Release 0.1.0

Author: pierreavn

Makefile

@@ -0,0 +1,2 @@
+build-wasm:
+	GOOS=js GOARCH=wasm go build -ldflags "-X github.com/verdexlab/verdex/verdex/core.releaseEnvironment=release-wasmjs" -o ./dist/verdex.wasm .

README.md

@@ -7,18 +7,18 @@ Verdex also **determines the accurate vulnerabilities** associated with the dete
 
 🔧 Instead of relying on exposed headers, Verdex quickly analyzes the features present on a service. 
 For example, **if a feature was introduced in a specific version, Verdex uses this information to deduce the 
-minimum version of the service** (see [How It Works](https://verdex-docs.mintlify.app/how-it-works) for more information).
+minimum version of the service** (see [How It Works](https://docs.verdexlab.io/how-it-works) for more information).
 
 🪶 Verdex relies solely on **non-aggressive methods**, in particular by using mostly static assets (javascript, css and html files).
 
-🎯 Currently, Verdex supports detecting versions of **Keycloak** and **NextCloud** (see [Products](https://verdex-docs.mintlify.app/essentials/products) documentation).
+🎯 Currently, Verdex supports detecting versions of **Keycloak** and **NextCloud** (see [Products](https://docs.verdexlab.io/essentials/products) documentation).
 
-🌪️ Verdex has a Standard mode and an Expert mode with more advanced features, such as [vulnerabilities listing](https://verdex-docs.mintlify.app/expert/vulnerabilities).
+🌪️ Verdex has a Standard mode and an Expert mode with more advanced features, such as [vulnerabilities listing](https://docs.verdexlab.io/expert/vulnerabilities).
 
 ⚠️ Any unauthorized use of Verdex to analyze or exploit online services is strictly prohibited and violates both our license agreement and applicable laws. **Verdex must be used with explicit authorization from the owner or administrator of the targets being scanned**.
 
 ## 📖 Documentation
-The entire tool documentation is available at [https://verdex-docs.mintlify.app](https://verdex-docs.mintlify.app)
+The entire tool documentation is available at [https://docs.verdexlab.io](https://docs.verdexlab.io)
 
 ## 🚀 Install Verdex
 
@@ -34,7 +34,7 @@ source ~/.bashrc
 ```
 
 > 📖 Read documentation for more installation options: 
-[https://verdex-docs.mintlify.app/quickstart](https://verdex-docs.mintlify.app/quickstart)
+[https://docs.verdexlab.io/quickstart](https://docs.verdexlab.io/quickstart)
 
 ## 🌪️ Run version detection
 
@@ -43,7 +43,7 @@ verdex -target https://keycloak.example.com -output-json ./results.json
 ```
 
 > 📖 Read documentation for more detection options: 
-[https://verdex-docs.mintlify.app/essentials/options](https://verdex-docs.mintlify.app/essentials/options)
+[https://docs.verdexlab.io/essentials/options](https://docs.verdexlab.io/essentials/options)
 
 ## License
 Verdex is distributed under MIT License.

docs/essentials/options.mdx

@@ -56,22 +56,6 @@ verdex -target https://example.com -verbose
 ```
 </ParamField>
 
-## Improvement Reports
-
-Sometimes, Verdex cannot determine version for multiple reasons (missing or incorrect rules, specific configuration, ...).
-Use `-report-errors` to automatically report failures to Verdex maintainers for manual debugging.
-By default, targets are not reported.
-
-<Note>
-  URLs of reported targets will NOT be publicly visible and will be accessed by Verdex maintainers for debugging purposes only.
-</Note>
-
-<ParamField path="-report-errors" type="boolean" default={false}>
-```bash
-verdex -target https://example.com -report-errors
-```
-</ParamField>
-
 ## Custom templates
 
 Verdex uses templates to run scans (see [Contribute section](/contribute) for more information).

docs/essentials/products.mdx

@@ -15,7 +15,7 @@ import ProductsVotes from '/snippets/products-votes.mdx';
   **Keycloak** is an open-source identity and access management solution maintained by RedHat.
 
   **Detected versions:**  
-  `12.0.0` (dec. 2020) --> `26.0.7` (dec. 2024)
+  `12.0.0` (dec. 2020) --> `26.0.8` (jan. 2025)
 
   **Vulnerabilities & update recommendations:**  
   <Icon icon="check" iconType="duotone" /> Yes

main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"slices"
 	"time"
 
 	"github.com/rs/zerolog/log"
@@ -68,24 +67,6 @@ func main() {
 
 		ui.RenderDetectionResults(detection, err)
 
-		if !detection.Success && detection.Product != "" {
-			cache := core.GetCache(&execution.Config)
-			if slices.Contains(cache.ReportedTargets, detection.Target) {
-				log.Debug().Msg("Target already reported")
-			} else if execution.Config.ReportTargets {
-				err = core.ReportTarget(detection)
-				if err != nil {
-					log.Error().Err(err).Msg("Failed to report target")
-				} else {
-					cache.ReportedTargets = append(cache.ReportedTargets, detection.Target)
-					cache.Save()
-					log.Info().Msg("Target reported, thank you for improving Verdex")
-				}
-			} else {
-				log.Info().Msg("Feel free to report it (using -report-errors), we'll investigate to improve detection (target will NOT be publicly visible)")
-			}
-		}
-
 		if detection.Success {
 			versionsStr := make([]string, 0)
 			for _, version := range versions {

package-lock.json

@@ -0,0 +1,20 @@
+info:
+  product: keycloak
+  author: pierreavn
+
+version: '>= 26.0.8'
+
+http:
+  # js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties
+  - method: GET
+    path: '/resources/master/admin/en'
+
+    matchers-condition: and
+    matchers:
+      # https://github.com/keycloak/keycloak/compare/26.0.7...26.0.8#diff-c9ef637a710ad2a1ec0f86584796ce5fff7fa0c7a8702bcd020b29eef4e5af43
+      - type: word
+        part: body
+        word: '{"key":"policyRolesHelp","value":"Click on'
+
+      - type: status
+        status: 200

templates/keycloak/rules/26.0.8.yml

@@ -3,7 +3,7 @@ package api
 import "github.com/verdexlab/verdex/verdex/core"
 
 // Origin of Verdex API
-var apiBaseUrl = "https://api.verdexlab.workers.dev"
+var apiBaseUrl = "https://api.verdexlab.io"
 
 // User-Agent used to call API
 var apiUserAgent = "verdex-cli-" + core.GetVerdexVersion()

verdex/api/api.go

@@ -7,7 +7,7 @@ import (
 	"net/http"
 )
 
-var proxyHost = "proxy.verdexlab.workers.dev"
+var proxyHost = "proxy.verdexlab.io"
 
 // Proxy for wasm:js targets
 func proxifyRequest(request *http.Request) {

verdex/assets/proxy_js.go

@@ -11,10 +11,9 @@ import (
 var cacheFileName = ".cache"
 
 type Cache struct {
-	Config          *Config                  `yaml:"-"`
-	Releases        CacheReleases            `yaml:"releases"`
-	ReportedTargets []string                 `yaml:"reported-targets"`
-	Products        map[string]*CacheProduct `yaml:"products"`
+	Config   *Config                  `yaml:"-"`
+	Releases CacheReleases            `yaml:"releases"`
+	Products map[string]*CacheProduct `yaml:"products"`
 }
 
 type CacheReleases struct {
@@ -101,8 +100,7 @@ func newCache(config *Config) {
 			Cli:       CacheReleasesCli{},
 			Templates: CacheReleasesTemplates{},
 		},
-		ReportedTargets: []string{},
-		Products:        map[string]*CacheProduct{},
+		Products: map[string]*CacheProduct{},
 	}
 
 	cache = &newCache

verdex/core/cache.go

@@ -40,7 +40,6 @@ func ParseFlags() *Execution {
 	flag.BoolVar(&showVersion, "version", false, "show verdex version")
 	flag.StringVar(&execution.Config.TemplatesDirectory, "templates-directory", "", "path to templates directory to use instead of official repository")
 	flag.BoolVar(&execution.Config.Verbose, "verbose", false, "show verbose output")
-	flag.BoolVar(&execution.Config.ReportTargets, "report-errors", false, "report failed target to improve detections")
 
 	// Testing
 	if GetEnvironment() == EnvironmentDevelopment {

verdex/core/cli.go

@@ -15,7 +15,6 @@ type Config struct {
 	TemplatesFS           fs.FS
 	TemplatesRelease      string
 	Verbose               bool
-	ReportTargets         bool
 	Test                  bool
 	TestVersion           string
 	TestSession           bool
@@ -31,7 +30,7 @@ const (
 var userHomeDir, _ = os.UserHomeDir()
 
 // CLI version
-var cliVersion = "0.0.1"
+var cliVersion = "0.1.0"
 
 // Templates
 var TemplatesDefaultDirectory = path.Join(userHomeDir, "verdex-templates")

verdex/core/config.go

@@ -21,7 +21,7 @@ func RenderDetectionCVEs(execution *core.Execution, data *api.CVEsData, isApiKey
 
 	log.Info().Msgf(color.New(color.BgRed, color.FgWhite).Sprint(" ✗ ")+" Target is %s, %s on detected version", color.New(color.Bold, color.FgRed).Sprint("vulnerable"), color.New(color.Bold).Sprintf("%d CVE found", data.Total))
 	if !isApiKeyValid {
-		log.Info().Msg("Use valid API key (-key) to list vulnerabilities and get update recommendations, see https://verdex-docs.mintlify.app/expert/vulnerabilities")
+		log.Info().Msg("Use valid API key (-key) to list vulnerabilities and get update recommendations, see https://docs.verdexlab.io/expert/vulnerabilities")
 		return
 	}