salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d02cdcc7e0fe0b2bd4d3d0a9add086fddfbbfeaa
keyhunter/.planning/phases/08-dork-engine/08-04-PLAN.md
salvacybersec 46cf55ad37 docs(08): create phase plan
2026-04-06 00:13:13 +03:00

202 lines
8.1 KiB
Markdown
Raw Blame History

---
phase: 08-dork-engine
plan: 04
type: execute
wave: 2
depends_on: [08-01]
files_modified:
- pkg/dorks/definitions/censys/all.yaml
- pkg/dorks/definitions/zoomeye/all.yaml
- pkg/dorks/definitions/fofa/all.yaml
- pkg/dorks/definitions/gitlab/all.yaml
- pkg/dorks/definitions/bing/all.yaml
- dorks/censys/all.yaml
- dorks/zoomeye/all.yaml
- dorks/fofa/all.yaml
- dorks/gitlab/all.yaml
- dorks/bing/all.yaml
autonomous: true
requirements:
- DORK-01
- DORK-02
- DORK-04
must_haves:
truths:
- "Registry.ListBySource(\"censys\") returns >= 15"
- "Registry.ListBySource(\"zoomeye\") returns >= 10"
- "Registry.ListBySource(\"fofa\") returns >= 10"
- "Registry.ListBySource(\"gitlab\") returns >= 10"
- "Registry.ListBySource(\"bing\") returns >= 5"
- "Combined total from plans 02+03+04 is >= 150"
artifacts:
- path: "pkg/dorks/definitions/censys/all.yaml"
provides: "15 Censys search queries"
contains: "source: censys"
- path: "pkg/dorks/definitions/zoomeye/all.yaml"
provides: "10 ZoomEye queries"
contains: "source: zoomeye"
- path: "pkg/dorks/definitions/fofa/all.yaml"
provides: "10 FOFA queries"
contains: "source: fofa"
- path: "pkg/dorks/definitions/gitlab/all.yaml"
provides: "10 GitLab code search queries"
contains: "source: gitlab"
- path: "pkg/dorks/definitions/bing/all.yaml"
provides: "5 Bing dorks"
contains: "source: bing"
key_links:
- from: "pkg/dorks/definitions/{censys,zoomeye,fofa,gitlab,bing}/all.yaml"
to: "pkg/dorks/loader.go"
via: "go:embed subdir walk"
pattern: "source: (censys|zoomeye|fofa|gitlab|bing)"
---
<objective>
Fill the remaining 5 sources to hit the 150-dork total: Censys (15), ZoomEye (10),
FOFA (10), GitLab (10), Bing (5). Each source uses its own native query syntax.
Execution of these is deferred to later OSINT phases (9-16); this plan only
delivers the definitions.
Purpose: Closes DORK-02 (150+ dorks) and ensures DORK-04 (category filtering)
has coverage across every source.
Output: 50 dorks across 5 sources, hitting the 150 total when combined with
Plans 08-02 (50 GitHub) + 08-03 (50 Google/Shodan).
</objective>
<execution_context>
@$HOME/.claude/get-shit-done/workflows/execute-plan.md
@$HOME/.claude/get-shit-done/templates/summary.md
</execution_context>
<context>
@.planning/phases/08-dork-engine/08-CONTEXT.md
@pkg/dorks/schema.go
</context>
<tasks>
<task type="auto">
<name>Task 1: 25 Censys + ZoomEye dorks</name>
<files>
pkg/dorks/definitions/censys/all.yaml,
pkg/dorks/definitions/zoomeye/all.yaml,
dorks/censys/all.yaml,
dorks/zoomeye/all.yaml
</files>
<action>
Dual location. List YAML format identical to plans 02-03.
**censys/all.yaml — 15 dorks** using Censys Search 2.0 syntax
(services.http.response.*, services.tls.certificates.*):
- censys-ollama-11434: `services.port: 11434 and services.http.response.body: "Ollama"`
- censys-vllm: `services.http.response.body: "vLLM" and services.http.response.body: "/v1/models"`
- censys-localai: `services.http.response.html_title: "LocalAI"`
- censys-openwebui: `services.http.response.html_title: "Open WebUI"`
- censys-lmstudio: `services.http.response.html_title: "LM Studio"`
- censys-triton: `services.http.response.body: "NVIDIA Triton" and services.http.response.body: "/v2/models"`
- censys-tgi: `services.http.response.body: "text-generation-inference"`
- censys-litellm: `services.http.response.html_title: "LiteLLM" and services.port: 4000`
- censys-portkey: `services.http.response.html_title: "Portkey"`
- censys-langserve: `services.http.response.html_title: "LangServe"`
- censys-openai-azure-cert: `services.tls.certificates.leaf_data.subject.common_name: "openai.azure.com"`
- censys-bedrock-cert: `services.tls.certificates.leaf_data.subject.common_name: "bedrock-runtime"`
- censys-fastchat: `services.http.response.html_title: "FastChat"`
- censys-textgen-webui: `services.http.response.html_title: "text-generation-webui"`
- censys-openai-proxy: `services.http.response.body: "/v1/chat/completions" and services.http.response.body: "OPENAI_API_KEY"`
Category mix: 12 infrastructure, 3 frontier (the azure/bedrock/openai-proxy entries).
**zoomeye/all.yaml — 10 dorks** using ZoomEye query syntax
(app:, title:, service:, port:):
- zoomeye-ollama: `port:11434 +app:"Ollama"`
- zoomeye-vllm: `title:"vLLM" +app:"nginx"`
- zoomeye-localai: `title:"LocalAI"`
- zoomeye-openwebui: `title:"Open WebUI"`
- zoomeye-litellm: `title:"LiteLLM" +port:4000`
- zoomeye-lmstudio: `title:"LM Studio"`
- zoomeye-triton-grpc: `port:8001 +service:"triton"`
- zoomeye-fastchat: `title:"FastChat"`
- zoomeye-langserve: `title:"LangServe"`
- zoomeye-openai-proxy: `title:"openai" +"/v1/chat/completions"`
All category: infrastructure (with the last one arguably frontier; mark it frontier).
</action>
<verify>
<automated>cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -c '^- id:' pkg/dorks/definitions/censys/*.yaml pkg/dorks/definitions/zoomeye/*.yaml | awk -F: '{s+=$NF}END{print "censys+zoomeye:",s; if(s<25) exit 1}'</automated>
</verify>
<done>25 dorks loaded across Censys + ZoomEye.</done>
</task>
<task type="auto">
<name>Task 2: 25 FOFA + GitLab + Bing dorks</name>
<files>
pkg/dorks/definitions/fofa/all.yaml,
pkg/dorks/definitions/gitlab/all.yaml,
pkg/dorks/definitions/bing/all.yaml,
dorks/fofa/all.yaml,
dorks/gitlab/all.yaml,
dorks/bing/all.yaml
</files>
<action>
Dual location. List YAML format.
**fofa/all.yaml — 10 dorks** using FOFA syntax (title=, body=, port=, cert=):
- fofa-ollama: `port="11434" && body="Ollama"`
- fofa-vllm: `title="vLLM"`
- fofa-localai: `title="LocalAI"`
- fofa-openwebui: `title="Open WebUI"`
- fofa-litellm: `title="LiteLLM" && port="4000"`
- fofa-openai-azure: `cert="openai.azure.com"`
- fofa-triton: `body="NVIDIA Triton" && body="/v2/models"`
- fofa-langserve: `title="LangServe"`
- fofa-tgi-hf: `body="text-generation-inference"`
- fofa-openai-proxy: `body="/v1/chat/completions" && body="api_key"`
Mix: 8 infrastructure, 2 frontier (azure cert, openai-proxy).
**gitlab/all.yaml — 10 dorks** for GitLab code search API:
- gitlab-openai-envfile: `sk-proj- extension:env`
- gitlab-anthropic-envfile: `sk-ant-api03- extension:env`
- gitlab-google-ai-json: `AIzaSy extension:json "generativelanguage"`
- gitlab-groq-envfile: `gsk_ extension:env`
- gitlab-cohere-envfile: `COHERE_API_KEY extension:env`
- gitlab-hf-pyfile: `hf_ extension:py`
- gitlab-openrouter-env: `sk-or-v1- extension:env`
- gitlab-perplexity-env: `pplx- extension:env`
- gitlab-deepseek-env: `DEEPSEEK_API_KEY extension:env`
- gitlab-pinecone-env: `PINECONE_API_KEY extension:env`
Categories spread across frontier/specialized/infrastructure/emerging.
**bing/all.yaml — 5 dorks** using Bing operators (site:, filetype:,
intitle:, inbody:):
- bing-openai-pastebin: `site:pastebin.com "sk-proj-"`
- bing-anthropic-pastebin: `site:pastebin.com "sk-ant-api03-"`
- bing-ollama-exposed: `intitle:"Ollama" inbody:"/api/tags"`
- bing-openai-env: `filetype:env "OPENAI_API_KEY=sk-proj-"`
- bing-hf-pastebin: `site:pastebin.com "hf_"`
Mix: 3 frontier, 1 specialized (hf), 1 infrastructure (ollama).
</action>
<verify>
<automated>cd /home/salva/Documents/apikey && go test ./pkg/dorks/... && grep -rhc '^- id:' pkg/dorks/definitions/ | awk '{s+=$1}END{print "grand total:",s; if(s<150) exit 1}'</automated>
</verify>
<done>25 more dorks loaded; grand total across all sources >= 150.</done>
</task>
</tasks>
<verification>
`go test ./pkg/dorks/...` passes; `grep -rhc '^- id:' pkg/dorks/definitions/ | paste -sd+ | bc` >= 150.
</verification>
<success_criteria>
- Censys 15 + ZoomEye 10 + FOFA 10 + GitLab 10 + Bing 5 = 50 dorks added
- Cumulative phase total reaches 150+ (DORK-02 satisfied)
- All 8 sources present in registry stats
</success_criteria>
<output>
After completion, create `.planning/phases/08-dork-engine/08-04-SUMMARY.md`
</output>
Reference in New Issue View Git Blame Copy Permalink