While browsing through LinkedIn I found this tool and it was very useful to me so I thought "why not?" and I've decided to refactor this code while trying to improve my Python skills and helping the community somehow.
Before opening a new Pull Request I'd rather ask to the authors their opinion on the actual code as I don't expect you to accept those changes without complaints or questions. So here's a breakthrough of the changes.
β οΈ Disclaimer: I'm not good at coloring outputs, and I find the methods to do so extremely irritating so I didn't used many colors, but this can always be updated later on.
β οΈ Disclaimer #2: I'm also not the best programmer ever, but I've tried my best to facilitate people's life, this does include the author of the code.
ποΈ Changelog:
I've made a couple of changes, so I'm splitting this in different sections.
File Structure
I've modified the project's folder structure. Having a unique and extremely big file containing different functions and parts of the code can become a real mess sometimes and, unfortunately, this is the case.
Previous Structure
CloakQuest3r/
β
βββ cloakquest3r.py
βββ requirements.txt
βββ wordlist.txt
Updated Structure
CloakQuest3r/
β
βββ cloakquest3r.py
βββ requirements.txt
βββ config.toml # Author information/links, version tag & API keys
βββ core/ # Core functionalities of the code
β βββ __init__.py
β βββ cloakquester.py # Main functions
β βββ banner.py
β βββ color.py
βββ docs/ # Documentation related files
β βββ LICENSE
βββ wordlists/ # Out-of-the-box wordlists
βββ default.txt
Splitting the code into distinct sections enhances organization and makes it easier to find specific code segments when updating or adding new features. Cloakquest3r has been modularized, with its own dedicated module.
- The
banner.py
contains functions related to banner and social media output, as this is not relevant for the main code to work, this allows the author to easily change the visual and/or colors as desired without touching the main code.
- The
config.toml
file stores API keys and also other relevant information about the author and his social media links and code version.
- The
color.py
file stores colored output related functions, to avoid unnecessary lines of code in the main file.
- The default out-of-the-box tool wordlist is included inside the
wordlists
folder.
- Templates, license, and other documentation should be stored inside the
docs
folder.
Code Changes
Previously created functions have been refactored, rewritten and/or renamed for simplicity of code as needed. Some functions and variables names have become clearer and shorter.
- Reduced
is_using_cloudflare
and detect_web_server
to a single function, since both do basically the same thing. The code now verifies wheter the target is behind Cloudflare before doing anything else, and only asks for confirmation if the code isn't.
- The code now verifies both if both URL and wordlist file are valid. Both have their own functions for validation:
is_valid_url
and is_valid_file
.
- Two functions have been added
_to_url
and _to_hostname
. Those basically convert the string as some functions require the URL schema (https://) while others don't.
Features
I've added some features that I thought would help users and also trying to add some features mentioned in the Contribution section of the README.md
file.
- Added the
-w/--wordlist
flag, allowing the user to set a custom wordlist for subdomain discovery.
- Added the
--no-bruteforce
option to avoid subdomain discovery through bruteforcing.
- Added the
--no-security-trail
option to avoid Security Trails usage for IP history discovery,
- Added the
--no-banner
option, as this can be useful while piping the output to an external file.
- Added the
--force
option to ignore wheter the target is using cloudflare of not.
- Added a help page
-h/--help
using argparse module.
TODO:
Some changes are still in progress and may or may be not continued based on the author's opinion on the code.
- Adding docstrings to functions, some functions already have this included but I was too lazy to add them all.
- Adding typing to functions. Same as above, too lazy to add all.
- More color to printed texts. Adding colors can be an issue due to the fact a simple print function can become hard to understand in the code with the brackets everywhere.
- Turn this into a PyPI package?
Final Considerations
My only objectives is to help and collaborate to the code somehow while improving my coding skills, I don't expect those changes to be accepted without complaints. I'm willing to listen and react to feedback from the code author.
The refactored code is available here: https://github.com/JLowborn/CloakquesterRedone