@fanboynz/network-scanner 1.0.35

package/nwss.1

@@ -0,0 +1,824 @@
+.TH NWSS-SCRIPT 1 "2025" "scanner-script v1.0.32" "User Commands"
+.SH NAME
+NWSS scanner-script \- Network scanner for malware detection and domain analysis with advanced similarity filtering
+
+.SH SYNOPSIS
+.B node nwss.js
+[\fIOPTIONS\fR]
+
+.SH DESCRIPTION
+.B nwss.js
+is a comprehensive network scanner that uses Puppeteer to analyze web pages for malicious content, tracking scripts, and suspicious domains. It can detect threats through URL pattern matching, content analysis, DNS/WHOIS lookups, and behavioral analysis.
+
+The scanner supports multiple detection methods including regex filtering, content searching with curl/grep, network tools integration, and advanced browser-based analysis with frame monitoring and fingerprint spoofing. It includes intelligent domain similarity filtering to reduce noise and improve detection accuracy.
+
+.SH OPTIONS
+
+.SS Output Options
+.TP
+.BR \-o ", " \--output " \fIFILE\fR"
+Write rules to \fIFILE\fR instead of standard output.
+
+.TP
+.BR \--compare " \fIFILE\fR"
+Remove rules that already exist in \fIFILE\fR before output (requires \fB\-o\fR).
+
+.TP
+.B \--append
+Append new rules to output file instead of overwriting (requires \fB\-o\fR).
+
+.SS Output Format Options
+.TP
+.B \--localhost
+Output rules as \fB127.0.0.1 domain.com\fR format for hosts file.
+
+.TP
+.B \--localhost-0.0.0.0
+Output rules as \fB0.0.0.0 domain.com\fR format for hosts file.
+
+.TP
+.B \--plain
+Output just domain names without any formatting.
+
+.TP
+.B \--dnsmasq
+Output as \fBlocal=/domain.com/\fR format for dnsmasq.
+
+.TP
+.B \--dnsmasq-old
+Output as \fBserver=/domain.com/\fR format for older dnsmasq versions.
+
+.TP
+.B \--unbound
+Output as \fBlocal-zone: "domain.com." always_null\fR format for Unbound DNS.
+
+.TP
+.B \--privoxy
+Output as \fB{ +block } .domain.com\fR format for Privoxy action files.
+
+.TP
+.B \--pihole
+Output as \fB(^|\\.)domain\\.com$\fR format for Pi-hole regex filters.
+
+.TP
+.B \--adblock-rules
+Generate adblock filter rules with resource type modifiers (requires \fB\-o\fR).
+
+.SS General Options
+.TP
+.B \--verbose
+Enable verbose output globally for all sites.
+
+.TP
+.B \--debug
+Enable debug mode with detailed logging of all network requests.
+
+.TP
+.B \--silent
+Suppress normal console output (errors and warnings still shown).
+
+.TP
+.B \--titles
+Add comment lines with site URLs before each rule group.
+
+.TP
+.B \--dumpurls
+Log all matched URLs to timestamped log files in \fBlogs/\fR directory.
+
+.TP
+.B \--compress-logs
+Compress log files with gzip after completion (requires \fB\--dumpurls\fR).
+
+.TP
+.B \--sub-domains
+Output full subdomains instead of collapsing to root domains.
+
+.TP
+.B \--no-interact
+Disable mouse simulation and page interaction globally.
+
+.TP
+.BR \--custom-json " \fIFILE\fR"
+Use \fIFILE\fR instead of \fBconfig.json\fR for configuration.
+
+.TP
+.B \--headful
+Launch browser with GUI instead of headless mode.
+
+.TP
+.B \--cdp
+Enable Chrome DevTools Protocol logging for network analysis.
+
+.TP
+.B \--remove-dupes
+Remove duplicate domains from output (only with \fB\-o\fR).
+
+.TP
+.B \--eval-on-doc
+Globally enable JavaScript injection for Fetch/XHR interception.
+
+.TP
+.B \--dry-run
+Console output only: show matching regex, titles, whois/dig/searchstring results, and adblock rules without writing files.
+
+.TP
+.B \--remove-tempfiles
+Remove Chrome/Puppeteer temporary files before exit.
+
+.TP
+.BR \-h ", " \--help
+Show help message and exit.
+
+.TP
+.B \--version
+Show version information and exit.
+
+.SS Validation Options
+.TP
+.B \--validate-config
+Validate config.json file and exit.
+
+.TP
+.B \--validate-rules [\fIFILE\fR]
+Validate rule file format (uses \fB\--output\fR/\fB\--compare\fR files if no file specified).
+
+.TP
+.B \--clean-rules [\fIFILE\fR]
+Clean rule files by removing invalid lines and optionally duplicates (uses \fB\--output\fR/\fB\--compare\fR files if no file specified).
+
+.TP
+.B \--test-validation
+Run domain validation tests and exit.
+
+.SH CONFIGURATION
+
+Configuration is provided via JSON files. The default configuration file is \fBconfig.json\fR.
+
+.SS Global Configuration Options
+
+.TP
+.B ignoreDomains
+Array of domains to completely ignore. Supports wildcards (e.g., \fB"*.ads.com"\fR).
+
+.TP
+.B blocked
+Array of global regex patterns to block requests.
+
+.TP
+.B whois_delay
+Default delay between whois requests in milliseconds (default: 3000).
+
+.TP
+.B whois_server_mode
+Default server selection mode for all sites: \fB"random"\fR or \fB"cycle"\fR (default: "random").
+
+.TP
+.B ignore_similar
+Boolean. Ignore domains similar to already found domains (default: true).
+
+.TP
+.B ignore_similar_threshold
+Number. Similarity threshold percentage for ignore_similar (default: 80).
+
+.TP
+.B ignore_similar_ignored_domains
+Boolean. Ignore domains similar to ignoreDomains list (default: true).
+
+.SS Per-Site Configuration Options
+
+.TP
+.B url
+Single URL string or array of URLs to scan.
+
+.TP
+.B filterRegex
+Regex pattern(s) to match suspicious requests.
+
+.TP
+.B comments
+Documentation strings or notes - completely ignored by the scanner. Can be a single string or array of strings. Used for adding context, URLs, timestamps, or any documentation notes to configuration files.
+
+.TP
+.B searchstring
+Text string(s) to search for in response content (OR logic).
+
+.TP
+.B searchstring_and
+Text string(s) that must ALL be present in content (AND logic).
+
+.TP
+.B curl
+Boolean. Use curl to download and analyze content.
+
+.TP
+.B grep
+Boolean. Use system grep for faster pattern matching (requires \fBcurl=true\fR).
+
+.TP
+.B resourceTypes
+Array of resource types to process (e.g., \fB["script", "xhr", "fetch"]\fR).
+
+.TP
+.B blocked
+Array of regex patterns to block requests for this site.
+
+.TP
+.B css_blocked
+Array of CSS selectors to hide elements on the page.
+
+.TP
+.B userAgent
+Spoof User-Agent: \fB"chrome"\fR, \fB"firefox"\fR, or \fB"safari"\fR.
+
+.TP
+.B interact
+Boolean. Simulate mouse movements and clicks.
+
+.TP
+.B delay
+Milliseconds to wait after page load (default: 4000).
+
+.TP
+.B reload
+Number of times to reload the page (default: 1).
+
+.TP
+.B timeout
+Request timeout in milliseconds (default: 30000).
+
+.TP
+.B firstParty
+Boolean. Allow first-party request matching (default: false).
+
+.TP
+.B thirdParty
+Boolean. Allow third-party request matching (default: true).
+
+.TP
+.B fingerprint_protection
+Boolean or \fB"random"\fR. Enable browser fingerprint spoofing.
+
+.TP
+.B ignore_similar
+Boolean. Override global ignore_similar setting for this site.
+
+.TP
+.B ignore_similar_threshold
+Number. Override global similarity threshold for this site.
+
+.TP
+.B ignore_similar_ignored_domains
+Boolean. Override global ignore_similar_ignored_domains for this site.
+
+.TP
+.B even_blocked
+Boolean. Add matching rules even if requests are blocked (default: false).
+
+.TP
+.B whois
+Array of terms that must ALL be found in WHOIS data (AND logic).
+
+.TP
+.B whois-or
+Array of terms where ANY must be found in WHOIS data (OR logic).
+
+.TP
+.B whois_server
+Custom WHOIS server(s) to use for lookups.
+
+.TP
+.B whois_server_mode
+Server selection mode: \fB"random"\fR (default) or \fB"cycle"\fR through list.
+
+.TP
+.B whois_max_retries
+Number. Maximum retry attempts per domain for WHOIS queries (default: 2).
+
+.TP
+.B whois_timeout_multiplier
+Number. Timeout increase multiplier per retry (default: 1.5).
+
+.TP
+.B whois_use_fallback
+Boolean. Add TLD-specific fallback servers for WHOIS (default: true).
+
+.TP
+.B whois_retry_on_timeout
+Boolean. Retry on timeout errors (default: true).
+
+.TP
+.B whois_retry_on_error
+Boolean. Retry on connection/other errors (default: false).
+
+.TP
+.B whois_delay
+Milliseconds. Delay between whois requests for this site (default: global whois_delay).
+
+.TP
+.B dig
+Array of terms that must ALL be found in DNS records (AND logic).
+
+.TP
+.B dig-or
+Array of terms where ANY must be found in DNS records (OR logic).
+
+.TP
+.B digRecordType
+DNS record type for dig queries (default: "A").
+
+.TP
+.B dig_subdomain
+Boolean. Use subdomain for dig lookup instead of root domain (default: false).
+
+.TP
+.B goto_options
+Object. Custom page.goto() options for Puppeteer navigation. Available options:
+.RS
+.IP \(bu 4
+\fBwaitUntil\fR: When to consider navigation successful. Options:
+.RS
+.IP \(bu 4
+\fB"load"\fR - Wait for all resources to load (default)
+.IP \(bu 4
+\fB"domcontentloaded"\fR - Wait for DOM only, faster loading
+.IP \(bu 4
+\fB"networkidle0"\fR - Wait until 0 network requests for 500ms
+.IP \(bu 4
+\fB"networkidle2"\fR - Wait until ≤2 network requests for 500ms
+.RE
+.IP \(bu 4
+\fBtimeout\fR: Maximum navigation time in milliseconds (overrides site timeout)
+.IP \(bu 4
+\fBreferer\fR: Referer header to send with navigation request
+.RE
+Example: \fB{"waitUntil": "networkidle2", "timeout": 60000}\fR
+
+.TP
+.B forcereload
+Boolean. Force an additional reload with cache disabled after normal reloads.
+
+.TP
+.B clear_sitedata
+Boolean. Clear all cookies, cache, and storage before each page load (default: false).
+
+.TP
+.B isBrave
+Boolean. Spoof Brave browser detection.
+
+.TP
+.B evaluateOnNewDocument
+Boolean. Inject Fetch/XHR interceptor scripts into page context.
+
+.TP
+.B cdp
+Boolean. Enable Chrome DevTools Protocol logging for this specific site.
+
+.TP
+.B source
+Boolean. Save page source HTML after loading.
+
+.TP
+.B screenshot
+Boolean. Capture screenshot on page load failure.
+
+.TP
+.B headful
+Boolean. Launch browser with GUI for this specific site.
+
+.TP
+.B adblock_rules
+Boolean. Generate adblock filter rules with resource types for this site.
+
+.TP
+.B cloudflare_phish
+Boolean. Auto-click through Cloudflare phishing warnings (default: false).
+
+.TP
+.B cloudflare_bypass
+Boolean. Auto-solve Cloudflare "Verify you are human" challenges (default: false).
+
+.TP
+.B flowproxy_detection
+Boolean. Enable flowProxy protection detection and handling (default: false).
+
+.TP
+.B flowproxy_page_timeout
+Milliseconds. Page timeout for flowProxy sites (default: 45000).
+
+.TP
+.B flowproxy_nav_timeout
+Milliseconds. Navigation timeout for flowProxy sites (default: 45000).
+
+.TP
+.B flowproxy_js_timeout
+Milliseconds. JavaScript challenge timeout (default: 15000).
+
+.TP
+.B flowproxy_delay
+Milliseconds. Delay for rate limiting (default: 30000).
+
+.TP
+.B flowproxy_additional_delay
+Milliseconds. Additional processing delay (default: 5000).
+
+.TP
+.B verbose
+Boolean. Enable verbose output for this specific site.
+
+.TP
+.B subDomains
+Number. Output full subdomains instead of root domains (1/0).
+
+.TP
+.B localhost
+Boolean. Force localhost output format (127.0.0.1) for this site.
+
+.TP
+.B localhost_0_0_0_0
+Boolean. Force localhost output format (0.0.0.0) for this site.
+
+.TP
+.B dnsmasq
+Boolean. Force dnsmasq output format for this site.
+
+.TP
+.B dnsmasq_old
+Boolean. Force dnsmasq old format for this site.
+
+.TP
+.B unbound
+Boolean. Force unbound output format for this site.
+
+.TP
+.B privoxy
+Boolean. Force Privoxy output format for this site.
+
+.TP
+.B pihole
+Boolean. Force Pi-hole regex output format for this site.
+
+.TP
+.B plain
+Boolean. Force plain domain output for this site.
+
+.SH SIMILARITY FILTERING
+
+The scanner includes advanced similarity filtering to reduce noise and improve detection accuracy by automatically ignoring domains that are very similar to ones already found or explicitly ignored.
+
+.SS Two-Layer Similarity Protection
+
+.TP
+.B Standard Similarity Filtering
+Ignores domains similar to already-found domains during scanning. For example, if \fBanimerco.com\fR is found, \fBanimerco.org\fR and \fBanimerco.net\fR will be automatically ignored (100% base domain similarity).
+
+.TP
+.B Ignored Domains Similarity Filtering
+Ignores domains similar to those in the \fBignoreDomains\fR list. For example, if \fBgoogle.com\fR is in ignoreDomains, then \fBgoogle.co.uk\fR, \fBgoogle.com.au\fR, and \fBgooglee.com\fR will be automatically ignored.
+
+.SS Multi-Part TLD Support
+
+The similarity engine correctly handles 70+ international multi-part TLDs including:
+.RS
+.IP \(bu 4
+\fBEurope\fR: .co.uk, .org.uk, .com.de, .com.fr, .com.es, .com.it, .com.pl, .com.ru
+.IP \(bu 4
+\fBAsia-Pacific\fR: .co.jp, .or.jp, .com.au, .org.au, .co.nz, .org.nz, .com.cn, .org.cn
+.IP \(bu 4
+\fBAmericas\fR: .com.br, .org.br, .com.ar, .org.ar, .com.mx, .org.mx, .com.co
+.IP \(bu 4
+\fBOthers\fR: .co.za, .org.za, .co.il, .org.il, .com.eg, .org.eg
+.RE
+
+.SS Similarity Configuration
+
+.TP
+.B ignore_similar
+Global and per-site boolean to enable/disable similarity filtering (default: true).
+
+.TP
+.B ignore_similar_threshold
+Similarity threshold percentage 0-100. Higher values = more strict filtering (default: 80).
+
+.TP
+.B ignore_similar_ignored_domains
+Global and per-site boolean to enable similarity filtering against ignoreDomains (default: true).
+
+.SS Similarity Examples
+
+With default settings (\fBignore_similar_threshold: 80\fR):
+.RS
+.IP \(bu 4
+\fBanimerco.com\fR vs \fBanimerco.org\fR → 100% similar → Ignored
+.IP \(bu 4
+\fBgoogle.com\fR vs \fBgoogle.co.uk\fR → 100% similar → Ignored
+.IP \(bu 4
+\fBamazon.com\fR vs \fBamazon2.org\fR → 89% similar → Ignored
+.IP \(bu 4
+\fBfacebook.com\fR vs \fBfaceboook.com\fR → 91% similar → Ignored
+.IP \(bu 4
+\fBapple.com\fR vs \fBmicrosoft.com\fR → 0% similar → Kept
+.RE
+
+.SH EXAMPLES
+
+.SS Basic malware domain detection:
+.EX
+{
+  "url": "https://suspicious-site.com",
+  "filterRegex": "\\\\.(space|website|tech|buzz)\\\\b",
+  "resourceTypes": ["script", "xhr", "fetch"]
+}
+.EE
+
+.SS Configuration with similarity filtering:
+.EX
+{
+  "ignoreDomains": ["google.com", "facebook.com", "amazon.com"],
+  "ignore_similar": true,
+  "ignore_similar_threshold": 80,
+  "ignore_similar_ignored_domains": true,
+  "sites": [
+    {
+      "url": "https://ad-network.com",
+      "filterRegex": "\\\\.(top|click|buzz)\\\\b",
+      "ignore_similar": true,
+      "ignore_similar_threshold": 85,
+      "resourceTypes": ["script", "fetch"]
+    }
+  ]
+}
+.EE
+
+.SS Content analysis with OR logic search:
+.EX
+{
+  "url": "https://ad-network.com",
+  "filterRegex": "\\\\.(top|click|buzz)\\\\b",
+  "searchstring": ["tracking", "analytics", "pixel"],
+  "curl": true,
+  "resourceTypes": ["script", "fetch"]
+}
+.EE
+
+.SS Content analysis with AND logic (all terms required):
+.EX
+{
+  "url": "https://crypto-site.com",
+  "filterRegex": "\\\\.(space|website)\\\\b",
+  "searchstring_and": ["mining", "crypto", "wallet"],
+  "curl": true,
+  "grep": true
+}
+.EE
+
+.SS WHOIS-based malicious domain detection:
+.EX
+{
+  "url": "https://phishing-target.com",
+  "filterRegex": "\\\\.(top|click|buzz|space)\\\\b",
+  "whois": ["privacy", "protection"],
+  "whois_server": "whois.verisign-grs.com",
+  "resourceTypes": ["script", "image", "fetch"]
+}
+.EE
+
+.SS Combined content and network analysis with similarity filtering:
+.EX
+{
+  "ignoreDomains": ["google.com", "googlee.com"],
+  "ignore_similar": true,
+  "ignore_similar_threshold": 75,
+  "ignore_similar_ignored_domains": true,
+  "sites": [
+    {
+      "url": "https://complex-threat.com",
+      "filterRegex": "\\\\.(space|website|tech)\\\\b",
+      "searchstring_and": ["bitcoin", "mining"],
+      "whois": ["privacy"],
+      "dig-or": ["tor", "onion"],
+      "curl": true,
+      "ignore_similar_threshold": 90,
+      "resourceTypes": ["script", "fetch", "xhr"]
+    }
+  ]
+}
+.EE
+
+.SS Configuration with documentation comments:
+.EX
+{
+  "comments": ["Testing malware sites", "Updated 2025-01-15", "https://docs.example.com/config"],
+  "ignore_similar": true,
+  "ignore_similar_threshold": 80,
+  "sites": [
+    {
+      "url": "https://suspicious-site.com",
+      "comments": "Main phishing target for Q1 testing",
+      "filterRegex": "\\\\.(space|website|tech|buzz)\\\\b",
+      "resourceTypes": ["script", "xhr", "fetch"]
+    },
+    {
+      "url": "https://crypto-mining.com",
+      "comments": ["Cryptojacking site", "Added by security team", "Ticket #12345"],
+      "filterRegex": "\\\\.(top|click)\\\\b",
+      "searchstring": ["mining", "crypto"],
+      "curl": true,
+      "ignore_similar": false
+    }
+  ]
+}
+.EE
+
+.SS Command line usage examples:
+
+.SS Run with debug mode and similarity filtering:
+.EX
+node nwss.js --debug --dry-run --verbose
+.EE
+
+.SS Run with adblock output format:
+.EX
+node nwss.js --output rules.txt --adblock-rules --remove-dupes
+.EE
+
+.SS Validate configuration and rules:
+.EX
+node nwss.js --validate-config
+node nwss.js --validate-rules rules.txt
+node nwss.js --clean-rules --remove-dupes --dry-run
+.EE
+
+.SS Advanced validation and cleaning:
+.EX
+node nwss.js --clean-rules rules.txt --remove-dupes
+node nwss.js --test-validation
+.EE
+
+.SS Multiple output formats:
+.EX
+node nwss.js -o hosts.txt --localhost --remove-dupes
+node nwss.js -o dnsmasq.conf --dnsmasq --titles
+node nwss.js -o pihole_regex.txt --pihole --debug
+.EE
+
+.SS Cloudflare bypass and fingerprint spoofing:
+.EX
+{
+  "url": "https://protected-site.com",
+  "filterRegex": "\\\\.(top|buzz)\\\\b",
+  "cloudflare_bypass": true,
+  "cloudflare_phish": true,
+  "fingerprint_protection": "random",
+  "isBrave": true,
+  "userAgent": "chrome"
+}
+.EE
+
+.SS FlowProxy protection handling:
+.EX
+{
+  "url": "https://flowproxy-protected.com",
+  "filterRegex": "\\\\.(space|website)\\\\b",
+  "flowproxy_detection": true,
+  "flowproxy_page_timeout": 45000,
+  "flowproxy_nav_timeout": 45000,
+  "flowproxy_js_timeout": 15000,
+  "flowproxy_delay": 30000,
+  "flowproxy_additional_delay": 5000
+}
+.EE
+
+.SH OUTPUT FORMATS
+
+The scanner supports multiple output formats for different blocking systems:
+
+.SS Standard Adblock Format
+Default format: \fB||domain.com^\fR
+.br
+Compatible with uBlock Origin, AdBlock Plus, and other browser ad blockers.
+
+.SS Privoxy Format
+Flag: \fB\--privoxy\fR
+.br
+Format: \fB{ +block } .domain.com\fR
+.br
+For use in Privoxy action files. The leading dot blocks domain and all subdomains.
+
+.SS Pi-hole Regex Format
+Flag: \fB\--pihole\fR
+.br
+Format: \fB(^|\\.)domain\\.com$\fR
+.br
+For Pi-hole regex filters. Blocks domain and subdomains at DNS level.
+
+.SS Hosts File Formats
+Flags: \fB\--localhost\fR, \fB\--localhost-0.0.0.0\fR
+.br
+Formats: \fB127.0.0.1 domain.com\fR, \fB0.0.0.0 domain.com\fR
+.br
+For system hosts files.
+
+.SS DNS Server Formats
+Flags: \fB\--dnsmasq\fR, \fB\--dnsmasq-old\fR, \fB\--unbound\fR
+.br
+For dnsmasq and Unbound DNS servers.
+
+.SS Plain Domain Format
+Flag: \fB\--plain\fR
+.br
+Format: \fBdomain.com\fR
+.br
+Simple domain list without formatting.
+
+.SH FILES
+
+.TP
+.B config.json
+Default configuration file containing scan targets and rules.
+
+.TP
+.B logs/
+Directory created for debug and matched URL logs when \fB\--debug\fR or \fB\--dumpurls\fR is used.
+
+.TP
+.B user.action
+Common Privoxy action file when using \fB\--privoxy\fR output.
+
+.SH DETECTION METHODS
+
+.SS URL Pattern Matching
+Uses regex patterns to identify suspicious domains and request URLs.
+
+.SS Content Analysis
+Downloads page content with curl and searches for malicious strings using JavaScript or grep.
+
+.SS Network Tools Integration
+Performs WHOIS and DNS lookups to identify suspicious domain registrations.
+
+.SS Browser-Based Analysis
+Uses Puppeteer to monitor network requests, analyze frames, and detect dynamic threats.
+
+.SS Resource Type Filtering
+Filters analysis by HTTP resource type (script, xhr, fetch, image, etc.).
+
+.SS Similarity-Based Filtering
+Automatically filters out domains similar to already-found domains or those in the ignore list, supporting 70+ international TLD formats.
+
+.SH SECURITY FEATURES
+
+.SS Fingerprint Spoofing
+Randomizes browser fingerprints to avoid detection by malicious sites.
+
+.SS Request Blocking
+Blocks suspicious requests during scanning to prevent malware execution.
+
+.SS Frame Isolation
+Safely analyzes iframe content without executing malicious scripts.
+
+.SS Cloudflare Bypass
+Automatically handles Cloudflare protection challenges.
+
+.SS FlowProxy Protection
+Detects and handles FlowProxy protection systems.
+
+.SS Intelligent Domain Filtering
+Advanced similarity algorithms prevent duplicate detection across international domains and variations.
+
+.SH EXIT STATUS
+.TP
+.B 0
+Success. All URLs processed successfully.
+.TP
+.B 1
+Error in configuration, file access, or critical failure.
+
+.SH BUGS
+Frame navigation errors may appear in debug output but do not affect detection functionality.
+
+Report bugs to the project repository or maintainer.
+
+.SH SEE ALSO
+.BR curl (1),
+.BR grep (1),
+.BR whois (1),
+.BR dig (1),
+.BR dnsmasq (8),
+.BR unbound (8),
+.BR privoxy (8)
+
+.SH AUTHORS
+Written for malware research and network security analysis.
+
+.SH COPYRIGHT
+Copyright (C) 2025 Free Software Foundation, Inc.
+This is free software; you can redistribute it and/or modify it under the
+terms of the GNU General Public License as published by the Free Software
+Foundation; either version 3 of the License, or (at your option) any later
+version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+this program. If not, see <https://www.gnu.org/licenses/>.