3000
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["/bin/bash"]