Client-Side Attacks

Test Name	API ID	Description	Detectable Vulnerabilities
AWS S3 Takeover	`amazon_s3_takeover`	Tests for S3 buckets that no longer exist to prevent data breaches and malware distribution	Amazon AWS S3 bucket takeover
Brute Force Login	`brute_force_login`	Tests for the availability of commonly used credentials	Brute Force Login
Cookie Security	`cookie_security`	Tests if the application uses and implements cookies with secure attributes	Missing 'httponly' Flag in Cookie Missing 'secure' Flag in Cookie Predictable Cookie Value
Cross-Site Scripting (XSS)	`xss`	Tests if various application DOM parameters are vulnerable to JavaScript injections	Cross-Site Scripting (rXSS)
CSS Injection	`css_injection`	Tests for weaknesses that could allow hackers to inject malicious Cascading Style Sheets (CSS) code.	CSS Injection
Default Login Location	`default_login_location`	Tests if login form location in the target application is easy to guess and accessible	Default Login Location
HTML Injection	`html_injection`	Tests if various application parameters are vulnerable to HTML injection	HTML Injection
iFrame Injection	`iframe_injection`	Tests for frame injection attacks evaluate the embedding of deceptive elements on legitimate websites, tricking users into unintended interactions that lead to unauthorized actions, data theft, or malicious activities.	iFrame Injection
JavaScript Vulnerabilities Scanning	`retire_js`	Tests for known JavaScript component vulnerabilities	JavaScript Component with Known Vulnerabilities
Open Cloud Storage	`open_cloud_storage`	Contains Open Buckets, Azure Blob Storage, and Amazon S3 Bucket Takeover tests	Open Cloud Storage
Prototype Pollution	`proto_pollution`	Tests if it is possible to inject properties into existing JavaScript objects	Prototype Pollution
Secret Tokens	`secret_tokens`	Tests for exposure of secret API tokens or keys in the target application	Secret Tokens Leak
Stored Cross-Site Scripting (Stored XSS)	`stored_xss`	Tests if various application DOM parameters are vulnerable to JavaScript injections	Stored Cross-site scripting (pXSS)
Unvalidated Redirect	`unvalidated_redirect`	Tests if various application parameters are vulnerable to the injection of a malicious link that can redirect a user without validation	Unvalidated Redirect
Version Control System	`version_control_systems`	Tests if it is possible to access Version Control System (VCS) resources	Version Control System Exposure