rtexit-method 0.1.18 → 0.1.20

package/packaged-assets/docker/verify/phase3-ad.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+# Phase 3 — Active Directory & Windows
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 3 — Active Directory & Windows"
+
+section "Impacket Suite"
+chk "impacket-psexec"         impacket-psexec
+chk "impacket-smbexec"        impacket-smbexec
+chk "impacket-wmiexec"        impacket-wmiexec
+chk "impacket-secretsdump"    impacket-secretsdump
+chk "impacket-GetUserSPNs"    impacket-GetUserSPNs
+chk "impacket-GetNPUsers"     impacket-GetNPUsers
+chk "impacket-ntlmrelayx"     impacket-ntlmrelayx
+chk "impacket-rpcdump"        impacket-rpcdump
+chk "impacket-samrdump"       impacket-samrdump
+chk "impacket-lookupsid"      impacket-lookupsid
+chk "impacket-ticketer"       impacket-ticketer
+chk "impacket-getST"          impacket-getST
+
+section "Core AD Tools"
+chk "certipy"                 certipy
+chk "evil-winrm"              evil-winrm
+chk "bloodhound-python"       bloodhound-python
+chk "kerbrute"                kerbrute
+chk "netexec"                 netexec
+chk "crackmapexec"            crackmapexec
+chk "ldeep"                   ldeep
+chk "windapsearch"            windapsearch
+
+section "Enumeration"
+chk "ldapdomaindump"          ldapdomaindump
+chk "enum4linux"              enum4linux
+chk "enum4linux-ng"           enum4linux-ng
+chk "nbtscan"                 nbtscan
+chk "smbmap"                  smbmap
+chk "smbclient"               smbclient
+
+section "Coercion & Relay"
+chk "responder"               responder
+chk "mitm6"                   mitm6
+chk_py "coercer"              coercer
+chk_dir "PetitPotam"          /opt/PetitPotam
+chk_dir "krbrelayx"           /opt/krbrelayx
+
+section "ADCS Attacks"
+chk_dir "PKINITtools"         /opt/PKINITtools
+chk "certipy"                 certipy
+
+section "Kerberos Attacks"
+chk_dir "KrbRelayUp"          /opt/KrbRelayUp
+chk_py "pywhisker"            pywhisker
+
+section "CVE Exploits"
+chk_dir "Zerologon"           /opt/CVE-2020-1472
+chk_dir "PrintNightmare"      /opt/PrintNightmare
+chk_dir "NoPac"               /opt/noPac
+
+section "Persistence"
+chk_dir "ADFSpoof (SAML)"     /opt/ADFSpoof
+chk_py "bloodyAD"             bloodyAD
+chk_dir "pyGPOAbuse"          /opt/pyGPOAbuse
+
+section "Credential Hunting"
+chk_py "pypykatz"             pypykatz
+chk_dir "DonPAPI"             /opt/DonPAPI
+chk_py "pyrdp"                pyrdp
+
+section "Evasion (AD)"
+chk_dir "SysWhispers3"        /opt/SysWhispers3
+chk_dir "ScareCrow"           /opt/ScareCrow
+chk_dir "KrbRelayUp"          /opt/KrbRelayUp
+
+section "BloodHound"
+chk_dir "BloodHound.py"       /opt/BloodHound.py
+chk "bloodhound-python"       bloodhound-python
+
+section "Post-Auth Lateral"
+chk_py "DeathStar"            deathstar
+chk_dir "DeathStar"           /opt/DeathStar
+
+section "Exchange / SharePoint"
+chk "roadrecon"               roadrecon
+chk_py "roadtools"            roadtools
+
+phase_summary

package/packaged-assets/docker/verify/phase4-cloud.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# Phase 4 — Cloud Platforms
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 4 — Cloud Platforms (AWS / Azure / GCP)"
+
+section "AWS"
+chk "aws"               aws
+chk "pacu"              pacu
+chk "enumerate-iam"     enumerate-iam
+chk "awswhoami"         awswhoami
+chk_py "boto3"          boto3
+chk_py "botocore"       botocore
+chk_py "principalmapper" principalmapper
+chk "cloudfox"          cloudfox
+chk_py "s3scanner"      s3scanner
+chk_py "prowler"        prowler
+chk "stratus"           stratus
+chk_dir "cloud_enum"    /opt/cloud_enum
+chk_py "checkov"        checkov
+
+section "Azure"
+chk "az"                az
+chk "azcopy"            azcopy
+chk "roadrecon"         roadrecon
+chk_py "roadtools"      roadtools
+chk "teamfiltration"    teamfiltration
+chk_py "msticpy"        msticpy
+
+section "GCP"
+chk_py "google.cloud.storage" google.cloud.storage
+chk_py "gcp_scanner"    gcp_scanner
+
+section "Kubernetes"
+chk "kubectl"           kubectl
+chk "kubectx"           kubectx
+chk "kubens"            kubens
+chk "helm"              helm
+chk "kube-hunter"       kube-hunter
+chk "kube-bench"        kube-bench
+chk "peirates"          peirates
+chk "kubesploit"        kubesploit
+
+section "Container Escape"
+chk "cdk"               cdk
+chk "deepce"            deepce
+chk "botb"              botb
+chk "trivy"             trivy
+chk "dive"              dive
+
+section "IaC Security"
+chk "checkov"           checkov
+chk "syft"              syft
+chk "grype"             grype
+chk "dependency-check"  dependency-check
+
+section "Multi-Cloud"
+chk_py "scoutsuite"     ScoutSuite
+
+phase_summary

package/packaged-assets/docker/verify/phase5-mobile.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+# Phase 5 — Mobile Testing
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 5 — Mobile Testing (Android / iOS / BLE)"
+
+section "Android Core"
+chk "adb"                       adb
+chk "apktool"                   apktool
+chk "jadx"                      jadx
+chk "dex2jar"                   d2j-dex2jar
+
+section "Frida & Dynamic Analysis"
+chk "frida"                     frida
+chk "frida-ps"                  frida-ps
+chk "frida-trace"               frida-trace
+chk "objection"                 objection
+chk "setup-frida-server"        setup-frida-server
+
+section "SSL Pinning Bypass"
+chk_py "reFlutter"              reflutter
+chk "apk-mitm"                  apk-mitm
+
+section "APK Repackaging"
+chk "uber-apk-signer"           uber-apk-signer
+chk_file "uber-apk-signer.jar"  /opt/uber-apk-signer/uber-apk-signer.jar
+
+section "Static Analysis"
+chk "apkleaks"                  apkleaks
+chk_py "androguard"             androguard
+chk_py "trufflehog3"            trufflehog3
+
+section "Component Exploitation"
+chk_py "drozer"                 drozer
+chk_file "drozer-agent.apk"     /opt/drozer/drozer-agent.apk
+
+section "Cross-Platform Apps"
+chk_py "hermes-dec"             hermes
+chk_py "hbctool"                hbctool
+chk_py "doldrums"               doldrums
+chk_py "lz4"                    lz4
+chk "monodis"                   monodis
+chk "js-beautify"               js-beautify
+
+section "Malware & C2"
+chk "qrcode"                    qrcode
+chk_py "qrcode"                 qrcode
+chk_dir "TheFatRat"             /opt/TheFatRat
+chk "msfvenom"                  msfvenom
+
+section "iOS"
+chk "ssh"                       ssh
+
+section "BLE"
+chk_py "bleak"                  bleak
+chk_dir "crackle"               /opt/crackle
+
+phase_summary

package/packaged-assets/docker/verify/phase6-c2.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# Phase 6 — C2 & Post-Exploitation
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 6 — C2 Frameworks & Post-Exploitation"
+
+section "C2 Frameworks"
+chk "msfconsole"        msfconsole
+chk "msfvenom"          msfvenom
+chk "sliver-client"     sliver-client
+chk_dir "Empire"        /opt/Empire
+chk_dir "Villain"       /opt/Villain
+chk_dir "PoshC2"        /opt/PoshC2
+chk_dir "Havoc"         /opt/Havoc
+
+section "Tunneling & Pivoting"
+chk "chisel"            chisel
+chk "ligolo-proxy"      ligolo-proxy
+chk "ligolo-agent"      ligolo-agent
+chk "socat"             socat
+chk "proxychains4"      proxychains4
+
+section "DNS Tunneling"
+chk "iodine"            iodine
+chk_dir "dnscat2"       /opt/dnscat2
+
+section "Payload Generation"
+chk "msfvenom"          msfvenom
+chk_dir "ScareCrow"     /opt/ScareCrow
+chk_py "donut-shellcode" donut
+chk_dir "Veil"          /opt/Veil
+chk_dir "macro_pack"    /opt/macro_pack
+
+section "Evasion"
+chk_dir "SysWhispers3"  /opt/SysWhispers3
+chk_py "pypykatz"       pypykatz
+
+section "Persistence / AD"
+chk_dir "DeathStar"     /opt/DeathStar
+chk_dir "DonPAPI"       /opt/DonPAPI
+chk_py "bloodyAD"       bloodyAD
+
+section "Lateral Movement"
+chk "evil-winrm"        evil-winrm
+chk "netexec"           netexec
+chk "crackmapexec"      crackmapexec
+chk "impacket-wmiexec"  impacket-wmiexec
+chk "impacket-psexec"   impacket-psexec
+chk "impacket-smbexec"  impacket-smbexec
+
+section "Credential Extraction"
+chk_py "pypykatz"       pypykatz
+chk_dir "DonPAPI"       /opt/DonPAPI
+
+section "RDP"
+chk_py "pyrdp"          pyrdp
+
+section "Purple Team"
+chk_dir "Atomic Red Team" /opt/atomic-red-team
+chk_dir "Caldera"       /opt/caldera
+
+phase_summary

package/packaged-assets/docker/verify/phase7-osint.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# Phase 7 — OSINT & Recon
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 7 — OSINT & Intelligence Gathering"
+
+section "Email & People"
+chk "theHarvester"      theHarvester
+chk_py "h8mail"         h8mail
+chk_py "holehe"         holehe
+chk_py "maigret"        maigret
+chk_py "socialscan"     socialscan
+chk_opt "GHunt"         ghunt
+
+section "Username / Social"
+chk_dir "CrossLinked"   /opt/CrossLinked
+chk_py "sherlock"       sherlock
+
+section "Domain Intelligence"
+chk "shodan"            shodan
+chk_py "censys"         censys
+chk_py "duckduckgo_search" duckduckgo_search
+chk_py "ipinfo"         ipinfo
+
+section "GitHub / Code Recon"
+chk "gitleaks"          gitleaks
+chk_py "trufflehog"     trufflehog
+chk "git-dumper"        git-dumper
+chk_py "PyGithub"       github
+
+section "Passive Recon"
+chk "gau"               gau
+chk "waybackurls"       waybackurls
+chk_dir "recon-ng"      /opt/recon-ng
+chk_py "spiderfoot"     sflib
+
+section "OSINT Frameworks"
+chk_dir "recon-ng"      /opt/recon-ng
+chk_py "spiderfoot"     sflib
+
+section "Network Intelligence"
+chk "whois"             whois
+chk "dnsrecon"          dnsrecon
+chk "dnsenum"           dnsenum
+chk "fierce"            fierce
+chk "nbtscan"           nbtscan
+
+phase_summary

package/packaged-assets/docker/verify/phase8-creds.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Phase 8 — Passwords & Credentials
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 8 — Password Attacks & Credential Access"
+
+section "Hash Cracking"
+chk "hashcat"           hashcat
+chk "john"              john
+chk "ophcrack"          ophcrack
+
+section "Online Brute Force"
+chk "hydra"             hydra
+chk "medusa"            medusa
+chk "ncrack"            ncrack
+chk_py "patator"        patator
+
+section "Spray"
+chk "kerbrute"          kerbrute
+chk "netexec"           netexec
+
+section "Wordlist Generation"
+chk "cewl"              cewl
+chk "crunch"            crunch
+chk "cupp"              cupp
+chk_opt "mentalist"     mentalist
+
+section "Kerberos"
+chk "impacket-GetUserSPNs"  impacket-GetUserSPNs
+chk "impacket-GetNPUsers"   impacket-GetNPUsers
+chk "impacket-ticketer"     impacket-ticketer
+chk "impacket-getST"        impacket-getST
+
+section "LSASS / Memory"
+chk_py "pypykatz"       pypykatz
+chk_dir "DonPAPI"       /opt/DonPAPI
+
+section "Windows Credential Stores"
+chk "impacket-secretsdump"  impacket-secretsdump
+chk "impacket-samrdump"     impacket-samrdump
+
+section "Wordlists"
+chk_dir "SecLists"      /opt/SecLists
+chk_file "rockyou.txt"  /opt/SecLists/Passwords/Leaked-Databases/rockyou.txt
+
+section "Crypto / Hashing"
+chk_py "pycryptodome"   Crypto
+chk_py "hashpumpy"      hashpumpy
+chk_py "sympy"          sympy
+chk_py "gmpy2"          gmpy2
+chk_py "ecdsa"          ecdsa
+
+phase_summary

package/packaged-assets/docker/verify/phase9-binary.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+# Phase 9 — Binary Analysis & Reverse Engineering
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 9 — Binary Analysis & Reverse Engineering"
+
+section "Debuggers"
+chk "gdb"               gdb
+chk_dir "pwndbg"        /opt/pwndbg
+chk_dir "GEF"           /root/.gef
+
+section "Disassemblers / Decompilers"
+chk "radare2"           radare2
+chk "r2"                r2
+chk "ghidra"            ghidra
+chk "objdump"           objdump
+chk "jadx"              jadx
+
+section "Binary Analysis"
+chk "binwalk"           binwalk
+chk "strings"           strings
+chk "file"              file
+chk "xxd"               xxd
+chk "hexedit"           hexedit
+chk "nm"                nm
+chk "readelf"           readelf
+chk "ltrace"            ltrace
+chk "strace"            strace
+chk "patchelf"          patchelf
+
+section "Exploit Development"
+chk_py "pwntools"       pwn
+chk "ROPgadget"         ROPgadget
+chk_py "ropper"         ropper
+chk "nasm"              nasm
+
+section "Python Libraries"
+chk_py "capstone"       capstone
+chk_py "keystone"       keystone
+chk_py "unicorn"        unicorn
+chk_py "angr"           angr
+
+section "Obfuscation / Strings"
+chk_py "floss"          floss
+
+section "Fuzzing"
+chk "afl-fuzz"          afl-fuzz
+chk "radamsa"           radamsa
+chk_py "boofuzz"        boofuzz
+
+section "YARA"
+chk "yara"              yara
+chk_py "yara"           yara
+chk_dir "YARA-Rules"    /opt/yara-rules
+
+section "Malware Analysis"
+chk_py "volatility3"    volatility3
+chk_dir "volatility3"   /opt/volatility3
+chk "foremost"          foremost
+chk "bulk_extractor"    bulk_extractor
+
+section "Forensics"
+chk "exiftool"          exiftool
+chk "binwalk"           binwalk
+chk "sleuthkit"         fls
+
+phase_summary

package/packaged-assets/docker/verify/rt-verify-all.sh

@@ -0,0 +1,175 @@
+#!/bin/bash
+# RTExit — Master Tool Verification Script
+# Usage:
+#   bash rt-verify-all.sh           → full verbose report
+#   bash rt-verify-all.sh --quick   → phase summary only
+#   bash rt-verify-all.sh --phase 3 → single phase
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
+BLUE='\033[0;34m'; CYAN='\033[0;36m'; GRAY='\033[0;37m'
+BOLD='\033[1m'; NC='\033[0m'
+
+QUICK=0; SINGLE_PHASE=0
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --quick) QUICK=1; shift ;;
+    --phase) SINGLE_PHASE=$2; shift 2 ;;
+    *) shift ;;
+  esac
+done
+
+# Strip ANSI codes helper
+strip_ansi() { sed 's/\x1b\[[0-9;]*m//g; s/\x1b\[[0-9]*[A-Za-z]//g'; }
+
+# Banner
+clear
+printf "${RED}"
+cat << 'EOF'
+  ██████╗ ████████╗███████╗██╗  ██╗██╗████████╗
+  ██╔══██╗╚══██╔══╝██╔════╝╚██╗██╔╝██║╚══██╔══╝
+  ██████╔╝   ██║   █████╗   ╚███╔╝ ██║   ██║
+  ██╔══██╗   ██║   ██╔══╝   ██╔██╗ ██║   ██║
+  ██║  ██║   ██║   ███████╗██╔╝ ██╗██║   ██║
+  ╚═╝  ╚═╝   ╚═╝   ╚══════╝╚═╝  ╚═╝╚═╝   ╚═╝
+EOF
+printf "${NC}"
+printf "${BOLD}  RTExit Full Tool Verification — 300+ Tools${NC}\n"
+printf "  $(date '+%Y-%m-%d %H:%M:%S')\n\n"
+
+PHASES=(
+  "1:phase1-scanning.sh:Scanning & Recon"
+  "2:phase2-web.sh:Web Application Testing"
+  "3:phase3-ad.sh:Active Directory & Windows"
+  "4:phase4-cloud.sh:Cloud Platforms"
+  "5:phase5-mobile.sh:Mobile Testing"
+  "6:phase6-c2.sh:C2 & Post-Exploitation"
+  "7:phase7-osint.sh:OSINT & Intelligence"
+  "8:phase8-creds.sh:Passwords & Credentials"
+  "9:phase9-binary.sh:Binary Analysis & RE"
+  "10:phase10-network.sh:Network & WiFi"
+  "11:phase11-specialist.sh:Specialist"
+)
+
+GRAND_PASS=0; GRAND_FAIL=0; GRAND_WARN=0; GRAND_TOTAL=0
+declare -a SUMMARY=()
+declare -a ALL_MISSING=()
+
+for entry in "${PHASES[@]}"; do
+  NUM=$(echo "$entry" | cut -d: -f1)
+  SCRIPT=$(echo "$entry" | cut -d: -f2)
+  NAME=$(echo "$entry" | cut -d: -f3)
+
+  [ "$SINGLE_PHASE" -ne 0 ] && [ "$NUM" -ne "$SINGLE_PHASE" ] && continue
+
+  SCRIPT_PATH="$SCRIPT_DIR/$SCRIPT"
+  [ ! -f "$SCRIPT_PATH" ] && continue
+
+  # Run phase and capture output
+  OUTPUT=$(bash "$SCRIPT_PATH" 2>/dev/null)
+  CLEAN=$(echo "$OUTPUT" | strip_ansi)
+
+  # Count results
+  P=$(echo "$CLEAN" | grep -c '✅' 2>/dev/null || echo 0)
+  F=$(echo "$CLEAN" | grep -c '❌' 2>/dev/null || echo 0)
+  W=$(echo "$CLEAN" | grep -c '⚠️' 2>/dev/null || echo 0)
+  T=$((P + F))
+  PCT=0; [ "$T" -gt 0 ] && PCT=$((P * 100 / T))
+
+  # Collect missing tool names
+  while IFS= read -r line; do
+    TOOL=$(echo "$line" | grep '❌' | awk '{print $2}' | head -1)
+    [ -n "$TOOL" ] && ALL_MISSING+=("Phase${NUM}/${NAME}: ${TOOL}")
+  done <<< "$CLEAN"
+
+  GRAND_PASS=$((GRAND_PASS + P))
+  GRAND_FAIL=$((GRAND_FAIL + F))
+  GRAND_WARN=$((GRAND_WARN + W))
+  GRAND_TOTAL=$((GRAND_TOTAL + T))
+
+  # Store for summary
+  SUMMARY+=("$NUM:$NAME:$P:$F:$T:$PCT")
+
+  # Print full output if not quick
+  if [ "$QUICK" -eq 0 ]; then
+    echo "$OUTPUT"
+    echo ""
+  else
+    # Quick mode — one line per phase
+    if   [ "$PCT" -ge 90 ]; then COLOR="${GREEN}"
+    elif [ "$PCT" -ge 70 ]; then COLOR="${YELLOW}"
+    else COLOR="${RED}"; fi
+
+    printf "  Phase %2d │ %-32s │ ${GREEN}%3d✅${NC} ${RED}%3d❌${NC} │ %b%3d%%${NC}\n" \
+      "$NUM" "$NAME" "$P" "$F" "$COLOR" "$PCT"
+  fi
+done
+
+# ── Summary Table ─────────────────────────────────────────────────────────────
+echo ""
+printf "${CYAN}${BOLD}┌──────────────────────────────────────────────────────────────┐${NC}\n"
+printf "${CYAN}${BOLD}│                   VERIFICATION SUMMARY                      │${NC}\n"
+printf "${CYAN}${BOLD}├────┬──────────────────────────────────┬──────┬──────┬───────┤${NC}\n"
+printf "${CYAN}${BOLD}│ Ph │ Phase Name                       │  ✅  │  ❌  │   %%  │${NC}\n"
+printf "${CYAN}${BOLD}├────┼──────────────────────────────────┼──────┼──────┼───────┤${NC}\n"
+
+for entry in "${SUMMARY[@]}"; do
+  NUM=$(echo "$entry" | cut -d: -f1)
+  NAME=$(echo "$entry" | cut -d: -f2)
+  P=$(echo "$entry" | cut -d: -f3)
+  F=$(echo "$entry" | cut -d: -f4)
+  T=$(echo "$entry" | cut -d: -f5)
+  PCT=$(echo "$entry" | cut -d: -f6)
+
+  if   [ "$PCT" -ge 90 ]; then PCOL="${GREEN}"
+  elif [ "$PCT" -ge 70 ]; then PCOL="${YELLOW}"
+  else PCOL="${RED}"; fi
+
+  printf "│ ${BOLD}%2d${NC} │ %-32s │ ${GREEN}%4d${NC} │ ${RED}%4d${NC} │ %b%5d%%${NC} │\n" \
+    "$NUM" "$NAME" "$P" "$F" "$PCOL" "$PCT"
+done
+
+printf "${CYAN}${BOLD}├────┴──────────────────────────────────┴──────┴──────┴───────┤${NC}\n"
+
+GRAND_PCT=0; [ "$GRAND_TOTAL" -gt 0 ] && GRAND_PCT=$((GRAND_PASS * 100 / GRAND_TOTAL))
+if   [ "$GRAND_PCT" -ge 90 ]; then GCOL="${GREEN}"
+elif [ "$GRAND_PCT" -ge 70 ]; then GCOL="${YELLOW}"
+else GCOL="${RED}"; fi
+
+printf "${CYAN}${BOLD}│${NC} ${BOLD}TOTAL${NC}                                    ${GREEN}${BOLD}%4d${NC}   ${RED}${BOLD}%4d${NC}   %b${BOLD}%4d%%${NC}  ${CYAN}${BOLD}│${NC}\n" \
+  "$GRAND_PASS" "$GRAND_FAIL" "$GCOL" "$GRAND_PCT"
+printf "${CYAN}${BOLD}└──────────────────────────────────────────────────────────────┘${NC}\n"
+
+# ── Progress Bar ──────────────────────────────────────────────────────────────
+echo ""
+printf "  "
+BAR=50; FILLED=$((GRAND_PCT * BAR / 100))
+printf "${BOLD}[${NC}"
+for ((i=0; i<BAR; i++)); do
+  [ $i -lt $FILLED ] && printf "${GCOL}█${NC}" || printf "${GRAY}░${NC}"
+done
+printf "${BOLD}]${NC} %b${BOLD} %d%%${NC}  (%d / %d tools)\n" "$GCOL" "$GRAND_PCT" "$GRAND_PASS" "$GRAND_TOTAL"
+
+# ── Missing Tools ─────────────────────────────────────────────────────────────
+if [ "${#ALL_MISSING[@]}" -gt 0 ]; then
+  echo ""
+  printf "${RED}${BOLD}  ❌ Missing Tools:${NC}\n"
+  for m in "${ALL_MISSING[@]}"; do
+    printf "     ${RED}•${NC} %s\n" "$m"
+  done
+fi
+
+# ── Verdict ───────────────────────────────────────────────────────────────────
+echo ""
+if   [ "$GRAND_PCT" -ge 95 ]; then
+  printf "  ${GREEN}${BOLD}🔥 ELITE — Full APT-level toolkit. Ready for any engagement.${NC}\n"
+elif [ "$GRAND_PCT" -ge 85 ]; then
+  printf "  ${GREEN}${BOLD}✅ PROFESSIONAL — Ready for most engagements.${NC}\n"
+elif [ "$GRAND_PCT" -ge 70 ]; then
+  printf "  ${YELLOW}${BOLD}⚠️  OPERATIONAL — Install missing tools before engagement.${NC}\n"
+else
+  printf "  ${RED}${BOLD}❌ INCOMPLETE — Run: bash /opt/rtexit/scripts/rt-native-install.sh${NC}\n"
+fi
+echo ""