recovery

package
v0.0.0-...-d1533f9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIEndpointBypass 

type APIEndpointBypass struct {
	// contains filtered or unexported fields
}

APIEndpointBypass tests for API endpoint bypasses

func (*APIEndpointBypass) Category 

func (a *APIEndpointBypass) Category() string

func (*APIEndpointBypass) Description 

func (a *APIEndpointBypass) Description() string

func (*APIEndpointBypass) Name 

func (a *APIEndpointBypass) Name() string

func (*APIEndpointBypass) Severity 

func (a *APIEndpointBypass) Severity() string

func (*APIEndpointBypass) Test 

func (a *APIEndpointBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type AccountRecoveryTester 

type AccountRecoveryTester struct {
	// contains filtered or unexported fields
}

AccountRecoveryTester provides comprehensive account recovery testing

func NewAccountRecoveryTester 

func NewAccountRecoveryTester(config *logic.TestConfig) *AccountRecoveryTester

NewAccountRecoveryTester creates a new account recovery tester

func (*AccountRecoveryTester) TestAllMethods 

func (a *AccountRecoveryTester) TestAllMethods(target string) []logic.Vulnerability

TestAllMethods tests all account recovery methods

type AdminRecoveryMethod 

type AdminRecoveryMethod struct {
	// contains filtered or unexported fields
}

func (*AdminRecoveryMethod) IsEnabled 

func (a *AdminRecoveryMethod) IsEnabled(target string) bool

func (*AdminRecoveryMethod) Name 

func (a *AdminRecoveryMethod) Name() string

func (*AdminRecoveryMethod) Test 

func (a *AdminRecoveryMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type BackupCodeBypass 

type BackupCodeBypass struct {
	// contains filtered or unexported fields
}

BackupCodeBypass tests for backup code vulnerabilities

func (*BackupCodeBypass) Category 

func (b *BackupCodeBypass) Category() string

func (*BackupCodeBypass) Description 

func (b *BackupCodeBypass) Description() string

func (*BackupCodeBypass) Name 

func (b *BackupCodeBypass) Name() string

func (*BackupCodeBypass) Severity 

func (b *BackupCodeBypass) Severity() string

func (*BackupCodeBypass) Test 

func (b *BackupCodeBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type BackupCodeMethod 

type BackupCodeMethod struct {
	// contains filtered or unexported fields
}

BackupCodeMethod tests backup code recovery

func (*BackupCodeMethod) IsEnabled 

func (b *BackupCodeMethod) IsEnabled(target string) bool

func (*BackupCodeMethod) Name 

func (b *BackupCodeMethod) Name() string

func (*BackupCodeMethod) Test 

func (b *BackupCodeMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type BiometricRecoveryMethod 

type BiometricRecoveryMethod struct {
	// contains filtered or unexported fields
}

func (*BiometricRecoveryMethod) IsEnabled 

func (b *BiometricRecoveryMethod) IsEnabled(target string) bool

func (*BiometricRecoveryMethod) Name 

func (b *BiometricRecoveryMethod) Name() string

func (*BiometricRecoveryMethod) Test 

func (b *BiometricRecoveryMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type Config 

type Config struct {
	TokenSamples      int
	TestHostHeader    bool
	TestTokenEntropy  bool
	BruteForceThreads int
	RequestDelay      time.Duration
	Timeout           time.Duration
}

Config holds configuration for recovery testing

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns default configuration

type CookieManipulation 

type CookieManipulation struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

type CookieManipulationBypass 

type CookieManipulationBypass struct {
	// contains filtered or unexported fields
}

CookieManipulationBypass tests for cookie manipulation bypasses

func (*CookieManipulationBypass) Category 

func (c *CookieManipulationBypass) Category() string

func (*CookieManipulationBypass) Description 

func (c *CookieManipulationBypass) Description() string

func (*CookieManipulationBypass) Name 

func (c *CookieManipulationBypass) Name() string

func (*CookieManipulationBypass) Severity 

func (c *CookieManipulationBypass) Severity() string

func (*CookieManipulationBypass) Test 

func (c *CookieManipulationBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type DeviceRecoveryMethod 

type DeviceRecoveryMethod struct {
	// contains filtered or unexported fields
}

func (*DeviceRecoveryMethod) IsEnabled 

func (d *DeviceRecoveryMethod) IsEnabled(target string) bool

func (*DeviceRecoveryMethod) Name 

func (d *DeviceRecoveryMethod) Name() string

func (*DeviceRecoveryMethod) Test 

func (d *DeviceRecoveryMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type Email 

type Email struct {
	To      string
	From    string
	Subject string
	Body    string
	Headers map[string]string
}

Email represents an intercepted email

type EmailChecker 

type EmailChecker struct {
	// contains filtered or unexported fields
}

EmailChecker simulates email checking functionality

func NewEmailChecker 

func NewEmailChecker() *EmailChecker

NewEmailChecker creates a new email checker

func (*EmailChecker) AddEmail 

func (e *EmailChecker) AddEmail(email string, subject, body string)

AddEmail adds an email to the checker (for testing)

func (*EmailChecker) GetLastEmail 

func (e *EmailChecker) GetLastEmail(email string) *EmailMessage

GetLastEmail retrieves the last email for a given address

type EmailMessage 

type EmailMessage struct {
	To        string    `json:"to"`
	Subject   string    `json:"subject"`
	Body      string    `json:"body"`
	Timestamp time.Time `json:"timestamp"`
}

EmailMessage represents an email message

type EmailRecoveryMethod 

type EmailRecoveryMethod struct {
	// contains filtered or unexported fields
}

EmailRecoveryMethod tests email-based recovery

func (*EmailRecoveryMethod) IsEnabled 

func (e *EmailRecoveryMethod) IsEnabled(target string) bool

func (*EmailRecoveryMethod) Name 

func (e *EmailRecoveryMethod) Name() string

func (*EmailRecoveryMethod) Test 

func (e *EmailRecoveryMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type FlowManipulationBypass 

type FlowManipulationBypass struct {
	// contains filtered or unexported fields
}

FlowManipulationBypass tests for flow manipulation bypasses

func (*FlowManipulationBypass) Category 

func (f *FlowManipulationBypass) Category() string

func (*FlowManipulationBypass) Description 

func (f *FlowManipulationBypass) Description() string

func (*FlowManipulationBypass) Name 

func (f *FlowManipulationBypass) Name() string

func (*FlowManipulationBypass) Severity 

func (f *FlowManipulationBypass) Severity() string

func (*FlowManipulationBypass) Test 

func (f *FlowManipulationBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type KnowledgeBasedMethod 

type KnowledgeBasedMethod struct {
	// contains filtered or unexported fields
}

func (*KnowledgeBasedMethod) IsEnabled 

func (k *KnowledgeBasedMethod) IsEnabled(target string) bool

func (*KnowledgeBasedMethod) Name 

func (k *KnowledgeBasedMethod) Name() string

func (*KnowledgeBasedMethod) Test 

func (k *KnowledgeBasedMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type MFABypassTester 

type MFABypassTester struct {
	// contains filtered or unexported fields
}

MFABypassTester tests for MFA bypass vulnerabilities

func NewMFABypassTester 

func NewMFABypassTester(config *logic.TestConfig) *MFABypassTester

NewMFABypassTester creates a new MFA bypass tester

func (*MFABypassTester) TestAllMethods 

func (m *MFABypassTester) TestAllMethods(target string) []logic.Vulnerability

TestAllMethods tests all MFA bypass methods

type MFAResult 

type MFAResult struct {
	Success   bool   `json:"success"`
	ValidCode bool   `json:"valid_code"`
	Token     string `json:"token,omitempty"`
}

type PasswordResetAnalyzer 

type PasswordResetAnalyzer struct {
	// contains filtered or unexported fields
}

PasswordResetAnalyzer analyzes password reset flows for vulnerabilities

func NewPasswordResetAnalyzer 

func NewPasswordResetAnalyzer(config *logic.TestConfig) *PasswordResetAnalyzer

NewPasswordResetAnalyzer creates a new password reset analyzer

func (*PasswordResetAnalyzer) AnalyzeResetFlow 

func (p *PasswordResetAnalyzer) AnalyzeResetFlow(target string) *ResetFlowAnalysis

AnalyzeResetFlow performs comprehensive password reset flow analysis

type PasswordResetMethod 

type PasswordResetMethod struct {
	// contains filtered or unexported fields
}

PasswordResetMethod tests password reset recovery

func (*PasswordResetMethod) IsEnabled 

func (p *PasswordResetMethod) IsEnabled(target string) bool

func (*PasswordResetMethod) Name 

func (p *PasswordResetMethod) Name() string

func (*PasswordResetMethod) Test 

func (p *PasswordResetMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type RaceConditionBypass 

type RaceConditionBypass struct {
	// contains filtered or unexported fields
}

RaceConditionBypass tests for race condition bypasses

func (*RaceConditionBypass) Category 

func (r *RaceConditionBypass) Category() string

func (*RaceConditionBypass) Description 

func (r *RaceConditionBypass) Description() string

func (*RaceConditionBypass) Name 

func (r *RaceConditionBypass) Name() string

func (*RaceConditionBypass) Severity 

func (r *RaceConditionBypass) Severity() string

func (*RaceConditionBypass) Test 

func (r *RaceConditionBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type RaceConditionTester 

type RaceConditionTester struct {
	// contains filtered or unexported fields
}

RaceConditionTester provides race condition testing utilities

func NewRaceConditionTester 

func NewRaceConditionTester(workers int) *RaceConditionTester

NewRaceConditionTester creates a new race condition tester

func (*RaceConditionTester) TestPasswordResetRace 

func (r *RaceConditionTester) TestPasswordResetRace(endpoint string) []logic.Vulnerability

TestPasswordResetRace tests for race conditions in password reset

type RaceTest 

type RaceTest struct {
	Name string
	Test func(endpoint string) *logic.Vulnerability
}

RaceTest represents a race condition test

type RecoveryFlowBypass 

type RecoveryFlowBypass struct {
	// contains filtered or unexported fields
}

RecoveryFlowBypass tests for recovery flow bypasses

func (*RecoveryFlowBypass) Category 

func (r *RecoveryFlowBypass) Category() string

func (*RecoveryFlowBypass) Description 

func (r *RecoveryFlowBypass) Description() string

func (*RecoveryFlowBypass) Name 

func (r *RecoveryFlowBypass) Name() string

func (*RecoveryFlowBypass) Severity 

func (r *RecoveryFlowBypass) Severity() string

func (*RecoveryFlowBypass) Test 

func (r *RecoveryFlowBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type RecoveryResponse 

type RecoveryResponse struct {
	StatusCode int
	Body       string
	Headers    map[string]string
	Duration   time.Duration
}

type RememberMeBypass 

type RememberMeBypass struct {
	// contains filtered or unexported fields
}

RememberMeBypass tests for "Remember Me" token bypass

func (*RememberMeBypass) Category 

func (r *RememberMeBypass) Category() string

func (*RememberMeBypass) Description 

func (r *RememberMeBypass) Description() string

func (*RememberMeBypass) Name 

func (r *RememberMeBypass) Name() string

func (*RememberMeBypass) Severity 

func (r *RememberMeBypass) Severity() string

func (*RememberMeBypass) Test 

func (r *RememberMeBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type ResetEndpoint 

type ResetEndpoint struct {
	URL          string            `json:"url"`
	Method       string            `json:"method"`
	Parameters   map[string]string `json:"parameters"`
	ContentType  string            `json:"content_type"`
	IsActive     bool              `json:"is_active"`
	ResponseTime time.Duration     `json:"response_time"`
}

ResetEndpoint represents a password reset endpoint

type ResetFlowAnalysis 

type ResetFlowAnalysis struct {
	Target          string                   `json:"target"`
	Endpoints       []ResetEndpoint          `json:"endpoints"`
	TokenAnalysis   logic.TokenAnalysis      `json:"token_analysis"`
	Vulnerabilities []logic.Vulnerability    `json:"vulnerabilities"`
	SecurityScore   int                      `json:"security_score"`
	TestDuration    time.Duration            `json:"test_duration"`
	FlowVulns       ResetFlowVulnerabilities `json:"flow_vulnerabilities"`
	Recommendations []logic.Recommendation   `json:"recommendations"`
}

ResetFlowAnalysis represents the complete analysis results

type ResetFlowVulnerabilities 

type ResetFlowVulnerabilities struct {
	// Token vulnerabilities
	WeakTokenEntropy  bool `json:"weak_token_entropy"`
	PredictableTokens bool `json:"predictable_tokens"`
	TokenNotExpiring  bool `json:"token_not_expiring"`
	TokenReuse        bool `json:"token_reuse"`

	// Flow vulnerabilities
	UserEnumeration     bool `json:"user_enumeration"`
	HostHeaderInjection bool `json:"host_header_injection"`
	RaceCondition       bool `json:"race_condition"`
	BruteForceableToken bool `json:"brute_forceable_token"`

	// Email vulnerabilities
	EmailParamPollution bool `json:"email_param_pollution"`
	CarbonCopyInjection bool `json:"carbon_copy_injection"`
	HTMLInjection       bool `json:"html_injection"`

	// Session vulnerabilities
	SessionNotInvalidated bool `json:"session_not_invalidated"`
	ConcurrentResets      bool `json:"concurrent_resets"`

	// Logic flaws
	PasswordChangeNoToken bool `json:"password_change_no_token"`
	DirectObjectReference bool `json:"direct_object_reference"`
	MissingRateLimit      bool `json:"missing_rate_limit"`
}

ResetFlowVulnerabilities represents all possible reset flow vulnerabilities

type ResponseManipulation 

type ResponseManipulation struct {
	Field string      `json:"field"`
	Value interface{} `json:"value"`
}

type ResponseManipulationBypass 

type ResponseManipulationBypass struct {
	// contains filtered or unexported fields
}

ResponseManipulationBypass tests for response manipulation bypasses

func (*ResponseManipulationBypass) Category 

func (r *ResponseManipulationBypass) Category() string

func (*ResponseManipulationBypass) Description 

func (r *ResponseManipulationBypass) Description() string

func (*ResponseManipulationBypass) Name 

func (r *ResponseManipulationBypass) Name() string

func (*ResponseManipulationBypass) Severity 

func (r *ResponseManipulationBypass) Severity() string

func (*ResponseManipulationBypass) Test 

func (r *ResponseManipulationBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type SMSRecoveryMethod 

type SMSRecoveryMethod struct {
	// contains filtered or unexported fields
}

SMSRecoveryMethod tests SMS-based recovery

func (*SMSRecoveryMethod) IsEnabled 

func (s *SMSRecoveryMethod) IsEnabled(target string) bool

func (*SMSRecoveryMethod) Name 

func (s *SMSRecoveryMethod) Name() string

func (*SMSRecoveryMethod) Test 

func (s *SMSRecoveryMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type SecurityQuestionMethod 

type SecurityQuestionMethod struct {
	// contains filtered or unexported fields
}

SecurityQuestionMethod tests security question recovery

func (*SecurityQuestionMethod) IsEnabled 

func (s *SecurityQuestionMethod) IsEnabled(target string) bool

func (*SecurityQuestionMethod) Name 

func (s *SecurityQuestionMethod) Name() string

func (*SecurityQuestionMethod) Test 

func (s *SecurityQuestionMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type SessionUpgradeBypass 

type SessionUpgradeBypass struct {
	// contains filtered or unexported fields
}

SessionUpgradeBypass tests for session upgrade bypasses

func (*SessionUpgradeBypass) Category 

func (s *SessionUpgradeBypass) Category() string

func (*SessionUpgradeBypass) Description 

func (s *SessionUpgradeBypass) Description() string

func (*SessionUpgradeBypass) Name 

func (s *SessionUpgradeBypass) Name() string

func (*SessionUpgradeBypass) Severity 

func (s *SessionUpgradeBypass) Severity() string

func (*SessionUpgradeBypass) Test 

func (s *SessionUpgradeBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

type SocialRecoveryMethod 

type SocialRecoveryMethod struct {
	// contains filtered or unexported fields
}

func (*SocialRecoveryMethod) IsEnabled 

func (s *SocialRecoveryMethod) IsEnabled(target string) bool

func (*SocialRecoveryMethod) Name 

func (s *SocialRecoveryMethod) Name() string

func (*SocialRecoveryMethod) Test 

func (s *SocialRecoveryMethod) Test(target string, config *logic.TestConfig) []logic.Vulnerability

type TestSession 

type TestSession struct {
	ID       string            `json:"id"`
	Cookies  []*http.Cookie    `json:"cookies"`
	Headers  map[string]string `json:"headers"`
	State    map[string]string `json:"state"`
	Created  time.Time         `json:"created"`
	LastUsed time.Time         `json:"last_used"`
}

TestSession represents a testing session with state

type TokenAnalysis 

type TokenAnalysis struct {
	Entropy       float64
	IsPredictable bool
	Pattern       string
	NextPredicted string
	CommonPrefix  string
	CommonSuffix  string
}

TokenAnalysis contains token analysis results

type TokenAnalyzer 

type TokenAnalyzer struct{}

TokenAnalyzer analyzes security tokens for patterns and entropy

func NewTokenAnalyzer 

func NewTokenAnalyzer() *TokenAnalyzer

NewTokenAnalyzer creates a new token analyzer

func (*TokenAnalyzer) AnalyzeTokens 

func (t *TokenAnalyzer) AnalyzeTokens(tokens []string) logic.TokenAnalysis

AnalyzeTokens performs comprehensive token analysis

type TokenReuseBypass 

type TokenReuseBypass struct {
	// contains filtered or unexported fields
}

TokenReuseBypass tests for token reuse vulnerabilities

func (*TokenReuseBypass) Category 

func (t *TokenReuseBypass) Category() string

func (*TokenReuseBypass) Description 

func (t *TokenReuseBypass) Description() string

func (*TokenReuseBypass) Name 

func (t *TokenReuseBypass) Name() string

func (*TokenReuseBypass) Severity 

func (t *TokenReuseBypass) Severity() string

func (*TokenReuseBypass) Test 

func (t *TokenReuseBypass) Test(target string, config *logic.TestConfig) *logic.Vulnerability

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.