auth

package
v0.0.0-...-d1533f9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

pkg/auth/crawlers.go

pkg/auth/discovery_engine.go

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIKeyEndpoints 

type APIKeyEndpoints struct {
	HeaderName string   `json:"header_name,omitempty"`
	QueryParam string   `json:"query_param,omitempty"`
	CookieName string   `json:"cookie_name,omitempty"`
	Endpoints  []string `json:"endpoints,omitempty"`
	Format     string   `json:"format,omitempty"`
}

type AuthCrawler 

type AuthCrawler interface {
	Crawl(ctx context.Context, target string) (*AuthEndpoints, error)
	Name() string
}

AuthCrawler interface for protocol-specific crawlers

type AuthDiscoveryEngine 

type AuthDiscoveryEngine struct {
	// contains filtered or unexported fields
}

AuthDiscoveryEngine discovers all authentication mechanisms for a target

func NewAuthDiscoveryEngine 

func NewAuthDiscoveryEngine(discoveryConfig DiscoveryConfig, log *logger.Logger) *AuthDiscoveryEngine

NewAuthDiscoveryEngine creates a new auth discovery engine

func (*AuthDiscoveryEngine) DiscoverAllAuth 

func (e *AuthDiscoveryEngine) DiscoverAllAuth(ctx context.Context, target string) (*AuthInventory, error)

DiscoverAllAuth discovers all authentication mechanisms for a target

func (*AuthDiscoveryEngine) RegisterCrawler 

func (e *AuthDiscoveryEngine) RegisterCrawler(name string, crawler AuthCrawler)

RegisterCrawler registers an auth crawler

type AuthDiscoveryResult 

type AuthDiscoveryResult struct {
	Target   string                `json:"target"`
	SAML     *SAMLEndpointInfo     `json:"saml,omitempty"`
	OAuth2   *OAuth2EndpointInfo   `json:"oauth2,omitempty"`
	WebAuthn *WebAuthnEndpointInfo `json:"webauthn,omitempty"`
}

AuthDiscoveryResult contains discovered authentication information

type AuthEndpoints 

type AuthEndpoints struct {
	Type      string
	Endpoints map[string]interface{}
}

type AuthInventory 

type AuthInventory struct {
	Target       string                 `json:"target"`
	SAML         *SAMLEndpoints         `json:"saml,omitempty"`
	OAuth2       *OAuth2Endpoints       `json:"oauth2,omitempty"`
	OIDC         *OIDCEndpoints         `json:"oidc,omitempty"`
	WebAuthn     *WebAuthnEndpoints     `json:"webauthn,omitempty"`
	LDAP         *LDAPEndpoints         `json:"ldap,omitempty"`
	Kerberos     *KerberosEndpoints     `json:"kerberos,omitempty"`
	RADIUS       *RADIUSEndpoints       `json:"radius,omitempty"`
	APIKeys      *APIKeyEndpoints       `json:"api_keys,omitempty"`
	JWT          *JWTEndpoints          `json:"jwt,omitempty"`
	Basic        *BasicAuthEndpoints    `json:"basic,omitempty"`
	Digest       *DigestAuthEndpoints   `json:"digest,omitempty"`
	Certificate  *CertAuthEndpoints     `json:"certificate,omitempty"`
	Custom       *CustomAuthEndpoints   `json:"custom,omitempty"`
	Forms        []FormEndpoint         `json:"forms,omitempty"`
	Headers      map[string]string      `json:"auth_headers,omitempty"`
	Cookies      map[string]string      `json:"auth_cookies,omitempty"`
	DiscoveredAt time.Time              `json:"discovered_at"`
	Metadata     map[string]interface{} `json:"metadata,omitempty"`
}

AuthInventory contains all discovered authentication mechanisms

type BasicAuthEndpoints 

type BasicAuthEndpoints struct {
	Endpoints []string `json:"endpoints,omitempty"`
	Realm     string   `json:"realm,omitempty"`
}

type CertAuthEndpoints 

type CertAuthEndpoints struct {
	Endpoints        []string `json:"endpoints,omitempty"`
	ClientCertHeader string   `json:"client_cert_header,omitempty"`
	CAInfo           string   `json:"ca_info,omitempty"`
}

type CustomAuthEndpoints 

type CustomAuthEndpoints struct {
	Type        string   `json:"type,omitempty"`
	Endpoints   []string `json:"endpoints,omitempty"`
	Headers     []string `json:"headers,omitempty"`
	Description string   `json:"description,omitempty"`
}

type DigestAuthEndpoints 

type DigestAuthEndpoints struct {
	Endpoints []string `json:"endpoints,omitempty"`
	Realm     string   `json:"realm,omitempty"`
	Qop       string   `json:"qop,omitempty"`
	Algorithm string   `json:"algorithm,omitempty"`
}

type Discovery 

type Discovery struct{}

Discovery handles authentication endpoint discovery

func NewDiscovery 

func NewDiscovery() *Discovery

NewDiscovery creates a new authentication discovery instance

func (*Discovery) DiscoverAuth 

func (d *Discovery) DiscoverAuth(ctx context.Context, target string) (*AuthDiscoveryResult, error)

DiscoverAuth discovers authentication endpoints and methods for a target

type DiscoveryConfig 

type DiscoveryConfig struct {
	EnablePortScan    bool
	EnableWebCrawl    bool
	EnableMLDetection bool
	MaxDepth          int
	Timeout           time.Duration
	UserAgent         string
}

DiscoveryConfig contains configuration for auth discovery

type FormCrawler 

type FormCrawler struct {
	// contains filtered or unexported fields
}

FormCrawler discovers form-based authentication

func NewFormCrawler 

func NewFormCrawler(log *logger.Logger) *FormCrawler

func (*FormCrawler) Crawl 

func (c *FormCrawler) Crawl(ctx context.Context, target string) (*AuthEndpoints, error)

func (*FormCrawler) Name 

func (c *FormCrawler) Name() string

type FormEndpoint 

type FormEndpoint struct {
	URL           string            `json:"url"`
	Method        string            `json:"method"`
	UsernameField string            `json:"username_field,omitempty"`
	PasswordField string            `json:"password_field,omitempty"`
	OtherFields   map[string]string `json:"other_fields,omitempty"`
	SubmitValue   string            `json:"submit_value,omitempty"`
	FormAction    string            `json:"form_action,omitempty"`
}

type JWTEndpoints 

type JWTEndpoints struct {
	LoginURL      string   `json:"login_url,omitempty"`
	RefreshURL    string   `json:"refresh_url,omitempty"`
	ValidateURL   string   `json:"validate_url,omitempty"`
	Algorithm     string   `json:"algorithm,omitempty"`
	TokenLocation string   `json:"token_location,omitempty"`
	HeaderName    string   `json:"header_name,omitempty"`
	CookieName    string   `json:"cookie_name,omitempty"`
	Claims        []string `json:"claims,omitempty"`
}

type KerberosEndpoints 

type KerberosEndpoints struct {
	KDCHost   string `json:"kdc_host,omitempty"`
	KDCPort   int    `json:"kdc_port,omitempty"`
	Realm     string `json:"realm,omitempty"`
	AdminHost string `json:"admin_host,omitempty"`
	AdminPort int    `json:"admin_port,omitempty"`
}

type LDAPEndpoints 

type LDAPEndpoints struct {
	Host         string `json:"host,omitempty"`
	Port         int    `json:"port,omitempty"`
	TLS          bool   `json:"tls"`
	BaseDN       string `json:"base_dn,omitempty"`
	BindDN       string `json:"bind_dn,omitempty"`
	SearchFilter string `json:"search_filter,omitempty"`
}

type OAuth2Crawler 

type OAuth2Crawler struct {
	// contains filtered or unexported fields
}

OAuth2Crawler discovers OAuth2 endpoints

func NewOAuth2Crawler 

func NewOAuth2Crawler(log *logger.Logger) *OAuth2Crawler

func (*OAuth2Crawler) Crawl 

func (c *OAuth2Crawler) Crawl(ctx context.Context, target string) (*AuthEndpoints, error)

func (*OAuth2Crawler) Name 

func (c *OAuth2Crawler) Name() string

type OAuth2EndpointInfo 

type OAuth2EndpointInfo struct {
	AuthorizeURL string `json:"authorize_url"`
	TokenURL     string `json:"token_url"`
	UserInfoURL  string `json:"userinfo_url"`
}

OAuth2EndpointInfo contains OAuth2 endpoint information

type OAuth2Endpoints 

type OAuth2Endpoints struct {
	AuthorizationURL string   `json:"authorization_url,omitempty"`
	TokenURL         string   `json:"token_url,omitempty"`
	RevokeURL        string   `json:"revoke_url,omitempty"`
	IntrospectURL    string   `json:"introspect_url,omitempty"`
	UserInfoURL      string   `json:"userinfo_url,omitempty"`
	Scopes           []string `json:"scopes,omitempty"`
	GrantTypes       []string `json:"grant_types,omitempty"`
	ResponseTypes    []string `json:"response_types,omitempty"`
}

type OIDCCrawler 

type OIDCCrawler struct {
	// contains filtered or unexported fields
}

OIDCCrawler discovers OpenID Connect endpoints

func NewOIDCCrawler 

func NewOIDCCrawler(log *logger.Logger) *OIDCCrawler

func (*OIDCCrawler) Crawl 

func (c *OIDCCrawler) Crawl(ctx context.Context, target string) (*AuthEndpoints, error)

func (*OIDCCrawler) Name 

func (c *OIDCCrawler) Name() string

type OIDCEndpoints 

type OIDCEndpoints struct {
	ConfigurationURL string           `json:"configuration_url,omitempty"`
	JWKSURL          string           `json:"jwks_url,omitempty"`
	Issuer           string           `json:"issuer,omitempty"`
	OAuth2           *OAuth2Endpoints `json:"oauth2,omitempty"`
}

type PortScanner 

type PortScanner struct {
	// contains filtered or unexported fields
}

PortScanner performs port scanning for auth services

func NewPortScanner 

func NewPortScanner(timeout time.Duration, logger *logger.Logger) *PortScanner

NewPortScanner creates a new port scanner

type RADIUSEndpoints 

type RADIUSEndpoints struct {
	Host   string `json:"host,omitempty"`
	Port   int    `json:"port,omitempty"`
	Secret string `json:"secret_hint,omitempty"`
}

type SAMLCrawler 

type SAMLCrawler struct {
	// contains filtered or unexported fields
}

SAMLCrawler discovers SAML endpoints

func NewSAMLCrawler 

func NewSAMLCrawler(log *logger.Logger) *SAMLCrawler

func (*SAMLCrawler) Crawl 

func (c *SAMLCrawler) Crawl(ctx context.Context, target string) (*AuthEndpoints, error)

func (*SAMLCrawler) Name 

func (c *SAMLCrawler) Name() string

type SAMLEndpointInfo 

type SAMLEndpointInfo struct {
	MetadataURL string `json:"metadata_url"`
	SSOUrl      string `json:"sso_url"`
	EntityID    string `json:"entity_id"`
}

SAMLEndpointInfo contains SAML endpoint information

type SAMLEndpoints 

type SAMLEndpoints struct {
	MetadataURL  string   `json:"metadata_url,omitempty"`
	SSOUrl       string   `json:"sso_url,omitempty"`
	SLOUrl       string   `json:"slo_url,omitempty"`
	EntityID     string   `json:"entity_id,omitempty"`
	IdPUrls      []string `json:"idp_urls,omitempty"`
	SPUrls       []string `json:"sp_urls,omitempty"`
	AssertionURL string   `json:"assertion_url,omitempty"`
	X509Cert     string   `json:"x509_cert,omitempty"`
}

Individual endpoint structures

type SAMLScanner 

type SAMLScanner struct{}

SAMLScanner provides SAML vulnerability scanning

func NewSAMLScanner 

func NewSAMLScanner() *SAMLScanner

NewSAMLScanner creates a new SAML scanner

func (*SAMLScanner) Scan 

func (s *SAMLScanner) Scan(ctx context.Context, metadataURL string) []types.Finding

Scan performs SAML security testing

type WebAuthnCrawler 

type WebAuthnCrawler struct {
	// contains filtered or unexported fields
}

WebAuthnCrawler discovers WebAuthn endpoints

func NewWebAuthnCrawler 

func NewWebAuthnCrawler(log *logger.Logger) *WebAuthnCrawler

func (*WebAuthnCrawler) Crawl 

func (c *WebAuthnCrawler) Crawl(ctx context.Context, target string) (*AuthEndpoints, error)

func (*WebAuthnCrawler) Name 

func (c *WebAuthnCrawler) Name() string

type WebAuthnEndpointInfo 

type WebAuthnEndpointInfo struct {
	RegisterURL string `json:"register_url"`
	LoginURL    string `json:"login_url"`
}

WebAuthnEndpointInfo contains WebAuthn endpoint information

type WebAuthnEndpoints 

type WebAuthnEndpoints struct {
	RegisterURL        string   `json:"register_url,omitempty"`
	LoginURL           string   `json:"login_url,omitempty"`
	ChallengeURL       string   `json:"challenge_url,omitempty"`
	AttestationOptions []string `json:"attestation_options,omitempty"`
	RPName             string   `json:"rp_name,omitempty"`
	RPID               string   `json:"rp_id,omitempty"`
}

Source Files

View all Source files

Directories

Path Synopsis
pkg/auth/discovery/comprehensive.go
 pkg/auth/discovery/comprehensive.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.