Documentation
¶
Overview ¶
Package scanners provides scanner implementations for various security tools.
Index ¶
- func CheckInstalled(ctx context.Context, scanner interface{ ... }) (bool, string, error)
- func CodeQL() *codeql.Scanner
- func CodeQLCPP() *codeql.Scanner
- func CodeQLGo() *codeql.Scanner
- func CodeQLJava() *codeql.Scanner
- func CodeQLJavaScript() *codeql.Scanner
- func CodeQLPython() *codeql.Scanner
- func CodeQLWithConfig(opts CodeQLOptions) *codeql.Scanner
- func DNSX() *dnsx.Scanner
- func DNSXARecord() *dnsx.Scanner
- func DNSXFull() *dnsx.Scanner
- func DNSXWithConfig(opts DNSXOptions) *dnsx.Scanner
- func Gitleaks() *gitleaks.Scanner
- func GitleaksWithConfig(opts GitleaksOptions) *gitleaks.Scanner
- func HTTPX() *httpx.Scanner
- func HTTPXBasic() *httpx.Scanner
- func HTTPXFull() *httpx.Scanner
- func HTTPXTech() *httpx.Scanner
- func HTTPXWithConfig(opts HTTPXOptions) *httpx.Scanner
- func Katana() *katana.Scanner
- func KatanaBasic() *katana.Scanner
- func KatanaDeep() *katana.Scanner
- func KatanaHeadless() *katana.Scanner
- func KatanaWithConfig(opts KatanaOptions) *katana.Scanner
- func MustBeInstalled(ctx context.Context, scanner interface{ ... })
- func Naabu() *naabu.Scanner
- func NaabuFull() *naabu.Scanner
- func NaabuTop100() *naabu.Scanner
- func NaabuTop1000() *naabu.Scanner
- func NaabuWeb() *naabu.Scanner
- func NaabuWithConfig(opts NaabuOptions) *naabu.Scanner
- func Nuclei() *nuclei.Scanner
- func NucleiDAST() *nuclei.Scanner
- func NucleiMisconfig() *nuclei.Scanner
- func NucleiTakeover() *nuclei.Scanner
- func NucleiVuln() *nuclei.Scanner
- func NucleiWithConfig(opts NucleiOptions) *nuclei.Scanner
- func Semgrep() *semgrep.Scanner
- func SemgrepWithConfig(opts SemgrepOptions) *semgrep.Scanner
- func Subfinder() *subfinder.Scanner
- func SubfinderAggressive() *subfinder.Scanner
- func SubfinderPassive() *subfinder.Scanner
- func SubfinderWithConfig(opts SubfinderOptions) *subfinder.Scanner
- func Trivy() *trivy.Scanner
- func TrivyConfig() *trivy.Scanner
- func TrivyFS() *trivy.Scanner
- func TrivyFull() *trivy.Scanner
- func TrivyImage() *trivy.Scanner
- func TrivyWithConfig(opts TrivyOptions) *trivy.Scanner
- type CodeQLOptions
- type CodeQLScanner
- type DNSXOptions
- type DNSXScanner
- type GitleaksOptions
- type GitleaksScanner
- type HTTPXOptions
- type HTTPXScanner
- type KatanaOptions
- type KatanaScanner
- type NaabuOptions
- type NaabuScanner
- type NucleiOptions
- type NucleiScanner
- type Registry
- func (r *Registry) GetReconScanner(name string) core.ReconScanner
- func (r *Registry) GetSASTScanner(name string) core.Scanner
- func (r *Registry) GetSCAScanner(name string) core.ScaScanner
- func (r *Registry) GetSecretScanner(name string) core.SecretScanner
- func (r *Registry) ListReconScanners() []string
- func (r *Registry) ListSASTScanners() []string
- func (r *Registry) ListSCAScanners() []string
- func (r *Registry) ListSecretScanners() []string
- func (r *Registry) RegisterReconScanner(scanner core.ReconScanner)
- func (r *Registry) RegisterSASTScanner(scanner core.Scanner)
- func (r *Registry) RegisterSCAScanner(scanner core.ScaScanner)
- func (r *Registry) RegisterSecretScanner(scanner core.SecretScanner)
- type SemgrepOptions
- type SubfinderOptions
- type SubfinderScanner
- type TrivyOptions
- type TrivyScanner
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckInstalled ¶
func CheckInstalled(ctx context.Context, scanner interface { IsInstalled(context.Context) (bool, string, error) }) (bool, string, error)
CheckInstalled checks if a scanner is installed and returns version info.
func CodeQL ¶
CodeQL returns a new CodeQL scanner with default configuration. Note: Language must be set before scanning.
func CodeQLJava ¶
CodeQLJava returns a CodeQL scanner configured for Java analysis.
func CodeQLJavaScript ¶
CodeQLJavaScript returns a CodeQL scanner configured for JavaScript/TypeScript analysis.
func CodeQLPython ¶
CodeQLPython returns a CodeQL scanner configured for Python analysis.
func CodeQLWithConfig ¶
func CodeQLWithConfig(opts CodeQLOptions) *codeql.Scanner
CodeQLWithConfig returns a CodeQL scanner with custom configuration.
func DNSXARecord ¶
DNSXARecord returns a dnsx scanner for A/AAAA records only.
func DNSXWithConfig ¶
func DNSXWithConfig(opts DNSXOptions) *dnsx.Scanner
DNSXWithConfig returns a dnsx scanner with custom configuration.
func GitleaksWithConfig ¶
func GitleaksWithConfig(opts GitleaksOptions) *gitleaks.Scanner
GitleaksWithConfig returns a gitleaks scanner with custom configuration.
func HTTPXBasic ¶
HTTPXBasic returns a basic httpx prober for availability checks.
func HTTPXWithConfig ¶
func HTTPXWithConfig(opts HTTPXOptions) *httpx.Scanner
HTTPXWithConfig returns an httpx scanner with custom configuration.
func KatanaBasic ¶
KatanaBasic returns a basic katana crawler for quick discovery.
func KatanaDeep ¶
KatanaDeep returns a comprehensive katana crawler for thorough discovery.
func KatanaHeadless ¶
KatanaHeadless returns a katana crawler with headless browser support.
func KatanaWithConfig ¶
func KatanaWithConfig(opts KatanaOptions) *katana.Scanner
KatanaWithConfig returns a katana scanner with custom configuration.
func MustBeInstalled ¶
func MustBeInstalled(ctx context.Context, scanner interface { IsInstalled(context.Context) (bool, string, error) Name() string })
MustBeInstalled checks if a scanner is installed and panics if not.
func NaabuTop100 ¶
NaabuTop100 returns a naabu scanner for top 100 ports.
func NaabuTop1000 ¶
NaabuTop1000 returns a naabu scanner for top 1000 ports.
func NaabuWithConfig ¶
func NaabuWithConfig(opts NaabuOptions) *naabu.Scanner
NaabuWithConfig returns a naabu scanner with custom configuration.
func NucleiDAST ¶
NucleiDAST returns a nuclei scanner configured for DAST scanning with safe defaults.
func NucleiMisconfig ¶
NucleiMisconfig returns a nuclei scanner focused on misconfiguration detection.
func NucleiTakeover ¶
NucleiTakeover returns a nuclei scanner focused on subdomain takeover detection.
func NucleiVuln ¶
NucleiVuln returns a nuclei scanner focused on CVE/vulnerability detection.
func NucleiWithConfig ¶
func NucleiWithConfig(opts NucleiOptions) *nuclei.Scanner
NucleiWithConfig returns a nuclei scanner with custom configuration.
func SemgrepWithConfig ¶
func SemgrepWithConfig(opts SemgrepOptions) *semgrep.Scanner
SemgrepWithConfig returns a semgrep scanner with custom configuration.
func SubfinderAggressive ¶
SubfinderAggressive returns a subfinder scanner using all sources.
func SubfinderPassive ¶
SubfinderPassive returns a subfinder scanner configured for passive enumeration.
func SubfinderWithConfig ¶
func SubfinderWithConfig(opts SubfinderOptions) *subfinder.Scanner
SubfinderWithConfig returns a subfinder scanner with custom configuration.
func TrivyConfig ¶
TrivyConfig returns a trivy scanner configured for IaC scanning.
func TrivyFull ¶
TrivyFull returns a trivy scanner that scans for all types (vuln, misconfig, secret).
func TrivyImage ¶
TrivyImage returns a trivy scanner configured for container image scanning.
func TrivyWithConfig ¶
func TrivyWithConfig(opts TrivyOptions) *trivy.Scanner
TrivyWithConfig returns a trivy scanner with custom configuration.
Types ¶
type CodeQLOptions ¶
type CodeQLOptions struct {
Binary string // Path to codeql binary
OutputFile string // Output file path
Timeout time.Duration // Scan timeout
Verbose bool // Enable verbose output
Language string // Target language: go, java, javascript, python, cpp, csharp, ruby, swift
DatabasePath string // Path to CodeQL database (optional)
QueryPacks []string // Query packs to use (default: security-extended)
QueryFiles []string // Specific .ql files to run
Threads int // Number of threads (0 = auto)
RAMPerThread int // RAM per thread in MB (0 = default)
SkipDBCreation bool // Skip database creation (use existing)
}
CodeQLOptions configures the CodeQL scanner.
type CodeQLScanner ¶
CodeQLScanner is a type alias for external package access.
type DNSXOptions ¶
type DNSXOptions struct {
Binary string // Path to dnsx binary
Timeout time.Duration // Scan timeout
Threads int // Concurrency level
Retries int // Number of retries
Resolvers []string // Custom DNS resolvers
RecordTypes []string // DNS record types to query
QueryAll bool // Query all record types
ResponseOnly bool // Output only response values
Verbose bool // Enable verbose output
}
DNSXOptions configures the dnsx scanner.
type DNSXScanner ¶
DNSXScanner is a type alias for external package access.
type GitleaksOptions ¶
type GitleaksOptions struct {
Binary string // Path to gitleaks binary
ConfigFile string // Custom gitleaks config file
OutputFile string // Output file path
Timeout time.Duration // Scan timeout
Verbose bool // Enable verbose output
}
GitleaksOptions configures the gitleaks scanner.
type GitleaksScanner ¶
GitleaksScanner is a type alias for external package access.
type HTTPXOptions ¶
type HTTPXOptions struct {
Binary string // Path to httpx binary
Timeout time.Duration // Scan timeout
Threads int // Concurrency level
RateLimit int // Rate limit per second
FollowRedirects bool // Follow HTTP redirects
MaxRedirects int // Maximum redirects to follow
TechDetect bool // Technology detection
StatusCode bool // Extract status code
Title bool // Extract page title
WebServer bool // Extract web server
CDN bool // CDN detection
Verbose bool // Enable verbose output
}
HTTPXOptions configures the httpx scanner.
type HTTPXScanner ¶
HTTPXScanner is a type alias for external package access.
type KatanaOptions ¶
type KatanaOptions struct {
Binary string // Path to katana binary
Timeout time.Duration // Scan timeout
Concurrency int // Concurrency level
Depth int // Maximum crawl depth
RateLimit int // Rate limit per second
JSCrawl bool // Enable JavaScript crawling
FormFill bool // Enable form filling
Headless bool // Enable headless browser
Scope string // Scope constraint: dn, rdn, fqdn
Verbose bool // Enable verbose output
}
KatanaOptions configures the katana scanner.
type KatanaScanner ¶
KatanaScanner is a type alias for external package access.
type NaabuOptions ¶
type NaabuOptions struct {
Binary string // Path to naabu binary
Timeout time.Duration // Scan timeout
Rate int // Packets per second
Retries int // Number of retries
Ports string // Ports to scan
ScanType string // Scan type: s (SYN), c (Connect)
SkipHostDiscovery bool // Skip host discovery
ServiceVersion bool // Probe for service versions
Verbose bool // Enable verbose output
}
NaabuOptions configures the naabu scanner.
type NaabuScanner ¶
NaabuScanner is a type alias for external package access.
type NucleiOptions ¶
type NucleiOptions struct {
Binary string // Path to nuclei binary
Timeout time.Duration // Scan timeout
Tags []string // Filter templates by tags
ExcludeTags []string // Exclude templates by tags
Severity []string // Filter by severity: critical, high, medium, low, info
Templates []string // Specific templates to use
TemplateDir string // Directory containing templates
RateLimit int // Requests per second
Concurrency int // Number of concurrent templates
Proxy string // HTTP/SOCKS proxy
Headless bool // Enable headless browser
NoInteractsh bool // Disable interactsh server
FollowRedirects bool // Follow redirects
Verbose bool // Enable verbose output
}
NucleiOptions configures the nuclei scanner.
type NucleiScanner ¶
NucleiScanner is a type alias for external package access.
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry manages registered scanners.
func NewRegistry ¶
func NewRegistry() *Registry
NewRegistry creates a new scanner registry with built-in scanners.
func (*Registry) GetReconScanner ¶
func (r *Registry) GetReconScanner(name string) core.ReconScanner
GetReconScanner returns a recon scanner by name.
func (*Registry) GetSASTScanner ¶
GetSASTScanner returns a SAST scanner by name.
func (*Registry) GetSCAScanner ¶
func (r *Registry) GetSCAScanner(name string) core.ScaScanner
GetSCAScanner returns an SCA scanner by name.
func (*Registry) GetSecretScanner ¶
func (r *Registry) GetSecretScanner(name string) core.SecretScanner
GetSecretScanner returns a secret scanner by name.
func (*Registry) ListReconScanners ¶
ListReconScanners returns all registered recon scanner names.
func (*Registry) ListSASTScanners ¶
ListSASTScanners returns all registered SAST scanner names.
func (*Registry) ListSCAScanners ¶
ListSCAScanners returns all registered SCA scanner names.
func (*Registry) ListSecretScanners ¶
ListSecretScanners returns all registered secret scanner names.
func (*Registry) RegisterReconScanner ¶
func (r *Registry) RegisterReconScanner(scanner core.ReconScanner)
RegisterReconScanner adds a recon scanner to the registry.
func (*Registry) RegisterSASTScanner ¶
RegisterSASTScanner adds a SAST scanner to the registry.
func (*Registry) RegisterSCAScanner ¶
func (r *Registry) RegisterSCAScanner(scanner core.ScaScanner)
RegisterSCAScanner adds an SCA scanner to the registry.
func (*Registry) RegisterSecretScanner ¶
func (r *Registry) RegisterSecretScanner(scanner core.SecretScanner)
RegisterSecretScanner adds a secret scanner to the registry.
type SemgrepOptions ¶
type SemgrepOptions struct {
Binary string // Path to semgrep binary
OutputFile string // Output file path
Timeout time.Duration // Scan timeout
Verbose bool // Enable verbose output
Configs []string // Config files or registries (default: ["auto"])
Severities []string // Filter by severity: ERROR, WARNING, INFO
ExcludePaths []string // Paths to exclude
IncludePaths []string // Paths to include
ProEngine bool // Use Semgrep Pro engine
DataflowTrace bool // Enable dataflow traces (default: true)
MaxMemory int // Max memory in MB (0 = no limit)
Jobs int // Number of parallel jobs (0 = auto)
NoGitIgnore bool // Don't respect .gitignore
}
SemgrepOptions configures the semgrep scanner.
type SubfinderOptions ¶
type SubfinderOptions struct {
Binary string // Path to subfinder binary
Timeout time.Duration // Scan timeout
Threads int // Concurrency level
Sources []string // Sources to use
ExcludeSources []string // Sources to exclude
Resolvers []string // Custom DNS resolvers
All bool // Use all sources
Recursive bool // Enable recursive enumeration
Verbose bool // Enable verbose output
}
SubfinderOptions configures the subfinder scanner.
type SubfinderScanner ¶
SubfinderScanner is a type alias for external package access.
type TrivyOptions ¶
type TrivyOptions struct {
Binary string // Path to trivy binary
Timeout time.Duration // Scan timeout
Mode string // Scan mode: fs, config, image, repo
Scanners []string // Scanners: vuln, misconfig, secret, license
Severity []string // Severity filter: CRITICAL, HIGH, MEDIUM, LOW
SkipDirs []string // Directories to skip
SkipFiles []string // Files to skip
CacheDir string // Trivy cache directory
IgnoreUnfixed bool // Ignore unfixed vulnerabilities
SkipDBUpdate bool // Skip vulnerability DB update
OfflineScan bool // Run in offline mode
Verbose bool // Enable verbose output
}
TrivyOptions configures the trivy scanner.
type TrivyScanner ¶
TrivyScanner is a type alias for external package access.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package codeql provides a scanner implementation for GitHub CodeQL.
|
Package codeql provides a scanner implementation for GitHub CodeQL. |
|
Package gitleaks provides a scanner implementation for the Gitleaks secret detection tool.
|
Package gitleaks provides a scanner implementation for the Gitleaks secret detection tool. |
|
recon
|
|
|
dnsx
Package dnsx provides a scanner implementation for the dnsx DNS toolkit.
|
Package dnsx provides a scanner implementation for the dnsx DNS toolkit. |
|
httpx
Package httpx provides a scanner implementation for the httpx HTTP probing tool.
|
Package httpx provides a scanner implementation for the httpx HTTP probing tool. |
|
katana
Package katana provides a scanner implementation for the katana web crawler.
|
Package katana provides a scanner implementation for the katana web crawler. |
|
naabu
Package naabu provides a scanner implementation for the naabu port scanning tool.
|
Package naabu provides a scanner implementation for the naabu port scanning tool. |
|
subfinder
Package subfinder provides a scanner implementation for the subfinder subdomain enumeration tool.
|
Package subfinder provides a scanner implementation for the subfinder subdomain enumeration tool. |
|
Package semgrep provides a scanner implementation for the Semgrep SAST tool.
|
Package semgrep provides a scanner implementation for the Semgrep SAST tool. |
|
Package tenable converts Tenable Nessus / Tenable.sc ".nessus" XML exports into a CTIS report and provides a REST client for launching/exporting scans.
|
Package tenable converts Tenable Nessus / Tenable.sc ".nessus" XML exports into a CTIS report and provides a REST client for launching/exporting scans. |