TEGAR-SRC/oxrecon

GitHub: TEGAR-SRC/oxrecon

一款集成了 DNS、端口扫描、子域名枚举、BGP/RPKI 分析及 OSINT 等 60 多项功能的综合型命令行侦察工具。

Stars: 0 | Forks: 0

# oxrecon [![Go](https://img.shields.io/badge/Go-1.23+-00ADD8?style=flat&logo=go)](https://go.dev) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE) [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)]() [![Docker](https://img.shields.io/badge/Docker-ghcr.io-blue?logo=docker)](https://github.com/TEGAR-SRC/oxrecon/pkgs/container/oxrecon) [![Go Module](https://img.shields.io/badge/Go-module-00ADD8?logo=go)](https://github.com/TEGAR-SRC/oxrecon) **oxrecon** 将 60 多个侦察工具统一到了一个 CLI 中:DNS、WHOIS、HTTP、SSL/TLS、端口扫描、子域名枚举、**BGP/RPKI 分析**、技术检测以及 OSINT。 基于 **Clean Architecture**、**goroutine worker pool** 和 **context-aware** 操作构建 — 灵感来源于 Nmap、HTTPX、Subfinder、Naabu 和 Amass。 ## 📋 菜单 - [为什么选择 oxrecon?](#why-oxrecon) - [安装](#installation) - [Go Install (源码)](#go-install) - [GitHub Releases](#github-releases) - [GitHub Container Registry (Docker)](#github-container-registry) - [GitHub Packages (Go Module)](#github-packages) - [从源码构建](#build-from-source) - [命令](#commands) - [DNS](#dns-10) - [Domain](#domain-3) - [Network](#network-6) - [HTTP](#http-12) - [SSL/TLS](#ssltls-5-) - [端口详情](#port-detail-3) - [Discovery](#discovery-7) - [子域名](#subdomain-5) - [BGP / RPKI / IP Block](#bgp--rpki--ip-block-22-) - [OSINT](#osint-7) - [全面扫描](#full-scan) - [实用工具](#utilities) - [使用示例](#usage-examples) - [基础侦察](#basic-recon) - [BGP & RPKI](#bgp--rpki) - [端口扫描](#port-scanning) - [全面扫描](#full-scan-1) - [输出格式](#output-formats) - [电子邮件安全](#email-security-spfdmarcdkim) - [HTTP 安全](#http-security-cspcookiefavicon) - [SSL 证书链](#ssl-certificate-chain) - [Banner 抓取](#banner-grabbing) - [Discovery 提供商](#discovery-providers) - [全局标志](#global-flags) - [GitHub Packages](#github-packages-1) - [Docker 镜像](#docker-images-ghcr) - [Go Module Proxy](#go-module-proxy) - [自动化发布](#automated-releases) - [架构](#architecture) - [项目结构](#project-structure) - [设计原则](#design-principles) - [构建与开发](#build--development) - [Makefile](#makefile) - [Docker](#docker) - [Docker Compose](#docker-compose) - [依赖项](#dependencies) - [测试](#testing) - [CI/CD](#cicd) - [贡献](#contributing) - [许可证](#license) ## 为什么选择 oxrecon? 侦察通常需要 10 多个独立的工具: - **nmap** → 端口扫描 - **httpx** → HTTP 探测 - **subfinder** → 子域名 - **dig** → DNS 查询 - **whois** → 域名信息 - **naabu** → 端口扫描 - **amass** → 子域名枚举 - **wappalyzer** → 技术检测 - **shodan** → OSINT - **bgptools** → ASN 信息 - **routinator** → RPKI **oxrecon** 将所有这些功能集成在一个二进制文件中完成,提供统一的 JSON/YAML/CSV 输出、并行执行,并且告别繁琐的配置噩梦。 ## 安装 ### Go 安装 ``` go install github.com/TEGAR-SRC/oxrecon@latest # 验证 oxrecon version ``` ### GitHub Releases 下载适用于 Linux、macOS、Windows 的预编译二进制文件: ``` # Linux amd64 curl -L https://github.com/TEGAR-SRC/oxrecon/releases/latest/download/oxrecon-linux-amd64.zip -o oxrecon.zip unzip oxrecon.zip && chmod +x oxrecon-linux-amd64 && sudo mv oxrecon-linux-amd64 /usr/local/bin/oxrecon # macOS curl -L https://github.com/TEGAR-SRC/oxrecon/releases/latest/download/oxrecon-darwin-amd64.zip -o oxrecon.zip ``` ### GitHub Container Registry ``` # 从 GitHub Packages 拉取 Docker image docker pull ghcr.io/tegar-src/oxrecon:latest # 运行 docker run --rm ghcr.io/tegar-src/oxrecon:latest bgp ip 8.8.8.8 docker run --rm ghcr.io/tegar-src/oxrecon:latest scan example.com # 交互式 shell docker run -it --rm ghcr.io/tegar-src/oxrecon:latest /bin/sh ``` ### GitHub Packages ``` # 通过 GitHub Packages 的 Docker image docker pull ghcr.io/tegar-src/oxrecon:latest docker tag ghcr.io/tegar-src/oxrecon:latest oxrecon:latest # Go module proxy (GitHub Packages) GOPROXY=https://proxy.golang.org,direct GOFLAGS=-mod=mod go install github.com/TEGAR-SRC/oxrecon@latest ``` ### 从源码构建 ``` git clone https://github.com/TEGAR-SRC/oxrecon.git cd oxrecon go build -o oxrecon main.go ./oxrecon version ``` ## 命令 ### DNS (15 ⭐) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `dns lookup` | A/AAAA 记录 | `oxrecon dns lookup example.com` | | `dns reverse` | 反向 DNS (PTR) | `oxrecon dns reverse 8.8.8.8` | | `dns mx` | MX 记录 | `oxrecon dns mx example.com` | | `dns ns` | NS 记录 | `oxrecon dns ns example.com` | | `dns txt` | TXT 记录 | `oxrecon dns txt example.com` | | `dns soa` | SOA 记录 | `oxrecon dns soa example.com` | | `dns caa` | CAA 记录 | `oxrecon dns caa example.com` | | `dns cname` | CNAME 记录 | `oxrecon dns cname example.com` | | `dns dnssec` | DNSSEC 检查 | `oxrecon dns dnssec example.com` | | `dns zone` | 区域传送 | `oxrecon dns zone example.com` | | `dns resolver` | 解析器基准测试 | `oxrecon dns resolver example.com` | | **`dns security spf`** | **SPF 记录解析器** | **`oxrecon dns security spf example.com`** | | **`dns security dmarc`** | **DMARC 策略解析器** | **`oxrecon dns security dmarc example.com`** | | **`dns security dkim`** | **DKIM 选择器扫描** | **`oxrecon dns security dkim example.com`** | | `dns a` | DNS A 记录 | `oxrecon dns a example.com` | | `dns aaaa` | DNS AAAA (IPv6) | `oxrecon dns aaaa example.com` | ### Domain (3) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `domain whois` | WHOIS 查询 | `oxrecon domain whois example.com` | | `domain info` | 注册商 + 到期时间 | `oxrecon domain info example.com` | | `domain expire` | 距到期天数 | `oxrecon domain expire example.com` | ### Network (6) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `network scan` | TCP 端口扫描 | `oxrecon network scan example.com -t 50` | | `network tcp` | TCP 扫描 (别名) | `oxrecon network tcp 10.0.0.1` | | `network udp` | UDP 探测 | `oxrecon network udp example.com` | | `network ping` | Ping (TCP 回退) | `oxrecon network ping 8.8.8.8` | | `network traceroute` | TCP 路由追踪 | `oxrecon network traceroute example.com` | | `network cidr` | CIDR 分析 | `oxrecon network cidr 10.0.0.0/8` | | `network reverse-ip` | 反向 IP | `oxrecon network reverse-ip 8.8.8.8` | ### HTTP (16 ⭐) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `http probe` | HTTP endpoint 检查 | `oxrecon http probe example.com` | | `http headers` | 响应 + 安全标头 | `oxrecon http headers example.com` | | `http methods` | 允许的 HTTP 方法 | `oxrecon http methods example.com` | | `http redirect` | 重定向链 | `oxrecon http redirect example.com` | | `http robots` | Robots.txt | `oxrecon http robots example.com` | | `http sitemap` | Sitemap.xml | `oxrecon http sitemap example.com` | | `http waf` | WAF 检测 | `oxrecon http waf example.com` | | `http tech` | 技术检测 | `oxrecon http tech example.com` | | `http cdn` | CDN 检测 | `oxrecon http cdn example.com` | | **`http screenshot`** | **通过 chromedp 截取真实截图 + 文本回退** | **`oxrecon http screenshot example.com`** | | `http dir` | 目录爆破 | `oxrecon http dir example.com` | | `http crawl` | 链接提取 | `oxrecon http crawl example.com` | | **`http security csp`** | **CSP 分析器** | **`oxrecon http security csp example.com`** | | **`http security cookie`** | **Cookie 标志分析器** | **`oxrecon http security cookie example.com`** | | **`http security favicon`** | **Favicon 哈希** | **`oxrecon http security favicon example.com`** | | **`http security ws`** | **WebSocket 检测** | **`oxrecon http security ws example.com`** | | **`http security http2`** | **HTTP/2 + HTTP/3 检查** | **`oxrecon http security http2 example.com`** | ### SSL/TLS (5 ⭐) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `ssl cert` | 证书详情 | `oxrecon ssl cert example.com` | | `ssl cipher` | 加密套件 | `oxrecon ssl cipher example.com` | | `ssl tls` | TLS 版本支持 | `oxrecon ssl tls example.com` | | `ssl expire` | 证书到期时间 | `oxrecon ssl expire example.com` | | **`ssl chain`** | **完整证书链 + OCSP** | **`oxrecon ssl chain example.com`** | ### 端口详情 (3) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `detail banner ` | 单端口 Banner 抓取 | `oxrecon detail banner 8.8.8.8:80` | | `detail version ` | 多端口服务版本 | `oxrecon detail version 10.0.0.1` | | `detail multi [ports]` | 自定义端口 + Banner | `oxrecon detail multi 10.0.0.1 80 443 22` | ### Discovery (7) | 命令 | 描述 | API Key | |---------|-------------|---------| | `discovery certspotter` | CertSpotter 子域名 | 公共 API | | `discovery rapiddns` | RapidDNS 子域名 | 公共 API | | `discovery hackertarget` | HackerTarget 子域名 | 公共 API | | `discovery bufferover` | BufferOver 子域名 | 公共 API | | `discovery anubis` | Anubis 子域名 | 公共 API | | `discovery all ` | **所有提供商合并** | 公共 API | ### 子域名 (5) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `subdomain enum` | 被动 + DNS 枚举 | `oxrecon subdomain enum example.com` | | `subdomain brute` | DNS 暴力破解 | `oxrecon subdomain brute example.com` | | `subdomain crtsh` | 证书透明度 | `oxrecon subdomain crtsh example.com` | | `subdomain recursive` | 3 级递归 | `oxrecon subdomain recursive example.com` | | `subdomain wildcard` | 泛解析检测 | `oxrecon subdomain wildcard example.com` | ### BGP / RPKI / IP Block (22 ⭐) | 命令 | 描述 | 示例 | |---------|-------------|---------| | `bgp ip` | IP → ASN + 前缀 + 国家 | `oxrecon bgp ip 8.8.8.8` | | `bgp asn` | ASN → 名称 + 前缀 | `oxrecon bgp asn 15169` | | **`bgp show`** | **所有前缀 + RPKI 状态** | **`oxrecon bgp show 13335`** | |`bgp rpki`** | **RPKI/ROA 验证** | **`oxrecon bgp rpki 8.8.8.0/24`** | | **`bgp routinator`** | **查询 Routinator** | **`oxrecon bgp routinator 1.1.1.0/24`** | | **`bgp coverage`** | **RPKI 覆盖率 %** | **`oxrecon bgp coverage 15169`** | | `bgp v6` | 仅 IPv6 前缀 | `oxrecon bgp v6 13335` | | `bgp map` | Mermaid + ASCII 地图 | `oxrecon bgp map 15169` | | `bgp path` | BGP AS 路径 | `oxrecon bgp path 8.8.8.8` | | `bgp topology` | ASCII 图表 | `oxrecon bgp topology 15169` | | `bgp visualize` | 自动检测 → 完整可视化 | `oxrecon bgp visualize 8.8.8.8` | | `bgp prefix` | 前缀 → 源 ASN | `oxrecon bgp prefix 8.8.8.0/24` | | `bgp prefix-list` | ASN → 所有前缀 | `oxrecon bgp prefix-list 15169` | | `bgp networks` | 网络统计 | `oxrecon bgp networks 13335` | | `bgp peers` | 上游/对等点 | `oxrecon bgp peers 15169` | | `bgp route` | IP → 覆盖前缀 | `oxrecon bgp route 8.8.8.8` | | `bgp origin` | IP → 源 AS (DNS) | `oxrecon bgp origin 1.1.1.1` | | `bgp name` | ASN → 名称 | `oxrecon bgp name 15169` | | `bgp bulk` | 从文件批量导入 IP → ASN | `oxrecon bgp bulk ips.txt` | | `bgp whois` | 原始 whois | `oxrecon bgp whois AS15169` | | `bgp export` | 路由器 prefix-list 配置 | `oxrecon bgp export 15169` | | `bgp full` | 自动检测 → 完整侦察 | `oxrecon bgp full 8.8.8.8` | ### OSINT (7) | 命令 | 描述 | 需要 API Key | |---------|-------------|-----------------| | `osint shodan` | Shodan API 查询 | `SHODAN_API_KEY` | | `osint censys` | Censys API 查询 | `CENSYS_API_ID` + `CENSYS_API_SECRET` | | `osint crtsh` | 证书透明度 | 公共 API | | `osint wayback` | Wayback Machine | 公共 API | | `osint securitytrails` | SecurityTrails API | `SECURITYTRAILS_API_KEY` | | `osint virustotal` | VirusTotal API | `VIRUSTOTAL_API_KEY` | | `osint alienvault` | AlienVault OTX | 公共 API | ### 全面扫描 ``` oxrecon scan example.com --full --threads 50 --timeout 60s # → DNS + WHOIS + port scan + HTTP + SSL + Tech + Subdomain + OSINT ``` ### 实用工具 ``` oxrecon tui # Terminal UI oxrecon api # REST API server (:8080) oxrecon config # Show config oxrecon plugin list # Plugin manager oxrecon update # Check updates oxrecon version # Version info ``` ## 使用示例 ### 基础侦察 ``` # DNS oxrecon dns lookup example.com oxrecon dns mx example.com # WHOIS oxrecon domain whois example.com # Port Scan oxrecon network scan 10.0.0.1 -t 50 # HTTP Headers oxrecon http headers example.com # SSL oxrecon ssl cert example.com oxrecon ssl expire example.com ``` ### BGP & RPKI ``` # IP → ASN oxrecon bgp ip 8.8.8.8 # 输出: # IP: 8.8.8.8 # ASN: AS15169 # Name: GOOGLE - Google LLC # Prefix: 8.8.8.0/24 # Country: US # ASN 详情(所有 prefixes) oxrecon bgp show 13335 # → 显示 IPv4: X prefixes, IPv6: Y prefixes, RPKI 状态 # RPKI 验证 oxrecon bgp rpki 8.8.8.0/24 # → ✅ VALID / ❌ INVALID / ❓ NOT FOUND # RPKI 覆盖率 oxrecon bgp coverage 15169 # → 覆盖率: ████████░░ 80.0% # BGP 拓扑图 oxrecon bgp map 15169 # → ASCII art + Mermaid diagram(粘贴到 mermaid.live) # AS Path oxrecon bgp path 8.8.8.8 # 全自动检测 oxrecon bgp visualize 15169 oxrecon bgp visualize 1.1.1.0/24 ``` ### 端口扫描 ``` # 默认(60 个常用端口) oxrecon network scan example.com # 自定义线程 oxrecon network scan example.com --threads 100 # 超时 oxrecon network scan 10.0.0.1 --timeout 30s ``` ### 全面扫描 ``` oxrecon scan example.com # → 组合:DNS + WHOIS + Port Scan + HTTP + SSL + Tech + Subdomain # → 带有风险评分和建议的统一报告 oxrecon scan example.com --full -t 50 -o report.txt ``` ### 输出格式 ``` oxrecon dns lookup example.com --format json oxrecon dns lookup example.com --format yaml oxrecon dns lookup example.com --format csv oxrecon scan example.com --format json --output scan.json ``` ### 电子邮件安全 (SPF/DMARC/DKIM) ``` oxrecon dns security spf example.com # → SPF 分析(包含 includes, ip4/ip6, mechanisms) oxrecon dns security dmarc example.com # → DMARC 策略:reject/quarantine/none, pct, rua/ruf oxrecon dns security dkim example.com # → 扫描常见的 DKIM selectors(google, selector1, mandrill 等) ``` ### HTTP 安全 (CSP/Cookie/Favicon) ``` oxrecon http security csp example.com # → Content-Security-Policy 分析(unsafe-inline, unsafe-eval) oxrecon http security cookie example.com # → Cookie flags:Secure, HttpOnly, SameSite oxrecon http security favicon example.com # → MD5/SHA256/Base64 hash → 用于 Shodan/ZoomEye 搜索 oxrecon http security http2 example.com # → HTTP/2 + HTTP/3 (Alt-Svc) 支持检查 ``` ### SSL 证书链 ``` oxrecon ssl chain example.com # → 完整证书链:Leaf → Intermediate → Root CA + OCSP ``` ### Banner 抓取 ``` oxrecon detail banner 8.8.8.0:80 # → HTTP banner oxrecon detail banner 10.0.0.1:22 # → SSH 版本/banner oxrecon detail version 10.0.0.1 # → 多端口服务版本检测 ``` ### Discovery 提供商 ``` oxrecon discovery all example.com # → CertSpotter + RapidDNS + HackerTarget + BufferOver + Anubis + AlienVault oxrecon discovery certspotter example.com # → 仅 CertSpotter 结果 ``` ### 全局标志 ``` --threads, -t Worker threads (default: 10) --timeout, -o Request timeout (default: 30s) --rate, -r Rate limit per second (0 = unlimited) --dns DNS server to use --proxy, -p HTTP/SOCKS5 proxy --format, -f Output format: json|yaml|xml|csv|html (default: json) --output, -O Output file --silent Errors only --verbose, -v Verbose --debug Debug --insecure Skip TLS verification --random-agent Random User-Agent --follow-redirect Follow HTTP redirects --ipv4 IPv4 only --ipv6 IPv6 only --cache Enable cache (default: true) --cache-ttl Cache TTL (default: 1h) ``` ## GitHub Packages ### Docker 镜像 每次发布都会自动发布到 GitHub Container Registry: ``` # 最新版 docker pull ghcr.io/tegar-src/oxrecon:latest # 特定版本 docker pull ghcr.io/tegar-src/oxrecon:v1.0.0 docker pull ghcr.io/tegar-src/oxrecon:v1.0 # 运行 docker run --rm ghcr.io/tegar-src/oxrecon:latest bgp ip 8.8.8.8 docker run --rm ghcr.io/tegar-src/oxrecon:latest scan example.com # 带有本地输出 docker run --rm -v $PWD:/data ghcr.io/tegar-src/oxrecon:latest scan example.com -o /data/report.json ``` ### Go Module Proxy ``` # 直接从 GitHub 安装 go install github.com/TEGAR-SRC/oxrecon@latest # 或特定版本 go install github.com/TEGAR-SRC/oxrecon@v1.0.0 # 作为库使用 import "github.com/TEGAR-SRC/oxrecon/pkg/utils" ``` ### 自动化发布 Tag → Release → Docker 镜像 → 二进制文件 → GitHub Packages ``` git tag v1.0.0 git push origin v1.0.0 # GitHub Actions 将会: # 1. 运行测试 # 2. 构建 binaries(linux/darwin/windows × amd64/arm64) # 3. 构建并推送 Docker image 到 ghcr.io # 4. 创建包含 .zip artifacts 的 GitHub Release # 5. 发布 Go module ``` ## 架构 ### 项目结构 ``` oxrecon/ ├── cmd/ │ ├── cli/ # 14 command files (Cobra) │ │ ├── main.go # Root command + flags │ │ ├── dns.go # DNS commands (10) │ │ ├── bgp.go # BGP + RPKI commands (22) │ │ ├── http.go # HTTP commands (12) │ │ ├── ssl.go # SSL/TLS commands (4) │ │ ├── network.go # Network commands (6) │ │ ├── subdomain.go # Subdomain commands (5) │ │ ├── osint.go # OSINT commands (7) │ │ ├── scan.go # Full scan orchestrator │ │ └── tui.go # TUI, API, config, plugins │ └── server/ # REST API server ├── internal/ │ └── domain/ │ └── entity/ # Core entities (7 files) ├── pkg/ │ ├── utils/ # Worker pool, rate, cache, retry │ ├── network/ # ASN, BGP map, RPKI (3 files) │ ├── output/ # JSON, YAML, XML, CSV formatters │ ├── tui/ # Dashboard, progress, table UI │ └── plugin/ # Plugin registry system ├── configs/ # default.yaml ├── docs/ # PRD.md ├── progress/ # Session tracking ├── .github/workflows/ # CI + Release ├── Dockerfile, Makefile, docker-compose.yml └── main.go, go.mod ``` ### 设计原则 - **Clean Architecture** — 零外部依赖的领域实体 - **Worker Pool** — 基于 goroutine 的并行执行 - **Rate Limiting** — 令牌桶 + 滑动窗口 - **Context-aware** — 所有操作均遵循 `context.Context` - **Graceful Shutdown** — SIGINT/SIGTERM → 取消 context - **Failsafe** — 带有指数退避的重试 - **无臃肿** — 优先使用标准库,尽量减少依赖 ``` ┌─────────────────────────────────────────────────────┐ │ cmd/cli/ → Cobra commands │ │ cmd/server/ → REST API (net/http) │ ├─────────────────────────────────────────────────────┤ │ internal/domain/entity/ → Core types │ │ internal/repository/ → Interfaces │ │ internal/usecase/ → Business logic │ │ internal/middleware/ → Logging, rate, metrics │ ├─────────────────────────────────────────────────────┤ │ pkg/utils/ → Worker pool, cache, retry, rate │ │ pkg/network/ → ASN lookup, BGP maps, RPKI │ │ pkg/output/ → Formatters (JSON, YAML, CSV, XML) │ │ pkg/tui/ → BubbleTea-ready components │ │ pkg/plugin/ → Plugin interface + registry │ └─────────────────────────────────────────────────────┘ ``` ### 数据流 ``` User Input → Cobra CLI → Command Handler → Worker Pool (goroutines) → DNS Lookup (miekg/dns) → WHOIS Query (TCP port 43) → HTTP Probe (net/http + goquery) → SSL Handshake (crypto/tls) → Port Scan (net.Dial) → ASN Lookup (Team Cymru DNS) → BGP RADB (whois.radb.net) → RPKI Routinator (RIPE API) → OSINT APIs (Shodan, Censys, crt.sh) → Result Aggregation → Output Formatter (JSON/YAML/CSV) → stdout / File ``` ## 构建与开发 ### Makefile ``` make build # Build binary → ./build/oxrecon make run # Build + run make test # All tests with race detection make test-short # Quick tests make bench # Benchmark tests make lint # golangci-lint + go vet make build-all # Multi-platform: linux/darwin/windows make release # lint + test + build-all make clean # Remove artifacts make docker # Docker image make cover # Coverage report → coverage.html make profile # CPU + memory profiling ``` ### Docker ``` # 构建 docker build -t oxrecon:latest . # 运行命令 docker run --rm oxrecon:latest bgp ip 8.8.8.8 docker run --rm oxrecon:latest http headers example.com # 交互式 docker run -it --rm oxrecon:latest # 带有用于 OSINT APIs 的环境变量 docker run --rm \ -e SHODAN_API_KEY=xxx \ -e VIRUSTOTAL_API_KEY=xxx \ oxrecon:latest osint shodan 1.1.1.1 ``` ### Docker Compose ``` docker-compose up --build # Full stack docker-compose run --rm webtool scan example.com ``` ## 依赖项 | 库 | 用途 | |---------|---------| | `spf13/cobra` | CLI 框架 + 自动补全 | | `spf13/viper` | 配置管理 (YAML/JSON/ENV) | | `go.uber.org/zap` | 结构化日志 | | `miekg/dns` | 完整的 DNS 协议库 | | `PuerkitoBio/goquery` | HTML 解析 (类 jQuery) | | `google/uuid` | UUID 生成 | | `gopkg.in/yaml.v3` | YAML 编码/解码 | **零外部网络依赖** — 所有 BGP/ASN 查询均使用内置的 DNS 和 TCP whois。 ## 测试 ``` # 所有测试 go test -v -race ./... # 带有覆盖率 go test -v -cover ./pkg/utils/... # 覆盖率报告 go test -v -coverprofile=coverage.out ./... go tool cover -html=coverage.out -o coverage.html # 基准测试 go test -bench=. -benchmem ./pkg/utils/... # 单个测试 go test -v -run TestWorkerPool ``` ### 测试覆盖率 | 包 | 覆盖率 | |---------|----------| | `pkg/utils/cache.go` | ✅ 100% | | `pkg/utils/rate.go` | ✅ 85% | | `pkg/utils/retry.go` | ✅ 90% | | `pkg/utils/worker.go` | ✅ 87% | | **总体** | **85%+** | ## CI/CD ### 工作流 | 工作流 | 触发条件 | 任务 | |----------|---------|------| | `ci.yml` | 推送/提交 PR 至 dev 分支 | Lint → 测试 → 构建 → 安全检查 | | `release.yml` | 标记 v* | 测试 → 二进制文件 → Docker → 发布 → Go Module | ### GitHub Actions 特性 - **并行构建**: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64 - **Docker 多架构**: 带有缓存的 Buildx - **GitHub Container Registry**: 推送至 ghcr.io - **Go 模块发布**: 兼容 `go install` - **安全扫描**: gosec ## 贡献 1. Fork 本仓库 2. 创建功能分支: git checkout -b feat/fitur-baru 3. 使用印尼语提交: git commit -m 'feat: tambah fitur BGP map interaktif' 4. 推送: git push origin feat/fitur-baru 5. 向 `dev` 分支提交 PR ### 分支流程 ``` dev → stg → main ↓ ↓ staging production ``` ## 许可证 MIT 许可证 — 详情请参阅 [LICENSE](LICENSE)。

oxrecon — Web、网络、DNS、BGP、RPKI 和 OSINT 侦察
怀揣 ❤️ 为安全研究社区打造

标签:ESC4, EVTX分析, GitHub, Go语言, OSINT, UDP扫描, 云存储安全, 安全侦察, 实时处理, 密码管理, 日志审计, 程序破解, 网络扫描, 请求拦截, 资产测绘