Documentation
¶
Overview ¶
Package payloads provides attack payload generation
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation
Index ¶
- type AttackGenerator
- type AuthBypassGenerator
- type BFLAGenerator
- type BOLAGenerator
- type BlindGenerator
- type BlindSettings
- type DataExposureGenerator
- type FuzzRequest
- type Generator
- type GraphQLGenerator
- func (g *GraphQLGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
- func (g *GraphQLGenerator) GenerateCircularFragmentPayloads() []Payload
- func (g *GraphQLGenerator) GenerateDirectivePayloads() []Payload
- func (g *GraphQLGenerator) GenerateFieldSuggestionPayloads() []Payload
- func (g *GraphQLGenerator) Type() string
- type GraphQLSettings
- type IDORGenerator
- type InjectionGenerator
- func (g *InjectionGenerator) ForCommand() *InjectionGenerator
- func (g *InjectionGenerator) ForNoSQLi() *InjectionGenerator
- func (g *InjectionGenerator) ForSQLi() *InjectionGenerator
- func (g *InjectionGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
- func (g *InjectionGenerator) Type() string
- type JWTGenerator
- type LDAPGenerator
- type MassAssignmentGenerator
- type PathTraversalGenerator
- type Payload
- type RateLimitGenerator
- type SSRFGenerator
- type SSTIGenerator
- type XPathGenerator
- type XSSGenerator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttackGenerator ¶
type AttackGenerator interface {
// Generate generates payloads for the given endpoint and parameter
Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
// Type returns the attack type
Type() string
}
AttackGenerator interface for specific attack type generators
type AuthBypassGenerator ¶
type AuthBypassGenerator struct{}
AuthBypassGenerator generates authentication bypass payloads
func NewAuthBypassGenerator ¶
func NewAuthBypassGenerator() *AuthBypassGenerator
NewAuthBypassGenerator creates a new auth bypass generator
func (*AuthBypassGenerator) Type ¶
func (g *AuthBypassGenerator) Type() string
Type returns the attack type
type BFLAGenerator ¶
type BFLAGenerator struct{}
BFLAGenerator generates Broken Function Level Authorization attack payloads
func NewBFLAGenerator ¶
func NewBFLAGenerator() *BFLAGenerator
NewBFLAGenerator creates a new BFLA payload generator
type BOLAGenerator ¶
type BOLAGenerator struct{}
BOLAGenerator generates Broken Object Level Authorization attack payloads
func NewBOLAGenerator ¶
func NewBOLAGenerator() *BOLAGenerator
NewBOLAGenerator creates a new BOLA payload generator
type BlindGenerator ¶
type BlindGenerator struct {
// contains filtered or unexported fields
}
BlindGenerator generates blind/out-of-band attack payloads
func NewBlindGenerator ¶
func NewBlindGenerator(settings BlindSettings) *BlindGenerator
NewBlindGenerator creates a new blind attack generator
func (*BlindGenerator) SetCallbacks ¶
func (g *BlindGenerator) SetCallbacks(httpCallback, dnsCallback string)
SetCallbacks sets the callback URLs
type BlindSettings ¶
type BlindSettings struct {
CallbackHTTP string `yaml:"callback_http" json:"callback_http"`
CallbackDNS string `yaml:"callback_dns" json:"callback_dns"`
}
BlindSettings holds blind attack settings
type DataExposureGenerator ¶
type DataExposureGenerator struct{}
DataExposureGenerator generates payloads for detecting excessive data exposure
func NewDataExposureGenerator ¶
func NewDataExposureGenerator() *DataExposureGenerator
NewDataExposureGenerator creates a new data exposure payload generator
func (*DataExposureGenerator) Generate ¶
Generate generates data exposure test payloads for a parameter
func (*DataExposureGenerator) Type ¶
func (g *DataExposureGenerator) Type() string
Type returns the attack type
type FuzzRequest ¶
type FuzzRequest struct {
Endpoint types.Endpoint
Param *types.Parameter
Payload Payload
Original string
Position string // query, path, header, body
}
FuzzRequest represents a request to be fuzzed
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator orchestrates payload generation for attacks
func NewGenerator ¶
func NewGenerator(provider llm.Provider, config types.AttackSettings, userContext string) *Generator
NewGenerator creates a new payload generator
func (*Generator) GenerateForEndpoint ¶
GenerateForEndpoint generates all applicable payloads for an endpoint
type GraphQLGenerator ¶
type GraphQLGenerator struct {
// contains filtered or unexported fields
}
GraphQLGenerator generates GraphQL-specific attack payloads
func NewGraphQLGenerator ¶
func NewGraphQLGenerator(settings GraphQLSettings) *GraphQLGenerator
NewGraphQLGenerator creates a new GraphQL generator
func (*GraphQLGenerator) GenerateCircularFragmentPayloads ¶
func (g *GraphQLGenerator) GenerateCircularFragmentPayloads() []Payload
GenerateCircularFragmentPayloads generates circular fragment payloads
func (*GraphQLGenerator) GenerateDirectivePayloads ¶
func (g *GraphQLGenerator) GenerateDirectivePayloads() []Payload
GenerateDirectivePayloads generates directive abuse payloads
func (*GraphQLGenerator) GenerateFieldSuggestionPayloads ¶
func (g *GraphQLGenerator) GenerateFieldSuggestionPayloads() []Payload
GenerateFieldSuggestionPayloads generates payloads to discover hidden fields
func (*GraphQLGenerator) Type ¶
func (g *GraphQLGenerator) Type() string
Type returns the attack type
type GraphQLSettings ¶
type GraphQLSettings struct {
MaxDepth int `yaml:"max_depth" json:"max_depth"`
MaxBatchSize int `yaml:"max_batch_size" json:"max_batch_size"`
MaxAliases int `yaml:"max_aliases" json:"max_aliases"`
}
GraphQLSettings holds GraphQL attack settings
type IDORGenerator ¶
type IDORGenerator struct {
// contains filtered or unexported fields
}
IDORGenerator generates IDOR attack payloads
func NewIDORGenerator ¶
func NewIDORGenerator(config types.IDORSettings) *IDORGenerator
NewIDORGenerator creates a new IDOR payload generator
type InjectionGenerator ¶
type InjectionGenerator struct {
// contains filtered or unexported fields
}
InjectionGenerator generates injection attack payloads
func NewInjectionGenerator ¶
func NewInjectionGenerator(config types.InjectionSettings) *InjectionGenerator
NewInjectionGenerator creates a new injection payload generator
func (*InjectionGenerator) ForCommand ¶
func (g *InjectionGenerator) ForCommand() *InjectionGenerator
ForCommand configures for command injection
func (*InjectionGenerator) ForNoSQLi ¶
func (g *InjectionGenerator) ForNoSQLi() *InjectionGenerator
ForNoSQLi configures for NoSQL injection
func (*InjectionGenerator) ForSQLi ¶
func (g *InjectionGenerator) ForSQLi() *InjectionGenerator
ForSQLi configures for SQL injection
func (*InjectionGenerator) Type ¶
func (g *InjectionGenerator) Type() string
Type returns the attack type
type JWTGenerator ¶
type JWTGenerator struct{}
JWTGenerator generates JWT manipulation attack payloads
func NewJWTGenerator ¶
func NewJWTGenerator() *JWTGenerator
NewJWTGenerator creates a new JWT manipulation payload generator
type LDAPGenerator ¶
type LDAPGenerator struct{}
LDAPGenerator generates LDAP injection attack payloads
func NewLDAPGenerator ¶
func NewLDAPGenerator() *LDAPGenerator
NewLDAPGenerator creates a new LDAP injection payload generator
type MassAssignmentGenerator ¶
type MassAssignmentGenerator struct{}
MassAssignmentGenerator generates mass assignment payloads
func NewMassAssignmentGenerator ¶
func NewMassAssignmentGenerator() *MassAssignmentGenerator
NewMassAssignmentGenerator creates a new mass assignment generator
func (*MassAssignmentGenerator) Generate ¶
func (g *MassAssignmentGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
Generate generates mass assignment payloads
func (*MassAssignmentGenerator) Type ¶
func (g *MassAssignmentGenerator) Type() string
Type returns the attack type
type PathTraversalGenerator ¶
type PathTraversalGenerator struct{}
PathTraversalGenerator generates path traversal payloads
func NewPathTraversalGenerator ¶
func NewPathTraversalGenerator() *PathTraversalGenerator
NewPathTraversalGenerator creates a new path traversal generator
func (*PathTraversalGenerator) Generate ¶
func (g *PathTraversalGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
Generate generates path traversal payloads
func (*PathTraversalGenerator) Type ¶
func (g *PathTraversalGenerator) Type() string
Type returns the attack type
type Payload ¶
type Payload struct {
Value string `json:"value"`
Type string `json:"type"`
Category string `json:"category"`
Description string `json:"description"`
Encoding string `json:"encoding,omitempty"` // none, url, base64, etc.
Metadata map[string]string `json:"metadata,omitempty"`
}
Payload represents a single attack payload
type RateLimitGenerator ¶
type RateLimitGenerator struct{}
RateLimitGenerator generates payloads for rate limit testing
func NewRateLimitGenerator ¶
func NewRateLimitGenerator() *RateLimitGenerator
NewRateLimitGenerator creates a new rate limit payload generator
func (*RateLimitGenerator) Type ¶
func (g *RateLimitGenerator) Type() string
Type returns the attack type
type SSRFGenerator ¶
type SSRFGenerator struct{}
SSRFGenerator generates SSRF attack payloads
func NewSSRFGenerator ¶
func NewSSRFGenerator() *SSRFGenerator
NewSSRFGenerator creates a new SSRF payload generator
type SSTIGenerator ¶
type SSTIGenerator struct{}
SSTIGenerator generates Server-Side Template Injection attack payloads
func NewSSTIGenerator ¶
func NewSSTIGenerator() *SSTIGenerator
NewSSTIGenerator creates a new SSTI payload generator
type XPathGenerator ¶
type XPathGenerator struct{}
XPathGenerator generates XPath injection attack payloads
func NewXPathGenerator ¶
func NewXPathGenerator() *XPathGenerator
NewXPathGenerator creates a new XPath injection payload generator
type XSSGenerator ¶
type XSSGenerator struct{}
XSSGenerator generates XSS attack payloads
func NewXSSGenerator ¶
func NewXSSGenerator() *XSSGenerator
NewXSSGenerator creates a new XSS payload generator
Source Files