Documentation
¶
Overview ¶
Package engine provides the core scan orchestration pipeline.
Index ¶
- type DBMSIdentifierFunc
- type DBMSInfo
- type DetectionResult
- type FingerprintFunc
- type HeuristicDetectorFunc
- type HeuristicResult
- type Parameter
- type ParameterLocation
- type ParameterParser
- type ParameterType
- type ScanConfig
- type ScanResult
- type ScanTarget
- type Scanner
- type ScannerOption
- type Severity
- type Technique
- type TechniqueRequest
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DBMSIdentifierFunc ¶
DBMSIdentifierFunc identifies DBMS from error signatures (fast-path).
type DetectionResult ¶
type DetectionResult struct {
Injectable bool
Confidence float64
Technique string
Payload string
Evidence string
}
DetectionResult indicates whether injection was detected.
type FingerprintFunc ¶
type FingerprintFunc func(ctx context.Context, target *ScanTarget, param *Parameter, baseline *transport.Response, client transport.Client) (*DBMSInfo, error)
FingerprintFunc runs full DBMS fingerprinting probes.
type HeuristicDetectorFunc ¶
type HeuristicDetectorFunc func(ctx context.Context, target *ScanTarget) ([]HeuristicResult, error)
HeuristicDetectorFunc runs heuristic detection on all parameters of a target.
type HeuristicResult ¶
type HeuristicResult struct {
Parameter Parameter
Baseline *transport.Response
CausesError bool
DynamicContent bool
ErrorSignatures map[string][]string
PageRatio float64
IsInjectable bool
}
HeuristicResult contains results of initial heuristic checks for a parameter.
type Parameter ¶
type Parameter struct {
Name string
Value string
Location ParameterLocation
Type ParameterType
}
Parameter represents a single injectable parameter.
type ParameterLocation ¶
type ParameterLocation int
ParameterLocation indicates where a parameter appears in the request.
const ( LocationQuery ParameterLocation = iota LocationBody LocationHeader LocationCookie LocationPath LocationJSON LocationGraphQL LocationXML LocationMultipart )
func (ParameterLocation) String ¶
func (l ParameterLocation) String() string
String returns a human-readable name for the location.
type ParameterParser ¶
ParameterParser extracts parameters from URL/body.
type ParameterType ¶
type ParameterType int
ParameterType indicates the inferred data type of a parameter.
const ( TypeString ParameterType = iota TypeInteger TypeFloat )
type ScanConfig ¶
type ScanConfig struct {
Threads int // Number of concurrent workers (default 10)
Verbose int // Verbosity level 0-3
Techniques []string // Filter: "E" (error), "B" (boolean). Empty = all.
DBMSHint string // DBMS hint to skip fingerprinting
ForceTest bool // Test all params even if heuristics say safe
}
ScanConfig holds configuration for a scan.
func DefaultScanConfig ¶
func DefaultScanConfig() *ScanConfig
DefaultScanConfig returns sensible defaults.
type ScanResult ¶
type ScanResult struct {
Target ScanTarget
Vulnerabilities []Vulnerability
DBMS string
DBMSVersion string
StartTime time.Time
EndTime time.Time
RequestCount int64
Errors []error
}
ScanResult holds the complete result of a scan.
type ScanTarget ¶
type ScanTarget struct {
URL string
Method string
Headers map[string]string
Body string
ContentType string
Cookies map[string]string
Parameters []Parameter
}
ScanTarget represents a single target to scan.
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner orchestrates the full scan pipeline.
func NewScanner ¶
func NewScanner(client transport.Client, config *ScanConfig, opts ...ScannerOption) *Scanner
NewScanner creates a scanner with all components wired up.
func (*Scanner) Scan ¶
func (s *Scanner) Scan(ctx context.Context, target *ScanTarget) (*ScanResult, error)
Scan runs the full pipeline against a target.
Pipeline:
- Parse parameters (if target.Parameters is empty, parse from URL/body)
- Send baseline request
- Run heuristic detection on all parameters
- Filter to potentially injectable parameters
- Run DBMS fingerprinting (use heuristic error signatures as fast-path)
- For each injectable parameter, run techniques via worker pool
- Aggregate results
func (*Scanner) SetProgressCallback ¶
SetProgressCallback sets a function called with status messages.
func (*Scanner) TechniqueNames ¶
TechniqueNames returns the names of all loaded techniques in priority order.
type ScannerOption ¶
type ScannerOption func(*Scanner)
ScannerOption configures a Scanner.
func WithDBMSIdentifier ¶
func WithDBMSIdentifier(fn DBMSIdentifierFunc) ScannerOption
WithDBMSIdentifier sets the fast-path DBMS identification function.
func WithFingerprinter ¶
func WithFingerprinter(fn FingerprintFunc) ScannerOption
WithFingerprinter sets the full DBMS fingerprinting function.
func WithHeuristicDetector ¶
func WithHeuristicDetector(fn HeuristicDetectorFunc) ScannerOption
WithHeuristicDetector sets the heuristic detection function.
func WithParameterParser ¶
func WithParameterParser(fn ParameterParser) ScannerOption
WithParameterParser sets the function used to parse parameters.
func WithTechniques ¶
func WithTechniques(techs ...Technique) ScannerOption
WithTechniques sets the techniques available to the scanner.
type Technique ¶
type Technique interface {
Name() string
Priority() int
Detect(ctx context.Context, req *TechniqueRequest) (*DetectionResult, error)
}
Technique defines a SQL injection detection method.
type TechniqueRequest ¶
type TechniqueRequest struct {
Target *ScanTarget
Parameter *Parameter
Baseline *transport.Response
DBMS string
Client transport.Client
}
TechniqueRequest contains everything needed to test an injection point.
Source Files