icarus-cmd 0.3.1

package/src/tools/dalfox.js

@@ -0,0 +1,42 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { normalize } from '../core/severity.js';
+
+export default {
+  id: 'dalfox',
+  name: 'dalfox',
+  category: 'web',
+  description: "Scanner d'injection XSS",
+  needs: 'url',
+  needsWorkdir: true,
+  bins: ['dalfox'],
+  winPaths: [],
+  install: 'go install github.com/hahwul/dalfox/v2@latest',
+
+  command(target, opts = {}) {
+    const out = join(opts.workdir, 'dalfox.json');
+    return { args: ['url', target, '--format', 'json', '-o', out, '--silence', '--no-spinner'] };
+  },
+
+  parse({ workdir, target }) {
+    const out = join(workdir || '', 'dalfox.json');
+    if (!workdir || !existsSync(out)) return [];
+    const raw = readFileSync(out, 'utf8').trim();
+    if (!raw) return [];
+
+    let items = [];
+    try {
+      items = JSON.parse(raw); // tableau de PoCs
+    } catch {
+      // certains builds écrivent du JSONL
+      items = raw.split(/\r?\n/).map((l) => { try { return JSON.parse(l); } catch { return null; } }).filter(Boolean);
+    }
+    return [].concat(items).map((p) => ({
+      type: 'xss',
+      severity: normalize(p.severity) === 'unknown' ? 'high' : normalize(p.severity),
+      title: `XSS (${p.type || 'reflected'}) — ${p.param || ''}`.trim(),
+      detail: p.data || p.evidence || target,
+      ref: 'dalfox',
+    }));
+  },
+};

package/src/tools/ffuf.js

@@ -0,0 +1,45 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const DEFAULT_WL = join(dirname(fileURLToPath(import.meta.url)), '..', '..', 'wordlists', 'common.txt');
+
+export default {
+  id: 'ffuf',
+  name: 'ffuf',
+  category: 'web',
+  description: 'Fuzzing web (dossiers/fichiers cachés)',
+  needs: 'url',
+  needsWorkdir: true,
+  bins: ['ffuf'],
+  winPaths: [],
+  install: 'go install github.com/ffuf/ffuf/v2@latest',
+
+  options: [
+    { key: 'wordlist', label: 'Wordlist (chemin)', type: 'text', placeholder: 'vide = wordlist intégrée' },
+  ],
+
+  command(target, opts = {}) {
+    let url = target;
+    if (!/FUZZ/.test(url)) url = url.replace(/\/?$/, '/') + 'FUZZ';
+    const wl = opts.wordlist && existsSync(opts.wordlist) ? opts.wordlist : DEFAULT_WL;
+    const out = join(opts.workdir, 'ffuf.json');
+    return {
+      args: ['-u', url, '-w', wl, '-of', 'json', '-o', out, '-mc', '200,204,301,302,307,401,403', '-s'],
+    };
+  },
+
+  parse({ workdir }) {
+    const out = join(workdir || '', 'ffuf.json');
+    if (!workdir || !existsSync(out)) return [];
+    let data;
+    try { data = JSON.parse(readFileSync(out, 'utf8')); } catch { return []; }
+    return (data.results || []).map((r) => ({
+      type: 'content',
+      severity: r.status === 403 ? 'low' : 'info',
+      title: `[${r.status}] ${r.url}`,
+      detail: `taille:${r.length} mots:${r.words}`,
+      ref: 'ffuf',
+    }));
+  },
+};

package/src/tools/gobuster.js

@@ -0,0 +1,44 @@
+// gobuster : brute-force de dossiers/fichiers web. Parsing de la sortie texte.
+
+import { existsSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const DEFAULT_WL = join(dirname(fileURLToPath(import.meta.url)), '..', '..', 'wordlists', 'common.txt');
+
+export default {
+  id: 'gobuster',
+  name: 'gobuster',
+  category: 'web',
+  description: 'Brute-force de dossiers/fichiers web',
+  needs: 'url',
+  bins: ['gobuster'],
+  winPaths: [],
+  install: 'go install github.com/OJ/gobuster/v3@latest',
+
+  options: [
+    { key: 'wordlist', label: 'Wordlist (chemin)', type: 'text', placeholder: 'vide = wordlist intégrée' },
+  ],
+
+  command(target, opts = {}) {
+    const wl = opts.wordlist && existsSync(opts.wordlist) ? opts.wordlist : DEFAULT_WL;
+    return { args: ['dir', '-u', target, '-w', wl, '-q', '--no-error'] };
+  },
+
+  parse({ stdout }) {
+    const findings = [];
+    // Lignes type:  /admin                (Status: 301) [Size: 0]
+    const re = /^(\/\S*)\s+\(Status:\s*(\d+)\)(?:\s*\[Size:\s*(\d+)\])?/gim;
+    let m;
+    while ((m = re.exec(stdout)) !== null) {
+      findings.push({
+        type: 'content',
+        severity: m[2] === '403' ? 'low' : 'info',
+        title: `[${m[2]}] ${m[1]}`,
+        detail: m[3] ? `taille:${m[3]}` : '',
+        ref: 'gobuster',
+      });
+    }
+    return findings;
+  },
+};

package/src/tools/httpx.js

@@ -0,0 +1,48 @@
+// Collision de nom avec la lib Python `httpx` : verify() valide le bon binaire.
+import { execFileSync } from 'node:child_process';
+import { RESOLVERS_FILE } from '../core/resolvers.js';
+
+export default {
+  verify(bin) {
+    try {
+      execFileSync(bin, ['-version'], { stdio: 'ignore', timeout: 8000 });
+      return true;
+    } catch {
+      return false;
+    }
+  },
+
+  id: 'httpx',
+  name: 'httpx',
+  category: 'recon',
+  description: 'Sonde HTTP (statut, titre, techno)',
+  needs: 'url',
+  bins: ['httpx'],
+  winPaths: [],
+  install: 'go install github.com/projectdiscovery/httpx/cmd/httpx@latest',
+
+  command(target) {
+    const args = ['-u', target, '-json', '-silent', '-no-color', '-title', '-tech-detect', '-status-code', '-web-server'];
+    if (RESOLVERS_FILE) args.push('-resolvers', RESOLVERS_FILE);
+    return { args };
+  },
+
+  parse({ stdout }) {
+    const findings = [];
+    for (const line of stdout.split(/\r?\n/)) {
+      const t = line.trim();
+      if (!t.startsWith('{')) continue;
+      let j;
+      try { j = JSON.parse(t); } catch { continue; }
+      const tech = [].concat(j.tech || j.technologies || []).join(', ');
+      findings.push({
+        type: 'http',
+        severity: 'info',
+        title: `${j.status_code ?? '?'} ${j.url || j.input} ${j.title ? `— ${j.title}` : ''}`.trim(),
+        detail: [j.webserver, tech].filter(Boolean).join(' | '),
+        ref: 'httpx',
+      });
+    }
+    return findings;
+  },
+};

package/src/tools/katana.js

@@ -0,0 +1,45 @@
+import { RESOLVERS_FILE } from '../core/resolvers.js';
+
+export default {
+  id: 'katana',
+  name: 'katana',
+  category: 'recon',
+  description: 'Crawler web (cartographie des endpoints)',
+  needs: 'url',
+  bins: ['katana'],
+  winPaths: [],
+  install: 'go install github.com/projectdiscovery/katana/cmd/katana@latest',
+
+  options: [
+    { key: 'depth', label: 'Profondeur de crawl', type: 'number', default: 2, min: 1, max: 5 },
+  ],
+
+  command(target, opts = {}) {
+    const args = ['-u', target, '-jsonl', '-silent', '-nc'];
+    if (RESOLVERS_FILE) args.push('-resolvers', RESOLVERS_FILE);
+    if (opts.depth) args.push('-depth', String(opts.depth));
+    return { args };
+  },
+
+  parse({ stdout }) {
+    const findings = [];
+    const seen = new Set();
+    for (const line of stdout.split(/\r?\n/)) {
+      const t = line.trim();
+      if (!t.startsWith('{')) continue;
+      let j;
+      try { j = JSON.parse(t); } catch { continue; }
+      const url = j.request?.endpoint || j.request?.url || j.endpoint || j.url;
+      if (!url || seen.has(url)) continue;
+      seen.add(url);
+      findings.push({
+        type: 'endpoint',
+        severity: 'info',
+        title: url,
+        detail: j.request?.method || '',
+        ref: 'katana',
+      });
+    }
+    return findings;
+  },
+};

package/src/tools/metasploit.js

@@ -0,0 +1,59 @@
+// Sur Windows msfconsole est un .bat -> lancement via `cmd /c`.
+export default {
+  id: 'metasploit',
+  name: 'Metasploit',
+  category: 'vuln',
+  description: 'Framework d\'exploitation (modules auxiliaires/scanners)',
+  needs: 'host',
+  bins: ['msfconsole', 'msfconsole.bat'],
+  winPaths: [
+    'C:/metasploit-framework/bin/msfconsole.bat',
+    'C:/Program Files/Metasploit/msfconsole.bat',
+  ],
+  install: 'Installeur Windows : https://windows.metasploit.com/  (≈1 Go, droits admin requis)',
+
+  options: [
+    { key: 'module', label: 'Module auxiliaire', type: 'select', default: 'auxiliary/scanner/portscan/tcp', choices: [
+      { value: 'auxiliary/scanner/portscan/tcp', label: 'Scan de ports TCP' },
+      { value: 'auxiliary/scanner/smb/smb_version', label: 'SMB — version' },
+      { value: 'auxiliary/scanner/ssh/ssh_version', label: 'SSH — version' },
+      { value: 'auxiliary/scanner/http/http_version', label: 'HTTP — version' },
+      { value: 'auxiliary/scanner/ftp/ftp_version', label: 'FTP — version' },
+    ] },
+    { key: 'ports', label: 'Ports (module portscan)', type: 'text', placeholder: 'ex: 1-1000' },
+  ],
+
+  command(target, opts = {}) {
+    const host = String(target).replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const mod = opts.module || 'auxiliary/scanner/portscan/tcp';
+    const lines = [`use ${mod}`, `set RHOSTS ${host}`];
+    if (opts.ports) lines.push(`set PORTS ${opts.ports}`);
+    lines.push('run', 'exit -y');
+    const script = lines.join('; ');
+
+    const bin = opts.bin;
+    if (process.platform === 'win32') {
+      return { cmd: 'cmd', args: ['/c', bin, '-q', '-x', script] };
+    }
+    return { cmd: bin, args: ['-q', '-x', script] };
+  },
+
+  parse({ stdout, target }) {
+    const host = String(target).replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const findings = [];
+    for (const line of stdout.split(/\r?\n/)) {
+      const t = line.trim();
+      // [+] = découverte positive, [*] suivi d'infos pertinentes
+      const m = t.match(/^\[\+\]\s*(.+)$/);
+      if (m) {
+        findings.push({ type: 'msf', severity: 'medium', title: m[1].slice(0, 160), detail: host, ref: 'metasploit' });
+        continue;
+      }
+      const open = t.match(/(\d{1,5})\s*-?\s*(TCP OPEN|open)/i);
+      if (open) {
+        findings.push({ type: 'port', severity: 'info', title: `Port ${open[1]} open (msf)`, detail: host, ref: 'metasploit' });
+      }
+    }
+    return findings;
+  },
+};

package/src/tools/naabu.js

@@ -0,0 +1,59 @@
+import { existsSync } from 'node:fs';
+
+export default {
+  id: 'naabu',
+  name: 'naabu',
+  category: 'recon',
+  description: 'Scan de ports rapide',
+  needs: 'host',
+  bins: ['naabu'],
+  winPaths: [],
+  install: 'go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest',
+
+  // Sous Windows, naabu dépend de Npcap (wpcap.dll). Sans elle, le binaire
+  // plante au lancement (spawn UNKNOWN). On le considère alors indisponible
+  // pour qu'Icarus l'ignore proprement (nmap couvre déjà le scan de ports).
+  verify() {
+    if (process.platform !== 'win32') return true;
+    return [
+      'C:/Windows/System32/Npcap/wpcap.dll',
+      'C:/Windows/SysWOW64/Npcap/wpcap.dll',
+      'C:/Windows/System32/wpcap.dll',
+    ].some((p) => existsSync(p));
+  },
+
+  options: [
+    { key: 'topPorts', label: 'Top ports', type: 'select', default: '100', choices: [
+      { value: '100', label: '100' }, { value: '1000', label: '1000' }, { value: 'full', label: 'Tous (65535)' },
+    ] },
+  ],
+
+  command(target, opts = {}) {
+    const host = String(target).replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const args = ['-host', host, '-json', '-silent'];
+    if (opts.topPorts === 'full') args.push('-p', '-');
+    else if (opts.topPorts) args.push('-top-ports', String(opts.topPorts));
+    return { args };
+  },
+
+  parse({ stdout }) {
+    const findings = [];
+    for (const line of stdout.split(/\r?\n/)) {
+      const t = line.trim();
+      if (!t.startsWith('{')) continue;
+      let j;
+      try { j = JSON.parse(t); } catch { continue; }
+      const port = j.port?.Port ?? j.port;
+      const host = j.host || j.ip;
+      if (port == null) continue;
+      findings.push({
+        type: 'port',
+        severity: 'info',
+        title: `Port ${port}/tcp open`,
+        detail: host || '',
+        ref: `${host || ''}:${port}`,
+      });
+    }
+    return findings;
+  },
+};

package/src/tools/nikto.js

@@ -0,0 +1,34 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+export default {
+  id: 'nikto',
+  name: 'Nikto',
+  category: 'web',
+  description: 'Scanner de serveur web (misconfig, CVE)',
+  needs: 'url',
+  needsWorkdir: true,
+  bins: ['nikto', 'nikto.pl'],
+  winPaths: [],
+  install: 'https://github.com/sullo/nikto  (nécessite Perl)',
+
+  command(target, opts = {}) {
+    const out = join(opts.workdir, 'nikto.json');
+    return { args: ['-h', target, '-Format', 'json', '-output', out, '-nointeractive', '-ask', 'no'] };
+  },
+
+  parse({ workdir, target }) {
+    const out = join(workdir || '', 'nikto.json');
+    if (!workdir || !existsSync(out)) return [];
+    let data;
+    try { data = JSON.parse(readFileSync(out, 'utf8')); } catch { return []; }
+    const vulns = data.vulnerabilities || data[0]?.vulnerabilities || [];
+    return vulns.map((v) => ({
+      type: 'web',
+      severity: 'medium',
+      title: v.msg || v.id || 'finding nikto',
+      detail: v.url || target,
+      ref: v.id ? `nikto:${v.id}` : 'nikto',
+    }));
+  },
+};

package/src/tools/nmap.js

@@ -0,0 +1,96 @@
+const RISKY = {
+  21: ['low', 'FTP exposé (souvent en clair)'],
+  23: ['medium', 'Telnet exposé (trafic en clair)'],
+  135: ['low', 'MSRPC exposé'],
+  139: ['low', 'NetBIOS exposé'],
+  445: ['medium', 'SMB exposé (surface RCE classique)'],
+  1433: ['low', 'MS-SQL exposé'],
+  3306: ['low', 'MySQL exposé'],
+  3389: ['medium', 'RDP exposé (cible bruteforce/CVE)'],
+  5432: ['low', 'PostgreSQL exposé'],
+  5900: ['medium', 'VNC exposé'],
+  6379: ['high', 'Redis exposé (souvent sans auth)'],
+  9200: ['medium', 'Elasticsearch exposé'],
+  27017: ['high', 'MongoDB exposé (souvent sans auth)'],
+};
+
+export default {
+  id: 'nmap',
+  name: 'Nmap',
+  category: 'recon',
+  description: 'Scan de ports & détection de services',
+  needs: 'host',
+  bins: ['nmap'],
+  winPaths: [
+    'C:/Program Files (x86)/Nmap/nmap.exe',
+    'C:/Program Files/Nmap/nmap.exe',
+  ],
+  install: 'winget install Insecure.Nmap   (ou https://nmap.org/download.html)',
+
+  options: [
+    { key: 'timing', label: 'Mode (vitesse)', type: 'select', default: '4', choices: [
+      { value: '0', label: 'T0 — paranoïaque (furtif)' },
+      { value: '2', label: 'T2 — discret' },
+      { value: '4', label: 'T4 — agressif (défaut)' },
+      { value: '5', label: 'T5 — insane (rapide/bruyant)' },
+    ] },
+    { key: 'ports', label: 'Ports', type: 'text', placeholder: '80,443 ou 1-1000 (vide = top 1000)' },
+    { key: 'fast', label: 'Scan rapide (-F, 100 ports)', type: 'bool' },
+    { key: 'scripts', label: 'Scripts NSE par défaut (-sC)', type: 'bool' },
+    { key: 'vuln', label: 'Scripts de vulnérabilités (--script vuln)', type: 'bool' },
+    { key: 'os', label: "Détection d'OS (-O)", type: 'bool' },
+  ],
+
+  command(target, opts = {}) {
+    const host = String(target).replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const args = ['-sV', `-T${opts.timing ?? 4}`, '-Pn'];
+    if (opts.scripts || opts.vuln) args.push('-sC');
+    if (opts.vuln) args.push('--script', 'vuln');
+    if (opts.os) args.push('-O');
+    if (opts.ports) args.push('-p', String(opts.ports));
+    else if (opts.fast) args.push('-F');
+    args.push(host);
+    return { args };
+  },
+
+  parse({ stdout, target }) {
+    const host = String(target).replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const findings = [];
+    const portRe = /^(\d+)\/(tcp|udp)\s+(open(?:\|filtered)?)\s+(\S+)\s*(.*)$/i;
+
+    for (const raw of stdout.split(/\r?\n/)) {
+      const line = raw.trimEnd();
+      const m = portRe.exec(line.trim());
+      if (m) {
+        const [, port, proto, state, service, version] = m;
+        const risk = RISKY[Number(port)];
+        findings.push({
+          type: 'port',
+          severity: risk ? risk[0] : 'info',
+          title: `Port ${port}/${proto} ${state} — ${service}`,
+          detail: [version.trim(), risk?.[1]].filter(Boolean).join('  •  ') || service,
+          ref: `${host}:${port}`,
+        });
+        continue;
+      }
+      const vuln = line.match(/^\|[_\s]+(VULNERABLE|CVE-\d{4}-\d+)[:\s-]*(.*)$/i);
+      if (vuln) {
+        findings.push({
+          type: 'vuln',
+          severity: 'high',
+          title: `NSE: ${vuln[1]} ${vuln[2]}`.trim(),
+          detail: host,
+          ref: 'nmap-nse',
+        });
+      }
+    }
+
+    const os = stdout.match(/OS details?:\s*(.+)/i) || stdout.match(/Running:\s*(.+)/i);
+    if (os) findings.push({ type: 'recon', severity: 'info', title: `OS: ${os[1].trim()}`, detail: host, ref: 'nmap' });
+
+    if (!findings.length && /0 hosts up|Host seems down/i.test(stdout)) {
+      findings.push({ type: 'recon', severity: 'info', title: 'Hôte injoignable', detail: host, ref: 'nmap' });
+    }
+    return findings;
+  },
+};

package/src/tools/nuclei.js

@@ -0,0 +1,51 @@
+import { normalize } from '../core/severity.js';
+import { RESOLVERS_FILE } from '../core/resolvers.js';
+
+export default {
+  id: 'nuclei',
+  name: 'Nuclei',
+  category: 'vuln',
+  description: 'Scanner de vulnérabilités (templates/CVE)',
+  needs: 'url',
+  bins: ['nuclei'],
+  winPaths: [],
+  install: 'go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest   (ou release GitHub ProjectDiscovery)',
+
+  options: [
+    { key: 'severity', label: 'Sévérités', type: 'select', default: '', choices: [
+      { value: '', label: 'Toutes' },
+      { value: 'critical,high', label: 'Critical + High' },
+      { value: 'critical,high,medium', label: 'Critical → Medium' },
+      { value: 'info', label: 'Info seulement' },
+    ] },
+    { key: 'tags', label: 'Tags (filtre)', type: 'text', placeholder: 'cve,exposure,misconfig' },
+  ],
+
+  command(target, opts = {}) {
+    const args = ['-u', target, '-jsonl', '-silent', '-no-color'];
+    // Sous VPN, le résolveur interne de nuclei échoue -> on force des DNS valides.
+    if (RESOLVERS_FILE) args.push('-resolvers', RESOLVERS_FILE);
+    if (opts.severity) args.push('-severity', opts.severity);
+    if (opts.tags) args.push('-tags', opts.tags);
+    return { args };
+  },
+
+  parse({ stdout }) {
+    const findings = [];
+    for (const line of stdout.split(/\r?\n/)) {
+      const trimmed = line.trim();
+      if (!trimmed.startsWith('{')) continue;
+      let j;
+      try { j = JSON.parse(trimmed); } catch { continue; }
+      const info = j.info || {};
+      findings.push({
+        type: 'vuln',
+        severity: normalize(info.severity),
+        title: info.name || j['template-id'] || 'finding nuclei',
+        detail: j['matched-at'] || j.host || '',
+        ref: j['template-id'] || (info.tags ? [].concat(info.tags).join(',') : ''),
+      });
+    }
+    return findings;
+  },
+};

package/src/tools/sqlmap.js

@@ -0,0 +1,64 @@
+export default {
+  id: 'sqlmap',
+  name: 'sqlmap',
+  category: 'web',
+  description: "Détection d'injections SQL",
+  needs: 'url', // idéalement une URL avec paramètre, ex: http://site/p?id=1
+  bins: ['sqlmap', 'sqlmap.exe'],
+  winPaths: [],
+  install: 'pip install sqlmap   (ou https://sqlmap.org)',
+
+  options: [
+    { key: 'level', label: 'Level (1-5, profondeur des tests)', type: 'number', default: 1, min: 1, max: 5 },
+    { key: 'risk', label: 'Risk (1-3, agressivité)', type: 'number', default: 1, min: 1, max: 3 },
+    { key: 'crawl', label: 'Crawl (profondeur)', type: 'number', placeholder: 'ex: 2' },
+    { key: 'forms', label: 'Tester les formulaires (--forms)', type: 'bool' },
+    { key: 'dbs', label: 'Énumérer les bases (--dbs)', type: 'bool' },
+  ],
+
+  command(target, opts = {}) {
+    const args = ['-u', target, '--batch', '--disable-coloring'];
+    args.push('--level', String(opts.level || 1));
+    args.push('--risk', String(opts.risk || 1));
+    if (opts.crawl) args.push('--crawl', String(opts.crawl));
+    if (opts.forms) args.push('--forms');
+    if (opts.dbs) args.push('--dbs');
+    return { args };
+  },
+
+  parse({ stdout, target }) {
+    const findings = [];
+    const params = new Set();
+    const re = /Parameter:\s*([^\s(]+)\s*\(([^)]+)\)/gi;
+    let m;
+    while ((m = re.exec(stdout)) !== null) params.add(`${m[1]} (${m[2]})`);
+
+    const vulnerable = /is vulnerable|sqlmap identified the following injection point/i.test(stdout);
+
+    if (vulnerable || params.size) {
+      if (params.size) {
+        for (const p of params) {
+          findings.push({
+            type: 'sqli',
+            severity: 'high',
+            title: `Injection SQL — paramètre ${p}`,
+            detail: target,
+            ref: 'sqlmap',
+          });
+        }
+      } else {
+        findings.push({ type: 'sqli', severity: 'high', title: 'Injection SQL détectée', detail: target, ref: 'sqlmap' });
+      }
+    } else if (/all tested parameters do not appear to be injectable|might not be injectable/i.test(stdout)) {
+      findings.push({ type: 'sqli', severity: 'info', title: 'Aucune injection SQL trouvée', detail: target, ref: 'sqlmap' });
+    }
+
+    // Bases de données dumpées avec --dbs
+    const dbBlock = stdout.match(/available databases \[\d+\]:([\s\S]*?)(?:\n\n|\n\[)/i);
+    if (dbBlock) {
+      const dbs = dbBlock[1].split(/\r?\n/).map((l) => l.replace(/^\s*\[\*\]\s*/, '').trim()).filter(Boolean);
+      if (dbs.length) findings.push({ type: 'info', severity: 'medium', title: `Bases accessibles: ${dbs.join(', ')}`, detail: target, ref: 'sqlmap' });
+    }
+    return findings;
+  },
+};

package/src/tools/subfinder.js

@@ -0,0 +1,27 @@
+import { RESOLVERS_FILE } from '../core/resolvers.js';
+
+export default {
+  id: 'subfinder',
+  name: 'subfinder',
+  category: 'recon',
+  description: 'Énumération de sous-domaines',
+  needs: 'host',
+  bins: ['subfinder'],
+  winPaths: [],
+  install: 'go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest',
+
+  command(target) {
+    const domain = String(target).replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+    const args = ['-d', domain, '-silent'];
+    if (RESOLVERS_FILE) args.push('-rL', RESOLVERS_FILE);
+    return { args };
+  },
+
+  parse({ stdout }) {
+    return stdout
+      .split(/\r?\n/)
+      .map((l) => l.trim())
+      .filter((l) => l && /\./.test(l) && !/\s/.test(l))
+      .map((sub) => ({ type: 'subdomain', severity: 'info', title: sub, detail: '', ref: 'subfinder' }));
+  },
+};

package/src/tools/wafw00f.js

@@ -0,0 +1,33 @@
+import { existsSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+export default {
+  id: 'wafw00f',
+  name: 'wafw00f',
+  category: 'recon',
+  description: 'Détection de WAF (pare-feu applicatif)',
+  needs: 'url',
+  needsWorkdir: true,
+  bins: ['wafw00f'],
+  winPaths: [],
+  install: 'pip install wafw00f',
+
+  command(target, opts = {}) {
+    const out = join(opts.workdir, 'wafw00f.json');
+    return { args: [target, '-f', 'json', '-o', out] };
+  },
+
+  parse({ workdir, target }) {
+    const out = join(workdir || '', 'wafw00f.json');
+    if (!workdir || !existsSync(out)) return [];
+    let arr;
+    try { arr = JSON.parse(readFileSync(out, 'utf8')); } catch { return []; }
+    return [].concat(arr).map((r) => ({
+      type: 'waf',
+      severity: 'info',
+      title: r.detected ? `WAF détecté: ${r.firewall || '?'}` : 'Aucun WAF détecté',
+      detail: [r.manufacturer, r.url || target].filter(Boolean).join(' — '),
+      ref: 'wafw00f',
+    }));
+  },
+};