Skip to main content

Overview

The PluginManager class handles plugin loading, initialization, and lifecycle management.

Constructor

const manager = new PluginManager();

Methods

loadConfig

Load configuration from a file. 
async loadConfig(path?: string): Promise<VulcnConfig>
If no path is provided, searches for config files in the current directory. 
// Auto-detect config file
await manager.loadConfig();

// Specific path
await manager.loadConfig("./vulcn.config.yml");

loadPlugins

Load all plugins defined in the configuration. 
async loadPlugins(): Promise<void>

await manager.loadConfig();
await manager.loadPlugins();

addPlugin

Add a plugin programmatically. 
addPlugin(
  plugin: VulcnPlugin,
  config?: Record<string, unknown>
): void

import detectXss from "@vulcn/plugin-detect-xss";

manager.addPlugin(detectXss, {
  detectDialogs: true,
  severity: "high",
});

hasPlugin

Check if a plugin is loaded by name. 
hasPlugin(name: string): boolean

if (!manager.hasPlugin("@vulcn/plugin-detect-xss")) {
  manager.addPlugin(detectXss);
}

initialize

Initialize all loaded plugins (calls onInit hooks). 
async initialize(): Promise<void>

await manager.initialize();
// Plugins are now ready

destroy

Destroy all plugins (calls onDestroy hooks). 
async destroy(): Promise<void>

await manager.destroy();
// Cleanup complete

getPayloads

Get all payloads registered by plugins. 
getPayloads(): RuntimePayload[]

const payloads = manager.getPayloads();
console.log(`Loaded ${payloads.length} payload sets`);

addPayloads

Add payloads to the registry. 
addPayloads(payloads: RuntimePayload[]): void

getFindings

Get all findings collected during execution. 
getFindings(): Finding[]

addFinding

Add a finding to the collection. 
addFinding(finding: Finding): void

Lifecycle

Complete Example

import { PluginManager, Runner, parseSession } from "@vulcn/engine";
import payloadsPlugin from "@vulcn/plugin-payloads";
import detectXss from "@vulcn/plugin-detect-xss";

async function main() {
  // Create manager
  const manager = new PluginManager();

  // Option 1: Load from config file
  await manager.loadConfig("./vulcn.config.yml");
  await manager.loadPlugins();

  // Option 2: Add plugins programmatically
  manager.addPlugin(payloadsPlugin, { builtin: true });
  manager.addPlugin(detectXss, { detectDialogs: true });

  // Initialize
  await manager.initialize();

  // Check payloads
  const payloads = manager.getPayloads();
  console.log(`Loaded ${payloads.length} payload sets`);

  // Run tests
  const session = parseSession(yaml);
  const result = await Runner.execute(
    session,
    {
      headless: true,
    },
    { pluginManager: manager },
  );

  // Get findings
  const findings = manager.getFindings();
  console.log(`Found ${findings.length} vulnerabilities`);

  // Cleanup
  await manager.destroy();
}

Hook Execution

The plugin manager orchestrates hook execution across all loaded plugins:
PhaseHooks Called
InitializeonInit for each plugin
Record StartonRecordStart for each plugin
Record SteponRecordStep (can filter/modify)
Record EndonRecordEnd
Run StartonRunStart for each plugin
Before PayloadonBeforePayload (can modify)
After PayloadonAfterPayload (collect findings)
Browser EventsonDialog, onConsoleMessage, etc.
Run EndonRunEnd
DestroyonDestroy for each plugin
Hooks are called in the order plugins were added/loaded.