Update project configuration and documentation

- Updated .golangci.yml to version 2 and re-enabled gofmt formatter.
- Removed deprecated linter exclusions for test files and added exclusions for gosec.
- Simplified docker-compose.yml by removing the version declaration.
- Enhanced Dockerfile to include the internal directory for better organization.
- Added .gitattributes for line-ending normalization.
- Revised README.md to reflect the new project structure and features.
- Updated documentation to clarify the use of the -attempts flag for DNS resolution.
- Improved CODE_OF_CONDUCT.md with detailed community guidelines.
- Adjusted CONTRIBUTING.md to link to the Code of Conduct.
- Enhanced DEVELOPER_GUIDE.md with a comprehensive project structure overview.

Author: TMHSDigital

.golangci.yml

@@ -1,3 +1,5 @@
+version: "2"
+
 run:
   timeout: 5m
 
@@ -6,8 +8,6 @@ linters:
     - errcheck
     - govet
     - staticcheck
-    - gofmt
-    - deadcode
     - gosec
     - gocritic
     - misspell
@@ -24,10 +24,13 @@ linters:
         - fmt.Fprintln
         - fmt.Fprintf
         - fmt.Println
+  exclusions:
+    rules:
+      # Test files are allowed to use gosec-flagged patterns
+      - path: _test\.go
+        linters:
+          - gosec
 
-issues:
-  exclude-rules:
-    # Test files are allowed to use gosec-flagged patterns
-    - path: _test\.go
-      linters:
-        - gosec
+formatters:
+  enable:
+    - gofmt

Dockerfile

@@ -8,6 +8,7 @@ COPY go.mod ./
 # Copy source code
 COPY main.go ./
 COPY main_test.go ./
+COPY internal/ ./internal/
 
 # Build the binary with optimizations
 RUN CGO_ENABLED=0 GOOS=linux go build -o subenum -ldflags="-w -s" .

README.md

@@ -252,6 +252,7 @@ subenum/
 ├── Dockerfile                  # Multi-stage Alpine build
 ├── docker-compose.yml          # Compose orchestration
 ├── Makefile                    # Build, test, lint, simulate, Docker targets
+├── .gitattributes              # Line-ending normalization rules
 ├── .golangci.yml               # Linter configuration (golangci-lint v2)
 ├── CHANGELOG.md                # Versioned release history
 ├── SECURITY.md                 # Vulnerability disclosure policy

docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 services:
   subenum:
     build: .

docs/ARCHITECTURE.md

@@ -73,7 +73,7 @@ internal/wordlist/reader.go — LoadWordlist (dedup + sanitize)
             *   `d.DialContext(ctx, "udp", dnsServer)`: Establishes a UDP connection to the configured DNS server.
     *   `resolver.LookupHost(timeoutCtx, domain)`: Performs the DNS lookup for the given domain. The context is derived from the caller via `context.WithTimeout(ctx, timeout)`, so both the per-query timeout and SIGINT cancellation are respected. It attempts to find A or AAAA records for the host.
     *   The function returns `true` if `LookupHost` returns no error (i.e., the domain resolved), and `false` otherwise.
-*   **Interactions**: Workers call `resolveDomainWithRetry`, which delegates to `resolveDomain` with retry logic. It takes a fully qualified domain name, timeout duration, DNS server address, verbose flag, and retry count as input. It outputs a boolean indicating whether the domain resolved successfully. The result is used to decide if the domain should be printed to the console and/or written to the output file.
+*   **Interactions**: Workers call `dns.ResolveDomainWithRetry`, which delegates to `dns.ResolveDomain` with retry logic. It takes a fully qualified domain name, timeout duration, DNS server address, verbose flag, and retry count as input. It outputs a boolean indicating whether the domain resolved successfully. The result is used to decide if the domain should be printed to the console and/or written to the output file.
 
 ### 2.4. Concurrency Management (Worker Pool)
 
@@ -85,7 +85,7 @@ internal/wordlist/reader.go — LoadWordlist (dedup + sanitize)
         *   `wg.Add(1)`: Increments the `WaitGroup` counter for each worker started.
         *   `go func() { ... }()`: Each worker runs in its own goroutine.
         *   `defer wg.Done()`: Decrements the `WaitGroup` counter when the goroutine exits.
-        *   `for subdomainPrefix := range subdomains { ... }`: Each worker continuously reads subdomain prefixes from the `subdomains` channel until the channel is closed. For each prefix, it constructs the full domain and calls `resolveDomain()`.
+        *   `for subdomainPrefix := range subdomains { ... }`: Each worker continuously reads subdomain prefixes from the `subdomains` channel until the channel is closed. For each prefix, it constructs the full domain and calls `dns.ResolveDomainWithRetry()`.
     *   **Closing the Channel (`close(subdomains)`)**: After all subdomain prefixes from the wordlist have been sent to the `subdomains` channel, the channel is closed. This signals to the worker goroutines that no more work will be added.
     *   **Waiting for Completion (`wg.Wait()`)**: The main goroutine blocks until all worker goroutines have called `wg.Done()`, ensuring all lookups are finished.
 *   **Interactions**: This component orchestrates the parallel execution of DNS lookups. It receives subdomain prefixes from the Wordlist Processing component (via the `subdomains` channel) and utilizes the DNS Resolution Engine within each worker goroutine. The number of workers is controlled by the Argument Parsing component.
@@ -131,12 +131,12 @@ The flow of data through the `subenum` application can be summarized as follows:
 5.  **Work Distribution**: The `subdomains` channel acts as a queue for the **Concurrency Management (Worker Pool)** component.
     *   Worker goroutines (number determined by the `-t` flag) pick up these prefixes from the channel.
 6.  **Subdomain Construction**: Each worker goroutine takes a `subdomainPrefix` and concatenates it with the `targetDomain` (e.g., `subdomainPrefix + "." + targetDomain`) to form a `fullDomain` string.
-7.  **DNS Lookup**: The `fullDomain` string, the `timeout` value, and the DNS server are passed to the `resolveDomain` function within the **DNS Resolution Engine**.
-    *   The `resolveDomain` function attempts to resolve the `fullDomain`.
+7.  **DNS Lookup**: The `fullDomain` string, the `timeout` value, and the DNS server are passed to `dns.ResolveDomainWithRetry` within the **DNS Resolution Engine**.
+    *   `dns.ResolveDomain` attempts to resolve the `fullDomain`.
     *   It returns `true` if the domain resolves successfully, `false` otherwise.
     *   If verbose mode is enabled, it also prints detailed information about the resolution attempt.
 8.  **Output Generation**: 
-    *   If `resolveDomain` returns `true`, the worker goroutine uses the **Output Formatting** component to print the `fullDomain` to the standard output.
+    *   If the resolution returns `true`, the worker goroutine uses the **Output Formatting** component to print the `fullDomain` to the standard output.
     *   The atomic counter for found subdomains is incremented.
 9.  **Progress Tracking**: After each DNS lookup:
     *   The atomic counter for processed entries is incremented.

docs/CODE_OF_CONDUCT.md

@@ -1,12 +1,28 @@
-# Code of Conduct
+---
+layout: default
+title: Code of Conduct
+---
 
-*(A standard Code of Conduct, like the Contributor Covenant, will be added here.)*
+# Contributor Covenant Code of Conduct
 
-Our Pledge
+## Our Pledge
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone.
 
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation. 
+## Our Standards
+Examples of behavior that contributes to a positive environment:
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+
+Examples of unacceptable behavior:
+- Harassment, trolling, or insulting comments
+- Public or private harassment
+- Publishing others' private information without permission
+- Other conduct which could reasonably be considered inappropriate
+
+## Enforcement
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening a [Security Advisory](https://github.com/TMHSDigital/subenum/security/advisories/new) or contacting the maintainers privately.
+
+## Attribution
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.

docs/CONTRIBUTING.md

@@ -7,7 +7,7 @@ title: Contributing
 
 We welcome contributions! Please read this guide to understand how you can contribute.
 
-*Refer to `CODE_OF_CONDUCT.md`.*
+See the [Code of Conduct](CODE_OF_CONDUCT.html).
 
 ## Development Environment Setup
 
@@ -23,7 +23,7 @@ We welcome contributions! Please read this guide to understand how you can contr
 1. **Fork the repository** on GitHub
 2. **Clone your fork**:
    ```bash
-   git clone https://github.com/TMHSDigital/subenum.git
+   git clone https://github.com/YOUR-USERNAME/subenum.git
    cd subenum
    ```
 3. **Set up the upstream remote**:

docs/DEVELOPER_GUIDE.md

@@ -54,43 +54,62 @@ To work with `subenum`, you'll need:
 
 ```
 subenum/
-├── main.go                 # Main application code
-├── main_test.go            # Test suite
-├── go.mod                  # Go module definition
-├── Makefile                # Build, test, lint, Docker targets
-├── Dockerfile              # Multi-stage Docker build
-├── docker-compose.yml      # Docker Compose config
-├── .golangci.yml           # Linter configuration
-├── README.md               # Project overview
-├── LICENSE                 # License information
-├── SECURITY.md             # Security policy and disclosure
 ├── .github/
 │   ├── workflows/
-│   │   ├── go.yml          # CI: build, test, lint, release
-│   │   ├── pages.yml       # GitHub Pages deployment
-│   │   └── codeql.yml      # CodeQL security scanning
-│   ├── dependabot.yml      # Automated dependency updates
-│   ├── PULL_REQUEST_TEMPLATE.md
-│   └── ISSUE_TEMPLATE/     # Bug report & feature request templates
-├── docs/                   # Documentation (served via GitHub Pages)
-│   ├── _config.yml         # Jekyll site configuration
-│   ├── index.md            # Site home page
-│   ├── ARCHITECTURE.md     # Architectural details
-│   ├── DEVELOPER_GUIDE.md  # This file
-│   ├── CODE_OF_CONDUCT.md  # Community guidelines
-│   ├── CONTRIBUTING.md     # Contribution guidelines
-│   └── docker.md           # Docker usage guide
+│   │   ├── go.yml              # CI: build, test, lint, release
+│   │   ├── codeql.yml          # Weekly CodeQL security analysis
+│   │   └── pages.yml           # GitHub Pages deployment
+│   ├── ISSUE_TEMPLATE/
+│   │   ├── bug_report.md       # Structured bug report form
+│   │   └── feature_request.md  # Feature proposal template
+│   ├── CODE_OF_CONDUCT.md      # Contributor Covenant v2.1
+│   ├── CONTRIBUTING.md         # Points to docs/CONTRIBUTING.md
+│   ├── dependabot.yml          # Automated dependency updates
+│   └── PULL_REQUEST_TEMPLATE.md
 ├── data/
-│   └── wordlist.txt        # Default wordlist
-├── examples/               # Example files and usage demos
-│   ├── sample_wordlist.txt # Sample subdomain prefixes
-│   ├── sample_domains.txt  # Sample domain list
-│   └── advanced_usage.md   # Advanced usage examples
+│   └── wordlist.txt            # Default wordlist for Docker/Make
+├── docs/
+│   ├── ARCHITECTURE.md         # Internals: worker pool, context, output
+│   ├── CODE_OF_CONDUCT.md      # Community guidelines (Jekyll page)
+│   ├── CONTRIBUTING.md         # PR workflow, testing, ethical guidelines
+│   ├── DEVELOPER_GUIDE.md      # This file
+│   ├── DOCUMENTATION_STRUCTURE.md
+│   ├── docker.md               # Container setup and volume mounting
+│   ├── _config.yml             # Jekyll config for GitHub Pages
+│   └── index.md                # GitHub Pages landing page
+├── examples/
+│   ├── sample_wordlist.txt     # 50-entry starter wordlist
+│   ├── sample_domains.txt      # Sample domain list
+│   ├── advanced_usage.md       # Scripting and integration patterns
+│   ├── demo.sh                 # Quick demo script
+│   └── multi_domain_scan.sh    # Batch scanning example
+├── internal/
+│   ├── dns/
+│   │   ├── resolver.go         # ResolveDomain, ResolveDomainWithRetry, CheckWildcard
+│   │   ├── resolver_test.go    # DNS resolution and wildcard detection tests
+│   │   ├── simulate.go         # SimulateResolution (synthetic DNS)
+│   │   └── simulate_test.go    # Simulation logic tests
+│   ├── output/
+│   │   ├── writer.go           # Thread-safe output (results→stdout, rest→stderr)
+│   │   └── writer_test.go      # Output writer tests
+│   └── wordlist/
+│       ├── reader.go           # LoadWordlist (dedup + sanitize)
+│       └── reader_test.go      # Wordlist loading and dedup tests
 ├── tools/
-│   ├── wordlist-gen.go     # Wordlist generator utility
-│   └── README.md           # Wordlist generator docs
-└── logs/
-    └── CHANGELOG.md        # Project change history
+│   ├── wordlist-gen.go         # Custom wordlist generator utility
+│   └── README.md               # Wordlist generator docs
+├── .gitattributes              # Line-ending normalization rules
+├── .golangci.yml               # Linter configuration (golangci-lint v2)
+├── main.go                     # CLI entry point: flag parsing, wiring
+├── main_test.go                # CLI-level tests: validation, flag logic
+├── go.mod                      # Go module (zero external dependencies)
+├── Dockerfile                  # Multi-stage Alpine build
+├── docker-compose.yml          # Compose orchestration
+├── Makefile                    # Build, test, lint, simulate, Docker targets
+├── CHANGELOG.md                # Versioned release history
+├── README.md                   # Project overview
+├── SECURITY.md                 # Vulnerability disclosure policy
+└── LICENSE                     # GNU General Public License v3.0
 ```
 
 ## Running Tests
@@ -112,12 +131,14 @@ go test -v -short ./...
 When adding new features or modifying existing ones, please ensure you add appropriate tests. Here's a basic structure for tests:
 
 ```go
-package main
+package dns_test
 
 import (
     "context"
     "testing"
     "time"
+
+    "github.com/TMHSDigital/subenum/internal/dns"
 )
 
 func TestResolveDomain(t *testing.T) {
@@ -143,7 +164,7 @@ func TestResolveDomain(t *testing.T) {
 
     for _, tc := range testCases {
         t.Run(tc.name, func(t *testing.T) {
-            result := resolveDomain(context.Background(), tc.domain, tc.timeout, DefaultDNSServer, false)
+            result := dns.ResolveDomain(context.Background(), tc.domain, tc.timeout, "8.8.8.8:53", false)
             if result != tc.expected {
                 t.Errorf("Expected %v for domain %s, got %v", tc.expected, tc.domain, result)
             }
@@ -221,7 +242,6 @@ Areas for potential enhancement include:
 *   **Output Formats**: Supporting different output formats (JSON, CSV) in addition to the current plain text output file (`-o`).
 *   **Result Filtering**: Allowing users to filter results based on DNS record types.
 *   **Recursive Enumeration**: Adding support for recursive subdomain enumeration (e.g., finding subdomains of discovered subdomains).
-*   **Wildcard Detection**: Detecting wildcard DNS records that resolve all subdomains.
 *   **Rate Limiting**: Adding configurable rate limiting for DNS queries to avoid triggering abuse detection.
 
 When working on new features, please update the documentation accordingly and add tests to cover the new functionality. 

docs/docker.md

@@ -84,14 +84,14 @@ docker run --rm -v $(pwd)/data:/data subenum \
   example.com
 ```
 
-### Using Retries for Unreliable Networks
+### Using Multiple Attempts for Unreliable Networks
 
-The `-retries` flag re-attempts failed DNS lookups before marking a subdomain as unresolved:
+The `-attempts` flag sets the total DNS resolution attempts per subdomain:
 
 ```bash
 docker run --rm -v $(pwd)/data:/data subenum \
   -w /data/wordlist.txt \
-  -retries 3 \
+  -attempts 3 \
   -timeout 2000 \
   example.com
 ```

docs/index.md

@@ -12,10 +12,13 @@ A Go-based CLI tool for subdomain enumeration designed for educational purposes
 - Fast, concurrent DNS lookup of subdomains using customizable wordlists
 - Configurable concurrency level and timeout settings
 - Support for custom DNS servers with proper validation
+- Wildcard DNS detection with double-probe confirmation; continue with `-force`
+- Wordlist deduplication and sanitization on load
+- Clean stdout/stderr separation (results to stdout, progress/verbose to stderr)
+- Configurable resolution attempts per subdomain (`-attempts`)
 - Verbose mode for detailed output
 - Real-time progress tracking
 - Output to file with `-o` flag
-- DNS retry mechanism for transient failure resilience
 - Graceful shutdown on Ctrl+C (SIGINT/SIGTERM)
 - Simulation mode for safe testing without network access
 - Domain and DNS server input validation