UNPKG

sitecheck

Version:

Open Source web application security scanner

github.com/gbaudhuin/sitecheck

gbaudhuin/sitecheck

127 lines (109 loc) 2.99 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/** * @license Apache-2.0 * Copyright (C) 2016 The Sitecheck Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ "use strict"; /** * Constants used in project */ module.exports = Object.freeze({ /** * Represents a type of check. Different type of checks happen at different moments, potentially on different type of webresources (url, html, etc.)./>. */ TARGETTYPE: { /** * Check is not to be used */ NONE: 0, /** * Check is done before scan, everytime a scan starts or resumes. */ PRESCAN_SYSTEMATIC: 1, /** * Check is done before scan starts. */ PRESCAN: 2, /** * Check is done on the server network. */ NETWORK: 4, /** * Check is done on the server as a whole. */ SERVER: 8, /** * Check is done after the crawl pass, on a page content */ PAGE: 16, /** * Check is done after the crawl pass, on an url pointing to a directory */ DIRECTORY: 32, /** * Check is done after the crawl pass, on a user input (get,post,header,cookie, etc.) */ INPUTVECTOR: 64, /** * Check is done after the crawl pass, on common frameworks and cms */ THIRDPARTY: 128, /** * Check is done at the end of the scan */ POSTSCAN: 265, /** * Check is done with external sources : Google Hacking, etc. */ EXTERNAL: 512, /** * Check is done before scan starts. Identifies technologies and versions used on application/server */ WHATSBEHIND: 1024 }, /** * Check family : security or seo */ CHECKFAMILY: { /** * none */ NONE: 0, /** * security checks */ SECURITY: 1, /** * seo checks */ SEO: 2 }, /** * State of target */ TARGETSTATE: { /** * Target not done yet. Waiting to be checked. */ toBeDone: 0, /** * Crawl pass done. */ crawlPassDone: 1, /** * Post crawl actions done (mostly checks) */ postCrawlPassDone: 2 } });