GooseStrike

GooseStrike is an AI-assisted, Canadian-themed offensive security and CTF operations toolkit. It blends subnet discovery, CVE/exploit correlation, task orchestration, and agent-driven planning into one cohesive platform designed only for authorized lab environments.

Features

• Scanner – wraps nmap, preserves MAC/OUI data, captures timestamps/notes, and automatically ingests results with a scan UUID for replay-grade history.
• Indexer – parses NVD + Exploit-DB + PacketStorm data into db/exploits.db, ensuring CVEs, severities, and exploit metadata always live in SQLite for offline ops.
• FastAPI backend – tracks assets, services, CVEs, scan runs, MITRE ATT&CK suggestions, and alerts while exposing webhook hooks for n8n automations.
• Task queue + runners – enqueue work for Metasploit, SQLMap, Hydra, OWASP ZAP, the password cracking helper, and now manage every job directly from the dashboard.
• Password cracking automation – orchestrate Hashcat, John the Ripper, or rainbow-table (rcrack) jobs with consistent logging.
• LLM agents – structured recon / CVE / exploit / privilege escalation / planning agents for high-level guidance.
• Web UI – Canadian-themed dashboard that now shows assets, scan history, MITRE recommendations, the task queue, and inline forms to submit tool runs or password-cracking jobs inspired by OWASP Nettacker & Exploitivator playbooks.
• Roadmap + mock data – /core_snapshot, /roadmap, and /mock/dashboard-data feed both the live UI and a static mock dashboard so you can preview GooseStrike with fake sample data (served at /mockup).

GooseStrike Core snapshot

Highlight	Details
🔧 Stack	Nmap, Metasploit, SQLMap, Hydra, OWASP ZAP (all wired into runners)
🧠 AI-ready	External LLM exploit assistant hooks for Claude / HackGPT / Ollama
📚 Offline CVE mirroring	update_cve.sh keeps the SQLite CVE/exploit mirror fresh when air-gapped
🗂 Branding kit	ASCII banner, official crest, and PDF-ready branding pack for your ops briefings
📜 CVE helpers	Scan-to-CVE JSON matching scripts pulled from Nettacker / Exploitivator inspirations
📦 Artifact drops	goosestrike-cve-enabled.zip & hackgpt-ai-stack.zip ship with READMEs + architecture notes

Coming next (roadmap you requested)

Task	Status
🐳 Build docker-compose.goosestrike-full.yml	⏳ In progress
🧠 HackGPT API container (linked to n8n)	⏳ Next up
🌐 Local CVE API server	Pending
🧬 Claude + HackGPT fallback system	Pending
🔄 n8n workflow .json import	Pending
🎯 Target "prioritizer" AI agent	Pending
🧭 SVG architecture diagram	Pending
🖥 Dashboard frontend (Armitage-style)	Optional
🔐 C2 bridging to Mythic/Sliver	Optional

You can query the same table programmatically at GET /roadmap or fetch the bullet list at GET /core_snapshot.

Architecture Overview

scanner.py -> /ingest/scan ---->
                              FastAPI (api.py) ---> db/goosestrike.db
                                                     |  ├─ assets / services / service_cves
                                                     |  ├─ scan_runs + scan_services (historical state)
                                                     |  └─ attack_suggestions + alerts
indexer.py -> db/exploits.db --/                    |
                                                  REST/JSON + Web UI (assets, scans, MITRE)
                                                    |
                    +-> task_queue.py -> runners (metasploit/sqlmap/hydra/zap) -> logs/
                    +-> app/agents/*  (LLM guidance)
                    +-> n8n webhooks (/webhook/n8n/*)

Quickstart

1. Clone & install dependencies

   git clone <repo>
   cd GooseStrike
   pip install -r requirements.txt  # create your own env if desired
   

2. Run the API + UI

   uvicorn api:app --reload
   

   Visit http://localhost:8000/ for the themed dashboard.

3. Index CVEs & exploits (required for CVE severity + MITRE context)

   python indexer.py --nvd data/nvd --exploitdb data/exploitdb --packetstorm data/packetstorm.xml
   

4. Scan a subnet

   python scanner.py 192.168.1.0/24 --fast --api http://localhost:8000 --notes "Lab validation"
   

   Every run stores MAC/OUI data, timestamps, the CLI metadata, and the raw payload so /scans keeps a tamper-evident trail.

5. Enqueue tool runs

   python task_queue.py enqueue sqlmap "http://example" '{"level": 2}'
   

   Then invoke the appropriate runner (e.g., python sqlmap_runner.py) inside your own automation glue.

6. Crack passwords (hashcat / John / rainbow tables)

   python task_queue.py enqueue password_cracker hashes '{"crack_tool": "hashcat", "hash_file": "hashes.txt", "wordlist": "/wordlists/rockyou.txt", "mode": 0}'
   python password_cracker_runner.py
   

   Adjust the JSON for crack_tool (hashcat, john, or rainbow) plus specific options like masks, rules, or rainbow-table paths. Prefer the dashboard forms if you want to queue these jobs without hand-writing JSON.

Customizing the dashboard logo

Drop the exact artwork you want to display into web/static/uploads/ (PNG/SVG/JPG/WebP). The UI auto-loads the first supported file it finds at startup, so the logo you uploaded appears at the top-right of the header instead of the default crest. If you need to host the logo elsewhere, set GOOSESTRIKE_LOGO to a reachable URL (or another /static/... path) before launching uvicorn.

API Examples

• Ingest a host

  curl -X POST http://localhost:8000/ingest/scan \
       -H 'Content-Type: application/json' \
       -d '{
            "ip": "10.0.0.5",
            "mac_address": "00:11:22:33:44:55",
            "mac_vendor": "Acme Labs",
            "scan": {"scan_id": "demo-001", "scanner": "GooseStrike", "mode": "fast"},
            "services": [
              {"port": 80, "proto": "tcp", "product": "nginx", "version": "1.23", "cves": ["CVE-2023-12345"]}
            ]
          }'
  

• List assets

  curl http://localhost:8000/assets
  

• Get CVE + exploit context

  curl http://localhost:8000/cve/CVE-2023-12345
  

• Review scan history + MITRE suggestions

  curl http://localhost:8000/scans
  curl http://localhost:8000/attack_suggestions
  

• Roadmap + mock data

  curl http://localhost:8000/core_snapshot
  curl http://localhost:8000/roadmap
  curl http://localhost:8000/mock/dashboard-data
  

  Preview the populated UI without touching production data at http://localhost:8000/mockup .

• Queue & review tasks

  curl -X POST http://localhost:8000/tasks \
       -H 'Content-Type: application/json' \
       -d '{
             "tool": "password_cracker",
             "target": "lab-hash",
             "params": {"crack_tool": "hashcat", "hash_file": "hashes.txt", "wordlist": "rockyou.txt"}
           }'
  curl http://localhost:8000/tasks
  

  Workers can update entries through POST /tasks/{task_id}/status once a run completes.

• n8n webhook

  curl -X POST http://localhost:8000/webhook/n8n/new_cve \
       -H 'Content-Type: application/json' \
       -d '{"cve_id": "CVE-2023-12345", "critical": true}'
  

Password cracking runner

password_cracker_runner.py centralizes cracking workflows:

• Hashcat – supply hash_file, wordlist or mask, and optional mode, attack_mode, rules, workload, or arbitrary extra_args.
• John the Ripper – provide hash_file plus switches like wordlist, format, rules, incremental, or potfile.
• Rainbow tables – call rcrack by specifying tables_path along with either hash_value or hash_file and optional thread counts.

All runs land in logs/ with timestamped records so you can prove what was attempted during an engagement.

Kali Linux Docker stack

Need everything preloaded inside Kali? Use the included Dockerfile.kali and docker-compose.kali.yml:

docker compose -f docker-compose.kali.yml build
docker compose -f docker-compose.kali.yml up -d api
# run scanners or runners inside dedicated containers
docker compose -f docker-compose.kali.yml run --rm scanner python scanner.py 10.0.0.0/24 --fast --api http://api:8000
docker compose -f docker-compose.kali.yml run --rm worker python password_cracker_runner.py

The image layers the GooseStrike codebase on top of kalilinux/kali-rolling, installs nmap, masscan, sqlmap, hydra, metasploit-framework, hashcat, john, and rainbowcrack, and exposes persistent db/, logs/, and data/ volumes so scan history and cracking outputs survive container restarts.

Extending GooseStrike

• Add a new runner by following the runner_utils.run_subprocess pattern and placing a <tool>_runner.py file that interprets task dictionaries safely.
• Add more agents by subclassing app.agents.base_agent.BaseAgent and exposing a simple run(context) helper similar to the existing agents.
• Enhance the UI by editing web/templates/index.html + web/static/styles.css and creating dedicated JS components that consume /assets, /scans, and /attack_suggestions.
• Integrate orchestration tools (n8n, Celery, etc.) by interacting with task_queue.py and the FastAPI webhook endpoints.

Safety & Legal Notice

GooseStrike is intended for authorized security assessments, CTF competitions, and lab research only. You are responsible for obtaining written permission before scanning, exploiting, or otherwise interacting with any system. The maintainers provide no warranty, and misuse may be illegal.