leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

skeletonkey: add --dry-run flag

Browse Source 
Preview-only mode for --auto / --exploit / --mitigate / --cleanup.
Walks the full scan (with active probes, fork isolation, verdict
table — everything the real --auto does) and prints what would be
launched, without ever calling the exploit/mitigate/cleanup callback.

Wiring:
- struct skeletonkey_ctx gains a 'dry_run' field (core/module.h).
- Long option --dry-run, getopt case 10.
- cmd_auto: after picking the safest, if dry_run, print
    [*] auto: --dry-run: would launch `--exploit <NAME> --i-know`; not firing.
  plus the remaining ranked candidates, then return 0.
- cmd_one (used for --exploit/--mitigate/--cleanup) shorts on dry_run
  with [*] <module>: --dry-run: would run --<op>; not firing.

UX: --auto --dry-run does NOT require --i-know (nothing fires). The
refusal message for bare --auto now points to --dry-run for the
preview path:
  [-] --auto requires --i-know (or --dry-run for a preview that never fires).

ROADMAP --auto accuracy section updated with the dry-run + the
version-pinned detect work from the previous commit.

Smoke-tested locally on macOS: scanning runs, verdicts print, the
'would launch' line fires, exit 0.
This commit is contained in:
KaraZajac
2026-05-22 23:08:24 -04:00
parent a26f471ecf
commit 3e6e0d869b
3 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ROADMAP.md
+11
View File
@@ -216,6 +216,17 @@ of the 28-module verified corpus):**
module's probe is contained and the scan continues. Surfaced
while testing entrybleed's `prefetchnta` sweep under emulated
CPUs: exactly the failure mode the isolation now handles.
- [x] `--dry-run` flag: previews the picked exploit (or single-module
operation) without firing. Works with `--auto`, `--exploit`,
`--mitigate`, `--cleanup`. `--auto --dry-run` does NOT require
`--i-know` (nothing fires) so operators can inspect the host's
attack surface without arming. Bare `--auto` still gates on
`--i-know` and now points to `--dry-run` in the refusal message.
- [x] Version-pinned `detect()` for the 3 ported modules — Debian
tracker provided the fix commits: `dirtydecrypt` against mainline
`a2567217` (Linux 7.0); `fragnesia` against 7.0.9; `pack2theroot`
against PackageKit 1.3.5. The `kernel_range` model now drives
their verdicts; `--active` confirms empirically on top.
**Carry-overs:**