sentinel-scanner 2.4.1 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cspell.json +19 -51
- package/.github/ISSUE_TEMPLATE/config.yml +1 -1
- package/.github/PULL_REQUEST_TEMPLATE.md +2 -2
- package/.github/workflows/stale.yaml +20 -0
- package/.github/workflows/webapp-scanner.yml +31 -19
- package/.github/workflows/welcome.yaml +9 -55
- package/.husky/pre-commit +35 -0
- package/.vscode/extensions.json +7 -0
- package/.vscode/launch.json +20 -0
- package/.vscode/settings.json +32 -0
- package/.vscode/tasks.json +24 -0
- package/CHANGELOG.md +7 -3
- package/CODE_OF_CONDUCT.md +4 -1
- package/CONTRIBUTING.md +2 -2
- package/README.md +5 -0
- package/api-extractor.json +30 -30
- package/biome.json +6 -32
- package/build/index.d.ts +0 -147
- package/build/index.js +111 -2633
- package/package.json +69 -102
- package/scripts/build.ts +68 -78
- package/scripts/test.ts +55 -0
- package/src/__tests__/spider.test.ts +44 -0
- package/src/commands/spider.ts +61 -126
- package/src/index.ts +23 -26
- package/src/spider/index.ts +345 -0
- package/src/spider/types/index.ts +21 -0
- package/src/spider/types/schema.ts +54 -0
- package/src/utils/index.ts +199 -3
- package/tsconfig.json +19 -18
- package/.github/assets/header.png +0 -0
- package/.github/dependabot.yml +0 -11
- package/.github/workflows/pr.yaml +0 -64
- package/.nsprc +0 -3
- package/build/bin.js +0 -2679
- package/build/xhr-sync-worker.js +0 -59
- package/docs/CNAME +0 -1
- package/docs/disclaimer.md +0 -68
- package/docs/headers/details.md +0 -114
- package/docs/headers/index.md +0 -73
- package/docs/index.md +0 -82
- package/docs/ports/index.md +0 -86
- package/docs/scoring.md +0 -91
- package/docs/spider/index.md +0 -61
- package/docs/sql-injection/details.md +0 -109
- package/docs/sql-injection/index.md +0 -73
- package/docs/xss/details.md +0 -92
- package/docs/xss/index.md +0 -73
- package/scripts/extras/document-shim.js +0 -4
- package/src/bin.ts +0 -29
- package/src/commands/header.ts +0 -150
- package/src/commands/ports.ts +0 -175
- package/src/commands/sqli.ts +0 -150
- package/src/commands/xss.ts +0 -149
- package/src/modules/headers/headers.ts +0 -161
- package/src/modules/headers/index.ts +0 -179
- package/src/modules/ports/index.ts +0 -311
- package/src/modules/spider/index.ts +0 -178
- package/src/modules/sqli/index.ts +0 -486
- package/src/modules/sqli/payloads.json +0 -156
- package/src/modules/xss/index.ts +0 -401
- package/src/modules/xss/payloads.json +0 -2692
- package/src/utils/types.ts +0 -7
package/build/index.d.ts
CHANGED
|
@@ -1,148 +1 @@
|
|
|
1
|
-
export declare class HeaderScanner {
|
|
2
|
-
private securityHeaders;
|
|
3
|
-
private informationalHeaders;
|
|
4
|
-
private spiderResults;
|
|
5
|
-
private logger;
|
|
6
|
-
private retries;
|
|
7
|
-
private timeout;
|
|
8
|
-
private concurrency;
|
|
9
|
-
private vulnerabilities;
|
|
10
|
-
constructor(options: HeaderScannerOptions);
|
|
11
|
-
private withRetries;
|
|
12
|
-
private getHeaders;
|
|
13
|
-
private chunkArray;
|
|
14
|
-
private checkHeaders;
|
|
15
|
-
scan(): Promise<Array<Vulnerability>>;
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
export declare type HeaderScannerOptions = {
|
|
19
|
-
spiderResults: Array<string>;
|
|
20
|
-
retries?: number;
|
|
21
|
-
timeout?: number;
|
|
22
|
-
concurrency?: number;
|
|
23
|
-
};
|
|
24
|
-
|
|
25
|
-
export declare type HeadersData = {
|
|
26
|
-
name: string;
|
|
27
|
-
description: string;
|
|
28
|
-
recommendation: string;
|
|
29
|
-
check: (value: string) => boolean;
|
|
30
|
-
};
|
|
31
|
-
|
|
32
|
-
export declare class PortsScanner {
|
|
33
|
-
private allowList;
|
|
34
|
-
private toScan;
|
|
35
|
-
private spiderResults;
|
|
36
|
-
private concurrency;
|
|
37
|
-
private timeout;
|
|
38
|
-
private domain;
|
|
39
|
-
private logger;
|
|
40
|
-
constructor(opts: PortsScannerOpts);
|
|
41
|
-
private validateSpiderResults;
|
|
42
|
-
private getPortsToScan;
|
|
43
|
-
private getDomainFromUrl;
|
|
44
|
-
private scanPort;
|
|
45
|
-
private scanDomain;
|
|
46
|
-
private executeWithConcurrency;
|
|
47
|
-
private getBanner;
|
|
48
|
-
private generateVulnerability;
|
|
49
|
-
scan(): Promise<Vulnerability[]>;
|
|
50
|
-
}
|
|
51
|
-
|
|
52
|
-
export declare interface PortsScannerOpts {
|
|
53
|
-
spiderResults: Array<string>;
|
|
54
|
-
fromPort?: number;
|
|
55
|
-
toPort?: number;
|
|
56
|
-
allowList?: Array<number>;
|
|
57
|
-
concurrency?: number;
|
|
58
|
-
timeout?: number;
|
|
59
|
-
}
|
|
60
|
-
|
|
61
|
-
export declare class SpiderScanner {
|
|
62
|
-
private header;
|
|
63
|
-
private url;
|
|
64
|
-
private logger;
|
|
65
|
-
private depth;
|
|
66
|
-
private concurrency;
|
|
67
|
-
private retries;
|
|
68
|
-
private timeout;
|
|
69
|
-
constructor(url: string, options?: SpiderScannerOptions);
|
|
70
|
-
private normalizeDomain;
|
|
71
|
-
private convertRelativeUrlToAbsolute;
|
|
72
|
-
private isInternalLink;
|
|
73
|
-
private fetchWithRetries;
|
|
74
|
-
private extractLinks;
|
|
75
|
-
crawl(): Promise<Array<string>>;
|
|
76
|
-
}
|
|
77
|
-
|
|
78
|
-
export declare interface SpiderScannerOptions {
|
|
79
|
-
depth?: number;
|
|
80
|
-
concurrency?: number;
|
|
81
|
-
retries?: number;
|
|
82
|
-
timeout?: number;
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
export declare type SQLErrors = Record<SupportedDatabases, Array<string>>;
|
|
86
|
-
|
|
87
|
-
export declare type SqliConstructorOpts = {
|
|
88
|
-
spiderResults: Array<string>;
|
|
89
|
-
retries?: number;
|
|
90
|
-
timeout?: number;
|
|
91
|
-
concurrency?: number;
|
|
92
|
-
};
|
|
93
|
-
|
|
94
|
-
export declare class SqliScanner {
|
|
95
|
-
private logger;
|
|
96
|
-
private spiderResults;
|
|
97
|
-
private retries;
|
|
98
|
-
private timeout;
|
|
99
|
-
private vulnerabilities;
|
|
100
|
-
private concurrency;
|
|
101
|
-
private payloads;
|
|
102
|
-
constructor(opts: SqliConstructorOpts);
|
|
103
|
-
private validateSpiderResults;
|
|
104
|
-
private fillFormIfExists;
|
|
105
|
-
private sleep;
|
|
106
|
-
private chunkArray;
|
|
107
|
-
private scanWithBrowser;
|
|
108
|
-
private fetchWithRetries;
|
|
109
|
-
private scanWithParams;
|
|
110
|
-
private checkContentForErrors;
|
|
111
|
-
scan(): Promise<Vulnerability[]>;
|
|
112
|
-
}
|
|
113
|
-
|
|
114
|
-
export declare type SupportedDatabases = "MySQL" | "PostgreSQL" | "Microsoft SQL Server" | "Microsoft Access" | "Oracle" | "IBM DB2" | "SQLite" | "Sybase";
|
|
115
|
-
|
|
116
|
-
export declare interface Vulnerability {
|
|
117
|
-
type: "Critical" | "High" | "Medium" | "Low" | "Info";
|
|
118
|
-
severity: number;
|
|
119
|
-
url: string;
|
|
120
|
-
description: string;
|
|
121
|
-
payloads?: string[];
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
export declare type XSSConstructorOpts = {
|
|
125
|
-
spiderResults: Array<string>;
|
|
126
|
-
retries?: number;
|
|
127
|
-
timeout?: number;
|
|
128
|
-
concurrency?: number;
|
|
129
|
-
};
|
|
130
|
-
|
|
131
|
-
export declare class XSSScanner {
|
|
132
|
-
private logger;
|
|
133
|
-
private spiderResults;
|
|
134
|
-
private retries;
|
|
135
|
-
private timeout;
|
|
136
|
-
private vulnerabilities;
|
|
137
|
-
private concurrency;
|
|
138
|
-
constructor(opts: XSSConstructorOpts);
|
|
139
|
-
private validateSpiderResults;
|
|
140
|
-
private fillFormIfExists;
|
|
141
|
-
scan(): Promise<Vulnerability[] | undefined>;
|
|
142
|
-
private retryPageNavigation;
|
|
143
|
-
private retryFormFilling;
|
|
144
|
-
private chunkArray;
|
|
145
|
-
private sleep;
|
|
146
|
-
}
|
|
147
|
-
|
|
148
1
|
export { }
|