feat(scan): repair recon pipeline + add scan/audit/external stages#16
Merged
Conversation
…tages Fill the empty scan/exploit phases: naabu portscan, gowitness screenshots, nuclei vuln scan (proxy-routed), subdomain takeover (subzy with nuclei fallback), and white-box audit-code (trufflehog/gitleaks/semgrep/osv-scanner) over the recovered code/ zone.
recon-alive/recon-fingerprint called httpx-toolkit (Kali name); Exegol ships it as httpx, which broke the whole pipeline at the alive-check step. Resolve the binary at runtime (httpx-toolkit||httpx) and fail loudly if absent. Wire portscan/screenshot into recon-full and make enrichment steps best-effort.
deploy.sh now copies scan-* and audit-* alongside recon-*; new engagement tree gets recon/screenshots and scans/code.
load_user_setup installs what the base image lacks (xnLinkFinder, waymore, sourcemapper, urlfinder, subzy, osv-scanner) onto PATH. Best-effort: go tools skip cleanly when the toolchain is too old, covered by script fallbacks.
Extend pre-commit + make lint to exegol/my-resources/bin and deploy.sh (these escaped linting, which let the httpx-toolkit regression through). README documents the scan/audit stages and the installer.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
Audit of the offensive environment against a real
nwodtuhs/exegolcontainer: the recon pipeline was broken and the scan/exploit/audit phases were empty.Bug fixes
recon-alive/recon-fingerprintcalledhttpx-toolkit(the Kali name), absent on Exegol where it ishttpx— this broke the whole pipeline at the alive-check step. Now resolved at runtime (httpx-toolkit||httpx).recon-extractwas a silent no-op. Now installed by the setup script.Install layer
load_user_setup.shrewritten as an idempotent installer (command -v || install), go forced onto/usr/local/bin, best-effort with fallbacks (xnLinkFinder, waymore, sourcemapper, urlfinder, subzy, osv-scanner).New offensive stages
recon-portscan(naabu, optional nmap),recon-screenshot(gowitness v3)scan-nuclei(routed through mitmproxy),scan-takeover(subzy with nuclei fallback)audit-code(trufflehog + gitleaks + semgrep + osv-scanner over thecode/zone)Hardening
exegol/my-resources/bin/*anddeploy.sh(they escaped linting, which let the httpx-toolkit regression slip through).Validation
Verified live in the container: all 5 scripts run end-to-end, audit-code emits its 4 JSON reports, recon-alive fixed.
make lintclean, 79 bats tests pass.