Skip to content

Commit

Permalink
chore: add a demo gif and improve readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@emmanuelgautier
emmanuelgautier committed Feb 28, 2024
1 parent 3eb2cb1 commit 09c930c
Show file tree
Hide file tree
Showing 3 changed files with 108 additions and 4 deletions.
27 changes: 23 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# VulnAPI: An API Security Vulnerability Scanner

## Overview
VulnAPI is an open-source project designed to help you scan your APIs for common security vulnerabilities and weaknesses.

As APIs are becoming increasingly essential, they are also becoming prime targets for security breaches. To protect your APIs, it's vital to proactively identify and address security vulnerabilities.
By using this tool, you can detect that some API potential vulnerabilities and fix security issues.

VulnAPI is an open-source project designed to help you scan your APIs for common security vulnerabilities and weaknesses. By using this tool, you can detect that some API potential vulnerabilities and fix security issues.
![Demo](demo.gif)

You can test the scanner against example [vulnerability challenges](https://github.com/cerberauth/api-vulns-challenges).

Expand Down Expand Up @@ -76,7 +76,26 @@ The CLI provides detailed reports on any vulnerabilities detected during the sca
Warning: Critical vulnerabilities detected!
```

In this example, each line represents a detected vulnerability, including the timestamp, severity level (critical), vulnerability type (JWT Alg None), affected endpoint (http://localhost:8080/), and a description of the vulnerability (JWT accepts none algorithm and does not verify JWT).
In this example, each line represents a detected vulnerability, severity level (critical), vulnerability type, affected operation (GET http://localhost:8080/), and a description of the vulnerability.

## Vulnerabilities Detected

The scanner is capable of detecting the following vulnerabilities:
* JWT `none` algorithm accepted
* JWT not verified
* JWT weak secret used
* JWT null signature accepted

The scanner also detects the following security best practices:
* CSP Header is not set
* HSTS Header is not set
* CORS Header is not set
* X-Content-Type-Options Header is not set
* X-Frame-Options Header is not set
* HTTP Trace Method enabled
* Server Signature exposed

> More vulnerabilities and best practices will be added in future releases. If you have any suggestions or requests for additional vulnerabilities or best practices to be included, please feel free to open an issue or submit a pull request.
## Additional Options

Expand Down
85 changes: 85 additions & 0 deletions demo.cast
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
{"version": 2, "width": 158, "height": 30, "timestamp": 1709146657, "env": {"SHELL": "/usr/bin/zsh", "TERM": "xterm-256color"}}
[0.668542, "o", "\u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \r \r\u001b]2;manu@manu-pc:~\u0007\u001b]1;~\u0007"]
[0.680054, "o", "\r\u001b[0m\u001b[27m\u001b[24m\u001b[J\u001b[39m\u001b[0m\u001b[49m\u001b[40m\u001b[39m manu@manu-pc \u001b[44m\u001b[30m\u001b[30m ~ \u001b[49m\u001b[34m\u001b[39m \u001b[K"]
[0.680142, "o", "\u001b[?1h\u001b=\u001b[?2004h"]
[1.95861, "o", "c"]
[2.0363, "o", "\bcu"]
[2.148797, "o", "r"]
[2.228692, "o", "l"]
[2.284312, "o", " "]
[2.901584, "o", "http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[K"]
[5.08551, "o", "\u001b[?1l\u001b>"]
[5.085651, "o", "\u001b[?2004l\r\r\n"]
[5.086534, "o", "\u001b]2;curl http://localhost:8080 --verbose -H \u0007\u001b]1;curl\u0007"]
[5.095416, "o", "* Trying 127.0.0.1:8080...\r\n"]
[5.095499, "o", "* Connected to localhost (127.0.0.1) port 8080 (#0)\r\n"]
[5.095534, "o", "> GET / HTTP/1.1\r\r\n> Host: localhost:8080\r\r\n"]
[5.095562, "o", "> User-Agent: curl/7.81.0\r\r\n> Accept: */*\r\r\n> Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\r\r\n> \r\r\n"]
[5.095701, "o", "* Mark bundle as not supporting multiuse\r\n< HTTP/1.1 401 Unauthorized\r\r\n"]
[5.095732, "o", "< Date: Wed, 28 Feb 2024 18:57:42 GMT\r\r\n< Content-Length: 0\r\r\n< \r\r\n* Connection #0 to host localhost left intact\r\n"]
[5.096324, "o", "\u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \r \r"]
[5.096391, "o", "\u001b]2;manu@manu-pc:~\u0007\u001b]1;~\u0007"]
[5.104763, "o", "\r\u001b[0m\u001b[27m\u001b[24m\u001b[J\u001b[39m\u001b[0m\u001b[49m\u001b[40m\u001b[39m manu@manu-pc \u001b[44m\u001b[30m\u001b[30m ~ \u001b[49m\u001b[34m\u001b[39m \u001b[K"]
[5.10484, "o", "\u001b[?1h\u001b="]
[5.104872, "o", "\u001b[?2004h"]
[8.676598, "o", "c"]
[8.756332, "o", "\bcl"]
[8.876111, "o", "e"]
[8.948342, "o", "a"]
[9.452901, "o", "r"]
[9.58024, "o", "\u001b[?1l\u001b>"]
[9.580381, "o", "\u001b[?2004l\r\r\n"]
[9.581128, "o", "\u001b]2;clear\u0007\u001b]1;clear\u0007"]
[9.583342, "o", "\u001b[H\u001b[2J\u001b[3J"]
[9.583449, "o", "\u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \r \r"]
[9.583517, "o", "\u001b]2;manu@manu-pc:~\u0007\u001b]1;~\u0007"]
[9.593162, "o", "\r\u001b[0m\u001b[27m\u001b[24m\u001b[J\u001b[39m\u001b[0m\u001b[49m\u001b[40m\u001b[39m manu@manu-pc \u001b[44m\u001b[30m\u001b[30m ~ \u001b[49m\u001b[34m\u001b[39m \u001b[K"]
[9.59325, "o", "\u001b[?1h\u001b=\u001b[?2004h"]
[10.269055, "o", "c"]
[10.340703, "o", "\bcu"]
[10.436515, "o", "r"]
[10.516757, "o", "l"]
[10.604671, "o", " "]
[10.78935, "o", "http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[K"]
[11.214622, "o", "\u001b[3A\u001b[61D"]
[11.845302, "o", "vcurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[11.916563, "o", "\bvucurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[11.964255, "o", "lcurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.108563, "o", "ncurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.20467, "o", "acurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.340804, "o", "pcurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.388384, "o", "icurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.46053, "o", " curl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.636834, "o", "scurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.708436, "o", "\u001b[1Ccurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.852842, "o", "acurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.92443, "o", "ncurl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhEmmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[12.988363, "o", " curl http://localhost:8080 --verbose -H \"Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.jYW04zLDHfR1v7xdrW3lCGZrMIsVe0vWCfVkN2DRns2c3MN-mcp_-RE6TN9umSBYoNV-mnb31wFf8iun3fB6aDS6m_OXAiURVEKrPFNGlR38JSHUtsFzqTOj-wFrJZN4RwvZnNGSMvK3wzzUriZqmiNLsG8lktlEn6KA4kYVaM61_NpmPHWAjGExWv7cjHYupcjMSmR8uMTwN5UuAwgW6FRstCJEfoxwb0WKiyoaSlDuIiHZJ0cyGhhE\u001b[1B\rmAPiCwtPAwGeaL1yZMcp0p82cpTQ5Qb-7CtRov3N4DcOHgWYk6LomPR5j5cCkePAz87duqyzSMpCB0mCOuE3CU2VMtGeQ\"\u001b[3A\u001b[61D"]
[14.189372, "o", "\u001b[?1l\u001b>"]
[14.189519, "o", "\u001b[?2004l\u001b[3B\r\r\n"]
[14.19031, "o", "\u001b]2;vulnapi scan curl http://localhost:8080 --verbose -H \u0007\u001b]1;vulnapi\u0007"]
[14.196247, "o", "\u001b[36m __ __ _ _ ____ ___\u001b[0m\r\n\u001b[36m \\ \\ / / _ _ | | _ __ / \\ | _ \\ |_ _|\u001b[0m\r\n\u001b[36m \\ \\ / / | | | | | | | '_ \\ / _ \\ | |_) | | |\u001b[0m\r\n\u001b[36m \\ V / | |_| | | | | | | | / ___ \\ | __/ | |\u001b[0m\r\n\u001b[36m \\_/ \\__,_| |_| |_| |_| /_/ \\_\\ |_| |___|\u001b[0m\r\n"]
[14.197764, "o", "+------------+--------------------------------+--------------------------------+\r\n|"]
[14.19782, "o", " RISK LEVEL | VULNERABILITY | DESCRIPTION |\r\n+------------+--------------------------------+--------------------------------+\r\n| \u001b[1;31mCritical\u001b[0m | \u001b[1;31mJWT None Algorithm\u001b[0m | \u001b[1;31mJWT with none algorithm is\u001b[0m |\r\n| | "]
[14.197853, "o", " | accepted allowing to bypass |\r\n| | | authentication. |"]
[14.197886, "o", "\r\n| \u001b[1;44mLow\u001b[0m | \u001b[1;44mCSP Header is not set\u001b[0m | \u001b[1;44mNo Content Security Policy\u001b[0m |\r\n| "]
[14.197913, "o", " | | (CSP) Header has been detected |\r\n| "]
[14.19794, "o", " | | in HTTP Response. |\r\n| \u001b[1;44mLow\u001b[0m |"]
[14.197971, "o", " \u001b[1;44mCORS Header is not set\u001b[0m | \u001b[1;44mNo CORS Header has been\u001b[0m |\r\n| | "]
[14.197995, "o", "| detected in HTTP Response. |\r\n| \u001b[1;44mLow\u001b[0m | "]
[14.198018, "o", "\u001b[1;44mHSTS Header is not set\u001b[0m | \u001b[1;44mNo HSTS Header has been\u001b[0m |\r\n| |"]
[14.198039, "o", " | detected in HTTP Response. |\r\n"]
[14.198061, "o", "| \u001b[1;44mLow\u001b[0m | \u001b[1;44mX-Content-Type-Options Header\u001b[0m | \u001b[1;44mNo X-Content-Type-Options\u001b[0m "]
[14.198093, "o", " |\r\n| | is not set | Header has been detected in |"]
[14.198117, "o", "\r\n| | | "]
[14.198139, "o", "HTTP Response. |\r\n| \u001b[1;44mLow\u001b[0m | \u001b[1;44mX-Frame-Options Header is not\u001b[0m "]
[14.198167, "o", " | \u001b[1;44mNo X-Frame-Options Header\u001b[0m |\r\n| | "]
[14.198185, "o", "set | has been detected in HTTP |\r\n| "]
[14.198208, "o", " | | Response. |"]
[14.198233, "o", "\r\n+------------+--------------------------------+--------------------------------+\r\n\u001b[31mWarning: Critical vulnerabilities detected!\u001b[0m\r\n"]
[14.199015, "o", "\u001b[1m\u001b[7m%\u001b[27m\u001b[1m\u001b[0m \r \r"]
[14.199086, "o", "\u001b]2;manu@manu-pc:~\u0007\u001b]1;~\u0007"]
[14.207592, "o", "\r\u001b[0m\u001b[27m\u001b[24m\u001b[J\u001b[39m\u001b[0m\u001b[49m\u001b[40m\u001b[39m manu@manu-pc \u001b[44m\u001b[30m\u001b[30m ~ \u001b[49m\u001b[34m\u001b[39m \u001b[K"]
[14.207646, "o", "\u001b[?1h\u001b="]
[14.207676, "o", "\u001b[?2004h"]
[16.276961, "o", "\u001b[?2004l\r\r\n"]
Binary file added demo.gif
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 09c930c

Please sign in to comment.