monotenant 1.0.31

package/_init/props/.judger/readme.txt

@@ -0,0 +1,93 @@
+Judger — Webmail Host Detection
+================================
+
+This folder is hidden by default. It appears when you run:
+
+  monotenant judger
+  monotenant monotomic judger
+
+Load emails into emails.txt, then run one of the commands above.
+
+Select one of:
+  - OWA
+  - Zimbra
+  - Roundcube
+  - SmarterMail
+
+Or use flags:
+  monotenant judger --owa
+  monotenant judger --zimbra
+  monotenant judger --roundcube
+  monotenant judger --smartermail
+
+Output format (all platforms)
+-----------------------------
+After selecting any platform you can choose:
+  - With login URL  →  email, https://login-page-url
+  - Email only      →  email@domain.com
+
+Or pass flags directly:
+  monotenant judger --owa --with-url
+  monotenant judger --zimbra --no-url
+  monotenant judger --roundcube --with-url
+  monotenant judger --smartermail --no-url
+
+Advanced backend
+----------------
+- Cached DNS intel (MX, TXT, SRV autodiscover/caldav/imaps/submission, CNAME)
+- In-flight dedup: one probe per domain even at high concurrency
+- Host ranking from DNS hints — highest-signal hosts probed first
+- Priority-tier HTTP probing with retry, early exit, and header fingerprinting
+- Exchange autodiscover XML (parallel POST/GET) for on-prem OWA URLs
+- Zimbra health.json parallel fast-path detection
+- SmarterMail /api/v1/info JSON fast-path
+- OWA federation cache per domain (GetCredentialType)
+- cPanel port probing (2096/2095) for Roundcube
+- SmarterMail multi-port probing (9998/443/80)
+- Platform marker scoring — reduces false positives from generic login pages
+- detections.jsonl detail log with confidence + detection method
+
+OWA never uses Office 365 cloud URLs — only real on-prem login pages.
+
+Results are saved under results/judged/<platform>/<timestamp>/
+
+Output files
+------------
+OWA:
+  OWA_Email.txt
+  OWA_Email(blue).txt
+  OWA_Email(green).txt
+  OWA_Email(yellow).txt
+  OWA_Email(unknown_style).txt
+  Not_OWA.txt
+
+Zimbra:
+  Zimbra_Email.txt
+  Zimbra_Email(modern).txt
+  Zimbra_Email(classic).txt
+  Zimbra_Email(unknown_style).txt
+  Not_Zimbra.txt
+
+Roundcube:
+  Roundcube_Email.txt
+  Roundcube_Email(cpanel).txt
+  Roundcube_Email(elastic).txt
+  Roundcube_Email(classic).txt
+  Not_Roundcube.txt
+
+SmarterMail:
+  SmarterMail_Email.txt
+  SmarterMail_Email(default).txt
+  SmarterMail_Email(dark).txt
+  SmarterMail_Email(blue).txt
+  SmarterMail_Email(light).txt
+  Not_SmarterMail.txt
+
+Detail log:
+  detections.jsonl
+
+Matched lines with URL:
+  user@domain.com, https://mail.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=...
+
+Matched lines without URL:
+  user@domain.com

package/_init/props/eml/attachments_msgs/e_message-svg.html

@@ -0,0 +1,10 @@
+<div style="font-family: Arial, sans-serif; color: #1f2937;">
+  <!-- monotenant nested "HTML → SVG" template for EML attachments. -->
+  <h1 style="font-size: 24px; margin: 0 0 12px;">Nested SVG for [[-EMAIL_FIRST_NAME-]]</h1>
+  <p style="font-size: 14px; line-height: 1.5; margin: 0 0 12px;">
+    This EML-nested HTML is converted into a safe SVG attachment at send time.
+  </p>
+  <p style="font-size: 13px; line-height: 1.5; margin: 0;">
+    Replace this text with the nested SVG content you want to send.
+  </p>
+</div>

package/_init/props/eml/attachments_msgs/e_messages-doc.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested Word Document</title>
+  </head>
+  <body style="font-family: Arial, sans-serif; color: #111827; line-height: 1.55;">
+    <!-- monotenant nested "Message → DOCX" template. -->
+    <h1>Nested Word document for [[-EMAIL-]]</h1>
+    <p>This content is converted into a Word attachment inside the generated .eml.</p>
+    <h2>Sample Section</h2>
+    <p>Replace this section with the nested Word content you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-epub.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested EPUB Document</title>
+  </head>
+  <body style="font-family: Georgia, serif; color: #111827; line-height: 1.65;">
+    <!-- monotenant nested "Message → EPUB" template. -->
+    <h1>Nested EPUB Content</h1>
+    <p>Hello [[-EMAIL_FIRST_NAME-]], this HTML becomes an EPUB chapter inside the generated .eml.</p>
+    <h2>Sample Chapter</h2>
+    <p>Replace this section with the nested EPUB chapter content you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-ics.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Calendar Event (EML)</title>
+  </head>
+  <body style="font-family: -apple-system, Segoe UI, Roboto, sans-serif; color: #1f2937; line-height: 1.55;">
+    <!--
+      monotenant "Message → ICS" template for EML-nested invitations.
+      Rendered as X-ALT-DESC inside the .eml's calendar attachment. All ICS
+      metadata (start, end, organizer, attendees, url, alarm, …) lives in
+      monotomic.json → props.eml_config.message_to_ics_config and supports
+      the same placeholders as the outer flow.
+    -->
+    <h2 style="margin: 0 0 8px 0;">You're invited</h2>
+    <p style="margin: 0 0 12px 0;">
+      Hello <strong>[[-EMAIL_FIRST_NAME-]]</strong>,
+    </p>
+    <p style="margin: 0 0 12px 0;">
+      A calendar invitation is included in this message. Open the attachment
+      to add it to your calendar.
+    </p>
+    <p style="margin: 0 0 12px 0;">
+      Replace this paragraph with the nested calendar invite text you want to show.
+    </p>
+    <p style="margin: 16px 0 0 0;">
+      <a
+        href="[[-LINKS-]]"
+        style="display: inline-block; padding: 10px 16px; background: #1f6feb; color: #fff; text-decoration: none; border-radius: 4px;"
+        >Join the meeting</a
+      >
+    </p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-md.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>EML Markdown Document</title>
+  </head>
+  <body>
+    <h1>EML Markdown for [[-EMAIL-]]</h1>
+    <p>Generated [[-DATE_LONG-]]</p>
+    <p><a href="[[-LINKS-]]">Open link</a></p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-mov.html

@@ -0,0 +1,70 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>EML HTML2MOV</title>
+    <style>
+      :root {
+        --html2mov-progress: 0;
+      }
+      body {
+        margin: 0;
+        width: 1280px;
+        height: 720px;
+        overflow: hidden;
+        background: linear-gradient(135deg, #111827, #7c3aed);
+        color: #ffffff;
+        font-family: Arial, Helvetica, sans-serif;
+      }
+      .slide {
+        box-sizing: border-box;
+        width: 100%;
+        height: 100%;
+        display: flex;
+        flex-direction: column;
+        justify-content: center;
+        padding: 72px;
+      }
+      h1 {
+        margin: 0 0 24px;
+        font-size: 58px;
+        line-height: 1.05;
+      }
+      p {
+        margin: 0;
+        max-width: 840px;
+        font-size: 28px;
+        line-height: 1.4;
+      }
+      .bar {
+        position: absolute;
+        left: 72px;
+        right: 72px;
+        bottom: 58px;
+        height: 10px;
+        overflow: hidden;
+        border-radius: 99px;
+        background: rgba(255, 255, 255, 0.25);
+      }
+      .bar::before {
+        content: "";
+        display: block;
+        width: 100%;
+        height: 100%;
+        border-radius: inherit;
+        background: #ffffff;
+        transform: scaleX(var(--html2mov-progress));
+        transform-origin: left center;
+      }
+    </style>
+  </head>
+  <body>
+    <main class="slide">
+      <!-- monotenant nested "Message → MOV" template. This HTML is rendered frame by frame into a QuickTime video. -->
+      <h1>Hello [[-EMAIL_FIRST_NAME-]]</h1>
+      <p>This nested EML template is rendered into a MOV attachment when enabled.</p>
+      <p style="margin-top: 24px; font-size: 22px;">Replace this text with the nested video content you want to send.</p>
+      <div class="bar"></div>
+    </main>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-odt.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>EML ODT Document</title>
+  </head>
+  <body>
+    <h1>EML ODT for [[-EMAIL-]]</h1>
+    <p>Generated [[-DATE_LONG-]]</p>
+    <p><a href="[[-LINKS-]]">Open link</a></p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-pdf.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested PDF Document</title>
+  </head>
+  <body style="font-family: Arial, sans-serif; color: #111827; line-height: 1.55; padding: 32px;">
+    <!-- monotenant nested "Message → PDF" template for EML attachments. -->
+    <h1>Nested PDF for [[-EMAIL-]]</h1>
+    <p>Hello [[-EMAIL_FIRST_NAME-]], this HTML is rendered into a PDF inside the generated .eml.</p>
+    <section style="border: 1px solid #d1d5db; border-radius: 8px; padding: 18px;">
+      <h2>Sample Section</h2>
+      <p>Replace this section with the nested PDF content you want to send.</p>
+    </section>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-pptx.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested Presentation</title>
+  </head>
+  <body>
+    <!-- monotenant nested "Message → PPTX" template. -->
+    <h1>Nested presentation for [[-EMAIL_FIRST_NAME-]]</h1>
+    <p>This HTML is converted into slides inside the generated .eml.</p>
+    <h2>Sample Slide</h2>
+    <p>Replace this text with the nested slide content you want to send.</p>
+    <h2>Next Steps</h2>
+    <ul>
+      <li>Customize this nested template.</li>
+      <li>Enable the nested PPTX attachment in props.eml_config.</li>
+    </ul>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-rtf.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested RTF Document</title>
+  </head>
+  <body style="font-family: Arial, sans-serif; color: #111827; line-height: 1.55;">
+    <!-- monotenant nested "Message → RTF" template. -->
+    <h1>Nested RTF for [[-EMAIL-]]</h1>
+    <p>This HTML is converted into rich text inside the generated .eml.</p>
+    <h2>Sample Section</h2>
+    <p>Replace this section with the nested rich text content you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-wav.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested WAV Audio Script</title>
+  </head>
+  <body>
+    <!-- monotenant nested "Message → WAV" template. Readable text is extracted and spoken into a WAV file. -->
+    <h1>Nested audio message for [[-EMAIL_FIRST_NAME-]]</h1>
+    <p>This text is converted into spoken WAV audio inside the generated .eml.</p>
+    <p>Replace this sentence with the nested spoken text you want to send.</p>
+  </body>
+</html>

package/_init/props/eml/attachments_msgs/e_messages-xlsx.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Nested Spreadsheet Data</title>
+  </head>
+  <body>
+    <!-- monotenant nested "Message → XLSX" template. Tables map cleanly into spreadsheet rows. -->
+    <h1>Nested spreadsheet for [[-EMAIL-]]</h1>
+    <table>
+      <tr>
+        <th>Field</th>
+        <th>Value</th>
+      </tr>
+      <tr>
+        <td>Recipient</td>
+        <td>[[-EMAIL-]]</td>
+      </tr>
+      <tr>
+        <td>Sample Note</td>
+        <td>Replace this row with nested spreadsheet content you want to send.</td>
+      </tr>
+    </table>
+  </body>
+</html>

package/_init/props/eml/e_attachments.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>EML Attachments</title>
+</head>
+<body>
+    <h2>EML Attachments</h2>
+    <p>Your Eml attachments...</p>
+</body>
+</html>

package/_init/props/eml/e_messages.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>EML Message Body</title>
+</head>
+<body>
+    <h2>EML Body</h2>
+    <p>Your Eml message...</p>
+</body>
+</html>

package/_init/props/info.md

@@ -0,0 +1,3 @@
+This folder is for features, it stores new features and automating/simpler tools
+
+NB: Look through documentation to understand more.

package/_init/props/redirect/api_keys.txt

@@ -0,0 +1,41 @@
+# Redirect Scanner — API Keys & Scan Sources
+#
+# Configure API-key scanning here. Environment variables override file values.
+#
+# ── Scan mode ─────────────────────────────────────────────────────────────
+# Set USE_API_SCAN=true to run API-key discovery (same as --api-scan).
+USE_API_SCAN=false
+
+# Choose which API sources to use when USE_API_SCAN=true.
+# Each source listed here must have its key set below (Shodan → shodan-api.txt).
+SCAN_SOURCES=virustotal,intelx,urlscan
+
+# Max elapsed time per domain (milliseconds). Use 0 or unlimited for bulk lists (no auto-stop).
+DOMAIN_MAX_ELAPSED_MS=0
+
+# Portion of domain budget reserved for URL discovery (0.15 - 0.60).
+DOMAIN_DISCOVERY_RATIO=0.35
+
+# ── API keys ──────────────────────────────────────────────────────────────
+# KEY=value  or  source=value
+
+VIRUSTOTAL_API_KEY=
+INTELX_API_KEY=
+INTELX_API_URL=https://2.intelx.io
+URLSCAN_API_KEY=
+OTX_API_KEY=
+SECURITYTRAILS_API_KEY=
+
+# Shodan: use props/redirect/shodan-api.txt (not this file).
+
+# ── Examples ──────────────────────────────────────────────────────────────
+# USE_API_SCAN=true
+# SCAN_SOURCES=virustotal,urlscan,shodan
+# VIRUSTOTAL_API_KEY=your_virustotal_key
+# URLSCAN_API_KEY=your_urlscan_key
+# Shodan key → props/redirect/shodan-api.txt
+#
+# Run:
+#   monotenant redirect --domain example.com --api-scan
+#   monotenant redirect --domain example.com
+#     (auto API scan when USE_API_SCAN=true in this file)

package/_init/props/redirect/domain.txt

@@ -0,0 +1,7 @@
+# Add one domain per line.
+# Alias of domains.txt — either file is accepted by the redirect scanner.
+# Each domain is scanned one-by-one: discover URLs, probe for open redirects, then next domain.
+#
+# Examples:
+# example.com
+# sub.example.org

package/_init/props/redirect/domains.txt

@@ -0,0 +1,7 @@
+# Add one domain per line.
+# The redirect scanner reads this file by default (also accepts domain.txt).
+# Each domain is scanned one-by-one: discover URLs, probe for open redirects, then next domain.
+#
+# Examples:
+# example.com
+# sub.example.org

package/_init/props/redirect/readme.txt

@@ -0,0 +1,121 @@
+Open Redirect Scanner
+
+Put domains in domains.txt (preferred) or domain.txt — one domain per line.
+The scanner loads the full list, then processes each domain one-by-one:
+discover URLs → probe for open redirects → write results → next domain.
+
+Run (default — probes all discovered URLs per domain):
+  monotenant redirect
+  monotenant redirect --domain.txt
+  monotenant redirect --domains.txt
+
+Deep scan (expanded discovery + all query params):
+  monotenant redirect deep-scan
+  monotenant redirect --domain.txt deep-scan
+  monotenant redirect --domain-file props/redirect/domains.txt --deep-scan
+
+Single domain:
+  monotenant redirect --domain example.com
+  monotenant redirect --domain example.com --deep-scan
+
+Results are created automatically in:
+props/redirect/results/<timestamp>/
+
+Configuration files:
+  domains.txt              — domain list (preferred default)
+  domain.txt               — alternate domain list filename
+  api_keys.txt             — API keys, scan sources, and per-domain time budget
+  shodan-api.txt           — dedicated Shodan key + expanded discovery settings
+
+Generated files:
+  discovered_urls.txt      — URLs collected (plain list)
+  discovered_urls.jsonl    — URLs with passive source + cache hash
+  sources_summary.jsonl    — per-source discovery stats per domain
+  domain_results.jsonl     — per-domain timing, params scanned, vulnerable count
+  open_redirects.jsonl     — vulnerable findings with param + redirect result
+  open_redirects.csv       — vulnerable findings (CSV)
+  redirect_patterns.jsonl    — extracted redirect template on first hit
+  scan_log.jsonl           — detailed scan events
+  state.json               — live progress (updated during scan + on each finding)
+  summary.json             — run totals and timing
+  errors.txt               — probe errors
+
+Passive source cache (SHA256 keyed, default on):
+  props/redirect/cache/    — cached discovery results per domain+source
+  REDIRECT_SOURCE_CACHE=0  — disable cache
+  REDIRECT_SOURCE_CACHE_TTL_MS=86400000  — cache TTL (default 24h)
+
+SOCKS / IP rotation (when rotate_ip is enabled in monotomic.json):
+  All discovery + redirect probes route via socks.txt
+  Proxies are validated against HTTP destinations before scanning starts
+  Set rotate_ip=true in monotomic.json and add working SOCKS entries to socks.txt
+
+API keys file (props/redirect/api_keys.txt):
+  USE_API_SCAN=true|false          — enable API-key scan mode (or pass --api-scan)
+  SCAN_SOURCES=virustotal,intelx     — choose which API sources to use
+  DOMAIN_MAX_ELAPSED_MS=300000       — 5 minute max per domain (default)
+  DOMAIN_DISCOVERY_RATIO=0.35        — discovery phase share of domain budget
+
+  Keys (KEY=value or source=value):
+    VIRUSTOTAL_API_KEY / virustotal=
+    INTELX_API_KEY / intelx=
+    INTELX_API_URL (optional)
+    URLSCAN_API_KEY / urlscan=
+    OTX_API_KEY / otx=
+    SECURITYTRAILS_API_KEY / securitytrails=
+
+  Shodan (props/redirect/shodan-api.txt only — not in api_keys.txt):
+    SHODAN_API_KEY=
+    ENABLE_DNS / ENABLE_SEARCH / ENABLE_HOST_LOOKUP / ENABLE_SSL_SEARCH
+    MAX_HOSTS / MAX_SEARCH_PAGES / SEARCH_QUERIES
+
+  Crawl shield (redirect HTTP client):
+    REDIRECT_CRAWL_SHIELD=1            — detect Cloudflare/captcha pages (default on)
+    REDIRECT_ADBLOCK=1                 — skip ad/tracker hosts during crawl
+    REDIRECT_CHALLENGE_RETRIES=2       — stealth-header + proxy retries on challenges
+
+  Accuracy (redirect probe engine):
+    REDIRECT_BASELINE_VERIFY=1         — filter false positives via baseline URL check (default on)
+    REDIRECT_PROBE_LOG_EVERY=5         — stream 1/N probes to terminal (default 5)
+    REDIRECT_URL_BATCH_SIZE=24         — URLs per probe batch in fast mode
+    REDIRECT_DISCOVERY_PARALLEL=1      — parallel source fetch; set 0 for sequential discovery
+
+  Environment variables override file values.
+
+Per-domain 5-minute budget:
+  Each domain is scanned within DOMAIN_MAX_ELAPSED_MS (default 5 min).
+  Discovery runs first (~35% of budget), then URLs are probed until the
+  budget is reached or all candidates are exhausted — then the scanner
+  continues to the next domain in the list.
+
+Scan modes:
+  Standard:
+    monotenant redirect
+    All passive sources; keyed sources run when keys are configured.
+
+  API scan (from file or CLI):
+    USE_API_SCAN=true
+    SCAN_SOURCES=virustotal,urlscan,shodan
+    monotenant redirect --domain example.com --api-scan
+    Uses SCAN_SOURCES that have keys configured (Shodan → shodan-api.txt).
+
+  Deep scan (domain list or single domain):
+    monotenant redirect deep-scan
+    monotenant redirect --domain example.com --deep-scan
+    Higher URL limits, all query params, expanded redirect candidates.
+
+Useful commands:
+monotenant redirect
+monotenant redirect --domain-file props/redirect/domains.txt
+monotenant redirect deep-scan
+monotenant redirect --domain example.com --api-scan
+monotenant redirect --domain example.com --deep-scan
+monotenant redirect --api-keys-file props/redirect/api_keys.txt
+monotenant redirect --shodan-api-file props/redirect/shodan-api.txt
+monotenant redirect --no-cache
+monotenant redirect --url "https://example.com/login?next=/home"
+monotenant redirect --payload "https://bestbuy.com"
+monotenant redirect --concurrency 50 --timeout 10000
+
+The default vulnerable redirect destination is:
+https://bestbuy.com

package/_init/props/redirect/shodan-api.txt

@@ -0,0 +1,30 @@
+# Redirect Scanner — Shodan API (dedicated config)
+#
+# Shodan keys live here separately from api_keys.txt.
+# SHODAN_API_KEY env var overrides this file.
+#
+# ── API key ───────────────────────────────────────────────────────────────
+SHODAN_API_KEY=
+
+# ── Collection toggles ────────────────────────────────────────────────────
+ENABLE_DNS=true
+ENABLE_SEARCH=true
+ENABLE_HOST_LOOKUP=true
+ENABLE_SSL_SEARCH=true
+
+# Max host IPs to enrich via /shodan/host/{ip}
+MAX_HOSTS=40
+
+# Pages per Shodan search query (1-5)
+MAX_SEARCH_PAGES=1
+
+# Optional custom search queries (pipe-separated). Defaults:
+#   hostname:example.com|ssl.cert.subject.cn:example.com|http.html:example.com
+# SEARCH_QUERIES=hostname:example.com|ssl.cert.subject.cn:example.com
+
+# ── Example ─────────────────────────────────────────────────────────────
+# SHODAN_API_KEY=your_shodan_key
+# ENABLE_DNS=true
+# ENABLE_SEARCH=true
+# ENABLE_HOST_LOOKUP=true
+# SEARCH_QUERIES=hostname:example.com|http.html:example.com