• /claim #6403

Description

This PR introduces a new flag -hd (or -honeypot-detection) to suppress results from targets that trigger an unusually high number of unique template matches in a single session, which is a common characteristic of honeypots.

Changes

• Thread-Safe Tracking: Added a HoneypotTracker using sync.RWMutex to ensure safe concurrent access during multi-threaded scans.
• Unique Match Logic: Instead of simple hit counting, the system tracks unique TemplateIDs per host to avoid false positives from noisy single templates.
• Threshold: Implemented a limit of 10 unique template matches per host before suppressing further output.
• Host Normalization: Includes logic to normalize IPv6 addresses (handling brackets []) to ensure consistent tracking across different network protocols.

Validation

• Verified syntax using go vet.
• Cleaned imports and formatting using goimports.
• Logic is placed early in the Write method of StandardWriter to maximize efficiency and prevent unnecessary JSON/text processing for flagged hosts.

Summary by CodeRabbit

• New Features

  • New CLI flag to enable honeypot detection: tracks hosts, warns on first detection, and suppresses subsequent results for suspected honeypots.
  • Optional debug storage for request/response data with safer filename handling.
  • Expanded result metadata for richer logging and output context.

• Chores

  • Minor formatting and whitespace tweaks; redaction output formatting adjusted.