feat(arsenal): add six keyless recon/OSINT tool adapters#44
feat(arsenal): add six keyless recon/OSINT tool adapters#44mahdi-salmanzade wants to merge 2 commits into
Conversation
Adds whatweb, wafw00f, amass, dnsx, testssl.sh, and waybackurls to the arsenal catalog — all safe_command/receipt_required, keyless, non-dangerous tools that fill live gaps in web fingerprinting, WAF detection, passive attack-surface mapping, DNS validation, TLS posture, and historical-URL OSINT. Each adapter follows the CONTRIBUTING.md checklist (id/binary/name, category, families, risk, execution, networked, evidenceKinds, outputFormats, install/ command hints, parserStatus, notes). Because they are safe/receipt adapters, the generic factory mints them as real callable tools automatically — no phantom names. Keeps the numbers honest: full-arsenal count moves 83 → 89 (54 adapters + 35 built-ins). Updated README, FEATURES.md, and the verify-claims CLAIM 4 header to match. verify-claims stays 24/24, typecheck clean, 323 tests pass.
|
Nice additions. Two things to fix: 1. 2. This reds #54's honesty-guard. The 6 new adapters are mintable + untemplated, so under #54's Suggest: add the 6 ids to |
Addresses PR review (jmagly): 1. amass and dnsx shipped with broken invocations — both fell through to the default positional template. amass now uses the required `enum -passive -d` form; dnsx now passes the target via `-d` (with -a/-aaaa/-cname/-resp/-json) instead of a bare positional. Command hints updated to match. 2. All six new adapters (whatweb, wafw00f, amass, dnsx, testssl.sh, waybackurls) now have explicit ARG_TEMPLATES entries, so they are accounted-for rather than mintable-but-untemplated — clearing the UNACCOUNTED set the elder-plinius#54 arsenal-count-honesty guard flags, without leaning on KNOWN_DEBT. typecheck clean, 323 tests pass.
|
Thanks @jmagly — both fixed in 30018e7. 1. Broken invocations. Added real arg templates for
Command hints in the catalog updated to match the actual invocation. 2. Honesty guard. Rather than parking the 6 ids in
|
|
Thanks for the follow-up fixes. Please go ahead and rebase this branch onto current Suggested quick check before pushing: git fetch upstream
git rebase upstream/main
git diff --name-status upstream/main...HEAD
npm run typecheck
npm test
npm run verify-claimsThe important part is that the post-rebase diff stays scoped to the six OSINT/recon adapters, their arg templates, and the relevant tests/docs only. |
What
Adds six keyless, non-dangerous tool adapters to
src/arsenal/catalog.ts, filling live gaps in the recon/OSINT surface:whatwebwafw00famassdnsxtestsslwaybackurlsWhy
The catalog was strong on ProjectDiscovery probing + scanners but thin on WAF awareness, TLS posture, and passive historical-URL discovery. These are all standard, keyless bug-bounty/recon tools that compose with the existing kill chain. None are dangerous or credentialed, so no new approval gates are introduced.
Notes
CONTRIBUTING.mdadapter checklist (id/binary/name, category, families, risk, execution, networked, evidenceKinds, outputFormats, install/command hints, parserStatus, notes).safe_command/receipt_required, the generic factory mints them as real callable tools automatically — no phantom names (no-phantom-toolstest stays green).README.md,FEATURES.md, and theverify-claimsCLAIM 4 header to match.Verification
npm run verify-claims→ 24/24 ✅ (89 tools (54 adapters + 35 built-in))npm run typecheck→ cleannpm test→ 323 passed (28 files)