Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit dc8f1ae
Showing
25 changed files
with
1,387 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
custom: ['https://www.buymeacoffee.com/enenumxela'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
name: Bug Report | ||
about: Create a report to help us improve | ||
title: "[BUG]" | ||
labels: bug | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Describe the bug** | ||
A clear and concise description of what the bug is. Include the version of sigurlfinder you are using. | ||
|
||
**Steps To Reproduce** | ||
Steps to reproduce the behavior: e.g. The complete command you used. | ||
|
||
**Screenshots** | ||
If applicable, add screenshots to help explain your problem. | ||
|
||
**Additional context** | ||
Add any other context about the problem here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
name: Feature Request | ||
about: Suggest an idea for this project | ||
title: "[REQUEST]" | ||
labels: enhancement | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Is your feature request related to a problem? Please describe.** | ||
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] | ||
|
||
**Describe the solution you'd like** | ||
A clear and concise description of what you want to happen. | ||
|
||
**Describe alternatives you've considered** | ||
A clear and concise description of any alternative solutions or features you've considered. | ||
|
||
**Additional context** | ||
Add any other context or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: build | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
|
||
jobs: | ||
build: | ||
name: build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
name: Set up Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.15 | ||
|
||
- | ||
name: Check out code | ||
uses: actions/checkout@v2 | ||
|
||
- | ||
name: Build | ||
run: go build . | ||
working-directory: cmd/sigurlfind3r/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
name: release | ||
|
||
on: | ||
create: | ||
tags: | ||
- v* | ||
|
||
jobs: | ||
release: | ||
name: release | ||
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
name: Set up Go | ||
uses: actions/setup-go@v2 | ||
with: | ||
go-version: 1.15 | ||
|
||
- | ||
name: "Check out code" | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- | ||
name: Get dependencies | ||
run: | | ||
go get -v -t -d ./... | ||
if [ -f Gopkg.toml ]; then | ||
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh | ||
dep ensure | ||
fi | ||
- | ||
name: "Create release on GitHub" | ||
uses: goreleaser/goreleaser-action@v2 | ||
env: | ||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
with: | ||
args: "release --rm-dist" | ||
version: latest | ||
workdir: ./ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Executable | ||
|
||
cmd/sigurlfind3r/sigurlfind3r | ||
|
||
# Notes | ||
|
||
notes.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
before: | ||
hooks: | ||
- go mod tidy | ||
|
||
builds: | ||
- | ||
binary: sigurlfind3r | ||
main: cmd/sigurlfind3r/main.go | ||
goos: | ||
- linux | ||
- windows | ||
- darwin | ||
goarch: | ||
- amd64 | ||
- 386 | ||
- arm | ||
- arm64 | ||
|
||
archives: | ||
- | ||
id: tgz | ||
format: tar.gz | ||
replacements: | ||
darwin: macOS | ||
format_overrides: | ||
- | ||
goos: windows | ||
format: zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2021 Signed Security | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
# sigurlfind3r | ||
|
||
[![release](https://img.shields.io/github/release/signedsecurity/sigurlfind3r?style=flat&color=0040ff)](https://github.com/signedsecurity/sigurlfind3r/releases) ![maintenance](https://img.shields.io/badge/maintained%3F-yes-0040ff.svg) [![open issues](https://img.shields.io/github/issues-raw/signedsecurity/sigurlfind3r.svg?style=flat&color=0040ff)](https://github.com/signedsecurity/sigurlfind3r/issues?q=is:issue+is:open) [![closed issues](https://img.shields.io/github/issues-closed-raw/signedsecurity/sigurlfind3r.svg?style=flat&color=0040ff)](https://github.com/signedsecurity/sigurlfind3r/issues?q=is:issue+is:closed) [![license](https://img.shields.io/badge/license-MIT-gray.svg?colorB=0040FF)](https://github.com/signedsecurity/sigurlfind3r/blob/master/LICENSE) [![twitter](https://img.shields.io/badge/twitter-@signedsecurity-0040ff.svg)](https://twitter.com/signedsecurity) | ||
|
||
sigurlfind3r is a reconnaissance tool, it fetches URLs from **AlienVault's OTX**, **Common Crawl**, **URLScan**, **Github** and the **Wayback Machine**. | ||
|
||
**DiSCLAIMER:** fetching urls from github is a bit slow. | ||
|
||
## Usage | ||
|
||
To display help message for sigurlfind3r use the `-h` flag: | ||
|
||
``` | ||
$ sigurlfind3r -h | ||
_ _ __ _ _ | ||
___(_) __ _ _ _ _ __| |/ _(_)_ __ __| | ___ _ __ | ||
/ __| |/ _` | | | | '__| | |_| | '_ \ / _` |/ _ \ '__| | ||
\__ \ | (_| | |_| | | | | _| | | | | (_| | __/ | | ||
|___/_|\__, |\__,_|_| |_|_| |_|_| |_|\__,_|\___|_| v1.0.0 | ||
|___/ | ||
USAGE: | ||
sigurlfinder [OPTIONS] | ||
OPTIONS: | ||
-d, --domain domain to fetch urls for | ||
-es, --exclude-sources comma(,) separated list of sources to exclude | ||
-is, --include-subs include subdomains' urls | ||
-ls, --list-sources list all the available sources | ||
-nc, --no-color no color mode | ||
-s, --silent silent mode: output urls only | ||
-us, --use-sources comma(,) separated list of sources to use | ||
``` | ||
|
||
## Installation | ||
|
||
#### From Binary | ||
|
||
You can download the pre-built binary for your platform from this repository's [releases](https://github.com/signedsecurity/sigurlfind3r/releases/) page, extract, then move it to your `$PATH`and you're ready to go. | ||
|
||
#### From Source | ||
|
||
sigurlfind3r requires **go1.14+** to install successfully. Run the following command to get the repo | ||
|
||
```bash | ||
▶ GO111MODULE=on go get -u -v github.com/signedsecurity/sigurlfind3r/cmd/sigurlfind3r | ||
``` | ||
|
||
#### From Github | ||
|
||
```bash | ||
▶ git clone https://github.com/signedsecurity/sigurlfind3r.git | ||
▶ cd sigurlfind3r/cmd/sigurlfind3r/ | ||
▶ go build; mv sigurlfind3r /usr/local/bin/ | ||
▶ sigurlfind3r -h | ||
``` | ||
|
||
## Post Installation | ||
|
||
sigurlfind3r will work after [installation](#installation). However, to configure sigurlfind3r to work with certain services - currently github - you will need to have setup API keys. The API keys are stored in the `$HOME/.config/sigurlfind3r/conf.yaml` file - created upon first run - and uses the YAML format. Multiple API keys can be specified for each of these services. | ||
|
||
Example: | ||
|
||
```yaml | ||
version: 1.3.1 | ||
sources: | ||
- commoncrawl | ||
- github | ||
- otx | ||
- urlscan | ||
- wayback | ||
keys: | ||
github: | ||
- d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39 | ||
- asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39 | ||
``` | ||
|
||
## Contribution | ||
|
||
[Issues](https://github.com/signedsecurity/sigurlfind3r/issues) and [Pull Requests](https://github.com/signedsecurity/sigurlfind3r/pulls) are welcome! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
package main | ||
|
||
import ( | ||
"flag" | ||
"fmt" | ||
"log" | ||
"os" | ||
"reflect" | ||
"strconv" | ||
"strings" | ||
|
||
"github.com/logrusorgru/aurora/v3" | ||
"github.com/signedsecurity/sigurlfind3r/pkg/runner" | ||
) | ||
|
||
type options struct { | ||
sourcesList bool | ||
noColor bool | ||
silent bool | ||
} | ||
|
||
var ( | ||
co options | ||
au aurora.Aurora | ||
so runner.Options | ||
) | ||
|
||
func banner() { | ||
fmt.Fprintln(os.Stderr, aurora.BrightBlue(` | ||
_ _ __ _ _ | ||
___(_) __ _ _ _ _ __| |/ _(_)_ __ __| | ___ _ __ | ||
/ __| |/ _`+"`"+` | | | | '__| | |_| | '_ \ / _`+"`"+` |/ _ \ '__| | ||
\__ \ | (_| | |_| | | | | _| | | | | (_| | __/ | | ||
|___/_|\__, |\__,_|_| |_|_| |_|_| |_|\__,_|\___|_| v1.0.0 | ||
|___/ | ||
`).Bold()) | ||
} | ||
|
||
func init() { | ||
flag.StringVar(&so.Domain, "d", "", "") | ||
flag.StringVar(&so.Domain, "domain", "", "") | ||
flag.StringVar(&so.SourcesExclude, "es", "", "") | ||
flag.StringVar(&so.SourcesExclude, "exclude-sources", "", "") | ||
flag.BoolVar(&so.IncludeSubs, "is", false, "") | ||
flag.BoolVar(&so.IncludeSubs, "include-subs", false, "") | ||
flag.BoolVar(&co.sourcesList, "ls", false, "") | ||
flag.BoolVar(&co.sourcesList, "list-sources", false, "") | ||
flag.BoolVar(&co.noColor, "ns", false, "") | ||
flag.BoolVar(&co.noColor, "no-color", false, "") | ||
flag.BoolVar(&co.silent, "s", false, "") | ||
flag.BoolVar(&co.silent, "silent", false, "") | ||
flag.StringVar(&so.SourcesUse, "us", "", "") | ||
flag.StringVar(&so.SourcesUse, "use-sources", "", "") | ||
|
||
flag.Usage = func() { | ||
banner() | ||
|
||
h := "USAGE:\n" | ||
h += " sigurlfinder [OPTIONS]\n" | ||
|
||
h += "\nOPTIONS:\n" | ||
h += " -d, --domain domain to fetch urls for\n" | ||
h += " -es, --exclude-sources comma(,) separated list of sources to exclude\n" | ||
h += " -is, --include-subs include subdomains' urls\n" | ||
h += " -ls, --list-sources list all the available sources\n" | ||
h += " -nc, --no-color no color mode\n" | ||
h += " -s, --silent silent mode: output urls only\n" | ||
h += " -us, --use-sources comma(,) separated list of sources to use\n\n" | ||
|
||
fmt.Fprintf(os.Stderr, h) | ||
} | ||
|
||
flag.Parse() | ||
|
||
au = aurora.NewAurora(!co.noColor) | ||
} | ||
|
||
func main() { | ||
options, err := runner.ParseOptions(&so) | ||
if err != nil { | ||
log.Fatalln(err) | ||
} | ||
|
||
if !co.silent { | ||
banner() | ||
} | ||
|
||
if co.sourcesList { | ||
fmt.Println("[", au.BrightBlue("INF"), "] current list of the available", au.Underline(strconv.Itoa(len(options.YAMLConfig.Sources))+" sources").Bold()) | ||
fmt.Println("[", au.BrightBlue("INF"), "] sources marked with an * needs key or token") | ||
fmt.Println("") | ||
|
||
keys := options.YAMLConfig.GetKeys() | ||
needsKey := make(map[string]interface{}) | ||
keysElem := reflect.ValueOf(&keys).Elem() | ||
|
||
for i := 0; i < keysElem.NumField(); i++ { | ||
needsKey[strings.ToLower(keysElem.Type().Field(i).Name)] = keysElem.Field(i).Interface() | ||
} | ||
|
||
for _, source := range options.YAMLConfig.Sources { | ||
if _, ok := needsKey[source]; ok { | ||
fmt.Println(">", source, "*") | ||
} else { | ||
fmt.Println(">", source) | ||
} | ||
} | ||
|
||
fmt.Println("") | ||
os.Exit(0) | ||
} | ||
|
||
if !co.silent { | ||
fmt.Println("[", au.BrightBlue("INF"), "] fetching urls for", au.Underline(options.Domain).Bold()) | ||
|
||
if options.IncludeSubs { | ||
fmt.Println("[", au.BrightBlue("INF"), "] -iS used: includes subdomains' urls") | ||
} | ||
|
||
fmt.Println("") | ||
} | ||
|
||
runner := runner.New(options) | ||
|
||
URLs, err := runner.Run() | ||
if err != nil { | ||
log.Fatalln(err) | ||
} | ||
|
||
for URL := range URLs { | ||
if co.silent { | ||
fmt.Println(URL.Value) | ||
} else { | ||
fmt.Println(fmt.Sprintf("[%s] %s", au.BrightBlue(URL.Source), URL.Value)) | ||
} | ||
} | ||
} |
Oops, something went wrong.