voidprobber 2.0

Take a list of domains and probe for working HTTP and HTTPS servers with advanced features, multiple output formats, and comprehensive error handling.

Features

• 🚀 Fast concurrent probing with configurable worker pools
• 📊 Multiple output formats (text, JSON, CSV)
• 🔄 Retry logic with exponential backoff
• 🎯 Rate limiting to avoid overwhelming targets
• 🔒 TLS certificate analysis with detailed information
• 📈 Progress tracking and comprehensive statistics
• ⚙️ Configuration file support with YAML format
• 🐳 Modern Docker support with minimal security-focused images
• 🧪 Comprehensive test coverage with unit and integration tests
• 📝 Structured logging with configurable verbosity levels

Installation

From Source

go install github.com/NullifiedSec/voidprobber@latest

Using Docker

docker build -t voidprobber .
# or
docker pull ghcr.io/nullifiedsec/voidprobber:latest

Quick Start

Basic usage with domains from stdin:

echo "example.com" | voidprobber
# Output:
# https://example.com
# http://example.com

Advanced Usage

Configuration File

Create a configuration file for complex setups:

cp voidprobber.yaml.example voidprobber.yaml
# Edit voidprobber.yaml with your preferences
voidprobber --config voidprobber.yaml < domains.txt

Multiple Output Formats

# JSON output with detailed information
echo "example.com" | voidprobber --format json --cert-info --check-content

# CSV output for spreadsheet analysis
echo "example.com" | voidprobber --format csv -o results.csv

# Verbose text output
echo "example.com" | voidprobber -v

# Show HTTP status codes with colors
echo "example.com" | voidprobber --show-status-codes

# Combined with titles and status codes
echo "example.com" | voidprobber --show-status-codes --title

# Disable colors for piping or scripts
echo "example.com" | voidprobber --show-status-codes --no-color

Advanced Probing

# Use predefined port lists
echo "example.com" | voidprobber -p large -p top100

# Scan common ports (web, database, admin, API)
echo "example.com" | voidprobber --ports-common

# Custom ports and protocols
echo "example.com" | voidprobber -p http:8080 -p https:8443 --ports 3000,5000,9000

# Rate limited probing
echo "example.com" | voidprobber --rate-limit 10 --concurrency 5

# With retries and custom timeouts
echo "example.com" | voidprobber --max-retries 3 --timeout 30s --connect-timeout 10s

# Through HTTP proxy
echo "example.com" | voidprobber --proxy http://127.0.0.1:8080

# Through SOCKS5 proxy
echo "example.com" | voidprobber --proxy socks5://127.0.0.1:1080

# Capture screenshots for visual reconnaissance
echo "example.com" | voidprobber --screenshot --screenshot-dir ./recon-screenshots

Content Analysis

# Extract page titles and server information
echo "example.com" | voidprobber --check-content --format json | jq '.[] | {url, title, server}'

# Extract and display page titles in text format
echo "example.com" | voidprobber --title
# Output: https://example.com [Example Domain]

# TLS certificate information
echo "example.com" | voidprobber --cert-info --format json | jq '.[] | select(.cert_info) | {url, cert_info}'

Command Line Options

Core Options

• -c, --concurrency N: Set concurrency level (default: 20)
• -t, --timeout DURATION: Request timeout (default: 10s)
• --connect-timeout DURATION: Connection timeout (default: 5s)
• --read-timeout DURATION: Read timeout (default: 10s)

Probe Options

• -p, --probe PROBE: Add probe (format: proto:port or predefined list)
• --ports PORTS: Additional ports to probe (comma-separated)
• --ports-common: Scan common ports (web, database, admin, API ports)
• -s, --skip-default: Skip default probes (http:80, https:443)
• --prefer-https: Only try HTTP if HTTPS fails

HTTP Options

• -m, --method METHOD: HTTP method (default: GET)
• --user-agent AGENT: Custom User-Agent header
• --header KEY:VALUE: Custom headers (repeatable)
• --proxy URL: Proxy URL (http://proxy:8080 or socks5://proxy:1080)
• --follow-redirects: Follow HTTP redirects
• --max-redirects N: Maximum redirects to follow (default: 5)

TLS Options

• --insecure: Skip TLS certificate verification (default: true)
• --tls-server-name NAME: TLS server name for verification
• --cert-info: Include certificate information in output

Output Options

• -o, --output FILE: Output file (default: stdout)
• --format FORMAT: Output format (text, json, csv)
• --show-status-codes: Show HTTP status codes in text output
• --color: Colorize status codes (default: true)
• --no-color: Disable colored output
• -v, --verbose: Verbose output
• -q, --quiet: Quiet mode (no progress or stats)
• --show-progress: Show progress updates
• --show-stats: Show final statistics (default: true)

Rate Limiting & Retries

• --rate-limit N: Requests per second (0 = unlimited)
• --max-retries N: Maximum retries per probe (default: 0)
• --retry-delay DURATION: Delay between retries (default: 1s)
• --retry-backoff FLOAT: Retry backoff multiplier (default: 1.5)

Advanced Options

• --check-content: Analyze response content (extract titles)
• --title: Extract and display page titles in output
• --status-codes CODES: Consider only these status codes as success
• --config FILE: Configuration file path

Screenshot Options

• --screenshot: Capture screenshots of discovered services
• --screenshot-dir DIR: Directory to save screenshots (default: screenshots)
• --screenshot-width N: Screenshot width in pixels (default: 1280)
• --screenshot-height N: Screenshot height in pixels (default: 720)
• --screenshot-timeout DURATION: Screenshot timeout (default: 30s)
• --screenshot-fullpage: Capture full page screenshot

Predefined Port Lists

Use predefined port lists for common scenarios:

• small: 4 common ports (80, 443, 8080, 8443)
• medium: 11 web ports
• large: 15 common web ports
• xlarge: 47 comprehensive web ports
• top100: Top 100 most common ports
• common: Common web/application ports (web, database, admin, API, development)

echo "example.com" | voidprobber -p large -p top100

Output Formats

Text (Default)

Simple URL list of successful probes:

https://example.com
http://example.com:8080

Status Code Colors

When --show-status-codes and --color are enabled, status codes are color-coded:

• 🟢 Green (2xx): Success responses (200, 201, 204, etc.)
• 🟣 Magenta (3xx): Redirection responses (301, 302, 304, etc.)
• 🔴 Red (4xx): Client error responses (400, 401, 403, 404, etc.)
• 🟡 Yellow (5xx): Server error responses (500, 502, 503, etc.)
• ⚪ White: Unknown or non-standard status codes

Examples:

# Colored output (default)
http://example.com [200]     # Green 200
http://google.com [301]      # Magenta 301
http://example.com/admin [403] # Red 403
http://broken.com [500]      # Yellow 500

# Disable colors
voidprobber --show-status-codes --no-color

JSON

Detailed structured output:

[
  {
    "url": "https://example.com",
    "status_code": 200,
    "content_length": 1256,
    "response_time": "150ms",
    "tls_version": "TLS 1.3",
    "server": "nginx/1.18.0",
    "title": "Example Domain",
    "success": true
  }
]

CSV

Spreadsheet-compatible format with all fields.

Configuration File

Create voidprobber.yaml:

concurrency: 50
timeout: 30s
probes:
  - "large"
  - "http:8080"
output_format: "json"
cert_info: true
check_content: true
rate_limit: 20
max_retries: 2

Docker Usage

Basic Usage

echo "example.com" | docker run -i voidprobber

With Configuration

docker run -i -v $(pwd)/voidprobber.yaml:/voidprobber.yaml voidprobber --config /voidprobber.yaml < domains.txt

With Output File

docker run -i -v $(pwd):/output voidprobber -o /output/results.json --format json < domains.txt

Environment Variables

All configuration options can be set via environment variables with the VOIDPROBBER_ prefix:

export VOIDPROBBER_CONCURRENCY=50
export VOIDPROBBER_TIMEOUT=30s
export VOIDPROBBER_OUTPUT_FORMAT=json
echo "example.com" | voidprobber

Examples

Bug Bounty Reconnaissance

# Comprehensive probe with multiple port lists
subfinder -d target.com | voidprobber -p large -p xlarge --format json -o results.json --cert-info --check-content

# Fast probe with rate limiting for large scope
cat huge-domain-list.txt | voidprobber --rate-limit 50 --concurrency 100 --timeout 5s

# Quick title extraction for service identification
cat domains.txt | voidprobber --title | grep -E "\[(Admin|Login|Dashboard|Panel)\]"

# Through Burp Suite proxy for analysis
cat domains.txt | voidprobber --proxy http://127.0.0.1:8080 --ports-common

# Visual reconnaissance with screenshots
subfinder -d target.com | voidprobber --screenshot --title --format json -o results.json

# Full-page screenshots for documentation
echo "admin.target.com" | voidprobber --screenshot --screenshot-fullpage --screenshot-dir evidence

Infrastructure Monitoring

# Monitor specific services with retries
echo "api.company.com" | voidprobber -p https:443 -p https:8443 --max-retries 3 --format json

Content Discovery

# Extract titles and server information
cat domains.txt | voidprobber --check-content --format json | jq -r '.[] | select(.success) | "\(.url) - \(.title)"'

Performance Tips

1. Adjust concurrency based on your network and target capacity
2. Use rate limiting to avoid getting blocked
3. Set appropriate timeouts for your use case
4. Use predefined port lists instead of individual probes when possible
5. Enable retries for unreliable networks
6. Use configuration files for complex setups

Contributing

1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Run the test suite: go test ./...
5. Submit a pull request

License

This project is licensed under the MIT License - see the LICENSE file for details.