saml

package
v0.0.0-...-d1533f9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var SAMLVulnerabilityChecks = []SAMLVulnerabilityCheck{
	{
		Name:        "Signature Exclusion",
		Description: "Check if SAML responses are accepted without signatures",
		Severity:    "CRITICAL",
		Test:        testSignatureExclusion,
	},
	{
		Name:        "Recipient Validation",
		Description: "Check if recipient validation is properly implemented",
		Severity:    "HIGH",
		Test:        testRecipientValidation,
	},
	{
		Name:        "Audience Restriction",
		Description: "Check if audience restrictions are enforced",
		Severity:    "HIGH",
		Test:        testAudienceRestriction,
	},
	{
		Name:        "Time-based Validation",
		Description: "Check if time-based conditions are validated",
		Severity:    "MEDIUM",
		Test:        testTimeBasedValidation,
	},
	{
		Name:        "InResponseTo Validation",
		Description: "Check if InResponseTo parameter is validated",
		Severity:    "HIGH",
		Test:        testInResponseToValidation,
	},
}

SAMLVulnerabilityChecks contains all SAML vulnerability checks

Functions

This section is empty.

Types

type Finding 

type Finding struct {
	ID          string    `json:"id"`
	Type        string    `json:"type"`
	Severity    string    `json:"severity"`
	Title       string    `json:"title"`
	Description string    `json:"description"`
	URL         string    `json:"url"`
	Method      string    `json:"method"`
	Risk        string    `json:"risk"`
	Confidence  string    `json:"confidence"`
	CreatedAt   time.Time `json:"created_at"`
}

Finding represents a SAML security finding

type GoldenSAMLScanner 

type GoldenSAMLScanner struct {
	// contains filtered or unexported fields
}

GoldenSAMLScanner detects Golden SAML attacks

func NewGoldenSAMLScanner 

func NewGoldenSAMLScanner(client *http.Client, parser *SAMLParser, logger common.Logger) *GoldenSAMLScanner

NewGoldenSAMLScanner creates a new Golden SAML scanner

func (*GoldenSAMLScanner) DetectGoldenSAML 

func (g *GoldenSAMLScanner) DetectGoldenSAML(endpoint SAMLEndpoint) []Finding

DetectGoldenSAML performs Golden SAML attack detection

type SAMLAssertion 

type SAMLAssertion struct {
	XMLName            xml.Name               `xml:"Assertion"`
	ID                 string                 `xml:"ID,attr"`
	Version            string                 `xml:"Version,attr"`
	IssueInstant       string                 `xml:"IssueInstant,attr"`
	Issuer             string                 `xml:"Issuer"`
	Subject            SAMLSubject            `xml:"Subject"`
	Conditions         SAMLConditions         `xml:"Conditions"`
	AuthnStatement     SAMLAuthnStatement     `xml:"AuthnStatement"`
	AttributeStatement SAMLAttributeStatement `xml:"AttributeStatement"`
	Signature          *SAMLSignature         `xml:"Signature"`
}

SAMLAssertion represents a SAML assertion

type SAMLAttack 

type SAMLAttack struct {
	Name        string
	Description string
	Payload     string
	Severity    string
	Execute     func(endpoint SAMLEndpoint, payload string) bool
}

SAMLAttack represents a SAML attack technique

type SAMLAttribute 

type SAMLAttribute struct {
	Name       string               `xml:"Name,attr"`
	NameFormat string               `xml:"NameFormat,attr"`
	Values     []SAMLAttributeValue `xml:"AttributeValue"`
}

SAMLAttribute represents a SAML attribute

type SAMLAttributeStatement 

type SAMLAttributeStatement struct {
	Attributes []SAMLAttribute `xml:"Attribute"`
}

SAMLAttributeStatement represents attribute statement

type SAMLAttributeValue 

type SAMLAttributeValue struct {
	Value string `xml:",chardata"`
}

SAMLAttributeValue represents attribute value

type SAMLAudienceRestriction 

type SAMLAudienceRestriction struct {
	Audience string `xml:"Audience"`
}

SAMLAudienceRestriction represents audience restriction

type SAMLAuthnContext 

type SAMLAuthnContext struct {
	AuthnContextClassRef string `xml:"AuthnContextClassRef"`
}

SAMLAuthnContext represents authentication context

type SAMLAuthnStatement 

type SAMLAuthnStatement struct {
	AuthnInstant string           `xml:"AuthnInstant,attr"`
	AuthnContext SAMLAuthnContext `xml:"AuthnContext"`
}

SAMLAuthnStatement represents authentication statement

type SAMLCanonicalizationMethod 

type SAMLCanonicalizationMethod struct {
	Algorithm string `xml:"Algorithm,attr"`
}

SAMLCanonicalizationMethod represents canonicalization method

type SAMLConditions 

type SAMLConditions struct {
	NotBefore            time.Time                 `xml:"NotBefore,attr"`
	NotOnOrAfter         time.Time                 `xml:"NotOnOrAfter,attr"`
	AudienceRestriction  SAMLAudienceRestriction   `xml:"AudienceRestriction"`
	AudienceRestrictions []SAMLAudienceRestriction `xml:"-"`
}

SAMLConditions represents SAML conditions

type SAMLDigestMethod 

type SAMLDigestMethod struct {
	Algorithm string `xml:"Algorithm,attr"`
}

SAMLDigestMethod represents digest method

type SAMLDiscoverer 

type SAMLDiscoverer struct {
	// contains filtered or unexported fields
}

SAMLDiscoverer discovers SAML endpoints

func NewSAMLDiscoverer 

func NewSAMLDiscoverer(client *http.Client, logger common.Logger) *SAMLDiscoverer

NewSAMLDiscoverer creates a new SAML discoverer

func (*SAMLDiscoverer) DiscoverEndpoints 

func (d *SAMLDiscoverer) DiscoverEndpoints(target string) ([]SAMLEndpoint, error)

DiscoverEndpoints discovers SAML endpoints

type SAMLEndpoint 

type SAMLEndpoint struct {
	URL      string            `json:"url"`
	Method   string            `json:"method"`
	Binding  string            `json:"binding"`
	Metadata map[string]string `json:"metadata"`
}

SAMLEndpoint represents a SAML endpoint

type SAMLKeyInfo 

type SAMLKeyInfo struct {
	X509Data SAMLX509Data `xml:"X509Data"`
}

SAMLKeyInfo represents key info

type SAMLManipulator 

type SAMLManipulator struct {
	// contains filtered or unexported fields
}

SAMLManipulator handles SAML response manipulation for testing

func NewSAMLManipulator 

func NewSAMLManipulator(logger common.Logger) *SAMLManipulator

NewSAMLManipulator creates a new SAML manipulator

func (*SAMLManipulator) GenerateGoldenTicket 

func (s *SAMLManipulator) GenerateGoldenTicket(username string, groups []string) string

GenerateGoldenTicket creates a forged SAML assertion (Golden SAML)

func (*SAMLManipulator) GenerateXSWVariants 

func (s *SAMLManipulator) GenerateXSWVariants(originalResponse string) []XSWVariant

GenerateXSWVariants generates XML Signature Wrapping attack variants

func (*SAMLManipulator) GetSAMLAttacks 

func (s *SAMLManipulator) GetSAMLAttacks() []SAMLAttack

GetSAMLAttacks returns available SAML attacks

func (*SAMLManipulator) InjectAssertion 

func (s *SAMLManipulator) InjectAssertion(response string) (string, bool)

InjectAssertion injects a malicious assertion

func (*SAMLManipulator) ModifyAttributes 

func (s *SAMLManipulator) ModifyAttributes(response string) (string, bool)

ModifyAttributes modifies user attributes

func (*SAMLManipulator) ModifyTimestamps 

func (s *SAMLManipulator) ModifyTimestamps(response string) (string, bool)

ModifyTimestamps modifies timestamp conditions

func (*SAMLManipulator) RemoveSignature 

func (s *SAMLManipulator) RemoveSignature(response string) (string, bool)

RemoveSignature removes digital signature

type SAMLNameID 

type SAMLNameID struct {
	Format string `xml:"Format,attr"`
	Value  string `xml:",chardata"`
}

SAMLNameID represents SAML name identifier

type SAMLParser 

type SAMLParser struct {
	// contains filtered or unexported fields
}

SAMLParser handles SAML response parsing and analysis

func NewSAMLParser 

func NewSAMLParser(logger common.Logger) *SAMLParser

NewSAMLParser creates a new SAML parser

func (*SAMLParser) ParseSAMLResponse 

func (p *SAMLParser) ParseSAMLResponse(responseXML string) (*SAMLResponse, error)

ParseSAMLResponse parses a SAML response

func (*SAMLParser) ValidateSAMLResponse 

func (p *SAMLParser) ValidateSAMLResponse(response *SAMLResponse) []string

ValidateSAMLResponse validates a SAML response

type SAMLReference 

type SAMLReference struct {
	URI          string           `xml:"URI,attr"`
	Transforms   SAMLTransforms   `xml:"Transforms"`
	DigestMethod SAMLDigestMethod `xml:"DigestMethod"`
	DigestValue  string           `xml:"DigestValue"`
}

SAMLReference represents signature reference

type SAMLResponse 

type SAMLResponse struct {
	XMLName      xml.Name          `xml:"Response"`
	ID           string            `xml:"ID,attr"`
	Version      string            `xml:"Version,attr"`
	IssueInstant string            `xml:"IssueInstant,attr"`
	Destination  string            `xml:"Destination,attr"`
	InResponseTo string            `xml:"InResponseTo,attr"`
	Issuer       string            `xml:"Issuer"`
	Status       SAMLStatus        `xml:"Status"`
	Assertion    SAMLAssertion     `xml:"Assertion"`
	Signature    *SAMLSignature    `xml:"Signature"`
	Subject      string            `xml:"-"`
	Attributes   map[string]string `xml:"-"`
}

SAMLResponse represents a SAML response

type SAMLScanner 

type SAMLScanner struct {
	// contains filtered or unexported fields
}

SAMLScanner implements SAML security testing

func NewSAMLScanner 

func NewSAMLScanner(logger common.Logger) *SAMLScanner

NewSAMLScanner creates a new SAML scanner

func (*SAMLScanner) GetCapabilities 

func (s *SAMLScanner) GetCapabilities() []string

GetCapabilities returns scanner capabilities

func (*SAMLScanner) GetProtocol 

func (s *SAMLScanner) GetProtocol() common.AuthProtocol

GetProtocol returns the protocol this scanner handles

func (*SAMLScanner) Scan 

func (s *SAMLScanner) Scan(target string, options map[string]interface{}) (*common.AuthReport, error)

Scan performs comprehensive SAML security testing

type SAMLSignature 

type SAMLSignature struct {
	XMLName        xml.Name       `xml:"Signature"`
	SignedInfo     SAMLSignedInfo `xml:"SignedInfo"`
	SignatureValue string         `xml:"SignatureValue"`
	KeyInfo        SAMLKeyInfo    `xml:"KeyInfo"`
}

SAMLSignature represents XML signature

type SAMLSignatureMethod 

type SAMLSignatureMethod struct {
	Algorithm string `xml:"Algorithm,attr"`
}

SAMLSignatureMethod represents signature method

type SAMLSignedInfo 

type SAMLSignedInfo struct {
	CanonicalizationMethod SAMLCanonicalizationMethod `xml:"CanonicalizationMethod"`
	SignatureMethod        SAMLSignatureMethod        `xml:"SignatureMethod"`
	Reference              SAMLReference              `xml:"Reference"`
}

SAMLSignedInfo represents signed info

type SAMLStatus 

type SAMLStatus struct {
	StatusCode SAMLStatusCode `xml:"StatusCode"`
}

SAMLStatus represents SAML response status

type SAMLStatusCode 

type SAMLStatusCode struct {
	Value string `xml:"Value,attr"`
}

SAMLStatusCode represents SAML status code

type SAMLSubject 

type SAMLSubject struct {
	NameID              SAMLNameID              `xml:"NameID"`
	SubjectConfirmation SAMLSubjectConfirmation `xml:"SubjectConfirmation"`
}

SAMLSubject represents SAML subject

type SAMLSubjectConfirmation 

type SAMLSubjectConfirmation struct {
	Method                  string                      `xml:"Method,attr"`
	SubjectConfirmationData SAMLSubjectConfirmationData `xml:"SubjectConfirmationData"`
}

SAMLSubjectConfirmation represents subject confirmation

type SAMLSubjectConfirmationData 

type SAMLSubjectConfirmationData struct {
	NotOnOrAfter string `xml:"NotOnOrAfter,attr"`
	Recipient    string `xml:"Recipient,attr"`
	InResponseTo string `xml:"InResponseTo,attr"`
}

SAMLSubjectConfirmationData represents subject confirmation data

type SAMLTransform 

type SAMLTransform struct {
	Algorithm string `xml:"Algorithm,attr"`
}

SAMLTransform represents a transform

type SAMLTransforms 

type SAMLTransforms struct {
	Transform []SAMLTransform `xml:"Transform"`
}

SAMLTransforms represents transforms

type SAMLVulnerabilityCheck 

type SAMLVulnerabilityCheck struct {
	Name        string
	Description string
	Severity    string
	Test        func(endpoint SAMLEndpoint, client *http.Client) *common.Vulnerability
}

SAMLVulnerabilityCheck represents a SAML vulnerability check

type SAMLX509Data 

type SAMLX509Data struct {
	X509Certificate string `xml:"X509Certificate"`
}

SAMLX509Data represents X509 data

type SignatureTest 

type SignatureTest struct {
	Name        string
	Description string
	Test        func(endpoint SAMLEndpoint) *Finding
}

SignatureTest represents a signature validation test

type XSWVariant 

type XSWVariant struct {
	ID          int    `json:"id"`
	Name        string `json:"name"`
	Description string `json:"description"`
	Payload     string `json:"payload"`
}

XSWVariant represents an XML Signature Wrapping variant

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.