@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,454 @@
1
+ #!/bin/bash
2
+ # Full Security Scan - All-in-One v2.0
3
+ # Usage: ./full-scan.sh https://target.com
4
+
5
+ TARGET=${1:-https://example.com}
6
+ DATE=$(date +%Y-%m-%d)
7
+
8
+ # Parse domain
9
+ DOMAIN=$(echo "$TARGET" | sed -E 's|https?://||' | cut -d'/' -f1 | cut -d':' -f1)
10
+
11
+ # Output
12
+ OUTPUT="site/${DOMAIN}-${DATE}.md"
13
+ mkdir -p site
14
+
15
+ # Colors
16
+ RED='\033[0;31m'
17
+ YELLOW='\033[1;33m'
18
+ GREEN='\033[0;32m'
19
+ CYAN='\033[0;36m'
20
+ NC='\033[0m'
21
+
22
+ # ═══════════════════════════════════════════════════════════
23
+ # BANNER
24
+ # ═══════════════════════════════════════════════════════════
25
+
26
+ echo ""
27
+ echo "╔═══════════════════════════════════════════════════╗"
28
+ echo "║ 🛡️ FULL SECURITY SCAN v2.0 ║"
29
+ echo "║ Target: $DOMAIN"
30
+ echo "║ Date: $DATE"
31
+ echo "╚═══════════════════════════════════════════════════╝"
32
+ echo ""
33
+
34
+ # ═══════════════════════════════════════════════════════════
35
+ # PHASE 1: SECURITY HEADERS
36
+ # ═══════════════════════════════════════════════════════════
37
+
38
+ echo "═══════════════════════════════════════════════════"
39
+ echo "🔒 PHASE 1: Security Headers"
40
+ echo "═══════════════════════════════════════════════════"
41
+
42
+ HEADER_SCORE=0
43
+ HEADER_ISSUES=""
44
+
45
+ # Get headers
46
+ HEADERS=$(curl -I -s -L "$TARGET" 2>/dev/null)
47
+
48
+ # HSTS
49
+ if echo "$HEADERS" | grep -qi "strict-transport-security"; then
50
+ echo -e "${GREEN}✅ HSTS: Present${NC}"
51
+ HEADER_SCORE=$((HEADER_SCORE + 15))
52
+ else
53
+ echo -e "${RED}❌ HSTS: Missing${NC}"
54
+ HEADER_ISSUES="$HEADER_ISSUES - HSTS not implemented\n"
55
+ fi
56
+
57
+ # CSP
58
+ if echo "$HEADERS" | grep -qi "content-security-policy"; then
59
+ echo -e "${GREEN}✅ CSP: Present${NC}"
60
+ HEADER_SCORE=$((HEADER_SCORE + 20))
61
+ else
62
+ echo -e "${RED}❌ CSP: Missing${NC}"
63
+ HEADER_ISSUES="$HEADER_ISSUES - CSP not implemented (XSS risk)\n"
64
+ fi
65
+
66
+ # X-Content-Type-Options
67
+ if echo "$HEADERS" | grep -qi "x-content-type-options.*nosniff"; then
68
+ echo -e "${GREEN}✅ X-Content-Type-Options: nosniff${NC}"
69
+ HEADER_SCORE=$((HEADER_SCORE + 10))
70
+ else
71
+ echo -e "${RED}❌ X-Content-Type-Options: Missing${NC}"
72
+ HEADER_ISSUES="$HEADER_ISSUES - X-Content-Type-Options not set\n"
73
+ fi
74
+
75
+ # X-Frame-Options
76
+ if echo "$HEADERS" | grep -qiE "x-frame-options.*(DENY|SAMEORIGIN)"; then
77
+ XFO=$(echo "$HEADERS" | grep -i "x-frame-options" | head -1)
78
+ echo -e "${GREEN}✅ X-Frame-Options: $XFO${NC}"
79
+ HEADER_SCORE=$((HEADER_SCORE + 10))
80
+ else
81
+ echo -e "${RED}❌ X-Frame-Options: Missing${NC}"
82
+ HEADER_ISSUES="$HEADER_ISSUES - X-Frame-Options not set\n"
83
+ fi
84
+
85
+ # Referrer-Policy
86
+ if echo "$HEADERS" | grep -qi "referrer-policy"; then
87
+ echo -e "${GREEN}✅ Referrer-Policy: Present${NC}"
88
+ HEADER_SCORE=$((HEADER_SCORE + 10))
89
+ else
90
+ echo -e "${YELLOW}⚠️ Referrer-Policy: Missing${NC}"
91
+ HEADER_SCORE=$((HEADER_SCORE + 5))
92
+ fi
93
+
94
+ # Cache-Control
95
+ if echo "$HEADERS" | grep -qi "cache-control.*no-store\|cache-control.*no-cache"; then
96
+ echo -e "${GREEN}✅ Cache-Control: Secure${NC}"
97
+ HEADER_SCORE=$((HEADER_SCORE + 10))
98
+ else
99
+ echo -e "${YELLOW}⚠️ Cache-Control: Check configuration${NC}"
100
+ HEADER_SCORE=$((HEADER_SCORE + 5))
101
+ fi
102
+
103
+ # Server
104
+ SERVER=$(echo "$HEADERS" | grep -i "^server:" | head -1)
105
+ if [ -n "$SERVER" ]; then
106
+ if echo "$SERVER" | grep -qE "/\d|Advanced|Version"; then
107
+ echo -e "${YELLOW}⚠️ Server: Leaks version - $SERVER${NC}"
108
+ HEADER_ISSUES="$HEADER_ISSUES - Server header leaks version\n"
109
+ else
110
+ echo -e "${YELLOW}⚠️ Server: $SERVER${NC}"
111
+ fi
112
+ fi
113
+
114
+ # X-Powered-By
115
+ XPB=$(echo "$HEADERS" | grep -i "x-powered-by" | head -1)
116
+ if [ -n "$XPB" ]; then
117
+ echo -e "${YELLOW}⚠️ X-Powered-By: $XPB${NC}"
118
+ HEADER_ISSUES="$HEADER_ISSUES - X-Powered-By leaks technology\n"
119
+ fi
120
+
121
+ echo ""
122
+ echo "📊 Header Score: $HEADER_SCORE/100"
123
+
124
+ # ═══════════════════════════════════════════════════════════
125
+ # PHASE 2: EXPOSED FILES
126
+ # ═══════════════════════════════════════════════════════════
127
+
128
+ echo ""
129
+ echo "═══════════════════════════════════════════════════"
130
+ echo "🔍 PHASE 2: Exposed Files Check"
131
+ echo "═══════════════════════════════════════════════════"
132
+
133
+ EXPOSED_COUNT=0
134
+ EXPOSED_LIST=""
135
+
136
+ check_path() {
137
+ local PATH=$1
138
+ local RISK=$2
139
+
140
+ STATUS=$(curl -s -o /dev/null -w "%{http_code}" "${TARGET}${PATH}" --max-time 5)
141
+
142
+ if [ "$STATUS" != "404" ] && [ "$STATUS" != "000" ] && [ "$STATUS" != "403" ]; then
143
+ EXPOSED_COUNT=$((EXPOSED_COUNT + 1))
144
+ echo -e "${RED}⚠️ FOUND: ${PATH} (HTTP $STATUS)${NC}"
145
+ EXPOSED_LIST="$EXPOSED_LIST| $PATH | $STATUS | $RISK |\n"
146
+ fi
147
+ }
148
+
149
+ check_path "/.env" "CRITICAL"
150
+ check_path "/.git/config" "CRITICAL"
151
+ check_path "/.git/HEAD" "HIGH"
152
+ check_path "/.git/" "CRITICAL"
153
+ check_path "/wp-config.php" "CRITICAL"
154
+ check_path "/config.php" "CRITICAL"
155
+ check_path "/settings.py" "CRITICAL"
156
+ check_path "/backup.zip" "CRITICAL"
157
+ check_path "/database.sql" "CRITICAL"
158
+ check_path "/db.sql" "CRITICAL"
159
+ check_path "/admin/" "HIGH"
160
+ check_path "/debug/" "CRITICAL"
161
+ check_path "/phpmyadmin/" "CRITICAL"
162
+ check_path "/pma/" "CRITICAL"
163
+ check_path "/actuator/env" "CRITICAL"
164
+ check_path "/actuator/heapdump" "CRITICAL"
165
+ check_path "/swagger-ui/" "MEDIUM"
166
+ check_path "/graphiql/" "HIGH"
167
+
168
+ if [ $EXPOSED_COUNT -eq 0 ]; then
169
+ echo -e "${GREEN}✅ No critical files exposed${NC}"
170
+ fi
171
+
172
+ # ═══════════════════════════════════════════════════════════
173
+ # PHASE 3: PORT CHECK
174
+ # ═══════════════════════════════════════════════════════════
175
+
176
+ echo ""
177
+ echo "═══════════════════════════════════════════════════"
178
+ echo "🔌 PHASE 3: Quick Port Check"
179
+ echo "═══════════════════════════════════════════════════"
180
+
181
+ HIGH_RISK_PORTS=0
182
+ PORT_LIST=""
183
+
184
+ check_port() {
185
+ local PORT=$1
186
+ local SERVICE=$2
187
+ local RISK=$3
188
+
189
+ timeout 1 bash -c "echo >/dev/tcp/$DOMAIN/$PORT" 2>/dev/null
190
+ if [ $? -eq 0 ]; then
191
+ echo "⚠️ Port $PORT ($SERVICE) - OPEN"
192
+ PORT_LIST="$PORT_LIST| $PORT | $SERVICE | $RISK |\n"
193
+ if [ "$RISK" = "HIGH" ]; then
194
+ HIGH_RISK_PORTS=$((HIGH_RISK_PORTS + 1))
195
+ fi
196
+ fi
197
+ }
198
+
199
+ check_port 80 "HTTP" "INFO"
200
+ check_port 443 "HTTPS" "INFO"
201
+ check_port 8080 "HTTP-Alt" "MEDIUM"
202
+ check_port 3306 "MySQL" "HIGH"
203
+ check_port 5432 "PostgreSQL" "HIGH"
204
+ check_port 6379 "Redis" "HIGH"
205
+ check_port 27017 "MongoDB" "HIGH"
206
+ check_port 22 "SSH" "MEDIUM"
207
+
208
+ if [ -z "$PORT_LIST" ]; then
209
+ echo -e "${GREEN}✅ No common ports detected${NC}"
210
+ fi
211
+
212
+ # ═══════════════════════════════════════════════════════════
213
+ # PHASE 4: BASIC INJECTION TEST
214
+ # ═══════════════════════════════════════════════════════════
215
+
216
+ echo ""
217
+ echo "═══════════════════════════════════════════════════"
218
+ echo "💉 PHASE 4: Basic Injection Tests"
219
+ echo "═══════════════════════════════════════════════════"
220
+
221
+ # XSS Test
222
+ echo "Testing XSS..." -n
223
+ XSS_PAYLOAD="<script>alert(1)</script>"
224
+ RESPONSE=$(curl -s "${TARGET}/search?q=${XSS_PAYLOAD}" 2>/dev/null)
225
+ if echo "$RESPONSE" | grep -q "$XSS_PAYLOAD"; then
226
+ echo -e "${YELLOW}⚠️ Possible XSS reflection${NC}"
227
+ else
228
+ echo -e "${GREEN}✅ No obvious XSS reflection${NC}"
229
+ fi
230
+
231
+ # SQLi Test
232
+ echo "Testing SQL Injection..." -n
233
+ SQL_PAYLOAD="' OR '1'='1"
234
+ RESPONSE=$(curl -s "${TARGET}/?id=${SQL_PAYLOAD}" 2>/dev/null)
235
+ SQL_ERRORS="SQL syntax|MySQL|PostgreSQL|sqlite|Microsoft SQL|Warning: mysql|error in your SQL"
236
+ if echo "$RESPONSE" | grep -qiE "$SQL_ERRORS"; then
237
+ echo -e "${YELLOW}⚠️ SQL error detected${NC}"
238
+ else
239
+ echo -e "${GREEN}✅ No obvious SQL errors${NC}"
240
+ fi
241
+
242
+ # ═══════════════════════════════════════════════════════════
243
+ # PHASE 5: SSL/TLS CHECK
244
+ # ═══════════════════════════════════════════════════════════
245
+
246
+ echo ""
247
+ echo "═══════════════════════════════════════════════════"
248
+ echo "🔐 PHASE 5: SSL/TLS Check"
249
+ echo "═══════════════════════════════════════════════════"
250
+
251
+ if echo "$TARGET" | grep -q "https"; then
252
+ echo -e "${GREEN}✅ HTTPS enabled${NC}"
253
+ echo "📝 For full SSL analysis: https://ssllabs.com/ssltest/analyze.html?d=$DOMAIN"
254
+ else
255
+ echo -e "${RED}❌ HTTPS not enforced${NC}"
256
+ fi
257
+
258
+ # ═══════════════════════════════════════════════════════════
259
+ # SUMMARY
260
+ # ═══════════════════════════════════════════════════════════
261
+
262
+ echo ""
263
+ echo "═══════════════════════════════════════════════════"
264
+ echo "📊 SCAN SUMMARY"
265
+ echo "═══════════════════════════════════════════════════"
266
+ echo ""
267
+ echo "🔒 Header Score: $HEADER_SCORE/100"
268
+ echo "🔍 Exposed Files: $EXPOSED_COUNT"
269
+ echo "🔌 High-Risk Ports: $HIGH_RISK_PORTS"
270
+ echo ""
271
+
272
+ # ═══════════════════════════════════════════════════════════
273
+ # GENERATE REPORT
274
+ # ═══════════════════════════════════════════════════════════
275
+
276
+ echo "📝 Generating detailed report..."
277
+
278
+ cat > "$OUTPUT" << 'REPORT_EOF'
279
+ # 🛡️ Full Security Audit Report
280
+
281
+ **Target:** TARGET_PLACEHOLDER
282
+ **Domain:** DOMAIN_PLACEHOLDER
283
+ **Date:** DATE_PLACEHOLDER
284
+ **Scanner:** Full Security Scan v2.0
285
+
286
+ ---
287
+
288
+ ## 📋 Executive Summary
289
+
290
+ | Metric | Value |
291
+ |--------|-------|
292
+ | Target | TARGET_PLACEHOLDER |
293
+ | Scan Date | DATE_PLACEHOLDER |
294
+ | Header Score | HEADER_SCORE_PLACEHOLDER/100 |
295
+ | Exposed Files | EXPOSED_COUNT_PLACEHOLDER |
296
+ | High-Risk Ports | HIGH_RISK_PORTS_PLACEHOLDER |
297
+
298
+ ### Overall Risk Assessment
299
+
300
+ OVERALL_RISK_PLACEHOLDER
301
+
302
+ ---
303
+
304
+ ## 🔒 1. Security Headers Analysis
305
+
306
+ ### Header Score: HEADER_SCORE_PLACEHOLDER/100
307
+
308
+ HEADER_GRADE_PLACEHOLDER
309
+
310
+ ### Issues Found
311
+
312
+ HEADER_ISSUES_PLACEHOLDER
313
+
314
+ ---
315
+
316
+ ## 🔍 2. Exposed Files Check
317
+
318
+ EXPOSED_SUMMARY_PLACEHOLDER
319
+
320
+ EXPOSED_LIST_PLACEHOLDER
321
+
322
+ ---
323
+
324
+ ## 🔌 3. Port Scan Results
325
+
326
+ PORT_SUMMARY_PLACEHOLDER
327
+
328
+ PORT_LIST_PLACEHOLDER
329
+
330
+ ---
331
+
332
+ ## 💉 4. Injection Tests
333
+
334
+ | Test | Status |
335
+ |------|--------|
336
+ | XSS Reflection | ⚠️ Review manually |
337
+ | SQL Injection | ⚠️ Review manually |
338
+
339
+ ---
340
+
341
+ ## 🔐 5. SSL/TLS
342
+
343
+ SSL_STATUS_PLACEHOLDER
344
+
345
+ ---
346
+
347
+ ## 🛡️ Remediation Priority
348
+
349
+ ### Immediate (Critical)
350
+ 1. Implement missing security headers
351
+ 2. Remove/block exposed sensitive files (.env, .git/, backups)
352
+ 3. Close database ports from public access
353
+
354
+ ### Short-term
355
+ 1. Enable HSTS with long max-age
356
+ 2. Configure Content-Security-Policy
357
+ 3. Set up proper Cache-Control
358
+ 4. Hide server information
359
+
360
+ ---
361
+
362
+ ## 🔗 Recommended Tools
363
+
364
+ - Nuclei - Vulnerability scanning
365
+ - SQLMap - SQL injection testing
366
+ - Dalfox - XSS scanning
367
+ - Nmap - Full port scan
368
+
369
+ ---
370
+
371
+ ## 📄 Report Location
372
+
373
+ **File:** OUTPUT_PLACEHOLDER
374
+ **Generated:** TIMESTAMP_PLACEHOLDER
375
+ **Author:** Rz (@soulofzephir)
376
+
377
+ ---
378
+
379
+ **⚠️ Disclaimer:** Automated scan. Manual testing recommended.
380
+ REPORT_EOF
381
+
382
+ # Replace placeholders
383
+ sed -i "s|TARGET_PLACEHOLDER|$TARGET|g" "$OUTPUT"
384
+ sed -i "s|DOMAIN_PLACEHOLDER|$DOMAIN|g" "$OUTPUT"
385
+ sed -i "s|DATE_PLACEHOLDER|$DATE|g" "$OUTPUT"
386
+ sed -i "s|HEADER_SCORE_PLACEHOLDER|$HEADER_SCORE|g" "$OUTPUT"
387
+ sed -i "s|EXPOSED_COUNT_PLACEHOLDER|$EXPOSED_COUNT|g" "$OUTPUT"
388
+ sed -i "s|HIGH_RISK_PORTS_PLACEHOLDER|$HIGH_RISK_PORTS|g" "$OUTPUT"
389
+ sed -i "s|OUTPUT_PLACEHOLDER|$OUTPUT|g" "$OUTPUT"
390
+ sed -i "s|TIMESTAMP_PLACEHOLDER|$(date '+%Y-%m-%d %H:%M:%S')|g" "$OUTPUT"
391
+
392
+ # Header grade
393
+ if [ $HEADER_SCORE -ge 90 ]; then
394
+ sed -i 's|HEADER_GRADE_PLACEHOLDER|✅ **Grade A - Excellent**|g' "$OUTPUT"
395
+ elif [ $HEADER_SCORE -ge 70 ]; then
396
+ sed -i 's|HEADER_GRADE_PLACEHOLDER|✅ **Grade B - Good**|g' "$OUTPUT"
397
+ elif [ $HEADER_SCORE -ge 50 ]; then
398
+ sed -i 's|HEADER_GRADE_PLACEHOLDER|⚠️ **Grade C - Needs Improvement**|g' "$OUTPUT"
399
+ else
400
+ sed -i 's|HEADER_GRADE_PLACEHOLDER|❌ **Grade D/F - Poor**|g' "$OUTPUT"
401
+ fi
402
+
403
+ # Overall risk
404
+ if [ $HEADER_SCORE -lt 50 ] || [ $EXPOSED_COUNT -gt 0 ] || [ $HIGH_RISK_PORTS -gt 0 ]; then
405
+ sed -i 's|OVERALL_RISK_PLACEHOLDER|🔴 **HIGH RISK** - Issues found requiring immediate attention|g' "$OUTPUT"
406
+ elif [ $HEADER_SCORE -lt 70 ] || [ $EXPOSED_COUNT -gt 0 ]; then
407
+ sed -i 's|OVERALL_RISK_PLACEHOLDER|🟠 **MEDIUM RISK** - Some security improvements recommended|g' "$OUTPUT"
408
+ else
409
+ sed -i 's|OVERALL_RISK_PLACEHOLDER|🟢 **LOW RISK** - Minor issues to address|g' "$OUTPUT"
410
+ fi
411
+
412
+ # Header issues
413
+ if [ -n "$HEADER_ISSUES" ]; then
414
+ sed -i "s|HEADER_ISSUES_PLACEHOLDER|$HEADER_ISSUES|g" "$OUTPUT"
415
+ else
416
+ sed -i 's|HEADER_ISSUES_PLACEHOLDER|✅ No major header issues|g' "$OUTPUT"
417
+ fi
418
+
419
+ # Exposed files summary
420
+ if [ $EXPOSED_COUNT -gt 0 ]; then
421
+ sed -i 's|EXPOSED_SUMMARY_PLACEHOLDER|### 🚨 Found EXPOSED_COUNT_PLACEHOLDER Exposed Files|g' "$OUTPUT"
422
+ else
423
+ sed -i 's|EXPOSED_SUMMARY_PLACEHOLDER|### ✅ No Critical Files Exposed|g' "$OUTPUT"
424
+ fi
425
+
426
+ # Port summary
427
+ if [ $HIGH_RISK_PORTS -gt 0 ]; then
428
+ sed -i 's|PORT_SUMMARY_PLACEHOLDER|### 🚨 High-Risk Ports Open|g' "$OUTPUT"
429
+ else
430
+ sed -i 's|PORT_SUMMARY_PLACEHOLDER|### ✅ No High-Risk Ports Detected|g' "$OUTPUT"
431
+ fi
432
+
433
+ # SSL status
434
+ if echo "$TARGET" | grep -q "https"; then
435
+ sed -i 's|SSL_STATUS_PLACEHOLDER|✅ HTTPS is enabled|g' "$OUTPUT"
436
+ else
437
+ sed -i 's|SSL_STATUS_PLACEHOLDER|❌ HTTPS is NOT enabled|g' "$OUTPUT"
438
+ fi
439
+
440
+ # ═══════════════════════════════════════════════════════════
441
+ # COMPLETE
442
+ # ═══════════════════════════════════════════════════════════
443
+
444
+ echo ""
445
+ echo "═══════════════════════════════════════════════════"
446
+ echo -e "${GREEN}✅ FULL SCAN COMPLETE!${NC}"
447
+ echo "═══════════════════════════════════════════════════"
448
+ echo ""
449
+ echo "📄 Report: $OUTPUT"
450
+ echo ""
451
+ echo "🔗 Quick Links:"
452
+ echo " Headers: https://securityheaders.com/?q=$DOMAIN"
453
+ echo " SSL: https://ssllabs.com/ssltest/analyze.html?d=$DOMAIN"
454
+ echo ""