gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-01-13 05:16:44 -08:00
Code Issues Packages Projects Releases Wiki Activity
194 Commits 12 Branches 47 Tags
95a03b91d79df34df6c7679309f3ffeffcc02468
Commit Graph

194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Celeste Hickenlooper
95a03b91d7 docs: add framework detection to readme 2026-01-02 18:54:24 -08:00
Celeste Hickenlooper
8a0945619b feat: expand framework detection with cvs, version confidence, concurrency 
- add 20+ new framework signatures (vue, angular, react, svelte, sveltekit,
  remix, gatsby, joomla, magento, shopify, ghost, ember, backbone, meteor,
  strapi, adonisjs, cakephp, codeigniter, asp.net core, spring boot)
- add version confidence scoring with multiple detection sources
- add concurrent framework scanning for better performance
- expand cve database with 15+ known vulnerabilities (spring4shell, etc.)
- add risk level assessment based on cve severity
- add comprehensive security recommendations
- add new tests for all features
 2026-01-02 18:52:15 -08:00
Celeste Hickenlooper
eb77282873 chore: add license header to detect.go 2026-01-02 18:52:15 -08:00
Celeste Hickenlooper
11589e90fe feat: improve framework detection with more signatures and tests 
- use math.Exp instead of custom exp implementation
- add more framework signatures: next.js, nuxt.js, wordpress, drupal,
  symfony, fastapi, gin, phoenix
- fix header detection to check both header names and values
- simplify version detection (remove unnecessary padding)
- add comprehensive test suite for framework detection
- fix formatting in dork.go
 2026-01-02 18:52:15 -08:00
vmfunc
05c01653cb chore(actions): add framework to CI 2026-01-02 18:52:15 -08:00
vmfunc
6552aa8887 feat(framework-detection): weighted bayesian detection algorithm 
- weighted signature matching for more accurate framework detection
- sigmoid normalization for confidence scores
- version detection with semantic versioning support
- header-only pattern
 2026-01-02 18:52:15 -08:00
vmfunc
1eac29757c feat: framework detection module 2026-01-02 18:52:15 -08:00
Celeste Hickenlooper
7ff0d04902 fix: use static discord badge instead of server id automated-release-3ba18a9 automated-release-a998052 automated-release-44842dd automated-release-612df34 automated-release-7ff0d04 2026-01-02 18:45:07 -08:00
Celeste Hickenlooper
a9980524df docs: update readme with new modules and discord link automated-release-2cfdc51 2026-01-02 18:42:45 -08:00
Celeste Hickenlooper
612df34a5f feat: add lfi reconnaissance module (#49) 
adds a new --lfi flag for local file inclusion vulnerability scanning:
- tests common lfi parameters with directory traversal payloads
- detects /etc/passwd, /etc/shadow, windows system files
- identifies php wrappers and encoded content
- supports various bypass techniques (null bytes, encoding)

closes #4
 2026-01-02 18:41:30 -08:00
Celeste Hickenlooper
3ba18a956a feat: add sql reconnaissance module (#48) 
adds a new --sql flag that performs sql reconnaissance on target urls:
- detects common database admin panels (phpmyadmin, adminer, pgadmin, etc.)
- identifies database error disclosure (mysql, postgresql, mssql, oracle, sqlite)
- scans common paths for sql injection indicators

closes #3
 2026-01-02 18:40:06 -08:00
Celeste Hickenlooper
44842dd659 fix: remove duplicate subdomain takeover call and add config tests (#46) 
- remove duplicate SubdomainTakeover call that ran twice when both
  dns scan and --st flag were enabled
- add comprehensive tests for config settings defaults and behavior
- fix formatting in dork.go

closes #1
 2026-01-02 18:38:47 -08:00
Celeste Hickenlooper
2cfdc511f0 Merge pull request #47 from vmfunc/feat/shodan-integration 
feat: add shodan integration for host reconnaissance
 2026-01-02 18:35:56 -08:00
Celeste Hickenlooper
ac879e069c feat: add shodan integration for host reconnaissance 
adds a new --shodan flag that queries the shodan api for information
about the target host. requires SHODAN_API_KEY environment variable.

features:
- resolves hostnames to ip addresses
- queries shodan host api for reconnaissance data
- displays organization, isp, location, ports, services, and vulns
- logs results to file when logdir is specified

closes #2
 2026-01-02 18:24:37 -08:00
Celeste Hickenlooper
816ecd1e46 fix: update dependencies to address security vulnerabilities 
- golang.org/x/crypto v0.26.0 -> v0.46.0 (critical: ssh auth bypass)
- golang.org/x/net v0.28.0 -> v0.48.0 (medium: xss vulnerability)
- golang.org/x/oauth2 v0.11.0 -> v0.34.0 (high: input validation)
- quic-go v0.48.2 -> v0.58.0 (high: panic on undecryptable packets)
- golang-jwt/jwt v4.5.1 -> v4.5.2 (high: memory allocation)
- cloudflare/circl v1.3.7 -> v1.6.2 (low: validation issues)
- refraction-networking/utls v1.5.4 -> v1.8.1 (medium: tls downgrade)
- ulikunitz/xz v0.5.11 -> v0.5.15 (medium: memory leak)
- klauspost/compress v1.16.7 -> v1.17.4

also fixes go vet warnings for non-constant format strings
automated-release-816ecd1 		2026-01-02 18:03:27 -08:00
Celeste Hickenlooper
42d16bd68c fix: update readme badges and use banner image 
- update badges to point to vmfunc/sif
- replace ascii art with banner image
- fix header check action to check first 5 lines
- remove obsolete LICENSE.md
automated-release-42d16bd automated-release-80ca5a1 		2026-01-02 17:54:17 -08:00
Celeste Hickenlooper
a0d6719fc6 chore: delete old license automated-release-df6ca79 2026-01-02 17:45:14 -08:00
Celeste Hickenlooper
df6ca7924b license: switch to bsd 3-clause, update headers and readme 
- replace proprietary license with bsd 3-clause
- update all go file headers with new retro terminal style
- add header-check github action to enforce license headers
- completely rewrite readme to be modern, sleek, and lowercase
- fix broken badges
 2026-01-02 17:41:18 -08:00
Celeste Hickenlooper
421965e993 test: add basic unit tests for scan package 
adds tests for subdomain takeover detection, robots.txt fetching,
and result struct validation using httptest mock servers.
automated-release-421965e 		2026-01-02 17:27:50 -08:00
Celeste Hickenlooper
a945afffd0 chore: add golangci-lint configuration 
enables errcheck, govet, staticcheck, unused, gosimple,
ineffassign, and misspell linters
 2026-01-02 17:21:58 -08:00
Celeste Hickenlooper
1199fdf815 docs: update minimum go version to 1.23 in contributing guide 2026-01-02 17:21:38 -08:00
Celeste Hickenlooper
a26888bd3c fix: handle errors instead of ignoring them 
- dork.go: log and skip on googlesearch.Search error
- nuclei.go: return error on os.Getwd and reporting.New failures
- subdomaintakeover.go: return early on io.ReadAll error
 2026-01-02 17:21:21 -08:00
Celeste Hickenlooper
dba9c4b3ab chore: update github actions to latest versions 
- update actions/checkout from v2/v3 to v4 across all workflows
- update reviewdog actions to latest versions
- update jetbrains/qodana-action to v2024.3
- update actions/dependency-review-action to v4
- replace deprecated actions/create-release and upload-release-asset
  with softprops/action-gh-release@v2
 2026-01-02 17:20:01 -08:00
Celeste Hickenlooper
0e4de7872e chore: upgrade to go 1.25 and ignore claude files 
- update go.mod to use go 1.23 with toolchain go1.25.5
- add CLAUDE.md and .claude/ to .gitignore
 2026-01-02 17:13:16 -08:00
Celeste Hickenlooper
e2ac47d5ce Merge pull request #41 from vmfunc/dependabot/go_modules/go_modules-dd59f798d0 
build(deps): bump github.com/quic-go/quic-go from 0.42.0 to 0.48.2 in the go_modules group
 2026-01-02 17:11:27 -08:00
Celeste Hickenlooper
63c125ea1c fix: update go version check to support go 1.20+ 
the makefile was checking for go 1.23 specifically, which breaks builds
on newer go versions (1.24, 1.25, etc). this updates the regex to allow
any go version 1.20 or higher.
 2026-01-02 17:10:05 -08:00
Celeste J.
942a2409bc Merge pull request #43 from ag-wnl/agwnl/update-makefile-go 
Update Makefile to support latest version of Go
 2025-10-26 17:22:41 +01:00
celeste
bef84ce9e7 Update README.md automated-release-bef84ce 2025-04-18 16:41:37 +02:00
ag-wnl
16bf3f6ae3 chore: update to be compatible with all minor Go updates 2025-03-15 15:26:09 +05:30
ag-wnl
a9c4c1f8af chore: update makefile to latest go version 2025-03-15 15:19:54 +05:30
dependabot[bot]
f1430de4a0 build(deps): bump github.com/quic-go/quic-go in the go_modules group 
Bumps the go_modules group with 1 update: [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go).


Updates `github.com/quic-go/quic-go` from 0.42.0 to 0.48.2
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.42.0...v0.48.2)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-02 17:51:08 +00:00
vmfunc
a40b78c820 actions<breaking>: remove PR-specific actions 
(needs to be fixed)
 2024-11-22 03:28:17 -05:00
mel
9636888cd6 design: readme fixes automated-release-9636888 2024-11-14 09:09:35 +01:00
vmfunc
3d431bdcad design: update product banner automated-release-3d431bd 2024-11-14 06:53:41 +01:00
vmfunc
ef014dec87 design: update banner automated-release-ef014de 2024-11-14 06:51:54 +01:00
mel
24a9092c37 Merge pull request #38 from lunchcat/dependabot/go_modules/go_modules-403cefacee 
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group
 2024-11-05 00:36:18 +01:00
dependabot[bot]
8396c27e71 build(deps): bump github.com/golang-jwt/jwt/v4 in the go_modules group 
Bumps the go_modules group with 1 update: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt).


Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-04 23:33:18 +00:00
vmfunc
057b997960 fix<dork>: properly process feature flag automated-release-057b997 2024-10-22 09:15:36 +02:00
vmfunc
85654f6aaf ci: various improvements to workflow automated-release-85654f6 2024-10-15 02:51:52 +02:00
vmfunc
aff6fea45d chore<format>: gofmt whitespace removal automated-release-aff6fea 2024-10-15 02:32:48 +02:00
vmfunc
ee77dd8f91 feat<sif>: log scan overview automated-release-ee77dd8 2024-10-15 00:14:59 +02:00
mel
5add3a7502 fix<contrib>: fix contributor file automated-release-5add3a7 2024-10-13 00:56:23 +02:00
mel
e9bd112e6e fix: replace modules with features automated-release-e9bd112 2024-10-13 00:49:12 +02:00
mel
3e5849d832 feat: improve readme automated-release-3e5849d 2024-10-13 00:44:50 +02:00
mel
d449e82805 Merge pull request #36 from lunchcat/all-contributors/add-projectdiscovery 
docs: add projectdiscovery as a contributor for platform
 2024-10-13 00:32:48 +02:00
mel
e4cc49b64b Merge branch 'main' into all-contributors/add-projectdiscovery 2024-10-13 00:32:41 +02:00
mel
ca3562812c Merge pull request #35 from lunchcat/all-contributors/add-macdoos 
docs: add macdoos as a contributor for code
 2024-10-13 00:31:55 +02:00
mel
c7655a320e Merge branch 'main' into all-contributors/add-macdoos 2024-10-13 00:31:50 +02:00
mel
a568362a37 Merge pull request #34 from lunchcat/all-contributors/add-D3adPlays 
docs: add D3adPlays as a contributor for ideas
 2024-10-13 00:31:10 +02:00
mel
ba4c919c00 Merge branch 'main' into all-contributors/add-D3adPlays 2024-10-13 00:31:04 +02:00