username/derp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb37fef730cc5ceff3244b99668aa511fdd0d3a0
derp/ROADMAP.md
user 75c6ab1e62 docs: expand v2.0.0 roadmap with integrations and new plugins 
Add FlaskPaste integration (paste overflow, URL shortener),
webhook listener, granular ACLs, and 10 new plugin targets
(virustotal, abuseipdb, jwt, mac, pastemoni, cron, paste,
shorten, emailcheck, canary). Reorganize TODO.md by category.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 20:14:10 +01:00

5.0 KiB
Raw Blame History

derp - Roadmap

v0.1.0 -- Foundation (done)

  • IRC protocol: connect, parse, send
  • TLS support with optional verification
  • Plugin system with @command and @event
  • TOML configuration with defaults merging
  • Built-in plugins: ping, help, version
  • Auto PING/PONG, nick recovery, reconnect
  • CLI entry point with argparse

v0.2.0 -- Operational Toolkit (done)

  • Plugin hot-reload (!load, !reload, !unload, !plugins)
  • Command shorthand (unambiguous prefix matching)
  • Plugin help (!help )
  • Container support (Containerfile, podman-compose)
  • DNS plugin (raw UDP resolver, all record types)
  • Encode/decode plugin (b64, hex, url, rot13)
  • Hash plugin (generation + type identification)
  • Defang/refang plugin (IOC sanitization)
  • Reverse shell generator (11 languages)
  • CIDR calculator plugin
  • Bot uptime command
  • SASL PLAIN authentication
  • Rate limiting (anti-flood, token bucket)
  • CTCP VERSION/TIME/PING responses

v0.3.0 -- Wave 2 + Admin (done)

  • WHOIS plugin (raw socket, port 43)
  • Port scanner plugin (async TCP connect)
  • HTTP check plugin (status, redirects, timing)
  • TLS check plugin (cipher, cert chain, expiry)
  • DNSBL/blacklist check plugin
  • Random generator plugin (passwords, UUIDs, hex)
  • Timer plugin (countdown for time-boxed ops)
  • Admin/owner permission system (hostmask + IRCOP)
  • !whoami and !admins commands

v0.4.0 -- Wave 3 Plugins (Local Databases) (done)

  • GeoIP plugin (MaxMind GeoLite2-City mmdb)
  • ASN plugin (GeoLite2-ASN mmdb)
  • Tor exit node check (local list, daily refresh)
  • IP reputation plugin (Firehol blocklist feeds)
  • CVE lookup plugin (local NVD JSON feed)
  • Data update script (cron-friendly, all local DBs)

v0.5.0 -- Wave 4 Plugins (Advanced) (done)

  • Operational logging plugin (SQLite per-channel)
  • Persistent notes plugin (per-channel key-value)
  • Subdomain enumeration (crt.sh + wordlist DNS brute)
  • HTTP header fingerprinting (local signature db)
  • ExploitDB search (local CSV clone)
  • Payload template library (SQLi, XSS, SSTI, LFI, CMDi, XXE)

v1.0.0 -- Stable (done)

  • IRCv3 capability negotiation (CAP LS 302)
  • Message tags support (IRCv3 @tags parsing)
  • Channel management commands (kick, ban, unban, topic, mode)
  • Plugin state persistence (SQLite key-value store)

v1.1.0 -- Hardening + Wave 5 Plugins (done)

  • Message truncation for IRC 512-byte limit
  • Configurable reconnect backoff (exponential)
  • Bot orchestrator + config merge tests
  • wayback plugin (Wayback Machine snapshot lookup)
  • dork plugin (Google dork query builder)
  • Per-channel plugin enable/disable
  • Structured logging (JSON output option)
  • Integration tests with mock IRC server
  • username plugin (cross-platform username enumeration)

v1.2.0 -- Subscriptions + Proxy (done)

  • rss plugin (RSS/Atom feed subscriptions with polling)
  • yt plugin (YouTube channel follow via Atom feeds)
  • twitch plugin (livestream notifications via public GQL)
  • alert plugin (keyword alerts across 27 platforms)
  • searx plugin (SearXNG web search)
  • tdns plugin (TCP DNS via SOCKS5 proxy)
  • remind plugin (one-shot, repeating, calendar-based reminders)
  • SOCKS5 proxy transport layer (HTTP, TCP, async connections)
  • Alert backends: YouTube, Twitch, SearXNG, Reddit, Mastodon, DuckDuckGo, Google News, Kick, Dailymotion, PeerTube, Bluesky, Lemmy, Odysee, Archive.org, Hacker News, GitHub, Wikipedia, Stack Exchange, GitLab, npm, PyPI, Docker Hub, arXiv, Lobsters, DEV.to, Medium, Hugging Face
  • Alert result history (SQLite) with short IDs and !alert info
  • OG tag fetching for keyword matching and date enrichment
  • Invite auto-join with persistence
  • Graceful SIGTERM shutdown
  • InnerTube-based YouTube channel resolution for video URLs

v2.0.0 -- Multi-Server + Integrations

  • Multi-server support (per-server config, shared plugins)
  • Stable plugin API (versioned, breaking change policy)
  • Paste overflow (auto-paste long output to FlaskPaste, return link)
  • URL shortener integration (shorten URLs in alerts and long output)
  • Webhook listener (HTTP endpoint for push events to channels)
  • Granular ACLs (per-command permission tiers: trusted, operator, admin)
  • paste plugin (manual paste to FlaskPaste)
  • shorten plugin (manual URL shortening)
  • emailcheck plugin (SMTP VRFY/RCPT TO)
  • canary plugin (canary token generator/tracker)
  • virustotal plugin (hash/URL/IP/domain lookup, free API)
  • abuseipdb plugin (IP abuse confidence scoring, free tier)
  • jwt plugin (decode tokens, show claims/expiry, flag weaknesses)
  • mac plugin (OUI vendor lookup, local IEEE database)
  • pastemoni plugin (monitor paste sites for keywords)
  • cron plugin (scheduled bot commands on a timer)
  • Plugin command unit tests (encode, hash, dns, cidr, defang)
  • CI pipeline
Reference in New Issue View Git Blame Copy Permalink