domsniper 0.1.0

package/src/core/features/waf-detect.ts

@@ -0,0 +1,171 @@
+import { assertValidDomain } from "../validate.js";
+
+export interface WafResult {
+  domain: string;
+  detected: boolean;
+  waf: string | null;
+  confidence: "high" | "medium" | "low";
+  indicators: string[];
+  error: string | null;
+}
+
+interface WafSignature {
+  name: string;
+  headerPatterns: { header: string; pattern: RegExp }[];
+  bodyPatterns: RegExp[];
+  cookiePatterns: RegExp[];
+}
+
+const WAF_SIGNATURES: WafSignature[] = [
+  {
+    name: "Cloudflare",
+    headerPatterns: [
+      { header: "server", pattern: /cloudflare/i },
+      { header: "cf-ray", pattern: /.+/ },
+      { header: "cf-cache-status", pattern: /.+/ },
+    ],
+    bodyPatterns: [/cloudflare/i, /cf-browser-verification/i],
+    cookiePatterns: [/__cfduid/i, /__cf_bm/i],
+  },
+  {
+    name: "AWS WAF / CloudFront",
+    headerPatterns: [
+      { header: "x-amz-cf-id", pattern: /.+/ },
+      { header: "x-amz-cf-pop", pattern: /.+/ },
+      { header: "x-amzn-waf", pattern: /.+/ },
+    ],
+    bodyPatterns: [/awswaf/i],
+    cookiePatterns: [/awsalb/i, /awsalbcors/i],
+  },
+  {
+    name: "Akamai",
+    headerPatterns: [
+      { header: "x-akamai-transformed", pattern: /.+/ },
+      { header: "server", pattern: /akamaighost/i },
+      { header: "x-akamai-session-info", pattern: /.+/ },
+    ],
+    bodyPatterns: [/akamai/i, /reference.*akamai/i],
+    cookiePatterns: [/akamai/i, /ak_bmsc/i],
+  },
+  {
+    name: "Sucuri",
+    headerPatterns: [
+      { header: "server", pattern: /sucuri/i },
+      { header: "x-sucuri-id", pattern: /.+/ },
+      { header: "x-sucuri-cache", pattern: /.+/ },
+    ],
+    bodyPatterns: [/sucuri/i, /sucuri cloudproxy/i],
+    cookiePatterns: [/sucuri/i],
+  },
+  {
+    name: "Imperva / Incapsula",
+    headerPatterns: [
+      { header: "x-cdn", pattern: /incapsula/i },
+      { header: "x-iinfo", pattern: /.+/ },
+    ],
+    bodyPatterns: [/incapsula/i, /imperva/i],
+    cookiePatterns: [/incap_ses/i, /visid_incap/i],
+  },
+  {
+    name: "F5 BIG-IP",
+    headerPatterns: [
+      { header: "server", pattern: /big-?ip/i },
+      { header: "x-cnection", pattern: /.+/ },
+    ],
+    bodyPatterns: [],
+    cookiePatterns: [/bigipserver/i, /BIGipServer/i],
+  },
+  {
+    name: "ModSecurity",
+    headerPatterns: [
+      { header: "server", pattern: /mod_security|modsecurity/i },
+    ],
+    bodyPatterns: [/mod_security|modsecurity|owasp/i],
+    cookiePatterns: [],
+  },
+  {
+    name: "Fastly",
+    headerPatterns: [
+      { header: "via", pattern: /varnish/i },
+      { header: "x-fastly-request-id", pattern: /.+/ },
+      { header: "x-served-by", pattern: /cache-/i },
+    ],
+    bodyPatterns: [/fastly error/i],
+    cookiePatterns: [],
+  },
+  {
+    name: "DDoS-Guard",
+    headerPatterns: [
+      { header: "server", pattern: /ddos-guard/i },
+    ],
+    bodyPatterns: [/ddos-guard/i],
+    cookiePatterns: [/__ddg/i],
+  },
+  {
+    name: "Wordfence",
+    headerPatterns: [],
+    bodyPatterns: [/wordfence/i, /wfwaf-/i],
+    cookiePatterns: [/wordfence/i, /wfwaf/i],
+  },
+];
+
+export async function detectWaf(domain: string): Promise<WafResult> {
+  assertValidDomain(domain);
+
+  const result: WafResult = {
+    domain, detected: false, waf: null, confidence: "low", indicators: [], error: null,
+  };
+
+  try {
+    const resp = await fetch(`https://${domain}`, {
+      signal: AbortSignal.timeout(10000),
+      headers: { "User-Agent": "DomainSniper/2.0" },
+    });
+
+    const body = await resp.text();
+    const cookies = resp.headers.get("set-cookie") || "";
+
+    for (const sig of WAF_SIGNATURES) {
+      let matchCount = 0;
+      const indicators: string[] = [];
+
+      // Check headers
+      for (const hp of sig.headerPatterns) {
+        const val = resp.headers.get(hp.header);
+        if (val && hp.pattern.test(val)) {
+          matchCount++;
+          indicators.push(`Header: ${hp.header}=${val.slice(0, 50)}`);
+        }
+      }
+
+      // Check body
+      for (const bp of sig.bodyPatterns) {
+        if (bp.test(body)) {
+          matchCount++;
+          indicators.push(`Body pattern: ${bp.source.slice(0, 30)}`);
+        }
+      }
+
+      // Check cookies
+      for (const cp of sig.cookiePatterns) {
+        if (cp.test(cookies)) {
+          matchCount++;
+          indicators.push(`Cookie pattern: ${cp.source.slice(0, 30)}`);
+        }
+      }
+
+      if (matchCount > 0) {
+        result.detected = true;
+        result.waf = sig.name;
+        result.indicators = indicators;
+        result.confidence = matchCount >= 3 ? "high" : matchCount >= 2 ? "medium" : "low";
+        return result; // Return first match (most likely)
+      }
+    }
+
+    return result;
+  } catch (err: unknown) {
+    result.error = err instanceof Error ? err.message : "WAF detection failed";
+    return result;
+  }
+}

package/src/core/features/watch.ts

@@ -0,0 +1,120 @@
+/**
+ * Watch mode — monitor domains at an interval
+ */
+
+import { whoisLookup, verifyAvailability } from "../whois.js";
+import { execFile } from "child_process";
+
+export interface WatchConfig {
+  domains: string[];
+  intervalMs: number;       // default 3600000 (1 hour)
+  notify: boolean;          // desktop notifications
+  onAvailable?: (domain: string) => void;
+  onCheck?: (domain: string, status: string) => void;
+  onCycle?: (cycle: number) => void;
+}
+
+export class DomainWatcher {
+  private config: WatchConfig;
+  private timer: ReturnType<typeof setInterval> | null = null;
+  private cycle = 0;
+  private _running = false;
+
+  constructor(config: WatchConfig) {
+    this.config = {
+      ...{ intervalMs: 3600000, notify: true },
+      ...config,
+    };
+  }
+
+  get running() { return this._running; }
+
+  async checkOnce(): Promise<Map<string, string>> {
+    const results = new Map<string, string>();
+
+    for (const domain of this.config.domains) {
+      this.config.onCheck?.(domain, "checking");
+
+      const whois = await whoisLookup(domain);
+      const verify = await verifyAvailability(domain);
+
+      let status = "taken";
+      if (whois.available && verify.confidence === "high") status = "available";
+      else if (whois.expired) status = "expired";
+      else if (whois.available) status = "available";
+
+      results.set(domain, status);
+      this.config.onCheck?.(domain, status);
+
+      if ((status === "available" || status === "expired") && this.config.notify) {
+        this.config.onAvailable?.(domain);
+        sendDesktopNotification(domain, status);
+      }
+
+      // Rate limit
+      await new Promise((r) => setTimeout(r, 2000));
+    }
+
+    return results;
+  }
+
+  start() {
+    if (this._running) return;
+    this._running = true;
+    this.cycle = 0;
+
+    // Run immediately
+    void this.runCycle();
+
+    // Set interval
+    this.timer = setInterval(() => { void this.runCycle(); }, this.config.intervalMs);
+  }
+
+  stop() {
+    this._running = false;
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+  }
+
+  addDomain(domain: string) {
+    if (!this.config.domains.includes(domain)) {
+      this.config.domains.push(domain);
+    }
+  }
+
+  removeDomain(domain: string) {
+    this.config.domains = this.config.domains.filter((d) => d !== domain);
+  }
+
+  private async runCycle() {
+    this.cycle++;
+    this.config.onCycle?.(this.cycle);
+    await this.checkOnce();
+  }
+}
+
+function sendDesktopNotification(domain: string, status: string) {
+  const title = "Domain Sniper";
+  const rawMsg = status === "available"
+    ? `${domain} is AVAILABLE!`
+    : `${domain} has EXPIRED and may be available soon`;
+
+  // Strip double quotes and backslashes to prevent osascript injection
+  const msg = rawMsg.replace(/["\\]/g, "");
+
+  // macOS notification
+  try {
+    const script = `display notification "${msg}" with title "${title}" sound name "Glass"`;
+    execFile("osascript", ["-e", script], () => {});
+  } catch {
+    // Notification failed silently
+  }
+}
+
+export function formatInterval(ms: number): string {
+  if (ms < 60000) return `${Math.round(ms / 1000)}s`;
+  if (ms < 3600000) return `${Math.round(ms / 60000)}m`;
+  return `${(ms / 3600000).toFixed(1)}h`;
+}

package/src/core/features/wayback.ts

@@ -0,0 +1,64 @@
+import { assertValidDomain } from "../validate.js";
+import type { WaybackResult } from "../types.js";
+
+export async function checkWayback(domain: string): Promise<WaybackResult> {
+  assertValidDomain(domain);
+
+  try {
+    const resp = await fetch(
+      `https://web.archive.org/wayback/available?url=${encodeURIComponent(domain)}&timestamp=20000101`,
+      { signal: AbortSignal.timeout(8000) }
+    );
+    const data = await resp.json() as {
+      archived_snapshots?: {
+        closest?: { available: boolean; timestamp: string; url: string };
+      };
+    };
+
+    const closest = data.archived_snapshots?.closest;
+    let snapshots = 0;
+    let firstArchived: string | null = null;
+    let lastArchived: string | null = null;
+
+    try {
+      const cdxResp = await fetch(
+        `https://web.archive.org/cdx/search/cdx?url=${encodeURIComponent(domain)}&output=json&limit=1&fl=timestamp&sort=asc`,
+        { signal: AbortSignal.timeout(8000) }
+      );
+      const cdxFirst = await cdxResp.json() as string[][];
+      if (cdxFirst.length > 1 && cdxFirst[1]) {
+        firstArchived = formatWaybackTs(cdxFirst[1][0]!);
+      }
+
+      const cdxLastResp = await fetch(
+        `https://web.archive.org/cdx/search/cdx?url=${encodeURIComponent(domain)}&output=json&limit=1&fl=timestamp&sort=desc`,
+        { signal: AbortSignal.timeout(8000) }
+      );
+      const cdxLast = await cdxLastResp.json() as string[][];
+      if (cdxLast.length > 1 && cdxLast[1]) {
+        lastArchived = formatWaybackTs(cdxLast[1][0]!);
+      }
+
+      const countResp = await fetch(
+        `https://web.archive.org/cdx/search/cdx?url=${encodeURIComponent(domain)}&output=json&limit=0&showNumPages=true`,
+        { signal: AbortSignal.timeout(8000) }
+      );
+      const countText = await countResp.text();
+      snapshots = parseInt(countText, 10) || 0;
+    } catch {}
+
+    return {
+      hasHistory: !!closest?.available || snapshots > 0,
+      firstArchived,
+      lastArchived,
+      snapshots,
+    };
+  } catch {
+    return { hasHistory: false, firstArchived: null, lastArchived: null, snapshots: 0 };
+  }
+}
+
+function formatWaybackTs(ts: string): string {
+  if (ts.length < 8) return ts;
+  return `${ts.slice(0, 4)}-${ts.slice(4, 6)}-${ts.slice(6, 8)}`;
+}

package/src/core/features/webhooks.ts

@@ -0,0 +1,126 @@
+export interface WebhookPayload {
+  domain: string;
+  status: string;
+  timestamp: string;
+  details?: Record<string, unknown>;
+}
+
+export async function sendWebhook(
+  url: string,
+  payload: WebhookPayload
+): Promise<{ success: boolean; error?: string }> {
+  try {
+    // Detect Slack vs Discord vs generic
+    const isSlack = url.includes("hooks.slack.com");
+    const isDiscord = url.includes("discord.com/api/webhooks");
+
+    let body: string;
+
+    if (isSlack) {
+      body = JSON.stringify({
+        text: `*Domain Sniper Alert*\n\`${payload.domain}\` is now *${payload.status.toUpperCase()}*`,
+        blocks: [
+          {
+            type: "section",
+            text: {
+              type: "mrkdwn",
+              text: `*Domain Sniper Alert*\n\n\`${payload.domain}\` is now *${payload.status.toUpperCase()}*\n_${payload.timestamp}_`,
+            },
+          },
+        ],
+      });
+    } else if (isDiscord) {
+      body = JSON.stringify({
+        embeds: [{
+          title: "Domain Sniper Alert",
+          description: `\`${payload.domain}\` is now **${payload.status.toUpperCase()}**`,
+          color: payload.status === "available" ? 0x00e88f : payload.status === "expired" ? 0xf5c542 : 0x5c9cf5,
+          timestamp: payload.timestamp,
+        }],
+      });
+    } else {
+      body = JSON.stringify(payload);
+    }
+
+    const resp = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body,
+      signal: AbortSignal.timeout(10000),
+    });
+
+    if (!resp.ok) {
+      return { success: false, error: `HTTP ${resp.status}` };
+    }
+    return { success: true };
+  } catch (err: unknown) {
+    return { success: false, error: err instanceof Error ? err.message : "Webhook failed" };
+  }
+}
+
+export async function sendEmailAlert(
+  config: { host: string; port: number; user: string; pass: string; to: string },
+  payload: WebhookPayload
+): Promise<{ success: boolean; error?: string }> {
+  // Use Bun's built-in TCP for basic SMTP
+  try {
+    const socket = await Bun.connect({
+      hostname: config.host,
+      port: config.port,
+      socket: {
+        data(_socket, _data) { /* consume responses */ },
+        open(socket) {
+          // Simple SMTP sequence
+          setTimeout(() => {
+            socket.write(`EHLO domain-sniper\r\n`);
+            setTimeout(() => {
+              socket.write(`AUTH LOGIN\r\n`);
+              setTimeout(() => {
+                socket.write(`${btoa(config.user)}\r\n`);
+                setTimeout(() => {
+                  socket.write(`${btoa(config.pass)}\r\n`);
+                  setTimeout(() => {
+                    socket.write(`MAIL FROM:<${config.user}>\r\n`);
+                    setTimeout(() => {
+                      socket.write(`RCPT TO:<${config.to}>\r\n`);
+                      setTimeout(() => {
+                        socket.write(`DATA\r\n`);
+                        setTimeout(() => {
+                          const msg = [
+                            `From: Domain Sniper <${config.user}>`,
+                            `To: ${config.to}`,
+                            `Subject: Domain Alert: ${payload.domain} is ${payload.status}`,
+                            `Content-Type: text/plain; charset=utf-8`,
+                            ``,
+                            `Domain Sniper Alert`,
+                            ``,
+                            `Domain: ${payload.domain}`,
+                            `Status: ${payload.status.toUpperCase()}`,
+                            `Time: ${payload.timestamp}`,
+                            ``,
+                            `---`,
+                            `Sent by Domain Sniper`,
+                          ].join("\r\n");
+                          socket.write(`${msg}\r\n.\r\n`);
+                          setTimeout(() => {
+                            socket.write(`QUIT\r\n`);
+                            socket.end();
+                          }, 500);
+                        }, 500);
+                      }, 500);
+                    }, 500);
+                  }, 500);
+                }, 500);
+              }, 500);
+            }, 500);
+          }, 500);
+        },
+        close() {},
+        error() {},
+      },
+    });
+    return { success: true };
+  } catch (err: unknown) {
+    return { success: false, error: err instanceof Error ? err.message : "Email send failed" };
+  }
+}

package/src/core/features/whois-history.ts

@@ -0,0 +1,99 @@
+/**
+ * WHOIS history tracking — SQLite-backed snapshot storage
+ */
+
+import {
+  saveWhoisSnapshotDb,
+  getWhoisHistoryDb,
+  getWhoisHistoryCountDb,
+} from "../db.js";
+import { isValidDomain } from "../validate.js";
+import type { WhoisResult } from "../whois.js";
+
+export interface WhoisSnapshot {
+  timestamp: string;
+  domain: string;
+  registrar: string | null;
+  expiryDate: string | null;
+  createdDate: string | null;
+  updatedDate: string | null;
+  status: string[];
+  nameServers: string[];
+  available: boolean;
+  expired: boolean;
+}
+
+export interface WhoisDiff {
+  field: string;
+  old: string;
+  new: string;
+}
+
+export function saveWhoisSnapshot(whois: WhoisResult): string {
+  if (!isValidDomain(whois.domain)) throw new Error(`Invalid domain: ${whois.domain}`);
+  const id = saveWhoisSnapshotDb(whois.domain, {
+    registrar: whois.registrar,
+    expiryDate: whois.expiryDate,
+    createdDate: whois.createdDate,
+    updatedDate: whois.updatedDate,
+    status: whois.status,
+    nameServers: whois.nameServers,
+    available: whois.available,
+    expired: whois.expired,
+    rawText: whois.rawText,
+  });
+  return `db:whois-${id}`;
+}
+
+function dbRowToSnapshot(row: any): WhoisSnapshot {
+  return {
+    timestamp: row.snapshot_at,
+    domain: row.domain,
+    registrar: row.registrar,
+    expiryDate: row.expiry_date,
+    createdDate: row.created_date,
+    updatedDate: row.updated_date,
+    status: (() => { try { return JSON.parse(row.status || "[]"); } catch { return []; } })(),
+    nameServers: (() => { try { return JSON.parse(row.name_servers || "[]"); } catch { return []; } })(),
+    available: !!row.available,
+    expired: !!row.expired,
+  };
+}
+
+export function getWhoisHistory(domain: string): WhoisSnapshot[] {
+  if (!isValidDomain(domain)) return [];
+  const rows = getWhoisHistoryDb(domain);
+  return rows.map(dbRowToSnapshot).reverse(); // oldest first
+}
+
+export function diffWhoisSnapshots(
+  older: WhoisSnapshot,
+  newer: WhoisSnapshot
+): WhoisDiff[] {
+  const diffs: WhoisDiff[] = [];
+  const fields: (keyof WhoisSnapshot)[] = [
+    "registrar", "expiryDate", "createdDate", "updatedDate", "available", "expired",
+  ];
+  for (const field of fields) {
+    const oldVal = String(older[field] ?? "");
+    const newVal = String(newer[field] ?? "");
+    if (oldVal !== newVal) diffs.push({ field, old: oldVal, new: newVal });
+  }
+  const oldStatus = [...older.status].sort().join(", ");
+  const newStatus = [...newer.status].sort().join(", ");
+  if (oldStatus !== newStatus) diffs.push({ field: "status", old: oldStatus, new: newStatus });
+  const oldNs = [...older.nameServers].sort().join(", ");
+  const newNs = [...newer.nameServers].sort().join(", ");
+  if (oldNs !== newNs) diffs.push({ field: "nameServers", old: oldNs, new: newNs });
+  return diffs;
+}
+
+export function getLatestDiff(domain: string): WhoisDiff[] | null {
+  const history = getWhoisHistory(domain);
+  if (history.length < 2) return null;
+  return diffWhoisSnapshots(history[history.length - 2]!, history[history.length - 1]!);
+}
+
+export function getHistoryCount(domain: string): number {
+  return getWhoisHistoryCountDb(domain);
+}

package/src/core/features/zone-transfer.ts

@@ -0,0 +1,75 @@
+import { execFile } from "child_process";
+import { promisify } from "util";
+import { assertValidDomain } from "../validate.js";
+
+const execFileAsync = promisify(execFile);
+
+export interface ZoneTransferResult {
+  domain: string;
+  vulnerable: boolean;
+  nameServers: string[];
+  vulnerableNs: string[];
+  records: string[];
+  error: string | null;
+}
+
+async function getNameServers(domain: string): Promise<string[]> {
+  try {
+    const { stdout } = await execFileAsync("dig", ["+short", domain, "NS"], { timeout: 5000 });
+    return stdout.trim().split("\n").filter(Boolean).map((ns) => ns.replace(/\.$/, ""));
+  } catch {
+    return [];
+  }
+}
+
+async function attemptAxfr(domain: string, nameserver: string): Promise<{ success: boolean; records: string[] }> {
+  try {
+    const { stdout } = await execFileAsync(
+      "dig", ["@" + nameserver, domain, "AXFR", "+noall", "+answer", "+time=5"],
+      { timeout: 10000 }
+    );
+    const lines = stdout.trim().split("\n").filter((l) => l && !l.startsWith(";"));
+    // If we got records, the zone transfer succeeded (vulnerable!)
+    if (lines.length > 0) {
+      return { success: true, records: lines.slice(0, 100) };
+    }
+    return { success: false, records: [] };
+  } catch {
+    return { success: false, records: [] };
+  }
+}
+
+export async function checkZoneTransfer(domain: string): Promise<ZoneTransferResult> {
+  assertValidDomain(domain);
+
+  const result: ZoneTransferResult = {
+    domain,
+    vulnerable: false,
+    nameServers: [],
+    vulnerableNs: [],
+    records: [],
+    error: null,
+  };
+
+  try {
+    result.nameServers = await getNameServers(domain);
+    if (result.nameServers.length === 0) {
+      result.error = "No nameservers found";
+      return result;
+    }
+
+    for (const ns of result.nameServers) {
+      const { success, records } = await attemptAxfr(domain, ns);
+      if (success) {
+        result.vulnerable = true;
+        result.vulnerableNs.push(ns);
+        result.records.push(...records);
+      }
+    }
+
+    return result;
+  } catch (err: unknown) {
+    result.error = err instanceof Error ? err.message : "Zone transfer check failed";
+    return result;
+  }
+}