Documentation
¶
Index ¶
- Constants
- type AttackVector
- type CVSSScore
- type Certificate
- type Correlation
- type DNSRecord
- type Discovery
- type Evidence
- type MITRETechnique
- type PluginResult
- func (pr *PluginResult) AddCorrelation(correlation Correlation)
- func (pr *PluginResult) AddTag(tag string)
- func (pr *PluginResult) GetCorrelationsByType(correlationType string) []Correlation
- func (pr *PluginResult) GetSeverityWeight() int
- func (pr *PluginResult) HasCVSS() bool
- func (pr *PluginResult) HasTag(tag string) bool
- func (pr *PluginResult) IsHighRisk() bool
- type Service
- type ServiceFingerprint
- type SubdomainTakeoverResult
- func (str *SubdomainTakeoverResult) GetBusinessImpactLevel() string
- func (str *SubdomainTakeoverResult) GetCVSSVector() string
- func (str *SubdomainTakeoverResult) GetExploitationTimeframe() string
- func (str *SubdomainTakeoverResult) GetRecommendations() []string
- func (str *SubdomainTakeoverResult) GetRiskScore() float64
- func (str *SubdomainTakeoverResult) GetSeverityLevel() string
- func (str *SubdomainTakeoverResult) IsExploitable() bool
- func (str *SubdomainTakeoverResult) IsSubdomainOfMainDomain() bool
- type TakeoverScanSummary
- type TakeoverVulnerabilityDetails
- type Target
- func (t *Target) AddService(service Service)
- func (t *Target) AddTag(tag string)
- func (t *Target) AddTechnology(tech Technology)
- func (t *Target) GetBaseURL() string
- func (t *Target) GetDomainParts() (subdomain, domain, tld string)
- func (t *Target) GetOpenPorts() []int
- func (t *Target) GetTechnologiesByCategory(category string) []Technology
- func (t *Target) HasTag(tag string) bool
- func (t *Target) IsExpired() bool
- func (t *Target) IsExpiringSoon(duration time.Duration) bool
- func (t *Target) IsValid() bool
- func (t *Target) SetLastScan()
- func (t *Target) String() string
- func (t *Target) UpdateTimestamp()
- type TargetType
- type Technology
Constants ¶
View Source
const ( DiscoveryTypeSubdomain = "subdomain" DiscoveryTypeEndpoint = "endpoint" DiscoveryTypeTechnology = "technology" DiscoveryTypeCredential = "credential" DiscoveryTypeVulnerability = "vulnerability" DiscoveryTypeFile = "file" DiscoveryTypeService = "service" DiscoveryTypeParameter = "parameter" DiscoveryTypeSecret = "secret" DiscoveryTypeEmail = "email" )
DiscoveryType constants for type safety
View Source
const ( SeverityInfo = "info" SeverityLow = "low" SeverityMedium = "medium" SeverityHigh = "high" SeverityCritical = "critical" SeverityError = "error" )
SeverityLevel constants
View Source
const ( CategoryTakeover = "takeover" CategoryCloud = "cloud" CategoryWayback = "wayback" CategoryPortscan = "portscan" CategoryHTTPProbe = "httpprobe" CategoryJS = "js" CategoryVuln = "vuln" CategoryGithub = "github" CategoryParam = "param" CategoryCrawl = "crawl" CategoryBrokenLink = "brokenlink" )
CategoryType constants
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AttackVector ¶
type AttackVector struct {
Entry string `json:"entry"`
Technique string `json:"technique"`
Likelihood float64 `json:"likelihood"`
RequiredAccess string `json:"required_access"`
NextSteps []string `json:"next_steps"`
Mitigations []string `json:"mitigations"`
ExploitCode string `json:"exploit_code,omitempty"`
Prerequisites []string `json:"prerequisites"`
}
AttackVector for attack path modeling
type CVSSScore ¶
type CVSSScore struct {
Version string `json:"version"`
BaseScore float64 `json:"base_score"`
TemporalScore float64 `json:"temporal_score"`
EnvironmentalScore float64 `json:"environmental_score"`
Vector string `json:"vector"`
AttackVector string `json:"attack_vector"`
AttackComplexity string `json:"attack_complexity"`
PrivilegesRequired string `json:"privileges_required"`
UserInteraction string `json:"user_interaction"`
Scope string `json:"scope"`
ConfidentialityImpact string `json:"confidentiality_impact"`
IntegrityImpact string `json:"integrity_impact"`
AvailabilityImpact string `json:"availability_impact"`
}
CVSSScore for vulnerability scoring
type Certificate ¶
type Certificate struct {
Subject string `json:"subject"`
Issuer string `json:"issuer"`
SerialNumber string `json:"serial_number"`
NotBefore time.Time `json:"not_before"`
NotAfter time.Time `json:"not_after"`
SANs []string `json:"sans"`
SignatureAlg string `json:"signature_algorithm"`
PublicKeyAlg string `json:"public_key_algorithm"`
KeySize int `json:"key_size"`
Fingerprint string `json:"fingerprint"`
SelfSigned bool `json:"self_signed"`
Expired bool `json:"expired"`
ValidForDomain bool `json:"valid_for_domain"`
}
Certificate represents SSL/TLS certificate information
type Correlation ¶
type Correlation struct {
ID string `json:"id"`
Type string `json:"type"` // temporal, spatial, behavioral, causal
RelatedID string `json:"related_id"`
Strength float64 `json:"strength"` // 0-1
Description string `json:"description"`
Evidence []string `json:"evidence"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Correlation represents a relationship between findings
type DNSRecord ¶
type DNSRecord struct {
Type string `json:"type" validate:"oneof=A AAAA CNAME MX TXT SOA NS PTR"`
Name string `json:"name" validate:"required"`
Value string `json:"value" validate:"required"`
TTL int `json:"ttl,omitempty"`
}
DNSRecord represents DNS resolution information
type Discovery ¶
type Discovery struct {
Type string `json:"type"` // subdomain, endpoint, technology, etc.
Value interface{} `json:"value"`
Source string `json:"source"`
Confidence float64 `json:"confidence"`
Timestamp time.Time `json:"timestamp"`
Metadata map[string]interface{} `json:"metadata"`
TTL time.Duration `json:"ttl"`
}
Discovery represents shared information between plugins
type Evidence ¶
type Evidence struct {
Type string `json:"type"` // http_response, file_content, command_output
Content string `json:"content"`
URL string `json:"url,omitempty"`
StatusCode int `json:"status_code,omitempty"`
Headers map[string]string `json:"headers,omitempty"`
Body string `json:"body,omitempty"`
Screenshot string `json:"screenshot,omitempty"` // base64 encoded
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Evidence contains proof of the finding
type MITRETechnique ¶
type MITRETechnique struct {
ID string `json:"id"`
Name string `json:"name"`
Tactic string `json:"tactic"`
Description string `json:"description"`
References []string `json:"references"`
SubTechniques []string `json:"sub_techniques"`
Platforms []string `json:"platforms"`
DataSources []string `json:"data_sources"`
}
MITRETechnique for ATT&CK framework mapping
type PluginResult ¶
type PluginResult struct {
// Core fields
ID string `json:"id" validate:"required,uuid4"`
Plugin string `json:"plugin" validate:"required,min=2,max=50"`
Tool string `json:"tool" validate:"required,min=2,max=50"`
Category string `json:"category" validate:"required,oneof=takeover cloud wayback portscan httpprobe js vuln github param crawl brokenlink"`
Target string `json:"target" validate:"required,url"`
Timestamp time.Time `json:"timestamp" validate:"required"`
// Enhanced severity and scoring
Severity string `json:"severity" validate:"required,oneof=info low medium high critical error"`
CVSS *CVSSScore `json:"cvss,omitempty"`
RiskScore float64 `json:"risk_score" validate:"min=0,max=10"`
// Content
Title string `json:"title" validate:"required,min=5,max=200"`
Description string `json:"description" validate:"required,min=10,max=1000"`
Evidence Evidence `json:"evidence" validate:"required"`
Data map[string]interface{} `json:"data" validate:"required"`
// Intelligence correlation
Correlations []Correlation `json:"correlations,omitempty"`
AttackVector *AttackVector `json:"attack_vector,omitempty"`
TTP *MITRETechnique `json:"ttp,omitempty"`
// Metadata
References []string `json:"references" validate:"dive,url"`
Raw interface{} `json:"raw,omitempty"`
Confidence float64 `json:"confidence" validate:"min=0,max=1"`
Tags []string `json:"tags,omitempty"`
False bool `json:"false_positive"`
Verified bool `json:"verified"`
}
PluginResult represents an enhanced finding from a plugin
func (*PluginResult) AddCorrelation ¶
func (pr *PluginResult) AddCorrelation(correlation Correlation)
AddCorrelation adds a correlation if not already present
func (*PluginResult) AddTag ¶
func (pr *PluginResult) AddTag(tag string)
AddTag adds a tag to the result if not already present
func (*PluginResult) GetCorrelationsByType ¶
func (pr *PluginResult) GetCorrelationsByType(correlationType string) []Correlation
GetCorrelationsByType returns correlations of a specific type
func (*PluginResult) GetSeverityWeight ¶
func (pr *PluginResult) GetSeverityWeight() int
GetSeverityWeight returns numeric weight for severity comparison
func (*PluginResult) HasCVSS ¶
func (pr *PluginResult) HasCVSS() bool
HasCVSS returns true if the result has CVSS scoring
func (*PluginResult) HasTag ¶
func (pr *PluginResult) HasTag(tag string) bool
HasTag checks if the result has a specific tag
func (*PluginResult) IsHighRisk ¶
func (pr *PluginResult) IsHighRisk() bool
IsHighRisk returns true if the finding is high risk
type Service ¶
type Service struct {
Name string `json:"name"`
Port int `json:"port"`
Protocol string `json:"protocol"`
Version string `json:"version,omitempty"`
State string `json:"state"` // open, closed, filtered
Banner string `json:"banner,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Service represents a detected service
type ServiceFingerprint ¶
type ServiceFingerprint struct {
ServiceName string `json:"service_name"`
Provider string `json:"provider"`
DetectionRule string `json:"detection_rule"`
FingerprintType string `json:"fingerprint_type" validate:"oneof=http_response dns_error certificate_error"`
Patterns []string `json:"patterns"`
Confidence float64 `json:"confidence" validate:"min=0,max=1"`
Metadata map[string]string `json:"metadata,omitempty"`
}
ServiceFingerprint contains service-specific detection patterns
type SubdomainTakeoverResult ¶
type SubdomainTakeoverResult struct {
// Core identification
Subdomain string `json:"subdomain" validate:"required,fqdn"`
Service string `json:"service" validate:"required"`
Provider string `json:"provider,omitempty"`
StatusCode int `json:"status_code" validate:"min=0,max=999"`
Timestamp time.Time `json:"timestamp" validate:"required"`
// Vulnerability assessment
Vulnerable bool `json:"vulnerable"`
Verified bool `json:"verified"`
Confidence float64 `json:"confidence" validate:"min=0,max=1"`
RiskLevel string `json:"risk_level" validate:"oneof=minimal low medium high immediate"`
// Detection evidence
Fingerprint string `json:"fingerprint,omitempty"`
Response string `json:"response,omitempty"`
ErrorMsg string `json:"error_message,omitempty"`
// Technical details
DNSRecords []DNSRecord `json:"dns_records,omitempty"`
HTTPHeaders map[string]string `json:"http_headers,omitempty"`
// Security analysis
AttackScenario string `json:"attack_scenario,omitempty"`
BusinessImpact string `json:"business_impact,omitempty"`
RecommendedActions []string `json:"recommended_actions,omitempty"`
// Metadata
ScanDuration time.Duration `json:"scan_duration,omitempty"`
Tool string `json:"tool" validate:"required"`
PluginVersion string `json:"plugin_version,omitempty"`
}
SubdomainTakeoverResult represents a structured result from subdomain takeover detection
func (*SubdomainTakeoverResult) GetBusinessImpactLevel ¶
func (str *SubdomainTakeoverResult) GetBusinessImpactLevel() string
GetBusinessImpactLevel assesses business impact
func (*SubdomainTakeoverResult) GetCVSSVector ¶
func (str *SubdomainTakeoverResult) GetCVSSVector() string
GetCVSSVector generates CVSS 3.1 vector for verified vulnerabilities
func (*SubdomainTakeoverResult) GetExploitationTimeframe ¶
func (str *SubdomainTakeoverResult) GetExploitationTimeframe() string
GetExploitationTimeframe estimates time needed for exploitation
func (*SubdomainTakeoverResult) GetRecommendations ¶
func (str *SubdomainTakeoverResult) GetRecommendations() []string
GetRecommendations returns prioritized recommendations
func (*SubdomainTakeoverResult) GetRiskScore ¶
func (str *SubdomainTakeoverResult) GetRiskScore() float64
Risk assessment methods
func (*SubdomainTakeoverResult) GetSeverityLevel ¶
func (str *SubdomainTakeoverResult) GetSeverityLevel() string
GetSeverityLevel returns severity based on verification and risk factors
func (*SubdomainTakeoverResult) IsExploitable ¶
func (str *SubdomainTakeoverResult) IsExploitable() bool
IsExploitable determines if the vulnerability is immediately exploitable
func (*SubdomainTakeoverResult) IsSubdomainOfMainDomain ¶
func (str *SubdomainTakeoverResult) IsSubdomainOfMainDomain() bool
Helper method to check if subdomain is directly under main domain
type TakeoverScanSummary ¶
type TakeoverScanSummary struct {
TotalSubdomains int `json:"total_subdomains"`
VulnerableCount int `json:"vulnerable_count"`
VerifiedCount int `json:"verified_count"`
ServiceBreakdown map[string]int `json:"service_breakdown"`
SeverityBreakdown map[string]int `json:"severity_breakdown"`
ScanDuration time.Duration `json:"scan_duration"`
Results []SubdomainTakeoverResult `json:"results"`
Errors []string `json:"errors,omitempty"`
RecommendedActions []string `json:"recommended_actions"`
}
TakeoverScanSummary provides aggregated results
type TakeoverVulnerabilityDetails ¶
type TakeoverVulnerabilityDetails struct {
// Classification
CVEReferences []string `json:"cve_references,omitempty"`
OWASP_Category string `json:"owasp_category,omitempty"`
CWE_ID string `json:"cwe_id,omitempty"`
// Exploitation details
ExploitComplexity string `json:"exploit_complexity" validate:"oneof=low medium high"`
RequiredSkills []string `json:"required_skills,omitempty"`
ExploitMethods []string `json:"exploit_methods,omitempty"`
// Impact assessment
DataExfiltrationRisk bool `json:"data_exfiltration_risk"`
PhishingPotential bool `json:"phishing_potential"`
CSPBypassPossible bool `json:"csp_bypass_possible"`
SessionHijackingRisk bool `json:"session_hijacking_risk"`
BrandReputationImpact string `json:"brand_reputation_impact" validate:"oneof=none low medium high critical"`
// Mitigation
ImmediateActions []string `json:"immediate_actions,omitempty"`
LongTermMitigations []string `json:"long_term_mitigations,omitempty"`
MonitoringRequirements []string `json:"monitoring_requirements,omitempty"`
}
TakeoverVulnerabilityDetails provides detailed vulnerability information
type Target ¶
type Target struct {
// Core identification
ID string `json:"id" validate:"required,uuid4"`
URL string `json:"url" validate:"required,url"`
Domain string `json:"domain" validate:"required,fqdn"`
IP string `json:"ip,omitempty" validate:"omitempty,ip"`
Port int `json:"port,omitempty" validate:"omitempty,min=1,max=65535"`
// Target classification
Type TargetType `json:"type"`
Category string `json:"category"`
Priority int `json:"priority" validate:"min=1,max=10"`
// Scope and permissions
InScope bool `json:"in_scope"`
Whitelist []string `json:"whitelist"`
Blacklist []string `json:"blacklist"`
// Context information
Organization string `json:"organization,omitempty"`
Environment string `json:"environment,omitempty"` // prod, staging, dev
Tags []string `json:"tags"`
// Timing and scheduling
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
LastScan time.Time `json:"last_scan,omitempty"`
NextScan time.Time `json:"next_scan,omitempty"`
// Technical metadata
Technologies []Technology `json:"technologies"`
Services []Service `json:"services"`
Certificates []Certificate `json:"certificates"`
// Custom metadata
Metadata map[string]interface{} `json:"metadata"`
}
Target represents a scan target with context
func (*Target) AddService ¶
AddService adds a detected service
func (*Target) AddTechnology ¶
func (t *Target) AddTechnology(tech Technology)
AddTechnology adds a detected technology
func (*Target) GetBaseURL ¶
GetBaseURL returns the base URL without path
func (*Target) GetDomainParts ¶
GetDomainParts returns domain parts (subdomain, domain, tld)
func (*Target) GetOpenPorts ¶
GetOpenPorts returns list of open ports
func (*Target) GetTechnologiesByCategory ¶
func (t *Target) GetTechnologiesByCategory(category string) []Technology
GetTechnologiesByCategory returns technologies of a specific category
func (*Target) IsExpiringSoon ¶
IsExpiringSoon checks if any certificates expire within the given duration
func (*Target) SetLastScan ¶
func (t *Target) SetLastScan()
SetLastScan sets the last scan timestamp
func (*Target) UpdateTimestamp ¶
func (t *Target) UpdateTimestamp()
UpdateTimestamp updates the UpdatedAt timestamp
type TargetType ¶
type TargetType string
TargetType represents different types of targets
const ( TargetTypeWeb TargetType = "web" TargetTypeAPI TargetType = "api" TargetTypeSubdomain TargetType = "subdomain" TargetTypeIP TargetType = "ip" TargetTypeNetwork TargetType = "network" TargetTypeCloud TargetType = "cloud" TargetTypeRepository TargetType = "repository" TargetTypeMobile TargetType = "mobile" )
type Technology ¶
type Technology struct {
Name string `json:"name"`
Version string `json:"version,omitempty"`
Category string `json:"category"`
Confidence float64 `json:"confidence"`
Source string `json:"source"`
CVEs []string `json:"cves,omitempty"`
EOL bool `json:"eol"` // End of life
}
Technology represents detected technology
Source Files
Click to show internal directories.
Click to hide internal directories.