@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/skills/pentesting/SKILL.md +168 -224
- package/skills/pentesting/checklists/cors.md +183 -0
- package/skills/pentesting/checklists/exposed-files.md +311 -0
- package/skills/pentesting/checklists/graphql.md +375 -0
- package/skills/pentesting/checklists/jwt.md +225 -0
- package/skills/pentesting/tools/exposed-files-scan.ps1 +333 -0
- package/skills/pentesting/tools/exposed-files-scan.sh +291 -0
- package/skills/pentesting/tools/full-scan.ps1 +508 -0
- package/skills/pentesting/tools/full-scan.sh +454 -0
|
@@ -0,0 +1,454 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# Full Security Scan - All-in-One v2.0
|
|
3
|
+
# Usage: ./full-scan.sh https://target.com
|
|
4
|
+
|
|
5
|
+
TARGET=${1:-https://example.com}
|
|
6
|
+
DATE=$(date +%Y-%m-%d)
|
|
7
|
+
|
|
8
|
+
# Parse domain
|
|
9
|
+
DOMAIN=$(echo "$TARGET" | sed -E 's|https?://||' | cut -d'/' -f1 | cut -d':' -f1)
|
|
10
|
+
|
|
11
|
+
# Output
|
|
12
|
+
OUTPUT="site/${DOMAIN}-${DATE}.md"
|
|
13
|
+
mkdir -p site
|
|
14
|
+
|
|
15
|
+
# Colors
|
|
16
|
+
RED='\033[0;31m'
|
|
17
|
+
YELLOW='\033[1;33m'
|
|
18
|
+
GREEN='\033[0;32m'
|
|
19
|
+
CYAN='\033[0;36m'
|
|
20
|
+
NC='\033[0m'
|
|
21
|
+
|
|
22
|
+
# ═══════════════════════════════════════════════════════════
|
|
23
|
+
# BANNER
|
|
24
|
+
# ═══════════════════════════════════════════════════════════
|
|
25
|
+
|
|
26
|
+
echo ""
|
|
27
|
+
echo "╔═══════════════════════════════════════════════════╗"
|
|
28
|
+
echo "║ 🛡️ FULL SECURITY SCAN v2.0 ║"
|
|
29
|
+
echo "║ Target: $DOMAIN"
|
|
30
|
+
echo "║ Date: $DATE"
|
|
31
|
+
echo "╚═══════════════════════════════════════════════════╝"
|
|
32
|
+
echo ""
|
|
33
|
+
|
|
34
|
+
# ═══════════════════════════════════════════════════════════
|
|
35
|
+
# PHASE 1: SECURITY HEADERS
|
|
36
|
+
# ═══════════════════════════════════════════════════════════
|
|
37
|
+
|
|
38
|
+
echo "═══════════════════════════════════════════════════"
|
|
39
|
+
echo "🔒 PHASE 1: Security Headers"
|
|
40
|
+
echo "═══════════════════════════════════════════════════"
|
|
41
|
+
|
|
42
|
+
HEADER_SCORE=0
|
|
43
|
+
HEADER_ISSUES=""
|
|
44
|
+
|
|
45
|
+
# Get headers
|
|
46
|
+
HEADERS=$(curl -I -s -L "$TARGET" 2>/dev/null)
|
|
47
|
+
|
|
48
|
+
# HSTS
|
|
49
|
+
if echo "$HEADERS" | grep -qi "strict-transport-security"; then
|
|
50
|
+
echo -e "${GREEN}✅ HSTS: Present${NC}"
|
|
51
|
+
HEADER_SCORE=$((HEADER_SCORE + 15))
|
|
52
|
+
else
|
|
53
|
+
echo -e "${RED}❌ HSTS: Missing${NC}"
|
|
54
|
+
HEADER_ISSUES="$HEADER_ISSUES - HSTS not implemented\n"
|
|
55
|
+
fi
|
|
56
|
+
|
|
57
|
+
# CSP
|
|
58
|
+
if echo "$HEADERS" | grep -qi "content-security-policy"; then
|
|
59
|
+
echo -e "${GREEN}✅ CSP: Present${NC}"
|
|
60
|
+
HEADER_SCORE=$((HEADER_SCORE + 20))
|
|
61
|
+
else
|
|
62
|
+
echo -e "${RED}❌ CSP: Missing${NC}"
|
|
63
|
+
HEADER_ISSUES="$HEADER_ISSUES - CSP not implemented (XSS risk)\n"
|
|
64
|
+
fi
|
|
65
|
+
|
|
66
|
+
# X-Content-Type-Options
|
|
67
|
+
if echo "$HEADERS" | grep -qi "x-content-type-options.*nosniff"; then
|
|
68
|
+
echo -e "${GREEN}✅ X-Content-Type-Options: nosniff${NC}"
|
|
69
|
+
HEADER_SCORE=$((HEADER_SCORE + 10))
|
|
70
|
+
else
|
|
71
|
+
echo -e "${RED}❌ X-Content-Type-Options: Missing${NC}"
|
|
72
|
+
HEADER_ISSUES="$HEADER_ISSUES - X-Content-Type-Options not set\n"
|
|
73
|
+
fi
|
|
74
|
+
|
|
75
|
+
# X-Frame-Options
|
|
76
|
+
if echo "$HEADERS" | grep -qiE "x-frame-options.*(DENY|SAMEORIGIN)"; then
|
|
77
|
+
XFO=$(echo "$HEADERS" | grep -i "x-frame-options" | head -1)
|
|
78
|
+
echo -e "${GREEN}✅ X-Frame-Options: $XFO${NC}"
|
|
79
|
+
HEADER_SCORE=$((HEADER_SCORE + 10))
|
|
80
|
+
else
|
|
81
|
+
echo -e "${RED}❌ X-Frame-Options: Missing${NC}"
|
|
82
|
+
HEADER_ISSUES="$HEADER_ISSUES - X-Frame-Options not set\n"
|
|
83
|
+
fi
|
|
84
|
+
|
|
85
|
+
# Referrer-Policy
|
|
86
|
+
if echo "$HEADERS" | grep -qi "referrer-policy"; then
|
|
87
|
+
echo -e "${GREEN}✅ Referrer-Policy: Present${NC}"
|
|
88
|
+
HEADER_SCORE=$((HEADER_SCORE + 10))
|
|
89
|
+
else
|
|
90
|
+
echo -e "${YELLOW}⚠️ Referrer-Policy: Missing${NC}"
|
|
91
|
+
HEADER_SCORE=$((HEADER_SCORE + 5))
|
|
92
|
+
fi
|
|
93
|
+
|
|
94
|
+
# Cache-Control
|
|
95
|
+
if echo "$HEADERS" | grep -qi "cache-control.*no-store\|cache-control.*no-cache"; then
|
|
96
|
+
echo -e "${GREEN}✅ Cache-Control: Secure${NC}"
|
|
97
|
+
HEADER_SCORE=$((HEADER_SCORE + 10))
|
|
98
|
+
else
|
|
99
|
+
echo -e "${YELLOW}⚠️ Cache-Control: Check configuration${NC}"
|
|
100
|
+
HEADER_SCORE=$((HEADER_SCORE + 5))
|
|
101
|
+
fi
|
|
102
|
+
|
|
103
|
+
# Server
|
|
104
|
+
SERVER=$(echo "$HEADERS" | grep -i "^server:" | head -1)
|
|
105
|
+
if [ -n "$SERVER" ]; then
|
|
106
|
+
if echo "$SERVER" | grep -qE "/\d|Advanced|Version"; then
|
|
107
|
+
echo -e "${YELLOW}⚠️ Server: Leaks version - $SERVER${NC}"
|
|
108
|
+
HEADER_ISSUES="$HEADER_ISSUES - Server header leaks version\n"
|
|
109
|
+
else
|
|
110
|
+
echo -e "${YELLOW}⚠️ Server: $SERVER${NC}"
|
|
111
|
+
fi
|
|
112
|
+
fi
|
|
113
|
+
|
|
114
|
+
# X-Powered-By
|
|
115
|
+
XPB=$(echo "$HEADERS" | grep -i "x-powered-by" | head -1)
|
|
116
|
+
if [ -n "$XPB" ]; then
|
|
117
|
+
echo -e "${YELLOW}⚠️ X-Powered-By: $XPB${NC}"
|
|
118
|
+
HEADER_ISSUES="$HEADER_ISSUES - X-Powered-By leaks technology\n"
|
|
119
|
+
fi
|
|
120
|
+
|
|
121
|
+
echo ""
|
|
122
|
+
echo "📊 Header Score: $HEADER_SCORE/100"
|
|
123
|
+
|
|
124
|
+
# ═══════════════════════════════════════════════════════════
|
|
125
|
+
# PHASE 2: EXPOSED FILES
|
|
126
|
+
# ═══════════════════════════════════════════════════════════
|
|
127
|
+
|
|
128
|
+
echo ""
|
|
129
|
+
echo "═══════════════════════════════════════════════════"
|
|
130
|
+
echo "🔍 PHASE 2: Exposed Files Check"
|
|
131
|
+
echo "═══════════════════════════════════════════════════"
|
|
132
|
+
|
|
133
|
+
EXPOSED_COUNT=0
|
|
134
|
+
EXPOSED_LIST=""
|
|
135
|
+
|
|
136
|
+
check_path() {
|
|
137
|
+
local PATH=$1
|
|
138
|
+
local RISK=$2
|
|
139
|
+
|
|
140
|
+
STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${TARGET}${PATH}" --max-time 5)
|
|
141
|
+
|
|
142
|
+
if [ "$STATUS" != "404" ] && [ "$STATUS" != "000" ] && [ "$STATUS" != "403" ]; then
|
|
143
|
+
EXPOSED_COUNT=$((EXPOSED_COUNT + 1))
|
|
144
|
+
echo -e "${RED}⚠️ FOUND: ${PATH} (HTTP $STATUS)${NC}"
|
|
145
|
+
EXPOSED_LIST="$EXPOSED_LIST| $PATH | $STATUS | $RISK |\n"
|
|
146
|
+
fi
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
check_path "/.env" "CRITICAL"
|
|
150
|
+
check_path "/.git/config" "CRITICAL"
|
|
151
|
+
check_path "/.git/HEAD" "HIGH"
|
|
152
|
+
check_path "/.git/" "CRITICAL"
|
|
153
|
+
check_path "/wp-config.php" "CRITICAL"
|
|
154
|
+
check_path "/config.php" "CRITICAL"
|
|
155
|
+
check_path "/settings.py" "CRITICAL"
|
|
156
|
+
check_path "/backup.zip" "CRITICAL"
|
|
157
|
+
check_path "/database.sql" "CRITICAL"
|
|
158
|
+
check_path "/db.sql" "CRITICAL"
|
|
159
|
+
check_path "/admin/" "HIGH"
|
|
160
|
+
check_path "/debug/" "CRITICAL"
|
|
161
|
+
check_path "/phpmyadmin/" "CRITICAL"
|
|
162
|
+
check_path "/pma/" "CRITICAL"
|
|
163
|
+
check_path "/actuator/env" "CRITICAL"
|
|
164
|
+
check_path "/actuator/heapdump" "CRITICAL"
|
|
165
|
+
check_path "/swagger-ui/" "MEDIUM"
|
|
166
|
+
check_path "/graphiql/" "HIGH"
|
|
167
|
+
|
|
168
|
+
if [ $EXPOSED_COUNT -eq 0 ]; then
|
|
169
|
+
echo -e "${GREEN}✅ No critical files exposed${NC}"
|
|
170
|
+
fi
|
|
171
|
+
|
|
172
|
+
# ═══════════════════════════════════════════════════════════
|
|
173
|
+
# PHASE 3: PORT CHECK
|
|
174
|
+
# ═══════════════════════════════════════════════════════════
|
|
175
|
+
|
|
176
|
+
echo ""
|
|
177
|
+
echo "═══════════════════════════════════════════════════"
|
|
178
|
+
echo "🔌 PHASE 3: Quick Port Check"
|
|
179
|
+
echo "═══════════════════════════════════════════════════"
|
|
180
|
+
|
|
181
|
+
HIGH_RISK_PORTS=0
|
|
182
|
+
PORT_LIST=""
|
|
183
|
+
|
|
184
|
+
check_port() {
|
|
185
|
+
local PORT=$1
|
|
186
|
+
local SERVICE=$2
|
|
187
|
+
local RISK=$3
|
|
188
|
+
|
|
189
|
+
timeout 1 bash -c "echo >/dev/tcp/$DOMAIN/$PORT" 2>/dev/null
|
|
190
|
+
if [ $? -eq 0 ]; then
|
|
191
|
+
echo "⚠️ Port $PORT ($SERVICE) - OPEN"
|
|
192
|
+
PORT_LIST="$PORT_LIST| $PORT | $SERVICE | $RISK |\n"
|
|
193
|
+
if [ "$RISK" = "HIGH" ]; then
|
|
194
|
+
HIGH_RISK_PORTS=$((HIGH_RISK_PORTS + 1))
|
|
195
|
+
fi
|
|
196
|
+
fi
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
check_port 80 "HTTP" "INFO"
|
|
200
|
+
check_port 443 "HTTPS" "INFO"
|
|
201
|
+
check_port 8080 "HTTP-Alt" "MEDIUM"
|
|
202
|
+
check_port 3306 "MySQL" "HIGH"
|
|
203
|
+
check_port 5432 "PostgreSQL" "HIGH"
|
|
204
|
+
check_port 6379 "Redis" "HIGH"
|
|
205
|
+
check_port 27017 "MongoDB" "HIGH"
|
|
206
|
+
check_port 22 "SSH" "MEDIUM"
|
|
207
|
+
|
|
208
|
+
if [ -z "$PORT_LIST" ]; then
|
|
209
|
+
echo -e "${GREEN}✅ No common ports detected${NC}"
|
|
210
|
+
fi
|
|
211
|
+
|
|
212
|
+
# ═══════════════════════════════════════════════════════════
|
|
213
|
+
# PHASE 4: BASIC INJECTION TEST
|
|
214
|
+
# ═══════════════════════════════════════════════════════════
|
|
215
|
+
|
|
216
|
+
echo ""
|
|
217
|
+
echo "═══════════════════════════════════════════════════"
|
|
218
|
+
echo "💉 PHASE 4: Basic Injection Tests"
|
|
219
|
+
echo "═══════════════════════════════════════════════════"
|
|
220
|
+
|
|
221
|
+
# XSS Test
|
|
222
|
+
echo "Testing XSS..." -n
|
|
223
|
+
XSS_PAYLOAD="<script>alert(1)</script>"
|
|
224
|
+
RESPONSE=$(curl -s "${TARGET}/search?q=${XSS_PAYLOAD}" 2>/dev/null)
|
|
225
|
+
if echo "$RESPONSE" | grep -q "$XSS_PAYLOAD"; then
|
|
226
|
+
echo -e "${YELLOW}⚠️ Possible XSS reflection${NC}"
|
|
227
|
+
else
|
|
228
|
+
echo -e "${GREEN}✅ No obvious XSS reflection${NC}"
|
|
229
|
+
fi
|
|
230
|
+
|
|
231
|
+
# SQLi Test
|
|
232
|
+
echo "Testing SQL Injection..." -n
|
|
233
|
+
SQL_PAYLOAD="' OR '1'='1"
|
|
234
|
+
RESPONSE=$(curl -s "${TARGET}/?id=${SQL_PAYLOAD}" 2>/dev/null)
|
|
235
|
+
SQL_ERRORS="SQL syntax|MySQL|PostgreSQL|sqlite|Microsoft SQL|Warning: mysql|error in your SQL"
|
|
236
|
+
if echo "$RESPONSE" | grep -qiE "$SQL_ERRORS"; then
|
|
237
|
+
echo -e "${YELLOW}⚠️ SQL error detected${NC}"
|
|
238
|
+
else
|
|
239
|
+
echo -e "${GREEN}✅ No obvious SQL errors${NC}"
|
|
240
|
+
fi
|
|
241
|
+
|
|
242
|
+
# ═══════════════════════════════════════════════════════════
|
|
243
|
+
# PHASE 5: SSL/TLS CHECK
|
|
244
|
+
# ═══════════════════════════════════════════════════════════
|
|
245
|
+
|
|
246
|
+
echo ""
|
|
247
|
+
echo "═══════════════════════════════════════════════════"
|
|
248
|
+
echo "🔐 PHASE 5: SSL/TLS Check"
|
|
249
|
+
echo "═══════════════════════════════════════════════════"
|
|
250
|
+
|
|
251
|
+
if echo "$TARGET" | grep -q "https"; then
|
|
252
|
+
echo -e "${GREEN}✅ HTTPS enabled${NC}"
|
|
253
|
+
echo "📝 For full SSL analysis: https://ssllabs.com/ssltest/analyze.html?d=$DOMAIN"
|
|
254
|
+
else
|
|
255
|
+
echo -e "${RED}❌ HTTPS not enforced${NC}"
|
|
256
|
+
fi
|
|
257
|
+
|
|
258
|
+
# ═══════════════════════════════════════════════════════════
|
|
259
|
+
# SUMMARY
|
|
260
|
+
# ═══════════════════════════════════════════════════════════
|
|
261
|
+
|
|
262
|
+
echo ""
|
|
263
|
+
echo "═══════════════════════════════════════════════════"
|
|
264
|
+
echo "📊 SCAN SUMMARY"
|
|
265
|
+
echo "═══════════════════════════════════════════════════"
|
|
266
|
+
echo ""
|
|
267
|
+
echo "🔒 Header Score: $HEADER_SCORE/100"
|
|
268
|
+
echo "🔍 Exposed Files: $EXPOSED_COUNT"
|
|
269
|
+
echo "🔌 High-Risk Ports: $HIGH_RISK_PORTS"
|
|
270
|
+
echo ""
|
|
271
|
+
|
|
272
|
+
# ═══════════════════════════════════════════════════════════
|
|
273
|
+
# GENERATE REPORT
|
|
274
|
+
# ═══════════════════════════════════════════════════════════
|
|
275
|
+
|
|
276
|
+
echo "📝 Generating detailed report..."
|
|
277
|
+
|
|
278
|
+
cat > "$OUTPUT" << 'REPORT_EOF'
|
|
279
|
+
# 🛡️ Full Security Audit Report
|
|
280
|
+
|
|
281
|
+
**Target:** TARGET_PLACEHOLDER
|
|
282
|
+
**Domain:** DOMAIN_PLACEHOLDER
|
|
283
|
+
**Date:** DATE_PLACEHOLDER
|
|
284
|
+
**Scanner:** Full Security Scan v2.0
|
|
285
|
+
|
|
286
|
+
---
|
|
287
|
+
|
|
288
|
+
## 📋 Executive Summary
|
|
289
|
+
|
|
290
|
+
| Metric | Value |
|
|
291
|
+
|--------|-------|
|
|
292
|
+
| Target | TARGET_PLACEHOLDER |
|
|
293
|
+
| Scan Date | DATE_PLACEHOLDER |
|
|
294
|
+
| Header Score | HEADER_SCORE_PLACEHOLDER/100 |
|
|
295
|
+
| Exposed Files | EXPOSED_COUNT_PLACEHOLDER |
|
|
296
|
+
| High-Risk Ports | HIGH_RISK_PORTS_PLACEHOLDER |
|
|
297
|
+
|
|
298
|
+
### Overall Risk Assessment
|
|
299
|
+
|
|
300
|
+
OVERALL_RISK_PLACEHOLDER
|
|
301
|
+
|
|
302
|
+
---
|
|
303
|
+
|
|
304
|
+
## 🔒 1. Security Headers Analysis
|
|
305
|
+
|
|
306
|
+
### Header Score: HEADER_SCORE_PLACEHOLDER/100
|
|
307
|
+
|
|
308
|
+
HEADER_GRADE_PLACEHOLDER
|
|
309
|
+
|
|
310
|
+
### Issues Found
|
|
311
|
+
|
|
312
|
+
HEADER_ISSUES_PLACEHOLDER
|
|
313
|
+
|
|
314
|
+
---
|
|
315
|
+
|
|
316
|
+
## 🔍 2. Exposed Files Check
|
|
317
|
+
|
|
318
|
+
EXPOSED_SUMMARY_PLACEHOLDER
|
|
319
|
+
|
|
320
|
+
EXPOSED_LIST_PLACEHOLDER
|
|
321
|
+
|
|
322
|
+
---
|
|
323
|
+
|
|
324
|
+
## 🔌 3. Port Scan Results
|
|
325
|
+
|
|
326
|
+
PORT_SUMMARY_PLACEHOLDER
|
|
327
|
+
|
|
328
|
+
PORT_LIST_PLACEHOLDER
|
|
329
|
+
|
|
330
|
+
---
|
|
331
|
+
|
|
332
|
+
## 💉 4. Injection Tests
|
|
333
|
+
|
|
334
|
+
| Test | Status |
|
|
335
|
+
|------|--------|
|
|
336
|
+
| XSS Reflection | ⚠️ Review manually |
|
|
337
|
+
| SQL Injection | ⚠️ Review manually |
|
|
338
|
+
|
|
339
|
+
---
|
|
340
|
+
|
|
341
|
+
## 🔐 5. SSL/TLS
|
|
342
|
+
|
|
343
|
+
SSL_STATUS_PLACEHOLDER
|
|
344
|
+
|
|
345
|
+
---
|
|
346
|
+
|
|
347
|
+
## 🛡️ Remediation Priority
|
|
348
|
+
|
|
349
|
+
### Immediate (Critical)
|
|
350
|
+
1. Implement missing security headers
|
|
351
|
+
2. Remove/block exposed sensitive files (.env, .git/, backups)
|
|
352
|
+
3. Close database ports from public access
|
|
353
|
+
|
|
354
|
+
### Short-term
|
|
355
|
+
1. Enable HSTS with long max-age
|
|
356
|
+
2. Configure Content-Security-Policy
|
|
357
|
+
3. Set up proper Cache-Control
|
|
358
|
+
4. Hide server information
|
|
359
|
+
|
|
360
|
+
---
|
|
361
|
+
|
|
362
|
+
## 🔗 Recommended Tools
|
|
363
|
+
|
|
364
|
+
- Nuclei - Vulnerability scanning
|
|
365
|
+
- SQLMap - SQL injection testing
|
|
366
|
+
- Dalfox - XSS scanning
|
|
367
|
+
- Nmap - Full port scan
|
|
368
|
+
|
|
369
|
+
---
|
|
370
|
+
|
|
371
|
+
## 📄 Report Location
|
|
372
|
+
|
|
373
|
+
**File:** OUTPUT_PLACEHOLDER
|
|
374
|
+
**Generated:** TIMESTAMP_PLACEHOLDER
|
|
375
|
+
**Author:** Rz (@soulofzephir)
|
|
376
|
+
|
|
377
|
+
---
|
|
378
|
+
|
|
379
|
+
**⚠️ Disclaimer:** Automated scan. Manual testing recommended.
|
|
380
|
+
REPORT_EOF
|
|
381
|
+
|
|
382
|
+
# Replace placeholders
|
|
383
|
+
sed -i "s|TARGET_PLACEHOLDER|$TARGET|g" "$OUTPUT"
|
|
384
|
+
sed -i "s|DOMAIN_PLACEHOLDER|$DOMAIN|g" "$OUTPUT"
|
|
385
|
+
sed -i "s|DATE_PLACEHOLDER|$DATE|g" "$OUTPUT"
|
|
386
|
+
sed -i "s|HEADER_SCORE_PLACEHOLDER|$HEADER_SCORE|g" "$OUTPUT"
|
|
387
|
+
sed -i "s|EXPOSED_COUNT_PLACEHOLDER|$EXPOSED_COUNT|g" "$OUTPUT"
|
|
388
|
+
sed -i "s|HIGH_RISK_PORTS_PLACEHOLDER|$HIGH_RISK_PORTS|g" "$OUTPUT"
|
|
389
|
+
sed -i "s|OUTPUT_PLACEHOLDER|$OUTPUT|g" "$OUTPUT"
|
|
390
|
+
sed -i "s|TIMESTAMP_PLACEHOLDER|$(date '+%Y-%m-%d %H:%M:%S')|g" "$OUTPUT"
|
|
391
|
+
|
|
392
|
+
# Header grade
|
|
393
|
+
if [ $HEADER_SCORE -ge 90 ]; then
|
|
394
|
+
sed -i 's|HEADER_GRADE_PLACEHOLDER|✅ **Grade A - Excellent**|g' "$OUTPUT"
|
|
395
|
+
elif [ $HEADER_SCORE -ge 70 ]; then
|
|
396
|
+
sed -i 's|HEADER_GRADE_PLACEHOLDER|✅ **Grade B - Good**|g' "$OUTPUT"
|
|
397
|
+
elif [ $HEADER_SCORE -ge 50 ]; then
|
|
398
|
+
sed -i 's|HEADER_GRADE_PLACEHOLDER|⚠️ **Grade C - Needs Improvement**|g' "$OUTPUT"
|
|
399
|
+
else
|
|
400
|
+
sed -i 's|HEADER_GRADE_PLACEHOLDER|❌ **Grade D/F - Poor**|g' "$OUTPUT"
|
|
401
|
+
fi
|
|
402
|
+
|
|
403
|
+
# Overall risk
|
|
404
|
+
if [ $HEADER_SCORE -lt 50 ] || [ $EXPOSED_COUNT -gt 0 ] || [ $HIGH_RISK_PORTS -gt 0 ]; then
|
|
405
|
+
sed -i 's|OVERALL_RISK_PLACEHOLDER|🔴 **HIGH RISK** - Issues found requiring immediate attention|g' "$OUTPUT"
|
|
406
|
+
elif [ $HEADER_SCORE -lt 70 ] || [ $EXPOSED_COUNT -gt 0 ]; then
|
|
407
|
+
sed -i 's|OVERALL_RISK_PLACEHOLDER|🟠 **MEDIUM RISK** - Some security improvements recommended|g' "$OUTPUT"
|
|
408
|
+
else
|
|
409
|
+
sed -i 's|OVERALL_RISK_PLACEHOLDER|🟢 **LOW RISK** - Minor issues to address|g' "$OUTPUT"
|
|
410
|
+
fi
|
|
411
|
+
|
|
412
|
+
# Header issues
|
|
413
|
+
if [ -n "$HEADER_ISSUES" ]; then
|
|
414
|
+
sed -i "s|HEADER_ISSUES_PLACEHOLDER|$HEADER_ISSUES|g" "$OUTPUT"
|
|
415
|
+
else
|
|
416
|
+
sed -i 's|HEADER_ISSUES_PLACEHOLDER|✅ No major header issues|g' "$OUTPUT"
|
|
417
|
+
fi
|
|
418
|
+
|
|
419
|
+
# Exposed files summary
|
|
420
|
+
if [ $EXPOSED_COUNT -gt 0 ]; then
|
|
421
|
+
sed -i 's|EXPOSED_SUMMARY_PLACEHOLDER|### 🚨 Found EXPOSED_COUNT_PLACEHOLDER Exposed Files|g' "$OUTPUT"
|
|
422
|
+
else
|
|
423
|
+
sed -i 's|EXPOSED_SUMMARY_PLACEHOLDER|### ✅ No Critical Files Exposed|g' "$OUTPUT"
|
|
424
|
+
fi
|
|
425
|
+
|
|
426
|
+
# Port summary
|
|
427
|
+
if [ $HIGH_RISK_PORTS -gt 0 ]; then
|
|
428
|
+
sed -i 's|PORT_SUMMARY_PLACEHOLDER|### 🚨 High-Risk Ports Open|g' "$OUTPUT"
|
|
429
|
+
else
|
|
430
|
+
sed -i 's|PORT_SUMMARY_PLACEHOLDER|### ✅ No High-Risk Ports Detected|g' "$OUTPUT"
|
|
431
|
+
fi
|
|
432
|
+
|
|
433
|
+
# SSL status
|
|
434
|
+
if echo "$TARGET" | grep -q "https"; then
|
|
435
|
+
sed -i 's|SSL_STATUS_PLACEHOLDER|✅ HTTPS is enabled|g' "$OUTPUT"
|
|
436
|
+
else
|
|
437
|
+
sed -i 's|SSL_STATUS_PLACEHOLDER|❌ HTTPS is NOT enabled|g' "$OUTPUT"
|
|
438
|
+
fi
|
|
439
|
+
|
|
440
|
+
# ═══════════════════════════════════════════════════════════
|
|
441
|
+
# COMPLETE
|
|
442
|
+
# ═══════════════════════════════════════════════════════════
|
|
443
|
+
|
|
444
|
+
echo ""
|
|
445
|
+
echo "═══════════════════════════════════════════════════"
|
|
446
|
+
echo -e "${GREEN}✅ FULL SCAN COMPLETE!${NC}"
|
|
447
|
+
echo "═══════════════════════════════════════════════════"
|
|
448
|
+
echo ""
|
|
449
|
+
echo "📄 Report: $OUTPUT"
|
|
450
|
+
echo ""
|
|
451
|
+
echo "🔗 Quick Links:"
|
|
452
|
+
echo " Headers: https://securityheaders.com/?q=$DOMAIN"
|
|
453
|
+
echo " SSL: https://ssllabs.com/ssltest/analyze.html?d=$DOMAIN"
|
|
454
|
+
echo ""
|