# State of Development **Version**: 2026-04.1 | **Last Updated**: 2026-04-28 ## Booth Flow ``` Visitor enters: example.com ↓ POST /start → ProbeSubdomains() checks 5000 names via HTTPS/TLS ↓ Live progress: "Checking 142 / 5000 subdomains…" ↓ Discovered subdomains shown — visitor picks one ↓ GoTestWAF scans selected subdomain against Wallarm endpoint ↓ AI generates resilience narrative (or fallback) ↓ Visitor sees report with QR code; consultant accesses full GoTestWAF output ``` ## Key Features | Feature | Status | Details | |---------|--------|---------| | **Domain Input** | ✅ Complete | Replaced email — no data-collection appearance | | **Subdomain Discovery** | ✅ Complete | 5000-name SecLists wordlist, HTTPS/TLS probe | | **Wildcard DNS Detection** | ✅ Complete | Filters catch-all via TLS cert validation | | **Live Probe Progress** | ✅ Complete | Frontend shows "checked N / total" with pulse | | **Interactive Selection** | ✅ Complete | User picks which subdomain to scan | | **IP Fast-Path** | ✅ Complete | Skips discovery, scans IP directly | | **GoTestWAF Integration** | ✅ Complete | 120s timeout, consultant_{token}.html output | | **AI Narrative** | ✅ Complete | DeepSeek API (fallback HTML when unavailable) | | **Admin Dashboard** | ✅ Complete | Basic auth, per-scan consultant report links | | **Report Serving** | ✅ Complete | visitor_{token}.html + consultant_{token}.html | | **QR Code** | ✅ Complete | Booth scanning workflow | | **Graceful Shutdown** | ✅ Complete | SIGINT/SIGTERM handling | | **Booth Network** | ✅ Complete | Binds to 0.0.0.0:8080 | ## Technical Specifications | Aspect | Value | |--------|-------| | **Language** | Go 1.25.0 | | **Framework** | Gin web framework | | **Subdomain Wordlist** | 5000 names (SecLists) | | **Probe Concurrency** | 10 workers, 3s timeout | | **Probe Duration** | ~2 minutes for 5000 names | | **WAF Scanner** | GoTestWAF (120s timeout) | | **AI Provider** | DeepSeek API (optional, graceful fallback) | | **Reports** | Static HTML at /opt/aasd/reports/ | | **Storage** | Scan metadata: in-memory; Reports: files on disk | | **Deployment** | systemd service at /opt/aasd/ | | **Credentials** | sechpoint / Git3x2o26 | ## Deployment ``` /opt/aasd/ ├── aasd 31M — Compiled binary ├── config.yaml — Server URL, admin creds, AI key ├── prompt.txt — DeepSeek system prompt ├── subdomains.txt — 5000-name wordlist ├── gotestwaf 27M — WAF scanner binary ├── gotestwaf-config.yaml — HTTP headers for scans ├── testcases/ — GoTestWAF attack payloads ├── static/ — Frontend HTML/JS ├── templates/ — Admin dashboard template ├── reports/ — Generated scan reports └── logs/ — Server logs ``` ## API Endpoints | Endpoint | Method | Description | |----------|--------|-------------| | `/` | GET | Landing page (domain input) | | `/start` | POST | Submit domain, start discovery pipeline | | `/select-subdomain` | GET | Subdomain selection page | | `/select-subdomain` | POST | Select target, start GoTestWAF scan | | `/analysing` | GET | Scan progress page | | `/scan-status/:token` | GET | Poll scan status (JSON) | | `/admin-dashboard` | GET | Consultant dashboard (basic auth) | | `/api/scans` | GET | Scan list (JSON) | | `/report-data/:token` | GET | Raw scan result (JSON) | | `/reports/*` | GET | Static report files | | `/qrcode` | GET | QR code generator | | `/email-report` | POST | Send report via email | | `/simulation` | GET | Legacy alias for /analysing | ## Known Limitations - **Scan results are in-memory** — restarting the service clears all scan metadata (reports on disk survive) - **GoTestWAF requires HTTPS** — targets without HTTPS will fail to scan (fallback report generated) - **Probe takes ~2 minutes** for 5000 names at 10 concurrent workers with 3s timeout - **Wildcard DNS + Zoraxy defaults** — subdomains that return the exact same Zoraxy default page may be filtered out even if they exist (rare edge case) ## Next Steps - Production deployment with proper SSL termination via Zoraxy - DeepSeek API key configuration for AI-powered reports - Fine-tune wordlist for booth-relevant domains