Directories
¶
| Path | Synopsis |
|---|---|
|
Package api wires the chi router, middlewares, and the ogen-generated server into a single http.Handler.
|
Package api wires the chi router, middlewares, and the ogen-generated server into a single http.Handler. |
|
handlers
Package handlers implements the WebSec0 OpenAPI server interface generated by ogen.
|
Package handlers implements the WebSec0 OpenAPI server interface generated by ogen. |
|
middleware
Package middleware exposes the chi-compatible middlewares used by the WebSec0 HTTP server: request-id, panic recovery, slog access log, and a CORS allowlist.
|
Package middleware exposes the chi-compatible middlewares used by the WebSec0 HTTP server: request-id, panic recovery, slog access log, and a CORS allowlist. |
|
spec
Package spec embeds api/openapi.yaml at build time and exposes both the raw YAML bytes and a parsed JSON tree for serving on GET /api/v1/openapi.json.
|
Package spec embeds api/openapi.yaml at build time and exposes both the raw YAML bytes and a parsed JSON tree for serving on GET /api/v1/openapi.json. |
|
sse
Package sse provides a small, dependency-free helper for writing Server-Sent Events that follows the WHATWG `text/event-stream` spec.
|
Package sse provides a small, dependency-free helper for writing Server-Sent Events that follows the WHATWG `text/event-stream` spec. |
|
Package audit writes anonymised scan-event records to an append-only log.
|
Package audit writes anonymised scan-event records to an append-only log. |
|
Package checks defines the Check interface, the result types, and the shared registry/catalog used by both the scanner orchestrator and the HTTP API.
|
Package checks defines the Check interface, the result types, and the shared registry/catalog used by both the scanner orchestrator and the HTTP API. |
|
Package config loads the websec0 configuration from defaults, an optional YAML file, environment variables prefixed with WEBSEC0_, and CLI flags.
|
Package config loads the websec0 configuration from defaults, an optional YAML file, environment variables prefixed with WEBSEC0_, and CLI flags. |
|
Package logging builds the process-wide *slog.Logger from a LoggingConfig.
|
Package logging builds the process-wide *slog.Logger from a LoggingConfig. |
|
Package ratelimit implements per-IP token-bucket rate limiting and per-target cooldown / recent-scan cache.
|
Package ratelimit implements per-IP token-bucket rate limiting and per-target cooldown / recent-scan cache. |
|
Package report converts the raw findings of a completed scan into a scored Report (JSON envelope), a Markdown export, and a SARIF 2.1.0 document.
|
Package report converts the raw findings of a completed scan into a scored Report (JSON envelope), a Markdown export, and a SARIF 2.1.0 document. |
|
Package scanner orchestrates the execution of all registered checks against a Target.
|
Package scanner orchestrates the execution of all registered checks against a Target. |
|
cookies
Package cookies implements the cookie-hardening family of checks.
|
Package cookies implements the cookie-hardening family of checks. |
|
dns
Package dns implements the DNS-hardening family of WebSec0 checks (DNSSEC presence, CAA, AAAA/IPv6, wildcard, dangling CNAME, NS diversity, TTL hygiene).
|
Package dns implements the DNS-hardening family of WebSec0 checks (DNSSEC presence, CAA, AAAA/IPv6, wildcard, dangling CNAME, NS diversity, TTL hygiene). |
|
email
Package email implements the email-security family (SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI).
|
Package email implements the email-security family (SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI). |
|
headers
Package headers implements the HTTP-headers family of WebSec0 checks.
|
Package headers implements the HTTP-headers family of WebSec0 checks. |
|
http
Package http implements the Web/Custom family of WebSec0 checks (HTTP/2-3, mixed content, dangerous methods, CORS, 404 hygiene, compression, robots.txt, change-password well-known, SRI).
|
Package http implements the Web/Custom family of WebSec0 checks (HTTP/2-3, mixed content, dangerous methods, CORS, 404 hygiene, compression, robots.txt, change-password well-known, SRI). |
|
safety
Package safety implements WebSec0's anti-SSRF defences: hostname / IP blocklists, DNS-rebinding-resistant resolution (pin-and-recheck), and a custom net.Dialer that re-validates every outbound connection at the syscall level.
|
Package safety implements WebSec0's anti-SSRF defences: hostname / IP blocklists, DNS-rebinding-resistant resolution (pin-and-recheck), and a custom net.Dialer that re-validates every outbound connection at the syscall level. |
|
tls
Package tls implements the TLS family of WebSec0 checks: modern handshake (TLS 1.2 and 1.3 via crypto/tls), certificate validation, HSTS, and the HTTP→HTTPS redirect probe.
|
Package tls implements the TLS family of WebSec0 checks: modern handshake (TLS 1.2 and 1.3 via crypto/tls), certificate validation, HSTS, and the HTTP→HTTPS redirect probe. |
|
tls/probes
Package probes implements raw-socket TLS probes for legacy protocols.
|
Package probes implements raw-socket TLS probes for legacy protocols. |
|
wellknown
Package wellknown implements checks for files published under the /.well-known/ URI namespace (RFC 8615), starting with security.txt (RFC 9116).
|
Package wellknown implements checks for files published under the /.well-known/ URI namespace (RFC 8615), starting with security.txt (RFC 9116). |
|
Package storage defines the ScanStore abstraction used by the API layer and concrete backends (memory, ristretto, redis).
|
Package storage defines the ScanStore abstraction used by the API layer and concrete backends (memory, ristretto, redis). |
|
memory
Package memory provides an in-process ScanStore backed by patrickmn/go-cache.
|
Package memory provides an in-process ScanStore backed by patrickmn/go-cache. |
|
Package version exposes build-time metadata.
|
Package version exposes build-time metadata. |
|
Package webfs embeds the compiled Astro frontend (web/dist/).
|
Package webfs embeds the compiled Astro frontend (web/dist/). |
Click to show internal directories.
Click to hide internal directories.