ERR0RS-Ultimate

简介

  ███████╗██████╗ ██████╗  ██████╗ ██████╗ ███████╗
  ██╔════╝██╔══██╗██╔══██╗██╔═████╗██╔══██╗██╔════╝
  █████╗  ██████╔╝██████╔╝██║██╔██║██████╔╝███████╗
  ██╔══╝  ██╔══██╗██╔══██╗████╔╝██║██╔══██╗╚════██║
  ███████╗██║  ██║██║  ██║╚██████╔╝██║  ██║███████║
  ╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚═╝  ╚═╝╚══════╝
                        U L T I M A T E

What's New in v3.7.0 — "SOC Mentor"

This release lands the operator-progression layer that turns ERR0RS from a tool dictionary into a guided learning environment. The headline feature: every lesson now teaches the strategic and OPSEC dimensions of a tool, not just its flags.

• 🥷 SOC Mentor lesson layer — 23/23 topics covered. Every teach <topic> now ends with a noise-rated coaching block: TL;DR strategic value, 🟢/🟡/🔴 noise level with explanation, ordered next-best-steps (quietest first), and 4 concrete OPSEC tips per tool. The constitution this implements: "ERR0RS is the ultimate SOC mentor. He should teach his SOC apprentice how to be as stealthy and quiet as possible, as to not expose the test until the operator is ready for the client to know that they are in." Lives in src/core/soc_mentor.py.
• Persistent server-authoritative mission state. ~/.err0rs/mission_state.json is the single source of truth. Survives reboots, browser refreshes, and tab close. Auto-clears on completion with a one-shot just_completed flag so the celebration card fires exactly once.
• Mission 01: Your First Recon — fully playable. 3-step nmap → nikto → gobuster walkthrough against OWASP Juice Shop. Each step has rich coaching fields (instruction, what_it_does, what_to_look_for, xp_reward). ▶ RUN STEP button fires the command verbatim, bypassing the intent parser so the mission's exact args reach the tool.
• Mission 02: SQL Injection Fundamentals — shipped. 4 steps, +175 XP. Manual curl → classic ' OR 1=1-- payload → JWT decode → sqlmap automation. Teaches the SOC-mentor approach: harvest server error messages before guessing payloads; prefer offline cracking over online brute.
• Per-launch ethics gate. Every launcher boot re-fires the 5-clause ethical use agreement (red-bordered fullscreen modal, checkbox + I AGREE). PID-based invalidation: relaunch = new PID = gate re-fires. No bypasses.
• Operator Profile panel. Extends the existing skill panel with three new sections: OPERATOR (name, skill, sessions, achievements), MODES (Teach Mode / Auto-Coach / Mentor Context toggles), ACTIONS (Continue Lessons, Restart Mission, Reset Profile). Reset is two-click with automatic backup of ~/.err0rs/ before wipe.
• Welcome-back greeting card on every launch after ethics-gate, with tone calibrated to skill level (Welcome back, NAME. for guided / NAME. for pro), and a "next action" button — Continue Mission if active, Next Lesson if not, just a greeting if both are clear.
• XP awards on EVERY tool execution path. Brain _run_tool, LiveProcess terminal-box runs, and AutoKillChain phase loops all now fire award_xp('run_<tool>') and found_vuln events. Skill domains and achievements finally populate from real activity.
• Lesson completion tracking. Each teach <topic> automatically marks the topic completed, awards 30 XP via complete_lesson event, and advances the lesson counter on the skill panel. Continue Lessons now actually progresses through all 23 topics instead of re-serving the first one.
• Architectural xterm typing fix. xset r off disables X11 keyboard auto-repeat during synthetic typing so the X server can't emit stuck-key repeats, then xset r on restores in a finally block. Combined with a goldilocks 50ms delay, gobuster commands type as wordlists (correctly) instead of worrrrdllllists or wordlist.
• Phoenix Arsenal page linked in the topbar. arsenal.html (789-line tool grid, 92 curated + 2000+ BlackArch) is now reachable via a cyan 🔱 ARSENAL pill — was previously a finished feature with zero links to it from anywhere.
• Payload Studio: ATTACKER_IP auto-substitution. When listener spins up, backend resolves the Pi's outbound interface IP via UDP-socket trick (no nmap needed), and the editor replaces ATTACKER_IP placeholders with the real value. Snippet library (21 BadUSB/BadKB payloads across 4 platforms) restored after fixing same string-literal truncation bug class as v3.6.

What's New in v3.6.0 — "Teach Knowledge Drop"

This release lands the first major payload of operator-grade teach content into the canonical registry and ships the infrastructure that made it sustainable to produce.

• 67 tools fully taught at operator depth — every one now carries 6 opsec notes (current to 2025–2026 EDR/AMSI/ETW-TI tradecraft), 2 sample command outputs (beginner + advanced operator scenario), 3 legal notes (CFAA / ROE / cloud automated-response considerations), 5 false-positive traps, and full MITRE ATT&CK technique mappings. Total: 1,328 distinct pieces of red-team teach content across the registry.
• RAG knowledge base online — tools/ingest_teach_to_rag.py embeds all 67 teach cards into a local ChromaDB collection (err0rs_teach_v1) using all-MiniLM-L6-v2. Semantic queries like "kerberoasting active directory" surface the right card (Rubeus) every time. Pi 5 CPU-resident, no GPU needed.
• err0rs-qwen model baked — the ERR0RS soul (src/ai/system_prompt.md) is now embedded directly into a customized qwen2.5-coder:7b via Modelfile. Tertiary-tier offline inference inherits the teacher voice without prompt-injection.
• Build-time teach generator hardened — tools/generate_teach.py cost-tracking rewrite: real per-million-token billing from msg.usage (not flat per-call guesses), per-model rate overrides (Sonnet vs Opus vs Haiku), and a cap loop that fires on actual spend. Projection accuracy improved from −56% to −7%.
• Human-in-the-loop merge tool — tools/merge_generated.py with interactive per-card review (approve/skip/edit/diff/quit), atomic writes, git tags + backup files + session logs, and a non-interactive --from-decisions batch path for trusted bulk merges.
• Quality gates — tools/quality_gates.py runs 12 categorical checks (schema completeness, character ranges, MITRE format, duplicate detection, JSON safety, command-binary cross-references) before merge to catch generator misfires.

See CHANGELOG.md for the complete changelist.

---

Core Capabilities