sif/internal/finding at main - sif - Gitea: Git with a cup of tea

mirror of https://github.com/lunchcat/sif.git synced 2026-06-12 11:01:24 -07:00

Files

T

History

vmfunc ab731d0562 feat(scan): add jwt, openapi and favicon-hash scanners

jwt fetches the target once then analyzes every harvested token offline:
flags alg:none, the rs256->hs256 confusion surface, missing/expired exp
and plaintext sensitive claims, and cracks a small bundled weak-hmac list.
openapi probes the conventional spec paths, parses json/yaml and enumerates
paths plus unauthenticated operations. favicon computes the shodan-style
mmh3 hash (python base64.encodebytes chunking, signed int32) for tech
fingerprinting and the http.favicon.hash pivot, pinned by a golden test.

2026-06-10 15:50:59 -07:00

finding_test.go

feat(scan): add jwt, openapi and favicon-hash scanners

2026-06-10 15:50:59 -07:00

finding.go

feat(scan): add jwt, openapi and favicon-hash scanners

2026-06-10 15:50:59 -07:00

line_test.go

feat: pipe mode (stdin targets, naked-host, -silent plain output)

2026-06-10 15:50:58 -07:00

severity_test.go

feat(finding): normalized finding layer for notify and diff

2026-06-10 15:29:20 -07:00

severity.go

feat(finding): normalized finding layer for notify and diff

2026-06-10 15:29:20 -07:00