Documentation ¶
Index ¶
- Constants
- Variables
- func ContentTypesScan(item *db.History)
- func CreateJavascriptSourcesAndSinksInformationalIssue(history *db.History, jsSources []string, jsSinks []string, ...)
- func DBConnectionStringScan(item *db.History)
- func DatabaseErrorScan(item *db.History)
- func DirectoryListingScan(item *db.History)
- func EmailAddressScan(item *db.History)
- func ExceptionsScan(item *db.History)
- func ExtractURLs(response string) []string
- func FileUploadScan(item *db.History)
- func GetUniqueNucleiTags(fingerprints []Fingerprint) []string
- func JwtDetectionScan(item *db.History)
- func LeakedApiKeysScan(item *db.History)
- func MissconfigurationScan(item *db.History)
- func PassiveJavascriptScan(item *db.History)
- func PasswordInGetRequestScan(item *db.History)
- func PrivateIPScan(item *db.History)
- func PrivateKeyScan(item *db.History)
- func ReportFingerprints(baseURL string, fingerprints []Fingerprint, workspaceID, taskID uint)
- func ScanHistoryItem(item *db.History)
- func ScanHistoryItemHeaders(item *db.History)
- func SearchXPathErrors(text string) string
- func ServerSideIncludesUsageScan(item *db.History)
- func SessionTokenInURLScan(item *db.History)
- func StorageBucketDetectionScan(item *db.History)
- func UnencryptedPasswordFormDetectionScan(item *db.History)
- func WebSocketUsageScan(item *db.History)
- type DatabaseErrorMatch
- type ExtractedURLS
- type Fingerprint
- type HeaderAnalysisResult
- type HeaderCheck
- type HeaderCheckMatcher
- type HeaderData
- type JavascriptSecret
- type MatchResult
- type MatcherCondition
- type MatcherType
- type SensibleData
Constants ¶
View Source
const ( Exists MatcherType = "exists" NotExists MatcherType = "not-exists" Regex MatcherType = "regex" Contains MatcherType = "contains" NotContains MatcherType = "not-contains" Equals MatcherType = "equals" NotEquals MatcherType = "not-equals" StartsWith MatcherType = "starts-with" EndsWith MatcherType = "ends-with" And MatcherCondition = "and" Or MatcherCondition = "or" )
View Source
const ( CommonJsSourcesPattern = `` /* 241-byte string literal not displayed */ CommonJsSinksPattern = `` /* 217-byte string literal not displayed */ CommonJquerySinksPattern = `` /* 145-byte string literal not displayed */ )
Regular expression patterns
Variables ¶
View Source
var ( CommonJsSourcesRegex = regexp.MustCompile(CommonJsSourcesPattern) CommonJsSinksRegex = regexp.MustCompile(CommonJsSinksPattern) CommonJquerySinksRegex = regexp.MustCompile(CommonJquerySinksPattern) )
Compiled regular expressions
View Source
var AzureBucketPattern = regexp.MustCompile(`(([\w.-]+\.blob\.core\.windows\.net(?::\d+)?\\?/[\w.-]+)(?:.*?\?.*se=([\w%-]+))?)`)
View Source
var AzureCosmosPattern = regexp.MustCompile(`(([\w.-]+\.documents\.azure\.com(?::\d+)?\\?/[\w.-]+)(?:.*?\?.*se=([\w%-]+))?)`)
View Source
var AzureFilePattern = regexp.MustCompile(`(([\w.-]+\.file\.core\.windows\.net(?::\d+)?\\?/[\w.-]+)(?:.*?\?.*se=([\w%-]+))?)`)
View Source
var AzureQueuePattern = regexp.MustCompile(`(([\w.-]+\.queue\.core\.windows\.net(?::\d+)?\\?/[\w.-]+)(?:.*?\?.*se=([\w%-]+))?)`)
View Source
var AzureTablePattern = regexp.MustCompile(`(([\w.-]+\.table\.core\.windows\.net(?::\d+)?\\?/[\w.-]+)(?:.*?\?.*se=([\w%-]+))?)`)
View Source
var BucketAccessDeniedPattern = regexp.MustCompile(`(?i)(<Code>AccessDenied</Code>|Code: AccessDenied)`)
View Source
var BucketInvalidURIPattern = regexp.MustCompile(`(?i)(<Code>InvalidURI</Code>|Code: InvalidURI|NoSuchKey)`)
View Source
var CloudflareR2Pattern = regexp.MustCompile(`(?:\w+://)?([\w.-]+)\.r2\.dev(/.*)?`)
View Source
var DBMS_ERRORS = map[string][]*regexp.Regexp{
"MySQL": compilePatterns(
`SQL syntax.*MySQL`,
`Warning.*mysql_.*`,
`valid MySQL result`,
`Table '[^']+' doesn't exist`,
`MySqlClient\.`),
"PostgreSQL": compilePatterns(
`PostgreSQL.*ERROR`,
`Warning.*\Wpg_.*`,
`valid PostgreSQL result`,
`PG::([a-zA-Z]*)Error`,
`Npgsql\.`),
"Microsoft SQL Server": compilePatterns(
`Driver.* SQL[\-\_\ ]*Server`,
`OLE DB.* SQL Server`,
`(\W|\A)SQL Server.*Driver`,
`Warning.*mssql_.*`,
`Procedure or function .* expects parameter`,
`Syntax error .* in query expression`,
`SQL Server.*[0-9a-fA-F]{8}`,
`(\W|\A)SQL Server.*[0-9a-fA-F]{8}`,
`(?s)Exception.*\WSystem\.Data\.SqlClient\.`,
`(?s)Exception.*\WRoadhouse\.Cms\.`),
"Microsoft Access": compilePatterns(
`Microsoft Access Driver`,
`JET Database Engine`,
`Access Database Engine`),
"Oracle": compilePatterns(
`\bORA-[0-9][0-9][0-9][0-9]`,
`Oracle error`,
`Oracle.*Driver`,
`Warning.*\Woci_.*`,
`Warning.*\Wora_.*`),
"IBM DB2": compilePatterns(
`CLI Driver.*DB2`,
`DB2 SQL error`,
`\bdb2_\w+\(`),
"SQLite": compilePatterns(
`SQLite/JDBCDriver`,
`SQLite.Exception`,
`System.Data.SQLite.SQLiteException`,
`Warning.*sqlite_.*`,
`Warning.*SQLite3::`,
`sqlite3.OperationalError`,
`sqlite3.ProgrammingError`,
`\[SQLITE_ERROR\]`),
"Sybase": compilePatterns(
`(?i)Warning.*sybase.*`,
`Sybase message`,
`Sybase.*Server message.*`),
"MongoDB": compilePatterns(
`MongoError`,
`failed to connect to server .* on first connect`,
`E11000 duplicate key error collection`,
`collection .* already exists`,
`\bdeadlock\b.*\bdetected\b`,
`unexpected token`,
`invalid .* syntax`,
`Failed to parse:.*'filter'.*`,
`unknown operator:.*`,
`No array filter found for identifier.*in path.*`,
`Cannot use.*as a query operator`,
`Cannot do exclusion on path.*in inclusion projection`,
`Path.*intersects with a project inclusion`,
`Unrecognized expression.*`,
`is not a valid hex number`,
`Failed to parse document from.*: *unexpected character.*after document key`,
),
"CouchDB": compilePatterns(
`unauthorized to access or create database`,
`no_db_file`,
`document update conflict`,
`invalid UTF-8 JSON`,
`badmatch`,
),
"Cassandra": compilePatterns(
`Cassandra.*InvalidQueryException`,
`unterminated string`,
`line .* no viable alternative at input`,
`mismatched input .* expecting .*`,
),
"Redis": compilePatterns(
`redis.*WRONGTYPE`,
`redis.*syntax error`,
),
"Elasticsearch": compilePatterns(
`SearchPhaseExecutionException`,
`QueryParsingException`,
`unexpected token`,
`invalid .* syntax`,
),
"DynamoDB": compilePatterns(
`ValidationException`,
`com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException`,
`ProvisionedThroughputExceededException`,
),
"HBase": compilePatterns(
`org.apache.hadoop.hbase.DoNotRetryIOException`,
`ERROR: org.apache.hadoop.hbase.MasterNotRunningException`,
`org.apache.hadoop.hbase.regionserver.NoSuchColumnFamilyException`,
),
"Neo4j": compilePatterns(
`Neo.ClientError.Statement.SyntaxError`,
`org.neo4j.driver.v1.exceptions.ClientException`,
`org.neo4j.driver.v1.exceptions.DatabaseException`,
),
}
View Source
var GcpFirebase = regexp.MustCompile(`([\w.-]+\.firebaseio\.com)`)
View Source
var GcpFirestorePattern = regexp.MustCompile(`(firestore\.googleapis\.com.*)`)
View Source
var GoogleBucketPattern = regexp.MustCompile(`((?:\w+://)?(?:([\w.-]+)\.storage[\w-]*\.googleapis\.com|(?:(?:console\.cloud\.google\.com/storage/browser/|storage\.cloud\.google\.com|storage[\w-]*\.googleapis\.com)(?:(?::\d+)?\\?/)*|gs://)([\w.-]+))(?:(?::\d+)?\\?/([^\\s?'\"#]*))?(?:.*\?.*Expires=(\d+))?)`)
View Source
var S3BucketPattern = regexp.MustCompile(`((?:\w+://)?(?:([\w.-]+)\.s3[\w.-]*\.amazonaws\.com|s3(?:[\w.-]*\.amazonaws\.com(?:(?::\d+)?\\?/)*|://)([\w.-]+))(?:(?::\d+)?\\?/)?(?:.*?\?.*Expires=(\d+))?)`)
Functions ¶
func ContentTypesScan ¶
func DBConnectionStringScan ¶
func DatabaseErrorScan ¶
func DirectoryListingScan ¶
func EmailAddressScan ¶
func ExceptionsScan ¶
func ExtractURLs ¶
func FileUploadScan ¶
func GetUniqueNucleiTags ¶
func GetUniqueNucleiTags(fingerprints []Fingerprint) []string
func JwtDetectionScan ¶
func LeakedApiKeysScan ¶
func MissconfigurationScan ¶
func PassiveJavascriptScan ¶
func PrivateIPScan ¶
func PrivateKeyScan ¶
func ReportFingerprints ¶
func ReportFingerprints(baseURL string, fingerprints []Fingerprint, workspaceID, taskID uint)
func ScanHistoryItem ¶
func ScanHistoryItemHeaders ¶
func SearchXPathErrors ¶
func SessionTokenInURLScan ¶
func WebSocketUsageScan ¶
Types ¶
type DatabaseErrorMatch ¶
func SearchDatabaseErrors ¶
func SearchDatabaseErrors(text string) *DatabaseErrorMatch
type ExtractedURLS ¶
func ExtractAndAnalyzeURLS ¶
func ExtractAndAnalyzeURLS(response string, extractedFromURL string) ExtractedURLS
ExtractAndAnalyzeURLS extracts urls from a response and analyzes them. It separates web and non web urls and if relative URLs are found, it makes them absolute based on the extractedFromURL parameter it also fixes other cases like //example.com
func ExtractURLsFromHeaders ¶
func ExtractURLsFromHeaders(headers map[string][]string, extractedFromURL string) ExtractedURLS
func ExtractURLsFromHistoryItem ¶
func ExtractURLsFromHistoryItem(history *db.History) ExtractedURLS
type Fingerprint ¶
func FingerprintHistoryItems ¶
func FingerprintHistoryItems(items []*db.History) []Fingerprint
func (*Fingerprint) BuildCPE ¶
func (f *Fingerprint) BuildCPE() (string, error)
func (*Fingerprint) GetNucleiTags ¶
func (f *Fingerprint) GetNucleiTags() string
type HeaderAnalysisResult ¶
type HeaderAnalysisResult struct { Occurrences map[string]map[string]*HeaderData Details string Issue db.Issue }
func AnalyzeHeaders ¶
func AnalyzeHeaders(baseURL string, histories []*db.History) HeaderAnalysisResult
type HeaderCheck ¶
type HeaderCheck struct { Headers []string Matchers []HeaderCheckMatcher MatchCondition MatcherCondition IssueCode db.IssueCode }
func (*HeaderCheck) Check ¶
func (c *HeaderCheck) Check(headers map[string][]string) []MatchResult
func (*HeaderCheck) CheckHeader ¶
func (c *HeaderCheck) CheckHeader(headerName string, headerValues []string) []MatchResult
type HeaderCheckMatcher ¶
type HeaderCheckMatcher struct { MatcherType MatcherType Value string CustomIssueCode db.IssueCode }
func (*HeaderCheckMatcher) CheckMatcher ¶
func (m *HeaderCheckMatcher) CheckMatcher(headerName string, headerValues []string) []MatchResult
func (*HeaderCheckMatcher) Match ¶
func (m *HeaderCheckMatcher) Match(headerValue string) bool
type HeaderData ¶
type JavascriptSecret ¶
type MatchResult ¶
type MatcherCondition ¶
type MatcherCondition string
type MatcherType ¶
type MatcherType string
type SensibleData ¶
func GetHashesFromText ¶
func GetHashesFromText(text string) (findings []SensibleData)
func GetSensibleDataFromText ¶
func GetSensibleDataFromText(text string) (findings []SensibleData)
GetSensibleDataFromText gets sensible data from a string and returns it as a SensibleData slice
Source Files ¶
Click to show internal directories.
Click to hide internal directories.