npm - rtexit-method - Versions diffs - 0.1.24 → 0.1.26 - Mend

rtexit-method 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/packaged-assets/docker/verify/phase6-c2.sh CHANGED Viewed

@@ -11,7 +11,7 @@ chk "sliver-client"     sliver-client
 chk_dir "Empire"        /opt/Empire
 chk_dir "Villain"       /opt/Villain
 chk_dir "PoshC2"        /opt/PoshC2
-chk_dir "Havoc"         /opt/Havoc
+chk_opt "Havoc"         /opt/Havoc   # GUI-only C2, not suitable for headless container
 section "Tunneling & Pivoting"
 chk "chisel"            chisel
@@ -38,7 +38,7 @@ chk_py "pypykatz"       pypykatz
 section "Persistence / AD"
 chk_dir "DeathStar"     /opt/DeathStar
 chk_dir "DonPAPI"       /opt/DonPAPI
-chk_py "bloodyAD"       bloodyAD
+chk "bloodyAD"          bloodyAD
 section "Lateral Movement"
 chk "evil-winrm"        evil-winrm

package/packaged-assets/docker/verify/phase7-osint.sh CHANGED Viewed

@@ -14,7 +14,7 @@ chk_opt "GHunt"         ghunt
 section "Username / Social"
 chk_dir "CrossLinked"   /opt/CrossLinked
-chk_py "sherlock"       sherlock
+chk "sherlock"          sherlock
 section "Domain Intelligence"
 chk "shodan"            shodan
@@ -24,7 +24,7 @@ chk_py "ipinfo"         ipinfo
 section "GitHub / Code Recon"
 chk "gitleaks"          gitleaks
-chk_py "trufflehog"     trufflehog
+chk "trufflehog"        trufflehog
 chk "git-dumper"        git-dumper
 chk_py "PyGithub"       github
@@ -32,11 +32,11 @@ section "Passive Recon"
 chk "gau"               gau
 chk "waybackurls"       waybackurls
 chk_dir "recon-ng"      /opt/recon-ng
-chk_py "spiderfoot"     sflib
+chk "spiderfoot"        spiderfoot
 section "OSINT Frameworks"
 chk_dir "recon-ng"      /opt/recon-ng
-chk_py "spiderfoot"     sflib
+chk "spiderfoot"        spiderfoot
 section "Network Intelligence"
 chk "whois"             whois

package/packaged-assets/docker/verify/phase9-binary.sh CHANGED Viewed

@@ -7,7 +7,7 @@ phase_header "PHASE 9 — Binary Analysis & Reverse Engineering"
 section "Debuggers"
 chk "gdb"               gdb
 chk_dir "pwndbg"        /opt/pwndbg
-chk_dir "GEF"           /root/.gef
+chk_file "GEF"          /root/.gef-2026.01.py
 section "Disassemblers / Decompilers"
 chk "radare2"           radare2
@@ -54,8 +54,8 @@ chk_py "yara"           yara
 chk_dir "YARA-Rules"    /opt/yara-rules
 section "Malware Analysis"
-chk_py "volatility3"    volatility3
-chk_dir "volatility3"   /opt/volatility3
+chk_py "volatility3"    volatility3.framework
+chk_py "volatility3-dir" volatility3.framework
 chk "foremost"          foremost
 chk "bulk_extractor"    bulk_extractor

package/packaged-assets/scripts/rt-native-install.sh CHANGED Viewed

@@ -405,8 +405,14 @@ printf '#!/bin/bash\nexec java -jar /opt/uber-apk-signer/uber-apk-signer.jar "$@
 # Frida tools
 pip_install frida-tools objection apkleaks drozer
-# reFlutter, hermes, cross-platform
-pip_install reFlutter hermes-dec hbctool doldrums androguard "qrcode[pil]" Pillow lz4
+# reFlutter, hermes, cross-platform analysis
+# NOTE: doldrums has no PyPI package — skip
+pip_install reflutter androguard trufflehog3 hermes-dec hbctool "qrcode[pil]" Pillow lz4
+# qrcode CLI wrapper
+command -v qrcode >/dev/null 2>&1 || \
+  printf '#!/bin/bash\npython3 -m qrcode "$@"\n' > /usr/local/bin/qrcode && \
+  chmod +x /usr/local/bin/qrcode || true
 # apk-mitm
 npm_install apk-mitm js-beautify
@@ -428,12 +434,12 @@ echo "[+] Start: adb shell /data/local/tmp/frida-server &"
 FSCRIPT
 chmod +x /usr/local/bin/setup-frida-server
-# drozer agent
+# drozer agent APK (v2.3.4 — repo moved to ReversecLabs, last APK release)
 mkdir -p /opt/drozer
-curl -sSL "https://github.com/WithSecureLabs/drozer/releases/latest/download/drozer-agent.apk" \
+curl -sL "https://github.com/ReversecLabs/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk" \
   -o /opt/drozer/drozer-agent.apk 2>/dev/null || true
-# TheFatRat
+# TheFatRat — interactive tool, optional
 clone https://github.com/Screetsec/TheFatRat /opt/TheFatRat
 chmod +x /opt/TheFatRat/fatrat 2>/dev/null || true
@@ -471,8 +477,18 @@ go_install github.com/Binject/go-donut/cmd/godonuts@latest
 # ════════════════════════════════════════════════════════════
 section "Phase 7 — OSINT & Intelligence"
+# NOTE: spiderfoot not on PyPI — install from git below
+# NOTE: sherlock-project installs as binary 'sherlock' (not importable module)
 pip_install shodan censys h8mail holehe maigret socialscan \
-  spiderfoot ipinfo duckduckgo-search PyGithub
+  duckduckgo-search ipinfo PyGithub
+apt_install whois
+# spiderfoot from git (not on PyPI)
+clone https://github.com/smicallef/spiderfoot /opt/spiderfoot
+pip_install -r /opt/spiderfoot/requirements.txt
+printf '#!/bin/bash\npython3 /opt/spiderfoot/sf.py "$@"\n' > /usr/local/bin/spiderfoot
+chmod +x /usr/local/bin/spiderfoot
 clone https://github.com/lanmaster53/recon-ng /opt/recon-ng
 pip_install -r /opt/recon-ng/REQUIREMENTS
@@ -496,11 +512,17 @@ clone https://github.com/Mebus/cupp /opt/cupp
 ln -sf /opt/cupp/cupp.py /usr/local/bin/cupp
 chmod +x /opt/cupp/cupp.py
-pip_install pypykatz patator
+pip_install pypykatz
+# NOTE: patator must use --no-deps (cx-oracle build fails, not needed for core use)
+pip3 install --no-cache-dir --break-system-packages --no-deps patator 2>/dev/null || true
 # Crypto libraries
 pip_install pycryptodome hashpumpy cryptography sympy gmpy2 ecdsa
+# Extract rockyou.txt from SecLists (stored compressed)
+tar xzf /opt/SecLists/Passwords/Leaked-Databases/rockyou.txt.tar.gz \
+  -C /opt/SecLists/Passwords/Leaked-Databases/ 2>/dev/null || true
 # ════════════════════════════════════════════════════════════
 # PHASE 9 — Binary Analysis & RE
 # ════════════════════════════════════════════════════════════