Merge pull request #4 from cyclone-github/testing

cyclone-github · web-flow · commit 1dcea6c97b87 · 2025-01-09T12:04:55.000-06:00
Fix issues 1, 2 &amp; 3
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+### version 0.2.4; 2025-01-08
+```
+added -o {output_file} flag to redirect stdout to file
+updated -help output
+refactored code
+```
 ### version 0.2.3; 2025-01-07
 ```
 add sanity check for punycode domains, https://github.com/cyclone-github/ipscope/issues/1
diff --git a/README.md b/README.md
@@ -8,15 +8,14 @@
 
 # IPScope
 
-A CLI tool written in pure Go for IP lookup and subdomain discovery. Designed for security researchers and network administrators to resolve IP addresses for TLDs and subdomains. Includes support for some reverse proxy and WAF detection.
+A CLI tool written in pure Go for subdomain discovery and IP lookup. Designed for security researchers and network administrators to resolve IP addresses for TLDs and subdomains. Includes support for some reverse proxy and WAF detection.
 
-IPScope was written as a capable, no-fuss alternative to more complex CLI tools commonly used for subdomain discovery and active DNS resolution. IPScope features a simple CLI that only requires one command-line argument, the target URL, while maintaining a powerful backend and optional command-line arguments for further customization. Since it's written in Go, there's no need to hunt down outdated or obscure Python / Ruby dependencies, and since it's written with ease of use in mind, there's no need to figure out complex command-line arguments -- **IPScope just works**.
+IPScope was written as a capable, no-fuss alternative to more complex CLI tools commonly used for subdomain discovery and active DNS resolution. IPScope features a simple CLI that only requires one command-line argument, the target URL, while maintaining a powerful backend and optional command-line arguments for further customization. Since it's written in Go, there's no need to hunt down outdated or obscure Python / Ruby / Perl dependencies (we've all been there), and since it's written with ease of use in mind, there's no need to figure out complex command-line arguments -- **IPScope just works**.
 
 ### Usage Instructions:
 Of course, don't run IPScope on domains you don't have permission to probe.
 
-- Example Usage:
-  - `./ipscope.bin -url example.org`
+- `./ipscope.bin -url example.org`
 ```
                    _                   
   ____ _   _  ____| | ___  ____  _____ 
@@ -25,25 +24,66 @@ Of course, don't run IPScope on domains you don't have permission to probe.
  \____)\__  |\____)\_)___/|_| |_|_____)
       (____/                           
 
+Cyclone's IPScope v0.2.4; 2025-01-08
+https://github.com/cyclone-github/ipscope
+
 Processing URL: example.org using DNS: 1.1.1.1
 
   TLD  example.org                93.184.215.14     AS15133 Edgecast Inc.            Dźwirzyno, West Pomerania, PL (Reverse Proxy or WAF Detected)
   TLD  www.example.org            93.184.215.14     AS15133 Edgecast Inc.            Dźwirzyno, West Pomerania, PL (Reverse Proxy or WAF Detected)
 ```
-  - `./ipscope.bin -url example.org -sub subdomains.txt -dns 8.8.8.8`
+  - `./ipscope.bin -url example.org -sub subdomains.txt -dns 8.8.8.8 -json`
+```
+                   _                   
+  ____ _   _  ____| | ___  ____  _____ 
+ / ___) | | |/ ___) |/ _ \|  _ \| ___ |
+( (___| |_| ( (___| | |_| | | | | ____|
+ \____)\__  |\____)\_)___/|_| |_|_____)
+      (____/                           
+
+Cyclone's IPScope v0.2.4; 2025-01-08
+https://github.com/cyclone-github/ipscope
+
+Processing URL: example.org using DNS: 8.8.8.8
+
+{"label":"TLD","domain":"www.example.org","ip":"93.184.215.14","asn":"AS15133 Edgecast Inc.","city":"Dźwirzyno","region":"West Pomerania","country":"PL","proxy":true}
+{"label":"TLD","domain":"example.org","ip":"93.184.215.14","asn":"AS15133 Edgecast Inc.","city":"Dźwirzyno","region":"West Pomerania","country":"PL","proxy":true}
+```
+  - `./ipscope.bin -url example.org -sub subdomains.txt -dns 8.8.8.8 -json -o output.txt`
+```
+                   _                   
+  ____ _   _  ____| | ___  ____  _____ 
+ / ___) | | |/ ___) |/ _ \|  _ \| ___ |
+( (___| |_| ( (___| | |_| | | | | ____|
+ \____)\__  |\____)\_)___/|_| |_|_____)
+      (____/                           
+
+Cyclone's IPScope v0.2.4; 2025-01-08
+https://github.com/cyclone-github/ipscope
+
+Processing URL: example.org using DNS: 8.8.8.8
 
-The `-dns` flag is useful for testing how a domain resolves with specific DNS servers, such as 1.1.1.1, 8.8.8.8, or DNS based filtering such as Cloudflare 1.1.1.3 or OpenDNS 208.67.222.222. It’s also great for testing locally hosted DNS servers like Pi-hole or pfSense.
+Output redirected to file: output.txt
+```
+### Supported flags:
+  - `-url {foobar.com}        (url to scan)`
+  - `-sub {subdirectory_file} (defaults to built-in list)`
+  - `-dns {dns_server}           (defaults to 1.1.1.1)`
+  - `-json                    (outputs stdout to json format)`
+  - `-o {output_file}         (redirects stdout to file)`
+  - `-help                    (prints usage instructions)`
+  - `-version                 (prints version info)`
+
+The `-dns` flag is useful for testing how a domain resolves with a specific DNS server, such as 1.1.1.1, 8.8.8.8, or DNS based filtering such as Cloudflare 1.1.1.3 or OpenDNS 208.67.222.222. It’s also great for testing locally hosted DNS servers like Pi-hole or pfSense.
 
 The tool can also be used with a custom subdomain list via the `-sub` flag to verify if known subdomains are resolving correctly through services like Cloudflare, or to check if they are leaking their host IP.
 
+The `-json` flag will format stdout to json, while the `-o` flag will redirect stdout to file.
+
 If neither the `-dns` nor `-sub` flags are given, the tool defaults to 1.1.1.1 and a built-in list of the top 10k common subdomains.
 
-- Supported flags:
-  - `-url example.org (required)`
-  - `-sub subdomain.txt (optional, defaults to built-in list)`
-  - `-dns 8.8.8.8 (optional, defaults to 1.1.1.1)`
-  - `-help (usage instructions)`
-  - `-version (version info)`
+IPScope output is:
+`label` `domain` `ip` `asn` `city` `region` `country` `proxy`
 
 ### Compile from source:
 - If you want the latest features, compiling from source is the best option since the release version may run several revisions behind the source code.
@@ -55,7 +95,7 @@ If neither the `-dns` nor `-sub` flags are given, the tool defaults to 1.1.1.1 a
   - `go build -ldflags="-s -w" .`
 - Compile from source code how-to:
   - https://github.com/cyclone-github/scripts/blob/main/intro_to_go.txt
-### Change Log:
+### Changelog:
 - https://github.com/cyclone-github/ipscope/blob/main/CHANGELOG.md
 
 ### Antivirus False Positives:
diff --git a/main.go b/main.go
@@ -13,7 +13,7 @@ import (
 )
 
 /*
-IPScope is a CLI tool for IP lookup and subdomain discovery.
+IPScope is a CLI tool for subdomain discovery and IP lookup.
 Designed for security researchers and network administrators to resolve IP addresses for TLDs and subdomains.
 Includes support for some reverse proxy and WAF detection.
 
@@ -40,6 +40,10 @@ Version History:
 	add sanity check for punycode domains, https://github.com/cyclone-github/ipscope/issues/1
 	add -json output flag, https://github.com/cyclone-github/ipscope/issues/2
 	fixed stdout to stderr, https://github.com/cyclone-github/ipscope/issues/3
+0.2.4; 2025-01-08
+	added -o {output_file} flag to redirect stdout to file
+	updated -help output
+	refactored code
 */
 
 const cloudflareIPv4URL = "https://www.cloudflare.com/ips-v4/"
@@ -57,6 +61,7 @@ func main() {
 	subFlag := flag.String("sub", "", "File containing subdomains")
 	dnsFlag := flag.String("dns", "1.1.1.1", "Custom DNS server (ex: 1.1.1.1)")
 	jsonFlag := flag.Bool("json", false, "Output results in JSON format")
+	outputFlag := flag.String("o", "", "Output to file (defaults to stdout)")
 	cycloneFlag := flag.Bool("cyclone", false, "")
 	versionFlag := flag.Bool("version", false, "Version info")
 	helpFlag := flag.Bool("help", false, "Display help")
@@ -84,6 +89,16 @@ func main() {
 		os.Exit(1)
 	}
 
+	if *outputFlag != "" {
+		file, err := os.OpenFile(*outputFlag, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error opening output file: %v\n", err)
+			os.Exit(1)
+		}
+		defer file.Close()
+		os.Stdout = file
+	}
+
 	jsonOutput := *jsonFlag
 
 	domain := *urlFlag
@@ -107,7 +122,10 @@ func main() {
 	printCyclone()
 
 	fmt.Fprintf(os.Stderr, "Processing URL: %s using DNS: %s\n\n", domain, *dnsFlag)
-	//writer.Flush()
+
+	if *outputFlag != "" {
+		fmt.Fprintf(os.Stderr, "Output redirected to file: %s\n\n", *outputFlag)
+	}
 
 	// load Cloudflare IP ranges
 	loadCloudflareIPs()
@@ -121,7 +139,6 @@ func main() {
 	var err error
 
 	for i := 0; i < retries; i++ {
-		writer.Flush()
 		crtSubdomains, err = getSubdomainsFromCRT(domain)
 		if err == nil {
 			break
@@ -153,7 +170,7 @@ func main() {
 	if !processedSubdomains[domain] {
 		tldIPs, err := customResolver.LookupIP(context.Background(), "ip4", domain)
 		if err != nil {
-			fmt.Fprintf(writer, "Error getting IP for TLD (%s): %v\n", domain, err)
+			fmt.Fprintf(os.Stderr, "Error getting IP for TLD (%s): %v\n", domain, err)
 		} else {
 			printOutput(writer, "TLD", domain, tldIPs, jsonOutput)
 			writer.Flush()
@@ -164,7 +181,7 @@ func main() {
 	if *subFlag != "" {
 		file, err := os.Open(*subFlag)
 		if err != nil {
-			fmt.Fprintf(writer, "Error opening subdomains file (%s): %v\n", *subFlag, err)
+			fmt.Fprintf(os.Stderr, "Error opening subdomains file (%s): %v\n", *subFlag, err)
 			os.Exit(1)
 		}
 		defer file.Close()
@@ -184,7 +201,7 @@ func main() {
 		}
 
 		if err := scanner.Err(); err != nil {
-			fmt.Fprintf(writer, "Error reading subdomains file (%s): %v\n", *subFlag, err)
+			fmt.Fprintf(os.Stderr, "Error reading subdomains file (%s): %v\n", *subFlag, err)
 		}
 	} else {
 		for _, subdomain := range defaultSubdomains() {
@@ -199,4 +216,4 @@ func main() {
 			}
 		}
 	}
-}
+}
diff --git a/utils.go b/utils.go
@@ -40,7 +40,7 @@ func init() {
 	for _, cidr := range staticIPs {
 		_, ipnet, err := net.ParseCIDR(cidr)
 		if err != nil {
-			fmt.Printf("Failed to parse Cloudflare IP range %s: %v\n", cidr, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse Cloudflare IP range %s: %v\n", cidr, err)
 			continue
 		}
 		cloudflareIPNets = append(cloudflareIPNets, ipnet)
@@ -60,54 +60,40 @@ func printOutput(writer *tabwriter.Writer, label, domain string, ips []net.IP, j
 		Proxy   bool   `json:"proxy"`
 	}
 
-	if jsonOutput {
-		// JSON output format
-		for _, ip := range ips {
-			if ipv4 := ip.To4(); ipv4 != nil {
-				if !isValidPublicIPv4(ipv4) {
-					continue
-				}
-
-				ipInfo, err := getIPInfo(ipv4.String())
-				if err != nil {
-					continue
-				}
-
-				output := JSONOutput{
-					Label:   label,
-					Domain:  domain,
-					IP:      ipv4.String(),
-					Asn:     ipInfo.Org,
-					City:    ipInfo.City,
-					Region:  ipInfo.Region,
-					Country: ipInfo.Country,
-					Proxy:   checkCloudFlare(ipv4.String()) || checkKnownWAF(ipInfo.Org),
-				}
-
-				jsonData, _ := json.Marshal(output)
-				fmt.Println(string(jsonData))
-			}
+	for _, ip := range ips {
+		ipv4 := ip.To4()
+		if ipv4 == nil || !isValidPublicIPv4(ipv4) {
+			continue
 		}
-	} else {
-		// tabwriter "pretty" output
-		for _, ip := range ips {
-			if ipv4 := ip.To4(); ipv4 != nil {
-				if !isValidPublicIPv4(ipv4) {
-					continue
-				}
 
-				ipInfo, err := getIPInfo(ipv4.String())
-				if err != nil {
-					fmt.Fprintf(writer, "Error fetching IP info: %v\n", err)
-					continue
-				}
+		ipInfo, err := getIPInfo(ipv4.String())
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error fetching IP info for %s: %v\n", ipv4.String(), err)
+			continue
+		}
 
-				isReverseProxy := checkCloudFlare(ipv4.String()) || checkKnownWAF(ipInfo.Org)
-				if isReverseProxy {
-					fmt.Fprintf(writer, "%-3s\t%-25s\t%-16s\t%-32s\t %s, %s, %s (Reverse Proxy or WAF Detected)\n", label, domain, ipv4, ipInfo.Org, ipInfo.City, ipInfo.Region, ipInfo.Country)
-				} else {
-					fmt.Fprintf(writer, "%-3s\t%-25s\t%-16s\t%-32s\t %s, %s, %s\n", label, domain, ipv4, ipInfo.Org, ipInfo.City, ipInfo.Region, ipInfo.Country)
-				}
+		isReverseProxy := checkCloudFlare(ipv4.String()) || checkKnownWAF(ipInfo.Org)
+
+		if jsonOutput {
+			// JSON output format
+			output := JSONOutput{
+				Label:   label,
+				Domain:  domain,
+				IP:      ipv4.String(),
+				Asn:     ipInfo.Org,
+				City:    ipInfo.City,
+				Region:  ipInfo.Region,
+				Country: ipInfo.Country,
+				Proxy:   isReverseProxy,
+			}
+			jsonData, _ := json.Marshal(output)
+			fmt.Println(string(jsonData))
+		} else {
+			// tabwriter "pretty" output
+			if isReverseProxy {
+				fmt.Fprintf(writer, "%-3s\t%-25s\t%-16s\t%-32s\t %s, %s, %s (Reverse Proxy or WAF Detected)\n", label, domain, ipv4, ipInfo.Org, ipInfo.City, ipInfo.Region, ipInfo.Country)
+			} else {
+				fmt.Fprintf(writer, "%-3s\t%-25s\t%-16s\t%-32s\t %s, %s, %s\n", label, domain, ipv4, ipInfo.Org, ipInfo.City, ipInfo.Region, ipInfo.Country)
 			}
 		}
 	}
@@ -178,7 +164,7 @@ func getIPInfo(ip string) (*IPInfo, error) {
 			if retryAfter != "" {
 				if seconds, err := strconv.Atoi(retryAfter); err == nil {
 					waitTime = time.Duration(seconds) * time.Second
-					fmt.Printf("Rate-limited: Retrying after %s...\n", waitTime)
+					fmt.Fprintf(os.Stderr, "Rate-limited: Retrying after %s...\n", waitTime)
 				}
 			}
 
@@ -217,14 +203,14 @@ func checkCloudFlare(ipStr string) bool {
 func loadCloudflareIPs() {
 	resp, err := http.Get(cloudflareIPv4URL)
 	if err != nil {
-		fmt.Println("Failed to download Cloudflare IPs, using static list.")
+		fmt.Fprintln(os.Stderr, "Failed to download Cloudflare IPs, using static list.")
 		return
 	}
 	defer resp.Body.Close()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		fmt.Println("Failed to read Cloudflare IPs, using static list.")
+		fmt.Fprintln(os.Stderr, "Failed to read Cloudflare IPs, using static list.")
 		return
 	}
 
@@ -236,7 +222,7 @@ func loadCloudflareIPs() {
 		}
 		_, ipnet, err := net.ParseCIDR(ipStr)
 		if err != nil {
-			fmt.Printf("Failed to parse Cloudflare IP range %s: %v\n", ipStr, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse Cloudflare IP range %s: %v\n", ipStr, err)
 			continue
 		}
 		cloudflareIPNets = append(cloudflareIPNets, ipnet)
@@ -266,7 +252,7 @@ func isValidPublicIPv4(ip net.IP) bool {
 
 // version info
 func versionFunc() {
-	fmt.Fprintln(os.Stderr, "Cyclone's IPScope v0.2.3; 2025-01-07\nhttps://github.com/cyclone-github/ipscope\n")
+	fmt.Fprint(os.Stderr, "Cyclone's IPScope v0.2.4; 2025-01-08\nhttps://github.com/cyclone-github/ipscope\n\n")
 }
 
 // cyclone
@@ -280,6 +266,7 @@ func printCyclone() {
       (____/                           
 `
 	fmt.Fprintln(os.Stderr, cyclone)
+	versionFunc()
 	time.Sleep(250 * time.Millisecond)
 }
 
@@ -289,15 +276,16 @@ func helpFunc() {
 	str := `Example Usage:
 
 ./ipscope.bin -url example.com
-./ipscope.bin -url example.com -sub subdomains.txt -dns 8.8.8.8
+./ipscope.bin -url example.com -sub subdomains.txt -dns 8.8.8.8 -json -o output.txt
 
 Supported flags:
 
--url example.com (required)
--sub subdomain.txt (optional, defaults to built-in list)
--dns 8.8.8.8 (optional, defaults to 1.1.1.1)
-
--help (usage instructions)
--version (version info)`
+-url		(url to scan)
+-sub		(defaults to built-in list)
+-dns		(defaults to 1.1.1.1)
+-json		(outputs stdout to json)
+-o		(redirects stdout to file)
+-help		(usage instructions)
+-version	(version info)`
 	fmt.Fprintln(os.Stderr, str)
-}
+}
