Plugin Catalog

This catalog documents the concrete plugin wrappers in backend/internal/plugins/wrappers/. It is the authoritative reference for how bundled plugins are invoked, what inputs they accept, what normalized output they produce, and how they contribute to the EASM asset graph.

Architecture Overview

Plugins implement the backend plugins.Plugin interface. A scan profile from backend/configs/config.yaml selects a sequence of plugin IDs, the worker builds a PluginInput from the organization scope plus previously discovered assets, and each wrapper returns a PluginResult containing normalized entities, raw command output, raw command error, and optional artifacts.

The worker persists normalized assets and vulnerabilities, stores plugin artifacts through the files subsystem, and then creates graph edges from asset type plus metadata. Most wrappers do not create edges directly; they emit normalized entities with metadata that the worker uses later.

Plugin Lifecycle

1. A scan job selects plugins from its config-defined scan profile.
2. The worker loads each plugin configuration from the default registry.
3. The wrapper filters scope items to the input types it supports.
4. If no matching input exists, the plugin returns a skipped or empty successful result.
5. The wrapper executes its CLI command unless test mode is enabled.
6. The wrapper parses stdout into normalized assets, vulnerabilities, or artifacts.
7. The worker persists results and derives graph relationships.

Categories

• Recon: discovers domains, subdomains, CIDRs, or passive service candidates.
• Resolution: resolves hostnames to IP assets.
• Port Discovery: discovers open services and service metadata.
• Service Discovery: probes reachable HTTP services and URLs.
• Web Discovery: crawls URLs and discovers paths.
• TLS Discovery: collects certificate assets and TLS metadata.
• Content Discovery: collects screenshots or file artifacts.
• Vulnerability Discovery: records vulnerability findings.
• Experimental: disabled by default or requiring additional operational configuration.

Execution Order Examples

Common graph-building chain:

domain
  -> subfinder/amass
subdomain
  -> dnsx/resolver
ip
  -> naabu/nmap
service
  -> httpx
url
  -> katana/nuclei/httpx_screenshot

Expanded recon chain:

domain -> subfinder -> amass -> dnsx -> httpx -> tlsx

Web discovery chain:

domain -> subfinder -> dnsx -> httpx -> katana -> nuclei

Screenshot chain:

domain -> subfinder -> dnsx -> httpx -> httpx_screenshot

Bundled Plugins

• Subfinder
• Resolver
• DNSX
• Amass
• Naabu
• Nmap
• HTTPX
• HTTPX Screenshot
• TLSX
• Katana
• Nuclei
• AlterX
• ShuffleDNS
• ASNMap
• Uncover

Template

• Plugin documentation template