kramscan 0.2.0 → 0.3.1

package/dist/commands/report.js

@@ -8,6 +8,8 @@ const chalk_1 = __importDefault(require("chalk"));
 const docx_1 = require("docx");
 const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const inquirer_1 = __importDefault(require("inquirer"));
 const config_1 = require("../core/config");
 const scan_storage_1 = require("../core/scan-storage");
 const ai_client_1 = require("../core/ai-client");
@@ -16,7 +18,7 @@ function registerReportCommand(program) {
     program
         .command("report [scan-file]")
         .description("Generate a professional security report")
-        .option("-f, --format <type>", "Report format: word|json|txt")
+        .option("-f, --format <type>", "Report format: word|json|txt|markdown")
         .option("-o, --output <file>", "Output filename")
         .option("--ai-summary", "Generate an AI-powered executive summary")
         .action(async (scanFile, options) => {
@@ -34,7 +36,10 @@ function registerReportCommand(program) {
             const content = await promises_1.default.readFile(filepath, "utf-8");
             const scanResult = JSON.parse(content);
             const config = await (0, config_1.getConfig)();
-            const format = (options.format || config.report.defaultFormat);
+            let format = (options.format || config.report.defaultFormat);
+            if (!options.format && !config.report.defaultFormat) {
+                format = "markdown";
+            }
             let aiSummary;
             if (options.aiSummary) {
                 spinner = logger_1.logger.spinner("Generating AI executive summary...");
@@ -47,17 +52,42 @@ function registerReportCommand(program) {
                     spinner.warn(`AI summary failed: ${err.message}`);
                 }
             }
+            let outputDir = "";
+            if (!options.output) {
+                const { location } = await inquirer_1.default.prompt([
+                    {
+                        type: "list",
+                        name: "location",
+                        message: "Where should the report be saved?",
+                        choices: [
+                            { name: "Current Project Directory (./)", value: "cwd" },
+                            { name: "Desktop", value: "desktop" },
+                            { name: "Default Reports Directory (~/.kramscan/reports/)", value: "default" }
+                        ]
+                    }
+                ]);
+                if (location === "cwd") {
+                    outputDir = process.cwd();
+                }
+                else if (location === "desktop") {
+                    outputDir = path_1.default.join(os_1.default.homedir(), "Desktop");
+                }
+            }
             spinner = logger_1.logger.spinner(`Generating ${format.toUpperCase()} report...`);
             let outputPath;
             switch (format) {
                 case "word":
-                    outputPath = await generateWordReport(scanResult, options.output, aiSummary);
+                    outputPath = await generateWordReport(scanResult, options.output, aiSummary, outputDir);
                     break;
                 case "json":
-                    outputPath = await generateJsonReport(scanResult, options.output, aiSummary);
+                    outputPath = await generateJsonReport(scanResult, options.output, aiSummary, outputDir);
                     break;
                 case "txt":
-                    outputPath = await generateTxtReport(scanResult, options.output, aiSummary);
+                    outputPath = await generateTxtReport(scanResult, options.output, aiSummary, outputDir);
+                    break;
+                case "markdown":
+                case "md":
+                    outputPath = await generateMarkdownReport(scanResult, options.output, aiSummary, outputDir);
                     break;
                 default:
                     throw new Error(`Unsupported format: ${format}`);
@@ -76,7 +106,7 @@ function registerReportCommand(program) {
         }
     });
 }
-async function generateWordReport(scanResult, outputFile, aiSummary) {
+async function generateWordReport(scanResult, outputFile, aiSummary, outputDir) {
     const doc = new docx_1.Document({
         sections: [
             {
@@ -145,15 +175,15 @@ async function generateWordReport(scanResult, outputFile, aiSummary) {
         ],
     });
     const buffer = await docx_1.Packer.toBuffer(doc);
-    const reportsDir = await (0, scan_storage_1.ensureReportsDirectory)();
+    const reportsDir = outputDir || await (0, scan_storage_1.ensureReportsDirectory)();
     const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
     const filename = outputFile || `report-${timestamp}.docx`;
     const filepath = path_1.default.isAbsolute(filename) ? filename : path_1.default.join(reportsDir, filename);
     await promises_1.default.writeFile(filepath, buffer);
     return filepath;
 }
-async function generateJsonReport(scanResult, outputFile, aiSummary) {
-    const reportsDir = await (0, scan_storage_1.ensureReportsDirectory)();
+async function generateJsonReport(scanResult, outputFile, aiSummary, outputDir) {
+    const reportsDir = outputDir || await (0, scan_storage_1.ensureReportsDirectory)();
     const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
     const filename = outputFile || `report-${timestamp}.json`;
     const filepath = path_1.default.isAbsolute(filename) ? filename : path_1.default.join(reportsDir, filename);
@@ -161,7 +191,7 @@ async function generateJsonReport(scanResult, outputFile, aiSummary) {
     await promises_1.default.writeFile(filepath, JSON.stringify(finalResult, null, 2));
     return filepath;
 }
-async function generateTxtReport(scanResult, outputFile, aiSummary) {
+async function generateTxtReport(scanResult, outputFile, aiSummary, outputDir) {
     const lines = [];
     lines.push("=".repeat(60));
     lines.push("SECURITY ASSESSMENT REPORT");
@@ -208,10 +238,58 @@ async function generateTxtReport(scanResult, outputFile, aiSummary) {
     lines.push("=".repeat(60));
     lines.push("End of Report");
     lines.push("=".repeat(60));
-    const reportsDir = await (0, scan_storage_1.ensureReportsDirectory)();
+    const reportsDir = outputDir || await (0, scan_storage_1.ensureReportsDirectory)();
     const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
     const filename = outputFile || `report-${timestamp}.txt`;
     const filepath = path_1.default.isAbsolute(filename) ? filename : path_1.default.join(reportsDir, filename);
     await promises_1.default.writeFile(filepath, lines.join("\n"));
     return filepath;
 }
+async function generateMarkdownReport(scanResult, outputFile, aiSummary, outputDir) {
+    const lines = [];
+    lines.push("# Security Assessment Report");
+    lines.push("");
+    lines.push(`**Target:** \`${scanResult.target}\``);
+    lines.push(`**Date:** ${new Date(scanResult.timestamp).toLocaleString()}`);
+    lines.push(`**Duration:** ${(scanResult.duration / 1000).toFixed(2)}s`);
+    lines.push("");
+    lines.push("## Executive Summary");
+    if (aiSummary) {
+        lines.push(aiSummary);
+    }
+    else {
+        lines.push(`Total Vulnerabilities: **${scanResult.summary.total}** (${scanResult.summary.critical} Critical, ${scanResult.summary.high} High, ${scanResult.summary.medium} Medium, ${scanResult.summary.low} Low, ${scanResult.summary.info} Info)`);
+    }
+    lines.push("");
+    lines.push("## Scan Statistics");
+    lines.push(`- **URLs Crawled:** ${scanResult.metadata.crawledUrls}`);
+    lines.push(`- **Forms Tested:** ${scanResult.metadata.testedForms}`);
+    lines.push(`- **Requests Made:** ${scanResult.metadata.requestsMade}`);
+    lines.push("");
+    lines.push("## Detailed Findings");
+    lines.push("");
+    scanResult.vulnerabilities.forEach((vuln, index) => {
+        lines.push(`### ${index + 1}. ${vuln.title} [${vuln.severity.toUpperCase()}]`);
+        lines.push(`- **URL:** \`${vuln.url}\``);
+        lines.push(`- **Type:** ${vuln.type}`);
+        lines.push(`- **Description:** ${vuln.description}`);
+        if (vuln.evidence) {
+            lines.push(`- **Evidence:** \`${vuln.evidence}\``);
+        }
+        if (vuln.remediation) {
+            lines.push(`- **Remediation:** ${vuln.remediation}`);
+        }
+        if (vuln.cwe) {
+            lines.push(`- **CWE:** ${vuln.cwe}`);
+        }
+        lines.push("");
+    });
+    lines.push("---");
+    lines.push("*Generated by KramScan*");
+    const reportsDir = outputDir || await (0, scan_storage_1.ensureReportsDirectory)();
+    const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
+    const filename = outputFile || `report-${timestamp}.md`;
+    const filepath = path_1.default.isAbsolute(filename) ? filename : path_1.default.join(reportsDir, filename);
+    await promises_1.default.writeFile(filepath, lines.join("\n"));
+    return filepath;
+}

package/dist/commands/scan.js

@@ -71,6 +71,9 @@ function registerScanCommand(program) {
             console.log(theme_1.theme.gray("─".repeat(50)));
             console.log("");
         }
+        if (!/^https?:\/\//i.test(url)) {
+            url = `http://${url}`;
+        }
         // Validate URL
         try {
             new URL(url);
@@ -226,6 +229,7 @@ function registerScanCommand(program) {
                 metadata: result.metadata,
                 summary: result.summary,
                 vulnerabilities: result.vulnerabilities,
+                score: result.score,
                 filepath,
                 pdfPath,
             });
@@ -272,6 +276,7 @@ function registerScanCommand(program) {
                         choices: [
                             { name: "🧠  Analyze findings with AI", value: "analyze" },
                             { name: "📄  Generate a professional report", value: "report" },
+                            { name: "🤖  Generate AI-ready Markdown report for fixing issues", value: "markdown" },
                             { name: "👋  Exit to main menu", value: "exit" }
                         ]
                     }
@@ -288,6 +293,12 @@ function registerScanCommand(program) {
                     registerReportCommand(reportProgram);
                     await reportProgram.parseAsync(["node", "kramscan", "report", filepath]);
                 }
+                else if (nextAction === "markdown") {
+                    const { registerReportCommand } = await Promise.resolve().then(() => __importStar(require("./report")));
+                    const reportProgram = new commander_1.Command();
+                    registerReportCommand(reportProgram);
+                    await reportProgram.parseAsync(["node", "kramscan", "report", filepath, "-f", "markdown"]);
+                }
             }
         }
         catch (error) {

package/dist/commands/scans.js

@@ -30,6 +30,10 @@ function registerScansCommand(program) {
                 console.log(chalk_1.default.gray("  PDF :"), chalk_1.default.white(entry.pdfPath));
             }
             console.log(chalk_1.default.gray("  Findings:"), chalk_1.default.white(`${entry.summary.total} total (${entry.summary.critical}C ${entry.summary.high}H ${entry.summary.medium}M ${entry.summary.low}L ${entry.summary.info}I)`));
+            if (entry.score !== undefined) {
+                const scoreColor = entry.score > 80 ? chalk_1.default.green : (entry.score > 50 ? chalk_1.default.yellow : chalk_1.default.red);
+                console.log(chalk_1.default.gray("  Score   :"), scoreColor(`${entry.score}/100`));
+            }
             console.log("");
         }
     });

package/dist/core/config-schema.js

@@ -39,7 +39,7 @@ exports.ConfigSchema = zod_1.z.object({
     scan: zod_1.z.object({
         defaultTimeout: zod_1.z.number().int().min(1000).default(30000),
         maxThreads: zod_1.z.number().int().min(1).max(20).default(5),
-        userAgent: zod_1.z.string().default("KramScan/0.1.1"),
+        userAgent: zod_1.z.string().default("KramScan/0.2.0"),
         followRedirects: zod_1.z.boolean().default(true),
         verifySSL: zod_1.z.boolean().default(true),
         rateLimitPerSecond: zod_1.z.number().int().min(1).max(100).default(5),

package/dist/core/config.js

@@ -64,7 +64,7 @@ const defaults = {
         enabled: false,
     },
     scan: {
-        defaultTimeout: 60,
+        defaultTimeout: 30000,
         maxThreads: 5,
         userAgent: `KramScan/${theme_1.CLI_VERSION}`,
         followRedirects: true,
@@ -81,8 +81,8 @@ const defaults = {
         severityThreshold: "low",
     },
     skills: {
-        sqli: { enabled: true, timeout: 120 },
-        xss: { enabled: true, timeout: 90 },
+        sqli: { enabled: true, timeout: 120000 },
+        xss: { enabled: true, timeout: 90000 },
         headers: { enabled: true },
         csrf: { enabled: true },
         idor: { enabled: true },

package/dist/core/diff-engine.d.ts

@@ -0,0 +1,12 @@
+import { Vulnerability, ScanResult } from "./vulnerability-detector";
+export interface ScanDiff {
+    newVulnerabilities: Vulnerability[];
+    resolvedVulnerabilities: Vulnerability[];
+    unchangedCount: number;
+    previousTotal: number;
+    currentTotal: number;
+}
+/**
+ * Compares two scan results and produces a diff of new and resolved vulnerabilities.
+ */
+export declare function diffScanResults(previous: ScanResult, current: ScanResult): ScanDiff;

package/dist/core/diff-engine.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.diffScanResults = diffScanResults;
+/**
+ * Creates a unique fingerprint for a vulnerability to enable comparison.
+ */
+function vulnFingerprint(v) {
+    return `${v.type}:${v.severity}:${v.title}:${new URL(v.url).pathname}`;
+}
+/**
+ * Compares two scan results and produces a diff of new and resolved vulnerabilities.
+ */
+function diffScanResults(previous, current) {
+    const prevFingerprints = new Map();
+    const currFingerprints = new Map();
+    for (const v of previous.vulnerabilities) {
+        prevFingerprints.set(vulnFingerprint(v), v);
+    }
+    for (const v of current.vulnerabilities) {
+        currFingerprints.set(vulnFingerprint(v), v);
+    }
+    const newVulnerabilities = [];
+    const resolvedVulnerabilities = [];
+    let unchangedCount = 0;
+    // Find new vulnerabilities (in current but not in previous)
+    for (const [fp, vuln] of currFingerprints) {
+        if (!prevFingerprints.has(fp)) {
+            newVulnerabilities.push(vuln);
+        }
+        else {
+            unchangedCount++;
+        }
+    }
+    // Find resolved vulnerabilities (in previous but not in current)
+    for (const [fp, vuln] of prevFingerprints) {
+        if (!currFingerprints.has(fp)) {
+            resolvedVulnerabilities.push(vuln);
+        }
+    }
+    return {
+        newVulnerabilities,
+        resolvedVulnerabilities,
+        unchangedCount,
+        previousTotal: previous.vulnerabilities.length,
+        currentTotal: current.vulnerabilities.length,
+    };
+}

package/dist/core/scan-index.d.ts

@@ -13,6 +13,7 @@ export interface ScanIndexEntry {
         low: number;
         info: number;
     };
+    score?: number;
 }
 export declare function addScanToIndex(entry: Omit<ScanIndexEntry, "id">): Promise<ScanIndexEntry>;
 export declare function listScans(limit?: number): Promise<ScanIndexEntry[]>;

package/dist/core/scanner.js

@@ -30,7 +30,7 @@ class Scanner extends events_1.EventEmitter {
     maxLinksPerPage = 50;
     includePatterns = [];
     excludePatterns = [];
-    userAgent = "KramScan/0.1.0";
+    userAgent = "KramScan/0.2.0";
     scanErrors = [];
     pluginErrors = new Map();
     usePlugins = true;
@@ -63,6 +63,11 @@ class Scanner extends events_1.EventEmitter {
         plugins_1.pluginManager.register(new plugins_2.SecurityHeadersPlugin());
         plugins_1.pluginManager.register(new plugins_2.SensitiveDataPlugin());
         plugins_1.pluginManager.register(new plugins_2.CSRFPlugin());
+        plugins_1.pluginManager.register(new plugins_2.CORSAnalyzerPlugin());
+        plugins_1.pluginManager.register(new plugins_2.DebugEndpointPlugin());
+        plugins_1.pluginManager.register(new plugins_2.DirectoryTraversalPlugin());
+        plugins_1.pluginManager.register(new plugins_2.CookieSecurityPlugin());
+        plugins_1.pluginManager.register(new plugins_2.OpenRedirectPlugin());
     }
     // Type-safe event emitter methods
     emit(event, data) {
@@ -189,6 +194,7 @@ class Scanner extends events_1.EventEmitter {
                 testedForms: this.testedForms,
                 requestsMade: this.requestsMade,
             },
+            score: this.detector.calculateScore(),
         };
         this.emit("scan:complete", { result });
         return result;

package/dist/core/server-probe.d.ts

@@ -0,0 +1,20 @@
+export interface ProbeResult {
+    reachable: boolean;
+    statusCode?: number;
+    server?: string;
+    framework?: string;
+    responseTime: number;
+}
+/**
+ * Probes a localhost URL for server readiness.
+ * Polls with exponential backoff until the server responds or timeout is reached.
+ */
+export declare function probeServer(url: string, options?: {
+    timeout?: number;
+    interval?: number;
+    maxAttempts?: number;
+}): Promise<ProbeResult>;
+/**
+ * Checks if a URL points to localhost.
+ */
+export declare function isLocalhost(url: string): boolean;

package/dist/core/server-probe.js

@@ -0,0 +1,109 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.probeServer = probeServer;
+exports.isLocalhost = isLocalhost;
+const http_1 = __importDefault(require("http"));
+const https_1 = __importDefault(require("https"));
+/**
+ * Probes a localhost URL for server readiness.
+ * Polls with exponential backoff until the server responds or timeout is reached.
+ */
+async function probeServer(url, options = {}) {
+    const { timeout = 30000, interval = 1000, maxAttempts = 20 } = options;
+    const startTime = Date.now();
+    let attempts = 0;
+    let lastError = null;
+    while (attempts < maxAttempts && Date.now() - startTime < timeout) {
+        attempts++;
+        try {
+            const result = await pingUrl(url);
+            if (result.reachable) {
+                return result;
+            }
+            lastError = `HTTP ${result.statusCode}`;
+        }
+        catch (err) {
+            lastError = err.message;
+        }
+        // Exponential backoff with cap
+        const delay = Math.min(interval * Math.pow(1.5, attempts - 1), 5000);
+        await sleep(delay);
+    }
+    return {
+        reachable: false,
+        responseTime: Date.now() - startTime,
+    };
+}
+/**
+ * Single ping to a URL — returns immediately.
+ */
+function pingUrl(url) {
+    return new Promise((resolve, reject) => {
+        const startTime = Date.now();
+        const parsedUrl = new URL(url);
+        const client = parsedUrl.protocol === "https:" ? https_1.default : http_1.default;
+        const req = client.get(url, {
+            timeout: 5000,
+            rejectUnauthorized: false, // Allow self-signed certs in dev
+        }, (res) => {
+            const responseTime = Date.now() - startTime;
+            const server = res.headers["server"] || undefined;
+            const poweredBy = res.headers["x-powered-by"] || "";
+            // Detect framework from headers
+            let framework;
+            if (poweredBy.includes("Express"))
+                framework = "Express.js";
+            else if (poweredBy.includes("Next.js"))
+                framework = "Next.js";
+            else if (poweredBy.includes("Nuxt"))
+                framework = "Nuxt.js";
+            else if (poweredBy.includes("PHP"))
+                framework = "PHP";
+            else if (poweredBy.includes("ASP.NET"))
+                framework = "ASP.NET";
+            else if (res.headers["x-django-request-id"])
+                framework = "Django";
+            else if (res.headers["x-request-id"] && server?.includes("nginx"))
+                framework = "Rails/nginx";
+            // Consume body to free socket
+            res.resume();
+            resolve({
+                reachable: (res.statusCode || 0) >= 100 && (res.statusCode || 0) < 600,
+                statusCode: res.statusCode,
+                server: server,
+                framework,
+                responseTime,
+            });
+        });
+        req.on("error", (err) => {
+            reject(err);
+        });
+        req.on("timeout", () => {
+            req.destroy();
+            reject(new Error("Connection timed out"));
+        });
+    });
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Checks if a URL points to localhost.
+ */
+function isLocalhost(url) {
+    try {
+        const parsed = new URL(url);
+        const host = parsed.hostname.toLowerCase();
+        return (host === "localhost" ||
+            host === "127.0.0.1" ||
+            host === "0.0.0.0" ||
+            host === "::1" ||
+            host.endsWith(".localhost"));
+    }
+    catch {
+        return false;
+    }
+}

package/dist/core/vulnerability-detector.d.ts

@@ -28,6 +28,7 @@ export interface ScanResult {
         testedForms: number;
         requestsMade: number;
     };
+    score: number;
 }
 export declare class VulnerabilityDetector {
     private vulnerabilities;
@@ -59,5 +60,10 @@ export declare class VulnerabilityDetector {
         low: number;
         info: number;
     };
+    /**
+     * Calculates a security score from 0-100
+     * 100 is perfect, 0 is very poor
+     */
+    calculateScore(): number;
     clear(): void;
 }

package/dist/core/vulnerability-detector.js

@@ -452,6 +452,27 @@ class VulnerabilityDetector {
         }
         return summary;
     }
+    /**
+     * Calculates a security score from 0-100
+     * 100 is perfect, 0 is very poor
+     */
+    calculateScore() {
+        if (this.vulnerabilities.length === 0)
+            return 100;
+        const weights = {
+            critical: 25,
+            high: 10,
+            medium: 5,
+            low: 2,
+            info: 0,
+        };
+        let totalDeduction = 0;
+        for (const vuln of this.vulnerabilities) {
+            totalDeduction += weights[vuln.severity] || 0;
+        }
+        const score = Math.max(0, 100 - totalDeduction);
+        return Math.round(score);
+    }
     clear() {
         this.vulnerabilities = [];
         this.reportedHeaders.clear();

package/dist/index.js

@@ -1,9 +1,23 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const cli_1 = require("./cli");
 const errors_1 = require("./core/errors");
+const update_notifier_1 = __importDefault(require("update-notifier"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
 // Ensure uncaught exceptions and unhandled rejections produce useful output
 (0, errors_1.setupGlobalErrorHandlers)();
+try {
+    const pkgPath = path_1.default.join(__dirname, "../package.json");
+    const pkg = JSON.parse(fs_1.default.readFileSync(pkgPath, "utf-8"));
+    (0, update_notifier_1.default)({ pkg }).notify({ isGlobal: true });
+}
+catch (error) {
+    // Silently ignore if update notification fails
+}
 (0, cli_1.run)().catch((err) => {
     console.error("Fatal error:", err);
     process.exit(1);

package/dist/plugins/index.d.ts

@@ -5,3 +5,8 @@ export { SQLInjectionPlugin } from "./vulnerabilities/SQLInjectionPlugin";
 export { SecurityHeadersPlugin } from "./vulnerabilities/SecurityHeadersPlugin";
 export { SensitiveDataPlugin } from "./vulnerabilities/SensitiveDataPlugin";
 export { CSRFPlugin } from "./vulnerabilities/CSRFPlugin";
+export { CORSAnalyzerPlugin } from "./vulnerabilities/CORSAnalyzerPlugin";
+export { DebugEndpointPlugin } from "./vulnerabilities/DebugEndpointPlugin";
+export { DirectoryTraversalPlugin } from "./vulnerabilities/DirectoryTraversalPlugin";
+export { CookieSecurityPlugin } from "./vulnerabilities/CookieSecurityPlugin";
+export { OpenRedirectPlugin } from "./vulnerabilities/OpenRedirectPlugin";

package/dist/plugins/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CSRFPlugin = exports.SensitiveDataPlugin = exports.SecurityHeadersPlugin = exports.SQLInjectionPlugin = exports.XSSPlugin = exports.pluginManager = exports.PluginManager = exports.BaseVulnerabilityPlugin = void 0;
+exports.OpenRedirectPlugin = exports.CookieSecurityPlugin = exports.DirectoryTraversalPlugin = exports.DebugEndpointPlugin = exports.CORSAnalyzerPlugin = exports.CSRFPlugin = exports.SensitiveDataPlugin = exports.SecurityHeadersPlugin = exports.SQLInjectionPlugin = exports.XSSPlugin = exports.pluginManager = exports.PluginManager = exports.BaseVulnerabilityPlugin = void 0;
 var types_1 = require("./types");
 Object.defineProperty(exports, "BaseVulnerabilityPlugin", { enumerable: true, get: function () { return types_1.BaseVulnerabilityPlugin; } });
 var PluginManager_1 = require("./PluginManager");
@@ -17,3 +17,13 @@ var SensitiveDataPlugin_1 = require("./vulnerabilities/SensitiveDataPlugin");
 Object.defineProperty(exports, "SensitiveDataPlugin", { enumerable: true, get: function () { return SensitiveDataPlugin_1.SensitiveDataPlugin; } });
 var CSRFPlugin_1 = require("./vulnerabilities/CSRFPlugin");
 Object.defineProperty(exports, "CSRFPlugin", { enumerable: true, get: function () { return CSRFPlugin_1.CSRFPlugin; } });
+var CORSAnalyzerPlugin_1 = require("./vulnerabilities/CORSAnalyzerPlugin");
+Object.defineProperty(exports, "CORSAnalyzerPlugin", { enumerable: true, get: function () { return CORSAnalyzerPlugin_1.CORSAnalyzerPlugin; } });
+var DebugEndpointPlugin_1 = require("./vulnerabilities/DebugEndpointPlugin");
+Object.defineProperty(exports, "DebugEndpointPlugin", { enumerable: true, get: function () { return DebugEndpointPlugin_1.DebugEndpointPlugin; } });
+var DirectoryTraversalPlugin_1 = require("./vulnerabilities/DirectoryTraversalPlugin");
+Object.defineProperty(exports, "DirectoryTraversalPlugin", { enumerable: true, get: function () { return DirectoryTraversalPlugin_1.DirectoryTraversalPlugin; } });
+var CookieSecurityPlugin_1 = require("./vulnerabilities/CookieSecurityPlugin");
+Object.defineProperty(exports, "CookieSecurityPlugin", { enumerable: true, get: function () { return CookieSecurityPlugin_1.CookieSecurityPlugin; } });
+var OpenRedirectPlugin_1 = require("./vulnerabilities/OpenRedirectPlugin");
+Object.defineProperty(exports, "OpenRedirectPlugin", { enumerable: true, get: function () { return OpenRedirectPlugin_1.OpenRedirectPlugin; } });

package/dist/plugins/vulnerabilities/CORSAnalyzerPlugin.d.ts

@@ -0,0 +1,10 @@
+import { BaseVulnerabilityPlugin, PluginContext } from "../types";
+import { Vulnerability } from "../../core/vulnerability-detector";
+export declare class CORSAnalyzerPlugin extends BaseVulnerabilityPlugin {
+    readonly name = "CORS Analyzer";
+    readonly type: "header";
+    readonly description = "Detects overly permissive Cross-Origin Resource Sharing configurations";
+    private readonly reportedHosts;
+    analyzeHeaders(context: PluginContext, headers: Record<string, string>): Promise<Vulnerability[]>;
+    reset(): void;
+}