Execute the complete scanning process. Args: enable_recon: Enable reconnaissance phase full_scan: Enable all vulnerability tests quick_scan: Run only basic tests scan_subdomains: Enable subdomain discovery and scanning (experi
(
self,
enable_recon: bool = False,
full_scan: bool = False,
quick_scan: bool = False,
scan_subdomains: bool = False
)
| 442 | return recon_results |
| 443 | |
| 444 | def scan( |
| 445 | self, |
| 446 | enable_recon: bool = False, |
| 447 | full_scan: bool = False, |
| 448 | quick_scan: bool = False, |
| 449 | scan_subdomains: bool = False |
| 450 | ) -> Dict: |
| 451 | """ |
| 452 | Execute the complete scanning process. |
| 453 | |
| 454 | Args: |
| 455 | enable_recon: Enable reconnaissance phase |
| 456 | full_scan: Enable all vulnerability tests |
| 457 | quick_scan: Run only basic tests |
| 458 | scan_subdomains: Enable subdomain discovery and scanning (experimental) |
| 459 | |
| 460 | Returns: |
| 461 | Dictionary containing scan results |
| 462 | """ |
| 463 | self.start_time = datetime.now() |
| 464 | self.state_manager.set_phase(PentestPhase.INITIALIZATION) |
| 465 | |
| 466 | results = { |
| 467 | 'target': self.target_url, |
| 468 | 'start_time': self.start_time.isoformat(), |
| 469 | 'config': { |
| 470 | 'depth': self.depth, |
| 471 | 'threads': self.threads, |
| 472 | 'recon_enabled': enable_recon, |
| 473 | 'scan_mode': 'full' if full_scan else 'quick' if quick_scan else 'standard', |
| 474 | 'browser_enabled': self.config.get('advanced', {}).get('enable_javascript_rendering', False), |
| 475 | 'screenshot_enabled': self.config.get('advanced', {}).get('screenshot_enabled', False), |
| 476 | 'subdomain_scanning': scan_subdomains |
| 477 | } |
| 478 | } |
| 479 | |
| 480 | # Phase 1: Reconnaissance (optional) |
| 481 | recon_data = None |
| 482 | if enable_recon: |
| 483 | recon_data = self.run_reconnaissance() |
| 484 | results['reconnaissance'] = recon_data |
| 485 | |
| 486 | # Phase 1.5: Subdomain Discovery & Scanning (experimental) |
| 487 | if scan_subdomains: |
| 488 | subdomain_results = self.subdomain_scanner.discover_and_scan( |
| 489 | self.target_url, |
| 490 | aggressive=self.config.get('experimental', {}).get('aggressive_subdomain_enum', True) |
| 491 | ) |
| 492 | results['subdomain_scan'] = subdomain_results |
| 493 | |
| 494 | # Aggregate subdomain vulnerabilities into main results |
| 495 | for subdomain, sub_result in subdomain_results.get('scan_results', {}).items(): |
| 496 | for vuln in sub_result.get('vulnerabilities', []): |
| 497 | # Mark as subdomain vulnerability |
| 498 | vuln['source'] = 'subdomain' |
| 499 | vuln['subdomain'] = subdomain |
| 500 | |
| 501 | # Enrich with CVE data if enabled |
no test coverage detected