*: Initial commit

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://www.buymeacoffee.com/enenumxela']

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,20 @@
+---
+name: Bug Report
+about: Create a report to help us improve
+title: "[BUG]"
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is. Include the version of sigurlfinder you are using.
+
+**Steps To Reproduce**
+Steps to reproduce the behavior: e.g. The complete command you used.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,20 @@
+---
+name: Feature Request
+about: Suggest an idea for this project
+title: "[REQUEST]"
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/build.yml

@@ -0,0 +1,27 @@
+name: build
+
+on:
+    push:
+        branches:
+            - main
+    pull_request:
+
+jobs:
+    build:
+        name: build
+        runs-on: ubuntu-latest
+        steps:
+            -
+                name: Set up Go
+                uses: actions/setup-go@v2
+                with:
+                        go-version: 1.15
+
+            -
+                name: Check out code
+                uses: actions/checkout@v2
+
+            -
+                name: Build
+                run: go build .
+                working-directory: cmd/sigurlfind3r/

.github/workflows/release.yml

@@ -0,0 +1,42 @@
+name: release
+
+on:
+    create:
+        tags:
+            - v*
+
+jobs:
+    release:
+        name: release
+        runs-on: ubuntu-latest
+        steps:
+            - 
+                name: Set up Go
+                uses: actions/setup-go@v2
+                with:
+                    go-version: 1.15
+
+            -
+                name: "Check out code"
+                uses: actions/checkout@v2
+                with:
+                    fetch-depth: 0
+
+            -
+                name: Get dependencies 
+                run: |
+                    go get -v -t -d ./...
+                    if [ -f Gopkg.toml ]; then
+                        curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
+                        dep ensure
+                    fi
+
+            -
+                name: "Create release on GitHub"
+                uses: goreleaser/goreleaser-action@v2
+                env:
+                    GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+                with:
+                    args: "release --rm-dist"
+                    version: latest
+                    workdir: ./

.gitignore

@@ -0,0 +1,7 @@
+# Executable
+
+cmd/sigurlfind3r/sigurlfind3r
+
+# Notes
+
+notes.txt

.goreleaser.yaml

@@ -0,0 +1,28 @@
+before:
+  hooks:
+    - go mod tidy
+
+builds:
+    -
+        binary: sigurlfind3r
+        main: cmd/sigurlfind3r/main.go
+        goos:
+            - linux
+            - windows
+            - darwin
+        goarch:
+            - amd64
+            - 386
+            - arm
+            - arm64
+
+archives:
+    -
+        id: tgz
+        format: tar.gz
+        replacements:
+            darwin: macOS
+        format_overrides:
+            -
+                goos: windows
+                format: zip

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Signed Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,82 @@
+# sigurlfind3r
+
+[![release](https://img.shields.io/github/release/signedsecurity/sigurlfind3r?style=flat&color=0040ff)](https://github.com/signedsecurity/sigurlfind3r/releases) ![maintenance](https://img.shields.io/badge/maintained%3F-yes-0040ff.svg) [![open issues](https://img.shields.io/github/issues-raw/signedsecurity/sigurlfind3r.svg?style=flat&color=0040ff)](https://github.com/signedsecurity/sigurlfind3r/issues?q=is:issue+is:open) [![closed issues](https://img.shields.io/github/issues-closed-raw/signedsecurity/sigurlfind3r.svg?style=flat&color=0040ff)](https://github.com/signedsecurity/sigurlfind3r/issues?q=is:issue+is:closed) [![license](https://img.shields.io/badge/license-MIT-gray.svg?colorB=0040FF)](https://github.com/signedsecurity/sigurlfind3r/blob/master/LICENSE) [![twitter](https://img.shields.io/badge/twitter-@signedsecurity-0040ff.svg)](https://twitter.com/signedsecurity)
+
+sigurlfind3r is a reconnaissance tool, it fetches URLs from **AlienVault's OTX**, **Common Crawl**, **URLScan**, **Github** and the **Wayback Machine**.
+
+**DiSCLAIMER:** fetching urls from github is a bit slow.
+
+## Usage
+
+To display help message for sigurlfind3r use the `-h` flag:
+
+```
+$ sigurlfind3r -h
+
+     _                  _  __ _           _
+ ___(_) __ _ _   _ _ __| |/ _(_)_ __   __| | ___ _ __
+/ __| |/ _` | | | | '__| | |_| | '_ \ / _` |/ _ \ '__|
+\__ \ | (_| | |_| | |  | |  _| | | | | (_| |  __/ |
+|___/_|\__, |\__,_|_|  |_|_| |_|_| |_|\__,_|\___|_| v1.0.0
+       |___/
+
+USAGE:
+  sigurlfinder [OPTIONS]
+
+OPTIONS:
+  -d,  --domain            domain to fetch urls for
+  -es, --exclude-sources   comma(,) separated list of sources to exclude
+  -is, --include-subs      include subdomains' urls
+  -ls, --list-sources      list all the available sources
+  -nc, --no-color          no color mode
+  -s,  --silent            silent mode: output urls only
+  -us, --use-sources       comma(,) separated list of sources to use
+
+```
+
+## Installation
+
+#### From Binary
+
+You can download the pre-built binary for your platform from this repository's [releases](https://github.com/signedsecurity/sigurlfind3r/releases/) page, extract, then move it to your `$PATH`and you're ready to go.
+
+#### From Source
+
+sigurlfind3r requires **go1.14+** to install successfully. Run the following command to get the repo
+
+```bash
+▶ GO111MODULE=on go get -u -v github.com/signedsecurity/sigurlfind3r/cmd/sigurlfind3r
+```
+
+#### From Github
+
+```bash
+▶ git clone https://github.com/signedsecurity/sigurlfind3r.git
+▶ cd sigurlfind3r/cmd/sigurlfind3r/
+▶ go build; mv sigurlfind3r /usr/local/bin/
+▶ sigurlfind3r -h
+```
+
+## Post Installation
+
+sigurlfind3r will work after [installation](#installation). However, to configure sigurlfind3r to work with certain services - currently github - you will need to have setup API keys. The API keys are stored in the `$HOME/.config/sigurlfind3r/conf.yaml` file - created upon first run - and uses the YAML format. Multiple API keys can be specified for each of these services.
+
+Example:
+
+```yaml
+version: 1.3.1
+sources:
+    - commoncrawl
+    - github
+    - otx
+    - urlscan
+    - wayback
+keys:
+    github:
+        - d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
+        - asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39
+```
+
+## Contribution
+
+[Issues](https://github.com/signedsecurity/sigurlfind3r/issues) and [Pull Requests](https://github.com/signedsecurity/sigurlfind3r/pulls) are welcome!

cmd/sigurlfind3r/main.go

@@ -0,0 +1,137 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"reflect"
+	"strconv"
+	"strings"
+
+	"github.com/logrusorgru/aurora/v3"
+	"github.com/signedsecurity/sigurlfind3r/pkg/runner"
+)
+
+type options struct {
+	sourcesList bool
+	noColor     bool
+	silent      bool
+}
+
+var (
+	co options
+	au aurora.Aurora
+	so runner.Options
+)
+
+func banner() {
+	fmt.Fprintln(os.Stderr, aurora.BrightBlue(`
+     _                  _  __ _           _
+ ___(_) __ _ _   _ _ __| |/ _(_)_ __   __| | ___ _ __
+/ __| |/ _`+"`"+` | | | | '__| | |_| | '_ \ / _`+"`"+` |/ _ \ '__|
+\__ \ | (_| | |_| | |  | |  _| | | | | (_| |  __/ |
+|___/_|\__, |\__,_|_|  |_|_| |_|_| |_|\__,_|\___|_| v1.0.0
+       |___/
+`).Bold())
+}
+
+func init() {
+	flag.StringVar(&so.Domain, "d", "", "")
+	flag.StringVar(&so.Domain, "domain", "", "")
+	flag.StringVar(&so.SourcesExclude, "es", "", "")
+	flag.StringVar(&so.SourcesExclude, "exclude-sources", "", "")
+	flag.BoolVar(&so.IncludeSubs, "is", false, "")
+	flag.BoolVar(&so.IncludeSubs, "include-subs", false, "")
+	flag.BoolVar(&co.sourcesList, "ls", false, "")
+	flag.BoolVar(&co.sourcesList, "list-sources", false, "")
+	flag.BoolVar(&co.noColor, "ns", false, "")
+	flag.BoolVar(&co.noColor, "no-color", false, "")
+	flag.BoolVar(&co.silent, "s", false, "")
+	flag.BoolVar(&co.silent, "silent", false, "")
+	flag.StringVar(&so.SourcesUse, "us", "", "")
+	flag.StringVar(&so.SourcesUse, "use-sources", "", "")
+
+	flag.Usage = func() {
+		banner()
+
+		h := "USAGE:\n"
+		h += "  sigurlfinder [OPTIONS]\n"
+
+		h += "\nOPTIONS:\n"
+		h += "  -d,  --domain            domain to fetch urls for\n"
+		h += "  -es, --exclude-sources   comma(,) separated list of sources to exclude\n"
+		h += "  -is, --include-subs      include subdomains' urls\n"
+		h += "  -ls, --list-sources      list all the available sources\n"
+		h += "  -nc, --no-color          no color mode\n"
+		h += "  -s,  --silent            silent mode: output urls only\n"
+		h += "  -us, --use-sources       comma(,) separated list of sources to use\n\n"
+
+		fmt.Fprintf(os.Stderr, h)
+	}
+
+	flag.Parse()
+
+	au = aurora.NewAurora(!co.noColor)
+}
+
+func main() {
+	options, err := runner.ParseOptions(&so)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	if !co.silent {
+		banner()
+	}
+
+	if co.sourcesList {
+		fmt.Println("[", au.BrightBlue("INF"), "] current list of the available", au.Underline(strconv.Itoa(len(options.YAMLConfig.Sources))+" sources").Bold())
+		fmt.Println("[", au.BrightBlue("INF"), "] sources marked with an * needs key or token")
+		fmt.Println("")
+
+		keys := options.YAMLConfig.GetKeys()
+		needsKey := make(map[string]interface{})
+		keysElem := reflect.ValueOf(&keys).Elem()
+
+		for i := 0; i < keysElem.NumField(); i++ {
+			needsKey[strings.ToLower(keysElem.Type().Field(i).Name)] = keysElem.Field(i).Interface()
+		}
+
+		for _, source := range options.YAMLConfig.Sources {
+			if _, ok := needsKey[source]; ok {
+				fmt.Println(">", source, "*")
+			} else {
+				fmt.Println(">", source)
+			}
+		}
+
+		fmt.Println("")
+		os.Exit(0)
+	}
+
+	if !co.silent {
+		fmt.Println("[", au.BrightBlue("INF"), "] fetching urls for", au.Underline(options.Domain).Bold())
+
+		if options.IncludeSubs {
+			fmt.Println("[", au.BrightBlue("INF"), "] -iS used: includes subdomains' urls")
+		}
+
+		fmt.Println("")
+	}
+
+	runner := runner.New(options)
+
+	URLs, err := runner.Run()
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	for URL := range URLs {
+		if co.silent {
+			fmt.Println(URL.Value)
+		} else {
+			fmt.Println(fmt.Sprintf("[%s] %s", au.BrightBlue(URL.Source), URL.Value))
+		}
+	}
+}