From 42e2fb6ef2dab76ea1b8268e80dbfd3c881c5d62 Mon Sep 17 00:00:00 2001
From: administrator <admin@sechpoint.com>
Date: Thu, 14 May 2026 11:46:10 +0000
Subject: [PATCH] feat: port 8000 + GITEX 2026 Nairobi hub page, improved scan
 messaging
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Change server port from 8080 to 8000
- Redesign index.html as GITEX 2026 Nairobi hub (app launcher)
- Add /aasd route serving AASD-specific landing page
- Add '← GITEX 2026 Hub' links to simulation, admin, and AASD pages
- Show 'Could Not Scan Target' message when GoTestWAF fails
- Increase GoTestWAF timeout from 120s to 300s
- Update install.sh, docs, and gitignore for bin/ as local-only
---
 .gitignore                        |   5 +
 aasd/bin/.gitkeep                 |   0
 aasd/docs/STATE_OF_DEVELOPMENT.md |   2 +-
 aasd/install.sh                   |   2 +-
 aasd/src/cmd/aasd/main.go         |   6 +-
 aasd/src/static/aasd.html         | 160 ++++++++++++++++++++++++++++++
 aasd/src/static/index.html        | 160 ++++++++----------------------
 aasd/src/static/simulation.html   |   7 +-
 aasd/src/templates/admin.html     |   3 +
 9 files changed, 220 insertions(+), 125 deletions(-)
 create mode 100644 aasd/bin/.gitkeep
 create mode 100644 aasd/src/static/aasd.html

diff --git a/.gitignore b/.gitignore
index 5a15080..785d44e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ Thumbs.db
 .idea/
 *.swp
 *.swo
+*.bak
 
 # Config — never commit real credentials
 **/config.yaml
@@ -17,3 +18,7 @@ Thumbs.db
 # Runtime directories (deployment-only)
 reports/
 logs/
+
+# Pre-built binaries (build from source or use releases)
+aasd/bin/*
+!aasd/bin/.gitkeep
diff --git a/aasd/bin/.gitkeep b/aasd/bin/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/aasd/docs/STATE_OF_DEVELOPMENT.md b/aasd/docs/STATE_OF_DEVELOPMENT.md
index 29676c0..16ed5dd 100644
--- a/aasd/docs/STATE_OF_DEVELOPMENT.md
+++ b/aasd/docs/STATE_OF_DEVELOPMENT.md
@@ -36,7 +36,7 @@ Visitor sees report with QR code; consultant accesses full GoTestWAF output
 | **Report Serving** | ✅ Complete | visitor_{token}.html + consultant_{token}.html |
 | **QR Code** | ✅ Complete | Booth scanning workflow |
 | **Graceful Shutdown** | ✅ Complete | SIGINT/SIGTERM handling |
-| **Booth Network** | ✅ Complete | Binds to 0.0.0.0:8080 |
+| **Booth Network** | ✅ Complete | Binds to 0.0.0.0:8000 |
 
 ## Technical Specifications
 
diff --git a/aasd/install.sh b/aasd/install.sh
index 3ad3017..e43d2de 100644
--- a/aasd/install.sh
+++ b/aasd/install.sh
@@ -247,7 +247,7 @@ echo -e "${GREEN}═════════════════════
 echo -e "${GREEN}  AASD installation complete${NC}"
 echo -e "${GREEN}══════════════════════════════════════════════${NC}"
 echo ""
-echo "  URL:        http://$(hostname -I 2>/dev/null | awk '{print $1}'):8080"
+echo "  URL:        http://$(hostname -I 2>/dev/null | awk '{print $1}'):8000"
 echo "  Binary:     $APP_HOME/aasd"
 echo "  Config:     $CONFIG_FILE"
 echo "  Service:    aasd.service"
diff --git a/aasd/src/cmd/aasd/main.go b/aasd/src/cmd/aasd/main.go
index 21fc333..739c4ba 100644
--- a/aasd/src/cmd/aasd/main.go
+++ b/aasd/src/cmd/aasd/main.go
@@ -92,7 +92,8 @@ func main() {
 
 	// Serve static files
 	router.Static("/static", "./static")
-	router.StaticFile("/", "./static/index.html")
+	router.StaticFile("/", "./static/index.html")     // GITEX 2026 hub
+	router.StaticFile("/aasd", "./static/aasd.html")  // AASD entry point
 	router.Static("/reports", "./reports")
 
 	// QR code generator endpoint
@@ -321,12 +322,13 @@ func main() {
 	signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
 
 	srv := &http.Server{
-		Addr:    "0.0.0.0:8080",
+		Addr:    "0.0.0.0:8000",
 		Handler: router,
 	}
 
 	go func() {
 		fmt.Printf("AASD server starting on %s\n", srv.Addr)
+		fmt.Printf("GITEX 2026 Nairobi — Hub: http://localhost:8000\n")
 		fmt.Printf("Version: 2026-04.1 | API Attack Surface Discovery\n")
 		if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
 			fmt.Printf("Server error: %v\n", err)
diff --git a/aasd/src/static/aasd.html b/aasd/src/static/aasd.html
new file mode 100644
index 0000000..293d03a
--- /dev/null
+++ b/aasd/src/static/aasd.html
@@ -0,0 +1,160 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+  <title>AASD — API Attack Surface Discovery</title>
+  <script src="https://cdn.tailwindcss.com/"></script>
+  <script>
+    tailwind.config = {
+      theme: {
+        extend: {
+          colors: {
+            aasd: {
+              dark: '#0f172a',
+              card: '#1e293b',
+              border: '#334155',
+              blue: '#3b82f6',
+              purple: '#8b5cf6',
+              text: '#f1f5f9',
+              muted: '#94a3b8',
+              dim: '#64748b',
+            }
+          }
+        }
+      }
+    }
+  </script>
+  <style>
+    * { -webkit-tap-highlight-color: transparent; }
+    body { overscroll-behavior: none; }
+    .btn-primary { background: linear-gradient(90deg, #3b82f6, #8b5cf6); }
+    .btn-primary:active { transform: scale(0.97); }
+    input:-webkit-autofill { -webkit-box-shadow: 0 0 0 30px #0f172a inset !important; -webkit-text-fill-color: #f1f5f9 !important; }
+  </style>
+</head>
+<body class="bg-slate-900 text-slate-100 min-h-screen flex flex-col items-center justify-center px-4 py-6">
+  <div class="w-full max-w-sm mx-auto text-center">
+
+    <!-- Hub Link -->
+    <div class="mb-2 text-left">
+      <a href="/" class="text-xs text-slate-500 hover:text-blue-400 transition-colors">&larr; GITEX 2026 Hub</a>
+    </div>
+
+    <!-- Logo -->
+    <div class="mb-4">
+      <h1 class="text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent tracking-tight">
+        AASD
+      </h1>
+      <p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery</p>
+    </div>
+
+    <!-- Main Card -->
+    <div class="bg-slate-800 rounded-2xl p-6 shadow-2xl border border-slate-700">
+      <h2 class="text-xl font-bold text-slate-100 mb-2">Discover Your Attack Surface</h2>
+      <p class="text-sm text-slate-400 mb-6 leading-relaxed">
+        Enter your domain. We'll discover subdomains, test your WAF, and generate a resilience report.
+      </p>
+
+      <div id="error" class="hidden mb-4 p-3 bg-red-900/50 border border-red-700 rounded-xl text-sm text-red-300"></div>
+
+      <form id="domainForm" action="/start" method="POST">
+        <div class="mb-4 text-left">
+          <label for="domain" class="block text-sm font-semibold text-slate-300 mb-1.5">Your Domain</label>
+          <input type="text" id="domain" name="domain" placeholder="example.com" required autofocus
+            class="w-full px-4 py-3.5 bg-slate-900 border-2 border-slate-600 rounded-xl text-slate-100 text-base focus:outline-none focus:border-blue-500 focus:ring-1 focus:ring-blue-500/50 placeholder-slate-500 transition-all">
+        </div>
+
+        <button type="submit" id="submitBtn"
+          class="btn-primary w-full text-white font-bold py-4 px-6 rounded-xl text-lg shadow-lg hover:shadow-blue-500/25 active:scale-[0.97] transition-all">
+          Start Attack Surface Discovery
+        </button>
+      </form>
+    </div>
+
+    <!-- Scan Steps Preview -->
+    <div class="mt-6 bg-slate-800/50 rounded-xl p-4 border border-slate-700/50">
+      <p class="text-xs font-semibold text-slate-500 uppercase tracking-wider mb-3">What happens next</p>
+      <div class="space-y-2 text-left">
+        <div class="flex items-center gap-2 text-sm">
+          <span class="w-5 h-5 rounded-full bg-blue-500/20 text-blue-400 text-xs flex items-center justify-center shrink-0">1</span>
+          <span class="text-slate-400">Domain discovery scans your org</span>
+        </div>
+        <div class="flex items-center gap-2 text-sm">
+          <span class="w-5 h-5 rounded-full bg-purple-500/20 text-purple-400 text-xs flex items-center justify-center shrink-0">2</span>
+          <span class="text-slate-400">GoTestWAF probes your WAF defense</span>
+        </div>
+        <div class="flex items-center gap-2 text-sm">
+          <span class="w-5 h-5 rounded-full bg-green-500/20 text-green-400 text-xs flex items-center justify-center shrink-0">3</span>
+          <span class="text-slate-400">AI generates your resilience report</span>
+        </div>
+      </div>
+    </div>
+
+    <!-- CTA -->
+    <div class="mt-6 p-3 bg-slate-800/30 rounded-xl border border-blue-500/20">
+      <p class="text-xs text-slate-500">
+        GITEX 2026 Booth Demo — <span class="text-blue-400">Bring your code to BU 4</span>
+      </p>
+    </div>
+  </div>
+
+  <script>
+    const form = document.getElementById('domainForm');
+    const errorDiv = document.getElementById('error');
+    const submitBtn = document.getElementById('submitBtn');
+
+    form.addEventListener('submit', async (e) => {
+      e.preventDefault();
+      const domain = document.getElementById('domain').value.trim().toLowerCase();
+
+      if (!domain.includes('.')) {
+        showError('Please enter a valid domain (e.g. example.com).');
+        return;
+      }
+      if (domain.includes('/') || domain.includes('\\')) {
+        showError('Domain cannot contain slashes.');
+        return;
+      }
+      if (domain.length > 255) {
+        showError('Domain is too long.');
+        return;
+      }
+
+      submitBtn.disabled = true;
+      submitBtn.textContent = 'Starting Discovery...';
+      submitBtn.classList.add('opacity-75');
+
+      const formData = new FormData(form);
+      try {
+        const response = await fetch('/start', { method: 'POST', body: formData });
+        if (response.redirected) {
+          window.location.href = response.url;
+        } else if (!response.ok) {
+          const data = await response.json();
+          showError(data.error || 'Something went wrong.');
+          resetButton();
+        } else {
+          // Shouldn't get here, but handle gracefully
+          window.location.href = '/analysing?domain=' + encodeURIComponent(domain);
+        }
+      } catch (err) {
+        showError('Network error. Please check your connection.');
+        resetButton();
+      }
+    });
+
+    function showError(msg) {
+      errorDiv.textContent = msg;
+      errorDiv.classList.remove('hidden');
+      setTimeout(() => errorDiv.classList.add('hidden'), 5000);
+    }
+
+    function resetButton() {
+      submitBtn.disabled = false;
+      submitBtn.textContent = 'Start Attack Surface Discovery';
+      submitBtn.classList.remove('opacity-75');
+    }
+  </script>
+</body>
+</html>
diff --git a/aasd/src/static/index.html b/aasd/src/static/index.html
index 417fd42..172a91c 100644
--- a/aasd/src/static/index.html
+++ b/aasd/src/static/index.html
@@ -3,23 +3,14 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
-  <title>AASD — API Attack Surface Discovery</title>
+  <title>GITEX 2026 Nairobi — Demo Hub</title>
   <script src="https://cdn.tailwindcss.com/"></script>
   <script>
     tailwind.config = {
       theme: {
         extend: {
           colors: {
-            aasd: {
-              dark: '#0f172a',
-              card: '#1e293b',
-              border: '#334155',
-              blue: '#3b82f6',
-              purple: '#8b5cf6',
-              text: '#f1f5f9',
-              muted: '#94a3b8',
-              dim: '#64748b',
-            }
+            hub: { dark: '#0f172a', card: '#1e293b', border: '#334155', blue: '#3b82f6', purple: '#8b5cf6', text: '#f1f5f9', muted: '#94a3b8', dim: '#64748b' }
           }
         }
       }
@@ -28,128 +19,57 @@
   <style>
     * { -webkit-tap-highlight-color: transparent; }
     body { overscroll-behavior: none; }
+    .app-card { transition: all 0.2s ease; }
+    .app-card:active { transform: scale(0.98); }
     .btn-primary { background: linear-gradient(90deg, #3b82f6, #8b5cf6); }
-    .btn-primary:active { transform: scale(0.97); }
-    input:-webkit-autofill { -webkit-box-shadow: 0 0 0 30px #0f172a inset !important; -webkit-text-fill-color: #f1f5f9 !important; }
   </style>
 </head>
-<body class="bg-slate-900 text-slate-100 min-h-screen flex flex-col items-center justify-center px-4 py-6">
-  <div class="w-full max-w-sm mx-auto text-center">
+<body class="bg-slate-900 text-slate-100 min-h-screen flex flex-col items-center justify-center px-4 py-8">
+  <div class="w-full max-w-md mx-auto text-center">
 
-    <!-- Logo -->
-    <div class="mb-6">
-      <h1 class="text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent tracking-tight">
-        AASD
+    <!-- Header -->
+    <div class="mb-8">
+      <div class="text-4xl mb-2">🌍</div>
+      <h1 class="text-3xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">
+        GITEX 2026
       </h1>
-      <p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery</p>
+      <p class="text-lg font-semibold text-slate-300 mt-1">Nairobi</p>
+      <p class="text-sm text-slate-500 mt-1">Sechpoint Aftica — Demo Hub</p>
     </div>
 
-    <!-- Main Card -->
-    <div class="bg-slate-800 rounded-2xl p-6 shadow-2xl border border-slate-700">
-      <h2 class="text-xl font-bold text-slate-100 mb-2">Discover Your Attack Surface</h2>
-      <p class="text-sm text-slate-400 mb-6 leading-relaxed">
-        Enter your domain. We'll discover subdomains, test your WAF, and generate a resilience report.
-      </p>
+    <!-- App Cards -->
+    <div class="space-y-4">
 
-      <div id="error" class="hidden mb-4 p-3 bg-red-900/50 border border-red-700 rounded-xl text-sm text-red-300"></div>
+      <!-- AASD -->
+      <a href="/aasd" class="app-card block bg-slate-800 rounded-2xl p-5 border border-slate-700 hover:border-blue-500/50 text-left">
+        <div class="flex items-start gap-4">
+          <div class="w-12 h-12 rounded-xl bg-gradient-to-br from-blue-500 to-purple-600 flex items-center justify-center shrink-0 text-white font-bold text-lg">
+            A
+          </div>
+          <div class="flex-1 min-w-0">
+            <h2 class="text-lg font-bold text-slate-100">API Attack Surface Discovery</h2>
+            <p class="text-sm text-slate-400 mt-0.5">Discover subdomains, test WAF defenses, and generate AI resilience reports.</p>
+            <div class="mt-2 flex items-center gap-2 text-xs">
+              <span class="inline-block px-2 py-0.5 rounded-full bg-blue-500/20 text-blue-400 border border-blue-500/30">Live Demo</span>
+              <span class="text-slate-500">Enter a domain to start</span>
+            </div>
+          </div>
+          <div class="text-slate-500 text-lg shrink-0">&rarr;</div>
+        </div>
+      </a>
 
-      <form id="domainForm" action="/start" method="POST">
-        <div class="mb-4 text-left">
-          <label for="domain" class="block text-sm font-semibold text-slate-300 mb-1.5">Your Domain</label>
-          <input type="text" id="domain" name="domain" placeholder="example.com" required autofocus
-            class="w-full px-4 py-3.5 bg-slate-900 border-2 border-slate-600 rounded-xl text-slate-100 text-base focus:outline-none focus:border-blue-500 focus:ring-1 focus:ring-blue-500/50 placeholder-slate-500 transition-all">
-        </div>
-
-        <button type="submit" id="submitBtn"
-          class="btn-primary w-full text-white font-bold py-4 px-6 rounded-xl text-lg shadow-lg hover:shadow-blue-500/25 active:scale-[0.97] transition-all">
-          Start Attack Surface Discovery
-        </button>
-      </form>
-    </div>
-
-    <!-- Scan Steps Preview -->
-    <div class="mt-6 bg-slate-800/50 rounded-xl p-4 border border-slate-700/50">
-      <p class="text-xs font-semibold text-slate-500 uppercase tracking-wider mb-3">What happens next</p>
-      <div class="space-y-2 text-left">
-        <div class="flex items-center gap-2 text-sm">
-          <span class="w-5 h-5 rounded-full bg-blue-500/20 text-blue-400 text-xs flex items-center justify-center shrink-0">1</span>
-          <span class="text-slate-400">Domain discovery scans your org</span>
-        </div>
-        <div class="flex items-center gap-2 text-sm">
-          <span class="w-5 h-5 rounded-full bg-purple-500/20 text-purple-400 text-xs flex items-center justify-center shrink-0">2</span>
-          <span class="text-slate-400">GoTestWAF probes your WAF defense</span>
-        </div>
-        <div class="flex items-center gap-2 text-sm">
-          <span class="w-5 h-5 rounded-full bg-green-500/20 text-green-400 text-xs flex items-center justify-center shrink-0">3</span>
-          <span class="text-slate-400">AI generates your resilience report</span>
-        </div>
+      <!-- Placeholder for future apps -->
+      <div class="app-card block bg-slate-800/50 rounded-2xl p-5 border border-dashed border-slate-700/50 text-center opacity-50">
+        <p class="text-sm text-slate-500">More demos coming soon</p>
       </div>
+
     </div>
 
-    <!-- CTA -->
-    <div class="mt-6 p-3 bg-slate-800/30 rounded-xl border border-blue-500/20">
-      <p class="text-xs text-slate-500">
-        GITEX 2026 Booth Demo — <span class="text-blue-400">Bring your code to BU 4</span>
-      </p>
+    <!-- Footer -->
+    <div class="mt-8 text-center text-xs text-slate-600">
+      <p>GITEX 2026 Nairobi — sechpoint.app</p>
     </div>
+
   </div>
-
-  <script>
-    const form = document.getElementById('domainForm');
-    const errorDiv = document.getElementById('error');
-    const submitBtn = document.getElementById('submitBtn');
-
-    form.addEventListener('submit', async (e) => {
-      e.preventDefault();
-      const domain = document.getElementById('domain').value.trim().toLowerCase();
-
-      if (!domain.includes('.')) {
-        showError('Please enter a valid domain (e.g. example.com).');
-        return;
-      }
-      if (domain.includes('/') || domain.includes('\\')) {
-        showError('Domain cannot contain slashes.');
-        return;
-      }
-      if (domain.length > 255) {
-        showError('Domain is too long.');
-        return;
-      }
-
-      submitBtn.disabled = true;
-      submitBtn.textContent = 'Starting Discovery...';
-      submitBtn.classList.add('opacity-75');
-
-      const formData = new FormData(form);
-      try {
-        const response = await fetch('/start', { method: 'POST', body: formData });
-        if (response.redirected) {
-          window.location.href = response.url;
-        } else if (!response.ok) {
-          const data = await response.json();
-          showError(data.error || 'Something went wrong.');
-          resetButton();
-        } else {
-          // Shouldn't get here, but handle gracefully
-          window.location.href = '/analysing?domain=' + encodeURIComponent(domain);
-        }
-      } catch (err) {
-        showError('Network error. Please check your connection.');
-        resetButton();
-      }
-    });
-
-    function showError(msg) {
-      errorDiv.textContent = msg;
-      errorDiv.classList.remove('hidden');
-      setTimeout(() => errorDiv.classList.add('hidden'), 5000);
-    }
-
-    function resetButton() {
-      submitBtn.disabled = false;
-      submitBtn.textContent = 'Start Attack Surface Discovery';
-      submitBtn.classList.remove('opacity-75');
-    }
-  </script>
 </body>
 </html>
diff --git a/aasd/src/static/simulation.html b/aasd/src/static/simulation.html
index a720ef5..ce65f8b 100644
--- a/aasd/src/static/simulation.html
+++ b/aasd/src/static/simulation.html
@@ -29,8 +29,13 @@
 <body class="bg-slate-900 text-slate-100 min-h-screen">
   <div class="container mx-auto px-4 py-6 max-w-lg">
 
+    <!-- Hub Link -->
+    <div class="mb-2">
+      <a href="/" class="text-xs text-slate-500 hover:text-blue-400 transition-colors">&larr; GITEX 2026 Hub</a>
+    </div>
+
     <!-- Header -->
-    <div class="text-center mb-6">
+    <div class="text-center mb-4">
       <h1 class="text-2xl font-bold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">AASD</h1>
       <p class="text-sm text-slate-400">API Attack Surface Discovery</p>
       <div class="mt-3 inline-block bg-slate-800 border-2 border-slate-600 rounded-full px-4 py-1.5 text-sm text-blue-400 font-mono" id="domainBadge">domain.com</div>
diff --git a/aasd/src/templates/admin.html b/aasd/src/templates/admin.html
index f852628..81cde50 100644
--- a/aasd/src/templates/admin.html
+++ b/aasd/src/templates/admin.html
@@ -12,6 +12,9 @@
 </head>
 <body class="bg-slate-900 text-slate-100 p-4 md:p-8">
   <div class="max-w-6xl mx-auto">
+    <div class="mb-2">
+      <a href="/" class="text-xs text-slate-500 hover:text-blue-400 transition-colors">&larr; GITEX 2026 Hub</a>
+    </div>
     <header class="text-center mb-8">
       <h1 class="text-3xl md:text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">AASD Dashboard</h1>
       <p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery — Consultant View</p>