├── grep-backURLs
    ├── go.mod
    ├── config.json
    ├── grep_keywords.txt
    └── main.go
├── LICENSE
├── grep_keywords.txt
└── README.md


/grep-backURLs/go.mod:
--------------------------------------------------------------------------------
1 | module main.go
2 | 
3 | go 1.24.1
4 | 


--------------------------------------------------------------------------------
/grep-backURLs/config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "domain": "",
 3 |   "output_dir": "output",
 4 |   "max_concurrency": 10,
 5 |   "timeout_seconds": 30000,
 6 |   "enable_logging": true,
 7 |   "enable_filtering": true,
 8 |   "custom_keywords": [],
 9 |   "timestamp": "2025-05-24T18:53:23.056393+05:30"
10 | }
11 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2025 Dark Yagami 
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/grep_keywords.txt:
--------------------------------------------------------------------------------
  1 | # File Extensions
  2 | \.zip$
  3 | \.exe$
  4 | \.pdf$
  5 | \.gz$
  6 | \.tar\.gz$
  7 | \.tar$
  8 | \.mp3$
  9 | \.wav$
 10 | \.doc$
 11 | \.jpg$
 12 | \.png$
 13 | \.txt$
 14 | \.aif$
 15 | \.aiff$
 16 | \.asd$
 17 | \.flac$
 18 | \.m4a$
 19 | \.m4p$
 20 | \.m4r$
 21 | \.wma$
 22 | \.DS_Store$
 23 | \.env$
 24 | \.config$
 25 | \.conf$
 26 | \.bak$
 27 | \.backup$
 28 | \.sql$
 29 | \.db$
 30 | \.sqlite$
 31 | \.pem$
 32 | \.key$
 33 | \.crt$
 34 | \.cer$
 35 | \.p12$
 36 | \.pfx$
 37 | \.log$
 38 | \.old$
 39 | \.swp$
 40 | \.yaml$
 41 | \.yml$
 42 | 
 43 | # Parameters and Endpoints
 44 | [?&]id=
 45 | [?&]username=
 46 | [?&]password=
 47 | [?&]uri=
 48 | [?&]url=
 49 | [?&]redirect=
 50 | [?&]file=
 51 | [?&]path=
 52 | [?&]source=
 53 | [?&]next=
 54 | [?&]target=
 55 | [?&]rurl=
 56 | [?&]dest=
 57 | [?&]destination=
 58 | [?&]redir=
 59 | [?&]redirect_uri=
 60 | [?&]redirect_url=
 61 | [?&]view=
 62 | [?&]go=
 63 | [?&]return=
 64 | [?&]returnTo=
 65 | [?&]return_to=
 66 | [?&]checkout_url=
 67 | [?&]continue=
 68 | [?&]return_path=
 69 | 
 70 | 
 71 | # Sensitive Paths
 72 | /cgi-bin/redirect\.cgi
 73 | /out/
 74 | /login
 75 | /view
 76 | /redirect/
 77 | 
 78 | # Git and SVN
 79 | /\.git
 80 | /\.git-rewrite
 81 | /\.git/HEAD
 82 | /\.git/index
 83 | /\.git/logs
 84 | /\.gitattributes
 85 | /\.gitconfig
 86 | /\.gitkeep
 87 | /\.gitmodules
 88 | /\.gitreview
 89 | /\.svn/entries
 90 | /\.svnignore
 91 | 
 92 | # UTM Parameters
 93 | utm_source
 94 | utm_medium
 95 | utm_campaign
 96 | 
 97 | # Common Parameters
 98 | page_id
 99 | action
100 | share
101 | page
102 | view
103 | 
104 | # Security Related
105 | accesskey
106 | admin
107 | aes
108 | api_key
109 | apikey
110 | checkClientTrusted
111 | crypt
112 | password
113 | pinning
114 | secret
115 | SHA256
116 | SharedPreferences
117 | superuser
118 | token
119 | X509TrustManager
120 | 
121 | # Database Related
122 | myspl
123 | sql
124 | insert\s+into
125 | 
126 | # File Extensions (Additional Sensitive Files)
127 | \.env$
128 | \.config$
129 | \.conf$
130 | \.bak$
131 | \.backup$
132 | \.sql$
133 | \.db$
134 | \.sqlite$
135 | \.pem$
136 | \.key$
137 | \.crt$
138 | \.cer$
139 | \.p12$
140 | \.pfx$
141 | \.log$
142 | \.old$
143 | \.swp$
144 | \.yaml$
145 | \.yml$
146 | 
147 | # API and Authentication
148 | (?i)(api[_-]?key|access[_-]?token|secret[_-]?key)=[^&]*
149 | (?i)bearer\s+[a-zA-Z0-9\-\._~\+\/]+=*
150 | (?i)basic\s+[a-zA-Z0-9\-\._~\+\/]+=*
151 | (?i)auth[a-zA-Z0-9]*=
152 | (?i)jwt=
153 | 
154 | # Sensitive Information
155 | (?i)[0-9]{16}(?:[0-9]{3})?  # Credit Card Numbers
156 | (?i)[0-9]{3}-[0-9]{2}-[0-9]{4}  # SSN
157 | (?i)[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}  # Email addresses
158 | 
159 | # Development and Debug
160 | (?i)debug=
161 | (?i)test=
162 | (?i)dev[_-]
163 | (?i)staging[_-]
164 | (?i)phpinfo
165 | (?i)admin[_-]
166 | (?i)console
167 | (?i)swagger
168 | (?i)graphql
169 | 
170 | # Database Queries
171 | (?i)(select|insert|update|delete|union|where)\s+.*\s+from
172 | (?i)database=
173 | (?i)dbname=
174 | (?i)mysql://
175 | (?i)postgresql://
176 | (?i)mongodb://
177 | 
178 | # Cloud Storage
179 | (?i)s3\.amazonaws\.com
180 | (?i)storage\.googleapis\.com
181 | (?i)blob\.core\.windows\.net
182 | (?i)firebasestorage\.googleapis\.com
183 | 
184 | # Authentication Endpoints
185 | /oauth/
186 | /auth/
187 | /login/
188 | /signin/
189 | /signup/
190 | /register/
191 | /reset/
192 | /forgot/
193 | /password/
194 | /session/
195 | 
196 | # User Related
197 | (?i)user[_-]?id=
198 | (?i)account[_-]?id=
199 | (?i)profile[_-]?id=
200 | (?i)member[_-]?id=
201 | (?i)customer[_-]?id=
202 | (?i)admin[_-]?id=
203 | 
204 | # Server Information
205 | (?i)server[_-]
206 | (?i)host[_-]
207 | (?i)domain[_-]
208 | (?i)port=
209 | (?i)protocol=
210 | 
211 | # Common Vulnerabilities
212 | (?i)(\.\.\/|\.\.\\)  # Directory Traversal
213 | (?i)<script>  # XSS
214 | (?i)(UNION|SELECT|INSERT|DROP|UPDATE|DELETE).*SQL  # SQL Injection
215 | (?i)eval\(.*\)  # Code Injection
216 | 
217 | # Configuration Files
218 | /config/
219 | /settings/
220 | /setup/
221 | /install/
222 | /backup/
223 | /wp-config
224 | /wp-admin
225 | /.env
226 | /composer.json
227 | /package.json
228 | 
229 | # URLs
230 | (http|https)://[a-zA-Z0-9./?=_-]*
231 | 


--------------------------------------------------------------------------------
/grep-backURLs/grep_keywords.txt:
--------------------------------------------------------------------------------
  1 | # File Extensions
  2 | \.zip$
  3 | \.exe$
  4 | \.pdf$
  5 | \.gz$
  6 | \.tar\.gz$
  7 | \.tar$
  8 | \.mp3$
  9 | \.wav$
 10 | \.doc$
 11 | \.jpg$
 12 | \.png$
 13 | \.txt$
 14 | \.aif$
 15 | \.aiff$
 16 | \.asd$
 17 | \.flac$
 18 | \.m4a$
 19 | \.m4p$
 20 | \.m4r$
 21 | \.wma$
 22 | \.DS_Store$
 23 | \.env$
 24 | \.config$
 25 | \.conf$
 26 | \.bak$
 27 | \.backup$
 28 | \.sql$
 29 | \.db$
 30 | \.sqlite$
 31 | \.pem$
 32 | \.key$
 33 | \.crt$
 34 | \.cer$
 35 | \.p12$
 36 | \.pfx$
 37 | \.log$
 38 | \.old$
 39 | \.swp$
 40 | \.yaml$
 41 | \.yml$
 42 | 
 43 | # Parameters and Endpoints
 44 | [?&]id=
 45 | [?&]username=
 46 | [?&]password=
 47 | [?&]uri=
 48 | [?&]url=
 49 | [?&]redirect=
 50 | [?&]file=
 51 | [?&]path=
 52 | [?&]source=
 53 | [?&]next=
 54 | [?&]target=
 55 | [?&]rurl=
 56 | [?&]dest=
 57 | [?&]destination=
 58 | [?&]redir=
 59 | [?&]redirect_uri=
 60 | [?&]redirect_url=
 61 | [?&]view=
 62 | [?&]go=
 63 | [?&]return=
 64 | [?&]returnTo=
 65 | [?&]return_to=
 66 | [?&]checkout_url=
 67 | [?&]continue=
 68 | [?&]return_path=
 69 | 
 70 | 
 71 | # Sensitive Paths
 72 | /cgi-bin/redirect\.cgi
 73 | /out/
 74 | /login
 75 | /view
 76 | /redirect/
 77 | 
 78 | # Git and SVN
 79 | /\.git
 80 | /\.git-rewrite
 81 | /\.git/HEAD
 82 | /\.git/index
 83 | /\.git/logs
 84 | /\.gitattributes
 85 | /\.gitconfig
 86 | /\.gitkeep
 87 | /\.gitmodules
 88 | /\.gitreview
 89 | /\.svn/entries
 90 | /\.svnignore
 91 | 
 92 | # UTM Parameters
 93 | utm_source
 94 | utm_medium
 95 | utm_campaign
 96 | 
 97 | # Common Parameters
 98 | page_id
 99 | action
100 | share
101 | page
102 | view
103 | 
104 | # Security Related
105 | accesskey
106 | admin
107 | aes
108 | api_key
109 | apikey
110 | checkClientTrusted
111 | crypt
112 | password
113 | pinning
114 | secret
115 | SHA256
116 | SharedPreferences
117 | superuser
118 | token
119 | X509TrustManager
120 | 
121 | # Database Related
122 | myspl
123 | sql
124 | insert\s+into
125 | 
126 | # File Extensions (Additional Sensitive Files)
127 | \.env$
128 | \.config$
129 | \.conf$
130 | \.bak$
131 | \.backup$
132 | \.sql$
133 | \.db$
134 | \.sqlite$
135 | \.pem$
136 | \.key$
137 | \.crt$
138 | \.cer$
139 | \.p12$
140 | \.pfx$
141 | \.log$
142 | \.old$
143 | \.swp$
144 | \.yaml$
145 | \.yml$
146 | 
147 | # API and Authentication
148 | (?i)(api[_-]?key|access[_-]?token|secret[_-]?key)=[^&]*
149 | (?i)bearer\s+[a-zA-Z0-9\-\._~\+\/]+=*
150 | (?i)basic\s+[a-zA-Z0-9\-\._~\+\/]+=*
151 | (?i)auth[a-zA-Z0-9]*=
152 | (?i)jwt=
153 | 
154 | # Sensitive Information
155 | (?i)[0-9]{16}(?:[0-9]{3})?  # Credit Card Numbers
156 | (?i)[0-9]{3}-[0-9]{2}-[0-9]{4}  # SSN
157 | (?i)[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}  # Email addresses
158 | 
159 | # Development and Debug
160 | (?i)debug=
161 | (?i)test=
162 | (?i)dev[_-]
163 | (?i)staging[_-]
164 | (?i)phpinfo
165 | (?i)admin[_-]
166 | (?i)console
167 | (?i)swagger
168 | (?i)graphql
169 | 
170 | # Database Queries
171 | (?i)(select|insert|update|delete|union|where)\s+.*\s+from
172 | (?i)database=
173 | (?i)dbname=
174 | (?i)mysql://
175 | (?i)postgresql://
176 | (?i)mongodb://
177 | 
178 | # Cloud Storage
179 | (?i)s3\.amazonaws\.com
180 | (?i)storage\.googleapis\.com
181 | (?i)blob\.core\.windows\.net
182 | (?i)firebasestorage\.googleapis\.com
183 | 
184 | # Authentication Endpoints
185 | /oauth/
186 | /auth/
187 | /login/
188 | /signin/
189 | /signup/
190 | /register/
191 | /reset/
192 | /forgot/
193 | /password/
194 | /session/
195 | 
196 | # User Related
197 | (?i)user[_-]?id=
198 | (?i)account[_-]?id=
199 | (?i)profile[_-]?id=
200 | (?i)member[_-]?id=
201 | (?i)customer[_-]?id=
202 | (?i)admin[_-]?id=
203 | 
204 | # Server Information
205 | (?i)server[_-]
206 | (?i)host[_-]
207 | (?i)domain[_-]
208 | (?i)port=
209 | (?i)protocol=
210 | 
211 | # Common Vulnerabilities
212 | (?i)(\.\.\/|\.\.\\)  # Directory Traversal
213 | (?i)<script>  # XSS
214 | (?i)(UNION|SELECT|INSERT|DROP|UPDATE|DELETE).*SQL  # SQL Injection
215 | (?i)eval\(.*\)  # Code Injection
216 | 
217 | # Configuration Files
218 | /config/
219 | /settings/
220 | /setup/
221 | /install/
222 | /backup/
223 | /wp-config
224 | /wp-admin
225 | /.env
226 | /composer.json
227 | /package.json
228 | 
229 | 
230 | # URLs
231 | (http|https)://[a-zA-Z0-9./?=_-]*
232 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | 
  3 | 🚀 Project Name : grep-backURLs
  4 | ===============
  5 | 
  6 | ![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-purple.svg)
  7 | <a href="https://goreportcard.com/report/github.com/gigachad80/grep-backURLs"><img src="https://goreportcard.com/badge/github.com/gigachad80/grep-backURLs"></a>
  8 | <a href="https://github.com/gigachad80/grep-backURLs/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
  9 | 
 10 | #### grep-backURLs : Automated way to find juicy information from website 
 11 | 
 12 | ### 📌 Overview
 13 | 
 14 | 
 15 |  *_grep-backURLs_* is a web security automation tool to extracts important credentials in bug hunting. It uses subfinder to find subdomains and then those subdomain acts as input links for waybackurls . After that , it uses grep command and keywords.txt to sort out important credentials.
 16 | 
 17 | ### 🤔 Why This Name?
 18 | 
 19 |  Just beacuse it uses grep command to sort out from waybackURLs link.
 20 | 
 21 | 
 22 | ### ⌚ Total Time taken to develop , test & building bin.
 23 | 
 24 |  Approx 3 hr 48 min 58 sec 
 25 | 
 26 | ### 🙃Why I Created This
 27 | 
 28 |  Cause I don't want to waste my time to find subdomains and then try each keyword from keyword.txt to check whether is there any credential or not, so decided to automate it.
 29 | 
 30 | ### 📚  Requirements & Dependencies
 31 | 
 32 | * #### Golang
 33 | * #### [waybackurls](https://github.com/tomnomnom/waybackurls)
 34 | * #### [subfinder](https://github.com/projectdiscovery/subfinder)
 35 | 
 36 | ### 📥 Installation Guide & USage : 
 37 | 
 38 | #### ⚡ Quick Install:
 39 | 
 40 |  1. Git clone this URL.
 41 |  2. Go to grep-backURls directory and give permission to main.go
 42 |  3. Run command ./main.go
 43 | 
 44 |  OR 
 45 | 
 46 |  - You can directly download the binary from releases section [here](https://github.com/gigachad80/grep-backURLs/releases)
 47 | 
 48 | 
 49 | ### 🍃 Usage :
 50 | 
 51 | 
 52 | ```
 53 | A tool to find sensitive information by enumerating subdomains, collecting Wayback Machine URLs,
 54 | analyzing them, and matching against custom patterns.
 55 | 
 56 | Options:
 57 |   -config
 58 |         Run interactive configuration setup and exit
 59 |   -domain string
 60 |         Specify the target domain (e.g., example.com)
 61 |   -html
 62 |         Generate a comprehensive HTML report summarizing all findings in the current directory
 63 |   -json
 64 |         Generate results in JSON format for each pattern
 65 |   -keywords-file string
 66 |         Path to a file containing grep-like keywords (one per line) (default "grep_keywords.txt")
 67 |   -markdown
 68 |         Generate results in Markdown format for each pattern
 69 |   -output-dir string
 70 |         Base directory to store all scan output files (default "output")
 71 |   -v    Display the tool version and exit (shorthand)
 72 |   -version
 73 |         Display the tool version and exit
 74 | 
 75 | ```
 76 | 
 77 | ### Note : 
 78 | 
 79 | > You don't need to specify -json or -markdown flag , it will automatically generate both , no matter you have specified these flags for not . However , for HTML report , you need to specify -html flag . 
 80 | 
 81 | > For Customisation : edit config.json in your editor ( pluma / notepad / nano / vim 😉)
 82 | 
 83 | ### 💫 What's new  in grep-backURLs v2  : 
 84 | 
 85 | - Customisation and control over concurrency , output directory name , timeout for subdomain enum , customm keywords , logging . 
 86 | 
 87 | - HTML report , JSON , Markdown support
 88 | 
 89 | 
 90 | 
 91 | ### 📝 Roadmap / To-do 
 92 | 
 93 | - [x] Release Cross Platform Executables 
 94 | - [ ] Add More Keywords 
 95 | - [x] Output in JSON & Markdown format
 96 | - [x] HTML Report 
 97 | - [ ] Attach Demo Screenshot 
 98 | - [x] Update Readme
 99 | 
100 | 
101 | ### 💓 Credits:
102 | 
103 | 
104 |  * #### [@tomnomnom](https://github.com/tomnomnom) for developing waybackurls
105 | * ####  [@project discovery](https://github.com/projectdiscovery)for creating subfinder.
106 | * #### Sathvik and his [video](https://www.youtube.com/watch?v=lp4Do_VIwzw)  for inspiration. 
107 | 
108 | 
109 | 
110 | ### 📞 Contact
111 | 
112 | 
113 |  📧 Email: pookielinuxuser@tutamail.com
114 | 
115 | 
116 | ### 📄 License
117 | 
118 | Licensed under **MIT**
119 | 
120 | 🕒 Last Updated: May 24 , 2025 
121 | 
122 | 🕒 First Published : January ,  2025
123 | 


--------------------------------------------------------------------------------
/grep-backURLs/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"bufio"
  5 | 	"encoding/json"
  6 | 	"flag"
  7 | 	"fmt"
  8 | 	"html/template"
  9 | 	"log"
 10 | 	"net/url"
 11 | 	"os"
 12 | 	"os/exec"
 13 | 	"path/filepath"
 14 | 	"regexp"
 15 | 	"strings"
 16 | 	"sync"
 17 | 	"time"
 18 | )
 19 | 
 20 | // Define the tool's version for the --version flag
 21 | const version = "2.0.0"
 22 | 
 23 | // ANSI escape codes for colored console output
 24 | const (
 25 | 	colorRed    = "\033[31m"
 26 | 	colorGreen  = "\033[32m"
 27 | 	colorYellow = "\033[33m"
 28 | 	colorBlue   = "\033[34m"
 29 | 	colorPurple = "\033[35m"
 30 | 	colorCyan   = "\033[36m"
 31 | 	colorWhite  = "\033[37m"
 32 | 	colorReset  = "\033[0m"
 33 | 	colorBold   = "\033[1m"
 34 | )
 35 | 
 36 | // Pattern holds the original keyword string and its compiled regular expression.
 37 | type Pattern struct {
 38 | 	original string
 39 | 	regex    *regexp.Regexp
 40 | }
 41 | 
 42 | // Config struct holds all configurable parameters for the tool.
 43 | type Config struct {
 44 | 	Domain          string    `json:"domain"`
 45 | 	OutputDir       string    `json:"output_dir"`
 46 | 	MaxConcurrency  int       `json:"max_concurrency"`
 47 | 	Timeout         int       `json:"timeout_seconds"`
 48 | 	EnableLogging   bool      `json:"enable_logging"`
 49 | 	EnableFiltering bool      `json:"enable_filtering"`
 50 | 	CustomKeywords  []string  `json:"custom_keywords"`
 51 | 	Timestamp       time.Time `json:"timestamp"`
 52 | }
 53 | 
 54 | // Results struct holds all collected data and statistics from a scan.
 55 | type Results struct {
 56 | 	Domain         string         `json:"domain"`
 57 | 	Timestamp      time.Time      `json:"timestamp"`
 58 | 	SubdomainCount int            `json:"subdomain_count"`
 59 | 	URLCount       int            `json:"url_count"`
 60 | 	MatchCount     map[string]int `json:"match_count"`
 61 | 	Statistics     map[string]int `json:"statistics"`
 62 | 	Errors         []string       `json:"errors"`
 63 | }
 64 | 
 65 | // PatternResult struct holds the results for a specific pattern.
 66 | type PatternResult struct {
 67 | 	OriginalPattern  string   `json:"pattern"`
 68 | 	RegexPattern     string   `json:"regex_compiled"`
 69 | 	MatchedLines     []string `json:"matched_lines"`
 70 | 	ResultFilePath   string   `json:"raw_output_file"`
 71 | 	JSONFilePath     string   `json:"json_output_file,omitempty"`
 72 | 	MarkdownFilePath string   `json:"markdown_output_file,omitempty"`
 73 | }
 74 | 
 75 | // URLAnalysis struct holds detailed information extracted from a single URL.
 76 | type URLAnalysis struct {
 77 | 	URL        string   `json:"url"`
 78 | 	Domain     string   `json:"domain"`
 79 | 	Path       string   `json:"path"`
 80 | 	Parameters []string `json:"parameters"`
 81 | 	Extensions []string `json:"json_extensions"`
 82 | 	Sensitive  bool     `json:"sensitive"`
 83 | }
 84 | 
 85 | // Global variables for configuration, results, logging, and concurrency control.
 86 | var (
 87 | 	config  Config
 88 | 	results Results
 89 | 	logFile *os.File
 90 | 	mu      sync.Mutex
 91 | )
 92 | 
 93 | // init function initializes global maps before main runs.
 94 | func init() {
 95 | 	results.MatchCount = make(map[string]int)
 96 | 	results.Statistics = make(map[string]int)
 97 | 	results.Errors = make([]string, 0)
 98 | }
 99 | 
100 | // setupLogging configures the logging output to a file within the output directory.
101 | func setupLogging(domain string) error {
102 | 	if !config.EnableLogging {
103 | 		return nil
104 | 	}
105 | 
106 | 	logDir := filepath.Join(config.OutputDir, "logs")
107 | 	if err := os.MkdirAll(logDir, 0755); err != nil {
108 | 		return fmt.Errorf("failed to create log directory %s: %v", logDir, err)
109 | 	}
110 | 
111 | 	// Log file name includes a timestamp for uniqueness
112 | 	logPath := filepath.Join(logDir, fmt.Sprintf("%s_%s.log", domain, time.Now().Format("20060102_150405")))
113 | 	var err error
114 | 	logFile, err = os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
115 | 	if err != nil {
116 | 		return fmt.Errorf("failed to open log file %s: %v", logPath, err)
117 | 	}
118 | 
119 | 	log.SetOutput(logFile) // Directs standard log output to the file
120 | 	return nil
121 | }
122 | 
123 | // logMessage prints messages to console and optionally to a log file.
124 | func logMessage(level, message string) {
125 | 	// Timestamp for individual log entries
126 | 	timestamp := time.Now().Format("2006-01-02 15:04:05")
127 | 	logEntry := fmt.Sprintf("[%s] %s: %s", timestamp, level, message)
128 | 
129 | 	// Print to console with colors
130 | 	switch level {
131 | 	case "ERROR":
132 | 		fmt.Printf("%s[ERROR]%s %s\n", colorRed, colorReset, message)
133 | 	case "WARN":
134 | 		fmt.Printf("%s[WARN]%s %s\n", colorYellow, colorReset, message)
135 | 	case "INFO":
136 | 		fmt.Printf("%s[INFO]%s %s\n", colorGreen, colorReset, message)
137 | 	case "DEBUG":
138 | 		fmt.Printf("%s[DEBUG]%s %s\n", colorBlue, colorReset, message)
139 | 	default:
140 | 		fmt.Printf("%s\n", message)
141 | 	}
142 | 
143 | 	// Write to log file if enabled and file is open
144 | 	if config.EnableLogging && logFile != nil {
145 | 		if _, err := logFile.WriteString(logEntry + "\n"); err != nil {
146 | 			fmt.Fprintf(os.Stderr, "Failed to write to log file: %v\n", err)
147 | 		}
148 | 	}
149 | }
150 | 
151 | // loadConfig loads configuration from config.json or creates a default one.
152 | 
153 | func loadConfig() error {
154 | 	configFile := "config.json"
155 | 	if _, err := os.Stat(configFile); os.IsNotExist(err) {
156 | 		logMessage("INFO", "config.json not found. Creating default configuration.")
157 | 		cwd, err := os.Getwd()
158 | 		if err != nil {
159 | 			return fmt.Errorf("failed to get current working directory: %v", err)
160 | 		}
161 | 		config = Config{
162 | 			OutputDir:       cwd,
163 | 			MaxConcurrency:  10,
164 | 			Timeout:         300,
165 | 			EnableLogging:   true,
166 | 			EnableFiltering: true, // Default to true, but now ignored for filtering logic
167 | 			CustomKeywords:  []string{},
168 | 			Timestamp:       time.Now(), // Initial timestamp for new config
169 | 		}
170 | 		return saveConfig() // Save the newly created default config
171 | 	}
172 | 
173 | 	data, err := os.ReadFile(configFile)
174 | 	if err != nil {
175 | 		return fmt.Errorf("failed to read config file %s: %v", configFile, err)
176 | 	}
177 | 
178 | 	if err := json.Unmarshal(data, &config); err != nil {
179 | 		return fmt.Errorf("failed to unmarshal config data from %s: %v", configFile, err)
180 | 	}
181 | 	logMessage("INFO", fmt.Sprintf("Configuration loaded from %s.", configFile))
182 | 
183 | 	// Update the timestamp to the current time whenever config is loaded
184 | 	config.Timestamp = time.Now()
185 | 	// Save the config immediately to persist the updated timestamp
186 | 	if err := saveConfig(); err != nil {
187 | 		return fmt.Errorf("failed to save config after timestamp update: %v", err)
188 | 	}
189 | 
190 | 	return nil
191 | }
192 | 
193 | // saveConfig marshals the current config to JSON and writes it to config.json.
194 | func saveConfig() error {
195 | 	data, err := json.MarshalIndent(config, "", "  ")
196 | 	if err != nil {
197 | 		return fmt.Errorf("failed to marshal config to JSON: %v", err)
198 | 	}
199 | 	if err := os.WriteFile("config.json", data, 0644); err != nil {
200 | 		return fmt.Errorf("failed to write config file: %v", err)
201 | 	}
202 | 	logMessage("INFO", "Configuration saved to config.json.")
203 | 	return nil
204 | }
205 | 
206 | // parsePattern parses a keyword string into a Pattern struct with a compiled regex.
207 | func parsePattern(keyword string) (*Pattern, error) {
208 | 	pattern := strings.TrimPrefix(keyword, "grep ")
209 | 	pattern = strings.TrimPrefix(pattern, "egrep ")
210 | 	pattern = strings.Trim(keyword, "\"'")
211 | 
212 | 	var regexPattern string
213 | 
214 | 	originalKeywordLower := strings.ToLower(keyword)
215 | 	isWholeWord := strings.Contains(originalKeywordLower, " -w ") || strings.HasPrefix(originalKeywordLower, "grep -w ")
216 | 	isCaseInsensitive := strings.Contains(originalKeywordLower, " -i ") || strings.HasPrefix(originalKeywordLower, "grep -i ")
217 | 
218 | 	if strings.HasPrefix(pattern, "-") {
219 | 		parts := strings.Fields(pattern)
220 | 		if len(parts) > 1 {
221 | 			cleanedParts := []string{}
222 | 			foundPatternStart := false
223 | 			for _, p := range parts {
224 | 				if !strings.HasPrefix(p, "-") || foundPatternStart {
225 | 					cleanedParts = append(cleanedParts, p)
226 | 					foundPatternStart = true
227 | 				}
228 | 			}
229 | 			pattern = strings.Join(cleanedParts, " ")
230 | 		}
231 | 	}
232 | 
233 | 	switch {
234 | 	case strings.HasPrefix(pattern, ".*"):
235 | 		regexPattern = pattern
236 | 	case strings.HasPrefix(pattern, "\\."):
237 | 		regexPattern = pattern
238 | 	case strings.HasPrefix(pattern, "/"):
239 | 		regexPattern = regexp.QuoteMeta(pattern)
240 | 	case strings.Contains(pattern, "(?<=") || strings.Contains(pattern, "(?="):
241 | 		regexPattern = pattern
242 | 	case strings.Contains(pattern, "(http|https)"):
243 | 		regexPattern = pattern
244 | 	case strings.Contains(pattern, "[?&]"):
245 | 		regexPattern = pattern
246 | 	default:
247 | 		isComplexRegex := strings.ContainsAny(pattern, ".*+?|()[]{}^$\\")
248 | 		if isComplexRegex {
249 | 			regexPattern = pattern
250 | 		} else {
251 | 			regexPattern = regexp.QuoteMeta(pattern)
252 | 		}
253 | 	}
254 | 
255 | 	if isWholeWord {
256 | 		regexPattern = "\\b" + regexPattern + "\\b"
257 | 	}
258 | 
259 | 	var flags string
260 | 	if isCaseInsensitive {
261 | 		flags = "(?i)"
262 | 	}
263 | 
264 | 	regex, err := regexp.Compile(flags + regexPattern)
265 | 	if err != nil {
266 | 		return nil, fmt.Errorf("invalid pattern '%s' (derived regex: '%s'): %v", keyword, flags+regexPattern, err)
267 | 	}
268 | 
269 | 	return &Pattern{
270 | 		original: keyword,
271 | 		regex:    regex,
272 | 	}, nil
273 | }
274 | 
275 | // isEmptyFile checks if a file exists and is empty.
276 | func isEmptyFile(filename string) bool {
277 | 	fileInfo, err := os.Stat(filename)
278 | 	if err != nil {
279 | 		if os.IsNotExist(err) {
280 | 			return true // File does not exist, so it's "empty" for our purpose
281 | 		}
282 | 		logMessage("ERROR", fmt.Sprintf("Error checking file %s: %v", filename, err))
283 | 		return true // Treat error as empty to prevent further processing
284 | 	}
285 | 	return fileInfo.Size() == 0
286 | }
287 | 
288 | 
289 | // getFileSize returns the size of a file in bytes.
290 | func getFileSize(filename string) int64 {
291 | 	info, err := os.Stat(filename)
292 | 	if err != nil {
293 | 		return 0 // Return 0 on error
294 | 	}
295 | 	return info.Size()
296 | }
297 | 
298 | // runCommand executes an external command with a timeout.
299 | func runCommand(cmd *exec.Cmd, description string) error {
300 | 	logMessage("INFO", fmt.Sprintf("Running %s...", description))
301 | 
302 | 	var cmdDone = make(chan error)
303 | 	go func() {
304 | 		cmdDone <- cmd.Run()
305 | 	}()
306 | 
307 | 	select {
308 | 	case err := <-cmdDone:
309 | 		if err != nil {
310 | 			errMsg := fmt.Sprintf("Error running %s: %v", description, err)
311 | 			logMessage("ERROR", errMsg)
312 | 			mu.Lock()
313 | 			results.Errors = append(results.Errors, errMsg)
314 | 			mu.Unlock()
315 | 			return err
316 | 		}
317 | 	case <-time.After(time.Duration(config.Timeout) * time.Second):
318 | 		if cmd.Process != nil {
319 | 			cmd.Process.Kill() // Terminate the process if it times out
320 | 		}
321 | 		errMsg := fmt.Sprintf("Command %s timed out after %d seconds.", description, config.Timeout)
322 | 		logMessage("ERROR", errMsg)
323 | 		mu.Lock()
324 | 		results.Errors = append(results.Errors, errMsg)
325 | 		mu.Unlock()
326 | 		return fmt.Errorf(errMsg)
327 | 	}
328 | 
329 | 	logMessage("INFO", fmt.Sprintf("%s completed successfully.", description))
330 | 	return nil
331 | }
332 | 
333 | // analyzeURL parses a raw URL and extracts relevant information.
334 | func analyzeURL(rawURL string) URLAnalysis {
335 | 	analysis := URLAnalysis{URL: rawURL}
336 | 
337 | 	parsedURL, err := url.Parse(rawURL)
338 | 	if err != nil {
339 | 		logMessage("WARN", fmt.Sprintf("Failed to parse URL %s: %v", rawURL, err))
340 | 		return analysis
341 | 	}
342 | 
343 | 	analysis.Domain = parsedURL.Host
344 | 	analysis.Path = parsedURL.Path
345 | 
346 | 	for param := range parsedURL.Query() {
347 | 		analysis.Parameters = append(analysis.Parameters, param)
348 | 	}
349 | 
350 | 	if ext := filepath.Ext(parsedURL.Path); ext != "" {
351 | 		analysis.Extensions = append(analysis.Extensions, ext)
352 | 	}
353 | 
354 | 	// Removed hardcoded sensitivePatterns and their logic as per user request.
355 | 	// The 'Sensitive' field in URLAnalysis will now always be its zero value (false).
356 | 
357 | 	return analysis
358 | }
359 | 
360 | // processKeywords processes wayback content against a list of keywords concurrently.
361 | func processKeywords(waybackContent []byte, keywords []string, domain string) ([]PatternResult, error) {
362 | 	// Filtering logic removed as per user request. All URLs from waybackContent will be processed.
363 | 	urls := strings.Split(string(waybackContent), "\n")
364 | 
365 | 	analyses := make([]URLAnalysis, 0, len(urls)) // Changed from filteredURLs to urls
366 | 	for _, rawURL := range urls {                 // Changed from filteredURLs to urls
367 | 		if strings.TrimSpace(rawURL) != "" {
368 | 			analysis := analyzeURL(rawURL)
369 | 			analyses = append(analyses, analysis)
370 | 		}
371 | 	}
372 | 
373 | 	analysisFile := filepath.Join(config.OutputDir, fmt.Sprintf("%s_url_analysis.json", domain))
374 | 	analysisData, err := json.MarshalIndent(analyses, "", "  ")
375 | 	if err != nil {
376 | 		logMessage("ERROR", fmt.Sprintf("Error marshalling URL analysis: %v", err))
377 | 		return nil, fmt.Errorf("error marshalling URL analysis: %v", err)
378 | 	}
379 | 	if err := os.WriteFile(analysisFile, analysisData, 0644); err != nil {
380 | 		logMessage("ERROR", fmt.Sprintf("Error saving URL analysis to %s: %v", analysisFile, err))
381 | 		return nil, fmt.Errorf("error saving URL analysis: %v", err)
382 | 	}
383 | 	logMessage("INFO", fmt.Sprintf("URL analysis saved to: %s", analysisFile))
384 | 
385 | 	var allPatternResults []PatternResult
386 | 
387 | 	var wg sync.WaitGroup
388 | 	patternChan := make(chan string, len(keywords))
389 | 
390 | 	for i := 0; i < config.MaxConcurrency; i++ {
391 | 		wg.Add(1)
392 | 		go func() {
393 | 			defer wg.Done()
394 | 			for keyword := range patternChan {
395 | 				keyword = strings.TrimSpace(keyword)
396 | 				if keyword == "" || strings.HasPrefix(keyword, "#") {
397 | 					continue
398 | 				}
399 | 
400 | 				pattern, err := parsePattern(keyword)
401 | 				if err != nil {
402 | 					logMessage("WARN", fmt.Sprintf("Skipping invalid pattern '%s': %v", keyword, err))
403 | 					continue
404 | 				}
405 | 
406 | 				safeName := strings.Map(func(r rune) rune {
407 | 					if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || r == '-' || r == '_' {
408 | 						return r
409 | 					}
410 | 					return '_'
411 | 				}, pattern.original)
412 | 
413 | 				resultFile := filepath.Join(config.OutputDir, fmt.Sprintf("%s_%s_results.txt", domain, safeName))
414 | 				jsonResultFile := filepath.Join(config.OutputDir, fmt.Sprintf("%s_%s_results.json", domain, safeName))
415 | 				markdownResultFile := filepath.Join(config.OutputDir, fmt.Sprintf("%s_%s_results.md", domain, safeName))
416 | 
417 | 				var matches []string
418 | 				scanner := bufio.NewScanner(strings.NewReader(string(waybackContent)))
419 | 				for scanner.Scan() {
420 | 					line := scanner.Text()
421 | 					if pattern.regex.MatchString(line) {
422 | 						matches = append(matches, line)
423 | 					}
424 | 				}
425 | 
426 | 				if len(matches) > 0 {
427 | 					fmt.Printf("%sProcessing pattern:%s %s\n", colorCyan, colorReset, pattern.original)
428 | 					for _, match := range matches {
429 | 						fmt.Printf("%s\n", match)
430 | 					}
431 | 
432 | 					patternResult := PatternResult{
433 | 						OriginalPattern:  pattern.original,
434 | 						RegexPattern:     pattern.regex.String(),
435 | 						MatchedLines:     matches,
436 | 						ResultFilePath:   resultFile,
437 | 						JSONFilePath:     jsonResultFile,
438 | 						MarkdownFilePath: markdownResultFile,
439 | 					}
440 | 
441 | 					if err := os.WriteFile(resultFile, []byte(strings.Join(matches, "\n")), 0644); err != nil {
442 | 						logMessage("ERROR", fmt.Sprintf("Error saving raw results for pattern %s: %v", pattern.original, err))
443 | 					}
444 | 
445 | 					jsonData, err := json.MarshalIndent(patternResult, "", "  ")
446 | 					if err != nil {
447 | 						logMessage("ERROR", fmt.Sprintf("Error marshalling JSON for pattern %s: %v", pattern.original, err))
448 | 					} else if err := os.WriteFile(jsonResultFile, jsonData, 0644); err != nil {
449 | 						logMessage("ERROR", fmt.Sprintf("Error saving JSON results for pattern %s: %v", pattern.original, err))
450 | 					}
451 | 
452 | 					var mdContent strings.Builder
453 | 					mdContent.WriteString(fmt.Sprintf("# Results for Pattern: `%s`\n\n", pattern.original))
454 | 					mdContent.WriteString(fmt.Sprintf("Compiled Regex: `%s`\n\n", pattern.regex.String()))
455 | 					mdContent.WriteString("## Matched Lines:\n\n")
456 | 					for _, line := range matches {
457 | 						mdContent.WriteString(fmt.Sprintf("- `%s`\n", line))
458 | 					}
459 | 					if err := os.WriteFile(markdownResultFile, []byte(mdContent.String()), 0644); err != nil {
460 | 						logMessage("ERROR", fmt.Sprintf("Error saving Markdown results for pattern %s: %v", pattern.original, err))
461 | 					}
462 | 
463 | 					mu.Lock()
464 | 					results.MatchCount[pattern.original] = len(matches)
465 | 					allPatternResults = append(allPatternResults, patternResult)
466 | 					mu.Unlock()
467 | 				}
468 | 			}
469 | 		}()
470 | 	}
471 | 
472 | 	for _, kw := range keywords {
473 | 		patternChan <- kw
474 | 	}
475 | 	close(patternChan)
476 | 
477 | 	wg.Wait()
478 | 
479 | 	return allPatternResults, nil
480 | }
481 | 
482 | // generateReport creates the final JSON report and optionally an HTML report.
483 | func generateReport(domain string, allPatternResults []PatternResult, generateHTML bool) error {
484 | 	results.Domain = domain
485 | 	results.Timestamp = time.Now() // Timestamp for the overall scan results
486 | 
487 | 	mu.Lock()
488 | 	totalMatches := 0
489 | 	for _, count := range results.MatchCount {
490 | 		totalMatches += count
491 | 	}
492 | 	results.Statistics["total_matches"] = totalMatches
493 | 	results.Statistics["total_patterns"] = len(results.MatchCount)
494 | 	mu.Unlock()
495 | 
496 | 	reportFile := filepath.Join(config.OutputDir, fmt.Sprintf("%s_report.json", domain))
497 | 	reportData, err := json.MarshalIndent(results, "", "  ")
498 | 	if err != nil {
499 | 		return fmt.Errorf("error marshalling final report JSON: %v", err)
500 | 	}
501 | 
502 | 	if err := os.WriteFile(reportFile, reportData, 0644); err != nil {
503 | 		return fmt.Errorf("error saving final JSON report: %v", err)
504 | 	}
505 | 	logMessage("INFO", fmt.Sprintf("Final JSON report generated: %s", reportFile))
506 | 
507 | 	if generateHTML {
508 | 		if err := generateHTMLReport(allPatternResults, domain); err != nil {
509 | 			return fmt.Errorf("error generating HTML report: %v", err)
510 | 		}
511 | 	}
512 | 
513 | 	return nil
514 | }
515 | 
516 | // currentTimestamp returns a formatted string of the current time.
517 | // This function is kept because it's used for the HTML report's GeneratedTime.
518 | func currentTimestamp() string {
519 | 	return time.Now().Format("2006-01-02 15:04:05 MST")
520 | }
521 | 
522 | // generateHTMLReport creates a comprehensive HTML report.
523 | func generateHTMLReport(resultsData []PatternResult, domain string) error {
524 | 	// Generate the HTML report inside the config.OutputDir
525 | 	reportFilePath := filepath.Join(config.OutputDir, fmt.Sprintf("report_%s.html", domain))
526 | 
527 | 	// The HTML template string is embedded here.
528 | 	const htmlTemplate = `
529 | <!DOCTYPE html>
530 | <html lang="en">
531 | <head>
532 |     <meta charset="UTF-8">
533 |     <meta name="viewport" content="width=device-width, initial-scale=1.0">
534 |     <title>Security Scan Report for {{.Domain}}</title>
535 |     <style>
536 |         body { font-family: Arial, sans-serif; line-height: 1.6; margin: 20px; background-color: #f4f4f4; color: #333; }
537 |         .container { max-width: 1200px; margin: auto; background: #fff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
538 |         h1, h2, h3 { color: #0056b3; }
539 |         .pattern-section { border: 1px solid #ddd; border-radius: 5px; margin-bottom: 20px; padding: 15px; background-color: #f9f9f9; }
540 |         .pattern-header { display: flex; justify-content: space-between; align-items: center; cursor: pointer; }
541 |         .pattern-header h3 { margin: 0; }
542 |         .content { display: none; margin-top: 10px; padding-left: 20px; border-left: 3px solid #eee; }
543 |         .content.active { display: block; }
544 |         ul { list-style-type: none; padding: 0; }
545 |         li { background: #e9e9e9; margin-bottom: 5px; padding: 8px; border-radius: 3px; word-wrap: break-word; }
546 |         .summary-table { width: 100%; border-collapse: collapse; margin-top: 20px; }
547 |         .summary-table th, .summary-table td { border: 1px solid #ddd; padding: 8px; text-align: left; }
548 |         .summary-table th { background-color: #007bff; color: white; }
549 |         .links a { margin-right: 10px; text-decoration: none; color: #007bff; }
550 |         .links a:hover { text-decoration: underline; }
551 |         .toggle-icon { font-weight: bold; }
552 |         .no-matches { color: #888; font-style: italic; }
553 |     </style>
554 | </head>
555 | <body>
556 |     <div class="container">
557 |         <h1>Security Scan Report for <code>{{.Domain}}</code></h1>
558 |         <p>Generated on: {{.GeneratedTime}}</p>
559 | 
560 |         <h2>Summary of Findings</h2>
561 |         <table class="summary-table">
562 |             <thead>
563 |                 <tr>
564 |                     <th>Pattern</th>
565 |                     <th>Matches Found</th>
566 |                     <th>Links</th>
567 |                 </tr>
568 |             </thead>
569 |             <tbody>
570 |                 {{range .Results}}
571 |                 <tr>
572 |                     <td><code>{{.OriginalPattern}}</code></td>
573 |                     <td>{{len .MatchedLines}}</td>
574 |                     <td>
575 |                         <div class="links">
576 |                             {{if .ResultFilePath}}<a href="{{base .ResultFilePath}}" target="_blank">Raw Text</a>{{end}}
577 |                             {{if .JSONFilePath}}<a href="{{base .JSONFilePath}}" target="_blank">JSON</a>{{end}}
578 |                             {{if .MarkdownFilePath}}<a href="{{base .MarkdownFilePath}}" target="_blank">Markdown</a>{{end}}
579 |                         </div>
580 |                     </td>
581 |                 </tr>
582 |                 {{end}}
583 |             </tbody>
584 |         </table>
585 | 
586 |         <h2>Detailed Results</h2>
587 |         {{range .Results}}
588 |         <div class="pattern-section">
589 |             <div class="pattern-header" onclick="toggleContent(this)">
590 |                 <h3>Pattern: <code>{{.OriginalPattern}}</code> (Matches: {{len .MatchedLines}})</h3>
591 |                 <span class="toggle-icon">+</span>
592 |             </div>
593 |             <div class="content">
594 |                 <p><strong>Compiled Regex:</strong> <code>{{.RegexPattern}}</code></p>
595 |                 {{if .ResultFilePath}}<p><strong>Raw Output File:</strong> <a href="{{base .ResultFilePath}}" target="_blank">{{base .ResultFilePath}}</a></p>{{end}}
596 |                 {{if .JSONFilePath}}<p><strong>JSON Output File:</strong> <a href="{{base .JSONFilePath}}" target="_blank">{{base .JSONFilePath}}</a></p>{{end}}
597 |                 {{if .MarkdownFilePath}}<p><strong>Markdown Output File:</strong> <a href="{{base .MarkdownFilePath}}" target="_blank">{{base .MarkdownFilePath}}</a></p>{{end}}
598 |                 {{if .MatchedLines}}
599 |                     <h4>Matched Lines (first 10):</h4>
600 |                     <ul>
601 |                         {{range $i, $line := .MatchedLines}}
602 |                             {{if lt $i 10}}<li><code>{{$line}}</code></li>{{end}}
603 |                         {{end}}
604 |                         {{if gt (len .MatchedLines) 10}}<li>... ({{sub (len .MatchedLines) 10}} more lines)</li>{{end}}
605 |                     </ul>
606 |                 {{else}}
607 |                     <p class="no-matches">No matches found for this pattern.</p>
608 |                 {{end}}
609 |             </div>
610 |         </div>
611 |         {{end}}
612 |     </div>
613 | 
614 |     <script>
615 |         function toggleContent(header) {
616 |             const content = header.nextElementSibling;
617 |             const icon = header.querySelector('.toggle-icon');
618 |             if (content.classList.contains('active')) {
619 |                 content.classList.remove('active');
620 |                 icon.textContent = '+';
621 |             } else {
622 |                 content.classList.add('active');
623 |                 icon.textContent = '-';
624 |             }
625 |         }
626 |     </script>
627 | </body>
628 | </html>
629 | `
630 | 	// ReportData struct for HTML template
631 | 	type ReportData struct {
632 | 		Domain        string
633 | 		GeneratedTime string
634 | 		Results       []PatternResult
635 | 	}
636 | 
637 | 	reportData := ReportData{
638 | 		Domain:        domain,
639 | 		GeneratedTime: currentTimestamp(),
640 | 		Results:       resultsData,
641 | 	}
642 | 
643 | 	tmpl, err := template.New("report").Funcs(template.FuncMap{
644 | 		"sub":  func(a, b int) int { return a - b },
645 | 		"base": filepath.Base,
646 | 	}).Parse(htmlTemplate)
647 | 	if err != nil {
648 | 		return fmt.Errorf("error parsing HTML template: %v", err)
649 | 	}
650 | 
651 | 	file, err := os.Create(reportFilePath)
652 | 	if err != nil {
653 | 		return fmt.Errorf("error creating HTML report file: %v", err)
654 | 	}
655 | 	defer file.Close()
656 | 
657 | 	if err := tmpl.Execute(file, reportData); err != nil {
658 | 		return fmt.Errorf("error executing HTML template: %v", err)
659 | 	}
660 | 
661 | 	logMessage("INFO", fmt.Sprintf("HTML report generated at: %s", reportFilePath))
662 | 	return nil
663 | }
664 | 
665 | func printBanner() {
666 | 	banner := fmt.Sprintf(`%s
667 | ╔══════════════════════════════════════════════════════════════╗
668 | ║             %sEnhanced URL Reconnaissance Tool%s             ║
669 | ║                       %s v%s %s                              ║
670 | ╚══════════════════════════════════════════════════════════════╝
671 | %s`, colorCyan, colorBold, colorReset+colorCyan, colorBold, version, colorReset+colorCyan, colorReset)
672 | 	fmt.Println(banner)
673 | }
674 | 
675 | // printUsage displays the tool's usage instructions and options.
676 | func printUsage() {
677 | 	fmt.Printf(`%sUsage:%s
678 |   %s [options]%s
679 | 
680 | %sA tool to find sensitive information by enumerating subdomains, collecting Wayback Machine URLs,
681 | analyzing them, and matching against custom patterns.%s
682 | 
683 | %sOptions:%s
684 | `, colorYellow, colorReset, os.Args[0], colorReset, colorReset, colorReset, colorGreen, colorReset)
685 | 	flag.PrintDefaults()
686 | 	fmt.Printf(`
687 | %sExamples:%s
688 |   %s -domain example.com -html
689 |   %s -domain target.com -keywords-file custom_keywords.txt -json -markdown
690 |   %s -domain example.org
691 |   %s -v
692 |   %s --config (to generate a default config.json or modify existing)
693 | `, colorGreen, colorReset, os.Args[0], os.Args[0], os.Args[0], os.Args[0], os.Args[0])
694 | }
695 | 
696 | // main function is the entry point of the program.
697 | func main() {
698 | 	var domainFlag string
699 | 	var keywordsFileFlag string
700 | 	var outputDirFlag string
701 | 	var generateJSONFlag bool
702 | 	var generateMarkdownFlag bool
703 | 	var generateHTMLFlag bool
704 | 	var showVersionFlag bool
705 | 	var configSetupFlag bool
706 | 
707 | 	// Define flags
708 | 	flag.StringVar(&domainFlag, "domain", "", "Specify the target domain (e.g., example.com)")
709 | 	flag.StringVar(&keywordsFileFlag, "keywords-file", "grep_keywords.txt", "Path to a file containing grep-like keywords (one per line)")
710 | 	flag.StringVar(&outputDirFlag, "output-dir", "output", "Base directory to store all scan output files")
711 | 	flag.BoolVar(&generateJSONFlag, "json", false, "Generate results in JSON format for each pattern")
712 | 	flag.BoolVar(&generateMarkdownFlag, "markdown", false, "Generate results in Markdown format for each pattern")
713 | 	flag.BoolVar(&generateHTMLFlag, "html", false, "Generate a comprehensive HTML report summarizing all findings in the current directory")
714 | 	flag.BoolVar(&showVersionFlag, "version", false, "Display the tool version and exit")
715 | 	flag.BoolVar(&showVersionFlag, "v", false, "Display the tool version and exit (shorthand)")
716 | 	flag.BoolVar(&configSetupFlag, "config", false, "Run interactive configuration setup and exit")
717 | 
718 | 	flag.Usage = printUsage // Set custom usage function
719 | 
720 | 	flag.Parse() // Parse command-line arguments here
721 | 
722 | 	if showVersionFlag {
723 | 		fmt.Printf("grep-backURLs Version: %s\n", version)
724 | 		return
725 | 	}
726 | 
727 | 	if configSetupFlag {
728 | 		logMessage("INFO", "Starting interactive configuration setup...")
729 | 		if err := loadConfig(); err != nil { // loadConfig will now also save the updated timestamp
730 | 			logMessage("ERROR", fmt.Sprintf("Failed to load/create config: %v", err))
731 | 			return
732 | 		}
733 | 		logMessage("INFO", "Configuration setup complete. Modify config.json manually if needed.")
734 | 		return
735 | 	}
736 | 
737 | 	// Load configuration (will also update config.Timestamp and save it)
738 | 	if err := loadConfig(); err != nil {
739 | 		logMessage("ERROR", fmt.Sprintf("Error loading config: %v", err))
740 | 		return
741 | 	}
742 | 
743 | 	// Store the original config.OutputDir loaded from the file
744 | 	originalConfigOutputDir := config.OutputDir
745 | 
746 | 	// --- CRITICAL MODIFICATION: Check and STOP if -output-dir flag overrides config ---
747 | 	var outputDirFlagWasProvided bool
748 | 	flag.Visit(func(f *flag.Flag) {
749 | 		if f.Name == "output-dir" {
750 | 			outputDirFlagWasProvided = true
751 | 		}
752 | 	})
753 | 
754 | 	if outputDirFlagWasProvided {
755 | 		if outputDirFlag != originalConfigOutputDir {
756 | 			logMessage("ERROR", fmt.Sprintf("Command-line flag '-output-dir %s' differs from 'output_dir' in config.json ('%s').", outputDirFlag, originalConfigOutputDir))
757 | 			logMessage("ERROR", "Please update 'output_dir' in your config.json to match the desired output directory, then run the tool again.")
758 | 			logMessage("ERROR", "Exiting to ensure consistent configuration.")
759 | 			return // Exit the program
760 | 		}
761 | 	}
762 | 	// If the flag was provided and matches, or if it wasn't provided,
763 | 	// config.OutputDir will already hold the correct value (either from flag or config).
764 | 	// No explicit assignment needed here unless you want to force the flag value even if it matches config.
765 | 	if outputDirFlagWasProvided {
766 | 		config.OutputDir = outputDirFlag
767 | 	}
768 | 	// --- END CRITICAL MODIFICATION ---
769 | 
770 | 	// Override domain setting with command-line flag if provided
771 | 	if domainFlag != "" {
772 | 		config.Domain = domainFlag
773 | 	}
774 | 
775 | 	// Prompt for domain if not provided via flag or config
776 | 	if config.Domain == "" {
777 | 		fmt.Printf("%sEnter the target domain (e.g., example.com): %s", colorBold, colorReset)
778 | 		fmt.Scanln(&config.Domain)
779 | 	}
780 | 
781 | 	// Final check for domain
782 | 	if config.Domain == "" {
783 | 		logMessage("ERROR", "Domain cannot be empty. Exiting.")
784 | 		flag.Usage()
785 | 		return
786 | 	}
787 | 	results.Domain = config.Domain // Set domain in results struct
788 | 
789 | 	// Create output directory
790 | 	if err := os.MkdirAll(config.OutputDir, 0755); err != nil {
791 | 		logMessage("ERROR", fmt.Sprintf("Error creating output directory %s: %v", config.OutputDir, err))
792 | 		return
793 | 	}
794 | 	logMessage("INFO", fmt.Sprintf("All output will be saved to: %s", config.OutputDir))
795 | 
796 | 	// Setup logging to file
797 | 	if err := setupLogging(config.Domain); err != nil {
798 | 		logMessage("WARN", fmt.Sprintf("Failed to set up logging: %v. Proceeding without file logging.", err))
799 | 	}
800 | 	defer func() {
801 | 		if logFile != nil {
802 | 			logFile.Close() // Ensure log file is closed on exit
803 | 		}
804 | 	}()
805 | 
806 | 	// --- MODIFICATION: Define file paths for subfinder and waybackurls output in the current working directory ---
807 | 	cwd, _ := os.Getwd()
808 | 	subFile := filepath.Join(cwd, fmt.Sprintf("%s_subdomains.txt", config.Domain))
809 | 	waybackFile := filepath.Join(cwd, fmt.Sprintf("%s_waybackurls.txt", config.Domain))
810 | 	// --- END MODIFICATION ---
811 | 
812 | 	// Check if keywords file exists
813 | 	if _, err := os.Stat(keywordsFileFlag); os.IsNotExist(err) {
814 | 		logMessage("ERROR", fmt.Sprintf("Keywords file '%s' not found. Please create it with one keyword per line.", keywordsFileFlag))
815 | 		return
816 | 	}
817 | 
818 | 	var wg sync.WaitGroup
819 | 
820 | 	// --- MODIFICATION: Use Subfinder only ---
821 | 	wg.Add(1)
822 | 	go func() {
823 | 		defer wg.Done()
824 | 		cmd := exec.Command("subfinder", "-d", config.Domain, "-o", subFile)
825 | 		if err := runCommand(cmd, "Subfinder"); err != nil {
826 | 			logMessage("ERROR", fmt.Sprintf("Subfinder failed for %s: %v. Cannot proceed without subdomains. Exiting.", config.Domain, err))
827 | 			os.Exit(1) // Exit if subfinder fails, as waybackurls depends on it
828 | 		}
829 | 	}()
830 | 	wg.Wait() // Wait for Subfinder to complete
831 | 
832 | 	// Check if subdomains were found
833 | 	if isEmptyFile(subFile) {
834 | 		logMessage("ERROR", fmt.Sprintf("No subdomains found in '%s' or Subfinder failed to populate it. Cannot proceed with Waybackurls. Exiting.", subFile))
835 | 		return
836 | 	}
837 | 
838 | 	// Read subdomains and update results
839 | 	subContent, err := os.ReadFile(subFile)
840 | 	if err != nil {
841 | 		logMessage("ERROR", fmt.Sprintf("Error reading subdomains file '%s': %v", subFile, err))
842 | 		return
843 | 	}
844 | 	results.SubdomainCount = len(strings.Split(strings.TrimSpace(string(subContent)), "\n"))
845 | 	if results.SubdomainCount == 1 && strings.TrimSpace(string(subContent)) == "" { // Handle case of empty file but split gives 1 empty string
846 | 		results.SubdomainCount = 0
847 | 	}
848 | 	logMessage("INFO", fmt.Sprintf("Found %d subdomains.", results.SubdomainCount))
849 | 
850 | 	// Run Waybackurls concurrently
851 | 	wg.Add(1)
852 | 	go func() {
853 | 		defer wg.Done()
854 | 		cmd := exec.Command("waybackurls")
855 | 		file, err := os.Open(subFile)
856 | 		if err != nil {
857 | 			logMessage("ERROR", fmt.Sprintf("Error opening subdomain file '%s' for waybackurls: %v", subFile, err))
858 | 			return
859 | 		}
860 | 		defer file.Close()
861 | 		cmd.Stdin = file // Pipe subdomains to waybackurls stdin
862 | 		outFile, err := os.Create(waybackFile)
863 | 		if err != nil {
864 | 			logMessage("ERROR", fmt.Sprintf("Error creating wayback file '%s': %v", waybackFile, err))
865 | 			return
866 | 		}
867 | 		defer outFile.Close()
868 | 		cmd.Stdout = outFile // Redirect waybackurls stdout to file
869 | 		if err := runCommand(cmd, "Waybackurls"); err != nil {
870 | 			logMessage("WARN", fmt.Sprintf("Waybackurls failed for %s: %v. Proceeding with potentially empty Wayback URLs file.", config.Domain, err))
871 | 		}
872 | 	}()
873 | 	wg.Wait() // Wait for Waybackurls to complete
874 | 
875 | 	// Read wayback URLs and update results
876 | 	waybackContent, err := os.ReadFile(waybackFile)
877 | 	if err != nil {
878 | 		logMessage("ERROR", fmt.Sprintf("Error reading wayback file '%s': %v", waybackFile, err))
879 | 		return
880 | 	}
881 | 	results.URLCount = len(strings.Split(strings.TrimSpace(string(waybackContent)), "\n"))
882 | 	if results.URLCount == 1 && strings.TrimSpace(string(waybackContent)) == "" { // Handle case of empty file
883 | 		results.URLCount = 0
884 | 	}
885 | 	logMessage("INFO", fmt.Sprintf("Collected %d Wayback URLs.", results.URLCount))
886 | 
887 | 	logMessage("INFO", "Processing keywords and patterns...")
888 | 	keywordsContent, err := os.ReadFile(keywordsFileFlag)
889 | 	if err != nil {
890 | 		logMessage("ERROR", fmt.Sprintf("Error reading grep keywords file '%s': %v", keywordsFileFlag, err))
891 | 		return
892 | 	}
893 | 
894 | 	allKeywords := append(strings.Split(string(keywordsContent), "\n"), config.CustomKeywords...)
895 | 
896 | 	allPatternResults, err := processKeywords(waybackContent, allKeywords, config.Domain)
897 | 	if err != nil {
898 | 		logMessage("ERROR", fmt.Sprintf("Error processing keywords: %v", err))
899 | 		return
900 | 	}
901 | 
902 | 	logMessage("INFO", "Generating reports...")
903 | 	if err := generateReport(config.Domain, allPatternResults, generateHTMLFlag); err != nil {
904 | 		logMessage("ERROR", fmt.Sprintf("Error generating reports: %v", err))
905 | 		return
906 | 	}
907 | 
908 | 	// Print final summary banner
909 | 	fmt.Printf(`
910 | %s╔══════════════════════════════════════════════════════════════╗
911 | ║                       %sSUMMARY%s                              ║
912 | ╠════════════════════════════════════════════════════════════════╣
913 | ║ Domain:             %-42s ║                                    ║
914 | ║ Subdomains Found:   %-42d ║                                    ║
915 | ║ URLs Collected:     %-42d ║                                    ║
916 | ║ Total Matches:      %-42d ║                                    ║
917 | ║ Output Directory:   %-42s ║                                    ║
918 | ╚══════════════════════════════════════════════════════════════╝%s
919 | 
920 | %sAutomation script completed successfully!%s
921 | `, colorGreen, colorBold, colorReset+colorGreen, config.Domain, results.SubdomainCount, results.URLCount,
922 | 		results.Statistics["total_matches"], config.OutputDir, colorReset, colorBold, colorReset)
923 | }
924 | 


--------------------------------------------------------------------------------