v0.3.0: DFS pipeline, discovery, throughput, SOCKS5 auth, TUI overhaul#9
Open
QuantIntellect wants to merge 11 commits intoSamNet-dev:mainfrom
Open
v0.3.0: DFS pipeline, discovery, throughput, SOCKS5 auth, TUI overhaul#9QuantIntellect wants to merge 11 commits intoSamNet-dev:mainfrom
QuantIntellect wants to merge 11 commits intoSamNet-dev:mainfrom
Conversation
Neighbor discovery: when a resolver passes all scan steps, its /24 subnet is automatically expanded and queued for scanning. Runs in rounds (default max 3) until no new subnets are found. This exploits the observation that working resolvers tend to cluster in the same /24 block. Throughput test: goes beyond the e2e handshake by performing a full HTTP GET request through the SOCKS5 tunnel proxy. Verifies that real payload (not just a 4-byte handshake reply) flows bidirectionally through the DNS tunnel. Reports throughput_bytes and throughput_ms metrics. Also: - Add MergeChainReports helper to DRY up batch merge logic - Refactor scan.go batch/non-batch paths to share a single report variable - Add throughput/dnstt step to chain command - Update README (EN + FA) with new features, flags, and examples - Remove stale --test-url, --proxy-auth, and curl references from README Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previously, the scan processed ALL IPs through step 1 (ping), waited for ALL to finish, then ALL survivors through step 2 (nxdomain), etc. With 1M IPs this meant waiting hours before seeing any results. Now each worker takes ONE IP and runs it through the entire pipeline (ping → nxdomain → resolve → e2e). If any step fails, the worker immediately moves to the next IP. Results appear as soon as individual IPs complete all steps. - New RunPipeline() in scanner package: channel-based DFS pipeline - New runPipelineScan() in scan.go: live display of passed IPs with metrics, single progress bar with pass/fail counts - Each passed IP is printed immediately as it's discovered - Works with --batch, --discover, and --resume Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Switch TUI scan from BFS (RunChainQuietCtx) to DFS (RunPipeline) - Show overall progress bar with pass/fail counts - Per-step breakdown shows tested/passed/rate for each step - Live display of last 8 passed IPs with their metrics - Add Discover and Throughput toggles to config screen - Add throughput/dnstt step to pipeline when enabled Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Keep ALL passed IPs during scan (not just last 8) - Scrollable results table in TUI with ↑/↓ keys and all metrics - Auto-scroll to latest result, manual scroll to review history - Live append each passed IP to _ips.txt immediately (both CLI and TUI) - Results file available during scan, not just at the end Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add DFS pipeline description (EN + FA): each worker runs one IP through all steps, results appear instantly, IPs live-appended to file - Document --query-size and --cidr-file flags (both EN and FA tables) - Fix e2e-timeout default: 20 → 30 (matches root.go) - Add live file append note to --output-ips description - Add DFS pipeline to features table (EN + FA) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…hput DFS pipeline, neighbor discovery, throughput test, and TUI overhaul
For dnstt setups requiring SOCKS5 authentication, the e2e test now supports RFC 1929 username/password negotiation via --socks-user and --socks-pass flags. When credentials are provided, the SOCKS5 handshake uses method 0x02 instead of 0x00 (no-auth). Also adds --connect-addr to configure the SOCKS5 CONNECT target. Default remains example.com:80, but setting it to host:22 enables SSH banner verification — proving the tunnel can reach an SSH server. Changes: - Add SOCKS5Opts type and socks5Handshake/socks5Connect helpers - Update all e2e/throughput check functions to accept SOCKS5Opts - Add --socks-user, --socks-pass, --connect-addr to scan, chain, e2e dnstt, e2e slipstream, and doh e2e commands - Add SOCKS User/Pass/Connect Addr fields to TUI config (E2E section) - Update README (EN + FA) with new flags and examples Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The welcome screen's CLI Flags mode (paste flags to pre-fill config) was missing --discover, --throughput, --socks-user, --socks-pass, and --connect-addr. Users pasting CLI flags in the TUI now get all options applied correctly. Also updates the CLI examples shown in the welcome screen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes all issues raised in SamNet-dev#7 review: 1. Fix goroutine leak in pipeline.go: add WaitGroup for workers, drain results channel on cancellation. No goroutines left behind. 2. Make DFS opt-in (--dfs flag): BFS (RunChainQuietCtx) remains the default, proven pipeline. DFS is available for users who want instant results on large scans. 3. Add --discover-max flag: caps IPs per discovery round to prevent unbounded scan explosion (e.g. --discover-max 1000). 4. Fix throughput false negatives: lower minimum from 100 bytes to any data (1+ bytes). A valid HTTP redirect or short response still proves payload flows through the tunnel. 5. Fix IP file overwrite: in DFS mode, saveResults skips WriteIPList since the file is already live-appended by the pipeline. 6. Discovery rounds use the same BFS/DFS mode as the main scan (via runScanChunk helper). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Author
|
All issues from your review on #7 have been addressed in this PR:
This PR also adds SOCKS5 username/password auth ( |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Major feature additions with all review feedback from #7 addressed.
Review Fixes (from #7)
sync.WaitGroup+ drain loop on cancellation. No leaked goroutines.--dfs). BFS (RunChainQuietCtx) remains default.--connect-addr.--discover-max Nto cap IPs per round.runScanChunkpath as main scan.WriteIPListinsaveResults(file is live-appended).New Features
--dfs) — each worker runs one IP through all steps, results appear instantly--discover,--discover-rounds,--discover-max) — auto-scan /24 subnets--throughput) — HTTP payload transfer through tunnel--socks-user,--socks-pass) — RFC 1929 username/password--connect-addr host:22) — SSH banner verification through tunnel_ips.txtwritten in real-time during DFS scanBackwards Compatibility
chaincommand unchanged🤖 Generated with Claude Code