Documentation
¶
Overview ¶
Package payloads provides attack payload generation
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation ¶
Package payloads provides attack payload generation
Index ¶
- type AttackGenerator
- type AuthBypassGenerator
- type BFLAGenerator
- type BOLAGenerator
- type BlindGenerator
- type BlindSettings
- type CORSChecker
- type ContentTypeConfusionGenerator
- type DataExposureGenerator
- type FuzzRequest
- type Generator
- type GraphQLGenerator
- func (g *GraphQLGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
- func (g *GraphQLGenerator) GenerateCircularFragmentPayloads() []Payload
- func (g *GraphQLGenerator) GenerateDirectivePayloads() []Payload
- func (g *GraphQLGenerator) GenerateFieldSuggestionPayloads() []Payload
- func (g *GraphQLGenerator) Type() string
- type GraphQLSettings
- type IDORGenerator
- type InjectionGenerator
- func (g *InjectionGenerator) ForCommand() *InjectionGenerator
- func (g *InjectionGenerator) ForNoSQLi() *InjectionGenerator
- func (g *InjectionGenerator) ForSQLi() *InjectionGenerator
- func (g *InjectionGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
- func (g *InjectionGenerator) Type() string
- type JWTGenerator
- type LDAPGenerator
- type MassAssignmentGenerator
- type MethodTamperingGenerator
- type OpenRedirectGenerator
- type PassiveCheckRunner
- type PassiveChecker
- type PathTraversalGenerator
- type Payload
- type RateLimitChecker
- type RateLimitGenerator
- type SSRFGenerator
- type SSTIGenerator
- type SecurityHeaderChecker
- type XPathGenerator
- type XSSGenerator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttackGenerator ¶
type AttackGenerator interface {
// Generate generates payloads for the given endpoint and parameter
Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
// Type returns the attack type
Type() string
}
AttackGenerator interface for specific attack type generators
type AuthBypassGenerator ¶
type AuthBypassGenerator struct{}
AuthBypassGenerator generates authentication bypass payloads
func NewAuthBypassGenerator ¶
func NewAuthBypassGenerator() *AuthBypassGenerator
NewAuthBypassGenerator creates a new auth bypass generator
func (*AuthBypassGenerator) Type ¶
func (g *AuthBypassGenerator) Type() string
Type returns the attack type
type BFLAGenerator ¶
type BFLAGenerator struct{}
BFLAGenerator generates Broken Function Level Authorization attack payloads
func NewBFLAGenerator ¶
func NewBFLAGenerator() *BFLAGenerator
NewBFLAGenerator creates a new BFLA payload generator
type BOLAGenerator ¶
type BOLAGenerator struct{}
BOLAGenerator generates Broken Object Level Authorization attack payloads
func NewBOLAGenerator ¶
func NewBOLAGenerator() *BOLAGenerator
NewBOLAGenerator creates a new BOLA payload generator
type BlindGenerator ¶
type BlindGenerator struct {
// contains filtered or unexported fields
}
BlindGenerator generates blind/out-of-band attack payloads
func NewBlindGenerator ¶
func NewBlindGenerator(settings BlindSettings) *BlindGenerator
NewBlindGenerator creates a new blind attack generator
func (*BlindGenerator) SetCallbacks ¶
func (g *BlindGenerator) SetCallbacks(httpCallback, dnsCallback string)
SetCallbacks sets the callback URLs
type BlindSettings ¶
type BlindSettings struct {
CallbackHTTP string `yaml:"callback_http" json:"callback_http"`
CallbackDNS string `yaml:"callback_dns" json:"callback_dns"`
}
BlindSettings holds blind attack settings
type CORSChecker ¶ added in v1.3.0
type CORSChecker struct{}
CORSChecker tests for CORS misconfiguration by sending requests with attacker-controlled Origin headers.
func NewCORSChecker ¶ added in v1.3.0
func NewCORSChecker() *CORSChecker
NewCORSChecker creates a new CORS checker.
func (*CORSChecker) Check ¶ added in v1.3.0
func (c *CORSChecker) Check(ctx context.Context, endpoint types.Endpoint, client *http.Client) []types.Finding
Check tests CORS configuration for the endpoint.
func (*CORSChecker) Type ¶ added in v1.3.0
func (c *CORSChecker) Type() string
Type returns the checker type.
type ContentTypeConfusionGenerator ¶ added in v1.3.0
type ContentTypeConfusionGenerator struct{}
ContentTypeConfusionGenerator tests how APIs handle mismatched Content-Type headers. Only targets POST/PUT/PATCH endpoints.
func NewContentTypeConfusionGenerator ¶ added in v1.3.0
func NewContentTypeConfusionGenerator() *ContentTypeConfusionGenerator
NewContentTypeConfusionGenerator creates a new content-type confusion generator.
func (*ContentTypeConfusionGenerator) Generate ¶ added in v1.3.0
func (g *ContentTypeConfusionGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
Generate produces content-type confusion payloads. Sentinel: only runs for the first parameter to avoid duplication.
func (*ContentTypeConfusionGenerator) Type ¶ added in v1.3.0
func (g *ContentTypeConfusionGenerator) Type() string
Type returns the attack type.
type DataExposureGenerator ¶
type DataExposureGenerator struct{}
DataExposureGenerator generates payloads for detecting excessive data exposure
func NewDataExposureGenerator ¶
func NewDataExposureGenerator() *DataExposureGenerator
NewDataExposureGenerator creates a new data exposure payload generator
func (*DataExposureGenerator) Generate ¶
Generate generates data exposure test payloads for a parameter
func (*DataExposureGenerator) Type ¶
func (g *DataExposureGenerator) Type() string
Type returns the attack type
type FuzzRequest ¶
type FuzzRequest struct {
Endpoint types.Endpoint
Param *types.Parameter
Payload Payload
Original string
Position string // query, path, header, body
}
FuzzRequest represents a request to be fuzzed
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator orchestrates payload generation for attacks
func NewGenerator ¶
func NewGenerator(provider llm.Provider, config types.AttackSettings, userContext string) *Generator
NewGenerator creates a new payload generator
func (*Generator) GenerateForEndpoint ¶
GenerateForEndpoint generates all applicable payloads for an endpoint
type GraphQLGenerator ¶
type GraphQLGenerator struct {
// contains filtered or unexported fields
}
GraphQLGenerator generates GraphQL-specific attack payloads
func NewGraphQLGenerator ¶
func NewGraphQLGenerator(settings GraphQLSettings) *GraphQLGenerator
NewGraphQLGenerator creates a new GraphQL generator
func (*GraphQLGenerator) GenerateCircularFragmentPayloads ¶
func (g *GraphQLGenerator) GenerateCircularFragmentPayloads() []Payload
GenerateCircularFragmentPayloads generates circular fragment payloads
func (*GraphQLGenerator) GenerateDirectivePayloads ¶
func (g *GraphQLGenerator) GenerateDirectivePayloads() []Payload
GenerateDirectivePayloads generates directive abuse payloads
func (*GraphQLGenerator) GenerateFieldSuggestionPayloads ¶
func (g *GraphQLGenerator) GenerateFieldSuggestionPayloads() []Payload
GenerateFieldSuggestionPayloads generates payloads to discover hidden fields
func (*GraphQLGenerator) Type ¶
func (g *GraphQLGenerator) Type() string
Type returns the attack type
type GraphQLSettings ¶
type GraphQLSettings struct {
MaxDepth int `yaml:"max_depth" json:"max_depth"`
MaxBatchSize int `yaml:"max_batch_size" json:"max_batch_size"`
MaxAliases int `yaml:"max_aliases" json:"max_aliases"`
}
GraphQLSettings holds GraphQL attack settings
type IDORGenerator ¶
type IDORGenerator struct {
// contains filtered or unexported fields
}
IDORGenerator generates IDOR attack payloads
func NewIDORGenerator ¶
func NewIDORGenerator(config types.IDORSettings) *IDORGenerator
NewIDORGenerator creates a new IDOR payload generator
type InjectionGenerator ¶
type InjectionGenerator struct {
// contains filtered or unexported fields
}
InjectionGenerator generates injection attack payloads
func NewInjectionGenerator ¶
func NewInjectionGenerator(config types.InjectionSettings) *InjectionGenerator
NewInjectionGenerator creates a new injection payload generator
func (*InjectionGenerator) ForCommand ¶
func (g *InjectionGenerator) ForCommand() *InjectionGenerator
ForCommand configures for command injection
func (*InjectionGenerator) ForNoSQLi ¶
func (g *InjectionGenerator) ForNoSQLi() *InjectionGenerator
ForNoSQLi configures for NoSQL injection
func (*InjectionGenerator) ForSQLi ¶
func (g *InjectionGenerator) ForSQLi() *InjectionGenerator
ForSQLi configures for SQL injection
func (*InjectionGenerator) Type ¶
func (g *InjectionGenerator) Type() string
Type returns the attack type
type JWTGenerator ¶
type JWTGenerator struct{}
JWTGenerator generates JWT manipulation attack payloads
func NewJWTGenerator ¶
func NewJWTGenerator() *JWTGenerator
NewJWTGenerator creates a new JWT manipulation payload generator
type LDAPGenerator ¶
type LDAPGenerator struct{}
LDAPGenerator generates LDAP injection attack payloads
func NewLDAPGenerator ¶
func NewLDAPGenerator() *LDAPGenerator
NewLDAPGenerator creates a new LDAP injection payload generator
type MassAssignmentGenerator ¶
type MassAssignmentGenerator struct{}
MassAssignmentGenerator generates mass assignment payloads
func NewMassAssignmentGenerator ¶
func NewMassAssignmentGenerator() *MassAssignmentGenerator
NewMassAssignmentGenerator creates a new mass assignment generator
func (*MassAssignmentGenerator) Generate ¶
func (g *MassAssignmentGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
Generate generates mass assignment payloads
func (*MassAssignmentGenerator) Type ¶
func (g *MassAssignmentGenerator) Type() string
Type returns the attack type
type MethodTamperingGenerator ¶ added in v1.3.0
type MethodTamperingGenerator struct{}
MethodTamperingGenerator generates payloads that attempt to use unauthorized HTTP methods on an endpoint. It also generates method-override header payloads.
func NewMethodTamperingGenerator ¶ added in v1.3.0
func NewMethodTamperingGenerator() *MethodTamperingGenerator
NewMethodTamperingGenerator creates a new method tampering generator.
func (*MethodTamperingGenerator) Generate ¶ added in v1.3.0
func (g *MethodTamperingGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
Generate produces method tampering payloads. Only runs for the first parameter to avoid N*M explosion.
func (*MethodTamperingGenerator) Type ¶ added in v1.3.0
func (g *MethodTamperingGenerator) Type() string
Type returns the attack type.
type OpenRedirectGenerator ¶ added in v1.3.0
type OpenRedirectGenerator struct{}
OpenRedirectGenerator generates payloads for open redirect testing.
func NewOpenRedirectGenerator ¶ added in v1.3.0
func NewOpenRedirectGenerator() *OpenRedirectGenerator
NewOpenRedirectGenerator creates a new open redirect generator.
func (*OpenRedirectGenerator) Generate ¶ added in v1.3.0
Generate produces open redirect payloads only for redirect-like parameters.
func (*OpenRedirectGenerator) Type ¶ added in v1.3.0
func (g *OpenRedirectGenerator) Type() string
Type returns the attack type.
type PassiveCheckRunner ¶ added in v1.3.0
type PassiveCheckRunner struct {
// contains filtered or unexported fields
}
PassiveCheckRunner coordinates multiple PassiveCheckers across endpoints.
func NewPassiveCheckRunner ¶ added in v1.3.0
func NewPassiveCheckRunner() *PassiveCheckRunner
NewPassiveCheckRunner creates a new runner with no checkers registered.
func (*PassiveCheckRunner) Register ¶ added in v1.3.0
func (r *PassiveCheckRunner) Register(checker PassiveChecker)
Register adds a passive checker.
type PassiveChecker ¶ added in v1.3.0
type PassiveChecker interface {
// Check runs the passive check against the endpoint and returns findings.
Check(ctx context.Context, endpoint types.Endpoint, client *http.Client) []types.Finding
// Type returns the checker identifier.
Type() string
}
PassiveChecker runs endpoint-level checks that don't fit the per-parameter AttackGenerator model. Each checker sends real HTTP requests and produces findings directly.
type PathTraversalGenerator ¶
type PathTraversalGenerator struct{}
PathTraversalGenerator generates path traversal payloads
func NewPathTraversalGenerator ¶
func NewPathTraversalGenerator() *PathTraversalGenerator
NewPathTraversalGenerator creates a new path traversal generator
func (*PathTraversalGenerator) Generate ¶
func (g *PathTraversalGenerator) Generate(endpoint types.Endpoint, param *types.Parameter) []Payload
Generate generates path traversal payloads
func (*PathTraversalGenerator) Type ¶
func (g *PathTraversalGenerator) Type() string
Type returns the attack type
type Payload ¶
type Payload struct {
Value string `json:"value"`
Type string `json:"type"`
Category string `json:"category"`
Description string `json:"description"`
Encoding string `json:"encoding,omitempty"` // none, url, base64, etc.
Metadata map[string]string `json:"metadata,omitempty"`
}
Payload represents a single attack payload
type RateLimitChecker ¶ added in v1.3.0
type RateLimitChecker struct{}
RateLimitChecker sends rapid requests to detect missing rate limiting.
func NewRateLimitChecker ¶ added in v1.3.0
func NewRateLimitChecker() *RateLimitChecker
NewRateLimitChecker creates a new rate limit checker.
func (*RateLimitChecker) Check ¶ added in v1.3.0
func (c *RateLimitChecker) Check(ctx context.Context, endpoint types.Endpoint, client *http.Client) []types.Finding
Check sends a burst of requests and looks for rate-limit indicators.
func (*RateLimitChecker) Type ¶ added in v1.3.0
func (c *RateLimitChecker) Type() string
Type returns the checker type.
type RateLimitGenerator ¶
type RateLimitGenerator struct{}
RateLimitGenerator generates payloads for rate limit testing
func NewRateLimitGenerator ¶
func NewRateLimitGenerator() *RateLimitGenerator
NewRateLimitGenerator creates a new rate limit payload generator
func (*RateLimitGenerator) Type ¶
func (g *RateLimitGenerator) Type() string
Type returns the attack type
type SSRFGenerator ¶
type SSRFGenerator struct{}
SSRFGenerator generates SSRF attack payloads
func NewSSRFGenerator ¶
func NewSSRFGenerator() *SSRFGenerator
NewSSRFGenerator creates a new SSRF payload generator
type SSTIGenerator ¶
type SSTIGenerator struct{}
SSTIGenerator generates Server-Side Template Injection attack payloads
func NewSSTIGenerator ¶
func NewSSTIGenerator() *SSTIGenerator
NewSSTIGenerator creates a new SSTI payload generator
type SecurityHeaderChecker ¶ added in v1.3.0
type SecurityHeaderChecker struct{}
SecurityHeaderChecker sends a baseline request and checks for missing API-relevant security headers. It produces at most one aggregated finding per endpoint listing all missing headers.
func NewSecurityHeaderChecker ¶ added in v1.3.0
func NewSecurityHeaderChecker() *SecurityHeaderChecker
NewSecurityHeaderChecker creates a new security header checker.
func (*SecurityHeaderChecker) Check ¶ added in v1.3.0
func (c *SecurityHeaderChecker) Check(ctx context.Context, endpoint types.Endpoint, client *http.Client) []types.Finding
Check makes a baseline request and evaluates security headers.
func (*SecurityHeaderChecker) Type ¶ added in v1.3.0
func (c *SecurityHeaderChecker) Type() string
Type returns the checker type.
type XPathGenerator ¶
type XPathGenerator struct{}
XPathGenerator generates XPath injection attack payloads
func NewXPathGenerator ¶
func NewXPathGenerator() *XPathGenerator
NewXPathGenerator creates a new XPath injection payload generator
type XSSGenerator ¶
type XSSGenerator struct{}
XSSGenerator generates XSS attack payloads
func NewXSSGenerator ¶
func NewXSSGenerator() *XSSGenerator
NewXSSGenerator creates a new XSS payload generator
Source Files