feat: add wave 4 plugins (opslog, note, subdomain, headers)

Opslog: timestamped operational log per channel with add, list, search, and delete. SQLite-backed, admin-only clear. Note: persistent per-channel key-value store with set, get, del, list, clear. SQLite-backed, admin-only clear. Subdomain: enumeration via crt.sh CT log query with optional DNS brute force using a built-in 80-word prefix wordlist. Resolves discovered subdomains concurrently. Headers: HTTP header fingerprinting against 50+ signature patterns. Detects servers, frameworks, CDNs, and security headers (HSTS, CSP, XFO, etc). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 02:48:16 +01:00
parent 19f54da3cf
commit e1b57e1764
9 changed files with 724 additions and 14 deletions
--- a/docs/CHEATSHEET.md
+++ b/docs/CHEATSHEET.md
@@ -86,6 +86,25 @@ IRC operators are auto-detected via WHO. Hostmask patterns use fnmatch.
 !cert example.com       # CT log lookup (max 5 domains)
 !whois example.com      # WHOIS domain lookup
 !whois 8.8.8.8          # WHOIS IP lookup
+!subdomain example.com        # CT log subdomain enum
+!subdomain example.com brute  # + DNS wordlist brute
+!headers example.com          # HTTP fingerprint (tech + security)
+```
+
+## Ops
+
+```
+!opslog add Compromised target  # Add timestamped entry
+!opslog list                    # Show last 5 entries
+!opslog list 10                 # Show last 10
+!opslog search pivot            # Search entries
+!opslog del 3                   # Delete entry by ID
+!opslog clear                   # Clear channel log (admin)
+!note set target 10.0.0.1      # Store a note
+!note get target                # Retrieve a note
+!note del target                # Delete a note
+!note list                      # List all keys
+!note clear                     # Clear all notes (admin)
 ```

 ## Red Team
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -90,6 +90,10 @@ level = "info"                # Logging level: debug, info, warning, error
 | `!tor <ip\|update>` | Check IP against Tor exit nodes |
 | `!iprep <ip\|update>` | Check IP against Firehol/ET blocklists |
 | `!cve <id\|search>` | CVE lookup from local NVD mirror |
+| `!opslog <add\|list\|search\|del\|clear>` | Timestamped operational log |
+| `!note <set\|get\|del\|list\|clear>` | Per-channel key-value notes |
+| `!subdomain <domain> [brute]` | Subdomain enumeration (crt.sh + DNS) |
+| `!headers <url>` | HTTP header fingerprinting |

 ### Command Shorthand