npm - @waftester/cli - Versions diffs - 2.9.45 → 2.9.47 - Mend

@waftester/cli 2.9.45 → 2.9.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md CHANGED Viewed

@@ -111,7 +111,7 @@ waf-tester discover -u https://automation.example.com -service n8n
 WAF_TESTER_PRESET_DIR=./my-presets waf-tester auto -u https://target.com -service myapp
 ```
-Built-in presets: `authentik`, `n8n`, `immich`, `webapp`, `intranet`. Create custom presets by adding JSON files — see the [Examples Guide](https://github.com/waftester/waftester/blob/main/docs/EXAMPLES.md#service-presets).
+Built-in presets: `authentik`, `gitlab`, `grafana`, `immich`, `intranet`, `jenkins`, `jira`, `keycloak`, `n8n`, `nextcloud`, `sonarqube`, `webapp`, `wordpress`. Create custom presets by adding JSON files — see the [Examples Guide](https://github.com/waftester/waftester/blob/main/docs/EXAMPLES.md#service-presets).
 ### Targeted Scanning
@@ -253,7 +253,7 @@ Use the official [WAFtester Action](https://github.com/marketplace/actions/wafte
 Also integrates with SonarQube, GitLab SAST, DefectDojo, Elasticsearch, Slack, Teams, PagerDuty, Jira, Azure DevOps, and OpenTelemetry.
-## All 33 Commands
+## All 36 Commands
 | Command | Description |
 |---------|-------------|

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@waftester/cli",
-  "version": "2.9.45",
+  "version": "2.9.47",
   "description": "WAFtester — the most comprehensive WAF testing CLI & MCP server",
   "license": "BUSL-1.1",
   "repository": {
@@ -44,11 +44,11 @@
     "node": ">=16"
   },
   "optionalDependencies": {
-    "@waftester/darwin-x64": "2.9.45",
-    "@waftester/darwin-arm64": "2.9.45",
-    "@waftester/linux-x64": "2.9.45",
-    "@waftester/linux-arm64": "2.9.45",
-    "@waftester/win32-x64": "2.9.45",
-    "@waftester/win32-arm64": "2.9.45"
+    "@waftester/darwin-x64": "2.9.47",
+    "@waftester/darwin-arm64": "2.9.47",
+    "@waftester/linux-x64": "2.9.47",
+    "@waftester/linux-arm64": "2.9.47",
+    "@waftester/win32-x64": "2.9.47",
+    "@waftester/win32-arm64": "2.9.47"
   }
 }

package/presets/gitlab.json ADDED Viewed

@@ -0,0 +1,36 @@
+{
+  "name": "gitlab",
+  "description": "GitLab self-hosted DevOps platform — API v4, GraphQL, OAuth, container registry",
+  "endpoints": [
+    "/users/sign_in",
+    "/users/sign_up",
+    "/users/password/new",
+    "/api/v4/projects",
+    "/api/v4/users",
+    "/api/v4/groups",
+    "/api/v4/namespaces",
+    "/api/v4/runners",
+    "/api/v4/jobs",
+    "/api/v4/pipelines",
+    "/api/v4/snippets",
+    "/-/graphql",
+    "/oauth/authorize",
+    "/oauth/token",
+    "/admin/",
+    "/explore",
+    "/search",
+    "/uploads/",
+    "/v2/",
+    "/-/health",
+    "/-/readiness",
+    "/-/liveness"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true,
+    "has_file_upload": true,
+    "has_oauth": true,
+    "has_graphql": true,
+    "has_websockets": true
+  }
+}

package/presets/grafana.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "grafana",
+  "description": "Grafana observability platform — dashboards, data sources, alerting API",
+  "endpoints": [
+    "/login",
+    "/logout",
+    "/api/login/ping",
+    "/api/org/",
+    "/api/orgs/",
+    "/api/users/",
+    "/api/dashboards/",
+    "/api/datasources/",
+    "/api/alerts/",
+    "/api/alert-notifications/",
+    "/api/annotations/",
+    "/api/search",
+    "/api/admin/",
+    "/api/plugins/",
+    "/api/folders/",
+    "/api/ruler/",
+    "/api/serviceaccounts/",
+    "/d/",
+    "/explore",
+    "/api/health"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true
+  }
+}

package/presets/jenkins.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "jenkins",
+  "description": "Jenkins CI/CD server — Script Console, REST API, CLI, job management",
+  "endpoints": [
+    "/login",
+    "/j_security_check",
+    "/logout",
+    "/api/json",
+    "/api/xml",
+    "/script",
+    "/scriptText",
+    "/manage",
+    "/configSubmit",
+    "/cli",
+    "/job/",
+    "/queue/api/json",
+    "/computer/api/json",
+    "/credentials/",
+    "/pluginManager/",
+    "/securityRealm/",
+    "/administrativeMonitor/",
+    "/crumbIssuer/api/json",
+    "/whoAmI/api/json",
+    "/user/"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true
+  }
+}

package/presets/jira.json ADDED Viewed

@@ -0,0 +1,31 @@
+{
+  "name": "jira",
+  "description": "Jira project management — REST API v2/v3, Agile API, admin, attachments",
+  "endpoints": [
+    "/login.jsp",
+    "/rest/api/2/issue/",
+    "/rest/api/2/search",
+    "/rest/api/2/user",
+    "/rest/api/2/project",
+    "/rest/api/2/dashboard",
+    "/rest/api/2/filter",
+    "/rest/api/2/field",
+    "/rest/api/2/configuration",
+    "/rest/api/2/serverInfo",
+    "/rest/api/2/myself",
+    "/rest/api/2/permissions",
+    "/rest/agile/1.0/board",
+    "/rest/agile/1.0/sprint",
+    "/rest/auth/1/session",
+    "/secure/admin/",
+    "/secure/Dashboard.jspa",
+    "/secure/ManageFilters.jspa",
+    "/plugins/servlet/",
+    "/status"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true,
+    "has_file_upload": true
+  }
+}

package/presets/keycloak.json ADDED Viewed

@@ -0,0 +1,32 @@
+{
+  "name": "keycloak",
+  "description": "Keycloak IAM — OpenID Connect, SAML, user federation, admin console",
+  "endpoints": [
+    "/auth/",
+    "/auth/admin/",
+    "/auth/realms/master/",
+    "/auth/realms/master/protocol/openid-connect/auth",
+    "/auth/realms/master/protocol/openid-connect/token",
+    "/auth/realms/master/protocol/openid-connect/userinfo",
+    "/auth/realms/master/protocol/openid-connect/certs",
+    "/auth/realms/master/protocol/saml",
+    "/auth/realms/master/account/",
+    "/auth/realms/master/clients-registrations/",
+    "/auth/realms/master/.well-known/openid-configuration",
+    "/auth/admin/realms/",
+    "/auth/admin/serverinfo",
+    "/auth/resources/",
+    "/realms/master/",
+    "/realms/master/protocol/openid-connect/token",
+    "/admin/",
+    "/health",
+    "/health/ready",
+    "/health/live"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true,
+    "has_oauth": true,
+    "has_saml": true
+  }
+}

package/presets/nextcloud.json ADDED Viewed

@@ -0,0 +1,33 @@
+{
+  "name": "nextcloud",
+  "description": "Nextcloud file sharing and collaboration — WebDAV, OCS API, app ecosystem",
+  "endpoints": [
+    "/login",
+    "/index.php/login",
+    "/remote.php/dav/",
+    "/remote.php/webdav/",
+    "/ocs/v2.php/cloud/users",
+    "/ocs/v2.php/cloud/groups",
+    "/ocs/v2.php/apps/files_sharing/api/v1/shares",
+    "/ocs/v2.php/core/getapppassword",
+    "/ocs/v1.php/cloud/capabilities",
+    "/apps/",
+    "/apps/files/",
+    "/apps/gallery/",
+    "/status.php",
+    "/cron.php",
+    "/index.php/settings/admin",
+    "/index.php/settings/personal",
+    "/index.php/core/preview",
+    "/index.php/apps/files/ajax/upload.php",
+    "/public.php",
+    "/.well-known/caldav",
+    "/.well-known/carddav"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true,
+    "has_file_upload": true,
+    "has_websockets": true
+  }
+}

package/presets/sonarqube.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "sonarqube",
+  "description": "SonarQube code quality platform — Web API, project analysis, admin",
+  "endpoints": [
+    "/sessions/new",
+    "/api/authentication/login",
+    "/api/authentication/logout",
+    "/api/authentication/validate",
+    "/api/system/status",
+    "/api/system/health",
+    "/api/system/info",
+    "/api/server/version",
+    "/api/users/search",
+    "/api/projects/search",
+    "/api/components/search",
+    "/api/issues/search",
+    "/api/rules/search",
+    "/api/qualityprofiles/search",
+    "/api/qualitygates/list",
+    "/api/settings/values",
+    "/api/plugins/installed",
+    "/api/webservices/list",
+    "/api/ce/activity",
+    "/api/measures/component"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true
+  }
+}

package/presets/wordpress.json ADDED Viewed

@@ -0,0 +1,31 @@
+{
+  "name": "wordpress",
+  "description": "WordPress CMS — login, REST API, XML-RPC, admin, uploads",
+  "endpoints": [
+    "/wp-login.php",
+    "/wp-admin/",
+    "/wp-admin/admin-ajax.php",
+    "/wp-admin/admin-post.php",
+    "/xmlrpc.php",
+    "/wp-json/",
+    "/wp-json/wp/v2/users",
+    "/wp-json/wp/v2/posts",
+    "/wp-json/wp/v2/pages",
+    "/wp-json/wp/v2/media",
+    "/wp-json/wp/v2/comments",
+    "/wp-json/wp/v2/settings",
+    "/wp-content/uploads/",
+    "/wp-includes/",
+    "/wp-cron.php",
+    "/wp-signup.php",
+    "/wp-trackback.php",
+    "/?author=1",
+    "/?rest_route=/",
+    "/feed/"
+  ],
+  "attack_surface": {
+    "has_auth_endpoints": true,
+    "has_api_endpoints": true,
+    "has_file_upload": true
+  }
+}