From 584c9295c28e0d524fafe87bce60b95308112e7d Mon Sep 17 00:00:00 2001 From: Tejas Saubhage Date: Sat, 14 Mar 2026 15:53:40 -0400 Subject: [PATCH 1/4] feat: add web application capability bucket with 9 tools Signed-off-by: Tejas Saubhage --- backend/src/capabilities/registry.ts | 115 +++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) diff --git a/backend/src/capabilities/registry.ts b/backend/src/capabilities/registry.ts index ef10227..1336726 100644 --- a/backend/src/capabilities/registry.ts +++ b/backend/src/capabilities/registry.ts @@ -1203,6 +1203,120 @@ Python: paramiko (SSH), dnspython (DNS), impacket (SMB/Kerberos/LDAP)`, ], }; +const webBucket: CapabilityBucket = { + id: "web", + label: "Web Application", + description: "Web application security testing: scanning, fuzzing, injection, authentication attacks, and API testing.", + promptContext: `Web application capabilities available: +- nikto: nikto -h http://target — web server misconfiguration scanner +- nuclei: nuclei -u http://target — fast template-based vulnerability scanner +- commix: commix --url="http://target/page?cmd=id" — command injection +- xsser: xsser -u "http://target/page?q=XSS" — XSS detection +- jwt_tool: python3 jwt_tool.py -T — JWT attack toolkit +- wapiti: wapiti -u http://target — web vulnerability scanner +- arjun: arjun -u http://target/page — HTTP parameter discovery +Python: requests-html (JS rendering), PyJWT (JWT decode/encode)`, + capabilities: [ + { + name: "nikto", + type: "binary", + bucket: "web", + label: "Nikto", + description: "Web server scanner. Detects dangerous files, outdated software, misconfigurations.", + usageHint: "nikto -h http://target -o output.txt", + installCommand: "apt install -y nikto", + checkCommand: "which nikto", + size: "5 MB", + }, + { + name: "nuclei", + type: "binary", + bucket: "web", + label: "Nuclei", + description: "Fast template-based vulnerability scanner. 9000+ templates for CVEs, misconfigs, exposures.", + usageHint: "nuclei -u http://target -t /root/nuclei-templates", + installCommand: "apt install -y nuclei || go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest", + checkCommand: "which nuclei", + size: "20 MB", + }, + { + name: "commix", + type: "binary", + bucket: "web", + label: "Commix", + description: "Automated command injection exploitation tool.", + usageHint: "commix --url=\"http://target/page?cmd=id\"", + installCommand: "apt install -y commix", + checkCommand: "which commix", + size: "10 MB", + }, + { + name: "xsser", + type: "binary", + bucket: "web", + label: "XSSer", + description: "Automated XSS detection and exploitation framework.", + usageHint: "xsser -u \"http://target/page?q=XSS\"", + installCommand: "pip install xsser", + checkCommand: "which xsser", + size: "5 MB", + }, + { + name: "wapiti", + type: "binary", + bucket: "web", + label: "Wapiti", + description: "Web vulnerability scanner. Detects XSS, SQLi, LFI, RCE, SSRF, XXE.", + usageHint: "wapiti -u http://target -f html -o report.html", + installCommand: "pip install wapiti3", + checkCommand: "which wapiti", + size: "15 MB", + }, + { + name: "arjun", + type: "binary", + bucket: "web", + label: "Arjun", + description: "HTTP parameter discovery. Find hidden GET/POST parameters.", + usageHint: "arjun -u http://target/page", + installCommand: "pip install arjun", + checkCommand: "which arjun", + size: "5 MB", + }, + { + name: "jwt_tool", + type: "binary", + bucket: "web", + label: "jwt_tool", + description: "JWT attack toolkit. Algorithm confusion, none attack, brute-force secret.", + usageHint: "python3 jwt_tool.py -T", + installCommand: "git clone https://github.com/ticarpi/jwt_tool /opt/jwt_tool && pip install -r /opt/jwt_tool/requirements.txt && ln -sf /opt/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool", + checkCommand: "which jwt_tool || test -f /opt/jwt_tool/jwt_tool.py", + size: "5 MB", + }, + { + name: "requests-html", + type: "python_package", + bucket: "web", + label: "requests-html", + description: "HTTP requests with JavaScript rendering support.", + installCommand: "pip install requests-html", + checkCommand: "python3 -c 'import requests_html'", + size: "5 MB", + }, + { + name: "PyJWT", + type: "python_package", + bucket: "web", + label: "PyJWT", + description: "Decode, encode and verify JWT tokens from Python scripts.", + installCommand: "pip install PyJWT", + checkCommand: "python3 -c 'import jwt'", + size: "1 MB", + }, + ], +}; + export const capabilityBuckets: CapabilityBucket[] = [ coreBucket, networkBucket, @@ -1211,6 +1325,7 @@ export const capabilityBuckets: CapabilityBucket[] = [ cryptoBucket, forensicsBucket, stegoBucket, + webBucket, ]; export const allCapabilities: Capability[] = capabilityBuckets.flatMap( From a539c6026bceb9061cad14b4e296d0da523dabd6 Mon Sep 17 00:00:00 2001 From: Tejas Saubhage Date: Sat, 14 Mar 2026 15:58:43 -0400 Subject: [PATCH 2/4] feat: add web bucket icon to capabilities frontend Signed-off-by: Tejas Saubhage --- frontend/src/components/pages/settings/Capabilities.jsx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frontend/src/components/pages/settings/Capabilities.jsx b/frontend/src/components/pages/settings/Capabilities.jsx index 5a1e7f2..85aa5ca 100644 --- a/frontend/src/components/pages/settings/Capabilities.jsx +++ b/frontend/src/components/pages/settings/Capabilities.jsx @@ -30,6 +30,7 @@ import { HiOutlineBeaker, HiOutlinePhoto, HiOutlineCube, + HiOutlineCodeBracket, } from "react-icons/hi2"; import { useMutation, useQuery, useQueryClient } from "react-query"; import { useState, useMemo, useCallback } from "react"; @@ -42,6 +43,7 @@ const BUCKET_ICONS = { crypto: HiOutlineKey, forensics: HiOutlineBeaker, stego: HiOutlinePhoto, + web: HiOutlineCodeBracket, }; const BUCKET_ICON_FALLBACK = HiOutlineCube; From 301a4bedab7b12c5ffeed771ca327fee90104bc6 Mon Sep 17 00:00:00 2001 From: Tejas Saubhage Date: Wed, 18 Mar 2026 06:24:39 -0400 Subject: [PATCH 3/4] fix(vnc): start VNC server on boot and correct noVNC port from 4200 to 9020 Fixes #41 - Add Xvnc startup on DISPLAY=:89 (port 5989) to entrypoint.sh - Add XFCE desktop session startup on DISPLAY=:89 - Add websockify proxy startup (port 9020 -> localhost:5989) - Fix run.sh noVNC URL from port 4200 to 9020 (4200 is shellinabox) --- kali/entrypoint.sh | 22 ++++++++++++++++++++++ run.sh | 4 ++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/kali/entrypoint.sh b/kali/entrypoint.sh index e05a10d..9e12e72 100644 --- a/kali/entrypoint.sh +++ b/kali/entrypoint.sh @@ -24,5 +24,27 @@ if [ -f /etc/openvpn/server.conf ]; then openvpn --config /etc/openvpn/server.conf & fi +# Start VNC server on DISPLAY=:89 (port 5989) +mkdir -p /root/.vnc +# Set a blank VNC password +echo "" | vncpasswd -f > /root/.vnc/passwd +chmod 600 /root/.vnc/passwd +# Start Xvnc with XFCE desktop +Xvnc :89 -geometry 1280x800 -depth 24 -rfbport 5989 -rfbauth /root/.vnc/passwd -nolisten tcp6 & +VNC_PID=$! +sleep 2 +if kill -0 "$VNC_PID" 2>/dev/null; then + echo "Xvnc running on DISPLAY=:89 port 5989 (pid $VNC_PID)" + # Start XFCE desktop session + DISPLAY=:89 startxfce4 & + echo "XFCE started on DISPLAY=:89" +else + echo "WARNING: Xvnc failed to start" >&2 +fi + +# Start websockify to proxy noVNC on port 9020 -> VNC port 5989 +websockify --web /usr/share/novnc/ 9020 localhost:5989 & +echo "websockify running: port 9020 -> localhost:5989" + # Keep the container running wait "$SSHD_PID" diff --git a/run.sh b/run.sh index d32eebe..535e1a8 100755 --- a/run.sh +++ b/run.sh @@ -1060,7 +1060,7 @@ launch() { if [[ "${DEPLOY_MODE:-}" == "kali" ]]; then echo echo -e " ${GREEN}Kali SSH${NC} ssh root@localhost -p 4242" - echo -e " ${GREEN}Kali noVNC${NC} http://localhost:4200" + echo -e " ${GREEN}Kali noVNC${NC} http://localhost:9020" fi echo @@ -1323,7 +1323,7 @@ cmd_status() { echo -e " ${GREEN}Frontend${NC} http://localhost:3000" echo -e " ${GREEN}Backend${NC} http://localhost:8080" echo -e " ${GREEN}Kali SSH${NC} ssh root@localhost -p 4242" - echo -e " ${GREEN}Kali noVNC${NC} http://localhost:4200" + echo -e " ${GREEN}Kali noVNC${NC} http://localhost:9020" echo else section "Quick Access" From e06f28baf8599b54fbb164f524a46710e02648e4 Mon Sep 17 00:00:00 2001 From: Tejas Saubhage Date: Wed, 18 Mar 2026 09:39:33 -0400 Subject: [PATCH 4/4] fix(vnc): add defensive checks for already-running services in entrypoint.sh --- kali/entrypoint.sh | 69 +++++++++++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 22 deletions(-) diff --git a/kali/entrypoint.sh b/kali/entrypoint.sh index 9e12e72..dbcf6b5 100644 --- a/kali/entrypoint.sh +++ b/kali/entrypoint.sh @@ -3,11 +3,10 @@ set -e mkdir -p /var/run/sshd -# Start SSH — use the daemon directly so we get a clean PID and proper error reporting +# Start SSH /usr/sbin/sshd -D & SSHD_PID=$! -# Wait briefly and verify sshd is alive sleep 1 if ! kill -0 "$SSHD_PID" 2>/dev/null; then echo "ERROR: sshd failed to start" >&2 @@ -15,36 +14,62 @@ if ! kill -0 "$SSHD_PID" 2>/dev/null; then fi echo "sshd running (pid $SSHD_PID)" -# Launch shellinabox on port 4200 (no SSL) for browser-based shell access -shellinaboxd --disable-ssl --port 4200 -s "/:LOGIN" & +# Launch shellinabox on port 4200 +if pgrep -x shellinaboxd > /dev/null 2>&1; then + echo "shellinabox already running, skipping" +else + shellinaboxd --disable-ssl --port 4200 -s "/:LOGIN" & + echo "shellinabox started on port 4200" +fi -# If an OpenVPN configuration exists, start the OpenVPN service +# Start OpenVPN if config exists if [ -f /etc/openvpn/server.conf ]; then - echo "Starting OpenVPN server..." - openvpn --config /etc/openvpn/server.conf & + if pgrep -x openvpn > /dev/null 2>&1; then + echo "OpenVPN already running, skipping" + else + echo "Starting OpenVPN server..." + openvpn --config /etc/openvpn/server.conf & + fi fi # Start VNC server on DISPLAY=:89 (port 5989) mkdir -p /root/.vnc -# Set a blank VNC password -echo "" | vncpasswd -f > /root/.vnc/passwd -chmod 600 /root/.vnc/passwd -# Start Xvnc with XFCE desktop -Xvnc :89 -geometry 1280x800 -depth 24 -rfbport 5989 -rfbauth /root/.vnc/passwd -nolisten tcp6 & -VNC_PID=$! -sleep 2 -if kill -0 "$VNC_PID" 2>/dev/null; then - echo "Xvnc running on DISPLAY=:89 port 5989 (pid $VNC_PID)" - # Start XFCE desktop session + +# Set VNC password only if not already set +if [ ! -f /root/.vnc/passwd ]; then + echo "" | vncpasswd -f > /root/.vnc/passwd + chmod 600 /root/.vnc/passwd +fi + +# Check if DISPLAY :89 is already in use +if [ -S /tmp/.X11-unix/X89 ] || pgrep -f "Xvnc :89" > /dev/null 2>&1; then + echo "Xvnc already running on DISPLAY=:89, skipping" +else + Xvnc :89 -geometry 1280x800 -depth 24 -rfbport 5989 -rfbauth /root/.vnc/passwd -nolisten tcp6 & + VNC_PID=$! + sleep 2 + if kill -0 "$VNC_PID" 2>/dev/null; then + echo "Xvnc running on DISPLAY=:89 port 5989 (pid $VNC_PID)" + else + echo "WARNING: Xvnc failed to start" >&2 + fi +fi + +# Start XFCE if not already running +if pgrep -f "startxfce4" > /dev/null 2>&1; then + echo "XFCE already running, skipping" +elif DISPLAY=:89 xdpyinfo > /dev/null 2>&1; then DISPLAY=:89 startxfce4 & echo "XFCE started on DISPLAY=:89" -else - echo "WARNING: Xvnc failed to start" >&2 fi -# Start websockify to proxy noVNC on port 9020 -> VNC port 5989 -websockify --web /usr/share/novnc/ 9020 localhost:5989 & -echo "websockify running: port 9020 -> localhost:5989" +# Start websockify on port 9020 -> 5989 +if pgrep -f "websockify.*9020" > /dev/null 2>&1; then + echo "websockify already running on port 9020, skipping" +else + websockify --web /usr/share/novnc/ 9020 localhost:5989 & + echo "websockify running: port 9020 -> localhost:5989" +fi # Keep the container running wait "$SSHD_PID"