username/derp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4a2960b288e9b4e5ae11462029bcc76468970e3a
derp/ROADMAP.md
user 4a2960b288 feat: add exploitdb and payload plugins, complete wave 4 
ExploitDB: search local exploit-db CSV mirror by keyword, EDB ID,
or CVE identifier. In-bot update command downloads the latest CSV
from GitLab. Also added to the update-data.sh script.

Payload: built-in template library with 52 payloads across 6
categories (sqli, xss, ssti, lfi, cmdi, xxe). Supports browsing,
numeric index, and keyword search within categories.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 02:54:38 +01:00

2.4 KiB
Raw Blame History

derp - Roadmap

v0.1.0 -- Foundation (done)

  • IRC protocol: connect, parse, send
  • TLS support with optional verification
  • Plugin system with @command and @event
  • TOML configuration with defaults merging
  • Built-in plugins: ping, help, version
  • Auto PING/PONG, nick recovery, reconnect
  • CLI entry point with argparse

v0.2.0 -- Operational Toolkit (done)

  • Plugin hot-reload (!load, !reload, !unload, !plugins)
  • Command shorthand (unambiguous prefix matching)
  • Plugin help (!help )
  • Container support (Containerfile, podman-compose)
  • DNS plugin (raw UDP resolver, all record types)
  • Encode/decode plugin (b64, hex, url, rot13)
  • Hash plugin (generation + type identification)
  • Defang/refang plugin (IOC sanitization)
  • Reverse shell generator (11 languages)
  • CIDR calculator plugin
  • Bot uptime command
  • SASL PLAIN authentication
  • Rate limiting (anti-flood, token bucket)
  • CTCP VERSION/TIME/PING responses

v0.3.0 -- Wave 2 + Admin (done)

  • WHOIS plugin (raw socket, port 43)
  • Port scanner plugin (async TCP connect)
  • HTTP check plugin (status, redirects, timing)
  • TLS check plugin (cipher, cert chain, expiry)
  • DNSBL/blacklist check plugin
  • Random generator plugin (passwords, UUIDs, hex)
  • Timer plugin (countdown for time-boxed ops)
  • Admin/owner permission system (hostmask + IRCOP)
  • !whoami and !admins commands

v0.4.0 -- Wave 3 Plugins (Local Databases) (done)

  • GeoIP plugin (MaxMind GeoLite2-City mmdb)
  • ASN plugin (GeoLite2-ASN mmdb)
  • Tor exit node check (local list, daily refresh)
  • IP reputation plugin (Firehol blocklist feeds)
  • CVE lookup plugin (local NVD JSON feed)
  • Data update script (cron-friendly, all local DBs)

v0.5.0 -- Wave 4 Plugins (Advanced) (done)

  • Operational logging plugin (SQLite per-channel)
  • Persistent notes plugin (per-channel key-value)
  • Subdomain enumeration (crt.sh + wordlist DNS brute)
  • HTTP header fingerprinting (local signature db)
  • ExploitDB search (local CSV clone)
  • Payload template library (SQLi, XSS, SSTI, LFI, CMDi, XXE)

v1.0.0 -- Stable

  • Multi-server support
  • IRCv3 capability negotiation
  • Message tags support
  • Stable plugin API (versioned)
  • Channel management commands (kick, ban, topic)
  • Plugin state persistence (SQLite)
Reference in New Issue View Git Blame Copy Permalink