docs(09): OSINT infrastructure context

2026-04-06 00:33:44 +03:00
parent ed25d9806d
commit 72414e090a
1 changed files with 120 additions and 0 deletions
--- a/.planning/phases/09-osint-infrastructure/09-CONTEXT.md
+++ b/.planning/phases/09-osint-infrastructure/09-CONTEXT.md
@@ -0,0 +1,120 @@
+# Phase 9: OSINT Infrastructure - Context
+
+**Gathered:** 2026-04-05
+**Status:** Ready for planning
+**Mode:** Auto-generated
+
+<domain>
+## Phase Boundary
+
+Foundation for all OSINT/recon work. Creates the `pkg/recon/` package with:
+- `ReconSource` interface every source module implements
+- Per-source `rate.Limiter` (golang.org/x/time/rate) — no central limiter
+- Stealth mode: user-agent rotation, jitter delays
+- robots.txt respect for web scrapers
+- Parallel sweep orchestrator that fans out to all enabled sources
+- Deduplication across sources before persisting
+
+Phases 10-16 implement individual sources on top of this foundation. Phase 9 ships with a single `ReconSource` stub (e.g., `ExampleSource`) to prove the framework end-to-end.
+
+</domain>
+
+<decisions>
+## Implementation Decisions
+
+### ReconSource Interface
+```go
+type ReconSource interface {
+    Name() string                          // "shodan", "github", etc.
+    RateLimit() rate.Limit                 // per-source token bucket rate
+    Burst() int                            // burst capacity
+    RespectsRobots() bool                  // web scrapers: true; APIs: false
+    Enabled(cfg Config) bool               // enabled via config/env
+    Sweep(ctx context.Context, query string, out chan<- Finding) error
+}
+```
+
+### Package Layout
+```
+pkg/recon/
+  source.go           — ReconSource interface
+  engine.go           — Engine with Register/Sweep, parallel fanout, dedup
+  limiter.go          — per-source rate.Limiter wrapper + jitter
+  stealth.go          — user-agent pool, randomized delays
+  robots.go           — robots.txt cache + allowed() check
+  dedup.go            — cross-source finding dedup (hash by key+source_url)
+  example.go          — ExampleSource stub implementation for testing
+  engine_test.go
+  stealth_test.go
+  robots_test.go
+```
+
+### Rate Limiting (RECON-INFRA-05)
+- Each source constructs `rate.NewLimiter(r.RateLimit(), r.Burst())` at registration
+- `Engine.Sweep` calls `limiter.Wait(ctx)` before each source request
+- Default rates per source configurable via config file
+
+### Stealth Mode (RECON-INFRA-06)
+- User-Agent pool: 10 realistic browser UAs in stealth.go (Chrome/Firefox/Safari on Linux/macOS/Windows)
+- Jitter: random delay between 100ms and 1s before each request
+- Activated via `--stealth` flag on `keyhunter recon` command
+- "source exhausted" log events when a source returns zero results or hits rate limit
+
+### robots.txt (RECON-INFRA-07)
+- `pkg/recon/robots.go`: simple parser, cached per-host for 1 hour
+- Only consulted when `RespectsRobots()` returns true (web scrapers)
+- `--respect-robots` flag default on, can be disabled with `--no-respect-robots`
+- Check User-Agent: "keyhunter" against disallowed paths
+
+### Parallel Sweep Orchestrator (RECON-INFRA-08)
+- `Engine.SweepAll(ctx, query, cfg)` fans out to all enabled sources via ants pool
+- Each source runs in its own goroutine, writes findings to shared chan
+- Deduplication: SHA256(provider + masked_key + source_url) — drop duplicates
+- Result aggregated and returned for persistence
+
+### CLI Command
+- `keyhunter recon full [--stealth] [--respect-robots] [--query=STRING]` — sweep all enabled sources
+- `keyhunter recon list` — list registered sources
+- Phase 9 ships with `ExampleSource` to demonstrate the pipeline; real sources come in later phases
+
+### Dependencies
+- `golang.org/x/time/rate` — already in go.mod
+- `github.com/temoto/robotstxt` — for robots.txt parsing (small, well-maintained)
+- No new deps beyond robotstxt
+
+</decisions>
+
+<code_context>
+## Existing Code Insights
+
+### Reusable Assets
+- pkg/engine/engine.go — ants pool pattern to mirror
+- pkg/engine/finding.go — Finding struct (can reuse or create recon-specific)
+- pkg/storage/findings.go — persistence
+- cmd/stubs.go — recon stub to replace with real tree
+
+### Finding vs ReconFinding
+- Decision: reuse existing `engine.Finding`, extend SourceType field with recon sources
+- SourceType values: "file", "git", "stdin", "url", "clipboard" (Phase 4), now add "recon:shodan", "recon:github", "recon:example"
+
+</code_context>
+
+<specifics>
+## Specific Ideas
+
+- ExampleSource should generate fake findings from a hardcoded list to prove the pipeline
+- Each source's `Name()` should match its YAML dork source name for easy cross-referencing
+- Dedup should preserve the first-seen source and metadata
+- Stealth UA pool: include rare-but-realistic UAs to avoid UA-fingerprint blocking
+
+</specifics>
+
+<deferred>
+## Deferred Ideas
+
+- Proxy/TOR support — can be added later via http.Transport config
+- Source-specific retry with exponential backoff — source modules handle their own retries
+- Distributed rate limiting across multiple keyhunter instances — out of scope
+- Webhook notifications on source exhaustion — defer to Phase 17 (Telegram)
+
+</deferred>