Commit Graph

204 Commits

Author SHA1 Message Date
vmfunc 046a5bc7d7 ci: add test coverage reporting to workflow
run tests with race detector and coverage profiling, upload results
to codecov for visibility into test coverage metrics
2026-01-03 05:57:09 -08:00
vmfunc 295d684054 ci: enhance golangci-lint with additional linters
add gocritic, revive, unconvert, prealloc, bodyclose, noctx, and
exportloopref for better code quality detection
2026-01-03 05:57:09 -08:00
vmfunc 8cb4a85a99 Merge pull request #51 from andrewgazelka/chore/modernize-nix-flake
chore(nix): modernize flake to use buildGoModule
2026-01-03 00:38:59 -08:00
Andrew Gazelka f2c8cc71b2 chore(nix): modernize flake to use buildGoModule
- Remove flake-utils dependency (use local forAllSystems helper)
- Remove gomod2nix dependency (use native buildGoModule)
- Add overlay export for easy consumption
- Update nixpkgs to latest unstable
- Disable tests in nix build (require network access)
2026-01-03 00:25:37 -08:00
vmfunc 01fa28555b docs: update contributor name and add vxfemboy 2026-01-02 19:56:44 -08:00
vmfunc 29478f087a chore: fix contributorrc 2026-01-02 19:55:31 -08:00
vmfunc 7b3f4a4f2f chore: fix contributorrc 2026-01-02 19:51:03 -08:00
vmfunc 563f3817ce Merge pull request #40 from vmfunc/feat/framework-detection
feat: framework detection module
2026-01-02 19:15:07 -08:00
vmfunc 20ea60cd70 fix: adjust sif logo alignment 2026-01-02 19:12:28 -08:00
vmfunc 5eac60f696 fix: improve version detection and add documentation
- fix version detection to validate reasonable version numbers (major < 100)
- remove overly permissive patterns that caused false positives
- add comprehensive framework contribution documentation to CONTRIBUTING.md
- document signature patterns, version detection, and CVE data format
- add configuration documentation for flags and env vars
- outline future enhancements for community contributions
2026-01-02 19:04:37 -08:00
vmfunc e02e1554ea docs: add framework detection to readme 2026-01-02 18:54:24 -08:00
vmfunc 816b89328c feat: expand framework detection with cvs, version confidence, concurrency
- add 20+ new framework signatures (vue, angular, react, svelte, sveltekit,
  remix, gatsby, joomla, magento, shopify, ghost, ember, backbone, meteor,
  strapi, adonisjs, cakephp, codeigniter, asp.net core, spring boot)
- add version confidence scoring with multiple detection sources
- add concurrent framework scanning for better performance
- expand cve database with 15+ known vulnerabilities (spring4shell, etc.)
- add risk level assessment based on cve severity
- add comprehensive security recommendations
- add new tests for all features
2026-01-02 18:52:15 -08:00
vmfunc af9d05f6b2 chore: add license header to detect.go 2026-01-02 18:52:15 -08:00
vmfunc 138bdf35aa feat: improve framework detection with more signatures and tests
- use math.Exp instead of custom exp implementation
- add more framework signatures: next.js, nuxt.js, wordpress, drupal,
  symfony, fastapi, gin, phoenix
- fix header detection to check both header names and values
- simplify version detection (remove unnecessary padding)
- add comprehensive test suite for framework detection
- fix formatting in dork.go
2026-01-02 18:52:15 -08:00
vmfunc 494a84e338 chore(actions): add framework to CI 2026-01-02 18:52:15 -08:00
vmfunc 3bc7a2463d feat(framework-detection): weighted bayesian detection algorithm
- weighted signature matching for more accurate framework detection
- sigmoid normalization for confidence scores
- version detection with semantic versioning support
- header-only pattern
2026-01-02 18:52:15 -08:00
vmfunc a08239bb1c feat: framework detection module 2026-01-02 18:52:15 -08:00
vmfunc ecf71be01f fix: use static discord badge instead of server id 2026-01-02 18:45:07 -08:00
vmfunc 29709103be docs: update readme with new modules and discord link 2026-01-02 18:42:45 -08:00
vmfunc db24c59498 feat: add lfi reconnaissance module (#49)
adds a new --lfi flag for local file inclusion vulnerability scanning:
- tests common lfi parameters with directory traversal payloads
- detects /etc/passwd, /etc/shadow, windows system files
- identifies php wrappers and encoded content
- supports various bypass techniques (null bytes, encoding)

closes #4
2026-01-02 18:41:30 -08:00
vmfunc 4392e33179 feat: add sql reconnaissance module (#48)
adds a new --sql flag that performs sql reconnaissance on target urls:
- detects common database admin panels (phpmyadmin, adminer, pgadmin, etc.)
- identifies database error disclosure (mysql, postgresql, mssql, oracle, sqlite)
- scans common paths for sql injection indicators

closes #3
2026-01-02 18:40:06 -08:00
vmfunc 080ab10f56 fix: remove duplicate subdomain takeover call and add config tests (#46)
- remove duplicate SubdomainTakeover call that ran twice when both
  dns scan and --st flag were enabled
- add comprehensive tests for config settings defaults and behavior
- fix formatting in dork.go

closes #1
2026-01-02 18:38:47 -08:00
vmfunc 4a77307acf Merge pull request #47 from vmfunc/feat/shodan-integration
feat: add shodan integration for host reconnaissance
2026-01-02 18:35:56 -08:00
vmfunc d44dbb7f48 feat: add shodan integration for host reconnaissance
adds a new --shodan flag that queries the shodan api for information
about the target host. requires SHODAN_API_KEY environment variable.

features:
- resolves hostnames to ip addresses
- queries shodan host api for reconnaissance data
- displays organization, isp, location, ports, services, and vulns
- logs results to file when logdir is specified

closes #2
2026-01-02 18:24:37 -08:00
vmfunc 1bf927b895 fix: update dependencies to address security vulnerabilities
- golang.org/x/crypto v0.26.0 -> v0.46.0 (critical: ssh auth bypass)
- golang.org/x/net v0.28.0 -> v0.48.0 (medium: xss vulnerability)
- golang.org/x/oauth2 v0.11.0 -> v0.34.0 (high: input validation)
- quic-go v0.48.2 -> v0.58.0 (high: panic on undecryptable packets)
- golang-jwt/jwt v4.5.1 -> v4.5.2 (high: memory allocation)
- cloudflare/circl v1.3.7 -> v1.6.2 (low: validation issues)
- refraction-networking/utls v1.5.4 -> v1.8.1 (medium: tls downgrade)
- ulikunitz/xz v0.5.11 -> v0.5.15 (medium: memory leak)
- klauspost/compress v1.16.7 -> v1.17.4

also fixes go vet warnings for non-constant format strings
2026-01-02 18:03:27 -08:00
vmfunc 0e3e43a1f3 fix: update readme badges and use banner image
- update badges to point to vmfunc/sif
- replace ascii art with banner image
- fix header check action to check first 5 lines
- remove obsolete LICENSE.md
2026-01-02 17:54:17 -08:00
vmfunc 8230edf30b chore: delete old license 2026-01-02 17:45:14 -08:00
vmfunc d30c7f56a3 license: switch to bsd 3-clause, update headers and readme
- replace proprietary license with bsd 3-clause
- update all go file headers with new retro terminal style
- add header-check github action to enforce license headers
- completely rewrite readme to be modern, sleek, and lowercase
- fix broken badges
2026-01-02 17:41:18 -08:00
vmfunc 1379dd9952 test: add basic unit tests for scan package
adds tests for subdomain takeover detection, robots.txt fetching,
and result struct validation using httptest mock servers.
automated-release-421965e
2026-01-02 17:27:50 -08:00
vmfunc 925b84d22b chore: add golangci-lint configuration
enables errcheck, govet, staticcheck, unused, gosimple,
ineffassign, and misspell linters
2026-01-02 17:21:58 -08:00
vmfunc ecb2e147c2 docs: update minimum go version to 1.23 in contributing guide 2026-01-02 17:21:38 -08:00
vmfunc 5c92b6ae4d fix: handle errors instead of ignoring them
- dork.go: log and skip on googlesearch.Search error
- nuclei.go: return error on os.Getwd and reporting.New failures
- subdomaintakeover.go: return early on io.ReadAll error
2026-01-02 17:21:21 -08:00
vmfunc 75350458c1 chore: update github actions to latest versions
- update actions/checkout from v2/v3 to v4 across all workflows
- update reviewdog actions to latest versions
- update jetbrains/qodana-action to v2024.3
- update actions/dependency-review-action to v4
- replace deprecated actions/create-release and upload-release-asset
  with softprops/action-gh-release@v2
2026-01-02 17:20:01 -08:00
vmfunc 21c85974cd chore: upgrade to go 1.25 and ignore claude files
- update go.mod to use go 1.23 with toolchain go1.25.5
- add CLAUDE.md and .claude/ to .gitignore
2026-01-02 17:13:16 -08:00
vmfunc 3d2e75b525 Merge pull request #41 from vmfunc/dependabot/go_modules/go_modules-dd59f798d0
build(deps): bump github.com/quic-go/quic-go from 0.42.0 to 0.48.2 in the go_modules group
2026-01-02 17:11:27 -08:00
vmfunc bc07d1ad4e fix: update go version check to support go 1.20+
the makefile was checking for go 1.23 specifically, which breaks builds
on newer go versions (1.24, 1.25, etc). this updates the regex to allow
any go version 1.20 or higher.
2026-01-02 17:10:05 -08:00
vmfunc ca5c79b44c Merge pull request #43 from ag-wnl/agwnl/update-makefile-go
Update Makefile to support latest version of Go
2025-10-26 17:22:41 +01:00
vmfunc 450fcb8efd Update README.md automated-release-bef84ce 2025-04-18 16:41:37 +02:00
ag-wnl 34d190731a chore: update to be compatible with all minor Go updates 2025-03-15 15:26:09 +05:30
ag-wnl cfe681d793 chore: update makefile to latest go version 2025-03-15 15:19:54 +05:30
dependabot[bot] 1d4673c078 build(deps): bump github.com/quic-go/quic-go in the go_modules group
Bumps the go_modules group with 1 update: [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go).


Updates `github.com/quic-go/quic-go` from 0.42.0 to 0.48.2
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.42.0...v0.48.2)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-02 17:51:08 +00:00
vmfunc 1253515f0b actions<breaking>: remove PR-specific actions
(needs to be fixed)
2024-11-22 03:28:17 -05:00
vmfunc 5b4b43011b design: readme fixes automated-release-9636888 2024-11-14 09:09:35 +01:00
vmfunc ebdba0721c design: update product banner automated-release-3d431bd 2024-11-14 06:53:41 +01:00
vmfunc 806e8b0970 design: update banner automated-release-ef014de 2024-11-14 06:51:54 +01:00
vmfunc 1a0245840e Merge pull request #38 from lunchcat/dependabot/go_modules/go_modules-403cefacee
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group
2024-11-05 00:36:18 +01:00
dependabot[bot] 8a0ed28bd5 build(deps): bump github.com/golang-jwt/jwt/v4 in the go_modules group
Bumps the go_modules group with 1 update: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt).


Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-04 23:33:18 +00:00
vmfunc c3805c7aee fix<dork>: properly process feature flag automated-release-057b997 2024-10-22 09:15:36 +02:00
vmfunc ceb8712204 ci: various improvements to workflow automated-release-85654f6 2024-10-15 02:51:52 +02:00
vmfunc b335a45a82 chore<format>: gofmt whitespace removal automated-release-aff6fea 2024-10-15 02:32:48 +02:00