customer-engineering/gitex2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gitex2026/README.md
administrator 4f533c6c8f feat: complete AASD booth application rewrite 
- Replace email input with domain input (no data collection)
- Interactive subdomain selection flow with live progress
- IP fast-path (skip discovery for IP addresses)
- HTTPS/TLS-based subdomain probing (5000-name SecLists wordlist)
- Wildcard DNS detection with TLS cert validation filter
- Rename reports: visitor_{token}.html and consultant_{token}.html
- Remove domain-scan dependency (ineffective without API keys)
- Fix race condition in discovery vs scan phase
- Rearrange repo structure: AttackSurface/ -> aasd/src/
- Add live probe progress counter in frontend
- Admin dashboard shows consultant report only when file exists
2026-04-28 12:45:45 +00:00

154 lines
5.3 KiB
Markdown
Raw Blame History

# AASD — API Attack Surface Discovery
Interactive booth application for **GITEX 2026**. Visitors enter a domain, the app discovers live subdomains via HTTPS/TLS probing, and they select one to scan with GoTestWAF against a Wallarm WAF endpoint.
```
Enter domain → Discover subdomains → Pick target → GoTestWAF scan → AI report → QR code
```
## Quick Start
```bash
# Build
cd ~/gitex2026/aasd/src
go build -o /opt/aasd/aasd ./cmd/aasd/
# Deploy
sudo systemctl restart aasd
# Monitor
sudo journalctl -u aasd -f
```
## Booth Flow
1. **Visitor enters a domain** (e.g. `example.com`) or an IP address
2. **Discovery runs** — probes 5000 common subdomain names via HTTPS/TLS (`Checking 142 / 5000 subdomains…`)
3. **Live progress** — frontend shows real-time counter with pulsing indicator
4. **Subdomains displayed** — only those with valid TLS certificates (filters wildcard DNS noise)
5. **Visitor picks one** — selects a subdomain to scan
6. **GoTestWAF scans** — tests the selected subdomain against the Wallarm WAF endpoint
7. **AI report generated** — resilience narrative (or fallback if AI unavailable)
8. **QR code shown** — visitor shares with booth team for full consultant report
## Deployment
### Structure
```
/opt/aasd/
├── aasd # Compiled binary (31M)
├── config.yaml # Server URL, admin credentials, AI key
├── prompt.txt # DeepSeek system prompt
├── subdomains.txt # 5000 common subdomain names (SecLists)
├── gotestwaf # WAF scanner binary (27M)
├── gotestwaf-config.yaml # HTTP headers for scans
├── testcases/ # GoTestWAF attack payloads
├── static/ # Frontend files
│ ├── index.html # Landing page
│ └── simulation.html # Selection + progress page
├── templates/
│ └── admin.html # Consultant dashboard
├── reports/ # Generated scan reports
└── logs/ # Server logs
```
### Configuration
Edit `/opt/aasd/config.yaml`:
```yaml
ai:
api_key: "sk-..." # DeepSeek API key for AI narratives
server:
base_url: "https://aasd.sechpoint.app" # Public URL for QR codes & email
admin:
username: "sechpoint"
password: "Git3x2o26" # Admin dashboard password
```
### Service Management
```bash
sudo systemctl start aasd # Start
sudo systemctl stop aasd # Stop
sudo systemctl restart aasd # Restart
sudo systemctl status aasd # Status
sudo journalctl -u aasd -f # Follow logs
```
### Credentials
| Interface | Username | Password |
|-----------|----------|----------|
| Admin Dashboard | `sechpoint` | `Git3x2o26` |
## API Endpoints
| Endpoint | Auth | Description |
|----------|------|-------------|
| `GET /` | Public | Landing page |
| `POST /start` | Public | Submit domain, start discovery |
| `GET /select-subdomain?token=` | Public | Subdomain selection page |
| `POST /select-subdomain` | Public | Select subdomain, start scan |
| `GET /analysing?token=` | Public | Scan progress page |
| `GET /scan-status/:token` | Public | Poll status (JSON) |
| `GET /admin-dashboard` | Basic Auth | Consultant dashboard |
| `GET /api/scans` | Public | Scan list (JSON) |
| `GET /reports/visitor_*.html` | Public | Visitor-facing report |
| `GET /reports/consultant_*.html` | Public | GoTestWAF consultant report |
| `GET /qrcode?text=` | Public | QR code generator |
## Report Types
| File | Content | Size |
|------|---------|------|
| `visitor_{token}.html` | AI resilience narrative or fallback | ~4KB |
| `consultant_{token}.html` | Raw GoTestWAF output (if scan succeeded) | ~59KB |
## Architecture
```
src/
├── cmd/aasd/main.go # HTTP server, routes, lifecycle
├── internal/
│ ├── scanner/
│ │ ├── scanner.go # Orchestrator, pipeline, scan results
│ │ ├── probe.go # Wordlist-based HTTPS/TLS subdomain discovery
│ │ └── gotestwaf.go # GoTestWAF binary execution
│ ├── report/report.go # Static HTML report generation
│ ├── ai/deepseek.go # DeepSeek API integration
│ └── mailer/smtp.go # SMTP email delivery
└── static/ # Frontend source files
```
## Key Design Decisions
- **No email collection** — domain is the only input, avoiding data-mining appearance
- **TLS cert validation** as subdomain filter — reliable signal vs wildcard DNS noise
- **Interactive selection** — visitor participates by choosing the scan target
- **5000-name wordlist** from SecLists — comprehensive but fast (~2 min probe)
- **In-memory scan state** — volatile (restart clears), reports are files on disk (persist)
- **IP fast-path** — skips discovery when an IP address is entered
## Development
```bash
# Repository
cd ~/gitex2026
# aasd/src/ — Go source
# aasd/docs/ — Documentation
# Build
cd ~/gitex2026/aasd/src
go build -o /opt/aasd/aasd ./cmd/aasd/
go vet ./...
# Update wordlist (optional, defaults to built-in 40 names)
curl -sL -o /opt/aasd/subdomains.txt \
"https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt"
```
## License
Proprietary — For internal event use at GITEX 2026.
Reference in a new issue View git blame Copy permalink