npm - rtexit-method - Versions diffs - 0.1.20 → 0.1.22 - Mend

rtexit-method 0.1.20 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/packaged-assets/docker/Dockerfile +21 -8
package/packaged-assets/docker/verify/phase2-web.sh +4 -5
package/packaged-assets/docker/verify/phase3-ad.sh +1 -2
package/packaged-assets/scripts/rt-native-install.sh +16 -5

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rtexit-method",
-  "version": "0.1.20",
+  "version": "0.1.22",
   "description": "RTExit - AI-assisted Red Team methodology installer",
   "license": "MIT",
   "author": "Exit Code",

package/packaged-assets/docker/Dockerfile CHANGED Viewed

@@ -893,8 +893,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     enum4linux \
     && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
-RUN pip3 install --no-cache-dir --break-system-packages \
-    enum4linux-ng 2>/dev/null || true
+# enum4linux-ng — NOT on pip, use python module wrapper
+RUN printf '#!/bin/bash\npython3 -m enum4linux_ng "$@"\n' \
+    > /usr/local/bin/enum4linux-ng && chmod +x /usr/local/bin/enum4linux-ng || true
 # Password Attacks — missing tools
 RUN pip3 install --no-cache-dir --break-system-packages \
@@ -1215,8 +1216,9 @@ RUN pip3 install --no-cache-dir --break-system-packages deathstar 2>/dev/null ||
 RUN pip3 install --no-cache-dir --break-system-packages ldeep 2>/dev/null || true
 # windapsearch — LDAP enumeration
-RUN go install github.com/ropnop/windapsearch@latest 2>/dev/null || \
-    git clone https://github.com/ropnop/windapsearch /opt/windapsearch 2>/dev/null || true
+# windapsearch — binary download (go install module path is broken for this repo)
+RUN curl -sL "https://github.com/ropnop/windapsearch/releases/download/v0.0.11/windapsearch-linux-amd64" \
+    -o /usr/local/bin/windapsearch 2>/dev/null && chmod +x /usr/local/bin/windapsearch || true
 # impacket suite — ensure all scripts are in PATH
 RUN pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true
@@ -1342,16 +1344,27 @@ RUN for bin in httprobe puredns subzy feroxbuster; do \
 # Phase 2 — Web Testing (Verified Fixes)
 # ─────────────────────────────────────────────
-# semgrep — via apt (pip conflicts with system packaging)
-RUN apt-get update && apt-get install -y --no-install-recommends python3-semgrep \
-    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
+# semgrep — pip3 ONLY (apt python3-semgrep does NOT create the 'semgrep' binary)
+RUN pip3 install --no-cache-dir --break-system-packages semgrep 2>/dev/null || true
 # checkov — IaC scanner (requires --ignore-installed due to packaging conflict)
 RUN pip3 install --no-cache-dir --break-system-packages --ignore-installed checkov \
     2>/dev/null || true
 # git-dumper — exposed .git directory dumper
-RUN pip3 install --no-cache-dir --break-system-packages git-dumper 2>/dev/null || true
+RUN pip3 install --no-cache-dir --break-system-packages \
+    git-dumper graphql-cop graphw00f inql 2>/dev/null || true
+# graphql-cop wrapper (pip installs module only, binary needs wrapper)
+RUN printf '#!/bin/bash\npython3 -m graphql_cop "$@"\n' \
+    > /usr/local/bin/graphql-cop && chmod +x /usr/local/bin/graphql-cop || true
+# graphw00f wrapper
+RUN printf '#!/bin/bash\npython3 -m graphw00f "$@"\n' \
+    > /usr/local/bin/graphw00f && chmod +x /usr/local/bin/graphw00f || true
+# wpscan via gem (NOT apt — apt version is outdated/broken)
+RUN gem install wpscan 2>/dev/null || true
 # gitleaks — binary (not pip)
 RUN curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz" \

package/packaged-assets/docker/verify/phase2-web.sh CHANGED Viewed

@@ -22,9 +22,8 @@ chk_py "PyJWT"          jwt
 section "GraphQL"
 chk "graphql-cop"       graphql-cop
-chk_py "graphw00f"      graphw00f
-chk_py "InQL"           inql
-chk_dir "graphql-cop"   /opt/graphql-cop
+chk "graphw00f"         graphw00f
+chk "InQL"              inql
 section "XXE"
 chk_dir "XXEinjector"   /opt/XXEinjector
@@ -50,7 +49,7 @@ chk_py "jsbeautifier"   jsbeautifier
 section "Web Frameworks"
 chk "wpscan"            wpscan
-chk_dir "Caido"         /opt/caido
+# Caido — proprietary commercial tool, not open source, skipped
 section "gRPC / WebSockets"
 chk "grpcurl"           grpcurl
@@ -73,7 +72,7 @@ chk "grype"             grype
 section "Secret Scanning"
 chk "gitleaks"          gitleaks
-chk_py "trufflehog"     trufflehog
+chk "trufflehog"        trufflehog   # binary not Python module
 chk "git-dumper"        git-dumper
 phase_summary

package/packaged-assets/docker/verify/phase3-ad.sh CHANGED Viewed

@@ -58,7 +58,7 @@ chk_dir "NoPac"               /opt/noPac
 section "Persistence"
 chk_dir "ADFSpoof (SAML)"     /opt/ADFSpoof
-chk_py "bloodyAD"             bloodyAD
+chk "bloodyAD"                bloodyAD
 chk_dir "pyGPOAbuse"          /opt/pyGPOAbuse
 section "Credential Hunting"
@@ -76,7 +76,6 @@ chk_dir "BloodHound.py"       /opt/BloodHound.py
 chk "bloodhound-python"       bloodhound-python
 section "Post-Auth Lateral"
-chk_py "DeathStar"            deathstar
 chk_dir "DeathStar"           /opt/DeathStar
 section "Exchange / SharePoint"

package/packaged-assets/scripts/rt-native-install.sh CHANGED Viewed

@@ -191,10 +191,14 @@ section "Phase 2 — Web Application Testing"
 apt_install sqlmap
-# semgrep — MUST use apt (pip conflicts with system python packaging)
-apt_install python3-semgrep
+# semgrep — pip3 ONLY (apt python3-semgrep does NOT create the semgrep binary)
+pip_install semgrep
-pip_install mitmproxy arjun jsbeautifier graphql-cop inql
+pip_install mitmproxy arjun jsbeautifier graphql-cop graphw00f inql
+# graphql-cop wrapper (pip installs module only, binary needs wrapper)
+printf '#!/bin/bash\npython3 -m graphql_cop "$@"\n' > /usr/local/bin/graphql-cop && chmod +x /usr/local/bin/graphql-cop
+printf '#!/bin/bash\npython3 -m graphw00f "$@"\n' > /usr/local/bin/graphw00f && chmod +x /usr/local/bin/graphw00f
 pip_install PyJWT python-jose grpcio grpcio-tools websocket-client
 pip_install blackboxprotobuf padding-oracle-attacker
@@ -221,6 +225,9 @@ pip_install -r /opt/tplmap/requirements.txt
 ln -sf /opt/tplmap/tplmap.py /usr/local/bin/tplmap
 chmod +x /opt/tplmap/tplmap.py
+# wpscan via gem (NOT apt — apt version is outdated/broken on new Kali)
+gem_install wpscan
 # XXEinjector
 clone https://github.com/enjoiz/XXEinjector /opt/XXEinjector
@@ -303,11 +310,15 @@ clone https://github.com/byt3bl33d3r/DeathStar /opt/DeathStar
 pip_install -r /opt/DeathStar/requirements.txt
 pip_install roadtools roadrecon
 go_install github.com/ropnop/kerbrute@latest
-go_install github.com/ropnop/windapsearch@latest
+# windapsearch — binary download (go install module path is broken)
+echo -e "  ${BLUE}[BIN]${NC} windapsearch"
+curl -sL "https://github.com/ropnop/windapsearch/releases/download/v0.0.11/windapsearch-linux-amd64" \
+  -o /usr/local/bin/windapsearch 2>/dev/null && chmod +x /usr/local/bin/windapsearch && OK=$((OK+1)) || FAIL=$((FAIL+1))
 # LDAP/SMB enum
 apt_install enum4linux nbtscan smbmap smbclient ldap-utils
-pip_install enum4linux-ng
+# enum4linux-ng — NOT on pip, use python module wrapper
+printf '#!/bin/bash\npython3 -m enum4linux_ng "$@"\n' > /usr/local/bin/enum4linux-ng && chmod +x /usr/local/bin/enum4linux-ng && OK=$((OK+1)) || FAIL=$((FAIL+1))
 # Responder, Coercer, Mitm6
 apt_install responder