Fix --recon to extract info-tagged data (phone, email, ID) #133
+23
−8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The --recon flag was only extracting items tagged as "pentest", missing important reconnaissance information tagged as "info" such as phone numbers, emails, and ID cards. This caused the plugin to appear broken compared to v1.2.1. Changed BuildPlugin() to combine both "pentest" and "info" tagged extractors when ReconPlugin is enabled, restoring the expected behavior of extracting comprehensive reconnaissance data including: - Phone numbers (info) - Email addresses (info) - AWS keys (pentest) - Passwords (pentest) - And other sensitive information Tested with a sample HTML page containing phone, email, and AWS key data, confirming all three are now properly extracted and displayed. Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Address code review feedback by pre-allocating the slice capacity based on the combined size of pentest and info extractors. This avoids multiple reallocations during append operations, improving performance. Also simplified the conditional checks to use len() instead of map lookups, which is more idiomatic and slightly more efficient. Tested with multiple extraction types (phones, emails, IPs, AWS keys) and confirmed all are properly extracted. Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Contributor
|
检查一下 1.2.1 为什么可以正常工作, 并且可以基于 https://baidu.com 进行对比测试, 确认是否可以工作。 |
Remove redundant length checks before append operations. The append operation with spread operator safely handles empty slices without requiring explicit guards, making the code cleaner and more idiomatic. This change does not affect functionality - empty slices are appended safely without any performance penalty. Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Extract pentest and info extractors into variables before using them. This approach is nil-safe because len() on nil slices returns 0 and append() with nil slices works correctly in Go. This also makes the code cleaner by avoiding repeated map lookups. Addresses code review feedback about potential panics if the extractor maps don't exist or are nil. Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Co-authored-by: chainreactorbot <115772397+chainreactorbot@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix recon functionality issue after version 1.2.2
Fix --recon to extract both security and info reconnaissance data
Feb 11, 2026
Copilot
AI
changed the title
Fix --recon to extract both security and info reconnaissance data
Fix --recon to extract info-tagged data (phone, email, ID)
Feb 11, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After v1.2.2,
--recononly extracted security-sensitive data (pentest-tagged extractors), missing contact and identification data (info-tagged extractors) like phone numbers, emails, and ID cards.Root Cause
BuildPlugin()populated the recon extractor set with only pentest-tagged extractors:Extractor tags from embedded templates:
Changes
Combine both extractor sets for comprehensive reconnaissance:
Implementation is nil-safe:
len()on nil slices returns 0,append()with nil slices is a no-op.Verification
Tested with HTML containing phone numbers matching v1.2.1 screenshot:
Output format and extraction behavior now matches v1.2.1.
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
baidu.com/tmp/spray_fixed /tmp/spray_fixed -u REDACTED --recon(dns block)www.baidu.com/tmp/spray_fixed /tmp/spray_fixed -u REDACTED --recon go1.24.12 -c=4 -nolocalimports -importcfg /tmp/go-build3748499582/b329/importcfg -pack /opt/hostedtoolcache/go/1.24.12/x64/src/os/user/cgo_listgroups_unix.go /opt/hostedtoolcache/go/1.24.12/x64/src/os/user/cgo_lookup_unix.go(dns block)/tmp/spray_fixed /tmp/spray_fixed -u REDACTED --recon -v -c=4 -nolocalimports -importcfg /tmp/go-build3748499582/b330/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/muesli/termenv@v0.16.0/ansicolors.go /home/REDACTED/go/pkg/mod/github.com/muesli/termenv@v0.16.0/color.go(dns block)/tmp/spray_fixed /tmp/spray_fixed -u REDACTED --recon --no-bar -c=4 -nolocalimports -importcfg /tmp/go-build3748499582/b354/importcfg -pack /home/REDACTED/go/pkg/mod/github.com/gookit/goutil@v0.6.15/arrutil/arrutil.go /home/REDACTED/go/pkg/mod/github.com/gookit/goutil@v0.6.15/arrutil/check.go(dns block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.