apihunter 0.1.2

Async API security scanner with passive and active checks for CORS, CSP, GraphQL, JWT, OpenAPI, and API posture.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

// src/scanner/mod.rs
//
// Scanner trait definition and shared types.

pub mod api_security;
pub mod common;
pub mod cors;
pub mod csp;
pub mod cve_templates;
pub mod graphql;
pub mod http_utils;
pub mod jwt;
pub mod mass_assignment;
pub mod oauth_oidc;
pub mod openapi;
pub mod rate_limit;
pub mod websocket;

use crate::{config::Config, error::CapturedError, http_client::HttpClient, reports::Finding};

/// Every scanner module implements this trait.
///
/// `scan()` returns `(findings, errors)` and must never panic; all internal
/// errors should be captured and returned in the error vector.
#[async_trait::async_trait]
pub trait Scanner: Send + Sync + 'static {
    /// Stable scanner identifier used for logging, metrics, and reporting.
    fn name(&self) -> &'static str;

    /// Run this scanner against a single URL.
    async fn scan(
        &self,
        url: &str,
        client: &HttpClient,
        config: &Config,
    ) -> (Vec<Finding>, Vec<CapturedError>);
}