-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathschemas.py
More file actions
340 lines (279 loc) · 9.18 KB
/
schemas.py
File metadata and controls
340 lines (279 loc) · 9.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
"""
Data schemas for the AI Bug Hunter framework.
This module defines the core data structures for findings, assets, and entities
including domains, hosts, ASNs, organizations, services, and applications.
"""
from datetime import datetime
from enum import Enum
from typing import List, Optional, Dict, Any, Union
from pydantic import BaseModel, Field, HttpUrl
import uuid
class SeverityLevel(str, Enum):
"""Severity levels for findings."""
CRITICAL = "critical"
HIGH = "high"
MEDIUM = "medium"
LOW = "low"
INFO = "info"
class FindingStatus(str, Enum):
"""Status of a finding in the triage process."""
NEW = "new"
TRIAGED = "triaged"
VERIFIED = "verified"
FALSE_POSITIVE = "false_positive"
DUPLICATE = "duplicate"
RESOLVED = "resolved"
class AssetType(str, Enum):
"""Types of assets that can be discovered."""
DOMAIN = "domain"
HOST = "host"
SERVICE = "service"
APPLICATION = "application"
ENDPOINT = "endpoint"
class VulnerabilityType(str, Enum):
"""Common vulnerability types."""
XSS = "xss"
SQLI = "sqli"
SSRF = "ssrf"
IDOR = "idor"
XXE = "xxe"
FILE_UPLOAD = "file_upload"
AUTH_BYPASS = "auth_bypass"
INFO_DISCLOSURE = "info_disclosure"
MISCONFIGURATION = "misconfiguration"
CVE = "cve"
LOGIC_FLAW = "logic_flaw"
# Base Models
class BaseEntity(BaseModel):
"""Base class for all entities."""
id: str = Field(default_factory=lambda: str(uuid.uuid4()))
created_at: datetime = Field(default_factory=datetime.utcnow)
updated_at: datetime = Field(default_factory=datetime.utcnow)
tags: List[str] = Field(default_factory=list)
metadata: Dict[str, Union[str, int, float, bool]] = Field(default_factory=dict)
# Asset Models
class Organization(BaseEntity):
"""Organization/company entity."""
name: str
domain: Optional[str] = None
description: Optional[str] = None
industry: Optional[str] = None
size: Optional[str] = None
subsidiaries: List[str] = Field(default_factory=list)
acquisitions: List[str] = Field(default_factory=list)
crunchbase_url: Optional[HttpUrl] = None
class ASN(BaseModel):
asn: int
name: str
route: str
domain: str
type: str
class Asset(BaseModel):
id: str
asset_type: str
name: str
parent_id: Optional[str] = None
discovered_by: Optional[str] = None
first_seen: datetime
last_seen: datetime
active: bool
verified: bool
tags: List[str] = []
extra_data: Dict[str, Any] = {}
class Config:
orm_mode = True
class Domain(BaseEntity):
"""Domain entity."""
name: str
organization_id: Optional[str] = None
registrar: Optional[str] = None
creation_date: Optional[datetime] = None
expiration_date: Optional[datetime] = None
nameservers: List[str] = Field(default_factory=list)
mx_records: List[str] = Field(default_factory=list)
txt_records: List[str] = Field(default_factory=list)
subdomains: List[str] = Field(default_factory=list)
wildcard_detected: bool = False
takeover_vulnerable: bool = False
class Host(BaseEntity):
"""Host/IP entity."""
ip: str
hostname: Optional[str] = None
domain_id: Optional[str] = None
asn_id: Optional[str] = None
country: Optional[str] = None
city: Optional[str] = None
isp: Optional[str] = None
ports: List[int] = Field(default_factory=list)
os: Optional[str] = None
last_seen: Optional[datetime] = None
class Service(BaseEntity):
"""Service running on a host."""
host_id: str
port: int
protocol: str = "tcp"
service_name: Optional[str] = None
version: Optional[str] = None
banner: Optional[str] = None
ssl_cert: Optional[Dict] = None
screenshot_path: Optional[str] = None
response_headers: Dict[str, str] = Field(default_factory=dict)
class Application(BaseEntity):
"""Web application entity."""
url: HttpUrl
service_id: Optional[str] = None
title: Optional[str] = None
technology_stack: List[str] = Field(default_factory=list)
cms: Optional[str] = None
framework: Optional[str] = None
server: Optional[str] = None
status_code: Optional[int] = None
content_length: Optional[int] = None
screenshot_path: Optional[str] = None
robots_txt: Optional[str] = None
sitemap_xml: Optional[str] = None
class Endpoint(BaseEntity):
"""API endpoint or web page."""
url: HttpUrl
application_id: str
method: str = "GET"
parameters: List[str] = Field(default_factory=list)
headers: Dict[str, str] = Field(default_factory=dict)
body: Optional[str] = None
response_code: Optional[int] = None
response_size: Optional[int] = None
response_time: Optional[float] = None
content_type: Optional[str] = None
# Finding Models
class Evidence(BaseModel):
"""Evidence supporting a finding."""
type: str # "screenshot", "request", "response", "log", "file"
path: str # File path or URL
description: Optional[str] = None
timestamp: datetime = Field(default_factory=datetime.utcnow)
class ProofOfConcept(BaseModel):
"""Proof of concept for a finding."""
description: str
steps: List[str]
curl_command: Optional[str] = None
python_script: Optional[str] = None
playwright_script: Optional[str] = None
payload: Optional[str] = None
expected_result: str
actual_result: str
class Finding(BaseEntity):
"""Security finding/vulnerability."""
title: str
description: str
severity: SeverityLevel
status: FindingStatus = FindingStatus.NEW
vulnerability_type: VulnerabilityType
confidence: float = Field(ge=0.0, le=1.0) # 0.0 to 1.0
# Asset relationships
asset_type: AssetType
asset_id: str
# Technical details
cve_id: Optional[str] = None
cvss_score: Optional[float] = Field(None, ge=0.0, le=10.0)
affected_url: Optional[HttpUrl] = None
affected_parameter: Optional[str] = None
# Evidence and PoC
evidence: List[Evidence] = Field(default_factory=list)
proof_of_concept: Optional[ProofOfConcept] = None
# Remediation
remediation: Optional[str] = None
references: List[HttpUrl] = Field(default_factory=list)
# Workflow
assigned_to: Optional[str] = None
verified_by: Optional[str] = None
verified_at: Optional[datetime] = None
resolved_at: Optional[datetime] = None
# Scan and Job Models
class ScanType(str, Enum):
"""Types of scans that can be performed."""
RECON = "recon"
SUBDOMAIN = "subdomain"
PORT_SCAN = "port_scan"
CONTENT_DISCOVERY = "content_discovery"
VULNERABILITY_SCAN = "vulnerability_scan"
SCREENSHOT = "screenshot"
FUZZING = "fuzzing"
class ScanStatus(str, Enum):
"""Status of a scan job."""
PENDING = "pending"
RUNNING = "running"
COMPLETED = "completed"
FAILED = "failed"
CANCELLED = "cancelled"
class ScanJob(BaseEntity):
"""Scan job entity."""
name: str
scan_type: ScanType
status: ScanStatus = ScanStatus.PENDING
target: str # Domain, IP, URL, etc.
parameters: Dict[str, Union[str, int, float, bool, List]] = Field(default_factory=dict)
started_at: Optional[datetime] = None
completed_at: Optional[datetime] = None
error_message: Optional[str] = None
results_count: int = 0
findings_count: int = 0
# Configuration Models
class ReconConfig(BaseModel):
"""Configuration for reconnaissance modules."""
passive_dns_enabled: bool = True
certificate_transparency: bool = True
shodan_enabled: bool = False
censys_enabled: bool = False
virustotal_enabled: bool = False
wayback_enabled: bool = True
github_dorking: bool = True
google_dorking: bool = True
subdomain_bruteforce: bool = True
port_scan_enabled: bool = True
screenshot_enabled: bool = True
# Rate limiting
max_concurrent_requests: int = 10
request_delay: float = 1.0
# Scope
max_subdomains: int = 1000
max_ports: int = 1000
excluded_domains: List[str] = Field(default_factory=list)
excluded_ips: List[str] = Field(default_factory=list)
class FuzzingConfig(BaseModel):
"""Configuration for fuzzing modules."""
xss_payloads: bool = True
sqli_payloads: bool = True
ssrf_payloads: bool = True
xxe_payloads: bool = True
idor_testing: bool = True
file_upload_testing: bool = True
# Wordlists
directory_wordlist: str = "common.txt"
parameter_wordlist: str = "parameters.txt"
# Limits
max_requests_per_endpoint: int = 100
request_timeout: int = 30
max_concurrent_fuzz: int = 5
# API Models for requests/responses
class ScanRequest(BaseModel):
"""Request to start a new scan."""
target: str
scan_type: ScanType
config: Optional[Dict] = None
priority: int = Field(default=5, ge=1, le=10)
class ScanResponse(BaseModel):
"""Response from scan API."""
job_id: str
status: ScanStatus
message: str
class FindingsResponse(BaseModel):
"""Response containing findings."""
findings: List[Finding]
total: int
page: int
per_page: int
class AssetResponse(BaseModel):
"""Response containing assets."""
assets: List[Union[Domain, Host, Service, Application, Endpoint]]
total: int
asset_type: AssetType