npm - omen-sec-cli - Versions diffs - 1.0.15 → 1.0.16 - Mend

omen-sec-cli 1.0.15 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/bin/index.js CHANGED Viewed

@@ -15,7 +15,7 @@ async function main() {
   }
   if (args.flags.version) {
-    console.log('1.0.14');
+    console.log('1.0.16');
     return;
   }

package/core/remote-scanner.js CHANGED Viewed

@@ -364,33 +364,36 @@ async function validateFuzzerFinding(path, response, url) {
         category: 'Informational',
         confidence: 'High',
         severity: 'Info',
-        description: `Admin login page discovered at ${url}. This is part of the attack surface.`,
+        description: `Admin login page discovered at ${url}.`,
         cwe: 'CWE-200',
-        evidence
+        evidence: { ...evidence, reason: '200 OK with login/password patterns detected in HTML.' }
       };
     }
     // If it's a 200 but not a login page, it could be an exposed panel
     return {
       id: `REM-PROBABLE-PANEL-${Date.now()}`,
       category: 'Probable',
-      confidence: 'Medium',
-      severity: 'High',
-      description: `Potential exposed admin panel at ${url}. Manual verification required.`,
-      cwe: 'CWE-284', // Improper Access Control
-      evidence
+      confidence: 'Low',
+      severity: 'Medium',
+      description: `Potential exposed admin panel or dashboard at ${url}. Manual verification required.`,
+      cwe: 'CWE-284',
+      evidence: { ...evidence, reason: '200 OK on admin-like path, but no explicit login form detected. Could be an unauthorized dashboard.' }
     };
   }
-  // Rule 4: Treat 403 Forbidden as low-confidence informational
+  // Rule 4: Treat 403 Forbidden as low-confidence informational (Path Enumeration)
   if (status === 403) {
     return {
       id: `REM-INFO-FORBIDDEN-${Date.now()}`,
       category: 'Informational',
-      confidence: 'Low',
+      confidence: 'Medium',
       severity: 'Info',
-      description: `Path exists but access is restricted (403 Forbidden): ${url}. This confirms the path's existence but does not prove exposure.`,
-      cwe: 'CWE-204', // Response Discrepancy (Path Enumeration)
-      evidence
+      description: `Potential protected path discovered (403 Forbidden): ${url}. This confirms the path exists but access is restricted.`,
+      cwe: 'CWE-204',
+      evidence: {
+        ...evidence,
+        reason: 'Server returned 403 Forbidden. This confirms path existence but access control is active. No immediate exposure detected.'
+      }
     };
   }

package/core/ui-server.js CHANGED Viewed

@@ -20,10 +20,11 @@ export async function startUIServer() {
         return 'text-green-500';
       };
-      const getConfidenceClass = (confidence) => {
-        if (confidence === 'High') return 'text-green-400';
-        if (confidence === 'Medium') return 'text-yellow-400';
-        return 'text-red-400';
+      const getCategoryBadge = (category) => {
+        if (category === 'Confirmed') return 'bg-red-900/50 text-red-400 border-red-800';
+        if (category === 'Probable') return 'bg-orange-900/50 text-orange-400 border-orange-800';
+        if (category === 'Hardening') return 'bg-blue-900/50 text-blue-400 border-blue-800';
+        return 'bg-gray-800 text-gray-400 border-gray-700';
       };
       const html = `
@@ -32,61 +33,130 @@ export async function startUIServer() {
       <head>
           <meta charset="UTF-8">
           <meta name="viewport" content="width=device-width, initial-scale=1.0">
-          <title>OMEN SEC-CLI Dashboard</title>
+          <title>OMEN SEC-CLI Evidence Center</title>
           <script src="https://cdn.tailwindcss.com"></script>
+          <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
           <style>
               body { background-color: #0a0a0c; color: #e0e0e0; font-family: 'Inter', sans-serif; }
+              .mono { font-family: 'JetBrains Mono', monospace; }
               .card { background-color: #16161a; border: 1px solid #2d2d3a; }
-              .tab { cursor: pointer; padding: 10px 15px; border-bottom: 2px solid transparent; }
-              .tab.active { border-bottom: 2px solid #ef4444; color: #ef4444; }
-              .collapsible { cursor: pointer; }
-              .content { display: none; }
-              pre { background-color: #000; padding: 10px; border-radius: 5px; overflow-x: auto; }
+              .tab-btn { cursor: pointer; padding: 12px 24px; border-bottom: 2px solid transparent; transition: all 0.2s; font-weight: 600; }
+              .tab-btn:hover { background-color: #1f1f26; }
+              .tab-btn.active { border-bottom: 2px solid #ef4444; color: #ef4444; background-color: #1f1f26; }
+              .content-area { display: none; }
+              .content-area.active { display: block; }
+              pre { background-color: #000; padding: 15px; border-radius: 8px; border: 1px solid #333; overflow-x: auto; font-size: 0.85rem; }
+              .finding-row { transition: background-color 0.2s; }
+              .finding-row:hover { background-color: #1f1f26; }
+              .evidence-panel { display: none; }
           </style>
       </head>
       <body class="p-4 md:p-8">
           <div class="max-w-7xl mx-auto">
-              <header class="flex justify-between items-center mb-8 border-b border-gray-800 pb-4">
-                  <h1 class="text-3xl font-bold tracking-tighter text-red-500">OMEN <span class="text-white">EVIDENCE-CENTER</span></h1>
-                  <div class="text-right text-sm">
-                      <p class="text-gray-400">Scan ID: ${report.scan_id}</p>
-                      <p class="text-gray-400">${new Date(report.timestamp).toLocaleString()}</p>
+              <header class="flex justify-between items-end mb-10 border-b border-gray-800 pb-6">
+                  <div>
+                      <h1 class="text-4xl font-extrabold tracking-tighter text-red-500 mb-1">OMEN <span class="text-white">SEC-CLI</span></h1>
+                      <p class="text-gray-500 font-medium">Professional DevSecOps Audit Framework</p>
+                  </div>
+                  <div class="text-right text-sm font-medium text-gray-500">
+                      <p>Scan ID: <span class="text-gray-300 mono">${report.scan_id}</span></p>
+                      <p>Date: <span class="text-gray-300">${new Date(report.timestamp).toLocaleString()}</span></p>
                   </div>
               </header>
-              <!-- Tabs -->
-              <div class="flex border-b border-gray-700 mb-6">
-                  <div class="tab active" onclick="showTab('dashboard')">Dashboard</div>
-                  <div class="tab" onclick="showTab('findings')">Findings</div>
-                  <div class="tab" onclick="showTab('surface')">Attack Surface</div>
-                  <div class="tab" onclick="showTab('history')">History</div>
+              <!-- Navigation Tabs -->
+              <div class="flex border-b border-gray-800 mb-8 bg-[#111116] rounded-t-xl overflow-hidden">
+                  <div class="tab-btn active" data-target="dashboard">Dashboard</div>
+                  <div class="tab-btn" data-target="findings">Findings</div>
+                  <div class="tab-btn" data-target="surface">Attack Surface</div>
+                  <div class="tab-btn" data-target="history">History</div>
               </div>
               <!-- Dashboard Tab -->
-              <div id="dashboard" class="tab-content block">
-                  <div class="grid grid-cols-2 md:grid-cols-4 gap-4 mb-8">
-                      <div class="card p-4 rounded-lg"><h3 class="text-gray-400">Security Score</h3><p class="text-4xl font-bold ${getSeverityClass(report.riskLevel)}">${report.score}/100</p></div>
-                      <div class="card p-4 rounded-lg"><h3 class="text-gray-400">Risk Level</h3><p class="text-4xl font-bold ${getSeverityClass(report.riskLevel)}">${report.riskLevel}</p></div>
-                      <div class="card p-4 rounded-lg"><h3 class="text-gray-400">Confirmed</h3><p class="text-4xl font-bold">${report.vulnerabilities.filter(v => v.category === 'Confirmed').length}</p></div>
-                      <div class="card p-4 rounded-lg"><h3 class="text-gray-400">Probable</h3><p class="text-4xl font-bold">${report.vulnerabilities.filter(v => v.category === 'Probable').length}</p></div>
+              <div id="dashboard" class="content-area active">
+                  <div class="grid grid-cols-1 md:grid-cols-4 gap-6 mb-10">
+                      <div class="card p-6 rounded-xl shadow-2xl">
+                          <h3 class="text-gray-500 uppercase text-xs font-bold tracking-widest mb-2">Security Score</h3>
+                          <p class="text-5xl font-black ${getSeverityClass(report.riskLevel)}">${report.score}/100</p>
+                      </div>
+                      <div class="card p-6 rounded-xl shadow-2xl">
+                          <h3 class="text-gray-500 uppercase text-xs font-bold tracking-widest mb-2">Risk Level</h3>
+                          <p class="text-5xl font-black ${getSeverityClass(report.riskLevel)}">${report.riskLevel}</p>
+                      </div>
+                      <div class="card p-6 rounded-xl shadow-2xl">
+                          <h3 class="text-gray-500 uppercase text-xs font-bold tracking-widest mb-2">Confirmed Issues</h3>
+                          <p class="text-5xl font-black text-white">${report.vulnerabilities.filter(v => v.category === 'Confirmed').length}</p>
+                      </div>
+                      <div class="card p-6 rounded-xl shadow-2xl">
+                          <h3 class="text-gray-500 uppercase text-xs font-bold tracking-widest mb-2">Probable Issues</h3>
+                          <p class="text-5xl font-black text-white">${report.vulnerabilities.filter(v => v.category === 'Probable').length}</p>
+                      </div>
+                  </div>
+                  <div class="grid grid-cols-1 lg:grid-cols-2 gap-8">
+                      <div class="card p-6 rounded-xl">
+                          <h2 class="text-xl font-bold mb-6 flex items-center">
+                              <span class="w-2 h-2 bg-red-500 rounded-full mr-2"></span> Top Critical Findings
+                          </h2>
+                          <div class="space-y-4">
+                              ${report.vulnerabilities.filter(v => v.severity === 'Critical' || v.severity === 'High').slice(0, 5).map(v => `
+                                  <div class="p-4 bg-[#1c1c22] rounded-lg border border-gray-800">
+                                      <div class="flex justify-between items-start mb-2">
+                                          <span class="font-bold ${getSeverityClass(v.severity)} text-sm">${v.severity}</span>
+                                          <span class="px-2 py-0.5 rounded border text-[10px] uppercase font-bold ${getCategoryBadge(v.category)}">${v.category}</span>
+                                      </div>
+                                      <p class="text-sm font-medium text-gray-300">${v.description}</p>
+                                  </div>
+                              `).join('') || '<p class="text-gray-500 italic">No critical findings discovered.</p>'}
+                          </div>
+                      </div>
+                      <div class="card p-6 rounded-xl">
+                          <h2 class="text-xl font-bold mb-6 flex items-center">
+                              <span class="w-2 h-2 bg-blue-500 rounded-full mr-2"></span> Scan Intelligence
+                          </h2>
+                          <div class="space-y-4 text-sm">
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Target URL</span> <span class="mono text-gray-300">${report.target}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Tech Stack</span> <span class="text-gray-300">${(report.attack_surface.tech_stack || []).join(', ') || 'N/A'}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Endpoints Discovered</span> <span class="text-gray-300">${(report.attack_surface.endpoints || []).length}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Forms Detected</span> <span class="text-gray-300">${(report.attack_surface.forms || []).length}</span> </div>
+                          </div>
+                      </div>
                   </div>
               </div>
               <!-- Findings Tab -->
-              <div id="findings" class="tab-content hidden">
-                  <div class="card p-4 rounded-lg">
-                      <h2 class="text-xl font-bold mb-4">Vulnerability Details</h2>
-                      <div class="space-y-3">
+              <div id="findings" class="content-area">
+                  <div class="card rounded-xl overflow-hidden">
+                      <div class="p-6 border-b border-gray-800 flex justify-between items-center bg-[#111116]">
+                          <h2 class="text-xl font-bold">Vulnerability Evidence Catalog</h2>
+                          <div class="flex gap-2">
+                              <span class="text-xs font-bold text-gray-500 uppercase tracking-tighter">Click rows to expand evidence</span>
+                          </div>
+                      </div>
+                      <div class="divide-y divide-gray-800">
                           ${report.vulnerabilities.map((v, i) => `
-                              <div>
-                                  <div class="collapsible flex justify-between items-center p-3 bg-gray-800 rounded-t-lg" onclick="toggleCollapse(${i})">
-                                      <span class="font-bold ${getSeverityClass(v.severity)}">${v.severity}</span>
-                                      <span class="flex-1 mx-4">${v.description}</span>
-                                      <span class="${getConfidenceClass(v.confidence)}">${v.confidence} Confidence</span>
+                              <div class="finding-row">
+                                  <div class="p-4 flex items-center cursor-pointer gap-4" onclick="toggleEvidence(${i})">
+                                      <div class="w-24 text-xs font-black uppercase ${getSeverityClass(v.severity)}">${v.severity}</div>
+                                      <div class="flex-1 text-sm font-semibold text-gray-300">${v.description}</div>
+                                      <div class="px-2 py-1 rounded border text-[10px] uppercase font-bold ${getCategoryBadge(v.category)}">${v.category}</div>
+                                      <div class="text-[10px] mono text-gray-600">${v.id}</div>
                                   </div>
-                                  <div id="content-${i}" class="content p-4 bg-gray-900 rounded-b-lg">
-                                      <h4 class="font-bold mb-2">Evidence</h4>
-                                      <pre>${JSON.stringify(v.evidence, null, 2)}</pre>
+                                  <div id="evidence-${i}" class="evidence-panel p-6 bg-black border-t border-gray-800">
+                                      <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
+                                          <div>
+                                              <h4 class="text-xs font-bold uppercase text-gray-500 mb-3 tracking-widest">Discovery Evidence</h4>
+                                              <pre class="mono">${JSON.stringify(v.evidence, null, 2)}</pre>
+                                          </div>
+                                          <div>
+                                              <h4 class="text-xs font-bold uppercase text-gray-500 mb-3 tracking-widest">Technical Details</h4>
+                                              <div class="space-y-3 text-sm">
+                                                  <p><span class="text-gray-500">CWE:</span> <span class="text-blue-400 mono">${v.cwe}</span></p>
+                                                  <p><span class="text-gray-500">Confidence:</span> <span class="font-bold text-gray-300">${v.confidence}</span></p>
+                                                  <p><span class="text-gray-500">Remediation:</span> <span class="text-gray-400 italic">Consult OMEN AI Protocol for detailed fix.</span></p>
+                                              </div>
+                                          </div>
+                                      </div>
                                   </div>
                               </div>
                           `).join('')}
@@ -95,36 +165,70 @@ export async function startUIServer() {
               </div>
               <!-- Attack Surface Tab -->
-              <div id="surface" class="tab-content hidden">
-                  <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
-                      <div class="card p-4 rounded-lg"> <h3 class="font-bold mb-2">Tech Stack</h3> <pre>${Array.isArray(report.attack_surface.tech_stack) ? report.attack_surface.tech_stack.join('\n') : (report.attack_surface.tech_stack || '')}</pre> </div>
-                      <div class="card p-4 rounded-lg"> <h3 class="font-bold mb-2">Forms</h3> <pre>${JSON.stringify(report.attack_surface.forms || report.attack_surface.forms_detected || [], null, 2)}</pre> </div>
-                      <div class="card p-4 rounded-lg col-span-1 md:col-span-2"> <h3 class="font-bold mb-2">Discovered Links</h3> <pre class="max-h-96">${Array.isArray(report.attack_surface.endpoints) ? report.attack_surface.endpoints.join('\n') : (report.attack_surface.endpoints || report.attack_surface.endpoints_discovered || '')}</pre> </div>
+              <div id="surface" class="content-area">
+                  <div class="grid grid-cols-1 lg:grid-cols-3 gap-8">
+                      <div class="lg:col-span-2 space-y-8">
+                          <div class="card p-6 rounded-xl">
+                              <h3 class="text-xl font-bold mb-4">Discovered Assets</h3>
+                              <pre class="mono max-h-[600px]">${(report.attack_surface.endpoints || []).join('\n') || 'No endpoints discovered.'}</pre>
+                          </div>
+                      </div>
+                      <div class="space-y-8">
+                          <div class="card p-6 rounded-xl">
+                              <h3 class="text-xl font-bold mb-4">Forms & Inputs</h3>
+                              <pre class="mono">${JSON.stringify(report.attack_surface.forms || [], null, 2)}</pre>
+                          </div>
+                          <div class="card p-6 rounded-xl">
+                              <h3 class="text-xl font-bold mb-4">Tech Fingerprint</h3>
+                              <div class="flex flex-wrap gap-2">
+                                  ${(report.attack_surface.tech_stack || []).map(t => `<span class="px-3 py-1 bg-gray-800 rounded-full text-xs font-bold text-blue-400 border border-gray-700">${t}</span>`).join('') || '<span class="text-gray-500 italic">No stack identified.</span>'}
+                              </div>
+                          </div>
+                      </div>
                   </div>
               </div>
               <!-- History Tab -->
-              <div id="history" class="tab-content hidden">
-                  <div class="card p-4 rounded-lg">
-                      <h2 class="text-xl font-bold mb-4">Scan History</h2>
-                      <p class="text-gray-400">Feature coming soon. Historical data is being saved in the .omen/history/ directory.</p>
+              <div id="history" class="content-area text-center py-20">
+                  <div class="card p-10 rounded-2xl max-w-lg mx-auto border-dashed border-gray-700 bg-transparent">
+                      <h2 class="text-2xl font-bold mb-4 text-gray-400">Scan Timeline</h2>
+                      <p class="text-gray-500 mb-6">OMEN is currently tracking your security posture. Historical data is being indexed in <code class="mono text-red-400 bg-red-950/30 px-2 py-1 rounded">.omen/history/</code></p>
+                      <div class="inline-block px-4 py-2 bg-gray-800 rounded-full text-xs font-bold uppercase tracking-widest text-gray-400">Feature arriving in v1.0.17</div>
                   </div>
               </div>
-              <footer class="text-center text-gray-600 mt-12 border-t border-gray-800 pt-4">
-                  <p>OMEN Security Framework - v1.0.14</p>
+              <footer class="text-center text-gray-600 mt-16 border-t border-gray-900 pt-8 mb-10">
+                  <p class="text-xs uppercase tracking-widest font-bold mb-2">OMEN Security Framework - v1.0.16</p>
+                  <p class="text-[10px] text-gray-700 italic">"The eye that never sleeps, the code that never fails."</p>
               </footer>
           </div>
           <script>
-              function showTab(tabName) {
-                  document.querySelectorAll('.tab-content').forEach(tab => tab.classList.add('hidden'));
-                  document.getElementById(tabName).classList.remove('hidden');
-                  document.querySelectorAll('.tab').forEach(tab => tab.classList.remove('active'));
-                  document.querySelector(`[onclick="showTab('${tabName}')"]`).classList.add('active');
-              }
-              function toggleCollapse(index) {
-                  const content = document.getElementById('content-' + index);
-                  content.style.display = content.style.display === 'block' ? 'none' : 'block';
+              // Robust Tab System
+              document.querySelectorAll('.tab-btn').forEach(btn => {
+                  btn.addEventListener('click', () => {
+                      const target = btn.getAttribute('data-target');
+                      // Update buttons
+                      document.querySelectorAll('.tab-btn').forEach(b => b.classList.remove('active'));
+                      btn.classList.add('active');
+                      // Update areas
+                      document.querySelectorAll('.content-area').forEach(area => {
+                          area.classList.remove('active');
+                          if (area.id === target) area.classList.add('active');
+                      });
+                  });
+              });
+              // Robust Evidence Toggle
+              function toggleEvidence(index) {
+                  const panel = document.getElementById('evidence-' + index);
+                  if (panel.style.display === 'block') {
+                      panel.style.display = 'none';
+                  } else {
+                      panel.style.display = 'block';
+                  }
               }
           </script>
       </body>
@@ -132,7 +236,13 @@ export async function startUIServer() {
       `;
       res.send(html);
     } catch (err) {
-      res.status(500).send(`<h1>Error loading report</h1><p>Please run a scan first to generate omen-report.json. Error: ${err.message}</p>`);
+      res.status(500).send(`
+        <body style="background:#0a0a0c; color:#ff4d4d; font-family:sans-serif; padding:50px; text-align:center;">
+            <h1>Dashboard Failed to Load</h1>
+            <p style="color:#888;">Error details: ${err.message}</p>
+            <p style="margin-top:20px;"><a href="/" style="color:#fff; text-decoration:none; border:1px solid #333; padding:10px 20px; rounded:5px;">Retry</a></p>
+        </body>
+      `);
     }
   });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "omen-sec-cli",
-  "version": "1.0.15",
+  "version": "1.0.16",
   "description": "OMEN — AI Security Engine",
   "main": "bin/index.js",
   "type": "module",

package/ui/banner.js CHANGED Viewed

@@ -9,7 +9,7 @@ export function showBanner() {
  ╚██████╔╝██║ ╚═╝ ██║███████╗██║ ╚████║
  `));
   console.log(chalk.cyan.bold(' OMEN — AI Security Engine '));
-  console.log(chalk.gray(' Version: 1.0.14 \n'));
+  console.log(chalk.gray(' Version: 1.0.16 \n'));
 }
 export function showHelp() {