{"_id":"redgun-security","_rev":"14-b3378baab8559c3400afbed6bbc85418","name":"redgun-security","dist-tags":{"latest":"4.0.0"},"versions":{"1.0.0":{"name":"redgun-security","version":"1.0.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","xss","sqli","ssrf","ssti","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.0.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"19ec8a143fac85ea8cf7645e9f85f43c3160137a","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.0.0.tgz","fileCount":30,"integrity":"sha512-pAHHiwDdLL/WgKbRg1RnNNhluEqrA+1tTNEQKfaA2kCAuVtpkcpCTqFQXJn+FQmCT/ITFnBKwuJuBndRpnmwUw==","signatures":[{"sig":"MEUCIFtGU3k9Z/ynlG7PJ9ZTdgS7RuBS0A+kmYNddJwngUoIAiEA/Y7nfBb44Wm7hw7RlMirz1xtHZHxrRBrNRBJ4K14FRg=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":113005},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"497712bd182e76a633813920e2193bd1bc207797","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.0.0_1781597852667_0.4379963712413546","host":"s3://npm-registry-packages-npm-production"}},"1.1.0":{"name":"redgun-security","version":"1.1.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.1.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"81c9528c09a92a7aad50498f7b17a81eec3dbf63","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.1.0.tgz","fileCount":37,"integrity":"sha512-QJUtwFXBAYQoxipVgQ9zmHFYhcFfAkA1KJywmw4sKuxtdi+eMUVhjCbCJrwIC25Khuol+7Rd2/2RfFLpUadLJA==","signatures":[{"sig":"MEQCIDHuNKDiEkZeJRuHAiOnQKqLVhYC3vEPatIRG4Vdal9kAiAz3eKxMOaPD9O8srouVs1m3GKNCATDb9P0y2MluU2h3Q==","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":164834},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"bfce9341d51a55daf6db2749eaec904958c8b602","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.1.0_1781602560960_0.7464615590310841","host":"s3://npm-registry-packages-npm-production"}},"1.2.0":{"name":"redgun-security","version":"1.2.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.2.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"2c6f3bce9e5574d08862060333b91c21ef0bcc84","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.2.0.tgz","fileCount":46,"integrity":"sha512-NSu9Bpr/22kjVYH56OGAOIJUQs8zTqWMrLljVc91m6S0efOXd7Xh/Cxj54tNe0XSgWBt2W2ZA2pVcE6a7l7pxw==","signatures":[{"sig":"MEUCIQChg4PA+Wd/JzH7MXROH4XGsxUMtu5J/d0R/T0Ctb0P4QIgFPQC53VAVNWkULofkkaIAtLj+bWp14ouDD3zrm3Unh8=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":213728},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"25796f1e8a4fa8d7f24d8bafef32e33b6dbe5c35","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.2.0_1781604132457_0.9474922032452398","host":"s3://npm-registry-packages-npm-production"}},"1.3.0":{"name":"redgun-security","version":"1.3.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.3.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"93b4749b79deb51fca182004042e8c8fcef6baee","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.3.0.tgz","fileCount":53,"integrity":"sha512-ghPapwLAiITz/0ZxpNuUb0OU9QUYUzBaGttyYMyZUhOB+B4pGSNxRQEfTiBKgv6vlmXCpTC4IEFsBLeCYaC2PQ==","signatures":[{"sig":"MEQCIEhbiATFmZ4NG1Mrj8xCuVdNaub6XyULZE+v6eA8x6TiAiAC1deGZ/IrljYHpvbRhgm0ikZcPGpChNX6UqqQKgcQyA==","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":251401},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"d09844c6ef97cc57338b2b1a57efb0be014d7edb","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.3.0_1781604689179_0.8580302546369061","host":"s3://npm-registry-packages-npm-production"}},"1.4.0":{"name":"redgun-security","version":"1.4.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.4.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"35d41d8c1b47317c2397f52e7223af4e8364e5f3","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.4.0.tgz","fileCount":61,"integrity":"sha512-DJgtLI1dDvmqgI65gwf1ZgDiiXWYVXiTiNHKzwRKV6iC2jmNbXJEEjQtIUMwLnpkS8gSuBTJJ4HQnLffBRz1iQ==","signatures":[{"sig":"MEQCIHLbVVC9zUAHEAhFAxgEnTtebWnNjQ1E+m3WxovwMXEWAiBYcNWb6WAGWvm7wQmEHvCs3Q3C78+2VlIRGpBwrPN+MA==","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":289232},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"a63b166de437c2cc39fb25385656817b3c016b02","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.4.0_1781608944872_0.37385577386054014","host":"s3://npm-registry-packages-npm-production"}},"1.4.1":{"name":"redgun-security","version":"1.4.1","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.4.1","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"f561ad3e352fc11c6f3c7656299274223f630183","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.4.1.tgz","fileCount":61,"integrity":"sha512-y2AeJoC+rxWt4YJ9CGNbIdS2wlQE5mZuBxdUPsB49kTw67TYsW36EMbu8HvH38JvjpRmCdQgA5CRBwFX9uKgJg==","signatures":[{"sig":"MEYCIQDb/g3pB2w18B8ZoPdtP6Ud3/7QogAr/O3b5ffj3Qa/CQIhAPrg/kCjAXRfJMY8VOehKqecTAhUUIYDWrAicLdSkOP1","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":288622},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"4b5dc990be4e611f4f40045820ad5ba642ec6605","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.4.1_1781609802033_0.900093530399593","host":"s3://npm-registry-packages-npm-production"}},"1.4.2":{"name":"redgun-security","version":"1.4.2","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@1.4.2","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"e25932101a377cc8f1c0cebfed60b822370a42c2","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-1.4.2.tgz","fileCount":61,"integrity":"sha512-vGpct8klopxvQH05gxDNFJqbgimYqiFBi6fZv56hr7DvBydGWx2yR5DQlPPjO5s5jeUp1EqGZzSlbHrNGeiPxA==","signatures":[{"sig":"MEYCIQC93llJFQ576FMysy3tvvXxmYccnSX3f3uEJAhP7jPZCAIhAInsrRU/VR6sSzIkPoiL7f6FaZ1rmPVuyNHf3u/U7rK5","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":288991},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"7d7cb1c9dbeccaf4e6ffcb5cc264f46b926e95ff","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_1.4.2_1781611606485_0.5508718528876346","host":"s3://npm-registry-packages-npm-production"}},"2.0.0":{"name":"redgun-security","version":"2.0.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@2.0.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"ac9474c9d6bbd05bc735f12cad29efbb53b9d5ec","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-2.0.0.tgz","fileCount":62,"integrity":"sha512-TYSJ8AjvHgNG44i/abXQXrVMHwK8U1/byLP+T7GyIpBqc3OExDscSrYwq2/nyI0/xcxJcSBz5nLrnmPmEya3uA==","signatures":[{"sig":"MEYCIQCDUiN2o02ddkAkm9CulT8BoqnNdX7YWmVEb1QtxyKttAIhAPNI552woi2XyJ4Rz9y6OA6jfIcS0NtYnGiguAwYmlJD","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":311438},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"96e2d0fe5dc4ad37dd973c24ee91210550e98d4a","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_2.0.0_1781611936768_0.08801787435638952","host":"s3://npm-registry-packages-npm-production"}},"2.1.0":{"name":"redgun-security","version":"2.1.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@2.1.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"bee321f9e5227a8977bdf74621913d36d076042a","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-2.1.0.tgz","fileCount":63,"integrity":"sha512-4mxj42lNdmuKT/b1ydX2ordrhKv7JHS85jgHhN1oRIfsK55wipmh7k9DRO2SKjr28M++DEmyoNhHfyb0Hj7JWw==","signatures":[{"sig":"MEYCIQC2SH1fi1FOvpbr6wj/nJFRguHFkBkwWVfn5fXu9L2P3gIhAKegp5p4mScbTh/CEC0vZFhFA6BjGGW7bZ3xXr1QBDet","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":320617},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"2268f621d9fac3d74ebe7b90e76ac4482cfd2248","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_2.1.0_1781612895703_0.5908954191338087","host":"s3://npm-registry-packages-npm-production"}},"2.2.0":{"name":"redgun-security","version":"2.2.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@2.2.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"a3f26ffcd55f5ad9ce102661b8dc06fb5438e2ff","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-2.2.0.tgz","fileCount":64,"integrity":"sha512-ALyxpB4Tw46VXtoPhOV6FQdhEsejzseVB5bLzLoye6Wh1lT1RxgQt49nCmsB/W/Y8YU924E65+6OHuHBk0S7Ow==","signatures":[{"sig":"MEUCIEBb5AtzqX2UKeRq+I6mJipkToa0NCr8TXdOp7AnvRQuAiEAnymr7bXIjKuRPWYvflH3yk7YNgq0kDRPBQSjl4BHRM8=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":330041},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"aa0fffebd0badfaf7eff02a65908586064922cb3","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_2.2.0_1781613330279_0.2547081133589173","host":"s3://npm-registry-packages-npm-production"}},"3.0.0":{"name":"redgun-security","version":"3.0.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@3.0.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"e25df1418b6caed0800c482eb5b9425ad4401d0d","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-3.0.0.tgz","fileCount":69,"integrity":"sha512-az7I8Vw1rAjUmm2R4/9mSJj6RJGkzorfZQ4Mi0FYOqVGRq6vy95HwUHmB1ZFf88WdvRFfYv8cb7mgKqS61238A==","signatures":[{"sig":"MEUCIDI7ixD54WmvWJRDQYsSbXBizYfVI35Vx/r+t2VoDqS3AiEAoGjaI2zM9iAU33+YIuNS3lyALwX773uCJSYmHPVljko=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":349111},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"286ffe5e875e678f1ec65e1f0040923490ffa04f","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_3.0.0_1781668853110_0.30552646447824783","host":"s3://npm-registry-packages-npm-production"}},"3.1.0":{"name":"redgun-security","version":"3.1.0","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@3.1.0","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"cd759f804e9d3cede2d034a8928d625b2a11da05","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-3.1.0.tgz","fileCount":71,"integrity":"sha512-bAMyU+YVJ4TMa9ZOD5f9TnblzZtoo8iU+VGEq+0hqDA2T+FTlTrS1A0lDBX+eRMICSMLRh6jooSL9+K9evXuBA==","signatures":[{"sig":"MEYCIQCK3YjmXhoynL3PYjG6ptY8vi7IO4cM6sQG/pPsoAd1xgIhAJCcpjBIBu36HSlNm0djyVlgifx4Mr9ZaxYLZf+0yJk5","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":373955},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"db479d412e5d25f9cbdf2ed14e3e886fea4a3d28","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_3.1.0_1781671035095_0.9631017119354901","host":"s3://npm-registry-packages-npm-production"}},"3.1.1":{"name":"redgun-security","version":"3.1.1","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","_id":"redgun-security@3.1.1","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"homepage":"https://github.com/aloc999/redgun#readme","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"bin":{"redgun":"bin/redgun.js"},"dist":{"shasum":"748dbe4ea208226aef38f1483c4cb250d0ef6435","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-3.1.1.tgz","fileCount":71,"integrity":"sha512-ze/25qx4hjm6sqHKYuCqph0LqgLNAGqpBxbtfO6ndV/piRJjnccYcYEN7PPx+v24QH33cE5lffkxitvaVl42Mg==","signatures":[{"sig":"MEYCIQDA8TcD0tPukYTFbecsDQsJOaaYUgZbpmO2H3lIJwkbYQIhAILa7jYuDLCzy/wmYlzChiSPtXh1i4GKDb/a7OvogvmV","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":371692},"main":"scan.js","type":"module","engines":{"node":">=18"},"gitHead":"f137ab413f641c250b5b353e3b97c4be615c9d7a","scripts":{"scan":"node bin/redgun.js scan","test":"node --test","audit":"node bin/redgun.js audit .","start":"node bin/redgun.js"},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"repository":{"url":"git+https://github.com/aloc999/redgun.git","type":"git"},"_npmVersion":"11.16.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","directories":{},"_nodeVersion":"24.15.0","dependencies":{"ora":"^8.0.1","glob":"^10.4.2","chalk":"^5.3.0","table":"^6.8.2","inquirer":"^9.2.23","commander":"^12.1.0","puppeteer":"^22.12.0","node-fetch":"^3.3.2"},"_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/redgun-security_3.1.1_1781671325425_0.8290941435895891","host":"s3://npm-registry-packages-npm-production"}},"4.0.0":{"name":"redgun-security","version":"4.0.0","description":"Black-box & white-box security auditor for web applications with HackTricks techniques","type":"module","main":"scan.js","bin":{"redgun":"bin/redgun.js"},"scripts":{"start":"node bin/redgun.js","scan":"node bin/redgun.js scan","audit":"node bin/redgun.js audit .","test":"node --test"},"keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"author":{"name":"aloc999"},"license":"MIT","dependencies":{"chalk":"^5.3.0","commander":"^12.1.0","inquirer":"^9.2.23","ora":"^8.0.1","puppeteer":"^22.12.0","node-fetch":"^3.3.2","glob":"^10.4.2","table":"^6.8.2"},"engines":{"node":">=18"},"repository":{"type":"git","url":"git+https://github.com/aloc999/redgun.git"},"gitHead":"9396edfa9d62a39d3a06b9e054425ed8950b88de","_id":"redgun-security@4.0.0","bugs":{"url":"https://github.com/aloc999/redgun/issues"},"homepage":"https://github.com/aloc999/redgun#readme","_nodeVersion":"24.15.0","_npmVersion":"11.16.0","dist":{"integrity":"sha512-adrnMiQh+ktbItTnEGHdJ4Cu+D0a7IKfuu3s5aZdKAkNnb/8Z+P/Ozxl67ggPUtQ2fUEWIfHf5ZSlkiS6W9jFg==","shasum":"3e42f1a50b7498671ee4967cbce3f3940e78b6b3","tarball":"https://registry.npmjs.org/redgun-security/-/redgun-security-4.0.0.tgz","fileCount":78,"unpackedSize":404846,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEQCIEzGnlXlkqwuQvUfslHwwLMGtyEpPHvNORXDyinsSaEUAiBgwOCsjpHU2UMVbz+MoJL9qMae2K5/qQB7WfJjGiaS1Q=="}]},"_npmUser":{"name":"redgun99","email":"dawncavalry@gmail.com"},"directories":{},"maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/redgun-security_4.0.0_1781672632102_0.9530853634288983"},"_hasShrinkwrap":false}},"time":{"created":"2026-06-16T08:17:32.438Z","modified":"2026-06-17T05:03:52.537Z","1.0.0":"2026-06-16T08:17:32.802Z","1.1.0":"2026-06-16T09:36:01.134Z","1.2.0":"2026-06-16T10:02:12.605Z","1.3.0":"2026-06-16T10:11:29.386Z","1.4.0":"2026-06-16T11:22:25.003Z","1.4.1":"2026-06-16T11:36:42.216Z","1.4.2":"2026-06-16T12:06:46.654Z","2.0.0":"2026-06-16T12:12:16.912Z","2.1.0":"2026-06-16T12:28:15.848Z","2.2.0":"2026-06-16T12:35:30.410Z","3.0.0":"2026-06-17T04:00:53.284Z","3.1.0":"2026-06-17T04:37:15.251Z","3.1.1":"2026-06-17T04:42:05.611Z","4.0.0":"2026-06-17T05:03:52.418Z"},"bugs":{"url":"https://github.com/aloc999/redgun/issues"},"author":{"name":"aloc999"},"license":"MIT","homepage":"https://github.com/aloc999/redgun#readme","keywords":["security","scanner","pentest","vulnerability","audit","hacktricks","portswigger","katana","httpx","xss","sqli","ssrf","ssti","xxe","idor","oauth","web-security"],"repository":{"type":"git","url":"git+https://github.com/aloc999/redgun.git"},"description":"Black-box & white-box security auditor for web applications with HackTricks techniques","maintainers":[{"name":"redgun99","email":"dawncavalry@gmail.com"}],"readme":"<p align=\"center\">\n  <pre align=\"center\">\n  ██████╗ ███████╗██████╗  ██████╗ ██╗   ██╗███╗   ██╗\n  ██╔══██╗██╔════╝██╔══██╗██╔════╝ ██║   ██║████╗  ██║\n  ██████╔╝█████╗  ██║  ██║██║  ███╗██║   ██║██╔██╗ ██║\n  ██╔══██╗██╔══╝  ██║  ██║██║   ██║██║   ██║██║╚██╗██║\n  ██║  ██║███████╗██████╔╝╚██████╔╝╚██████╔╝██║ ╚████║\n  ╚═╝  ╚═╝╚══════╝╚═════╝  ╚═════╝  ╚═════╝ ╚═╝  ╚═══╝\n  </pre>\n</p>\n\n<p align=\"center\">\n  <strong>Black-box & white-box security auditor for web applications — Enhanced.</strong>\n</p>\n\n<p align=\"center\">\n  <a href=\"https://github.com/aloc999/redgun/blob/main/LICENSE\"><img src=\"https://img.shields.io/badge/license-MIT-blue\" alt=\"License\"></a>\n  <img src=\"https://img.shields.io/badge/node-%3E%3D18-green\" alt=\"Node\">\n  <img src=\"https://img.shields.io/badge/modules-100-ff4444\" alt=\"Modules\">\n  <img src=\"https://img.shields.io/badge/version-3.0.0-critical\" alt=\"Version\">\n</p>\n\n<br>\n\n## What is RedGun?\n\nRedGun is a comprehensive security auditing CLI tool with ~100 modules. Covers the full bug bounty workflow: authenticated scanning, browser engine (Puppeteer), attack chain chaining, validation engine with false-positive elimination, proxy support (Burp/Zap), concurrent execution, and more. Built for actual bounty hunting, not just reporting.\n\n**Remote scan** (black-box): Browser engine launches Chromium to capture network traffic, WebSocket, postMessage, DOM XSS. Then 60+ probes — XSS, SQLi, SSRF, XXE, OAuth, SAML, LDAP, IDOR, cache deception, HTTP smuggling, CRLF, parameter pollution, file upload, NoSQL, gRPC, AI/LLM injection, and more.\n\n**Local audit** (white-box): Scans 33 vulnerability classes in source code — secrets, SSTI, XXE, deserialization, proto pollution, JWT (kid/JWK/none), OAuth, IDOR, business logic, SAML, LDAP, CSRF, ATO, cloud misconfigs, CI/CD, mobile, smart contracts, CSS injection, postMessage, Electron/RN, WebAuthn, supply chain, and more.\n\nBuilt by [@aloc999 (Hashemi)](https://github.com/aloc999).\n\n<br>\n\n## Quick start\n\n```bash\nnpm install -g redgun-security\n\nredgun                                      # Interactive mode\nredgun scan https://target.com              # Remote scan\nredgun scan --proxy http://127.0.0.1:8080   # With Burp/Zap proxy\nredgun scan --auth myprofile                # Authenticated scan\nredgun scan --scope targets.txt             # Multi-target\nredgun audit .                              # Local audit\nredgun audit . --ci                         # CI mode\nredgun diff scan1.json scan2.json           # Diff two scans\nredgun auth add --name myprofile ...        # Manage auth profiles\nredgun auth list                            # List profiles\nredgun modules                              # List all modules\n```\n\n<br>\n\n## Remote Scan Modules (51 — Black-box)\n\n| Module | What it tests |\n|---|---|\n| **Browser Engine** | Headless Chromium: DOM XSS injection, network capture, WebSocket, postMessage, localStorage audit, screenshot on alert |\n| **Probe & Fingerprint** | Status code, title, 40+ techs, CDN/WAF, favicon hash, response time, vhost discovery |\n| **Crawl & Extract** | JS file parsing, endpoint extraction, form discovery, parameter mining, email harvesting, secret detection |\n| **HTTP Headers** | CSP, HSTS, X-Frame-Options, X-Content-Type, Referrer-Policy, Permissions-Policy, COOP, CORP, COEP |\n| **Exposed Files** | .env, .git, package.json, .DS_Store, actuator, swagger, phpinfo, Docker, backups |\n| **Secrets Detection** | AWS, Stripe, Firebase, Supabase, OpenAI, Anthropic, GitHub, Slack, Twilio, Discord in page source |\n| **XSS Reflected** | 6 payloads x 14 parameters, DOM-based indicators |\n| **SQL Injection** | Error-based, UNION-based, time-based blind |\n| **CORS Misconfig** | Wildcard + credentials, reflected origin, null origin |\n| **Open Redirect** | 12 redirect parameters, external URL confirmation |\n| **SSRF** | AWS/GCP metadata, IPv4/IPv6, DNS rebinding, redirect chains, gopher/file protocols |\n| **SSRF Bypass Chains** | Decimal/hex/octal IP, DNS rebinding (nip.io/xip.io), redirect chain, double encoding |\n| **Host Header Injection** | Reflected host, X-Forwarded-Host poisoning |\n| **HTTP Request Smuggling** | CL.TE probe detection |\n| **CRLF Injection** | Header injection via encoding variants |\n| **GraphQL Introspection** | Schema exposure, 5 endpoint queries |\n| **Clickjacking** | X-Frame-Options, frame-ancestors CSP |\n| **Cookie Security** | HttpOnly, Secure, SameSite flags |\n| **HTTP Methods** | TRACE, PUT, DELETE enabled |\n| **Subdomain Enumeration** | 40+ common subdomains, dangerous detection |\n| **DNS & Email** | SPF, DKIM, DMARC analysis |\n| **Technology Fingerprint** | 40+ frameworks, servers, services |\n| **API Discovery** | Common API paths, auth testing |\n| **SSL/TLS Analysis** | HTTP vs HTTPS detection |\n| **Path Traversal / LFI** | Double-encoding, unicode bypass, null byte |\n| **NoSQL Injection** | MongoDB $ne operator auth bypass |\n| **WebSocket Security** | Origin validation, auth checks |\n| **Cache Poisoning** | Unkeyed headers, Web Cache Deception |\n| **Race Conditions** | Concurrent request attack detection |\n| **XXE Injection** | XML entity injection at upload/import/SOAP endpoints |\n| **OAuth Misconfig** | redirect_uri validation, OIDC config, implicit flow |\n| **Access Control Bypass** | Admin panel, 403 bypass via headers, robots.txt |\n| **Web Cache Deception** | Static extension, path normalization |\n| **Parameter Pollution** | HPP, null byte truncation |\n| **File Upload Testing** | Endpoint discovery, OPTIONS probing |\n| **DOM-Based** | DOM sinks, postMessage, source-to-sink |\n| **HTTP/2 Attacks** | H2.CL/H2.TE smuggling, HPACK |\n| **SAML/SSO** | Metadata exposure, unsigned assertion, XSW probe |\n| **LDAP Injection** | Auth bypass via wildcard filters |\n| **MFA Bypass** | Post-MFA path access, OTP rate limiting |\n| **Password Reset** | Email enumeration, Host header, token entropy |\n| **CSRF Remote** | Token detection, cookie-based, SameSite |\n| **Subdomain Takeover** | Dangling CNAME to AWS/Azure/Heroku/GitHub/Netlify/Vercel |\n| **Cloud Metadata SSRF** | AWS/GCP/Azure IMDS probing |\n| **JWT Advanced** | kid/JWK/jku/none/key confusion |\n| **gRPC / OpenAPI** | Reflection enumeration, Swagger schema fuzzing |\n| **Timing Side-Channel** | Login timing differences |\n| **AI/LLM Injection** | Prompt injection, system prompt extraction |\n| **CSS Injection** | Attribute selector exfil, font-face, CSS keylogger |\n| **PostMessage** | Missing origin, BroadcastChannel, wildcard targetOrigin |\n| **ESI Injection** | Edge-Side Includes on CDNs |\n| **HTTP/3 QUIC** | 0-RTT replay, Alt-Svc detection |\n| **HPACK Bomb** | Header table overflow |\n\n<br>\n\n## Local Audit Modules (33 — White-box)\n\n| Module | What it checks |\n|---|---|\n| **Code Secrets** | 25+ secret patterns with line numbers and fix suggestions |\n| **Environment Files** | .env in .gitignore, real secrets in .env.example |\n| **Dependencies** | npm audit for CVEs, supply-chain attack package detection |\n| **Code Vulnerabilities** | SQLi template literals, XSS v-html/innerHTML, eval, ReDoS |\n| **Auth & Middleware** | Rate limiting, CORS, CSRF, session, JWT, hardcoded passwords |\n| **Headers Config** | CSP/HSTS in Nuxt, Next.js, Vercel, Netlify, Express |\n| **SSRF Detection** | User URLs in fetch/axios/request/http.get/urllib |\n| **SSTI Detection** | Jinja2, Twig, Nunjucks, Pug, EJS, Handlebars, Velocity, Freemarker, Thymeleaf |\n| **Insecure Deserialization** | pickle, yaml.load, unserialize, ObjectInputStream, Marshal, BinaryFormatter |\n| **Prototype Pollution** | Object.assign, spread, deepmerge, lodash.merge, __proto__ |\n| **JWT Vulnerabilities** | alg none, verify false, weak secrets, expiration bypass |\n| **JWT Advanced** | kid injection, JWK injection, jku SSRF, x5u, key confusion |\n| **Path Traversal / LFI** | readFile, sendFile, include/require with user input |\n| **Command Injection** | exec, spawn, child_process, system, subprocess |\n| **Weak Cryptography** | MD5, SHA1, DES, RC4, ECB, Math.random, hardcoded keys/IVs |\n| **XXE Detection** | DOMParser, lxml, simplexml, LIBXML_NOENT |\n| **Access Control / IDOR** | Direct object ref, role from user input, admin headers |\n| **OAuth / OIDC Flaws** | redirect_uri, missing state, client_secret, implicit flow |\n| **Business Logic** | Price manipulation, negative quantity, workflow skipping, referral abuse |\n| **SAML / SSO** | Signature validation, XSW, NameID injection, audience restriction |\n| **LDAP Injection** | Filter concatenation, auth bypass, TLS/SSL enforcement |\n| **CSRF Analysis** | Token entropy, predictable sources, double submit |\n| **Account Takeover** | Reset token, OTP, MFA bypass, user enumeration |\n| **Cloud Misconfig** | S3 public ACL, IAM wildcards, GCP/Azure creds, Lambda |\n| **CI/CD Pipeline** | pull_request_target, secrets, elevated permissions |\n| **Mobile Security** | API keys, debuggable, ATS, WebView, deep links |\n| **Web3 / Smart Contracts** | Reentrancy, delegatecall, tx.origin, proxy, unchecked |\n| **XPath / SSI** | XPath evaluate/select, SSI directives |\n| **Timing Side-Channels** | String compare, conditional sleep, HMAC oracle |\n| **Client-Side Template Injection** | AngularJS, Vue v-html, React dangerouslySetInnerHTML, Svelte |\n| **Service Worker / WebRTC** | importScripts, fetch listener, cache poisoning, IP leak |\n| **Padding / Compression Oracle** | CBC decrypt errors, CRIME/BREACH, OAEP |\n| **AI/LLM Injection** | System prompt, tool-use, RAG indirect injection |\n| **CSS Injection** | Attribute selector, font-face unicode-range, CSS keylogger |\n| **PostMessage** | Missing origin, BroadcastChannel, wildcard targetOrigin |\n| **Electron / React Native** | contextIsolation, nodeIntegration, shell.openExternal, IPC |\n| **WebAuthn / Passkeys** | Weak challenge, relay attack surface, empty allowCredentials |\n| **Supply Chain** | Dependency confusion, lockfile integrity, postinstall, curl\\|bash |\n| **Client-Side Proto Pollution** | Gadget chains, jQuery $.extend, Angular merge, DOM sources |\n\n<br>\n\n## Validation Engine (v2.0+)\n\nAfter scanning, RedGun automatically validates every finding to eliminate false positives:\n\n| Vuln | Validation Method |\n|---|---|\n| **SQLi** | UNION SELECT probe with DB error detection |\n| **XSS** | Payload reflection check with HTML encoding detection |\n| **SSRF** | Metadata endpoint timing analysis |\n| **JWT** | Forged alg=none token authentication test |\n| **LFI** | /etc/passwd retrieval verification |\n| **Open Redirect** | Follow redirect chain to external URL |\n| **CORS** | Cross-origin request with credential leak check |\n| **NoSQLi** | $ne operator auth bypass confirmation |\n| **Command Injection** | sleep-based timing confirmation |\n\nEach finding gets: confidence score (0-100%), exploitability badge (CONFIRMED/REJECTED/INCONCLUSIVE), and validation note. Findings below 30% confidence are auto-eliminated.\n\n<br>\n\n## Attack Chain Engine (v2.2+)\n\nAutomatically chains validated vulnerabilities into complex exploit paths:\n\n| Chain | Impact |\n|---|---|\n| Open Redirect → OAuth Theft → ATO | CRITICAL |\n| XSS → Cookie Steal → Session Hijacking | CRITICAL |\n| SSRF → Cloud Metadata → Credential Dump | CRITICAL |\n| JWT kid → Path Traversal → Key Forge | CRITICAL |\n| SQLi → Password Dump → Credential Stuffing | CRITICAL |\n| NoSQLi → Auth Bypass → IDOR → Mass Extraction | CRITICAL |\n| CORS → CSRF → Privilege Escalation | HIGH |\n| Subdomain Takeover → Cookie Scope → Session Fixation | HIGH |\n\nEach chain includes step-by-step exploitation instructions and confidence scoring.\n\n<br>\n\n## GitHub Action\n\n```yaml\nname: Security\non:\n  push:\n    branches: [main]\n  pull_request:\n\npermissions:\n  contents: write\n  pull-requests: write\n  security-events: write\n\njobs:\n  redgun:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: aloc999/redgun@v3\n```\n\n<br>\n\n## Scoring\n\n| Severity | Score impact | Meaning |\n|---|---|---|\n| **Critical** | -15 | Exploitable, immediate action |\n| **High** | -8 | Serious risk, fix soon |\n| **Medium** | -3 | Moderate risk |\n| **Low** | -1 | Minor risk |\n| **Info** | 0 | Informational |\n\n<br>\n\n## Configuration\n\n```bash\nredgun scan                              # Interactive scan\nredgun scan https://target.com           # Direct URL\nredgun scan --proxy http://127.0.0.1:8080  # Burp/Zap proxy\nredgun scan --auth myprofile             # Authenticated scan\nredgun scan --scope targets.txt          # Multi-target\nredgun scan --fuzz                       # Wordlist fuzzing\nredgun scan --burp                       # Burp XML export\nredgun scan --resume                     # Resume last scan\nredgun scan --modules browser,headers    # Specific modules\nredgun audit .                           # Local audit\nredgun audit . --ci --min-score 80       # CI mode\nredgun diff scan1.json scan2.json        # Diff mode\nredgun auth add --name prod --method bearer --token eyJ...   # Save profile\nredgun auth list                         # List profiles\nredgun history                           # View reports\nredgun modules                           # List modules\n```\n\n<br>\n\n## Project Structure\n\n```\nredgun/\n├── bin/\n│   └── redgun.js                       # CLI entry point\n├── src/\n│   ├── core/\n│   │   ├── findings.js                 # Findings store + validation fields\n│   │   ├── score.js                    # A-F score calculator\n│   │   ├── validator.js                # Validation engine (18 vuln types)\n│   │   ├── chains.js                   # Attack chain builder (10 chains)\n│   │   ├── session.js                  # Auth session management + profiles\n│   │   ├── proxy.js                    # Burp/Zap proxy routing\n│   │   ├── waf-bypass.js               # Payload encoding/evasion\n│   │   ├── concurrent.js              # Parallel execution (5 workers)\n│   │   ├── advanced-features.js       # Fuzzer, diff, resume, Burp export\n│   │   └── reporter/\n│   │       ├── console.js              # Terminal output with validation badges\n│   │       ├── json.js                 # JSON + SARIF export\n│   │       └── html.js                 # HTML report with confidence bars\n│   ├── local/                          # White-box modules (33)\n│   │   ├── index.js                    # Module orchestrator\n│   │   ├── secrets.js, env.js, dependencies.js, auth.js\n│   │   ├── code-vulnerabilities.js, headers-config.js\n│   │   ├── ssrf.js, ssti.js, deserialization.js, prototype-pollution.js\n│   │   ├── jwt.js, jwt-advanced.js\n│   │   ├── path-traversal.js, command-injection.js, crypto.js\n│   │   ├── xxe.js, access-control.js, oauth.js, business-logic.js\n│   │   ├── saml.js, ldap.js, csrf.js, ato.js\n│   │   ├── cloud.js, cicd.js, mobile.js, web3.js\n│   │   ├── xpath-ssi.js, timing.js, csti.js\n│   │   ├── service-worker.js, padding-oracle.js\n│   │   ├── llm-ai.js, css-injection.js, postmessage.js\n│   │   ├── electron.js, webauthn.js\n│   │   ├── supply-chain-advanced.js, client-proto.js\n│   └── remote/                         # Black-box enhanced modules\n│       ├── browser.js                  # Puppeteer: DOM XSS, network, WS, storage\n│       ├── crawler.js                  # Katana-style JS crawler\n│       ├── probe.js                    # httpx-style fingerprinting\n│       ├── portswigger.js              # XXE, OAuth, ACL, WCD, HPP, upload, DOM, H2\n│       ├── advanced.js                 # SAML, LDAP, MFA, WS replay, pw reset, CSRF, takeover, cloud\n│       ├── complete.js                 # SSRF bypass, JWT adv, gRPC, OpenAPI, WebRTC, XSS auto, SSI, XPath, timing\n│       ├── modern.js                   # AI/LLM, CSS, PostMessage, ESI, HTTP/3, HPACK, SMTP\n│   └── utils/\n│       ├── fetch.js                    # HTTP with rate limiter, proxy, auth session\n│       └── patterns.js                 # 25+ secret patterns, XSS/SQLi/SSRF/SSTI regex\n├── scan.js                             # Remote scan engine (51 modules)\n├── action.yml                          # GitHub Action definition\n├── .github/workflows/security.yml\n└── package.json\n```\n\n<br>\n\n## License\n\nMIT. See [LICENSE](LICENSE). Built by [@aloc999 (Hashemi)](https://github.com/aloc999).\n\nThis tool is for authorized security testing only. You are responsible for how you use it.\n","readmeFilename":"README.md"}