Documentation
¶
Overview ¶
Package chains provides multi-step attack chain functionality
Package chains provides multi-step attack chain functionality ¶
Package chains provides multi-step attack chain functionality ¶
Package chains provides multi-step attack chain functionality
Index ¶
- Constants
- type AttackChain
- type ChainAnalyzer
- type ChainError
- type ChainResult
- type ChainStep
- type ChainStepResult
- type Condition
- type EndpointEdge
- type EndpointGraph
- func (g *EndpointGraph) AddEndpoint(endpoint types.Endpoint)
- func (g *EndpointGraph) BuildRelationships()
- func (g *EndpointGraph) FindChainCandidates(maxDepth int) [][]string
- func (g *EndpointGraph) GetEdges() []EndpointEdge
- func (g *EndpointGraph) GetEdgesFrom(key string) []EndpointEdge
- func (g *EndpointGraph) GetEdgesTo(key string) []EndpointEdge
- func (g *EndpointGraph) GetNode(key string) *EndpointNode
- type EndpointNode
- type Executor
- type ExecutorConfig
- type Extraction
- type StepPayload
Constants ¶
View Source
const ( PurposePrivilegeEscalation = "privilege_escalation" PurposeDataLeakage = "data_leakage" PurposeAuthBypass = "auth_bypass" PurposeIDOR = "idor" PurposeBOLA = "bola" PurposeBFLA = "bfla" PurposeAccountTakeover = "account_takeover" PurposeMassAssignment = "mass_assignment" )
ChainPurpose constants
View Source
const ( RoleSetup = "setup" // Prepare state for attack RoleAttack = "attack" // Execute the attack RoleVerify = "verify" // Verify attack success RoleCleanup = "cleanup" // Clean up after attack )
ChainRole constants
View Source
const ( ConditionStatusCode = "status_code" ConditionContains = "contains" ConditionMatches = "matches" ConditionExists = "exists" ConditionHeader = "header" ConditionJSON = "json" )
ConditionType constants
View Source
const ( OperatorEq = "eq" OperatorNe = "ne" OperatorGt = "gt" OperatorLt = "lt" OperatorGte = "gte" OperatorLte = "lte" OperatorContains = "contains" OperatorMatches = "matches" )
OperatorType constants
View Source
const ( EdgeTypeDataFlow = "data_flow" EdgeTypeAuthDependency = "auth_dependency" EdgeTypeResourceLifecycle = "resource_lifecycle" EdgeTypeIDOR = "idor_potential" EdgeTypePrivilegeEsc = "privilege_escalation" )
EdgeType constants
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttackChain ¶
type AttackChain struct {
ID string `yaml:"id" json:"id"`
Name string `yaml:"name" json:"name"`
Description string `yaml:"description" json:"description"`
Steps []ChainStep `yaml:"steps" json:"steps"`
Purpose string `yaml:"purpose" json:"purpose"` // privilege_escalation, data_leakage, etc.
Category string `yaml:"category" json:"category"`
Priority string `yaml:"priority" json:"priority"`
Conditions []Condition `yaml:"conditions,omitempty" json:"conditions,omitempty"`
Tags []string `yaml:"tags,omitempty" json:"tags,omitempty"`
}
AttackChain represents a multi-step attack sequence
func NewAttackChain ¶
func NewAttackChain(id, name, purpose string) *AttackChain
NewAttackChain creates a new attack chain
func PredefinedChains ¶
func PredefinedChains() []*AttackChain
PredefinedChains returns commonly used attack chains
func (*AttackChain) AddStep ¶
func (c *AttackChain) AddStep(step ChainStep)
AddStep adds a step to the chain
func (*AttackChain) Validate ¶
func (c *AttackChain) Validate() error
Validate validates the chain configuration
type ChainAnalyzer ¶
type ChainAnalyzer struct {
// contains filtered or unexported fields
}
ChainAnalyzer uses LLM to discover attack chain opportunities
func NewChainAnalyzer ¶
func NewChainAnalyzer(provider llm.Provider) *ChainAnalyzer
NewChainAnalyzer creates a new chain analyzer
func (*ChainAnalyzer) AnalyzeEndpoints ¶
func (ca *ChainAnalyzer) AnalyzeEndpoints(ctx context.Context, endpoints []types.Endpoint) ([]*AttackChain, error)
AnalyzeEndpoints analyzes endpoints and discovers potential attack chains
func (*ChainAnalyzer) GetGraph ¶
func (ca *ChainAnalyzer) GetGraph() *EndpointGraph
GetGraph returns the endpoint graph
type ChainError ¶
ChainError represents a chain-related error
func (*ChainError) Error ¶
func (e *ChainError) Error() string
type ChainResult ¶
type ChainResult struct {
Chain *AttackChain `json:"chain"`
Success bool `json:"success"`
StepResults []ChainStepResult `json:"step_results"`
Findings []types.Finding `json:"findings"`
Variables map[string]string `json:"variables"`
FailedAtStep int `json:"failed_at_step,omitempty"`
Error string `json:"error,omitempty"`
}
ChainResult represents the result of executing a chain
type ChainStep ¶
type ChainStep struct {
ID string `yaml:"id" json:"id"`
Name string `yaml:"name" json:"name"`
Endpoint types.Endpoint `yaml:"endpoint" json:"endpoint"`
Role string `yaml:"role" json:"role"` // setup, attack, verify
ExtractVars []Extraction `yaml:"extract_vars,omitempty" json:"extract_vars,omitempty"`
InjectVars []string `yaml:"inject_vars,omitempty" json:"inject_vars,omitempty"`
Conditions []Condition `yaml:"conditions,omitempty" json:"conditions,omitempty"`
Payloads []StepPayload `yaml:"payloads,omitempty" json:"payloads,omitempty"`
Timeout int `yaml:"timeout,omitempty" json:"timeout,omitempty"` // seconds
Required bool `yaml:"required" json:"required"`
Order int `yaml:"order" json:"order"`
}
ChainStep represents a single step in an attack chain
type ChainStepResult ¶
type ChainStepResult struct {
Step *ChainStep `json:"step"`
Success bool `json:"success"`
Response *types.HTTPResponse `json:"response,omitempty"`
ExtractedVars map[string]string `json:"extracted_vars"`
ConditionsMet bool `json:"conditions_met"`
Error string `json:"error,omitempty"`
}
ChainStepResult represents the result of a single step
type Condition ¶
type Condition struct {
Type string `yaml:"type" json:"type"` // status_code, contains, matches, exists
Field string `yaml:"field" json:"field"`
Operator string `yaml:"operator" json:"operator"` // eq, ne, gt, lt, contains, matches
Value string `yaml:"value" json:"value"`
Negate bool `yaml:"negate,omitempty" json:"negate,omitempty"`
}
Condition defines a condition for execution
type EndpointEdge ¶
type EndpointEdge struct {
From string // source endpoint key
To string // target endpoint key
Type string // data_flow, auth_dependency, resource_lifecycle
Strength float64 // 0.0 - 1.0
}
EndpointEdge represents a relationship between endpoints
type EndpointGraph ¶
type EndpointGraph struct {
// contains filtered or unexported fields
}
EndpointGraph represents relationships between endpoints
func NewEndpointGraph ¶
func NewEndpointGraph() *EndpointGraph
NewEndpointGraph creates a new endpoint graph
func (*EndpointGraph) AddEndpoint ¶
func (g *EndpointGraph) AddEndpoint(endpoint types.Endpoint)
AddEndpoint adds an endpoint to the graph
func (*EndpointGraph) BuildRelationships ¶
func (g *EndpointGraph) BuildRelationships()
BuildRelationships analyzes endpoints and builds relationship edges
func (*EndpointGraph) FindChainCandidates ¶
func (g *EndpointGraph) FindChainCandidates(maxDepth int) [][]string
FindChainCandidates finds potential attack chain paths
func (*EndpointGraph) GetEdges ¶
func (g *EndpointGraph) GetEdges() []EndpointEdge
GetEdges returns all edges
func (*EndpointGraph) GetEdgesFrom ¶
func (g *EndpointGraph) GetEdgesFrom(key string) []EndpointEdge
GetEdgesFrom returns edges starting from a node
func (*EndpointGraph) GetEdgesTo ¶
func (g *EndpointGraph) GetEdgesTo(key string) []EndpointEdge
GetEdgesTo returns edges ending at a node
func (*EndpointGraph) GetNode ¶
func (g *EndpointGraph) GetNode(key string) *EndpointNode
GetNode returns a node by key
type EndpointNode ¶
type EndpointNode struct {
Endpoint types.Endpoint
Key string
ResourceType string // user, order, product, etc.
Operations []string // create, read, update, delete
Parameters []string
DependsOn []string // endpoints this depends on
Provides []string // what this endpoint provides (IDs, tokens)
}
EndpointNode represents an endpoint in the graph
type Executor ¶
type Executor struct {
// contains filtered or unexported fields
}
Executor executes attack chains
func NewExecutor ¶
func NewExecutor(engine *fuzzer.Engine, config ExecutorConfig) *Executor
NewExecutor creates a new chain executor
func (*Executor) Execute ¶
func (e *Executor) Execute(ctx context.Context, chain *AttackChain) *ChainResult
Execute executes a single attack chain
func (*Executor) ExecuteAll ¶
func (e *Executor) ExecuteAll(ctx context.Context, chains []*AttackChain) []*ChainResult
ExecuteAll executes multiple chains
func (*Executor) GetStateTracker ¶
func (e *Executor) GetStateTracker() *fuzzer.StateTracker
GetStateTracker returns the state tracker
type ExecutorConfig ¶
ExecutorConfig holds executor configuration
type Extraction ¶
type Extraction struct {
Name string `yaml:"name" json:"name"`
Type string `yaml:"type" json:"type"` // json, regex, header, cookie
Path string `yaml:"path" json:"path"` // JSONPath or header name
Pattern string `yaml:"pattern" json:"pattern"` // Regex pattern
SaveAs string `yaml:"save_as" json:"save_as"`
Required bool `yaml:"required" json:"required"`
Default string `yaml:"default,omitempty" json:"default,omitempty"`
}
Extraction defines how to extract data from a response
type StepPayload ¶
type StepPayload struct {
Target string `yaml:"target" json:"target"` // Parameter to inject into
Value string `yaml:"value" json:"value"` // Payload value (can include {{vars}})
Type string `yaml:"type" json:"type"` // Attack type
Position string `yaml:"position" json:"position"` // query, path, header, body
}
StepPayload defines a payload to use in a step
Source Files
Click to show internal directories.
Click to hide internal directories.