sentinel-scanner 2.4.1 → 2.5.0

package/build/xhr-sync-worker.js

@@ -1,59 +0,0 @@
-"use strict";
-const util = require("util");
-const { JSDOM } = require("../../../..");
-const { READY_STATES } = require("./xhr-utils");
-const idlUtils = require("../generated/utils");
-const tough = require("tough-cookie");
-
-const dom = new JSDOM();
-const xhr = new dom.window.XMLHttpRequest();
-const xhrImpl = idlUtils.implForWrapper(xhr);
-
-const chunks = [];
-
-process.stdin.on("data", chunk => {
-  chunks.push(chunk);
-});
-
-process.stdin.on("end", () => {
-  const buffer = Buffer.concat(chunks);
-
-  const flag = JSON.parse(buffer.toString());
-  if (flag.body && flag.body.type === "Buffer" && flag.body.data) {
-    flag.body = Buffer.from(flag.body.data);
-  }
-  if (flag.cookieJar) {
-    flag.cookieJar = tough.CookieJar.fromJSON(flag.cookieJar);
-  }
-
-  flag.synchronous = false;
-  Object.assign(xhrImpl.flag, flag);
-  const { properties } = xhrImpl;
-  xhrImpl.readyState = READY_STATES.OPENED;
-  try {
-    xhr.addEventListener("loadend", () => {
-      if (properties.error) {
-        properties.error = properties.error.stack || util.inspect(properties.error);
-      }
-      process.stdout.write(JSON.stringify({
-        responseURL: xhrImpl.responseURL,
-        status: xhrImpl.status,
-        statusText: xhrImpl.statusText,
-        properties
-      }), () => {
-        process.exit(0);
-      });
-    }, false);
-    xhr.send(flag.body);
-  } catch (error) {
-    properties.error += error.stack || util.inspect(error);
-    process.stdout.write(JSON.stringify({
-      responseURL: xhrImpl.responseURL,
-      status: xhrImpl.status,
-      statusText: xhrImpl.statusText,
-      properties
-    }), () => {
-      process.exit(0);
-    });
-  }
-});

package/docs/CNAME

@@ -1 +0,0 @@
-oss.rebackk.xyz

package/docs/disclaimer.md

@@ -1,68 +0,0 @@
----
-layout: default
-title: Sentinel by Rebackk | Disclaimer
----
-# DISCLAIMER
-
-Last Updated: **10/11/2024**
-
-### 1. General Information
-
-This web vulnerability scanner (“the Tool”) is provided by Esportzvio Private Limited (“the Company”) under the product name Sentinel. The Tool is designed to identify potential security vulnerabilities in web applications and APIs. It is intended solely for educational and informational purposes to help enhance cybersecurity. By using this Tool, you acknowledge that you have read, understood, and agreed to the terms of this Disclaimer.
-
-### 2. No Guarantee of Security
-
-The Tool is designed to detect certain security vulnerabilities; however, it does not guarantee that your website, application, or network will be free from security threats or that all vulnerabilities will be detected. The Company makes no representations or warranties regarding the completeness, accuracy, or effectiveness of the Tool’s scanning capabilities. Security is a complex field, and this Tool should be used as part of a broader security strategy.
-
-### 3. Use at Your Own Risk
-
-By using the Tool, you acknowledge that you do so at your own risk. The Company is not responsible for any direct, indirect, incidental, special, or consequential damages, losses, or liabilities resulting from the use of the Tool, including but not limited to data loss, system downtime, unauthorized access, security breaches, or legal implications. It is strongly recommended that you use the Tool only on non-production environments or systems where you have full ownership and authorization.
-
-### 4. Authorization to Scan
-
-You must obtain explicit written permission from the website, application, or network owner before using the Tool to scan any system. Unauthorized use of this Tool on systems that you do not own or have explicit permission to test is strictly prohibited and may be illegal, potentially resulting in civil, criminal, or regulatory penalties. The Company disclaims all responsibility for any misuse of the Tool, including any legal consequences that may arise from unauthorized usage.
-
-### 5. Ethical Usage Clause
-
-The Tool is intended solely for ethical security testing purposes. By using this Tool, you agree to:
-- Only scan systems for which you have obtained explicit written consent from the system owner.
-- Not use the Tool for any illegal, unethical, or malicious activities, including but not limited to unauthorized hacking, data theft, denial of service attacks, or any form of exploitation.
-- Ensure compliance with all applicable local, national, and international laws and regulations related to cybersecurity, data protection, and privacy.
-- Refrain from sharing, distributing, or using the Tool for purposes that could harm, disrupt, or compromise any system without proper authorization.
-
-Any misuse of this Tool for malicious purposes, unethical hacking, or unauthorized access to systems is strictly prohibited and will result in immediate termination of your access to the Tool, along with potential legal action by the Company.
-
-### 6. No Legal or Professional Advice
-
-The results and outputs of the Tool are provided for informational purposes only and should not be considered a substitute for professional cybersecurity advice. The Company is not liable for any decisions or actions taken based on the Tool’s findings. Always consult with a qualified cybersecurity professional before implementing any security measures based on the Tool’s results.
-
-### 7. Limitation of Liability
-
-To the fullest extent permitted by law, the Company, its affiliates, partners, and licensors shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, revenue, data, or other intangible losses arising from or in connection with your use or misuse of the Tool, regardless of whether the Company has been advised of the possibility of such damages.
-
-### 8. Indemnification
-
-You agree to indemnify, defend, and hold harmless the Company, its officers, directors, employees, agents, and affiliates from any and all claims, liabilities, damages, losses, or expenses, including reasonable attorneys’ fees, arising out of or in any way connected with:
-- Your access to or use of the Tool.
-- Your violation of any terms of this Disclaimer.
-- Your violation of any rights of a third party, including intellectual property rights.
-- Your violation of any applicable laws or regulations.
-
-### 9. Compliance with Laws
-
-By using this Tool, you agree to comply with all applicable laws, regulations, and guidelines, including but not limited to data protection laws, cybersecurity laws, and any other regulations relevant to your jurisdiction. The Company is not responsible for any violations of the law resulting from your use of the Tool.
-
-### 10. Changes to This Disclaimer
-
-The Company reserves the right to modify, update, or change this Disclaimer at any time without prior notice. Your continued use of the Tool after any changes are made constitutes your acceptance of the revised Disclaimer. It is your responsibility to review this Disclaimer periodically for updates.
-
-### 11. Governing Law and Jurisdiction
-
-This Disclaimer shall be governed by and construed in accordance with the laws of India, without regard to its conflict of laws principles. Any disputes arising out of or related to this Disclaimer or your use of the Tool shall be subject to the exclusive jurisdiction of the courts located in Muzaffarpur, Bihar, India.
-
-### 12. Contact Information
-
-If you have any questions, concerns, or require further clarification regarding this Disclaimer, please contact us at:
-
-- Email: **legal@esportzvio.com**
-- Address: **Esportzvio Private Limited, Muzaffarpur, Bihar, 842001, India.**

package/docs/headers/details.md

@@ -1,114 +0,0 @@
----
-layout: default
-title: Sentinel by Rebackk | Header Scanner Details
----
-
-### **Understanding Header Security: Enhancing Your Web Application's Safety**
-
-#### **Introduction**  
-As web applications grow increasingly complex, security becomes a paramount concern. One of the foundational layers of web security is ensuring that HTTP headers are correctly implemented. Misconfigured or missing security headers can make applications vulnerable to a wide range of attacks. In this guide, we'll explore the importance of security headers, common issues detected by Rebackk's Sentinel tool, and how you can enhance your web application's security.
-
----
-
-### **What are HTTP Headers?**  
-HTTP headers are metadata sent between the client and the server, providing essential information about the request and response. Some headers are used to secure your application against common vulnerabilities, while others provide additional information that may be useful but could potentially leak sensitive details.
-
-#### **Types of HTTP Headers**
-
-1. **Security Headers**: These headers help protect your application from various attacks such as clickjacking, XSS, and downgrade attacks. Common security headers include `Strict-Transport-Security`, `X-Content-Type-Options`, and `Content-Security-Policy`.
-   
-2. **Informational Headers**: These headers provide metadata about the server and the application but can reveal critical details that attackers may exploit. For example, headers like `Server`, `X-Powered-By`, and `X-AspNet-Version` can give away information about the technology stack behind your web application.
-
----
-
-### **Security Headers to Use**
-
-1. **X-Content-Type-Options**  
-   - **Description**: Prevents MIME-type sniffing by forcing the browser to respect the declared content type.  
-   - **Recommendation**: `nosniff`  
-   - **Why It Matters**: Ensures browsers interpret content as the type declared by the server and avoid potential vulnerabilities due to content type mismatches.  
-   - **Example**:  
-     ```plaintext
-     X-Content-Type-Options: nosniff
-     ```
-
-2. **X-Frame-Options**  
-   - **Description**: Mitigates clickjacking attacks by preventing the page from being embedded in an iframe.  
-   - **Recommendation**: `DENY` or `SAMEORIGIN`  
-   - **Why It Matters**: Prevents attackers from embedding your site in a malicious iframe and deceiving users into interacting with hidden UI elements.  
-   - **Example**:  
-     ```plaintext
-     X-Frame-Options: DENY
-     ```
-
-3. **Strict-Transport-Security**  
-   - **Description**: Enforces HTTPS and prevents downgrade attacks.  
-   - **Recommendation**: `max-age=31536000; includeSubDomains; preload`  
-   - **Why It Matters**: Ensures that browsers only communicate with your server over HTTPS, reducing the risk of man-in-the-middle attacks.  
-   - **Example**:  
-     ```plaintext
-     Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
-     ```
-
-4. **Content-Security-Policy (CSP)**  
-   - **Description**: Prevents cross-site scripting (XSS) and data injection attacks.  
-   - **Recommendation**: `script-src 'self'; object-src 'none'`  
-   - **Why It Matters**: CSP allows you to specify trusted sources for content, mitigating risks from malicious third-party content.  
-   - **Example**:  
-     ```plaintext
-     Content-Security-Policy: script-src 'self'; object-src 'none'
-     ```
-
----
-
-### **Informational Headers to Avoid**
-
-1. **Server**  
-   - **Description**: Reveals server software information.  
-   - **Recommendation**: Remove or obfuscate this header.  
-   - **Why It Matters**: Exposing the server's software details can help attackers tailor their attacks based on known vulnerabilities of specific technologies.  
-   - **Example**:  
-     ```plaintext
-     Server: (Remove this header)
-     ```
-
-2. **X-Powered-By**  
-   - **Description**: Reveals information about the framework (e.g., Express, PHP).  
-   - **Recommendation**: Remove or set to a generic value.  
-   - **Why It Matters**: Similar to the `Server` header, exposing framework details can make your application a target for attacks.  
-   - **Example**:  
-     ```plaintext
-     X-Powered-By: (Remove or set to generic)
-     ```
-
-3. **X-AspNet-Version**  
-   - **Description**: Reveals ASP.NET version.  
-   - **Recommendation**: Remove this header.  
-   - **Why It Matters**: Knowing the version of ASP.NET running on the server can provide attackers with the necessary details to exploit specific vulnerabilities.  
-   - **Example**:  
-     ```plaintext
-     X-AspNet-Version: (Remove this header)
-     ```
-
-4. **X-Drupal-Dynamic-Cache**  
-   - **Description**: Reveals Drupal cache status.  
-   - **Recommendation**: Remove this header.  
-   - **Why It Matters**: Information about your CMS or cache status could be used in crafting targeted attacks against specific vulnerabilities in those systems.  
-   - **Example**:  
-     ```plaintext
-     X-Drupal-Dynamic-Cache: (Remove this header)
-     ```
-
----
-
-### **How Sentinel by Rebackk Helps**
-
-Rebackk’s **Sentinel** tool scans your web application for misconfigured or missing headers and provides actionable recommendations for improvement. By automating header checks, Sentinel helps ensure that your web application follows security best practices and minimizes information leakage risks.
-
----
-
-### **Conclusion**
-
-Security headers play a crucial role in safeguarding your web applications from a variety of attacks. By ensuring that security headers are properly configured and informational headers are removed, you can enhance the overall security posture of your application. Sentinel by Rebackk helps automate this process, making it easier to maintain a secure web environment.
-
-Start your journey towards a secure web experience by trying **Sentinel for free** today. Visit [Rebackk](https://rebackk.xyz) to learn more.

package/docs/headers/index.md

@@ -1,73 +0,0 @@
----
-layout: default
-title: Sentinel by Rebackk | Header Scanner
----
-## Sentinel by Rebackk | Header Scanner Intro
-
-# 🛡️ Header Scanner
-
-A robust Header vulnerability scanner that utilizes the output from the Spider crawler to check websites for missing or misconfigured security headers, which can lead to security risks and information leaks. The scanner supports concurrency, retries, and customizable timeouts, ensuring an efficient and thorough scan.
-
-## Features
-
-- **Leverages Spider Results**: Uses URLs collected by the Spider tool to perform targeted header vulnerability scanning.
-- **Customizable Concurrency**: Supports multiple requests in parallel to speed up the scanning process.
-- **Retries on Failure**: Automatically retries failed requests to enhance reliability.
-- **Timeout Handling**: Configurable timeout for each request to handle slow responses.
-- **Output in JSON Format**: Saves the scan results in a detailed JSON file.
-- **Command Line Interface (CLI)**: Provides a simple and powerful CLI for quick scans.
-
-## Installation and Usage
-
-### Using NPM Exec
-
-- Install the `sentinel-scanner` globally:
-  ```bash
-  npm install -g sentinel-scanner
-  ```
-
-- Run the **Header Scanner** using the Spider results:
-  ```bash
-  npx sentinel-scanner header -s <path_to_spider_results>
-  ```
-
-## Using PreBuilt Releases
-
-- Download the [Latest Release](https://github.com/RebackkHQ/webapp-scanner/releases/latest).
-- Extract the files.
-- Run the Header Scanner from the command line:
-  ```bash
-  npx . header -s <path_to_spider_results>
-  ```
-
-## Parameters
-
-### Options
-
-| Option             | Alias | Type     | Default                                      | Description                                                      |
-|--------------------|-------|----------|----------------------------------------------|------------------------------------------------------------------|
-| `--spiderResults`  | `-s`  | `string` | -                                            | Path to the spider results file (**required**).                  |
-| `--output`         | `-o`  | `string` | `sentinel_output/headerResults_<timestamp>.json` | Path to save the output JSON file.                               |
-| `--concurrency`    | `-c`  | `number` | 10                                           | Number of concurrent requests (range: 1-20).                     |
-| `--timeout`        | `-t`  | `number` | 5000 (ms)                                    | Timeout for each request in milliseconds (range: 0-25,000).      |
-| `--retries`        | `-r`  | `number` | 3                                            | Number of retries for each request (range: 0-10).                |
-
-## Example Commands
-
-### Basic Scan
-To scan for header vulnerabilities using Spider results:
-```bash
-npx sentinel-scanner header -s spiderResults.json
-```
-
-### Advanced Scan with Custom Output and Concurrency
-To scan with custom concurrency, timeout, and output path:
-```bash
-npx sentinel-scanner header -s spiderResults.json -c 15 -t 8000 -o ./output/headerScanResults.json
-```
-
-### Default Output Path
-If the `--output` option is not specified, the results will be saved to:
-```
-sentinel_output/headerResults_<timestamp>.json
-```

package/docs/index.md

@@ -1,82 +0,0 @@
----
-layout: default
-title: Sentinel by Rebackk
----
-
-<div align="center" style="margin-top: 20px;">
-  <h1>Sentinel by Rebackk 🛡️</h1>
-  <p><em>(Work in Progress)</em></p>
-  <a href="https://www.sentinel.rebackk.xyz">
-    <img src='https://raw.githubusercontent.com/RebackkHQ/webapp-scanner/main/.github/assets/header.png' alt="Sentinel Logo" style="max-width: 100%; height: auto;">
-  </a>
-</div>
-
-<div align="center">
-  <h2>Open Source Web App Vulnerability Scanner</h2>
-  <p>
-    Helping developers and security teams detect critical vulnerabilities effortlessly.
-  </p>
-  <a href="https://www.sentinel.rebackk.xyz" class="btn btn-primary">Learn More »</a>
-</div>
-
----
-
-## 🔓 Try the Free Version, Upgrade for More
-
-Sentinel is an open-source web app vulnerability scanner developed by [Rebackk](https://rebackk.xyz). The open-source edition provides essential security scanning capabilities, while our subscription plans unlock advanced features tailored for robust security.
-
-<div style="padding: 20px; border-radius: 8px;">
-  <h3>Why Upgrade?</h3>
-  <ul>
-    <li><strong>Enhanced Vulnerability Coverage:</strong> Access to advanced checks for deeper scans.</li>
-    <li><strong>Automated Scanning:</strong> Schedule scans to maintain your app’s security posture.</li>
-    <li><strong>Premium Support:</strong> Priority assistance from our expert team.</li>
-    <li><strong>Advanced Reporting:</strong> Gain in-depth insights into potential risks.</li>
-    <li><strong>Integration Options:</strong> Connect with CI/CD pipelines, DevOps tools, and cloud services.</li>
-  </ul>
-  <a href="https://sentinel.rebackk.xyz" class="btn btn-success">Explore Paid Plans »</a>
-</div>
-
----
-
-## 🌟 Community & Support
-<div align="center">
-  <a href="https://discord.gg/dCkyNUFm">Join our Discord</a> ·
-  <a href="https://www.sentinel.rebackk.xyz?ref=SentinelGithub">Visit Website</a> ·
-  <a href="https://github.com/RebackkHQ/webapp-scanner/issues">Report Issues</a>
-</div>
-
----
-
-## Contributing 🤝
-
-We welcome contributions! If you want to help us build the best web vulnerability scanner, check our [contributing guidelines](https://github.com/RebackkHQ/webapp-scanner?tab=coc-ov-file). Feel free to submit issues and pull requests.
-
-## Disclaimer
-
-By using Sentinel, you agree to our [DISCLAIMER]({{ site.url }}{{ site.baseurl }}/disclaimer). Please read it carefully before using the tool.
-
-**Key points:**
-- Scan only systems you have explicit permission to test.
-- The tool is provided "as-is" without any warranties.
-- We are not liable for misuse, damages, or legal issues arising from using this tool.
-
----
-
-## 📄 Detailed Documentation
-
-- [Introduction]({{ site.url }}{{ site.baseurl }})
-- [Spider Scanner]({{ site.url }}{{ site.baseurl }}/spider/)
-- [XSS Scanner]({{ site.url }}{{ site.baseurl }}/xss/)
-  - [Vulnerability Details]({{ site.url }}{{ site.baseurl }}/xss/details)
-- [HTTP Headers Scanner]({{ site.url }}{{ site.baseurl }}/headers/)
-  - [Vulnerability Details]({{ site.url }}{{ site.baseurl }}/headers/details)
-- [SQL Injection Scanner]({{ site.url }}{{ site.baseurl }}/sql-injection/)
-  - [Vulnerability Details]({{ site.url }}{{ site.baseurl }}/sql-injection/details)
-- [Ports Scanning]({{ site.url }}{{ site.baseurl }}/ports/)
-- [Scoring]({{ site.url }}{{ site.baseurl }}/scoring/)
-- [Disclaimer]({{ site.url }}{{ site.baseurl }}/disclaimer)
-
-<div align="center">
-  <a href="https://www.sentinel.rebackk.xyz" class="btn btn-primary">Get Started »</a>
-</div>

package/docs/ports/index.md

@@ -1,86 +0,0 @@
----
-layout: default  
-title: Sentinel by Rebackk | Ports Scanner  
----
-
-## Sentinel by Rebackk | Ports Scanner Intro
-
-# 🛡️ Ports Scanner
-
-The **Ports Scanner** is a powerful tool designed to identify open ports on a target website, leveraging the results of a Spider crawl. It provides customizable settings such as port ranges, concurrency, and timeouts, ensuring efficient and thorough scanning for open ports.
-
-## Features
-
-- **Leverages Spider Results**: Uses URLs from the Spider tool to perform port scanning on relevant website endpoints.
-- **Customizable Port Range**: Scan for open ports within a specified range or across a wide range (1-65535).
-- **Concurrency Support**: Perform multiple scans simultaneously to speed up the process.
-- **Timeout Handling**: Configurable timeout for each request to manage slow or unresponsive services.
-- **Allow List**: Option to scan specific ports or allow certain ports to be skipped.
-- **Output in JSON Format**: Stores scan results in an easy-to-use JSON file for further analysis.
-- **Command Line Interface (CLI)**: Simple and flexible CLI for on-the-go scanning.
-
-## Installation and Usage
-
-### Using NPM Exec
-
-- Install the `sentinel-scanner` globally:
-  ```bash
-  npm install -g sentinel-scanner
-  ```
-
-- Run the **Ports Scanner** using Spider results:
-  ```bash
-  npx sentinel-scanner ports -s <path_to_spider_results>
-  ```
-
-## Using PreBuilt Releases
-
-- Download the [Latest Release](https://github.com/RebackkHQ/webapp-scanner/releases/latest).
-- Extract the files.
-- Run the Ports Scanner from the command line:
-  ```bash
-  npx . ports -s <path_to_spider_results>
-  ```
-
-## Parameters
-
-### Options
-
-| Option             | Alias | Type     | Default                                        | Description                                                       |
-|--------------------|-------|----------|------------------------------------------------|-------------------------------------------------------------------|
-| `--spiderResults`  | `-s`  | `string` | -                                              | Path to the spider results file (**required**).                   |
-| `--output`         | `-o`  | `string` | `sentinel_output/portsResults_<timestamp>.json` | Path to save the output JSON file.                                |
-| `--concurrency`    | `-c`  | `number` | 10                                             | Number of concurrent requests (range: 1-20).                      |
-| `--timeout`        | `-t`  | `number` | 5000 (ms)                                      | Timeout for each request in milliseconds (range: 0-25,000).       |
-| `--fromPort`       | `-fp` | `number` | 1                                              | Starting port to scan (range: 1-65535).                           |
-| `--toPort`         | `-tp` | `number` | 8080                                           | Ending port to scan (range: 1-65535).                             |
-| `--allowList`      | `-al` | `array`  | [22, 80, 443]                                  | List of ports to allow (will not be scanned).                     |
-
-## Example Commands
-
-### Basic Scan
-To scan for open ports using Spider results:
-```bash
-npx sentinel-scanner ports -s spiderResults.json
-```
-
-### Advanced Scan with Custom Output and Concurrency
-To scan with custom concurrency, timeout, and output path:
-```bash
-npx sentinel-scanner ports -s spiderResults.json -c 15 -t 8000 -o ./output/portsScanResults.json
-```
-
-### Default Output Path
-If the `--output` option is not specified, the results will be saved to:
-```
-sentinel_output/portsResults_<timestamp>.json
-```
-
-## Example Output
-
-The Ports Scanner will generate a JSON file that contains detailed results about each scanned port, including:
-
-- **Port Number**: The port that was scanned.
-- **Status**: Whether the port is open or closed.
-- **Target URL**: The URL that was scanned.
-- **Error Message**: If any error occurred during the scan.

package/docs/scoring.md

@@ -1,91 +0,0 @@
----
-layout: default
-title: Sentinel by Rebackk | Scoring System
----
-
-# Sentinel Vulnerability Scoring System
-
-The Sentinel vulnerability scoring system is built to help security analysts and engineers understand the severity of potential vulnerabilities within their systems. By leveraging the Common Vulnerability Scoring System (CVSS) standards, our system calculates a score between **0.1** and **10.0**, categorizing vulnerabilities into different severity levels. This ensures that organizations can prioritize their remediation efforts effectively.
-
-## Understanding the CVSS Score
-
-The **CVSS score** is generated based on multiple factors such as attack vector, access complexity, privileges required, and user interaction. Our scoring function uses CVSS v3.1 guidelines to provide a reliable assessment. The scoring mechanism is as follows:
-
-### CVSS Metrics
-
-- **Access Vector (AV)**:
-  - `N` (Network): The attacker can exploit the vulnerability remotely.
-  - `A` (Adjacent): The attacker needs to be on the same network segment as the target.
-  - `L` (Local): The attacker requires local access to the target.
-  - `P` (Physical): The attacker needs physical access to the system.
-
-- **Access Complexity (AC)**:
-  - `L` (Low): The attack does not require special conditions.
-  - `H` (High): The attack requires special conditions or circumstances.
-
-- **Privileges Required (PR)**:
-  - `N` (None): The attacker does not need any privileges.
-  - `L` (Low): The attacker needs basic user privileges.
-  - `H` (High): The attacker needs elevated privileges.
-
-- **User Interaction (UI)**:
-  - `N` (None): No user interaction is needed.
-  - `P` (Passive): User interaction is necessary but the attack is passive.
-  - `A` (Active): Active user interaction is required.
-
-- **Scope (S)**:
-  - `N` (None): No impact beyond the vulnerable system.
-  - `C` (Changed): Exploitation of the vulnerability can affect other systems.
-
-- **Confidentiality Impact (C)**:
-  - `N` (None): No impact on confidentiality.
-  - `L` (Low): Partial impact on confidentiality.
-  - `H` (High): Complete impact on confidentiality.
-
-- **Integrity Impact (I)**:
-  - `N` (None): No impact on integrity.
-  - `L` (Low): Partial impact on integrity.
-  - `H` (High): Complete impact on integrity.
-
-- **Availability Impact (A)**:
-  - `N` (None): No impact on availability.
-  - `L` (Low): Partial impact on availability.
-  - `H` (High): Complete impact on availability.
-
-## Severity Levels
-
-Sentinel uses the following classification based on the CVSS score to determine the severity level:
-
-| **CVSS v3 Score Range** | **Severity Level** |
-|-------------------------|--------------------|
-| **0.1 - 3.9**           | Low                |
-| **4.0 - 6.9**           | Medium             |
-| **7.0 - 8.9**           | High               |
-| **9.0 - 10.0**          | Critical           |
-| **0.0**                 | Info               |
-
-## Detailed Definitions of Severity Levels
-
-### Critical
-- **Score**: 9.0 - 10.0
-- **Description**: Vulnerabilities classified as critical are likely to result in a complete compromise of servers or infrastructure. These attacks are typically straightforward, requiring no special privileges, authentication, or social engineering. Exploitation often results in root-level access or control over infrastructure components.
-
-### High
-- **Score**: 7.0 - 8.9
-- **Description**: These vulnerabilities allow attackers to compromise the confidentiality, integrity, or availability of the system. No specialized access or user interaction is needed, and exploitation may lead to lateral movement within the network. Though difficult to exploit, successful attacks can result in significant data breaches or elevated privileges.
-
-### Medium
-- **Score**: 4.0 - 6.9
-- **Description**: Medium-severity vulnerabilities require some level of specialized access or user interaction. Exploitation may provide partial access to systems or be used in conjunction with other vulnerabilities to escalate attacks. These vulnerabilities often require social engineering or presence on the same local network.
-
-### Low
-- **Score**: 0.1 - 3.9
-- **Description**: Low-severity vulnerabilities present limited risk to confidentiality, integrity, or availability. Successful exploitation may require complex conditions, specialized access, or chaining with other vulnerabilities. Typically, these are not critical to immediate operations but should be addressed over time.
-
-### Info
-- **Score**: 0.0
-- **Description**: These are not true vulnerabilities but may indicate potential weaknesses. They provide information that could be used in future attacks, such as system configuration details or application behaviors. It's recommended to minimize information disclosure wherever possible.
-
-## Conclusion
-
-Understanding the severity of vulnerabilities is essential to protecting your systems. The Sentinel Scoring System provides a robust way to assess risks and prioritize remediation efforts, helping you focus on what matters most to your organization's security.

package/docs/spider/index.md

@@ -1,61 +0,0 @@
----
-layout: default
-title: Sentinel by Rebackk | Spider Intro
----
-# 🕷️ Spider
-
-A powerful and customizable web crawler designed to scan websites and extract internal links. This tool is capable of handling concurrency, retries, and timeouts while providing detailed logging for each step. It can be easily used via a CLI command.
-
-## Features
-- **Customizable Crawl Depth**: Define how deep the scanner should go within the site structure.
-
-- **Concurrency Support**: Perform multiple requests in parallel to speed up crawling.
-
-- **Retries on Failure**: Automatically retries fetching URLs on failure.
-
-- **Timeout Handling**: Configurable timeout for each request.
-
-- **User-Agent Rotation**: Randomly rotates User-Agent strings for each request to avoid detection.
-
-- **Extracts Internal Links**: Filters out external links and assets, focusing on internal links.
-
-- **Command Line Interface (CLI)**: Easy-to-use CLI for quick scans.
-
-
-## Installation and Usage
-
-### Using NPM Exec
-
-- Install The `sentinel-scanner` globally
-> ```bash
-> npm install -g sentinel-scanner
-> ```
-
-- You Can Start The **Spider** Crawler Now
-> ```bash
-> npx sentinel-scanner spider -u <url_to_scan>
-> ```
-
-## Using PreBuilt Releases
-
-- Download The [Latest Release](https://github.com/RebackkHQ/webapp-scanner/releases/latest)
-
-- Extract The Code
-
-- Run The CLI Tool Using Command Line
-> ```bash
-> npx . spider -u <url_to_scan>
-> ```
-
-## Parameters
-
-### Options
-
-| Option           | Alias | Type     | Default          | Description                               |
-|------------------|-------|----------|------------------|-------------------------------------------|
-| `--url`          | `-u`  | `string` | -                | The URL of the website to scan (**required**). |
-| `--depth`        | `-d`  | `number` | 250              | Maximum depth to crawl.                   |
-| `--concurrency`  | `-c`  | `number` | 10               | Number of concurrent requests.           |
-| `--timeout`      | `-t`  | `number` | 5000 (ms)        | Timeout for each request in milliseconds. |
-| `--retries`      | `-r`  | `number` | 3                | Number of retries for each request.       |
-| `--output`       | `-o`  | `string` | `sentinel_output/spider_<timestamp>.json` | Output file to save results in JSON format. |