这是indexloc提供的服务,不要输入任何密码
Skip to content

Add new source: jsmon for subdomain discovery #1617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

Add new source: jsmon for subdomain discovery #1617

wants to merge 2 commits into from

Conversation

nandini-56
Copy link

@nandini-56 nandini-56 commented Jul 15, 2025
edited by coderabbitai bot
Loading

This PR adds a new passive source named 'jsmon' for discovering subdomains.

Changes made:

  • Added a new file: 'v2/pkg/subscraping/sources/jsmon/jsmon.go'
  • Integrated jsmon into the passive sources registry
  • Implemented the source interface with required parsing and error handling

Tested and verified output using the 'subfinder' tool. This source contributes to better subdomain coverage using jsmon data.

Looking forward to feedback or suggestions from the maintainers.

Summary by CodeRabbit

  • New Features
    • Added support for a new subdomain enumeration source with API authentication and asynchronous results streaming.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Jul 15, 2025
edited
Loading

Walkthrough

The changes add a new subdomain enumeration source named jsmon to the codebase. The jsmon package is implemented with full API key support, asynchronous result streaming, and integration into the passive sources list. No removal or disabling of existing sources occurs.

Changes

File(s) Summary
v2/pkg/passive/sources.go Added import and registration of the new jsmon source in the AllSources array.
v2/pkg/runner/options.go Added a trailing space after "netlas=1/s" in the defaultRateLimits slice; no functional change.
v2/pkg/subscraping/sources/jsmon/jsmon.go New package jsmon: implements a subdomain enumeration source with API key handling, async streaming, error tracking, and statistics.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Runner
    participant jsmon.Source
    participant JSMonAPI

    User->>Runner: Start subdomain enumeration for domain
    Runner->>jsmon.Source: Run(ctx, domain, session)
    jsmon.Source->>jsmon.Source: Verify API keys
    alt No API keys
        jsmon.Source-->>Runner: Mark source as skipped, return
    else API keys present
        jsmon.Source->>JSMonAPI: POST /api/v2/subfinderScan with domain and auth headers
        JSMonAPI-->>jsmon.Source: Return JSON response (subdomains or error)
        alt Success
            jsmon.Source->>Runner: Stream subdomain results asynchronously
        else Error or invalid response
            jsmon.Source->>Runner: Send error result
        end
    end
Loading

Poem

A new source hops in, jsmon by name,
With keys in its pouch, it’s joining the game.
Netlas still waits, its rate limit intact,
While jsmon scurries, hunting domains in fact.
🐇✨
Subdomains discovered, the hunt’s never done!

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f189423 and f6dc834.

📒 Files selected for processing (2)
  • v2/pkg/passive/sources.go (2 hunks)
  • v2/pkg/runner/options.go (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • v2/pkg/passive/sources.go
🚧 Files skipped from review as they are similar to previous changes (1)
  • v2/pkg/runner/options.go
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jul 15, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
v2/pkg/subscraping/sources/jsmon/jsmon.go (1)

15-19: Remove unused struct definition.

The subdomainsResponse struct is defined but never used in the code. This appears to be leftover code that should be removed to avoid confusion.

-type subdomainsResponse struct {
-	Subdomains []string `json:"subdomains"`
-	Status     string   `json:"status"`
-	Message    string   `json:"message"`
-}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b12abbb and f189423.

📒 Files selected for processing (3)
  • v2/pkg/passive/sources.go (2 hunks)
  • v2/pkg/runner/options.go (1 hunks)
  • v2/pkg/subscraping/sources/jsmon/jsmon.go (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
v2/pkg/passive/sources.go (1) 
Learnt from: x-stp
PR: projectdiscovery/subfinder#0
File: :0-0
Timestamp: 2025-06-24T16:03:30.467Z
Learning: When fixing HTTP response handling bugs in subfinder sources, the correct pattern is to use `defer session.DiscardHTTPResponse(resp)` after successful requests to ensure the response body remains open for reading, and call `session.DiscardHTTPResponse(resp)` immediately in error cases.
🧬 Code Graph Analysis (2)
v2/pkg/passive/sources.go (2)
v2/pkg/subscraping/sources/jsmon/jsmon.go (1)
  • Source (21-27)
v2/pkg/subscraping/types.go (1)
  • Source (37-62)
v2/pkg/subscraping/sources/jsmon/jsmon.go (1)
v2/pkg/subscraping/types.go (2)
  • Session (71-78)
  • Statistics (29-34)
🔇 Additional comments (6)
v2/pkg/subscraping/sources/jsmon/jsmon.go (3)

61-71: LGTM: URL construction and request preparation.

The URL construction and request body preparation logic is well-implemented. The use of query parameters for workspace ID and proper JSON formatting for the request body follows good practices.

122-149: LGTM: Interface method implementations.

All required interface methods are properly implemented with appropriate return values. The source correctly indicates it needs API keys, supports recursive enumeration, and is not enabled by default.

72-79: JSMon HTTP response cleanup is correctly implemented
The jsmon source calls session.DiscardHTTPResponse(resp) immediately on every error path and once on the success path before processing results, matching the pattern used throughout other sources. No changes needed.

v2/pkg/runner/options.go (1)

258-258: LGTM: Netlas rate limit removal.

The netlas rate limit has been properly commented out with a clear explanation. This change aligns with the removal of the netlas source from the passive sources list.

v2/pkg/passive/sources.go (2)

37-37: LGTM: Jsmon import addition.

The import for the jsmon source is correctly placed in alphabetical order within the existing imports.

69-69: LGTM: Jsmon source registration.

The jsmon source is properly registered in the AllSources array following the established pattern. The placement maintains the existing structure of the array.

v2/pkg/subscraping/sources/jsmon/jsmon.go
Comment on lines +94 to +105
var subdomains []string
err = jsoniter.NewDecoder(resp.Body).Decode(&subdomains)
if err != nil {
// Read response body for debugging
body, _ := io.ReadAll(resp.Body)
fmt.Printf("[DEBUG] Response body: %s\n", string(body))
fmt.Printf("[DEBUG] JSON decode error: %v\n", err)
results <- subscraping.Result{Source: s.Name(), Type: subscraping.Error, Error: err}
s.errors++
session.DiscardHTTPResponse(resp)
return
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove debug print statements and improve error handling.

The code contains debug print statements that should not be present in production code. Additionally, the JSON parsing logic expects a direct array of subdomains, which contradicts the unused subdomainsResponse struct.

Apply this diff to remove debug statements and improve error handling:

-	// Parse the response as a direct array of subdomains
 	var subdomains []string
 	err = jsoniter.NewDecoder(resp.Body).Decode(&subdomains)
 	if err != nil {
-		// Read response body for debugging
-		body, _ := io.ReadAll(resp.Body)
-		fmt.Printf("[DEBUG] Response body: %s\n", string(body))
-		fmt.Printf("[DEBUG] JSON decode error: %v\n", err)
 		results <- subscraping.Result{Source: s.Name(), Type: subscraping.Error, Error: err}
 		s.errors++
 		session.DiscardHTTPResponse(resp)
 		return
 	}

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In v2/pkg/subscraping/sources/jsmon/jsmon.go around lines 94 to 105, remove the
debug print statements that output the response body and JSON decode error, as
these should not be in production code. Instead, improve error handling by
properly using the existing subdomainsResponse struct to parse the JSON
response, ensuring the JSON decoding matches the expected structure. Adjust the
decoding logic to decode into the subdomainsResponse struct and extract
subdomains from it, then handle errors by sending them through the results
channel and discarding the HTTP response as before.

@DhiyaneshGeek DhiyaneshGeek added the good first issue Good for newcomers label Jul 15, 2025
@dogancanbakir
Copy link
Member

dogancanbakir commented Jul 15, 2025
edited
Loading

Please take a look at the following

  • merge conflic
  • README update

dogancanbakir
dogancanbakir requested changes Jul 16, 2025
View reviewed changes
Copy link
Member

@dogancanbakir dogancanbakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

left some comments

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@dogancanbakir dogancanbakir dogancanbakir requested changes

Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nandini-56 @dogancanbakir @DhiyaneshGeek