anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

modified: DEVELOPMENT roadmap. one step closer to v1

Browse Source
This commit is contained in:
anti
2026-04-16 11:39:07 -04:00
parent 49f3002c94
commit c1d8102253
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
development/DEVELOPMENT.md
View File

@@ -4,33 +4,33 @@
*Goal: Ensure every service is interactive enough to feel real during manual exploration.* *Goal: Ensure every service is interactive enough to feel real during manual exploration.*
### Remote Access & Shells ### Remote Access & Shells
- [ ] **SSH (Cowrie)** — Custom filesystem, realistic user database, and command execution. - [~] **SSH (Cowrie)** — Custom filesystem, realistic user database, and command execution: DELETED! Will use real OpenSSH for the highest interaction possible.
- [ ] **Telnet (Cowrie)** — Realistic banner and command emulation. - [~] **Telnet (Cowrie)** — Realistic banner and command emulation: DELETED! Will use Busybox Telnetd for the same reasons as above.
- [ ] **RDP** — Realistic NLA authentication and screen capture (where possible). - [x] **RDP** — Realistic NLA authentication and screen capture (where possible).
- [ ] **VNC** — Realistic RFB protocol handshake and authentication. - [ ] **VNC** — Realistic RFB protocol handshake and authentication.
- [x] **Real SSH** — High-interaction sshd with shell logging. - [x] **Real SSH** — High-interaction sshd with shell logging.
### Databases ### Databases
- [ ] **MySQL** — Support for common SQL queries and realistic schema. - [x] **MySQL** — Support for common SQL queries and realistic schema.
- [ ] **Postgres** — Realistic version strings and basic query support. - [ ] **Postgres** — Realistic version strings and basic query support.
- [ ] **MSSQL** — Realistic TDS protocol handshake. - [x] **MSSQL** — Realistic TDS protocol handshake.
- [ ] **MongoDB** — Support for common Mongo wire protocol commands. - [x] **MongoDB** — Support for common Mongo wire protocol commands.
- [x] **Redis** — Support for basic GET/SET/INFO commands. - [x] **Redis** — Support for basic GET/SET/INFO commands.
- [ ] **Elasticsearch** — Realistic REST API responses for `/_cluster/health` etc. - [x] **Elasticsearch** — Realistic REST API responses for `/_cluster/health` etc.
### Web & APIs ### Web & APIs
- [x] **HTTP** — Flexible templates (WordPress, phpMyAdmin, etc.) with logging. - [x] **HTTP** — Flexible templates (WordPress, phpMyAdmin, etc.) with logging.
- [ ] **Docker API** — Realistic responses for `docker version` and `docker ps`. - [x] **Docker API** — Realistic responses for `docker version` and `docker ps`.
- [ ] **Kubernetes (K8s)** — Mocked kubectl responses and basic API exploration. - [x] **Kubernetes (K8s)** — Mocked kubectl responses and basic API exploration.
- [x] **LLMNR** — Realistic local name resolution responses via responder-style emulation. - [x] **LLMNR** — Realistic local name resolution responses via responder-style emulation.
### File Transfer & Storage ### File Transfer & Storage
- [ ] **SMB** — Realistic share discovery and basic file browsing. - [x] **SMB** — Realistic share discovery and basic file browsing.
- [x] **FTP** — Support for common FTP commands and directory listing. - [x] **FTP** — Support for common FTP commands and directory listing.
- [ ] **TFTP** — Basic block-based file transfer emulation. - [x] **TFTP** — Basic block-based file transfer emulation.
### Directory & Mail ### Directory & Mail
- [ ] **LDAP** — Basic directory search and authentication responses. - [x] **LDAP** — Basic directory search and authentication responses.
- [x] **SMTP** — Mail server banners and basic EHLO/MAIL FROM support. - [x] **SMTP** — Mail server banners and basic EHLO/MAIL FROM support.
- [x] **IMAP** — Realistic mail folder structure and auth. - [x] **IMAP** — Realistic mail folder structure and auth.
- [x] **POP3** — Basic mail retrieval protocol emulation. - [x] **POP3** — Basic mail retrieval protocol emulation.
@@ -38,7 +38,7 @@
### Industrial & IoT (ICS) ### Industrial & IoT (ICS)
- [x] **MQTT** — Basic topic subscription and publishing support. - [x] **MQTT** — Basic topic subscription and publishing support.
- [x] **SNMP** — Realistic MIB responses for common OIDs. - [x] **SNMP** — Realistic MIB responses for common OIDs.
- [ ] **SIP** — Basic VoIP protocol handshake and registration. - [x] **SIP** — Basic VoIP protocol handshake and registration.
- [x] **Conpot** — SCADA/ICS protocol emulation (Modbus, etc.). - [x] **Conpot** — SCADA/ICS protocol emulation (Modbus, etc.).
--- ---
@@ -96,12 +96,12 @@
- [x] **Certificate details** — CN, SANs, issuer, validity period, self-signed flag (attacker-run servers) - [x] **Certificate details** — CN, SANs, issuer, validity period, self-signed flag (attacker-run servers)
### Timing & Behavioral ### Timing & Behavioral
- [ ] **Inter-packet arrival times** — OS TCP stack fingerprint + beaconing interval detection - [x] **Inter-packet arrival times** — OS TCP stack fingerprint + beaconing interval detection
- [ ] **TTL values** — Rough OS / hop-distance inference - [ ] **TTL values** — Rough OS / hop-distance inference
- [ ] **TCP window size & scaling** — p0f-style OS fingerprinting - [ ] **TCP window size & scaling** — p0f-style OS fingerprinting
- [ ] **Retransmission patterns** — Identify lossy paths / throttled connections - [ ] **Retransmission patterns** — Identify lossy paths / throttled connections
- [ ] **Beacon jitter variance** — Attribute tooling: Cobalt Strike vs. Sliver vs. Havoc have distinct profiles - [ ] **Beacon jitter variance** — Attribute tooling: Cobalt Strike vs. Sliver vs. Havoc have distinct profiles
- [ ] **C2 check-in cadence** — Detect beaconing vs. interactive sessions - [x] **C2 check-in cadence** — Detect beaconing vs. interactive sessions
- [ ] **Data exfil timing** — Behavioral sequencing relative to recon phase - [ ] **Data exfil timing** — Behavioral sequencing relative to recon phase
### Protocol Fingerprinting ### Protocol Fingerprinting