Documentation
¶
Index ¶
- Constants
- func ArchiveOldIntelligence(intel *TargetIntelligence, configDir string) error
- func CleanupExpiredIntelligence(intel *TargetIntelligence) int
- func InitializeConfigFiles()
- type BansheeConfig
- type BraveResponse
- type CVEIntelligence
- type Config
- type DirectoryPattern
- type DorkIntelligence
- type GoogleResponse
- type IndustryIntelligence
- type IndustryPattern
- type IntelligenceFreshness
- type IntelligenceStats
- type LinguisticIntelligence
- type NamingConventions
- type PatternStats
- type ResponseFinding
- type SafeSet
- type SecretPattern
- type SuccessPattern
- type SuccessfulURLInfo
- type TargetIntelligence
- type TemporalPattern
- type ValidationMetrics
- type WaybackIntelligence
Constants ¶
View Source
const ( DefaultAPIURL = "https://www.googleapis.com/customsearch/v1" DefaultCX = "759aed2f7b4be4b83" DefaultUserAgent = "" /* 131-byte string literal not displayed */ BraveAPIURL = "https://api.search.brave.com/res/v1/web/search" )
Variables ¶
This section is empty.
Functions ¶
func ArchiveOldIntelligence ¶
func ArchiveOldIntelligence(intel *TargetIntelligence, configDir string) error
ArchiveOldIntelligence wraps archive behavior for external callers.
func CleanupExpiredIntelligence ¶
func CleanupExpiredIntelligence(intel *TargetIntelligence) int
CleanupExpiredIntelligence wraps the internal cleanup for external callers.
func InitializeConfigFiles ¶
func InitializeConfigFiles()
InitializeConfigFiles creates empty config files if they don't exist This ensures users have the proper file structure for customization
Types ¶
type BansheeConfig ¶
type BansheeConfig struct {
// Search engine settings
Engine string `config:"engine"`
// General flags
Verbose bool `config:"verbose"`
Recursive bool `config:"recursive"`
Insecure bool `config:"insecure"`
Pages int `config:"pages"`
Delay float64 `config:"delay"`
Workers int `config:"workers"` // Number of parallel workers (default: 5)
Quantity int `config:"quantity"`
OOSFile string `config:"oos-file"` // Path to out-of-scope file
// AI Enhancement flags
Model string `config:"model"` // AI model to use globally (overridden by CLI --model flag)
Simplify bool `config:"simplify"`
Research bool `config:"research"`
ResearchDepth int `config:"research-depth"`
Learn bool `config:"learn"`
Smart bool `config:"smart"`
SmartTimeout int `config:"smart-timeout"` // Timeout in seconds for SMART AI optimization (default: 150)
Suggestions bool `config:"suggestions"`
NoFollowUp bool `config:"no-followup"`
MaxFollowUp int `config:"max-followup"`
Correlation bool `config:"correlation"`
MaxCorrelation int `config:"max-correlation"`
PatternDetection bool `config:"pattern-detection"`
WAFBypass bool `config:"waf-bypass"`
Save bool `config:"save"`
IncludeDates bool `config:"include-dates"`
TechDetect bool `config:"tech-detect"`
Adaptive bool `config:"adaptive"`
Deep bool `config:"deep"`
Scoring bool `config:"scoring"`
Budget bool `config:"budget"`
Flush bool `config:"flush"`
SuccessfulURLPatterns int `config:"successful-url-patterns"` // Number of patterns to extract from successful URLs
MultiLangMultiplier int `config:"multi-lang-multiplier"` // Percentage of dorks to generate in target language
MonitorTime int `config:"monitor-time"` // Minutes between monitor cycles
}
BansheeConfig holds configuration from ~/.config/banshee/.config
func LoadConfigFile ¶
func LoadConfigFile() *BansheeConfig
LoadConfigFile reads and parses the config file from ~/.config/banshee/.config
type BraveResponse ¶
type CVEIntelligence ¶
type CVEIntelligence struct {
Technology string `json:"technology"`
Version string `json:"version"`
CVEList []string `json:"cve_list"`
Severity string `json:"severity"`
LastChecked time.Time `json:"last_checked"`
}
CVEIntelligence tracks detected CVEs for technologies.
type Config ¶
type Config struct {
// Inputs and flags
Target string
Pages int
Dork string
Exclusions string
Contents string
Delay float64
Dictionary string
Extension string
OutputPath string
DomainsFile string
Proxy string
Insecure bool // Skip TLS certificate verification (for Burp/proxies)
IncludeSubdomains bool
SubdomainMode bool
FindApex bool
Verbose bool
NoColors bool // Disable colorful output
Engine string // NEW: "both", "google", "brave"
// Derived
ExcludeTargets string
InFile string
InUrl string
// Keys
ApiKeys []string
ExhaustedKeys map[string]struct{}
BraveAPIKeys []string // NEW
ExhaustedBraveKeys map[string]struct{} // NEW
BraveKeyLastUsed map[string]time.Time // NEW: track rate limiting
// HTTP / runtime
Client *http.Client // Client for API requests (no proxy)
ProxyClient *http.Client // Client for accessing found URLs (with proxy if set)
DynamicDelay float64
RequestStore []string
// internal flags
ResultsFound bool
RequestCounter int
NoResultCounter int
AiPrompt string // AI prompt for dork generation
AiQuantity int // Number of dorks to generate
SuppressAIDorkList bool // Suppress AI dork list logging (internal)
// Monitor mode
MonitorMode bool
MonitorQuery string
MonitorMinutes int
FilterMonitor bool
AnalyzeMonitor bool
MonitorDocFocus bool
MonitorSeenURLs *SafeSet
Simplify bool // Simplify long prompts
RandomMode bool // Random dork generation mode
RandomFocus string // Focus area for random dorks (sqli, xss, etc.)
IgnoreFile string // File with dorks to ignore
FlushMode bool // Flush mode - don't use ignore file
OosFile string // Path to out-of-scope file
OosPatterns []string // Loaded out-of-scope patterns (supports wildcards)
ResearchMode bool // OSINT research mode
ResearchDepth int // Research depth (1-4)
CheckLeaks bool // Check paste sites for leaked credentials
LeakTarget string // Target domain/file for leak checking
Keywords string // Keywords for leak checking (comma-separated)
LearnMode bool // Enable continuous learning mode
// AI Enhancement Flags
SmartMode bool // Context-aware dork chaining
SmartTimeout int // Timeout in seconds for SMART AI optimization (default: 150)
ShowSuggestions bool // Show dork optimization suggestions (requires --smart)
NoFollowUp bool // Skip follow-up dork generation (requires --smart)
MaxFollowUp int // Max follow-up dorks to generate (default 5, requires --smart)
CorrelationMode bool // Enable multi-layer correlation (requires --smart)
MaxCorrelation int // Max correlation dorks per subdomain (default 10, requires --correlation)
PatternDetection bool // Detect and exploit naming convention patterns
SaveMode bool // Smart pagination with diminishing returns
IncludeDates bool // Strategic date operator usage
TechDetect bool // Auto-detect tech stack
AdaptiveMode bool // Adaptive rate limiting
DeepMode bool // Recursive subdomain discovery
ScoringMode bool // AI-based result classification and vulnerability scoring
BudgetMode bool // Smart query budget optimization (predict before execute)
WafBypass bool // Adversarial dork generation (obfuscation, bypass techniques)
// CVE and Intelligence Management
UpdateCVEDB bool // Update CVE database from NVD API
CveYear int // Filter CVEs by year (only with --update-cve-db)
CveSeverity string // Filter CVEs by severity: critical,high,medium,low (only with --update-cve-db)
CveResultsPerPage int // Results per page from NVD API (only with --update-cve-db)
HasExploit bool // Only include CVEs with public exploits (only with --update-cve-db)
AiDorkGeneration bool // Use AI to generate specialized dorks for each CVE (only with --update-cve-db)
MaxCVEDork int // Max number of dorks to generate per CVE (default 10, max 20) (only with --ai-dork-generation)
NvdAPIKey string // NVD API key for higher rate limits
ViewIntel string // View intelligence for target
ExportIntel string // Export intelligence to JSON
InteractiveMode bool // Launch interactive TUI mode
AnalyzeDocuments bool // Automatically analyze found documents (PDF, DOCX, PPTX) for sensitive information
FilterDocs bool // Filter out non-sensitive documents (user guides, manuals, etc.) from analysis (requires --analyze-docs)
AnalyseOnly bool // Skip dorking and only analyze document URLs from stdin (requires --analyze-docs)
SuccessfulURLPatterns int // Number of patterns to extract from successful URLs (default: 3)
// Multi-language and fuzzing support
MultiLang bool // Enable multi-language dork generation based on target's language
MultiLangMultiplier int // Percentage of dorks to generate in target language
FuzzMode bool // Enable advanced fuzzing with dynamic wordlist generation
MatchCodes string // Match specific HTTP status codes (comma-separated, like httpx --mc)
// AI Provider Configuration
AiModel string // AI model to use (e.g., gemini-2.0-flash-exp, claude-3-5-sonnet, gpt-4)
// Deduplication
DedupeMode bool // Enable intelligent deduplication and result clustering
// Response Analysis
AnalyzeResponses bool // Enable AI-powered response analysis (requires --dedupe and AI)
AnalyzeResponseOnly bool // Analyze the response of a specific URL without dorking
AnalyzeResponseURL string // URL to analyze for --analyze-response-only
AnalyzeCodeOnly bool // Analyze code from STDIN for security vulnerabilities (no dorking)
InlineCodeAnalysis bool // Extract and analyze inline JavaScript from HTML (requires AI mode)
// Internal storage for learn mode
Intelligence *TargetIntelligence // Current target intelligence
SuccessfulURLCache map[string]*SuccessfulURLInfo // Cache of tech detection results for successful URLs
// AI improvements
AiCacheManager *utils.AICacheManager // AI response cache manager
// Concurrency
Workers int // Number of worker goroutines for parallel processing (default: 5)
// Wayback Machine Integration
ForeseeMode bool // Enable AI-powered foresee mode via Wayback Machine intelligence
WaybackStatusCodes []string // Status codes to filter Wayback results (default: all)
NoWaybackCache bool // Bypass Wayback cache and fetch fresh data
ClearWaybackCache bool // Clear all Wayback cache and exit
AutoCleanupCache bool // Auto-cleanup old Wayback cache on every run
WaybackIntelligence *WaybackIntelligence // Stored Wayback intelligence for Smart mode integration
TargetLanguage string // Detected language of target website
ApexTargets []string // Resolved apex domains from --find-apex
ApexResolved bool // Track whether --find-apex resolution ran
ApexSummaryPrinted bool // Prevent duplicate summary output
}
type DirectoryPattern ¶
type DirectoryPattern struct {
Template string `json:"template"`
Variables []string `json:"variables"`
Examples []string `json:"examples"`
Count int `json:"count"`
}
DirectoryPattern represents a discovered directory structure pattern.
type DorkIntelligence ¶
type DorkIntelligence struct {
Dork string `json:"dork"`
ResultCount int `json:"result_count"`
TimesUsed int `json:"times_used"`
LastUsed time.Time `json:"last_used"`
Category string `json:"category"`
Pattern string `json:"pattern"`
SuccessRate float64 `json:"success_rate"`
IsAIGenerated bool `json:"is_ai_generated,omitempty"`
ValidationStatus string `json:"validation_status,omitempty"`
QualityScore float64 `json:"quality_score,omitempty"`
EffectivenessROI float64 `json:"effectiveness_roi,omitempty"`
FirstSeen time.Time `json:"first_seen,omitempty"`
}
DorkIntelligence tracks individual dork performance.
type GoogleResponse ¶
type IndustryIntelligence ¶
type IndustryIntelligence struct {
Industry string `json:"industry"`
TargetCount int `json:"target_count"`
CommonPaths map[string]int `json:"common_paths"`
CommonTech map[string]int `json:"common_tech"`
SuccessPatterns []IndustryPattern `json:"success_patterns"`
LastUpdated time.Time `json:"last_updated"`
}
IndustryIntelligence stores global industry patterns (shared across all targets).
type IndustryPattern ¶
type IndustryPattern struct {
Pattern string `json:"pattern"`
Frequency int `json:"frequency"`
SuccessRate float64 `json:"success_rate"`
Description string `json:"description"`
}
IndustryPattern tracks successful patterns for an industry.
type IntelligenceFreshness ¶
type IntelligenceFreshness struct {
SubdomainsUpdated time.Time `json:"subdomains_updated"`
TechStackUpdated time.Time `json:"tech_stack_updated"`
DorksUpdated time.Time `json:"dorks_updated"`
PatternsUpdated time.Time `json:"patterns_updated"`
SubdomainsTTL int `json:"subdomains_ttl"`
TechStackTTL int `json:"tech_stack_ttl"`
DorksTTL int `json:"dorks_ttl"`
PatternsTTL int `json:"patterns_ttl"`
}
IntelligenceFreshness tracks TTL and freshness for different data types.
type IntelligenceStats ¶
type IntelligenceStats struct {
TotalResults int `json:"total_results"`
TotalSubdomains int `json:"total_subdomains"`
TotalEndpoints int `json:"total_endpoints"`
TotalSecrets int `json:"total_secrets"`
MostProductiveHour int `json:"most_productive_hour"`
AverageResultsPerDork float64 `json:"average_results_per_dork"`
BestDorkCategory string `json:"best_dork_category"`
}
IntelligenceStats stores statistical information.
type LinguisticIntelligence ¶
type LinguisticIntelligence struct {
EmailDomain string
ProjectNames []string
DepartmentTerms []string
Jargon []string
ProductNames []string
Subsidiaries []string
Technologies []string
EmployeeNames []string
InternalTerms map[string]string
Industry string
Acquisitions []string
Partnerships []string
Locations []string
}
LinguisticIntelligence stores company-specific terminology and patterns.
type NamingConventions ¶
type NamingConventions struct {
SubdomainPattern string `json:"subdomain_pattern"`
SubdomainExample []string `json:"subdomain_example"`
EmailPattern string `json:"email_pattern"`
EmailExample []string `json:"email_example"`
Environments []string `json:"environments"`
Services []string `json:"services"`
Regions []string `json:"regions"`
Confidence float64 `json:"confidence"`
}
NamingConventions tracks detected naming patterns.
type PatternStats ¶
type PatternStats struct {
Pattern string `json:"pattern"`
TimesUsed int `json:"times_used"`
SuccessCount int `json:"success_count"`
SuccessRate float64 `json:"success_rate"`
TotalResults int `json:"total_results"`
AvgResults float64 `json:"avg_results"`
LastSuccess time.Time `json:"last_success"`
FirstUsed time.Time `json:"first_used"`
ValidationCount int `json:"validation_count,omitempty"`
ConfirmedCount int `json:"confirmed_count,omitempty"`
ConfidenceScore float64 `json:"confidence_score,omitempty"`
LastValidated time.Time `json:"last_validated,omitempty"`
}
PatternStats tracks detailed statistics for dork patterns.
type ResponseFinding ¶
type ResponseFinding struct {
URL string `json:"url"`
Summary string `json:"summary"`
Priority string `json:"priority"`
SensitiveTypes []string `json:"sensitive_types,omitempty"`
FoundAt time.Time `json:"found_at"`
}
ResponseFinding captures sensitive discoveries from response analysis.
type SafeSet ¶
type SafeSet struct {
// contains filtered or unexported fields
}
SafeSet provides concurrency-safe uniqueness tracking.
func NewSafeSet ¶
func NewSafeSet() *SafeSet
type SecretPattern ¶
type SecretPattern struct {
Type string `json:"type"`
Pattern string `json:"pattern"`
Found int `json:"found"`
LastSeen time.Time `json:"last_seen"`
}
SecretPattern tracks found secret patterns.
type SuccessPattern ¶
type SuccessPattern struct {
Pattern string `json:"pattern"`
Path string `json:"path"`
Parameter string `json:"parameter"`
FileType string `json:"file_type"`
Context string `json:"context"`
SuccessCount int `json:"success_count"`
LastSeen time.Time `json:"last_seen"`
}
SuccessPattern tracks patterns extracted from successful results.
type SuccessfulURLInfo ¶
type SuccessfulURLInfo struct {
URL string
TechStack map[string]interface{} // Technologies detected
BusinessFocus string // Business focus/purpose detected by AI
ScannedAt time.Time
}
SuccessfulURLInfo stores tech detection results for successful URLs
type TargetIntelligence ¶
type TargetIntelligence struct {
Target string `json:"target"`
FirstSeen time.Time `json:"first_seen"`
LastUpdated time.Time `json:"last_updated"`
TotalScans int `json:"total_scans"`
SuccessfulDorks []DorkIntelligence `json:"successful_dorks"`
FailedDorks []string `json:"failed_dorks"`
DiscoveredSubdomains []string `json:"discovered_subdomains"`
DiscoveredPaths []string `json:"discovered_paths"`
DiscoveredFileTypes []string `json:"discovered_file_types"`
TechStack []string `json:"tech_stack"`
CloudAssets []string `json:"cloud_assets"`
Secrets []SecretPattern `json:"secrets"`
APIEndpoints []string `json:"api_endpoints"`
DorkPatterns map[string]int `json:"dork_patterns"`
CommonPaths map[string]int `json:"common_paths"`
SubdomainFirstSeen map[string]time.Time `json:"subdomain_first_seen"`
Statistics IntelligenceStats `json:"statistics"`
SuccessPatterns []SuccessPattern `json:"success_patterns"`
NamingConventions *NamingConventions `json:"naming_conventions"`
IndustryProfile string `json:"industry_profile"`
DetectedCVEs []CVEIntelligence `json:"detected_cves"`
PatternStatistics map[string]*PatternStats `json:"pattern_statistics"`
ResponseFindings []ResponseFinding `json:"response_findings"`
DataFreshness *IntelligenceFreshness `json:"data_freshness,omitempty"`
ValidationMetrics *ValidationMetrics `json:"validation_metrics,omitempty"`
}
TargetIntelligence stores continuous learning data for a target.
type TemporalPattern ¶
type TemporalPattern struct {
Pattern string `json:"pattern"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
MissingYears []int `json:"missing_years"`
SeenYears []int `json:"seen_years"`
}
TemporalPattern represents time-based patterns in URLs.
type ValidationMetrics ¶
type ValidationMetrics struct {
TotalPatterns int `json:"total_patterns"`
ValidatedPatterns int `json:"validated_patterns"`
HighConfidence int `json:"high_confidence"`
LowConfidence int `json:"low_confidence"`
PrunedPatterns int `json:"pruned_patterns"`
LastValidation time.Time `json:"last_validation"`
PatternConfidence map[string]float64 `json:"pattern_confidence"`
}
ValidationMetrics tracks pattern validation and confidence.
type WaybackIntelligence ¶
type WaybackIntelligence struct {
Domain string `json:"domain"`
Subdomains []string `json:"subdomains"`
SensitivePaths []string `json:"sensitive_paths"`
Parameters map[string][]string `json:"parameters"`
FilePatterns map[string][]string `json:"file_patterns"`
DirectoryPatterns []DirectoryPattern `json:"directory_patterns"`
TechStack []string `json:"tech_stack"`
APIEndpoints []string `json:"api_endpoints"`
TemporalPatterns []TemporalPattern `json:"temporal_patterns"`
AdminPaths []string `json:"admin_paths"`
BackupFiles []string `json:"backup_files"`
ConfigFiles []string `json:"config_files"`
TotalURLs int `json:"total_urls"`
ProcessedAt time.Time `json:"processed_at"`
}
WaybackIntelligence contains all extracted intelligence from Wayback.
Source Files
Click to show internal directories.
Click to hide internal directories.