"Claude Code Review workflow"

"Claude PR Assistant workflow"
2026-06-27 00:43:59 -07:00 · 2026-06-22 18:37:42 -07:00 · 2026-06-22 18:37:41 -07:00
131 changed files with 300 additions and 3705 deletions
@@ -171,7 +171,7 @@ jobs:

            **go install**
            ```bash
-            go install github.com/vmfunc/sif/cmd/sif@v${{ env.VERSION }}
+            go install github.com/dropalldatabases/sif/cmd/sif@v${{ env.VERSION }}
            ```

            **binary download** - grab the right archive from below.
@@ -36,7 +36,7 @@ linters:
      check-blank: false
      exclude-functions:
        # log writes are best-effort
-        - github.com/vmfunc/sif/internal/logger.Write
+        - github.com/dropalldatabases/sif/internal/logger.Write
        # Close on io.Closer is idiomatic best-effort
        - (io.Closer).Close
        - (*os.File).Close
@@ -176,7 +176,7 @@ sif has a modular architecture. modules are defined in yaml and can be extended
 | `-fs` | dirlist: filter out responses of these body sizes (comma list) |
 | `-fw` | dirlist: filter out responses with these word counts (comma list) |
 | `-fr` | dirlist: filter out responses whose body matches this regex |
-| `-ac` | auto-calibrate the soft-404 wildcard baseline (dirlist, sql) |
+| `-ac` | dirlist: auto-calibrate the soft-404 wildcard baseline |
 | `-w` | dirlist: custom wordlist (local file or url; overrides `-dirlist` size) |
 | `-e` | dirlist: extensions appended to each word (comma list, e.g. php,bak,env) |
 | `-dnslist` | subdomain enumeration (small/medium/large) |
@@ -17,13 +17,13 @@ import (
 	"os"

 	"github.com/charmbracelet/log"
-	"github.com/vmfunc/sif"
-	"github.com/vmfunc/sif/internal/config"
-	"github.com/vmfunc/sif/internal/patchnotes"
-	ver "github.com/vmfunc/sif/internal/version"
+	"github.com/dropalldatabases/sif"
+	"github.com/dropalldatabases/sif/internal/config"
+	"github.com/dropalldatabases/sif/internal/patchnotes"
+	ver "github.com/dropalldatabases/sif/internal/version"

 	// Register framework detectors
-	_ "github.com/vmfunc/sif/internal/scan/frameworks/detectors"
+	_ "github.com/dropalldatabases/sif/internal/scan/frameworks/detectors"
 )

 // version is stamped at release time via -ldflags "-X main.version=...";
@@ -31,7 +31,7 @@ welcome to the sif documentation. sif is a modular pentesting toolkit designed t

 ```bash
 # install
-git clone https://github.com/vmfunc/sif.git && cd sif && make
+git clone https://github.com/dropalldatabases/sif.git && cd sif && make

 # basic scan
 ./sif -u https://example.com
@@ -11,7 +11,7 @@ setting up a development environment for sif.
 ## clone and build

 ```bash
-git clone https://github.com/vmfunc/sif.git
+git clone https://github.com/dropalldatabases/sif.git
 cd sif
 make
 ```
@@ -39,7 +39,7 @@ download `sif-windows-amd64.exe` from releases and add to your PATH.
 requires go 1.25+

 ```bash
-git clone https://github.com/vmfunc/sif.git
+git clone https://github.com/dropalldatabases/sif.git
 cd sif
 make
 ```
@@ -127,17 +127,6 @@ http:
 - `clusterbomb` (default) - every path is tried with every payload
 - `pitchfork` - path and payload are paired by index, stopping at the shorter list

-#### wordlist
-
-a local file whose non-empty lines fuzz the `{{word}}` placeholder, one request
-per word. paths without `{{word}}` are still requested as-is.
-
-```yaml
-http:
-  wordlist: /usr/share/wordlists/dirs.txt
-  paths:
-    - "{{BaseURL}}/{{word}}"
-```
 #### headers

 custom headers to send.
@@ -234,30 +223,6 @@ matchers:
      - 1337
 ```

-### favicon matcher
-
-match the shodan-style mmh3 hash of the response body. point the module at a
-favicon and list the hashes of the tech you want to fingerprint.
-
-```yaml
-http:
-  paths:
-    - "{{BaseURL}}/favicon.ico"
-  matchers:
-    - type: status
-      status:
-        - 200
-    - type: favicon
-      hash:
-        - -235701012   # jenkins
-        - 1278322581   # grafana
-```
-
-the hash is shodan's `http.favicon.hash` value. paste it signed or unsigned;
-both 32-bit forms are accepted, so values from shodan or any favicon-hash tool
-drop in without conversion. pair it with a `status: 200` matcher so an error
-page served for `/favicon.ico` is not hashed. a finding fires when the body
-hashes to any listed value.
 ### combining matchers

 multiple matchers are combined with AND logic by default.
@@ -277,25 +242,6 @@ matchers:

 this matches responses with status 200 AND containing "ref: refs/".

-to require any matcher instead of all, set `matchers-condition: or` on the http
-block; the module then reports a finding when any one matcher matches.
-
-```yaml
-http:
-  matchers-condition: or
-  matchers:
-    - type: status
-      status:
-        - 401
-
-    - type: status
-      status:
-        - 403
-```
-
-this matches a 401 OR a 403 response. `matchers-condition` accepts `and` (the
-default) or `or`; any other value fails at load.
-
 ## extractors

 extractors pull data from responses.
@@ -325,21 +271,6 @@ extractors:
    part: header
 ```

-### json extractor
-
-extract values from a json body by gjson path (github.com/tidwall/gjson); the
-first path that exists is stored under name.
-
-```yaml
-extractors:
-  - type: json
-    name: version
-    part: body
-    json:
-      - "version"
-      - "data.version"
-```
-
 ## examples

 ### exposed git repository
@@ -1,4 +1,4 @@
-module github.com/vmfunc/sif
+module github.com/dropalldatabases/sif

 go 1.25.7

@@ -14,7 +14,6 @@ require (
 	github.com/projectdiscovery/retryabledns v1.0.115
 	github.com/projectdiscovery/utils v0.11.1
 	github.com/rocketlaunchr/google-search v1.1.6
-	github.com/tidwall/gjson v1.18.0
 	github.com/twmb/murmur3 v1.1.8
 	golang.org/x/net v0.56.0
 	golang.org/x/time v0.15.0
@@ -331,6 +330,7 @@ require (
 	github.com/temoto/robotstxt v1.1.2 // indirect
 	github.com/tidwall/btree v1.8.1 // indirect
 	github.com/tidwall/buntdb v1.3.2 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
 	github.com/tidwall/grect v0.1.4 // indirect
 	github.com/tidwall/match v1.2.0 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
@@ -27,7 +27,7 @@ type Settings struct {
 	DirFilterSizes    string // -fs dirlist: body sizes to drop
 	DirFilterWords    string // -fw dirlist: word counts to drop
 	DirFilterRegex    string // -fr dirlist: regex; body match drops response
-	Calibrate         bool   // -ac auto-calibrate the soft-404 baseline (dirlist, sql)
+	DirCalibrate      bool   // -ac dirlist: auto-calibrate soft-404 baseline
 	DirWordlist       string // -w  dirlist: custom wordlist (file path or url)
 	DirExtensions     string // -e  dirlist: extensions appended to each word
 	Dnslist           string
@@ -131,7 +131,7 @@ func registerFlags(settings *Settings) *goflags.FlagSet {
 		flagSet.StringVar(&settings.DirFilterSizes, "fs", "", "Dirlist: filter out responses of these body sizes (comma list)"),
 		flagSet.StringVar(&settings.DirFilterWords, "fw", "", "Dirlist: filter out responses with these word counts (comma list)"),
 		flagSet.StringVar(&settings.DirFilterRegex, "fr", "", "Dirlist: filter out responses whose body matches this regex"),
-		flagSet.BoolVar(&settings.Calibrate, "ac", false, "Auto-calibrate the soft-404 wildcard baseline (dirlist, sql)"),
+		flagSet.BoolVar(&settings.DirCalibrate, "ac", false, "Dirlist: auto-calibrate the soft-404 wildcard baseline"),
 		flagSet.StringVar(&settings.DirWordlist, "w", "", "Dirlist: custom wordlist (local file path or url; overrides -dirlist size)"),
 		flagSet.StringVar(&settings.DirExtensions, "e", "", "Dirlist: extensions appended to each word (comma list, e.g. php,bak,env)"),
 		flagSet.EnumVar(&settings.Dnslist, "dnslist", Nil, "DNS fuzzing scan size (small/medium/large)", listSizes),
@@ -21,11 +21,11 @@ import (
 	"fmt"
 	"strings"

+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan"
+	"github.com/dropalldatabases/sif/internal/scan/frameworks"
+	"github.com/dropalldatabases/sif/internal/scan/js"
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan"
-	"github.com/vmfunc/sif/internal/scan/frameworks"
-	"github.com/vmfunc/sif/internal/scan/js"
 )

 // Finding is the normalized shape every scanner result collapses to. one
@@ -16,13 +16,13 @@ import (
 	"strings"
 	"testing"

+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan"
+	"github.com/dropalldatabases/sif/internal/scan/frameworks"
+	"github.com/dropalldatabases/sif/internal/scan/js"
 	"github.com/projectdiscovery/nuclei/v3/pkg/model"
 	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan"
-	"github.com/vmfunc/sif/internal/scan/frameworks"
-	"github.com/vmfunc/sif/internal/scan/js"
 )

 // scanResultType mirrors the minimal interface the scan packages implement; the
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runAnalyticsModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runAppCfgModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runArgocdModule(t *testing.T, status int, body string) *modules.Result {
@@ -23,7 +23,7 @@ import (
 	"sync"
 	"testing"

-	"github.com/vmfunc/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/httpx"
 )

 func reqURLs(reqs []*httpRequest) []string {
@@ -60,11 +60,7 @@ func TestGenerateHTTPRequestsAttack(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg := &HTTPConfig{Paths: tt.paths, Payloads: tt.payloads, Attack: tt.attack}
-			reqs, err := generateHTTPRequests(target, cfg)
-			if err != nil {
-				t.Fatalf("generateHTTPRequests: %v", err)
-			}
-			got := reqURLs(reqs)
+			got := reqURLs(generateHTTPRequests(target, cfg))
 			want := append([]string(nil), tt.want...)
 			sort.Strings(want)
 			if !reflect.DeepEqual(got, want) {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runBigDataModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -1,198 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules_test
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-func runBuildCredModule(t *testing.T, file string, status int, body string) *modules.Result {
-	t.Helper()
-	def, err := modules.ParseYAMLModule(file)
-	if err != nil {
-		t.Fatalf("parse %s: %v", file, err)
-	}
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(status)
-		_, _ = w.Write([]byte(body))
-	}))
-	defer srv.Close()
-
-	res, err := modules.ExecuteHTTPModule(context.Background(), srv.URL, def, modules.Options{
-		Timeout: 5 * time.Second,
-		Threads: 2,
-	})
-	if err != nil {
-		t.Fatalf("execute %s: %v", file, err)
-	}
-	return res
-}
-
-func buildCredExtract(res *modules.Result, key string) string {
-	for _, f := range res.Findings {
-		if v := f.Extracted[key]; v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func TestBuildToolCredentialExposureModules(t *testing.T) {
-	const maven = "../../modules/recon/maven-settings-exposure.yaml"
-	const gradle = "../../modules/recon/gradle-properties-exposure.yaml"
-	const nuget = "../../modules/recon/nuget-config-exposure.yaml"
-
-	mavenSettings := "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
-		"<settings xmlns=\"http://maven.apache.org/SETTINGS/1.0.0\">\n" +
-		"  <servers>\n    <server>\n      <id>nexus-releases</id>\n" +
-		"      <username>deploy</username>\n      <password>S3cretDeployPass</password>\n" +
-		"    </server>\n  </servers>\n</settings>\n"
-
-	gradleProps := "org.gradle.jvmargs=-Xmx2g\nossrhUsername=deployer\n" +
-		"ossrhPassword=mySonatypeSecret\nsigning.password=mySigningSecret\n"
-
-	nugetConfig := "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<configuration>\n" +
-		"  <packageSourceCredentials>\n    <MyFeed>\n" +
-		"      <add key=\"Username\" value=\"deploy\" />\n" +
-		"      <add key=\"ClearTextPassword\" value=\"S3cretFeedPass\" />\n" +
-		"    </MyFeed>\n  </packageSourceCredentials>\n</configuration>\n"
-
-	t.Run("an exposed maven settings leaks the server username", func(t *testing.T) {
-		res := runBuildCredModule(t, maven, 200, mavenSettings)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a maven finding")
-		}
-		if v := buildCredExtract(res, "maven_username"); v != "deploy" {
-			t.Errorf("maven_username=%q, want deploy", v)
-		}
-	})
-
-	t.Run("an exposed gradle properties leaks the secret property", func(t *testing.T) {
-		res := runBuildCredModule(t, gradle, 200, gradleProps)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a gradle finding")
-		}
-		if v := buildCredExtract(res, "gradle_secret_property"); v != "ossrhPassword" {
-			t.Errorf("gradle_secret_property=%q, want ossrhPassword", v)
-		}
-	})
-
-	t.Run("an exposed nuget config leaks the feed username", func(t *testing.T) {
-		res := runBuildCredModule(t, nuget, 200, nugetConfig)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a nuget finding")
-		}
-		if v := buildCredExtract(res, "nuget_username"); v != "deploy" {
-			t.Errorf("nuget_username=%q, want deploy", v)
-		}
-	})
-
-	t.Run("a maven settings with mirrors but no password is not flagged", func(t *testing.T) {
-		body := "<settings>\n  <mirrors>\n    <mirror>\n      <id>central</id>\n" +
-			"      <url>https://repo.example.com/maven2</url>\n    </mirror>\n  </mirrors>\n</settings>\n"
-		if res := runBuildCredModule(t, maven, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a settings without a password should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an html page demonstrating a maven settings is not a leak", func(t *testing.T) {
-		body := "<!DOCTYPE html><html><body><pre><settings><server><password>x</password></server></settings></pre></body></html>"
-		if res := runBuildCredModule(t, maven, 200, body); len(res.Findings) > 0 {
-			t.Errorf("an html maven tutorial should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a gradle properties with no credential property is not flagged", func(t *testing.T) {
-		body := "org.gradle.jvmargs=-Xmx2g\nversion=1.0.0\norg.gradle.daemon=true\n"
-		if res := runBuildCredModule(t, gradle, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a non credential properties file should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a comment naming a password is not a credential property", func(t *testing.T) {
-		body := "# set your password=here before building\norg.gradle.daemon=true\n"
-		if res := runBuildCredModule(t, gradle, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a comment line should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an empty password property is not flagged", func(t *testing.T) {
-		body := "signing.password=\nsigning.keyId=24875D73\n"
-		if res := runBuildCredModule(t, gradle, 200, body); len(res.Findings) > 0 {
-			t.Errorf("an empty value should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an html page demonstrating a gradle property is not a leak", func(t *testing.T) {
-		body := "<!DOCTYPE html>\n<html><body><pre>\nossrhPassword=mySonatypeSecret\n</pre></body></html>\n"
-		if res := runBuildCredModule(t, gradle, 200, body); len(res.Findings) > 0 {
-			t.Errorf("an html gradle tutorial should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a nuget config without a credentials section is not flagged", func(t *testing.T) {
-		body := "<configuration>\n  <packageSources>\n" +
-			"    <add key=\"nuget.org\" value=\"https://api.nuget.org/v3/index.json\" />\n" +
-			"  </packageSources>\n</configuration>\n"
-		if res := runBuildCredModule(t, nuget, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a config without credentials should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a nuget credentials section without a password is not flagged", func(t *testing.T) {
-		body := "<configuration>\n  <packageSourceCredentials>\n    <MyFeed>\n" +
-			"      <add key=\"Username\" value=\"deploy\" />\n" +
-			"    </MyFeed>\n  </packageSourceCredentials>\n</configuration>\n"
-		if res := runBuildCredModule(t, nuget, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a credentials section without a password should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an appsettings password is not a nuget feed credential", func(t *testing.T) {
-		body := "<configuration>\n  <appSettings>\n" +
-			"    <add key=\"Password\" value=\"appsecret\" />\n" +
-			"  </appSettings>\n</configuration>\n"
-		if res := runBuildCredModule(t, nuget, 200, body); len(res.Findings) > 0 {
-			t.Errorf("an appsettings password should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an html page demonstrating a nuget config is not a leak", func(t *testing.T) {
-		body := "<!DOCTYPE html><html><body><pre><packageSourceCredentials><add key=\"ClearTextPassword\" value=\"x\" /></packageSourceCredentials></pre></body></html>"
-		if res := runBuildCredModule(t, nuget, 200, body); len(res.Findings) > 0 {
-			t.Errorf("an html nuget tutorial should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a plain 200 body is not a leak", func(t *testing.T) {
-		for _, file := range []string{maven, gradle, nuget} {
-			if res := runBuildCredModule(t, file, 200, "ok"); len(res.Findings) > 0 {
-				t.Errorf("%s: a plain 200 body should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-
-	t.Run("a 404 is not a leak", func(t *testing.T) {
-		for _, file := range []string{maven, gradle, nuget} {
-			if res := runBuildCredModule(t, file, 404, "not found"); len(res.Findings) > 0 {
-				t.Errorf("%s: a 404 should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-}
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runCMSCfgModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runCredModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runPipelineModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runDBFileModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runDBModule(t *testing.T, file string, status int, headers map[string]string, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runDebugModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runDeployModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runDistDBModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runDotfileModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -1,84 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules_test
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-// runEnvModule runs the env exposure module end to end against a server that
-// returns the same status and body for every path it requests.
-func runEnvModule(t *testing.T, status int, body string) *modules.Result {
-	t.Helper()
-	def, err := modules.ParseYAMLModule("../../modules/recon/env-file-exposure.yaml")
-	if err != nil {
-		t.Fatalf("parse: %v", err)
-	}
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(status)
-		_, _ = w.Write([]byte(body))
-	}))
-	defer srv.Close()
-
-	res, err := modules.ExecuteHTTPModule(context.Background(), srv.URL, def, modules.Options{
-		Timeout: 5 * time.Second,
-		Threads: 2,
-	})
-	if err != nil {
-		t.Fatalf("execute: %v", err)
-	}
-	return res
-}
-
-func envLeakedKey(res *modules.Result) string {
-	for _, f := range res.Findings {
-		if v := f.Extracted["leaked_key"]; v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func TestEnvFileExposureModule(t *testing.T) {
-	realEnv := "APP_NAME=Acme\nAPP_KEY=base64:Zm9vYmFy\nDB_PASSWORD=s3cr3t\nMAIL_PASSWORD=hunter2\n"
-	htmlMentionsSecret := "<!DOCTYPE html>\n<html><head><title>Docs</title></head><body>" +
-		"<code>APP_KEY=base64:...</code> put DB_PASSWORD= in your .env</body></html>"
-
-	t.Run("real env body leaks", func(t *testing.T) {
-		res := runEnvModule(t, 200, realEnv)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a finding for a real .env body")
-		}
-		if key := envLeakedKey(res); key != "APP_KEY" {
-			t.Errorf("leaked_key=%q, want APP_KEY", key)
-		}
-	})
-
-	t.Run("html page mentioning a key is not a leak", func(t *testing.T) {
-		if res := runEnvModule(t, 200, htmlMentionsSecret); len(res.Findings) > 0 {
-			t.Errorf("html page should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("secrets behind a 404 are not a leak", func(t *testing.T) {
-		if res := runEnvModule(t, 404, realEnv); len(res.Findings) > 0 {
-			t.Errorf("404 should not match, got %d findings", len(res.Findings))
-		}
-	})
-}
@@ -13,19 +13,15 @@
 package modules

 import (
-	"bufio"
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
-	"os"
 	"regexp"
 	"strings"
 	"sync"
 	"time"
-
-	"github.com/tidwall/gjson"
 )

 // MaxBodySize limits response body to prevent memory exhaustion.
@@ -73,10 +69,7 @@ func ExecuteHTTPModule(ctx context.Context, target string, def *YAMLModule, opts
 	}

 	// Generate requests based on paths and payloads
-	requests, err := generateHTTPRequests(target, cfg)
-	if err != nil {
-		return nil, err
-	}
+	requests := generateHTTPRequests(target, cfg)

 	// Determine thread count
 	threads := cfg.Threads
@@ -130,14 +123,9 @@ func ExecuteHTTPModule(ctx context.Context, target string, def *YAMLModule, opts
 }

 // generateHTTPRequests creates all requests based on paths and payloads.
-func generateHTTPRequests(target string, cfg *HTTPConfig) ([]*httpRequest, error) {
+func generateHTTPRequests(target string, cfg *HTTPConfig) []*httpRequest {
 	var requests []*httpRequest

-	paths, err := resolvePaths(cfg)
-	if err != nil {
-		return nil, err
-	}
-
 	// Ensure target has no trailing slash
 	target = strings.TrimSuffix(target, "/")

@@ -148,7 +136,7 @@ func generateHTTPRequests(target string, cfg *HTTPConfig) ([]*httpRequest, error

 	// If no payloads, just use paths directly
 	if len(cfg.Payloads) == 0 {
-		for _, path := range paths {
+		for _, path := range cfg.Paths {
 			url := substituteVariables(path, target, "")
 			requests = append(requests, &httpRequest{
 				Method:   method,
@@ -158,82 +146,29 @@ func generateHTTPRequests(target string, cfg *HTTPConfig) ([]*httpRequest, error
 				Original: path,
 			})
 		}
-		return requests, nil
+		return requests
 	}

 	// pitchfork pairs path[i] with payload[i] and stops at the shorter list;
 	// clusterbomb (default) crosses every path with every payload.
 	if strings.EqualFold(cfg.Attack, "pitchfork") {
-		n := len(paths)
+		n := len(cfg.Paths)
 		if len(cfg.Payloads) < n {
 			n = len(cfg.Payloads)
 		}
 		for i := 0; i < n; i++ {
-			requests = append(requests, newPayloadRequest(method, target, paths[i], cfg.Payloads[i], cfg))
+			requests = append(requests, newPayloadRequest(method, target, cfg.Paths[i], cfg.Payloads[i], cfg))
 		}
-		return requests, nil
+		return requests
 	}

-	for _, path := range paths {
+	for _, path := range cfg.Paths {
 		for _, payload := range cfg.Payloads {
 			requests = append(requests, newPayloadRequest(method, target, path, payload, cfg))
 		}
 	}

-	return requests, nil
-}
-
-// resolvePaths expands a wordlist over any {{word}} path templates so one
-// "{{BaseURL}}/{{word}}" path fuzzes the whole list; paths without {{word}}
-// pass through literally. no wordlist leaves cfg.Paths untouched.
-func resolvePaths(cfg *HTTPConfig) ([]string, error) {
-	if cfg.Wordlist == "" {
-		return cfg.Paths, nil
-	}
-
-	words, err := loadWordlist(cfg.Wordlist)
-	if err != nil {
-		return nil, err
-	}
-
-	var paths []string
-	for _, path := range cfg.Paths {
-		if !strings.Contains(path, "{{word}}") && !strings.Contains(path, "{{Word}}") {
-			paths = append(paths, path)
-			continue
-		}
-		for _, word := range words {
-			expanded := strings.ReplaceAll(path, "{{word}}", word)
-			expanded = strings.ReplaceAll(expanded, "{{Word}}", word)
-			paths = append(paths, expanded)
-		}
-	}
-
-	return paths, nil
-}
-
-// loadWordlist reads non-empty lines from a local wordlist file, mirroring the
-// dirlist scanner's scanLines so a converted module fuzzes the identical words.
-func loadWordlist(path string) ([]string, error) {
-	f, err := os.Open(path)
-	if err != nil {
-		return nil, fmt.Errorf("open wordlist %q: %w", path, err)
-	}
-	defer f.Close()
-
-	var words []string
-	scanner := bufio.NewScanner(f)
-	scanner.Split(bufio.ScanLines)
-	for scanner.Scan() {
-		if line := scanner.Text(); line != "" {
-			words = append(words, line)
-		}
-	}
-	if err := scanner.Err(); err != nil {
-		return nil, fmt.Errorf("read wordlist %q: %w", path, err)
-	}
-
-	return words, nil
+	return requests
 }

 // newPayloadRequest builds one request with the path and body templates
@@ -304,63 +239,45 @@ func executeHTTPRequest(ctx context.Context, client *http.Client, r *httpRequest
 	bodyStr := string(respBody)

 	// Check matchers
-	if !checkMatchers(cfg.Matchers, cfg.MatchersCondition, resp, bodyStr) {
+	if !checkMatchers(cfg.Matchers, resp, bodyStr) {
 		return Finding{}, false
 	}

 	// Extract data
 	extracted := runExtractors(cfg.Extractors, resp, bodyStr)

-	// favicon-only matches fire on binary icon bytes; report the hash, not the body.
-	evidence := truncateEvidence(bodyStr)
-	if fav, ok := faviconEvidence(cfg.Matchers, bodyStr); ok {
-		evidence = fav
-	}
-
 	return Finding{
 		URL:       r.URL,
 		Severity:  severity,
-		Evidence:  evidence,
+		Evidence:  truncateEvidence(bodyStr),
 		Extracted: extracted,
 	}, true
 }

-// checkMatchers combines matchers with condition "and" (default, all match) or "or" (any).
-func checkMatchers(matchers []Matcher, condition string, resp *http.Response, body string) bool {
+// checkMatchers evaluates all matchers against the response.
+func checkMatchers(matchers []Matcher, resp *http.Response, body string) bool {
 	if len(matchers) == 0 {
 		return false
 	}

-	or := strings.EqualFold(condition, "or")
+	// Default to AND condition across matchers
 	for i := range matchers {
 		matched := checkMatcher(&matchers[i], resp, body)
 		if matchers[i].Negative {
 			matched = !matched
 		}
-		if or && matched {
-			return true
-		}
-		if !or && !matched {
-			return false
+		if !matched {
+			return false // AND logic
 		}
 	}

-	// and: all matched; or: none matched.
-	return !or
-}
-
-// validateMatchersCondition rejects a matchers-condition that is not "", "and", or "or".
-func validateMatchersCondition(condition string) error {
-	switch strings.ToLower(condition) {
-	case "", "and", "or":
-		return nil
-	default:
-		return fmt.Errorf("invalid matchers-condition %q (want \"and\" or \"or\")", condition)
-	}
+	return true
 }

 // checkMatcher evaluates a single matcher.
 func checkMatcher(m *Matcher, resp *http.Response, body string) bool {
+	part := getPart(m.Part, resp, body)
+
 	switch m.Type {
 	case "status":
 		for _, status := range m.Status {
@@ -371,13 +288,10 @@ func checkMatcher(m *Matcher, resp *http.Response, body string) bool {
 		return false

 	case "word":
-		return checkWords(getPart(m.Part, resp, body), m.Words, m.Condition)
+		return checkWords(part, m.Words, m.Condition)

 	case "regex":
-		return checkRegex(getPart(m.Part, resp, body), m.Regex, m.Condition)
-
-	case "favicon":
-		return checkFaviconHash(body, m.Hash)
+		return checkRegex(part, m.Regex, m.Condition)

 	case "size":
 		// size matches the response body length against any listed value.
@@ -502,14 +416,6 @@ func runExtractors(extractors []Extractor, resp *http.Response, body string) map
 				}
 				result[key] = strings.Join(v, ", ")
 			}
-		case "json":
-			part := getPart(e.Part, resp, body)
-			for _, path := range e.JSON {
-				if r := gjson.Get(part, path); r.Exists() {
-					result[e.Name] = r.String()
-					break
-				}
-			}
 		}
 	}

@@ -17,12 +17,10 @@ import (
 	"errors"
 	"net/http"
 	"net/http/httptest"
-	"os"
-	"path/filepath"
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/httpx"
 )

 const testTimeout = 5 * time.Second
@@ -324,48 +322,6 @@ func TestWrapperExecuteRoutesByType(t *testing.T) {
 	})
 }

-// TestExecuteHTTPModuleWordlist proves a {{word}} path templated against a local
-// wordlist drives one real request per word, and only the path that exists fires.
-func TestExecuteHTTPModuleWordlist(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/admin" {
-			w.WriteHeader(http.StatusOK)
-			return
-		}
-		w.WriteHeader(http.StatusNotFound)
-	}))
-	defer srv.Close()
-
-	list := filepath.Join(t.TempDir(), "words.txt")
-	if err := os.WriteFile(list, []byte("login\nadmin\nbackup\n"), 0o600); err != nil {
-		t.Fatal(err)
-	}
-
-	def := &YAMLModule{
-		ID:   "test-wordlist",
-		Type: TypeHTTP,
-		Info: YAMLModuleInfo{Severity: "low"},
-		HTTP: &HTTPConfig{
-			Method:   "GET",
-			Wordlist: list,
-			Paths:    []string{"{{BaseURL}}/{{word}}"},
-			Matchers: []Matcher{{Type: "status", Status: []int{200}}},
-		},
-	}
-
-	opts := Options{Timeout: testTimeout, Client: httpx.Client(testTimeout)}
-	res, err := ExecuteHTTPModule(context.Background(), srv.URL, def, opts)
-	if err != nil {
-		t.Fatalf("execute: %v", err)
-	}
-	if len(res.Findings) != 1 {
-		t.Fatalf("got %d findings, want 1 (only /admin exists)", len(res.Findings))
-	}
-	if got := res.Findings[0].URL; got != srv.URL+"/admin" {
-		t.Errorf("finding url = %q, want %q", got, srv.URL+"/admin")
-	}
-}
-
 func TestTruncateEvidence(t *testing.T) {
 	short := "short evidence"
 	if got := truncateEvidence(short); got != short {
@@ -1,82 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules
-
-import (
-	"fmt"
-	"math"
-
-	"github.com/vmfunc/sif/internal/fingerprint"
-)
-
-// checkFaviconHash reports whether the body's shodan mmh3 hash matches any
-// configured value. only the body (the icon) is hashed; part is ignored.
-func checkFaviconHash(body string, want []int64) bool {
-	if len(want) == 0 {
-		return false
-	}
-	got := fingerprint.FaviconHash([]byte(body))
-	for _, w := range want {
-		if n, ok := normalizeFaviconHash(w); ok && n == got {
-			return true
-		}
-	}
-	return false
-}
-
-// normalizeFaviconHash folds a hash to the signed int32 shodan stores, accepting
-// either 32-bit form so a signed or unsigned value pastes in as-is. out-of-range
-// values are rejected so a stray number can't wrap into a false match.
-func normalizeFaviconHash(v int64) (int32, bool) {
-	if v < math.MinInt32 || v > math.MaxUint32 {
-		return 0, false
-	}
-	return int32(uint32(v)), true //nolint:gosec // intentional 32-bit fold to shodan's signed form
-}
-
-// faviconEvidence gives the hash as evidence for a favicon-only finding, and
-// nothing when a word/regex matcher is present so its body evidence stands.
-func faviconEvidence(matchers []Matcher, body string) (string, bool) {
-	favicon := false
-	for i := range matchers {
-		switch matchers[i].Type {
-		case "word", "regex":
-			return "", false
-		case "favicon":
-			favicon = true
-		}
-	}
-	if !favicon {
-		return "", false
-	}
-	return fmt.Sprintf("favicon mmh3=%d", fingerprint.FaviconHash([]byte(body))), true
-}
-
-// validateMatchers fails favicon matchers that would silently never fire (no
-// hash, or one out of 32-bit range) at load rather than at match time.
-func validateMatchers(matchers []Matcher) error {
-	for i := range matchers {
-		if matchers[i].Type != "favicon" {
-			continue
-		}
-		if len(matchers[i].Hash) == 0 {
-			return fmt.Errorf("favicon matcher requires at least one hash")
-		}
-		for _, h := range matchers[i].Hash {
-			if _, ok := normalizeFaviconHash(h); !ok {
-				return fmt.Errorf("favicon hash %d out of range (use a signed int32 or unsigned uint32 value)", h)
-			}
-		}
-	}
-	return nil
-}
@@ -1,191 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules
-
-import (
-	"context"
-	"fmt"
-	"math"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/vmfunc/sif/internal/fingerprint"
-	"github.com/vmfunc/sif/internal/httpx"
-)
-
-// faviconFixture hashes to a negative int32, so its signed and unsigned forms
-// differ and the unsigned-match case below actually exercises the fold.
-var faviconFixture = []byte(strings.Repeat("sif-favicon-golden-test-bytes-", 8))
-
-func TestCheckMatcherFavicon(t *testing.T) {
-	body := string(faviconFixture)
-	signed := int64(fingerprint.FaviconHash(faviconFixture))
-	if signed >= 0 {
-		t.Fatalf("fixture must hash to a negative int32 for the unsigned case to be meaningful, got %d", signed)
-	}
-	unsigned := int64(uint32(fingerprint.FaviconHash(faviconFixture)))
-
-	tests := []struct {
-		name   string
-		hashes []int64
-		expect bool
-	}{
-		{name: "signed match", hashes: []int64{signed}, expect: true},
-		{name: "unsigned match", hashes: []int64{unsigned}, expect: true},
-		{name: "one of many", hashes: []int64{1, 2, signed}, expect: true},
-		{name: "no match", hashes: []int64{1, 2, 3}, expect: false},
-		{name: "empty list", hashes: nil, expect: false},
-		{name: "out-of-range ignored", hashes: []int64{1 << 40}, expect: false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			m := &Matcher{Type: "favicon", Hash: tt.hashes}
-			resp := fakeResponse(t, 200, nil)
-			if got := checkMatcher(m, resp, body); got != tt.expect {
-				t.Errorf("checkMatcher favicon = %v, want %v", got, tt.expect)
-			}
-		})
-	}
-}
-
-func TestNormalizeFaviconHash(t *testing.T) {
-	tests := []struct {
-		name   string
-		in     int64
-		want   int32
-		wantOK bool
-	}{
-		{name: "signed passthrough", in: -235701012, want: -235701012, wantOK: true},
-		{name: "unsigned folds to signed", in: 4059266284, want: -235701012, wantOK: true},
-		{name: "positive in range", in: 116323821, want: 116323821, wantOK: true},
-		{name: "min int32", in: math.MinInt32, want: math.MinInt32, wantOK: true},
-		{name: "max uint32 folds to -1", in: math.MaxUint32, want: -1, wantOK: true},
-		{name: "above uint32 rejected", in: math.MaxUint32 + 1, wantOK: false},
-		{name: "below int32 rejected", in: math.MinInt32 - 1, wantOK: false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, ok := normalizeFaviconHash(tt.in)
-			if ok != tt.wantOK {
-				t.Fatalf("ok = %v, want %v", ok, tt.wantOK)
-			}
-			if ok && got != tt.want {
-				t.Errorf("normalizeFaviconHash(%d) = %d, want %d", tt.in, got, tt.want)
-			}
-		})
-	}
-}
-
-func TestFaviconEvidence(t *testing.T) {
-	body := string(faviconFixture)
-	hashLine := fmt.Sprintf("favicon mmh3=%d", fingerprint.FaviconHash(faviconFixture))
-	tests := []struct {
-		name     string
-		matchers []Matcher
-		want     string
-		wantOK   bool
-	}{
-		{name: "favicon only", matchers: []Matcher{{Type: "favicon"}}, want: hashLine, wantOK: true},
-		{name: "favicon with status", matchers: []Matcher{{Type: "status"}, {Type: "favicon"}}, want: hashLine, wantOK: true},
-		{name: "favicon with word keeps body", matchers: []Matcher{{Type: "word"}, {Type: "favicon"}}, wantOK: false},
-		{name: "favicon with regex keeps body", matchers: []Matcher{{Type: "regex"}, {Type: "favicon"}}, wantOK: false},
-		{name: "no favicon matcher", matchers: []Matcher{{Type: "status"}}, wantOK: false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, ok := faviconEvidence(tt.matchers, body)
-			if ok != tt.wantOK {
-				t.Fatalf("ok = %v, want %v", ok, tt.wantOK)
-			}
-			if ok && got != tt.want {
-				t.Errorf("evidence = %q, want %q", got, tt.want)
-			}
-		})
-	}
-}
-
-func TestValidateMatchers(t *testing.T) {
-	tests := []struct {
-		name     string
-		matchers []Matcher
-		wantErr  bool
-	}{
-		{name: "valid signed", matchers: []Matcher{{Type: "favicon", Hash: []int64{-235701012}}}, wantErr: false},
-		{name: "valid unsigned", matchers: []Matcher{{Type: "favicon", Hash: []int64{4059266284}}}, wantErr: false},
-		{name: "favicon with no hash", matchers: []Matcher{{Type: "favicon"}}, wantErr: true},
-		{name: "out-of-range hash", matchers: []Matcher{{Type: "favicon", Hash: []int64{99999999999}}}, wantErr: true},
-		{name: "non-favicon ignored", matchers: []Matcher{{Type: "word", Words: []string{"x"}}}, wantErr: false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if err := validateMatchers(tt.matchers); (err != nil) != tt.wantErr {
-				t.Errorf("validateMatchers err = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
-
-// favicon composes with the negative flag like any other matcher.
-func TestCheckMatcherFaviconNegative(t *testing.T) {
-	signed := int64(fingerprint.FaviconHash(faviconFixture))
-	matchers := []Matcher{{Type: "favicon", Hash: []int64{signed}, Negative: true}}
-	resp := fakeResponse(t, 200, nil)
-	if checkMatchers(matchers, "", resp, string(faviconFixture)) {
-		t.Error("negative favicon matcher should not match its own hash")
-	}
-}
-
-// drives the full executor: fetch favicon, match on its hash, report the hash.
-func TestExecuteHTTPModuleFavicon(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/favicon.ico" {
-			w.Header().Set("Content-Type", "image/x-icon")
-			_, _ = w.Write(faviconFixture)
-			return
-		}
-		w.WriteHeader(http.StatusNotFound)
-	}))
-	defer srv.Close()
-
-	// unsigned form must still match end to end
-	unsigned := int64(uint32(fingerprint.FaviconHash(faviconFixture)))
-	def := &YAMLModule{
-		ID:   "favicon-fp",
-		Type: TypeHTTP,
-		Info: YAMLModuleInfo{Severity: "info"},
-		HTTP: &HTTPConfig{
-			Method: "GET",
-			Paths:  []string{"{{BaseURL}}/favicon.ico"},
-			Matchers: []Matcher{
-				{Type: "status", Status: []int{200}},
-				{Type: "favicon", Hash: []int64{unsigned}},
-			},
-		},
-	}
-
-	opts := Options{Timeout: testTimeout, Client: httpx.Client(testTimeout)}
-	result, err := ExecuteHTTPModule(context.Background(), srv.URL, def, opts)
-	if err != nil {
-		t.Fatalf("ExecuteHTTPModule: %v", err)
-	}
-	if len(result.Findings) != 1 {
-		t.Fatalf("got %d findings, want 1", len(result.Findings))
-	}
-
-	wantEvidence := fmt.Sprintf("favicon mmh3=%d", fingerprint.FaviconHash(faviconFixture))
-	if got := result.Findings[0].Evidence; got != wantEvidence {
-		t.Errorf("evidence = %q, want %q", got, wantEvidence)
-	}
-}
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runHTTPDBModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -1,151 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules_test
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-func runInfraModule(t *testing.T, file string, status int, body string) *modules.Result {
-	t.Helper()
-	def, err := modules.ParseYAMLModule(file)
-	if err != nil {
-		t.Fatalf("parse %s: %v", file, err)
-	}
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(status)
-		_, _ = w.Write([]byte(body))
-	}))
-	defer srv.Close()
-
-	res, err := modules.ExecuteHTTPModule(context.Background(), srv.URL, def, modules.Options{
-		Timeout: 5 * time.Second,
-		Threads: 2,
-	})
-	if err != nil {
-		t.Fatalf("execute %s: %v", file, err)
-	}
-	return res
-}
-
-func infraExtract(res *modules.Result, key string) string {
-	for _, f := range res.Findings {
-		if v := f.Extracted[key]; v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func TestInfraConfigExposureModules(t *testing.T) {
-	const terraform = "../../modules/recon/terraform-state-exposure.yaml"
-	const kubeconfig = "../../modules/recon/kubeconfig-exposure.yaml"
-	const compose = "../../modules/recon/docker-compose-exposure.yaml"
-
-	t.Run("terraform state leaks the terraform version", func(t *testing.T) {
-		body := `{"version":4,"terraform_version":"1.5.7","serial":12,"lineage":"a1b2",` +
-			`"outputs":{},"resources":[{"type":"aws_db_instance","name":"main"}]}`
-		res := runInfraModule(t, terraform, 200, body)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a terraform state finding")
-		}
-		if v := infraExtract(res, "terraform_version"); v != "1.5.7" {
-			t.Errorf("terraform_version=%q, want 1.5.7", v)
-		}
-	})
-
-	t.Run("terraform state with a pre-release version still extracts the number", func(t *testing.T) {
-		body := `{"version":4,"terraform_version":"0.12.0-beta1","serial":1,"lineage":"x","resources":[]}`
-		res := runInfraModule(t, terraform, 200, body)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a terraform state finding")
-		}
-		if v := infraExtract(res, "terraform_version"); v != "0.12.0" {
-			t.Errorf("terraform_version=%q, want 0.12.0", v)
-		}
-	})
-
-	t.Run("kubeconfig leaks the cluster server", func(t *testing.T) {
-		body := "apiVersion: v1\nkind: Config\nclusters:\n- cluster:\n" +
-			"    server: https://10.0.0.1:6443\n  name: prod\ncurrent-context: prod\n"
-		res := runInfraModule(t, kubeconfig, 200, body)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a kubeconfig finding")
-		}
-		if v := infraExtract(res, "cluster_server"); v != "https://10.0.0.1:6443" {
-			t.Errorf("cluster_server=%q, want https://10.0.0.1:6443", v)
-		}
-	})
-
-	t.Run("docker compose leaks the image version", func(t *testing.T) {
-		body := "version: \"3.8\"\nservices:\n  web:\n    image: nginx:1.25\n    ports:\n" +
-			"      - \"80:80\"\n  db:\n    image: postgres:15\n"
-		res := runInfraModule(t, compose, 200, body)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a docker compose finding")
-		}
-		if v := infraExtract(res, "compose_image"); v != "nginx:1.25" {
-			t.Errorf("compose_image=%q, want nginx:1.25", v)
-		}
-	})
-
-	t.Run("a terraform_version mention without the state structure is not a leak", func(t *testing.T) {
-		body := `{"terraform_version":"1.5.7"}`
-		if res := runInfraModule(t, terraform, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a bare version mention should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a kind Config mention without the kubeconfig structure is not a leak", func(t *testing.T) {
-		body := "kind: Config\ndescription: an unrelated document\n"
-		if res := runInfraModule(t, kubeconfig, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a bare kind mention should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a services key without a service definition is not a leak", func(t *testing.T) {
-		body := "services: enabled\nnote: not a compose file\n"
-		if res := runInfraModule(t, compose, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a bare services key should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an html page carrying the markers is not a leak", func(t *testing.T) {
-		body := `<html><head><title>x</title></head><body>"terraform_version":"1.5.7" "lineage":"a1b2"</body></html>`
-		if res := runInfraModule(t, terraform, 200, body); len(res.Findings) > 0 {
-			t.Errorf("an html page should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a plain 200 body is not a leak", func(t *testing.T) {
-		for _, file := range []string{terraform, kubeconfig, compose} {
-			if res := runInfraModule(t, file, 200, "ok"); len(res.Findings) > 0 {
-				t.Errorf("%s: a plain 200 body should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-
-	t.Run("a 404 is not a leak", func(t *testing.T) {
-		for _, file := range []string{terraform, kubeconfig, compose} {
-			if res := runInfraModule(t, file, 404, "not found"); len(res.Findings) > 0 {
-				t.Errorf("%s: a 404 should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-}
@@ -1,86 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/vmfunc/sif/internal/httpx"
-)
-
-func TestRunExtractorsJSON(t *testing.T) {
-	const body = `{"version":"1.2.3","app":{"name":"sif"},"items":[{"id":7}]}`
-	resp := fakeResponse(t, 200, nil)
-
-	tests := []struct {
-		name  string
-		paths []string
-		want  string // "" means the extractor should set nothing
-	}{
-		{"top level", []string{"version"}, "1.2.3"},
-		{"nested", []string{"app.name"}, "sif"},
-		{"array index", []string{"items.0.id"}, "7"},
-		{"first existing wins", []string{"missing", "version"}, "1.2.3"},
-		{"no match", []string{"nope"}, ""},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			ex := []Extractor{{Type: "json", Name: "v", Part: "body", JSON: tt.paths}}
-			got := runExtractors(ex, resp, body)
-			if tt.want == "" {
-				if v, ok := got["v"]; ok {
-					t.Errorf("expected no extraction, got %q", v)
-				}
-				return
-			}
-			if got["v"] != tt.want {
-				t.Errorf("got %q, want %q", got["v"], tt.want)
-			}
-		})
-	}
-}
-
-func TestExecuteHTTPModuleJSONExtractor(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
-		_, _ = w.Write([]byte(`{"version":"9.9.9"}`))
-	}))
-	defer srv.Close()
-
-	def := &YAMLModule{
-		ID:   "j",
-		Type: TypeHTTP,
-		Info: YAMLModuleInfo{Severity: "info"},
-		HTTP: &HTTPConfig{
-			Method:     "GET",
-			Paths:      []string{"{{BaseURL}}/"},
-			Matchers:   []Matcher{{Type: "status", Status: []int{200}}},
-			Extractors: []Extractor{{Type: "json", Name: "version", Part: "body", JSON: []string{"version"}}},
-		},
-	}
-
-	opts := Options{Timeout: testTimeout, Client: httpx.Client(testTimeout)}
-	res, err := ExecuteHTTPModule(context.Background(), srv.URL, def, opts)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(res.Findings) != 1 {
-		t.Fatalf("got %d findings, want 1", len(res.Findings))
-	}
-	if got := res.Findings[0].Extracted["version"]; got != "9.9.9" {
-		t.Errorf("extracted version = %q, want 9.9.9", got)
-	}
-}
@@ -19,7 +19,7 @@ import (
 	"runtime"

 	"github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // Loader handles module discovery and loading.
@@ -1,106 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules_test
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-func runLoginModule(t *testing.T, file string, status int, headers map[string]string, body string) *modules.Result {
-	t.Helper()
-	def, err := modules.ParseYAMLModule(file)
-	if err != nil {
-		t.Fatalf("parse %s: %v", file, err)
-	}
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		for k, v := range headers {
-			w.Header().Set(k, v)
-		}
-		w.WriteHeader(status)
-		_, _ = w.Write([]byte(body))
-	}))
-	defer srv.Close()
-
-	res, err := modules.ExecuteHTTPModule(context.Background(), srv.URL, def, modules.Options{
-		Timeout: 5 * time.Second,
-		Threads: 2,
-	})
-	if err != nil {
-		t.Fatalf("execute %s: %v", file, err)
-	}
-	return res
-}
-
-func loginExtract(res *modules.Result, key string) string {
-	for _, f := range res.Findings {
-		if v := f.Extracted[key]; v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func TestLoginPanelModules(t *testing.T) {
-	const grafana = "../../modules/info/grafana-panel.yaml"
-	const kibana = "../../modules/info/kibana-panel.yaml"
-	const jenkins = "../../modules/info/jenkins-panel.yaml"
-
-	grafanaBody := `<body class="app-grafana"><grafana-app></grafana-app>` +
-		`<script>window.grafanaBootData = {"settings":{"buildInfo":{"version":"10.4.2","commit":"abc"}}};</script></body>`
-	kibanaBody := `<div data-test-subj="kibanaChrome"><kbn-injected-metadata data="x"></kbn-injected-metadata></div>`
-
-	t.Run("grafana login", func(t *testing.T) {
-		res := runLoginModule(t, grafana, 200, nil, grafanaBody)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a grafana finding")
-		}
-		if v := loginExtract(res, "grafana_version"); v != "10.4.2" {
-			t.Errorf("grafana_version=%q, want 10.4.2", v)
-		}
-	})
-
-	t.Run("kibana via response headers", func(t *testing.T) {
-		res := runLoginModule(t, kibana, 200, map[string]string{"kbn-version": "8.13.0", "kbn-name": "node-1"}, kibanaBody)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a kibana finding")
-		}
-		if v := loginExtract(res, "kibana_version"); v != "8.13.0" {
-			t.Errorf("kibana_version=%q, want 8.13.0", v)
-		}
-	})
-
-	t.Run("jenkins via X-Jenkins header on a 403", func(t *testing.T) {
-		res := runLoginModule(t, jenkins, 403, map[string]string{"X-Jenkins": "2.426.1"},
-			`<html><head><title>Authentication required</title></head></html>`)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a jenkins finding")
-		}
-		if v := loginExtract(res, "jenkins_version"); v != "2.426.1" {
-			t.Errorf("jenkins_version=%q, want 2.426.1", v)
-		}
-	})
-
-	t.Run("unrelated page is not a panel", func(t *testing.T) {
-		for _, file := range []string{grafana, kibana, jenkins} {
-			if res := runLoginModule(t, file, 200, nil, "<html><body>plain</body></html>"); len(res.Findings) > 0 {
-				t.Errorf("%s: unrelated page should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-}
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runMgmtModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -1,132 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/vmfunc/sif/internal/httpx"
-)
-
-func TestCheckMatchersCondition(t *testing.T) {
-	const body = "hello world"
-	resp := fakeResponse(t, 200, nil)
-
-	status200 := Matcher{Type: "status", Status: []int{200}}
-	status500 := Matcher{Type: "status", Status: []int{500}}
-	wordHit := Matcher{Type: "word", Part: "body", Words: []string{"hello"}}
-	wordMiss := Matcher{Type: "word", Part: "body", Words: []string{"absent"}}
-
-	tests := []struct {
-		name      string
-		condition string
-		matchers  []Matcher
-		expect    bool
-	}{
-		{"and both match", "and", []Matcher{status200, wordHit}, true},
-		{"and one fails", "and", []Matcher{status200, wordMiss}, false},
-		{"empty defaults to and", "", []Matcher{status200, wordMiss}, false},
-		{"or one matches", "or", []Matcher{status500, wordHit}, true},
-		{"or none match", "or", []Matcher{status500, wordMiss}, false},
-		{"or all match", "or", []Matcher{status200, wordHit}, true},
-		{"or is case-insensitive", "OR", []Matcher{status500, wordHit}, true},
-		{"and is case-insensitive", "AND", []Matcher{status200, wordMiss}, false},
-		{"or with negative pass", "or", []Matcher{{Type: "word", Part: "body", Words: []string{"absent"}, Negative: true}}, true},
-		{"or all fail with negative", "or", []Matcher{{Type: "word", Part: "body", Words: []string{"hello"}, Negative: true}, wordMiss}, false},
-		{"empty matcher list", "or", nil, false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := checkMatchers(tt.matchers, tt.condition, resp, body); got != tt.expect {
-				t.Errorf("checkMatchers(%q) = %v, want %v", tt.condition, got, tt.expect)
-			}
-		})
-	}
-}
-
-func TestValidateMatchersCondition(t *testing.T) {
-	for _, ok := range []string{"", "and", "or", "AND", "Or"} {
-		if err := validateMatchersCondition(ok); err != nil {
-			t.Errorf("%q should be valid: %v", ok, err)
-		}
-	}
-	for _, bad := range []string{"xor", "nand", "any", "&&"} {
-		if err := validateMatchersCondition(bad); err == nil {
-			t.Errorf("%q should be rejected", bad)
-		}
-	}
-}
-
-func TestParseMatchersConditionValidation(t *testing.T) {
-	write := func(cond string) string {
-		p := filepath.Join(t.TempDir(), "m.yaml")
-		body := fmt.Sprintf("id: mc\ntype: http\nhttp:\n  method: GET\n  paths: [\"{{BaseURL}}\"]\n  matchers-condition: %s\n  matchers:\n    - type: status\n      status: [200]\n", cond)
-		if err := os.WriteFile(p, []byte(body), 0o600); err != nil {
-			t.Fatal(err)
-		}
-		return p
-	}
-	if _, err := ParseYAMLModule(write("or")); err != nil {
-		t.Errorf("matchers-condition: or should parse: %v", err)
-	}
-	if _, err := ParseYAMLModule(write("xor")); err == nil {
-		t.Error("matchers-condition: xor should be rejected at load")
-	}
-}
-
-// or fires on the word match alone; and does not (status:500 fails).
-func TestExecuteHTTPModuleMatchersConditionOr(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
-		_, _ = w.Write([]byte("hello"))
-	}))
-	defer srv.Close()
-
-	def := &YAMLModule{
-		ID:   "mc",
-		Type: TypeHTTP,
-		Info: YAMLModuleInfo{Severity: "info"},
-		HTTP: &HTTPConfig{
-			Method: "GET",
-			Paths:  []string{"{{BaseURL}}/"},
-			Matchers: []Matcher{
-				{Type: "status", Status: []int{500}},
-				{Type: "word", Part: "body", Words: []string{"hello"}},
-			},
-		},
-	}
-	opts := Options{Timeout: testTimeout, Client: httpx.Client(testTimeout)}
-
-	def.HTTP.MatchersCondition = "or"
-	res, err := ExecuteHTTPModule(context.Background(), srv.URL, def, opts)
-	if err != nil {
-		t.Fatalf("or: %v", err)
-	}
-	if len(res.Findings) != 1 {
-		t.Fatalf("or: got %d findings, want 1", len(res.Findings))
-	}
-
-	def.HTTP.MatchersCondition = ""
-	res, err = ExecuteHTTPModule(context.Background(), srv.URL, def, opts)
-	if err != nil {
-		t.Fatalf("and: %v", err)
-	}
-	if len(res.Findings) != 0 {
-		t.Fatalf("and: got %d findings, want 0 (status:500 fails)", len(res.Findings))
-	}
-}
@@ -14,8 +14,6 @@ package modules

 import (
 	"net/http"
-	"os"
-	"path/filepath"
 	"strings"
 	"testing"
 )
@@ -186,7 +184,7 @@ func TestCheckMatchers(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := checkMatchers(tt.matchers, "", resp, body); got != tt.expect {
+			if got := checkMatchers(tt.matchers, resp, body); got != tt.expect {
 				t.Errorf("checkMatchers = %v, want %v", got, tt.expect)
 			}
 		})
@@ -415,10 +413,7 @@ func TestGenerateHTTPRequests(t *testing.T) {
 			Paths: []string{"{{BaseURL}}/a", "{{BaseURL}}/b"},
 		}
 		// trailing slash on the target must be trimmed before substitution.
-		got, err := generateHTTPRequests("http://h/", cfg)
-		if err != nil {
-			t.Fatalf("generate: %v", err)
-		}
+		got := generateHTTPRequests("http://h/", cfg)
 		if len(got) != 2 {
 			t.Fatalf("got %d requests, want 2", len(got))
 		}
@@ -437,10 +432,7 @@ func TestGenerateHTTPRequests(t *testing.T) {
 			Payloads: []string{"1", "2", "3"},
 			Body:     "data={{payload}}",
 		}
-		got, err := generateHTTPRequests("http://h", cfg)
-		if err != nil {
-			t.Fatalf("generate: %v", err)
-		}
+		got := generateHTTPRequests("http://h", cfg)
 		if len(got) != 3 {
 			t.Fatalf("got %d requests, want 3", len(got))
 		}
@@ -465,67 +457,9 @@ func TestGenerateHTTPRequests(t *testing.T) {
 			Paths:    []string{"{{BaseURL}}/a", "{{BaseURL}}/b"},
 			Payloads: []string{"x", "y"},
 		}
-		got, err := generateHTTPRequests("http://h", cfg)
-		if err != nil {
-			t.Fatalf("generate: %v", err)
-		}
+		got := generateHTTPRequests("http://h", cfg)
 		if len(got) != 4 {
 			t.Fatalf("got %d requests, want 4 (2 paths x 2 payloads)", len(got))
 		}
 	})
-
-	t.Run("wordlist expands {{word}} paths", func(t *testing.T) {
-		list := filepath.Join(t.TempDir(), "words.txt")
-		if err := os.WriteFile(list, []byte("admin\n\nconfig\nbackup\n"), 0o600); err != nil {
-			t.Fatal(err)
-		}
-		cfg := &HTTPConfig{
-			Paths:    []string{"{{BaseURL}}/{{word}}", "{{BaseURL}}/.git/HEAD"},
-			Wordlist: list,
-		}
-		got, err := generateHTTPRequests("http://h", cfg)
-		if err != nil {
-			t.Fatalf("generate: %v", err)
-		}
-		// 3 words (the blank line is skipped) fuzz the templated path, then the
-		// literal path passes through untouched.
-		want := []string{"http://h/admin", "http://h/config", "http://h/backup", "http://h/.git/HEAD"}
-		if len(got) != len(want) {
-			t.Fatalf("got %d requests, want %d", len(got), len(want))
-		}
-		for i, w := range want {
-			if got[i].URL != w {
-				t.Errorf("req %d url = %q, want %q", i, got[i].URL, w)
-			}
-		}
-	})
-
-	t.Run("wordlist crosses with payloads", func(t *testing.T) {
-		list := filepath.Join(t.TempDir(), "words.txt")
-		if err := os.WriteFile(list, []byte("a\nb\n"), 0o600); err != nil {
-			t.Fatal(err)
-		}
-		cfg := &HTTPConfig{
-			Paths:    []string{"{{BaseURL}}/{{word}}?q={{payload}}"},
-			Wordlist: list,
-			Payloads: []string{"1", "2", "3"},
-		}
-		got, err := generateHTTPRequests("http://h", cfg)
-		if err != nil {
-			t.Fatalf("generate: %v", err)
-		}
-		if len(got) != 6 {
-			t.Fatalf("got %d requests, want 6 (2 words x 3 payloads)", len(got))
-		}
-	})
-
-	t.Run("missing wordlist errors", func(t *testing.T) {
-		cfg := &HTTPConfig{
-			Paths:    []string{"{{BaseURL}}/{{word}}"},
-			Wordlist: filepath.Join(t.TempDir(), "nope.txt"),
-		}
-		if _, err := generateHTTPRequests("http://h", cfg); err == nil {
-			t.Fatal("want error for missing wordlist, got nil")
-		}
-	})
 }
@@ -1,138 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules_test
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-func runMetricsModule(t *testing.T, file string, status int, body string) *modules.Result {
-	t.Helper()
-	def, err := modules.ParseYAMLModule(file)
-	if err != nil {
-		t.Fatalf("parse %s: %v", file, err)
-	}
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(status)
-		_, _ = w.Write([]byte(body))
-	}))
-	defer srv.Close()
-
-	res, err := modules.ExecuteHTTPModule(context.Background(), srv.URL, def, modules.Options{
-		Timeout: 5 * time.Second,
-		Threads: 2,
-	})
-	if err != nil {
-		t.Fatalf("execute %s: %v", file, err)
-	}
-	return res
-}
-
-func metricsExtract(res *modules.Result, key string) string {
-	for _, f := range res.Findings {
-		if v := f.Extracted[key]; v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func TestMetricsExposureModules(t *testing.T) {
-	const netdata = "../../modules/recon/netdata-api-exposure.yaml"
-	const cadvisor = "../../modules/recon/cadvisor-api-exposure.yaml"
-
-	netdataInfo := `{"version":"v1.44.0","uid":"6c5c8a3f","mirrored_hosts":["localhost"],` +
-		`"mirrored_hosts_status":[{"guid":"6c5c8a3f","reachable":true}],"os_name":"Debian GNU/Linux",` +
-		`"cores_total":"8","total_disk_space":"512000000000"}`
-
-	cadvisorMachine := `{"num_cores":8,"num_physical_cores":4,"num_sockets":1,"cpu_frequency_khz":2904000,` +
-		`"memory_capacity":16777216000,"machine_id":"a1b2c3d4e5f60718293a4b5c6d7e8f90",` +
-		`"system_uuid":"4C4C4544-0042-3110-8044-B7C04F564432","boot_id":"f0e1d2c3"}`
-
-	t.Run("an exposed netdata info endpoint is flagged and versioned", func(t *testing.T) {
-		res := runMetricsModule(t, netdata, 200, netdataInfo)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a netdata finding")
-		}
-		if v := metricsExtract(res, "netdata_version"); v != "v1.44.0" {
-			t.Errorf("netdata_version=%q, want v1.44.0", v)
-		}
-	})
-
-	t.Run("an exposed cadvisor machine endpoint is flagged with the machine id", func(t *testing.T) {
-		res := runMetricsModule(t, cadvisor, 200, cadvisorMachine)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a cadvisor finding")
-		}
-		if v := metricsExtract(res, "cadvisor_machine_id"); v != "a1b2c3d4e5f60718293a4b5c6d7e8f90" {
-			t.Errorf("cadvisor_machine_id=%q, want the machine id", v)
-		}
-	})
-
-	t.Run("netdata mirrored hosts without cores total is not flagged", func(t *testing.T) {
-		body := `{"version":"v1.44.0","mirrored_hosts":["localhost"]}`
-		if res := runMetricsModule(t, netdata, 200, body); len(res.Findings) > 0 {
-			t.Errorf("mirrored hosts alone should not match netdata, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("netdata cores total without mirrored hosts is not flagged", func(t *testing.T) {
-		body := `{"version":"v1.44.0","cores_total":"8"}`
-		if res := runMetricsModule(t, netdata, 200, body); len(res.Findings) > 0 {
-			t.Errorf("cores total alone should not match netdata, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("cadvisor machine id without a cpu frequency is not flagged", func(t *testing.T) {
-		body := `{"machine_id":"a1b2c3d4e5f60718293a4b5c6d7e8f90","num_cores":8}`
-		if res := runMetricsModule(t, cadvisor, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a machine id alone should not match cadvisor, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("cadvisor cpu frequency without a machine id is not flagged", func(t *testing.T) {
-		body := `{"cpu_frequency_khz":2904000,"num_cores":8}`
-		if res := runMetricsModule(t, cadvisor, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a cpu frequency alone should not match cadvisor, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a generic metrics json is not netdata", func(t *testing.T) {
-		body := `{"status":"ok","data":{"result":[]}}`
-		if res := runMetricsModule(t, netdata, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a generic json should not match netdata, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a plain 200 body is not a leak", func(t *testing.T) {
-		for _, file := range []string{netdata, cadvisor} {
-			if res := runMetricsModule(t, file, 200, "ok"); len(res.Findings) > 0 {
-				t.Errorf("%s: a plain 200 body should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-
-	t.Run("a 404 is not a leak", func(t *testing.T) {
-		for _, file := range []string{netdata, cadvisor} {
-			if res := runMetricsModule(t, file, 404, "not found"); len(res.Findings) > 0 {
-				t.Errorf("%s: a 404 should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-}
@@ -86,14 +86,13 @@ type Finding struct {
 // Matcher defines matching logic for module responses.
 // Matchers are used to determine if a response indicates a vulnerability.
 type Matcher struct {
-	Type      string   `yaml:"type"` // regex, status, word, favicon
+	Type      string   `yaml:"type"` // regex, status, word, size
 	Part      string   `yaml:"part"` // body, header, all
 	Regex     []string `yaml:"regex,omitempty"`
 	Words     []string `yaml:"words,omitempty"`
 	Status    []int    `yaml:"status,omitempty"`
 	Size      []int    `yaml:"size,omitempty"`
-	Hash      []int64  `yaml:"hash,omitempty"` // favicon: shodan mmh3 hashes (signed or unsigned)
-	Condition string   `yaml:"condition"`      // and, or
+	Condition string   `yaml:"condition"` // and, or
 	Negative  bool     `yaml:"negative"`
 }

@@ -104,6 +103,5 @@ type Extractor struct {
 	Name  string   `yaml:"name"`
 	Part  string   `yaml:"part"`
 	Regex []string `yaml:"regex,omitempty"`
-	JSON  []string `yaml:"json,omitempty"`
 	Group int      `yaml:"group"`
 }
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 // runOpsModule runs a shipped module end to end against a server that returns
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runOrchModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runRailsModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runRegistryModule(t *testing.T, file string, status int, headers map[string]string, body string) *modules.Result {
@@ -1,175 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package modules_test
-
-import (
-	"context"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-func runRuntimeModule(t *testing.T, file string, status int, body string) *modules.Result {
-	t.Helper()
-	def, err := modules.ParseYAMLModule(file)
-	if err != nil {
-		t.Fatalf("parse %s: %v", file, err)
-	}
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(status)
-		_, _ = w.Write([]byte(body))
-	}))
-	defer srv.Close()
-
-	res, err := modules.ExecuteHTTPModule(context.Background(), srv.URL, def, modules.Options{
-		Timeout: 5 * time.Second,
-		Threads: 2,
-	})
-	if err != nil {
-		t.Fatalf("execute %s: %v", file, err)
-	}
-	return res
-}
-
-func runtimeExtract(res *modules.Result, key string) string {
-	for _, f := range res.Findings {
-		if v := f.Extracted[key]; v != "" {
-			return v
-		}
-	}
-	return ""
-}
-
-func TestRuntimeAPIExposureModules(t *testing.T) {
-	const docker = "../../modules/recon/docker-api-exposure.yaml"
-	const k8s = "../../modules/recon/kubernetes-api-exposure.yaml"
-	const kubelet = "../../modules/recon/kubelet-api-exposure.yaml"
-
-	dockerVersion := `{"Platform":{"Name":"Docker Engine - Community"},"Components":[` +
-		`{"Name":"Engine","Version":"24.0.7","Details":{"ApiVersion":"1.43"}},` +
-		`{"Name":"containerd","Version":"1.6.24"},{"Name":"runc","Version":"1.1.9"}],` +
-		`"Version":"24.0.7","ApiVersion":"1.43","MinAPIVersion":"1.12","GitCommit":"311b9ff",` +
-		`"GoVersion":"go1.20.10","Os":"linux","Arch":"amd64"}`
-
-	k8sVersion := `{"major":"1","minor":"28","gitVersion":"v1.28.2","gitCommit":"abc123",` +
-		`"gitTreeState":"clean","buildDate":"2023-09-13T09:35:49Z","goVersion":"go1.20.8",` +
-		`"compiler":"gc","platform":"linux/amd64"}`
-
-	kubeletPods := `{"kind":"PodList","apiVersion":"v1","metadata":{},"items":[{"metadata":` +
-		`{"name":"etcd-master","namespace":"kube-system"},"spec":{"containers":[{"name":"etcd"}]}}]}`
-
-	t.Run("an exposed docker api is flagged and versioned", func(t *testing.T) {
-		res := runRuntimeModule(t, docker, 200, dockerVersion)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a docker finding")
-		}
-		if v := runtimeExtract(res, "docker_version"); v != "24.0.7" {
-			t.Errorf("docker_version=%q, want 24.0.7", v)
-		}
-	})
-
-	t.Run("an exposed kubernetes api is flagged and versioned", func(t *testing.T) {
-		res := runRuntimeModule(t, k8s, 200, k8sVersion)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a kubernetes finding")
-		}
-		if v := runtimeExtract(res, "k8s_version"); v != "v1.28.2" {
-			t.Errorf("k8s_version=%q, want v1.28.2", v)
-		}
-	})
-
-	t.Run("an exposed kubelet leaks a pod namespace", func(t *testing.T) {
-		res := runRuntimeModule(t, kubelet, 200, kubeletPods)
-		if len(res.Findings) == 0 {
-			t.Fatal("expected a kubelet finding")
-		}
-		if v := runtimeExtract(res, "kubelet_namespace"); v != "kube-system" {
-			t.Errorf("kubelet_namespace=%q, want kube-system", v)
-		}
-	})
-
-	t.Run("a generic version json without the docker fields is not docker", func(t *testing.T) {
-		body := `{"version":"1.0.0","name":"myapp"}`
-		if res := runRuntimeModule(t, docker, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a generic version should not match docker, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("an apiversion without a min api version is not docker", func(t *testing.T) {
-		body := `{"ApiVersion":"2.0","name":"otherservice"}`
-		if res := runRuntimeModule(t, docker, 200, body); len(res.Findings) > 0 {
-			t.Errorf("apiversion alone should not match docker, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a min api version without an api version is not docker", func(t *testing.T) {
-		body := `{"MinAPIVersion":"1.12","Os":"linux"}`
-		if res := runRuntimeModule(t, docker, 200, body); len(res.Findings) > 0 {
-			t.Errorf("min api version alone should not match docker, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a generic version json without the git fields is not kubernetes", func(t *testing.T) {
-		body := `{"version":"1.2.3","build":"xyz"}`
-		if res := runRuntimeModule(t, k8s, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a generic version should not match kubernetes, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a gitversion without a git tree state is not kubernetes", func(t *testing.T) {
-		body := `{"gitVersion":"v1.0.0","app":"custom"}`
-		if res := runRuntimeModule(t, k8s, 200, body); len(res.Findings) > 0 {
-			t.Errorf("gitversion alone should not match kubernetes, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a build date without a gitversion is not kubernetes", func(t *testing.T) {
-		body := `{"buildDate":"2023-01-01T00:00:00Z","app":"custom"}`
-		if res := runRuntimeModule(t, k8s, 200, body); len(res.Findings) > 0 {
-			t.Errorf("build date alone should not match kubernetes, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a service list is not a kubelet pod list", func(t *testing.T) {
-		body := `{"kind":"ServiceList","apiVersion":"v1","items":[]}`
-		if res := runRuntimeModule(t, kubelet, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a service list should not match kubelet, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a pod list without an api version is not flagged", func(t *testing.T) {
-		body := `{"kind":"PodList","items":[]}`
-		if res := runRuntimeModule(t, kubelet, 200, body); len(res.Findings) > 0 {
-			t.Errorf("a pod list without apiversion should not match, got %d findings", len(res.Findings))
-		}
-	})
-
-	t.Run("a plain 200 body is not a leak", func(t *testing.T) {
-		for _, file := range []string{docker, k8s, kubelet} {
-			if res := runRuntimeModule(t, file, 200, "ok"); len(res.Findings) > 0 {
-				t.Errorf("%s: a plain 200 body should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-
-	t.Run("a 404 is not a leak", func(t *testing.T) {
-		for _, file := range []string{docker, k8s, kubelet} {
-			if res := runRuntimeModule(t, file, 404, "not found"); len(res.Findings) > 0 {
-				t.Errorf("%s: a 404 should not match, got %d findings", file, len(res.Findings))
-			}
-		}
-	})
-}
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runSecretModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -8,7 +8,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runVCSModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runVectorDBModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/modules"
 )

 func runWebSrvModule(t *testing.T, file string, status int, body string) *modules.Result {
@@ -53,17 +53,15 @@ type YAMLModuleInfo struct {

 // HTTPConfig defines HTTP module settings
 type HTTPConfig struct {
-	Method            string            `yaml:"method"`
-	Paths             []string          `yaml:"paths"`
-	Wordlist          string            `yaml:"wordlist,omitempty"`
-	Payloads          []string          `yaml:"payloads,omitempty"`
-	Headers           map[string]string `yaml:"headers,omitempty"`
-	Body              string            `yaml:"body,omitempty"`
-	Attack            string            `yaml:"attack,omitempty"` // clusterbomb (default), pitchfork
-	Threads           int               `yaml:"threads,omitempty"`
-	Matchers          []Matcher         `yaml:"matchers"`
-	MatchersCondition string            `yaml:"matchers-condition,omitempty"` // and (default), or
-	Extractors        []Extractor       `yaml:"extractors,omitempty"`
+	Method     string            `yaml:"method"`
+	Paths      []string          `yaml:"paths"`
+	Payloads   []string          `yaml:"payloads,omitempty"`
+	Headers    map[string]string `yaml:"headers,omitempty"`
+	Body       string            `yaml:"body,omitempty"`
+	Attack     string            `yaml:"attack,omitempty"` // clusterbomb (default), pitchfork
+	Threads    int               `yaml:"threads,omitempty"`
+	Matchers   []Matcher         `yaml:"matchers"`
+	Extractors []Extractor       `yaml:"extractors,omitempty"`
 }

 // DNSConfig defines DNS module settings
@@ -106,21 +104,6 @@ func ParseYAMLModule(path string) (*YAMLModule, error) {
 		if err := validateAttack(ym.HTTP.Attack); err != nil {
 			return nil, fmt.Errorf("module %q: %w", ym.ID, err)
 		}
-		if err := validateMatchersCondition(ym.HTTP.MatchersCondition); err != nil {
-			return nil, fmt.Errorf("module %q: %w", ym.ID, err)
-		}
-	}
-	var matchers []Matcher
-	switch {
-	case ym.HTTP != nil:
-		matchers = ym.HTTP.Matchers
-	case ym.DNS != nil:
-		matchers = ym.DNS.Matchers
-	case ym.TCP != nil:
-		matchers = ym.TCP.Matchers
-	}
-	if err := validateMatchers(matchers); err != nil {
-		return nil, fmt.Errorf("module %q: %w", ym.ID, err)
 	}

 	return &ym, nil
@@ -16,7 +16,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/vmfunc/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/finding"
 )

 // discordProvider posts to a discord webhook. discord's incoming-webhook body
@@ -20,8 +20,8 @@ import (
 	"net/http"
 	"strings"

-	"github.com/vmfunc/sif/internal/finding"
-	"github.com/vmfunc/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/httpx"
 )

 // contentTypeJSON is the body type every provider POSTs; all four speak json.
@@ -22,9 +22,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/vmfunc/sif/internal/finding"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // Options carries the runtime knobs Send needs. Timeout bounds each provider's
@@ -22,7 +22,7 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/finding"
 )

 // sampleFindings returns a small mixed-severity batch for payload assertions.
@@ -16,7 +16,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/vmfunc/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/finding"
 )

 // slackProvider posts to a slack incoming webhook. the webhook url already pins
@@ -16,7 +16,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/vmfunc/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/finding"
 )

 // telegramAPIBase is the bot api root. it's a var so tests can repoint it at an
@@ -16,7 +16,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/vmfunc/sif/internal/finding"
+	"github.com/dropalldatabases/sif/internal/finding"
 )

 // webhookProvider posts a structured json payload to an arbitrary endpoint. unlike
@@ -13,8 +13,8 @@
 package format

 import (
+	"github.com/dropalldatabases/sif/internal/styles"
 	nucleiout "github.com/projectdiscovery/nuclei/v3/pkg/output"
-	"github.com/vmfunc/sif/internal/styles"
 )

 func FormatLine(event *nucleiout.ResultEvent) string {
@@ -17,8 +17,8 @@ import (
 	"fmt"
 	"strings"

-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan/frameworks"
+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan/frameworks"
 )

 type FrameworksModule struct{}
@@ -16,8 +16,8 @@ import (
 	"context"
 	"fmt"

-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan"
+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan"
 )

 type NucleiModule struct{}
@@ -12,7 +12,7 @@

 package builtin

-import "github.com/vmfunc/sif/internal/modules"
+import "github.com/dropalldatabases/sif/internal/modules"

 // Register registers all Go-based built-in scans as modules.
 // Allows complex Go scans to participate in the module system
@@ -17,8 +17,8 @@ import (
 	"fmt"
 	"strings"

-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan"
+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan"
 )

 type SecurityTrailsModule struct{}
@@ -17,8 +17,8 @@ import (
 	"fmt"
 	"strings"

-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan"
+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan"
 )

 type ShodanModule struct{}
@@ -15,8 +15,8 @@ package builtin
 import (
 	"context"

-	"github.com/vmfunc/sif/internal/modules"
-	"github.com/vmfunc/sif/internal/scan"
+	"github.com/dropalldatabases/sif/internal/modules"
+	"github.com/dropalldatabases/sif/internal/scan"
 )

 type WhoisModule struct{}
@@ -21,9 +21,9 @@ import (
 	"time"

 	"github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/styles"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/styles"
 )

 // s3EndpointFmt is a var so integration tests can repoint it at a fixture; the
@@ -19,9 +19,9 @@ import (
 	"strings"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 type CMSResult struct {
@@ -78,7 +78,7 @@ func CMS(url string, timeout time.Duration, logdir string) (*CMSResult, error) {
 	}

 	// Drupal
-	if detectDrupal(resp.Header, bodyString) {
+	if strings.Contains(resp.Header.Get("X-Drupal-Cache"), "HIT") || strings.Contains(bodyString, "Drupal.settings") {
 		spin.Stop()
 		result := &CMSResult{Name: "Drupal", Version: "Unknown"}
 		log.Success("Detected CMS: %s", output.Highlight.Render(result.Name))
@@ -160,14 +160,3 @@ func detectJoomla(body string) bool {
 		strings.Contains(body, "/media/vendor/joomla") ||
 		strings.Contains(body, "/media/system/js/core.js")
 }
-
-// detectDrupal reports whether the response looks like Drupal. the X-Drupal-* and
-// X-Generator headers survive cdn caching when the body markers do not, and an
-// X-Drupal-Cache of any value (even MISS) is a tell.
-func detectDrupal(header http.Header, body string) bool {
-	return strings.Contains(header.Get("X-Generator"), "Drupal") ||
-		header.Get("X-Drupal-Cache") != "" ||
-		header.Get("X-Drupal-Dynamic-Cache") != "" ||
-		strings.Contains(body, "Drupal.settings") ||
-		strings.Contains(body, "drupalSettings")
-}
@@ -1,69 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package scan
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-)
-
-// header cases mirror live Drupal 8-11 (acquia, georgia, london): the X-Drupal-*
-// and X-Generator headers tell even when the body has no marker.
-func TestDetectDrupal_ModernSignals(t *testing.T) {
-	cases := []struct {
-		name   string
-		header http.Header
-		body   string
-		want   bool
-	}{
-		{"x-generator drupal 10", http.Header{"X-Generator": {"Drupal 10 (https://www.drupal.org)"}}, "", true},
-		{"x-drupal-cache miss", http.Header{"X-Drupal-Cache": {"MISS"}}, "", true},
-		{"x-drupal-dynamic-cache", http.Header{"X-Drupal-Dynamic-Cache": {"HIT"}}, "", true},
-		{"drupalSettings body (8+)", http.Header{}, `<script>window.drupalSettings = {};</script>`, true},
-		{"Drupal.settings body (7)", http.Header{}, `<script>Drupal.settings = {};</script>`, true},
-		{"plain page", http.Header{"Server": {"nginx"}}, "<html><body>hello</body></html>", false},
-		{"x-generator wordpress", http.Header{"X-Generator": {"WordPress 6.5"}}, "", false},
-		{"bare drupal prose", http.Header{}, "we migrated off Drupal CMS last year", false},
-	}
-	for _, c := range cases {
-		if got := detectDrupal(c.header, c.body); got != c.want {
-			t.Errorf("%s: detectDrupal = %v, want %v", c.name, got, c.want)
-		}
-	}
-}
-
-// end-to-end: a modern Drupal whose only tell is X-Drupal-Dynamic-Cache (the live
-// london.gov.uk case) must be detected.
-func TestCMS_ModernDrupalDetected(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		// a real Drupal site has no wordpress paths; 404 them so the wordpress
-		// probe does not claim the host before the Drupal check runs.
-		if r.URL.Path != "/" {
-			w.WriteHeader(http.StatusNotFound)
-			return
-		}
-		w.Header().Set("X-Drupal-Dynamic-Cache", "MISS")
-		_, _ = w.Write([]byte("<html><body>news and updates</body></html>"))
-	}))
-	defer srv.Close()
-
-	result, err := CMS(srv.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("CMS: %v", err)
-	}
-	if result == nil || result.Name != "Drupal" {
-		t.Errorf("modern Drupal (X-Drupal-Dynamic-Cache) not detected, got %+v", result)
-	}
-}
@@ -22,9 +22,9 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // CORSResult collects every cors misconfiguration found on the target.
@@ -21,9 +21,9 @@ import (

 	"github.com/gocolly/colly/v2"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // CrawlResult holds the deduped set of urls discovered by the spider.
@@ -26,14 +26,14 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/pool"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/pool"
 )

 // directoryURL is a var so integration tests can repoint it at a fixture.
-var directoryURL = "https://raw.githubusercontent.com/vmfunc/sif-runtime/main/dirlist/"
+var directoryURL = "https://raw.githubusercontent.com/dropalldatabases/sif-runtime/main/dirlist/"

 const (
 	smallFile  = "directory-list-2.3-small.txt"
@@ -50,9 +50,8 @@ const dirlistBodyCap = 512 * 1024
 // cannot exist, then treat any response shape they share as the wildcard
 // baseline. deterministic (no rng) so the workflow stays reproducible.
 const (
-	calibrationProbes  = 3
-	calibrationPrefix  = "/sif-cal-"
-	calibrationPadStep = 8 // per-probe suffix growth; see calibrationSuffix
+	calibrationProbes = 3
+	calibrationPrefix = "/sif-cal-"
 )

 // statusNotFound / statusForbidden are the historical default "not interesting"
@@ -91,20 +90,6 @@ type responseMeta struct {
 	words  int
 }

-// anySize, as a baseline size, marks a catch-all whose body size is unreliable (it
-// reflects the request path), so the baseline matches on status and word count alone.
-const anySize = -1
-
-// matchesBaseline reports whether meta looks like the calibrated soft-404 shape b.
-// a normal baseline compares status, size and words exactly; a reflecting catch-all
-// (b.size == anySize) compares status and words only, since its size is not stable.
-func (b responseMeta) matchesBaseline(meta responseMeta) bool {
-	if b.status != meta.status || b.words != meta.words {
-		return false
-	}
-	return b.size == anySize || b.size == meta.size
-}
-
 // matcher decides whether a response is "interesting" using the same precedence
 // as ffuf/feroxbuster: an explicit filter (-fc/-fs/-fw/-fr or a calibrated
 // baseline) drops the response, otherwise the match-code set decides.
@@ -169,10 +154,13 @@ func newMatcher(opts *DirlistOptions) (*matcher, error) {
 // over matches: a calibrated baseline, an -fc/-fs/-fw hit, or an -fr body match
 // always drops the response; otherwise the -mc set (when set) gates it.
 func (m *matcher) Matches(meta responseMeta, body []byte) bool {
-	// a calibrated soft-404 shape is the response the catch-all hands every bogus
-	// path, so drop anything matching a baseline.
-	if containsBaseline(m.baselines, meta) {
-		return false
+	// a calibrated soft-404 shape is the same response the catch-all hands every
+	// bogus path, so drop anything that matches a baseline exactly.
+	for i := 0; i < len(m.baselines); i++ {
+		b := m.baselines[i]
+		if b.status == meta.status && b.size == meta.size && b.words == meta.words {
+			return false
+		}
 	}

 	if _, drop := m.filterCodes[meta.status]; drop {
@@ -354,18 +342,11 @@ func scanLines(r io.Reader) ([]string, error) {

 // calibrate probes a few paths that cannot exist and records the response shapes
 // the catch-all hands them. those baselines feed the matcher so a soft-404 200
-// (the SPA wildcard) is suppressed before the real run.
+// (the SPA wildcard) is suppressed before the real run. deterministic by design:
+// the probe paths come from the loop index, never a random source.
 func calibrate(m *matcher, baseURL string, client *http.Client) {
-	m.baselines = baselinesFromProbes(probeCalibration(baseURL, client))
-}
-
-// probeCalibration requests calibrationProbes bogus paths and returns their soft
-// (non-hard-404) response shapes. paths grow in length (see calibrationSuffix) so a
-// path-reflecting catch-all is detectable. deterministic: paths come from the index.
-func probeCalibration(baseURL string, client *http.Client) []responseMeta {
-	probes := make([]responseMeta, 0, calibrationProbes)
 	for i := 0; i < calibrationProbes; i++ {
-		probe := baseURL + calibrationPrefix + calibrationSuffix(i)
+		probe := baseURL + calibrationPrefix + strconv.Itoa(i)
 		req, err := http.NewRequestWithContext(context.TODO(), http.MethodGet, probe, http.NoBody)
 		if err != nil {
 			charmlog.Debugf("dirlist: build calibration request: %v", err)
@@ -384,51 +365,17 @@ func probeCalibration(baseURL string, client *http.Client) []responseMeta {
 		if meta.status == statusNotFound {
 			continue
 		}
-		probes = append(probes, meta)
-	}
-	return probes
-}
-
-// calibrationSuffix returns the i-th probe suffix. each suffix is unique and longer
-// than the last, so a path-reflecting catch-all returns a different size per probe.
-func calibrationSuffix(i int) string {
-	return strconv.Itoa(i) + strings.Repeat("a", i*calibrationPadStep)
-}
-
-// baselinesFromProbes reduces raw calibration responses to the soft-404 shapes to
-// suppress. probes sharing status/word-count but differing in size are a reflecting
-// catch-all, collapsed to one word-count-tolerant baseline (size anySize); others exact.
-func baselinesFromProbes(probes []responseMeta) []responseMeta {
-	type shapeKey struct{ status, words int }
-	order := make([]shapeKey, 0, len(probes))
-	sizes := make(map[shapeKey]map[int]struct{})
-	for _, p := range probes {
-		k := shapeKey{p.status, p.words}
-		if sizes[k] == nil {
-			sizes[k] = make(map[int]struct{})
-			order = append(order, k)
+		if !containsBaseline(m.baselines, meta) {
+			m.baselines = append(m.baselines, meta)
 		}
-		sizes[k][p.size] = struct{}{}
 	}
-
-	baselines := make([]responseMeta, 0, len(order))
-	for _, k := range order {
-		size := anySize
-		if len(sizes[k]) == 1 {
-			// one stable size for this status/words: keep exact-shape matching.
-			for s := range sizes[k] {
-				size = s
-			}
-		}
-		baselines = append(baselines, responseMeta{status: k.status, size: size, words: k.words})
-	}
-	return baselines
 }

-// containsBaseline reports whether meta matches any calibrated soft-404 baseline.
+// containsBaseline reports whether the shape is already recorded, so repeated
+// probes returning the same soft-404 don't bloat the baseline set.
 func containsBaseline(baselines []responseMeta, meta responseMeta) bool {
 	for i := 0; i < len(baselines); i++ {
-		if baselines[i].matchesBaseline(meta) {
+		if baselines[i] == meta {
 			return true
 		}
 	}
@@ -381,116 +381,3 @@ func TestScanLinesErrorsOnOverlongLine(t *testing.T) {
 		t.Fatalf("scanLines err = %v, want bufio.ErrTooLong", err)
 	}
 }
-
-// reflectingWildcardApp serves a catch-all whose body echoes the request path, so
-// its size tracks path length; /admin returns a distinct real page.
-func reflectingWildcardApp() *httptest.Server {
-	mux := http.NewServeMux()
-	mux.HandleFunc("/admin", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte("<html><body>admin control panel dashboard credentials</body></html>"))
-	})
-	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		if r.URL.Path == "/admin" {
-			return
-		}
-		w.Write([]byte("<html><body>page not found: " + r.URL.Path + "</body></html>"))
-	})
-	return httptest.NewServer(mux)
-}
-
-// a reflecting catch-all hands each path a different size, so exact-shape calibration
-// misses it; the varied probe lengths expose it and -ac suppresses the bogus paths.
-func TestDirlist_CalibrationSuppressesReflectingWildcard(t *testing.T) {
-	srv := reflectingWildcardApp()
-	defer srv.Close()
-
-	dir := t.TempDir()
-	wordlist := filepath.Join(dir, "words.txt")
-	if err := os.WriteFile(wordlist, []byte("admin\nnope\nbogus\nmissing\n"), 0o600); err != nil {
-		t.Fatalf("write wordlist: %v", err)
-	}
-
-	results, err := Dirlist("small", srv.URL, 5*time.Second, 3, "", DirlistOptions{
-		Wordlist:  wordlist,
-		Calibrate: true,
-	})
-	if err != nil {
-		t.Fatalf("Dirlist (-ac): %v", err)
-	}
-
-	got := pathSet(results)
-	if !has(got, "/admin") {
-		t.Errorf("real /admin must still surface, got %v", sortedKeys(got))
-	}
-	for _, bogus := range []string{"/nope", "/bogus", "/missing"} {
-		if has(got, bogus) {
-			t.Errorf("reflecting soft-404 %s should be suppressed by -ac, got %v", bogus, sortedKeys(got))
-		}
-	}
-}
-
-func TestBaselinesFromProbes(t *testing.T) {
-	tests := []struct {
-		name   string
-		probes []responseMeta
-		want   []responseMeta
-	}{
-		{
-			name:   "stable catch-all keeps exact shape",
-			probes: []responseMeta{{status: 200, size: 63, words: 7}, {status: 200, size: 63, words: 7}},
-			want:   []responseMeta{{status: 200, size: 63, words: 7}},
-		},
-		{
-			name:   "reflecting catch-all collapses to words-tolerant",
-			probes: []responseMeta{{status: 200, size: 40, words: 4}, {status: 200, size: 48, words: 4}, {status: 200, size: 56, words: 4}},
-			want:   []responseMeta{{status: 200, size: anySize, words: 4}},
-		},
-		{
-			name:   "distinct shapes kept separately",
-			probes: []responseMeta{{status: 200, size: 40, words: 4}, {status: 301, size: 0, words: 0}},
-			want:   []responseMeta{{status: 200, size: 40, words: 4}, {status: 301, size: 0, words: 0}},
-		},
-		{
-			name:   "no probes yields no baseline",
-			probes: nil,
-			want:   []responseMeta{},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := baselinesFromProbes(tt.probes); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("baselinesFromProbes(%v) = %v, want %v", tt.probes, got, tt.want)
-			}
-		})
-	}
-}
-
-func TestMatchesBaseline_AnySize(t *testing.T) {
-	tolerant := responseMeta{status: 200, size: anySize, words: 4}
-	if !tolerant.matchesBaseline(responseMeta{status: 200, size: 999, words: 4}) {
-		t.Error("anySize baseline should match any size with the same status/words")
-	}
-	if tolerant.matchesBaseline(responseMeta{status: 200, size: 999, words: 5}) {
-		t.Error("anySize baseline must still discriminate on word count")
-	}
-	exact := responseMeta{status: 200, size: 42, words: 5}
-	if exact.matchesBaseline(responseMeta{status: 200, size: 43, words: 5}) {
-		t.Error("exact baseline should not match a different size")
-	}
-}
-
-func TestCalibrationSuffix_UniqueAndGrowing(t *testing.T) {
-	prev := -1
-	seen := make(map[string]struct{})
-	for i := 0; i < calibrationProbes; i++ {
-		s := calibrationSuffix(i)
-		if _, dup := seen[s]; dup {
-			t.Errorf("suffix %q repeats across probes", s)
-		}
-		seen[s] = struct{}{}
-		if len(s) <= prev {
-			t.Errorf("suffix %d %q length %d not greater than previous %d", i, s, len(s), prev)
-		}
-		prev = len(s)
-	}
-}
@@ -21,15 +21,15 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/dnsx"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/pool"
+	"github.com/dropalldatabases/sif/internal/dnsx"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/pool"
 )

 // dnsURL is a var so integration tests can repoint it at a fixture.
-var dnsURL = "https://raw.githubusercontent.com/vmfunc/sif-runtime/main/dnslist/"
+var dnsURL = "https://raw.githubusercontent.com/dropalldatabases/sif-runtime/main/dnslist/"

 // dnsTransport is a var so integration tests can route the per-host probes at a
 // local server instead of resolving real DNS. nil keeps http.DefaultTransport.
@@ -25,15 +25,15 @@ import (
 	"time"

 	"github.com/charmbracelet/log"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/pool"
 	googlesearch "github.com/rocketlaunchr/google-search"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/pool"
 )

 const (
-	dorkURL  = "https://raw.githubusercontent.com/vmfunc/sif-runtime/main/dork/"
+	dorkURL  = "https://raw.githubusercontent.com/dropalldatabases/sif-runtime/main/dork/"
 	dorkFile = "dork.txt"
 )

@@ -21,10 +21,10 @@ import (
 	"strings"
 	"time"

-	"github.com/vmfunc/sif/internal/fingerprint"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/fingerprint"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // FaviconResult is the computed shodan-style favicon hash plus the pivot query
@@ -1,68 +0,0 @@
-/*
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-:                                                                               :
-:   █▀ █ █▀▀   ·   Blazing-fast pentesting suite                                :
-:   ▄█ █ █▀    ·   BSD 3-Clause License                                         :
-:                                                                               :
-:   (c) 2022-2026 vmfunc, xyzeva,                                               :
-:                 lunchcat alumni & contributors                                :
-:                                                                               :
-·━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━·
-*/
-
-package scan
-
-import (
-	"path/filepath"
-	"strings"
-	"testing"
-
-	"github.com/vmfunc/sif/internal/modules"
-)
-
-// favicon demo modules must reference a hash from faviconHashes that names the
-// service in their filename, so a demo cannot drift from the scanner's map.
-func TestFaviconDemoModulesMatchCanonicalMap(t *testing.T) {
-	matches, err := filepath.Glob("../../modules/info/favicon-*.yaml")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(matches) == 0 {
-		t.Skip("no favicon demo modules present")
-	}
-
-	for _, path := range matches {
-		t.Run(filepath.Base(path), func(t *testing.T) {
-			def, err := modules.ParseYAMLModule(path)
-			if err != nil {
-				t.Fatalf("parse: %v", err)
-			}
-			if def.HTTP == nil {
-				t.Fatal("favicon demo is not an http module")
-			}
-
-			var hashes []int64
-			for _, m := range def.HTTP.Matchers {
-				if m.Type == "favicon" {
-					hashes = append(hashes, m.Hash...)
-				}
-			}
-			if len(hashes) == 0 {
-				t.Fatal("no favicon hash in module")
-			}
-
-			service := strings.TrimSuffix(strings.TrimPrefix(filepath.Base(path), "favicon-"), ".yaml")
-			for _, h := range hashes {
-				// hashes are range-checked at parse, so int32(h) is the canonical fold.
-				tech, ok := faviconHashes[int32(h)]
-				if !ok {
-					t.Errorf("hash %d is absent from faviconHashes; demo references a hash the scanner does not know", h)
-					continue
-				}
-				if !strings.Contains(strings.ToLower(tech), service) {
-					t.Errorf("hash %d maps to %q, but the file names service %q", h, tech, service)
-				}
-			}
-		})
-	}
-}
@@ -30,7 +30,7 @@ import (
 	"strings"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/output"
 	"gopkg.in/yaml.v3"
 )

@@ -22,9 +22,9 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // detectionThreshold is the minimum confidence for a detection to be reported.
@@ -18,9 +18,9 @@ import (
 	"testing"
 	"time"

-	"github.com/vmfunc/sif/internal/scan/frameworks"
+	"github.com/dropalldatabases/sif/internal/scan/frameworks"
 	// Import detectors to register them via init()
-	_ "github.com/vmfunc/sif/internal/scan/frameworks/detectors"
+	_ "github.com/dropalldatabases/sif/internal/scan/frameworks/detectors"
 )

 func TestExtractVersion_Laravel(t *testing.T) {
@@ -186,6 +186,9 @@ func TestDetectFramework_ASPNET(t *testing.T) {
 	}
 }

+// the dead "X-Powered-By: ASP.NET" signature only inflated the total weight
+// (containsHeader never builds a "name: value" string to match it against), so a
+// genuine asp.net response scored just under the threshold until it was removed.
 func TestDetectFramework_ASPNETPoweredByHeader(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("X-AspNetMvc-Version", "5.2")
@@ -465,6 +468,9 @@ func TestDetectFramework_AdonisJS(t *testing.T) {
 	}
 }

+// a cosmetics brand page that merely contains "adonis" in its markup (CSS
+// classes, asset paths, links) must not be fingerprinted as AdonisJS, as the
+// old bare "adonis" substring signature did.
 func TestDetectFramework_AdonisFalsePositive(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
@@ -522,6 +528,8 @@ func TestDetectFramework_Phoenix(t *testing.T) {
 	}
 }

+// a Phoenix, Arizona business page using "phx-" CSS class prefixes must not be
+// fingerprinted as the Phoenix framework, as the old bare "phx-" signature did.
 func TestDetectFramework_PhoenixFalsePositive(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
@@ -611,6 +619,7 @@ func TestDetectFramework_Ghost(t *testing.T) {
 	}
 }

+// ghost-button is a common generic CSS class and must not read as Ghost CMS.
 func TestDetectFramework_GhostButtonNoMatch(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
@@ -634,6 +643,8 @@ func TestDetectFramework_GhostButtonNoMatch(t *testing.T) {
 	}
 }

+// the /ghost/api/ path is the only Ghost marker left for pages without the
+// generator meta, so guard that it still detects on its own.
 func TestDetectFramework_GhostAPIPath(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
@@ -769,370 +780,3 @@ func TestDetectFramework_Htmx(t *testing.T) {
 		t.Errorf("expected version '1.9.10', got '%s'", result.Version)
 	}
 }
-
-func TestDetectFramework_GinFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Access-Control-Allow-Origin", "*")
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body>Welcome</body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Gin" {
-		t.Errorf("false positive: detected Gin (confidence %.2f) on a CORS header", result.Confidence)
-	}
-}
-
-func TestDetectFramework_Gin(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusNotFound)
-		w.Write([]byte(`404 page not found - powered by gin-gonic`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Name != "Gin" {
-		t.Errorf("expected framework 'Gin', got '%v'", result)
-	}
-}
-
-func TestDetectFramework_MeteorFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><p>a meteor shower lit the sky while
-		meteorology students tracked the meteorite.</p></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Meteor" {
-		t.Errorf("false positive: detected Meteor (confidence %.2f) on prose about meteors", result.Confidence)
-	}
-}
-
-func TestDetectFramework_Meteor(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><head>
-		<script>__meteor_runtime_config__ = JSON.parse(decodeURIComponent("%7B%7D"));</script>
-		</head><body><div id="app"></div></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Name != "Meteor" {
-		t.Errorf("expected framework 'Meteor', got '%v'", result)
-	}
-}
-
-func TestDetectFramework_BackboneFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><p>our team is the backbone of the
-		company, the backbone network that keeps everything running.</p></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Backbone.js" {
-		t.Errorf("false positive: detected Backbone.js (confidence %.2f) on prose about backbones", result.Confidence)
-	}
-}
-
-func TestDetectFramework_Backbone(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><head><script src="/js/backbone.js"></script></head>
-		<body><script>var AppView = Backbone.View.extend({});</script></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Name != "Backbone.js" {
-		t.Errorf("expected framework 'Backbone.js', got '%v'", result)
-	}
-}
-
-func TestDetectFramework_CakePHPFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><p>our cupcake and cheesecake recipes,
-		plus the best pancake stack in town.</p></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "CakePHP" {
-		t.Errorf("false positive: detected CakePHP (confidence %.2f) on prose about cakes", result.Confidence)
-	}
-}
-
-func TestDetectFramework_CakePHP(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Set-Cookie", "CAKEPHP=abc123; path=/")
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body>Home</body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Name != "CakePHP" {
-		t.Errorf("expected framework 'CakePHP', got '%v'", result)
-	}
-}
-
-func TestDetectFramework_SvelteFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><p>the model cut a svelte figure on
-		the runway.</p></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Svelte" {
-		t.Errorf("false positive: detected Svelte (confidence %.2f) on prose with 'svelte'", result.Confidence)
-	}
-}
-
-func TestDetectFramework_StrapiFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><script>fetch("/api/v1/users")</script></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Strapi" {
-		t.Errorf("false positive: detected Strapi (confidence %.2f) on a plain /api/ path", result.Confidence)
-	}
-}
-
-func TestDetectFramework_Strapi(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><div>powered by strapi</div></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Name != "Strapi" {
-		t.Errorf("expected framework 'Strapi', got '%v'", result)
-	}
-}
-
-func TestDetectFramework_Ember(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><head><title>Ember App</title></head>
-		<body class="ember-application"><div id="ember123" class="ember-view">Content</div>
-		<script src="/assets/vendor.js"></script></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil || result.Name != "Ember.js" {
-		t.Errorf("expected framework 'Ember.js', got '%v'", result)
-	}
-}
-
-func TestDetectFramework_EmberFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><head><title>Day of the Dead</title></head>
-		<body><p>a celebratory holiday to remember the dead; families remember departed
-		members every November and September.</p></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Ember.js" {
-		t.Errorf("false positive: detected Ember.js (confidence %.2f) on prose with 'remember'", result.Confidence)
-	}
-}
-
-func TestDetectFramework_Shopify(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Powered-By", "Shopify")
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`
-			<!DOCTYPE html>
-			<html>
-			<head><link rel="stylesheet" href="https://cdn.shopify.com/s/files/1/theme.css"></head>
-			<body>
-				<div id="shopify-section-header" class="shopify-section">Store</div>
-			</body>
-			</html>
-		`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil {
-		t.Fatal("expected result, got nil")
-	}
-	if result.Name != "Shopify" {
-		t.Errorf("expected framework 'Shopify', got '%s'", result.Name)
-	}
-}
-
-func TestDetectFramework_ShopifyFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`
-			<!DOCTYPE html>
-			<html>
-			<head><title>10 Best Shopify Alternatives in 2026</title></head>
-			<body>
-				<h1>Is Shopify Right For You?</h1>
-				<p>We compare Shopify with other e-commerce platforms.</p>
-			</body>
-			</html>
-		`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Shopify" {
-		t.Errorf("false positive: article mentioning Shopify detected as Shopify (%.2f)", result.Confidence)
-	}
-}
-
-func TestDetectFramework_SpringBoot(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusInternalServerError)
-		w.Write([]byte(`<html><body><h1>Whitelabel Error Page</h1>` +
-			`<p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p>` +
-			`<div>There was an unexpected error (type=Internal Server Error, status=500).</div>` +
-			`</body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil {
-		t.Fatal("expected result, got nil")
-	}
-	if result.Name != "Spring Boot" {
-		t.Errorf("expected framework 'Spring Boot', got '%s'", result.Name)
-	}
-}
-
-func TestDetectFramework_SpringBootFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`
-			<!DOCTYPE html>
-			<html>
-			<body>
-				<h1>Getting started with spring-boot</h1>
-				<p>Add spring-boot-starter-web to your pom.xml and run the app.</p>
-				<a href="https://spring.io/projects/spring-boot">spring.io</a>
-			</body>
-			</html>
-		`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "Spring Boot" {
-		t.Errorf("expected no Spring Boot match for prose mentioning it, got %.2f confidence", result.Confidence)
-	}
-}
-
-func TestDetectFramework_CodeIgniter(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Set-Cookie", "ci_session=a1b2c3d4e5; path=/; HttpOnly")
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`<!DOCTYPE html><html><body><h1>My Shop</h1></body></html>`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result == nil {
-		t.Fatal("expected result, got nil")
-	}
-	if result.Name != "CodeIgniter" {
-		t.Errorf("expected framework 'CodeIgniter', got '%s'", result.Name)
-	}
-}
-
-func TestDetectFramework_CodeIgniterFalsePositive(t *testing.T) {
-	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusOK)
-		w.Write([]byte(`
-			<!DOCTYPE html>
-			<html>
-			<body>
-				<h1>Best PHP frameworks in 2026</h1>
-				<p>Laravel and codeigniter both ship a router and an ORM.</p>
-				<a href="https://codeigniter.com">codeigniter.com</a>
-				<pre>composer create-project codeigniter4/appstarter</pre>
-			</body>
-			</html>
-		`))
-	}))
-	defer server.Close()
-
-	result, err := frameworks.DetectFramework(server.URL, 5*time.Second, "")
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if result != nil && result.Name == "CodeIgniter" {
-		t.Errorf("expected no CodeIgniter match for prose mentioning it, got %.2f confidence", result.Confidence)
-	}
-}
@@ -23,7 +23,7 @@ import (
 	"math"
 	"net/http"

-	fw "github.com/vmfunc/sif/internal/scan/frameworks"
+	fw "github.com/dropalldatabases/sif/internal/scan/frameworks"
 )

 func init() {
@@ -251,9 +251,9 @@ func (d *springBootDetector) Name() string { return "Spring Boot" }

 func (d *springBootDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
-		{Pattern: "Whitelabel Error Page", Weight: 0.5},
-		{Pattern: "This application has no explicit mapping for /error", Weight: 0.4},
-		{Pattern: "There was an unexpected error (type=", Weight: 0.3},
+		{Pattern: "spring-boot", Weight: 0.5},
+		{Pattern: "actuator", Weight: 0.3},
+		{Pattern: "whitelabel", Weight: 0.2},
 	}
 }

@@ -351,6 +351,7 @@ func (d *ginDetector) Name() string { return "Gin" }
 func (d *ginDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
 		{Pattern: "gin-gonic", Weight: 0.4},
+		{Pattern: "gin", Weight: 0.2, HeaderOnly: true},
 	}
 }

@@ -399,6 +400,7 @@ func (d *strapiDetector) Name() string { return "Strapi" }
 func (d *strapiDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
 		{Pattern: "strapi", Weight: 0.4},
+		{Pattern: "/api/", Weight: 0.2},
 	}
 }

@@ -445,7 +447,7 @@ func (d *cakephpDetector) Name() string { return "CakePHP" }
 func (d *cakephpDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
 		{Pattern: "cakephp", Weight: 0.4},
-		{Pattern: "CAKEPHP", Weight: 0.4, HeaderOnly: true},
+		{Pattern: "cake", Weight: 0.2},
 	}
 }

@@ -468,6 +470,7 @@ func (d *codeigniterDetector) Name() string { return "CodeIgniter" }

 func (d *codeigniterDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
+		{Pattern: "codeigniter", Weight: 0.4},
 		{Pattern: "ci_session", Weight: 0.4, HeaderOnly: true},
 	}
 }
@@ -22,7 +22,7 @@ package detectors
 import (
 	"net/http"

-	fw "github.com/vmfunc/sif/internal/scan/frameworks"
+	fw "github.com/dropalldatabases/sif/internal/scan/frameworks"
 )

 func init() {
@@ -147,7 +147,7 @@ func (d *shopifyDetector) Name() string { return "Shopify" }

 func (d *shopifyDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
-		{Pattern: "Shopify", Weight: 0.5, HeaderOnly: true},
+		{Pattern: "Shopify", Weight: 0.5},
 		{Pattern: "cdn.shopify.com", Weight: 0.4},
 		{Pattern: "shopify-section", Weight: 0.4},
 		{Pattern: "myshopify.com", Weight: 0.3},
@@ -22,7 +22,7 @@ package detectors
 import (
 	"net/http"

-	fw "github.com/vmfunc/sif/internal/scan/frameworks"
+	fw "github.com/dropalldatabases/sif/internal/scan/frameworks"
 )

 func init() {
@@ -129,9 +129,9 @@ func (d *svelteDetector) Name() string { return "Svelte" }

 func (d *svelteDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
+		{Pattern: "svelte", Weight: 0.4},
 		{Pattern: "__svelte", Weight: 0.5},
-		{Pattern: "svelte-", Weight: 0.4},
-		{Pattern: "svelte/internal", Weight: 0.4},
+		{Pattern: "svelte-", Weight: 0.3},
 	}
 }

@@ -154,12 +154,9 @@ func (d *emberDetector) Name() string { return "Ember.js" }

 func (d *emberDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
-		{Pattern: "ember-application", Weight: 0.5},
-		{Pattern: "ember-view", Weight: 0.4},
-		{Pattern: "ember.js", Weight: 0.4},
-		{Pattern: "ember.min.js", Weight: 0.4},
-		{Pattern: "ember-cli", Weight: 0.3},
-		{Pattern: `id="ember`, Weight: 0.4},
+		{Pattern: "ember", Weight: 0.4},
+		{Pattern: "ember-cli", Weight: 0.4},
+		{Pattern: "data-ember", Weight: 0.3},
 	}
 }

@@ -182,11 +179,8 @@ func (d *backboneDetector) Name() string { return "Backbone.js" }

 func (d *backboneDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
-		{Pattern: "Backbone.Model", Weight: 0.4},
-		{Pattern: "Backbone.View", Weight: 0.4},
-		{Pattern: "Backbone.Router", Weight: 0.4},
-		{Pattern: "backbone.js", Weight: 0.4},
-		{Pattern: "backbone-min.js", Weight: 0.4},
+		{Pattern: "backbone", Weight: 0.4},
+		{Pattern: "Backbone.", Weight: 0.4},
 	}
 }

@@ -237,9 +231,8 @@ func (d *meteorDetector) Name() string { return "Meteor" }

 func (d *meteorDetector) Signatures() []fw.Signature {
 	return []fw.Signature{
-		{Pattern: "__meteor_runtime_config__", Weight: 0.6},
-		{Pattern: "Meteor.startup", Weight: 0.3},
-		{Pattern: "/packages/meteor", Weight: 0.3},
+		{Pattern: "__meteor_runtime_config__", Weight: 0.5},
+		{Pattern: "meteor", Weight: 0.3},
 	}
 }

@@ -22,7 +22,7 @@ package detectors
 import (
 	"net/http"

-	fw "github.com/vmfunc/sif/internal/scan/frameworks"
+	fw "github.com/dropalldatabases/sif/internal/scan/frameworks"
 )

 func init() {
@@ -22,14 +22,14 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/pool"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/pool"
 )

 // gitURL is a var so integration tests can repoint it at a fixture.
-var gitURL = "https://raw.githubusercontent.com/vmfunc/sif-runtime/main/git/"
+var gitURL = "https://raw.githubusercontent.com/dropalldatabases/sif-runtime/main/git/"

 const gitFile = "git.txt"

@@ -17,9 +17,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 type HeaderResult struct {
@@ -181,7 +181,7 @@ func TestIntegrationSQL(t *testing.T) {
 	srv := newVulnApp()
 	defer srv.Close()

-	result, err := SQL(srv.URL, 5*time.Second, 5, "", false)
+	result, err := SQL(srv.URL, 5*time.Second, 5, "")
 	if err != nil {
 		t.Fatalf("SQL: %v", err)
 	}
@@ -30,8 +30,8 @@ import (
 	"regexp"
 	"strings"

+	"github.com/dropalldatabases/sif/internal/httpx"
 	urlutil "github.com/projectdiscovery/utils/url"
-	"github.com/vmfunc/sif/internal/httpx"
 )

 // nextPagesRegex matches JavaScript file references in Next.js build manifest.
@@ -22,10 +22,10 @@ import (

 	"github.com/antchfx/htmlquery"
 	charmlog "github.com/charmbracelet/log"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/scan/js/frameworks"
 	urlutil "github.com/projectdiscovery/utils/url"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/scan/js/frameworks"
 )

 type JavascriptScanResult struct {
@@ -30,7 +30,7 @@ import (
 	"time"

 	"github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/httpx"
 )

 // jwtRegex matches JWT tokens in JavaScript content.
@@ -27,9 +27,9 @@ import (
 	"strings"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // JWTResult collects every token discovered on the target plus the offline
@@ -24,9 +24,9 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // LFIResult represents the results of LFI reconnaissance
@@ -19,11 +19,11 @@ import (
 	"time"

 	"github.com/charmbracelet/log"
+	"github.com/dropalldatabases/sif/internal/nuclei/format"
+	"github.com/dropalldatabases/sif/internal/nuclei/templates"
+	sifoutput "github.com/dropalldatabases/sif/internal/output"
 	nuclei "github.com/projectdiscovery/nuclei/v3/lib"
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
-	"github.com/vmfunc/sif/internal/nuclei/format"
-	"github.com/vmfunc/sif/internal/nuclei/templates"
-	sifoutput "github.com/vmfunc/sif/internal/output"
 )

 func Nuclei(url string, timeout time.Duration, threads int, logdir string) ([]output.ResultEvent, error) {
@@ -24,9 +24,9 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 	"gopkg.in/yaml.v3"
 )

@@ -23,9 +23,9 @@ import (
 	"strings"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // source base urls are vars so tests can repoint them at local fixtures. they
@@ -23,14 +23,14 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/pool"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/pool"
 )

 // commonPorts is a var so integration tests can repoint it at a fixture.
-var commonPorts = "https://raw.githubusercontent.com/vmfunc/sif-runtime/main/ports/top-ports.txt"
+var commonPorts = "https://raw.githubusercontent.com/dropalldatabases/sif-runtime/main/ports/top-ports.txt"

 func Ports(ctx context.Context, scope string, url string, timeout time.Duration, threads int, logdir string) ([]string, error) {
 	log := output.Module("PORTS")
@@ -21,9 +21,9 @@ import (
 	"strings"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // ProbeResult is the httpx-style liveness snapshot for one target: did it answer,
@@ -24,9 +24,9 @@ import (
 	"time"

 	charmlog "github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 // RedirectResult collects every open-redirect found on the target.
@@ -26,10 +26,10 @@ import (
 	"time"

 	"github.com/charmbracelet/log"
-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
-	"github.com/vmfunc/sif/internal/pool"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/pool"
 )

 // stripScheme drops the scheme:// prefix from url, or returns it unchanged when
@@ -19,9 +19,9 @@ import (
 	"strings"
 	"time"

-	"github.com/vmfunc/sif/internal/httpx"
-	"github.com/vmfunc/sif/internal/logger"
-	"github.com/vmfunc/sif/internal/output"
+	"github.com/dropalldatabases/sif/internal/httpx"
+	"github.com/dropalldatabases/sif/internal/logger"
+	"github.com/dropalldatabases/sif/internal/output"
 )

 type SecurityHeaderResult struct {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
celeste	009eb02341	"Claude Code Review workflow"	2026-06-22 18:37:42 -07:00
celeste	ae4a1545b4	"Claude PR Assistant workflow"	2026-06-22 18:37:41 -07:00