mirror of
https://github.com/Vyntral/god-eye.git
synced 2026-05-20 07:04:42 +02:00
Vyntral
3a4c230aa7
Complete architectural overhaul. Replaces the v0.1 monolithic scanner with an event-driven pipeline of auto-registered modules. Foundation (internal/): - eventbus: typed pub/sub, 20 event types, race-safe, drop counter - module: registry with phase-based selection - store: thread-safe host store with per-host locks + deep-copy reads - pipeline: coordinator with phase barriers + panic recovery - config: 5 scan profiles + 3 AI tiers + YAML loader + auto-discovery Modules (26 auto-registered across 6 phases): - Discovery: passive (26 sources), bruteforce, recursive, AXFR, GitHub dorks, CT streaming, permutation, reverse DNS, vhost, ASN, supply chain (npm + PyPI) - Enrichment: HTTP probe + tech fingerprint + TLS appliance ID, ports - Analysis: security checks, takeover (110+ sigs), cloud, JavaScript, GraphQL, JWT, headers (OWASP), HTTP smuggling, AI cascade, Nuclei - Reporting: TXT/JSON/CSV writer + AI scan brief AI layer (internal/ai/ + internal/modules/ai/): - Three profiles: lean (16 GB), balanced (32 GB MoE), heavy (64 GB) - Six event-driven handlers: CVE, JS file, HTTP response, secret filter, multi-agent vuln enrichment, anomaly + executive report - Content-hash cache dedups Ollama calls across hosts - Auto-pull of missing models via /api/pull with streaming progress - End-of-scan AI SCAN BRIEF in terminal with top chains + next actions Nuclei compat layer (internal/nucleitpl/): - Executes ~13k community templates (HTTP subset) - Auto-download of nuclei-templates ZIP to ~/.god-eye/nuclei-templates - Scope filter rejects off-host templates (eliminates OSINT FPs) Operations: - Interactive wizard (internal/wizard/) — zero-flag launch - LivePrinter (internal/tui/) — colorized event stream - Diff engine + scheduler (internal/diff, internal/scheduler) for continuous ASM monitoring with webhook alerts - Proxy support (internal/proxyconf/): http / https / socks5 / socks5h + basic auth Fixes #1 — native SOCKS5 / Tor compatibility via --proxy flag. 185 unit tests across 15 packages, all race-detector clean.
271 lines
6.3 KiB
Go
271 lines
6.3 KiB
Go
package config
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
)
|
|
|
|
func TestLoadYAML_Missing(t *testing.T) {
|
|
y, err := LoadYAML("/tmp/this-definitely-does-not-exist-xyz.yaml")
|
|
if err != nil {
|
|
t.Errorf("missing file should return nil error, got %v", err)
|
|
}
|
|
if y != nil {
|
|
t.Errorf("missing file should return nil config, got %+v", y)
|
|
}
|
|
}
|
|
|
|
func TestLoadYAML_EmptyPath(t *testing.T) {
|
|
y, err := LoadYAML("")
|
|
if y != nil || err != nil {
|
|
t.Errorf("empty path → (nil, nil), got (%+v, %v)", y, err)
|
|
}
|
|
}
|
|
|
|
func TestLoadYAML_Malformed(t *testing.T) {
|
|
dir := t.TempDir()
|
|
path := filepath.Join(dir, "bad.yaml")
|
|
os.WriteFile(path, []byte("profile: [unclosed"), 0o644)
|
|
_, err := LoadYAML(path)
|
|
if err == nil {
|
|
t.Error("expected parse error for malformed YAML")
|
|
}
|
|
}
|
|
|
|
func TestLoadYAML_Full(t *testing.T) {
|
|
content := `
|
|
profile: bugbounty
|
|
concurrency: 500
|
|
timeout: 8
|
|
stealth: moderate
|
|
resolvers:
|
|
- 8.8.8.8
|
|
- 1.1.1.1
|
|
wordlist: /tmp/wl.txt
|
|
modules:
|
|
sources.crtsh: true
|
|
brute: false
|
|
ai:
|
|
enabled: true
|
|
url: http://localhost:11434
|
|
fast_model: qwen3:1.7b
|
|
deep_model: qwen2.5-coder:14b
|
|
cascade: true
|
|
deep: true
|
|
multi_agent: true
|
|
output:
|
|
path: /tmp/out.json
|
|
format: json
|
|
json: true
|
|
`
|
|
dir := t.TempDir()
|
|
path := filepath.Join(dir, "config.yaml")
|
|
os.WriteFile(path, []byte(content), 0o644)
|
|
|
|
y, err := LoadYAML(path)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if y == nil {
|
|
t.Fatal("expected non-nil config")
|
|
}
|
|
if y.Profile != "bugbounty" {
|
|
t.Errorf("Profile = %q", y.Profile)
|
|
}
|
|
if y.Concurrency != 500 {
|
|
t.Errorf("Concurrency = %d", y.Concurrency)
|
|
}
|
|
if y.Timeout != 8 {
|
|
t.Errorf("Timeout = %d", y.Timeout)
|
|
}
|
|
if y.Stealth != "moderate" {
|
|
t.Errorf("Stealth = %q", y.Stealth)
|
|
}
|
|
if len(y.Resolvers) != 2 {
|
|
t.Errorf("Resolvers len = %d", len(y.Resolvers))
|
|
}
|
|
if y.Modules["sources.crtsh"] != true {
|
|
t.Errorf("modules.sources.crtsh = false")
|
|
}
|
|
if y.Modules["brute"] != false {
|
|
t.Errorf("modules.brute = true")
|
|
}
|
|
if y.AI == nil || !y.AI.Enabled {
|
|
t.Error("AI not enabled")
|
|
}
|
|
if y.AI.URL != "http://localhost:11434" {
|
|
t.Errorf("AI.URL = %q", y.AI.URL)
|
|
}
|
|
if y.Output == nil || y.Output.Path != "/tmp/out.json" {
|
|
t.Errorf("Output.Path wrong")
|
|
}
|
|
}
|
|
|
|
func TestApplyYAML_NilInputs(t *testing.T) {
|
|
ApplyYAML(nil, &YAMLConfig{Profile: "x"}) // must not panic
|
|
ApplyYAML(&Config{}, nil) // must not panic
|
|
}
|
|
|
|
func TestApplyYAML_FillsZeroFields(t *testing.T) {
|
|
cfg := &Config{}
|
|
y := &YAMLConfig{
|
|
Profile: "quick",
|
|
Concurrency: 123,
|
|
Timeout: 7,
|
|
Stealth: "light",
|
|
Resolvers: []string{"8.8.8.8", "1.1.1.1"},
|
|
Wordlist: "/tmp/wl",
|
|
Modules: map[string]bool{"m1": true},
|
|
AI: &YAMLAIConfig{
|
|
Enabled: true,
|
|
URL: "http://x",
|
|
FastModel: "f",
|
|
DeepModel: "d",
|
|
Cascade: ptrTrue(),
|
|
Deep: true,
|
|
MultiAgent: true,
|
|
},
|
|
Output: &YAMLOutputConfig{Path: "/o", Format: "json", JSON: true},
|
|
}
|
|
ApplyYAML(cfg, y)
|
|
|
|
if cfg.Profile != "quick" {
|
|
t.Errorf("Profile = %q", cfg.Profile)
|
|
}
|
|
if cfg.Concurrency != 123 {
|
|
t.Errorf("Concurrency = %d", cfg.Concurrency)
|
|
}
|
|
if cfg.Timeout != 7 {
|
|
t.Errorf("Timeout = %d", cfg.Timeout)
|
|
}
|
|
if cfg.StealthMode != "light" {
|
|
t.Errorf("StealthMode = %q", cfg.StealthMode)
|
|
}
|
|
if cfg.Resolvers != "8.8.8.8,1.1.1.1" {
|
|
t.Errorf("Resolvers = %q", cfg.Resolvers)
|
|
}
|
|
if cfg.Wordlist != "/tmp/wl" {
|
|
t.Errorf("Wordlist = %q", cfg.Wordlist)
|
|
}
|
|
if !cfg.EnableAI {
|
|
t.Error("EnableAI should be true")
|
|
}
|
|
if cfg.AIUrl != "http://x" {
|
|
t.Errorf("AIUrl = %q", cfg.AIUrl)
|
|
}
|
|
if !cfg.AICascade {
|
|
t.Error("AICascade should be true")
|
|
}
|
|
if !cfg.AIDeepAnalysis {
|
|
t.Error("AIDeepAnalysis should be true")
|
|
}
|
|
if !cfg.MultiAgent {
|
|
t.Error("MultiAgent should be true")
|
|
}
|
|
if cfg.Output != "/o" {
|
|
t.Errorf("Output = %q", cfg.Output)
|
|
}
|
|
if cfg.Format != "json" {
|
|
t.Errorf("Format = %q", cfg.Format)
|
|
}
|
|
if !cfg.JsonOutput {
|
|
t.Error("JsonOutput should be true")
|
|
}
|
|
if cfg.ModuleSettings["m1"] != true {
|
|
t.Error("ModuleSettings.m1 should be true")
|
|
}
|
|
}
|
|
|
|
func TestApplyYAML_CLIOverrideWins(t *testing.T) {
|
|
cfg := &Config{
|
|
Profile: "pentest",
|
|
Concurrency: 42,
|
|
Timeout: 3,
|
|
StealthMode: "paranoid",
|
|
Resolvers: "9.9.9.9",
|
|
Wordlist: "/existing",
|
|
}
|
|
y := &YAMLConfig{
|
|
Profile: "quick",
|
|
Concurrency: 999,
|
|
Timeout: 999,
|
|
Stealth: "off",
|
|
Resolvers: []string{"8.8.8.8"},
|
|
Wordlist: "/yaml",
|
|
}
|
|
ApplyYAML(cfg, y)
|
|
|
|
// CLI values should survive
|
|
if cfg.Profile != "pentest" {
|
|
t.Errorf("Profile overwritten: %q", cfg.Profile)
|
|
}
|
|
if cfg.Concurrency != 42 {
|
|
t.Errorf("Concurrency overwritten: %d", cfg.Concurrency)
|
|
}
|
|
if cfg.Timeout != 3 {
|
|
t.Errorf("Timeout overwritten: %d", cfg.Timeout)
|
|
}
|
|
if cfg.StealthMode != "paranoid" {
|
|
t.Errorf("StealthMode overwritten: %q", cfg.StealthMode)
|
|
}
|
|
if cfg.Resolvers != "9.9.9.9" {
|
|
t.Errorf("Resolvers overwritten: %q", cfg.Resolvers)
|
|
}
|
|
if cfg.Wordlist != "/existing" {
|
|
t.Errorf("Wordlist overwritten: %q", cfg.Wordlist)
|
|
}
|
|
}
|
|
|
|
func TestDefaultConfigPaths(t *testing.T) {
|
|
paths := DefaultConfigPaths()
|
|
if len(paths) < 3 {
|
|
t.Errorf("expected ≥3 default paths, got %d", len(paths))
|
|
}
|
|
// First two are CWD-relative
|
|
if paths[0] != "god-eye.yaml" {
|
|
t.Errorf("paths[0] = %q", paths[0])
|
|
}
|
|
if paths[1] != ".god-eye.yaml" {
|
|
t.Errorf("paths[1] = %q", paths[1])
|
|
}
|
|
}
|
|
|
|
func TestFindConfigFile_FindsInWorkingDir(t *testing.T) {
|
|
// Create a temp "god-eye.yaml" and ensure the search finds it. We can't
|
|
// easily change CWD for just this test, so we validate the underlying
|
|
// Stat call by constructing a path that definitely exists.
|
|
dir := t.TempDir()
|
|
target := filepath.Join(dir, "god-eye.yaml")
|
|
os.WriteFile(target, []byte("profile: quick\n"), 0o644)
|
|
|
|
oldWD, _ := os.Getwd()
|
|
defer os.Chdir(oldWD)
|
|
if err := os.Chdir(dir); err != nil {
|
|
t.Skipf("cannot chdir: %v", err)
|
|
}
|
|
|
|
got := FindConfigFile()
|
|
if got != "god-eye.yaml" {
|
|
t.Errorf("FindConfigFile = %q, want god-eye.yaml", got)
|
|
}
|
|
}
|
|
|
|
func TestFindConfigFile_NoneFound(t *testing.T) {
|
|
dir := t.TempDir()
|
|
oldWD, _ := os.Getwd()
|
|
defer os.Chdir(oldWD)
|
|
if err := os.Chdir(dir); err != nil {
|
|
t.Skipf("cannot chdir: %v", err)
|
|
}
|
|
// Also override HOME to an empty dir so the user-home path never matches.
|
|
oldHome := os.Getenv("HOME")
|
|
defer os.Setenv("HOME", oldHome)
|
|
os.Setenv("HOME", dir)
|
|
|
|
got := FindConfigFile()
|
|
if got != "" {
|
|
t.Errorf("FindConfigFile = %q, want empty", got)
|
|
}
|
|
}
|