Skip to content

🛡️ Bright Security Scan#9

Open
bararchy wants to merge 1 commit into
masterfrom
bright-scan-1780830055808
Open

🛡️ Bright Security Scan#9
bararchy wants to merge 1 commit into
masterfrom
bright-scan-1780830055808

Conversation

@bararchy

@bararchy bararchy commented Jun 7, 2026

Copy link
Copy Markdown
Member

🛡️ Bright Security Scan

Scan target: repository root at http://localhost:9000

Detecting tech stack and starting the application

  • Application running at http://localhost:9000 (repository root)
    Setting up Bright security scanner and Repeater
  • Repeater connected
    Completing first-time application setup
  • Setup completed: Initialized Sentry with a generated SENTRY_SECRET_KEY, ran database upgrade, and created the admin user in the database as a superuser/staff account.
    Preparing application for security scanning
  • Scan-prep reported success after only 0/5 required rapid POST verification request(s)
    Detecting authentication requirements
  • Auth configured
    Analyzing source code for endpoints and parameters
  • 919 endpoints (static analysis)
    Registering API endpoints for scanning
  • 913 live entrypoints after pruning 404s
    Selecting relevant security tests per endpoint
  • Created 10 scan group(s) with per-endpoint test selection
    🔄 Running scans — round 1
  • Group 1: 59 endpoints · tests: common_files, csrf, cve_test, directory_listing, full_path_disclosure, http_method_fuzzing, open_cloud_storage, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe, bopla, css_injection, email_injection, html_injection, iframe_injection, insecure_output_handling, lfi, osi, prompt_injection, rfi, ssrf, stored_xss, unvalidated_redirect, xss, excessive_data_exposure, id_enumeration, file_upload, brute_force_login, jwt, business_constraint_bypass, date_manipulation
  • Group 2: 70 endpoints · tests: bopla, csrf, css_injection, cve_test, email_injection, excessive_data_exposure, full_path_disclosure, html_injection, http_method_fuzzing, id_enumeration, iframe_injection, improper_asset_management, lfi, open_cloud_storage, osi, prompt_injection, proto_pollution, retire_js, rfi, secret_tokens, server_side_js_injection, sqli, ssrf, ssti, stored_xss, unvalidated_redirect, version_control_systems, xpathi, xss, xxe, common_files, directory_listing, brute_force_login, jwt, file_upload, insecure_output_handling
  • Group 3: 83 endpoints · tests: bopla, csrf, cve_test, full_path_disclosure, http_method_fuzzing, insecure_output_handling, open_cloud_storage, prompt_injection, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe, css_injection, email_injection, excessive_data_exposure, file_upload, html_injection, id_enumeration, iframe_injection, lfi, osi, rfi, ssrf, stored_xss, unvalidated_redirect, xss, brute_force_login, jwt
  • Group 4: 93 endpoints · tests: bopla, csrf, css_injection, cve_test, email_injection, full_path_disclosure, html_injection, http_method_fuzzing, iframe_injection, lfi, open_cloud_storage, osi, prompt_injection, proto_pollution, retire_js, rfi, secret_tokens, server_side_js_injection, sqli, ssrf, ssti, stored_xss, unvalidated_redirect, version_control_systems, xpathi, xss, xxe
  • Group 5: 95 endpoints · tests: bopla, csrf, css_injection, cve_test, email_injection, excessive_data_exposure, full_path_disclosure, html_injection, http_method_fuzzing, id_enumeration, iframe_injection, lfi, open_cloud_storage, osi, prompt_injection, proto_pollution, retire_js, rfi, secret_tokens, server_side_js_injection, sqli, ssrf, ssti, stored_xss, unvalidated_redirect, version_control_systems, xpathi, xss, xxe, brute_force_login, jwt, improper_asset_management
  • Group 6: 100 endpoints · tests: bopla, csrf, cve_test, full_path_disclosure, http_method_fuzzing, open_cloud_storage, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe
  • Group 7: 100 endpoints · tests: csrf, cve_test, full_path_disclosure, http_method_fuzzing, open_cloud_storage, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe
  • Group 8: 100 endpoints · tests: bopla, csrf, cve_test, excessive_data_exposure, full_path_disclosure, http_method_fuzzing, id_enumeration, open_cloud_storage, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe
  • Group 9: 100 endpoints · tests: bopla, csrf, cve_test, excessive_data_exposure, full_path_disclosure, http_method_fuzzing, id_enumeration, open_cloud_storage, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe
  • Group 10: 113 endpoints · tests: bopla, csrf, cve_test, full_path_disclosure, http_method_fuzzing, open_cloud_storage, proto_pollution, retire_js, secret_tokens, server_side_js_injection, sqli, ssti, version_control_systems, xpathi, xxe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant