username/derp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4a2960b288e9b4e5ae11462029bcc76468970e3a
derp/ROADMAP.md
user 4a2960b288 feat: add exploitdb and payload plugins, complete wave 4 
ExploitDB: search local exploit-db CSV mirror by keyword, EDB ID,
or CVE identifier. In-bot update command downloads the latest CSV
from GitLab. Also added to the update-data.sh script.

Payload: built-in template library with 52 payloads across 6
categories (sqli, xss, ssti, lfi, cmdi, xxe). Supports browsing,
numeric index, and keyword search within categories.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 02:54:38 +01:00

68 lines
2.4 KiB
Markdown
Raw Blame History

# derp - Roadmap
## v0.1.0 -- Foundation (done)
- [x] IRC protocol: connect, parse, send
- [x] TLS support with optional verification
- [x] Plugin system with `@command` and `@event`
- [x] TOML configuration with defaults merging
- [x] Built-in plugins: ping, help, version
- [x] Auto PING/PONG, nick recovery, reconnect
- [x] CLI entry point with argparse
## v0.2.0 -- Operational Toolkit (done)
- [x] Plugin hot-reload (!load, !reload, !unload, !plugins)
- [x] Command shorthand (unambiguous prefix matching)
- [x] Plugin help (!help <plugin>)
- [x] Container support (Containerfile, podman-compose)
- [x] DNS plugin (raw UDP resolver, all record types)
- [x] Encode/decode plugin (b64, hex, url, rot13)
- [x] Hash plugin (generation + type identification)
- [x] Defang/refang plugin (IOC sanitization)
- [x] Reverse shell generator (11 languages)
- [x] CIDR calculator plugin
- [x] Bot uptime command
- [x] SASL PLAIN authentication
- [x] Rate limiting (anti-flood, token bucket)
- [x] CTCP VERSION/TIME/PING responses
## v0.3.0 -- Wave 2 + Admin (done)
- [x] WHOIS plugin (raw socket, port 43)
- [x] Port scanner plugin (async TCP connect)
- [x] HTTP check plugin (status, redirects, timing)
- [x] TLS check plugin (cipher, cert chain, expiry)
- [x] DNSBL/blacklist check plugin
- [x] Random generator plugin (passwords, UUIDs, hex)
- [x] Timer plugin (countdown for time-boxed ops)
- [x] Admin/owner permission system (hostmask + IRCOP)
- [x] !whoami and !admins commands
## v0.4.0 -- Wave 3 Plugins (Local Databases) (done)
- [ ] GeoIP plugin (MaxMind GeoLite2-City mmdb)
- [ ] ASN plugin (GeoLite2-ASN mmdb)
- [ ] Tor exit node check (local list, daily refresh)
- [ ] IP reputation plugin (Firehol blocklist feeds)
- [ ] CVE lookup plugin (local NVD JSON feed)
- [ ] Data update script (cron-friendly, all local DBs)
## v0.5.0 -- Wave 4 Plugins (Advanced) (done)
- [x] Operational logging plugin (SQLite per-channel)
- [x] Persistent notes plugin (per-channel key-value)
- [x] Subdomain enumeration (crt.sh + wordlist DNS brute)
- [x] HTTP header fingerprinting (local signature db)
- [x] ExploitDB search (local CSV clone)
- [x] Payload template library (SQLi, XSS, SSTI, LFI, CMDi, XXE)
## v1.0.0 -- Stable
- [ ] Multi-server support
- [ ] IRCv3 capability negotiation
- [ ] Message tags support
- [ ] Stable plugin API (versioned)
- [ ] Channel management commands (kick, ban, topic)
- [ ] Plugin state persistence (SQLite)
Reference in New Issue View Git Blame Copy Permalink