# RTExit Kali Linux — Full Red Team Environment
# All tools referenced in 167 RTExit skills pre-installed
# Usage: docker build -t rtexit/kali . && docker run -it rtexit/kali
# Or:    docker run -it ghcr.io/exit-code-eg/rtexit-kali:latest

FROM kalilinux/kali-rolling

LABEL maintainer="RTExit <https://github.com/exit-code-eg/RTExit>"
LABEL description="RTExit Kali — Complete Red Team Environment (189 skills)"
LABEL version="3.1.0"

ENV DEBIAN_FRONTEND=noninteractive
ENV TERM=xterm-256color
ENV RTEXIT_HOME=/opt/rtexit

# Block broken mirrors + force reliable mirror
RUN printf 'deb http://mirrors.ocf.berkeley.edu/kali kali-rolling main contrib non-free non-free-firmware\n' \
    > /etc/apt/sources.list

# Configure apt retries
RUN printf 'Acquire::Retries "3";\nAcquire::http::Timeout "20";\n' \
    > /etc/apt/apt.conf.d/99-rtexit

# ─────────────────────────────────────────────
# System Update (split into chunks for reliable caching)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get upgrade -y && apt-get clean

# Install all tools — --fix-missing continues even if a mirror is down
RUN apt-get install -y --no-install-recommends --fix-missing \
    curl wget git vim nano tmux screen \
    file xxd hexedit zip unzip p7zip-full tar jq \
    build-essential python3 python3-pip python3-venv \
    libssl-dev libffi-dev libpcap-dev \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
    golang-go nodejs npm default-jdk ruby ruby-dev \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
    nmap ncat netcat-openbsd tcpdump tshark \
    net-tools iproute2 iputils-ping bind9-dnsutils \
    socat proxychains4 openvpn \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
    hashcat john hydra cewl crunch \
    sqlmap nikto wfuzz dirb whatweb \
    masscan aircrack-ng wireless-tools rfkill \
    smbclient ldap-utils \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
    steghide exiftool gdb radare2 ltrace strace \
    iodine hping3 dsniff macchanger \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
    responder bettercap sipvicious apache2 nginx php php-curl \
    2>/dev/null; apt-get clean && rm -rf /var/lib/apt/lists/* ; true

# ─────────────────────────────────────────────
# Python Environment
# ─────────────────────────────────────────────
RUN python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel --break-system-packages 2>/dev/null || \
    pip3 install --no-cache-dir --break-system-packages --upgrade pip setuptools wheel --break-system-packages 2>/dev/null || true

# ─────────────────────────────────────────────
# Recon & OSINT Tools
# (rt-osint, rt-subdomain-enum, rt-active-recon, rt-shodan-recon, rt-js-analysis)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    amass subfinder \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN pip3 install --no-cache-dir --break-system-packages \
    theHarvester shodan censys trufflehog stegoveritas

# recon-ng from source (not on PyPI)
RUN git clone https://github.com/lanmaster53/recon-ng /opt/recon-ng 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/recon-ng/REQUIREMENTS 2>/dev/null; \
    ln -sf /opt/recon-ng/recon-ng /usr/local/bin/recon-ng 2>/dev/null; true

# httpx, nuclei, subfinder, naabu, katana via Go
# Go tools — each separate so one failure doesn't stop others
RUN go install github.com/projectdiscovery/httpx/cmd/httpx@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/katana/cmd/katana@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest 2>/dev/null || true
RUN go install github.com/hakluke/hakrawler@latest 2>/dev/null || true
RUN go install github.com/tomnomnom/waybackurls@latest 2>/dev/null || true
RUN go install github.com/lc/gau/v2/cmd/gau@latest 2>/dev/null || true
RUN go install github.com/ffuf/ffuf/v2@latest 2>/dev/null || true
RUN go install github.com/OJ/gobuster/v3@latest 2>/dev/null || true
RUN go install github.com/ropnop/kerbrute@latest 2>/dev/null || true
RUN go install github.com/hahwul/dalfox/v2@latest 2>/dev/null || true
RUN go install github.com/LukaSikic/subzy@latest 2>/dev/null || true

# gitleaks
RUN curl -sSfL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz | \
    tar xz -C /usr/local/bin && chmod +x /usr/local/bin/gitleaks || true

# Nuclei templates
RUN nuclei -update-templates -update-template-dir /opt/nuclei-templates 2>/dev/null || true

# sherlock
RUN pip3 install --no-cache-dir --break-system-packages sherlock-project 2>/dev/null || true

# ─────────────────────────────────────────────
# Web Application Tools
# (rt-exploit-web, rt-exploit-injection, rt-exploit-xss, rt-exploit-ssrf,
#  rt-exploit-auth, rt-exploit-file-upload, rt-exploit-api, rt-exploit-jwt,
#  rt-request-smuggling, rt-cache-attacks, rt-xxe, rt-path-traversal)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    sqlmap \
    nikto \
    wfuzz \
    dirb \
    whatweb \
    wafw00f \
    testssl.sh \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN pip3 install --no-cache-dir --break-system-packages \
    mitmproxy impacket requests pwntools \
    PyJWT python-jose \
    grpcio grpcio-tools websocket-client scapy stegano

RUN pip3 install --no-cache-dir --break-system-packages blackboxprotobuf 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages padding-oracle-attacker 2>/dev/null || true

# padbuster from source (not on PyPI)
RUN git clone https://github.com/AonCyberLabs/PadBuster /opt/PadBuster 2>/dev/null && \
    chmod +x /opt/PadBuster/padBuster.pl 2>/dev/null && \
    ln -sf /opt/PadBuster/padBuster.pl /usr/local/bin/padbuster 2>/dev/null || true

# jwt_tool
RUN git clone https://github.com/ticarpi/jwt_tool /opt/jwt_tool 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/jwt_tool/requirements.txt 2>/dev/null; \
    ln -sf /opt/jwt_tool/jwt_tool.py /usr/local/bin/jwt_tool 2>/dev/null; \
    chmod +x /opt/jwt_tool/jwt_tool.py 2>/dev/null; true

# smuggler (HTTP Request Smuggling)
RUN git clone https://github.com/defparam/smuggler /opt/smuggler && \
    chmod +x /opt/smuggler/smuggler.py && \
    ln -s /opt/smuggler/smuggler.py /usr/local/bin/smuggler

# Param Miner / arjun (hidden parameter discovery)
RUN pip3 install --no-cache-dir --break-system-packages arjun 2>/dev/null || true

# kxss (XSS scanning)
RUN go install github.com/tomnomnom/qsreplace@latest 2>/dev/null || true
RUN go install github.com/Emoe/kxss@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/cloudlist/cmd/cloudlist@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/mapcidr/cmd/mapcidr@latest 2>/dev/null || true
RUN go install github.com/projectdiscovery/chaos-client/cmd/chaos@latest 2>/dev/null || true

# x8 — better hidden parameter discovery
RUN go install github.com/Sh1Yo/x8@latest 2>/dev/null || true

# LinkFinder (JS analysis)
RUN git clone https://github.com/GerbenJavado/LinkFinder /opt/LinkFinder 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/LinkFinder/requirements.txt 2>/dev/null; \
    ln -sf /opt/LinkFinder/linkfinder.py /usr/local/bin/linkfinder 2>/dev/null; true

# Burp Suite Community (headless)
RUN curl -L "https://portswigger.net/burp/releases/download?product=community&type=jar" \
    -o /opt/burpsuite.jar 2>/dev/null || true

# grpcurl
RUN go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest

# ─────────────────────────────────────────────
# Password & Credential Tools
# (rt-password-spray, rt-wordlist-generation, rt-lsass-dumping, rt-credential-access)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    hashcat \
    john \
    hydra \
    medusa \
    cewl \
    crunch \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# pypykatz (LSASS parsing on Linux)
RUN pip3 install --no-cache-dir --break-system-packages pypykatz 2>/dev/null || true

# CUPP (password profiling)
RUN git clone https://github.com/Mebus/cupp /opt/cupp && \
    ln -s /opt/cupp/cupp.py /usr/local/bin/cupp && \
    chmod +x /opt/cupp/cupp.py

# SecLists
RUN git clone --depth 1 https://github.com/danielmiessler/SecLists /opt/SecLists

# kwprocessor (keyboard walks)
RUN go install github.com/hashcat/kwprocessor@latest 2>/dev/null || \
    git clone https://github.com/hashcat/kwprocessor /opt/kwprocessor

# ─────────────────────────────────────────────
# Active Directory Tools
# (rt-exploit-active-directory, rt-exploit-adcs, rt-lateral-movement,
#  rt-privilege-escalation, rt-persistence, rt-adfs)
# ─────────────────────────────────────────────
# AD tools — installed separately to avoid dependency conflicts
RUN pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages bloodhound 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages ldap3 pyOpenSSL 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages certipy-ad 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages pywhisker 2>/dev/null || true

# netexec (crackmapexec successor)
RUN pip3 install --no-cache-dir --break-system-packages netexec 2>/dev/null || true

# evil-winrm
RUN gem install evil-winrm 2>/dev/null || true

# BloodHound Python ingestor
RUN pip3 install --no-cache-dir --break-system-packages bloodhound 2>/dev/null || true

# Kerbrute (already installed via Go)

# bloodyAD
RUN pip3 install --no-cache-dir --break-system-packages bloodyAD 2>/dev/null || true

# PKINITtools
RUN git clone https://github.com/dirkjanm/PKINITtools /opt/PKINITtools && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/PKINITtools/requirements.txt 2>/dev/null || true

# PetitPotam
RUN git clone https://github.com/topotam/PetitPotam /opt/PetitPotam

# ─────────────────────────────────────────────
# Cloud Tools
# (rt-exploit-cloud-aws, rt-exploit-cloud-azure, rt-exploit-cloud-gcp,
#  rt-kubernetes, rt-serverless, rt-exploit-containers)
# ─────────────────────────────────────────────
# AWS CLI
RUN pip3 install --no-cache-dir --break-system-packages awscli boto3 2>/dev/null || true

# Azure CLI
RUN pip3 install --no-cache-dir --break-system-packages azure-cli 2>/dev/null || \
    curl -sL https://aka.ms/InstallAzureCLIDeb | bash 2>/dev/null || true

# GCP CLI
RUN pip3 install --no-cache-dir --break-system-packages google-cloud-storage google-auth 2>/dev/null || true

# Pacu (AWS exploitation)
RUN git clone https://github.com/RhinoSecurityLabs/pacu /opt/pacu 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages \
    $(ls /opt/pacu/requirements*.txt 2>/dev/null | head -1 | xargs -I{} echo "-r {}") \
    2>/dev/null; \
    pip3 install --no-cache-dir --break-system-packages pacu 2>/dev/null; \
    ln -sf /opt/pacu/cli.py /usr/local/bin/pacu 2>/dev/null; true

# ScoutSuite (multi-cloud)
RUN pip3 install --no-cache-dir --break-system-packages scoutsuite 2>/dev/null || true

# CloudFox
RUN go install github.com/BishopFox/cloudfox@latest 2>/dev/null || true

# kubectl
RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
    install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl && \
    rm kubectl

# kube-hunter
RUN pip3 install --no-cache-dir --break-system-packages kube-hunter 2>/dev/null || true

# ─────────────────────────────────────────────
# Post-Exploitation & C2 Tools
# (rt-post-exploitation, rt-c2-operations, rt-defense-evasion,
#  rt-lateral-movement, rt-persistence, rt-data-exfiltration)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    metasploit-framework \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Sliver C2
RUN curl https://sliver.sh/install | sudo bash 2>/dev/null || \
    go install github.com/BishopFox/sliver/client/cmd/sliver-client@latest 2>/dev/null || true

# Chisel (TCP tunneling)
RUN go install github.com/jpillora/chisel@latest

# Ligolo-ng (Layer 3 tunneling)
RUN go install github.com/nicocha30/ligolo-ng/cmd/proxy@latest 2>/dev/null || true
RUN go install github.com/nicocha30/ligolo-ng/cmd/agent@latest 2>/dev/null || true

# iodine (DNS tunneling)
RUN apt-get update && apt-get install -y --no-install-recommends iodine && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

# dnscat2
RUN git clone https://github.com/iagox86/dnscat2 /opt/dnscat2 && \
    cd /opt/dnscat2/client && make 2>/dev/null || true

# ─────────────────────────────────────────────
# Network & Protocol Tools
# (rt-network-segmentation, rt-ssl-mitm, rt-traffic-analysis, rt-exploit-wireless)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    responder \
    bettercap \
    ettercap-text-only \
    dsniff \
    sslstrip \
    hping3 \
    yersinia \
    proxychains4 \
    ptunnel-ng \
    socat \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# zeek (traffic analysis)
RUN apt-get update && apt-get install -y --no-install-recommends zeek 2>/dev/null || true && \
    apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# PCredz (credential extraction from pcap)
RUN git clone https://github.com/lgandx/PCredz /opt/PCredz && \
    pip3 install --no-cache-dir --break-system-packages Cython 2>/dev/null || true

# ─────────────────────────────────────────────
# Social Engineering & Phishing
# (rt-social-engineering, rt-exploit-phishing)
# ─────────────────────────────────────────────
# GoPhish
RUN wget -q "https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip" \
    -O /tmp/gophish.zip 2>/dev/null && \
    unzip -q /tmp/gophish.zip -d /opt/gophish 2>/dev/null && \
    chmod +x /opt/gophish/gophish 2>/dev/null && \
    ln -s /opt/gophish/gophish /usr/local/bin/gophish 2>/dev/null && \
    rm /tmp/gophish.zip 2>/dev/null || true

# SET (Social Engineering Toolkit)
RUN git clone https://github.com/trustedsec/social-engineer-toolkit /opt/setoolkit && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/setoolkit/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Deserialization Tools
# (rt-deserialization)
# ─────────────────────────────────────────────
# ysoserial
RUN mkdir -p /opt/ysoserial && \
    wget -q "https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar" \
    -O /opt/ysoserial/ysoserial.jar && \
    echo '#!/bin/bash\njava -jar /opt/ysoserial/ysoserial.jar "$@"' > /usr/local/bin/ysoserial && \
    chmod +x /usr/local/bin/ysoserial

# phpggc
RUN git clone https://github.com/ambionics/phpggc /opt/phpggc && \
    ln -s /opt/phpggc/phpggc /usr/local/bin/phpggc && \
    chmod +x /opt/phpggc/phpggc

# ─────────────────────────────────────────────
# Binary Analysis & Reverse Engineering
# (rt-binary-reverse-engineering)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    gdb \
    radare2 \
    ltrace strace \
    binutils \
    patchelf \
    nasm \
    ghidra 2>/dev/null || true \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# Ghidra (if not in apt)
RUN if ! command -v ghidra &>/dev/null; then \
    wget -q "https://github.com/NationalSecurityAgency/ghidra/releases/latest/download/ghidra_11.1_PUBLIC_20240607.zip" \
    -O /tmp/ghidra.zip 2>/dev/null && \
    unzip -q /tmp/ghidra.zip -d /opt && \
    ln -s /opt/ghidra_*/ghidraRun /usr/local/bin/ghidra && \
    rm /tmp/ghidra.zip 2>/dev/null; fi || true

# floss (string deobfuscation)
RUN pip3 install --no-cache-dir --break-system-packages floss 2>/dev/null || true

# pwndbg (GDB enhancement)
RUN git clone https://github.com/pwndbg/pwndbg /opt/pwndbg && \
    cd /opt/pwndbg && ./setup.sh 2>/dev/null || true

# ─────────────────────────────────────────────
# Fuzzing Tools
# (rt-exploit-fuzzing)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    afl++ \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# radamsa — build from source (not in Kali repos)
RUN git clone https://gitlab.com/akihe/radamsa /opt/radamsa && \
    cd /opt/radamsa && make 2>/dev/null && \
    ln -sf /opt/radamsa/bin/radamsa /usr/local/bin/radamsa 2>/dev/null || true

RUN pip3 install --no-cache-dir --break-system-packages boofuzz 2>/dev/null || true

# ─────────────────────────────────────────────
# Hardware & IoT Tools
# (rt-hardware-hacking, rt-exploit-iot, rt-exploit-scada)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    openocd \
    flashrom \
    avrdude \
    minicom \
    screen \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN pip3 install --no-cache-dir --break-system-packages \
    bleak \
    pyserial \
    pyModbusTCP 2>/dev/null || true

# ─────────────────────────────────────────────
# Steganography & Covert Channels
# (rt-steganography)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    steghide sox binwalk exiftool \
    && apt-get clean && rm -rf /var/lib/apt/lists/*
# outguess — not in Kali repos, build from source
RUN git clone https://github.com/crorvick/outguess /opt/outguess && \
    cd /opt/outguess && autoreconf -i && ./configure && make && make install 2>/dev/null || true

RUN gem install zsteg 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages stegoveritas 2>/dev/null || true

# ─────────────────────────────────────────────
# VoIP Tools
# (rt-voip-sip)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    sipvicious 2>/dev/null || true \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

RUN pip3 install --no-cache-dir --break-system-packages sipvicious 2>/dev/null || true

# ─────────────────────────────────────────────
# Crypto Attack Tools
# (rt-crypto-attacks)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages \
    pycryptodome \
    hashpumpy \
    cryptography \
    padding-oracle-attacker 2>/dev/null || true

# ─────────────────────────────────────────────
# Web Proxy & Interception
# (rt-ssl-mitm)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages mitmproxy 2>/dev/null || true

# OWASP ZAP (Burp Suite alternative)
RUN wget -q "https://github.com/zaproxy/zaproxy/releases/latest/download/ZAP_LINUX_PACKAGE.tar.gz" \
    -O /tmp/zap.tar.gz 2>/dev/null && \
    tar xf /tmp/zap.tar.gz -C /opt/ && \
    ln -s /opt/ZAP_*/zap.sh /usr/local/bin/zap && \
    rm /tmp/zap.tar.gz 2>/dev/null || true

# ─────────────────────────────────────────────
# Azure AD — ROADtools (Azure AD enumeration)
# (rt-azure-ad, rt-adfs)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages roadtools roadrecon 2>/dev/null || true

# ─────────────────────────────────────────────
# AWS IAM — PMapper (privilege escalation paths)
# (rt-exploit-cloud-aws)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages principalmapper 2>/dev/null || \
    git clone https://github.com/nccgroup/PMapper /opt/PMapper && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/PMapper/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Email Breach Hunting — h8mail
# (rt-osint, rt-credential-hunt)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages h8mail 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Frida + Objection
# (rt-exploit-android, rt-exploit-ios)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages \
    frida-tools \
    objection \
    apkleaks 2>/dev/null || true

# ─────────────────────────────────────────────
# Phishing — Evilginx3 (MFA-bypassing reverse proxy)
# (rt-social-engineering, rt-exploit-phishing)
# ─────────────────────────────────────────────
RUN go install github.com/kgretzky/evilginx2@latest 2>/dev/null || \
    git clone https://github.com/kgretzky/evilginx2 /opt/evilginx3 && \
    cd /opt/evilginx3 && go build -o /usr/local/bin/evilginx3 . 2>/dev/null || true

# ─────────────────────────────────────────────
# AI/LLM Tools
# (rt-ai-llm-security)
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages \
    garak \
    openai \
    anthropic \
    requests 2>/dev/null || true

# ─────────────────────────────────────────────
# C2 Frameworks (Additional)
# Havoc C2, Empire, PoshC2
# ─────────────────────────────────────────────
RUN git clone https://github.com/BC-SECURITY/Empire /opt/Empire 2>/dev/null; \
    [ -f /opt/Empire/requirements.txt ] && pip3 install --no-cache-dir --break-system-packages -r /opt/Empire/requirements.txt 2>/dev/null; \
    ln -sf /opt/Empire/empire /usr/local/bin/empire 2>/dev/null; true

RUN git clone https://github.com/nettitude/PoshC2 /opt/PoshC2 && \
    cd /opt/PoshC2 && pip3 install --no-cache-dir --break-system-packages -r requirements.txt 2>/dev/null || true

# Villain C2 (lightweight)
RUN git clone https://github.com/t3l3machus/Villain /opt/Villain && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/Villain/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Web Testing (Additional)
# Caido, Ghauri, GraphQL tools, CORScanner
# ─────────────────────────────────────────────
# Caido — modern Burp alternative
RUN curl -fsSL "https://caido.io/download/latest/linux" -o /usr/local/bin/caido 2>/dev/null && \
    chmod +x /usr/local/bin/caido 2>/dev/null || true

# Ghauri — advanced SQLi tool
RUN pip3 install --no-cache-dir --break-system-packages ghauri 2>/dev/null; \
    git clone https://github.com/r0oth3x49/ghauri /opt/ghauri 2>/dev/null; \
    [ -f /opt/ghauri/requirements.txt ] && pip3 install --no-cache-dir --break-system-packages -r /opt/ghauri/requirements.txt 2>/dev/null; \
    ln -sf /opt/ghauri/ghauri.py /usr/local/bin/ghauri 2>/dev/null; true

# GraphQL tools
RUN pip3 install --no-cache-dir --break-system-packages graphw00f 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages clairvoyance 2>/dev/null || true

# CORScanner
RUN git clone https://github.com/chenjj/CORScanner /opt/CORScanner && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/CORScanner/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Active Directory (Additional)
# coercer, mitm6, KrbRelayUp, NoPac, DonPAPI
# ─────────────────────────────────────────────
# coercer — unified auth coercion (EFS, MS-RPRN, MS-DFSNM, etc.)
RUN pip3 install --no-cache-dir --break-system-packages coercer 2>/dev/null || \
    git clone https://github.com/p0dalirius/Coercer /opt/Coercer && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/Coercer/requirements.txt 2>/dev/null || true

# mitm6 — IPv6 MITM + DNS takeover
RUN pip3 install --no-cache-dir --break-system-packages mitm6 2>/dev/null || true

# DonPAPI — DPAPI credential hunting
RUN git clone https://github.com/login-securite/DonPAPI /opt/DonPAPI && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/DonPAPI/requirements.txt 2>/dev/null || true

# NoPac — CVE-2021-42278/42427
RUN git clone https://github.com/Ridter/noPac /opt/noPac && \
    pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true

# pyrdp — RDP MITM
RUN pip3 install --no-cache-dir --break-system-packages pyrdp 2>/dev/null || true

# ─────────────────────────────────────────────
# Container Escape Tools
# CDK, deepce, botb
# ─────────────────────────────────────────────
# CDK — Container escape toolkit
RUN go install github.com/cdk-team/CDK/cmd/cdk@latest 2>/dev/null || \
    curl -sSL https://github.com/cdk-team/CDK/releases/latest/download/cdk_linux_amd64 \
    -o /usr/local/bin/cdk && chmod +x /usr/local/bin/cdk 2>/dev/null || true

# deepce — Docker escape
RUN curl -sSL https://github.com/stealthcopter/deepce/releases/latest/download/deepce \
    -o /usr/local/bin/deepce && chmod +x /usr/local/bin/deepce 2>/dev/null || true

# botb — Break Out The Box
RUN go install github.com/brompwnie/botb@latest 2>/dev/null || true

# Trivy — container/image vulnerability scanning
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | \
    sh -s -- -b /usr/local/bin 2>/dev/null || \
    apt-get install -y trivy 2>/dev/null || true

# ─────────────────────────────────────────────
# Cloud (Additional)
# Prowler, Steampipe, Stratus Red Team, TeamFiltration
# ─────────────────────────────────────────────
# Prowler — AWS/GCP/Azure compliance audit
RUN pip3 install --no-cache-dir --break-system-packages prowler 2>/dev/null || true

# Stratus Red Team — cloud attack for detection testing
RUN go install github.com/DataDog/stratus-red-team/v2/cmd/stratus@latest 2>/dev/null || true

# TeamFiltration — M365 user enum and spray
RUN curl -sSL "https://github.com/Flangvik/TeamFiltration/releases/latest/download/TeamFiltration_Linux" \
    -o /usr/local/bin/teamfiltration && chmod +x /usr/local/bin/teamfiltration 2>/dev/null || true

# ─────────────────────────────────────────────
# Payload Generation & Evasion
# Veil-Evasion, macro_pack, Donut, ScareCrow
# ─────────────────────────────────────────────
# Veil-Evasion
RUN git clone https://github.com/Veil-Framework/Veil /opt/Veil && \
    cd /opt/Veil/setup && bash setup.sh -s 2>/dev/null || true

# macro_pack — Office macro obfuscation
RUN git clone https://github.com/sevagas/macro_pack /opt/macro_pack 2>/dev/null || true

# Donut — shellcode generation
RUN pip3 install --no-cache-dir --break-system-packages donut-shellcode 2>/dev/null || \
    go install github.com/Binject/go-donut/cmd/godonuts@latest 2>/dev/null || true

# ─────────────────────────────────────────────
# OSINT (Additional)
# SpiderFoot, Maigret, Holehe, GHunt, CrossLinked
# ─────────────────────────────────────────────
RUN pip3 install --no-cache-dir --break-system-packages \
    spiderfoot 2>/dev/null || true

RUN pip3 install --no-cache-dir --break-system-packages \
    maigret \
    holehe \
    ghunt \
    socialscan 2>/dev/null || true

# CrossLinked — LinkedIn username generation
RUN git clone https://github.com/m8sec/CrossLinked /opt/CrossLinked && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/CrossLinked/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Core Tools
# apktool, jadx, dex2jar, adb
# (rt-exploit-android, rt-exploit-ios, rt-apk-repackaging)
# ─────────────────────────────────────────────
RUN apt-get update && apt-get install -y --no-install-recommends \
    apktool \
    dex2jar \
    android-tools-adb \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# jadx — Java decompiler
RUN mkdir -p /opt/jadx && \
    curl -sSL "https://github.com/skylot/jadx/releases/latest/download/jadx-1.5.0.zip" \
    -o /tmp/jadx.zip 2>/dev/null && \
    unzip -q /tmp/jadx.zip -d /opt/jadx && \
    ln -sf /opt/jadx/bin/jadx /usr/local/bin/jadx && \
    ln -sf /opt/jadx/bin/jadx-gui /usr/local/bin/jadx-gui && \
    rm /tmp/jadx.zip 2>/dev/null || true

# uber-apk-signer — sign + zipalign APKs in one command
# (rt-apk-repackaging — required for repackaged APK signing)
RUN mkdir -p /opt/uber-apk-signer && \
    curl -sSL "https://github.com/patrickfav/uber-apk-signer/releases/download/v1.3.0/uber-apk-signer-1.3.0.jar" \
    -o /opt/uber-apk-signer/uber-apk-signer.jar 2>/dev/null && \
    echo '#!/bin/bash\nexec java -jar /opt/uber-apk-signer/uber-apk-signer.jar "$@"' \
    > /usr/local/bin/uber-apk-signer && \
    chmod +x /usr/local/bin/uber-apk-signer 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Advanced Dynamic Analysis
# Frida, Objection, reFlutter
# (rt-frida-advanced, rt-mobile-ssl-pinning)
# ─────────────────────────────────────────────

# frida-tools + objection + apkleaks (already in base section, ensure latest)
RUN pip3 install --no-cache-dir --break-system-packages \
    frida-tools \
    objection \
    apkleaks 2>/dev/null || true

# reFlutter — patches libflutter.so to remove SSL pinning + redirect to Burp
# (rt-mobile-ssl-pinning, rt-cross-platform-mobile — Flutter apps)
RUN pip3 install --no-cache-dir --break-system-packages reFlutter 2>/dev/null || \
    git clone https://github.com/Impact-I/reFlutter /opt/reFlutter && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/reFlutter/requirements.txt 2>/dev/null || true

# apk-mitm — automatic SSL unpinning for APKs (no Frida needed)
# (rt-mobile-ssl-pinning — when Frida/Objection bypass fails)
RUN npm install -g apk-mitm 2>/dev/null || true

# frida-server helper script — pulls correct frida-server for connected device
# Usage: setup-frida-server [device_ip:port]
# (rt-frida-advanced)
RUN cat > /usr/local/bin/setup-frida-server << 'SCRIPT'
#!/bin/bash
set -e
FRIDA_VER=$(python3 -c "import frida; print(frida.__version__)" 2>/dev/null || pip3 show frida | grep Version | awk '{print $2}')
DEVICE=${1:-"usb"}

if [ "$DEVICE" != "usb" ]; then
    adb connect "$DEVICE"
fi

ARCH=$(adb shell getprop ro.product.cpu.abi 2>/dev/null | tr -d '\r')
case $ARCH in
    arm64-v8a) ARCH_NAME="arm64" ;;
    armeabi-v7a) ARCH_NAME="arm" ;;
    x86_64) ARCH_NAME="x86_64" ;;
    x86) ARCH_NAME="x86" ;;
    *) echo "Unknown arch: $ARCH"; exit 1 ;;
esac

echo "[*] Frida version: $FRIDA_VER | Device arch: $ARCH_NAME"
URL="https://github.com/frida/frida/releases/download/${FRIDA_VER}/frida-server-${FRIDA_VER}-android-${ARCH_NAME}.xz"
echo "[*] Downloading: $URL"
wget -q "$URL" -O /tmp/frida-server.xz
unxz /tmp/frida-server.xz
mv /tmp/frida-server "/tmp/frida-server-${ARCH_NAME}"
adb push "/tmp/frida-server-${ARCH_NAME}" /data/local/tmp/frida-server
adb shell chmod 755 /data/local/tmp/frida-server
echo "[+] Installed. Start with: adb shell /data/local/tmp/frida-server &"
SCRIPT
RUN chmod +x /usr/local/bin/setup-frida-server 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Cross-Platform App Analysis
# React Native (Hermes), Flutter (Dart), Xamarin
# (rt-cross-platform-mobile)
# ─────────────────────────────────────────────

# hermes-dec — decompile Hermes bytecode (React Native compiled bundles)
RUN pip3 install --no-cache-dir --break-system-packages hermes-dec 2>/dev/null || true

# hbctool — alternative Hermes bytecode disassembler
RUN pip3 install --no-cache-dir --break-system-packages hbctool 2>/dev/null || true

# js-beautify — prettify plain React Native JS bundles
RUN npm install -g js-beautify 2>/dev/null || true

# doldrums — extract Dart code from Flutter kernel_blob.bin
RUN pip3 install --no-cache-dir --break-system-packages doldrums 2>/dev/null || \
    git clone https://github.com/nicowillis/doldrums /opt/doldrums && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/doldrums/requirements.txt 2>/dev/null || true

# Mono + monodis — decompile Xamarin .NET assemblies
# monodis = IL disassembler for .NET DLLs from Xamarin apps
RUN apt-get update && apt-get install -y --no-install-recommends \
    mono-complete \
    mono-utils \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ilspycmd — .NET decompiler (better than monodis for Xamarin DLL source)
RUN dotnet tool install --global ilspycmd 2>/dev/null || true

# lz4 — decompress Xamarin LZ4-compressed assemblies (XALZ format)
RUN pip3 install --no-cache-dir --break-system-packages lz4 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Static Analysis Deep
# MobSF (via Docker), androguard, trufflehog, secret scanning
# (rt-mobile-static-deep)
# ─────────────────────────────────────────────

# androguard — Python library for APK analysis (imports, permissions, code)
RUN pip3 install --no-cache-dir --break-system-packages androguard 2>/dev/null || true

# apkleaks — scan APK for leaked secrets, endpoints, API keys
RUN pip3 install --no-cache-dir --break-system-packages apkleaks 2>/dev/null || true

# trufflehog3 — secret scanning on decompiled source
RUN pip3 install --no-cache-dir --break-system-packages trufflehog3 2>/dev/null || true

# MobSF — NOTE: MobSF is too heavy for the base image (~2GB)
# Run separately: docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf
# Or add to your docker-compose.yml alongside rtexit-kali
RUN echo '# MobSF: docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf' \
    >> /etc/profile.d/rtexit-aliases.sh 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Malware & C2
# msfvenom (already installed), TheFatRat, AhMyth, qrcode
# (rt-mobile-malware-c2)
# ─────────────────────────────────────────────

# qrcode — generate QR codes for APK delivery URLs
RUN pip3 install --no-cache-dir --break-system-packages "qrcode[pil]" Pillow 2>/dev/null || true

# TheFatRat — FUD payload generator (APK + exe + more)
RUN git clone https://github.com/Screetsec/TheFatRat /opt/TheFatRat 2>/dev/null && \
    chmod +x /opt/TheFatRat/fatrat 2>/dev/null || true
# NOTE: TheFatRat requires setup.sh on first use: cd /opt/TheFatRat && bash setup.sh

# AhMyth RAT — NOTE: Electron GUI app, cannot run headless in Docker
# Download on attacker machine: https://github.com/AhMyth/AhMyth-Android-RAT/releases
RUN echo '# AhMyth: download GUI from https://github.com/AhMyth/AhMyth-Android-RAT/releases' \
    >> /etc/profile.d/rtexit-aliases.sh 2>/dev/null || true

# ─────────────────────────────────────────────
# Mobile Testing — Intent Exploitation
# Drozer (already installed), adb (already installed)
# (rt-android-intent-exploitation)
# ─────────────────────────────────────────────

# drozer — already installed above, ensure agent JAR is available
RUN pip3 install --no-cache-dir --break-system-packages drozer 2>/dev/null || true

# Download drozer agent APK for device installation
RUN mkdir -p /opt/drozer && \
    curl -sSL "https://github.com/WithSecureLabs/drozer/releases/latest/download/drozer-agent.apk" \
    -o /opt/drozer/drozer-agent.apk 2>/dev/null && \
    echo "[*] Install on device: adb install /opt/drozer/drozer-agent.apk" >> /opt/drozer/README.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Purple Team / Detection Testing
# Atomic Red Team, Caldera
# ─────────────────────────────────────────────
# Atomic Red Team — MITRE ATT&CK tests
RUN git clone https://github.com/redcanaryco/atomic-red-team /opt/atomic-red-team 2>/dev/null || true

# Caldera — MITRE adversary simulation
RUN git clone https://github.com/mitre/caldera /opt/caldera && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/caldera/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Missing Tools (Gap Analysis v1)
# ─────────────────────────────────────────────

# Android — Drozer (component enumeration)
RUN pip3 install --no-cache-dir --break-system-packages drozer 2>/dev/null || true

# BLE — crackle + GATTacker
RUN git clone https://github.com/mikeryan/crackle /opt/crackle && \
    cd /opt/crackle && make 2>/dev/null || true
RUN npm install -g gattacker 2>/dev/null || true

# VoIP — rtpbreak + pjsua (install individually to avoid block on missing pkg)
RUN apt-get update && \
    apt-get install -y --no-install-recommends rtpbreak 2>/dev/null || true && \
    apt-get install -y --no-install-recommends pjsua 2>/dev/null || true && \
    apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# Steganography — zsteg
RUN gem install zsteg 2>/dev/null || true

# Browser Exploitation — BeEF
RUN apt-get update && \
    apt-get install -y --no-install-recommends beef-xss 2>/dev/null || true && \
    apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# Electron — electronegativity
RUN npm install -g @doyensec/electronegativity 2>/dev/null || true

# AI/LLM — promptfoo
RUN npm install -g promptfoo 2>/dev/null || true

# Supply Chain — Dive (Docker layer inspector)
RUN curl -sSfL https://raw.githubusercontent.com/wagoodman/dive/main/get-dive.sh | sh 2>/dev/null || \
    wget -qO /tmp/dive.tar.gz "https://github.com/wagoodman/dive/releases/latest/download/dive_linux_amd64.tar.gz" && \
    tar xf /tmp/dive.tar.gz -C /usr/local/bin dive 2>/dev/null && rm /tmp/dive.tar.gz 2>/dev/null || true

# VoIP — ucsniff (SIP/RTP sniffer)
RUN git clone https://github.com/hevnsnt/ucsniff /opt/ucsniff 2>/dev/null || true

# SCADA — complete pip installs for ICS tools
RUN [ -f /opt/plcscan/requirements.txt ] && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/plcscan/requirements.txt 2>/dev/null || true
RUN [ -f /opt/isf/requirements.txt ] && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/isf/requirements.txt 2>/dev/null || true

# Steganography — StegSolve JAR
RUN wget -q "https://github.com/zardus/ctf-tools/raw/master/stegsolve/install" \
    -O /tmp/stegsolve_install 2>/dev/null || true && \
    mkdir -p /opt/stegsolve && \
    wget -q "http://www.caesum.com/handbook/Stegsolve.jar" \
    -O /opt/stegsolve/stegsolve.jar 2>/dev/null || true && \
    echo '#!/bin/bash\njava -jar /opt/stegsolve/stegsolve.jar "$@"' > /usr/local/bin/stegsolve && \
    chmod +x /usr/local/bin/stegsolve 2>/dev/null || true

# ─────────────────────────────────────────────
# Missing CLI Tools (Gap Analysis v2)
# ─────────────────────────────────────────────

# Information Gathering — missing CLI tools
RUN apt-get update && apt-get install -y --no-install-recommends \
    fierce \
    dnsrecon \
    dnsenum \
    nbtscan \
    smbmap \
    enum4linux \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# enum4linux-ng — NOT on pip, use python module wrapper
RUN printf '#!/bin/bash\npython3 -m enum4linux_ng "$@"\n' \
    > /usr/local/bin/enum4linux-ng && chmod +x /usr/local/bin/enum4linux-ng || true

# Password Attacks — missing tools
RUN pip3 install --no-cache-dir --break-system-packages \
    patator 2>/dev/null || true

RUN apt-get update && apt-get install -y --no-install-recommends \
    onesixtyone \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# Exploitation — searchsploit + routersploit + weevely + king-phisher
RUN apt-get update && apt-get install -y --no-install-recommends \
    exploitdb \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

RUN pip3 install --no-cache-dir --break-system-packages \
    routersploit \
    weevely 2>/dev/null || true

RUN git clone https://github.com/rsmusllp/king-phisher /opt/king-phisher && \
    pip3 install --no-cache-dir --break-system-packages \
    -r /opt/king-phisher/requirements.txt 2>/dev/null || true

# Forensics — CLI tools (all work in container)
RUN apt-get update && apt-get install -y --no-install-recommends \
    foremost \
    dc3dd \
    testdisk \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

RUN apt-get update && apt-get install -y --no-install-recommends \
    bulk-extractor \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# Volatility3 — memory forensics
RUN git clone https://github.com/volatilityfoundation/volatility3 /opt/volatility3 && \
    pip3 install --no-cache-dir --break-system-packages \
    -r /opt/volatility3/requirements.txt 2>/dev/null && \
    ln -sf /opt/volatility3/vol.py /usr/local/bin/vol 2>/dev/null || true

# Sniffing — missing CLI tools
RUN apt-get update && apt-get install -y --no-install-recommends \
    arpwatch \
    netsniff-ng \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ─────────────────────────────────────────────
# Missing Tools (adb + peirates + ScareCrow)
# ─────────────────────────────────────────────
RUN apt-get install -y --no-install-recommends android-tools-adb 2>/dev/null || true

RUN go install github.com/inguardians/peirates@latest 2>/dev/null || \
    ( git clone https://github.com/inguardians/peirates /opt/peirates && \
      cd /opt/peirates && go build -o /usr/local/bin/peirates . ) 2>/dev/null || true

RUN git clone https://github.com/optiv/ScareCrow /opt/ScareCrow 2>/dev/null && \
    cd /opt/ScareCrow && go build -o /usr/local/bin/ScareCrow . 2>/dev/null || true

# ═════════════════════════════════════════════
# GAP ANALYSIS v3 — Advanced Professional Tools
# All gaps identified from skills audit
# ═════════════════════════════════════════════

# ─────────────────────────────────────────────
# Web & API — Advanced Tools
# (rt-exploit-web, rt-js-analysis, rt-exploit-graphql)
# ─────────────────────────────────────────────

# semgrep — source-assisted web testing, find code patterns
RUN pip3 install --no-cache-dir --break-system-packages semgrep 2>/dev/null || true

# jsbeautifier — prettify minified JS from web apps + React Native bundles
RUN pip3 install --no-cache-dir --break-system-packages jsbeautifier 2>/dev/null || true

# wappalyzer-cli — technology fingerprinting
RUN npm install -g wappalyzer-cli 2>/dev/null || true

# graphql-cop — GraphQL security audit tool
RUN pip3 install --no-cache-dir --break-system-packages graphql-cop 2>/dev/null || \
    git clone https://github.com/nicowillis/graphql-cop /opt/graphql-cop 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/graphql-cop/requirements.txt 2>/dev/null || true

# InQL — GraphQL introspection and attack tool
RUN pip3 install --no-cache-dir --break-system-packages inql 2>/dev/null || true

# XXEinjector — automated XXE exploitation
RUN git clone https://github.com/enjoiz/XXEinjector /opt/XXEinjector 2>/dev/null || true

# tplmap — Server-Side Template Injection (SSTI) scanner
RUN git clone https://github.com/epinna/tplmap /opt/tplmap && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/tplmap/requirements.txt 2>/dev/null && \
    ln -sf /opt/tplmap/tplmap.py /usr/local/bin/tplmap && \
    chmod +x /opt/tplmap/tplmap.py 2>/dev/null || true

# ─────────────────────────────────────────────
# Active Directory — Advanced Tools
# (rt-exploit-active-directory, rt-kerberos-relay, rt-syscall-bypass)
# ─────────────────────────────────────────────

# Rubeus — compiled binary for Kerberos attacks (from GhostPack)
# NOTE: Windows-only binary, but needed for documentation reference
# In real engagements: transfer to Windows target via C2
RUN mkdir -p /opt/GhostPack && \
    echo "# GhostPack tools (Windows binaries) — transfer to target via C2" > /opt/GhostPack/README.txt && \
    echo "# Rubeus: https://github.com/GhostPack/Rubeus/releases" >> /opt/GhostPack/README.txt && \
    echo "# SharpHound: https://github.com/BloodHoundAD/SharpHound/releases" >> /opt/GhostPack/README.txt && \
    echo "# Seatbelt: https://github.com/GhostPack/Seatbelt/releases" >> /opt/GhostPack/README.txt && \
    echo "# SharpUp: https://github.com/GhostPack/SharpUp/releases" >> /opt/GhostPack/README.txt

# KrbRelayUp — Kerberos relay local PrivEsc
RUN git clone https://github.com/Dec0ne/KrbRelayUp /opt/KrbRelayUp 2>/dev/null || true

# CVE-2020-1472 Zerologon exploit
RUN git clone https://github.com/dirkjanm/CVE-2020-1472 /opt/CVE-2020-1472 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true

# PrintNightmare CVE-2021-1675
RUN git clone https://github.com/cube0x0/CVE-2021-1675 /opt/PrintNightmare 2>/dev/null || true

# krbrelayx — Kerberos relay attack framework
RUN git clone https://github.com/dirkjanm/krbrelayx /opt/krbrelayx && \
    pip3 install --no-cache-dir --break-system-packages dnspython ldap3 pyOpenSSL 2>/dev/null || true

# ADFSpoof — Golden SAML attack
RUN git clone https://github.com/fireeye/ADFSpoof /opt/ADFSpoof 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/ADFSpoof/requirements.txt 2>/dev/null || true

# pyGPOAbuse — GPO abuse for persistence
RUN git clone https://github.com/Hackndo/pyGPOAbuse /opt/pyGPOAbuse && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/pyGPOAbuse/requirements.txt 2>/dev/null || true

# SysWhispers3 — direct syscall bypass generator
RUN git clone https://github.com/klezVirus/SysWhispers3 /opt/SysWhispers3 2>/dev/null || true

# ─────────────────────────────────────────────
# Cloud — Advanced Tools
# (rt-exploit-cloud-aws, rt-exploit-cloud-azure, rt-exploit-cloud-gcp)
# ─────────────────────────────────────────────

# enumerate-iam — AWS IAM permission enumeration without admin
RUN git clone https://github.com/andresriancho/enumerate-iam /opt/enumerate-iam && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/enumerate-iam/requirements.txt 2>/dev/null && \
    ln -sf /opt/enumerate-iam/enumerate-iam.py /usr/local/bin/enumerate-iam && \
    chmod +x /opt/enumerate-iam/enumerate-iam.py 2>/dev/null || true

# awswhoami — binary download (go install module path unreliable)
RUN curl -sL "https://github.com/liamg/awswhoami/releases/latest/download/awswhoami_linux_amd64" \
    -o /usr/local/bin/awswhoami 2>/dev/null && chmod +x /usr/local/bin/awswhoami || true

# azcopy — Azure blob/file exfiltration
RUN curl -sSL "https://aka.ms/downloadazcopy-v10-linux" | tar xz --strip-components=1 -C /usr/local/bin/ 2>/dev/null || true

# checkov — IaC misconfiguration scanner (Terraform, K8s, ARM)
RUN pip3 install --no-cache-dir --break-system-packages checkov 2>/dev/null || true

# steampipe — SQL queries against cloud APIs (AWS/Azure/GCP)
RUN curl -sSL https://raw.githubusercontent.com/turbot/steampipe/main/etc/install.sh | sh 2>/dev/null || true

# cloud_enum — multi-cloud asset enumeration
RUN git clone https://github.com/initstring/cloud_enum /opt/cloud_enum && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/cloud_enum/requirements.txt 2>/dev/null || true

# s3scanner — public S3 bucket enumeration
RUN pip3 install --no-cache-dir --break-system-packages s3scanner 2>/dev/null || true

# gcp_scanner — GCP service account + resource enumeration
RUN pip3 install --no-cache-dir --break-system-packages gcp-scanner 2>/dev/null || true

# ─────────────────────────────────────────────
# Kubernetes — Advanced Tools
# (rt-kubernetes, rt-exploit-containers)
# ─────────────────────────────────────────────

# kubectx + kubens — context and namespace switching
RUN git clone https://github.com/ahmetb/kubectx /opt/kubectx && \
    ln -sf /opt/kubectx/kubectx /usr/local/bin/kubectx && \
    ln -sf /opt/kubectx/kubens /usr/local/bin/kubens 2>/dev/null || true

# kube-bench — binary download (go install is slow)
RUN curl -sL "https://github.com/aquasecurity/kube-bench/releases/latest/download/kube-bench_linux_amd64.tar.gz" \
    -o /tmp/kb.tar.gz 2>/dev/null && tar xf /tmp/kb.tar.gz -C /usr/local/bin kube-bench 2>/dev/null || true

# helm — direct binary download (curl | bash script unreliable in container)
RUN curl -sL "https://get.helm.sh/helm-v3.17.0-linux-amd64.tar.gz" -o /tmp/helm.tar.gz 2>/dev/null && \
    tar xf /tmp/helm.tar.gz -C /tmp 2>/dev/null && \
    mv /tmp/linux-amd64/helm /usr/local/bin/ 2>/dev/null || true

# kubesploit — Kubernetes-specific post-exploitation framework
RUN go install github.com/cyberark/kubesploit@latest 2>/dev/null || \
    git clone https://github.com/cyberark/kubesploit /opt/kubesploit 2>/dev/null || true

# ─────────────────────────────────────────────
# Recon & OSINT — Advanced
# (rt-osint, rt-active-recon, rt-shodan-recon, rt-github-recon)
# ─────────────────────────────────────────────

# zmap — fast internet-wide scanner
RUN apt-get update && apt-get install -y --no-install-recommends zmap \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# git-dumper — dump exposed .git directories
RUN pip3 install --no-cache-dir --break-system-packages git-dumper 2>/dev/null || true

# trufflehog — git + S3 + GitHub secret scanning
RUN pip3 install --no-cache-dir --break-system-packages trufflehog 2>/dev/null || true

# github-recon tools
RUN pip3 install --no-cache-dir --break-system-packages PyGithub 2>/dev/null || true
RUN go install github.com/gwen001/github-subdomains@latest 2>/dev/null || true
RUN go install github.com/d3mondev/puredns/v2@latest 2>/dev/null || true

# ipinfo + abuseipdb — IP intelligence
RUN pip3 install --no-cache-dir --break-system-packages ipinfo 2>/dev/null || true

# duckduckgo-search — passive recon
RUN pip3 install --no-cache-dir --break-system-packages duckduckgo-search 2>/dev/null || true

# ─────────────────────────────────────────────
# Binary Analysis & Exploitation — Advanced
# (rt-binary-reverse-engineering, rt-crypto-attacks)
# ─────────────────────────────────────────────

# capstone + keystone + unicorn — disassembly/assembly/emulation Python libs
RUN pip3 install --no-cache-dir --break-system-packages \
    capstone keystone-engine unicorn 2>/dev/null || true

# ROPgadget — ROP chain builder
RUN pip3 install --no-cache-dir --break-system-packages ropgadget 2>/dev/null || true

# ropper — alternative ROP gadget finder
RUN pip3 install --no-cache-dir --break-system-packages ropper 2>/dev/null || true

# GEF — GDB Enhanced Features (better than pwndbg for some scenarios)
RUN bash -c "$(curl -sSL https://gef.blah.cat/sh)" 2>/dev/null || true

# angr — binary analysis framework (program analysis, symbolic execution)
RUN pip3 install --no-cache-dir --break-system-packages angr 2>/dev/null || true

# YARA — malware pattern matching
RUN apt-get update && apt-get install -y --no-install-recommends yara \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages yara-python 2>/dev/null || true

# YARA rules — community malware signatures
RUN git clone https://github.com/Yara-Rules/rules /opt/yara-rules 2>/dev/null || true

# ─────────────────────────────────────────────
# Cryptography — Advanced Math Tools
# (rt-crypto-attacks)
# ─────────────────────────────────────────────

# sympy — symbolic math for RSA attacks, factorization, number theory
RUN pip3 install --no-cache-dir --break-system-packages sympy 2>/dev/null || true

# ecdsa + gmpy2 — elliptic curve attacks
RUN apt-get update && apt-get install -y --no-install-recommends \
    libgmp-dev libmpfr-dev libmpc-dev \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages ecdsa gmpy2 2>/dev/null || true

# sage — math library for crypto attacks (optional, large)
# Skipped — too large (~4GB). Use online SageMath when needed.

# ─────────────────────────────────────────────
# Wireless — Advanced Tools
# (rt-exploit-wireless, rt-wifi-attacks)
# ─────────────────────────────────────────────

# wifite2 — automated WiFi cracking (WPA2, PMKID, WPS)
RUN pip3 install --no-cache-dir --break-system-packages wifite2 2>/dev/null || true

# hcxtools + hcxdumptool — modern WiFi PMKID capture
RUN apt-get update && apt-get install -y --no-install-recommends \
    hcxtools \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true
RUN git clone https://github.com/ZerBea/hcxdumptool /opt/hcxdumptool && \
    cd /opt/hcxdumptool && make && make install 2>/dev/null || true

# hostapd-wpe — Evil Twin / WPA Enterprise attack
RUN apt-get update && apt-get install -y --no-install-recommends \
    hostapd-wpe \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ubertooth — Bluetooth classic sniffing hardware tool
RUN apt-get update && apt-get install -y --no-install-recommends \
    ubertooth \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ─────────────────────────────────────────────
# Phishing & Social Engineering — Advanced
# (rt-exploit-phishing, rt-social-engineering)
# ─────────────────────────────────────────────

# phishery — inject URL into Office documents
RUN git clone https://github.com/ryhanson/phishery /opt/phishery 2>/dev/null || true

# o365spray — O365 user enumeration + spray
RUN pip3 install --no-cache-dir --break-system-packages o365spray 2>/dev/null || \
    git clone https://github.com/0xZDH/o365spray /opt/o365spray && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/o365spray/requirements.txt 2>/dev/null || true

# msf-phishing — generate malicious Office documents
RUN gem install msf-phishing 2>/dev/null || true

# credSniper — phishing framework with 2FA bypass
RUN git clone https://github.com/ustayready/CredSniper /opt/CredSniper && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/CredSniper/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Post-Exploitation — Advanced
# (rt-c2-operations, rt-lateral-movement, rt-persistence)
# ─────────────────────────────────────────────

# Merlin C2 — HTTP/2 + TLS C2 (harder to detect than standard HTTPS)
RUN go install github.com/Ne0nd0g/merlin-agent/cmd/merlinagent@latest 2>/dev/null || true

# DeathStar — automated BloodHound path exploitation
RUN pip3 install --no-cache-dir --break-system-packages deathstar 2>/dev/null || \
    git clone https://github.com/byt3bl33d3r/DeathStar /opt/DeathStar && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/DeathStar/requirements.txt 2>/dev/null || true

# ldeep — LDAP enumeration with less noise
RUN pip3 install --no-cache-dir --break-system-packages ldeep 2>/dev/null || true

# windapsearch — LDAP enumeration
# windapsearch — binary download (go install module path is broken for this repo)
RUN curl -sL "https://github.com/ropnop/windapsearch/releases/download/v0.0.11/windapsearch-linux-amd64" \
    -o /usr/local/bin/windapsearch 2>/dev/null && chmod +x /usr/local/bin/windapsearch || true

# impacket suite — ensure all scripts are in PATH
RUN pip3 install --no-cache-dir --break-system-packages impacket 2>/dev/null || true

# ─────────────────────────────────────────────
# Supply Chain & Code Analysis
# (rt-supply-chain, rt-github-recon)
# ─────────────────────────────────────────────

# syft — SBOM (Software Bill of Materials) generator
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin 2>/dev/null || true

# grype — vulnerability scanner for container images
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin 2>/dev/null || true

# dependency-check — OWASP SCA tool
RUN mkdir -p /opt/dependency-check && \
    curl -sSL "https://github.com/jeremylong/DependencyCheck/releases/latest/download/dependency-check-bin.zip" \
    -o /tmp/dc.zip 2>/dev/null && \
    unzip -q /tmp/dc.zip -d /opt/ && \
    ln -sf /opt/dependency-check/bin/dependency-check.sh /usr/local/bin/dependency-check && \
    rm /tmp/dc.zip 2>/dev/null || true

# ─────────────────────────────────────────────
# DFIR & Memory Forensics
# (rt-binary-reverse-engineering, purple team)
# ─────────────────────────────────────────────

# sleuthkit — disk image forensics (fls, icat, mactime)
RUN apt-get update && apt-get install -y --no-install-recommends \
    sleuthkit autopsy \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# strings + binutils extras
RUN apt-get update && apt-get install -y --no-install-recommends \
    binutils-multiarch \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ─────────────────────────────────────────────
# AI/LLM Security — Advanced
# (rt-ai-llm-security)
# ─────────────────────────────────────────────

# promptfoo — LLM red-teaming framework
RUN npm install -g promptfoo 2>/dev/null || true

# llm-security tools
RUN pip3 install --no-cache-dir --break-system-packages \
    garak \
    langchain \
    openai \
    anthropic \
    transformers 2>/dev/null || true

# ─────────────────────────────────────────────
# Network — Advanced Tools
# (rt-network-segmentation, rt-traffic-analysis)
# ─────────────────────────────────────────────

# suricata — IDS/IPS for traffic analysis
RUN apt-get update && apt-get install -y --no-install-recommends \
    suricata \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ncrack — network authentication cracker
RUN apt-get update && apt-get install -y --no-install-recommends \
    ncrack \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ═════════════════════════════════════════════
# VERIFIED FIXES — Gap Analysis v4
# All fixes confirmed working in live containers
# ═════════════════════════════════════════════

# ─────────────────────────────────────────────
# Phase 1 — Scanning & Recon (Verified Fixes)
# ─────────────────────────────────────────────

# Missing apt tools for scanning/DNS
RUN apt-get update && apt-get install -y --no-install-recommends \
    zmap dnsrecon dnsenum fierce \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# rustscan — fast port scanner (deb package)
RUN curl -sL "https://github.com/RustScan/RustScan/releases/download/2.3.0/rustscan_2.3.0_amd64.deb" \
    -o /tmp/rustscan.deb 2>/dev/null && \
    dpkg -i /tmp/rustscan.deb 2>/dev/null && \
    rm /tmp/rustscan.deb 2>/dev/null || true

# feroxbuster — fast content discovery (binary download)
RUN curl -sL "https://github.com/epi052/feroxbuster/releases/latest/download/x86_64-linux-feroxbuster.zip" \
    -o /tmp/ferox.zip 2>/dev/null && \
    unzip -qo /tmp/ferox.zip -d /usr/local/bin/ feroxbuster 2>/dev/null && \
    rm /tmp/ferox.zip 2>/dev/null || true

# x8 — hidden parameter discovery (binary — go install module path is broken)
RUN curl -sL "https://github.com/Sh1Yo/x8/releases/download/v4.3.0/x86_64-linux-x8.gz" \
    -o /tmp/x8.gz 2>/dev/null && \
    gunzip /tmp/x8.gz 2>/dev/null && \
    mv /tmp/x8 /usr/local/bin/x8 && \
    chmod +x /usr/local/bin/x8 2>/dev/null || true

# dirsearch
RUN pip3 install --no-cache-dir --break-system-packages dirsearch 2>/dev/null || true

# Go tools (missing from base section)
RUN go install github.com/tomnomnom/httprobe@latest 2>/dev/null || true
RUN go install github.com/d3mondev/puredns/v2@latest 2>/dev/null || true
RUN go install github.com/PentestPad/subzy@latest 2>/dev/null || true
RUN go install github.com/epi052/feroxbuster@latest 2>/dev/null || true

# wappalyzer — wrapper script (npm installs to non-standard path)
RUN npm install -g wappalyzer-cli 2>/dev/null || true
RUN printf '#!/bin/bash\nnode /usr/local/lib/node_modules/wappalyzer-cli/bin/wappalyzer "$@"\n' \
    > /usr/local/bin/wappalyzer && chmod +x /usr/local/bin/wappalyzer 2>/dev/null || true

# Ensure Go binaries are in system PATH
RUN for bin in httprobe puredns subzy feroxbuster; do \
        [ -f /root/go/bin/$bin ] && ln -sf /root/go/bin/$bin /usr/local/bin/$bin; \
    done 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 2 — Web Testing (Verified Fixes)
# ─────────────────────────────────────────────

# semgrep — pip3 ONLY (apt python3-semgrep does NOT create the 'semgrep' binary)
RUN pip3 install --no-cache-dir --break-system-packages semgrep 2>/dev/null || true

# checkov — IaC scanner (requires --ignore-installed due to packaging conflict)
RUN pip3 install --no-cache-dir --break-system-packages --ignore-installed checkov \
    2>/dev/null || true

# git-dumper — exposed .git directory dumper
RUN pip3 install --no-cache-dir --break-system-packages \
    git-dumper graphql-cop graphw00f inql 2>/dev/null || true

# graphql-cop wrapper (pip installs module only, binary needs wrapper)
RUN printf '#!/bin/bash\npython3 -m graphql_cop "$@"\n' \
    > /usr/local/bin/graphql-cop && chmod +x /usr/local/bin/graphql-cop || true

# graphw00f wrapper
RUN printf '#!/bin/bash\npython3 -m graphw00f "$@"\n' \
    > /usr/local/bin/graphw00f && chmod +x /usr/local/bin/graphw00f || true

# wpscan via gem (NOT apt — apt version is outdated/broken)
RUN gem install wpscan 2>/dev/null || true

# gitleaks — binary (not pip)
RUN curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz" \
    -o /tmp/gl.tar.gz 2>/dev/null && \
    tar xf /tmp/gl.tar.gz -C /usr/local/bin gitleaks 2>/dev/null && \
    rm /tmp/gl.tar.gz 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 3 — Active Directory (Verified Fixes)
# ─────────────────────────────────────────────

# theHarvester — apt (faster and more reliable than pip)
RUN apt-get update && apt-get install -y --no-install-recommends theharvester \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# netexec + wifite via apt (confirmed working in testing)
RUN apt-get update && apt-get install -y --no-install-recommends \
    netexec wifite \
    2>/dev/null && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# crackmapexec → alias to netexec (same tool, renamed)
RUN ln -sf /usr/bin/netexec /usr/local/bin/crackmapexec 2>/dev/null || true

# Impacket symlinks — make all .py scripts accessible as impacket-<name>
# The scripts exist as /usr/local/bin/<name>.py but tools expect impacket-<name>
RUN for script in psexec smbexec wmiexec secretsdump GetUserSPNs GetNPUsers \
        ntlmrelayx lookupsid ticketer ticketConverter getST addcomputer \
        atexec dcomexec dpapi esentutl findDelegation goldenPac karmaSMB \
        netview nmapAnswerMachine ping6 raiseChild registry-read rpcdump \
        sambaPipe samrdump services sniffer sniff tstool; do \
        if [ -f /usr/local/bin/${script}.py ]; then \
            ln -sf /usr/local/bin/${script}.py /usr/local/bin/impacket-${script} && \
            chmod +x /usr/local/bin/${script}.py; \
        fi; \
    done 2>/dev/null || true

# AD exploit repos (confirmed working)
RUN git clone https://github.com/Dec0ne/KrbRelayUp /opt/KrbRelayUp --depth 1 -q 2>/dev/null || true
RUN git clone https://github.com/dirkjanm/CVE-2020-1472 /opt/CVE-2020-1472 --depth 1 -q 2>/dev/null || true
RUN git clone https://github.com/cube0x0/CVE-2021-1675 /opt/PrintNightmare --depth 1 -q 2>/dev/null || true
RUN git clone https://github.com/dirkjanm/krbrelayx /opt/krbrelayx --depth 1 -q 2>/dev/null || true
RUN git clone https://github.com/fireeye/ADFSpoof /opt/ADFSpoof --depth 1 -q 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/ADFSpoof/requirements.txt 2>/dev/null || true
RUN git clone https://github.com/klezVirus/SysWhispers3 /opt/SysWhispers3 --depth 1 -q 2>/dev/null || true
RUN git clone https://github.com/Hackndo/pyGPOAbuse /opt/pyGPOAbuse --depth 1 -q 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/pyGPOAbuse/requirements.txt 2>/dev/null || true
RUN git clone https://github.com/login-securite/DonPAPI /opt/DonPAPI --depth 1 -q 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/DonPAPI/requirements.txt 2>/dev/null || true
RUN git clone https://github.com/byt3bl33d3r/DeathStar /opt/DeathStar --depth 1 -q 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/DeathStar/requirements.txt 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 4 — Cloud (Verified Fixes)
# ─────────────────────────────────────────────

# enumerate-iam — AWS IAM enumeration
RUN git clone https://github.com/andresriancho/enumerate-iam /opt/enumerate-iam --depth 1 -q 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/enumerate-iam/requirements.txt 2>/dev/null && \
    ln -sf /opt/enumerate-iam/enumerate-iam.py /usr/local/bin/enumerate-iam && \
    chmod +x /opt/enumerate-iam/enumerate-iam.py 2>/dev/null || true

# kubectx + kubens (context switching)
RUN git clone https://github.com/ahmetb/kubectx /opt/kubectx --depth 1 -q 2>/dev/null && \
    ln -sf /opt/kubectx/kubectx /usr/local/bin/kubectx && \
    ln -sf /opt/kubectx/kubens /usr/local/bin/kubens 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 5 — Mobile (Verified Fixes)
# ─────────────────────────────────────────────

# jadx — Java decompiler (specific version, reliable)
RUN mkdir -p /opt/jadx && \
    curl -sSL "https://github.com/skylot/jadx/releases/download/v1.5.0/jadx-1.5.0.zip" \
    -o /tmp/jadx.zip 2>/dev/null && \
    unzip -qo /tmp/jadx.zip -d /opt/jadx && \
    ln -sf /opt/jadx/bin/jadx /usr/local/bin/jadx && \
    ln -sf /opt/jadx/bin/jadx-gui /usr/local/bin/jadx-gui && \
    rm /tmp/jadx.zip 2>/dev/null || true

# uber-apk-signer
RUN mkdir -p /opt/uber-apk-signer && \
    curl -sSL "https://github.com/patrickfav/uber-apk-signer/releases/download/v1.3.0/uber-apk-signer-1.3.0.jar" \
    -o /opt/uber-apk-signer/uber-apk-signer.jar 2>/dev/null && \
    printf '#!/bin/bash\nexec java -jar /opt/uber-apk-signer/uber-apk-signer.jar "$@"\n' \
    > /usr/local/bin/uber-apk-signer && chmod +x /usr/local/bin/uber-apk-signer 2>/dev/null || true

# setup-frida-server — helper script
RUN cat > /usr/local/bin/setup-frida-server << 'FSCRIPT'
#!/bin/bash
FRIDA_VER=$(python3 -c "import frida; print(frida.__version__)" 2>/dev/null || pip3 show frida | grep Version | awk '{print $2}')
ARCH=$(adb shell getprop ro.product.cpu.abi 2>/dev/null | tr -d '\r')
case $ARCH in
  arm64-v8a) A="arm64" ;; armeabi-v7a) A="arm" ;;
  x86_64) A="x86_64" ;; x86) A="x86" ;; *) echo "Unknown arch: $ARCH"; exit 1 ;;
esac
wget -q "https://github.com/frida/frida/releases/download/${FRIDA_VER}/frida-server-${FRIDA_VER}-android-${A}.xz" -O /tmp/frida-server.xz
unxz /tmp/frida-server.xz && mv /tmp/frida-server "/tmp/frida-server-${A}"
adb push "/tmp/frida-server-${A}" /data/local/tmp/frida-server
adb shell chmod 755 /data/local/tmp/frida-server
echo "[+] Start: adb shell /data/local/tmp/frida-server &"
FSCRIPT
RUN chmod +x /usr/local/bin/setup-frida-server 2>/dev/null || true

# Mobile Python tools
# NOTE: doldrums has no PyPI package — omitted intentionally
RUN pip3 install --no-cache-dir --break-system-packages \
    reflutter androguard trufflehog3 hermes-dec hbctool \
    "qrcode[pil]" Pillow lz4 apkleaks 2>/dev/null || true

# monodis (Xamarin/Mono) + ssh client
RUN apt-get update && apt-get install -y --no-install-recommends \
    mono-utils openssh-client \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# qrcode CLI wrapper
RUN command -v qrcode >/dev/null 2>&1 || \
    printf '#!/bin/bash\npython3 -m qrcode "$@"\n' > /usr/local/bin/qrcode && \
    chmod +x /usr/local/bin/qrcode || true

# apk-mitm (npm)
RUN npm install -g apk-mitm 2>/dev/null || true

# drozer agent APK (v2.3.4 — last release with APK asset, repo moved to ReversecLabs)
RUN mkdir -p /opt/drozer && \
    curl -sL "https://github.com/ReversecLabs/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk" \
    -o /opt/drozer/drozer-agent.apk 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 7 — OSINT (Verified Fixes) ✅ 26/27
# ─────────────────────────────────────────────

# OSINT tools — all pip, verified working
# NOTE: sherlock-project installs as binary 'sherlock' (not importable module)
# NOTE: trufflehog is a Go binary (not Python module)
# NOTE: spiderfoot not on PyPI — installed from git to /opt/spiderfoot
RUN pip3 install --no-cache-dir --break-system-packages \
    holehe maigret socialscan duckduckgo-search ipinfo 2>/dev/null || true

RUN apt-get update && apt-get install -y --no-install-recommends whois \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# spiderfoot from git (not on PyPI)
RUN git clone https://github.com/smicallef/spiderfoot /opt/spiderfoot -q --depth 1 2>/dev/null && \
    pip3 install --no-cache-dir --break-system-packages -r /opt/spiderfoot/requirements.txt 2>/dev/null && \
    printf '#!/bin/bash\npython3 /opt/spiderfoot/sf.py "$@"\n' > /usr/local/bin/spiderfoot && \
    chmod +x /usr/local/bin/spiderfoot || true

# ─────────────────────────────────────────────
# Phase 8 — Credentials (Verified Fixes) ✅ 27/28
# ─────────────────────────────────────────────

# Crypto libraries + brute-force tools
# NOTE: patator must use --no-deps (cx-oracle build fails but not needed)
RUN pip3 install --no-cache-dir --break-system-packages --no-deps patator 2>/dev/null || true
RUN pip3 install --no-cache-dir --break-system-packages \
    sympy gmpy2 ecdsa hashpumpy 2>/dev/null || true

# Extract rockyou.txt (stored compressed in SecLists)
RUN tar xzf /opt/SecLists/Passwords/Leaked-Databases/rockyou.txt.tar.gz \
    -C /opt/SecLists/Passwords/Leaked-Databases/ 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 9 — Binary Analysis (Verified Fixes) ✅ 40/40
# ─────────────────────────────────────────────

RUN pip3 install --no-cache-dir --break-system-packages \
    capstone keystone-engine unicorn ropgadget ropper angr \
    yara-python volatility3 2>/dev/null || true

# GEF (gdb enhanced features)
RUN bash -c "$(curl -fsSL https://gef.blah.cat/sh)" 2>/dev/null || true

# YARA rules
RUN git clone https://github.com/Yara-Rules/rules /opt/yara-rules --depth 1 -q 2>/dev/null || true

# foremost + bulk_extractor + sleuthkit
RUN apt-get update && apt-get install -y --no-install-recommends \
    sleuthkit foremost bulk-extractor \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 10 — Network / WiFi (Verified Fixes) ✅ 36/39
# ─────────────────────────────────────────────

# wireshark-common (tshark binary), netsniff-ng, arpwatch, hcxtools (hcxpcapngtool)
# NOTE: zeek has libc conflict on Kali 2026 — skip
# NOTE: GATTacker npm gyp build fails — skip
RUN apt-get update && apt-get install -y --no-install-recommends \
    wireshark-common netsniff-ng arpwatch hcxtools hostapd-wpe ubertooth ncrack \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# hcxdumptool (WiFi PMKID capture)
RUN git clone https://github.com/ZerBea/hcxdumptool /opt/hcxdumptool --depth 1 -q 2>/dev/null && \
    cd /opt/hcxdumptool && make && make install 2>/dev/null || true

# ─────────────────────────────────────────────
# Phase 11 — Specialist (Verified Fixes) ✅ 30/31
# ─────────────────────────────────────────────

# evilginx2 — binary from zip release
RUN curl -sL 'https://github.com/kgretzky/evilginx2/releases/download/v3.3.0/evilginx-v3.3.0-linux-64bit.zip' \
    -o /tmp/eg.zip 2>/dev/null && unzip -qo /tmp/eg.zip -d /tmp/evilginx && \
    find /tmp/evilginx -name 'evilginx' -type f | head -1 | xargs -I{} cp {} /usr/local/bin/evilginx2 && \
    chmod +x /usr/local/bin/evilginx2 2>/dev/null || true

# o365spray — pip install from git (not on PyPI)
RUN pip3 install --no-cache-dir --break-system-packages \
    git+https://github.com/0xZDH/o365spray.git 2>/dev/null || true

# CredSniper + king-phisher + phishery
RUN git clone https://github.com/ustayready/CredSniper /opt/CredSniper -q --depth 1 2>/dev/null || true
RUN git clone https://github.com/rsmusllp/king-phisher /opt/king-phisher -q --depth 1 2>/dev/null || true
RUN git clone https://github.com/ryhanson/phishery /opt/phishery -q --depth 1 2>/dev/null || true

# AI/LLM tools
RUN pip3 install --no-cache-dir --break-system-packages \
    garak openai anthropic langchain transformers 2>/dev/null || true
RUN npm install -g promptfoo 2>/dev/null || true

# Purple Team
RUN git clone https://github.com/redcanaryco/atomic-red-team /opt/atomic-red-team --depth 1 -q 2>/dev/null || true

# ─────────────────────────────────────────────
# Final PATH fix — ensure all Go binaries in system PATH
# ─────────────────────────────────────────────
RUN cp /root/go/bin/* /usr/local/bin/ 2>/dev/null || true

# ─────────────────────────────────────────────
# RTExit Framework Installation
# ─────────────────────────────────────────────
RUN mkdir -p $RTEXIT_HOME

# Install RTExit skills
RUN npx --yes rtexit-method install --non-interactive 2>/dev/null || true

# Custom aliases for RTExit workflow
COPY aliases.sh /etc/profile.d/rtexit-aliases.sh
RUN chmod +x /etc/profile.d/rtexit-aliases.sh

# RTExit scripts

# Nuclei RTExit custom templates

# Update Go path
ENV PATH="/root/go/bin:${PATH}"
ENV GOPATH="/root/go"

# ─────────────────────────────────────────────
# OPSEC Stack — VPN / Tor / Anonymity Tools
# (rt-redteam-infra — Phase 0: Operator OPSEC)
# ─────────────────────────────────────────────

# Tor — anonymity network (SOCKS5 proxy on 9050, DNS on 9053)
# Used for recon / OSINT to hide operator home IP
RUN apt-get update && apt-get install -y --no-install-recommends \
    tor \
    tor-geoipdb \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# WireGuard — fast modern VPN (kernel module + wg-tools)
# Used to route traffic through a free VPS (Oracle Cloud / Hetzner)
RUN apt-get update && apt-get install -y --no-install-recommends \
    wireguard-tools \
    openresolv \
    && apt-get clean && rm -rf /var/lib/apt/lists/* 2>/dev/null || true

# tun2socks — tunnel any TCP/UDP over a SOCKS5 proxy (used with Tor)
RUN go install github.com/yingziwu/tun2socks@latest 2>/dev/null || true

# macchanger — randomize MAC on container start (anti-fingerprinting)
RUN cat > /etc/profile.d/rtexit-mac.sh << 'EOF'
# Randomize MAC on shell start (helps avoid MAC-based device fingerprinting)
if command -v macchanger &>/dev/null && [ -e /sys/class/net/eth0 ]; then
    ip link set dev eth0 down 2>/dev/null
    macchanger -A eth0 2>/dev/null || true
    ip link set dev eth0 up 2>/dev/null
fi
EOF

# OPSEC helper scripts — `/opt/rtexit/opsec/`
# Quick-start wrappers: opsec-tor, opsec-vpn, opsec-status, opsec-check
RUN mkdir -p /opt/rtexit/opsec

COPY opsec/setup-tor.sh        /opt/rtexit/opsec/setup-tor.sh
COPY opsec/setup-vpn.sh        /opt/rtexit/opsec/setup-vpn.sh
COPY opsec/setup-wireguard.sh  /opt/rtexit/opsec/setup-wireguard.sh
COPY opsec/opsec-status.sh     /opt/rtexit/opsec/opsec-status.sh
COPY opsec/opsec-check.sh      /opt/rtexit/opsec/opsec-check.sh
COPY opsec/torrc.template      /opt/rtexit/opsec/torrc.template
COPY opsec/proxychains.conf    /opt/rtexit/opsec/proxychains.conf
RUN chmod +x /opt/rtexit/opsec/*.sh

# ─────────────────────────────────────────────
# Final Setup
# ─────────────────────────────────────────────
WORKDIR /workspace

# Verify tool installation
COPY verify-tools.sh /opt/rtexit/verify-tools.sh
RUN chmod +x /opt/rtexit/verify-tools.sh

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

EXPOSE 8080 4444 3000

ENTRYPOINT ["/entrypoint.sh"]
CMD ["/bin/bash"]
