engine

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2026 License: MIT Imports: 27 Imported by: 0

Documentation

Overview

Package engine runs the fuzzing scan: produces tasks from wordlists and base URLs, runs concurrent workers, applies filters and response modules, and builds the report.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MergeWordlistURLs 

func MergeWordlistURLs(ctx context.Context, urls []string) (tmpPath string, err error)

MergeWordlistURLs fetches each URL, merges all words, removes duplicates (order preserved), writes to a temp file and returns its path.

func ResolveExploreWordlist 

func ResolveExploreWordlist(dir string, result *ExploreAIResult) (wordlistPath string, ok bool)

ResolveExploreWordlist returns the path to a wordlist file in dir that matches the Explore AI recommendation (suggested_wordlist or wordlist_type.txt). Returns ("", false) if no file exists.

func ResolveExploreWordlistDefault 

func ResolveExploreWordlistDefault(result *ExploreAIResult) (pathOrURL string, ok bool)

ResolveExploreWordlistDefault returns the default wordlist URL for the AI-recommended wordlist_type. Used when the user has not set a map or dir.

func ResolveExploreWordlistFromMap 

func ResolveExploreWordlistFromMap(m map[string]string, result *ExploreAIResult) (pathOrURL string, ok bool)

ResolveExploreWordlistFromMap returns the path or URL from the user map for the recommended wordlist type or name. Keys are matched case-insensitively (wordlist_type and basename of suggested_wordlist).

func ResolveExploreWordlistPath 

func ResolveExploreWordlistPath(ctx context.Context, cfg *config.Config, result *ExploreAIResult) (pathOrURL string, ok bool)

ResolveExploreWordlistPath resolves the wordlist path or URL from an Explore AI result, trying merged URLs, single URL, user map, wordlists dir, and default in order. When cfg.Quiet is false, logs merge failures to stdout.

func StatusRangesFromCodes 

func StatusRangesFromCodes(codes []int) []config.StatusRange

StatusRangesFromCodes converts a list of status codes to config.StatusRange slice (each code as Min=Max). Used when applying Explore AI result status codes to the scan filter.

Types

type Engine 

type Engine struct {
	// contains filtered or unexported fields
}

Engine runs the fuzzing scan: enqueues tasks, runs workers, applies filters and modules, builds the report.

func New 

func New(cfg *config.Config) (*Engine, error)

func (*Engine) Run 

func (e *Engine) Run(ctx context.Context) (*Report, error)

Run resolves wordlists, starts worker goroutines, and processes tasks until context is done or stop conditions are met. Returns the report and any error from wordlist resolution or scan setup; context cancellation is not reported as an error.

type ExploreAIResult 

type ExploreAIResult struct {
	WordlistType      string   `json:"wordlist_type"`      // e.g. wordpress, typo3, laravel, generic
	SuggestedWordlist string   `json:"suggested_wordlist"` // e.g. wordpress.txt
	WordlistURL       string   `json:"wordlist_url"`       // single URL; used when wordlist_urls is empty
	WordlistURLs      []string `json:"wordlist_urls"`      // multiple URLs (e.g. nginx + wordpress + fav); tool fetches each, merges and deduplicates, then uses as one payload
	Extensions        []string `json:"extensions"`         // e.g. ["php","html"]
	StatusCodes       []int    `json:"status_codes"`       // e.g. [200,301,302]
	Reasoning         string   `json:"reasoning"`
	SuggestedCommand  string   `json:"suggested_command"` // optional one-liner
	FocusAreas        string   `json:"focus_areas"`       // optional: e.g. "wp-admin, plugin versions, readme.html"
	NextSteps         string   `json:"next_steps"`        // optional: e.g. "consider recursion on /wp-content"
}

ExploreAIResult is the structured recommendation returned by the AI backend for explore-ai mode. The AI receives fingerprint, headers, and response; it returns JSON with wordlist_url or wordlist_urls so PSFuzz can use them as the payload source. Multiple URLs are merged and deduplicated.

func RunExploreAI 

func RunExploreAI(ctx context.Context, cfg *config.Config) (*ExploreAIResult, error)

RunExploreAI probes the base URL, runs fingerprint and headers modules, calls the configured AI backend (openai/ollama/gemini) for a wordlist/payload recommendation, prints the result, and returns the recommendation so the caller can optionally run a scan with the selected wordlist.

type Report 

type Report struct {
	TargetURL      string         `json:"target_url"`
	WordlistSource string         `json:"wordlist_source"`
	WordlistCount  int            `json:"wordlist_count"`
	TotalRequests  int64          `json:"total_requests"`
	Duration       time.Duration  `json:"duration"`
	StartedAt      time.Time      `json:"started_at,omitempty"`
	EndedAt        time.Time      `json:"ended_at,omitempty"`
	StatusCount    map[string]int `json:"status_count"`
	Results        []Result       `json:"results"`
	DiscoveredDirs []string       `json:"discovered_dirs"`
	Modules        []string       `json:"modules,omitempty"`
	ExtractedURLs  []string       `json:"extracted_urls,omitempty"`
	Commandline    string         `json:"commandline,omitempty"`
	// Interrupted is true when the run ended due to context cancellation (signal, -maxtime, -sa, -sf, -se).
	// When true, TotalRequests may be lower than the wordlist size and Results are partial.
	Interrupted bool `json:"interrupted,omitempty"`
	// CancelReason is set when Interrupted is true: "maxtime", "stop_on_status", "stop_on_matches", "stop_on_errors", or "signal_or_parent" (external cancel/SIGINT/SIGTERM).
	CancelReason string `json:"cancel_reason,omitempty"`
}

Report holds scan metadata and all results. Written by output.Write in the requested format (JSON, HTML, etc.).

type Result 

type Result struct {
	URL         string                    `json:"url"`
	StatusCode  int                       `json:"status_code"`
	Status      string                    `json:"status"`
	ContentType string                    `json:"content_type,omitempty"`
	RedirectURL string                    `json:"redirect_url,omitempty"`
	Length      int                       `json:"length"`
	Words       int                       `json:"words"`
	Lines       int                       `json:"lines"`
	TimeMS      int                       `json:"time_ms"`
	Depth       int                       `json:"depth"`
	Timestamp   time.Time                 `json:"timestamp"`
	Truncated   bool                      `json:"truncated,omitempty"`
	Confidence  float64                   `json:"confidence,omitempty"`
	Interesting []string                  `json:"interesting,omitempty"`
	Inputs      map[string]string         `json:"input,omitempty"`
	Position    int                       `json:"position,omitempty"`
	ModuleData  map[string]map[string]any `json:"module_data"`
}

Result is one reported finding: URL, status, metrics, and optional module_data from response analyzers.

type Task 

type Task struct {
	URL      string
	Depth    int
	Values   map[string]string
	Method   string
	Headers  map[string]string
	IsBypass bool
}

Task is a single fuzz request (URL, depth, placeholder values, optional method/headers). Created by the producer and processed by workers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.