domsniper 0.1.0

package/src/core/features/subdomain-discovery.ts

@@ -0,0 +1,53 @@
+import { execFile } from "child_process";
+import { promisify } from "util";
+import { assertValidDomain } from "../validate.js";
+
+const execFileAsync = promisify(execFile);
+
+const COMMON_SUBDOMAINS = [
+  "www", "mail", "ftp", "smtp", "pop", "imap",
+  "api", "app", "cdn", "dev", "staging", "beta",
+  "admin", "portal", "blog", "shop", "store",
+  "ns1", "ns2", "mx", "vpn", "remote",
+  "docs", "wiki", "git", "ci", "status",
+];
+
+export interface SubdomainResult {
+  subdomain: string;
+  full: string;
+  resolved: boolean;
+  ip: string | null;
+}
+
+export async function discoverSubdomains(
+  domain: string,
+  subdomains: string[] = COMMON_SUBDOMAINS
+): Promise<SubdomainResult[]> {
+  assertValidDomain(domain);
+
+  const results: SubdomainResult[] = [];
+  const BATCH = 10;
+
+  for (let i = 0; i < subdomains.length; i += BATCH) {
+    const batch = subdomains.slice(i, i + BATCH);
+    const batchResults = await Promise.all(
+      batch.map(async (sub) => {
+        const full = `${sub}.${domain}`;
+        try {
+          const { stdout } = await execFileAsync("dig", ["+short", full, "A"], { timeout: 5000 });
+          const ip = stdout.trim().split("\n")[0] || null;
+          return { subdomain: sub, full, resolved: !!ip, ip };
+        } catch {
+          return { subdomain: sub, full, resolved: false, ip: null };
+        }
+      })
+    );
+    results.push(...batchResults);
+  }
+
+  return results;
+}
+
+export function getActiveSubdomains(results: SubdomainResult[]): SubdomainResult[] {
+  return results.filter((r) => r.resolved);
+}

package/src/core/features/takeover-detect.ts

@@ -0,0 +1,143 @@
+import { execFile } from "child_process";
+import { promisify } from "util";
+import { assertValidDomain } from "../validate.js";
+
+const execFileAsync = promisify(execFile);
+
+export interface TakeoverResult {
+  domain: string;
+  vulnerable: boolean;
+  findings: TakeoverFinding[];
+  checkedSubdomains: number;
+  error: string | null;
+}
+
+export interface TakeoverFinding {
+  subdomain: string;
+  cname: string;
+  service: string;
+  status: "vulnerable" | "potential" | "safe";
+  detail: string;
+}
+
+// Services known to be susceptible to subdomain takeover
+const TAKEOVER_SIGNATURES: { service: string; cnames: string[]; responseIndicators: string[] }[] = [
+  { service: "GitHub Pages", cnames: ["github.io"], responseIndicators: ["There isn't a GitHub Pages site here"] },
+  { service: "Heroku", cnames: ["herokuapp.com", "herokussl.com"], responseIndicators: ["No such app", "no-such-app"] },
+  { service: "AWS S3", cnames: ["s3.amazonaws.com", "s3-website"], responseIndicators: ["NoSuchBucket", "The specified bucket does not exist"] },
+  { service: "Netlify", cnames: ["netlify.app", "netlify.com"], responseIndicators: ["Not Found - Request ID"] },
+  { service: "Vercel", cnames: ["vercel.app", "now.sh"], responseIndicators: ["The deployment could not be found"] },
+  { service: "Surge.sh", cnames: ["surge.sh"], responseIndicators: ["project not found"] },
+  { service: "Fly.io", cnames: ["fly.dev"], responseIndicators: ["404 Not Found"] },
+  { service: "Shopify", cnames: ["myshopify.com"], responseIndicators: ["Sorry, this shop is currently unavailable"] },
+  { service: "Tumblr", cnames: ["tumblr.com"], responseIndicators: ["There's nothing here", "Whatever you were looking for doesn't currently exist"] },
+  { service: "WordPress.com", cnames: ["wordpress.com"], responseIndicators: ["Do you want to register"] },
+  { service: "Ghost", cnames: ["ghost.io"], responseIndicators: ["Site not found"] },
+  { service: "Fastly", cnames: ["fastly.net"], responseIndicators: ["Fastly error: unknown domain"] },
+  { service: "Pantheon", cnames: ["pantheonsite.io"], responseIndicators: ["404 error unknown site"] },
+  { service: "Azure", cnames: ["azurewebsites.net", "cloudapp.azure.com", "trafficmanager.net"], responseIndicators: ["404 Web Site not found"] },
+  { service: "Unbounce", cnames: ["unbouncepages.com"], responseIndicators: ["The requested URL was not found"] },
+  { service: "Cargo", cnames: ["cargocollective.com"], responseIndicators: ["404 Not Found"] },
+];
+
+async function getCname(subdomain: string): Promise<string | null> {
+  try {
+    const { stdout } = await execFileAsync("dig", ["+short", subdomain, "CNAME"], { timeout: 5000 });
+    const cname = stdout.trim().replace(/\.$/, "");
+    return cname || null;
+  } catch {
+    return null;
+  }
+}
+
+async function checkResponse(url: string): Promise<string | null> {
+  try {
+    const resp = await fetch(url, {
+      signal: AbortSignal.timeout(6000),
+      headers: { "User-Agent": "DomainSniper/2.0" },
+    });
+    const body = await resp.text();
+    return body.slice(0, 5000);
+  } catch {
+    return null;
+  }
+}
+
+export async function detectTakeover(
+  domain: string,
+  subdomains?: string[]
+): Promise<TakeoverResult> {
+  assertValidDomain(domain);
+
+  const result: TakeoverResult = {
+    domain,
+    vulnerable: false,
+    findings: [],
+    checkedSubdomains: 0,
+    error: null,
+  };
+
+  // Default subdomains to check
+  const toCheck = subdomains || [
+    domain,
+    `www.${domain}`, `blog.${domain}`, `shop.${domain}`, `app.${domain}`,
+    `dev.${domain}`, `staging.${domain}`, `beta.${domain}`, `docs.${domain}`,
+    `api.${domain}`, `cdn.${domain}`, `mail.${domain}`, `status.${domain}`,
+    `portal.${domain}`, `admin.${domain}`, `help.${domain}`, `support.${domain}`,
+  ];
+
+  try {
+    for (const sub of toCheck) {
+      result.checkedSubdomains++;
+      const cname = await getCname(sub);
+      if (!cname) continue;
+
+      // Check if CNAME points to a known vulnerable service
+      for (const sig of TAKEOVER_SIGNATURES) {
+        const matchesCname = sig.cnames.some((c) => cname.toLowerCase().includes(c));
+        if (!matchesCname) continue;
+
+        // Check if the service returns a "not found" indicator
+        const body = await checkResponse(`https://${sub}`);
+        if (body) {
+          const isVulnerable = sig.responseIndicators.some((ind) =>
+            body.toLowerCase().includes(ind.toLowerCase())
+          );
+
+          if (isVulnerable) {
+            result.vulnerable = true;
+            result.findings.push({
+              subdomain: sub,
+              cname,
+              service: sig.service,
+              status: "vulnerable",
+              detail: `CNAME points to ${sig.service} but the resource is unclaimed`,
+            });
+          } else {
+            result.findings.push({
+              subdomain: sub,
+              cname,
+              service: sig.service,
+              status: "safe",
+              detail: `CNAME points to ${sig.service} and resource exists`,
+            });
+          }
+        } else {
+          // Couldn't connect — could be vulnerable
+          result.findings.push({
+            subdomain: sub,
+            cname,
+            service: sig.service,
+            status: "potential",
+            detail: `CNAME points to ${sig.service} but could not verify (connection failed)`,
+          });
+        }
+      }
+    }
+
+    return result;
+  } catch (err: unknown) {
+    result.error = err instanceof Error ? err.message : "Takeover detection failed";
+    return result;
+  }
+}

package/src/core/features/tech-stack.ts

@@ -0,0 +1,135 @@
+import { assertValidDomain } from "../validate.js";
+
+export interface TechStackResult {
+  server: string | null;
+  poweredBy: string | null;
+  cms: string | null;
+  framework: string | null;
+  analytics: string[];
+  cdn: string | null;
+  ssl: string | null;
+  technologies: TechDetection[];
+  error: string | null;
+}
+
+export interface TechDetection {
+  name: string;
+  category: string;
+  confidence: "high" | "medium" | "low";
+}
+
+// Detection patterns for HTML content
+const HTML_PATTERNS: { name: string; category: string; pattern: RegExp }[] = [
+  // CMS
+  { name: "WordPress", category: "CMS", pattern: /wp-content|wp-includes|wordpress/i },
+  { name: "Drupal", category: "CMS", pattern: /drupal|sites\/default\/files/i },
+  { name: "Joomla", category: "CMS", pattern: /joomla|\/media\/system\/js/i },
+  { name: "Shopify", category: "CMS", pattern: /shopify|cdn\.shopify\.com/i },
+  { name: "Squarespace", category: "CMS", pattern: /squarespace|sqsp/i },
+  { name: "Wix", category: "CMS", pattern: /wix\.com|wixstatic\.com/i },
+  { name: "Webflow", category: "CMS", pattern: /webflow/i },
+  { name: "Ghost", category: "CMS", pattern: /ghost\.io|ghost-api/i },
+  { name: "Hugo", category: "CMS", pattern: /hugo-/i },
+  // Frameworks
+  { name: "React", category: "Framework", pattern: /react|__next|_next\/static/i },
+  { name: "Next.js", category: "Framework", pattern: /_next\/|__NEXT_DATA__/i },
+  { name: "Vue.js", category: "Framework", pattern: /vue\.js|__vue|nuxt/i },
+  { name: "Nuxt", category: "Framework", pattern: /__nuxt|nuxt\.js/i },
+  { name: "Angular", category: "Framework", pattern: /ng-version|angular/i },
+  { name: "Svelte", category: "Framework", pattern: /svelte/i },
+  { name: "Remix", category: "Framework", pattern: /remix/i },
+  { name: "Astro", category: "Framework", pattern: /astro/i },
+  { name: "Laravel", category: "Framework", pattern: /laravel/i },
+  { name: "Ruby on Rails", category: "Framework", pattern: /csrf-token.*authenticity|ruby/i },
+  { name: "Django", category: "Framework", pattern: /csrfmiddlewaretoken|django/i },
+  // Analytics
+  { name: "Google Analytics", category: "Analytics", pattern: /google-analytics|gtag|googletagmanager/i },
+  { name: "Plausible", category: "Analytics", pattern: /plausible\.io/i },
+  { name: "Fathom", category: "Analytics", pattern: /usefathom\.com/i },
+  { name: "Hotjar", category: "Analytics", pattern: /hotjar/i },
+  { name: "Segment", category: "Analytics", pattern: /segment\.com|analytics\.js/i },
+  { name: "Mixpanel", category: "Analytics", pattern: /mixpanel/i },
+  // Hosting/CDN
+  { name: "Vercel", category: "Hosting", pattern: /vercel/i },
+  { name: "Netlify", category: "Hosting", pattern: /netlify/i },
+  { name: "AWS", category: "Hosting", pattern: /amazonaws\.com/i },
+  { name: "Google Cloud", category: "Hosting", pattern: /googleapis\.com|gstatic\.com/i },
+  // Other
+  { name: "jQuery", category: "Library", pattern: /jquery/i },
+  { name: "Bootstrap", category: "Library", pattern: /bootstrap/i },
+  { name: "Tailwind CSS", category: "Library", pattern: /tailwindcss|tailwind/i },
+  { name: "Stripe", category: "Payment", pattern: /stripe\.com|stripe\.js/i },
+  { name: "Intercom", category: "Support", pattern: /intercom/i },
+  { name: "Crisp", category: "Support", pattern: /crisp\.chat/i },
+  { name: "Cloudflare", category: "CDN", pattern: /cloudflare/i },
+];
+
+// Header-based detection
+const HEADER_PATTERNS: { header: string; name: string; category: string; pattern?: RegExp }[] = [
+  { header: "x-powered-by", name: "Express", category: "Framework", pattern: /express/i },
+  { header: "x-powered-by", name: "PHP", category: "Language", pattern: /php/i },
+  { header: "x-powered-by", name: "ASP.NET", category: "Framework", pattern: /asp\.net/i },
+  { header: "x-powered-by", name: "Next.js", category: "Framework", pattern: /next/i },
+  { header: "server", name: "nginx", category: "Server", pattern: /nginx/i },
+  { header: "server", name: "Apache", category: "Server", pattern: /apache/i },
+  { header: "server", name: "Cloudflare", category: "CDN", pattern: /cloudflare/i },
+  { header: "server", name: "LiteSpeed", category: "Server", pattern: /litespeed/i },
+  { header: "server", name: "Caddy", category: "Server", pattern: /caddy/i },
+  { header: "x-vercel-id", name: "Vercel", category: "Hosting" },
+  { header: "x-nf-request-id", name: "Netlify", category: "Hosting" },
+  { header: "fly-request-id", name: "Fly.io", category: "Hosting" },
+  { header: "cf-ray", name: "Cloudflare", category: "CDN" },
+  { header: "x-cache", name: "CDN Cache", category: "CDN" },
+];
+
+export async function detectTechStack(domain: string): Promise<TechStackResult> {
+  assertValidDomain(domain);
+
+  const result: TechStackResult = {
+    server: null, poweredBy: null, cms: null, framework: null,
+    analytics: [], cdn: null, ssl: null, technologies: [], error: null,
+  };
+
+  try {
+    const resp = await fetch(`https://${domain}`, {
+      signal: AbortSignal.timeout(10000),
+      headers: { "User-Agent": "DomainSniper/2.0" },
+    });
+
+    // Extract from headers
+    result.server = resp.headers.get("server");
+    result.poweredBy = resp.headers.get("x-powered-by");
+
+    for (const hp of HEADER_PATTERNS) {
+      const val = resp.headers.get(hp.header);
+      if (val && (!hp.pattern || hp.pattern.test(val))) {
+        const exists = result.technologies.some((t) => t.name === hp.name);
+        if (!exists) {
+          result.technologies.push({ name: hp.name, category: hp.category, confidence: "high" });
+        }
+        if (hp.category === "CDN" && !result.cdn) result.cdn = hp.name;
+      }
+    }
+
+    // Parse HTML body for patterns
+    const body = await resp.text();
+    const seen = new Set<string>();
+
+    for (const pat of HTML_PATTERNS) {
+      if (pat.pattern.test(body) && !seen.has(pat.name)) {
+        seen.add(pat.name);
+        result.technologies.push({ name: pat.name, category: pat.category, confidence: "medium" });
+
+        if (pat.category === "CMS" && !result.cms) result.cms = pat.name;
+        if (pat.category === "Framework" && !result.framework) result.framework = pat.name;
+        if (pat.category === "Analytics") result.analytics.push(pat.name);
+        if (pat.category === "CDN" && !result.cdn) result.cdn = pat.name;
+      }
+    }
+
+    return result;
+  } catch (err: unknown) {
+    result.error = err instanceof Error ? err.message : "Tech detection failed";
+    return result;
+  }
+}

package/src/core/features/tld-expand.ts

@@ -0,0 +1,43 @@
+/**
+ * TLD Expansion — enter "coolstartup" and check across all popular TLDs
+ */
+
+export const POPULAR_TLDS = [
+  "com", "io", "dev", "ai", "app", "co", "net", "org",
+  "xyz", "me", "tech", "so", "sh", "gg", "cc", "to",
+  "cloud", "run", "live", "site", "online", "store",
+] as const;
+
+export const PREMIUM_TLDS = [
+  "com", "io", "dev", "ai", "app", "co",
+] as const;
+
+export const STARTUP_TLDS = [
+  "com", "io", "dev", "ai", "app", "co", "so", "sh", "gg", "run",
+] as const;
+
+export type TldPreset = "popular" | "premium" | "startup" | "all";
+
+export function expandTlds(
+  baseName: string,
+  preset: TldPreset = "popular",
+  customTlds?: string[]
+): string[] {
+  // Strip any existing TLD
+  const name = baseName.replace(/\.[a-z]+$/i, "").trim().toLowerCase();
+  if (!name) return [];
+
+  if (customTlds && customTlds.length > 0) {
+    return customTlds.map((tld) => `${name}.${tld.replace(/^\./, "")}`);
+  }
+
+  let tlds: readonly string[];
+  switch (preset) {
+    case "premium": tlds = PREMIUM_TLDS; break;
+    case "startup": tlds = STARTUP_TLDS; break;
+    case "all": tlds = POPULAR_TLDS; break;
+    default: tlds = POPULAR_TLDS;
+  }
+
+  return tlds.map((tld) => `${name}.${tld}`);
+}

package/src/core/features/variations.ts

@@ -0,0 +1,134 @@
+/**
+ * Typo & variation generator — check misspellings, hyphens, plurals, prefixes
+ */
+
+export interface VariationOptions {
+  plurals?: boolean;
+  hyphens?: boolean;
+  prefixes?: boolean;
+  suffixes?: boolean;
+  typos?: boolean;
+  abbreviations?: boolean;
+}
+
+const DEFAULT_OPTIONS: VariationOptions = {
+  plurals: true,
+  hyphens: true,
+  prefixes: true,
+  suffixes: true,
+  typos: true,
+  abbreviations: true,
+};
+
+// Common keyboard-adjacent typos
+const TYPO_MAP: Record<string, string[]> = {
+  a: ["s", "q", "z"], b: ["v", "n", "g"], c: ["x", "v", "d"],
+  d: ["s", "f", "e"], e: ["w", "r", "d"], f: ["d", "g", "r"],
+  g: ["f", "h", "t"], h: ["g", "j", "y"], i: ["u", "o", "k"],
+  j: ["h", "k", "u"], k: ["j", "l", "i"], l: ["k", "o", "p"],
+  m: ["n", "k"], n: ["b", "m", "h"], o: ["i", "p", "l"],
+  p: ["o", "l"], q: ["w", "a"], r: ["e", "t", "f"],
+  s: ["a", "d", "w"], t: ["r", "y", "g"], u: ["y", "i", "j"],
+  v: ["c", "b", "f"], w: ["q", "e", "s"], x: ["z", "c", "s"],
+  y: ["t", "u", "h"], z: ["a", "x", "s"],
+};
+
+const PREFIXES = ["get", "my", "the", "go", "try", "use", "hey"];
+const SUFFIXES = ["app", "hq", "io", "lab", "hub", "ly", "ify", "ize"];
+
+export function generateVariations(
+  domain: string,
+  options: VariationOptions = DEFAULT_OPTIONS
+): string[] {
+  const parts = domain.split(".");
+  const tld = parts.slice(1).join(".") || "com";
+  const name = parts[0]!.toLowerCase();
+  const variations = new Set<string>();
+
+  // Plurals
+  if (options.plurals) {
+    if (name.endsWith("s")) {
+      variations.add(`${name.slice(0, -1)}.${tld}`);
+    } else {
+      variations.add(`${name}s.${tld}`);
+    }
+    if (name.endsWith("y")) {
+      variations.add(`${name.slice(0, -1)}ies.${tld}`);
+    }
+  }
+
+  // Hyphens — split camelCase or compound words
+  if (options.hyphens) {
+    // Add hyphen at common word boundaries
+    for (let i = 2; i < name.length - 1; i++) {
+      const left = name.slice(0, i);
+      const right = name.slice(i);
+      if (left.length >= 2 && right.length >= 2) {
+        variations.add(`${left}-${right}.${tld}`);
+      }
+    }
+    // Remove existing hyphens
+    if (name.includes("-")) {
+      variations.add(`${name.replace(/-/g, "")}.${tld}`);
+    }
+  }
+
+  // Prefixes
+  if (options.prefixes) {
+    for (const prefix of PREFIXES) {
+      if (!name.startsWith(prefix)) {
+        variations.add(`${prefix}${name}.${tld}`);
+      }
+    }
+  }
+
+  // Suffixes
+  if (options.suffixes) {
+    for (const suffix of SUFFIXES) {
+      if (!name.endsWith(suffix)) {
+        variations.add(`${name}${suffix}.${tld}`);
+      }
+    }
+  }
+
+  // Typos — swap adjacent chars, drop chars, double chars
+  if (options.typos) {
+    // Character swaps
+    for (let i = 0; i < name.length - 1; i++) {
+      const swapped = name.slice(0, i) + name[i + 1] + name[i] + name.slice(i + 2);
+      variations.add(`${swapped}.${tld}`);
+    }
+    // Character drops
+    for (let i = 0; i < name.length; i++) {
+      if (name.length > 2) {
+        const dropped = name.slice(0, i) + name.slice(i + 1);
+        variations.add(`${dropped}.${tld}`);
+      }
+    }
+    // Keyboard-adjacent substitutions (limit to first 3)
+    let typoCount = 0;
+    for (let i = 0; i < name.length && typoCount < 3; i++) {
+      const char = name[i]!;
+      const adjacent = TYPO_MAP[char];
+      if (adjacent) {
+        const sub = name.slice(0, i) + adjacent[0] + name.slice(i + 1);
+        variations.add(`${sub}.${tld}`);
+        typoCount++;
+      }
+    }
+  }
+
+  // Abbreviations
+  if (options.abbreviations) {
+    // Remove vowels
+    const noVowels = name.replace(/[aeiou]/g, "");
+    if (noVowels.length >= 2 && noVowels !== name) {
+      variations.add(`${noVowels}.${tld}`);
+    }
+  }
+
+  // Remove the original domain
+  variations.delete(domain);
+
+  return Array.from(variations);
+}

package/src/core/features/version-check.ts

@@ -0,0 +1,58 @@
+/**
+ * Check if a newer version of domain-sniper is available.
+ * Uses Bun.semver for version comparison.
+ */
+
+import { join } from "path";
+import { readFileSync } from "fs";
+
+export function getCurrentVersion(): string {
+  try {
+    const raw = readFileSync(join(import.meta.dir, "../../../package.json"), "utf-8");
+    const pkg = JSON.parse(raw) as { version?: string };
+    return pkg.version || "0.0.0";
+  } catch {
+    return "2.0.0";
+  }
+}
+
+export async function checkForUpdates(): Promise<{
+  current: string;
+  latest: string | null;
+  updateAvailable: boolean;
+  error: string | null;
+}> {
+  const current = getCurrentVersion();
+
+  try {
+    const resp = await fetch("https://registry.npmjs.org/domain-sniper/latest", {
+      signal: AbortSignal.timeout(5000),
+    });
+
+    if (!resp.ok) {
+      return { current, latest: null, updateAvailable: false, error: null };
+    }
+
+    const data = (await resp.json()) as { version?: string };
+    const latest = data.version || null;
+
+    if (!latest) {
+      return { current, latest: null, updateAvailable: false, error: null };
+    }
+
+    const updateAvailable = Bun.semver.order(current, latest) < 0;
+
+    return { current, latest, updateAvailable, error: null };
+  } catch (err: unknown) {
+    return {
+      current,
+      latest: null,
+      updateAvailable: false,
+      error: err instanceof Error ? err.message : "Check failed",
+    };
+  }
+}
+
+export function formatUpdateMessage(current: string, latest: string): string {
+  return `Update available: ${current} -> ${latest}\nRun: bun update -g domain-sniper`;
+}