@@ -11,8 +11,8 @@ import (
1111
1212 "github.com/CodeMonkeyCybersecurity/shells/internal/discovery"
1313 "github.com/CodeMonkeyCybersecurity/shells/pkg/types"
14- "github.com/spf13/cobra"
1514 "github.com/fatih/color"
15+ "github.com/spf13/cobra"
1616)
1717
1818var bountyCmd = & cobra.Command {
4343
4444func init () {
4545 rootCmd .AddCommand (bountyCmd )
46-
47- bountyCmd .Flags ().BoolVar (& bountyFlags .quickMode , "quick" , false ,
46+
47+ bountyCmd .Flags ().BoolVar (& bountyFlags .quickMode , "quick" , false ,
4848 "Quick mode - fast scan for critical vulnerabilities only" )
4949 bountyCmd .Flags ().BoolVar (& bountyFlags .deepMode , "deep" , false ,
5050 "Deep mode - comprehensive scan including all attack vectors" )
@@ -63,69 +63,69 @@ func init() {
6363func runBountyCommand (cmd * cobra.Command , args []string ) error {
6464 target := args [0 ]
6565 ctx := context .Background ()
66-
66+
6767 // Header
6868 color .Cyan ("\n 🎯 High-Value Bug Bounty Scanner\n " )
6969 color .Yellow ("Target: %s\n " , target )
7070 color .Yellow ("Mode: %s\n " , getScanMode ())
7171 color .Yellow ("Starting at: %s\n \n " , time .Now ().Format ("15:04:05" ))
72-
72+
7373 // Phase 1: Smart Discovery
7474 color .Blue ("Phase 1: Smart Attack Surface Discovery\n " )
7575 assets , err := performSmartDiscovery (ctx , target )
7676 if err != nil {
7777 return fmt .Errorf ("discovery failed: %w" , err )
7878 }
79-
79+
8080 // Sort assets by priority
8181 prioritizedAssets := prioritizeAssets (assets )
8282 color .Green ("✓ Discovered %d high-value targets\n " , len (prioritizedAssets ))
83-
83+
8484 // Display top targets
8585 displayTopTargets (prioritizedAssets [:min (10 , len (prioritizedAssets ))])
86-
86+
8787 // Phase 2: Vulnerability Testing
8888 color .Blue ("\n Phase 2: High-Value Vulnerability Testing\n " )
8989 var findings []types.Finding
9090 var mu sync.Mutex
9191 var wg sync.WaitGroup
92-
92+
9393 // Test each high-priority asset
9494 semaphore := make (chan struct {}, bountyFlags .threads )
95-
95+
9696 for i , asset := range prioritizedAssets {
9797 // Skip low-priority assets in quick mode
9898 if bountyFlags .quickMode && asset .Priority < 70 {
9999 break
100100 }
101-
101+
102102 wg .Add (1 )
103103 semaphore <- struct {}{}
104-
104+
105105 go func (idx int , a discovery.Asset ) {
106106 defer wg .Done ()
107107 defer func () { <- semaphore }()
108-
108+
109109 // Progress indicator
110110 progress := fmt .Sprintf ("[%d/%d]" , idx + 1 , len (prioritizedAssets ))
111-
111+
112112 // Test based on asset type
113113 switch {
114114 case strings .Contains (a .Value , "auth" ) || strings .Contains (a .Value , "login" ):
115115 if ! bountyFlags .focusAPI && ! bountyFlags .focusLogic {
116116 testAuthentication (ctx , a , & findings , & mu , progress )
117117 }
118-
118+
119119 case strings .Contains (a .Value , "api" ) || strings .Contains (a .Value , "graphql" ):
120120 if ! bountyFlags .focusAuth && ! bountyFlags .focusLogic {
121121 testAPI (ctx , a , & findings , & mu , progress )
122122 }
123-
123+
124124 case strings .Contains (a .Value , "payment" ) || strings .Contains (a .Value , "checkout" ):
125125 if ! bountyFlags .focusAuth && ! bountyFlags .focusAPI {
126126 testBusinessLogic (ctx , a , & findings , & mu , progress )
127127 }
128-
128+
129129 default :
130130 // Test all categories for generic endpoints
131131 if ! bountyFlags .focusAuth {
@@ -135,25 +135,25 @@ func runBountyCommand(cmd *cobra.Command, args []string) error {
135135 testAPI (ctx , a , & findings , & mu , progress )
136136 }
137137 }
138-
138+
139139 // Always test for request smuggling and SSRF on web endpoints
140140 testRequestSmuggling (ctx , a , & findings , & mu , progress )
141141 testSSRFOld (ctx , a , & findings , & mu , progress )
142-
142+
143143 }(i , asset )
144144 }
145-
145+
146146 wg .Wait ()
147-
147+
148148 // Phase 3: Results
149149 color .Blue ("\n Phase 3: Results Summary\n " )
150150 displayResults (findings )
151-
151+
152152 // Save results
153153 if err := saveResults (target , findings ); err != nil {
154154 color .Red ("Failed to save results: %v\n " , err )
155155 }
156-
156+
157157 return nil
158158}
159159
@@ -209,16 +209,16 @@ func displayTopTargets(assets []discovery.Asset) {
209209
210210func testAuthentication (ctx context.Context , asset discovery.Asset , findings * []types.Finding , mu * sync.Mutex , progress string ) {
211211 color .Yellow ("%s Testing authentication: %s\n " , progress , asset .Value )
212-
212+
213213 // Use the auth testing module
214214 // TODO: Integrate with actual auth testing module when available
215- results := []struct {
216- Vulnerable bool
217- Title string
215+ results := []struct {
216+ Vulnerable bool
217+ Title string
218218 Description string
219- Evidence string
219+ Evidence string
220220 }{}
221-
221+
222222 // Check for vulnerabilities
223223 for _ , result := range results {
224224 if result .Vulnerable {
@@ -232,39 +232,39 @@ func testAuthentication(ctx context.Context, asset discovery.Asset, findings *[]
232232 Metadata : map [string ]interface {}{"url" : asset .Value },
233233 })
234234 mu .Unlock ()
235-
235+
236236 color .Red ("%s [CRITICAL] Found: %s\n " , progress , result .Title )
237237 }
238238 }
239239}
240240
241241func testAPI (ctx context.Context , asset discovery.Asset , findings * []types.Finding , mu * sync.Mutex , progress string ) {
242242 color .Yellow ("%s Testing API security: %s\n " , progress , asset .Value )
243-
243+
244244 // GraphQL specific tests
245245 if strings .Contains (asset .Value , "graphql" ) {
246246 // Test for introspection
247247 color .White ("%s → Checking GraphQL introspection...\n " , progress )
248-
248+
249249 // Test for authorization bypass
250250 color .White ("%s → Testing GraphQL authorization...\n " , progress )
251251 }
252-
252+
253253 // REST API tests
254254 color .White ("%s → Testing REST API authorization...\n " , progress )
255255 color .White ("%s → Checking for API key leakage...\n " , progress )
256256}
257257
258258func testBusinessLogic (ctx context.Context , asset discovery.Asset , findings * []types.Finding , mu * sync.Mutex , progress string ) {
259259 color .Yellow ("%s Testing business logic: %s\n " , progress , asset .Value )
260-
260+
261261 // Payment-specific tests
262262 if strings .Contains (asset .Value , "payment" ) || strings .Contains (asset .Value , "checkout" ) {
263263 color .White ("%s → Testing price manipulation...\n " , progress )
264264 color .White ("%s → Testing race conditions...\n " , progress )
265265 color .White ("%s → Testing negative amounts...\n " , progress )
266266 }
267-
267+
268268 // IDOR tests
269269 color .White ("%s → Testing for IDOR vulnerabilities...\n " , progress )
270270}
@@ -274,47 +274,49 @@ func testRequestSmuggling(ctx context.Context, asset discovery.Asset, findings *
274274 if ! strings .HasPrefix (asset .Value , "http" ) {
275275 return
276276 }
277-
277+
278278 color .Yellow ("%s Testing request smuggling: %s\n " , progress , asset .Value )
279-
279+
280280 // TODO: Integrate with actual smuggling detector
281281 // The smuggling detector requires an HTTP client and config
282282 // For now, return early
283283 return
284-
285- // Placeholder for future implementation
286- var result struct {
287- Vulnerable bool
288- Technique string
289- Description string
290- Evidence string
291- }
292- var err error
293- if err != nil {
294- return
295- }
296-
297- if result .Vulnerable {
298- mu .Lock ()
299- * findings = append (* findings , types.Finding {
300- Type : "Request Smuggling" ,
301- Severity : types .SeverityHigh ,
302- Title : fmt .Sprintf ("HTTP Request Smuggling (%s)" , result .Technique ),
303- Description : result .Description ,
304- Evidence : result .Evidence ,
305- Metadata : map [string ]interface {}{"url" : asset .Value },
306- })
307- mu .Unlock ()
308-
309- color .Red ("%s [HIGH] Found: Request Smuggling (%s)\n " , progress , result .Technique )
310- }
284+
285+ // TODO: Placeholder for future implementation - uncomment when implementing
286+ /*
287+ var result struct {
288+ Vulnerable bool
289+ Technique string
290+ Description string
291+ Evidence string
292+ }
293+ var err error
294+ if err != nil {
295+ return
296+ }
297+
298+ if result.Vulnerable {
299+ mu.Lock()
300+ *findings = append(*findings, types.Finding{
301+ Type: "Request Smuggling",
302+ Severity: types.SeverityHigh,
303+ Title: fmt.Sprintf("HTTP Request Smuggling (%s)", result.Technique),
304+ Description: result.Description,
305+ Evidence: result.Evidence,
306+ Metadata: map[string]interface{}{"url": asset.Value},
307+ })
308+ mu.Unlock()
309+
310+ color.Red("%s [HIGH] Found: Request Smuggling (%s)\n", progress, result.Technique)
311+ }
312+ */
311313}
312314
313315func testSSRFOld (ctx context.Context , asset discovery.Asset , findings * []types.Finding , mu * sync.Mutex , progress string ) {
314316 // Look for SSRF indicators
315- if strings .Contains (asset .Value , "webhook" ) ||
316- strings .Contains (asset .Value , "callback" ) ||
317- strings .Contains (asset .Value , "url" ) {
317+ if strings .Contains (asset .Value , "webhook" ) ||
318+ strings .Contains (asset .Value , "callback" ) ||
319+ strings .Contains (asset .Value , "url" ) {
318320 color .Yellow ("%s Testing SSRF: %s\n " , progress , asset .Value )
319321 color .White ("%s → Testing URL parameter injection...\n " , progress )
320322 color .White ("%s → Testing webhook manipulation...\n " , progress )
@@ -326,7 +328,7 @@ func displayResults(findings []types.Finding) {
326328 critical := 0
327329 high := 0
328330 medium := 0
329-
331+
330332 for _ , f := range findings {
331333 switch f .Severity {
332334 case types .SeverityCritical :
@@ -337,23 +339,23 @@ func displayResults(findings []types.Finding) {
337339 medium ++
338340 }
339341 }
340-
342+
341343 // Summary
342344 color .White ("Vulnerabilities Found:\n " )
343345 if critical > 0 {
344346 color .Red (" CRITICAL: %d\n " , critical )
345347 }
346348 if high > 0 {
347- color .Yellow (" HIGH: %d\n " , high )
349+ color .Yellow (" HIGH: %d\n " , high )
348350 }
349351 if medium > 0 {
350352 color .Blue (" MEDIUM: %d\n " , medium )
351353 }
352-
354+
353355 if critical + high + medium == 0 {
354356 color .Green (" No high-value vulnerabilities found\n " )
355357 }
356-
358+
357359 // Detailed findings
358360 if len (findings ) > 0 {
359361 color .White ("\n Detailed Findings:\n " )
@@ -373,7 +375,7 @@ func displayFinding(num int, finding types.Finding) {
373375 case types .SeverityMedium :
374376 severityColor = color .New (color .FgBlue )
375377 }
376-
378+
377379 severityColor .Printf ("\n %d. [%s] %s\n " , num , finding .Severity , finding .Title )
378380 color .White (" Type: %s\n " , finding .Type )
379381 if url , ok := finding .Metadata ["url" ].(string ); ok {
@@ -384,17 +386,17 @@ func displayFinding(num int, finding types.Finding) {
384386
385387func saveResults (target string , findings []types.Finding ) error {
386388 // Create output directory
387- outputDir := fmt .Sprintf ("bounty-results/%s-%s" ,
389+ outputDir := fmt .Sprintf ("bounty-results/%s-%s" ,
388390 strings .ReplaceAll (target , "." , "_" ),
389391 time .Now ().Format ("20060102-150405" ))
390-
392+
391393 if err := os .MkdirAll (outputDir , 0755 ); err != nil {
392394 return err
393395 }
394-
396+
395397 // Save findings
396398 // TODO: Implement JSON/Markdown export
397-
399+
398400 color .Green ("\n ✓ Results saved to: %s\n " , outputDir )
399401 return nil
400402}
@@ -409,4 +411,4 @@ func getScanMode() string {
409411 return "Standard"
410412}
411413
412- // min function removed - using the one from scanner_executor.go
414+ // min function removed - using the one from scanner_executor.go
0 commit comments