├── .cobra.yaml ├── .docker ├── Dockerfile-build └── Dockerfile-goreleaser ├── .github ├── CODEOWNERS ├── FUNDING.yml └── workflows │ ├── ci.yml │ ├── scans.yml │ └── stale.yml ├── .gitignore ├── .golangci.yml ├── .goreleaser.yaml ├── .vscode └── launch.json ├── .whitesource ├── LICENSE ├── README.md ├── api ├── curl.go ├── graphql.go ├── handler.go ├── openapi.go ├── request.go ├── response.go └── response_test.go ├── cmd ├── discover │ ├── api.go │ ├── domain.go │ ├── root.go │ └── root_test.go ├── jwt │ └── root.go ├── root.go ├── scan │ ├── curl.go │ ├── graphql.go │ ├── openapi.go │ ├── root.go │ └── root_test.go └── serve │ └── root.go ├── demo.cast ├── demo.gif ├── docs ├── _meta.json ├── best-practices.mdx ├── best-practices │ ├── _meta.json │ ├── jwt.md │ └── security-headers.mdx ├── getting-started.mdx ├── getting-started │ ├── _meta.json │ └── github-action.md ├── index.mdx ├── installation.md ├── vulnapi.postman_collection.json ├── vulnerabilities.mdx └── vulnerabilities │ ├── _meta.json │ ├── broken-authentication │ ├── _meta.json │ ├── jwt-alg-none.mdx │ ├── jwt-blank-secret.mdx │ ├── jwt-cross-service-relay-attack.excalidraw │ ├── jwt-cross-service-relay-attack.mdx │ ├── jwt-cross-service-relay-attack.png │ ├── jwt-null-signature.mdx │ └── jwt-weak-secret.mdx │ └── security-misconfiguration │ ├── _meta.json │ ├── graphql-introspection.mdx │ └── http-method-allow-override.mdx ├── go.mod ├── go.sum ├── internal ├── analytics │ ├── analytics.go │ └── scan_report.go ├── auth │ ├── api_key.go │ ├── api_key_test.go │ ├── basic.go │ ├── basic_test.go │ ├── bearer.go │ ├── bearer_test.go │ ├── headers.go │ ├── no_auth.go │ ├── no_auth_test.go │ ├── oauth.go │ ├── oauth_test.go │ ├── scheme.go │ ├── scheme_test.go │ ├── security_scheme.go │ ├── security_scheme_test.go │ ├── type.go │ ├── uniq_name.go │ └── uniq_name_test.go ├── cmd │ ├── args.go │ ├── args_test.go │ ├── http.go │ ├── http_test.go │ ├── printtable │ │ ├── fingerprint_table.go │ │ ├── printttable.go │ │ ├── report_table.go │ │ ├── report_table_test.go │ │ └── wellknown_paths_table.go │ ├── progressbar.go │ └── report.go ├── operation │ ├── operation.go │ ├── operation_test.go │ ├── operations.go │ └── operations_test.go ├── request │ ├── client.go │ ├── client_test.go │ ├── error.go │ ├── request.go │ ├── request_test.go │ ├── response.go │ └── response_test.go └── scan │ ├── attempt.go │ ├── attempt_test.go │ ├── scan_url.go │ ├── utils.go │ └── utils_test.go ├── jwt ├── alg_none.go ├── claims.go ├── claims_test.go ├── const.go ├── generate_keys.go ├── hmac_alg.go ├── hmac_alg_test.go ├── jwt.go ├── jwt_test.go ├── jwt_writer.go ├── jwt_writer_test.go └── without_signature.go ├── logo-text-art.txt ├── logo.png ├── main.go ├── openapi ├── base_url.go ├── base_url_test.go ├── loader.go ├── loader_test.go ├── openapi.go ├── operation.go ├── param.go ├── param_test.go ├── security_scheme.go ├── security_scheme_test.go ├── security_scheme_values.go ├── security_scheme_values_test.go ├── validate.go └── validate_test.go ├── renovate.json ├── report ├── capec.go ├── curl_report.go ├── curl_report_test.go ├── cwe.go ├── graphql_report.go ├── issue.go ├── issue_report.go ├── issue_report_test.go ├── openapi_report.go ├── openapi_report_test.go ├── options_report.go ├── owasp.go ├── report.go ├── report_test.go ├── reporter.go ├── reporter_test.go └── test │ ├── issue.yaml │ └── issue_nil_classifications.yaml ├── scan ├── broken_authentication │ ├── authentication_bypass │ │ ├── authentication_bypass.go │ │ └── authentication_bypass_test.go │ └── jwt │ │ ├── alg_none │ │ ├── alg_none.go │ │ ├── alg_none_test.go │ │ └── methods.go │ │ ├── blank_secret │ │ ├── blank_secret.go │ │ └── blank_secret_test.go │ │ ├── not_verified │ │ ├── not_verified.go │ │ └── not_verified_test.go │ │ ├── null_signature │ │ ├── null_signature.go │ │ └── null_signature_test.go │ │ └── weak_secret │ │ ├── weak_secret.go │ │ └── weak_secret_test.go ├── discover │ ├── accept_unauthenticated │ │ ├── accept_unauthenticated_operation.go │ │ └── accept_unauthenticated_operation_test.go │ ├── discoverable_graphql │ │ ├── discoverable_graphql.go │ │ └── discoverable_graphql_test.go │ ├── discoverable_openapi │ │ ├── discoverable_openapi.go │ │ └── discoverable_openapi_test.go │ ├── exposed_files │ │ ├── exposed_files.go │ │ └── exposed_files_test.go │ ├── fingerprint │ │ ├── fingerprint.go │ │ └── fingerprint_test.go │ ├── healthcheck │ │ ├── healthcheck.go │ │ └── healthcheck_test.go │ ├── utils.go │ ├── utils_test.go │ └── well-known │ │ ├── well_known.go │ │ └── well_known_test.go ├── graphql │ └── introspection_enabled │ │ ├── introspection_enabled.go │ │ └── introspection_enabled_test.go ├── misconfiguration │ ├── http_cookies │ │ ├── http_cookies.go │ │ └── http_cookies_test.go │ ├── http_headers │ │ ├── http_headers.go │ │ └── http_headers_test.go │ ├── http_method_override │ │ ├── http_method_override.go │ │ └── http_method_override_test.go │ ├── http_trace │ │ ├── http_trace_method.go │ │ └── http_trace_method_test.go │ └── http_track │ │ ├── http_track_method.go │ │ └── http_track_method_test.go ├── operation_scan.go ├── operation_scan_test.go ├── scan.go └── scan_test.go ├── scenario ├── discover_api.go ├── discover_api_test.go ├── discover_domain.go ├── graphql.go ├── graphql_test.go ├── openapi.go ├── openapi_test.go ├── scans.go ├── url.go ├── url_test.go └── utils.go ├── seclist ├── lists │ ├── exposed-paths.txt │ ├── graphql.txt │ ├── healthcheck.txt │ ├── jwt-secrets.txt │ ├── swagger.txt │ └── well-known.txt ├── seclist.go └── seclist_test.go ├── test └── stub │ ├── basic_http_bearer.openapi.json │ ├── basic_http_bearer_jwt.openapi.json │ ├── complex.openapi.json │ ├── petstore.openapi.json │ ├── simple_api_key.openapi.json │ ├── simple_http_basic.openapi.json │ ├── simple_http_bearer.openapi.json │ ├── simple_http_bearer_jwt.openapi.json │ ├── simple_http_bearer_jwt.openapi.yaml │ └── simple_no_scheme.openapi.json └── vulnapi.rb /.cobra.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.cobra.yaml -------------------------------------------------------------------------------- /.docker/Dockerfile-build: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.docker/Dockerfile-build -------------------------------------------------------------------------------- /.docker/Dockerfile-goreleaser: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.docker/Dockerfile-goreleaser -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.github/CODEOWNERS -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.github/workflows/ci.yml -------------------------------------------------------------------------------- /.github/workflows/scans.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.github/workflows/scans.yml -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.github/workflows/stale.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.golangci.yml -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.goreleaser.yaml -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.vscode/launch.json -------------------------------------------------------------------------------- /.whitesource: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/.whitesource -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/README.md -------------------------------------------------------------------------------- /api/curl.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/curl.go -------------------------------------------------------------------------------- /api/graphql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/graphql.go -------------------------------------------------------------------------------- /api/handler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/handler.go -------------------------------------------------------------------------------- /api/openapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/openapi.go -------------------------------------------------------------------------------- /api/request.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/request.go -------------------------------------------------------------------------------- /api/response.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/response.go -------------------------------------------------------------------------------- /api/response_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/api/response_test.go -------------------------------------------------------------------------------- /cmd/discover/api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/discover/api.go -------------------------------------------------------------------------------- /cmd/discover/domain.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/discover/domain.go -------------------------------------------------------------------------------- /cmd/discover/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/discover/root.go -------------------------------------------------------------------------------- /cmd/discover/root_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/discover/root_test.go -------------------------------------------------------------------------------- /cmd/jwt/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/jwt/root.go -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/root.go -------------------------------------------------------------------------------- /cmd/scan/curl.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/scan/curl.go -------------------------------------------------------------------------------- /cmd/scan/graphql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/scan/graphql.go -------------------------------------------------------------------------------- /cmd/scan/openapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/scan/openapi.go -------------------------------------------------------------------------------- /cmd/scan/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/scan/root.go -------------------------------------------------------------------------------- /cmd/scan/root_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/scan/root_test.go -------------------------------------------------------------------------------- /cmd/serve/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/cmd/serve/root.go -------------------------------------------------------------------------------- /demo.cast: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/demo.cast -------------------------------------------------------------------------------- /demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/demo.gif -------------------------------------------------------------------------------- /docs/_meta.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/_meta.json -------------------------------------------------------------------------------- /docs/best-practices.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/best-practices.mdx -------------------------------------------------------------------------------- /docs/best-practices/_meta.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/best-practices/_meta.json -------------------------------------------------------------------------------- /docs/best-practices/jwt.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/best-practices/jwt.md -------------------------------------------------------------------------------- /docs/best-practices/security-headers.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/best-practices/security-headers.mdx -------------------------------------------------------------------------------- /docs/getting-started.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/getting-started.mdx -------------------------------------------------------------------------------- /docs/getting-started/_meta.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/getting-started/_meta.json -------------------------------------------------------------------------------- /docs/getting-started/github-action.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/getting-started/github-action.md -------------------------------------------------------------------------------- /docs/index.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/index.mdx -------------------------------------------------------------------------------- /docs/installation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/installation.md -------------------------------------------------------------------------------- /docs/vulnapi.postman_collection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnapi.postman_collection.json -------------------------------------------------------------------------------- /docs/vulnerabilities.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/_meta.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/_meta.json -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/_meta.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/_meta.json -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-alg-none.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-alg-none.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-blank-secret.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-blank-secret.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.excalidraw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.excalidraw -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-cross-service-relay-attack.png -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-null-signature.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-null-signature.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/broken-authentication/jwt-weak-secret.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/broken-authentication/jwt-weak-secret.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/security-misconfiguration/_meta.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/security-misconfiguration/_meta.json -------------------------------------------------------------------------------- /docs/vulnerabilities/security-misconfiguration/graphql-introspection.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/security-misconfiguration/graphql-introspection.mdx -------------------------------------------------------------------------------- /docs/vulnerabilities/security-misconfiguration/http-method-allow-override.mdx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/docs/vulnerabilities/security-misconfiguration/http-method-allow-override.mdx -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/go.sum -------------------------------------------------------------------------------- /internal/analytics/analytics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/analytics/analytics.go -------------------------------------------------------------------------------- /internal/analytics/scan_report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/analytics/scan_report.go -------------------------------------------------------------------------------- /internal/auth/api_key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/api_key.go -------------------------------------------------------------------------------- /internal/auth/api_key_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/api_key_test.go -------------------------------------------------------------------------------- /internal/auth/basic.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/basic.go -------------------------------------------------------------------------------- /internal/auth/basic_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/basic_test.go -------------------------------------------------------------------------------- /internal/auth/bearer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/bearer.go -------------------------------------------------------------------------------- /internal/auth/bearer_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/bearer_test.go -------------------------------------------------------------------------------- /internal/auth/headers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/headers.go -------------------------------------------------------------------------------- /internal/auth/no_auth.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/no_auth.go -------------------------------------------------------------------------------- /internal/auth/no_auth_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/no_auth_test.go -------------------------------------------------------------------------------- /internal/auth/oauth.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/oauth.go -------------------------------------------------------------------------------- /internal/auth/oauth_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/oauth_test.go -------------------------------------------------------------------------------- /internal/auth/scheme.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/scheme.go -------------------------------------------------------------------------------- /internal/auth/scheme_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/scheme_test.go -------------------------------------------------------------------------------- /internal/auth/security_scheme.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/security_scheme.go -------------------------------------------------------------------------------- /internal/auth/security_scheme_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/security_scheme_test.go -------------------------------------------------------------------------------- /internal/auth/type.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/type.go -------------------------------------------------------------------------------- /internal/auth/uniq_name.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/uniq_name.go -------------------------------------------------------------------------------- /internal/auth/uniq_name_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/auth/uniq_name_test.go -------------------------------------------------------------------------------- /internal/cmd/args.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/args.go -------------------------------------------------------------------------------- /internal/cmd/args_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/args_test.go -------------------------------------------------------------------------------- /internal/cmd/http.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/http.go -------------------------------------------------------------------------------- /internal/cmd/http_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/http_test.go -------------------------------------------------------------------------------- /internal/cmd/printtable/fingerprint_table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/printtable/fingerprint_table.go -------------------------------------------------------------------------------- /internal/cmd/printtable/printttable.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/printtable/printttable.go -------------------------------------------------------------------------------- /internal/cmd/printtable/report_table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/printtable/report_table.go -------------------------------------------------------------------------------- /internal/cmd/printtable/report_table_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/printtable/report_table_test.go -------------------------------------------------------------------------------- /internal/cmd/printtable/wellknown_paths_table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/printtable/wellknown_paths_table.go -------------------------------------------------------------------------------- /internal/cmd/progressbar.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/progressbar.go -------------------------------------------------------------------------------- /internal/cmd/report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/cmd/report.go -------------------------------------------------------------------------------- /internal/operation/operation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/operation/operation.go -------------------------------------------------------------------------------- /internal/operation/operation_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/operation/operation_test.go -------------------------------------------------------------------------------- /internal/operation/operations.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/operation/operations.go -------------------------------------------------------------------------------- /internal/operation/operations_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/operation/operations_test.go -------------------------------------------------------------------------------- /internal/request/client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/client.go -------------------------------------------------------------------------------- /internal/request/client_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/client_test.go -------------------------------------------------------------------------------- /internal/request/error.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/error.go -------------------------------------------------------------------------------- /internal/request/request.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/request.go -------------------------------------------------------------------------------- /internal/request/request_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/request_test.go -------------------------------------------------------------------------------- /internal/request/response.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/response.go -------------------------------------------------------------------------------- /internal/request/response_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/request/response_test.go -------------------------------------------------------------------------------- /internal/scan/attempt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/scan/attempt.go -------------------------------------------------------------------------------- /internal/scan/attempt_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/scan/attempt_test.go -------------------------------------------------------------------------------- /internal/scan/scan_url.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/scan/scan_url.go -------------------------------------------------------------------------------- /internal/scan/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/scan/utils.go -------------------------------------------------------------------------------- /internal/scan/utils_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/internal/scan/utils_test.go -------------------------------------------------------------------------------- /jwt/alg_none.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/alg_none.go -------------------------------------------------------------------------------- /jwt/claims.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/claims.go -------------------------------------------------------------------------------- /jwt/claims_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/claims_test.go -------------------------------------------------------------------------------- /jwt/const.go: -------------------------------------------------------------------------------- 1 | package jwt 2 | 3 | const FakeJWT = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.ufhxDTmrs4T5MSsvT6lsb3OpdWi5q8O31VX7TgrVamA" 4 | -------------------------------------------------------------------------------- /jwt/generate_keys.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/generate_keys.go -------------------------------------------------------------------------------- /jwt/hmac_alg.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/hmac_alg.go -------------------------------------------------------------------------------- /jwt/hmac_alg_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/hmac_alg_test.go -------------------------------------------------------------------------------- /jwt/jwt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/jwt.go -------------------------------------------------------------------------------- /jwt/jwt_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/jwt_test.go -------------------------------------------------------------------------------- /jwt/jwt_writer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/jwt_writer.go -------------------------------------------------------------------------------- /jwt/jwt_writer_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/jwt_writer_test.go -------------------------------------------------------------------------------- /jwt/without_signature.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/jwt/without_signature.go -------------------------------------------------------------------------------- /logo-text-art.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/logo-text-art.txt -------------------------------------------------------------------------------- /logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/logo.png -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/main.go -------------------------------------------------------------------------------- /openapi/base_url.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/base_url.go -------------------------------------------------------------------------------- /openapi/base_url_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/base_url_test.go -------------------------------------------------------------------------------- /openapi/loader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/loader.go -------------------------------------------------------------------------------- /openapi/loader_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/loader_test.go -------------------------------------------------------------------------------- /openapi/openapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/openapi.go -------------------------------------------------------------------------------- /openapi/operation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/operation.go -------------------------------------------------------------------------------- /openapi/param.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/param.go -------------------------------------------------------------------------------- /openapi/param_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/param_test.go -------------------------------------------------------------------------------- /openapi/security_scheme.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/security_scheme.go -------------------------------------------------------------------------------- /openapi/security_scheme_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/security_scheme_test.go -------------------------------------------------------------------------------- /openapi/security_scheme_values.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/security_scheme_values.go -------------------------------------------------------------------------------- /openapi/security_scheme_values_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/security_scheme_values_test.go -------------------------------------------------------------------------------- /openapi/validate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/validate.go -------------------------------------------------------------------------------- /openapi/validate_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/openapi/validate_test.go -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/renovate.json -------------------------------------------------------------------------------- /report/capec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/capec.go -------------------------------------------------------------------------------- /report/curl_report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/curl_report.go -------------------------------------------------------------------------------- /report/curl_report_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/curl_report_test.go -------------------------------------------------------------------------------- /report/cwe.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/cwe.go -------------------------------------------------------------------------------- /report/graphql_report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/graphql_report.go -------------------------------------------------------------------------------- /report/issue.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/issue.go -------------------------------------------------------------------------------- /report/issue_report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/issue_report.go -------------------------------------------------------------------------------- /report/issue_report_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/issue_report_test.go -------------------------------------------------------------------------------- /report/openapi_report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/openapi_report.go -------------------------------------------------------------------------------- /report/openapi_report_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/openapi_report_test.go -------------------------------------------------------------------------------- /report/options_report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/options_report.go -------------------------------------------------------------------------------- /report/owasp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/owasp.go -------------------------------------------------------------------------------- /report/report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/report.go -------------------------------------------------------------------------------- /report/report_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/report_test.go -------------------------------------------------------------------------------- /report/reporter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/reporter.go -------------------------------------------------------------------------------- /report/reporter_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/reporter_test.go -------------------------------------------------------------------------------- /report/test/issue.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/test/issue.yaml -------------------------------------------------------------------------------- /report/test/issue_nil_classifications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/report/test/issue_nil_classifications.yaml -------------------------------------------------------------------------------- /scan/broken_authentication/authentication_bypass/authentication_bypass.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/authentication_bypass/authentication_bypass.go -------------------------------------------------------------------------------- /scan/broken_authentication/authentication_bypass/authentication_bypass_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/authentication_bypass/authentication_bypass_test.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/alg_none/alg_none.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/alg_none/alg_none.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/alg_none/alg_none_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/alg_none/alg_none_test.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/alg_none/methods.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/alg_none/methods.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/blank_secret/blank_secret.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/blank_secret/blank_secret.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/blank_secret/blank_secret_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/blank_secret/blank_secret_test.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/not_verified/not_verified.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/not_verified/not_verified.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/not_verified/not_verified_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/not_verified/not_verified_test.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/null_signature/null_signature.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/null_signature/null_signature.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/null_signature/null_signature_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/null_signature/null_signature_test.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/weak_secret/weak_secret.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/weak_secret/weak_secret.go -------------------------------------------------------------------------------- /scan/broken_authentication/jwt/weak_secret/weak_secret_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/broken_authentication/jwt/weak_secret/weak_secret_test.go -------------------------------------------------------------------------------- /scan/discover/accept_unauthenticated/accept_unauthenticated_operation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/accept_unauthenticated/accept_unauthenticated_operation.go -------------------------------------------------------------------------------- /scan/discover/accept_unauthenticated/accept_unauthenticated_operation_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/accept_unauthenticated/accept_unauthenticated_operation_test.go -------------------------------------------------------------------------------- /scan/discover/discoverable_graphql/discoverable_graphql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/discoverable_graphql/discoverable_graphql.go -------------------------------------------------------------------------------- /scan/discover/discoverable_graphql/discoverable_graphql_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/discoverable_graphql/discoverable_graphql_test.go -------------------------------------------------------------------------------- /scan/discover/discoverable_openapi/discoverable_openapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/discoverable_openapi/discoverable_openapi.go -------------------------------------------------------------------------------- /scan/discover/discoverable_openapi/discoverable_openapi_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/discoverable_openapi/discoverable_openapi_test.go -------------------------------------------------------------------------------- /scan/discover/exposed_files/exposed_files.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/exposed_files/exposed_files.go -------------------------------------------------------------------------------- /scan/discover/exposed_files/exposed_files_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/exposed_files/exposed_files_test.go -------------------------------------------------------------------------------- /scan/discover/fingerprint/fingerprint.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/fingerprint/fingerprint.go -------------------------------------------------------------------------------- /scan/discover/fingerprint/fingerprint_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/fingerprint/fingerprint_test.go -------------------------------------------------------------------------------- /scan/discover/healthcheck/healthcheck.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/healthcheck/healthcheck.go -------------------------------------------------------------------------------- /scan/discover/healthcheck/healthcheck_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/healthcheck/healthcheck_test.go -------------------------------------------------------------------------------- /scan/discover/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/utils.go -------------------------------------------------------------------------------- /scan/discover/utils_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/utils_test.go -------------------------------------------------------------------------------- /scan/discover/well-known/well_known.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/well-known/well_known.go -------------------------------------------------------------------------------- /scan/discover/well-known/well_known_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/discover/well-known/well_known_test.go -------------------------------------------------------------------------------- /scan/graphql/introspection_enabled/introspection_enabled.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/graphql/introspection_enabled/introspection_enabled.go -------------------------------------------------------------------------------- /scan/graphql/introspection_enabled/introspection_enabled_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/graphql/introspection_enabled/introspection_enabled_test.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_cookies/http_cookies.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_cookies/http_cookies.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_cookies/http_cookies_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_cookies/http_cookies_test.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_headers/http_headers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_headers/http_headers.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_headers/http_headers_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_headers/http_headers_test.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_method_override/http_method_override.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_method_override/http_method_override.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_method_override/http_method_override_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_method_override/http_method_override_test.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_trace/http_trace_method.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_trace/http_trace_method.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_trace/http_trace_method_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_trace/http_trace_method_test.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_track/http_track_method.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_track/http_track_method.go -------------------------------------------------------------------------------- /scan/misconfiguration/http_track/http_track_method_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/misconfiguration/http_track/http_track_method_test.go -------------------------------------------------------------------------------- /scan/operation_scan.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/operation_scan.go -------------------------------------------------------------------------------- /scan/operation_scan_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/operation_scan_test.go -------------------------------------------------------------------------------- /scan/scan.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/scan.go -------------------------------------------------------------------------------- /scan/scan_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scan/scan_test.go -------------------------------------------------------------------------------- /scenario/discover_api.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/discover_api.go -------------------------------------------------------------------------------- /scenario/discover_api_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/discover_api_test.go -------------------------------------------------------------------------------- /scenario/discover_domain.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/discover_domain.go -------------------------------------------------------------------------------- /scenario/graphql.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/graphql.go -------------------------------------------------------------------------------- /scenario/graphql_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/graphql_test.go -------------------------------------------------------------------------------- /scenario/openapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/openapi.go -------------------------------------------------------------------------------- /scenario/openapi_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/openapi_test.go -------------------------------------------------------------------------------- /scenario/scans.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/scans.go -------------------------------------------------------------------------------- /scenario/url.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/url.go -------------------------------------------------------------------------------- /scenario/url_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/url_test.go -------------------------------------------------------------------------------- /scenario/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/scenario/utils.go -------------------------------------------------------------------------------- /seclist/lists/exposed-paths.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/lists/exposed-paths.txt -------------------------------------------------------------------------------- /seclist/lists/graphql.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/lists/graphql.txt -------------------------------------------------------------------------------- /seclist/lists/healthcheck.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/lists/healthcheck.txt -------------------------------------------------------------------------------- /seclist/lists/jwt-secrets.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/lists/jwt-secrets.txt -------------------------------------------------------------------------------- /seclist/lists/swagger.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/lists/swagger.txt -------------------------------------------------------------------------------- /seclist/lists/well-known.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/lists/well-known.txt -------------------------------------------------------------------------------- /seclist/seclist.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/seclist.go -------------------------------------------------------------------------------- /seclist/seclist_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/seclist/seclist_test.go -------------------------------------------------------------------------------- /test/stub/basic_http_bearer.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/basic_http_bearer.openapi.json -------------------------------------------------------------------------------- /test/stub/basic_http_bearer_jwt.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/basic_http_bearer_jwt.openapi.json -------------------------------------------------------------------------------- /test/stub/complex.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/complex.openapi.json -------------------------------------------------------------------------------- /test/stub/petstore.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/petstore.openapi.json -------------------------------------------------------------------------------- /test/stub/simple_api_key.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/simple_api_key.openapi.json -------------------------------------------------------------------------------- /test/stub/simple_http_basic.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/simple_http_basic.openapi.json -------------------------------------------------------------------------------- /test/stub/simple_http_bearer.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/simple_http_bearer.openapi.json -------------------------------------------------------------------------------- /test/stub/simple_http_bearer_jwt.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/simple_http_bearer_jwt.openapi.json -------------------------------------------------------------------------------- /test/stub/simple_http_bearer_jwt.openapi.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/simple_http_bearer_jwt.openapi.yaml -------------------------------------------------------------------------------- /test/stub/simple_no_scheme.openapi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/test/stub/simple_no_scheme.openapi.json -------------------------------------------------------------------------------- /vulnapi.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cerberauth/vulnapi/HEAD/vulnapi.rb --------------------------------------------------------------------------------