gbounty

package module
v0.0.0-...-1ec8499 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2025 License: MIT Imports: 26 Imported by: 0

README


GBounty

Fast, reliable, and highly customizable website vulnerability scanner.

InstallDocumentation

Downloads Contributors

Multi-step website vulnerability scanner designed to help pentesters and bug hunters identify potential vulnerabilities in web applications.

We have a dedicated repository that houses various type of web vulnerability profiles contributed by security researchers and engineers.

[!WARNING]
This project is in active development. Expect breaking changes with releases. Review the release changelog before updating.

[!CAUTION]
This project was primarily built to be used as a standalone CLI tool. Running gbounty as a service may pose security risks. It's recommended to use with caution and additional security measures.

Getting started

Install GBounty

To start using GBounty, you can either install it using Go, or download one of the pre-compiled binaries from GitHub Releases.

Installation with Go

GBounty requires Go v1.23 to install successfully. Run the following command to install the latest version under development:

go install -v github.com/BountySecurity/gbounty/cmd/gbounty@main
Installation with GitHub Releases

Navigate to the GitHub Releases page and download the pre-compiled binary of the latest version (or any other) for the operating system (Linux, macOS, or Windows) and architecture (amd64, arm64, 386...) of your preference.

Other installation mechanism

Unfortunately, currently we don't have support for other installation mechanisms, like Homebrew, Snap, Choco or Docker, but contributions are welcome! See #1, for instance.

Usage
gbounty -h

This will display help for the tool.

 INFO  GBounty is a multi-step web scanner that uses web vulnerability profiles
 INFO  GBounty profiles can be found at: https://github.com/BountySecurity/gbounty-profiles



Usage:
  gbounty [flags]
​
Flags:
  -h, --help
    	Show help
  --update
    	Update the binary and profiles to the latest version
  --update-app
    	Update the binary to the latest version
  --update-profiles
    	Update profiles to the latest version
  --force-update-profiles
    	Re-download the latest version of profiles
  --check-updates
    	Check for available updates forcefully
	By default, available updates are checked only once a day
​
TARGET INPUT:
  -u, --url value
    	If specified, it will be used as a target url
	Can be used more than once: -u url1 -u url2
  -uf, --urls-file string
    	If specified, each line present on the file will be used as a target urls
  -rf, --requests-file string
    	If specified, each file present on the compressed file will be used as a target url and request template
	Only zipped (.zip) requests files are supported
  -rr, --raw-request value
    	If specified, contents on given path will be used as a target url and request template
	Can be used more than once: --raw-request path/requests/req1.txt --raw-request path/requests/req2.txt
	The host address must be in the first line before the raw request. Otherwise, the 'Host' header will be used
  -pf, --params-file string
    	If specified, each line present on the file will be used as a request parameter
	Used in combination with --params-split
  -ps, --params-split int
    	Determines the amount of parameters (-pf/--params-file) included into each group (default: 10)
	Use one (1) to scan every param individually
  -pm, --params-method string
    	Determines the HTTP method the params (-pf/--params-file) will be included into (default: "GET")
	Supported methods are: "GET" (url) and "POST" (www/url-encoded, body)
  -pe, --params-encoding string
    	Determines the encoding the params (-pf/--params-file) will be included into (default: "url")
	Supported encodings are: "url" (application/x-www-form-urlencoded) and "json" (application/json)
	Only used when --params-method/-pm is set to "POST"
  -h2, --http2
    	Forces HTTP/2. If enabled, the proto from the request template, if present, will be ignored
​
Options for --url (-u) and --urls-file:
  -X, --method string
    	If specified, it will be used as the HTTP method for request templates
  -H, --header value
    	If specified, it will be used as the HTTP header(s) for request templates
	Can be used more than once: -H "Accept: application/json" -H "Content-Type: application/json"
  -d, --data value
    	If specified, it will be used as the HTTP body data for request templates
​
PROFILE OPTIONS:
  -p, --profiles value
    	Determines the path where profile file(s) will be read from (default: "./profiles/")
	It can also be used with the path to a specific profile file
	Can be used more than once: -p profiles/XSS.bb2 -p profiles/SQLi.bb2
  -t, --tag value
    	If specified, only profiles tagged with provided tags will be used
	Can be used more than once: -t tag1 -t tag2
  -active, --only-active
    	If specified, only active profiles will be analyzed during the scan
  -passive, --only-passive
    	If specified, only passive profiles will be analyzed during the scan
  -psreq, --only-passive-req
    	If specified, only passive request profiles will be analyzed during the scan
  -psres, --only-passive-res
    	If specified, only passive response profiles will be analyzed during the scan
  -tags, --print-tags
    	Print available profile tags
	Used in combination with --tag
  -poc, --only-poc
    	If specified, only matched requests will be printed, nothing else.
​
RUNTIME OPTIONS:
  -c, --concurrency int
    	Determines how many target URL(s) will be scanned concurrently (default: 10)
  -r, --rps int
    	Determines the limit of requests per second (per URL) (default: 10)
  -safm, --stop-at-first-match
    	If specified, the scan will stop at the first match found for each combination of
	(a) profile, (b) step and (c) entrypoint
	Enabled by default, can be disabled with --stop-at-first-match=false or -safm=false
  -s, --silent
    	If specified, no results will be printed to stdout
  -bh, --blind-host string
    	If specified, the blind host will be injected into {BH} labels
  -email, --email-address string
    	If specified, the email address will be injected into {EMAIL} labels
  --proxy-address string
    	If specified, requests are proxied to the given address
	To specify host and port use 'host:port'
  --proxy-auth string
    	If specified, proxied requests will include authentication details
  -m, --in-memory
    	Use memory (only) as storage for intermediate scan results.
	Otherwise, it will use the filesystem (default)
  -sos, --save-on-stop
    	Save the scan's status, when manually interrupted
	The scan's identifier will be printed, to be used in combination with --from
  -f, --from string
    	Scan's identifier to be used to continue from
​
OUTPUT OPTIONS:
  -o, --output string
    	Determine the path where the output file will be stored to
	By default, the output file is formatted as plain text
  -j, --json
    	If specified, the output file will be JSON-formatted
	By default, the output file is formatted as plain text
  -md, --markdown
    	If specified, the output file will be Markdown-formatted
	By default, the output file is formatted as plain text
  -a, --all
    	If specified, results will include all requests and responses
	By default, only those requests that caused a match are included in results
	As it causes a noisy output, must be used in combination with -o/--output flag
  -areq, --all-requests
    	If specified, results will include all requests
	By default, only those requests that caused a match are included in results
	As it causes a noisy output, must be used in combination with -o/--output flag
  -ares, --all-responses
    	If specified, results will include all responses
	By default, only those requests that caused a match, and no response, are included in results
	As it causes a noisy output, must be used in combination with -o/--output flag
  -se, --show-errors
    	If specified, failed requests are included in results
  -sr, --show-responses
    	If specified, those requests that caused a match are printed with the corresponding response
  -ste, --stream-errors
    	If specified, failed requests are printed to stdout during the scan (live)
	By default, they are only printed at the end, only when the -se/--show-errors flag is provided
  -stm, --stream-matches
    	If specified, those requests that caused a match are printed to stdout during the scan (live)
	Enabled by default, can be disabled with --stream-matches=false or -stm=false
​
DEBUG OPTIONS:
  -v, --verbose
    	If specified, the internal logger will write warning and error log messages
  -vv, --verbose-extra
    	If specified, the internal logger will write info, warning and error log messages
  -vvv, --verbose-all
    	If specified, the internal logger will write debug, info, warning and error log messages
  -vout, --verbose-output string
    	If specified, the internal logger will write the log messages to a file
	By default, those are printed to stdout
​
EXAMPLES:
gbounty -u https://example.org -X POST -d "param1=value1&param2=value2" -t XSS -r 20 -a -o /tmp/results.json --json
gbounty --urls-file domains.txt -c 200 -r 10 -p /tmp/gbounty-profiles --silent --markdown -o /tmp/results.md
gbounty --raw-request 1.txt --raw-request 2.txt --blind-host yourblindhost.net
gbounty --requests-file requests.zip -r 150 --proxy-address=127.0.0.1:8080 -o /tmp/results.txt --all
Credits

Please, consider exploring the following comparable open-source projects that might also be beneficial for you:

FFuF, Jaeles, Nuclei, Qsfuzz, Inception, Snallygaster, Gofingerprint, Sn1per, Google tsunami, and ChopChop.

License

GBounty is distributed under MIT License

Documentation

Index

Constants

View Source 
const (
	Version = "v3.1.0"
)

Variables

View Source 
var (
	// ErrMissingProfiles is the error returned when the `scan` cannot be started because there are no profiles.
	ErrMissingProfiles = errors.New("missing profiles")
	// ErrMissingEntryPoints is the error returned when the `scan` cannot be started because there are no entry point finders.
	ErrMissingEntryPoints = errors.New("missing entry point finders")
	// ErrMissingRequestBuilder is the error returned when the `scan` cannot be started because there is no request builder configured.
	ErrMissingRequestBuilder = errors.New("missing requester builder")
	// ErrMissingFileSystemAbstraction is the error returned when the `scan` cannot be started because there is no file system abstraction configured.
	ErrMissingFileSystemAbstraction = errors.New("missing file system abstraction")
	// ErrMissingContext is the error returned when the `scan` cannot be started because there is no [context.Context].
	ErrMissingContext = errors.New("missing context")
)
View Source 
var ErrManuallyInterrupted = errors.New("scan interrupted manually")

Functions

This section is empty.

Types

type BlindHostPoller 

type BlindHostPoller interface {
	HostIdentifier() blindhost.HostIdentifier
	Search(substr string) *blindhost.Interaction
	BruteSearch(substr string) *blindhost.Interaction
}

BlindHostPoller defines the behavior expected from an agent that can continuously poll a `blindhost` looking for blindhost.Interaction instances.

type CfgOption 

type CfgOption func(*Config)

CfgOption is a function that modifies a Config instance. See WithRPS and WithConcurrency as examples.

func CfgOptionsFromJSON 

func CfgOptionsFromJSON(r io.Reader) ([]CfgOption, error)

CfgOptionsFromJSON parses a JSON document from a io.Reader, and turn its contents into a slice of CfgOption.

The expected payload is slightly different from Config struct.

For instance, it uses pointers to make it easier to determine whether a value was set or not.

Also, note that the parameter names is slightly different as well. The latter uses long, camel-cased names.

func WithBlindHostDomain 

func WithBlindHostDomain(blindHostDomain string) CfgOption

WithBlindHostDomain sets the blind host.

func WithBlindHostId 

func WithBlindHostId(blindHostId string) CfgOption

WithBlindHostId sets the blind host id.

func WithBlindHostPrivateKey 

func WithBlindHostPrivateKey(blindHostPrivateKey string) CfgOption

WithBlindHostPrivateKey sets the blind host key.

func WithConcurrency 

func WithConcurrency(concurrency int) CfgOption

WithConcurrency sets the concurrency level.

func WithCustomTokens 

func WithCustomTokens(customTokens map[string]string) CfgOption

WithCustomTokens sets the custom tokens.

func WithPayloadStrategy 

func WithPayloadStrategy(ps string) CfgOption

WithPayloadStrategy sets the payload strategy.

func WithRPS 

func WithRPS(rps int) CfgOption

WithRPS sets the rate of requests per second.

type CloseFunc 

type CloseFunc func()

CloseFunc is a function that can be used to close something that's open. For instance, a channel, a socket or a file descriptor.

Internal details will vary depending on the function that returns it.

type Config 

type Config struct {
	RPS                 int `default:"100"`
	Concurrency         int `default:"100"`
	Version             string
	SaveOnStop          bool
	InMemory            bool
	BlindHostId         string
	BlindHostDomain     string
	BlindHostPrivateKey string
	EmailAddress        bool
	CustomTokens        map[string]string
	PayloadStrategy     PayloadStrategy

	Silent             bool
	StreamErrors       bool
	StreamMatches      bool
	ShowResponses      bool
	ShowErrors         bool
	ShowAll            bool
	ShowAllRequests    bool
	ShowAllResponses   bool
	OnlyProofOfConcept bool

	OutPath   string
	OutFormat string
}

Config defines the configuration used by the scanner to perform a [scan]. It includes options to control the scanner's behavior, such as the rate of requests per second, the concurrency level, and the output format.

func (Config) BlindHostConfigured 

func (c Config) BlindHostConfigured() bool

BlindHostConfigured returns whether the blind host and its key are configured.

func (Config) Clone 

func (c Config) Clone() Config

Clone returns a deep copy of the Config instance.

type CustomTokens 

type CustomTokens = map[string]string

CustomTokens is a type that represents a collection of pairs (key, value) that can be used to replace certain tokens (i.e. placeholders) in a request.Request.

type Customizable 

type Customizable interface {
	Customize(ep entrypoint.Entrypoint)
}

Customizable defines the behavior of any object that can be customized with an `entrypoint`.

type Error 

type Error struct {
	URL       string
	Requests  []*request.Request
	Responses []*response.Response
	Err       string
}

Error represents an error that occurred during a [scan], containing the URL, the requests and responses that were made, and the error message.

There can be multiple Error per scan.

func (Error) Domain 

func (e Error) Domain() string

type FileSystem 

type FileSystem interface {
	FileSystemStats
	FileSystemErrors
	FileSystemMatches
	FileSystemSummaries
	FileSystemTemplates
	Cleanup(ctx context.Context) error
}

FileSystem defines the behavior expected from a [scan] file system, used to store and retrieve Match, Error, and TaskSummary instances.

type FileSystemErrors 

type FileSystemErrors interface {
	StoreError(ctx context.Context, err Error) error
	ErrorsIterator(ctx context.Context) (chan Error, CloseFunc, error)
	CloseErrors(ctx context.Context) error
}

FileSystemErrors defines the behavior expected from a [scan] file system to store and retrieve Error instances.

type FileSystemMatches 

type FileSystemMatches interface {
	StoreMatch(ctx context.Context, match Match) error
	MatchesIterator(ctx context.Context) (chan Match, CloseFunc, error)
	CloseMatches(ctx context.Context) error
}

FileSystemMatches defines the behavior expected from a [scan] file system to store and retrieve Match instances.

type FileSystemStats 

type FileSystemStats interface {
	StoreStats(ctx context.Context, stats *Stats) error
	LoadStats(ctx context.Context) (*Stats, error)
}

FileSystemStats defines the behavior expected from a [scan] file system to store and retrieve Stats instances.

type FileSystemSummaries 

type FileSystemSummaries interface {
	StoreTaskSummary(ctx context.Context, ts TaskSummary) error
	TasksSummariesIterator(ctx context.Context) (chan TaskSummary, CloseFunc, error)
	CloseTasksSummaries(ctx context.Context) error
}

FileSystemSummaries defines the behavior expected from a [scan] file system to store and retrieve TaskSummary instances.

type FileSystemTemplates 

type FileSystemTemplates interface {
	StoreTemplate(ctx context.Context, tpl Template) error
	TemplatesIterator(ctx context.Context) (chan Template, CloseFunc, error)
	CloseTemplates(ctx context.Context) error
}

FileSystemTemplates defines the behavior expected from a [scan] file system to store and retrieve Template instances.

type LineOfWork 

type LineOfWork struct {
	Template    Template
	Entrypoints []entrypoint.Entrypoint
	Tasks       []*Task

	sync.RWMutex
	Matches map[string]struct{}
}

LineOfWork is the aggregation for all the Task, for a given Template. In other words: - There is a LineOfWork for each request to be scanned:

  • For which we identify all the Entrypoints,
  • and combine with profile.Profile, to generate all starting possible combinations:
  • For every combination of entrypoint.Entrypoint (see Task.EntrypointIdx)
  • with every payload (see Task.PayloadIdx). [Rough estimate: #profiles x #payloads x #entrypoints]

=

  • Then, during the execution of the scan, more Task can be created, because one Task can be forked into more than one (for each step). So, every Task represents a path of steps, where every other step (except the current) did match.

type Match 

type Match struct {
	URL                   string
	Requests              []*request.Request
	Responses             []*response.Response
	ProfileName           string
	ProfileTags           []string
	IssueName             string
	IssueSeverity         string
	IssueConfidence       string
	IssueDetail           string
	IssueBackground       string
	RemediationDetail     string
	RemediationBackground string
	IssueParam            string
	ProfileType           string
	Payload               string
	Occurrences           [][]occurrence.Occurrence
	Grep                  string
	At                    time.Time
}

Match represents a match found during a [scan], containing the URL, the requests and responses that were made, and some other details associated with the match, like the profile's name and some information about the issue.

There can be multiple Match per scan. See the `internal/match` package for further details.

func (Match) Domain 

func (m Match) Domain() string

type Modifier 

type Modifier interface {
	Modify(step *profile.Step, tpl Template, req request.Request) request.Request
}

Modifier defines the behavior of a request modifier, which is a component capable of modifying the given request based on certain given requirements.

type ParamsCfg 

type ParamsCfg struct {
	Params   []string
	Size     int
	Method   string
	Encoding string
}

ParamsCfg defines the configuration for request parameters and is responsible for splitting them into chunked groups.

func (ParamsCfg) Alter 

func (pCfg ParamsCfg) Alter(tpl Template) []Template

Alter takes a Template as an input, and using the given ParamsCfg it constructs a new set of Template.

type PayloadStrategy 

type PayloadStrategy string

PayloadStrategy represents the strategy used to inject payloads during the scan execution. It can be either PayloadStrategyOnlyOnce or PayloadStrategyAll. 

const (
	PayloadStrategyOnlyOnce PayloadStrategy = "only_once"
	PayloadStrategyAll      PayloadStrategy = "all"
)

func PayloadStrategyFromString 

func PayloadStrategyFromString(s string) PayloadStrategy

PayloadStrategyFromString converts a string into a PayloadStrategy.

func (PayloadStrategy) IsOnlyOnce 

func (ps PayloadStrategy) IsOnlyOnce() bool

IsOnlyOnce returns whether the payload strategy is PayloadStrategyOnlyOnce.

func (PayloadStrategy) String 

func (ps PayloadStrategy) String() string

String returns the string representation of the PayloadStrategy.

type Requester 

type Requester interface {
	Do(ctx context.Context, req *request.Request) (response.Response, error)
}

Requester defines the behavior expected from a requester, capable to perform an HTTP request.Request and return the response.Response got.

type RequesterBuilder 

type RequesterBuilder func(req *request.Request) (Requester, error)

RequesterBuilder is a function that returns a Requester instance.

func NewReqBuilderPool 

func NewReqBuilderPool(ctx context.Context, reqBuilder RequesterBuilder, size uint32) RequesterBuilder

NewReqBuilderPool instantiates a pooled (limited) RequesterBuilder, with a maximum of [size] concurrent requesters.

Take a look at [requester_pool_test.go] for usage examples.

type Runner 

type Runner struct {
	// contains filtered or unexported fields
}

Runner is the main component responsible for orchestrating `scan` executions.

func NewRunner 

func NewRunner(opts *RunnerOpts) *Runner

NewRunner constructs a new Runner instance.

func (*Runner) Start 

func (r *Runner) Start() (err error)

Start starts the `scan` execution.

type RunnerOpts 

type RunnerOpts struct {
	// contains filtered or unexported fields
}

RunnerOpts is the structure that holds the configuration for the Runner to start a `scan`.

func DefaultRunnerOpts 

func DefaultRunnerOpts() *RunnerOpts

DefaultRunnerOpts constructs an empty instance of RunnerOpts.

func (*RunnerOpts) WithActiveProfiles 

func (opts *RunnerOpts) WithActiveProfiles(activeProfiles []*profile.Active) *RunnerOpts

WithActiveProfiles sets the given active profiles to the RunnerOpts instance.

func (*RunnerOpts) WithBlindHostPoller 

func (opts *RunnerOpts) WithBlindHostPoller(bhPoller BlindHostPoller) *RunnerOpts

WithBlindHostPoller sets the given blind host poller to the RunnerOpts instance.

func (*RunnerOpts) WithConfiguration 

func (opts *RunnerOpts) WithConfiguration(cfg Config) *RunnerOpts

WithConfiguration sets the given `scan` configuration to the RunnerOpts instance.

func (*RunnerOpts) WithContext 

func (opts *RunnerOpts) WithContext(ctx context.Context) *RunnerOpts

WithContext sets the given context to the RunnerOpts instance.

func (*RunnerOpts) WithEntrypointFinders 

func (opts *RunnerOpts) WithEntrypointFinders(finders []entrypoint.Finder) *RunnerOpts

WithEntrypointFinders sets the given entrypoint finders to the RunnerOpts instance.

func (*RunnerOpts) WithFileSystem 

func (opts *RunnerOpts) WithFileSystem(fileSystem FileSystem) *RunnerOpts

WithFileSystem sets the given file system abstraction to the RunnerOpts instance.

func (*RunnerOpts) WithModifiers 

func (opts *RunnerOpts) WithModifiers(modifiers []Modifier) *RunnerOpts

WithModifiers sets the given modifiers to the RunnerOpts instance.

func (*RunnerOpts) WithOnError 

func (opts *RunnerOpts) WithOnError(fn onErrorFunc) *RunnerOpts

WithOnError sets the given `onError` callback to the RunnerOpts instance.

func (*RunnerOpts) WithOnFinished 

func (opts *RunnerOpts) WithOnFinished(fn func(*Stats, error)) *RunnerOpts

WithOnFinished sets the given `onFinished` callback to the RunnerOpts instance.

func (*RunnerOpts) WithOnMatch 

func (opts *RunnerOpts) WithOnMatch(fn onMatchFunc) *RunnerOpts

WithOnMatch sets the given `onMatch` callback to the RunnerOpts instance.

func (*RunnerOpts) WithOnTask 

func (opts *RunnerOpts) WithOnTask(fn onTaskFunc) *RunnerOpts

WithOnTask sets the given `onTask` callback to the RunnerOpts instance.

func (*RunnerOpts) WithOnUpdated 

func (opts *RunnerOpts) WithOnUpdated(fn func(*Stats)) *RunnerOpts

WithOnUpdated sets the given `onUpdated` callback to the RunnerOpts instance.

func (*RunnerOpts) WithPassiveReqProfiles 

func (opts *RunnerOpts) WithPassiveReqProfiles(passiveReqProfiles []*profile.Request) *RunnerOpts

WithPassiveReqProfiles sets the given passive request profiles to the RunnerOpts instance.

func (*RunnerOpts) WithPassiveResProfiles 

func (opts *RunnerOpts) WithPassiveResProfiles(passiveResProfiles []*profile.Response) *RunnerOpts

WithPassiveResProfiles sets the given passive response profiles to the RunnerOpts instance.

func (*RunnerOpts) WithRequesterBuilder 

func (opts *RunnerOpts) WithRequesterBuilder(reqBuilder RequesterBuilder) *RunnerOpts

WithRequesterBuilder sets the given request builder to the RunnerOpts instance.

func (*RunnerOpts) WithSaveAllRequests 

func (opts *RunnerOpts) WithSaveAllRequests(saveAllRequests bool) *RunnerOpts

WithSaveAllRequests sets the given `saveAllRequests` boolean to the RunnerOpts instance.

func (*RunnerOpts) WithSaveAllResponses 

func (opts *RunnerOpts) WithSaveAllResponses(saveAllResponses bool) *RunnerOpts

WithSaveAllResponses sets the given `saveAllResponses` boolean to the RunnerOpts instance.

func (*RunnerOpts) WithSaveResponses 

func (opts *RunnerOpts) WithSaveResponses(saveResponses bool) *RunnerOpts

WithSaveResponses sets the given `saveResponses` boolean to the RunnerOpts instance.

type Stats 

type Stats struct {
	NumOfTotalRequests     int
	NumOfPerformedRequests int
	NumOfSucceedRequests   int
	NumOfFailedRequests    int
	NumOfSkippedRequests   int

	NumOfRequestsToAnalyze  int
	NumOfResponsesToAnalyze int

	TemplatesEnded map[int]struct{}

	NumOfEntrypoints int
	NumOfMatches     int

	StartedAt time.Time

	sync.Mutex
}

Stats is a structure that holds multiple stats about the [scan] process, such as the number of requests, the number of performed requests, etc.

func NewStats 

func NewStats() *Stats

NewStats creates a new instance of Stats.

type Task 

type Task struct {
	// IsBase is true if the task is a base task.
	// In such case, the task is not associated to a profile.
	// Thus, does not have a step nor a payload, nor an entrypoint.
	IsBase bool

	// Profile is the profile associated with the task. If defined, always as profile.ActiveProfile.
	Profile *profile.Active
	// StepIdx is the index of the step within the Profile steps the task is at.
	StepIdx int
	// PayloadIdx is the index of the payload within the Profile payloads the task is associated to.
	// It is equal to -1 when it is profile.RawRequestV2, or it is not associated to any Profile.
	PayloadIdx int

	Requests    []*request.Request
	Responses   []*response.Response
	Occurrences [][]occurrence.Occurrence
	Performed   bool
	Match       bool
	Error       error

	// LoW is an internal reference to the LineOfWork
	// it belongs to. It must be non-nil.
	LoW *LineOfWork
	// EntrypointIdx is the index of the entrypoint within the LineOfWork entrypoints the task is associated to.
	// It is equal to -1 when it is not associated to any LineOfWork entrypoint. If so, use Entrypoint instead.
	EntrypointIdx int
	// Entrypoint is an entrypoint.Entrypoint not included within the LineOfWork entrypoints.
	// Only used when it is not associated to any LineOfWork entrypoint. By the default, use EntrypointIdx.
	Entrypoint entrypoint.Entrypoint
}

Task is an atomic unit of work within a `scan`, which is what composes a Template.

type TaskSummary 

type TaskSummary struct {
	URL       string
	Requests  []*request.Request
	Responses []*response.Response
}

TaskSummary represents a summary of a [scan] task, which corresponds to one of the iterations where one (or multiple) requests are targeted against a URL, and some checks are performed over the responses, looking for one (or multiple) Match.

func (TaskSummary) Domain 

func (ts TaskSummary) Domain() string

type Template 

type Template struct {
	Idx         int
	OriginalURL string
	request.Request
	Response *response.Response
}

Template is an abstraction that represents a request and response pair used for scanning. It also contains the original URL and the unique index within the entire scan.

func NewTemplate 

func NewTemplate(ctx context.Context, idx int, req request.Request, res *response.Response) Template

NewTemplate instantiates a new Template with the given request.Request, the response.Response, if any, and the given index. So, similar to manually populating the Template fields but with some validations in place.

func TemplateFromRawBytes 

func TemplateFromRawBytes(ctx context.Context, idx int, pCfg ParamsCfg, fileBytes []byte, opts ...request.Option) ([]Template, error)

TemplateFromRawBytes initializes a slice of Template with the given ParamsCfg, a slice of request.Option and interpreting the slice of bytes as a file that contains a raw HTTP request.

func TemplatesFromZipBytes 

func TemplatesFromZipBytes(ctx context.Context, pCfg ParamsCfg, fileBytes []byte, opts ...request.Option) ([]Template, error)

TemplatesFromZipBytes initializes a slice of Template with the given ParamsCfg, a slice of request.Option and interpreting the slice of bytes as the contents of a zipped (.zip) file that contains one or more files, each containing a raw HTTP request.

func (Template) Clone 

func (tpl Template) Clone(idx int) Template

Clone returns a clone (copy) of the Template, keeping the same index, URL, and deep-copying the request.Request.

type Writer 

type Writer interface {
	WriteConfig(ctx context.Context, cfg Config) error

	WriteStats(ctx context.Context, fs FileSystem) error
	WriteMatchesSummary(ctx context.Context, fs FileSystem) error

	WriteError(ctx context.Context, err Error) error
	WriteErrors(ctx context.Context, fs FileSystem) error

	WriteMatch(ctx context.Context, match Match, includeResponse bool) error
	WriteMatches(ctx context.Context, fs FileSystem, includeResponses bool) error

	WriteTasks(ctx context.Context, fs FileSystem, allRequests, allResponses bool) error
}

Writer defines the behavior expected from a [scan] writer, used to write Config, Stats, Match, Error, and TaskSummary instances to a specific output (e.g. stdout or file) in a specific format (e.g. JSON).

Source Files

View all Source files

Directories

Path Synopsis
cmd
gbounty command
gbounty/bootstrap
internal
platform/cli
platform/metrics
platform/writer
kit
blindhost
console/color
console/printer
die
getopt
gitconfig
jsonmap
logger
osext
panics
pool
progressbar
selfupdate
semver
slices
strings/capitalize
strings/occurrence
syncutil
ulid
url
platform
filesystem
http
http/client
http/httputil
http/stdclient
encode
profilefakes

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.