npm - @waftester/cli - Versions diffs - 2.8.0 - Mend

@waftester/cli 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

package/LICENSE +80 -0
package/LICENSE-COMMUNITY +28 -0
package/README.md +121 -0
package/bin/cli.js +152 -0
package/package.json +52 -0
package/payloads/community/README.md +45 -0
package/payloads/community/ai/ml-poisoning.json +173 -0
package/payloads/community/ai/prompt-injection.json +247 -0
package/payloads/community/ai/workflow-abuse.json +222 -0
package/payloads/community/auth/jwt.json +855 -0
package/payloads/community/auth/login-bypass.json +623 -0
package/payloads/community/auth/mfa.json +402 -0
package/payloads/community/auth/oauth.json +421 -0
package/payloads/community/auth/open-redirect.json +1028 -0
package/payloads/community/auth/session.json +404 -0
package/payloads/community/cache/deception.json +402 -0
package/payloads/community/cache/poisoning.json +403 -0
package/payloads/community/deserialization/gadget.json +375 -0
package/payloads/community/deserialization/prototype.json +370 -0
package/payloads/community/fuzz/content-type.json +397 -0
package/payloads/community/fuzz/headers.json +401 -0
package/payloads/community/fuzz/methods.json +397 -0
package/payloads/community/fuzz/obfuscation.json +362 -0
package/payloads/community/fuzz/special-chars.json +740 -0
package/payloads/community/fuzz/waf-bypass.json +452 -0
package/payloads/community/graphql/batching-abuse.json +271 -0
package/payloads/community/graphql/depth-limit.json +271 -0
package/payloads/community/graphql/introspection.json +267 -0
package/payloads/community/injection/crlf.json +569 -0
package/payloads/community/injection/ldap.json +357 -0
package/payloads/community/injection/nosqli.json +529 -0
package/payloads/community/injection/oscmd.json +662 -0
package/payloads/community/injection/rce-polyglots.json +452 -0
package/payloads/community/injection/sqli.json +681 -0
package/payloads/community/injection/ssti.json +584 -0
package/payloads/community/injection/upload-attacks.json +632 -0
package/payloads/community/injection/xpath.json +357 -0
package/payloads/community/injection/xxe.json +716 -0
package/payloads/community/logic/forced-browsing.json +405 -0
package/payloads/community/logic/idor.json +1026 -0
package/payloads/community/logic/privilege.json +337 -0
package/payloads/community/media/exif-injection.json +225 -0
package/payloads/community/media/metadata-poison.json +239 -0
package/payloads/community/protocol/http-smuggling.json +798 -0
package/payloads/community/protocol/http2-attacks.json +382 -0
package/payloads/community/protocol/websocket-abuse.json +375 -0
package/payloads/community/rate-limit/burst-simulation.json +286 -0
package/payloads/community/rate-limit/bypass-attempts.json +326 -0
package/payloads/community/rate-limit/zone-tests.json +332 -0
package/payloads/community/services/authentik.json +415 -0
package/payloads/community/services/immich.json +423 -0
package/payloads/community/services/n8n.json +366 -0
package/payloads/community/sqli-basic.json +182 -0
package/payloads/community/ssrf/cloud-metadata.json +999 -0
package/payloads/community/ssrf/dns-rebinding.json +503 -0
package/payloads/community/ssrf/internal-networks.json +627 -0
package/payloads/community/ssrf/protocol-smuggling.json +350 -0
package/payloads/community/ssti/multi-language-templates.json +191 -0
package/payloads/community/ssti/python-templates.json +200 -0
package/payloads/community/traversal/basic.json +675 -0
package/payloads/community/traversal/cloud-credentials.json +107 -0
package/payloads/community/traversal/config-files.json +193 -0
package/payloads/community/traversal/encoding.json +558 -0
package/payloads/community/traversal/null-byte.json +105 -0
package/payloads/community/traversal/symlink.json +93 -0
package/payloads/community/traversal/unicode.json +134 -0
package/payloads/community/traversal/unix-advanced.json +195 -0
package/payloads/community/traversal/windows-advanced.json +195 -0
package/payloads/community/waf-bypass/cloudflare-bypass.json +102 -0
package/payloads/community/waf-bypass/encoding-bypass.json +120 -0
package/payloads/community/waf-bypass/evasion-techniques.json +164 -0
package/payloads/community/waf-bypass/hpp-bypass.json +92 -0
package/payloads/community/waf-bypass/modsecurity-crs.json +220 -0
package/payloads/community/waf-bypass/protocol-attacks.json +101 -0
package/payloads/community/waf-bypass/sqlmap-tamper.json +252 -0
package/payloads/community/waf-bypass/unicode-charset.json +152 -0
package/payloads/community/waf-bypass/vendor-bypasses.json +72 -0
package/payloads/community/waf-validation/README.md +172 -0
package/payloads/community/waf-validation/bypass-techniques.json +272 -0
package/payloads/community/waf-validation/custom-rules.json +952 -0
package/payloads/community/waf-validation/evasion-techniques.json +272 -0
package/payloads/community/waf-validation/modsecurity-core.json +151 -0
package/payloads/community/waf-validation/owasp-top10.json +236 -0
package/payloads/community/waf-validation/regression-tests.json +227 -0
package/payloads/community/xss/csp-bypass.json +431 -0
package/payloads/community/xss/dom.json +389 -0
package/payloads/community/xss/filter-bypass.json +1242 -0
package/payloads/community/xss/mutation.json +263 -0
package/payloads/community/xss/polyglots.json +371 -0
package/payloads/community/xss/reflected.json +187 -0
package/payloads/community/xss/stored.json +330 -0
package/payloads/crlf-injection.json +182 -0
package/payloads/ids-map.json +155 -0
package/payloads/ldap-injection.json +182 -0
package/payloads/nosql-injection.json +227 -0
package/payloads/prototype-pollution.json +182 -0
package/payloads/request-smuggling.json +182 -0
package/payloads/version.json +28 -0
package/payloads/xss-advanced.json +227 -0
package/templates/README.md +221 -0
package/templates/nuclei/http/waf-bypass/crlf-bypass.yaml +146 -0
package/templates/nuclei/http/waf-bypass/lfi-bypass.yaml +152 -0
package/templates/nuclei/http/waf-bypass/nosqli-bypass.yaml +166 -0
package/templates/nuclei/http/waf-bypass/rce-bypass.yaml +171 -0
package/templates/nuclei/http/waf-bypass/sqli-basic.yaml +142 -0
package/templates/nuclei/http/waf-bypass/sqli-evasion.yaml +192 -0
package/templates/nuclei/http/waf-bypass/ssrf-bypass.yaml +130 -0
package/templates/nuclei/http/waf-bypass/ssti-bypass.yaml +147 -0
package/templates/nuclei/http/waf-bypass/xss-basic.yaml +163 -0
package/templates/nuclei/http/waf-bypass/xss-evasion.yaml +217 -0
package/templates/nuclei/http/waf-bypass/xxe-bypass.yaml +204 -0
package/templates/nuclei/http/waf-detection/akamai-detect.yaml +105 -0
package/templates/nuclei/http/waf-detection/aws-waf-detect.yaml +115 -0
package/templates/nuclei/http/waf-detection/azure-waf-detect.yaml +114 -0
package/templates/nuclei/http/waf-detection/cloudflare-detect.yaml +121 -0
package/templates/nuclei/http/waf-detection/modsecurity-detect.yaml +129 -0
package/templates/nuclei/workflows/waf-assessment-workflow.yaml +71 -0
package/templates/output/asff.tmpl +61 -0
package/templates/output/csv.tmpl +4 -0
package/templates/output/junit.tmpl +34 -0
package/templates/output/markdown-report.tmpl +92 -0
package/templates/output/slack-notification.tmpl +95 -0
package/templates/output/text-summary.tmpl +56 -0
package/templates/overrides/api-only.yaml +130 -0
package/templates/overrides/crs-tuning.yaml +204 -0
package/templates/overrides/false-positive-suppression.yaml +159 -0
package/templates/policies/owasp-top10.yaml +152 -0
package/templates/policies/pci-dss.yaml +124 -0
package/templates/policies/permissive.yaml +40 -0
package/templates/policies/standard.yaml +57 -0
package/templates/policies/strict.yaml +72 -0
package/templates/report-configs/compliance.yaml +173 -0
package/templates/report-configs/dark.yaml +136 -0
package/templates/report-configs/enterprise.yaml +175 -0
package/templates/report-configs/minimal.yaml +84 -0
package/templates/report-configs/print.yaml +139 -0
package/templates/workflows/api-scan.yaml +132 -0
package/templates/workflows/ci-gate.yaml +129 -0
package/templates/workflows/full-scan.yaml +133 -0
package/templates/workflows/quick-probe.yaml +80 -0
package/templates/workflows/waf-detection.yaml +89 -0

package/payloads/community/auth/session.json ADDED Viewed

@@ -0,0 +1,404 @@
+[
+  {
+      "id": "AUTH-SESSION-080",
+      "payload": "PHPSESSID=attacker_controlled_session_id",
+      "tags": [
+        "session-fixation",
+        "cookie-injection",
+        "quick",
+        "critical"
+    ],
+      "expected_block": false,
+      "severity_hint": "Critical",
+      "notes": "Session fixation - attacker sets known session ID before victim login",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-081",
+      "payload": "sessionid=00000000-0000-0000-0000-000000000001",
+      "tags": [
+        "session-prediction",
+        "sequential-id",
+        "quick",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Predictable session ID - sequential/incremental session identifier",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-082",
+      "payload": "session_token=admin_session_12345",
+      "tags": [
+        "session-hijacking",
+        "weak-token",
+        "quick",
+        "critical"
+    ],
+      "expected_block": false,
+      "severity_hint": "Critical",
+      "notes": "Weak session token - predictable pattern with username",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-083",
+      "payload": "JSESSIONID=1111111111111111111111111111",
+      "tags": [
+        "session-prediction",
+        "weak-randomness",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Session ID with weak entropy - repeated characters indicate poor randomness",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-084",
+      "payload": "sid=MTIzNDU2Nzg5MA==",
+      "tags": [
+        "session-prediction",
+        "base64-sequential",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Base64-encoded sequential session ID - 1234567890 in base64",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-085",
+      "payload": "session=user123_20250112_001",
+      "tags": [
+        "session-prediction",
+        "timestamp-based",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Timestamp-based session ID - predictable pattern with date/time",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-086",
+      "payload": "auth_token=; Path=/; Domain=.attacker.com",
+      "tags": [
+        "cookie-injection",
+        "domain-manipulation",
+        "critical"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Session cookie with attacker-controlled domain - session hijacking via subdomain",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-087",
+      "payload": "session=valid_session; HttpOnly=false; Secure=false",
+      "tags": [
+        "cookie-attributes",
+        "missing-flags",
+        "quick",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Session cookie without HttpOnly/Secure flags - XSS and network sniffing risk",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-088",
+      "payload": "session=valid_session; SameSite=None",
+      "tags": [
+        "cookie-attributes",
+        "samesite-none",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Session cookie with SameSite=None - CSRF vulnerability",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-089",
+      "payload": "session=expired_session_token",
+      "tags": [
+        "session-timeout",
+        "expired-token",
+        "quick",
+        "medium"
+    ],
+      "expected_block": false,
+      "severity_hint": "Medium",
+      "notes": "Expired session token - testing session timeout enforcement",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-090",
+      "payload": "session=logged_out_session",
+      "tags": [
+        "logout-bypass",
+        "session-reuse",
+        "quick",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Session reuse after logout - testing session invalidation on logout",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-091",
+      "payload": "session=victim_session_id",
+      "tags": [
+        "session-hijacking",
+        "stolen-token",
+        "quick",
+        "critical"
+    ],
+      "expected_block": false,
+      "severity_hint": "Critical",
+      "notes": "Session hijacking with stolen session ID - replay attack",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-092",
+      "payload": "session=session_from_different_ip",
+      "tags": [
+        "session-hijacking",
+        "ip-binding",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Session from different IP address - testing IP binding enforcement",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-093",
+      "payload": "session=session_with_changed_user_agent",
+      "tags": [
+        "session-hijacking",
+        "user-agent-mismatch",
+        "medium"
+    ],
+      "expected_block": false,
+      "severity_hint": "Medium",
+      "notes": "Session with mismatched User-Agent - fingerprint validation bypass",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-094",
+      "payload": "csrf_token=",
+      "tags": [
+        "csrf",
+        "empty-token",
+        "quick",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Empty CSRF token - CSRF protection bypass",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-095",
+      "payload": "csrf_token=static_token_value",
+      "tags": [
+        "csrf",
+        "static-token",
+        "quick",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Static/predictable CSRF token - not tied to session",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-096",
+      "payload": "X-CSRF-Token: null",
+      "tags": [
+        "csrf",
+        "null-token",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "CSRF token with null value - type confusion bypass",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-097",
+      "payload": "session=../../../etc/passwd",
+      "tags": [
+        "session-manipulation",
+        "path-traversal",
+        "quick",
+        "critical"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "Session token with path traversal - file-based session storage attack",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-098",
+      "payload": "session=' OR '1'='1",
+      "tags": [
+        "session-manipulation",
+        "sqli",
+        "quick",
+        "critical"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "SQL injection in session ID - targeting session retrieval query",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-099",
+      "payload": "session={\"admin\":true,\"user\":\"attacker\"}",
+      "tags": [
+        "session-manipulation",
+        "json-injection",
+        "critical"
+    ],
+      "expected_block": false,
+      "severity_hint": "Critical",
+      "notes": "JSON object as session ID - client-side session manipulation",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-100",
+      "payload": "session=eyJhZG1pbiI6dHJ1ZSwidXNlciI6ImF0dGFja2VyIn0=",
+      "tags": [
+        "session-manipulation",
+        "base64-json",
+        "critical"
+    ],
+      "expected_block": false,
+      "severity_hint": "Critical",
+      "notes": "Base64-encoded JSON session - client-side session tampering",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-101",
+      "payload": "remember_me=1; session=auto_login_token",
+      "tags": [
+        "remember-me",
+        "persistent-session",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Remember-me token with weak session - persistent authentication bypass",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-102",
+      "payload": "session=; session=valid_session",
+      "tags": [
+        "cookie-injection",
+        "parameter-pollution",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Duplicate session cookies - HPP (HTTP Parameter Pollution) in cookies",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-103",
+      "payload": "session=valid_session%0d%0aSet-Cookie: admin=true",
+      "tags": [
+        "crlf-injection",
+        "cookie-injection",
+        "critical"
+    ],
+      "expected_block": true,
+      "severity_hint": "Critical",
+      "notes": "CRLF injection in session cookie - HTTP response splitting",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-104",
+      "payload": "session=valid_session\\x00admin",
+      "tags": [
+        "null-byte",
+        "session-manipulation",
+        "high"
+    ],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "Null byte in session token - string truncation attack",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-105",
+      "payload": "session=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+      "tags": [
+        "dos",
+        "long-session-id",
+        "medium"
+    ],
+      "expected_block": false,
+      "severity_hint": "Medium",
+      "notes": "Extremely long session ID - buffer overflow or DoS attempt",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-106",
+      "payload": "session=<script>alert('xss')</script>",
+      "tags": [
+        "xss",
+        "session-reflection",
+        "quick",
+        "high"
+    ],
+      "expected_block": true,
+      "severity_hint": "High",
+      "notes": "XSS in session token - reflected in error messages or logs",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-107",
+      "payload": "session=; Max-Age=-1",
+      "tags": [
+        "cookie-manipulation",
+        "negative-maxage",
+        "medium"
+    ],
+      "expected_block": false,
+      "severity_hint": "Medium",
+      "notes": "Session cookie with negative Max-Age - immediate expiry, DoS potential",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-108",
+      "payload": "session_lock=0",
+      "tags": [
+        "concurrent-sessions",
+        "session-lock",
+        "medium"
+    ],
+      "expected_block": false,
+      "severity_hint": "Medium",
+      "notes": "Disabled session locking - concurrent session abuse",
+      "category": "Auth"
+  },
+  {
+      "id": "AUTH-SESSION-109",
+      "payload": "session=token1&backup_session=token2",
+      "tags": [
+        "session-confusion",
+        "multiple-sessions",
+        "high"
+    ],
+      "expected_block": false,
+      "severity_hint": "High",
+      "notes": "Multiple active sessions - session confusion attack",
+      "category": "Auth"
+  }
+]