internal/

directory
v0.29.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2026 License: MIT

Directories

Path Synopsis
Package activescan is the deterministic active-scan engine: it enumerates the injection points of a request, fires per-class payloads at them through a caller-supplied sender, and confirms vulnerabilities with detectors.
Package activescan is the deterministic active-scan engine: it enumerates the injection points of a request, fires per-class payloads at them through a caller-supplied sender, and confirms vulnerabilities with detectors.
Package activescript runs user-authored ACTIVE scanner checks written in Starlark — the active twin of internal/checkscript.
Package activescript runs user-authored ACTIVE scanner checks written in Starlark — the active twin of internal/checkscript.
Package aiagent provides a provider-agnostic, budgeted tool-calling agent loop for the autonomous-pentest engine.
Package aiagent provides a provider-agnostic, budgeted tool-calling agent loop for the autonomous-pentest engine.
Package aiassist is an optional, bring-your-own-key bridge to an LLM that explains requests, suggests payloads, and summarizes findings.
Package aiassist is an optional, bring-your-own-key bridge to an LLM that explains requests, suggests payloads, and summarizes findings.
Package android configures a USB-connected Android device for HTTPS interception via adb.
Package android configures a USB-connected Android device for HTTPS interception via adb.
auth
jwtextract
Package jwtextract pulls JWT-shaped tokens from HTTP flows (Bearer header, JSON fields, URL path/query, cookies) for cross-host replay and SSO testing.
Package jwtextract pulls JWT-shaped tokens from HTTP flows (Bearer header, JSON fields, URL path/query, cookies) for cross-host replay and SSO testing.
Package autopwn is the autonomous-pentest ("Autopilot") run engine: the Phase-2 orchestration core that reads captured in-scope history, plans and executes active security testing using Interceptor's own ~84 tools, verifies every candidate through the 4-gate verifier, and files ONLY machine-proven findings.
Package autopwn is the autonomous-pentest ("Autopilot") run engine: the Phase-2 orchestration core that reads captured in-scope history, plans and executes active security testing using Interceptor's own ~84 tools, verifies every candidate through the 4-gate verifier, and files ONLY machine-proven findings.
Package bind holds listen-address policy shared by the CLI and control plane.
Package bind holds listen-address policy shared by the CLI and control plane.
Package capture streams HTTP bodies into the store as they pass through, without buffering them in memory.
Package capture streams HTTP bodies into the store as they pass through, without buffering them in memory.
Package checkscript runs user-authored passive scanner checks written in Starlark — a small, Python-like, deterministic language.
Package checkscript runs user-authored passive scanner checks written in Starlark — a small, Python-like, deterministic language.
Package codec — body.go: HTTP response-body decompression helpers shared by control (display decoding) and intruder (grep decoding).
Package codec — body.go: HTTP response-body decompression helpers shared by control (display decoding) and intruder (grep decoding).
Package control serves the Interceptor UI and the REST + SSE control API on the fixed localhost control port.
Package control serves the Interceptor UI and the REST + SSE control API on the fixed localhost control port.
Package curlgen renders a captured request as a runnable curl command, so a tester (or the AI) can reproduce and iterate on it in a terminal.
Package curlgen renders a captured request as a runnable curl command, so a tester (or the AI) can reproduce and iterate on it in a terminal.
Package harx converts captured flows to and from the HAR 1.2 (HTTP Archive) format for interop with browsers, Postman, and other tooling.
Package harx converts captured flows to and from the HAR 1.2 (HTTP Archive) format for interop with browsers, Postman, and other tooling.
Package hostpattern matches host strings against simple scope-style patterns (exact, *.wildcard).
Package hostpattern matches host strings against simple scope-style patterns (exact, *.wildcard).
Package httplines normalizes HTTP header input from APIs and MCP tools.
Package httplines normalizes HTTP header input from APIs and MCP tools.
Package intercept implements the request hold queue (Burp-style intercept) and the request-side match-&-replace engine.
Package intercept implements the request hold queue (Burp-style intercept) and the request-side match-&-replace engine.
Package intruder runs payload-driven attacks (Sniper, Pitchfork) against a request template whose fuzz points are wrapped in §…§ markers.
Package intruder runs payload-driven attacks (Sniper, Pitchfork) against a request template whose fuzz points are wrapped in §…§ markers.
Package ios configures iOS simulators and devices for HTTPS interception.
Package ios configures iOS simulators and devices for HTTPS interception.
Package launcher tracks running per-project Interceptor instances so a single dashboard process can start/stop/discover them: the registry is a small JSON file (~/.interceptor/instances.json) mapping project name to {controlAddr, proxyAddr, pid}, written by whichever process spawns an instance and pruned lazily via Reconcile.
Package launcher tracks running per-project Interceptor instances so a single dashboard process can start/stop/discover them: the registry is a small JSON file (~/.interceptor/instances.json) mapping project name to {controlAddr, proxyAddr, pid}, written by whichever process spawns an instance and pruned lazily via Reconcile.
Package mcp implements a Model Context Protocol server over stdio so an AI agent can operate Interceptor as a set of tools.
Package mcp implements a Model Context Protocol server over stdio so an AI agent can operate Interceptor as a set of tools.
Package netutil provides helpers for enumerating local network addresses.
Package netutil provides helpers for enumerating local network addresses.
Package oob is an out-of-band interaction catcher for blind-vulnerability testing (blind SSRF / XXE / SQLi / RCE).
Package oob is an out-of-band interaction catcher for blind-vulnerability testing (blind SSRF / XXE / SQLi / RCE).
Package proc discovers and stops running Interceptor processes by image name.
Package proc discovers and stops running Interceptor processes by image name.
Package proxy implements an intercepting HTTP/HTTPS forward proxy that captures every flow.
Package proxy implements an intercepting HTTP/HTTPS forward proxy that captures every flow.
Package report renders scanner findings as a human-readable Markdown report, ready to paste into a pentest writeup.
Package report renders scanner findings as a human-readable Markdown report, ready to paste into a pentest writeup.
Package scanner runs passive security checks over captured flows.
Package scanner runs passive security checks over captured flows.
Package scope evaluates target-scope rules: which flows are "in scope" for an engagement.
Package scope evaluates target-scope rules: which flows are "in scope" for an engagement.
Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow.
Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow.
Package store persists flow metadata in SQLite and bodies on disk.
Package store persists flow metadata in SQLite and bodies on disk.
Package sysproxy points the operating system's HTTP/HTTPS proxy at Interceptor (and turns it back off).
Package sysproxy points the operating system's HTTP/HTTPS proxy at Interceptor (and turns it back off).
Package tlsca manages a local certificate authority for TLS interception: it loads or generates a CA, then mints and caches short-lived per-host leaf certificates signed by that CA so the proxy can terminate client TLS.
Package tlsca manages a local certificate authority for TLS interception: it loads or generates a CA, then mints and caches short-lived per-host leaf certificates signed by that CA so the proxy can terminate client TLS.
Package tunnel manages a Cloudflare "quick tunnel" (cloudflared) as a child process, exposing the local control plane at a public https://*.trycloudflare.com URL with no account or public IP required.
Package tunnel manages a Cloudflare "quick tunnel" (cloudflared) as a child process, exposing the local control plane at a public https://*.trycloudflare.com URL with no account or public IP required.
Package verify holds the deterministic, LLM-free primitives of the autonomous pentester's 4-gate verifier (see docs/AUTONOMOUS-PENTEST.md §5): Gate 1, differential reproduction, and the mechanism behind Gate 3, out-of-band (OOB) confirmation.
Package verify holds the deterministic, LLM-free primitives of the autonomous pentester's 4-gate verifier (see docs/AUTONOMOUS-PENTEST.md §5): Gate 1, differential reproduction, and the mechanism behind Gate 3, out-of-band (OOB) confirmation.
Package version is the single source of truth for the build version and a best-effort "is a newer release out?" check against the GitHub tags.
Package version is the single source of truth for the build version and a best-effort "is a newer release out?" check against the GitHub tags.
Package wsrepeater opens a fresh WebSocket connection to a target, sends one message, and captures the frames the server returns — a "Repeater" for WebSockets.
Package wsrepeater opens a fresh WebSocket connection to a target, sends one message, and captures the frames the server returns — a "Repeater" for WebSockets.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL