@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,508 @@
1
+ # Full Security Scan - All-in-One v2.0
2
+ # Comprehensive security scanner combining all tools
3
+
4
+ param(
5
+ [Parameter(Mandatory=$false)]
6
+ [string]$Target = "",
7
+
8
+ [Parameter(Mandatory=$false)]
9
+ [string]$OutputDir = "site"
10
+ )
11
+
12
+ $ErrorActionPreference = "Continue"
13
+
14
+ # ═══════════════════════════════════════════════════════════
15
+ # CONFIGURATION
16
+ # ═══════════════════════════════════════════════════════════
17
+
18
+ $Date = Get-Date -Format "yyyy-MM-dd"
19
+
20
+ if ($Target -match "https?://") {
21
+ $Uri = [System.Uri]$Target
22
+ $Domain = $Uri.Host
23
+ $Scheme = $Uri.Scheme
24
+ } else {
25
+ $Domain = $Target
26
+ $Target = "https://$Target"
27
+ }
28
+
29
+ $OutputFile = "$OutputDir/$Domain-$Date.md"
30
+
31
+ if (-not (Test-Path $OutputDir)) {
32
+ New-Item -ItemType Directory -Path $OutputDir -Force | Out-Null
33
+ }
34
+
35
+ # ═══════════════════════════════════════════════════════════
36
+ # BANNER
37
+ # ═══════════════════════════════════════════════════════════
38
+
39
+ Write-Host ""
40
+ Write-Host "╔═══════════════════════════════════════════════════╗" -ForegroundColor Cyan
41
+ Write-Host "║ 🛡️ FULL SECURITY SCAN v2.0 ║" -ForegroundColor Cyan
42
+ Write-Host "║ Target: $Domain" -ForegroundColor Cyan
43
+ Write-Host "║ Date: $Date" -ForegroundColor Cyan
44
+ Write-Host "╚═══════════════════════════════════════════════════╝" -ForegroundColor Cyan
45
+ Write-Host ""
46
+
47
+ # ═══════════════════════════════════════════════════════════
48
+ # PHASE 1: SECURITY HEADERS
49
+ # ═══════════════════════════════════════════════════════════
50
+
51
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
52
+ Write-Host "🔒 PHASE 1: Security Headers" -ForegroundColor Cyan
53
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
54
+
55
+ $HeaderScore = 0
56
+ $HeaderIssues = @()
57
+
58
+ try {
59
+ $Response = Invoke-WebRequest -Uri $Target -Method Head -TimeoutSec 15 -ErrorAction Stop
60
+ $Headers = $Response.Headers
61
+ } catch {
62
+ try {
63
+ $Response = Invoke-WebRequest -Uri ($Target -replace "^https", "http") -Method Head -TimeoutSec 15 -ErrorAction Stop
64
+ $Headers = $Response.Headers
65
+ } catch {
66
+ Write-Host "❌ Cannot connect to target" -ForegroundColor Red
67
+ $Headers = @{}
68
+ }
69
+ }
70
+
71
+ # HSTS
72
+ $HSTS = $Headers["Strict-Transport-Security"]
73
+ if ($HSTS) {
74
+ Write-Host "✅ HSTS: Present" -ForegroundColor Green
75
+ if ($HSTS -match "max-age=([3-9]\d{5,}|\d{7,})") { $HeaderScore += 15 } else { $HeaderScore += 8 }
76
+ } else {
77
+ Write-Host "❌ HSTS: Missing" -ForegroundColor Red
78
+ $HeaderIssues += "HSTS not implemented"
79
+ }
80
+
81
+ # CSP
82
+ $CSP = $Headers["Content-Security-Policy"]
83
+ if ($CSP) {
84
+ Write-Host "✅ CSP: Present" -ForegroundColor Green
85
+ $HeaderScore += 20
86
+ if ($CSP -match "unsafe-inline") { $HeaderIssues += "CSP contains unsafe-inline" }
87
+ } else {
88
+ Write-Host "❌ CSP: Missing" -ForegroundColor Red
89
+ $HeaderIssues += "CSP not implemented (XSS risk)"
90
+ }
91
+
92
+ # X-Content-Type-Options
93
+ $XCTO = $Headers["X-Content-Type-Options"]
94
+ if ($XCTO -eq "nosniff") {
95
+ Write-Host "✅ X-Content-Type-Options: nosniff" -ForegroundColor Green
96
+ $HeaderScore += 10
97
+ } else {
98
+ Write-Host "❌ X-Content-Type-Options: Missing" -ForegroundColor Red
99
+ $HeaderIssues += "X-Content-Type-Options not set"
100
+ }
101
+
102
+ # X-Frame-Options
103
+ $XFO = $Headers["X-Frame-Options"]
104
+ if ($XFO -eq "DENY" -or $XFO -eq "SAMEORIGIN") {
105
+ Write-Host "✅ X-Frame-Options: $XFO" -ForegroundColor Green
106
+ $HeaderScore += if ($XFO -eq "DENY") { 10 } else { 8 }
107
+ } else {
108
+ Write-Host "❌ X-Frame-Options: Missing" -ForegroundColor Red
109
+ $HeaderIssues += "X-Frame-Options not set (clickjacking risk)"
110
+ }
111
+
112
+ # Referrer-Policy
113
+ $RP = $Headers["Referrer-Policy"]
114
+ if ($RP) {
115
+ Write-Host "✅ Referrer-Policy: $RP" -ForegroundColor Green
116
+ $HeaderScore += 10
117
+ } else {
118
+ Write-Host "⚠️ Referrer-Policy: Missing" -ForegroundColor Yellow
119
+ $HeaderScore += 5
120
+ }
121
+
122
+ # Cache-Control
123
+ $CC = $Headers["Cache-Control"]
124
+ if ($CC -match "no-store|no-cache") {
125
+ Write-Host "✅ Cache-Control: Secure" -ForegroundColor Green
126
+ $HeaderScore += 10
127
+ } else {
128
+ Write-Host "⚠️ Cache-Control: Check if sensitive data cached" -ForegroundColor Yellow
129
+ $HeaderScore += 5
130
+ }
131
+
132
+ # Server
133
+ $Server = $Headers["Server"]
134
+ if ($Server -match "/\d|Advanced") {
135
+ Write-Host "⚠️ Server: Leaks version - $Server" -ForegroundColor Yellow
136
+ $HeaderIssues += "Server header leaks version"
137
+ }
138
+
139
+ # X-Powered-By
140
+ $XPB = $Headers["X-Powered-By"]
141
+ if ($XPB) {
142
+ Write-Host "⚠️ X-Powered-By: $XPB" -ForegroundColor Yellow
143
+ $HeaderIssues += "X-Powered-By leaks technology"
144
+ }
145
+
146
+ Write-Host ""
147
+ Write-Host "📊 Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
148
+
149
+ # ═══════════════════════════════════════════════════════════
150
+ # PHASE 2: EXPOSED FILES
151
+ # ═══════════════════════════════════════════════════════════
152
+
153
+ Write-Host ""
154
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
155
+ Write-Host "🔍 PHASE 2: Exposed Files Check" -ForegroundColor Cyan
156
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
157
+
158
+ $ExposedFiles = @()
159
+ $CriticalPaths = @(
160
+ "/.env", "/.git/config", "/.git/HEAD", "/.git/",
161
+ "/wp-config.php", "/config.php", "/settings.py",
162
+ "/backup.zip", "/database.sql", "/db.sql",
163
+ "/admin/", "/debug/", "/phpmyadmin/", "/pma/",
164
+ "/actuator/env", "/actuator/heapdump",
165
+ "/swagger-ui/", "/graphiql/"
166
+ )
167
+
168
+ foreach ($path in $CriticalPaths) {
169
+ try {
170
+ $resp = Invoke-WebRequest -Uri "$Target$path" -Method Head -TimeoutSec 5 -ErrorAction SilentlyContinue
171
+ if ($resp.StatusCode -ne 404) {
172
+ Write-Host "⚠️ FOUND: $path (HTTP $($resp.StatusCode))" -ForegroundColor Red
173
+ $ExposedFiles += $path
174
+ }
175
+ } catch {}
176
+ }
177
+
178
+ if ($ExposedFiles.Count -eq 0) {
179
+ Write-Host "✅ No critical files exposed" -ForegroundColor Green
180
+ }
181
+
182
+ # ═══════════════════════════════════════════════════════════
183
+ # PHASE 3: PORT CHECK
184
+ # ═══════════════════════════════════════════════════════════
185
+
186
+ Write-Host ""
187
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
188
+ Write-Host "🔌 PHASE 3: Quick Port Check" -ForegroundColor Cyan
189
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
190
+
191
+ $Ports = @(80, 443, 8080, 3306, 5432, 6379, 27017, 22)
192
+ $OpenPorts = @()
193
+
194
+ foreach ($Port in $Ports) {
195
+ try {
196
+ $TCP = New-Object System.Net.Sockets.TcpClient
197
+ $Result = $TCP.BeginConnect($Domain, $Port, $null, $null)
198
+ $Wait = $Result.AsyncWaitHandle.WaitOne(500)
199
+
200
+ if ($Wait -and $TCP.Connected) {
201
+ $Service = switch ($Port) {
202
+ 80 { "HTTP" }
203
+ 443 { "HTTPS" }
204
+ 8080 { "HTTP-Alt" }
205
+ 3306 { "MySQL" }
206
+ 5432 { "PostgreSQL" }
207
+ 6379 { "Redis" }
208
+ 27017 { "MongoDB" }
209
+ 22 { "SSH" }
210
+ }
211
+ $Risk = if ($Port -in @(3306, 5432, 6379, 27017)) { "HIGH" } else { "INFO" }
212
+
213
+ Write-Host "⚠️ Port $Port ($Service) - OPEN" -ForegroundColor $(if($Risk -eq "HIGH"){"Red"}else{"Yellow"})
214
+ $OpenPorts += [PSCustomObject]@{ Port = $Port; Service = $Service; Risk = $Risk }
215
+ }
216
+ $TCP.Close()
217
+ } catch {}
218
+ }
219
+
220
+ if ($OpenPorts.Count -eq 0) {
221
+ Write-Host "✅ No common ports detected" -ForegroundColor Green
222
+ }
223
+
224
+ # ═══════════════════════════════════════════════════════════
225
+ # PHASE 4: BASIC INJECTION TEST
226
+ # ═══════════════════════════════════════════════════════════
227
+
228
+ Write-Host ""
229
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
230
+ Write-Host "💉 PHASE 4: Basic Injection Tests" -ForegroundColor Cyan
231
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
232
+
233
+ # XSS Test
234
+ Write-Host "Testing XSS..." -ForegroundColor Gray
235
+ $XSSPayload = "<script>alert(1)</script>"
236
+ try {
237
+ $Response = Invoke-WebRequest -Uri "$Target/search?q=$XSSPayload" -TimeoutSec 10 -ErrorAction SilentlyContinue
238
+ if ($Response.Content -match [regex]::Escape($XSSPayload)) {
239
+ Write-Host "⚠️ Possible XSS reflection detected" -ForegroundColor Yellow
240
+ } else {
241
+ Write-Host "✅ No obvious XSS reflection" -ForegroundColor Green
242
+ }
243
+ } catch {
244
+ Write-Host "✅ No obvious XSS reflection" -ForegroundColor Green
245
+ }
246
+
247
+ # SQLi Test
248
+ Write-Host "Testing SQL Injection..." -ForegroundColor Gray
249
+ $SQLPayload = "' OR '1'='1"
250
+ try {
251
+ $Response = Invoke-WebRequest -Uri "$Target/?id=$SQLPayload" -TimeoutSec 10 -ErrorAction SilentlyContinue
252
+ $SQLErrors = @("SQL syntax", "MySQL", "PostgreSQL", "sqlite", "Microsoft SQL", "Warning: mysql", "error in your SQL")
253
+ $Found = $SQLErrors | Where-Object { $Response.Content -match $_ }
254
+ if ($Found) {
255
+ Write-Host "⚠️ SQL error detected in response" -ForegroundColor Yellow
256
+ } else {
257
+ Write-Host "✅ No obvious SQL errors" -ForegroundColor Green
258
+ }
259
+ } catch {
260
+ Write-Host "✅ No obvious SQL errors" -ForegroundColor Green
261
+ }
262
+
263
+ # ═══════════════════════════════════════════════════════════
264
+ # PHASE 5: SSL/TLS CHECK
265
+ # ═══════════════════════════════════════════════════════════
266
+
267
+ Write-Host ""
268
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
269
+ Write-Host "🔐 PHASE 5: SSL/TLS Check" -ForegroundColor Cyan
270
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
271
+
272
+ $SSLIssues = @()
273
+
274
+ if ($Scheme -eq "https") {
275
+ Write-Host "✅ HTTPS enabled" -ForegroundColor Green
276
+
277
+ # Check HSTS
278
+ if ($HSTS -notmatch "max-age=([3-9]\d{5,}|\d{7,})") {
279
+ Write-Host "⚠️ HSTS max-age should be at least 1 year" -ForegroundColor Yellow
280
+ $SSLIssues += "HSTS max-age too short"
281
+ }
282
+
283
+ Write-Host "📝 For full SSL analysis: https://ssllabs.com/ssltest/analyze.html?d=$Domain" -ForegroundColor Cyan
284
+ } else {
285
+ Write-Host "❌ HTTPS not enforced" -ForegroundColor Red
286
+ $SSLIssues += "HTTPS not enabled"
287
+ }
288
+
289
+ # ═══════════════════════════════════════════════════════════
290
+ # SUMMARY
291
+ # ═══════════════════════════════════════════════════════════
292
+
293
+ Write-Host ""
294
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
295
+ Write-Host "📊 SCAN SUMMARY" -ForegroundColor Cyan
296
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
297
+ Write-Host ""
298
+
299
+ Write-Host "🔒 Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
300
+ Write-Host "🔍 Exposed Files: $($ExposedFiles.Count)" -ForegroundColor $(if($ExposedFiles.Count -gt 0){"Yellow"}else{"Green"})
301
+ Write-Host "🔌 Open Ports: $($OpenPorts.Count)" -ForegroundColor $(if(($OpenPorts | Where-Object {$_.Risk -eq "HIGH"}).Count -gt 0){"Red"}else{"Green"})
302
+ Write-Host "💉 Injection: Basic tests completed" -ForegroundColor Green
303
+ Write-Host "🔐 SSL/TLS: HTTPS $($SSLIssues.Count -eq 0 ? 'OK' : 'Issues')" -ForegroundColor $(if($SSLIssues.Count -eq 0){"Green"}else{"Yellow"})
304
+
305
+ # ═══════════════════════════════════════════════════════════
306
+ # GENERATE REPORT
307
+ # ═══════════════════════════════════════════════════════════
308
+
309
+ Write-Host ""
310
+ Write-Host "📝 Generating detailed report..." -ForegroundColor Yellow
311
+
312
+ $Report = @"
313
+ # 🛡️ Full Security Audit Report
314
+
315
+ **Target:** $Target
316
+ **Domain:** $Domain
317
+ **Date:** $Date
318
+ **Scanner:** Full Security Scan v2.0
319
+
320
+ ---
321
+
322
+ ## 📋 Executive Summary
323
+
324
+ | Metric | Value |
325
+ |--------|-------|
326
+ | Target | $Target |
327
+ | Scan Date | $Date |
328
+ | Header Score | $HeaderScore/100 |
329
+ | Exposed Files | $($ExposedFiles.Count) |
330
+ | Open Ports | $($OpenPorts.Count) |
331
+ | SSL Issues | $($SSLIssues.Count) |
332
+
333
+ ### Overall Risk Assessment
334
+
335
+ $(if ($HeaderScore -lt 50 -or $ExposedFiles.Count -gt 0 -or ($OpenPorts | Where-Object {$_.Risk -eq "HIGH"}).Count -gt 0) {
336
+ "🔴 **HIGH RISK** - Issues found requiring immediate attention"
337
+ } elseif ($HeaderScore -lt 70 -or $ExposedFiles.Count -gt 0) {
338
+ "🟠 **MEDIUM RISK** - Some security improvements recommended"
339
+ } else {
340
+ "🟢 **LOW RISK** - Minor issues to address"
341
+ })
342
+
343
+ ---
344
+
345
+ ## 🔒 1. Security Headers Analysis
346
+
347
+ ### Header Score: $HeaderScore/100
348
+
349
+ $(if ($HeaderScore -ge 90) { "✅ **Grade A - Excellent**" }
350
+ elseif ($HeaderScore -ge 70) { "✅ **Grade B - Good**" }
351
+ elseif ($HeaderScore -ge 50) { "⚠️ **Grade C - Needs Improvement**" }
352
+ else { "❌ **Grade D/F - Poor**" })
353
+
354
+ | Header | Status |
355
+ |--------|--------|
356
+ | HSTS | $(if ($HSTS) { "✅ Present" } else { "❌ Missing" }) |
357
+ | CSP | $(if ($CSP) { "✅ Present" } else { "❌ Missing" }) |
358
+ | X-Content-Type-Options | $(if ($XCTO -eq "nosniff") { "✅ nosniff" } else { "❌ Missing" }) |
359
+ | X-Frame-Options | $(if ($XFO) { "✅ $XFO" } else { "❌ Missing" }) |
360
+ | Referrer-Policy | $(if ($RP) { "✅ Present" } else { "⚠️ Missing" }) |
361
+ | Cache-Control | $(if ($CC) { "✅ Present" } else { "⚠️ Missing" }) |
362
+ | Server | $(if ($Server) { "⚠️ $Server" } else { "✅ Hidden" }) |
363
+ | X-Powered-By | $(if ($XPB) { "⚠️ $XPB" } else { "✅ Hidden" }) |
364
+
365
+ ### Issues Found
366
+
367
+ $(if ($HeaderIssues.Count -gt 0) {
368
+ foreach ($issue in $HeaderIssues) {
369
+ "- ⚠️ $issue"
370
+ }
371
+ } else {
372
+ "✅ No major header issues"
373
+ })
374
+
375
+ ---
376
+
377
+ ## 🔍 2. Exposed Files Check
378
+
379
+ $(if ($ExposedFiles.Count -gt 0) {
380
+ "### 🚨 Found $($ExposedFiles.Count) Exposed Files"
381
+ } else {
382
+ "### ✅ No Critical Files Exposed"
383
+ })
384
+
385
+ | Path | Risk |
386
+ |------|------|
387
+ $(foreach ($file in $ExposedFiles) {
388
+ "| $file | 🔴 CRITICAL |"
389
+ })
390
+
391
+ **Recommendation:** Remove or protect these files from public access.
392
+
393
+ ---
394
+
395
+ ## 🔌 3. Port Scan Results
396
+
397
+ $(if (($OpenPorts | Where-Object {$_.Risk -eq "HIGH"}).Count -gt 0) {
398
+ "### 🚨 High-Risk Ports Open"
399
+ } else {
400
+ "### ✅ No High-Risk Ports Detected"
401
+ })
402
+
403
+ | Port | Service | Risk |
404
+ |------|---------|------|
405
+ $(foreach ($p in $OpenPorts) {
406
+ "| $($p.Port) | $($p.Service) | $(if($p.Risk -eq "HIGH"){"🔴 HIGH"}else{"🟢 INFO"}) |"
407
+ })
408
+
409
+ **Recommendation:** Database ports (3306, 5432, 6379, 27017) should never be exposed to the internet.
410
+
411
+ ---
412
+
413
+ ## 💉 4. Injection Tests
414
+
415
+ Basic automated tests completed.
416
+
417
+ | Test | Status |
418
+ |------|--------|
419
+ | XSS Reflection | ⚠️ Review manually |
420
+ | SQL Injection | ⚠️ Review manually |
421
+
422
+ **Note:** For comprehensive injection testing, use:
423
+ - SQLMap: \`sqlmap -u "$Target"\`
424
+ - Dalfox: \`dalfox url "$Target"\`
425
+
426
+ ---
427
+
428
+ ## 🔐 5. SSL/TLS
429
+
430
+ $(if ($Scheme -eq "https") {
431
+ "✅ HTTPS is enabled"
432
+ } else {
433
+ "❌ HTTPS is NOT enabled"
434
+ })
435
+
436
+ $(if ($SSLIssues.Count -gt 0) {
437
+ "### ⚠️ SSL Issues:"
438
+ foreach ($issue in $SSLIssues) {
439
+ "- $issue"
440
+ }
441
+ })
442
+
443
+ **Full SSL Analysis:** https://ssllabs.com/ssltest/analyze.html?d=$Domain
444
+
445
+ ---
446
+
447
+ ## 🛡️ Remediation Priority
448
+
449
+ ### Immediate (Critical)
450
+ 1. Implement missing security headers
451
+ 2. Remove/block exposed sensitive files (.env, .git/, backups)
452
+ 3. Close database ports from public access
453
+
454
+ ### Short-term
455
+ 1. Enable HSTS with long max-age
456
+ 2. Configure Content-Security-Policy
457
+ 3. Set up proper Cache-Control
458
+ 4. Hide server information
459
+
460
+ ### Long-term
461
+ 1. Regular security scanning
462
+ 2. Implement OWASP Top 10 controls
463
+ 3. Set up monitoring and alerting
464
+ 4. Security headers automated testing
465
+
466
+ ---
467
+
468
+ ## 🔗 Recommended Tools for Deeper Analysis
469
+
470
+ | Tool | Purpose |
471
+ |------|---------|
472
+ | Nuclei | Vulnerability scanning |
473
+ | SQLMap | SQL injection testing |
474
+ | Dalfox | XSS scanning |
475
+ | Nmap | Full port scan |
476
+ | testssl.sh | SSL/TLS audit |
477
+ | Burp Suite | Web vulnerability testing |
478
+
479
+ ---
480
+
481
+ ## 📄 Report Location
482
+
483
+ **File:** \`$OutputFile\`
484
+ **Generated:** $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
485
+ **Author:** Rz (@soulofzephir)
486
+
487
+ ---
488
+
489
+ **⚠️ Disclaimer:** This is an automated scan. Manual testing recommended for comprehensive security assessment.
490
+ "@
491
+
492
+ $Report | Out-File -FilePath $OutputFile -Encoding UTF8
493
+
494
+ # ═══════════════════════════════════════════════════════════
495
+ # COMPLETE
496
+ # ═══════════════════════════════════════════════════════════
497
+
498
+ Write-Host ""
499
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Green
500
+ Write-Host "✅ FULL SCAN COMPLETE!" -ForegroundColor Green
501
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Green
502
+ Write-Host ""
503
+ Write-Host "📄 Report: $OutputFile" -ForegroundColor White
504
+ Write-Host ""
505
+ Write-Host "🔗 Quick Links:" -ForegroundColor Cyan
506
+ Write-Host " Headers: https://securityheaders.com/?q=$Domain"
507
+ Write-Host " SSL: https://ssllabs.com/ssltest/analyze.html?d=$Domain"
508
+ Write-Host ""