Batch URL processing, stdin support

.github/workflows/release.yml

@@ -0,0 +1,50 @@
+name: Release
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - goos: linux
+            goarch: amd64
+          - goos: darwin
+            goarch: amd64
+          - goos: darwin
+            goarch: arm64
+          - goos: windows
+            goarch: amd64
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+
+      - name: Build binary
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+          CGO_ENABLED: 0
+        run: |
+          ext=""
+          if [ "${{ matrix.goos }}" = "windows" ]; then ext=".exe"; fi
+          go build -o "sourcemapper${ext}"
+          mv "sourcemapper${ext}" "sourcemapper-${{ matrix.goos }}-${{ matrix.goarch }}${ext}"
+
+      - name: Upload release asset
+        uses: softprops/action-gh-release@v2.0.8
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          files: sourcemapper-${{ matrix.goos }}-${{ matrix.goarch }}*

README.md

@@ -9,13 +9,13 @@ An article explaining its purpose is available here: [https://pulsesecurity.co.n
 If you have a recent version of Go installed:
 
 ```bash
-go install github.com/denandz/sourcemapper@latest
+go install github.com/IgorDuino/sourcemapper@latest
 ```
 
 Otherwise you can clone and build:
 
 ```bash
-git clone https://github.com/denandz/sourcemapper
+git clone https://github.com/IgorDuino/sourcemapper
 cd sourcemapper
 go get
 go build
@@ -32,20 +32,24 @@ pacman -S sourcemapper
 ```text
 :~$ ./sourcemapper
 Usage of ./sourcemapper:
+  -file string
+    	File containing URLs (one per line) - cannot be used with url, jsurl, or stdin
   -header value
     	A header to send with the request, similar to curl's -H. Can be set multiple times, EG: "./sourcemapper --header "Cookie: session=bar" --header "Authorization: blerp"
   -help
     	Show help
   -insecure
     	Ignore invalid TLS certificates
   -jsurl string
-    	URL to JavaScript file - cannot be used with url
+    	URL to JavaScript file - cannot be used with url, file, or stdin
   -output string
     	Source file output directory - REQUIRED
   -proxy string
     	Proxy URL
+  -stdin
+    	Read URLs from stdin (one per line) - cannot be used with url, jsurl, or file
   -url string
-    	URL or path to the Sourcemap file - cannot be used with jsurl
+    	URL or path to the Sourcemap file - cannot be used with jsurl, file, or stdin
 ```
 
 ## Extracting SourceMaps from .map URLs or local files
@@ -102,3 +106,53 @@ $ ./sourcemapper -output test -jsurl http://localhost:8080/main.js
 ```
 
 **Note: sourcemapper will retrieve any URL referenced as a sourcemap, so a malicious JavaScript file parsed with sourcemapper can force sourcemapper to make a GET request to any URL**
+
+## Processing Multiple URLs from a File
+
+The `-file` flag allows you to process multiple URLs at once by providing a file containing URLs (one per line). This is useful for batch processing multiple sourcemaps or JavaScript files.
+
+```text
+$ cat urls.txt
+# Lines starting with # are treated as comments
+https://example.com/app.js
+https://example.com/bundle.js.map
+https://example.com/vendor.js
+
+$ ./sourcemapper -file urls.txt -output ./sources
+[+] Processing 3 URLs from file urls.txt
+[+] Processing URL 1/3: https://example.com/app.js
+[+] Retrieving JavaScript from URL: https://example.com/app.js.
+...
+[+] Processing URL 2/3: https://example.com/bundle.js.map
+[+] Retrieving Sourcemap from https://example.com/bundle.js.map...
+...
+[+] Done
+```
+
+Empty lines and lines starting with `#` are ignored, allowing you to add comments and organize your URL lists.
+
+## Reading URLs from stdin (httpx integration)
+
+The `-stdin` flag allows you to pipe URLs directly into sourcemapper, making it easy to integrate with tools like [httpx](https://github.com/projectdiscovery/httpx). This is particularly useful when you want to process URLs discovered by other tools.
+
+```text
+$ cat urls.txt | ./sourcemapper -stdin -output ./sources
+[+] Processing 3 URLs from stdin
+[+] Processing URL 1/3: https://example.com/app.js
+...
+[+] Done
+```
+
+Example with httpx to discover and process JavaScript files:
+
+```text
+$ cat domains.txt | httpx -mc 200 -path /app.js | ./sourcemapper -stdin -output ./sources
+```
+
+Or to find and process all .js.map files:
+
+```text
+$ echo "https://example.com" | httpx -mc 200 -tech-detect | grep -i "\.js\.map" | ./sourcemapper -stdin -output ./sources
+```
+
+**Note: sourcemapper will retrieve any URL referenced as a sourcemap, so a malicious JavaScript file parsed with sourcemapper can force sourcemapper to make a GET request to any URL**

go.mod

@@ -1,3 +1,3 @@
-module github.com/denandz/sourcemapper
+module github.com/IgorDuino/sourcemapper
 
-go 1.16
+go 1.22