Compare commits

...

31 Commits

Author SHA1 Message Date
vmfunc 806e8b0970 design: update banner 2024-11-14 06:51:54 +01:00
vmfunc 1a0245840e Merge pull request #38 from lunchcat/dependabot/go_modules/go_modules-403cefacee
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group
2024-11-05 00:36:18 +01:00
dependabot[bot] 8a0ed28bd5 build(deps): bump github.com/golang-jwt/jwt/v4 in the go_modules group
Bumps the go_modules group with 1 update: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt).


Updates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-11-04 23:33:18 +00:00
vmfunc c3805c7aee fix<dork>: properly process feature flag 2024-10-22 09:15:36 +02:00
vmfunc ceb8712204 ci: various improvements to workflow 2024-10-15 02:51:52 +02:00
vmfunc b335a45a82 chore<format>: gofmt whitespace removal 2024-10-15 02:32:48 +02:00
vmfunc 1048a97355 feat<sif>: log scan overview 2024-10-15 00:14:59 +02:00
vmfunc cceb60a423 fix<contrib>: fix contributor file 2024-10-13 00:56:23 +02:00
vmfunc bf5fd7c566 fix: replace modules with features 2024-10-13 00:49:12 +02:00
vmfunc 16a73f274b feat: improve readme 2024-10-13 00:44:50 +02:00
vmfunc fcc0ba0ea4 Merge pull request #36 from lunchcat/all-contributors/add-projectdiscovery
docs: add projectdiscovery as a contributor for platform
2024-10-13 00:32:48 +02:00
vmfunc b619ed026a Merge branch 'main' into all-contributors/add-projectdiscovery 2024-10-13 00:32:41 +02:00
vmfunc 26b35c1cbc Merge pull request #35 from lunchcat/all-contributors/add-macdoos
docs: add macdoos as a contributor for code
2024-10-13 00:31:55 +02:00
vmfunc 4a51ddda95 Merge branch 'main' into all-contributors/add-macdoos 2024-10-13 00:31:50 +02:00
vmfunc 3eae11695d Merge pull request #34 from lunchcat/all-contributors/add-D3adPlays
docs: add D3adPlays as a contributor for ideas
2024-10-13 00:31:10 +02:00
vmfunc c29227d26b Merge branch 'main' into all-contributors/add-D3adPlays 2024-10-13 00:31:04 +02:00
vmfunc 0279ea9b0a Merge pull request #33 from lunchcat/all-contributors/add-tessa-u-k
docs: add tessa-u-k as a contributor for infra, question, and userTesting
2024-10-13 00:30:16 +02:00
vmfunc dfe8004544 Merge branch 'main' into all-contributors/add-tessa-u-k 2024-10-13 00:27:32 +02:00
vmfunc 2816887a7a Merge pull request #32 from lunchcat/all-contributors/add-xyzeva
docs: add xyzeva as a contributor for blog, content, and 4 more
2024-10-13 00:25:45 +02:00
allcontributors[bot] ae82c2066d docs: update .all-contributorsrc 2024-10-12 22:25:28 +00:00
allcontributors[bot] cebfe62bcf docs: update README.md 2024-10-12 22:25:27 +00:00
allcontributors[bot] a79ffd08d4 docs: update .all-contributorsrc 2024-10-12 22:25:16 +00:00
allcontributors[bot] 22fba38ff6 docs: update README.md 2024-10-12 22:25:15 +00:00
allcontributors[bot] dd28daf795 docs: update .all-contributorsrc 2024-10-12 22:25:08 +00:00
allcontributors[bot] 7c080e99a8 docs: update README.md 2024-10-12 22:25:07 +00:00
allcontributors[bot] 7c9ba8da80 docs: update .all-contributorsrc 2024-10-12 22:24:49 +00:00
allcontributors[bot] 814be003ad docs: update README.md 2024-10-12 22:24:48 +00:00
allcontributors[bot] 2a87a5790f docs: update .all-contributorsrc 2024-10-12 22:24:41 +00:00
allcontributors[bot] 8e76b40b53 docs: update README.md 2024-10-12 22:24:40 +00:00
vmfunc e3b87e5138 Merge pull request #31 from lunchcat/all-contributors/add-vmfunc
docs: add vmfunc as a contributor for maintenance, mentoring, and 8 more
2024-10-13 00:24:12 +02:00
vmfunc 3cd45523a3 Merge pull request #30 from lunchcat/all-contributors/add-vmfunc
docs: add vmfunc as a contributor for maintenance
2024-10-13 00:18:12 +02:00
39 changed files with 549 additions and 86 deletions
+51
View File
@@ -25,6 +25,57 @@
"financial",
"ideas"
]
},
{
"login": "projectdiscovery",
"name": "ProjectDiscovery",
"avatar_url": "https://avatars.githubusercontent.com/u/50994705?v=4",
"profile": "https://projectdiscovery.io",
"contributions": [
"platform"
]
},
{
"login": "macdoos",
"name": "macdoos",
"avatar_url": "https://avatars.githubusercontent.com/u/127897805?v=4",
"profile": "https://github.com/macdoos",
"contributions": [
]
},
{
"login": "D3adPlays",
"name": "Matthieu Witrowiez",
"avatar_url": "https://avatars.githubusercontent.com/u/75166283?v=4",
"profile": "https://epitech.eu",
"contributions": [
"ideas"
]
},
{
"login": "tessa-u-k",
"name": "tessa ",
"avatar_url": "https://avatars.githubusercontent.com/u/109355732?v=4",
"profile": "https://github.com/tessa-u-k",
"contributions": [
"infra",
"question",
"userTesting"
]
},
{
"login": "xyzeva",
"name": "Eva",
"avatar_url": "https://avatars.githubusercontent.com/u/133499694?v=4",
"profile": "https://github.com/xyzeva",
"contributions": [
"blog",
"content",
"research",
"security",
"test",
"code"
]
}
]
}
+18
View File
@@ -0,0 +1,18 @@
name: Automatic Rebase
on:
issue_comment:
types: [created]
jobs:
rebase:
name: Rebase
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
runs-on: ubuntu-latest
steps:
- name: Checkout the latest code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Automatic Rebase
uses: cirrus-actions/rebase@1.8
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+18
View File
@@ -0,0 +1,18 @@
name: Check Large Files
on:
pull_request:
push:
branches: [main]
jobs:
check-large-files:
name: Check for large files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check for large files
run: |
find . -type f -size +5M | while read file; do
echo "::error file=${file}::File ${file} is larger than 5MB"
done
+22
View File
@@ -0,0 +1,22 @@
name: "Dependency Review"
on:
pull_request:
push:
branches: [main]
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- name: "Checkout Repository"
uses: actions/checkout@v3
- name: "Dependency Review"
uses: actions/dependency-review-action@v3
continue-on-error: ${{ github.event_name == 'push' }}
- name: "Check Dependency Review Outcome"
if: github.event_name == 'push' && failure()
run: |
echo "::warning::Dependency review failed. Please check the dependencies for potential issues."
+25
View File
@@ -0,0 +1,25 @@
name: Mind your language
on:
issues:
types:
- opened
- edited
issue_comment:
types:
- created
- edited
pull_request_review_comment:
types:
- created
- edited
jobs:
echo_issue_comment:
runs-on: ubuntu-latest
name: profanity check
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Profanity check step
uses: tailaiw/mind-your-language-action@v1.0.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+18
View File
@@ -0,0 +1,18 @@
name: Markdown Lint
on:
pull_request:
paths:
- "**/*.md"
jobs:
markdownlint:
name: runner / markdownlint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: markdownlint
uses: reviewdog/action-markdownlint@v0.10.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
+36
View File
@@ -0,0 +1,36 @@
name: Memer Workflow
on: [pull_request]
jobs:
greeting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Run Memer Action
id: memer
uses: Bhupesh-V/memer-action@master
with:
filter: "new"
- name: Check Outputs
run: |
echo "${{ steps.memer.outputs.meme }}"
echo "${{ steps.memer.outputs.title }}"
echo "${{ steps.memer.outputs.source }}"
- name: Create comment
uses: peter-evans/create-or-update-comment@v1.3.0
id: couc
with:
issue-number: ${{ github.event.number }}
body: |
🎉🎉 Thanks for opening this PR/Issue
Please wait while the maintainer(s) review it
Meanwhile have a look at this:
> **${{ steps.memer.outputs.title }}**
![meme](${{ steps.memer.outputs.meme }})
<sub>️ <a href="${{ steps.memer.outputs.source }}">Source</a> [ Powered By 🔥 <a href="https://github.com/Bhupesh-V/memer-action">Memer Action</a> ]</sub>
+20
View File
@@ -0,0 +1,20 @@
name: Misspell Check
on:
pull_request:
push:
branches: [main]
jobs:
misspell:
name: runner / misspell
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: misspell
uses: reviewdog/action-misspell@v1.13.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
level: warning
locale: "US"
+16
View File
@@ -0,0 +1,16 @@
name: Update Report Card
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_call:
jobs:
update-report-card:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Update Go Report Card
uses: creekorful/goreportcard-action@v1.0
+71
View File
@@ -0,0 +1,71 @@
name: reviewdog
on: [pull_request]
jobs:
# NOTE: golangci-lint doesn't report multiple errors on the same line from
# different linters and just report one of the errors?
golangci-lint:
name: runner / golangci-lint
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: golangci-lint
uses: reviewdog/action-golangci-lint@v2
with:
# optionally use a specific version of Go rather than the latest one
go_version: "1.17"
# Can pass --config flag to change golangci-lint behavior and target
# directory.
golangci_lint_flags: "--config=.github/.golangci.yml ./testdata"
workdir: subdirectory/
# Use golint via golangci-lint binary with "warning" level.
golint:
name: runner / golint
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: golint
uses: reviewdog/action-golangci-lint@v2
with:
golangci_lint_flags: "--disable-all -E golint"
tool_name: golint # Change reporter name.
level: warning # GitHub Status Check won't become failure with this level.
# You can add more and more supported linters with different config.
errcheck:
name: runner / errcheck
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: errcheck
uses: reviewdog/action-golangci-lint@v2
with:
golangci_lint_flags: "--disable-all -E errcheck"
tool_name: errcheck
level: info
# Disable cache of golangci-lint result, go build and go dependencies
with_cache:
name: runner / errcheck
runs-on: ubuntu-latest
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: golangci-lint
uses: reviewdog/action-golangci-lint@v2
with:
cache: false
+18
View File
@@ -0,0 +1,18 @@
name: Shell Check
on:
pull_request:
paths:
- "**/*.sh"
jobs:
shellcheck:
name: runner / shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: shellcheck
uses: reviewdog/action-shellcheck@v1.18.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
+19
View File
@@ -0,0 +1,19 @@
name: YAML Lint
on:
pull_request:
paths:
- "**/*.yml"
- "**/*.yaml"
jobs:
yamllint:
name: runner / yamllint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: yamllint
uses: reviewdog/action-yamllint@v1.8.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
+119 -14
View File
@@ -1,12 +1,6 @@
<pre align="center">
_____________
__________(_)__ __/
__ ___/_ /__ /_
_(__ )_ / _ __/
/____/ /_/ /_/
</pre>
<h4 align="center">a blazing-fast pentesting (recon/exploitation) suite written in Go 🐾</h4>
<div align="center">
<img src="https://github.com/lunchcat/sif/blob/main/assets/banner.png?raw=true">
</div>
<div align="center">
@@ -18,7 +12,20 @@ _(__ )_ / _ __/
</div>
## Features
## 📖 Table of Contents
- [Modules](#-modules)
- [Installation](#-installation)
- [Quick Start](#-quick-start)
- [Usage](#-usage)
- [Performance](#-performance)
- [Contributing](#-contributing)
- [Contributors](#-contributors)
- [Acknowledgements](#-acknowledgements)
## 🧩 Modules
sif is built with a modular architecture, allowing for easy extension and customization. Some of our key modules include:
- 📂 Directory/file fuzzing/scanning
- 📡 DNS subdomain enumeration
@@ -34,7 +41,89 @@ _(__ )_ / _ __/
- ☁️ C3 Misconfiguration Scanner
- 🔍 Subdomain Takeover Checks
## Contributors
## 📦 Installation
### Using pre-built binaries
Visit our [Releases](https://github.com/dropalldatabases/sif/releases) page to download the latest pre-built binary for your operating system.
### Building from source
1. Ensure you have Go 1.23+ installed on your system.
2. Clone the repository:
```
git clone https://github.com/lunchcat/sif.git
cd sif
```
3. Build using the Makefile:
```
make
```
4. The binary will be available in the root directory.
## 🚀 Quick Start
1. Run a basic scan:
```
./sif -u example.com
```
2. For more options and advanced usage, refer to the help command:
```
./sif -h
```
## 🛠 Usage
sif offers a wide range of commands and options to customize your pentesting workflow. Here are some common usage examples:
- Directory fuzzing
```
./sif -u http://example.com -dirlist medium
```
- Subdomain enumeration
```
./sif -u http://example.com -dnslist medium
```
- Supabase/Firebase and C3 Vulnerability scanning
```
./sif -u https://example.com -js -c3
```
- Port scanning
```
./sif -u https://example.com -ports common
```
For a complete list of commands and options, run `./sif -h`.
## ⚡ Performance
sif is designed for high performance and efficiency:
- Written in Go for excellent concurrency and speed
- Optimized algorithms for minimal resource usage
- Supports multi-threading for faster scans
- Efficient caching mechanisms to reduce redundant operations
## 🤝 Contributing
We welcome contributions from the community! Please read our [Contributing Guidelines](CONTRIBUTING.md) before submitting a pull request.
Areas we're particularly interested in:
- New scanning modules
- Performance improvements
- Documentation enhancements
- Bug fixes and error handling improvements
## 🌟 Contributors
Thanks to these wonderful people who have contributed to sif:
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
<!-- prettier-ignore-start -->
@@ -43,6 +132,11 @@ _(__ )_ / _ __/
<tbody>
<tr>
<td align="center" valign="top" width="14.28%"><a href="https://vmfunc.re"><img src="https://avatars.githubusercontent.com/u/59031302?v=4?s=100" width="100px;" alt="mel"/><br /><sub><b>mel</b></sub></a><br /><a href="#maintenance-vmfunc" title="Maintenance">🚧</a> <a href="#mentoring-vmfunc" title="Mentoring">🧑‍🏫</a> <a href="#projectManagement-vmfunc" title="Project Management">📆</a> <a href="#security-vmfunc" title="Security">🛡️</a> <a href="#test-vmfunc" title="Tests">⚠️</a> <a href="#business-vmfunc" title="Business development">💼</a> <a href="#code-vmfunc" title="Code">💻</a> <a href="#design-vmfunc" title="Design">🎨</a> <a href="#financial-vmfunc" title="Financial">💵</a> <a href="#ideas-vmfunc" title="Ideas, Planning, & Feedback">🤔</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://projectdiscovery.io"><img src="https://avatars.githubusercontent.com/u/50994705?v=4?s=100" width="100px;" alt="ProjectDiscovery"/><br /><sub><b>ProjectDiscovery</b></sub></a><br /><a href="#platform-projectdiscovery" title="Packaging/porting to new platform">📦</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/macdoos"><img src="https://avatars.githubusercontent.com/u/127897805?v=4?s=100" width="100px;" alt="macdoos"/><br /><sub><b>macdoos</b></sub></a><br /><a href="#code-macdoos" title="Code">💻</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://epitech.eu"><img src="https://avatars.githubusercontent.com/u/75166283?v=4?s=100" width="100px;" alt="Matthieu Witrowiez"/><br /><sub><b>Matthieu Witrowiez</b></sub></a><br /><a href="#ideas-D3adPlays" title="Ideas, Planning, & Feedback">🤔</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/tessa-u-k"><img src="https://avatars.githubusercontent.com/u/109355732?v=4?s=100" width="100px;" alt="tessa "/><br /><sub><b>tessa </b></sub></a><br /><a href="#infra-tessa-u-k" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="#question-tessa-u-k" title="Answering Questions">💬</a> <a href="#userTesting-tessa-u-k" title="User Testing">📓</a></td>
<td align="center" valign="top" width="14.28%"><a href="https://github.com/xyzeva"><img src="https://avatars.githubusercontent.com/u/133499694?v=4?s=100" width="100px;" alt="Eva"/><br /><sub><b>Eva</b></sub></a><br /><a href="#blog-xyzeva" title="Blogposts">📝</a> <a href="#content-xyzeva" title="Content">🖋</a> <a href="#research-xyzeva" title="Research">🔬</a> <a href="#security-xyzeva" title="Security">🛡️</a> <a href="#test-xyzeva" title="Tests">⚠️</a> <a href="#code-xyzeva" title="Code">💻</a></td>
</tr>
</tbody>
</table>
@@ -52,8 +146,19 @@ _(__ )_ / _ __/
<!-- ALL-CONTRIBUTORS-LIST:END -->
## Contributing and support
## 🙏 Acknowledgements
Please join [our Discord server](https://discord.gg/uzQv4YbJ8W) to discuss sif development and to ask questions. Feel free to open an issue on GitHub requesting an addition to sif or asking for help with an issue.
We'd like to thank the following projects and communities for their inspiration and support:
Contributions are welcome! Make sure to read `CONTRIBUTING.md` before submitting a pull request.
- [ProjectDiscovery](https://projectdiscovery.io/) for their amazing open-source security tools
- [Shodan](https://www.shodan.io/)
- [Malcore](https://www.malcore.io/), for providing us direct API support at Lunchcat.
---
<div align="center">
<strong>Happy Hunting! 🐾</strong>
<p>
<sub>Built with ❤️ by the lunchcat team and contributors worldwide</sub>
</p>
</div>
BIN
View File
Binary file not shown.

Before

Width:  |  Height:  |  Size: 115 KiB

After

Width:  |  Height:  |  Size: 1.5 MiB

+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -76,7 +76,7 @@ require (
github.com/gobwas/pool v0.2.1 // indirect
github.com/gobwas/ws v1.2.1 // indirect
github.com/gocolly/colly/v2 v2.1.0 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
+2 -2
View File
@@ -172,8 +172,8 @@ github.com/gocolly/colly/v2 v2.1.0 h1:k0DuZkDoCsx51bKpRJNEmcxcp+W5N8ziuwGaSDuFoG
github.com/gocolly/colly/v2 v2.1.0/go.mod h1:I2MuhsLjQ+Ex+IzK3afNS8/1qP3AedHOusRPcRdC5o0=
github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+4 -4
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
@@ -66,13 +66,13 @@ var (
// Severity level styles for color-coding vulnerability severities
var (
SeverityLow = lipgloss.NewStyle().
SeverityLow = lipgloss.NewStyle().
Foreground(lipgloss.Color("#00ff00"))
SeverityMedium = lipgloss.NewStyle().
SeverityMedium = lipgloss.NewStyle().
Foreground(lipgloss.Color("#ffff00"))
SeverityHigh = lipgloss.NewStyle().
SeverityHigh = lipgloss.NewStyle().
Foreground(lipgloss.Color("#ff8800"))
SeverityCritical = lipgloss.NewStyle().
+21 -21
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
@@ -32,26 +32,26 @@ import (
)
type Settings struct {
Dirlist string
Dnslist string
Debug bool
LogDir string
NoScan bool
Ports string
Dorking bool
Git bool
Whois bool
Threads int
Nuclei bool
JavaScript bool
Timeout time.Duration
URLs goflags.StringSlice
File string
ApiMode bool
Template string
CMS bool
Headers bool
CloudStorage bool
Dirlist string
Dnslist string
Debug bool
LogDir string
NoScan bool
Ports string
Dorking bool
Git bool
Whois bool
Threads int
Nuclei bool
JavaScript bool
Timeout time.Duration
URLs goflags.StringSlice
File string
ApiMode bool
Template string
CMS bool
Headers bool
CloudStorage bool
SubdomainTakeover bool
}
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+5 -6
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
@@ -27,9 +27,9 @@ package scan
import (
"fmt"
"net/http"
"os"
"strings"
"time"
"os"
"github.com/charmbracelet/log"
"github.com/dropalldatabases/sif/internal/styles"
@@ -92,7 +92,7 @@ func CloudStorage(url string, timeout time.Duration, logdir string) ([]CloudStor
}
func extractPotentialBuckets(url string) []string {
// This is a simple implementation.
// This is a simple implementation.
// TODO: add more cases
parts := strings.Split(url, ".")
var buckets []string
@@ -100,11 +100,11 @@ func extractPotentialBuckets(url string) []string {
buckets = append(buckets, part)
buckets = append(buckets, part+"-s3")
buckets = append(buckets, "s3-"+part)
if i < len(parts)-1 {
domainExtension := part + "-" + parts[i+1]
buckets = append(buckets, domainExtension)
buckets = append(buckets, parts[i+1] + "-" + part)
buckets = append(buckets, parts[i+1]+"-"+part)
}
}
return buckets
@@ -121,4 +121,3 @@ func checkS3Bucket(bucket string, client *http.Client) (bool, error) {
// If we can access the bucket listing, it's public
return resp.StatusCode == http.StatusOK, nil
}
+2 -3
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
@@ -28,9 +28,9 @@ import (
"fmt"
"io"
"net/http"
"os"
"strings"
"time"
"os"
"github.com/charmbracelet/log"
"github.com/dropalldatabases/sif/internal/styles"
@@ -57,7 +57,6 @@ func CMS(url string, timeout time.Duration, logdir string) (*CMSResult, error) {
cmslog := log.NewWithOptions(os.Stderr, log.Options{
Prefix: "CMS 🔍",
}).With("url", url)
client := &http.Client{
Timeout: timeout,
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+4 -2
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
@@ -108,6 +108,8 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) ([]Dork
defer wg.Done()
for i, dork := range dorks {
if i%threads != thread {
continue
}
@@ -132,4 +134,4 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) ([]Dork
wg.Wait()
return dorkResults, nil
}
}
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+2 -3
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
@@ -27,9 +27,9 @@ package scan
import (
"fmt"
"net/http"
"os"
"strings"
"time"
"os"
"github.com/charmbracelet/log"
"github.com/dropalldatabases/sif/internal/styles"
@@ -81,4 +81,3 @@ func Headers(url string, timeout time.Duration, logdir string) ([]HeaderResult,
return results, nil
}
+1 -2
View File
@@ -17,12 +17,11 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
/*
What we are doing is abusing a internal file in Next.js pages router called
_buildManifest.js which lists all routes and script files ever referenced in
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -2
View File
@@ -17,12 +17,11 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
// The scan package provides a collection of security scanning functions.
//
// Each scanning function typically returns a slice of custom result structures and an error.
+10 -10
View File
@@ -2,24 +2,24 @@ package scan
import (
"fmt"
"io"
"net"
"net/http"
"strings"
"time"
"os"
"sync"
"github.com/charmbracelet/log"
"github.com/dropalldatabases/sif/internal/styles"
"github.com/dropalldatabases/sif/pkg/logger"
"io"
"net"
"net/http"
"os"
"strings"
"sync"
"time"
)
// SubdomainTakeoverResult represents the outcome of a subdomain takeover vulnerability check.
// It includes the subdomain tested, whether it's vulnerable, and the potentially vulnerable service.
type SubdomainTakeoverResult struct {
Subdomain string `json:"subdomain"`
Vulnerable bool `json:"vulnerable"`
Service string `json:"service,omitempty"`
Subdomain string `json:"subdomain"`
Vulnerable bool `json:"vulnerable"`
Service string `json:"service,omitempty"`
}
// SubdomainTakeover checks for potential subdomain takeover vulnerabilities.
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+1 -1
View File
@@ -17,7 +17,7 @@
║ research or educational purposes must purchase a license ║
║ from https://lunchcat.dev ║
║ ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ For more information, visit: https://github.com/lunchcat/sif ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
*/
+32 -3
View File
@@ -91,6 +91,8 @@ func (app *App) Run() error {
}
}
scansRun := []string{}
for _, url := range app.targets {
if !strings.Contains(url, "://") {
return errors.New(fmt.Sprintf("URL %s must include leading protocol", url))
@@ -108,6 +110,7 @@ func (app *App) Run() error {
if !app.settings.NoScan {
scan.Scan(url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
scansRun = append(scansRun, "Basic Scan")
}
if app.settings.Dirlist != "none" {
@@ -116,6 +119,7 @@ func (app *App) Run() error {
log.Errorf("Error while running directory scan: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"dirlist", result})
scansRun = append(scansRun, "Directory Listing")
}
}
@@ -128,6 +132,7 @@ func (app *App) Run() error {
} else {
moduleResults = append(moduleResults, ModuleResult{"dnslist", result})
dnsResults = result // Store the DNS results
scansRun = append(scansRun, "DNS Scan")
}
// Only run subdomain takeover check if DNS scan is enabled
@@ -137,23 +142,36 @@ func (app *App) Run() error {
log.Errorf("Error while running Subdomain Takeover Vulnerability Check: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"subdomain_takeover", result})
scansRun = append(scansRun, "Subdomain Takeover")
}
}
} else if app.settings.SubdomainTakeover {
log.Warnf("Subdomain Takeover check is enabled but DNS scan is disabled. Skipping Subdomain Takeover check.")
}
if app.settings.Dorking {
result, err := scan.Dork(url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
if err != nil {
log.Errorf("Error while running Dork module: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"dork", result})
scansRun = append(scansRun, "Dork")
}
}
if app.settings.Ports != "none" {
result, err := scan.Ports(app.settings.Ports, url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
if err != nil {
log.Errorf("Error while running port scan: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"portscan", result})
scansRun = append(scansRun, "Port Scan")
}
}
if app.settings.Whois {
scan.Whois(url, app.settings.LogDir)
scansRun = append(scansRun, "Whois")
}
// func Git(url string, timeout time.Duration, threads int, logdir string)
@@ -163,6 +181,7 @@ func (app *App) Run() error {
log.Errorf("Error while running Git module: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"git", result})
scansRun = append(scansRun, "Git")
}
}
@@ -172,6 +191,7 @@ func (app *App) Run() error {
log.Errorf("Error while running Nuclei module: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"nuclei", result})
scansRun = append(scansRun, "Nuclei")
}
}
@@ -181,6 +201,7 @@ func (app *App) Run() error {
log.Errorf("Error while running JS module: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"js", result})
scansRun = append(scansRun, "JS")
}
}
@@ -188,6 +209,7 @@ func (app *App) Run() error {
result, err := scan.CMS(url, app.settings.Timeout, app.settings.LogDir)
if err != nil {
log.Errorf("Error while running CMS detection: %s", err)
scansRun = append(scansRun, "CMS")
} else if result != nil {
moduleResults = append(moduleResults, ModuleResult{"cms", result})
}
@@ -199,6 +221,7 @@ func (app *App) Run() error {
log.Errorf("Error while running HTTP Header Analysis: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"headers", result})
scansRun = append(scansRun, "HTTP Headers")
}
}
@@ -208,6 +231,7 @@ func (app *App) Run() error {
log.Errorf("Error while running C3 Scan: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"cloudstorage", result})
scansRun = append(scansRun, "Cloud Storage")
}
}
@@ -218,6 +242,7 @@ func (app *App) Run() error {
log.Errorf("Error while running Subdomain Takeover Vulnerability Check: %s", err)
} else {
moduleResults = append(moduleResults, ModuleResult{"subdomain_takeover", result})
scansRun = append(scansRun, "Subdomain Takeover")
}
}
@@ -236,12 +261,16 @@ func (app *App) Run() error {
}
if !app.settings.ApiMode {
scansRunList := " • " + strings.Join(scansRun, "\n • ")
if app.settings.LogDir != "" {
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n📂 Output saved to files: %s\n", strings.Join(app.logFiles, ", "))))
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n📂 Output saved to files: %s\n\n🔍 Ran scans:\n%s",
strings.Join(app.logFiles, ", "),
scansRunList)))
} else {
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n")))
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n\n🔍 Ran scans:\n%s",
scansRunList)))
}
}
return nil
}
}