username/derp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
66116d2cafe3f5a8a0aa4e5e6a8bf6f95d11a43d
derp/ROADMAP.md
user ca46042c41 docs: update docs for Mumble integration 
Add Mumble sections to USAGE.md, CHEATSHEET.md, API.md, README.md.
Mark Mumble done in ROADMAP.md and TODO.md. Update TASKS.md sprint.
2026-02-21 21:02:46 +01:00

162 lines
7.1 KiB
Markdown
Raw Blame History

# derp - Roadmap
## v0.1.0 -- Foundation (done)
- [x] IRC protocol: connect, parse, send
- [x] TLS support with optional verification
- [x] Plugin system with `@command` and `@event`
- [x] TOML configuration with defaults merging
- [x] Built-in plugins: ping, help, version
- [x] Auto PING/PONG, nick recovery, reconnect
- [x] CLI entry point with argparse
## v0.2.0 -- Operational Toolkit (done)
- [x] Plugin hot-reload (!load, !reload, !unload, !plugins)
- [x] Command shorthand (unambiguous prefix matching)
- [x] Plugin help (!help <plugin>)
- [x] Container support (Containerfile, podman-compose)
- [x] DNS plugin (raw UDP resolver, all record types)
- [x] Encode/decode plugin (b64, hex, url, rot13)
- [x] Hash plugin (generation + type identification)
- [x] Defang/refang plugin (IOC sanitization)
- [x] Reverse shell generator (11 languages)
- [x] CIDR calculator plugin
- [x] Bot uptime command
- [x] SASL PLAIN authentication
- [x] Rate limiting (anti-flood, token bucket)
- [x] CTCP VERSION/TIME/PING responses
## v0.3.0 -- Wave 2 + Admin (done)
- [x] WHOIS plugin (raw socket, port 43)
- [x] Port scanner plugin (async TCP connect)
- [x] HTTP check plugin (status, redirects, timing)
- [x] TLS check plugin (cipher, cert chain, expiry)
- [x] DNSBL/blacklist check plugin
- [x] Random generator plugin (passwords, UUIDs, hex)
- [x] Timer plugin (countdown for time-boxed ops)
- [x] Admin/owner permission system (hostmask + IRCOP)
- [x] !whoami and !admins commands
## v0.4.0 -- Wave 3 Plugins (Local Databases) (done)
- [x] GeoIP plugin (MaxMind GeoLite2-City mmdb)
- [x] ASN plugin (GeoLite2-ASN mmdb)
- [x] Tor exit node check (local list, daily refresh)
- [x] IP reputation plugin (Firehol blocklist feeds)
- [x] CVE lookup plugin (local NVD JSON feed)
- [x] Data update script (cron-friendly, all local DBs)
## v0.5.0 -- Wave 4 Plugins (Advanced) (done)
- [x] Operational logging plugin (SQLite per-channel)
- [x] Persistent notes plugin (per-channel key-value)
- [x] Subdomain enumeration (crt.sh + wordlist DNS brute)
- [x] HTTP header fingerprinting (local signature db)
- [x] ExploitDB search (local CSV clone)
- [x] Payload template library (SQLi, XSS, SSTI, LFI, CMDi, XXE)
## v1.0.0 -- Stable (done)
- [x] IRCv3 capability negotiation (CAP LS 302)
- [x] Message tags support (IRCv3 @tags parsing)
- [x] Channel management commands (kick, ban, unban, topic, mode)
- [x] Plugin state persistence (SQLite key-value store)
## v1.1.0 -- Hardening + Wave 5 Plugins (done)
- [x] Message truncation for IRC 512-byte limit
- [x] Configurable reconnect backoff (exponential)
- [x] Bot orchestrator + config merge tests
- [x] `wayback` plugin (Wayback Machine snapshot lookup)
- [x] `dork` plugin (Google dork query builder)
- [x] Per-channel plugin enable/disable
- [x] Structured logging (JSON output option)
- [x] Integration tests with mock IRC server
- [x] `username` plugin (cross-platform username enumeration)
## v1.2.0 -- Subscriptions + Proxy (done)
- [x] `rss` plugin (RSS/Atom feed subscriptions with polling)
- [x] `yt` plugin (YouTube channel follow via Atom feeds)
- [x] `twitch` plugin (livestream notifications via public GQL)
- [x] `alert` plugin (keyword alerts across 27 platforms)
- [x] `searx` plugin (SearXNG web search)
- [x] `tdns` plugin (TCP DNS via SOCKS5 proxy)
- [x] `remind` plugin (one-shot, repeating, calendar-based reminders)
- [x] SOCKS5 proxy transport layer (HTTP, TCP, async connections)
- [x] Alert backends: YouTube, Twitch, SearXNG, Reddit, Mastodon,
DuckDuckGo, Google News, Kick, Dailymotion, PeerTube, Bluesky,
Lemmy, Odysee, Archive.org, Hacker News, GitHub, Wikipedia,
Stack Exchange, GitLab, npm, PyPI, Docker Hub, arXiv, Lobsters,
DEV.to, Medium, Hugging Face
- [x] Alert result history (SQLite) with short IDs and `!alert info`
- [x] OG tag fetching for keyword matching and date enrichment
- [x] Invite auto-join with persistence
- [x] Graceful SIGTERM shutdown
- [x] InnerTube-based YouTube channel resolution for video URLs
## v1.2.1 -- Performance + Polish (done)
- [x] HTTP opener caching at module level (eliminates per-request construction)
- [x] `--tracemalloc` CLI flag for memory profiling (dumps to `data/derp.malloc`)
- [x] Background seeding on `!alert add` (instant reply, seeds asynchronously)
- [x] Per-backend error tracking with exponential backoff
- [x] Concurrent fetches for multi-instance backends (PeerTube, Mastodon, Lemmy, SearXNG)
- [x] `retries` parameter for `derp.http.urlopen`
- [x] Alert output: ACTION line (metadata/URL) + PRIVMSG (full uncropped title)
- [x] tracemalloc writes to file instead of logger (survives podman log buffer)
## v2.0.0 -- Multi-Server + Integrations
- [x] Multi-server support (per-server config, shared plugins)
- [x] Stable plugin API (versioned, breaking change policy)
- [x] Paste overflow (auto-paste long output to FlaskPaste, return link)
- [x] URL shortener integration (shorten URLs in subscription announcements)
- [x] Webhook listener (HTTP endpoint for push events to channels)
- [x] Granular ACLs (per-command permission tiers: trusted, operator, admin)
- [x] `paste` command (manual paste to FlaskPaste)
- [x] `shorten` command (manual URL shortening)
- [x] `emailcheck` plugin (SMTP VRFY/RCPT TO)
- [x] `canary` plugin (canary token generator/tracker)
- [x] `virustotal` plugin (hash/URL/IP/domain lookup, free API)
- [x] `abuseipdb` plugin (IP abuse confidence scoring, free tier)
- [x] `jwt` plugin (decode tokens, show claims/expiry, flag weaknesses)
- [x] `mac` plugin (OUI vendor lookup, local IEEE database)
- [x] `pastemoni` plugin (monitor paste sites for keywords)
- [x] `cron` plugin (scheduled bot commands on a timer)
- [x] Plugin command unit tests (encode, hash, dns, cidr, defang)
- [x] CI pipeline (Gitea Actions, Python 3.11-3.13, ruff + pytest)
## v2.1.0 -- Teams + Telegram Integration
- [x] Microsoft Teams adapter via outgoing webhooks (no SDK)
- [x] `TeamsBot` class with same plugin API as IRC `Bot`
- [x] `TeamsMessage` dataclass duck-typed with IRC `Message`
- [x] HMAC-SHA256 webhook signature validation
- [x] Permission tiers via AAD object IDs
- [x] IRC-only methods as no-ops (join, part, kick, mode, set_topic)
- [x] Incoming webhook support for `send()` (proactive messages)
- [x] Paste overflow via FlaskPaste (same as IRC)
- [x] Teams `send()` routed through SOCKS5 proxy (bug fix)
- [x] Telegram adapter via long-polling (`getUpdates`, no SDK)
- [x] `TelegramBot` class with same plugin API as IRC `Bot`
- [x] `TelegramMessage` dataclass duck-typed with IRC `Message`
- [x] All Telegram HTTP through SOCKS5 proxy
- [x] Message splitting at 4096-char limit
- [x] `@botusername` suffix stripping in groups
- [ ] Adaptive Cards for richer formatting (Teams)
- [ ] Graph API integration for DMs and richer channel access (Teams)
- [ ] Teams event handlers (member join/leave)
## v2.2.0 -- Protocol Expansion
- [x] Mumble adapter via TCP/TLS protobuf control channel (text chat only)
- [ ] Discord adapter via WebSocket gateway + REST API
- [ ] Matrix adapter via long-poll `/sync` endpoint
- [ ] XMPP adapter via persistent TCP + XML stanzas (MUC support)
- [ ] Slack adapter via Socket Mode WebSocket
- [ ] Mattermost adapter via WebSocket API
- [ ] Bluesky adapter via AT Protocol firehose + REST API
Reference in New Issue View Git Blame Copy Permalink