models

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2026 License: MIT Imports: 0 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthConfig 

type AuthConfig struct {
	Type   string `yaml:"type"`   // bearer|basic|apikey|cookie|oauth2|none
	Token  string `yaml:"token"`  // supports ${ENV_VAR} substitution
	Key    string `yaml:"key"`    // for apikey type
	Header string `yaml:"header"` // for apikey: header name, default X-API-Key
	User   string `yaml:"user"`   // for basic auth
	Pass   string `yaml:"pass"`   // for basic auth
	Cookie string `yaml:"cookie"` // for cookie auth: cookie name=value
}

AuthConfig defines how a role authenticates

type BFLAConfig 

type BFLAConfig struct {
	Enabled           bool     `yaml:"enabled"`
	UnprivilegedRoles []string `yaml:"unprivileged_roles"`
	AdminPathPatterns []string `yaml:"admin_path_patterns"`
	PrivilegedMethods []string `yaml:"privileged_methods"`
}

BFLAConfig configures Broken Function Level Authorization testing

type BOLAConfig 

type BOLAConfig struct {
	Enabled       bool          `yaml:"enabled"`
	AttackerRoles []string      `yaml:"attacker_roles"`
	VictimRoles   []string      `yaml:"victim_roles"`
	Detection     BOLADetection `yaml:"detection"`
	Strategies    []IDStrategy  `yaml:"strategies"`
}

BOLAConfig configures Broken Object Level Authorization testing

type BOLADetection 

type BOLADetection struct {
	SuccessCodes []int    `yaml:"success_codes"` // codes that mean access was granted
	FailureCodes []int    `yaml:"failure_codes"` // codes that mean access was denied
	DataFields   []string `yaml:"data_fields"`   // response fields proving ownership
}

BOLADetection defines how to detect unauthorized access

type BrokenAuthConfig 

type BrokenAuthConfig struct {
	Enabled bool     `yaml:"enabled"`
	Tests   []string `yaml:"tests"` // universal: no_token|invalid_token · bearer: expired_token|wrong_algo_token|malformed_jwt · basic: empty_creds|malformed_basic · apikey: empty_key · cookie: empty_cookie
}

BrokenAuthConfig configures broken authentication testing

type BrokenPropertyConfig 

type BrokenPropertyConfig struct {
	Enabled bool `yaml:"enabled"`
}

BrokenPropertyConfig configures Broken Object Property Level Auth testing. Tests whether authenticated roles can modify privileged fields (e.g., role, is_admin) via PATCH/PUT endpoints.

type DASTScope 

type DASTScope struct {
	IncludeEndpoints []string `yaml:"include_endpoints,omitempty"` // glob patterns; empty = all
	ExcludeEndpoints []string `yaml:"exclude_endpoints,omitempty"` // glob patterns; always deny
	Methods          []string `yaml:"methods,omitempty"`           // HTTP methods; empty = all
}

DASTScope controls which endpoints receive DAST/fuzzing templates.

type DetectionConfig 

type DetectionConfig struct {
	SuccessCodes   []int    `yaml:"success_codes,omitempty"`   // HTTP codes meaning success (default: 200, 201, 202)
	DenialKeywords []string `yaml:"denial_keywords,omitempty"` // body keywords indicating denial (replaces defaults when set)
	CustomDSL      string   `yaml:"custom_dsl,omitempty"`      // full DSL override — replaces auto-generated expression
}

DetectionConfig customizes how apistrike detects auth success/failure in response matchers. Used by BOLA, BFLA, Broken Auth, Broken Property, and Mass Assignment generators.

type IDStrategy 

type IDStrategy struct {
	Type string `yaml:"type"` // role_owned|sequential|uuid_fuzz
}

IDStrategy defines how to generate victim resource IDs

type InjectionConfig 

type InjectionConfig struct {
	Enabled bool           `yaml:"enabled"`
	Types   InjectionTypes `yaml:"types"`
	Targets []string       `yaml:"targets"` // query_params|path_params|body_fields|headers — controls nuclei fuzzing parts
}

───────────────────────────────────────── INJECTION — API8:2023 ───────────────────────────────────────── InjectionConfig configures injection attack testing

type InjectionType 

type InjectionType struct {
	Enabled     bool     `yaml:"enabled"`
	Payloads    []string `yaml:"payloads"`     // inline payload list
	PayloadFile string   `yaml:"payload_file"` // path to payload file (nuclei resolves at scan time)
}

InjectionType holds enabled flag and payloads for one injection type. Payloads can be inline (list of strings) or a file path. Nuclei supports both: inline wordlists and file-based payloads.

Config examples: 

sqli:
  enabled: true
  payloads:            # inline list
    - "' OR 1=1--"
    - "1 UNION SELECT NULL--"

sqli:
  enabled: true
  payload_file: /path/to/sqli-payloads.txt   # file-based

type InjectionTypes 

type InjectionTypes struct {
	SQLi          InjectionType `yaml:"sqli"`
	XSS           InjectionType `yaml:"xss"`
	SSTI          InjectionType `yaml:"ssti"`
	SSRF          InjectionType `yaml:"ssrf"`
	NoSQLi        InjectionType `yaml:"nosqli"`
	CMDi          InjectionType `yaml:"cmdi"`           // command injection via OOB DNS
	OpenRedirect  InjectionType `yaml:"open_redirect"`  // unvalidated redirect params
	PathTraversal InjectionType `yaml:"path_traversal"` // directory traversal / LFI
}

InjectionTypes holds config for each injection type

type MassAssignConfig 

type MassAssignConfig struct {
	Enabled     bool                     `yaml:"enabled"`
	ExtraFields []map[string]interface{} `yaml:"extra_fields"`
}

MassAssignConfig configures mass assignment testing

type MisconfigConfig 

type MisconfigConfig struct {
	Enabled bool     `yaml:"enabled"`
	Checks  []string `yaml:"checks"` // cors_wildcard|security_headers|tls_version|debug_endpoints|error_disclosure
}

MisconfigConfig configures security misconfiguration testing

type Params 

type Params struct {
	Path  map[string]string `yaml:"path"`  // {param} substitutions
	Query map[string]string `yaml:"query"` // ?key=value appended
	Body  map[string]any    `yaml:"body"`  // request body field overrides (supports strings, numbers, lists, booleans)
}

Params holds substitution values for path, query, and body params

type RaceCondConfig 

type RaceCondConfig struct {
	Enabled   bool `yaml:"enabled"`
	RaceCount int  `yaml:"race_count"` // number of simultaneous requests (default 10)
}

RaceCondConfig configures race condition testing. Uses nuclei's gate mechanism (race: true, race-count: N) to send identical simultaneous requests and detect TOCTOU vulnerabilities.

type RateLimitConfig 

type RateLimitConfig struct {
	Enabled            bool                `yaml:"enabled"`
	RequestCount       int                 `yaml:"request_count"`
	SensitiveEndpoints []SensitiveEndpoint `yaml:"sensitive_endpoints"`
}

RateLimitConfig configures rate limit absence testing

type Role 

type Role struct {
	Description    string            `yaml:"description"`
	PrivilegeLevel int               `yaml:"privilege_level"` // 0=none, 100=admin
	Auth           AuthConfig        `yaml:"auth"`
	Headers        map[string]string `yaml:"headers"`
	Owns           map[string]string `yaml:"owns"` // param_name → owned resource ID
}

Role defines an identity used for scanning

type SensitiveEndpoint 

type SensitiveEndpoint struct {
	Path   string `yaml:"path"`
	Method string `yaml:"method"`
}

SensitiveEndpoint is a specific endpoint to test for rate limiting

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.