feat: implement dune sand walking

Author: toderian

extensions/business/cybersec/red_mesh/pentester_api_01.py

@@ -60,6 +60,10 @@
   "MONITOR_INTERVAL": 60,  # seconds between passes in continuous mode
   "MONITOR_JITTER": 5,     # random jitter to avoid simultaneous CStore writes
 
+  # Dune sand walking - random delays between operations to evade IDS detection
+  "SCAN_MIN_RND_DELAY": 0.0,  # minimum delay in seconds (0 = disabled)
+  "SCAN_MAX_RND_DELAY": 0.0,  # maximum delay in seconds (0 = disabled)
+
   'VALIDATION_RULES': {
     **BasePlugin.CONFIG['VALIDATION_RULES'],  
   },
@@ -301,16 +305,18 @@ def _ensure_worker_entry(self, job_id, job_spec):
 
 
   def _launch_job(
-    self, 
+    self,
     job_id,
     target,
-    start_port, 
-    end_port, 
+    start_port,
+    end_port,
     network_worker_address,
     nr_local_workers=4,
     exceptions=None,
     port_order=None,
     excluded_features=None,
+    scan_min_delay=0.0,
+    scan_max_delay=0.0,
   ):
     """
     Launch local worker threads for a job by splitting the port range.
@@ -335,6 +341,10 @@ def _launch_job(
       Port scanning order: "SHUFFLE" or "SEQUENTIAL".
     excluded_features : list[str], optional
       List of feature names to exclude from scanning.
+    scan_min_delay: float, optional
+      Minimum random delay between scan operations.
+    scan_max_delay: float, optional
+      Maximum random delay between scan operations.
 
     Returns
     -------
@@ -387,12 +397,14 @@ def _launch_job(
         batch_job = PentestLocalWorker(
           owner=self,
           local_id_prefix=str(i + 1),
-          target=target, 
+          target=target,
           job_id=job_id,
           initiator=network_worker_address,
           exceptions=exceptions,
           worker_target_ports=batch,
           excluded_features=excluded_features,
+          scan_min_delay=scan_min_delay,
+          scan_max_delay=scan_max_delay,
         )
         batch_job.start()
         local_jobs[batch_job.local_worker_id] = batch_job
@@ -476,6 +488,8 @@ def _maybe_launch_jobs(self, nr_local_workers=None):
             self.P("No end port specified, defaulting to 65535.")
             end_port = 65535
           exceptions = job_specs.get("exceptions", [])
+          scan_min_delay = job_specs.get("scan_min_delay", self.cfg_scan_min_rnd_delay)
+          scan_max_delay = job_specs.get("scan_max_delay", self.cfg_scan_max_rnd_delay)
           workers_requested = nr_local_workers if nr_local_workers is not None else self.cfg_nr_local_workers
           self.P("Using {} local workers for job {}".format(workers_requested, job_id))
           try:
@@ -489,6 +503,8 @@ def _maybe_launch_jobs(self, nr_local_workers=None):
               exceptions=exceptions,
               port_order=port_order,
               excluded_features=excluded_features,
+              scan_min_delay=scan_min_delay,
+              scan_max_delay=scan_max_delay,
             )
           except ValueError as exc:
             self.P(f"Skipping job {job_id}: {exc}", color='r')
@@ -908,6 +924,8 @@ def launch_test(
     excluded_features: list[str] = None,
     run_mode: str = "",
     monitor_interval: int = 0,
+    scan_min_delay: float = 0.0,
+    scan_max_delay: float = 0.0,
   ):
     """
     Start a pentest on the specified target.
@@ -937,6 +955,10 @@ def launch_test(
       repeated scans at monitor_interval.
     monitor_interval: int, optional
       Seconds between passes in CONTINUOUS_MONITORING mode (0 = use config).
+    scan_min_delay: float, optional
+      Minimum random delay between scan operations (Dune sand walking).
+    scan_max_delay: float, optional
+      Maximum random delay between scan operations (Dune sand walking).
 
     Returns
     -------
@@ -996,6 +1018,15 @@ def launch_test(
     if monitor_interval <= 0:
       monitor_interval = self.cfg_monitor_interval
 
+    # Validate scan delays (Dune sand walking)
+    if scan_min_delay <= 0:
+      scan_min_delay = self.cfg_scan_min_rnd_delay
+    if scan_max_delay <= 0:
+      scan_max_delay = self.cfg_scan_max_rnd_delay
+    # Ensure min <= max
+    if scan_min_delay > scan_max_delay:
+      scan_min_delay, scan_max_delay = scan_max_delay, scan_min_delay
+
     chainstore_peers = self.cfg_chainstore_peers
     num_workers = len(chainstore_peers)
 
@@ -1062,6 +1093,9 @@ def launch_test(
       "job_pass": 1,
       "next_pass_at": None,
       "pass_history": [],
+      # Dune sand walking
+      "scan_min_delay": scan_min_delay,
+      "scan_max_delay": scan_max_delay,
     }
     self.chainstore_hset(
       hkey=self.cfg_instance_id,

extensions/business/cybersec/red_mesh/redmesh_utils.py

@@ -1,4 +1,5 @@
 import uuid
+import random
 import threading
 import socket
 import json
@@ -47,15 +48,17 @@ class PentestLocalWorker(
   """
 
   def __init__(
-    self, 
-    owner, 
-    target, 
+    self,
+    owner,
+    target,
     job_id : str,
-    initiator : str, 
+    initiator : str,
     local_id_prefix : str,
     worker_target_ports=COMMON_PORTS,
     exceptions=None,
     excluded_features=None,
+    scan_min_delay: float = 0.0,
+    scan_max_delay: float = 0.0,
   ):
     """
     Initialize a pentest worker with target ports and exclusions.
@@ -78,6 +81,10 @@ def __init__(
       Ports to exclude from scanning.
     excluded_features: list[str], optional
       List of feature method names to exclude.
+    scan_min_delay : float, optional
+      Minimum random delay (seconds) between operations (Dune sand walking).
+    scan_max_delay : float, optional
+      Maximum random delay (seconds) between operations (Dune sand walking).
 
     Raises
     ------
@@ -89,6 +96,8 @@ def __init__(
     if exceptions is None:
       exceptions = []
     self.target = target
+    self.scan_min_delay = scan_min_delay
+    self.scan_max_delay = scan_max_delay
     self.job_id = job_id
     self.initiator = initiator
     self.local_worker_id = "RM-{}-{}".format(
@@ -305,6 +314,25 @@ def _check_stopped(self):
     return self.state["done"] or self.stop_event.is_set()
 
 
+  def _interruptible_sleep(self):
+    """
+    Sleep for a random interval (Dune sand walking), interruptible by stop_event.
+
+    Uses stop_event.wait(timeout) instead of time.sleep() so that stop requests
+    are handled immediately rather than waiting for the sleep to complete.
+
+    Returns
+    -------
+    bool
+      True if stop was requested during sleep (should exit), False otherwise.
+    """
+    if self.scan_max_delay <= 0:
+      return False  # Delays disabled
+    delay = random.uniform(self.scan_min_delay, self.scan_max_delay)
+    # wait() returns True if event is set (stop requested), False on timeout
+    return self.stop_event.wait(timeout=delay)
+
+
   def execute_job(self):
     """
     Run the full pentesting workflow: port scanning, service info gathering,
@@ -382,6 +410,9 @@ def _scan_ports_step(self, batch_size=None, batch_nr=1):
     for i, port in enumerate(ports_batch):
       if self.stop_event.is_set():
         return
+      # Dune sand walking - random delay before each port scan
+      if self._interruptible_sleep():
+        return  # Stop was requested during sleep
       sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
       sock.settimeout(0.3)
       try:
@@ -436,7 +467,10 @@ def _gather_service_info(self):
       method_info = []
       for port in open_ports:
         if self.stop_event.is_set():
-          continue
+          return
+        # Dune sand walking - random delay before each service probe
+        if self._interruptible_sleep():
+          return  # Stop was requested during sleep
         info = func(target, port)
         if port not in self.state["service_info"]:
           self.state["service_info"][port] = {}
@@ -481,7 +515,10 @@ def _run_web_tests(self):
       func = getattr(self, method)
       for port in ports_to_test:
         if self.stop_event.is_set():
-          return      
+          return
+        # Dune sand walking - random delay before each web test
+        if self._interruptible_sleep():
+          return  # Stop was requested during sleep
         iter_result = func(target, port)
         if iter_result:
           result.append(f"{method}:{port} {iter_result}")