🌐

Subdomain Enumeration

50 checks

0/50

• Use subfinder for passive subdomain enumeration
• Use amass for deep subdomain discovery with OSINT integration
• Use assetfinder to find subdomains from various data sources
• Use Findomain for fast subdomain enumeration with certificate transparency
• Use knockpy for subdomain enumeration with DNS zone transfer checks
• Use DNSdumpster for DNS recon and visual subdomain mapping
• Query crt.sh certificate transparency logs for subdomain enumeration
• Use SecurityTrails API for historical and current DNS records
• Use wayback machine CDX API for discovering old subdomains
• Use VirusTotal domain report for subdomain enumeration from passive DNS
• Use Shodan for subdomain and open port discovery via internet scanning
• Use Censys for certificate-based subdomain discovery at scale
• Use Facebook CT logs (ct.facebook.com) for certificate transparency search
• Use Google dorking: site:target.com -www to find subdomains
• Use Bing dorking: site:target.com for additional subdomain results
• Use Yahoo and DuckDuckGo for subdomain search engine diversity
• Perform DNS brute force with dnsrecon or dnscan using wordlists
• Use massdns for fast DNS resolution of discovered subdomains
• Check for wildcard DNS responses to filter false positive subdomains
• Attempt DNS zone transfer (AXFR) on all authoritative nameservers
• Enumerate subdomains from JavaScript files on the main domain
• Extract subdomains from SPF records via include mechanisms
• Extract subdomains from DMARC aggregate reports (rua tag)
• Use Google Transparency Report for certificate search
• Check for subdomain takeover vulnerability on all discovered subdomains
• Verify DNSSEC configuration and look for misconfigurations
• Use nmap DNS brute script for additional subdomain enumeration
• Check for dangling CNAME records pointing to expired services
• Look for internal IP address leaks in DNS records
• Use sublist3r with all search engine modules enabled
• Check for subdomains in robots.txt and sitemap.xml files
• Search GitHub/GitLab repositories for subdomain references in code
• Check Stack Overflow and developer forums for subdomain leaks
• Use Chaos dataset from ProjectDiscovery for community subdomains
• Check for subdomains embedded in Android/iOS app APKs/IPAs
• Use Rapid7 Open Data (Project Sonar) for forward DNS lookup
• Enumerate cloud subdomains (AWS S3, Azure Blob, GCP Storage)
• Check for subdomains leaked in email headers (SPF/DKIM/DMARC)
• Use Recon.dev API for subdomain enumeration from recon data
• Check for Punycode/IDN subdomain variants for homograph attacks
• Search for subdomains in Internet Archive Wayback CDX API
• Look for subdomains in technology detection tools (Wappalyzer)
• Use BufferOver.run for subdomain data from Rapid7 Sonar
• Check for subdomains in Common Crawl data index
• Use DNSrecon for SRV record enumeration
• Check for subdomains via HTTP certificate parsing (openssl s_client)
• Use CertSpotter API for certificate transparency monitoring
• Search for subdomains in FOFA search engine
• Check for subdomains in ZoomEye search engine
• Use DorkAssistant for automated Google dork subdomain enumeration

🌐

Port Scanning & Service Enumeration

50 checks

0/50

• Run nmap TCP SYN scan on all 65535 ports for complete coverage
• Use masscan for ultra-fast port scanning across large IP ranges
• Use rustscan for fast port discovery with automatic nmap integration
• Run nmap UDP scan on common ports (53, 67, 68, 123, 161, 500, 514)
• Use nmap service version detection (-sV) on all discovered open ports
• Use nmap OS detection (-O) when ICMP is allowed
• Run nmap default script scan (-sC) for vulnerability detection scripts
• Use unicornscan for asynchronous port scanning with speed benefits
• Check for services on non-standard ports (HTTP on 8080, 8443, 8000)
• Scan for hidden admin ports (10000 Webmin, 20000 Usermin, 30000)
• Use naabu for fast port scanning with SYN and CONNECT mode support
• Enumerate services behind load balancers with multiple scan passes
• Check for IPv6 addresses and run port scans on IPv6 interfaces
• Use nmap timing templates (T0-T5) based on stealth requirements
• Run nmap with fragmentation and decoy options for IDS evasion
• Check for port knocking sequences on filtered ports
• Identify proxy services (Squid on 3128, SOCKS on 1080, CCProxy on 808)
• Enumerate database ports (3306 MySQL, 5432 PostgreSQL, 1433 MSSQL, 27017 MongoDB)
• Check for Redis on port 6379 with unauthenticated access enabled
• Check for Elasticsearch on port 9200 with unauthorized read access
• Check for Memcached on port 11211 with unauthenticated access
• Scan for Docker API on port 2375/2376 for unauthenticated access
• Scan for Kubernetes API on port 6443/8443 for cluster access
• Check for RDP on port 3389 with weak or no NLA enforcement
• Check for SSH on port 22 and non-standard ports with default creds
• Check for FTP on port 21 with anonymous login enabled
• Check for SMTP on port 25 for open relay misconfiguration
• Check for SNMP on port 161 with default community strings (public/private)
• Identify load balancers (F5, HAProxy, Nginx) via server headers
• Check for VNC on port 5900+ without authentication requirement
• Enumerate RPC services on port 111 with rpcinfo
• Check for WebDAV on common ports for file management access
• Scan for Jenkins on port 8080/8443 for CI/CD access
• Check for GitLab on port 80/443/8080 for repository access
• Look for Jupyter notebooks on port 8888 with no authentication
• Check for Spark UI on port 4040/8080/8081 for cluster info
• Enumerate Hadoop services on ports 50070/8088/19888 for big data
• Check for Consul on port 8500 for service discovery access
• Check for etcd on port 2379 for key-value store access
• Check for ZooKeeper on port 2181 for distributed coordination access
• Check for Apache Kafka on port 9092 for message broker access
• Check for RabbitMQ on port 5672/15672 for message queue access
• Check for ActiveMQ on port 61616/8161 for JMS access
• Check for Nagios on port 5666/80 for monitoring dashboard access
• Check for Zabbix on port 10050/10051 for monitoring access
• Check for Puppet on port 8140 for configuration management access
• Check for Ansible Tower on port 443 for automation access
• Check for TeamCity on port 8111 for CI/CD access
• Check for Bamboo on port 8085 for CI/CD access
• Check for SonarQube on port 9000 for code quality dashboard access

🌐

Technology Fingerprinting

40 checks

0/40

• Use Wappalyzer browser extension for technology stack detection
• Use whatweb for command-line technology fingerprinting at scale
• Use webanalyze (Go-based Wappalyzer) for fast batch fingerprinting
• Check HTTP response headers for server version disclosure (Server, X-Powered-By)
• Check X-Powered-By header for backend technology identification
• Analyze cookies for framework indicators (PHPSESSID, JSESSIONID, ASP.NET_SessionId)
• Check for framework-specific meta tags and generator tags in HTML
• Identify CMS using WPScan (WordPress), Joomscan (Joomla), Droopescan (Drupal)
• Detect JavaScript frameworks via source code analysis (React, Angular, Vue)
• Check for React indicators (__NEXT_DATA__, _reactRootContainer)
• Check for Angular indicators (ng-version, ng-app, _nghost)
• Check for Vue.js indicators (__vue__, data-v- attributes)
• Identify backend language from error messages and file extensions
• Check for Cloudflare CDN via cf-ray headers and DNS resolution
• Identify hosting provider from IP WHOIS data and ASN lookup
• Use BuiltWith API for detailed technology profiling and history
• Check for WAF using wafw00f or wappalyzer WAF detection
• Identify CDN provider via CNAME records (cdn, edge, cloudfront)
• Check for specific CMS version via readme.html, changelog files
• Use fingerprintx for service fingerprinting on open ports
• Detect API gateway from response headers (X-Request-ID, X-Amzn-Trace)
• Identify GraphQL endpoint via introspection query
• Check for Swagger/OpenAPI documentation at /swagger-ui/, /api-docs/
• Detect GraphQL Playground or GraphiQL interface at /graphql
• Check for WordPress REST API at /wp-json/wp/v2/
• Identify Laravel via /telescope, /_debugbar, /horizon endpoints
• Check for Django admin at /admin/ or /django-admin/ login panel
• Detect Rails via specific cookie naming (app_session) and headers
• Check for Spring Boot actuator endpoints (/actuator/health, /actuator/env)
• Identify ASP.NET via viewstate and event validation hidden fields
• Check for PHP via X-Powered-By: PHP header and .php extensions
• Detect Node.js via X-Powered-By: Express header
• Check for Next.js via __NEXT_DATA__ script tag and build ID
• Check for Nuxt.js via __NUXT__ script tag and data attributes
• Identify Gatsby via gatsby-script and ___graphql endpoint
• Check for Svelte via class:svelte-xxx data attributes
• Detect Ember.js via meta name=ember-cli and script tags
• Check for Meteor via __meteor_runtime_config__ script
• Identify Flask via specific cookie naming and Werkzeug headers
• Detect FastAPI via /docs (Swagger UI) and /redoc endpoints

🌐

Content & URL Discovery

50 checks

0/50

• Use ffuf for fast directory and file fuzzing with recursive mode
• Use gobuster for directory/file brute forcing with multiple threads
• Use dirsearch for recursive directory scanning with extensions
• Use feroxbuster for recursive content discovery with smart filtering
• Check for robots.txt and analyze all disallowed entries for hidden paths
• Check for sitemap.xml for hidden URLs and site structure information
• Check for .well-known/ directory (security.txt, assetlinks.json, change-password)
• Look for backup files (.bak, .old, .orig, .save, .swp, .tmp)
• Check for configuration files (.env, .htaccess, .htpasswd, web.config, app.config)
• Look for source code repositories (.git, .svn, .hg, .bzr directories)
• Check for exposed .git directory (HEAD, config, index, objects)
• Search for .DS_Store files for macOS directory listing information
• Check for WP-config.php, config.php, database.yml, settings.py exposure
• Look for backup archives (.zip, .tar.gz, .rar, .7z, .bak.zip)
• Search for log files (error.log, access.log, debug.log, application.log)
• Check for debug endpoints (/debug, /trace, /status, /healthz, /info)
• Look for test files (test.php, test.html, info.php, phpinfo.php)
• Check for API documentation (/api-docs, /swagger, /redoc, /graphql)
• Look for admin panels (/admin, /administrator, /manager, /cpanel, /backend)
• Check for phpMyAdmin (/phpmyadmin, /pma, /dbadmin, /mysql)
• Look for CMS admin (/wp-admin, /wp-login.php, /administrator/index.php)
• Check for staging/dev environments on subdomains (dev., staging., test.)
• Search for publicly accessible Google Docs/Sheets with sensitive data
• Use waybackurls for historical URL discovery from Wayback Machine
• Use gau for fetching URLs from AlienVault, Wayback, Common Crawl
• Extract all URLs and endpoints from JavaScript files systematically
• Check for .env file exposure with database credentials and API keys
• Look for docker-compose.yml and Dockerfile exposure in root directory
• Check for package.json, composer.json, requirements.txt exposure
• Search for .htpasswd files with credential exposure
• Look for database dump files (.sql, .db, .sqlite, .mdb)
• Check for Jenkins script console access at /script endpoint
• Look for exposed Grafana dashboards at /grafana/ or :3000
• Check for Prometheus metrics endpoint at /metrics
• Look for Kibana dashboard on port 5601 with no auth
• Check for Airflow web UI on port 8080 with DAG access
• Look for RabbitMQ management on port 15672 with default creds
• Check for Solr admin on port 8983 with core access
• Look for MinIO console on port 9001 with bucket listing
• Check for Apache Tomcat manager at /manager/html
• Look for JBoss admin console at /admin-console/
• Check for WebLogic admin at /console/ with default creds
• Look for IBM WebSphere admin at /ibm/console/
• Check for Confluence admin at /admin/ with default credentials
• Look for Jira admin at /secure/admin/ with default credentials
• Check for exposed .well-known/openid-configuration
• Look for .well-known/oauth-authorization-server
• Check for .well-known/assetlinks.json for Android app linking
• Look for .well-known/apple-app-site-association for iOS universal links
• Check for .well-known/security.txt for security contact information

🌐

Link & Parameter Discovery

40 checks

0/40

• Use katana for comprehensive web crawling and URL discovery
• Use hakrawler for fast web crawling with depth control
• Use Burp Suite spider for comprehensive site mapping
• Extract all links from JavaScript files using LinkFinder tool
• Extract API endpoints from JS files using JSParser analysis
• Use paramspider for parameter discovery from historical data
• Find hidden parameters with arjun for HTTP parameter discovery
• Check for path-based parameters in URL paths
• Analyze JavaScript for API routes and hidden parameters
• Check for URL fragments and hash-based routing (#/path)
• Discover WebSocket endpoints and real-time connections
• Look for Server-Sent Events (SSE) endpoints for streaming data
• Find polling endpoints and long-polling connections for real-time
• Check for microservices architecture with multiple API gateways
• Discover internal API documentation in JS source map files
• Extract variables and constants from minified JavaScript
• Check for sourcemap files (.map) for original source code access
• Analyze Angular/React/Vue compiled templates for route definitions
• Check for REST API versioning (/v1/, /v2/, /v3/)
• Look for GraphQL schema via introspection queries
• Discover SOAP WSDL endpoints (?wsdl, ?WSDL, ?xsd)
• Check for XML-RPC endpoints (/xmlrpc.php)
• Find form action URLs and hidden form field parameters
• Analyze AJAX calls in browser developer tools network tab
• Check for iframe and embed source URLs for cross-origin content
• Discover image/asset CDN URLs for additional attack surface
• Look for OAuth/OpenID configuration endpoints at /.well-known/
• Check for SAML metadata endpoints for federation config
• Find callback/redirect URLs in authentication flows
• Analyze postMessage handlers for cross-origin communication
• Check for URL parameters in Referer headers of outgoing links
• Look for email templates with parameterized URLs
• Check for webhooks with configurable callback URLs
• Discover file upload endpoints and their accepted parameters
• Check for export/download endpoints with configurable output
• Look for search endpoints with filter/sort parameters
• Check for pagination parameters (page, offset, limit, cursor)
• Discover batch/bulk operation endpoints
• Check for admin/debug endpoints from JS route definitions
• Look for WebSocket message format from JS analysis

🌐

Password & Credential Attacks

40 checks

0/40

• Test for weak password policies (minimum length, complexity requirements)
• Test for default credentials on admin panels and services
• Check for common passwords (admin/admin, root/root, test/test)
• Test password reset flow for token predictability or entropy issues
• Check if password reset token is sent in URL (GET parameter leakage)
• Test password reset for email enumeration via different server responses
• Check if old password is required when changing password
• Test for password reuse policies and enforcement
• Check for credential stuffing vulnerability (absence of rate limiting)
• Test brute force protection on login endpoints with automation
• Check for account lockout mechanism and its threshold
• Test if account lockout can be used for user enumeration attacks
• Check if passwords are stored in plaintext or reversible encryption
• Test for password length limit causing truncation attacks
• Check for Unicode normalization issues in password handling
• Test password field for SQL injection vulnerabilities
• Check if passwords are always transmitted over HTTPS
• Test for password stored in browser autocomplete (autocomplete=on)
• Check for password stored in localStorage/sessionStorage (JavaScript)
• Test for multi-factor authentication bypass via direct endpoint access
• Check if 2FA can be bypassed by directly accessing post-authentication pages
• Test 2FA brute force on OTP verification codes
• Check if 2FA code is predictable or follows sequential patterns
• Test 2FA code reuse (same code works multiple times within validity)
• Check if backup/recovery codes are generated with sufficient entropy
• Test if 2FA can be disabled without current 2FA verification
• Check for SMS interception vulnerability in 2FA implementation
• Test for 2FA bypass via response manipulation (changing status code)
• Check if 2FA is enforced for all sensitive account actions
• Test for rate limiting on 2FA verification endpoint
• Test for password reset token expiration and single-use enforcement
• Check for password reset with different user email (account takeover)
• Test for password complexity bypass via encoding or special chars
• Check for password maximum length DoS (extremely long password)
• Test for timing attack on password comparison function
• Check for password pepper usage in hash computation
• Test for simultaneous login from multiple locations policy
• Check for credential rotation policy enforcement
• Test for password manager field detection (autocomplete=new-password)
• Check for CAPTCHA bypass on login/password reset forms

🌐

Session Management

40 checks

0/40

• Test session token randomness and predictability using entropy analysis
• Check session token length (should be at least 128 bits / 16 bytes)
• Test for session fixation vulnerability (session ID not rotating after login)
• Check if session ID changes after successful login
• Test if session is properly invalidated after logout
• Check session timeout configuration (idle and absolute session expiry)
• Test for concurrent session control (multiple simultaneous sessions)
• Check if session tokens are properly invalidated on password change
• Test for session token in URL query string (information disclosure)
• Check Secure flag on session cookies (HTTPS only transmission)
• Check HttpOnly flag on session cookies (no JavaScript access)
• Check SameSite attribute on session cookies (Lax or Strict)
• Test for cookie injection via CRLF injection in headers
• Check session cookie domain scope (should not be too broad)
• Check session cookie path scope (should be as narrow as possible)
• Test for session hijacking via XSS vulnerability exploitation
• Check if sessions are bound to client IP address
• Test if sessions are bound to User-Agent header
• Check for session token disclosure in server access logs
• Test for session token disclosure in Referer header to external sites
• Test for JWT token security (algorithm, signing, expiry claims)
• Test JWT for 'none' algorithm bypass vulnerability
• Test JWT for algorithm confusion attack (RS256 to HS256 switch)
• Check JWT secret key strength against brute force attacks
• Test JWT token expiration (exp claim) and not-before (nbf claim)
• Check JWT for sensitive data exposure in payload
• Test JWT for jku/x5u header parameter injection
• Test JWT for kid parameter injection (SQL injection, path traversal)
• Check JWT for claim manipulation and privilege escalation
• Test for JWT token revocation mechanism existence
• Check if refresh tokens are securely stored and properly rotated
• Test for session token in WebSocket upgrade handshake
• Check for CSRF token tied to session for double-submit validation
• Test for session token regeneration on privilege level change
• Check for session storage security (server-side vs client-side)
• Test for session fixation via Set-Cookie in login response
• Check for session token in POST body (should be cookie/header)
• Test for session migration between HTTP and HTTPS
• Check for session token predictability across different user accounts
• Test for session cookie prefix (__Host- and __Secure- usage)

🌐

OAuth & SSO Testing

30 checks

0/30

• Test OAuth 2.0 authorization code flow for CSRF (missing state parameter)
• Check state parameter presence and proper validation in OAuth flow
• Test redirect_uri validation for bypass (path traversal, subdomain)
• Check for open redirect vulnerability via redirect_uri parameter
• Test OAuth token leakage in Referer header after redirect
• Check for implicit grant token exposure in URL fragment
• Test OAuth scope escalation (requesting higher scopes than authorized)
• Check for authorization code reuse across sessions
• Test PKCE implementation for native/mobile application security
• Check client_secret exposure in public clients (JavaScript, mobile)
• Test for OAuth token exchange and delegation attacks
• Check SAML assertion security for XML injection
• Test SAML for XML signature wrapping attacks
• Test SAML for assertion replay attacks
• Check SAML for XSLT injection in transformation
• Test OpenID Connect id_token signature validation
• Check for OpenID Connect nonce parameter validation
• Test for OpenID Connect token substitution between users
• Check for SSO session persistence across different applications
• Test for SSO logout across all federated applications
• Check for IdP-initiated SSO authentication request attacks
• Test for SAML comment injection in NameID element
• Check for Kerberos delegation and constrained delegation attacks
• Test for NTLM relay attacks in SSO authentication
• Check for LDAP injection in SSO login form
• Test OAuth 2.0 client credentials grant for impersonation
• Check for OAuth refresh token rotation and reuse prevention
• Test for OAuth token binding to client (mTLS or DPoP)
• Check for OAuth PKCE downgrade attack (code_verifier removal)
• Test for OAuth redirect_uri mismatch between authorization and token endpoints

🌐

Login & Registration Bypass

30 checks

0/30

• Test login for username/email enumeration via response timing differences
• Test login with SQL injection in username and password fields
• Test for NoSQL injection in authentication endpoints
• Check for LDAP injection in enterprise authentication
• Test for authentication bypass via parameter tampering (role=admin)
• Test for authentication bypass via HTTP method switching (GET vs POST)
• Check for authentication bypass via forceful browsing to authenticated pages
• Test for broken authentication in password reset mechanism
• Check for registration with duplicate email/username handling
• Test for email verification bypass (direct account activation)
• Test for account takeover via email change without current email verification
• Check for account takeover via phone number change without verification
• Test for mass assignment in registration endpoint (role, isAdmin)
• Check for privilege escalation during user registration
• Test for X-Forwarded-For bypass of IP-based rate limiting
• Test for X-Original-URL bypass of authentication middleware
• Check for authentication bypass via URL path manipulation (/api/v1/ vs /api/v2/)
• Test for HTTP parameter pollution in authentication endpoints
• Check for authentication via API key in URL query string
• Test for timing attack on authentication comparison function
• Test for CAPTCHA bypass in registration and login forms
• Check for account creation without email verification
• Test for disposable email acceptance in registration
• Check for weak password reset questions (easily guessable answers)
• Test for registration with long username/password for buffer overflow
• Check for email bomb via repeated registration verification emails
• Test for account lockout bypass via different email case sensitivity
• Check for authentication bypass via null byte in username
• Test for Unicode case mapping confusion in username comparison
• Check for registration with admin-impersonating email format

🌐

IDOR (Insecure Direct Object Reference)

25 checks

0/25

• Test for IDOR in URL path parameters (/users/123/profile)
• Test for IDOR in query parameters (?user_id=123&doc;_id=456)
• Test for IDOR in POST body parameters (user_id in form data)
• Test for IDOR in JSON request body ({"user_id": 123})
• Test for IDOR in HTTP headers (X-User-Id, X-Account-Id, X-Requester-Id)
• Test for IDOR with UUID vs sequential integer identifiers
• Test for IDOR with encoded parameters (base64, URL encoding, hex)
• Test for IDOR across different user roles (admin vs user vs guest)
• Test for IDOR in file download/upload endpoints
• Test for IDOR in API endpoints with different HTTP methods (GET/PUT/DELETE)
• Test for IDOR by modifying cookie values (user_id cookie)
• Test for IDOR in WebSocket messages and real-time communication
• Test for IDOR in batch/bulk operations (multiple resource access)
• Test for IDOR with parameter addition (adding user_id to existing request)
• Test for IDOR with wrapping IDs (negative numbers, zero, MAX_INT)
• Test for IDOR with other user's UUID/GUID discovered via info leak
• Test for IDOR in search and filter parameters
• Test for IDOR in pagination parameters (offset, cursor)
• Test for IDOR in nested objects (user.profile.id, order.item.id)
• Test for IDOR across different applications in same organization
• Test for IDOR in receipt/invoice access by sequential numbers
• Test for IDOR in messaging/comment endpoints
• Test for IDOR in notification subscription endpoints
• Test for IDOR in API key-scoped resources
• Test for IDOR with different API versions (v1 vs v2)

🌐

Privilege Escalation

25 checks

0/25

• Test vertical privilege escalation (normal user to admin access)
• Test horizontal privilege escalation (user A accessing user B data)
• Test for role manipulation in request parameters (role=admin)
• Test for role manipulation in JWT claims (role, scope, groups)
• Test for role manipulation in session cookies
• Check if admin endpoints are properly protected with authorization
• Test for privilege escalation via mass assignment (isAdmin: true)
• Check if user role can be changed via profile update endpoint
• Test for privilege escalation via API parameter tampering
• Test for privilege escalation via feature flag manipulation
• Check for insecure direct access to admin functionality via URL
• Test for privilege escalation via GraphQL mutations
• Test for privilege escalation via race condition in role assignment
• Check for broken access control in multi-tenant applications
• Test for privilege escalation via group/team membership change
• Test for bypass of role-based access via URL encoding tricks
• Check for improper authorization at API gateway level
• Test for privilege escalation via HTTP method override header
• Test for privilege escalation via content-type switching
• Check for inconsistent authorization between UI and API layers
• Test for privilege escalation via organization ID manipulation
• Check for privilege escalation via feature toggle API
• Test for privilege escalation via backup/restore functionality
• Check for privilege escalation via import/export with role data
• Test for privilege escalation via shared resource access

🌐

Path Traversal & File Access

25 checks

0/25

• Test for directory traversal with ../ sequences in URL parameters
• Test for directory traversal with ..\ sequences for Windows servers
• Test for directory traversal with URL encoding (%2e%2e%2f)
• Test for directory traversal with double URL encoding (%252e%252e%252f)
• Test for directory traversal with Unicode encoding (..%c0%af)
• Test for directory traversal with null byte injection (%00.json)
• Test for directory traversal on Windows with ..\..\Windows\
• Test for path traversal via file download endpoints
• Test for path traversal via file upload destination manipulation
• Test for path traversal in image/file processing endpoints
• Check for /proc/self/environ access via path traversal on Linux
• Check for /etc/passwd access via path traversal on Linux
• Check for /etc/shadow access via path traversal on Linux
• Test for path traversal in archive extraction (zip slip vulnerability)
• Test for path traversal in symlink following operations
• Check for absolute path access in file operations (/etc/hosts)
• Test for path traversal bypass with ....// sequences
• Test for path traversal with nested encoding variations
• Check for path traversal in S3/cloud storage key parameters
• Test for path traversal in PDF generation endpoints
• Test for path traversal in template rendering with file inclusion
• Check for path traversal in log file viewing functionality
• Test for path traversal in configuration file loading
• Check for path traversal in backup file download feature
• Test for path traversal with custom encoding schemes

🌐

SQL Injection

30 checks

0/30

• Test for SQL injection in all input fields with single quote (')
• Test for SQL injection in URL parameters with OR 1=1 payloads
• Test for SQL injection in HTTP headers (Cookie, User-Agent, Referer, X-Forwarded-For)
• Test for UNION-based SQL injection with column count detection
• Test for error-based SQL injection using database-specific functions
• Test for blind SQL injection with boolean conditions (AND 1=1 vs AND 1=2)
• Test for blind SQL injection with time delays (SLEEP, WAITFOR, pg_sleep)
• Test for out-of-band SQL injection with DNS/HTTP exfiltration
• Test for SQL injection in ORDER BY clause with conditional expressions
• Test for SQL injection in LIMIT/OFFSET clause
• Test for SQL injection in INSERT statements via registration forms
• Test for SQL injection in UPDATE statements via profile update
• Test for SQL injection in DELETE statements via record deletion
• Test for second-order SQL injection (stored injection payloads)
• Test for SQL injection with stacked queries using semicolons
• Test for WAF bypass with SQL comments (/*!50000SELECT*/, --+, #)
• Test for WAF bypass with case variation (SeLeCt, UnIoN)
• Test for WAF bypass with URL encoding of SQL keywords
• Test for WAF bypass with double URL encoding
• Test for WAF bypass with Unicode/HTML entity encoding
• Test for SQL injection in stored procedures and functions
• Test for SQL injection in LIKE clause with wildcards
• Test for SQL injection in IN clause with subquery
• Test for SQL injection with JSON parameters in modern APIs
• Test for SQL injection in GraphQL query arguments
• Test for MySQL-specific SQL injection (information_schema, load_file)
• Test for PostgreSQL-specific SQL injection (pg_read_file, dblink)
• Test for MSSQL-specific SQL injection (xp_cmdshell, OPENROWSET)
• Test for Oracle-specific SQL injection (UTL_HTTP, DBMS_LOB)
• Test for SQLite-specific SQL injection (sqlite_master, ATTACH)

🌐

Cross-Site Scripting (XSS)

40 checks

0/40

• Test for reflected XSS in all URL parameters with basic payloads
• Test for stored XSS in user-generated content fields (comments, posts)
• Test for DOM-based XSS in client-side JavaScript code
• Test for XSS in URL parameters reflected in page content
• Test for XSS in HTTP headers reflected in response (User-Agent)
• Test for XSS in file upload filenames displayed on the page
• Test for XSS in SVG file uploads with embedded JavaScript
• Test for XSS in Markdown/HTML content rendering (WYSIWYG bypass)
• Test for XSS via server-side template injection (SSTI to XSS)
• Test for XSS with different event handlers (onerror, onload, onclick, onmouseover)
• Test for XSS with JavaScript pseudo-protocol (javascript:alert(1))
• Test for XSS with data URI scheme (data:text/html,alert(1))
• Test for XSS with SVG/XML content type and namespace confusion
• Test for XSS bypass with HTML entity encoding
• Test for XSS bypass with Unicode encoding variations
• Test for XSS bypass with CSS expression() for old IE browsers
• Test for XSS in JSON responses (JSON injection to HTML context)
• Test for XSS in error messages that reflect user input
• Test for XSS via iframe injection with srcdoc attribute
• Test for XSS via base tag injection to hijack relative URLs
• Test for XSS via form action injection to steal credentials
• Test for XSS via meta refresh redirect to malicious page
• Test for XSS in AngularJS sandbox escape ({{constructor.constructor}})
• Test for XSS in Vue.js template injection ({{constructor}})
• Test for XSS in React dangerouslySetInnerHTML prop usage
• Test for Mutation XSS (mXSS) in DOMPurify/library bypass
• Test for XSS in email content if application renders HTML emails
• Test for Blind XSS via XSS Hunter or similar callback service
• Test for self-XSS that can be chained with other vulnerabilities
• Test for XSS in PDF generation endpoints that render HTML
• Test for XSS with different encoding (UTF-7, UTF-16)
• Test for XSS in MathML tag injection
• Test for XSS with template literals in JavaScript
• Test for XSS in href attribute with javascript: protocol
• Test for XSS via object tag with data attribute
• Test for XSS in embed tag with src attribute
• Test for XSS with event handler in style attribute
• Test for XSS via injection into CSS @import
• Test for XSS with SVG animate/set elements
• Test for XSS with HTML5 autofocus attribute

🌐

Server-Side Request Forgery (SSRF)

30 checks

0/30

• Test for SSRF in URL parameters that fetch remote resources
• Test for SSRF in file import endpoints (import from URL feature)
• Test for SSRF in webhook URL configuration
• Test for SSRF in PDF generator endpoints with external images
• Test for SSRF in image processing endpoints (fetch from URL)
• Test for SSRF in SVG file import with external references
• Test for SSRF with internal IP addresses (127.0.0.1, 10.x.x.x, 192.168.x.x)
• Test for SSRF with cloud metadata endpoints (169.254.169.254)
• Test for SSRF with DNS rebinding technique for filter bypass
• Test for SSRF with redirect-based bypass via 302 redirects
• Test for SSRF with URL encoding bypass of IP restrictions
• Test for SSRF with IPv6 addresses (::1, ::ffff:127.0.0.1)
• Test for SSRF with decimal IP representation (2130706433 for 127.0.0.1)
• Test for SSRF with octal IP representation (0177.0.0.1 for 127.0.0.1)
• Test for SSRF with IPv6 mapped IPv4 addresses (0:0:0:0:0:ffff:7f00:1)
• Test for SSRF filter bypass with alternate encoding schemes
• Test for SSRF via DNS rebinding to internal IP addresses
• Test for blind SSRF via out-of-band DNS/HTTP interaction
• Test for SSRF in PDF export with embedded resource URLs
• Test for SSRF via HTTP method override technique
• Test for SSRF with fragmented URLs for parser confusion
• Test for SSRF with URL parser differences between libraries
• Test for SSRF to read local files via file:// protocol
• Test for SSRF to read cloud metadata (AWS/Azure/GCP metadata API)
• Test for SSRF to access internal Kubernetes services (https://kubernetes)
• Test for SSRF with @ symbol in URL for authentication bypass
• Test for SSRF via URL path truncation technique
• Test for SSRF in SVG font-face URI for external resource loading
• Test for SSRF in XML external entity processing (XXE to SSRF)
• Test for SSRF with HTTP/HTTPS protocol switching bypass

🌐

Server-Side Template Injection (SSTI)

25 checks

0/25

• Test for SSTI with {{7*7}} expression in input fields
• Test for SSTI with ${7*7} expression in input fields
• Test for SSTI with <%= 7*7 %> expression in input fields
• Test for SSTI with #{7*7} expression in input fields
• Test for Jinja2 template injection (Python Flask/Django)
• Test for Twig template injection (PHP Symfony)
• Test for Freemarker template injection (Java Spring)
• Test for Velocity template injection (Java)
• Test for Mako template injection (Python)
• Test for ERB (Ruby) template injection
• Test for Thymeleaf template injection (Java Spring)
• Test for Pebble template injection (Java)
• Test for Handlebars template injection (JavaScript)
• Test for Dust.js template injection (JavaScript)
• Test for Angular template injection ({{constructor}})
• Test for Vue.js template injection ({{_context}})
• Test for SSTI RCE via Python object traversal (MRO chain)
• Test for SSTI file read via template injection payloads
• Test for SSTI with sandbox escape techniques per engine
• Test for SSTI in email template rendering functionality
• Test for SSTI in PDF generation template systems
• Test for SSTI in report generation with user-controlled input
• Test for SSTI in search functionality with template rendering
• Test for SSTI in error page rendering with reflected input
• Test for blind SSTI with out-of-band DNS/HTTP interaction

🌐

OS Command Injection

25 checks

0/25

• Test for OS command injection with semicolons (; id)
• Test for OS command injection with pipe (| id)
• Test for OS command injection with backticks (`id`)
• Test for OS command injection with $() syntax ($(id))
• Test for OS command injection with newline characters (%0aid)
• Test for OS command injection with && and || operators
• Test for blind OS command injection with time delays (sleep 5)
• Test for blind OS command injection with DNS interaction (nslookup)
• Test for blind OS command injection with HTTP callback (curl/wget)
• Test for OS command injection in file upload filename parameters
• Test for OS command injection in image processing (ImageMagick)
• Test for OS command injection in PDF generation tools
• Test for OS command injection in ping/traceroute features
• Test for OS command injection in DNS lookup features
• Test for OS command injection with WAF bypass techniques
• Test for OS command injection with input encoding bypass
• Test for OS command injection with parameter expansion ($IFS)
• Test for OS command injection in backup/restore features
• Test for OS command injection in cron job parameter inputs
• Test for OS command injection in email header parameters
• Test for OS command injection with environment variable manipulation
• Test for OS command injection with path traversal in binary name
• Test for OS command injection via log injection for log processing
• Test for OS command injection in archive extraction (zip)
• Test for OS command injection with Unicode normalization tricks

🌐

NoSQL Injection

20 checks

0/20

• Test for MongoDB injection with $gt, $ne, $regex operators
• Test for NoSQL injection in JSON body parameters
• Test for NoSQL injection with $where operator for JavaScript execution
• Test for NoSQL injection with $lookup operator for data access
• Test for NoSQL injection in array parameter format (param[]=value)
• Test for NoSQL operator injection ($gt: '' for authentication bypass)
• Test for NoSQL authentication bypass with $ne operator
• Test for NoSQL boolean-based blind injection via response differences
• Test for NoSQL time-based blind injection with $where sleep
• Test for NoSQL injection in REST API JSON endpoints
• Test for CouchDB injection via view functions
• Test for Cassandra injection with CQL query manipulation
• Test for Redis injection via EVAL command execution
• Test for NoSQL injection in MongoDB ObjectID parameter
• Test for NoSQL injection with type confusion attacks
• Test for NoSQL injection with $expr operator for aggregation
• Test for NoSQL injection in MongoDB aggregate pipeline
• Test for NoSQL injection with $regex for data extraction
• Test for NoSQL injection in map-reduce functions
• Test for NoSQL injection with BSON type confusion

🌐

LDAP Injection

10 checks

0/10

• Test for LDAP injection in login forms with * wildcard
• Test for LDAP injection in search functionality with parentheses
• Test for LDAP injection with * wildcard for information disclosure
• Test for LDAP injection with () parentheses for query manipulation
• Test for LDAP injection with | and & operators for logic bypass
• Test for LDAP authentication bypass with )(cn=*))(|(cn=*
• Test for LDAP attribute enumeration via error-based injection
• Test for blind LDAP injection with boolean conditions
• Test for LDAP injection with backslash escape character
• Test for LDAP injection in directory search features

🌐

XML Injection & XXE

20 checks

0/20

• Test for XML External Entity (XXE) injection in XML input
• Test for XXE via file upload (SVG with external entity, DOCX/XLSX)
• Test for XXE via SOAP endpoints with XML message body
• Test for XXE via AJAX requests with XML content type
• Test for XXE with SYSTEM entity for local file reading
• Test for XXE with PUBLIC entity for file reading
• Test for XXE with parameter entities for out-of-band data
• Test for blind XXE with out-of-band DNS/HTTP interaction
• Test for blind XXE via DNS exfiltration technique
• Test for blind XXE via HTTP exfiltration technique
• Test for XXE in SAML assertions for SSO exploitation
• Test for XXE in SOAP WSDL parsing and processing
• Test for XXE in RSS/Atom feed parsing functionality
• Test for XXE bypass with UTF-16 encoding
• Test for XXE bypass with various encoding variations
• Test for XInclude injection in XML processing
• Test for XML injection for data manipulation attacks
• Test for XML bomb (billion laughs) DoS attack
• Test for XPath injection in XML-based applications
• Test for XSLT injection for remote code execution

🌐

Business Logic Vulnerabilities

20 checks

0/20

• Test for price manipulation in e-commerce checkout flow
• Test for quantity manipulation (negative quantities, zero quantity)
• Test for currency manipulation in payment flows (USD to IDR)
• Test for discount code reuse and stacking vulnerabilities
• Test for referral code manipulation and abuse for unlimited rewards
• Test for race condition in coupon/discount application timing
• Test for double spending in virtual currency and credit systems
• Test for bypass of payment step in checkout flow (direct confirmation)
• Test for interest rate manipulation in financial applications
• Test for transfer amount manipulation in banking applications
• Test for account balance bypass using negative amounts
• Test for unlimited resource creation (accounts, projects, invites)
• Test for bypass of upload limits and storage quotas
• Test for workflow bypass by skipping required steps
• Test for state machine manipulation to reach invalid states
• Test for post-payment action manipulation (refund exploitation)
• Test for trial period bypass via date manipulation
• Test for feature flag bypass via request parameter manipulation
• Test for subscription tier bypass via role manipulation
• Test for email/phone verification bypass in critical flows

🌐

Race Conditions

15 checks

0/15

• Test for race condition in balance transfer (concurrent requests)
• Test for race condition in coupon/discount code redemption
• Test for race condition in voting/liking mechanism
• Test for race condition in file upload duplicate creation
• Test for race condition in account creation with duplicate data
• Test for race condition in password reset token usage
• Test for race condition in gift card redemption
• Test for race condition in inventory reservation system
• Test for race condition with concurrent HTTP requests (Turbo Intruder)
• Test for race condition in email verification flow
• Test for race condition in 2FA verification code usage
• Test for race condition in session creation and authentication
• Test for race condition in API rate limiting bypass
• Test for race condition in database read-modify-write operations
• Test for race condition in distributed system consistency

🌐

CSRF (Cross-Site Request Forgery)

20 checks

0/20

• Test for CSRF in all state-changing requests (POST/PUT/DELETE)
• Check for CSRF token presence and proper validation in forms
• Test for CSRF token bypass by removing the token entirely
• Test for CSRF token reuse across different sessions
• Test for CSRF token predictability and entropy
• Check if CSRF token is tied to user session properly
• Test for CSRF via JSON content type with CORS bypass
• Test for CSRF via XML content type submission
• Test for CSRF with multipart/form-data encoding
• Test for CSRF in AJAX requests (X-Requested-With header)
• Test for CSRF in WebSocket connection establishment
• Check for SameSite cookie attribute on session cookies
• Test for login CSRF (forcing victim to authenticate as attacker)
• Test for CSRF in password change functionality
• Test for CSRF in email change functionality
• Test for CSRF bypass with custom headers (X-Forwarded-*)
• Test for CSRF bypass with HTTP method override (_method parameter)
• Check for Origin/Referer header validation implementation
• Test for CSRF in GraphQL mutation operations
• Test for CSRF in API endpoints without proper CORS restriction

🌐

CORS Misconfiguration

15 checks

0/15

• Test CORS with arbitrary Origin header for reflection
• Test CORS with null Origin for null origin bypass
• Test CORS with subdomain Origin for subdomain trust bypass
• Test CORS with Origin matching target domain for domain trust
• Check for Access-Control-Allow-Credentials: true with wildcard
• Test for CORS with domain suffix matching (.target.com)
• Test for CORS with domain prefix matching (target.com.evil.com)
• Check for insecure CORS patterns allowing regex bypass
• Test CORS with different HTTP methods and headers
• Test CORS with custom headers for preflight bypass
• Test for CORS trust for arbitrary subdomains
• Check for CORS with third-party domain whitelisting
• Test for CORS header reflection without proper validation
• Test for CORS origin validation bypass via encoding tricks
• Check for CORS in WebSocket upgrade requests

🌐

Clickjacking

10 checks

0/10

• Test for clickjacking with iframe embedding of target page
• Check for X-Frame-Options header presence and value
• Check for Content-Security-Policy frame-ancestors directive
• Test for X-Frame-Options bypass with framing in same origin
• Test for drag-and-drop clickjacking for data exfiltration
• Test for cursor-based clickjacking with hidden cursor
• Test for multi-step clickjacking requiring multiple clicks
• Test for clickjacking on sensitive action buttons
• Test for clickjacking on authentication flow pages
• Test for clickjacking with transparent iframes over decoy content

🌐

PostMessage Security

10 checks

0/10

• Test for insecure postMessage handlers without origin check
• Check if origin is properly validated in message event listeners
• Test for postMessage to window.parent with sensitive data
• Test for postMessage to wildcard origin (*)
• Test for postMessage data injection from external source
• Test for postMessage XSS via message content rendering
• Check if message source is validated in event handler
• Test for postMessage between different subdomains
• Test for postMessage in iframe communication channel
• Test for postMessage in browser extension communication

🌐

File Upload Vulnerabilities

20 checks

0/20

• Test for unrestricted file upload allowing any file type
• Test for file extension blacklist bypass with uncommon extensions
• Test for file extension whitelist bypass with double extensions
• Test for double extension bypass (file.php.jpg, file.jsp.png)
• Test for null byte in filename (file.php%00.jpg for bypass)
• Test for content-type manipulation to bypass extension checks
• Test for magic bytes manipulation to spoof file type detection
• Test for SVG file upload with embedded XSS payload
• Test for HTML file upload with JavaScript execution
• Test for server-side file inclusion via uploaded file path
• Test for file upload path traversal in destination directory
• Test for file upload race condition (access before validation)
• Test for polyglot file upload (valid image + malicious code)
• Test for ZIP bomb upload causing disk space exhaustion
• Test for file upload to cloud storage with public ACL access
• Test for image file upload with EXIF data containing XSS
• Test for file upload with oversized files for DoS
• Test for file upload with malicious metadata in documents
• Test for file upload in archive extraction (zip slip path traversal)
• Test for file upload with SVG containing XXE payload

🌐

File Download & Access

10 checks

0/10

• Test for arbitrary file download via path traversal parameter
• Test for directory listing on file storage directories
• Check if uploaded files are served with correct MIME type
• Test for Content-Disposition header on file downloads
• Check if file download requires proper authentication
• Test for file download with IDOR (accessing other users' files)
• Test for file download via direct cloud storage URL access
• Check for sensitive file exposure (backup, config, log files)
• Test for file download with symlink following vulnerability
• Test for file download in PDF generation from user content

🌐

TLS/SSL Configuration

20 checks

0/20

• Test for SSL/TLS version (should be TLS 1.2+, reject TLS 1.0/1.1)
• Check for weak cipher suites (RC4, DES, 3DES, export ciphers)
• Test for POODLE vulnerability (SSLv3 fallback)
• Test for BEAST vulnerability (TLS 1.0 CBC mode)
• Test for CRIME/BREACH vulnerability (TLS compression)
• Test for Heartbleed vulnerability (OpenSSL heartbeat)
• Check for HSTS header presence and max-age configuration
• Test for certificate validity, chain, and expiration
• Check for wildcard certificate scope and potential abuse
• Test for mixed content on HTTPS pages (HTTP resources)
• Test for insecure cookies transmitted over HTTP
• Check for proper certificate revocation (CRL/OCSP stapling)
• Test for TLS certificate pinning implementation
• Check for forward secrecy (ECDHE/DHE cipher suites)
• Test for Sweet32 vulnerability (64-bit block ciphers)
• Check for certificate transparency (CT) log inclusion
• Test for TLS downgrade attacks via version negotiation
• Test for renegotiation attacks (prefix injection)
• Check for secure renegotiation support (RFC 5746)
• Test for TLS compression attacks (CRIME variant)

🌐

Cryptographic Implementation

15 checks

0/15

• Test for weak hashing algorithms (MD5, SHA1) for password storage
• Test for weak encryption algorithms (DES, RC4, ECB mode)
• Check for hardcoded encryption keys in source code or config
• Test for key management security (storage, rotation, access)
• Test for IV reuse in CBC mode encryption
• Check for padding oracle vulnerability in decryption
• Test for ECB mode detection via identical ciphertext blocks
• Test for cryptographic key derivation weakness (low iterations)
• Check for random number generator weakness (predictable seeds)
• Test for cryptographic timing attacks on comparison functions
• Check for certificate pinning bypass techniques
• Test for weak password hashing (no salt, fast algorithms like MD5)
• Check for proper use of bcrypt/scrypt/Argon2 for passwords
• Test for JWT algorithm confusion (RS256 to HS256)
• Test for cryptographic key exposure in source code repository

🌐

HTTP Request Smuggling

10 checks

0/10

• Test for CL.TE request smuggling (Content-Length vs Transfer-Encoding)
• Test for TE.CL request smuggling between frontend and backend
• Test for TE.TE request smuggling with header obfuscation
• Test for H2.CL request smuggling (HTTP/2 downgrade)
• Test for H2.TE request smuggling (HTTP/2 to HTTP/1.1)
• Test for request smuggling via header manipulation techniques
• Test for request smuggling between proxy and backend server
• Test for request smuggling in load balancer scenarios
• Test for request smuggling to bypass WAF inspection
• Test for request smuggling to poison web cache

🌐

Web Cache Poisoning & Deception

10 checks

0/10

• Test for web cache poisoning via unkeyed headers
• Test for web cache poisoning via unkeyed cookies
• Test for web cache poisoning via unkeyed query parameters
• Test for web cache deception with path parameter tricks
• Test for cache key manipulation via normalization differences
• Test for cache poisoning via HTTP method override technique
• Test for cache poisoning via Vary header manipulation
• Test for cache poisoning with fat GET requests
• Test for cache deception with file extension trickery
• Test for cache poisoning via response header injection

🌐

Server Misconfiguration

20 checks

0/20

• Check for default credentials on server services and admin panels
• Check for unnecessary services running on the server
• Check for directory listing enabled on web directories
• Check for server version disclosure in HTTP headers
• Check for stack trace disclosure in error pages
• Check for debug mode enabled in production environment
• Test for HTTP methods beyond GET/POST (PUT, DELETE, OPTIONS, TRACE)
• Check for TRACE method enabling Cross-Site Tracing attacks
• Test for OPTIONS method information disclosure
• Check for CORS misconfiguration at server level
• Check for open redirect vulnerabilities in URL parameters
• Test for host header injection in virtual hosting
• Test for X-Forwarded-Host header injection for cache poisoning
• Check for proxy misconfiguration allowing request smuggling
• Check for improper error handling revealing internal info
• Test for server-side JavaScript injection (Node.js specific)
• Check for information disclosure via verbose error messages
• Test for HTTP header injection via CRLF sequences
• Check for CRLF injection in HTTP response headers
• Test for HTTP response splitting attacks

🌐

Cloud & Container Security

15 checks

0/15

• Test for AWS S3 bucket misconfiguration allowing public access
• Test for AWS metadata endpoint access via SSRF (169.254.169.254)
• Test for Azure metadata endpoint access via SSRF
• Test for GCP metadata endpoint access via SSRF
• Check for exposed Docker API on port 2375/2376 without auth
• Check for exposed Kubernetes API on port 6443/8443
• Test for container escape vulnerabilities (CVE checks)
• Check for cloud storage public access (Azure Blob, GCP GCS)
• Test for cloud IAM misconfiguration and privilege escalation
• Check for cloud function exposure (AWS Lambda, GCF, Azure Functions)
• Test for cloud database public access without authentication
• Check for cloud queue service exposure (SQS, Pub/Sub, Service Bus)
• Test for etcd unauthorized access on port 2379
• Check for Kubernetes dashboard exposure without auth
• Test for cloud CDN misconfiguration allowing cache manipulation

🌐

Data Exposure

20 checks

0/20

• Check for sensitive data in page source code and HTML comments
• Check for sensitive data in JavaScript files and source maps
• Check for API keys and secrets in client-side code
• Check for sensitive data in HTML meta tags and attributes
• Check for sensitive data in error messages and stack traces
• Check for sensitive data in debug and status endpoints
• Check for sensitive data in robots.txt and sitemap.xml
• Check for sensitive data in .env files and configuration
• Check for sensitive data in backup files and archives
• Check for sensitive data in version control directories (.git)
• Check for sensitive data in log files on the server
• Check for sensitive data in HTTP response headers
• Check for sensitive data in cookies without Secure/HttpOnly flags
• Check for sensitive data in localStorage/sessionStorage
• Check for sensitive data in IndexedDB storage
• Check for email/PII exposure in API responses
• Check for excessive data returned in API responses
• Check for sensitive data in URL parameters (GET method)
• Check for sensitive data in browser autocomplete fields
• Check for sensitive data in referrer header to external sites

🌐

Error Handling

40 checks

0/40

• Test for verbose error messages with stack traces and file paths
• Test for database error disclosure with query information
• Test for framework version disclosure in error pages
• Test for internal IP and path disclosure in error messages
• Test for error-based information disclosure via crafted input
• Test for different error responses revealing valid/invalid inputs
• Check for custom error pages properly implemented
• Test for debug mode error pages in production
• Test for error handling in API endpoints (500 vs 400 codes)
• Test for GraphQL error disclosure with schema information
• Test for unauthenticated WebSocket connections to sensitive data
• Test for WebSocket cross-site hijacking (CSWSH) vulnerability
• Test for WebSocket message injection from client side
• Test for WebSocket replay attacks with captured messages
• Test for WebSocket denial of service via message flooding
• Test for sensitive data in WebSocket messages (plaintext)
• Test for WebSocket origin validation bypass
• Test for WebSocket message encryption requirement
• Test for WebSocket IDOR in channel/room identifiers
• Test for WebSocket rate limiting and throttling
• Test for WebSocket SQL injection in message parameters
• Test for WebSocket XSS via message content rendering
• Test for WebSocket command injection in message handlers
• Test for WebSocket connection hijacking via session tokens
• Test for WebSocket protocol downgrade attack
• Test for GraphQL introspection query revealing full schema
• Test for GraphQL query depth limiting absence (DoS potential)
• Test for GraphQL batch queries for abuse and rate limit bypass
• Test for GraphQL alias abuse to bypass rate limiting
• Test for GraphQL directive abuse for information disclosure
• Test for GraphQL mutation access control enforcement
• Test for GraphQL subscription security (real-time data)
• Test for GraphQL injection in query arguments and variables
• Test for GraphQL field suggestion information disclosure
• Test for GraphQL error message revealing internal details
• Test for GraphQL DoS via deeply nested complex queries
• Test for GraphQL IDOR in query and mutation operations
• Test for GraphQL authorization enforcement on fields
• Test for GraphQL query complexity limiting implementation
• Test for GraphQL persisted queries security

🔌

API Authentication & Authorization

25 checks

0/25

• Test for broken authentication in all API endpoints
• Check for API key exposure in client-side JavaScript code
• Test for API key in URL parameters instead of headers
• Test for bearer token security and proper validation
• Test for OAuth 2.0 token security in API authentication
• Test for API rate limiting and throttling implementation
• Check for proper HTTP methods on all API endpoints
• Test for API versioning security (/v1/ vs /v2/ access control)
• Test for mass assignment in API endpoint parameters
• Check for proper input validation in API requests
• Test for API response data filtering and field restriction
• Test for excessive data exposure in API responses
• Test for API parameter tampering and manipulation
• Check for API endpoint enumeration via directory brute force
• Test for API documentation exposure (Swagger, OpenAPI spec)
• Test for GraphQL API introspection query access
• Test for REST API verb tampering (method override)
• Check for API CORS configuration and origin validation
• Test for API request/response content type validation
• Test for API pagination security and data leakage
• Test for API key rotation and revocation mechanism
• Check for API token expiration and refresh flow
• Test for API scope limitation and permission boundaries
• Check for API gateway authentication bypass
• Test for API key in referrer header leakage

🔌

API Injection & Manipulation

15 checks

0/15

• Test for SQL injection in API query and body parameters
• Test for NoSQL injection in API JSON request body
• Test for command injection via API parameters
• Test for SSRF via API URL parameters and webhook URLs
• Test for IDOR in API resource identifiers and references
• Test for parameter pollution in API requests
• Test for API batch endpoint abuse for bulk operations
• Test for API rate limit bypass via header manipulation
• Test for API rate limit bypass via IP rotation
• Test for API request smuggling between gateway and backend
• Test for API response manipulation and data injection
• Test for API content-type switching attacks
• Test for API compression bomb attacks (zip bombs)
• Test for API timeout exploitation for resource exhaustion
• Test for API error message information disclosure

🔌

REST API Specific

15 checks

0/15

• Test all CRUD operations (GET, POST, PUT, PATCH, DELETE)
• Test for improper HTTP method handling on endpoints
• Test for HEAD method information disclosure
• Test for OPTIONS method CORS information disclosure
• Test for PUT/DELETE without proper authorization checks
• Test for REST URL parameter manipulation and injection
• Test for REST body parameter manipulation and injection
• Test for REST header parameter manipulation and injection
• Check for proper HTTP status codes in API responses
• Test for inconsistent error handling across API endpoints
• Test for HATEOAS link manipulation in responses
• Test for REST API pagination bypass for data extraction
• Test for REST API filtering and sorting injection
• Check for API version deprecation security handling
• Test for API backward compatibility security issues

🔌

SOAP & XML API

10 checks

0/10

• Test for SOAP action manipulation and injection
• Test for SOAP XML injection in message body
• Test for XXE in SOAP XML requests and responses
• Test for SOAP WSDL disclosure and service enumeration
• Test for SOAP message security (WS-Security implementation)
• Test for SOAP replay attacks on stateful operations
• Check for SOAP fault information disclosure details
• Test for SOAP attachment handling security
• Test for SOAP encoding attacks and type confusion
• Test for SOAP namespace manipulation for injection

🔌

gRPC API

10 checks

0/10

• Test for gRPC reflection service exposure and enumeration
• Test for gRPC unauthenticated access to services
• Test for gRPC message serialization attacks (protobuf)
• Test for gRPC connection hijacking between client and server
• Check for gRPC metadata security and sensitive header exposure
• Test for gRPC stream abuse for denial of service
• Test for gRPC TLS configuration and encryption enforcement
• Check for gRPC service enumeration via reflection API
• Test for gRPC deadline and timeout exploitation
• Test for gRPC channel credential security and token handling

🤖

Static Analysis

41 checks

0/41

• Decompile APK with jadx for Java source code review
• Decompile APK with apktool for resource and manifest analysis
• Check AndroidManifest.xml for exported components without permission
• Check for exported activities accessible by other apps
• Check for exported services accessible by other apps
• Check for exported content providers with data access
• Check for exported broadcast receivers for intent injection
• Check for intent filter actions and categories exposed
• Analyze custom permissions and their protection levels
• Check for debuggable flag (android:debuggable=true) in manifest
• Check for allowBackup flag (android:allowBackup=true) in manifest
• Check for network security config (cleartext traffic allowed)
• Analyze permissions requested by the application
• Check for dangerous permissions usage without justification
• Look for hardcoded secrets in source code (API keys, tokens)
• Check for API keys and URLs in strings.xml and other resources
• Analyze third-party SDKs and libraries for known vulnerabilities
• Check for outdated or insecure library versions in build files
• Analyze ProGuard/R8 obfuscation effectiveness in decompiled code
• Check for data storage in SharedPreferences (plaintext credentials)
• Analyze SQLite database storage for sensitive data in plaintext
• Check for Firebase/FCM misconfiguration (open database access)
• Check for Google Maps API key restriction (Android app restriction)
• Analyze custom URL schemes (deep links) for hijacking potential
• Check for app linking verification (assetlinks.json presence)
• Analyze WebView configuration and security settings
• Check for JavaScript enabled in WebView (setJavaScriptEnabled(true))
• Check for addJavascriptInterface usage in WebView (RCE risk)
• Check for setAllowFileAccess in WebView (local file access)
• Check for setAllowContentAccess in WebView (content provider access)
• Check for WebView file:// URL access for local file theft
• Analyze network communication for HTTP (cleartext) usage
• Check for certificate pinning implementation in network calls
• Analyze custom TrustManager implementations (SSL bypass risk)
• Check for SSL error handler bypass (onReceivedSslError)
• Analyze broadcast receiver security for intent filtering
• Check for PendingIntent security and privilege escalation risk
• Analyze notification security for sensitive data exposure
• Check for shortcut security and deep link exposure
• Look for sensitive data in logging (Log.d, Log.v, Log.i calls)
• Analyze clipboard security for sensitive data leakage

🤖

Dynamic Analysis

30 checks

0/30

• Use Frida for runtime hooking and function analysis
• Use Xposed framework for runtime method modification
• Hook SSL pinning bypass with Frida/Objection scripts
• Hook root detection bypass with Frida/Objection scripts
• Monitor network traffic with Burp Suite proxy interception
• Test with emulator detection bypass using Frida hooks
• Use Drozer for Android component testing and enumeration
• Test exported activities with Drozer activity launch
• Test content provider queries with Drozer provider scan
• Test broadcast receiver injection with Drozer broadcast
• Use adb for intent-based attacks on exported components
• Test deep link hijacking from malicious application
• Test task affinity attacks for activity hijacking
• Test for tapjacking vulnerability with overlay app
• Monitor file system changes during app usage with fsmon
• Check SharedPreferences file permissions on device
• Check database file permissions on device storage
• Monitor IPC communication between app components
• Test for screen overlay attacks on sensitive screens
• Analyze app behavior on lock screen for data leakage
• Test for clipboard data leakage between applications
• Monitor notification content for sensitive data exposure
• Test for content provider SQL injection via Drozer
• Test for content provider path traversal via crafted URIs
• Test for intent redirection attacks to internal components
• Analyze Keystore/Keychain usage for key storage security
• Test biometric authentication bypass with Frida hooking
• Check for keyboard cache leakage of sensitive input
• Test for screenshot prevention on sensitive screens
• Monitor memory for sensitive data exposure with Frida

🤖

Data Storage

15 checks

0/15

• Check SharedPrefs for plaintext credential and token storage
• Check SQLite databases for sensitive data in plaintext
• Check internal storage file permissions (world-readable)
• Check external storage for sensitive data (world-readable by default)
• Check for sensitive data in cache directories
• Test for backup extraction via adb backup command
• Check for auto backup to Google Drive with sensitive data
• Test for data leakage through content providers
• Check for sensitive data in logcat output on device
• Test for secure deletion of sensitive data on logout
• Check for data encryption at rest using Android Keystore
• Test for data leakage through clipboard copy operations
• Check for sensitive data in intent extras passed between components
• Test for data persistence after user logout operation
• Check for secure key storage using Android Keystore system

🤖

Network Communication

15 checks

0/15

• Test for cleartext traffic (HTTP) usage in network calls
• Check for certificate pinning implementation and bypass
• Test for SSL/TLS version and cipher suite security
• Check for custom TrustManager implementation vulnerabilities
• Test for hostname verifier bypass in SSL connections
• Check for WebView SSL error handler bypass vulnerability
• Test for network security config enforcement on Android 7+
• Check for API communication over HTTPS only
• Test for sensitive data in network request parameters
• Check for proper session management in API network calls
• Test for network interception via proxy configuration
• Check for WebSocket security (wss vs ws protocol)
• Test for certificate transparency support in connections
• Check for proper OAuth token handling in network requests
• Test for API endpoint security against common web attacks

🤖

Reverse Engineering Protection

15 checks

0/15

• Test for root detection implementation and bypass methods
• Test for emulator detection implementation and bypass
• Test for Frida detection implementation and bypass
• Test for Xposed detection implementation and bypass
• Test for debugging detection (android:debuggable check)
• Check for code obfuscation effectiveness in decompiled output
• Test for repackaging detection and signature verification
• Check for tamper detection mechanisms in the application
• Test for integrity verification of app resources
• Check for anti-hooking mechanisms and bypass methods
• Test for runtime integrity checks in application code
• Check for string encryption in decompiled source code
• Test for control flow obfuscation in critical methods
• Check for class encryption/packing (DEX protection)
• Test for dynamic code loading security (DexClassLoader)

🤖

IPC Security

15 checks

0/15

• Test for intent injection attacks on exported components
• Test for intent redirection attacks to internal activities
• Test for PendingIntent privilege escalation attacks
• Test for broadcast receiver abuse and message injection
• Test for content provider SQL injection via crafted queries
• Test for content provider path traversal via crafted URIs
• Test for AIDL interface security and access control
• Test for Messenger-based IPC security and validation
• Check for implicit intent hijacking by malicious apps
• Test for component naming manipulation attacks
• Check for package name spoofing by malicious applications
• Test for activity hijacking via taskAffinity manipulation
• Test for task hijacking (Strandhogg) vulnerability
• Test for service binding abuse by external applications
• Check for unbound service security and data access

🍏

Static Analysis

30 checks

0/30

• Decompile IPA with class-dump for Objective-C header analysis
• Use Hopper/IDA for disassembly and control flow analysis
• Check Info.plist for sensitive configuration and URL schemes
• Check for ATS (App Transport Security) exceptions and bypasses
• Analyze URL schemes and deep links for hijacking potential
• Check for hardcoded secrets in binary strings
• Analyze encryption key management and storage
• Check for debug symbols in binary (stripped or not)
• Check for NSLog/NSAssert statements with sensitive data output
• Analyze third-party frameworks and libraries for vulnerabilities
• Check for insecure data storage in Documents/Library directories
• Analyze CoreData model for sensitive entity attributes
• Check for Firebase/GoogleService-Info.plist configuration exposure
• Analyze entitlements for dangerous permissions and capabilities
• Check for background modes security (location, audio, VOIP)
• Analyze app extensions security (share, today, keyboard)
• Check for universal links configuration (apple-app-site-association)
• Analyze WKWebView configuration and security settings
• Check for JavaScript enabled in WKWebView
• Check for file access in WKWebView (allowFileAccessFromFileURLs)
• Analyze Keychain access groups and sharing between apps
• Check for pasteboard (clipboard) usage with sensitive data
• Analyze encryption implementation (CommonCrypto, CryptoKit)
• Check for insecure random number generation (arc4random vs SecRandomCopyBytes)
• Look for format string vulnerabilities in NSLog/printf calls
• Check for stack buffer overflow possibilities in C/C++ code
• Analyze Objective-C runtime manipulation potential (method swizzling)
• Check for app group container security between host and extensions
• Analyze SiriKit intent handling for unauthorized actions
• Check for widget extension data leakage to other apps

🍏

Dynamic Analysis

20 checks

0/20

• Use Frida for runtime hooking on jailbroken iOS device
• Use Objection for runtime exploration and data access
• Hook SSL pinning bypass with Frida/Objection scripts
• Hook jailbreak detection bypass with Frida/Objection scripts
• Monitor network traffic with Burp Suite proxy
• Use Cycript for runtime manipulation on jailbroken device
• Use LLDB for debugging and memory analysis
• Test for Touch ID/Face ID bypass via Frida hooking
• Monitor Keychain access with Keychain dumper tool
• Test for pasteboard data leakage between apps
• Monitor UserDefaults for sensitive data storage
• Test for screenshot prevention on sensitive screens
• Test for app backgrounding behavior and data exposure
• Monitor IPC between app and extensions
• Test for URL scheme hijacking from malicious app
• Test for deep link injection and parameter manipulation
• Analyze background fetch behavior for data leakage
• Test for push notification content security in alerts
• Monitor file system access patterns during app usage
• Test for clipboard data persistence after app exit

🍏

Data Storage

15 checks

0/15

• Check Keychain for insecure data storage (kSecAttrAccessible always)
• Check UserDefaults for sensitive data (credentials, tokens)
• Check CoreData database for sensitive data in plaintext
• Check SQLite databases for sensitive data without encryption
• Check for plaintext credentials in plist files
• Check for sensitive data in cache directories (Library/Caches)
• Check for sensitive data in tmp directories
• Test for backup inclusion of sensitive data (iTunes/Finder)
• Check for iCloud backup of sensitive app data
• Test for secure deletion of temporary files on logout
• Check for data encryption at rest using iOS Data Protection
• Test for data persistence after app deletion and reinstall
• Check for keyboard cache leakage of sensitive input
• Test for pasteboard data leakage between applications
• Check for sensitive data in crash logs and diagnostic reports

🍏

Network Communication

10 checks

0/10

• Test for cleartext HTTP traffic (ATS bypass or exception)
• Check for certificate pinning implementation and bypass
• Test for SSL/TLS version and cipher suite security
• Check for custom certificate validation bypass vulnerability
• Test for ATS exception domains security and justification
• Check for API communication security (HTTPS, token handling)
• Test for sensitive data in network request parameters
• Check for proper OAuth token handling in network calls
• Test for WebSocket security (wss vs ws protocol)
• Check for network proxy detection and prevention

🍏

Cryptography

10 checks

0/10

• Check for weak encryption algorithms (DES, RC4, ECB mode)
• Check for hardcoded encryption keys in binary
• Test for proper key derivation (PBKDF2, Argon2 with sufficient iterations)
• Check for IV/nonce reuse in encryption operations
• Test for insecure random number generation
• Check for proper key storage in Keychain with access control
• Test for cryptographic key derivation weaknesses
• Check for CommonCrypto vs CryptoKit usage and security
• Test for timing attacks in cryptographic comparison operations
• Check for Secure Enclave usage for key operations and biometrics

🍏

Jailbreak Detection & Anti-Tampering

10 checks

0/10

• Test for jailbreak detection implementation and effectiveness
• Test for jailbreak detection bypass methods via Frida
• Check for file-based jailbreak detection (/Applications/Cydia.app)
• Check for URL scheme-based jailbreak detection (cydia://)
• Test for dylib injection detection via DYLD_INSERT_LIBRARIES
• Check for code signing verification and integrity
• Test for runtime integrity checks and method swizzling detection
• Check for anti-debugging mechanisms (sysctl P_TRACED check)
• Test for reverse engineering protection effectiveness
• Check for app integrity verification using code signing

🖥️

Static Analysis

20 checks

0/20

• Decompile .NET applications with dnSpy/ILSpy for source review
• Decompile Java applications with JD-GUI/CFR for source review
• Analyze Electron apps with asar extraction and source review
• Check for hardcoded credentials in binary and config files
• Check for hardcoded encryption keys in decompiled source
• Analyze configuration files for sensitive data exposure
• Check for debug builds distributed in production
• Analyze import table for security-relevant Windows APIs
• Check for string references to sensitive resources and URLs
• Analyze resource files for embedded credentials and keys
• Check for insecure file permissions on installation
• Analyze Windows registry entries for sensitive data storage
• Check for sensitive data in INI/XML configuration files
• Analyze SQLite databases for sensitive data without encryption
• Check for local database encryption implementation
• Analyze memory-mapped files for sensitive data exposure
• Check for temporary file handling security (deletion after use)
• Analyze logging for sensitive data disclosure in log files
• Check for insecure COM/DCOM registration and access
• Analyze Windows event log entries for sensitive data

🖥️

Dynamic Analysis

20 checks

0/20

• Monitor network traffic with Wireshark and Burp Suite
• Intercept and modify network requests in transit
• Test for local proxy configuration bypass
• Monitor file system access with Process Monitor (Sysinternals)
• Monitor registry access with Process Monitor
• Monitor process creation with Process Monitor
• Use API monitor for detailed API call analysis
• Use Frida for runtime hooking and function modification
• Test for DLL injection vulnerabilities in the application
• Test for DLL hijacking/side-loading with malicious DLLs
• Test for process injection and memory manipulation
• Monitor memory for sensitive data exposure
• Use Cheat Engine for memory analysis and value modification
• Test for local privilege escalation via service manipulation
• Analyze inter-process communication security
• Test for named pipe security and access control
• Monitor shared memory for sensitive data exposure
• Test for COM object hijacking and replacement
• Analyze Windows service security configuration
• Test for insecure service permissions (change config)

🖥️

Binary Analysis

15 checks

0/15

• Check for ASLR (Address Space Layout Randomization) enabled
• Check for DEP/NX (Data Execution Prevention) enabled
• Check for stack canaries/cookies in compiled binary
• Check for Control Flow Guard (CFG) on Windows
• Check for SafeSEH (Safe Structured Exception Handler)
• Analyze buffer overflow possibilities in input handling
• Test for format string vulnerabilities in printf-family calls
• Test for integer overflow vulnerabilities in calculations
• Check for use-after-free vulnerabilities in memory management
• Analyze heap management security and exploitation potential
• Test for race conditions in file operations (TOCTOU)
• Check for symbolic link following vulnerabilities
• Analyze exception handler security (SEH overwrite)
• Check for SEH overwrite exploitation potential
• Test for return-oriented programming (ROP) chain possibilities

🖥️

Network Communication

15 checks

0/15

• Test for cleartext communication over HTTP/TCP
• Check for certificate validation implementation and bypass
• Test for certificate pinning in thick client network calls
• Check for SSL/TLS version and cipher suite security
• Test for proxy detection and bypass capability
• Monitor WebSocket communication for sensitive data
• Check for custom protocol security and message integrity
• Test for RMI/DCOM security and access control
• Check for RPC security and authentication requirements
• Test for WCF service security and binding configuration
• Check for gRPC communication security and encryption
• Test for message queue security (MSMQ, RabbitMQ)
• Check for database connection security and encryption
• Test for LDAP communication security and authentication
• Check for SSH key management and storage security

🖥️

Electron Application Security

15 checks

0/15

• Check for contextIsolation enabled in BrowserWindow config
• Check for nodeIntegration enabled in BrowserWindow config
• Check for sandbox mode enabled in BrowserWindow config
• Test for preload script security and validation
• Test for IPC message validation between main and renderer
• Check for remote module usage (deprecated, insecure)
• Test for shell.openExternal injection for RCE
• Check for webPreferences security settings configuration
• Test for custom protocol handler security (registerFileProtocol)
• Check for auto-update security (code signing verification)
• Test for deep link security in Electron protocol handlers
• Check for content security policy in renderer process
• Test for navigation restriction in renderer process
• Check for new window creation security (new-window event)
• Test for webview tag security and sandbox configuration

🖥️

Java Thick Client Security

10 checks

0/10

• Check for Java deserialization vulnerabilities (ObjectInputStream)
• Test for JMX endpoint security and authentication
• Check for RMI registry security and access control
• Test for JNDI injection via malicious LDAP/RMI server
• Check for Java policy file security and permissions
• Test for applet security (if applicable to legacy apps)
• Check for Java Web Start security and code signing
• Test for class loader manipulation and custom loaders
• Check for reflection abuse for access control bypass
• Test for JVM argument injection via environment variables

🖥️

Local Privilege Escalation

10 checks

0/10

• Test for DLL search order hijacking in application directory
• Test for unquoted service path vulnerability on Windows
• Test for weak service permissions allowing modification
• Test for registry key permissions allowing elevation
• Check for always-install-elevated group policy on Windows
• Test for token impersonation and privilege manipulation
• Check for SUID/SGID binaries on Linux thick clients
• Test for sudo misconfiguration and NOPASSWD entries
• Check for world-writable configuration files
• Test for scheduled task/job manipulation on Windows

🌐

Google Dorking & OSINT

49 checks

0/49

• Google dork: site:target.com filetype:pdf
• Google dork: site:target.com filetype:xlsx
• Google dork: site:target.com filetype:docx
• Google dork: site:target.com filetype:txt
• Google dork: site:target.com filetype:log
• Google dork: site:target.com filetype:sql
• Google dork: site:target.com filetype:env
• Google dork: site:target.com filetype:yml
• Google dork: site:target.com filetype:json
• Google dork: site:target.com filetype:xml
• Google dork: site:target.com filetype:conf
• Google dork: site:target.com filetype:cfg
• Google dork: site:target.com filetype:bak
• Google dork: site:target.com intitle:"index of"
• Google dork: site:target.com intitle:"dashboard"
• Google dork: site:target.com intitle:"admin"
• Google dork: site:target.com intitle:"login"
• Google dork: site:target.com inurl:admin
• Google dork: site:target.com inurl:login
• Google dork: site:target.com inurl:dashboard
• Google dork: site:target.com inurl:config
• Google dork: site:target.com inurl:api
• Google dork: site:target.com inurl:upload
• Google dork: site:target.com inurl:debug
• Google dork: site:target.com inurl:test
• Google dork: site:target.com inurl:staging
• Google dork: site:target.com inurl:dev
• Google dork: site:target.com inurl:.git
• Google dork: site:target.com inurl:.env
• Google dork: site:target.com inurl:wp-admin
• Google dork: site:target.com inurl:phpmyadmin
• Google dork: site:target.com inurl:swagger
• Google dork: site:target.com inurl:graphql
• Google dork: site:target.com intext:"password"
• Google dork: site:target.com intext:"api key"
• Google dork: site:target.com intext:"secret"
• Google dork: site:target.com intext:"token"
• Google dork: site:target.com cache:
• Google dork: site:target.com "error" "sql"
• Google dork: site:pastebin.com target.com
• Google dork: site:github.com target.com password
• Google dork: site:github.com target.com api_key
• Google dork: site:github.com target.com secret
• Google dork: site:github.com target.com token
• Google dork: site:gist.github.com target.com
• Google dork: site:stackoverflow.com target.com
• Google dork: site:trello.com target.com
• Google dork: site:slack.com target.com
• Google dork: site:notion.so target.com

🌐

JavaScript Analysis

50 checks

0/50

• Analyze JavaScript for hardcoded API endpoints
• Analyze JavaScript for hardcoded API keys
• Analyze JavaScript for hardcoded secrets and tokens
• Analyze JavaScript for hidden feature flags
• Analyze JavaScript for admin panel routes
• Analyze JavaScript for debug mode toggles
• Analyze JavaScript for internal IP addresses
• Analyze JavaScript for database connection strings
• Analyze JavaScript for encryption keys
• Analyze JavaScript for OAuth client secrets
• Analyze JavaScript for AWS credentials
• Analyze JavaScript for Firebase configuration
• Analyze JavaScript for Stripe/Payment API keys
• Analyze JavaScript for Google Maps API keys
• Analyze JavaScript for SendGrid/Mailgun API keys
• Analyze JavaScript for Twilio API credentials
• Analyze JavaScript for Slack webhook URLs
• Analyze JavaScript for hidden WebSocket endpoints
• Analyze JavaScript for unused/debug API routes
• Analyze JavaScript for source map references
• Analyze JavaScript for environment-specific config objects
• Analyze JavaScript for JWT token handling logic
• Analyze JavaScript for localStorage usage with sensitive data
• Analyze JavaScript for sessionStorage usage with sensitive data
• Analyze JavaScript for IndexedDB usage with sensitive data
• Analyze JavaScript for insecure postMessage handlers
• Analyze JavaScript for DOMPurify or sanitizer bypass potential
• Analyze JavaScript for eval() usage with user input
• Analyze JavaScript for innerHTML usage with unsanitized input
• Analyze JavaScript for document.write() with user input
• Analyze JavaScript for dangerouslySetInnerHTML (React)
• Analyze JavaScript for v-html usage (Vue.js)
• Analyze JavaScript for AngularJS expression injection
• Analyze JavaScript for prototype pollution vectors
• Analyze JavaScript for DOM clobbering possibilities
• Analyze JavaScript for open redirect via window.location
• Analyze JavaScript for CORS misconfiguration in fetch calls
• Analyze JavaScript for credentials: include in cross-origin requests
• Analyze JavaScript for service worker registration and scope
• Analyze JavaScript for web worker message handling security
• Analyze JavaScript for notification API abuse potential
• Analyze JavaScript for geolocation API data leakage
• Analyze JavaScript for camera/microphone permission abuse
• Analyze JavaScript for clipboard API data exfiltration
• Analyze JavaScript for SharedArrayBuffer for Spectre-class attacks
• Analyze JavaScript for WebAssembly module loading security
• Analyze JavaScript for Content-Security-Policy bypass vectors
• Analyze JavaScript for nonce-based CSP bypass via script gadgets
• Analyze JavaScript for trusted types bypass
• Analyze JavaScript for third-party script inclusion risks

🌐

Email Security Testing

25 checks

0/25

• Check SPF record existence and configuration (v=spf1)
• Check SPF record for overly permissive include (~all vs -all)
• Check SPF record for DNS lookup limit exceeded (max 10)
• Check DKIM record existence and key strength
• Check DKIM key length (should be 2048+ bits)
• Check DKIM selector enumeration for multiple selectors
• Check DMARC record existence and policy (p=reject/quarantine/none)
• Check DMARC rua tag for aggregate report destination
• Check DMARC ruf tag for forensic report destination
• Check DMARC policy enforcement percentage (pct=100)
• Test for email spoofing via missing DMARC policy
• Test for email spoofing via relaxed DMARC alignment (r vs s)
• Check for email header injection in contact forms
• Test for CRLF injection in email header fields
• Test for MIME injection in email content
• Test for email content XSS in webmail clients
• Check for open SMTP relay on target mail servers
• Test for SMTP user enumeration via VRFY/EXPN commands
• Check for email DSN (Delivery Status Notification) leakage
• Test for email bomb via mass subscription to services
• Check for CAA (Certification Authority Authorization) DNS record
• Test for email link rewriting and tracking pixel leakage
• Check for BIMI record for brand indicator in email
• Test for subdomain email server misconfiguration (MX records)
• Check for email auto-reply information disclosure

🌐

DNS Security Testing

20 checks

0/20

• Check for DNS zone transfer vulnerability (AXFR)
• Check for DNSSEC implementation and validation
• Check for DNS over HTTPS (DoH) configuration
• Check for DNS over TLS (DoT) configuration
• Test for DNS cache poisoning vulnerability
• Check for DNS rebinding attack possibility
• Test for DNS spoofing on local network
• Check for CNAME flattening security implications
• Check for DNS TXT record information disclosure
• Check for DNS SRV record enumeration
• Check for DNS PTR record reverse lookup information
• Test for DNS tunneling detection and prevention
• Check for wildcard DNS record security implications
• Check for DNAME record aliasing security
• Check for DNS NAPTR record information disclosure
• Test for DNS amplification attack vulnerability
• Check for open DNS resolver on target nameservers
• Check for DNS cookie support (RFC 7873)
• Check for DNS response rate limiting configuration
• Check for DNS query name minimization implementation

🌐

WAF Bypass Techniques

25 checks

0/25

• Test WAF bypass with URL encoding of payloads
• Test WAF bypass with double URL encoding
• Test WAF bypass with Unicode/HTML entity encoding
• Test WAF bypass with base64 encoded payloads
• Test WAF bypass with chunked transfer encoding
• Test WAF bypass with HTTP/2 protocol features
• Test WAF bypass with content-type switching
• Test WAF bypass with HTTP parameter pollution
• Test WAF bypass with JSON/XML content type differences
• Test WAF bypass with multipart form data encoding
• Test WAF bypass with null byte injection in payloads
• Test WAF bypass with SQL comment injection (/*!*/)
• Test WAF bypass with case variation in keywords
• Test WAF bypass with inline comments in SQL
• Test WAF bypass with alternative SQL syntax
• Test WAF bypass with HTTP header manipulation
• Test WAF bypass with request method variation
• Test WAF bypass with path normalization tricks
• Test WAF bypass with IP spoofing via X-Forwarded-For
• Test WAF bypass with slow HTTP attacks (slowloris)
• Test WAF bypass with HTTP pipelining
• Test WAF bypass with request body in GET method
• Test WAF bypass with fragmented payloads across parameters
• Test WAF bypass with JSON array injection
• Test WAF bypass with GraphQL query obfuscation

🌐

Prototype Pollution

20 checks

0/20

• Test for client-side prototype pollution via __proto__
• Test for client-side prototype pollution via constructor.prototype
• Test for client-side prototype pollution via Object.assign
• Test for server-side prototype pollution in Node.js
• Test for prototype pollution via JSON body parsing
• Test for prototype pollution via query string parsing
• Test for prototype pollution via deep merge functions
• Test for prototype pollution in lodash _.merge
• Test for prototype pollution in lodash _.defaultsDeep
• Test for prototype pollution in jQuery.extend (deep)
• Test for prototype pollution to XSS via src override
• Test for prototype pollution to XSS via innerHTML override
• Test for prototype pollution for privilege escalation
• Test for prototype pollution for CSRF token bypass
• Test for prototype pollution for security policy bypass
• Test for prototype pollution in express middleware
• Test for prototype pollution in hapi/hapi.js
• Test for prototype pollution in node-config library
• Test for prototype pollution via environment variable injection
• Test for prototype pollution for RCE via child_process options

🌐

CRLF Injection

10 checks

0/10

• Test for CRLF injection in URL parameters (%0d%0a)
• Test for CRLF injection in HTTP headers
• Test for CRLF injection in email headers via contact forms
• Test for CRLF injection for HTTP response splitting
• Test for CRLF injection for header injection (XSS via header)
• Test for CRLF injection for cookie injection
• Test for CRLF injection for cache poisoning
• Test for CRLF injection in log files for log injection
• Test for CRLF injection in redirect URLs
• Test for CRLF injection in filename parameters

🌐

Open Redirect

15 checks

0/15

• Test for open redirect in URL redirect parameters (?url=, ?redirect=)
• Test for open redirect with protocol-relative URLs (//evil.com)
• Test for open redirect with URL encoding bypass
• Test for open redirect with double encoding bypass
• Test for open redirect with URL fragment tricks (#)
• Test for open redirect with @ symbol in URL
• Test for open redirect with backslash in URL
• Test for open redirect with subdomain of target
• Test for open redirect with data: URI scheme
• Test for open redirect with javascript: URI scheme
• Test for open redirect via Host header manipulation
• Test for open redirect via X-Forwarded-Host header
• Test for open redirect in OAuth redirect_uri parameter
• Test for open redirect in SAML RelayState parameter
• Test for open redirect in Next/Continue parameter after login

🌐

Deserialization Attacks

20 checks

0/20

• Test for insecure deserialization in Java (ObjectInputStream)
• Test for insecure deserialization in PHP (unserialize)
• Test for insecure deserialization in Python (pickle/yaml)
• Test for insecure deserialization in .NET (ViewState/BinaryFormatter)
• Test for insecure deserialization in Node.js (node-serialize)
• Test for insecure deserialization in Ruby (Marshal/YAML)
• Test for Java deserialization via ysoserial payloads
• Test for PHP deserialization via PHPGGC payloads
• Test for .NET ViewState deserialization with known machine keys
• Test for Python pickle deserialization RCE
• Test for YAML deserialization with !!python/object/apply
• Test for JSON deserialization type confusion
• Test for XML deserialization (XXE + object injection)
• Test for deserialization in message queue consumers
• Test for deserialization in cached session objects
• Test for deserialization in API request body parsing
• Test for deserialization in file import functionality
• Test for deserialization in database blob reading
• Test for deserialization in memcached/Redis cached objects
• Test for deserialization in distributed cache systems

🌐

JWT Security Deep Testing

20 checks

0/20

• Test JWT for none/None/NONE algorithm bypass
• Test JWT for algorithm confusion RS256 to HS256
• Test JWT for JWK injection via jwk header
• Test JWT for JKU header pointing to attacker-controlled JWK
• Test JWT for X5U header pointing to attacker certificate
• Test JWT for kid parameter path traversal
• Test JWT for kid parameter SQL injection
• Test JWT for kid parameter command injection
• Test JWT for empty signature bypass
• Test JWT for signature truncation attack
• Test JWT for claim manipulation without verification
• Test JWT for exp claim bypass with negative values
• Test JWT for nbf claim manipulation
• Test JWT for iat claim manipulation
• Test JWT for audience (aud) claim bypass
• Test JWT for issuer (iss) claim spoofing
• Test JWT for subject (sub) claim swapping
• Test JWT for JTI claim collision and replay
• Test JWT for nested JWT exploitation
• Test JWT for encryption algorithm downgrade (JWE)

🌐

Microservices & API Gateway

15 checks

0/15

• Test for service discovery endpoint exposure (Eureka, Consul)
• Test for API gateway authentication bypass
• Test for internal service direct access bypassing gateway
• Test for service mesh security (Istio, Linkerd)
• Test for inter-service communication encryption
• Test for service-to-service authentication (mTLS)
• Test for API gateway rate limiting bypass
• Test for API gateway request transformation exploitation
• Test for backend server information disclosure via gateway errors
• Test for internal service port exposure through misconfigured gateway
• Test for service registry manipulation and spoofing
• Test for circuit breaker security bypass
• Test for health check endpoint information disclosure
• Test for distributed tracing header injection (X-B3-TraceId)
• Test for API gateway CORS configuration misconfiguration

🌐

Server-Side Include (SSI) Injection

10 checks

0/10

• Test for SSI injection with
• Test for SSI injection with
• Test for SSI injection with
• Test for SSI injection in file upload with .shtml extension
• Test for SSI injection in user-generated content
• Test for SSI injection in error pages
• Test for SSI injection in search results
• Test for SSI injection in email templates
• Test for SSI injection with directives
• Test for SSI injection with directives

🌐

WebSocket Deep Testing

15 checks

0/15

• Test WebSocket handshake for missing authentication
• Test WebSocket for cross-site WebSocket hijacking (CSWSH)
• Test WebSocket for message format manipulation (JSON injection)
• Test WebSocket for message boundary attacks
• Test WebSocket for compression-based attacks (PERMESSAGE-DEFLATE)
• Test WebSocket for extension negotiation attacks
• Test WebSocket for connection limit bypass
• Test WebSocket for ping/pong abuse for keepalive bypass
• Test WebSocket for fragmentation-based attacks
• Test WebSocket for binary message handling vulnerabilities
• Test WebSocket for max message size bypass
• Test WebSocket for subscription/channel access control
• Test WebSocket for race condition in message handling
• Test WebSocket for token refresh in long-lived connections
• Test WebSocket for data exfiltration via binary frames

🌐

GraphQL Deep Testing

15 checks

0/15

• Test GraphQL for field-level authorization bypass
• Test GraphQL for query complexity DoS attack
• Test GraphQL for alias-based rate limit bypass
• Test GraphQL for batch query abuse
• Test GraphQL for mutation authorization enforcement
• Test GraphQL for subscription resource exhaustion
• Test GraphQL for injection in custom scalar types
• Test GraphQL for directive-based access control bypass
• Test GraphQL for fragment spread abuse for data access
• Test GraphQL for __type introspection information disclosure
• Test GraphQL for query plan caching exploitation
• Test GraphQL for Apollo federation security issues
• Test GraphQL for relay-style connection manipulation
• Test GraphQL for file upload mutation security
• Test GraphQL for custom resolver vulnerability exploitation

🔌

API Rate Limiting & Throttling

20 checks

0/20

• Test for missing rate limiting on authentication endpoints
• Test for missing rate limiting on password reset
• Test for missing rate limiting on registration
• Test for missing rate limiting on 2FA verification
• Test for rate limit bypass via X-Forwarded-For header
• Test for rate limit bypass via IP rotation
• Test for rate limit bypass via different API versions
• Test for rate limit bypass via HTTP method variation
• Test for rate limit bypass via API key rotation
• Test for rate limit bypass via distributed requests
• Test for rate limit bypass via IPv6 addresses
• Test for rate limit bypass via different User-Agent
• Test for rate limit bypass via case variation in paths
• Test for rate limit bypass via URL encoding tricks
• Test for rate limit bypass via null byte in endpoint
• Test for rate limiting on GraphQL batch queries
• Test for rate limiting on file upload endpoints
• Test for rate limiting on search/filter endpoints
• Test for rate limiting on notification/subscription endpoints
• Test for rate limiting on data export endpoints

🔌

API Data Exposure & BOLA

20 checks

0/20

• Test for Broken Object Level Authorization (BOLA) in API
• Test for excessive data exposure in API response objects
• Test for mass assignment via API JSON body parameters
• Test for API response containing unnecessary PII data
• Test for API response with internal IDs and references
• Test for API response with other users data leakage
• Test for API field filtering bypass (fields parameter)
• Test for API expand/embed parameter for data access
• Test for API include parameter for related data access
• Test for API sort parameter for data enumeration
• Test for API filter parameter for data extraction
• Test for API search parameter for information disclosure
• Test for API pagination bypass for complete data extraction
• Test for API cursor pagination manipulation
• Test for API offset/limit pagination for data access
• Test for API projection bypass in MongoDB-backed APIs
• Test for API population bypass in Mongoose-backed APIs
• Test for API select bypass in SQLAlchemy-backed APIs
• Test for API prefetch bypass in Django-backed APIs
• Test for API deep linking for unauthorized resource access

🔌

Webhook Security

10 checks

0/10

• Test for SSRF via webhook URL configuration
• Test for webhook signature verification bypass
• Test for webhook replay attack prevention
• Test for webhook URL validation and restrictions
• Test for webhook secret exposure in API response
• Test for webhook delivery to internal network
• Test for webhook timing attack on signature verification
• Test for webhook URL redirect following behavior
• Test for webhook content-type handling security
• Test for webhook event subscription abuse

🔌

API Key & Token Security

15 checks

0/15

• Test for API key in URL query string exposure
• Test for API key in HTTP Referer header leakage
• Test for API key in server logs and access logs
• Test for API key without expiration or rotation mechanism
• Test for API key with excessive permissions
• Test for API key sharing between multiple applications
• Test for API key regeneration and revocation process
• Test for API key storage security (encryption at rest)
• Test for bearer token without expiration
• Test for refresh token rotation and security
• Test for token binding implementation (DPoP, mTLS)
• Test for token scope limitation and enforcement
• Test for token revocation on logout and password change
• Test for token storage in insecure locations
• Test for token transmission over unencrypted channel

🔌

API Content-Type & Encoding

10 checks

0/10

• Test for content-type switching attack (JSON to XML)
• Test for content-type switching attack (JSON to form-data)
• Test for API response content negotiation manipulation
• Test for API compression bomb (gzip decompression bomb)
• Test for API XML content-type XXE injection
• Test for API YAML content-type deserialization
• Test for API MessagePack serialization attacks
• Test for API Protocol Buffers (protobuf) security
• Test for API CBOR encoding security issues
• Test for API multipart content-type boundary injection

🤖

Android WebView Deep Testing

20 checks

0/20

• Test for JavaScript interface exposure via addJavascriptInterface
• Test for WebView file:// scheme access for local file theft
• Test for WebView content:// scheme access for data theft
• Test for WebView intent:// scheme for activity launch
• Test for WebView setSavePassword enabled (credential saving)
• Test for WebView setSaveFormData enabled (form data saving)
• Test for WebView mixed content mode allowance
• Test for WebView geolocation permission prompt bypass
• Test for WebView camera/microphone permission bypass
• Test for WebView setAllowUniversalAccessFromFileURLs
• Test for WebView setAllowFileAccessFromFileURLs
• Test for WebView database storage security
• Test for WebView DOM storage security
• Test for WebView cache directory data leakage
• Test for WebView SSL error handler bypass (proceed on error)
• Test for WebView URL override via shouldOverrideUrlLoading
• Test for WebView certificate pinning bypass
• Test for WebView deep link handling security
• Test for WebView postMessage security
• Test for WebView request interception security

🤖

Android Cryptography Testing

20 checks

0/20

• Check for use of ECB mode in symmetric encryption
• Check for hardcoded cryptographic keys in source code
• Check for weak key derivation (PBKDF1, low iteration PBKDF2)
• Check for IV reuse in CBC mode encryption
• Check for use of MD5/SHA1 for integrity verification
• Check for insecure random number generation (java.util.Random)
• Check for use of SecureRandom with predictable seed
• Check for custom cryptographic implementation instead of standard
• Check for key stored in SharedPreferences without encryption
• Check for certificate pinning bypass via TrustManager
• Check for SSL context using custom TrustManager
• Check for use of Android Keystore for key storage
• Check for KeyGenParameterSpec configuration security
• Check for biometric authentication crypto object security
• Check for AES key size (should be 256-bit)
• Check for RSA key size (should be 2048+ bit)
• Check for padding oracle vulnerability in decryption
• Check for key export from Android Keystore
• Check for key usage authorization requirements
• Check for hardware-backed key storage utilization

🤖

Android Network Deep Testing

15 checks

0/15

• Test for cleartext traffic allowed in network security config
• Test for certificate pinning via OkHttp CertificatePinner
• Test for certificate pinning via TrustManager implementation
• Test for network security config domain-specific rules
• Test for debug-only certificate pinning bypass
• Test for custom hostname verifier bypass
• Test for proxy detection and SSL interception resistance
• Test for WebSocket connection security (wss vs ws)
• Test for server certificate validation completeness
• Test for certificate chain validation and ordering
• Test for OCSP stapling and CRL check implementation
• Test for TLS 1.3 support and fallback to TLS 1.2
• Test for session ticket encryption key rotation
• Test for ALPN protocol negotiation security
• Test for SNI (Server Name Indication) handling security

🤖

Android Intent Deep Testing

15 checks

0/15

• Test for implicit intent interception by malicious apps
• Test for explicit intent to exported components without permission
• Test for intent extras manipulation and injection
• Test for intent data URI handling security
• Test for intent type/MIME type manipulation
• Test for intent category manipulation
• Test for intent flags for privilege escalation
• Test for deep link parameter injection
• Test for custom scheme URL hijacking
• Test for intent redirection via parcelable extras
• Test for broadcast intent information disclosure
• Test for sticky broadcast data leakage
• Test for local broadcast vs global broadcast security
• Test for ordered broadcast priority manipulation
• Test for broadcast receiver permission enforcement

🤖

Android Biometric Security

10 checks

0/10

• Test for biometric authentication bypass via Frida hooking
• Test for crypto object authentication vs simple authentication
• Test for biometric fallback to weak authentication (PIN)
• Test for biometric prompt cancellation bypass
• Test for biometric enrollment change detection
• Test for biometric authenticator strength requirement
• Test for BiometricPrompt vs deprecated FingerprintManager
• Test for biometric key invalidation on enrollment change
• Test for biometric authentication timeout and re-auth
• Test for biometric authentication on rooted device

🤖

Android Firebase & Cloud

15 checks

0/15

• Test for Firebase Realtime Database without authentication rules
• Test for Firebase Firestore without security rules
• Test for Firebase Storage without access control rules
• Test for Firebase Cloud Messaging security
• Test for Firebase Authentication configuration security
• Test for Firebase Remote Config manipulation
• Test for Firebase Analytics data leakage
• Test for Firebase Crashlytics sensitive data in reports
• Test for Firebase Performance Monitoring data exposure
• Test for Firebase Cloud Functions unauthorized access
• Test for google-services.json exposure and abuse
• Test for Firebase project enumeration and access
• Test for Firebase database URL guessing
• Test for Firebase rules playground exploitation
• Test for Firebase App Check implementation

🍏

iOS URL Scheme Deep Testing

15 checks

0/15

• Test for custom URL scheme hijacking by malicious apps
• Test for URL scheme parameter injection and manipulation
• Test for URL scheme deep link to internal feature access
• Test for universal links verification bypass
• Test for apple-app-site-association file security
• Test for URL scheme callback data leakage
• Test for URL scheme authentication bypass
• Test for URL scheme to internal API endpoint access
• Test for URL scheme JavaScript execution in WebView
• Test for URL scheme file access vulnerability
• Test for URL scheme SQL injection in parameters
• Test for URL scheme path traversal in parameters
• Test for URL scheme XSS via parameter reflection
• Test for URL scheme open redirect vulnerability
• Test for URL scheme denial of service via malformed URLs

🍏

iOS Keychain Deep Testing

10 checks

0/10

• Test for Keychain items with kSecAttrAccessibleAlways
• Test for Keychain items with kSecAttrAccessibleAfterFirstUnlock
• Test for Keychain items without kSecAttrAccessControl
• Test for Keychain access group sharing between apps
• Test for Keychain item protection level appropriateness
• Test for Keychain data extraction on jailbroken device
• Test for Keychain data persistence after app deletion
• Test for Keychain biometric access control implementation
• Test for Keychain item migration between devices
• Test for Keychain item backup inclusion in iTunes/Finder

🍏

iOS Privacy & Permissions

15 checks

0/15

• Test for camera access without proper permission request
• Test for microphone access without proper permission request
• Test for location access with improper usage description
• Test for contacts access without legitimate need
• Test for photos access without proper authorization
• Test for calendar access without proper justification
• Test for reminder access without proper justification
• Test for health kit data access security
• Test for home kit data access security
• Test for motion and fitness data access security
• Test for Siri data access and intent handling security
• Test for Bluetooth access and data leakage
• Test for local network access permission security
• Test for tracking permission (App Tracking Transparency)
• Test for focus and Do Not Disturb access security

🍏

iOS Network Deep Testing

15 checks

0/15

• Test for ATS (App Transport Security) exception domains
• Test for NSAllowsArbitraryLoads in Info.plist
• Test for NSAllowsLocalNetworking in Info.plist
• Test for certificate pinning implementation (AFNetworking/Alamofire)
• Test for SSL/TLS protocol version enforcement
• Test for custom URL session delegate security
• Test for URLCredentialStorage security
• Test for cookie handling security in URLSession
• Test for WebSocket connection security
• Test for proxy configuration security
• Test for network extension security (VPN, content filter)
• Test for DNS resolution security and DNS over HTTPS
• Test for multipart form upload security
• Test for background URL session security
• Test for server trust evaluation customization

🍏

iOS App Extensions

15 checks

0/15

• Test for Share extension data handling security
• Test for Today widget data access security
• Test for custom keyboard extension data leakage
• Test for Photo editing extension data access
• Test for Document provider extension security
• Test for Action extension data handling
• Test for File provider extension security
• Test for Audio unit extension security
• Test for Broadcast upload extension security
• Test for Call directory extension security
• Test for Intents extension (Siri) security
• Test for Message filter extension security
• Test for Network extension security
• Test for Notification content extension security
• Test for Sticker pack extension security

🍏

iOS Data Protection

10 checks

0/10

• Test for NSFileProtectionComplete on sensitive files
• Test for NSFileProtectionCompleteUnlessOpen on files
• Test for NSFileProtectionCompleteUntilFirstUserAuthentication
• Test for NSFileProtectionNone on sensitive data
• Test for Data Protection class verification on device
• Test for file protection after device lock
• Test for data protection on backup data
• Test for data protection on cached data
• Test for data protection on temporary files
• Test for data protection on SQLite WAL files

🖥️

.NET Application Security

15 checks

0/15

• Test for ViewState deserialization with known machine keys
• Test for BinaryFormatter deserialization vulnerabilities
• Test for LosFormatter deserialization exploitation
• Test for ObjectStateFormatter deserialization issues
• Test for .NET remoting security and access control
• Test for WCF service security and binding configuration
• Test for ASP.NET tracing and debug page exposure
• Test for Elmah error log exposure
• Test for ASP.NET custom errors information disclosure
• Test for machine key validation and decryption security
• Test for .NET assembly loading security (DLL side-loading)
• Test for reflection-based access control bypass
• Test for CAS (Code Access Security) bypass
• Test for .NET regex denial of service (ReDoS)
• Test for XML serialization vulnerabilities

🖥️

Windows-Specific Security

15 checks

0/15

• Test for UAC (User Account Control) bypass mechanisms
• Test for token privilege escalation via SeImpersonatePrivilege
• Test for named pipe impersonation attacks
• Test for COM object hijacking for persistence
• Test for Windows registry security and ACL verification
• Test for Windows Event Log security and integrity
• Test for Windows Defender exclusion path manipulation
• Test for Windows scheduled task creation and modification
• Test for Windows service binary path manipulation
• Test for Windows service recovery options exploitation
• Test for BITS job persistence and data exfiltration
• Test for WMI event subscription persistence
• Test for PowerShell execution policy bypass
• Test for AMSI (Anti-Malware Scan Interface) bypass
• Test for Windows Defender Application Control bypass

🖥️

Linux Thick Client Security

15 checks

0/15

• Test for SUID/SGID binary exploitation
• Test for sudo misconfiguration and privilege escalation
• Test for cron job security and file permission issues
• Test for world-writable files in system directories
• Test for .bashrc/.profile manipulation for persistence
• Test for LD_PRELOAD library injection
• Test for LD_LIBRARY_PATH manipulation attacks
• Test for /etc/ld.so.preload injection
• Test for Linux capability exploitation (cap_setuid, cap_dac_override)
• Test for NFS no_root_squash misconfiguration
• Test for Docker group privilege escalation
• Test for kernel exploit surface assessment
• Test for /proc filesystem information leakage
• Test for D-Bus service security and access control
• Test for systemd service security and manipulation

🖥️

Database Client Security

10 checks

0/10

• Test for hardcoded database credentials in thick client
• Test for database connection string exposure
• Test for SQL injection in client-side query building
• Test for database authentication bypass via client manipulation
• Test for stored procedure execution abuse
• Test for database privilege escalation via client
• Test for data exfiltration via database client
• Test for database backup and restore security
• Test for database connection pooling security
• Test for ORM (Object-Relational Mapping) injection

🖥️

API & Microservices Client

10 checks

0/10

• Test for API token storage security in thick client
• Test for API endpoint discovery in client binary
• Test for API key rotation mechanism in client
• Test for API request signing implementation
• Test for certificate pinning in thick client API calls
• Test for OAuth flow security in thick client
• Test for API response caching security
• Test for offline mode data security and synchronization
• Test for WebSocket connection security in client
• Test for gRPC channel security and authentication

🌐

HTTP/2 Security

50 checks

0/50

• Test for HTTP/2 connection coalescing abuse across different origins
• Check if HPACK compression leaks information via side-channel timing attacks
• Test for HTTP/2 multiplexing abuse to bypass rate limiting controls
• Verify if HTTP/2 stream prioritization can be manipulated to cause DoS
• Test for HTTP/2 CONTINUATION frame flood vulnerability
• Check if the server properly validates HTTP/2 pseudo-headers (:method, :path, :scheme, :authority)
• Test for HTTP/2 DATA frame padding oracle information disclosure
• Verify if HTTP/2 SETTINGS frame can be abused for resource exhaustion
• Test for HTTP/2 PING frame flood denial of service
• Check if HTTP/2 PUSH promises can inject content into browser cache
• Test for HTTP/2 stream dependency cycles causing server CPU exhaustion
• Verify if HTTP/2 header list size limits are properly enforced
• Test for HTTP/2 connection preface injection attacks
• Check if HTTP/2 WINDOW_UPDATE frames can be abused for flow control bypass
• Test for HTTP/2 GOAWAY frame handling causing connection state corruption
• Verify if HTTP/2 RST_STREAM flood can cause server resource exhaustion
• Test for HTTP/2 ALTSVC frame abuse for protocol downgrade attacks
• Check if HTTP/2 origin frame allows unauthorized cross-origin access
• Test for HTTP/2 cleartext (h2c) upgrade smuggling
• Verify if HTTP/2 connection reuse across different backend services causes auth bypass
• Test for HTTP/2 header compression ratio revealing sensitive data patterns
• Check if HTTP/2 dynamic table size update can force information leakage
• Test for HTTP/2 request smuggling via content-length and transfer-encoding discrepancies
• Verify if HTTP/2 stream concurrency limits are properly enforced
• Test for HTTP/2 HPACK bomb causing memory exhaustion on the server
• Check if HTTP/2 response splitting is possible via crafted header values
• Test for HTTP/2 allowing downgrade to HTTP/1.1 with security feature loss
• Verify if HTTP/2 ALPN negotiation can be manipulated during TLS handshake
• Test for HTTP/2 cache poisoning via manipulated :path pseudo-header
• Check if HTTP/2 request smuggling via CRLF in :path is possible
• Test for HTTP/2 priority inversion attacks causing starvation
• Verify if HTTP/2 max concurrent streams limit prevents resource exhaustion
• Test for HTTP/2 adaptive window attacks draining server memory
• Check if HTTP/2 header field segment size can cause integer overflow
• Test for HTTP/2 denial of service via empty SETTINGS frames
• Verify if HTTP/2 CONNECT method allows proxy tunneling to internal services
• Test for HTTP/2 cross-protocol request smuggling between h2 and h1 backends
• Check if HTTP/2 stream identifier reuse is properly rejected
• Test for HTTP/2 flow control window manipulation causing deadlock
• Verify if HTTP/2 server properly handles malformed HPACK indexed headers
• Test for HTTP/2 denial of service via excessive PRIORITY frames
• Check if HTTP/2 allows smuggling via duplicate pseudo-headers
• Test for HTTP/2 dependency-based DoS using deeply nested priority trees
• Verify if HTTP/2 connection-level flow control prevents memory exhaustion
• Test for HTTP/2 intermediary confusion via case-sensitive header names
• Check if HTTP/2 allows request splitting via null bytes in headers
• Test for HTTP/2 server push abuse to poison browser cache with malicious resources
• Verify if HTTP/2 max header list size is enforced before full decompression
• Test for HTTP/2 protocol downgrade attacks enabling TLS stripping
• Check if HTTP/2 unknown extension frames are safely ignored without processing

🌐

Service Worker Security

50 checks

0/50

• Test if service worker registration is restricted to same-origin scripts
• Check if service worker scope can be escalated beyond intended directory
• Test for service worker hijacking via XSS in the registration script URL
• Verify if Service-Worker-Allowed header prevents scope escalation
• Test if unregistered service workers persist after application logout
• Check if service worker can intercept and modify authentication requests
• Test for service worker cache poisoning via man-in-the-middle attacks
• Verify if service worker update mechanism can be blocked to serve stale code
• Test if service worker fetch handler leaks cross-origin information
• Check if service worker can read and exfiltrate POST request bodies
• Test for service worker importScripts loading malicious external code
• Verify if service worker navigate handler can redirect users to phishing pages
• Test if service worker can bypass CSRF protections by intercepting requests
• Check if service worker can access and modify IndexedDB data without restrictions
• Test for service worker persistence across browser profile changes
• Verify if service worker can be registered on shared/public devices for surveillance
• Test if service worker push event handler leaks subscription data
• Check if service worker sync event can be abused for persistent connections
• Test for service worker background sync enabling unauthorized data exfiltration
• Verify if service worker can intercept and cache sensitive API responses
• Test if service worker claim() method can take over existing clients unexpectedly
• Check if service worker skipWaiting() bypasses version control of updates
• Test for service worker registration bomb registering excessive workers
• Verify if service worker can modify response headers to weaken security policies
• Test if service worker can strip Content-Security-Policy from intercepted responses
• Check if service worker can inject malicious scripts into cached pages
• Test for service worker cross-origin resource caching violations
• Verify if service worker Cache API allows enumeration of cached URLs
• Test if service worker can be used to perform timing attacks on cross-origin resources
• Check if service worker can bypass Subresource Integrity checks on cached scripts
• Test for service worker notification permission abuse for phishing
• Verify if service worker can manipulate payment request API transactions
• Test if service worker can intercept WebAuthn authentication requests
• Check if service worker can access credential management API data
• Test for service worker causing persistent XSS via cache poisoning
• Verify if service worker can be abused to bypass browser same-origin policy
• Test if service worker can perform persistent tracking across site visits
• Check if service worker can modify Service-Worker header in responses
• Test for service worker registration on insecure HTTP origins
• Verify if service worker can be used to maintain access after session termination
• Test if service worker can intercept and modify WebSocket connections
• Check if service worker can access cookie data through intercepted requests
• Test for service worker bypassing Referrer-Policy restrictions
• Verify if service worker can manipulate CORS preflight responses
• Test if service worker can create opaque responses that bypass security checks
• Check if service worker can abuse NavigationPreload to leak response data
• Test for service worker storing sensitive credentials in Cache API
• Verify if service worker can be used to perform distributed denial of service
• Test if service worker can modify the response to include keyloggers
• Check if service worker can be used to perform persistent man-in-the-middle within browser

🌐

Web Storage Security

50 checks

0/50

• Test if sensitive authentication tokens are stored in localStorage without encryption
• Check if sessionStorage data persists across tab duplication scenarios
• Test for localStorage data leakage via XSS vulnerabilities
• Verify if IndexedDB stores contain unencrypted sensitive user data
• Test if localStorage can be read by malicious browser extensions
• Check if sessionStorage data is accessible to iframes on the same origin
• Test for cross-origin access to localStorage via prototype pollution
• Verify if IndexedDB object stores enforce proper access controls
• Test if localStorage exceeds quota limits causing denial of service
• Check if sensitive data in sessionStorage survives page redirects
• Test for localStorage manipulation via developer tools on shared devices
• Verify if IndexedDB transactions can be intercepted by service workers
• Test if localStorage values are properly sanitized before rendering in DOM
• Check if sessionStorage is cleared upon browser crash recovery
• Test for IndexedDB database name enumeration revealing application structure
• Verify if localStorage data can be exfiltrated via DNS rebinding
• Test if sessionStorage data leaks between same-origin subdomains
• Check if IndexedDB cursor-based reads can cause performance degradation
• Test for localStorage injection via DOM clobbering attacks
• Verify if web storage data is accessible to shadow DOM elements
• Test if localStorage can be abused for persistent tracking without consent
• Check if IndexedDB blob data can be used to store malicious payloads
• Test for sessionStorage data leakage via window.name property
• Verify if localStorage event notifications leak data across tabs
• Test if IndexedDB schema migration can corrupt existing security controls
• Check if localStorage JSON parsing errors can cause application crash
• Test for web storage data surviving browser clear cache operations
• Verify if IndexedDB version change transactions can cause data loss
• Test if localStorage key enumeration reveals application feature flags
• Check if sessionStorage is properly isolated in private browsing mode
• Test for IndexedDB cross-database transaction vulnerabilities
• Verify if localStorage can be used to store and execute malicious scripts
• Test if web storage data is included in browser backup and sync features
• Check if IndexedDB compaction can be triggered for timing side-channel attacks
• Test for localStorage injection via postMessage API
• Verify if sessionStorage is properly cleared on user logout
• Test if IndexedDB can be used to persist malware payloads in browser
• Check if localStorage quota exhaustion affects other same-origin applications
• Test for web storage data leakage via browser history sniffing
• Verify if IndexedDB read operations can be timed to leak data sizes
• Test if localStorage values are validated before use in eval() or Function()
• Check if sessionStorage data leaks through browser extension APIs
• Test for IndexedDB data corruption via concurrent access from multiple tabs
• Verify if localStorage can be cleared by malicious content in same origin
• Test if web storage is used to store encryption keys without proper protection
• Check if IndexedDB auto-increment keys can be predicted for IDOR attacks
• Test for localStorage abuse in CSRF token storage and validation
• Verify if sessionStorage data is accessible to Web Workers on same origin
• Test if IndexedDB structured clone algorithm can be abused for prototype pollution
• Check if web storage data can be extracted via forensic analysis of browser profiles

🌐

CSP Testing

50 checks

0/50

• Test if Content-Security-Policy header is present on all responses
• Check if CSP default-src directive falls back to unsafe behavior
• Test for CSP bypass via script-src 'unsafe-inline' directive
• Verify if CSP script-src 'unsafe-eval' allows code injection
• Test for CSP bypass using data: URI scheme in script-src
• Check if CSP allows base-uri manipulation for script hijacking
• Test for CSP bypass via JSONP endpoints in allowed domains
• Verify if CSP frame-ancestors directive properly prevents clickjacking
• Test for CSP bypass using angularjs expressions in allowed scripts
• Check if CSP report-uri endpoint is properly secured against SSRF
• Test for CSP bypass via script gadgets in whitelisted JavaScript libraries
• Verify if CSP object-src directive blocks Flash/Silverlight injection
• Test for CSP bypass using nonce reuse across different pages
• Check if CSP connect-src directive properly restricts WebSocket connections
• Test for CSP bypass via DNS rebinding to whitelisted domains
• Verify if CSP img-src directive prevents data exfiltration via image tags
• Test for CSP bypass using SVG file execution in img-src context
• Check if CSP style-src 'unsafe-inline' allows CSS-based data exfiltration
• Test for CSP bypass via link rel=preload with as=script
• Verify if CSP form-action directive prevents form submission to malicious sites
• Test for CSP bypass using meta tag injection to replace policy
• Check if CSP worker-src directive restricts service worker registration
• Test for CSP bypass via iframe srcdoc with embedded scripts
• Verify if CSP navigate-to directive properly restricts navigation targets
• Test for CSP bypass using import() dynamic module loading
• Check if CSP script-src hash does not change with code modifications
• Test for CSP bypass via open redirect on whitelisted domain
• Verify if CSP manifest-src restricts web app manifest injection
• Test for CSP bypass using eval() in whitelisted script context
• Check if CSP requires-trusted-types directive prevents DOM XSS
• Test for CSP bypass via prototype pollution of trusted types policies
• Verify if CSP media-src directive prevents malicious video/audio loading
• Test for CSP bypass using font-face with external URL in style-src
• Check if CSP disposes of policies correctly when multiple headers are present
• Test for CSP bypass via fallback to missing directive in default-src
• Verify if CSP sandbox directive properly restricts iframe capabilities
• Test for CSP bypass using XSLT execution in allowed XML context
• Check if CSP report-only mode is used instead of enforcing mode
• Test for CSP bypass via trustworthy origin misconfiguration
• Verify if CSP properly handles multiple Content-Security-Policy headers
• Test for CSP bypass using webassembly execution in script context
• Check if CSP upgrade-insecure-requests directive forces HTTPS properly
• Test for CSP bypass via blob: URI scheme in worker-src
• Verify if CSP block-all-mixed-content directive prevents HTTP resources
• Test for CSP bypass using refresh header with JavaScript URL
• Check if CSP properly validates nonces against replay attacks
• Test for CSP bypass using whitelisted CDN with arbitrary script upload
• Verify if CSP hash-based script allowlist handles inline event handlers
• Test for CSP bypass using HTTP to HTTPS redirect stripping CSP header
• Check if CSP is enforced on error pages and 404 responses

🌐

Cookie Security Deep

50 checks

0/50

• Test if session cookies have the Secure flag set properly
• Check if sensitive cookies use the HttpOnly flag to prevent JavaScript access
• Test if cookies have appropriate SameSite attribute configured
• Verify if session cookies use unpredictable random values
• Test for cookie fixation vulnerability allowing attacker-set session IDs
• Check if cookies are scoped to the minimal necessary path
• Test for cookie tossing attack via subdomain cookie overwrite
• Verify if session cookies are properly invalidated on logout
• Test for cookie overflow attacks exceeding browser size limits
• Check if __Host- prefix is used for security-critical cookies
• Test for cookie injection via CRLF in Set-Cookie header values
• Verify if __Secure- prefix is used for HTTPS-only cookies
• Test for session cookie prediction via insufficient entropy
• Check if cookies are accessible across different ports on same host
• Test for cookie force-expiry bypass using client clock manipulation
• Verify if cookie values are encrypted to prevent tampering
• Test for cookie-based user enumeration via different error messages
• Check if sensitive data is stored in cookies without proper encryption
• Test for cookie-based deserialization attacks on server-side parsing
• Verify if cookie Domain attribute is set to most restrictive value
• Test for race condition in cookie-based session validation
• Check if cookie Path attribute prevents access from unintended paths
• Test for cookie leakage via Referer header on cross-origin requests
• Verify if cookie rotation occurs after successful authentication
• Test for session cookie reuse after password change
• Check if cookies are properly scoped to prevent subdomain access
• Test for JSON cookie parsing vulnerabilities on server side
• Verify if cookie Max-Age and Expires attributes are set consistently
• Test for cookie-based blind SQL injection in tracking parameters
• Check if third-party cookies are properly isolated from first-party context
• Test for cookie-based CSRF via missing SameSite attribute
• Verify if cookie signing prevents parameter tampering
• Test for cookie-based timing attacks on HMAC verification
• Check if zombie cookies persist via Flash or HTML5 storage fallbacks
• Test for evercookie techniques combining multiple storage mechanisms
• Verify if cookie-based load balancing discloses internal server IPs
• Test for cookie injection via XSS document.cookie manipulation
• Check if cookie-based feature flags can be tampered for privilege escalation
• Test for session fixation via cookie set in URL parameter
• Verify if cookie consent preferences are properly enforced
• Test for cookie shadowing attack using different casing in name
• Check if cookie-based authentication tokens have proper expiration
• Test for cookie-based IDOR by modifying user identifier in cookie
• Verify if double-submit cookie CSRF pattern uses proper validation
• Test for cookie-based OAuth token leakage to subdomains
• Check if cookies are set with proper flags on error pages
• Test for cookie manipulation via proxy response injection
• Verify if session cookies are bound to client IP address
• Test for cookie-based session puzzle attack combining multiple cookies
• Check if sensitive operations require re-authentication beyond cookie validation

🌐

Auth Bypass Techniques

50 checks

0/50

• Test for authentication bypass via HTTP method tampering (GET vs POST)
• Check if forced browsing to authenticated endpoints bypasses login
• Test for authentication bypass via URL path manipulation (adding /%2e or /..)
• Verify if JWT token algorithm can be changed from RS256 to none
• Test for authentication bypass via parameter pollution in login request
• Check if removing auth token from request still returns protected data
• Test for authentication bypass via custom header injection (X-Forwarded-For)
• Verify if password reset token can be reused after consumption
• Test for authentication bypass via JSON content-type switching
• Check if admin panel is accessible without authentication via direct IP access
• Test for 2FA bypass by skipping the verification step in the flow
• Verify if session tokens remain valid after account deletion
• Test for authentication bypass via GraphQL introspection on auth endpoints
• Check if rate limiting is enforced on authentication endpoints
• Test for authentication bypass via negative session values or empty strings
• Verify if OAuth state parameter is properly validated
• Test for authentication bypass via token replay across different accounts
• Check if LDAP injection can bypass authentication queries
• Test for authentication bypass via response manipulation in mobile API
• Verify if password change requires current password confirmation
• Test for authentication bypass via wildcard certificates on subdomains
• Check if SAML assertion can be modified without invalidating signature
• Test for authentication bypass via race condition in concurrent login
• Verify if account lockout can be bypassed by trying different usernames
• Test for authentication bypass via null byte injection in username field
• Check if API key in URL parameter allows authentication without session
• Test for authentication bypass via encoding tricks (double URL encoding)
• Verify if remember-me token can be used to bypass 2FA requirement
• Test for authentication bypass via modifying user role in JWT payload
• Check if registration flow allows privilege escalation via role parameter
• Test for authentication bypass via token expiration manipulation
• Verify if login endpoint accepts both JSON and form-data with different validation
• Test for authentication bypass via case manipulation of username or email
• Check if backup authentication codes can be brute-forced
• Test for authentication bypass via CORS misconfiguration on auth endpoints
• Verify if token refresh endpoint validates the original token properly
• Test for authentication bypass via server-side cache poisoning of auth pages
• Check if session identifier is exposed in URL parameters
• Test for authentication bypass via web socket connection without token
• Verify if API gateway authentication can be bypassed via direct backend access
• Test for authentication bypass via manipulating multipart boundary in login
• Check if OTP verification can be bypassed by providing null or zero values
• Test for authentication bypass via email parameter injection in reset flow
• Verify if login CSRF can force victim to authenticate as attacker
• Test for authentication bypass via switching between REST and SOAP endpoints
• Check if expired password reset links can be revived via token reuse
• Test for authentication bypass via Host header injection on auth endpoints
• Verify if multi-factor authentication can be bypassed via direct API access
• Test for authentication bypass via manipulating timestamp in auth request
• Check if authentication checks are consistent across HTTP and HTTPS

🌐

Subdomain Takeover

50 checks

0/50

• Test for subdomain takeover via dangling CNAME records pointing to decommissioned services
• Check if deleted AWS S3 bucket names can be re-registered for subdomain takeover
• Test for subdomain takeover via unclaimed GitHub Pages custom domains
• Verify if Heroku app subdomain takeover is possible after app deletion
• Test for subdomain takeover via unverified Shopify custom domains
• Check if dangling A records pointing to released cloud IPs can be claimed
• Test for subdomain takeover via unclaimed Azure Web App custom domains
• Verify if Ghost.io blog subdomain takeover is possible after site deletion
• Test for subdomain takeover via unregistered WordPress.com custom domains
• Check if Fastly CDN subdomain takeover is possible after service removal
• Test for subdomain takeover via unclaimed Pantheon custom domains
• Verify if Tumblr blog subdomain takeover works after blog deletion
• Test for subdomain takeover via abandoned Mailgun domain verification
• Check if CloudFront distribution subdomain takeover is possible after deletion
• Test for subdomain takeover via unclaimed Firebase hosting custom domains
• Verify if Desk.com subdomain takeover is possible after account closure
• Test for subdomain takeover via unclaimed Sendgrid domain authentication
• Check if Freshdesk subdomain takeover works after helpdesk deletion
• Test for subdomain takeover via abandoned Pagoda Box app domains
• Verify if GitLab Pages subdomain takeover is possible after project removal
• Test for subdomain takeover via NS records pointing to decommissioned DNS providers
• Check if MX records can be taken over for email subdomain hijacking
• Test for subdomain takeover via CNAME to AWS Elastic Beanstalk after environment termination
• Verify if Bitbucket subdomain takeover works after repository deletion
• Test for subdomain takeover via unclaimed Webflow custom domains
• Check if Unbounce subdomain takeover is possible after campaign deletion
• Test for subdomain takeover via abandoned Cargo Collective custom domains
• Verify if Statuspage subdomain takeover works after page deletion
• Test for subdomain takeover via dangling TXT records for domain verification
• Check if Readme.io subdomain takeover is possible after project removal
• Test for subdomain takeover via unclaimed Surge.sh custom domains
• Verify if Fly.io subdomain takeover works after app deletion
• Test for subdomain takeover via abandoned Netlify custom domains
• Check if Vercel subdomain takeover is possible after project removal
• Test for subdomain takeover via unclaimed Render custom domains
• Verify if Strikingly subdomain takeover works after site deletion
• Test for subdomain takeover via wildcard DNS records enabling broad subdomain claims
• Check if digital ocean app platform subdomain takeover is possible after app removal
• Test for subdomain takeover via CNAME to AWS API Gateway after stage deletion
• Verify if Intercom subdomain takeover works after workspace deletion
• Test for subdomain takeover via abandoned Help Scout custom domains
• Check if Shopify subdomain takeover works for myshopify.com domains
• Test for subdomain takeover via CNAME to Cloudflare Workers after route removal
• Verify if Zeit/Now subdomain takeover works after deployment deletion
• Test for subdomain takeover via abandoned Bing Webmaster verification records
• Check if Google Site verification records enable subdomain claims
• Test for subdomain takeover via dangling SRV records pointing to removed services
• Verify if CNAME chain resolution leads to eventual takeover target
• Test for subdomain takeover via ALIAS records at zone apex pointing to decommissioned services
• Check ifcaa records can be used to detect potential takeover targets

🌐

Cloud SSRF Deep

50 checks

0/50

• Test for AWS SSRF via IMDSv1 at http://169.254.169.254/latest/meta-data/
• Check if IMDSv2 is enforced requiring session token for metadata access
• Test for GCP SSRF via metadata endpoint at http://metadata.google.internal/
• Verify if AWS IAM credentials can be extracted via SSRF metadata access
• Test for Azure SSRF via metadata endpoint at http://169.254.169.254/metadata/
• Check if DigitalOcean metadata endpoint is accessible via SSRF
• Test for Oracle Cloud SSRF via http://169.254.169.254/opc/v1/instance/
• Verify if Alibaba Cloud metadata endpoint is accessible via SSRF
• Test for AWS SSRF bypass using IP address in decimal notation
• Check if SSRF can access cloud provider userdata scripts for secrets
• Test for SSRF via DNS rebinding to internal metadata endpoints
• Verify if AWS Lambda environment variables are accessible via SSRF
• Test for SSRF bypass using IPv6 address for metadata endpoints
• Check if GCP custom metadata can be accessed via SSRF with proper headers
• Test for SSRF via URL encoding bypass of metadata endpoint filters
• Verify if Azure managed identity tokens can be obtained via SSRF
• Test for SSRF bypass using redirect to metadata endpoint from external URL
• Check if AWS ECS task metadata is accessible via SSRF
• Test for SSRF via double URL encoding to bypass allowlist filters
• Verify if cloud provider temporary security credentials can be misused
• Test for SSRF bypass using @ symbol in URL authority component
• Check if Kubernetes service account token is accessible via SSRF at /var/run/secrets/
• Test for SSRF via fragmented URL scheme to bypass protocol restrictions
• Verify if AWS Security Token Service can be called via SSRF with obtained credentials
• Test for SSRF bypass using 0.0.0.0 or 127.0.0.1 instead of metadata IP
• Check if GCP instance identity documents can be extracted via SSRF
• Test for SSRF via file:// protocol to read local files and cloud configs
• Verify if Azure Key Vault secrets can be accessed via SSRF with managed identity
• Test for SSRF bypass using IPv6 mapped IPv4 address ::ffff:169.254.169.254
• Check if Docker API is accessible via SSRF at tcp://127.0.0.1:2375/
• Test for SSRF via gopher:// protocol to interact with internal services
• Verify if AWS S3 buckets are accessible via SSRF using internal endpoints
• Test for SSRF bypass using URL fragment to bypass allowlist validation
• Check if Consul API is accessible via SSRF for service discovery
• Test for SSRF via web hook URL injection to reach internal services
• Verify if Etcd service is accessible via SSRF for cluster configuration
• Test for SSRF bypass using HTTP header injection via CRLF in URL
• Check if Redis service is accessible via SSRF for data exfiltration
• Test for SSRF via PDF generator with embedded URLs pointing to metadata
• Verify if MongoDB is accessible via SSRF for database enumeration
• Test for SSRF via image import feature with URL pointing to internal service
• Check if memcached is accessible via SSRF for cache manipulation
• Test for SSRF bypass using DNS wildcard resolution to internal IPs
• Verify if AWS Elastic MapReduce internal endpoints are accessible via SSRF
• Test for SSRF via webhook with custom HTTP methods reaching internal APIs
• Check if Kubernetes API server is accessible via SSRF at https://kubernetes.default.svc/
• Test for SSRF bypass using compressed DNS resolution to metadata endpoints
• Verify if cloud provider instance attachment APIs can be called via SSRF
• Test for SSRF via SAML assertion consumer URL pointing to internal service
• Check if AWS Systems Manager Parameter Store is accessible via SSRF

🌐

Account Takeover

50 checks

0/50

• Test for account takeover via password reset token not expiring properly
• Check if password reset token is sent in URL and leaked via Referer header
• Test for account takeover via CSRF on email change functionality
• Verify if password reset link can be used multiple times
• Test for account takeover via brute-forcing 6-digit OTP codes
• Check if password reset email allows host header injection to redirect token
• Test for account takeover via manipulation of user ID in password reset request
• Verify if account enumeration is possible via forgot password flow
• Test for account takeover via OAuth token theft via redirect_uri manipulation
• Check if 2FA can be bypassed by reusing a previous session without 2FA
• Test for account takeover via response manipulation in login API
• Verify if email verification can be bypassed by modifying the verification link
• Test for account takeover via leaked session tokens in logs or URLs
• Check if account takeover is possible via IDOR in profile update endpoints
• Test for account takeover via manipulation of JWT kid parameter
• Verify if login credentials are transmitted over unencrypted connection
• Test for account takeover via password reset poisoning via X-Forwarded-Host
• Check if account merger allows taking over existing accounts with same email
• Test for account takeover via stored XSS stealing session cookies
• Verify if password policy allows weak passwords that can be brute-forced
• Test for account takeover via Facebook/Google OAuth misconfiguration
• Check if SMS-based 2FA codes can be intercepted via SIM swapping
• Test for account takeover via credential stuffing with leaked passwords
• Verify if password reset allows setting new password without current password
• Test for account takeover via session fixation after login
• Check if account deletion and re-registration allows username takeover
• Test for account takeover via manipulating email parameter in profile update
• Verify if backup codes for 2FA can be enumerated or predicted
• Test for account takeover via CORS misconfiguration exposing auth endpoints
• Check if authentication cookies are bound to insufficient session attributes
• Test for account takeover via HTTP request smuggling exposing auth tokens
• Verify if password reset token is predictable or derived from user data
• Test for account takeover via race condition in email verification flow
• Check if changing email requires verification of the new email address
• Test for account takeover via unicode normalization in email comparison
• Verify if social login allows account takeover via email claim manipulation
• Test for account takeover via DNS hijacking of email domain for password reset
• Check if session tokens are rotated after privilege escalation
• Test for account takeover via tabnabbing during authentication flow
• Verify if password reset allows unlimited attempts without rate limiting
• Test for account takeover via clickjacking on change password form
• Check if old sessions are invalidated after password change
• Test for account takeover via GraphQL mutation for email change without auth
• Verify if account recovery via security questions is susceptible to guessing
• Test for account takeover via manipulation of user UUID in API requests
• Check if login endpoint is vulnerable to timing attacks on username validation
• Test for account takeover via cache poisoning of authentication pages
• Verify if SAML assertion contains email that can be manipulated for different account
• Test for account takeover via password reset token leakage in browser history
• Check if multi-device sessions allow persistent access after password change

🌐

Security Headers

50 checks

0/50

• Test if X-Frame-Options header is present and properly configured
• Check if Content-Security-Policy header is present on all responses
• Verify if Strict-Transport-Security header includes includeSubDomains directive
• Test if X-Content-Type-Options header is set to nosniff
• Check if Referrer-Policy header prevents sensitive URL leakage in Referer
• Test if Permissions-Policy header restricts browser feature access
• Verify if X-XSS-Protection header is configured properly for older browsers
• Test if Cross-Origin-Opener-Policy header prevents cross-origin window access
• Check if Cross-Origin-Resource-Policy header prevents cross-origin resource theft
• Test if Cross-Origin-Embedder-Policy header restricts cross-origin resource loading
• Verify if Access-Control-Allow-Origin is not set to wildcard with credentials
• Test if Strict-Transport-Security max-age is set to sufficient duration
• Check if X-Frame-Options allows specific trusted origins safely
• Test if Cache-Control header prevents caching of sensitive responses
• Verify if Pragma: no-cache is set for backward compatibility on sensitive pages
• Test if Expires header is set to past date for dynamic content
• Check if X-Permitted-Cross-Domain-Policies header restricts Flash/PDF access
• Test if Content-Security-Policy report-uri is properly configured
• Verify if security headers are present on error pages and redirect responses
• Test if Clear-Site-Data header is used on logout responses
• Check if X-Download-Options header prevents automatic file execution in IE
• Test if X-Powered-By header is removed to prevent technology fingerprinting
• Verify if Server header is sanitized to prevent version disclosure
• Test if security headers survive through CDN and proxy layers
• Check if Expect-CT header is configured for Certificate Transparency enforcement
• Test if NEL header configuration does not leak information to third parties
• Verify if Feature-Policy (now Permissions-Policy) is properly updated
• Test if multiple header values are handled correctly without conflicts
• Check if security headers are applied to static assets appropriately
• Test if HSTS preload flag is set for inclusion in browser preload lists
• Verify if X-Frame-Options and CSP frame-ancestors are not conflicting
• Test if Cross-Origin-Opener-Policy allows proper OAuth popup flow
• Check if Content-Security-Policy-Report-Only is not used in production
• Test if Server header reveals detailed version information
• Verify if X-AspNet-Version header is removed from responses
• Test if X-Runtime header is removed to prevent timing information leakage
• Check if X-Request-ID header is used without exposing internal UUID patterns
• Test if Public-Key-Pins header is not used (deprecated but should be removed)
• Verify if Access-Control-Allow-Methods does not expose unnecessary HTTP methods
• Test if Access-Control-Allow-Headers does not expose sensitive custom headers
• Check if Access-Control-Max-Age is set to reasonable value for preflight caching
• Test if Content-Disposition header prevents inline rendering of downloads
• Verify if X-Content-Security-Policy header is present for Firefox compatibility
• Test if Strict-Transport-Security header is not set on HTTP responses
• Check if reporting endpoints in CSP are properly secured against abuse
• Test if Sec-CH-UA client hints are properly controlled via Permissions-Policy
• Verify if security headers are applied consistently across virtual hosts
• Test if COEP credentialless mode is properly configured
• Check if X-Forwarded-Proto is trusted for HSTS header inclusion decisions
• Verify if all security headers are applied to API JSON responses

🌐

WordPress Security

50 checks

0/50

• Test if WordPress version is disclosed in meta generator tag or RSS feed
• Check if wp-admin directory is accessible without IP restriction
• Test if wp-config.php backup files exist in web-accessible locations
• Verify if WordPress REST API is enabled and exposes user enumeration at /wp-json/wp/v2/users
• Test if xmlrpc.php is accessible and allows brute force amplification
• Check if wp-login.php has rate limiting to prevent credential brute force
• Test if default admin username 'admin' is still in use
• Verify if WordPress database prefix is changed from default wp_
• Test if wp-cron.php is accessible and can be used for DoS
• Check if directory listing is enabled on wp-content/uploads/
• Test if WordPress readme.html file is accessible revealing version
• Verify if debug mode is disabled (WP_DEBUG set to false)
• Test if wp-includes/js/tinymce/plugins is accessible without restriction
• Check if comment moderation is enabled to prevent spam and XSS
• Test if file editing in admin dashboard is disabled (DISALLOW_FILE_EDIT)
• Verify if WordPress salts and keys are unique and not default values
• Test if upload file types are restricted to prevent PHP file uploads
• Check if WordPress automatic updates are configured for security patches
• Test if user registration is disabled or properly restricted
• Verify if wp-content/debug.log is accessible via web browser
• Test if plugin directory exposes installed plugins via directory listing
• Check if WordPress version is disclosed in embedded CSS/JS file queries
• Test if wp-admin/install.php is accessible on existing installations
• Verify if database credentials in wp-config.php are properly secured
• Test if WordPress automatic update for plugins is enabled
• Check if wp-config.php can be downloaded via misconfigured server
• Test if author archives reveal usernames via /?author=1 parameter
• Verify if WordPress application passwords feature is properly restricted
• Test if vulnerable plugins can be identified via readme.txt in plugin directories
• Check if wp-signup.php is accessible on non-multisite installations
• Test if file upload in media library allows SVG with embedded JavaScript
• Verify if WordPress REST API is properly filtered to prevent data exposure
• Test if wp-comments-post.php allows comment spam without CSRF protection
• Check if wp-trackback.php is enabled and can be abused for DDoS
• Test if custom database error page reveals database structure information
• Verify if SALT values in wp-config.php are sufficiently random
• Test if theme editor allows modification of PHP files through admin panel
• Check if wp-content/backup-db/ directory is accessible with database dumps
• Test if OBJECT_CACHE and related constants expose caching configuration
• Verify if FORCE_SSL_ADMIN is set to enforce HTTPS on admin pages
• Test if WordPress siteurl and home options can be manipulated via unauthenticated API
• Check if wp-mail.php is accessible and can be used for email spam
• Test if plugin and theme update endpoints leak version information
• Verify if DISALLOW_FILE_MODS prevents unauthorized plugin installation
• Test if WordPress cron jobs can be triggered externally for resource exhaustion
• Check if wp-json/oembed endpoint exposes internal post structure
• Test if multisite user creation endpoints allow unauthorized access
• Verify if cookie values use proper WordPress salt for HMAC
• Test if wp-content/upgrade/ directory exposes upgrade files
• Check if HTTP headers on WordPress responses prevent information disclosure

🌐

Laravel Security

50 checks

0/50

• Test if APP_DEBUG is set to false in production environment
• Check if APP_KEY is properly generated and not left empty
• Verify if .env file is accessible via web browser
• Test if Laravel debug bar is disabled in production
• Check if mass assignment vulnerability exists in Eloquent models without $fillable/$guarded
• Test if raw SQL queries use parameterized bindings instead of string concatenation
• Verify if CSRF tokens are included in all state-changing form requests
• Test if blade templates properly escape output using {{ }} instead of {!! !!}
• Check if storage/logs/laravel.log is accessible via web browser
• Test if session driver is configured securely (not file driver on shared hosting)
• Verify if APP_ENV is set to production and not local
• Test if encryption algorithm uses AES-256-CBC with proper APP_KEY
• Check if password hashing uses bcrypt or argon2 instead of MD5/SHA1
• Test if middleware protects routes requiring authentication
• Verify if API tokens are stored hashed in the database
• Test if Laravel Passport/OAuth tokens have proper expiration and scopes
• Check if CORS configuration allows wildcard origin with credentials
• Test if file uploads validate MIME types and extensions properly
• Verify if job queues process data securely without exposing sensitive information
• Test if scheduled tasks are protected from unauthorized external invocation
• Check if Laravel telescope is disabled in production environment
• Test if database migrations do not contain hardcoded credentials
• Verify if cookie encryption is enabled for all cookie values
• Test if route model binding is used to prevent IDOR vulnerabilities
• Check if Laravel Sanctum tokens have proper abilities and expiration
• Test if signed URLs use proper HMAC verification for tamper resistance
• Verify if throttle middleware is applied to authentication endpoints
• Test if Laravel Horizon dashboard is secured with authentication
• Check if Nova admin panel is protected with proper authentication
• Test if event listeners do not expose sensitive data in logging
• Verify if cache keys are properly namespaced to prevent collision
• Test if validation rules properly sanitize input before processing
• Check if subdomain routing prevents cross-subdomain session access
• Test if Laravel Mix/Vite assets do not expose source maps in production
• Verify if database connections use encrypted connections where required
• Test if command scheduling does not expose artisan commands to web access
• Check if request size limits are configured to prevent DoS
• Test if __construct method in controllers does not bypass middleware
• Verify if notification channels do not leak sensitive data in email subjects
• Test if resource collections do not expose more data than intended
• Check if Laravel Socialite OAuth integration validates state parameter
• Test if invokable controllers properly validate all input parameters
• Verify if query builder raw expressions are not vulnerable to SQL injection
• Test if file storage disks use proper visibility settings for public/private
• Check if HTTP kernel middleware groups are properly ordered
• Test if custom Artisan commands do not expose sensitive operations
• Verify if policy methods cover all authorization requirements
• Test if request forgery protection is applied to webhook endpoints
• Check if database transactions properly handle rollback on error
• Verify if configuration values are not cached with sensitive data in production

🌐

Django Security

50 checks

0/50

• Test if DEBUG mode is set to False in production settings
• Check if SECRET_KEY is properly generated and not hardcoded in source code
• Verify if ALLOWED_HOSTS is properly configured to prevent Host header attacks
• Test if Django CSRF middleware is enabled for all state-changing requests
• Check if django.middleware.security.SecurityMiddleware is in MIDDLEWARE setting
• Test if SECURE_SSL_REDIRECT is enabled to force HTTPS connections
• Verify if SESSION_COOKIE_SECURE is set to True for HTTPS-only sessions
• Test if CSRF_COOKIE_SECURE is set to True for HTTPS-only CSRF cookies
• Check if SECURE_HSTS_SECONDS is set to enforce Strict-Transport-Security
• Test if SECURE_HSTS_INCLUDE_SUBDOMAINS is properly configured
• Verify if SECURE_HSTS_PRELOAD is enabled for HSTS preload list
• Test if SECURE_CONTENT_TYPE_NOSNIFF is set to True
• Check if SECURE_BROWSER_XSS_FILTER is set to True
• Test if X-FRAME-OPTIONS is set to DENY or SAMEORIGIN
• Verify if SESSION_COOKIE_HTTPONLY is set to True
• Test if Django templates auto-escape HTML content by default
• Check if raw SQL queries use parameterized statements
• Test if User.objects.create_user() is used instead of direct model creation
• Verify if @login_required decorator is applied to authenticated views
• Test if @permission_required decorator enforces fine-grained access control
• Check if Django admin panel is restricted to authorized IP ranges
• Test if django-admin URL path is changed from default /admin/
• Verify if password validation uses AUTH_PASSWORD_VALIDATORS setting
• Test if django-debug-toolbar is disabled in production
• Check if sensitive data is excluded from error reports via SILENCED_SYSTEM_CHECKS
• Test if MEDIA_URL and STATIC_URL are served from different domains
• Verify if upload file types are validated using Django validators
• Test if Clickjacking protection is enabled via X-Frame-Options middleware
• Check if Django REST Framework default permissions are set to IsAuthenticated
• Test if DRF throttling is configured to prevent API abuse
• Verify if JWT tokens have proper expiration and refresh rotation
• Test if CORS configuration in django-cors-headers is restrictive
• Check if Django channels WebSocket connections validate origin
• Test if manage.py is not accessible via web server
• Verify if database connections use SSL for remote databases
• Test if Django signals do not leak sensitive data in logs
• Check if custom management commands validate input properly
• Test if FILE_UPLOAD_MAX_MEMORY_SIZE prevents large file DoS
• Verify if DATA_UPLOAD_MAX_MEMORY_SIZE prevents large request body DoS
• Test if Django form validation prevents HTML injection in error messages
• Check if select_related and prefetch_related do not expose unauthorized data
• Test if Django model Meta.default_permissions are appropriate
• Verify if sensitive URL patterns are not exposed in URL configuration
• Test if Django caching backend does not store sensitive session data unencrypted
• Check if custom template tags properly escape their output
• Test if Django Check framework identifies security issues without exceptions
• Verify if AUTH_USER_MODEL is properly configured for custom user model
• Test if password reset tokens expire within reasonable timeframe
• Check if LOGGING configuration does not write sensitive data to world-readable files
• Verify if DEPLOYMENT settings separate sensitive configuration from code

🌐

Spring Boot Security

50 checks

0/50

• Test if Spring Boot Actuator endpoints are secured with authentication
• Check if /actuator/env endpoint exposes environment variables and secrets
• Test if /actuator/heapdump allows downloading of JVM heap memory
• Verify if /actuator/configprops exposes sensitive configuration properties
• Test if /actuator/health reveals detailed infrastructure information
• Check if Spring Security is properly configured for all endpoints
• Test if CSRF protection is enabled for state-changing requests
• Verify if session management is configured with proper session fixation protection
• Test if Spring Boot DevTools is disabled in production builds
• Check if /actuator/mappings exposes all API endpoint URLs
• Test if /actuator/loggers allows runtime modification of log levels
• Verify if @PreAuthorize annotations are used for method-level security
• Test if Spring Data REST projections do not expose sensitive fields
• Check if H2 database console is disabled in production
• Test if application.properties does not contain hardcoded database credentials
• Verify if JSESSIONID cookie has Secure and HttpOnly flags set
• Test if Spring Boot whitelist allows bypassing security on specific paths
• Check if /actuator/scheduledtasks exposes internal task schedules
• Test if Spring Cloud Config Server encrypts sensitive properties
• Verify if request validation uses Bean Validation annotations properly
• Test if Spring MVC error handling does not expose stack traces
• Check if /actuator/info endpoint reveals sensitive build information
• Test if JPA repositories use parameterized queries instead of concatenation
• Verify if CORS configuration is restrictive and not using wildcard origins
• Test if Spring Security default login page is replaced with custom implementation
• Check if /actuator/threaddump exposes internal application state
• Test if OAuth2 client secrets are not hardcoded in configuration files
• Verify if JWT validation checks algorithm to prevent algorithm confusion attacks
• Test if Spring Boot banner is disabled to prevent version disclosure
• Check if /actuator/beans exposes all application component names
• Test if file upload endpoints validate content type and size properly
• Verify if Spring Security filter chain ordering prevents bypass
• Test if custom AuthenticationProvider validates credentials securely
• Check if /actuator/trace or /actuator/httptrace exposes request history
• Test if Spring Boot remote shell is disabled in production
• Verify if @RolesAllowed annotations are properly enforced
• Test if Spring WebSocket endpoints validate authentication on connection
• Check if /actuator/metrics exposes sensitive business metrics
• Test if password encoders use BCryptPasswordEncoder instead of MD5 or SHA
• Verify if Spring Boot configuration uses JASYPT or Vault for secret encryption
• Test if /actuator/auditevents exposes security audit information
• Check if Spring Session uses secure Redis configuration
• Test if @ControllerAdvice handles exceptions without leaking stack traces
• Verify if Spring Boot management port is different from application port
• Test if rate limiting is configured for authentication endpoints
• Check if Spring Data query methods prevent HQL injection
• Test if @EnableGlobalMethodSecurity is configured with proper pre/post annotations
• Verify if Spring Boot graceful shutdown is properly secured
• Test if server.servlet.session.timeout is set to reasonable value
• Check if spring.security.user.name and password are not default values

🌐

Next.js Security

50 checks

0/50

• Test if Next.js API routes properly validate authentication and authorization
• Check if getServerSideProps exposes sensitive data in page source
• Test if environment variables prefixed with NEXT_PUBLIC_ expose secrets to client
• Verify if Next.js Image Optimization endpoint can be abused for SSRF
• Test if _next/data/ routes expose server-side props without authentication
• Check if Next.js middleware properly handles authentication for all routes
• Test if dynamic route parameters are sanitized before database queries
• Verify if Next.js server actions validate input and authentication properly
• Test if file uploads in API routes validate file type and size
• Check if Next.js rewrites and redirects do not expose internal services
• Test if getStaticProps leaks build-time sensitive data to client
• Verify if Next.js custom server configuration disables X-Powered-By header
• Test if API route handlers implement rate limiting
• Check if Next.js middleware matcher config properly covers all protected routes
• Test if next.config.js headers configuration sets proper security headers
• Verify if client-side navigation does not expose sensitive route information
• Test if Next.js preview mode can be activated without proper authorization
• Check if ISR revalidation endpoint requires authentication
• Test if Next.js error boundary does not expose server error details
• Verify if next.config.js images.remotePatterns restricts image source domains
• Test if API routes properly handle CORS for cross-origin requests
• Check if Next.js Link component does not expose internal URLs in prefetch
• Test if server-side rendering does not inject user-specific data into shared cache
• Verify if Next.js incremental cache is not tamperable on shared hosting
• Test if _next/static chunks do not contain sensitive environment variables
• Check if Next.js middleware properly handles edge cases in route matching
• Test if custom _error page does not leak stack trace information
• Verify if Next.js API routes use proper HTTP method validation
• Test if Next.js router excludes sensitive pages from build output
• Check if Server Components properly separate client and server data
• Test if draft mode can be abused to view unpublished content
• Verify if Next.js on-demand revalidation is secured with proper tokens
• Test if API routes implement proper error handling without stack traces
• Check if getStaticPaths fallback behavior does not expose unintended pages
• Test if Next.js script loading strategy prevents XSS via malicious scripts
• Verify if middleware handles cookie-based authentication securely
• Test if Next.js redirects do not allow open redirect vulnerabilities
• Check if base path configuration prevents path traversal attacks
• Test if i18n locale detection does not lead to content injection
• Verify if Next.js output file tracing does not include sensitive files
• Test if server actions can be invoked without proper CSRF protection
• Check if parallel routes and intercepting routes do not expose hidden content
• Test if Next.js cache tags can be manipulated to serve stale content
• Verify if API route body parser limits prevent large payload DoS
• Test if Next.js font optimization does not expose internal file paths
• Check if metadata API does not leak sensitive Open Graph information
• Test if route groups in app directory do not bypass middleware
• Verify if Next.js data caching does not persist sensitive user data
• Test if unstable_noStore prevents caching of sensitive dynamic data
• Check if Next.js deployment configuration masks server error details

🔌

API Auth Deep

50 checks

0/50

• Test if API authentication endpoints enforce rate limiting on failed attempts
• Check if API tokens expire after a reasonable duration
• Test if API key rotation mechanism is available and enforced
• Verify if OAuth2 client_secret is validated on token requests
• Test if API supports multiple authentication methods that can be chained for bypass
• Check if Bearer token validation rejects tampered signatures
• Test if API authentication is consistent across REST and GraphQL endpoints
• Verify if JWT token audience claim is validated for specific API
• Test if API allows token reuse after user password change
• Check if API authentication can be bypassed via HTTP method override headers
• Test if API key can be used from any origin without CORS validation
• Verify if refresh token rotation is implemented to prevent token replay
• Test if API HMAC signature verification uses constant-time comparison
• Check if API tokens are bound to specific IP ranges or client identifiers
• Test if authentication on WebSocket connections uses the same validation as REST
• Verify if API does not expose authentication secrets in error messages
• Test if API token introspection endpoint requires proper authorization
• Check if API supports mutual TLS authentication and validates client certificates
• Test if API token revocation takes effect immediately across all endpoints
• Verify if API scopes in OAuth tokens are enforced on each endpoint
• Test if API authentication works correctly with both JSON and form-urlencoded bodies
• Check if preflight OPTIONS requests do not bypass authentication
• Test if API token is transmitted only over secure HTTPS connections
• Verify if API rejects expired tokens with proper error codes
• Test if authentication middleware processes requests before authorization checks
• Check if API allows authentication with both query parameter and header simultaneously
• Test if API key in URL parameter leaks to server logs and Referer headers
• Verify if API token binding prevents token theft and replay
• Test if API supports proof-of-possession tokens for enhanced security
• Check if authentication state is properly synchronized across microservices
• Test if API logout invalidates server-side session and token
• Verify if API handles concurrent authentication requests without race conditions
• Test if API token can be used to access other tenant data in multi-tenant setup
• Check if API authentication uses different keys for different environments
• Test if API allows password authentication without brute force protection
• Verify if API token signing algorithm matches expected algorithm strictly
• Test if API authentication bypass is possible via path confusion
• Check if API key permissions are granular enough to enforce least privilege
• Test if API token can be used to impersonate other users via claim modification
• Verify if API authentication works correctly behind reverse proxy with X-Forwarded headers
• Test if API supports step-up authentication for sensitive operations
• Check if API tokens are stored securely on the client side
• Test if API authentication cookies have proper SameSite attribute
• Verify if API token encryption prevents offline brute force of key material
• Test if API rejects requests with authentication from multiple mechanisms
• Check if API token scope escalation is possible through parameter manipulation
• Test if API authentication endpoint is protected against timing attacks
• Verify if API auth flow prevents CSRF on token acquisition endpoints
• Test if API authentication logging does not expose credentials or tokens
• Check if API properly validates custom authentication scheme implementations

🔌

API Input Validation

50 checks

0/50

• Test if API validates input type matches expected schema (string, integer, boolean)
• Check if API enforces maximum length constraints on string inputs
• Verify if API validates numeric ranges for integer and float parameters
• Test if API properly handles null and empty values for required fields
• Check if API validates array input size to prevent resource exhaustion
• Test if API rejects unexpected or additional fields in request payload
• Verify if API validates date and time format strictly
• Test if API input validation applies to query parameters and headers as well as body
• Check if API validates email format according to RFC 5322
• Test if API validates URL format and prevents SSRF via URL inputs
• Verify if API rejects negative values for parameters expecting positive numbers
• Test if API properly validates file upload content type and extension
• Check if API validates enum fields against allowed values only
• Test if API input validation prevents SQL injection in filter and sort parameters
• Verify if API validates UUID format for identifier parameters
• Test if API rejects duplicate entries in unique constraint fields
• Check if API validates JSON depth to prevent deeply nested payload attacks
• Test if API properly handles Unicode and special characters in input fields
• Verify if API validates phone number format for international numbers
• Test if API input validation prevents NoSQL injection in MongoDB queries
• Check if API validates base64 encoded inputs for proper format and content
• Test if API enforces minimum length constraints on password fields
• Verify if API validates currency and monetary amount formats
• Test if API rejects XML payloads with external entity references
• Check if API validates pagination parameters against maximum allowed values
• Test if API input validation prevents LDAP injection in directory lookup endpoints
• Verify if API properly sanitizes HTML content in rich text input fields
• Test if API validates boolean input does not accept truthy/falsy strings
• Check if API validates timezone format for datetime with timezone fields
• Test if API input validation prevents command injection in shell-related parameters
• Verify if API validates regular expression input to prevent ReDoS attacks
• Test if API rejects extremely large numbers causing integer overflow
• Check if API validates geographic coordinate format for location fields
• Test if API validates IP address format for network-related parameters
• Verify if API validates locale and language codes against allowed values
• Test if API input validation prevents path traversal in file-related parameters
• Check if API validates JSON keys to prevent prototype pollution
• Test if API properly handles multipart form data with mixed content types
• Verify if API validates serialized data format before deserialization
• Test if API input validation applies consistently across all HTTP methods
• Check if API validates domain name format for hostname parameters
• Test if API rejects malformed JSON with proper error handling
• Verify if API validates composite keys and references to other resources
• Test if API input validation prevents CRLF injection in header-related fields
• Check if API validates encoding of percent-encoded URL parameters
• Test if API validates custom header values for format and length
• Verify if API rejects batch operations exceeding maximum batch size
• Test if API input validation prevents template injection in string fields
• Check if API validates webhook URL format and reachability
• Verify if API returns consistent error messages that do not expose internal structure

🔌

API Error Handling

50 checks

0/50

• Test if API returns generic error messages without exposing internal details
• Check if API error responses do not include stack traces or debug information
• Verify if API returns appropriate HTTP status codes for different error scenarios
• Test if API error responses are consistent across all endpoints
• Check if API handles unexpected HTTP methods with proper 405 response
• Test if API returns proper error when required headers are missing
• Verify if API does not expose database error messages in API responses
• Test if API handles malformed JSON gracefully without server error
• Check if API returns proper error for rate-limited requests with Retry-After header
• Test if API error responses do not leak server version or framework information
• Verify if API handles concurrent modification errors appropriately
• Test if API error logging captures sufficient detail without storing sensitive data
• Check if API returns proper error for unsupported content types
• Test if API handles authentication errors without revealing valid credentials
• Verify if API returns consistent error format for all error types
• Test if API handles timeout scenarios without exposing internal service details
• Check if API error responses do not include internal IP addresses or hostnames
• Test if API properly handles requests with exceeded payload size limits
• Verify if API does not return different error messages for existing vs non-existing users
• Test if API handles database connection failures without crashing or exposing details
• Check if API error responses follow a standardized schema for client consumption
• Test if API handles CORS errors appropriately without exposing internal routes
• Verify if API returns proper 422 status for validation errors
• Test if API handles unauthorized access without revealing resource existence
• Check if API does not expose third-party service error details to clients
• Test if API properly handles and reports circular reference errors in JSON
• Verify if API returns appropriate error for expired or invalid tokens
• Test if API error handling prevents information disclosure via timing differences
• Check if API handles null pointer exceptions without exposing code paths
• Test if API returns proper error for duplicate resource creation attempts
• Verify if API error responses are properly logged for security monitoring
• Test if API handles distributed system partial failures consistently
• Check if API error messages are internationalized without introducing XSS
• Test if API handles precondition failures with proper 412 response
• Verify if API returns conflict error for concurrent updates with 409 status
• Test if API handles service unavailable scenarios with proper 503 response
• Check if API error responses do not include internal correlation IDs to clients
• Test if API handles request validation errors before processing business logic
• Verify if API returns proper error for unsupported API versions
• Test if API error handling does not allow error-based SQL injection
• Check if API handles decompression bomb errors securely
• Test if API returns proper error for insufficient permissions vs authentication failures
• Verify if API error responses include request ID for debugging without exposing internals
• Test if API handles encryption and decryption failures without leaking key information
• Check if API error handling prevents denial of service via error flood
• Test if API handles gracefully when downstream services return unexpected formats
• Verify if API returns proper 429 status with rate limit headers
• Test if API error handling prevents log injection via crafted error messages
• Check if API returns proper error for missing or invalid pagination parameters
• Verify if API error responses do not assist attackers in understanding internal architecture

🔌

API Pagination

50 checks

0/50

• Test if API pagination prevents excessive data retrieval via large page sizes
• Check if API enforces maximum limit parameter value for pagination
• Test if API pagination allows bypassing access controls by iterating through all pages
• Verify if API cursor-based pagination tokens are cryptographically protected
• Test if API offset-based pagination allows deep offset DoS attacks
• Check if API pagination parameters are validated for negative or zero values
• Test if API pagination metadata reveals total record count for enumeration
• Verify if API paginated responses include proper Link headers for navigation
• Test if API allows unauthorized access by modifying pagination cursor values
• Check if API pagination is consistent with filtering and sorting parameters
• Test if API pagination performance degrades predictably with increasing offsets
• Verify if API encrypted cursor tokens prevent data tampering
• Test if API pagination allows jumping to arbitrary pages without sequential access
• Check if API pagination is enforced on endpoints returning sensitive data
• Test if API pagination works correctly with complex query filters
• Verify if API pagination does not allow access to deleted records via stale cursors
• Test if API pagination cursor is bound to the authenticated user context
• Check if API pagination prevents information leakage via timing side channels
• Test if API pagination works correctly when underlying data changes between requests
• Verify if API pagination respects row-level security policies on each page
• Test if API allows bypassing pagination entirely by omitting pagination parameters
• Check if API pagination cursor includes timestamp to prevent replay attacks
• Test if API pagination properly handles concurrent data modifications
• Verify if API paginated responses include consistent total count
• Test if API pagination keyset-based approach prevents page drift
• Check if API pagination enforces rate limiting per page request
• Test if API pagination allows enumeration of resource IDs via sequential cursors
• Verify if API pagination works correctly with soft-deleted records
• Test if API cursor tokens expire after a reasonable duration
• Check if API pagination does not expose internal database query information
• Test if API pagination limit defaults to a safe value when not specified
• Verify if API pagination returns consistent results for repeated identical queries
• Test if API pagination supports forward and backward navigation safely
• Check if API pagination prevents access to records beyond user scope
• Test if API pagination works correctly with nested resource relationships
• Verify if API pagination does not allow parameter manipulation to skip records
• Test if API pagination cursor encoding prevents injection attacks
• Check if API pagination properly handles empty result sets
• Test if API pagination limit is enforced server-side regardless of client request
• Verify if API pagination does not leak existence of records via different page counts
• Test if API pagination response time is consistent regardless of page content
• Check if API pagination cursor can be decoded to reveal internal state
• Test if API pagination works correctly with full-text search queries
• Verify if API pagination prevents unbounded concurrent page requests
• Test if API pagination works correctly with multi-column sort orders
• Check if API paginated bulk operations validate each page independently
• Test if API pagination cursor includes signature to prevent tampering
• Verify if API pagination handles timezone-aware queries correctly
• Test if API pagination works correctly across database sharding boundaries
• Check if API pagination prevents data leakage through error responses

🔌

API Versioning

50 checks

0/50

• Test if API versioning mechanism prevents access to deprecated versions
• Check if older API versions maintain the same security controls as current version
• Test if API version in URL path can be manipulated to access other versions
• Verify if API version header can be injected to bypass version-specific security
• Test if deprecated API versions are properly sunset and return appropriate warnings
• Check if API versioning is consistent across all endpoints in the same service
• Test if API version parameter allows injection or manipulation of internal logic
• Verify if API version discovery endpoint reveals all available versions
• Test if API versioning via content negotiation is properly validated
• Check if API accepts invalid version numbers without proper error response
• Test if older API versions have known vulnerabilities that remain unpatched
• Verify if API version in query parameter is validated against allowed versions
• Test if API allows downgrade attacks by specifying older vulnerable version
• Check if API version-specific rate limiting is enforced independently
• Test if API version transition period allows security bypass via version mixing
• Verify if API version-specific authentication requirements are consistent
• Test if API version in custom header takes precedence over URL version
• Check if API version routing does not expose internal service architecture
• Test if API versioning does not allow access to internal or beta versions
• Verify if API version-specific data isolation prevents cross-version data access
• Test if API returns proper deprecation headers for sunset versions
• Check if API versioning allows parallel execution of different versions safely
• Test if API version switch does not invalidate existing authentication sessions
• Verify if API version-specific input validation rules are properly enforced
• Test if API version path segment allows path traversal to other services
• Check if API versioning granularity prevents bypassing minor version security fixes
• Test if API version-specific logging captures version in audit trail
• Verify if API versioning does not create opportunities for request smuggling
• Test if API version-specific CORS policies are properly isolated
• Check if API version-specific error messages do not reveal internal architecture
• Test if API allows version negotiation via Accept header manipulation
• Verify if API version-specific documentation is access-restricted appropriately
• Test if API versioning mechanism is resistant to brute force version enumeration
• Check if API version-specific middleware processes requests in correct order
• Test if API versioning does not allow bypassing authorization via version confusion
• Verify if API version-specific encryption requirements are enforced
• Test if API version change does not expose previously protected data fields
• Check if API version routing does not create server-side request forgery opportunities
• Test if API versioning via subdomain isolates versions properly
• Verify if API version-specific rate limits cannot be bypassed via version switching
• Test if API version sunset process properly migrates security configurations
• Check if API version-specific webhook deliveries validate version compatibility
• Test if API versioning does not allow cache poisoning via version header
• Verify if API version-specific database queries prevent injection across versions
• Test if API versioning does not expose admin or debug versions to end users
• Check if API version deprecation timeline is communicated via Sunset header
• Test if API version-specific token scopes are properly validated
• Verify if API versioning does not create inconsistent authorization behavior
• Test if API version routing does not allow access to microservices directly
• Check if API version-specific payload limits are enforced consistently

🔌

API CORS Deep

50 checks

0/50

• Test if API CORS configuration allows wildcard origin with credentials
• Check if API dynamically reflects Origin header in Access-Control-Allow-Origin
• Test if API CORS preflight response properly restricts allowed methods
• Verify if API Access-Control-Allow-Headers does not expose sensitive custom headers
• Test if API CORS allows null origin which can be exploited via sandboxed iframes
• Check if API CORS configuration allows local file:// origin
• Test if API CORS preflight caching duration is set to reasonable value
• Verify if API CORS credentials flag is not set for public read-only endpoints
• Test if API CORS allows subdomain origin without proper validation
• Check if API CORS configuration on WebSocket upgrade requests is secure
• Test if API CORS allows cross-origin cookie setting via Set-Cookie header
• Verify if API CORS preflight handles complex request scenarios correctly
• Test if API CORS allows cross-origin authorization header exposure
• Check if API CORS Access-Control-Expose-Headers reveals sensitive response headers
• Test if API CORS bypass is possible via DNS rebinding after preflight
• Verify if API CORS configuration is consistent across all API versions
• Test if API CORS allows origin with non-standard port on trusted domain
• Check if API CORS handles malformed Origin header gracefully
• Test if API CORS configuration prevents cross-origin data exfiltration
• Verify if API CORS preflight does not execute the actual request handler
• Test if API CORS allows cross-origin access to authenticated endpoints
• Check if API CORS configuration applies to streaming responses
• Test if API CORS allows cross-origin access via redirect chains
• Verify if API CORS configuration handles multiple Origin headers correctly
• Test if API CORS bypass is possible via X-Forwarded-Host or X-Forwarded-Proto
• Check if API CORS configuration applies to error responses consistently
• Test if API CORS allows cross-origin file upload from arbitrary origins
• Verify if API CORS configuration is enforced on server-sent events endpoints
• Test if API CORS whitelist validation prevents regex bypass via crafted origins
• Check if API CORS allows cross-origin access via HTTP redirect from allowed origin
• Test if API CORS configuration properly handles internationalized domain names
• Verify if API CORS allows credential-bearing requests from third-party origins
• Test if API CORS bypass via protocol downgrade from HTTPS to HTTP
• Check if API CORS handles OPTIONS request without authentication properly
• Test if API CORS configuration is applied before request body processing
• Verify if API CORS allows cross-origin access to GraphQL introspection
• Test if API CORS configuration prevents cache-based cross-origin attacks
• Check if API CORS allows cross-origin access to admin or debug endpoints
• Test if API CORS configuration handles same-origin requests consistently
• Verify if API CORS does not allow origin spoofing via crafted subdomain
• Test if API CORS configuration applies to multipart file upload requests
• Check if API CORS allows cross-origin access to token refresh endpoints
• Test if API CORS configuration prevents cross-origin WebSocket hijacking
• Verify if API CORS handles server-side redirects maintaining CORS headers
• Test if API CORS allows cross-origin access via proxy or CDN rewriting
• Check if API CORS configuration is validated on the backend not just edge
• Test if API CORS allows cross-origin request with custom Content-Type
• Verify if API CORS Access-Control-Max-Age is appropriate for security requirements
• Test if API CORS bypass is possible via Flash or Silverlight cross-domain policies
• Check if API CORS configuration prevents cross-origin session fixation

🔌

API Documentation

50 checks

0/50

• Test if Swagger/OpenAPI documentation is accessible without authentication
• Check if API documentation exposes internal endpoints not meant for public use
• Test if API documentation reveals sensitive data models and field names
• Verify if API documentation includes default credentials or API keys
• Test if API documentation exposes database schema details
• Check if API documentation allows executing requests against production environment
• Test if API documentation discloses internal server URLs and infrastructure
• Verify if API documentation is properly versioned and does not expose deprecated features
• Test if GraphQL introspection query exposes full schema in production
• Check if API documentation includes sample tokens that work in production
• Test if API documentation directory listing reveals additional documentation files
• Verify if API documentation does not expose admin-only endpoint definitions
• Test if WSDL file is accessible and reveals internal service operations
• Check if API documentation exposes error codes that reveal internal system state
• Test if API documentation includes test or debug endpoints
• Verify if API documentation access is logged and monitored for security
• Test if API documentation exposes rate limiting configuration details
• Check if API documentation reveals authentication flow implementation details
• Test if API documentation discloses third-party service integration details
• Verify if API documentation does not include personally identifiable information in examples
• Test if API documentation is disabled or restricted in production environment
• Check if API documentation exposes health check and monitoring endpoints
• Test if API documentation allows discovery of shadow APIs not in official docs
• Verify if API documentation includes proper security scheme definitions
• Test if API documentation reveals internal IDOR-vulnerable identifier formats
• Check if API documentation exposes webhook callback URL patterns
• Test if API documentation GraphQL playground is accessible in production
• Verify if API documentation does not expose encryption key information
• Test if API documentation discloses cron job or scheduled task endpoints
• Check if API documentation reveals file upload path structure on server
• Test if API documentation shows pagination parameters enabling data enumeration
• Verify if API documentation is properly sanitized before publishing to external consumers
• Test if API documentation includes deprecated authentication methods still functional
• Check if API documentation exposes cache invalidation endpoints
• Test if API documentation allows discovery of beta or unreleased features
• Verify if API documentation does not reveal internal microservice names
• Test if API documentation includes CORS configuration details
• Check if API documentation exposes environment variable names
• Test if API documentation reveals search query syntax enabling injection
• Verify if API documentation access control is separate from API access control
• Test if API documentation allows unauthorized batch or bulk operation discovery
• Check if API documentation exposes queue or messaging endpoint details
• Test if API documentation reveals authorization scope hierarchy
• Verify if API documentation does not include backup or export endpoint definitions
• Test if API documentation allows discovery of data migration endpoints
• Check if API documentation reveals SAML or OAuth configuration endpoints
• Test if API documentation exposes logging or audit trail endpoints
• Verify if API documentation includes rate limit bypass headers or parameters
• Test if API documentation reveals feature flags or A/B testing endpoints
• Check if API documentation is discoverable via well-known URI patterns

🔌

API Logging

50 checks

0/50

• Test if API logs authentication failures for brute force detection
• Check if API logs contain sensitive data like passwords or tokens
• Test if API logs authorization failures for access violation monitoring
• Verify if API request logging includes sufficient context for forensic analysis
• Test if API logs are protected from unauthorized access and tampering
• Check if API logging captures rate limiting events and thresholds
• Test if API logs include request correlation IDs for tracing
• Verify if API logging does not store full request bodies with PII
• Test if API logs input validation failures indicating potential attacks
• Check if API logging captures IP address and user agent for each request
• Test if API logs are centralized and searchable for security monitoring
• Verify if API logging includes timestamp with timezone for accurate forensics
• Test if API logs detect and flag anomalous request patterns
• Check if API logging captures server-side errors for vulnerability detection
• Test if API logs are retained for sufficient duration per compliance requirements
• Verify if API logging does not expose log contents through error messages
• Test if API logs include request duration for performance anomaly detection
• Check if API logging captures failed schema validation attempts
• Test if API logs are immutable and cannot be modified after creation
• Verify if API logging captures API key usage for abuse detection
• Test if API logs alert on unusual geographic access patterns
• Check if API logging captures mass data export events
• Test if API logs include response status codes for every request
• Verify if API logging captures request source through X-Forwarded-For chain
• Test if API logs detect parameter tampering attempts
• Check if API logging captures OAuth token issuance and revocation events
• Test if API logs are encrypted at rest to prevent data leakage
• Verify if API logging captures request size for DoS detection
• Test if API logs include authenticated user identity for accountability
• Check if API logging captures webhook delivery failures
• Test if API logs are forwarded to SIEM for real-time alerting
• Verify if API logging captures content-type mismatches
• Test if API logs detect injection attack patterns in request parameters
• Check if API logging captures permission escalation attempts
• Test if API logs include enough data to reconstruct attack sequences
• Verify if API logging does not create denial of service via excessive logging
• Test if API logs capture token refresh and exchange events
• Check if API logging detects automated scanning tools by user agent patterns
• Test if API logs capture endpoint access frequency for anomaly detection
• Verify if API logging redacts sensitive fields before storage
• Test if API logs capture version-specific endpoint usage
• Check if API logging captures CORS policy violations
• Test if API logs detect concurrent session anomalies
• Verify if API logging captures data modification events with before/after values
• Test if API logs are partitioned by severity for efficient monitoring
• Check if API logging captures certificate validation failures
• Test if API logs support real-time streaming for immediate threat detection
• Verify if API logging captures request routing decisions for debugging
• Test if API logs detect brute force against multi-factor authentication
• Check if API logging includes geographic metadata for access pattern analysis

🔌

API Rate Limit Deep

50 checks

0/50

• Test if API rate limiting is enforced on authentication endpoints
• Check if API rate limiting applies per user rather than per IP address
• Test if API rate limiting can be bypassed via X-Forwarded-For header manipulation
• Verify if API rate limiting is consistent across all API versions
• Test if API rate limiting applies to GraphQL query complexity
• Check if API rate limiting is enforced on WebSocket connections
• Test if API rate limiting can be circumvented by rotating API keys
• Verify if API rate limiting returns proper 429 status code with Retry-After header
• Test if API rate limiting accounts for expensive operations differently
• Check if API rate limiting prevents concurrent request flooding
• Test if API rate limiting applies to token refresh endpoints
• Verify if API rate limiting is enforced at the application layer not just CDN
• Test if API rate limiting accounts for different HTTP methods separately
• Check if API rate limiting is applied to batch and bulk endpoints
• Test if API rate limiting prevents slowloris-style connection exhaustion
• Verify if API rate limiting uses sliding window instead of fixed window algorithm
• Test if API rate limiting can be bypassed via IPv6 address variation
• Check if API rate limiting applies to file upload endpoints with size consideration
• Test if API rate limiting is enforced for unauthenticated endpoints
• Verify if API rate limiting handles distributed attacks across multiple IPs
• Test if API rate limiting responds consistently when limit is exceeded
• Check if API rate limiting allows burst traffic within acceptable bounds
• Test if API rate limiting headers reveal current limit and remaining quota
• Verify if API rate limiting prevents brute force on password reset tokens
• Test if API rate limiting applies to webhook callback attempts
• Check if API rate limiting is enforced for different API tiers appropriately
• Test if API rate limiting prevents resource exhaustion via complex queries
• Verify if API rate limiting works correctly behind load balancers
• Test if API rate limiting can be bypassed via HTTP/2 multiplexing
• Check if API rate limiting is applied to search and filter endpoints
• Test if API rate limiting prevents credential stuffing attacks effectively
• Verify if API rate limiting accounts for request payload size
• Test if API rate limiting can be bypassed by splitting requests across subdomains
• Check if API rate limiting applies to server-sent events connections
• Test if API rate limiting prevents denial of wallet attacks on paid APIs
• Verify if API rate limiting gracefully degrades service instead of hard failure
• Test if API rate limiting is consistent across all geographic regions
• Check if API rate limiting applies to health check and monitoring endpoints
• Test if API rate limiting prevents concurrent modification attacks
• Verify if API rate limiting is enforced for background job submission endpoints
• Test if API rate limiting can be bypassed via parameter pollution creating unique keys
• Check if API rate limiting accounts for nested resource access patterns
• Test if API rate limiting prevents pagination-based data scraping
• Verify if API rate limiting is applied to notification endpoints
• Test if API rate limiting handles retry storms from client libraries
• Check if API rate limiting is enforced after authentication not before
• Test if API rate limiting prevents amplification attacks via reflection endpoints
• Verify if API rate limiting is coordinated across microservice boundaries
• Test if API rate limiting prevents time-based enumeration attacks
• Check if API rate limiting accounts for costs of AI/ML inference endpoints

🔌

API Webhook Deep

50 checks

0/50

• Test if API webhook URLs are validated to prevent SSRF attacks
• Check if API webhook delivery authenticates the receiving endpoint
• Test if API webhook payload signing prevents tampering and forgery
• Verify if API webhook URL validation blocks internal and private IP addresses
• Test if API webhook registration requires proper authorization
• Check if API webhook retry mechanism has exponential backoff with limit
• Test if API webhook delivery includes HMAC signature for verification
• Verify if API webhook URL can be changed without re-authentication
• Test if API webhook allows registration of non-HTTPS URLs
• Check if API webhook URL redirects are followed to internal services
• Test if API webhook payload does not contain sensitive authentication credentials
• Verify if API webhook secret rotation is supported and enforced
• Test if API webhook delivery logs are protected from unauthorized access
• Check if API webhook endpoint performs TLS certificate validation
• Test if API webhook registration limits prevent resource exhaustion
• Verify if API webhook URL length is validated to prevent buffer overflow
• Test if API webhook timeout is configured to prevent hanging connections
• Check if API webhook allows enumeration of registered webhook URLs
• Test if API webhook payload size is limited to prevent DoS on receivers
• Verify if API webhook delivery tracks and reports failed deliveries
• Test if API webhook URL validation prevents DNS rebinding attacks
• Check if API webhook registration validates URL against allowlist of domains
• Test if API webhook payload includes timestamp to prevent replay attacks
• Verify if API webhook delivery uses mutual TLS for endpoint authentication
• Test if API webhook allows modification of other users' webhook configurations
• Check if API webhook URL can point to cloud metadata endpoints
• Test if API webhook registration rate limiting prevents abuse
• Verify if API webhook delivery includes unique event ID for idempotency
• Test if API webhook allows subscription to events beyond user's authorization scope
• Check if API webhook URL is validated for reachable host before registration
• Test if API webhook payload encryption is supported for sensitive data
• Verify if API webhook delivery isolates failures between different webhooks
• Test if API webhook allows batch delivery to reduce request volume
• Check if API webhook URL accepts only specific content types in response
• Test if API webhook registration requires domain ownership verification
• Verify if API webhook delivery does not follow HTTP redirects to internal networks
• Test if API webhook can be used to trigger internal API operations
• Check if API webhook delivery includes proper User-Agent header identification
• Test if API webhook URL allows IPv6 addresses that map to internal networks
• Verify if API webhook event filtering prevents unauthorized data access
• Test if API webhook delivery handles response status codes appropriately
• Check if API webhook allows arbitrary HTTP headers in delivery requests
• Test if API webhook registration validates against phishing domain patterns
• Verify if API webhook delivery timeout prevents slow response attacks
• Test if API webhook allows registration of URLs with authentication credentials embedded
• Check if API webhook payload structure can be manipulated to exploit receiving service
• Test if API webhook URL validation prevents access to localhost services
• Verify if API webhook deletion is properly authorized and logged
• Test if API webhook delivery concurrent requests are limited per target
• Check if API webhook URL accepts only standard ports for HTTPS

🤖

Deep Link Deep

50 checks

0/50

• Test if deep links validate the source and integrity of incoming data
• Check if deep links allow unauthorized access to protected activities
• Test if deep link parameters can be manipulated for IDOR attacks
• Verify if deep links use proper URL scheme validation to prevent hijacking
• Test if deep links handle malformed URI data without crashing or exposing data
• Check if deep links can bypass authentication requirements on target activities
• Test if deep links allow path traversal to access unintended content providers
• Verify if deep links are protected by intent filters with proper permission checks
• Test if app links with auto-verify properly validate domain ownership
• Check if deep links can be used to inject JavaScript into WebView components
• Test if deep links allow arbitrary file access via file:// scheme handling
• Verify if deep link receivers validate data before passing to sensitive operations
• Test if deep links can be used to trigger unauthorized transactions
• Check if deep links expose sensitive information via query parameters in logs
• Test if custom URL schemes can be hijacked by malicious applications
• Verify if deep links enforce proper authorization before executing actions
• Test if deep links can be used to bypass pending intent security restrictions
• Check if deep links can launch exported activities without proper intent validation
• Test if deep links can be used to modify shared preferences or internal state
• Verify if deep link handlers sanitize input before using in SQL queries
• Test if deep links can be used to access content providers without authority checks
• Check if deep links with intent extras can override security configurations
• Test if deep links can redirect users to phishing pages within the app WebView
• Verify if deep link parameters are validated for type and length constraints
• Test if deep links can be used to enumerate internal app functionality
• Check if deep links can trigger broadcast receivers with malicious intent data
• Test if deep links can be used to exploit pending intents from other apps
• Verify if deep links properly handle multiple overlapping deep link navigations
• Test if deep links can bypass root detection or tamper detection mechanisms
• Check if deep links can access clipboard data or other sensitive shared resources
• Test if deep links can be used to exploit task affinity and back stack manipulation
• Verify if deep links validate callback URLs to prevent open redirect attacks
• Test if deep links can be used to exfiltrate data via custom scheme callbacks
• Check if deep links properly verify signature of the calling application
• Test if deep links can be used to grant unauthorized permissions via intent extras
• Verify if deep links can be used to add accounts via account manager intent
• Test if deep links can bypass certificate pinning by loading URLs in WebView
• Check if deep links can be used to install or launch malicious app components
• Test if deep links can trigger synchronization with malicious server endpoints
• Verify if deep links enforce HTTPS for all external URL navigation
• Test if deep links can be used to bypass biometric authentication prompts
• Check if deep links can manipulate notification content or actions
• Test if deep links can access content from other apps via content:// scheme
• Verify if deep links properly validate redirect chains to prevent SSRF
• Test if deep links can be used to exploit fragment injection vulnerabilities
• Check if deep links can bypass network security configuration restrictions
• Test if deep links can be used to load arbitrary code via dynamic feature modules
• Verify if deep links properly handle Unicode normalization in URL components
• Test if deep links can be used to exploit WebView addJavascriptInterface
• Check if deep links enforce rate limiting to prevent automated abuse

🤖

Notification Security

50 checks

0/50

• Test if notifications contain sensitive data visible on lock screen
• Check if notification actions can be triggered without proper authentication
• Verify if notification channels have appropriate importance levels for sensitive data
• Test if direct reply notifications properly validate input before processing
• Check if notification pending intents use immutable flags to prevent hijacking
• Test if notifications can be intercepted by malicious accessibility services
• Verify if notification data is accessible to other applications via notification listener
• Test if notification content can be modified by malicious apps before display
• Check if notification badge count can reveal activity patterns to other apps
• Test if notification actions expose sensitive operations without user confirmation
• Verify if notification groups properly collapse sensitive and non-sensitive content
• Test if notification sound or vibration patterns leak information about content type
• Check if notification dismiss action triggers unintended side effects
• Test if notification builder allows injection of arbitrary pending intents
• Verify if notification channels properly separate sensitive and public notifications
• Test if foreground service notifications reveal internal application state
• Check if notification big text style exposes full message content on lock screen
• Test if notification remote views can be exploited for code execution
• Verify if notification extras bundle can be read by other applications
• Test if media notifications expose playback controls without authentication
• Check if notification styling can be manipulated for UI spoofing attacks
• Test if notification click intent can redirect to malicious activities
• Verify if notification data is persisted and accessible after reboot
• Test if notification API allows bypassing Do Not Disturb mode
• Check if notification permissions are properly requested and validated
• Test if notification listener services can exfiltrate notification data
• Verify if notification actions properly validate the source application
• Test if notification public version properly redacts sensitive content
• Check if notification progress indicators reveal sensitive operation details
• Test if notification timeout and auto-dismiss work correctly for sensitive data
• Verify if notification widget remote views prevent injection attacks
• Test if notification actions use explicit intents to prevent interception
• Check if notification icon can be used to spoof system or other app icons
• Test if notification category is properly set for sensitive communications
• Verify if notification color and LED patterns do not leak information
• Test if notifications can be used as covert channel between applications
• Check if notification deletion intent can be abused for unauthorized actions
• Test if notification bubble metadata can bypass screen pinning restrictions
• Verify if notification content intent properly authenticates user before action
• Test if notification shortcut ID can be manipulated to access other app features
• Check if notification template injection allows cross-app content spoofing
• Test if notification ticker text reveals sensitive information on status bar
• Verify if notification assistant can modify sensitive notification content
• Test if notification policy allows bypassing user-configured notification settings
• Check if notification of one app can spoof the identity of another app
• Test if notification reply action validates the response before sending
• Verify if notification content is properly encrypted when stored by system
• Test if notification history accessible via settings reveals sensitive data
• Check if notification channel description leaks internal application details
• Verify if notification rank and sort order can be manipulated for visibility abuse

🤖

Keystore Deep

50 checks

0/50

• Test if Android Keystore is used for storing cryptographic keys instead of hardcoded values
• Check if key entries in Keystore are properly protected with user authentication
• Test if Keystore keys have proper validity duration and expiration settings
• Verify if Keystore key generation uses secure random number generation
• Test if Keystore keys are bound to device hardware security module
• Check if key usage is restricted to specific cryptographic operations
• Test if Keystore key attestation certificates can be verified for authenticity
• Verify if Keystore key deletion properly removes all key material
• Test if Keystore access requires biometric or PIN authentication
• Check if Keystore keys use strong encryption algorithms (AES-256, RSA-2048+)
• Test if Keystore import of keys uses secure key wrapping mechanism
• Verify if Keystore key aliases follow secure naming convention without information leakage
• Test if Keystore keys are invalidated on fingerprint enrollment changes
• Check if application uses KeyGenParameterSpec with appropriate security parameters
• Test if Keystore keys have userAuthenticationValidityDurationSeconds set appropriately
• Verify if Keystore backed keys are used for TLS client certificate pinning
• Test if Keystore key export is disabled to prevent key extraction
• Check if Keystore key operations are performed within secure hardware TEE
• Test if Keystore handles key generation failure without falling back to insecure storage
• Verify if Keystore keys are invalidated on device lock change
• Test if Keystore provides attestation for key security level verification
• Check if Keystore key pair generation uses appropriate key sizes
• Test if Keystore supports key usage authorizations limiting operation scope
• Verify if Keystore keys are unique per application and not shared across apps
• Test if Keystore handles secure key rotation without exposing old key material
• Check if Keystore key creation includes proper purpose binding (encrypt, decrypt, sign, verify)
• Test if Keystore uses StrongBox security hardware when available on device
• Verify if Keystore key authentication binding prevents use without user presence
• Test if Keystore resists side-channel attacks on cryptographic operations
• Check if Keystore properly handles device compromise and key revocation
• Test if Keystore key validity start date prevents premature key usage
• Verify if Keystore key certificate serial number is unique and unpredictable
• Test if Keystore key certificate subject does not reveal sensitive information
• Check if Keystore handles concurrent key access from multiple threads safely
• Test if Keystore key authentication timeout prevents indefinite key availability
• Verify if Keystore encrypted key blob is properly protected at rest
• Test if Keystore key import only accepts keys in secure wrapped format
• Check if Keystore key usage counters prevent unlimited use without re-authentication
• Test if Keystore provides rollback protection for key material
• Verify if Keystore handles device restore scenarios without key compromise
• Test if Keystore key attestation includes application signature verification
• Check if Keystore master key is properly derived and not predictable
• Test if Keystore backup and restore does not leak key material
• Verify if Keystore key confirmation token is validated on signature operations
• Test if Keystore key generation includes proper random IV for encryption
• Check if Keystore handles hardware-backed key operation failure gracefully
• Test if Keystore key authorization confirmation message is displayed securely
• Verify if Keystore uses device-specific key derivation to prevent key portability
• Test if Keystore key attestation extension data includes security patch level
• Check if Keystore properly isolates keys between user profiles on multi-user devices

🤖

Permission Deep

50 checks

0/50

• Test if application requests only minimum necessary permissions in manifest
• Check if runtime permissions are requested at the time of need rather than upfront
• Test if custom permissions use signature protection level for inter-app communication
• Verify if dangerous permissions are properly justified and documented
• Test if permission checks are enforced on all exported components
• Check if application handles permission denial gracefully without crashing
• Test if custom permission definitions have proper protectionLevel attribute set
• Verify if application does not request permissions from other apps it does not need
• Test if permission groups are used appropriately without over-privileging
• Check if background location access requires user acknowledgment of risk
• Test if application properly checksSelfPermission before performing protected operations
• Verify if requestPermissions flow handles all possible user responses
• Test if application does not bypass permission checks via IPC or content providers
• Check if READ_PHONE_STATE permission is not misused for device fingerprinting
• Test if CAMERA and RECORD_AUDIO permissions are not requested unnecessarily
• Verify if application does not use deprecated permission protection levels
• Test if permission-protected activities verify calling application identity
• Check if application enforces its own custom permissions on exported services
• Test if WRITE_EXTERNAL_STORAGE is not used when scoped storage is available
• Verify if SYSTEM_ALERT_WINDOW permission usage is justified and minimal
• Test if application does not declare permissions with normal protection for dangerous operations
• Check if BIND_* permissions for services are properly enforced by the system
• Test if application does not expose functionality via components without permission checks
• Verify if onRequestPermissionsResult properly validates the request code origin
• Test if application uses checkCallingPermission for IPC permission validation
• Check if dangerous permission requests include clear user-facing rationale
• Test if application does not store permission state in insecure shared preferences
• Verify if application re-validates permissions on activity resume after background
• Test if application properly handles permission revocation while running
• Check if application does not use hidden APIs to bypass permission enforcement
• Test if permission enforcement is consistent across bound service interfaces
• Verify if application does not request package installation permission unnecessarily
• Test if application handles app standby bucket permission restrictions correctly
• Check if application uses NotificationListenerService with proper permission validation
• Test if application does not leverage AccessibilityService for permission bypass
• Verify if application properly restricts content provider queries by permission
• Test if application enforces permissions on broadcast receivers for protected actions
• Check if application does not use PROCESS_OUTGOING_CALLS permission without justification
• Test if application validates permissions for cross-profile data access
• Verify if application does not request both fine and coarse location permissions
• Test if application properly uses activity-alias permissions for component protection
• Check if application enforces permission on PendingIntent operations
• Test if application does not grant URI permissions to unauthorized packages
• Verify if application handles background activity launch restrictions properly
• Test if application uses BiometricPrompt instead of deprecated FingerprintManager
• Check if application validates granted permissions match requested permissions
• Test if application does not abuse USAGE_STATS permission for surveillance
• Verify if application properly implements permission-aware backup exclusion rules
• Test if application does not request SMS or CALL_LOG permissions without core functionality
• Check if application uses granular media permissions instead of broad storage access

🤖

Backup Security

50 checks

0/50

• Test if android:allowBackup is set to false for applications with sensitive data
• Check if android:fullBackupContent specifies proper exclusion rules for sensitive files
• Test if ADB backup can extract sensitive data from the application
• Verify if application data backup excludes shared preferences with credentials
• Test if Google Play auto-backup excludes databases containing PII
• Check if backup agent implementation encrypts sensitive data before backup
• Test if application properly handles backup restoration on different devices
• Verify if android:backupAgent does not expose sensitive data to backup transport
• Test if backup includes files that contain encryption keys or certificates
• Check if application uses key-value backup for critical configuration data
• Test if restore operation validates the integrity of backed up data
• Verify if full backup content rules properly include and exclude files
• Test if backup data can be read by other applications on the same device
• Check if application prevents backup when device is not encrypted
• Test if backup transport encrypts data in transit to cloud storage
• Verify if backup data format does not allow injection on restore
• Test if application clears sensitive cached data before backup operation
• Check if SharedPreferences backup excludes authentication tokens
• Test if database backup excludes tables with sensitive user information
• Verify if file backup excludes external storage files with sensitive data
• Test if backup agent handles backup interruption without data corruption
• Check if restored data is properly re-encrypted with new device keys
• Test if backup of application does not include keystore entries
• Verify if backup operation does not log sensitive data being processed
• Test if backup data versioning prevents downgrade attacks on restore
• Check if application uses BackupManager dataChanged notification appropriately
• Test if backup includes generated keys that should be device-specific
• Verify if restore operation requires user authentication on target device
• Test if backup data is properly isolated between user profiles
• Check if backup agent implementation validates caller identity
• Test if backup excludes files in internal storage with financial data
• Verify if full backup device-to-device transfer is restricted appropriately
• Test if backup of content provider data respects original permission constraints
• Check if application does not store backup encryption key in accessible location
• Test if backup agent properly handles large data sets without timeout
• Verify if restored application validates data schema version compatibility
• Test if backup excludes crash logs that may contain sensitive information
• Check if application prevents backup of authentication session data
• Test if backup operation does not create temporary files with sensitive data
• Verify if backup agent is not exported to other applications
• Test if backup includes analytics data that reveals user behavior patterns
• Check if backup of WebView data excludes cookies and cached credentials
• Test if restore operation sanitizes data before writing to application storage
• Verify if backup data includes timestamp to prevent replay attacks
• Test if application handles backup quota limits without exposing partial data
• Check if backup excludes OAuth tokens and refresh tokens
• Test if backup agent uses secure random for any generated backup identifiers
• Verify if application prevents backup when screen lock is not set
• Test if backup data is bound to device identity preventing cross-device restore abuse
• Check if application provides user control over what data is included in backup

🤖

Logging Deep

50 checks

0/50

• Test if application logs contain sensitive user data like passwords or tokens
• Check if Log.d and Log.v statements are removed from production builds
• Test if application uses ProGuard rules to strip logging calls in release
• Verify if logcat output can be read by other applications on the device
• Test if application logs authentication credentials during login flow
• Check if crash logs include stack traces revealing internal application logic
• Test if application logs API request and response bodies with sensitive data
• Verify if logging library properly sanitizes PII before writing to logs
• Test if application logs encryption keys or cryptographic operation details
• Check if debug builds with verbose logging are distributed to production
• Test if application logs session tokens or authentication headers
• Verify if Timber or similar logging library enforces release build policies
• Test if application logs database query results containing user data
• Check if log files are stored in application-private directories not world-readable
• Test if application logs user location data without proper consent
• Verify if application uses different log levels appropriately for security events
• Test if logging does not include full credit card numbers or SSNs
• Check if application logs intent extras that contain sensitive parameters
• Test if log rotation prevents unlimited log file growth on device
• Verify if application logs are cleared when user logs out
• Test if application logs biometric authentication details or template data
• Check if third-party SDK logging is properly suppressed in production
• Test if application logs network headers including authorization tokens
• Verify if application does not log content of push notifications with sensitive data
• Test if application logs can be used for user activity tracking without consent
• Check if application logs deep link parameters with authentication data
• Test if Firebase Crashlytics or similar tools mask sensitive data in reports
• Verify if application logs file paths revealing internal storage structure
• Test if application logs SQL queries with user input for debugging
• Check if application does not log device identifiers for tracking purposes
• Test if application logs custom events containing user personal information
• Verify if secure logging implementation uses OIDC claims filtering
• Test if application logs certificate chain details including private key references
• Check if log buffer overflow can cause crash or denial of service
• Test if application logs shared preference values with authentication data
• Verify if application handles log write failures without data exposure
• Test if application logs inter-process communication data between components
• Check if application logs reveal timing information useful for side-channel attacks
• Test if application logs permission grant and denial events appropriately
• Verify if application does not log WebView console messages in production
• Test if application logs keyboard input or form data entry
• Check if application logs Bluetooth pairing or NFC communication data
• Test if log file permissions prevent access from other applications
• Verify if application logs analytics events without user PII
• Test if application logs encryption algorithm and key size information
• Check if application logs fail to redact data when using toString() methods
• Test if application logs service binding and unbinding events with sensitive details
• Verify if application does not log backup and restore operation data
• Test if application logs background service execution with user activity patterns
• Check if application properly obfuscates logged data in production builds

🤖

Component Deep

50 checks

0/50

• Test if exported activities are properly protected with custom permissions
• Check if exported services validate the calling application identity
• Test if broadcast receivers handle malicious intent data securely
• Verify if content providers implement proper query parameter validation
• Test if activities with intent filters are unintentionally exported
• Check if services bound by external apps enforce permission checks
• Test if local broadcast manager is used for internal component communication
• Verify if content provider URI matching prevents unauthorized data access
• Test if pending intents use immutable flags to prevent hijacking
• Check if broadcast receivers do not expose sensitive data in result extras
• Test if exported components are minimized to reduce attack surface
• Verify if intent resolution does not allow component access via ambiguous targeting
• Test if task affinity manipulation allows activity hijacking
• Check if fragments are properly secured when used in exported activities
• Test if content providers use selection and selectionArgs to prevent SQL injection
• Verify if application components handle configuration changes without state leakage
• Test if intent extras are validated for type and size before processing
• Check if exported receivers do not process intents from untrusted sources
• Test if activity launch modes prevent unauthorized screen injection
• Verify if content providers implement proper insert/update/delete validation
• Test if application uses explicit intents for internal component communication
• Check if component enable/disable state is properly managed for security
• Test if dynamically loaded components validate code integrity
• Verify if content provider batch operations are atomic and consistent
• Test if application components properly handle intent redirection attacks
• Check if service intent filters do not allow third-party service binding
• Test if application restricts component access using android:permission attribute
• Verify if activities handle deep links without exposing internal component state
• Test if exported receivers validate broadcast action before processing
• Check if content provider calling package identity is verified
• Test if application does not export components with sensitive functionality unnecessarily
• Verify if intent data URI is validated before use in component operations
• Test if application handles component lifecycle events without data leakage
• Check if broadcast receiver result codes do not reveal internal state
• Test if content provider truncation of large result sets is handled securely
• Verify if application components validate caller UID and PID for authorization
• Test if activity result data is validated when returned to calling application
• Check if application uses package visibility filtering to limit component discovery
• Test if exported content providers implement rate limiting on queries
• Verify if service connection handles unbind gracefully without data exposure
• Test if application components do not leak information via toast messages
• Check if content provider openFile prevents path traversal in file serving
• Test if application enforces single-task or single-top launch modes appropriately
• Verify if ordered broadcast receivers cannot be prioritized to intercept data
• Test if application validates package name of bound service before IPC
• Check if component aliases do not expose unintended functionality
• Test if application properly handles component interaction with work profile
• Verify if intent MIME type validation prevents content type confusion attacks
• Test if application components are protected against intent smuggling attacks
• Check if content provider call method validates method name and arguments

🤖

Work Profile Security

50 checks

0/50

• Test if application properly isolates data between personal and work profiles
• Check if work profile applications prevent data leakage to personal profile
• Test if cross-profile intent filters are properly configured and restricted
• Verify if application handles profile owner restrictions appropriately
• Test if work profile VPN configuration isolates traffic from personal profile
• Check if application does not share authentication sessions across profiles
• Test if work profile apps prevent clipboard sharing with personal apps
• Verify if application respects profile-specific network security configuration
• Test if device administrator policies are properly enforced in work profile
• Check if application handles work profile removal without data residue
• Test if cross-profile content sharing requires user confirmation
• Verify if work profile credentials are isolated from personal keystore
• Test if application prevents work profile data from being backed up to personal cloud
• Check if cross-profile widget interaction is properly restricted
• Test if work profile notifications are isolated from personal notifications
• Verify if application handles profile switching without session confusion
• Test if work profile app installation is restricted to approved sources
• Check if application prevents work profile contacts from mixing with personal contacts
• Test if cross-profile file sharing is properly mediated by device policy controller
• Verify if work profile remote wipe does not affect personal data
• Test if application properly handles disabled work profile scenarios
• Check if work profile apps enforce separate certificate pinning policies
• Test if application prevents work data from being shared via personal apps
• Verify if work profile VPN split tunneling is configured securely
• Test if application handles work profile specific storage encryption
• Check if cross-profile app linking prevents unauthorized navigation
• Test if work profile account management is isolated from personal accounts
• Verify if application enforces work profile specific permission policies
• Test if application prevents screen capture in work profile when restricted
• Check if work profile specific intent broadcasts are isolated from personal profile
• Test if application properly handles work profile specific app restrictions
• Verify if work profile browser data is isolated from personal browsing
• Test if application enforces work profile specific password complexity requirements
• Check if cross-profile accessibility service access is restricted
• Test if work profile applications validate device compliance before operation
• Verify if application handles work profile suspension gracefully
• Test if application prevents work profile data exfiltration via debug interfaces
• Check if work profile specific network restrictions are enforced
• Test if application handles work profile provisioning without security gaps
• Verify if cross-profile notification listeners are properly isolated
• Test if work profile applications enforce separate biometric authentication
• Check if application prevents work data leakage via personal printing services
• Test if work profile specific lock screen policies are enforced
• Verify if application handles work profile specific certificate management
• Test if application prevents work profile data sharing via NFC
• Check if work profile applications enforce separate location sharing policies
• Test if application handles multi-user device work profile isolation
• Verify if work profile specific intent forwarding rules are restrictive
• Test if application prevents work profile data leakage via accessibility services
• Check if work profile application updates are controlled by enterprise policy

🍏

Deep Link Deep

50 checks

0/50

• Test if custom URL schemes are properly validated before processing deep link data
• Check if universal links validate the associated domain apple-app-site-association file
• Test if deep link parameters can be manipulated for unauthorized access to app features
• Verify if deep links properly sanitize input before passing to internal handlers
• Test if deep links can bypass authentication requirements for protected views
• Check if application handles deep link callback URLs to prevent open redirect attacks
• Test if deep link URL parsing handles malformed URLs without crashing or leaking data
• Verify if universal link validation prevents hijacking by malicious applications
• Test if deep link parameters are validated for type and length constraints
• Check if deep link handlers enforce authorization before executing sensitive operations
• Test if deep links can be used to inject JavaScript into WKWebView instances
• Verify if application validates the source of deep link navigation requests
• Test if deep links can manipulate application state via URL fragment parameters
• Check if deep link registered schemes do not conflict with system or other app schemes
• Test if deep link handlers prevent path traversal to access protected app resources
• Verify if application properly handles deep link requests from other apps
• Test if deep links can be used to enumerate internal application functionality
• Check if universal links AASA file is served over HTTPS with proper content-type
• Test if deep link parameters are logged without sanitization exposing sensitive data
• Verify if deep link handlers validate URL scheme before processing
• Test if deep links can access sensitive user data through URL parameter injection
• Check if application properly handles multiple deep link requests in rapid succession
• Test if deep links can bypass app Transport Security settings
• Verify if deep link navigation enforces proper view controller initialization
• Test if deep links can trigger in-app purchases without user confirmation
• Check if application prevents deep link phishing via visually similar URL schemes
• Test if deep link handlers properly validate URL encoding and decoding
• Verify if application prevents deep link abuse for account takeover via token theft
• Test if deep links can bypass biometric authentication for protected features
• Check if application validates deep link continueUserActivity restoration state
• Test if deep links can be used to exfiltrate data via custom scheme callbacks
• Verify if application properly handles deep link cancellation and cleanup
• Test if deep links can modify shared UserDefaults or app group data
• Check if universal links properly handle multiple matching patterns
• Test if deep link handlers validate calling application bundle identifier
• Verify if application prevents deep link injection via pasteboard or clipboard
• Test if deep links can exploit scene lifecycle for unauthorized access
• Check if deep link parameters can override security-critical app settings
• Test if application handles deep links with excessive parameter sizes securely
• Verify if deep link routing does not expose internal view controller hierarchy
• Test if deep links can trigger background URL sessions with malicious endpoints
• Check if application validates deep link redirect chains to prevent SSRF
• Test if deep links can bypass content filtering or parental controls
• Verify if application prevents deep link abuse for privilege escalation within app
• Test if deep link handlers properly isolate web content from native functionality
• Check if deep links can access CloudKit or iCloud data without proper authorization
• Test if application handles deep link scheme confusion attacks
• Verify if deep links enforce rate limiting to prevent automated abuse
• Test if application prevents deep link data persistence across app sessions
• Check if universal links validate app ID in AASA file matches the requesting app

🍏

Notification Security

50 checks

0/50

• Test if push notifications contain sensitive data visible on lock screen
• Check if notification content extension validates data before display
• Test if notification service extension properly handles encrypted payloads
• Verify if remote notification registration uses proper device token handling
• Test if notification actions can be triggered without proper authentication
• Check if notification categories properly group sensitive vs non-sensitive alerts
• Test if application handles notification receipt while in foreground securely
• Verify if notification content does not leak information via preview text
• Test if critical alert notifications require proper authorization entitlement
• Check if notification attachments are validated before rendering
• Test if mutable content notifications can be tampered with in transit
• Verify if application properly handles notification deletion events
• Test if notification service extension does not expose data to other processes
• Check if notification response handling validates user identity before action
• Test if application prevents notification content spoofing from malicious servers
• Verify if notification payload size limits are enforced to prevent DoS
• Test if application handles background notification processing securely
• Check if notification actions require biometric confirmation for sensitive operations
• Test if silent notifications cannot be abused for unauthorized background activity
• Verify if notification content extension properly isolates rendered content
• Test if application validates APNs certificate pinning for push connections
• Check if notification scheduling prevents unauthorized future action execution
• Test if notification settings respect user privacy preferences
• Verify if application handles notification failure without retrying sensitive data
• Test if notification custom sounds do not reveal information about notification type
• Check if notification badge count manipulation is protected from unauthorized apps
• Test if application properly handles notification when device is locked
• Verify if notification thread identifier is not used to correlate sensitive data
• Test if notification target content identifier prevents unauthorized content access
• Check if application prevents notification data exfiltration via accessibility features
• Test if notification summary text does not expose sensitive message content
• Verify if application handles communication notification permissions properly
• Test if notification relevance score cannot be manipulated to prioritize malicious content
• Check if application filters notification content based on Focus mode settings
• Test if notification filter criteria do not expose user behavior patterns
• Verify if application prevents notification interception by malicious keyboards
• Test if notification handling does not create temporary files with sensitive data
• Check if application properly validates notification source before processing actions
• Test if notification launching behavior properly authenticates user in app
• Verify if application handles notification rate limiting to prevent spam abuse
• Test if notification content extension prevents cross-site scripting in web views
• Check if application prevents notification data persistence in system databases
• Test if notification alert configuration does not leak data to other apps
• Verify if application handles notification when app is in different authentication states
• Test if notification icon and color cannot be used to spoof system notifications
• Check if application properly handles notification while VPN is active
• Test if critical notification entitlement is not abused for non-critical purposes
• Verify if application handles notification service extension crash without data loss
• Test if notification action authentication prevents unauthorized response submission
• Check if application properly secures notification channel communication

🍏

Sandbox Deep

50 checks

0/50

• Test if application properly isolates data within its sandbox container
• Check if application accesses files outside its designated container
• Test if temporary files are created with proper permissions in sandbox
• Verify if application properly uses app group containers for shared data
• Test if sandbox escape is possible via URL scheme handler exploitation
• Check if application handles file coordination with other apps securely
• Test if application prevents access to other apps' container directories
• Verify if application uses security-scoped bookmarks for external file access
• Test if application properly handles sandbox extension revocation
• Check if application prevents data exfiltration via pasteboard from sandbox
• Test if application file provider extension operates within sandbox constraints
• Verify if application handles XPC services with proper sandbox entitlements
• Test if application sandbox profile restricts network access appropriately
• Check if application properly sanitizes file paths to prevent sandbox escape
• Test if application prevents symbolic link attacks that escape sandbox
• Verify if application uses hardening runtime entitlement for additional protection
• Test if application handles keychain access within sandbox restrictions
• Check if application prevents unauthorized Darwin notification observation
• Test if application properly isolates web content in WKWebView within sandbox
• Verify if application share extension operates within sandbox boundary
• Test if application prevents IPC-based sandbox escape via Mach messages
• Check if application handles document picker within sandbox constraints
• Test if application photo library access is properly sandboxed
• Verify if application prevents data leakage via UIActivityViewController
• Test if application properly handles iCloud container sandbox boundaries
• Check if application prevents unauthorized access to /tmp directory across apps
• Test if application handles background fetch within sandbox restrictions
• Verify if application prevents sandbox escape via custom keyboard extension
• Test if application properly restricts network extensions within sandbox
• Check if application prevents unauthorized inter-app communication via Darwin ports
• Test if application properly handles callkit integration within sandbox
• Verify if application prevents data exfiltration via handoff between devices
• Test if application properly handles universal links within sandbox constraints
• Check if application prevents exploit of XPC service for sandbox escape
• Test if application properly restricts SiriKit intent handling within sandbox
• Verify if application prevents unauthorized access to shared framework data
• Test if application properly handles Core Data store within sandbox container
• Check if application prevents exploitation of NSFileCoordinator for sandbox escape
• Test if application properly restricts NSURLSession background transfers in sandbox
• Verify if application prevents unauthorized access to app group containers
• Test if application properly handles intent extension sandbox restrictions
• Check if application prevents exploitation of MapKit for sandbox data exfiltration
• Test if application properly restricts notification service extension sandbox
• Verify if application prevents exploit of IPC via NSXPCConnection for sandbox escape
• Test if application properly handles action extension within sandbox boundary
• Check if application prevents data leakage via UIPasteboard between sandboxed apps
• Test if application properly restricts network multicast within sandbox
• Verify if application prevents exploitation of OpenSSH or remote services
• Test if application properly handles photo editing extension sandbox constraints
• Check if application prevents sandbox escape via IOKit framework exploitation

🍏

Keychain Deep 2

50 checks

0/50

• Test if keychain items use appropriate access control with biometric protection
• Check if keychain items are stored with kSecAttrAccessible policy appropriate for sensitivity
• Test if application uses kSecAccessControlUserPresence for sensitive keychain items
• Verify if keychain items are properly deleted when user logs out
• Test if keychain item access groups properly isolate data between apps
• Check if application uses kSecAttrSynchronizable appropriately for iCloud keychain
• Test if keychain items are protected with device passcode requirement
• Verify if application properly handles keychain migration to new device
• Test if keychain items have unique service identifiers to prevent collision
• Check if application validates keychain item before using stored credentials
• Test if keychain items are encrypted with application-specific keys
• Verify if application handles keychain item update without data exposure
• Test if application uses Secure Enclave for keychain key operations when available
• Check if keychain item attributes do not expose sensitive metadata
• Test if application properly handles keychain access in background state
• Verify if application uses kSecAttrAccessibleWhenUnlockedThisDeviceOnly for device-bound items
• Test if application properly handles keychain data protection class changes
• Check if keychain search queries use specific attributes to prevent data leakage
• Test if application handles keychain quota limits without data exposure
• Verify if application properly invalidates keychain items on passcode change
• Test if application prevents keychain item access from compromised processes
• Check if application uses authentication context for biometric-gated keychain access
• Test if keychain items are properly scoped with kSecAttrAccount uniqueness
• Verify if application handles keychain error codes without information leakage
• Test if application properly rotates keychain encryption keys
• Check if keychain items are protected against cold boot attacks on device
• Test if application uses kSecAttrAccessibleAfterFirstUnlock appropriately for background access
• Verify if application prevents keychain data from being included in backups
• Test if application handles concurrent keychain access from multiple threads
• Check if keychain items are invalidated on device unenrollment from MDM
• Test if application properly handles keychain item sharing via access groups
• Verify if application uses kSecAttrTokenID for hardware-backed keychain items
• Test if application properly handles keychain authentication UI context
• Check if keychain items have appropriate creation and modification dates tracked
• Test if application prevents keychain access during device lock state
• Verify if application properly validates keychain item integrity before use
• Test if application uses kSecAttrPersistentReference for stable keychain references
• Check if application handles keychain migration during app version updates
• Test if application prevents keychain data leakage via backup extraction
• Verify if application properly handles keychain access with multiple fingerprints enrolled
• Test if application uses kSecAttrApplicationLabel for key identification without data leakage
• Check if application properly secures keychain access when device is jailbroken
• Test if application handles keychain operation timeout gracefully
• Verify if application uses different access levels for different keychain item types
• Test if application prevents unauthorized keychain item modification by extensions
• Check if keychain access group entitlements match between app and extensions
• Test if application properly validates LAContext before keychain operation
• Verify if application handles keychain data recovery after device restore
• Test if application prevents keychain brute force via repeated biometric attempts
• Check if application properly isolates keychain items between app and share extension

🍏

CoreData Security

50 checks

0/50

• Test if CoreData store files are encrypted using NSPersistentStoreFileProtectionKey
• Check if CoreData migration handles schema changes without data exposure
• Verify if CoreData queries prevent injection via predicate format strings
• Test if application uses NSFileProtectionComplete for CoreData store files
• Check if CoreData persistent store is properly secured in shared app group containers
• Test if application validates fetched CoreData objects before processing
• Verify if CoreData CloudKit integration uses proper encryption for synced data
• Test if application prevents unauthorized access to CoreData SQLite files
• Check if CoreData lightweight migration preserves data protection levels
• Test if application properly handles CoreData merge conflicts without data loss
• Verify if CoreData queries use parameterized predicates to prevent injection
• Test if application secures CoreData WAL and SHM files alongside main database
• Check if application properly handles CoreData store corruption scenarios
• Test if CoreData relationships do not expose unauthorized related objects
• Verify if application uses NSPersistentCloudKitContainer with proper scope restrictions
• Test if application validates CoreData entity data types before persistence
• Check if CoreData fetch request limits prevent data enumeration attacks
• Test if application properly handles CoreData store in backup exclusion
• Verify if application secures CoreData journal files from unauthorized access
• Test if application prevents CoreData query performance degradation attacks
• Check if CoreData transformable attributes use secure encoding and decoding
• Test if application validates batch update operations on CoreData entities
• Verify if application uses CoreData history tracking without exposing change logs
• Test if application properly handles CoreData store file permissions
• Check if application prevents unauthorized CoreData delete operations
• Test if CoreData unique constraints prevent data corruption from duplicate entries
• Verify if application properly validates NSManagedObject subclass data access
• Test if application handles CoreData faulting without exposing unloaded data
• Check if application uses NSPersistentStoreDescription for proper store configuration
• Test if CoreData delete rules prevent orphaned sensitive data records
• Verify if application properly handles CoreData store migration failure rollback
• Test if application prevents CoreData data exfiltration via query string manipulation
• Check if CoreData cached objects are properly cleared on logout
• Test if application validates iCloud CoreData sync destination access
• Verify if application handles CoreData save conflict resolution securely
• Test if application prevents unauthorized read access to CoreData entities via queries
• Check if application properly secures CoreData external storage records
• Test if application validates object ID stability across store migrations
• Verify if CoreData derived data does not expose sensitive information
• Test if application properly handles multiple CoreData store configurations
• Check if application prevents unauthorized access via CoreData Spotlight indexing
• Test if application uses proper transaction isolation for CoreData operations
• Verify if application handles CoreData store compaction without data leakage
• Test if application prevents data tampering via direct SQLite manipulation
• Check if CoreData fetched properties respect access control requirements
• Test if application validates custom value transformers for transformable attributes
• Verify if application properly handles CoreData asynchronous fetch without blocking UI
• Test if application prevents CoreData query plan information disclosure
• Check if application secures CoreData metadata from unauthorized access
• Verify if application handles NSFetchedResultsController data exposure in UI

🍏

Memory Security

50 checks

0/50

• Test if application clears sensitive data from memory after use
• Check if application uses secure zeroing for password buffers in memory
• Test if application prevents sensitive data from being paged to disk
• Verify if application uses malloc_zone for secure memory allocation of sensitive data
• Test if application prevents memory dumping via debuggers on jailbroken devices
• Check if application uses objc_destructInstance to clear object data on dealloc
• Test if application handles memory pressure without exposing sensitive data
• Verify if application marks sensitive memory pages as non-cacheable
• Test if application prevents memory inspection via Frida or similar tools
• Check if application uses Data object instead of NSString for sensitive data
• Test if application properly clears autorelease pool containing sensitive objects
• Verify if application prevents sensitive data from appearing in crash dumps
• Test if application uses secure deallocation for cryptographic key material
• Check if application prevents memory mapping of sensitive file contents
• Test if application properly handles secure enclave data in memory
• Verify if application uses Address Space Layout Randomization effectively
• Test if application prevents memory content leakage via uninitialized variables
• Check if application properly handles stack canary for buffer overflow protection
• Test if application prevents format string attacks via memory manipulation
• Verify if application uses Data.withUnsafeBytes for secure memory access
• Test if application clears clipboard data containing sensitive information
• Check if application prevents heap spray attacks for code execution
• Test if application properly handles memory deallocation in error paths
• Verify if application prevents use-after-free vulnerabilities in native code
• Test if application uses memory guard pages to detect buffer overruns
• Check if application prevents double-free vulnerabilities in memory management
• Test if application properly secures memory during background transitions
• Verify if application clears memory before returning to system on termination
• Test if application prevents memory content exposure via task_for_pid
• Check if application validates memory buffer sizes before copy operations
• Test if application properly handles memory alignment for security-critical operations
• Verify if application uses stack protection flags in compiled code
• Test if application prevents memory content leakage via core dumps
• Check if application properly handles memory-mapped files for sensitive data
• Test if application prevents integer overflow in memory allocation calculations
• Verify if application uses secure coding practices for pointer arithmetic
• Test if application prevents memory disclosure via timing side channels
• Check if application properly handles memory fragmentation for security
• Test if application validates memory region permissions before access
• Verify if application prevents return-oriented programming attacks
• Test if application uses Control Flow Integrity for native code protection
• Check if application properly handles memory when processing large inputs
• Test if application prevents memory content exposure via swap file
• Verify if application uses position-independent executable for ASLR
• Test if application prevents memory disclosure via uninitialized struct padding
• Check if application properly handles ARC weak references without dangling pointers
• Test if application prevents memory content leakage via exception handling
• Verify if application uses secure memory comparison for cryptographic operations
• Test if application prevents memory exhaustion attacks via resource limits
• Check if application properly handles memory during inter-process communication

🍏

File System Deep

50 checks

0/50

• Test if application stores sensitive files with NSFileProtectionComplete attribute
• Check if temporary files are securely deleted after use
• Test if application files in Documents directory are excluded from iCloud backup appropriately
• Verify if application validates file paths to prevent directory traversal attacks
• Test if application uses secure file deletion that overwrites data before removal
• Check if application properly handles file protection level changes on lock/unlock
• Test if application prevents unauthorized access to files in shared app group containers
• Verify if application validates file types before processing uploaded files
• Test if application properly handles symbolic links to prevent file system escape
• Check if application files have restrictive POSIX permissions set correctly
• Test if application prevents data leakage via file coordination notifications
• Verify if application uses NSFileCoordinator for thread-safe file access
• Test if application properly handles file download integrity verification
• Check if application prevents unauthorized file access via document picker
• Test if application validates file size limits to prevent disk space exhaustion
• Verify if application properly handles file encryption key management
• Test if application prevents file metadata leakage via extended attributes
• Check if application uses URL bookmarks securely for persistent file access
• Test if application properly handles file protection when device is locked
• Verify if application prevents unauthorized file sharing via UIActivityViewController
• Test if application validates file URL scheme before accessing local files
• Check if application properly handles file write atomicity for data integrity
• Test if application prevents file system race conditions in file operations
• Verify if application handles file system errors without exposing internal paths
• Test if application properly manages cache directory eviction of sensitive data
• Check if application prevents unauthorized file access via iTunes file sharing
• Test if application validates file content before opening with system handlers
• Verify if application properly handles file system snapshot backups
• Test if application prevents unauthorized file monitoring via dispatch source
• Check if application uses proper file protection for SQLite database files
• Test if application prevents file descriptor leakage to child processes
• Verify if application handles file system full scenarios gracefully
• Test if application properly secures files exported to external storage
• Check if application prevents unauthorized file access via print service
• Test if application validates file names for illegal characters and length
• Verify if application properly handles file system case sensitivity differences
• Test if application prevents file access via hard link exploitation
• Check if application uses secure file provider extension for cloud storage
• Test if application properly handles file versioning for data recovery
• Verify if application prevents file system metadata leakage via stat operations
• Test if application validates file ownership before performing operations
• Check if application properly handles file system encoding for Unicode names
• Test if application prevents unauthorized file creation in system directories
• Verify if application uses Data Protection API consistently for all file types
• Test if application properly handles file system access during device encryption
• Check if application prevents file leakage via Spotlight indexing
• Test if application validates file checksums for downloaded resources
• Verify if application properly handles file system junction points
• Test if application prevents unauthorized file observation via kqueue
• Check if application properly secures configuration files in application bundle

🍏

Inter-App Security

50 checks

0/50

• Test if application properly validates data received via URL schemes from other apps
• Check if application prevents unauthorized data sharing via UIPasteboard
• Test if application properly restricts custom URL scheme access
• Verify if application uses app group containers securely for data sharing
• Test if application prevents inter-app communication interception
• Check if application validates the source of incoming XPC messages
• Test if application properly handles data received via AirDrop
• Verify if application restricts share extension data access appropriately
• Test if application prevents unauthorized access to shared keychain items
• Check if application validates intent data received from SiriKit
• Test if application properly handles data received via Handoff
• Verify if application restricts activity continuation to trusted sources
• Test if application prevents data leakage via Universal Clipboard
• Check if application properly validates document provider interactions
• Test if application restricts file provider extension data access
• Verify if application prevents unauthorized inter-app audio session access
• Test if application properly handles call directory extension data
• Check if application validates message extension data integrity
• Test if application prevents photo editing extension data leakage
• Verify if application properly restricts custom keyboard data access
• Test if application prevents data exfiltration via sharing activities
• Check if application validates shared container data from other apps in group
• Test if application properly handles widget extension data sharing
• Verify if application prevents watch connectivity data interception
• Test if application validates nearby interaction data from other devices
• Check if application properly restricts NFC tag reading data sharing
• Test if application prevents unauthorized inter-process communication via Darwin notifications
• Verify if application validates data received via Core Data shared store
• Test if application properly handles CloudKit shared record access
• Check if application prevents unauthorized Game Center data access
• Test if application validates AdSupport identifier sharing consent
• Verify if application properly restricts contact store access from extensions
• Test if application prevents unauthorized event kit data sharing
• Check if application validates health kit data sharing with other apps
• Test if application properly handles HomeKit accessory data sharing
• Verify if application prevents unauthorized Maps data sharing
• Test if application validates Sign in with Apple data integrity
• Check if application properly restricts App Clips data sharing with full app
• Test if application prevents unauthorized Spotlight index data access
• Verify if application properly handles focus configuration sharing
• Test if application validates shortcut action data from other apps
• Check if application properly restricts group activity sharing
• Test if application prevents unauthorized CarPlay data access
• Verify if application validates driver kit inter-app communication
• Test if application properly handles shared with you data presentation
• Check if application prevents unauthorized live activity data access
• Test if application validates widget configuration data integrity
• Verify if application properly restricts photo picker shared access
• Test if application prevents unauthorized communication via local network
• Check if application validates Bluetooth sharing data integrity

🖥️

C/C++ Binary Security

50 checks

0/50

• Test if binary has Position Independent Executable (PIE) enabled for ASLR
• Check if binary has Stack Canary (stack smashing protector) enabled
• Test if binary has NX bit set to prevent execution from stack
• Verify if binary uses RELRO (Relocation Read-Only) for GOT protection
• Test if binary has full RELRO including immediate binding
• Check if binary uses Fortify Source for buffer overflow protection
• Test if binary has stripped symbols to prevent reverse engineering
• Verify if binary uses stack protector for all functions not just critical ones
• Test if binary prevents format string attacks with format string checking
• Check if binary uses safe string handling functions instead of unsafe ones
• Test if binary has control flow integrity enabled
• Verify if binary uses stack clash protection mechanism
• Test if binary properly validates all user input before buffer operations
• Check if binary handles integer overflow in memory allocation calculations
• Test if binary uses safe integer operations for array indexing
• Verify if binary properly initializes all variables before use
• Test if binary handles memory allocation failures gracefully
• Check if binary frees dynamically allocated memory without double-free
• Test if binary validates file paths to prevent directory traversal
• Verify if binary uses secure random number generation for cryptographic operations
• Test if binary prevents race conditions in file operations (TOCTOU)
• Check if binary validates shared library integrity before loading
• Test if binary uses privilege separation for sensitive operations
• Verify if binary drops unnecessary capabilities after initialization
• Test if binary properly handles signal handlers without security vulnerabilities
• Check if binary prevents return-oriented programming attacks
• Test if binary uses bounds checking for all array access operations
• Verify if binary properly sanitizes environment variables before use
• Test if binary prevents heap overflow via proper size validation
• Check if binary uses non-executable heap memory
• Test if binary validates command line arguments for injection attacks
• Verify if binary properly handles concurrent thread access to shared data
• Test if binary prevents information disclosure via uninitialized memory
• Check if binary uses secure deletion for sensitive data in memory
• Test if binary validates network input before processing
• Verify if binary prevents stack buffer overflow via bounded copy operations
• Test if binary uses Address Sanitizer in test builds for vulnerability detection
• Check if binary properly validates lengths in network protocol handling
• Test if binary prevents use-after-free in object lifecycle management
• Verify if binary uses strict aliasing rules to prevent type confusion
• Test if binary handles error conditions without leaking sensitive information
• Check if binary prevents null pointer dereference in critical paths
• Test if binary uses compiler hardening flags consistently across all modules
• Verify if binary prevents symlink attacks in file operations
• Test if binary properly validates SSL/TLS certificates in network connections
• Check if binary uses constant-time comparison for cryptographic verification
• Test if binary prevents side-channel attacks in cryptographic implementations
• Verify if binary handles locale-specific vulnerabilities in string processing
• Test if binary properly isolates third-party library vulnerabilities
• Check if binary uses source fortification with _FORTIFY_SOURCE=2

🖥️

Python Thick Client

50 checks

0/50

• Test if Python application code is compiled to bytecode and distributed without source
• Check if Python application uses PyInstaller or cx_Freeze with proper obfuscation
• Test if pickle deserialization accepts untrusted data leading to code execution
• Verify if application uses YAML safe_load instead of unsafe load function
• Test if Python application properly validates user input before eval() or exec()
• Check if application uses subprocess with shell=False to prevent command injection
• Test if application properly handles SQL injection via parameterized queries
• Verify if Python application uses secrets module for cryptographic randomness
• Test if application properly secures credentials stored in configuration files
• Check if application uses virtual environment isolation for dependency management
• Test if application properly validates SSL certificates in HTTPS connections
• Verify if application uses hashlib with secure algorithms instead of MD5/SHA1
• Test if application handles path traversal via os.path.join safely
• Check if application uses tempfile securely without race conditions
• Test if application properly restricts __import__ and importlib usage
• Verify if application prevents template injection in Jinja2 or Django templates
• Test if application properly handles XML external entity attacks
• Check if application uses cryptography library instead of PyCrypto for encryption
• Test if application properly validates file uploads for type and content
• Verify if application prevents LDAP injection in directory service queries
• Test if application uses environment variables securely without exposing secrets
• Check if application properly handles concurrent access with threading locks
• Test if application validates URL schemes to prevent SSRF attacks
• Verify if application uses request validation for API input parameters
• Test if application properly handles errors without exposing stack traces
• Check if application uses keyring for secure credential storage instead of files
• Test if application prevents code injection via malicious .pyc files
• Verify if application properly handles zip slip vulnerability in archive extraction
• Test if application validates DNS responses to prevent DNS rebinding
• Check if application properly restricts ctypes usage for FFI operations
• Test if application uses token-based authentication with proper expiration
• Verify if application prevents prototype pollution in JSON processing
• Test if application properly handles memory-mapped files for sensitive data
• Check if application uses secure defaults for all configuration options
• Test if application prevents timing attacks in authentication verification
• Verify if application properly handles certificate pinning for API connections
• Test if application restricts access to Python introspection capabilities
• Check if application properly validates webhook callback URLs
• Test if application uses rate limiting for authentication endpoints
• Verify if application prevents server-side template injection
• Test if application properly handles logging without exposing sensitive data
• Check if application uses secure cookie settings for web interfaces
• Test if application prevents arbitrary code execution via metaclass abuse
• Verify if application properly handles multiprocessing shared memory securely
• Test if application validates email addresses to prevent header injection
• Check if application uses secure file permissions for data storage
• Test if application properly handles OS command execution via os.system
• Verify if application prevents path manipulation via sys.path injection
• Test if application uses content security policy headers for embedded web views
• Check if application properly handles exception chaining without information leakage

🖥️

Qt Application Security

50 checks

0/50

• Test if Qt application properly validates input in QML JavaScript context
• Check if Qt application secures QWebChannel communication between C++ and JavaScript
• Test if Qt application prevents injection via QML property bindings
• Verify if Qt application properly restricts QML engine access to system resources
• Test if Qt application validates QML component loading from untrusted sources
• Check if Qt application properly secures QSettings storage of sensitive configuration
• Test if Qt application prevents SQL injection in QSqlQuery with string concatenation
• Verify if Qt application properly handles SSL/TLS in QNetworkAccessManager
• Test if Qt application validates QResource paths to prevent directory traversal
• Check if Qt application properly restricts QProcess command execution
• Test if Qt application secures inter-process communication via QLocalSocket
• Verify if Qt application properly handles file download integrity verification
• Test if Qt application prevents XSS in QTextBrowser or QWebEngineView
• Check if Qt application validates plugin loading to prevent malicious code execution
• Test if Qt application properly secures QSharedMemory for IPC data exchange
• Verify if Qt application prevents UI spoofing via widget overlay attacks
• Test if Qt application validates URLs in QDesktopServices to prevent SSRF
• Check if Qt application properly handles QFileDialog for secure file selection
• Test if Qt application restricts QClipboard access to prevent data leakage
• Verify if Qt application properly secures QNetworkReply data handling
• Test if Qt application prevents injection via Qt Script engine
• Check if Qt application validates QDataStream deserialization of untrusted data
• Test if Qt application properly handles QUrl parsing to prevent URL confusion
• Verify if Qt application secures QStateMachine transitions against manipulation
• Test if Qt application properly restricts QFileSystemWatcher to authorized paths
• Check if Qt application validates QCommandLineParser arguments for injection
• Test if Qt application prevents unauthorized access to QSessionManager
• Verify if Qt application properly handles QTemporaryFile with secure permissions
• Test if Qt application secures QQmlApplicationEngine component loading
• Check if Qt application validates QCborValue parsing for buffer overflow
• Test if Qt application properly restricts QDBus IPC access controls
• Verify if Qt application prevents QJsonDocument parsing vulnerabilities
• Test if Qt application secures QSaveFile atomic write operations
• Check if Qt application validates QMimeType detection against spoofing
• Test if Qt application properly handles QThreadPool for resource exhaustion
• Verify if Qt application secures QWebSocket connections with proper validation
• Test if Qt application prevents QScreen capture of sensitive display content
• Check if Qt application validates QTranslator loading for malicious translations
• Test if Qt application properly handles QLockFile for race condition prevention
• Verify if Qt application secures QAuthenticator credential handling
• Test if Qt application prevents QLibrary loading of untrusted shared objects
• Check if Qt application validates QBuffer operations for memory safety
• Test if Qt application properly restricts QNetworkProxy configuration abuse
• Verify if Qt application secures QSerialPort communication from eavesdropping
• Test if Qt application prevents QElapsedTimer-based timing attacks
• Check if Qt application validates QStandardPaths for sensitive directory access
• Test if Qt application properly handles QLoggingCategory information disclosure
• Verify if Qt application secures QAndroidJniObject bridge calls on Android
• Test if Qt application prevents QMacPasteboardMime data leakage on macOS
• Check if Qt application properly restricts QWinTaskbarButton on Windows

🖥️

WPF Application Security

50 checks

0/50

• Test if WPF application properly validates XAML input to prevent XAML injection
• Check if WPF application prevents clipboard data leakage via data binding
• Test if WPF application secures ClickOnce deployment with authenticode signing
• Verify if WPF application properly handles XBAP security sandbox restrictions
• Test if WPF application validates data binding expressions for code injection
• Check if WPF application prevents UI automation spy tools from reading sensitive controls
• Test if WPF application properly secures application configuration files with encryption
• Verify if WPF application handles WCF communication with proper authentication
• Test if WPF application prevents DLL hijacking via insecure library loading
• Check if WPF application properly validates input in rich text box controls
• Test if WPF application secures local database connections with encrypted credentials
• Verify if WPF application prevents .NET reflection attacks on protected methods
• Test if WPF application properly handles serializable objects for deserialization attacks
• Check if WPF application validates WebBrowser control navigation to prevent XSS
• Test if WPF application secures isolated storage data with proper encryption
• Verify if WPF application properly restricts pack:// URI scheme access
• Test if WPF application prevents BAML decompilation revealing business logic
• Check if WPF application properly handles dispatcher timer for UI thread safety
• Test if WPF application validates file dialog paths to prevent directory traversal
• Verify if WPF application secures REST API calls with certificate pinning
• Test if WPF application prevents memory scraping via Snoop or similar tools
• Check if WPF application properly handles dependency property value coercion
• Test if WPF application validates XpsDocument loading for XXE attacks
• Verify if WPF application properly restricts add-in pipeline security
• Test if WPF application prevents credential leakage via data template binding
• Check if WPF application properly secures SQL connections with encrypted connection strings
• Test if WPF application validates RoutedEventArgs for unauthorized event injection
• Verify if WPF application properly handles PrintDialog for secure document output
• Test if WPF application prevents screenshot capture of sensitive windows
• Check if WPF application properly validates ItemsSource data binding for injection
• Test if WPF application secures WebView2 integration with proper sandboxing
• Verify if WPF application properly handles .NET remoting security
• Test if WPF application prevents key logging via keyboard hook injection
• Check if WPF application properly restricts ResourceDictionary loading from external sources
• Test if WPF application validates BitmapImage loading for malicious image files
• Verify if WPF application properly handles MediaElement for secure media playback
• Test if WPF application prevents gesture recognition abuse for unauthorized actions
• Check if WPF application properly secures ObservableCollection thread access
• Test if WPF application validates FlowDocument for malicious content injection
• Verify if WPF application properly handles Ribbon control for UI spoofing prevention
• Test if WPF application prevents drag-and-drop data exfiltration
• Check if WPF application properly restricts managed extensibility framework loading
• Test if WPF application validates XML data provider for XXE attacks
• Verify if WPF application properly handles secure string conversion for password boxes
• Test if WPF application prevents DLL side-loading via application directory
• Check if WPF application properly validates ObjectDataProvider method execution
• Test if WPF application secures Entity Framework connections with proper authentication
• Verify if WPF application properly handles ClickOnce update mechanism security
• Test if WPF application prevents tampering via resource modification
• Check if WPF application properly restricts PowerShell hosting within application

🖥️

Flutter Desktop Security

50 checks

0/50

• Test if Flutter desktop application properly obfuscates Dart code in release builds
• Check if Flutter application secures local storage via flutter_secure_storage with encryption
• Test if Flutter application properly validates platform channel communication
• Verify if Flutter application prevents snapshot reverse engineering of Dart code
• Test if Flutter application secures HTTP communication with certificate pinning
• Check if Flutter application properly handles isolate communication for sensitive data
• Test if Flutter application prevents UI inspection via Flutter DevTools in production
• Verify if Flutter application properly validates deep link and URL scheme handling
• Test if Flutter application secures shared preferences from unauthorized access
• Check if Flutter application properly handles file I/O with path validation
• Test if Flutter application prevents SQL injection in local database operations
• Verify if Flutter application properly restricts dart:io access in web builds
• Test if Flutter application secures inter-isolate message passing
• Check if Flutter application properly validates method channel arguments
• Test if Flutter application prevents WebView JavaScript bridge exploitation
• Verify if Flutter application properly handles biometric authentication security
• Test if Flutter application secures API keys stored in Dart source code
• Check if Flutter application properly handles state management data exposure
• Test if Flutter application prevents screenshot capture of sensitive screens
• Verify if Flutter application properly validates plugin permissions and capabilities
• Test if Flutter application secures network proxy configuration
• Check if Flutter application properly handles background service security
• Test if Flutter application prevents clipboard data leakage between apps
• Verify if Flutter application properly restricts dynamic code execution
• Test if Flutter application secures local notification data handling
• Check if Flutter application properly validates image and media file processing
• Test if Flutter application prevents insecure data caching
• Verify if Flutter application properly handles cryptographic key storage
• Test if Flutter application secures FFI (Foreign Function Interface) calls
• Check if Flutter application properly validates package authenticity during build
• Test if Flutter application prevents Dart VM service exposure in production
• Verify if Flutter application properly handles OAuth token storage securely
• Test if Flutter application secures WebSocket connections with proper validation
• Check if Flutter application properly restricts file picker access to sensitive paths
• Test if Flutter application prevents man-in-the-middle on API connections
• Verify if Flutter application properly handles SQLite database encryption
• Test if Flutter application secures crash reporting data transmission
• Check if Flutter application properly validates custom font loading for exploits
• Test if Flutter application prevents accessibility service data harvesting
• Verify if Flutter application properly handles secure enclave integration on macOS
• Test if Flutter application secures platform-specific keychain access
• Check if Flutter application properly restricts native messaging host communication
• Test if Flutter application prevents code injection via dynamically loaded libraries
• Verify if Flutter application properly handles JSON deserialization attacks
• Test if Flutter application secures local authentication bypass via method channel
• Check if Flutter application properly validates intent handling on platform channels
• Test if Flutter application prevents data exfiltration via custom error reporting
• Verify if Flutter application properly handles encryption key rotation
• Test if Flutter application secures auto-update mechanism integrity
• Check if Flutter application properly restricts debug and profile mode access

🖥️

Auth Deep

50 checks

0/50

• Test if thick client authentication uses secure protocol for credential transmission
• Check if authentication credentials are stored securely using OS credential manager
• Test if thick client properly invalidates sessions on logout
• Verify if thick client uses multi-factor authentication for sensitive operations
• Test if thick client authentication can be bypassed via local file modification
• Check if thick client prevents credential brute force via account lockout
• Test if thick client properly validates server certificates during authentication
• Verify if thick client handles authentication tokens with secure storage
• Test if thick client prevents authentication bypass via memory manipulation
• Check if thick client properly implements challenge-response authentication
• Test if thick client authentication is consistent across all application modules
• Verify if thick client properly handles authentication state persistence
• Test if thick client prevents session hijacking via token theft
• Check if thick client validates authentication on each API request
• Test if thick client properly handles authentication timeout and expiration
• Verify if thick client prevents replay attacks on authentication requests
• Test if thick client authentication works correctly behind proxy servers
• Check if thick client properly handles OAuth2 PKCE flow for native apps
• Test if thick client prevents authentication downgrade attacks
• Verify if thick client properly secures remember-me functionality
• Test if thick client handles password change with current password verification
• Check if thick client properly implements biometric authentication fallback
• Test if thick client prevents authentication bypass via DLL injection
• Verify if thick client properly handles concurrent session management
• Test if thick client authentication resists man-in-the-middle attacks
• Check if thick client properly validates authentication redirect URLs
• Test if thick client prevents credential harvesting via UI spoofing
• Verify if thick client properly handles SSO integration security
• Test if thick client prevents authentication bypass via registry modification
• Check if thick client properly implements Kerberos authentication securely
• Test if thick client validates JWT tokens with proper signature verification
• Verify if thick client properly handles token refresh without exposure
• Test if thick client prevents authentication via cached or stale credentials
• Check if thick client properly secures API key rotation mechanism
• Test if thick client prevents authentication bypass via debug backdoors
• Verify if thick client properly handles certificate-based authentication
• Test if thick client prevents authentication state manipulation via debug tools
• Check if thick client properly implements password complexity requirements
• Test if thick client prevents authentication information disclosure via error messages
• Verify if thick client properly handles authentication in offline mode
• Test if thick client secures hardware token authentication integration
• Check if thick client properly validates server identity during authentication
• Test if thick client prevents authentication bypass via time manipulation
• Verify if thick client properly handles mutual TLS authentication
• Test if thick client prevents credential leakage via process memory dump
• Check if thick client properly implements step-up authentication for admin actions
• Test if thick client prevents authentication bypass via API direct access
• Verify if thick client properly handles authentication logging and audit
• Test if thick client prevents authentication token extraction via Frida hooking
• Check if thick client properly handles password recovery flow security

🖥️

Local Storage Deep

50 checks

0/50

• Test if thick client encrypts sensitive data stored in local files
• Check if application stores credentials in plain text configuration files
• Test if thick client properly secures SQLite database files with encryption
• Verify if application clears temporary files containing sensitive data
• Test if thick client prevents unauthorized access to application data directory
• Check if application stores session tokens in secure OS credential storage
• Test if thick client properly handles registry key security on Windows
• Verify if application prevents data leakage via insecure file permissions
• Test if thick client properly secures log files containing sensitive information
• Check if application uses OS-provided encryption APIs for data at rest
• Test if thick client prevents data recovery after deletion using secure wipe
• Verify if application properly handles keychain access on macOS
• Test if thick client secures data stored in application support directories
• Check if application prevents data leakage via swap file or hibernation file
• Test if thick client properly validates local cache data integrity
• Verify if application uses DPAPI for protecting sensitive data on Windows
• Test if thick client properly handles shared preferences security on Linux
• Check if application prevents data leakage via symbolic link following
• Test if thick client secures serialized object storage from deserialization attacks
• Verify if application properly handles local database backup security
• Test if thick client prevents data leakage via thumbnail cache
• Check if application properly secures configuration file encryption keys
• Test if thick client validates data read from local storage before use
• Verify if application prevents unauthorized modification of local settings
• Test if thick client properly handles credential rotation in local storage
• Check if application secures crash dump files from containing sensitive data
• Test if thick client prevents data leakage via recently used file lists
• Verify if application properly handles multi-user data isolation on shared devices
• Test if thick client secures offline data synchronization cache
• Check if application prevents data leakage via search index files
• Test if thick client properly handles secure deletion of expired data
• Verify if application restricts access to local storage based on user privileges
• Test if thick client prevents data extraction via memory-mapped file access
• Check if application properly secures WebSocket message cache
• Test if thick client validates local storage data format to prevent injection
• Verify if application prevents data leakage via spell check dictionary
• Test if thick client properly handles encrypted volume mounting security
• Check if application secures autocomplete and form data storage
• Test if thick client prevents data leakage via clipboard history
• Verify if application properly handles key derivation for local encryption
• Test if thick client secures application telemetry data storage
• Check if application prevents data leakage via system restore points
• Test if thick client properly handles metadata in stored documents
• Verify if application secures download cache from unauthorized access
• Test if thick client prevents data leakage via version control artifacts
• Check if application properly handles encryption key escrow for local storage
• Test if thick client secures temporary directory from cross-user access
• Verify if application prevents data leakage via file system journal
• Test if thick client properly handles local storage migration security
• Check if application secures embedded database connection credentials

🖥️

Update Mechanism

50 checks

0/50

• Test if application verifies digital signature of update packages before installation
• Check if application uses HTTPS for downloading update packages
• Test if application validates update server certificate to prevent MITM
• Verify if application uses code signing to verify update integrity
• Test if application prevents rollback attacks by checking update version
• Check if application download mechanism resists man-in-the-middle attacks
• Test if application verifies checksum or hash of downloaded update files
• Verify if application handles update verification failure securely
• Test if application prevents update hijacking via DNS spoofing
• Check if application properly validates update manifest before processing
• Test if application secures update channel from unauthorized distribution
• Verify if application handles partial update download corruption securely
• Test if application prevents downgrade attacks via version enforcement
• Check if application properly handles automatic update consent and notification
• Test if application validates update URL to prevent SSRF via update mechanism
• Verify if application uses secure bootstrapping for initial update checks
• Test if application prevents update package tampering during transit
• Check if application properly handles update in multi-user environments
• Test if application secures update temporary files from unauthorized access
• Verify if application handles update rollback mechanism securely
• Test if application prevents update mechanism abuse for privilege escalation
• Check if application validates delta update integrity against full package
• Test if application properly handles concurrent update checks
• Verify if application secures update configuration from unauthorized modification
• Test if application prevents malicious update injection via compromised CDN
• Check if application properly validates update scheduling and timing
• Test if application secures update cache directory from tampering
• Verify if application handles update in kiosk or locked-down environments
• Test if application prevents update bypass via direct binary replacement
• Check if application properly handles update over metered connections
• Test if application validates plugin or extension update integrity
• Verify if application prevents update channel switching to malicious source
• Test if application properly handles update when filesystem is read-only
• Check if application secures update log files from information disclosure
• Test if application prevents update mechanism DoS via resource exhaustion
• Verify if application properly handles certificate revocation for update signing
• Test if application validates update metadata including size and version constraints
• Check if application prevents update path traversal to write arbitrary files
• Test if application properly handles update installation in secure directories
• Verify if application prevents race condition during update file replacement
• Test if application secures update API endpoint authentication
• Check if application properly handles update on virtualized environments
• Test if application prevents update mechanism from being disabled by malware
• Verify if application validates update signature algorithm strength
• Test if application properly handles update verification on compromised systems
• Check if application prevents update supply chain attacks via dependency verification
• Test if application secures update rollback point from unauthorized modification
• Verify if application handles update notification spoofing prevention
• Test if application prevents malicious update via time-stamping authority compromise
• Check if application properly handles update after extended offline period

🌐

HTTP Header Security Deep

101 checks

0/101

• Test for X-Content-Type-Options header missing (should be nosniff)
• Test for X-Frame-Options header missing (should be DENY or SAMEORIGIN)
• Test for X-XSS-Protection header configuration (should be 1; mode=block)
• Test for Content-Security-Policy header missing or misconfigured
• Test for Strict-Transport-Security header missing or weak max-age
• Test for Referrer-Policy header missing (should be strict-origin-when-cross-origin)
• Test for Permissions-Policy header missing or overly permissive
• Test for Cross-Origin-Opener-Policy header configuration
• Test for Cross-Origin-Resource-Policy header configuration
• Test for Cross-Origin-Embedder-Policy header configuration
• Test for Server header disclosing technology version information
• Test for X-Powered-By header disclosing backend technology
• Test for X-AspNet-Version header disclosing .NET version
• Test for X-AspNetMvc-Version header disclosing MVC version
• Test for X-Generator header disclosing CMS information
• Test for X-Request-ID header predictability and information leakage
• Test for X-Forwarded-For header injection for IP spoofing
• Test for X-Forwarded-Host header injection for host spoofing
• Test for X-Forwarded-Proto header manipulation for protocol downgrade
• Test for X-Original-URL header for authentication bypass
• Test for X-Rewrite-URL header for path manipulation
• Test for Forwarded header injection per RFC 7239
• Test for Proxy header injection for proxy abuse
• Test for Max-Forwards header manipulation for trace limiting
• Test for Via header disclosing proxy information
• Test for Accept header content negotiation attack
• Test for Accept-Language header for locale-based attacks
• Test for Accept-Encoding header for compression-based attacks
• Test for Content-Type header missing or incorrect charset declaration
• Test for Cache-Control header missing on sensitive pages
• Test for Pragma header missing on sensitive pages
• Test for Expires header configuration for sensitive content
• Test for ETag header information disclosure
• Test for Last-Modified header for timing attack information
• Test for Set-Cookie missing Secure flag on HTTPS sites
• Test for Set-Cookie missing HttpOnly flag on session cookies
• Test for Set-Cookie missing SameSite attribute
• Test for Set-Cookie domain attribute too broadly scoped
• Test for Set-Cookie path attribute too broadly scoped
• Test for Access-Control-Allow-Origin header reflecting arbitrary origins
• Test for Access-Control-Allow-Credentials header with wildcard origin
• Test for Access-Control-Allow-Methods exposing dangerous methods
• Test for Access-Control-Allow-Headers exposing sensitive headers
• Test for Access-Control-Expose-Headers leaking sensitive headers
• Test for Access-Control-Max-Age cache duration for CORS preflight
• Test for Content-Security-Policy report-uri directive information disclosure
• Test for Content-Security-Policy unsafe-inline directive for script-src
• Test for Content-Security-Policy unsafe-eval directive for script-src
• Test for Content-Security-Policy data: URI in script-src
• Test for Content-Security-Policy blob: URI in script-src
• Test for Content-Security-Policy * wildcard in default-src
• Test for Content-Security-Policy missing default-src fallback
• Test for Content-Security-Policy frame-ancestors bypass via X-Frame-Options
• Test for Content-Security-Policy base-uri restriction missing
• Test for Content-Security-Policy form-action restriction missing
• Test for Content-Security-Policy object-src allowing plugin content
• Test for Content-Security-Policy worker-src restriction missing
• Test for Content-Security-Policy manifest-src restriction missing
• Test for Content-Security-Policy connect-src too permissive
• Test for Content-Security-Policy img-src allowing data: URIs
• Test for Content-Security-Policy style-src allowing inline styles
• Test for Content-Security-Policy font-src too permissive scope
• Test for Content-Security-Policy media-src too permissive scope
• Test for HSTS max-age too short (should be at least 31536000)
• Test for HSTS includeSubDomains directive missing
• Test for HSTS preload directive missing
• Test for HSTS not present on all HTTPS responses
• Test for HPKP (HTTP Public Key Pinning) removed but still testing
• Test for Expect-CT header for certificate transparency enforcement
• Test for X-Permitted-Cross-Domain-Policies header configuration
• Test for X-Download-Options header for IE file download security
• Test for Timing-Allow-Origin header for resource timing exposure
• Test for Feature-Policy (deprecated) vs Permissions-Policy migration
• Test for Permissions-Policy camera directive too permissive
• Test for Permissions-Policy microphone directive too permissive
• Test for Permissions-Policy geolocation directive too permissive
• Test for Permissions-Policy payment directive too permissive
• Test for Permissions-Policy usb directive too permissive
• Test for Permissions-Policy serial directive too permissive
• Test for Permissions-Policy bluetooth directive too permissive
• Test for Permissions-Policy hid directive too permissive
• Test for Permissions-Policy idle-detection directive too permissive
• Test for Permissions-Policy screen-wake-lock directive too permissive
• Test for Permissions-Policy sync-xhr directive enabled
• Test for Permissions-Policy document-domain directive enabled
• Test for Permissions-Policy encrypted-media directive too permissive
• Test for Permissions-Policy fullscreen directive too permissive
• Test for Permissions-Policy autoplay directive too permissive
• Test for Permissions-Policy picture-in-picture directive too permissive
• Test for Link header injection for resource preload attacks
• Test for Location header injection for open redirect
• Test for Refresh header injection for meta redirect attacks
• Test for Content-Disposition header for file download security
• Test for Content-Length header mismatch for request smuggling
• Test for Transfer-Encoding header for request smuggling detection
• Test for Connection header for proxy connection handling
• Test for Upgrade-Insecure-Requests header for HTTPS migration
• Test for DNT (Do Not Track) header handling and compliance
• Test for Sec-Fetch-* metadata headers for request context validation
• Test for Sec-CH-UA client hints for user agent information leakage
• Test for Reporting-Endpoints header for CSP violation reporting

🌐

Login Page Security Deep

98 checks

0/98

• Test for username enumeration via different error messages
• Test for username enumeration via response timing differences
• Test for username enumeration via password reset form
• Test for username enumeration via registration form
• Test for username enumeration via forgot password flow
• Test for username enumeration via account recovery flow
• Test for brute force protection on login endpoint
• Test for account lockout after failed login attempts
• Test for account lockout bypass via different IP addresses
• Test for account lockout bypass via header manipulation
• Test for CAPTCHA implementation on login form
• Test for CAPTCHA bypass via OCR or solving services
• Test for CAPTCHA bypass via reusing old CAPTCHA tokens
• Test for login with SQL injection in username field
• Test for login with SQL injection in password field
• Test for login with NoSQL injection in credentials
• Test for login with LDAP injection in username
• Test for login with XPath injection in credentials
• Test for authentication bypass via parameter manipulation
• Test for authentication bypass via HTTP method change
• Test for authentication bypass via forceful browsing
• Test for authentication bypass via URL path manipulation
• Test for authentication bypass via cookie manipulation
• Test for authentication bypass via JWT manipulation
• Test for authentication bypass via session fixation
• Test for remember me functionality security
• Test for remember me token predictability
• Test for remember me token stored insecurely
• Test for login with email case sensitivity handling
• Test for login with Unicode normalization in credentials
• Test for login with trailing/leading whitespace in username
• Test for login with null byte injection in credentials
• Test for login with very long username/password (buffer overflow)
• Test for login with special characters in credentials
• Test for login with emoji in username/password fields
• Test for login rate limiting per username vs per IP
• Test for login with concurrent requests (race condition)
• Test for login notification and alerting mechanism
• Test for login from new device detection and notification
• Test for login from new location detection and alerting
• Test for login session creation on successful auth
• Test for login session not invalidated on failure
• Test for login with IP-based access control bypass
• Test for login with geo-blocking bypass via VPN/proxy
• Test for login with time-based access control bypass
• Test for login credential encryption in transit
• Test for login credential handling in memory
• Test for login form autocomplete attribute configuration
• Test for login form password masking and visibility toggle
• Test for login form CSRF token presence and validation
• Test for login with alternate authentication methods
• Test for login with social OAuth provider bypass
• Test for login with SSO authentication bypass
• Test for login with API key authentication
• Test for login with certificate-based authentication
• Test for login with hardware token authentication
• Test for login with magic link authentication security
• Test for login with passwordless authentication security
• Test for login with biometric authentication on mobile
• Test for login session timeout configuration
• Test for login session absolute timeout configuration
• Test for login session idle timeout configuration
• Test for login with remember device functionality
• Test for login with trusted device management
• Test for login history and audit log security
• Test for login attempt logging and monitoring
• Test for login with disabled/deactivated account handling
• Test for login with unverified email account handling
• Test for login with suspended account error messages
• Test for login with deleted account error messages
• Test for login with merged account handling
• Test for login with pending activation account handling
• Test for login with multi-tenant account selection
• Test for login with subdomain-based tenant isolation
• Test for login with role-based authentication flows
• Test for login with step-up authentication for sensitive actions
• Test for login with progressive authentication enforcement
• Test for login with risk-based authentication triggers
• Test for login with adaptive authentication mechanism
• Test for login with continuous authentication monitoring
• Test for login page rendering security (XSS in error messages)
• Test for login page clickjacking protection
• Test for login page autocomplete off on password field
• Test for login page password manager compatibility
• Test for login page keyboard shortcut security
• Test for login page tab order and accessibility security
• Test for login page copy/paste restriction on password field
• Test for login page browser password save prompt behavior
• Test for login page screen reader information disclosure
• Test for login page responsive design security implications
• Test for login page print/screen capture protection
• Test for login page iframe embedding protection
• Test for login page resource loading security (CSP)
• Test for login page third-party script security
• Test for login page analytics/tracking data leakage
• Test for login page A/B testing security implications
• Test for login page internationalization security
• Test for login page right-to-left text handling security

🌐

Registration Security Deep

96 checks

0/96

• Test for duplicate email registration with different case
• Test for duplicate username registration with Unicode variants
• Test for registration with disposable email addresses
• Test for registration with email alias (plus addressing)
• Test for registration with subdomain email addresses
• Test for registration with very long email address
• Test for registration with internationalized email (IDN)
• Test for registration with email containing special characters
• Test for registration with null byte in email address
• Test for registration with spaces in email address
• Test for registration without email verification requirement
• Test for email verification link token predictability
• Test for email verification link token expiration
• Test for email verification link single-use enforcement
• Test for email verification link for any account
• Test for registration with weak password acceptance
• Test for registration with commonly used passwords
• Test for registration with password same as username
• Test for registration with password same as email
• Test for registration with very short password
• Test for registration with very long password (DoS)
• Test for registration with password containing only spaces
• Test for registration with null byte in password
• Test for registration with Unicode characters in password
• Test for mass assignment in registration endpoint
• Test for role injection during registration (isAdmin: true)
• Test for group/team injection during registration
• Test for privilege escalation during registration
• Test for registration with manipulated referral code
• Test for registration with manipulated invitation token
• Test for registration with manipulated CAPTCHA bypass
• Test for registration with race condition (duplicate accounts)
• Test for registration rate limiting and abuse prevention
• Test for registration with automated bot detection
• Test for registration with honeypot field detection bypass
• Test for registration form CSRF protection
• Test for registration with profile data injection
• Test for registration with XSS in name fields
• Test for registration with XSS in address fields
• Test for registration with SQL injection in fields
• Test for registration with NoSQL injection in fields
• Test for registration with LDAP injection in fields
• Test for registration with command injection in fields
• Test for registration with path traversal in fields
• Test for registration with CRLF injection in fields
• Test for registration with SSRF in URL fields
• Test for registration with open redirect in URL fields
• Test for registration with template injection in fields
• Test for registration with CSV injection in export
• Test for registration with XML injection in fields
• Test for registration with XXE in XML data fields
• Test for registration with prototype pollution in JSON
• Test for registration with type confusion in API
• Test for registration with integer overflow in numeric fields
• Test for registration with negative values in numeric fields
• Test for registration with phone number manipulation
• Test for registration with SMS verification bypass
• Test for registration with VOIP number acceptance
• Test for registration with premium rate number abuse
• Test for registration with country code manipulation
• Test for registration with date of birth manipulation
• Test for registration with age verification bypass
• Test for registration with gender field injection
• Test for registration with avatar URL manipulation (SSRF)
• Test for registration with profile picture upload bypass
• Test for registration with cover photo upload bypass
• Test for registration with social media link injection
• Test for registration with website URL field SSRF
• Test for registration with bio/description field XSS
• Test for registration with custom field injection
• Test for registration with metadata injection
• Test for registration with terms of service bypass
• Test for registration with privacy policy bypass
• Test for registration with consent manipulation
• Test for registration with marketing preference injection
• Test for registration with newsletter subscription abuse
• Test for registration with email bomb via repeated verification
• Test for registration with account activation URL leakage
• Test for registration with invite code brute force
• Test for registration with promo code abuse
• Test for registration with duplicate account detection bypass
• Test for registration with IP-based restriction bypass
• Test for registration with geo-restriction bypass via VPN
• Test for registration with device fingerprint bypass
• Test for registration with browser fingerprint bypass
• Test for registration with anti-automation bypass
• Test for registration with WAF bypass techniques
• Test for registration with rate limit bypass via headers
• Test for registration with rate limit bypass via IP rotation
• Test for registration with different API versions
• Test for registration with GraphQL mutation bypass
• Test for registration with OAuth automatic account creation
• Test for registration with SSO automatic provisioning
• Test for registration with SCIM user provisioning abuse
• Test for registration with admin account creation attempt
• Test for registration with service account creation attempt

🌐

Profile & Account Security

96 checks

0/96

• Test for email change without current email verification
• Test for email change without password confirmation
• Test for email change to already registered email
• Test for email change with race condition for account takeover
• Test for phone number change without verification
• Test for phone number change to another user number
• Test for password change without current password requirement
• Test for password change CSRF vulnerability
• Test for profile update with mass assignment (role escalation)
• Test for profile update with XSS in display name
• Test for profile update with XSS in bio/description
• Test for profile update with XSS in address fields
• Test for profile update with SSRF in avatar URL
• Test for profile update with path traversal in fields
• Test for profile update with SQL injection in fields
• Test for profile update with template injection in fields
• Test for account deletion without proper confirmation
• Test for account deletion CSRF vulnerability
• Test for account deletion data retention policy
• Test for account deletion with session invalidation
• Test for account recovery without proper verification
• Test for account recovery token predictability
• Test for account recovery token expiration
• Test for account recovery token single-use enforcement
• Test for account suspension bypass mechanism
• Test for account reactivation without verification
• Test for profile visibility settings manipulation
• Test for privacy settings bypass via API
• Test for data export request security
• Test for GDPR data deletion request security
• Test for account merge functionality security
• Test for account linking with third-party security
• Test for account unlinking security implications
• Test for two-factor authentication setup security
• Test for two-factor authentication removal without verification
• Test for backup code generation and storage security
• Test for trusted device management security
• Test for session management across devices
• Test for active session listing and termination
• Test for login notification and alerting configuration
• Test for API token management security
• Test for API token creation without proper authorization
• Test for API token scope limitation enforcement
• Test for API token expiration and rotation
• Test for webhook URL configuration security
• Test for notification preference manipulation
• Test for timezone manipulation for timing attacks
• Test for language/locale manipulation for XSS bypass
• Test for currency manipulation for financial attacks
• Test for profile field length overflow vulnerabilities
• Test for profile image upload with malware
• Test for profile image upload with SVG XSS
• Test for profile image upload with EXIF data leakage
• Test for profile link injection for phishing
• Test for username change rate limiting
• Test for username change with impersonation potential
• Test for display name with homograph attack characters
• Test for profile URL with open redirect
• Test for custom URL slug with path traversal
• Test for profile search indexing of sensitive data
• Test for profile data exposure in public APIs
• Test for profile data exposure in search results
• Test for profile data exposure in autocomplete
• Test for profile data exposure in user listing
• Test for account enumeration via profile pages
• Test for account enumeration via search functionality
• Test for account enumeration via password reset
• Test for account enumeration via registration form
• Test for account enumeration via API response differences
• Test for account takeover via email change race condition
• Test for account takeover via password reset token leakage
• Test for account takeover via session fixation
• Test for account takeover via OAuth misconfiguration
• Test for account takeover via JWT manipulation
• Test for account takeover via IDOR in profile update
• Test for account takeover via CSRF in email change
• Test for account takeover via broken authentication
• Test for account takeover via credential stuffing
• Test for account takeover via password spray attack
• Test for profile data in URL parameters for logging
• Test for profile data in Referrer headers
• Test for profile data in client-side JavaScript variables
• Test for profile data in localStorage/sessionStorage
• Test for profile data in cookies without encryption
• Test for profile data in IndexedDB without encryption
• Test for profile data in cache without protection
• Test for profile data in backup/restore functionality
• Test for profile data in email notifications
• Test for profile data in push notifications
• Test for profile data in SMS notifications
• Test for profile data in webhook payloads
• Test for profile data in third-party integrations
• Test for profile data in analytics/tracking
• Test for profile data in error reporting
• Test for profile data in crash dumps
• Test for profile data in log files

🌐

Search Function Security

95 checks

0/95

• Test for SQL injection in search query parameter
• Test for NoSQL injection in search query parameter
• Test for LDAP injection in search query parameter
• Test for XPath injection in search query parameter
• Test for XSS via reflected search query in results
• Test for XSS via search autocomplete suggestions
• Test for XSS via search result highlighting
• Test for XSS via search error messages
• Test for SSTI via search query parameter
• Test for command injection via search parameter
• Test for search parameter DOS via complex regex
• Test for search parameter DOS via ReDoS patterns
• Test for search parameter DOS via deeply nested queries
• Test for search result count information disclosure
• Test for search result data from other users
• Test for search result data from other tenants
• Test for search result data from deleted records
• Test for search filter bypass for data access
• Test for search sort parameter injection
• Test for search pagination parameter manipulation
• Test for search field selection for data extraction
• Test for search expand/embed for related data access
• Test for search autocomplete data enumeration
• Test for search suggestion information disclosure
• Test for search history data leakage
• Test for search trend data manipulation
• Test for search indexing of sensitive data
• Test for search access control on results
• Test for search rate limiting and abuse prevention
• Test for search query logging and retention
• Test for search query in browser history
• Test for search query in Referrer header
• Test for search query in server access logs
• Test for search query in analytics tracking
• Test for search result caching security
• Test for search result cache poisoning
• Test for search API key exposure in client code
• Test for search engine (Elasticsearch) direct access
• Test for search engine (Solr) direct access
• Test for search engine (Algolia) API key security
• Test for search engine (Meilisearch) authentication
• Test for search index manipulation via injection
• Test for search index deletion via API
• Test for search relevance manipulation
• Test for search bias exploitation
• Test for search content policy bypass
• Test for search with special characters handling
• Test for search with Unicode normalization issues
• Test for search with null byte injection
• Test for search with boolean operator abuse
• Test for search with wildcard character abuse
• Test for search with regex pattern injection
• Test for search with proximity operator abuse
• Test for search with range query manipulation
• Test for search with fuzzy matching exploitation
• Test for search with field boosting manipulation
• Test for search faceted navigation injection
• Test for search aggregation query abuse
• Test for search suggest/autocomplete API abuse
• Test for search document count information disclosure
• Test for search metadata exposure in response
• Test for search debug/explain endpoint exposure
• Test for search validate endpoint exposure
• Test for search analysis/analyze endpoint exposure
• Test for search admin API endpoint exposure
• Test for search backup/snapshot endpoint exposure
• Test for search template injection via parameter
• Test for search script injection via parameter
• Test for search pipeline aggregation abuse
• Test for search percolate query abuse
• Test for search scroll API for bulk data extraction
• Test for search bulk API for data manipulation
• Test for search delete by query API abuse
• Test for search update by query API abuse
• Test for search reindex API for data access
• Test for search task management API exposure
• Test for search cluster health information disclosure
• Test for search node information disclosure
• Test for search index listing and enumeration
• Test for search mapping/setting information disclosure
• Test for search shard information disclosure
• Test for search snapshot/restore abuse
• Test for search cache clearing DoS
• Test for search field data cache DoS
• Test for search circuit breaker manipulation
• Test for search thread pool exhaustion DoS
• Test for search slow log information disclosure
• Test for search index lifecycle management abuse
• Test for search rollup job manipulation
• Test for search transform job manipulation
• Test for search data stream manipulation
• Test for search SQL access endpoint exposure
• Test for search machine learning API exposure
• Test for search watcher/alerting configuration
• Test for search cross-cluster replication abuse

🌐

Payment & Checkout Security

96 checks

0/96

• Test for price manipulation in checkout API request
• Test for currency manipulation in payment flow
• Test for quantity manipulation with negative values
• Test for discount code brute force and enumeration
• Test for discount code reuse after expiration
• Test for discount code stacking beyond allowed limits
• Test for referral code manipulation for unlimited rewards
• Test for gift card balance manipulation
• Test for gift card brute force enumeration
• Test for payment bypass via direct confirmation endpoint
• Test for payment bypass via status manipulation
• Test for payment callback/replay attack
• Test for payment webhook signature verification bypass
• Test for payment provider API key exposure
• Test for payment provider test mode in production
• Test for payment amount parameter tampering
• Test for payment currency parameter tampering
• Test for payment recipient parameter tampering
• Test for payment description parameter injection
• Test for payment metadata parameter injection
• Test for payment reference number prediction
• Test for payment receipt manipulation
• Test for payment refund abuse
• Test for payment double-spend in digital currency
• Test for payment race condition in balance transfer
• Test for payment timeout exploitation for free order
• Test for payment retry exploitation for duplicate charge
• Test for payment webhook URL manipulation (SSRF)
• Test for payment card number exposure in response
• Test for payment CVV exposure in response or logs
• Test for payment card data storage compliance (PCI DSS)
• Test for payment form autocomplete on card fields
• Test for payment form XSS in error messages
• Test for payment form CSRF protection
• Test for payment form clickjacking on submit button
• Test for payment form keyboard event logging
• Test for payment form screen capture possibility
• Test for payment iframe security (Stripe/PayPal)
• Test for payment redirect URL manipulation
• Test for payment success page information disclosure
• Test for payment failure page information disclosure
• Test for payment pending page exploitation
• Test for payment confirmation email header injection
• Test for payment confirmation email content XSS
• Test for payment receipt PDF injection
• Test for payment invoice number prediction
• Test for payment order ID enumeration
• Test for payment transaction ID enumeration
• Test for payment history access control (IDOR)
• Test for payment method addition without verification
• Test for payment method deletion CSRF vulnerability
• Test for subscription creation with free trial bypass
• Test for subscription upgrade without payment
• Test for subscription downgrade refund abuse
• Test for subscription cancellation timing exploit
• Test for subscription renewal race condition
• Test for subscription period manipulation
• Test for subscription quantity manipulation
• Test for subscription feature access after expiration
• Test for tax calculation manipulation
• Test for shipping cost manipulation
• Test for shipping address injection for fraud
• Test for billing address manipulation for AVS bypass
• Test for promo code application race condition
• Test for coupon code generation predictability
• Test for loyalty points balance manipulation
• Test for loyalty points transfer abuse
• Test for loyalty points expiration bypass
• Test for store credit balance manipulation
• Test for wallet balance manipulation
• Test for cryptocurrency payment address manipulation
• Test for cryptocurrency payment amount manipulation
• Test for cryptocurrency payment confirmation race condition
• Test for invoice generation with manipulated data
• Test for receipt generation with manipulated amounts
• Test for refund request with manipulated amount
• Test for partial refund exploitation
• Test for chargeback fraud vulnerability
• Test for friendly fraud vulnerability
• Test for card testing attack vulnerability
• Test for BIN attack vulnerability on card input
• Test for payment form brute force protection
• Test for 3D Secure enrollment bypass
• Test for 3D Secure authentication bypass
• Test for 3D Secure challenge manipulation
• Test for payment token reuse after consumption
• Test for payment session timeout exploitation
• Test for payment intent manipulation (Stripe)
• Test for payment setup intent manipulation
• Test for customer object manipulation in payment provider
• Test for payment method detachment and reattachment abuse
• Test for payment balance transaction manipulation
• Test for payout schedule manipulation
• Test for payout destination manipulation
• Test for payment dispute evidence manipulation
• Test for payment review system bypass

🌐

File Handler Security Deep

96 checks

0/96

• Test for file upload without authentication requirement
• Test for file upload without authorization check (IDOR)
• Test for file upload with unrestricted file type
• Test for file upload with bypassed extension check
• Test for file upload with bypassed MIME type check
• Test for file upload with bypassed magic byte check
• Test for file upload with double extension bypass
• Test for file upload with null byte extension bypass
• Test for file upload with Content-Type manipulation bypass
• Test for file upload with alternative extension bypass (.php5, .phtml)
• Test for file upload with case variation bypass (.PhP, .JSP)
• Test for file upload with URL-encoded filename bypass
• Test for file upload with Unicode filename bypass
• Test for file upload with space in filename bypass
• Test for file upload with special character filename bypass
• Test for file upload path traversal in filename
• Test for file upload with long filename buffer overflow
• Test for file upload race condition before validation
• Test for file upload with SVG containing XSS payload
• Test for file upload with SVG containing XXE payload
• Test for file upload with HTML file for XSS
• Test for file upload with HTA file for RCE
• Test for file upload with JSP file for RCE
• Test for file upload with ASP/X file for RCE
• Test for file upload with PHP file for RCE
• Test for file upload with Python file for code execution
• Test for file upload with Perl file for code execution
• Test for file upload with Ruby file for code execution
• Test for file upload with shell script for RCE
• Test for file upload with batch file for RCE
• Test for file upload with .htaccess for configuration override
• Test for file upload with web.config for configuration override
• Test for file upload with .user.ini for PHP configuration
• Test for file upload with Cross-Origin policy file
• Test for file upload with clientaccesspolicy.xml
• Test for file upload with polyglot file (valid image + code)
• Test for file upload with ZIP bomb for DoS
• Test for file upload with decompression bomb
• Test for file upload with ZIP slip path traversal
• Test for file upload with TAR slip path traversal
• Test for file upload with EXIF data XSS payload
• Test for file upload with EXIF data for information disclosure
• Test for file upload with image for server-side processing SSRF
• Test for file upload with image for ImageMagick RCE
• Test for file upload with PDF for server-side rendering exploitation
• Test for file upload with DOCX for macro execution
• Test for file upload with XLSX for macro execution
• Test for file upload with PPTX for macro execution
• Test for file upload with ODS/ODT for macro execution
• Test for file upload with CSV for formula injection
• Test for file upload with XML for XXE processing
• Test for file upload with JSON for prototype pollution
• Test for file upload with YAML for deserialization
• Test for file upload with pickle for deserialization RCE
• Test for file upload size limit bypass
• Test for file upload count limit bypass
• Test for file upload storage location disclosure
• Test for file upload to cloud storage with public ACL
• Test for file upload to cloud storage with wrong bucket
• Test for file upload filename reflection XSS
• Test for file upload progress endpoint security
• Test for file upload chunk upload security
• Test for file upload resume upload security
• Test for file upload overwrite existing file
• Test for file upload to another user directory (IDOR)
• Test for file download without authentication
• Test for file download without authorization (IDOR)
• Test for file download path traversal in parameter
• Test for file download with symlink following
• Test for file download of configuration files
• Test for file download of backup files
• Test for file download of log files
• Test for file download of database files
• Test for file download with Content-Type sniffing
• Test for file download with Content-Disposition bypass
• Test for file preview without proper sanitization
• Test for file thumbnail generation security
• Test for file conversion service security
• Test for file preview in browser vs download behavior
• Test for file sharing link predictability
• Test for file sharing link expiration enforcement
• Test for file sharing link access control
• Test for file sharing link password bypass
• Test for file sharing link revocation enforcement
• Test for file version history access control
• Test for file deletion without proper authorization
• Test for file deletion without confirmation requirement
• Test for file undelete/recovery functionality security
• Test for file metadata exposure in API response
• Test for file EXIF data in API response
• Test for file content scanning bypass for malware
• Test for file content extraction (text from PDF/image) security
• Test for file indexing and search security
• Test for file collaboration and concurrent editing security
• Test for file comment and annotation security
• Test for file watermark injection vulnerability

🌐

Email Template Security

93 checks

0/93

• Test for email template injection with variable substitution
• Test for email template SSTI (Server-Side Template Injection)
• Test for email template XSS in HTML emails
• Test for email header injection via template parameters
• Test for email subject line injection
• Test for email CRLF injection in template fields
• Test for email template with SSRF via image URL
• Test for email template with SSRF via link URL
• Test for email template with CSS exfiltration
• Test for email template with tracking pixel injection
• Test for email template with base tag injection
• Test for email template with form action hijacking
• Test for email template with remote content loading
• Test for email template with attachment injection
• Test for email template with BCC injection
• Test for email template with CC injection
• Test for email template with Reply-To injection
• Test for email template with From header manipulation
• Test for email template with Return-Path manipulation
• Test for email template with MIME type confusion
• Test for email template with boundary injection
• Test for email template with encoded-word injection
• Test for email template with charset manipulation
• Test for email template with content-transfer-encoding abuse
• Test for email template with multi-part boundary confusion
• Test for email template with DKIM signature bypass
• Test for email template with SPF alignment abuse
• Test for email template with DMARC policy exploitation
• Test for email template phishing via lookalike sender
• Test for email template with credential harvesting form
• Test for email template with malicious attachment link
• Test for email template with malware download link
• Test for email template with ransomware download link
• Test for email template with social engineering content
• Test for email template with urgency manipulation
• Test for email template with authority impersonation
• Test for email template with fear-based manipulation
• Test for email template with curiosity-based manipulation
• Test for email template with greedy-based manipulation
• Test for email template with helpfulness-based manipulation
• Test for email template unsubscribe link manipulation
• Test for email template preference center link manipulation
• Test for email template web beacon tracking bypass
• Test for email template read receipt tracking
• Test for email template delivery status notification abuse
• Test for email template auto-reply abuse
• Test for email template out-of-office information disclosure
• Test for email template with calendar invite injection
• Test for email template with vCard contact injection
• Test for email template with geographic tracking via images
• Test for email template with device fingerprinting via CSS
• Test for email template with JavaScript execution in email client
• Test for email template with CSS animation timing attack
• Test for email template with font-based exfiltration
• Test for email template with background-image tracking
• Test for email template with list-unsubscribe header abuse
• Test for email template with list-help header abuse
• Test for email template with X-Mailer header information disclosure
• Test for email template with Message-ID predictability
• Test for email template with In-Reply-To manipulation
• Test for email template with References header manipulation
• Test for email template with X-Priority manipulation
• Test for email template with Importance header manipulation
• Test for email template with X-Spam-Status header manipulation
• Test for email template with Authentication-Results disclosure
• Test for email template with ARC header chain abuse
• Test for email template with BIMI logo manipulation
• Test for email template with TLS reporting header abuse
• Test for email template with MTA-STS policy manipulation
• Test for email template with SMTP TLS reporting abuse
• Test for email template with compressed attachment abuse
• Test for email template with encrypted attachment abuse
• Test for email template with password-protected ZIP abuse
• Test for email template with macro-enabled document attachment
• Test for email template with shortcut file (.lnk) attachment
• Test for email template with HTML application (.hta) attachment
• Test for email template with screen saver (.scr) attachment
• Test for email template with dynamic-link library (.dll) attachment
• Test for email template with executable (.exe) attachment
• Test for email template with script (.vbs, .js, .ps1) attachment
• Test for email template with Java archive (.jar) attachment
• Test for email template with ClickOnce (.application) attachment
• Test for email template with MSI installer attachment
• Test for email template with ISO/IMG disk image attachment
• Test for email template with VHD virtual disk attachment
• Test for email template with LNK shortcut attachment
• Test for email template with URL shortcut attachment
• Test for email template with search connector (.searchconnector-ms) attachment
• Test for email template with setting content (.settingcontent-ms) attachment
• Test for email template with XAP Silverlight application attachment
• Test for email template with partial download (.partial) attachment
• Test for email template with web archive (.mht) attachment
• Test for email template with RSS feed attachment

🌐

Export & Report Security

94 checks

0/94

• Test for CSV injection via formula in export fields (=CMD|...
• Test for CSV export with formula injection using +CMD|...
• Test for CSV export with formula injection using -CMD|...
• Test for CSV export with formula injection using @CMD|...
• Test for CSV export with DDE injection via =DDE formula
• Test for Excel export with macro injection vulnerability
• Test for PDF export with JavaScript injection
• Test for PDF export with SSRF via embedded URLs
• Test for PDF export with XSS via embedded HTML
• Test for PDF export with local file inclusion via template
• Test for report export with unauthorized data access
• Test for report export with IDOR for other users data
• Test for report export with parameter manipulation for data access
• Test for report generation with SSRF via image URLs
• Test for report generation with template injection
• Test for report generation with command injection via parameters
• Test for report generation with path traversal in output filename
• Test for report scheduling with SSRF via callback URL
• Test for report scheduling with email injection via recipient field
• Test for report download without authentication
• Test for report download link predictability
• Test for report download link expiration enforcement
• Test for report download link single-use enforcement
• Test for report download with path traversal in filename
• Test for report sharing with unauthorized access
• Test for report sharing link bypass via direct URL
• Test for report data aggregation bypass for sensitive info
• Test for report filtering bypass for data access
• Test for report pagination for complete data extraction
• Test for export format manipulation for data access
• Test for export with custom delimiter injection (CSV)
• Test for export with column header injection
• Test for export with row count manipulation for DoS
• Test for export with large dataset for memory exhaustion
• Test for export concurrent generation for resource exhaustion
• Test for export with Unicode BOM injection
• Test for export with null byte in field values
• Test for export with CRLF injection in field values
• Test for export with HTML injection in field values
• Test for export with script injection in field values
• Test for export with LDAP filter injection in search
• Test for export with SQL injection in filter parameters
• Test for export with NoSQL injection in filter parameters
• Test for export with XPath injection in XML exports
• Test for export with XSLT injection in XML transforms
• Test for export with XXE in XML export processing
• Test for export with ZIP bomb in compressed exports
• Test for export with path traversal in archive files
• Test for export with symlink in archive files
• Test for export with sensitive data in metadata
• Test for export with sensitive data in hidden columns
• Test for export with sensitive data in comments
• Test for export with sensitive data in headers/footers
• Test for export with sensitive data in print areas
• Test for export with sensitive data in named ranges
• Test for export with sensitive data in data validation
• Test for export with sensitive data in conditional formatting
• Test for export with sensitive data in pivot tables
• Test for export with sensitive data in chart data sources
• Test for export with data leakage via error messages
• Test for export with data leakage via debug output
• Test for export with data leakage via stack traces
• Test for export with data leakage via server info
• Test for export with data leakage via database info
• Test for export with data leakage via internal IPs
• Test for export with data leakage via file paths
• Test for export with data leakage via timestamps
• Test for export with data leakage via user IDs
• Test for export with data leakage via session IDs
• Test for export with data leakage via API keys
• Test for export with data leakage via credentials
• Test for export with concurrent download for rate limit bypass
• Test for export with automated download for scraping
• Test for export with webhook notification for data exfiltration
• Test for export with email notification for data leakage
• Test for export with Slack notification for data leakage
• Test for export with Teams notification for data leakage
• Test for export with custom template injection for RCE
• Test for export with Jinja2 template injection
• Test for export with Freemarker template injection
• Test for export with Velocity template injection
• Test for export with Thymeleaf template injection
• Test for export with ERB template injection
• Test for export with Mako template injection
• Test for export with Django template injection
• Test for export with Twig template injection
• Test for export with Pebble template injection
• Test for export with Handlebars template injection
• Test for export with Mustache template injection
• Test for export with Go template injection
• Test for export with Aurelia template injection
• Test for export with Blade template injection
• Test for export with Razor template injection
• Test for export with T4 template injection

🌐

Admin Panel Security Deep

97 checks

0/97

• Test for admin panel discovery via directory brute force
• Test for admin panel access with default credentials
• Test for admin panel access with common credentials
• Test for admin panel authentication bypass
• Test for admin panel authorization bypass via role manipulation
• Test for admin panel CSRF on all state-changing actions
• Test for admin panel XSS in all input fields
• Test for admin panel SQL injection in search/filter
• Test for admin panel IDOR in user management
• Test for admin panel privilege escalation via parameter manipulation
• Test for admin panel file upload with remote code execution
• Test for admin panel command injection in system tools
• Test for admin panel SSRF in URL import features
• Test for admin panel SSTI in content management
• Test for admin panel path traversal in file manager
• Test for admin panel information disclosure via debug mode
• Test for admin panel sensitive data exposure in API responses
• Test for admin panel session management security
• Test for admin panel concurrent session handling
• Test for admin panel two-factor authentication enforcement
• Test for admin panel IP whitelist bypass
• Test for admin panel URL/IP restriction bypass
• Test for admin panel brute force protection
• Test for admin panel account lockout mechanism
• Test for admin panel password policy enforcement
• Test for admin panel user creation with privilege escalation
• Test for admin panel user deletion CSRF vulnerability
• Test for admin panel role assignment manipulation
• Test for admin panel permission grant/revocation security
• Test for admin panel system configuration modification security
• Test for admin panel email template modification for phishing
• Test for admin panel notification template injection
• Test for admin panel cache management for cache poisoning
• Test for admin panel log viewing for sensitive data
• Test for admin panel log deletion for audit trail removal
• Test for admin panel database query execution interface
• Test for admin panel code/script execution interface
• Test for admin panel scheduled task/job management
• Test for admin panel cron job manipulation for persistence
• Test for admin panel backup/restore functionality security
• Test for admin panel system update mechanism security
• Test for admin panel plugin/extension installation security
• Test for admin panel theme/template upload security
• Test for admin panel webhook configuration SSRF
• Test for admin panel API key generation without authorization
• Test for admin panel third-party integration security
• Test for admin panel import/export data security
• Test for admin panel bulk operation security
• Test for admin panel analytics/reporting data access
• Test for admin panel search indexing control
• Test for admin panel SEO settings manipulation
• Test for admin panel redirect rule injection
• Test for admin panel custom header injection
• Test for admin panel custom script injection
• Test for admin panel CSS injection for UI manipulation
• Test for admin panel feature flag manipulation
• Test for admin panel A/B test manipulation
• Test for admin panel maintenance mode bypass
• Test for admin panel debug mode enabling
• Test for admin panel error reporting configuration
• Test for admin panel logging level manipulation
• Test for admin panel monitoring endpoint exposure
• Test for admin panel health check information disclosure
• Test for admin panel metrics/statistics endpoint exposure
• Test for admin panel environment variable access
• Test for admin panel configuration file access
• Test for admin panel secret/key management access
• Test for admin panel certificate management security
• Test for admin panel SSL/TLS configuration access
• Test for admin panel DNS management security
• Test for admin panel email service configuration
• Test for admin panel SMS service configuration
• Test for admin panel payment gateway configuration
• Test for admin panel storage service configuration
• Test for admin panel CDN configuration security
• Test for admin panel firewall rule manipulation
• Test for admin panel WAF rule manipulation
• Test for admin panel rate limiting rule manipulation
• Test for admin panel IP blocklist manipulation
• Test for admin panel user agent blocklist manipulation
• Test for admin panel CORS configuration manipulation
• Test for admin panel CSP configuration manipulation
• Test for admin panel authentication provider configuration
• Test for admin panel OAuth/SAML configuration
• Test for admin panel SSO configuration security
• Test for admin panel LDAP/AD configuration security
• Test for admin panel multi-tenancy configuration
• Test for admin panel data retention policy manipulation
• Test for admin panel privacy settings manipulation
• Test for admin panel compliance settings manipulation
• Test for admin panel audit log configuration
• Test for admin panel alert/notification configuration
• Test for admin panel webhook retry configuration
• Test for admin panel queue/service bus configuration
• Test for admin panel worker/job configuration
• Test for admin panel deployment/release configuration
• Test for admin panel feature rollout configuration

🌐

CSP Bypass Deep

50 checks

0/50

• Test CSP with report-only mode enabled in production
• Test CSP with unsafe-hashes in script-src directive
• Test CSP with nonce-based script-src bypass via nonce reuse
• Test CSP with hash-based script-src bypass via algorithm weakness
• Test CSP bypass via JSONP endpoints on allowed domains
• Test CSP bypass via AngularJS on allowed domains
• Test CSP bypass via script gadgets in allowed JavaScript
• Test CSP bypass via base-uri manipulation for relative scripts
• Test CSP bypass via DNS prefetch for data exfiltration
• Test CSP bypass via WebSockets for data exfiltration
• Test CSP bypass via navigation to blob: URLs
• Test CSP bypass via service worker registration
• Test CSP bypass via import() dynamic module loading
• Test CSP bypass via eval() from allowed script context
• Test CSP bypass via new Function() from allowed context
• Test CSP bypass via setTimeout/setInterval with string argument
• Test CSP bypass via CSS import for data exfiltration
• Test CSP bypass via @font-face for data exfiltration
• Test CSP bypass via link prefetch for DNS exfiltration
• Test CSP bypass via object tag for Flash/Silverlight
• Test CSP bypass via embed tag for plugin content
• Test CSP bypass via meta tag http-equiv for CSP override
• Test CSP bypass via SVG use element for external reference
• Test CSP bypass via iframe srcdoc attribute
• Test CSP bypass via window.open for new context
• Test CSP bypass via form submission to allowed origin
• Test CSP bypass via XSLT in XML documents
• Test CSP bypass via DOM clobbering for script execution
• Test CSP bypass via prototype pollution for policy modification
• Test CSP bypass via trusted-types for type confusion
• Test CSP with missing upgrade-insecure-requests directive
• Test CSP with missing block-all-mixed-content directive
• Test CSP with overly permissive img-src allowing data exfiltration
• Test CSP with overly permissive connect-src allowing API calls
• Test CSP with overly permissive frame-src for clickjacking
• Test CSP with overly permissive object-src for plugin execution
• Test CSP with overly permissive style-src for CSS attacks
• Test CSP with overly permissive font-src for data loading
• Test CSP with missing child-src for worker restriction
• Test CSP with missing worker-src for web worker restriction
• Test CSP with missing manifest-src for PWA restriction
• Test CSP report-uri endpoint accessibility and security
• Test CSP report-to header for Reporting API compliance
• Test CSP violation report information disclosure
• Test CSP policy enforcement on error pages
• Test CSP policy enforcement on redirect pages
• Test CSP policy enforcement on 404 pages
• Test CSP policy enforcement on API responses
• Test CSP policy enforcement on static resources
• Test CSP policy enforcement on WebSocket upgrades

🔌

API Versioning Security Deep

50 checks

0/50

• Test for API versioning security between v1 and v2 endpoints
• Test for API authentication bypass on deprecated endpoints
• Test for API rate limiting on deprecated version endpoints
• Test for API data exposure difference between versions
• Test for API field-level access control between versions
• Test for API backward compatibility security issues
• Test for API breaking change information disclosure
• Test for API deprecation notice information leakage
• Test for API sunset header security implications
• Test for API migration path security vulnerabilities
• Test for API legacy endpoint persistence and access
• Test for API parameter naming convention differences across versions
• Test for API response format differences for data extraction
• Test for API authentication mechanism differences across versions
• Test for API authorization model differences across versions
• Test for API error handling differences for information disclosure
• Test for API rate limiting differences for bypass
• Test for API CORS configuration differences across versions
• Test for API input validation differences for injection
• Test for API output filtering differences for data exposure
• Test for API pagination implementation differences for enumeration
• Test for API sorting implementation differences for data access
• Test for API filtering implementation differences for data extraction
• Test for API search implementation differences for information disclosure
• Test for API bulk operation differences for abuse
• Test for API webhook configuration differences for SSRF
• Test for API file upload differences for bypass
• Test for API file download differences for IDOR
• Test for API notification differences for spam abuse
• Test for API subscription differences for access control
• Test for API caching differences for cache poisoning
• Test for API logging differences for information disclosure
• Test for API monitoring differences for metric exposure
• Test for API health check differences for information disclosure
• Test for API documentation differences for enumeration
• Test for API schema differences for type confusion
• Test for API serialization differences for deserialization attacks
• Test for API compression differences for decompression bombs
• Test for API encoding differences for encoding attacks
• Test for API charset differences for charset injection
• Test for API content negotiation differences for content-type attacks
• Test for API header handling differences for header injection
• Test for API cookie handling differences for cookie manipulation
• Test for API session handling differences for session fixation
• Test for API token handling differences for token confusion
• Test for API key handling differences for key exposure
• Test for API signature handling differences for signature bypass
• Test for API encryption handling differences for crypto attacks
• Test for API certificate handling differences for cert bypass
• Test for API TLS handling differences for protocol downgrade

🤖

Android Third-Party SDK Deep

50 checks

0/50

• Test for Facebook SDK data leakage vulnerability
• Test for Google Analytics SDK data exposure
• Test for Firebase Analytics data leakage
• Test for Firebase Crashlytics sensitive data in crash reports
• Test for Mixpanel SDK data exposure
• Test for Amplitude SDK data leakage
• Test for Segment SDK data exposure
• Test for Branch SDK deep link manipulation
• Test for AppsFlyer SDK attribution manipulation
• Test for Adjust SDK attribution fraud
• Test for CleverTap SDK data leakage
• Test for Leanplum SDK data exposure
• Test for Braze SDK data leakage
• Test for OneSignal SDK notification security
• Test for Pusher SDK WebSocket security
• Test for PubNub SDK real-time data security
• Test for Ably SDK real-time communication security
• Test for Twilio SDK communication security
• Test for SendGrid SDK email security
• Test for AWS SDK credential exposure
• Test for Azure SDK credential exposure
• Test for Google Cloud SDK credential exposure
• Test for Stripe SDK payment security
• Test for PayPal SDK payment security
• Test for Braintree SDK payment security
• Test for AdMob SDK ad fraud vulnerability
• Test for MoPub SDK ad security
• Test for IronSource SDK ad mediation security
• Test for Unity Ads SDK security
• Test for Vungle SDK ad security
• Test for Chartboost SDK ad security
• Test for AppLovin SDK ad security
• Test for InMobi SDK ad security
• Test for Smaato SDK ad security
• Test for Fyber SDK ad mediation security
• Test for OkHttp SDK certificate pinning bypass
• Test for Retrofit SDK API communication security
• Test for Glide SDK image loading security
• Test for Picasso SDK image loading security
• Test for Coil SDK image loading security
• Test for Room database encryption security
• Test for SQLCipher database encryption security
• Test for Realm database security configuration
• Test for ObjectBox database security configuration
• Test for LruCache memory cache data leakage
• Test for SharedPreferences encryption security
• Test for EncryptedSharedPreferences implementation
• Test for Jetpack Security crypto library usage
• Test for WorkManager background task security
• Test for AlarmManager scheduled task security

🍏

iOS Third-Party SDK Deep

50 checks

0/50

• Test for Firebase iOS SDK data leakage
• Test for Google Analytics iOS SDK data exposure
• Test for Fabric/Crashlytics iOS SDK crash report security
• Test for Mixpanel iOS SDK data leakage
• Test for Amplitude iOS SDK data exposure
• Test for Segment iOS SDK data leakage
• Test for Branch iOS SDK deep link manipulation
• Test for AppsFlyer iOS SDK attribution manipulation
• Test for Adjust iOS SDK attribution fraud
• Test for Braze iOS SDK data leakage
• Test for OneSignal iOS SDK notification security
• Test for Pusher iOS SDK WebSocket security
• Test for PubNub iOS SDK real-time security
• Test for Twilio iOS SDK communication security
• Test for SendGrid iOS SDK email security
• Test for AWS iOS SDK credential exposure
• Test for Azure iOS SDK credential exposure
• Test for Google Cloud iOS SDK credential exposure
• Test for Stripe iOS SDK payment security
• Test for PayPal iOS SDK payment security
• Test for Braintree iOS SDK payment security
• Test for AdMob iOS SDK ad fraud vulnerability
• Test for MoPub iOS SDK ad security
• Test for IronSource iOS SDK ad mediation security
• Test for Unity Ads iOS SDK security
• Test for Vungle iOS SDK ad security
• Test for AppLovin iOS SDK ad security
• Test for InMobi iOS SDK ad security
• Test for Alamofire certificate pinning bypass
• Test for AFNetworking SSL pinning bypass
• Test for SDWebImage image loading security
• Test for Kingfisher image loading security
• Test for Nuke image loading security
• Test for Core Data encryption security
• Test for SQLCipher database encryption security
• Test for Realm database security configuration
• Test for FMDB database security configuration
• Test for GRDB database security configuration
• Test for KeychainAccess library security
• Test for Locksmith Keychain helper security
• Test for SAMKeychain library security
• Test for CryptoKit usage and security
• Test for CommonCrypto usage and security
• Test for RNCryptor encryption library security
• Test for CryptoSwift library security
• Test for SwiftyRSA library security
• Test for Keychain services group access security
• Test for URLSession certificate validation security
• Test for WKWebView content security policy
• Test for SFSafariViewController security isolation

🖥️

Binary Analysis Deep 2

50 checks

0/50

• Test for stack buffer overflow via long input strings
• Test for heap buffer overflow via dynamic allocation
• Test for integer overflow in arithmetic operations
• Test for integer underflow in subtraction operations
• Test for format string vulnerability in printf-family functions
• Test for use-after-free in dynamic memory management
• Test for double-free vulnerability in memory deallocation
• Test for null pointer dereference via uninitialized pointers
• Test for dangling pointer vulnerability after free
• Test for off-by-one error in array indexing
• Test for signed/unsigned comparison vulnerability
• Test for type confusion vulnerability in polymorphic code
• Test for race condition in multi-threaded operations
• Test for TOCTOU (time-of-check-to-time-of-use) in file ops
• Test for uninitialized variable usage in calculations
• Test for out-of-bounds read in array access
• Test for out-of-bounds write in array modification
• Test for division by zero in arithmetic operations
• Test for infinite loop DoS in parsing routines
• Test for recursive function stack overflow
• Test for memory leak in long-running processes
• Test for file descriptor leak in resource management
• Test for resource exhaustion via uncontrolled allocation
• Test for symbolic link race condition in file operations
• Test for hard link race condition in file operations
• Test for temp file race condition in /tmp usage
• Test for insecure temporary file creation (mktemp vs mkstemp)
• Test for insecure file permission on created files
• Test for insecure directory permission on created directories
• Test for predictable temporary file naming
• Test for privilege escalation via SUID binary exploitation
• Test for privilege escalation via SGID binary exploitation
• Test for privilege escalation via capabilities exploitation
• Test for privilege escalation via sudo misconfiguration
• Test for privilege escalation via cron job abuse
• Test for privilege escalation via systemd service manipulation
• Test for privilege escalation via Docker group membership
• Test for privilege escalation via LXC/LXD group membership
• Test for privilege escalation via Kubernetes config access
• Test for code execution via buffer overflow exploitation
• Test for code execution via return-to-libc attack
• Test for code execution via return-oriented programming (ROP)
• Test for code execution via format string exploitation
• Test for code execution via DLL injection
• Test for code execution via process injection
• Test for code execution via shared library injection
• Test for code execution via LD_PRELOAD manipulation
• Test for code execution via DYLD_INSERT_LIBRARIES on macOS
• Test for information disclosure via memory dump analysis
• Test for information disclosure via core dump analysis

🌐

Authentication Bypass Deep

51 checks

0/51

• Test for authentication bypass via JWT algorithm none
• Test for authentication bypass via JWT algorithm confusion
• Test for authentication bypass via JWT kid injection
• Test for authentication bypass via JWT jku header
• Test for authentication bypass via JWT x5u header
• Test for authentication bypass via JWT empty signature
• Test for authentication bypass via JWT claim manipulation
• Test for authentication bypass via JWT token reuse
• Test for authentication bypass via JWT token not invalidated
• Test for authentication bypass via JWT weak secret key
• Test for authentication bypass via OAuth state missing
• Test for authentication bypass via OAuth redirect_uri manipulation
• Test for authentication bypass via OAuth authorization code reuse
• Test for authentication bypass via OAuth scope escalation
• Test for authentication bypass via OAuth token leakage
• Test for authentication bypass via SAML assertion manipulation
• Test for authentication bypass via SAML signature wrapping
• Test for authentication bypass via SAML assertion replay
• Test for authentication bypass via SAML comment injection
• Test for authentication bypass via SAML XSLT injection
• Test for authentication bypass via Kerberos ticket manipulation
• Test for authentication bypass via Kerberos delegation abuse
• Test for authentication bypass via NTLM relay attack
• Test for authentication bypass via LDAP injection
• Test for authentication bypass via RADIUS authentication
• Test for authentication bypass via certificate pinning bypass
• Test for authentication bypass via client certificate manipulation
• Test for authentication bypass via mutual TLS bypass
• Test for authentication bypass via IP-based allowlist bypass
• Test for authentication bypass via geo-location bypass
• Test for authentication bypass via device fingerprint bypass
• Test for authentication bypass via browser fingerprint bypass
• Test for authentication bypass via session fixation
• Test for authentication bypass via session prediction
• Test for authentication bypass via session migration
• Test for authentication bypass via cookie injection
• Test for authentication bypass via cookie manipulation
• Test for authentication bypass via header injection
• Test for authentication bypass via parameter pollution
• Test for authentication bypass via HTTP method override
• Test for authentication bypass via URL path normalization
• Test for authentication bypass via case sensitivity manipulation
• Test for authentication bypass via encoding manipulation
• Test for authentication bypass via Unicode normalization
• Test for authentication bypass via null byte injection
• Test for authentication bypass via comment injection
• Test for authentication bypass via whitespace manipulation
• Test for authentication bypass via line ending manipulation
• Test for authentication bypass via protocol downgrade
• Test for authentication bypass via content-type switching
• Test for authentication bypass via forceful browsing

🔌

API Pagination & Filtering Deep

50 checks

0/50

• Test for pagination bypass via large limit parameter
• Test for pagination bypass via negative offset parameter
• Test for pagination bypass via zero offset parameter
• Test for pagination bypass via missing limit parameter
• Test for pagination bypass via cursor manipulation
• Test for pagination bypass via page number manipulation
• Test for pagination bypass via after/before parameter manipulation
• Test for pagination bypass via since/until parameter manipulation
• Test for pagination bypass via skip parameter manipulation
• Test for pagination bypass via first/last parameter manipulation
• Test for data enumeration via sequential pagination
• Test for data enumeration via cursor-based pagination
• Test for data enumeration via offset-based pagination
• Test for data enumeration via keyset pagination
• Test for data enumeration via seek pagination
• Test for pagination parameter injection for SQL injection
• Test for pagination parameter injection for NoSQL injection
• Test for pagination parameter injection for LDAP injection
• Test for pagination parameter injection for command injection
• Test for pagination parameter injection for XSS
• Test for pagination denial of service via large page size
• Test for pagination denial of service via deep pagination
• Test for pagination denial of service via slow queries
• Test for pagination denial of service via unbounded results
• Test for pagination denial of service via concurrent requests
• Test for pagination information disclosure via total count
• Test for pagination information disclosure via metadata
• Test for pagination information disclosure via link headers
• Test for pagination information disclosure via cursor encoding
• Test for pagination information disclosure via debug output
• Test for sort parameter injection for SQL injection
• Test for sort parameter injection for NoSQL injection
• Test for sort parameter injection for command injection
• Test for sort parameter injection for data enumeration
• Test for sort parameter injection for information disclosure
• Test for filter parameter injection for SQL injection
• Test for filter parameter injection for NoSQL injection
• Test for filter parameter injection for LDAP injection
• Test for filter parameter injection for data extraction
• Test for filter parameter injection for authorization bypass
• Test for search parameter injection for SQL injection
• Test for search parameter injection for NoSQL injection
• Test for search parameter injection for XSS
• Test for search parameter injection for SSTI
• Test for search parameter injection for ReDoS
• Test for include/embed parameter for unauthorized data access
• Test for expand parameter for unauthorized data access
• Test for fields parameter for data filtering bypass
• Test for select parameter for data extraction
• Test for projection parameter for data extraction

🤖

Android Payment Security Deep

50 checks

0/50

• Test for in-app purchase verification bypass
• Test for in-app purchase replay attack
• Test for in-app purchase refund abuse
• Test for in-app purchase price manipulation
• Test for in-app purchase signature verification bypass
• Test for Google Play Billing Library security
• Test for Google Play Billing client-side verification bypass
• Test for Google Play Billing server-side verification gaps
• Test for purchase token manipulation and reuse
• Test for purchase order ID enumeration
• Test for subscription purchase status manipulation
• Test for subscription cancellation bypass
• Test for subscription trial period abuse
• Test for subscription grace period exploitation
• Test for subscription pause/resume manipulation
• Test for promotional offer code abuse
• Test for promo code brute force enumeration
• Test for reward-based ad viewing bypass
• Test for rewarded video ad fraud
• Test for offerwall fraud and manipulation
• Test for payment intent manipulation in Google Pay
• Test for payment token reuse in Google Pay integration
• Test for Stripe mobile SDK payment security
• Test for Braintree mobile SDK payment security
• Test for PayPal mobile SDK payment security
• Test for Razorpay mobile SDK payment security
• Test for payment method storage security on device
• Test for payment card data storage compliance (PCI DSS)
• Test for payment card number exposure in logs
• Test for payment card CVV exposure in memory
• Test for payment form autocomplete on card fields
• Test for payment form screenshot protection
• Test for payment form screen recording protection
• Test for payment form clipboard data leakage
• Test for payment form accessibility service data theft
• Test for payment notification interception
• Test for payment callback URL manipulation
• Test for payment deep link hijacking
• Test for payment intent filter hijacking
• Test for payment app switching security
• Test for wallet balance manipulation via API
• Test for wallet transaction history access control
• Test for wallet withdrawal authorization bypass
• Test for wallet deposit confirmation race condition
• Test for wallet currency conversion manipulation
• Test for wallet exchange rate manipulation
• Test for wallet minimum transaction amount bypass
• Test for wallet maximum transaction limit bypass
• Test for wallet daily limit bypass
• Test for wallet monthly limit bypass

🍏

iOS Payment Security Deep

50 checks

0/50

• Test for StoreKit in-app purchase verification bypass
• Test for StoreKit receipt validation bypass
• Test for StoreKit receipt replay attack
• Test for StoreKit refund abuse vulnerability
• Test for StoreKit price manipulation in purchase flow
• Test for StoreKit subscription purchase status manipulation
• Test for StoreKit subscription cancellation bypass
• Test for StoreKit subscription trial period abuse
• Test for StoreKit introductory offer abuse
• Test for StoreKit promotional offer code abuse
• Test for StoreKit offer code brute force enumeration
• Test for Apple Pay payment token manipulation
• Test for Apple Pay merchant ID validation bypass
• Test for Apple Pay payment method data exposure
• Test for Apple Pay shipping address data leakage
• Test for Apple Pay contact information exposure
• Test for Apple Pay session security and validation
• Test for Stripe iOS SDK payment security
• Test for Braintree iOS SDK payment security
• Test for PayPal iOS SDK payment security
• Test for payment card data storage on iOS device
• Test for payment card number exposure in Keychain
• Test for payment card CVV exposure in memory
• Test for payment form autocomplete on card fields
• Test for payment form screenshot protection
• Test for payment form screen recording protection
• Test for payment form clipboard data leakage
• Test for payment notification interception on iOS
• Test for payment callback URL manipulation on iOS
• Test for payment universal link hijacking
• Test for payment URL scheme hijacking
• Test for payment app switching security on iOS
• Test for wallet balance manipulation via iOS API
• Test for wallet transaction history access control
• Test for wallet withdrawal authorization bypass
• Test for wallet deposit confirmation race condition
• Test for wallet currency conversion manipulation
• Test for wallet exchange rate manipulation
• Test for wallet minimum transaction amount bypass
• Test for wallet maximum transaction limit bypass
• Test for wallet daily limit bypass on iOS
• Test for wallet monthly limit bypass on iOS
• Test for receipt validation server communication security
• Test for App Store receipt parsing vulnerability
• Test for App Store server notification security
• Test for App Store server-to-server notification authentication
• Test for in-app purchase restoration abuse
• Test for family sharing purchase abuse
• Test for volume purchase program abuse
• Test for managed distribution abuse

🖥️

Update Mechanism Security Deep

50 checks

0/50

• Test for auto-update mechanism without code signing verification
• Test for auto-update mechanism without HTTPS for download
• Test for auto-update mechanism without integrity check
• Test for auto-update mechanism with rollback protection
• Test for auto-update mechanism with update source validation
• Test for update package tampering vulnerability
• Test for update package man-in-the-middle attack
• Test for update package DNS hijacking for redirect
• Test for update package download over HTTP
• Test for update package signature verification bypass
• Test for update package checksum verification bypass
• Test for update package version downgrade attack
• Test for update package rollback attack vulnerability
• Test for update package extraction path traversal
• Test for update package privilege escalation during install
• Test for update notification spoofing vulnerability
• Test for update URL manipulation for SSRF
• Test for update feed/manipulation XML injection
• Test for update feed RSS/Atom injection
• Test for update server authentication bypass
• Test for update server certificate validation bypass
• Test for update server TLS configuration weakness
• Test for update channel manipulation (stable to beta)
• Test for update channel injection for malicious update
• Test for update delta patch manipulation
• Test for update binary patching vulnerability
• Test for update installation without user confirmation
• Test for update installation with privilege escalation
• Test for update installation temp file security
• Test for update installation backup file security
• Test for update rollback mechanism security
• Test for update failure recovery security
• Test for update retry mechanism for DoS
• Test for update concurrent installation race condition
• Test for update file permission preservation
• Test for update configuration migration security
• Test for update data migration security
• Test for update registry key modification security
• Test for update service restart security
• Test for update process inter-process communication security
• Test for update log file information disclosure
• Test for update cache directory data exposure
• Test for update temporary directory data exposure
• Test for update download resume security
• Test for update partial download corruption vulnerability
• Test for update bandwidth consumption for DoS
• Test for update disk space consumption for DoS
• Test for update version number manipulation
• Test for update changelog injection for XSS
• Test for update notification clickjacking

🌐

Server Configuration Deep

102 checks

0/102

• Test for default Apache installation page exposure
• Test for default Nginx installation page exposure
• Test for default IIS installation page exposure
• Test for default Tomcat installation page exposure
• Test for server-status endpoint exposure on Apache
• Test for server-info endpoint exposure on Apache
• Test for mod_status module enabled on Apache
• Test for mod_info module enabled on Apache
• Test for mod_autoindex directory listing on Apache
• Test for mod_userdir user directory exposure on Apache
• Test for .htaccess file processing bypass on Apache
• Test for Nginx stub_status endpoint exposure
• Test for Nginx nginx_status endpoint exposure
• Test for Nginx autoindex module directory listing
• Test for Nginx path traversal via alias directive
• Test for Nginx path traversal via off-by-slash in location
• Test for Nginx merge_slashes disabled for path manipulation
• Test for Nginx sub_filter filter bypass techniques
• Test for IIS detailed error pages information disclosure
• Test for IIS directory browsing enabled
• Test for IIS WebDAV module enabled with write access
• Test for IIS HTTP Redirect module manipulation
• Test for IIS Application Request Routing security
• Test for IIS URL Rewrite module rule bypass
• Test for Tomcat manager application exposure
• Test for Tomcat host-manager application exposure
• Test for Tomcat default credentials (tomcat/tomcat)
• Test for Tomcat docs application exposure
• Test for Tomcat examples application exposure
• Test for Tomcat manager application default credentials
• Test for Jetty default servlet exposure
• Test for Jetty JSP servlet exposure
• Test for Jetty default welcome file list
• Test for Wildfly management console exposure
• Test for Wildfly default credentials
• Test for WebLogic admin console exposure
• Test for WebLogic default credentials (weblogic/weblogic)
• Test for WebSphere admin console exposure
• Test for WebSphere default credentials
• Test for JBoss admin console exposure
• Test for JBoss default credentials (admin/admin)
• Test for GlassFish admin console exposure
• Test for GlassFish default credentials (admin/adminadmin)
• Test for Apache Directory listing with .htaccess bypass
• Test for CORS configuration in Apache
• Test for CORS configuration in Nginx
• Test for CORS configuration in IIS
• Test for HSTS configuration in Apache
• Test for HSTS configuration in Nginx
• Test for HSTS configuration in IIS
• Test for CSP configuration in Apache
• Test for CSP configuration in Nginx
• Test for CSP configuration in IIS
• Test for X-Frame-Options configuration in Apache
• Test for X-Frame-Options configuration in Nginx
• Test for X-Frame-Options configuration in IIS
• Test for server tokens/proxy buffer overflow
• Test for HTTP/2 push abuse for cache poisoning
• Test for HTTP/2 connection coalescing security
• Test for HTTP/2 stream multiplexing abuse
• Test for HTTP/2 HPACK compression attack
• Test for HTTP/2 priority manipulation for DoS
• Test for HTTP/2 flow control window manipulation
• Test for HTTP/2 settings frame flood DoS
• Test for HTTP/2 ping frame flood DoS
• Test for HTTP/2 reset frame flood DoS
• Test for HTTP/2 CONTINUATION frame DoS
• Test for HTTP/2 rapid reset attack
• Test for HTTP/2 header table size manipulation
• Test for HTTP/2 max concurrent streams manipulation
• Test for HTTP/2 initial window size manipulation
• Test for HTTP/2 max frame size manipulation
• Test for HTTP/2 max header list size manipulation
• Test for HTTP/2 server push for cache injection
• Test for HTTP/2 alt-svc header for protocol downgrade
• Test for HTTP/2 origin frame for cross-origin access
• Test for HTTP/2 trailer header injection
• Test for HTTP/2 pseudo-header manipulation
• Test for HTTP/2 connection prefetch for resource exhaustion
• Test for HTTP/2 dependency tree manipulation for priority inversion
• Test for HTTP/2 exclusive bit manipulation for priority abuse
• Test for HTTP/2 weight manipulation for resource starvation
• Test for HTTP/2 stream dependency cycle detection bypass
• Test for HTTP/2 DATA frame padding for traffic analysis
• Test for HTTP/2 SETTINGS frame acknowledgment race
• Test for HTTP/2 GOAWAY frame error handling
• Test for HTTP/2 WINDOW_UPDATE frame manipulation
• Test for HTTP/2 CONTINUATION frame limit bypass
• Test for HTTP/2 header field segment for fragmentation
• Test for HTTP/2 dynamic table size update manipulation
• Test for HTTP/2 indexed header field for information disclosure
• Test for HTTP/2 literal header field for injection
• Test for HTTP/2 never-indexed header field for sensitive data
• Test for HTTP/2 size update for table eviction attack
• Test for HTTP/2 connection preface mismatch
• Test for HTTP/2 client magic string validation
• Test for HTTP/2 upgrade mechanism security
• Test for HTTP/2 prior knowledge fallback security
• Test for HTTP/2 ALPN negotiation manipulation
• Test for HTTP/2 NPN negotiation downgrade
• Test for HTTP/2 cleartext (h2c) protocol security
• Test for HTTP/2 proxy with HTTP/1.1 backend smuggling

🌐

Input Validation Deep

98 checks

0/98

• Test for input validation bypass via URL encoding
• Test for input validation bypass via double URL encoding
• Test for input validation bypass via HTML entity encoding
• Test for input validation bypass via Unicode encoding
• Test for input validation bypass via base64 encoding
• Test for input validation bypass via hex encoding
• Test for input validation bypass via octal encoding
• Test for input validation bypass via binary encoding
• Test for input validation bypass via JSON escaping
• Test for input validation bypass via XML escaping
• Test for input validation bypass via null byte injection
• Test for input validation bypass via comment injection
• Test for input validation bypass via whitespace manipulation
• Test for input validation bypass via case transformation
• Test for input validation bypass via length truncation
• Test for input validation bypass via character set conversion
• Test for input validation bypass via normalization differences
• Test for input validation bypass via canonical representation
• Test for input validation bypass via alternate character sets
• Test for input validation bypass via combining characters
• Test for input validation bypass via right-to-left override
• Test for input validation bypass via bidirectional text
• Test for input validation bypass via zero-width characters
• Test for input validation bypass via homoglyph substitution
• Test for input validation bypass via confusable characters
• Test for input validation bypass via Punycode/IDN
• Test for input validation bypass via composed/decomposed Unicode
• Test for input validation bypass via Unicode normalization forms
• Test for input validation bypass via NFD normalization
• Test for input validation bypass via NFC normalization
• Test for input validation bypass via NFKD normalization
• Test for input validation bypass via NFKC normalization
• Test for input validation bypass via charset detection manipulation
• Test for input validation bypass via content-type charset parameter
• Test for input validation bypass via multipart form data encoding
• Test for input validation bypass via JSON content type
• Test for input validation bypass via XML content type
• Test for input validation bypass via YAML content type
• Test for input validation bypass via MessagePack content type
• Test for input validation bypass via Protocol Buffers content type
• Test for input validation bypass via parameter pollution
• Test for input validation bypass via HTTP parameter pollution
• Test for input validation bypass via JSON parameter pollution
• Test for input validation bypass via XML parameter pollution
• Test for input validation bypass via array parameter injection
• Test for input validation bypass via object parameter injection
• Test for input validation bypass via type confusion
• Test for input validation bypass via prototype pollution
• Test for input validation bypass via mass assignment
• Test for input validation bypass via parameter array wrapping
• Test for input validation bypass via nested parameter injection
• Test for input validation bypass via dot notation injection
• Test for input validation bypass via bracket notation injection
• Test for input validation bypass via path parameter injection
• Test for input validation bypass via header parameter injection
• Test for input validation bypass via cookie parameter injection
• Test for input validation bypass via multipart parameter injection
• Test for input validation bypass via wildcard parameter matching
• Test for input validation bypass via regex parameter matching
• Test for input validation bypass via glob parameter matching
• Test for input validation bypass via template parameter injection
• Test for input validation bypass via expression language injection
• Test for input validation bypass via OGNL injection
• Test for input validation bypass via SpEL injection
• Test for input validation bypass via MVEL injection
• Test for input validation bypass via EL injection
• Test for input validation bypass via Groovy injection
• Test for input validation bypass via Python eval injection
• Test for input validation bypass via Ruby eval injection
• Test for input validation bypass via PHP eval injection
• Test for input validation bypass via Node.js eval injection
• Test for input validation bypass via Perl eval injection
• Test for input validation bypass via Lua code injection
• Test for input validation bypass via Tcl code injection
• Test for input validation bypass via Bash code injection
• Test for input validation bypass via PowerShell code injection
• Test for input validation bypass via Python exec injection
• Test for input validation bypass via Ruby exec injection
• Test for input validation bypass via PHP exec injection
• Test for input validation bypass via Perl exec injection
• Test for input validation bypass via subprocess call injection
• Test for input validation bypass via system call injection
• Test for input validation bypass via os command injection
• Test for input validation bypass via shell metacharacter injection
• Test for input validation bypass via environment variable injection
• Test for input validation bypass via path variable injection
• Test for input validation bypass via class path injection
• Test for input validation bypass via JNDI injection
• Test for input validation bypass via RMI injection
• Test for input validation bypass via LDAP injection
• Test for input validation bypass via SMTP injection
• Test for input validation bypass via IMAP injection
• Test for input validation bypass via FTP command injection
• Test for input validation bypass via DNS query injection
• Test for input validation bypass via log injection
• Test for input validation bypass via CSV injection
• Test for input validation bypass via formula injection
• Test for input validation bypass via PDF injection

🌐

Subdomain Takeover Deep

96 checks

0/96

• Test for subdomain takeover via CNAME pointing to GitHub Pages
• Test for subdomain takeover via CNAME pointing to Heroku
• Test for subdomain takeover via CNAME pointing to AWS S3
• Test for subdomain takeover via CNAME pointing to AWS CloudFront
• Test for subdomain takeover via CNAME pointing to Azure Blob
• Test for subdomain takeover via CNAME pointing to Azure Traffic Manager
• Test for subdomain takeover via CNAME pointing to Shopify
• Test for subdomain takeover via CNAME pointing to Tumblr
• Test for subdomain takeover via CNAME pointing to WordPress.com
• Test for subdomain takeover via CNAME pointing to Tilda
• Test for subdomain takeover via CNAME pointing to Squarespace
• Test for subdomain takeover via CNAME pointing to Wix
• Test for subdomain takeover via CNAME pointing to Pantheon
• Test for subdomain takeover via CNAME pointing to Fly.io
• Test for subdomain takeover via CNAME pointing to Render
• Test for subdomain takeover via CNAME pointing to Vercel
• Test for subdomain takeover via CNAME pointing to Netlify
• Test for subdomain takeover via CNAME pointing to Firebase
• Test for subdomain takeover via CNAME pointing to Ghost
• Test for subdomain takeover via CNAME pointing to Surge.sh
• Test for subdomain takeover via CNAME pointing to GitLab Pages
• Test for subdomain takeover via CNAME pointing to Bitbucket
• Test for subdomain takeover via CNAME pointing to Readme.io
• Test for subdomain takeover via CNAME pointing to Statuspage
• Test for subdomain takeover via CNAME pointing to Pingdom
• Test for subdomain takeover via CNAME pointing to UptimeRobot
• Test for subdomain takeover via CNAME pointing to Zendesk
• Test for subdomain takeover via CNAME pointing to Freshdesk
• Test for subdomain takeover via CNAME pointing to Help Scout
• Test for subdomain takeover via CNAME pointing to Intercom
• Test for subdomain takeover via CNAME pointing to SendGrid
• Test for subdomain takeover via CNAME pointing to Mailgun
• Test for subdomain takeover via CNAME pointing to Mandrill
• Test for subdomain takeover via CNAME pointing to Elastic Cloud
• Test for subdomain takeover via CNAME pointing to PagerDuty
• Test for subdomain takeover via CNAME pointing to LaunchRock
• Test for subdomain takeover via CNAME pointing to Unbounce
• Test for subdomain takeover via CNAME pointing to Instapage
• Test for subdomain takeover via CNAME pointing to Leadpages
• Test for subdomain takeover via CNAME pointing to SurveyGizmo
• Test for subdomain takeover via NS record pointing to expired domain
• Test for subdomain takeover via MX record pointing to expired service
• Test for subdomain takeover via dangling A record pointing to released IP
• Test for subdomain takeover via dangling AAAA record
• Test for subdomain takeover via expired cloud provider service
• Test for subdomain takeover via deleted cloud resource with CNAME
• Test for subdomain takeover via deprecated API gateway endpoint
• Test for subdomain takeover via decommissioned CDN distribution
• Test for subdomain takeover via abandoned Docker registry
• Test for subdomain takeover via released Elastic IP address
• Test for subdomain takeover via deleted Kubernetes service load balancer
• Test for subdomain takeover via expired SSL certificate service
• Test for subdomain takeover via deleted Firebase project
• Test for subdomain takeover via cancelled Heroku app
• Test for subdomain takeover via deleted Netlify site
• Test for subdomain takeover via deleted Vercel project
• Test for subdomain takeover via cancelled Shopify store
• Test for subdomain takeover via deleted GitHub repository
• Test for subdomain takeover via abandoned GitLab project
• Test for subdomain takeover via deleted AWS CloudFront distribution
• Test for subdomain takeover via deleted AWS S3 bucket
• Test for subdomain takeover via deleted Azure CDN endpoint
• Test for subdomain takeover via deleted Azure Web App
• Test for subdomain takeover via deleted GCP Storage bucket
• Test for subdomain takeover via deleted GCP Load Balancer
• Test for subdomain takeover via abandoned DigitalOcean droplet
• Test for subdomain takeover via deleted Linode instance
• Test for subdomain takeover via abandoned Vultr instance
• Test for subdomain takeover via deleted Cloudflare Workers route
• Test for subdomain takeover via abandoned Fastly service
• Test for subdomain takeover via deleted Akamai property
• Test for subdomain takeover via abandoned StackPath site
• Test for subdomain takeover via deleted BunnyCDN pull zone
• Test for subdomain takeover via abandoned KeyCDN zone
• Test for subdomain takeover via deleted Rackspace cloud resource
• Test for subdomain takeover via abandoned Oracle Cloud resource
• Test for subdomain takeover via deleted IBM Cloud resource
• Test for subdomain takeover via abandoned Alibaba Cloud resource
• Test for subdomain takeover via deleted Tencent Cloud resource
• Test for subdomain takeover verification and PoC generation
• Test for subdomain takeover impact assessment (cookie scope)
• Test for subdomain takeover impact assessment (CORS policy)
• Test for subdomain takeover impact assessment (CSRF impact)
• Test for subdomain takeover impact assessment (content security)
• Test for subdomain takeover impact assessment (email security)
• Test for subdomain takeover impact assessment (SSL/TLS trust)
• Test for subdomain takeover impact assessment (X-Frame-Options)
• Test for subdomain takeover impact assessment (session security)
• Test for subdomain takeover impact assessment (auth token scope)
• Test for subdomain takeover impact assessment (API key scope)
• Test for subdomain takeover impact assessment (auth cookie domain)
• Test for subdomain takeover impact assessment (SSO federation)
• Test for subdomain takeover impact assessment (OAuth redirect)
• Test for subdomain takeover impact assessment (postMessage origin)
• Test for subdomain takeover impact assessment (service worker scope)
• Test for subdomain takeover mitigation and remediation verification

🌐

Cookie Security Deep

96 checks

0/96

• Test for session cookie without Secure flag set
• Test for session cookie without HttpOnly flag set
• Test for session cookie without SameSite attribute set
• Test for session cookie with SameSite=None without Secure
• Test for session cookie with domain attribute too broadly scoped
• Test for session cookie with path attribute too broadly scoped
• Test for session cookie with predictable name or value
• Test for session cookie with insufficient entropy in value
• Test for session cookie transmitted over HTTP connection
• Test for session cookie accessible via JavaScript (no HttpOnly)
• Test for session cookie accessible from subdomains (domain scope)
• Test for session cookie accessible from other paths (path scope)
• Test for session cookie set via insecure Set-Cookie header
• Test for session cookie manipulation via cookie injection
• Test for session cookie overwriting via duplicate Set-Cookie
• Test for session cookie fixation via Set-Cookie in response
• Test for session cookie fixation via URL parameter injection
• Test for session cookie fixation via JavaScript document.cookie
• Test for session cookie fixation via meta tag refresh
• Test for session cookie fixation via HTTP response splitting
• Test for session cookie with __Host- prefix for security
• Test for session cookie with __Secure- prefix for security
• Test for session cookie priority attribute configuration
• Test for session cookie with overly long expiration (persistent)
• Test for session cookie without Max-Age or Expires attribute
• Test for session cookie with past expiration for forced deletion
• Test for session cookie third-party context security
• Test for session cookie cross-site context security
• Test for session cookie in cross-origin requests
• Test for session cookie in prefetch/prerender requests
• Test for tracking cookie consent and privacy compliance
• Test for cookie consent bypass via configuration manipulation
• Test for cookie consent storage and enforcement mechanism
• Test for third-party cookie blocking bypass techniques
• Test for cookie sync/tag manager data leakage
• Test for cookie-based authentication token security
• Test for cookie-based remember-me token security
• Test for cookie-based CSRF token security
• Test for cookie-based language/preference security
• Test for cookie-based feature flag security
• Test for cookie-based A/B test assignment security
• Test for cookie-based analytics tracking security
• Test for cookie-based advertising tracking security
• Test for cookie-based personalization data security
• Test for cookie-based session affinity (sticky sessions)
• Test for cookie-based load balancer routing security
• Test for cookie-based CDN authentication bypass
• Test for cookie-based WAF bypass via cookie manipulation
• Test for cookie-based rate limit bypass via cookie rotation
• Test for cookie-based cache key manipulation for poisoning
• Test for cookie jar overflow for security bypass
• Test for cookie size limit for denial of service
• Test for cookie count limit for browser behavior exploitation
• Test for cookie name collision for value overwriting
• Test for cookie value encoding/decoding manipulation
• Test for cookie value encryption/decryption bypass
• Test for cookie value signing/verification bypass
• Test for cookie value MAC signature forgery
• Test for cookie value HMAC signature bypass
• Test for cookie compression side-channel attack
• Test for cookie padding oracle vulnerability
• Test for cookie timing attack on value comparison
• Test for cookie length extension attack on value
• Test for cookie bit-flipping attack on encrypted value
• Test for cookie replay attack for session hijacking
• Test for cookie race condition for session manipulation
• Test for cookie deserialization attack on serialized value
• Test for cookie injection via CRLF in Set-Cookie header
• Test for cookie injection via CRLF in request headers
• Test for cookie injection via proxy response injection
• Test for cookie injection via cache poisoning
• Test for cookie injection via XSS document.cookie
• Test for cookie injection via meta http-equiv Set-Cookie
• Test for cookie injection via Service Worker fetch event
• Test for cookie injection via browser extension API
• Test for cookie injection via DNS rebinding
• Test for cookie injection via host header manipulation
• Test for cookie injection via X-Forwarded-Host header
• Test for cookie injection via cross-origin Set-Cookie
• Test for cookie injection via subdomain cookie overwriting
• Test for cookie injection via path cookie shadowing
• Test for cookie injection via cookie tossing attack
• Test for cookie injection via cookie overflow attack
• Test for cookie exfiltration via XSS payload
• Test for cookie exfiltration via CSS injection
• Test for cookie exfiltration via DNS prefetch
• Test for cookie exfiltration via WebSocket connection
• Test for cookie exfiltration via postMessage API
• Test for cookie exfiltration via navigation timing
• Test for cookie exfiltration via performance API
• Test for cookie exfiltration via error event
• Test for cookie exfiltration via fetch metadata
• Test for cookie exfiltration via service worker
• Test for cookie exfiltration via webRTC
• Test for cookie exfiltration via beacon API
• Test for cookie exfiltration via resource timing

🌐

Account Takeover Techniques

97 checks

0/97

• Test for account takeover via password reset token leakage in Referer
• Test for account takeover via password reset token predictability
• Test for account takeover via password reset token not expired
• Test for account takeover via password reset token reuse
• Test for account takeover via password reset email manipulation
• Test for account takeover via password reset host header injection
• Test for account takeover via password reset response manipulation
• Test for account takeover via email change without verification
• Test for account takeover via email change race condition
• Test for account takeover via email change CSRF vulnerability
• Test for account takeover via OAuth account linking abuse
• Test for account takeover via OAuth token leakage
• Test for account takeover via OAuth redirect_uri manipulation
• Test for account takeover via SAML assertion manipulation
• Test for account takeover via SSO session hijacking
• Test for account takeover via JWT token forgery
• Test for account takeover via JWT algorithm confusion
• Test for account takeover via JWT secret key brute force
• Test for account takeover via session fixation attack
• Test for account takeover via session prediction attack
• Test for account takeover via session hijacking via XSS
• Test for account takeover via cookie theft via XSS
• Test for account takeover via CSRF on email change
• Test for account takeover via CSRF on password change
• Test for account takeover via credential stuffing attack
• Test for account takeover via password spray attack
• Test for account takeover via brute force attack
• Test for account takeover via dictionary attack
• Test for account takeover via rainbow table attack
• Test for account takeover via social engineering
• Test for account takeover via phishing attack
• Test for account takeover via SIM swapping for 2FA bypass
• Test for account takeover via SS7 attack for SMS interception
• Test for account takeover via backup code theft
• Test for account takeover via 2FA brute force
• Test for account takeover via 2FA bypass via response manipulation
• Test for account takeover via 2FA bypass via direct endpoint access
• Test for account takeover via 2FA bypass via race condition
• Test for account takeover via 2FA bypass via session manipulation
• Test for account takeover via IDOR in profile update
• Test for account takeover via mass assignment in user update
• Test for account takeover via GraphQL mutation abuse
• Test for account takeover via API parameter tampering
• Test for account takeover via broken authentication mechanism
• Test for account takeover via weak password recovery mechanism
• Test for account takeover via security question guessing
• Test for account takeover via support/social engineering bypass
• Test for account takeover via leaked credential database
• Test for account takeover via stealer log utilization
• Test for account takeover via session token in URL
• Test for account takeover via autocomplete credential exposure
• Test for account takeover via browser saved credential theft
• Test for account takeover via malware credential theft
• Test for account takeover via keylogger credential capture
• Test for account takeover via clipboard credential theft
• Test for account takeover via screen capture credential theft
• Test for account takeover via memory dump credential extraction
• Test for account takeover via network sniffing credential capture
• Test for account takeover via proxy credential interception
• Test for account takeover via MitM credential interception
• Test for account takeover via DNS hijacking credential theft
• Test for account takeover via supply chain compromise
• Test for account takeover via third-party data breach
• Test for account takeover via API key compromise
• Test for account takeover via developer token compromise
• Test for account takeover via service account compromise
• Test for account takeover via admin panel compromise
• Test for account takeover via database access credential dump
• Test for account takeover via backup file credential extraction
• Test for account takeover via log file credential exposure
• Test for account takeover via error message credential leakage
• Test for account takeover via debug endpoint credential exposure
• Test for account takeover via source code credential exposure
• Test for account takeover via version control credential exposure
• Test for account takeover via configuration file credential exposure
• Test for account takeover via environment variable credential exposure
• Test for account takeover via CI/CD pipeline credential exposure
• Test for account takeover via container image credential exposure
• Test for account takeover via cloud metadata credential exposure
• Test for account takeover via SSRF credential access
• Test for account takeover via XXE credential extraction
• Test for account takeover via SSTI credential access
• Test for account takeover via deserialization credential access
• Test for account takeover via path traversal credential access
• Test for account takeover via LFI credential access
• Test for account takeover via RFI credential access
• Test for account takeover via command injection credential access
• Test for account takeover via SQL injection credential dump
• Test for account takeover via NoSQL injection credential access
• Test for account takeover via LDAP injection credential access
• Test for account takeover via blind injection credential extraction
• Test for account takeover via out-of-band credential exfiltration
• Test for account takeover via DNS exfiltration of credentials
• Test for account takeover via HTTP callback credential exfiltration
• Test for account takeover via ICMP credential exfiltration
• Test for account takeover via time-based credential extraction
• Test for account takeover via error-based credential extraction

🌐

Security Misconfiguration Deep

95 checks

0/95

• Test for debug mode enabled in production environment
• Test for stack trace disclosure in error responses
• Test for verbose error messages with internal information
• Test for default credentials on admin interfaces
• Test for default credentials on database interfaces
• Test for default credentials on management consoles
• Test for unnecessary services running on the server
• Test for outdated software versions with known vulnerabilities
• Test for missing security patches and updates
• Test for insecure default configuration usage
• Test for directory listing enabled on web server
• Test for directory traversal enabled on web server
• Test for server version disclosure in HTTP headers
• Test for server version disclosure in error pages
• Test for server version disclosure in meta tags
• Test for server version disclosure in comments
• Test for exposed phpinfo.php information page
• Test for exposed test/debug endpoints in production
• Test for exposed Swagger/API documentation in production
• Test for exposed GraphQL Playground in production
• Test for exposed database management interfaces
• Test for exposed cache management interfaces
• Test for exposed message queue management interfaces
• Test for exposed container orchestration dashboards
• Test for exposed CI/CD pipeline interfaces
• Test for exposed monitoring and metrics endpoints
• Test for exposed health check endpoints with details
• Test for exposed environment variable endpoints
• Test for exposed configuration endpoints
• Test for exposed secret/key management endpoints
• Test for CORS configuration allowing all origins
• Test for CORS configuration allowing credential transmission
• Test for TLS configuration with weak protocols
• Test for TLS configuration with weak cipher suites
• Test for TLS certificate validation disabled
• Test for HTTP allowed alongside HTTPS (mixed content)
• Test for HSTS header not configured
• Test for CSP header not configured
• Test for X-Frame-Options header not configured
• Test for cookie security flags not set
• Test for session management misconfiguration
• Test for password policy misconfiguration
• Test for rate limiting not configured
• Test for account lockout not configured
• Test for logging and monitoring not configured
• Test for backup and recovery misconfiguration
• Test for file permission misconfiguration
• Test for database permission misconfiguration
• Test for API key rotation not implemented
• Test for secret rotation not implemented
• Test for access control misconfiguration
• Test for network segmentation misconfiguration
• Test for firewall rule misconfiguration
• Test for WAF rule misconfiguration
• Test for load balancer misconfiguration
• Test for reverse proxy misconfiguration
• Test for CDN misconfiguration
• Test for DNS misconfiguration
• Test for email server misconfiguration
• Test for FTP server misconfiguration
• Test for SSH server misconfiguration
• Test for database server misconfiguration
• Test for web application firewall bypass
• Test for intrusion detection system bypass
• Test for intrusion prevention system bypass
• Test for data loss prevention bypass
• Test for antivirus/anti-malware bypass
• Test for content filtering bypass
• Test for network monitoring bypass
• Test for log management misconfiguration
• Test for alert management misconfiguration
• Test for incident response misconfiguration
• Test for disaster recovery misconfiguration
• Test for business continuity misconfiguration
• Test for change management misconfiguration
• Test for patch management misconfiguration
• Test for vulnerability management misconfiguration
• Test for configuration management misconfiguration
• Test for identity management misconfiguration
• Test for access management misconfiguration
• Test for privilege management misconfiguration
• Test for certificate management misconfiguration
• Test for key management misconfiguration
• Test for token management misconfiguration
• Test for session management misconfiguration
• Test for cache management misconfiguration
• Test for queue management misconfiguration
• Test for job management misconfiguration
• Test for task management misconfiguration
• Test for workflow management misconfiguration
• Test for notification management misconfiguration
• Test for integration management misconfiguration
• Test for webhook management misconfiguration
• Test for plugin/extension management misconfiguration
• Test for theme/template management misconfiguration

🔌

API Mass Assignment Deep

100 checks

0/100

• Test for mass assignment via role field in user update API
• Test for mass assignment via isAdmin field in registration API
• Test for mass assignment via permission field in profile API
• Test for mass assignment via group field in user API
• Test for mass assignment via email_verified field in account API
• Test for mass assignment via subscription_tier in billing API
• Test for mass assignment via account_status in user API
• Test for mass assignment via created_at field in record API
• Test for mass assignment via updated_at field in record API
• Test for mass assignment via deleted_at field in record API
• Test for mass assignment via owner_id in resource API
• Test for mass assignment via organization_id in resource API
• Test for mass assignment via team_id in resource API
• Test for mass assignment via price field in product API
• Test for mass assignment via amount field in payment API
• Test for mass assignment via quantity field in order API
• Test for mass assignment via discount field in checkout API
• Test for mass assignment via fee field in transaction API
• Test for mass assignment via rate field in service API
• Test for mass assignment via limit field in account API
• Test for mass assignment via balance field in wallet API
• Test for mass assignment via credit field in billing API
• Test for mass assignment via is_premium field in feature API
• Test for mass assignment via is_active field in subscription API
• Test for mass assignment via is_verified field in user API
• Test for mass assignment via is_approved field in content API
• Test for mass assignment via is_published field in article API
• Test for mass assignment via is_public field in document API
• Test for mass assignment via visibility field in resource API
• Test for mass assignment via access_level field in data API
• Test for mass assignment via permissions field in role API
• Test for mass assignment via capabilities field in user API
• Test for mass assignment via features field in plan API
• Test for mass assignment via settings field in config API
• Test for mass assignment via metadata field in resource API
• Test for mass assignment via properties field in object API
• Test for mass assignment via attributes field in entity API
• Test for mass assignment via internal_notes field in ticket API
• Test for mass assignment via admin_comment field in review API
• Test for mass assignment via system_flag field in content API
• Test for mass assignment via priority field in task API
• Test for mass assignment via status field in workflow API
• Test for mass assignment via type field in category API
• Test for mass assignment via category_id in classification API
• Test for mass assignment via parent_id in hierarchy API
• Test for mass assignment via sort_order in listing API
• Test for mass assignment via external_id in integration API
• Test for mass assignment via reference_id in linking API
• Test for mass assignment via source_id in data API
• Test for mass assignment via destination_id in mapping API
• Test for mass assignment via webhook_url in notification API
• Test for mass assignment via callback_url in integration API
• Test for mass assignment via redirect_uri in OAuth API
• Test for mass assignment via allowed_origins in CORS API
• Test for mass assignment via ip_whitelist in access API
• Test for mass assignment via rate_limit in throttle API
• Test for mass assignment via quota in resource API
• Test for mass assignment via storage_limit in plan API
• Test for mass assignment via bandwidth_limit in service API
• Test for mass assignment via concurrent_sessions in auth API
• Test for mass assignment via max_file_size in upload API
• Test for mass assignment via allowed_file_types in media API
• Test for mass assignment via retention_period in data API
• Test for mass assignment via encryption_key in security API
• Test for mass assignment via signing_key in authentication API
• Test for mass assignment via api_key in integration API
• Test for mass assignment via secret_key in credential API
• Test for mass assignment via password_hash in user API
• Test for mass assignment via salt in cryptographic API
• Test for mass assignment via token in session API
• Test for mass assignment via refresh_token in auth API
• Test for mass assignment via session_id in authentication API
• Test for mass assignment via csrf_token in security API
• Test for mass assignment via otp_secret in 2FA API
• Test for mass assignment via backup_codes in recovery API
• Test for mass assignment via mfa_enabled in account API
• Test for mass assignment via login_attempts in security API
• Test for mass assignment via last_login in audit API
• Test for mass assignment via login_ip in tracking API
• Test for mass assignment via device_fingerprint in session API
• Test for mass assignment via user_agent in logging API
• Test for mass assignment via geo_location in location API
• Test for mass assignment via timezone in preference API
• Test for mass assignment via language in localization API
• Test for mass assignment via theme in UI preference API
• Test for mass assignment via notification_preference in alert API
• Test for mass assignment via email_notification in communication API
• Test for mass assignment via sms_notification in messaging API
• Test for mass assignment via push_notification in mobile API
• Test for mass assignment via marketing_consent in privacy API
• Test for mass assignment via data_processing_consent in GDPR API
• Test for mass assignment via cookie_consent in tracking API
• Test for mass assignment via analytics_opt_out in telemetry API
• Test for mass assignment via do_not_track in privacy API
• Test for mass assignment via export_format in data API
• Test for mass assignment via import_mapping in bulk API
• Test for mass assignment via batch_size in processing API
• Test for mass assignment via job_priority in queue API
• Test for mass assignment via retry_count in job API
• Test for mass assignment via timeout in async API

🔌

API Broken Access Control Deep

94 checks

0/94

• Test for BOLA (Broken Object Level Authorization) on all GET endpoints
• Test for BOLA on all PUT/PATCH endpoints for resource modification
• Test for BOLA on all DELETE endpoints for resource deletion
• Test for BOLA on all POST endpoints for resource creation
• Test for BPLA (Broken Property Level Authorization) on read operations
• Test for BPLA on write operations for property modification
• Test for privilege escalation via API role manipulation
• Test for privilege escalation via API group manipulation
• Test for privilege escalation via API permission manipulation
• Test for privilege escalation via API scope manipulation
• Test for API endpoint access without authentication
• Test for API endpoint access with expired token
• Test for API endpoint access with invalid token
• Test for API endpoint access with revoked token
• Test for API endpoint access with different user token
• Test for API endpoint access with admin token from regular user
• Test for API endpoint access between different tenants
• Test for API endpoint access between different organizations
• Test for API endpoint access between different teams
• Test for API endpoint access between different workspaces
• Test for API rate limit bypass via parameter manipulation
• Test for API rate limit bypass via header injection
• Test for API rate limit bypass via different API key
• Test for API rate limit bypass via different version
• Test for API rate limit bypass via concurrent requests
• Test for API data filtering bypass via parameter injection
• Test for API data filtering bypass via field selection
• Test for API data filtering bypass via expansion
• Test for API data filtering bypass via search parameter
• Test for API data filtering bypass via sort parameter
• Test for API authorization bypass via HTTP method override
• Test for API authorization bypass via content-type manipulation
• Test for API authorization bypass via URL path normalization
• Test for API authorization bypass via parameter pollution
• Test for API authorization bypass via wildcard matching
• Test for API authorization bypass via regex matching
• Test for API authorization bypass via case sensitivity
• Test for API authorization bypass via encoding differences
• Test for API authorization bypass via null byte injection
• Test for API authorization bypass via comment injection
• Test for API authorization on disabled/deleted resources
• Test for API authorization on archived resources
• Test for API authorization on pending resources
• Test for API authorization on draft resources
• Test for API authorization on template resources
• Test for API authorization on shared resources
• Test for API authorization on linked resources
• Test for API authorization on embedded resources
• Test for API authorization on referenced resources
• Test for API authorization on related resources
• Test for API access control on batch operations
• Test for API access control on bulk operations
• Test for API access control on import operations
• Test for API access control on export operations
• Test for API access control on sync operations
• Test for API access control on async operations
• Test for API access control on scheduled operations
• Test for API access control on recurring operations
• Test for API access control on conditional operations
• Test for API access control on triggered operations
• Test for API field-level access control enforcement
• Test for API column-level access control enforcement
• Test for API row-level access control enforcement
• Test for API document-level access control enforcement
• Test for API collection-level access control enforcement
• Test for API database-level access control enforcement
• Test for API schema-level access control enforcement
• Test for API namespace-level access control enforcement
• Test for API instance-level access control enforcement
• Test for API operation-level access control enforcement
• Test for API attribute-based access control (ABAC) bypass
• Test for API role-based access control (RBAC) bypass
• Test for API relationship-based access control bypass
• Test for API policy-based access control bypass
• Test for API rule-based access control bypass
• Test for API context-based access control bypass
• Test for API time-based access control bypass
• Test for API location-based access control bypass
• Test for API device-based access control bypass
• Test for API risk-based access control bypass
• Test for API adaptive access control bypass
• Test for API delegated access control exploitation
• Test for API impersonation access control bypass
• Test for API service account access control abuse
• Test for API shared credential access control bypass
• Test for API token sharing access control bypass
• Test for API key sharing access control bypass
• Test for API session sharing access control bypass
• Test for API cookie sharing access control bypass
• Test for API OAuth scope escalation for access control bypass
• Test for API JWT claim manipulation for access control bypass
• Test for API SAML assertion manipulation for access control bypass
• Test for API CORS misconfiguration for access control bypass
• Test for API CSRF for state-changing operation abuse

🔌

API Injection Deep

94 checks

0/94

• Test for SQL injection in API query parameters
• Test for SQL injection in API path parameters
• Test for SQL injection in API header values
• Test for SQL injection in API JSON body
• Test for SQL injection in API array parameters
• Test for NoSQL injection in API JSON body
• Test for NoSQL injection in API query parameters
• Test for NoSQL injection in API array parameters
• Test for LDAP injection in API search parameters
• Test for LDAP injection in API authentication
• Test for XPath injection in API XML body
• Test for XPath injection in API query parameters
• Test for command injection in API parameters
• Test for command injection in API file operations
• Test for command injection in API system operations
• Test for SSTI in API template parameters
• Test for SSTI in API content generation
• Test for SSTI in API email rendering
• Test for XXE in API XML request body
• Test for XXE in API file upload processing
• Test for XXE in API SVG processing
• Test for SSRF in API URL parameters
• Test for SSRF in API webhook configuration
• Test for SSRF in API image processing
• Test for SSRF in API PDF generation
• Test for prototype pollution in API JSON body
• Test for prototype pollution in API query string parsing
• Test for prototype pollution in API deep merge operations
• Test for deserialization in API object processing
• Test for deserialization in API cache operations
• Test for CRLF injection in API headers
• Test for CRLF injection in API response headers
• Test for CRLF injection in API log entries
• Test for open redirect in API redirect parameters
• Test for open redirect in API OAuth flow
• Test for open redirect in API SSO flow
• Test for HTTP header injection in API request processing
• Test for HTTP header injection in API response generation
• Test for host header injection in API request routing
• Test for host header injection in API cache key generation
• Test for log injection in API error handling
• Test for log injection in API audit logging
• Test for log injection in API debug output
• Test for CSV injection in API data export
• Test for CSV injection in API report generation
• Test for formula injection in API spreadsheet export
• Test for formula injection in API Excel generation
• Test for email header injection in API notification
• Test for email header injection in API email sending
• Test for email content injection in API template rendering
• Test for path traversal in API file operations
• Test for path traversal in API directory listing
• Test for path traversal in API file download
• Test for path traversal in API file upload destination
• Test for XPath injection in API XML database queries
• Test for XQuery injection in API XML processing
• Test for XSLT injection in API XML transformation
• Test for IMAP injection in API email operations
• Test for SMTP injection in API email sending
• Test for expression language injection in API
• Test for OGNL injection in API Struts integration
• Test for SpEL injection in API Spring integration
• Test for MVEL injection in API rule engine
• Test for Groovy injection in API scripting
• Test for EL injection in API Java EE
• Test for Freemarker injection in API template
• Test for Velocity injection in API template
• Test for Twig injection in API template
• Test for Jinja2 injection in API template
• Test for ERB injection in API template
• Test for Handlebars injection in API template
• Test for JSON injection in API response
• Test for JSON parameter pollution in API request
• Test for JSON array injection in API request
• Test for JSON type confusion in API processing
• Test for XML injection in API request body
• Test for XML parameter pollution in API request
• Test for XML entity expansion in API processing
• Test for YAML injection in API configuration
• Test for YAML deserialization in API processing
• Test for TOML injection in API configuration
• Test for INI injection in API configuration
• Test for CSV injection in API data import
• Test for TSV injection in API data import
• Test for Markdown injection in API content rendering
• Test for BBCode injection in API content rendering
• Test for Textile injection in API content rendering
• Test for reStructuredText injection in API content
• Test for AsciiDoc injection in API content rendering
• Test for LaTeX injection in API document generation
• Test for PDF injection in API document generation
• Test for ZIP slip in API archive extraction
• Test for TAR slip in API archive extraction
• Test for RAR slip in API archive extraction

🔌

API Error Handling Deep

88 checks

0/88

• Test for verbose SQL error disclosure in API responses
• Test for stack trace disclosure in API error responses
• Test for internal IP disclosure in API error messages
• Test for file path disclosure in API error messages
• Test for database schema disclosure in API error messages
• Test for framework version disclosure in API error messages
• Test for server configuration disclosure in API errors
• Test for environment variable disclosure in API errors
• Test for API key exposure in API error responses
• Test for credential exposure in API error responses
• Test for session token exposure in API error responses
• Test for internal service URL disclosure in API errors
• Test for third-party API key exposure in error responses
• Test for debug information in API error responses
• Test for query string exposure in API error logs
• Test for request body exposure in API error logs
• Test for header exposure in API error responses
• Test for cookie exposure in API error responses
• Test for user enumeration via different API error responses
• Test for data enumeration via API error message differences
• Test for privilege escalation via API error manipulation
• Test for authentication bypass via API error handling
• Test for authorization bypass via API error handling
• Test for injection via API error-based techniques
• Test for DoS via API error flooding
• Test for information disclosure via API error codes
• Test for information disclosure via API error messages
• Test for information disclosure via API error descriptions
• Test for information disclosure via API error details
• Test for information disclosure via API error fields
• Test for inconsistency in API error response format
• Test for inconsistency in API error HTTP status codes
• Test for inconsistency in API error message language
• Test for inconsistency in API error detail level
• Test for missing error handling in API edge cases
• Test for missing error handling in API null values
• Test for missing error handling in API empty responses
• Test for missing error handling in API timeout scenarios
• Test for missing error handling in API rate limiting
• Test for missing error handling in API authentication failures
• Test for missing error handling in API authorization failures
• Test for missing error handling in API validation failures
• Test for missing error handling in API parsing errors
• Test for missing error handling in API serialization errors
• Test for missing error handling in API deserialization errors
• Test for missing error handling in API connection errors
• Test for missing error handling in API timeout errors
• Test for missing error handling in API resource not found
• Test for missing error handling in API method not allowed
• Test for missing error handling in API content type errors
• Test for proper error response without sensitive information
• Test for proper error response with consistent format
• Test for proper error response with appropriate status code
• Test for proper error response with correlation ID
• Test for proper error response without stack trace
• Test for proper error response without internal details
• Test for proper error response with user-friendly message
• Test for proper error response with documentation link
• Test for proper error response with retry guidance
• Test for proper error response rate limiting information
• Test for GraphQL error message information disclosure
• Test for GraphQL error stack trace disclosure
• Test for GraphQL error extension data exposure
• Test for GraphQL error path information disclosure
• Test for GraphQL error location information disclosure
• Test for gRPC error status code information disclosure
• Test for gRPC error detail message exposure
• Test for gRPC error metadata information leakage
• Test for gRPC error debug information exposure
• Test for WebSocket error message information disclosure
• Test for WebSocket close reason information leakage
• Test for WebSocket error frame data exposure
• Test for SOAP fault information disclosure
• Test for SOAP fault detail element exposure
• Test for SOAP fault stack trace disclosure
• Test for REST API error response best practices
• Test for REST API error response security headers
• Test for REST API error response caching behavior
• Test for REST API error response logging security
• Test for REST API error response monitoring alerts
• Test for REST API error response rate limiting
• Test for REST API error response input validation
• Test for REST API error response sanitization
• Test for REST API error response content type
• Test for REST API error response encoding security
• Test for REST API error response character set
• Test for REST API error response size limiting
• Test for REST API error response time consistency

🤖

Android Accessibility Security

98 checks

0/98

• Test for accessibility service data theft vulnerability
• Test for accessibility service keylogging via event monitoring
• Test for accessibility service screen reading of sensitive data
• Test for accessibility service clickjacking via automated actions
• Test for accessibility service credential theft via form reading
• Test for accessibility service navigation to malicious pages
• Test for accessibility service permission grant automation
• Test for accessibility service installation of malicious apps
• Test for accessibility service SMS interception and reading
• Test for accessibility service notification data theft
• Test for accessibility service clipboard data monitoring
• Test for accessibility service password manager data theft
• Test for accessibility service banking app data theft
• Test for accessibility service 2FA code interception
• Test for accessibility service biometric prompt bypass
• Test for accessibility service settings modification
• Test for accessibility service device admin activation
• Test for accessibility service package installation
• Test for accessibility service screen unlock bypass
• Test for accessibility service input event injection
• Test for accessibility service gesture injection
• Test for accessibility service text change monitoring
• Test for accessibility service content change monitoring
• Test for accessibility service window state monitoring
• Test for accessibility service window content monitoring
• Test for accessibility service view hierarchy traversal
• Test for accessibility service node info extraction
• Test for accessibility service action execution bypass
• Test for accessibility service focus manipulation
• Test for accessibility service scroll action abuse
• Test for accessibility service selection action abuse
• Test for accessibility service copy/paste action abuse
• Test for accessibility service cut action data theft
• Test for accessibility service paste action injection
• Test for accessibility service setText action abuse
• Test for accessibility service click action automation
• Test for accessibility service long click action abuse
• Test for accessibility service swipe action automation
• Test for accessibility service PIN entry monitoring
• Test for accessibility service pattern lock monitoring
• Test for accessibility service password field reading
• Test for accessibility service credit card field theft
• Test for accessibility service SSN field data theft
• Test for accessibility service email content monitoring
• Test for accessibility service chat message reading
• Test for accessibility service contact list extraction
• Test for accessibility service location data theft
• Test for accessibility service camera/microphone activation
• Test for accessibility service VPN configuration abuse
• Test for accessibility service network config manipulation
• Test for accessibility service overlay attack facilitation
• Test for accessibility service tapjacking facilitation
• Test for accessibility service screen recording bypass
• Test for accessibility service secure flag bypass
• Test for accessibility service FLAG_SECURE bypass
• Test for accessibility service screenshot prevention bypass
• Test for accessibility service screen capture prevention bypass
• Test for accessibility service window flag manipulation
• Test for accessibility service system UI manipulation
• Test for accessibility service status bar manipulation
• Test for accessibility service notification shade abuse
• Test for accessibility service quick settings abuse
• Test for accessibility service power menu abuse
• Test for accessibility service device reboot execution
• Test for accessibility service emergency dialer abuse
• Test for accessibility service device encryption bypass
• Test for accessibility service account creation automation
• Test for accessibility service account deletion automation
• Test for accessibility service app data clearing automation
• Test for accessibility service app cache clearing automation
• Test for accessibility service app force stop automation
• Test for accessibility service app permission granting
• Test for accessibility service app permission revoking
• Test for accessibility service app notification channel abuse
• Test for accessibility service Do Not Disturb manipulation
• Test for accessibility service battery optimization bypass
• Test for accessibility service background restriction bypass
• Test for accessibility service data saver bypass
• Test for accessibility service developer options enabling
• Test for accessibility service USB debugging enabling
• Test for accessibility service ADB authorization abuse
• Test for accessibility service OEM unlocking enabling
• Test for accessibility service bootloader unlock abuse
• Test for accessibility service system backup abuse
• Test for accessibility service factory reset execution
• Test for accessibility service device provisioning abuse
• Test for accessibility service work profile manipulation
• Test for accessibility service enterprise policy bypass
• Test for accessibility service device owner abuse
• Test for accessibility service profile owner abuse
• Test for accessibility service MDM bypass via automation
• Test for accessibility service EMM policy bypass
• Test for accessibility service container escape facilitation
• Test for accessibility service kiosk mode escape
• Test for accessibility service COSU mode escape
• Test for accessibility service lockdown mode escape
• Test for accessibility service pin screen escape
• Test for accessibility service screen pinning bypass

🍏

iOS Accessibility Security

97 checks

0/97

• Test for VoiceOver data reading of sensitive UI elements
• Test for VoiceOver password field content disclosure
• Test for VoiceOver credit card field content disclosure
• Test for VoiceOver SSN field content disclosure
• Test for VoiceOver token/secret field disclosure
• Test for Switch Control automated interaction abuse
• Test for Switch Control navigation to malicious pages
• Test for Switch Control credential form submission
• Test for Switch Control payment confirmation bypass
• Test for Switch Control permission grant automation
• Test for AssistiveTouch screenshot capture bypass
• Test for AssistiveTouch screen recording facilitation
• Test for AssistiveTouch notification reading abuse
• Test for AssistiveTouch control center access abuse
• Test for AssistiveTouch device settings modification
• Test for Guided Access escape vulnerability
• Test for Guided Access bypass via accessibility features
• Test for Guided Access bypass via hardware buttons
• Test for Guided Access bypass via Siri invocation
• Test for Guided Access bypass via notification action
• Test for Voice Control command injection vulnerability
• Test for Voice Control unauthorized app launch
• Test for Voice Control credential dictation abuse
• Test for Voice Control payment confirmation abuse
• Test for Voice Control sensitive action execution
• Test for Voice Control authentication bypass
• Test for Speak Screen sensitive data disclosure
• Test for Speak Selection sensitive data disclosure
• Test for Speak Auto-text sensitive data disclosure
• Test for audio description of secure content
• Test for Zoom accessibility feature security bypass
• Test for Zoom feature keyboard focus manipulation
• Test for Zoom feature screen content reading
• Test for Zoom feature secure window bypass
• Test for Zoom feature FLAG_SECURE bypass
• Test for Display Accommodation content manipulation
• Test for Invert Colors secure content bypass
• Test for Color Filters secure content bypass
• Test for Reduce Motion animation bypass security
• Test for Increase Contrast secure content disclosure
• Test for Reduce Transparency secure content exposure
• Test for On/Off Labels secure content identification
• Test for Button Shapes secure content identification
• Test for Bold Text secure content identification
• Test for Large Text secure content reading
• Test for Dynamic Type secure content exposure
• Test for Keyboard accessibility data theft
• Test for Keyboard autocomplete sensitive data
• Test for Keyboard autocorrection data leakage
• Test for Keyboard prediction data leakage
• Test for Custom keyboard data exfiltration
• Test for Custom keyboard network access abuse
• Test for Custom keyboard clipboard access abuse
• Test for Custom keyboard keylogging vulnerability
• Test for Custom keyboard input event monitoring
• Test for Custom keyboard full access abuse
• Test for Custom keyboard open access abuse
• Test for Custom keyboard secure input bypass
• Test for Custom keyboard password field access
• Test for Custom keyboard credit card field access
• Test for Custom keyboard sensitive field access
• Test for AssistiveTouch automation scripting abuse
• Test for Accessibility audit tool information disclosure
• Test for Accessibility inspector data extraction
• Test for Accessibility verification tool abuse
• Test for UI testing framework accessibility abuse
• Test for XCUITest accessibility identifier enumeration
• Test for XCUITest accessibility label information disclosure
• Test for XCUITest accessibility value data extraction
• Test for XCUITest accessibility hint information leakage
• Test for XCUITest accessibility trait bypass
• Test for Siri accessibility command abuse
• Test for Siri accessibility shortcut exploitation
• Test for Siri voice command unauthorized action
• Test for Siri dictation sensitive data capture
• Test for Siri suggestion sensitive data exposure
• Test for Back Tap accessibility feature abuse
• Test for Back Tap double/triple tap action execution
• Test for Back Tap sensitive action triggering
• Test for Back Tap authentication bypass via gesture
• Test for Reachability secure content exposure
• Test for Reachability notification content disclosure
• Test for Reachability control center access abuse
• Test for Assistive Access mode security bypass
• Test for Personal Voice data privacy vulnerability
• Test for Live Speech sensitive content injection
• Test for Live Captions sensitive data exposure
• Test for Sound Recognition security implications
• Test for Sound Recognition audio data processing
• Test for Sound Recognition background listening abuse
• Test for Hearing Devices pairing security vulnerability
• Test for Hearing Devices audio data interception
• Test for RTT/TTY communication data interception
• Test for RTT/TTY call content disclosure
• Test for RTT/TTY message content exposure
• Test for LED Flash for Alerts secure notification exposure
• Test for LED Flash notification content disclosure

🤖

Android Work Profile Security

95 checks

0/95

• Test for work profile data leakage to personal profile
• Test for personal profile data access from work profile
• Test for work profile app installation from personal side
• Test for work profile file access from personal apps
• Test for work profile contact leakage to personal contacts
• Test for work profile calendar event leakage
• Test for work profile email content leakage
• Test for work profile notification content exposure
• Test for work profile clipboard data leakage across profiles
• Test for work profile VPN routing bypass
• Test for work profile network traffic leakage
• Test for work profile MDM policy bypass
• Test for work profile device admin deactivation
• Test for work profile password policy bypass
• Test for work profile encryption requirement bypass
• Test for work profile camera restriction bypass
• Test for work profile screen capture restriction bypass
• Test for work profile app restriction bypass
• Test for work profile account type restriction bypass
• Test for work profile Bluetooth restriction bypass
• Test for work profile Wi-Fi configuration abuse
• Test for work profile location sharing abuse
• Test for work profile NFC data leakage
• Test for work profile USB data transfer abuse
• Test for work profile backup data leakage
• Test for work profile system update bypass
• Test for work profile factory reset protection bypass
• Test for work profile remote wipe bypass
• Test for work profile lock screen bypass
• Test for work profile keyguard requirement bypass
• Test for work profile timeout policy bypass
• Test for work profile auto-lock bypass
• Test for work profile biometric requirement bypass
• Test for work profile credential storage vulnerability
• Test for work profile certificate pinning bypass
• Test for work profile TLS configuration weakness
• Test for work profile proxy configuration abuse
• Test for work profile DNS configuration manipulation
• Test for work profile per-app VPN bypass
• Test for work profile always-on VPN bypass
• Test for work profile network logging bypass
• Test for work profile security logging evasion
• Test for work profile compliance check bypass
• Test for work profile attestation bypass
• Test for work profile safetyNet attestation bypass
• Test for work profile play integrity bypass
• Test for work profile device owner privilege escalation
• Test for work profile profile owner privilege escalation
• Test for work profile delegation abuse
• Test for work profile app restriction manipulation
• Test for work profile managed configuration bypass
• Test for work profile enterprise app installation abuse
• Test for work profile system app installation vulnerability
• Test for work profile certificate installation vulnerability
• Test for work profile CA certificate installation abuse
• Test for work profile key generation and import vulnerability
• Test for work profile lock task mode bypass
• Test for work profile kiosk mode escape vulnerability
• Test for work profile COSU mode escape vulnerability
• Test for work profile single-purpose device bypass
• Test for work profile dedicated device escape
• Test for work profile fully managed device escape
• Test for work profile work profile deletion bypass
• Test for work profile provisioning vulnerability
• Test for work profile QR code provisioning abuse
• Test for work profile NFC provisioning vulnerability
• Test for work profile zero-touch enrollment abuse
• Test for work profile Google account enrollment vulnerability
• Test for work profile Knox guard bypass (Samsung)
• Test for work profile OEM-specific MDM bypass
• Test for work profile Samsung Knox vulnerability
• Test for work profile Samsung E-FOTA bypass
• Test for work profile enterprise firmware update abuse
• Test for work profile Samsung KPE (Knox Platform for Enterprise) vulnerability
• Test for work profile Android Enterprise vulnerability
• Test for work profile EMM (Enterprise Mobility Management) bypass
• Test for work profile MDM (Mobile Device Management) bypass
• Test for work profile UEM (Unified Endpoint Management) bypass
• Test for work profile container encryption bypass
• Test for work profile keystore separation vulnerability
• Test for work profile intent firewall bypass
• Test for work profile network security config bypass
• Test for work profile per-profile network policy bypass
• Test for work profile cross-profile intent delivery abuse
• Test for work profile cross-profile clipboard sharing abuse
• Test for work profile cross-profile data sharing bypass
• Test for work profile cross-profile app communication vulnerability
• Test for work profile cross-profile file sharing abuse
• Test for work profile admin configurable network bypass
• Test for work profile organization-owned device vulnerability
• Test for work profile personally-owned device vulnerability
• Test for work profile BYOD (Bring Your Own Device) security
• Test for work profile COPE (Corporate-Owned Personally-Enabled) security
• Test for work profile COBO (Corporate-Owned Business-Only) security
• Test for work profile COSU (Corporate-Owned Single-Use) security

🖥️

DLL Security Deep

92 checks

0/92

• Test for DLL search order hijacking in application directory
• Test for DLL search order hijacking in system directory
• Test for DLL side-loading via legitimate application
• Test for DLL proxy loading via export forwarding
• Test for DLL injection via CreateRemoteThread
• Test for DLL injection via SetWindowsHookEx
• Test for DLL injection via QueueUserAPC
• Test for DLL injection via RtlCreateUserThread
• Test for DLL injection via LoadLibrary in remote process
• Test for DLL injection via AppInit_DLLs registry key
• Test for DLL injection via Image File Execution Options
• Test for DLL injection via AppCertDLLs registry key
• Test for DLL injection via KnownDlls cache manipulation
• Test for DLL preloading attack via current directory
• Test for DLL planting via relative path manipulation
• Test for DLL planting via absolute path manipulation
• Test for DLL redirection via .local file
• Test for DLL redirection via manifest file
• Test for DLL redirection via activation context
• Test for DLL phantom hacking via resource-only DLL
• Test for DLL masquerading via renamed system DLL
• Test for DLL obfuscation via packer/crypter
• Test for DLL steganography via embedded payload
• Test for DLL sideloading via signed legitimate DLL
• Test for DLL sideloading via Microsoft-signed DLL
• Test for DLL sideloading via third-party signed DLL
• Test for DLL sideloading via EV-signed DLL
• Test for DLL sideloading via WHQL-signed DLL
• Test for COM DLL hijacking via InprocServer32
• Test for COM DLL hijacking via TreatAs CLSID
• Test for COM DLL hijacking via ProgID manipulation
• Test for COM DLL hijacking via ThreadingModel manipulation
• Test for CLR DLL injection via AppDomainManager
• Test for CLR DLL injection via environment variable
• Test for CLR DLL injection via registry configuration
• Test for .NET DLL hijacking via assembly loading
• Test for .NET DLL hijacking via type confusion
• Test for .NET DLL hijacking via binding redirect
• Test for .NET DLL sideloading via strong name bypass
• Test for .NET DLL sideloading via GAC (Global Assembly Cache) abuse
• Test for DLL backdoor via export function hooking
• Test for DLL backdoor via import table modification
• Test for DLL backdoor via IAT (Import Address Table) hooking
• Test for DLL backdoor via EAT (Export Address Table) modification
• Test for DLL backdoor via relay hook on function calls
• Test for DLL backdoor via inline hook on function prologue
• Test for DLL backdoor via detour on function execution
• Test for DLL persistence via Service DLL registration
• Test for DLL persistence via Winlogon DLL loading
• Test for DLL persistence via LSA security package
• Test for DLL persistence via Authentication package
• Test for DLL persistence via Notification package
• Test for DLL persistence via Security Support Provider
• Test for DLL persistence via Time Provider
• Test for DLL persistence via Print Processor
• Test for DLL persistence via Shell Extension
• Test for DLL persistence via Browser Helper Object
• Test for DLL persistence via Office Add-in
• Test for DLL persistence via Outlook Add-in
• Test for DLL persistence via Internet Explorer Extension
• Test for DLL persistence via Scheduled Task COM handler
• Test for DLL persistence via WMI Event Consumer
• Test for DLL persistence via Registry Run key DLL
• Test for DLL persistence via Startup folder DLL
• Test for DLL persistence via Boot/Logon script DLL
• Test for DLL elevation via UAC bypass DLL hijack
• Test for DLL elevation via auto-elevation DLL abuse
• Test for DLL elevation via elevated COM object abuse
• Test for DLL elevation via system service DLL replacement
• Test for DLL elevation via driver DLL manipulation
• Test for DLL evasion via DLL unhooking technique
• Test for DLL evasion via direct syscall technique
• Test for DLL evasion via manual DLL mapping
• Test for DLL evasion via reflective DLL injection
• Test for DLL evasion via DLL hollowing technique
• Test for DLL evasion via DLL transloading technique
• Test for DLL evasion via process hollowing with DLL
• Test for DLL evasion via module stomping technique
• Test for DLL evasion via DLL phantom technique
• Test for DLL evasion via ETW patching technique
• Test for DLL evasion via AMSI patching technique
• Test for DLL evasion via EDR unhooking technique
• Test for DLL anti-forensics via DLL removal
• Test for DLL anti-forensics via DLL timestamp manipulation
• Test for DLL anti-forensics via DLL metadata wiping
• Test for DLL anti-forensics via DLL digital signature manipulation
• Test for DLL anti-forensics via DLL version info modification
• Test for DLL detection via DLL export analysis
• Test for DLL detection via DLL import analysis
• Test for DLL detection via DLL hash comparison
• Test for DLL detection via DLL entropy analysis
• Test for DLL detection via DLL section analysis

🌐

Rate Limit Bypass Deep

94 checks

0/94

• Test for rate limit bypass via X-Forwarded-For header rotation
• Test for rate limit bypass via X-Real-IP header manipulation
• Test for rate limit bypass via X-Originating-IP header
• Test for rate limit bypass via X-Remote-IP header
• Test for rate limit bypass via X-Remote-Addr header
• Test for rate limit bypass via X-Client-IP header
• Test for rate limit bypass via X-Host header manipulation
• Test for rate limit bypass via X-Forwarded-Host header
• Test for rate limit bypass via X-Forwarded-Proto header
• Test for rate limit bypass via Forwarded header (RFC 7239)
• Test for rate limit bypass via different API versions
• Test for rate limit bypass via different HTTP methods
• Test for rate limit bypass via URL case variation
• Test for rate limit bypass via URL path encoding
• Test for rate limit bypass via adding trailing slash
• Test for rate limit bypass via adding URL parameters
• Test for rate limit bypass via fragment identifier
• Test for rate limit bypass via different Content-Type
• Test for rate limit bypass via JSON vs form-data
• Test for rate limit bypass via parameter pollution
• Test for rate limit bypass via IP rotation through proxy
• Test for rate limit bypass via IPv6 address variation
• Test for rate limit bypass via IPv4-mapped IPv6 addresses
• Test for rate limit bypass via multiple API keys rotation
• Test for rate limit bypass via different user accounts
• Test for rate limit bypass via concurrent request distribution
• Test for rate limit bypass via request header reordering
• Test for rate limit bypass via chunked transfer encoding
• Test for rate limit bypass via HTTP/2 multiplexing
• Test for rate limit bypass via HTTP pipelining
• Test for rate limit bypass via WebSocket connection upgrade
• Test for rate limit bypass via GraphQL batch queries
• Test for rate limit bypass via GraphQL alias abuse
• Test for rate limit bypass via slow HTTP attack (slowloris)
• Test for rate limit bypass via slow POST attack (slow POST)
• Test for rate limit bypass via range header for partial requests
• Test for rate limit bypass via If-Modified-Since header
• Test for rate limit bypass via If-None-Match header
• Test for rate limit bypass via Cache-Control header manipulation
• Test for rate limit bypass via Accept-Encoding variation
• Test for rate limit bypass via User-Agent rotation
• Test for rate limit bypass via Cookie manipulation
• Test for rate limit bypass via Authorization header variation
• Test for rate limit bypass via Bearer token rotation
• Test for rate limit bypass via session rotation
• Test for rate limit bypass via race condition timing
• Test for rate limit bypass via request queuing and delay
• Test for rate limit bypass via distributed attack tools
• Test for rate limit bypass via headless browser automation
• Test for rate limit bypass via Selenium/Puppeteer script
• Test for rate limit bypass via Tor exit node rotation
• Test for rate limit bypass via VPN server rotation
• Test for rate limit bypass via cloud function invocation
• Test for rate limit bypass via serverless function proxy
• Test for rate limit bypass via CDN edge node variation
• Test for rate limit bypass via load balancer endpoint variation
• Test for rate limit bypass via internal network access
• Test for rate limit bypass via different authentication mechanism
• Test for rate limit bypass via token refresh mechanism
• Test for rate limit bypass via OTP/verification code brute force
• Test for rate limit bypass via password reset code brute force
• Test for rate limit bypass via email verification code brute force
• Test for rate limit bypass via SMS verification code brute force
• Test for rate limit bypass via CAPTCHA solving service
• Test for rate limit bypass via CAPTCHA token reuse
• Test for rate limit bypass via CAPTCHA response replay
• Test for rate limit bypass via null CAPTCHA token
• Test for rate limit bypass via missing CAPTCHA parameter
• Test for rate limit bypass via different CAPTCHA type
• Test for rate limit bypass via reCAPTCHA v3 score manipulation
• Test for rate limit bypass via hCaptcha accessibility mode
• Test for rate limit bypass via turnstile challenge bypass
• Test for rate limit bypass via friendly CAPTCHA bypass
• Test for rate limit bypass via Arkose Labs FunCaptcha bypass
• Test for rate limit bypass via GeeTest CAPTCHA bypass
• Test for rate limit on login endpoint with distributed IPs
• Test for rate limit on registration endpoint with automation
• Test for rate limit on password reset endpoint with tokens
• Test for rate limit on API search endpoint with queries
• Test for rate limit on file upload endpoint with large files
• Test for rate limit on email sending endpoint with addresses
• Test for rate limit on SMS sending endpoint with phone numbers
• Test for rate limit on payment endpoint with card testing
• Test for rate limit on notification endpoint with subscriptions
• Test for rate limit on export endpoint with data requests
• Test for rate limit on report endpoint with generation requests
• Test for rate limit on webhook endpoint with URL configurations
• Test for rate limit on admin endpoint with privileged actions
• Test for rate limit on bulk/batch endpoint with large operations
• Test for rate limit on deep pagination endpoint with data access
• Test for rate limit on GraphQL endpoint with complex queries
• Test for rate limit on WebSocket endpoint with message flooding
• Test for rate limit on health check endpoint for information disclosure
• Test for rate limit on monitoring endpoint for metric exposure

🌐

Cloud Security Deep

95 checks

0/95

• Test for AWS S3 bucket public read access misconfiguration
• Test for AWS S3 bucket public write access misconfiguration
• Test for AWS S3 bucket ACL misconfiguration for data access
• Test for AWS S3 bucket policy misconfiguration for privilege escalation
• Test for AWS S3 bucket CORS misconfiguration for cross-origin access
• Test for AWS S3 bucket encryption disabled vulnerability
• Test for AWS S3 bucket logging disabled for audit gap
• Test for AWS S3 bucket versioning disabled for data recovery gap
• Test for AWS EC2 metadata service access via SSRF (169.254.169.254)
• Test for AWS IAM role assumption via compromised credentials
• Test for AWS Lambda function public access misconfiguration
• Test for AWS RDS database public accessibility misconfiguration
• Test for AWS CloudFront distribution origin access vulnerability
• Test for AWS API Gateway unauthorized access misconfiguration
• Test for AWS SQS queue public access misconfiguration
• Test for AWS SNS topic public access misconfiguration
• Test for AWS DynamoDB table public access misconfiguration
• Test for AWS ECS task definition secret exposure vulnerability
• Test for AWS ECR repository public access misconfiguration
• Test for AWS CloudFormation stack template secret exposure
• Test for Azure Blob Storage public access misconfiguration
• Test for Azure VM metadata service access via SSRF
• Test for Azure Managed Identity token extraction via SSRF
• Test for Azure Key Vault access policy misconfiguration
• Test for Azure App Service authentication bypass vulnerability
• Test for Azure Function App public access misconfiguration
• Test for Azure SQL Database public endpoint exposure
• Test for Azure Cosmos DB public access misconfiguration
• Test for Azure Service Bus public access misconfiguration
• Test for Azure Event Grid topic public access vulnerability
• Test for GCP Cloud Storage bucket public access misconfiguration
• Test for GCP Compute Engine metadata access via SSRF
• Test for GCP IAM service account key extraction vulnerability
• Test for GCP Cloud Function public access misconfiguration
• Test for GCP Cloud Run service public access vulnerability
• Test for GCP BigQuery dataset public access misconfiguration
• Test for GCP Pub/Sub topic public access misconfiguration
• Test for GCP Cloud SQL public IP exposure vulnerability
• Test for GCP Firestore public access misconfiguration
• Test for GCP Secret Manager secret access vulnerability
• Test for cloud storage bucket DNS takeover vulnerability
• Test for cloud CDN origin shield bypass vulnerability
• Test for cloud WAF rule bypass via encoding manipulation
• Test for cloud DDoS protection bypass via slow attack
• Test for cloud load balancer backend direct access
• Test for cloud API gateway authentication bypass
• Test for cloud serverless function cold start information disclosure
• Test for cloud container registry public access vulnerability
• Test for cloud Kubernetes cluster public API access
• Test for cloud database backup public access vulnerability
• Test for cloud log storage public access misconfiguration
• Test for cloud monitoring dashboard public access exposure
• Test for cloud secret management service access bypass
• Test for cloud identity federation misconfiguration abuse
• Test for cloud SSO configuration vulnerability exploitation
• Test for cloud MFA enforcement bypass for root/admin account
• Test for cloud resource tagging information disclosure
• Test for cloud network security group rule misconfiguration
• Test for cloud virtual network peering security gap
• Test for cloud private endpoint bypass via public access
• Test for cloud encryption at rest key management vulnerability
• Test for cloud encryption in transit certificate vulnerability
• Test for cloud audit logging disabled for activity gap
• Test for cloud compliance monitoring configuration bypass
• Test for cloud security center alert suppression abuse
• Test for cloud guard duty / security finding evasion
• Test for cloud configuration drift exploitation
• Test for cloud infrastructure as code template vulnerability
• Test for cloud deployment pipeline secret exposure
• Test for cloud CI/CD pipeline credential theft
• Test for cloud container escape via misconfigured runtime
• Test for cloud pod security policy bypass vulnerability
• Test for cloud service mesh authentication bypass
• Test for cloud ingress controller misconfiguration
• Test for cloud egress filtering bypass for data exfiltration
• Test for cloud network address translation abuse
• Test for cloud DHCP option set manipulation vulnerability
• Test for cloud VPC endpoint policy bypass vulnerability
• Test for cloud transit gateway routing manipulation
• Test for cloud peering connection exploitation for lateral movement
• Test for cloud VPN tunnel configuration vulnerability
• Test for cloud Direct Connect / ExpressRoute security gap
• Test for cloud object lifecycle policy data deletion vulnerability
• Test for cloud cross-account access role abuse
• Test for cloud resource-based policy privilege escalation
• Test for cloud identity-based policy privilege escalation
• Test for cloud permission boundary bypass vulnerability
• Test for cloud service control policy bypass vulnerability
• Test for cloud organization SCP escape vulnerability
• Test for cloud management group policy inheritance abuse
• Test for cloud tenant isolation vulnerability in multi-tenant
• Test for cloud subscription/account takeover vulnerability
• Test for cloud billing data exposure vulnerability
• Test for cloud cost management information disclosure
• Test for cloud support ticket information leakage

🔌

API Webhook Security Deep

93 checks

0/93

• Test for SSRF via webhook URL configuration parameter
• Test for SSRF via webhook URL redirect following
• Test for SSRF via webhook URL DNS rebinding
• Test for SSRF via webhook URL IPv6 address manipulation
• Test for SSRF via webhook URL cloud metadata access
• Test for SSRF via webhook URL internal network access
• Test for SSRF via webhook URL protocol smuggling
• Test for SSRF via webhook URL port scanning
• Test for webhook signature verification bypass
• Test for webhook signature algorithm manipulation
• Test for webhook signature timing attack vulnerability
• Test for webhook signature length extension attack
• Test for webhook signature key disclosure in API response
• Test for webhook signature key predictability
• Test for webhook signature key rotation security
• Test for webhook replay attack via timestamp manipulation
• Test for webhook replay attack via nonce bypass
• Test for webhook replay attack via event ID reuse
• Test for webhook delivery retry abuse for amplification
• Test for webhook delivery timeout exploitation for DoS
• Test for webhook URL validation bypass via encoding
• Test for webhook URL validation bypass via redirect
• Test for webhook URL validation bypass via DNS manipulation
• Test for webhook URL validation bypass via IP rotation
• Test for webhook URL whitelist bypass via subdomain
• Test for webhook URL whitelist bypass via path traversal
• Test for webhook event data injection for XSS
• Test for webhook event data injection for SQL injection
• Test for webhook event data injection for command injection
• Test for webhook event data injection for SSRF
• Test for webhook secret exposure in error messages
• Test for webhook secret exposure in debug endpoints
• Test for webhook secret exposure in API documentation
• Test for webhook secret exposure in log files
• Test for webhook secret exposure in source code
• Test for webhook registration without authentication
• Test for webhook modification without authorization
• Test for webhook deletion without authorization
• Test for webhook IDOR for other users webhooks
• Test for webhook brute force for secret discovery
• Test for webhook content-type handling vulnerability
• Test for webhook payload size limit bypass
• Test for webhook payload format manipulation
• Test for webhook delivery confirmation bypass
• Test for webhook response handling vulnerability
• Test for webhook error handling information disclosure
• Test for webhook rate limiting bypass for abuse
• Test for webhook concurrent delivery for race condition
• Test for webhook event subscription for data enumeration
• Test for webhook event type manipulation for privilege escalation
• Test for webhook filter bypass for unauthorized events
• Test for webhook API version mismatch exploitation
• Test for webhook TLS verification bypass
• Test for webhook certificate validation bypass
• Test for webhook hostname verification bypass
• Test for webhook mutual TLS authentication bypass
• Test for webhook IP allowlist bypass via proxy
• Test for webhook IP allowlist bypass via CDN
• Test for webhook IP allowlist bypass via load balancer
• Test for webhook cloud function target exploitation
• Test for webhook serverless function target abuse
• Test for webhook container target exploitation
• Test for webhook database target abuse for data exfiltration
• Test for webhook queue service target for message injection
• Test for webhook notification service target for spam abuse
• Test for webhook email service target for phishing
• Test for webhook SMS service target for premium rate abuse
• Test for webhook logging service target for log injection
• Test for webhook monitoring service target for alert manipulation
• Test for webhook CI/CD pipeline target for code execution
• Test for webhook build system target for supply chain attack
• Test for webhook deployment target for unauthorized release
• Test for webhook cache invalidation target for cache poisoning
• Test for webhook CDN purge target for cache manipulation
• Test for webhook search index target for data manipulation
• Test for webhook backup trigger target for data exfiltration
• Test for webhook payment processing target for transaction fraud
• Test for webhook user provisioning target for account creation
• Test for webhook deprovisioning target for account deletion
• Test for webhook permission change target for privilege escalation
• Test for webhook configuration change target for security bypass
• Test for webhook secret rotation target for credential theft
• Test for webhook certificate renewal target for TLS bypass
• Test for webhook DNS update target for DNS hijacking
• Test for webhook firewall rule target for access control bypass
• Test for webhook incident response target for alert fatigue
• Test for webhook forensic logging target for evidence tampering
• Test for webhook compliance reporting target for audit evasion
• Test for webhook data classification target for privacy violation
• Test for webhook data retention target for destruction bypass
• Test for webhook encryption key target for decryption access
• Test for webhook access token target for authentication bypass
• Test for webhook session management target for session hijack

🍏

iOS Memory Security

93 checks

0/93

• Test for sensitive data retention in process memory
• Test for credential persistence in application memory
• Test for encryption key exposure in application memory
• Test for API token exposure in application memory
• Test for session token exposure in application memory
• Test for password exposure in application memory after login
• Test for credit card number exposure in application memory
• Test for PII data exposure in application memory
• Test for encryption key not zeroed after use
• Test for secure buffer not properly deallocated
• Test for autorelease pool sensitive data retention
• Test for Objective-C object retention in memory
• Test for Swift object retention in memory after use
• Test for CoreData object cache retention vulnerability
• Test for UIImage cache retention of sensitive screenshots
• Test for UITextView content retention in memory
• Test for UITextField content retention in memory
• Test for WKWebView content retention in memory
• Test for JavaScript context retention in WKWebView
• Test for network response cache retention in memory
• Test for JSON/XML parsing buffer retention vulnerability
• Test for string literal retention in binary memory
• Test for static string retention in data section
• Test for global variable sensitive data retention
• Test for thread-local storage sensitive data exposure
• Test for stack-based buffer sensitive data retention
• Test for heap-based allocation sensitive data retention
• Test for malloc/free cycle sensitive data leak
• Test for new/delete cycle sensitive data leak in C++
• Test for ARC (Automatic Reference Counting) retention cycle
• Test for strong reference cycle causing memory leak
• Test for closure capture of sensitive data in memory
• Test for dispatch queue block retention of sensitive data
• Test for NSOperationQueue sensitive data retention
• Test for Timer/DispatchSource sensitive data retention
• Test for NotificationCenter observer data retention
• Test for KVO (Key-Value Observing) data retention vulnerability
• Test for delegate pattern sensitive data retention
• Test for singleton pattern sensitive data persistence
• Test for lazy initialization sensitive data exposure
• Test for background task sensitive data retention
• Test for background fetch sensitive data exposure
• Test for background transfer sensitive data persistence
• Test for URLSession cache sensitive data retention
• Test for URLCredential storage sensitive data exposure
• Test for cookie storage sensitive data persistence
• Test for URLSessionConfiguration credential retention
• Test for SSL/TLS session cache sensitive data retention
• Test for certificate pinning cache data exposure
• Test for network extension sensitive data retention
• Test for VPN configuration credential persistence
• Test for custom keyboard cache data retention
• Test for accessibility service data retention
• Test for VoiceOver accessibility data cache
• Test for Spotlight index sensitive data persistence
• Test for Handoff activity sensitive data exposure
• Test for AirDrop transfer sensitive data retention
• Test for Universal Clipboard cross-device data leak
• Test for iCloud sync sensitive data exposure
• Test for CloudKit record sensitive data retention
• Test for CKContainer data access vulnerability
• Test for NSUbiquitousKeyValueStore data exposure
• Test for shared container data access vulnerability
• Test for app group container sensitive data leak
• Test for pasteboard general data persistence vulnerability
• Test for pasteboard unique data persistence vulnerability
• Test for UIWebView (deprecated) memory leak vulnerability
• Test for JavaScriptCore context memory leak
• Test for CoreFoundation object memory management issue
• Test for CFString sensitive data retention vulnerability
• Test for CFData sensitive data retention vulnerability
• Test for CFDictionary sensitive data retention vulnerability
• Test for CoreGraphics image buffer data retention
• Test for CoreImage filter chain data exposure
• Test for CoreAnimation layer content data retention
• Test for Metal buffer sensitive data exposure
• Test for OpenGL ES buffer data retention vulnerability
• Test for Audio Unit buffer data exposure vulnerability
• Test for AVFoundation asset buffer data retention
• Test for PhotoKit asset data cache exposure
• Test for MapKit location data cache vulnerability
• Test for HealthKit data cache retention vulnerability
• Test for Contacts data cache retention vulnerability
• Test for EventKit data cache retention vulnerability
• Test for CoreMotion data cache retention vulnerability
• Test for CoreLocation data cache retention vulnerability
• Test for Bluetooth data cache retention vulnerability
• Test for NFC tag data cache retention vulnerability
• Test for SiriKit intent data retention vulnerability
• Test for CallKit data cache retention vulnerability
• Test for PushKit data cache retention vulnerability
• Test for WatchConnectivity data transfer vulnerability
• Test for MultipeerConnectivity data exposure vulnerability

🖥️

Process Injection Deep

97 checks

0/97

• Test for DLL injection via CreateRemoteThread and LoadLibrary
• Test for DLL injection via SetWindowsHookEx hook procedure
• Test for DLL injection via QueueUserAPC to target thread
• Test for process hollowing via create suspended and unmap
• Test for process hollowing via NtUnmapViewOfSection
• Test for process Doppelgang via NTFS transaction
• Test for process Herpaderping via file mapping manipulation
• Test for process ghosting via file deletion and mapping
• Test for module stomping via DLL base overwriting
• Test for reflective DLL injection via manual loading
• Test for shellcode injection via VirtualAllocEx and WriteProcessMemory
• Test for shellcode injection via thread hijacking
• Test for shellcode injection via fiber creation
• Test for shellcode injection via exception handler
• Test for shellcode injection via TLS callback manipulation
• Test for process injection via COM object activation
• Test for process injection via DDE (Dynamic Data Exchange)
• Test for process injection via WMI event consumer
• Test for process injection via scheduled task action
• Test for process injection via service binary path
• Test for process injection via registry Run key
• Test for process injection via Image File Execution Options
• Test for process injection via AppInit_DLLs registry value
• Test for process injection via application shim database
• Test for process injection via .NET Profiler COM object
• Test for process injection via VBE (Visual Basic Environment)
• Test for process injection via PowerShell runspace
• Test for process injection via Excel/Word macro execution
• Test for process injection via MSHTA script execution
• Test for process injection via WScript/CScript engine
• Test for process injection via MSC (Microsoft Console) file
• Test for process injection via LNK shortcut file abuse
• Test for process injection via Windows Search indexer
• Test for process injection via IIS worker process
• Test for process injection via SQL Server extended stored procedure
• Test for process injection via Outlook rule execution
• Test for process injection via Teams/Slack webhook abuse
• Test for process injection via browser extension exploitation
• Test for process injection via Electron app IPC abuse
• Test for process injection via Java agent loading
• Test for process injection via Python import hijacking
• Test for process injection via Ruby require manipulation
• Test for process injection via Node.js require abuse
• Test for process injection via PHP extension loading
• Test for process injection via Perl module manipulation
• Test for process injection via Lua C module loading
• Test for process injection via Go plugin system abuse
• Test for process injection via Rust dylib manipulation
• Test for process injection via Swift framework loading
• Test for process injection via Kotlin JNI abuse
• Test for process injection via Flutter engine manipulation
• Test for process injection via Qt plugin loading abuse
• Test for process injection via GTK module loading abuse
• Test for process injection via KDE framework manipulation
• Test for process injection via macOS dylib insertion
• Test for process injection via macOS Framework loading abuse
• Test for process injection via Linux LD_PRELOAD
• Test for process injection via Linux ptrace attachment
• Test for process injection via Linux /proc/mem manipulation
• Test for process injection via Linux signal handler abuse
• Test for process injection via Linux shared library manipulation
• Test for process injection via Linux /proc/syscall manipulation
• Test for process injection via Android DexClassLoader
• Test for process injection via Android JNI manipulation
• Test for process injection via iOS dylib insertion (jailbroken)
• Test for process injection via iOS Cycript manipulation
• Test for process injection via iOS Frida gadget loading
• Test for process injection via container namespace escape
• Test for process injection via Docker container breakout
• Test for process injection via Kubernetes pod escape
• Test for process injection via hypervisor VM breakout
• Test for process injection via sandbox escape mechanism
• Test for process injection via SELinux policy bypass
• Test for process injection via AppArmor profile bypass
• Test for process injection via Windows Integrity Level abuse
• Test for process injection via Windows Mandatory Integrity Control
• Test for process injection via Windows UIAccess flag abuse
• Test for process injection via Windows Protected Process bypass
• Test for process injection via Windows PPL (Protected Process Light) bypass
• Test for process injection via Windows Credential Guard bypass
• Test for process injection via Windows Device Guard bypass
• Test for process injection via Windows WDAC (Windows Defender Application Control) bypass
• Test for process injection via Windows Code Integrity bypass
• Test for process injection via Windows HVCI (Hypervisor-Enforced Code Integrity) bypass
• Test for process injection via Windows VBS (Virtualization-Based Security) bypass
• Test for process injection via Windows Secure Boot bypass
• Test for process injection via Windows TPM-based attestation bypass
• Test for process injection detection and evasion techniques
• Test for process injection via ETW (Event Tracing for Windows) bypass
• Test for process injection via kernel callback bypass
• Test for process injection via minifilter bypass technique
• Test for process injection via callback object manipulation
• Test for process injection via kernel notification routine bypass
• Test for process injection via object manager directory manipulation
• Test for process injection via ALPC (Advanced Local Procedure Call) abuse
• Test for process injection via named pipe impersonation abuse
• Test for process injection via token manipulation and impersonation

🌐

CORS Bypass Techniques Deep

98 checks

0/98

• Test CORS bypass technique #1: origin reflection with arbitrary domain
• Test CORS bypass technique #2: null origin bypass via iframe sandbox
• Test CORS bypass technique #3: subdomain trust exploitation via evil.target.com
• Test CORS bypass technique #4: suffix matching bypass via target.com.evil.com
• Test CORS bypass technique #5: prefix matching bypass via eviltarget.com
• Test CORS bypass technique #6: protocol downgrade from https to http origin
• Test CORS bypass technique #7: port manipulation via target.com:8080
• Test CORS bypass technique #8: credential exposure via Access-Control-Allow-Credentials with wildcard
• Test CORS bypass technique #9: wildcard origin with credential transmission
• Test CORS bypass technique #10: header injection via CORS preflight response
• Test CORS bypass technique #11: custom origin handling bypass via encoding
• Test CORS bypass technique #12: preflight cache poisoning for CORS bypass
• Test CORS bypass technique #13: HSTS interaction with CORS policy
• Test CORS bypass technique #14: CSP interaction with CORS headers
• Test CORS bypass technique #15: cookie scope abuse via CORS configuration
• Test CORS bypass technique #16: WebSocket CORS bypass via upgrade header
• Test CORS bypass technique #17: redirect-based CORS bypass via 302 redirect
• Test CORS bypass technique #18: DNS rebinding for CORS origin bypass
• Test CORS bypass technique #19: IPv6 address CORS bypass via [::1]
• Test CORS bypass technique #20: encoding tricks for origin string bypass
• Test CORS bypass technique #21: case sensitivity in origin validation
• Test CORS bypass technique #22: path-based origin validation bypass
• Test CORS bypass technique #23: opaque origin bypass via about:blank
• Test CORS bypass technique #24: credential propagation across origins
• Test CORS bypass technique #25: HTTP method allowlisting bypass via override
• Test CORS bypass technique #26: HTTP header allowlisting bypass via custom
• Test CORS bypass technique #27: timing attack on CORS origin validation
• Test CORS bypass technique #28: CORS error handling information disclosure
• Test CORS bypass technique #29: wildcard subdomain CORS trust abuse
• Test CORS bypass technique #30: double origin header injection for CORS
• Test CORS bypass technique #31: origin corruption via malformed URL
• Test CORS bypass technique #32: fetch metadata header bypass for CORS
• Test CORS bypass technique #33: redirect chain for CORS policy bypass
• Test CORS bypass technique #34: redirect to CORS-allowed origin exploitation
• Test CORS bypass technique #35: preflight bypass via simple request criteria
• Test CORS bypass technique #36: simple request abuse for CORS bypass
• Test CORS bypass technique #37: Content-Type bypass for CORS preflight
• Test CORS bypass technique #38: custom header bypass via CORS header reflection
• Test CORS bypass technique #39: Authorization header exposure via CORS
• Test CORS bypass technique #40: multipart form-data CORS preflight bypass
• Test CORS bypass technique #41: blob: URL origin handling for CORS
• Test CORS bypass technique #42: file: URL origin handling for CORS bypass
• Test CORS bypass technique #43: data: URL origin handling for CORS
• Test CORS bypass technique #44: FTP origin CORS trust bypass
• Test CORS bypass technique #45: HTTP to HTTPS CORS downgrade attack
• Test CORS bypass technique #46: HTTPS to HTTP CORS protocol confusion
• Test CORS bypass technique #47: cross-origin redirect CORS policy gap
• Test CORS bypass technique #48: same-site vs cross-origin CORS confusion
• Test CORS bypass technique #49: private network access CORS bypass
• Test CORS bypass technique #50: local network access CORS bypass via public origin
• Test CORS bypass technique #51: CORS cache poisoning via header manipulation
• Test CORS bypass technique #52: service worker CORS bypass for fetch
• Test CORS bypass technique #53: web worker CORS bypass for dedicated worker
• Test CORS bypass technique #54: shared worker CORS bypass for cross-origin
• Test CORS bypass technique #55: worklet CORS bypass for audio/paint worklet
• Test CORS bypass technique #56: module script CORS bypass for ES modules
• Test CORS bypass technique #57: classic script CORS bypass for legacy scripts
• Test CORS bypass technique #58: font loading CORS bypass for web fonts
• Test CORS bypass technique #59: image CORS bypass via crossorigin attribute
• Test CORS bypass technique #60: video CORS bypass for media elements
• Test CORS bypass technique #61: audio CORS bypass for audio elements
• Test CORS bypass technique #62: style CORS bypass for CSS cross-origin
• Test CORS bypass technique #63: object CORS bypass for plugin content
• Test CORS bypass technique #64: embed CORS bypass for embedded content
• Test CORS bypass technique #65: link preflight CORS bypass for resource hints
• Test CORS bypass technique #66: prefetch CORS bypass for resource prefetch
• Test CORS bypass technique #67: prerender CORS bypass for speculative load
• Test CORS bypass technique #68: speculative CORS bypass for speculative fetch
• Test CORS bypass technique #69: early hints CORS bypass for 103 response
• Test CORS bypass technique #70: alt-svc CORS bypass for alternative service
• Test CORS bypass technique #71: web bundle CORS bypass for bundled resources
• Test CORS bypass technique #72: navigation CORS bypass for top-level navigation
• Test CORS bypass technique #73: form submission CORS bypass for cross-origin form
• Test CORS bypass technique #74: XHR CORS bypass for XMLHttpRequest
• Test CORS bypass technique #75: fetch API CORS bypass for fetch requests
• Test CORS bypass technique #76: beacon API CORS bypass for sendBeacon
• Test CORS bypass technique #77: event source CORS bypass for SSE connections
• Test CORS bypass technique #78: media source CORS bypass for media streaming
• Test CORS bypass technique #79: WebRTC CORS bypass for peer connections
• Test CORS bypass technique #80: WebAssembly CORS bypass for module compilation
• Test CORS bypass technique #81: notification CORS bypass for push notifications
• Test CORS bypass technique #82: payment CORS bypass for payment requests
• Test CORS bypass technique #83: credential management CORS bypass
• Test CORS bypass technique #84: permission CORS bypass for permission queries
• Test CORS bypass technique #85: geolocation CORS bypass for location access
• Test CORS bypass technique #86: storage CORS bypass for storage access
• Test CORS bypass technique #87: cache CORS bypass for cache API access
• Test CORS bypass technique #88: indexedDB CORS bypass for database access
• Test CORS bypass technique #89: web SQL CORS bypass for legacy database
• Test CORS bypass technique #90: application cache CORS bypass for appcache
• Test CORS bypass technique #91: storage manager CORS bypass for storage estimation
• Test CORS bypass technique #92: content index CORS bypass for PWA content
• Test CORS bypass technique #93: background fetch CORS bypass for background sync
• Test CORS bypass technique #94: periodic background sync CORS bypass
• Test CORS bypass technique #95: background sync CORS bypass for offline sync
• Test CORS bypass technique #96: push API CORS bypass for push subscriptions
• Test CORS bypass technique #97: screen orientation CORS bypass for orientation lock
• Test CORS bypass technique #98: fullscreen API CORS bypass for fullscreen

🌐

WebSocket Security Deep

86 checks

0/86

• Test WebSocket security: unauthenticated WebSocket connection access
• Test WebSocket security: cross-site WebSocket hijacking (CSWSH) attack
• Test WebSocket security: WebSocket message injection from malicious origin
• Test WebSocket security: WebSocket message replay attack vulnerability
• Test WebSocket security: WebSocket denial of service via message flooding
• Test WebSocket security: sensitive data in WebSocket messages (plaintext)
• Test WebSocket security: WebSocket origin validation bypass technique
• Test WebSocket security: WebSocket subprotocol negotiation abuse
• Test WebSocket security: WebSocket extension negotiation security vulnerability
• Test WebSocket security: WebSocket compression attack (PERMESSAGE-DEFLATE)
• Test WebSocket security: WebSocket connection limit bypass for resource exhaustion
• Test WebSocket security: WebSocket ping/pong abuse for keepalive manipulation
• Test WebSocket security: WebSocket fragmentation-based attack vector
• Test WebSocket security: WebSocket binary message handling vulnerability
• Test WebSocket security: WebSocket max message size bypass for buffer overflow
• Test WebSocket security: WebSocket channel/subscription access control bypass
• Test WebSocket security: WebSocket race condition in message handling
• Test WebSocket security: WebSocket token refresh in long-lived connections
• Test WebSocket security: WebSocket data exfiltration via binary frames
• Test WebSocket security: WebSocket connection state manipulation
• Test WebSocket security: WebSocket server identity verification bypass
• Test WebSocket security: WebSocket cookie-based authentication abuse
• Test WebSocket security: WebSocket header injection in upgrade request
• Test WebSocket security: WebSocket protocol downgrade attack vector
• Test WebSocket security: WebSocket masking key manipulation vulnerability
• Test WebSocket security: WebSocket close frame abuse for connection reset
• Test WebSocket security: WebSocket continuation frame manipulation
• Test WebSocket security: WebSocket control frame injection attack
• Test WebSocket security: WebSocket text frame encoding manipulation
• Test WebSocket security: WebSocket reserved bit manipulation vulnerability
• Test WebSocket security: WebSocket payload length field overflow
• Test WebSocket security: WebSocket handshake parameter injection
• Test WebSocket security: WebSocket Sec-WebSocket-Key predictability
• Test WebSocket security: WebSocket Sec-WebSocket-Version downgrade
• Test WebSocket security: WebSocket Sec-WebSocket-Protocol injection
• Test WebSocket security: WebSocket Sec-WebSocket-Extensions manipulation
• Test WebSocket security: WebSocket proxy authentication bypass
• Test WebSocket security: WebSocket reverse proxy misconfiguration
• Test WebSocket security: WebSocket load balancer session persistence
• Test WebSocket security: WebSocket CDN WebSocket support vulnerability
• Test WebSocket security: WebSocket firewall rule bypass technique
• Test WebSocket security: WebSocket IDS/IPS evasion via fragmentation
• Test WebSocket security: WebSocket WAF bypass via encoding technique
• Test WebSocket security: WebSocket rate limiting bypass for abuse
• Test WebSocket security: WebSocket concurrent connection abuse
• Test WebSocket security: WebSocket idle timeout exploitation for persistence
• Test WebSocket security: WebSocket reconnection logic security vulnerability
• Test WebSocket security: WebSocket fallback transport security (XHR/SSE)
• Test WebSocket security: WebSocket Socket.IO authentication bypass
• Test WebSocket security: WebSocket Socket.IO room subscription abuse
• Test WebSocket security: WebSocket SignalR hub access control bypass
• Test WebSocket security: WebSocket STOMP protocol security vulnerability
• Test WebSocket security: WebSocket WAMP protocol authentication bypass
• Test WebSocket security: WebSocket GraphQL subscription security
• Test WebSocket security: WebSocket MQTT over WebSocket security vulnerability
• Test WebSocket security: WebSocket AMQP over WebSocket access control
• Test WebSocket security: WebSocket gRPC-Web security vulnerability
• Test WebSocket security: WebSocket real-time data leakage via subscription
• Test WebSocket security: WebSocket presence status information disclosure
• Test WebSocket security: WebSocket typing indicator surveillance vulnerability
• Test WebSocket security: WebSocket read receipt privacy bypass
• Test WebSocket security: WebSocket online/offline status enumeration
• Test WebSocket security: WebSocket group chat access control bypass
• Test WebSocket security: WebSocket direct message interception vulnerability
• Test WebSocket security: WebSocket file transfer over WebSocket security
• Test WebSocket security: WebSocket screen sharing over WebSocket abuse
• Test WebSocket security: WebSocket voice/video over WebRTC via WebSocket
• Test WebSocket security: WebSocket collaborative editing security vulnerability
• Test WebSocket security: WebSocket live streaming data exfiltration
• Test WebSocket security: WebSocket IoT device control security vulnerability
• Test WebSocket security: WebSocket game state manipulation vulnerability
• Test WebSocket security: WebSocket trading platform price manipulation
• Test WebSocket security: WebSocket financial data stream security
• Test WebSocket security: WebSocket notification stream access control
• Test WebSocket security: WebSocket event stream authorization bypass
• Test WebSocket security: WebSocket audit log stream data leakage
• Test WebSocket security: WebSocket monitoring stream metric exposure
• Test WebSocket security: WebSocket debug stream information disclosure
• Test WebSocket security: WebSocket admin stream privilege escalation
• Test WebSocket security: WebSocket internal service stream access bypass
• Test WebSocket security: WebSocket microservice stream enumeration
• Test WebSocket security: WebSocket database change stream data leakage
• Test WebSocket security: WebSocket cache invalidation stream abuse
• Test WebSocket security: WebSocket search index update stream manipulation
• Test WebSocket security: WebSocket deployment event stream security
• Test WebSocket security: WebSocket CI/CD pipeline stream vulnerability

🔌

API Token Security Deep

84 checks

0/84

• Test API token security: bearer token without expiration time
• Test API token security: bearer token with excessively long expiration
• Test API token security: bearer token transmitted over unencrypted connection
• Test API token security: bearer token stored in localStorage without protection
• Test API token security: bearer token stored in sessionStorage without encryption
• Test API token security: bearer token included in URL query parameter
• Test API token security: bearer token included in HTTP Referer header leakage
• Test API token security: bearer token included in server access logs
• Test API token security: bearer token not invalidated after password change
• Test API token security: bearer token not invalidated after account deletion
• Test API token security: bearer token not invalidated after logout operation
• Test API token security: bearer token not invalidated after role change
• Test API token security: bearer token not invalidated after permission revocation
• Test API token security: bearer token not bound to client identity
• Test API token security: bearer token not bound to IP address or session
• Test API token security: bearer token predictable generation algorithm
• Test API token security: bearer token insufficient entropy for security
• Test API token security: bearer token reuse across different environments
• Test API token security: bearer token reuse across different applications
• Test API token security: bearer token sharing between frontend and backend
• Test API token security: refresh token without rotation mechanism
• Test API token security: refresh token without expiration enforcement
• Test API token security: refresh token reuse detection not implemented
• Test API token security: refresh token stored insecurely on client
• Test API token security: refresh token transmitted over unencrypted channel
• Test API token security: refresh token not revoked on suspicious activity
• Test API token security: refresh token not revoked on security event
• Test API token security: refresh token unlimited use without rotation
• Test API token security: API key without expiration or rotation policy
• Test API token security: API key with excessive scope permissions
• Test API token security: API key shared across multiple applications
• Test API token security: API key stored in source code repository
• Test API token security: API key stored in client-side JavaScript code
• Test API token security: API key stored in configuration file without encryption
• Test API token security: API key included in version control system
• Test API token security: API key exposed in error messages or logs
• Test API token security: API key exposed in API documentation publicly
• Test API token security: API key not hashed or encrypted at rest
• Test API token security: API key generation without proper authorization
• Test API token security: API key deletion without proper authorization
• Test API token security: API key regeneration without notification
• Test API token security: API key rate limiting bypass vulnerability
• Test API token security: API key scope escalation via parameter manipulation
• Test API token security: API key type confusion between read/write permissions
• Test API token security: OAuth access token scope escalation vulnerability
• Test API token security: OAuth access token audience confusion attack
• Test API token security: OAuth access token issuer confusion attack
• Test API token security: OAuth access token not bound to OAuth client
• Test API token security: JWT token algorithm confusion attack (RS256 to HS256)
• Test API token security: JWT token none algorithm bypass vulnerability
• Test API token security: JWT token empty signature acceptance vulnerability
• Test API token security: JWT token signature key confusion attack
• Test API token security: JWT token kid parameter injection vulnerability
• Test API token security: JWT token jku header parameter injection
• Test API token security: JWT token x5u header parameter injection
• Test API token security: JWT token claim manipulation without verification
• Test API token security: JWT token expiration bypass via time manipulation
• Test API token security: JWT token audience claim bypass technique
• Test API token security: JWT token issuer claim spoofing vulnerability
• Test API token security: JWT token subject claim swapping attack
• Test API token security: JWT token not-before claim manipulation bypass
• Test API token security: JWT token issued-at claim manipulation
• Test API token security: JWT token JTI claim collision and replay
• Test API token security: JWT token encryption algorithm downgrade attack
• Test API token security: JWT token nested JWT exploitation vulnerability
• Test API token security: JWT token priority claim manipulation
• Test API token security: JWT token custom claim injection for privilege escalation
• Test API token security: JWT token header parameter injection for bypass
• Test API token security: JWT token payload compression side-channel attack
• Test API token security: JWT token signature length extension vulnerability
• Test API token security: JWT token signature timing attack on verification
• Test API token security: JWT token signing key rotation security gap
• Test API token security: JWT token verification library vulnerability exploitation
• Test API token security: JWT token deserialization attack on parser
• Test API token security: JWT token canonicalization difference exploitation
• Test API token security: JWT token Unicode normalization attack
• Test API token security: JWT token base64url padding oracle vulnerability
• Test API token security: JWT token JSON parser differential exploitation
• Test API token security: JWT token duplicate header parameter injection
• Test API token security: JWT token multiple signature confusion attack
• Test API token security: JWT token certificate chain validation bypass
• Test API token security: JWT token CRL/OCSP revocation check bypass
• Test API token security: JWT token key identifier collision exploitation
• Test API token security: JWT token key rollover window attack

🤖

Android Forensic Security

92 checks

0/92

• Test Android forensic: data recovery after application uninstall
• Test Android forensic: data recovery after cache clearing operation
• Test Android forensic: data recovery after shared preferences deletion
• Test Android forensic: data recovery after database file deletion
• Test Android forensic: data recovery after file deletion on internal storage
• Test Android forensic: data recovery after file deletion on external storage
• Test Android forensic: data recovery from SQLite WAL file residue
• Test Android forensic: data recovery from SQLite journal file residue
• Test Android forensic: data recovery from temporary file residue
• Test Android forensic: data recovery from backup file residue
• Test Android forensic: data recovery from log file residue
• Test Android forensic: data recovery from crash dump residue
• Test Android forensic: data recovery from memory dump after process exit
• Test Android forensic: data recovery from swap file on disk
• Test Android forensic: data recovery from hibernation image
• Test Android forensic: data recovery from ADB backup extraction
• Test Android forensic: data recovery from cloud backup (Google Drive)
• Test Android forensic: data recovery from auto-backup mechanism
• Test Android forensic: data recovery from device transfer mechanism
• Test Android forensic: data recovery from smart switch migration
• Test Android forensic: data recovery from deleted SQLite records (unallocated space)
• Test Android forensic: data recovery from deleted file slack space
• Test Android forensic: data recovery from RAM dump on rooted device
• Test Android forensic: data recovery from /proc/pid/mem access
• Test Android forensic: data recovery from core dump file analysis
• Test Android forensic: data recovery from tombstone crash file
• Test Android forensic: data recovery from dropbox (system) crash entries
• Test Android forensic: data recovery from logcat buffered entries
• Test Android forensic: data recovery from system property values
• Test Android forensic: data recovery from content provider cache
• Test Android forensic: data recovery from sync adapter cache
• Test Android forensic: data recovery from account manager data
• Test Android forensic: data recovery from package manager data
• Test Android forensic: data recovery from download manager database
• Test Android forensic: data recovery from media store database
• Test Android forensic: data recovery from contacts provider database
• Test Android forensic: data recovery from calendar provider database
• Test Android forensic: data recovery from call log database
• Test Android forensic: data recovery from SMS/MMS database
• Test Android forensic: data recovery from browser history database
• Test Android forensic: data recovery from browser cookie database
• Test Android forensic: data recovery from browser form data
• Test Android forensic: data recovery from browser cache directory
• Test Android forensic: data recovery from WebView data directory
• Test Android forensic: data recovery from WebView cache database
• Test Android forensic: data recovery from WebView local storage
• Test Android forensic: data recovery from WebView session storage
• Test Android forensic: data recovery from WebView indexedDB
• Test Android forensic: data recovery from WebView service worker cache
• Test Android forensic: data recovery from input method cache
• Test Android forensic: data recovery from keyboard prediction data
• Test Android forensic: data recovery from clipboard history
• Test Android forensic: data recovery from notification history
• Test Android forensic: data recovery from recent apps list
• Test Android forensic: data recovery from screenshot file residue
• Test Android forensic: data recovery from screen recording file
• Test Android forensic: data recovery from voice recording file
• Test Android forensic: data recovery from camera image thumbnail
• Test Android forensic: data recovery from gallery thumbnail cache
• Test Android forensic: data recovery from EXIF geolocation data
• Test Android forensic: data recovery from document thumbnail cache
• Test Android forensic: data recovery from download file residue
• Test Android forensic: data recovery from Bluetooth transfer history
• Test Android forensic: data recovery from WiFi configuration data
• Test Android forensic: data recovery from VPN configuration data
• Test Android forensic: data recovery from NFC tag history
• Test Android forensic: data recovery from location history database
• Test Android forensic: data recovery from activity recognition data
• Test Android forensic: data recovery from sensor event buffer
• Test Android forensic: data recovery from usage stats manager data
• Test Android forensic: data recovery from accessibility event log
• Test Android forensic: data recovery from autofill service data
• Test Android forensic: data recovery from content suggestion data
• Test Android forensic: data recovery from search provider data
• Test Android forensic: data recovery from app shortcut data
• Test Android forensic: data recovery from widget data residue
• Test Android forensic: data recovery from live wallpaper data
• Test Android forensic: data recovery from dream (screensaver) data
• Test Android forensic: data recovery from print service data
• Test Android forensic: data recovery from print spooler cache
• Test Android forensic: data recovery from scan service cache
• Test Android forensic: data recovery from CompanionDeviceManager data
• Test Android forensic: data recovery from NetworkScoreManager data
• Test Android forensic: data recovery from NetworkStatsManager data
• Test Android forensic: data recovery from ConnectivityService data
• Test Android forensic: data recovery from IpSecService data
• Test Android forensic: data recovery from VpnManager data
• Test Android forensic: data recovery from EuiccManager data
• Test Android forensic: data recovery from CarrierConfigManager data
• Test Android forensic: data recovery from SubscriptionManager data
• Test Android forensic: data recovery from TelephonyManager data
• Test Android forensic: data recovery from SmsManager data

🍏

iOS Data Recovery

90 checks

0/90

• Test iOS data recovery: data recovery after application uninstall on iOS
• Test iOS data recovery: data recovery after app data clearing
• Test iOS data recovery: data recovery from Keychain after app deletion
• Test iOS data recovery: data recovery from UserDefaults after uninstall
• Test iOS data recovery: data recovery from CoreData database residue
• Test iOS data recovery: data recovery from SQLite database residue
• Test iOS data recovery: data recovery from Documents directory residue
• Test iOS data recovery: data recovery from Library directory residue
• Test iOS data recovery: data recovery from tmp directory residue
• Test iOS data recovery: data recovery from Cache directory residue
• Test iOS data recovery: data recovery from iCloud backup data
• Test iOS data recovery: data recovery from iTunes/Finder backup
• Test iOS data recovery: data recovery from iCloud Drive app data
• Test iOS data recovery: data recovery from CloudKit record residue
• Test iOS data recovery: data recovery from device-to-device migration
• Test iOS data recovery: data recovery from Quick Start transfer
• Test iOS data recovery: data recovery from deleted SQLite records
• Test iOS data recovery: data recovery from WAL file residue on iOS
• Test iOS data recovery: data recovery from journal file residue on iOS
• Test iOS data recovery: data recovery from temporary file residue
• Test iOS data recovery: data recovery from crash log residue
• Test iOS data recovery: data recovery from diagnostic report data
• Test iOS data recovery: data recovery from metricKit hang report
• Test iOS data recovery: data recovery from metricKit crash data
• Test iOS data recovery: data recovery from metricKit disk write data
• Test iOS data recovery: data recovery from metricKit CPU exception data
• Test iOS data recovery: data recovery from system log entries
• Test iOS data recovery: data recovery from os_log persistent entries
• Test iOS data recovery: data recovery from unified log system data
• Test iOS data recovery: data recovery from sysdiagnose output
• Test iOS data recovery: data recovery from console log capture
• Test iOS data recovery: data recovery from network extension data
• Test iOS data recovery: data recovery from VPN configuration residue
• Test iOS data recovery: data recovery from WiFi known networks
• Test iOS data recovery: data recovery from Bluetooth paired devices
• Test iOS data recovery: data recovery from NFC tag session data
• Test iOS data recovery: data recovery from CoreLocation visited places
• Test iOS data recovery: data recovery from significant location changes
• Test iOS data recovery: data recovery from location services cache
• Test iOS data recovery: data recovery from Maps route history
• Test iOS data recovery: data recovery from Siri interaction history
• Test iOS data recovery: data recovery from Dictation history data
• Test iOS data recovery: data recovery from Spotlight index data
• Test iOS data recovery: data recovery from Safari bookmarks residue
• Test iOS data recovery: data recovery from Safari history database
• Test iOS data recovery: data recovery from Safari cache directory
• Test iOS data recovery: data recovery from Safari WebKit local storage
• Test iOS data recovery: data recovery from Safari WebKit session storage
• Test iOS data recovery: data recovery from Safari WebKit indexedDB
• Test iOS data recovery: data recovery from photo library thumbnail cache
• Test iOS data recovery: data recovery from camera roll deleted items
• Test iOS data recovery: data recovery from recently deleted photos album
• Test iOS data recovery: data recovery from iCloud photo stream residue
• Test iOS data recovery: data recovery from shared album cache data
• Test iOS data recovery: data recovery from HealthKit data residue
• Test iOS data recovery: data recovery from Contacts database residue
• Test iOS data recovery: data recovery from Calendar database residue
• Test iOS data recovery: data recovery from Reminders database residue
• Test iOS data recovery: data recovery from Notes database residue
• Test iOS data recovery: data recovery from Messages attachment cache
• Test iOS data recovery: data recovery from Mail draft cache data
• Test iOS data recovery: data recovery from Keyboard learned words
• Test iOS data recovery: data recovery from Clipboard/Pasteboard history
• Test iOS data recovery: data recovery from Notification Center cache
• Test iOS data recovery: data recovery from Widget data residue
• Test iOS data recovery: data recovery from Apple Watch paired data
• Test iOS data recovery: data recovery from AirDrop transfer cache
• Test iOS data recovery: data recovery from Handoff activity data
• Test iOS data recovery: data recovery from Universal Clipboard data
• Test iOS data recovery: data recovery from Continuity camera data
• Test iOS data recovery: data recovery from Sidecar display data
• Test iOS data recovery: data recovery from AirPlay session data
• Test iOS data recovery: data recovery from HomeKit configuration data
• Test iOS data recovery: data recovery from Wallet pass data residue
• Test iOS data recovery: data recovery from Apple Pay transaction cache
• Test iOS data recovery: data recovery from Face ID enrollment data
• Test iOS data recovery: data recovery from Touch ID configuration data
• Test iOS data recovery: data recovery from Secure Enclave key metadata
• Test iOS data recovery: data recovery from DeviceCheck attestation data
• Test iOS data recovery: data recovery from App Attest token data
• Test iOS data recovery: data recovery from push notification cache
• Test iOS data recovery: data recovery from background refresh data
• Test iOS data recovery: data recovery from background transfer cache
• Test iOS data recovery: data recovery from URL session cache data
• Test iOS data recovery: data recovery from URL credential storage data
• Test iOS data recovery: data recovery from cookie storage data
• Test iOS data recovery: data recovery from HTTP cache directory data
• Test iOS data recovery: data recovery from network extension cache
• Test iOS data recovery: data recovery from CallKit call history
• Test iOS data recovery: data recovery from MessageKit message cache

🖥️

Anti-Debugging Deep

85 checks

0/85

• Test anti-debugging: IsDebuggerPresent API detection bypass
• Test anti-debugging: CheckRemoteDebuggerPresent bypass technique
• Test anti-debugging: NtQueryInformationProcess debugger detection bypass
• Test anti-debugging: ProcessDebugPort query bypass method
• Test anti-debugging: ProcessDebugFlags query bypass technique
• Test anti-debugging: ProcessDebugObjectHandle query bypass
• Test anti-debugging: TLS callback-based debugger detection bypass
• Test anti-debugging: SEH (Structured Exception Handling) debug detection bypass
• Test anti-debugging: timing-based debugger detection evasion
• Test anti-debugging: CPU tick count debugger detection bypass
• Test anti-debugging: GetTickCount timing check evasion technique
• Test anti-debugging: QueryPerformanceCounter timing bypass method
• Test anti-debugging: RDTSC instruction timing-based evasion
• Test anti-debugging: interrupt 0x2D debugger detection bypass
• Test anti-debugging: int 2Dh debugger detection technique evasion
• Test anti-debugging: CloseHandle exception-based detection bypass
• Test anti-debugging: OutputDebugString error-based detection bypass
• Test anti-debugging: hardware breakpoint detection and removal
• Test anti-debugging: software breakpoint detection and patching
• Test anti-debugging: INT3 breakpoint detection and bypass
• Test anti-debugging: CC byte scanning for breakpoint evasion
• Test anti-debugging: opcode integrity check bypass technique
• Test anti-debugging: code checksum verification bypass method
• Test anti-debugging: code hash verification evasion technique
• Test anti-debugging: import address table (IAT) hook detection bypass
• Test anti-debugging: export address table (EAT) hook detection bypass
• Test anti-debugging: inline hook detection and restoration technique
• Test anti-debugging: detour detection and removal method
• Test anti-debugging: patch detection via memory comparison bypass
• Test anti-debugging: module memory hash verification evasion
• Test anti-debugging: API hooking detection via syscall bypass
• Test anti-debugging: direct syscall invocation for API bypass
• Test anti-debugging: SSN (System Service Number) resolution technique
• Test anti-debugging: syscall stub extraction from ntdll bypass
• Test anti-debugging: HalosGate syscall resolution evasion technique
• Test anti-debugging: TartarusGate syscall extraction bypass
• Test anti-debugging: Syswhispers3 syscall stub generation evasion
• Test anti-debugging: manual DLL mapping for hook bypass
• Test anti-debugging: reflective DLL loading for hook evasion
• Test anti-debugging: DLL unhooking technique for EDR bypass
• Test anti-debugging: ntdll.dll re-mapping from disk technique
• Test anti-debugging: fresh ntdll copy mapping for unhooking
• Test anti-debugging: PERESOLVE syscall resolution bypass method
• Test anti-debugging: ApiResolve technique for unhooked API calls
• Test anti-debugging: ETW (Event Tracing for Windows) patching
• Test anti-debugging: AMSI (Anti-Malware Scan Interface) patching
• Test anti-debugging: CLR (Common Language Runtime) hooking detection
• Test anti-debugging: .NET debugging detection and evasion
• Test anti-debugging: managed debugger detection bypass technique
• Test anti-debugging: MDA (Managed Debugging Assistant) evasion
• Test anti-debugging: Java debugging (JDWP) detection bypass
• Test anti-debugging: Python debugging (pdb) detection evasion
• Test anti-debugging: Node.js debugging (V8 inspector) detection bypass
• Test anti-debugging: Go debugging (delve) detection evasion
• Test anti-debugging: Rust debugging detection and bypass technique
• Test anti-debugging: Electron app debugging detection bypass
• Test anti-debugging: Flutter app debugging detection evasion method
• Test anti-debugging: React Native debugging detection bypass
• Test anti-debugging: virtual machine detection and evasion technique
• Test anti-debugging: sandbox detection and evasion method
• Test anti-debugging: analysis environment detection bypass technique
• Test anti-debugging: malware analysis tool detection evasion
• Test anti-debugging: debugger attachment timing race condition
• Test anti-debugging: debugger detachment race condition exploitation
• Test anti-debugging: multi-process debugging detection bypass method
• Test anti-debugging: parent process verification evasion technique
• Test anti-debugging: child process debugging detection bypass
• Test anti-debugging: process tree analysis evasion technique
• Test anti-debugging: named pipe debugger communication detection
• Test anti-debugging: shared memory debugger detection bypass
• Test anti-debugging: remote thread debugger detection evasion method
• Test anti-debugging: debug register manipulation technique
• Test anti-debugging: DR0-DR7 debug register clearing technique
• Test anti-debugging: single-step exception handling bypass method
• Test anti-debugging: trap flag detection and evasion technique
• Test anti-debugging: breakpoint exception handling evasion
• Test anti-debugging: guard page exception-based detection bypass
• Test anti-debugging: page exception monitoring evasion technique
• Test anti-debugging: memory access breakpoint detection bypass method
• Test anti-debugging: execution breakpoint detection evasion technique
• Test anti-debugging: conditional breakpoint detection and bypass
• Test anti-debugging: data breakpoint detection and removal method
• Test anti-debugging: anti-anti-debugging tool detection and evasion
• Test anti-debugging: ScyllaHide plugin bypass technique
• Test anti-debugging: TitanEngine anti-debug bypass technique