s3db.js 13.6.0 → 14.0.2

package/src/plugins/recon/concerns/fingerprint-builder.js

@@ -0,0 +1,307 @@
+/**
+ * FingerprintBuilder
+ *
+ * Aggregates data from multiple stage results to build a consolidated fingerprint:
+ * - DNS records (IPs, nameservers, mail servers)
+ * - Open ports and services
+ * - Subdomains
+ * - Technology stack
+ * - TLS/SSL configuration
+ * - HTTP headers and server info
+ */
+
+export class FingerprintBuilder {
+  /**
+   * Build consolidated fingerprint from stage results
+   */
+  static build(stageResults) {
+    const fingerprint = {
+      infrastructure: this._buildInfrastructure(stageResults),
+      attackSurface: this._buildAttackSurface(stageResults),
+      technologies: this._buildTechnologies(stageResults),
+      security: this._buildSecurity(stageResults)
+    };
+
+    return fingerprint;
+  }
+
+  /**
+   * Extract infrastructure data (DNS, IPs, certificates)
+   */
+  static _buildInfrastructure(stageResults) {
+    const infrastructure = {};
+
+    // DNS data
+    if (stageResults.dns?.status === 'ok') {
+      infrastructure.ips = {
+        ipv4: stageResults.dns.records.A || [],
+        ipv6: stageResults.dns.records.AAAA || []
+      };
+      infrastructure.nameservers = stageResults.dns.records.NS || [];
+      infrastructure.mailServers = stageResults.dns.records.MX || [];
+      infrastructure.txtRecords = stageResults.dns.records.TXT || [];
+    }
+
+    // Certificate data
+    if (stageResults.certificate?.status === 'ok') {
+      infrastructure.certificate = {
+        issuer: stageResults.certificate.issuer,
+        subject: stageResults.certificate.subject,
+        validFrom: stageResults.certificate.validFrom,
+        validTo: stageResults.certificate.validTo,
+        fingerprint: stageResults.certificate.fingerprint,
+        sans: stageResults.certificate.subjectAltName || []
+      };
+    }
+
+    // Latency/connectivity
+    if (stageResults.latency?.status === 'ok') {
+      infrastructure.latency = {
+        ping: stageResults.latency.ping,
+        traceroute: stageResults.latency.traceroute
+      };
+    }
+
+    return infrastructure;
+  }
+
+  /**
+   * Extract attack surface data (ports, subdomains, paths)
+   */
+  static _buildAttackSurface(stageResults) {
+    const attackSurface = {};
+
+    // Open ports
+    if (stageResults.ports?.status === 'ok') {
+      attackSurface.openPorts = stageResults.ports.openPorts || [];
+      attackSurface.portScanners = Object.keys(stageResults.ports.scanners || {});
+    }
+
+    // Subdomains
+    if (stageResults.subdomains?.status === 'ok') {
+      attackSurface.subdomains = {
+        total: stageResults.subdomains.total || 0,
+        list: stageResults.subdomains.list || [],
+        sources: Object.keys(stageResults.subdomains.sources || {})
+      };
+    }
+
+    // Web discovery (paths/endpoints)
+    if (stageResults.webDiscovery?.status === 'ok') {
+      const paths = new Set();
+      Object.values(stageResults.webDiscovery.tools || {}).forEach(tool => {
+        if (tool.status === 'ok' && tool.paths) {
+          tool.paths.forEach(path => paths.add(path));
+        }
+      });
+      attackSurface.discoveredPaths = {
+        total: paths.size,
+        list: Array.from(paths).sort()
+      };
+    }
+
+    return attackSurface;
+  }
+
+  /**
+   * Extract technology stack data (fingerprinting)
+   */
+  static _buildTechnologies(stageResults) {
+    const technologies = {};
+
+    // HTTP headers
+    if (stageResults.http?.status === 'ok') {
+      technologies.server = stageResults.http.headers?.server;
+      technologies.poweredBy = stageResults.http.headers?.['x-powered-by'];
+      technologies.httpHeaders = stageResults.http.headers;
+    }
+
+    // Technology fingerprinting
+    if (stageResults.fingerprint?.status === 'ok') {
+      technologies.detected = stageResults.fingerprint.technologies || [];
+      technologies.cms = stageResults.fingerprint.cms;
+      technologies.frameworks = stageResults.fingerprint.frameworks || [];
+    }
+
+    // OSINT data
+    if (stageResults.osint?.status === 'ok') {
+      const osintData = {};
+      Object.entries(stageResults.osint.tools || {}).forEach(([tool, result]) => {
+        if (result.status === 'ok') {
+          osintData[tool] = result;
+        }
+      });
+      if (Object.keys(osintData).length > 0) {
+        technologies.osint = osintData;
+      }
+    }
+
+    return technologies;
+  }
+
+  /**
+   * Extract security data (TLS audit, vulnerabilities)
+   */
+  static _buildSecurity(stageResults) {
+    const security = {};
+
+    // TLS audit
+    if (stageResults.tlsAudit?.status === 'ok') {
+      const tlsData = {};
+      Object.entries(stageResults.tlsAudit.tools || {}).forEach(([tool, result]) => {
+        if (result.status === 'ok') {
+          tlsData[tool] = result;
+        }
+      });
+      if (Object.keys(tlsData).length > 0) {
+        security.tls = tlsData;
+      }
+    }
+
+    // Vulnerabilities
+    if (stageResults.vulnerability?.status === 'ok') {
+      const vulns = {};
+      Object.entries(stageResults.vulnerability.tools || {}).forEach(([tool, result]) => {
+        if (result.status === 'ok') {
+          vulns[tool] = result;
+        }
+      });
+      if (Object.keys(vulns).length > 0) {
+        security.vulnerabilities = vulns;
+      }
+    }
+
+    // Security headers from HTTP
+    if (stageResults.http?.status === 'ok') {
+      const headers = stageResults.http.headers || {};
+      security.headers = {
+        hsts: headers['strict-transport-security'],
+        csp: headers['content-security-policy'],
+        xFrameOptions: headers['x-frame-options'],
+        xContentTypeOptions: headers['x-content-type-options'],
+        xXssProtection: headers['x-xss-protection'],
+        referrerPolicy: headers['referrer-policy']
+      };
+    }
+
+    return security;
+  }
+
+  /**
+   * Calculate fingerprint summary statistics
+   */
+  static buildSummary(fingerprint) {
+    return {
+      totalIPs: (fingerprint.infrastructure?.ips?.ipv4?.length || 0) +
+                (fingerprint.infrastructure?.ips?.ipv6?.length || 0),
+      totalPorts: fingerprint.attackSurface?.openPorts?.length || 0,
+      totalSubdomains: fingerprint.attackSurface?.subdomains?.total || 0,
+      totalPaths: fingerprint.attackSurface?.discoveredPaths?.total || 0,
+      hasCertificate: !!fingerprint.infrastructure?.certificate,
+      hasTLSAudit: !!fingerprint.security?.tls,
+      hasVulnerabilities: !!fingerprint.security?.vulnerabilities,
+      detectedTechnologies: fingerprint.technologies?.detected?.length || 0
+    };
+  }
+
+  /**
+   * Compare two fingerprints and return diff
+   */
+  static diff(oldFingerprint, newFingerprint) {
+    const changes = {
+      infrastructure: this._diffInfrastructure(oldFingerprint.infrastructure, newFingerprint.infrastructure),
+      attackSurface: this._diffAttackSurface(oldFingerprint.attackSurface, newFingerprint.attackSurface),
+      technologies: this._diffTechnologies(oldFingerprint.technologies, newFingerprint.technologies),
+      security: this._diffSecurity(oldFingerprint.security, newFingerprint.security)
+    };
+
+    return changes;
+  }
+
+  static _diffInfrastructure(oldInfra, newInfra) {
+    const diff = {};
+
+    // Compare IPs
+    const oldIPv4 = new Set(oldInfra?.ips?.ipv4 || []);
+    const newIPv4 = new Set(newInfra?.ips?.ipv4 || []);
+    const addedIPv4 = [...newIPv4].filter(ip => !oldIPv4.has(ip));
+    const removedIPv4 = [...oldIPv4].filter(ip => !newIPv4.has(ip));
+    if (addedIPv4.length > 0 || removedIPv4.length > 0) {
+      diff.ipv4 = { added: addedIPv4, removed: removedIPv4 };
+    }
+
+    // Certificate changes
+    if (oldInfra?.certificate?.fingerprint !== newInfra?.certificate?.fingerprint) {
+      diff.certificateChanged = true;
+    }
+
+    return Object.keys(diff).length > 0 ? diff : null;
+  }
+
+  static _diffAttackSurface(oldSurface, newSurface) {
+    const diff = {};
+
+    // Compare ports
+    const oldPorts = new Set((oldSurface?.openPorts || []).map(p => p.port));
+    const newPorts = new Set((newSurface?.openPorts || []).map(p => p.port));
+    const addedPorts = [...newPorts].filter(p => !oldPorts.has(p));
+    const removedPorts = [...oldPorts].filter(p => !newPorts.has(p));
+    if (addedPorts.length > 0 || removedPorts.length > 0) {
+      diff.ports = { added: addedPorts, removed: removedPorts };
+    }
+
+    // Compare subdomains
+    const oldSubs = new Set(oldSurface?.subdomains?.list || []);
+    const newSubs = new Set(newSurface?.subdomains?.list || []);
+    const addedSubs = [...newSubs].filter(s => !oldSubs.has(s));
+    const removedSubs = [...oldSubs].filter(s => !newSubs.has(s));
+    if (addedSubs.length > 0 || removedSubs.length > 0) {
+      diff.subdomains = { added: addedSubs, removed: removedSubs };
+    }
+
+    // Compare paths
+    const oldPaths = new Set(oldSurface?.discoveredPaths?.list || []);
+    const newPaths = new Set(newSurface?.discoveredPaths?.list || []);
+    const addedPaths = [...newPaths].filter(p => !oldPaths.has(p));
+    const removedPaths = [...oldPaths].filter(p => !newPaths.has(p));
+    if (addedPaths.length > 0 || removedPaths.length > 0) {
+      diff.paths = { added: addedPaths, removed: removedPaths };
+    }
+
+    return Object.keys(diff).length > 0 ? diff : null;
+  }
+
+  static _diffTechnologies(oldTech, newTech) {
+    const diff = {};
+
+    const oldDetected = new Set(oldTech?.detected || []);
+    const newDetected = new Set(newTech?.detected || []);
+    const addedTech = [...newDetected].filter(t => !oldDetected.has(t));
+    const removedTech = [...oldDetected].filter(t => !newDetected.has(t));
+    if (addedTech.length > 0 || removedTech.length > 0) {
+      diff.detected = { added: addedTech, removed: removedTech };
+    }
+
+    return Object.keys(diff).length > 0 ? diff : null;
+  }
+
+  static _diffSecurity(oldSec, newSec) {
+    const diff = {};
+
+    // TLS changes
+    const oldTLS = Object.keys(oldSec?.tls || {});
+    const newTLS = Object.keys(newSec?.tls || {});
+    if (JSON.stringify(oldTLS.sort()) !== JSON.stringify(newTLS.sort())) {
+      diff.tlsChanged = true;
+    }
+
+    // Vulnerability changes
+    const oldVulns = Object.keys(oldSec?.vulnerabilities || {});
+    const newVulns = Object.keys(newSec?.vulnerabilities || {});
+    if (JSON.stringify(oldVulns.sort()) !== JSON.stringify(newVulns.sort())) {
+      diff.vulnerabilitiesChanged = true;
+    }
+
+    return Object.keys(diff).length > 0 ? diff : null;
+  }
+}

package/src/plugins/recon/concerns/process-manager.js

@@ -0,0 +1,338 @@
+/**
+ * ProcessManager
+ *
+ * Manages child processes and cleanup for ReconPlugin.
+ * Ensures all spawned processes (Chrome/Puppeteer, external tools) are properly terminated
+ * when the parent process exits or when operations complete.
+ *
+ * Key Features:
+ * - Tracks all spawned child processes
+ * - Automatic cleanup on process exit (SIGINT, SIGTERM, uncaughtException)
+ * - Force kill orphaned processes
+ * - Cleanup temporary directories (Puppeteer profiles, etc.)
+ * - Prevents zombie processes
+ *
+ * Usage:
+ * const processManager = new ProcessManager();
+ * processManager.track(childProcess);
+ * processManager.cleanup(); // Manual cleanup
+ */
+
+import { spawn, exec } from 'child_process';
+import { promisify } from 'util';
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+
+const execAsync = promisify(exec);
+
+export class ProcessManager {
+  constructor() {
+    this.processes = new Set();
+    this.tempDirs = new Set();
+    this.cleanupHandlersRegistered = false;
+    this._setupCleanupHandlers();
+  }
+
+  /**
+   * Track a child process for automatic cleanup
+   * @param {ChildProcess} process - Child process to track
+   * @param {Object} options - Tracking options
+   * @param {string} options.name - Process name for logging
+   * @param {string} options.tempDir - Temporary directory to cleanup
+   */
+  track(process, options = {}) {
+    if (!process || !process.pid) {
+      return;
+    }
+
+    this.processes.add({
+      process,
+      pid: process.pid,
+      name: options.name || 'unknown',
+      startTime: Date.now()
+    });
+
+    if (options.tempDir) {
+      this.tempDirs.add(options.tempDir);
+    }
+
+    // Auto-remove when process exits
+    process.on('exit', () => {
+      this._removeProcess(process.pid);
+    });
+
+    // Handle errors
+    process.on('error', (error) => {
+      console.error(`[ProcessManager] Process ${options.name || process.pid} error:`, error.message);
+      this._removeProcess(process.pid);
+    });
+  }
+
+  /**
+   * Track a temporary directory for cleanup
+   * @param {string} dirPath - Directory path
+   */
+  trackTempDir(dirPath) {
+    this.tempDirs.add(dirPath);
+  }
+
+  /**
+   * Remove process from tracking
+   * @private
+   */
+  _removeProcess(pid) {
+    for (const tracked of this.processes) {
+      if (tracked.pid === pid) {
+        this.processes.delete(tracked);
+        break;
+      }
+    }
+  }
+
+  /**
+   * Setup cleanup handlers for process exit
+   * @private
+   */
+  _setupCleanupHandlers() {
+    if (this.cleanupHandlersRegistered) {
+      return;
+    }
+
+    const cleanup = async (signal) => {
+      console.log(`\n[ProcessManager] Received ${signal}, cleaning up...`);
+      await this.cleanup();
+      process.exit(0);
+    };
+
+    // Handle various exit signals
+    process.on('SIGINT', () => cleanup('SIGINT'));
+    process.on('SIGTERM', () => cleanup('SIGTERM'));
+    process.on('SIGHUP', () => cleanup('SIGHUP'));
+
+    // Handle uncaught exceptions
+    process.on('uncaughtException', async (error) => {
+      console.error('[ProcessManager] Uncaught exception:', error);
+      await this.cleanup();
+      process.exit(1);
+    });
+
+    // Handle unhandled promise rejections
+    process.on('unhandledRejection', async (reason, promise) => {
+      console.error('[ProcessManager] Unhandled rejection:', reason);
+      await this.cleanup();
+      process.exit(1);
+    });
+
+    // Handle process exit
+    process.on('beforeExit', async () => {
+      await this.cleanup();
+    });
+
+    this.cleanupHandlersRegistered = true;
+  }
+
+  /**
+   * Cleanup all tracked processes and temporary directories
+   * @param {Object} options - Cleanup options
+   * @param {boolean} options.force - Force kill processes (SIGKILL)
+   * @param {boolean} options.silent - Suppress logging
+   */
+  async cleanup(options = {}) {
+    const { force = false, silent = false } = options;
+
+    if (!silent && this.processes.size > 0) {
+      console.log(`[ProcessManager] Cleaning up ${this.processes.size} tracked process(es)...`);
+    }
+
+    // Kill all tracked processes
+    const killPromises = [];
+    for (const tracked of this.processes) {
+      killPromises.push(this._killProcess(tracked, force, silent));
+    }
+    await Promise.allSettled(killPromises);
+
+    // Cleanup temporary directories
+    if (this.tempDirs.size > 0 && !silent) {
+      console.log(`[ProcessManager] Cleaning up ${this.tempDirs.size} temporary directory(ies)...`);
+    }
+
+    const cleanupPromises = [];
+    for (const dir of this.tempDirs) {
+      cleanupPromises.push(this._cleanupTempDir(dir, silent));
+    }
+    await Promise.allSettled(cleanupPromises);
+
+    // Cleanup orphaned Puppeteer processes
+    await this._cleanupOrphanedPuppeteer(silent);
+
+    this.processes.clear();
+    this.tempDirs.clear();
+
+    if (!silent) {
+      console.log('[ProcessManager] Cleanup complete');
+    }
+  }
+
+  /**
+   * Kill a tracked process
+   * @private
+   */
+  async _killProcess(tracked, force, silent) {
+    const { process, pid, name } = tracked;
+
+    if (!this._isProcessRunning(pid)) {
+      this._removeProcess(pid);
+      return;
+    }
+
+    const signal = force ? 'SIGKILL' : 'SIGTERM';
+
+    if (!silent) {
+      console.log(`[ProcessManager] Killing ${name} (PID: ${pid}) with ${signal}...`);
+    }
+
+    try {
+      process.kill(signal);
+
+      // Wait up to 5 seconds for graceful termination
+      if (!force) {
+        await this._waitForProcessExit(pid, 5000);
+
+        // If still running, force kill
+        if (this._isProcessRunning(pid)) {
+          if (!silent) {
+            console.log(`[ProcessManager] Force killing ${name} (PID: ${pid})...`);
+          }
+          process.kill('SIGKILL');
+        }
+      }
+    } catch (error) {
+      if (error.code !== 'ESRCH') { // Ignore "process not found" errors
+        console.error(`[ProcessManager] Error killing ${name} (PID: ${pid}):`, error.message);
+      }
+    }
+
+    this._removeProcess(pid);
+  }
+
+  /**
+   * Check if process is running
+   * @private
+   */
+  _isProcessRunning(pid) {
+    try {
+      process.kill(pid, 0); // Signal 0 checks existence without killing
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+
+  /**
+   * Wait for process to exit
+   * @private
+   */
+  async _waitForProcessExit(pid, timeout = 5000) {
+    const startTime = Date.now();
+    while (this._isProcessRunning(pid) && (Date.now() - startTime) < timeout) {
+      await new Promise(resolve => setTimeout(resolve, 100));
+    }
+  }
+
+  /**
+   * Cleanup temporary directory
+   * @private
+   */
+  async _cleanupTempDir(dir, silent) {
+    try {
+      const exists = await fs.access(dir).then(() => true).catch(() => false);
+      if (exists) {
+        await fs.rm(dir, { recursive: true, force: true });
+        if (!silent) {
+          console.log(`[ProcessManager] Removed temp directory: ${dir}`);
+        }
+      }
+    } catch (error) {
+      console.error(`[ProcessManager] Error cleaning up ${dir}:`, error.message);
+    }
+  }
+
+  /**
+   * Cleanup orphaned Puppeteer processes and temp directories
+   * @private
+   */
+  async _cleanupOrphanedPuppeteer(silent) {
+    try {
+      // Kill orphaned Chrome/Puppeteer processes
+      const { stdout } = await execAsync('pgrep -f "chrome.*puppeteer" || true');
+      if (stdout.trim()) {
+        const pids = stdout.trim().split('\n').filter(Boolean);
+        if (!silent && pids.length > 0) {
+          console.log(`[ProcessManager] Found ${pids.length} orphaned Puppeteer process(es), killing...`);
+        }
+        for (const pid of pids) {
+          try {
+            process.kill(parseInt(pid), 'SIGKILL');
+          } catch (error) {
+            // Ignore errors (process may have already exited)
+          }
+        }
+      }
+
+      // Cleanup orphaned Puppeteer temp directories
+      const tmpDir = os.tmpdir();
+      const puppeteerPattern = /^puppeteer_dev_profile-/;
+
+      const entries = await fs.readdir(tmpDir, { withFileTypes: true });
+      const puppeteerDirs = entries
+        .filter(entry => entry.isDirectory() && puppeteerPattern.test(entry.name))
+        .map(entry => path.join(tmpDir, entry.name));
+
+      if (puppeteerDirs.length > 0 && !silent) {
+        console.log(`[ProcessManager] Cleaning up ${puppeteerDirs.length} orphaned Puppeteer temp dir(s)...`);
+      }
+
+      for (const dir of puppeteerDirs) {
+        try {
+          await fs.rm(dir, { recursive: true, force: true });
+        } catch (error) {
+          // Ignore errors (may be in use or already deleted)
+        }
+      }
+    } catch (error) {
+      // Silently ignore errors in orphan cleanup
+      if (!silent) {
+        console.error('[ProcessManager] Error during orphan cleanup:', error.message);
+      }
+    }
+  }
+
+  /**
+   * Get count of tracked processes
+   */
+  getProcessCount() {
+    return this.processes.size;
+  }
+
+  /**
+   * Get list of tracked processes
+   */
+  getProcesses() {
+    return Array.from(this.processes).map(({ pid, name, startTime }) => ({
+      pid,
+      name,
+      uptime: Date.now() - startTime
+    }));
+  }
+
+  /**
+   * Force cleanup all processes immediately
+   */
+  async forceCleanup() {
+    await this.cleanup({ force: true, silent: false });
+  }
+}
+
+// Export singleton instance
+export const processManager = new ProcessManager();