Documentation
¶
Overview ¶
Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Concurrency int
IncludeRisk bool
// EmitAll reports every probed request to onResult, including 401/403 (which
// are otherwise skipped as "auth enforced"). It does not change which results
// are flagged Interesting or counted by the basepath-fallback heuristic.
EmitAll bool
GenOpts requestgen.Options
}
Config controls a scan.
type Result ¶
type Result struct {
Method string `json:"method"`
URL string `json:"url"`
Path string `json:"path"`
Status int `json:"status"`
ContentLength int `json:"content_length"`
Interesting bool `json:"interesting"`
// Reasons explains why a result was flagged (e.g. "unauthenticated data",
// "stack trace", "secret: AWS Access Key ID"). Empty for uninteresting results.
Reasons []string `json:"reasons,omitempty"`
Secrets []secrets.Finding `json:"secrets,omitempty"`
}
Result is the outcome of probing one generated request.
Click to show internal directories.
Click to hide internal directories.