╔══════════════════════════════════════════════╗
   ║                                              ║
   ║    ▄▄▄▄  ▄▄▄▄ ▄   ▄ ▄   ▄  ▄▄▄              ║
   ║    █   █ █    █   █ █   █ █   █             ║
   ║    █   █ █▄▄▄ █   █ █▄▄▄█ █▄▄▄█             ║
   ║    █   █ █     █ █  █   █ █   █             ║
   ║    █▄▄█  █▄▄▄▄  █   █   █ █   █             ║
   ║                                              ║
   ║    Developer  &  Hacking  CLI                ║
   ║                                              ║
   ╚══════════════════════════════════════════════╝

devha — One CLI to Scan Them All 🛡️

Port scanner · Username lookup · Subdomain enum · Directory bruteforce · OSINT crawler · Cipher tools — in one beautiful terminal.

Install · Commands · Examples · Contributing · Ethics

---

🚀 What is devha?

devha (short for Developer & Hacking) is an all-in-one Python CLI that bundles 10 essential security and developer tools into one beautiful, beginner-friendly interface — heavily inspired by classics like Sherlock, Sublist3r, dirsearch, Photon, theHarvester and Scapy.

Instead of installing six different tools and learning six different syntaxes, you get one binary, one syntax, one beautiful Rich-powered output.

$ devha username coolkid42
$ devha portscan scanme.nmap.org
$ devha subdomains example.com
$ devha cipher encode "hello world" --type caesar --key 13

Built for learners, CTF players, and developers who think their terminal should look as good as their IDE.

---

✨ Features

Command	What it does	Inspired by
🔍 portscan	Scan open ports on a host (threaded, fast)	nmap
👤 username	Check if a username exists on 50+ sites	Sherlock
📡 wifi	List nearby WiFi networks (read-only)	iwlist / airport
🔐 cipher	Encode, decode & crack classic ciphers	—
🌐 subdomains	Find subdomains via wordlist + crt.sh + APIs	Sublist3r
📁 dirscan	Discover hidden directories on a website	dirsearch
🕸️ crawl	Crawl a site for emails, links, secrets	Photon
📧 harvest	OSINT: gather emails & names from public sources	theHarvester
🛡️ headers	Audit HTTP security headers + score	securityheaders.com
🏓 ping	Educational ICMP ping at packet level	Scapy

All commands support --json for scripting, --no-banner for clean output, and rich color-coded results out of the box.

---

📦 Installation

🌟 Recommended: pipx (isolated, global)

pipx install devha

Via pip

pip install devha

Via Docker

docker run --rm -it ghcr.io/waldex451/devha:latest --help

From source — globally available (devha command everywhere)

git clone https://github.com/waldex451/devha.git
cd devha

# Install pipx if you don't have it yet:
# macOS:  brew install pipx && pipx ensurepath
# Linux:  pip install pipx && pipx ensurepath
# Windows: pip install pipx

pipx install .   # installs devha globally — type devha anywhere!

From source — only inside this project (virtualenv)

git clone https://github.com/waldex451/devha.git
cd devha
poetry install

poetry run devha --help   # prefix every command with "poetry run"
# OR activate the venv once:
poetry shell              # now just type: devha --help

💡 Tip — want to type devha anywhere in your terminal? Run pipx install . instead of poetry install. pipx installs it globally, isolated from your system Python. macOS: brew install pipx && pipx ensurepath · Linux/Windows: pip install pipx && pipx ensurepath

Requirements: Python 3.10+ · Works on Linux, macOS, Windows · wifi command requires OS-specific tools (iwlist, nmcli, airport, or netsh)

---

⚡ Quick Start

# See all commands
devha --help

# Check if your dream username is taken
devha username your_brand_name

# Scan a legal practice range
devha portscan scanme.nmap.org

# Encrypt a message with ROT13
devha cipher encode "meet me at midnight" --type rot13

# Audit a website's security headers
devha headers https://example.com

---

🛠️ Commands

🔍 portscan — Mini-nmap port scanner

devha portscan <target> [--ports 1-1024] [--threads 100] [--timeout 1.0] [--yes] [--json]

Scans open ports using concurrent sockets with a live progress bar. Uses socket.getservbyport() for service names.

$ devha portscan scanme.nmap.org --ports 1-1000

  Scanning scanme.nmap.org  ports 1-1000  threads 100

  Scanning... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:08

  ╭─ Open ports on scanme.nmap.org ───╮
  │ PORT │ STATUS │ SERVICE           │
  │ 22   │ OPEN   │ ssh               │
  │ 80   │ OPEN   │ http              │
  ╰───────────────────────────────────╯

👤 username — Find usernames across 50+ sites

devha username <name> [--sites github,reddit] [--timeout 5] [--found] [--json]

Checks 55+ platforms in parallel using httpx.AsyncClient. Green = found, Red = not found, Yellow = error/timeout.

$ devha username torvalds

  ╭─ Username: torvalds ──────────────────────────────────────╮
  │ SITE           │ STATUS       │ URL                       │
  │ GitHub         │ ✔  FOUND     │ https://github.com/...   │
  │ Reddit         │ ✘  NOT FOUND │ ...                       │
  ╰───────────────────────────────────────────────────────────╯

  Found on 12 / 55 platform(s).

📡 wifi — List nearby WiFi networks

devha wifi [--json]

Read-only. Detects OS automatically and uses nmcli/iwlist (Linux), airport (macOS), or netsh (Windows). Sorted by signal strength.

⚠️ Does not connect to or crack any networks.

🔐 cipher — Classic ciphers (encode/decode/crack)

devha cipher encode <text> --type [caesar|vigenere|rot13|atbash] --key <key>
devha cipher decode <text> --type ... --key ...
devha cipher crack  <text> --type caesar   # tries all 25 shifts + readability score
devha cipher tui                           # live interactive TUI

Pure Python — no external crypto library needed.

$ devha cipher crack "Uryyb Jbeyq"

  SHIFT │ SCORE │ PLAINTEXT
  13    │ 5.85  │ Hello World  ← best guess

🌐 subdomains — Find subdomains (3 methods combined)

devha subdomains <domain> [--method wordlist|crt|hackertarget|all]

Combines wordlist DNS brute-force, crt.sh Certificate Transparency logs, and the HackerTarget API. Results are deduplicated.

📁 dirscan — Discover hidden paths

devha dirscan <url> [--threads 50] [--extensions php,html] [--rate 10] [--yes]

Sends async HEAD requests to 500+ common paths. Only shows interesting status codes (200, 301, 401, 403…). Rate-limited by default.

⚠️ Always requires ethics confirmation.

🕸️ crawl — Extract emails, links, secrets

devha crawl <url> [--depth 2] [--ignore-robots] [--yes]

Crawls internal links up to the specified depth. Extracts emails, phone numbers, social links, external links, and potential API key patterns from JS files. Respects robots.txt by default.

📧 harvest — OSINT email/subdomain harvester

devha harvest <domain> [--timeout 15]

Collects publicly available emails (DuckDuckGo), subdomains (crt.sh), and employee names (LinkedIn snippets). Public data only — no credentials accessed.

🛡️ headers — Security header audit

devha headers <url> [--json]

Fetches all response headers and audits the presence of 6 critical security headers:

• Content-Security-Policy
• Strict-Transport-Security
• X-Content-Type-Options
• X-Frame-Options
• Referrer-Policy
• Permissions-Policy

Outputs a ★★★★★☆ score with explanations for missing headers.

🏓 ping — Educational packet-level ICMP

sudo devha ping <host> [--count 4] [--show-packet] [--timeout 2]

Uses Scapy to send raw ICMP packets and shows TTL, RTT, and size. --show-packet displays the full packet summary for learning purposes.

⚠️ Requires root/admin on most systems.

---

⚙️ Configuration

devha reads optional defaults from ~/.config/devha/config.toml:

[defaults]
threads = 100
timeout = 5.0
user_agent = "devha/0.1.0"

[colors]
banner  = "cyan"
success = "bright_green"
warning = "yellow"
error   = "bright_red"

You can also use devha --no-banner to hide the ASCII banner for cleaner output in CI/scripting contexts.

---

⚖️ Ethical Use

devha is a learning tool. Use it to understand networks and security — not to break things.

✅ Allowed

• Your own systems and networks
• Legal practice ranges: scanme.nmap.org, HackTheBox, TryHackMe, PicoCTF
• Targets where you have explicit written permission (bug bounties, pentesting contracts)
• Public APIs that openly allow it (GitHub, crt.sh, etc.)

❌ Not allowed

• Scanning, crawling, or harvesting systems you don't own without permission
• Any activity that violates the Computer Fraud and Abuse Act (US), Computer Misuse Act (UK), Wet computercriminaliteit (NL), or your local equivalent

Every active-scan command in devha shows a confirmation prompt before sending traffic. You waive your right to claim ignorance the moment you press y. Don't be that person.

The maintainers are not responsible for misuse. Be smart, be legal, be kind.

---

🤝 Contributing

Contributions are very welcome — especially:

• 🌐 New sites for the username checker (just edit devha/data/sites.json)
• 📝 Better wordlists for subdomains and dirscan
• 🎨 New ciphers (Playfair, Hill, Enigma?)
• 🐛 Bug fixes & test coverage
• 📖 Translations of the README

git clone https://github.com/waldex451/devha.git
cd devha
poetry install
poetry run pytest

See CONTRIBUTING.md for details.

---

🗺️ Roadmap

• devha tui — Textual super-interface combining all commands
• devha update-data — refresh wordlists from SecLists
• Shell completions (bash, zsh, fish, PowerShell)
• More cipher types (Enigma, Playfair, Hill)
• Plugin system for community-contributed commands
• Integration with Have-I-Been-Pwned for username checks

Vote for features in Discussions or open an issue.

---

🙏 Acknowledgements

devha stands on the shoulders of giants:

• 🦸 Sherlock — for proving one CLI can have 60k+ stars
• 🌐 Sublist3r — subdomain enum done right
• 📁 dirsearch — directory discovery
• 🕷️ Photon — fast crawler
• 🌾 theHarvester — OSINT classic
• 📦 Scapy — packet magic in Python
• 🎨 Rich — for making Python terminals beautiful
• ⌨️ Typer — for the cleanest CLI framework around

---

📜 License

MIT © waldex451 — see LICENSE.

---

⭐ If devha saved you a few pip installs, consider giving it a star — it really helps!

Made with 🐍 and a healthy obsession with terminal aesthetics.