@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,333 @@
1
+ # Exposed Files Scanner v1.0
2
+ # Detects dangerous exposed files and directories
3
+
4
+ param(
5
+ [Parameter(Mandatory=$false)]
6
+ [string]$Target = "",
7
+
8
+ [Parameter(Mandatory=$false)]
9
+ [string]$OutputDir = "site"
10
+ )
11
+
12
+ $ErrorActionPreference = "Continue"
13
+
14
+ # Get current date
15
+ $Date = Get-Date -Format "yyyy-MM-dd"
16
+
17
+ # Parse target URL
18
+ if ($Target -match "https?://") {
19
+ $Uri = [System.Uri]$Target
20
+ $Domain = $Uri.Host
21
+ $Scheme = $Uri.Scheme
22
+ } else {
23
+ $Domain = $Target
24
+ $Target = "https://$Target"
25
+ }
26
+
27
+ # Create output filename
28
+ $OutputFile = "$OutputDir/$Domain-exposed-$Date.md"
29
+
30
+ # ═══════════════════════════════════════════════════════════
31
+ # COMMON EXPOSED PATHS
32
+ # ═══════════════════════════════════════════════════════════
33
+
34
+ $ExposedPaths = @(
35
+ # Configuration Files
36
+ @{ Path = "/.env"; Risk = "CRITICAL"; Desc = "Environment variables - may contain secrets" },
37
+ @{ Path = "/.env.local"; Risk = "CRITICAL"; Desc = "Local environment - secrets" },
38
+ @{ Path = "/.env.production"; Risk = "CRITICAL"; Desc = "Production environment" },
39
+ @{ Path = "/.git/config"; Risk = "CRITICAL"; Desc = "Git repository config - may expose remote" },
40
+ @{ Path = "/.git/HEAD"; Risk = "HIGH"; Desc = "Git branch information" },
41
+ @{ Path = "/.git/"; Risk = "CRITICAL"; Desc = "Full .git directory exposed" },
42
+ @{ Path = "/wp-config.php"; Risk = "CRITICAL"; Desc = "WordPress config - DB + keys" },
43
+ @{ Path = "/config.php"; Risk = "CRITICAL"; Desc = "PHP configuration" },
44
+ @{ Path = "/settings.py"; Risk = "CRITICAL"; Desc = "Django/Python settings" },
45
+ @{ Path = "/config.js"; Risk = "HIGH"; Desc = "Node.js configuration" },
46
+ @{ Path = "/application.properties"; Risk = "CRITICAL"; Desc = "Java Spring config" },
47
+ @{ Path = "/.htaccess"; Risk = "MEDIUM"; Desc = "Apache config" },
48
+ @{ Path = "/.htpasswd"; Risk = "CRITICAL"; Desc = "HTTP Basic Auth hashes" },
49
+
50
+ # Backup Files
51
+ @{ Path = "/backup.zip"; Risk = "CRITICAL"; Desc = "Compressed backup" },
52
+ @{ Path = "/backups.zip"; Risk = "CRITICAL"; Desc = "Compressed backup" },
53
+ @{ Path = "/database.zip"; Risk = "CRITICAL"; Desc = "Database backup" },
54
+ @{ Path = "/db.zip"; Risk = "CRITICAL"; Desc = "Database backup" },
55
+ @{ Path = "/database.sql"; Risk = "CRITICAL"; Desc = "Database dump" },
56
+ @{ Path = "/db.sql"; Risk = "CRITICAL"; Desc = "Database dump" },
57
+ @{ Path = "/dump.sql"; Risk = "CRITICAL"; Desc = "Database dump" },
58
+ @{ Path = "/backup.sql"; Risk = "CRITICAL"; Desc = "Database backup" },
59
+ @{ Path = "/site.tar.gz"; Risk = "CRITICAL"; Desc = "Full site backup" },
60
+ @{ Path = "/backup.tar.gz"; Risk = "CRITICAL"; Desc = "Full backup archive" },
61
+ @{ Path = "/www.zip"; Risk = "CRITICAL"; Desc = "Web root backup" },
62
+ @{ Path = "/backup/"; Risk = "HIGH"; Desc = "Backup directory" },
63
+ @{ Path = "/backups/"; Risk = "HIGH"; Desc = "Backups directory" },
64
+ @{ Path = "/db/"; Risk = "HIGH"; Desc = "Database directory" },
65
+ @{ Path = "/*.bak"; Risk = "HIGH"; Desc = "Backup files" },
66
+ @{ Path = "/*.backup"; Risk = "HIGH"; Desc = "Backup files" },
67
+ @{ Path = "/old/"; Risk = "MEDIUM"; Desc = "Old files directory" },
68
+ @{ Path = "/tmp/"; Risk = "MEDIUM"; Desc = "Temporary files" },
69
+
70
+ # Admin & Debug Panels
71
+ @{ Path = "/admin/"; Risk = "HIGH"; Desc = "Admin panel" },
72
+ @{ Path = "/wp-admin/"; Risk = "HIGH"; Desc = "WordPress admin" },
73
+ @{ Path = "/administrator/"; Risk = "HIGH"; Desc = "Administrator panel" },
74
+ @{ Path = "/manage/"; Risk = "MEDIUM"; Desc = "Management panel" },
75
+ @{ Path = "/phpmyadmin/"; Risk = "CRITICAL"; Desc = "Database UI - major exposure" },
76
+ @{ Path = "/pma/"; Risk = "CRITICAL"; Desc = "phpMyAdmin alias" },
77
+ @{ Path = "/mysql/"; Risk = "CRITICAL"; Desc = "MySQL admin" },
78
+ @{ Path = "/debug/"; Risk = "CRITICAL"; Desc = "Debug mode enabled" },
79
+ @{ Path = "/api/debug/"; Risk = "CRITICAL"; Desc = "API debug endpoint" },
80
+ @{ Path = "/console/"; Risk = "HIGH"; Desc = "Debug console" },
81
+ @{ Path = "/debug.php"; Risk = "CRITICAL"; Desc = "Debug script" },
82
+ @{ Path = "/test.php"; Risk = "HIGH"; Desc = "Test script" },
83
+ @{ Path = "/info.php"; Risk = "HIGH"; Desc = "PHP info exposure" },
84
+ @{ Path = "/phpinfo.php"; Risk = "HIGH"; Desc = "PHP info exposure" },
85
+
86
+ # Spring Boot Actuator
87
+ @{ Path = "/actuator/"; Risk = "HIGH"; Desc = "Spring Boot actuator" },
88
+ @{ Path = "/actuator/env"; Risk = "CRITICAL"; Desc = "Environment variables" },
89
+ @{ Path = "/actuator/heapdump"; Risk = "CRITICAL"; Desc = "Heap dump - contains secrets" },
90
+ @{ Path = "/actuator/threaddump"; Risk = "HIGH"; Desc = "Thread information" },
91
+ @{ Path = "/actuator/metrics"; Risk = "MEDIUM"; Desc = "Application metrics" },
92
+ @{ Path = "/actuator/configprops"; Risk = "CRITICAL"; Desc = "Configuration properties" },
93
+ @{ Path = "/health"; Risk = "MEDIUM"; Desc = "Health check endpoint" },
94
+
95
+ # API Documentation
96
+ @{ Path = "/swagger/"; Risk = "MEDIUM"; Desc = "Swagger UI" },
97
+ @{ Path = "/swagger-ui/"; Risk = "MEDIUM"; Desc = "Swagger documentation" },
98
+ @{ Path = "/swagger-ui.html"; Risk = "MEDIUM"; Desc = "Swagger HTML" },
99
+ @{ Path = "/api-docs/"; Risk = "MEDIUM"; Desc = "API documentation" },
100
+ @{ Path = "/v2/api-docs/"; Risk = "MEDIUM"; Desc = "OpenAPI v2" },
101
+ @{ Path = "/v3/api-docs/"; Risk = "MEDIUM"; Desc = "OpenAPI v3" },
102
+ @{ Path = "/graphiql/"; Risk = "HIGH"; Desc = "GraphQL IDE" },
103
+ @{ Path = "/graphql"; Risk = "MEDIUM"; Desc = "GraphQL endpoint" },
104
+ @{ Path = "/api/"; Risk = "LOW"; Desc = "API base path" },
105
+ @{ Path = "/api/v1/"; Risk = "LOW"; Desc = "API v1" },
106
+
107
+ # Log Files
108
+ @{ Path = "/logs/"; Risk = "HIGH"; Desc = "Log directory" },
109
+ @{ Path = "/error.log"; Risk = "HIGH"; Desc = "Error log" },
110
+ @{ Path = "/access.log"; Risk = "HIGH"; Desc = "Access log" },
111
+ @{ Path = "/debug.log"; Risk = "HIGH"; Desc = "Debug log" },
112
+ @{ Path = "/application.log"; Risk = "HIGH"; Desc = "Application log" },
113
+ @{ Path = "/console.log"; Risk = "MEDIUM"; Desc = "Console log" },
114
+
115
+ # Information Disclosure
116
+ @{ Path = "/robots.txt"; Risk = "LOW"; Desc = "Reveals hidden paths" },
117
+ @{ Path = "/sitemap.xml"; Risk = "LOW"; Desc = "Site structure" },
118
+ @{ Path = "/security.txt"; Risk = "LOW"; Desc = "Security contact" },
119
+ @{ Path = "/humans.txt"; Risk = "LOW"; Desc = "Developer information" },
120
+ @{ Path = "/crossdomain.xml"; Risk = "LOW"; Desc = "Flash policy" },
121
+ @{ Path = "/.well-known/security.txt"; Risk = "LOW"; Desc = "Security policy" }
122
+ )
123
+
124
+ # ═══════════════════════════════════════════════════════════
125
+ # SCAN FUNCTION
126
+ # ═══════════════════════════════════════════════════════════
127
+
128
+ Write-Host ""
129
+ Write-Host "╔═══════════════════════════════════════════════════╗" -ForegroundColor Cyan
130
+ Write-Host "║ 🔍 Exposed Files Scanner v1.0 ║" -ForegroundColor Cyan
131
+ Write-Host "╚═══════════════════════════════════════════════════╝" -ForegroundColor Cyan
132
+ Write-Host ""
133
+ Write-Host "Target: $Target" -ForegroundColor White
134
+ Write-Host ""
135
+
136
+ $FoundIssues = @()
137
+ $Scanned = 0
138
+
139
+ foreach ($item in $ExposedPaths) {
140
+ $Scanned++
141
+ $Progress = [math]::Round(($Scanned / $ExposedPaths.Count) * 100)
142
+ Write-Progress -Activity "Scanning exposed files..." -Status "$Progress% complete" -PercentComplete $Progress
143
+
144
+ $URL = "$Target$($item.Path)"
145
+
146
+ try {
147
+ $Response = Invoke-WebRequest -Uri $URL -Method Head -TimeoutSec 5 -ErrorAction SilentlyContinue
148
+
149
+ if ($Response.StatusCode -ne 404 -and $Response.StatusCode -ne 403) {
150
+ $ContentType = $Response.Headers["Content-Type"] -join ", "
151
+
152
+ $Finding = [PSCustomObject]@{
153
+ Path = $item.Path
154
+ StatusCode = $Response.StatusCode
155
+ Risk = $item.Risk
156
+ Description = $item.Desc
157
+ ContentType = $ContentType
158
+ }
159
+ $FoundIssues += $Finding
160
+
161
+ $Color = switch ($item.Risk) {
162
+ "CRITICAL" { "Red" }
163
+ "HIGH" { "Yellow" }
164
+ "MEDIUM" { "Cyan" }
165
+ "LOW" { "Gray" }
166
+ }
167
+
168
+ Write-Host "⚠️ FOUND [$($item.Risk)]: $($item.Path)" -ForegroundColor $Color
169
+ Write-Host " Status: $($Response.StatusCode) | Type: $($ContentType.Substring(0, [Math]::Min(50, $ContentType.Length)))" -ForegroundColor Gray
170
+ }
171
+ } catch {
172
+ # Connection error or timeout - not found
173
+ }
174
+ }
175
+
176
+ Write-Progress -Activity "Scanning" -Completed
177
+
178
+ # ═══════════════════════════════════════════════════════════
179
+ # SUMMARY
180
+ # ═══════════════════════════════════════════════════════════
181
+
182
+ Write-Host ""
183
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
184
+ Write-Host "📊 SCAN SUMMARY" -ForegroundColor Cyan
185
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
186
+ Write-Host ""
187
+
188
+ $CriticalCount = ($FoundIssues | Where-Object { $_.Risk -eq "CRITICAL" }).Count
189
+ $HighCount = ($FoundIssues | Where-Object { $_.Risk -eq "HIGH" }).Count
190
+ $MediumCount = ($FoundIssues | Where-Object { $_.Risk -eq "MEDIUM" }).Count
191
+ $LowCount = ($FoundIssues | Where-Object { $_.Risk -eq "LOW" }).Count
192
+
193
+ Write-Host "Files Scanned: $Scanned" -ForegroundColor White
194
+ Write-Host "Issues Found: $($FoundIssues.Count)" -ForegroundColor Yellow
195
+ Write-Host ""
196
+ Write-Host "🔴 CRITICAL: $CriticalCount" -ForegroundColor Red
197
+ Write-Host "🟠 HIGH: $HighCount" -ForegroundColor Yellow
198
+ Write-Host "🟡 MEDIUM: $MediumCount" -ForegroundColor Cyan
199
+ Write-Host "🟢 LOW: $LowCount" -ForegroundColor Gray
200
+
201
+ # ═══════════════════════════════════════════════════════════
202
+ # GENERATE REPORT
203
+ # ═══════════════════════════════════════════════════════════
204
+
205
+ if (-not (Test-Path $OutputDir)) {
206
+ New-Item -ItemType Directory -Path $OutputDir -Force | Out-Null
207
+ }
208
+
209
+ $Report = @"
210
+ # 🔍 Exposed Files Report
211
+
212
+ **Target:** $Target
213
+ **Date:** $Date
214
+ **Scanner:** Exposed Files Scanner v1.0
215
+
216
+ ---
217
+
218
+ ## 📋 Summary
219
+
220
+ | Metric | Value |
221
+ |--------|-------|
222
+ | Files Scanned | $Scanned |
223
+ | Issues Found | $($FoundIssues.Count) |
224
+ | 🔴 CRITICAL | $CriticalCount |
225
+ | 🟠 HIGH | $HighCount |
226
+ | 🟡 MEDIUM | $MediumCount |
227
+ | 🟢 LOW | $LowCount |
228
+
229
+ ---
230
+
231
+ ## 🚨 Critical Issues
232
+
233
+ $(if ($CriticalCount -gt 0) {
234
+ $FoundIssues | Where-Object { $_.Risk -eq "CRITICAL" } | ForEach-Object {
235
+ @"
236
+ ### Found: $($_.Path)
237
+
238
+ | Field | Value |
239
+ |-------|-------|
240
+ | Status Code | $($_.StatusCode) |
241
+ | Risk Level | 🔴 $($_.Risk) |
242
+ | Content Type | $($_.ContentType) |
243
+
244
+ **Description:** $($_.Description)
245
+
246
+ **Recommendation:** Immediate action required. Remove or restrict access.
247
+
248
+ ---
249
+ "@
250
+ }
251
+ } else {
252
+ "✅ No critical issues found"
253
+ })
254
+
255
+ ## 🟠 High Risk Issues
256
+
257
+ $(if ($HighCount -gt 0) {
258
+ $FoundIssues | Where-Object { $_.Risk -eq "HIGH" } | ForEach-Object {
259
+ @"
260
+ - **$($_.Path)** - $($_.Description) (HTTP $($_.StatusCode))
261
+ "@
262
+ }
263
+ } else {
264
+ "✅ No high-risk issues found"
265
+ })
266
+
267
+ ## 🟡 Medium Risk Issues
268
+
269
+ $(if ($MediumCount -gt 0) {
270
+ $FoundIssues | Where-Object { $_.Risk -eq "MEDIUM" } | ForEach-Object {
271
+ @"
272
+ - **$($_.Path)** - $($_.Description) (HTTP $($_.StatusCode))
273
+ "@
274
+ }
275
+ } else {
276
+ "✅ No medium-risk issues found"
277
+ })
278
+
279
+ ## 🟢 Low Risk Issues
280
+
281
+ $(if ($LowCount -gt 0) {
282
+ $FoundIssues | Where-Object { $_.Risk -eq "LOW" } | ForEach-Object {
283
+ @"
284
+ - **$($_.Path)** - $($_.Description) (HTTP $($_.StatusCode))
285
+ "@
286
+ }
287
+ } else {
288
+ "✅ No low-risk issues found"
289
+ })
290
+
291
+ ---
292
+
293
+ ## 📝 All Findings
294
+
295
+ | Path | Status | Risk | Description |
296
+ |------|--------|------|-------------|
297
+ $(foreach ($issue in $FoundIssues) {
298
+ "| $($issue.Path) | $($issue.StatusCode) | $($issue.Risk) | $($issue.Description) |"
299
+ })
300
+
301
+ ---
302
+
303
+ ## 🛡️ Remediation Checklist
304
+
305
+ - [ ] Block .env files in web server config
306
+ - [ ] Disable .git directory listing
307
+ - [ ] Remove backup files from web root
308
+ - [ ] Protect admin panels with IP restriction
309
+ - [ ] Disable debug mode in production
310
+ - [ ] Secure Spring Boot actuator endpoints
311
+ - [ ] Add authentication to API documentation
312
+ - [ ] Disable directory listing
313
+ - [ ] Remove test/debug files
314
+
315
+ ---
316
+
317
+ **Report Generated:** $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
318
+ "@
319
+
320
+ # Save report
321
+ $Report | Out-File -FilePath $OutputFile -Encoding UTF8
322
+
323
+ Write-Host ""
324
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
325
+ Write-Host "✅ Scan Complete!" -ForegroundColor Green
326
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
327
+ Write-Host ""
328
+ Write-Host "📄 Report: $OutputFile" -ForegroundColor White
329
+ Write-Host ""
330
+
331
+ if ($CriticalCount -gt 0) {
332
+ Write-Host "⚠️ IMMEDIATE ACTION REQUIRED for critical findings!" -ForegroundColor Red
333
+ }
@@ -0,0 +1,291 @@
1
+ #!/bin/bash
2
+ # Exposed Files Scanner v1.0
3
+ # Usage: ./exposed-files-scan.sh https://target.com
4
+
5
+ TARGET=${1:-https://example.com}
6
+ DATE=$(date +%Y-%m-%d)
7
+
8
+ echo "========================================"
9
+ echo "🔍 Exposed Files Scanner"
10
+ echo "Target: $TARGET"
11
+ echo "Date: $DATE"
12
+ echo "========================================"
13
+ echo ""
14
+
15
+ # Parse domain from URL
16
+ DOMAIN=$(echo "$TARGET" | sed -E 's|https?://||' | cut -d'/' -f1)
17
+
18
+ # Output file
19
+ OUTPUT="site/${DOMAIN}-exposed-${DATE}.md"
20
+ mkdir -p site
21
+
22
+ # Counters
23
+ CRITICAL=0
24
+ HIGH=0
25
+ MEDIUM=0
26
+ LOW=0
27
+ FOUND_COUNT=0
28
+
29
+ # Color codes
30
+ RED='\033[0;31m'
31
+ YELLOW='\033[1;33m'
32
+ CYAN='\033[0;36m'
33
+ GREEN='\033[0;32m'
34
+ NC='\033[0m' # No Color
35
+
36
+ # ═══════════════════════════════════════════════════════════
37
+ # EXPOSED PATHS TO CHECK
38
+ # ═══════════════════════════════════════════════════════════
39
+
40
+ check_path() {
41
+ local PATH=$1
42
+ local RISK=$2
43
+ local DESC=$3
44
+
45
+ STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${TARGET}${PATH}" --max-time 5)
46
+
47
+ if [ "$STATUS" != "404" ] && [ "$STATUS" != "000" ] && [ "$STATUS" != "403" ]; then
48
+ FOUND_COUNT=$((FOUND_COUNT + 1))
49
+
50
+ case $RISK in
51
+ "CRITICAL")
52
+ CRITICAL=$((CRITICAL + 1))
53
+ echo -e "${RED}⚠️ FOUND [CRITICAL]: ${PATH}${NC}"
54
+ echo " Status: $STATUS | $DESC"
55
+ echo "$PATH|$STATUS|CRITICAL|$DESC" >> /tmp/found_issues.tmp
56
+ ;;
57
+ "HIGH")
58
+ HIGH=$((HIGH + 1))
59
+ echo -e "${YELLOW}⚠️ FOUND [HIGH]: ${PATH}${NC}"
60
+ echo " Status: $STATUS | $DESC"
61
+ echo "$PATH|$STATUS|HIGH|$DESC" >> /tmp/found_issues.tmp
62
+ ;;
63
+ "MEDIUM")
64
+ MEDIUM=$((MEDIUM + 1))
65
+ echo -e "${CYAN}⚠️ FOUND [MEDIUM]: ${PATH}${NC}"
66
+ echo " Status: $STATUS | $DESC"
67
+ echo "$PATH|$STATUS|MEDIUM|$DESC" >> /tmp/found_issues.tmp
68
+ ;;
69
+ "LOW")
70
+ LOW=$((LOW + 1))
71
+ echo -e "${NC}ℹ️ FOUND [LOW]: ${PATH}"
72
+ echo " Status: $STATUS | $DESC"
73
+ echo "$PATH|$STATUS|LOW|$DESC" >> /tmp/found_issues.tmp
74
+ ;;
75
+ esac
76
+ fi
77
+ }
78
+
79
+ echo "Scanning for exposed files..."
80
+ echo ""
81
+
82
+ # Configuration Files
83
+ check_path "/.env" "CRITICAL" "Environment variables with secrets"
84
+ check_path "/.env.local" "CRITICAL" "Local environment variables"
85
+ check_path "/.env.production" "CRITICAL" "Production environment"
86
+ check_path "/.git/config" "CRITICAL" "Git repository config"
87
+ check_path "/.git/HEAD" "HIGH" "Git branch info"
88
+ check_path "/.git/" "CRITICAL" "Full .git directory"
89
+ check_path "/wp-config.php" "CRITICAL" "WordPress config - DB + keys"
90
+ check_path "/config.php" "CRITICAL" "PHP configuration"
91
+ check_path "/settings.py" "CRITICAL" "Django/Python settings"
92
+ check_path "/config.js" "HIGH" "Node.js configuration"
93
+ check_path "/application.properties" "CRITICAL" "Java Spring config"
94
+ check_path "/.htaccess" "MEDIUM" "Apache config"
95
+ check_path "/.htpasswd" "CRITICAL" "HTTP Basic Auth hashes"
96
+
97
+ # Backup Files
98
+ check_path "/backup.zip" "CRITICAL" "Compressed backup"
99
+ check_path "/backups.zip" "CRITICAL" "Compressed backup"
100
+ check_path "/database.zip" "CRITICAL" "Database backup"
101
+ check_path "/database.sql" "CRITICAL" "Database dump"
102
+ check_path "/db.sql" "CRITICAL" "Database dump"
103
+ check_path "/dump.sql" "CRITICAL" "Database dump"
104
+ check_path "/site.tar.gz" "CRITICAL" "Full site backup"
105
+ check_path "/www.zip" "CRITICAL" "Web root backup"
106
+ check_path "/backup.tar.gz" "CRITICAL" "Backup archive"
107
+ check_path "/backup/" "HIGH" "Backup directory"
108
+ check_path "/backups/" "HIGH" "Backups directory"
109
+
110
+ # Admin & Debug Panels
111
+ check_path "/admin/" "HIGH" "Admin panel"
112
+ check_path "/wp-admin/" "HIGH" "WordPress admin"
113
+ check_path "/administrator/" "HIGH" "Administrator panel"
114
+ check_path "/phpmyadmin/" "CRITICAL" "Database UI"
115
+ check_path "/pma/" "CRITICAL" "phpMyAdmin alias"
116
+ check_path "/debug/" "CRITICAL" "Debug mode enabled"
117
+ check_path "/api/debug/" "CRITICAL" "API debug endpoint"
118
+ check_path "/console/" "HIGH" "Debug console"
119
+ check_path "/debug.php" "CRITICAL" "Debug script"
120
+ check_path "/test.php" "HIGH" "Test script"
121
+ check_path "/info.php" "HIGH" "PHP info exposure"
122
+ check_path "/phpinfo.php" "HIGH" "PHP info exposure"
123
+
124
+ # Spring Boot Actuator
125
+ check_path "/actuator/" "HIGH" "Spring Boot actuator"
126
+ check_path "/actuator/env" "CRITICAL" "Environment variables"
127
+ check_path "/actuator/heapdump" "CRITICAL" "Heap dump - secrets"
128
+ check_path "/actuator/threaddump" "HIGH" "Thread information"
129
+ check_path "/actuator/configprops" "CRITICAL" "Configuration properties"
130
+ check_path "/health" "MEDIUM" "Health check"
131
+
132
+ # API Documentation
133
+ check_path "/swagger/" "MEDIUM" "Swagger UI"
134
+ check_path "/swagger-ui/" "MEDIUM" "Swagger documentation"
135
+ check_path "/swagger-ui.html" "MEDIUM" "Swagger HTML"
136
+ check_path "/api-docs/" "MEDIUM" "API documentation"
137
+ check_path "/v2/api-docs/" "MEDIUM" "OpenAPI v2"
138
+ check_path "/v3/api-docs/" "MEDIUM" "OpenAPI v3"
139
+ check_path "/graphiql/" "HIGH" "GraphQL IDE"
140
+ check_path "/graphql" "MEDIUM" "GraphQL endpoint"
141
+
142
+ # Log Files
143
+ check_path "/logs/" "HIGH" "Log directory"
144
+ check_path "/error.log" "HIGH" "Error log"
145
+ check_path "/access.log" "HIGH" "Access log"
146
+ check_path "/debug.log" "HIGH" "Debug log"
147
+ check_path "/application.log" "HIGH" "Application log"
148
+
149
+ # Information Disclosure
150
+ check_path "/robots.txt" "LOW" "Reveals hidden paths"
151
+ check_path "/sitemap.xml" "LOW" "Site structure"
152
+ check_path "/security.txt" "LOW" "Security contact"
153
+ check_path "/humans.txt" "LOW" "Developer information"
154
+
155
+ # ═══════════════════════════════════════════════════════════
156
+ # SUMMARY
157
+ # ═══════════════════════════════════════════════════════════
158
+
159
+ echo ""
160
+ echo "========================================"
161
+ echo "📊 SCAN SUMMARY"
162
+ echo "========================================"
163
+ echo ""
164
+ echo "Files Scanned: 50+"
165
+ echo "Issues Found: $FOUND_COUNT"
166
+ echo ""
167
+ echo -e "${RED}🔴 CRITICAL: $CRITICAL${NC}"
168
+ echo -e "${YELLOW}🟠 HIGH: $HIGH${NC}"
169
+ echo -e "${CYAN}🟡 MEDIUM: $MEDIUM${NC}"
170
+ echo -e "${NC}🟢 LOW: $LOW${NC}"
171
+
172
+ # ═══════════════════════════════════════════════════════════
173
+ # GENERATE REPORT
174
+ # ═══════════════════════════════════════════════════════════
175
+
176
+ cat > "$OUTPUT" << 'REPORT_EOF'
177
+ # 🔍 Exposed Files Report
178
+
179
+ **Target:** TARGET_PLACEHOLDER
180
+ **Date:** DATE_PLACEHOLDER
181
+ **Scanner:** Exposed Files Scanner v1.0
182
+
183
+ ---
184
+
185
+ ## 📋 Summary
186
+
187
+ | Metric | Value |
188
+ |--------|-------|
189
+ | Files Scanned | 50+ |
190
+ | Issues Found | FOUND_COUNT_PLACEHOLDER |
191
+ | 🔴 CRITICAL | CRITICAL_PLACEHOLDER |
192
+ | 🟠 HIGH | HIGH_PLACEHOLDER |
193
+ | 🟡 MEDIUM | MEDIUM_PLACEHOLDER |
194
+ | 🟢 LOW | LOW_PLACEHOLDER |
195
+
196
+ ---
197
+
198
+ ## 🚨 Critical Issues
199
+
200
+ CRITICAL_ISSUES_PLACEHOLDER
201
+
202
+ ## 🟠 High Risk Issues
203
+
204
+ HIGH_ISSUES_PLACEHOLDER
205
+
206
+ ## 🟡 Medium Risk Issues
207
+
208
+ MEDIUM_ISSUES_PLACEHOLDER
209
+
210
+ ## 🟢 Low Risk Issues
211
+
212
+ LOW_ISSUES_PLACEHOLDER
213
+
214
+ ---
215
+
216
+ ## 📝 All Findings
217
+
218
+ | Path | Status | Risk | Description |
219
+ |------|--------|------|-------------|
220
+ ALL_FINDINGS_PLACEHOLDER
221
+
222
+ ---
223
+
224
+ ## 🛡️ Remediation Checklist
225
+
226
+ - [ ] Block .env files in web server config
227
+ - [ ] Disable .git directory listing
228
+ - [ ] Remove backup files from web root
229
+ - [ ] Protect admin panels with IP restriction
230
+ - [ ] Disable debug mode in production
231
+ - [ ] Secure Spring Boot actuator endpoints
232
+ - [ ] Add authentication to API documentation
233
+ - [ ] Disable directory listing
234
+ - [ ] Remove test/debug files
235
+
236
+ ---
237
+
238
+ **Report Generated:** TIMESTAMP_PLACEHOLDER
239
+ REPORT_EOF
240
+
241
+ # Replace placeholders
242
+ sed -i "s|TARGET_PLACEHOLDER|$TARGET|g" "$OUTPUT"
243
+ sed -i "s|DATE_PLACEHOLDER|$DATE|g" "$OUTPUT"
244
+ sed -i "s|FOUND_COUNT_PLACEHOLDER|$FOUND_COUNT|g" "$OUTPUT"
245
+ sed -i "s|CRITICAL_PLACEHOLDER|$CRITICAL|g" "$OUTPUT"
246
+ sed -i "s|HIGH_PLACEHOLDER|$HIGH|g" "$OUTPUT"
247
+ sed -i "s|MEDIUM_PLACEHOLDER|$MEDIUM|g" "$OUTPUT"
248
+ sed -i "s|LOW_PLACEHOLDER|$LOW|g" "$OUTPUT"
249
+ sed -i "s|TIMESTAMP_PLACEHOLDER|$(date '+%Y-%m-%d %H:%M:%S')|g" "$OUTPUT"
250
+
251
+ # Add critical issues
252
+ if [ $CRITICAL -gt 0 ]; then
253
+ sed -i 's|CRITICAL_ISSUES_PLACEHOLDER||g' "$OUTPUT"
254
+ while IFS='|' read -r path status risk desc; do
255
+ if [ "$risk" = "CRITICAL" ]; then
256
+ sed -i "s|CRITICAL_ISSUES_PLACEHOLDER|CRITICAL_ISSUES_PLACEHOLDER\n\n### Found: $path\n\n| Field | Value |\n|-------|-------|\n| Status Code | $status |\n| Risk Level | 🔴 CRITICAL |\n\n**Description:** $desc\n\n**Recommendation:** Immediate action required.|\n|g" "$OUTPUT"
257
+ fi
258
+ done < /tmp/found_issues.tmp
259
+ sed -i 's|CRITICAL_ISSUES_PLACEHOLDER|✅ No critical issues found|g' "$OUTPUT"
260
+ else
261
+ sed -i 's|CRITICAL_ISSUES_PLACEHOLDER|✅ No critical issues found|g' "$OUTPUT"
262
+ fi
263
+
264
+ # Add all findings
265
+ if [ -f /tmp/found_issues.tmp ]; then
266
+ ALL_FINDINGS=""
267
+ while IFS='|' read -r path status risk desc; do
268
+ ALL_FINDINGS="$ALL_FINDINGS\n| $path | $status | $risk | $desc |"
269
+ done < /tmp/found_issues.tmp
270
+ sed -i "s|ALL_FINDINGS_PLACEHOLDER|$ALL_FINDINGS|g" "$OUTPUT"
271
+ rm /tmp/found_issues.tmp
272
+ else
273
+ sed -i 's|ALL_FINDINGS_PLACEHOLDER||g' "$OUTPUT"
274
+ fi
275
+
276
+ # Clear remaining placeholders
277
+ sed -i 's|HIGH_ISSUES_PLACEHOLDER|✅ No high-risk issues found|g' "$OUTPUT"
278
+ sed -i 's|MEDIUM_ISSUES_PLACEHOLDER|✅ No medium-risk issues found|g' "$OUTPUT"
279
+ sed -i 's|LOW_ISSUES_PLACEHOLDER|✅ No low-risk issues found|g' "$OUTPUT"
280
+
281
+ echo ""
282
+ echo "========================================"
283
+ echo "✅ Scan Complete!"
284
+ echo "========================================"
285
+ echo ""
286
+ echo "📄 Report: $OUTPUT"
287
+ echo ""
288
+
289
+ if [ $CRITICAL -gt 0 ]; then
290
+ echo -e "${RED}⚠️ IMMEDIATE ACTION REQUIRED for critical findings!${NC}"
291
+ fi