scan

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Concurrency int
	IncludeRisk bool
	// EmitAll reports every probed request to onResult, including 401/403 (which
	// are otherwise skipped as "auth enforced"). It does not change which results
	// are flagged Interesting or counted by the basepath-fallback heuristic.
	EmitAll bool
	// AuthHeaders, when non-empty, enables auth-aware scanning: every endpoint is
	// probed twice (without and with these headers) to detect broken access
	// control — operations the spec says need auth that still return data
	// unauthenticated, and endpoints whose response ignores the token entirely.
	AuthHeaders map[string]string
	GenOpts     requestgen.Options
}

Config controls a scan.

type Result

type Result struct {
	Method        string `json:"method"`
	URL           string `json:"url"`
	Path          string `json:"path"`
	Status        int    `json:"status"`
	ContentLength int    `json:"content_length"`
	Interesting   bool   `json:"interesting"`
	// AuthStatus is the status of the authenticated comparison request, set only
	// in auth-aware mode (Status then holds the unauthenticated status).
	AuthStatus int `json:"auth_status,omitempty"`
	// Reasons explains why a result was flagged (e.g. "unauthenticated data",
	// "broken access control", "stack trace"). Empty for uninteresting results.
	Reasons []string          `json:"reasons,omitempty"`
	Secrets []secrets.Finding `json:"secrets,omitempty"`
}

Result is the outcome of probing one generated request.

func Run

func Run(ctx context.Context, client *httpclient.Client, s *spec.Spec, cfg Config, onResult func(Result)) []Result

Run scans a spec and calls onResult for each probed endpoint.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL