mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-05 12:17:03 -07:00
Compare commits
49 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c20c37463a | |||
| 9190fa4741 | |||
| 1379dd9952 | |||
| 925b84d22b | |||
| ecb2e147c2 | |||
| 5c92b6ae4d | |||
| 75350458c1 | |||
| 21c85974cd | |||
| 3d2e75b525 | |||
| bc07d1ad4e | |||
| ca5c79b44c | |||
| 450fcb8efd | |||
| 34d190731a | |||
| cfe681d793 | |||
| 1d4673c078 | |||
| 1253515f0b | |||
| 5b4b43011b | |||
| ebdba0721c | |||
| 806e8b0970 | |||
| 1a0245840e | |||
| 8a0ed28bd5 | |||
| c3805c7aee | |||
| ceb8712204 | |||
| b335a45a82 | |||
| 1048a97355 | |||
| cceb60a423 | |||
| bf5fd7c566 | |||
| 16a73f274b | |||
| fcc0ba0ea4 | |||
| b619ed026a | |||
| 26b35c1cbc | |||
| 4a51ddda95 | |||
| 3eae11695d | |||
| c29227d26b | |||
| 0279ea9b0a | |||
| dfe8004544 | |||
| 2816887a7a | |||
| ae82c2066d | |||
| cebfe62bcf | |||
| a79ffd08d4 | |||
| 22fba38ff6 | |||
| dd28daf795 | |||
| 7c080e99a8 | |||
| 7c9ba8da80 | |||
| 814be003ad | |||
| 2a87a5790f | |||
| 8e76b40b53 | |||
| e3b87e5138 | |||
| 3cd45523a3 |
@@ -25,6 +25,57 @@
|
||||
"financial",
|
||||
"ideas"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "projectdiscovery",
|
||||
"name": "ProjectDiscovery",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/50994705?v=4",
|
||||
"profile": "https://projectdiscovery.io",
|
||||
"contributions": [
|
||||
"platform"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "macdoos",
|
||||
"name": "macdoos",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/127897805?v=4",
|
||||
"profile": "https://github.com/macdoos",
|
||||
"contributions": [
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "D3adPlays",
|
||||
"name": "Matthieu Witrowiez",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/75166283?v=4",
|
||||
"profile": "https://epitech.eu",
|
||||
"contributions": [
|
||||
"ideas"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "tessa-u-k",
|
||||
"name": "tessa ",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/109355732?v=4",
|
||||
"profile": "https://github.com/tessa-u-k",
|
||||
"contributions": [
|
||||
"infra",
|
||||
"question",
|
||||
"userTesting"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "xyzeva",
|
||||
"name": "Eva",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/133499694?v=4",
|
||||
"profile": "https://github.com/xyzeva",
|
||||
"contributions": [
|
||||
"blog",
|
||||
"content",
|
||||
"research",
|
||||
"security",
|
||||
"test",
|
||||
"code"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Automatic Rebase
|
||||
on:
|
||||
issue_comment:
|
||||
types: [created]
|
||||
jobs:
|
||||
rebase:
|
||||
name: Rebase
|
||||
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the latest code
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Automatic Rebase
|
||||
uses: cirrus-actions/rebase@1.8
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Check Large Files
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
check-large-files:
|
||||
name: Check for large files
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Check for large files
|
||||
run: |
|
||||
find . -type f -size +5M | while read file; do
|
||||
echo "::error file=${file}::File ${file} is larger than 5MB"
|
||||
done
|
||||
@@ -14,11 +14,11 @@ jobs:
|
||||
pull-requests: write
|
||||
checks: write
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
fetch-depth: 0
|
||||
fetch-depth: 0
|
||||
- name: 'Qodana Scan'
|
||||
uses: JetBrains/qodana-action@v2023.3
|
||||
uses: JetBrains/qodana-action@v2024.3
|
||||
env:
|
||||
QODANA_TOKEN: ${{ secrets.QODANA_TOKEN }}
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
name: "Dependency Review"
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: "Checkout Repository"
|
||||
uses: actions/checkout@v4
|
||||
- name: "Dependency Review"
|
||||
uses: actions/dependency-review-action@v4
|
||||
continue-on-error: ${{ github.event_name == 'push' }}
|
||||
- name: "Check Dependency Review Outcome"
|
||||
if: github.event_name == 'push' && failure()
|
||||
run: |
|
||||
echo "::warning::Dependency review failed. Please check the dependencies for potential issues."
|
||||
@@ -8,7 +8,7 @@ jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
name: header check
|
||||
|
||||
on:
|
||||
push:
|
||||
paths:
|
||||
- '**.go'
|
||||
pull_request:
|
||||
paths:
|
||||
- '**.go'
|
||||
|
||||
jobs:
|
||||
check-headers:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: check license headers
|
||||
run: |
|
||||
missing_headers=()
|
||||
|
||||
while IFS= read -r -d '' file; do
|
||||
# skip test files and generated files
|
||||
if [[ "$file" == *"_test.go" ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
# check if file starts with the license header
|
||||
if ! head -n 3 "$file" | grep -q "█▀ █ █▀▀"; then
|
||||
missing_headers+=("$file")
|
||||
fi
|
||||
done < <(find . -name "*.go" -type f -print0)
|
||||
|
||||
if [ ${#missing_headers[@]} -ne 0 ]; then
|
||||
echo "::error::the following files are missing the license header:"
|
||||
printf '%s\n' "${missing_headers[@]}"
|
||||
echo ""
|
||||
echo "expected header format:"
|
||||
echo '/*'
|
||||
echo '·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·'
|
||||
echo ': :'
|
||||
echo ': █▀ █ █▀▀ · Blazing-fast pentesting suite :'
|
||||
echo ': ▄█ █ █▀ · BSD 3-Clause License :'
|
||||
echo ': :'
|
||||
echo ': (c) 2022-2025 vmfunc (vmfunc), xyzeva, :'
|
||||
echo ': lunchcat alumni & contributors :'
|
||||
echo ': :'
|
||||
echo '·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·'
|
||||
echo '*/'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "all go files have proper license headers"
|
||||
@@ -0,0 +1,25 @@
|
||||
name: Mind your language
|
||||
on:
|
||||
issues:
|
||||
types:
|
||||
- opened
|
||||
- edited
|
||||
issue_comment:
|
||||
types:
|
||||
- created
|
||||
- edited
|
||||
pull_request_review_comment:
|
||||
types:
|
||||
- created
|
||||
- edited
|
||||
jobs:
|
||||
echo_issue_comment:
|
||||
runs-on: ubuntu-latest
|
||||
name: profanity check
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Profanity check step
|
||||
uses: tailaiw/mind-your-language-action@v1.0.3
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Markdown Lint
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "**/*.md"
|
||||
|
||||
jobs:
|
||||
markdownlint:
|
||||
name: runner / markdownlint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: markdownlint
|
||||
uses: reviewdog/action-markdownlint@v0.24.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
@@ -0,0 +1,20 @@
|
||||
name: Misspell Check
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
misspell:
|
||||
name: runner / misspell
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: misspell
|
||||
uses: reviewdog/action-misspell@v1.26.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
level: warning
|
||||
locale: "US"
|
||||
@@ -18,7 +18,7 @@ jobs:
|
||||
permissions:
|
||||
contents: write
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
@@ -43,32 +43,13 @@ jobs:
|
||||
- name: Set release version
|
||||
run: echo "RELEASE_VERSION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
|
||||
|
||||
- name: Get commit info
|
||||
run: |
|
||||
echo "COMMIT_MESSAGE=$(git log -1 --pretty=%B)" >> $GITHUB_ENV
|
||||
echo "COMMIT_AUTHOR=$(git log -1 --pretty=%an)" >> $GITHUB_ENV
|
||||
echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
|
||||
|
||||
- name: Create Release
|
||||
id: create_release
|
||||
uses: actions/create-release@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Create Release and Upload Assets
|
||||
uses: softprops/action-gh-release@v2
|
||||
with:
|
||||
tag_name: automated-release-${{ env.RELEASE_VERSION }}
|
||||
release_name: Release ${{ env.RELEASE_VERSION }}
|
||||
name: Release ${{ env.RELEASE_VERSION }}
|
||||
body: |
|
||||
🚀 sif automated release v${{ env.RELEASE_VERSION }}
|
||||
|
||||
This is an automated release pushed by the release workflow.
|
||||
|
||||
## Commit Information
|
||||
- **Message:** ${{ env.COMMIT_MESSAGE }}
|
||||
- **Author:** ${{ env.COMMIT_AUTHOR }}
|
||||
- **SHA:** ${{ env.COMMIT_SHA }}
|
||||
|
||||
## Build Information
|
||||
- Built on: ${{ runner.os }}
|
||||
Automated release v${{ env.RELEASE_VERSION }}
|
||||
|
||||
## Assets
|
||||
- Windows (64-bit): `sif-windows-amd64.exe`
|
||||
@@ -79,78 +60,16 @@ jobs:
|
||||
- Linux (32-bit): `sif-linux-386`
|
||||
- Linux (64-bit ARM): `sif-linux-arm64`
|
||||
|
||||
For more details, please check the [commit history](https://github.com/${{ github.repository }}/commits/main).
|
||||
|
||||
@${{ env.COMMIT_AUTHOR }}, your changes have been included in this release.
|
||||
For more details, check the [commit history](https://github.com/${{ github.repository }}/commits/main).
|
||||
draft: false
|
||||
prerelease: false
|
||||
|
||||
- name: Upload Windows Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
files: |
|
||||
sif-windows-amd64.exe
|
||||
sif-windows-386.exe
|
||||
sif-macos-amd64
|
||||
sif-macos-arm64
|
||||
sif-linux-amd64
|
||||
sif-linux-386
|
||||
sif-linux-arm64
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-windows-amd64.exe
|
||||
asset_name: sif-windows-amd64.exe
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- name: Upload Windows (32-bit) Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-windows-386.exe
|
||||
asset_name: sif-windows-386.exe
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- name: Upload macOS Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-macos-amd64
|
||||
asset_name: sif-macos-amd64
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- name: Upload macOS (ARM64) Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-macos-arm64
|
||||
asset_name: sif-macos-arm64
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- name: Upload Linux Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-linux-amd64
|
||||
asset_name: sif-linux-amd64
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- name: Upload Linux (32-bit) Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-linux-386
|
||||
asset_name: sif-linux-386
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
- name: Upload Linux (ARM64) Release Asset
|
||||
uses: actions/upload-release-asset@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
||||
asset_path: ./sif-linux-arm64
|
||||
asset_name: sif-linux-arm64
|
||||
asset_content_type: application/octet-stream
|
||||
|
||||
@@ -0,0 +1,16 @@
|
||||
name: Update Report Card
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
workflow_call:
|
||||
|
||||
jobs:
|
||||
update-report-card:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Update Go Report Card
|
||||
uses: creekorful/goreportcard-action@v1.0
|
||||
@@ -11,7 +11,7 @@ jobs:
|
||||
build-and-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v4
|
||||
with:
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Shell Check
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "**/*.sh"
|
||||
|
||||
jobs:
|
||||
shellcheck:
|
||||
name: runner / shellcheck
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: shellcheck
|
||||
uses: reviewdog/action-shellcheck@v1.27.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
@@ -0,0 +1,19 @@
|
||||
name: YAML Lint
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "**/*.yml"
|
||||
- "**/*.yaml"
|
||||
|
||||
jobs:
|
||||
yamllint:
|
||||
name: runner / yamllint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: yamllint
|
||||
uses: reviewdog/action-yamllint@v1.19.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
@@ -31,3 +31,7 @@ result
|
||||
|
||||
# nuclei templates
|
||||
nuclei-templates
|
||||
|
||||
# claude files
|
||||
CLAUDE.md
|
||||
.claude/
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
linters:
|
||||
enable:
|
||||
- errcheck # check error returns
|
||||
- govet # suspicious constructs
|
||||
- staticcheck # advanced static analysis
|
||||
- unused # unused code
|
||||
- gosimple # simplifications
|
||||
- ineffassign # useless assignments
|
||||
- misspell # spelling mistakes
|
||||
|
||||
linters-settings:
|
||||
govet:
|
||||
enable-all: true
|
||||
errcheck:
|
||||
check-blank: false
|
||||
|
||||
run:
|
||||
timeout: 5m
|
||||
issues-exit-code: 1
|
||||
|
||||
issues:
|
||||
max-issues-per-linter: 50
|
||||
max-same-issues: 3
|
||||
+1
-1
@@ -31,7 +31,7 @@ When opening an issue, please use the search tool and make sure that the issue h
|
||||
|
||||
### Development
|
||||
|
||||
To develop sif, you'll need version 1.20 or later of the Go toolchain. After making your changes, run the program using `go run ./cmd/sif` to make sure it compiles and runs properly.
|
||||
To develop sif, you'll need version 1.23 or later of the Go toolchain. After making your changes, run the program using `go run ./cmd/sif` to make sure it compiles and runs properly.
|
||||
|
||||
*Nix users:* the repository provides a flake that can be used to develop and run sif. Use `nix run`, `nix develop`, `nix build`, etc. Make sure to run `gomod2nix` if `go.mod` is changed.
|
||||
|
||||
|
||||
@@ -1,11 +1,29 @@
|
||||
Copyright 2023 - 2024 lunchcat, inc. ALL RIGHTS RESERVED.
|
||||
BSD 3-Clause License
|
||||
|
||||
Use of this tool is restricted to research and educational purposes only. Usage in a production environment outside of these categories is strictly prohibited. Any person or entity wishing to use this tool outside of research or school purposes must purchase a license from https://lunchcat.dev.
|
||||
Copyright (c) 2022-2025 vmfunc (vmfunc), xyzeva, lunchcat alumni,
|
||||
and other sif contributors.
|
||||
|
||||
For Businesses:
|
||||
1. Licensing Requirement: Businesses intending to use this tool for any commercial, operational, or production purposes must obtain a commercial license from [lunchcat.dev](https://lunchcat.dev).
|
||||
2. Compliance: Businesses must ensure compliance with all applicable laws and regulations when using this tool.
|
||||
3. Liability: lunchcat assumes no liability for any damages or losses incurred by businesses using this tool without an appropriate license.
|
||||
4. Support: Licensed business users are eligible for dedicated support and updates as per the terms of their license agreement.
|
||||
5. Audits: lunchcat reserves the right to audit business usage of this tool to ensure compliance with the licensing terms.
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright notice, this
|
||||
list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
3. Neither the name of the copyright holder nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
-15
@@ -1,15 +0,0 @@
|
||||
|
||||
|
||||
**Copyright 2023 - 2024 lunchcat. ALL RIGHTS RESERVED.**
|
||||
|
||||
Use of this tool is restricted to research and educational purposes only. Usage in a production environment outside of these categories is strictly prohibited. Any person or entity wishing to use this tool outside of research or school purposes must purchase a license from [lunchcat.dev](https://lunchcat.dev).
|
||||
|
||||
**For Businesses:**
|
||||
1. **Licensing Requirement:** Businesses intending to use this tool for any commercial, operational, or production purposes must obtain a commercial license from [lunchcat.dev](https://lunchcat.dev).
|
||||
2. **Compliance:** Businesses must ensure compliance with all applicable laws and regulations when using this tool.
|
||||
3. **Liability:** lunchcat assumes no liability for any damages or losses incurred by businesses using this tool without an appropriate license.
|
||||
4. **Support:** Licensed business users are eligible for dedicated support and updates as per the terms of their license agreement.
|
||||
5. **Audits:** lunchcat reserves the right to audit business usage of this tool to ensure compliance with the licensing terms.
|
||||
|
||||
---
|
||||
|
||||
@@ -48,7 +48,7 @@ all: check_go_version sif
|
||||
check_go_version:
|
||||
@echo "$$COPYRIGHT_ASCII"
|
||||
@echo "🔍 Checking Go version..."
|
||||
@$(GO) version | grep -q "go1\.23\." || (echo "❌ Error: Please install the latest version of Go" && exit 1)
|
||||
@$(GO) version | grep -E "go1\.[2-9][0-9]*\." || (echo "❌ Error: Please install the latest version of Go" && exit 1)
|
||||
@echo "✅ Go version check passed!"
|
||||
|
||||
sif: check_go_version
|
||||
|
||||
@@ -1,40 +1,105 @@
|
||||
<pre align="center">
|
||||
_____________
|
||||
__________(_)__ __/
|
||||
__ ___/_ /__ /_
|
||||
_(__ )_ / _ __/
|
||||
/____/ /_/ /_/
|
||||
</pre>
|
||||
|
||||
<h4 align="center">a blazing-fast pentesting (recon/exploitation) suite written in Go 🐾</h4>
|
||||
|
||||
<div align="center">
|
||||
|
||||

|
||||
[](https://goreportcard.com/report/github.com/dropalldatabases/sif)
|
||||
[](https://github.com/dropalldatabases/sif/tags)
|
||||
```
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ :
|
||||
: ▄█ █ █▀ blazing-fast pentesting suite :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
```
|
||||
|
||||
[](#contributors)
|
||||
[](https://go.dev/)
|
||||
[](https://github.com/dropalldatabases/sif/actions)
|
||||
[](LICENSE)
|
||||
|
||||
**[install](#install) · [usage](#usage) · [modules](#modules) · [contribute](#contribute)**
|
||||
|
||||
</div>
|
||||
|
||||
## Features
|
||||
---
|
||||
|
||||
- 📂 Directory/file fuzzing/scanning
|
||||
- 📡 DNS subdomain enumeration
|
||||
- 🐾 Common Web scanning
|
||||
- 🖥️ Port/service scanning
|
||||
- 🦠 Vulnerability scanning
|
||||
- Support for pre-existing nuclei templates
|
||||
- Metasploit emulation for execution
|
||||
- 🔎 Automated Google dorking
|
||||
- 💘 Shodan integration
|
||||
- 📦 CMS detection
|
||||
- 🔍 HTTP Header Analysis
|
||||
- ☁️ C3 Misconfiguration Scanner
|
||||
- 🔍 Subdomain Takeover Checks
|
||||
## what is sif?
|
||||
|
||||
## Contributors
|
||||
sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
|
||||
|
||||
```bash
|
||||
./sif -u https://example.com -all
|
||||
```
|
||||
|
||||
## install
|
||||
|
||||
### from releases
|
||||
|
||||
grab the latest binary from [releases](https://github.com/dropalldatabases/sif/releases).
|
||||
|
||||
### from source
|
||||
|
||||
```bash
|
||||
git clone https://github.com/dropalldatabases/sif.git
|
||||
cd sif
|
||||
make
|
||||
```
|
||||
|
||||
requires go 1.23+
|
||||
|
||||
## usage
|
||||
|
||||
```bash
|
||||
# basic scan
|
||||
./sif -u https://example.com
|
||||
|
||||
# directory fuzzing
|
||||
./sif -u https://example.com -dirlist medium
|
||||
|
||||
# subdomain enumeration
|
||||
./sif -u https://example.com -dnslist medium
|
||||
|
||||
# port scanning
|
||||
./sif -u https://example.com -ports common
|
||||
|
||||
# javascript framework detection + cloud misconfig
|
||||
./sif -u https://example.com -js -c3
|
||||
|
||||
# everything
|
||||
./sif -u https://example.com -all
|
||||
```
|
||||
|
||||
run `./sif -h` for all options.
|
||||
|
||||
## modules
|
||||
|
||||
| module | description |
|
||||
|--------|-------------|
|
||||
| `dirlist` | directory and file fuzzing |
|
||||
| `dnslist` | subdomain enumeration |
|
||||
| `ports` | port and service scanning |
|
||||
| `nuclei` | vulnerability scanning with nuclei templates |
|
||||
| `dork` | automated google dorking |
|
||||
| `js` | javascript framework detection (next.js, supabase) |
|
||||
| `c3` | cloud storage misconfiguration scanning |
|
||||
| `headers` | http header analysis |
|
||||
| `takeover` | subdomain takeover detection |
|
||||
| `cms` | cms detection |
|
||||
| `whois` | whois lookups |
|
||||
| `git` | exposed git repository detection |
|
||||
|
||||
## contribute
|
||||
|
||||
contributions welcome. see [contributing.md](CONTRIBUTING.md) for guidelines.
|
||||
|
||||
```bash
|
||||
# format
|
||||
gofmt -w .
|
||||
|
||||
# lint
|
||||
golangci-lint run
|
||||
|
||||
# test
|
||||
go test ./...
|
||||
```
|
||||
|
||||
## contributors
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
|
||||
<!-- prettier-ignore-start -->
|
||||
@@ -43,6 +108,11 @@ _(__ )_ / _ __/
|
||||
<tbody>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://vmfunc.re"><img src="https://avatars.githubusercontent.com/u/59031302?v=4?s=100" width="100px;" alt="mel"/><br /><sub><b>mel</b></sub></a><br /><a href="#maintenance-vmfunc" title="Maintenance">🚧</a> <a href="#mentoring-vmfunc" title="Mentoring">🧑🏫</a> <a href="#projectManagement-vmfunc" title="Project Management">📆</a> <a href="#security-vmfunc" title="Security">🛡️</a> <a href="#test-vmfunc" title="Tests">⚠️</a> <a href="#business-vmfunc" title="Business development">💼</a> <a href="#code-vmfunc" title="Code">💻</a> <a href="#design-vmfunc" title="Design">🎨</a> <a href="#financial-vmfunc" title="Financial">💵</a> <a href="#ideas-vmfunc" title="Ideas, Planning, & Feedback">🤔</a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://projectdiscovery.io"><img src="https://avatars.githubusercontent.com/u/50994705?v=4?s=100" width="100px;" alt="ProjectDiscovery"/><br /><sub><b>ProjectDiscovery</b></sub></a><br /><a href="#platform-projectdiscovery" title="Packaging/porting to new platform">📦</a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/macdoos"><img src="https://avatars.githubusercontent.com/u/127897805?v=4?s=100" width="100px;" alt="macdoos"/><br /><sub><b>macdoos</b></sub></a><br /><a href="#code-macdoos" title="Code">💻</a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://epitech.eu"><img src="https://avatars.githubusercontent.com/u/75166283?v=4?s=100" width="100px;" alt="Matthieu Witrowiez"/><br /><sub><b>Matthieu Witrowiez</b></sub></a><br /><a href="#ideas-D3adPlays" title="Ideas, Planning, & Feedback">🤔</a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/tessa-u-k"><img src="https://avatars.githubusercontent.com/u/109355732?v=4?s=100" width="100px;" alt="tessa "/><br /><sub><b>tessa </b></sub></a><br /><a href="#infra-tessa-u-k" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#question-tessa-u-k" title="Answering Questions">💬</a> <a href="#userTesting-tessa-u-k" title="User Testing">📓</a></td>
|
||||
<td align="center" valign="top" width="14.28%"><a href="https://github.com/xyzeva"><img src="https://avatars.githubusercontent.com/u/133499694?v=4?s=100" width="100px;" alt="Eva"/><br /><sub><b>Eva</b></sub></a><br /><a href="#blog-xyzeva" title="Blogposts">📝</a> <a href="#content-xyzeva" title="Content">🖋</a> <a href="#research-xyzeva" title="Research">🔬</a> <a href="#security-xyzeva" title="Security">🛡️</a> <a href="#test-xyzeva" title="Tests">⚠️</a> <a href="#code-xyzeva" title="Code">💻</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
@@ -52,8 +122,13 @@ _(__ )_ / _ __/
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||||
|
||||
## Contributing and support
|
||||
## acknowledgements
|
||||
|
||||
Please join [our Discord server](https://discord.gg/uzQv4YbJ8W) to discuss sif development and to ask questions. Feel free to open an issue on GitHub requesting an addition to sif or asking for help with an issue.
|
||||
- [projectdiscovery](https://projectdiscovery.io/) for nuclei and other security tools
|
||||
- [shodan](https://www.shodan.io/) for infrastructure intelligence
|
||||
|
||||
Contributions are welcome! Make sure to read `CONTRIBUTING.md` before submitting a pull request.
|
||||
---
|
||||
|
||||
<div align="center">
|
||||
<sub>bsd 3-clause license · made by vmfunc, xyzeva, and contributors</sub>
|
||||
</div>
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 115 KiB After Width: | Height: | Size: 1.5 MiB |
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
module github.com/dropalldatabases/sif
|
||||
|
||||
go 1.21
|
||||
go 1.23
|
||||
|
||||
toolchain go1.25.5
|
||||
|
||||
require (
|
||||
github.com/antchfx/htmlquery v1.3.0
|
||||
@@ -76,7 +78,7 @@ require (
|
||||
github.com/gobwas/pool v0.2.1 // indirect
|
||||
github.com/gobwas/ws v1.2.1 // indirect
|
||||
github.com/gocolly/colly/v2 v2.1.0 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/protobuf v1.5.3 // indirect
|
||||
github.com/golang/snappy v0.0.4 // indirect
|
||||
@@ -154,7 +156,7 @@ require (
|
||||
github.com/projectdiscovery/sarif v0.0.1 // indirect
|
||||
github.com/projectdiscovery/tlsx v1.1.4 // indirect
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.4 // indirect
|
||||
github.com/quic-go/quic-go v0.42.0 // indirect
|
||||
github.com/quic-go/quic-go v0.48.2 // indirect
|
||||
github.com/refraction-networking/utls v1.5.4 // indirect
|
||||
github.com/remeh/sizedwaitgroup v1.0.0 // indirect
|
||||
github.com/rivo/uniseg v0.4.4 // indirect
|
||||
@@ -202,17 +204,17 @@ require (
|
||||
go.uber.org/multierr v1.11.0 // indirect
|
||||
go.uber.org/zap v1.25.0 // indirect
|
||||
goftp.io/server/v2 v2.0.1 // indirect
|
||||
golang.org/x/crypto v0.21.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
|
||||
golang.org/x/mod v0.12.0 // indirect
|
||||
golang.org/x/net v0.23.0 // indirect
|
||||
golang.org/x/crypto v0.26.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
|
||||
golang.org/x/mod v0.17.0 // indirect
|
||||
golang.org/x/net v0.28.0 // indirect
|
||||
golang.org/x/oauth2 v0.11.0 // indirect
|
||||
golang.org/x/sync v0.6.0 // indirect
|
||||
golang.org/x/sys v0.20.0 // indirect
|
||||
golang.org/x/term v0.18.0 // indirect
|
||||
golang.org/x/text v0.14.0 // indirect
|
||||
golang.org/x/sync v0.8.0 // indirect
|
||||
golang.org/x/sys v0.23.0 // indirect
|
||||
golang.org/x/term v0.23.0 // indirect
|
||||
golang.org/x/text v0.17.0 // indirect
|
||||
golang.org/x/time v0.5.0 // indirect
|
||||
golang.org/x/tools v0.13.0 // indirect
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/protobuf v1.33.0 // indirect
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
|
||||
|
||||
@@ -141,8 +141,6 @@ github.com/gaukas/godicttls v0.0.4 h1:NlRaXb3J6hAnTmWdsEKb9bcSBD6BvcIjdGdeb0zfXb
|
||||
github.com/gaukas/godicttls v0.0.4/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI=
|
||||
github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
|
||||
github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
|
||||
github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
|
||||
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
|
||||
github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
|
||||
github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
|
||||
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
|
||||
@@ -155,8 +153,6 @@ github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+j
|
||||
github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
|
||||
github.com/go-rod/rod v0.114.0 h1:P+zLOqsj+vKf4C86SfjP6ymyPl9VXoYKm+ceCeQms6Y=
|
||||
github.com/go-rod/rod v0.114.0/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw=
|
||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
|
||||
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
|
||||
github.com/goburrow/cache v0.1.4 h1:As4KzO3hgmzPlnaMniZU9+VmoNYseUhuELbxy9mRBfw=
|
||||
github.com/goburrow/cache v0.1.4/go.mod h1:cDFesZDnIlrHoNlMYqqMpCRawuXulgx+y7mXU8HZ+/c=
|
||||
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
|
||||
@@ -172,8 +168,8 @@ github.com/gocolly/colly/v2 v2.1.0 h1:k0DuZkDoCsx51bKpRJNEmcxcp+W5N8ziuwGaSDuFoG
|
||||
github.com/gocolly/colly/v2 v2.1.0/go.mod h1:I2MuhsLjQ+Ex+IzK3afNS8/1qP3AedHOusRPcRdC5o0=
|
||||
github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||
github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
|
||||
@@ -207,8 +203,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
|
||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
|
||||
github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
|
||||
github.com/google/go-github/v30 v30.1.0 h1:VLDx+UolQICEOKu2m4uAoMti1SxuEBAl7RSEG16L+Oo=
|
||||
@@ -218,8 +215,6 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO
|
||||
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
|
||||
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
|
||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
|
||||
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
|
||||
github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
|
||||
@@ -353,8 +348,6 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
|
||||
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
|
||||
github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
|
||||
github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=
|
||||
github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k=
|
||||
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||
github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
|
||||
github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
|
||||
@@ -428,8 +421,8 @@ github.com/projectdiscovery/utils v0.1.1/go.mod h1:EPuSvVIvp61nXJD5EO65vaCv82Ouh
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE=
|
||||
github.com/projectdiscovery/yamldoc-go v1.0.4/go.mod h1:8PIPRcUD55UbtQdcfFR1hpIGRWG0P7alClXNGt1TBik=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/quic-go/quic-go v0.42.0 h1:uSfdap0eveIl8KXnipv9K7nlwZ5IqLlYOpJ58u5utpM=
|
||||
github.com/quic-go/quic-go v0.42.0/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M=
|
||||
github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE=
|
||||
github.com/quic-go/quic-go v0.48.2/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs=
|
||||
github.com/refraction-networking/utls v1.5.4 h1:9k6EO2b8TaOGsQ7Pl7p9w6PUhx18/ZCeT0WNTZ7Uw4o=
|
||||
github.com/refraction-networking/utls v1.5.4/go.mod h1:SPuDbBmgLGp8s+HLNc83FuavwZCFoMmExj+ltUHiHUw=
|
||||
github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=
|
||||
@@ -606,19 +599,19 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
|
||||
golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
|
||||
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
|
||||
golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
|
||||
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
|
||||
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
|
||||
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME=
|
||||
golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
|
||||
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
|
||||
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
|
||||
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
|
||||
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
|
||||
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
|
||||
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
|
||||
golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
@@ -648,8 +641,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
|
||||
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
|
||||
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
|
||||
golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
|
||||
golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
|
||||
golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
|
||||
@@ -660,8 +653,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
|
||||
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
||||
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
|
||||
golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
@@ -695,8 +688,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
|
||||
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
|
||||
golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
@@ -706,8 +699,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
|
||||
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
|
||||
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
|
||||
golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
|
||||
golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
@@ -718,8 +711,8 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
|
||||
golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
|
||||
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
|
||||
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
|
||||
@@ -734,8 +727,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
|
||||
golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
|
||||
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
|
||||
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
|
||||
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package format
|
||||
|
||||
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package templates
|
||||
|
||||
+12
-24
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
// Package styles provides custom styling options for the SIF tool's console output.
|
||||
@@ -66,13 +54,13 @@ var (
|
||||
|
||||
// Severity level styles for color-coding vulnerability severities
|
||||
var (
|
||||
SeverityLow = lipgloss.NewStyle().
|
||||
SeverityLow = lipgloss.NewStyle().
|
||||
Foreground(lipgloss.Color("#00ff00"))
|
||||
|
||||
SeverityMedium = lipgloss.NewStyle().
|
||||
SeverityMedium = lipgloss.NewStyle().
|
||||
Foreground(lipgloss.Color("#ffff00"))
|
||||
|
||||
SeverityHigh = lipgloss.NewStyle().
|
||||
SeverityHigh = lipgloss.NewStyle().
|
||||
Foreground(lipgloss.Color("#ff8800"))
|
||||
|
||||
SeverityCritical = lipgloss.NewStyle().
|
||||
|
||||
+29
-41
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package config
|
||||
@@ -32,26 +20,26 @@ import (
|
||||
)
|
||||
|
||||
type Settings struct {
|
||||
Dirlist string
|
||||
Dnslist string
|
||||
Debug bool
|
||||
LogDir string
|
||||
NoScan bool
|
||||
Ports string
|
||||
Dorking bool
|
||||
Git bool
|
||||
Whois bool
|
||||
Threads int
|
||||
Nuclei bool
|
||||
JavaScript bool
|
||||
Timeout time.Duration
|
||||
URLs goflags.StringSlice
|
||||
File string
|
||||
ApiMode bool
|
||||
Template string
|
||||
CMS bool
|
||||
Headers bool
|
||||
CloudStorage bool
|
||||
Dirlist string
|
||||
Dnslist string
|
||||
Debug bool
|
||||
LogDir string
|
||||
NoScan bool
|
||||
Ports string
|
||||
Dorking bool
|
||||
Git bool
|
||||
Whois bool
|
||||
Threads int
|
||||
Nuclei bool
|
||||
JavaScript bool
|
||||
Timeout time.Duration
|
||||
URLs goflags.StringSlice
|
||||
File string
|
||||
ApiMode bool
|
||||
Template string
|
||||
CMS bool
|
||||
Headers bool
|
||||
CloudStorage bool
|
||||
SubdomainTakeover bool
|
||||
}
|
||||
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package logger
|
||||
|
||||
+13
-26
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
@@ -27,9 +15,9 @@ package scan
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
@@ -92,7 +80,7 @@ func CloudStorage(url string, timeout time.Duration, logdir string) ([]CloudStor
|
||||
}
|
||||
|
||||
func extractPotentialBuckets(url string) []string {
|
||||
// This is a simple implementation.
|
||||
// This is a simple implementation.
|
||||
// TODO: add more cases
|
||||
parts := strings.Split(url, ".")
|
||||
var buckets []string
|
||||
@@ -100,11 +88,11 @@ func extractPotentialBuckets(url string) []string {
|
||||
buckets = append(buckets, part)
|
||||
buckets = append(buckets, part+"-s3")
|
||||
buckets = append(buckets, "s3-"+part)
|
||||
|
||||
|
||||
if i < len(parts)-1 {
|
||||
domainExtension := part + "-" + parts[i+1]
|
||||
buckets = append(buckets, domainExtension)
|
||||
buckets = append(buckets, parts[i+1] + "-" + part)
|
||||
buckets = append(buckets, parts[i+1]+"-"+part)
|
||||
}
|
||||
}
|
||||
return buckets
|
||||
@@ -121,4 +109,3 @@ func checkS3Bucket(bucket string, client *http.Client) (bool, error) {
|
||||
// If we can access the bucket listing, it's public
|
||||
return resp.StatusCode == http.StatusOK, nil
|
||||
}
|
||||
|
||||
|
||||
+10
-23
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
@@ -28,9 +16,9 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
@@ -57,7 +45,6 @@ func CMS(url string, timeout time.Duration, logdir string) (*CMSResult, error) {
|
||||
cmslog := log.NewWithOptions(os.Stderr, log.Options{
|
||||
Prefix: "CMS 🔍",
|
||||
}).With("url", url)
|
||||
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: timeout,
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
|
||||
+17
-23
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
// Package scan provides various security scanning functionalities for web applications.
|
||||
@@ -108,11 +96,17 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) ([]Dork
|
||||
defer wg.Done()
|
||||
|
||||
for i, dork := range dorks {
|
||||
|
||||
|
||||
if i%threads != thread {
|
||||
continue
|
||||
}
|
||||
|
||||
results, _ := googlesearch.Search(nil, fmt.Sprintf("%s %s", dork, sanitizedURL))
|
||||
results, err := googlesearch.Search(nil, fmt.Sprintf("%s %s", dork, sanitizedURL))
|
||||
if err != nil {
|
||||
dorklog.Debugf("error searching for dork %s: %v", dork, err)
|
||||
continue
|
||||
}
|
||||
if len(results) > 0 {
|
||||
dorklog.Infof("%s dork results found for dork [%s]", styles.Status.Render(strconv.Itoa(len(results))), styles.Highlight.Render(dork))
|
||||
if logdir != "" {
|
||||
@@ -132,4 +126,4 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) ([]Dork
|
||||
wg.Wait()
|
||||
|
||||
return dorkResults, nil
|
||||
}
|
||||
}
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
|
||||
+10
-23
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
@@ -27,9 +15,9 @@ package scan
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
@@ -81,4 +69,3 @@ func Headers(url string, timeout time.Duration, logdir string) ([]HeaderResult,
|
||||
|
||||
return results, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -1,28 +1,15 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
What we are doing is abusing a internal file in Next.js pages router called
|
||||
_buildManifest.js which lists all routes and script files ever referenced in
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package js
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
// todo: scan for storage and auth vulns
|
||||
|
||||
+17
-23
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
@@ -70,7 +58,10 @@ func Nuclei(url string, timeout time.Duration, threads int, logdir string) ([]ou
|
||||
|
||||
// Get templates
|
||||
templates.Install(nucleilog)
|
||||
pwd, _ := os.Getwd()
|
||||
pwd, err := os.Getwd()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get working directory: %w", err)
|
||||
}
|
||||
config.DefaultConfig.SetTemplatesDir(pwd)
|
||||
catalog := disk.NewCatalog(pwd)
|
||||
|
||||
@@ -90,7 +81,10 @@ func Nuclei(url string, timeout time.Duration, threads int, logdir string) ([]ou
|
||||
defer cache.Close()
|
||||
|
||||
progressClient := &testutils.MockProgressClient{}
|
||||
reportingClient, _ := reporting.New(&reporting.Options{}, "")
|
||||
reportingClient, err := reporting.New(&reporting.Options{}, "")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create reporting client: %w", err)
|
||||
}
|
||||
defer reportingClient.Close()
|
||||
|
||||
interactOpts := interactsh.DefaultOptions(outputWriter, reportingClient, progressClient)
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
|
||||
+9
-22
@@ -1,28 +1,15 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
|
||||
// The scan package provides a collection of security scanning functions.
|
||||
//
|
||||
// Each scanning function typically returns a slice of custom result structures and an error.
|
||||
|
||||
@@ -0,0 +1,202 @@
|
||||
package scan
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
)
|
||||
|
||||
func TestCheckSubdomainTakeover_GitHubPages(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte("There isn't a GitHub Pages site here."))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
host := strings.TrimPrefix(server.URL, "http://")
|
||||
|
||||
vulnerable, service := checkSubdomainTakeover(host, client)
|
||||
|
||||
if !vulnerable {
|
||||
t.Error("expected subdomain to be vulnerable")
|
||||
}
|
||||
if service != "GitHub Pages" {
|
||||
t.Errorf("expected service 'GitHub Pages', got '%s'", service)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckSubdomainTakeover_NotVulnerable(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte("<html><body>Normal website content</body></html>"))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
host := strings.TrimPrefix(server.URL, "http://")
|
||||
|
||||
vulnerable, service := checkSubdomainTakeover(host, client)
|
||||
|
||||
if vulnerable {
|
||||
t.Error("expected subdomain to not be vulnerable")
|
||||
}
|
||||
if service != "" {
|
||||
t.Errorf("expected empty service, got '%s'", service)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckSubdomainTakeover_Heroku(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte("No such app"))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
host := strings.TrimPrefix(server.URL, "http://")
|
||||
|
||||
vulnerable, service := checkSubdomainTakeover(host, client)
|
||||
|
||||
if !vulnerable {
|
||||
t.Error("expected subdomain to be vulnerable")
|
||||
}
|
||||
if service != "Heroku" {
|
||||
t.Errorf("expected service 'Heroku', got '%s'", service)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckSubdomainTakeover_AmazonS3(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
w.Write([]byte("The specified bucket does not exist"))
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
host := strings.TrimPrefix(server.URL, "http://")
|
||||
|
||||
vulnerable, service := checkSubdomainTakeover(host, client)
|
||||
|
||||
if !vulnerable {
|
||||
t.Error("expected subdomain to be vulnerable")
|
||||
}
|
||||
if service != "Amazon S3" {
|
||||
t.Errorf("expected service 'Amazon S3', got '%s'", service)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckSubdomainTakeover_ConnectionError(t *testing.T) {
|
||||
client := &http.Client{Timeout: 1 * time.Second}
|
||||
|
||||
// Use invalid host to simulate connection error
|
||||
vulnerable, service := checkSubdomainTakeover("invalid.host.that.does.not.exist.local", client)
|
||||
|
||||
if vulnerable {
|
||||
t.Error("expected subdomain to not be vulnerable on connection error")
|
||||
}
|
||||
if service != "" {
|
||||
t.Errorf("expected empty service, got '%s'", service)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchRobotsTXT_Success(t *testing.T) {
|
||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path == "/robots.txt" {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte("User-agent: *\nDisallow: /admin"))
|
||||
}
|
||||
}))
|
||||
defer server.Close()
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
resp := fetchRobotsTXT(server.URL+"/robots.txt", client)
|
||||
|
||||
if resp == nil {
|
||||
t.Fatal("expected response, got nil")
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
t.Errorf("expected status 200, got %d", resp.StatusCode)
|
||||
}
|
||||
}
|
||||
|
||||
func TestFetchRobotsTXT_Redirect(t *testing.T) {
|
||||
finalServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte("User-agent: *\nDisallow: /secret"))
|
||||
}))
|
||||
defer finalServer.Close()
|
||||
|
||||
redirectServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Location", finalServer.URL+"/robots.txt")
|
||||
w.WriteHeader(http.StatusMovedPermanently)
|
||||
}))
|
||||
defer redirectServer.Close()
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: 5 * time.Second,
|
||||
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
||||
return http.ErrUseLastResponse
|
||||
},
|
||||
}
|
||||
resp := fetchRobotsTXT(redirectServer.URL+"/robots.txt", client)
|
||||
|
||||
if resp == nil {
|
||||
t.Fatal("expected response after redirect, got nil")
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
t.Errorf("expected status 200, got %d", resp.StatusCode)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSubdomainTakeoverResult(t *testing.T) {
|
||||
result := SubdomainTakeoverResult{
|
||||
Subdomain: "test.example.com",
|
||||
Vulnerable: true,
|
||||
Service: "GitHub Pages",
|
||||
}
|
||||
|
||||
if result.Subdomain != "test.example.com" {
|
||||
t.Errorf("expected subdomain 'test.example.com', got '%s'", result.Subdomain)
|
||||
}
|
||||
if !result.Vulnerable {
|
||||
t.Error("expected vulnerable to be true")
|
||||
}
|
||||
if result.Service != "GitHub Pages" {
|
||||
t.Errorf("expected service 'GitHub Pages', got '%s'", result.Service)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDorkResult(t *testing.T) {
|
||||
result := DorkResult{
|
||||
Url: "site:example.com filetype:pdf",
|
||||
Count: 42,
|
||||
}
|
||||
|
||||
if result.Url != "site:example.com filetype:pdf" {
|
||||
t.Errorf("expected url 'site:example.com filetype:pdf', got '%s'", result.Url)
|
||||
}
|
||||
if result.Count != 42 {
|
||||
t.Errorf("expected count 42, got %d", result.Count)
|
||||
}
|
||||
}
|
||||
|
||||
func TestHeaderResult(t *testing.T) {
|
||||
result := HeaderResult{
|
||||
Name: "Content-Type",
|
||||
Value: "application/json",
|
||||
}
|
||||
|
||||
if result.Name != "Content-Type" {
|
||||
t.Errorf("expected name 'Content-Type', got '%s'", result.Name)
|
||||
}
|
||||
if result.Value != "application/json" {
|
||||
t.Errorf("expected value 'application/json', got '%s'", result.Value)
|
||||
}
|
||||
}
|
||||
@@ -1,25 +1,37 @@
|
||||
/*
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
"sync"
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
"github.com/dropalldatabases/sif/pkg/logger"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// SubdomainTakeoverResult represents the outcome of a subdomain takeover vulnerability check.
|
||||
// It includes the subdomain tested, whether it's vulnerable, and the potentially vulnerable service.
|
||||
type SubdomainTakeoverResult struct {
|
||||
Subdomain string `json:"subdomain"`
|
||||
Vulnerable bool `json:"vulnerable"`
|
||||
Service string `json:"service,omitempty"`
|
||||
Subdomain string `json:"subdomain"`
|
||||
Vulnerable bool `json:"vulnerable"`
|
||||
Service string `json:"service,omitempty"`
|
||||
}
|
||||
|
||||
// SubdomainTakeover checks for potential subdomain takeover vulnerabilities.
|
||||
@@ -115,7 +127,10 @@ func checkSubdomainTakeover(subdomain string, client *http.Client) (bool, string
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return false, ""
|
||||
}
|
||||
bodyString := string(body)
|
||||
|
||||
// Check for common takeover signatures in the response
|
||||
|
||||
+9
-21
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package scan
|
||||
|
||||
@@ -1,25 +1,13 @@
|
||||
/*
|
||||
╔══════════════════════════════════════════════════════════════════════════════╗
|
||||
║ ║
|
||||
║ SIF ║
|
||||
║ ║
|
||||
║ Blazing-fast pentesting suite written in Go ║
|
||||
║ ║
|
||||
║ Copyright (c) 2023-2024 vmfunc, xyzeva, lunchcat contributors ║
|
||||
║ and other sif contributors. ║
|
||||
║ ║
|
||||
║ ║
|
||||
║ Use of this tool is restricted to research and educational ║
|
||||
║ purposes only. Usage in a production environment outside ║
|
||||
║ of these categories is strictly prohibited. ║
|
||||
║ ║
|
||||
║ Any person or entity wishing to use this tool outside of ║
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
: :
|
||||
: █▀ █ █▀▀ · Blazing-fast pentesting suite :
|
||||
: ▄█ █ █▀ · BSD 3-Clause License :
|
||||
: :
|
||||
: (c) 2022-2025 vmfunc (vmfunc), xyzeva, :
|
||||
: lunchcat alumni & contributors :
|
||||
: :
|
||||
·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
|
||||
*/
|
||||
|
||||
package utils
|
||||
|
||||
@@ -91,6 +91,8 @@ func (app *App) Run() error {
|
||||
}
|
||||
}
|
||||
|
||||
scansRun := []string{}
|
||||
|
||||
for _, url := range app.targets {
|
||||
if !strings.Contains(url, "://") {
|
||||
return errors.New(fmt.Sprintf("URL %s must include leading protocol", url))
|
||||
@@ -108,6 +110,7 @@ func (app *App) Run() error {
|
||||
|
||||
if !app.settings.NoScan {
|
||||
scan.Scan(url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
|
||||
scansRun = append(scansRun, "Basic Scan")
|
||||
}
|
||||
|
||||
if app.settings.Dirlist != "none" {
|
||||
@@ -116,6 +119,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running directory scan: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"dirlist", result})
|
||||
scansRun = append(scansRun, "Directory Listing")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -128,6 +132,7 @@ func (app *App) Run() error {
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"dnslist", result})
|
||||
dnsResults = result // Store the DNS results
|
||||
scansRun = append(scansRun, "DNS Scan")
|
||||
}
|
||||
|
||||
// Only run subdomain takeover check if DNS scan is enabled
|
||||
@@ -137,23 +142,36 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Subdomain Takeover Vulnerability Check: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"subdomain_takeover", result})
|
||||
scansRun = append(scansRun, "Subdomain Takeover")
|
||||
}
|
||||
}
|
||||
} else if app.settings.SubdomainTakeover {
|
||||
log.Warnf("Subdomain Takeover check is enabled but DNS scan is disabled. Skipping Subdomain Takeover check.")
|
||||
}
|
||||
|
||||
if app.settings.Dorking {
|
||||
result, err := scan.Dork(url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
|
||||
if err != nil {
|
||||
log.Errorf("Error while running Dork module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"dork", result})
|
||||
scansRun = append(scansRun, "Dork")
|
||||
}
|
||||
}
|
||||
|
||||
if app.settings.Ports != "none" {
|
||||
result, err := scan.Ports(app.settings.Ports, url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
|
||||
if err != nil {
|
||||
log.Errorf("Error while running port scan: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"portscan", result})
|
||||
scansRun = append(scansRun, "Port Scan")
|
||||
}
|
||||
}
|
||||
|
||||
if app.settings.Whois {
|
||||
scan.Whois(url, app.settings.LogDir)
|
||||
scansRun = append(scansRun, "Whois")
|
||||
}
|
||||
|
||||
// func Git(url string, timeout time.Duration, threads int, logdir string)
|
||||
@@ -163,6 +181,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Git module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"git", result})
|
||||
scansRun = append(scansRun, "Git")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -172,6 +191,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Nuclei module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"nuclei", result})
|
||||
scansRun = append(scansRun, "Nuclei")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -181,6 +201,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running JS module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"js", result})
|
||||
scansRun = append(scansRun, "JS")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -188,6 +209,7 @@ func (app *App) Run() error {
|
||||
result, err := scan.CMS(url, app.settings.Timeout, app.settings.LogDir)
|
||||
if err != nil {
|
||||
log.Errorf("Error while running CMS detection: %s", err)
|
||||
scansRun = append(scansRun, "CMS")
|
||||
} else if result != nil {
|
||||
moduleResults = append(moduleResults, ModuleResult{"cms", result})
|
||||
}
|
||||
@@ -199,6 +221,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running HTTP Header Analysis: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"headers", result})
|
||||
scansRun = append(scansRun, "HTTP Headers")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -208,6 +231,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running C3 Scan: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"cloudstorage", result})
|
||||
scansRun = append(scansRun, "Cloud Storage")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -218,6 +242,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Subdomain Takeover Vulnerability Check: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"subdomain_takeover", result})
|
||||
scansRun = append(scansRun, "Subdomain Takeover")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -236,12 +261,16 @@ func (app *App) Run() error {
|
||||
}
|
||||
|
||||
if !app.settings.ApiMode {
|
||||
scansRunList := " • " + strings.Join(scansRun, "\n • ")
|
||||
if app.settings.LogDir != "" {
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n📂 Output saved to files: %s\n", strings.Join(app.logFiles, ", "))))
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n📂 Output saved to files: %s\n\n🔍 Ran scans:\n%s",
|
||||
strings.Join(app.logFiles, ", "),
|
||||
scansRunList)))
|
||||
} else {
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n")))
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n\n🔍 Ran scans:\n%s",
|
||||
scansRunList)))
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user