Open-source release for Alpha version

2025-08-08 20:36:44 -07:00
commit 81ac98e8b9
105 changed files with 22125 additions and 0 deletions
--- a/containers/Dockerfile
+++ b/containers/Dockerfile
@@ -0,0 +1,190 @@
+FROM kalilinux/kali-rolling:latest
+
+LABEL description="AI Agent Penetration Testing Environment with Comprehensive Automated Tools"
+
+RUN apt-get update && \
+    apt-get install -y kali-archive-keyring sudo && \
+    apt-get update && \
+    apt-get upgrade -y
+
+RUN useradd -m -s /bin/bash pentester && \
+    usermod -aG sudo pentester && \
+    echo "pentester ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+RUN mkdir -p /home/pentester/configs \
+             /home/pentester/wordlists \
+             /home/pentester/output \
+             /home/pentester/scripts \
+             /home/pentester/tools \
+             /app/runtime \
+             /app/tools \
+             /app/certs && \
+    chown -R pentester:pentester /app/certs /home/pentester/tools
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    wget curl git vim nano unzip tar \
+    apt-transport-https ca-certificates gnupg lsb-release \
+    build-essential software-properties-common \
+    gcc libc6-dev pkg-config libpcap-dev libssl-dev \
+    python3 python3-pip python3-dev python3-venv python3-setuptools \
+    golang-go \
+    net-tools dnsutils whois \
+    jq parallel ripgrep grep \
+    less man-db procps htop \
+    iproute2 iputils-ping netcat-traditional \
+    nmap ncat ndiff \
+    sqlmap nuclei subfinder naabu ffuf \
+    nodejs npm pipx \
+    libcap2-bin \
+    gdb \
+    libnss3 libnspr4 libdbus-1-3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-0 \
+    libxcomposite1 libxdamage1 libxfixes3 libxrandr2 libgbm1 libxkbcommon0 libpango-1.0-0 libcairo2 libasound2 \
+    fonts-unifont fonts-noto-color-emoji fonts-freefont-ttf fonts-dejavu-core ttf-bitstream-vera \
+    libnss3-tools
+
+RUN setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)
+
+USER pentester
+RUN openssl ecparam -name prime256v1 -genkey -noout -out /app/certs/ca.key && \
+    openssl req -x509 -new -key /app/certs/ca.key \
+    -out /app/certs/ca.crt \
+    -days 3650 \
+    -subj "/C=US/ST=CA/O=Security Testing/CN=Testing Root CA" \
+    -addext "basicConstraints=critical,CA:TRUE" \
+    -addext "keyUsage=critical,digitalSignature,keyEncipherment,keyCertSign" && \
+    openssl pkcs12 -export \
+    -out /app/certs/ca.p12 \
+    -inkey /app/certs/ca.key \
+    -in /app/certs/ca.crt \
+    -passout pass:"" \
+    -name "Testing Root CA" && \
+    chmod 644 /app/certs/ca.crt && \
+    chmod 600 /app/certs/ca.key && \
+    chmod 600 /app/certs/ca.p12
+
+USER root
+RUN cp /app/certs/ca.crt /usr/local/share/ca-certificates/ca.crt && \
+    update-ca-certificates
+
+RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/opt/poetry python3 - && \
+    ln -s /opt/poetry/bin/poetry /usr/local/bin/poetry && \
+    chmod +x /usr/local/bin/poetry && \
+    python3 -m venv /app/venv && \
+    chown -R pentester:pentester /app/venv /opt/poetry
+
+USER pentester
+WORKDIR /tmp
+
+RUN go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest && \
+    go install -v github.com/projectdiscovery/katana/cmd/katana@latest && \
+    go install -v github.com/projectdiscovery/cvemap/cmd/vulnx@latest && \
+    go install -v github.com/jaeles-project/gospider@latest && \
+    go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
+
+RUN nuclei -update-templates
+
+RUN pipx install arjun && \
+    pipx install dirsearch && \
+    pipx inject dirsearch setuptools && \
+    pipx install wafw00f
+
+ENV NPM_CONFIG_PREFIX=/home/pentester/.npm-global
+RUN mkdir -p /home/pentester/.npm-global
+
+RUN npm install -g retire@latest && \
+    npm install -g eslint@latest && \
+    npm install -g js-beautify@latest
+
+WORKDIR /home/pentester/tools
+RUN git clone https://github.com/aravind0x7/JS-Snooper.git && \
+    chmod +x JS-Snooper/js_snooper.sh && \
+    git clone https://github.com/xchopath/jsniper.sh.git && \
+    chmod +x jsniper.sh/jsniper.sh && \
+    git clone https://github.com/ticarpi/jwt_tool.git && \
+    chmod +x jwt_tool/jwt_tool.py
+
+USER root
+
+RUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
+
+RUN apt-get update && apt-get install -y zaproxy
+
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
+
+RUN apt-get install -y wapiti
+
+USER pentester
+
+RUN pipx install semgrep && \
+    pipx install bandit
+
+RUN npm install -g jshint
+
+USER root
+
+RUN apt-get autoremove -y && \
+    apt-get autoclean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ENV PATH="/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:/app/venv/bin:$PATH"
+ENV VIRTUAL_ENV="/app/venv"
+ENV POETRY_HOME="/opt/poetry"
+
+WORKDIR /app
+
+RUN ARCH=$(uname -m) && \
+    if [ "$ARCH" = "x86_64" ]; then \
+        CAIDO_ARCH="x86_64"; \
+    elif [ "$ARCH" = "aarch64" ] || [ "$ARCH" = "arm64" ]; then \
+        CAIDO_ARCH="aarch64"; \
+    else \
+        echo "Unsupported architecture: $ARCH" && exit 1; \
+    fi && \
+    wget -O caido-cli.tar.gz https://caido.download/releases/v0.48.0/caido-cli-v0.48.0-linux-${CAIDO_ARCH}.tar.gz && \
+    tar -xzf caido-cli.tar.gz && \
+    chmod +x caido-cli && \
+    rm caido-cli.tar.gz && \
+    mv caido-cli /usr/local/bin/
+
+ENV STRIX_SANDBOX_MODE=true
+ENV PYTHONPATH=/app
+ENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+RUN mkdir -p /shared_workspace /workspace && chown -R pentester:pentester /shared_workspace /workspace /app
+
+COPY pyproject.toml poetry.lock ./
+
+USER pentester
+RUN poetry install --no-root --without dev
+RUN poetry run playwright install chromium
+
+RUN /app/venv/bin/pip install -r /home/pentester/tools/jwt_tool/requirements.txt && \
+    ln -s /home/pentester/tools/jwt_tool/jwt_tool.py /home/pentester/.local/bin/jwt_tool
+
+RUN echo "# Sandbox Environment" > README.md
+
+COPY strix/__init__.py strix/
+COPY strix/runtime/tool_server.py strix/runtime/__init__.py strix/runtime/runtime.py /app/strix/runtime/
+
+COPY strix/tools/__init__.py strix/tools/registry.py strix/tools/executor.py strix/tools/argument_parser.py /app/strix/tools/
+
+COPY strix/tools/browser/ /app/strix/tools/browser/
+COPY strix/tools/file_edit/ /app/strix/tools/file_edit/
+COPY strix/tools/notes/ /app/strix/tools/notes/
+COPY strix/tools/python/ /app/strix/tools/python/
+COPY strix/tools/terminal/ /app/strix/tools/terminal/
+COPY strix/tools/proxy/ /app/strix/tools/proxy/
+
+RUN echo 'export PATH="/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:$PATH"' >> /home/pentester/.bashrc && \
+    echo 'export PATH="/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:$PATH"' >> /home/pentester/.profile
+
+USER root
+COPY containers/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+USER pentester
+WORKDIR /workspace
+
+ENTRYPOINT ["docker-entrypoint.sh"]
--- a/containers/docker-entrypoint.sh
+++ b/containers/docker-entrypoint.sh
@@ -0,0 +1,128 @@
+#!/bin/bash
+set -e
+
+if [ -z "$CAIDO_PORT" ] || [ -z "$STRIX_TOOL_SERVER_PORT" ]; then
+    echo "Error: CAIDO_PORT and STRIX_TOOL_SERVER_PORT must be set."
+    exit 1
+fi
+
+caido-cli --listen 127.0.0.1:${CAIDO_PORT} \
+          --allow-guests \
+          --no-logging \
+          --no-open \
+          --import-ca-cert /app/certs/ca.p12 \
+          --import-ca-cert-pass "" > /dev/null 2>&1 &
+
+echo "Waiting for Caido API to be ready..."
+for i in {1..30}; do
+  if curl -s -o /dev/null http://localhost:${CAIDO_PORT}/graphql; then
+    echo "Caido API is ready."
+    break
+  fi
+  sleep 1
+done
+
+sleep 2
+
+echo "Fetching API token..."
+TOKEN=$(curl -s -X POST \
+  -H "Content-Type: application/json" \
+  -d '{"query":"mutation LoginAsGuest { loginAsGuest { token { accessToken } } }"}' \
+  http://localhost:${CAIDO_PORT}/graphql | jq -r '.data.loginAsGuest.token.accessToken')
+
+if [ -z "$TOKEN" ] || [ "$TOKEN" == "null" ]; then
+  echo "Failed to get API token from Caido."
+  curl -s -X POST -H "Content-Type: application/json" -d '{"query":"mutation { loginAsGuest { token { accessToken } } }"}' http://localhost:${CAIDO_PORT}/graphql
+  exit 1
+fi
+
+export CAIDO_API_TOKEN=$TOKEN
+echo "Caido API token has been set."
+
+echo "Creating a new Caido project..."
+CREATE_PROJECT_RESPONSE=$(curl -s -X POST \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TOKEN" \
+  -d '{"query":"mutation CreateProject { createProject(input: {name: \"sandbox\", temporary: true}) { project { id } } }"}' \
+  http://localhost:${CAIDO_PORT}/graphql)
+
+PROJECT_ID=$(echo $CREATE_PROJECT_RESPONSE | jq -r '.data.createProject.project.id')
+
+if [ -z "$PROJECT_ID" ] || [ "$PROJECT_ID" == "null" ]; then
+  echo "Failed to create Caido project."
+  echo "Response: $CREATE_PROJECT_RESPONSE"
+  exit 1
+fi
+
+echo "Caido project created with ID: $PROJECT_ID"
+
+echo "Selecting Caido project..."
+SELECT_RESPONSE=$(curl -s -X POST \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $TOKEN" \
+  -d '{"query":"mutation SelectProject { selectProject(id: \"'$PROJECT_ID'\") { currentProject { project { id } } } }"}' \
+  http://localhost:${CAIDO_PORT}/graphql)
+
+SELECTED_ID=$(echo $SELECT_RESPONSE | jq -r '.data.selectProject.currentProject.project.id')
+
+if [ "$SELECTED_ID" != "$PROJECT_ID" ]; then
+    echo "Failed to select Caido project."
+    echo "Response: $SELECT_RESPONSE"
+    exit 1
+fi
+
+echo "✅ Caido project selected successfully."
+
+echo "Configuring system-wide proxy settings..."
+
+cat << EOF | sudo tee /etc/profile.d/proxy.sh
+export http_proxy=http://127.0.0.1:${CAIDO_PORT}
+export https_proxy=http://127.0.0.1:${CAIDO_PORT}
+export HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
+export HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
+export ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
+export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
+export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+export CAIDO_API_TOKEN=${TOKEN}
+EOF
+
+cat << EOF | sudo tee /etc/environment
+http_proxy=http://127.0.0.1:${CAIDO_PORT}
+https_proxy=http://127.0.0.1:${CAIDO_PORT}
+HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}
+HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}
+ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}
+CAIDO_API_TOKEN=${TOKEN}
+EOF
+
+cat << EOF | sudo tee /etc/wgetrc
+use_proxy=yes
+http_proxy=http://127.0.0.1:${CAIDO_PORT}
+https_proxy=http://127.0.0.1:${CAIDO_PORT}
+EOF
+
+echo "source /etc/profile.d/proxy.sh" >> ~/.bashrc
+echo "source /etc/profile.d/proxy.sh" >> ~/.zshrc
+
+source /etc/profile.d/proxy.sh
+
+echo "✅ System-wide proxy configuration complete"
+
+echo "Adding CA to browser trust store..."
+sudo -u pentester mkdir -p /home/pentester/.pki/nssdb
+sudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password
+sudo -u pentester certutil -A -n "Testing Root CA" -t "C,," -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb
+echo "✅ CA added to browser trust store"
+
+echo "Starting tool server..."
+cd /app && \
+STRIX_SANDBOX_MODE=true \
+STRIX_SANDBOX_TOKEN=${STRIX_SANDBOX_TOKEN} \
+CAIDO_API_TOKEN=${TOKEN} \
+poetry run uvicorn strix.runtime.tool_server:app --host 0.0.0.0 --port ${STRIX_TOOL_SERVER_PORT} &
+
+echo "✅ Tool server started in background"
+
+cd /workspace
+
+exec "$@"