[pull] master from haccer:master

.github/workflows/ci.yml

@@ -0,0 +1,19 @@
+name: CI
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - run: go build ./...
+      - run: go vet ./...
+      - run: go test ./...

.github/workflows/release.yml

@@ -0,0 +1,47 @@
+name: Release
+
+on:
+  release:
+    types: [created]
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: linux
+            goarch: arm64
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+          - goos: windows
+            goarch: amd64
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Build
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          ext=""
+          if [ "$GOOS" = "windows" ]; then ext=".exe"; fi
+          go build -o subjack-${GOOS}-${GOARCH}${ext} .
+      - name: Upload release asset
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          ext=""
+          if [ "$GOOS" = "windows" ]; then ext=".exe"; fi
+          gh release upload "${{ github.event.release.tag_name }}" subjack-${GOOS}-${GOARCH}${ext}

.gitignore

@@ -1,21 +1,29 @@
-# common files
-*~
-*.log
-*.bak
-*.tmp
-*.swp
-*.lock
-
-# .gitignore Go Template
-# Binaries for programs and plugins
+# Binaries
+# Ignore the built binary, not the subjack/ source directory
+/subjack
+!/subjack/
 *.exe
 *.exe~
 *.dll
 *.so
 *.dylib
 
-# Test binary, build with `go test -c`
+# Test binary, built with `go test -c`
 *.test
 
-# Output of the go coverage tool, specifically when used with LiteIDE
+# Output of the go coverage tool
 *.out
+
+# Go vendor directory
+/vendor/
+
+# IDE and editor files
+.idea/
+.vscode/
+*.swp
+*~
+
+# Misc
+*.log
+*.bak
+*.tmp

CONTRIBUTING.md

@@ -0,0 +1,108 @@
+# Contributing to Subjack
+
+Thanks for your interest in contributing to Subjack! This guide will help you get started.
+
+## Getting Started
+
+1. Fork the repository
+2. Clone your fork:
+   ```bash
+   git clone https://github.com/<your-username>/subjack.git
+   cd subjack
+   ```
+3. Create a feature branch:
+   ```bash
+   git checkout -b my-feature
+   ```
+
+## Development Setup
+
+Subjack requires the Go version specified in `go.mod` or later. Verify your installation:
+
+```bash
+go version
+```
+
+Build the project:
+
+```bash
+go build .
+```
+
+Run the linter:
+
+```bash
+go vet ./...
+```
+
+Run tests:
+
+```bash
+go test ./...
+```
+
+## Project Structure
+
+```
+subjack/
+├── main.go              # CLI entry point and flag parsing
+├── subjack/
+│   ├── subjack.go       # Core orchestration logic
+│   ├── dns.go           # DNS resolution and NXDOMAIN checking
+│   ├── fingerprint.go   # Fingerprint matching logic
+│   ├── http.go          # HTTP client (fasthttp)
+│   ├── output.go        # Result formatting and file I/O
+│   └── fingerprints.json # Embedded service fingerprints
+├── .github/workflows/   # CI and release pipelines
+├── go.mod
+└── go.sum
+```
+
+## Adding a New Fingerprint
+
+To add detection for a new vulnerable service, add an entry to `subjack/fingerprints.json`:
+
+```json
+{
+  "service": "Example Service",
+  "cname": ["example.com"],
+  "fingerprint": ["The unique error string shown on unclaimed pages"],
+  "nxdomain": false
+}
+```
+
+- **service** — Name of the service.
+- **cname** — CNAME patterns that identify the service.
+- **fingerprint** — Strings found in the HTTP response body when the subdomain is claimable.
+- **nxdomain** — Set to `true` if the takeover relies on the CNAME target being unregistered rather than an HTTP fingerprint.
+
+You can use [Can I take over XYZ?](https://github.com/EdOverflow/can-i-take-over-xyz) as a starting point, but always verify the vulnerability independently through your own testing.
+
+## Making Changes
+
+- Follow standard Go conventions and format your code with `gofmt`.
+- Keep changes focused — one feature or fix per pull request.
+- Ensure `go build ./...` and `go vet ./...` pass before submitting.
+- Add or update tests where applicable.
+
+## Submitting a Pull Request
+
+1. Push your branch to your fork:
+   ```bash
+   git push origin my-feature
+   ```
+2. Open a pull request against the `master` branch.
+3. Describe what your change does and why.
+4. CI will run `go build`, `go vet`, and `go test` automatically — make sure all checks pass.
+
+## Reporting Issues
+
+Open an issue on GitHub with:
+
+- A clear description of the problem or suggestion.
+- Steps to reproduce (for bugs).
+- Expected vs. actual behavior.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [Apache License 2.0](LICENSE).