Documentation
¶
Index ¶
- Constants
- func CreateURLScanHandler(name string, seclistUrl string, defaultUrls []string, r *report.ScanReport, ...) ...
- func DiscoverableGraphQLPathScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
- func DiscoverableOpenAPIScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
- func ExtractBaseURL(inputURL *url.URL) *url.URL
- func GraphqlIntrospectionScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
- func ServerSignatureScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
Constants ¶
View Source
const ( DiscoverableOpenAPIScanID = "discover.discoverable_openapi" DiscoverableOpenAPIScanName = "Discoverable OpenAPI" DiscoverableOpenAPISeverityLevel = 0 DiscoverableOpenAPIOWASP2023Category = report.OWASP2023SSRFCategory DiscoverableOpenAPIVulnerabilityID = "ssrf.discoverable_openapi" DiscoverableOpenAPIVulnerabilityName = "Discoverable OpenAPI" DiscoverableOpenAPIVulnerabilityURL = "" )
View Source
const ( DiscoverableGraphQLPathScanID = "discover.graphql" DiscoverableGraphQLPathScanName = "Discoverable GraphQL Path" DiscoverableGraphQLPathSeverityLevel = 0 DiscoverableGraphQLPathOWASP2023Category = report.OWASP2023SSRFCategory DiscoverableGraphQLPathVulnerabilityID = "ssrf.graphql_discover_endpoint" DiscoverableGraphQLPathVulnerabilityName = "Discoverable GraphQL Endpoint" DiscoverableGraphQLPathVulnerabilityURL = "" GraphqlIntrospectionScanID = "discover.graphql_introspection" GraphqlIntrospectionScanName = "GraphQL Introspection" GraphqlIntrospectionEnabledSeverityLevel = 0 GraphqlIntrospectionEnabledOWASP2023Category = report.OWASP2023SSRFCategory GraphqlIntrospectionEnabledVulnerabilityID = "ssrf.graphql_introspection_enabled" GraphqlIntrospectionEnabledVulnerabilityName = "GraphQL Introspection enabled" GraphqlIntrospectionEnabledVulnerabilityURL = "https://vulnapi.cerberauth.com/docs/vulnerabilities/security-misconfiguration/graphql-introspection/?utm_source=vulnapi" )
View Source
const ( DiscoverServerSignatureScanID = "discover.server_signature" DiscoverServerSignatureScanName = "Server Signature Discovery" ServerSignatureSeverityLevel = 0 ServerSignatureOWASP2023Category = report.OWASP2023SecurityMisconfigurationCategory ServerSignatureVulnerabilityID = "security_misconfiguration.server_signature" ServerSignatureVulnerabilityName = "Server Signature Exposed" ServerSignatureVulnerabilityURL = "" )
Variables ¶
This section is empty.
Functions ¶
func CreateURLScanHandler ¶ added in v0.4.2
func CreateURLScanHandler(name string, seclistUrl string, defaultUrls []string, r *report.ScanReport, vulnReport *report.VulnerabilityReport) func(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
func DiscoverableGraphQLPathScanHandler ¶ added in v0.4.2
func DiscoverableGraphQLPathScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
func DiscoverableOpenAPIScanHandler ¶
func DiscoverableOpenAPIScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
func GraphqlIntrospectionScanHandler ¶
func GraphqlIntrospectionScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
func ServerSignatureScanHandler ¶
func ServerSignatureScanHandler(operation *request.Operation, securityScheme auth.SecurityScheme) (*report.ScanReport, error)
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.