customer-engineering/gitex2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gitex2026/README.md
administrator 4f533c6c8f feat: complete AASD booth application rewrite 
- Replace email input with domain input (no data collection)
- Interactive subdomain selection flow with live progress
- IP fast-path (skip discovery for IP addresses)
- HTTPS/TLS-based subdomain probing (5000-name SecLists wordlist)
- Wildcard DNS detection with TLS cert validation filter
- Rename reports: visitor_{token}.html and consultant_{token}.html
- Remove domain-scan dependency (ineffective without API keys)
- Fix race condition in discovery vs scan phase
- Rearrange repo structure: AttackSurface/ -> aasd/src/
- Add live probe progress counter in frontend
- Admin dashboard shows consultant report only when file exists
2026-04-28 12:45:45 +00:00

5.3 KiB
Raw Blame History

AASD — API Attack Surface Discovery

Interactive booth application for GITEX 2026. Visitors enter a domain, the app discovers live subdomains via HTTPS/TLS probing, and they select one to scan with GoTestWAF against a Wallarm WAF endpoint.

Enter domain → Discover subdomains → Pick target → GoTestWAF scan → AI report → QR code

Quick Start

# Build
cd ~/gitex2026/aasd/src
go build -o /opt/aasd/aasd ./cmd/aasd/

# Deploy
sudo systemctl restart aasd

# Monitor
sudo journalctl -u aasd -f

Booth Flow

  1. Visitor enters a domain (e.g. example.com) or an IP address
  2. Discovery runs — probes 5000 common subdomain names via HTTPS/TLS (Checking 142 / 5000 subdomains…)
  3. Live progress — frontend shows real-time counter with pulsing indicator
  4. Subdomains displayed — only those with valid TLS certificates (filters wildcard DNS noise)
  5. Visitor picks one — selects a subdomain to scan
  6. GoTestWAF scans — tests the selected subdomain against the Wallarm WAF endpoint
  7. AI report generated — resilience narrative (or fallback if AI unavailable)
  8. QR code shown — visitor shares with booth team for full consultant report

Deployment

Structure

/opt/aasd/
├── aasd                      # Compiled binary (31M)
├── config.yaml               # Server URL, admin credentials, AI key
├── prompt.txt                # DeepSeek system prompt
├── subdomains.txt            # 5000 common subdomain names (SecLists)
├── gotestwaf                 # WAF scanner binary (27M)
├── gotestwaf-config.yaml     # HTTP headers for scans
├── testcases/                # GoTestWAF attack payloads
├── static/                   # Frontend files
│   ├── index.html            # Landing page
│   └── simulation.html       # Selection + progress page
├── templates/
│   └── admin.html            # Consultant dashboard
├── reports/                  # Generated scan reports
└── logs/                     # Server logs

Configuration

Edit /opt/aasd/config.yaml:

ai:
  api_key: "sk-..."                    # DeepSeek API key for AI narratives
server:
  base_url: "https://aasd.sechpoint.app"  # Public URL for QR codes & email
admin:
  username: "sechpoint"
  password: "Git3x2o26"               # Admin dashboard password

Service Management

sudo systemctl start   aasd       # Start
sudo systemctl stop    aasd       # Stop
sudo systemctl restart aasd       # Restart
sudo systemctl status  aasd       # Status
sudo journalctl -u aasd -f        # Follow logs

Credentials

Interface Username Password
Admin Dashboard sechpoint Git3x2o26

API Endpoints

Endpoint Auth Description
GET / Public Landing page
POST /start Public Submit domain, start discovery
GET /select-subdomain?token= Public Subdomain selection page
POST /select-subdomain Public Select subdomain, start scan
GET /analysing?token= Public Scan progress page
GET /scan-status/:token Public Poll status (JSON)
GET /admin-dashboard Basic Auth Consultant dashboard
GET /api/scans Public Scan list (JSON)
GET /reports/visitor_*.html Public Visitor-facing report
GET /reports/consultant_*.html Public GoTestWAF consultant report
GET /qrcode?text= Public QR code generator

Report Types

File Content Size
visitor_{token}.html AI resilience narrative or fallback ~4KB
consultant_{token}.html Raw GoTestWAF output (if scan succeeded) ~59KB

Architecture

src/
├── cmd/aasd/main.go          # HTTP server, routes, lifecycle
├── internal/
│   ├── scanner/
│   │   ├── scanner.go        # Orchestrator, pipeline, scan results
│   │   ├── probe.go          # Wordlist-based HTTPS/TLS subdomain discovery
│   │   └── gotestwaf.go      # GoTestWAF binary execution
│   ├── report/report.go      # Static HTML report generation
│   ├── ai/deepseek.go        # DeepSeek API integration
│   └── mailer/smtp.go        # SMTP email delivery
└── static/                   # Frontend source files

Key Design Decisions

  • No email collection — domain is the only input, avoiding data-mining appearance
  • TLS cert validation as subdomain filter — reliable signal vs wildcard DNS noise
  • Interactive selection — visitor participates by choosing the scan target
  • 5000-name wordlist from SecLists — comprehensive but fast (~2 min probe)
  • In-memory scan state — volatile (restart clears), reports are files on disk (persist)
  • IP fast-path — skips discovery when an IP address is entered

Development

# Repository
cd ~/gitex2026
# aasd/src/  — Go source
# aasd/docs/ — Documentation

# Build
cd ~/gitex2026/aasd/src
go build -o /opt/aasd/aasd ./cmd/aasd/
go vet ./...

# Update wordlist (optional, defaults to built-in 40 names)
curl -sL -o /opt/aasd/subdomains.txt \
  "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt"

License

Proprietary — For internal event use at GITEX 2026.