v1.2: logging, richer recon, parallel web enum, markdown report, validation#2
Merged
Conversation
Every log_* call now appends a timestamped, color-stripped line to
${KRAKEN_OUTPUT_DIR}/kraken.log when a session is active, giving an
audit trail of what was run. No-op until a session directory exists.
DNS recon now collects IPv6 (AAAA), TXT and CNAME records in addition to A/MX/NS. dig is used when available (cleaner, more reliable output), falling back to host, nslookup, then getent. Reverse DNS uses dig -x when dig is present.
Path probes now run as bounded background jobs (KRAKEN_WEB_JOBS, default 8) instead of one blocking curl at a time. Results are collected, sorted for deterministic output, then rendered and written. A dead host no longer serializes ~14 timeouts.
Reporting now writes a REPORT_*.md alongside the plaintext report, with heading structure and a summary table for pasting into tickets/wikis. Also fixes the scope line: the targets sed used | as both delimiter and alternation, so it errored and Target(s) was always empty. Switched the delimiter to # in both the text and Markdown summaries.
Add kraken_valid_target, rejecting empty input, whitespace and shell metacharacters and requiring host-legal characters. Recon, scan, vuln and web modules now validate the target/URL host right after prompting, failing fast instead of feeding junk to nmap/curl/host. Registered in the CI smoke test.
Encode the SC1091/SC2034 exclusions from the CI workflow in a repo-level .shellcheckrc so contributors running shellcheck locally get the same results as CI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Six improvements on top of the v1.1 modular refactor, each a self-contained commit. Plan documented in
docs/IMPROVEMENTS.md.log_*line to per-sessionkraken.log(audit trail)digoverhost, dig-based reverse DNSKRAKEN_WEB_JOBS(default 8)sedused|as both delimiter and alternation, soTarget(s)was always emptykraken_valid_targetrejects empty/whitespace/shell-metachar input; wired into recon/scan/vuln/web.shellcheckrcmatching CI exclusions; version bump to 1.2.0Testing
bash -nclean on all scriptskraken_valid_target--help/--versionverified🤖 Generated with Claude Code