Documentation
¶
Index ¶
- func Register(name string, factory func(*Config) Analyzer)
- func Run(ctx context.Context, analyzers []Analyzer, in Input) map[string]map[string]any
- type AIAnalyzer
- type Analyzer
- type AuthAnalyzer
- type CORSAnalyzer
- type Config
- type FingerprintAnalyzer
- type HeadersAnalyzer
- type Input
- type LinksAnalyzer
- type Output
- type SecretsAnalyzer
- type URLExtractAnalyzer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AIAnalyzer ¶
AIAnalyzer sends a truncated response body to an AI backend (openai, ollama, gemini) and returns a short verdict. Uses the shared llm package; provider and API key from config (openai: OPENAI_API_KEY; gemini: GEMINI_API_KEY or GOOGLE_API_KEY; ollama: usually no key). When the API key is missing or the API call fails, the module returns structured error info in Data ("skipped" or "error"/"message") so reports show the reason.
func (AIAnalyzer) Name ¶
func (AIAnalyzer) Name() string
type Analyzer ¶
Analyzer is the interface for response-analysis modules (fingerprint, CORS, AI, etc.).
type AuthAnalyzer ¶
type AuthAnalyzer struct{}
AuthAnalyzer detects auth-related responses: login/logout forms, 401/302 to login, "session expired" / "please log in" text, and cookie-based auth hints (Set-Cookie). Helps prioritize auth flows for testing.
func (AuthAnalyzer) Name ¶
func (AuthAnalyzer) Name() string
type CORSAnalyzer ¶
type CORSAnalyzer struct{}
CORSAnalyzer reads CORS-related headers from the response and reports findings. It does not send a separate request with Origin; it only inspects the current response.
func (CORSAnalyzer) Name ¶
func (CORSAnalyzer) Name() string
type Config ¶
type Config struct {
// Modules is the list of enabled response-analysis module names (e.g. fingerprint,cors,ai,urlextract,links).
Modules []string
// AIPrompt is the custom prompt for the AI module; placeholders: {{status}}, {{method}}, {{url}}, {{body}}. Empty = default.
AIPrompt string
// AIProvider is the AI backend for the ai module: openai | ollama | gemini. Default openai.
AIProvider string
// AIEndpoint overrides the API base URL (e.g. http://localhost:11434 for Ollama).
AIEndpoint string
// AIModel overrides the model name (default per provider: gpt-4o-mini, llama3.1, gemini-1.5-flash).
AIModel string
// AIMaxTokens is the max tokens for the AI module response (0 = use default 150).
AIMaxTokens int
// EnqueueModuleUrls is a comma-separated list of module names whose "urls" output is queued for scanning (e.g. urlextract,links).
EnqueueModuleUrls string
// ExtractedURLsFile, if set, is the path where all extracted URLs (from any module with "urls" output) are written, one per line.
ExtractedURLsFile string
}
Config holds all module-related settings. Kept in the modules package so the module system stays separate from the main config; the main config only embeds or references this struct.
type FingerprintAnalyzer ¶
type FingerprintAnalyzer struct{}
FingerprintAnalyzer detects technologies from response headers and body.
func (FingerprintAnalyzer) Name ¶
func (FingerprintAnalyzer) Name() string
type HeadersAnalyzer ¶
type HeadersAnalyzer struct{}
HeadersAnalyzer evaluates security-related response headers and flags missing or weak values. Covers: Content-Security-Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, and Set-Cookie (Secure, HttpOnly).
func (HeadersAnalyzer) Name ¶
func (HeadersAnalyzer) Name() string
type Input ¶
type Input struct {
URL string
Method string
StatusCode int
Headers map[string]string
Body string
ContentType string
Length int
Words int
Lines int
}
Input holds the request/response data passed to analyzers. Kept independent of engine so modules do not depend on engine or httpx.
type LinksAnalyzer ¶
type LinksAnalyzer struct{}
LinksAnalyzer extracts links from HTML (href, action, src), resolves them against the request URL, deduplicates and returns them in module output. Output is stored in report.ModuleData["links"]["urls"] ([]string). Use with -enqueue-module-urls links to enqueue discovered URLs into the scan queue.
func (LinksAnalyzer) Name ¶
func (LinksAnalyzer) Name() string
type Output ¶
Output is the result of one analyzer. Data is module-specific (e.g. "technologies": ["nginx","php"]).
type SecretsAnalyzer ¶
type SecretsAnalyzer struct{}
SecretsAnalyzer scans response body and headers for common secret/key patterns. Reports potential leaks: AWS keys, JWTs, GitHub/Slack tokens, password= in response, etc. Findings are type labels only; no secret values are stored.
func (SecretsAnalyzer) Name ¶
func (SecretsAnalyzer) Name() string
type URLExtractAnalyzer ¶
type URLExtractAnalyzer struct{}
URLExtractAnalyzer parses URLs from the response body and Location header, deduplicates and normalizes them, and returns them in module output. Output is stored per result in report.ModuleData["urlextract"]["urls"] ([]string).
func (URLExtractAnalyzer) Name ¶
func (URLExtractAnalyzer) Name() string
Source Files