feat(16-02): add APKMirror and crt.sh ReconSource modules

- APKMirrorSource searches APK metadata pages for key patterns - CrtShSource discovers subdomains via CT logs and probes config endpoints - Both credentialless, emit findings on ciLogKeyPattern match
2026-04-06 16:44:37 +03:00
parent af284f56f2
commit 09a8d4cb70
4 changed files with 525 additions and 0 deletions
--- a/pkg/recon/sources/apkmirror_test.go
+++ b/pkg/recon/sources/apkmirror_test.go
@@ -0,0 +1,115 @@
+package sources
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/salvacybersec/keyhunter/pkg/providers"
+	"github.com/salvacybersec/keyhunter/pkg/recon"
+)
+
+func TestAPKMirror_Name(t *testing.T) {
+	s := &APKMirrorSource{}
+	if s.Name() != "apkmirror" {
+		t.Fatalf("expected apkmirror, got %s", s.Name())
+	}
+}
+
+func TestAPKMirror_Enabled(t *testing.T) {
+	s := &APKMirrorSource{}
+	if !s.Enabled(recon.Config{}) {
+		t.Fatal("APKMirrorSource should always be enabled")
+	}
+}
+
+func TestAPKMirror_RespectsRobots(t *testing.T) {
+	s := &APKMirrorSource{}
+	if !s.RespectsRobots() {
+		t.Fatal("APKMirrorSource should respect robots.txt")
+	}
+}
+
+func TestAPKMirror_Sweep(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/html")
+		_, _ = w.Write([]byte(`
+			<html><body>
+			<div class="appRow">
+				<h5 class="appRowTitle">AI Chat Pro</h5>
+				<p>Uses api_key = "sk-proj-ABCDEF1234567890abcdef" for backend</p>
+			</div>
+			</body></html>
+		`))
+	}))
+	defer srv.Close()
+
+	reg := providers.NewRegistryFromProviders([]providers.Provider{
+		{Name: "openai", Keywords: []string{"sk-proj-"}},
+	})
+
+	s := &APKMirrorSource{
+		BaseURL:  srv.URL,
+		Registry: reg,
+		Client:   NewClient(),
+	}
+
+	out := make(chan recon.Finding, 10)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	err := s.Sweep(ctx, "", out)
+	close(out)
+	if err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if len(findings) == 0 {
+		t.Fatal("expected at least one finding from APKMirror")
+	}
+	if findings[0].SourceType != "recon:apkmirror" {
+		t.Fatalf("expected recon:apkmirror, got %s", findings[0].SourceType)
+	}
+}
+
+func TestAPKMirror_Sweep_NoMatch(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/html")
+		_, _ = w.Write([]byte(`<html><body><p>No API keys here</p></body></html>`))
+	}))
+	defer srv.Close()
+
+	reg := providers.NewRegistryFromProviders([]providers.Provider{
+		{Name: "openai", Keywords: []string{"sk-proj-"}},
+	})
+
+	s := &APKMirrorSource{
+		BaseURL:  srv.URL,
+		Registry: reg,
+		Client:   NewClient(),
+	}
+
+	out := make(chan recon.Finding, 10)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	err := s.Sweep(ctx, "", out)
+	close(out)
+	if err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if len(findings) != 0 {
+		t.Fatalf("expected no findings, got %d", len(findings))
+	}
+}