Skip to content

feat(arsenal): add six keyless recon/OSINT tool adapters#44

Open
mahdi-salmanzade wants to merge 2 commits into
elder-plinius:mainfrom
mahdi-salmanzade:feat/arsenal-recon-adapters
Open

feat(arsenal): add six keyless recon/OSINT tool adapters#44
mahdi-salmanzade wants to merge 2 commits into
elder-plinius:mainfrom
mahdi-salmanzade:feat/arsenal-recon-adapters

Conversation

@mahdi-salmanzade

Copy link
Copy Markdown

What

Adds six keyless, non-dangerous tool adapters to src/arsenal/catalog.ts, filling live gaps in the recon/OSINT surface:

id tool category risk / execution fills
whatweb WhatWeb web active / receipt_required web stack fingerprinting (CMS/framework/server)
wafw00f wafw00f web passive / safe_command WAF detection + fingerprint (tune/throttle probes)
amass OWASP Amass osint passive / receipt_required deep passive attack-surface + ASN/infra correlation
dnsx dnsx dns passive / safe_command fast DNS resolution/validation of candidate hosts
testssl testssl.sh crypto active / safe_command TLS/SSL posture (protocols, ciphers, cert, CVEs)
waybackurls waybackurls osint passive / safe_command historical URLs → forgotten endpoints/params

Why

The catalog was strong on ProjectDiscovery probing + scanners but thin on WAF awareness, TLS posture, and passive historical-URL discovery. These are all standard, keyless bug-bounty/recon tools that compose with the existing kill chain. None are dangerous or credentialed, so no new approval gates are introduced.

Notes

  • Each adapter follows the CONTRIBUTING.md adapter checklist (id/binary/name, category, families, risk, execution, networked, evidenceKinds, outputFormats, install/command hints, parserStatus, notes).
  • Because they are safe_command/receipt_required, the generic factory mints them as real callable tools automatically — no phantom names (no-phantom-tools test stays green).
  • Numbers kept honest: full-arsenal count moves 83 → 89 (54 adapters + 35 built-ins). Updated README.md, FEATURES.md, and the verify-claims CLAIM 4 header to match.

Verification

  • npm run verify-claims24/24 ✅ (89 tools (54 adapters + 35 built-in))
  • npm run typecheck → clean
  • npm test323 passed (28 files)

Adds whatweb, wafw00f, amass, dnsx, testssl.sh, and waybackurls to the
arsenal catalog — all safe_command/receipt_required, keyless, non-dangerous
tools that fill live gaps in web fingerprinting, WAF detection, passive
attack-surface mapping, DNS validation, TLS posture, and historical-URL OSINT.

Each adapter follows the CONTRIBUTING.md checklist (id/binary/name, category,
families, risk, execution, networked, evidenceKinds, outputFormats, install/
command hints, parserStatus, notes). Because they are safe/receipt adapters,
the generic factory mints them as real callable tools automatically — no
phantom names.

Keeps the numbers honest: full-arsenal count moves 83 → 89 (54 adapters + 35
built-ins). Updated README, FEATURES.md, and the verify-claims CLAIM 4 header
to match. verify-claims stays 24/24, typecheck clean, 323 tests pass.
@jmagly

jmagly commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Nice additions. Two things to fix:

1. amass and dnsx ship with broken invocations. Neither gets an arg template, so both fall through to the default [<target>]: amass example.com needs the enum subcommand, and dnsx example.com needs -d/stdin (not a positional) — so both produce no output as shipped. The other four (whatweb, wafw00f, testssl.sh, waybackurls) take a positional target and work.

2. This reds #54's honesty-guard. The 6 new adapters are mintable + untemplated, so under #54's arsenal-count-honesty test UNACCOUNTED becomes those 6 ids and the test fails. Whichever of #44/#54 lands second breaks the suite until these are added to KNOWN_DEBT (or given templates).

Suggest: add the 6 ids to KNOWN_DEBT and ideally enum/-d templates for amass & dnsx, then rebase so CI runs on the branch.

Addresses PR review (jmagly):

1. amass and dnsx shipped with broken invocations — both fell through to the
   default positional template. amass now uses the required `enum -passive -d`
   form; dnsx now passes the target via `-d` (with -a/-aaaa/-cname/-resp/-json)
   instead of a bare positional. Command hints updated to match.

2. All six new adapters (whatweb, wafw00f, amass, dnsx, testssl.sh,
   waybackurls) now have explicit ARG_TEMPLATES entries, so they are
   accounted-for rather than mintable-but-untemplated — clearing the
   UNACCOUNTED set the elder-plinius#54 arsenal-count-honesty guard flags, without leaning
   on KNOWN_DEBT.

typecheck clean, 323 tests pass.
@mahdi-salmanzade

Copy link
Copy Markdown
Author

Thanks @jmagly — both fixed in 30018e7.

1. Broken invocations. Added real arg templates for amass and dnsx:

  • amassenum -passive -d <target> (was falling through to a bare positional)
  • dnsx-d <target> -a -aaaa -cname -resp -json -silent

Command hints in the catalog updated to match the actual invocation.

2. Honesty guard. Rather than parking the 6 ids in KNOWN_DEBT, I gave all six new adapters explicit ARG_TEMPLATES entries (the four positional ones — whatweb, wafw00f, testssl.sh, waybackurls — included). That moves them out of the mintable-but-untemplated UNACCOUNTED set entirely, so #44 and #54 no longer collide regardless of merge order.

npm run typecheck clean, npm test 323/323, verify-claims still 24/24. Rebase onto latest main is fine whenever — happy to do it if you'd like CI to run on the branch.

@jmagly

jmagly commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Thanks for the follow-up fixes. Please go ahead and rebase this branch onto current main now so GitHub can clear the merge conflict and CI can run against the current tree.

Suggested quick check before pushing:

git fetch upstream
git rebase upstream/main
git diff --name-status upstream/main...HEAD
npm run typecheck
npm test
npm run verify-claims

The important part is that the post-rebase diff stays scoped to the six OSINT/recon adapters, their arg templates, and the relevant tests/docs only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants