hash/FunguyBot
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated README.md

Browse Source
This commit is contained in:
Hash Borgir
2026-05-07 16:42:43 -05:00
parent 0de3ddbd9e
commit 3a7eda87d1
2 changed files with 44 additions and 667 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+44 -667
View File
@@ -96,603 +96,49 @@ For a complete list of available commands and their descriptions, use the `!comm
# 🍄 Funguy Bot Commands 🍄
## Plugin Documentation
### Core Commands
**🍄 !help**
Displays comprehensive help documentation for all available commands with usage examples.
**🔌 !plugins**
Lists all loaded plugins along with their descriptions.
**⏰ !date**
Displays the current date and time with proper ordinal formatting.
**🃏 !fortune**
Returns a random fortune message using the fortune command.
### Utility Commands
**💻 !proxy**
Retrieves and tests random SOCKS5 proxies from public sources, showing latency and caching working proxies.
**📶 !isup [domain/ip]**
Checks if a website or server is reachable, including DNS resolution and HTTP/HTTPS service checks.
**☯ !karma [user] [up/down]**
Manages karma points for users. View karma with `!karma user`, increase with `!karma user up`, decrease with `!karma user down`.
**🌧️ !weather [location]**
Fetches current weather information for any location using OpenWeatherMap API.
*Requires OPENWEATHER_API_KEY environment variable*
**📖 !ud [term] [index]**
Fetches definitions from Urban Dictionary. Use without arguments for random definition, or specify term and optional index.
**🔍 !dns [domain]**
Performs comprehensive DNS reconnaissance on a domain. Shows A, AAAA, MX, NS, TXT, CNAME, SOA, and other DNS records.
**💰 !btc**
Fetches the current Bitcoin price in USD from bitcointicker.co API.
### 🔍 Shodan Security Research
**📡 !shodan [command] [query]**
Shodan.io integration for security reconnaissance and threat intelligence.
**Commands:**
- `!shodan ip <ip_address>` - Detailed IP information (services, ports, banners)
- `!shodan search <query>` - Search Shodan database with filters
- `!shodan host <domain>` - Host information and subdomain enumeration
- `!shodan count <query>` - Count results with geographic/organization breakdown
- `!shodan test` - Test API connection and debug queries
**Search Examples:**
```bash
!shodan search apache
!shodan search "port:22 country:US"
!shodan search "product:nginx city:'New York'"
!shodan search "net:192.168.1.0/24"
!shodan search "vuln:cve-2021-44228"
!shodan search "http.title:'phpMyAdmin'"
!shodan search "ssl.cert.subject.cn:'example.com'"
Common Search Filters:
country:US - Filter by country
city:"New York" - Filter by city
port:80,443,8080 - Filter by ports
product:nginx - Filter by service/product
os:Windows - Filter by operating system
org:"Google" - Filter by organization
net:192.168.0.0/16 - Filter by network range
has_ssl:true - Has SSL certificate
http.title:"admin" - HTTP page title contains
```
### 🔍 DNSDumpster Reconnaissance
**🌐 !dnsdumpster [domain]**
Comprehensive DNS reconnaissance and attack surface mapping using DNSDumpster.com API.
**Commands:**
- `!dnsdumpster <domain>` - Complete DNS reconnaissance for any domain
- `!dnsdumpster test` - Test API connection and key validity
**Features:**
- **A Records**: All IPv4 addresses with geographic and ASN information
- **NS Records**: Complete name server information with IP locations
- **MX Records**: All mail servers with geographic data
- **CNAME Records**: Full alias chain mappings
- **TXT Records**: All text records including SPF, DKIM, verification records
- **Additional Records**: AAAA, SRV, SOA, PTR records when available
- **Web Services**: HTTP/HTTPS service detection with banner information
**Examples:**
```bash
!dnsdumpster google.com
!dnsdumpster github.com
!dnsdumpster example.com
!dnsdumpster test
Data Returned:
Total record counts for each type
IP addresses with country and ASN information
Web server banners and technologies
Complete subdomain and host mappings
Geographic distribution of services
Requires DNSDUMPSTER_KEY environment variable in .env file
```
### 🔍 WHOIS Lookup
**🌐 !whois <domain/ip>**
Perform comprehensive WHOIS lookups for domains and IP addresses.
**Features:**
- Domain validation and IP address recognition
- Registrar information and WHOIS server details
- Registration, update, and expiration dates
- Domain status and name server information
- Organization and geographic contact details
- Formatted HTML output with clear sections
- Comprehensive error handling for invalid queries
**Usage Examples:**
```bash
!whois example.com
!whois google.com
!whois 8.8.8.8
!whois 1.1.1.1
```
**Output includes:**
- Domain/IP query information
- Registrar and WHOIS server
- Important dates (creation, update, expiration)
- Domain status codes
- Name servers (up to 5, with count if more)
- Contact information (organization, country, state, city)
**Error Handling:**
- Validates domain/IP format before querying
- Provides clear error messages for failed lookups
- Handles rate limiting and WHOIS server unavailability
### 🔍 Subdomain Enumeration
**🔍 !subdomains [domain]**
Enumerate subdomains using SSL certificate transparency logs with the CertSpotter API.
**Features:**
- Discovers subdomains through SSL certificate transparency logs
- Uses the free CertSpotter API for enumeration
- No rate limiting or API key required
- Identifies subdomains through certificate SAN (Subject Alternative Name) enumeration
- No configuration required
**Examples:**
```bash
!subdomains example.com
!subdomains google.com
!subdomains github.com
```
**Output includes:**
- List of discovered subdomains from certificate transparency logs
- Formatted list with up to 20 subdomains shown
- Total count of discovered subdomains
### 🌐 IP Geolocation
**📍 !geo [ip/domain]**
Perform IP geolocation lookups with detailed geographic information.
**Features:**
- Uses ip-api.com as primary geolocation service with ipapi.co fallback
- Automatic domain to IP resolution
- Comprehensive geographic information
- No API key required for basic usage
**Examples:**
```bash
!geo 8.8.8.8
!geo example.com
!geo google.com
```
**Information provided:**
- Country and country code
- Region/State
- City
- Postal code
- Latitude/Longitude coordinates
- Timezone
- ISP/Organization
- Autonomous System Number (ASN)
### 🎵 Last.fm Integration
**🎵 !register [username] and comprehensive music analytics**
**Features:**
- Associate Matrix ID with Last.fm username
- Display currently playing tracks
- Uses SQLite database for user associations
**Commands:**
- `!register <username>` - Register your Last.fm username
- `!np [user]` - Display currently playing track
- `!recent [user] [limit]` - Show recent tracks (default 10, max 50)
- `!toptracks [user] [period]` - Show top tracks (overall/7day/1month/3month/6month/12month)
- `!topartists [user] [period]` - Show top artists
- `!topalbums [user] [period]` - Show top albums
- `!loved [user]` - Show recently loved tracks
- `!profile [user]` - Detailed user profile
- `!playcount [user]` - Total scrobbles
- `!scrobbles [user]` - Detailed scrobbling statistics
- `!compare <user1> <user2>` - Compare musical tastes
- `!taste [user]` - Top artists with taste-o-meter
- `!friends [user]` - Show Last.fm friends
- `!recommend [user]` - Artist recommendations
- `!similar <artist>` - Find similar artists
- `!tag <tag>` - Top artists for a tag/genre
- `!charts` - Global top tracks chart
- `!tagcloud [user]` - Top genre tags
- `!now` - What are registered users playing?
- `!decades [user]` - Favorite decades analysis
- `!genres [user]` - Top genres/tags
- `!era <year>` - Popular tracks from a year
- `!weekly [user]` - Weekly listening report
- `!monthly [user]` - Monthly listening report
- `!yearly [user] [year]` - Yearly listening report
- `!first <artist> [user]` - Find first scrobble of an artist
- `!concerts [user]` - Upcoming concerts for top artists
- `!radio <artist>` - Generate playlist based on artist
- `!mashup <artist1> <artist2>` - Musical connections between artists
- `!collage [user] [size]` - Top album art URLs
- `!listening [user]` - Currently listening with album art
- `!awards [user]` - Milestone achievements
**Examples:**
```bash
!register your_lastfm_username
!np
!recent 20
!topartists 7day
!compare user1 user2
!similar radiohead
!tag electronic
!era 1994
```
### ExploitDB Plugin
A security plugin that searches Exploit-DB for vulnerabilities and exploits directly from Matrix.
### Features
- Searches the official Exploit-DB CSV database for security exploits
- Provides direct links to exploit details
- Fallback to web search when CSV lookup fails
- Configurable result limits (1-10)
- Formatted output with exploit metadata
### Commands
- `!exploitdb <search term> [max_results]` - Search Exploit-DB for vulnerabilities
### Examples
```
!exploitdb wordpress
!exploitdb apache 3
!exploitdb windows privilege escalation
!exploitdb android 10
```
### Usage Notes
- Maximum results limited to 10 for performance
- Results include: title, EDB-ID, type, platform, author, date, and direct URL
- Includes responsible disclosure reminder
- Automatically falls back to search links if CSV database is unavailable
### 🔒 HTTP Security Headers Analysis
**🛡️ !headers [url]**
Comprehensive HTTP security header analysis with security scoring and recommendations.
**Features:**
- **Security Scoring**: 0-100 rating based on headers configuration
- **Header Validation**: Checks presence and proper configuration of critical security headers
- **Redirect Analysis**: Follows HTTP to HTTPS redirect chain
- **SSL Certificate**: Basic SSL/TLS certificate information
- **Information Disclosure**: Identifies revealing server headers
- **Actionable Recommendations**: Specific guidance for security improvements
**Security Headers Analyzed:**
- `Strict-Transport-Security` (HSTS) - HTTP to HTTPS enforcement
- `Content-Security-Policy` (CSP) - XSS and content injection protection
- `X-Frame-Options` - Clickjacking protection
- `X-Content-Type-Options` - MIME type sniffing prevention
- `Referrer-Policy` - Referrer information control
- `Feature-Policy` / `Permissions-Policy` - Browser feature restrictions
- Information disclosure headers (`Server`, `X-Powered-By`)
**Security Ratings:**
- **🟢 Excellent (80-100)**: Strong security headers configuration
- **🟡 Good (60-79)**: Moderate security, room for improvement
- **🟠 Fair (40-59)**: Basic security, significant improvements needed
- **🔴 Poor (0-39)**: Weak security headers configuration
**Examples:**
```bash
!headers example.com
!headers https://github.com
!headers localhost:8080
!headers subdomain.target.com
```
### 🔐 Hash Identification
**🔄 !hashid [hash]**
Advanced hash type identification with confidence scoring and tool recommendations.
**Features:**
- **Comprehensive Detection**: 100+ hash types including modern, legacy, and exotic algorithms
- **Confidence Scoring**: Color-coded confidence levels (🟢 Very High to 🔴 Low)
- **Tool Integration**: Hashcat mode numbers and John the Ripper format names
- **Context-Aware**: Handles modular crypt formats, LDAP, database, and network hashes
**Supported Hash Categories:**
- **Modern Algorithms**: yescrypt, scrypt, Argon2 (i/d/id), bcrypt variants
- **Unix/Linux**: SHA-512/256 Crypt, MD5 Crypt, Apache MD5 (apr1)
- **Raw Hashes**: MD5, SHA-1/224/256/384/512, SHA-3, Keccak, BLAKE2
- **Windows**: NTLM, LM, NetNTLMv1/v2
- **Databases**: MySQL (4.1+, old), PostgreSQL, Oracle (11g, 12c), MSSQL
- **Web/CMS**: WordPress, phpBB3, Drupal 7+, Django PBKDF2
- **LDAP**: SSHA, SMD5, various LDAP crypt formats
- **Exotic**: Whirlpool, RIPEMD, GOST, Tiger, Haval
**Tool Integration:**
- **Hashcat**: Mode numbers for direct use with `-m` parameter
- **John the Ripper**: Format names for `--format=` parameter
- **Multi-tool Support**: Works with most popular password cracking tools
**Examples:**
```bash
!hashid 5d41402abc4b2a76b9719d911017c592
!hashid aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
!hashid $6$rounds=5000$salt$hashvalue...
!hashid $y$j9T$... (modern Linux yescrypt)
!hashid 8846f7eaee8fb117ad06bdd830b7586c
!hashid *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19
```
### 🔐 SSL/TLS Security Scanner
**🔐 !sslscan [domain[:port]]**
Comprehensive SSL/TLS security scanning and analysis with vulnerability detection.
**Features:**
- **Protocol Analysis**: TLS 1.0-1.3 support testing with security scoring
- **Certificate Validation**: Chain validation, expiration, signature algorithms
- **Cipher Suite Testing**: 25+ cipher suites with strength classification
- **Vulnerability Detection**: POODLE, weak ciphers, protocol vulnerabilities
- **Security Scoring**: 0-100 rating with color-coded assessment
- **Compliance Checking**: PCI DSS and modern security standards
**Security Checks:**
- **Protocol Security**: TLS 1.2/1.3 enforcement, insecure protocol detection
- **Certificate Health**: Expiration monitoring, signature strength validation
- **Cipher Security**: RC4, DES, 3DES, NULL cipher detection and classification
- **Modern Standards**: Forward Secrecy, strong encryption, best practices
**Output Features:**
- **Security Score**: Overall rating (🟢 Excellent to 🔴 Poor)
- **Detailed Breakdown**: Protocol support, cipher analysis, certificate info
- **Vulnerability List**: CVE references and severity ratings
- **Actionable Recommendations**: Specific fixes and configuration improvements
- **Quick Assessment**: Executive summary for rapid evaluation
**Examples:**
```bash
!sslscan example.com
!sslscan github.com:443
!sslscan localhost:8443
!sslscan 192.168.1.1:443
```
🟢 Excellent (90-100): Modern TLS configuration with strong security
🟡 Good (80-89): Good security with minor improvements needed
🟠 Fair (60-79): Moderate security, significant improvements recommended
🔴 Poor (0-59): Critical security issues requiring immediate attention
*Note: SSLv2/SSLv3 testing limited by Python security features (intentional security measure)*
### AI & Generation Commands
**🤖 AI Commands (!tech, !music, !eth, etc.)**
Multiple AI model commands that interface with local AI API. Each command uses specialized prompts for different domains:
- `!tech` - Technology assistance
- `!music` - Music knowledge and recommendations
- `!weather` - Weather information
- And 100+ other specialized AI commands
**📸 !sd [prompt] [options]**
Generates images using self-hosted Stable Diffusion with customizable parameters:
- `--steps` - Number of generation steps (default: 4)
- `--cfg` - CFG scale (default: 2)
- `--h` - Image height (default: 512)
- `--w` - Image width (default: 512)
- `--neg` - Negative prompt
- `--sampler` - Sampler name (default: DPM++ SDE)
**📄 !text [prompt] [options]**
Generates text using the Infermatic AI API with multiple model support:
**Main Commands:**
- `!text <prompt>` - Generate text using the default model from INFERMATIC_MODEL
- `!text --list-models` - List all available models from Infermatic AI
- `!text --use-model <model> <prompt>` - Use a specific model instead of the default
**Parameters:**
- `--temperature <value>` - Set generation temperature (0.0-1.0, default: 0.9)
- `--max-tokens <value>` - Set maximum tokens to generate (default: 2048)
**Configuration:**
- Requires `INFERMATIC_API` environment variable in `.env` file (your API key)
- Requires `INFERMATIC_MODEL` environment variable in `.env` file (default: Sao10K-L3.1-70B-Hanami-x1)
**Examples:**
```bash
!text write a python function to calculate fibonacci numbers
!text --use-model llama-v3-8b-instruct explain quantum computing simply
!text --temperature 0.7 --max-tokens 500 write a haiku about artificial intelligence
!text --list-models
```
**Model Management:**
- Use `--list-models` to see available models with their capabilities
- Different models support various context lengths and specializations
- Costs and token limits vary by model
### Media & Search Commands
**🎬 YouTube Commands**
- Automatic preview when YouTube links are posted
- `!yt [search terms]` - Search for YouTube videos
- Shows video info, description, and attempts to fetch lyrics
**📰 !xkcd**
Fetches and displays a random XKCD comic.
### Academic Paper Search
**📚 !arxiv [query]**
Search academic papers on arXiv.org with categories including AI, ML, Security, Physics, Math, and more.
No API key required - completely free to use.
**Features:**
- Search across 20+ categories including computer science, mathematics, physics, economics
- Fetch paper details, abstracts, authors, and publication info
- Get papers by arXiv ID or search with custom queries
- Browse recent papers by category or get random papers
**Commands:**
- `!arxiv <query>` - Search for papers with given query terms
- `!arxiv list <query>` - List papers without showing abstracts
- `!arxiv category <category>` - Browse recent papers in a specific category
- `!arxiv recent <category>` - Most recent papers in a category
- `!arxiv random` - Get a random paper from arXiv
- `!arxiv <id>` - Get paper by arXiv ID (e.g., 2101.00101)
**Categories:** ai, ml, security, crypto, cv, nlp, math, physics, quantum, bio, software, economics
**Examples:**
```bash
!arxiv machine learning
!arxiv list quantum computing
!arxiv category ai
!arxiv recent ml
!arxiv random
!arxiv 2101.00101
```
### News Aggregator
**📰 !news [category]**
Fetch latest headlines from various news categories using GNews API.
*Requires GNEWS_API_KEY environment variable*
**Categories:**
- `!news` - Top headlines (default)
- `!news world` - World news
- `!news tech` - Technology news
- `!news business` - Business news
- `!news science` - Science news
- `!news health` - Health news
- `!news crypto` - Cryptocurrency news
- `!news search <query>` - Search for specific news
**Examples:**
```bash
!news
!news tech
!news search artificial intelligence
```
### Hacker News Reader
**🔥 !hn [command]**
Fetch top stories from Hacker News using Firebase API.
No API key required - completely free to use.
**Commands:**
- `!hn` - Show top 5 stories (default)
- `!hn top` - Top stories
- `!hn new` - Newest stories
- `!hn best` - Best stories
- `!hn ask` - Ask HN threads
- `!hn show` - Show HN posts
- `!hn job` - Job postings
- `!hn story <id>` - Get details of a specific story
- `!hn comments <id>` - Show comments for a story
- `!hn search <query>` - Search stories (via Algolia)
**Examples:**
```bash
!hn
!hn new
!hn story 1234567
!hn comments 1234567
!hn search artificial intelligence
```
### Administration Commands
*Admin only - requires admin_user configuration*
**🔧 !set [option] [value]**
Set configuration options (admin_user, prefix)
**🔍 !get [option]**
Get configuration values
**💾 !saveconf**
Save current configuration
**📥 !loadconf**
Load saved configuration
**👁️ !show**
Display current configuration
**🔄 !reset**
Reset configuration to defaults
**📤 !load [plugin]**
Load a plugin
**📥 !unload [plugin]**
Unload a plugin
**🔄 !reload**
Reload all plugins
**🚫 !disable [plugin] [room_id]**
Disable a plugin for specific room
**✅ !enable [plugin] [room_id]**
Enable a plugin for specific room
**⚙️ !rehash**
Reload configuration
### Cron System
**⏱️ !cron [add|remove] [room_id] [cron_entry] [command]**
Schedule automated commands using cron syntax:
- `add` - Add a new cron job
- `remove` - Remove an existing cron job
## Full AI Command List
The bot includes over 100 specialized AI commands covering various domains:
**Creative & Writing**: !write, !script, !author, !poem, !rap, !story, !comic, !motiv, !debate
**Technical**: !tech, !dev, !py, !php, !regex, !math, !web, !it, !security, !ai, !ml, !data, !game
**Professional**: !seo, !recruit, !coach, !devrel, !sales, !ceo, !mgmt, !startup, !invest, !fin
**Educational**: !tutor, !teach, !edu, !acad, !hist, !astro, !chem, !math, !psych
**Lifestyle**: !fit, !health, !diet, !cook, !travel, !art, !music, !film, !gaming
**Specialized**: !legal, !medical, !realest, !auto, !fashion, !design, !interior
And many more! Use `!help` in chat to see the complete list with descriptions.
## Available Plugins
The bot includes the following plugins:
- **admin.py**: Full room moderation multiword name support
- **arxiv.py**: arXiv academic paper search (with rate limiting and error reporting)
- **bitcoin.py**: Current Bitcoin price
- **config.py**: Admin-only configuration commands (preserves disabled plugins)
- **cron.py**: Inprocess cron scheduler (roomaware, no system crontab)
- **date.py**: Show current date and time
- **ddg.py**: DuckDuckGo search collapsible results (ddgs library, no API key)
- **dns.py**: DNS reconnaissance
- **dnsdumpster.py**: DNSDumpster domain reconnaissance
- **exploitdb.py**: Exploit-DB search
- **fortune.py**: Random fortune message
- **geo.py**: IP geolocation lookup
- **hackernews.py**: Hacker News integration
- **hashid.py**: Hash type identifier
- **headers.py**: HTTP security header analysis
- **help.py**: Plugin for dynamically aggregating help from all loaded plugins.
- **imdb.py**: IMDb lookup via OMDb API
- **infermatic-text.py**: AI text generation via Infermatic API
- **isup.py**: Check if a site is up
- **karma.py**: Room karma tracking system (display names only, no Matrix IDs)
- **lastfm.py**: Last.fm integration
- **loadplugin.py**: Load/unload plugins at runtime
- **news.py**: News headlines via GNews API
- **plugins.py**: List all loaded plugins
- **proxy.py**: Working SOCKS5 proxy finder
- **roomstats.py**: Peruser room statistics (Limnoriastyle), with multiword name support
- **shodan.py**: Shodan.io reconnaissance
- **sslscan.py**: SSL/TLS security scanner
- **stable-diffusion.py**: Stable Diffusion image generation
- **subdomains.py**: Subdomain enumeration via CertSpotter
- **sysinfo.py**: System information and monitoring
- **timezone.py**: World clock (no hardcoded cities)
- **urbandictionary.py**: Urban Dictionary definitions
- **weather.py**: Weather forecast (OWM primary, OpenMeteo fallback)
- **welcome.py**: Room welcome message
- **whois.py**: WHOIS lookup
- **wikipedia.py**: Wikipedia article summary
- **xkcd.py**: Random XKCD comic
- **youtube-search.py**: YouTube video search
## Configuration
@@ -709,76 +155,7 @@ The bot uses a TOML configuration file (`funguy.conf`) for settings:
- Database support (SQLite)
- External APIs (OpenWeatherMap, Urban Dictionary, YouTube)
### Wikipedia Plugin
**!wp <search term>**
Fetches Wikipedia summaries and main images for search terms using MediaWiki APIs. No HTML scraping or BeautifulSoup required.
**Examples:**
```bash
!wp artificial intelligence
!wp machine learning
!wp python programming
```
### Time Plugin
**!time <location>**
Fetches current time information for locations using the TimeAPI.io service.
**Examples:**
```bash
!time London
!time Tokyo
!time New York
```
### Karma Tracking System
**☯ !karma [user]**
Track karma points for users with leaderboards and statistics. Supports display names and Matrix IDs.
**Features:**
- Give/take karma points from users using display names or Matrix IDs
- Track karma history with timestamps
- View karma leaderboards (top/bottom)
- Rate limiting to prevent spam
- Room-specific karma tracking
**Commands:**
- `!karma <user>` - Show karma for a user
- `!karma++ <user>` - Give +1 karma to a user
- `!karma-- <user>` - Give -1 karma to a user
- `!karma top [n]` - Show top karma entries
- `!karma bottom [n]` - Show bottom karma entries
- `!karma rank <user>` - Show rank of user
- `!karma stats` - Show overall statistics
- `!karma history <user>` - Show recent karma history
**Shortcuts:**
- `!++ <user>` - Same as `!karma++ <user>`
- `!-- <user>` - Same as `!karma-- <user>`
- `<user>++` - Give +1 karma (inline)
- `<user>--` - Give -1 karma (inline)
**Examples:**
```bash
!karma @user:server.com
!karma++ @user:server.com
!karma top 5
!karma bottom 3
!karma rank @user:server.com
!karma stats
!karma history @user:server.com
```
**Notes:**
- You cannot modify your own karma
- There is a 5 second cooldown between votes
- Karma is tracked separately per room
- Display names with emojis are supported
### Dependencies
## Dependencies
- Ensure all environment variables are set correctly
- Check that required services are running (Stable Diffusion API, Ollama, etc.)