rtexit-method 0.1.20 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/packaged-assets/docker/Dockerfile +15 -4
  3. package/packaged-assets/docker/verify/phase2-web.sh +4 -5
  4. package/packaged-assets/scripts/rt-native-install.sh +10 -3
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "rtexit-method",
3
- "version": "0.1.20",
3
+ "version": "0.1.21",
4
4
  "description": "RTExit - AI-assisted Red Team methodology installer",
5
5
  "license": "MIT",
6
6
  "author": "Exit Code",
package/packaged-assets/docker/Dockerfile CHANGED
@@ -1342,16 +1342,27 @@ RUN for bin in httprobe puredns subzy feroxbuster; do \
1342
1342
  # Phase 2 — Web Testing (Verified Fixes)
1343
1343
  # ─────────────────────────────────────────────
1344
1344
 
1345
- # semgrep — via apt (pip conflicts with system packaging)
1346
- RUN apt-get update && apt-get install -y --no-install-recommends python3-semgrep \
1347
- 2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
1345
+ # semgrep — pip3 ONLY (apt python3-semgrep does NOT create the 'semgrep' binary)
1346
+ RUN pip3 install --no-cache-dir --break-system-packages semgrep 2>/dev/null || true
1348
1347
 
1349
1348
  # checkov — IaC scanner (requires --ignore-installed due to packaging conflict)
1350
1349
  RUN pip3 install --no-cache-dir --break-system-packages --ignore-installed checkov \
1351
1350
  2>/dev/null || true
1352
1351
 
1353
1352
  # git-dumper — exposed .git directory dumper
1354
- RUN pip3 install --no-cache-dir --break-system-packages git-dumper 2>/dev/null || true
1353
+ RUN pip3 install --no-cache-dir --break-system-packages \
1354
+ git-dumper graphql-cop graphw00f inql 2>/dev/null || true
1355
+
1356
+ # graphql-cop wrapper (pip installs module only, binary needs wrapper)
1357
+ RUN printf '#!/bin/bash\npython3 -m graphql_cop "$@"\n' \
1358
+ > /usr/local/bin/graphql-cop && chmod +x /usr/local/bin/graphql-cop || true
1359
+
1360
+ # graphw00f wrapper
1361
+ RUN printf '#!/bin/bash\npython3 -m graphw00f "$@"\n' \
1362
+ > /usr/local/bin/graphw00f && chmod +x /usr/local/bin/graphw00f || true
1363
+
1364
+ # wpscan via gem (NOT apt — apt version is outdated/broken)
1365
+ RUN gem install wpscan 2>/dev/null || true
1355
1366
 
1356
1367
  # gitleaks — binary (not pip)
1357
1368
  RUN curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz" \
package/packaged-assets/docker/verify/phase2-web.sh CHANGED
@@ -22,9 +22,8 @@ chk_py "PyJWT" jwt
22
22
 
23
23
  section "GraphQL"
24
24
  chk "graphql-cop" graphql-cop
25
- chk_py "graphw00f" graphw00f
26
- chk_py "InQL" inql
27
- chk_dir "graphql-cop" /opt/graphql-cop
25
+ chk "graphw00f" graphw00f
26
+ chk "InQL" inql
28
27
 
29
28
  section "XXE"
30
29
  chk_dir "XXEinjector" /opt/XXEinjector
@@ -50,7 +49,7 @@ chk_py "jsbeautifier" jsbeautifier
50
49
 
51
50
  section "Web Frameworks"
52
51
  chk "wpscan" wpscan
53
- chk_dir "Caido" /opt/caido
52
+ # Caido — proprietary commercial tool, not open source, skipped
54
53
 
55
54
  section "gRPC / WebSockets"
56
55
  chk "grpcurl" grpcurl
@@ -73,7 +72,7 @@ chk "grype" grype
73
72
 
74
73
  section "Secret Scanning"
75
74
  chk "gitleaks" gitleaks
76
- chk_py "trufflehog" trufflehog
75
+ chk "trufflehog" trufflehog # binary not Python module
77
76
  chk "git-dumper" git-dumper
78
77
 
79
78
  phase_summary
package/packaged-assets/scripts/rt-native-install.sh CHANGED
@@ -191,10 +191,14 @@ section "Phase 2 — Web Application Testing"
191
191
 
192
192
  apt_install sqlmap
193
193
 
194
- # semgrep — MUST use apt (pip conflicts with system python packaging)
195
- apt_install python3-semgrep
194
+ # semgrep — pip3 ONLY (apt python3-semgrep does NOT create the semgrep binary)
195
+ pip_install semgrep
196
196
 
197
- pip_install mitmproxy arjun jsbeautifier graphql-cop inql
197
+ pip_install mitmproxy arjun jsbeautifier graphql-cop graphw00f inql
198
+
199
+ # graphql-cop wrapper (pip installs module only, binary needs wrapper)
200
+ printf '#!/bin/bash\npython3 -m graphql_cop "$@"\n' > /usr/local/bin/graphql-cop && chmod +x /usr/local/bin/graphql-cop
201
+ printf '#!/bin/bash\npython3 -m graphw00f "$@"\n' > /usr/local/bin/graphw00f && chmod +x /usr/local/bin/graphw00f
198
202
  pip_install PyJWT python-jose grpcio grpcio-tools websocket-client
199
203
  pip_install blackboxprotobuf padding-oracle-attacker
200
204
 
@@ -221,6 +225,9 @@ pip_install -r /opt/tplmap/requirements.txt
221
225
  ln -sf /opt/tplmap/tplmap.py /usr/local/bin/tplmap
222
226
  chmod +x /opt/tplmap/tplmap.py
223
227
 
228
+ # wpscan via gem (NOT apt — apt version is outdated/broken on new Kali)
229
+ gem_install wpscan
230
+
224
231
  # XXEinjector
225
232
  clone https://github.com/enjoiz/XXEinjector /opt/XXEinjector
226
233