[{"_id":{"$oid":"6a2dc559ae36b72c92a108af"},"description":"URIs with authentication information specified as username:password@example.org (188 matches)","finding_type":"2_general_uris_auth_info_wide","parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","category":"Security Pattern","details":"Module: 2_general_uris_auth_info_wide, Count: 188, Desc: URIs with authentication information specified as username:password@example.org","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":188,"pattern_priority":2,"severity":"High","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b0"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Extract URLs. (5 matches)","finding_type":"2_general_urls","category":"Security Pattern","details":"Module: 2_general_urls, Count: 5, Desc: Extract URLs.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":2,"severity":"High","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b1"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"RFC 4627 includes a parser regex example http://www.ietf.org/rfc/rfc4627.txt and it is insecure as explained in the 'the tangled web' book, as it allows incrementing and decrementing of certain variables. (2 matches)","finding_type":"2_js_insecure_JSON_parser","category":"Security Pattern","details":"Module: 2_js_insecure_JSON_parser, Count: 2, Desc: RFC 4627 includes a parser regex example http://www.ietf.org/rfc/rfc4627.txt and it is insecure as explained in the 'the tangled web' book, as it allows incrementing and decrementing of certain variables.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":2,"pattern_priority":2,"severity":"High","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b2"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Binary File Analysis","description":"7.692242 bits per byte.","finding_type":"Entropy Value","category":"Entropy Analysis","details":"7.692242 bits per byte.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/p02_firmware_bin_file_check.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":null,"pattern_priority":null,"severity":"Info","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b3"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Binary File Analysis","description":"-rwxrwxrwx 1 linuxbrew linuxbrew 3.7M May 29 00:45 /firmware","finding_type":"File Information","category":"File Details","details":"-rwxrwxrwx 1 linuxbrew linuxbrew 3.7M May 29 00:45 /firmware","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/p02_firmware_bin_file_check.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":null,"pattern_priority":null,"severity":"Info","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b4"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Binary File Analysis","description":"/firmware: Android package (APK), with AndroidManifest.xml, with APK Signing Block","finding_type":"File Information","category":"File Details","details":"/firmware: Android package (APK), with AndroidManifest.xml, with APK Signing Block","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/p02_firmware_bin_file_check.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":null,"pattern_priority":null,"severity":"Info","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b5"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Binary File Analysis","description":"00000000  50 4b 03 04 00 00 00 00  08 00 00 00 00 00 23 01  |PK............#.|","finding_type":"File Information","category":"File Details","details":"00000000  50 4b 03 04 00 00 00 00  08 00 00 00 00 00 23 01  |PK............#.|","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/p02_firmware_bin_file_check.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":null,"pattern_priority":null,"severity":"Info","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b6"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Binary File Analysis","description":"SHA512: b8b0e4a1566f4be8606cea87fcd0525e0b7751e16d804eb37f8fd9499abb361a56b020ffd05412dd41aacbd4965c9b3ced0508c36b3145d3656c1be4aa95b070","finding_type":"SHA512 Checksum","category":"File Integrity","details":"b8b0e4a1566f4be8606cea87fcd0525e0b7751e16d804eb37f8fd9499abb361a56b020ffd05412dd41aacbd4965c9b3ced0508c36b3145d3656c1be4aa95b070","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/p02_firmware_bin_file_check.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":null,"pattern_priority":null,"severity":"Info","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b7"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Generic Parser","description":"[*] 1 files and 1 directories detected.","finding_type":"Detection","category":"Security Finding","details":"[*] 1 files and 1 directories detected.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s05_firmware_details.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":null,"pattern_priority":null,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b8"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Authentication (11 matches)","finding_type":"5_cryptocred_authentication","category":"Security Pattern","details":"Module: 5_cryptocred_authentication, Count: 11, Desc: Authentication","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":11,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108b9"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Credentials. Included everything 'creden' because some programers write credencials instead of credentials and such things. (25 matches)","finding_type":"5_cryptocred_credentials_wide","category":"Security Pattern","details":"Module: 5_cryptocred_credentials_wide, Count: 25, Desc: Credentials. Included everything 'creden' because some programers write credencials instead of credentials and such things.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":25,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108ba"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Passcode and variants of it (45 matches)","finding_type":"5_cryptocred_passcode_wide","category":"Security Pattern","details":"Module: 5_cryptocred_passcode_wide, Count: 45, Desc: Passcode and variants of it","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":45,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108bb"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Secret and variants of it (7 matches)","finding_type":"5_cryptocred_secret_wide","category":"Security Pattern","details":"Module: 5_cryptocred_secret_wide, Count: 7, Desc: Secret and variants of it","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":7,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108bc"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Base64 encoded data (that is more than 6 bytes long). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign... (11 matches)","finding_type":"5_general_base64_content","category":"Security Pattern","details":"Module: 5_general_base64_content, Count: 11, Desc: Base64 encoded data (that is more than 6 bytes long). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign...","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":11,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108bd"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Base64 URL-safe encoded data (that is more than 6 bytes long). To get from URL-safe base64 to regular base64 you need .replace('-','+').replace('_','/'). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign... (11 matches)","finding_type":"5_general_base64_urlsafe","category":"Security Pattern","details":"Module: 5_general_base64_urlsafe, Count: 11, Desc: Base64 URL-safe encoded data (that is more than 6 bytes long). To get from URL-safe base64 to regular base64 you need .replace('-','+').replace('_','/'). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign...","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":11,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108be"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"BUG, unfinished, buggy and insecure things? (5 matches)","finding_type":"5_general_bug_uppercase","category":"Security Pattern","details":"Module: 5_general_bug_uppercase, Count: 5, Desc: BUG, unfinished, buggy and insecure things?","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108bf"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Exec mostly means executing on OS. (17 matches)","finding_type":"5_general_exec_wide","category":"Security Pattern","details":"Module: 5_general_exec_wide, Count: 17, Desc: Exec mostly means executing on OS.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":17,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c0"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"All HTTP URIs (23 matches)","finding_type":"5_general_http_urls","category":"Security Pattern","details":"Module: 5_general_http_urls, Count: 23, Desc: All HTTP URIs","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":23,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c1"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"All HTTPS URIs (5 matches)","finding_type":"5_general_https_urls","category":"Security Pattern","details":"Module: 5_general_https_urls, Count: 5, Desc: All HTTPS URIs","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c2"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Relative paths. May allow an attacker to put something early in the search path (if parts are user supplied input) and overwrite behavior (348 matches)","finding_type":"5_general_relative_paths","category":"Security Pattern","details":"Module: 5_general_relative_paths, Count: 348, Desc: Relative paths. May allow an attacker to put something early in the search path (if parts are user supplied input) and overwrite behavior","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":348,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c3"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Timeout. Whatever timeout this might be, that might be interesting. (5 matches)","finding_type":"5_general_session_timeout","category":"Security Pattern","details":"Module: 5_general_session_timeout, Count: 5, Desc: Timeout. Whatever timeout this might be, that might be interesting.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c4"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"SQL cursor? (41 matches)","finding_type":"5_general_sql_cursor","category":"Security Pattern","details":"Module: 5_general_sql_cursor, Count: 41, Desc: SQL cursor?","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":41,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c5"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"TODOs, unfinished and insecure things? (5 matches)","finding_type":"5_general_todo_capital_and_lower","category":"Security Pattern","details":"Module: 5_general_todo_capital_and_lower, Count: 5, Desc: TODOs, unfinished and insecure things?","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c6"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"XXX, unfinished, buggy and insecure things? (59 matches)","finding_type":"5_general_xxx_uppercase","category":"Security Pattern","details":"Module: 5_general_xxx_uppercase, Count: 59, Desc: XXX, unfinished, buggy and insecure things?","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":59,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c7"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Drug (5 matches)","finding_type":"5_malware_drug","category":"Security Pattern","details":"Module: 5_malware_drug, Count: 5, Desc: Drug","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":5,"severity":"Low","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c8"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"The example is '/*RLO | LRIif (isAdmin)PDI LRI begin admins only */', where RLO = 'U+202E, Right-to-Left Override, Force treating following text as right-to-left', LRI = 'U+2066, Left-to-Right Isolate, Force treating following text as left-to-right without affecting adjacent text' and PDI ='U+2069, Pop Directional Isolate, Terminate nearest LRI or RLI'. See https://trojansource.codes/trojan-source.pdf and https://github.com/nickboucher/trojan-source/blob/main/RegEx/pcre2.regex (1 matches)","finding_type":"3_backdoor_trojan_source_regex","category":"Security Pattern","details":"Module: 3_backdoor_trojan_source_regex, Count: 1, Desc: The example is '/*RLO | LRIif (isAdmin)PDI LRI begin admins only */', where RLO = 'U+202E, Right-to-Left Override, Force treating following text as right-to-left', LRI = 'U+2066, Left-to-Right Isolate, Force treating following text as left-to-right without affecting adjacent text' and PDI ='U+2069, Pop Directional Isolate, Terminate nearest LRI or RLI'. See https://trojansource.codes/trojan-source.pdf and https://github.com/nickboucher/trojan-source/blob/main/RegEx/pcre2.regex","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":1,"pattern_priority":3,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108c9"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"The example is '/ZWSP*', where ZWSP='U+200B, Zero Width Space', it's an invisible character so you won't see it below, because in code it might be invisible but between // or /* it might deactivate a comment (15 matches)","finding_type":"3_backdoor_zwsp","category":"Security Pattern","details":"Module: 3_backdoor_zwsp, Count: 15, Desc: The example is '/ZWSP*', where ZWSP='U+200B, Zero Width Space', it's an invisible character so you won't see it below, because in code it might be invisible but between // or /* it might deactivate a comment","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":15,"pattern_priority":3,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108ca"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"MySQL old style hash (5 matches)","finding_type":"3_cryptocred_mysql_old_hashes","category":"Security Pattern","details":"Module: 3_cryptocred_mysql_old_hashes, Count: 5, Desc: MySQL old style hash","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":3,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108cb"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Server-Side Template Injection (SSTI) is a possibility at many places https://portswigger.net/web-security/server-side-template-injection (5 matches)","finding_type":"3_general_ssti_double_narrow","category":"Security Pattern","details":"Module: 3_general_ssti_double_narrow, Count: 5, Desc: Server-Side Template Injection (SSTI) is a possibility at many places https://portswigger.net/web-security/server-side-template-injection","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":3,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108cc"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Password and variants of it (79 matches)","finding_type":"4_cryptocred_password","category":"Security Pattern","details":"Module: 4_cryptocred_password, Count: 79, Desc: Password and variants of it","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":79,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108cd"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"unchecked allows to disable exceptions for integer overflows, see https://sonarqube.com/coding_rules#types=VULNERABILITY|languages=cs (74 matches)","finding_type":"4_dotnet_unchecked","category":"Security Pattern","details":"Module: 4_dotnet_unchecked, Count: 74, Desc: unchecked allows to disable exceptions for integer overflows, see https://sonarqube.com/coding_rules#types=VULNERABILITY|languages=cs","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":74,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108ce"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Base64 encoded data (that is more than 6 bytes long and starts with something else). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign... (205 matches)","finding_type":"4_general_base64_content_start_no_alphabet","category":"Security Pattern","details":"Module: 4_general_base64_content_start_no_alphabet, Count: 205, Desc: Base64 encoded data (that is more than 6 bytes long and starts with something else). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign...","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":205,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108cf"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Base64 URL-safe encoded data (that is more than 6 bytes long and starts with something else). To get from URL-safe base64 to regular base64 you need .replace('-','+').replace('_','/'). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign... (228 matches)","finding_type":"4_general_base64_urlsafe_no_alphabet","category":"Security Pattern","details":"Module: 4_general_base64_urlsafe_no_alphabet, Count: 228, Desc: Base64 URL-safe encoded data (that is more than 6 bytes long and starts with something else). To get from URL-safe base64 to regular base64 you need .replace('-','+').replace('_','/'). This regex won't detect a base64 encoded value over several lines and won't detect one that does not end with an equal sign...","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":228,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108d0"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"XSS. Sometimes refered in comments or variable names for code that should prevent it. If you find something interesting that is used for prevention in a framework, you might want to add another grep for that in this script. (5 matches)","finding_type":"4_general_xss_lowercase","category":"Security Pattern","details":"Module: 4_general_xss_lowercase, Count: 5, Desc: XSS. Sometimes refered in comments or variable names for code that should prevent it. If you find something interesting that is used for prevention in a framework, you might want to add another grep for that in this script.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108d1"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"XSS. Sometimes refered in comments or variable names for code that should prevent it. If you find something interesting that is used for prevention in a framework, you might want to add another grep for that in this script. (11 matches)","finding_type":"4_general_xss_uppercase","category":"Security Pattern","details":"Module: 4_general_xss_uppercase, Count: 11, Desc: XSS. Sometimes refered in comments or variable names for code that should prevent it. If you find something interesting that is used for prevention in a framework, you might want to add another grep for that in this script.","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":11,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"},{"_id":{"$oid":"6a2dc559ae36b72c92a108d2"},"parent_id":"a71bd9b370cf238b6bc6c38c07e703d707bb9724e69f660ec8e748f4af3cab24","module":"Grepit Scanner","description":"Firebaseio.com links. Depending on how the firebaseio.com database was secured, it might be accessible by opening https://example.firebaseio.com/.json or similar, see https://medium.com/@fs0c131y/how-i-found-the-database-of-the-donald-daters-app-af88b06e39ad (5 matches)","finding_type":"4_mobile_firebaseio_com","category":"Security Pattern","details":"Module: 4_mobile_firebaseio_com, Count: 5, Desc: Firebaseio.com links. Depending on how the firebaseio.com database was secured, it might be accessible by opening https://example.firebaseio.com/.json or similar, see https://medium.com/@fs0c131y/how-i-found-the-database-of-the-donald-daters-app-af88b06e39ad","file_path":"/home/apogean/projects/vapt/android_vapt/log/html-report/s99_grepit.html","firmware_sha256":"76c308fac6a655a3534771777780e004feb1d91be032857768c891b2baf40ba6","match_count":5,"pattern_priority":4,"severity":"Medium","timestamp":"2026-06-14T02:32:17.208751"}]