kramscan 0.1.0 → 0.2.0

package/dist/core/scanner.js

@@ -5,21 +5,143 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Scanner = void 0;
 const puppeteer_1 = __importDefault(require("puppeteer"));
+const events_1 = require("events");
 const vulnerability_detector_1 = require("./vulnerability-detector");
 const config_1 = require("./config");
+const ai_client_1 = require("./ai-client");
+const ai_payloads_1 = require("./ai-payloads");
 const logger_1 = require("../utils/logger");
-class Scanner {
+const plugins_1 = require("../plugins");
+const plugins_2 = require("../plugins");
+class Scanner extends events_1.EventEmitter {
     browser = null;
     detector;
     visitedUrls = new Set();
     crawledUrls = 0;
     testedForms = 0;
     requestsMade = 0;
-    constructor() {
+    headersChecked = new Set();
+    rateLimiter;
+    retryConfig;
+    maxConcurrency = 5;
+    strictScope = true;
+    baseOrigin = null;
+    maxPages = 30;
+    maxLinksPerPage = 50;
+    includePatterns = [];
+    excludePatterns = [];
+    userAgent = "KramScan/0.1.0";
+    scanErrors = [];
+    pluginErrors = new Map();
+    usePlugins = true;
+    useAiPayloads = false;
+    payloadGenerator = null;
+    constructor(usePlugins = true) {
+        super();
+        this.usePlugins = usePlugins;
         this.detector = new vulnerability_detector_1.VulnerabilityDetector();
+        this.detector.setOnVulnerabilityFound((vuln) => {
+            this.emit("vuln:found", { vulnerability: vuln });
+        });
+        this.rateLimiter = {
+            lastRequestTime: 0,
+            minInterval: 200,
+        };
+        this.retryConfig = {
+            maxRetries: 3,
+            baseDelay: 1000,
+            maxDelay: 10000,
+        };
+        // Register default plugins
+        if (usePlugins) {
+            this.registerDefaultPlugins();
+        }
+    }
+    registerDefaultPlugins() {
+        plugins_1.pluginManager.register(new plugins_2.XSSPlugin());
+        plugins_1.pluginManager.register(new plugins_2.SQLInjectionPlugin());
+        plugins_1.pluginManager.register(new plugins_2.SecurityHeadersPlugin());
+        plugins_1.pluginManager.register(new plugins_2.SensitiveDataPlugin());
+        plugins_1.pluginManager.register(new plugins_2.CSRFPlugin());
+    }
+    // Type-safe event emitter methods
+    emit(event, data) {
+        return super.emit(event, data);
+    }
+    on(event, listener) {
+        return super.on(event, listener);
+    }
+    once(event, listener) {
+        return super.once(event, listener);
+    }
+    getScanErrors() {
+        return [...this.scanErrors];
+    }
+    getPluginErrors() {
+        return new Map(this.pluginErrors);
+    }
+    async initializeScanSettings(targetUrl, options) {
+        const config = await (0, config_1.getConfig)();
+        this.rateLimiter.minInterval = 1000 / (config.scan.rateLimitPerSecond || 5);
+        this.maxConcurrency = Math.max(1, config.scan.maxThreads || 5);
+        this.strictScope = options.strictScope ?? (config.scan.strictScope ?? true);
+        this.baseOrigin = new URL(targetUrl).origin;
+        this.userAgent = config.scan.userAgent || this.userAgent;
+        // Load scan profile
+        const profileName = options.profile || config.scan.defaultProfile || "balanced";
+        const profile = await (0, config_1.getScanProfile)(profileName);
+        this.maxPages = Math.max(1, options.maxPages ?? profile?.maxPages ?? 30);
+        this.maxLinksPerPage = Math.max(1, options.maxLinksPerPage ?? profile?.maxLinksPerPage ?? 50);
+        // Initialize AI payload generator if requested and AI is enabled
+        this.useAiPayloads = options.useAiPayloads ?? false;
+        if (this.useAiPayloads && config.ai.enabled) {
+            try {
+                const aiClient = await (0, ai_client_1.createAIClient)();
+                this.payloadGenerator = new ai_payloads_1.PayloadGenerator(aiClient);
+                logger_1.logger.info("AI contextual payload generation enabled");
+            }
+            catch (err) {
+                logger_1.logger.warn(`Failed to initialize AI payload generator: ${err.message}`);
+                this.useAiPayloads = false;
+            }
+        }
+        const compileList = (values) => {
+            if (!values || values.length === 0)
+                return [];
+            const patterns = [];
+            for (const raw of values) {
+                try {
+                    patterns.push(new RegExp(raw));
+                }
+                catch {
+                    logger_1.logger.warn(`Invalid regex pattern ignored: ${raw}`);
+                }
+            }
+            return patterns;
+        };
+        this.includePatterns = compileList(options.include);
+        this.excludePatterns = compileList(options.exclude);
+    }
+    resetScanState() {
+        this.detector.clear();
+        this.visitedUrls.clear();
+        this.crawledUrls = 0;
+        this.testedForms = 0;
+        this.requestsMade = 0;
+        this.headersChecked.clear();
+        this.scanErrors = [];
+        this.pluginErrors.clear();
+        this.rateLimiter.lastRequestTime = 0;
+        this.removeAllListeners();
+        // Reset plugin manager state
+        if (this.usePlugins) {
+            const securityHeadersPlugin = plugins_1.pluginManager.getPlugin("Security Headers Analyzer");
+            if (securityHeadersPlugin && typeof securityHeadersPlugin.reset === "function") {
+                securityHeadersPlugin.reset();
+            }
+        }
     }
     async initialize(options = {}) {
-        const config = (0, config_1.getConfig)();
         const headless = options.headless ?? true;
         this.browser = await puppeteer_1.default.launch({
             headless,
@@ -36,14 +158,25 @@ class Scanner {
         const startTime = Date.now();
         const depth = options.depth ?? 2;
         const timeout = options.timeout ?? 30000;
+        this.resetScanState();
+        await this.initializeScanSettings(targetUrl, options);
         if (!this.browser) {
             await this.initialize(options);
         }
+        this.emit("scan:start", { target: targetUrl, options });
         logger_1.logger.info(`Starting scan of ${targetUrl} (depth: ${depth}, timeout: ${timeout}ms)`);
-        // Start crawling
-        await this.crawl(targetUrl, depth, timeout);
-        // Close browser
-        await this.close();
+        try {
+            await this.crawl(targetUrl, depth, timeout);
+        }
+        catch (error) {
+            const err = error;
+            this.emit("scan:error", { error: err });
+            logger_1.logger.error(`Scan failed: ${err.message}`);
+            throw error;
+        }
+        finally {
+            await this.close();
+        }
         const duration = Date.now() - startTime;
         const result = {
             target: targetUrl,
@@ -57,78 +190,283 @@ class Scanner {
                 requestsMade: this.requestsMade,
             },
         };
+        this.emit("scan:complete", { result });
         return result;
     }
+    async applyRateLimit() {
+        const now = Date.now();
+        const timeSinceLastRequest = now - this.rateLimiter.lastRequestTime;
+        if (timeSinceLastRequest < this.rateLimiter.minInterval) {
+            const delay = this.rateLimiter.minInterval - timeSinceLastRequest;
+            await new Promise(resolve => setTimeout(resolve, delay));
+        }
+        this.rateLimiter.lastRequestTime = Date.now();
+    }
+    async withRetry(operation, context) {
+        let lastError = null;
+        for (let attempt = 0; attempt <= this.retryConfig.maxRetries; attempt++) {
+            try {
+                await this.applyRateLimit();
+                return await operation();
+            }
+            catch (error) {
+                lastError = error;
+                if (attempt < this.retryConfig.maxRetries) {
+                    const delay = Math.min(this.retryConfig.baseDelay * Math.pow(2, attempt), this.retryConfig.maxDelay);
+                    logger_1.logger.debug(`Retry ${attempt + 1}/${this.retryConfig.maxRetries} for ${context} after ${delay}ms`);
+                    await new Promise(resolve => setTimeout(resolve, delay));
+                }
+            }
+        }
+        throw new Error(`Failed after ${this.retryConfig.maxRetries + 1} attempts: ${lastError?.message}`);
+    }
+    async createInstrumentedPage() {
+        const page = await this.browser.newPage();
+        await page.setUserAgent(this.userAgent);
+        await page.setRequestInterception(true);
+        page.on("request", (request) => {
+            this.requestsMade++;
+            const resourceType = request.resourceType();
+            if (resourceType === "image" || resourceType === "font" || resourceType === "media") {
+                request.abort();
+                return;
+            }
+            request.continue();
+        });
+        return page;
+    }
+    async runInIsolatedPage(operation) {
+        const page = await this.createInstrumentedPage();
+        try {
+            return await operation(page);
+        }
+        finally {
+            await page.close().catch((err) => logger_1.logger.debug(`Error closing page: ${err.message}`));
+        }
+    }
     async crawl(url, depth, timeout) {
+        if (this.crawledUrls >= this.maxPages) {
+            return;
+        }
         if (depth === 0 || this.visitedUrls.has(url)) {
             return;
         }
         this.visitedUrls.add(url);
         this.crawledUrls++;
-        const page = await this.browser.newPage();
+        this.emit("crawl:start", { url, depth });
+        this.emit("crawl:page", { url, crawledCount: this.crawledUrls, maxPages: this.maxPages });
+        this.emit("progress", {
+            stage: "crawling",
+            current: this.crawledUrls,
+            total: this.maxPages,
+            message: `Crawling: ${url}`
+        });
+        const page = await this.createInstrumentedPage();
         try {
-            // Set up request interception
-            await page.setRequestInterception(true);
-            page.on("request", (request) => {
-                this.requestsMade++;
-                request.continue();
-            });
-            // Navigate to page
-            const response = await page.goto(url, {
-                waitUntil: "networkidle2",
-                timeout,
-            });
+            const response = await this.withRetry(() => page.goto(url, { waitUntil: "networkidle2", timeout }), `crawl ${url}`);
             if (!response) {
                 logger_1.logger.warn(`No response from ${url}`);
+                this.scanErrors.push({ url, error: "No response" });
                 return;
             }
-            // Get response headers
-            const headers = response.headers();
-            this.detector.analyzeSecurityHeaders(url, headers);
-            // Get page content
             const content = await page.content();
-            // Check for sensitive data
-            this.detector.detectSensitiveData(url, content);
-            // Find and test forms
-            await this.testForms(page, url, timeout);
-            // Find links and crawl deeper
+            const headers = response.headers();
+            // Analyze with plugins
+            if (this.usePlugins) {
+                await this.runPlugins(page, url, content, headers, timeout);
+            }
+            else {
+                // Fallback to legacy detector
+                await this.runLegacyDetection(page, url, content, headers, timeout);
+            }
             if (depth > 1) {
                 const links = await this.extractLinks(page, url);
-                for (const link of links.slice(0, 10)) {
-                    // Limit to 10 links per page
+                for (const link of links) {
                     await this.crawl(link, depth - 1, timeout);
                 }
             }
+            this.emit("crawl:complete", { url });
         }
         catch (error) {
-            logger_1.logger.error(`Error crawling ${url}: ${error.message}`);
+            const err = error;
+            this.scanErrors.push({ url, error: err.message });
+            this.emit("crawl:error", { url, error: err });
+            logger_1.logger.error(`Error crawling ${url}: ${err.message}`);
         }
         finally {
-            await page.close();
+            await page.close().catch(err => logger_1.logger.debug(`Error closing page: ${err.message}`));
+        }
+    }
+    async runPlugins(page, url, content, headers, timeout) {
+        const context = {
+            page,
+            url,
+            baseUrl: this.baseOrigin || url,
+            timeout,
+            userAgent: this.userAgent,
+            payloadGenerator: this.payloadGenerator,
+        };
+        // Analyze headers
+        const host = new URL(url).host;
+        if (!this.headersChecked.has(host)) {
+            const headerResults = await plugins_1.pluginManager.analyzeHeaders(context, headers);
+            this.processPluginResults(headerResults);
+            this.headersChecked.add(host);
         }
+        // Analyze content
+        const contentResults = await plugins_1.pluginManager.analyzeContent(context, content);
+        this.processPluginResults(contentResults);
+        // Test URL parameters
+        await this.testUrlParametersWithPlugins(page, url, timeout);
+        // Test forms
+        await this.testFormsWithPlugins(page, url, timeout);
     }
-    async testForms(page, url, timeout) {
+    processPluginResults(results) {
+        for (const result of results) {
+            // Track plugin errors
+            if (result.errors.length > 0) {
+                const existing = this.pluginErrors.get(result.plugin) || [];
+                this.pluginErrors.set(result.plugin, [...existing, ...result.errors]);
+            }
+            // Add vulnerabilities to detector
+            for (const vuln of result.vulnerabilities) {
+                this.detector.addVulnerability(vuln);
+            }
+            // Emit event for monitoring
+            this.emit("plugin:execute", {
+                plugin: result.plugin,
+                url: result.errors[0]?.url || "",
+                duration: result.duration,
+            });
+        }
+    }
+    async testUrlParametersWithPlugins(page, url, timeout) {
+        try {
+            const urlObj = new URL(url);
+            const params = Array.from(urlObj.searchParams.keys());
+            for (const param of params) {
+                const value = urlObj.searchParams.get(param) || "";
+                const context = {
+                    page,
+                    url,
+                    baseUrl: this.baseOrigin || url,
+                    timeout,
+                    userAgent: this.userAgent,
+                    payloadGenerator: this.payloadGenerator,
+                };
+                const results = await plugins_1.pluginManager.testParameter(context, param, value);
+                this.processPluginResults(results);
+            }
+        }
+        catch (error) {
+            logger_1.logger.debug(`Error testing URL parameters with plugins: ${error.message}`);
+        }
+    }
+    async testFormsWithPlugins(page, url, timeout) {
         const forms = await page.$$("form");
+        if (forms.length > 0) {
+            this.emit("form:test", { url, formCount: forms.length });
+        }
         for (const form of forms) {
             this.testedForms++;
-            // Get form HTML for CSRF detection
-            const formHtml = await form.evaluate((el) => el.outerHTML);
-            this.detector.detectCSRF(url, formHtml);
-            // Find input fields
-            const inputs = await form.$$("input, textarea");
-            for (const input of inputs) {
-                const name = await input.evaluate((el) => el.getAttribute("name"));
-                const type = await input.evaluate((el) => el.getAttribute("type"));
-                if (!name || type === "hidden" || type === "submit") {
-                    continue;
+            try {
+                const inputs = await form.$$eval("input, textarea, select", (elements) => elements.map((el) => ({
+                    name: el.getAttribute("name") || "",
+                    type: el.getAttribute("type") || "text",
+                    value: el.value || "",
+                })).filter((input) => input.name && input.type !== "hidden" && input.type !== "submit"));
+                const formData = {
+                    action: await form.evaluate((el) => el.action || ""),
+                    method: await form.evaluate((el) => el.method || "GET"),
+                    inputs,
+                };
+                const context = {
+                    page,
+                    url,
+                    baseUrl: this.baseOrigin || url,
+                    timeout,
+                    userAgent: this.userAgent,
+                    payloadGenerator: this.payloadGenerator,
+                };
+                const results = await plugins_1.pluginManager.testFormInput(context, formData);
+                this.processPluginResults(results);
+            }
+            catch (error) {
+                logger_1.logger.debug(`Error testing form with plugins: ${error.message}`);
+            }
+        }
+    }
+    async runLegacyDetection(page, url, content, headers, timeout) {
+        const host = new URL(url).host;
+        if (!this.headersChecked.has(host)) {
+            this.detector.analyzeSecurityHeaders(url, headers);
+            this.headersChecked.add(host);
+        }
+        this.detector.detectSensitiveData(url, content);
+        this.detector.detectInfoDisclosure(url, content);
+        await this.testFormsLegacy(page, url, timeout);
+        await this.testUrlParametersLegacy(page, url, timeout);
+    }
+    async testFormsLegacy(page, url, timeout) {
+        const forms = await page.$$("form");
+        if (forms.length > 0) {
+            this.emit("form:test", { url, formCount: forms.length });
+        }
+        for (const form of forms) {
+            this.testedForms++;
+            try {
+                const formHtml = await form.evaluate((el) => el.outerHTML);
+                this.detector.detectCSRF(url, formHtml);
+                const inputs = await form.$$("input, textarea, select");
+                const inputTests = [];
+                for (const input of inputs) {
+                    const name = await input.evaluate((el) => el.getAttribute("name"));
+                    const type = await input.evaluate((el) => el.getAttribute("type"));
+                    if (!name || type === "hidden" || type === "submit") {
+                        continue;
+                    }
+                    inputTests.push(() => this.runInIsolatedPage((testPage) => this.testXSS(testPage, url, name, timeout)));
+                    inputTests.push(() => this.runInIsolatedPage((testPage) => this.testSQLi(testPage, url, name, timeout)));
                 }
-                // Test for XSS
-                await this.testXSS(page, url, name, timeout);
-                // Test for SQLi
-                await this.testSQLi(page, url, name, timeout);
+                await this.runWithConcurrency(inputTests, this.maxConcurrency);
+            }
+            catch (error) {
+                logger_1.logger.debug(`Error testing form: ${error.message}`);
             }
         }
     }
+    async testUrlParametersLegacy(page, baseUrl, timeout) {
+        try {
+            const url = new URL(baseUrl);
+            const params = Array.from(url.searchParams.keys());
+            for (const param of params) {
+                await this.testXSS(page, baseUrl, param, timeout);
+                await this.testSQLi(page, baseUrl, param, timeout);
+            }
+        }
+        catch (error) {
+            logger_1.logger.debug(`Error testing URL parameters: ${error.message}`);
+        }
+    }
+    async runWithConcurrency(tasks, maxConcurrency) {
+        if (tasks.length === 0) {
+            return;
+        }
+        const workerCount = Math.max(1, Math.min(maxConcurrency, tasks.length));
+        let nextIndex = 0;
+        const workers = Array.from({ length: workerCount }, async () => {
+            while (nextIndex < tasks.length) {
+                const currentTask = tasks[nextIndex++];
+                try {
+                    await currentTask();
+                }
+                catch (error) {
+                    logger_1.logger.debug(`Task failed: ${error.message}`);
+                }
+            }
+        });
+        await Promise.all(workers);
+    }
     async testXSS(page, url, param, timeout) {
         const payloads = [
             "<script>alert('XSS')</script>",
@@ -137,9 +475,8 @@ class Scanner {
         ];
         for (const payload of payloads) {
             try {
-                // Try to inject payload
                 const testUrl = this.buildTestUrl(url, param, payload);
-                await page.goto(testUrl, { waitUntil: "networkidle2", timeout });
+                await this.withRetry(() => page.goto(testUrl, { waitUntil: "networkidle2", timeout }), `XSS test for ${param}`);
                 const content = await page.content();
                 this.detector.detectXSS(url, param, payload, content);
             }
@@ -149,11 +486,11 @@ class Scanner {
         }
     }
     async testSQLi(page, url, param, timeout) {
-        const payloads = ["'", "1' OR '1'='1", "1; DROP TABLE users--", "' OR 1=1--"];
-        for (const payload of payloads) {
+        const errorBasedPayloads = ["'", "1' OR '1'='1", "' OR 1=1--"];
+        for (const payload of errorBasedPayloads) {
             try {
                 const testUrl = this.buildTestUrl(url, param, payload);
-                await page.goto(testUrl, { waitUntil: "networkidle2", timeout });
+                await this.withRetry(() => page.goto(testUrl, { waitUntil: "networkidle2", timeout }), `SQLi test for ${param}`);
                 const content = await page.content();
                 this.detector.detectSQLi(url, param, content);
             }
@@ -163,34 +500,66 @@ class Scanner {
         }
     }
     buildTestUrl(baseUrl, param, value) {
-        const url = new URL(baseUrl);
-        url.searchParams.set(param, value);
-        return url.toString();
+        try {
+            const url = new URL(baseUrl);
+            url.searchParams.set(param, value);
+            return url.toString();
+        }
+        catch (error) {
+            throw new Error(`Invalid URL: ${baseUrl}`);
+        }
     }
     async extractLinks(page, baseUrl) {
         const links = await page.$$eval("a[href]", (anchors) => anchors.map((a) => a.getAttribute("href")).filter(Boolean));
-        const base = new URL(baseUrl);
         const absoluteLinks = [];
+        const baseOrigin = this.baseOrigin || new URL(baseUrl).origin;
+        const isAllowedByPatterns = (candidate) => {
+            const asString = candidate.toString();
+            for (const pattern of this.excludePatterns) {
+                if (pattern.test(asString)) {
+                    return false;
+                }
+            }
+            if (this.includePatterns.length > 0) {
+                return this.includePatterns.some((pattern) => pattern.test(asString));
+            }
+            return true;
+        };
         for (const link of links) {
             if (!link)
                 continue;
             try {
                 const absolute = new URL(link, baseUrl);
-                // Only crawl same-origin links
-                if (absolute.origin === base.origin) {
-                    absoluteLinks.push(absolute.toString());
+                if (!["http:", "https:"].includes(absolute.protocol)) {
+                    continue;
+                }
+                if (this.strictScope && absolute.origin !== baseOrigin) {
+                    continue;
                 }
+                if (!isAllowedByPatterns(absolute)) {
+                    continue;
+                }
+                absolute.hash = "";
+                absoluteLinks.push(absolute.toString());
             }
             catch {
-                // Invalid URL, skip
+                // Skip invalid URLs
             }
         }
-        return [...new Set(absoluteLinks)]; // Remove duplicates
+        const deduped = [...new Set(absoluteLinks)];
+        return deduped.slice(0, this.maxLinksPerPage);
     }
     async close() {
         if (this.browser) {
-            await this.browser.close();
-            this.browser = null;
+            try {
+                await this.browser.close();
+            }
+            catch (error) {
+                logger_1.logger.debug(`Error closing browser: ${error.message}`);
+            }
+            finally {
+                this.browser = null;
+            }
         }
     }
 }

package/dist/core/vulnerability-detector.d.ts

@@ -1,6 +1,8 @@
+export type VulnerabilityType = "xss" | "sqli" | "csrf" | "header" | "sensitive_data" | "idor" | "lfi" | "cmdi" | "ssrf" | "redirect" | "info" | "other";
+export type Severity = "critical" | "high" | "medium" | "low" | "info";
 export interface Vulnerability {
-    type: "xss" | "sqli" | "csrf" | "header" | "sensitive_data" | "other";
-    severity: "critical" | "high" | "medium" | "low" | "info";
+    type: VulnerabilityType;
+    severity: Severity;
     title: string;
     description: string;
     url: string;
@@ -29,11 +31,25 @@ export interface ScanResult {
 }
 export declare class VulnerabilityDetector {
     private vulnerabilities;
+    private reportedHeaders;
+    private reportedPaths;
+    private onVulnerabilityFound?;
+    setOnVulnerabilityFound(callback: (vuln: Vulnerability) => void): void;
+    addVulnerability(vuln: Vulnerability): void;
     detectXSS(url: string, param: string, payload: string, response: string): void;
+    detectStoredXSS(url: string, payload: string, response: string): void;
     detectSQLi(url: string, param: string, errorResponse: string): void;
+    detectBlindSQLi(url: string, param: string, originalTime: number, testTime: number): void;
     detectCSRF(url: string, formHtml: string): void;
     analyzeSecurityHeaders(url: string, headers: Record<string, string>): void;
     detectSensitiveData(url: string, response: string): void;
+    detectIDOR(url: string, paramName: string, paramValue: string, testResponse: string, originalResponse: string): void;
+    detectLFI(url: string, param: string, payload: string, response: string): void;
+    detectPathTraversal(url: string, param: string, payload: string, response: string): void;
+    detectCMDI(url: string, param: string, payload: string, response: string): void;
+    detectSSRF(url: string, param: string, payload: string, response: string): void;
+    detectOpenRedirect(url: string, param: string, payload: string, finalUrl: string): void;
+    detectInfoDisclosure(url: string, response: string): void;
     getVulnerabilities(): Vulnerability[];
     getSummary(): {
         total: number;