Skip to main content

web_analyzer/
payloads.rs

1//! Compile-time embedded payload data from the `payloads/` directory.
2//!
3//! Uses `include_str!()` to bake all payload files into the binary at compile time.
4//! This gives zero runtime I/O overhead while keeping the data as editable `.txt` files.
5
6/// SQL injection payloads (26 patterns)
7pub const SQL_INJECTION: &str = include_str!("../payloads/sql_injection.txt");
8
9/// Cross-site scripting payloads (24 patterns)
10pub const XSS: &str = include_str!("../payloads/xss.txt");
11
12/// Server-side request forgery probe URLs (31 patterns)
13pub const SSRF: &str = include_str!("../payloads/ssrf.txt");
14
15/// XML external entity injection payloads (7 patterns)
16pub const XXE: &str = include_str!("../payloads/xxe.txt");
17
18/// Command injection payloads (29 patterns)
19pub const COMMAND_INJECTION: &str = include_str!("../payloads/command_injection.txt");
20
21/// Local file inclusion paths (24 patterns)
22pub const LFI: &str = include_str!("../payloads/lfi.txt");
23
24/// NoSQL injection payloads (20 patterns)
25pub const NOSQL_INJECTION: &str = include_str!("../payloads/nosql_injection.txt");
26
27/// Server-side template injection payloads (24 patterns)
28pub const SSTI: &str = include_str!("../payloads/ssti.txt");
29
30/// Authentication bypass headers (26 patterns)
31pub const AUTH_BYPASS_HEADERS: &str = include_str!("../payloads/auth_bypass_headers.txt");
32
33/// API endpoint paths (846 paths)
34pub const API_ENDPOINTS: &str = include_str!("../payloads/api_endpoints.txt");
35
36/// Parse a payload file into lines, skipping comments and empty lines.
37pub fn lines(payload: &str) -> Vec<&str> {
38    payload
39        .lines()
40        .map(|l| l.trim())
41        .filter(|l| !l.is_empty() && !l.starts_with('#'))
42        .collect()
43}
44
45/// Parse auth bypass headers into (header_name, header_value) tuples.
46pub fn auth_headers(payload: &str) -> Vec<(&str, &str)> {
47    lines(payload)
48        .into_iter()
49        .filter_map(|l| {
50            let idx = l.find(':')?;
51            let name = l[..idx].trim();
52            let value = l[idx + 1..].trim();
53            Some((name, value))
54        })
55        .collect()
56}