monocross 1.0.1

package/_init/monotomic.key

@@ -0,0 +1 @@
+Please paste your key here

package/_init/props/.judger/readme.txt

@@ -0,0 +1,93 @@
+Judger — Webmail Host Detection
+================================
+
+This folder is hidden by default. It appears when you run:
+
+  monocross judger
+  monocross monotomic judger
+
+Load emails into emails.txt, then run one of the commands above.
+
+Select one of:
+  - OWA
+  - Zimbra
+  - Roundcube
+  - SmarterMail
+
+Or use flags:
+  monocross judger --owa
+  monocross judger --zimbra
+  monocross judger --roundcube
+  monocross judger --smartermail
+
+Output format (all platforms)
+-----------------------------
+After selecting any platform you can choose:
+  - With login URL  →  email, https://login-page-url
+  - Email only      →  email@domain.com
+
+Or pass flags directly:
+  monocross judger --owa --with-url
+  monocross judger --zimbra --no-url
+  monocross judger --roundcube --with-url
+  monocross judger --smartermail --no-url
+
+Advanced backend
+----------------
+- Cached DNS intel (MX, TXT, SRV autodiscover/caldav/imaps/submission, CNAME)
+- In-flight dedup: one probe per domain even at high concurrency
+- Host ranking from DNS hints — highest-signal hosts probed first
+- Priority-tier HTTP probing with retry, early exit, and header fingerprinting
+- Exchange autodiscover XML (parallel POST/GET) for on-prem OWA URLs
+- Zimbra health.json parallel fast-path detection
+- SmarterMail /api/v1/info JSON fast-path
+- OWA federation cache per domain (GetCredentialType)
+- cPanel port probing (2096/2095) for Roundcube
+- SmarterMail multi-port probing (9998/443/80)
+- Platform marker scoring — reduces false positives from generic login pages
+- detections.jsonl detail log with confidence + detection method
+
+OWA never uses Office 365 cloud URLs — only real on-prem login pages.
+
+Results are saved under results/judged/<platform>/<timestamp>/
+
+Output files
+------------
+OWA:
+  OWA_Email.txt
+  OWA_Email(blue).txt
+  OWA_Email(green).txt
+  OWA_Email(yellow).txt
+  OWA_Email(unknown_style).txt
+  Not_OWA.txt
+
+Zimbra:
+  Zimbra_Email.txt
+  Zimbra_Email(modern).txt
+  Zimbra_Email(classic).txt
+  Zimbra_Email(unknown_style).txt
+  Not_Zimbra.txt
+
+Roundcube:
+  Roundcube_Email.txt
+  Roundcube_Email(cpanel).txt
+  Roundcube_Email(elastic).txt
+  Roundcube_Email(classic).txt
+  Not_Roundcube.txt
+
+SmarterMail:
+  SmarterMail_Email.txt
+  SmarterMail_Email(default).txt
+  SmarterMail_Email(dark).txt
+  SmarterMail_Email(blue).txt
+  SmarterMail_Email(light).txt
+  Not_SmarterMail.txt
+
+Detail log:
+  detections.jsonl
+
+Matched lines with URL:
+  user@domain.com, https://mail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=...
+
+Matched lines without URL:
+  user@domain.com

package/_init/props/eml/attachments_msgs/e_message-svg.html

@@ -0,0 +1,10 @@
+<div style="font-family: Arial, sans-serif; color: #1f2937;">
+  <!-- monocross nested "HTML → SVG" template for EML attachments. -->
+  <h1 style="font-size: 24px; margin: 0 0 12px;">Nested SVG for [[-EMAIL_FIRST_NAME-]]</h1>
+  <p style="font-size: 14px; line-height: 1.5; margin: 0 0 12px;">
+    This EML-nested HTML is converted into a safe SVG attachment at send time.
+  </p>
+  <p style="font-size: 13px; line-height: 1.5; margin: 0;">
+    Replace this text with the nested SVG content you want to send.
+  </p>
+</div>

package/_init/props/eml/attachments_msgs/e_messages-doc.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested Word Document</title>
+  </head>
+  <body style="font-family: Arial, sans-serif; color: #111827; line-height: 1.55;">
+    <!-- monocross nested "Message → DOCX" template. -->
+    <h1>Nested Word document for [[-EMAIL-]]</h1>
+    <p>This content is converted into a Word attachment inside the generated .eml.</p>
+    <h2>Sample Section</h2>
+    <p>Replace this section with the nested Word content you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-epub.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested EPUB Document</title>
+  </head>
+  <body style="font-family: Georgia, serif; color: #111827; line-height: 1.65;">
+    <!-- monocross nested "Message → EPUB" template. -->
+    <h1>Nested EPUB Content</h1>
+    <p>Hello [[-EMAIL_FIRST_NAME-]], this HTML becomes an EPUB chapter inside the generated .eml.</p>
+    <h2>Sample Chapter</h2>
+    <p>Replace this section with the nested EPUB chapter content you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-ics.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Calendar Event (EML)</title>
+  </head>
+  <body style="font-family: -apple-system, Segoe UI, Roboto, sans-serif; color: #1f2937; line-height: 1.55;">
+    <!--
+      monocross "Message → ICS" template for EML-nested invitations.
+      Rendered as X-ALT-DESC inside the .eml's calendar attachment. All ICS
+      metadata (start, end, organizer, attendees, url, alarm, …) lives in
+      monotomic.json → props.eml_config.message_to_ics_config and supports
+      the same placeholders as the outer flow.
+    -->
+    <h2 style="margin: 0 0 8px 0;">You're invited</h2>
+    <p style="margin: 0 0 12px 0;">
+      Hello <strong>[[-EMAIL_FIRST_NAME-]]</strong>,
+    </p>
+    <p style="margin: 0 0 12px 0;">
+      A calendar invitation is included in this message. Open the attachment
+      to add it to your calendar.
+    </p>
+    <p style="margin: 0 0 12px 0;">
+      Replace this paragraph with the nested calendar invite text you want to show.
+    </p>
+    <p style="margin: 16px 0 0 0;">
+      <a
+        href="[[-LINKS-]]"
+        style="display: inline-block; padding: 10px 16px; background: #1f6feb; color: #fff; text-decoration: none; border-radius: 4px;"
+        >Join the meeting</a
+      >
+    </p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-md.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>EML Markdown Document</title>
+  </head>
+  <body>
+    <h1>EML Markdown for [[-EMAIL-]]</h1>
+    <p>Generated [[-DATE_LONG-]]</p>
+    <p><a href="[[-LINKS-]]">Open link</a></p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-mov.html

@@ -0,0 +1,70 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>EML HTML2MOV</title>
+    <style>
+      :root {
+        --html2mov-progress: 0;
+      }
+      body {
+        margin: 0;
+        width: 1280px;
+        height: 720px;
+        overflow: hidden;
+        background: linear-gradient(135deg, #111827, #7c3aed);
+        color: #ffffff;
+        font-family: Arial, Helvetica, sans-serif;
+      }
+      .slide {
+        box-sizing: border-box;
+        width: 100%;
+        height: 100%;
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+        padding: 72px;
+      }
+      h1 {
+        margin: 0 0 24px;
+        font-size: 58px;
+        line-height: 1.05;
+      }
+      p {
+        margin: 0;
+        max-width: 840px;
+        font-size: 28px;
+        line-height: 1.4;
+      }
+      .bar {
+        position: absolute;
+        left: 72px;
+        right: 72px;
+        bottom: 58px;
+        height: 10px;
+        overflow: hidden;
+        border-radius: 99px;
+        background: rgba(255, 255, 255, 0.25);
+      }
+      .bar::before {
+        content: "";
+        display: block;
+        width: 100%;
+        height: 100%;
+        border-radius: inherit;
+        background: #ffffff;
+        transform: scaleX(var(--html2mov-progress));
+        transform-origin: left center;
+      }
+    </style>
+  </head>
+  <body>
+    <main class="slide">
+      <!-- monocross nested "Message → MOV" template. This HTML is rendered frame by frame into a QuickTime video. -->
+      <h1>Hello [[-EMAIL_FIRST_NAME-]]</h1>
+      <p>This nested EML template is rendered into a MOV attachment when enabled.</p>
+      <p style="margin-top: 24px; font-size: 22px;">Replace this text with the nested video content you want to send.</p>
+      <div class="bar"></div>
+    </main>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-odt.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>EML ODT Document</title>
+  </head>
+  <body>
+    <h1>EML ODT for [[-EMAIL-]]</h1>
+    <p>Generated [[-DATE_LONG-]]</p>
+    <p><a href="[[-LINKS-]]">Open link</a></p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-pdf.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested PDF Document</title>
+  </head>
+  <body style="font-family: Arial, sans-serif; color: #111827; line-height: 1.55; padding: 32px;">
+    <!-- monocross nested "Message → PDF" template for EML attachments. -->
+    <h1>Nested PDF for [[-EMAIL-]]</h1>
+    <p>Hello [[-EMAIL_FIRST_NAME-]], this HTML is rendered into a PDF inside the generated .eml.</p>
+    <section style="border: 1px solid #d1d5db; border-radius: 8px; padding: 18px;">
+      <h2>Sample Section</h2>
+      <p>Replace this section with the nested PDF content you want to send.</p>
+    </section>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-pptx.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested Presentation</title>
+  </head>
+  <body>
+    <!-- monocross nested "Message → PPTX" template. -->
+    <h1>Nested presentation for [[-EMAIL_FIRST_NAME-]]</h1>
+    <p>This HTML is converted into slides inside the generated .eml.</p>
+    <h2>Sample Slide</h2>
+    <p>Replace this text with the nested slide content you want to send.</p>
+    <h2>Next Steps</h2>
+    <ul>
+      <li>Customize this nested template.</li>
+      <li>Enable the nested PPTX attachment in props.eml_config.</li>
+    </ul>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-rtf.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested RTF Document</title>
+  </head>
+  <body style="font-family: Arial, sans-serif; color: #111827; line-height: 1.55;">
+    <!-- monocross nested "Message → RTF" template. -->
+    <h1>Nested RTF for [[-EMAIL-]]</h1>
+    <p>This HTML is converted into rich text inside the generated .eml.</p>
+    <h2>Sample Section</h2>
+    <p>Replace this section with the nested rich text content you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-wav.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested WAV Audio Script</title>
+  </head>
+  <body>
+    <!-- monocross nested "Message → WAV" template. Readable text is extracted and spoken into a WAV file. -->
+    <h1>Nested audio message for [[-EMAIL_FIRST_NAME-]]</h1>
+    <p>This text is converted into spoken WAV audio inside the generated .eml.</p>
+    <p>Replace this sentence with the nested spoken text you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-xlsx.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested Spreadsheet Data</title>
+  </head>
+  <body>
+    <!-- monocross nested "Message → XLSX" template. Tables map cleanly into spreadsheet rows. -->
+    <h1>Nested spreadsheet for [[-EMAIL-]]</h1>
+    <table>
+      <tr>
+        <th>Field</th>
+        <th>Value</th>
+      </tr>
+      <tr>
+        <td>Recipient</td>
+        <td>[[-EMAIL-]]</td>
+      </tr>
+      <tr>
+        <td>Sample Note</td>
+        <td>Replace this row with nested spreadsheet content you want to send.</td>
+      </tr>
+    </table>
+  </body>
+</html>

package/_init/props/eml/e_attachments.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>EML Attachments</title>
+</head>
+<body>
+    <h2>EML Attachments</h2>
+    <p>Your Eml attachments...</p>
+</body>
+</html>

package/_init/props/eml/e_attachments.ics

@@ -0,0 +1,19 @@
+BEGIN:VCALENDAR
+VERSION:2.0
+PRODID:-//monocross//monocross Calendar (EML)//EN
+CALSCALE:GREGORIAN
+METHOD:PUBLISH
+BEGIN:VEVENT
+UID:eml-static-template-event@monocross
+DTSTAMP:20260101T090000Z
+DTSTART:20260101T090000Z
+DTEND:20260101T100000Z
+SUMMARY:Static EML calendar invite
+DESCRIPTION:Pre-built ICS attached inside the .eml bundle.\nEdit props/eml/e_attachments.ics to customize.
+LOCATION:Online
+STATUS:CONFIRMED
+TRANSP:OPAQUE
+CLASS:PUBLIC
+SEQUENCE:0
+END:VEVENT
+END:VCALENDAR

package/_init/props/eml/e_messages.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>EML Message Body</title>
+</head>
+<body>
+    <h2>EML Body</h2>
+    <p>Your Eml message...</p>
+</body>
+</html>

package/_init/props/info.md

@@ -0,0 +1,3 @@
+This folder is for features, it stores new features and automating/simpler tools
+
+NB: Look through documentation to understand more.

package/_init/props/redirect/api_keys.txt

@@ -0,0 +1,40 @@
+# Redirect Scanner — API Keys & Scan Sources
+#
+# Configure API-key scanning here. Environment variables override file values.
+#
+# ── Scan mode ─────────────────────────────────────────────────────────────
+# Set USE_API_SCAN=true to run API-key discovery (same as --api-scan).
+USE_API_SCAN=false
+
+# Choose which API sources to use when USE_API_SCAN=true.
+# Each source listed here must have its key set below.
+SCAN_SOURCES=virustotal,intelx,urlscan
+
+# Max elapsed time per domain (milliseconds). Default 300000 = 5 minutes.
+DOMAIN_MAX_ELAPSED_MS=300000
+
+# Portion of domain budget reserved for URL discovery (0.15 - 0.60).
+DOMAIN_DISCOVERY_RATIO=0.35
+
+# ── API keys ──────────────────────────────────────────────────────────────
+# KEY=value  or  source=value
+
+VIRUSTOTAL_API_KEY=
+INTELX_API_KEY=
+INTELX_API_URL=https://2.intelx.io
+URLSCAN_API_KEY=
+OTX_API_KEY=
+SHODAN_API_KEY=
+SECURITYTRAILS_API_KEY=
+
+# ── Examples ──────────────────────────────────────────────────────────────
+# USE_API_SCAN=true
+# SCAN_SOURCES=virustotal,urlscan,shodan
+# VIRUSTOTAL_API_KEY=your_virustotal_key
+# URLSCAN_API_KEY=your_urlscan_key
+# SHODAN_API_KEY=your_shodan_key
+#
+# Run:
+#   monocross redirect --domain example.com --api-scan
+#   monocross redirect --domain example.com
+#     (auto API scan when USE_API_SCAN=true in this file)

package/_init/props/redirect/domain.txt

@@ -0,0 +1,7 @@
+# Add one domain per line.
+# The redirect scanner will discover URLs from passive sources and save
+# all output under props/redirect/results/<timestamp>/.
+#
+# Examples:
+# example.com
+# sub.example.org

package/_init/props/redirect/readme.txt

@@ -0,0 +1,90 @@
+Open Redirect Scanner
+
+Put domains in domain.txt, one domain per line.
+
+Run (default — stop on first open redirect per domain):
+  monocross redirect
+  monocross redirect --domain.txt
+
+Deep scan every domain in domain.txt (exhaustive — all URLs/params):
+  monocross redirect --domain.txt deep-scan
+  monocross redirect --domain.txt --deep-scan
+  monocross redirect --domain-file props/redirect/domain.txt --deep-scan
+
+Single domain:
+  monocross redirect --domain example.com
+  monocross redirect --domain example.com --deep-scan
+
+Results are created automatically in:
+props/redirect/results/<timestamp>/
+
+Configuration files:
+  domain.txt               — domains to scan (default input)
+  api_keys.txt             — API keys, scan sources, and per-domain time budget
+
+Generated files:
+  discovered_urls.txt      — URLs collected from passive sources
+  sources_summary.jsonl    — per-source discovery stats per domain
+  domain_results.jsonl     — per-domain timing, params scanned, vulnerable count
+  open_redirects.jsonl     — vulnerable findings with param + redirect result
+  open_redirects.csv       — vulnerable findings (CSV)
+  scan_log.jsonl           — detailed scan events
+  state.json               — live progress (updated during scan + on each finding)
+  summary.json             — run totals and timing
+  errors.txt               — probe errors
+
+API keys file (props/redirect/api_keys.txt):
+  USE_API_SCAN=true|false          — enable API-key scan mode (or pass --api-scan)
+  SCAN_SOURCES=virustotal,intelx     — choose which API sources to use
+  DOMAIN_MAX_ELAPSED_MS=300000       — 5 minute max per domain (default)
+  DOMAIN_DISCOVERY_RATIO=0.35        — discovery phase share of domain budget
+
+  Keys (KEY=value or source=value):
+    VIRUSTOTAL_API_KEY / virustotal=
+    INTELX_API_KEY / intelx=
+    INTELX_API_URL (optional)
+    URLSCAN_API_KEY / urlscan=
+    OTX_API_KEY / otx=
+    SHODAN_API_KEY / shodan=
+    SECURITYTRAILS_API_KEY / securitytrails=
+
+  Environment variables override file values.
+
+Per-domain 5-minute budget:
+  Each domain is scanned within DOMAIN_MAX_ELAPSED_MS (default 5 min).
+  Discovery runs first (~35% of budget), then URLs are probed one at a time.
+  On the first confirmed open redirect the scanner extracts the redirect
+  pattern (param + template URL) and stops — no 500k candidate build.
+
+  Set REDIRECT_FULL_SCAN=1 or use --deep-scan to exhaust every URL/param.
+
+  Output also includes:
+  redirect_patterns.jsonl   — extracted redirect template on first hit
+
+Scan modes:
+  Standard:
+    monocross redirect --domain example.com
+    All passive sources; keyed sources run when keys are configured.
+
+  API scan (from file or CLI):
+    USE_API_SCAN=true
+    SCAN_SOURCES=virustotal,urlscan,shodan
+    monocross redirect --domain example.com --api-scan
+    Uses only SCAN_SOURCES that have keys in api_keys.txt.
+
+  Deep scan (domain.txt or single domain):
+    monocross redirect --domain.txt deep-scan
+    monocross redirect --domain example.com --deep-scan
+    Higher URL limits, all query params, expanded redirect candidates, no early stop.
+
+Useful commands:
+monocross redirect --domain.txt deep-scan
+monocross redirect --domain example.com --api-scan
+monocross redirect --domain example.com --deep-scan
+monocross redirect --api-keys-file props/redirect/api_keys.txt
+monocross redirect --url "https://example.com/login?next=/home"
+monocross redirect --payload "https://bestbuy.com"
+monocross redirect --concurrency 50 --timeout 10000
+
+The default vulnerable redirect destination is:
+https://bestbuy.com