dbe79c495e
feat(scan): add web crawler and passive subdomain/url discovery
...
-crawl spiders same-host links/scripts/forms through the shared httpx
client so proxy/headers/rate-limit and robots.txt are honored, bounded
by -crawl-depth. -passive pulls subdomains from keyless ct feeds (crt.sh,
certspotter) and historical urls from wayback, each source isolated so
one feed being down doesn't sink the rest and the target sees no traffic.
2026-06-09 18:11:38 -07:00
d0bdcf1690
feat: shared http client with proxy, custom headers and rate limiting
...
every scanner spun up its own &http.Client, so there was no single place
to apply a proxy, custom headers, a cookie or a rate limit. add an
internal/httpx package that builds one configured transport at startup and
hand it to every scanner via httpx.Client(timeout), keeping behavior
identical when nothing is set (plain client when Configure was never
called).
- httpx.Configure wires -proxy (http/https/socks5), -H/--header, -cookie
and -rate-limit into a package-level RoundTripper that paces via a
rate.Limiter and only sets headers the caller hasn't already, so a
scanner's explicit api key still wins.
- route the scan/wordlist downloads that used http.DefaultClient through
the shared client too; ports tcp dialing is left untouched.
- clamp -threads to a floor of 1: it feeds wg.Add across the scanners, so
0 was a silent no-op and a negative value panicked the waitgroup.
document the new flags in the readme, usage docs and man page.
2026-06-09 17:28:14 -07:00
5e10c1857b
feat: show release notes via patch notes
...
- `sif patchnote` (also `-pn`) fetches the latest github release and renders
its notes with glamour
- on the first run of a new version those notes are shown once, then recorded
so they dont show again - best-effort, so dev builds, the SIF_NO_PATCHNOTES
opt-out, and any network failure stay quiet
- wire up `var version` so the release `-X main.version` ldflag actually lands,
and add `sif version`
2026-06-08 19:13:03 -07:00
4c6cebf4de
chore(deps): bump github.com/go-git/go-git/v5
...
Bumps the go_modules group with 1 update in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ).
Updates `github.com/go-git/go-git/v5` from 5.18.0 to 5.19.1
- [Release notes](https://github.com/go-git/go-git/releases )
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md )
- [Commits](https://github.com/go-git/go-git/compare/v5.18.0...v5.19.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.19.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-07 17:48:20 +00:00
c6143f7f39
chore(deps): bump go.opentelemetry.io/otel
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel` from 1.38.0 to 1.41.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.38.0...v1.41.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
dependency-version: 1.41.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-24 20:33:16 +00:00
7123e392c9
chore(deps): bump the go_modules group across 1 directory with 5 updates
...
Bumps the go_modules group with 3 updates in the / directory: [github.com/projectdiscovery/nuclei/v3](https://github.com/projectdiscovery/nuclei ), [github.com/Azure/go-ntlmssp](https://github.com/Azure/go-ntlmssp ) and [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ).
Updates `github.com/projectdiscovery/nuclei/v3` from 3.7.1 to 3.8.0
- [Release notes](https://github.com/projectdiscovery/nuclei/releases )
- [Commits](https://github.com/projectdiscovery/nuclei/compare/v3.7.1...v3.8.0 )
Updates `github.com/Azure/go-ntlmssp` from 0.1.0 to 0.1.1
- [Release notes](https://github.com/Azure/go-ntlmssp/releases )
- [Commits](https://github.com/Azure/go-ntlmssp/compare/v0.1.0...v0.1.1 )
Updates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.6.11 to 1.7.8
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/rum/v1.6.11...service/m2/v1.7.8 )
Updates `github.com/buger/jsonparser` from 1.1.1 to 1.1.2
- [Release notes](https://github.com/buger/jsonparser/releases )
- [Commits](https://github.com/buger/jsonparser/compare/v1.1.1...v1.1.2 )
Updates `github.com/go-git/go-git/v5` from 5.17.1 to 5.18.0
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.17.1...v5.18.0 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/nuclei/v3
dependency-version: 3.8.0
dependency-type: direct:production
dependency-group: go_modules
- dependency-name: github.com/Azure/go-ntlmssp
dependency-version: 0.1.1
dependency-type: indirect
dependency-group: go_modules
- dependency-name: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
dependency-version: 1.7.8
dependency-type: indirect
dependency-group: go_modules
- dependency-name: github.com/buger/jsonparser
dependency-version: 1.1.2
dependency-type: indirect
dependency-group: go_modules
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.18.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-24 07:40:32 +00:00
30bf148768
Merge pull request #92 from vmfunc/dependabot/go_modules/go_modules-f67f74747b
...
chore(deps): bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 in the go_modules group across 1 directory
2026-04-24 00:37:42 -07:00
3d04a61b27
Merge pull request #89 from vmfunc/dependabot/go_modules/github.com/charmbracelet/log-1.0.0
...
chore(deps): bump github.com/charmbracelet/log from 0.4.2 to 1.0.0
2026-04-24 00:37:22 -07:00
c527668c60
chore(deps): bump github.com/projectdiscovery/utils from 0.9.0 to 0.10.1
...
Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils ) from 0.9.0 to 0.10.1.
- [Release notes](https://github.com/projectdiscovery/utils/releases )
- [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md )
- [Commits](https://github.com/projectdiscovery/utils/compare/v0.9.0...v0.10.1 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/utils
dependency-version: 0.10.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 12:43:54 +00:00
4152e74ade
chore(deps): bump github.com/go-git/go-git/v5
...
Bumps the go_modules group with 1 update in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ).
Updates `github.com/go-git/go-git/v5` from 5.16.5 to 5.17.1
- [Release notes](https://github.com/go-git/go-git/releases )
- [Commits](https://github.com/go-git/go-git/compare/v5.16.5...v5.17.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.17.1
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-30 17:15:28 +00:00
abe8bac165
chore(deps): bump github.com/charmbracelet/log from 0.4.2 to 1.0.0
...
Bumps [github.com/charmbracelet/log](https://github.com/charmbracelet/log ) from 0.4.2 to 1.0.0.
- [Release notes](https://github.com/charmbracelet/log/releases )
- [Commits](https://github.com/charmbracelet/log/compare/v0.4.2...v1.0.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/log
dependency-version: 1.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-13 12:44:04 +00:00
d6c52d3dd8
Merge pull request #87 from vmfunc/dependabot/go_modules/github.com/projectdiscovery/nuclei/v3-3.7.1
...
chore(deps): bump github.com/projectdiscovery/nuclei/v3 from 3.7.0 to 3.7.1
2026-03-06 22:01:46 +01:00
d5067d08b2
chore(deps): bump github.com/antchfx/htmlquery from 1.3.5 to 1.3.6
...
Bumps [github.com/antchfx/htmlquery](https://github.com/antchfx/htmlquery ) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/antchfx/htmlquery/releases )
- [Commits](https://github.com/antchfx/htmlquery/compare/v1.3.5...v1.3.6 )
---
updated-dependencies:
- dependency-name: github.com/antchfx/htmlquery
dependency-version: 1.3.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-06 12:44:13 +00:00
98c987bfbb
chore(deps): bump github.com/projectdiscovery/nuclei/v3
...
Bumps [github.com/projectdiscovery/nuclei/v3](https://github.com/projectdiscovery/nuclei ) from 3.7.0 to 3.7.1.
- [Release notes](https://github.com/projectdiscovery/nuclei/releases )
- [Commits](https://github.com/projectdiscovery/nuclei/compare/v3.7.0...v3.7.1 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/nuclei/v3
dependency-version: 3.7.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-06 12:44:06 +00:00
93783d8bd3
chore(deps): bump the go_modules group across 1 directory with 2 updates
...
Bumps the go_modules group with 2 updates in the / directory: [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519 ) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl ).
Updates `filippo.io/edwards25519` from 1.1.0 to 1.1.1
- [Commits](https://github.com/FiloSottile/edwards25519/compare/v1.1.0...v1.1.1 )
Updates `github.com/cloudflare/circl` from 1.6.1 to 1.6.3
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3 )
---
updated-dependencies:
- dependency-name: filippo.io/edwards25519
dependency-version: 1.1.1
dependency-type: indirect
dependency-group: go_modules
- dependency-name: github.com/cloudflare/circl
dependency-version: 1.6.3
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-25 19:34:14 +00:00
fef7806ac2
chore(deps): bump github.com/refraction-networking/utls ( #78 )
...
Bumps the go_modules group with 1 update in the / directory: [github.com/refraction-networking/utls](https://github.com/refraction-networking/utls ).
Updates `github.com/refraction-networking/utls` from 1.8.1 to 1.8.2
- [Release notes](https://github.com/refraction-networking/utls/releases )
- [Commits](https://github.com/refraction-networking/utls/compare/v1.8.1...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/refraction-networking/utls
dependency-version: 1.8.2
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 02:11:40 +01:00
5ddfbc6204
chore(deps): bump github.com/likexian/whois from 1.15.1 to 1.15.7 ( #67 )
...
Bumps [github.com/likexian/whois](https://github.com/likexian/whois ) from 1.15.1 to 1.15.7.
- [Release notes](https://github.com/likexian/whois/releases )
- [Commits](https://github.com/likexian/whois/compare/v1.15.1...v1.15.7 )
---
updated-dependencies:
- dependency-name: github.com/likexian/whois
dependency-version: 1.15.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 15:32:55 +01:00
b522aa3206
chore(deps): bump github.com/charmbracelet/log from 0.2.4 to 0.4.2 ( #74 )
...
Bumps [github.com/charmbracelet/log](https://github.com/charmbracelet/log ) from 0.2.4 to 0.4.2.
- [Release notes](https://github.com/charmbracelet/log/releases )
- [Commits](https://github.com/charmbracelet/log/compare/v0.2.4...v0.4.2 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/log
dependency-version: 0.4.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 15:11:38 +01:00
e94fda0acf
deps: bump go-git to v5.16.5 - fixes CVE-2026-25934
...
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 01:39:00 +01:00
03a9488b65
internal/scan: migrate nuclei integration to v3 SDK
...
replace ~100 lines of manual nuclei v2 plumbing (catalog, loader, core,
protocolstate, protocolinit, hosterrorscache, interactsh, reporting,
ratelimit, testutils) with the v3 lib SDK - NewNucleiEngineCtx +
functional options.
drops direct ratelimit dep, mholt/archiver and nwaples/rardecode
(resolves dependabot CVE alerts for path traversal + DoS).
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 01:22:25 +01:00
426a301182
deps: bump projectdiscovery/utils to v0.9.0
...
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 01:03:47 +01:00
953ef299c9
deps: bump goflags to v0.1.74
...
Signed-off-by: vmfunc <celeste@linux.com >
2026-02-13 01:03:46 +01:00
60c38e29cf
ci: upgrade to go 1.24 in all workflows
2026-01-03 06:04:33 -08:00
00a66adf27
feat(output): add styled console output with module loggers
...
- Add output package with colored prefixes and module loggers
- Each module gets unique background color based on name hash
- Add spinner for indeterminate operations
- Add progress bar for known-count operations
- Update all scan files to use ModuleLogger pattern
- Add clean PrintSummary for scan completion
2026-01-03 05:57:10 -08:00
1bf927b895
fix: update dependencies to address security vulnerabilities
...
- golang.org/x/crypto v0.26.0 -> v0.46.0 (critical: ssh auth bypass)
- golang.org/x/net v0.28.0 -> v0.48.0 (medium: xss vulnerability)
- golang.org/x/oauth2 v0.11.0 -> v0.34.0 (high: input validation)
- quic-go v0.48.2 -> v0.58.0 (high: panic on undecryptable packets)
- golang-jwt/jwt v4.5.1 -> v4.5.2 (high: memory allocation)
- cloudflare/circl v1.3.7 -> v1.6.2 (low: validation issues)
- refraction-networking/utls v1.5.4 -> v1.8.1 (medium: tls downgrade)
- ulikunitz/xz v0.5.11 -> v0.5.15 (medium: memory leak)
- klauspost/compress v1.16.7 -> v1.17.4
also fixes go vet warnings for non-constant format strings
2026-01-02 18:03:27 -08:00
21c85974cd
chore: upgrade to go 1.25 and ignore claude files
...
- update go.mod to use go 1.23 with toolchain go1.25.5
- add CLAUDE.md and .claude/ to .gitignore
2026-01-02 17:13:16 -08:00
1d4673c078
build(deps): bump github.com/quic-go/quic-go in the go_modules group
...
Bumps the go_modules group with 1 update: [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go ).
Updates `github.com/quic-go/quic-go` from 0.42.0 to 0.48.2
- [Release notes](https://github.com/quic-go/quic-go/releases )
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md )
- [Commits](https://github.com/quic-go/quic-go/compare/v0.42.0...v0.48.2 )
---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-02 17:51:08 +00:00
8a0ed28bd5
build(deps): bump github.com/golang-jwt/jwt/v4 in the go_modules group
...
Bumps the go_modules group with 1 update: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt ).
Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-11-04 23:33:18 +00:00
7aa52c2d78
build(deps): bump github.com/hashicorp/go-retryablehttp
...
Bumps the go_modules group with 1 update: [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp ).
Updates `github.com/hashicorp/go-retryablehttp` from 0.7.2 to 0.7.7
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.2...v0.7.7 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-24 22:11:06 +00:00
1c077eeb9f
build(deps): bump github.com/projectdiscovery/interactsh
...
Bumps the go_modules group with 1 update in the / directory: [github.com/projectdiscovery/interactsh](https://github.com/projectdiscovery/interactsh ).
Updates `github.com/projectdiscovery/interactsh` from 1.1.6 to 1.2.0
- [Release notes](https://github.com/projectdiscovery/interactsh/releases )
- [Changelog](https://github.com/projectdiscovery/interactsh/blob/main/.goreleaser.yml )
- [Commits](https://github.com/projectdiscovery/interactsh/compare/v1.1.6...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/projectdiscovery/interactsh
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-05 17:07:28 +00:00
ae9750f079
build(deps): bump golang.org/x/net
...
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/net](https://github.com/golang/net ).
Updates `golang.org/x/net` from 0.20.0 to 0.23.0
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-19 13:02:39 +00:00
f51e710a33
chore: remove toolchain requirement
2024-04-15 02:45:39 +02:00
855363e078
chore: update go modfile
2024-04-15 02:42:54 +02:00
c76a6c3555
build(deps): bump the go_modules group across 1 directory with 3 updates
...
Bumps the go_modules group with 3 updates in the / directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl ), [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go ) and google.golang.org/protobuf.
Updates `github.com/cloudflare/circl` from 1.3.3 to 1.3.7
- [Release notes](https://github.com/cloudflare/circl/releases )
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7 )
Updates `github.com/quic-go/quic-go` from 0.37.4 to 0.42.0
- [Release notes](https://github.com/quic-go/quic-go/releases )
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md )
- [Commits](https://github.com/quic-go/quic-go/compare/v0.37.4...v0.42.0 )
Updates `google.golang.org/protobuf` from 1.31.0 to 1.33.0
---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
dependency-type: indirect
dependency-group: go_modules-security-group
- dependency-name: github.com/quic-go/quic-go
dependency-type: indirect
dependency-group: go_modules-security-group
- dependency-name: google.golang.org/protobuf
dependency-type: indirect
dependency-group: go_modules-security-group
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-02 14:19:23 +00:00
ad18133b88
chore: update dependencies
2024-02-04 15:09:18 +01:00
b2a354137d
Move import repositories to dropalldatabases
2023-09-14 20:48:45 +03:00
7aa66ee6b7
Use nuclei API to scan nuclei templates
2023-09-14 20:48:28 +03:00
755b4641c7
Refactor
2023-09-14 20:46:47 +03:00
4f117c465f
config: use goflags instead of pflag
2023-09-14 20:46:47 +03:00
04a304908a
Add nuclei template parsing support
2023-09-14 20:46:47 +03:00
e839d817ca
go mod tidy
2023-09-14 20:46:45 +03:00
09f761d908
dork: add dorking feature
2023-09-14 20:46:45 +03:00
69db4b26ef
progress bar
2023-09-01 19:34:18 +02:00
fdb46284f6
Add flag parsing for --file and --url
2023-09-01 19:12:25 +03:00
d2e214f691
asdd
2023-09-01 17:28:59 +02:00
50dd6e38a7
base logging
2023-09-01 17:27:19 +02:00
3be10bbae6
go mod
2023-09-01 17:06:17 +02:00
vmfunc