scan

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 22, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Concurrency int
	IncludeRisk bool
	// EmitAll reports every probed request to onResult, including 401/403 (which
	// are otherwise skipped as "auth enforced"). It does not change which results
	// are flagged Interesting or counted by the basepath-fallback heuristic.
	EmitAll bool
	GenOpts requestgen.Options
}

Config controls a scan.

type Result

type Result struct {
	Method        string `json:"method"`
	URL           string `json:"url"`
	Path          string `json:"path"`
	Status        int    `json:"status"`
	ContentLength int    `json:"content_length"`
	Interesting   bool   `json:"interesting"`
	// Reasons explains why a result was flagged (e.g. "unauthenticated data",
	// "stack trace", "secret: AWS Access Key ID"). Empty for uninteresting results.
	Reasons []string          `json:"reasons,omitempty"`
	Secrets []secrets.Finding `json:"secrets,omitempty"`
}

Result is the outcome of probing one generated request.

func Run

func Run(ctx context.Context, client *httpclient.Client, s *spec.Spec, cfg Config, onResult func(Result)) []Result

Run scans a spec and calls onResult for each probed endpoint.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL