skeletonkey: add --dry-run flag
Preview-only mode for --auto / --exploit / --mitigate / --cleanup.
Walks the full scan (with active probes, fork isolation, verdict
table — everything the real --auto does) and prints what would be
launched, without ever calling the exploit/mitigate/cleanup callback.
Wiring:
- struct skeletonkey_ctx gains a 'dry_run' field (core/module.h).
- Long option --dry-run, getopt case 10.
- cmd_auto: after picking the safest, if dry_run, print
[*] auto: --dry-run: would launch `--exploit <NAME> --i-know`; not firing.
plus the remaining ranked candidates, then return 0.
- cmd_one (used for --exploit/--mitigate/--cleanup) shorts on dry_run
with [*] <module>: --dry-run: would run --<op>; not firing.
UX: --auto --dry-run does NOT require --i-know (nothing fires). The
refusal message for bare --auto now points to --dry-run for the
preview path:
[-] --auto requires --i-know (or --dry-run for a preview that never fires).
ROADMAP --auto accuracy section updated with the dry-run + the
version-pinned detect work from the previous commit.
Smoke-tested locally on macOS: scanning runs, verdicts print, the
'would launch' line fires, exit 0.
This commit is contained in:
@@ -50,6 +50,7 @@ struct skeletonkey_ctx {
|
||||
bool no_shell; /* --no-shell (exploit prep but don't pop) */
|
||||
bool authorized; /* user typed --i-know on exploit */
|
||||
bool full_chain; /* --full-chain (attempt root-pop after primitive) */
|
||||
bool dry_run; /* --dry-run (preview only; never call exploit/mitigate/cleanup) */
|
||||
};
|
||||
|
||||
struct skeletonkey_module {
|
||||
|
||||
Reference in New Issue
Block a user