omen-sec-cli 1.0.19 → 1.0.21

package/omen-reports/omen-report.md

@@ -0,0 +1,129 @@
+# OMEN Audit Report: https://www.fnstore.com.br/
+
+**Scan ID:** `OMEN-1774371576550`  
+**Timestamp:** 2026-03-24T16:59:36.550Z  
+**Security Score:** 71/100  
+**Risk Level:** Medium
+
+## Executive Summary
+The security audit identified 9 total issues. Of these, 2 are confirmed vulnerabilities that require immediate attention.
+
+## Detailed Findings
+
+### [HIGH] Content-Security-Policy Missing
+- **Category:** confirmed
+- **Confidence:** high
+- **CWE:** CWE-1022
+
+#### Description
+CSP header is missing. Without a strict Content-Security-Policy, the application is highly vulnerable to Cross-Site Scripting (XSS) and data injection attacks.
+
+#### Remediation
+Define a strict Content-Security-Policy to restrict source domains for scripts, styles, and other resources.
+
+---
+
+### [LOW] X-Frame-Options Missing
+- **Category:** hardening
+- **Confidence:** high
+- **CWE:** CWE-1021
+
+#### Description
+Missing X-Frame-Options header. This allows the application to be embedded in an iframe on other domains, increasing Clickjacking risk.
+
+#### Remediation
+Set the X-Frame-Options header to DENY or SAMEORIGIN.
+
+---
+
+### [LOW] X-Content-Type-Options Missing
+- **Category:** hardening
+- **Confidence:** high
+- **CWE:** CWE-116
+
+#### Description
+The X-Content-Type-Options: nosniff header is missing. This could allow the browser to "sniff" the content type, potentially leading to MIME-type sniffing attacks.
+
+#### Remediation
+Add the "X-Content-Type-Options: nosniff" header to all responses.
+
+---
+
+### [HIGH] Permissive CORS Policy
+- **Category:** confirmed
+- **Confidence:** high
+- **CWE:** CWE-942
+
+#### Description
+The application allows Cross-Origin Resource Sharing from any domain (Access-Control-Allow-Origin: *).
+
+#### Remediation
+Restrict Access-Control-Allow-Origin to trusted domains only.
+
+---
+
+### [INFO] Technology Stack Identified
+- **Category:** informational
+- **Confidence:** high
+- **CWE:** CWE-200
+
+#### Description
+Fingerprinting identified the following technologies: Vercel
+
+#### Remediation
+Minimal tech disclosure is recommended to prevent targeted attacks.
+
+---
+
+### [MEDIUM] Potential Admin Panel Exposure
+- **Category:** probable
+- **Confidence:** low
+- **CWE:** CWE-284
+
+#### Description
+Potential exposed admin panel or dashboard at https://www.fnstore.com.br/admin. Manual verification required.
+
+#### Remediation
+Restrict access to the admin panel using IP whitelisting or other access control mechanisms.
+
+---
+
+### [INFO] Protected Path Discovered
+- **Category:** informational
+- **Confidence:** medium
+- **CWE:** CWE-204
+
+#### Description
+Potential protected path discovered (403 Forbidden): https://www.fnstore.com.br/wp-admin. This confirms the path exists but access is restricted.
+
+#### Remediation
+None required, but ensure that the 403 response does not leak information about the internal structure.
+
+---
+
+### [INFO] Protected Path Discovered
+- **Category:** informational
+- **Confidence:** medium
+- **CWE:** CWE-204
+
+#### Description
+Potential protected path discovered (403 Forbidden): https://www.fnstore.com.br/config.php. This confirms the path exists but access is restricted.
+
+#### Remediation
+None required, but ensure that the 403 response does not leak information about the internal structure.
+
+---
+
+### [INFO] Protected Path Discovered
+- **Category:** informational
+- **Confidence:** medium
+- **CWE:** CWE-204
+
+#### Description
+Potential protected path discovered (403 Forbidden): https://www.fnstore.com.br/phpinfo.php. This confirms the path exists but access is restricted.
+
+#### Remediation
+None required, but ensure that the 403 response does not leak information about the internal structure.
+
+---
+

package/omen-reports/omen-report.txt

@@ -1,9 +1,55 @@
 OMEN SECURITY REPORT
+====================
+Target: https://www.fnstore.com.br/
+Scan ID: OMEN-1774371576550
+Date: 2026-03-24T16:59:36.550Z
+Score: 71/100
+Risk Level: Medium
 
-Target: Local Project
-Score: 60
-Risk: High
-
-Vulnerabilities:
-- Dangerous use of eval() detected in local-scanner.js at line 73
-- Potential SQL Injection (raw string concatenation) in local-scanner.js at line 79
+VULNERABILITIES FOUND:
+----------------------
+[HIGH] Content-Security-Policy Missing
+Category: confirmed | Confidence: high
+Description: CSP header is missing. Without a strict Content-Security-Policy, the application is highly vulnerable to Cross-Site Scripting (XSS) and data injection attacks.
+Remediation: Define a strict Content-Security-Policy to restrict source domains for scripts, styles, and other resources.
+----------------------
+[LOW] X-Frame-Options Missing
+Category: hardening | Confidence: high
+Description: Missing X-Frame-Options header. This allows the application to be embedded in an iframe on other domains, increasing Clickjacking risk.
+Remediation: Set the X-Frame-Options header to DENY or SAMEORIGIN.
+----------------------
+[LOW] X-Content-Type-Options Missing
+Category: hardening | Confidence: high
+Description: The X-Content-Type-Options: nosniff header is missing. This could allow the browser to "sniff" the content type, potentially leading to MIME-type sniffing attacks.
+Remediation: Add the "X-Content-Type-Options: nosniff" header to all responses.
+----------------------
+[HIGH] Permissive CORS Policy
+Category: confirmed | Confidence: high
+Description: The application allows Cross-Origin Resource Sharing from any domain (Access-Control-Allow-Origin: *).
+Remediation: Restrict Access-Control-Allow-Origin to trusted domains only.
+----------------------
+[INFO] Technology Stack Identified
+Category: informational | Confidence: high
+Description: Fingerprinting identified the following technologies: Vercel
+Remediation: Minimal tech disclosure is recommended to prevent targeted attacks.
+----------------------
+[MEDIUM] Potential Admin Panel Exposure
+Category: probable | Confidence: low
+Description: Potential exposed admin panel or dashboard at https://www.fnstore.com.br/admin. Manual verification required.
+Remediation: Restrict access to the admin panel using IP whitelisting or other access control mechanisms.
+----------------------
+[INFO] Protected Path Discovered
+Category: informational | Confidence: medium
+Description: Potential protected path discovered (403 Forbidden): https://www.fnstore.com.br/wp-admin. This confirms the path exists but access is restricted.
+Remediation: None required, but ensure that the 403 response does not leak information about the internal structure.
+----------------------
+[INFO] Protected Path Discovered
+Category: informational | Confidence: medium
+Description: Potential protected path discovered (403 Forbidden): https://www.fnstore.com.br/config.php. This confirms the path exists but access is restricted.
+Remediation: None required, but ensure that the 403 response does not leak information about the internal structure.
+----------------------
+[INFO] Protected Path Discovered
+Category: informational | Confidence: medium
+Description: Potential protected path discovered (403 Forbidden): https://www.fnstore.com.br/phpinfo.php. This confirms the path exists but access is restricted.
+Remediation: None required, but ensure that the 403 response does not leak information about the internal structure.
+----------------------

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "omen-sec-cli",
-  "version": "1.0.19",
+  "version": "1.0.21",
   "description": "OMEN — AI Security Engine",
   "engines": {
     "node": ">=20.0.0"

package/ui/banner.js

@@ -9,7 +9,7 @@ export function showBanner() {
  ╚██████╔╝██║ ╚═╝ ██║███████╗██║ ╚████║ 
  `));
   console.log(chalk.cyan.bold(' OMEN — AI Security Engine '));
-  console.log(chalk.gray(' Version: 1.0.19 \n'));
+  console.log(chalk.gray(' Version: 1.0.21 \n'));
 }
 
 export function showHelp() {