username/derp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66116d2cafe3f5a8a0aa4e5e6a8bf6f95d11a43d
derp/ROADMAP.md
user ca46042c41 docs: update docs for Mumble integration 
Add Mumble sections to USAGE.md, CHEATSHEET.md, API.md, README.md.
Mark Mumble done in ROADMAP.md and TODO.md. Update TASKS.md sprint.
2026-02-21 21:02:46 +01:00

7.1 KiB
Raw Blame History

derp - Roadmap

v0.1.0 -- Foundation (done)

  • IRC protocol: connect, parse, send
  • TLS support with optional verification
  • Plugin system with @command and @event
  • TOML configuration with defaults merging
  • Built-in plugins: ping, help, version
  • Auto PING/PONG, nick recovery, reconnect
  • CLI entry point with argparse

v0.2.0 -- Operational Toolkit (done)

  • Plugin hot-reload (!load, !reload, !unload, !plugins)
  • Command shorthand (unambiguous prefix matching)
  • Plugin help (!help )
  • Container support (Containerfile, podman-compose)
  • DNS plugin (raw UDP resolver, all record types)
  • Encode/decode plugin (b64, hex, url, rot13)
  • Hash plugin (generation + type identification)
  • Defang/refang plugin (IOC sanitization)
  • Reverse shell generator (11 languages)
  • CIDR calculator plugin
  • Bot uptime command
  • SASL PLAIN authentication
  • Rate limiting (anti-flood, token bucket)
  • CTCP VERSION/TIME/PING responses

v0.3.0 -- Wave 2 + Admin (done)

  • WHOIS plugin (raw socket, port 43)
  • Port scanner plugin (async TCP connect)
  • HTTP check plugin (status, redirects, timing)
  • TLS check plugin (cipher, cert chain, expiry)
  • DNSBL/blacklist check plugin
  • Random generator plugin (passwords, UUIDs, hex)
  • Timer plugin (countdown for time-boxed ops)
  • Admin/owner permission system (hostmask + IRCOP)
  • !whoami and !admins commands

v0.4.0 -- Wave 3 Plugins (Local Databases) (done)

  • GeoIP plugin (MaxMind GeoLite2-City mmdb)
  • ASN plugin (GeoLite2-ASN mmdb)
  • Tor exit node check (local list, daily refresh)
  • IP reputation plugin (Firehol blocklist feeds)
  • CVE lookup plugin (local NVD JSON feed)
  • Data update script (cron-friendly, all local DBs)

v0.5.0 -- Wave 4 Plugins (Advanced) (done)

  • Operational logging plugin (SQLite per-channel)
  • Persistent notes plugin (per-channel key-value)
  • Subdomain enumeration (crt.sh + wordlist DNS brute)
  • HTTP header fingerprinting (local signature db)
  • ExploitDB search (local CSV clone)
  • Payload template library (SQLi, XSS, SSTI, LFI, CMDi, XXE)

v1.0.0 -- Stable (done)

  • IRCv3 capability negotiation (CAP LS 302)
  • Message tags support (IRCv3 @tags parsing)
  • Channel management commands (kick, ban, unban, topic, mode)
  • Plugin state persistence (SQLite key-value store)

v1.1.0 -- Hardening + Wave 5 Plugins (done)

  • Message truncation for IRC 512-byte limit
  • Configurable reconnect backoff (exponential)
  • Bot orchestrator + config merge tests
  • wayback plugin (Wayback Machine snapshot lookup)
  • dork plugin (Google dork query builder)
  • Per-channel plugin enable/disable
  • Structured logging (JSON output option)
  • Integration tests with mock IRC server
  • username plugin (cross-platform username enumeration)

v1.2.0 -- Subscriptions + Proxy (done)

  • rss plugin (RSS/Atom feed subscriptions with polling)
  • yt plugin (YouTube channel follow via Atom feeds)
  • twitch plugin (livestream notifications via public GQL)
  • alert plugin (keyword alerts across 27 platforms)
  • searx plugin (SearXNG web search)
  • tdns plugin (TCP DNS via SOCKS5 proxy)
  • remind plugin (one-shot, repeating, calendar-based reminders)
  • SOCKS5 proxy transport layer (HTTP, TCP, async connections)
  • Alert backends: YouTube, Twitch, SearXNG, Reddit, Mastodon, DuckDuckGo, Google News, Kick, Dailymotion, PeerTube, Bluesky, Lemmy, Odysee, Archive.org, Hacker News, GitHub, Wikipedia, Stack Exchange, GitLab, npm, PyPI, Docker Hub, arXiv, Lobsters, DEV.to, Medium, Hugging Face
  • Alert result history (SQLite) with short IDs and !alert info
  • OG tag fetching for keyword matching and date enrichment
  • Invite auto-join with persistence
  • Graceful SIGTERM shutdown
  • InnerTube-based YouTube channel resolution for video URLs

v1.2.1 -- Performance + Polish (done)

  • HTTP opener caching at module level (eliminates per-request construction)
  • --tracemalloc CLI flag for memory profiling (dumps to data/derp.malloc)
  • Background seeding on !alert add (instant reply, seeds asynchronously)
  • Per-backend error tracking with exponential backoff
  • Concurrent fetches for multi-instance backends (PeerTube, Mastodon, Lemmy, SearXNG)
  • retries parameter for derp.http.urlopen
  • Alert output: ACTION line (metadata/URL) + PRIVMSG (full uncropped title)
  • tracemalloc writes to file instead of logger (survives podman log buffer)

v2.0.0 -- Multi-Server + Integrations

  • Multi-server support (per-server config, shared plugins)
  • Stable plugin API (versioned, breaking change policy)
  • Paste overflow (auto-paste long output to FlaskPaste, return link)
  • URL shortener integration (shorten URLs in subscription announcements)
  • Webhook listener (HTTP endpoint for push events to channels)
  • Granular ACLs (per-command permission tiers: trusted, operator, admin)
  • paste command (manual paste to FlaskPaste)
  • shorten command (manual URL shortening)
  • emailcheck plugin (SMTP VRFY/RCPT TO)
  • canary plugin (canary token generator/tracker)
  • virustotal plugin (hash/URL/IP/domain lookup, free API)
  • abuseipdb plugin (IP abuse confidence scoring, free tier)
  • jwt plugin (decode tokens, show claims/expiry, flag weaknesses)
  • mac plugin (OUI vendor lookup, local IEEE database)
  • pastemoni plugin (monitor paste sites for keywords)
  • cron plugin (scheduled bot commands on a timer)
  • Plugin command unit tests (encode, hash, dns, cidr, defang)
  • CI pipeline (Gitea Actions, Python 3.11-3.13, ruff + pytest)

v2.1.0 -- Teams + Telegram Integration

  • Microsoft Teams adapter via outgoing webhooks (no SDK)
  • TeamsBot class with same plugin API as IRC Bot
  • TeamsMessage dataclass duck-typed with IRC Message
  • HMAC-SHA256 webhook signature validation
  • Permission tiers via AAD object IDs
  • IRC-only methods as no-ops (join, part, kick, mode, set_topic)
  • Incoming webhook support for send() (proactive messages)
  • Paste overflow via FlaskPaste (same as IRC)
  • Teams send() routed through SOCKS5 proxy (bug fix)
  • Telegram adapter via long-polling (getUpdates, no SDK)
  • TelegramBot class with same plugin API as IRC Bot
  • TelegramMessage dataclass duck-typed with IRC Message
  • All Telegram HTTP through SOCKS5 proxy
  • Message splitting at 4096-char limit
  • @botusername suffix stripping in groups
  • Adaptive Cards for richer formatting (Teams)
  • Graph API integration for DMs and richer channel access (Teams)
  • Teams event handlers (member join/leave)

v2.2.0 -- Protocol Expansion

  • Mumble adapter via TCP/TLS protobuf control channel (text chat only)
  • Discord adapter via WebSocket gateway + REST API
  • Matrix adapter via long-poll /sync endpoint
  • XMPP adapter via persistent TCP + XML stanzas (MUC support)
  • Slack adapter via Socket Mode WebSocket
  • Mattermost adapter via WebSocket API
  • Bluesky adapter via AT Protocol firehose + REST API
Reference in New Issue View Git Blame Copy Permalink