mirror of
https://github.com/lunchcat/sif.git
synced 2026-06-21 22:31:46 -07:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 vmfunc
|
5b4b43011b | ||
|
vmfunc
|
ebdba0721c | ||
|
vmfunc
|
806e8b0970 | ||
|
vmfunc
|
1a0245840e | ||
|
dependabot[bot]
|
8a0ed28bd5 | ||
|
vmfunc
|
c3805c7aee | ||
|
vmfunc
|
ceb8712204 | ||
|
vmfunc
|
b335a45a82 | ||
|
vmfunc
|
1048a97355 | ||
|
vmfunc
|
cceb60a423 |
@@ -52,6 +52,7 @@
|
||||
"ideas"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "tessa-u-k",
|
||||
"name": "tessa ",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/109355732?v=4",
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Automatic Rebase
|
||||
on:
|
||||
issue_comment:
|
||||
types: [created]
|
||||
jobs:
|
||||
rebase:
|
||||
name: Rebase
|
||||
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the latest code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Automatic Rebase
|
||||
uses: cirrus-actions/rebase@1.8
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Check Large Files
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
check-large-files:
|
||||
name: Check for large files
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Check for large files
|
||||
run: |
|
||||
find . -type f -size +5M | while read file; do
|
||||
echo "::error file=${file}::File ${file} is larger than 5MB"
|
||||
done
|
||||
@@ -0,0 +1,22 @@
|
||||
name: "Dependency Review"
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: "Checkout Repository"
|
||||
uses: actions/checkout@v3
|
||||
- name: "Dependency Review"
|
||||
uses: actions/dependency-review-action@v3
|
||||
continue-on-error: ${{ github.event_name == 'push' }}
|
||||
- name: "Check Dependency Review Outcome"
|
||||
if: github.event_name == 'push' && failure()
|
||||
run: |
|
||||
echo "::warning::Dependency review failed. Please check the dependencies for potential issues."
|
||||
@@ -0,0 +1,25 @@
|
||||
name: Mind your language
|
||||
on:
|
||||
issues:
|
||||
types:
|
||||
- opened
|
||||
- edited
|
||||
issue_comment:
|
||||
types:
|
||||
- created
|
||||
- edited
|
||||
pull_request_review_comment:
|
||||
types:
|
||||
- created
|
||||
- edited
|
||||
jobs:
|
||||
echo_issue_comment:
|
||||
runs-on: ubuntu-latest
|
||||
name: profanity check
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- name: Profanity check step
|
||||
uses: tailaiw/mind-your-language-action@v1.0.3
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Markdown Lint
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "**/*.md"
|
||||
|
||||
jobs:
|
||||
markdownlint:
|
||||
name: runner / markdownlint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: markdownlint
|
||||
uses: reviewdog/action-markdownlint@v0.10.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
@@ -0,0 +1,36 @@
|
||||
name: Memer Workflow
|
||||
|
||||
on: [pull_request]
|
||||
|
||||
jobs:
|
||||
greeting:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- name: Run Memer Action
|
||||
id: memer
|
||||
|
||||
uses: Bhupesh-V/memer-action@master
|
||||
with:
|
||||
filter: "new"
|
||||
|
||||
- name: Check Outputs
|
||||
run: |
|
||||
echo "${{ steps.memer.outputs.meme }}"
|
||||
echo "${{ steps.memer.outputs.title }}"
|
||||
echo "${{ steps.memer.outputs.source }}"
|
||||
|
||||
- name: Create comment
|
||||
uses: peter-evans/create-or-update-comment@v1.3.0
|
||||
id: couc
|
||||
with:
|
||||
issue-number: ${{ github.event.number }}
|
||||
body: |
|
||||
🎉🎉 Thanks for opening this PR/Issue
|
||||
Please wait while the maintainer(s) review it
|
||||
|
||||
Meanwhile have a look at this:
|
||||
|
||||
> **${{ steps.memer.outputs.title }}**
|
||||
|
||||
<sub>ℹ️ <a href="${{ steps.memer.outputs.source }}">Source</a> [ Powered By 🔥 <a href="https://github.com/Bhupesh-V/memer-action">Memer Action</a> ]</sub>
|
||||
@@ -0,0 +1,20 @@
|
||||
name: Misspell Check
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
misspell:
|
||||
name: runner / misspell
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: misspell
|
||||
uses: reviewdog/action-misspell@v1.13.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
level: warning
|
||||
locale: "US"
|
||||
@@ -0,0 +1,16 @@
|
||||
name: Update Report Card
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
workflow_call:
|
||||
|
||||
jobs:
|
||||
update-report-card:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Update Go Report Card
|
||||
uses: creekorful/goreportcard-action@v1.0
|
||||
@@ -0,0 +1,71 @@
|
||||
name: reviewdog
|
||||
on: [pull_request]
|
||||
jobs:
|
||||
# NOTE: golangci-lint doesn't report multiple errors on the same line from
|
||||
# different linters and just report one of the errors?
|
||||
|
||||
golangci-lint:
|
||||
name: runner / golangci-lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: golangci-lint
|
||||
uses: reviewdog/action-golangci-lint@v2
|
||||
with:
|
||||
# optionally use a specific version of Go rather than the latest one
|
||||
go_version: "1.17"
|
||||
|
||||
# Can pass --config flag to change golangci-lint behavior and target
|
||||
# directory.
|
||||
golangci_lint_flags: "--config=.github/.golangci.yml ./testdata"
|
||||
workdir: subdirectory/
|
||||
|
||||
# Use golint via golangci-lint binary with "warning" level.
|
||||
golint:
|
||||
name: runner / golint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: golint
|
||||
uses: reviewdog/action-golangci-lint@v2
|
||||
with:
|
||||
golangci_lint_flags: "--disable-all -E golint"
|
||||
tool_name: golint # Change reporter name.
|
||||
level: warning # GitHub Status Check won't become failure with this level.
|
||||
|
||||
# You can add more and more supported linters with different config.
|
||||
errcheck:
|
||||
name: runner / errcheck
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: errcheck
|
||||
uses: reviewdog/action-golangci-lint@v2
|
||||
with:
|
||||
golangci_lint_flags: "--disable-all -E errcheck"
|
||||
tool_name: errcheck
|
||||
level: info
|
||||
|
||||
# Disable cache of golangci-lint result, go build and go dependencies
|
||||
with_cache:
|
||||
name: runner / errcheck
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out code into the Go module directory
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: golangci-lint
|
||||
uses: reviewdog/action-golangci-lint@v2
|
||||
with:
|
||||
cache: false
|
||||
@@ -0,0 +1,18 @@
|
||||
name: Shell Check
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "**/*.sh"
|
||||
|
||||
jobs:
|
||||
shellcheck:
|
||||
name: runner / shellcheck
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: shellcheck
|
||||
uses: reviewdog/action-shellcheck@v1.18.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
@@ -0,0 +1,19 @@
|
||||
name: YAML Lint
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "**/*.yml"
|
||||
- "**/*.yaml"
|
||||
|
||||
jobs:
|
||||
yamllint:
|
||||
name: runner / yamllint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: yamllint
|
||||
uses: reviewdog/action-yamllint@v1.8.0
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
reporter: github-pr-review
|
||||
@@ -1,14 +1,15 @@
|
||||
<div align="center">
|
||||
<img src="https://github.com/lunchcat/sif/blob/main/assets/banner.png?raw=true">
|
||||
<img src="https://github.com/user-attachments/assets/e4caf24e-693f-4f12-b8ad-8e4a8d338fa9">
|
||||
</div>
|
||||
|
||||
<div align="center">
|
||||
|
||||
|
||||
[](https://goreportcard.com/report/github.com/dropalldatabases/sif)
|
||||
[](https://github.com/dropalldatabases/sif/tags)
|
||||
|
||||
[](https://goreportcard.com/report/github.com/dropalldatabases/sif)
|
||||
[](https://github.com/dropalldatabases/sif/tags)
|
||||
[](#contributors)
|
||||
|
||||
[](#contributors)
|
||||
[](https://discord.gg/w6HuE8puuX)
|
||||
|
||||
</div>
|
||||
|
||||
@@ -95,7 +96,7 @@ sif offers a wide range of commands and options to customize your pentesting wor
|
||||
```
|
||||
|
||||
- Port scanning
|
||||
|
||||
|
||||
```
|
||||
./sif -u https://example.com -ports common
|
||||
```
|
||||
@@ -116,6 +117,7 @@ sif is designed for high performance and efficiency:
|
||||
We welcome contributions from the community! Please read our [Contributing Guidelines](CONTRIBUTING.md) before submitting a pull request.
|
||||
|
||||
Areas we're particularly interested in:
|
||||
|
||||
- New scanning modules
|
||||
- Performance improvements
|
||||
- Documentation enhancements
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 115 KiB After Width: | Height: | Size: 1.5 MiB |
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -76,7 +76,7 @@ require (
|
||||
github.com/gobwas/pool v0.2.1 // indirect
|
||||
github.com/gobwas/ws v1.2.1 // indirect
|
||||
github.com/gocolly/colly/v2 v2.1.0 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||
github.com/golang/protobuf v1.5.3 // indirect
|
||||
github.com/golang/snappy v0.0.4 // indirect
|
||||
|
||||
@@ -172,8 +172,8 @@ github.com/gocolly/colly/v2 v2.1.0 h1:k0DuZkDoCsx51bKpRJNEmcxcp+W5N8ziuwGaSDuFoG
|
||||
github.com/gocolly/colly/v2 v2.1.0/go.mod h1:I2MuhsLjQ+Ex+IzK3afNS8/1qP3AedHOusRPcRdC5o0=
|
||||
github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||
github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
|
||||
github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
@@ -66,13 +66,13 @@ var (
|
||||
|
||||
// Severity level styles for color-coding vulnerability severities
|
||||
var (
|
||||
SeverityLow = lipgloss.NewStyle().
|
||||
SeverityLow = lipgloss.NewStyle().
|
||||
Foreground(lipgloss.Color("#00ff00"))
|
||||
|
||||
SeverityMedium = lipgloss.NewStyle().
|
||||
SeverityMedium = lipgloss.NewStyle().
|
||||
Foreground(lipgloss.Color("#ffff00"))
|
||||
|
||||
SeverityHigh = lipgloss.NewStyle().
|
||||
SeverityHigh = lipgloss.NewStyle().
|
||||
Foreground(lipgloss.Color("#ff8800"))
|
||||
|
||||
SeverityCritical = lipgloss.NewStyle().
|
||||
|
||||
+21
-21
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
@@ -32,26 +32,26 @@ import (
|
||||
)
|
||||
|
||||
type Settings struct {
|
||||
Dirlist string
|
||||
Dnslist string
|
||||
Debug bool
|
||||
LogDir string
|
||||
NoScan bool
|
||||
Ports string
|
||||
Dorking bool
|
||||
Git bool
|
||||
Whois bool
|
||||
Threads int
|
||||
Nuclei bool
|
||||
JavaScript bool
|
||||
Timeout time.Duration
|
||||
URLs goflags.StringSlice
|
||||
File string
|
||||
ApiMode bool
|
||||
Template string
|
||||
CMS bool
|
||||
Headers bool
|
||||
CloudStorage bool
|
||||
Dirlist string
|
||||
Dnslist string
|
||||
Debug bool
|
||||
LogDir string
|
||||
NoScan bool
|
||||
Ports string
|
||||
Dorking bool
|
||||
Git bool
|
||||
Whois bool
|
||||
Threads int
|
||||
Nuclei bool
|
||||
JavaScript bool
|
||||
Timeout time.Duration
|
||||
URLs goflags.StringSlice
|
||||
File string
|
||||
ApiMode bool
|
||||
Template string
|
||||
CMS bool
|
||||
Headers bool
|
||||
CloudStorage bool
|
||||
SubdomainTakeover bool
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
@@ -27,9 +27,9 @@ package scan
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
@@ -92,7 +92,7 @@ func CloudStorage(url string, timeout time.Duration, logdir string) ([]CloudStor
|
||||
}
|
||||
|
||||
func extractPotentialBuckets(url string) []string {
|
||||
// This is a simple implementation.
|
||||
// This is a simple implementation.
|
||||
// TODO: add more cases
|
||||
parts := strings.Split(url, ".")
|
||||
var buckets []string
|
||||
@@ -100,11 +100,11 @@ func extractPotentialBuckets(url string) []string {
|
||||
buckets = append(buckets, part)
|
||||
buckets = append(buckets, part+"-s3")
|
||||
buckets = append(buckets, "s3-"+part)
|
||||
|
||||
|
||||
if i < len(parts)-1 {
|
||||
domainExtension := part + "-" + parts[i+1]
|
||||
buckets = append(buckets, domainExtension)
|
||||
buckets = append(buckets, parts[i+1] + "-" + part)
|
||||
buckets = append(buckets, parts[i+1]+"-"+part)
|
||||
}
|
||||
}
|
||||
return buckets
|
||||
@@ -121,4 +121,3 @@ func checkS3Bucket(bucket string, client *http.Client) (bool, error) {
|
||||
// If we can access the bucket listing, it's public
|
||||
return resp.StatusCode == http.StatusOK, nil
|
||||
}
|
||||
|
||||
|
||||
+2
-3
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
@@ -28,9 +28,9 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
@@ -57,7 +57,6 @@ func CMS(url string, timeout time.Duration, logdir string) (*CMSResult, error) {
|
||||
cmslog := log.NewWithOptions(os.Stderr, log.Options{
|
||||
Prefix: "CMS 🔍",
|
||||
}).With("url", url)
|
||||
|
||||
|
||||
client := &http.Client{
|
||||
Timeout: timeout,
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
+4
-2
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
@@ -108,6 +108,8 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) ([]Dork
|
||||
defer wg.Done()
|
||||
|
||||
for i, dork := range dorks {
|
||||
|
||||
|
||||
if i%threads != thread {
|
||||
continue
|
||||
}
|
||||
@@ -132,4 +134,4 @@ func Dork(url string, timeout time.Duration, threads int, logdir string) ([]Dork
|
||||
wg.Wait()
|
||||
|
||||
return dorkResults, nil
|
||||
}
|
||||
}
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
+2
-3
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
@@ -27,9 +27,9 @@ package scan
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
@@ -81,4 +81,3 @@ func Headers(url string, timeout time.Duration, logdir string) ([]HeaderResult,
|
||||
|
||||
return results, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -17,12 +17,11 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
|
||||
/*
|
||||
What we are doing is abusing a internal file in Next.js pages router called
|
||||
_buildManifest.js which lists all routes and script files ever referenced in
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
+1
-2
@@ -17,12 +17,11 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
|
||||
// The scan package provides a collection of security scanning functions.
|
||||
//
|
||||
// Each scanning function typically returns a slice of custom result structures and an error.
|
||||
|
||||
@@ -2,24 +2,24 @@ package scan
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
"os"
|
||||
"sync"
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/dropalldatabases/sif/internal/styles"
|
||||
"github.com/dropalldatabases/sif/pkg/logger"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
// SubdomainTakeoverResult represents the outcome of a subdomain takeover vulnerability check.
|
||||
// It includes the subdomain tested, whether it's vulnerable, and the potentially vulnerable service.
|
||||
type SubdomainTakeoverResult struct {
|
||||
Subdomain string `json:"subdomain"`
|
||||
Vulnerable bool `json:"vulnerable"`
|
||||
Service string `json:"service,omitempty"`
|
||||
Subdomain string `json:"subdomain"`
|
||||
Vulnerable bool `json:"vulnerable"`
|
||||
Service string `json:"service,omitempty"`
|
||||
}
|
||||
|
||||
// SubdomainTakeover checks for potential subdomain takeover vulnerabilities.
|
||||
|
||||
+1
-1
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
║ research or educational purposes must purchase a license ║
|
||||
║ from https://lunchcat.dev ║
|
||||
║ ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ For more information, visit: https://github.com/lunchcat/sif ║
|
||||
║ ║
|
||||
╚══════════════════════════════════════════════════════════════════════════════╝
|
||||
*/
|
||||
|
||||
@@ -91,6 +91,8 @@ func (app *App) Run() error {
|
||||
}
|
||||
}
|
||||
|
||||
scansRun := []string{}
|
||||
|
||||
for _, url := range app.targets {
|
||||
if !strings.Contains(url, "://") {
|
||||
return errors.New(fmt.Sprintf("URL %s must include leading protocol", url))
|
||||
@@ -108,6 +110,7 @@ func (app *App) Run() error {
|
||||
|
||||
if !app.settings.NoScan {
|
||||
scan.Scan(url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
|
||||
scansRun = append(scansRun, "Basic Scan")
|
||||
}
|
||||
|
||||
if app.settings.Dirlist != "none" {
|
||||
@@ -116,6 +119,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running directory scan: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"dirlist", result})
|
||||
scansRun = append(scansRun, "Directory Listing")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -128,6 +132,7 @@ func (app *App) Run() error {
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"dnslist", result})
|
||||
dnsResults = result // Store the DNS results
|
||||
scansRun = append(scansRun, "DNS Scan")
|
||||
}
|
||||
|
||||
// Only run subdomain takeover check if DNS scan is enabled
|
||||
@@ -137,23 +142,36 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Subdomain Takeover Vulnerability Check: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"subdomain_takeover", result})
|
||||
scansRun = append(scansRun, "Subdomain Takeover")
|
||||
}
|
||||
}
|
||||
} else if app.settings.SubdomainTakeover {
|
||||
log.Warnf("Subdomain Takeover check is enabled but DNS scan is disabled. Skipping Subdomain Takeover check.")
|
||||
}
|
||||
|
||||
if app.settings.Dorking {
|
||||
result, err := scan.Dork(url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
|
||||
if err != nil {
|
||||
log.Errorf("Error while running Dork module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"dork", result})
|
||||
scansRun = append(scansRun, "Dork")
|
||||
}
|
||||
}
|
||||
|
||||
if app.settings.Ports != "none" {
|
||||
result, err := scan.Ports(app.settings.Ports, url, app.settings.Timeout, app.settings.Threads, app.settings.LogDir)
|
||||
if err != nil {
|
||||
log.Errorf("Error while running port scan: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"portscan", result})
|
||||
scansRun = append(scansRun, "Port Scan")
|
||||
}
|
||||
}
|
||||
|
||||
if app.settings.Whois {
|
||||
scan.Whois(url, app.settings.LogDir)
|
||||
scansRun = append(scansRun, "Whois")
|
||||
}
|
||||
|
||||
// func Git(url string, timeout time.Duration, threads int, logdir string)
|
||||
@@ -163,6 +181,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Git module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"git", result})
|
||||
scansRun = append(scansRun, "Git")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -172,6 +191,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Nuclei module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"nuclei", result})
|
||||
scansRun = append(scansRun, "Nuclei")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -181,6 +201,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running JS module: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"js", result})
|
||||
scansRun = append(scansRun, "JS")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -188,6 +209,7 @@ func (app *App) Run() error {
|
||||
result, err := scan.CMS(url, app.settings.Timeout, app.settings.LogDir)
|
||||
if err != nil {
|
||||
log.Errorf("Error while running CMS detection: %s", err)
|
||||
scansRun = append(scansRun, "CMS")
|
||||
} else if result != nil {
|
||||
moduleResults = append(moduleResults, ModuleResult{"cms", result})
|
||||
}
|
||||
@@ -199,6 +221,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running HTTP Header Analysis: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"headers", result})
|
||||
scansRun = append(scansRun, "HTTP Headers")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -208,6 +231,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running C3 Scan: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"cloudstorage", result})
|
||||
scansRun = append(scansRun, "Cloud Storage")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -218,6 +242,7 @@ func (app *App) Run() error {
|
||||
log.Errorf("Error while running Subdomain Takeover Vulnerability Check: %s", err)
|
||||
} else {
|
||||
moduleResults = append(moduleResults, ModuleResult{"subdomain_takeover", result})
|
||||
scansRun = append(scansRun, "Subdomain Takeover")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -236,12 +261,16 @@ func (app *App) Run() error {
|
||||
}
|
||||
|
||||
if !app.settings.ApiMode {
|
||||
scansRunList := " • " + strings.Join(scansRun, "\n • ")
|
||||
if app.settings.LogDir != "" {
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n📂 Output saved to files: %s\n", strings.Join(app.logFiles, ", "))))
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n📂 Output saved to files: %s\n\n🔍 Ran scans:\n%s",
|
||||
strings.Join(app.logFiles, ", "),
|
||||
scansRunList)))
|
||||
} else {
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n")))
|
||||
fmt.Println(styles.Box.Render(fmt.Sprintf("🌿 All scans completed!\n\n🔍 Ran scans:\n%s",
|
||||
scansRunList)))
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user