websec-audit
Version:
A universal security scanning and audit tool for websites
1 lines • 77.3 kB
Source Map (JSON)
{"version":3,"sources":["../../src/backend/TLS_SSL_Scanner.ts","../../src/core/request.ts","../../src/backend/dnsScanner.ts","../../src/backend/portScanner.ts","../../src/modules/emailSecurity.ts"],"names":["dns","promisify","resolveTxt","resolveMx","resolveNs","net"],"mappings":";AAAA,YAAY,SAAS;AACrB,YAAY,SAAS;AACrB,YAAY,SAAS;AACrB,YAAY,YAAY;AACxB,SAAS,iBAAiB;;;ACJ1B,SAAS,WAAW,aAAiC;AAa9C,IAAM,cAAc,OACzB,KACA,YAM+B;AAC/B,MAAI;AACF,UAAM,SAA6B;AAAA,MACjC;AAAA,MACA,QAAQ,SAAS,UAAU;AAAA,MAC3B,SAAS;AAAA,QACP,cAAc;AAAA,QACd,GAAG,SAAS;AAAA,MACd;AAAA,MACA,SAAS,SAAS,WAAW;AAAA;AAAA,MAC7B,MAAM,SAAS;AAAA,MACf,gBAAgB,MAAM;AAAA;AAAA,IACxB;AAEA,UAAM,WAAW,MAAM,MAAM,MAAM;AACnC,WAAO;AAAA,MACL,QAAQ,SAAS;AAAA,MACjB,SAAS,SAAS;AAAA,MAClB,MAAM,SAAS;AAAA,MACf,OAAO;AAAA,IACT;AAAA,EACF,SAAS,OAAY;AAGnB,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS,CAAC;AAAA,MACV,MAAM;AAAA,MACN,OAAO,MAAM,WAAW;AAAA,IAC1B;AAAA,EACF;AACF;AAKO,IAAM,eAAe,CAAC,UAA0B;AACrD,MAAI,CAAC;AAAO,WAAO;AAGnB,MAAI,MAAM;AACV,MAAI,CAAC,IAAI,WAAW,SAAS,KAAK,CAAC,IAAI,WAAW,UAAU,GAAG;AAC7D,UAAM,aAAa;AAAA,EACrB;AAEA,MAAI;AACF,UAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,WAAO,OAAO;AAAA,EAChB,SAAS,GAAG;AACV,WAAO;AAAA,EACT;AACF;AAKO,IAAM,gBAAgB,CAAC,QAAwB;AACpD,MAAI;AAEF,UAAM,SAAS,IAAI,IAAI,aAAa,GAAG,CAAC;AACxC,QAAI,SAAS,OAAO;AAEpB,QAAI,OAAO,WAAW,MAAM,GAAG;AAC7B,eAAS,OAAO,UAAU,CAAC;AAAA,IAC7B;AAEA,WAAO;AAAA,EACT,SAAS,GAAG;AACV,WAAO,IAAI,QAAQ,2BAA2B,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;AAAA,EAChE;AACF;AAgBO,IAAM,qBAAqB,CAAC,WAAgD;AACjF,MAAI,OAAO,WAAW,UAAU;AAC9B,WAAO;AAAA,MACL,QAAQ,aAAa,MAAM;AAAA,MAC3B,SAAS;AAAA,IACX;AAAA,EACF;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,aAAa,OAAO,MAAM;AAAA,EACpC;AACF;;;AD7GA,IAAM,YAAY,UAAc,UAAM;AAGtC,IAAM,iBAA8F;AAAA;AAAA,EAElG,0BAA0B;AAAA,EAC1B,0BAA0B;AAAA,EAC1B,gCAAgC;AAAA;AAAA,EAGhC,iCAAiC;AAAA,EACjC,+BAA+B;AAAA,EAC/B,iCAAiC;AAAA,EACjC,+BAA+B;AAAA,EAC/B,iCAAiC;AAAA,EACjC,+BAA+B;AAAA;AAAA,EAG/B,6BAA6B;AAAA,EAC7B,6BAA6B;AAAA,EAC7B,6BAA6B;AAAA,EAC7B,2BAA2B;AAAA,EAC3B,6BAA6B;AAAA,EAC7B,2BAA2B;AAAA;AAAA,EAG3B,wBAAwB;AAAA,EACxB,0BAA0B;AAAA,EAC1B,sBAAsB;AAAA,EACtB,wBAAwB;AAAA,EACxB,0BAA0B;AAAA,EAC1B,sBAAsB;AAAA,EACtB,yBAAyB;AAAA,EACzB,yBAAyB;AAAA,EACzB,qBAAqB;AAAA,EACrB,qBAAqB;AAAA,EACrB,kBAAkB;AAAA,EAClB,kBAAkB;AAAA;AAAA,EAGlB,gBAAgB;AAAA,EAChB,0BAA0B;AAAA,EAC1B,wBAAwB;AAAA,EACxB,WAAW;AAAA,EACX,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,eAAe;AAAA,EACf,mBAAmB;AACrB;AAGA,IAAM,mBAGD;AAAA,EACH,WAAW;AAAA,IACT,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,WAAW;AAAA,IACT,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,SAAS;AAAA,IACP,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,SAAS;AAAA,IACP,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAAA,EACA,SAAS;AAAA,IACP,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AACF;AAGA,IAAM,wBAAwB;AAAA,EAC5B;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,OAAO;AAAA,IACjB,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,OAAO;AAAA,IACjB,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,SAAS,WAAW,SAAS;AAAA,IACvC,aAAa;AAAA,IACb,UAAU;AAAA,IACV,SAAS,CAAC,WAAmB,OAAO,SAAS,KAAK;AAAA,EACpD;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,SAAS,WAAW,SAAS;AAAA,IACvC,aAAa;AAAA,IACb,UAAU;AAAA,IACV,SAAS,CAAC,WAAmB,OAAO,SAAS,KAAK,KAAK,OAAO,SAAS,QAAQ;AAAA,EACjF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,SAAS,WAAW,SAAS;AAAA,IACvC,aAAa;AAAA,IACb,UAAU;AAAA,IACV,SAAS,CAAC,WAAmB,OAAO,WAAW,KAAK;AAAA,EACtD;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,SAAS,WAAW,SAAS;AAAA,IACvC,aAAa;AAAA,IACb,UAAU;AAAA,IACV,SAAS,CAAC,WAAmB,OAAO,SAAS,KAAK;AAAA,EACpD;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,SAAS,WAAW,SAAS;AAAA,IACvC,aAAa;AAAA,IACb,UAAU;AAAA,EACZ;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,SAAS,CAAC,SAAS,WAAW,SAAS;AAAA,IACvC,aAAa;AAAA,IACb,UAAU;AAAA,IACV,SAAS,CAAC,WAAmB,OAAO,SAAS,MAAM,KAAK,OAAO,SAAS,SAAS;AAAA,EACnF;AACF;AAKA,eAAe,WAAW,MAAc,MAAc,SAAmC;AACvF,SAAO,IAAI,QAAQ,aAAW;AAC5B,UAAM,SAAS,IAAQ,WAAO;AAC9B,QAAI,SAAS;AAGb,WAAO,WAAW,OAAO;AAEzB,WAAO,GAAG,WAAW,MAAM;AACzB,eAAS;AACT,aAAO,IAAI;AAAA,IACb,CAAC;AAED,WAAO,GAAG,WAAW,MAAM;AACzB,aAAO,QAAQ;AACf,cAAQ,KAAK;AAAA,IACf,CAAC;AAED,WAAO,GAAG,SAAS,MAAM;AACvB,cAAQ,KAAK;AAAA,IACf,CAAC;AAED,WAAO,GAAG,SAAS,MAAM;AACvB,cAAQ,MAAM;AAAA,IAChB,CAAC;AAED,WAAO,QAAQ,MAAM,IAAI;AAAA,EAC3B,CAAC;AACH;AAKA,SAAS,uBAAuB,UAAkB,QAI/C;AACD,QAAM,kBAID,CAAC;AAEN,aAAW,QAAQ,uBAAuB;AACxC,QAAI,KAAK,QAAQ,SAAS,QAAQ,GAAG;AAEnC,UAAI,CAAC,KAAK,WAAW,KAAK,QAAQ,OAAO,IAAI,GAAG;AAC9C,wBAAgB,KAAK;AAAA,UACnB,MAAM,KAAK;AAAA,UACX,aAAa,KAAK;AAAA,UAClB,UAAU,KAAK;AAAA,QACjB,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,qBAAqB,MAI5B;AACA,MAAI,WAAW;AACf,MAAI,YAAY;AAChB,MAAI,SAAsD;AAE1D,MAAI,KAAK,QAAQ;AAEf,QAAI,KAAK,OAAO,SAAS,OAAO;AAC9B,iBAAW,KAAK,OAAO,QAAQ;AAC/B,kBAAY;AAEZ,UAAI,YAAY,MAAM;AACpB,iBAAS;AAAA,MACX,WAAW,YAAY,MAAM;AAC3B,iBAAS;AAAA,MACX,WAAW,YAAY,MAAM;AAC3B,iBAAS;AAAA,MACX,OAAO;AACL,iBAAS;AAAA,MACX;AAAA,IACF,WAAW,KAAK,OAAO,SAAS,MAAM;AACpC,iBAAW,KAAK,OAAO,QAAQ;AAC/B,kBAAY;AAEZ,UAAI,YAAY,KAAK;AACnB,iBAAS;AAAA,MACX,WAAW,YAAY,KAAK;AAC1B,iBAAS;AAAA,MACX,OAAO;AACL,iBAAS;AAAA,MACX;AAAA,IACF;AAAA,EACF;AAEA,SAAO,EAAE,UAAU,WAAW,OAAO;AACvC;AAKA,SAAS,yBAAyB,MAI/B;AACD,QAAM,WAID,CAAC;AAGN,QAAM,SAAS,KAAK,QAAQ,KAAK,IAAI,SAAS,wBAAwB,KAAK,KAAK,IAAI,SAAS,8BAA8B;AAC3H,WAAS,KAAK;AAAA,IACZ,SAAS;AAAA,IACT,WAAW,CAAC,CAAC;AAAA,IACb,aAAa,SACX,gFACA;AAAA,EACJ,CAAC;AAGD,QAAM,oBAAoB,KAAK,OAAO,KAAK,IAAI,SAAS,kBAAkB;AAC1E,WAAS,KAAK;AAAA,IACZ,SAAS;AAAA,IACT,WAAW,CAAC,CAAC;AAAA,IACb,aAAa,oBACX,6DACA;AAAA,EACJ,CAAC;AAGD,QAAM,cAAc,KAAK,OAAO,KAAK,IAAI,SAAS,kBAAkB;AACpE,WAAS,KAAK;AAAA,IACZ,SAAS;AAAA,IACT,WAAW,CAAC,CAAC;AAAA,IACb,aAAa,cACX,+CACA;AAAA,EACJ,CAAC;AAED,SAAO;AACT;AAmBA,eAAe,iBACb,MACA,MACA,SACA,UAA0C,CAAC,GACwC;AACnF,SAAO,IAAI,QAAQ,aAAW;AAC5B,QAAI;AAEF,YAAM,gBAAuC;AAAA,QAC3C;AAAA,QACA;AAAA,QACA;AAAA,QACA,oBAAoB;AAAA,QACpB,eAAe,QAAQ;AAAA,QACvB,gBAAgB,QAAQ;AAAA,QACxB,eAAe,CAAC,MAAM,UAAU;AAAA;AAAA,QAChC,aAAa;AAAA,QACb,GAAG;AAAA,MACL;AAGA,YAAM,SAAa,YAAQ,aAAa;AAGxC,aAAO,WAAW,OAAO;AACvB,aAAO,GAAG,iBAAiB,MAAM;AACjC,cAAM,UAAe,CAAC;AAGtB,YAAI;AACF,kBAAQ,eAAe,OAAO;AAAA,QAChC,SAAS,GAAG;AAAA,QAEZ;AAGA,YAAI;AAEF,kBAAQ,WAAW;AAAA,QACrB,SAAS,GAAG;AAAA,QAEZ;AAGA,YAAI;AACF,kBAAQ,qBAAqB,OAAO,YAAY;AAAA,QAClD,SAAS,GAAG;AAAA,QAEZ;AAEA,gBAAQ,EAAE,SAAS,MAAM,QAAQ,QAAQ,CAAC;AAAA,MAC5C,CAAC;AAED,aAAO,GAAG,SAAS,CAAC,UAAU;AAC5B,eAAO,QAAQ;AACf,gBAAQ,EAAE,SAAS,OAAO,MAAM,CAAC;AAAA,MACnC,CAAC;AAED,aAAO,GAAG,WAAW,MAAM;AACzB,eAAO,QAAQ;AACf,gBAAQ,EAAE,SAAS,OAAO,OAAO,IAAI,MAAM,oBAAoB,EAAE,CAAC;AAAA,MACpE,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,EAAE,SAAS,OAAO,MAAsB,CAAC;AAAA,IACnD;AAAA,EACF,CAAC;AACH;AAKA,eAAe,kBAAkB,MAAc,MAAc,SAAiB,UAAqC;AACjH,QAAM,mBAA6B,CAAC;AAGpC,QAAM,aAAoB,kBAAW,EAClC;AAAA,IAAO;AAAA;AAAA,MAEN,EAAE,SAAS,GAAG,KACd,CAAC,EAAE,WAAW,KAAK,KACnB,CAAC,EAAE,SAAS,MAAM;AAAA;AAAA,EACpB;AAGF,QAAM,eAAe;AAAA,IACnB,QAAQ,WAAW;AAAA,MAAO,OACxB,EAAE,SAAS,OAAO,MACjB,EAAE,SAAS,KAAK,KAAK,EAAE,SAAS,UAAU;AAAA,IAC7C;AAAA,IACA,aAAa,WAAW;AAAA,MAAO,OAC7B,EAAE,SAAS,KAAK,MACf,EAAE,SAAS,KAAK,KAAK,EAAE,SAAS,UAAU;AAAA,IAC7C;AAAA,IACA,QAAQ,WAAW;AAAA,MAAO,OACxB,EAAE,SAAS,KAAK,KAChB,CAAC,EAAE,SAAS,KAAK;AAAA,IACnB;AAAA,IACA,MAAM,WAAW;AAAA,MAAO,OACtB,EAAE,SAAS,KAAK,KAChB,EAAE,SAAS,KAAK,KAChB,EAAE,SAAS,MAAM,KACjB,EAAE,SAAS,KAAK;AAAA,IAClB;AAAA,EACF;AAGA,QAAM,aAAa;AAAA,IACjB,GAAG,aAAa;AAAA,IAChB,GAAG,aAAa;AAAA,IAChB,GAAG,aAAa;AAAA,IAChB,GAAG,aAAa;AAAA,EAClB;AAGA,QAAM,mBAAmB;AACzB,QAAM,kBAAkB,WAAW,MAAM,GAAG,gBAAgB;AAG5D,aAAW,UAAU,iBAAiB;AACpC,QAAI;AACF,YAAM,UAAiC;AAAA,QACrC,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,SAAS;AAAA,MACX;AAEA,YAAM,SAAS,MAAM,iBAAiB,MAAM,MAAM,UAAU,GAAG,OAAO;AACtE,UAAI,OAAO,WAAW,OAAO,QAAQ;AACnC,yBAAiB,KAAK,OAAO,OAAO,UAAU,EAAE,IAAI;AACpD,eAAO,OAAO,QAAQ;AAAA,MACxB;AAAA,IACF,SAAS,GAAG;AAAA,IAEZ;AAAA,EACF;AAEA,SAAO,CAAC,GAAG,IAAI,IAAI,gBAAgB,CAAC;AACtC;AAKA,SAAS,uBAAuB,QAAuB,MASrD;AACA,QAAM,WAAW,OAAO,YAAY,KAAK;AACzC,QAAM,SAAS,OAAO,UAAU;AAChC,QAAM,OAAO,OAAO,mBAAmB,IAAI;AAG3C,QAAM,QAAe,CAAC;AACtB,MAAI,cAAc;AAElB,SAAO,eAAe,EAAE,YAAY,mBAAmB,gBAAgB,YAAY,cAAc;AAE/F,QAAI,MAAM,UAAU,OAAK,EAAE,gBAAgB,YAAY,WAAW,MAAM,IAAI;AAC1E,YAAM,KAAK;AAAA,QACT,SAAS,YAAY;AAAA,QACrB,QAAQ,YAAY;AAAA,QACpB,WAAW,YAAY;AAAA,QACvB,SAAS,YAAY;AAAA,QACrB,aAAa,YAAY;AAAA,MAC3B,CAAC;AAGD,UAAI,YAAY,qBACZ,YAAY,gBAAgB,YAAY,kBAAkB,aAAa;AACzE,sBAAc,YAAY;AAAA,MAC5B,OAAO;AACL;AAAA,MACF;AAAA,IACF,OAAO;AACL;AAAA,IACF;AAAA,EACF;AAGA,QAAM,MAAM,oBAAI,KAAK;AACrB,QAAM,YAAY,IAAI,KAAK,KAAK,UAAU;AAC1C,QAAM,UAAU,IAAI,KAAK,KAAK,QAAQ;AACtC,QAAM,YAAY,KAAK,OAAO,QAAQ,QAAQ,IAAI,IAAI,QAAQ,MAAM,MAAO,KAAK,KAAK,GAAG;AACxF,QAAM,YAAY,MAAM;AACxB,QAAM,gBAAgB,MAAM;AAG5B,QAAM,SAAoC,CAAC;AAG3C,MAAI,WAAW;AACb,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,MAAI,eAAe;AACjB,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAEA,MAAI,aAAa,MAAM,CAAC,WAAW;AACjC,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,iCAAiC,SAAS;AAAA,IACzD,CAAC;AAAA,EACH;AAGA,QAAM,YAAY,CAAC,IAAI;AACvB,MAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,cAAU,KAAK,KAAK,UAAU,CAAC,CAAC;AAAA,EAClC,OAAO;AACL,cAAU,KAAK,OAAO,IAAI,EAAE;AAAA,EAC9B;AAGA,QAAM,WAAW,KAAK,gBAAgB,MAAM,IAAI,EAAE,IAAI,CAAC,SAAiB;AACtE,QAAI,KAAK,WAAW,MAAM,GAAG;AAC3B,aAAO,KAAK,UAAU,CAAC;AAAA,IACzB;AACA,WAAO;AAAA,EACT,CAAC,KAAK,CAAC;AAEP,QAAM,aAAa;AAAA,IACjB,KAAK,SAAS;AAAA,IACd,GAAG;AAAA,EACL,EAAE,OAAO,OAAO;AAEhB,QAAM,gBAAgB,UAAU;AAAA,IAAK,cACnC,WAAW,KAAK,UAAQ;AAEtB,UAAI,KAAK,WAAW,IAAI,GAAG;AACzB,cAAM,aAAa,KAAK,UAAU,CAAC;AACnC,eAAO,SAAS,SAAS,UAAU,KAC5B,SAAS,MAAM,GAAG,EAAE,WAAW,WAAW,MAAM,GAAG,EAAE,SAAS;AAAA,MACvE;AACA,aAAO,SAAS;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,MAAI,CAAC,eAAe;AAClB,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,gEAAgE,IAAI;AAAA,IACnF,CAAC;AAAA,EACH;AAGA,QAAM,iBAAiB,iBAAiB,QAAQ,KAAK;AAAA,IACnD,QAAQ;AAAA,IACR,aAAa;AAAA,EACf;AAEA,MAAI,eAAe,WAAW,cAAc,eAAe,WAAW,QAAQ;AAC5E,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,eAAe,eAAe,MAAM,cAAc,QAAQ,KAAK,eAAe,WAAW;AAAA,IACxG,CAAC;AAAA,EACH,WAAW,eAAe,WAAW,YAAY;AAC/C,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,eAAe,eAAe,MAAM,cAAc,QAAQ,KAAK,eAAe,WAAW;AAAA,IACxG,CAAC;AAAA,EACH;AAGA,QAAM,eAAe,eAAe,OAAO,IAAI,KAAK;AACpD,MAAI,iBAAiB,YAAY;AAC/B,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,gCAAgC,OAAO,IAAI;AAAA,IAC1D,CAAC;AAAA,EACH,WAAW,iBAAiB,QAAQ;AAClC,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,4BAA4B,OAAO,IAAI;AAAA,IACtD,CAAC;AAAA,EACH,WAAW,iBAAiB,YAAY;AACtC,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,8CAA8C,OAAO,IAAI;AAAA,IACxE,CAAC;AAAA,EACH;AAGA,QAAM,UAAU,qBAAqB,IAAI;AACzC,MAAI,QAAQ,WAAW,YAAY;AACjC,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,6BAA6B,QAAQ,SAAS,SAAS,QAAQ,QAAQ;AAAA,IACtF,CAAC;AAAA,EACH,WAAW,QAAQ,WAAW,QAAQ;AACpC,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,yBAAyB,QAAQ,SAAS,SAAS,QAAQ,QAAQ;AAAA,IAClF,CAAC;AAAA,EACH;AAGA,QAAM,eAAe,MAAM,WAAW,KACjC,KAAK,OAAO,OAAO,KAAK,QAAQ,MAChC,KAAK,OAAO,MAAM,KAAK,QAAQ;AAEpC,MAAI,cAAc;AAChB,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AAGA,QAAM,UAAW,KAAa,QAAQ,YAAY,KAAK;AACvD,MAAI,QAAQ,SAAS,MAAM,KAAK,QAAQ,SAAS,KAAK,GAAG;AACvD,WAAO,KAAK;AAAA,MACV,UAAU;AAAA,MACV,aAAa,8CAA+C,KAAa,MAAM;AAAA,IACjF,CAAC;AAAA,EACH;AAGA,QAAM,kBAAkB,uBAAuB,UAAU,MAAM;AAG/D,aAAW,QAAQ,iBAAiB;AAClC,WAAO,KAAK;AAAA,MACV,UAAU,KAAK;AAAA,MACf,aAAa,GAAG,KAAK,IAAI,KAAK,KAAK,WAAW;AAAA,IAChD,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,yBAAyB,IAAI;AAG9C,MAAI,gBAAgB;AAGpB,aAAW,SAAS,QAAQ;AAC1B,QAAI,MAAM,aAAa,QAAQ;AAC7B,uBAAiB;AAAA,IACnB,WAAW,MAAM,aAAa,UAAU;AACtC,uBAAiB;AAAA,IACnB,WAAW,MAAM,aAAa,OAAO;AACnC,uBAAiB;AAAA,IACnB;AAAA,EACF;AAGA,aAAW,WAAW,UAAU;AAC9B,QAAI,QAAQ,WAAW;AACrB,uBAAiB;AAAA,IACnB;AAAA,EACF;AAGA,kBAAgB,KAAK,IAAI,GAAG,KAAK,IAAI,KAAK,aAAa,CAAC;AAGxD,MAAI;AACJ,MAAI,iBAAiB,IAAI;AACvB,qBAAiB;AAAA,EACnB,WAAW,iBAAiB,IAAI;AAC9B,qBAAiB;AAAA,EACnB,WAAW,iBAAiB,IAAI;AAC9B,qBAAiB;AAAA,EACnB,WAAW,iBAAiB,IAAI;AAC9B,qBAAiB;AAAA,EACnB,WAAW,iBAAiB,IAAI;AAC9B,qBAAiB;AAAA,EACnB,OAAO;AACL,qBAAiB;AAAA,EACnB;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,UAAU;AAAA,MACR,QAAQ,KAAK,OAAO,MAAM,KAAK,OAAO,KAAK;AAAA,MAC3C,SAAS,KAAK,QAAQ,MAAM,KAAK,QAAQ,KAAK;AAAA,MAC9C,WAAW,UAAU,YAAY;AAAA,MACjC,SAAS,QAAQ,YAAY;AAAA,MAC7B;AAAA,MACA,iBAAiB;AAAA,MACjB,cAAc,KAAK;AAAA,MACnB,oBAAqB,KAAa;AAAA,MAClC,aAAa,QAAQ;AAAA,MACrB,cAAc,QAAQ;AAAA,IACxB;AAAA,IACA,kBAAkB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAMO,IAAM,UAAoC,OAC/C,UACG;AACH,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,kBAAkB,mBAAmB,KAAK;AAChD,QAAM,SAAS,cAAc,gBAAgB,MAAM;AACnD,QAAM,UAAU,gBAAgB,WAAW;AAE3C,QAAM,iBAA2B,CAAC;AAElC,MAAI;AAEF,QAAI;AACF,YAAM,YAAY,MAAM,UAAU,MAAM;AACxC,qBAAe,KAAK,UAAU,MAAM,oBAAoB,UAAU,OAAO,EAAE;AAAA,IAC7E,SAAS,OAAO;AACd,qBAAe,KAAK,qBAAsB,MAAgB,OAAO,EAAE;AACnE,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,OAAO,6BAA8B,MAAgB,OAAO;AAAA,QAC5D,MAAM;AAAA,UACJ,SAAS;AAAA,UACT,SAAS,CAAC;AAAA,UACV,aAAa;AAAA,YACX,QAAQ;AAAA,YACR,SAAS;AAAA,YACT,WAAW;AAAA,YACX,SAAS;AAAA,YACT,WAAW;AAAA,UACb;AAAA,UACA,SAAS;AAAA,UACT,QAAQ,CAAC;AAAA,YACP,UAAU;AAAA,YACV,aAAa,6BAA8B,MAAgB,OAAO;AAAA,UACpE,CAAC;AAAA,UACD;AAAA,QACF;AAAA,QACA,WAAW,KAAK,IAAI,IAAI;AAAA,MAC1B;AAAA,IACF;AAGA,UAAM,aAAa,CAAC,KAAK,IAAI;AAC7B,QAAI,WAAW;AACf,QAAI,WAAW;AAGf,eAAW,QAAQ,YAAY;AAC7B,qBAAe,KAAK,oBAAoB,IAAI,aAAa;AACzD,YAAM,SAAS,MAAM,WAAW,QAAQ,MAAM,OAAO;AACrD,UAAI,QAAQ;AACV,uBAAe,KAAK,QAAQ,IAAI,WAAW;AAC3C,mBAAW;AACX,mBAAW;AACX;AAAA,MACF,OAAO;AACL,uBAAe,KAAK,QAAQ,IAAI,yBAAyB;AAAA,MAC3D;AAAA,IACF;AAEA,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,OAAO;AAAA,QACP,MAAM;AAAA,UACJ,SAAS;AAAA,UACT,SAAS,CAAC;AAAA,UACV,aAAa;AAAA,YACX,QAAQ;AAAA,YACR,SAAS;AAAA,YACT,WAAW;AAAA,YACX,SAAS;AAAA,YACT,WAAW;AAAA,UACb;AAAA,UACA,SAAS;AAAA,UACT,QAAQ,CAAC;AAAA,YACP,UAAU;AAAA,YACV,aAAa;AAAA,UACf,CAAC;AAAA,UACD;AAAA,QACF;AAAA,QACA,WAAW,KAAK,IAAI,IAAI;AAAA,MAC1B;AAAA,IACF;AAGA,UAAM,cAAmE;AAAA,MACvE,EAAE,SAAS,WAAW,SAAS,EAAE,YAAY,WAAW,YAAY,UAAU,EAAE;AAAA,MAChF,EAAE,SAAS,WAAW,SAAS,EAAE,YAAY,WAAW,YAAY,UAAU,EAAE;AAAA,MAChF,EAAE,SAAS,WAAW,SAAS,CAAC,EAAE;AAAA;AAAA,IACpC;AAEA,eAAW,EAAE,SAAS,QAAQ,KAAK,aAAa;AAC9C,qBAAe,KAAK,qCAAqC,QAAQ,SAAS,OAAO,cAAc;AAE/F,YAAM,mBAAmB,MAAM,iBAAiB,QAAQ,UAAU,SAAS,OAAO;AAElF,UAAI,iBAAiB,WAAW,iBAAiB,QAAQ;AACvD,uBAAe,KAAK,iDAAiD,OAAO,GAAG;AAE/E,cAAM;AAAA,UACJ;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF,IAAI,uBAAuB,iBAAiB,QAAQ,MAAM;AAG1D,cAAM,mBAAmB,MAAM,kBAAkB,QAAQ,UAAU,UAAU,GAAG,QAAQ;AAGxF,yBAAiB,OAAO,IAAI;AAG5B,cAAM,kBAAkB,iBAAiB,IAAI,gBAAc;AACzD,gBAAM,SAAS,eAAe,UAAU,KAAK;AAC7C,iBAAO;AAAA,YACL,MAAM;AAAA,YACN,UAAU;AAAA,UACZ;AAAA,QACF,CAAC;AAED,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,MAAM;AAAA,YACJ,SAAS;AAAA,YACT,SAAS;AAAA,YACT,eAAe;AAAA,YACf,aAAa;AAAA,YACb;AAAA,YACA,SAAS,CAAC,OAAO,KAAK,WAAS,MAAM,aAAa,MAAM;AAAA,YACxD;AAAA,YACA;AAAA,YACA,mBAAmB,UAAU,OAAO,OAAK,EAAE,SAAS,EAAE,IAAI,OAAK,EAAE,OAAO,KAAK,CAAC;AAAA,YAC9E,iBAAiB,UAAU,OAAO,OAAK,CAAC,EAAE,SAAS,EAAE,IAAI,OAAK,EAAE,OAAO,KAAK,CAAC;AAAA,YAC7E,iBAAiB,mBAAmB,CAAC;AAAA,YACrC;AAAA,UACF;AAAA,UACA,WAAW,KAAK,IAAI,IAAI;AAAA,QAC1B;AAAA,MACF,OAAO;AACL,cAAM,WAAW,iBAAiB,OAAO,WAAW;AACpD,uBAAe,KAAK,eAAe,OAAO,KAAK,QAAQ,EAAE;AAAA,MAC3D;AAAA,IACF;AAGA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAO;AAAA,MACP,MAAM;AAAA,QACJ,SAAS;AAAA,QACT,SAAS,CAAC;AAAA,QACV,aAAa;AAAA,UACX,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,WAAW;AAAA,UACX,SAAS;AAAA,UACT,WAAW;AAAA,QACb;AAAA,QACA,SAAS;AAAA,QACT,QAAQ,CAAC;AAAA,UACP,UAAU;AAAA,UACV,aAAa;AAAA,QACf,CAAC;AAAA,QACD;AAAA,MACF;AAAA,MACA,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF,SAAS,OAAO;AACd,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAQ,MAAgB,WAAW;AAAA,MACnC,MAAM;AAAA,QACJ,SAAS;AAAA,QACT,SAAS,CAAC;AAAA,QACV,aAAa;AAAA,UACX,QAAQ;AAAA,UACR,SAAS;AAAA,UACT,WAAW;AAAA,UACX,SAAS;AAAA,UACT,WAAW;AAAA,QACb;AAAA,QACA,SAAS;AAAA,QACT,QAAQ,CAAC;AAAA,UACP,UAAU;AAAA,UACV,aAAa,qCAAsC,MAAgB,OAAO;AAAA,QAC5E,CAAC;AAAA,QACD;AAAA,MACF;AAAA,MACA,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF;AACF;;;AEp6BA,YAAYA,UAAS;AACrB,SAAS,aAAAC,kBAAiB;AAK1B,IAAMC,cAAaD,WAAc,eAAU;AAC3C,IAAME,aAAYF,WAAc,cAAS;AACzC,IAAMG,aAAYH,WAAc,cAAS;AAMlC,IAAM,iBAA2C,OACtD,UACG;AACH,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,kBAAkB,mBAAmB,KAAK;AAChD,QAAM,SAAS,cAAc,gBAAgB,MAAM;AAGnD,QAAM,SAA0B;AAAA,IAC9B,KAAK;AAAA,MACH,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,MAAM;AAAA,MACJ,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,OAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AAEF,QAAI;AACF,YAAM,aAAa,MAAMC,YAAW,MAAM;AAAQ,YAAM,YAAY,WAAW,KAAK,CAAC,WAAqB;AACxG,cAAM,YAAY,OAAO,KAAK,EAAE;AAChC,eAAO,UAAU,WAAW,QAAQ;AAAA,MACtC,CAAC;AAED,UAAI,WAAW;AACb,cAAM,YAAY,UAAU,KAAK,EAAE;AACnC,eAAO,MAAM;AAAA,UACX,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,QAAQ,CAAC;AAAA,QACX;AAEA,eAAO,IAAI,SAAS,CAAC;AAGrB,YAAI,CAAC,UAAU,SAAS,MAAM,KAAK,CAAC,UAAU,SAAS,MAAM,KAAK,CAAC,UAAU,SAAS,MAAM,GAAG;AAC7F,iBAAO,IAAI,OAAO,KAAK,kDAAkD;AACzE,iBAAO,IAAI,QAAQ;AAAA,QACrB;AAGA,YAAI,UAAU,SAAS,MAAM,GAAG;AAC9B,iBAAO,IAAI,OAAO,KAAK,uFAAuF;AAC9G,iBAAO,IAAI,QAAQ;AAAA,QACrB;AAGA,cAAM,QAAQ,UAAU,MAAM,GAAG;AACjC,cAAM,eAAe,MAAM,OAAO,OAAK,EAAE,WAAW,UAAU,CAAC,EAAE;AAEjE,YAAI,eAAe,IAAI;AACrB,iBAAO,IAAI,OAAO,KAAK,kBAAkB,YAAY,8DAA8D;AAAA,QACrH;AAGA,YAAI,UAAU,SAAS,KAAK;AAC1B,iBAAO,IAAI,OAAO,KAAK,iBAAiB,UAAU,MAAM,0EAA0E;AAAA,QACpI;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,IAAI,SAAS;AACpB,aAAO,IAAI,SAAS,CAAC,+BAA+B;AAAA,IACtD;AAGA,QAAI;AACF,YAAM,eAAe,MAAMA,YAAW,YAAY,MAAM;AAAQ,YAAM,cAAc,aAAa,KAAK,CAAC,WAAqB;AAC1H,cAAM,YAAY,OAAO,KAAK,EAAE;AAChC,eAAO,UAAU,WAAW,UAAU;AAAA,MACxC,CAAC;AAED,UAAI,aAAa;AACf,cAAM,YAAY,YAAY,KAAK,EAAE;AACrC,eAAO,QAAQ;AAAA,UACb,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,QAAQ,CAAC;AAAA,QACX;AAGA,cAAM,cAAc,UAAU,MAAM,WAAW;AAC/C,YAAI,aAAa;AACf,iBAAO,MAAM,SAAS,YAAY,CAAC;AAAA,QACrC;AAGA,YAAI,CAAC,UAAU,SAAS,IAAI,GAAG;AAC7B,iBAAO,MAAM,SAAS,CAAC,6CAA6C;AACpE,iBAAO,MAAM,QAAQ;AAAA,QACvB,WAAW,OAAO,MAAM,WAAW,QAAQ;AACzC,iBAAO,MAAM,SAAS,CAAC,uEAAuE;AAAA,QAChG;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,SAAS;AACtB,aAAO,MAAM,SAAS,CAAC,iCAAiC;AAAA,IAC1D;AAEA,UAAM,kBAAkB;AAAA,MACtB;AAAA,MAAW;AAAA,MAAU;AAAA,MAAa;AAAA,MAAa;AAAA,MAAM;AAAA,MACrD;AAAA,MAAQ;AAAA,MAAS;AAAA,MAAW;AAAA,MAAa;AAAA,MAAY;AAAA,MACrD;AAAA,MAAY;AAAA,MAAW;AAAA,IACzB;AACA,UAAM,cAAwB,CAAC;AAG/B,UAAM,kBAAkB,gBAAgB,SAAS;AACjD,UAAM,mBAAmB,kBACrB,CAAC,GAAG,iBAAiB,GAAG,eAAe,IACvC;AAEJ,eAAW,YAAY,kBAAkB;AACvC,UAAI;AACF,cAAM,cAAc,MAAMA,YAAW,GAAG,QAAQ,eAAe,MAAM,EAAE;AACvE,YAAI,eAAe,YAAY,SAAS,GAAG;AACzC,sBAAY,KAAK,QAAQ;AAAA,QAC3B;AAAA,MACF,SAAS,OAAO;AAAA,MAEhB;AAAA,IACF;AAEA,QAAI,YAAY,SAAS,GAAG;AAC1B,aAAO,OAAO;AAAA,QACZ,QAAQ;AAAA,QACR,OAAO;AAAA,QACP,WAAW;AAAA,MACb;AAAA,IACF,OAAO;AACL,aAAO,KAAK,SAAS,CAAC,4CAA4C;AAAA,IACpE;AAGA,QAAI;AAEF,YAAM,YAAY,MAAME,WAAU,MAAM;AACxC,UAAI,aAAa,UAAU,SAAS,GAAG;AAGrC,eAAO,SAAS;AAAA,UACd,SAAS;AAAA,UACT,OAAO;AAAA,UACP,QAAQ,CAAC,0EAA0E;AAAA,QACrF;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,OAAO,SAAS,CAAC,wCAAwC;AAAA,IAClE;AAEA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,MAAM;AAAA,MACN,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF,SAAS,OAAO;AACd,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAQ,MAAgB,WAAW;AAAA,MACnC,MAAM;AAAA,MACN,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF;AACF;;;AC/LA,YAAYC,UAAS;AAKrB,IAAM,gBAAgB;AAAA,EACpB;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAGA,IAAM,gBAAwC;AAAA,EAC5C,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,KAAK;AAAA,EACL,MAAM;AAAA,EACN,MAAM;AAAA,EACN,MAAM;AAAA,EACN,MAAM;AACR;AAMO,IAAM,YAAqC,OAChD,UACG;AACH,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,kBAAkB,mBAAmB,KAAK;AAChD,QAAM,SAAS,cAAc,gBAAgB,MAAM;AACnD,QAAM,UAAU,gBAAgB,WAAW;AAG3C,QAAM,cAAc,gBAAgB,SAAS,SAAS;AAGtD,QAAM,SAAyB;AAAA,IAC7B,WAAW,CAAC;AAAA,IACZ,OAAO;AAAA,EACT;AAEA,MAAI;AAEF,UAAM,eAAe,YAAY,IAAI,CAAC,SAAiB;AACrD,aAAO,IAAI,QAAc,aAAW;AAElC,cAAM,SAAS,IAAQ,YAAO;AAC9B,YAAI,WAAW;AAGf,eAAO,WAAW,OAAO;AAGzB,eAAO,GAAG,WAAW,MAAM;AACzB,cAAI;AAAU;AACd,qBAAW;AAGX,cAAI,SAAS;AACb,gBAAM,gBAAgB,WAAW,MAAM;AACrC,mBAAO,QAAQ;AACf,mBAAO,UAAU,KAAK;AAAA,cACpB;AAAA,cACA,SAAS,cAAc,IAAI,KAAK;AAAA,cAChC,QAAQ,UAAU;AAAA,YACpB,CAAC;AACD,oBAAQ;AAAA,UACV,GAAG,GAAI;AAGN,iBAAO,KAAK,QAAQ,CAAC,SAAiB;AACrC,qBAAS,KAAK,SAAS,EAAE,KAAK;AAC9B,yBAAa,aAAa;AAC1B,mBAAO,QAAQ;AAEf,mBAAO,UAAU,KAAK;AAAA,cACpB;AAAA,cACA,SAAS,cAAc,IAAI,KAAK;AAAA,cAChC,QAAQ,UAAU;AAAA,YACpB,CAAC;AAED,oBAAQ;AAAA,UACV,CAAC;AAGD,cAAI,SAAS,IAAI;AACf,mBAAO,MAAM,8BAA8B,SAAS,UAAU;AAAA,UAChE,WAAW,SAAS,KAAK;AACvB,mBAAO,QAAQ;AACf,mBAAO,UAAU,KAAK;AAAA,cACpB;AAAA,cACA,SAAS;AAAA,YACX,CAAC;AACD,oBAAQ;AAAA,UACV,WAAW,SAAS,MAAM,SAAS,KAAK;AAAA,UAGxC,WAAW,SAAS,IAAI;AAAA,UAExB,OAAO;AAEL,mBAAO,QAAQ;AACf,mBAAO,UAAU,KAAK;AAAA,cACpB;AAAA,cACA,SAAS,cAAc,IAAI,KAAK;AAAA,YAClC,CAAC;AACD,oBAAQ;AAAA,UACV;AAAA,QACF,CAAC;AAGD,eAAO,GAAG,SAAS,MAAM;AACvB,cAAI;AAAU;AACd,qBAAW;AACX,iBAAO,QAAQ;AACf,kBAAQ;AAAA,QACV,CAAC;AAGD,eAAO,GAAG,WAAW,MAAM;AACzB,cAAI;AAAU;AACd,qBAAW;AACX,iBAAO,QAAQ;AACf,kBAAQ;AAAA,QACV,CAAC;AAGD,eAAO,QAAQ,MAAM,MAAM;AAAA,MAC7B,CAAC;AAAA,IACH,CAAC;AAGD,UAAM,QAAQ,IAAI,YAAY;AAG9B,WAAO,QAAQ,OAAO,UAAU;AAEhC,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,MAAM;AAAA,MACN,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF,SAAS,OAAO;AACd,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAQ,MAAgB,WAAW;AAAA,MACnC,MAAM;AAAA,MACN,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF;AACF;;;AChLA,YAAYL,UAAS;AACrB,SAAS,aAAAC,kBAAiB;AAG1B,IAAMC,cAAaD,WAAc,eAAU;AAuCpC,IAAM,qBAAmD,OAAO,UAAwB;AAC7F,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,kBAAkB,mBAAmB,KAAK;AAChD,QAAM,SAAS,cAAc,gBAAgB,MAAM;AAGnD,QAAM,SAA8B;AAAA,IAClC;AAAA,IACA,KAAK;AAAA,MACH,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,OAAO;AAAA,MACL,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,SAAS;AAAA,MACP,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,MAAM;AAAA,MACJ,QAAQ;AAAA,MACR,OAAO;AAAA,IACT;AAAA,IACA,SAAS;AAAA,MACP,eAAe;AAAA,MACf,iBAAiB,CAAC;AAAA,IACpB;AAAA,EACF;AAEA,MAAI;AAEF,QAAI;AACF,YAAM,aAAa,MAAMC,YAAW,MAAM;AAC1C,YAAM,YAAY,WAAW,KAAK,CAAC,WAAqB;AACtD,cAAM,YAAY,OAAO,KAAK,EAAE;AAChC,eAAO,UAAU,WAAW,QAAQ;AAAA,MACtC,CAAC;AAED,UAAI,WAAW;AACb,cAAM,YAAY,UAAU,KAAK,EAAE;AACnC,eAAO,MAAM;AAAA,UACX,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,QAAQ,CAAC;AAAA,QACX;AAGA,YAAI,CAAC,UAAU,SAAS,MAAM,KAAK,CAAC,UAAU,SAAS,MAAM,GAAG;AAC9D,iBAAO,IAAI,QAAQ,KAAK,2CAA2C;AACnE,iBAAO,IAAI,QAAQ;AAAA,QACrB;AAAA,MACF,OAAO;AACL,eAAO,QAAQ,gBAAgB,KAAK,mDAAmD;AAAA,MACzF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,IAAI,SAAS;AACpB,aAAO,IAAI,SAAS,CAAC,+BAA+B;AACpD,aAAO,QAAQ,gBAAgB,KAAK,mDAAmD;AAAA,IACzF;AAGA,QAAI;AACF,YAAM,eAAe,MAAMA,YAAW,YAAY,MAAM;AACxD,YAAM,cAAc,aAAa,KAAK,CAAC,WAAqB;AAC1D,cAAM,YAAY,OAAO,KAAK,EAAE;AAChC,eAAO,UAAU,WAAW,UAAU;AAAA,MACxC,CAAC;AAED,UAAI,aAAa;AACf,cAAM,YAAY,YAAY,KAAK,EAAE;AACrC,eAAO,QAAQ;AAAA,UACb,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,QAAQ,CAAC;AAAA,QACX;AAGA,cAAM,cAAc,UAAU,MAAM,WAAW;AAC/C,YAAI,aAAa;AACf,iBAAO,MAAM,SAAS,YAAY,CAAC;AAGnC,cAAI,OAAO,MAAM,WAAW,QAAQ;AAClC,mBAAO,MAAM,QAAQ,KAAK,uEAAuE;AACjG,mBAAO,QAAQ,gBAAgB,KAAK,6EAA6E;AAAA,UACnH,WAAW,OAAO,MAAM,WAAW,cAAc;AAC/C,mBAAO,QAAQ,gBAAgB,KAAK,0FAA0F;AAAA,UAChI;AAAA,QACF,OAAO;AACL,iBAAO,MAAM,QAAQ;AACrB,iBAAO,MAAM,QAAQ,KAAK,6CAA6C;AAAA,QACzE;AAAA,MACF,OAAO;AACL,eAAO,QAAQ,gBAAgB,KAAK,0DAA0D;AAAA,MAChG;AAAA,IACF,SAAS,OAAO;AACd,aAAO,MAAM,SAAS;AACtB,aAAO,MAAM,SAAS,CAAC,iCAAiC;AACxD,aAAO,QAAQ,gBAAgB,KAAK,0DAA0D;AAAA,IAChG;AAGA,QAAI;AACF,YAAM,gBAAgB,MAAMA,YAAW,cAAc,MAAM;AAC3D,YAAM,eAAe,cAAc,KAAK,CAAC,WAAqB;AAC5D,cAAM,YAAY,OAAO,KAAK,EAAE;AAChC,eAAO,UAAU,WAAW,SAAS;AAAA,MACvC,CAAC;AAED,UAAI,cAAc;AAChB,cAAM,YAAY,aAAa,KAAK,EAAE;AACtC,eAAO,UAAU;AAAA,UACf,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,QAAQ,CAAC;AAAA,QACX;AAAA,MACF,OAAO;AACL,eAAO,QAAQ,gBAAgB,KAAK,qFAAqF;AAAA,MAC3H;AAAA,IACF,SAAS,OAAO;AACd,aAAO,QAAQ,SAAS;AACxB,aAAO,QAAQ,SAAS,CAAC,mCAAmC;AAAA,IAC9D;AAGA,QAAI;AACF,YAAM,cAAc,MAAMA,YAAW,mBAAmB,MAAM;AAC9D,YAAM,aAAa,YAAY,KAAK,CAAC,WAAqB;AACxD,cAAM,YAAY,OAAO,KAAK,EAAE;AAChC,eAAO,UAAU,WAAW,SAAS;AAAA,MACvC,CAAC;AAED,UAAI,YAAY;AACd,cAAM,YAAY,WAAW,KAAK,EAAE;AACpC,eAAO,OAAO;AAAA,UACZ,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,QAAQ;AAAA,UACR,QAAQ,CAAC;AAAA,QACX;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK,SAAS;AACrB,aAAO,KAAK,SAAS,CAAC,gCAAgC;AAAA,IACxD;AAGA,QAAI,QAAQ;AAGZ,QAAI,OAAO,IAAI;AAAQ,eAAS;AAChC,QAAI,OAAO,IAAI;AAAO,eAAS;AAG/B,QAAI,OAAO,MAAM;AAAQ,eAAS;AAClC,QAAI,OAAO,MAAM;AAAO,eAAS;AACjC,QAAI,OAAO,MAAM,WAAW;AAAU,eAAS;AAAA,aACtC,OAAO,MAAM,WAAW;AAAc,eAAS;AAGxD,QAAI,OAAO,QAAQ;AAAQ,eAAS;AACpC,QAAI,OAAO,QAAQ;AAAO,eAAS;AAGnC,QAAI,OAAO,KAAK;AAAQ,eAAS;AAEjC,WAAO,QAAQ,gBAAgB;AAE/B,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,MAAM;AAAA,MACN,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF,SAAS,OAAO;AACd,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,SAAS;AAAA,MACT,OAAQ,MAAgB,WAAW;AAAA,MACnC,MAAM;AAAA,MACN,WAAW,KAAK,IAAI,IAAI;AAAA,IAC1B;AAAA,EACF;AACF","sourcesContent":["import * as tls from 'tls';\r\nimport * as net from 'net';\r\nimport * as dns from 'dns';\r\nimport * as crypto from 'crypto';\r\nimport { promisify } from 'util';\r\nimport { Scanner, ScannerInput, TLSConfigResult } from '../types';\r\nimport { extractDomain, createScannerInput } from '../core/request';\r\nimport * as sslChecker from 'ssl-checker';\r\n\r\n// Promisify DNS lookup\r\nconst dnsLookup = promisify(dns.lookup);\r\n\r\n// Standard cipher suite ratings\r\nconst CIPHER_RATINGS: Record<string, 'strong' | 'recommended' | 'adequate' | 'weak' | 'insecure'> = {\r\n // Strong modern ciphers\r\n 'TLS_AES_256_GCM_SHA384': 'strong',\r\n 'TLS_AES_128_GCM_SHA256': 'strong',\r\n 'TLS_CHACHA20_POLY1305_SHA256': 'strong',\r\n \r\n // Recommended ciphers\r\n 'ECDHE-ECDSA-AES256-GCM-SHA384': 'recommended',\r\n 'ECDHE-RSA-AES256-GCM-SHA384': 'recommended',\r\n 'ECDHE-ECDSA-AES128-GCM-SHA256': 'recommended',\r\n 'ECDHE-RSA-AES128-GCM-SHA256': 'recommended',\r\n 'ECDHE-ECDSA-CHACHA20-POLY1305': 'recommended',\r\n 'ECDHE-RSA-CHACHA20-POLY1305': 'recommended',\r\n \r\n // Adequate ciphers\r\n 'DHE-RSA-AES256-GCM-SHA384': 'adequate',\r\n 'DHE-RSA-AES128-GCM-SHA256': 'adequate',\r\n 'ECDHE-ECDSA-AES256-SHA384': 'adequate',\r\n 'ECDHE-RSA-AES256-SHA384': 'adequate',\r\n 'ECDHE-ECDSA-AES128-SHA256': 'adequate',\r\n 'ECDHE-RSA-AES128-SHA256': 'adequate',\r\n \r\n // Weak ciphers - should be avoided\r\n 'ECDHE-RSA-AES256-SHA': 'weak',\r\n 'ECDHE-ECDSA-AES256-SHA': 'weak',\r\n 'DHE-RSA-AES256-SHA': 'weak',\r\n 'ECDHE-RSA-AES128-SHA': 'weak',\r\n 'ECDHE-ECDSA-AES128-SHA': 'weak',\r\n 'DHE-RSA-AES128-SHA': 'weak',\r\n 'RSA-AES256-GCM-SHA384': 'weak',\r\n 'RSA-AES128-GCM-SHA256': 'weak',\r\n 'RSA-AES256-SHA256': 'weak',\r\n 'RSA-AES128-SHA256': 'weak',\r\n 'RSA-AES256-SHA': 'weak',\r\n 'RSA-AES128-SHA': 'weak',\r\n \r\n // Insecure ciphers - should never be used\r\n 'DES-CBC3-SHA': 'insecure',\r\n 'ECDHE-RSA-DES-CBC3-SHA': 'insecure',\r\n 'EDH-RSA-DES-CBC3-SHA': 'insecure',\r\n 'RC4-SHA': 'insecure',\r\n 'RC4-MD5': 'insecure',\r\n 'NULL-SHA': 'insecure',\r\n 'NULL-MD5': 'insecure',\r\n 'EXP-RC4-MD5': 'insecure',\r\n 'EXP-DES-CBC-SHA': 'insecure'\r\n};\r\n\r\n// TLS/SSL protocol versions with their security ratings\r\nconst PROTOCOL_RATINGS: Record<string, {\r\n rating: 'secure' | 'recommended' | 'adequate' | 'weak' | 'insecure',\r\n description: string\r\n}> = {\r\n 'TLSv1.3': {\r\n rating: 'secure',\r\n description: 'Modern, secure protocol with perfect forward secrecy and improved handshake encryption'\r\n },\r\n 'TLSv1.2': {\r\n rating: 'recommended',\r\n description: 'Secure protocol when configured properly, widely supported'\r\n },\r\n 'TLSv1.1': {\r\n rating: 'weak',\r\n description: 'Outdated protocol with known vulnerabilities, should be disabled'\r\n },\r\n 'TLSv1': {\r\n rating: 'insecure',\r\n description: 'Outdated protocol with known vulnerabilities, should be disabled'\r\n },\r\n 'SSLv3': {\r\n rating: 'insecure',\r\n description: 'Insecure protocol affected by POODLE vulnerability, must be disabled'\r\n },\r\n 'SSLv2': {\r\n rating: 'insecure',\r\n description: 'Critically insecure legacy protocol, must be disabled'\r\n }\r\n};\r\n\r\n// Known vulnerabilities in SSL/TLS\r\nconst KNOWN_VULNERABILITIES = [\r\n {\r\n name: 'BEAST',\r\n affects: ['TLSv1'],\r\n description: 'Browser Exploit Against SSL/TLS. Affects CBC ciphers in TLS 1.0 and earlier.',\r\n severity: 'high'\r\n },\r\n {\r\n name: 'POODLE',\r\n affects: ['SSLv3'],\r\n description: 'Padding Oracle On Downgraded Legacy Encryption. Affects all SSLv3 connections.',\r\n severity: 'high'\r\n },\r\n {\r\n name: 'FREAK',\r\n affects: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],\r\n description: 'Forcing RSA Export Keys. Server supports export-grade cipher suites.',\r\n severity: 'high',\r\n testFor: (cipher: string) => cipher.includes('EXP')\r\n },\r\n {\r\n name: 'LOGJAM',\r\n affects: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],\r\n description: 'Weak Diffie-Hellman key exchange. Server may use weak DH parameters.',\r\n severity: 'high',\r\n testFor: (cipher: string) => cipher.includes('DHE') && cipher.includes('EXPORT')\r\n },\r\n {\r\n name: 'ROBOT',\r\n affects: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],\r\n description: 'Return Of Bleichenbacher\\'s Oracle Threat. RSA padding oracle vulnerability.',\r\n severity: 'high',\r\n testFor: (cipher: string) => cipher.startsWith('RSA')\r\n },\r\n {\r\n name: 'LUCKY13',\r\n affects: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],\r\n description: 'Timing attack against CBC ciphers.',\r\n severity: 'medium',\r\n testFor: (cipher: string) => cipher.includes('CBC')\r\n },\r\n {\r\n name: 'HEARTBLEED',\r\n affects: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],\r\n description: 'OpenSSL heartbeat information disclosure. Can\\'t be detected from connection alone.',\r\n severity: 'critical'\r\n },\r\n {\r\n name: 'Sweet32',\r\n affects: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],\r\n description: 'Birthday attacks on 64-bit block ciphers (3DES/DES)',\r\n severity: 'medium',\r\n testFor: (cipher: string) => cipher.includes('3DES') || cipher.includes('DES-CBC')\r\n }\r\n];\r\n\r\n/**\r\n * Tests if a port is open on a given host\r\n */\r\nasync function isPortOpen(host: string, port: number, timeout: number): Promise<boolean> {\r\n return new Promise(resolve => {\r\n const socket = new net.Socket();\r\n let isOpen = false;\r\n \r\n // Set timeout\r\n socket.setTimeout(timeout);\r\n \r\n socket.on('connect', () => {\r\n isOpen = true;\r\n socket.end();\r\n });\r\n \r\n socket.on('timeout', () => {\r\n socket.destroy();\r\n resolve(false);\r\n });\r\n \r\n socket.on('error', () => {\r\n resolve(false);\r\n });\r\n \r\n socket.on('close', () => {\r\n resolve(isOpen);\r\n });\r\n \r\n socket.connect(port, host);\r\n });\r\n}\r\n\r\n/**\r\n * Test for specific SSL/TLS vulnerabilities by configuration\r\n */\r\nfunction testForVulnerabilities(protocol: string, cipher: tls.CipherNameAndProtocol): Array<{\r\n name: string;\r\n description: string;\r\n severity: 'critical' | 'high' | 'medium' | 'low';\r\n}> {\r\n const vulnerabilities: Array<{\r\n name: string;\r\n description: string;\r\n severity: 'critical' | 'high' | 'medium' | 'low';\r\n }> = [];\r\n\r\n for (const vuln of KNOWN_VULNERABILITIES) {\r\n if (vuln.affects.includes(protocol)) {\r\n // If there's a specific test for this vulnerability\r\n if (!vuln.testFor || vuln.testFor(cipher.name)) {\r\n vulnerabilities.push({\r\n name: vuln.name,\r\n description: vuln.description,\r\n severity: vuln.severity as 'critical' | 'high' | 'medium' | 'low'\r\n });\r\n }\r\n }\r\n }\r\n\r\n return vulnerabilities;\r\n}\r\n\r\n/**\r\n * Calculate the key strength from certificate information\r\n */\r\nfunction calculateKeyStrength(cert: any): { \r\n strength: number; \r\n algorithm: string;\r\n rating: 'strong' | 'adequate' | 'weak' | 'insecure';\r\n} {\r\n let strength = 0;\r\n let algorithm = 'unknown';\r\n let rating: 'strong' | 'adequate' | 'weak' | 'insecure' = 'weak';\r\n\r\n if (cert.pubkey) {\r\n // Extract key algorithm and size\r\n if (cert.pubkey.algo === 'rsa') {\r\n strength = cert.pubkey.bits || 0;\r\n algorithm = 'RSA';\r\n \r\n if (strength >= 4096) {\r\n rating = 'strong';\r\n } else if (strength >= 2048) {\r\n rating = 'adequate';\r\n } else if (strength >= 1024) {\r\n rating = 'weak';\r\n } else {\r\n rating = 'insecure';\r\n }\r\n } else if (cert.pubkey.algo === 'ec') {\r\n strength = cert.pubkey.bits || 0;\r\n algorithm = 'ECDSA';\r\n \r\n if (strength >= 384) {\r\n rating = 'strong';\r\n } else if (strength >= 256) {\r\n rating = 'adequate';\r\n } else {\r\n rating = 'weak';\r\n }\r\n }\r\n }\r\n\r\n return { strength, algorithm, rating };\r\n}\r\n\r\n/**\r\n * Check for specific certificate features\r\n */\r\nfunction checkCertificateFeatures(cert: any): Array<{\r\n feature: string;\r\n supported: boolean;\r\n description: string;\r\n}> {\r\n const features: Array<{\r\n feature: string;\r\n supported: boolean;\r\n description: string;\r\n }> = [];\r\n \r\n // Check for CT (Certificate Transparency)\r\n const hasSCT = cert.ext && (cert.ext.includes('CT Precertificate SCTs') || cert.ext.includes('signed certificate timestamp'));\r\n features.push({\r\n feature: 'Certificate Transparency',\r\n supported: !!hasSCT,\r\n description: hasSCT ? \r\n 'Certificate includes embedded SCTs, complying with Certificate Transparency' : \r\n 'Certificate does not include Certificate Transparency information'\r\n });\r\n \r\n // Check for OCSP Must-Staple\r\n const hasOCSPMustStaple = cert.ext && cert.ext.includes('OCSP Must-Staple');\r\n features.push({\r\n feature: 'OCSP Must-Staple',\r\n supported: !!hasOCSPMustStaple,\r\n description: hasOCSPMustStaple ?\r\n 'Certificate requires the server to provide OCSP stapling' :\r\n 'Certificate does not enforce OCSP stapling'\r\n });\r\n \r\n // Check for key usage restrictions\r\n const hasKeyUsage = cert.ext && cert.ext.includes('X509v3 Key Usage');\r\n features.push({\r\n feature: 'Key Usage Restrictions',\r\n supported: !!hasKeyUsage,\r\n description: hasKeyUsage ?\r\n 'Certificate specifies permitted key usages' :\r\n 'Certificate does not restrict key usages'\r\n });\r\n \r\n return features;\r\n}\r\n\r\n/**\r\n * Get elliptic curve name from the TLS connection if available\r\n */\r\nfunction getECDHCurve(socket: tls.TLSSocket): string | undefined {\r\n try {\r\n // Get cipher information from the TLS socket\r\n const cipher = socket.getCipher();\r\n // In newer Node versions, we might have more details but we'll use what's available\r\n return cipher.name.includes('ECDHE') ? 'ECDHE' : undefined;\r\n } catch (e) {\r\n return undefined;\r\n }\r\n}\r\n\r\n/**\r\n * Perform TLS connection with specific options\r\n */\r\nasync function tryTLSConnection(\r\n host: string, \r\n port: number, \r\n timeout: number, \r\n options: Partial<tls.ConnectionOptions> = {}\r\n): Promise<{success: boolean, socket?: tls.TLSSocket, error?: Error, details?: any}> {\r\n return new Promise(resolve => {\r\n try {\r\n // Allow customizing cipher list if it's provided in options\r\n const socketOptions: tls.ConnectionOptions = {\r\n host,\r\n port,\r\n timeout,\r\n rejectUnauthorized: false,\r\n secureContext: options.secureContext,\r\n secureProtocol: options.secureProtocol,\r\n ALPNProtocols: ['h2', 'http/1.1'], // Test for HTTP/2 support\r\n requestCert: true,\r\n ...options\r\n };\r\n \r\n // Create socket with options\r\n const socket = tls.connect(socketOptions);\r\n \r\n // Set timeout\r\n socket.setTimeout(timeout);\r\n socket.on('secureConnect', () => {\r\n const details: any = {};\r\n\r\n // Try to get ALPN protocol (HTTP/2 support)\r\n try {\r\n details.alpnProtocol = socket.alpnProtocol;\r\n } catch (e) {\r\n // Ignore errors\r\n }\r\n \r\n // Try to get server name indication (SNI)\r\n try {\r\n // The requested hostname (not actually the server name from the certificate)\r\n details.hostname = host;\r\n } catch (e) {\r\n // Ignore errors\r\n }\r\n\r\n // Try to get the negotiated protocol\r\n try {\r\n details.negotiatedProtocol = socket.getProtocol();\r\n } catch (e) {\r\n // Ignore errors\r\n }\r\n\r\n resolve({ success: true, socket, details });\r\n });\r\n \r\n socket.on('error', (error) => {\r\n socket.destroy();\r\n resolve({ success: false, error });\r\n });\r\n \r\n socket.on('timeout', () => {\r\n socket.destroy();\r\n resolve({ success: false, error: new Error('Connection timeout') });\r\n });\r\n } catch (error) {\r\n resolve({ success: false, error: error as Error });\r\n }\r\n });\r\n}\r\n\r\n/**\r\n * Try to establish a connection with various cipher suite restrictions to test what the server supports\r\n */\r\nasync function testCipherSupport(host: string, port: number, timeout: number, protocol: string): Promise<string[]> {\r\n const supportedCiphers: string[] = [];\r\n \r\n // Get all available ciphers that Node.js supports\r\n const allCiphers = crypto.getCiphers()\r\n .filter(c => \r\n // Filter to just TLS/SSL ciphers\r\n c.includes('-') && \r\n !c.startsWith('id-') && \r\n !c.includes('NULL')\r\n );\r\n \r\n // Group ciphers into categories for prioritized testing\r\n const cipherGroups = {\r\n modern: allCiphers.filter(c => \r\n c.includes('ECDHE') && \r\n (c.includes('GCM') || c.includes('CHACHA20'))\r\n ),\r\n recommended: allCiphers.filter(c =>\r\n c.includes('DHE') &&\r\n (c.includes('GCM') || c.includes('CHACHA20'))\r\n ),\r\n legacy: allCiphers.filter(c => \r\n c.includes('AES') && \r\n !c.includes('GCM')\r\n ),\r\n weak: allCiphers.filter(c => \r\n c.includes('RC4') || \r\n c.includes('DES') || \r\n c.includes('3DES') ||\r\n c.includes('MD5')\r\n )\r\n };\r\n \r\n // Test modern ciphers first, then try others if needed\r\n const cipherList = [\r\n ...cipherGroups.modern,\r\n ...cipherGroups.recommended,\r\n ...cipherGroups.legacy,\r\n ...cipherGroups.weak\r\n ];\r\n \r\n // Limit how many ciphers we test to avoid excessive time consumption\r\n const maxCiphersToTest = 30;\r\n const selectedCiphers = cipherList.slice(0, maxCiphersToTest);\r\n \r\n // Try a subset of representative ciphers\r\n for (const cipher of selectedCiphers) {\r\n try {\r\n const options: tls.ConnectionOptions = {\r\n minVersion: protocol as any,\r\n maxVersion: protocol as any,\r\n ciphers: cipher\r\n };\r\n \r\n const result = await tryTLSConnection(host, port, timeout / 2, options);\r\n if (result.success && result.socket) {\r\n supportedCiphers.push(result.socket.getCipher().name);\r\n result.socket.destroy();\r\n }\r\n } catch (e) {\r\n // Ignore errors for individual cipher tests\r\n }\r\n }\r\n \r\n return [...new Set(supportedCiphers)]; // Remove duplicates\r\n}\r\n\r\n/**\r\n * Extract certificate information from TLS socket\r\n */\r\nfunction extractCertificateInfo(socket: tls.TLSSocket, host: string): {\r\n protocol: string;\r\n cipher: tls.CipherNameAndProtocol;\r\n certInfo: any;\r\n issues: TLSConfigResult['issues'];\r\n certificateChain?: any[];\r\n securityRating: 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';\r\n features?: Array<{feature: string; supported: boolean; description: string}>;\r\n vulnerabilities?: Array<{name: string; description: string; severity: string}>;\r\n} {\r\n const protocol = socket.getProtocol() || '';\r\n const cipher = socket.getCipher();\r\n const cert = socket.getPeerCertificate(true); // true gets the whole certificate chain\r\n \r\n // Extract certificate chain\r\n const chain: any[] = [];\r\n let currentCert = cert;\r\n \r\n while (currentCert && !(currentCert.issuerCertificate?.fingerprint === currentCert.fingerprint)) {\r\n // Add certificate to chain if it's not already there (avoid infinite loops from self-signed certs)\r\n if (chain.findIndex(c => c.fingerprint === currentCert.fingerprint) === -1) {\r\n chain.push({\r\n subject: currentCert.subject,\r\n issuer: currentCert.issuer,\r\n validFrom: currentCert.valid_from,\r\n validTo: currentCert.valid_to,\r\n fingerprint: currentCert.fingerprint\r\n });\r\n \r\n // Move to the next certificate in the chain\r\n if (currentCert.issuerCertificate && \r\n currentCert.fingerprint !== currentCert.issuerCertificate.fingerprint) {\r\n currentCert = currentCert.issuerCertificate;\r\n } else {\r\n break;\r\n }\r\n } else {\r\n break; // End if we've seen this certificate before (prevent infinite loop)\r\n }\r\n }\r\n \r\n // Get current date for certificate validation\r\n const now = new Date();\r\n const validFrom = new Date(cert.valid_from);\r\n const validTo = new Date(cert.valid_to);\r\n const expiresIn = Math.round((validTo.getTime() - now.getTime()) / (1000 * 60 * 60 * 24)); // days\r\n const isExpired = now > validTo;\r\n const isNotYetValid = now < validFrom;\r\n \r\n // Create issues list\r\n const issues: TLSConfigResult['issues'] = [];\r\n \r\n // Certificate validity issues\r\n if (isExpired) {\r\n issues.push({\r\n severity: 'high',\r\n description: 'SSL certificate has expired.'\r\n });\r\n }\r\n \r\n if (isNotYetValid) {\r\n issues.push({\r\n severity: 'high',\r\n description: 'SSL certificate is not yet valid.'\r\n });\r\n }\r\n \r\n if (expiresIn <= 30 && !isExpired) {\r\n issues.push({\r\n severity: 'medium',\r\n description: `SSL certificate expires soon (${expiresIn} days).`\r\n });\r\n }\r\n \r\n // Certificate hostname validation\r\n const hostnames = [host];\r\n if (host.startsWith('www.')) {\r\n hostnames.push(host.substring(4)); // Add non-www version\r\n } else {\r\n hostnames.push(`www.${host}`); // Add www version\r\n }\r\n\r\n // Check if any of the hostnames are covered by the certificate\r\n const altNames = cert.subjectaltname?.split(', ').map((name: string) => {\r\n if (name.startsWith('DNS:')) {\r\n return name.substring(4);\r\n }\r\n return name;\r\n }) || [];\r\n\r\n const validNames = [\r\n cert.subject?.CN,\r\n ...altNames\r\n ].filter(Boolean);\r\n\r\n const hostnameMatch = hostnames.some(hostname => \r\n validNames.some(name => {\r\n // Check for wildcard match e.g. *.example.com matches sub.example.com\r\n if (name.startsWith('*.')) {\r\n const domainPart = name.substring(2);\r\n return hostname.endsWith(domainPart) && \r\n hostname.split('.').length === domainPart.split('.').length + 1;\r\n }\r\n return name === hostname;\r\n })\r\n );\r\n\r\n if (!hostnameMatch) {\r\n issues.push({\r\n severity: 'high',\r\n description: `Certificate hostname mismatch. Certificate is not valid for: ${host}`\r\n });\r\n }\r\n \r\n // Protocol version checks\r\n const protocolRating = PROTOCOL_RATINGS[protocol] || {\r\n rating: 'unknown',\r\n description: 'Unknown protocol version'\r\n };\r\n \r\n if (protocolRating.rating === 'insecure' || protocolRating.rating === 'weak') {\r\n issues.push({\r\n severity: 'high',\r\n description: `Server uses ${protocolRating.rating} protocol: ${protocol}. ${protocolRating.description}`\r\n });\r\n } else if (protocolRating.rating === 'adequate') {\r\n issues.push({\r\n severity: 'medium',\r\n description: `Server uses ${protocolRating.rating} protocol: ${protocol}. ${protocolRating.description}`\r\n });\r\n }\r\n \r\n // Cipher suite checks\r\n const cipherRating = CIPHER_RATINGS[cipher.name] || 'weak';\r\n if (cipherRating === 'insecure') {\r\n issues.push({\r\n severity: 'high',\r\n description: `Server uses insecure cipher: ${cipher.name}.`\r\n });\r\n } else if (cipherRating === 'weak') {\r\n issues.push({\r\n severity: 'high',\r\n description: `Server uses weak cipher: ${cipher.name}.`\r\n });\r\n } else if (cipherRating === 'adequate') {\r\n issues.push({\r\n severity: 'medium',\r\n description: `Server uses adequate but not ideal cipher: ${cipher.name}.`\r\n });\r\n }\r\n \r\n // Key strength checks\r\n const keyInfo = calculateKeyStrength(cert);\r\n if (keyInfo.rating === 'insecure') {\r\n issues.push({\r\n severity: 'high',\r\n description: `Certificate uses insecure ${keyInfo.algorithm} key (${keyInfo.strength} bits).`\r\n });\r\n } else if (keyInfo.rating === 'weak') {\r\n issues.push({\r\n severity: 'medium',\r\n description: `Certificate uses weak ${keyInfo.algorithm} key (${keyInfo.strength} bits).`\r\n });\r\n }\r\n\r\n // Self-signed certificate check\r\n const isSelfSigned = chain.length === 1 || \r\n (cert.issuer.CN === cert.subject.CN && \r\n cert.issuer.O === cert.subject.O);\r\n \r\n if (isSelfSigned) {\r\n issues.push({\r\n severity: 'high',\r\n description: 'Certificate is self-signed and not from a trusted authority.'\r\n });\r\n }\r\n // Check certificate signature algorithm\r\n // Node.js types don't include sigalg but it's actually available\r\n const sigAlgo = (cert as any).sigalg?.toLowerCase() || '';\r\n if (sigAlgo.includes('sha1') || sigAlgo.includes('md5')) {\r\n issues.push({\r\n severity: 'high',\r\n description: `Certificate uses weak signature algorithm: ${(cert as any).sigalg}`\r\n });\r\n }\r\n\r\n // Test for known vulnerabilities\r\n const vulnerabilities = testForVulnerabilities(protocol, cipher);\r\n \r\n // Add vulnerabilities to issues\r\n for (const vuln of vulnerabilities) {\r\n issues.push({\r\n severity: vuln.severity as 'high' | 'medium' | 'low' | 'info',\r\n description: `${vuln.name}: ${vuln.description}`\r\n });\r\n }\r\n \r\n // Certificate features\r\n const features = checkCertificateFeatures(cert);\r\n \r\n // Calculate overall security rating\r\n let securityScore = 100;\r\n \r\n // Deduct points based on issues\r\n for (const issue of issues) {\r\n if (issue.severity === 'high') {\r\n securityScore -= 25;\r\n } else if (issue.severity === 'medium') {\r\n securityScore -= 10;\r\n } else if (issue.severity === 'low') {\r\n securityScore -= 5;\r\n }\r\n }\r\n \r\n // Add points for good security features\r\n for (const feature of features) {\r\n if (feature.supported) {\r\n securityScore += 5;\r\n }\r\n }\r\n \r\n // Cap the score between 0 and 100\r\n securityScore = Math.max(0, Math.min(100, securityScore));\r\n \r\n // Convert score to letter grade\r\n let securityRating: 'A+' | 'A' | 'B' | 'C' | 'D' | 'F';\r\n if (securityScore >= 95) {\r\n securityRating = 'A+';\r\n } else if (securityScore >= 85) {\r\n securityRating = 'A';\r\n } else if (securityScore >= 70) {\r\n securityRating = 'B';\r\n } else if (securityScore >= 60) {\r\n securityRating = 'C';\r\n } else if (securityScore >= 50) {\r\n securityRating = 'D';\r\n } else {\r\n securityRating = 'F';\r\n }\r\n \r\n return {\r\n protocol,\r\n cipher,\r\n certInfo: {\r\n issuer: cert.issuer.CN || cert.issuer.O || 'Unknown',\r\n subject: cert.subject.CN || cert.subject.O || 'Unknown',\r\n validFrom: validFrom.toISOString(),\r\n validTo: validTo.toISOString(),\r\n expiresIn: expiresIn,\r\n subjectAltNames: altNames,\r\n serialNumber: cert.serialNumber,\r\n signatureAlgorithm: (cert as any).sigalg,\r\n keyStrength: keyInfo.strength,\r\n keyAlgorithm: keyInfo.algorithm\r\n },\r\n certificateChain: chain,\r\n issues,\r\n securityRating,\r\n features,\r\n vulnerabilities\r\n };\r\n}\r\n\r\n/**\r\n * Scan the TLS configuration of a domain\r\n * Note: This can only be used in a Node.js environment\r\n */\r\nexport const scanTLS: Scanner<TLSConfigResult> = async (\r\n input: ScannerInput\r\n) => {\r\n const startTime = Date.now();\r\n const normalizedInput = createScannerInput(input);\r\n const domain = extractDomain(normalizedInput.target);\r\n const timeout = normalizedInput.timeout || 10000;\r\n \r\n const diagnosticInfo: string[] = [];\r\n \r\n try {\r\n // First, perform a DNS lookup to check if domain resolves\r\n try {\r\n const dnsResult = await dnsLookup(domain);\r\n diagnosticInfo.push(`Domain ${domain} resolves to IP: ${dnsResult.address}`);\r\n } catch (error) {\r\n diagnosticInfo.push(`DNS lookup error: ${(error as Error).message}`);\r\n return {\r\n status: 'failure',\r\n scanner: 'tlsConfig',\r\n error: `Failed to resolve domain: ${(error as Error).message}`,\r\n data: {\r\n version: '',\r\n ciphers: [],\r\n certificate: {\r\n issuer: '',\r\n subject: '',\r\n validFrom: '',\r\n validTo: '',\r\n expiresIn: 0\r\n },\r\n isValid: false,\r\n issues: [{\r\n severity: 'high',\r\n description: `Failed to resolve domain: ${(error as Error).message}`\r\n }],\r\n diagnosticInfo\r\n },\r\n timeTaken: Date.now() - startTime\r\n };\r\n }\r\n \r\n // Define ports to try\r\n const portsToTry = [443, 8443]; \r\n let portOpen = false;\r\n let openPort = 0;\r\n \r\n // Check if ports are open first\r\n for (const port of portsToTry) {\r\n diagnosticInfo.push(`Checking if port ${port} is open...`);\r\n const isOpen = await isPortOpen(domain, port, timeout);\r\n if (isOpen) {\r\n diagnosticInfo.push(`Port ${port} is open.`);\r\n portOpen = true;\r\n openPort = port;\r\n break;\r\n } else {\r\n diagno