Currently there's possiblity to make "one-liner scan" of system using curl (https://vuls.io/docs/en/usage-server.html). Issue is, that received JSON can't be displayed nicely with application, because application always want's to get the data from vulnerability DB (even there's everything needed in the JSON returned by vul

This should scan javascript files and javascript in HTML for dangerous JS functions.
See danielmiessler/SecLists#367 which already links to a PR for Angular ones.
Ideally the rule should include the relevant framework in the alert description.
I plan to look at this soonish, but if anyone else fancies a go at a relatively simple passive scan rule then just get in touch

I'm using OpenNTPD instead of the default ntp on my FreeBSD server - when lynis analyses the ntp settings it tries to query information with ntpq which is (to my knowledge) is not possible with OpenNTPD.

Lynis will slow down as ntpq takes a while fail.

OS: FreeBSD 10.4
Lynis: 2.6.1 (768446e4)

[ Lynis 2.6.1 ]

####################################################################

Would be good to add a check for the wpeprivate/config.json file that apparently contains sensitive information.

I've yet to find an example of what one looks like.

References:

https://twitter.com/bugbountynights/status/1198392055044755456?s=19

https://www.acunetix.com/vulnerabilities/web/wpengine-_wpeprivate-config-json-information-disclosure/

At certain sizes just before the layout changes from horizontal to vertical, items in the configuration page wrap poorly:

This is probably most easily fixed by adjusting the media queries being used to snap to the vertical layout slightly sooner.

Describe the bug
The doc for B324 hashlib_new is not included as part of:
https://bandit.readthedocs.io/en/latest/plugins/index.html

This may be because 3xx is for blacklist, yet this is a plugin.

To Reproduce
Steps to reproduce the behavior:

1. Go tohttps://bandit.readthedocs.io/en/latest/plugins/index.html
2. Notice B324 is missing in the list of plugins

Note, it is not lis

System and Python Environment

Description

[Description of the bug or feature]

Steps to Reproduce

    if 'tag' in (self.repo_branch).lower():
        cmd='git clone ' + clone_address + ' "' + self.repo_directory+ '" '+'; cd '+self.repo_directory+'; git che

now that we're getting a few more contributers, standardize on ubuntu / osx as the dev os, and include more instructions here: https://github.com/intrigueio/intrigue-core/wiki/Setting-up-a-Test-Environment-on-Ubuntu-Linux

It would be good if Kube Score could be ran against resources that are already deployed on the cluster. This could be as simple as exporting the resource into local yaml an executing kube score against it, but this would open the door for kube score being ran regularly against an existing cluster.

There should be a first class command to check the api status of a given key, like the current credits. This could be done with a regular script that takes a keypair as input.

To successfully install Yasuo on the latest version of Kali, the bundle commands mentioned in the README.md file were unsuccessful. Instead the following commands did install it correctly:

sudo apt-get install zlib1g-dev libsqlite3-dev
bundle install --path vendor --gemfile ./Gemfile

To run Yasuo:
bundler exec "./yasuo.rb --help"