@soulofzephir/pi-skill-pentesting 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/skills/pentesting/SKILL.md +189 -224
- package/skills/pentesting/checklists/cors.md +183 -0
- package/skills/pentesting/checklists/exposed-files.md +311 -0
- package/skills/pentesting/checklists/graphql.md +375 -0
- package/skills/pentesting/checklists/jwt.md +225 -0
- package/skills/pentesting/tools/exposed-files-scan.ps1 +333 -0
- package/skills/pentesting/tools/exposed-files-scan.sh +291 -0
- package/skills/pentesting/tools/full-scan.ps1 +508 -0
- package/skills/pentesting/tools/full-scan.sh +454 -0
- package/skills/pentesting/tools/test-skill.ps1 +291 -0
- package/skills/pentesting/tools/test-skill.sh +345 -0
|
@@ -0,0 +1,508 @@
|
|
|
1
|
+
# Full Security Scan - All-in-One v2.0
|
|
2
|
+
# Comprehensive security scanner combining all tools
|
|
3
|
+
|
|
4
|
+
param(
|
|
5
|
+
[Parameter(Mandatory=$false)]
|
|
6
|
+
[string]$Target = "",
|
|
7
|
+
|
|
8
|
+
[Parameter(Mandatory=$false)]
|
|
9
|
+
[string]$OutputDir = "site"
|
|
10
|
+
)
|
|
11
|
+
|
|
12
|
+
$ErrorActionPreference = "Continue"
|
|
13
|
+
|
|
14
|
+
# ═══════════════════════════════════════════════════════════
|
|
15
|
+
# CONFIGURATION
|
|
16
|
+
# ═══════════════════════════════════════════════════════════
|
|
17
|
+
|
|
18
|
+
$Date = Get-Date -Format "yyyy-MM-dd"
|
|
19
|
+
|
|
20
|
+
if ($Target -match "https?://") {
|
|
21
|
+
$Uri = [System.Uri]$Target
|
|
22
|
+
$Domain = $Uri.Host
|
|
23
|
+
$Scheme = $Uri.Scheme
|
|
24
|
+
} else {
|
|
25
|
+
$Domain = $Target
|
|
26
|
+
$Target = "https://$Target"
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
$OutputFile = "$OutputDir/$Domain-$Date.md"
|
|
30
|
+
|
|
31
|
+
if (-not (Test-Path $OutputDir)) {
|
|
32
|
+
New-Item -ItemType Directory -Path $OutputDir -Force | Out-Null
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
# ═══════════════════════════════════════════════════════════
|
|
36
|
+
# BANNER
|
|
37
|
+
# ═══════════════════════════════════════════════════════════
|
|
38
|
+
|
|
39
|
+
Write-Host ""
|
|
40
|
+
Write-Host "╔═══════════════════════════════════════════════════╗" -ForegroundColor Cyan
|
|
41
|
+
Write-Host "║ 🛡️ FULL SECURITY SCAN v2.0 ║" -ForegroundColor Cyan
|
|
42
|
+
Write-Host "║ Target: $Domain" -ForegroundColor Cyan
|
|
43
|
+
Write-Host "║ Date: $Date" -ForegroundColor Cyan
|
|
44
|
+
Write-Host "╚═══════════════════════════════════════════════════╝" -ForegroundColor Cyan
|
|
45
|
+
Write-Host ""
|
|
46
|
+
|
|
47
|
+
# ═══════════════════════════════════════════════════════════
|
|
48
|
+
# PHASE 1: SECURITY HEADERS
|
|
49
|
+
# ═══════════════════════════════════════════════════════════
|
|
50
|
+
|
|
51
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
52
|
+
Write-Host "🔒 PHASE 1: Security Headers" -ForegroundColor Cyan
|
|
53
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
54
|
+
|
|
55
|
+
$HeaderScore = 0
|
|
56
|
+
$HeaderIssues = @()
|
|
57
|
+
|
|
58
|
+
try {
|
|
59
|
+
$Response = Invoke-WebRequest -Uri $Target -Method Head -TimeoutSec 15 -ErrorAction Stop
|
|
60
|
+
$Headers = $Response.Headers
|
|
61
|
+
} catch {
|
|
62
|
+
try {
|
|
63
|
+
$Response = Invoke-WebRequest -Uri ($Target -replace "^https", "http") -Method Head -TimeoutSec 15 -ErrorAction Stop
|
|
64
|
+
$Headers = $Response.Headers
|
|
65
|
+
} catch {
|
|
66
|
+
Write-Host "❌ Cannot connect to target" -ForegroundColor Red
|
|
67
|
+
$Headers = @{}
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
# HSTS
|
|
72
|
+
$HSTS = $Headers["Strict-Transport-Security"]
|
|
73
|
+
if ($HSTS) {
|
|
74
|
+
Write-Host "✅ HSTS: Present" -ForegroundColor Green
|
|
75
|
+
if ($HSTS -match "max-age=([3-9]\d{5,}|\d{7,})") { $HeaderScore += 15 } else { $HeaderScore += 8 }
|
|
76
|
+
} else {
|
|
77
|
+
Write-Host "❌ HSTS: Missing" -ForegroundColor Red
|
|
78
|
+
$HeaderIssues += "HSTS not implemented"
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
# CSP
|
|
82
|
+
$CSP = $Headers["Content-Security-Policy"]
|
|
83
|
+
if ($CSP) {
|
|
84
|
+
Write-Host "✅ CSP: Present" -ForegroundColor Green
|
|
85
|
+
$HeaderScore += 20
|
|
86
|
+
if ($CSP -match "unsafe-inline") { $HeaderIssues += "CSP contains unsafe-inline" }
|
|
87
|
+
} else {
|
|
88
|
+
Write-Host "❌ CSP: Missing" -ForegroundColor Red
|
|
89
|
+
$HeaderIssues += "CSP not implemented (XSS risk)"
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
# X-Content-Type-Options
|
|
93
|
+
$XCTO = $Headers["X-Content-Type-Options"]
|
|
94
|
+
if ($XCTO -eq "nosniff") {
|
|
95
|
+
Write-Host "✅ X-Content-Type-Options: nosniff" -ForegroundColor Green
|
|
96
|
+
$HeaderScore += 10
|
|
97
|
+
} else {
|
|
98
|
+
Write-Host "❌ X-Content-Type-Options: Missing" -ForegroundColor Red
|
|
99
|
+
$HeaderIssues += "X-Content-Type-Options not set"
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
# X-Frame-Options
|
|
103
|
+
$XFO = $Headers["X-Frame-Options"]
|
|
104
|
+
if ($XFO -eq "DENY" -or $XFO -eq "SAMEORIGIN") {
|
|
105
|
+
Write-Host "✅ X-Frame-Options: $XFO" -ForegroundColor Green
|
|
106
|
+
$HeaderScore += if ($XFO -eq "DENY") { 10 } else { 8 }
|
|
107
|
+
} else {
|
|
108
|
+
Write-Host "❌ X-Frame-Options: Missing" -ForegroundColor Red
|
|
109
|
+
$HeaderIssues += "X-Frame-Options not set (clickjacking risk)"
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
# Referrer-Policy
|
|
113
|
+
$RP = $Headers["Referrer-Policy"]
|
|
114
|
+
if ($RP) {
|
|
115
|
+
Write-Host "✅ Referrer-Policy: $RP" -ForegroundColor Green
|
|
116
|
+
$HeaderScore += 10
|
|
117
|
+
} else {
|
|
118
|
+
Write-Host "⚠️ Referrer-Policy: Missing" -ForegroundColor Yellow
|
|
119
|
+
$HeaderScore += 5
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
# Cache-Control
|
|
123
|
+
$CC = $Headers["Cache-Control"]
|
|
124
|
+
if ($CC -match "no-store|no-cache") {
|
|
125
|
+
Write-Host "✅ Cache-Control: Secure" -ForegroundColor Green
|
|
126
|
+
$HeaderScore += 10
|
|
127
|
+
} else {
|
|
128
|
+
Write-Host "⚠️ Cache-Control: Check if sensitive data cached" -ForegroundColor Yellow
|
|
129
|
+
$HeaderScore += 5
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
# Server
|
|
133
|
+
$Server = $Headers["Server"]
|
|
134
|
+
if ($Server -match "/\d|Advanced") {
|
|
135
|
+
Write-Host "⚠️ Server: Leaks version - $Server" -ForegroundColor Yellow
|
|
136
|
+
$HeaderIssues += "Server header leaks version"
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
# X-Powered-By
|
|
140
|
+
$XPB = $Headers["X-Powered-By"]
|
|
141
|
+
if ($XPB) {
|
|
142
|
+
Write-Host "⚠️ X-Powered-By: $XPB" -ForegroundColor Yellow
|
|
143
|
+
$HeaderIssues += "X-Powered-By leaks technology"
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
Write-Host ""
|
|
147
|
+
Write-Host "📊 Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
|
|
148
|
+
|
|
149
|
+
# ═══════════════════════════════════════════════════════════
|
|
150
|
+
# PHASE 2: EXPOSED FILES
|
|
151
|
+
# ═══════════════════════════════════════════════════════════
|
|
152
|
+
|
|
153
|
+
Write-Host ""
|
|
154
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
155
|
+
Write-Host "🔍 PHASE 2: Exposed Files Check" -ForegroundColor Cyan
|
|
156
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
157
|
+
|
|
158
|
+
$ExposedFiles = @()
|
|
159
|
+
$CriticalPaths = @(
|
|
160
|
+
"/.env", "/.git/config", "/.git/HEAD", "/.git/",
|
|
161
|
+
"/wp-config.php", "/config.php", "/settings.py",
|
|
162
|
+
"/backup.zip", "/database.sql", "/db.sql",
|
|
163
|
+
"/admin/", "/debug/", "/phpmyadmin/", "/pma/",
|
|
164
|
+
"/actuator/env", "/actuator/heapdump",
|
|
165
|
+
"/swagger-ui/", "/graphiql/"
|
|
166
|
+
)
|
|
167
|
+
|
|
168
|
+
foreach ($path in $CriticalPaths) {
|
|
169
|
+
try {
|
|
170
|
+
$resp = Invoke-WebRequest -Uri "$Target$path" -Method Head -TimeoutSec 5 -ErrorAction SilentlyContinue
|
|
171
|
+
if ($resp.StatusCode -ne 404) {
|
|
172
|
+
Write-Host "⚠️ FOUND: $path (HTTP $($resp.StatusCode))" -ForegroundColor Red
|
|
173
|
+
$ExposedFiles += $path
|
|
174
|
+
}
|
|
175
|
+
} catch {}
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
if ($ExposedFiles.Count -eq 0) {
|
|
179
|
+
Write-Host "✅ No critical files exposed" -ForegroundColor Green
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
# ═══════════════════════════════════════════════════════════
|
|
183
|
+
# PHASE 3: PORT CHECK
|
|
184
|
+
# ═══════════════════════════════════════════════════════════
|
|
185
|
+
|
|
186
|
+
Write-Host ""
|
|
187
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
188
|
+
Write-Host "🔌 PHASE 3: Quick Port Check" -ForegroundColor Cyan
|
|
189
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
190
|
+
|
|
191
|
+
$Ports = @(80, 443, 8080, 3306, 5432, 6379, 27017, 22)
|
|
192
|
+
$OpenPorts = @()
|
|
193
|
+
|
|
194
|
+
foreach ($Port in $Ports) {
|
|
195
|
+
try {
|
|
196
|
+
$TCP = New-Object System.Net.Sockets.TcpClient
|
|
197
|
+
$Result = $TCP.BeginConnect($Domain, $Port, $null, $null)
|
|
198
|
+
$Wait = $Result.AsyncWaitHandle.WaitOne(500)
|
|
199
|
+
|
|
200
|
+
if ($Wait -and $TCP.Connected) {
|
|
201
|
+
$Service = switch ($Port) {
|
|
202
|
+
80 { "HTTP" }
|
|
203
|
+
443 { "HTTPS" }
|
|
204
|
+
8080 { "HTTP-Alt" }
|
|
205
|
+
3306 { "MySQL" }
|
|
206
|
+
5432 { "PostgreSQL" }
|
|
207
|
+
6379 { "Redis" }
|
|
208
|
+
27017 { "MongoDB" }
|
|
209
|
+
22 { "SSH" }
|
|
210
|
+
}
|
|
211
|
+
$Risk = if ($Port -in @(3306, 5432, 6379, 27017)) { "HIGH" } else { "INFO" }
|
|
212
|
+
|
|
213
|
+
Write-Host "⚠️ Port $Port ($Service) - OPEN" -ForegroundColor $(if($Risk -eq "HIGH"){"Red"}else{"Yellow"})
|
|
214
|
+
$OpenPorts += [PSCustomObject]@{ Port = $Port; Service = $Service; Risk = $Risk }
|
|
215
|
+
}
|
|
216
|
+
$TCP.Close()
|
|
217
|
+
} catch {}
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
if ($OpenPorts.Count -eq 0) {
|
|
221
|
+
Write-Host "✅ No common ports detected" -ForegroundColor Green
|
|
222
|
+
}
|
|
223
|
+
|
|
224
|
+
# ═══════════════════════════════════════════════════════════
|
|
225
|
+
# PHASE 4: BASIC INJECTION TEST
|
|
226
|
+
# ═══════════════════════════════════════════════════════════
|
|
227
|
+
|
|
228
|
+
Write-Host ""
|
|
229
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
230
|
+
Write-Host "💉 PHASE 4: Basic Injection Tests" -ForegroundColor Cyan
|
|
231
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
232
|
+
|
|
233
|
+
# XSS Test
|
|
234
|
+
Write-Host "Testing XSS..." -ForegroundColor Gray
|
|
235
|
+
$XSSPayload = "<script>alert(1)</script>"
|
|
236
|
+
try {
|
|
237
|
+
$Response = Invoke-WebRequest -Uri "$Target/search?q=$XSSPayload" -TimeoutSec 10 -ErrorAction SilentlyContinue
|
|
238
|
+
if ($Response.Content -match [regex]::Escape($XSSPayload)) {
|
|
239
|
+
Write-Host "⚠️ Possible XSS reflection detected" -ForegroundColor Yellow
|
|
240
|
+
} else {
|
|
241
|
+
Write-Host "✅ No obvious XSS reflection" -ForegroundColor Green
|
|
242
|
+
}
|
|
243
|
+
} catch {
|
|
244
|
+
Write-Host "✅ No obvious XSS reflection" -ForegroundColor Green
|
|
245
|
+
}
|
|
246
|
+
|
|
247
|
+
# SQLi Test
|
|
248
|
+
Write-Host "Testing SQL Injection..." -ForegroundColor Gray
|
|
249
|
+
$SQLPayload = "' OR '1'='1"
|
|
250
|
+
try {
|
|
251
|
+
$Response = Invoke-WebRequest -Uri "$Target/?id=$SQLPayload" -TimeoutSec 10 -ErrorAction SilentlyContinue
|
|
252
|
+
$SQLErrors = @("SQL syntax", "MySQL", "PostgreSQL", "sqlite", "Microsoft SQL", "Warning: mysql", "error in your SQL")
|
|
253
|
+
$Found = $SQLErrors | Where-Object { $Response.Content -match $_ }
|
|
254
|
+
if ($Found) {
|
|
255
|
+
Write-Host "⚠️ SQL error detected in response" -ForegroundColor Yellow
|
|
256
|
+
} else {
|
|
257
|
+
Write-Host "✅ No obvious SQL errors" -ForegroundColor Green
|
|
258
|
+
}
|
|
259
|
+
} catch {
|
|
260
|
+
Write-Host "✅ No obvious SQL errors" -ForegroundColor Green
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
# ═══════════════════════════════════════════════════════════
|
|
264
|
+
# PHASE 5: SSL/TLS CHECK
|
|
265
|
+
# ═══════════════════════════════════════════════════════════
|
|
266
|
+
|
|
267
|
+
Write-Host ""
|
|
268
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
269
|
+
Write-Host "🔐 PHASE 5: SSL/TLS Check" -ForegroundColor Cyan
|
|
270
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
271
|
+
|
|
272
|
+
$SSLIssues = @()
|
|
273
|
+
|
|
274
|
+
if ($Scheme -eq "https") {
|
|
275
|
+
Write-Host "✅ HTTPS enabled" -ForegroundColor Green
|
|
276
|
+
|
|
277
|
+
# Check HSTS
|
|
278
|
+
if ($HSTS -notmatch "max-age=([3-9]\d{5,}|\d{7,})") {
|
|
279
|
+
Write-Host "⚠️ HSTS max-age should be at least 1 year" -ForegroundColor Yellow
|
|
280
|
+
$SSLIssues += "HSTS max-age too short"
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
Write-Host "📝 For full SSL analysis: https://ssllabs.com/ssltest/analyze.html?d=$Domain" -ForegroundColor Cyan
|
|
284
|
+
} else {
|
|
285
|
+
Write-Host "❌ HTTPS not enforced" -ForegroundColor Red
|
|
286
|
+
$SSLIssues += "HTTPS not enabled"
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
# ═══════════════════════════════════════════════════════════
|
|
290
|
+
# SUMMARY
|
|
291
|
+
# ═══════════════════════════════════════════════════════════
|
|
292
|
+
|
|
293
|
+
Write-Host ""
|
|
294
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
295
|
+
Write-Host "📊 SCAN SUMMARY" -ForegroundColor Cyan
|
|
296
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
297
|
+
Write-Host ""
|
|
298
|
+
|
|
299
|
+
Write-Host "🔒 Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
|
|
300
|
+
Write-Host "🔍 Exposed Files: $($ExposedFiles.Count)" -ForegroundColor $(if($ExposedFiles.Count -gt 0){"Yellow"}else{"Green"})
|
|
301
|
+
Write-Host "🔌 Open Ports: $($OpenPorts.Count)" -ForegroundColor $(if(($OpenPorts | Where-Object {$_.Risk -eq "HIGH"}).Count -gt 0){"Red"}else{"Green"})
|
|
302
|
+
Write-Host "💉 Injection: Basic tests completed" -ForegroundColor Green
|
|
303
|
+
Write-Host "🔐 SSL/TLS: HTTPS $($SSLIssues.Count -eq 0 ? 'OK' : 'Issues')" -ForegroundColor $(if($SSLIssues.Count -eq 0){"Green"}else{"Yellow"})
|
|
304
|
+
|
|
305
|
+
# ═══════════════════════════════════════════════════════════
|
|
306
|
+
# GENERATE REPORT
|
|
307
|
+
# ═══════════════════════════════════════════════════════════
|
|
308
|
+
|
|
309
|
+
Write-Host ""
|
|
310
|
+
Write-Host "📝 Generating detailed report..." -ForegroundColor Yellow
|
|
311
|
+
|
|
312
|
+
$Report = @"
|
|
313
|
+
# 🛡️ Full Security Audit Report
|
|
314
|
+
|
|
315
|
+
**Target:** $Target
|
|
316
|
+
**Domain:** $Domain
|
|
317
|
+
**Date:** $Date
|
|
318
|
+
**Scanner:** Full Security Scan v2.0
|
|
319
|
+
|
|
320
|
+
---
|
|
321
|
+
|
|
322
|
+
## 📋 Executive Summary
|
|
323
|
+
|
|
324
|
+
| Metric | Value |
|
|
325
|
+
|--------|-------|
|
|
326
|
+
| Target | $Target |
|
|
327
|
+
| Scan Date | $Date |
|
|
328
|
+
| Header Score | $HeaderScore/100 |
|
|
329
|
+
| Exposed Files | $($ExposedFiles.Count) |
|
|
330
|
+
| Open Ports | $($OpenPorts.Count) |
|
|
331
|
+
| SSL Issues | $($SSLIssues.Count) |
|
|
332
|
+
|
|
333
|
+
### Overall Risk Assessment
|
|
334
|
+
|
|
335
|
+
$(if ($HeaderScore -lt 50 -or $ExposedFiles.Count -gt 0 -or ($OpenPorts | Where-Object {$_.Risk -eq "HIGH"}).Count -gt 0) {
|
|
336
|
+
"🔴 **HIGH RISK** - Issues found requiring immediate attention"
|
|
337
|
+
} elseif ($HeaderScore -lt 70 -or $ExposedFiles.Count -gt 0) {
|
|
338
|
+
"🟠 **MEDIUM RISK** - Some security improvements recommended"
|
|
339
|
+
} else {
|
|
340
|
+
"🟢 **LOW RISK** - Minor issues to address"
|
|
341
|
+
})
|
|
342
|
+
|
|
343
|
+
---
|
|
344
|
+
|
|
345
|
+
## 🔒 1. Security Headers Analysis
|
|
346
|
+
|
|
347
|
+
### Header Score: $HeaderScore/100
|
|
348
|
+
|
|
349
|
+
$(if ($HeaderScore -ge 90) { "✅ **Grade A - Excellent**" }
|
|
350
|
+
elseif ($HeaderScore -ge 70) { "✅ **Grade B - Good**" }
|
|
351
|
+
elseif ($HeaderScore -ge 50) { "⚠️ **Grade C - Needs Improvement**" }
|
|
352
|
+
else { "❌ **Grade D/F - Poor**" })
|
|
353
|
+
|
|
354
|
+
| Header | Status |
|
|
355
|
+
|--------|--------|
|
|
356
|
+
| HSTS | $(if ($HSTS) { "✅ Present" } else { "❌ Missing" }) |
|
|
357
|
+
| CSP | $(if ($CSP) { "✅ Present" } else { "❌ Missing" }) |
|
|
358
|
+
| X-Content-Type-Options | $(if ($XCTO -eq "nosniff") { "✅ nosniff" } else { "❌ Missing" }) |
|
|
359
|
+
| X-Frame-Options | $(if ($XFO) { "✅ $XFO" } else { "❌ Missing" }) |
|
|
360
|
+
| Referrer-Policy | $(if ($RP) { "✅ Present" } else { "⚠️ Missing" }) |
|
|
361
|
+
| Cache-Control | $(if ($CC) { "✅ Present" } else { "⚠️ Missing" }) |
|
|
362
|
+
| Server | $(if ($Server) { "⚠️ $Server" } else { "✅ Hidden" }) |
|
|
363
|
+
| X-Powered-By | $(if ($XPB) { "⚠️ $XPB" } else { "✅ Hidden" }) |
|
|
364
|
+
|
|
365
|
+
### Issues Found
|
|
366
|
+
|
|
367
|
+
$(if ($HeaderIssues.Count -gt 0) {
|
|
368
|
+
foreach ($issue in $HeaderIssues) {
|
|
369
|
+
"- ⚠️ $issue"
|
|
370
|
+
}
|
|
371
|
+
} else {
|
|
372
|
+
"✅ No major header issues"
|
|
373
|
+
})
|
|
374
|
+
|
|
375
|
+
---
|
|
376
|
+
|
|
377
|
+
## 🔍 2. Exposed Files Check
|
|
378
|
+
|
|
379
|
+
$(if ($ExposedFiles.Count -gt 0) {
|
|
380
|
+
"### 🚨 Found $($ExposedFiles.Count) Exposed Files"
|
|
381
|
+
} else {
|
|
382
|
+
"### ✅ No Critical Files Exposed"
|
|
383
|
+
})
|
|
384
|
+
|
|
385
|
+
| Path | Risk |
|
|
386
|
+
|------|------|
|
|
387
|
+
$(foreach ($file in $ExposedFiles) {
|
|
388
|
+
"| $file | 🔴 CRITICAL |"
|
|
389
|
+
})
|
|
390
|
+
|
|
391
|
+
**Recommendation:** Remove or protect these files from public access.
|
|
392
|
+
|
|
393
|
+
---
|
|
394
|
+
|
|
395
|
+
## 🔌 3. Port Scan Results
|
|
396
|
+
|
|
397
|
+
$(if (($OpenPorts | Where-Object {$_.Risk -eq "HIGH"}).Count -gt 0) {
|
|
398
|
+
"### 🚨 High-Risk Ports Open"
|
|
399
|
+
} else {
|
|
400
|
+
"### ✅ No High-Risk Ports Detected"
|
|
401
|
+
})
|
|
402
|
+
|
|
403
|
+
| Port | Service | Risk |
|
|
404
|
+
|------|---------|------|
|
|
405
|
+
$(foreach ($p in $OpenPorts) {
|
|
406
|
+
"| $($p.Port) | $($p.Service) | $(if($p.Risk -eq "HIGH"){"🔴 HIGH"}else{"🟢 INFO"}) |"
|
|
407
|
+
})
|
|
408
|
+
|
|
409
|
+
**Recommendation:** Database ports (3306, 5432, 6379, 27017) should never be exposed to the internet.
|
|
410
|
+
|
|
411
|
+
---
|
|
412
|
+
|
|
413
|
+
## 💉 4. Injection Tests
|
|
414
|
+
|
|
415
|
+
Basic automated tests completed.
|
|
416
|
+
|
|
417
|
+
| Test | Status |
|
|
418
|
+
|------|--------|
|
|
419
|
+
| XSS Reflection | ⚠️ Review manually |
|
|
420
|
+
| SQL Injection | ⚠️ Review manually |
|
|
421
|
+
|
|
422
|
+
**Note:** For comprehensive injection testing, use:
|
|
423
|
+
- SQLMap: \`sqlmap -u "$Target"\`
|
|
424
|
+
- Dalfox: \`dalfox url "$Target"\`
|
|
425
|
+
|
|
426
|
+
---
|
|
427
|
+
|
|
428
|
+
## 🔐 5. SSL/TLS
|
|
429
|
+
|
|
430
|
+
$(if ($Scheme -eq "https") {
|
|
431
|
+
"✅ HTTPS is enabled"
|
|
432
|
+
} else {
|
|
433
|
+
"❌ HTTPS is NOT enabled"
|
|
434
|
+
})
|
|
435
|
+
|
|
436
|
+
$(if ($SSLIssues.Count -gt 0) {
|
|
437
|
+
"### ⚠️ SSL Issues:"
|
|
438
|
+
foreach ($issue in $SSLIssues) {
|
|
439
|
+
"- $issue"
|
|
440
|
+
}
|
|
441
|
+
})
|
|
442
|
+
|
|
443
|
+
**Full SSL Analysis:** https://ssllabs.com/ssltest/analyze.html?d=$Domain
|
|
444
|
+
|
|
445
|
+
---
|
|
446
|
+
|
|
447
|
+
## 🛡️ Remediation Priority
|
|
448
|
+
|
|
449
|
+
### Immediate (Critical)
|
|
450
|
+
1. Implement missing security headers
|
|
451
|
+
2. Remove/block exposed sensitive files (.env, .git/, backups)
|
|
452
|
+
3. Close database ports from public access
|
|
453
|
+
|
|
454
|
+
### Short-term
|
|
455
|
+
1. Enable HSTS with long max-age
|
|
456
|
+
2. Configure Content-Security-Policy
|
|
457
|
+
3. Set up proper Cache-Control
|
|
458
|
+
4. Hide server information
|
|
459
|
+
|
|
460
|
+
### Long-term
|
|
461
|
+
1. Regular security scanning
|
|
462
|
+
2. Implement OWASP Top 10 controls
|
|
463
|
+
3. Set up monitoring and alerting
|
|
464
|
+
4. Security headers automated testing
|
|
465
|
+
|
|
466
|
+
---
|
|
467
|
+
|
|
468
|
+
## 🔗 Recommended Tools for Deeper Analysis
|
|
469
|
+
|
|
470
|
+
| Tool | Purpose |
|
|
471
|
+
|------|---------|
|
|
472
|
+
| Nuclei | Vulnerability scanning |
|
|
473
|
+
| SQLMap | SQL injection testing |
|
|
474
|
+
| Dalfox | XSS scanning |
|
|
475
|
+
| Nmap | Full port scan |
|
|
476
|
+
| testssl.sh | SSL/TLS audit |
|
|
477
|
+
| Burp Suite | Web vulnerability testing |
|
|
478
|
+
|
|
479
|
+
---
|
|
480
|
+
|
|
481
|
+
## 📄 Report Location
|
|
482
|
+
|
|
483
|
+
**File:** \`$OutputFile\`
|
|
484
|
+
**Generated:** $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
|
|
485
|
+
**Author:** Rz (@soulofzephir)
|
|
486
|
+
|
|
487
|
+
---
|
|
488
|
+
|
|
489
|
+
**⚠️ Disclaimer:** This is an automated scan. Manual testing recommended for comprehensive security assessment.
|
|
490
|
+
"@
|
|
491
|
+
|
|
492
|
+
$Report | Out-File -FilePath $OutputFile -Encoding UTF8
|
|
493
|
+
|
|
494
|
+
# ═══════════════════════════════════════════════════════════
|
|
495
|
+
# COMPLETE
|
|
496
|
+
# ═══════════════════════════════════════════════════════════
|
|
497
|
+
|
|
498
|
+
Write-Host ""
|
|
499
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Green
|
|
500
|
+
Write-Host "✅ FULL SCAN COMPLETE!" -ForegroundColor Green
|
|
501
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Green
|
|
502
|
+
Write-Host ""
|
|
503
|
+
Write-Host "📄 Report: $OutputFile" -ForegroundColor White
|
|
504
|
+
Write-Host ""
|
|
505
|
+
Write-Host "🔗 Quick Links:" -ForegroundColor Cyan
|
|
506
|
+
Write-Host " Headers: https://securityheaders.com/?q=$Domain"
|
|
507
|
+
Write-Host " SSL: https://ssllabs.com/ssltest/analyze.html?d=$Domain"
|
|
508
|
+
Write-Host ""
|