VoidCrawler
Project History & Documentation

Directory Reconnaissance System — Versioned history, usage, security notes, and changelog

Project Summary

VoidCrawler is a DaRK-themed, tactical directory intelligence system built for precision, stealth, and control. It recursively scans a base folder, renders a collapsible directory tree, and exposes direct-download links while filtering common web-app clutter.

Philosophy & Use

VoidCrawler is purpose-built as a reconnaissance tool, not a full-featured file manager. It strips noise, surfaces operational files, and presents a minimal, militarized UI ideal for server operations, forensic mapping, and admin dashboards.

  • Recursively map directories with natural sort order.
  • Collapsible folder UI for focused navigation.
  • Top-level "Direct Downloads" console for quick retrieval.
  • Filter out common web-app clutter (.htaccess, .php, .html, .db, .png, etc.).

Key Capabilities

Core
Recursive directory mapping, natural sorting
UI
Collapsible tree, top-level Direct Downloads panel, dark theme
Packaging
Single-file PHP for early versions; standalone Go server for 2.2.x
Intended audience
Server admins, security operators, devs needing fast directory triage

How it works — core idea

VoidCrawler enumerates directory contents with a recursive function, separates directories from allowed files, sorts results using natural ordering, and renders two primary UI blocks:

  1. Directories — left column collapsible tree
  2. Direct Downloads — top-level file console for immediate download

PHP-era core recursive logic (excerpt)

function myScanDir($dir, $level, $rootLen)
{
    global $pathLen;

    if ($handle = opendir($dir)) {
        $allFiles = [];

        while (false !== ($entry = readdir($handle))) {
            if ($entry != "." && $entry != ".." && $entry != ".htaccess") {
                if (is_dir($dir . "/" . $entry)) {
                    $allFiles[] = "D: " . $dir . "/" . $entry;
                } else if (!in_array(strtolower(pathinfo($entry, PATHINFO_EXTENSION)), ['php', 'html', 'db', 'png'])) {
                    $allFiles[] = "F: " . $dir . "/" . $entry;
                }
            }
        }

        closedir($handle);
        natsort($allFiles);

        // ...output folders and files with collapse UI...
    }
}

Installation & Quick Start

PHP versions (1.0 → 2.1.x)

Quick install

  1. Create a folder on your server (example: /var/www/html/voidcrawler).
  2. Drop the VoidCrawler PHP file (eg index.php or voidcrawler.php) into that folder.
  3. Ensure the webserver user can read files: chmod -R 755 /var/www/html/voidcrawler.
  4. Open in browser: https://yourdomain.com/voidcrawler/ (or visit login.php if 2.1.0 secure mode is enabled).

Note: VoidCrawler reads directories only. It performs no writes, no command execution, and makes no remote API calls.

Go versions (2.2.0+)

Starting with 2.2.0 VoidCrawler moved to Go. The application can run as a standalone server in any directory and can serve files from a different local directory when invoked accordingly.

Example usage (binary named vcu):

# scan current directory
./vcu

# scan a specific path
./vcu /home/username/Documents

Warning: scanning very large directories may consume significant CPU and memory.

CLI & drag-and-drop (2.0.1 details)

Early versions support drag-and-drop (browser FileReader + webkitdirectory) for local-only workflows (no server interaction) — ideal for offline repo previews or local inspections. PHP server required for single-file server behavior.

For full functionality in pre-2.2.0 releases, run on Apache/Nginx/IIS with PHP 7.4+ and the fileinfo extension enabled.

Security & Deployment Notes

Important rules

  • Do not expose VoidCrawler on a public route without authentication — it reveals directory structure and file names.
  • Restrict access via server authentication, IP filtering, or VPN when running in production.
  • If using 2.1.0 secured mode, deploy the PHP login files (auth.php, config.php, login.php, logout.php) in a protected environment.
  • Prefer absolute paths to limit scan scope and reduce accidental exposure.

2.1.0 Security additions (PHP)

Version 2.1.0 introduced a secured login system (MySQL-backed authentication) and expanded hidden files/extensions to reduce accidental disclosure.

Hidden files (expanded)
index.html, index.php, 404.html, icon.png, logo.png, 404.png, ogimage.png, favicon.png, favicon.ico
Hidden extensions (expanded)
ini, php, json, db, sh, py, go, log, js, css

LOG OUT button and improved UI styling were added for authenticated sessions.

Changelog (selected)

  • 2.2.1 — File intelligence & directory exploration utility; Go-based cross-platform CLI executable; live search, progress indicators, collapsible trees, theme options.
  • 2.2.0 — Migration from PHP to Go: standalone server binary (vcu) capable of scanning and serving directories from any path. Note: legacy PHP login is not automatically migrated to Go and remains in the pre-2.2.0 stack.
  • 2.1.0 — Secured login system (MySQL + PHP), expanded hidden files/extensions, UI and layout refinements, root-level split into Directories and Direct Downloads.
  • 2.0.1 — Lightweight single-file developer CMS: drag-and-drop optimizations, local FileReader usage for offline repository previewing.
  • 2.0.0 — Themed rewrite and exploded files array added; transition away from clumsy PHP 1.0 script.
  • 1.0 — Original personal-use PHP script (clumsy, functional, "goofy") serving as the genesis of the project.

Operational Suggestions

  • Use root-first ordering to reduce time-to-insight during triage operations.
  • Keep thumbnail previews small (256×256) to avoid memory pressure with large directories.
  • For public-facing deployments prefer the Go server (2.2.x) for a contained binary; pair with reverse proxy and access control.
  • Document packaging recipes for cross-compilation (Go) and single-file distribution (PHP-era single-file recommendations).
  • When mixing PHP login with Go server, ensure the login flow executes under the PHP-enabled server root (VCU in root) or reimplement the auth in Go.

Contact & Licensing

Author: K0NxT3D (Rob Seaverns)

Project: VoidCrawler — Version 2.1.0 onward (notes for 2.2.x migration included)

License (MIT)

Copyright (c) 2025 K0NxT3D

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "VoidCrawler"), to deal
in the VoidCrawler without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the VoidCrawler, and to permit persons to whom the VoidCrawler is furnished
to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the VoidCrawler.