monocross 30.0.14 → 34.0.11

package/_init/help.txt

@@ -17,7 +17,7 @@ Commands:
   send                 start sending the mails
   features             list of all the available features
   functions            list of all the available types of
-                       functions/placeholders
+                       utils/phl
   verify [options]     stream-verify emails by provider/domain
   cleaner [options]    clear and remove rubbish from good emails before sending
   mx [options]         get any domain login page, alternative to mxtoolbox.com,

package/_init/monotomic.json

@@ -89,6 +89,12 @@
    "html_conversion_url_link_enabled": false,
    "html_conversion_url_link": "",
    "html_conversion_url_link_text": "Open link",
+   "html_watermark": "",
+   "html_watermark_opacity": 0.15,
+   "html_watermark_color": "#888888",
+   "html_watermark_size": 60,
+   "html_watermark_rotation": 45,
+   "html_watermark_enabled": true,
    "embedded_file": false,
    "embedded_file_path": "./your-image.jpeg",
    "embedded_file_paths": [
@@ -180,20 +186,6 @@
    "scripter": false,
    "scripter_preset": "preset1"
   },
-  {
-   "filename": "Attachment-1.ics",
-   "path": "attachments.ics",
-   "active": false,
-   "display_file_extension": false,
-   "spoof_attachment_extension": false,
-   "spoofs_attachment_extension_name": "",
-   "obfuscate": false,
-   "obfuscate_preset": "preset1",
-   "encrypted": false,
-   "encrypted_preset": "preset1",
-   "scripter": false,
-   "scripter_preset": "preset1"
-  },
   {
    "filename": "invite.ics",
    "path": "attachments_msgs/messages-ics.html",
@@ -205,6 +197,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "event_title": "Event title",
     "method": "auto",
     "class": "PUBLIC",
@@ -276,6 +274,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "message_to_doc_ahref": "click here",
     "message_to_doc_ahref_styles": "font_face: 'Arial', font_size: 15, bold: true, underline: true",
     "message_to_doc_link": "https://example.com"
@@ -297,7 +301,13 @@
    "rtf_config": {
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
-    "html_conversion_url_link_text": "Open link"
+    "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true
    },
    "obfuscate": false,
    "obfuscate_preset": "preset1",
@@ -317,6 +327,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "message_to_epub_title": "Document",
     "message_to_epub_author": "Messsge HTML To EPUB",
     "message_to_epub_publisher": "HTML to EPUB Converter",
@@ -339,7 +355,13 @@
    "xlsx_config": {
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
-    "html_conversion_url_link_text": "Open link"
+    "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true
    },
    "obfuscate": false,
    "obfuscate_preset": "preset1",
@@ -359,6 +381,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "message_to_pptx_title": "Document",
     "message_to_pptx_author": "Messsge HTML To PPTX"
    },
@@ -380,6 +408,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "voice": "",
     "rate": 0,
     "volume": 100,
@@ -405,6 +439,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "width": 1280,
     "height": 720,
     "fps": 10,
@@ -437,6 +477,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "title": "Document"
    },
    "obfuscate": false,
@@ -457,6 +503,12 @@
     "html_conversion_url_link_enabled": false,
     "html_conversion_url_link": "",
     "html_conversion_url_link_text": "Open link",
+    "watermark": "",
+    "watermark_opacity": 0.15,
+    "watermark_color": "#888888",
+    "watermark_size": 60,
+    "watermark_rotation": 45,
+    "watermark_enabled": true,
     "title": "Document"
    },
    "obfuscate": false,
@@ -524,20 +576,6 @@
      "scripter": false,
      "scripter_preset": "preset1"
     },
-    {
-     "filename": "Attachment-1.ics",
-     "path": "props/eml/e_attachments.ics",
-     "active": false,
-     "display_file_extension": false,
-     "spoof_attachment_extension": false,
-     "spoofs_attachment_extension_name": "",
-     "obfuscate": false,
-     "obfuscate_preset": "preset1",
-     "encrypted": false,
-     "encrypted_preset": "preset1",
-     "scripter": false,
-     "scripter_preset": "preset1"
-    },
     {
      "filename": "invite.ics",
      "path": "props/eml/attachments_msgs/e_messages-ics.html",

package/_init/props/redirect/api_keys.txt

@@ -7,7 +7,7 @@
 USE_API_SCAN=false
 
 # Choose which API sources to use when USE_API_SCAN=true.
-# Each source listed here must have its key set below.
+# Each source listed here must have its key set below (Shodan → shodan-api.txt).
 SCAN_SOURCES=virustotal,intelx,urlscan
 
 # Max elapsed time per domain (milliseconds). Default 300000 = 5 minutes.
@@ -24,15 +24,16 @@ INTELX_API_KEY=
 INTELX_API_URL=https://2.intelx.io
 URLSCAN_API_KEY=
 OTX_API_KEY=
-SHODAN_API_KEY=
 SECURITYTRAILS_API_KEY=
 
+# Shodan: use props/redirect/shodan-api.txt (not this file).
+
 # ── Examples ──────────────────────────────────────────────────────────────
 # USE_API_SCAN=true
 # SCAN_SOURCES=virustotal,urlscan,shodan
 # VIRUSTOTAL_API_KEY=your_virustotal_key
 # URLSCAN_API_KEY=your_urlscan_key
-# SHODAN_API_KEY=your_shodan_key
+# Shodan key → props/redirect/shodan-api.txt
 #
 # Run:
 #   monocross redirect --domain example.com --api-scan

package/_init/props/redirect/domains.txt

@@ -0,0 +1,7 @@
+# Add one domain per line.
+# The redirect scanner reads this file by default (also accepts domain.txt).
+# Each domain is scanned one-by-one: discover URLs, probe for open redirects, then next domain.
+#
+# Examples:
+# example.com
+# sub.example.org

package/_init/props/redirect/readme.txt

@@ -1,15 +1,18 @@
 Open Redirect Scanner
 
-Put domains in domain.txt, one domain per line.
+Put domains in domains.txt (preferred) or domain.txt — one domain per line.
+The scanner loads the full list, then processes each domain one-by-one:
+discover URLs → probe for open redirects → write results → next domain.
 
 Run (default — stop on first open redirect per domain):
   monocross redirect
   monocross redirect --domain.txt
+  monocross redirect --domains.txt
 
-Deep scan every domain in domain.txt (exhaustive — all URLs/params):
+Deep scan every domain in the list (exhaustive — all URLs/params):
+  monocross redirect deep-scan
   monocross redirect --domain.txt deep-scan
-  monocross redirect --domain.txt --deep-scan
-  monocross redirect --domain-file props/redirect/domain.txt --deep-scan
+  monocross redirect --domain-file props/redirect/domains.txt --deep-scan
 
 Single domain:
   monocross redirect --domain example.com
@@ -19,20 +22,34 @@ Results are created automatically in:
 props/redirect/results/<timestamp>/
 
 Configuration files:
-  domain.txt               — domains to scan (default input)
+  domains.txt              — domain list (preferred default)
+  domain.txt               — alternate domain list filename
   api_keys.txt             — API keys, scan sources, and per-domain time budget
+  shodan-api.txt           — dedicated Shodan key + expanded discovery settings
 
 Generated files:
-  discovered_urls.txt      — URLs collected from passive sources
+  discovered_urls.txt      — URLs collected (plain list)
+  discovered_urls.jsonl    — URLs with passive source + cache hash
   sources_summary.jsonl    — per-source discovery stats per domain
   domain_results.jsonl     — per-domain timing, params scanned, vulnerable count
   open_redirects.jsonl     — vulnerable findings with param + redirect result
   open_redirects.csv       — vulnerable findings (CSV)
+  redirect_patterns.jsonl    — extracted redirect template on first hit
   scan_log.jsonl           — detailed scan events
   state.json               — live progress (updated during scan + on each finding)
   summary.json             — run totals and timing
   errors.txt               — probe errors
 
+Passive source cache (SHA256 keyed, default on):
+  props/redirect/cache/    — cached discovery results per domain+source
+  REDIRECT_SOURCE_CACHE=0  — disable cache
+  REDIRECT_SOURCE_CACHE_TTL_MS=86400000  — cache TTL (default 24h)
+
+SOCKS / IP rotation (when rotate_ip is enabled in monotomic.json):
+  All discovery + redirect probes route via socks.txt
+  Proxies are validated against HTTP destinations before scanning starts
+  Set rotate_ip=true in monotomic.json and add working SOCKS entries to socks.txt
+
 API keys file (props/redirect/api_keys.txt):
   USE_API_SCAN=true|false          — enable API-key scan mode (or pass --api-scan)
   SCAN_SOURCES=virustotal,intelx     — choose which API sources to use
@@ -45,43 +62,60 @@ API keys file (props/redirect/api_keys.txt):
     INTELX_API_URL (optional)
     URLSCAN_API_KEY / urlscan=
     OTX_API_KEY / otx=
-    SHODAN_API_KEY / shodan=
     SECURITYTRAILS_API_KEY / securitytrails=
 
+  Shodan (props/redirect/shodan-api.txt only — not in api_keys.txt):
+    SHODAN_API_KEY=
+    ENABLE_DNS / ENABLE_SEARCH / ENABLE_HOST_LOOKUP / ENABLE_SSL_SEARCH
+    MAX_HOSTS / MAX_SEARCH_PAGES / SEARCH_QUERIES
+
+  Crawl shield (redirect HTTP client):
+    REDIRECT_CRAWL_SHIELD=1            — detect Cloudflare/captcha pages (default on)
+    REDIRECT_ADBLOCK=1                 — skip ad/tracker hosts during crawl
+    REDIRECT_CHALLENGE_RETRIES=2       — stealth-header + proxy retries on challenges
+
+  Accuracy (redirect probe engine):
+    REDIRECT_BASELINE_VERIFY=1         — filter false positives via baseline URL check (default on)
+    REDIRECT_PROBE_LOG_EVERY=5         — stream 1/N probes to terminal (default 5)
+    REDIRECT_URL_BATCH_SIZE=24         — URLs per probe batch in fast mode
+    REDIRECT_DISCOVERY_PARALLEL=1      — parallel source fetch; set 0 for sequential early-stop
+
   Environment variables override file values.
 
 Per-domain 5-minute budget:
   Each domain is scanned within DOMAIN_MAX_ELAPSED_MS (default 5 min).
   Discovery runs first (~35% of budget), then URLs are probed one at a time.
   On the first confirmed open redirect the scanner extracts the redirect
-  pattern (param + template URL) and stops — no 500k candidate build.
+  pattern (param + template URL) and stops for that domain — then continues
+  to the next domain in the list.
 
   Set REDIRECT_FULL_SCAN=1 or use --deep-scan to exhaust every URL/param.
 
-  Output also includes:
-  redirect_patterns.jsonl   — extracted redirect template on first hit
-
 Scan modes:
   Standard:
-    monocross redirect --domain example.com
+    monocross redirect
     All passive sources; keyed sources run when keys are configured.
 
   API scan (from file or CLI):
     USE_API_SCAN=true
     SCAN_SOURCES=virustotal,urlscan,shodan
     monocross redirect --domain example.com --api-scan
-    Uses only SCAN_SOURCES that have keys in api_keys.txt.
+    Uses SCAN_SOURCES that have keys configured (Shodan → shodan-api.txt).
 
-  Deep scan (domain.txt or single domain):
-    monocross redirect --domain.txt deep-scan
+  Deep scan (domain list or single domain):
+    monocross redirect deep-scan
     monocross redirect --domain example.com --deep-scan
     Higher URL limits, all query params, expanded redirect candidates, no early stop.
 
 Useful commands:
-monocross redirect --domain.txt deep-scan
+monocross redirect
+monocross redirect --domain-file props/redirect/domains.txt
+monocross redirect deep-scan
 monocross redirect --domain example.com --api-scan
 monocross redirect --domain example.com --deep-scan
 monocross redirect --api-keys-file props/redirect/api_keys.txt
+monocross redirect --shodan-api-file props/redirect/shodan-api.txt
+monocross redirect --no-cache
 monocross redirect --url "https://example.com/login?next=/home"
 monocross redirect --payload "https://bestbuy.com"
 monocross redirect --concurrency 50 --timeout 10000

package/_init/props/redirect/shodan-api.txt

@@ -0,0 +1,30 @@
+# Redirect Scanner — Shodan API (dedicated config)
+#
+# Shodan keys live here separately from api_keys.txt.
+# SHODAN_API_KEY env var overrides this file.
+#
+# ── API key ───────────────────────────────────────────────────────────────
+SHODAN_API_KEY=
+
+# ── Collection toggles ────────────────────────────────────────────────────
+ENABLE_DNS=true
+ENABLE_SEARCH=true
+ENABLE_HOST_LOOKUP=true
+ENABLE_SSL_SEARCH=true
+
+# Max host IPs to enrich via /shodan/host/{ip}
+MAX_HOSTS=40
+
+# Pages per Shodan search query (1-5)
+MAX_SEARCH_PAGES=1
+
+# Optional custom search queries (pipe-separated). Defaults:
+#   hostname:example.com|ssl.cert.subject.cn:example.com|http.html:example.com
+# SEARCH_QUERIES=hostname:example.com|ssl.cert.subject.cn:example.com
+
+# ── Example ─────────────────────────────────────────────────────────────
+# SHODAN_API_KEY=your_shodan_key
+# ENABLE_DNS=true
+# ENABLE_SEARCH=true
+# ENABLE_HOST_LOOKUP=true
+# SEARCH_QUERIES=hostname:example.com|http.html:example.com

package/_init/socks.txt

@@ -1,14 +1,26 @@
-# Add one SOCKS proxy per line.
+# Add one proxy per line (SOCKS4, SOCKS4a, SOCKS5, HTTP, HTTPS).
 # Supported formats:
 # host:port
 # host:port:user:pass
-# host|port
-# host|port|user|pass
+# host:port:socks5:user:pass
+# host:port:http:user:pass
+# host|port|https|user|pass
+# socks5://user:pass@host:port
+# http://user:pass@host:port
+# https://user:pass@host:port
 #
 # Examples:
 # 127.0.0.1:1080
+# 127.0.0.1:8080:http
 # proxy.example.com:1080:username:password
+# socks5://username:password@proxy.example.com:1080
+# http://username:password@proxy.example.com:8080
 #
 # When rotate_ip is true, the app validates this list, keeps active proxies,
-# warns on weak/slow entries, and rotates through them for send, debounce,
-# verifier, redirect scanner, judger, and Microsoft sorter.
+# warns on weak/slow entries, and rotates through them for send (SMTP, free/DNS
+# MX, Exchange EWS, Zimbra SOAP), debounce, verifier, redirect scanner, judger,
+# and Microsoft sorter.
+#
+# Live failover: blacklisted/dead proxies are auto-skipped within ~1-2s and the
+# next healthy entry is picked. Failed routes are removed from rotation for the
+# current session (update socks.txt to restore removed entries).