From 9290bbe6a0a793a5d4644ef64431de0052d0538c Mon Sep 17 00:00:00 2001 From: vmfunc <59031302+vmfunc@users.noreply.github.com> Date: Wed, 7 Jan 2026 13:02:40 +0100 Subject: [PATCH 1/6] feat(modules): legacy framework scan Converted legacy framework scan to be able to run as module. --- internal/scan/builtin/frameworks.go | 94 +++++++++++++++++++++++++++++ internal/scan/builtin/register.go | 4 +- 2 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 internal/scan/builtin/frameworks.go diff --git a/internal/scan/builtin/frameworks.go b/internal/scan/builtin/frameworks.go new file mode 100644 index 0000000..743c9f3 --- /dev/null +++ b/internal/scan/builtin/frameworks.go @@ -0,0 +1,94 @@ +/* +·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━· +: : +: █▀ █ █▀▀ · Blazing-fast pentesting suite : +: ▄█ █ █▀ · BSD 3-Clause License : +: : +: (c) 2022-2025 vmfunc (vmfunc), xyzeva, : +: lunchcat alumni & contributors : +: : +·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━· +*/ + +package builtin + +import ( + "context" + "fmt" + "github.com/dropalldatabases/sif/internal/modules" + "github.com/dropalldatabases/sif/internal/scan/frameworks" + "strings" +) + +type FrameworksModule struct{} + +func (m *FrameworksModule) Info() modules.Info { + return modules.Info{ + ID: "framework-detection", + Name: "Web Framework Detection", + Author: "sif", + Severity: "info", + Description: "Detects web frameworks with version and CVE mapping", + Tags: []string{"recon", "framework", "cve"}, + } +} + +func (m *FrameworksModule) Type() modules.ModuleType { + return modules.TypeHTTP +} + +func (m *FrameworksModule) Execute(ctx context.Context, target string, opts modules.Options) (*modules.Result, error) { + // Call existing legacy frameworks.DetectFramework function + frameworkResult, err := frameworks.DetectFramework(target, opts.Timeout, opts.LogDir) + + if err != nil { + return nil, err + } + + result := &modules.Result{ + ModuleID: m.Info().ID, + Target: target, + Findings: []modules.Finding{}, + } + + // Return empty if no framework detected + if frameworkResult == nil { + return result, nil + } + + // Construct finding + evidence := fmt.Sprintf("Detected %s framework (version: %s, confidence: %.2f)", + frameworkResult.Name, frameworkResult.Version, frameworkResult.Confidence) + + severity := "info" + if frameworkResult.RiskLevel != "" && frameworkResult.RiskLevel != "low" { + severity = frameworkResult.RiskLevel + } + + finding := modules.Finding{ + URL: target, + Severity: severity, + Evidence: evidence, + Extracted: map[string]string{ + "framework": frameworkResult.Name, + "version": frameworkResult.Version, + "confidence": fmt.Sprintf("%.2f", frameworkResult.Confidence), + "version_confidence": fmt.Sprintf("%.2f", frameworkResult.VersionConfidence), + }, + } + + // Add CVE information + if len(frameworkResult.CVEs) > 0 { + finding.Extracted["cves"] = strings.Join(frameworkResult.CVEs, ", ") + finding.Extracted["risk_level"] = frameworkResult.RiskLevel + } + + // Add recommendations + if len(frameworkResult.Suggestions) > 0 { + finding.Extracted["recommendations"] = strings.Join(frameworkResult.Suggestions, "; ") + } + + result.Findings = append(result.Findings, finding) + + return result, nil +} diff --git a/internal/scan/builtin/register.go b/internal/scan/builtin/register.go index 006cd09..deb1c0d 100644 --- a/internal/scan/builtin/register.go +++ b/internal/scan/builtin/register.go @@ -12,8 +12,10 @@ package builtin +import "github.com/dropalldatabases/sif/internal/modules" + // Register registers all Go-based built-in scans as modules. // Allows complex Go scans to participate in the module system func Register() { - // Built-in modules will be registered here + modules.Register(&FrameworksModule{}) } From 2ee2283412deb3fd72bb13c2dc25618953fecc03 Mon Sep 17 00:00:00 2001 From: vmfunc <59031302+vmfunc@users.noreply.github.com> Date: Wed, 7 Jan 2026 22:34:53 +0100 Subject: [PATCH 2/6] fix: frameworks module file rename Renamed frameworks module file to differentiate from legacy framework scans. --- internal/scan/builtin/{frameworks.go => frameworks-module.go} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename internal/scan/builtin/{frameworks.go => frameworks-module.go} (100%) diff --git a/internal/scan/builtin/frameworks.go b/internal/scan/builtin/frameworks-module.go similarity index 100% rename from internal/scan/builtin/frameworks.go rename to internal/scan/builtin/frameworks-module.go From c62409bf0a82a631f8b178215c6a24deeb4e7257 Mon Sep 17 00:00:00 2001 From: vmfunc <59031302+vmfunc@users.noreply.github.com> Date: Wed, 7 Jan 2026 22:39:56 +0100 Subject: [PATCH 3/6] fix: rename to snakecase --- .../scan/builtin/{frameworks-module.go => frameworks_module.go} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename internal/scan/builtin/{frameworks-module.go => frameworks_module.go} (100%) diff --git a/internal/scan/builtin/frameworks-module.go b/internal/scan/builtin/frameworks_module.go similarity index 100% rename from internal/scan/builtin/frameworks-module.go rename to internal/scan/builtin/frameworks_module.go From 26ea7c0ee6ed9a33f6269deeb239756da70feb41 Mon Sep 17 00:00:00 2001 From: vmfunc <59031302+vmfunc@users.noreply.github.com> Date: Mon, 12 Jan 2026 11:19:48 +0100 Subject: [PATCH 4/6] fix(conflicts): fix PR conflicts on --- internal/scan/builtin/register.go | 1 + internal/scan/builtin/whois.go | 56 +++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 internal/scan/builtin/whois.go diff --git a/internal/scan/builtin/register.go b/internal/scan/builtin/register.go index 27749c9..78b1883 100644 --- a/internal/scan/builtin/register.go +++ b/internal/scan/builtin/register.go @@ -18,4 +18,5 @@ import "github.com/dropalldatabases/sif/internal/modules" // Allows complex Go scans to participate in the module system func Register() { modules.Register(&NucleiModule{}) + modules.Register(&WhoisModule{}) } diff --git a/internal/scan/builtin/whois.go b/internal/scan/builtin/whois.go new file mode 100644 index 0000000..2190f3d --- /dev/null +++ b/internal/scan/builtin/whois.go @@ -0,0 +1,56 @@ +/* +·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━· +: : +: █▀ █ █▀▀ · Blazing-fast pentesting suite : +: ▄█ █ █▀ · BSD 3-Clause License : +: : +: (c) 2022-2025 vmfunc (vmfunc), xyzeva, : +: lunchcat alumni & contributors : +: : +·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━· +*/ + +package builtin + +import ( + "context" + "github.com/dropalldatabases/sif/internal/modules" + "github.com/dropalldatabases/sif/internal/scan" +) + +type WhoisModule struct{} + +func (m *WhoisModule) Info() modules.Info { + return modules.Info{ + ID: "whois-lookup", + Name: "WHOIS Domain Information", + Author: "sif", + Severity: "info", + Description: "Performs WHOIS lookup for domain registration information", + Tags: []string{"recon", "whois", "osint"}, + } +} + +func (m *WhoisModule) Type() modules.ModuleType { + return modules.TypeScript +} + +func (m *WhoisModule) Execute(ctx context.Context, target string, opts modules.Options) (*modules.Result, error) { + // Call existing legacy scan.Whois function + scan.Whois(target, opts.LogDir) + + // Return that scan was executed, since no data is returned from scan.Whois + result := &modules.Result{ + ModuleID: m.Info().ID, + Target: target, + Findings: []modules.Finding{ + { + URL: target, + Severity: "info", + Evidence: "WHOIS lookup completed", + }, + }, + } + + return result, nil +} From b6ad6f7a3ee7824c4cae58f349d7bc2923b9e6ae Mon Sep 17 00:00:00 2001 From: vmfunc <59031302+vmfunc@users.noreply.github.com> Date: Wed, 7 Jan 2026 22:35:23 +0100 Subject: [PATCH 5/6] fix: renamed whois module file Renamed whois scan module file to differentiate from legacy whois scan file. --- internal/scan/builtin/{whois.go => whois-module.go} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename internal/scan/builtin/{whois.go => whois-module.go} (100%) diff --git a/internal/scan/builtin/whois.go b/internal/scan/builtin/whois-module.go similarity index 100% rename from internal/scan/builtin/whois.go rename to internal/scan/builtin/whois-module.go From 8c4d6d81a70d4b4f12f885385f1374b79791d298 Mon Sep 17 00:00:00 2001 From: vmfunc <59031302+vmfunc@users.noreply.github.com> Date: Wed, 7 Jan 2026 22:39:46 +0100 Subject: [PATCH 6/6] fix: rename to snakecase --- internal/scan/builtin/{whois-module.go => whois_module.go} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename internal/scan/builtin/{whois-module.go => whois_module.go} (100%) diff --git a/internal/scan/builtin/whois-module.go b/internal/scan/builtin/whois_module.go similarity index 100% rename from internal/scan/builtin/whois-module.go rename to internal/scan/builtin/whois_module.go