feat: add jwt, mac, abuseipdb, virustotal, and emailcheck plugins

v2.0.0 sprint 1 -- five standalone plugins requiring no core changes: - jwt: decode JWT header/payload, flag alg=none/expired/nbf issues - mac: IEEE OUI vendor lookup, random MAC generation, OUI download - abuseipdb: IP reputation check + abuse reporting (admin) via API - virustotal: hash/IP/domain/URL lookup via VT APIv3, 4/min rate limit - emailcheck: SMTP RCPT TO verification via MX + SOCKS proxy (admin) Also adds update_oui() to update-data.sh and documents all five plugins in USAGE.md and CHEATSHEET.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 21:04:43 +01:00
parent 75c6ab1e62
commit eb37fef730
8 changed files with 980 additions and 1 deletions
--- a/scripts/update-data.sh
+++ b/scripts/update-data.sh
@@ -78,6 +78,24 @@ update_iprep() {
    fi
 }

+# -- IEEE OUI database --------------------------------------------------------
+update_oui() {
+    local dest="$DATA_DIR/oui.txt"
+    local url="https://standards-oui.ieee.org/oui/oui.txt"
+    mkdir -p "$DATA_DIR"
+    dim "Downloading IEEE OUI database..."
+    if curl -sS -fL --max-time 60 -o "$dest.tmp" "$url"; then
+        local count
+        count=$(grep -cE '^[0-9A-F]{2}-' "$dest.tmp" || true)
+        mv "$dest.tmp" "$dest"
+        info "OUI database: $count vendors"
+    else
+        rm -f "$dest.tmp"
+        err "Failed to download OUI database"
+        ((FAILURES++)) || true
+    fi
+}
+
 # -- GeoLite2 databases -------------------------------------------------------
 update_geolite2() {
    # Requires MAXMIND_LICENSE_KEY env var
@@ -132,6 +150,7 @@ echo

 update_tor
 update_iprep
+update_oui
 update_exploitdb
 update_geolite2