fix(vnc): start VNC server on boot and correct noVNC port from 4200 to 9020

backend/src/capabilities/registry.ts

@@ -1203,6 +1203,120 @@ Python: paramiko (SSH), dnspython (DNS), impacket (SMB/Kerberos/LDAP)`,
   ],
 };
 
+const webBucket: CapabilityBucket = {
+  id: "web",
+  label: "Web Application",
+  description: "Web application security testing: scanning, fuzzing, injection, authentication attacks, and API testing.",
+  promptContext: `Web application capabilities available:
+- nikto: nikto -h http://target — web server misconfiguration scanner
+- nuclei: nuclei -u http://target — fast template-based vulnerability scanner
+- commix: commix --url="http://target/page?cmd=id" — command injection
+- xsser: xsser -u "http://target/page?q=XSS" — XSS detection
+- jwt_tool: python3 jwt_tool.py <token> -T — JWT attack toolkit
+- wapiti: wapiti -u http://target — web vulnerability scanner
+- arjun: arjun -u http://target/page — HTTP parameter discovery
+Python: requests-html (JS rendering), PyJWT (JWT decode/encode)`,
+  capabilities: [
+    {
+      name: "nikto",
+      type: "binary",
+      bucket: "web",
+      label: "Nikto",
+      description: "Web server scanner. Detects dangerous files, outdated software, misconfigurations.",
+      usageHint: "nikto -h http://target -o output.txt",
+      installCommand: "apt install -y nikto",
+      checkCommand: "which nikto",
+      size: "5 MB",
+    },
+    {
+      name: "nuclei",
+      type: "binary",
+      bucket: "web",
+      label: "Nuclei",
+      description: "Fast template-based vulnerability scanner. 9000+ templates for CVEs, misconfigs, exposures.",
+      usageHint: "nuclei -u http://target -t /root/nuclei-templates",
+      installCommand: "apt install -y nuclei || go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest",
+      checkCommand: "which nuclei",
+      size: "20 MB",
+    },
+    {
+      name: "commix",
+      type: "binary",
+      bucket: "web",
+      label: "Commix",
+      description: "Automated command injection exploitation tool.",
+      usageHint: "commix --url=\"http://target/page?cmd=id\"",
+      installCommand: "apt install -y commix",
+      checkCommand: "which commix",
+      size: "10 MB",
+    },
+    {
+      name: "xsser",
+      type: "binary",
+      bucket: "web",
+      label: "XSSer",
+      description: "Automated XSS detection and exploitation framework.",
+      usageHint: "xsser -u \"http://target/page?q=XSS\"",
+      installCommand: "pip install xsser",
+      checkCommand: "which xsser",
+      size: "5 MB",
+    },
+    {
+      name: "wapiti",
+      type: "binary",
+      bucket: "web",
+      label: "Wapiti",
+      description: "Web vulnerability scanner. Detects XSS, SQLi, LFI, RCE, SSRF, XXE.",
+      usageHint: "wapiti -u http://target -f html -o report.html",
+      installCommand: "pip install wapiti3",
+      checkCommand: "which wapiti",
+      size: "15 MB",
+    },
+    {
+      name: "arjun",
+      type: "binary",
+      bucket: "web",
+      label: "Arjun",
+      description: "HTTP parameter discovery. Find hidden GET/POST parameters.",
+      usageHint: "arjun -u http://target/page",
+      installCommand: "pip install arjun",
+      checkCommand: "which arjun",
+      size: "5 MB",
+    },
+    {
+      name: "jwt_tool",
+      type: "binary",
+      bucket: "web",
+      label: "jwt_tool",
+      description: "JWT attack toolkit. Algorithm confusion, none attack, brute-force secret.",
+      usageHint: "python3 jwt_tool.py <token> -T",
+      installCommand: "git clone https://github.com/ticarpi/jwt_tool /opt/jwt_tool && pip install -r /opt/jwt_tool/requirements.txt && ln -sf /opt/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool",
+      checkCommand: "which jwt_tool || test -f /opt/jwt_tool/jwt_tool.py",
+      size: "5 MB",
+    },
+    {
+      name: "requests-html",
+      type: "python_package",
+      bucket: "web",
+      label: "requests-html",
+      description: "HTTP requests with JavaScript rendering support.",
+      installCommand: "pip install requests-html",
+      checkCommand: "python3 -c 'import requests_html'",
+      size: "5 MB",
+    },
+    {
+      name: "PyJWT",
+      type: "python_package",
+      bucket: "web",
+      label: "PyJWT",
+      description: "Decode, encode and verify JWT tokens from Python scripts.",
+      installCommand: "pip install PyJWT",
+      checkCommand: "python3 -c 'import jwt'",
+      size: "1 MB",
+    },
+  ],
+};
+
 export const capabilityBuckets: CapabilityBucket[] = [
   coreBucket,
   networkBucket,
@@ -1211,6 +1325,7 @@ export const capabilityBuckets: CapabilityBucket[] = [
   cryptoBucket,
   forensicsBucket,
   stegoBucket,
+  webBucket,
 ];
 
 export const allCapabilities: Capability[] = capabilityBuckets.flatMap(

frontend/src/components/pages/settings/Capabilities.jsx

@@ -30,6 +30,7 @@ import {
   HiOutlineBeaker,
   HiOutlinePhoto,
   HiOutlineCube,
+  HiOutlineCodeBracket,
 } from "react-icons/hi2";
 import { useMutation, useQuery, useQueryClient } from "react-query";
 import { useState, useMemo, useCallback } from "react";
@@ -42,6 +43,7 @@ const BUCKET_ICONS = {
   crypto: HiOutlineKey,
   forensics: HiOutlineBeaker,
   stego: HiOutlinePhoto,
+  web: HiOutlineCodeBracket,
 };
 const BUCKET_ICON_FALLBACK = HiOutlineCube;
 

kali/entrypoint.sh

@@ -3,25 +3,72 @@ set -e
 
 mkdir -p /var/run/sshd
 
-# Start SSH — use the daemon directly so we get a clean PID and proper error reporting
+# Start SSH
 /usr/sbin/sshd -D &
 SSHD_PID=$!
 
-# Wait briefly and verify sshd is alive
 sleep 1
 if ! kill -0 "$SSHD_PID" 2>/dev/null; then
     echo "ERROR: sshd failed to start" >&2
     exit 1
 fi
 echo "sshd running (pid $SSHD_PID)"
 
-# Launch shellinabox on port 4200 (no SSL) for browser-based shell access
-shellinaboxd --disable-ssl --port 4200 -s "/:LOGIN" &
+# Launch shellinabox on port 4200
+if pgrep -x shellinaboxd > /dev/null 2>&1; then
+    echo "shellinabox already running, skipping"
+else
+    shellinaboxd --disable-ssl --port 4200 -s "/:LOGIN" &
+    echo "shellinabox started on port 4200"
+fi
 
-# If an OpenVPN configuration exists, start the OpenVPN service
+# Start OpenVPN if config exists
 if [ -f /etc/openvpn/server.conf ]; then
-    echo "Starting OpenVPN server..."
-    openvpn --config /etc/openvpn/server.conf &
+    if pgrep -x openvpn > /dev/null 2>&1; then
+        echo "OpenVPN already running, skipping"
+    else
+        echo "Starting OpenVPN server..."
+        openvpn --config /etc/openvpn/server.conf &
+    fi
+fi
+
+# Start VNC server on DISPLAY=:89 (port 5989)
+mkdir -p /root/.vnc
+
+# Set VNC password only if not already set
+if [ ! -f /root/.vnc/passwd ]; then
+    echo "" | vncpasswd -f > /root/.vnc/passwd
+    chmod 600 /root/.vnc/passwd
+fi
+
+# Check if DISPLAY :89 is already in use
+if [ -S /tmp/.X11-unix/X89 ] || pgrep -f "Xvnc :89" > /dev/null 2>&1; then
+    echo "Xvnc already running on DISPLAY=:89, skipping"
+else
+    Xvnc :89 -geometry 1280x800 -depth 24 -rfbport 5989 -rfbauth /root/.vnc/passwd -nolisten tcp6 &
+    VNC_PID=$!
+    sleep 2
+    if kill -0 "$VNC_PID" 2>/dev/null; then
+        echo "Xvnc running on DISPLAY=:89 port 5989 (pid $VNC_PID)"
+    else
+        echo "WARNING: Xvnc failed to start" >&2
+    fi
+fi
+
+# Start XFCE if not already running
+if pgrep -f "startxfce4" > /dev/null 2>&1; then
+    echo "XFCE already running, skipping"
+elif DISPLAY=:89 xdpyinfo > /dev/null 2>&1; then
+    DISPLAY=:89 startxfce4 &
+    echo "XFCE started on DISPLAY=:89"
+fi
+
+# Start websockify on port 9020 -> 5989
+if pgrep -f "websockify.*9020" > /dev/null 2>&1; then
+    echo "websockify already running on port 9020, skipping"
+else
+    websockify --web /usr/share/novnc/ 9020 localhost:5989 &
+    echo "websockify running: port 9020 -> localhost:5989"
 fi
 
 # Keep the container running

run.sh

@@ -1060,7 +1060,7 @@ launch() {
     if [[ "${DEPLOY_MODE:-}" == "kali" ]]; then
         echo
         echo -e "   ${GREEN}Kali SSH${NC}   ssh root@localhost -p 4242"
-        echo -e "   ${GREEN}Kali noVNC${NC} http://localhost:4200"
+        echo -e "   ${GREEN}Kali noVNC${NC} http://localhost:9020"
     fi
 
     echo
@@ -1323,7 +1323,7 @@ cmd_status() {
         echo -e "   ${GREEN}Frontend${NC}   http://localhost:3000"
         echo -e "   ${GREEN}Backend${NC}    http://localhost:8080"
         echo -e "   ${GREEN}Kali SSH${NC}   ssh root@localhost -p 4242"
-        echo -e "   ${GREEN}Kali noVNC${NC} http://localhost:4200"
+        echo -e "   ${GREEN}Kali noVNC${NC} http://localhost:9020"
         echo
     else
         section "Quick Access"