broken-access-control
Pipeline-based offensive security scanner: recon and web vuln testing (XSS/SQLi/IDOR/BAC), every finding double-confirmed. Python, no core deps.