scanners

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 5, 2026 License: GPL-3.0 Imports: 15 Imported by: 0

Documentation

Overview

Package scanners provides scanner implementations for various security tools.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckInstalled

func CheckInstalled(ctx context.Context, scanner interface {
	IsInstalled(context.Context) (bool, string, error)
}) (bool, string, error)

CheckInstalled checks if a scanner is installed and returns version info.

func CodeQL

func CodeQL() *codeql.Scanner

CodeQL returns a new CodeQL scanner with default configuration. Note: Language must be set before scanning.

func CodeQLCPP

func CodeQLCPP() *codeql.Scanner

CodeQLCPP returns a CodeQL scanner configured for C/C++ analysis.

func CodeQLGo

func CodeQLGo() *codeql.Scanner

CodeQLGo returns a CodeQL scanner configured for Go analysis.

func CodeQLJava

func CodeQLJava() *codeql.Scanner

CodeQLJava returns a CodeQL scanner configured for Java analysis.

func CodeQLJavaScript

func CodeQLJavaScript() *codeql.Scanner

CodeQLJavaScript returns a CodeQL scanner configured for JavaScript/TypeScript analysis.

func CodeQLPython

func CodeQLPython() *codeql.Scanner

CodeQLPython returns a CodeQL scanner configured for Python analysis.

func CodeQLWithConfig

func CodeQLWithConfig(opts CodeQLOptions) *codeql.Scanner

CodeQLWithConfig returns a CodeQL scanner with custom configuration.

func DNSX

func DNSX() *dnsx.Scanner

DNSX returns a new dnsx scanner with default configuration.

func DNSXARecord

func DNSXARecord() *dnsx.Scanner

DNSXARecord returns a dnsx scanner for A/AAAA records only.

func DNSXFull

func DNSXFull() *dnsx.Scanner

DNSXFull returns a dnsx scanner for all DNS record types.

func DNSXWithConfig

func DNSXWithConfig(opts DNSXOptions) *dnsx.Scanner

DNSXWithConfig returns a dnsx scanner with custom configuration.

func Gitleaks

func Gitleaks() *gitleaks.Scanner

Gitleaks returns a new gitleaks scanner with default configuration.

func GitleaksWithConfig

func GitleaksWithConfig(opts GitleaksOptions) *gitleaks.Scanner

GitleaksWithConfig returns a gitleaks scanner with custom configuration.

func HTTPX

func HTTPX() *httpx.Scanner

HTTPX returns a new httpx scanner with default configuration.

func HTTPXBasic

func HTTPXBasic() *httpx.Scanner

HTTPXBasic returns a basic httpx prober for availability checks.

func HTTPXFull

func HTTPXFull() *httpx.Scanner

HTTPXFull returns a comprehensive httpx prober with all features.

func HTTPXTech

func HTTPXTech() *httpx.Scanner

HTTPXTech returns an httpx scanner focused on technology detection.

func HTTPXWithConfig

func HTTPXWithConfig(opts HTTPXOptions) *httpx.Scanner

HTTPXWithConfig returns an httpx scanner with custom configuration.

func Katana

func Katana() *katana.Scanner

Katana returns a new katana scanner with default configuration.

func KatanaBasic

func KatanaBasic() *katana.Scanner

KatanaBasic returns a basic katana crawler for quick discovery.

func KatanaDeep

func KatanaDeep() *katana.Scanner

KatanaDeep returns a comprehensive katana crawler for thorough discovery.

func KatanaHeadless

func KatanaHeadless() *katana.Scanner

KatanaHeadless returns a katana crawler with headless browser support.

func KatanaWithConfig

func KatanaWithConfig(opts KatanaOptions) *katana.Scanner

KatanaWithConfig returns a katana scanner with custom configuration.

func MustBeInstalled

func MustBeInstalled(ctx context.Context, scanner interface {
	IsInstalled(context.Context) (bool, string, error)
	Name() string
})

MustBeInstalled checks if a scanner is installed and panics if not.

func Naabu

func Naabu() *naabu.Scanner

Naabu returns a new naabu scanner with default configuration.

func NaabuFull

func NaabuFull() *naabu.Scanner

NaabuFull returns a naabu scanner for all 65535 ports.

func NaabuTop100

func NaabuTop100() *naabu.Scanner

NaabuTop100 returns a naabu scanner for top 100 ports.

func NaabuTop1000

func NaabuTop1000() *naabu.Scanner

NaabuTop1000 returns a naabu scanner for top 1000 ports.

func NaabuWeb

func NaabuWeb() *naabu.Scanner

NaabuWeb returns a naabu scanner for common web ports.

func NaabuWithConfig

func NaabuWithConfig(opts NaabuOptions) *naabu.Scanner

NaabuWithConfig returns a naabu scanner with custom configuration.

func Nuclei

func Nuclei() *nuclei.Scanner

Nuclei returns a new nuclei scanner with default configuration.

func NucleiDAST

func NucleiDAST() *nuclei.Scanner

NucleiDAST returns a nuclei scanner configured for DAST scanning with safe defaults.

func NucleiMisconfig

func NucleiMisconfig() *nuclei.Scanner

NucleiMisconfig returns a nuclei scanner focused on misconfiguration detection.

func NucleiTakeover

func NucleiTakeover() *nuclei.Scanner

NucleiTakeover returns a nuclei scanner focused on subdomain takeover detection.

func NucleiVuln

func NucleiVuln() *nuclei.Scanner

NucleiVuln returns a nuclei scanner focused on CVE/vulnerability detection.

func NucleiWithConfig

func NucleiWithConfig(opts NucleiOptions) *nuclei.Scanner

NucleiWithConfig returns a nuclei scanner with custom configuration.

func Semgrep

func Semgrep() *semgrep.Scanner

Semgrep returns a new semgrep scanner with default configuration.

func SemgrepWithConfig

func SemgrepWithConfig(opts SemgrepOptions) *semgrep.Scanner

SemgrepWithConfig returns a semgrep scanner with custom configuration.

func Subfinder

func Subfinder() *subfinder.Scanner

Subfinder returns a new subfinder scanner with default configuration.

func SubfinderAggressive

func SubfinderAggressive() *subfinder.Scanner

SubfinderAggressive returns a subfinder scanner using all sources.

func SubfinderPassive

func SubfinderPassive() *subfinder.Scanner

SubfinderPassive returns a subfinder scanner configured for passive enumeration.

func SubfinderWithConfig

func SubfinderWithConfig(opts SubfinderOptions) *subfinder.Scanner

SubfinderWithConfig returns a subfinder scanner with custom configuration.

func Trivy

func Trivy() *trivy.Scanner

Trivy returns a new trivy scanner with default configuration (filesystem mode).

func TrivyConfig

func TrivyConfig() *trivy.Scanner

TrivyConfig returns a trivy scanner configured for IaC scanning.

func TrivyFS

func TrivyFS() *trivy.Scanner

TrivyFS returns a trivy scanner configured for filesystem scanning.

func TrivyFull

func TrivyFull() *trivy.Scanner

TrivyFull returns a trivy scanner that scans for all types (vuln, misconfig, secret).

func TrivyImage

func TrivyImage() *trivy.Scanner

TrivyImage returns a trivy scanner configured for container image scanning.

func TrivyWithConfig

func TrivyWithConfig(opts TrivyOptions) *trivy.Scanner

TrivyWithConfig returns a trivy scanner with custom configuration.

Types

type CodeQLOptions

type CodeQLOptions struct {
	Binary         string        // Path to codeql binary
	OutputFile     string        // Output file path
	Timeout        time.Duration // Scan timeout
	Verbose        bool          // Enable verbose output
	Language       string        // Target language: go, java, javascript, python, cpp, csharp, ruby, swift
	DatabasePath   string        // Path to CodeQL database (optional)
	QueryPacks     []string      // Query packs to use (default: security-extended)
	QueryFiles     []string      // Specific .ql files to run
	Threads        int           // Number of threads (0 = auto)
	RAMPerThread   int           // RAM per thread in MB (0 = default)
	SkipDBCreation bool          // Skip database creation (use existing)
}

CodeQLOptions configures the CodeQL scanner.

type CodeQLScanner

type CodeQLScanner = codeql.Scanner

CodeQLScanner is a type alias for external package access.

type DNSXOptions

type DNSXOptions struct {
	Binary       string        // Path to dnsx binary
	Timeout      time.Duration // Scan timeout
	Threads      int           // Concurrency level
	Retries      int           // Number of retries
	Resolvers    []string      // Custom DNS resolvers
	RecordTypes  []string      // DNS record types to query
	QueryAll     bool          // Query all record types
	ResponseOnly bool          // Output only response values
	Verbose      bool          // Enable verbose output
}

DNSXOptions configures the dnsx scanner.

type DNSXScanner

type DNSXScanner = dnsx.Scanner

DNSXScanner is a type alias for external package access.

type GitleaksOptions

type GitleaksOptions struct {
	Binary     string        // Path to gitleaks binary
	ConfigFile string        // Custom gitleaks config file
	OutputFile string        // Output file path
	Timeout    time.Duration // Scan timeout
	Verbose    bool          // Enable verbose output
}

GitleaksOptions configures the gitleaks scanner.

type GitleaksScanner

type GitleaksScanner = gitleaks.Scanner

GitleaksScanner is a type alias for external package access.

type HTTPXOptions

type HTTPXOptions struct {
	Binary          string        // Path to httpx binary
	Timeout         time.Duration // Scan timeout
	Threads         int           // Concurrency level
	RateLimit       int           // Rate limit per second
	FollowRedirects bool          // Follow HTTP redirects
	MaxRedirects    int           // Maximum redirects to follow
	TechDetect      bool          // Technology detection
	StatusCode      bool          // Extract status code
	Title           bool          // Extract page title
	WebServer       bool          // Extract web server
	CDN             bool          // CDN detection
	Verbose         bool          // Enable verbose output
}

HTTPXOptions configures the httpx scanner.

type HTTPXScanner

type HTTPXScanner = httpx.Scanner

HTTPXScanner is a type alias for external package access.

type KatanaOptions

type KatanaOptions struct {
	Binary      string        // Path to katana binary
	Timeout     time.Duration // Scan timeout
	Concurrency int           // Concurrency level
	Depth       int           // Maximum crawl depth
	RateLimit   int           // Rate limit per second
	JSCrawl     bool          // Enable JavaScript crawling
	FormFill    bool          // Enable form filling
	Headless    bool          // Enable headless browser
	Scope       string        // Scope constraint: dn, rdn, fqdn
	Verbose     bool          // Enable verbose output
}

KatanaOptions configures the katana scanner.

type KatanaScanner

type KatanaScanner = katana.Scanner

KatanaScanner is a type alias for external package access.

type NaabuOptions

type NaabuOptions struct {
	Binary            string        // Path to naabu binary
	Timeout           time.Duration // Scan timeout
	Rate              int           // Packets per second
	Retries           int           // Number of retries
	Ports             string        // Ports to scan
	ScanType          string        // Scan type: s (SYN), c (Connect)
	SkipHostDiscovery bool          // Skip host discovery
	ServiceVersion    bool          // Probe for service versions
	Verbose           bool          // Enable verbose output
}

NaabuOptions configures the naabu scanner.

type NaabuScanner

type NaabuScanner = naabu.Scanner

NaabuScanner is a type alias for external package access.

type NucleiOptions

type NucleiOptions struct {
	Binary          string        // Path to nuclei binary
	Timeout         time.Duration // Scan timeout
	Tags            []string      // Filter templates by tags
	ExcludeTags     []string      // Exclude templates by tags
	Severity        []string      // Filter by severity: critical, high, medium, low, info
	Templates       []string      // Specific templates to use
	TemplateDir     string        // Directory containing templates
	RateLimit       int           // Requests per second
	Concurrency     int           // Number of concurrent templates
	Proxy           string        // HTTP/SOCKS proxy
	Headless        bool          // Enable headless browser
	NoInteractsh    bool          // Disable interactsh server
	FollowRedirects bool          // Follow redirects
	Verbose         bool          // Enable verbose output
}

NucleiOptions configures the nuclei scanner.

type NucleiScanner

type NucleiScanner = nuclei.Scanner

NucleiScanner is a type alias for external package access.

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

Registry manages registered scanners.

func NewRegistry

func NewRegistry() *Registry

NewRegistry creates a new scanner registry with built-in scanners.

func (*Registry) GetReconScanner

func (r *Registry) GetReconScanner(name string) core.ReconScanner

GetReconScanner returns a recon scanner by name.

func (*Registry) GetSASTScanner

func (r *Registry) GetSASTScanner(name string) core.Scanner

GetSASTScanner returns a SAST scanner by name.

func (*Registry) GetSCAScanner

func (r *Registry) GetSCAScanner(name string) core.ScaScanner

GetSCAScanner returns an SCA scanner by name.

func (*Registry) GetSecretScanner

func (r *Registry) GetSecretScanner(name string) core.SecretScanner

GetSecretScanner returns a secret scanner by name.

func (*Registry) ListReconScanners

func (r *Registry) ListReconScanners() []string

ListReconScanners returns all registered recon scanner names.

func (*Registry) ListSASTScanners

func (r *Registry) ListSASTScanners() []string

ListSASTScanners returns all registered SAST scanner names.

func (*Registry) ListSCAScanners

func (r *Registry) ListSCAScanners() []string

ListSCAScanners returns all registered SCA scanner names.

func (*Registry) ListSecretScanners

func (r *Registry) ListSecretScanners() []string

ListSecretScanners returns all registered secret scanner names.

func (*Registry) RegisterReconScanner

func (r *Registry) RegisterReconScanner(scanner core.ReconScanner)

RegisterReconScanner adds a recon scanner to the registry.

func (*Registry) RegisterSASTScanner

func (r *Registry) RegisterSASTScanner(scanner core.Scanner)

RegisterSASTScanner adds a SAST scanner to the registry.

func (*Registry) RegisterSCAScanner

func (r *Registry) RegisterSCAScanner(scanner core.ScaScanner)

RegisterSCAScanner adds an SCA scanner to the registry.

func (*Registry) RegisterSecretScanner

func (r *Registry) RegisterSecretScanner(scanner core.SecretScanner)

RegisterSecretScanner adds a secret scanner to the registry.

type SemgrepOptions

type SemgrepOptions struct {
	Binary        string        // Path to semgrep binary
	OutputFile    string        // Output file path
	Timeout       time.Duration // Scan timeout
	Verbose       bool          // Enable verbose output
	Configs       []string      // Config files or registries (default: ["auto"])
	Severities    []string      // Filter by severity: ERROR, WARNING, INFO
	ExcludePaths  []string      // Paths to exclude
	IncludePaths  []string      // Paths to include
	ProEngine     bool          // Use Semgrep Pro engine
	DataflowTrace bool          // Enable dataflow traces (default: true)
	MaxMemory     int           // Max memory in MB (0 = no limit)
	Jobs          int           // Number of parallel jobs (0 = auto)
	NoGitIgnore   bool          // Don't respect .gitignore
}

SemgrepOptions configures the semgrep scanner.

type SubfinderOptions

type SubfinderOptions struct {
	Binary         string        // Path to subfinder binary
	Timeout        time.Duration // Scan timeout
	Threads        int           // Concurrency level
	Sources        []string      // Sources to use
	ExcludeSources []string      // Sources to exclude
	Resolvers      []string      // Custom DNS resolvers
	All            bool          // Use all sources
	Recursive      bool          // Enable recursive enumeration
	Verbose        bool          // Enable verbose output
}

SubfinderOptions configures the subfinder scanner.

type SubfinderScanner

type SubfinderScanner = subfinder.Scanner

SubfinderScanner is a type alias for external package access.

type TrivyOptions

type TrivyOptions struct {
	Binary        string        // Path to trivy binary
	Timeout       time.Duration // Scan timeout
	Mode          string        // Scan mode: fs, config, image, repo
	Scanners      []string      // Scanners: vuln, misconfig, secret, license
	Severity      []string      // Severity filter: CRITICAL, HIGH, MEDIUM, LOW
	SkipDirs      []string      // Directories to skip
	SkipFiles     []string      // Files to skip
	CacheDir      string        // Trivy cache directory
	IgnoreUnfixed bool          // Ignore unfixed vulnerabilities
	SkipDBUpdate  bool          // Skip vulnerability DB update
	OfflineScan   bool          // Run in offline mode
	Verbose       bool          // Enable verbose output
}

TrivyOptions configures the trivy scanner.

type TrivyScanner

type TrivyScanner = trivy.Scanner

TrivyScanner is a type alias for external package access.

Directories

Path Synopsis
Package codeql provides a scanner implementation for GitHub CodeQL.
Package codeql provides a scanner implementation for GitHub CodeQL.
Package gitleaks provides a scanner implementation for the Gitleaks secret detection tool.
Package gitleaks provides a scanner implementation for the Gitleaks secret detection tool.
recon
dnsx
Package dnsx provides a scanner implementation for the dnsx DNS toolkit.
Package dnsx provides a scanner implementation for the dnsx DNS toolkit.
httpx
Package httpx provides a scanner implementation for the httpx HTTP probing tool.
Package httpx provides a scanner implementation for the httpx HTTP probing tool.
katana
Package katana provides a scanner implementation for the katana web crawler.
Package katana provides a scanner implementation for the katana web crawler.
naabu
Package naabu provides a scanner implementation for the naabu port scanning tool.
Package naabu provides a scanner implementation for the naabu port scanning tool.
subfinder
Package subfinder provides a scanner implementation for the subfinder subdomain enumeration tool.
Package subfinder provides a scanner implementation for the subfinder subdomain enumeration tool.
Package semgrep provides a scanner implementation for the Semgrep SAST tool.
Package semgrep provides a scanner implementation for the Semgrep SAST tool.
Package tenable converts Tenable Nessus / Tenable.sc ".nessus" XML exports into a CTIS report and provides a REST client for launching/exporting scans.
Package tenable converts Tenable Nessus / Tenable.sc ".nessus" XML exports into a CTIS report and provides a REST client for launching/exporting scans.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL