npm - @waftester/cli - Versions diffs - 2.8.0 - Mend

@waftester/cli 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

package/LICENSE +80 -0
package/LICENSE-COMMUNITY +28 -0
package/README.md +121 -0
package/bin/cli.js +152 -0
package/package.json +52 -0
package/payloads/community/README.md +45 -0
package/payloads/community/ai/ml-poisoning.json +173 -0
package/payloads/community/ai/prompt-injection.json +247 -0
package/payloads/community/ai/workflow-abuse.json +222 -0
package/payloads/community/auth/jwt.json +855 -0
package/payloads/community/auth/login-bypass.json +623 -0
package/payloads/community/auth/mfa.json +402 -0
package/payloads/community/auth/oauth.json +421 -0
package/payloads/community/auth/open-redirect.json +1028 -0
package/payloads/community/auth/session.json +404 -0
package/payloads/community/cache/deception.json +402 -0
package/payloads/community/cache/poisoning.json +403 -0
package/payloads/community/deserialization/gadget.json +375 -0
package/payloads/community/deserialization/prototype.json +370 -0
package/payloads/community/fuzz/content-type.json +397 -0
package/payloads/community/fuzz/headers.json +401 -0
package/payloads/community/fuzz/methods.json +397 -0
package/payloads/community/fuzz/obfuscation.json +362 -0
package/payloads/community/fuzz/special-chars.json +740 -0
package/payloads/community/fuzz/waf-bypass.json +452 -0
package/payloads/community/graphql/batching-abuse.json +271 -0
package/payloads/community/graphql/depth-limit.json +271 -0
package/payloads/community/graphql/introspection.json +267 -0
package/payloads/community/injection/crlf.json +569 -0
package/payloads/community/injection/ldap.json +357 -0
package/payloads/community/injection/nosqli.json +529 -0
package/payloads/community/injection/oscmd.json +662 -0
package/payloads/community/injection/rce-polyglots.json +452 -0
package/payloads/community/injection/sqli.json +681 -0
package/payloads/community/injection/ssti.json +584 -0
package/payloads/community/injection/upload-attacks.json +632 -0
package/payloads/community/injection/xpath.json +357 -0
package/payloads/community/injection/xxe.json +716 -0
package/payloads/community/logic/forced-browsing.json +405 -0
package/payloads/community/logic/idor.json +1026 -0
package/payloads/community/logic/privilege.json +337 -0
package/payloads/community/media/exif-injection.json +225 -0
package/payloads/community/media/metadata-poison.json +239 -0
package/payloads/community/protocol/http-smuggling.json +798 -0
package/payloads/community/protocol/http2-attacks.json +382 -0
package/payloads/community/protocol/websocket-abuse.json +375 -0
package/payloads/community/rate-limit/burst-simulation.json +286 -0
package/payloads/community/rate-limit/bypass-attempts.json +326 -0
package/payloads/community/rate-limit/zone-tests.json +332 -0
package/payloads/community/services/authentik.json +415 -0
package/payloads/community/services/immich.json +423 -0
package/payloads/community/services/n8n.json +366 -0
package/payloads/community/sqli-basic.json +182 -0
package/payloads/community/ssrf/cloud-metadata.json +999 -0
package/payloads/community/ssrf/dns-rebinding.json +503 -0
package/payloads/community/ssrf/internal-networks.json +627 -0
package/payloads/community/ssrf/protocol-smuggling.json +350 -0
package/payloads/community/ssti/multi-language-templates.json +191 -0
package/payloads/community/ssti/python-templates.json +200 -0
package/payloads/community/traversal/basic.json +675 -0
package/payloads/community/traversal/cloud-credentials.json +107 -0
package/payloads/community/traversal/config-files.json +193 -0
package/payloads/community/traversal/encoding.json +558 -0
package/payloads/community/traversal/null-byte.json +105 -0
package/payloads/community/traversal/symlink.json +93 -0
package/payloads/community/traversal/unicode.json +134 -0
package/payloads/community/traversal/unix-advanced.json +195 -0
package/payloads/community/traversal/windows-advanced.json +195 -0
package/payloads/community/waf-bypass/cloudflare-bypass.json +102 -0
package/payloads/community/waf-bypass/encoding-bypass.json +120 -0
package/payloads/community/waf-bypass/evasion-techniques.json +164 -0
package/payloads/community/waf-bypass/hpp-bypass.json +92 -0
package/payloads/community/waf-bypass/modsecurity-crs.json +220 -0
package/payloads/community/waf-bypass/protocol-attacks.json +101 -0
package/payloads/community/waf-bypass/sqlmap-tamper.json +252 -0
package/payloads/community/waf-bypass/unicode-charset.json +152 -0
package/payloads/community/waf-bypass/vendor-bypasses.json +72 -0
package/payloads/community/waf-validation/README.md +172 -0
package/payloads/community/waf-validation/bypass-techniques.json +272 -0
package/payloads/community/waf-validation/custom-rules.json +952 -0
package/payloads/community/waf-validation/evasion-techniques.json +272 -0
package/payloads/community/waf-validation/modsecurity-core.json +151 -0
package/payloads/community/waf-validation/owasp-top10.json +236 -0
package/payloads/community/waf-validation/regression-tests.json +227 -0
package/payloads/community/xss/csp-bypass.json +431 -0
package/payloads/community/xss/dom.json +389 -0
package/payloads/community/xss/filter-bypass.json +1242 -0
package/payloads/community/xss/mutation.json +263 -0
package/payloads/community/xss/polyglots.json +371 -0
package/payloads/community/xss/reflected.json +187 -0
package/payloads/community/xss/stored.json +330 -0
package/payloads/crlf-injection.json +182 -0
package/payloads/ids-map.json +155 -0
package/payloads/ldap-injection.json +182 -0
package/payloads/nosql-injection.json +227 -0
package/payloads/prototype-pollution.json +182 -0
package/payloads/request-smuggling.json +182 -0
package/payloads/version.json +28 -0
package/payloads/xss-advanced.json +227 -0
package/templates/README.md +221 -0
package/templates/nuclei/http/waf-bypass/crlf-bypass.yaml +146 -0
package/templates/nuclei/http/waf-bypass/lfi-bypass.yaml +152 -0
package/templates/nuclei/http/waf-bypass/nosqli-bypass.yaml +166 -0
package/templates/nuclei/http/waf-bypass/rce-bypass.yaml +171 -0
package/templates/nuclei/http/waf-bypass/sqli-basic.yaml +142 -0
package/templates/nuclei/http/waf-bypass/sqli-evasion.yaml +192 -0
package/templates/nuclei/http/waf-bypass/ssrf-bypass.yaml +130 -0
package/templates/nuclei/http/waf-bypass/ssti-bypass.yaml +147 -0
package/templates/nuclei/http/waf-bypass/xss-basic.yaml +163 -0
package/templates/nuclei/http/waf-bypass/xss-evasion.yaml +217 -0
package/templates/nuclei/http/waf-bypass/xxe-bypass.yaml +204 -0
package/templates/nuclei/http/waf-detection/akamai-detect.yaml +105 -0
package/templates/nuclei/http/waf-detection/aws-waf-detect.yaml +115 -0
package/templates/nuclei/http/waf-detection/azure-waf-detect.yaml +114 -0
package/templates/nuclei/http/waf-detection/cloudflare-detect.yaml +121 -0
package/templates/nuclei/http/waf-detection/modsecurity-detect.yaml +129 -0
package/templates/nuclei/workflows/waf-assessment-workflow.yaml +71 -0
package/templates/output/asff.tmpl +61 -0
package/templates/output/csv.tmpl +4 -0
package/templates/output/junit.tmpl +34 -0
package/templates/output/markdown-report.tmpl +92 -0
package/templates/output/slack-notification.tmpl +95 -0
package/templates/output/text-summary.tmpl +56 -0
package/templates/overrides/api-only.yaml +130 -0
package/templates/overrides/crs-tuning.yaml +204 -0
package/templates/overrides/false-positive-suppression.yaml +159 -0
package/templates/policies/owasp-top10.yaml +152 -0
package/templates/policies/pci-dss.yaml +124 -0
package/templates/policies/permissive.yaml +40 -0
package/templates/policies/standard.yaml +57 -0
package/templates/policies/strict.yaml +72 -0
package/templates/report-configs/compliance.yaml +173 -0
package/templates/report-configs/dark.yaml +136 -0
package/templates/report-configs/enterprise.yaml +175 -0
package/templates/report-configs/minimal.yaml +84 -0
package/templates/report-configs/print.yaml +139 -0
package/templates/workflows/api-scan.yaml +132 -0
package/templates/workflows/ci-gate.yaml +129 -0
package/templates/workflows/full-scan.yaml +133 -0
package/templates/workflows/quick-probe.yaml +80 -0
package/templates/workflows/waf-detection.yaml +89 -0

package/payloads/community/traversal/basic.json ADDED Viewed

@@ -0,0 +1,675 @@
+[
+  {
+      "id": "TRV-UNIX-001",
+      "payload": "../../../etc/passwd",
+      "tags": [
+        "unix",
+        "basic",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Classic Unix path traversal",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-002",
+      "payload": "../../../../../../etc/shadow",
+      "tags": [
+        "unix",
+        "sensitive",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Shadow file access attempt",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-003",
+      "payload": "../../../root/.ssh/id_rsa",
+      "tags": [
+        "unix",
+        "ssh",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "SSH private key access",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-001",
+      "payload": "..\\..\\..\\windows\\system32\\config\\sam",
+      "tags": [
+        "windows",
+        "basic",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Windows SAM file access",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-002",
+      "payload": "..\\..\\..\\..\\boot.ini",
+      "tags": [
+        "windows",
+        "basic"
+    ],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Windows boot.ini",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-001",
+      "payload": "..%2F..%2F..%2Fetc%2Fpasswd",
+      "tags": [
+        "encoded",
+        "unix",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "URL-encoded traversal",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-002",
+      "payload": "..%252F..%252F..%252Fetc%252Fpasswd",
+      "tags": [
+        "double-encoded",
+        "evasion"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Double URL-encoded",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-NULL-001",
+      "payload": "../../../etc/passwd%00.jpg",
+      "tags": [
+        "null-byte",
+        "bypass"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Null byte injection",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-004",
+      "payload": "/etc/passwd",
+      "tags": [
+        "absolute",
+        "unix"
+    ],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Absolute path attempt",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-005",
+      "payload": "....//....//....//etc/passwd",
+      "tags": [
+        "obfuscation",
+        "unix"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Obfuscated traversal",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENV-001",
+      "payload": "../../../.env",
+      "tags": [
+        "env",
+        "config",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Environment file exposure",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENV-002",
+      "payload": "../../../.aws/credentials",
+      "tags": [
+        "aws",
+        "cloud",
+        "quick"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "AWS credentials exposure",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-010",
+      "payload": "../../../proc/self/environ",
+      "tags": ["unix", "proc", "env"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Linux process environment variables",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-011",
+      "payload": "../../../proc/self/cmdline",
+      "tags": ["unix", "proc"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Linux process command line",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-012",
+      "payload": "../../../proc/version",
+      "tags": ["unix", "proc", "recon"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "Linux kernel version",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-013",
+      "payload": "../../../proc/self/fd/0",
+      "tags": ["unix", "proc", "fd"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Process file descriptors",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-014",
+      "payload": "../../../var/log/apache2/access.log",
+      "tags": ["unix", "logs", "apache"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Apache access logs",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-015",
+      "payload": "../../../var/log/apache2/error.log",
+      "tags": ["unix", "logs", "apache"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Apache error logs",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-016",
+      "payload": "../../../var/log/nginx/access.log",
+      "tags": ["unix", "logs", "nginx"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Nginx access logs",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-017",
+      "payload": "../../../var/log/nginx/error.log",
+      "tags": ["unix", "logs", "nginx"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Nginx error logs",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-018",
+      "payload": "../../../etc/nginx/nginx.conf",
+      "tags": ["unix", "config", "nginx"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Nginx main configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-019",
+      "payload": "../../../etc/apache2/apache2.conf",
+      "tags": ["unix", "config", "apache"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Apache main configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-020",
+      "payload": "../../../etc/mysql/my.cnf",
+      "tags": ["unix", "config", "mysql"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "MySQL configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-021",
+      "payload": "../../../var/lib/mysql/mysql/user.MYD",
+      "tags": ["unix", "database", "mysql"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "MySQL user data file",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-022",
+      "payload": "../../../root/.bash_history",
+      "tags": ["unix", "history", "sensitive"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Root bash history",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-023",
+      "payload": "../../../root/.mysql_history",
+      "tags": ["unix", "history", "mysql"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "MySQL command history",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-024",
+      "payload": "../../../home/www-data/.ssh/authorized_keys",
+      "tags": ["unix", "ssh", "web-user"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Web user SSH authorized keys",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-025",
+      "payload": "../../../etc/crontab",
+      "tags": ["unix", "cron", "config"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "System cron configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-026",
+      "payload": "../../../var/spool/cron/crontabs/root",
+      "tags": ["unix", "cron", "root"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Root crontab",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-027",
+      "payload": "../../../etc/sudoers",
+      "tags": ["unix", "sudo", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Sudo configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-028",
+      "payload": "../../../etc/resolv.conf",
+      "tags": ["unix", "dns", "config"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "DNS resolver configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-029",
+      "payload": "../../../etc/hosts",
+      "tags": ["unix", "hosts", "config"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "Hosts file",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-UNIX-030",
+      "payload": "../../../etc/hostname",
+      "tags": ["unix", "hostname", "recon"],
+      "expected_block": true,
+      "severity_hint": "Low",
+      "notes": "System hostname",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-010",
+      "payload": "..\\..\\..\\Windows\\System32\\config\\SYSTEM",
+      "tags": ["windows", "registry", "sensitive"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Windows SYSTEM hive",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-011",
+      "payload": "..\\..\\..\\Windows\\System32\\config\\SOFTWARE",
+      "tags": ["windows", "registry"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Windows SOFTWARE hive",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-012",
+      "payload": "..\\..\\..\\Windows\\repair\\SAM",
+      "tags": ["windows", "repair", "sam"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Windows repair SAM backup",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-013",
+      "payload": "..\\..\\..\\Windows\\System32\\inetsrv\\config\\applicationHost.config",
+      "tags": ["windows", "iis", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "IIS application host configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-014",
+      "payload": "..\\..\\..\\inetpub\\logs\\LogFiles\\W3SVC1\\u_ex.log",
+      "tags": ["windows", "iis", "logs"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "IIS web server logs",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-015",
+      "payload": "..\\..\\..\\xampp\\apache\\conf\\httpd.conf",
+      "tags": ["windows", "xampp", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "XAMPP Apache configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-016",
+      "payload": "..\\..\\..\\xampp\\phpMyAdmin\\config.inc.php",
+      "tags": ["windows", "phpmyadmin", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "phpMyAdmin configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-017",
+      "payload": "..\\..\\..\\Program Files\\MySQL\\MySQL Server 5.1\\my.ini",
+      "tags": ["windows", "mysql", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Windows MySQL configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-018",
+      "payload": "..\\..\\..\\Windows\\php.ini",
+      "tags": ["windows", "php", "config"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Windows PHP configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-019",
+      "payload": "..\\..\\..\\Users\\Administrator\\NTUser.dat",
+      "tags": ["windows", "ntuser", "profile"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Admin user registry hive",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-WIN-020",
+      "payload": "..\\..\\..\\Windows\\debug\\NetSetup.log",
+      "tags": ["windows", "debug", "logs"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "Network setup debug log",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-010",
+      "payload": "..%c0%af..%c0%af..%c0%afetc/passwd",
+      "tags": ["encoded", "utf8", "overlong"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "UTF-8 overlong encoding",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-011",
+      "payload": "..%bg%qf..%bg%qf..%bg%qfetc/passwd",
+      "tags": ["encoded", "invalid", "bypass"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Invalid encoding bypass",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-012",
+      "payload": "..%u2215..%u2215..%u2215etc/passwd",
+      "tags": ["encoded", "unicode", "slash"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Unicode division slash",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-013",
+      "payload": "..%u2216..%u2216..%u2216etc/passwd",
+      "tags": ["encoded", "unicode", "set-minus"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Unicode set minus encoding",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-014",
+      "payload": "..%255c..%255c..%255cetc/passwd",
+      "tags": ["encoded", "double", "backslash"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Double encoded backslash",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-015",
+      "payload": "..%%35%63..%%35%63etc/passwd",
+      "tags": ["encoded", "nested"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Nested percent encoding",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-016",
+      "payload": "..%%35c..%%35cetc/passwd",
+      "tags": ["encoded", "partial-double"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Partial double encoding",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-017",
+      "payload": "..\\/..\\/..\\/etc/passwd",
+      "tags": ["encoded", "mixed-slash"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Mixed slash encoding",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-018",
+      "payload": "....//....//....//etc/passwd",
+      "tags": ["encoded", "filter-bypass"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Filter stripping bypass",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-019",
+      "payload": "..../..../..../etc/passwd",
+      "tags": ["encoded", "filter-bypass", "alternate"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Alternate filter bypass",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-ENC-020",
+      "payload": "..%5c..%5c..%5cetc\\passwd",
+      "tags": ["encoded", "backslash", "mixed"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Encoded backslash mix",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-001",
+      "payload": "../../../wp-config.php",
+      "tags": ["app", "wordpress", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "WordPress configuration",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-002",
+      "payload": "../../../config/database.yml",
+      "tags": ["app", "rails", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Rails database config",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-003",
+      "payload": "../../../config/secrets.yml",
+      "tags": ["app", "rails", "secrets"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Rails secrets file",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-004",
+      "payload": "../../../config/settings.yml",
+      "tags": ["app", "rails", "settings"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Rails settings file",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-005",
+      "payload": "../../../.git/config",
+      "tags": ["app", "git", "config"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Git repository config",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-006",
+      "payload": "../../../.git/HEAD",
+      "tags": ["app", "git", "metadata"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Git HEAD reference",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-007",
+      "payload": "../../../.svn/entries",
+      "tags": ["app", "svn", "metadata"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "SVN entries file",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-008",
+      "payload": "../../../composer.json",
+      "tags": ["app", "php", "composer"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "PHP Composer dependencies",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-009",
+      "payload": "../../../package.json",
+      "tags": ["app", "node", "npm"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "Node.js package info",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-APP-010",
+      "payload": "../../../.npmrc",
+      "tags": ["app", "node", "npm", "auth"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "NPM auth tokens",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-DOCKER-001",
+      "payload": "../../../.docker/config.json",
+      "tags": ["docker", "config", "auth"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Docker registry auth",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-DOCKER-002",
+      "payload": "../../../var/run/docker.sock",
+      "tags": ["docker", "socket", "escape"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Docker socket access",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-K8S-001",
+      "payload": "../../../var/run/secrets/kubernetes.io/serviceaccount/token",
+      "tags": ["kubernetes", "token", "cloud"],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "K8s service account token",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-K8S-002",
+      "payload": "../../../var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
+      "tags": ["kubernetes", "cert", "cloud"],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "K8s CA certificate",
+      "category": "Traversal"
+  },
+  {
+      "id": "TRV-K8S-003",
+      "payload": "../../../var/run/secrets/kubernetes.io/serviceaccount/namespace",
+      "tags": ["kubernetes", "namespace", "cloud"],
+      "expected_block": true,
+      "severity_hint": "Medium",
+      "notes": "K8s namespace info",
+      "category": "Traversal"
+  }
+]