rename: IAMROOT → SKELETONKEY across the entire project

Breaking change. Tool name, binary name, function/type names,
constant names, env vars, header guards, file paths, and GitHub
repo URL all rebrand IAMROOT → SKELETONKEY.

Changes:
  - All "IAMROOT" → "SKELETONKEY" (constants, env vars, enum
    values, docs, comments)
  - All "iamroot" → "skeletonkey" (functions, types, paths, CLI)
  - iamroot.c → skeletonkey.c
  - modules/*/iamroot_modules.{c,h} → modules/*/skeletonkey_modules.{c,h}
  - tools/iamroot-fleet-scan.sh → tools/skeletonkey-fleet-scan.sh
  - Binary "iamroot" → "skeletonkey"
  - GitHub URL KaraZajac/IAMROOT → KaraZajac/SKELETONKEY
  - .gitignore now expects build output named "skeletonkey"
  - /tmp/iamroot-* tmpfiles → /tmp/skeletonkey-*
  - Env vars IAMROOT_MODPROBE_PATH etc. → SKELETONKEY_*

New ASCII skeleton-key banner (horizontal key icon + ANSI Shadow
SKELETONKEY block letters) replaces the IAMROOT banner in
skeletonkey.c and README.md.

VERSION: 0.3.1 → 0.4.0 (breaking).

Build clean on Debian 6.12.86. `skeletonkey --version` → 0.4.0.
All 24 modules still register; no functional code changes — pure
rename + banner refresh.

modules/copy_fail_family/iamroot_modules.h

@@ -1,28 +0,0 @@
-/*
- * copy_fail_family — IAMROOT module registry hooks
- *
- * The family currently contains five iamroot_module entries:
- *
- *   - copy_fail        (CVE-2026-31431, algif_aead authencesn)
- *   - copy_fail_gcm    (no CVE, rfc4106(gcm(aes)) variant)
- *   - dirty_frag_esp   (CVE-2026-43284 v4)
- *   - dirty_frag_esp6  (CVE-2026-43284 v6)
- *   - dirty_frag_rxrpc (CVE-2026-43500)
- *
- * Defined in iamroot_modules.c, registered into the global registry
- * by iamroot_register_copy_fail_family() (declared in
- * core/registry.h).
- */
-
-#ifndef COPY_FAIL_FAMILY_IAMROOT_MODULES_H
-#define COPY_FAIL_FAMILY_IAMROOT_MODULES_H
-
-#include "../../core/module.h"
-
-extern const struct iamroot_module copy_fail_module;
-extern const struct iamroot_module copy_fail_gcm_module;
-extern const struct iamroot_module dirty_frag_esp_module;
-extern const struct iamroot_module dirty_frag_esp6_module;
-extern const struct iamroot_module dirty_frag_rxrpc_module;
-
-#endif

modules/copy_fail_family/skeletonkey_modules.c

@@ -1,21 +1,21 @@
 /*
- * copy_fail_family — IAMROOT module bridge layer
+ * copy_fail_family — SKELETONKEY module bridge layer
  *
  * Wraps the existing per-CVE detect/exploit functions (from the
- * absorbed DIRTYFAIL codebase) as standard iamroot_module entries.
+ * absorbed DIRTYFAIL codebase) as standard skeletonkey_module entries.
  *
  * The bridge functions translate between the family's df_result_t
- * (defined in src/common.h) and iamroot_result_t (defined in
+ * (defined in src/common.h) and skeletonkey_result_t (defined in
  * core/module.h). Numeric values are identical by design so the
  * translation is a direct cast.
  *
- * iamroot_ctx fields (no_color, json, active_probe, no_shell) are
+ * skeletonkey_ctx fields (no_color, json, active_probe, no_shell) are
  * forwarded to the family's existing global flags before each
  * callback. This preserves DIRTYFAIL's existing CLI semantics
  * unchanged.
  */
 
-#include "iamroot_modules.h"
+#include "skeletonkey_modules.h"
 #include "../../core/registry.h"
 
 #include "src/common.h"
@@ -28,7 +28,7 @@
 
 #include <sys/stat.h>
 
-static void apply_ctx(const struct iamroot_ctx *ctx)
+static void apply_ctx(const struct skeletonkey_ctx *ctx)
 {
     dirtyfail_use_color     = !ctx->no_color;
     dirtyfail_active_probes = ctx->active_probe;
@@ -54,13 +54,13 @@ static void apply_ctx(const struct iamroot_ctx *ctx)
 
 #define CFF_MITIGATE_CONF "/etc/modprobe.d/dirtyfail-mitigations.conf"
 
-static iamroot_result_t copy_fail_family_mitigate(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t copy_fail_family_mitigate(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)mitigate_apply();
+    return (skeletonkey_result_t)mitigate_apply();
 }
 
-static iamroot_result_t copy_fail_family_cleanup(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t copy_fail_family_cleanup(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
     struct stat st;
@@ -69,27 +69,27 @@ static iamroot_result_t copy_fail_family_cleanup(const struct iamroot_ctx *ctx)
             fprintf(stderr, "[*] copy_fail_family: detected mitigation conf "
                             "(%s); reverting mitigation\n", CFF_MITIGATE_CONF);
         }
-        return (iamroot_result_t)mitigate_revert();
+        return (skeletonkey_result_t)mitigate_revert();
     }
     if (!ctx->json) {
         fprintf(stderr, "[*] copy_fail_family: no mitigation conf; "
                         "evicting /etc/passwd from page cache\n");
     }
-    return try_revert_passwd_page_cache() ? IAMROOT_OK : IAMROOT_TEST_ERROR;
+    return try_revert_passwd_page_cache() ? SKELETONKEY_OK : SKELETONKEY_TEST_ERROR;
 }
 
 /* ----- copy_fail (CVE-2026-31431) ----- */
 
-static iamroot_result_t copy_fail_detect_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t copy_fail_detect_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)copyfail_detect();
+    return (skeletonkey_result_t)copyfail_detect();
 }
 
-static iamroot_result_t copy_fail_exploit_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t copy_fail_exploit_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)copyfail_exploit(!ctx->no_shell);
+    return (skeletonkey_result_t)copyfail_exploit(!ctx->no_shell);
 }
 
 /* Shared detection rules for the copy_fail family — every member of
@@ -99,19 +99,19 @@ static iamroot_result_t copy_fail_exploit_wrap(const struct iamroot_ctx *ctx)
 static const char copy_fail_family_auditd[] =
     "# Copy Fail family (CVE-2026-31431 + Dirty Frag CVE-2026-43284 + RxRPC CVE-2026-43500)\n"
     "# Page-cache writes to passwd/shadow/su/sudoers from non-root.\n"
-    "-w /etc/passwd     -p wa -k iamroot-copy-fail\n"
-    "-w /etc/shadow     -p wa -k iamroot-copy-fail\n"
-    "-w /etc/sudoers    -p wa -k iamroot-copy-fail\n"
-    "-w /etc/sudoers.d  -p wa -k iamroot-copy-fail\n"
-    "-w /usr/bin/su     -p wa -k iamroot-copy-fail\n"
+    "-w /etc/passwd     -p wa -k skeletonkey-copy-fail\n"
+    "-w /etc/shadow     -p wa -k skeletonkey-copy-fail\n"
+    "-w /etc/sudoers    -p wa -k skeletonkey-copy-fail\n"
+    "-w /etc/sudoers.d  -p wa -k skeletonkey-copy-fail\n"
+    "-w /usr/bin/su     -p wa -k skeletonkey-copy-fail\n"
     "# AF_ALG socket creation by non-root — heavily used by exploit\n"
-    "-a always,exit -F arch=b64 -S socket -F a0=38 -k iamroot-copy-fail-afalg\n"
+    "-a always,exit -F arch=b64 -S socket -F a0=38 -k skeletonkey-copy-fail-afalg\n"
     "# xfrm SA setup (Dirty Frag ESP variants)\n"
-    "-a always,exit -F arch=b64 -S setsockopt -k iamroot-copy-fail-xfrm\n";
+    "-a always,exit -F arch=b64 -S setsockopt -k skeletonkey-copy-fail-xfrm\n";
 
 static const char copy_fail_family_sigma[] =
     "title: Copy Fail / Dirty Frag family exploitation\n"
-    "id: 4d8e6c2a-iamroot-copy-fail-family\n"
+    "id: 4d8e6c2a-skeletonkey-copy-fail-family\n"
     "status: experimental\n"
     "description: |\n"
     "  Detects the file-modification footprint of Copy Fail (CVE-2026-31431) and\n"
@@ -127,7 +127,7 @@ static const char copy_fail_family_sigma[] =
     "level: high\n"
     "tags: [attack.privilege_escalation, attack.t1068, cve.2026.31431, cve.2026.43284, cve.2026.43500]\n";
 
-const struct iamroot_module copy_fail_module = {
+const struct skeletonkey_module copy_fail_module = {
     .name           = "copy_fail",
     .cve            = "CVE-2026-31431",
     .summary        = "algif_aead authencesn page-cache write → /etc/passwd UID flip",
@@ -145,19 +145,19 @@ const struct iamroot_module copy_fail_module = {
 
 /* ----- copy_fail_gcm (variant, no CVE) ----- */
 
-static iamroot_result_t copy_fail_gcm_detect_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t copy_fail_gcm_detect_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)copyfail_gcm_detect();
+    return (skeletonkey_result_t)copyfail_gcm_detect();
 }
 
-static iamroot_result_t copy_fail_gcm_exploit_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t copy_fail_gcm_exploit_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)copyfail_gcm_exploit(!ctx->no_shell);
+    return (skeletonkey_result_t)copyfail_gcm_exploit(!ctx->no_shell);
 }
 
-const struct iamroot_module copy_fail_gcm_module = {
+const struct skeletonkey_module copy_fail_gcm_module = {
     .name         = "copy_fail_gcm",
     .cve          = "VARIANT",
     .summary      = "rfc4106(gcm(aes)) single-byte page-cache write (Copy Fail sibling)",
@@ -175,19 +175,19 @@ const struct iamroot_module copy_fail_gcm_module = {
 
 /* ----- dirty_frag_esp (CVE-2026-43284 v4) ----- */
 
-static iamroot_result_t dirty_frag_esp_detect_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t dirty_frag_esp_detect_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)dirtyfrag_esp_detect();
+    return (skeletonkey_result_t)dirtyfrag_esp_detect();
 }
 
-static iamroot_result_t dirty_frag_esp_exploit_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t dirty_frag_esp_exploit_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)dirtyfrag_esp_exploit(!ctx->no_shell);
+    return (skeletonkey_result_t)dirtyfrag_esp_exploit(!ctx->no_shell);
 }
 
-const struct iamroot_module dirty_frag_esp_module = {
+const struct skeletonkey_module dirty_frag_esp_module = {
     .name         = "dirty_frag_esp",
     .cve          = "CVE-2026-43284",
     .summary      = "IPv4 xfrm-ESP page-cache write (Dirty Frag v4)",
@@ -205,19 +205,19 @@ const struct iamroot_module dirty_frag_esp_module = {
 
 /* ----- dirty_frag_esp6 (CVE-2026-43284 v6) ----- */
 
-static iamroot_result_t dirty_frag_esp6_detect_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t dirty_frag_esp6_detect_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)dirtyfrag_esp6_detect();
+    return (skeletonkey_result_t)dirtyfrag_esp6_detect();
 }
 
-static iamroot_result_t dirty_frag_esp6_exploit_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t dirty_frag_esp6_exploit_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)dirtyfrag_esp6_exploit(!ctx->no_shell);
+    return (skeletonkey_result_t)dirtyfrag_esp6_exploit(!ctx->no_shell);
 }
 
-const struct iamroot_module dirty_frag_esp6_module = {
+const struct skeletonkey_module dirty_frag_esp6_module = {
     .name         = "dirty_frag_esp6",
     .cve          = "CVE-2026-43284",
     .summary      = "IPv6 xfrm-ESP page-cache write (Dirty Frag v6)",
@@ -235,19 +235,19 @@ const struct iamroot_module dirty_frag_esp6_module = {
 
 /* ----- dirty_frag_rxrpc (CVE-2026-43500) ----- */
 
-static iamroot_result_t dirty_frag_rxrpc_detect_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t dirty_frag_rxrpc_detect_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)dirtyfrag_rxrpc_detect();
+    return (skeletonkey_result_t)dirtyfrag_rxrpc_detect();
 }
 
-static iamroot_result_t dirty_frag_rxrpc_exploit_wrap(const struct iamroot_ctx *ctx)
+static skeletonkey_result_t dirty_frag_rxrpc_exploit_wrap(const struct skeletonkey_ctx *ctx)
 {
     apply_ctx(ctx);
-    return (iamroot_result_t)dirtyfrag_rxrpc_exploit(!ctx->no_shell);
+    return (skeletonkey_result_t)dirtyfrag_rxrpc_exploit(!ctx->no_shell);
 }
 
-const struct iamroot_module dirty_frag_rxrpc_module = {
+const struct skeletonkey_module dirty_frag_rxrpc_module = {
     .name         = "dirty_frag_rxrpc",
     .cve          = "CVE-2026-43500",
     .summary      = "AF_RXRPC handshake forgery + page-cache write (Dirty Frag RxRPC)",
@@ -265,11 +265,11 @@ const struct iamroot_module dirty_frag_rxrpc_module = {
 
 /* ----- Family registration ----- */
 
-void iamroot_register_copy_fail_family(void)
+void skeletonkey_register_copy_fail_family(void)
 {
-    iamroot_register(&copy_fail_module);
-    iamroot_register(&copy_fail_gcm_module);
-    iamroot_register(&dirty_frag_esp_module);
-    iamroot_register(&dirty_frag_esp6_module);
-    iamroot_register(&dirty_frag_rxrpc_module);
+    skeletonkey_register(&copy_fail_module);
+    skeletonkey_register(&copy_fail_gcm_module);
+    skeletonkey_register(&dirty_frag_esp_module);
+    skeletonkey_register(&dirty_frag_esp6_module);
+    skeletonkey_register(&dirty_frag_rxrpc_module);
 }

modules/copy_fail_family/skeletonkey_modules.h

@@ -0,0 +1,28 @@
+/*
+ * copy_fail_family — SKELETONKEY module registry hooks
+ *
+ * The family currently contains five skeletonkey_module entries:
+ *
+ *   - copy_fail        (CVE-2026-31431, algif_aead authencesn)
+ *   - copy_fail_gcm    (no CVE, rfc4106(gcm(aes)) variant)
+ *   - dirty_frag_esp   (CVE-2026-43284 v4)
+ *   - dirty_frag_esp6  (CVE-2026-43284 v6)
+ *   - dirty_frag_rxrpc (CVE-2026-43500)
+ *
+ * Defined in skeletonkey_modules.c, registered into the global registry
+ * by skeletonkey_register_copy_fail_family() (declared in
+ * core/registry.h).
+ */
+
+#ifndef COPY_FAIL_FAMILY_SKELETONKEY_MODULES_H
+#define COPY_FAIL_FAMILY_SKELETONKEY_MODULES_H
+
+#include "../../core/module.h"
+
+extern const struct skeletonkey_module copy_fail_module;
+extern const struct skeletonkey_module copy_fail_gcm_module;
+extern const struct skeletonkey_module dirty_frag_esp_module;
+extern const struct skeletonkey_module dirty_frag_esp6_module;
+extern const struct skeletonkey_module dirty_frag_rxrpc_module;
+
+#endif