stackscan 2.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. stackscan-2.1.0/.gitignore +135 -0
  2. stackscan-2.1.0/LICENSE +18 -0
  3. stackscan-2.1.0/PKG-INFO +341 -0
  4. stackscan-2.1.0/README.md +303 -0
  5. stackscan-2.1.0/pyproject.toml +174 -0
  6. stackscan-2.1.0/scripts/build_cve_db.py +203 -0
  7. stackscan-2.1.0/src/stackscan/__init__.py +5 -0
  8. stackscan-2.1.0/src/stackscan/__main__.py +4 -0
  9. stackscan-2.1.0/src/stackscan/analyzers/__init__.py +29 -0
  10. stackscan-2.1.0/src/stackscan/analyzers/creds.py +218 -0
  11. stackscan-2.1.0/src/stackscan/analyzers/cve.py +458 -0
  12. stackscan-2.1.0/src/stackscan/analyzers/exposure.py +73 -0
  13. stackscan-2.1.0/src/stackscan/analyzers/infra.py +114 -0
  14. stackscan-2.1.0/src/stackscan/analyzers/security.py +26 -0
  15. stackscan-2.1.0/src/stackscan/analyzers/services.py +285 -0
  16. stackscan-2.1.0/src/stackscan/analyzers/tech.py +178 -0
  17. stackscan-2.1.0/src/stackscan/cli.py +750 -0
  18. stackscan-2.1.0/src/stackscan/config/__init__.py +19 -0
  19. stackscan-2.1.0/src/stackscan/config/sigdb_loader.py +74 -0
  20. stackscan-2.1.0/src/stackscan/config/sources.py +238 -0
  21. stackscan-2.1.0/src/stackscan/core/__init__.py +3 -0
  22. stackscan-2.1.0/src/stackscan/core/core.py +60 -0
  23. stackscan-2.1.0/src/stackscan/data/builtin.sigdb +0 -0
  24. stackscan-2.1.0/src/stackscan/data/cve.json.gz +0 -0
  25. stackscan-2.1.0/src/stackscan/data/reekeer-logo.png +0 -0
  26. stackscan-2.1.0/src/stackscan/data/subdomains.txt +522 -0
  27. stackscan-2.1.0/src/stackscan/export.py +574 -0
  28. stackscan-2.1.0/src/stackscan/net/__init__.py +22 -0
  29. stackscan-2.1.0/src/stackscan/net/dns.py +168 -0
  30. stackscan-2.1.0/src/stackscan/net/fingerprint.py +41 -0
  31. stackscan-2.1.0/src/stackscan/net/geo.py +70 -0
  32. stackscan-2.1.0/src/stackscan/net/ipinfo.py +94 -0
  33. stackscan-2.1.0/src/stackscan/net/ports.py +219 -0
  34. stackscan-2.1.0/src/stackscan/net/resolver.py +54 -0
  35. stackscan-2.1.0/src/stackscan/net/subdomains.py +457 -0
  36. stackscan-2.1.0/src/stackscan/net/tld.py +126 -0
  37. stackscan-2.1.0/src/stackscan/net/tls.py +78 -0
  38. stackscan-2.1.0/src/stackscan/render.py +541 -0
  39. stackscan-2.1.0/src/stackscan/scan.py +545 -0
  40. stackscan-2.1.0/src/stackscan/theme.py +23 -0
  41. stackscan-2.1.0/src/stackscan/types/__init__.py +43 -0
  42. stackscan-2.1.0/src/stackscan/types/models.py +18 -0
  43. stackscan-2.1.0/src/stackscan/types/output.py +367 -0
  44. stackscan-2.1.0/src/stackscan/utils/__init__.py +4 -0
  45. stackscan-2.1.0/src/stackscan/utils/paths.py +10 -0
  46. stackscan-2.1.0/src/stackscan/utils/urls.py +39 -0
  47. stackscan-2.1.0/tests/test_builtin_sigdb.py +15 -0
  48. stackscan-2.1.0/tests/test_cli_helpers.py +47 -0
  49. stackscan-2.1.0/tests/test_creds.py +41 -0
  50. stackscan-2.1.0/tests/test_cve.py +73 -0
  51. stackscan-2.1.0/tests/test_dns_records.py +25 -0
  52. stackscan-2.1.0/tests/test_export.py +77 -0
  53. stackscan-2.1.0/tests/test_extra.py +38 -0
  54. stackscan-2.1.0/tests/test_infra.py +34 -0
  55. stackscan-2.1.0/tests/test_ports.py +41 -0
  56. stackscan-2.1.0/tests/test_services.py +44 -0
  57. stackscan-2.1.0/tests/test_sources.py +43 -0
  58. stackscan-2.1.0/tests/test_subdomains.py +47 -0
  59. stackscan-2.1.0/tests/test_tech.py +47 -0
@@ -0,0 +1,135 @@
1
+ # Byte-compiled / optimized / DLL files
2
+ __pycache__/
3
+ *.py[cod]
4
+ *$py.class
5
+
6
+ # C extensions
7
+ *.so
8
+
9
+ # Distribution / packaging
10
+ .Python
11
+ build/
12
+ develop-eggs/
13
+ dist/
14
+ downloads/
15
+ eggs/
16
+ .eggs/
17
+ lib/
18
+ lib64/
19
+ parts/
20
+ sdist/
21
+ var/
22
+ wheels/
23
+ wheelhouse/
24
+ *.egg-info/
25
+ .installed.cfg
26
+ *.egg
27
+ MANIFEST
28
+
29
+ # PyInstaller
30
+ # Usually these files are written by a python script from a template
31
+ # before PyInstaller builds the exe, so as to inject date/other infos into it.
32
+ *.manifest
33
+ *.spec
34
+
35
+ # Installer logs
36
+ pip-log.txt
37
+ pip-delete-this-directory.txt
38
+
39
+ # Unit test / coverage reports
40
+ htmlcov/
41
+ .tox/
42
+ .nox/
43
+ .coverage
44
+ .coverage.*
45
+ .cache
46
+ nosetests.xml
47
+ coverage.xml
48
+ *.cover
49
+ .hypothesis/
50
+ .pytest_cache/
51
+
52
+ # Translations
53
+ *.mo
54
+ *.pot
55
+
56
+ # Django stuff:
57
+ *.log
58
+ local_settings.py
59
+ db.sqlite3
60
+
61
+ # Flask stuff:
62
+ instance/
63
+ .webassets-cache
64
+
65
+ # Scrapy stuff:
66
+ .scrapy
67
+
68
+ # Sphinx documentation
69
+ docs/_build/
70
+
71
+ # PyBuilder
72
+ target/
73
+
74
+ # Jupyter Notebook
75
+ .ipynb_checkpoints
76
+
77
+ # IPython
78
+ profile_default/
79
+ ipython_config.py
80
+
81
+ # pyenv
82
+ .python-version
83
+
84
+ # celery beat schedule file
85
+ celerybeat-schedule
86
+
87
+ # SageMath parsed files
88
+ *.sage.py
89
+
90
+ # Environments
91
+ .env
92
+ .venv
93
+ env/
94
+ venv/
95
+ ENV/
96
+ env.bak/
97
+ venv.bak/
98
+
99
+ # Spyder project settings
100
+ .spyderproject
101
+ .spyproject
102
+
103
+ # Rope project settings
104
+ .ropeproject
105
+
106
+ # mkdocs documentation
107
+ /site
108
+
109
+ # mypy
110
+ .mypy_cache/
111
+ .dmypy.json
112
+ dmypy.json
113
+
114
+ # IDEs
115
+ .vscode/
116
+ .idea/
117
+ *.swp
118
+ *.swo
119
+ *~
120
+
121
+ # Codex / Claude
122
+ AGENTS.md
123
+
124
+ # Local frameworks
125
+ frameworks.json
126
+ frameworks.schema.json
127
+
128
+ # OS generated files
129
+ .DS_Store
130
+ .DS_Store?
131
+ ._*
132
+ .Spotlight-V100
133
+ .Trashes
134
+ ehthumbs.db
135
+ Thumbs.db
@@ -0,0 +1,18 @@
1
+ Copyright 2026 reekeer
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy of
4
+ this software and associated documentation files (the “Software”), to deal in the
5
+ Software without restriction, including without limitation the rights to use, copy,
6
+ modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
7
+ and to permit persons to whom the Software is furnished to do so, subject to the
8
+ following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in all
11
+ copies or substantial portions of the Software.
12
+
13
+ THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
14
+ INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
15
+ PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
16
+ HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
17
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
18
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,341 @@
1
+ Metadata-Version: 2.4
2
+ Name: stackscan
3
+ Version: 2.1.0
4
+ Summary: Full web stack, infrastructure, DNS, port, subdomain and CVE analyzer.
5
+ Project-URL: Source, https://github.com/reekeer/stackscan
6
+ Project-URL: Issues, https://github.com/reekeer/stackscan/issues
7
+ Author: reekeer team
8
+ Maintainer-email: delewer <del@reekeer.hidden>
9
+ License: MIT
10
+ License-File: LICENSE
11
+ Keywords: cli,fingerprinting,osint,stack,tech,wappalyzer
12
+ Classifier: Development Status :: 4 - Beta
13
+ Classifier: Environment :: Console
14
+ Classifier: License :: OSI Approved :: MIT License
15
+ Classifier: Operating System :: OS Independent
16
+ Classifier: Programming Language :: Python :: 3
17
+ Classifier: Programming Language :: Python :: 3.11
18
+ Classifier: Programming Language :: Python :: 3.12
19
+ Classifier: Programming Language :: Python :: 3.13
20
+ Requires-Python: >=3.11
21
+ Requires-Dist: aiohttp>=3.9
22
+ Requires-Dist: dnspython>=2.6
23
+ Requires-Dist: python-nmap>=0.7
24
+ Requires-Dist: rich>=13.7
25
+ Requires-Dist: sigdb>=1.0.2
26
+ Provides-Extra: dev
27
+ Requires-Dist: black>=24.0; extra == 'dev'
28
+ Requires-Dist: build>=1.0; extra == 'dev'
29
+ Requires-Dist: cibuildwheel>=2.16; extra == 'dev'
30
+ Requires-Dist: geoip2>=4.8; extra == 'dev'
31
+ Requires-Dist: pyright>=1.1; extra == 'dev'
32
+ Requires-Dist: pytest>=8.0; extra == 'dev'
33
+ Requires-Dist: ruff>=0.5; extra == 'dev'
34
+ Requires-Dist: twine>=5.0; extra == 'dev'
35
+ Provides-Extra: geo
36
+ Requires-Dist: geoip2>=4.8; extra == 'geo'
37
+ Description-Content-Type: text/markdown
38
+
39
+ <h1 align="center">stackscan</h1>
40
+
41
+ <h4 align="center">Full web stack, infrastructure, DNS, port, subdomain and CVE analyzer — one command, one colorized report.</h4>
42
+
43
+ <p align="center">
44
+ <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-green?style=for-the-badge&logo=opensourceinitiative&logoColor=FFFFFF" alt="License"></a>
45
+ <img src="https://img.shields.io/badge/Python-3.11%2B-blue?style=for-the-badge&logo=python&logoColor=white" alt="Python">
46
+ <img src="https://img.shields.io/badge/Platform-Linux%20%7C%20macOS%20%7C%20Windows-lightgrey?style=for-the-badge&logo=linux&logoColor=FCC624" alt="Platform">
47
+ <img src="https://img.shields.io/badge/code%20style-black-000000?style=for-the-badge" alt="black">
48
+ <img src="https://img.shields.io/badge/linting-ruff-orange?style=for-the-badge" alt="ruff">
49
+ <img src="https://img.shields.io/badge/type%20checked-pyright-4B8BBE?style=for-the-badge" alt="pyright">
50
+ <img src="https://img.shields.io/github/stars/reekeer/stackscan?style=for-the-badge&logo=github&logoColor=white" alt="Stars">
51
+ <img src="https://img.shields.io/github/last-commit/reekeer/stackscan?style=for-the-badge&logo=github&logoColor=white" alt="Last Commit">
52
+ </p>
53
+
54
+ ---
55
+
56
+ **stackscan** takes one or more targets, fetches them over HTTP(S), and prints a
57
+ single colorized panel report covering the technology stack, the edge and
58
+ network infrastructure, full DNS, IP ownership, open ports, subdomains, and
59
+ known CVEs. A signature database and a compressed CVE database ship inside the
60
+ package, so it works out of the box.
61
+
62
+ Every default pass only reads what a server voluntarily returns. The **active**
63
+ passes — `--ports` and `--default-creds` — open connections the target did not
64
+ solicit and are opt-in. **Only scan systems you are authorized to test.**
65
+
66
+ ---
67
+
68
+ ## 📦 Installation
69
+
70
+ ```bash
71
+ pip install "stackscan @ git+https://github.com/reekeer/stackscan.git"
72
+
73
+ # optional extra
74
+ pip install "stackscan[geo]" # offline IP geolocation via geoip2 + a MaxMind .mmdb
75
+ ```
76
+
77
+ `nmap` is used for port scans when present; without it a pure-Python scanner is
78
+ used automatically.
79
+
80
+ ---
81
+
82
+ ## ✨ Features
83
+
84
+ ### 🧩 Stack & infrastructure
85
+ - **Technologies** — 7.5k-technology bundled [sigdb](https://github.com/reekeer/sigdb), classified by category.
86
+ - **Edge** — CDN, WAF, reverse proxy and server software from response metadata.
87
+ - **TLS** — certificate issuer, SANs, validity window, protocol and cipher.
88
+
89
+ ### 🌐 Network & DNS
90
+ - **Full DNS** — `A`/`AAAA`, reverse DNS, `CNAME`, `MX`, `NS`, `TXT`, `SOA`, `CAA`.
91
+ - **IP intelligence** — hosting org / ISP / ASN / location for non-CDN origins via [ipwho.is](https://ipwho.is).
92
+ - **Subdomains** — AXFR + the popularity-ranked [SecLists](https://github.com/danielmiessler/SecLists) DNS list over a fast async resolver pool, with wildcard filtering + TLS SANs.
93
+
94
+ ### 🔎 Ports & vulnerabilities
95
+ - **Ports** — `nmap -sV` via `python-nmap`, or a built-in async connect scan with banner/HTTP/RTSP fingerprinting.
96
+ - **CVEs** — offline NVD-sourced database with per-match **confidence %** and CVSS **severity**; `--cve-online` adds a live lookup.
97
+ - **Default creds / open devices** — a bounded, authorized-only check for cameras / routers / panels reachable without a password or with factory-default logins (SecLists default-credentials).
98
+
99
+ ### 🎛 Output
100
+ - Colorized per-target panels, a `--compact` table, or `--json`.
101
+ - Every run prints the banner and the total scan time.
102
+
103
+ ---
104
+
105
+ ## 🚀 Usage
106
+
107
+ ```bash
108
+ # Scan one or more targets
109
+ stackscan example.com https://another.example
110
+
111
+ # Everything at once: ports, subdomains, online CVEs, IP info, default-cred check
112
+ stackscan --full example.com
113
+
114
+ # Individual deep passes
115
+ stackscan --ports --subdomains example.com
116
+ stackscan --cve-online example.com
117
+
118
+ # Speed / coverage knobs
119
+ stackscan --full --workers 500 --subdomain-limit 10000 example.com
120
+ stackscan --full --site-limit 10 --workers 200 example.com
121
+
122
+ # JSON (full detail, includes timing) or a compact table
123
+ stackscan --json example.com
124
+ stackscan --compact a.example b.example
125
+ ```
126
+
127
+ Bare hostnames are normalized to `https://`.
128
+
129
+ ## ⚡ Benchmark
130
+
131
+ Below are performance benchmarks conducted on two production targets using different scanning options (tested on Python 3.12 / macOS).
132
+
133
+ ### 1. `github.com` Scan Performance
134
+
135
+ | Scan Mode | Command / Arguments | Execution Time (s) | Execution Time (ms) | Speed vs. Default (Baseline) |
136
+ | :--- | :--- | :---: | :---: | :---: |
137
+ | **Minimal Scan** | `--no-dns --no-tls --no-geo --no-ip-info --no-cve --no-probe` | **0.69s** | `690 ms` | **+86.09% faster** (7.2x) |
138
+ | **Default Scan** | *None (baseline)* | **4.96s** | `4960 ms` | *Baseline* |
139
+ | **Port Scan** | `--ports` | **6.10s** | `6100 ms` | **-22.98% slower** |
140
+ | **Full Active Scan** | `--full` | **64.99s** | `64990 ms` | **-1210.28% slower** |
141
+
142
+ ### 2. `kmtn.ru` Deep Scan Performance
143
+
144
+ | Scan Mode | Command / Arguments | Execution Time | Findings |
145
+ | :--- | :--- | :---: | :--- |
146
+ | **Full Active Scan** | `--full --subdomain-limit 50 --site-limit 20` | **1m 8.4s (68s)** | 269 CVE(s), 64 critical, 29 port(s), 41 subdomain(s), 11 site(s) |
147
+ | **Fast Full Scan** | `--full --subdomain-limit 50 --workers 400 --site-limit 20` | **~32s** | 247 CVE(s), 63 critical, 15 port(s), 41 subdomain(s), 9 site(s) |
148
+
149
+ ### 3. `microsoft.com` Scan Performance
150
+
151
+ | Scan Mode | Command / Arguments | Execution Time (s) | Execution Time (ms) | Speed vs. Default (Baseline) |
152
+ | :--- | :--- | :---: | :---: | :---: |
153
+ | **Minimal Scan** | `--no-dns --no-tls --no-geo --no-ip-info --no-cve --no-probe` | **0.98s** | `980 ms` | **+83.39% faster** (6.0x) |
154
+ | **Default Scan** | *None (baseline)* | **5.90s** | `5900 ms` | *Baseline* |
155
+ | **Port Scan** | `--ports` | **6.95s** | `6950 ms` | **-17.80% slower** |
156
+
157
+ > [!NOTE]
158
+ > * **Minimal Scan** only fetches the HTTP response and runs the offline technology matcher.
159
+ > * **Default Scan** resolves DNS (including CNAME/MX/NS/SOA), performs TLS handshake analysis, resolves GeoIP info, and queries IPWHOIS.
160
+ > * **Full Scan** triggers active subdomain enumeration (AXFR + wordlist), parallel smart port scanning of all resolved endpoints, vulnerability matching, and default credential brute-forcing.
161
+
162
+ ---
163
+
164
+ ## 🧭 Options
165
+
166
+ | Option | Default | Description |
167
+ | :--- | :---: | :--- |
168
+ | `--full` | off | Enable ports, subdomains, online CVEs, IP info, default-cred check. |
169
+ | `--ports` / `--no-nmap` | off | Active port scan (nmap, else Python) / force the Python scanner. |
170
+ | `--subdomains` | off | Enumerate subdomains (AXFR + wordlist + TLS SANs). |
171
+ | `--subdomain-limit` | `5000` | Max ranked labels to resolve (`0` = full list). |
172
+ | `--site-limit` | `20` | Max derived sites to analyze from discovered open ports (`0` = unlimited). |
173
+ | `--default-creds` | off | Bounded default-credential / open-device check. |
174
+ | `--cred-limit` | `50` | Max default-credential pairs per device (`0` = full SecLists list). |
175
+ | `--cve-online` | off | Also query NVD live for detected products. |
176
+ | `--workers` | `350` | Parallel workers for ports/subdomains/creds. |
177
+ | `--concurrency` | `10` | Concurrent targets. |
178
+ | `--sigdb` / `--no-builtin` / `--no-sources` | – | Signature database selection. |
179
+ | `--geoip-db` | – | MaxMind `.mmdb` for offline IP geolocation. |
180
+ | `--no-dns` / `--no-tls` / `--no-geo` / `--no-probe` / `--no-cve` / `--no-ip-info` | off | Skip a pass. |
181
+ | `--json` / `--compact` / `--no-banner` / `--show-empty` | off | Output control. |
182
+ | `-f`, `--file` / `--timeout` / `--port-timeout` / `--version` | – | Misc. |
183
+
184
+ ---
185
+
186
+ ## ⚙️ Configuration
187
+
188
+ - **Signature sources**: `stackscan sigdb add|list|update|remove …` (recorded under `$XDG_CONFIG_HOME/stackscan/`).
189
+ - **Downloaded wordlists** (SecLists DNS list, default-credential list): cached under `~/.local/stackscan/db/`.
190
+ - **Refresh the CVE database**: `python scripts/build_cve_db.py`.
191
+
192
+ ---
193
+
194
+ ## 🚀 Smart Scan Pipeline
195
+
196
+ The Smart Scan engine performs multiple analysis stages to collect infrastructure, technology, and security information about the target before generating the final report.
197
+
198
+ ```mermaid
199
+ flowchart TD
200
+
201
+ A["🎯 Target<br/>Domain / URL"]
202
+
203
+ subgraph S1["1. Target Resolution"]
204
+ B["Normalize Target"]
205
+ C["DNS Resolution"]
206
+ C1["IPv4 / IPv6"]
207
+ C2["DNS Records<br/>MX • NS • TXT • CNAME • SOA • CAA"]
208
+ C3["Reverse PTR"]
209
+ B --> C
210
+ C --> C1
211
+ C --> C2
212
+ C --> C3
213
+ end
214
+
215
+ subgraph S2["2. HTTP Discovery"]
216
+ D["HTTPS Request"]
217
+ D1{"TLS Error?"}
218
+ D2["HTTP Fallback"]
219
+ D3["Headers • Body • Cookies"]
220
+ D --> D1
221
+ D1 -->|Yes| D2
222
+ D1 -->|No| D3
223
+ D2 --> D3
224
+ end
225
+
226
+ subgraph S3["3. Infrastructure Detection"]
227
+ E["Header & Cookie Analysis"]
228
+ F["IP Intelligence"]
229
+ G{"CDN / WAF / Proxy"}
230
+ E --> G
231
+ F --> G
232
+ end
233
+
234
+ subgraph S4["4. Port Discovery"]
235
+ H{"Smart Scan"}
236
+ I["Target Scan"]
237
+ J["Enumerate Subdomains<br/>Collect All IPs"]
238
+ K["Nmap / Async Connect"]
239
+ L["Banner & HTTP Fingerprinting"]
240
+ H -->|Disabled| I
241
+ H -->|Enabled| J
242
+ I --> K
243
+ J --> K
244
+ K --> L
245
+ end
246
+
247
+ subgraph S5["5. Technology Detection"]
248
+ M["Headers"]
249
+ N["Cookies"]
250
+ O["HTML & Meta"]
251
+ P["JavaScript"]
252
+ Q["URL Patterns"]
253
+ R["SigDB (7500+ Signatures)"]
254
+ end
255
+
256
+ subgraph S6["6. Advanced Analysis"]
257
+ S["Subdomain Enumeration"]
258
+ T["CVE Matching"]
259
+ U["Default Credentials"]
260
+ end
261
+
262
+ subgraph S7["7. Report"]
263
+ V["Security Report"]
264
+ end
265
+
266
+ A --> B
267
+ C --> D
268
+ D3 --> E
269
+ C1 --> F
270
+ G --> H
271
+
272
+ L --> M
273
+ L --> N
274
+ L --> O
275
+ L --> P
276
+ L --> Q
277
+ L --> R
278
+
279
+ M --> S
280
+ N --> S
281
+ O --> T
282
+ P --> T
283
+ Q --> U
284
+ R --> U
285
+
286
+ S --> V
287
+ T --> V
288
+ U --> V
289
+
290
+ classDef start fill:#2563eb,color:#fff,stroke:#1d4ed8,stroke-width:2px;
291
+ classDef phase fill:#7c3aed,color:#fff,stroke:#6d28d9,stroke-width:2px;
292
+ classDef decision fill:#f59e0b,color:#fff,stroke:#b45309,stroke-width:2px;
293
+ classDef finish fill:#16a34a,color:#fff,stroke:#166534,stroke-width:2px;
294
+
295
+ class A start;
296
+ class B,C,C1,C2,C3,D,D2,D3,E,F,I,J,K,L,M,N,O,P,Q,R,S,T,U phase;
297
+ class D1,G,H decision;
298
+ class V finish;
299
+ ```
300
+
301
+ ### Pipeline Stages
302
+
303
+ | Stage | Description |
304
+ | :--- | :--- |
305
+ | **1. Target Resolution** | Normalize the input target, resolve IPv4/IPv6 addresses, collect DNS records, and perform reverse PTR lookups. |
306
+ | **2. HTTP Discovery** | Send an initial HTTPS request with automatic HTTP fallback and collect response headers, cookies, redirects, and HTML. |
307
+ | **3. Infrastructure Detection** | Detect CDN, WAF, reverse proxies, and hosting providers using HTTP fingerprints and IP intelligence. |
308
+ | **4. Port Discovery** | Scan services using **Nmap** or the built-in asynchronous scanner. Smart Scan expands the scan across all discovered IP addresses. |
309
+ | **5. Technology Detection** | Fingerprint web technologies using headers, cookies, HTML, JavaScript, URL patterns, and the **7500+ signature** database. |
310
+ | **6. Advanced Analysis** | Enumerate subdomains, correlate detected software with CVEs, and test common default credentials. |
311
+ | **7. Report Generation** | Merge all collected information into a comprehensive security report. |
312
+
313
+ ---
314
+
315
+ ## 🗂 Structure
316
+
317
+ ```
318
+ stackscan/
319
+ ├── src/stackscan/
320
+ │ ├── analyzers/ ← tech, infra, security, exposure, cve, creds
321
+ │ ├── net/ ← dns, tls, geo, ipinfo, ports, fingerprint, subdomains
322
+ │ ├── config/ ← bundled + sourced sigdb loading
323
+ │ ├── data/ ← builtin.sigdb, cve.json.gz, subdomains.txt
324
+ │ ├── render.py ← the colorized panel report
325
+ │ ├── scan.py ← per-target orchestration
326
+ │ └── cli.py ← argument parsing and entry point
327
+ ├── scripts/ ← build_cve_db.py (NVD → offline dataset)
328
+ └── tests/
329
+ ```
330
+
331
+ ---
332
+
333
+ ## 🛠 Development
334
+
335
+ ```bash
336
+ ruff check . && black --check . && pyright && pytest
337
+ ```
338
+
339
+ ---
340
+
341
+ <p align="center"><sub><a href="LICENSE">MIT</a> © reekeer</sub></p>