feat: Sentinel v2.0 - Major security scanner upgrade

.github/workflows/ci.yml

@@ -0,0 +1,90 @@
+name: Sentinel CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ['1.21', '1.22', '1.23']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Run tests
+        run: go test -v -race -coverprofile=coverage.out ./...
+
+      - name: Coverage report
+        run: go tool cover -func=coverage.out
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: test
+
+    strategy:
+      matrix:
+        goos: [linux, darwin, windows]
+        goarch: [amd64, arm64]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23'
+
+      - name: Build
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          BINARY_NAME="sentinel"
+          if [ "${{ matrix.goos }}" = "windows" ]; then
+            BINARY_NAME="sentinel.exe"
+          fi
+          go build -ldflags="-s -w" -o "dist/${BINARY_NAME}" ./cmd/sentinel
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sentinel-${{ matrix.goos }}-${{ matrix.goarch }}
+          path: dist/
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23'
+
+      - name: Run go vet
+        run: go vet ./...
+
+      - name: Check formatting
+        run: |
+          if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
+            echo "Files not formatted:"
+            gofmt -s -l .
+            exit 1
+          fi

.gitignore

@@ -0,0 +1,26 @@
+# Binary
+sentinel
+sentinel.exe
+dist/
+
+# Reports (keep examples, ignore generated)
+*.html
+!templates/*.html
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Go
+vendor/
+
+# Sensitive
+.env
+*.key
+*.pem

README.md

@@ -1,42 +1,201 @@
-# Sentinel - Advanced Blackbox Security Scanner
+# Sentinel v2.0 - Advanced Blackbox Security Scanner
 
-Sentinel is a modular, high-performance security scanning framework written in Go. It is designed for authorized security assessments and penetration testing.
+Sentinel is a modular, high-performance security scanning framework written in Go. Designed for authorized security assessments and penetration testing.
 
 ## Features
 
-- **Reconnaissance**: Passive subdomain enumeration using Certificate Transparency logs (crt.sh).
-- **Vulnerability Scanning**:
-  - Missing Security Headers (X-Frame-Options, CSP, etc.)
-  - Information Disclosure (Server headers)
-  - Sensitive File Detection (/.git, /.env, /robots.txt, etc.)
-- **Reporting**: JSON output for easy integration with other tools.
-- **Concurrency**: Fast parallel scanning.
+### Reconnaissance
+- Passive subdomain enumeration via Certificate Transparency logs (crt.sh)
+- DNS bruteforce with 100+ common subdomain wordlist
+- DNS resolution verification (filter dead subdomains)
 
-## Usage
+### Vulnerability Scanning
+- **Security Headers** - 9 headers checked (CSP, HSTS, X-Frame-Options, Permissions-Policy, etc.)
+- **Sensitive Files** - 35+ paths tested (.git, .env, backups, admin panels, API docs, Docker files, AWS creds, etc.)
+- **TLS/SSL** - Version check (TLS 1.0/1.1 deprecated), certificate expiry, self-signed detection
+- **CORS** - Misconfiguration detection (wildcard, reflected origin, credentials leak)
+- **HTTP Methods** - Dangerous methods detection (PUT, DELETE, TRACE, etc.)
+- **Info Disclosure** - Server, X-Powered-By, ASP.NET version headers
 
-Build the tool:
+### Reporting
+- **JSON** structured report with CVSS scores and remediation advice
+- **HTML** professional dark-themed report with severity charts and risk scoring
+- Risk score calculation (0-10) with severity-weighted algorithm
+
+### Performance & Safety
+- Configurable concurrency (goroutines + semaphore)
+- Rate limiting to avoid target overload/ban
+- Proxy support (Burp Suite, ZAP, SOCKS)
+- Custom User-Agent
+- Configurable timeouts
+
+## Quick Start
+
+### Build
 ```bash
 go build -o sentinel ./cmd/sentinel
 ```
 
-Run a scan:
+### Basic Scan
+```bash
+./sentinel -target example.com
+```
+
+### Full Scan (all checks)
 ```bash
 ./sentinel -target example.com -full
 ```
 
-Options:
-- `-target`: Target domain (required)
-- `-full`: Enable full scan (includes sensitive file checks)
-- `-concurrency`: Number of concurrent workers (default: 10)
-- `-output`: Output file (default: report.json)
+### With Config File
+```bash
+./sentinel -config sentinel.yml
+```
+
+## CLI Options
+
+| Flag | Default | Description |
+|------|---------|-------------|
+| `-target` | *(required)* | Target domain |
+| `-full` | `false` | Enable full scan (sensitive files, all checks) |
+| `-output` | `report.json` | Output file path |
+| `-concurrency` | `10` | Number of concurrent workers (max 50) |
+| `-rate` | `100` | Rate limit in ms between requests |
+| `-timeout` | `10` | HTTP timeout in seconds |
+| `-proxy` | - | HTTP proxy URL (e.g., `http://127.0.0.1:8080`) |
+| `-ua` | `Sentinel/2.0` | Custom User-Agent string |
+| `-config` | - | Path to YAML config file |
+| `-verbose` | `false` | Enable debug output |
+| `-no-html` | `false` | Disable HTML report generation |
+| `-no-dns-brute` | `false` | Disable DNS bruteforce |
+| `-no-resolve` | `false` | Don't filter unresolved subdomains |
+
+## Configuration File
+
+Create a `sentinel.yml` for reusable configs:
+
+```yaml
+target: "example.com"
+output: "report.json"
+concurrency: 10
+full_scan: true
+rate_limit_ms: 100
+timeout_s: 10
+report_html: true
+
+recon:
+  crtsh: true
+  dns_bruteforce: true
+  resolve_only: true
+
+scan:
+  headers: true
+  sensitive_files: true
+  tls: true
+  cors: true
+  http_methods: true
+  server_info: true
+```
 
 ## Architecture
 
-- `cmd/sentinel`: CLI entry point.
-- `pkg/recon`: Reconnaissance modules (Subdomain enumeration).
-- `pkg/scan`: Vulnerability detection logic.
-- `pkg/report`: Reporting handling.
+```
+sentinel/
+├── cmd/sentinel/          # CLI entry point
+│   └── main.go
+├── pkg/
+│   ├── config/            # YAML config loader + validation
+│   │   ├── config.go
+│   │   └── config_test.go
+│   ├── recon/             # Reconnaissance modules
+│   │   └── subdomain.go   # crt.sh + DNS bruteforce + resolution
+│   ├── scan/              # Vulnerability detection
+│   │   ├── scan.go        # Headers, TLS, CORS, methods, files
+│   │   └── scan_test.go
+│   ├── report/            # Report generation
+│   │   ├── report.go      # JSON + HTML reports with CVSS
+│   │   └── report_test.go
+│   └── logger/            # Colored logging with severity levels
+│       └── logger.go
+├── .github/workflows/     # CI/CD (test, build, lint)
+│   └── ci.yml
+├── sentinel.yml           # Example config
+├── .gitignore
+└── go.mod
+```
+
+## Running Tests
+
+```bash
+go test -v ./...
+```
+
+With coverage:
+```bash
+go test -race -coverprofile=coverage.out ./...
+go tool cover -func=coverage.out
+```
+
+## CI/CD
+
+GitHub Actions pipeline included:
+- **Test** - Runs on Go 1.21/1.22/1.23 with race detection
+- **Build** - Cross-compiles for Linux/macOS/Windows (amd64 + arm64)
+- **Lint** - `go vet` + `gofmt` checks
 
 ## Disclaimer
 
-This tool is for educational and authorized testing purposes only. Do not use on systems you do not have permission to test.
+This tool is for **educational and authorized testing purposes only**. Do not use on systems you do not have explicit permission to test. Unauthorized scanning may violate laws and regulations.
+
+---
+
+## Changelog
+
+### v2.0.0 - Major Upgrade
+
+> Complete rewrite of the scanning engine, reporting system, and CLI interface.
+
+#### Reconnaissance
+| Change | Detail |
+|--------|--------|
+| **Added** DNS bruteforce | 100+ common subdomain prefixes (`admin`, `api`, `staging`, `vpn`, `ci`, etc.) |
+| **Added** DNS resolution | Filters out non-resolving subdomains before scanning |
+| **Improved** crt.sh parser | Better handling of wildcard and multi-line entries |
+
+#### Vulnerability Scanning
+| Change | Detail |
+|--------|--------|
+| **Added** TLS/SSL analysis | Protocol version check (TLS 1.0/1.1 flagged), certificate expiry, self-signed detection |
+| **Added** CORS misconfiguration | Wildcard origin, reflected origin, credentials leak detection |
+| **Added** HTTP methods audit | Detects dangerous methods (PUT, DELETE, TRACE) via OPTIONS and direct probing |
+| **Added** Extended info disclosure | `X-Powered-By`, `X-AspNet-Version`, `X-AspNetMvc-Version` headers |
+| **Expanded** Security headers | 3 → 9 headers (added HSTS, Permissions-Policy, Referrer-Policy, COOP, CORP) |
+| **Expanded** Sensitive files | 4 → 35+ paths (Docker, AWS, Spring Boot, GraphQL, Swagger, backups, CI configs) |
+| **Added** CVSS scoring | Each finding carries a CVSS v3.1 base score |
+| **Added** Remediation guidance | Actionable fix suggestions for every finding |
+
+#### Reporting
+| Change | Detail |
+|--------|--------|
+| **Added** HTML report | Professional dark-themed report with severity breakdown, risk gauge, and per-finding remediation |
+| **Added** Risk scoring | Weighted 0-10 score with severity levels (Safe, Low, Medium, High, Critical) |
+| **Improved** JSON structure | Full report metadata (target, date, duration, summary stats, risk score) |
+
+#### CLI & Configuration
+| Change | Detail |
+|--------|--------|
+| **Added** YAML config file | Reusable scan profiles via `sentinel.yml` |
+| **Added** Proxy support | Route traffic through Burp Suite, ZAP, or any HTTP proxy |
+| **Added** Custom User-Agent | Configurable UA string to avoid fingerprinting |
+| **Added** Rate limiting | Configurable delay between requests (default: 100ms) |
+| **Added** Verbose mode | Debug-level output for troubleshooting |
+| **Added** Granular flags | `--no-html`, `--no-dns-brute`, `--no-resolve` for fine-grained control |
+| **Improved** CLI output | ASCII banner, colored severity levels, progress tracking, phased execution display |
+
+#### Engineering
+| Change | Detail |
+|--------|--------|
+| **Added** Unit tests | 19 tests across `config`, `scan`, and `report` packages |
+| **Added** CI/CD pipeline | GitHub Actions: test (Go 1.21–1.23), cross-compile build, lint |
+| **Added** Logger package | Structured colored logging with severity levels (Info, Warn, Error, Debug, Phase) |
+| **Added** `.gitignore` | Proper ignore rules for binaries, reports, and IDE files |
+| **Improved** Go modules | Explicit dependencies (`yaml.v3`, `fatih/color`) with `go mod tidy` |