Skip to content

feat: Sentinel v2.0 - Major security scanner upgrade#1

Open
Valisthea wants to merge 1 commit intoeawhitehat:mainfrom
Valisthea:v2-major-upgrade
Open

feat: Sentinel v2.0 - Major security scanner upgrade#1
Valisthea wants to merge 1 commit intoeawhitehat:mainfrom
Valisthea:v2-major-upgrade

Conversation

@Valisthea
Copy link

@Valisthea Valisthea commented Feb 23, 2026

Summary

Major upgrade of Sentinel from a basic header/file scanner to a comprehensive blackbox security assessment framework.

What's new

Reconnaissance

  • DNS bruteforce with 100+ common subdomain prefixes
  • DNS resolution filtering (only scan live hosts)

Scanning — 6 new modules

  • TLS/SSL analysis (protocol version, cert expiry, self-signed)
  • CORS misconfiguration detection (wildcard, reflected origin, credentials)
  • HTTP methods audit (PUT, DELETE, TRACE via OPTIONS)
  • Extended info disclosure (X-Powered-By, ASP.NET version headers)
  • Security headers expanded: 3 → 9 (added HSTS, Permissions-Policy, Referrer-Policy, COOP, CORP)
  • Sensitive file detection expanded: 4 → 35+ paths (Docker, AWS, Spring Boot, GraphQL, Swagger, backups)
  • CVSS v3.1 scoring and remediation guidance for every finding

Reporting

  • HTML report: dark-themed, severity breakdown, risk gauge, remediation per finding
  • Risk score: weighted 0–10 scale (Safe / Low / Medium / High / Critical)
  • JSON report restructured with full metadata (target, date, duration, summary)

CLI & Configuration

  • YAML config file support (sentinel.yml)
  • Proxy support (Burp Suite, ZAP)
  • Rate limiting, custom User-Agent, verbose mode
  • Granular flags: --no-html, --no-dns-brute, --no-resolve
  • Colored output with ASCII banner and phased display

Engineering

  • 19 unit tests with httptest (config, scan, report)
  • GitHub Actions CI/CD (test on Go 1.21–1.23, cross-compile, lint)
  • .gitignore added, shipped binary and sample report removed

Stats

  • +2173 lines added, 242 removed
  • 8 new files, 5 modified, 3 removed
  • 19 tests — all passing

Test plan

  • go test -v ./... — 19/19 PASS
  • go build -o sentinel ./cmd/sentinel — builds successfully (8.6 MB)
  • Quick scan on example.com — 30 findings in 4s
  • Full scan on production domain — 31 findings, risk score 2.7/10, HTML report generated
  • Existing modules (crawl, fuzz, vuln_server) preserved and untouched

@Valisthea
feat: Sentinel v2.0 - Major security scanner upgrade
e6b3c95 
Reconnaissance:
- Add DNS bruteforce with 100+ subdomain wordlist
- Add DNS resolution filtering for live hosts
- Improve crt.sh parser (wildcards, multi-line entries)

Scanning:
- Expand security headers from 3 to 9 (HSTS, Permissions-Policy, Referrer-Policy, COOP, CORP)
- Expand sensitive file detection from 4 to 35+ paths (Docker, AWS, Spring Boot, GraphQL, Swagger)
- Add TLS/SSL analysis (protocol version, certificate expiry, self-signed detection)
- Add CORS misconfiguration detection (wildcard, reflected origin, credentials leak)
- Add HTTP methods audit (PUT, DELETE, TRACE via OPTIONS probing)
- Add extended info disclosure (X-Powered-By, ASP.NET headers)
- Add CVSS v3.1 scoring and remediation guidance per finding

Reporting:
- Add HTML report with dark theme, severity breakdown, and risk gauge
- Add weighted risk score (0-10) with severity levels
- Restructure JSON output with full metadata

CLI & Configuration:
- Add YAML config file support (sentinel.yml)
- Add proxy, rate limiting, custom User-Agent, verbose mode
- Add granular scan control flags (--no-html, --no-dns-brute, --no-resolve)
- Add colored logging with ASCII banner and phase display

Engineering:
- Add 19 unit tests (config, scan, report) with httptest
- Add GitHub Actions CI/CD (test, cross-compile build, lint)
- Add .gitignore
- Clean up shipped binary and sample report
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Valisthea