mirror of
https://github.com/Vyntral/god-eye.git
synced 2026-05-18 06:14:58 +02:00
Vyntral
3a4c230aa7
Complete architectural overhaul. Replaces the v0.1 monolithic scanner with an event-driven pipeline of auto-registered modules. Foundation (internal/): - eventbus: typed pub/sub, 20 event types, race-safe, drop counter - module: registry with phase-based selection - store: thread-safe host store with per-host locks + deep-copy reads - pipeline: coordinator with phase barriers + panic recovery - config: 5 scan profiles + 3 AI tiers + YAML loader + auto-discovery Modules (26 auto-registered across 6 phases): - Discovery: passive (26 sources), bruteforce, recursive, AXFR, GitHub dorks, CT streaming, permutation, reverse DNS, vhost, ASN, supply chain (npm + PyPI) - Enrichment: HTTP probe + tech fingerprint + TLS appliance ID, ports - Analysis: security checks, takeover (110+ sigs), cloud, JavaScript, GraphQL, JWT, headers (OWASP), HTTP smuggling, AI cascade, Nuclei - Reporting: TXT/JSON/CSV writer + AI scan brief AI layer (internal/ai/ + internal/modules/ai/): - Three profiles: lean (16 GB), balanced (32 GB MoE), heavy (64 GB) - Six event-driven handlers: CVE, JS file, HTTP response, secret filter, multi-agent vuln enrichment, anomaly + executive report - Content-hash cache dedups Ollama calls across hosts - Auto-pull of missing models via /api/pull with streaming progress - End-of-scan AI SCAN BRIEF in terminal with top chains + next actions Nuclei compat layer (internal/nucleitpl/): - Executes ~13k community templates (HTTP subset) - Auto-download of nuclei-templates ZIP to ~/.god-eye/nuclei-templates - Scope filter rejects off-host templates (eliminates OSINT FPs) Operations: - Interactive wizard (internal/wizard/) — zero-flag launch - LivePrinter (internal/tui/) — colorized event stream - Diff engine + scheduler (internal/diff, internal/scheduler) for continuous ASM monitoring with webhook alerts - Proxy support (internal/proxyconf/): http / https / socks5 / socks5h + basic auth Fixes #1 — native SOCKS5 / Tor compatibility via --proxy flag. 185 unit tests across 15 packages, all race-detector clean.
211 lines
5.2 KiB
Go
211 lines
5.2 KiB
Go
package sources
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net"
|
|
"net/http"
|
|
"regexp"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"god-eye/internal/proxyconf"
|
|
)
|
|
|
|
// Shared HTTP clients - singleton pattern
|
|
var (
|
|
clientOnce sync.Once
|
|
|
|
// Fast client for quick API calls (10s timeout)
|
|
FastClient *http.Client
|
|
|
|
// Standard client for most sources (15s timeout)
|
|
StandardClient *http.Client
|
|
|
|
// Slow client for heavy sources like crt.sh (120s timeout)
|
|
SlowClient *http.Client
|
|
|
|
// Shared transport for connection pooling
|
|
sharedTransport *http.Transport
|
|
)
|
|
|
|
// Pre-compiled regex patterns - compiled once at init
|
|
var (
|
|
// Generic subdomain pattern
|
|
SubdomainRegex *regexp.Regexp
|
|
|
|
// Email pattern (for extracting domains from emails)
|
|
EmailDomainRegex *regexp.Regexp
|
|
|
|
// URL pattern
|
|
URLDomainRegex *regexp.Regexp
|
|
|
|
// Common patterns used by multiple sources
|
|
JSONSubdomainRegex *regexp.Regexp
|
|
|
|
// Pattern for cleaning wildcard prefixes
|
|
WildcardPrefixRegex *regexp.Regexp
|
|
)
|
|
|
|
func init() {
|
|
initClients()
|
|
initRegex()
|
|
}
|
|
|
|
// SetProxy configures outbound proxy for every shared HTTP client used
|
|
// by passive sources. Must be called BEFORE any Fetch* source function
|
|
// runs (init runs on package import, so main.go calls this after flag
|
|
// parsing but before pipeline start, which triggers a re-init via
|
|
// ReinitClients).
|
|
func SetProxy(u string) error {
|
|
if err := proxyconf.Validate(u); err != nil {
|
|
return err
|
|
}
|
|
proxyMu.Lock()
|
|
proxyURL = u
|
|
proxyMu.Unlock()
|
|
// Rebuild transports to pick up the new proxy.
|
|
reinitClients()
|
|
return nil
|
|
}
|
|
|
|
var (
|
|
proxyURL string
|
|
proxyMu sync.RWMutex
|
|
)
|
|
|
|
// reinitClients rebuilds the shared transport and clients. Safe to call
|
|
// multiple times; in practice only called from SetProxy after startup.
|
|
func reinitClients() {
|
|
proxyMu.RLock()
|
|
cfgProxy := proxyURL
|
|
proxyMu.RUnlock()
|
|
|
|
baseDialer := &net.Dialer{
|
|
Timeout: 10 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
}
|
|
dialCtx, err := proxyconf.BuildDialer(cfgProxy, baseDialer)
|
|
if err != nil {
|
|
dialCtx = baseDialer.DialContext
|
|
}
|
|
proxyFunc, _ := proxyconf.BuildProxyFunc(cfgProxy)
|
|
|
|
sharedTransport = &http.Transport{
|
|
DialContext: dialCtx,
|
|
Proxy: proxyFunc,
|
|
MaxIdleConns: 100,
|
|
MaxIdleConnsPerHost: 10,
|
|
MaxConnsPerHost: 20,
|
|
IdleConnTimeout: 90 * time.Second,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
TLSClientConfig: &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
},
|
|
ForceAttemptHTTP2: true,
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
}
|
|
|
|
FastClient = &http.Client{Transport: sharedTransport, Timeout: 10 * time.Second}
|
|
StandardClient = &http.Client{Transport: sharedTransport, Timeout: 15 * time.Second}
|
|
SlowClient = &http.Client{Transport: sharedTransport, Timeout: 120 * time.Second}
|
|
}
|
|
|
|
func initClients() {
|
|
clientOnce.Do(func() {
|
|
// Shared transport with connection pooling
|
|
sharedTransport = &http.Transport{
|
|
DialContext: (&net.Dialer{
|
|
Timeout: 10 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
}).DialContext,
|
|
MaxIdleConns: 100,
|
|
MaxIdleConnsPerHost: 10,
|
|
MaxConnsPerHost: 20,
|
|
IdleConnTimeout: 90 * time.Second,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
TLSClientConfig: &tls.Config{
|
|
MinVersion: tls.VersionTLS12,
|
|
},
|
|
ForceAttemptHTTP2: true,
|
|
ExpectContinueTimeout: 1 * time.Second,
|
|
}
|
|
|
|
FastClient = &http.Client{
|
|
Transport: sharedTransport,
|
|
Timeout: 10 * time.Second,
|
|
}
|
|
|
|
StandardClient = &http.Client{
|
|
Transport: sharedTransport,
|
|
Timeout: 15 * time.Second,
|
|
}
|
|
|
|
SlowClient = &http.Client{
|
|
Transport: sharedTransport,
|
|
Timeout: 120 * time.Second,
|
|
}
|
|
})
|
|
}
|
|
|
|
func initRegex() {
|
|
// Generic subdomain extraction pattern
|
|
SubdomainRegex = regexp.MustCompile(`(?i)([a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?\.)+[a-z]{2,}`)
|
|
|
|
// Email domain extraction
|
|
EmailDomainRegex = regexp.MustCompile(`@([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}`)
|
|
|
|
// URL domain extraction
|
|
URLDomainRegex = regexp.MustCompile(`(?i)https?://([a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?\.)+[a-z]{2,}`)
|
|
|
|
// JSON response subdomain pattern
|
|
JSONSubdomainRegex = regexp.MustCompile(`"([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}"`)
|
|
|
|
// Wildcard prefix cleaner
|
|
WildcardPrefixRegex = regexp.MustCompile(`^\*\.`)
|
|
}
|
|
|
|
// GetClientForTimeout returns appropriate shared client based on timeout needs
|
|
func GetClientForTimeout(timeout time.Duration) *http.Client {
|
|
switch {
|
|
case timeout <= 10*time.Second:
|
|
return FastClient
|
|
case timeout <= 30*time.Second:
|
|
return StandardClient
|
|
default:
|
|
return SlowClient
|
|
}
|
|
}
|
|
|
|
// ExtractSubdomains extracts subdomains from text using pre-compiled regex
|
|
func ExtractSubdomains(text, targetDomain string) []string {
|
|
matches := SubdomainRegex.FindAllString(text, -1)
|
|
seen := make(map[string]bool)
|
|
var result []string
|
|
|
|
targetSuffix := "." + targetDomain
|
|
for _, match := range matches {
|
|
match = WildcardPrefixRegex.ReplaceAllString(match, "")
|
|
match = strings.ToLower(strings.TrimSpace(match))
|
|
|
|
// Must end with target domain
|
|
if !strings.HasSuffix(match, targetSuffix) && match != targetDomain {
|
|
continue
|
|
}
|
|
|
|
if match != "" && !seen[match] {
|
|
seen[match] = true
|
|
result = append(result, match)
|
|
}
|
|
}
|
|
|
|
return result
|
|
}
|
|
|
|
// CloseIdleConnections closes idle connections in the shared transport
|
|
func CloseIdleConnections() {
|
|
if sharedTransport != nil {
|
|
sharedTransport.CloseIdleConnections()
|
|
}
|
|
}
|