Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: framework detection module #40

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

feat: framework detection module #40

wants to merge 3 commits into from

Conversation

vmfunc
Copy link
Member

@vmfunc vmfunc commented Nov 22, 2024
edited
Loading

Framework Detection Core:

  • Create pkg/scan/frameworks package
  • Implement basic framework detection logic
  • Add signature-based framework identification
  • Implement version detection patterns
  • Add confidence scoring system
  • Implement header analysis
  • Add logging integration

Framework Signatures:

  • Laravel signatures
  • Django signatures
  • Ruby on Rails signatures
  • Express.js signatures
  • ASP.NET signatures
  • Spring signatures
  • Flask signatures
  • Add more framework patterns

Version Detection:

  • Implement regex-based version extraction
  • Add framework-specific version patterns
  • Handle unknown versions gracefully
  • Add version confidence scoring

CVE Integration:

  • Design CVE data structure
  • Add basic CVE mapping functionality
  • Implement version-specific vulnerability checks
  • Add security recommendations system
  • Plan for CVE database integration

Configuration & Integration:

  • Add framework detection flag to config
  • Integrate with main scan workflow
  • Add to ModuleResults structure
  • Update help documentation
  • Add logging directory support

Documentation:

  • Update README
  • Document framework detection patterns
  • Add configuration documentation
  • Document CVE mapping system to ryu
  • Add API fields (https://github.com/lunchcat/ryu)

Performance:

  • Optimize signature matching
  • Add concurrent scanning support
  • Implement efficient version detection

Enhancements:

  • Plan for custom signature support
  • Design framework for community contributions
  • Consider API integration for CVE data
  • Plan for automated signature updates

@vmfunc vmfunc added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Nov 22, 2024
@vmfunc vmfunc self-assigned this Nov 22, 2024
@vmfunc vmfunc removed the good first issue Good for newcomers label Nov 22, 2024
@vmfunc
feat(framework-detection): weighted bayesian detection algorithm
13c7ce1 
- weighted signature matching for more accurate framework detection
- sigmoid normalization for confidence scores
- version detection with semantic versioning support
- header-only pattern
@vmfunc
chore(actions): add framework to CI
ebc9b99
@vmfunc
Copy link
Member Author

vmfunc commented Nov 22, 2024

why is the YML action giving me brain damage. wontfix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tessa-u-k tessa-u-k Awaiting requested review from tessa-u-k

@xyzeva xyzeva Awaiting requested review from xyzeva

@vmexec vmexec Awaiting requested review from vmexec

Assignees

@vmfunc vmfunc

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vmfunc