sentinel-scanner 1.0.1-alpha.1 → 1.1.0-alpha.1

package/src/index.ts

@@ -1,27 +1,86 @@
 #!/usr/bin/env node
 
-import { Command } from "commander";
-// @ts-ignore: For TypeScript compatibility when importing JSON files
-import packageData from "../package.json";
+import yargs from "yargs";
+import { hideBin } from "yargs/helpers";
+import { SpiderScanner } from "./modules";
 
-// Create a new Command object
-const program = new Command();
+const commandHandler = yargs(hideBin(process.argv));
 
-// Set version, name, and description from the package.json
-program
-	.version(packageData.version)
-	.name(packageData.name)
-	.description(packageData.description);
+/**
+ * Command to scan for XSS vulnerabilities
+ *
+ * @param {string} url - URL to scan
+ * @param {string} wordlist - Path to wordlist file
+ * @returns {void}
+ *
+ * @example
+ * npx sentinel-scanner xss --url https://example.com
+ */
+commandHandler.command(
+	"xss",
+	"Scan for XSS vulnerabilities",
+	{
+		url: {
+			describe: "URL to scan",
+			demandOption: true,
+			type: "string",
+			coerce: (value) => {
+				try {
+					new URL(value);
+					return value;
+				} catch (err) {
+					throw new Error("Invalid URL format");
+				}
+			},
+		},
+		wordlist: {
+			describe: "Path to wordlist file",
+			type: "string",
+		},
+	},
+	(argv) => {
+		console.log("Scanning for XSS vulnerabilities...");
+		console.log(`URL: ${argv.url}`);
+		console.log(`Wordlist: ${argv.wordlist || "Default"}`);
+	},
+);
 
-// Add a help command explicitly if needed
-program.helpOption("-h, --help", "Display help for command");
+// Command to Spider a website
+commandHandler.command(
+	"spider",
+	"Scan a website for vulnerabilities",
+	{
+		url: {
+			describe: "URL to scan",
+			demandOption: true,
+			type: "string",
+			coerce: (value) => {
+				try {
+					new URL(value);
+					return value;
+				} catch (err) {
+					throw new Error("Invalid URL format");
+				}
+			},
+		},
+	},
+	(argv) => {
+		const spider = new SpiderScanner(argv.url);
 
-// Parse command-line arguments
-program.parse(process.argv);
+		spider.crawl().then((output) => {
+			console.log(
+				JSON.stringify(
+					{
+						forms: output.forms,
+						links: output.links,
+					},
+					null,
+					2,
+				),
+			);
+		});
+	},
+);
 
-const options = program.opts();
-
-// If no arguments are provided, display help
-if (Object.keys(options).length === 0) {
-	program.help();
-}
+// Parse arguments and handle commands
+commandHandler.parse();

package/src/lib/logger.ts

@@ -0,0 +1,43 @@
+export default class Logger {
+	private moduleName: string;
+	private colors = {
+		error: "\x1b[31m",
+		info: "\x1b[32m",
+		warn: "\x1b[33m",
+		debug: "\x1b[35m",
+		reset: "\x1b[0m",
+		module: "\x1b[46m",
+	};
+
+	constructor(moduleName: string) {
+		this.moduleName = moduleName;
+	}
+
+	private formatMessage(
+		level: keyof typeof this.colors,
+		...message: string[]
+	): string {
+		const timestamp = new Date().toTimeString().split(" ")[0];
+		return `[${level}] ${this.colors[level]}${this.colors.reset}${this.colors[level]}[${timestamp}]${this.colors.reset} ${this.colors.module}[${this.moduleName}]${this.colors.reset} ${this.colors[level]}${message}${this.colors.reset}`;
+	}
+
+	public error(...message: string[]): void {
+		console.error(this.formatMessage("error", ...message));
+	}
+
+	public info(...message: string[]): void {
+		console.info(this.formatMessage("info", ...message));
+	}
+
+	public warn(...message: string[]): void {
+		console.warn(this.formatMessage("warn", ...message));
+	}
+
+	public log(...message: string[]): void {
+		console.log(this.formatMessage("info", ...message));
+	}
+
+	public debug(...message: string[]): void {
+		console.debug(this.formatMessage("debug", ...message));
+	}
+}

package/src/modules/index.ts

@@ -0,0 +1,3 @@
+import SpiderScanner from "./spider";
+
+export { SpiderScanner };

package/src/modules/spider/index.ts

@@ -0,0 +1,175 @@
+import fetch from "isomorphic-fetch";
+import jsdom from "jsdom";
+import UserAgent from "user-agents";
+import Logger from "../../lib/logger";
+
+export type FormOutput = {
+	id: number;
+	url: string;
+	fields: Array<{ name: string; id: string; class: string; type: string }>;
+};
+
+export type CrawlOutput = {
+	links: string[];
+	forms: FormOutput[];
+};
+
+export default class SpiderScanner {
+	private header: Record<string, string> = {
+		"User-Agent": new UserAgent().toString(),
+	};
+	private url: URL;
+	private logger = new Logger("Spider");
+
+	constructor(url: string) {
+		try {
+			this.url = new URL(url);
+			this.logger.info(
+				`Initialized with URL: ${url} & User-Agent: ${this.header["User-Agent"]}`,
+			);
+		} catch (error) {
+			if (error instanceof TypeError) {
+				this.logger.error("Invalid URL");
+				throw new Error("Invalid URL");
+			}
+			this.logger.error(`Unexpected error in constructor: ${error}`);
+			throw error;
+		}
+	}
+
+	// Normalize domains (removes 'www.')
+	private normalizeDomain(domain: string): string {
+		return domain.startsWith("www.") ? domain.slice(4) : domain;
+	}
+
+	private convertRelativeUrlToAbsolute(url: string): string {
+		return new URL(url, this.url.toString()).toString();
+	}
+
+	private isInternalLink(url: string): boolean {
+		try {
+			const parsedUrl = new URL(url, this.url.href);
+			if (!["http:", "https:"].includes(parsedUrl.protocol)) {
+				return false;
+			}
+			const baseDomain = this.normalizeDomain(this.url.hostname);
+			const parsedDomain = this.normalizeDomain(parsedUrl.hostname);
+			return parsedDomain === baseDomain;
+		} catch (error) {
+			this.logger.warn(`Error parsing URL: ${url} - ${error}`);
+			return false;
+		}
+	}
+
+	private async fetchUrl(url: string): Promise<string | null> {
+		try {
+			this.logger.debug(`Fetching URL: ${url}`);
+			const response = await fetch(url, { headers: this.header });
+			if (!response.ok) {
+				this.logger.warn(`Failed to fetch URL (${response.status}): ${url}`);
+				return null;
+			}
+			this.logger.info(`Successfully fetched URL: ${url}`);
+			return await response.text();
+		} catch (error) {
+			this.logger.error(`Error fetching URL: ${url} - ${error}`);
+			return null;
+		}
+	}
+
+	private extractLinks(html: string): string[] {
+		const { JSDOM } = jsdom;
+		const dom = new JSDOM(html);
+		const links = Array.from(dom.window.document.querySelectorAll("a"));
+		const hrefs = links.map((link) => link.href);
+		const internalLinks = hrefs.filter((href) => this.isInternalLink(href));
+		this.logger.debug(
+			`Extracted ${internalLinks.length} internal links from HTML content`,
+		);
+		return internalLinks.map((link) => this.convertRelativeUrlToAbsolute(link));
+	}
+
+	private extractForms(html: string): FormOutput[] {
+		const { JSDOM } = jsdom;
+		const dom = new JSDOM(html);
+		const forms = Array.from(dom.window.document.querySelectorAll("form"));
+		this.logger.debug(`Extracted ${forms.length} forms from HTML content`);
+
+		return forms.map((form, index) => {
+			const fields = Array.from(form.querySelectorAll("input")).map(
+				(input) => ({
+					name: input.name,
+					id: input.id,
+					class: input.className,
+					type: input.type,
+				}),
+			);
+
+			return {
+				id: index,
+				url: this.url.href,
+				fields,
+			};
+		});
+	}
+
+	// Main function to scan the website with concurrency support and return both links and forms
+	public async crawl(depth = 250, concurrency = 5): Promise<CrawlOutput> {
+		const visited = new Set<string>();
+		const queue = new Set<string>([this.url.href]);
+		const resultLinks = new Set<string>();
+		const resultForms = new Set<FormOutput>();
+
+		const fetchAndExtract = async (currentUrl: string) => {
+			if (visited.has(currentUrl)) {
+				this.logger.debug(`Skipping already visited URL: ${currentUrl}`);
+				return;
+			}
+			visited.add(currentUrl);
+			this.logger.info(`Visiting URL: ${currentUrl}`);
+
+			const html = await this.fetchUrl(currentUrl);
+			if (!html) return;
+
+			// Extract links and forms
+			const links = this.extractLinks(html);
+			const forms = this.extractForms(html);
+
+			for (const form of forms) {
+				resultForms.add(form);
+			}
+
+			for (const link of links) {
+				if (!visited.has(link) && queue.size < depth) {
+					queue.add(link);
+					this.logger.debug(`Added to queue: ${link}`);
+				}
+			}
+			resultLinks.add(currentUrl);
+		};
+
+		const processBatch = async () => {
+			const batch = Array.from(queue).slice(0, concurrency);
+			for (const url of batch) {
+				queue.delete(url);
+			}
+			await Promise.allSettled(batch.map((url) => fetchAndExtract(url)));
+		};
+
+		this.logger.info(
+			`Starting crawl with depth: ${depth}, concurrency: ${concurrency}`,
+		);
+		while (queue.size > 0 && visited.size < depth) {
+			await processBatch();
+		}
+
+		this.logger.info(
+			`Crawling completed. Total pages visited: ${resultLinks.size}, Total forms found: ${resultForms.size}`,
+		);
+
+		return {
+			links: Array.from(resultLinks),
+			forms: Array.from(resultForms),
+		};
+	}
+}

package/tsconfig.json

@@ -2,13 +2,12 @@
   "include": ["./src/**/*.ts"],
   "compilerOptions": {
     "lib": ["es2023"],
-    "module": "nodenext",
+    "module": "ESNext",
     "target": "es2022",
-    "moduleResolution": "nodenext",
+    "moduleResolution": "node",
 
     "rootDir": "./src",
     "outDir": "build",
-    "resolvePackageJsonImports": true,
 
     "strict": true,
     "noUncheckedIndexedAccess": true,
@@ -19,6 +18,12 @@
     "declaration": true,
     "resolveJsonModule": true,
     "emitDeclarationOnly": true,
+
+    // These two options can help resolve ESM issues
+    "allowSyntheticDefaultImports": true,
+    "isolatedModules": true,
+
+    // Ensure TypeScript recognizes .ts file extensions in ESM
     "allowImportingTsExtensions": true
   }
 }