website /find endpoint

sw33tLie · sw33tLie · commit 1ebd9716281c · 2026-03-02T19:37:05.000+01:00
diff --git a/docs/src/web/api.md b/docs/src/web/api.md
@@ -61,6 +61,30 @@ curl "https://your-instance.com/api/v1/targets/wildcards?platform=h1&format=json
 curl "https://your-instance.com/api/v1/targets/urls?scope=out"
 ```
 
+## Find
+
+```
+GET /api/v1/find
+```
+
+Find programs whose scope matches a given hostname or domain. Automatically expands to root domain matching (e.g. `aaa.example.com` will also match programs scoping `bbb.example.com` via the shared root `example.com`). Cloud provider domains (e.g. `azurewebsites.net`, `herokuapp.com`) are excluded from root domain expansion to avoid false positives.
+
+Query parameters:
+
+| Param | Description |
+|-------|-------------|
+| `q` | Search query (hostname, domain, etc.) — **required** |
+
+### Examples
+
+```bash
+# Find programs with example.com in scope
+curl "https://your-instance.com/api/v1/find?q=example.com"
+
+# Find via subdomain — expands to root domain matching
+curl "https://your-instance.com/api/v1/find?q=sub.example.com"
+```
+
 ## Updates
 
 ```
diff --git a/pkg/storage/storage.go b/pkg/storage/storage.go
@@ -1523,6 +1523,38 @@ func (d *DB) GetStats(ctx context.Context, bbpFilter string) ([]PlatformStats, e
 	return stats, rows.Err()
 }
 
+// FindProgramsByDomain searches for programs that have targets matching the given query string.
+// It returns deduplicated programs (by URL) with their platform, handle, and URL.
+// Only active, non-ignored programs are returned.
+func (d *DB) FindProgramsByDomain(ctx context.Context, query string) ([]ProgramMatch, error) {
+	likeQuery := fmt.Sprintf("%%%s%%", query)
+
+	rows, err := d.sql.QueryContext(ctx, `
+		SELECT DISTINCT p.platform, p.handle, p.url
+		FROM targets_raw t
+		JOIN programs p ON t.program_id = p.id
+		WHERE p.disabled = 0
+		  AND p.is_ignored = 0
+		  AND t.in_scope = 1
+		  AND LOWER(t.target) LIKE LOWER($1)
+		ORDER BY p.platform, p.handle
+	`, likeQuery)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var out []ProgramMatch
+	for rows.Next() {
+		var m ProgramMatch
+		if err := rows.Scan(&m.Platform, &m.Handle, &m.URL); err != nil {
+			return nil, err
+		}
+		out = append(out, m)
+	}
+	return out, rows.Err()
+}
+
 func (d *DB) SearchTargets(ctx context.Context, searchTerm string) ([]Entry, error) {
 	likeQuery := fmt.Sprintf("%%%s%%", searchTerm)
 
diff --git a/pkg/storage/types.go b/pkg/storage/types.go
@@ -73,6 +73,13 @@ type TargetItem struct {
 	Variants    []TargetVariant
 }
 
+// ProgramMatch represents a program that matched a domain search query.
+type ProgramMatch struct {
+	Platform string
+	Handle   string
+	URL      string
+}
+
 // TargetVariant captures a requested expansion for a target.
 type TargetVariant struct {
 	Value       string
diff --git a/website/find-scope-burp-action.java b/website/find-scope-burp-action.java
@@ -1,92 +1,37 @@
 // 1. Get the requested hostname from Burp's requestResponse object
 String requestHost = requestResponse.httpService().host();
 
-// --- ROOT DOMAIN EXTRACTOR ---
-// This safely extracts the base domain (e.g., "codebig2.net" from "sub.codebig2.net")
-// and accounts for common compound TLDs (like "example.co.uk").
-java.util.function.Function<String, String> extractRoot = (host) -> {
-    if (host == null) return "";
-    String[] parts = host.split("\\.");
-    if (parts.length <= 2) return host;
-    
-    String tld = parts[parts.length - 1];
-    String sld = parts[parts.length - 2];
-    
-    // Check for common compound TLDs (e.g., .co.uk, .com.au)
-    if ((tld.length() == 2 && (sld.equals("co") || sld.equals("com") || sld.equals("org") || sld.equals("net"))) || (sld.length() <= 3 && tld.length() == 2)) {
-        if (parts.length >= 3) {
-            return parts[parts.length - 3] + "." + sld + "." + tld;
-        }
-    }
-    return sld + "." + tld;
-};
-
-String requestRoot = extractRoot.apply(requestHost);
-// -----------------------------
-
-// 2. Fetch the JSON from BBScope
+// 2. Query the BBScope Find API
 StringBuilder jsonResponse = new StringBuilder();
 try {
-    java.net.URL url = new java.net.URL("https://bbscope.com/api/v1/programs");
+    java.net.URL url = new java.net.URL("https://bbscope.com/api/v1/find?q=" + java.net.URLEncoder.encode(requestHost, "UTF-8"));
     java.net.HttpURLConnection conn = (java.net.HttpURLConnection) url.openConnection();
     conn.setRequestMethod("GET");
     conn.setRequestProperty("User-Agent", "BurpSuite-BBScope-Action");
-    
+
     java.io.BufferedReader in = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));
     String inputLine;
     while ((inputLine = in.readLine()) != null) {
         jsonResponse.append(inputLine);
     }
     in.close();
 } catch (Exception e) {
-    logging().logToOutput("Error fetching JSON: " + e.getMessage());
+    logging().logToOutput("Error fetching from BBScope API: " + e.getMessage());
 }
 
+// 3. Extract program URLs from response
 String json = jsonResponse.toString();
-String foundProgramUrl = null;
-
-// 3. Parse the JSON using Regex
-java.util.regex.Pattern programPattern = java.util.regex.Pattern.compile("\"url\":\"([^\"]+)\"[^}]+?\"targets\":\\[(.*?)\\]");
-java.util.regex.Matcher programMatcher = programPattern.matcher(json);
-
-while (programMatcher.find()) {
-    String programUrl = programMatcher.group(1);
-    String targetsString = programMatcher.group(2);
+java.util.regex.Pattern urlPattern = java.util.regex.Pattern.compile("\"url\":\"([^\"]+)\"");
+java.util.regex.Matcher urlMatcher = urlPattern.matcher(json);
 
-    // Extract individual target URLs from the array
-    java.util.regex.Pattern targetUrlPattern = java.util.regex.Pattern.compile("\"([^\"]+)\"");
-    java.util.regex.Matcher targetUrlMatcher = targetUrlPattern.matcher(targetsString);
-
-    while (targetUrlMatcher.find()) {
-        String rawTargetUrl = targetUrlMatcher.group(1);
-        try {
-            // Parse the host out of the target URL
-            java.net.URI uri = new java.net.URI(rawTargetUrl);
-            String targetHost = uri.getHost();
-            
-            if (targetHost != null) {
-                String targetRoot = extractRoot.apply(targetHost);
-                
-                // Broad Check: Do they share the same root domain?
-                // e.g., requestRoot (codebig2.net) == targetRoot (codebig2.net)
-                if (requestRoot.equalsIgnoreCase(targetRoot)) {
-                    foundProgramUrl = programUrl;
-                    break;
-                }
-            }
-        } catch (Exception e) {
-            // Ignore malformed URIs inside the JSON target list
-            continue; 
-        }
-    }
-    
-    // Stop searching if we already found a match
-    if (foundProgramUrl != null) {
-        break; 
-    }
+java.util.List<String> programUrls = new java.util.ArrayList<>();
+while (urlMatcher.find()) {
+    programUrls.add(urlMatcher.group(1));
 }
 
 // 4. Output the results
-if (foundProgramUrl != null) {
-    logging().logToOutput("[+] BBP MATCH: " + requestHost + " belongs to -> " + foundProgramUrl);
-}
+if (!programUrls.isEmpty()) {
+    for (String programUrl : programUrls) {
+        logging().logToOutput("[+] BBP MATCH: " + requestHost + " belongs to -> " + programUrl);
+    }
+}
diff --git a/website/pkg/core/api.go b/website/pkg/core/api.go
@@ -673,6 +673,108 @@ func apiUpdatesHandler(w http.ResponseWriter, r *http.Request) {
 	w.Write(respJSON)
 }
 
+// --- Find API ---
+
+type apiFindResponse struct {
+	Query      string             `json:"query"`
+	Programs   []apiFindProgram   `json:"programs"`
+	TotalCount int                `json:"total_count"`
+}
+
+type apiFindProgram struct {
+	Platform string `json:"platform"`
+	Handle   string `json:"handle"`
+	URL      string `json:"url"`
+}
+
+// apiFindHandler serves GET /api/v1/find — finds programs matching a domain/hostname query.
+func apiFindHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodOptions {
+		setCORSHeaders(w)
+		w.WriteHeader(http.StatusNoContent)
+		return
+	}
+	if r.Method != http.MethodGet {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	q := strings.TrimSpace(r.URL.Query().Get("q"))
+	if q == "" {
+		setCORSHeaders(w)
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"error":"missing required query parameter: q"}`))
+		return
+	}
+
+	ctx := context.Background()
+
+	// Direct search: find programs with targets matching the literal query
+	matches, err := db.FindProgramsByDomain(ctx, q)
+	if err != nil {
+		log.Printf("API find: error searching for %q: %v", q, err)
+		setCORSHeaders(w)
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte(`{"error":"internal server error"}`))
+		return
+	}
+
+	// Root domain expansion: if the root domain differs from the query and is not blacklisted,
+	// do a second search and merge results.
+	rootDomain, ok := storage.ExtractRootDomain(q)
+	if ok && rootDomain != q && !targets.IsBlacklistedSuffix(rootDomain) {
+		rootMatches, err := db.FindProgramsByDomain(ctx, rootDomain)
+		if err != nil {
+			log.Printf("API find: error searching root domain %q: %v", rootDomain, err)
+			// Non-fatal: continue with what we have
+		} else {
+			matches = append(matches, rootMatches...)
+		}
+	}
+
+	// Deduplicate by program URL
+	seen := make(map[string]struct{})
+	var programs []apiFindProgram
+	for _, m := range matches {
+		programURL := strings.ReplaceAll(m.URL, "api.yeswehack.com", "yeswehack.com")
+		if _, exists := seen[programURL]; exists {
+			continue
+		}
+		seen[programURL] = struct{}{}
+		programs = append(programs, apiFindProgram{
+			Platform: m.Platform,
+			Handle:   m.Handle,
+			URL:      programURL,
+		})
+	}
+
+	if programs == nil {
+		programs = []apiFindProgram{}
+	}
+
+	resp := apiFindResponse{
+		Query:      q,
+		Programs:   programs,
+		TotalCount: len(programs),
+	}
+
+	respJSON, err := json.Marshal(resp)
+	if err != nil {
+		log.Printf("API find: error marshaling response: %v", err)
+		setCORSHeaders(w)
+		w.Header().Set("Content-Type", "application/json; charset=utf-8")
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte(`{"error":"internal server error"}`))
+		return
+	}
+
+	setCORSHeaders(w)
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.Write(respJSON)
+}
+
 // mergeUniqueSorted merges two sorted string slices into a single sorted, deduplicated slice.
 func mergeUniqueSorted(a, b []string) []string {
 	seen := make(map[string]struct{}, len(a)+len(b))
diff --git a/website/pkg/core/apipage.go b/website/pkg/core/apipage.go
@@ -124,7 +124,7 @@ func APIPageContent() g.Node {
 		Section(Class("bg-zinc-900/30 border border-zinc-800/50 rounded-2xl shadow-xl shadow-black/10 p-6 md:p-8 mb-6"),
 			H2(Class("text-lg font-semibold text-white mb-4"), g.Text("Usage Examples")),
 			Div(Class("bg-zinc-950 rounded-lg p-4 font-mono text-sm text-cyan-400 overflow-x-auto"),
-				g.Raw(`<span class="text-zinc-500"># Get all in-scope wildcard domains</span><br>curl -s https://bbscope.com/api/v1/targets/wildcards<br><br><span class="text-zinc-500"># Pipe directly into your tools</span><br>curl -s https://bbscope.com/api/v1/targets/wildcards | subfinder -silent<br><br><span class="text-zinc-500"># Filter by platform and get JSON</span><br>curl -s "https://bbscope.com/api/v1/targets/domains?platform=h1&amp;format=json"<br><br><span class="text-zinc-500"># Raw data without AI enhancements</span><br>curl -s "https://bbscope.com/api/v1/targets/wildcards?raw=true"<br><br><span class="text-zinc-500"># Get scope updates (since: today, yesterday, 7d, 30d, 90d, 1y, or YYYY-MM-DD)</span><br>curl -s "https://bbscope.com/api/v1/updates?since=7d"<br><br><span class="text-zinc-500"># Filter updates by platform and date range</span><br>curl -s "https://bbscope.com/api/v1/updates?since=2025-01-01&amp;until=2025-01-31&amp;platform=h1"<br><br><span class="text-zinc-500"># Search updates and paginate</span><br>curl -s "https://bbscope.com/api/v1/updates?search=example.com&amp;per_page=50&amp;page=2"`),
+				g.Raw(`<span class="text-zinc-500"># Get all in-scope wildcard domains</span><br>curl -s https://bbscope.com/api/v1/targets/wildcards<br><br><span class="text-zinc-500"># Pipe directly into your tools</span><br>curl -s https://bbscope.com/api/v1/targets/wildcards | subfinder -silent<br><br><span class="text-zinc-500"># Filter by platform and get JSON</span><br>curl -s "https://bbscope.com/api/v1/targets/domains?platform=h1&amp;format=json"<br><br><span class="text-zinc-500"># Raw data without AI enhancements</span><br>curl -s "https://bbscope.com/api/v1/targets/wildcards?raw=true"<br><br><span class="text-zinc-500"># Get scope updates (since: today, yesterday, 7d, 30d, 90d, 1y, or YYYY-MM-DD)</span><br>curl -s "https://bbscope.com/api/v1/updates?since=7d"<br><br><span class="text-zinc-500"># Filter updates by platform and date range</span><br>curl -s "https://bbscope.com/api/v1/updates?since=2025-01-01&amp;until=2025-01-31&amp;platform=h1"<br><br><span class="text-zinc-500"># Search updates and paginate</span><br>curl -s "https://bbscope.com/api/v1/updates?search=example.com&amp;per_page=50&amp;page=2"<br><br><span class="text-zinc-500"># Find programs that have example.com in scope</span><br>curl -s "https://bbscope.com/api/v1/find?q=example.com"<br><br><span class="text-zinc-500"># Find programs via root domain (matches *.example.com scopes)</span><br>curl -s "https://bbscope.com/api/v1/find?q=sub.example.com"`),
 			),
 		),
 
@@ -169,6 +169,16 @@ func APIPageContent() g.Node {
 				},
 			),
 
+			H3(Class("text-sm font-semibold text-zinc-300 uppercase tracking-wider mb-4 mt-6"), g.Text("Find")),
+
+			apiEndpointCard(
+				"GET", "/api/v1/find",
+				"Find programs whose scope matches a given hostname or domain. Automatically expands to root domain matching (e.g. aaa.example.com matches programs scoping bbb.example.com). Cloud provider domains are excluded from expansion to avoid false positives.",
+				[]apiParam{
+					{"q", "string", "Search query (hostname, domain, etc.) — required"},
+				},
+			),
+
 			H3(Class("text-sm font-semibold text-zinc-300 uppercase tracking-wider mb-4 mt-6"), g.Text("Updates")),
 
 			apiEndpointCard(
diff --git a/website/pkg/core/core.go b/website/pkg/core/core.go
@@ -867,6 +867,7 @@ func Run(cfg ServerConfig) error {
 	http.HandleFunc("/api/v1/programs/", apiProgramDetailHandler)
 	http.HandleFunc("/api/v1/targets/", apiTargetsHandler)
 	http.HandleFunc("/api/v1/updates", apiUpdatesHandler)
+	http.HandleFunc("/api/v1/find", apiFindHandler)
 	http.HandleFunc("/api", apiPageHandler)
 
 	// Serve static files
