README
¶
Security Scanner (pkg/core/tools/security_scanner)
The Security Scanner Module performs automated technical security audits on your API.
Key Tool: scan_security
This tool runs a battery of security tests including OWASP Top 10 checks, fuzzing, and authentication auditing.
Features
- OWASP Checks: Validates against common vulnerabilities like Injection, XSS, and Security Misconfiguration.
- Fuzzing: Sends malformed data to endpoints to detect crashes or improper error handling.
- Auth Audit: Checks for weak tokens, missing authorization checks, and privilege escalation risks.
Reports
After every scan, scan_security automatically writes a Markdown report to .falcon/reports/security_report_<timestamp>.md. The report includes a severity summary table and full details for each vulnerability found. A validator confirms the file has content before the tool returns success.
Usage
Use this tool to actively probe your API for vulnerabilities.
Example Prompts
Trigger this tool by asking:
- "Run a security scan on the API."
- "Check the
/auth/loginendpoint for vulnerabilities." - "Perform a fuzz test on the user input fields."
- "Audit the API for OWASP Top 10 issues."
Documentation
¶
Overview ¶
Package security_scanner provides OWASP security scanning and vulnerability detection for ZAP.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateSecurityReport ¶
func GenerateSecurityReport(falconDir string, vulns []Vulnerability, params ScanParams) (string, error)
GenerateSecurityReport persists the vulnerabilities and scan parameters into a Markdown report.
Types ¶
type AuthAuditor ¶
type AuthAuditor struct {
// contains filtered or unexported fields
}
AuthAuditor performs authentication and authorization security audits.
func NewAuthAuditor ¶
func NewAuthAuditor(httpTool *shared.HTTPTool) *AuthAuditor
NewAuthAuditor creates a new auth auditor.
func (*AuthAuditor) AuditAuth ¶
func (a *AuthAuditor) AuditAuth(endpoints map[string]shared.EndpointAnalysis, baseURL, authToken string) ([]Vulnerability, int)
AuditAuth performs authentication and authorization security checks.
type Fuzzer ¶
type Fuzzer struct {
// contains filtered or unexported fields
}
Fuzzer performs input fuzzing with various injection payloads.
func (*Fuzzer) FuzzEndpoints ¶
func (f *Fuzzer) FuzzEndpoints(endpoints map[string]shared.EndpointAnalysis, baseURL string, maxPayload int) ([]Vulnerability, int)
FuzzEndpoints performs fuzzing attacks on endpoints.
type OWASPChecker ¶
type OWASPChecker struct {
// contains filtered or unexported fields
}
OWASPChecker performs OWASP Top 10 security checks.
func NewOWASPChecker ¶
func NewOWASPChecker(httpTool *shared.HTTPTool) *OWASPChecker
NewOWASPChecker creates a new OWASP checker.
func (*OWASPChecker) RunChecks ¶
func (c *OWASPChecker) RunChecks(endpoints map[string]shared.EndpointAnalysis, baseURL string) ([]Vulnerability, int)
RunChecks executes OWASP Top 10 checks on the endpoints.
type ScanParams ¶
type ScanParams struct {
BaseURL string `json:"base_url"` // Base URL of the API
Endpoints []string `json:"endpoints,omitempty"` // Specific endpoints to scan (empty = all)
ScanTypes []string `json:"scan_types,omitempty"` // Types of scans: owasp, fuzz, auth (empty = all)
AuthToken string `json:"auth_token,omitempty"` // Auth token for authenticated endpoints
Depth string `json:"depth,omitempty"` // Scan depth: quick, standard, deep (default: standard)
MaxPayload int `json:"max_payload,omitempty"` // Max payload size for fuzzing (default: 10000)
}
ScanParams defines parameters for security scanning.
type ScanResult ¶
type ScanResult struct {
TotalChecks int `json:"total_checks"`
VulnFound int `json:"vulnerabilities_found"`
Critical int `json:"critical"`
High int `json:"high"`
Medium int `json:"medium"`
Low int `json:"low"`
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
ScanDuration string `json:"scan_duration"`
Summary string `json:"summary"`
ReportPath string `json:"report_path,omitempty"`
}
ScanResult represents the output of a security scan.
type SecurityScannerTool ¶
type SecurityScannerTool struct {
// contains filtered or unexported fields
}
SecurityScannerTool performs comprehensive security scans on APIs.
func NewSecurityScannerTool ¶
func NewSecurityScannerTool(falconDir string, httpTool *shared.HTTPTool) *SecurityScannerTool
NewSecurityScannerTool creates a new security scanner tool.
func (*SecurityScannerTool) Description ¶
func (t *SecurityScannerTool) Description() string
Description returns the tool description.
func (*SecurityScannerTool) Execute ¶
func (t *SecurityScannerTool) Execute(args string) (string, error)
Execute performs the security scan.
func (*SecurityScannerTool) Name ¶
func (t *SecurityScannerTool) Name() string
Name returns the tool name.
func (*SecurityScannerTool) Parameters ¶
func (t *SecurityScannerTool) Parameters() string
Parameters returns the tool parameter description.
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id"`
Title string `json:"title"`
Severity string `json:"severity"` // critical, high, medium, low
Category string `json:"category"` // owasp, auth, injection, etc.
Endpoint string `json:"endpoint"`
Description string `json:"description"`
Evidence string `json:"evidence,omitempty"`
Remediation string `json:"remediation"`
OWASPRef string `json:"owasp_ref,omitempty"`
CWERef string `json:"cwe_ref,omitempty"`
}
Vulnerability represents a security finding.
Source Files