Rust ecosystem analyzer plugin for AttackMap (axum, actix-web, rocket; sqlx/diesel/sea-orm; jsonwebtoken/argon2; reqwest).
Project description
attackmap-analyzer-rust
Rust ecosystem analyzer for AttackMap.
This analyzer extracts structured signals from Rust crates and Cargo workspaces:
- Web frameworks — axum, actix-web, rocket (route + entrypoint extraction)
- Databases — sqlx (Postgres / MySQL / SQLite), diesel, sea-orm, tokio-postgres, rusqlite, mongodb, redis, deadpool, AWS SDK (S3 / DynamoDB)
- Auth crates — jsonwebtoken, argon2 / bcrypt / scrypt / password-hash, oauth2, axum-login, actix-identity, tower-sessions, tower-http auth
- HTTP clients (external calls) — reqwest, isahc, surf, ureq
- Secrets —
std::env::var,dotenv/dotenvy,env!macro,secrecy::SecretString - Service hints — Cargo
[package].nameand[workspace].members
All emissions populate AttackMap's Signal v2 fields (line numbers, evidence snippets, confidence scores) so downstream insights can cite path/to/file.rs:NN.
Install
pip install git+https://github.com/mlaify/attackmap-analyzer-rust.git
The analyzer is auto-discovered by AttackMap via the attackmap.analyzers entry-point group.
Usage with AttackMap
# Auto-discovered when installed:
attackmap analyze /path/to/rust/repo
# Or invoke explicitly:
attackmap analyze /path/to/rust/repo --module rust
Detection
detect() returns true when any of the following are present, ignoring target/, .git/, node_modules/, .cargo/, and vendor/:
- A
Cargo.tomlorCargo.lockat the repository root, or anywhere in the tree - One or more
.rsfiles in the tree
Coverage notes
- Warp is intentionally not covered yet — its filter-based routing makes path extraction unreliable from regex alone.
- Tide framework presence is detected via
tide::imports; route extraction for tide'sapp.at("/x").get(...)chain is on the roadmap. - Multi-method axum chains like
.route("/x", get(h).post(h2))produce oneRouteper HTTP verb in the chain, all sharing the sameline. - The actix-web attribute regex (
#[get(...)]) and rocket attribute regex are intentionally identical; rocket emissions only fire when the file also mentionsrocketsomewhere, to avoid double-counting actix routes.
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackmap_analyzer_rust-0.1.0.tar.gz.
File metadata
- Download URL: attackmap_analyzer_rust-0.1.0.tar.gz
- Upload date:
- Size: 13.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
99106bcca98856588dee5ceac015ce4e8c63e008dde3ec4c09433817e54a57f3
|
|
| MD5 |
513641f3bf8f40910d4d1f64ed596c86
|
|
| BLAKE2b-256 |
a4e2c945879d8edf07c231d6aa2427975d456dc54d4576ebc9411c32aa5e1954
|
Provenance
The following attestation bundles were made for attackmap_analyzer_rust-0.1.0.tar.gz:
Publisher:
release.yml on mlaify/attackmap-analyzer-rust
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_rust-0.1.0.tar.gz -
Subject digest:
99106bcca98856588dee5ceac015ce4e8c63e008dde3ec4c09433817e54a57f3 - Sigstore transparency entry: 1954624472
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-rust@fb3bcf6b2d08bc371d93b23e602246c8f5463b6e -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@fb3bcf6b2d08bc371d93b23e602246c8f5463b6e -
Trigger Event:
push
-
Statement type:
File details
Details for the file attackmap_analyzer_rust-0.1.0-py3-none-any.whl.
File metadata
- Download URL: attackmap_analyzer_rust-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
16cce5fe68f4d640091cd921aeb1b0aedbfcaa61dab0ef7b5767aa8b3396abb3
|
|
| MD5 |
d38518bb10e0911b9eb4f2a4d5a861e3
|
|
| BLAKE2b-256 |
794971e3e9d0a5a9d3b7be9f35df5348a42f318a74605ffb87d206b03a12916a
|
Provenance
The following attestation bundles were made for attackmap_analyzer_rust-0.1.0-py3-none-any.whl:
Publisher:
release.yml on mlaify/attackmap-analyzer-rust
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_rust-0.1.0-py3-none-any.whl -
Subject digest:
16cce5fe68f4d640091cd921aeb1b0aedbfcaa61dab0ef7b5767aa8b3396abb3 - Sigstore transparency entry: 1954624587
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-rust@fb3bcf6b2d08bc371d93b23e602246c8f5463b6e -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@fb3bcf6b2d08bc371d93b23e602246c8f5463b6e -
Trigger Event:
push
-
Statement type: