Documentation
¶
Overview ¶
internal/analysis/auth/ato/analyzer.go
internal/analysis/auth/ato/models.go
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ATOAnalyzer ¶
type ATOAnalyzer struct {
*core.BaseAnalyzer
// contains filtered or unexported fields
}
ATOAnalyzer is a specialized active analyzer that tests login endpoints for account takeover vulnerabilities, such as credential stuffing and username enumeration. It operates by discovering login forms in captured HTTP traffic and replaying them with a list of common credentials.
func NewATOAnalyzer ¶
NewATOAnalyzer creates a new instance of the ATOAnalyzer, loading its configuration and the credential set it will use for testing.
func (*ATOAnalyzer) Analyze ¶
func (a *ATOAnalyzer) Analyze(ctx context.Context, analysisCtx schemas.SessionContext) error
Analyze is the main entry point for the ATO analysis.
type HumanoidProvider ¶
HumanoidProvider defines a simple interface used to check if a SessionContext can provide access to a `humanoid.Humanoid` controller. This allows for optional, graceful integration with the humanoid module for more realistic pauses.
type LoginAttempt ¶
type LoginAttempt struct {
Username string
Password string
CSRFToken string
IsEmailBased bool // Added to track if the username is likely an email
}
LoginAttempt represents a single attempt to authenticate with a username, password, and an optional CSRF token.
func GenerateSprayingPayloads ¶
func GenerateSprayingPayloads(knownUsers []string) []LoginAttempt
GenerateSprayingPayloads creates a strategic list of login attempts designed for password spraying. It pairs a list of known usernames with a curated list of common and seasonal weak passwords. The list is structured to iterate through passwords first to help evade user-specific lockout policies.
type LoginResponse ¶
type LoginResponse struct {
Attempt LoginAttempt
StatusCode int
ResponseBody string
ResponseTimeMs int64
Success bool // Indicates if the primary credentials were valid (even if MFA is required).
IsMFAChallenge bool // Indicates if the successful login triggered an MFA challenge.
IsLockout bool // Indicates if the attempt triggered an account lockout.
IsUserEnumeration bool // Indicates if the response leaks information about the user's validity.
EnumerationDetail string
}
LoginResponse encapsulates the outcome of a single login attempt, providing a structured analysis of the HTTP response.
func AnalyzeResponse ¶
func AnalyzeResponse(attempt LoginAttempt, statusCode int, responseBody string, responseTimeMs int64) LoginResponse
AnalyzeResponse applies a set of heuristics to an HTTP response to determine the semantic outcome of a login attempt. It checks for success, lockout, MFA, and user enumeration by analyzing status codes and keywords in the response body. This function is primarily used by the simpler ATOAdapter.
Source Files