feat: add canary, tcping, archive, resolve plugins

canary: generate realistic fake credentials (token/aws/basic) for planting as canary tripwires. Per-channel state persistence. tcping: TCP connect latency probe through SOCKS5 proxy with min/avg/max reporting. Proxy-compatible alternative to traceroute. archive: save URLs to Wayback Machine via Save Page Now API, routed through SOCKS5 proxy. resolve: bulk DNS resolution (up to 10 hosts) via TCP DNS through SOCKS5 proxy with concurrent asyncio.gather. 83 new tests (1010 total), docs updated.
2026-02-20 19:38:10 +01:00
parent 7c40a6b7f1
commit e3bb793574
12 changed files with 1565 additions and 2 deletions
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@@ -134,6 +134,10 @@ format = "text"               # Log format: "text" (default) or "json"
 | `!vt <hash\|ip\|domain\|url>` | VirusTotal lookup |
 | `!emailcheck <email> [email2 ...]` | SMTP email verification (admin) |
 | `!internetdb <ip>` | Shodan InternetDB host recon (ports, CVEs, CPEs) |
+| `!canary <gen\|list\|info\|del>` | Canary token generator/tracker |
+| `!tcping <host> [port] [count]` | TCP connect latency probe via SOCKS5 |
+| `!archive <url>` | Save URL to Wayback Machine |
+| `!resolve <host> [host2 ...] [type]` | Bulk DNS resolution via TCP/SOCKS5 |
 | `!shorten <url>` | Shorten a URL via FlaskPaste |
 | `!pastemoni <add\|del\|list\|check>` | Paste site keyword monitoring |

@@ -959,6 +963,102 @@ Output format:
 - All requests routed through SOCKS5 proxy
 - Returns "no data available" for IPs not in the InternetDB index

+### `!canary` -- Canary Token Generator
+
+Generate realistic-looking credentials for planting as canary tokens (tripwires
+for detecting unauthorized access). Tokens are persisted per-channel.
+
+```
+!canary gen db-cred                Generate default token (40-char hex)
+!canary gen aws staging-key        AWS-style keypair
+!canary gen basic svc-login        Username:password pair
+!canary list                       List canaries in channel
+!canary info db-cred               Show full token details
+!canary del db-cred                Delete a canary (admin)
+```
+
+Token types:
+
+| Type | Format | Example |
+|------|--------|---------|
+| `token` | 40-char hex (API key / SHA1) | `a3f8b2c1d4e5...` |
+| `aws` | AKIA access key + base64 secret | `AKIA7X9M2PVL5N...` |
+| `basic` | user:pass pair | `svcadmin:xK9mP2vL5nR8wQ3z` |
+
+- `gen` and `del` require admin privileges
+- All subcommands must be used in a channel (not PM)
+- Labels: 1-32 chars, alphanumeric + hyphens + underscores
+- Maximum 50 canaries per channel
+- Persisted via `bot.state` (survives restarts)
+
+### `!tcping` -- TCP Connect Latency Probe
+
+Measure TCP connect latency to a host:port through the SOCKS5 proxy. Sequential
+probes with min/avg/max summary.
+
+```
+!tcping example.com                 Port 443, 3 probes
+!tcping example.com 22              Port 22, 3 probes
+!tcping example.com 80 5            Port 80, 5 probes
+```
+
+Output format:
+
+```
+tcping example.com:443 -- 3 probes  1: 45ms  2: 43ms  3: 47ms  min/avg/max: 43/45/47 ms
+```
+
+- Default port: 443, default count: 3
+- Max count: 10, timeout: 10s per probe
+- Private/reserved addresses rejected
+- Routed through SOCKS5 proxy
+
+### `!archive` -- Wayback Machine Save
+
+Save a URL to the Wayback Machine via the Save Page Now API.
+
+```
+!archive https://example.com/page
+```
+
+Output format:
+
+```
+Archiving https://example.com/page...
+Archived: https://web.archive.org/web/20260220.../https://example.com/page
+```
+
+- URL must start with `http://` or `https://`
+- Timeout: 30s (archiving can be slow)
+- Handles 429 rate limit, 523 origin unreachable
+- Sends acknowledgment before archiving
+- Routed through SOCKS5 proxy
+
+### `!resolve` -- Bulk DNS Resolution
+
+Resolve multiple hosts via TCP DNS through the SOCKS5 proxy. Concurrent
+resolution with compact output.
+
+```
+!resolve example.com github.com       A records (default)
+!resolve example.com AAAA             Specific record type
+!resolve 1.2.3.4 8.8.8.8             Auto PTR for IPs
+```
+
+Output format:
+
+```
+example.com -> 93.184.216.34
+github.com -> 140.82.121.3
+badhost.invalid -> NXDOMAIN
+```
+
+- Max 10 hosts per invocation
+- Default type: A (auto-detect IP -> PTR)
+- DNS server: 1.1.1.1 (Cloudflare)
+- Concurrent via `asyncio.gather()`
+- Valid types: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA
+
 ### FlaskPaste Configuration

 ```toml