s3db.js 13.6.0 → 14.0.2

package/src/plugins/recon/managers/target-manager.js

@@ -0,0 +1,274 @@
+/**
+ * TargetManager
+ *
+ * Handles dynamic target management:
+ * - CRUD operations for targets
+ * - Target normalization
+ * - Resource persistence
+ */
+
+export class TargetManager {
+  constructor(plugin) {
+    this.plugin = plugin;
+  }
+
+  /**
+   * Add a new target to the monitoring list
+   */
+  async add(targetInput, options = {}) {
+    const normalized = this._normalizeTarget(targetInput);
+    const targetId = normalized.host;
+
+    // Check if target already exists
+    const existing = await this.get(targetInput);
+    if (existing) {
+      throw new Error(`Target "${targetId}" already exists. Use updateTarget() to modify it.`);
+    }
+
+    const targetRecord = {
+      id: targetId,
+      target: targetInput,
+      enabled: options.enabled !== false,
+      behavior: options.behavior || this.plugin.config.behavior,
+      features: options.features || {},
+      tools: options.tools || null,
+      schedule: options.schedule || null,
+      metadata: options.metadata || {},
+      lastScanAt: null,
+      lastScanStatus: null,
+      scanCount: 0,
+      addedBy: options.addedBy || 'manual',
+      tags: options.tags || [],
+      createdAt: new Date().toISOString(),
+      updatedAt: new Date().toISOString()
+    };
+
+    const targetsResource = await this._getResource();
+    await targetsResource.insert(targetRecord);
+
+    this.plugin.emit('recon:target-added', {
+      targetId,
+      target: targetInput,
+      enabled: targetRecord.enabled,
+      behavior: targetRecord.behavior
+    });
+
+    return targetRecord;
+  }
+
+  /**
+   * Remove a target from the monitoring list
+   */
+  async remove(targetInput) {
+    const normalized = this._normalizeTarget(targetInput);
+    const targetId = normalized.host;
+
+    const targetsResource = await this._getResource();
+    await targetsResource.delete(targetId);
+
+    this.plugin.emit('recon:target-removed', {
+      targetId,
+      target: targetInput
+    });
+
+    return { targetId, removed: true };
+  }
+
+  /**
+   * Update target configuration
+   */
+  async update(targetInput, updates) {
+    const normalized = this._normalizeTarget(targetInput);
+    const targetId = normalized.host;
+
+    const existing = await this.get(targetInput);
+    if (!existing) {
+      throw new Error(`Target "${targetId}" not found. Use addTarget() to create it.`);
+    }
+
+    const updatedRecord = {
+      ...existing,
+      ...updates,
+      updatedAt: new Date().toISOString()
+    };
+
+    const targetsResource = await this._getResource();
+    await targetsResource.update(targetId, updatedRecord);
+
+    this.plugin.emit('recon:target-updated', {
+      targetId,
+      updates
+    });
+
+    return updatedRecord;
+  }
+
+  /**
+   * List all configured targets
+   */
+  async list(options = {}) {
+    const includeDisabled = options.includeDisabled !== false;
+    const fromResource = options.fromResource !== false;
+    const limit = options.limit || 1000;
+
+    if (!fromResource) {
+      // Fallback to config targets (legacy mode)
+      return this._normalizeConfigTargets();
+    }
+
+    try {
+      const targetsResource = await this._getResource();
+      let targets = await targetsResource.list({ limit });
+
+      if (!includeDisabled) {
+        targets = targets.filter(t => t.enabled !== false);
+      }
+
+      return targets;
+    } catch (error) {
+      // Fallback to config targets if resource not available
+      return this._normalizeConfigTargets();
+    }
+  }
+
+  /**
+   * Get details of a specific target
+   */
+  async get(targetInput) {
+    const normalized = this._normalizeTarget(targetInput);
+    const targetId = normalized.host;
+
+    try {
+      const targetsResource = await this._getResource();
+      return await targetsResource.get(targetId);
+    } catch (error) {
+      // Check if it exists in config targets (legacy mode)
+      const configTargets = this._normalizeConfigTargets();
+      return configTargets.find(t => t.id === targetId) || null;
+    }
+  }
+
+  /**
+   * Increment scan count and update last scan metadata
+   */
+  async updateScanMetadata(targetId, report) {
+    try {
+      const target = await this.get(targetId);
+      if (!target) {
+        return;
+      }
+
+      await this.update(targetId, {
+        lastScanAt: report.endedAt,
+        lastScanStatus: report.status,
+        scanCount: (target.scanCount || 0) + 1
+      });
+    } catch (error) {
+      // Ignore errors (target might not be in resource)
+    }
+  }
+
+  // ========================================
+  // Private Helper Methods
+  // ========================================
+
+  async _getResource() {
+    // Get namespaced targets resource
+    const namespace = this.plugin.namespace || '';
+    const resourceName = namespace === ''
+      ? 'plg_recon_targets'
+      : `plg_recon_${namespace}_targets`;
+
+    return await this.plugin.database.getResource(resourceName);
+  }
+
+  _normalizeTarget(targetInput) {
+    if (!targetInput || typeof targetInput !== 'string') {
+      throw new Error('Target must be a non-empty string');
+    }
+
+    let url;
+    try {
+      url = new URL(targetInput.includes('://') ? targetInput : `https://${targetInput}`);
+    } catch (error) {
+      url = new URL(`https://${targetInput}`);
+    }
+
+    const protocol = url.protocol ? url.protocol.replace(':', '') : null;
+    const host = url.hostname || targetInput;
+    const port = url.port ? Number(url.port) : this._defaultPortForProtocol(protocol);
+
+    return {
+      original: targetInput,
+      host,
+      protocol,
+      port,
+      path: url.pathname === '/' ? null : url.pathname
+    };
+  }
+
+  _defaultPortForProtocol(protocol) {
+    switch (protocol) {
+      case 'http':
+        return 80;
+      case 'https':
+        return 443;
+      case 'ftp':
+        return 21;
+      case 'ssh':
+        return 22;
+      default:
+        return null;
+    }
+  }
+
+  _normalizeConfigTargets() {
+    const targets = this.plugin.config.targets || [];
+    return targets.map((entry, index) => {
+      if (typeof entry === 'string') {
+        const normalized = this._normalizeTarget(entry);
+        return {
+          id: normalized.host,
+          target: entry,
+          enabled: true,
+          behavior: this.plugin.config.behavior,
+          features: {},
+          tools: null,
+          schedule: null,
+          metadata: {},
+          lastScanAt: null,
+          lastScanStatus: null,
+          scanCount: 0,
+          addedBy: 'config',
+          tags: [],
+          createdAt: new Date().toISOString(),
+          updatedAt: new Date().toISOString()
+        };
+      }
+
+      if (entry && typeof entry === 'object') {
+        const target = entry.target || entry.host || entry.domain;
+        const normalized = this._normalizeTarget(target);
+        return {
+          id: normalized.host,
+          target,
+          enabled: entry.enabled !== false,
+          behavior: entry.behavior || this.plugin.config.behavior,
+          features: entry.features || {},
+          tools: entry.tools || null,
+          schedule: entry.schedule || null,
+          metadata: entry.metadata || {},
+          lastScanAt: null,
+          lastScanStatus: null,
+          scanCount: 0,
+          addedBy: 'config',
+          tags: entry.tags || [],
+          createdAt: new Date().toISOString(),
+          updatedAt: new Date().toISOString()
+        };
+      }
+
+      throw new Error(`Invalid target configuration at index ${index}`);
+    });
+  }
+}

package/src/plugins/recon/stages/asn-stage.js

@@ -0,0 +1,314 @@
+/**
+ * ASNStage
+ *
+ * ASN (Autonomous System Number) and Network Intelligence
+ *
+ * Discovers:
+ * - ASN ownership and organization
+ * - IP ranges (CIDR blocks)
+ * - Network provider information
+ * - BGP routing data
+ *
+ * Uses 100% free APIs:
+ * - iptoasn.com (unlimited, free)
+ * - hackertarget.com (100 queries/day free)
+ */
+
+export class ASNStage {
+  constructor(plugin) {
+    this.plugin = plugin;
+    this.commandRunner = plugin.commandRunner;
+    this.config = plugin.config;
+  }
+
+  /**
+   * Execute ASN lookup
+   * @param {Object} target - Target object with host property
+   * @param {Object} options - ASN options
+   * @returns {Promise<Object>} ASN results
+   */
+  async execute(target, options = {}) {
+    const result = {
+      status: 'ok',
+      host: target.host,
+      ipAddresses: [],
+      asns: [],
+      networks: [],
+      organizations: new Set(),
+      errors: {}
+    };
+
+    // Track individual tool results for artifact persistence
+    const individual = {
+      iptoasn: { status: 'ok', results: [] },
+      hackertarget: { status: 'ok', results: [] },
+      dig: { status: 'ok', ipv4: [], ipv6: [] }
+    };
+
+    // Step 1: Resolve host to IP addresses
+    const ipAddresses = await this.resolveHostToIPs(target.host, individual.dig);
+    result.ipAddresses = ipAddresses;
+
+    if (ipAddresses.length === 0) {
+      result.status = 'error';
+      result.errors.dns = 'Could not resolve host to IP addresses';
+      individual.dig.status = 'error';
+
+      return {
+        _individual: individual,
+        _aggregated: result,
+        ...result // Root level for compatibility
+      };
+    }
+
+    // Step 2: Lookup ASN for each IP
+    for (const ip of ipAddresses) {
+      try {
+        // Try iptoasn.com first (faster, unlimited)
+        let asnData = await this.lookupASNViaIPToASN(ip, options);
+
+        if (asnData) {
+          asnData._source = 'iptoasn';
+          individual.iptoasn.results.push({ ip, ...asnData });
+          result.asns.push(asnData);
+
+          if (asnData.network) {
+            result.networks.push(asnData.network);
+          }
+
+          if (asnData.organization) {
+            result.organizations.add(asnData.organization);
+          }
+        } else if (options.hackertarget !== false) {
+          // Fallback to hackertarget if iptoasn fails
+          asnData = await this.lookupASNViaHackerTarget(ip, options);
+
+          if (asnData) {
+            asnData._source = 'hackertarget';
+            individual.hackertarget.results.push({ ip, ...asnData });
+            result.asns.push(asnData);
+
+            if (asnData.network) {
+              result.networks.push(asnData.network);
+            }
+
+            if (asnData.organization) {
+              result.organizations.add(asnData.organization);
+            }
+          }
+        }
+
+      } catch (error) {
+        result.errors[ip] = error.message;
+      }
+    }
+
+    // Convert Set to Array for JSON serialization
+    result.organizations = Array.from(result.organizations);
+
+    // Deduplicate ASNs by ASN number
+    result.asns = this.deduplicateASNs(result.asns);
+
+    // Mark tools as unavailable if no results
+    if (individual.iptoasn.results.length === 0) {
+      individual.iptoasn.status = 'unavailable';
+    }
+    if (individual.hackertarget.results.length === 0 && options.hackertarget !== false) {
+      individual.hackertarget.status = 'unavailable';
+    }
+
+    return {
+      _individual: individual,
+      _aggregated: result,
+      ...result // Root level for compatibility
+    };
+  }
+
+  /**
+   * Resolve host to IP addresses using dig
+   */
+  async resolveHostToIPs(host, digResults = null) {
+    const ips = [];
+
+    // Resolve A records (IPv4)
+    const aRun = await this.commandRunner.run('dig', ['+short', 'A', host], { timeout: 5000 });
+    if (aRun.ok && aRun.stdout) {
+      const ipv4s = aRun.stdout
+        .split('\n')
+        .map(line => line.trim())
+        .filter(line => /^\d+\.\d+\.\d+\.\d+$/.test(line));
+      ips.push(...ipv4s);
+
+      if (digResults) {
+        digResults.ipv4 = ipv4s;
+        if (this.config?.storage?.persistRawOutput) {
+          digResults.raw_ipv4 = aRun.stdout;
+        }
+      }
+    }
+
+    // Resolve AAAA records (IPv6)
+    const aaaaRun = await this.commandRunner.run('dig', ['+short', 'AAAA', host], { timeout: 5000 });
+    if (aaaaRun.ok && aaaaRun.stdout) {
+      const ipv6s = aaaaRun.stdout
+        .split('\n')
+        .map(line => line.trim())
+        .filter(line => /^[0-9a-f:]+$/i.test(line) && line.includes(':'));
+      ips.push(...ipv6s);
+
+      if (digResults) {
+        digResults.ipv6 = ipv6s;
+        if (this.config?.storage?.persistRawOutput) {
+          digResults.raw_ipv6 = aaaaRun.stdout;
+        }
+      }
+    }
+
+    return [...new Set(ips)]; // Deduplicate
+  }
+
+  /**
+   * Lookup ASN via iptoasn.com (100% free, unlimited)
+   * API: https://iptoasn.com/
+   */
+  async lookupASNViaIPToASN(ip, options = {}) {
+    try {
+      const url = `https://api.iptoasn.com/v1/as/ip/${encodeURIComponent(ip)}`;
+
+      const response = await fetch(url, {
+        headers: {
+          'User-Agent': this.config.curl?.userAgent || 'ReconPlugin/1.0'
+        },
+        signal: AbortSignal.timeout ? AbortSignal.timeout(10000) : undefined
+      });
+
+      if (!response.ok) {
+        return null;
+      }
+
+      const data = await response.json();
+
+      // iptoasn.com response format:
+      // {
+      //   "announced": true,
+      //   "as_number": 15169,
+      //   "as_country_code": "US",
+      //   "as_description": "GOOGLE",
+      //   "first_ip": "8.8.8.0",
+      //   "last_ip": "8.8.8.255",
+      //   "as_name": "GOOGLE"
+      // }
+
+      if (!data.announced || !data.as_number) {
+        return null;
+      }
+
+      return {
+        ip,
+        asn: `AS${data.as_number}`,
+        asnNumber: data.as_number,
+        organization: data.as_description || data.as_name,
+        country: data.as_country_code,
+        network: data.first_ip && data.last_ip
+          ? `${data.first_ip} - ${data.last_ip}`
+          : null,
+        source: 'iptoasn.com'
+      };
+
+    } catch (error) {
+      return null;
+    }
+  }
+
+  /**
+   * Lookup ASN via hackertarget.com (100 queries/day free)
+   * API: https://api.hackertarget.com/aslookup/
+   */
+  async lookupASNViaHackerTarget(ip, options = {}) {
+    try {
+      const url = `https://api.hackertarget.com/aslookup/?q=${encodeURIComponent(ip)}`;
+
+      const response = await fetch(url, {
+        headers: {
+          'User-Agent': this.config.curl?.userAgent || 'ReconPlugin/1.0'
+        },
+        signal: AbortSignal.timeout ? AbortSignal.timeout(10000) : undefined
+      });
+
+      if (!response.ok) {
+        return null;
+      }
+
+      const text = await response.text();
+
+      // hackertarget response format (plain text):
+      // "15169","8.8.8.0/24","US","arin","GOOGLE"
+
+      if (text.includes('error') || !text.includes(',')) {
+        return null;
+      }
+
+      // Parse CSV format
+      const parts = text.split(',').map(p => p.replace(/"/g, '').trim());
+
+      if (parts.length < 3) {
+        return null;
+      }
+
+      const asnNumber = parseInt(parts[0]);
+      const network = parts[1] || null;
+      const country = parts[2] || null;
+      const organization = parts[4] || parts[3] || null;
+
+      return {
+        ip,
+        asn: `AS${asnNumber}`,
+        asnNumber,
+        organization,
+        country,
+        network,
+        source: 'hackertarget.com'
+      };
+
+    } catch (error) {
+      return null;
+    }
+  }
+
+  /**
+   * Deduplicate ASNs by ASN number
+   */
+  deduplicateASNs(asns) {
+    const seen = new Map();
+
+    for (const asn of asns) {
+      const key = asn.asnNumber;
+
+      if (!seen.has(key)) {
+        seen.set(key, asn);
+      } else {
+        // Merge data from multiple sources
+        const existing = seen.get(key);
+
+        // Prefer more detailed data
+        if (asn.network && !existing.network) {
+          existing.network = asn.network;
+        }
+
+        if (asn.organization && !existing.organization) {
+          existing.organization = asn.organization;
+        }
+
+        // Track multiple sources
+        if (!existing.sources) {
+          existing.sources = [existing.source];
+        }
+        if (!existing.sources.includes(asn.source)) {
+          existing.sources.push(asn.source);
+        }
+      }
+    }
+
+    return Array.from(seen.values());
+  }
+}

package/src/plugins/recon/stages/certificate-stage.js

@@ -0,0 +1,84 @@
+/**
+ * CertificateStage
+ *
+ * TLS certificate inspection:
+ * - Subject and issuer details
+ * - Validity period
+ * - Fingerprint
+ * - Subject Alternative Names (SANs)
+ */
+
+import tls from 'tls';
+
+export class CertificateStage {
+  constructor(plugin) {
+    this.plugin = plugin;
+  }
+
+  async execute(target) {
+    const shouldCheckTls =
+      target.protocol === 'https' ||
+      (!target.protocol && (target.port === 443 || target.host.includes(':') === false));
+
+    if (!shouldCheckTls) {
+      return {
+        status: 'skipped',
+        message: 'TLS inspection skipped for non-HTTPS target'
+      };
+    }
+
+    const port = target.port || 443;
+
+    return new Promise((resolve) => {
+      const socket = tls.connect(
+        {
+          host: target.host,
+          port,
+          servername: target.host,
+          rejectUnauthorized: false,
+          timeout: 5000
+        },
+        () => {
+          const certificate = socket.getPeerCertificate(true);
+          socket.end();
+
+          if (!certificate || Object.keys(certificate).length === 0) {
+            resolve({
+              status: 'error',
+              message: 'No certificate information available'
+            });
+            return;
+          }
+
+          resolve({
+            status: 'ok',
+            subject: certificate.subject,
+            issuer: certificate.issuer,
+            validFrom: certificate.valid_from,
+            validTo: certificate.valid_to,
+            fingerprint: certificate.fingerprint256 || certificate.fingerprint,
+            subjectAltName: certificate.subjectaltname
+              ? certificate.subjectaltname.split(',').map((entry) => entry.trim())
+              : [],
+            raw: certificate
+          });
+        }
+      );
+
+      socket.on('error', (error) => {
+        resolve({
+          status: 'error',
+          message: error?.message || 'Unable to retrieve certificate'
+        });
+      });
+
+      socket.setTimeout(6000, () => {
+        socket.destroy();
+        resolve({
+          status: 'timeout',
+          message: 'TLS handshake timed out'
+        });
+      });
+    });
+  }
+}