v2.0.0 - Multi-Module Expansion
Multi-Module Expansion
Major expansion - 400+ security findings across 22 CWE categories and 12 MITRE ATT&CK techniques.
New Modules
| Module | Vulnerabilities |
|---|---|
api/auth.py |
SAML XXE, JWT bypass, MFA hardcode, OAuth SSRF |
api/accounts.py |
IDOR, CMDi, SSRF, dynamic SQLi |
api/admin.py |
Unauthenticated endpoints, pickle RCE, mass SQLi |
api/files.py |
Unrestricted upload, path traversal, CMDi |
api/loans.py |
Business logic abuse, injection |
api/payments.py |
CSRF, race conditions |
api/reports.py |
CSV injection, XSS, path traversal |
api/transactions.py |
IDOR, SQLi |
api/users.py |
Mass assignment, enumeration |
services/crypto_service.py |
MD5, ECB mode, hardcoded IV |
services/email.py |
Header injection, SSRF |
services/logger.py |
Log injection, sensitive data in logs |
services/notification.py |
SSRF, template injection |
services/search.py |
SQLi, SSRF, XXE |
middleware/auth.py |
JWT algorithm confusion, bypass |
jobs/scheduled.py |
CMDi, path traversal in cron |
utils/formatters.py |
SSTI, CSV injection |
utils/validators.py |
Regex DoS, bypass patterns |
New CWE Types Added
CWE-208, CWE-209, CWE-285, CWE-312, CWE-347, CWE-434, CWE-532, CWE-601, CWE-916, CWE-1236
Built by Omar Rao - Engineer, Data Resilience, Cybersecurity and Privacy