Merge pull request #8 from projectdiscovery/dev

Bugfix release

.github/workflows/build-test.yml

@@ -18,7 +18,7 @@ jobs:
           go-version: 1.17
 
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build
         run: go build .

.github/workflows/codeql-analysis.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/dockerhub-push.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Git Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Get Github tag
         id: meta

.github/workflows/lint-test.yml

@@ -9,10 +9,14 @@ jobs:
     name: Lint Test
     runs-on: ubuntu-latest
     steps:
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3.1.0
         with:
           version: latest
           args: --timeout 5m

.github/workflows/release-binary.yml

@@ -1,16 +1,16 @@
 name: 🎉 Release Binary
 on:
-  create:
+  push:
     tags:
-      - v*
+      - '*'
   workflow_dispatch:
 
 jobs: 
   release: 
     runs-on: ubuntu-latest
     steps: 
       - name: "Check out code"
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with: 
           fetch-depth: 0
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.17.7-alpine3.14 AS build-env
+FROM golang:1.18rc1-alpine3.14 AS build-env
 RUN go install -v github.com/projectdiscovery/uncover/cmd/uncover@latest
 
 FROM alpine:3.15.0

README.md

@@ -112,10 +112,10 @@ Required keys can be obtained by signing up on [Shodan](https://account.shodan.i
 
 ## Running Uncover
 
-**uncover** supports multiple ways to make the query including **stdin** or `q` flag, for example:-
+**uncover** supports multiple ways to make the query including **stdin** or `q` flag
 
 ```console
-echo grafana | uncover 
+echo 'ssl:"Uber Technologies, Inc."' | uncover 
                                         
   __  ______  _________ _   _____  _____
  / / / / __ \/ ___/ __ \ | / / _ \/ ___/
@@ -129,20 +129,57 @@ echo grafana | uncover
 [WRN] Developers assume no liability and are not responsible for any misuse or damage.
 [WRN] By using uncover, you also agree to the terms of the APIs used.
 
-52.18.18.74:443
-139.162.175.222:8081
-2a02:20c8:2640::2:3000
-34.90.119.170:80
-222.209.83.170:3001
-52.35.140.14:443
+107.180.12.116:993
+107.180.26.155:443
+104.244.99.31:443
+161.28.20.79:443
+104.21.8.108:443
+198.71.233.203:443
+104.17.237.13:443
+162.255.165.171:443
+12.237.119.61:443
+192.169.250.211:443
+104.16.251.50:443
+```
+
+Running **uncover**  with **file** input containing multiple search queries per line.
+
+```console
+cat dorks.txt
+
+ssl:"Uber Technologies, Inc."
+title:"Grafana"
+```
+
+```console
+uncover -q dorks.txt
+                                        
+  __  ______  _________ _   _____  _____
+ / / / / __ \/ ___/ __ \ | / / _ \/ ___/
+/ /_/ / / / / /__/ /_/ / |/ /  __/ /    
+\__,_/_/ /_/\___/\____/|___/\___/_/ v0.0.1    
+                                        
+
+    projectdiscovery.io
+
+[WRN] Use with caution. You are responsible for your actions
+[WRN] Developers assume no liability and are not responsible for any misuse or damage.
+[WRN] By using uncover, you also agree to the terms of the APIs used.
+
+107.180.12.116:993
+107.180.26.155:443
+104.244.99.31:443
+161.28.20.79:443
+104.21.8.108:443
+198.71.233.203:443
 2607:7c80:54:3::74:3001
 104.198.55.35:80
 46.101.82.244:3000
 34.147.126.112:80
 138.197.147.213:8086
 ```
 
-**uncover** supports `field` flag to print specific field in the output, currently `ip`, `port`, `host` fields are supported. for example:-
+**uncover** supports `field` flag to specify fields to return, currently `ip`, `port`, `host` are supported.
 
 ```console
 uncover -q jira -f host -silent
@@ -172,7 +209,7 @@ https://130.211.54.173:443/version
 https://54.184.250.232:443/version
 ```
 
-**uncover** supports multiple search engine, as default **shodan** is used, `engine` flag can be used to specify any available search engines. for example:-
+**uncover** supports multiple search engine, as default **shodan** is used, `engine` flag can be used to specify any available search engines.
 
 ```console
 echo jira | uncover -e shodan,censys -silent
@@ -191,27 +228,31 @@ echo jira | uncover -e shodan,censys -silent
 42.194.226.30:2626
 ```
 
-Output of **uncover** can be further piped to other projects in workflow accepting **stdin** as input, for example:-
+Output of **uncover** can be further piped to other projects in workflow accepting **stdin** as input.
 
 
-- `uncover -q http.title:"GitLab" | httpx` - Runs [httpx](https://github.com/projectdiscovery/httpx) for web server probing the found result.
-- `uncover -q example | httpx | nuclei` - Runs [httpx](https://github.com/projectdiscovery/httpx) / [nuclei](https://github.com/projectdiscovery/nuclei) for vulnerability assessment on found host.
 - `uncover -q example -f ip | naabu` - Runs [naabu](https://github.com/projectdiscovery/naabu) for port scanning on the found host.
+- `uncover -q title:GitLab | httpx` - Runs [httpx](https://github.com/projectdiscovery/httpx) for web server probing the found result.
 
 
 ```console
-uncover -q http.title:GeoWebServer -silent | httpx -silent
-
-https://108.213.48.77
-https://173.241.180.147
-https://173.239.95.16
-http://179.49.67.66
-https://109.88.84.93
-https://181.174.200.162
-https://142.179.224.207
+uncover -q http.title:GitLab -silent | httpx -silent
+
+https://15.185.150.109
+https://139.162.137.16
+https://164.68.115.243
+https://135.125.215.186
+https://163.172.59.119
+http://15.236.10.197
+https://129.206.117.248
 ```
 
-## Note
+- `uncover -q 'org:"Example  Inc."' | httpx | nuclei` - Runs [httpx](https://github.com/projectdiscovery/httpx) / [nuclei](https://github.com/projectdiscovery/nuclei) for vulnerability assessment.
+
+
+![image](https://user-images.githubusercontent.com/8293321/156753063-86ea4c5d-92ad-4c24-a7af-871c12aa278c.png)
+
+## Notes:
 
 -  **keys/ credentials** are required to configure before running or using this project.
 - `query` flag supports all the filters supported by underlying API in use.

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/projectdiscovery/fdmax v0.0.3
 	github.com/projectdiscovery/fileutil v0.0.0-20220214145203-ee3ead95c0b9
 	github.com/projectdiscovery/folderutil v0.0.0-20220212074351-38f1c1d2fdd4
-	github.com/projectdiscovery/goflags v0.0.8-0.20220212074117-40bdfaad6b7c
+	github.com/projectdiscovery/goflags v0.0.8-0.20220304165250-2530b305a4a9
 	github.com/projectdiscovery/gologger v1.1.4
 	github.com/projectdiscovery/sliceutil v0.0.0-20210804143453-61f3e7fd43ea
 	github.com/projectdiscovery/stringsutil v0.0.0-20210804142656-fd3c28dbaafe

go.sum

@@ -36,8 +36,8 @@ github.com/projectdiscovery/fileutil v0.0.0-20220214145203-ee3ead95c0b9 h1:jcRFb
 github.com/projectdiscovery/fileutil v0.0.0-20220214145203-ee3ead95c0b9/go.mod h1:Pm0f+MWgDFMSSI9NBedNh48LyYPs8gD3Jd8DXGmp4aQ=
 github.com/projectdiscovery/folderutil v0.0.0-20220212074351-38f1c1d2fdd4 h1:rPA+enZtrHCBO0XVGsvoGzBKv9TlqZyqZguh1AOT+gs=
 github.com/projectdiscovery/folderutil v0.0.0-20220212074351-38f1c1d2fdd4/go.mod h1:BMqXH4jNGByVdE2iLtKvc/6XStaiZRuCIaKv1vw9PnI=
-github.com/projectdiscovery/goflags v0.0.8-0.20220212074117-40bdfaad6b7c h1:OSDlo/Bz/dE29qnOtaosmk/SYWcQwEEklun5OU5Atcg=
-github.com/projectdiscovery/goflags v0.0.8-0.20220212074117-40bdfaad6b7c/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY=
+github.com/projectdiscovery/goflags v0.0.8-0.20220304165250-2530b305a4a9 h1:J05G/rKDM/MSWI3FrXbnCFM7PtZeV+gRic6wzS8eLqI=
+github.com/projectdiscovery/goflags v0.0.8-0.20220304165250-2530b305a4a9/go.mod h1:37KhVbVLllyuIAgpXGqcvE/hsFEwJ+ctEUSHawjhsBY=
 github.com/projectdiscovery/gologger v1.1.4 h1:qWxGUq7ukHWT849uGPkagPKF3yBPYAsTtMKunQ8O2VI=
 github.com/projectdiscovery/gologger v1.1.4/go.mod h1:Bhb6Bdx2PV1nMaFLoXNBmHIU85iROS9y1tBuv7T5pMY=
 github.com/projectdiscovery/sliceutil v0.0.0-20210804143453-61f3e7fd43ea h1:S+DC2tmKG93Om42cnTqrBfIv699pwSIhafqZvip+RIA=

runner/banners.go

@@ -8,11 +8,11 @@ const banner = `
   __  ______  _________ _   _____  _____
  / / / / __ \/ ___/ __ \ | / / _ \/ ___/
 / /_/ / / / / /__/ /_/ / |/ /  __/ /    
-\__,_/_/ /_/\___/\____/|___/\___/_/ v0.0.1   
+\__,_/_/ /_/\___/\____/|___/\___/_/ v0.0.2  
 `
 
 // Version is the current version of uncover
-const Version = `v0.0.1`
+const Version = `v0.0.2`
 
 // showBanner is used to show the banner to the user
 func showBanner() {

runner/options.go

@@ -22,7 +22,7 @@ var (
 
 // Options contains the configuration options for tuning the enumeration process.
 type Options struct {
-	Query        goflags.FileNormalizedStringSlice
+	Query        goflags.FileCommaSeparatedStringSlice
 	Engine       goflags.FileNormalizedStringSlice
 	ConfigFile   string
 	ProviderFile string
@@ -46,7 +46,7 @@ func ParseOptions() *Options {
 	flagSet.SetDescription(`quickly discover exposed assets on the internet using multiple search engines.`)
 
 	flagSet.CreateGroup("input", "Input",
-		flagSet.FileNormalizedStringSliceVarP(&options.Query, "query", "q", []string{}, "search query or list (file or comma separated or stdin)"),
+		flagSet.FileCommaSeparatedStringSliceVarP(&options.Query, "query", "q", []string{}, "search query or list (file or comma separated or stdin)"),
 		flagSet.FileNormalizedStringSliceVarP(&options.Engine, "engine", "e", []string{}, "search engine to query (shodan,fofa,censys) (default shodan)"),
 	)
 
@@ -74,7 +74,7 @@ func ParseOptions() *Options {
 		fmt.Println(err.Error())
 		os.Exit(1)
 	}
-
+	
 	options.configureOutput()
 
 	showBanner()

uncover/agent/shodan/shodan.go

@@ -95,11 +95,13 @@ func (agent *Agent) query(URL string, session *uncover.Session, shodanRequest *S
 		}
 		// has hostnames?
 		if hostnames, ok := shodanResult["hostnames"]; ok {
-			for _, hostname := range hostnames.([]interface{}) {
-				result.Host = fmt.Sprint(hostname)
-				raw, _ := json.Marshal(shodanResult)
-				result.Raw = raw
+			if _, ok := hostnames.([]interface{}); ok {
+				for _, hostname := range hostnames.([]interface{}) {
+					result.Host = fmt.Sprint(hostname)
+				}
 			}
+			raw, _ := json.Marshal(shodanResult)
+			result.Raw = raw
 			results <- result
 		} else {
 			raw, _ := json.Marshal(shodanResult)