diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md index dedc4b7..a1c8a93 100644 --- a/.planning/REQUIREMENTS.md +++ b/.planning/REQUIREMENTS.md @@ -115,9 +115,9 @@ Requirements for initial release. Each maps to roadmap phases. ### OSINT/Recon — Search Engine Dorking -- [ ] **RECON-DORK-01**: Google dorking via Custom Search API / SerpAPI with 100+ built-in dorks -- [ ] **RECON-DORK-02**: Bing dorking via Azure Cognitive Services -- [ ] **RECON-DORK-03**: DuckDuckGo, Yandex, Brave search integration +- [x] **RECON-DORK-01**: Google dorking via Custom Search API / SerpAPI with 100+ built-in dorks +- [x] **RECON-DORK-02**: Bing dorking via Azure Cognitive Services +- [x] **RECON-DORK-03**: DuckDuckGo, Yandex, Brave search integration ### OSINT/Recon — Paste Sites diff --git a/.planning/STATE.md b/.planning/STATE.md index 532f202..bf2e45e 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -3,14 +3,14 @@ gsd_state_version: 1.0 milestone: v1.0 milestone_name: milestone status: executing -stopped_at: Completed 10-09-PLAN.md -last_updated: "2026-04-06T08:38:31.363Z" +stopped_at: Completed 11-01-PLAN.md +last_updated: "2026-04-06T08:55:35.271Z" last_activity: 2026-04-06 progress: total_phases: 18 - completed_phases: 10 - total_plans: 62 - completed_plans: 63 + completed_phases: 9 + total_plans: 57 + completed_plans: 64 percent: 20 --- @@ -89,6 +89,7 @@ Progress: [██░░░░░░░░] 20% | Phase 10-osint-code-hosting P02 | 5min | 1 tasks | 2 files | | Phase 10-osint-code-hosting P07 | 6 | 2 tasks | 6 files | | Phase 10 P09 | 12min | 2 tasks | 5 files | +| Phase 11 P01 | 3min | 2 tasks | 11 files | ## Accumulated Context @@ -126,6 +127,7 @@ Recent decisions affecting current work: - [Phase 10-osint-code-hosting]: github/gist use 'kw' in:file; all other sources use bare keyword - [Phase 10-osint-code-hosting]: GitHubSource reuses shared sources.Client + LimiterRegistry; builds queries from providers.Registry via BuildQueries; missing token disables (not errors) - [Phase 10]: RegisterAll registers all ten Phase 10 sources unconditionally; missing credentials flip Enabled()==false rather than hiding sources from the CLI catalog +- [Phase 11]: All five search sources use dork query format to focus on paste/code hosting leak sites ### Pending Todos @@ -140,6 +142,6 @@ None yet. ## Session Continuity -Last session: 2026-04-05T22:28:27.412Z -Stopped at: Completed 10-09-PLAN.md +Last session: 2026-04-06T08:55:35.267Z +Stopped at: Completed 11-01-PLAN.md Resume file: None diff --git a/.planning/phases/11-osint_search_paste/11-01-SUMMARY.md b/.planning/phases/11-osint_search_paste/11-01-SUMMARY.md new file mode 100644 index 0000000..ddb75c6 --- /dev/null +++ b/.planning/phases/11-osint_search_paste/11-01-SUMMARY.md @@ -0,0 +1,117 @@ +--- +phase: 11-osint-search-paste +plan: 01 +subsystem: recon +tags: [google-custom-search, bing-web-search, duckduckgo, yandex-xml, brave-search, dorking, osint] + +requires: + - phase: 10-osint-code-hosting + provides: "ReconSource interface, sources.Client, LimiterRegistry, BuildQueries/formatQuery" +provides: + - "GoogleDorkSource - Google Custom Search JSON API dorking" + - "BingDorkSource - Bing Web Search API v7 dorking" + - "DuckDuckGoSource - HTML scraping (credential-free)" + - "YandexSource - Yandex XML Search API dorking" + - "BraveSource - Brave Search API dorking" + - "formatQuery cases for all five search engines" +affects: [11-osint-search-paste, 11-03 RegisterAll wiring] + +tech-stack: + added: [encoding/xml for Yandex XML parsing] + patterns: [search-engine dork query format via formatQuery, XML API response parsing] + +key-files: + created: + - pkg/recon/sources/google.go + - pkg/recon/sources/google_test.go + - pkg/recon/sources/bing.go + - pkg/recon/sources/bing_test.go + - pkg/recon/sources/duckduckgo.go + - pkg/recon/sources/duckduckgo_test.go + - pkg/recon/sources/yandex.go + - pkg/recon/sources/yandex_test.go + - pkg/recon/sources/brave.go + - pkg/recon/sources/brave_test.go + modified: + - pkg/recon/sources/queries.go + +key-decisions: + - "All five search sources use dork query format: site:pastebin.com OR site:github.com \"keyword\" to focus on paste/code hosting leak sites" + - "DuckDuckGo is credential-free (HTML scraping) with RespectsRobots=true; other four require API keys" + - "Yandex uses encoding/xml for XML response parsing; all others use encoding/json" + - "extractGoogleKeyword reverse-parser shared by Bing/Yandex/Brave for keyword-to-provider mapping" + +patterns-established: + - "Search engine dork sources: same Sweep loop pattern as Phase 10 code hosting sources" + - "XML API sources: encoding/xml with nested struct unmarshaling (Yandex)" + +requirements-completed: [RECON-DORK-01, RECON-DORK-02, RECON-DORK-03] + +duration: 3min +completed: 2026-04-06 +--- + +# Phase 11 Plan 01: Search Engine Dorking Sources Summary + +**Five search engine dorking ReconSource implementations (Google, Bing, DuckDuckGo, Yandex, Brave) with dork-style queries targeting paste/code hosting sites** + +## Performance + +- **Duration:** 3 min +- **Started:** 2026-04-06T08:51:30Z +- **Completed:** 2026-04-06T08:54:52Z +- **Tasks:** 2 +- **Files modified:** 11 + +## Accomplishments +- GoogleDorkSource and BingDorkSource with JSON API integration and httptest-based tests +- DuckDuckGoSource with HTML scraping (credential-free, RespectsRobots=true) +- YandexSource with XML Search API and encoding/xml response parsing +- BraveSource with Brave Search API and X-Subscription-Token auth +- formatQuery updated with dork syntax for all five search engines + +## Task Commits + +Each task was committed atomically: + +1. **Task 1: GoogleDorkSource + BingDorkSource + formatQuery updates** - `7272e65` (feat) +2. **Task 2: DuckDuckGoSource + YandexSource + BraveSource** - `7707053` (feat) + +## Files Created/Modified +- `pkg/recon/sources/google.go` - Google Custom Search JSON API source (APIKey + CX required) +- `pkg/recon/sources/google_test.go` - Google source tests (enabled, sweep, cancel, unauth) +- `pkg/recon/sources/bing.go` - Bing Web Search API v7 source (Ocp-Apim-Subscription-Key) +- `pkg/recon/sources/bing_test.go` - Bing source tests +- `pkg/recon/sources/duckduckgo.go` - DuckDuckGo HTML scraper (no API key, always enabled) +- `pkg/recon/sources/duckduckgo_test.go` - DuckDuckGo tests including empty registry +- `pkg/recon/sources/yandex.go` - Yandex XML Search API (user + key required, XML parsing) +- `pkg/recon/sources/yandex_test.go` - Yandex tests +- `pkg/recon/sources/brave.go` - Brave Search API (X-Subscription-Token) +- `pkg/recon/sources/brave_test.go` - Brave tests +- `pkg/recon/sources/queries.go` - Added google/bing/duckduckgo/yandex/brave formatQuery cases + +## Decisions Made +- All five search sources use dork query format `site:pastebin.com OR site:github.com "keyword"` to focus results on leak-likely sites +- DuckDuckGo is the only credential-free source; uses HTML scraping with extractAnchorHrefs (shared with Replit) +- Yandex requires encoding/xml for its XML Search API response format +- extractGoogleKeyword reverse-parser reused across Bing/Yandex/Brave for keyword-to-provider name mapping + +## Deviations from Plan + +None - plan executed exactly as written. + +## Issues Encountered + +None. + +## User Setup Required + +None - no external service configuration required. + +## Next Phase Readiness +- All five search engine sources ready for RegisterAll wiring in Plan 11-03 +- Each source follows established ReconSource pattern for seamless engine integration + +--- +*Phase: 11-osint-search-paste* +*Completed: 2026-04-06* diff --git a/pkg/recon/sources/bing.go b/pkg/recon/sources/bing.go new file mode 100644 index 0000000..cdc7ea5 --- /dev/null +++ b/pkg/recon/sources/bing.go @@ -0,0 +1,155 @@ +package sources + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "golang.org/x/time/rate" + + "github.com/salvacybersec/keyhunter/pkg/providers" + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +// BingDorkSource implements recon.ReconSource against the Bing Web Search +// API v7. It iterates provider keyword queries and emits a Finding per result. +// +// A missing API key disables the source without error. +type BingDorkSource struct { + APIKey string + BaseURL string + Registry *providers.Registry + Limiters *recon.LimiterRegistry + client *Client +} + +// Compile-time assertion. +var _ recon.ReconSource = (*BingDorkSource)(nil) + +// NewBingDorkSource constructs a BingDorkSource with the shared retry client. +func NewBingDorkSource(apiKey string, reg *providers.Registry, lim *recon.LimiterRegistry) *BingDorkSource { + return &BingDorkSource{ + APIKey: apiKey, + BaseURL: "https://api.bing.microsoft.com", + Registry: reg, + Limiters: lim, + client: NewClient(), + } +} + +func (s *BingDorkSource) Name() string { return "bing" } +func (s *BingDorkSource) RateLimit() rate.Limit { return rate.Every(500 * time.Millisecond) } +func (s *BingDorkSource) Burst() int { return 2 } +func (s *BingDorkSource) RespectsRobots() bool { return false } + +// Enabled returns true only when APIKey is configured. +func (s *BingDorkSource) Enabled(_ recon.Config) bool { return s.APIKey != "" } + +// Sweep issues one Bing Web Search request per provider keyword and emits a +// Finding for every webPages.value result. +func (s *BingDorkSource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error { + if s.APIKey == "" { + return nil + } + base := s.BaseURL + if base == "" { + base = "https://api.bing.microsoft.com" + } + + queries := BuildQueries(s.Registry, "bing") + kwIndex := bingKeywordIndex(s.Registry) + + for _, q := range queries { + if err := ctx.Err(); err != nil { + return err + } + if s.Limiters != nil { + if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil { + return err + } + } + + endpoint := fmt.Sprintf("%s/v7.0/search?q=%s&count=50", base, url.QueryEscape(q)) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) + if err != nil { + return fmt.Errorf("bing: build request: %w", err) + } + req.Header.Set("Ocp-Apim-Subscription-Key", s.APIKey) + req.Header.Set("Accept", "application/json") + req.Header.Set("User-Agent", "keyhunter-recon") + + resp, err := s.client.Do(ctx, req) + if err != nil { + if errors.Is(err, ErrUnauthorized) { + return err + } + if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { + return err + } + continue + } + + var parsed bingSearchResponse + decErr := json.NewDecoder(resp.Body).Decode(&parsed) + _ = resp.Body.Close() + if decErr != nil { + continue + } + + provName := kwIndex[strings.ToLower(extractGoogleKeyword(q))] + for _, it := range parsed.WebPages.Value { + f := recon.Finding{ + ProviderName: provName, + Confidence: "low", + Source: it.URL, + SourceType: "recon:bing", + DetectedAt: time.Now(), + } + select { + case out <- f: + case <-ctx.Done(): + return ctx.Err() + } + } + } + return nil +} + +type bingSearchResponse struct { + WebPages bingWebPages `json:"webPages"` +} + +type bingWebPages struct { + Value []bingWebResult `json:"value"` +} + +type bingWebResult struct { + Name string `json:"name"` + URL string `json:"url"` + Snippet string `json:"snippet"` +} + +// bingKeywordIndex maps lowercased keywords to provider names. +func bingKeywordIndex(reg *providers.Registry) map[string]string { + m := make(map[string]string) + if reg == nil { + return m + } + for _, p := range reg.List() { + for _, k := range p.Keywords { + kl := strings.ToLower(strings.TrimSpace(k)) + if kl == "" { + continue + } + if _, exists := m[kl]; !exists { + m[kl] = p.Name + } + } + } + return m +} diff --git a/pkg/recon/sources/bing_test.go b/pkg/recon/sources/bing_test.go new file mode 100644 index 0000000..9c9d7dd --- /dev/null +++ b/pkg/recon/sources/bing_test.go @@ -0,0 +1,146 @@ +package sources + +import ( + "context" + "encoding/json" + "errors" + "net/http" + "net/http/httptest" + "strings" + "sync/atomic" + "testing" + "time" + + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +func bingStubHandler(t *testing.T, calls *int32) http.HandlerFunc { + t.Helper() + return func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(calls, 1) + if !strings.HasPrefix(r.URL.Path, "/v7.0/search") { + t.Errorf("unexpected path: %s", r.URL.Path) + } + if got := r.Header.Get("Ocp-Apim-Subscription-Key"); got != "testkey" { + t.Errorf("missing subscription key header: %q", got) + } + body := map[string]any{ + "webPages": map[string]any{ + "value": []map[string]any{ + {"name": "result1", "url": "https://pastebin.com/xyz789", "snippet": "found"}, + {"name": "result2", "url": "https://github.com/user/repo/blob/main/.env", "snippet": "key"}, + {"name": "result3", "url": "https://example.com/leak", "snippet": "data"}, + }, + }, + } + w.Header().Set("Content-Type", "application/json") + _ = json.NewEncoder(w).Encode(body) + } +} + +func TestBingDorkSource_EnabledRequiresAPIKey(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + + if s := NewBingDorkSource("", reg, lim); s.Enabled(recon.Config{}) { + t.Error("expected Enabled=false with empty key") + } + if s := NewBingDorkSource("key", reg, lim); !s.Enabled(recon.Config{}) { + t.Error("expected Enabled=true with key") + } +} + +func TestBingDorkSource_SweepEmptyKeyReturnsNil(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + s := NewBingDorkSource("", reg, lim) + + out := make(chan recon.Finding, 10) + if err := s.Sweep(context.Background(), "", out); err != nil { + t.Fatalf("expected nil, got %v", err) + } + close(out) + if n := countFindings(out); n != 0 { + t.Fatalf("expected 0 findings, got %d", n) + } +} + +func TestBingDorkSource_SweepEmitsFindings(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("bing", 1000, 100) + + var calls int32 + srv := httptest.NewServer(bingStubHandler(t, &calls)) + defer srv.Close() + + s := NewBingDorkSource("testkey", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 32) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + done := make(chan error, 1) + go func() { done <- s.Sweep(ctx, "", out); close(out) }() + + var findings []recon.Finding + for f := range out { + findings = append(findings, f) + } + if err := <-done; err != nil { + t.Fatalf("Sweep error: %v", err) + } + + // 2 keywords * 3 items = 6 findings + if len(findings) != 6 { + t.Fatalf("expected 6 findings, got %d", len(findings)) + } + for _, f := range findings { + if f.SourceType != "recon:bing" { + t.Errorf("SourceType=%q want recon:bing", f.SourceType) + } + } + if got := atomic.LoadInt32(&calls); got != 2 { + t.Errorf("expected 2 calls, got %d", got) + } +} + +func TestBingDorkSource_CtxCancelled(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("bing", 1000, 100) + + s := NewBingDorkSource("key", reg, lim) + s.BaseURL = "http://127.0.0.1:1" + + ctx, cancel := context.WithCancel(context.Background()) + cancel() + + out := make(chan recon.Finding, 1) + err := s.Sweep(ctx, "", out) + if !errors.Is(err, context.Canceled) { + t.Fatalf("expected context.Canceled, got %v", err) + } +} + +func TestBingDorkSource_Unauthorized(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("bing", 1000, 100) + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusUnauthorized) + _, _ = w.Write([]byte("invalid key")) + })) + defer srv.Close() + + s := NewBingDorkSource("key", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 1) + err := s.Sweep(context.Background(), "", out) + if !errors.Is(err, ErrUnauthorized) { + t.Fatalf("expected ErrUnauthorized, got %v", err) + } +} diff --git a/pkg/recon/sources/brave.go b/pkg/recon/sources/brave.go new file mode 100644 index 0000000..06f930c --- /dev/null +++ b/pkg/recon/sources/brave.go @@ -0,0 +1,153 @@ +package sources + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "golang.org/x/time/rate" + + "github.com/salvacybersec/keyhunter/pkg/providers" + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +// BraveSource implements recon.ReconSource against the Brave Search API. +// It requires an API key (X-Subscription-Token) to be enabled. +type BraveSource struct { + APIKey string + BaseURL string + Registry *providers.Registry + Limiters *recon.LimiterRegistry + client *Client +} + +// Compile-time assertion. +var _ recon.ReconSource = (*BraveSource)(nil) + +// NewBraveSource constructs a BraveSource with the shared retry client. +func NewBraveSource(apiKey string, reg *providers.Registry, lim *recon.LimiterRegistry) *BraveSource { + return &BraveSource{ + APIKey: apiKey, + BaseURL: "https://api.search.brave.com", + Registry: reg, + Limiters: lim, + client: NewClient(), + } +} + +func (s *BraveSource) Name() string { return "brave" } +func (s *BraveSource) RateLimit() rate.Limit { return rate.Every(1 * time.Second) } +func (s *BraveSource) Burst() int { return 1 } +func (s *BraveSource) RespectsRobots() bool { return false } + +// Enabled returns true only when APIKey is configured. +func (s *BraveSource) Enabled(_ recon.Config) bool { return s.APIKey != "" } + +// Sweep issues one Brave Search request per provider keyword and emits a +// Finding for every web result. +func (s *BraveSource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error { + if s.APIKey == "" { + return nil + } + base := s.BaseURL + if base == "" { + base = "https://api.search.brave.com" + } + + queries := BuildQueries(s.Registry, "brave") + kwIndex := braveKeywordIndex(s.Registry) + + for _, q := range queries { + if err := ctx.Err(); err != nil { + return err + } + if s.Limiters != nil { + if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil { + return err + } + } + + endpoint := fmt.Sprintf("%s/res/v1/web/search?q=%s&count=20", base, url.QueryEscape(q)) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) + if err != nil { + return fmt.Errorf("brave: build request: %w", err) + } + req.Header.Set("X-Subscription-Token", s.APIKey) + req.Header.Set("Accept", "application/json") + req.Header.Set("User-Agent", "keyhunter-recon") + + resp, err := s.client.Do(ctx, req) + if err != nil { + if errors.Is(err, ErrUnauthorized) { + return err + } + if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { + return err + } + continue + } + + var parsed braveSearchResponse + decErr := json.NewDecoder(resp.Body).Decode(&parsed) + _ = resp.Body.Close() + if decErr != nil { + continue + } + + provName := kwIndex[strings.ToLower(extractGoogleKeyword(q))] + for _, it := range parsed.Web.Results { + f := recon.Finding{ + ProviderName: provName, + Confidence: "low", + Source: it.URL, + SourceType: "recon:brave", + DetectedAt: time.Now(), + } + select { + case out <- f: + case <-ctx.Done(): + return ctx.Err() + } + } + } + return nil +} + +type braveSearchResponse struct { + Web braveWebResults `json:"web"` +} + +type braveWebResults struct { + Results []braveWebItem `json:"results"` +} + +type braveWebItem struct { + URL string `json:"url"` + Title string `json:"title"` + Description string `json:"description"` +} + +// braveKeywordIndex maps lowercased keywords to provider names. +func braveKeywordIndex(reg *providers.Registry) map[string]string { + m := make(map[string]string) + if reg == nil { + return m + } + for _, p := range reg.List() { + for _, k := range p.Keywords { + kl := strings.ToLower(strings.TrimSpace(k)) + if kl == "" { + continue + } + if _, exists := m[kl]; !exists { + m[kl] = p.Name + } + } + } + return m +} diff --git a/pkg/recon/sources/brave_test.go b/pkg/recon/sources/brave_test.go new file mode 100644 index 0000000..f60f5a8 --- /dev/null +++ b/pkg/recon/sources/brave_test.go @@ -0,0 +1,145 @@ +package sources + +import ( + "context" + "encoding/json" + "errors" + "net/http" + "net/http/httptest" + "strings" + "sync/atomic" + "testing" + "time" + + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +func braveStubHandler(t *testing.T, calls *int32) http.HandlerFunc { + t.Helper() + return func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(calls, 1) + if !strings.HasPrefix(r.URL.Path, "/res/v1/web/search") { + t.Errorf("unexpected path: %s", r.URL.Path) + } + if got := r.Header.Get("X-Subscription-Token"); got != "testtoken" { + t.Errorf("missing subscription token: %q", got) + } + body := map[string]any{ + "web": map[string]any{ + "results": []map[string]any{ + {"url": "https://pastebin.com/brave1", "title": "Brave Result 1", "description": "found key"}, + {"url": "https://github.com/org/repo/blob/main/config.env", "title": "Brave Result 2", "description": "leaked"}, + }, + }, + } + w.Header().Set("Content-Type", "application/json") + _ = json.NewEncoder(w).Encode(body) + } +} + +func TestBraveSource_EnabledRequiresAPIKey(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + + if s := NewBraveSource("", reg, lim); s.Enabled(recon.Config{}) { + t.Error("expected Enabled=false with empty key") + } + if s := NewBraveSource("key", reg, lim); !s.Enabled(recon.Config{}) { + t.Error("expected Enabled=true with key") + } +} + +func TestBraveSource_SweepEmptyKeyReturnsNil(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + s := NewBraveSource("", reg, lim) + + out := make(chan recon.Finding, 10) + if err := s.Sweep(context.Background(), "", out); err != nil { + t.Fatalf("expected nil, got %v", err) + } + close(out) + if n := countFindings(out); n != 0 { + t.Fatalf("expected 0 findings, got %d", n) + } +} + +func TestBraveSource_SweepEmitsFindings(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("brave", 1000, 100) + + var calls int32 + srv := httptest.NewServer(braveStubHandler(t, &calls)) + defer srv.Close() + + s := NewBraveSource("testtoken", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 32) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + done := make(chan error, 1) + go func() { done <- s.Sweep(ctx, "", out); close(out) }() + + var findings []recon.Finding + for f := range out { + findings = append(findings, f) + } + if err := <-done; err != nil { + t.Fatalf("Sweep error: %v", err) + } + + // 2 keywords * 2 items = 4 findings + if len(findings) != 4 { + t.Fatalf("expected 4 findings, got %d", len(findings)) + } + for _, f := range findings { + if f.SourceType != "recon:brave" { + t.Errorf("SourceType=%q want recon:brave", f.SourceType) + } + } + if got := atomic.LoadInt32(&calls); got != 2 { + t.Errorf("expected 2 calls, got %d", got) + } +} + +func TestBraveSource_CtxCancelled(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("brave", 1000, 100) + + s := NewBraveSource("key", reg, lim) + s.BaseURL = "http://127.0.0.1:1" + + ctx, cancel := context.WithCancel(context.Background()) + cancel() + + out := make(chan recon.Finding, 1) + err := s.Sweep(ctx, "", out) + if !errors.Is(err, context.Canceled) { + t.Fatalf("expected context.Canceled, got %v", err) + } +} + +func TestBraveSource_Unauthorized(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("brave", 1000, 100) + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusUnauthorized) + _, _ = w.Write([]byte("bad token")) + })) + defer srv.Close() + + s := NewBraveSource("key", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 1) + err := s.Sweep(context.Background(), "", out) + if !errors.Is(err, ErrUnauthorized) { + t.Fatalf("expected ErrUnauthorized, got %v", err) + } +} diff --git a/pkg/recon/sources/duckduckgo.go b/pkg/recon/sources/duckduckgo.go new file mode 100644 index 0000000..cc4a69e --- /dev/null +++ b/pkg/recon/sources/duckduckgo.go @@ -0,0 +1,116 @@ +package sources + +import ( + "context" + "fmt" + "net/http" + "net/url" + "regexp" + "time" + + "golang.org/x/time/rate" + + "github.com/salvacybersec/keyhunter/pkg/providers" + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +// DuckDuckGoSource implements recon.ReconSource by scraping DuckDuckGo's HTML +// search endpoint. No API key is required -- this source is always enabled. +// +// It operates conservatively (2s per request) and declares RespectsRobots=true. +type DuckDuckGoSource struct { + BaseURL string + Registry *providers.Registry + Limiters *recon.LimiterRegistry + client *Client +} + +// Compile-time assertion. +var _ recon.ReconSource = (*DuckDuckGoSource)(nil) + +// ddgResultRE matches DuckDuckGo HTML result links. The HTML search page uses +// anchors for organic results. +var ddgResultRE = regexp.MustCompile(`^https?://`) + +// NewDuckDuckGoSource constructs a DuckDuckGoSource with the shared retry client. +func NewDuckDuckGoSource(reg *providers.Registry, lim *recon.LimiterRegistry) *DuckDuckGoSource { + return &DuckDuckGoSource{ + BaseURL: "https://html.duckduckgo.com", + Registry: reg, + Limiters: lim, + client: NewClient(), + } +} + +func (s *DuckDuckGoSource) Name() string { return "duckduckgo" } +func (s *DuckDuckGoSource) RateLimit() rate.Limit { return rate.Every(2 * time.Second) } +func (s *DuckDuckGoSource) Burst() int { return 1 } +func (s *DuckDuckGoSource) RespectsRobots() bool { return true } + +// Enabled always returns true -- DuckDuckGo HTML scraping requires no credentials. +func (s *DuckDuckGoSource) Enabled(_ recon.Config) bool { return true } + +// Sweep iterates provider keywords, scrapes DuckDuckGo HTML search, and emits +// a Finding per result link. +func (s *DuckDuckGoSource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error { + base := s.BaseURL + if base == "" { + base = "https://html.duckduckgo.com" + } + client := s.client + if client == nil { + client = NewClient() + } + + queries := BuildQueries(s.Registry, "duckduckgo") + if len(queries) == 0 { + return nil + } + + for _, q := range queries { + if err := ctx.Err(); err != nil { + return err + } + if s.Limiters != nil { + if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil { + return err + } + } + + searchURL := fmt.Sprintf("%s/html/?q=%s", base, url.QueryEscape(q)) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, searchURL, nil) + if err != nil { + return fmt.Errorf("duckduckgo: build req: %w", err) + } + req.Header.Set("User-Agent", "keyhunter-recon") + + resp, err := client.Do(ctx, req) + if err != nil { + // Transient failures: continue to next query. + continue + } + links, parseErr := extractAnchorHrefs(resp.Body, ddgResultRE) + _ = resp.Body.Close() + if parseErr != nil { + continue + } + + for _, href := range links { + if err := ctx.Err(); err != nil { + return err + } + f := recon.Finding{ + Source: href, + SourceType: "recon:duckduckgo", + Confidence: "low", + DetectedAt: time.Now(), + } + select { + case out <- f: + case <-ctx.Done(): + return ctx.Err() + } + } + } + return nil +} diff --git a/pkg/recon/sources/duckduckgo_test.go b/pkg/recon/sources/duckduckgo_test.go new file mode 100644 index 0000000..86a656a --- /dev/null +++ b/pkg/recon/sources/duckduckgo_test.go @@ -0,0 +1,134 @@ +package sources + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "sync/atomic" + "testing" + "time" + + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +const ddgHTMLFixture = ` + + +
+
+ Pastebin Result +
+
+ GitHub Result +
+
+ Example +
+
+ +` + +func ddgStubHandler(t *testing.T, calls *int32) http.HandlerFunc { + t.Helper() + return func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(calls, 1) + if r.URL.Path != "/html/" { + t.Errorf("unexpected path: %s", r.URL.Path) + } + w.Header().Set("Content-Type", "text/html") + _, _ = w.Write([]byte(ddgHTMLFixture)) + } +} + +func TestDuckDuckGoSource_AlwaysEnabled(t *testing.T) { + s := NewDuckDuckGoSource(syntheticRegistry(), recon.NewLimiterRegistry()) + if !s.Enabled(recon.Config{}) { + t.Error("expected Enabled=true always") + } +} + +func TestDuckDuckGoSource_RespectsRobots(t *testing.T) { + s := NewDuckDuckGoSource(syntheticRegistry(), recon.NewLimiterRegistry()) + if !s.RespectsRobots() { + t.Error("expected RespectsRobots=true") + } +} + +func TestDuckDuckGoSource_SweepEmitsFindings(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("duckduckgo", 1000, 100) + + var calls int32 + srv := httptest.NewServer(ddgStubHandler(t, &calls)) + defer srv.Close() + + s := NewDuckDuckGoSource(reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 32) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + done := make(chan error, 1) + go func() { done <- s.Sweep(ctx, "", out); close(out) }() + + var findings []recon.Finding + for f := range out { + findings = append(findings, f) + } + if err := <-done; err != nil { + t.Fatalf("Sweep error: %v", err) + } + + // 2 keywords * 3 links = 6 findings + if len(findings) != 6 { + t.Fatalf("expected 6 findings, got %d", len(findings)) + } + for _, f := range findings { + if f.SourceType != "recon:duckduckgo" { + t.Errorf("SourceType=%q want recon:duckduckgo", f.SourceType) + } + if f.Confidence != "low" { + t.Errorf("Confidence=%q want low", f.Confidence) + } + } + if got := atomic.LoadInt32(&calls); got != 2 { + t.Errorf("expected 2 DDG calls, got %d", got) + } +} + +func TestDuckDuckGoSource_CtxCancelled(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("duckduckgo", 1000, 100) + + s := NewDuckDuckGoSource(reg, lim) + s.BaseURL = "http://127.0.0.1:1" + + ctx, cancel := context.WithCancel(context.Background()) + cancel() + + out := make(chan recon.Finding, 1) + err := s.Sweep(ctx, "", out) + if !errors.Is(err, context.Canceled) { + t.Fatalf("expected context.Canceled, got %v", err) + } +} + +func TestDuckDuckGoSource_EmptyRegistryNoError(t *testing.T) { + lim := recon.NewLimiterRegistry() + s := NewDuckDuckGoSource(nil, lim) + + out := make(chan recon.Finding, 1) + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Fatal("should not be called with nil registry") + })) + defer srv.Close() + s.BaseURL = srv.URL + + if err := s.Sweep(context.Background(), "", out); err != nil { + t.Fatalf("expected nil, got %v", err) + } +} diff --git a/pkg/recon/sources/google.go b/pkg/recon/sources/google.go new file mode 100644 index 0000000..3db4e79 --- /dev/null +++ b/pkg/recon/sources/google.go @@ -0,0 +1,172 @@ +package sources + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "golang.org/x/time/rate" + + "github.com/salvacybersec/keyhunter/pkg/providers" + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +// GoogleDorkSource implements recon.ReconSource against the Google Custom +// Search JSON API. It iterates provider keyword queries (via BuildQueries) +// and emits a recon.Finding for every search result item returned. +// +// Both APIKey and CX (custom search engine ID) must be set for the source to +// be enabled. Missing credentials disable the source without error. +type GoogleDorkSource struct { + APIKey string + CX string + BaseURL string + Registry *providers.Registry + Limiters *recon.LimiterRegistry + client *Client +} + +// Compile-time assertion. +var _ recon.ReconSource = (*GoogleDorkSource)(nil) + +// NewGoogleDorkSource constructs a GoogleDorkSource with the shared retry client. +func NewGoogleDorkSource(apiKey, cx string, reg *providers.Registry, lim *recon.LimiterRegistry) *GoogleDorkSource { + return &GoogleDorkSource{ + APIKey: apiKey, + CX: cx, + BaseURL: "https://www.googleapis.com", + Registry: reg, + Limiters: lim, + client: NewClient(), + } +} + +func (s *GoogleDorkSource) Name() string { return "google" } +func (s *GoogleDorkSource) RateLimit() rate.Limit { return rate.Every(1 * time.Second) } +func (s *GoogleDorkSource) Burst() int { return 1 } +func (s *GoogleDorkSource) RespectsRobots() bool { return false } + +// Enabled returns true only when both APIKey and CX are configured. +func (s *GoogleDorkSource) Enabled(_ recon.Config) bool { + return s.APIKey != "" && s.CX != "" +} + +// Sweep issues one Custom Search request per provider keyword and emits a +// Finding for every result item. +func (s *GoogleDorkSource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error { + if s.APIKey == "" || s.CX == "" { + return nil + } + base := s.BaseURL + if base == "" { + base = "https://www.googleapis.com" + } + + queries := BuildQueries(s.Registry, "google") + kwIndex := googleKeywordIndex(s.Registry) + + for _, q := range queries { + if err := ctx.Err(); err != nil { + return err + } + if s.Limiters != nil { + if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil { + return err + } + } + + endpoint := fmt.Sprintf("%s/customsearch/v1?key=%s&cx=%s&q=%s&num=10", + base, url.QueryEscape(s.APIKey), url.QueryEscape(s.CX), url.QueryEscape(q)) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) + if err != nil { + return fmt.Errorf("google: build request: %w", err) + } + req.Header.Set("Accept", "application/json") + req.Header.Set("User-Agent", "keyhunter-recon") + + resp, err := s.client.Do(ctx, req) + if err != nil { + if errors.Is(err, ErrUnauthorized) { + return err + } + if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { + return err + } + continue + } + + var parsed googleSearchResponse + decErr := json.NewDecoder(resp.Body).Decode(&parsed) + _ = resp.Body.Close() + if decErr != nil { + continue + } + + provName := kwIndex[strings.ToLower(extractGoogleKeyword(q))] + for _, it := range parsed.Items { + f := recon.Finding{ + ProviderName: provName, + Confidence: "low", + Source: it.Link, + SourceType: "recon:google", + DetectedAt: time.Now(), + } + select { + case out <- f: + case <-ctx.Done(): + return ctx.Err() + } + } + } + return nil +} + +type googleSearchResponse struct { + Items []googleSearchItem `json:"items"` +} + +type googleSearchItem struct { + Title string `json:"title"` + Link string `json:"link"` + Snippet string `json:"snippet"` +} + +// googleKeywordIndex maps lowercased keywords to provider names. +func googleKeywordIndex(reg *providers.Registry) map[string]string { + m := make(map[string]string) + if reg == nil { + return m + } + for _, p := range reg.List() { + for _, k := range p.Keywords { + kl := strings.ToLower(strings.TrimSpace(k)) + if kl == "" { + continue + } + if _, exists := m[kl]; !exists { + m[kl] = p.Name + } + } + } + return m +} + +// extractGoogleKeyword reverses the dork query format to recover the keyword. +func extractGoogleKeyword(q string) string { + // Format: site:pastebin.com OR site:github.com "keyword" + idx := strings.LastIndex(q, `"`) + if idx <= 0 { + return q + } + inner := q[:idx] + start := strings.LastIndex(inner, `"`) + if start < 0 { + return q + } + return inner[start+1:] +} diff --git a/pkg/recon/sources/google_test.go b/pkg/recon/sources/google_test.go new file mode 100644 index 0000000..a6d2072 --- /dev/null +++ b/pkg/recon/sources/google_test.go @@ -0,0 +1,158 @@ +package sources + +import ( + "context" + "encoding/json" + "errors" + "net/http" + "net/http/httptest" + "strings" + "sync/atomic" + "testing" + "time" + + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +func googleStubHandler(t *testing.T, calls *int32) http.HandlerFunc { + t.Helper() + return func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(calls, 1) + if !strings.HasPrefix(r.URL.Path, "/customsearch/v1") { + t.Errorf("unexpected path: %s", r.URL.Path) + } + if r.URL.Query().Get("key") != "testkey" { + t.Errorf("missing api key in query") + } + if r.URL.Query().Get("cx") != "testcx" { + t.Errorf("missing cx in query") + } + body := map[string]any{ + "items": []map[string]any{ + {"title": "result1", "link": "https://pastebin.com/abc123", "snippet": "found key"}, + {"title": "result2", "link": "https://github.com/org/repo/blob/main/env", "snippet": "another"}, + }, + } + w.Header().Set("Content-Type", "application/json") + _ = json.NewEncoder(w).Encode(body) + } +} + +func TestGoogleDorkSource_EnabledRequiresBothKeys(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + + tests := []struct { + apiKey, cx string + want bool + }{ + {"", "", false}, + {"key", "", false}, + {"", "cx", false}, + {"key", "cx", true}, + } + for _, tt := range tests { + s := NewGoogleDorkSource(tt.apiKey, tt.cx, reg, lim) + if got := s.Enabled(recon.Config{}); got != tt.want { + t.Errorf("Enabled(apiKey=%q, cx=%q) = %v, want %v", tt.apiKey, tt.cx, got, tt.want) + } + } +} + +func TestGoogleDorkSource_SweepEmptyCredsReturnsNil(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + s := NewGoogleDorkSource("", "", reg, lim) + + out := make(chan recon.Finding, 10) + if err := s.Sweep(context.Background(), "", out); err != nil { + t.Fatalf("expected nil err, got %v", err) + } + close(out) + if n := countFindings(out); n != 0 { + t.Fatalf("expected 0 findings, got %d", n) + } +} + +func TestGoogleDorkSource_SweepEmitsFindings(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("google", 1000, 100) + + var calls int32 + srv := httptest.NewServer(googleStubHandler(t, &calls)) + defer srv.Close() + + s := NewGoogleDorkSource("testkey", "testcx", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 32) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + done := make(chan error, 1) + go func() { done <- s.Sweep(ctx, "", out); close(out) }() + + var findings []recon.Finding + for f := range out { + findings = append(findings, f) + } + if err := <-done; err != nil { + t.Fatalf("Sweep error: %v", err) + } + + // 2 keywords * 2 items = 4 findings + if len(findings) != 4 { + t.Fatalf("expected 4 findings, got %d", len(findings)) + } + for _, f := range findings { + if f.SourceType != "recon:google" { + t.Errorf("SourceType=%q want recon:google", f.SourceType) + } + if f.Confidence != "low" { + t.Errorf("Confidence=%q want low", f.Confidence) + } + } + if got := atomic.LoadInt32(&calls); got != 2 { + t.Errorf("expected 2 API calls, got %d", got) + } +} + +func TestGoogleDorkSource_CtxCancelled(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("google", 1000, 100) + + s := NewGoogleDorkSource("key", "cx", reg, lim) + s.BaseURL = "http://127.0.0.1:1" + + ctx, cancel := context.WithCancel(context.Background()) + cancel() + + out := make(chan recon.Finding, 1) + err := s.Sweep(ctx, "", out) + if !errors.Is(err, context.Canceled) { + t.Fatalf("expected context.Canceled, got %v", err) + } +} + +func TestGoogleDorkSource_Unauthorized(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("google", 1000, 100) + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusUnauthorized) + _, _ = w.Write([]byte("bad key")) + })) + defer srv.Close() + + s := NewGoogleDorkSource("key", "cx", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 1) + err := s.Sweep(context.Background(), "", out) + if !errors.Is(err, ErrUnauthorized) { + t.Fatalf("expected ErrUnauthorized, got %v", err) + } +} diff --git a/pkg/recon/sources/queries.go b/pkg/recon/sources/queries.go index 6734054..4592136 100644 --- a/pkg/recon/sources/queries.go +++ b/pkg/recon/sources/queries.go @@ -47,6 +47,8 @@ func formatQuery(source, keyword string) string { switch source { case "github", "gist": return fmt.Sprintf("%q in:file", keyword) + case "google", "bing", "duckduckgo", "yandex", "brave": + return fmt.Sprintf(`site:pastebin.com OR site:github.com "%s"`, keyword) default: // GitLab, Bitbucket, Codeberg, HuggingFace, Kaggle, Replit, // CodeSandbox, sandboxes, and unknown sources use bare keywords. diff --git a/pkg/recon/sources/yandex.go b/pkg/recon/sources/yandex.go new file mode 100644 index 0000000..0d26c00 --- /dev/null +++ b/pkg/recon/sources/yandex.go @@ -0,0 +1,177 @@ +package sources + +import ( + "context" + "encoding/xml" + "errors" + "fmt" + "net/http" + "net/url" + "strings" + "time" + + "golang.org/x/time/rate" + + "github.com/salvacybersec/keyhunter/pkg/providers" + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +// YandexSource implements recon.ReconSource against the Yandex XML Search API. +// It requires both a User and APIKey to be enabled. +type YandexSource struct { + User string + APIKey string + BaseURL string + Registry *providers.Registry + Limiters *recon.LimiterRegistry + client *Client +} + +// Compile-time assertion. +var _ recon.ReconSource = (*YandexSource)(nil) + +// NewYandexSource constructs a YandexSource with the shared retry client. +func NewYandexSource(user, apiKey string, reg *providers.Registry, lim *recon.LimiterRegistry) *YandexSource { + return &YandexSource{ + User: user, + APIKey: apiKey, + BaseURL: "https://yandex.com", + Registry: reg, + Limiters: lim, + client: NewClient(), + } +} + +func (s *YandexSource) Name() string { return "yandex" } +func (s *YandexSource) RateLimit() rate.Limit { return rate.Every(1 * time.Second) } +func (s *YandexSource) Burst() int { return 1 } +func (s *YandexSource) RespectsRobots() bool { return false } + +// Enabled returns true only when both User and APIKey are configured. +func (s *YandexSource) Enabled(_ recon.Config) bool { + return s.User != "" && s.APIKey != "" +} + +// Sweep issues one Yandex XML search request per provider keyword and emits a +// Finding for every element in the response. +func (s *YandexSource) Sweep(ctx context.Context, _ string, out chan<- recon.Finding) error { + if s.User == "" || s.APIKey == "" { + return nil + } + base := s.BaseURL + if base == "" { + base = "https://yandex.com" + } + + queries := BuildQueries(s.Registry, "yandex") + kwIndex := yandexKeywordIndex(s.Registry) + + for _, q := range queries { + if err := ctx.Err(); err != nil { + return err + } + if s.Limiters != nil { + if err := s.Limiters.Wait(ctx, s.Name(), s.RateLimit(), s.Burst(), false); err != nil { + return err + } + } + + endpoint := fmt.Sprintf("%s/search/xml?user=%s&key=%s&query=%s&l10n=en&sortby=rlv&filter=none&groupby=%s", + base, + url.QueryEscape(s.User), + url.QueryEscape(s.APIKey), + url.QueryEscape(q), + url.QueryEscape(`attr="".mode=flat.groups-on-page=50`)) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil) + if err != nil { + return fmt.Errorf("yandex: build request: %w", err) + } + req.Header.Set("User-Agent", "keyhunter-recon") + + resp, err := s.client.Do(ctx, req) + if err != nil { + if errors.Is(err, ErrUnauthorized) { + return err + } + if errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) { + return err + } + continue + } + + var parsed yandexSearchResponse + decErr := xml.NewDecoder(resp.Body).Decode(&parsed) + _ = resp.Body.Close() + if decErr != nil { + continue + } + + provName := kwIndex[strings.ToLower(extractGoogleKeyword(q))] + for _, grp := range parsed.Response.Results.Grouping.Groups { + for _, doc := range grp.Docs { + if doc.URL == "" { + continue + } + f := recon.Finding{ + ProviderName: provName, + Confidence: "low", + Source: doc.URL, + SourceType: "recon:yandex", + DetectedAt: time.Now(), + } + select { + case out <- f: + case <-ctx.Done(): + return ctx.Err() + } + } + } + } + return nil +} + +// XML response structures for Yandex XML Search API. +type yandexSearchResponse struct { + XMLName xml.Name `xml:"yandexsearch"` + Response yandexResponse `xml:"response"` +} + +type yandexResponse struct { + Results yandexResults `xml:"results"` +} + +type yandexResults struct { + Grouping yandexGrouping `xml:"grouping"` +} + +type yandexGrouping struct { + Groups []yandexGroup `xml:"group"` +} + +type yandexGroup struct { + Docs []yandexDoc `xml:"doc"` +} + +type yandexDoc struct { + URL string `xml:"url"` +} + +// yandexKeywordIndex maps lowercased keywords to provider names. +func yandexKeywordIndex(reg *providers.Registry) map[string]string { + m := make(map[string]string) + if reg == nil { + return m + } + for _, p := range reg.List() { + for _, k := range p.Keywords { + kl := strings.ToLower(strings.TrimSpace(k)) + if kl == "" { + continue + } + if _, exists := m[kl]; !exists { + m[kl] = p.Name + } + } + } + return m +} diff --git a/pkg/recon/sources/yandex_test.go b/pkg/recon/sources/yandex_test.go new file mode 100644 index 0000000..1ec4556 --- /dev/null +++ b/pkg/recon/sources/yandex_test.go @@ -0,0 +1,171 @@ +package sources + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "strings" + "sync/atomic" + "testing" + "time" + + "github.com/salvacybersec/keyhunter/pkg/recon" +) + +const yandexXMLFixture = ` + + + + + + + https://pastebin.com/yandex1 + + + + + https://github.com/user/repo/blob/main/secrets.env + + + https://example.com/leaked + + + + + +` + +func yandexStubHandler(t *testing.T, calls *int32) http.HandlerFunc { + t.Helper() + return func(w http.ResponseWriter, r *http.Request) { + atomic.AddInt32(calls, 1) + if !strings.HasPrefix(r.URL.Path, "/search/xml") { + t.Errorf("unexpected path: %s", r.URL.Path) + } + if r.URL.Query().Get("user") != "testuser" { + t.Errorf("missing user param") + } + if r.URL.Query().Get("key") != "testkey" { + t.Errorf("missing key param") + } + w.Header().Set("Content-Type", "application/xml") + _, _ = w.Write([]byte(yandexXMLFixture)) + } +} + +func TestYandexSource_EnabledRequiresBoth(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + + tests := []struct { + user, key string + want bool + }{ + {"", "", false}, + {"user", "", false}, + {"", "key", false}, + {"user", "key", true}, + } + for _, tt := range tests { + s := NewYandexSource(tt.user, tt.key, reg, lim) + if got := s.Enabled(recon.Config{}); got != tt.want { + t.Errorf("Enabled(user=%q, key=%q) = %v, want %v", tt.user, tt.key, got, tt.want) + } + } +} + +func TestYandexSource_SweepEmptyCredsReturnsNil(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + s := NewYandexSource("", "", reg, lim) + + out := make(chan recon.Finding, 10) + if err := s.Sweep(context.Background(), "", out); err != nil { + t.Fatalf("expected nil, got %v", err) + } + close(out) + if n := countFindings(out); n != 0 { + t.Fatalf("expected 0 findings, got %d", n) + } +} + +func TestYandexSource_SweepEmitsFindings(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("yandex", 1000, 100) + + var calls int32 + srv := httptest.NewServer(yandexStubHandler(t, &calls)) + defer srv.Close() + + s := NewYandexSource("testuser", "testkey", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 32) + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + done := make(chan error, 1) + go func() { done <- s.Sweep(ctx, "", out); close(out) }() + + var findings []recon.Finding + for f := range out { + findings = append(findings, f) + } + if err := <-done; err != nil { + t.Fatalf("Sweep error: %v", err) + } + + // 2 keywords * 3 URLs in XML = 6 findings + if len(findings) != 6 { + t.Fatalf("expected 6 findings, got %d", len(findings)) + } + for _, f := range findings { + if f.SourceType != "recon:yandex" { + t.Errorf("SourceType=%q want recon:yandex", f.SourceType) + } + } + if got := atomic.LoadInt32(&calls); got != 2 { + t.Errorf("expected 2 calls, got %d", got) + } +} + +func TestYandexSource_CtxCancelled(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("yandex", 1000, 100) + + s := NewYandexSource("user", "key", reg, lim) + s.BaseURL = "http://127.0.0.1:1" + + ctx, cancel := context.WithCancel(context.Background()) + cancel() + + out := make(chan recon.Finding, 1) + err := s.Sweep(ctx, "", out) + if !errors.Is(err, context.Canceled) { + t.Fatalf("expected context.Canceled, got %v", err) + } +} + +func TestYandexSource_Unauthorized(t *testing.T) { + reg := syntheticRegistry() + lim := recon.NewLimiterRegistry() + _ = lim.For("yandex", 1000, 100) + + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusUnauthorized) + _, _ = w.Write([]byte("bad creds")) + })) + defer srv.Close() + + s := NewYandexSource("user", "key", reg, lim) + s.BaseURL = srv.URL + + out := make(chan recon.Finding, 1) + err := s.Sweep(context.Background(), "", out) + if !errors.Is(err, ErrUnauthorized) { + t.Fatalf("expected ErrUnauthorized, got %v", err) + } +}