🏗️ move checks under root command

README.md

@@ -66,31 +66,37 @@ behavior, please refer to the other arguments as described below.
 Help:
 
 ```
-❯ dnscheck check -h
-Search for possible subdomain takeovers
+❯ ./dnscheck -h
+Subdomain takeover assessment tool
 
 Usage:
-  dnscheck check [flags]
+  dnscheck [flags]
+  dnscheck [command]
+
+Available Commands:
+  completion  Generate the autocompletion script for the specified shell
+  help        Help about any command
+  version     Show program version
 
 Flags:
   -d, --domain string         single domain to check
   -D, --domains-file string   file containing domains to check (default "domains.txt")
   -e, --edge-cases            include edge-case fingerprints (might cause false positives)
   -f, --fingerprints string   custom service fingerprints file
-  -h, --help                  help for check
+  -h, --help                  help for dnscheck
   -n, --nameserver string     server and port to use for name resolution (default "8.8.8.8:53")
   -o, --output string         file to write findings to
   -t, --timeout uint          timeout for HTTP requests (default 10)
+  -v, --verbose               increase application verbosity
   -w, --workers int           amount of concurrent workers (default 10)
 
-Global Flags:
-  -v, --verbose   increase application verbosity
+Use "dnscheck [command] --help" for more information about a command.
 ```
 
 Example output:
 
 ```
-❯ ./dnscheck check -D target_domains.txt
+❯ ./dnscheck -D target_domains.txt
 2023/05/13 16:57:45 - INFO - Multi domains mode (domains.txt)
 2023/05/13 16:57:45 - INFO - Checking vuln-createsend.something.io
 2023/05/13 16:57:45 - INFO - Checking vuln-s3.something.io
@@ -104,10 +110,6 @@ Example output:
 2023/05/13 16:57:46 - VULNERABLE DOMAIN - [service: Campaign Monitor] vuln-createsend.something.io -> 13.52.43.40,54.183.0.47 [type=dangling_cname_record method=body_pattern]
 ```
 
-### Monitoring domains
-
-TODO  (not implemented yet)
-
 ## Alternatives
 
 - [can-i-takeover-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)

cmd/root.go

@@ -1,13 +1,107 @@
 package cmd
 
 import (
+	"github.com/mdeous/dnscheck/checker"
+	"github.com/mdeous/dnscheck/internal/log"
+	"github.com/mdeous/dnscheck/internal/utils"
 	"github.com/spf13/cobra"
 )
 
 // rootCmd represents the base command when called without any subcommands
 var rootCmd = &cobra.Command{
 	Use:   "dnscheck",
 	Short: "Subdomain takeover assessment tool",
+	Run: func(cmd *cobra.Command, args []string) {
+		// get command-line arguments
+		verbose, err := cmd.Flags().GetBool("verbose")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		fpFile, err := cmd.Flags().GetString("fingerprints")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		singleDomain, err := cmd.Flags().GetString("domain")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		domainFile, err := cmd.Flags().GetString("domains-file")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		nameserver, err := cmd.Flags().GetString("nameserver")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		workers, err := cmd.Flags().GetInt("workers")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		output, err := cmd.Flags().GetString("output")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		timeout, err := cmd.Flags().GetUint("timeout")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		edgeCases, err := cmd.Flags().GetBool("edge-cases")
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+
+		// instanciate domain checker
+		chk := checker.NewChecker(&checker.Config{
+			Nameserver:     nameserver,
+			Verbose:        verbose,
+			Workers:        workers,
+			CustomFpFile:   fpFile,
+			HttpTimeout:    timeout,
+			CheckEdgeCases: edgeCases,
+		})
+
+		// load target domain(s)
+		if singleDomain != "" {
+			log.Info("Single domain mode (%s)", singleDomain)
+			go func() {
+				chk.Domains <- singleDomain
+				close(chk.Domains)
+			}()
+		} else {
+			log.Info("Multi domains mode (%s)", domainFile)
+			go utils.ReadLines(domainFile, chk.Domains)
+		}
+
+		// display status for edge-case rules
+		if edgeCases {
+			log.Info("Edge-case rules enabled")
+		}
+
+		// scan domains and read results
+		var findings []*checker.DomainFinding
+		chk.Scan()
+		for f := range chk.Findings() {
+			for _, match := range f.Matches {
+				fpName := "n/a"
+				if match.Fingerprint != nil {
+					fpName = match.Fingerprint.Name
+				}
+				log.Finding("[service: %s] %s -> %s [type=%s method=%s]", fpName, f.Domain, match.Target, match.Type, match.Method)
+			}
+			if len(f.Matches) > 0 && output != "" {
+				findings = append(findings, f)
+			}
+		}
+
+		// write results to file
+		if output != "" {
+			data := &checker.Findings{Data: findings}
+			err := data.Write(output)
+			if err != nil {
+				log.Fatal("Unable to write results: %v", err)
+			}
+		}
+	},
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -17,5 +111,13 @@ func Execute() {
 }
 
 func init() {
-	rootCmd.PersistentFlags().BoolP("verbose", "v", false, "increase application verbosity")
+	rootCmd.Flags().StringP("domain", "d", "", "single domain to check")
+	rootCmd.Flags().StringP("domains-file", "D", "domains.txt", "file containing domains to check")
+	rootCmd.Flags().StringP("nameserver", "n", "8.8.8.8:53", "server and port to use for name resolution")
+	rootCmd.Flags().IntP("workers", "w", 10, "amount of concurrent workers")
+	rootCmd.Flags().StringP("output", "o", "", "file to write findings to")
+	rootCmd.Flags().UintP("timeout", "t", 10, "timeout for HTTP requests")
+	rootCmd.Flags().BoolP("edge-cases", "e", false, "include edge-case fingerprints (might cause false positives)")
+	rootCmd.Flags().StringP("fingerprints", "f", "", "custom service fingerprints file")
+	rootCmd.Flags().BoolP("verbose", "v", false, "increase application verbosity")
 }