discovery

package
v0.0.0-...-6b9cc00 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultConcurrency = 10
	DefaultTimeout     = 45
	DefaultMethod      = "GET"
	DefaultUserAgent   = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"
)

Variables

View Source 
var AWSMetadata = CloudProvider{
	Name: "AWS",
	Paths: []string{
		"latest/meta-data/",
		"latest/meta-data/iam/security-credentials/",
		"latest/user-data",
		"latest/dynamic/instance-identity/document",
		"latest/meta-data/iam/info",
		"latest/meta-data/public-keys/",
		"latest/meta-data/public-hostname",
		"latest/meta-data/public-ipv4",
	},
	Headers: map[string]string{
		"X-aws-ec2-metadata-token-ttl-seconds": "21600",
		"X-aws-ec2-metadata-token":             "true",
	},
}
View Source 
var ActuatorPaths = []string{
	"actuator",
	"actuator/env",
	"actuator/health",
	"actuator/beans",
	"actuator/conditions",
	"actuator/configprops",
	"actuator/env",
	"actuator/flyway",
	"actuator/httptrace",
	"actuator/integrationgraph",
	"actuator/liquibase",
	"actuator/loggers",
	"actuator/metrics",
	"actuator/mappings",
	"actuator/scheduledtasks",
	"actuator/sessions",
	"actuator/shutdown",
	"actuator/threaddump",
	"actuator/heapdump",
	"manage",
	"manage/env",
	"manage/health",
	"manage/beans",
}
View Source 
var AdminPaths = []string{
	"admin", "administrator", "admin.php", "controlpanel", "dashboard",
	"manage", "wp-admin", "cpanel", "auth/admin", "secure/admin",
	"backend", "system/console", "admin-console",
}
View Source 
var AspNetTracePaths = []string{
	"trace.axd",
}
View Source 
var Axis2Paths = []string{

	"axis2-admin/",
	"axis2/axis2-admin/",
	"axis2-web/",
	"axis2/",

	"axis2/services/",
	"axis2/services/listServices",
	"services/ListServices",
	"axis2-web/services/listServices",
	"axis2/axis2-web/services/listServices",

	"axis2-web/HappyAxis.jsp",
	"axis2/axis2-web/HappyAxis.jsp",
	"axis2-web/index.jsp",
	"axis2/axis2-web/index.jsp",

	"axis2-admin/listService",
	"axis2-admin/listFaultyServices",
	"axis2-admin/engagingglobally",
	"axis2-admin/selectService",

	"services/?wsdl",
	"axis2?wsdl",
	"axis2/services/?wsdl",
}
View Source 
var AzureMetadata = CloudProvider{
	Name: "Azure",
	Paths: []string{
		"metadata/instance/",
		"metadata/instance/compute",
		"metadata/instance/network",
	},
	Headers: map[string]string{
		"Metadata":          "true",
		"X-IDENTITY-HEADER": "true",
	},
}
View Source 
var CICDBuildFilePaths = []string{
	".travis.yml",
	"circle.yml",
	"Jenkinsfile",
	".gitlab-ci.yml",
	"buildspec.yml",
	"build.gradle",
	"pom.xml",
	"Makefile",
	"docker-compose.yml",
	"docker-compose.override.yml",
	"Dockerfile",
	"cloudbuild.yaml",
	"azure-pipelines.yml",
	"bitbucket-pipelines.yml",
	"appveyor.yml",
	"terraform.tf",
	"terraform.tfvars",
	"kustomization.yaml",
	"teamcity.yml",
	"wercker.yml",
	".github/workflows/",
	"build.xml",
	"gruntfile.js",
	"gulpfile.js",
	"ecosystem.config.js",
	"compose.yaml",
	"docker-compose.ci.yml",
	"helm/values.yaml",
	"skaffold.yaml",
	"ansible.cfg",
	"inventory",
	"packer.json",
	"vars.tf",
}
View Source 
var ConfigFilePaths = []string{
	".env",
	"config.php",
	"settings.php",
	"config.yaml",
	"application.yml",
	"appsettings.json",
	"web.config",
	"config.json",
	"database.yml",
	"local.settings.json",
	"secrets.json",
	"parameters.yml",
	"private.key",
	"jwt.key",
	"deploy.rsa",
	"deployment.yaml",
	"kubeconfig",
	"docker-compose.yml",
	"nginx.conf",
	"httpd.conf",
}
View Source 
var DBManagementPaths = []string{

	"phpmyadmin/",
	"pma/",
	"myadmin/",
	"mysql/",
	"phpMyAdmin/",
	"MySQLAdmin/",
	"phpMyAdmin-latest/",
	"phpmyadmin4/",
	"sql/",
	"db/",
	"database/",

	"pgadmin/",
	"pgadmin4/",
	"pgsql/",
	"postgres/",
	"postgresql/",
	"phppgadmin/",

	"mongo-express/",
	"mongodb/",
	"mongo/",
	"mongoadmin/",

	"adminer/",
	"adminer.php",
	"adminer-4.8.1.php",
	"adminer-4.php",
	"db-admin/",

	"sqlite/",
	"sqlitemanager/",
	"sqlite-browser/",
	"sqlitebrowser/",

	"redis-commander/",
	"phpredisadmin/",
	"redis-admin/",
	"redisadmin/",
	"redis/",

	"elasticsearch/",
	"elastic/",
	"kibana/",
	"_cat/indices",
	"_cluster/health",

	"dbadmin/",
	"admin/db/",
	"database-admin/",
	"db-manager/",
}
View Source 
var DockerAPIPaths = []string{

	"_ping",
	"version",
	"info",
	"events",
	"system/info",
	"system/df",
	"containers/json",
	"images/json",
	"volumes",
	"networks",
	"services",
	"tasks",
	"swarm",
	"plugins",
	"nodes",

	"auth",
	"build",
	"configs",
	"secrets",

	"v1.41/info",
	"v1.24/info",

	"docker.sock",
	".dockerenv",

	"v2/_catalog",
	"v2/tags/list",
}

DockerAPIPaths contains core Docker API endpoints and a few version-specific paths

View Source 
var ElmahPaths = []string{
	"elmah.axd",
}
View Source 
var EnvFilePaths = []string{
	".env",
	".env.local",
	".env.backup",
	".env.dev",
	".env.development",
	".env.prod",
	".env.production",
	".env.example",
}
View Source 
var GCPMetadata = CloudProvider{
	Name: "GCP",
	Paths: []string{
		"computeMetadata/v1/",
		"computeMetadata/v1/instance/service-accounts/default/token",
		"metadata.google.internal/computeMetadata/v1/",
		"metadata/instance/service-accounts/default/token",
	},
	Headers: map[string]string{
		"Metadata-Flavor": "Google",
	},
}
View Source 
var GraphQLPaths = []string{

	"graphql",
	"api/graphql",
	"query",
	"api/query",
	"v1/graphql",
	"v2/graphql",
	"graphql/v1",
	"graphql/v2",
	"api/v1/graphql",
	"api/v2/graphql",
	"gql",
	"api/gql",

	"graphiql",
	"playground",
	"explore",
	"graphql-playground",
	"graphql/playground",
	"api/graphql/playground",
	"graphql/explorer",
	"graphql-explorer",
	"graphql/console",
	"api/graphql/console",

	"graphql/api",
	"graphql/schema",
	"schema",
	"api/schema",
	"graphql.php",
	"graphql.json",
	"graph",

	"wp/graphql",
	"wp-json/graphql",
	"wp-json/wp/v2/graphql",

	"_graphql",
	".graphql",
	"graphql-api",
	"api-graphql",
	"graphqlapi",
	"apigraphql",
}
View Source 
var JBossConsolePaths = []string{
	"jmx-console/HtmlAdaptor",
	"web-console/ServerInfo.jsp",
	"admin-console",
	"web-console",
	"jmx-console",
}
View Source 
var JBossInvokerPaths = []string{
	"invoker/JMXInvokerServlet",
	"invoker/EJBInvokerServlet",
	"web-console/Invoker",
	"invoker/readonly",
}
View Source 
var JBossStatusPaths = []string{
	"status",
	"status?full=true",
	"web-console/status",
	"jboss-status",
	"server-status",
	"system/status",
}
View Source 
var JMXHttpPaths = []string{

	"jolokia",
	"jolokia/",
	"api/jolokia",
	"monitoring/jolokia",
	"actuator/jolokia",
	"management/jolokia",
	"jolokia/list",
	"jolokia/version",
	"jolokia/search/*",

	"actuator/jmx",
	"management/jmx",

	"manager/jmxproxy",
	"manager/status/all",

	"jmx-console/HtmlAdaptor",
	"web-console/Invoker/JMX",
	"system/console/jmx",
	"admin/jmx",
}
View Source 
var KubernetesPaths = []string{
	"api/v1/pods",
	"api/v1/nodes",
	"api/v1/namespaces",
	"api/v1/services",
	"api/v1/secrets",
	"api/v1/configmaps",
	"api/v1/componentstatuses",
	"api/v1/persistentvolumes",
	"api/v1/persistentvolumeclaims",
	"api/v1/serviceaccounts",
	"apis/apps/v1/deployments",
	"apis/apps/v1/daemonsets",
	"apis/apps/v1/statefulsets",
	"apis/batch/v1/jobs",
	"apis/batch/v1/cronjobs",
	"apis/networking.k8s.io/v1/ingresses",
	"apis/rbac.authorization.k8s.io/v1/roles",
	"apis/rbac.authorization.k8s.io/v1/clusterroles",
	"apis/rbac.authorization.k8s.io/v1/rolebindings",
	"apis/storage.k8s.io/v1/storageclasses",
	"apis/certificates.k8s.io/v1/certificatesigningrequests",
	"apis/authentication.k8s.io/v1/tokenreviews",
	"apis/authorization.k8s.io/v1/subjectaccessreviews",
	"apis/autoscaling/v2/horizontalpodautoscalers",
	"kube-system/pods",
	"kube-public/configmaps",
}
View Source 
var LogFilesPaths = []string{

	"logs/",
	"log/",
	"error.log",
	"errors.log",
	"debug.log",
	"access.log",
	"access_log",
	"server.log",
	"app.log",
	"application.log",
	"audit.log",

	"wp-content/debug.log",
	"laravel.log",
	"storage/logs/laravel.log",
	"var/log/",
	"var/logs/",
	"logger.php",

	"npm-debug.log",
	"yarn-debug.log",
	"yarn-error.log",
	"php_error.log",
	"php-errors.log",

	"apache/logs/",
	"apache2/logs/",
	"nginx/logs/",
	".pm2/logs/",
	"supervisor/logs/",

	"tomcat/logs/",
	"catalina.out",
	"jboss/server/log/",
	"weblogic/logs/",
}
View Source 
var OAuthPaths = []string{

	".well-known/oauth-authorization-server",
	".well-known/openid-configuration",
	".well-known/jwks.json",

	"oauth/authorize",
	"oauth/token",
	"oauth2/authorize",
	"oauth2/token",

	"connect/authorize",
	"connect/token",

	"auth/realms",

	"oauth/v2/authorize",
	"oauth/v2/token",
	"v1/oauth2/authorize",
	"v1/oauth2/token",

	"oauth/.well-known/openid-configuration",
	"auth/.well-known/openid-configuration",
	"identity/.well-known/openid-configuration",

	"oauth/discovery/keys",
	"oauth/jwks.json",

	"realms/protocol/openid-connect",
	"oidc/.well-known/openid-configuration",
	"oidc/authorize",
	"oidc/token",

	"tenant/oauth2/authorize",
	"tenant/oauth2/token",

	"authorize",
	"oauth/userinfo",

	"oauth/introspect",
	"oauth2/introspect",
	"oauth/revoke",
	"oauth2/revoke",
}
View Source 
var OpenAPIPaths = []string{
	"api-docs.json",
	"api-docs.yaml",
	"api-docs.yml",
	"api/openapi.json",
	"api/openapi.yaml",
	"api/openapi.yml",
	"api/swagger.json",
	"docs/api-docs.json",
	"docs/api-docs.yaml",
	"docs/api-docs.yml",
	"docs/openapi.json",
	"docs/openapi.yaml",
	"docs/openapi.yml",
	"docs/swagger.json",
	"docs/swagger.yaml",
	"docs/swagger.yml",
	"swagger/properties.json",
	"swagger/properties.yaml",
	"swagger/docs.json",
	"swagger/docs.yaml",
	"openapi.json",
	"openapi.yaml",
	"openapi.yml",
	"swagger.json",
	"swagger.yaml",
	"swagger.yml",
	"api-spec.json",
	"api-spec.yaml",
	"api-spec.yml",
	"v1/openapi.json",
	"v1/swagger.json",
	"v2/openapi.json",
	"v2/swagger.json",
	"v3/openapi.json",
	"v3/swagger.json",
	"v1/api-docs.json",
	"v2/api-docs.json",
	"v3/api-docs.json",
	"api/v1/swagger.json",
	"api/v2/swagger.json",
	"api/v3/swagger.json",
	"documentation/openapi.json",
	"documentation/swagger.json",
	"api/documentation/openapi.json",
	"api/documentation/swagger.json",
	"api-documentation/openapi.json",
	"api-documentation/swagger.json",
	"spec/openapi.json",
	"spec/swagger.json",
	"api/spec/openapi.json",
	"api/spec/swagger.json",
	"schema/openapi.json",
	"schema/swagger.json",
	"api/schema/openapi.json",
	"api/schema/swagger.json",
	"reference/openapi.json",
	"reference/swagger.json",
	"api/reference/openapi.json",
	"api/reference/swagger.json",
	"swagger-ui/swagger.json",
	"swagger-resources/swagger.json",
	"api/swagger-resources/swagger.json",
	"swagger-config.json",
	"api-definition.json",
	"api/definition/swagger.json",
}
View Source 
var PHPInfoPaths = []string{
	"phpinfo.php",
	"info.php",
	"php_info.php",
	"test.php",
	"i.php",
	"php/phpinfo.php",
	"php/info.php",
	"phpinfo",
	"test/phpinfo.php",
}
View Source 
var PaymentTestPaths = []string{

	"stripe/test",
	"stripe-webhook",
	"stripe/webhook",
	"payment-intents/test",

	"paypal/sandbox",
	"paypal/ipn",

	"checkout/test",
	"payments/test",
	"payment/sandbox",
	"checkout/sandbox",
	"payment/test",
	"api/payments/test",
	"v1/payments/test",

	"square/sandbox",
	"braintree/sandbox",
	"braintree/test",
	"adyen/test",
	"adyen/webhook/test",
	"mollie/test",
	"razorpay/test",
	"cybersource/test",
	"checkout.com/test",

	"webhooks/payment/test",
	"payment/webhook/test",

	"api/v1/payments/test",
	"api/v1/checkout/test",

	"payment/debug",
	"payment/sandbox/debug",
}
View Source 
var PrometheusMetricsPaths = []string{
	"metrics",
	"api/metrics",
	"prometheus",
	"prometheus/metrics",
	"actuator/prometheus",
	"monitoring/prometheus",
	"monitoring/metrics",
	".well-known/metrics",
	"probe/metrics",
	"metrics/prometheus",
	"status/metrics",
	"_prometheus/metrics",
	"app/metrics",
	"v1/metrics",
	"system/metrics",
	"internal/metrics",
	"admin/metrics",
	"public/metrics",
	"stats/prometheus",
	"federate",
	"metric-proxy",
	"metrics/prometheus/federate",
	"core/metrics",
	"prometheus/federate",
	"application/metrics",
	"service/metrics",
	"node/metrics",
	"api/v1/metrics",
	"api/prometheus",
	"api/prometheus/metrics",
}
View Source 
var SSOPaths = []string{
	"saml/metadata",
	".well-known/saml-configuration",
	"saml2/metadata",
	"simplesaml/saml2/idp/metadata.php",
	"simplesaml/module.php/saml/sp/metadata.php/default-sp",
	"Shibboleth.sso/Metadata",
	"sso/metadata",
	"auth/saml2/metadata.php",
	"adfs/ls/idpinitiatedsignon",
	"adfs/services/trust/mex",
	"FederationMetadata/2007-06/FederationMetadata.xml",
	"saml/SSO",
	"sso/saml",
	"login/metadata",
	"metadata/saml20",
	"saml/config",
	"auth/saml/metadata",
	"sso/saml/metadata",
	"okta-saml",
	"onelogin-saml",
	"auth/realms/master/protocol/saml/descriptor",
	"azure/saml2",
	"auth0-saml",
}
View Source 
var ServerInfoPaths = []string{
	"server-info",
	"server-status",
	"status",
	".httpd/server-status",
	"apache/server-status",
	"apache2/server-status",
	"apache-status",
	"nginx_status",
	"nginx-status",
	"httpd/server-info",
	"apache2/server-info",
}
View Source 
var SocketIOPaths = []string{
	"socket.io/",
	"socket.io/info",
	"socket.io/default/",
	"socket.io/websocket/",
	"socketio/",
	"ws/socket.io/",
	"websocket/socket.io/",
	"api/socket.io/",
	"v1/socket.io/",
	"v2/socket.io/",
	"socket.io/?EIO=3",
	"socket.io/?EIO=4",
	"socket.io/1/",
	"socket.io/2/",
	"socket.io/3/",
	"socket.io/4/",
}
View Source 
var TomcatInfoLeakExamplePaths = []string{
	"/examples/jsp/snp/snoop.jsp",
	"/examples/servlet/RequestInfoExample",
	"/examples/servlet/RequestHeaderExample",
	"/examples/servlet/JndiServlet",
	"/examples/servlet/SessionExample",
	"/examples/jsp/sessions/carts.html",
	"/examples/servlet/CookieExample",
	"/examples/servlet/RequestParamExample",
	"/examples/jsp/include/include.jsp",
	"/examples/jsp/dates/date.jsp",
	"/examples/jsp/jsptoserv/jsptoservlet.jsp",
	"/examples/jsp/error/error.html",
	"/examples/jsp/forward/forward.jsp",
	"/examples/jsp/plugin/plugin.jsp",
	"/examples/jsp/mail/sendmail.jsp",
	"/examples/servlet/HelloWorldExample",
	"/examples/jsp/num/numguess.jsp",
	"/examples/jsp/checkbox/check.html",
	"/examples/jsp/colors/colors.html",
	"/examples/jsp/cal/login.html",
	"/examples/jsp/simpletag/foo.jsp",
	"/tomcat-docs/appdev/sample/web/hello.jsp",
}
View Source 
var TomcatUriNormalizationPatterns = []string{
	"..;/manager/html",
	"..;/",
	"%2e%2e%3b/manager/html",
	"%252E%252E/manager/html",
}
View Source 
var VersionControlPaths = []string{
	".git/",
	".git/config",
	".git/HEAD",
	".gitignore",
	".gitattributes",
	".svn/",
	".svn/entries",
	".hg/",
	".hg/hgrc",
	".bzr/",
	".bzr/branch",
	".cvs/",
	"CVS/Entries",
	".gitmodules",
	".gitkeep",
	".Rhistory",
	".DS_Store",
	".project",
	".classpath",
	".idea/",
	".vscode/",
	".hg/store",
	"CVS/Repository",
	".bzr/checkout",
	".bzr/repository",
}
View Source 
var WSDLPaths = []string{

	"service?wsdl",
	"service.wsdl",
	"services/service.wsdl",
	"wsdl",
	"?wsdl",

	"ws/service?wsdl",
	"services?wsdl",
	"webservices?wsdl",
	"axis/services?wsdl",
	"axis2/services?wsdl",

	"Service.asmx?WSDL",
	"Service.asmx?wsdl",
	"webservice.asmx?wsdl",
	"service.svc?wsdl",
	"*.svc?wsdl",

	"soap?wsdl",
	"soap/service?wsdl",
	"soap/server?wsdl",
	"nusoap/service?wsdl",

	"v1/service?wsdl",
	"v2/service?wsdl",
	"api/v1/service?wsdl",
	"api/v2/service?wsdl",

	"axis2-web/services?wsdl",
	"jaxws/services?wsdl",
	"cxf/services?wsdl",
	"metro/services?wsdl",
}

WSDLPaths contains common paths where WSDL files might be found

View Source 
var WebServerControlPaths = []string{
	".htaccess",
	".htpasswd",
	"admin/.htaccess",
	".htaccess.bak",
	".htpasswd.bak",
}
View Source 
var WordPressPaths = []string{
	"wp-login.php",
	"wp-admin/",
	"wp-content/",
	"wp-includes/",
	"wp-json/",
	"xmlrpc.php",
}

Functions

func DefaultValidationFunc 

func DefaultValidationFunc(history *db.History) (bool, string, int)

DefaultValidationFunc validates based on HTTP status code 200

func IsActuatorValidationFunc 

func IsActuatorValidationFunc(history *db.History) (bool, string, int)

func IsAdminInterfaceValidationFunc 

func IsAdminInterfaceValidationFunc(history *db.History) (bool, string, int)

func IsAspNetTraceValidationFunc 

func IsAspNetTraceValidationFunc(history *db.History) (bool, string, int)

IsAspNetTraceValidationFunc validates if the response indicates an exposed ASP.NET trace page

func IsAxis2ValidationFunc 

func IsAxis2ValidationFunc(history *db.History) (bool, string, int)

func IsCICDBuildFileValidationFunc 

func IsCICDBuildFileValidationFunc(history *db.History) (bool, string, int)

func IsDBManagementValidationFunc 

func IsDBManagementValidationFunc(history *db.History) (bool, string, int)

func IsDockerAPIValidationFunc 

func IsDockerAPIValidationFunc(history *db.History) (bool, string, int)

func IsElmahValidationFunc 

func IsElmahValidationFunc(history *db.History) (bool, string, int)

func IsEnvFileValidationFunc 

func IsEnvFileValidationFunc(history *db.History) (bool, string, int)

func IsFlashCrossDomainValidationFunc 

func IsFlashCrossDomainValidationFunc(history *db.History) (bool, string, int)

func IsGRPCValidationFunc 

func IsGRPCValidationFunc(history *db.History) (bool, string, int)

func IsGraphQLValidationFunc 

func IsGraphQLValidationFunc(history *db.History) (bool, string, int)

func IsHTTPJMXValidationFunc 

func IsHTTPJMXValidationFunc(history *db.History) (bool, string, int)

func IsJBossConsoleValidationFunc 

func IsJBossConsoleValidationFunc(history *db.History) (bool, string, int)

func IsJBossInvokerValidationFunc 

func IsJBossInvokerValidationFunc(history *db.History) (bool, string, int)

func IsJBossStatusValidationFunc 

func IsJBossStatusValidationFunc(history *db.History) (bool, string, int)

func IsKubernetesValidationFunc 

func IsKubernetesValidationFunc(history *db.History) (bool, string, int)

func IsLogFileValidationFunc 

func IsLogFileValidationFunc(history *db.History) (bool, string, int)

func IsOpenAPIValidationFunc 

func IsOpenAPIValidationFunc(history *db.History) (bool, string, int)

func IsPrometheusMetricsValidationFunc 

func IsPrometheusMetricsValidationFunc(history *db.History) (bool, string, int)

func IsSensitiveConfigFileValidationFunc 

func IsSensitiveConfigFileValidationFunc(history *db.History) (bool, string, int)

func IsTomcatExampleValidationFunc 

func IsTomcatExampleValidationFunc(history *db.History) (bool, string, int)

func IsTomcatManagerResponse 

func IsTomcatManagerResponse(history *db.History) (bool, string, int)

func IsVersionControlFileValidationFunc 

func IsVersionControlFileValidationFunc(history *db.History) (bool, string, int)

func IsWSDLValidationFunc 

func IsWSDLValidationFunc(history *db.History) (bool, string, int)

func IsWebServerControlFileValidationFunc 

func IsWebServerControlFileValidationFunc(history *db.History) (bool, string, int)

IsWebServerControlFileValidationFunc validates if the response indicates an exposed access control file

func IsWordPressValidationFunc 

func IsWordPressValidationFunc(history *db.History) (bool, string, int)

Types

type AllowAccess 

type AllowAccess struct {
	Domain string `xml:"domain,attr"`
	Secure string `xml:"secure,attr"`
}

type AllowHeader 

type AllowHeader struct {
	Domain  string `xml:"domain,attr"`
	Headers string `xml:"headers,attr"`
	Secure  string `xml:"secure,attr"`
}

type CloudProvider 

type CloudProvider struct {
	Name    string
	Paths   []string
	Headers map[string]string
}

type CrossDomainPolicy 

type CrossDomainPolicy struct {
	XMLName      xml.Name      `xml:"cross-domain-policy"`
	AllowAccess  []AllowAccess `xml:"allow-access-from"`
	AllowHeaders []AllowHeader `xml:"allow-http-request-headers-from"`
}

type DiscoverAndCreateIssueInput 

type DiscoverAndCreateIssueInput struct {
	DiscoveryInput
	ValidationFunc   ValidationFunc
	IssueCode        db.IssueCode
	SeverityOverride string
}

type DiscoverAndCreateIssueResults 

type DiscoverAndCreateIssueResults struct {
	DiscoverResults
	Issues []db.Issue `json:"issues"`
	Errors []error    `json:"errors,omitempty"`
}

func DiscoverActuatorEndpoints 

func DiscoverActuatorEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverAdminInterfaces 

func DiscoverAdminInterfaces(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverAndCreateIssue 

func DiscoverAndCreateIssue(input DiscoverAndCreateIssueInput) (DiscoverAndCreateIssueResults, error)

func DiscoverAspNetTrace 

func DiscoverAspNetTrace(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverAxis2Endpoints 

func DiscoverAxis2Endpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverCICDBuildFiles 

func DiscoverCICDBuildFiles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverCloudMetadata 

func DiscoverCloudMetadata(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverDBManagementInterfaces 

func DiscoverDBManagementInterfaces(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverDockerAPIEndpoints 

func DiscoverDockerAPIEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverElmah 

func DiscoverElmah(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverEnvFiles 

func DiscoverEnvFiles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverFlashCrossDomainPolicy 

func DiscoverFlashCrossDomainPolicy(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverGRPCEndpoints 

func DiscoverGRPCEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverGraphQLEndpoints 

func DiscoverGraphQLEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverHTTPJMXEndpoints 

func DiscoverHTTPJMXEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverJBossConsoles 

func DiscoverJBossConsoles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverJBossInvokers 

func DiscoverJBossInvokers(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverJBossStatus 

func DiscoverJBossStatus(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverKubernetesEndpoints 

func DiscoverKubernetesEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverLogFiles 

func DiscoverLogFiles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverMetricsEndpoints 

func DiscoverMetricsEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverOAuthEndpoints 

func DiscoverOAuthEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverOpenapiDefinitions 

func DiscoverOpenapiDefinitions(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverPHPInfo 

func DiscoverPHPInfo(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverPaymentTestEndpoints 

func DiscoverPaymentTestEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverSSOEndpoints 

func DiscoverSSOEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverSensitiveConfigFiles 

func DiscoverSensitiveConfigFiles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverServerInfo 

func DiscoverServerInfo(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverSocketIO 

func DiscoverSocketIO(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverTomcatExamples 

func DiscoverTomcatExamples(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverTomcatUriNormalization 

func DiscoverTomcatUriNormalization(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverVersionControlFiles 

func DiscoverVersionControlFiles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverWSDLDefinitions 

func DiscoverWSDLDefinitions(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

func DiscoverWebServerControlFiles 

func DiscoverWebServerControlFiles(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

DiscoverWebServerControlFiles attempts to find exposed web server access control files

func DiscoverWordPressEndpoints 

func DiscoverWordPressEndpoints(options DiscoveryOptions) (DiscoverAndCreateIssueResults, error)

type DiscoverResults 

type DiscoverResults struct {
	Responses []*db.History `json:"responses"`
	Errors    []error       `json:"errors,omitempty"`
	Stopped   bool          `json:"stopped,omitempty"`
}

func DiscoverPaths 

func DiscoverPaths(input DiscoveryInput) (DiscoverResults, error)

type DiscoveryInput 

type DiscoveryInput struct {
	URL                    string `json:"url"`
	HistoryCreationOptions http_utils.HistoryCreationOptions
	Method                 string                   `json:"method"`
	Body                   string                   `json:"body"`
	Concurrency            int                      `json:"concurrency"`
	Timeout                int                      `json:"timeout"`
	Paths                  []string                 `json:"paths"`
	Headers                map[string]string        `json:"headers"`
	StopAfterValid         bool                     `json:"stop_after_valid"`
	ValidationFunc         ValidationFunc           `json:"-"`
	HttpClient             *http.Client             `json:"-"`
	SiteBehavior           *http_utils.SiteBehavior `json:"-"`
	ScanMode               scan_options.ScanMode    `json:"-"`
}

func (*DiscoveryInput) Validate 

func (d *DiscoveryInput) Validate() error

Validate checks and sets default values for DiscoveryInput

type DiscoveryOptions 

type DiscoveryOptions struct {
	BaseURL                string                            `json:"base_url"`
	HistoryCreationOptions http_utils.HistoryCreationOptions `json:"history_creation_options"`
	HttpClient             *http.Client                      `json:"-"`
	SiteBehavior           *http_utils.SiteBehavior          `json:"site_behavior"`
	BaseHeaders            map[string][]string               `json:"base_headers" validate:"omitempty"`
	ScanMode               scan_options.ScanMode             `json:"scan_mode" validate:"omitempty,oneof=fast smart fuzz"`
}

type DiscoveryResult 

type DiscoveryResult struct {
	Source  string
	Results DiscoverAndCreateIssueResults
}

func DiscoverAll 

func DiscoverAll(options DiscoveryOptions) ([]DiscoveryResult, error)

type GraphQLValidationResponse 

type GraphQLValidationResponse struct {
	Data *struct {
		Schema struct {
			QueryType struct {
				Name string `json:"name"`
			} `json:"queryType"`
			Types []struct {
				Name string `json:"name"`
				Kind string `json:"kind"`
			} `json:"types"`
		} `json:"__schema"`
	} `json:"data"`
	Errors []struct {
		Message string `json:"message"`
	} `json:"errors"`
}

type ValidationFunc 

type ValidationFunc func(*db.History) (bool, string, int)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.