Documentation
¶
Overview ¶
pkg/scanner/intelligent.go
pkg/scanners/intelligent_helpers.go
pkg/scanners/interfaces.go
Index ¶
- type ActiveModules
- type Asset
- type AttackChain
- type AttackEdge
- type AttackGraph
- type AttackNode
- type AttackStep
- type AuthenticationTester
- type BypassedOrigin
- type Credential
- type Endpoint
- type ExploitEngine
- type ExploitResult
- type ExploitStep
- type ExploitedChain
- type FuzzingEngine
- type IntelligentScanConfig
- type IntelligentScanResult
- type IntelligentScanner
- type PortScanner
- type Prediction
- type ResurrectedEndpoint
- type ScanTarget
- type Service
- type Vulnerability
- type VulnerabilityScanner
- type WebScanner
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActiveModules ¶
type ActiveModules struct {
PortScanner PortScanner
WebScanner WebScanner
VulnScanner VulnerabilityScanner
ExploitEngine ExploitEngine
FuzzingEngine FuzzingEngine
AuthTester AuthenticationTester
}
ActiveModules contains all active scanning modules
type Asset ¶
type Asset struct {
Type string // domain, subdomain, ip, service
Value string
Confidence float64
Source string
Metadata map[string]interface{}
}
Asset represents a discovered asset
type AttackChain ¶
type AttackChain struct {
Name string
Description string
Steps []AttackStep
Impact string
Likelihood float64
Verified bool
}
AttackChain represents a multi-step attack path
type AttackEdge ¶
AttackEdge represents an edge in the attack graph
type AttackGraph ¶
type AttackGraph struct {
Nodes map[string]*AttackNode
Edges []*AttackEdge
}
AttackGraph represents a graph of attack paths
type AttackNode ¶
type AttackNode struct {
ID string
Vulnerability Vulnerability
Type string
Exploitable bool
}
AttackNode represents a node in the attack graph
type AttackStep ¶
AttackStep represents a single step in an attack chain
type AuthenticationTester ¶
type AuthenticationTester interface {
TestAuthBypass(ctx context.Context, url string) *Vulnerability
TestWeakCredentials(ctx context.Context, url string) []Credential
}
AuthenticationTester interface for auth testing
type BypassedOrigin ¶
type BypassedOrigin struct {
Protection string // CloudFlare, Akamai, etc
OriginIP string
Method string
Evidence []string
Verified bool
}
BypassedOrigin represents a successfully bypassed protection
type Credential ¶
Credential represents discovered credentials
type Endpoint ¶
type Endpoint struct {
URL string
Method string
Parameters []string
StatusCode int
Title string
Technology []string
Interesting bool
}
Endpoint represents a web endpoint
type ExploitEngine ¶
type ExploitEngine interface {
ExploitVulnerability(ctx context.Context, vuln Vulnerability) (*ExploitResult, error)
GeneratePayload(vulnType string) string
}
ExploitEngine interface for exploitation
type ExploitResult ¶
ExploitResult represents the result of an exploitation attempt
type ExploitStep ¶
ExploitStep represents a step in an exploitation chain
type ExploitedChain ¶
type ExploitedChain struct {
ChainID string
Target string
Steps []ExploitStep
Impact string
ProofOfConcept string
}
ExploitedChain represents a successfully exploited attack chain
type FuzzingEngine ¶
type FuzzingEngine interface {
FuzzEndpoint(ctx context.Context, url string, params []string) []Vulnerability
GenerateFuzzPayloads(paramType string) []string
}
FuzzingEngine interface for fuzzing
type IntelligentScanConfig ¶
type IntelligentScanConfig struct {
// Scan targeting
PrioritizeBypassedOrigins bool
ScanDeletedEndpoints bool
TestPredictedEndpoints bool
VerifySecurityChanges bool
// Performance
MaxConcurrency int
TimeoutPerTarget time.Duration
RetryFailedScans bool
// Intelligence thresholds
MinConfidenceForScan float64
MinSeverityForPriority types.Severity
// Scan depth
DeepScanHighValue bool
ChainExploits bool
}
IntelligentScanConfig contains configuration for intelligent scanning
type IntelligentScanResult ¶
type IntelligentScanResult struct {
Target string
StartTime time.Time
EndTime time.Time
Duration time.Duration
// Discovered assets
Assets []Asset
Services []Service
Endpoints []Endpoint
// Findings
Findings []types.Finding
Vulnerabilities []Vulnerability
AttackChains []AttackChain
// Intelligence-driven results
BypassedOrigins []BypassedOrigin
ResurrectedEndpoints []ResurrectedEndpoint
ExploitedChains []ExploitedChain
// Metrics
IntelligenceHits int
FalsePositives int
TruePositives int
}
IntelligentScanResult contains results from intelligent scanning
type IntelligentScanner ¶
type IntelligentScanner struct {
// contains filtered or unexported fields
}
IntelligentScanner uses passive intelligence to guide active scanning
func NewIntelligentScanner ¶
func NewIntelligentScanner(logger *logger.Logger, passiveModules passive.PassiveModules, activeModules ActiveModules) *IntelligentScanner
NewIntelligentScanner creates a new intelligent scanner
func (*IntelligentScanner) ScanWithContext ¶
func (s *IntelligentScanner) ScanWithContext(ctx context.Context, target string, intel *passive.PassiveIntel) (*IntelligentScanResult, error)
ScanWithContext allows passing pre-gathered intelligence
func (*IntelligentScanner) ScanWithIntelligence ¶
func (s *IntelligentScanner) ScanWithIntelligence(ctx context.Context, target string) (*IntelligentScanResult, error)
ScanWithIntelligence performs intelligent scanning based on passive intel
type PortScanner ¶
type PortScanner interface {
ScanPorts(ctx context.Context, host string) []Service
ScanAllPorts(ctx context.Context, host string) []Service
}
PortScanner interface for port scanning
type Prediction ¶
type Prediction struct {
Type string // endpoint, subdomain, parameter
Value string
Pattern string
Confidence float64
}
Prediction represents a predicted asset
type ResurrectedEndpoint ¶
type ResurrectedEndpoint struct {
URL string
OriginalStatus int
CurrentStatus int
Parameters []string
StillFunctional bool
LastSeen time.Time
}
ResurrectedEndpoint represents a deleted endpoint that still exists
type ScanTarget ¶
type ScanTarget struct {
Type string // origin_ip, endpoint, subdomain, predicted
Value string // IP, URL, or domain
Priority int // 1-10, higher is more important
Confidence float64 // 0-1, confidence in the target
Context map[string]interface{} // Additional context for scanning
}
ScanTarget represents a prioritized scan target
type Service ¶
type Service struct {
Host string
Port int
Protocol string
Name string
Version string
Banner string
Fingerprint map[string]string
}
Service represents a discovered service
type Vulnerability ¶
type Vulnerability struct {
Type string
Severity types.Severity
Title string
Description string
Endpoint string
Evidence string
Exploitable bool
ExploitCode string
}
Vulnerability represents a confirmed vulnerability
type VulnerabilityScanner ¶
type VulnerabilityScanner interface {
TestSQLInjection(ctx context.Context, url string, params []string) *Vulnerability
TestXSS(ctx context.Context, url string, params []string) *Vulnerability
TestSSRF(ctx context.Context, url string, params []string) *Vulnerability
}
VulnerabilityScanner interface for vulnerability scanning
Source Files
Directories