diff --git a/.github/docs/tools.md b/.github/docs/tools.md index ada4261..1755507 100644 --- a/.github/docs/tools.md +++ b/.github/docs/tools.md @@ -1,6 +1,6 @@ # Tools -_12 tools registered._ +_13 tools registered._ | Tool | Input types | Description | Link | |------|-------------|-------------|------| @@ -8,11 +8,12 @@ _12 tools registered._ | [`github-recon`](tools/github-recon.md) | `username`, `email` | GitHub OSINT reconnaissance tool. Gathers profile info, social links, organisations, SSH/GPG keys, commits, and more from a GitHub username or email. | [Link](https://github.com/anotherhadi/nur-osint) | | [`whois`](tools/whois.md) | `domain`, `ip` | WHOIS lookup for domain registration and IP ownership information. | [Link](https://en.wikipedia.org/wiki/WHOIS) | | [`dig`](tools/dig.md) | `domain`, `ip` | DNS lookup querying A, AAAA, MX, NS, TXT, and SOA records for a domain, or reverse DNS (PTR) for an IP. | [Link](https://linux.die.net/man/1/dig) | -| [`ipinfo`](tools/ipinfo.md) | `ip` | IP geolocation via ipinfo.io — returns city, region, country, coordinates, ASN/org, timezone, and hostname. | [Link](https://ipinfo.io) | +| [`ipinfo`](tools/ipinfo.md) | `ip` | IP geolocation via ipinfo.io: returns city, region, country, coordinates, ASN/org, timezone, and hostname. | [Link](https://ipinfo.io) | | [`gravatar-recon`](tools/gravatar-recon.md) | `email` | Gravatar OSINT tool. Extracts public profile data from a Gravatar account: name, bio, location, employment, social accounts, phone, and more. | [Link](https://github.com/anotherhadi/gravatar-recon) | -| [`whoisfreaks`](tools/whoisfreaks.md) | `email`, `name`, `domain` | Reverse WHOIS lookup via WhoisFreaks — find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records. | [Link](https://whoisfreaks.com) | +| [`whoisfreaks`](tools/whoisfreaks.md) | `email`, `name`, `domain` | Reverse WHOIS lookup via WhoisFreaks: find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records. | [Link](https://whoisfreaks.com) | | [`maigret`](tools/maigret.md) | `username` | Username OSINT across 3000+ sites. Searches social networks, forums, and online platforms for an account matching the target username. | [Link](https://github.com/soxoj/maigret) | -| [`leakcheck`](tools/leakcheck.md) | `email`, `username`, `phone` | Data breach lookup via LeakCheck.io — searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches. | [Link](https://leakcheck.io) | -| [`crt.sh`](tools/crt.sh.md) | `domain` | SSL/TLS certificate transparency log search via crt.sh — enumerates subdomains and certificates issued for a domain. | [Link](https://crt.sh) | -| [`breachdirectory`](tools/breachdirectory.md) | `email`, `username` | Data breach search via BreachDirectory — checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes. | [Link](https://breachdirectory.org) | -| [`wappalyzer`](tools/wappalyzer.md) | `domain` | Web technology fingerprinting via wappalyzergo — detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain. | [Link](https://github.com/projectdiscovery/wappalyzergo) | +| [`ghunt`](tools/ghunt.md) | `email` | Google account OSINT via GHunt. Extracts profile info, linked services, and activity from a Google email address. | [Link](https://github.com/mxrch/GHunt) | +| [`leakcheck`](tools/leakcheck.md) | `email`, `username`, `phone` | Data breach lookup via LeakCheck.io: searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches. | [Link](https://leakcheck.io) | +| [`crt.sh`](tools/crt.sh.md) | `domain` | SSL/TLS certificate transparency log search via crt.sh: enumerates subdomains and certificates issued for a domain. | [Link](https://crt.sh) | +| [`breachdirectory`](tools/breachdirectory.md) | `email`, `username` | Data breach search via BreachDirectory: checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes. | [Link](https://breachdirectory.org) | +| [`wappalyzer`](tools/wappalyzer.md) | `domain` | Web technology fingerprinting via wappalyzergo: detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain. | [Link](https://github.com/projectdiscovery/wappalyzergo) | diff --git a/.github/docs/tools/breachdirectory.md b/.github/docs/tools/breachdirectory.md index a392261..9552eb1 100644 --- a/.github/docs/tools/breachdirectory.md +++ b/.github/docs/tools/breachdirectory.md @@ -1,6 +1,6 @@ # `breachdirectory` -Data breach search via BreachDirectory — checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes. +Data breach search via BreachDirectory: checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes. **Source / documentation:** [https://breachdirectory.org](https://breachdirectory.org) @@ -15,7 +15,7 @@ Configure globally via the Tools page or override per profile. | Field | Type | Required | Default | Description | |-------|------|:--------:|---------|-------------| -| `api_key` | `string` | **yes** | - | RapidAPI key for BreachDirectory (required — get one at rapidapi.com/rohan-patra/api/breachdirectory) | +| `api_key` | `string` | **yes** | - | RapidAPI key for BreachDirectory (required, get one at rapidapi.com/rohan-patra/api/breachdirectory) | --- diff --git a/.github/docs/tools/crt.sh.md b/.github/docs/tools/crt.sh.md index e8a0835..a1fe991 100644 --- a/.github/docs/tools/crt.sh.md +++ b/.github/docs/tools/crt.sh.md @@ -1,6 +1,6 @@ # `crt.sh` -SSL/TLS certificate transparency log search via crt.sh — enumerates subdomains and certificates issued for a domain. +SSL/TLS certificate transparency log search via crt.sh: enumerates subdomains and certificates issued for a domain. **Source / documentation:** [https://crt.sh](https://crt.sh) diff --git a/.github/docs/tools/ghunt.md b/.github/docs/tools/ghunt.md new file mode 100644 index 0000000..e272b4c --- /dev/null +++ b/.github/docs/tools/ghunt.md @@ -0,0 +1,27 @@ +# `ghunt` + +Google account OSINT via GHunt. Extracts profile info, linked services, and activity from a Google email address. + +**Source / documentation:** [https://github.com/mxrch/GHunt](https://github.com/mxrch/GHunt) + +## Input types + +- `email` + +## External dependencies + +The following binaries must be installed and available in `$PATH`: + +- `ghunt` + +## Configuration + +Configure globally via the Tools page or override per profile. + +| Field | Type | Required | Default | Description | +|-------|------|:--------:|---------|-------------| +| `creds` | `string` | **yes** | - | GHunt credentials (content of ~/.malfrats/ghunt/creds.m). To obtain: (1) install GHunt and run 'ghunt login' on your machine, (2) copy the full content of ~/.malfrats/ghunt/creds.m, (3) paste it here. | + +--- + +[← Back to tools index](../tools.md) diff --git a/.github/docs/tools/ipinfo.md b/.github/docs/tools/ipinfo.md index 6860152..f0beb99 100644 --- a/.github/docs/tools/ipinfo.md +++ b/.github/docs/tools/ipinfo.md @@ -1,6 +1,6 @@ # `ipinfo` -IP geolocation via ipinfo.io — returns city, region, country, coordinates, ASN/org, timezone, and hostname. +IP geolocation via ipinfo.io: returns city, region, country, coordinates, ASN/org, timezone, and hostname. **Source / documentation:** [https://ipinfo.io](https://ipinfo.io) @@ -14,7 +14,7 @@ Configure globally via the Tools page or override per profile. | Field | Type | Required | Default | Description | |-------|------|:--------:|---------|-------------| -| `token` | `string` | - | - | ipinfo.io API token (optional — free tier allows 50k req/month without one) | +| `token` | `string` | - | - | ipinfo.io API token (optional, free tier allows 50k req/month without one) | --- diff --git a/.github/docs/tools/leakcheck.md b/.github/docs/tools/leakcheck.md index f01dbf9..49be4db 100644 --- a/.github/docs/tools/leakcheck.md +++ b/.github/docs/tools/leakcheck.md @@ -1,6 +1,6 @@ # `leakcheck` -Data breach lookup via LeakCheck.io — searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches. +Data breach lookup via LeakCheck.io: searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches. **Source / documentation:** [https://leakcheck.io](https://leakcheck.io) @@ -16,7 +16,7 @@ Configure globally via the Tools page or override per profile. | Field | Type | Required | Default | Description | |-------|------|:--------:|---------|-------------| -| `api_key` | `string` | **yes** | - | LeakCheck API key (required — get one at leakcheck.io) | +| `api_key` | `string` | **yes** | - | LeakCheck API key (required, get one at leakcheck.io) | --- diff --git a/.github/docs/tools/wappalyzer.md b/.github/docs/tools/wappalyzer.md index 1b75458..333eaf0 100644 --- a/.github/docs/tools/wappalyzer.md +++ b/.github/docs/tools/wappalyzer.md @@ -1,6 +1,6 @@ # `wappalyzer` -Web technology fingerprinting via wappalyzergo — detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain. +Web technology fingerprinting via wappalyzergo: detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain. **Source / documentation:** [https://github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) diff --git a/.github/docs/tools/whoisfreaks.md b/.github/docs/tools/whoisfreaks.md index 74c1bea..a2b33cb 100644 --- a/.github/docs/tools/whoisfreaks.md +++ b/.github/docs/tools/whoisfreaks.md @@ -1,6 +1,6 @@ # `whoisfreaks` -Reverse WHOIS lookup via WhoisFreaks — find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records. +Reverse WHOIS lookup via WhoisFreaks: find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records. **Source / documentation:** [https://whoisfreaks.com](https://whoisfreaks.com) @@ -16,7 +16,7 @@ Configure globally via the Tools page or override per profile. | Field | Type | Required | Default | Description | |-------|------|:--------:|---------|-------------| -| `api_key` | `string` | **yes** | - | WhoisFreaks API key (required — free account at whoisfreaks.com) | +| `api_key` | `string` | **yes** | - | WhoisFreaks API key (required, free account at whoisfreaks.com) | --- diff --git a/.gitignore b/.gitignore index 90be77b..0cf57a8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .claude/ +CLAUDE.md todolist.md diff --git a/README.md b/README.md index db28819..d17bb6a 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ Designed for security researchers, penetration testers, and OSINT investigators - **Parallel execution**: all tools run simultaneously; results stream in as they arrive - **Profile system**: create named profiles to enable/disable specific tools or override their config per investigation type (quick recon vs. thorough sweep) - **Per-tool configuration**: set API keys, rate limits, and options globally or per profile +- **Proxy support**: route all tool traffic through SOCKS5/SOCKS4/HTTP proxies, with automatic failover across multiple proxies; external binary tools are transparently wrapped with proxychains4 - **Tool availability checks**: tools that depend on an external binary report their status; the interface shows which tools are ready, which need config, and which are unavailable - **Search history**: completed searches are kept in memory; results can be reviewed without re-running - **Extensible architecture**: adding a new tool is a single Go file implementing one interface, registered in one line @@ -117,6 +118,10 @@ tools: breachdirectory: api_key: yourkey +proxies: + - url: socks5://user:pass@127.0.0.1:9050 + - url: http://proxy.example.com:8080 + profiles: quick: enabled: @@ -126,7 +131,7 @@ profiles: disabled: [] ``` -Only include the tools you want to configure — everything else falls back to defaults. +Only include the tools you want to configure; everything else falls back to defaults. diff --git a/back/internal/api/handler/enumerate.go b/back/internal/api/handler/enumerate.go index c151750..4721771 100644 --- a/back/internal/api/handler/enumerate.go +++ b/back/internal/api/handler/enumerate.go @@ -16,13 +16,13 @@ import ( // ansiRe strips all ANSI/VT100 escape sequences (CSI, OSC, etc.). // RunWithPTY only strips OSC sequences; CSI colour codes need this. -var ansiRe = regexp.MustCompile(`\x1b[\x5b-\x5f][0-9;]*[A-Za-z]|\x1b[^[\x5b-\x5f]`) +var ansiRe = regexp.MustCompile(`\x1b[\x5b-\x5f][0-9;]*[A-Za-z]|\x1b[^\x5b-\x5f]`) type EnumerateHandler struct { demo bool } -func NewEnumerateHandler(_ string, demo bool) *EnumerateHandler { +func NewEnumerateHandler(demo bool) *EnumerateHandler { return &EnumerateHandler{demo: demo} } @@ -186,7 +186,7 @@ type checkEmailResponse struct { // userScannerCheck runs user-scanner via PTY (required for output). // flag is either "-e" (email) or "-u" (username). -// Office365 is excluded — it's a known false positive. +// Office365 is excluded (known false positive). // quick=true uses a shorter timeout for a faster but incomplete scan. func userScannerCheck(ctx context.Context, flag, target string, quick bool) (status, reason string, sites []string) { defer func() { @@ -223,7 +223,7 @@ func userScannerCheck(ctx context.Context, flag, target string, quick bool) (sta if !strings.Contains(line, "[✔]") { continue } - // Office365 is a known false positive — skip it. + // Office365 is a known false positive, skip it. if strings.Contains(line, "Office365") { continue } diff --git a/back/internal/api/router.go b/back/internal/api/router.go index 9a909bd..29aedae 100644 --- a/back/internal/api/router.go +++ b/back/internal/api/router.go @@ -29,7 +29,7 @@ func NewRouter( searchHandler := handler.NewSearchHandler(manager, demo) toolsHandler := handler.NewToolsHandler(factories) configHandler := handler.NewConfigHandler(configPath, factories, demo) - enumerateHandler := handler.NewEnumerateHandler(configPath, demo) + enumerateHandler := handler.NewEnumerateHandler(demo) searchLimiter := ikymiddleware.New(rate.Every(10*time.Second), 3) diff --git a/back/internal/tools/breachdirectory/tool.go b/back/internal/tools/breachdirectory/tool.go index a74d2a5..c25c69d 100644 --- a/back/internal/tools/breachdirectory/tool.go +++ b/back/internal/tools/breachdirectory/tool.go @@ -14,13 +14,13 @@ import ( const ( name = "breachdirectory" - description = "Data breach search via BreachDirectory — checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes." + description = "Data breach search via BreachDirectory: checks if an email, username, or phone appears in known data breaches and returns exposed passwords/hashes." link = "https://breachdirectory.org" - icon = "" + icon = "mdi:shield-alert" ) type Config struct { - APIKey string `yaml:"api_key" iky:"desc=RapidAPI key for BreachDirectory (required — get one at rapidapi.com/rohan-patra/api/breachdirectory);required=true"` + APIKey string `yaml:"api_key" iky:"desc=RapidAPI key for BreachDirectory (required, get one at rapidapi.com/rohan-patra/api/breachdirectory);required=true"` } type Runner struct { diff --git a/back/internal/tools/crtsh/tool.go b/back/internal/tools/crtsh/tool.go index 6174785..c6f89f0 100644 --- a/back/internal/tools/crtsh/tool.go +++ b/back/internal/tools/crtsh/tool.go @@ -16,9 +16,9 @@ import ( const ( name = "crt.sh" - description = "SSL/TLS certificate transparency log search via crt.sh — enumerates subdomains and certificates issued for a domain." + description = "SSL/TLS certificate transparency log search via crt.sh: enumerates subdomains and certificates issued for a domain." link = "https://crt.sh" - icon = "" + icon = "mdi:certificate-outline" ) type Runner struct{} diff --git a/back/internal/tools/dig/tool.go b/back/internal/tools/dig/tool.go index 0e5f135..2c85457 100644 --- a/back/internal/tools/dig/tool.go +++ b/back/internal/tools/dig/tool.go @@ -13,7 +13,7 @@ const ( name = "dig" description = "DNS lookup querying A, AAAA, MX, NS, TXT, and SOA records for a domain, or reverse DNS (PTR) for an IP." link = "https://linux.die.net/man/1/dig" - icon = "" + icon = "mdi:dns" ) var recordTypes = []string{"A", "AAAA", "MX", "NS", "TXT", "SOA"} @@ -67,7 +67,13 @@ func (r *Runner) Run(ctx context.Context, target string, inputType tools.InputTy break } cmd := exec.CommandContext(ctx, "dig", target, rtype, "+noall", "+answer") - output, _ := cmd.Output() + output, err := cmd.Output() + if err != nil { + if ctx.Err() != nil { + break + } + continue + } result := strings.TrimSpace(string(output)) if result == "" { continue diff --git a/back/internal/tools/ghunt/tool.go b/back/internal/tools/ghunt/tool.go index 818315c..726b4c4 100644 --- a/back/internal/tools/ghunt/tool.go +++ b/back/internal/tools/ghunt/tool.go @@ -18,7 +18,7 @@ const ( name = "ghunt" description = "Google account OSINT via GHunt. Extracts profile info, linked services, and activity from a Google email address." link = "https://github.com/mxrch/GHunt" - icon = "google" + icon = "si:google" ) type Config struct { @@ -103,8 +103,8 @@ func (r *Runner) Run(ctx context.Context, target string, _ tools.InputType, out } if start == -1 { - // Banner printed but auth line never appeared — bad/expired credentials. - out <- tools.Event{Tool: name, Type: tools.EventTypeError, Payload: "GHunt authentication failed — credentials may be missing or expired (run 'ghunt login' and update your creds in Settings)"} + // Banner printed but auth line never appeared: bad/expired credentials. + out <- tools.Event{Tool: name, Type: tools.EventTypeError, Payload: "GHunt authentication failed: credentials may be missing or expired (run 'ghunt login' and update your creds in Settings)"} out <- tools.Event{Tool: name, Type: tools.EventTypeCount, Payload: 0} out <- tools.Event{Tool: name, Type: tools.EventTypeDone} return nil diff --git a/back/internal/tools/github-recon/tool.go b/back/internal/tools/github-recon/tool.go index 707954b..8a8daac 100644 --- a/back/internal/tools/github-recon/tool.go +++ b/back/internal/tools/github-recon/tool.go @@ -12,7 +12,7 @@ const ( name = "github-recon" description = "GitHub OSINT reconnaissance tool. Gathers profile info, social links, organisations, SSH/GPG keys, commits, and more from a GitHub username or email." link = "https://github.com/anotherhadi/nur-osint" - icon = "github" + icon = "si:github" ) type Config struct { diff --git a/back/internal/tools/gravatar-recon/tool.go b/back/internal/tools/gravatar-recon/tool.go index e1445f6..c5368a6 100644 --- a/back/internal/tools/gravatar-recon/tool.go +++ b/back/internal/tools/gravatar-recon/tool.go @@ -11,7 +11,7 @@ const ( name = "gravatar-recon" description = "Gravatar OSINT tool. Extracts public profile data from a Gravatar account: name, bio, location, employment, social accounts, phone, and more." link = "https://github.com/anotherhadi/gravatar-recon" - icon = "" + icon = "si:gravatar" ) type Runner struct{} diff --git a/back/internal/tools/ipinfo/tool.go b/back/internal/tools/ipinfo/tool.go index 39a7c5b..19df755 100644 --- a/back/internal/tools/ipinfo/tool.go +++ b/back/internal/tools/ipinfo/tool.go @@ -13,13 +13,13 @@ import ( const ( name = "ipinfo" - description = "IP geolocation via ipinfo.io — returns city, region, country, coordinates, ASN/org, timezone, and hostname." + description = "IP geolocation via ipinfo.io: returns city, region, country, coordinates, ASN/org, timezone, and hostname." link = "https://ipinfo.io" - icon = "" + icon = "mdi:ip-network" ) type Config struct { - Token string `yaml:"token" iky:"desc=ipinfo.io API token (optional — free tier allows 50k req/month without one);required=false"` + Token string `yaml:"token" iky:"desc=ipinfo.io API token (optional, free tier allows 50k req/month without one);required=false"` } type Runner struct { diff --git a/back/internal/tools/leakcheck/tool.go b/back/internal/tools/leakcheck/tool.go index 7c7cb59..ae45d3e 100644 --- a/back/internal/tools/leakcheck/tool.go +++ b/back/internal/tools/leakcheck/tool.go @@ -14,13 +14,13 @@ import ( const ( name = "leakcheck" - description = "Data breach lookup via LeakCheck.io — searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches." + description = "Data breach lookup via LeakCheck.io: searches 7B+ leaked records for email addresses, usernames, and phone numbers across hundreds of breaches." link = "https://leakcheck.io" - icon = "" + icon = "mdi:database-alert" ) type Config struct { - APIKey string `yaml:"api_key" iky:"desc=LeakCheck API key (required — get one at leakcheck.io);required=true"` + APIKey string `yaml:"api_key" iky:"desc=LeakCheck API key (required, get one at leakcheck.io);required=true"` } type Runner struct { diff --git a/back/internal/tools/maigret/tool.go b/back/internal/tools/maigret/tool.go index 20fe4f3..bff7cf0 100644 --- a/back/internal/tools/maigret/tool.go +++ b/back/internal/tools/maigret/tool.go @@ -14,7 +14,7 @@ const ( name = "maigret" description = "Username OSINT across 3000+ sites. Searches social networks, forums, and online platforms for an account matching the target username." link = "https://github.com/soxoj/maigret" - icon = "" + icon = "mdi:radar" ) var accountsRe = regexp.MustCompile(`returned (\d+) accounts`) @@ -68,7 +68,7 @@ func (r *Runner) Run(ctx context.Context, target string, _ tools.InputType, out cmd := exec.CommandContext(ctx, "maigret", args...) output, err := tools.RunWithPTY(ctx, cmd) - // Crop at Python traceback (NixOS read-only store error — results are unaffected) + // Crop at Python traceback (NixOS read-only store error, results are unaffected) if idx := strings.Index(output, "Traceback (most recent call last)"); idx != -1 { output = strings.TrimSpace(output[:idx]) } diff --git a/back/internal/tools/tools.go b/back/internal/tools/tools.go index 53a0cb8..d340653 100644 --- a/back/internal/tools/tools.go +++ b/back/internal/tools/tools.go @@ -7,7 +7,7 @@ type EventType string const ( EventTypeOutput EventType = "output" // raw ANSI text, payload is a plain string EventTypeError EventType = "error" - EventTypeCount EventType = "count" // payload is int, additive — emit once or multiple times from Run + EventTypeCount EventType = "count" // payload is int, additive; emit once or multiple times from Run EventTypeDone EventType = "done" ) diff --git a/back/internal/tools/user-scanner/tool.go b/back/internal/tools/user-scanner/tool.go index 3be8766..f038c30 100644 --- a/back/internal/tools/user-scanner/tool.go +++ b/back/internal/tools/user-scanner/tool.go @@ -12,7 +12,7 @@ const ( name = "user-scanner" description = "🕵️‍♂️ (2-in-1) Email & Username OSINT suite. Analyzes 195+ scan vectors (95+ email / 100+ username) for security research, investigations, and digital footprinting." link = "https://github.com/kaifcodec/user-scanner" - icon = "" + icon = "mdi:account-search" ) type Config struct { diff --git a/back/internal/tools/wappalyzer/tool.go b/back/internal/tools/wappalyzer/tool.go index 280d26c..8be57ff 100644 --- a/back/internal/tools/wappalyzer/tool.go +++ b/back/internal/tools/wappalyzer/tool.go @@ -16,9 +16,9 @@ import ( const ( name = "wappalyzer" - description = "Web technology fingerprinting via wappalyzergo — detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain." + description = "Web technology fingerprinting via wappalyzergo: detects CMS, frameworks, web servers, analytics, CDN, and 1500+ other technologies running on a domain." link = "https://github.com/projectdiscovery/wappalyzergo" - icon = "wappalyzer" + icon = "si:wappalyzer" ) type Runner struct { diff --git a/back/internal/tools/whois/tool.go b/back/internal/tools/whois/tool.go index 3131aaa..edc57d6 100644 --- a/back/internal/tools/whois/tool.go +++ b/back/internal/tools/whois/tool.go @@ -12,7 +12,7 @@ const ( name = "whois" description = "WHOIS lookup for domain registration and IP ownership information." link = "https://en.wikipedia.org/wiki/WHOIS" - icon = "" + icon = "mdi:card-search" ) type Runner struct{} diff --git a/back/internal/tools/whoisfreaks/tool.go b/back/internal/tools/whoisfreaks/tool.go index 6809c30..384a81e 100644 --- a/back/internal/tools/whoisfreaks/tool.go +++ b/back/internal/tools/whoisfreaks/tool.go @@ -16,13 +16,13 @@ import ( const ( name = "whoisfreaks" - description = "Reverse WHOIS lookup via WhoisFreaks — find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records." + description = "Reverse WHOIS lookup via WhoisFreaks: find all domains registered by an email, owner name, or keyword across 3.6B+ WHOIS records." link = "https://whoisfreaks.com" - icon = "" + icon = "mdi:database-search" ) type Config struct { - APIKey string `yaml:"api_key" iky:"desc=WhoisFreaks API key (required — free account at whoisfreaks.com);required=true"` + APIKey string `yaml:"api_key" iky:"desc=WhoisFreaks API key (required, free account at whoisfreaks.com);required=true"` } type Runner struct { diff --git a/front/src/components/CheatsheetList.svelte b/front/src/components/CheatsheetList.svelte index a9cccc9..f5d959d 100644 --- a/front/src/components/CheatsheetList.svelte +++ b/front/src/components/CheatsheetList.svelte @@ -60,17 +60,19 @@ {#each filtered as sheet} -
-
-
{sheet.title}
- {#if sheet.description} -
{sheet.description}
- {/if} +
+
+
+
{sheet.title}
+ {#if sheet.description} +
{sheet.description}
+ {/if} +
{#if sheet.tags && sheet.tags.length > 0} -
+
{#each sheet.tags as tag} {tag} {/each} diff --git a/front/src/components/DemoBanner.svelte b/front/src/components/DemoBanner.svelte index 40e3080..4dcc136 100644 --- a/front/src/components/DemoBanner.svelte +++ b/front/src/components/DemoBanner.svelte @@ -19,6 +19,6 @@ {#if demo}
- Demo mode — searches and configuration changes are disabled + Demo mode: searches and configuration changes are disabled
{/if} diff --git a/front/src/components/EnumeratePage.svelte b/front/src/components/EnumeratePage.svelte index 8f49439..ead1488 100644 --- a/front/src/components/EnumeratePage.svelte +++ b/front/src/components/EnumeratePage.svelte @@ -158,8 +158,8 @@ if (s === "found") return "Found"; if (s === "not_found") return "Not found"; if (s === "maybe") return "Maybe"; - if (s === "checking") return "Checking…"; - return "—"; + if (s === "checking") return "Checking..."; + return "-"; } @@ -296,7 +296,7 @@ {#if !userScannerAvailable}
- user-scanner is not installed — email and username checking will be unavailable. + user-scanner is not installed, email and username checking will be unavailable.
{/if} @@ -414,7 +414,7 @@ Maybe {:else} - + - {/if} diff --git a/front/src/components/Nav.svelte b/front/src/components/Nav.svelte index d005dc9..f827443 100644 --- a/front/src/components/Nav.svelte +++ b/front/src/components/Nav.svelte @@ -13,6 +13,15 @@ } from "@lucide/svelte"; import type { Snippet } from "svelte"; + let mobileMenuOpen = $state(false); + + function onDocumentClick(e: MouseEvent) { + if (!mobileMenuOpen) return; + if (!(e.target as HTMLElement).closest("[data-mobile-nav]")) { + mobileMenuOpen = false; + } + } + let { action, }: { @@ -46,17 +55,20 @@ ]; + +
-
-
- -
-
- +
iky logo large - +
diff --git a/front/src/components/SettingsPage.svelte b/front/src/components/SettingsPage.svelte index d6a11de..05b53b5 100644 --- a/front/src/components/SettingsPage.svelte +++ b/front/src/components/SettingsPage.svelte @@ -406,7 +406,7 @@
- proxychains4 not found in PATH — external binary tools + proxychains4 not found in PATH, external binary tools (maigret, ghunt, etc.) will not be proxied. Only HTTP-based tools are affected by the proxy config. @@ -418,7 +418,7 @@ {#if proxies.length === 0}
-

No proxies — tools connect directly.

+

No proxies, tools connect directly.

{:else} {#each proxies as proxy, i} diff --git a/front/src/components/comps/ToolIcon.svelte b/front/src/components/comps/ToolIcon.svelte index 2ecdc6f..c88c3ac 100644 --- a/front/src/components/comps/ToolIcon.svelte +++ b/front/src/components/comps/ToolIcon.svelte @@ -1,29 +1,32 @@ -{#if iconName} - {iconName { - const target = e.currentTarget as HTMLImageElement; - target.src = genericFallbackUrl; - }} - /> -{:else} - {"Tool -{/if} +{iconName { + const target = e.currentTarget as HTMLImageElement; + target.src = genericFallbackUrl; + }} +/> diff --git a/front/src/content/cheatsheets/github-osint.md b/front/src/content/cheatsheets/github-osint.md index 35d968e..3fc879d 100644 --- a/front/src/content/cheatsheets/github-osint.md +++ b/front/src/content/cheatsheets/github-osint.md @@ -97,7 +97,7 @@ Once you have a **name**, an **email**, or a **unique username**, it’s time to If you want to move from manual investigation to automated intelligence, check out [Github-Recon](https://github.com/anotherhadi/github-recon). Written in Go, this powerful CLI tool aggregates public OSINT data by automating the techniques mentioned above and more. Whether you start with a username or a single email address, it can retrieve SSH/GPG keys, enumerate social accounts, and find "close friends" based on interactions. -Its standout features include a **Deep Scan** mode-which clones repositories to perform regex searches and TruffleHog secret detection—and an automated **Email Spoofing** engine that instantly identifies the account linked to any primary email address. +Its standout features include a **Deep Scan** mode (clones repositories for regex searches and TruffleHog secret detection) and an automated **Email Spoofing** engine that identifies the account linked to any primary email address. diff --git a/front/src/pages/help.astro b/front/src/pages/help.astro index 01cd631..bad6624 100644 --- a/front/src/pages/help.astro +++ b/front/src/pages/help.astro @@ -141,7 +141,7 @@ import Layout from "@src/layouts/Layout.astro";

- If no proxies are configured, tools connect directly — behaviour is identical to before. + If no proxies are configured, tools connect directly.