feat: add wave 4 plugins (opslog, note, subdomain, headers)

Opslog: timestamped operational log per channel with add, list, search, and delete. SQLite-backed, admin-only clear. Note: persistent per-channel key-value store with set, get, del, list, clear. SQLite-backed, admin-only clear. Subdomain: enumeration via crt.sh CT log query with optional DNS brute force using a built-in 80-word prefix wordlist. Resolves discovered subdomains concurrently. Headers: HTTP header fingerprinting against 50+ signature patterns. Detects servers, frameworks, CDNs, and security headers (HSTS, CSP, XFO, etc). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 02:48:16 +01:00
parent 19f54da3cf
commit e1b57e1764
9 changed files with 724 additions and 14 deletions
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -39,7 +39,7 @@
 - [x] Admin/owner permission system (hostmask + IRCOP)
 - [x] !whoami and !admins commands

-## v0.4.0 -- Wave 3 Plugins (Local Databases) (current)
+## v0.4.0 -- Wave 3 Plugins (Local Databases) (done)

 - [ ] GeoIP plugin (MaxMind GeoLite2-City mmdb)
 - [ ] ASN plugin (GeoLite2-ASN mmdb)
@@ -48,12 +48,12 @@
 - [ ] CVE lookup plugin (local NVD JSON feed)
 - [ ] Data update script (cron-friendly, all local DBs)

-## v0.5.0 -- Wave 4 Plugins (Advanced)
+## v0.5.0 -- Wave 4 Plugins (Advanced) (current)

- [ ] Operational logging plugin (SQLite per-channel)
- [ ] Persistent notes plugin (per-channel key-value)
- [ ] Subdomain enumeration (crt.sh + wordlist DNS brute)
- [ ] HTTP header fingerprinting (local signature db)
+- [x] Operational logging plugin (SQLite per-channel)
+- [x] Persistent notes plugin (per-channel key-value)
+- [x] Subdomain enumeration (crt.sh + wordlist DNS brute)
+- [x] HTTP header fingerprinting (local signature db)
 - [ ] ExploitDB search (local CSV clone)
 - [ ] Payload template library (SQLi, XSS, SSTI)