Roadmap

N0CK is evolving. Here's what's shipped, what's in progress, and what's on the horizon.

Status Legend

Shipped

In Progress

Planned

Future

Now (v0.x)

Core scanning engine

v0.1.0

Scope enforcement, rate limiting, basic vulnerability detection

Shipped

GraphQL introspection

v0.2.0

Schema discovery and mutation analysis

Shipped

Authentication flows

v0.3.0

Multi-step auth, session management, token refresh handling

In Progress

Advanced validators

v0.3.0

SSRF OAST detection, blind SQLi timing, DOM-based XSS

In Progress

Next (v0.4-0.5)

WebSocket scanning

Real-time protocol testing with message fuzzing

Planned

API contract diffing

Compare OpenAPI specs, detect undocumented endpoints

Planned

Custom payload library

User-defined test cases with templating

Planned

Collaborative scanning

Multi-operator support with shared findings

Planned

Future (v1.0+)

Smart fuzzing with LLMs

Context-aware payload generation based on endpoint behavior

Future

Continuous monitoring mode

Scheduled scans with diff alerts and regression detection

Future

Cloud integrations

Native AWS/GCP/Azure security posture checks

Future

Plugin system

Custom modules for proprietary tech stacks

Future

Team features

Role-based access, audit logs, centralized reporting

Future

Timelines are estimates and subject to change. Features may be added, removed, or reprioritized based on feedback and real-world usage.