### Dirsearch Simple Usage Examples Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Demonstrates basic command-line invocations of Dirsearch for initiating web path scans. Includes examples for specifying the target URL and file extensions. ```bash python3 dirsearch.py -u https://target ``` ```bash python3 dirsearch.py -e php,html,js -u https://target ``` ```bash python3 dirsearch.py -e php,html,js -u https://target -w /path/to/wordlist ``` -------------------------------- ### Windows Quick Start Script Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Provides Windows batch commands to start both the backend and frontend servers, either using a convenience script or manually. ```bash # Start both servers .\start.bat # Or manually: cd backend && python main.py cd frontend && npm run dev ``` -------------------------------- ### Docker Deployment .env Configuration Example Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Shows the environment variable setup for a Dockerized deployment, using service names for host configurations and specific ports. ```bash # Root .env BACKEND_HOST=0.0.0.0 BACKEND_PORT=8002 FRONTEND_HOST=scanpilot-frontend FRONTEND_PORT=3000 # frontend/.env VITE_BACKEND_HOST=scanpilot-backend VITE_BACKEND_PORT=8002 VITE_DEV_PORT=3000 ``` -------------------------------- ### Linux/Mac Quick Start Script Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Offers Linux/macOS shell commands to start both servers, including making the script executable and running it, or executing them manually in the background. ```bash # Start both servers chmod +x start.sh ./start.sh # Or manually: cd backend && python main.py & cd frontend && npm run dev ``` -------------------------------- ### Install Docker on Linux Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Command to install Docker on a Linux system using a convenience script. This enables the use of Docker containers for running applications like Dirsearch. ```sh curl -fsSL https://get.docker.com | bash ``` -------------------------------- ### Local Development .env Configuration Example Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Provides an example of how to configure both the root and frontend .env files for a local development environment, typically using 'localhost'. ```bash # Root .env BACKEND_HOST=localhost BACKEND_PORT=8002 FRONTEND_HOST=localhost FRONTEND_PORT=3000 # frontend/.env VITE_BACKEND_HOST=localhost VITE_BACKEND_PORT=8002 VITE_DEV_PORT=3000 ``` -------------------------------- ### Advanced Dirsearch Command Examples Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Demonstrates advanced usage of Dirsearch, including reading input from stdin, setting maximum scan time, basic authentication, and custom headers. ```python cat urls.txt | python3 dirsearch.py --stdin ``` ```python python3 dirsearch.py -u https://target --max-time 360 ``` ```python python3 dirsearch.py -u https://target --auth admin:pass --auth-type basic ``` ```python python3 dirsearch.py -u https://target --header-list rate-limit-bypasses.txt ``` -------------------------------- ### Backend Database Initialization and Operations with SQLAlchemy Source: https://context7.com/l0gs3c/scanpilot/llms.txt Demonstrates database initialization using SQLAlchemy for SQLite and PostgreSQL. It includes examples of using database sessions within FastAPI endpoints, creating new users via AuthService, and authenticating users. ```python from app.database import init_db, get_db, SessionLocal from app.models import User, Target from app.services.auth_service import AuthService # Initialize database (called on app startup) init_db() # Using database session in FastAPI endpoint from fastapi import Depends from sqlalchemy.orm import Session @app.get("/example") async def example_endpoint(db: Session = Depends(get_db)): targets = db.query(Target).filter(Target.status == "idle").all() return {"targets": [t.to_dict() for t in targets]} # Create user programmatically def create_new_user(db: Session): user = AuthService.create_user( db=db, username="newuser", password="securepassword", is_admin=False ) return user # Authenticate user def authenticate(db: Session, username: str, password: str): user = AuthService.authenticate_user(db, username, password) if user and user.is_active: return user return None ``` -------------------------------- ### Production Server .env Configuration Example Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Illustrates the .env file settings for a production deployment, using a domain name for the frontend host and a standard port for the backend. ```bash # Root .env BACKEND_HOST=0.0.0.0 BACKEND_PORT=8000 FRONTEND_HOST=your-domain.com FRONTEND_PORT=80 # frontend/.env VITE_BACKEND_HOST=your-domain.com VITE_BACKEND_PORT=8000 VITE_DEV_PORT=3000 ``` -------------------------------- ### Dirsearch Recursion Examples Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Illustrates how to enable and configure recursive scanning in Dirsearch. Covers basic recursion, setting recursion depth and status codes, and using force/deep recursive options. ```bash python3 dirsearch.py -e php,html,js -u https://target -r ``` ```bash python3 dirsearch.py -e php,html,js -u https://target -r --recursion-depth 3 --recursion-status 200-399 ``` ```bash python3 dirsearch.py -e php,html,js -u https://target -r --exclude-subdirs image/,media/,css/ ``` -------------------------------- ### Get All Wildcards using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Retrieves a list of all configured wildcard domain patterns. ```bash curl -X GET http://localhost:8000/api/v1/wildcards/ \ -H "Authorization: Bearer $TOKEN" ``` -------------------------------- ### Docker Compose for Full Stack Deployment Source: https://context7.com/l0gs3c/scanpilot/llms.txt Docker Compose configurations for deploying the Scanpilot application stack, including backend services, PostgreSQL, and Redis. Examples cover production and development environments, log viewing, and scaling services. ```bash # Production deployment docker-compose up -d # Development environment docker-compose -f docker-compose.dev.yml up -d # View logs docker-compose logs -f backend # Scale backend workers docker-compose up -d --scale backend=3 ``` -------------------------------- ### Vue.js Application Setup - JavaScript Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/lib/reports/templates/html_report_template.html This JavaScript code initializes a Vue.js application. It sets up data properties for search queries and resources, defines a method for joining URLs, and implements a computed property `resultQuery` that dynamically filters resources based on the defined search and exclusion criteria. ```javascript window.onload = function () { var app = new Vue({ el: '#app', delimiters: ['[[', ']]'], data() { return { lengthExcludeSearchQuery: null, statusExcludeSearchQuery: null, searchQuery: null, resources: {{ results | tojson }} }; }, methods: { urlJoin: function(url, redirect){ return new URL(redirect, url).href; } }, computed: { resultQuery(){ var arr = null; if(this.searchQuery){ arr = this.resources.filter((result)=>{ return search(this, result) }); if(!this.statusExcludeSearchQuery && !this.lengthExcludeSearchQuery) return arr; } if(this.statusExcludeSearchQuery){ var arrStatusExcluded = null; if(arr){ arrStatusExcluded = arr.filter((result)=>{ return statusExcludeSearch(this, result) }); if(!this.lengthExcludeSearchQuery) return arrStatusExcluded; } else{ arrStatusExcluded = this.resources.filter((result)=>{ return statusExcludeSearch(this, result) }); if(!this.lengthExcludeSearchQuery) return arrStatusExcluded; } } if(this.lengthExcludeSearchQuery){ if(arrStatusExcluded){ return arrStatusExcluded.filter((result)=>{ return lengthExcludeSearch(this, result) }) } else if(arr){ return arr.filter((result)=>{ return lengthExcludeSearch(this, result) }) } else{ return this.resources.filter((result)=>{ return lengthExcludeSearch(this, result) }) } } else{ return this.resources; } } } }); } ``` -------------------------------- ### Manage Scan Targets (Create, List, Update, Delete) - Bash Source: https://context7.com/l0gs3c/scanpilot/llms.txt Provides examples for managing scan targets within the ScanPilot platform using cURL. Covers creating specific and wildcard targets, listing targets with pagination and filtering, retrieving a single target, updating target details, changing status, and deleting targets. Assumes a valid JWT token is stored in the $TOKEN variable. ```bash # Create a non-wildcard target (specific domain) curl -X POST http://localhost:8000/api/v1/targets/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Example API Server", "domain": "api.example.com", "port": "443", "description": "Main API endpoint", "isWildcard": false }' # Response: # { # "id": 1, # "name": "Example API Server", # "domain": "api.example.com", # "port": "443", # "wildcardPattern": null, # "parentWildcard": null, # "description": "Main API endpoint", # "isWildcard": false, # "status": "idle", # "activeScans": 0, # "completedScans": 0, # "createdAt": "2024-01-15T10:30:00Z", # "updatedAt": null, # "targetUrl": "api.example.com" # } # Create a wildcard target (for subdomain enumeration) curl -X POST http://localhost:8000/api/v1/targets/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Example Corp Wildcard", "wildcardPattern": "*.example.com", "description": "All subdomains of example.com", "isWildcard": true }' # List all targets with pagination and filtering curl -X GET "http://localhost:8000/api/v1/targets/?skip=0&limit=50&status=idle&search=example&order_by=created_at&order_desc=true" \ -H "Authorization: Bearer $TOKEN" # Response: # { # "targets": [...], # "total": 25, # "page": 1, # "size": 50 # } # Get single target by ID curl -X GET http://localhost:8000/api/v1/targets/1 \ -H "Authorization: Bearer $TOKEN" # Update target curl -X PUT http://localhost:8000/api/v1/targets/1 \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Updated API Server", "description": "Updated description", "port": "8443" }' # Update target status curl -X PATCH "http://localhost:8000/api/v1/targets/1/status?status=scanning" \ -H "Authorization: Bearer $TOKEN" # Delete target (fails if active scans exist) curl -X DELETE http://localhost:8000/api/v1/targets/1 \ -H "Authorization: Bearer $TOKEN" # Get children of a wildcard target curl -X GET http://localhost:8000/api/v1/targets/2/children?skip=0&limit=100 \ -H "Authorization: Bearer $TOKEN" # Get all wildcard targets (for parent selection) curl -X GET http://localhost:8000/api/v1/targets/wildcards/list \ -H "Authorization: Bearer $TOKEN" # Get scannable targets (non-wildcard targets only, for scan modal) curl -X GET http://localhost:8000/api/v1/targets/scannable \ -H "Authorization: Bearer $TOKEN" ``` -------------------------------- ### Add Custom Prefixes to Dirsearch Scan Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Prepend custom strings to all entries in the wordlist before scanning. This is useful for targeting specific naming conventions or patterns. For example, adding '.', 'admin', and '_' as prefixes. ```python python3 dirsearch.py -e php -u https://target --prefixes .,admin,_ ``` -------------------------------- ### Start a New Scan with Dirsearch using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Initiates a new security scan using the Dirsearch tool. Requires a target ID, tool name, and template ID. Returns a scan ID upon successful initiation. ```bash curl -X POST http://localhost:8000/api/v1/scans/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "target_id": 1, "tool": "dirsearch", "template_id": 1 }' ``` -------------------------------- ### Get Specific Wildcard using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Retrieves details for a specific wildcard domain pattern using its ID. ```bash curl -X GET http://localhost:8000/api/v1/wildcards/1 \ -H "Authorization: Bearer $TOKEN" ``` -------------------------------- ### Scan Management API Source: https://context7.com/l0gs3c/scanpilot/llms.txt Endpoints for managing security scans, including retrieving scan lists and potentially starting, stopping, or downloading results. ```APIDOC ## Scan Management API The scans API manages security scanning operations including starting, pausing, resuming, and stopping scans. Results can be downloaded after scan completion. ### GET /api/v1/scans/ **Description**: Retrieve a list of all security scans. **Method**: GET **Endpoint**: `/api/v1/scans/` #### Headers - **Authorization** (string) - Required - Bearer token for authentication (e.g., `Bearer `). ### Response #### Success Response (200) - Returns an array of scan objects. Each object contains details like `id`, `target`, and `tool`. #### Response Example ```json [ { "id": "1", "target": "example.com", "tool": "dirsearch" } ] ``` ``` -------------------------------- ### Scan Management API Source: https://github.com/l0gs3c/scanpilot/blob/master/README.md Endpoints for managing security scans, including starting, monitoring, and retrieving results. ```APIDOC ## GET /api/v1/scans ### Description Retrieves a list of all scans. ### Method GET ### Endpoint /api/v1/scans ### Response #### Success Response (200) - **scans** (array) - A list of scan objects. - **id** (integer) - The scan's unique identifier. - **target_id** (integer) - The ID of the target being scanned. - **status** (string) - The current status of the scan (e.g., running, completed, failed). - **start_time** (string) - The time the scan started. ## POST /api/v1/scans ### Description Starts a new security scan. ### Method POST ### Endpoint /api/v1/scans ### Parameters #### Request Body - **target_id** (integer) - Required - The ID of the target to scan. - **tool** (string) - Optional - The scanning tool to use (e.g., 'nmap', 'nuclei'). Defaults to system default. ### Response #### Success Response (201) - **id** (integer) - The unique identifier of the newly started scan. - **target_id** (integer) - The ID of the target being scanned. - **status** (string) - The initial status of the scan (e.g., pending). ## GET /api/v1/scans/{id} ### Description Retrieves details for a specific scan. ### Method GET ### Endpoint /api/v1/scans/{id} ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the scan to retrieve. ### Response #### Success Response (200) - **id** (integer) - The scan's unique identifier. - **target_id** (integer) - The ID of the target being scanned. - **status** (string) - The current status of the scan. - **start_time** (string) - The time the scan started. - **end_time** (string) - The time the scan ended (if completed). - **results** (object) - Scan results (structure depends on the tool). ## POST /api/v1/scans/{id}/pause ### Description Pauses a running scan. ### Method POST ### Endpoint /api/v1/scans/{id}/pause ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the scan to pause. ### Response #### Success Response (200) - **message** (string) - Confirmation message. ## POST /api/v1/scans/{id}/resume ### Description Resumes a paused scan. ### Method POST ### Endpoint /api/v1/scans/{id}/resume ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the scan to resume. ### Response #### Success Response (200) - **message** (string) - Confirmation message. ## POST /api/v1/scans/{id}/stop ### Description Stops a running or paused scan. ### Method POST ### Endpoint /api/v1/scans/{id}/stop ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the scan to stop. ### Response #### Success Response (200) - **message** (string) - Confirmation message. ## GET /api/v1/scans/{id}/results ### Description Downloads the results of a completed scan. ### Method GET ### Endpoint /api/v1/scans/{id}/results ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the scan whose results to download. ### Response #### Success Response (200) - **file** (binary) - The scan results file (format depends on the tool, e.g., JSON, XML). ``` -------------------------------- ### Get Specific Scan Template using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Retrieves details for a specific scan template using its ID. ```bash curl -X GET http://localhost:8000/api/v1/templates/1 \ -H "Authorization: Bearer $TOKEN" ``` -------------------------------- ### Create a New Scan Template using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Defines a new reusable scan configuration. Requires a name, tool, command template, and description. Returns the created template's details. ```bash curl -X POST http://localhost:8000/api/v1/templates/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Aggressive Dirsearch", "tool": "dirsearch", "command_template": "-u {target} -e php,html,js -t 50 --deep-recursive", "description": "Deep recursive directory scanning" }' ``` -------------------------------- ### Authenticate and Manage User Sessions with JWT - Bash Source: https://context7.com/l0gs3c/scanpilot/llms.txt Demonstrates how to authenticate with the ScanPilot API using JWT tokens. It covers logging in to obtain an access token, retrieving current user information, and logging out. Requires a running API instance on localhost:8000. ```bash # Login - Obtain JWT access token curl -X POST http://localhost:8000/api/v1/auth/login \ -H "Content-Type: application/json" \ -d '{ "username": "admin", "password": "admin" }' # Response: # { # "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", # "token_type": "bearer", # "user_id": 1, # "username": "admin", # "is_admin": true # } # Get current user info curl -X GET http://localhost:8000/api/v1/auth/me \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." # Response: # { # "username": "admin", # "user_id": 1, # "is_admin": true, # "is_active": true # } # Logout curl -X POST http://localhost:8000/api/v1/auth/logout \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." ``` -------------------------------- ### Get Specific Scan Status using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Retrieves the status of a specific scan using its unique scan ID. Requires the scan ID in the URL. ```bash curl -X GET http://localhost:8000/api/v1/scans/abc123 \ -H "Authorization: Bearer $TOKEN" ``` -------------------------------- ### Build Dirsearch Docker Image Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Command to build a Docker image for Dirsearch. This allows you to package and run Dirsearch in a consistent environment. Replace 'dirsearch:v0.4.3' with your desired image name and tag. ```sh docker build -t "dirsearch:v0.4.3" . ``` -------------------------------- ### Update Environment Variables for Domain/IP Change Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Details the steps to update environment variables when changing from localhost to a specific domain or IP address, including backend, frontend, and CORS settings. ```bash # Update root .env file BACKEND_HOST=192.168.1.100 BACKEND_PORT=8002 # Update frontend/.env file VITE_BACKEND_HOST=192.168.1.100 VITE_BACKEND_PORT=8002 # Update CORS origins in root .env: BACKEND_CORS_ORIGINS=["http://192.168.1.100:3000","https://192.168.1.100:3000"] ``` -------------------------------- ### Create New Wildcard using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Adds a new wildcard domain pattern for subdomain enumeration. Requires a name, pattern, and description. ```bash curl -X POST http://localhost:8000/api/v1/wildcards/ \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Corp Wildcard", "pattern": "*.corp.example.com", "description": "Corporate subdomains" }' ``` -------------------------------- ### Dirsearch Configuration File (`config.ini`) Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md This INI file allows users to set default values for Dirsearch flags. It covers general settings, dictionary options, request configurations, connection parameters, advanced settings, view preferences, and output options. ```ini # If you want to edit dirsearch default configurations, you can # edit values in this file. Everything after `#` is a comment # and won't be applied [general] threads = 25 recursive = False deep-recursive = False force-recursive = False recursion-status = 200-399,401,403 max-recursion-depth = 0 exclude-subdirs = %%ff/,.;/,..;/,;/,./,../,%%2e/,%%2e%%2e/ random-user-agents = False max-time = 0 # subdirs = /,api/ # include-status = 200-299,401 # exclude-status = 400,500-999 # exclude-sizes = 0b,123gb # exclude-texts = "Not found" # exclude-regex = "^403$" # exclude-redirect = "*/error.html" # exclude-response = 404.html # skip-on-status = 429,999 [dictionary] default-extensions = php,aspx,jsp,html,js force-extensions = False overwrite-extensions = False lowercase = False uppercase = False capitalization = False # exclude-extensions = old,log # prefixes = .,admin # suffixes = ~,.bak # wordlists = /path/to/wordlist1.txt,/path/to/wordlist2.txt [request] hhttpmethod = get follow-redirects = False # headers-file = /path/to/headers.txt # user-agent = MyUserAgent # cookie = SESSIONID=123 [connection] timeout = 7.5 delay = 0 max-rate = 0 max-retries = 1 exit-on-error = False ## By disabling `scheme` variable, dirsearch will automatically identify the URI scheme # scheme = http # proxy = localhost:8080 # proxy-file = /path/to/proxies.txt # replay-proxy = localhost:8000 [advanced] crawl = False [view] full-url = False quiet-mode = False color = True show-redirects-history = False [output] ## Support: plain, simple, json, xml, md, csv, html, sqlite report-format = plain autosave-report = True # log-file = /path/to/dirsearch.log # report-output-folder = /path/to/reports ``` -------------------------------- ### Configure Root .env for Server and CORS Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Sets up the backend and frontend host/port configurations, and defines allowed origins for Cross-Origin Resource Sharing (CORS) in the root .env file. ```bash # Server Configuration BACKEND_HOST=localhost # Backend server host BACKEND_PORT=8002 # Backend server port FRONTEND_HOST=localhost # Frontend server host FRONTEND_PORT=3000 # Frontend server port # CORS Configuration - Add your frontend URLs here BACKEND_CORS_ORIGINS=["http://localhost:3000","http://localhost:3001","https://localhost:3000","http://localhost","https://localhost"] ``` -------------------------------- ### Configure Proxies for Dirsearch Scans Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Route scan traffic through HTTP or SOCKS proxies. You can specify a single proxy server by its address and port, or provide a file containing a list of proxy servers for rotation. ```python python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080 ``` ```python python3 dirsearch.py -e php,html,js -u https://target --proxy socks5://10.10.0.1:8080 ``` ```python python3 dirsearch.py -e php,html,js -u https://target --proxylist proxyservers.txt ``` -------------------------------- ### Configure Frontend .env for Vite Source: https://github.com/l0gs3c/scanpilot/blob/master/ENVIRONMENT.md Configures frontend-specific environment variables, including backend connection details and the development server port, using the Vite convention (VITE_ prefix). ```bash # Frontend Configuration VITE_BACKEND_HOST=localhost # Must match BACKEND_HOST in root .env VITE_BACKEND_PORT=8002 # Must match BACKEND_PORT in root .env # Development Configuration VITE_DEV_PORT=3000 # Frontend development server port ``` -------------------------------- ### Frontend TypeScript API Client for Target Management Source: https://context7.com/l0gs3c/scanpilot/llms.txt Provides a TypeScript client for interacting with the Target API. It allows for creating, fetching, updating, and retrieving child targets. Dependencies include the targetAPI service and its associated types. ```typescript import { targetAPI, Target, CreateTargetRequest, TargetFilters } from './services/targetAPI'; // Create a new target const createTarget = async () => { const newTarget: CreateTargetRequest = { name: "Production Server", domain: "prod.example.com", port: "443", description: "Main production server", isWildcard: false }; try { const target: Target = await targetAPI.createTarget(newTarget); console.log("Created target:", target.id); } catch (error) { console.error("Failed to create target:", error); } }; // Fetch targets with filters const fetchTargets = async () => { const filters: TargetFilters = { skip: 0, limit: 50, status: "idle", search: "example", order_by: "created_at", order_desc: true }; const response = await targetAPI.getTargets(filters); console.log(`Found ${response.total} targets`); response.targets.forEach(t => console.log(t.name, t.domain)); }; // Update target status const updateStatus = async (targetId: number) => { await targetAPI.updateTargetStatus(targetId, "scanning"); }; // Get wildcard target children const getChildren = async (wildcardId: number) => { const children = await targetAPI.getTargetChildren(wildcardId); console.log(`Wildcard has ${children.total} child targets`); }; ``` -------------------------------- ### Wildcards API Source: https://context7.com/l0gs3c/scanpilot/llms.txt Endpoints for managing wildcard domain patterns. ```APIDOC ## GET /api/v1/wildcards/ ### Description Retrieves a list of all configured wildcard domain patterns. ### Method GET ### Endpoint /api/v1/wildcards/ ### Response #### Success Response (200) - Returns a list of wildcard objects. #### Response Example ```json [ { "id": "1", "name": "Example Wildcard", "pattern": "*.example.com", "description": "All subdomains of example.com" } ] ``` ## POST /api/v1/wildcards/ ### Description Creates a new wildcard domain pattern. ### Method POST ### Endpoint /api/v1/wildcards/ ### Parameters #### Request Body - **name** (string) - Required - The name of the wildcard pattern. - **pattern** (string) - Required - The wildcard pattern (e.g., "*.example.com"). - **description** (string) - Optional - A description for the wildcard. ### Request Example ```json { "name": "Corp Wildcard", "pattern": "*.corp.example.com", "description": "Corporate subdomains" } ``` ## GET /api/v1/wildcards/{wildcard_id} ### Description Retrieves details of a specific wildcard domain pattern. ### Method GET ### Endpoint /api/v1/wildcards/{wildcard_id} ### Parameters #### Path Parameters - **wildcard_id** (string) - Required - The ID of the wildcard pattern to retrieve. ## PUT /api/v1/wildcards/{wildcard_id} ### Description Updates an existing wildcard domain pattern. ### Method PUT ### Endpoint /api/v1/wildcards/{wildcard_id} ### Parameters #### Path Parameters - **wildcard_id** (string) - Required - The ID of the wildcard pattern to update. #### Request Body - **name** (string) - Optional - The new name for the wildcard. - **pattern** (string) - Optional - The new wildcard pattern. - **description** (string) - Optional - The new description. ### Request Example ```json { "name": "Updated Wildcard", "pattern": "*.updated.example.com" } ``` ## DELETE /api/v1/wildcards/{wildcard_id} ### Description Deletes a wildcard domain pattern. ### Method DELETE ### Endpoint /api/v1/wildcards/{wildcard_id} ### Parameters #### Path Parameters - **wildcard_id** (string) - Required - The ID of the wildcard pattern to delete. ``` -------------------------------- ### WebSocket Real-Time Scan Updates Source: https://context7.com/l0gs3c/scanpilot/llms.txt Provides real-time scan progress updates and live output streaming via WebSocket. ```APIDOC ## WebSocket /ws/scans/{scan_id} ### Description Establishes a WebSocket connection to receive real-time updates for a specific scan. ### Method WebSocket ### Endpoint /ws/scans/{scan_id} ### Parameters #### Path Parameters - **scan_id** (string) - Required - The ID of the scan to subscribe to updates for. ### Request Example (Client-side JavaScript) ```javascript const scanId = "abc123"; const ws = new WebSocket(`ws://localhost:8000/ws/scans/${scanId}`); ws.onopen = () => { console.log("Connected to scan updates"); ws.send(JSON.stringify({ type: "subscribe", scan_id: scanId })); }; ws.onmessage = (event) => { const data = JSON.parse(event.data); // Handle scan updates console.log("Scan update:", data); // data format example: { type: "progress", progress: 45, output: "Scanning..." } }; ws.onclose = () => { console.log("Disconnected from scan updates"); }; ws.onerror = (error) => { console.error("WebSocket error:", error); }; ``` ### Response #### Server Messages - **type** (string) - The type of update (e.g., "progress", "output", "completed"). - **progress** (integer) - The current scan progress percentage (if type is "progress"). - **output** (string) - Live scan output (if type is "output"). - **scan_id** (string) - The ID of the scan the update pertains to. - **message** (string) - Additional information or status messages. ``` -------------------------------- ### List Scan Templates using cURL Source: https://context7.com/l0gs3c/scanpilot/llms.txt Retrieves a list of all available scan templates. Supports filtering by tool and pagination parameters like skip and limit. ```bash curl -X GET "http://localhost:8000/api/v1/templates/?tool=dirsearch&skip=0&limit=100" \ -H "Authorization: Bearer $TOKEN" ``` -------------------------------- ### Import Raw HTTP Request for Dirsearch Scan Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Scan using a raw HTTP request saved in a file. This allows for precise control over the request headers and method. The '--scheme' flag is required to specify the protocol (HTTP/HTTPS) if not automatically detected. ```http GET /admin HTTP/1.1 Host: admin.example.com Cache-Control: max-age=0 Accept: */* ``` -------------------------------- ### JWT Token Utilities for Authentication Source: https://context7.com/l0gs3c/scanpilot/llms.txt Utility functions for generating and verifying JSON Web Tokens (JWT). This includes creating tokens with custom expiration times and extracting user information from valid tokens. ```python from app.utils.jwt_utils import create_access_token, verify_token from datetime import timedelta # Create access token with custom expiration token = create_access_token( data={ "sub": "username", "user_id": 1, "is_admin": True }, expires_delta=timedelta(hours=8) ) # Verify token and extract payload payload = verify_token(token) if payload: username = payload.get("sub") user_id = payload.get("user_id") is_admin = payload.get("is_admin") else: # Token invalid or expired raise Exception("Invalid token") ``` -------------------------------- ### Scan Templates API Source: https://context7.com/l0gs3c/scanpilot/llms.txt Endpoints for managing reusable scan configurations (templates). ```APIDOC ## POST /api/v1/templates/ ### Description Creates a new scan template. ### Method POST ### Endpoint /api/v1/templates/ ### Parameters #### Request Body - **name** (string) - Required - The name of the template. - **tool** (string) - Required - The scanning tool this template is for. - **command_template** (string) - Required - The command template string, using placeholders like {target}. - **description** (string) - Optional - A description for the template. ### Request Example ```json { "name": "Aggressive Dirsearch", "tool": "dirsearch", "command_template": "-u {target} -e php,html,js -t 50 --deep-recursive", "description": "Deep recursive directory scanning" } ``` ### Response #### Success Response (200) - **id** (integer) - The ID of the newly created template. - **name** (string) - The name of the template. - **tool** (string) - The scanning tool. - **command_template** (string) - The command template. - **description** (string) - The template description. - **created_at** (string) - Timestamp of creation. - **updated_at** (string/null) - Timestamp of last update. #### Response Example ```json { "id": 1, "name": "Aggressive Dirsearch", "tool": "dirsearch", "command_template": "-u {target} -e php,html,js -t 50 --deep-recursive", "description": "Deep recursive directory scanning", "created_at": "2024-01-15T10:00:00Z", "updated_at": null } ``` ## GET /api/v1/templates/ ### Description Retrieves a list of all scan templates. Can be filtered by tool. ### Method GET ### Endpoint /api/v1/templates/ ### Parameters #### Query Parameters - **tool** (string) - Optional - Filter templates by scanning tool. - **skip** (integer) - Optional - Number of templates to skip. - **limit** (integer) - Optional - Maximum number of templates to return. ### Response #### Success Response (200) - Returns a list of template objects. ## GET /api/v1/templates/{template_id} ### Description Retrieves details of a specific scan template. ### Method GET ### Endpoint /api/v1/templates/{template_id} ### Parameters #### Path Parameters - **template_id** (integer) - Required - The ID of the template to retrieve. ## PUT /api/v1/templates/{template_id} ### Description Updates an existing scan template. ### Method PUT ### Endpoint /api/v1/templates/{template_id} ### Parameters #### Path Parameters - **template_id** (integer) - Required - The ID of the template to update. #### Request Body - **name** (string) - Optional - The new name for the template. - **command_template** (string) - Optional - The new command template string. - **description** (string) - Optional - The new description for the template. ### Request Example ```json { "name": "Updated Dirsearch Template", "command_template": "-u {target} -e php,html,js,asp -t 100" } ``` ## DELETE /api/v1/templates/{template_id} ### Description Deletes a scan template. ### Method DELETE ### Endpoint /api/v1/templates/{template_id} ### Parameters #### Path Parameters - **template_id** (integer) - Required - The ID of the template to delete. ``` -------------------------------- ### Generate Dirsearch Scan Reports Source: https://github.com/l0gs3c/scanpilot/blob/master/tools/dirsearch-0.4.3/README.md Save scan results in various formats including plain text, JSON, XML, CSV, HTML, and SQLite. The '-o' flag specifies the output file, and '--format' determines the output structure. ```python python3 dirsearch.py -e php -l URLs.txt --format plain -o report.txt ``` ```python python3 dirsearch.py -e php -u https://target --format html -o target.json ``` -------------------------------- ### Manage Security Scans - Bash Source: https://context7.com/l0gs3c/scanpilot/llms.txt Illustrates basic scan management operations using cURL against the ScanPilot API. This snippet shows how to retrieve a list of all scans. It requires authentication via a JWT token passed in the Authorization header. ```bash # Get all scans curl -X GET http://localhost:8000/api/v1/scans/ \ -H "Authorization: Bearer $TOKEN" # Response: # [ # { # "id": "1", # "target": "example.com", # "tool": "dirsearch", ``` -------------------------------- ### Docker Compose Environment Variables Configuration Source: https://context7.com/l0gs3c/scanpilot/llms.txt Defines environment variables for the backend service within the Docker Compose configuration. This includes database connection strings, Redis URL, secret keys, and root user credentials. ```yaml services: backend: environment: - DATABASE_URL=postgresql://user:pass@postgres:5432/scanpilot - REDIS_URL=redis://redis:6379/0 - SECRET_KEY=your-production-secret-key - CREDENTIAL_ROOT_USER=admin - CREDENTIAL_ROOT_PASSWORD=secure-admin-password ``` -------------------------------- ### Scan Management API Source: https://context7.com/l0gs3c/scanpilot/llms.txt Endpoints for initiating, monitoring, and managing security scans. ```APIDOC ## POST /api/v1/scans/ ### Description Starts a new security scan with specified parameters. ### Method POST ### Endpoint /api/v1/scans/ ### Parameters #### Request Body - **target_id** (integer) - Required - The ID of the target to scan. - **tool** (string) - Required - The scanning tool to use (e.g., "dirsearch", "nuclei"). - **template_id** (integer) - Required - The ID of the scan template to use. ### Request Example ```json { "target_id": 1, "tool": "dirsearch", "template_id": 1 } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message. - **scan_id** (string) - The unique ID of the initiated scan. #### Response Example ```json { "message": "Scan started successfully", "scan_id": "abc123" } ``` ## GET /api/v1/scans/{scan_id} ### Description Retrieves the status and progress of a specific scan. ### Method GET ### Endpoint /api/v1/scans/{scan_id} ### Parameters #### Path Parameters - **scan_id** (string) - Required - The ID of the scan to retrieve status for. ### Response #### Success Response (200) - **status** (string) - The current status of the scan (e.g., "running", "completed", "paused"). - **progress** (integer) - The completion percentage of the scan. - **started_at** (string) - Timestamp when the scan started. #### Response Example ```json { "status": "completed", "progress": 100, "started_at": "2024-01-01T00:00:00Z" } ``` ## POST /api/v1/scans/{scan_id}/pause ### Description Pauses a currently running scan. ### Method POST ### Endpoint /api/v1/scans/{scan_id}/pause ### Parameters #### Path Parameters - **scan_id** (string) - Required - The ID of the scan to pause. ## POST /api/v1/scans/{scan_id}/resume ### Description Resumes a paused scan. ### Method POST ### Endpoint /api/v1/scans/{scan_id}/resume ### Parameters #### Path Parameters - **scan_id** (string) - Required - The ID of the scan to resume. ## POST /api/v1/scans/{scan_id}/stop ### Description Stops a running or paused scan. ### Method POST ### Endpoint /api/v1/scans/{scan_id}/stop ### Parameters #### Path Parameters - **scan_id** (string) - Required - The ID of the scan to stop. ## GET /api/v1/scans/{scan_id}/results ### Description Downloads the results of a completed scan. ### Method GET ### Endpoint /api/v1/scans/{scan_id}/results ### Parameters #### Path Parameters - **scan_id** (string) - Required - The ID of the scan whose results are to be downloaded. ### Response #### Success Response (200) - **results** (array) - A list of scan results. - **download_url** (string) - The URL to download the full scan results file. #### Response Example ```json { "results": [...], "download_url": "/storage/scan_results/abc123.txt" } ``` ``` -------------------------------- ### JavaScript WebSocket Client for Real-Time Scan Updates Source: https://context7.com/l0gs3c/scanpilot/llms.txt Connects to the WebSocket server to receive real-time updates on scan progress and output. Handles connection, message reception, and errors. ```javascript const scanId = "abc123"; const ws = new WebSocket(`ws://localhost:8000/ws/scans/${scanId}`); ws.onopen = () => { console.log("Connected to scan updates"); ws.send(JSON.stringify({ type: "subscribe", scan_id: scanId })); }; ws.onmessage = (event) => { const data = JSON.parse(event.data); // Handle scan updates console.log("Scan update:", data); // data format: { type: "progress", progress: 45, output: "Scanning..." } }; ws.onclose = () => { console.log("Disconnected from scan updates"); }; ws.onerror = (error) => { console.error("WebSocket error:", error); }; ```