Container can't reach 127.0.0.1 on the host. Use the host's LAN
address 192.168.129.11 so containerized plugins can reach the
SOCKS5 forwarder.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All plugins importing derp.http failed to load because PySocks
was missing from the container. Add it alongside maxminddb.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Was incorrectly set to 127.0.0.1. The Tor DNSPort runs on the
remote relay at 10.200.1.13:9053. Alt relays noted in comments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Both plugins duplicated wire-format helpers and queried the system
resolver on port 53. Switch to shared derp.dns helpers and point
queries at the local Tor DNS resolver (127.0.0.1:9053) so lookups
go through Tor like all other outbound traffic.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bind-mount src/ and data/ alongside plugins/ and config so the
container picks up code changes without rebuilding. Update Makefile
targets, compose file, and INSTALL.md to match.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract shared DNS wire-format helpers into src/derp/dns.py so both
the UDP plugin (dns.py) and the new TCP plugin (tdns.py) share the
same encode/decode/build/parse logic.
The !tdns command routes queries through the SOCKS5 proxy via
derp.http.open_connection, using TCP framing (2-byte length prefix).
Default server: 1.1.1.1.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add create_connection and open_connection helpers to the shared proxy
module, covering portcheck, whois, tlscheck, and crtsh live-cert check.
UDP-based plugins (dns, blacklist, subdomain) stay direct.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add PySocks dependency and shared src/derp/http.py module providing
proxy-aware urlopen() and build_opener() that route through
socks5h://127.0.0.1:1080. Subclassed SocksiPyHandler passes SSL
context through to HTTPS connections.
Swapped 14 external-facing plugins to use the proxied helpers.
Local-only traffic (SearXNG, raw DNS/TLS sockets) stays direct.
Updated test mocks in test_twitch and test_alert accordingly.
Add standalone !searx command for on-demand SearXNG search (top 3 results).
Add SearX as a third backend (sx) to the alert plugin for keyword monitoring.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Search keywords across YouTube (InnerTube) and Twitch (GQL)
simultaneously, announcing new results per channel. Supports
add/del/list/check subcommands with per-platform seen lists.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Poll Twitch streamers via public GQL endpoint and announce
offline-to-live transitions in IRC channels. Tracks stream ID
to avoid re-announcing the same stream.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Follow YouTube channels via Atom feeds with !yt follow/unfollow/list/check.
Resolves any YouTube URL to a channel ID, polls for new videos, and
announces them in IRC channels.
Subscribe RSS/Atom feeds to IRC channels with periodic polling,
new-item announcements, deduplication, and persistence across restarts.
Supports conditional HTTP requests (ETag/Last-Modified), automatic
backoff on errors, and per-channel feed limits.
WHO doesn't support multiple targets (absent from TARGMAX on all
major IRCds). Replace per-nick WHO with a debounced per-channel WHO:
on JOIN, schedule WHO #channel after 2s delay. Subsequent JOINs
within the window reset the timer, so a netsplit producing dozens
of JOINs results in a single WHO.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previously the bot only sent WHO on connect (001), so users joining
after the initial scan were never checked for oper status. Now sends
WHO <nick> on every JOIN event to detect opers mid-session.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Calendar reminders use bot.state (SQLite KV) for persistence across
restarts. Supports one-shot at specific date/time and yearly recurring
reminders with leap day handling. Restored automatically on connect
via 001 event handler.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Expand test coverage from 23 pure helper tests to 53 tests covering
the full plugin: _cleanup, _remind_once, _remind_repeat, and the
complete cmd_remind handler (usage, oneshot, repeating, list, cancel,
target routing). Fix IndexError on `!remind every` with no arguments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Supports duration parsing (5m, 1h30m, 2d12h), short hex IDs for
tracking, list/cancel subcommands, and repeating intervals via
`!remind every <duration> <text>`. Includes 23 unit tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Same importlib fix as test_username.py -- load plugins.crtsh from
file path since plugins/ is not a Python package.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Load plugins.username via importlib.util.spec_from_file_location
since plugins/ is not a Python package on sys.path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Queue-based _MockConnection replaces IRCConnection to test the full
bot pipeline (registration -> dispatch -> handler -> response) without
network I/O. 14 tests cover CAP negotiation, PING/PONG, command
dispatch, prefix matching, admin enforcement, channel filtering,
and CTCP responses.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add !username section to USAGE.md with examples. Add OSINT quick
reference entries to CHEATSHEET.md. Mark username plugin done in
ROADMAP.md and TASKS.md.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
53 tests covering regex validation, service registry integrity,
classification logic (status/json/body), formatting, and category
grouping.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cross-platform username OSINT across ~25 services (GitHub, GitLab,
Reddit, Docker Hub, Keybase, Dev.to, Twitch, Steam, etc). Hybrid
approach using HTTP status probes, JSON APIs, and body search.
8 parallel workers via ThreadPoolExecutor, 20s overall timeout.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
!help now only lists commands from plugins allowed in the current
channel. !help <cmd> and !help <plugin> return "unknown" for
filtered plugins. PMs remain unrestricted.
Channels with a [channels."#name"] section and `plugins` list only run
those plugins. Unconfigured channels run everything. Core is always
active. PMs are unrestricted. Denied commands are silently ignored.
Containerfile now installs only dependencies (maxminddb). Source
code, plugins, and config are volume-mounted via docker-compose.
Code changes no longer require an image rebuild.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reduces image size from 157 MB to 61 MB. All dependencies
(maxminddb) have pre-built musl wheels, no build toolchain needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document message truncation, reconnect backoff, dork and wayback
plugins. Update roadmap, tasks, and plugin table.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Query Wayback Machine availability API via urllib + executor.
Supports optional timestamp parameter for date-targeted lookups.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Template-based Google dork categories for recon. No HTTP calls,
no external deps. Supports 10 categories (admin, files, dirs, etc.).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split outgoing messages at UTF-8 safe boundaries to comply with
RFC 2812 line limit. Accounts for PRIVMSG overhead and CRLF.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement CAP LS 302 flow with configurable ircv3_caps list, replacing
the minimal SASL-only registration. Parse IRCv3 message tags (@key=value)
with proper value unescaping. Add channel management plugin (kick, ban,
unban, topic, mode) and bot API methods. Add SQLite key-value StateStore
for plugin state persistence with !state inspection command.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ExploitDB: search local exploit-db CSV mirror by keyword, EDB ID,
or CVE identifier. In-bot update command downloads the latest CSV
from GitLab. Also added to the update-data.sh script.
Payload: built-in template library with 52 payloads across 6
categories (sqli, xss, ssti, lfi, cmdi, xxe). Supports browsing,
numeric index, and keyword search within categories.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Opslog: timestamped operational log per channel with add, list,
search, and delete. SQLite-backed, admin-only clear.
Note: persistent per-channel key-value store with set, get, del,
list, clear. SQLite-backed, admin-only clear.
Subdomain: enumeration via crt.sh CT log query with optional DNS
brute force using a built-in 80-word prefix wordlist. Resolves
discovered subdomains concurrently.
Headers: HTTP header fingerprinting against 50+ signature patterns.
Detects servers, frameworks, CDNs, and security headers (HSTS, CSP,
XFO, etc).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
