@soulofzephir/pi-skill-pentesting 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,268 @@
1
+ # Security Audit Report Generator
2
+
3
+ **Target:** [TARGET_URL]
4
+ **Date:** [DATE]
5
+ **Version:** 2.0
6
+
7
+ ---
8
+
9
+ ## 📋 Executive Summary
10
+
11
+ | Metric | Value |
12
+ |--------|-------|
13
+ | Target URL | [TARGET_URL] |
14
+ | Scan Date | [DATE] |
15
+ | Header Score | [X]/100 |
16
+ | Critical Issues | [X] |
17
+ | High Risk | [X] |
18
+ | Medium Risk | [X] |
19
+ | Low Risk | [X] |
20
+ | **Overall Risk** | [Critical/High/Medium/Low] |
21
+
22
+ ---
23
+
24
+ ## 🎯 Target Information
25
+
26
+ ```
27
+ URL: [URL]
28
+ IP: [IP if found]
29
+ Server: [Server info]
30
+ SSL Grade: [A-F or N/A]
31
+ CMS/Framework:[If detected]
32
+ ```
33
+
34
+ ### Technology Stack Detected
35
+ - [ ] Component: Version
36
+
37
+ ---
38
+
39
+ ## ✅ Test Coverage
40
+
41
+ | Phase | Test | Status |
42
+ |-------|------|--------|
43
+ | 1 | Reconnaissance | ✅/❌/⏳ |
44
+ | 2 | Security Headers | ✅/❌/⏳ |
45
+ | 3 | Port Scanning | ✅/❌/⏳ |
46
+ | 4 | SSL/TLS Audit | ✅/❌/⏳ |
47
+ | 5 | Authentication Testing | ✅/❌/⏳ |
48
+ | 6 | Injection Testing | ✅/❌/⏳ |
49
+ | 7 | Business Logic | ✅/❌/⏳ |
50
+ | 8 | API Security | ✅/❌/⏳ |
51
+ | 9 | OWASP Top 10 | ✅/❌/⏳ |
52
+ | 10 | Client-Side | ✅/❌/⏳ |
53
+
54
+ ---
55
+
56
+ ## 🔒 Security Headers Analysis
57
+
58
+ ### Header Score: [X]/100
59
+
60
+ | Header | Status | Value | Risk |
61
+ |--------|--------|-------|------|
62
+ | CSP | ✅/❌/⚠️ | [value] | XSS/Injection |
63
+ | HSTS | ✅/❌/⚠️ | [value] | Protocol Downgrade |
64
+ | X-Content-Type-Options | ✅/❌/⚠️ | [value] | MIME Sniffing |
65
+ | X-Frame-Options | ✅/❌/⚠️ | [value] | Clickjacking |
66
+ | Referrer-Policy | ✅/❌/⚠️ | [value] | Info Leakage |
67
+ | Permissions-Policy | ✅/❌/⚠️ | [value] | Feature Abuse |
68
+ | Cache-Control | ✅/❌/⚠️ | [value] | Data Exposure |
69
+ | Server | ✅/❌/⚠️ | [value] | Reconnaissance |
70
+ | X-Powered-By | ✅/❌/⚠️ | [value] | Tech Exposure |
71
+ | Cross-Origin Policies | ✅/❌/⚠️ | [value] | Security |
72
+
73
+ ---
74
+
75
+ ## 🔌 Port Scan Results
76
+
77
+ | Port | Service | Status | Risk |
78
+ |------|---------|--------|------|
79
+ | [PORT] | [SERVICE] | OPEN/CLOSED | [RISK_LEVEL] |
80
+
81
+ ### High-Risk Findings
82
+ ```
83
+ [ ] Port [X] exposed - [RECOMMENDATION]
84
+ [ ] Port [X] should not be public - [RECOMMENDATION]
85
+ ```
86
+
87
+ ---
88
+
89
+ ## 🔐 SSL/TLS Audit
90
+
91
+ | Check | Status | Details |
92
+ |-------|--------|---------|
93
+ | Certificate Valid | ✅/❌ | [Details] |
94
+ | TLS 1.2/1.3 Only | ✅/❌ | [Details] |
95
+ | Weak Ciphers | ✅/❌ | [Details] |
96
+ | HSTS Implemented | ✅/❌ | [Details] |
97
+ | Self-Signed | ✅/❌ | [Details] |
98
+
99
+ ---
100
+
101
+ ## 🔴 Critical Issues
102
+
103
+ ### [ISSUE-001] [Title]
104
+
105
+ | Field | Value |
106
+ |-------|-------|
107
+ | **Risk Level** | 🔴 CRITICAL |
108
+ | **CVSS Score** | [X.X] |
109
+ | **OWASP Category** | [A01-A10] |
110
+ | **Status** | Open |
111
+
112
+ **Description:**
113
+ [Detailed description]
114
+
115
+ **Evidence:**
116
+ ```
117
+ [Paste evidence - request/response]
118
+ ```
119
+
120
+ **Impact:**
121
+ [What an attacker can achieve]
122
+
123
+ **Reproduction:**
124
+ 1. [Step 1]
125
+ 2. [Step 2]
126
+ 3. [Step 3]
127
+
128
+ **Remediation:**
129
+ ```[code]
130
+ [Fix recommendation]
131
+ ```
132
+
133
+ **References:**
134
+ - CWE-[XXX]
135
+ - [Related link]
136
+
137
+ ---
138
+
139
+ ## 🟠 High Risk Issues
140
+
141
+ ### [ISSUE-XXX] [Title]
142
+
143
+ | Field | Value |
144
+ |-------|-------|
145
+ | **Risk Level** | 🟠 HIGH |
146
+ | **CVSS Score** | [X.X] |
147
+ | **OWASP Category** | [A01-A10] |
148
+
149
+ **Description:**
150
+ [...]
151
+
152
+ **Remediation:**
153
+ [...]
154
+
155
+ ---
156
+
157
+ ## 🟡 Medium Risk Issues
158
+
159
+ ### [ISSUE-XXX] [Title]
160
+
161
+ | Field | Value |
162
+ |-------|-------|
163
+ | **Risk Level** | 🟡 MEDIUM |
164
+ | **CVSS Score** | [X.X] |
165
+
166
+ **Description:**
167
+ [...]
168
+
169
+ **Remediation:**
170
+ [...]
171
+
172
+ ---
173
+
174
+ ## 🟢 Low Risk / Informational
175
+
176
+ ### [INFO-001] [Title]
177
+
178
+ | Field | Value |
179
+ |-------|-------|
180
+ | **Risk Level** | 🟢 LOW/INFO |
181
+
182
+ **Finding:**
183
+ [...]
184
+
185
+ **Recommendation:**
186
+ [...]
187
+
188
+ ---
189
+
190
+ ## 📊 Vulnerability Summary
191
+
192
+ | ID | Title | Risk | Status |
193
+ |----|-------|------|--------|
194
+ | ISSUE-001 | [Title] | 🔴 CRITICAL | Open |
195
+ | ISSUE-002 | [Title] | 🟠 HIGH | Open |
196
+ | ISSUE-003 | [Title] | 🟡 MEDIUM | Open |
197
+ | INFO-001 | [Title] | 🟢 INFO | Open |
198
+
199
+ ---
200
+
201
+ ## ✅ OWASP Top 10 Checklist
202
+
203
+ | Category | Status | Findings |
204
+ |----------|--------|----------|
205
+ | A01 - Broken Access Control | ✅ Pass / ⚠️ Review / ❌ Fail | |
206
+ | A02 - Cryptographic Failures | ✅ Pass / ⚠️ Review / ❌ Fail | |
207
+ | A03 - Injection | ✅ Pass / ⚠️ Review / ❌ Fail | |
208
+ | A04 - Insecure Design | ✅ Pass / ⚠️ Review / ❌ Fail | |
209
+ | A05 - Security Misconfiguration | ✅ Pass / ⚠️ Review / ❌ Fail | |
210
+ | A06 - Vulnerable Components | ✅ Pass / ⚠️ Review / ❌ Fail | |
211
+ | A07 - Auth Failures | ✅ Pass / ⚠️ Review / ❌ Fail | |
212
+ | A08 - Data Integrity | ✅ Pass / ⚠️ Review / ❌ Fail | |
213
+ | A09 - Logging Failures | ✅ Pass / ⚠️ Review / ❌ Fail | |
214
+ | A10 - SSRF | ✅ Pass / ⚠️ Review / ❌ Fail | |
215
+
216
+ ---
217
+
218
+ ## 📝 Remediation Priority
219
+
220
+ ### Immediate (Critical)
221
+ 1. [Issue-001] - [Action]
222
+ 2. [Issue-002] - [Action]
223
+
224
+ ### Short-term (High/Medium)
225
+ 1. [Issue-003] - [Action]
226
+ 2. [Issue-004] - [Action]
227
+
228
+ ### Long-term (Low)
229
+ 1. [Issue-005] - [Action]
230
+
231
+ ---
232
+
233
+ ## 🔗 References & Tools
234
+
235
+ ### Tools Used
236
+ - Burp Suite
237
+ - Nmap
238
+ - Nuclei
239
+ - SQLMap
240
+ - Dalfox
241
+ - [Other tools]
242
+
243
+ ### References
244
+ - OWASP Top 10: https://owasp.org/Top10/
245
+ - CWE: https://cwe.mitre.org/
246
+ - CVSS Calculator: https://nvd.nist.gov/vuln-metrics/cvss
247
+ - Security Headers: https://securityheaders.com/
248
+
249
+ ---
250
+
251
+ ## 📎 Appendix
252
+
253
+ ### Test Environment
254
+ - **Browser:** [Browser/Version]
255
+ - **Testing Tool:** [Tool]
256
+ - **Network:** [VPN/Direct]
257
+
258
+ ### Test Accounts
259
+ | Role | Username | Password |
260
+ |------|----------|----------|
261
+ | Admin | [admin@test.com] | ******* |
262
+ | User | [user@test.com] | ******* |
263
+
264
+ ---
265
+
266
+ **Report Generated:** [DATE]
267
+ **Auditor:** Rz (@soulofzephir)
268
+ **Next Review:** [DATE]
@@ -0,0 +1,327 @@
1
+ # Security Report Generator v2.0
2
+ # Generates report to: site/[domain]-[date].md
3
+
4
+ param(
5
+ [Parameter(Mandatory=$false)]
6
+ [string]$Target = "",
7
+
8
+ [Parameter(Mandatory=$false)]
9
+ [string]$OutputDir = "site"
10
+ )
11
+
12
+ $ErrorActionPreference = "Continue"
13
+
14
+ # ═══════════════════════════════════════════════════════════
15
+ # REPORT CONFIGURATION
16
+ # ═══════════════════════════════════════════════════════════
17
+
18
+ # Get current date
19
+ $Date = Get-Date -Format "yyyy-MM-dd"
20
+
21
+ # Parse target URL
22
+ if ($Target -match "https?://") {
23
+ $Uri = [System.Uri]$Target
24
+ $Domain = $Uri.Host
25
+ $Scheme = $Uri.Scheme
26
+ } else {
27
+ $Domain = $Target
28
+ $Target = "https://$Target"
29
+ }
30
+
31
+ # Create output filename
32
+ $OutputFile = "$OutputDir/$Domain-$Date.md"
33
+
34
+ # ═══════════════════════════════════════════════════════════
35
+ # CREATE OUTPUT DIRECTORY
36
+ # ═══════════════════════════════════════════════════════════
37
+
38
+ if (-not (Test-Path $OutputDir)) {
39
+ New-Item -ItemType Directory -Path $OutputDir -Force | Out-Null
40
+ Write-Host "📁 Created directory: $OutputDir" -ForegroundColor Cyan
41
+ }
42
+
43
+ # ═══════════════════════════════════════════════════════════
44
+ # START SCAN
45
+ # ═══════════════════════════════════════════════════════════
46
+
47
+ Write-Host ""
48
+ Write-Host "╔═══════════════════════════════════════════════════╗" -ForegroundColor Cyan
49
+ Write-Host "║ 🛡️ Security Audit Report Generator v2.0 ║" -ForegroundColor Cyan
50
+ Write-Host "╚═══════════════════════════════════════════════════╝" -ForegroundColor Cyan
51
+ Write-Host ""
52
+
53
+ # ═══════════════════════════════════════════════════════════
54
+ # HEADER SCAN
55
+ # ═══════════════════════════════════════════════════════════
56
+
57
+ Write-Host "🔒 Scanning Security Headers..." -ForegroundColor Yellow
58
+ $HeaderScore = 0
59
+ $Headers = @{}
60
+ $Issues = @()
61
+
62
+ try {
63
+ $Response = Invoke-WebRequest -Uri $Target -Method Head -TimeoutSec 15 -ErrorAction Stop
64
+ $ResponseHeaders = $Response.Headers
65
+ } catch {
66
+ try {
67
+ $Target = $Target -replace "^https", "http"
68
+ $Response = Invoke-WebRequest -Uri $Target -Method Head -TimeoutSec 15 -ErrorAction Stop
69
+ $ResponseHeaders = $Response.Headers
70
+ } catch {
71
+ Write-Host "⚠️ Cannot connect to target" -ForegroundColor Red
72
+ $ResponseHeaders = @{}
73
+ }
74
+ }
75
+
76
+ # HSTS
77
+ $HSTS = $ResponseHeaders["Strict-Transport-Security"]
78
+ if ($HSTS) {
79
+ $Headers["HSTS"] = "✅ Present"
80
+ if ($HSTS -match "max-age=([3-9]\d{5,}|\d{7,})") { $HeaderScore += 15 }
81
+ else { $HeaderScore += 8; $Issues += "HSTS max-age too short" }
82
+ } else {
83
+ $Headers["HSTS"] = "❌ Missing"
84
+ $Issues += "HSTS not implemented"
85
+ }
86
+
87
+ # CSP
88
+ $CSP = $ResponseHeaders["Content-Security-Policy"]
89
+ if ($CSP) {
90
+ $Headers["CSP"] = "✅ Present"
91
+ $HeaderScore += 20
92
+ if ($CSP -match "unsafe-inline") { $Issues += "CSP contains unsafe-inline" }
93
+ } else {
94
+ $Headers["CSP"] = "❌ Missing"
95
+ $Issues += "CSP not implemented (XSS risk)"
96
+ }
97
+
98
+ # X-Content-Type-Options
99
+ $XCTO = $ResponseHeaders["X-Content-Type-Options"]
100
+ if ($XCTO -eq "nosniff") {
101
+ $Headers["X-Content-Type-Options"] = "✅ nosniff"
102
+ $HeaderScore += 10
103
+ } else {
104
+ $Headers["X-Content-Type-Options"] = "❌ Missing"
105
+ $Issues += "X-Content-Type-Options not set"
106
+ }
107
+
108
+ # X-Frame-Options
109
+ $XFO = $ResponseHeaders["X-Frame-Options"]
110
+ if ($XFO -eq "DENY") {
111
+ $Headers["X-Frame-Options"] = "✅ DENY"
112
+ $HeaderScore += 10
113
+ } elseif ($XFO -eq "SAMEORIGIN") {
114
+ $Headers["X-Frame-Options"] = "✅ SAMEORIGIN"
115
+ $HeaderScore += 8
116
+ } else {
117
+ $Headers["X-Frame-Options"] = "❌ Missing"
118
+ $Issues += "X-Frame-Options not set (clickjacking risk)"
119
+ }
120
+
121
+ # Referrer-Policy
122
+ $RP = $ResponseHeaders["Referrer-Policy"]
123
+ if ($RP) {
124
+ $Headers["Referrer-Policy"] = "✅ $RP"
125
+ $HeaderScore += 10
126
+ } else {
127
+ $Headers["Referrer-Policy"] = "⚠️ Missing"
128
+ $HeaderScore += 5
129
+ }
130
+
131
+ # Cache-Control
132
+ $CC = $ResponseHeaders["Cache-Control"]
133
+ if ($CC -match "no-store|no-cache") {
134
+ $Headers["Cache-Control"] = "✅ Secure"
135
+ $HeaderScore += 10
136
+ } else {
137
+ $Headers["Cache-Control"] = "⚠️ $CC"
138
+ $HeaderScore += 5
139
+ }
140
+
141
+ # Server
142
+ $Server = $ResponseHeaders["Server"]
143
+ if ($Server) {
144
+ if ($Server -match "/\d|Advanced|Version") {
145
+ $Headers["Server"] = "⚠️ Leaks version: $Server"
146
+ $Issues += "Server header leaks version"
147
+ } else {
148
+ $Headers["Server"] = "⚠️ $Server"
149
+ }
150
+ }
151
+
152
+ # X-Powered-By
153
+ $XPB = $ResponseHeaders["X-Powered-By"]
154
+ if ($XPB) {
155
+ $Headers["X-Powered-By"] = "⚠️ $XPB"
156
+ $Issues += "X-Powered-By leaks technology"
157
+ }
158
+
159
+ Write-Host " Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
160
+
161
+ # ═══════════════════════════════════════════════════════════
162
+ # PORT SCAN (Quick)
163
+ # ═══════════════════════════════════════════════════════════
164
+
165
+ Write-Host ""
166
+ Write-Host "🔌 Quick Port Check..." -ForegroundColor Yellow
167
+
168
+ $Ports = @(80, 443, 8080, 3306, 5432, 6379, 27017, 22)
169
+ $OpenPorts = @()
170
+
171
+ foreach ($Port in $Ports) {
172
+ try {
173
+ $TCP = New-Object System.Net.Sockets.TcpClient
174
+ $Result = $TCP.BeginConnect($Domain, $Port, $null, $null)
175
+ $Wait = $Result.AsyncWaitHandle.WaitOne(500)
176
+
177
+ if ($Wait -and $TCP.Connected) {
178
+ $Service = switch ($Port) {
179
+ 80 { "HTTP" }
180
+ 443 { "HTTPS" }
181
+ 8080 { "HTTP-Alt" }
182
+ 3306 { "MySQL" }
183
+ 5432 { "PostgreSQL" }
184
+ 6379 { "Redis" }
185
+ 27017 { "MongoDB" }
186
+ 22 { "SSH" }
187
+ }
188
+ $OpenPorts += [PSCustomObject]@{ Port = $Port; Service = $Service }
189
+
190
+ if ($Port -in @(3306, 5432, 6379, 27017, 2375)) {
191
+ $Issues += "High-risk port $Port ($Service) is open!"
192
+ }
193
+ }
194
+ $TCP.Close()
195
+ } catch {}
196
+ }
197
+
198
+ if ($OpenPorts.Count -eq 0) {
199
+ Write-Host " No common ports detected from external" -ForegroundColor Gray
200
+ } else {
201
+ Write-Host " Open ports: $($OpenPorts.Port -join ', ')" -ForegroundColor Yellow
202
+ }
203
+
204
+ # ═══════════════════════════════════════════════════════════
205
+ # GENERATE REPORT
206
+ # ═══════════════════════════════════════════════════════════
207
+
208
+ Write-Host ""
209
+ Write-Host "📝 Generating report..." -ForegroundColor Yellow
210
+
211
+ $Report = @"
212
+ # 🔒 Security Audit Report
213
+
214
+ **Target:** $Target
215
+ **Date:** $Date
216
+ **Generated by:** Pi Pentesting Skill v2.0
217
+
218
+ ---
219
+
220
+ ## 📋 Executive Summary
221
+
222
+ | Metric | Value |
223
+ |--------|-------|
224
+ | Target URL | $Target |
225
+ | Scan Date | $Date |
226
+ | Header Score | $HeaderScore/100 |
227
+ | High-Risk Ports | $($OpenPorts.Count) |
228
+ | Issues Found | $($Issues.Count) |
229
+
230
+ ---
231
+
232
+ ## 🔒 Security Headers Analysis
233
+
234
+ ### Header Score: **$HeaderScore/100** $(if($HeaderScore -ge 90){"(A - Excellent)"}elseif($HeaderScore -ge 70){"(B - Good)"}elseif($HeaderScore -ge 50){"(C - Needs Improvement)"}else{"(D/F - Poor)"})
235
+
236
+ | Header | Status |
237
+ |--------|--------|
238
+ $(foreach ($key in $Headers.Keys) {
239
+ "| $key | $($Headers[$key]) |"
240
+ })
241
+
242
+ ---
243
+
244
+ ## 🔌 Port Scan Results
245
+
246
+ | Port | Service |
247
+ |------|---------|
248
+ $(if ($OpenPorts.Count -gt 0) {
249
+ foreach ($p in $OpenPorts) {
250
+ "| $($p.Port) | $($p.Service) |"
251
+ }
252
+ } else {
253
+ "| - | No common ports detected |"
254
+ })
255
+
256
+ ---
257
+
258
+ ## ⚠️ Issues Identified
259
+
260
+ $(if ($Issues.Count -gt 0) {
261
+ foreach ($issue in $Issues) {
262
+ "- ⚠️ $issue"
263
+ }
264
+ } else {
265
+ "- ✅ No major issues detected in quick scan"
266
+ })
267
+
268
+ ---
269
+
270
+ ## 📊 Recommendations
271
+
272
+ ### Immediate Actions
273
+ 1. Implement missing security headers
274
+ 2. Close unnecessary exposed ports
275
+ 3. Enable HSTS with proper max-age
276
+ 4. Configure Content-Security-Policy
277
+
278
+ ### Short-term
279
+ 1. Regular security scanning
280
+ 2. Implement OWASP Top 10 controls
281
+ 3. Set up monitoring and logging
282
+ 4. Security headers automated testing
283
+
284
+ ---
285
+
286
+ ## 🔗 Further Testing Recommended
287
+
288
+ - Full port scan (nmap -p-)
289
+ - SQL Injection testing (sqlmap)
290
+ - XSS testing (dalfox/xsstrike)
291
+ - OWASP Top 10 comprehensive checklist
292
+ - Business logic testing
293
+ - API security assessment
294
+
295
+ ---
296
+
297
+ ## 📋 Report Location
298
+
299
+ **File:** `$OutputFile`
300
+ **Date:** $Date
301
+
302
+ ---
303
+
304
+ **Report Generated:** $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
305
+ **Author:** Rz (@soulofzephir)
306
+ "@
307
+
308
+ # Save report
309
+ $Report | Out-File -FilePath $OutputFile -Encoding UTF8
310
+
311
+ # ═══════════════════════════════════════════════════════════
312
+ # COMPLETE
313
+ # ═══════════════════════════════════════════════════════════
314
+
315
+ Write-Host ""
316
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
317
+ Write-Host "✅ Report Generated Successfully!" -ForegroundColor Green
318
+ Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
319
+ Write-Host ""
320
+ Write-Host "📄 Report Location: $OutputFile" -ForegroundColor White
321
+ Write-Host "📊 Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
322
+ Write-Host "⚠️ Issues Found: $($Issues.Count)" -ForegroundColor $(if($Issues.Count -gt 0){"Yellow"}else{"Green"})
323
+ Write-Host ""
324
+ Write-Host "🔗 Online Tools:" -ForegroundColor Cyan
325
+ Write-Host " Headers: https://securityheaders.com/?q=$Domain"
326
+ Write-Host " SSL: https://ssllabs.com/ssltest/analyze.html?d=$Domain"
327
+ Write-Host ""