Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AppName = "cachex"
View Source
var DefaultCfgDir = filepath.Join(HomeDir, ".config", AppName)
View Source
var DefaultPayloadHeadersPath = filepath.Join(DefaultCfgDir, "payloads.yaml")
View Source
var DefaultScannerConfigPath = filepath.Join(DefaultCfgDir, "config.yaml")
View Source
var DefaultUserAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
DefaultUserAgent is the default user agent to use for requests
View Source
var HomeDir = os.Getenv("HOME")
View Source
var PayloadHeaders = map[string]string{
"X-Forwarded-Host": "evil.com",
"X-Original-URL": "/evilpath",
"X-Forwarded-For": "127.0.0.1",
"X-Host": "evil.com",
"X-Custom-IP-Authorization": "127.0.0.1",
"X-Forwarded-Proto": "https",
"X-Forwarded-Port": "443",
"X-Rewrite-URL": "/evilpath",
"X-Original-Host": "evil.com",
"X-ProxyUser-Ip": "127.0.0.1",
"X-Forwarded-Server": "evil.com",
"X-Original-Scheme": "https",
"X-Url-Scheme": "https",
"X-Requested-With": "XMLHttpRequest",
"X-Host-Override": "evil.com",
"X-Forwarded-Host-Override": "evil.com",
"X-Forwarded-Scheme": "https",
"X-Client-IP": "127.0.0.1",
"Forwarded": "for=127.0.0.1;host=evil.com;proto=https",
"X-HTTP-Method-Override": "POST",
"X-Remote-IP": "127.0.0.1",
"X-Remote-Addr": "127.0.0.1",
"X-Originating-IP": "127.0.0.1",
"True-Client-IP": "127.0.0.1",
"Fastly-Client-IP": "127.0.0.1",
"CF-Connecting_IP": "127.0.0.1",
"X-Real-IP": "127.0.0.1",
"X-WAP-Profile": "http://evil.com/evil.xml",
"X-ATT-DeviceId": "GT-P7320/Evil",
"Device-Stock-UA": "EvilUserAgent",
"X-HTTP-Host-Override": "evil.com",
"Forwarded-For": "127.0.0.1",
"Via": "evil.com",
"X-Original-Remote-Addr": "127.0.0.1",
"X-Forwarded": "127.0.0.1",
"Forwarded-For-IP": "127.0.0.1",
"X-Original-Forwarded-For": "127.0.0.1",
"Client-IP": "127.0.0.1",
"Proxy-Client-IP": "127.0.0.1",
"WL-Proxy-Client-IP": "127.0.0.1",
"HTTP_X_FORWARDED_FOR": "127.0.0.1",
"HTTP_CLIENT_IP": "127.0.0.1",
"HTTP_FORWARDED_FOR": "127.0.0.1",
"HTTP_FORWARDED": "127.0.0.1",
"HTTP_VIA": "evil.com",
"REMOTE_ADDR": "127.0.0.1",
"X-Amzn-Trace-Id": "Root=1-evil-trace-id",
"X-Azure-FDID": "evil.com",
"X-Azure-ClientIP": "127.0.0.1",
"X-Cloud-Trace-Context": "evil-trace-id",
"CF-Visitor": "{\"scheme\":\"https\"}",
"CF-IPCountry": "RU",
"CF-Ray": "evil-ray",
"CF-Connecting-User": "bad-user",
"X-Temp-Header": "evil",
"X-Http-Destinationurl": "http://evil.com",
}
PayloadHeaders is a curated list of headers used for cache poisoning, origin spoofing, and proxy bypass attempts. These are typically used to manipulate CDN, proxy, and cache behavior.
Functions ¶
func LoadConfig ¶
func LoadConfig() error
LoadConfig loads the configuration from the config file and sets the global Cfg object
func SaveDefaultPayloadHeadersConfig ¶
func SaveDefaultPayloadHeadersConfig() error
func SaveDefaultScannerConfig ¶
func SaveDefaultScannerConfig() error
Types ¶
type ClientConfig ¶
type ClientConfig struct {
DialTimeout float64 `yaml:"dial_timeout"` // Timeout for establishing the connection
HandshakeTimeout float64 `yaml:"handshake_timeout"` // Timeout for TLS handshake
ResponseTimeout float64 `yaml:"response_timeout"` // Timeout for server response headers
ProxyURL string `yaml:"proxy_url"` // Proxy URL for the HTTP client (optional)
}
ClientConfig defines the configuration for the HTTP client
type Config ¶
type Config struct {
ScannerConfig ScannerConfig `yaml:"scanner"` // Scanner configuration
PayloadConfig PayloadConfig `yaml:"payload"` // Payload configuration
}
Config defines the configuration for the cache poisoning scanner
var Cfg *Config = DefaultConfig()
Cfg is the global configuration object
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns the default configuration for cachex
type LoggerConfig ¶
type LoggerConfig struct {
LogError bool `yaml:"log_error"` // Flag to log errors to stderr
LogMode string `yaml:"log_mode"` // Mode of logging (pretty or JSON)
OutputFile string `yaml:"output_file"` // File to write logs to (optional)
Debug bool `yaml:"debug"` // Flag to enable debug logging
SkipTenative bool `yaml:"skip_tentative"` // Flag to skip stdout logging of tentative vulnerabilities
}
type PayloadConfig ¶
type PersistenceCheckerArgs ¶
type ScannerConfig ¶
type ScannerConfig struct {
ScanMode string `yaml:"scan_mode"` // Mode of scanning (single or multi-header)
Threads int `yaml:"threads"` // Number of threads to use for scanning
RequestHeaders map[string]string `yaml:"request_headers"` // Headers to be sent with the request
Client ClientConfig `yaml:"client"` // Client configuration
PersistenceCheckerArgs PersistenceCheckerArgs `yaml:"persistence_checker"` // Arguments for checking cache persistence
LoggerConfig LoggerConfig `yaml:"logger"` // Logger configuration
}
ScannerConfig defines the configuration for the scanner
Source Files
Click to show internal directories.
Click to hide internal directories.