domsniper 0.1.0

package/src/core/features/security-headers.ts

@@ -0,0 +1,162 @@
+import { assertValidDomain } from "../validate.js";
+
+export interface SecurityHeadersResult {
+  domain: string;
+  grade: "A+" | "A" | "B" | "C" | "D" | "F";
+  score: number;
+  headers: HeaderCheck[];
+  missing: string[];
+  error: string | null;
+}
+
+export interface HeaderCheck {
+  name: string;
+  present: boolean;
+  value: string | null;
+  status: "good" | "warn" | "bad" | "missing";
+  detail: string;
+}
+
+const HEADER_CHECKS: {
+  name: string;
+  header: string;
+  weight: number;
+  check: (value: string | null) => { status: "good" | "warn" | "bad" | "missing"; detail: string };
+}[] = [
+  {
+    name: "Strict-Transport-Security",
+    header: "strict-transport-security",
+    weight: 20,
+    check: (v) => {
+      if (!v) return { status: "missing", detail: "HSTS not set — allows protocol downgrade attacks" };
+      if (v.includes("max-age=0")) return { status: "bad", detail: "HSTS max-age=0 effectively disables it" };
+      const maxAge = parseInt(v.match(/max-age=(\d+)/)?.[1] || "0", 10);
+      if (maxAge < 31536000) return { status: "warn", detail: `HSTS max-age=${maxAge} (recommended: 31536000+)` };
+      if (v.includes("includeSubDomains") && v.includes("preload")) return { status: "good", detail: "HSTS with preload and includeSubDomains" };
+      return { status: "good", detail: `HSTS max-age=${maxAge}` };
+    },
+  },
+  {
+    name: "Content-Security-Policy",
+    header: "content-security-policy",
+    weight: 20,
+    check: (v) => {
+      if (!v) return { status: "missing", detail: "No CSP — vulnerable to XSS and injection" };
+      if (v.includes("unsafe-inline") && v.includes("unsafe-eval")) return { status: "warn", detail: "CSP allows unsafe-inline and unsafe-eval" };
+      if (v.includes("unsafe-inline")) return { status: "warn", detail: "CSP allows unsafe-inline" };
+      return { status: "good", detail: "CSP configured" };
+    },
+  },
+  {
+    name: "X-Frame-Options",
+    header: "x-frame-options",
+    weight: 15,
+    check: (v) => {
+      if (!v) return { status: "missing", detail: "No X-Frame-Options — clickjacking possible" };
+      if (v.toUpperCase() === "DENY" || v.toUpperCase() === "SAMEORIGIN") return { status: "good", detail: `X-Frame-Options: ${v}` };
+      return { status: "warn", detail: `X-Frame-Options: ${v} (unusual value)` };
+    },
+  },
+  {
+    name: "X-Content-Type-Options",
+    header: "x-content-type-options",
+    weight: 10,
+    check: (v) => {
+      if (!v) return { status: "missing", detail: "No X-Content-Type-Options — MIME sniffing possible" };
+      return { status: "good", detail: "nosniff enabled" };
+    },
+  },
+  {
+    name: "Referrer-Policy",
+    header: "referrer-policy",
+    weight: 10,
+    check: (v) => {
+      if (!v) return { status: "missing", detail: "No Referrer-Policy — may leak URLs to third parties" };
+      if (v === "unsafe-url") return { status: "bad", detail: "Referrer-Policy: unsafe-url leaks full URLs" };
+      return { status: "good", detail: `Referrer-Policy: ${v}` };
+    },
+  },
+  {
+    name: "Permissions-Policy",
+    header: "permissions-policy",
+    weight: 10,
+    check: (v) => {
+      if (!v) return { status: "missing", detail: "No Permissions-Policy — browser features unrestricted" };
+      return { status: "good", detail: "Permissions-Policy configured" };
+    },
+  },
+  {
+    name: "X-XSS-Protection",
+    header: "x-xss-protection",
+    weight: 5,
+    check: (v) => {
+      if (!v) return { status: "warn", detail: "No X-XSS-Protection (deprecated but still useful)" };
+      if (v.startsWith("0")) return { status: "warn", detail: "XSS Protection explicitly disabled" };
+      return { status: "good", detail: `X-XSS-Protection: ${v}` };
+    },
+  },
+  {
+    name: "Server Header",
+    header: "server",
+    weight: 5,
+    check: (v) => {
+      if (!v) return { status: "good", detail: "Server header hidden (good practice)" };
+      if (/\d+\.\d+/.test(v)) return { status: "warn", detail: `Server: ${v} (version exposed)` };
+      return { status: "good", detail: `Server: ${v}` };
+    },
+  },
+  {
+    name: "X-Powered-By",
+    header: "x-powered-by",
+    weight: 5,
+    check: (v) => {
+      if (!v) return { status: "good", detail: "X-Powered-By hidden (good practice)" };
+      return { status: "warn", detail: `X-Powered-By: ${v} (leaks technology info)` };
+    },
+  },
+];
+
+export async function auditSecurityHeaders(domain: string): Promise<SecurityHeadersResult> {
+  assertValidDomain(domain);
+
+  const result: SecurityHeadersResult = {
+    domain, grade: "F", score: 0, headers: [], missing: [], error: null,
+  };
+
+  try {
+    const resp = await fetch(`https://${domain}`, {
+      signal: AbortSignal.timeout(10000),
+      headers: { "User-Agent": "DomainSniper/2.0" },
+    });
+
+    let totalWeight = 0;
+    let earnedWeight = 0;
+
+    for (const hc of HEADER_CHECKS) {
+      const value = resp.headers.get(hc.header);
+      const { status, detail } = hc.check(value);
+      totalWeight += hc.weight;
+
+      if (status === "good") earnedWeight += hc.weight;
+      else if (status === "warn") earnedWeight += hc.weight * 0.5;
+      // bad and missing = 0 points
+
+      result.headers.push({ name: hc.name, present: !!value, value, status, detail });
+      if (status === "missing") result.missing.push(hc.name);
+    }
+
+    result.score = Math.round((earnedWeight / totalWeight) * 100);
+
+    if (result.score >= 95) result.grade = "A+";
+    else if (result.score >= 80) result.grade = "A";
+    else if (result.score >= 65) result.grade = "B";
+    else if (result.score >= 45) result.grade = "C";
+    else if (result.score >= 25) result.grade = "D";
+    else result.grade = "F";
+
+    return result;
+  } catch (err: unknown) {
+    result.error = err instanceof Error ? err.message : "Security headers check failed";
+    return result;
+  }
+}

package/src/core/features/session.ts

@@ -0,0 +1,74 @@
+/**
+ * Session persistence — SQLite-backed save/load scan results
+ */
+
+import {
+  createSession as dbCreateSession,
+  updateSessionCount,
+  listAllSessions,
+  getSession,
+  getSessionScans,
+  deleteSessionById,
+  upsertDomain,
+  saveScan,
+} from "../db.js";
+import type { DomainEntry } from "../types.js";
+import { scoreDomain } from "./scoring.js";
+
+export interface SavedSession {
+  id: string;
+  timestamp: string;
+  domains: DomainEntry[];
+  watchlist: string[];
+  tags: Record<string, string[]>;
+  notes: Record<string, string>;
+}
+
+export function saveSession(
+  domains: DomainEntry[],
+  watchlist: string[] = [],
+  tags: Record<string, string[]> = {},
+  notes: Record<string, string> = {}
+): string {
+  const sessionId = dbCreateSession();
+  for (const d of domains) {
+    const domainId = upsertDomain(d.domain);
+    const score = scoreDomain(d.domain);
+    saveScan(domainId, d.status, d, sessionId, score.total);
+  }
+  updateSessionCount(sessionId, domains.length);
+  return `session-${sessionId}`;
+}
+
+export function loadSession(id: string): SavedSession | null {
+  // Accept both "session-123" format and raw number
+  const numId = parseInt(id.replace("session-", "").replace("scan-", ""), 10);
+  if (isNaN(numId)) return null;
+  const session = getSession(numId);
+  if (!session) return null;
+  const domains = getSessionScans(numId);
+  return {
+    id: `session-${session.id}`,
+    timestamp: session.created_at,
+    domains,
+    watchlist: [],
+    tags: {},
+    notes: {},
+  };
+}
+
+export function listSessions(): { id: string; timestamp: string; count: number; path: string }[] {
+  return listAllSessions().map((s) => ({
+    id: `session-${s.id}`,
+    timestamp: s.created_at,
+    count: s.domain_count,
+    path: `db:session-${s.id}`,
+  }));
+}
+
+export function deleteSession(id: string): boolean {
+  const numId = parseInt(id.replace("session-", "").replace("scan-", ""), 10);
+  if (isNaN(numId)) return false;
+  deleteSessionById(numId);
+  return true;
+}

package/src/core/features/snipe.ts

@@ -0,0 +1,264 @@
+import { execFile } from "child_process";
+import { promisify } from "util";
+import { whoisLookup } from "../whois.js";
+import { registerDomain, loadConfigFromEnv, type RegistrarConfig } from "../registrar.js";
+import { assertValidDomain } from "../validate.js";
+import {
+  addSnipe, getSnipe, getActiveSnipes, updateSnipeStatus, updateSnipeCheck,
+  markSnipeRegistered, type SnipeStatus, type SnipePhase,
+} from "../db.js";
+import { sendWebhook, type WebhookPayload } from "./webhooks.js";
+import { loadConfig } from "./config.js";
+
+const execFileAsync = promisify(execFile);
+
+export interface SnipeConfig {
+  registrarConfig: RegistrarConfig | null;
+  webhookUrl?: string;
+  maxPrice?: number;
+  onStatusChange?: (domain: string, status: SnipeStatus, phase: SnipePhase, message: string) => void;
+  onRegistered?: (domain: string) => void;
+  onFailed?: (domain: string, error: string) => void;
+}
+
+export interface SnipeTarget {
+  domain: string;
+  expiryDate: string | null;
+  status: SnipeStatus;
+  phase: SnipePhase;
+  checkCount: number;
+  lastChecked: string | null;
+  lastStatus: string | null;
+}
+
+// Phase intervals
+const PHASE_INTERVALS: Record<SnipePhase, number> = {
+  hourly: 3600000,      // 1 hour — domain is registered, just watching
+  frequent: 300000,     // 5 minutes — domain expired, checking often
+  aggressive: 30000,    // 30 seconds — domain in pending delete, sniping
+};
+
+export class SnipeEngine {
+  private config: SnipeConfig;
+  private timer: ReturnType<typeof setInterval> | null = null;
+  private _running = false;
+
+  constructor(config: SnipeConfig) {
+    this.config = config;
+  }
+
+  get running() { return this._running; }
+
+  async start(): Promise<void> {
+    if (this._running) return;
+    this._running = true;
+
+    this.emit("engine", "watching", "hourly", "Snipe engine started");
+
+    // Run immediately
+    await this.tick();
+
+    // Main loop — check every 30s, but only act on domains whose interval has elapsed
+    this.timer = setInterval(() => { void this.tick(); }, 30000);
+  }
+
+  stop(): void {
+    this._running = false;
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+  }
+
+  private emit(domain: string, status: SnipeStatus, phase: SnipePhase, message: string) {
+    this.config.onStatusChange?.(domain, status, phase, message);
+  }
+
+  private async tick(): Promise<void> {
+    if (!this._running) return;
+    const snipes = getActiveSnipes();
+
+    for (const snipe of snipes) {
+      // Check if enough time has elapsed since last check
+      const interval = PHASE_INTERVALS[snipe.phase as SnipePhase] || PHASE_INTERVALS.hourly;
+      if (snipe.last_checked) {
+        const elapsed = Date.now() - new Date(snipe.last_checked + "Z").getTime();
+        if (elapsed < interval) continue;
+      }
+
+      await this.checkDomain(snipe);
+
+      // Small delay between domains to avoid rate limiting
+      await new Promise((r) => setTimeout(r, 2000));
+    }
+  }
+
+  private async checkDomain(snipe: any): Promise<void> {
+    const domain = snipe.domain;
+
+    try {
+      // Quick DNS check first (fastest)
+      const _hasNs = await this.hasNameservers(domain);
+
+      // Full WHOIS check
+      const whois = await whoisLookup(domain);
+
+      if (whois.available) {
+        // DOMAIN IS AVAILABLE — attempt registration!
+        this.emit(domain, "registering", "aggressive", `${domain} is AVAILABLE — registering!`);
+        updateSnipeStatus(domain, "registering", "aggressive");
+
+        await this.attemptRegistration(domain, snipe);
+        return;
+      }
+
+      if (whois.expired) {
+        // Domain is expired — ramp up checking
+        const currentPhase = snipe.phase as SnipePhase;
+
+        // Check for pending delete indicators
+        const isPendingDelete = whois.status.some((s: string) =>
+          s.toLowerCase().includes("pendingdelete") || s.toLowerCase().includes("pending delete")
+        );
+
+        if (isPendingDelete) {
+          // About to drop — go aggressive
+          if (currentPhase !== "aggressive") {
+            updateSnipeStatus(domain, "dropping", "aggressive");
+            this.emit(domain, "dropping", "aggressive", `${domain} is PENDING DELETE — checking every 30s!`);
+            await this.notify(domain, "dropping", `${domain} is in pending delete — sniping aggressively!`);
+          }
+        } else {
+          // Expired but not yet pending delete
+          if (currentPhase === "hourly") {
+            updateSnipeStatus(domain, "expiring", "frequent");
+            this.emit(domain, "expiring", "frequent", `${domain} has EXPIRED — checking every 5 min`);
+            await this.notify(domain, "expiring", `${domain} has expired — monitoring closely`);
+          }
+        }
+
+        updateSnipeCheck(domain, whois.expired ? "expired" : "taken");
+      } else {
+        // Still registered and active
+        updateSnipeCheck(domain, "taken");
+
+        // Check if expiry date is approaching
+        if (whois.expiryDate) {
+          const daysLeft = Math.floor((new Date(whois.expiryDate).getTime() - Date.now()) / 86400000);
+          if (daysLeft <= 30 && snipe.phase === "hourly") {
+            this.emit(domain, "watching", "hourly", `${domain} expires in ${daysLeft} days`);
+          }
+        }
+      }
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : "Check failed";
+      updateSnipeCheck(domain, `error: ${msg}`);
+    }
+  }
+
+  private async attemptRegistration(domain: string, snipe: any): Promise<void> {
+    const config = this.config.registrarConfig || loadConfigFromEnv();
+    if (!config?.apiKey) {
+      updateSnipeStatus(domain, "failed");
+      this.emit(domain, "failed", "aggressive", "No registrar configured — cannot register");
+      this.config.onFailed?.(domain, "No registrar configured");
+      await this.notify(domain, "failed", `${domain} is available but no registrar configured!`);
+      return;
+    }
+
+    // Check price constraint
+    if (snipe.max_price) {
+      // We don't have real-time pricing here, so just attempt registration
+    }
+
+    try {
+      const result = await registerDomain(domain, config);
+
+      if (result.success) {
+        markSnipeRegistered(domain);
+        this.emit(domain, "registered", "aggressive", `SUCCESS — ${domain} registered!`);
+        this.config.onRegistered?.(domain);
+        await this.notify(domain, "registered", `${domain} has been REGISTERED successfully!`);
+      } else {
+        // Registration failed — keep trying
+        updateSnipeCheck(domain, `reg-failed: ${result.error}`);
+        this.emit(domain, "dropping", "aggressive", `Registration attempt failed: ${result.error} — retrying...`);
+      }
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : "Registration error";
+      updateSnipeCheck(domain, `reg-error: ${msg}`);
+      this.emit(domain, "dropping", "aggressive", `Registration error: ${msg} — retrying...`);
+    }
+  }
+
+  private async hasNameservers(domain: string): Promise<boolean> {
+    try {
+      assertValidDomain(domain);
+      const { stdout } = await execFileAsync("dig", ["+short", domain, "NS"], { timeout: 5000 });
+      return !!stdout.trim();
+    } catch {
+      return false;
+    }
+  }
+
+  private async notify(domain: string, status: string, message: string): Promise<void> {
+    // Desktop notification
+    try {
+      const script = `display notification "${message.replace(/["\\]/g, "")}" with title "Domain Sniper" sound name "Glass"`;
+      execFileAsync("osascript", ["-e", script]).catch(() => {});
+    } catch {}
+
+    // Webhook
+    const webhookUrl = this.config.webhookUrl || loadConfig().notifications.webhookUrl;
+    if (webhookUrl) {
+      const payload: WebhookPayload = {
+        domain,
+        status,
+        timestamp: new Date().toISOString(),
+        details: { message },
+      };
+      await sendWebhook(webhookUrl, payload).catch(() => {});
+    }
+  }
+}
+
+// ─── Convenience functions ───────────────────────────────
+
+export function snipeDomain(domain: string, options: {
+  expiryDate?: string;
+  maxPrice?: number;
+} = {}): number {
+  assertValidDomain(domain);
+  return addSnipe(domain, {
+    expiryDate: options.expiryDate,
+    maxPrice: options.maxPrice,
+  });
+}
+
+export function cancelSnipe(domain: string): void {
+  updateSnipeStatus(domain, "cancelled");
+}
+
+export function getSnipeTargets(): SnipeTarget[] {
+  const snipes = getActiveSnipes();
+  return snipes.map((s: any) => ({
+    domain: s.domain,
+    expiryDate: s.expiry_date,
+    status: s.status,
+    phase: s.phase,
+    checkCount: s.check_count,
+    lastChecked: s.last_checked,
+    lastStatus: s.last_status,
+  }));
+}
+
+export function createSnipeEngine(config: Partial<SnipeConfig> = {}): SnipeEngine {
+  return new SnipeEngine({
+    registrarConfig: config.registrarConfig || loadConfigFromEnv(),
+    webhookUrl: config.webhookUrl,
+    maxPrice: config.maxPrice,
+    onStatusChange: config.onStatusChange,
+    onRegistered: config.onRegistered,
+    onFailed: config.onFailed,
+  });
+}

package/src/core/features/social-check.ts

@@ -0,0 +1,81 @@
+import { assertValidDomain } from "../validate.js";
+
+export interface SocialCheckResult {
+  platform: string;
+  url: string;
+  available: boolean;
+  error: string | null;
+}
+
+const PLATFORMS: { name: string; urlTemplate: string }[] = [
+  { name: "Twitter/X", urlTemplate: "https://x.com/{name}" },
+  { name: "GitHub", urlTemplate: "https://github.com/{name}" },
+  { name: "Instagram", urlTemplate: "https://www.instagram.com/{name}/" },
+  { name: "Reddit", urlTemplate: "https://www.reddit.com/user/{name}" },
+  { name: "TikTok", urlTemplate: "https://www.tiktok.com/@{name}" },
+  { name: "YouTube", urlTemplate: "https://www.youtube.com/@{name}" },
+  { name: "LinkedIn", urlTemplate: "https://www.linkedin.com/company/{name}" },
+  { name: "Twitch", urlTemplate: "https://www.twitch.tv/{name}" },
+  { name: "Pinterest", urlTemplate: "https://www.pinterest.com/{name}/" },
+  { name: "npm", urlTemplate: "https://www.npmjs.com/package/{name}" },
+  { name: "PyPI", urlTemplate: "https://pypi.org/project/{name}/" },
+  { name: "Mastodon", urlTemplate: "https://mastodon.social/@{name}" },
+];
+
+async function checkPlatform(
+  platform: { name: string; urlTemplate: string },
+  username: string
+): Promise<SocialCheckResult> {
+  const url = platform.urlTemplate.replace("{name}", encodeURIComponent(username));
+  try {
+    const resp = await fetch(url, {
+      method: "HEAD",
+      redirect: "manual",
+      signal: AbortSignal.timeout(6000),
+      headers: { "User-Agent": "DomainSniper/2.0" },
+    });
+    // 404 = available, 200 = taken, 3xx = usually taken (redirect to profile)
+    const available = resp.status === 404;
+    return { platform: platform.name, url, available, error: null };
+  } catch (err: unknown) {
+    // If HEAD fails, try GET (some platforms block HEAD)
+    try {
+      const resp = await fetch(url, {
+        redirect: "manual",
+        signal: AbortSignal.timeout(6000),
+        headers: { "User-Agent": "DomainSniper/2.0" },
+      });
+      const available = resp.status === 404;
+      return { platform: platform.name, url, available, error: null };
+    } catch {
+      return { platform: platform.name, url, available: false, error: "Unreachable" };
+    }
+  }
+}
+
+export async function checkSocialMedia(
+  domain: string,
+  platforms: typeof PLATFORMS = PLATFORMS
+): Promise<SocialCheckResult[]> {
+  // Extract name part from domain
+  const name = domain.split(".")[0] || "";
+  if (!name || name.length < 2) return [];
+
+  // Check in batches of 4 to avoid rate limiting
+  const results: SocialCheckResult[] = [];
+  const BATCH = 4;
+  for (let i = 0; i < platforms.length; i += BATCH) {
+    const batch = platforms.slice(i, i + BATCH);
+    const batchResults = await Promise.all(
+      batch.map((p) => checkPlatform(p, name))
+    );
+    results.push(...batchResults);
+  }
+  return results;
+}
+
+export function getAvailablePlatforms(results: SocialCheckResult[]): SocialCheckResult[] {
+  return results.filter((r) => r.available && !r.error);
+}
+
+export { PLATFORMS };

package/src/core/features/ssl-check.ts

@@ -0,0 +1,88 @@
+import { assertValidDomain } from "../validate.js";
+import { connect } from "tls";
+
+export interface SslResult {
+  valid: boolean;
+  issuer: string | null;
+  subject: string | null;
+  validFrom: string | null;
+  validTo: string | null;
+  daysUntilExpiry: number | null;
+  sans: string[];
+  protocol: string | null;
+  error: string | null;
+}
+
+export function checkSsl(domain: string): Promise<SslResult> {
+  assertValidDomain(domain);
+
+  return new Promise((resolve) => {
+    const timeout = setTimeout(() => {
+      socket.destroy();
+      resolve({
+        valid: false, issuer: null, subject: null, validFrom: null,
+        validTo: null, daysUntilExpiry: null, sans: [], protocol: null,
+        error: "Connection timeout",
+      });
+    }, 8000);
+
+    const socket = connect(
+      { host: domain, port: 443, servername: domain, rejectUnauthorized: false },
+      () => {
+        clearTimeout(timeout);
+        try {
+          const cert = (socket as any).getPeerCertificate?.();
+          if (!cert || !cert.subject) {
+            socket.destroy();
+            resolve({
+              valid: false, issuer: null, subject: null, validFrom: null,
+              validTo: null, daysUntilExpiry: null, sans: [], protocol: null,
+              error: "No certificate",
+            });
+            return;
+          }
+
+          const validTo = cert.valid_to ? new Date(cert.valid_to) : null;
+          const daysLeft = validTo ? Math.floor((validTo.getTime() - Date.now()) / 86400000) : null;
+
+          const sans: string[] = [];
+          if (cert.subjectaltname) {
+            const parts = (cert.subjectaltname as string).split(",").map((s: string) => s.trim());
+            for (const part of parts) {
+              if (part.startsWith("DNS:")) sans.push(part.slice(4));
+            }
+          }
+
+          socket.destroy();
+          resolve({
+            valid: (socket as any).authorized ?? (daysLeft !== null && daysLeft > 0),
+            issuer: cert.issuer?.O || cert.issuer?.CN || null,
+            subject: cert.subject?.CN || null,
+            validFrom: cert.valid_from || null,
+            validTo: cert.valid_to || null,
+            daysUntilExpiry: daysLeft,
+            sans,
+            protocol: (socket as any).getProtocol?.() || null,
+            error: null,
+          });
+        } catch (err: unknown) {
+          socket.destroy();
+          resolve({
+            valid: false, issuer: null, subject: null, validFrom: null,
+            validTo: null, daysUntilExpiry: null, sans: [], protocol: null,
+            error: err instanceof Error ? err.message : "SSL check failed",
+          });
+        }
+      }
+    );
+
+    socket.on("error", (err) => {
+      clearTimeout(timeout);
+      resolve({
+        valid: false, issuer: null, subject: null, validFrom: null,
+        validTo: null, daysUntilExpiry: null, sans: [], protocol: null,
+        error: err.message,
+      });
+    });
+  });
+}