domsniper 0.1.0 → 0.1.1

package/README.md

@@ -1,246 +1,198 @@
-# Domain Sniper
+# domsniper
 
-All-in-one domain intelligence toolkit -- WHOIS, DNS, security recon, portfolio management, and a self-hostable marketplace. Built with Bun and TypeScript.
+All-in-one domain intelligence toolkit -- WHOIS, DNS, security recon, portfolio management, and automated domain sniping. Built with Bun.
+
+[![npm](https://img.shields.io/npm/v/domsniper)](https://www.npmjs.com/package/domsniper)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
 
 ## Install
 
 ```bash
-git clone https://github.com/yourusername/domain-sniper.git
-cd domain-sniper
-bun install
+# Run directly (no install)
+bunx domsniper
+
+# Install globally
+bun add -g domsniper
+
+# Or clone for development
+git clone https://github.com/t-rhex/domain-sniper.git
+cd domain-sniper && bun install
 ```
 
+**Requirements:** [Bun](https://bun.sh) runtime, `whois` and `dig` CLI tools.
+
 ## Quick Start
 
 ```bash
-# Interactive TUI -- scan domains, browse intel, manage portfolio
-bun run start
+# Interactive TUI
+domsniper
+
+# Check a domain
+domsniper example.com --headless
 
-# Headless check with JSON output (pipe to jq)
-bun run start --headless --json example.com startup.io
+# JSON output (pipe to jq)
+domsniper --headless --json example.com
 
-# Full security recon on a target
-bun run start recon example.com
+# Full security recon
+domsniper recon example.com
+
+# Generate name ideas
+domsniper suggest startup --check
+
+# Snipe a domain (auto-register when it drops)
+domsniper snipe add expiring-domain.com
+domsniper snipe run
 ```
 
 ## Features
 
-### Intelligence
-- **WHOIS & RDAP** -- Registration info, expiry dates, registrar details
-- **DNS Records** -- A, AAAA, MX, TXT, CNAME resolution
-- **HTTP Probe** -- Status codes, redirects, parked domain detection
-- **SSL Certificates** -- Issuer, expiry, SANs, protocol version
-- **Domain Scoring** -- 0-100 based on length, TLD, readability, brandability
-- **Wayback Machine** -- Archive history and snapshot count
-- **Social Media** -- Username availability across 12 platforms
-- **Tech Stack** -- Detect 40+ technologies (CMS, frameworks, CDN, analytics)
-- **Backlink Estimation** -- PageRank and CommonCrawl page count
-- **Domain Suggestions** -- Generate name ideas from keywords
+### Domain Intelligence
+- **WHOIS & RDAP** -- Registration, expiry, registrar details
+- **DNS Records** -- A, AAAA, MX, TXT, CNAME
+- **HTTP Probe** -- Status, redirects, parked domain detection
+- **SSL Certificates** -- Issuer, expiry, SANs, protocol
+- **Domain Scoring** -- 0-100 (length, TLD, readability, brandability, SEO)
+- **Wayback Machine** -- Archive history, snapshot count
+- **Social Media** -- Username availability (12 platforms)
+- **Tech Stack** -- 40+ technologies (CMS, frameworks, CDN, analytics)
+- **Backlinks** -- PageRank + CommonCrawl estimation
+- **Suggestions** -- Name ideas from keywords
 - **TLD Expansion** -- Check a name across all major TLDs
 - **Variations** -- Typos, plurals, prefixes, suffixes
 
-### Security Recon
-- **Port Scanner** -- TCP connect scan on 20 common ports with banner grabbing
-- **Security Headers** -- HSTS, CSP, X-Frame-Options audit (A+ to F grading)
-- **Email Security** -- SPF, DKIM, DMARC analysis
-- **WAF Detection** -- Identify 10 firewalls (Cloudflare, AWS, Akamai, etc.)
-- **Blacklist Check** -- Query 8 DNS blocklists for reputation
-- **Sensitive Paths** -- Scan 37 paths for exposed .env, .git, admin panels
-- **CORS Check** -- Test 6 attack vectors for misconfigurations
-- **Certificate Transparency** -- Subdomain discovery via crt.sh
-- **Subdomain Takeover** -- Dangling CNAME detection (16 services)
+### Security Recon (toggle with `n` key)
+- **Port Scanner** -- 20 ports, banner grabbing
+- **Security Headers** -- 9 headers, A+ to F grading
+- **Email Security** -- SPF/DKIM/DMARC audit
+- **WAF Detection** -- 10 firewalls (Cloudflare, AWS, Akamai, etc.)
+- **Blacklist Check** -- 8 DNS blocklists
+- **Sensitive Paths** -- 37 paths (.env, .git, admin panels, SQL dumps)
+- **CORS Check** -- 6 attack vectors
+- **Cert Transparency** -- Subdomain discovery via crt.sh
+- **Subdomain Takeover** -- 16 services (GitHub Pages, Heroku, S3, etc.)
 - **DNS Zone Transfer** -- AXFR vulnerability check
-- **Reverse IP** -- Discover co-hosted domains
-- **ASN/Geolocation** -- Network, ISP, and location info
+- **Reverse IP** -- Shared hosting discovery
+- **ASN/Geolocation** -- Network, ISP, location
 
-### Portfolio Management
-- Track owned domains with purchase price, renewal dates, registrar
-- Financial tracking -- P&L, transactions, valuations, ROI
-- Renewal calendar with 90/60/30/7 day alerts
-- Health monitoring -- WHOIS, DNS, HTTP, SSL checks
-- Categories, tags, acquisition pipeline
-- CSV export for portfolio, transactions, and tax reporting
+### Portfolio Manager
+- Track domains with purchase price, renewal dates, registrar
+- P&L tracking, transactions, valuations, ROI
+- Renewal calendar with alerts (90/60/30/7 days)
+- Health monitoring (WHOIS, DNS, HTTP, SSL)
+- Categories, pipeline, bulk operations
+- CSV export (portfolio, transactions, tax)
 
 ### Automation
-- **Watch Mode** -- Hourly monitoring of tagged domains
-- **Drop Catching** -- High-frequency polling for expiring domains
-- **Snipe Engine** -- Auto-register domains the moment they become available
-- **Webhooks** -- Slack, Discord, and email notifications
-- **Expiring Feed** -- Browse domains about to drop
-
-## TUI Keyboard Shortcuts
-
-| Key | Action |
-|-----|--------|
-| `/` or `i` | Enter domains to scan |
-| `f` | Load domains from file |
-| `e` | TLD expansion |
-| `v` | Generate variations |
-| `d` | Suggest similar names |
-| `Space` | Tag/untag domain |
-| `r` | Register domain |
-| `R` | Bulk register (two-step confirm) |
-| `Tab` | Cycle intel tabs |
-| `n` | Toggle recon mode |
-| `s` | Cycle status filter |
-| `o` / `O` | Cycle sort / toggle order |
-| `p` | Add to portfolio |
-| `P` | Portfolio dashboard |
-| `M` | Marketplace |
-| `w` | Watch tagged domains |
-| `D` | Drop catch (expired) |
-| `h` | Scan history |
-| `c` | Clear cache |
-| `x` | Export CSV/JSON |
-| `Ctrl+S` | Save session |
-| `Ctrl+L` | Load session |
-| `?` | Help |
-| `q` | Quit |
+- **Snipe Engine** -- Watch -> detect expiry -> auto-register -> notify
+- **Watch Mode** -- Hourly monitoring
+- **Drop Catch** -- 30-second polling for pending-delete domains
+- **Webhooks** -- Slack, Discord, email notifications
+
+### HTTP Proxy
+- Intercept and log HTTP traffic
+- Request replay
+- CA cert generation for HTTPS
+- Credential redaction in logs
+
+## TUI Shortcuts
+
+| Key | Action | Key | Action |
+|-----|--------|-----|--------|
+| `/` | Scan domains | `Tab` | Cycle intel tabs |
+| `e` | TLD expansion | `n` | Toggle recon mode |
+| `f` | Load from file | `s` | Cycle status filter |
+| `v` | Variations | `o/O` | Sort field/order |
+| `d` | Suggestions | `Space` | Tag/untag |
+| `r` | Register | `R` | Bulk register |
+| `S` | Snipe domain | `D` | Drop catch |
+| `p` | Add to portfolio | `P` | Portfolio dashboard |
+| `M` | Marketplace | `w` | Watch tagged |
+| `h` | Scan history | `c` | Clear cache |
+| `x` | Export CSV/JSON | `?` | Help |
+| `Ctrl+S` | Save session | `q` | Quit |
 
 ## CLI Commands
 
-| Command | Description |
-|---------|-------------|
-| `domain-sniper` | Interactive TUI mode |
-| `domain-sniper example.com --headless` | Quick check |
-| `domain-sniper --headless --json example.com` | JSON output |
-| `domain-sniper recon example.com` | Full security recon |
-| `domain-sniper suggest startup` | Generate domain name ideas |
-| `domain-sniper portfolio --dashboard` | Portfolio overview |
-| `domain-sniper portfolio --health` | Run health checks |
-| `domain-sniper portfolio --pnl` | Profit & loss report |
-| `domain-sniper portfolio --renewals` | Renewal calendar |
-| `domain-sniper portfolio --export-csv domains.csv` | Export portfolio |
-| `domain-sniper expiring --tld com` | Browse expiring domains |
-| `domain-sniper dropcatch example.com` | Auto-snipe dropping domain |
-| `domain-sniper market browse` | Browse marketplace |
-| `domain-sniper market list example.com -p 500` | List for sale |
-| `domain-sniper proxy start` | Start HTTP intercept proxy |
-| `domain-sniper snipe add example.com` | Add snipe target |
-| `domain-sniper db --stats` | Database statistics |
-| `domain-sniper config --show` | View configuration |
-| `domain-sniper completions zsh` | Shell completions |
-
-## Marketplace
-
-A self-hostable domain marketplace with authentication, listings, offers, messaging, and domain ownership verification.
-
-```bash
-# Start the marketplace server
-bun run serve
-
-# Browse from CLI
-domain-sniper market browse
-
-# List a domain for sale
-domain-sniper market list mydomain.com --price 500
-```
-
-See [marketplace/README.md](marketplace/README.md) for full API documentation, verification methods, and self-hosting instructions.
-
-## HTTP Proxy
-
-Intercept and inspect HTTP/HTTPS traffic for domain intelligence gathering.
-
-```bash
-# Start the proxy
-domain-sniper proxy start
-
-# Start with custom port
-domain-sniper proxy start --port 8888
-```
-
-The proxy generates a local CA certificate at `~/.domain-sniper/ca/`. Install it in your browser to inspect HTTPS traffic.
-
-## Snipe Engine
-
-Automatically register domains the moment they become available.
-
 ```bash
-# Add a domain to watch
-domain-sniper snipe add example.com
-
-# List active snipes
-domain-sniper snipe list
-
-# Remove a snipe
-domain-sniper snipe remove example.com
+# Scanning
+domsniper example.com --headless          # Quick check
+domsniper --headless --json example.com   # JSON output
+domsniper --headless --recon example.com  # With security recon
+domsniper recon example.com              # Standalone recon report
+
+# Domain discovery
+domsniper suggest startup --check         # Generate + check ideas
+domsniper expiring --tld com             # Browse expiring domains
+
+# Sniping
+domsniper snipe add example.com           # Add snipe target
+domsniper snipe list                      # List targets
+domsniper snipe run                       # Start snipe engine
+domsniper dropcatch example.com           # Direct drop catch
+
+# Portfolio
+domsniper portfolio --dashboard           # Overview
+domsniper portfolio --pnl                 # Profit & loss
+domsniper portfolio --health              # Health check all domains
+domsniper portfolio --renewals            # Renewal calendar
+domsniper portfolio --export-csv out.csv  # Export
+
+# Marketplace
+domsniper market signup                   # Create account
+domsniper market browse                   # Browse listings
+domsniper market list example.com -p 500  # List for sale
+domsniper market offer -l 1 -a 300       # Make offer
+
+# Proxy
+domsniper proxy start --port 8080         # Start interceptor
+domsniper proxy history --host target.com # Browse captured traffic
+domsniper proxy replay 42                 # Replay a request
+
+# Utilities
+domsniper db --stats                      # Database stats
+domsniper config --show                   # View config
+domsniper check-update                    # Check for updates
+domsniper completions zsh                 # Shell completions
 ```
 
-Requires a registrar API key configured in `.env`.
-
 ## Configuration
 
-Copy `.env.example` to `.env` and configure:
-
 ```bash
 cp .env.example .env
 ```
 
-### Registrar API (for domain registration)
-- GoDaddy, Namecheap, or Cloudflare
-- Set `REGISTRAR_PROVIDER`, `REGISTRAR_API_KEY`, `REGISTRAR_API_SECRET`
+Key settings:
+- `REGISTRAR_PROVIDER` / `REGISTRAR_API_KEY` -- For domain registration (GoDaddy/Namecheap/Cloudflare)
+- `MARKET_URL` -- Marketplace server URL
+- `S3_BUCKET` / `S3_ACCESS_KEY_ID` -- Cloud export storage
 
-### Marketplace
-- Set `BETTER_AUTH_SECRET` (min 32 chars) for auth
-- Set `BETTER_AUTH_URL` for server URL
-- Set `MARKET_URL` to point CLI at your marketplace instance
-
-### Persistent config
 ```bash
-domain-sniper config --set concurrency=10
-domain-sniper config --set notifications.webhookUrl=https://hooks.slack.com/...
+# Persistent config
+domsniper config --set concurrency=10
+domsniper config --set notifications.webhookUrl=https://hooks.slack.com/...
 ```
 
-## Self-Hosting the Marketplace
-
-1. Clone the repo
-2. Set `BETTER_AUTH_SECRET` and `BETTER_AUTH_URL` in `.env`
-3. Run `bun run serve`
-4. Point CLI clients to your server: `domain-sniper market login --server https://your-server.com`
-
-For production, consider PostgreSQL, rate limiting, and TLS. See [marketplace/README.md](marketplace/README.md).
-
 ## Architecture
 
 ```
-src/core/           Portable business logic (40+ modules)
-src/proxy/          HTTP/HTTPS interceptor
-src/app.tsx         TUI (React + @opentui)
-src/index.tsx       CLI (Commander)
-src/market-client.ts  Marketplace API client
-marketplace/        Self-hostable marketplace server
+src/core/              Portable business logic (40+ modules)
+src/core/db.ts         SQLite database (scans, portfolio, cache, snipes)
+src/proxy/             HTTP/HTTPS interceptor
+src/app.tsx            TUI (React + @opentui)
+src/index.tsx          CLI (Commander)
+src/market-client.ts   Marketplace API client
 ```
 
-See [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) for the full breakdown.
-
-## Security
-
-- Registrar API keys never leave your machine
-- All inputs validated, all queries parameterized
-- Shell commands use `execFile` (no injection)
-- File paths confined to allowed directories
-
-See [docs/SECURITY.md](docs/SECURITY.md) for the full security model.
-
-## Tech Stack
-
-- **Runtime:** Bun
-- **Language:** TypeScript (strict mode)
-- **TUI:** @opentui/react
-- **Database:** SQLite (bun:sqlite)
-- **Auth:** Better Auth
-- **Tests:** bun:test
+See [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) and [docs/SECURITY.md](docs/SECURITY.md).
 
 ## Contributing
 
-1. Fork the repo
-2. Create a feature branch: `git checkout -b feat/my-feature`
-3. Write tests first, then implement
-4. Ensure `bunx tsc --noEmit` passes
-5. Ensure `bun test` passes
-6. Submit a pull request
+1. Fork and clone
+2. `bun install`
+3. Write tests: `bun test`
+4. Type check: `bunx tsc --noEmit`
+5. Submit PR
 
 ## License
 
-MIT -- see [LICENSE](LICENSE).
+MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "domsniper",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "All-in-one domain intelligence toolkit — availability checker, security recon, portfolio manager. Built with Bun.",
   "module": "src/index.tsx",
   "type": "module",

package/src/core/features/http-probe.ts

@@ -2,9 +2,18 @@ import { assertValidDomain } from "../validate.js";
 import type { HttpProbeResult } from "../types.js";
 
 const PARKED_INDICATORS = [
-  "parked", "for sale", "buy this domain", "domain parking",
-  "godaddy", "sedo", "afternic", "hugedomains", "dan.com",
-  "this domain is for sale", "under construction",
+  "this domain is parked",
+  "domain is for sale",
+  "buy this domain",
+  "domain parking",
+  "this domain may be for sale",
+  "hugedomains.com",
+  "dan.com/buy-domain",
+  "this domain is for sale",
+  "under construction",
+  "parked by",
+  "domain has expired",
+  "renew this domain",
 ];
 
 export async function httpProbe(domain: string): Promise<HttpProbeResult> {

package/src/core/features/tech-stack.ts

@@ -24,14 +24,14 @@ const HTML_PATTERNS: { name: string; category: string; pattern: RegExp }[] = [
   { name: "WordPress", category: "CMS", pattern: /wp-content|wp-includes|wordpress/i },
   { name: "Drupal", category: "CMS", pattern: /drupal|sites\/default\/files/i },
   { name: "Joomla", category: "CMS", pattern: /joomla|\/media\/system\/js/i },
-  { name: "Shopify", category: "CMS", pattern: /shopify|cdn\.shopify\.com/i },
+  { name: "Shopify", category: "CMS", pattern: /cdn\.shopify\.com|myshopify\.com|Shopify\.theme/i },
   { name: "Squarespace", category: "CMS", pattern: /squarespace|sqsp/i },
   { name: "Wix", category: "CMS", pattern: /wix\.com|wixstatic\.com/i },
   { name: "Webflow", category: "CMS", pattern: /webflow/i },
   { name: "Ghost", category: "CMS", pattern: /ghost\.io|ghost-api/i },
   { name: "Hugo", category: "CMS", pattern: /hugo-/i },
   // Frameworks
-  { name: "React", category: "Framework", pattern: /react|__next|_next\/static/i },
+  { name: "React", category: "Framework", pattern: /react\.production\.min|reactDOM|data-reactroot|__react/i },
   { name: "Next.js", category: "Framework", pattern: /_next\/|__NEXT_DATA__/i },
   { name: "Vue.js", category: "Framework", pattern: /vue\.js|__vue|nuxt/i },
   { name: "Nuxt", category: "Framework", pattern: /__nuxt|nuxt\.js/i },

package/src/core/whois.ts

@@ -83,15 +83,15 @@ function parseWhoisResponse(domain: string, raw: string): WhoisResult {
       result.registrar = line.split(":").slice(1).join(":").trim();
     }
 
-    // Created date
+    // Created date — prefer "Creation Date:" (registrar-level) over "created:" (TLD-level)
     if (
-      !result.createdDate &&
-      (lower.startsWith("creation date:") ||
-        lower.startsWith("created:") ||
-        lower.startsWith("created date:") ||
-        lower.startsWith("registration date:"))
+      lower.startsWith("creation date:") ||
+      lower.startsWith("created date:") ||
+      lower.startsWith("registration date:")
     ) {
       result.createdDate = line.split(":").slice(1).join(":").trim();
+    } else if (!result.createdDate && lower.startsWith("created:")) {
+      result.createdDate = line.split(":").slice(1).join(":").trim();
     }
 
     // Updated date

package/src/index.tsx

@@ -43,7 +43,7 @@ const program = new Command();
 program
   .name("dsniper")
   .description("All-in-one domain intelligence toolkit — availability checker, security recon, portfolio manager")
-  .version("0.1.0")
+  .version("0.1.1")
   .argument("[domains...]", "Domain(s) to check")
   .option("-f, --file <path>", "Path to file with domains (one per line)")
   .option("-a, --auto-register", "Automatically register available domains", false)