e1b57e1764
Opslog: timestamped operational log per channel with add, list, search, and delete. SQLite-backed, admin-only clear. Note: persistent per-channel key-value store with set, get, del, list, clear. SQLite-backed, admin-only clear. Subdomain: enumeration via crt.sh CT log query with optional DNS brute force using a built-in 80-word prefix wordlist. Resolves discovered subdomains concurrently. Headers: HTTP header fingerprinting against 50+ signature patterns. Detects servers, frameworks, CDNs, and security headers (HSTS, CSP, XFO, etc). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3.3 KiB
3.3 KiB
derp
Asyncio IRC bot for Python 3.11+ with a decorator-based plugin system. Built for red team ops, OSINT, and OPSEC workflows.
Quick Start
git clone <repo> ~/git/derp && cd ~/git/derp
make install
cp config/derp.toml.example config/derp.toml
# Edit config/derp.toml with your server details
make run
Container
make up # Build + start with podman-compose
make logs # Follow logs
make down # Stop
Features
- Async IRC over plain TCP or TLS (SASL PLAIN auth)
- Plugin system with
@commandand@eventdecorators - Hot-reload: load, unload, reload plugins at runtime
- Admin permission system (hostmask patterns + IRCOP detection)
- Command shorthand:
!hresolves to!help(unambiguous prefix matching) - TOML configuration with sensible defaults
- Rate limiting, CTCP responses, auto reconnect
- Containerized deployment via Podman
Plugins
| Plugin | Commands | Description |
|---|---|---|
| core | ping, help, version, uptime, whoami, admins, load, reload, unload, plugins | Bot management |
| dns | dns | Raw UDP DNS resolver (A/AAAA/MX/NS/TXT/CNAME/PTR/SOA) |
| encode | encode, decode | Base64, hex, URL, ROT13 |
| hash | hash, hashid | Hash generation + type identification |
| defang | defang, refang | IOC defanging for safe sharing |
| revshell | revshell | Reverse shell one-liners (11 languages) |
| cidr | cidr | Subnet calculator + IP membership check |
| crtsh | cert | Certificate transparency log lookup |
| whois | whois | Raw socket WHOIS (port 43) |
| portcheck | portcheck | Async TCP port scanner |
| httpcheck | httpcheck | HTTP status, redirects, response time |
| tlscheck | tlscheck | TLS version, cipher, cert details |
| blacklist | blacklist | DNSBL/RBL IP reputation check |
| rand | rand | Passwords, hex, UUIDs, dice rolls |
| timer | timer | Countdown timers with notification |
| geoip | geoip | GeoIP city/country lookup (MaxMind mmdb) |
| asn | asn | AS number + organization lookup (MaxMind mmdb) |
| torcheck | tor | Tor exit node check (local list) |
| iprep | iprep | IP reputation (Firehol/ET blocklists) |
| cve | cve | CVE lookup + search (local NVD mirror) |
| opslog | opslog | Timestamped operational notes (SQLite) |
| note | note | Per-channel persistent key-value store |
| subdomain | subdomain | Subdomain enum (crt.sh + DNS brute) |
| headers | headers | HTTP header fingerprinting |
| example | echo | Demo plugin |
Writing Plugins
from derp.plugin import command, event
@command("greet", help="Say hello")
async def cmd_greet(bot, message):
await bot.reply(message, f"Hello, {message.nick}!")
@event("JOIN")
async def on_join(bot, message):
if message.nick != bot.nick:
await bot.send(message.target, f"Welcome, {message.nick}")
Make Targets
| Target | Description |
|---|---|
make install |
Create venv and install |
make test |
Run test suite |
make lint |
Lint with ruff |
make run |
Start the bot (bare metal) |
make link |
Symlink to ~/.local/bin/ |
make build |
Build container image |
make up |
Start with podman-compose |
make down |
Stop with podman-compose |
make logs |
Follow compose logs |
Documentation
License
MIT