Skip to content

v2.0.0 - Multi-Module Expansion

Choose a tag to compare

@OmarRao OmarRao released this 15 Jun 17:39

Multi-Module Expansion

Major expansion - 400+ security findings across 22 CWE categories and 12 MITRE ATT&CK techniques.

New Modules

Module Vulnerabilities
api/auth.py SAML XXE, JWT bypass, MFA hardcode, OAuth SSRF
api/accounts.py IDOR, CMDi, SSRF, dynamic SQLi
api/admin.py Unauthenticated endpoints, pickle RCE, mass SQLi
api/files.py Unrestricted upload, path traversal, CMDi
api/loans.py Business logic abuse, injection
api/payments.py CSRF, race conditions
api/reports.py CSV injection, XSS, path traversal
api/transactions.py IDOR, SQLi
api/users.py Mass assignment, enumeration
services/crypto_service.py MD5, ECB mode, hardcoded IV
services/email.py Header injection, SSRF
services/logger.py Log injection, sensitive data in logs
services/notification.py SSRF, template injection
services/search.py SQLi, SSRF, XXE
middleware/auth.py JWT algorithm confusion, bypass
jobs/scheduled.py CMDi, path traversal in cron
utils/formatters.py SSTI, CSV injection
utils/validators.py Regex DoS, bypass patterns

New CWE Types Added

CWE-208, CWE-209, CWE-285, CWE-312, CWE-347, CWE-434, CWE-532, CWE-601, CWE-916, CWE-1236


Built by Omar Rao - Engineer, Data Resilience, Cybersecurity and Privacy