rtexit-method 0.1.19 → 0.1.21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rtexit-method",
-  "version": "0.1.19",
+  "version": "0.1.21",
   "description": "RTExit - AI-assisted Red Team methodology installer",
   "license": "MIT",
   "author": "Exit Code",

package/packaged-assets/docker/Dockerfile

@@ -1286,6 +1286,251 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     ncrack \
     2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
 
+# ═════════════════════════════════════════════
+# VERIFIED FIXES — Gap Analysis v4
+# All fixes confirmed working in live containers
+# ═════════════════════════════════════════════
+
+# ─────────────────────────────────────────────
+# Phase 1 — Scanning & Recon (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# Missing apt tools for scanning/DNS
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    zmap dnsrecon dnsenum fierce \
+    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+
+# rustscan — fast port scanner (deb package)
+RUN curl -sL "https://github.com/RustScan/RustScan/releases/download/2.3.0/rustscan_2.3.0_amd64.deb" \
+    -o /tmp/rustscan.deb 2>/dev/null && \
+    dpkg -i /tmp/rustscan.deb 2>/dev/null && \
+    rm /tmp/rustscan.deb 2>/dev/null || true
+
+# feroxbuster — fast content discovery (binary download)
+RUN curl -sL "https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-linux-feroxbuster.zip" \
+    -o /tmp/ferox.zip 2>/dev/null && \
+    unzip -qo /tmp/ferox.zip -d /usr/local/bin/ feroxbuster 2>/dev/null && \
+    rm /tmp/ferox.zip 2>/dev/null || true
+
+# x8 — hidden parameter discovery (binary — go install module path is broken)
+RUN curl -sL "https://github.com/Sh1Yo/x8/releases/download/v4.3.0/x86_64-linux-x8.gz" \
+    -o /tmp/x8.gz 2>/dev/null && \
+    gunzip /tmp/x8.gz 2>/dev/null && \
+    mv /tmp/x8 /usr/local/bin/x8 && \
+    chmod +x /usr/local/bin/x8 2>/dev/null || true
+
+# dirsearch
+RUN pip3 install --no-cache-dir --break-system-packages dirsearch 2>/dev/null || true
+
+# Go tools (missing from base section)
+RUN go install github.com/tomnomnom/httprobe@latest 2>/dev/null || true
+RUN go install github.com/d3mondev/puredns/v2@latest 2>/dev/null || true
+RUN go install github.com/PentestPad/subzy@latest 2>/dev/null || true
+RUN go install github.com/epi052/feroxbuster@latest 2>/dev/null || true
+
+# wappalyzer — wrapper script (npm installs to non-standard path)
+RUN npm install -g wappalyzer-cli 2>/dev/null || true
+RUN printf '#!/bin/bash\nnode /usr/local/lib/node_modules/wappalyzer-cli/bin/wappalyzer "$@"\n' \
+    > /usr/local/bin/wappalyzer && chmod +x /usr/local/bin/wappalyzer 2>/dev/null || true
+
+# Ensure Go binaries are in system PATH
+RUN for bin in httprobe puredns subzy feroxbuster; do \
+        [ -f /root/go/bin/$bin ] && ln -sf /root/go/bin/$bin /usr/local/bin/$bin; \
+    done 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 2 — Web Testing (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# semgrep — pip3 ONLY (apt python3-semgrep does NOT create the 'semgrep' binary)
+RUN pip3 install --no-cache-dir --break-system-packages semgrep 2>/dev/null || true
+
+# checkov — IaC scanner (requires --ignore-installed due to packaging conflict)
+RUN pip3 install --no-cache-dir --break-system-packages --ignore-installed checkov \
+    2>/dev/null || true
+
+# git-dumper — exposed .git directory dumper
+RUN pip3 install --no-cache-dir --break-system-packages \
+    git-dumper graphql-cop graphw00f inql 2>/dev/null || true
+
+# graphql-cop wrapper (pip installs module only, binary needs wrapper)
+RUN printf '#!/bin/bash\npython3 -m graphql_cop "$@"\n' \
+    > /usr/local/bin/graphql-cop && chmod +x /usr/local/bin/graphql-cop || true
+
+# graphw00f wrapper
+RUN printf '#!/bin/bash\npython3 -m graphw00f "$@"\n' \
+    > /usr/local/bin/graphw00f && chmod +x /usr/local/bin/graphw00f || true
+
+# wpscan via gem (NOT apt — apt version is outdated/broken)
+RUN gem install wpscan 2>/dev/null || true
+
+# gitleaks — binary (not pip)
+RUN curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz" \
+    -o /tmp/gl.tar.gz 2>/dev/null && \
+    tar xf /tmp/gl.tar.gz -C /usr/local/bin gitleaks 2>/dev/null && \
+    rm /tmp/gl.tar.gz 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 3 — Active Directory (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# theHarvester — apt (faster and more reliable than pip)
+RUN apt-get update && apt-get install -y --no-install-recommends theharvester \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+
+# netexec + wifite via apt (confirmed working in testing)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    netexec wifite \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+
+# crackmapexec → alias to netexec (same tool, renamed)
+RUN ln -sf /usr/bin/netexec /usr/local/bin/crackmapexec 2>/dev/null || true
+
+# Impacket symlinks — make all .py scripts accessible as impacket-<name>
+# The scripts exist as /usr/local/bin/<name>.py but tools expect impacket-<name>
+RUN for script in psexec smbexec wmiexec secretsdump GetUserSPNs GetNPUsers \
+        ntlmrelayx lookupsid ticketer ticketConverter getST addcomputer \
+        atexec dcomexec dpapi esentutl findDelegation goldenPac karmaSMB \
+        netview nmapAnswerMachine ping6 raiseChild registry-read rpcdump \
+        sambaPipe samrdump services sniffer sniff tstool; do \
+        if [ -f /usr/local/bin/${script}.py ]; then \
+            ln -sf /usr/local/bin/${script}.py /usr/local/bin/impacket-${script} && \
+            chmod +x /usr/local/bin/${script}.py; \
+        fi; \
+    done 2>/dev/null || true
+
+# AD exploit repos (confirmed working)
+RUN git clone https://github.com/Dec0ne/KrbRelayUp /opt/KrbRelayUp --depth 1 -q 2>/dev/null || true
+RUN git clone https://github.com/dirkjanm/CVE-2020-1472 /opt/CVE-2020-1472 --depth 1 -q 2>/dev/null || true
+RUN git clone https://github.com/cube0x0/CVE-2021-1675 /opt/PrintNightmare --depth 1 -q 2>/dev/null || true
+RUN git clone https://github.com/dirkjanm/krbrelayx /opt/krbrelayx --depth 1 -q 2>/dev/null || true
+RUN git clone https://github.com/fireeye/ADFSpoof /opt/ADFSpoof --depth 1 -q 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/ADFSpoof/requirements.txt 2>/dev/null || true
+RUN git clone https://github.com/klezVirus/SysWhispers3 /opt/SysWhispers3 --depth 1 -q 2>/dev/null || true
+RUN git clone https://github.com/Hackndo/pyGPOAbuse /opt/pyGPOAbuse --depth 1 -q 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/pyGPOAbuse/requirements.txt 2>/dev/null || true
+RUN git clone https://github.com/login-securite/DonPAPI /opt/DonPAPI --depth 1 -q 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/DonPAPI/requirements.txt 2>/dev/null || true
+RUN git clone https://github.com/byt3bl33d3r/DeathStar /opt/DeathStar --depth 1 -q 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/DeathStar/requirements.txt 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 4 — Cloud (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# enumerate-iam — AWS IAM enumeration
+RUN git clone https://github.com/andresriancho/enumerate-iam /opt/enumerate-iam --depth 1 -q 2>/dev/null && \
+    pip3 install --no-cache-dir --break-system-packages -r /opt/enumerate-iam/requirements.txt 2>/dev/null && \
+    ln -sf /opt/enumerate-iam/enumerate-iam.py /usr/local/bin/enumerate-iam && \
+    chmod +x /opt/enumerate-iam/enumerate-iam.py 2>/dev/null || true
+
+# kubectx + kubens (context switching)
+RUN git clone https://github.com/ahmetb/kubectx /opt/kubectx --depth 1 -q 2>/dev/null && \
+    ln -sf /opt/kubectx/kubectx /usr/local/bin/kubectx && \
+    ln -sf /opt/kubectx/kubens /usr/local/bin/kubens 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 5 — Mobile (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# jadx — Java decompiler (specific version, reliable)
+RUN mkdir -p /opt/jadx && \
+    curl -sSL "https://github.com/skylot/jadx/releases/download/v1.5.0/jadx-1.5.0.zip" \
+    -o /tmp/jadx.zip 2>/dev/null && \
+    unzip -qo /tmp/jadx.zip -d /opt/jadx && \
+    ln -sf /opt/jadx/bin/jadx /usr/local/bin/jadx && \
+    ln -sf /opt/jadx/bin/jadx-gui /usr/local/bin/jadx-gui && \
+    rm /tmp/jadx.zip 2>/dev/null || true
+
+# uber-apk-signer
+RUN mkdir -p /opt/uber-apk-signer && \
+    curl -sSL "https://github.com/patrickfav/uber-apk-signer/releases/download/v1.3.0/uber-apk-signer-1.3.0.jar" \
+    -o /opt/uber-apk-signer/uber-apk-signer.jar 2>/dev/null && \
+    printf '#!/bin/bash\nexec java -jar /opt/uber-apk-signer/uber-apk-signer.jar "$@"\n' \
+    > /usr/local/bin/uber-apk-signer && chmod +x /usr/local/bin/uber-apk-signer 2>/dev/null || true
+
+# setup-frida-server — helper script
+RUN cat > /usr/local/bin/setup-frida-server << 'FSCRIPT'
+#!/bin/bash
+FRIDA_VER=$(python3 -c "import frida; print(frida.__version__)" 2>/dev/null || pip3 show frida | grep Version | awk '{print $2}')
+ARCH=$(adb shell getprop ro.product.cpu.abi 2>/dev/null | tr -d '\r')
+case $ARCH in
+  arm64-v8a) A="arm64" ;; armeabi-v7a) A="arm" ;;
+  x86_64) A="x86_64" ;; x86) A="x86" ;; *) echo "Unknown arch: $ARCH"; exit 1 ;;
+esac
+wget -q "https://github.com/frida/frida/releases/download/${FRIDA_VER}/frida-server-${FRIDA_VER}-android-${A}.xz" -O /tmp/frida-server.xz
+unxz /tmp/frida-server.xz && mv /tmp/frida-server "/tmp/frida-server-${A}"
+adb push "/tmp/frida-server-${A}" /data/local/tmp/frida-server
+adb shell chmod 755 /data/local/tmp/frida-server
+echo "[+] Start: adb shell /data/local/tmp/frida-server &"
+FSCRIPT
+RUN chmod +x /usr/local/bin/setup-frida-server 2>/dev/null || true
+
+# Mobile Python tools
+RUN pip3 install --no-cache-dir --break-system-packages \
+    reFlutter hermes-dec hbctool doldrums androguard \
+    "qrcode[pil]" Pillow lz4 apkleaks 2>/dev/null || true
+
+# apk-mitm (npm)
+RUN npm install -g apk-mitm 2>/dev/null || true
+
+# drozer agent
+RUN mkdir -p /opt/drozer && \
+    curl -sSL "https://github.com/WithSecureLabs/drozer/releases/latest/download/drozer-agent.apk" \
+    -o /opt/drozer/drozer-agent.apk 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 8 — Credentials (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# Crypto libraries for attacks
+RUN pip3 install --no-cache-dir --break-system-packages \
+    sympy gmpy2 ecdsa 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 9 — Binary Analysis (Verified Fixes)
+# ─────────────────────────────────────────────
+
+RUN pip3 install --no-cache-dir --break-system-packages \
+    capstone keystone-engine unicorn ropgadget ropper angr \
+    yara-python 2>/dev/null || true
+
+# YARA rules
+RUN git clone https://github.com/Yara-Rules/rules /opt/yara-rules --depth 1 -q 2>/dev/null || true
+
+# sleuthkit for forensics
+RUN apt-get update && apt-get install -y --no-install-recommends sleuthkit \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 10 — Network / WiFi (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# hcxdumptool (WiFi PMKID capture)
+RUN git clone https://github.com/ZerBea/hcxdumptool /opt/hcxdumptool --depth 1 -q 2>/dev/null && \
+    cd /opt/hcxdumptool && make && make install 2>/dev/null || true
+
+# hostapd-wpe (Evil Twin / WPA Enterprise)
+RUN apt-get update && apt-get install -y --no-install-recommends hostapd-wpe \
+    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Phase 11 — Specialist (Verified Fixes)
+# ─────────────────────────────────────────────
+
+# AI/LLM tools
+RUN pip3 install --no-cache-dir --break-system-packages \
+    garak openai anthropic langchain transformers 2>/dev/null || true
+RUN npm install -g promptfoo 2>/dev/null || true
+
+# Purple Team
+RUN git clone https://github.com/redcanaryco/atomic-red-team /opt/atomic-red-team --depth 1 -q 2>/dev/null || true
+
+# ─────────────────────────────────────────────
+# Final PATH fix — ensure all Go binaries in system PATH
+# ─────────────────────────────────────────────
+RUN cp /root/go/bin/* /usr/local/bin/ 2>/dev/null || true
+
 # ─────────────────────────────────────────────
 # RTExit Framework Installation
 # ─────────────────────────────────────────────

package/packaged-assets/docker/verify/lib.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+# RTExit Verify — Shared Library
+# Source this in every phase script
+
+RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
+BLUE='\033[0;34m'; CYAN='\033[0;36m'; GRAY='\033[0;37m'; NC='\033[0m'
+BOLD='\033[1m'
+
+# Counters (shared across sourced scripts)
+TOTAL=0; PASS=0; FAIL=0; WARN=0
+
+# Check binary in PATH
+chk() {
+  local name="$1" cmd="${2:-$1}"
+  TOTAL=$((TOTAL+1))
+  if command -v "$cmd" >/dev/null 2>&1; then
+    local ver
+    ver=$(${cmd} --version 2>/dev/null | head -1 | grep -oE '[0-9]+\.[0-9]+(\.[0-9]+)?' | head -1)
+    [ -n "$ver" ] && ver=" ${GRAY}(${ver})${NC}" || ver=""
+    printf "  ${GREEN}✅${NC} %-35s%b\n" "$name" "$ver"
+    PASS=$((PASS+1))
+  else
+    printf "  ${RED}❌${NC} %-35s ${RED}MISSING${NC}\n" "$name"
+    FAIL=$((FAIL+1))
+  fi
+}
+
+# Check Python module
+chk_py() {
+  local name="$1" module="${2:-$1}"
+  TOTAL=$((TOTAL+1))
+  if python3 -c "import ${module}" 2>/dev/null; then
+    local ver
+    ver=$(python3 -c "import ${module}; print(getattr(${module},'__version__',''))" 2>/dev/null | head -1)
+    [ -n "$ver" ] && ver=" ${GRAY}(py ${ver})${NC}" || ver=""
+    printf "  ${GREEN}✅${NC} %-35s%b\n" "$name" "$ver"
+    PASS=$((PASS+1))
+  else
+    printf "  ${RED}❌${NC} %-35s ${RED}no module${NC}\n" "$name"
+    FAIL=$((FAIL+1))
+  fi
+}
+
+# Check directory (git repo / tool folder)
+chk_dir() {
+  local name="$1" path="$2"
+  TOTAL=$((TOTAL+1))
+  if [ -d "$path" ] && [ "$(ls -A "$path" 2>/dev/null)" ]; then
+    local count
+    count=$(find "$path" -maxdepth 1 -type f | wc -l)
+    printf "  ${GREEN}✅${NC} %-35s ${GRAY}(%s files in %s)${NC}\n" "$name" "$count" "$path"
+    PASS=$((PASS+1))
+  else
+    printf "  ${RED}❌${NC} %-35s ${RED}not found: %s${NC}\n" "$name" "$path"
+    FAIL=$((FAIL+1))
+  fi
+}
+
+# Check file exists
+chk_file() {
+  local name="$1" path="$2"
+  TOTAL=$((TOTAL+1))
+  if [ -f "$path" ]; then
+    printf "  ${GREEN}✅${NC} %-35s ${GRAY}(%s)${NC}\n" "$name" "$path"
+    PASS=$((PASS+1))
+  else
+    printf "  ${RED}❌${NC} %-35s ${RED}not found: %s${NC}\n" "$name" "$path"
+    FAIL=$((FAIL+1))
+  fi
+}
+
+# Optional tool (warning, not fail)
+chk_opt() {
+  local name="$1" cmd="${2:-$1}"
+  TOTAL=$((TOTAL+1))
+  if command -v "$cmd" >/dev/null 2>&1 || python3 -c "import ${cmd}" 2>/dev/null; then
+    printf "  ${GREEN}✅${NC} %-35s ${GRAY}(optional)${NC}\n" "$name"
+    PASS=$((PASS+1))
+  else
+    printf "  ${YELLOW}⚠️ ${NC} %-35s ${YELLOW}optional — not installed${NC}\n" "$name"
+    WARN=$((WARN+1))
+  fi
+}
+
+# Print phase header
+phase_header() {
+  echo ""
+  printf "${CYAN}${BOLD}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}\n"
+  printf "${CYAN}${BOLD}  %s${NC}\n" "$1"
+  printf "${CYAN}${BOLD}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}\n"
+}
+
+# Print section header
+section() {
+  echo ""
+  printf "  ${BLUE}── %s ──${NC}\n" "$1"
+}
+
+# Print phase summary
+phase_summary() {
+  local pct=0
+  [ "$TOTAL" -gt 0 ] && pct=$((PASS*100/TOTAL))
+  echo ""
+  printf "  ${BOLD}Result: ${GREEN}%d✅${NC} ${RED}%d❌${NC} ${YELLOW}%d⚠️${NC}  /  %d total  →  " "$PASS" "$FAIL" "$WARN" "$TOTAL"
+  if   [ "$pct" -ge 90 ]; then printf "${GREEN}${BOLD}%d%%${NC}\n" "$pct"
+  elif [ "$pct" -ge 70 ]; then printf "${YELLOW}${BOLD}%d%%${NC}\n" "$pct"
+  else printf "${RED}${BOLD}%d%%${NC}\n" "$pct"
+  fi
+}

package/packaged-assets/docker/verify/phase1-scanning.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# Phase 1 — Scanning & Reconnaissance
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 1 — Scanning & Network Reconnaissance"
+
+section "Port Scanners"
+chk "nmap"              nmap
+chk "masscan"           masscan
+chk "zmap"              zmap
+chk "naabu"             naabu
+chk "rustscan"          rustscan
+
+section "Web Probing"
+chk "httpx"             httpx
+chk "httprobe"          httprobe
+chk "nuclei"            nuclei
+chk "ffuf"              ffuf
+chk "gobuster"          gobuster
+chk "feroxbuster"       feroxbuster
+chk "dirsearch"         dirsearch
+chk "wfuzz"             wfuzz
+chk "dirb"              dirb
+chk "nikto"             nikto
+chk "whatweb"           whatweb
+chk "wafw00f"           wafw00f
+chk "testssl"           testssl
+
+section "DNS & Subdomain"
+chk "subfinder"         subfinder
+chk "amass"             amass
+chk "dnsx"              dnsx
+chk "dnsrecon"          dnsrecon
+chk "dnsenum"           dnsenum
+chk "fierce"            fierce
+chk "puredns"           puredns
+
+section "URL & Link Discovery"
+chk "gau"               gau
+chk "waybackurls"       waybackurls
+chk "katana"            katana
+chk "hakrawler"         hakrawler
+chk "linkfinder"        linkfinder
+chk "gowitness"         gowitness
+
+section "Screenshot & Fingerprint"
+chk "wappalyzer"        wappalyzer
+
+section "Fuzzing & Parameters"
+chk "arjun"             arjun
+chk "x8"                x8
+chk "qsreplace"         qsreplace
+
+section "Subdomain Takeover"
+chk "subzy"             subzy
+
+phase_summary

package/packaged-assets/docker/verify/phase10-network.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# Phase 10 — Network, WiFi & Wireless
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 10 — Network Attacks, WiFi & Wireless"
+
+section "Traffic Analysis"
+chk "tcpdump"           tcpdump
+chk "tshark"            tshark
+chk "wireshark"         wireshark
+chk "netsniff-ng"       netsniff-ng
+chk "arpwatch"          arpwatch
+chk "zeek"              zeek
+chk_dir "PCredz"        /opt/PCredz
+
+section "MITM & Sniffing"
+chk "bettercap"         bettercap
+chk "ettercap"          ettercap
+chk "arpspoof"          arpspoof
+chk "dsniff"            dsniff
+chk "sslstrip"          sslstrip
+chk "mitmproxy"         mitmproxy
+
+section "Network Tools"
+chk "ncat"              ncat
+chk "socat"             socat
+chk "hping3"            hping3
+chk "proxychains4"      proxychains4
+chk "macchanger"        macchanger
+
+section "WiFi Attacks"
+chk "aircrack-ng"       aircrack-ng
+chk "airmon-ng"         airmon-ng
+chk "airodump-ng"       airodump-ng
+chk "aireplay-ng"       aireplay-ng
+chk "wifite"            wifite
+chk "hcxdumptool"       hcxdumptool
+chk "hcxpcapngtool"     hcxpcapngtool
+chk "hostapd-wpe"       hostapd-wpe
+
+section "Bluetooth"
+chk "ubertooth-util"    ubertooth-util
+chk_py "bleak"          bleak
+chk_dir "crackle"       /opt/crackle
+chk_dir "GATTacker"     /opt/gattacker
+
+section "VoIP / SIP"
+chk "sipvicious"        svmap
+chk "rtpbreak"          rtpbreak
+chk_dir "ucsniff"       /opt/ucsniff
+
+section "Tunneling"
+chk "iodine"            iodine
+chk_dir "dnscat2"       /opt/dnscat2
+chk "ptunnel-ng"        ptunnel-ng
+
+section "Responder / Relay"
+chk "responder"         responder
+chk "mitm6"             mitm6
+chk "impacket-ntlmrelayx" impacket-ntlmrelayx
+
+phase_summary

package/packaged-assets/docker/verify/phase11-specialist.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+# Phase 11 — Specialist: Social Engineering, Hardware, IoT, SCADA
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 11 — Specialist (Social / Hardware / IoT / SCADA)"
+
+section "Phishing Frameworks"
+chk "gophish"           gophish
+chk "evilginx2"         evilginx2
+chk_dir "SET"           /opt/setoolkit
+chk_dir "King-Phisher"  /opt/king-phisher
+chk_dir "CredSniper"    /opt/CredSniper
+
+section "Email Attacks"
+chk_py "o365spray"      o365spray
+chk_dir "phishery"      /opt/phishery
+
+section "Hardware Hacking"
+chk "openocd"           openocd
+chk "flashrom"          flashrom
+chk "avrdude"           avrdude
+chk "minicom"           minicom
+chk_py "pyserial"       serial
+
+section "IoT / Embedded"
+chk_py "pyModbusTCP"    pyModbusTCP
+chk_py "bleak"          bleak
+
+section "Steganography"
+chk "steghide"          steghide
+chk "binwalk"           binwalk
+chk "exiftool"          exiftool
+chk "zsteg"             zsteg
+chk "stegsolve"         stegsolve
+chk_py "stegoveritas"   stegoveritas
+chk_dir "outguess"      /opt/outguess
+
+section "AI / LLM Security"
+chk_py "garak"          garak
+chk "promptfoo"         promptfoo
+chk_py "openai"         openai
+chk_py "anthropic"      anthropic
+chk_py "langchain"      langchain
+
+section "Browser Exploitation"
+chk "beef-xss"          beef-xss
+chk_opt "electronegativity" electronegativity
+
+section "Physical / Access"
+chk_opt "Proxmark"      proxmark3
+
+section "Wordlists & Resources"
+chk_dir "SecLists"      /opt/SecLists
+chk_dir "Atomic RT"     /opt/atomic-red-team
+
+phase_summary

package/packaged-assets/docker/verify/phase2-web.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+# Phase 2 — Web Application Testing
+source "$(dirname "$0")/lib.sh"
+
+phase_header "PHASE 2 — Web Application Testing"
+
+section "Injection"
+chk "sqlmap"            sqlmap
+chk "ghauri"            ghauri
+chk "tplmap"            tplmap
+
+section "XSS"
+chk "dalfox"            dalfox
+chk "kxss"              kxss
+
+section "SSRF / OOB"
+chk "interactsh-client" interactsh-client
+
+section "JWT"
+chk "jwt_tool"          jwt_tool
+chk_py "PyJWT"          jwt
+
+section "GraphQL"
+chk "graphql-cop"       graphql-cop
+chk "graphw00f"         graphw00f
+chk "InQL"              inql
+
+section "XXE"
+chk_dir "XXEinjector"   /opt/XXEinjector
+
+section "HTTP Smuggling"
+chk "smuggler"          smuggler
+
+section "Parameter Discovery"
+chk "arjun"             arjun
+chk "x8"                x8
+
+section "Request Tampering"
+chk "mitmproxy"         mitmproxy
+
+section "Web Crawling"
+chk "katana"            katana
+chk "hakrawler"         hakrawler
+chk "linkfinder"        linkfinder
+
+section "Source Code Analysis"
+chk "semgrep"           semgrep
+chk_py "jsbeautifier"   jsbeautifier
+
+section "Web Frameworks"
+chk "wpscan"            wpscan
+# Caido — proprietary commercial tool, not open source, skipped
+
+section "gRPC / WebSockets"
+chk "grpcurl"           grpcurl
+
+section "CORS"
+chk_dir "CORScanner"    /opt/CORScanner
+
+section "Protocol Tools"
+chk "testssl"           testssl
+
+section "Deserialization"
+chk_file "ysoserial"    /opt/ysoserial/ysoserial.jar
+chk "phpggc"            phpggc
+chk_py "blackboxprotobuf" blackboxprotobuf
+
+section "IaC / DevSecOps"
+chk "checkov"           checkov
+chk "syft"              syft
+chk "grype"             grype
+
+section "Secret Scanning"
+chk "gitleaks"          gitleaks
+chk "trufflehog"        trufflehog   # binary not Python module
+chk "git-dumper"        git-dumper
+
+phase_summary