Documentation
¶
Overview ¶
Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Concurrency int
IncludeRisk bool
// EmitAll reports every probed request to onResult, including 401/403 (which
// are otherwise skipped as "auth enforced"). It does not change which results
// are flagged Interesting or counted by the basepath-fallback heuristic.
EmitAll bool
// AuthHeaders, when non-empty, enables auth-aware scanning: every endpoint is
// probed twice (without and with these headers) to detect broken access
// control — operations the spec says need auth that still return data
// unauthenticated, and endpoints whose response ignores the token entirely.
AuthHeaders map[string]string
GenOpts requestgen.Options
}
Config controls a scan.
type Result ¶
type Result struct {
Method string `json:"method"`
URL string `json:"url"`
Path string `json:"path"`
Status int `json:"status"`
ContentLength int `json:"content_length"`
Interesting bool `json:"interesting"`
// AuthStatus is the status of the authenticated comparison request, set only
// in auth-aware mode (Status then holds the unauthenticated status).
AuthStatus int `json:"auth_status,omitempty"`
// Reasons explains why a result was flagged (e.g. "unauthenticated data",
// "broken access control", "stack trace"). Empty for uninteresting results.
Reasons []string `json:"reasons,omitempty"`
Secrets []secrets.Finding `json:"secrets,omitempty"`
}
Result is the outcome of probing one generated request.
Click to show internal directories.
Click to hide internal directories.