Skip to content

feat(scan): repair recon pipeline + add scan/audit/external stages#16

Merged
Dxsk merged 7 commits into
mainfrom
feat/attack-pipeline
Jun 11, 2026
Merged

feat(scan): repair recon pipeline + add scan/audit/external stages#16
Dxsk merged 7 commits into
mainfrom
feat/attack-pipeline

Conversation

@Dxsk

@Dxsk Dxsk commented Jun 11, 2026

Copy link
Copy Markdown
Owner

Context

Audit of the offensive environment against a real nwodtuhs/exegol container: the recon pipeline was broken and the scan/exploit/audit phases were empty.

Bug fixes

  • httpx: recon-alive/recon-fingerprint called httpx-toolkit (the Kali name), absent on Exegol where it is httpx — this broke the whole pipeline at the alive-check step. Now resolved at runtime (httpx-toolkit||httpx).
  • JS toolchain: linkfinder/xnLinkFinder/secretfinder were absent and never installed, so recon-extract was a silent no-op. Now installed by the setup script.

Install layer

  • load_user_setup.sh rewritten as an idempotent installer (command -v || install), go forced onto /usr/local/bin, best-effort with fallbacks (xnLinkFinder, waymore, sourcemapper, urlfinder, subzy, osv-scanner).

New offensive stages

  • recon-portscan (naabu, optional nmap), recon-screenshot (gowitness v3)
  • scan-nuclei (routed through mitmproxy), scan-takeover (subzy with nuclei fallback)
  • audit-code (trufflehog + gitleaks + semgrep + osv-scanner over the code/ zone)

Hardening

  • shellcheck now covers exegol/my-resources/bin/* and deploy.sh (they escaped linting, which let the httpx-toolkit regression slip through).
  • deploy.sh copies scan-/audit-; engagement tree gains recon/screenshots and scans/code.

Validation

Verified live in the container: all 5 scripts run end-to-end, audit-code emits its 4 JSON reports, recon-alive fixed. make lint clean, 79 bats tests pass.

Dxsk added 7 commits June 12, 2026 00:29
…tages

Fill the empty scan/exploit phases: naabu portscan, gowitness screenshots,
nuclei vuln scan (proxy-routed), subdomain takeover (subzy with nuclei
fallback), and white-box audit-code (trufflehog/gitleaks/semgrep/osv-scanner)
over the recovered code/ zone.
recon-alive/recon-fingerprint called httpx-toolkit (Kali name); Exegol ships
it as httpx, which broke the whole pipeline at the alive-check step. Resolve
the binary at runtime (httpx-toolkit||httpx) and fail loudly if absent. Wire
portscan/screenshot into recon-full and make enrichment steps best-effort.
deploy.sh now copies scan-* and audit-* alongside recon-*; new engagement tree
gets recon/screenshots and scans/code.
load_user_setup installs what the base image lacks (xnLinkFinder, waymore,
sourcemapper, urlfinder, subzy, osv-scanner) onto PATH. Best-effort: go tools
skip cleanly when the toolchain is too old, covered by script fallbacks.
Extend pre-commit + make lint to exegol/my-resources/bin and deploy.sh (these
escaped linting, which let the httpx-toolkit regression through). README documents
the scan/audit stages and the installer.
@Dxsk Dxsk merged commit 06eaca8 into main Jun 11, 2026
3 checks passed
@Dxsk Dxsk deleted the feat/attack-pipeline branch June 11, 2026 22:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant