zerov4 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1000) hide show
  1. zerov4/__init__.py +93 -0
  2. zerov4/agent.py +143 -0
  3. zerov4/arx.py +341 -0
  4. zerov4/auth.py +329 -0
  5. zerov4/challenge.py +338 -0
  6. zerov4/cli.py +688 -0
  7. zerov4/config.py +290 -0
  8. zerov4/feedback.py +263 -0
  9. zerov4/firewall.py +487 -0
  10. zerov4/middleware.py +524 -0
  11. zerov4/panel.py +676 -0
  12. zerov4/signatures/access_control_bypass.py +8 -0
  13. zerov4/signatures/account_takeover.py +12 -0
  14. zerov4/signatures/ad_asreproasting_vector.py +10 -0
  15. zerov4/signatures/ad_bloodhound_ingestor_scan.py +10 -0
  16. zerov4/signatures/ad_cert_template_abuse.py +11 -0
  17. zerov4/signatures/ad_constrained_delegation.py +10 -0
  18. zerov4/signatures/ad_dcsync_replication_abuse.py +10 -0
  19. zerov4/signatures/ad_dcsync_shadow_copy_exploit.py +11 -0
  20. zerov4/signatures/ad_golden_ticket_usage.py +10 -0
  21. zerov4/signatures/ad_gpo_malicious_update.py +10 -0
  22. zerov4/signatures/ad_kerberoasting_probe.py +14 -0
  23. zerov4/signatures/ad_ldap_unsigned_query.py +14 -0
  24. zerov4/signatures/ad_lsass_dump_process.py +11 -0
  25. zerov4/signatures/ad_ntlm_downgrade_force.py +10 -0
  26. zerov4/signatures/ad_pass_the_hash_behavior.py +11 -0
  27. zerov4/signatures/ad_printer_bug_rprn.py +10 -0
  28. zerov4/signatures/ad_remote_registry_abuse.py +10 -0
  29. zerov4/signatures/ad_sam_account_spoofing.py +10 -0
  30. zerov4/signatures/ad_shadow_credentials_attack.py +10 -0
  31. zerov4/signatures/ad_silver_ticket_injection.py +10 -0
  32. zerov4/signatures/ad_smb_relay_anomaly.py +10 -0
  33. zerov4/signatures/ad_winrm_brute_force.py +14 -0
  34. zerov4/signatures/ad_wmi_persistence_query.py +11 -0
  35. zerov4/signatures/admin_panel_discovery.py +12 -0
  36. zerov4/signatures/admin_scan.py +4 -0
  37. zerov4/signatures/ai_adversarial_patch_image.py +19 -0
  38. zerov4/signatures/ai_bias_exploitation_flood.py +14 -0
  39. zerov4/signatures/ai_embedding_distance_clash.py +14 -0
  40. zerov4/signatures/ai_fine_tuning_hijack.py +15 -0
  41. zerov4/signatures/ai_hallucination_forcing.py +11 -0
  42. zerov4/signatures/ai_indirect_prompt_injection.py +11 -0
  43. zerov4/signatures/ai_llm_agent_reentrancy.py +14 -0
  44. zerov4/signatures/ai_llm_side_channel_timing.py +14 -0
  45. zerov4/signatures/ai_llm_sql_agent_bypass.py +15 -0
  46. zerov4/signatures/ai_membership_inference_leak.py +11 -0
  47. zerov4/signatures/ai_model_extraction_api.py +15 -0
  48. zerov4/signatures/ai_model_inversion_face.py +11 -0
  49. zerov4/signatures/ai_neural_payload_stego.py +14 -0
  50. zerov4/signatures/ai_onnx_model_deserialization.py +10 -0
  51. zerov4/signatures/ai_prompt_jailbreak_dan.py +12 -0
  52. zerov4/signatures/ai_prompt_leaking_system.py +12 -0
  53. zerov4/signatures/ai_rag_document_poisoning.py +15 -0
  54. zerov4/signatures/ai_token_decoder_manipulation.py +19 -0
  55. zerov4/signatures/ai_training_data_backdoor.py +11 -0
  56. zerov4/signatures/ai_vector_db_shadow_indexing.py +15 -0
  57. zerov4/signatures/anomaly_api_versioning_probe.py +18 -0
  58. zerov4/signatures/anomaly_body_injection.py +14 -0
  59. zerov4/signatures/anomaly_burst_then_slow.py +20 -0
  60. zerov4/signatures/anomaly_connection_pattern.py +15 -0
  61. zerov4/signatures/anomaly_content_type_mismatch.py +19 -0
  62. zerov4/signatures/anomaly_credential_in_url.py +19 -0
  63. zerov4/signatures/anomaly_endpoint_discovery.py +19 -0
  64. zerov4/signatures/anomaly_extension_mismatch.py +22 -0
  65. zerov4/signatures/anomaly_first_seen_payload.py +30 -0
  66. zerov4/signatures/anomaly_header_count.py +13 -0
  67. zerov4/signatures/anomaly_json_depth.py +13 -0
  68. zerov4/signatures/anomaly_mixed_charset.py +16 -0
  69. zerov4/signatures/anomaly_multi_category_attack.py +5 -0
  70. zerov4/signatures/anomaly_never_seen_path.py +18 -0
  71. zerov4/signatures/anomaly_new_param_flood.py +17 -0
  72. zerov4/signatures/anomaly_null_origin.py +12 -0
  73. zerov4/signatures/anomaly_off_hours_access.py +14 -0
  74. zerov4/signatures/anomaly_oversized_param.py +15 -0
  75. zerov4/signatures/anomaly_param_name_entropy.py +13 -0
  76. zerov4/signatures/anomaly_payload_entropy.py +14 -0
  77. zerov4/signatures/anomaly_protocol_downgrade.py +13 -0
  78. zerov4/signatures/anomaly_rare_http_method.py +16 -0
  79. zerov4/signatures/anomaly_referer_chain.py +26 -0
  80. zerov4/signatures/anomaly_repeated_500.py +19 -0
  81. zerov4/signatures/anomaly_request_response_ratio.py +16 -0
  82. zerov4/signatures/anomaly_response_size.py +18 -0
  83. zerov4/signatures/anomaly_response_timing.py +12 -0
  84. zerov4/signatures/anomaly_scan_pattern.py +30 -0
  85. zerov4/signatures/anomaly_sequential_id_probe.py +24 -0
  86. zerov4/signatures/anomaly_suspicious_accept.py +20 -0
  87. zerov4/signatures/anomaly_ua_mismatch.py +20 -0
  88. zerov4/signatures/anomaly_unauthenticated_protected.py +17 -0
  89. zerov4/signatures/anomaly_unknown_encoding.py +20 -0
  90. zerov4/signatures/anti_rev_api_hashing_resolve.py +11 -0
  91. zerov4/signatures/anti_rev_hardware_breakpoint.py +11 -0
  92. zerov4/signatures/anti_rev_int3_instruction.py +15 -0
  93. zerov4/signatures/anti_rev_isdebuggerpresent.py +11 -0
  94. zerov4/signatures/anti_rev_isdebuggerpresent_x64.py +11 -0
  95. zerov4/signatures/anti_rev_pe_header_corruption.py +11 -0
  96. zerov4/signatures/anti_rev_process_injection.py +11 -0
  97. zerov4/signatures/anti_rev_ptrace_detection.py +10 -0
  98. zerov4/signatures/anti_rev_string_obfuscation.py +16 -0
  99. zerov4/signatures/anti_rev_tls_callback_inj.py +11 -0
  100. zerov4/signatures/anti_rev_unhandled_exception.py +12 -0
  101. zerov4/signatures/anti_sandbox_cpu_core_count.py +11 -0
  102. zerov4/signatures/anti_sandbox_delay_execution.py +16 -0
  103. zerov4/signatures/anti_sandbox_device_driver_cl.py +11 -0
  104. zerov4/signatures/anti_sandbox_disk_size_probe.py +11 -0
  105. zerov4/signatures/anti_sandbox_domain_joined.py +11 -0
  106. zerov4/signatures/anti_sandbox_mac_check.py +11 -0
  107. zerov4/signatures/anti_sandbox_recent_files_chk.py +11 -0
  108. zerov4/signatures/anti_sandbox_screen_resolution.py +11 -0
  109. zerov4/signatures/anti_sandbox_temp_file_count.py +11 -0
  110. zerov4/signatures/anti_sandbox_uptime_check.py +11 -0
  111. zerov4/signatures/anti_sandbox_wmi_hardware_check.py +11 -0
  112. zerov4/signatures/api_abuse.py +13 -0
  113. zerov4/signatures/api_bola_uuid_brute.py +17 -0
  114. zerov4/signatures/api_content_type_spoofing.py +18 -0
  115. zerov4/signatures/api_enumeration.py +13 -0
  116. zerov4/signatures/api_gateway_bypass.py +11 -0
  117. zerov4/signatures/api_graphql_batch_overflow.py +17 -0
  118. zerov4/signatures/api_graphql_recursion_depth.py +24 -0
  119. zerov4/signatures/api_graphql_sub_exhaustion.py +14 -0
  120. zerov4/signatures/api_grpc_json_transcoding_inj.py +17 -0
  121. zerov4/signatures/api_hateoas_link_manipulation.py +17 -0
  122. zerov4/signatures/api_json_bignum_injection.py +18 -0
  123. zerov4/signatures/api_jwt_header_injection.py +20 -0
  124. zerov4/signatures/api_jwt_jwks_url_injection.py +21 -0
  125. zerov4/signatures/api_key_leakage.py +10 -0
  126. zerov4/signatures/api_mass_assignment_nested.py +17 -0
  127. zerov4/signatures/api_mass_scraping.py +17 -0
  128. zerov4/signatures/api_oauth_token_leak_referrer.py +15 -0
  129. zerov4/signatures/api_rate_limit_header_fuzzing.py +21 -0
  130. zerov4/signatures/api_response_smuggling.py +19 -0
  131. zerov4/signatures/api_shadow_endpoint_discovery.py +20 -0
  132. zerov4/signatures/api_sse_stream_flood.py +14 -0
  133. zerov4/signatures/api_unicode_param_confusion.py +19 -0
  134. zerov4/signatures/api_version_abuse.py +14 -0
  135. zerov4/signatures/api_web_webhook_reentrancy.py +16 -0
  136. zerov4/signatures/api_xml_external_schema.py +10 -0
  137. zerov4/signatures/app_layer_flood.py +10 -0
  138. zerov4/signatures/arbitrary_file_read.py +8 -0
  139. zerov4/signatures/arbitrary_file_write.py +8 -0
  140. zerov4/signatures/arp_spoofing.py +9 -0
  141. zerov4/signatures/asp_injection.py +10 -0
  142. zerov4/signatures/async_request_inconsistency.py +9 -0
  143. zerov4/signatures/auth_bypass.py +8 -0
  144. zerov4/signatures/auth_captcha_bypass.py +19 -0
  145. zerov4/signatures/auth_jwt_eddsa_key_confusion.py +19 -0
  146. zerov4/signatures/auth_kerberos_pac_validation.py +11 -0
  147. zerov4/signatures/auth_magic_link_enumeration.py +14 -0
  148. zerov4/signatures/auth_multi_tenant_isolation_err.py +25 -0
  149. zerov4/signatures/auth_oauth_token_exchange_err.py +11 -0
  150. zerov4/signatures/auth_openid_claim_spoofing.py +14 -0
  151. zerov4/signatures/auth_saml_response_tampering.py +15 -0
  152. zerov4/signatures/auth_scim_user_enumeration.py +15 -0
  153. zerov4/signatures/auth_session_fixation_header.py +13 -0
  154. zerov4/signatures/auth_webauthn_replay_vector.py +15 -0
  155. zerov4/signatures/aws_metadata.py +9 -0
  156. zerov4/signatures/backend_redis_lua_injection.py +11 -0
  157. zerov4/signatures/backup_file.py +8 -0
  158. zerov4/signatures/banner_grabbing.py +8 -0
  159. zerov4/signatures/base64_payload.py +17 -0
  160. zerov4/signatures/baseline_content_type_profile.py +27 -0
  161. zerov4/signatures/baseline_endpoint_profile.py +32 -0
  162. zerov4/signatures/baseline_error_rate.py +29 -0
  163. zerov4/signatures/baseline_hour_profile.py +28 -0
  164. zerov4/signatures/baseline_ip_behavior_score.py +43 -0
  165. zerov4/signatures/baseline_ip_cluster.py +29 -0
  166. zerov4/signatures/baseline_method_profile.py +29 -0
  167. zerov4/signatures/baseline_param_count.py +28 -0
  168. zerov4/signatures/baseline_path_depth.py +33 -0
  169. zerov4/signatures/baseline_payload_size.py +36 -0
  170. zerov4/signatures/baseline_request_rate.py +33 -0
  171. zerov4/signatures/baseline_request_size_trend.py +41 -0
  172. zerov4/signatures/baseline_response_code_profile.py +37 -0
  173. zerov4/signatures/baseline_session_duration.py +34 -0
  174. zerov4/signatures/baseline_timing_consistency.py +34 -0
  175. zerov4/signatures/baseline_ua_consistency.py +29 -0
  176. zerov4/signatures/baseline_unique_endpoints.py +24 -0
  177. zerov4/signatures/behavior_data_wipe_shred_cmd.py +11 -0
  178. zerov4/signatures/behavior_destructive_mbr_wipe.py +12 -0
  179. zerov4/signatures/behavior_fork_bomb_prevention.py +11 -0
  180. zerov4/signatures/behavior_gtfobins_socat_reverse.py +12 -0
  181. zerov4/signatures/behavior_lateral_psexec_premium.py +11 -0
  182. zerov4/signatures/behavior_lolbas_certutil_abuse.py +11 -0
  183. zerov4/signatures/behavior_lolbas_msiexec_network.py +11 -0
  184. zerov4/signatures/behavior_process_hollowing_v2.py +11 -0
  185. zerov4/signatures/behavior_ransomware_canary_die.py +11 -0
  186. zerov4/signatures/behavior_ransomware_vss_wipe.py +13 -0
  187. zerov4/signatures/behavior_security_svc_kill_cmd.py +12 -0
  188. zerov4/signatures/bfla.py +13 -0
  189. zerov4/signatures/bigdata_airflow_dag_injection.py +11 -0
  190. zerov4/signatures/bigdata_cassandra_dos_query.py +15 -0
  191. zerov4/signatures/bigdata_clickhouse_replica_dos.py +15 -0
  192. zerov4/signatures/bigdata_couchbase_api_priv_esc.py +11 -0
  193. zerov4/signatures/bigdata_druid_backdoor_exploit.py +11 -0
  194. zerov4/signatures/bigdata_elasticsearch_script.py +11 -0
  195. zerov4/signatures/bigdata_flink_cluster_takeover.py +11 -0
  196. zerov4/signatures/bigdata_flink_jobmanager_rce.py +11 -0
  197. zerov4/signatures/bigdata_hadoop_hdfs_unauth_wipe.py +11 -0
  198. zerov4/signatures/bigdata_hadoop_yarn_rce_vect.py +11 -0
  199. zerov4/signatures/bigdata_hive_metastore_leak.py +11 -0
  200. zerov4/signatures/bigdata_kafka_topic_poisoning.py +11 -0
  201. zerov4/signatures/bigdata_kubernetes_etcd_wipe.py +12 -0
  202. zerov4/signatures/bigdata_minio_s3_exploit_vec.py +11 -0
  203. zerov4/signatures/bigdata_nifi_processor_rce.py +11 -0
  204. zerov4/signatures/bigdata_presto_sql_injection.py +11 -0
  205. zerov4/signatures/bigdata_rabbitmq_queue_purge.py +15 -0
  206. zerov4/signatures/bigdata_redis_cluster_takeover.py +11 -0
  207. zerov4/signatures/bigdata_spark_command_inject.py +11 -0
  208. zerov4/signatures/bigdata_splunk_forwarder_leak.py +11 -0
  209. zerov4/signatures/bigdata_superset_default_secret.py +11 -0
  210. zerov4/signatures/bigdata_zookeeper_unauth_cmd.py +11 -0
  211. zerov4/signatures/blind_sqli.py +8 -0
  212. zerov4/signatures/blind_ssrf_dns.py +10 -0
  213. zerov4/signatures/blind_ssrf_oob.py +14 -0
  214. zerov4/signatures/blind_xxe.py +9 -0
  215. zerov4/signatures/bola.py +27 -0
  216. zerov4/signatures/bot_detection.py +5 -0
  217. zerov4/signatures/botnet_activity.py +8 -0
  218. zerov4/signatures/broken_crypto.py +10 -0
  219. zerov4/signatures/broken_object_auth.py +18 -0
  220. zerov4/signatures/browser_cache_poison.py +9 -0
  221. zerov4/signatures/brute_force.py +5 -0
  222. zerov4/signatures/business_logic.py +12 -0
  223. zerov4/signatures/business_logic_coupon_race.py +15 -0
  224. zerov4/signatures/business_logic_price.py +10 -0
  225. zerov4/signatures/cache_deception_encoded_path.py +18 -0
  226. zerov4/signatures/cache_deception_path_mapping.py +18 -0
  227. zerov4/signatures/cache_implementation_diff.py +24 -0
  228. zerov4/signatures/cache_key_manipulation.py +10 -0
  229. zerov4/signatures/cache_poison_cookie_unkeyed.py +19 -0
  230. zerov4/signatures/cache_poison_fat_get.py +10 -0
  231. zerov4/signatures/cache_poison_gzip_bomb.py +13 -0
  232. zerov4/signatures/cache_poison_rtt_manipulation.py +15 -0
  233. zerov4/signatures/cache_poison_scheme_mix.py +14 -0
  234. zerov4/signatures/cache_poison_unkeyed.py +19 -0
  235. zerov4/signatures/cache_poison_unkeyed_port.py +17 -0
  236. zerov4/signatures/cache_poison_vary_header_mix.py +15 -0
  237. zerov4/signatures/cache_poisoning.py +8 -0
  238. zerov4/signatures/cache_purge_unauthorized.py +15 -0
  239. zerov4/signatures/cache_splitting_crlf.py +10 -0
  240. zerov4/signatures/cache_timing.py +14 -0
  241. zerov4/signatures/cert_pinning_bypass.py +10 -0
  242. zerov4/signatures/ci_injection.py +10 -0
  243. zerov4/signatures/ci_pipeline_github_actions_psn.py +15 -0
  244. zerov4/signatures/clickjacking.py +8 -0
  245. zerov4/signatures/clickjacking_header.py +10 -0
  246. zerov4/signatures/cloud_aws_cognito_enumeration.py +15 -0
  247. zerov4/signatures/cloud_aws_iam_priv_esc.py +10 -0
  248. zerov4/signatures/cloud_aws_lambda_container_leak.py +11 -0
  249. zerov4/signatures/cloud_aws_s3_takeover.py +14 -0
  250. zerov4/signatures/cloud_azure_automation_runbook.py +11 -0
  251. zerov4/signatures/cloud_azure_imds_v2_bypass.py +10 -0
  252. zerov4/signatures/cloud_azure_sas_token_leak.py +14 -0
  253. zerov4/signatures/cloud_cloudflared_tunnel_abuse.py +14 -0
  254. zerov4/signatures/cloud_firebase_database_leak.py +10 -0
  255. zerov4/signatures/cloud_function_ssrf.py +10 -0
  256. zerov4/signatures/cloud_gcp_metadata_flavor.py +10 -0
  257. zerov4/signatures/cloud_iam_cross_account_sts.py +11 -0
  258. zerov4/signatures/cloud_instance_user_data_psn.py +13 -0
  259. zerov4/signatures/cloud_kube_spoke_cluster_esc.py +11 -0
  260. zerov4/signatures/cloud_metadata_ssrf_gcp_token.py +11 -0
  261. zerov4/signatures/cloud_metadata_ssrf_openstack.py +10 -0
  262. zerov4/signatures/cloud_metadata_ssrf_v2_bypass.py +11 -0
  263. zerov4/signatures/cloud_oracle_oci_metadata.py +10 -0
  264. zerov4/signatures/cloud_storage.py +9 -0
  265. zerov4/signatures/cloud_storage_signed_url_abuse.py +19 -0
  266. zerov4/signatures/cmdi.py +8 -0
  267. zerov4/signatures/config_exposure.py +8 -0
  268. zerov4/signatures/connection_flood.py +10 -0
  269. zerov4/signatures/container_cgroup_escape.py +10 -0
  270. zerov4/signatures/container_symlink_traversal.py +10 -0
  271. zerov4/signatures/content_injection.py +10 -0
  272. zerov4/signatures/content_spoofing.py +8 -0
  273. zerov4/signatures/content_type_bypass.py +10 -0
  274. zerov4/signatures/cookie_poisoning.py +9 -0
  275. zerov4/signatures/cookie_stealing.py +8 -0
  276. zerov4/signatures/cors_wildcard.py +15 -0
  277. zerov4/signatures/covert_channel_arp_payload_inj.py +10 -0
  278. zerov4/signatures/covert_channel_bgp_as_path_mut.py +10 -0
  279. zerov4/signatures/covert_channel_dns_subdomain.py +18 -0
  280. zerov4/signatures/covert_channel_http_whitespace.py +20 -0
  281. zerov4/signatures/covert_channel_icmp_id_payload.py +12 -0
  282. zerov4/signatures/covert_channel_imap_draft_sync.py +11 -0
  283. zerov4/signatures/covert_channel_ipv6_flow_label.py +15 -0
  284. zerov4/signatures/covert_channel_ntp_extension.py +11 -0
  285. zerov4/signatures/covert_channel_sql_error_blind.py +13 -0
  286. zerov4/signatures/covert_channel_tcp_timestamp.py +21 -0
  287. zerov4/signatures/covert_channel_tcp_window_size.py +22 -0
  288. zerov4/signatures/covert_channel_tls_session_id.py +14 -0
  289. zerov4/signatures/crlf_injection.py +8 -0
  290. zerov4/signatures/crypto_cbc_padding_oracle_cbc.py +18 -0
  291. zerov4/signatures/crypto_chacha20_nonce_reuse.py +10 -0
  292. zerov4/signatures/crypto_ecdsa_nonce_reuse_leak.py +11 -0
  293. zerov4/signatures/crypto_fault_injection_ecdsa.py +11 -0
  294. zerov4/signatures/crypto_homomorphic_eval_inj.py +11 -0
  295. zerov4/signatures/crypto_homomorphic_malleability.py +10 -0
  296. zerov4/signatures/crypto_jwt_none_algorithm_leak.py +20 -0
  297. zerov4/signatures/crypto_mceliece_public_key.py +11 -0
  298. zerov4/signatures/crypto_md5_collision_signature.py +11 -0
  299. zerov4/signatures/crypto_multi_party_comp_skew.py +11 -0
  300. zerov4/signatures/crypto_rsa_fault_attack_crt.py +11 -0
  301. zerov4/signatures/crypto_rsa_padding_oracle_blei.py +18 -0
  302. zerov4/signatures/crypto_side_channel_em_leak.py +11 -0
  303. zerov4/signatures/crypto_tls_session_ticket_inj.py +11 -0
  304. zerov4/signatures/crypto_weak_dh_param_logjam.py +16 -0
  305. zerov4/signatures/crypto_zero_knowledge_proof.py +11 -0
  306. zerov4/signatures/csrf.py +5 -0
  307. zerov4/signatures/css_exfil.py +10 -0
  308. zerov4/signatures/css_injection.py +8 -0
  309. zerov4/signatures/csv_injection.py +9 -0
  310. zerov4/signatures/cve_apache_log4j_dos.py +11 -0
  311. zerov4/signatures/cve_apache_path.py +9 -0
  312. zerov4/signatures/cve_citrix.py +10 -0
  313. zerov4/signatures/cve_confluence.py +10 -0
  314. zerov4/signatures/cve_drupalgeddon.py +10 -0
  315. zerov4/signatures/cve_elasticsearch.py +10 -0
  316. zerov4/signatures/cve_eternalblue.py +9 -0
  317. zerov4/signatures/cve_f5_bigip.py +10 -0
  318. zerov4/signatures/cve_fortinet.py +10 -0
  319. zerov4/signatures/cve_gitlab.py +10 -0
  320. zerov4/signatures/cve_heartbleed.py +9 -0
  321. zerov4/signatures/cve_ivanti.py +10 -0
  322. zerov4/signatures/cve_jenkins.py +10 -0
  323. zerov4/signatures/cve_log4j2.py +14 -0
  324. zerov4/signatures/cve_log4j_rce.py +13 -0
  325. zerov4/signatures/cve_log4shell_bypass.py +11 -0
  326. zerov4/signatures/cve_mongodb.py +10 -0
  327. zerov4/signatures/cve_palo_alto.py +9 -0
  328. zerov4/signatures/cve_printnightmare.py +10 -0
  329. zerov4/signatures/cve_proxylogon.py +9 -0
  330. zerov4/signatures/cve_proxyshell.py +10 -0
  331. zerov4/signatures/cve_pwnkit.py +9 -0
  332. zerov4/signatures/cve_redis.py +9 -0
  333. zerov4/signatures/cve_spring4shell.py +10 -0
  334. zerov4/signatures/cve_struts.py +9 -0
  335. zerov4/signatures/cve_text4shell.py +11 -0
  336. zerov4/signatures/cve_vmware.py +10 -0
  337. zerov4/signatures/cve_wordpress.py +14 -0
  338. zerov4/signatures/cve_zerologon.py +9 -0
  339. zerov4/signatures/dangerous_file_upload.py +10 -0
  340. zerov4/signatures/db_cassandra_cql_injection.py +11 -0
  341. zerov4/signatures/db_clickhouse_query_fuzzing.py +15 -0
  342. zerov4/signatures/db_couchdb_rce_priv_esc.py +11 -0
  343. zerov4/signatures/db_db2_buffer_overflow_vector.py +15 -0
  344. zerov4/signatures/db_dynamodb_scan_cost_dos.py +16 -0
  345. zerov4/signatures/db_elasticsearch_mget_abuse.py +16 -0
  346. zerov4/signatures/db_firebase_rules_bypass.py +11 -0
  347. zerov4/signatures/db_graphql_sql_hybrid_inj.py +14 -0
  348. zerov4/signatures/db_h2_console_rce_exploit.py +11 -0
  349. zerov4/signatures/db_influxql_time_series_inj.py +11 -0
  350. zerov4/signatures/db_mariadb_maxscale_bypass.py +11 -0
  351. zerov4/signatures/db_memcached_slab_allocation.py +14 -0
  352. zerov4/signatures/db_mongodb_aggregate_leak.py +15 -0
  353. zerov4/signatures/db_mssql_xp_cmdshell_abuse.py +11 -0
  354. zerov4/signatures/db_neo4j_cypher_injection.py +12 -0
  355. zerov4/signatures/db_oracle_utl_http_ssrf.py +11 -0
  356. zerov4/signatures/db_postgres_lo_import_rce.py +11 -0
  357. zerov4/signatures/db_redis_command_execution.py +11 -0
  358. zerov4/signatures/db_sap_hana_sql_injection.py +11 -0
  359. zerov4/signatures/db_sqlite_at_attach_database.py +11 -0
  360. zerov4/signatures/deep_link_abuse.py +10 -0
  361. zerov4/signatures/deserialization.py +8 -0
  362. zerov4/signatures/desync_attack_te.py +12 -0
  363. zerov4/signatures/directory_listing.py +10 -0
  364. zerov4/signatures/directory_scan.py +6 -0
  365. zerov4/signatures/directory_traversal.py +8 -0
  366. zerov4/signatures/dlp_cloud_credentials_env.py +18 -0
  367. zerov4/signatures/dlp_credit_card_luhn_regex.py +29 -0
  368. zerov4/signatures/dlp_database_dump_sql.py +11 -0
  369. zerov4/signatures/dlp_dns_tunneling_iodine.py +15 -0
  370. zerov4/signatures/dlp_excel_macro_vba_leak.py +12 -0
  371. zerov4/signatures/dlp_git_folder_exfiltration.py +14 -0
  372. zerov4/signatures/dlp_http_header_custom_leak.py +22 -0
  373. zerov4/signatures/dlp_icmp_exfiltration_ping.py +10 -0
  374. zerov4/signatures/dlp_jwt_secret_hardcoded.py +20 -0
  375. zerov4/signatures/dlp_memory_dump_dmp.py +10 -0
  376. zerov4/signatures/dlp_national_id_entropy.py +19 -0
  377. zerov4/signatures/dlp_pcap_packet_dump_leak.py +10 -0
  378. zerov4/signatures/dlp_private_key_pem_leak.py +14 -0
  379. zerov4/signatures/dlp_shadow_it_api_post.py +19 -0
  380. zerov4/signatures/dlp_slack_webhook_leak.py +15 -0
  381. zerov4/signatures/dlp_source_code_leak_python.py +17 -0
  382. zerov4/signatures/dlp_ssh_agent_forwarding_leak.py +10 -0
  383. zerov4/signatures/dlp_steganography_image.py +16 -0
  384. zerov4/signatures/dns_exfiltration.py +13 -0
  385. zerov4/signatures/dns_rebinding.py +9 -0
  386. zerov4/signatures/dns_rebinding_advanced.py +10 -0
  387. zerov4/signatures/dns_zone_transfer.py +8 -0
  388. zerov4/signatures/docker_api_rce_probe.py +10 -0
  389. zerov4/signatures/docker_escape_procfs.py +10 -0
  390. zerov4/signatures/docker_registry_v2_pull.py +14 -0
  391. zerov4/signatures/docker_socket.py +11 -0
  392. zerov4/signatures/docx_macro_xxe.py +14 -0
  393. zerov4/signatures/dom_xss.py +8 -0
  394. zerov4/signatures/double_encoding.py +8 -0
  395. zerov4/signatures/ds_store_exposure.py +10 -0
  396. zerov4/signatures/dynamic_api_hooking_detection.py +11 -0
  397. zerov4/signatures/email_harvesting.py +13 -0
  398. zerov4/signatures/env_variable_leak.py +10 -0
  399. zerov4/signatures/error_based_sqli.py +8 -0
  400. zerov4/signatures/exif_metadata_injection.py +11 -0
  401. zerov4/signatures/exposed_debug.py +10 -0
  402. zerov4/signatures/file_extension_bypass.py +10 -0
  403. zerov4/signatures/file_read_linux.py +10 -0
  404. zerov4/signatures/file_read_windows.py +10 -0
  405. zerov4/signatures/file_upload_bypass.py +10 -0
  406. zerov4/signatures/fingerprinting.py +8 -0
  407. zerov4/signatures/firmware_intel_me_hijack.py +35 -0
  408. zerov4/signatures/flask_debug_exploit.py +10 -0
  409. zerov4/signatures/forced_browsing.py +12 -0
  410. zerov4/signatures/forensic_alternate_data_stream.py +15 -0
  411. zerov4/signatures/forensic_amsi_bypass_string.py +11 -0
  412. zerov4/signatures/forensic_auditd_disable_probe.py +12 -0
  413. zerov4/signatures/forensic_bash_history_bypass.py +15 -0
  414. zerov4/signatures/forensic_clear_evt_logs.py +11 -0
  415. zerov4/signatures/forensic_defender_exclusion_add.py +13 -0
  416. zerov4/signatures/forensic_etw_provider_blocking.py +11 -0
  417. zerov4/signatures/forensic_log_tampering_attempt.py +11 -0
  418. zerov4/signatures/forensic_memory_dump_evasion.py +12 -0
  419. zerov4/signatures/forensic_prefetch_clean_cmd.py +12 -0
  420. zerov4/signatures/forensic_process_hollowing_vec.py +11 -0
  421. zerov4/signatures/forensic_shadow_copy_deletion.py +13 -0
  422. zerov4/signatures/forensic_shimcache_manipulation.py +10 -0
  423. zerov4/signatures/forensic_sysmon_uninstallation.py +11 -0
  424. zerov4/signatures/forensic_timestomp_indicator.py +11 -0
  425. zerov4/signatures/forensic_wer_registry_abuse.py +12 -0
  426. zerov4/signatures/formula_injection.py +11 -0
  427. zerov4/signatures/git_exposure.py +10 -0
  428. zerov4/signatures/google_dork.py +11 -0
  429. zerov4/signatures/graphql_abuse.py +8 -0
  430. zerov4/signatures/graphql_alias_abuse.py +10 -0
  431. zerov4/signatures/graphql_batch.py +12 -0
  432. zerov4/signatures/graphql_circular_fragment.py +13 -0
  433. zerov4/signatures/graphql_depth.py +12 -0
  434. zerov4/signatures/graphql_directive_injection.py +17 -0
  435. zerov4/signatures/graphql_field_suggestion.py +16 -0
  436. zerov4/signatures/graphql_field_suggestion_leak.py +13 -0
  437. zerov4/signatures/graphql_introspection.py +23 -0
  438. zerov4/signatures/graphql_introspection_bypass.py +18 -0
  439. zerov4/signatures/graphql_mutation_abuse.py +13 -0
  440. zerov4/signatures/graphql_query_cost_dos.py +17 -0
  441. zerov4/signatures/grpc_fuzzing.py +14 -0
  442. zerov4/signatures/grpc_http2_rst_stream.py +14 -0
  443. zerov4/signatures/grpc_metadata_injection.py +16 -0
  444. zerov4/signatures/grpc_metadata_jwt_leak.py +23 -0
  445. zerov4/signatures/grpc_proto_fuzzing_overflow.py +16 -0
  446. zerov4/signatures/grpc_status_code_abuse.py +15 -0
  447. zerov4/signatures/hardware_badusb_emulation.py +31 -0
  448. zerov4/signatures/header_injection.py +8 -0
  449. zerov4/signatures/header_pollution.py +10 -0
  450. zerov4/signatures/header_smuggling.py +11 -0
  451. zerov4/signatures/hex_encoded.py +8 -0
  452. zerov4/signatures/homograph_attack.py +11 -0
  453. zerov4/signatures/horizontal_priv_esc.py +16 -0
  454. zerov4/signatures/hpack_qpack_bomb.py +15 -0
  455. zerov4/signatures/html_entity_bypass.py +10 -0
  456. zerov4/signatures/html_injection.py +8 -0
  457. zerov4/signatures/http2_abuse.py +12 -0
  458. zerov4/signatures/http2_stream_abuse.py +11 -0
  459. zerov4/signatures/http_desync.py +12 -0
  460. zerov4/signatures/http_flood.py +10 -0
  461. zerov4/signatures/http_flood_get.py +12 -0
  462. zerov4/signatures/http_flood_post.py +12 -0
  463. zerov4/signatures/http_host_header.py +14 -0
  464. zerov4/signatures/http_method.py +8 -0
  465. zerov4/signatures/http_method_override_body.py +10 -0
  466. zerov4/signatures/http_param_pollution.py +8 -0
  467. zerov4/signatures/http_parameter_override.py +9 -0
  468. zerov4/signatures/http_pipeline_abuse.py +10 -0
  469. zerov4/signatures/http_range_abuse.py +17 -0
  470. zerov4/signatures/http_request_splitting.py +9 -0
  471. zerov4/signatures/http_response_splitting.py +8 -0
  472. zerov4/signatures/http_smuggling.py +9 -0
  473. zerov4/signatures/http_smuggling_cl_cl_mismatch.py +12 -0
  474. zerov4/signatures/http_smuggling_cl_te.py +9 -0
  475. zerov4/signatures/http_smuggling_cl_te_delta.py +16 -0
  476. zerov4/signatures/http_smuggling_te_cl_delta.py +15 -0
  477. zerov4/signatures/http_smuggling_te_te.py +15 -0
  478. zerov4/signatures/http_splitting.py +9 -0
  479. zerov4/signatures/http_verb_tunneling.py +9 -0
  480. zerov4/signatures/hw_baseband_gsm_exploit_vector.py +11 -0
  481. zerov4/signatures/hw_cold_boot_ram_dump_pattern.py +11 -0
  482. zerov4/signatures/hw_dirty_pipe_priv_esc_check.py +11 -0
  483. zerov4/signatures/hw_firmware_uefi_bootkit_core.py +12 -0
  484. zerov4/signatures/hw_glitching_clock_injection.py +11 -0
  485. zerov4/signatures/hw_gpu_vram_residual_data_leak.py +11 -0
  486. zerov4/signatures/hw_hertzbleed_frequency_side.py +11 -0
  487. zerov4/signatures/hw_ilo_hp_directory_traversal.py +15 -0
  488. zerov4/signatures/hw_ipmi_rmcp_cipher_bypass.py +10 -0
  489. zerov4/signatures/hw_ipmi_sol_console_hijack.py +11 -0
  490. zerov4/signatures/hw_jtag_debugging_exposure.py +11 -0
  491. zerov4/signatures/hw_kvm_over_ip_session_leak.py +11 -0
  492. zerov4/signatures/hw_meltdown_kernel_read_probe.py +11 -0
  493. zerov4/signatures/hw_pcie_dma_attack_vector.py +10 -0
  494. zerov4/signatures/hw_plundervolt_voltage_abuse.py +11 -0
  495. zerov4/signatures/hw_power_analysis_spa_dpa.py +11 -0
  496. zerov4/signatures/hw_rfid_proxmark_cloning_check.py +11 -0
  497. zerov4/signatures/hw_rowhammer_bit_flip_vector.py +11 -0
  498. zerov4/signatures/hw_sgx_enclave_memory_leak.py +11 -0
  499. zerov4/signatures/hw_sound_acoustic_key_leakage.py +11 -0
  500. zerov4/signatures/hw_spectre_branch_prediction.py +11 -0
  501. zerov4/signatures/hw_spectre_v4_speculative_store.py +11 -0
  502. zerov4/signatures/hw_tpm_bus_sniffing_indicator.py +11 -0
  503. zerov4/signatures/hw_usb_rubber_ducky_keystroke.py +15 -0
  504. zerov4/signatures/iframe_clickjacking.py +11 -0
  505. zerov4/signatures/iframe_injection.py +10 -0
  506. zerov4/signatures/image_pixel_flood.py +19 -0
  507. zerov4/signatures/image_pixel_flood_decompression.py +20 -0
  508. zerov4/signatures/insecure_cors.py +9 -0
  509. zerov4/signatures/insecure_redirect.py +9 -0
  510. zerov4/signatures/integer_overflow.py +9 -0
  511. zerov4/signatures/iot_adb_wireless_rce_vector.py +11 -0
  512. zerov4/signatures/iot_coap_resource_exhaustion.py +14 -0
  513. zerov4/signatures/iot_default_creds.py +9 -0
  514. zerov4/signatures/iot_firmware_update_spoof.py +14 -0
  515. zerov4/signatures/iot_mdns_location_leak.py +11 -0
  516. zerov4/signatures/iot_mqtt_wildcard_overflow.py +15 -0
  517. zerov4/signatures/iot_rtsp_stream_hijacking.py +14 -0
  518. zerov4/signatures/iot_upnp_port_forward_abuse.py +11 -0
  519. zerov4/signatures/iot_zigbee_gateway_bridge.py +15 -0
  520. zerov4/signatures/ip_spoofing.py +10 -0
  521. zerov4/signatures/java_injection.py +10 -0
  522. zerov4/signatures/javascript_prototype.py +10 -0
  523. zerov4/signatures/js_injection.py +8 -0
  524. zerov4/signatures/js_prototype_chain.py +11 -0
  525. zerov4/signatures/jwt_algorithm_confusion_hmac.py +21 -0
  526. zerov4/signatures/jwt_compressed_header_dos.py +18 -0
  527. zerov4/signatures/jwt_expiry_bypass.py +16 -0
  528. zerov4/signatures/jwt_invalid_signature_accept.py +16 -0
  529. zerov4/signatures/jwt_jti_replay_attack.py +24 -0
  530. zerov4/signatures/jwt_jwks_injection.py +17 -0
  531. zerov4/signatures/jwt_key_confusion.py +14 -0
  532. zerov4/signatures/jwt_kid_path_traversal.py +22 -0
  533. zerov4/signatures/jwt_none_algorithm.py +25 -0
  534. zerov4/signatures/jwt_weak_rsa_key_detect.py +15 -0
  535. zerov4/signatures/jwt_weak_secret_brute.py +14 -0
  536. zerov4/signatures/jwt_x5u_url_injection.py +23 -0
  537. zerov4/signatures/k8s_api_anonymous_probe.py +14 -0
  538. zerov4/signatures/k8s_api_request_smuggling_core.py +11 -0
  539. zerov4/signatures/k8s_dashboard_bypass.py +11 -0
  540. zerov4/signatures/k8s_etcd_exposure_check.py +9 -0
  541. zerov4/signatures/k8s_kubelet_rce_vector.py +10 -0
  542. zerov4/signatures/k8s_pod_security_bypass.py +10 -0
  543. zerov4/signatures/kernel_acpi_table_poisoning.py +11 -0
  544. zerov4/signatures/kernel_cr4_register_bit_flip.py +11 -0
  545. zerov4/signatures/kernel_dkom_process_hiding.py +11 -0
  546. zerov4/signatures/kernel_dkom_token_priv_escalate.py +11 -0
  547. zerov4/signatures/kernel_driver_signature_by.py +12 -0
  548. zerov4/signatures/kernel_ebpf_malicious_program.py +11 -0
  549. zerov4/signatures/kernel_ebpf_packet_drop_stealth.py +11 -0
  550. zerov4/signatures/kernel_hal_modification_probe.py +11 -0
  551. zerov4/signatures/kernel_idtr_register_sniffing.py +11 -0
  552. zerov4/signatures/kernel_kprobes_hijacking_core.py +11 -0
  553. zerov4/signatures/kernel_memory_corrupt_uaf.py +11 -0
  554. zerov4/signatures/kernel_mpo_policy_tampering.py +12 -0
  555. zerov4/signatures/kernel_msr_register_abuse.py +11 -0
  556. zerov4/signatures/kernel_netfilter_hook_leak.py +11 -0
  557. zerov4/signatures/kernel_page_table_isolation.py +11 -0
  558. zerov4/signatures/kernel_proc_net_tcp_filter.py +11 -0
  559. zerov4/signatures/kernel_rootkit_lkm_injection.py +11 -0
  560. zerov4/signatures/kernel_selinux_disable_vector.py +12 -0
  561. zerov4/signatures/kernel_syscall_hooking_check.py +11 -0
  562. zerov4/signatures/kernel_sysctl_runtime_poison.py +12 -0
  563. zerov4/signatures/kernel_vfs_file_op_override.py +12 -0
  564. zerov4/signatures/kernel_whea_error_injection.py +12 -0
  565. zerov4/signatures/kotlin_injection.py +10 -0
  566. zerov4/signatures/kubernetes_abuse.py +11 -0
  567. zerov4/signatures/latex_injection.py +10 -0
  568. zerov4/signatures/ldap_blind.py +9 -0
  569. zerov4/signatures/ldap_injection.py +8 -0
  570. zerov4/signatures/lfi.py +16 -0
  571. zerov4/signatures/lfi_data_url.py +10 -0
  572. zerov4/signatures/lfi_proc_self.py +11 -0
  573. zerov4/signatures/lfi_wrapper.py +10 -0
  574. zerov4/signatures/llm_data_elicit.py +12 -0
  575. zerov4/signatures/llm_membership_inference.py +11 -0
  576. zerov4/signatures/llm_prompt_smuggling_base64.py +20 -0
  577. zerov4/signatures/log4j_jndi.py +23 -0
  578. zerov4/signatures/log_disclosure.py +8 -0
  579. zerov4/signatures/macro_malware.py +8 -0
  580. zerov4/signatures/malware_upload.py +8 -0
  581. zerov4/signatures/markdown_injection.py +10 -0
  582. zerov4/signatures/mass_assignment.py +8 -0
  583. zerov4/signatures/mass_assignment_json.py +10 -0
  584. zerov4/signatures/mass_data_exposure.py +12 -0
  585. zerov4/signatures/mass_user_enumeration.py +17 -0
  586. zerov4/signatures/memory_bof_format_string_v2.py +16 -0
  587. zerov4/signatures/memory_corruption.py +14 -0
  588. zerov4/signatures/memory_glibc_ptmalloc_corrupt.py +11 -0
  589. zerov4/signatures/memory_heap_grooming_pattern.py +16 -0
  590. zerov4/signatures/memory_heap_spray_shellcode_v2.py +15 -0
  591. zerov4/signatures/memory_integer_underflow_calc.py +16 -0
  592. zerov4/signatures/memory_jit_compiler_spray_by.py +11 -0
  593. zerov4/signatures/memory_race_condition_at_open.py +11 -0
  594. zerov4/signatures/memory_rop_chain_gadget_check.py +17 -0
  595. zerov4/signatures/memory_seccomp_bpf_filter_by.py +11 -0
  596. zerov4/signatures/memory_stack_pivot_indicator.py +12 -0
  597. zerov4/signatures/memory_type_confusion_v8_eng.py +11 -0
  598. zerov4/signatures/memory_uaf_browser_engine_exec.py +11 -0
  599. zerov4/signatures/mime_sniffing.py +9 -0
  600. zerov4/signatures/mobile_api_abuse.py +12 -0
  601. zerov4/signatures/modern_yaml_deserialization_rce.py +18 -0
  602. zerov4/signatures/mqtt_abuse.py +8 -0
  603. zerov4/signatures/multipart_boundary_confusion.py +17 -0
  604. zerov4/signatures/net_bacnet_device_scanning.py +14 -0
  605. zerov4/signatures/net_bgp_route_flapping_sabotage.py +15 -0
  606. zerov4/signatures/net_bgp_route_hijack_probe.py +10 -0
  607. zerov4/signatures/net_cisco_smart_install_rce.py +10 -0
  608. zerov4/signatures/net_citrix_adc_directory_trav.py +11 -0
  609. zerov4/signatures/net_dhcp_starvation_attack.py +10 -0
  610. zerov4/signatures/net_dns_amplification_vector.py +14 -0
  611. zerov4/signatures/net_ethernet_ip_fuzzing.py +11 -0
  612. zerov4/signatures/net_f5_bigip_icontrol_rce.py +10 -0
  613. zerov4/signatures/net_fortinet_ssl_vpn_bypass.py +11 -0
  614. zerov4/signatures/net_ipmi_cipher_zero_auth.py +10 -0
  615. zerov4/signatures/net_juniper_jweb_rce_payload.py +10 -0
  616. zerov4/signatures/net_modbus_rtu_disruption.py +11 -0
  617. zerov4/signatures/net_netgear_prosafe_exploit.py +11 -0
  618. zerov4/signatures/net_ntp_amplification_dos.py +10 -0
  619. zerov4/signatures/net_ospf_lsa_poisoning.py +10 -0
  620. zerov4/signatures/net_paloalto_panos_cmd_inj.py +11 -0
  621. zerov4/signatures/net_radware_ddos_bypass.py +10 -0
  622. zerov4/signatures/net_s7comm_plc_stop_command.py +10 -0
  623. zerov4/signatures/net_snmp_community_brute.py +14 -0
  624. zerov4/signatures/net_ssdp_reflection_flood.py +14 -0
  625. zerov4/signatures/net_ssh_libssh_auth_bypass.py +10 -0
  626. zerov4/signatures/net_telnet_brute_force.py +9 -0
  627. zerov4/signatures/net_upnp_soap_injection.py +11 -0
  628. zerov4/signatures/net_vnc_auth_bypass_exploit.py +15 -0
  629. zerov4/signatures/nosql_array_injection.py +10 -0
  630. zerov4/signatures/nosql_injection.py +8 -0
  631. zerov4/signatures/nosql_js_injection.py +9 -0
  632. zerov4/signatures/nosql_mongodb_regex_leak.py +22 -0
  633. zerov4/signatures/nosql_operator.py +9 -0
  634. zerov4/signatures/nosql_timing_attack.py +9 -0
  635. zerov4/signatures/null_byte.py +8 -0
  636. zerov4/signatures/oauth_abuse.py +8 -0
  637. zerov4/signatures/oauth_callback_bypass.py +19 -0
  638. zerov4/signatures/oauth_device_code_phishing.py +14 -0
  639. zerov4/signatures/oauth_pkce_bypass.py +10 -0
  640. zerov4/signatures/oauth_pkce_code_verifier_leak.py +19 -0
  641. zerov4/signatures/oauth_reentrancy_flow.py +14 -0
  642. zerov4/signatures/oauth_scope_escalation.py +20 -0
  643. zerov4/signatures/oauth_ssrf_redirect_uri.py +15 -0
  644. zerov4/signatures/oauth_state_flaw.py +15 -0
  645. zerov4/signatures/oauth_state_hijacking.py +19 -0
  646. zerov4/signatures/oauth_token_substitution.py +17 -0
  647. zerov4/signatures/octal_encoding.py +13 -0
  648. zerov4/signatures/oob_extraction.py +9 -0
  649. zerov4/signatures/open_api_fuzzing.py +14 -0
  650. zerov4/signatures/open_api_parameter_fuzzing.py +14 -0
  651. zerov4/signatures/open_redirect.py +8 -0
  652. zerov4/signatures/open_redirect_bypass.py +10 -0
  653. zerov4/signatures/orm_injection.py +9 -0
  654. zerov4/signatures/os_cmdi.py +8 -0
  655. zerov4/signatures/padding_oracle.py +13 -0
  656. zerov4/signatures/parameter_pollution.py +8 -0
  657. zerov4/signatures/parameter_pollution_json.py +12 -0
  658. zerov4/signatures/parameter_tampering.py +8 -0
  659. zerov4/signatures/path_normalization.py +9 -0
  660. zerov4/signatures/path_parameter_injection.py +9 -0
  661. zerov4/signatures/path_traversal.py +17 -0
  662. zerov4/signatures/path_traversal_encoded.py +10 -0
  663. zerov4/signatures/pdf_injection.py +9 -0
  664. zerov4/signatures/pdf_js_execution.py +14 -0
  665. zerov4/signatures/pdf_js_internal_network_exfil.py +14 -0
  666. zerov4/signatures/perl_injection.py +9 -0
  667. zerov4/signatures/phishing_url.py +10 -0
  668. zerov4/signatures/php_deserialization.py +10 -0
  669. zerov4/signatures/php_injection.py +10 -0
  670. zerov4/signatures/port_scanning.py +18 -0
  671. zerov4/signatures/pqc_crystals_dilithium_leak.py +10 -0
  672. zerov4/signatures/pqc_dilithium_sign_forge.py +11 -0
  673. zerov4/signatures/pqc_kyber_key_confusion.py +10 -0
  674. zerov4/signatures/pqc_sphincs_hash_exhaustion.py +15 -0
  675. zerov4/signatures/pretexting.py +10 -0
  676. zerov4/signatures/privilege_escalation.py +8 -0
  677. zerov4/signatures/prompt_injection_indirect.py +12 -0
  678. zerov4/signatures/prompt_smuggling_encoded.py +18 -0
  679. zerov4/signatures/prototype_pollution.py +8 -0
  680. zerov4/signatures/prototype_pollution_json.py +10 -0
  681. zerov4/signatures/proxy_auth_header_stripping.py +20 -0
  682. zerov4/signatures/proxy_grpc_web_tunnel_bypass.py +18 -0
  683. zerov4/signatures/proxy_http_version_confusion.py +20 -0
  684. zerov4/signatures/proxy_internal_rewrite_abuse.py +17 -0
  685. zerov4/signatures/proxy_request_smuggling_h2c.py +15 -0
  686. zerov4/signatures/proxy_reverse_ssrf_hop.py +20 -0
  687. zerov4/signatures/proxy_via_header_loop.py +17 -0
  688. zerov4/signatures/proxy_websocket_tunnel_smuggle.py +16 -0
  689. zerov4/signatures/proxy_x_forwarded_host_abuse.py +19 -0
  690. zerov4/signatures/python_injection.py +10 -0
  691. zerov4/signatures/qr_phishing.py +9 -0
  692. zerov4/signatures/rag_poisoning.py +17 -0
  693. zerov4/signatures/rag_vector_db_poisoning.py +15 -0
  694. zerov4/signatures/ransomware_activity.py +8 -0
  695. zerov4/signatures/rate_abuse.py +10 -0
  696. zerov4/signatures/rate_bypass_accept_header.py +17 -0
  697. zerov4/signatures/rate_bypass_case_variation.py +19 -0
  698. zerov4/signatures/rate_bypass_cookie_rotation.py +17 -0
  699. zerov4/signatures/rate_bypass_encoding.py +15 -0
  700. zerov4/signatures/rate_bypass_fragment.py +13 -0
  701. zerov4/signatures/rate_bypass_header_spoof.py +19 -0
  702. zerov4/signatures/rate_bypass_ip_rotate.py +20 -0
  703. zerov4/signatures/rate_bypass_method_switch.py +18 -0
  704. zerov4/signatures/rate_bypass_null_byte.py +13 -0
  705. zerov4/signatures/rate_bypass_param_padding.py +14 -0
  706. zerov4/signatures/rate_bypass_path_variation.py +22 -0
  707. zerov4/signatures/rate_bypass_timing.py +18 -0
  708. zerov4/signatures/rate_bypass_trailing_slash.py +16 -0
  709. zerov4/signatures/rate_bypass_user_agent.py +19 -0
  710. zerov4/signatures/rate_bypass_xff.py +18 -0
  711. zerov4/signatures/rate_limit_bypass.py +12 -0
  712. zerov4/signatures/rce_deserialization.py +10 -0
  713. zerov4/signatures/rce_via_upload.py +10 -0
  714. zerov4/signatures/redos.py +8 -0
  715. zerov4/signatures/reflected_xss.py +8 -0
  716. zerov4/signatures/regex_injection.py +9 -0
  717. zerov4/signatures/request_desync.py +9 -0
  718. zerov4/signatures/request_smuggling_te_cl.py +10 -0
  719. zerov4/signatures/resource_exhaustion.py +10 -0
  720. zerov4/signatures/rest_error_stack_elicitation.py +21 -0
  721. zerov4/signatures/rest_fuzzing.py +14 -0
  722. zerov4/signatures/reverse_proxy_bypass.py +19 -0
  723. zerov4/signatures/rfi_include.py +10 -0
  724. zerov4/signatures/ruby_injection.py +10 -0
  725. zerov4/signatures/s3_enumeration.py +9 -0
  726. zerov4/signatures/saml_injection.py +8 -0
  727. zerov4/signatures/scada_dnp3_object_exhaustion.py +15 -0
  728. zerov4/signatures/scada_ethercat_frame_inject.py +11 -0
  729. zerov4/signatures/scada_iec_104_apci_malformation.py +11 -0
  730. zerov4/signatures/scada_iec_104_command_spoof.py +11 -0
  731. zerov4/signatures/scada_modbus_function_code_mask.py +16 -0
  732. zerov4/signatures/scada_modbus_point_override.py +11 -0
  733. zerov4/signatures/scada_opc_ua_session_hijack.py +11 -0
  734. zerov4/signatures/scada_profinet_dcp_set_ip.py +12 -0
  735. zerov4/signatures/scanner.py +8 -0
  736. zerov4/signatures/secure_header_stripping.py +17 -0
  737. zerov4/signatures/sensitive_files.py +8 -0
  738. zerov4/signatures/server_side_js_injection.py +10 -0
  739. zerov4/signatures/server_side_proto_pollution.py +10 -0
  740. zerov4/signatures/server_side_redirect.py +9 -0
  741. zerov4/signatures/server_timing_leak.py +11 -0
  742. zerov4/signatures/serverless_injection.py +11 -0
  743. zerov4/signatures/serverless_lambda_timeout_dos.py +15 -0
  744. zerov4/signatures/service_enumeration.py +8 -0
  745. zerov4/signatures/session_concurrency_abuse.py +19 -0
  746. zerov4/signatures/session_cookie_samesite_bypass.py +13 -0
  747. zerov4/signatures/session_fixation.py +12 -0
  748. zerov4/signatures/session_fixation_multidomain.py +20 -0
  749. zerov4/signatures/session_hijacking.py +8 -0
  750. zerov4/signatures/session_hijacking_anomaly.py +28 -0
  751. zerov4/signatures/session_prediction.py +12 -0
  752. zerov4/signatures/session_puzzling.py +13 -0
  753. zerov4/signatures/session_termination_bypass.py +20 -0
  754. zerov4/signatures/shellshock_abuse.py +21 -0
  755. zerov4/signatures/slow_read.py +12 -0
  756. zerov4/signatures/slowloris.py +12 -0
  757. zerov4/signatures/soap_injection.py +9 -0
  758. zerov4/signatures/source_code_disclosure.py +8 -0
  759. zerov4/signatures/spring_actuator_abuse.py +11 -0
  760. zerov4/signatures/spyware_activity.py +8 -0
  761. zerov4/signatures/sql_comment_bypass.py +10 -0
  762. zerov4/signatures/sql_hex_bypass.py +10 -0
  763. zerov4/signatures/sql_truncation.py +12 -0
  764. zerov4/signatures/sqli.py +8 -0
  765. zerov4/signatures/sqli_boolean_blind.py +10 -0
  766. zerov4/signatures/sqli_error_verbose.py +11 -0
  767. zerov4/signatures/sqli_heavy_query.py +9 -0
  768. zerov4/signatures/sqli_into_outfile.py +10 -0
  769. zerov4/signatures/sqli_out_of_band.py +9 -0
  770. zerov4/signatures/sqli_second_order.py +9 -0
  771. zerov4/signatures/sqli_stacked.py +8 -0
  772. zerov4/signatures/sqli_whitespace_bypass.py +11 -0
  773. zerov4/signatures/ssi_injection.py +8 -0
  774. zerov4/signatures/ssl_attack.py +9 -0
  775. zerov4/signatures/ssrf.py +17 -0
  776. zerov4/signatures/ssrf_aws_imds.py +12 -0
  777. zerov4/signatures/ssrf_cloud_metadata.py +10 -0
  778. zerov4/signatures/ssrf_dict.py +9 -0
  779. zerov4/signatures/ssrf_gopher.py +10 -0
  780. zerov4/signatures/ssrf_internal_port_scan.py +19 -0
  781. zerov4/signatures/ssrf_pdf_generator.py +17 -0
  782. zerov4/signatures/ssrf_redirect.py +9 -0
  783. zerov4/signatures/ssti.py +8 -0
  784. zerov4/signatures/ssti_handlebars_advanced.py +15 -0
  785. zerov4/signatures/ssti_jinja2.py +11 -0
  786. zerov4/signatures/ssti_mako.py +10 -0
  787. zerov4/signatures/ssti_velocity.py +10 -0
  788. zerov4/signatures/stored_xss.py +8 -0
  789. zerov4/signatures/subdomain_brute.py +11 -0
  790. zerov4/signatures/subdomain_enumeration.py +14 -0
  791. zerov4/signatures/subdomain_takeover.py +6 -0
  792. zerov4/signatures/supply_artifactory_token_leak.py +15 -0
  793. zerov4/signatures/supply_aws_ami_backdoor_scan.py +11 -0
  794. zerov4/signatures/supply_chain.py +8 -0
  795. zerov4/signatures/supply_chain_dependency_conf.py +18 -0
  796. zerov4/signatures/supply_codecov_uploader_leak.py +11 -0
  797. zerov4/signatures/supply_composer_packagist_hijack.py +11 -0
  798. zerov4/signatures/supply_dependency_confusion_ex.py +11 -0
  799. zerov4/signatures/supply_docker_base_image_back.py +15 -0
  800. zerov4/signatures/supply_git_commit_signing_forge.py +12 -0
  801. zerov4/signatures/supply_github_action_script_inj.py +12 -0
  802. zerov4/signatures/supply_github_pages_takeover.py +11 -0
  803. zerov4/signatures/supply_gitlab_runner_rce_vector.py +11 -0
  804. zerov4/signatures/supply_jenkins_script_console.py +11 -0
  805. zerov4/signatures/supply_kube_helm_chart_exploit.py +11 -0
  806. zerov4/signatures/supply_malicious_gh_action_oidc.py +11 -0
  807. zerov4/signatures/supply_malicious_makefile_macro.py +11 -0
  808. zerov4/signatures/supply_malicious_vscode_ext.py +11 -0
  809. zerov4/signatures/supply_maven_pom_xml_repository.py +11 -0
  810. zerov4/signatures/supply_pre_commit_hook_poison.py +11 -0
  811. zerov4/signatures/supply_protestware_payload.py +11 -0
  812. zerov4/signatures/supply_solarwinds_sunburst_vec.py +11 -0
  813. zerov4/signatures/supply_terraform_provider_fake.py +11 -0
  814. zerov4/signatures/supply_typosquatting_crates_io.py +20 -0
  815. zerov4/signatures/supply_typosquatting_npm_pypi.py +20 -0
  816. zerov4/signatures/svn_exposure.py +10 -0
  817. zerov4/signatures/sys_applocker_bypass_install.py +11 -0
  818. zerov4/signatures/sys_cron_tab_hidden_whitespace.py +15 -0
  819. zerov4/signatures/sys_gdi_font_parsing_engine.py +11 -0
  820. zerov4/signatures/sys_glibc_tunables_buffer_ov.py +11 -0
  821. zerov4/signatures/sys_pam_backdoor_module_check.py +11 -0
  822. zerov4/signatures/sys_polkit_local_priv_esc_cve.py +11 -0
  823. zerov4/signatures/sys_polkit_pkexec_cve_2021_356.py +11 -0
  824. zerov4/signatures/sys_proc_self_mem_write_abuse.py +11 -0
  825. zerov4/signatures/sys_sudo_edit_file_priv_esc.py +11 -0
  826. zerov4/signatures/sys_systemd_notify_socket_inj.py +11 -0
  827. zerov4/signatures/sys_udev_hotplug_priv_esc_vec.py +11 -0
  828. zerov4/signatures/sys_windows_com_hijacking_vec.py +11 -0
  829. zerov4/signatures/sys_wmi_event_consumer_persist.py +12 -0
  830. zerov4/signatures/technology_detection.py +8 -0
  831. zerov4/signatures/telecom_5g_ausf_vector_spoof.py +11 -0
  832. zerov4/signatures/telecom_5g_http2_sbi_poisoning.py +11 -0
  833. zerov4/signatures/telecom_5g_pfcp_session_leak.py +11 -0
  834. zerov4/signatures/telecom_5g_smf_pdu_session_dos.py +15 -0
  835. zerov4/signatures/telecom_asn1_per_decoding_bomb.py +11 -0
  836. zerov4/signatures/telecom_bcap_protocol_fuzzing.py +11 -0
  837. zerov4/signatures/telecom_diameter_subscriber_an.py +11 -0
  838. zerov4/signatures/telecom_eap_sim_imsi_catching.py +11 -0
  839. zerov4/signatures/telecom_gtp_tunnel_injection.py +11 -0
  840. zerov4/signatures/telecom_gtp_u_extension_hdr.py +11 -0
  841. zerov4/signatures/telecom_h323_voip_buffer_over.py +16 -0
  842. zerov4/signatures/telecom_ims_aka_auth_bypass.py +11 -0
  843. zerov4/signatures/telecom_nas_security_header_by.py +11 -0
  844. zerov4/signatures/telecom_radius_coa_packet_inj.py +11 -0
  845. zerov4/signatures/telecom_ran_rrc_reconfig_spoof.py +11 -0
  846. zerov4/signatures/telecom_sctp_chunk_malformation.py +11 -0
  847. zerov4/signatures/telecom_sip_invite_flood_dos.py +15 -0
  848. zerov4/signatures/telecom_smpp_pdu_fuzzing.py +15 -0
  849. zerov4/signatures/telecom_ss7_isup_call_drop_dos.py +11 -0
  850. zerov4/signatures/telecom_ss7_location_tracking.py +11 -0
  851. zerov4/signatures/telecom_tr069_cwmp_rce_vector.py +11 -0
  852. zerov4/signatures/telecom_vlr_subscriber_purge.py +11 -0
  853. zerov4/signatures/template_freemarker.py +9 -0
  854. zerov4/signatures/template_injection.py +8 -0
  855. zerov4/signatures/template_injection_erb.py +10 -0
  856. zerov4/signatures/template_twig.py +10 -0
  857. zerov4/signatures/time_based_sqli.py +8 -0
  858. zerov4/signatures/token_manipulation.py +11 -0
  859. zerov4/signatures/toml_injection.py +14 -0
  860. zerov4/signatures/trojan_activity.py +8 -0
  861. zerov4/signatures/typosquatting.py +15 -0
  862. zerov4/signatures/unicode_bypass.py +8 -0
  863. zerov4/signatures/unicode_normalization.py +9 -0
  864. zerov4/signatures/unicode_right_to_left.py +9 -0
  865. zerov4/signatures/unicode_right_to_left_override.py +11 -0
  866. zerov4/signatures/union_sqli.py +8 -0
  867. zerov4/signatures/unsafe_deserialization_java.py +11 -0
  868. zerov4/signatures/user_enumeration.py +12 -0
  869. zerov4/signatures/vertical_priv_esc.py +8 -0
  870. zerov4/signatures/vlan_hopping.py +9 -0
  871. zerov4/signatures/vm_escape_hyperv_vmbus_overflow.py +11 -0
  872. zerov4/signatures/vm_escape_kvm_io_ioctl.py +11 -0
  873. zerov4/signatures/vm_escape_qemu_slirp_rce_vector.py +11 -0
  874. zerov4/signatures/vm_escape_qemu_virtio_net.py +11 -0
  875. zerov4/signatures/vm_escape_vmware_vfd_overflow.py +11 -0
  876. zerov4/signatures/vm_escape_xen_grant_table.py +11 -0
  877. zerov4/signatures/vm_nested_virtualization_err.py +11 -0
  878. zerov4/signatures/vm_side_channel_cache_warp.py +11 -0
  879. zerov4/signatures/vulnerability_scanning.py +8 -0
  880. zerov4/signatures/waf_bypass.py +10 -0
  881. zerov4/signatures/waf_bypass_asp_url_unicode.py +15 -0
  882. zerov4/signatures/waf_bypass_base64_padding_conf.py +18 -0
  883. zerov4/signatures/waf_bypass_double_url_encode.py +14 -0
  884. zerov4/signatures/waf_bypass_html_numeric_entity.py +15 -0
  885. zerov4/signatures/waf_bypass_http_chunked_split.py +18 -0
  886. zerov4/signatures/waf_bypass_http_param_cloning.py +14 -0
  887. zerov4/signatures/waf_bypass_invalid_hex_sequence.py +13 -0
  888. zerov4/signatures/waf_bypass_javascript_obfuscate.py +16 -0
  889. zerov4/signatures/waf_bypass_json_char_encoding.py +15 -0
  890. zerov4/signatures/waf_bypass_mixed_case_polyglot.py +15 -0
  891. zerov4/signatures/waf_bypass_multipart.py +11 -0
  892. zerov4/signatures/waf_bypass_multipart_boundary.py +14 -0
  893. zerov4/signatures/waf_bypass_nested_tags.py +16 -0
  894. zerov4/signatures/waf_bypass_null_byte_string.py +13 -0
  895. zerov4/signatures/waf_bypass_sql_hex_concat.py +15 -0
  896. zerov4/signatures/waf_bypass_sql_inline_comment.py +14 -0
  897. zerov4/signatures/waf_bypass_unicode_homograph.py +20 -0
  898. zerov4/signatures/waf_bypass_user_agent_spoof.py +20 -0
  899. zerov4/signatures/waf_bypass_utf8_overlong.py +10 -0
  900. zerov4/signatures/waf_bypass_whitespace_tab.py +16 -0
  901. zerov4/signatures/waf_bypass_xml_cdata_escape.py +10 -0
  902. zerov4/signatures/warfare_gps_spoofing_indicator.py +12 -0
  903. zerov4/signatures/warfare_maritime_ais_spoofing.py +11 -0
  904. zerov4/signatures/warfare_satcom_protocol_fuzz.py +11 -0
  905. zerov4/signatures/warfare_satcom_terminal_disable.py +11 -0
  906. zerov4/signatures/warfare_tactical_datalink_inj.py +11 -0
  907. zerov4/signatures/wayback_abuse.py +8 -0
  908. zerov4/signatures/weak_jwt.py +11 -0
  909. zerov4/signatures/weak_password.py +9 -0
  910. zerov4/signatures/web3_access_control_owner.py +11 -0
  911. zerov4/signatures/web3_bridge_cross_chain_fake.py +11 -0
  912. zerov4/signatures/web3_delegatecall_context_inj.py +11 -0
  913. zerov4/signatures/web3_erc20_approve_race_cond.py +15 -0
  914. zerov4/signatures/web3_flash_loan_price_dump.py +11 -0
  915. zerov4/signatures/web3_front_running_mempool.py +11 -0
  916. zerov4/signatures/web3_gas_limit_exhaustion_dos.py +15 -0
  917. zerov4/signatures/web3_integer_overflow_uint256.py +15 -0
  918. zerov4/signatures/web3_multisig_threshold_bypass.py +11 -0
  919. zerov4/signatures/web3_nft_airdrop_mint_flood.py +15 -0
  920. zerov4/signatures/web3_oracle_data_feed_poison.py +11 -0
  921. zerov4/signatures/web3_rpc_node_fuzzing.py +15 -0
  922. zerov4/signatures/web3_selfdestruct_drain.py +10 -0
  923. zerov4/signatures/web3_shadow_variable_override.py +11 -0
  924. zerov4/signatures/web3_signature_replay_attack.py +11 -0
  925. zerov4/signatures/web3_smart_contract_reentrancy.py +10 -0
  926. zerov4/signatures/web3_solidity_compiler_bug.py +11 -0
  927. zerov4/signatures/web3_tx_origin_phishing.py +10 -0
  928. zerov4/signatures/web3_upgradeable_proxy_poison.py +11 -0
  929. zerov4/signatures/web3_vanity_address_collision.py +19 -0
  930. zerov4/signatures/web3_weak_randomness_block.py +11 -0
  931. zerov4/signatures/web_cache_deception.py +8 -0
  932. zerov4/signatures/web_cache_deception_static.py +18 -0
  933. zerov4/signatures/web_cache_poisoning_fat_get.py +15 -0
  934. zerov4/signatures/web_client_side_desync_attack.py +16 -0
  935. zerov4/signatures/web_cookie_tld_poisoning.py +13 -0
  936. zerov4/signatures/web_cors_null_origin_bypass.py +14 -0
  937. zerov4/signatures/web_cross_site_leaks_xs_leaks.py +19 -0
  938. zerov4/signatures/web_csp_bypass_gadgets.py +15 -0
  939. zerov4/signatures/web_form_action_hijacking.py +16 -0
  940. zerov4/signatures/web_graphql_alias_overload.py +18 -0
  941. zerov4/signatures/web_hpack_decompression_bomb.py +15 -0
  942. zerov4/signatures/web_http2_stream_multiplex_dos.py +11 -0
  943. zerov4/signatures/web_http_cleartext_h2c_smuggle.py +11 -0
  944. zerov4/signatures/web_http_header_smuggling_cllf.py +10 -0
  945. zerov4/signatures/web_http_keep_alive_timeout_dos.py +16 -0
  946. zerov4/signatures/web_http_parameter_cloning_post.py +13 -0
  947. zerov4/signatures/web_json_key_collision_parse.py +12 -0
  948. zerov4/signatures/web_json_rpc_batch_exhaustion.py +17 -0
  949. zerov4/signatures/web_sec_ch_ua_fingerprint_evas.py +25 -0
  950. zerov4/signatures/web_server_side_prototype_poll.py +12 -0
  951. zerov4/signatures/web_shibboleth_saml_attributes.py +13 -0
  952. zerov4/signatures/web_signed_exchange_sxg_spoof.py +12 -0
  953. zerov4/signatures/web_tabnabbing_target_blank.py +14 -0
  954. zerov4/signatures/web_websocket_smuggling_upgrade.py +14 -0
  955. zerov4/signatures/webshell_upload.py +8 -0
  956. zerov4/signatures/websocket_abuse.py +13 -0
  957. zerov4/signatures/websocket_deflate_abuse.py +15 -0
  958. zerov4/signatures/websocket_hijack.py +16 -0
  959. zerov4/signatures/websocket_per_msg_deflate_bomb.py +14 -0
  960. zerov4/signatures/workflow_manipulation.py +8 -0
  961. zerov4/signatures/worm_propagation.py +11 -0
  962. zerov4/signatures/xml_injection.py +10 -0
  963. zerov4/signatures/xpath_advanced.py +10 -0
  964. zerov4/signatures/xpath_blind.py +10 -0
  965. zerov4/signatures/xpath_error_based.py +11 -0
  966. zerov4/signatures/xpath_injection.py +8 -0
  967. zerov4/signatures/xss.py +18 -0
  968. zerov4/signatures/xss_angular.py +10 -0
  969. zerov4/signatures/xss_base64_payload.py +19 -0
  970. zerov4/signatures/xss_dom_clobbering.py +11 -0
  971. zerov4/signatures/xss_event_handler.py +12 -0
  972. zerov4/signatures/xss_filter_evasion.py +11 -0
  973. zerov4/signatures/xss_href_bypass.py +10 -0
  974. zerov4/signatures/xss_mutation.py +10 -0
  975. zerov4/signatures/xss_on_error.py +11 -0
  976. zerov4/signatures/xss_polyglot.py +10 -0
  977. zerov4/signatures/xss_react.py +9 -0
  978. zerov4/signatures/xss_srcdoc.py +9 -0
  979. zerov4/signatures/xss_via_upload.py +11 -0
  980. zerov4/signatures/xss_vue.py +9 -0
  981. zerov4/signatures/xxe_billion_laughs.py +12 -0
  982. zerov4/signatures/xxe_blind_dtd.py +11 -0
  983. zerov4/signatures/xxe_svg.py +14 -0
  984. zerov4/signatures/xxe_via_json.py +11 -0
  985. zerov4/signatures/yaml_deserialization.py +11 -0
  986. zerov4/signatures/zero_v4_ultimate_seal.py +48 -0
  987. zerov4/signatures/zip_bomb.py +9 -0
  988. zerov4/signatures/zip_bomb_multi_layer.py +16 -0
  989. zerov4/signatures/zip_file_traversal.py +14 -0
  990. zerov4/signatures/zip_slip.py +9 -0
  991. zerov4/state.py +354 -0
  992. zerov4/store.py +406 -0
  993. zerov4/utils.py +621 -0
  994. zerov4-0.1.0.dist-info/METADATA +327 -0
  995. zerov4-0.1.0.dist-info/RECORD +1000 -0
  996. zerov4-0.1.0.dist-info/WHEEL +5 -0
  997. zerov4-0.1.0.dist-info/entry_points.txt +2 -0
  998. zerov4-0.1.0.dist-info/licenses/LICENSE +201 -0
  999. zerov4-0.1.0.dist-info/licenses/NOTICE +6 -0
  1000. zerov4-0.1.0.dist-info/top_level.txt +1 -0
zerov4/__init__.py ADDED
@@ -0,0 +1,93 @@
1
+ """
2
+ ZeroV4 — request-level protection for WSGI applications.
3
+
4
+ Quick start:
5
+
6
+ from zerov4 import arx
7
+ from myapp import app
8
+
9
+ arx.run(app)
10
+
11
+ That asks for a port, a debug flag and a protection level, then serves
12
+ your app with every request inspected before it reaches your routes.
13
+
14
+ Under gunicorn, wrap instead of run:
15
+
16
+ # wsgi.py
17
+ from zerov4 import arx
18
+ from myapp import app
19
+ application = arx.wrap(app)
20
+
21
+ Or use the middleware directly, if you want the control:
22
+
23
+ from zerov4 import ZeroGuard, make_config
24
+
25
+ app.wsgi_app = ZeroGuard(app.wsgi_app, cfg=make_config("balanced"))
26
+
27
+ Or from the shell:
28
+
29
+ $ zerov4 init
30
+ $ zerov4 run myapp:app
31
+
32
+ Protection levels: permissive, balanced (default), paranoid.
33
+ Balanced is tuned for a site with real visitors. Paranoid is the original
34
+ Autonomous Agent Zero-V4 behaviour — it will produce false positives on
35
+ public traffic, which is what it is for.
36
+
37
+ Derived from Autonomous Agent Zero-V4 by Barış (BRSX-Labs).
38
+ """
39
+
40
+ from . import arx
41
+ from .agent import ThreatAgent
42
+ from .auth import PanelAuth, hash_password, verify_password
43
+ from .challenge import ChallengeManager
44
+ from .config import LEVELS, Config, from_env, make_config
45
+ from .feedback import FeedbackTracker
46
+ from .firewall import ALLOW, BAN, BLOCKED, THROTTLE, Firewall, Verdict
47
+ from .middleware import Request, ZeroGuard
48
+ from .state import ZeroState
49
+ from .store import Store, make_store
50
+ from .utils import Signature, load_signatures
51
+
52
+ __version__ = "0.1.0"
53
+ __author__ = "Barış (BRSX-Labs)"
54
+
55
+ __all__ = [
56
+ # The front door
57
+ "arx",
58
+ # Middleware
59
+ "ZeroGuard",
60
+ "serve",
61
+ # Config
62
+ "make_config",
63
+ "from_env",
64
+ "Config",
65
+ "LEVELS",
66
+ # Decisions
67
+ "Firewall",
68
+ "Verdict",
69
+ "ALLOW",
70
+ "THROTTLE",
71
+ "BAN",
72
+ "BLOCKED",
73
+ # Components
74
+ "ChallengeManager",
75
+ "FeedbackTracker",
76
+ "PanelAuth",
77
+ "ThreatAgent",
78
+ "Store",
79
+ "ZeroState",
80
+ "Request",
81
+ "Signature",
82
+ # Helpers
83
+ "load_signatures",
84
+ "make_store",
85
+ "hash_password",
86
+ "verify_password",
87
+ "__version__",
88
+ ]
89
+
90
+
91
+ def serve(app, cfg=None, interactive: bool = True, **overrides):
92
+ """Wrap `app` and serve it. Same as arx.run()."""
93
+ return arx.run(app, cfg=cfg, interactive=interactive, **overrides)
zerov4/agent.py ADDED
@@ -0,0 +1,143 @@
1
+ """
2
+ agent.py — background threat monitor.
3
+
4
+ What this used to be, and what it is now:
5
+
6
+ * The Zero-V4 model is gone, as agreed. run_inference() fed a fixed
7
+ prompt ("system status network analysis") into a byte-level model,
8
+ averaged the generated token ids, scaled that to 0-100, then added
9
+ random.choice([+40, +50, ..., -80]) to it. The output never depended
10
+ on the traffic, so the "risk score" it produced was noise with a
11
+ threshold on it. What actually made decisions was
12
+ count_active_attackers() — that logic is kept, and it is now the
13
+ whole agent.
14
+
15
+ * WiFi control is gone. disable_internet()/enable_internet() clicked
16
+ fixed screen coordinates via pyautogui, or shelled out to nmcli.
17
+ A library does not take the host off the network. The coordinated-
18
+ attack event now fires Config.on_coordinated_attack; wire whatever
19
+ you want to it, including your old disable_internet().
20
+
21
+ * The attacker set no longer comes from re-reading and truncating
22
+ attack_log.txt. It reads live state, which is where the middleware
23
+ records detections. The old file round-trip lost every event written
24
+ between the read and the open(..., 'w') that cleared it.
25
+ """
26
+
27
+ from __future__ import annotations
28
+
29
+ import threading
30
+ import time
31
+ from typing import Optional
32
+
33
+ from .utils import log
34
+
35
+
36
+ class ThreatAgent(threading.Thread):
37
+ """Watches for coordinated activity and drives pattern analysis.
38
+
39
+ Single IP misbehaving -> firewall throttles/bans it inline;
40
+ the agent stays out of it.
41
+ coordinated_threshold+ IPs -> on_coordinated_attack hook fires once,
42
+ on_threat_cleared when it subsides.
43
+
44
+ Interval adapts: quiet systems poll slowly, active ones poll fast.
45
+ """
46
+
47
+ NORMAL_INTERVAL = 30.0
48
+ TRACKING_INTERVAL = 8.0
49
+ CRITICAL_INTERVAL = 4.0
50
+
51
+ def __init__(self, cfg, firewall, state, interval: Optional[float] = None):
52
+ super().__init__(daemon=True, name="zeroguard-agent")
53
+ self.cfg = cfg
54
+ self.firewall = firewall
55
+ self.state = state
56
+ self._forced_interval = interval
57
+ self._stop_event = threading.Event()
58
+ self._last_pattern_run = 0.0
59
+
60
+ # ─── Threat assessment ───────────────────────────────────────────
61
+ def active_attackers(self, now: Optional[float] = None) -> set:
62
+ """Distinct IPs that triggered a detection within the pattern
63
+ window. Read from live state, not from a log file."""
64
+ return set(self.state.attack_history(now).keys())
65
+
66
+ def assess(self, now: Optional[float] = None) -> dict:
67
+ """Current threat picture. No model, no randomness — just counts."""
68
+ now = now or time.time()
69
+ history = self.state.attack_history(now)
70
+ attackers = set(history.keys())
71
+ total_hits = sum(len(v) for v in history.values())
72
+
73
+ if not attackers:
74
+ level, status = 0, "clear"
75
+ elif len(attackers) >= self.cfg.coordinated_threshold:
76
+ level, status = 3, "coordinated attack"
77
+ elif total_hits >= 10 or len(attackers) >= 3:
78
+ level, status = 2, "elevated"
79
+ else:
80
+ level, status = 1, "isolated activity"
81
+
82
+ return {
83
+ "level": level,
84
+ "status": status,
85
+ "attackers": sorted(attackers),
86
+ "attacker_count": len(attackers),
87
+ "total_hits": total_hits,
88
+ "coordinated": len(attackers) >= self.cfg.coordinated_threshold,
89
+ }
90
+
91
+ def _interval_for(self, level: int) -> float:
92
+ if self._forced_interval:
93
+ return self._forced_interval
94
+ if level >= 3:
95
+ return self.CRITICAL_INTERVAL
96
+ if level == 2:
97
+ return self.TRACKING_INTERVAL
98
+ return self.NORMAL_INTERVAL
99
+
100
+ # ─── Loop ────────────────────────────────────────────────────────
101
+ def tick(self, now: Optional[float] = None) -> dict:
102
+ """One assessment cycle. Exposed separately so it can be called
103
+ directly from a test or a one-shot CLI command."""
104
+ now = now or time.time()
105
+ report = self.assess(now)
106
+
107
+ # Pattern analysis owns the coordinated/cleared hooks and the
108
+ # slow-recon / multi-category / rapid-escalation bans.
109
+ if self.cfg.pattern_enabled:
110
+ try:
111
+ self.firewall.analyse_patterns(now)
112
+ except Exception as e:
113
+ log.warning("Pattern analysis failed: %s", e)
114
+
115
+ if report["attacker_count"] and report["attacker_count"] < self.cfg.coordinated_threshold:
116
+ log.debug("%d IP(s) active — handled inline by the firewall.",
117
+ report["attacker_count"])
118
+
119
+ # Housekeeping the middleware shouldn't do per request.
120
+ try:
121
+ self.state.maybe_prune()
122
+ self.firewall.purge_expired()
123
+ except Exception as e:
124
+ log.warning("Housekeeping failed: %s", e)
125
+
126
+ return report
127
+
128
+ def run(self) -> None:
129
+ log.info("Threat agent started (coordinated threshold: %d IPs / %ds)",
130
+ self.cfg.coordinated_threshold, self.cfg.pattern_window)
131
+ interval = self.NORMAL_INTERVAL
132
+ while not self._stop_event.wait(interval):
133
+ try:
134
+ report = self.tick()
135
+ interval = self._interval_for(report["level"])
136
+ except Exception as e:
137
+ # The agent must never die: it is what clears expired
138
+ # bans and prunes memory.
139
+ log.warning("Agent cycle failed: %s", e)
140
+ interval = self.NORMAL_INTERVAL
141
+
142
+ def stop(self) -> None:
143
+ self._stop_event.set()
zerov4/arx.py ADDED
@@ -0,0 +1,341 @@
1
+ """
2
+ arx.py — the front door.
3
+
4
+ from zerov4 import arx
5
+
6
+ arx.run(app) # menu, then serve
7
+ arx.run("myapp:app") # same, but import it for me
8
+ arx.run() # read zerov4.toml, find the app, serve
9
+ arx.wrap(app) # just wrap it; gunicorn does the serving
10
+ arx.status() # what does the firewall know
11
+ arx.unblock("1.2.3.4")
12
+
13
+ `arx` is a module, so `from zerov4 import arx` gives you the namespace and
14
+ every call below hangs off it. State (the running guard) is held here so
15
+ that arx.status() after arx.wrap() talks about the same instance rather
16
+ than building a second one that shares nothing.
17
+
18
+ Everything here is a thin layer. ZeroGuard, Firewall, make_config and the
19
+ rest stay importable and are what you reach for when you want control:
20
+
21
+ from zerov4 import ZeroGuard, make_config
22
+ app.wsgi_app = ZeroGuard(app.wsgi_app, cfg=make_config("paranoid"))
23
+ """
24
+
25
+ from __future__ import annotations
26
+
27
+ import os
28
+ import sys
29
+ from typing import Any, Optional, Union
30
+
31
+ from .config import Config, make_config
32
+
33
+ # The guard built by the most recent wrap()/run() call, so the helpers
34
+ # below operate on the live instance instead of a detached copy.
35
+ _guard = None
36
+ _cfg: Optional[Config] = None
37
+
38
+
39
+ # ─── Internals ───────────────────────────────────────────────────────
40
+ def _resolve_app(app: Union[Any, str, None]):
41
+ """Accept a WSGI callable, a 'module:attr' string, or nothing."""
42
+ if app is None:
43
+ from .cli import load_config_file
44
+ target = load_config_file().get("app")
45
+ if not target:
46
+ raise SystemExit(
47
+ " No app given and no `app` key in zerov4.toml.\n"
48
+ " Try: arx.run(app) or arx.run('myapp:app')\n"
49
+ " Or add to zerov4.toml: app = \"myapp:app\"")
50
+ app = target
51
+
52
+ if isinstance(app, str):
53
+ from .cli import load_app
54
+ return load_app(app)
55
+
56
+ if not callable(app):
57
+ raise TypeError(
58
+ f"Expected a WSGI application or a 'module:attr' string, "
59
+ f"got {type(app).__name__}. If you have a Flask app, pass the "
60
+ f"app itself: arx.run(app)")
61
+ return app
62
+
63
+
64
+ def _build_config(cfg: Optional[Config], overrides: dict,
65
+ interactive: bool) -> Config:
66
+ if cfg is not None:
67
+ return cfg
68
+
69
+ from .cli import interactive_setup, load_config_file
70
+
71
+ values = load_config_file()
72
+ values.pop("app", None) # not a Config field
73
+ values.update(overrides)
74
+
75
+ if interactive and sys.stdin.isatty():
76
+ return interactive_setup(values, write_file=False)
77
+
78
+ level = values.pop("level", "balanced")
79
+ return make_config(level, **values)
80
+
81
+
82
+ def _need_guard():
83
+ if _guard is None:
84
+ raise RuntimeError(
85
+ "No guard is running. Call arx.run(app) or arx.wrap(app) first.\n"
86
+ "For read-only inspection without a running app, use the CLI:\n"
87
+ " zerov4 status")
88
+ return _guard
89
+
90
+
91
+ def _offline_firewall():
92
+ """Build a firewall against the on-disk state, for when nothing is
93
+ running — `zerov4 status` from a second terminal, for instance."""
94
+ from .firewall import Firewall
95
+ from .state import ZeroState
96
+ from .store import make_store
97
+ from .utils import setup_logging
98
+ from .cli import load_config_file
99
+
100
+ values = load_config_file()
101
+ values.pop("app", None)
102
+ level = values.pop("level", "balanced")
103
+ values.setdefault("verbose", False)
104
+ cfg = make_config(level, **values)
105
+ setup_logging(cfg)
106
+ store = make_store(cfg)
107
+ state = ZeroState(cfg)
108
+ state.load()
109
+ return Firewall(cfg, store, state), cfg
110
+
111
+
112
+ def _firewall():
113
+ return _guard.firewall if _guard is not None else _offline_firewall()[0]
114
+
115
+
116
+ # ─── Main entry points ───────────────────────────────────────────────
117
+ def wrap(app: Union[Any, str, None] = None, cfg: Optional[Config] = None,
118
+ level: str = "balanced", **overrides):
119
+ """Wrap a WSGI app and return it. Does not serve.
120
+
121
+ This is what you want under gunicorn/uwsgi, which do their own serving:
122
+
123
+ # wsgi.py
124
+ from zerov4 import arx
125
+ from myapp import app
126
+ application = arx.wrap(app)
127
+
128
+ $ gunicorn wsgi:application -w 4
129
+
130
+ Non-interactive by design — a worker booting under gunicorn must not
131
+ stop to ask you for a port.
132
+ """
133
+ global _guard, _cfg
134
+ from .middleware import ZeroGuard
135
+
136
+ resolved = _resolve_app(app)
137
+ if cfg is None:
138
+ overrides.setdefault("level", level)
139
+ cfg = _build_config(None, overrides, interactive=False)
140
+
141
+ _cfg = cfg
142
+ _guard = ZeroGuard(resolved, cfg=cfg)
143
+ return _guard
144
+
145
+
146
+ def run(app: Union[Any, str, None] = None, cfg: Optional[Config] = None,
147
+ interactive: bool = True, **overrides):
148
+ """Wrap `app` and serve it.
149
+
150
+ arx.run(app) # asks port/debug/level, then serves
151
+ arx.run(app, port=8080) # port answered, so not asked
152
+ arx.run("myapp:app")
153
+ arx.run(interactive=False) # no questions at all
154
+
155
+ Blocks until Ctrl+C.
156
+ """
157
+ global _guard, _cfg
158
+ from .cli import serve
159
+
160
+ resolved = _resolve_app(app)
161
+ cfg = _build_config(cfg, overrides, interactive)
162
+ _cfg = cfg
163
+
164
+ from .middleware import ZeroGuard
165
+ _guard = ZeroGuard(resolved, cfg=cfg)
166
+
167
+ print()
168
+ print(" This server is secured by Arx and Zero.")
169
+ print(f" ZeroV4 listening on http://{cfg.host}:{cfg.port}")
170
+ if cfg.panel_enabled:
171
+ print(f" Panel: http://127.0.0.1:{cfg.port}{cfg.panel_path}")
172
+ print(" Ctrl+C to stop.")
173
+ print()
174
+
175
+ from .cli import _run_server
176
+ try:
177
+ _run_server(_guard, cfg)
178
+ except KeyboardInterrupt:
179
+ print("\n Stopping...")
180
+ finally:
181
+ _guard.shutdown()
182
+ _guard = None
183
+ print(" Stopped.")
184
+
185
+
186
+ def stop() -> None:
187
+ """Shut down the running guard: stop its threads, flush state."""
188
+ global _guard
189
+ if _guard is not None:
190
+ _guard.shutdown()
191
+ _guard = None
192
+
193
+
194
+ def init(**overrides) -> Config:
195
+ """Run the setup menu and write zerov4.toml. Same as `zerov4 init`."""
196
+ global _cfg
197
+ from .cli import interactive_setup
198
+ _cfg = interactive_setup(overrides)
199
+ return _cfg
200
+
201
+
202
+ # ─── Inspection ──────────────────────────────────────────────────────
203
+ def status() -> dict:
204
+ """What the firewall currently knows. Works with or without a running
205
+ guard — without one it reads the stored state."""
206
+ firewall = _firewall()
207
+ stats = firewall.stats()
208
+ if _guard is not None:
209
+ stats.update(_guard.state.snapshot())
210
+ stats["signatures"] = len(_guard.signatures)
211
+ return stats
212
+
213
+
214
+ def blocked() -> list:
215
+ """Every blocked IP, newest first."""
216
+ return _firewall().list_blocked()
217
+
218
+
219
+ def reputation() -> list:
220
+ """The learned bad-IP list, worst first."""
221
+ return _firewall().list_reputation()
222
+
223
+
224
+ def attacks(n: int = 20) -> list:
225
+ """Recent detections. Needs a running guard — this lives in memory."""
226
+ return _need_guard().state.recent_attacks(n)
227
+
228
+
229
+ def is_blocked(ip: str) -> bool:
230
+ return _firewall().is_blocked(ip) is not None
231
+
232
+
233
+ # ─── Actions ─────────────────────────────────────────────────────────
234
+ def unblock(ip: str) -> bool:
235
+ """Lift a block: block entry, reputation, and hit count all cleared.
236
+ Miss any one and the IP is re-banned on its next request."""
237
+ return _firewall().unblock(ip)
238
+
239
+
240
+ def ban(ip: str, reason: str = "manual ban") -> bool:
241
+ """Ban an IP outright."""
242
+ from .firewall import BAN
243
+ return _firewall().ban_permanent(ip, reason).action == BAN
244
+
245
+
246
+ def whitelist(ip: Optional[str] = None, remove: bool = False):
247
+ """No argument lists the whitelist; an IP adds or removes one.
248
+
249
+ A whitelisted IP is never blocked by anything, which is also your way
250
+ out if a rule turns on you.
251
+ """
252
+ firewall = _firewall()
253
+ if ip is None:
254
+ return firewall.get_whitelist()
255
+ return firewall.remove_whitelist(ip) if remove else firewall.add_whitelist(ip)
256
+
257
+
258
+ def reload_signatures() -> int:
259
+ """Re-read the signature directory. Returns how many are loaded."""
260
+ return _need_guard().reload_signatures()
261
+
262
+
263
+ def signatures() -> list:
264
+ """The loaded signatures."""
265
+ if _guard is not None:
266
+ return _guard.signatures
267
+ from .utils import load_signatures
268
+ _, cfg = _offline_firewall()
269
+ return load_signatures(cfg.signatures_dir)
270
+
271
+
272
+ # ─── Feedback ────────────────────────────────────────────────────────
273
+ def events(limit: int = 30) -> list:
274
+ """Recent firewall decisions, each with an id you can mark wrong."""
275
+ from .feedback import FeedbackTracker
276
+ firewall = _firewall()
277
+ cfg = _cfg or _offline_firewall()[1]
278
+ return FeedbackTracker(cfg, firewall).recent_events(limit=limit)
279
+
280
+
281
+ def wrong(event_id: str, unblock: bool = False) -> dict:
282
+ """Mark a firewall decision as a false positive.
283
+
284
+ Nothing is changed automatically. After enough marks for the same
285
+ signature, ZeroV4 tells you which file to look at — you decide.
286
+ Pass unblock=True to also release that IP.
287
+ """
288
+ from .feedback import FeedbackTracker
289
+ firewall = _firewall()
290
+ cfg = _cfg or _offline_firewall()[1]
291
+ return FeedbackTracker(cfg, firewall).mark_wrong(event_id, unblock=unblock)
292
+
293
+
294
+ def suggestions() -> list:
295
+ """Signatures that have been wrong often enough to be worth a look."""
296
+ from .feedback import FeedbackTracker
297
+ cfg = _cfg or _offline_firewall()[1]
298
+ return FeedbackTracker(cfg, _firewall()).suggestions()
299
+
300
+
301
+ # ─── Panel password ──────────────────────────────────────────────────
302
+ def set_panel_password(password: Optional[str] = None) -> Optional[str]:
303
+ """Set the panel password.
304
+
305
+ No argument prompts for one (and offers to generate). Only the PBKDF2
306
+ hash is written to .env; the password itself never touches disk.
307
+ Returns the generated password if one was generated, else None.
308
+ """
309
+ from .auth import prompt_panel_password, write_env_value, ENV_KEY
310
+ from .auth import hash_password, password_strength
311
+
312
+ if password is None:
313
+ _, generated = prompt_panel_password()
314
+ return generated
315
+
316
+ ok, message = password_strength(password)
317
+ if not ok:
318
+ raise ValueError(message)
319
+ write_env_value(ENV_KEY, hash_password(password))
320
+ return None
321
+
322
+
323
+ # ─── Config ──────────────────────────────────────────────────────────
324
+ def config() -> Optional[Config]:
325
+ """The Config in use, if a guard is running."""
326
+ return _cfg
327
+
328
+
329
+ def guard():
330
+ """The live ZeroGuard instance. For when the facade isn't enough."""
331
+ return _guard
332
+
333
+
334
+ __all__ = [
335
+ "run", "wrap", "stop", "init",
336
+ "status", "blocked", "reputation", "attacks", "is_blocked",
337
+ "unblock", "ban", "whitelist",
338
+ "signatures", "reload_signatures",
339
+ "events", "wrong", "suggestions",
340
+ "set_panel_password", "config", "guard",
341
+ ]