kramscan 0.1.1 → 0.3.0

package/dist/plugins/PluginManager.js

@@ -0,0 +1,166 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.pluginManager = exports.PluginManager = void 0;
+class PluginManager {
+    plugins = new Map();
+    enabledPlugins = new Set();
+    register(plugin) {
+        this.plugins.set(plugin.name, plugin);
+        if (plugin.enabled) {
+            this.enabledPlugins.add(plugin.name);
+        }
+    }
+    unregister(pluginName) {
+        this.enabledPlugins.delete(pluginName);
+        return this.plugins.delete(pluginName);
+    }
+    enable(pluginName) {
+        if (this.plugins.has(pluginName)) {
+            this.enabledPlugins.add(pluginName);
+            return true;
+        }
+        return false;
+    }
+    disable(pluginName) {
+        return this.enabledPlugins.delete(pluginName);
+    }
+    getPlugin(name) {
+        return this.plugins.get(name);
+    }
+    getAllPlugins() {
+        return Array.from(this.plugins.values());
+    }
+    getEnabledPlugins() {
+        return Array.from(this.enabledPlugins)
+            .map(name => this.plugins.get(name))
+            .filter((p) => p !== undefined);
+    }
+    async testParameter(context, param, value) {
+        const results = [];
+        for (const plugin of this.getEnabledPlugins()) {
+            if (!plugin.testParameter)
+                continue;
+            const startTime = Date.now();
+            const vulnerabilities = [];
+            const errors = [];
+            try {
+                const result = await plugin.testParameter(context, param, value);
+                if (result.found && result.vulnerability) {
+                    vulnerabilities.push(result.vulnerability);
+                }
+                if (result.error) {
+                    errors.push({ url: context.url, error: result.error });
+                }
+            }
+            catch (error) {
+                errors.push({
+                    url: context.url,
+                    error: error.message
+                });
+            }
+            results.push({
+                plugin: plugin.name,
+                vulnerabilities,
+                errors,
+                duration: Date.now() - startTime,
+            });
+        }
+        return results;
+    }
+    async testFormInput(context, formData) {
+        const results = [];
+        for (const plugin of this.getEnabledPlugins()) {
+            if (!plugin.testFormInput)
+                continue;
+            const startTime = Date.now();
+            const vulnerabilities = [];
+            const errors = [];
+            try {
+                const result = await plugin.testFormInput(context, formData);
+                if (result.found && result.vulnerability) {
+                    vulnerabilities.push(result.vulnerability);
+                }
+                if (result.error) {
+                    errors.push({ url: context.url, error: result.error });
+                }
+            }
+            catch (error) {
+                errors.push({
+                    url: context.url,
+                    error: error.message
+                });
+            }
+            results.push({
+                plugin: plugin.name,
+                vulnerabilities,
+                errors,
+                duration: Date.now() - startTime,
+            });
+        }
+        return results;
+    }
+    async analyzeContent(context, content) {
+        const results = [];
+        for (const plugin of this.getEnabledPlugins()) {
+            if (!plugin.analyzeContent)
+                continue;
+            const startTime = Date.now();
+            const errors = [];
+            try {
+                const vulnerabilities = await plugin.analyzeContent(context, content);
+                results.push({
+                    plugin: plugin.name,
+                    vulnerabilities,
+                    errors,
+                    duration: Date.now() - startTime,
+                });
+            }
+            catch (error) {
+                errors.push({
+                    url: context.url,
+                    error: error.message
+                });
+                results.push({
+                    plugin: plugin.name,
+                    vulnerabilities: [],
+                    errors,
+                    duration: Date.now() - startTime,
+                });
+            }
+        }
+        return results;
+    }
+    async analyzeHeaders(context, headers) {
+        const results = [];
+        for (const plugin of this.getEnabledPlugins()) {
+            if (!plugin.analyzeHeaders)
+                continue;
+            const startTime = Date.now();
+            const errors = [];
+            try {
+                const vulnerabilities = await plugin.analyzeHeaders(context, headers);
+                results.push({
+                    plugin: plugin.name,
+                    vulnerabilities,
+                    errors,
+                    duration: Date.now() - startTime,
+                });
+            }
+            catch (error) {
+                errors.push({
+                    url: context.url,
+                    error: error.message
+                });
+                results.push({
+                    plugin: plugin.name,
+                    vulnerabilities: [],
+                    errors,
+                    duration: Date.now() - startTime,
+                });
+            }
+        }
+        return results;
+    }
+}
+exports.PluginManager = PluginManager;
+exports.pluginManager = new PluginManager();

package/dist/plugins/index.d.ts

@@ -0,0 +1,12 @@
+export { VulnerabilityPlugin, PluginContext, BaseVulnerabilityPlugin, VulnerabilityTestResult, FormData } from "./types";
+export { PluginManager, PluginExecutionResult, pluginManager } from "./PluginManager";
+export { XSSPlugin } from "./vulnerabilities/XSSPlugin";
+export { SQLInjectionPlugin } from "./vulnerabilities/SQLInjectionPlugin";
+export { SecurityHeadersPlugin } from "./vulnerabilities/SecurityHeadersPlugin";
+export { SensitiveDataPlugin } from "./vulnerabilities/SensitiveDataPlugin";
+export { CSRFPlugin } from "./vulnerabilities/CSRFPlugin";
+export { CORSAnalyzerPlugin } from "./vulnerabilities/CORSAnalyzerPlugin";
+export { DebugEndpointPlugin } from "./vulnerabilities/DebugEndpointPlugin";
+export { DirectoryTraversalPlugin } from "./vulnerabilities/DirectoryTraversalPlugin";
+export { CookieSecurityPlugin } from "./vulnerabilities/CookieSecurityPlugin";
+export { OpenRedirectPlugin } from "./vulnerabilities/OpenRedirectPlugin";

package/dist/plugins/index.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenRedirectPlugin = exports.CookieSecurityPlugin = exports.DirectoryTraversalPlugin = exports.DebugEndpointPlugin = exports.CORSAnalyzerPlugin = exports.CSRFPlugin = exports.SensitiveDataPlugin = exports.SecurityHeadersPlugin = exports.SQLInjectionPlugin = exports.XSSPlugin = exports.pluginManager = exports.PluginManager = exports.BaseVulnerabilityPlugin = void 0;
+var types_1 = require("./types");
+Object.defineProperty(exports, "BaseVulnerabilityPlugin", { enumerable: true, get: function () { return types_1.BaseVulnerabilityPlugin; } });
+var PluginManager_1 = require("./PluginManager");
+Object.defineProperty(exports, "PluginManager", { enumerable: true, get: function () { return PluginManager_1.PluginManager; } });
+Object.defineProperty(exports, "pluginManager", { enumerable: true, get: function () { return PluginManager_1.pluginManager; } });
+// Vulnerability plugins
+var XSSPlugin_1 = require("./vulnerabilities/XSSPlugin");
+Object.defineProperty(exports, "XSSPlugin", { enumerable: true, get: function () { return XSSPlugin_1.XSSPlugin; } });
+var SQLInjectionPlugin_1 = require("./vulnerabilities/SQLInjectionPlugin");
+Object.defineProperty(exports, "SQLInjectionPlugin", { enumerable: true, get: function () { return SQLInjectionPlugin_1.SQLInjectionPlugin; } });
+var SecurityHeadersPlugin_1 = require("./vulnerabilities/SecurityHeadersPlugin");
+Object.defineProperty(exports, "SecurityHeadersPlugin", { enumerable: true, get: function () { return SecurityHeadersPlugin_1.SecurityHeadersPlugin; } });
+var SensitiveDataPlugin_1 = require("./vulnerabilities/SensitiveDataPlugin");
+Object.defineProperty(exports, "SensitiveDataPlugin", { enumerable: true, get: function () { return SensitiveDataPlugin_1.SensitiveDataPlugin; } });
+var CSRFPlugin_1 = require("./vulnerabilities/CSRFPlugin");
+Object.defineProperty(exports, "CSRFPlugin", { enumerable: true, get: function () { return CSRFPlugin_1.CSRFPlugin; } });
+var CORSAnalyzerPlugin_1 = require("./vulnerabilities/CORSAnalyzerPlugin");
+Object.defineProperty(exports, "CORSAnalyzerPlugin", { enumerable: true, get: function () { return CORSAnalyzerPlugin_1.CORSAnalyzerPlugin; } });
+var DebugEndpointPlugin_1 = require("./vulnerabilities/DebugEndpointPlugin");
+Object.defineProperty(exports, "DebugEndpointPlugin", { enumerable: true, get: function () { return DebugEndpointPlugin_1.DebugEndpointPlugin; } });
+var DirectoryTraversalPlugin_1 = require("./vulnerabilities/DirectoryTraversalPlugin");
+Object.defineProperty(exports, "DirectoryTraversalPlugin", { enumerable: true, get: function () { return DirectoryTraversalPlugin_1.DirectoryTraversalPlugin; } });
+var CookieSecurityPlugin_1 = require("./vulnerabilities/CookieSecurityPlugin");
+Object.defineProperty(exports, "CookieSecurityPlugin", { enumerable: true, get: function () { return CookieSecurityPlugin_1.CookieSecurityPlugin; } });
+var OpenRedirectPlugin_1 = require("./vulnerabilities/OpenRedirectPlugin");
+Object.defineProperty(exports, "OpenRedirectPlugin", { enumerable: true, get: function () { return OpenRedirectPlugin_1.OpenRedirectPlugin; } });

package/dist/plugins/types.d.ts

@@ -0,0 +1,55 @@
+import { Page } from "puppeteer";
+import { Vulnerability, VulnerabilityType, Severity } from "../core/vulnerability-detector";
+export interface PluginContext {
+    page: Page;
+    url: string;
+    baseUrl: string;
+    timeout: number;
+    userAgent: string;
+    payloadGenerator?: any;
+}
+export interface VulnerabilityTestResult {
+    found: boolean;
+    vulnerability?: Vulnerability;
+    error?: string;
+}
+export interface VulnerabilityPlugin {
+    readonly name: string;
+    readonly type: VulnerabilityType;
+    readonly description: string;
+    readonly enabled: boolean;
+    /**
+     * Test a URL parameter for this vulnerability
+     */
+    testParameter?(context: PluginContext, param: string, value: string): Promise<VulnerabilityTestResult>;
+    /**
+     * Test a form input for this vulnerability
+     */
+    testFormInput?(context: PluginContext, formData: FormData): Promise<VulnerabilityTestResult>;
+    /**
+     * Analyze page content for this vulnerability
+     */
+    analyzeContent?(context: PluginContext, content: string): Promise<Vulnerability[]>;
+    /**
+     * Analyze HTTP headers for this vulnerability
+     */
+    analyzeHeaders?(context: PluginContext, headers: Record<string, string>): Promise<Vulnerability[]>;
+}
+export interface FormData {
+    action: string;
+    method: string;
+    inputs: Array<{
+        name: string;
+        type: string;
+        value?: string;
+    }>;
+}
+export declare abstract class BaseVulnerabilityPlugin implements VulnerabilityPlugin {
+    abstract readonly name: string;
+    abstract readonly type: VulnerabilityType;
+    abstract readonly description: string;
+    enabled: boolean;
+    protected createVulnerability(title: string, description: string, url: string, severity: Severity, evidence?: string, remediation?: string, cwe?: string): Vulnerability;
+    protected success(vulnerability: Vulnerability): VulnerabilityTestResult;
+    protected failure(error?: string): VulnerabilityTestResult;
+}

package/dist/plugins/types.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseVulnerabilityPlugin = void 0;
+class BaseVulnerabilityPlugin {
+    enabled = true;
+    createVulnerability(title, description, url, severity, evidence, remediation, cwe) {
+        return {
+            type: this.type,
+            severity,
+            title,
+            description,
+            url,
+            evidence,
+            remediation,
+            cwe,
+        };
+    }
+    success(vulnerability) {
+        return { found: true, vulnerability };
+    }
+    failure(error) {
+        return { found: false, error };
+    }
+}
+exports.BaseVulnerabilityPlugin = BaseVulnerabilityPlugin;

package/dist/plugins/vulnerabilities/CORSAnalyzerPlugin.d.ts

@@ -0,0 +1,10 @@
+import { BaseVulnerabilityPlugin, PluginContext } from "../types";
+import { Vulnerability } from "../../core/vulnerability-detector";
+export declare class CORSAnalyzerPlugin extends BaseVulnerabilityPlugin {
+    readonly name = "CORS Analyzer";
+    readonly type: "header";
+    readonly description = "Detects overly permissive Cross-Origin Resource Sharing configurations";
+    private readonly reportedHosts;
+    analyzeHeaders(context: PluginContext, headers: Record<string, string>): Promise<Vulnerability[]>;
+    reset(): void;
+}

package/dist/plugins/vulnerabilities/CORSAnalyzerPlugin.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CORSAnalyzerPlugin = void 0;
+const types_1 = require("../types");
+class CORSAnalyzerPlugin extends types_1.BaseVulnerabilityPlugin {
+    name = "CORS Analyzer";
+    type = "header";
+    description = "Detects overly permissive Cross-Origin Resource Sharing configurations";
+    reportedHosts = new Set();
+    async analyzeHeaders(context, headers) {
+        const host = new URL(context.url).host;
+        // Only report once per host
+        if (this.reportedHosts.has(host)) {
+            return [];
+        }
+        const vulnerabilities = [];
+        const acao = headers["access-control-allow-origin"];
+        const acac = headers["access-control-allow-credentials"];
+        const acam = headers["access-control-allow-methods"];
+        const acah = headers["access-control-allow-headers"];
+        // Check for wildcard origin
+        if (acao === "*") {
+            vulnerabilities.push(this.createVulnerability("CORS: Wildcard Origin Allowed", `The server at ${host} allows requests from any origin (Access-Control-Allow-Origin: *). ` +
+                `This can expose sensitive data to malicious third-party websites.`, context.url, "medium", `Access-Control-Allow-Origin: *`, "Restrict Access-Control-Allow-Origin to trusted domains only. " +
+                "Use a whitelist of allowed origins instead of the wildcard *.", "CWE-942"));
+        }
+        // Check for wildcard with credentials (very dangerous)
+        if (acao === "*" && acac?.toLowerCase() === "true") {
+            vulnerabilities.push(this.createVulnerability("CORS: Wildcard Origin with Credentials", `The server at ${host} allows any origin AND sends credentials. ` +
+                `This is a critical misconfiguration that can lead to complete session hijacking.`, context.url, "critical", `Access-Control-Allow-Origin: * with Access-Control-Allow-Credentials: true`, "Never combine wildcard origin with credentials. " +
+                "Validate the Origin header against a strict whitelist and reflect only trusted origins.", "CWE-942"));
+        }
+        // Check if origin is reflected without validation (test with a probe)
+        if (acao && acao !== "*" && acao !== "null") {
+            // If the ACAO reflects back what looks like an origin, it might be reflecting without validation
+            const isLikelyReflecting = acao.includes("://") && !acao.includes(host);
+            if (isLikelyReflecting && acac?.toLowerCase() === "true") {
+                vulnerabilities.push(this.createVulnerability("CORS: Origin Reflection with Credentials", `The server at ${host} appears to reflect the Origin header value while also allowing credentials. ` +
+                    `An attacker can make authenticated requests from any origin.`, context.url, "high", `Access-Control-Allow-Origin: ${acao}, Access-Control-Allow-Credentials: true`, "Validate the Origin header against a strict whitelist of trusted domains. " +
+                    "Never blindly reflect the Origin header.", "CWE-942"));
+            }
+        }
+        // Check for null origin allowed (can be exploited via sandboxed iframes)
+        if (acao === "null") {
+            vulnerabilities.push(this.createVulnerability("CORS: Null Origin Allowed", `The server at ${host} accepts the 'null' origin. ` +
+                `Attackers can exploit this using sandboxed iframes or data URIs.`, context.url, "medium", `Access-Control-Allow-Origin: null`, "Do not allow the 'null' origin. Sandboxed iframes and redirects can send Origin: null.", "CWE-942"));
+        }
+        // Check for dangerous methods
+        if (acam) {
+            const dangerousMethods = ["PUT", "DELETE", "PATCH"];
+            const allowedMethods = acam.toUpperCase().split(",").map(m => m.trim());
+            const exposed = dangerousMethods.filter(m => allowedMethods.includes(m));
+            if (exposed.length > 0 && acao === "*") {
+                vulnerabilities.push(this.createVulnerability("CORS: Dangerous Methods with Wildcard Origin", `The server at ${host} allows ${exposed.join(", ")} methods from any origin. ` +
+                    `This could allow unauthorized data modification from third-party sites.`, context.url, "high", `Access-Control-Allow-Methods: ${acam}; Access-Control-Allow-Origin: *`, "Restrict allowed methods to those actually needed, and never combine with wildcard origin.", "CWE-942"));
+            }
+        }
+        if (vulnerabilities.length > 0) {
+            this.reportedHosts.add(host);
+        }
+        return vulnerabilities;
+    }
+    reset() {
+        this.reportedHosts.clear();
+    }
+}
+exports.CORSAnalyzerPlugin = CORSAnalyzerPlugin;

package/dist/plugins/vulnerabilities/CSRFPlugin.d.ts

@@ -0,0 +1,8 @@
+import { BaseVulnerabilityPlugin, PluginContext } from "../types";
+export declare class CSRFPlugin extends BaseVulnerabilityPlugin {
+    readonly name = "CSRF Detector";
+    readonly type: "csrf";
+    readonly description = "Detects missing CSRF protection in forms";
+    private readonly csrfTokenPatterns;
+    analyzeContent(context: PluginContext, content: string): Promise<import("../../core/vulnerability-detector").Vulnerability[]>;
+}

package/dist/plugins/vulnerabilities/CSRFPlugin.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CSRFPlugin = void 0;
+const types_1 = require("../types");
+class CSRFPlugin extends types_1.BaseVulnerabilityPlugin {
+    name = "CSRF Detector";
+    type = "csrf";
+    description = "Detects missing CSRF protection in forms";
+    csrfTokenPatterns = [
+        'name="csrf',
+        'name="_token',
+        'name="authenticity_token',
+        'name="_csrf',
+    ];
+    async analyzeContent(context, content) {
+        // Look for forms in the content
+        const formRegex = /<form[^>]*>([\s\S]*?)<\/form>/gi;
+        const forms = content.match(formRegex);
+        if (!forms)
+            return [];
+        const vulnerabilities = [];
+        for (const form of forms) {
+            const hasCSRFToken = this.csrfTokenPatterns.some(pattern => form.toLowerCase().includes(pattern.toLowerCase()));
+            if (!hasCSRFToken) {
+                // Extract form action for better reporting
+                const actionMatch = form.match(/action=["']([^"']*)["']/i);
+                const action = actionMatch ? actionMatch[1] : context.url;
+                vulnerabilities.push(this.createVulnerability("Missing CSRF Protection", "Form lacks CSRF tokens. Attackers can forge requests to perform unauthorized actions.", new URL(action, context.url).toString(), "medium", "Form HTML does not contain CSRF token", "Implement anti-CSRF tokens. Use SameSite cookies.", "CWE-352"));
+            }
+        }
+        return vulnerabilities;
+    }
+}
+exports.CSRFPlugin = CSRFPlugin;

package/dist/plugins/vulnerabilities/CookieSecurityPlugin.d.ts

@@ -0,0 +1,10 @@
+import { BaseVulnerabilityPlugin, PluginContext } from "../types";
+import { Vulnerability } from "../../core/vulnerability-detector";
+export declare class CookieSecurityPlugin extends BaseVulnerabilityPlugin {
+    readonly name = "Cookie Security Auditor";
+    readonly type: "header";
+    readonly description = "Audits cookies for missing security flags (HttpOnly, Secure, SameSite)";
+    private readonly reportedCookies;
+    analyzeHeaders(context: PluginContext, headers: Record<string, string>): Promise<Vulnerability[]>;
+    reset(): void;
+}

package/dist/plugins/vulnerabilities/CookieSecurityPlugin.js

@@ -0,0 +1,91 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CookieSecurityPlugin = void 0;
+const types_1 = require("../types");
+class CookieSecurityPlugin extends types_1.BaseVulnerabilityPlugin {
+    name = "Cookie Security Auditor";
+    type = "header";
+    description = "Audits cookies for missing security flags (HttpOnly, Secure, SameSite)";
+    reportedCookies = new Set();
+    async analyzeHeaders(context, headers) {
+        const vulnerabilities = [];
+        const host = new URL(context.url).host;
+        // Collect all set-cookie headers
+        const setCookieHeader = headers["set-cookie"];
+        if (!setCookieHeader)
+            return [];
+        // set-cookie headers might be combined with newlines in some scenarios
+        const cookies = setCookieHeader.split(/,(?=[^;]*=)/g).map(c => c.trim());
+        for (const cookie of cookies) {
+            const cookieName = cookie.split("=")[0]?.trim();
+            if (!cookieName)
+                continue;
+            const cookieKey = `${host}:${cookieName}`;
+            if (this.reportedCookies.has(cookieKey))
+                continue;
+            const cookieLower = cookie.toLowerCase();
+            const issues = [];
+            // Check HttpOnly flag
+            if (!cookieLower.includes("httponly")) {
+                issues.push("Missing HttpOnly flag (vulnerable to XSS cookie theft)");
+            }
+            // Check Secure flag
+            if (!cookieLower.includes("secure")) {
+                issues.push("Missing Secure flag (cookie sent over HTTP)");
+            }
+            // Check SameSite attribute
+            if (!cookieLower.includes("samesite")) {
+                issues.push("Missing SameSite attribute (vulnerable to CSRF)");
+            }
+            else if (cookieLower.includes("samesite=none")) {
+                if (!cookieLower.includes("secure")) {
+                    issues.push("SameSite=None without Secure flag (browser will reject)");
+                }
+                issues.push("SameSite=None allows cross-site requests (verify this is intentional)");
+            }
+            // Check for session-like cookies with missing flags
+            const isSessionCookie = /^(sess|session|sid|token|auth|jwt|csrf|xsrf|connect\.sid|phpsessid|jsessionid|asp\.net_sessionid)/i.test(cookieName);
+            if (issues.length > 0) {
+                const severity = isSessionCookie
+                    ? (issues.some(i => i.includes("HttpOnly")) ? "high" : "medium")
+                    : "low";
+                this.reportedCookies.add(cookieKey);
+                vulnerabilities.push(this.createVulnerability(`Insecure Cookie: ${cookieName}`, `The cookie '${cookieName}' on ${host} has security issues:\n` +
+                    issues.map(i => `  • ${i}`).join("\n"), context.url, severity, `Set-Cookie: ${cookie.substring(0, 200)}`, "Set all cookies with: HttpOnly (prevents JS access), " +
+                    "Secure (HTTPS only), SameSite=Lax or Strict (CSRF protection). " +
+                    "Example: Set-Cookie: session=abc; HttpOnly; Secure; SameSite=Lax; Path=/", "CWE-614"));
+            }
+            // Check for overly broad domain
+            const domainMatch = cookie.match(/domain=([^;]+)/i);
+            if (domainMatch) {
+                const domain = domainMatch[1].trim();
+                if (domain.startsWith(".") && domain.split(".").length <= 2) {
+                    this.reportedCookies.add(cookieKey + ":domain");
+                    vulnerabilities.push(this.createVulnerability(`Cookie Domain Too Broad: ${cookieName}`, `The cookie '${cookieName}' has domain set to '${domain}', which allows ` +
+                        `any subdomain to read this cookie. This increases the attack surface.`, context.url, "low", `Domain=${domain}`, "Set the cookie domain to the most specific subdomain possible.", "CWE-1275"));
+                }
+            }
+            // Check for missing expiry on session cookies (persistent session)
+            if (isSessionCookie && !cookieLower.includes("expires") && !cookieLower.includes("max-age")) {
+                // This is actually good practice (session cookie dies with browser close)
+                // But if there's _no_ expiry and it's NOT a session cookie, flag it
+            }
+            else if (isSessionCookie && cookieLower.includes("max-age")) {
+                const maxAgeMatch = cookie.match(/max-age=(\d+)/i);
+                if (maxAgeMatch) {
+                    const maxAge = parseInt(maxAgeMatch[1], 10);
+                    const thirtyDays = 30 * 24 * 60 * 60;
+                    if (maxAge > thirtyDays) {
+                        vulnerabilities.push(this.createVulnerability(`Long-Lived Session Cookie: ${cookieName}`, `The session cookie '${cookieName}' has a very long lifetime (${Math.round(maxAge / 86400)} days). ` +
+                            `Long-lived session tokens increase the window for token theft.`, context.url, "low", `Max-Age=${maxAge} (${Math.round(maxAge / 86400)} days)`, "Set session cookie lifetime to the minimum needed (e.g., 24 hours for most apps).", "CWE-613"));
+                    }
+                }
+            }
+        }
+        return vulnerabilities;
+    }
+    reset() {
+        this.reportedCookies.clear();
+    }
+}
+exports.CookieSecurityPlugin = CookieSecurityPlugin;

package/dist/plugins/vulnerabilities/DebugEndpointPlugin.d.ts

@@ -0,0 +1,15 @@
+import { BaseVulnerabilityPlugin, PluginContext } from "../types";
+import { Vulnerability } from "../../core/vulnerability-detector";
+export declare class DebugEndpointPlugin extends BaseVulnerabilityPlugin {
+    readonly name = "Debug Endpoint Detector";
+    readonly type: "info";
+    readonly description = "Probes for common debug, admin, and development endpoints left exposed";
+    private readonly reportedPaths;
+    /**
+     * Common debug/dev endpoints that developers forget to disable before deployment.
+     * Each entry has a path, a human-readable name, and expected severity.
+     */
+    private readonly debugEndpoints;
+    analyzeContent(context: PluginContext, content: string): Promise<Vulnerability[]>;
+    reset(): void;
+}