mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-02-12 14:02:45 +00:00
390 lines
14 KiB
Python
390 lines
14 KiB
Python
"""
|
|
NeuroSploit v3 - Vulnerabilities API Endpoints
|
|
"""
|
|
from typing import List
|
|
from fastapi import APIRouter, Depends, HTTPException
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
from sqlalchemy import select
|
|
|
|
from backend.db.database import get_db
|
|
from backend.models import Vulnerability
|
|
from backend.schemas.vulnerability import VulnerabilityResponse, VulnerabilityTypeInfo
|
|
|
|
router = APIRouter()
|
|
|
|
# Vulnerability type definitions
|
|
VULNERABILITY_TYPES = {
|
|
"injection": {
|
|
"xss_reflected": {
|
|
"name": "Reflected XSS",
|
|
"description": "Cross-site scripting via user input reflected in response",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-79"]
|
|
},
|
|
"xss_stored": {
|
|
"name": "Stored XSS",
|
|
"description": "Cross-site scripting stored in application database",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-79"]
|
|
},
|
|
"xss_dom": {
|
|
"name": "DOM-based XSS",
|
|
"description": "Cross-site scripting via DOM manipulation",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-79"]
|
|
},
|
|
"sqli_error": {
|
|
"name": "Error-based SQL Injection",
|
|
"description": "SQL injection detected via error messages",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-89"]
|
|
},
|
|
"sqli_union": {
|
|
"name": "Union-based SQL Injection",
|
|
"description": "SQL injection exploitable via UNION queries",
|
|
"severity_range": "critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-89"]
|
|
},
|
|
"sqli_blind": {
|
|
"name": "Blind SQL Injection",
|
|
"description": "SQL injection without visible output",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-89"]
|
|
},
|
|
"sqli_time": {
|
|
"name": "Time-based SQL Injection",
|
|
"description": "SQL injection detected via response time",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-89"]
|
|
},
|
|
"command_injection": {
|
|
"name": "Command Injection",
|
|
"description": "OS command injection vulnerability",
|
|
"severity_range": "critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-78"]
|
|
},
|
|
"ssti": {
|
|
"name": "Server-Side Template Injection",
|
|
"description": "Template injection allowing code execution",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-94"]
|
|
},
|
|
"ldap_injection": {
|
|
"name": "LDAP Injection",
|
|
"description": "LDAP query injection",
|
|
"severity_range": "high",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-90"]
|
|
},
|
|
"xpath_injection": {
|
|
"name": "XPath Injection",
|
|
"description": "XPath query injection",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-643"]
|
|
},
|
|
"nosql_injection": {
|
|
"name": "NoSQL Injection",
|
|
"description": "NoSQL database injection",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-943"]
|
|
},
|
|
"header_injection": {
|
|
"name": "HTTP Header Injection",
|
|
"description": "Injection into HTTP headers",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-113"]
|
|
},
|
|
"crlf_injection": {
|
|
"name": "CRLF Injection",
|
|
"description": "Carriage return line feed injection",
|
|
"severity_range": "medium",
|
|
"owasp_category": "A03:2021",
|
|
"cwe_ids": ["CWE-93"]
|
|
}
|
|
},
|
|
"file_access": {
|
|
"lfi": {
|
|
"name": "Local File Inclusion",
|
|
"description": "Include local files via path manipulation",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-98"]
|
|
},
|
|
"rfi": {
|
|
"name": "Remote File Inclusion",
|
|
"description": "Include remote files for code execution",
|
|
"severity_range": "critical",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-98"]
|
|
},
|
|
"path_traversal": {
|
|
"name": "Path Traversal",
|
|
"description": "Access files outside web root",
|
|
"severity_range": "high",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-22"]
|
|
},
|
|
"file_upload": {
|
|
"name": "Arbitrary File Upload",
|
|
"description": "Upload malicious files",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A04:2021",
|
|
"cwe_ids": ["CWE-434"]
|
|
},
|
|
"xxe": {
|
|
"name": "XML External Entity",
|
|
"description": "XXE injection vulnerability",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-611"]
|
|
}
|
|
},
|
|
"request_forgery": {
|
|
"ssrf": {
|
|
"name": "Server-Side Request Forgery",
|
|
"description": "Forge requests from the server",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A10:2021",
|
|
"cwe_ids": ["CWE-918"]
|
|
},
|
|
"ssrf_cloud": {
|
|
"name": "SSRF to Cloud Metadata",
|
|
"description": "SSRF accessing cloud provider metadata",
|
|
"severity_range": "critical",
|
|
"owasp_category": "A10:2021",
|
|
"cwe_ids": ["CWE-918"]
|
|
},
|
|
"csrf": {
|
|
"name": "Cross-Site Request Forgery",
|
|
"description": "Forge requests as authenticated user",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-352"]
|
|
}
|
|
},
|
|
"authentication": {
|
|
"auth_bypass": {
|
|
"name": "Authentication Bypass",
|
|
"description": "Bypass authentication mechanisms",
|
|
"severity_range": "critical",
|
|
"owasp_category": "A07:2021",
|
|
"cwe_ids": ["CWE-287"]
|
|
},
|
|
"session_fixation": {
|
|
"name": "Session Fixation",
|
|
"description": "Force known session ID on user",
|
|
"severity_range": "high",
|
|
"owasp_category": "A07:2021",
|
|
"cwe_ids": ["CWE-384"]
|
|
},
|
|
"jwt_manipulation": {
|
|
"name": "JWT Token Manipulation",
|
|
"description": "Manipulate JWT tokens for auth bypass",
|
|
"severity_range": "high-critical",
|
|
"owasp_category": "A07:2021",
|
|
"cwe_ids": ["CWE-347"]
|
|
},
|
|
"weak_password_policy": {
|
|
"name": "Weak Password Policy",
|
|
"description": "Application accepts weak passwords",
|
|
"severity_range": "medium",
|
|
"owasp_category": "A07:2021",
|
|
"cwe_ids": ["CWE-521"]
|
|
}
|
|
},
|
|
"authorization": {
|
|
"idor": {
|
|
"name": "Insecure Direct Object Reference",
|
|
"description": "Access objects without proper authorization",
|
|
"severity_range": "high",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-639"]
|
|
},
|
|
"bola": {
|
|
"name": "Broken Object Level Authorization",
|
|
"description": "API-level object authorization bypass",
|
|
"severity_range": "high",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-639"]
|
|
},
|
|
"privilege_escalation": {
|
|
"name": "Privilege Escalation",
|
|
"description": "Escalate to higher privilege level",
|
|
"severity_range": "critical",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-269"]
|
|
}
|
|
},
|
|
"api_security": {
|
|
"rate_limiting": {
|
|
"name": "Missing Rate Limiting",
|
|
"description": "No rate limiting on sensitive endpoints",
|
|
"severity_range": "medium",
|
|
"owasp_category": "A04:2021",
|
|
"cwe_ids": ["CWE-770"]
|
|
},
|
|
"mass_assignment": {
|
|
"name": "Mass Assignment",
|
|
"description": "Modify unintended object properties",
|
|
"severity_range": "high",
|
|
"owasp_category": "A04:2021",
|
|
"cwe_ids": ["CWE-915"]
|
|
},
|
|
"excessive_data": {
|
|
"name": "Excessive Data Exposure",
|
|
"description": "API returns more data than needed",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-200"]
|
|
},
|
|
"graphql_introspection": {
|
|
"name": "GraphQL Introspection Enabled",
|
|
"description": "GraphQL schema exposed via introspection",
|
|
"severity_range": "low-medium",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-200"]
|
|
}
|
|
},
|
|
"client_side": {
|
|
"cors_misconfig": {
|
|
"name": "CORS Misconfiguration",
|
|
"description": "Permissive CORS policy",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-942"]
|
|
},
|
|
"clickjacking": {
|
|
"name": "Clickjacking",
|
|
"description": "Page can be framed for clickjacking",
|
|
"severity_range": "medium",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-1021"]
|
|
},
|
|
"open_redirect": {
|
|
"name": "Open Redirect",
|
|
"description": "Redirect to arbitrary URLs",
|
|
"severity_range": "low-medium",
|
|
"owasp_category": "A01:2021",
|
|
"cwe_ids": ["CWE-601"]
|
|
}
|
|
},
|
|
"information_disclosure": {
|
|
"error_disclosure": {
|
|
"name": "Error Message Disclosure",
|
|
"description": "Detailed error messages exposed",
|
|
"severity_range": "low-medium",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-209"]
|
|
},
|
|
"sensitive_data": {
|
|
"name": "Sensitive Data Exposure",
|
|
"description": "Sensitive information exposed",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A02:2021",
|
|
"cwe_ids": ["CWE-200"]
|
|
},
|
|
"debug_endpoints": {
|
|
"name": "Debug Endpoints Exposed",
|
|
"description": "Debug/admin endpoints accessible",
|
|
"severity_range": "high",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-489"]
|
|
}
|
|
},
|
|
"infrastructure": {
|
|
"security_headers": {
|
|
"name": "Missing Security Headers",
|
|
"description": "Important security headers not set",
|
|
"severity_range": "low-medium",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-693"]
|
|
},
|
|
"ssl_issues": {
|
|
"name": "SSL/TLS Issues",
|
|
"description": "Weak SSL/TLS configuration",
|
|
"severity_range": "medium",
|
|
"owasp_category": "A02:2021",
|
|
"cwe_ids": ["CWE-326"]
|
|
},
|
|
"http_methods": {
|
|
"name": "Dangerous HTTP Methods",
|
|
"description": "Dangerous HTTP methods enabled",
|
|
"severity_range": "low-medium",
|
|
"owasp_category": "A05:2021",
|
|
"cwe_ids": ["CWE-749"]
|
|
}
|
|
},
|
|
"logic_flaws": {
|
|
"race_condition": {
|
|
"name": "Race Condition",
|
|
"description": "Exploitable race condition",
|
|
"severity_range": "medium-high",
|
|
"owasp_category": "A04:2021",
|
|
"cwe_ids": ["CWE-362"]
|
|
},
|
|
"business_logic": {
|
|
"name": "Business Logic Flaw",
|
|
"description": "Exploitable business logic error",
|
|
"severity_range": "varies",
|
|
"owasp_category": "A04:2021",
|
|
"cwe_ids": ["CWE-840"]
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
@router.get("/types")
|
|
async def get_vulnerability_types():
|
|
"""Get all vulnerability types organized by category"""
|
|
return VULNERABILITY_TYPES
|
|
|
|
|
|
@router.get("/types/{category}")
|
|
async def get_vulnerability_types_by_category(category: str):
|
|
"""Get vulnerability types for a specific category"""
|
|
if category not in VULNERABILITY_TYPES:
|
|
raise HTTPException(status_code=404, detail=f"Category '{category}' not found")
|
|
|
|
return VULNERABILITY_TYPES[category]
|
|
|
|
|
|
@router.get("/types/{category}/{vuln_type}", response_model=VulnerabilityTypeInfo)
|
|
async def get_vulnerability_type_info(category: str, vuln_type: str):
|
|
"""Get detailed info for a specific vulnerability type"""
|
|
if category not in VULNERABILITY_TYPES:
|
|
raise HTTPException(status_code=404, detail=f"Category '{category}' not found")
|
|
|
|
if vuln_type not in VULNERABILITY_TYPES[category]:
|
|
raise HTTPException(status_code=404, detail=f"Type '{vuln_type}' not found in category '{category}'")
|
|
|
|
info = VULNERABILITY_TYPES[category][vuln_type]
|
|
return VulnerabilityTypeInfo(
|
|
type=vuln_type,
|
|
category=category,
|
|
**info
|
|
)
|
|
|
|
|
|
@router.get("/{vuln_id}", response_model=VulnerabilityResponse)
|
|
async def get_vulnerability(vuln_id: str, db: AsyncSession = Depends(get_db)):
|
|
"""Get a specific vulnerability by ID"""
|
|
result = await db.execute(select(Vulnerability).where(Vulnerability.id == vuln_id))
|
|
vuln = result.scalar_one_or_none()
|
|
|
|
if not vuln:
|
|
raise HTTPException(status_code=404, detail="Vulnerability not found")
|
|
|
|
return VulnerabilityResponse(**vuln.to_dict())
|