v1.2.0: Recon Tools
🛰️ Recon Tools: a new offline recon crafters tab
A new Recon Tools module (#/recon) with three offline crafters that only ASSEMBLE what you run yourself (the app never touches the network):
- Wayback CDX query builder: match types, extension filters and presets, plus copy-paste post-processing recipes (gau/waybackurls harvest,
urodedup,gfclassification,id_deleted-file recovery, PDF secret scan). - IDN homograph generator: 0-click account takeover via punycode email. Crafts domain-part and username-part look-alikes with the on-the-wire form and the full attack workflow, plus a defensive analyzer that decodes
xn--and flags confusable characters. - Dork builder: 20 Google dork categories + GitHub code-search + Shodan pivots, with a multi-engine Open and a custom builder.
Bilingual RU/EN, standard Copy buttons, wrapped in the shared lab container. Content researched and verified (CDX semantics against the wayback CDX source; confusable code points and xn-- examples against Python unicodedata/punycode; dork operators against each engine's current docs).
Also since v1.1.0
- Localized the Copy / Copied confirmation (RU/EN).
- Large deep-audit and content-correctness pass: ranker overhaul, ~60 payload / checklist / chain fixes, reverse-shell byte-encoding, DNS-rebinding guard, payload-shaped CVE additions.
All gates green: tsc, vitest 18/18, server and static builds. The live demo auto-redeploys to GitHub Pages.