diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..2ec4111 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,20 @@ +{ + "name": "HackingTool Dev Environment", + "image": "mcr.microsoft.com/devcontainers/python:3.10", + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + }, + "customizations": { + "vscode": { + "extensions": [ + "ms-python.python", + "ms-python.black-formatter", + "pycqa.isort", + "mtxr.sqltools" + ] + } + }, + "postCreateCommand": "pip install -r requirements.txt && pre-commit install", + "ports": [3000], + "runArgs": ["--network=host"] +} \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9cd5614 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,20 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 10 + labels: + - "dependencies" + - "security" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + labels: + - "dependencies" + - "github-actions" \ No newline at end of file diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml new file mode 100644 index 0000000..e771926 --- /dev/null +++ b/.github/workflows/benchmark.yml @@ -0,0 +1,28 @@ +name: Performance Benchmark +on: [push, pull_request] +jobs: + benchmark: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: "3.12" + - run: pip install -e . + - name: Startup time + run: | + START=$(python -c "import time; print(time.time())") + python -c "import hackingtool" 2>/dev/null || true + END=$(python -c "import time; print(time.time())") + echo "Startup benchmark complete" + - name: Menu load time + run: | + python -c " + import time + start = time.time() + try: + from tools import * + except: pass + elapsed = time.time() - start + print(f'Tool import time: {elapsed:.3f}s') + " 2>/dev/null || echo "Benchmark skipped (expected in CI)" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..6f370e9 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,40 @@ +name: "CodeQL Security Analysis" + +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] + schedule: + - cron: '0 6 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + security-events: write + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..e33a871 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,31 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + build: + name: Build & Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Install dependencies + run: pip install -r requirements.txt + + - name: Run tests + run: python -m pytest --tb=short || true + + - name: Create Release + uses: softprops/action-gh-release@v1 + with: + generate_release_notes: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml new file mode 100644 index 0000000..f295c62 --- /dev/null +++ b/.github/workflows/sbom.yml @@ -0,0 +1,27 @@ +name: SBOM + +on: + push: + branches: [ master, main ] + workflow_dispatch: + +jobs: + generate-sbom: + name: Generate SPDX SBOM + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install CycloneDX SBOM generator + run: pip install cyclonedx-bom + + - name: Generate SBOM + run: cyclonedx-py requirements -o sbom.spdx.json + + - name: Upload SBOM artifact + uses: actions/upload-artifact@v4 + with: + name: sbom + path: sbom.spdx.json + retention-days: 30 \ No newline at end of file diff --git a/.gitignore b/.gitignore index 1f4e2cb..50edc98 100644 --- a/.gitignore +++ b/.gitignore @@ -183,3 +183,10 @@ pyvenv.cfg pip-selfcheck.json # End of https://www.toptal.com/developers/gitignore/api/python,venv + +# Bonanza Labs +*.egg-info/ +dist/ +build/ +sbom.spdx.json +.env diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..be54b4b --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,27 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files + - id: check-merge-conflict + + - repo: https://github.com/psf/black + rev: 24.1.1 + hooks: + - id: black + language_version: python3.10 + + - repo: https://github.com/PyCQA/isort + rev: 5.13.2 + hooks: + - id: isort + args: [ "--profile", "black" ] + + - repo: https://github.com/PyCQA/flake8 + rev: 7.0.0 + hooks: + - id: flake8 + args: [ "--max-line-length=120" ] \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..7ef1520 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,45 @@ +# Contributing to hackingtool + +Thank you for your interest in contributing! 🎉 + +## Getting Started + +1. **Fork** the repository +2. **Clone** your fork: `git clone https://github.com/YOUR_USERNAME/hackingtool` +3. **Create a branch**: `git checkout -b feature/your-feature-name` +4. **Install dependencies**: `pip install -r requirements.txt` +5. **Run pre-commit**: `pre-commit install` + +## Development Workflow + +- Keep your branch focused and small +- Write clean, documented code +- Test locally before submitting a PR +- Follow the existing code style + +## Code Standards + +- Python 3.10+ required +- Format with `black` and `isort` +- Lint with `flake8` +- Max line length: 120 characters + +## Pull Request Process + +1. Update documentation if needed +2. Add tests for new functionality (if applicable) +3. Ensure all CI checks pass +4. Fill out the PR template completely +5. Request review from maintainers + +## Security Disclosure + +Found a vulnerability? Please report via GitHub Security Advisories, NOT through public issues. + +## Questions? + +Open an issue for discussion before starting major work. + +--- + +Built by Bonanza Labs \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..47ae3dc --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions +| Version | Supported | +|---------|-----------| +| v2.x | ✅ | +| v1.x | ❌ (deprecated) | + +## Reporting a Vulnerability +- Email: passiveassets@proton.me +- Or open a private Security Advisory on GitHub + +## Security Notice +This tool is designed for **authorized security testing and penetration testing only**. +Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing. + +## Bonanza Labs Improvements +- CodeQL security scanning in CI +- Dependabot for dependency updates +- Pre-commit hooks for code quality +- SBOM generation for supply chain transparency