lib

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package lib implements the scanning phases for the ressrf SSRF fuzzer. Each phase targets a different injection surface: HTTP headers, URL parameters, and protocol-bypass payloads. All phases schedule work onto a shared job queue and report results through a common activity-logging callback.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExecuteHeaderPhase

func ExecuteHeaderPhase(
	urls []string,
	collab string,
	rl *pkg.RateLimiter,
	jobs chan<- func(),
	wg *sync.WaitGroup,
	trackMutex *sync.Mutex,
	trackCounter *int,
	requestTracker map[string]pkg.VulnerabilityMetadata,
	logActivity func(string, string, int, string),
)

ExecuteHeaderPhase enqueues header-injection jobs for each target URL and header vector using both payload formats (with and without an HTTP scheme).

For each generated payload an identifier is allocated (incrementing trackCounter) and corresponding metadata is stored in requestTracker. Each job, when executed, will wait on rl, set the specified header to the payload, send the request, and invoke logActivity with either "ERROR" (on send failure) or "SENT" (on success) including the target URL, status code, and a short detail string.

ExecuteHeaderPhase schedules work onto the provided jobs channel and increments wg for each scheduled job; it does not block waiting for job completion.

func ExecuteParameterPhase

func ExecuteParameterPhase(
	urls []string,
	collab string,
	rl *pkg.RateLimiter,
	jobs chan<- func(),
	wg *sync.WaitGroup,
	trackMutex *sync.Mutex,
	trackCounter *int,
	requestTracker map[string]pkg.VulnerabilityMetadata,
	logActivity func(string, string, int, string),
)

ExecuteParameterPhase constructs and enqueues URL-parameter injection test requests for each input URL.

For each URL this function creates two test variants (one with an explicit "http://" scheme and one without), reserves a unique tracking id while holding trackMutex, records metadata in requestTracker[id] with InjectType "URL Parameter Injection", and increments the provided WaitGroup for each enqueued job. Each job sent to the jobs channel waits on rl before issuing the HTTP request and reports results through logActivity: an "ERROR" entry with status 0 and the error message on failure, or a "SENT" entry with the response status and the message "URL Parameter Phase Vector" on success.

This function does not return a value; it performs side effects on the WaitGroup, trackCounter, requestTracker, and by sending closures to the jobs channel.

func ExecuteProtocolPhase

func ExecuteProtocolPhase(
	urls []string,
	collab string,
	rl *pkg.RateLimiter,
	jobs chan<- func(),
	wg *sync.WaitGroup,
	logActivity func(string, string, int, string),
)

ExecuteProtocolPhase schedules protocol-bypass HTTP request jobs for every combination of the provided URLs and protocol payload templates.

ExecuteProtocolPhase reads payload templates from pkg.PayloadsFile, substitutes `{COLLAB}` and `{COLLAB_URL}` with the provided collab value, and for each resulting payload–URL pair enqueues a job on the provided jobs channel. Each job waits on rl, sends the HTTP request, and reports activity via logActivity. If a request fails it is logged with an "ERROR" activity and not further processed; successful requests are logged as "SENT". When the response body matches pkg.AltProtoRegex the function prints a hit line, appends a findings entry to the file at *pkg.OutDir+"/findings.txt", and logs a vulnerability-identification activity.

If reading pkg.PayloadsFile fails, the function optionally prints a skip message and returns without scheduling any jobs. The function increments wg for each scheduled job and ensures wg.Done() is called when a job completes.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL