kramscan 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +81 -54
  3. package/dist/cli.js +8 -1
  4. package/dist/commands/config.js +2 -2
  5. package/dist/commands/dev.d.ts +2 -0
  6. package/dist/commands/dev.js +239 -0
  7. package/dist/commands/gate.d.ts +2 -0
  8. package/dist/commands/gate.js +112 -0
  9. package/dist/commands/onboard.js +2 -2
  10. package/dist/commands/report.js +89 -11
  11. package/dist/commands/scan.js +11 -0
  12. package/dist/commands/scans.js +4 -0
  13. package/dist/core/config-schema.js +1 -1
  14. package/dist/core/config.js +3 -3
  15. package/dist/core/diff-engine.d.ts +12 -0
  16. package/dist/core/diff-engine.js +47 -0
  17. package/dist/core/scan-index.d.ts +1 -0
  18. package/dist/core/scanner.js +7 -1
  19. package/dist/core/server-probe.d.ts +20 -0
  20. package/dist/core/server-probe.js +109 -0
  21. package/dist/core/vulnerability-detector.d.ts +6 -0
  22. package/dist/core/vulnerability-detector.js +21 -0
  23. package/dist/index.js +14 -0
  24. package/dist/plugins/index.d.ts +5 -0
  25. package/dist/plugins/index.js +11 -1
  26. package/dist/plugins/vulnerabilities/CORSAnalyzerPlugin.d.ts +10 -0
  27. package/dist/plugins/vulnerabilities/CORSAnalyzerPlugin.js +67 -0
  28. package/dist/plugins/vulnerabilities/CookieSecurityPlugin.d.ts +10 -0
  29. package/dist/plugins/vulnerabilities/CookieSecurityPlugin.js +91 -0
  30. package/dist/plugins/vulnerabilities/DebugEndpointPlugin.d.ts +15 -0
  31. package/dist/plugins/vulnerabilities/DebugEndpointPlugin.js +222 -0
  32. package/dist/plugins/vulnerabilities/DirectoryTraversalPlugin.d.ts +13 -0
  33. package/dist/plugins/vulnerabilities/DirectoryTraversalPlugin.js +110 -0
  34. package/dist/plugins/vulnerabilities/OpenRedirectPlugin.d.ts +10 -0
  35. package/dist/plugins/vulnerabilities/OpenRedirectPlugin.js +69 -0
  36. package/dist/reports/PdfGenerator.js +26 -1
  37. package/dist/utils/theme.d.ts +1 -0
  38. package/dist/utils/theme.js +7 -1
  39. package/package.json +8 -3
package/dist/utils/theme.d.ts CHANGED
@@ -43,6 +43,7 @@ export declare function displayScanSummary(result: {
43
43
  low: number;
44
44
  info: number;
45
45
  };
46
+ score: number;
46
47
  vulnerabilities: Array<{
47
48
  severity: string;
48
49
  title: string;
package/dist/utils/theme.js CHANGED
@@ -127,7 +127,7 @@ function getSeverityColor(severity) {
127
127
  }
128
128
  // ─── Scan Summary Display ──────────────────────────────────────────
129
129
  function displayScanSummary(result) {
130
- const { target, duration, metadata, summary, vulnerabilities, filepath, pdfPath } = result;
130
+ const { target, duration, metadata, summary, vulnerabilities, filepath, pdfPath, score } = result;
131
131
  // Scan Summary
132
132
  console.log("");
133
133
  console.log(exports.theme.brightWhite.bold("📊 Scan Summary"));
@@ -138,6 +138,12 @@ function displayScanSummary(result) {
138
138
  console.log(exports.theme.white("URLs Crawled:"), exports.theme.cyan(metadata.crawledUrls));
139
139
  console.log(exports.theme.white("Forms Tested:"), exports.theme.cyan(metadata.testedForms));
140
140
  console.log(exports.theme.white("Requests Made:"), exports.theme.cyan(metadata.requestsMade));
141
+ // Security Score Display
142
+ const scoreColor = score > 80 ? exports.theme.success : (score > 50 ? exports.theme.warning : exports.theme.error);
143
+ const scoreLabel = score > 80 ? "EXCELLENT" : (score > 50 ? "FAIR" : "POOR");
144
+ console.log("");
145
+ console.log(` ${exports.theme.white("Security Score:")} ${scoreColor.bold(score + "/100")} ${exports.theme.gray(`(${scoreLabel})`)}`);
146
+ console.log(` ${scoreColor("█".repeat(Math.round(score / 5)) + exports.theme.dim("█".repeat(20 - Math.round(score / 5))))}`);
141
147
  console.log("");
142
148
  // Vulnerability summary
143
149
  console.log(exports.theme.brightWhite.bold("🛡️ Vulnerabilities Found"));
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "name": "kramscan",
3
- "version": "0.2.0",
3
+ "version": "0.3.1",
4
4
  "description": "KramScan CLI — AI-powered web app security testing",
5
- "author": "Akram Shaikh <akramshaikh.me>",
5
+ "author": "Akram Shaikh (https://akramshaikh.me)",
6
6
  "license": "MIT",
7
7
  "keywords": [
8
8
  "security",
@@ -13,6 +13,9 @@
13
13
  "web-security",
14
14
  "analysis"
15
15
  ],
16
+ "publishConfig": {
17
+ "access": "public"
18
+ },
16
19
  "repository": {
17
20
  "type": "git",
18
21
  "url": "https://github.com/shaikhakramshakil/kramscan.git"
@@ -45,12 +48,13 @@
45
48
  "lint": "eslint src --ext .ts",
46
49
  "lint:fix": "eslint src --ext .ts --fix",
47
50
  "format": "prettier --write \"src/**/*.ts\"",
48
- "prepublishOnly": "npm run clean && npm run build"
51
+ "prepublishOnly": "npm test && npm run clean && npm run build"
49
52
  },
50
53
  "dependencies": {
51
54
  "@anthropic-ai/sdk": "^0.31.0",
52
55
  "@google/generative-ai": "^0.24.1",
53
56
  "@mistralai/mistralai": "^1.14.0",
57
+ "@types/update-notifier": "^5.1.0",
54
58
  "axios": "^1.6.8",
55
59
  "chalk": "^5.6.2",
56
60
  "commander": "^12.1.0",
@@ -62,6 +66,7 @@
62
66
  "openai": "^4.104.0",
63
67
  "ora": "^8.2.0",
64
68
  "puppeteer": "^22.15.0",
69
+ "update-notifier": "^5.1.0",
65
70
  "uuid": "^9.0.1"
66
71
  },
67
72
  "devDependencies": {