Merge pull request #199 from cerberauth/update-doc

Prepare to move to nextra 3 remote files

docs/vulnerabilities/broken-authentication/jwt-alg-none.md → docs/vulnerabilities/broken-authentication/jwt-alg-none.mdx

@@ -77,6 +77,16 @@ Invalid JWT has this header with algorithm set to none.
 }
 ```
 
+## How to test?
+
+If you want to test only the "JWT Alg None" vulnerability, you can use the following command:
+
+```bash
+vulnapi scan <curl|openapi|graphql> --scans jwt.alg_none [url]
+```
+
+VulnAPI supports scanning against various types of other JWT vulnerabilities as well.
+
 ## What is the impact?
 
 The potential security impacts of the JWT "alg none" vulnerability are significant and can include:
@@ -89,10 +99,6 @@ The potential security impacts of the JWT "alg none" vulnerability are significa
 - **Denial of Service (DDoS)**: In some cases, attackers may exploit the vulnerability to craft JWTs with payloads that cause unexpected behavior or errors within the application, potentially leading to service disruptions or system crashes.
 - **Bypassing Security Controls**: In systems where JWTs are used for access control (authorization) or authentication, the "alg none" vulnerability can bypass security controls altogether, rendering any security mechanisms relying on JWTs ineffective.
 
-## How to test?
-
-TODO: VulnAPI Command
-
 ## How to remediate?
 
 Remediating the JWT "alg none" vulnerability is to ensure that the JWT library or implementation being used is not vulnerable to this issue and is correctly configured.

docs/vulnerabilities/broken-authentication/jwt-blank-secret.md → docs/vulnerabilities/broken-authentication/jwt-blank-secret.mdx

@@ -68,15 +68,21 @@ The following JWT is signed with an empty secret:
 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTYyNDI2MjIsImlhdCI6MTUxNjIzOTAyMiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiMmNiMzA3YmEtYmI0Ni00MTk0LTg1NGYtNDc3NDA0NmQ5YzliIn0.SCC35SSgMSMr0kV1i_TuPAhiSGtsC1cFGCfvaus5GyU
 ```
 
-# What is the impact?
+## How to test?
 
-Signing a JWT with a blank secret has a significant impact on the security of the token. A blank secret means that there is no secret key used to sign the token, making it vulnerable to tampering and unauthorized access.
+If you want to test only the "JWT Blank Secret" vulnerability, you can use the following command:
 
-By signing a JWT with a blank secret, anyone with access to the token can modify its contents without detection. This can lead to various security risks, such as impersonation, data tampering, and unauthorized access to protected resources.
+```bash
+vulnapi scan <curl|openapi|graphql> --scans jwt.blank_secret [url]
+```
 
-## How to test?
+VulnAPI supports scanning against various types of other JWT vulnerabilities as well.
 
-TODO: VulnAPI Command
+## What is the impact?
+
+Signing a JWT with a blank secret has a significant impact on the security of the token. A blank secret means that there is no secret key used to sign the token, making it vulnerable to tampering and unauthorized access.
+
+By signing a JWT with a blank secret, anyone with access to the token can modify its contents without detection. This can lead to various security risks, such as impersonation, data tampering, and unauthorized access to protected resources.
 
 ## How to remediate?
 

docs/vulnerabilities/broken-authentication/jwt-null-signature.md → docs/vulnerabilities/broken-authentication/jwt-null-signature.mdx

@@ -41,7 +41,13 @@ TODO: write an example
 
 ## How to test?
 
-TODO: VulnAPI Command
+If you want to test only the "JWT Null Signature" vulnerability, you can use the following command:
+
+```bash
+vulnapi scan <curl|openapi|graphql> --scans jwt.null_signature [url]
+```
+
+VulnAPI supports scanning against various types of other JWT vulnerabilities as well.
 
 ## What is the impact?
 

docs/vulnerabilities/broken-authentication/jwt-weak-secret.md → docs/vulnerabilities/broken-authentication/jwt-weak-secret.mdx

@@ -76,13 +76,19 @@ The following JWT is signed with `secret` secret:
 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MTYyNDI2MjIsImlhdCI6MTUxNjIzOTAyMiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiMmNiMzA3YmEtYmI0Ni00MTk0LTg1NGYtNDc3NDA0NmQ5YzliIn0.gTgBr6lotpAxs4M46PgUXrjhIN5-gYG4HffKSEIB6Ys
 ```
 
-# What is the impact?
+## How to test?
 
-The impact of using a weak secret key to sign a JWT is significant. Attackers can easily find the secret key and modify the token's claims and content without detection. This can lead to unauthorized access, data tampering, and other security risks.
+If you want to test only the "JWT Null Signature" vulnerability, you can use the following command:
 
-## How to test?
+```bash
+vulnapi scan <curl|openapi|graphql> --scans jwt.weak_secret [url]
+```
 
-TODO: VulnAPI Command
+VulnAPI supports scanning against various types of other JWT vulnerabilities as well.
+
+## What is the impact?
+
+The impact of using a weak secret key to sign a JWT is significant. Attackers can easily find the secret key and modify the token's claims and content without detection. This can lead to unauthorized access, data tampering, and other security risks.
 
 ## How to remediate?
 

docs/vulnerabilities/security-misconfiguration/graphql-introspection.md

@@ -41,7 +41,11 @@ The potential security impacts of GraphQL introspection are significant and can
 
 ## How to test?
 
-TODO: add VulnAPI command
+If you want to test only the "GraphQL Introspection Enabled" vulnerability, you can use the following command:
+
+```bash
+vulnapi scan graphql --scans graphql.introspection_enabled [url]
+```
 
 ## How to remediate?