feat: add breachforum search command with api client integration

3 files changed, 72 insertions, 0 deletions

diff --git a/cmd/osint.go b/cmd/osint.go
index 13c3c6e..49b94ab 100644
--- a/cmd/osint.go
+++ b/cmd/osint.go
@@ -32,10 +32,19 @@ var osintBSSIDCmd = &cobra.Command{
 	RunE:  runOsintBSSIDLookup,
 }
 
+var osintBreachForumCmd = &cobra.Command{
+	Use:   "breachforum [search]",
+	Short: "Search BreachForum data",
+	Long:  `Search breachdetect index for BreachForum messages and detections`,
+	Args:  cobra.ExactArgs(1),
+	RunE:  runOsintBreachForumSearch,
+}
+
 func init() {
 	rootCmd.AddCommand(osintCmd)
 	osintCmd.AddCommand(osintUsernameCmd)
 	osintCmd.AddCommand(osintBSSIDCmd)
+	osintCmd.AddCommand(osintBreachForumCmd)
 
 	osintUsernameCmd.Flags().StringSliceP("sites", "s", []string{}, "Specific sites to check (comma-separated)")
 	osintUsernameCmd.Flags().BoolP("fuzzy", "f", false, "Enable fuzzy validation mode")
@@ -44,6 +53,8 @@ func init() {
 	osintBSSIDCmd.Flags().BoolP("all", "a", false, "Show all related results instead of exact match only")
 	osintBSSIDCmd.Flags().BoolP("google", "g", false, "Include Google Maps URL for the location")
 	osintBSSIDCmd.Flags().BoolP("osm", "o", false, "Include OpenStreetMap URL for the location")
+
+	osintBreachForumCmd.Flags().IntP("max_hits", "m", 10, "Maximum number of hits to return")
 }
 
 func runOsintUsernameCheck(cmd *cobra.Command, args []string) error {
@@ -103,3 +114,31 @@ func runOsintBSSIDLookup(cmd *cobra.Command, args []string) error {
 	fmt.Println(string(output))
 	return nil
 }
+
+func runOsintBreachForumSearch(cmd *cobra.Command, args []string) error {
+	apiKey, _ := cmd.Flags().GetString("api-key")
+	cfg := config.New().WithAPIKey(apiKey)
+
+	c, err := client.New(cfg)
+	if err != nil {
+		return err
+	}
+
+	params := &models.BreachForumSearchParams{
+		Search: args[0],
+	}
+	params.MaxHits, _ = cmd.Flags().GetInt("max_hits")
+
+	response, err := c.SearchBreachForum(params)
+	if err != nil {
+		return err
+	}
+
+	output, err := json.MarshalIndent(response, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to format response: %w", err)
+	}
+
+	fmt.Println(string(output))
+	return nil
+}
diff --git a/internal/client/osint.go b/internal/client/osint.go
index 98f42f3..20f53ce 100644
--- a/internal/client/osint.go
+++ b/internal/client/osint.go
@@ -33,3 +33,25 @@ func (c *Client) LookupBSSID(params *models.BSSIDParams) (*models.BSSIDLookupRes
 
 	return &response, nil
 }
+
+func (c *Client) SearchBreachForum(params *models.BreachForumSearchParams) (*models.BreachForumSearchResponse, error) {
+	path := "/osint/breachforum/search"
+
+	queryParams := url.Values{}
+	queryParams.Add("search", params.Search)
+	if params.MaxHits > 0 {
+		queryParams.Add("max_hits", fmt.Sprintf("%d", params.MaxHits))
+	}
+
+	data, err := c.Get(path, queryParams)
+	if err != nil {
+		return nil, err
+	}
+
+	var response models.BreachForumSearchResponse
+	if err := json.Unmarshal(data, &response); err != nil {
+		return nil, fmt.Errorf("failed to parse BreachForum search response: %w", err)
+	}
+
+	return &response, nil
+}
diff --git a/internal/models/osint.go b/internal/models/osint.go
index d403d57..6096df8 100644
--- a/internal/models/osint.go
+++ b/internal/models/osint.go
@@ -25,3 +25,14 @@ type BSSIDLookupResponse []BSSIDResult
 type ErrorResponse struct {
 	Error string `json:"error"`
 }
+
+type BreachForumSearchParams struct {
+	Search  string
+	MaxHits int
+}
+
+type BreachForumSearchResponse struct {
+	Query   string      `json:"query"`
+	MaxHits int         `json:"max_hits"`
+	Results interface{} `json:"results"`
+}