Skip to content

feat: framework detection module #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vmfunc merged 9 commits into from
Jan 3, 2026
Merged

feat: framework detection module #40

vmfunc merged 9 commits into from
Jan 3, 2026
+1,434 −2

Conversation

@vmfunc
Copy link
Owner

@vmfunc vmfunc commented Nov 22, 2024
edited
Loading

Framework Detection Core:

  • Create pkg/scan/frameworks package
  • Implement basic framework detection logic
  • Add signature-based framework identification
  • Implement version detection patterns
  • Add confidence scoring system
  • Implement header analysis
  • Add logging integration

Framework Signatures:

  • Laravel signatures
  • Django signatures
  • Ruby on Rails signatures
  • Express.js signatures
  • ASP.NET signatures (including ASP.NET Core, WebForms, MVC)
  • Spring signatures (including Spring Boot)
  • Flask signatures
  • Add more framework patterns (Vue, Angular, React, Svelte, SvelteKit, Remix, Gatsby, Joomla, Magento, Shopify, Ghost, Ember, Backbone, Meteor, Strapi, AdonisJS, CakePHP, CodeIgniter)

Version Detection:

  • Implement regex-based version extraction
  • Add framework-specific version patterns
  • Handle unknown versions gracefully
  • Add version confidence scoring (with source tracking)
  • Add version validation (reject invalid versions)

CVE Integration:

  • Design CVE data structure
  • Add basic CVE mapping functionality
  • Implement version-specific vulnerability checks (15+ CVEs for major frameworks)
  • Add security recommendations system

Configuration & Integration:

  • Add framework detection flag to config
  • Integrate with main scan workflow
  • Add to ModuleResults structure
  • Update help documentation (flag help text)
  • Add logging directory support

Documentation:

  • Update README (usage example + module table)
  • Document framework detection patterns (CONTRIBUTING.md)
  • Add configuration documentation (CONTRIBUTING.md)

Performance:

  • Optimize signature matching
  • Add concurrent scanning support (goroutines)
  • Implement efficient version detection (confidence-based)

Enhancements:

  • Plan for custom signature support (documented in CONTRIBUTING.md)
  • Design framework for community contributions (documented in CONTRIBUTING.md)
  • Consider API integration for CVE data (documented as future enhancement)
  • Plan for automated signature updates (documented as future enhancement)

@vmfunc vmfunc added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Nov 22, 2024
@vmfunc vmfunc self-assigned this Nov 22, 2024
@vmfunc vmfunc removed the good first issue Good for newcomers label Nov 22, 2024
@vmfunc
Copy link
Owner Author

vmfunc commented Nov 22, 2024

why is the YML action giving me brain damage. wontfix

@vmfunc vmfunc marked this pull request as ready for review January 3, 2026 02:19
vmfunc and others added 6 commits January 2, 2026 18:52
@vmfunc
feat: framework detection module
1eac297
@vmfunc
feat(framework-detection): weighted bayesian detection algorithm
6552aa8 
- weighted signature matching for more accurate framework detection
- sigmoid normalization for confidence scores
- version detection with semantic versioning support
- header-only pattern
@vmfunc
chore(actions): add framework to CI
05c0165
@vmfunc
feat: improve framework detection with more signatures and tests
11589e9 
- use math.Exp instead of custom exp implementation
- add more framework signatures: next.js, nuxt.js, wordpress, drupal,
  symfony, fastapi, gin, phoenix
- fix header detection to check both header names and values
- simplify version detection (remove unnecessary padding)
- add comprehensive test suite for framework detection
- fix formatting in dork.go
@vmfunc
chore: add license header to detect.go
eb77282
@vmfunc
feat: expand framework detection with cvs, version confidence, concur…
8a09456 
…rency

- add 20+ new framework signatures (vue, angular, react, svelte, sveltekit,
  remix, gatsby, joomla, magento, shopify, ghost, ember, backbone, meteor,
  strapi, adonisjs, cakephp, codeigniter, asp.net core, spring boot)
- add version confidence scoring with multiple detection sources
- add concurrent framework scanning for better performance
- expand cve database with 15+ known vulnerabilities (spring4shell, etc.)
- add risk level assessment based on cve severity
- add comprehensive security recommendations
- add new tests for all features
@vmfunc vmfunc force-pushed the feat/framework-detection branch from 2353725 to 8a09456 Compare January 3, 2026 02:52
vmfunc added 3 commits January 2, 2026 18:54
@vmfunc
docs: add framework detection to readme
95a03b9
@vmfunc
fix: improve version detection and add documentation
78a385d 
- fix version detection to validate reasonable version numbers (major < 100)
- remove overly permissive patterns that caused false positives
- add comprehensive framework contribution documentation to CONTRIBUTING.md
- document signature patterns, version detection, and CVE data format
- add configuration documentation for flags and env vars
- outline future enhancements for community contributions
@vmfunc
fix: adjust sif logo alignment
3735534
@vmfunc vmfunc merged commit 8fb797d into main Jan 3, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vmfunc vmfunc

Labels

enhancement New feature or request help wanted Extra attention is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vmfunc