fingerprint-mcp 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (269) hide show
  1. package/LICENSE +663 -0
  2. package/README.ar.md +767 -0
  3. package/README.bn.md +767 -0
  4. package/README.bs.md +767 -0
  5. package/README.da.md +767 -0
  6. package/README.de.md +770 -0
  7. package/README.el.md +767 -0
  8. package/README.es.md +769 -0
  9. package/README.fr.md +769 -0
  10. package/README.hi.md +767 -0
  11. package/README.it.md +767 -0
  12. package/README.ja.md +767 -0
  13. package/README.ko.md +772 -0
  14. package/README.md +767 -0
  15. package/README.no.md +767 -0
  16. package/README.pl.md +767 -0
  17. package/README.pt-BR.md +767 -0
  18. package/README.ru.md +767 -0
  19. package/README.th.md +767 -0
  20. package/README.tr.md +767 -0
  21. package/README.uk.md +767 -0
  22. package/README.vi.md +767 -0
  23. package/README.zh-TW.md +768 -0
  24. package/README.zh.md +768 -0
  25. package/dist/app/index.d.ts +3 -0
  26. package/dist/app/index.d.ts.map +1 -0
  27. package/dist/app/index.js +614 -0
  28. package/dist/app/index.js.map +1 -0
  29. package/dist/composite/analyze.d.ts +3 -0
  30. package/dist/composite/analyze.d.ts.map +1 -0
  31. package/dist/composite/analyze.js +59 -0
  32. package/dist/composite/analyze.js.map +1 -0
  33. package/dist/composite/correlate.d.ts +3 -0
  34. package/dist/composite/correlate.d.ts.map +1 -0
  35. package/dist/composite/correlate.js +184 -0
  36. package/dist/composite/correlate.js.map +1 -0
  37. package/dist/composite/enumerate.d.ts +3 -0
  38. package/dist/composite/enumerate.d.ts.map +1 -0
  39. package/dist/composite/enumerate.js +94 -0
  40. package/dist/composite/enumerate.js.map +1 -0
  41. package/dist/composite/helpers.d.ts +22 -0
  42. package/dist/composite/helpers.d.ts.map +1 -0
  43. package/dist/composite/helpers.js +111 -0
  44. package/dist/composite/helpers.js.map +1 -0
  45. package/dist/composite/index.d.ts +3 -0
  46. package/dist/composite/index.d.ts.map +1 -0
  47. package/dist/composite/index.js +29 -0
  48. package/dist/composite/index.js.map +1 -0
  49. package/dist/composite/meta.d.ts +3 -0
  50. package/dist/composite/meta.d.ts.map +1 -0
  51. package/dist/composite/meta.js +23 -0
  52. package/dist/composite/meta.js.map +1 -0
  53. package/dist/composite/osint.d.ts +3 -0
  54. package/dist/composite/osint.d.ts.map +1 -0
  55. package/dist/composite/osint.js +40 -0
  56. package/dist/composite/osint.js.map +1 -0
  57. package/dist/composite/recon.d.ts +3 -0
  58. package/dist/composite/recon.d.ts.map +1 -0
  59. package/dist/composite/recon.js +131 -0
  60. package/dist/composite/recon.js.map +1 -0
  61. package/dist/composite/scan-dns.d.ts +3 -0
  62. package/dist/composite/scan-dns.d.ts.map +1 -0
  63. package/dist/composite/scan-dns.js +44 -0
  64. package/dist/composite/scan-dns.js.map +1 -0
  65. package/dist/composite/scan-http.d.ts +3 -0
  66. package/dist/composite/scan-http.d.ts.map +1 -0
  67. package/dist/composite/scan-http.js +68 -0
  68. package/dist/composite/scan-http.js.map +1 -0
  69. package/dist/composite/scan-paths.d.ts +3 -0
  70. package/dist/composite/scan-paths.d.ts.map +1 -0
  71. package/dist/composite/scan-paths.js +32 -0
  72. package/dist/composite/scan-paths.js.map +1 -0
  73. package/dist/composite/scan-ports.d.ts +3 -0
  74. package/dist/composite/scan-ports.d.ts.map +1 -0
  75. package/dist/composite/scan-ports.js +79 -0
  76. package/dist/composite/scan-ports.js.map +1 -0
  77. package/dist/composite/scan-services.d.ts +3 -0
  78. package/dist/composite/scan-services.d.ts.map +1 -0
  79. package/dist/composite/scan-services.js +111 -0
  80. package/dist/composite/scan-services.js.map +1 -0
  81. package/dist/composite/scan-tls.d.ts +3 -0
  82. package/dist/composite/scan-tls.d.ts.map +1 -0
  83. package/dist/composite/scan-tls.js +32 -0
  84. package/dist/composite/scan-tls.js.map +1 -0
  85. package/dist/composite/scan-waf.d.ts +3 -0
  86. package/dist/composite/scan-waf.d.ts.map +1 -0
  87. package/dist/composite/scan-waf.js +35 -0
  88. package/dist/composite/scan-waf.js.map +1 -0
  89. package/dist/correlation/index.d.ts +3 -0
  90. package/dist/correlation/index.d.ts.map +1 -0
  91. package/dist/correlation/index.js +1044 -0
  92. package/dist/correlation/index.js.map +1 -0
  93. package/dist/data/analytics-patterns.d.ts +21 -0
  94. package/dist/data/analytics-patterns.d.ts.map +1 -0
  95. package/dist/data/analytics-patterns.js +449 -0
  96. package/dist/data/analytics-patterns.js.map +1 -0
  97. package/dist/data/app-signatures.d.ts +52 -0
  98. package/dist/data/app-signatures.d.ts.map +1 -0
  99. package/dist/data/app-signatures.js +1143 -0
  100. package/dist/data/app-signatures.js.map +1 -0
  101. package/dist/data/c2-signatures.d.ts +54 -0
  102. package/dist/data/c2-signatures.d.ts.map +1 -0
  103. package/dist/data/c2-signatures.js +256 -0
  104. package/dist/data/c2-signatures.js.map +1 -0
  105. package/dist/data/cloud-ranges.d.ts +34 -0
  106. package/dist/data/cloud-ranges.d.ts.map +1 -0
  107. package/dist/data/cloud-ranges.js +628 -0
  108. package/dist/data/cloud-ranges.js.map +1 -0
  109. package/dist/data/cookie-patterns.d.ts +28 -0
  110. package/dist/data/cookie-patterns.d.ts.map +1 -0
  111. package/dist/data/cookie-patterns.js +225 -0
  112. package/dist/data/cookie-patterns.js.map +1 -0
  113. package/dist/data/error-signatures.d.ts +19 -0
  114. package/dist/data/error-signatures.d.ts.map +1 -0
  115. package/dist/data/error-signatures.js +321 -0
  116. package/dist/data/error-signatures.js.map +1 -0
  117. package/dist/data/favicon-hashes.d.ts +25 -0
  118. package/dist/data/favicon-hashes.d.ts.map +1 -0
  119. package/dist/data/favicon-hashes.js +249 -0
  120. package/dist/data/favicon-hashes.js.map +1 -0
  121. package/dist/data/h2-signatures.d.ts +50 -0
  122. package/dist/data/h2-signatures.d.ts.map +1 -0
  123. package/dist/data/h2-signatures.js +211 -0
  124. package/dist/data/h2-signatures.js.map +1 -0
  125. package/dist/data/header-order.d.ts +38 -0
  126. package/dist/data/header-order.d.ts.map +1 -0
  127. package/dist/data/header-order.js +185 -0
  128. package/dist/data/header-order.js.map +1 -0
  129. package/dist/data/jarm-signatures.d.ts +25 -0
  130. package/dist/data/jarm-signatures.d.ts.map +1 -0
  131. package/dist/data/jarm-signatures.js +213 -0
  132. package/dist/data/jarm-signatures.js.map +1 -0
  133. package/dist/data/saas-patterns.d.ts +23 -0
  134. package/dist/data/saas-patterns.d.ts.map +1 -0
  135. package/dist/data/saas-patterns.js +139 -0
  136. package/dist/data/saas-patterns.js.map +1 -0
  137. package/dist/data/sensitive-paths.d.ts +12 -0
  138. package/dist/data/sensitive-paths.d.ts.map +1 -0
  139. package/dist/data/sensitive-paths.js +1539 -0
  140. package/dist/data/sensitive-paths.js.map +1 -0
  141. package/dist/data/service-banners.d.ts +59 -0
  142. package/dist/data/service-banners.d.ts.map +1 -0
  143. package/dist/data/service-banners.js +323 -0
  144. package/dist/data/service-banners.js.map +1 -0
  145. package/dist/data/smtp-signatures.d.ts +12 -0
  146. package/dist/data/smtp-signatures.d.ts.map +1 -0
  147. package/dist/data/smtp-signatures.js +350 -0
  148. package/dist/data/smtp-signatures.js.map +1 -0
  149. package/dist/data/takeover-patterns.d.ts +37 -0
  150. package/dist/data/takeover-patterns.d.ts.map +1 -0
  151. package/dist/data/takeover-patterns.js +249 -0
  152. package/dist/data/takeover-patterns.js.map +1 -0
  153. package/dist/data/tech-patterns.d.ts +44 -0
  154. package/dist/data/tech-patterns.d.ts.map +1 -0
  155. package/dist/data/tech-patterns.js +690 -0
  156. package/dist/data/tech-patterns.js.map +1 -0
  157. package/dist/data/waf-signatures.d.ts +21 -0
  158. package/dist/data/waf-signatures.d.ts.map +1 -0
  159. package/dist/data/waf-signatures.js +318 -0
  160. package/dist/data/waf-signatures.js.map +1 -0
  161. package/dist/dns/index.d.ts +3 -0
  162. package/dist/dns/index.d.ts.map +1 -0
  163. package/dist/dns/index.js +1067 -0
  164. package/dist/dns/index.js.map +1 -0
  165. package/dist/enum/index.d.ts +3 -0
  166. package/dist/enum/index.d.ts.map +1 -0
  167. package/dist/enum/index.js +818 -0
  168. package/dist/enum/index.js.map +1 -0
  169. package/dist/h2/index.d.ts +3 -0
  170. package/dist/h2/index.d.ts.map +1 -0
  171. package/dist/h2/index.js +414 -0
  172. package/dist/h2/index.js.map +1 -0
  173. package/dist/http/index.d.ts +3 -0
  174. package/dist/http/index.d.ts.map +1 -0
  175. package/dist/http/index.js +2444 -0
  176. package/dist/http/index.js.map +1 -0
  177. package/dist/identify/index.d.ts +3 -0
  178. package/dist/identify/index.d.ts.map +1 -0
  179. package/dist/identify/index.js +447 -0
  180. package/dist/identify/index.js.map +1 -0
  181. package/dist/index.d.ts +3 -0
  182. package/dist/index.d.ts.map +1 -0
  183. package/dist/index.js +165 -0
  184. package/dist/index.js.map +1 -0
  185. package/dist/infra/index.d.ts +3 -0
  186. package/dist/infra/index.d.ts.map +1 -0
  187. package/dist/infra/index.js +989 -0
  188. package/dist/infra/index.js.map +1 -0
  189. package/dist/iot/index.d.ts +3 -0
  190. package/dist/iot/index.d.ts.map +1 -0
  191. package/dist/iot/index.js +610 -0
  192. package/dist/iot/index.js.map +1 -0
  193. package/dist/meta/index.d.ts +3 -0
  194. package/dist/meta/index.d.ts.map +1 -0
  195. package/dist/meta/index.js +442 -0
  196. package/dist/meta/index.js.map +1 -0
  197. package/dist/osint/index.d.ts +3 -0
  198. package/dist/osint/index.d.ts.map +1 -0
  199. package/dist/osint/index.js +687 -0
  200. package/dist/osint/index.js.map +1 -0
  201. package/dist/passive/index.d.ts +3 -0
  202. package/dist/passive/index.d.ts.map +1 -0
  203. package/dist/passive/index.js +944 -0
  204. package/dist/passive/index.js.map +1 -0
  205. package/dist/path/index.d.ts +3 -0
  206. package/dist/path/index.d.ts.map +1 -0
  207. package/dist/path/index.js +878 -0
  208. package/dist/path/index.js.map +1 -0
  209. package/dist/protocol/mcp-server.d.ts +4 -0
  210. package/dist/protocol/mcp-server.d.ts.map +1 -0
  211. package/dist/protocol/mcp-server.js +32 -0
  212. package/dist/protocol/mcp-server.js.map +1 -0
  213. package/dist/protocol/tools.d.ts +3 -0
  214. package/dist/protocol/tools.d.ts.map +1 -0
  215. package/dist/protocol/tools.js +5 -0
  216. package/dist/protocol/tools.js.map +1 -0
  217. package/dist/service/index.d.ts +3 -0
  218. package/dist/service/index.d.ts.map +1 -0
  219. package/dist/service/index.js +1053 -0
  220. package/dist/service/index.js.map +1 -0
  221. package/dist/smtp/index.d.ts +3 -0
  222. package/dist/smtp/index.d.ts.map +1 -0
  223. package/dist/smtp/index.js +437 -0
  224. package/dist/smtp/index.js.map +1 -0
  225. package/dist/ssh/index.d.ts +3 -0
  226. package/dist/ssh/index.d.ts.map +1 -0
  227. package/dist/ssh/index.js +676 -0
  228. package/dist/ssh/index.js.map +1 -0
  229. package/dist/tcp/index.d.ts +3 -0
  230. package/dist/tcp/index.d.ts.map +1 -0
  231. package/dist/tcp/index.js +369 -0
  232. package/dist/tcp/index.js.map +1 -0
  233. package/dist/timing/index.d.ts +3 -0
  234. package/dist/timing/index.d.ts.map +1 -0
  235. package/dist/timing/index.js +425 -0
  236. package/dist/timing/index.js.map +1 -0
  237. package/dist/tls/index.d.ts +3 -0
  238. package/dist/tls/index.d.ts.map +1 -0
  239. package/dist/tls/index.js +1332 -0
  240. package/dist/tls/index.js.map +1 -0
  241. package/dist/types/index.d.ts +26 -0
  242. package/dist/types/index.d.ts.map +1 -0
  243. package/dist/types/index.js +8 -0
  244. package/dist/types/index.js.map +1 -0
  245. package/dist/utils/cache.d.ts +11 -0
  246. package/dist/utils/cache.d.ts.map +1 -0
  247. package/dist/utils/cache.js +35 -0
  248. package/dist/utils/cache.js.map +1 -0
  249. package/dist/utils/murmurhash3.d.ts +3 -0
  250. package/dist/utils/murmurhash3.d.ts.map +1 -0
  251. package/dist/utils/murmurhash3.js +57 -0
  252. package/dist/utils/murmurhash3.js.map +1 -0
  253. package/dist/utils/rate-limiter.d.ts +10 -0
  254. package/dist/utils/rate-limiter.d.ts.map +1 -0
  255. package/dist/utils/rate-limiter.js +35 -0
  256. package/dist/utils/rate-limiter.js.map +1 -0
  257. package/dist/utils/require-key.d.ts +2 -0
  258. package/dist/utils/require-key.d.ts.map +1 -0
  259. package/dist/utils/require-key.js +8 -0
  260. package/dist/utils/require-key.js.map +1 -0
  261. package/dist/waf/index.d.ts +3 -0
  262. package/dist/waf/index.d.ts.map +1 -0
  263. package/dist/waf/index.js +767 -0
  264. package/dist/waf/index.js.map +1 -0
  265. package/dist/web/index.d.ts +3 -0
  266. package/dist/web/index.d.ts.map +1 -0
  267. package/dist/web/index.js +1366 -0
  268. package/dist/web/index.js.map +1 -0
  269. package/package.json +66 -0
@@ -0,0 +1,690 @@
1
+ /**
2
+ * JavaScript library, framework, and build-tool detection patterns with
3
+ * version extraction and known CVE mappings.
4
+ *
5
+ * Used for client-side technology fingerprinting: identifies libraries from
6
+ * script URLs, global variables, DOM attributes, meta tags, and HTML comments.
7
+ * When a version can be extracted, it is cross-referenced against known CVEs
8
+ * to surface vulnerable dependencies.
9
+ *
10
+ * References:
11
+ * - https://cve.mitre.org/
12
+ * - https://www.npmjs.com/advisories
13
+ * - https://snyk.io/vuln/
14
+ */
15
+ export const TECH_PATTERNS = [
16
+ // ──────────────────────────────────────────────────
17
+ // Libraries — with known CVEs
18
+ // ──────────────────────────────────────────────────
19
+ {
20
+ name: "jQuery",
21
+ category: "library",
22
+ detection: {
23
+ script: ["jquery[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js", "jquery\\.slim"],
24
+ global: ["jQuery", "jQuery.fn.jquery"],
25
+ comment: ["jQuery v\\d+"],
26
+ },
27
+ versionExtract: "jQuery\\s+v?(\\d+\\.\\d+\\.\\d+)",
28
+ cves: [
29
+ {
30
+ version: "<3.5.0",
31
+ cve: "CVE-2020-11022",
32
+ description: "XSS via .html() when passing untrusted input containing <option> or <style> tags.",
33
+ },
34
+ {
35
+ version: "<3.5.0",
36
+ cve: "CVE-2020-11023",
37
+ description: "XSS in jQuery.htmlPrefilter when handling HTML from untrusted sources.",
38
+ },
39
+ {
40
+ version: "<3.0.0",
41
+ cve: "CVE-2019-11358",
42
+ description: "Prototype pollution in jQuery.extend(true, ...) with crafted Object.prototype properties.",
43
+ },
44
+ {
45
+ version: "<1.12.0",
46
+ cve: "CVE-2015-9251",
47
+ description: "XSS when a cross-domain Ajax request is performed without the dataType option, leading to text/javascript execution.",
48
+ },
49
+ ],
50
+ },
51
+ {
52
+ name: "jQuery UI",
53
+ category: "library",
54
+ detection: {
55
+ script: ["jquery-ui[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
56
+ global: ["jQuery.ui", "jQuery.ui.version"],
57
+ },
58
+ versionExtract: "jQuery UI[\\s-]+v?(\\d+\\.\\d+\\.\\d+)",
59
+ cves: [
60
+ {
61
+ version: "<1.13.2",
62
+ cve: "CVE-2022-31160",
63
+ description: "XSS in the checkboxradio widget when processing untrusted label content.",
64
+ },
65
+ {
66
+ version: "<1.13.0",
67
+ cve: "CVE-2021-41184",
68
+ description: "XSS in the .position() utility when using of option with untrusted input.",
69
+ },
70
+ ],
71
+ },
72
+ {
73
+ name: "Lodash",
74
+ category: "library",
75
+ detection: {
76
+ script: ["lodash[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
77
+ global: ["_", "_.VERSION"],
78
+ },
79
+ versionExtract: "lodash\\s+v?(\\d+\\.\\d+\\.\\d+)",
80
+ cves: [
81
+ {
82
+ version: "<4.17.21",
83
+ cve: "CVE-2021-23337",
84
+ description: "Command injection in lodash.template via the variable option.",
85
+ },
86
+ {
87
+ version: "<4.17.20",
88
+ cve: "CVE-2020-28500",
89
+ description: "ReDoS in lodash.toNumber, lodash.trim, lodash.trimEnd via crafted strings.",
90
+ },
91
+ {
92
+ version: "<4.17.12",
93
+ cve: "CVE-2019-10744",
94
+ description: "Prototype pollution in lodash.defaultsDeep and lodash.merge.",
95
+ },
96
+ ],
97
+ },
98
+ {
99
+ name: "AngularJS (1.x)",
100
+ category: "framework",
101
+ detection: {
102
+ script: ["angular[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
103
+ global: ["angular", "angular.version"],
104
+ dom: ["\\[ng-app\\]", "\\[ng-controller\\]", "\\[ng-model\\]"],
105
+ },
106
+ versionExtract: "AngularJS v(\\d+\\.\\d+\\.\\d+)",
107
+ cves: [
108
+ {
109
+ version: "<1.8.0",
110
+ cve: "CVE-2022-25869",
111
+ description: "XSS via the $sanitize service allowing bypass of SVG sanitization rules.",
112
+ },
113
+ {
114
+ version: "<1.6.9",
115
+ cve: "CVE-2019-14863",
116
+ description: "Prototype pollution in angular.merge() and angular.extend().",
117
+ },
118
+ ],
119
+ },
120
+ {
121
+ name: "Moment.js",
122
+ category: "library",
123
+ detection: {
124
+ script: ["moment[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
125
+ global: ["moment", "moment.version"],
126
+ },
127
+ versionExtract: "moment\\.js[\\s-]+v?(\\d+\\.\\d+\\.\\d+)",
128
+ cves: [
129
+ {
130
+ version: "<=2.29.4",
131
+ cve: "CVE-2022-31129",
132
+ description: "ReDoS in moment.js parsing of user-supplied date strings (inefficient regex).",
133
+ },
134
+ {
135
+ version: "<=2.29.2",
136
+ cve: "CVE-2022-24785",
137
+ description: "Path traversal in moment.locale() when the locale parameter is user-controlled.",
138
+ },
139
+ ],
140
+ },
141
+ {
142
+ name: "DOMPurify",
143
+ category: "library",
144
+ detection: {
145
+ script: ["purify[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js", "dompurify"],
146
+ global: ["DOMPurify"],
147
+ },
148
+ versionExtract: "DOMPurify\\s+v?(\\d+\\.\\d+\\.\\d+)",
149
+ cves: [
150
+ {
151
+ version: "<2.3.6",
152
+ cve: "CVE-2023-48634",
153
+ description: "Mutation XSS bypass in DOMPurify via nested HTML elements and browser parsing differences.",
154
+ },
155
+ {
156
+ version: "<2.4.4",
157
+ cve: "CVE-2024-45801",
158
+ description: "XSS bypass via namespace confusion in SVG/MathML content.",
159
+ },
160
+ ],
161
+ },
162
+ {
163
+ name: "Axios",
164
+ category: "library",
165
+ detection: {
166
+ script: ["axios[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
167
+ global: ["axios"],
168
+ },
169
+ versionExtract: "axios/v?(\\d+\\.\\d+\\.\\d+)",
170
+ cves: [
171
+ {
172
+ version: "<1.6.0",
173
+ cve: "CVE-2023-45857",
174
+ description: "CSRF token leakage via X-XSRF-TOKEN header sent to cross-origin requests.",
175
+ },
176
+ {
177
+ version: "<0.21.1",
178
+ cve: "CVE-2020-28168",
179
+ description: "SSRF via request redirect — axios follows redirects to arbitrary protocols.",
180
+ },
181
+ ],
182
+ },
183
+ {
184
+ name: "Underscore.js",
185
+ category: "library",
186
+ detection: {
187
+ script: ["underscore[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
188
+ global: ["_", "_.VERSION"],
189
+ },
190
+ versionExtract: "Underscore\\.js\\s+v?(\\d+\\.\\d+\\.\\d+)",
191
+ cves: [
192
+ {
193
+ version: "<1.13.6",
194
+ cve: "CVE-2021-23358",
195
+ description: "Arbitrary code execution via the template function when a variable option is crafted.",
196
+ },
197
+ ],
198
+ },
199
+ {
200
+ name: "Backbone.js",
201
+ category: "framework",
202
+ detection: {
203
+ script: ["backbone[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
204
+ global: ["Backbone", "Backbone.VERSION"],
205
+ },
206
+ versionExtract: "Backbone\\.js\\s+v?(\\d+\\.\\d+\\.\\d+)",
207
+ },
208
+ {
209
+ name: "Handlebars",
210
+ category: "library",
211
+ detection: {
212
+ script: ["handlebars[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
213
+ global: ["Handlebars", "Handlebars.VERSION"],
214
+ },
215
+ versionExtract: "Handlebars v(\\d+\\.\\d+\\.\\d+)",
216
+ cves: [
217
+ {
218
+ version: "<4.7.7",
219
+ cve: "CVE-2021-23383",
220
+ description: "Prototype pollution leading to RCE via crafted template input.",
221
+ },
222
+ {
223
+ version: "<4.7.6",
224
+ cve: "CVE-2021-23369",
225
+ description: "RCE when compiling templates from untrusted sources via lookup helper.",
226
+ },
227
+ ],
228
+ },
229
+ {
230
+ name: "Bootstrap",
231
+ category: "library",
232
+ detection: {
233
+ script: ["bootstrap[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
234
+ global: ["bootstrap", "$.fn.tooltip.Constructor.VERSION"],
235
+ meta: ["<meta[^>]+name=[\"']generator[\"'][^>]+Bootstrap"],
236
+ },
237
+ versionExtract: "Bootstrap v(\\d+\\.\\d+\\.\\d+)",
238
+ cves: [
239
+ {
240
+ version: "<3.4.1",
241
+ cve: "CVE-2019-8331",
242
+ description: "XSS in the tooltip and popover plugins via data-template attribute.",
243
+ },
244
+ {
245
+ version: "<3.4.0",
246
+ cve: "CVE-2018-14042",
247
+ description: "XSS in the collapse plugin via data-parent attribute.",
248
+ },
249
+ ],
250
+ },
251
+ // ──────────────────────────────────────────────────
252
+ // Frameworks — DOM / global detection
253
+ // ──────────────────────────────────────────────────
254
+ {
255
+ name: "Next.js",
256
+ category: "framework",
257
+ detection: {
258
+ global: ["__NEXT_DATA__", "next.version"],
259
+ dom: ["#__next"],
260
+ meta: ["<meta[^>]+name=[\"']next-head-count[\"']"],
261
+ script: ["/_next/static/"],
262
+ },
263
+ versionExtract: "Next\\.js\\s+v?(\\d+\\.\\d+\\.\\d+)",
264
+ },
265
+ {
266
+ name: "Nuxt.js",
267
+ category: "framework",
268
+ detection: {
269
+ global: ["__NUXT__", "$nuxt"],
270
+ dom: ["#__nuxt", "#__layout"],
271
+ script: ["/_nuxt/"],
272
+ },
273
+ versionExtract: "Nuxt\\.js v(\\d+\\.\\d+\\.\\d+)",
274
+ },
275
+ {
276
+ name: "Angular (2+)",
277
+ category: "framework",
278
+ detection: {
279
+ global: ["ng"],
280
+ dom: ["\\[ng-version\\]", "\\[_nghost-[a-z0-9-]+\\]", "\\[_ngcontent-[a-z0-9-]+\\]"],
281
+ script: ["runtime\\.[a-f0-9]+\\.js", "polyfills\\.[a-f0-9]+\\.js"],
282
+ },
283
+ versionExtract: "ng-version=[\"'](\\d+\\.\\d+\\.\\d+)[\"']",
284
+ },
285
+ {
286
+ name: "React",
287
+ category: "framework",
288
+ detection: {
289
+ global: [
290
+ "__REACT_DEVTOOLS_GLOBAL_HOOK__",
291
+ "React.version",
292
+ ],
293
+ dom: ["\\[data-reactroot\\]", "#_reactRootContainer"],
294
+ },
295
+ versionExtract: "React v(\\d+\\.\\d+\\.\\d+)",
296
+ },
297
+ {
298
+ name: "React DOM",
299
+ category: "framework",
300
+ detection: {
301
+ global: ["ReactDOM"],
302
+ dom: ["\\[data-reactid\\]"],
303
+ },
304
+ versionExtract: "ReactDOM v?(\\d+\\.\\d+\\.\\d+)",
305
+ },
306
+ {
307
+ name: "Svelte",
308
+ category: "framework",
309
+ detection: {
310
+ global: ["__svelte_meta"],
311
+ dom: ["\\[class^=\"svelte-\"\\]"],
312
+ comment: ["svelte-"],
313
+ },
314
+ versionExtract: "svelte[/v](\\d+\\.\\d+\\.\\d+)",
315
+ },
316
+ {
317
+ name: "SvelteKit",
318
+ category: "framework",
319
+ detection: {
320
+ global: ["__sveltekit"],
321
+ dom: ["#svelte"],
322
+ script: ["/_app/immutable/"],
323
+ },
324
+ },
325
+ {
326
+ name: "Vue.js",
327
+ category: "framework",
328
+ detection: {
329
+ global: ["__vue_app__", "__VUE__", "Vue"],
330
+ dom: ["\\[data-v-[a-f0-9]+\\]", "#app[^\"]*data-v-"],
331
+ script: ["vue[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
332
+ },
333
+ versionExtract: "Vue\\.js v(\\d+\\.\\d+\\.\\d+)",
334
+ },
335
+ {
336
+ name: "Ember.js",
337
+ category: "framework",
338
+ detection: {
339
+ global: ["Ember", "Ember.VERSION", "Em"],
340
+ dom: ["\\[id^=\"ember\"\\]", "\\.ember-view"],
341
+ meta: ["<meta[^>]+name=[\"'].*ember.*[\"']"],
342
+ },
343
+ versionExtract: "Ember[\\s.]+v?(\\d+\\.\\d+\\.\\d+)",
344
+ },
345
+ {
346
+ name: "Preact",
347
+ category: "framework",
348
+ detection: {
349
+ global: ["preact"],
350
+ script: ["preact[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
351
+ },
352
+ versionExtract: "Preact\\s+v?(\\d+\\.\\d+\\.\\d+)",
353
+ },
354
+ {
355
+ name: "Solid.js",
356
+ category: "framework",
357
+ detection: {
358
+ global: ["_$HY"],
359
+ dom: ["\\[data-hk\\]"],
360
+ },
361
+ },
362
+ {
363
+ name: "Alpine.js",
364
+ category: "framework",
365
+ detection: {
366
+ dom: ["\\[x-data\\]", "\\[x-init\\]", "\\[x-show\\]"],
367
+ script: ["alpine[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
368
+ },
369
+ versionExtract: "Alpine\\.js v(\\d+\\.\\d+\\.\\d+)",
370
+ },
371
+ {
372
+ name: "htmx",
373
+ category: "library",
374
+ detection: {
375
+ dom: ["\\[hx-get\\]", "\\[hx-post\\]", "\\[hx-trigger\\]"],
376
+ script: ["htmx[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
377
+ global: ["htmx"],
378
+ },
379
+ versionExtract: "htmx\\.org@v?(\\d+\\.\\d+\\.\\d+)",
380
+ },
381
+ {
382
+ name: "Lit",
383
+ category: "framework",
384
+ detection: {
385
+ global: ["litElementVersions"],
386
+ script: ["lit[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
387
+ },
388
+ },
389
+ {
390
+ name: "Stimulus",
391
+ category: "framework",
392
+ detection: {
393
+ dom: ["\\[data-controller\\]", "\\[data-action\\]", "\\[data-target\\]"],
394
+ script: ["stimulus[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
395
+ },
396
+ },
397
+ {
398
+ name: "Turbo",
399
+ category: "framework",
400
+ detection: {
401
+ dom: ["\\[data-turbo\\]", "turbo-frame", "turbo-stream"],
402
+ global: ["Turbo"],
403
+ },
404
+ },
405
+ {
406
+ name: "Remix",
407
+ category: "framework",
408
+ detection: {
409
+ global: ["__remixContext", "__remixRouteModules"],
410
+ script: ["/build/_shared/"],
411
+ },
412
+ },
413
+ {
414
+ name: "Gatsby",
415
+ category: "framework",
416
+ detection: {
417
+ dom: ["#___gatsby"],
418
+ global: ["___gatsby", "___loader"],
419
+ script: ["/page-data/", "/commons-"],
420
+ },
421
+ },
422
+ {
423
+ name: "Astro",
424
+ category: "framework",
425
+ detection: {
426
+ dom: ["astro-island", "astro-slot"],
427
+ meta: ["<meta[^>]+name=[\"']generator[\"'][^>]+Astro"],
428
+ },
429
+ versionExtract: "Astro v(\\d+\\.\\d+\\.\\d+)",
430
+ },
431
+ {
432
+ name: "Qwik",
433
+ category: "framework",
434
+ detection: {
435
+ dom: ["\\[q:container\\]", "\\[on:qvisible\\]"],
436
+ global: ["qwikCity"],
437
+ },
438
+ },
439
+ // ──────────────────────────────────────────────────
440
+ // Additional Libraries
441
+ // ──────────────────────────────────────────────────
442
+ {
443
+ name: "D3.js",
444
+ category: "library",
445
+ detection: {
446
+ script: ["d3[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
447
+ global: ["d3", "d3.version"],
448
+ },
449
+ versionExtract: "d3 v(\\d+\\.\\d+\\.\\d+)",
450
+ },
451
+ {
452
+ name: "Three.js",
453
+ category: "library",
454
+ detection: {
455
+ script: ["three[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
456
+ global: ["THREE", "THREE.REVISION"],
457
+ },
458
+ versionExtract: "three\\.js r?(\\d+\\.?\\d*\\.?\\d*)",
459
+ },
460
+ {
461
+ name: "Chart.js",
462
+ category: "library",
463
+ detection: {
464
+ script: ["chart[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
465
+ global: ["Chart"],
466
+ },
467
+ versionExtract: "Chart\\.js v(\\d+\\.\\d+\\.\\d+)",
468
+ },
469
+ {
470
+ name: "Socket.IO",
471
+ category: "library",
472
+ detection: {
473
+ script: ["socket\\.io[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
474
+ global: ["io"],
475
+ },
476
+ versionExtract: "socket\\.io[/-]v?(\\d+\\.\\d+\\.\\d+)",
477
+ },
478
+ {
479
+ name: "Leaflet",
480
+ category: "library",
481
+ detection: {
482
+ script: ["leaflet[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
483
+ global: ["L", "L.version"],
484
+ dom: ["\\.leaflet-container"],
485
+ },
486
+ versionExtract: "Leaflet v(\\d+\\.\\d+\\.\\d+)",
487
+ },
488
+ {
489
+ name: "GSAP (GreenSock)",
490
+ category: "library",
491
+ detection: {
492
+ script: ["gsap[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js", "TweenMax", "TweenLite"],
493
+ global: ["gsap", "TweenMax", "TweenLite"],
494
+ },
495
+ versionExtract: "GSAP v?(\\d+\\.\\d+\\.\\d+)",
496
+ },
497
+ {
498
+ name: "Anime.js",
499
+ category: "library",
500
+ detection: {
501
+ script: ["anime[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
502
+ global: ["anime"],
503
+ },
504
+ versionExtract: "anime v(\\d+\\.\\d+\\.\\d+)",
505
+ },
506
+ {
507
+ name: "Swiper",
508
+ category: "library",
509
+ detection: {
510
+ script: ["swiper[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
511
+ global: ["Swiper"],
512
+ dom: ["\\.swiper-container", "\\.swiper-wrapper"],
513
+ },
514
+ },
515
+ {
516
+ name: "Modernizr",
517
+ category: "library",
518
+ detection: {
519
+ script: ["modernizr[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
520
+ global: ["Modernizr"],
521
+ dom: ["\\.no-js"],
522
+ },
523
+ versionExtract: "Modernizr v(\\d+\\.\\d+\\.\\d+)",
524
+ },
525
+ {
526
+ name: "Polyfill.io",
527
+ category: "library",
528
+ detection: {
529
+ script: ["polyfill\\.io/v\\d/polyfill"],
530
+ },
531
+ cves: [
532
+ {
533
+ version: "<=2024.06",
534
+ cve: "CVE-2024-38526",
535
+ description: "Supply chain attack — cdn.polyfill.io domain acquired by malicious actor, serving injected code to all consumers.",
536
+ },
537
+ ],
538
+ },
539
+ {
540
+ name: "RequireJS",
541
+ category: "library",
542
+ detection: {
543
+ script: ["require[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
544
+ global: ["requirejs", "require.version"],
545
+ },
546
+ versionExtract: "RequireJS\\s+v?(\\d+\\.\\d+\\.\\d+)",
547
+ },
548
+ // ──────────────────────────────────────────────────
549
+ // Build Tools & Bundlers
550
+ // ──────────────────────────────────────────────────
551
+ {
552
+ name: "Webpack",
553
+ category: "build-tool",
554
+ detection: {
555
+ global: ["webpackJsonp", "__webpack_require__", "webpackChunk"],
556
+ comment: ["Built with webpack"],
557
+ },
558
+ },
559
+ {
560
+ name: "Vite",
561
+ category: "build-tool",
562
+ detection: {
563
+ global: ["__vite_plugin_react_preamble_installed__"],
564
+ script: ["/@vite/client", "\\.vite/deps/"],
565
+ comment: ["vite"],
566
+ },
567
+ },
568
+ {
569
+ name: "Parcel",
570
+ category: "build-tool",
571
+ detection: {
572
+ global: ["parcelRequire"],
573
+ script: ["/parcel/"],
574
+ },
575
+ },
576
+ {
577
+ name: "Rollup",
578
+ category: "build-tool",
579
+ detection: {
580
+ comment: ["rollup"],
581
+ script: ["/rollup/"],
582
+ },
583
+ },
584
+ {
585
+ name: "esbuild",
586
+ category: "build-tool",
587
+ detection: {
588
+ comment: ["esbuild"],
589
+ },
590
+ },
591
+ {
592
+ name: "SystemJS",
593
+ category: "build-tool",
594
+ detection: {
595
+ global: ["System", "System.register"],
596
+ script: ["system[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js", "s\\.min\\.js"],
597
+ },
598
+ },
599
+ {
600
+ name: "RequireJS / AMD",
601
+ category: "build-tool",
602
+ detection: {
603
+ global: ["define.amd"],
604
+ },
605
+ },
606
+ {
607
+ name: "Turbopack",
608
+ category: "build-tool",
609
+ detection: {
610
+ script: ["/_next/static/chunks/webpack"],
611
+ comment: ["turbopack"],
612
+ },
613
+ },
614
+ // ──────────────────────────────────────────────────
615
+ // Runtimes & Polyfills
616
+ // ──────────────────────────────────────────────────
617
+ {
618
+ name: "Zone.js (Angular)",
619
+ category: "runtime",
620
+ detection: {
621
+ global: ["Zone", "Zone.__symbol__"],
622
+ script: ["zone[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
623
+ },
624
+ },
625
+ {
626
+ name: "core-js",
627
+ category: "runtime",
628
+ detection: {
629
+ global: ["__core-js_shared__"],
630
+ script: ["core-js"],
631
+ },
632
+ },
633
+ {
634
+ name: "RxJS",
635
+ category: "library",
636
+ detection: {
637
+ global: ["rxjs"],
638
+ script: ["rxjs[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
639
+ },
640
+ },
641
+ // ──────────────────────────────────────────────────
642
+ // Analytics & Tag Managers
643
+ // ──────────────────────────────────────────────────
644
+ {
645
+ name: "Google Tag Manager",
646
+ category: "library",
647
+ detection: {
648
+ script: ["googletagmanager\\.com/gtm\\.js", "googletagmanager\\.com/gtag/js"],
649
+ global: ["google_tag_manager", "dataLayer"],
650
+ },
651
+ },
652
+ {
653
+ name: "Google Analytics",
654
+ category: "library",
655
+ detection: {
656
+ script: [
657
+ "google-analytics\\.com/analytics\\.js",
658
+ "google-analytics\\.com/ga\\.js",
659
+ "googletagmanager\\.com/gtag/js",
660
+ ],
661
+ global: ["ga", "gtag", "_gaq"],
662
+ },
663
+ },
664
+ {
665
+ name: "Segment",
666
+ category: "library",
667
+ detection: {
668
+ script: ["cdn\\.segment\\.com/analytics\\.js"],
669
+ global: ["analytics"],
670
+ },
671
+ },
672
+ {
673
+ name: "Hotjar",
674
+ category: "library",
675
+ detection: {
676
+ script: ["static\\.hotjar\\.com"],
677
+ global: ["hj", "_hjSettings"],
678
+ },
679
+ },
680
+ {
681
+ name: "Sentry",
682
+ category: "library",
683
+ detection: {
684
+ script: ["browser\\.sentry-cdn\\.com", "sentry[.-]?(\\d+\\.\\d+\\.\\d+)?(\\.min)?\\.js"],
685
+ global: ["Sentry", "__SENTRY__"],
686
+ },
687
+ versionExtract: "Sentry JavaScript SDK v?(\\d+\\.\\d+\\.\\d+)",
688
+ },
689
+ ];
690
+ //# sourceMappingURL=tech-patterns.js.map