Documentation
¶
Index ¶
- Constants
- type AnalysisResult
- func (r *AnalysisResult) AddDependency(name, version string) *AnalysisResult
- func (r *AnalysisResult) AddFramework(name, version string) *AnalysisResult
- func (r *AnalysisResult) AddVulnerability(vulnType, severity, description, location string) *AnalysisResult
- func (r *AnalysisResult) SetBundleType(bundleType string) *AnalysisResult
- func (r *AnalysisResult) SetDuration(duration string) *AnalysisResult
- func (r *AnalysisResult) SetFileSize(size int64) *AnalysisResult
- func (r *AnalysisResult) SetIsMinified(isMinified bool) *AnalysisResult
- func (r *AnalysisResult) SetScriptCount(count int) *AnalysisResult
- type Dependency
- type Finding
- func (f *Finding) WithCVSS(cvss float64) *Finding
- func (f *Finding) WithDescription(description string) *Finding
- func (f *Finding) WithEvidence(evidence string) *Finding
- func (f *Finding) WithMetadata(key string, value interface{}) *Finding
- func (f *Finding) WithPath(path string) *Finding
- func (f *Finding) WithReferences(references ...string) *Finding
- func (f *Finding) WithRemediation(remediation string) *Finding
- func (f *Finding) WithTags(tags ...string) *Finding
- func (f *Finding) WithURL(url string) *Finding
- type FindingType
- type Framework
- type FrameworkInfo
- type ScanResult
- type ScanStatus
- type SecurityReport
- type SecurityReportSummary
- type SecurityVulnerability
- type Severity
- type Target
- func (t *Target) AddAPI(api string)
- func (t *Target) AddCookie(name, value string)
- func (t *Target) AddFramework(framework FrameworkInfo)
- func (t *Target) AddHeader(name, value string)
- func (t *Target) AddPath(path string)
- func (t *Target) AddScript(script string)
- func (t *Target) AddStyle(style string)
- func (t *Target) AddTechnology(tech string)
- func (t *Target) AddToQueue(url string)
- func (t *Target) AddURL(url string)
- func (t *Target) GetNextURL() string
- func (t *Target) IsVisited(url string) bool
- func (t *Target) MarkVisited(url string)
- func (t *Target) QueueSize() int
- func (t *Target) ScriptCount() int
- func (t *Target) SetHTML(html string)
- func (t *Target) StyleCount() int
- func (t *Target) UpdateLastSeen()
- type Vulnerability
Constants ¶
View Source
const ( VulnTypeXSS = "xss" VulnTypeEval = "eval" VulnTypeDOMManipulation = "dom-manipulation" VulnTypeInjection = "injection" VulnTypeInsecureRandomness = "insecure-randomness" VulnTypePrototypePollution = "prototype-pollution" VulnTypeInsecureCrypto = "insecure-crypto" VulnTypeUnsafeAssignment = "unsafe-assignment" VulnTypeInnerHTML = "innerHTML" VulnTypeDocumentWrite = "document.write" VulnTypeInsecureCookie = "insecure-cookie" VulnTypeDynamicFunctionExec = "dynamic-function-execution" VulnTypeInsecurePostMessage = "insecure-postmessage" VulnTypeInsecureEventHandler = "insecure-event-handler" )
Common vulnerability types
View Source
const ( LocationClientSide = "client-side" LocationServerSide = "server-side" LocationThirdParty = "third-party" LocationDependency = "dependency" )
Common vulnerability locations
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnalysisResult ¶
type AnalysisResult struct {
Target *Target `json:"target"`
Dependencies []*Dependency `json:"dependencies,omitempty"`
Vulnerabilities []*Vulnerability `json:"vulnerabilities,omitempty"`
Frameworks []*Framework `json:"frameworks,omitempty"`
IsMinified bool `json:"is_minified"`
BundleType string `json:"bundle_type,omitempty"`
FileSize int64 `json:"file_size,omitempty"`
ScriptCount int `json:"script_count,omitempty"`
Duration string `json:"duration,omitempty"`
}
AnalysisResult represents the result of a JavaScript analysis
func NewAnalysisResult ¶
func NewAnalysisResult(target *Target) *AnalysisResult
NewAnalysisResult creates a new analysis result
func (*AnalysisResult) AddDependency ¶
func (r *AnalysisResult) AddDependency(name, version string) *AnalysisResult
AddDependency adds a dependency to the analysis result
func (*AnalysisResult) AddFramework ¶
func (r *AnalysisResult) AddFramework(name, version string) *AnalysisResult
AddFramework adds a framework to the analysis result
func (*AnalysisResult) AddVulnerability ¶
func (r *AnalysisResult) AddVulnerability(vulnType, severity, description, location string) *AnalysisResult
AddVulnerability adds a vulnerability to the analysis result
func (*AnalysisResult) SetBundleType ¶
func (r *AnalysisResult) SetBundleType(bundleType string) *AnalysisResult
SetBundleType sets the bundle type
func (*AnalysisResult) SetDuration ¶
func (r *AnalysisResult) SetDuration(duration string) *AnalysisResult
SetDuration sets the analysis duration
func (*AnalysisResult) SetFileSize ¶
func (r *AnalysisResult) SetFileSize(size int64) *AnalysisResult
SetFileSize sets the file size
func (*AnalysisResult) SetIsMinified ¶
func (r *AnalysisResult) SetIsMinified(isMinified bool) *AnalysisResult
SetIsMinified sets whether the script is minified
func (*AnalysisResult) SetScriptCount ¶
func (r *AnalysisResult) SetScriptCount(count int) *AnalysisResult
SetScriptCount sets the script count
type Dependency ¶
type Dependency struct {
Name string `json:"name"`
Version string `json:"version,omitempty"`
URL string `json:"url,omitempty"`
}
Dependency represents a JavaScript dependency
type Finding ¶
type Finding struct {
ID string `json:"id"`
Type FindingType `json:"type"`
Title string `json:"title"`
Description string `json:"description"`
Severity Severity `json:"severity"`
CVSS float64 `json:"cvss,omitempty"`
URL string `json:"url,omitempty"`
Path string `json:"path,omitempty"`
Evidence string `json:"evidence,omitempty"`
Remediation string `json:"remediation,omitempty"`
References []string `json:"references,omitempty"`
Tags []string `json:"tags,omitempty"`
Timestamp time.Time `json:"timestamp"`
// Additional metadata
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
Finding represents a security finding or discovery
func NewFinding ¶
func NewFinding(findingType FindingType, title string, severity Severity) *Finding
NewFinding creates a new finding
func (*Finding) WithDescription ¶
WithDescription adds a description to the finding
func (*Finding) WithEvidence ¶
WithEvidence adds evidence to the finding
func (*Finding) WithMetadata ¶
WithMetadata adds metadata to the finding
func (*Finding) WithReferences ¶
WithReferences adds references to the finding
func (*Finding) WithRemediation ¶
WithRemediation adds remediation guidance to the finding
type FindingType ¶
type FindingType string
FindingType represents the type of finding
const ( // FindingTypeVulnerability represents a security vulnerability FindingTypeVulnerability FindingType = "vulnerability" // FindingTypeFramework represents a framework detection FindingTypeFramework FindingType = "framework" // FindingTypeAPI represents an API endpoint FindingTypeAPI FindingType = "api" // FindingTypeRoute represents an application route FindingTypeRoute FindingType = "route" // FindingTypeBundle represents a JavaScript bundle FindingTypeBundle FindingType = "bundle" // FindingTypeConfig represents a configuration issue FindingTypeConfig FindingType = "config" // FindingTypeXSS represents a cross-site scripting vulnerability FindingTypeXSS FindingType = "xss" // FindingTypeInjection represents an injection vulnerability FindingTypeInjection FindingType = "injection" // FindingTypeCSRF represents a cross-site request forgery vulnerability FindingTypeCSRF FindingType = "csrf" // FindingTypeCORS represents a CORS misconfiguration FindingTypeCORS FindingType = "cors" // FindingTypeHeader represents a security header issue FindingTypeHeader FindingType = "header" // FindingTypeCookie represents a cookie security issue FindingTypeCookie FindingType = "cookie" // FindingTypeSupplyChain represents a supply chain security issue FindingTypeSupplyChain FindingType = "supply_chain" // FindingTypePrototype represents a prototype pollution vulnerability FindingTypePrototype FindingType = "prototype" )
type Framework ¶
type Framework struct {
Name string `json:"name"`
Version string `json:"version,omitempty"`
URL string `json:"url,omitempty"`
}
Framework represents a detected JavaScript framework
type FrameworkInfo ¶
type FrameworkInfo struct {
Type string `json:"type"`
Version string `json:"version,omitempty"`
Score float64 `json:"score,omitempty"`
}
FrameworkInfo represents a detected framework
type ScanResult ¶
type ScanResult struct {
URL string `json:"url"`
ScannedAt time.Time `json:"scanned_at"`
CompletedAt time.Time `json:"completed_at"`
ScriptsFound int `json:"scripts_found"`
ScriptsAnalyzed int `json:"scripts_analyzed"`
BundleTypes map[string]int `json:"bundle_types"`
Dependencies []*Dependency `json:"dependencies"`
Vulnerabilities []*Vulnerability `json:"vulnerabilities"`
Metadata map[string]interface{} `json:"metadata,omitempty"`
}
ScanResult represents the result of scanning a website for JavaScript
func NewScanResult ¶
func NewScanResult(url string) *ScanResult
NewScanResult creates a new scan result
func (*ScanResult) AddDependency ¶
func (r *ScanResult) AddDependency(name, version string)
AddDependency adds a dependency to the scan result
func (*ScanResult) AddVulnerability ¶
func (r *ScanResult) AddVulnerability(vuln *Vulnerability)
AddVulnerability adds a vulnerability to the scan result
func (*ScanResult) MarkComplete ¶
func (r *ScanResult) MarkComplete()
MarkComplete marks the scan as complete
type ScanStatus ¶
type ScanStatus string
ScanStatus represents the status of a scan
const ( ScanStatusPending ScanStatus = "pending" ScanStatusRunning ScanStatus = "running" ScanStatusCompleted ScanStatus = "completed" ScanStatusFailed ScanStatus = "failed" ScanStatusCancelled ScanStatus = "cancelled" )
Scan status constants
type SecurityReport ¶
type SecurityReport struct {
// ID is the unique identifier of the report
ID string `json:"id"`
// TargetURL is the URL of the target application
TargetURL string `json:"target_url"`
// Findings contains security findings
Findings []*Finding `json:"findings"`
// Vulnerabilities is the list of discovered vulnerabilities
Vulnerabilities []*SecurityVulnerability `json:"vulnerabilities"`
// Summary is the summary of the report
Summary *SecurityReportSummary `json:"summary"`
// CreatedAt is the time when the report was created
CreatedAt time.Time `json:"created_at"`
}
SecurityReport represents a detailed security report for a JavaScript application
type SecurityReportSummary ¶
type SecurityReportSummary struct {
// TotalFindings is the total number of findings
TotalFindings int `json:"total_findings"`
// TotalVulnerabilities is the total number of vulnerabilities
TotalVulnerabilities int `json:"total_vulnerabilities"`
// CriticalCount is the number of critical severity findings
CriticalCount int `json:"critical_count"`
// HighCount is the number of high severity findings
HighCount int `json:"high_count"`
// MediumCount is the number of medium severity findings
MediumCount int `json:"medium_count"`
// LowCount is the number of low severity findings
LowCount int `json:"low_count"`
// InfoCount is the number of informational findings
InfoCount int `json:"info_count"`
// Score is the overall security score (0-100)
Score float64 `json:"score"`
}
SecurityReportSummary represents a summary of a security report
type SecurityVulnerability ¶
type SecurityVulnerability struct {
// ID is the unique identifier of the vulnerability
ID string `json:"id"`
// Name is the name of the vulnerability
Name string `json:"name"`
// Description is the description of the vulnerability
Description string `json:"description"`
// Severity is the severity of the vulnerability
Severity Severity `json:"severity"`
// CVEID is the CVE ID of the vulnerability if available
CVEID string `json:"cve_id,omitempty"`
// Package is the name of the package with the vulnerability
Package string `json:"package"`
// Version is the version of the package with the vulnerability
Version string `json:"version"`
// AffectedVersions is the range of affected versions
AffectedVersions string `json:"affected_versions"`
// FixedVersion is the version that fixes the vulnerability
FixedVersion string `json:"fixed_version,omitempty"`
// References contains URLs to references about the vulnerability
References []string `json:"references,omitempty"`
// DiscoveredAt is the time when the vulnerability was discovered
DiscoveredAt time.Time `json:"discovered_at"`
}
SecurityVulnerability represents a security vulnerability in a JavaScript application It's separate from the Finding type but can be linked to findings
func NewSecurityVulnerability ¶
func NewSecurityVulnerability(name string, packageName string, version string, severity Severity) *SecurityVulnerability
NewSecurityVulnerability creates a new security vulnerability
type Severity ¶
type Severity string
Severity represents the severity level of a finding
const ( // SeverityInfo represents an informational finding SeverityInfo Severity = "info" // SeverityLow represents a low severity finding SeverityLow Severity = "low" // SeverityMedium represents a medium severity finding SeverityMedium Severity = "medium" // SeverityHigh represents a high severity finding SeverityHigh Severity = "high" // SeverityCritical represents a critical severity finding SeverityCritical Severity = "critical" )
type Target ¶
type Target struct {
// URL is the base URL of the target
URL string `json:"url"`
ParsedURL *url.URL `json:"-"`
// Domain is the domain of the target
Domain string `json:"domain"`
// HTML contains the main HTML content of the page
HTML string `json:"html,omitempty"`
// Paths contains all discovered paths
Paths []string `json:"paths,omitempty"`
// URLs contains all discovered URLs
URLs []string `json:"urls,omitempty"`
// Scripts contains all discovered JavaScript files
Scripts []string `json:"scripts,omitempty"`
// Styles contains all discovered CSS files
Styles []string `json:"styles,omitempty"`
// APIs contains all discovered API endpoints
APIs []string `json:"apis,omitempty"`
// Technologies contains detected technologies
Technologies []string `json:"technologies,omitempty"`
// Frameworks contains detected frameworks
Frameworks []FrameworkInfo `json:"frameworks,omitempty"`
// Headers contains response headers
Headers map[string]string `json:"headers,omitempty"`
// Cookies contains cookies
Cookies map[string]string `json:"cookies,omitempty"`
// FirstSeen is when the target was first seen
FirstSeen time.Time `json:"first_seen"`
// LastSeen is when the target was last seen
LastSeen time.Time `json:"last_seen"`
Visited map[string]bool `json:"-"`
VisitQueue []string `json:"-"`
}
Target represents a target application to scan
func (*Target) AddFramework ¶
func (t *Target) AddFramework(framework FrameworkInfo)
AddFramework adds a framework to the target
func (*Target) AddTechnology ¶
AddTechnology adds a technology to the target
func (*Target) AddToQueue ¶
AddToQueue adds a URL to the visit queue
func (*Target) GetNextURL ¶
GetNextURL gets the next URL from the queue
func (*Target) MarkVisited ¶
MarkVisited marks a URL as visited
func (*Target) ScriptCount ¶
ScriptCount returns the number of scripts
func (*Target) StyleCount ¶
StyleCount returns the number of stylesheets
func (*Target) UpdateLastSeen ¶
func (t *Target) UpdateLastSeen()
UpdateLastSeen updates the last seen timestamp
type Vulnerability ¶
type Vulnerability struct {
ID string `json:"id,omitempty"`
Type string `json:"type"`
Severity string `json:"severity"`
Description string `json:"description,omitempty"`
Location string `json:"location,omitempty"`
References []string `json:"references,omitempty"`
CVEID string `json:"cve_id,omitempty"`
Fix string `json:"fix,omitempty"`
}
Vulnerability represents a security vulnerability
Source Files
Click to show internal directories.
Click to hide internal directories.