It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts:

• Expired or soon to expire passwords (passwd -e)
• Locked accounts (passwd -S )
• Expired accounts (chage -E / chage -l )

(This old idea popped up to my mind while discussing #219.)

To be both consistent and more intuitive, etc/plugins.txt should be rename etc/plugins.ini.

*.ini or *.conf carry a meaning, whereas *.txt is not. Since the base of cve-search uses *.ini , let's stick to that. Python configparser documentation also refer to "INI fi

Merge /Testing_for_Vertical_Bypassing_Authorization_Schema_WSTG-AUTHZ-00X.md into 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md

show how many commands ran
show pretty pictures on how many hosts/ports/paths are in the db
show the actual db output for ports/paths/hosts/etc

Extracting installed npms should be relatively simple, and then they can be checked for vulnerabilities.
package.json is the obvious starting point,

npm list -g --depth=0 is the canonical way to get the view from a command line, but also subdirs of node_modules should work.

We'd have to figure out how to identify vulnerable ones, but there is a fairly large ecosystem for that as well.