scan

package
v0.0.0-...-bdd1cc4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2024 License: GPL-3.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ActiveScanWebSocketConnection 

func ActiveScanWebSocketConnection(item *db.WebSocketConnection, interactionsManager *integrations.InteractionsManager, payloadGenerators []*generation.PayloadGenerator, options options.HistoryItemScanOptions)

func CommonSessionCookies 

func CommonSessionCookies() []string

func CommonUsernames 

func CommonUsernames() []string

func CreateRequestFromInsertionPoints 

func CreateRequestFromInsertionPoints(history *db.History, builders []InsertionPointBuilder) (*http.Request, error)

func EvaluateWebSocketConnections 

func EvaluateWebSocketConnections(connections []db.WebSocketConnection, interactionsManager *integrations.InteractionsManager, payloadGenerators []*generation.PayloadGenerator, options options.HistoryItemScanOptions)

func GetCommonOpenRedirectParameters 

func GetCommonOpenRedirectParameters() []string

GetCommonOpenRedirectParameters returns a list of common parameters known to be used in open redirect vulnerabilities

func IsCommonOpenRedirectParameter 

func IsCommonOpenRedirectParameter(param string) bool

func JavaSoftwareList 

func JavaSoftwareList() []string

func NodeSoftwareList 

func NodeSoftwareList() []string

func PhpSoftwareList 

func PhpSoftwareList() []string

func SaveInteractionCallback 

func SaveInteractionCallback(interaction *server.Interaction)

func SoftwareList 

func SoftwareList(platform Platform) []string

Types

type DetectedIssue 

type DetectedIssue struct {
	// contains filtered or unexported fields
}

func (DetectedIssue) String 

func (di DetectedIssue) String() string

type FuzzItemOptions 

type FuzzItemOptions struct {
	WorkspaceID     uint             `json:"workspace_id" validate:"required,min=0"`
	TaskID          uint             `json:"task_id" validate:"required,min=0"`
	Mode            options.ScanMode `json:"mode" validate:"omitempty,oneof=fast smart fuzz"`
	FingerprintTags []string         `json:"fingerprint_tags" validate:"omitempty,dive"`
}

type InsertionPoint 

type InsertionPoint struct {
	Type         InsertionPointType
	Name         string       // the name of the parameter/header/cookie
	Value        string       // the current value
	ValueType    lib.DataType // the type of the value (string, int, float, etc.)
	OriginalData string       // the original data (URL, header string, body, cookie string) in which this insertion point was found
	Behaviour    InsertionPointBehaviour
}

func AnalyzeInsertionPoints 

func AnalyzeInsertionPoints(item *db.History, insertionPoints []InsertionPoint, options InsertionPointAnalysisOptions) []InsertionPoint

AnalyzeInsertionPoints by now just checks for reflection (which was already done by templates) and checks in a really simple way if an insertion point is dynamic. In a future it should be improved to also analyze different kinds of accepted inputs, transformations and other interesting behaviors

func GetAndAnalyzeInsertionPoints 

func GetAndAnalyzeInsertionPoints(item *db.History, scoped []string, options InsertionPointAnalysisOptions) ([]InsertionPoint, error)

func GetInsertionPoints 

func GetInsertionPoints(history *db.History, scoped []string) ([]InsertionPoint, error)

func (*InsertionPoint) String 

func (i *InsertionPoint) String() string

type InsertionPointAnalysisOptions 

type InsertionPointAnalysisOptions struct {
	HistoryCreateOptions http_utils.HistoryCreationOptions
}

type InsertionPointBehaviour 

type InsertionPointBehaviour struct {
	// AcceptedDataTypes []lib.DataType
	IsReflected        bool
	ReflectionContexts []string
	IsDynamic          bool
}

type InsertionPointBuilder 

type InsertionPointBuilder struct {
	Point   InsertionPoint
	Payload string
}

type InsertionPointType 

type InsertionPointType string
const (
	InsertionPointTypeParameter InsertionPointType = "parameter"
	InsertionPointTypeHeader    InsertionPointType = "header"
	InsertionPointTypeBody      InsertionPointType = "body"
	InsertionPointTypeCookie    InsertionPointType = "cookie"
	InsertionPointTypeURLPath   InsertionPointType = "urlpath"
	InsertionPointTypeFullBody  InsertionPointType = "fullbody"
)

type Platform 

type Platform string
const (
	PlatformJava Platform = "java"
	PlatformPhp  Platform = "php"
	PlatformNode Platform = "node"
)

func ParsePlatform 

func ParsePlatform(platform string) Platform

func (Platform) MatchesAnyFingerprint 

func (p Platform) MatchesAnyFingerprint(fingerprints []lib.Fingerprint) bool

func (Platform) String 

func (p Platform) String() string

type TemplateScanner 

type TemplateScanner struct {
	Concurrency         int
	InteractionsManager *integrations.InteractionsManager
	AvoidRepeatedIssues bool
	WorkspaceID         uint
	Mode                options.ScanMode
	// contains filtered or unexported fields
}

func (*TemplateScanner) EvaluateDetectionMethod 

func (f *TemplateScanner) EvaluateDetectionMethod(result TemplateScannerResult, method generation.DetectionMethod) (bool, string, int, error)

EvaluateDetectionMethod evaluates a detection method and returns a boolean indicating if it matched, a description of the match, the confidence and a possible error

func (*TemplateScanner) EvaluateResult 

func (f *TemplateScanner) EvaluateResult(result TemplateScannerResult) (bool, string, int, error)

func (*TemplateScanner) Run 

func (f *TemplateScanner) Run(history *db.History, payloadGenerators []*generation.PayloadGenerator, insertionPoints []InsertionPoint, options options.HistoryItemScanOptions) map[string][]TemplateScannerResult

Run starts the fuzzing job

type TemplateScannerResult 

type TemplateScannerResult struct {
	Original       *db.History
	Result         *db.History
	Response       http.Response
	ResponseData   http_utils.FullResponseData
	Err            error
	Payload        generation.Payload
	InsertionPoint InsertionPoint
	Duration       time.Duration
	Issue          *db.Issue
}

type TemplateScannerTask 

type TemplateScannerTask struct {
	// contains filtered or unexported fields
}

type Transformation 

type Transformation struct {
	From         string
	FromDatatype lib.DataType
	To           string
	ToDatatype   lib.DataType
}

type WebSocketScanner 

type WebSocketScanner struct {
	Concurrency         int
	InteractionsManager *integrations.InteractionsManager
	AvoidRepeatedIssues bool
	WorkspaceID         uint
	// contains filtered or unexported fields
}

func (*WebSocketScanner) EvaluateResult 

func (f *WebSocketScanner) EvaluateResult(result WebSocketScannerResult) (bool, string, int, error)

func (*WebSocketScanner) Run 

func (f *WebSocketScanner) Run(message *db.WebSocketMessage, payloadGenerators []*generation.PayloadGenerator, insertionPoints []InsertionPoint, options options.HistoryItemScanOptions) map[string][]WebSocketScannerResult

type WebSocketScannerResult 

type WebSocketScannerResult struct {
	Original *db.WebSocketMessage
	Result   *db.WebSocketMessage
	Err      error
	Payload  generation.Payload
	Duration time.Duration
	Issue    *db.Issue
}

type WebSocketScannerTask 

type WebSocketScannerTask struct {
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.