Opslog: timestamped operational log per channel with add, list,
search, and delete. SQLite-backed, admin-only clear.
Note: persistent per-channel key-value store with set, get, del,
list, clear. SQLite-backed, admin-only clear.
Subdomain: enumeration via crt.sh CT log query with optional DNS
brute force using a built-in 80-word prefix wordlist. Resolves
discovered subdomains concurrently.
Headers: HTTP header fingerprinting against 50+ signature patterns.
Detects servers, frameworks, CDNs, and security headers (HSTS, CSP,
XFO, etc).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace bruteforcelogin and bi_any_2_30d (404) with dshield and
spamhaus_drop. Guard ((var++)) with || true to prevent set -e from
killing the script when the pre-increment value is 0.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GeoIP and ASN lookup via MaxMind GeoLite2 mmdb, Tor exit node check
against local bulk exit list, IP reputation via Firehol/ET blocklist
feeds, and CVE lookup against local NVD JSON mirror.
Includes cron-friendly update script (scripts/update-data.sh) for all
data sources and make update-data target. GeoLite2 requires a free
MaxMind license key; all other sources are freely downloadable.
Plugins: geoip, asn, torcheck, iprep, cve
Commands: !geoip, !asn, !tor, !iprep, !cve
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mark v0.2.0 and v0.3.0 as done, set up wave 3 sprint targeting
local database plugins (geoip, asn, torcheck, iprep, cve).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hostmask-based admin controls with automatic IRCOP detection via WHO.
Permission enforcement in the central dispatch path denies restricted
commands to non-admins. Includes !whoami and !admins commands, marks
load/reload/unload as admin-only.
Also lands previously-implemented SASL PLAIN auth, token-bucket rate
limiting, and CTCP VERSION/TIME/PING responses that were staged but
uncommitted.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace sequential await in command/event dispatch with
asyncio.create_task() so slow commands (whois, httpcheck, tlscheck)
no longer block the read loop. Add _spawn() for task lifecycle
tracking. Enable cProfile in docker-compose for profiling. Add
scripts/test_client.py for end-to-end plugin testing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All pure stdlib, zero external dependencies:
- dns: raw UDP resolver with A/AAAA/MX/NS/TXT/CNAME/PTR/SOA
- encode: base64, hex, URL, ROT13 encode/decode
- hash: md5/sha1/sha256/sha512 generation + type identification
- defang: IOC defanging/refanging for safe sharing
- revshell: reverse shell one-liners for 11 languages
- cidr: subnet calculator with IP membership check
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Track bot start time via monotonic clock, display as compact
duration (e.g. "up 3d 2h 15m 42s").
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Image now contains only the derp package. Config and plugins are
bind-mounted at runtime, enabling live edits without rebuilds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Query CT logs via crt.sh to enumerate SSL certs for domains,
report expired/valid counts, and flag live expired certs.
Uses ThreadPoolExecutor(3) for blocking I/O on RPi5.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
