Go ecosystem analyzer plugin for AttackMap (net/http, chi, gin, echo, fiber, gorilla/mux; database/sql, gorm, sqlx, pgx; golang-jwt; resty).
Project description
attackmap-analyzer-go
Go ecosystem analyzer for AttackMap.
This analyzer extracts structured signals from Go modules and workspaces:
- Web frameworks — net/http (stdlib), chi, gin, echo, fiber, gorilla/mux (route + entrypoint extraction)
- Databases —
database/sql(Postgres / MySQL / SQLite drivers), gorm (with driver-aware kind inference), sqlx, pgx, mongo-go-driver, go-redis, bbolt, AWS SDK (S3, DynamoDB) - Auth packages — golang-jwt, golang.org/x/oauth2, gorilla/sessions, casbin, x/crypto/bcrypt / scrypt / argon2, go-chi/jwtauth, echo-jwt
- HTTP clients (external calls) — net/http (
http.Get/http.Post/http.NewRequest), go-resty, grequests - Secrets —
os.Getenv,os.LookupEnv,godotenv,viper.GetString - Service hints — module name extracted from
go.mod
All emissions populate AttackMap's Signal v2 fields (line numbers, evidence snippets, confidence scores) so downstream insights can cite path/to/file.go:NN.
Install
pip install git+https://github.com/mlaify/attackmap-analyzer-go.git
The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.
Usage with AttackMap
# Auto-discovered when installed:
attackmap analyze /path/to/go/repo
# Or invoke explicitly:
attackmap analyze /path/to/go/repo --module go
Detection
detect() returns true when any of the following are present, ignoring vendor/, .git/, node_modules/, dist/, and build/:
- A
go.modorgo.sumat the repository root, or anywhere in the tree - One or more
.gofiles in the tree
Coverage notes
- Framework-aware route extraction: chi/echo/fiber all use the same title-case verb pattern (
r.Get(...),r.Post(...)). To avoid mis-attributing generic.Get(...)calls (e.g., on a map type) as routes, the analyzer only fires those extractors when the file also contains a recognizable framework marker (go-chi/chiimport,chi.NewRouter(,labstack/echo,echo.New(, etc.). - gorilla/mux + net/http: when both are detected in the same file, only the gorilla extractor runs. The stdlib
HandleFuncextractor would otherwise double-count the same routes. - Method extraction: gin uses uppercase methods (
r.GET); chi/echo/fiber use title-case (r.Get); gorilla/mux chains.Methods("GET", "POST")afterHandleFunc. All three shapes are supported.http.HandleFunchas no method information, so those routes are emitted with methodANY. - chi
Route()/Mount()prefix nesting: routes insider.Route("/api", func(r chi.Router) { ... })are extracted but the outer/apiprefix is not currently joined to the inner paths. Roadmap. - gRPC: framework presence and
grpc.NewServerentrypoint are detected. Per-service / per-method route extraction would require parsing.protofiles — not yet supported.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackmap_analyzer_go-0.1.0.tar.gz.
File metadata
- Download URL: attackmap_analyzer_go-0.1.0.tar.gz
- Upload date:
- Size: 14.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2a416f7611fce9d154d977dff5278fa3399802b2c771e7f54a8b35cef626f1d6
|
|
| MD5 |
8ba7992ee6618cf4aa884bb826ef4092
|
|
| BLAKE2b-256 |
9d73c526aa9c641f5c1cdb55910dede39470018eeda93e0a1823aa901ff4ae2f
|
Provenance
The following attestation bundles were made for attackmap_analyzer_go-0.1.0.tar.gz:
Publisher:
release.yml on mlaify/attackmap-analyzer-go
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_go-0.1.0.tar.gz -
Subject digest:
2a416f7611fce9d154d977dff5278fa3399802b2c771e7f54a8b35cef626f1d6 - Sigstore transparency entry: 1955265370
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-go@fcb27c41bf289ca2242f53fb306e4f8e8bb30d3b -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@fcb27c41bf289ca2242f53fb306e4f8e8bb30d3b -
Trigger Event:
push
-
Statement type:
File details
Details for the file attackmap_analyzer_go-0.1.0-py3-none-any.whl.
File metadata
- Download URL: attackmap_analyzer_go-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44943bd694502fe90bbd55e7b0690f4abaad062566fd7e88e8518af3938c12cc
|
|
| MD5 |
d3276bd8359a6c8281e6c1719c77b069
|
|
| BLAKE2b-256 |
1d8c353fdae184f0d82f371d5441f0779fd1ae46a67eefdc4326c3d9c8d9d6da
|
Provenance
The following attestation bundles were made for attackmap_analyzer_go-0.1.0-py3-none-any.whl:
Publisher:
release.yml on mlaify/attackmap-analyzer-go
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_go-0.1.0-py3-none-any.whl -
Subject digest:
44943bd694502fe90bbd55e7b0690f4abaad062566fd7e88e8518af3938c12cc - Sigstore transparency entry: 1955265536
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-go@fcb27c41bf289ca2242f53fb306e4f8e8bb30d3b -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@fcb27c41bf289ca2242f53fb306e4f8e8bb30d3b -
Trigger Event:
push
-
Statement type: