customer-engineering/gitex2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: port 8000 + GITEX 2026 Nairobi hub page, improved scan messaging

Browse source 
- Change server port from 8080 to 8000
- Redesign index.html as GITEX 2026 Nairobi hub (app launcher)
- Add /aasd route serving AASD-specific landing page
- Add '← GITEX 2026 Hub' links to simulation, admin, and AASD pages
- Show 'Could Not Scan Target' message when GoTestWAF fails
- Increase GoTestWAF timeout from 120s to 300s
- Update install.sh, docs, and gitignore for bin/ as local-only
This commit is contained in:
administrator 2026-05-14 11:46:10 +00:00
parent 692714402a
commit 42e2fb6ef2
9 changed files with 220 additions and 125 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitignore vendored
View file

@ -10,6 +10,7 @@ Thumbs.db
.idea/ .idea/
*.swp *.swp
*.swo *.swo
*.bak
# Config — never commit real credentials # Config — never commit real credentials
**/config.yaml **/config.yaml
@ -17,3 +18,7 @@ Thumbs.db
# Runtime directories (deployment-only) # Runtime directories (deployment-only)
reports/ reports/
logs/ logs/
# Pre-built binaries (build from source or use releases)
aasd/bin/*
!aasd/bin/.gitkeep

0
aasd/bin/.gitkeep Normal file
View file

2
aasd/docs/STATE_OF_DEVELOPMENT.md
View file

@ -36,7 +36,7 @@ Visitor sees report with QR code; consultant accesses full GoTestWAF output
| **Report Serving** | ✅ Complete | visitor_{token}.html + consultant_{token}.html | | **Report Serving** | ✅ Complete | visitor_{token}.html + consultant_{token}.html |
| **QR Code** | ✅ Complete | Booth scanning workflow | | **QR Code** | ✅ Complete | Booth scanning workflow |
| **Graceful Shutdown** | ✅ Complete | SIGINT/SIGTERM handling | | **Graceful Shutdown** | ✅ Complete | SIGINT/SIGTERM handling |
| **Booth Network** | ✅ Complete | Binds to 0.0.0.0:8080 | | **Booth Network** | ✅ Complete | Binds to 0.0.0.0:8000 |
## Technical Specifications ## Technical Specifications

2
aasd/install.sh
View file

@ -247,7 +247,7 @@ echo -e "${GREEN}═════════════════════
echo -e "${GREEN} AASD installation complete${NC}" echo -e "${GREEN} AASD installation complete${NC}"
echo -e "${GREEN}══════════════════════════════════════════════${NC}" echo -e "${GREEN}══════════════════════════════════════════════${NC}"
echo "" echo ""
echo " URL: http://$(hostname -I 2>/dev/null | awk '{print $1}'):8080" echo " URL: http://$(hostname -I 2>/dev/null | awk '{print $1}'):8000"
echo " Binary: $APP_HOME/aasd" echo " Binary: $APP_HOME/aasd"
echo " Config: $CONFIG_FILE" echo " Config: $CONFIG_FILE"
echo " Service: aasd.service" echo " Service: aasd.service"

6
aasd/src/cmd/aasd/main.go
View file

@ -92,7 +92,8 @@ func main() {
// Serve static files // Serve static files
router.Static("/static", "./static") router.Static("/static", "./static")
router.StaticFile("/", "./static/index.html") router.StaticFile("/", "./static/index.html") // GITEX 2026 hub
router.StaticFile("/aasd", "./static/aasd.html") // AASD entry point
router.Static("/reports", "./reports") router.Static("/reports", "./reports")
// QR code generator endpoint // QR code generator endpoint
@ -321,12 +322,13 @@ func main() {
signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM) signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
srv := &http.Server{ srv := &http.Server{
Addr: "0.0.0.0:8080", Addr: "0.0.0.0:8000",
Handler: router, Handler: router,
} }
go func() { go func() {
fmt.Printf("AASD server starting on %s\n", srv.Addr) fmt.Printf("AASD server starting on %s\n", srv.Addr)
fmt.Printf("GITEX 2026 Nairobi — Hub: http://localhost:8000\n")
fmt.Printf("Version: 2026-04.1 | API Attack Surface Discovery\n") fmt.Printf("Version: 2026-04.1 | API Attack Surface Discovery\n")
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed { if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
fmt.Printf("Server error: %v\n", err) fmt.Printf("Server error: %v\n", err)

160
aasd/src/static/aasd.html Normal file
View file

@ -0,0 +1,160 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>AASD — API Attack Surface Discovery</title>
<script src="https://cdn.tailwindcss.com/"></script>
<script>
tailwind.config = {
theme: {
extend: {
colors: {
aasd: {
dark: '#0f172a',
card: '#1e293b',
border: '#334155',
blue: '#3b82f6',
purple: '#8b5cf6',
text: '#f1f5f9',
muted: '#94a3b8',
dim: '#64748b',
}
}
}
}
}
</script>
<style>
* { -webkit-tap-highlight-color: transparent; }
body { overscroll-behavior: none; }
.btn-primary { background: linear-gradient(90deg, #3b82f6, #8b5cf6); }
.btn-primary:active { transform: scale(0.97); }
input:-webkit-autofill { -webkit-box-shadow: 0 0 0 30px #0f172a inset !important; -webkit-text-fill-color: #f1f5f9 !important; }
</style>
</head>
<body class="bg-slate-900 text-slate-100 min-h-screen flex flex-col items-center justify-center px-4 py-6">
<div class="w-full max-w-sm mx-auto text-center">
<!-- Hub Link -->
<div class="mb-2 text-left">
<a href="/" class="text-xs text-slate-500 hover:text-blue-400 transition-colors">&larr; GITEX 2026 Hub</a>
</div>
<!-- Logo -->
<div class="mb-4">
<h1 class="text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent tracking-tight">
AASD
</h1>
<p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery</p>
</div>
<!-- Main Card -->
<div class="bg-slate-800 rounded-2xl p-6 shadow-2xl border border-slate-700">
<h2 class="text-xl font-bold text-slate-100 mb-2">Discover Your Attack Surface</h2>
<p class="text-sm text-slate-400 mb-6 leading-relaxed">
Enter your domain. We'll discover subdomains, test your WAF, and generate a resilience report.
</p>
<div id="error" class="hidden mb-4 p-3 bg-red-900/50 border border-red-700 rounded-xl text-sm text-red-300"></div>
<form id="domainForm" action="/start" method="POST">
<div class="mb-4 text-left">
<label for="domain" class="block text-sm font-semibold text-slate-300 mb-1.5">Your Domain</label>
<input type="text" id="domain" name="domain" placeholder="example.com" required autofocus
class="w-full px-4 py-3.5 bg-slate-900 border-2 border-slate-600 rounded-xl text-slate-100 text-base focus:outline-none focus:border-blue-500 focus:ring-1 focus:ring-blue-500/50 placeholder-slate-500 transition-all">
</div>
<button type="submit" id="submitBtn"
class="btn-primary w-full text-white font-bold py-4 px-6 rounded-xl text-lg shadow-lg hover:shadow-blue-500/25 active:scale-[0.97] transition-all">
Start Attack Surface Discovery
</button>
</form>
</div>
<!-- Scan Steps Preview -->
<div class="mt-6 bg-slate-800/50 rounded-xl p-4 border border-slate-700/50">
<p class="text-xs font-semibold text-slate-500 uppercase tracking-wider mb-3">What happens next</p>
<div class="space-y-2 text-left">
<div class="flex items-center gap-2 text-sm">
<span class="w-5 h-5 rounded-full bg-blue-500/20 text-blue-400 text-xs flex items-center justify-center shrink-0">1</span>
<span class="text-slate-400">Domain discovery scans your org</span>
</div>
<div class="flex items-center gap-2 text-sm">
<span class="w-5 h-5 rounded-full bg-purple-500/20 text-purple-400 text-xs flex items-center justify-center shrink-0">2</span>
<span class="text-slate-400">GoTestWAF probes your WAF defense</span>
</div>
<div class="flex items-center gap-2 text-sm">
<span class="w-5 h-5 rounded-full bg-green-500/20 text-green-400 text-xs flex items-center justify-center shrink-0">3</span>
<span class="text-slate-400">AI generates your resilience report</span>
</div>
</div>
</div>
<!-- CTA -->
<div class="mt-6 p-3 bg-slate-800/30 rounded-xl border border-blue-500/20">
<p class="text-xs text-slate-500">
GITEX 2026 Booth Demo — <span class="text-blue-400">Bring your code to BU 4</span>
</p>
</div>
</div>
<script>
const form = document.getElementById('domainForm');
const errorDiv = document.getElementById('error');
const submitBtn = document.getElementById('submitBtn');
form.addEventListener('submit', async (e) => {
e.preventDefault();
const domain = document.getElementById('domain').value.trim().toLowerCase();
if (!domain.includes('.')) {
showError('Please enter a valid domain (e.g. example.com).');
return;
}
if (domain.includes('/') || domain.includes('\\')) {
showError('Domain cannot contain slashes.');
return;
}
if (domain.length > 255) {
showError('Domain is too long.');
return;
}
submitBtn.disabled = true;
submitBtn.textContent = 'Starting Discovery...';
submitBtn.classList.add('opacity-75');
const formData = new FormData(form);
try {
const response = await fetch('/start', { method: 'POST', body: formData });
if (response.redirected) {
window.location.href = response.url;
} else if (!response.ok) {
const data = await response.json();
showError(data.error || 'Something went wrong.');
resetButton();
} else {
// Shouldn't get here, but handle gracefully
window.location.href = '/analysing?domain=' + encodeURIComponent(domain);
}
} catch (err) {
showError('Network error. Please check your connection.');
resetButton();
}
});
function showError(msg) {
errorDiv.textContent = msg;
errorDiv.classList.remove('hidden');
setTimeout(() => errorDiv.classList.add('hidden'), 5000);
}
function resetButton() {
submitBtn.disabled = false;
submitBtn.textContent = 'Start Attack Surface Discovery';
submitBtn.classList.remove('opacity-75');
}
</script>
</body>
</html>

156
aasd/src/static/index.html
View file

@ -3,23 +3,14 @@
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>AASD — API Attack Surface Discovery</title> <title>GITEX 2026 Nairobi — Demo Hub</title>
<script src="https://cdn.tailwindcss.com/"></script> <script src="https://cdn.tailwindcss.com/"></script>
<script> <script>
tailwind.config = { tailwind.config = {
theme: { theme: {
extend: { extend: {
colors: { colors: {
aasd: { hub: { dark: '#0f172a', card: '#1e293b', border: '#334155', blue: '#3b82f6', purple: '#8b5cf6', text: '#f1f5f9', muted: '#94a3b8', dim: '#64748b' }
dark: '#0f172a',
card: '#1e293b',
border: '#334155',
blue: '#3b82f6',
purple: '#8b5cf6',
text: '#f1f5f9',
muted: '#94a3b8',
dim: '#64748b',
}
} }
} }
} }
@ -28,128 +19,57 @@
<style> <style>
* { -webkit-tap-highlight-color: transparent; } * { -webkit-tap-highlight-color: transparent; }
body { overscroll-behavior: none; } body { overscroll-behavior: none; }
.app-card { transition: all 0.2s ease; }
.app-card:active { transform: scale(0.98); }
.btn-primary { background: linear-gradient(90deg, #3b82f6, #8b5cf6); } .btn-primary { background: linear-gradient(90deg, #3b82f6, #8b5cf6); }
.btn-primary:active { transform: scale(0.97); }
input:-webkit-autofill { -webkit-box-shadow: 0 0 0 30px #0f172a inset !important; -webkit-text-fill-color: #f1f5f9 !important; }
</style> </style>
</head> </head>
<body class="bg-slate-900 text-slate-100 min-h-screen flex flex-col items-center justify-center px-4 py-6"> <body class="bg-slate-900 text-slate-100 min-h-screen flex flex-col items-center justify-center px-4 py-8">
<div class="w-full max-w-sm mx-auto text-center"> <div class="w-full max-w-md mx-auto text-center">
<!-- Logo --> <!-- Header -->
<div class="mb-6"> <div class="mb-8">
<h1 class="text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent tracking-tight"> <div class="text-4xl mb-2">🌍</div>
AASD <h1 class="text-3xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">
GITEX 2026
</h1> </h1>
<p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery</p> <p class="text-lg font-semibold text-slate-300 mt-1">Nairobi</p>
<p class="text-sm text-slate-500 mt-1">Sechpoint Aftica — Demo Hub</p>
</div> </div>
<!-- Main Card --> <!-- App Cards -->
<div class="bg-slate-800 rounded-2xl p-6 shadow-2xl border border-slate-700"> <div class="space-y-4">
<h2 class="text-xl font-bold text-slate-100 mb-2">Discover Your Attack Surface</h2>
<p class="text-sm text-slate-400 mb-6 leading-relaxed">
Enter your domain. We'll discover subdomains, test your WAF, and generate a resilience report.
</p>
<div id="error" class="hidden mb-4 p-3 bg-red-900/50 border border-red-700 rounded-xl text-sm text-red-300"></div> <!-- AASD -->
<a href="/aasd" class="app-card block bg-slate-800 rounded-2xl p-5 border border-slate-700 hover:border-blue-500/50 text-left">
<form id="domainForm" action="/start" method="POST"> <div class="flex items-start gap-4">
<div class="mb-4 text-left"> <div class="w-12 h-12 rounded-xl bg-gradient-to-br from-blue-500 to-purple-600 flex items-center justify-center shrink-0 text-white font-bold text-lg">
<label for="domain" class="block text-sm font-semibold text-slate-300 mb-1.5">Your Domain</label> A
<input type="text" id="domain" name="domain" placeholder="example.com" required autofocus
class="w-full px-4 py-3.5 bg-slate-900 border-2 border-slate-600 rounded-xl text-slate-100 text-base focus:outline-none focus:border-blue-500 focus:ring-1 focus:ring-blue-500/50 placeholder-slate-500 transition-all">
</div> </div>
<div class="flex-1 min-w-0">
<button type="submit" id="submitBtn" <h2 class="text-lg font-bold text-slate-100">API Attack Surface Discovery</h2>
class="btn-primary w-full text-white font-bold py-4 px-6 rounded-xl text-lg shadow-lg hover:shadow-blue-500/25 active:scale-[0.97] transition-all"> <p class="text-sm text-slate-400 mt-0.5">Discover subdomains, test WAF defenses, and generate AI resilience reports.</p>
Start Attack Surface Discovery <div class="mt-2 flex items-center gap-2 text-xs">
</button> <span class="inline-block px-2 py-0.5 rounded-full bg-blue-500/20 text-blue-400 border border-blue-500/30">Live Demo</span>
</form> <span class="text-slate-500">Enter a domain to start</span>
</div>
<!-- Scan Steps Preview -->
<div class="mt-6 bg-slate-800/50 rounded-xl p-4 border border-slate-700/50">
<p class="text-xs font-semibold text-slate-500 uppercase tracking-wider mb-3">What happens next</p>
<div class="space-y-2 text-left">
<div class="flex items-center gap-2 text-sm">
<span class="w-5 h-5 rounded-full bg-blue-500/20 text-blue-400 text-xs flex items-center justify-center shrink-0">1</span>
<span class="text-slate-400">Domain discovery scans your org</span>
</div>
<div class="flex items-center gap-2 text-sm">
<span class="w-5 h-5 rounded-full bg-purple-500/20 text-purple-400 text-xs flex items-center justify-center shrink-0">2</span>
<span class="text-slate-400">GoTestWAF probes your WAF defense</span>
</div>
<div class="flex items-center gap-2 text-sm">
<span class="w-5 h-5 rounded-full bg-green-500/20 text-green-400 text-xs flex items-center justify-center shrink-0">3</span>
<span class="text-slate-400">AI generates your resilience report</span>
</div> </div>
</div> </div>
<div class="text-slate-500 text-lg shrink-0">&rarr;</div>
</div>
</a>
<!-- Placeholder for future apps -->
<div class="app-card block bg-slate-800/50 rounded-2xl p-5 border border-dashed border-slate-700/50 text-center opacity-50">
<p class="text-sm text-slate-500">More demos coming soon</p>
</div> </div>
<!-- CTA -->
<div class="mt-6 p-3 bg-slate-800/30 rounded-xl border border-blue-500/20">
<p class="text-xs text-slate-500">
GITEX 2026 Booth Demo — <span class="text-blue-400">Bring your code to BU 4</span>
</p>
</div>
</div> </div>
<script> <!-- Footer -->
const form = document.getElementById('domainForm'); <div class="mt-8 text-center text-xs text-slate-600">
const errorDiv = document.getElementById('error'); <p>GITEX 2026 Nairobi — sechpoint.app</p>
const submitBtn = document.getElementById('submitBtn'); </div>
form.addEventListener('submit', async (e) => { </div>
e.preventDefault();
const domain = document.getElementById('domain').value.trim().toLowerCase();
if (!domain.includes('.')) {
showError('Please enter a valid domain (e.g. example.com).');
return;
}
if (domain.includes('/') || domain.includes('\\')) {
showError('Domain cannot contain slashes.');
return;
}
if (domain.length > 255) {
showError('Domain is too long.');
return;
}
submitBtn.disabled = true;
submitBtn.textContent = 'Starting Discovery...';
submitBtn.classList.add('opacity-75');
const formData = new FormData(form);
try {
const response = await fetch('/start', { method: 'POST', body: formData });
if (response.redirected) {
window.location.href = response.url;
} else if (!response.ok) {
const data = await response.json();
showError(data.error || 'Something went wrong.');
resetButton();
} else {
// Shouldn't get here, but handle gracefully
window.location.href = '/analysing?domain=' + encodeURIComponent(domain);
}
} catch (err) {
showError('Network error. Please check your connection.');
resetButton();
}
});
function showError(msg) {
errorDiv.textContent = msg;
errorDiv.classList.remove('hidden');
setTimeout(() => errorDiv.classList.add('hidden'), 5000);
}
function resetButton() {
submitBtn.disabled = false;
submitBtn.textContent = 'Start Attack Surface Discovery';
submitBtn.classList.remove('opacity-75');
}
</script>
</body> </body>
</html> </html>

7
aasd/src/static/simulation.html
View file

@ -29,8 +29,13 @@
<body class="bg-slate-900 text-slate-100 min-h-screen"> <body class="bg-slate-900 text-slate-100 min-h-screen">
<div class="container mx-auto px-4 py-6 max-w-lg"> <div class="container mx-auto px-4 py-6 max-w-lg">
<!-- Hub Link -->
<div class="mb-2">
<a href="/" class="text-xs text-slate-500 hover:text-blue-400 transition-colors">&larr; GITEX 2026 Hub</a>
</div>
<!-- Header --> <!-- Header -->
<div class="text-center mb-6"> <div class="text-center mb-4">
<h1 class="text-2xl font-bold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">AASD</h1> <h1 class="text-2xl font-bold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">AASD</h1>
<p class="text-sm text-slate-400">API Attack Surface Discovery</p> <p class="text-sm text-slate-400">API Attack Surface Discovery</p>
<div class="mt-3 inline-block bg-slate-800 border-2 border-slate-600 rounded-full px-4 py-1.5 text-sm text-blue-400 font-mono" id="domainBadge">domain.com</div> <div class="mt-3 inline-block bg-slate-800 border-2 border-slate-600 rounded-full px-4 py-1.5 text-sm text-blue-400 font-mono" id="domainBadge">domain.com</div>

3
aasd/src/templates/admin.html
View file

@ -12,6 +12,9 @@
</head> </head>
<body class="bg-slate-900 text-slate-100 p-4 md:p-8"> <body class="bg-slate-900 text-slate-100 p-4 md:p-8">
<div class="max-w-6xl mx-auto"> <div class="max-w-6xl mx-auto">
<div class="mb-2">
<a href="/" class="text-xs text-slate-500 hover:text-blue-400 transition-colors">&larr; GITEX 2026 Hub</a>
</div>
<header class="text-center mb-8"> <header class="text-center mb-8">
<h1 class="text-3xl md:text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">AASD Dashboard</h1> <h1 class="text-3xl md:text-4xl font-extrabold bg-gradient-to-r from-blue-400 to-purple-400 bg-clip-text text-transparent">AASD Dashboard</h1>
<p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery — Consultant View</p> <p class="text-sm text-slate-400 mt-1">API Attack Surface Discovery — Consultant View</p>