Documentation
¶
Index ¶
- Constants
- func NewScanner() core.Scanner
- type Attacker
- func (a *Attacker) TestBulkOperations(ctx context.Context, endpoint *SCIMEndpoint) []types.Finding
- func (a *Attacker) TestFilterInjection(ctx context.Context, endpoint *SCIMEndpoint) []types.Finding
- func (a *Attacker) TestProvisioningAbuse(ctx context.Context, endpoint *SCIMEndpoint) []types.Finding
- func (a *Attacker) TestUserEnumeration(ctx context.Context, endpoint *SCIMEndpoint) []types.Finding
- type AuthMethod
- type BulkOperation
- type BulkRequest
- type Discoverer
- type Evidence
- type FilterPayload
- type HTTPRequest
- type HTTPResponse
- type Remediation
- type SCIMConfig
- type SCIMEndpoint
- type SCIMError
- type SCIMResource
- type SCIMVulnerability
- type Scanner
Constants ¶
View Source
const ( VulnSCIMFilterInjection = "SCIM_FILTER_INJECTION" VulnSCIMUserEnumeration = "SCIM_USER_ENUMERATION" VulnSCIMBulkAbuse = "SCIM_BULK_ABUSE" VulnSCIMSchemaDisclosure = "SCIM_SCHEMA_DISCLOSURE" VulnSCIMProvisionAbuse = "SCIM_PROVISION_ABUSE" VulnSCIMWeakAuthentication = "SCIM_WEAK_AUTHENTICATION" VulnSCIMRateLimitBypass = "SCIM_RATE_LIMIT_BYPASS" VulnSCIMDataExfiltration = "SCIM_DATA_EXFILTRATION" VulnSCIMPrivilegeEscalation = "SCIM_PRIVILEGE_ESCALATION" )
Constants for SCIM vulnerability types
View Source
const ( SchemaUser = "urn:ietf:params:scim:schemas:core:2.0:User" SchemaGroup = "urn:ietf:params:scim:schemas:core:2.0:Group" SchemaServiceProvider = "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig" SchemaResourceType = "urn:ietf:params:scim:schemas:core:2.0:ResourceType" SchemaSchema = "urn:ietf:params:scim:schemas:core:2.0:Schema" SchemaError = "urn:ietf:params:scim:api:messages:2.0:Error" SchemaBulkRequest = "urn:ietf:params:scim:api:messages:2.0:BulkRequest" SchemaBulkResponse = "urn:ietf:params:scim:api:messages:2.0:BulkResponse" SchemaSearchRequest = "urn:ietf:params:scim:api:messages:2.0:SearchRequest" SchemaListResponse = "urn:ietf:params:scim:api:messages:2.0:ListResponse" SchemaPatchOp = "urn:ietf:params:scim:api:messages:2.0:PatchOp" )
SCIM standard schemas
View Source
const ( ResourceTypeUser = "User" ResourceTypeGroup = "Group" )
SCIM standard resource types
View Source
const ( OperationCreate = "POST" OperationRead = "GET" OperationUpdate = "PUT" OperationPatch = "PATCH" OperationDelete = "DELETE" )
SCIM standard operations
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Attacker ¶
type Attacker struct {
// contains filtered or unexported fields
}
Attacker handles SCIM attack implementations
func NewAttacker ¶
func NewAttacker(client *http.Client, config *SCIMConfig) *Attacker
NewAttacker creates a new SCIM attacker
func (*Attacker) TestBulkOperations ¶
TestBulkOperations tests for bulk operation abuse
func (*Attacker) TestFilterInjection ¶
TestFilterInjection tests for SCIM filter injection vulnerabilities
func (*Attacker) TestProvisioningAbuse ¶
func (a *Attacker) TestProvisioningAbuse(ctx context.Context, endpoint *SCIMEndpoint) []types.Finding
TestProvisioningAbuse tests for provisioning abuse
func (*Attacker) TestUserEnumeration ¶
TestUserEnumeration tests for user enumeration vulnerabilities
type AuthMethod ¶
type AuthMethod struct {
Type string `json:"type"`
Token string `json:"token,omitempty"`
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
}
AuthMethod represents authentication method
type BulkOperation ¶
type BulkOperation struct {
Method string `json:"method"`
BulkID string `json:"bulkId"`
Path string `json:"path"`
Data map[string]interface{} `json:"data"`
Version string `json:"version,omitempty"`
}
BulkOperation represents a SCIM bulk operation
type BulkRequest ¶
type BulkRequest struct {
FailOnErrors int `json:"failOnErrors"`
Operations []BulkOperation `json:"Operations"`
}
BulkRequest represents a SCIM bulk request
type Discoverer ¶
type Discoverer struct {
// contains filtered or unexported fields
}
Discoverer handles SCIM endpoint discovery
func NewDiscoverer ¶
func NewDiscoverer(client *http.Client, config *SCIMConfig) *Discoverer
NewDiscoverer creates a new SCIM endpoint discoverer
func (*Discoverer) DiscoverEndpoints ¶
func (d *Discoverer) DiscoverEndpoints(ctx context.Context, baseURL string) ([]*SCIMEndpoint, error)
DiscoverEndpoints discovers SCIM endpoints at the target URL
type Evidence ¶
type Evidence struct {
Type string `json:"type"`
Description string `json:"description"`
Request *HTTPRequest `json:"request,omitempty"`
Response *HTTPResponse `json:"response,omitempty"`
Data map[string]interface{} `json:"data,omitempty"`
}
Evidence represents evidence for a vulnerability
type FilterPayload ¶
type FilterPayload struct {
Name string `json:"name"`
Filter string `json:"filter"`
Expected string `json:"expected"`
Impact string `json:"impact"`
Severity string `json:"severity"`
Description string `json:"description"`
}
FilterPayload represents a SCIM filter injection payload
type HTTPRequest ¶
type HTTPRequest struct {
Method string `json:"method"`
URL string `json:"url"`
Headers map[string]string `json:"headers"`
Body string `json:"body"`
}
HTTPRequest represents an HTTP request
type HTTPResponse ¶
type HTTPResponse struct {
StatusCode int `json:"status_code"`
Headers map[string]string `json:"headers"`
Body string `json:"body"`
Time time.Duration `json:"time"`
}
HTTPResponse represents an HTTP response
type Remediation ¶
type Remediation struct {
Description string `json:"description"`
Steps []string `json:"steps"`
Priority string `json:"priority"`
}
Remediation represents remediation steps
type SCIMConfig ¶
type SCIMConfig struct {
AuthToken string `json:"auth_token"`
AuthType string `json:"auth_type"`
Username string `json:"username"`
Password string `json:"password"`
Timeout time.Duration `json:"timeout"`
MaxRetries int `json:"max_retries"`
UserAgent string `json:"user_agent"`
FollowRedirects bool `json:"follow_redirects"`
VerifySSL bool `json:"verify_ssl"`
MaxBulkOperations int `json:"max_bulk_operations"`
TestAuthentication bool `json:"test_authentication"`
TestProvisions bool `json:"test_provisions"`
TestFilters bool `json:"test_filters"`
TestBulkOps bool `json:"test_bulk_ops"`
}
SCIMConfig represents scanner configuration
type SCIMEndpoint ¶
type SCIMEndpoint struct {
URL string `json:"url"`
Version string `json:"version"`
AuthType string `json:"auth_type"`
Resources []string `json:"resources"`
Schemas []string `json:"schemas"`
Operations []string `json:"operations"`
BulkSupported bool `json:"bulk_supported"`
FilterSupported bool `json:"filter_supported"`
SortSupported bool `json:"sort_supported"`
ETagSupported bool `json:"etag_supported"`
Metadata map[string]interface{} `json:"metadata"`
DiscoveredAt time.Time `json:"discovered_at"`
}
SCIMEndpoint represents a discovered SCIM endpoint
type SCIMError ¶
type SCIMError struct {
Schemas []string `json:"schemas"`
Status string `json:"status"`
Detail string `json:"detail"`
ScimType string `json:"scimType,omitempty"`
}
SCIMError represents a SCIM error response
type SCIMResource ¶
type SCIMResource struct {
ID string `json:"id"`
ExternalID string `json:"externalId,omitempty"`
Meta map[string]interface{} `json:"meta"`
Schemas []string `json:"schemas"`
Data map[string]interface{} `json:"data"`
}
SCIMResource represents a SCIM resource
type SCIMVulnerability ¶
type SCIMVulnerability struct {
ID string `json:"id"`
Type string `json:"type"`
Severity types.Severity `json:"severity"`
Endpoint string `json:"endpoint"`
Resource string `json:"resource,omitempty"`
Method string `json:"method,omitempty"`
Title string `json:"title"`
Description string `json:"description"`
Details string `json:"details"`
Impact string `json:"impact"`
PoC string `json:"poc,omitempty"`
Evidence []Evidence `json:"evidence"`
Remediation Remediation `json:"remediation"`
CVSS float64 `json:"cvss"`
CWE string `json:"cwe"`
References []string `json:"references"`
CreatedAt time.Time `json:"created_at"`
}
SCIMVulnerability represents a SCIM-specific vulnerability
type Scanner ¶
type Scanner struct {
// contains filtered or unexported fields
}
Scanner implements the SCIM vulnerability scanner
Source Files
Click to show internal directories.
Click to hide internal directories.