utkusen · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024
Showing with 70 additions and 48 deletions.

+4 −16 README.md

+1 −1 go.mod

+65 −31 main.go
diff --git a/README.md b/README.md
@@ -5,24 +5,12 @@ Currently, it supports Twitter, Facebook, Instagram and Tiktok without any API k
 
 [![asciicast](https://asciinema.org/a/wYMVXIHCxxOB3QPWq4Fe8Advn.svg)](https://asciinema.org/a/wYMVXIHCxxOB3QPWq4Fe8Advn)
 
-# Installation
-
-## From Binary
-
-You can download the pre-built binaries from the [releases](https://github.com/utkusen/socialhunter/releases) page and run. For example:
-
-`wget https://github.com/utkusen/socialhunter/releases/download/v0.1.1/socialhunter_0.1.1_Linux_amd64.tar.gz`
-
-`tar xzvf socialhunter_0.1.1_Linux_amd64.tar.gz`
-
-`./socialhunter --help`
-
-## From Source
+## Installation
 
 1. Install Go on your system
-2. Run: `go install github.com/utkusen/socialhunter@latest`
+2. Run: `go install github.com/TargetPackage/socialhunter@latest`
 
-# Usage
+## Usage
 
 socialhunter requires 2 parameters to run: 
 
@@ -32,6 +20,6 @@ socialhunter requires 2 parameters to run:
 
 # Donation
 
-Loved the project? You can buy me a coffee
+Love the project? You can buy the tool's creator `@utkusen` a coffee:
 
 <a href="https://www.buymeacoffee.com/utkusen" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>
diff --git a/go.mod b/go.mod
@@ -1,4 +1,4 @@
-module github.com/utkusen/socialhunter
+module github.com/TargetPackage/socialhunter
 
 go 1.18
 

diff --git a/main.go b/main.go
@@ -4,7 +4,7 @@ import (
 	"crypto/tls"
 	"flag"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
@@ -33,33 +33,54 @@ func main() {
 	/_/     \_\
 	utkusen.com
 `)
+
+	url := flag.String("u", "", "A singular URL")
 	urlFile := flag.String("f", "", "Path of the URL file")
-	numWorker := flag.Int("w", 5, "Number of worker.")
+	agent := flag.String("a", "", "The User-Agent to use in requests")
+	numWorker := flag.Int("w", 5, "Number of workers")
 	flag.Parse()
-	if *urlFile == "" {
-		fmt.Println("Please specify all arguments!")
+
+	// Require either a file or a URL string to run the tool
+	if *urlFile == "" && *url == "" {
+		fmt.Println("Please specify either a URL (-u) or a file of URLs (-f) to use the tool!")
 		flag.PrintDefaults()
 		os.Exit(1)
 	}
-	file, err := ioutil.ReadFile(*urlFile)
-	if err != nil {
-		fmt.Println(err)
-		return
+
+	if *agent != "" {
+		userAgent = *agent
 	}
-	urls := strings.Split(string(file), "\n")
-	queue = len(urls)
-	fmt.Println("Total URLs:", queue)
-	wp := workerpool.New(*numWorker)
-
-	for _, url := range urls {
-		url := url
-		wp.Submit(func() {
-			fmt.Println("Checking:", url)
-			action(url)
-		})
 
+	if *urlFile != "" {
+		// Pull URLs from the specified file
+		file, err := os.ReadFile(*urlFile)
+		if err != nil {
+			fmt.Println(err)
+			return
+		}
+		urls := strings.Split(string(file), "\n")
+
+		queue = len(urls)
+		fmt.Println("Total URLs:", queue)
+		wp := workerpool.New(*numWorker)
+
+		for _, url := range urls {
+			url := url
+			wp.Submit(func() {
+				fmt.Println("Checking:", url)
+				action(url)
+			})
+		}
+
+		wp.StopWait()
+	} else {
+		// Get the URL from the CLI arg
+		url := string(*url)
+		fmt.Println("Checking:", url)
+		sl := visitor(url, 10)
+		checkTakeover(removeDuplicateStr(sl))
+		color.Magenta("Finished Checking: " + url)
 	}
-	wp.StopWait()
 
 	color.Cyan("Scan Completed")
 }
@@ -78,6 +99,7 @@ func stringInSlice(a string, list *[]string) bool {
 			return true
 		}
 	}
+
 	return false
 }
 
@@ -90,38 +112,47 @@ func checkTakeover(socialLinks []string) {
 			continue
 		}
 		alreadyChecked = append(alreadyChecked, socialLink)
-		if len(socialLink) > 60 || strings.Contains(socialLink, "intent/tweet") || strings.Contains(socialLink, "twitter.com/share") || strings.Contains(socialLink, "twitter.com/privacy") || strings.Contains(socialLink, "facebook.com/home") || strings.Contains(socialLink, "instagram.com/p/") {
+
+		// Ignore likely false positives
+		if len(socialLink) > 60 || strings.Contains(socialLink, "intent/tweet") || strings.Contains(socialLink, "(?:twitter|x).com/share") || strings.Contains(socialLink, "(?:twitter|x).com/privacy") || strings.Contains(socialLink, "facebook.com/home") || strings.Contains(socialLink, "instagram.com/p/") {
 			continue
 		}
+
 		u, err := url.Parse(socialLink)
 		if err != nil {
 			continue
 		}
+
 		domain := u.Host
 		tr := &http.Transport{
 			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 		}
+
+		// Facebook (Meta)
 		if strings.Contains(domain, "facebook.com") {
 			if strings.Count(socialLink, ".") > 1 {
 				socialLink = "https://" + strings.Split(socialLink, ".")[1] + "." + strings.Split(socialLink, ".")[2]
 			}
+
 			socialLink = strings.Replace(socialLink, "www.", "", -1)
 			tempLink := strings.Replace(socialLink, "facebook.com", "tr-tr.facebook.com", -1)
 			resp, err := http.Get(tempLink)
 			if err != nil {
 				continue
 			}
+
 			defer resp.Body.Close()
-			body, err := ioutil.ReadAll(resp.Body)
+			body, err := io.ReadAll(resp.Body)
 			if err != nil {
 				continue
 			}
-			if strings.Contains(string(body), "Sayfa Bulunamadı") {
-				color.Green("Possible Takeover: " + socialLink + " at " + foundLink)
 
+			if strings.Contains(string(body), "Sayfa Bulunamadı") || strings.Contains(string(body), "The link you followed may be broken, or the page may have been removed") {
+				color.Green("Possible Takeover: " + socialLink + " at " + foundLink)
 			}
-
 		}
+
+		// TikTok
 		if strings.Contains(domain, "tiktok.com") {
 			if strings.Count(strings.Replace(socialLink, "www.", "", -1), ".") > 1 {
 				continue
@@ -145,8 +176,9 @@ func checkTakeover(socialLinks []string) {
 				color.Green("Possible Takeover: " + socialLink + " at " + foundLink)
 			}
 		}
-		if strings.Contains(domain, "instagram.com") {
 
+		// Instagram
+		if strings.Contains(domain, "instagram.com") {
 			if strings.Count(strings.Replace(socialLink, "www.", "", -1), ".") > 1 {
 				continue
 			}
@@ -172,13 +204,15 @@ func checkTakeover(socialLinks []string) {
 				color.Green("Possible Takeover: " + socialLink + " at " + foundLink)
 			}
 		}
-		if strings.Contains(domain, "twitter.com") {
+
+		// Twitter (X)
+		if strings.Contains(domain, "(?:twitter|[^\\w]x]).com") {
 			if strings.Count(strings.Replace(socialLink, "www.", "", -1), ".") > 1 {
 				continue
 			}
 			u, err := url.Parse(socialLink)
 			userName := u.Path
-			tempLink := "https://nitter.net" + userName
+			tempLink := "http://nitter.net" + userName
 			client := &http.Client{}
 			req, err := http.NewRequest("GET", tempLink, nil)
 			if err != nil {
@@ -198,7 +232,6 @@ func checkTakeover(socialLinks []string) {
 			}
 		}
 	}
-	return
 }
 
 func removeDuplicateStr(strSlice []string) []string {
@@ -229,6 +262,7 @@ func visitor(visitURL string, maxDepth int) []string {
 	if err != nil {
 		panic(err)
 	}
+
 	domain := u.Host
 	path := u.Path
 	c.OnHTML("a[href]", func(e *colly.HTMLElement) {
@@ -243,6 +277,7 @@ func visitor(visitURL string, maxDepth int) []string {
 				socialLinks = append(socialLinks, e.Request.URL.String()+"|"+link)
 			}
 		}
+
 		if strings.Contains(linkDomain, domain) {
 			visitFlag := true
 			for _, extension := range denyList {
@@ -260,10 +295,9 @@ func visitor(visitURL string, maxDepth int) []string {
 				visitFlag = false
 			}
 
-			if visitFlag == true {
+			if visitFlag {
 				visitedLinks = append(visitedLinks, link)
 				e.Request.Visit(link)
-
 			}
 		}