Varification of v2.0

Author: voltsparx

README.md

@@ -193,10 +193,19 @@ When to use: bring up the full local operator surface in one command with health
 `connect`, `udp`, and `service` scans work without raw-socket privileges.  
 Raw-style TCP modes such as `syn`, `ack`, `fin`, `null`, `xmas`, `window`, and `maimon` need both:
 
-- elevated privileges such as `sudo`
-- a real raw-capable TCP probe backend
+- elevated privileges such as `sudo` or an Administrator shell
+- a real raw-capable TCP probe backend such as `nping`
 
-The current bundled scanner backend is still connect-oriented for TCP probes, so `sudo` alone does not make those raw modes equivalent to Nmap.
+ASRFacet-Rb now supports `nping` as the raw TCP backend across Linux, macOS, and Windows.
+
+- Linux and macOS: install `nping`, then use `--raw-backend nping --sudo`
+- Windows: install `nping` with `Npcap`, then run from an elevated Administrator shell or use `--sudo` so the CLI can request elevation
+
+Example:
+
+```bash
+asrfacet-rb portscan 192.0.2.10 --type xmas --raw-backend nping --sudo
+```
 
 ## Output, Storage, and Reporting
 

asrfacet-rb.gemspec

@@ -16,6 +16,11 @@ require_relative "lib/asrfacet_rb/version"
 require_relative "lib/asrfacet_rb/metadata"
 
 Gem::Specification.new do |spec|
+  generated_prefixes = %w[install/test-root/ output/ tmp/ vendor/].freeze
+  packaged_files = Dir.glob("{bin,config,docker,install,lib,man,spec,test,wordlists}/**/*").select do |path|
+    File.file?(path) && generated_prefixes.none? { |prefix| path.start_with?(prefix) }
+  end
+
   spec.name = "asrfacet-rb"
   spec.version = ASRFacet::VERSION
   spec.authors = [ASRFacet::Metadata::AUTHOR]
@@ -26,7 +31,16 @@ Gem::Specification.new do |spec|
   spec.license = "LicenseRef-Proprietary"
   spec.required_ruby_version = ">= 3.2"
 
-  spec.files = Dir.glob("{bin,config,docker,install,lib,man,spec,test,wordlists}/**/*").select { |path| File.file?(path) } + %w[Gemfile README.md LICENSE Rakefile Procfile .dockerignore]
+  spec.files = packaged_files + %w[
+    Gemfile
+    README.md
+    LICENSE
+    Rakefile
+    Procfile
+    .dockerignore
+    temp/nmap/nmap-service-probes
+    temp/nmap/nmap-services
+  ]
   spec.bindir = "bin"
   spec.executables = %w[asrfacet-rb asrfrb]
   spec.require_paths = ["lib"]
@@ -47,8 +61,9 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency "webrick", ">= 1.7", "< 2"
   spec.add_runtime_dependency "concurrent-ruby", ">= 1.2", "< 2"
   spec.add_runtime_dependency "csv", ">= 3.2", "< 4"
-  spec.add_runtime_dependency "caracal", ">= 1.5", "< 2"
-  spec.add_runtime_dependency "hexapdf", ">= 0.36", "< 1"
+  spec.add_runtime_dependency "base64", ">= 0.3", "< 1"
+  spec.add_runtime_dependency "caracal", ">= 1.4", "< 2"
+  spec.add_runtime_dependency "hexapdf", ">= 0.24", "< 2"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"
   spec.add_development_dependency "webmock"

install/linux.sh

@@ -40,6 +40,8 @@ RUNTIME_PAYLOAD=(
   "config"
   "lib"
   "man"
+  "temp/nmap/nmap-service-probes"
+  "temp/nmap/nmap-services"
   "Gemfile"
   "Gemfile.lock"
   "README.md"
@@ -120,7 +122,17 @@ copy_payload() {
   run_cmd mkdir -p "$destination_root"
   local entry
   for entry in "${RUNTIME_PAYLOAD[@]}"; do
-    [ -e "$REPO_ROOT/$entry" ] && run_cmd cp -R "$REPO_ROOT/$entry" "$destination_root/"
+    [ -e "$REPO_ROOT/$entry" ] || continue
+
+    local destination_dir="$destination_root"
+    local relative_dir
+    relative_dir="$(dirname "$entry")"
+    if [ "$relative_dir" != "." ]; then
+      destination_dir="$destination_root/$relative_dir"
+      run_cmd mkdir -p "$destination_dir"
+    fi
+
+    run_cmd cp -R "$REPO_ROOT/$entry" "$destination_dir/"
   done
 
   [ -d "$REPO_ROOT/wordlists" ] && run_cmd cp -R "$REPO_ROOT/wordlists" "$destination_root/"

install/macos.sh

@@ -40,6 +40,8 @@ RUNTIME_PAYLOAD=(
   "config"
   "lib"
   "man"
+  "temp/nmap/nmap-service-probes"
+  "temp/nmap/nmap-services"
   "Gemfile"
   "Gemfile.lock"
   "README.md"
@@ -120,7 +122,17 @@ copy_payload() {
   run_cmd mkdir -p "$destination_root"
   local entry
   for entry in "${RUNTIME_PAYLOAD[@]}"; do
-    [ -e "$REPO_ROOT/$entry" ] && run_cmd cp -R "$REPO_ROOT/$entry" "$destination_root/"
+    [ -e "$REPO_ROOT/$entry" ] || continue
+
+    local destination_dir="$destination_root"
+    local relative_dir
+    relative_dir="$(dirname "$entry")"
+    if [ "$relative_dir" != "." ]; then
+      destination_dir="$destination_root/$relative_dir"
+      run_cmd mkdir -p "$destination_dir"
+    fi
+
+    run_cmd cp -R "$REPO_ROOT/$entry" "$destination_dir/"
   done
 
   [ -d "$REPO_ROOT/wordlists" ] && run_cmd cp -R "$REPO_ROOT/wordlists" "$destination_root/"

install/windows.ps1

@@ -44,6 +44,8 @@ $RuntimePayload = @(
   "config",
   "lib",
   "man",
+  "temp/nmap/nmap-service-probes",
+  "temp/nmap/nmap-services",
   "Gemfile",
   "Gemfile.lock",
   "README.md",
@@ -220,7 +222,16 @@ function Copy-Payload {
   foreach ($entry in $RuntimePayload) {
     $source = Join-Path $RepoRoot $entry
     if (Test-Path -LiteralPath $source) {
-      Copy-Item -LiteralPath $source -Destination $DestinationRoot -Recurse -Force
+      $entryParent = Split-Path -Parent $entry
+      $destination = if ([string]::IsNullOrWhiteSpace($entryParent)) {
+        $DestinationRoot
+      } else {
+        $targetDir = Join-Path $DestinationRoot $entryParent
+        New-Item -ItemType Directory -Path $targetDir -Force | Out-Null
+        $targetDir
+      }
+
+      Copy-Item -LiteralPath $source -Destination $destination -Recurse -Force
     }
   }
 

lib/asrfacet_rb.rb

@@ -96,10 +96,12 @@
 require_relative "asrfacet_rb/scanner/results/port_result"
 require_relative "asrfacet_rb/scanner/results/host_result"
 require_relative "asrfacet_rb/scanner/results/scan_result"
+require_relative "asrfacet_rb/scanner/platform"
 require_relative "asrfacet_rb/scanner/privilege"
 require_relative "asrfacet_rb/scanner/verbose_logger"
 require_relative "asrfacet_rb/scanner/probe_db"
 require_relative "asrfacet_rb/scanner/result_adapter"
+require_relative "asrfacet_rb/scanner/probes/nping_raw_adapter"
 require_relative "asrfacet_rb/scanner/probes/tcp_prober"
 require_relative "asrfacet_rb/scanner/probes/udp_prober"
 require_relative "asrfacet_rb/scanner/probes/icmp_prober"

lib/asrfacet_rb/scanner/platform.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+# For use only on systems you own or have explicit
+# written authorization to test.
+# SPDX-License-Identifier: Proprietary
+#
+# ASRFacet-Rb: Attack Surface Reconnaissance Framework
+# Copyright (c) 2026 voltsparx
+#
+# Author: voltsparx
+# Repository: https://github.com/voltsparx/ASRFacet-Rb
+# Contact: voltsparx@gmail.com
+# License: See LICENSE file in the project root
+#
+# This file is part of ASRFacet-Rb and is subject to the terms
+# and conditions defined in the LICENSE file.
+
+require "open3"
+require "rbconfig"
+
+module ASRFacet
+  module Scanner
+    module Platform
+      module_function
+
+      def windows?
+        host_os.match?(/mswin|mingw|cygwin/i)
+      rescue StandardError
+        false
+      end
+
+      def macos?
+        host_os.match?(/darwin/i)
+      rescue StandardError
+        false
+      end
+
+      def linux?
+        host_os.match?(/linux/i)
+      rescue StandardError
+        false
+      end
+
+      def elevated?
+        return windows_admin? if windows?
+        return false unless Process.respond_to?(:uid)
+
+        Process.uid.zero?
+      rescue StandardError
+        false
+      end
+
+      def command_available?(command_name)
+        return false if command_name.to_s.strip.empty?
+
+        lookup = windows? ? ["where", command_name.to_s] : ["sh", "-lc", "command -v #{shell_escape(command_name.to_s)}"]
+        _stdout, _stderr, status = Open3.capture3(*lookup)
+        status.success?
+      rescue StandardError
+        false
+      end
+
+      def nping_available?
+        command_available?("nping")
+      end
+
+      def sudo_available?
+        !windows? && command_available?("sudo")
+      end
+
+      def powershell_available?
+        windows? && command_available?("powershell")
+      end
+
+      def elevation_supported?
+        return powershell_available? if windows?
+
+        sudo_available?
+      rescue StandardError
+        false
+      end
+
+      def privilege_label
+        return "Run as Administrator" if windows?
+
+        "sudo"
+      rescue StandardError
+        "elevated privileges"
+      end
+
+      def host_label
+        return "Windows" if windows?
+        return "macOS" if macos?
+        return "Linux" if linux?
+
+        host_os
+      rescue StandardError
+        "unknown"
+      end
+
+      def raw_backend_requirements
+        return "Nping with Npcap support and an elevated Administrator shell" if windows?
+
+        "Nping and an elevated shell such as sudo"
+      rescue StandardError
+        "a raw-capable backend and elevated privileges"
+      end
+
+      def host_os
+        RbConfig::CONFIG["host_os"].to_s
+      rescue StandardError
+        ""
+      end
+
+      def shell_escape(text)
+        text.to_s.gsub("'", %q('\\'')) # shell-safe single-quote escape
+      rescue StandardError
+        text.to_s
+      end
+
+      def windows_admin?
+        script = "[Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()" \
+                 ".IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)"
+        stdout, _stderr, status = Open3.capture3("powershell", "-NoProfile", "-Command", script)
+        status.success? && stdout.to_s.strip.casecmp("true").zero?
+      rescue StandardError
+        false
+      end
+    end
+  end
+end

lib/asrfacet_rb/scanner/privilege.rb

@@ -14,10 +14,13 @@
 # This file is part of ASRFacet-Rb and is subject to the terms
 # and conditions defined in the LICENSE file.
 
+require "rbconfig"
+
 module ASRFacet
   module Scanner
     module Privilege
       RAW_SCAN_TYPES = %i[syn ack fin null xmas window maimon].freeze
+      ELEVATION_MARKER = "ASRFACET_RB_ELEVATED_RELAUNCH".freeze
 
       module_function
 
@@ -28,10 +31,7 @@ def raw_scan_type?(scan_type)
       end
 
       def elevated?
-        return false if Gem.win_platform?
-        return false unless Process.respond_to?(:uid)
-
-        Process.uid.zero?
+        ASRFacet::Scanner::Platform.elevated?
       rescue StandardError
         false
       end
@@ -53,18 +53,75 @@ def validate!(scan_type:, tcp_prober:)
         true
       end
 
+      def maybe_relaunch!(scan_type:, tcp_prober:, argv:, requested: false)
+        return false unless requested
+        return false unless raw_scan_type?(scan_type)
+        return false unless raw_socket_capable?(tcp_prober)
+        return false if elevated?
+        raise ASRFacet::ScanError, elevation_loop_message(scan_type) if ENV[ELEVATION_MARKER] == "1"
+        raise ASRFacet::ScanError, unsupported_elevation_message(scan_type) unless ASRFacet::Scanner::Platform.elevation_supported?
+
+        relaunch_with_elevation!(Array(argv))
+        true
+      end
+
       def unsupported_message(scan_type)
-        "#{scan_type} scans need a raw-capable TCP prober and elevated privileges. " \
-          "The bundled scanner backend is connect-oriented, so sudo alone will not make #{scan_type} behave like a real raw scan."
+        "#{scan_type} scans need a raw-capable TCP prober backend such as Nping. " \
+          "On #{ASRFacet::Scanner::Platform.host_label}, raw scans require #{ASRFacet::Scanner::Platform.raw_backend_requirements}."
       rescue StandardError
         "This scan type needs a raw-capable TCP prober and elevated privileges."
       end
 
       def privilege_message(scan_type)
-        "#{scan_type} scans need elevated privileges. Re-run as root or with sudo after providing a raw-capable TCP prober backend."
+        "#{scan_type} scans need elevated privileges. Re-run with #{ASRFacet::Scanner::Platform.privilege_label} on #{ASRFacet::Scanner::Platform.host_label}, or pass --sudo so ASRFacet-Rb can relaunch itself."
       rescue StandardError
         "This scan type needs elevated privileges."
       end
+
+      def relaunch_with_elevation!(argv)
+        return relaunch_windows!(argv) if ASRFacet::Scanner::Platform.windows?
+
+        relaunch_posix!(argv)
+      end
+
+      def relaunch_posix!(argv)
+        ENV[ELEVATION_MARKER] = "1"
+        exec("sudo", "-E", RbConfig.ruby, File.expand_path($PROGRAM_NAME), *argv)
+      rescue SystemCallError => e
+        raise ASRFacet::ScanError, "Unable to relaunch with sudo: #{e.message}"
+      end
+
+      def relaunch_windows!(argv)
+        ENV[ELEVATION_MARKER] = "1"
+        script_path = File.expand_path($PROGRAM_NAME)
+        ruby_path = RbConfig.ruby
+        ruby_literal = powershell_literal(ruby_path)
+        argument_items = ([script_path] + Array(argv)).map { |item| powershell_literal(item) }.join(", ")
+        command = "$proc = Start-Process -Verb RunAs -FilePath #{ruby_literal} -ArgumentList @(" \
+                  "#{argument_items}) -Wait -PassThru; exit $proc.ExitCode"
+        system("powershell", "-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", command)
+        exit($?.respond_to?(:exitstatus) ? $?.exitstatus.to_i : 0)
+      rescue SystemCallError => e
+        raise ASRFacet::ScanError, "Unable to relaunch with Administrator privileges: #{e.message}"
+      end
+
+      def powershell_literal(text)
+        "'#{text.to_s.gsub("'", "''")}'"
+      rescue StandardError
+        "''"
+      end
+
+      def unsupported_elevation_message(scan_type)
+        "#{scan_type} scans need elevation, but this host does not have an available #{ASRFacet::Scanner::Platform.privilege_label} workflow."
+      rescue StandardError
+        "This scan type needs elevation, but no supported elevation workflow is available."
+      end
+
+      def elevation_loop_message(scan_type)
+        "#{scan_type} scan relaunch already attempted, but the elevated process still does not have usable raw-scan privileges."
+      rescue StandardError
+        "An elevated relaunch was already attempted."
+      end
     end
   end
 end