omen-sec-cli 1.0.20 → 1.0.21

package/README.md

@@ -1,7 +1,7 @@
-# <p align="center"> <img src="https://img.icons8.com/nolan/128/security-shield.png" width="100" /> <br> OMEN SEC-CLI v1.0.20 </p>
+# <p align="center"> <img src="https://img.icons8.com/nolan/128/security-shield.png" width="100" /> <br> OMEN SEC-CLI v1.0.21 </p>
 
 <p align="center">
-  <img src="https://img.shields.io/badge/Version-1.0.20-red?style=for-the-badge" />
+  <img src="https://img.shields.io/badge/Version-1.0.21-red?style=for-the-badge" />
   <img src="https://img.shields.io/badge/Phase--Based-DevSecOps-000000?style=for-the-badge&logo=openai" />
   <img src="https://img.shields.io/badge/Zero--Copy-AI--Protocol-green?style=for-the-badge" />
 </p>

package/bin/index.js

@@ -12,7 +12,7 @@ const program = new Command();
 program
   .name('omen')
   .description('OMEN — AI Security Engine & DevSecOps Audit Framework')
-  .version('1.0.20');
+  .version('1.0.21');
 
 // Old command for backward compatibility
 program

package/core/engine-v2.js

@@ -134,7 +134,12 @@ export async function execute() {
     target: state.discovery?.path || process.cwd(),
     scan_id: `OMEN-${Date.now()}`,
     discovery: state.discovery || {},
-    plan: state.plan || {}
+    plan: state.plan || {},
+    attack_surface: {
+      endpoints: state.discovery?.entrypoints || [],
+      tech_stack: state.discovery?.stack ? [state.discovery.stack] : [],
+      critical_files: state.discovery?.critical_files || []
+    }
   };
 
   await saveState(resultData);

package/core/remote-scanner.js

@@ -15,12 +15,18 @@ export async function scanRemoteTarget(targetUrl) {
     const response = await axios.get(targetUrl, {
       timeout: 15000,
       validateStatus: () => true,
-      headers: { 'User-Agent': 'OMEN-SEC-CLI/1.0.20 (Security Audit)' }
+      headers: { 'User-Agent': 'OMEN-SEC-CLI/1.0.21 (Security Audit)' }
     });
 
     serverStatus = response.status;
     const headers = response.headers;
-    const html = response.data;
+    const html = response.data || '';
+
+    // --- WAF / CHALLENGE DETECTION ---
+    const isVercelChallenge = headers['x-vercel-mitigated'] === 'challenge' || (typeof html === 'string' && html.includes('Vercel Security Checkpoint'));
+    if (isVercelChallenge) {
+      techStack.push('Vercel WAF (Challenge Active)');
+    }
 
     // --- TECHNOLOGY FINGERPRINTING ---
     if (headers['x-powered-by']) techStack.push(headers['x-powered-by']);
@@ -32,98 +38,100 @@ export async function scanRemoteTarget(targetUrl) {
     if (html.includes('nuxt')) techStack.push('Nuxt.js');
 
     // --- Header Analysis (Existing - Refined Descriptions) ---
-    if (!headers['strict-transport-security']) {
-      headers_analysis["Strict-Transport-Security"] = "Missing";
-      vulnerabilities.push({
-        id: `REM-VULN-${Date.now()}-1`,
-        kind: 'header',
-        category: 'hardening',
-        confidence: 'high',
-        severity: 'medium',
-        title: 'HSTS Header Missing',
-        description: `HTTP Strict-Transport-Security (HSTS) header is missing. This prevents the browser from enforcing HTTPS-only connections for future visits.`,
-        cwe: 'CWE-319',
-        evidence: { 
-          request: { headers: { ...response.request.headers } }, 
-          response: { status: response.status, headers: response.headers },
-          reason: 'Security header "Strict-Transport-Security" not found in server response.'
-        },
-        remediation: 'Implement the Strict-Transport-Security header with a long max-age (e.g., 31536000) and the includeSubDomains directive.'
-      });
-    }
+    if (!isVercelChallenge) {
+      if (!headers['strict-transport-security']) {
+        headers_analysis["Strict-Transport-Security"] = "Missing";
+        vulnerabilities.push({
+          id: `REM-VULN-${Date.now()}-1`,
+          kind: 'header',
+          category: 'hardening',
+          confidence: 'high',
+          severity: 'medium',
+          title: 'HSTS Header Missing',
+          description: `HTTP Strict-Transport-Security (HSTS) header is missing. This prevents the browser from enforcing HTTPS-only connections for future visits.`,
+          cwe: 'CWE-319',
+          evidence: { 
+            request: { headers: { ...response.request.headers } }, 
+            response: { status: response.status, headers: response.headers },
+            reason: 'Security header "Strict-Transport-Security" not found in server response.'
+          },
+          remediation: 'Implement the Strict-Transport-Security header with a long max-age (e.g., 31536000) and the includeSubDomains directive.'
+        });
+      }
 
-    if (!headers['content-security-policy']) {
-      headers_analysis["Content-Security-Policy"] = "Missing";
-      vulnerabilities.push({
-        id: `REM-VULN-${Date.now()}-2`,
-        kind: 'header',
-        category: 'confirmed',
-        confidence: 'high',
-        severity: 'high',
-        title: 'Content-Security-Policy Missing',
-        description: `CSP header is missing. Without a strict Content-Security-Policy, the application is highly vulnerable to Cross-Site Scripting (XSS) and data injection attacks.`,
-        cwe: 'CWE-1022',
-        evidence: { 
-          request: { headers: { ...response.request.headers } }, 
-          response: { status: response.status, headers: response.headers },
-          reason: 'Security header "Content-Security-Policy" not found in server response.'
-        },
-        remediation: 'Define a strict Content-Security-Policy to restrict source domains for scripts, styles, and other resources.'
-      });
-    } else {
-      headers_analysis["Content-Security-Policy"] = headers['content-security-policy'];
-      if (headers['content-security-policy'].includes("unsafe-inline")) {
+      if (!headers['content-security-policy']) {
+        headers_analysis["Content-Security-Policy"] = "Missing";
         vulnerabilities.push({
-          id: `REM-VULN-${Date.now()}-3`,
+          id: `REM-VULN-${Date.now()}-2`,
           kind: 'header',
           category: 'confirmed',
           confidence: 'high',
           severity: 'high',
-          title: 'Insecure CSP (unsafe-inline)',
-          description: `The Content-Security-Policy allows 'unsafe-inline' for scripts or styles, significantly weakening protection against XSS.`,
-          cwe: 'CWE-16',
-          evidence: { finding: `policy: ${headers['content-security-policy']}` },
-          remediation: 'Refactor the application to avoid inline scripts and styles, then remove "unsafe-inline" from the CSP.'
+          title: 'Content-Security-Policy Missing',
+          description: `CSP header is missing. Without a strict Content-Security-Policy, the application is highly vulnerable to Cross-Site Scripting (XSS) and data injection attacks.`,
+          cwe: 'CWE-1022',
+          evidence: { 
+            request: { headers: { ...response.request.headers } }, 
+            response: { status: response.status, headers: response.headers },
+            reason: 'Security header "Content-Security-Policy" not found in server response.'
+          },
+          remediation: 'Define a strict Content-Security-Policy to restrict source domains for scripts, styles, and other resources.'
         });
+      } else {
+        headers_analysis["Content-Security-Policy"] = headers['content-security-policy'];
+        if (headers['content-security-policy'].includes("unsafe-inline")) {
+          vulnerabilities.push({
+            id: `REM-VULN-${Date.now()}-3`,
+            kind: 'header',
+            category: 'confirmed',
+            confidence: 'high',
+            severity: 'high',
+            title: 'Insecure CSP (unsafe-inline)',
+            description: `The Content-Security-Policy allows 'unsafe-inline' for scripts or styles, significantly weakening protection against XSS.`,
+            cwe: 'CWE-16',
+            evidence: { finding: `policy: ${headers['content-security-policy']}` },
+            remediation: 'Refactor the application to avoid inline scripts and styles, then remove "unsafe-inline" from the CSP.'
+          });
+        }
       }
-    }
 
-    // 3. Analisar X-Frame-Options
-    if (!headers['x-frame-options']) {
-      headers_analysis["X-Frame-Options"] = "Missing";
-      vulnerabilities.push({
-        id: `REM-VULN-${Date.now()}-4`,
-        kind: 'header',
-        category: 'hardening',
-        confidence: 'high',
-        severity: 'low',
-        title: 'X-Frame-Options Missing',
-        description: `Missing X-Frame-Options header. This allows the application to be embedded in an iframe on other domains, increasing Clickjacking risk.`,
-        cwe: 'CWE-1021',
-        evidence: { 
-          request: { headers: { ...response.request.headers } }, 
-          response: { status: response.status, headers: response.headers },
-          reason: 'Security header "X-Frame-Options" not found. This allows the site to be embedded in iframes on third-party domains.'
-        },
-        remediation: 'Set the X-Frame-Options header to DENY or SAMEORIGIN.'
-      });
-    }
+      // 3. Analisar X-Frame-Options
+      if (!headers['x-frame-options']) {
+        headers_analysis["X-Frame-Options"] = "Missing";
+        vulnerabilities.push({
+          id: `REM-VULN-${Date.now()}-4`,
+          kind: 'header',
+          category: 'hardening',
+          confidence: 'high',
+          severity: 'low',
+          title: 'X-Frame-Options Missing',
+          description: `Missing X-Frame-Options header. This allows the application to be embedded in an iframe on other domains, increasing Clickjacking risk.`,
+          cwe: 'CWE-1021',
+          evidence: { 
+            request: { headers: { ...response.request.headers } }, 
+            response: { status: response.status, headers: response.headers },
+            reason: 'Security header "X-Frame-Options" not found. This allows the site to be embedded in iframes on third-party domains.'
+          },
+          remediation: 'Set the X-Frame-Options header to DENY or SAMEORIGIN.'
+        });
+      }
 
-    // 3.1 Analisar X-Content-Type-Options
-    if (!headers['x-content-type-options']) {
-      headers_analysis["X-Content-Type-Options"] = "Missing";
-      vulnerabilities.push({
-        id: `REM-VULN-${Date.now()}-6`,
-        kind: 'header',
-        category: 'hardening',
-        confidence: 'high',
-        severity: 'low',
-        title: 'X-Content-Type-Options Missing',
-        description: `The X-Content-Type-Options: nosniff header is missing. This could allow the browser to "sniff" the content type, potentially leading to MIME-type sniffing attacks.`,
-        cwe: 'CWE-116',
-        evidence: { response: { headers: response.headers } },
-        remediation: 'Add the "X-Content-Type-Options: nosniff" header to all responses.'
-      });
+      // 3.1 Analisar X-Content-Type-Options
+      if (!headers['x-content-type-options']) {
+        headers_analysis["X-Content-Type-Options"] = "Missing";
+        vulnerabilities.push({
+          id: `REM-VULN-${Date.now()}-6`,
+          kind: 'header',
+          category: 'hardening',
+          confidence: 'high',
+          severity: 'low',
+          title: 'X-Content-Type-Options Missing',
+          description: `The X-Content-Type-Options: nosniff header is missing. This could allow the browser to "sniff" the content type, potentially leading to MIME-type sniffing attacks.`,
+          cwe: 'CWE-116',
+          evidence: { response: { headers: response.headers } },
+          remediation: 'Add the "X-Content-Type-Options: nosniff" header to all responses.'
+        });
+      }
     }
 
     // 4. Server Header Leak
@@ -297,6 +305,8 @@ export async function scanRemoteTarget(targetUrl) {
       '/api/auth/session', '/api/graphql', '/actuator/health', '/.ssh/id_rsa'
     ];
 
+    const forbiddenPaths = [];
+
     for (const path of aggressivePaths) {
       try {
         const fuzzUrl = new URL(path, targetUrl).href;
@@ -305,6 +315,11 @@ export async function scanRemoteTarget(targetUrl) {
           validateStatus: (status) => status >= 200 && status < 500
         });
 
+        if (fuzzRes.status === 403) {
+          forbiddenPaths.push(path);
+          continue;
+        }
+
         const finding = await validateFuzzerFinding(path, fuzzRes, fuzzUrl);
         if (finding) {
           vulnerabilities.push(finding);
@@ -314,6 +329,21 @@ export async function scanRemoteTarget(targetUrl) {
       }
     }
 
+    if (forbiddenPaths.length > 0) {
+      vulnerabilities.push({
+        id: `REM-ENUM-FORBIDDEN-${Date.now()}`,
+        kind: 'path',
+        category: 'informational',
+        confidence: 'high',
+        severity: 'info',
+        title: 'Path Enumeration: Protected Resources',
+        description: `Multiple paths (${forbiddenPaths.length}) returned 403 Forbidden, confirming their existence but restricted access.`,
+        cwe: 'CWE-204',
+        evidence: { forbidden_paths: forbiddenPaths },
+        remediation: 'Ensure that 403 responses do not leak internal structure and that access controls are correctly configured.'
+      });
+    }
+
     // --- OFFENSIVE PARAMETER FUZZING ---
     const injectionPayloads = [
       { type: 'SQLi', param: "' OR '1'='1", severity: 'Critical', cwe: 'CWE-89' },
@@ -338,7 +368,7 @@ export async function scanRemoteTarget(targetUrl) {
           const res = await axios.get(testUrl.href, { 
             timeout: 5000, 
             validateStatus: () => true,
-            headers: { 'User-Agent': 'OMEN-SEC-CLI/1.0.20 (Security Audit)' }
+            headers: { 'User-Agent': 'OMEN-SEC-CLI/1.0.21 (Security Audit)' }
           });
           
           const evidence = {

package/core/reporters/fix-plan-reporter.js

@@ -41,6 +41,6 @@ export function generateFixPlan(scanData) {
     });
   }
 
-  md += `\n*Gerado automaticamente pelo OMEN SEC-CLI v1.0.20 - Protocolo Zero-Copy AI Ativo*\n`;
+  md += `\n*Gerado automaticamente pelo OMEN SEC-CLI v1.0.21 - Protocolo Zero-Copy AI Ativo*\n`;
   return md;
 }

package/core/ui-server.js

@@ -128,10 +128,10 @@ export async function startUIServer() {
                               <span class="w-2 h-2 bg-blue-500 rounded-full mr-2"></span> Phase Intelligence
                           </h2>
                           <div class="space-y-4 text-sm">
-                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Stack Detected</span> <span class="text-gray-300 font-bold">${(report && report.discovery && report.discovery.stack) || 'N/A'}</span> </div>
-                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Boot Strategy</span> <span class="mono text-gray-300">${(report && report.discovery && report.discovery.boot_strategy) || 'None'}</span> </div>
-                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Execution Steps</span> <span class="text-gray-300">${(report && report.plan && report.plan.steps && report.plan.steps.length) || 0} steps</span> </div>
-                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Last Scan Status</span> <span class="text-green-500 font-bold uppercase">${(report && report.execution && report.execution.status) || 'N/A'}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Target URL</span> <span class="mono text-gray-300">${(report && report.target) || 'N/A'}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Tech Stack</span> <span class="text-gray-300">${(report && report.attack_surface && report.attack_surface.tech_stack && report.attack_surface.tech_stack.join(', ')) || 'N/A'}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Endpoints Discovered</span> <span class="text-gray-300">${(report && report.attack_surface && report.attack_surface.endpoints && report.attack_surface.endpoints.length) || 0}</span> </div>
+                              <div class="flex justify-between border-b border-gray-800 pb-2"> <span class="text-gray-500">Critical Files</span> <span class="text-gray-300">${(report && report.attack_surface && report.attack_surface.critical_files && report.attack_surface.critical_files.length) || 0}</span> </div>
                           </div>
                       </div>
                   </div>
@@ -266,7 +266,7 @@ export async function startUIServer() {
               </div>
 
               <footer class="text-center text-gray-600 mt-16 border-t border-gray-900 pt-8 mb-10">
-                  <p class="text-xs uppercase tracking-widest font-bold mb-2">OMEN Security Framework - v1.0.20</p>
+                  <p class="text-xs uppercase tracking-widest font-bold mb-2">OMEN Security Framework - v1.0.21</p>
                   <p class="text-[10px] text-gray-700 italic">"The eye that never sleeps, the code that never fails."</p>
               </footer>
           </div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "omen-sec-cli",
-  "version": "1.0.20",
+  "version": "1.0.21",
   "description": "OMEN — AI Security Engine",
   "engines": {
     "node": ">=20.0.0"

package/ui/banner.js

@@ -9,7 +9,7 @@ export function showBanner() {
  ╚██████╔╝██║ ╚═╝ ██║███████╗██║ ╚████║ 
  `));
   console.log(chalk.cyan.bold(' OMEN — AI Security Engine '));
-  console.log(chalk.gray(' Version: 1.0.20 \n'));
+  console.log(chalk.gray(' Version: 1.0.21 \n'));
 }
 
 export function showHelp() {