@soulofzephir/pi-skill-pentesting 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/PUBLISH.md +97 -0
- package/README.md +255 -0
- package/package.json +39 -0
- package/skills/pentesting/SKILL.md +399 -0
- package/skills/pentesting/checklists/headers.md +286 -0
- package/skills/pentesting/checklists/injection.md +456 -0
- package/skills/pentesting/checklists/owasp.md +291 -0
- package/skills/pentesting/checklists/ports.md +323 -0
- package/skills/pentesting/reports/template.md +268 -0
- package/skills/pentesting/tools/generate-report.ps1 +327 -0
- package/skills/pentesting/tools/header-scan.ps1 +202 -0
- package/skills/pentesting/tools/header-scan.sh +173 -0
- package/skills/pentesting/tools/security-scan.ps1 +338 -0
|
@@ -0,0 +1,268 @@
|
|
|
1
|
+
# Security Audit Report Generator
|
|
2
|
+
|
|
3
|
+
**Target:** [TARGET_URL]
|
|
4
|
+
**Date:** [DATE]
|
|
5
|
+
**Version:** 2.0
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## 📋 Executive Summary
|
|
10
|
+
|
|
11
|
+
| Metric | Value |
|
|
12
|
+
|--------|-------|
|
|
13
|
+
| Target URL | [TARGET_URL] |
|
|
14
|
+
| Scan Date | [DATE] |
|
|
15
|
+
| Header Score | [X]/100 |
|
|
16
|
+
| Critical Issues | [X] |
|
|
17
|
+
| High Risk | [X] |
|
|
18
|
+
| Medium Risk | [X] |
|
|
19
|
+
| Low Risk | [X] |
|
|
20
|
+
| **Overall Risk** | [Critical/High/Medium/Low] |
|
|
21
|
+
|
|
22
|
+
---
|
|
23
|
+
|
|
24
|
+
## 🎯 Target Information
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
URL: [URL]
|
|
28
|
+
IP: [IP if found]
|
|
29
|
+
Server: [Server info]
|
|
30
|
+
SSL Grade: [A-F or N/A]
|
|
31
|
+
CMS/Framework:[If detected]
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
### Technology Stack Detected
|
|
35
|
+
- [ ] Component: Version
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
## ✅ Test Coverage
|
|
40
|
+
|
|
41
|
+
| Phase | Test | Status |
|
|
42
|
+
|-------|------|--------|
|
|
43
|
+
| 1 | Reconnaissance | ✅/❌/⏳ |
|
|
44
|
+
| 2 | Security Headers | ✅/❌/⏳ |
|
|
45
|
+
| 3 | Port Scanning | ✅/❌/⏳ |
|
|
46
|
+
| 4 | SSL/TLS Audit | ✅/❌/⏳ |
|
|
47
|
+
| 5 | Authentication Testing | ✅/❌/⏳ |
|
|
48
|
+
| 6 | Injection Testing | ✅/❌/⏳ |
|
|
49
|
+
| 7 | Business Logic | ✅/❌/⏳ |
|
|
50
|
+
| 8 | API Security | ✅/❌/⏳ |
|
|
51
|
+
| 9 | OWASP Top 10 | ✅/❌/⏳ |
|
|
52
|
+
| 10 | Client-Side | ✅/❌/⏳ |
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## 🔒 Security Headers Analysis
|
|
57
|
+
|
|
58
|
+
### Header Score: [X]/100
|
|
59
|
+
|
|
60
|
+
| Header | Status | Value | Risk |
|
|
61
|
+
|--------|--------|-------|------|
|
|
62
|
+
| CSP | ✅/❌/⚠️ | [value] | XSS/Injection |
|
|
63
|
+
| HSTS | ✅/❌/⚠️ | [value] | Protocol Downgrade |
|
|
64
|
+
| X-Content-Type-Options | ✅/❌/⚠️ | [value] | MIME Sniffing |
|
|
65
|
+
| X-Frame-Options | ✅/❌/⚠️ | [value] | Clickjacking |
|
|
66
|
+
| Referrer-Policy | ✅/❌/⚠️ | [value] | Info Leakage |
|
|
67
|
+
| Permissions-Policy | ✅/❌/⚠️ | [value] | Feature Abuse |
|
|
68
|
+
| Cache-Control | ✅/❌/⚠️ | [value] | Data Exposure |
|
|
69
|
+
| Server | ✅/❌/⚠️ | [value] | Reconnaissance |
|
|
70
|
+
| X-Powered-By | ✅/❌/⚠️ | [value] | Tech Exposure |
|
|
71
|
+
| Cross-Origin Policies | ✅/❌/⚠️ | [value] | Security |
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## 🔌 Port Scan Results
|
|
76
|
+
|
|
77
|
+
| Port | Service | Status | Risk |
|
|
78
|
+
|------|---------|--------|------|
|
|
79
|
+
| [PORT] | [SERVICE] | OPEN/CLOSED | [RISK_LEVEL] |
|
|
80
|
+
|
|
81
|
+
### High-Risk Findings
|
|
82
|
+
```
|
|
83
|
+
[ ] Port [X] exposed - [RECOMMENDATION]
|
|
84
|
+
[ ] Port [X] should not be public - [RECOMMENDATION]
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## 🔐 SSL/TLS Audit
|
|
90
|
+
|
|
91
|
+
| Check | Status | Details |
|
|
92
|
+
|-------|--------|---------|
|
|
93
|
+
| Certificate Valid | ✅/❌ | [Details] |
|
|
94
|
+
| TLS 1.2/1.3 Only | ✅/❌ | [Details] |
|
|
95
|
+
| Weak Ciphers | ✅/❌ | [Details] |
|
|
96
|
+
| HSTS Implemented | ✅/❌ | [Details] |
|
|
97
|
+
| Self-Signed | ✅/❌ | [Details] |
|
|
98
|
+
|
|
99
|
+
---
|
|
100
|
+
|
|
101
|
+
## 🔴 Critical Issues
|
|
102
|
+
|
|
103
|
+
### [ISSUE-001] [Title]
|
|
104
|
+
|
|
105
|
+
| Field | Value |
|
|
106
|
+
|-------|-------|
|
|
107
|
+
| **Risk Level** | 🔴 CRITICAL |
|
|
108
|
+
| **CVSS Score** | [X.X] |
|
|
109
|
+
| **OWASP Category** | [A01-A10] |
|
|
110
|
+
| **Status** | Open |
|
|
111
|
+
|
|
112
|
+
**Description:**
|
|
113
|
+
[Detailed description]
|
|
114
|
+
|
|
115
|
+
**Evidence:**
|
|
116
|
+
```
|
|
117
|
+
[Paste evidence - request/response]
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
**Impact:**
|
|
121
|
+
[What an attacker can achieve]
|
|
122
|
+
|
|
123
|
+
**Reproduction:**
|
|
124
|
+
1. [Step 1]
|
|
125
|
+
2. [Step 2]
|
|
126
|
+
3. [Step 3]
|
|
127
|
+
|
|
128
|
+
**Remediation:**
|
|
129
|
+
```[code]
|
|
130
|
+
[Fix recommendation]
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
**References:**
|
|
134
|
+
- CWE-[XXX]
|
|
135
|
+
- [Related link]
|
|
136
|
+
|
|
137
|
+
---
|
|
138
|
+
|
|
139
|
+
## 🟠 High Risk Issues
|
|
140
|
+
|
|
141
|
+
### [ISSUE-XXX] [Title]
|
|
142
|
+
|
|
143
|
+
| Field | Value |
|
|
144
|
+
|-------|-------|
|
|
145
|
+
| **Risk Level** | 🟠 HIGH |
|
|
146
|
+
| **CVSS Score** | [X.X] |
|
|
147
|
+
| **OWASP Category** | [A01-A10] |
|
|
148
|
+
|
|
149
|
+
**Description:**
|
|
150
|
+
[...]
|
|
151
|
+
|
|
152
|
+
**Remediation:**
|
|
153
|
+
[...]
|
|
154
|
+
|
|
155
|
+
---
|
|
156
|
+
|
|
157
|
+
## 🟡 Medium Risk Issues
|
|
158
|
+
|
|
159
|
+
### [ISSUE-XXX] [Title]
|
|
160
|
+
|
|
161
|
+
| Field | Value |
|
|
162
|
+
|-------|-------|
|
|
163
|
+
| **Risk Level** | 🟡 MEDIUM |
|
|
164
|
+
| **CVSS Score** | [X.X] |
|
|
165
|
+
|
|
166
|
+
**Description:**
|
|
167
|
+
[...]
|
|
168
|
+
|
|
169
|
+
**Remediation:**
|
|
170
|
+
[...]
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
## 🟢 Low Risk / Informational
|
|
175
|
+
|
|
176
|
+
### [INFO-001] [Title]
|
|
177
|
+
|
|
178
|
+
| Field | Value |
|
|
179
|
+
|-------|-------|
|
|
180
|
+
| **Risk Level** | 🟢 LOW/INFO |
|
|
181
|
+
|
|
182
|
+
**Finding:**
|
|
183
|
+
[...]
|
|
184
|
+
|
|
185
|
+
**Recommendation:**
|
|
186
|
+
[...]
|
|
187
|
+
|
|
188
|
+
---
|
|
189
|
+
|
|
190
|
+
## 📊 Vulnerability Summary
|
|
191
|
+
|
|
192
|
+
| ID | Title | Risk | Status |
|
|
193
|
+
|----|-------|------|--------|
|
|
194
|
+
| ISSUE-001 | [Title] | 🔴 CRITICAL | Open |
|
|
195
|
+
| ISSUE-002 | [Title] | 🟠 HIGH | Open |
|
|
196
|
+
| ISSUE-003 | [Title] | 🟡 MEDIUM | Open |
|
|
197
|
+
| INFO-001 | [Title] | 🟢 INFO | Open |
|
|
198
|
+
|
|
199
|
+
---
|
|
200
|
+
|
|
201
|
+
## ✅ OWASP Top 10 Checklist
|
|
202
|
+
|
|
203
|
+
| Category | Status | Findings |
|
|
204
|
+
|----------|--------|----------|
|
|
205
|
+
| A01 - Broken Access Control | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
206
|
+
| A02 - Cryptographic Failures | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
207
|
+
| A03 - Injection | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
208
|
+
| A04 - Insecure Design | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
209
|
+
| A05 - Security Misconfiguration | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
210
|
+
| A06 - Vulnerable Components | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
211
|
+
| A07 - Auth Failures | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
212
|
+
| A08 - Data Integrity | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
213
|
+
| A09 - Logging Failures | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
214
|
+
| A10 - SSRF | ✅ Pass / ⚠️ Review / ❌ Fail | |
|
|
215
|
+
|
|
216
|
+
---
|
|
217
|
+
|
|
218
|
+
## 📝 Remediation Priority
|
|
219
|
+
|
|
220
|
+
### Immediate (Critical)
|
|
221
|
+
1. [Issue-001] - [Action]
|
|
222
|
+
2. [Issue-002] - [Action]
|
|
223
|
+
|
|
224
|
+
### Short-term (High/Medium)
|
|
225
|
+
1. [Issue-003] - [Action]
|
|
226
|
+
2. [Issue-004] - [Action]
|
|
227
|
+
|
|
228
|
+
### Long-term (Low)
|
|
229
|
+
1. [Issue-005] - [Action]
|
|
230
|
+
|
|
231
|
+
---
|
|
232
|
+
|
|
233
|
+
## 🔗 References & Tools
|
|
234
|
+
|
|
235
|
+
### Tools Used
|
|
236
|
+
- Burp Suite
|
|
237
|
+
- Nmap
|
|
238
|
+
- Nuclei
|
|
239
|
+
- SQLMap
|
|
240
|
+
- Dalfox
|
|
241
|
+
- [Other tools]
|
|
242
|
+
|
|
243
|
+
### References
|
|
244
|
+
- OWASP Top 10: https://owasp.org/Top10/
|
|
245
|
+
- CWE: https://cwe.mitre.org/
|
|
246
|
+
- CVSS Calculator: https://nvd.nist.gov/vuln-metrics/cvss
|
|
247
|
+
- Security Headers: https://securityheaders.com/
|
|
248
|
+
|
|
249
|
+
---
|
|
250
|
+
|
|
251
|
+
## 📎 Appendix
|
|
252
|
+
|
|
253
|
+
### Test Environment
|
|
254
|
+
- **Browser:** [Browser/Version]
|
|
255
|
+
- **Testing Tool:** [Tool]
|
|
256
|
+
- **Network:** [VPN/Direct]
|
|
257
|
+
|
|
258
|
+
### Test Accounts
|
|
259
|
+
| Role | Username | Password |
|
|
260
|
+
|------|----------|----------|
|
|
261
|
+
| Admin | [admin@test.com] | ******* |
|
|
262
|
+
| User | [user@test.com] | ******* |
|
|
263
|
+
|
|
264
|
+
---
|
|
265
|
+
|
|
266
|
+
**Report Generated:** [DATE]
|
|
267
|
+
**Auditor:** Rz (@soulofzephir)
|
|
268
|
+
**Next Review:** [DATE]
|
|
@@ -0,0 +1,327 @@
|
|
|
1
|
+
# Security Report Generator v2.0
|
|
2
|
+
# Generates report to: site/[domain]-[date].md
|
|
3
|
+
|
|
4
|
+
param(
|
|
5
|
+
[Parameter(Mandatory=$false)]
|
|
6
|
+
[string]$Target = "",
|
|
7
|
+
|
|
8
|
+
[Parameter(Mandatory=$false)]
|
|
9
|
+
[string]$OutputDir = "site"
|
|
10
|
+
)
|
|
11
|
+
|
|
12
|
+
$ErrorActionPreference = "Continue"
|
|
13
|
+
|
|
14
|
+
# ═══════════════════════════════════════════════════════════
|
|
15
|
+
# REPORT CONFIGURATION
|
|
16
|
+
# ═══════════════════════════════════════════════════════════
|
|
17
|
+
|
|
18
|
+
# Get current date
|
|
19
|
+
$Date = Get-Date -Format "yyyy-MM-dd"
|
|
20
|
+
|
|
21
|
+
# Parse target URL
|
|
22
|
+
if ($Target -match "https?://") {
|
|
23
|
+
$Uri = [System.Uri]$Target
|
|
24
|
+
$Domain = $Uri.Host
|
|
25
|
+
$Scheme = $Uri.Scheme
|
|
26
|
+
} else {
|
|
27
|
+
$Domain = $Target
|
|
28
|
+
$Target = "https://$Target"
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
# Create output filename
|
|
32
|
+
$OutputFile = "$OutputDir/$Domain-$Date.md"
|
|
33
|
+
|
|
34
|
+
# ═══════════════════════════════════════════════════════════
|
|
35
|
+
# CREATE OUTPUT DIRECTORY
|
|
36
|
+
# ═══════════════════════════════════════════════════════════
|
|
37
|
+
|
|
38
|
+
if (-not (Test-Path $OutputDir)) {
|
|
39
|
+
New-Item -ItemType Directory -Path $OutputDir -Force | Out-Null
|
|
40
|
+
Write-Host "📁 Created directory: $OutputDir" -ForegroundColor Cyan
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
# ═══════════════════════════════════════════════════════════
|
|
44
|
+
# START SCAN
|
|
45
|
+
# ═══════════════════════════════════════════════════════════
|
|
46
|
+
|
|
47
|
+
Write-Host ""
|
|
48
|
+
Write-Host "╔═══════════════════════════════════════════════════╗" -ForegroundColor Cyan
|
|
49
|
+
Write-Host "║ 🛡️ Security Audit Report Generator v2.0 ║" -ForegroundColor Cyan
|
|
50
|
+
Write-Host "╚═══════════════════════════════════════════════════╝" -ForegroundColor Cyan
|
|
51
|
+
Write-Host ""
|
|
52
|
+
|
|
53
|
+
# ═══════════════════════════════════════════════════════════
|
|
54
|
+
# HEADER SCAN
|
|
55
|
+
# ═══════════════════════════════════════════════════════════
|
|
56
|
+
|
|
57
|
+
Write-Host "🔒 Scanning Security Headers..." -ForegroundColor Yellow
|
|
58
|
+
$HeaderScore = 0
|
|
59
|
+
$Headers = @{}
|
|
60
|
+
$Issues = @()
|
|
61
|
+
|
|
62
|
+
try {
|
|
63
|
+
$Response = Invoke-WebRequest -Uri $Target -Method Head -TimeoutSec 15 -ErrorAction Stop
|
|
64
|
+
$ResponseHeaders = $Response.Headers
|
|
65
|
+
} catch {
|
|
66
|
+
try {
|
|
67
|
+
$Target = $Target -replace "^https", "http"
|
|
68
|
+
$Response = Invoke-WebRequest -Uri $Target -Method Head -TimeoutSec 15 -ErrorAction Stop
|
|
69
|
+
$ResponseHeaders = $Response.Headers
|
|
70
|
+
} catch {
|
|
71
|
+
Write-Host "⚠️ Cannot connect to target" -ForegroundColor Red
|
|
72
|
+
$ResponseHeaders = @{}
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
# HSTS
|
|
77
|
+
$HSTS = $ResponseHeaders["Strict-Transport-Security"]
|
|
78
|
+
if ($HSTS) {
|
|
79
|
+
$Headers["HSTS"] = "✅ Present"
|
|
80
|
+
if ($HSTS -match "max-age=([3-9]\d{5,}|\d{7,})") { $HeaderScore += 15 }
|
|
81
|
+
else { $HeaderScore += 8; $Issues += "HSTS max-age too short" }
|
|
82
|
+
} else {
|
|
83
|
+
$Headers["HSTS"] = "❌ Missing"
|
|
84
|
+
$Issues += "HSTS not implemented"
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
# CSP
|
|
88
|
+
$CSP = $ResponseHeaders["Content-Security-Policy"]
|
|
89
|
+
if ($CSP) {
|
|
90
|
+
$Headers["CSP"] = "✅ Present"
|
|
91
|
+
$HeaderScore += 20
|
|
92
|
+
if ($CSP -match "unsafe-inline") { $Issues += "CSP contains unsafe-inline" }
|
|
93
|
+
} else {
|
|
94
|
+
$Headers["CSP"] = "❌ Missing"
|
|
95
|
+
$Issues += "CSP not implemented (XSS risk)"
|
|
96
|
+
}
|
|
97
|
+
|
|
98
|
+
# X-Content-Type-Options
|
|
99
|
+
$XCTO = $ResponseHeaders["X-Content-Type-Options"]
|
|
100
|
+
if ($XCTO -eq "nosniff") {
|
|
101
|
+
$Headers["X-Content-Type-Options"] = "✅ nosniff"
|
|
102
|
+
$HeaderScore += 10
|
|
103
|
+
} else {
|
|
104
|
+
$Headers["X-Content-Type-Options"] = "❌ Missing"
|
|
105
|
+
$Issues += "X-Content-Type-Options not set"
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
# X-Frame-Options
|
|
109
|
+
$XFO = $ResponseHeaders["X-Frame-Options"]
|
|
110
|
+
if ($XFO -eq "DENY") {
|
|
111
|
+
$Headers["X-Frame-Options"] = "✅ DENY"
|
|
112
|
+
$HeaderScore += 10
|
|
113
|
+
} elseif ($XFO -eq "SAMEORIGIN") {
|
|
114
|
+
$Headers["X-Frame-Options"] = "✅ SAMEORIGIN"
|
|
115
|
+
$HeaderScore += 8
|
|
116
|
+
} else {
|
|
117
|
+
$Headers["X-Frame-Options"] = "❌ Missing"
|
|
118
|
+
$Issues += "X-Frame-Options not set (clickjacking risk)"
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
# Referrer-Policy
|
|
122
|
+
$RP = $ResponseHeaders["Referrer-Policy"]
|
|
123
|
+
if ($RP) {
|
|
124
|
+
$Headers["Referrer-Policy"] = "✅ $RP"
|
|
125
|
+
$HeaderScore += 10
|
|
126
|
+
} else {
|
|
127
|
+
$Headers["Referrer-Policy"] = "⚠️ Missing"
|
|
128
|
+
$HeaderScore += 5
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
# Cache-Control
|
|
132
|
+
$CC = $ResponseHeaders["Cache-Control"]
|
|
133
|
+
if ($CC -match "no-store|no-cache") {
|
|
134
|
+
$Headers["Cache-Control"] = "✅ Secure"
|
|
135
|
+
$HeaderScore += 10
|
|
136
|
+
} else {
|
|
137
|
+
$Headers["Cache-Control"] = "⚠️ $CC"
|
|
138
|
+
$HeaderScore += 5
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
# Server
|
|
142
|
+
$Server = $ResponseHeaders["Server"]
|
|
143
|
+
if ($Server) {
|
|
144
|
+
if ($Server -match "/\d|Advanced|Version") {
|
|
145
|
+
$Headers["Server"] = "⚠️ Leaks version: $Server"
|
|
146
|
+
$Issues += "Server header leaks version"
|
|
147
|
+
} else {
|
|
148
|
+
$Headers["Server"] = "⚠️ $Server"
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
# X-Powered-By
|
|
153
|
+
$XPB = $ResponseHeaders["X-Powered-By"]
|
|
154
|
+
if ($XPB) {
|
|
155
|
+
$Headers["X-Powered-By"] = "⚠️ $XPB"
|
|
156
|
+
$Issues += "X-Powered-By leaks technology"
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
Write-Host " Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
|
|
160
|
+
|
|
161
|
+
# ═══════════════════════════════════════════════════════════
|
|
162
|
+
# PORT SCAN (Quick)
|
|
163
|
+
# ═══════════════════════════════════════════════════════════
|
|
164
|
+
|
|
165
|
+
Write-Host ""
|
|
166
|
+
Write-Host "🔌 Quick Port Check..." -ForegroundColor Yellow
|
|
167
|
+
|
|
168
|
+
$Ports = @(80, 443, 8080, 3306, 5432, 6379, 27017, 22)
|
|
169
|
+
$OpenPorts = @()
|
|
170
|
+
|
|
171
|
+
foreach ($Port in $Ports) {
|
|
172
|
+
try {
|
|
173
|
+
$TCP = New-Object System.Net.Sockets.TcpClient
|
|
174
|
+
$Result = $TCP.BeginConnect($Domain, $Port, $null, $null)
|
|
175
|
+
$Wait = $Result.AsyncWaitHandle.WaitOne(500)
|
|
176
|
+
|
|
177
|
+
if ($Wait -and $TCP.Connected) {
|
|
178
|
+
$Service = switch ($Port) {
|
|
179
|
+
80 { "HTTP" }
|
|
180
|
+
443 { "HTTPS" }
|
|
181
|
+
8080 { "HTTP-Alt" }
|
|
182
|
+
3306 { "MySQL" }
|
|
183
|
+
5432 { "PostgreSQL" }
|
|
184
|
+
6379 { "Redis" }
|
|
185
|
+
27017 { "MongoDB" }
|
|
186
|
+
22 { "SSH" }
|
|
187
|
+
}
|
|
188
|
+
$OpenPorts += [PSCustomObject]@{ Port = $Port; Service = $Service }
|
|
189
|
+
|
|
190
|
+
if ($Port -in @(3306, 5432, 6379, 27017, 2375)) {
|
|
191
|
+
$Issues += "High-risk port $Port ($Service) is open!"
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
$TCP.Close()
|
|
195
|
+
} catch {}
|
|
196
|
+
}
|
|
197
|
+
|
|
198
|
+
if ($OpenPorts.Count -eq 0) {
|
|
199
|
+
Write-Host " No common ports detected from external" -ForegroundColor Gray
|
|
200
|
+
} else {
|
|
201
|
+
Write-Host " Open ports: $($OpenPorts.Port -join ', ')" -ForegroundColor Yellow
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
# ═══════════════════════════════════════════════════════════
|
|
205
|
+
# GENERATE REPORT
|
|
206
|
+
# ═══════════════════════════════════════════════════════════
|
|
207
|
+
|
|
208
|
+
Write-Host ""
|
|
209
|
+
Write-Host "📝 Generating report..." -ForegroundColor Yellow
|
|
210
|
+
|
|
211
|
+
$Report = @"
|
|
212
|
+
# 🔒 Security Audit Report
|
|
213
|
+
|
|
214
|
+
**Target:** $Target
|
|
215
|
+
**Date:** $Date
|
|
216
|
+
**Generated by:** Pi Pentesting Skill v2.0
|
|
217
|
+
|
|
218
|
+
---
|
|
219
|
+
|
|
220
|
+
## 📋 Executive Summary
|
|
221
|
+
|
|
222
|
+
| Metric | Value |
|
|
223
|
+
|--------|-------|
|
|
224
|
+
| Target URL | $Target |
|
|
225
|
+
| Scan Date | $Date |
|
|
226
|
+
| Header Score | $HeaderScore/100 |
|
|
227
|
+
| High-Risk Ports | $($OpenPorts.Count) |
|
|
228
|
+
| Issues Found | $($Issues.Count) |
|
|
229
|
+
|
|
230
|
+
---
|
|
231
|
+
|
|
232
|
+
## 🔒 Security Headers Analysis
|
|
233
|
+
|
|
234
|
+
### Header Score: **$HeaderScore/100** $(if($HeaderScore -ge 90){"(A - Excellent)"}elseif($HeaderScore -ge 70){"(B - Good)"}elseif($HeaderScore -ge 50){"(C - Needs Improvement)"}else{"(D/F - Poor)"})
|
|
235
|
+
|
|
236
|
+
| Header | Status |
|
|
237
|
+
|--------|--------|
|
|
238
|
+
$(foreach ($key in $Headers.Keys) {
|
|
239
|
+
"| $key | $($Headers[$key]) |"
|
|
240
|
+
})
|
|
241
|
+
|
|
242
|
+
---
|
|
243
|
+
|
|
244
|
+
## 🔌 Port Scan Results
|
|
245
|
+
|
|
246
|
+
| Port | Service |
|
|
247
|
+
|------|---------|
|
|
248
|
+
$(if ($OpenPorts.Count -gt 0) {
|
|
249
|
+
foreach ($p in $OpenPorts) {
|
|
250
|
+
"| $($p.Port) | $($p.Service) |"
|
|
251
|
+
}
|
|
252
|
+
} else {
|
|
253
|
+
"| - | No common ports detected |"
|
|
254
|
+
})
|
|
255
|
+
|
|
256
|
+
---
|
|
257
|
+
|
|
258
|
+
## ⚠️ Issues Identified
|
|
259
|
+
|
|
260
|
+
$(if ($Issues.Count -gt 0) {
|
|
261
|
+
foreach ($issue in $Issues) {
|
|
262
|
+
"- ⚠️ $issue"
|
|
263
|
+
}
|
|
264
|
+
} else {
|
|
265
|
+
"- ✅ No major issues detected in quick scan"
|
|
266
|
+
})
|
|
267
|
+
|
|
268
|
+
---
|
|
269
|
+
|
|
270
|
+
## 📊 Recommendations
|
|
271
|
+
|
|
272
|
+
### Immediate Actions
|
|
273
|
+
1. Implement missing security headers
|
|
274
|
+
2. Close unnecessary exposed ports
|
|
275
|
+
3. Enable HSTS with proper max-age
|
|
276
|
+
4. Configure Content-Security-Policy
|
|
277
|
+
|
|
278
|
+
### Short-term
|
|
279
|
+
1. Regular security scanning
|
|
280
|
+
2. Implement OWASP Top 10 controls
|
|
281
|
+
3. Set up monitoring and logging
|
|
282
|
+
4. Security headers automated testing
|
|
283
|
+
|
|
284
|
+
---
|
|
285
|
+
|
|
286
|
+
## 🔗 Further Testing Recommended
|
|
287
|
+
|
|
288
|
+
- Full port scan (nmap -p-)
|
|
289
|
+
- SQL Injection testing (sqlmap)
|
|
290
|
+
- XSS testing (dalfox/xsstrike)
|
|
291
|
+
- OWASP Top 10 comprehensive checklist
|
|
292
|
+
- Business logic testing
|
|
293
|
+
- API security assessment
|
|
294
|
+
|
|
295
|
+
---
|
|
296
|
+
|
|
297
|
+
## 📋 Report Location
|
|
298
|
+
|
|
299
|
+
**File:** `$OutputFile`
|
|
300
|
+
**Date:** $Date
|
|
301
|
+
|
|
302
|
+
---
|
|
303
|
+
|
|
304
|
+
**Report Generated:** $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
|
|
305
|
+
**Author:** Rz (@soulofzephir)
|
|
306
|
+
"@
|
|
307
|
+
|
|
308
|
+
# Save report
|
|
309
|
+
$Report | Out-File -FilePath $OutputFile -Encoding UTF8
|
|
310
|
+
|
|
311
|
+
# ═══════════════════════════════════════════════════════════
|
|
312
|
+
# COMPLETE
|
|
313
|
+
# ═══════════════════════════════════════════════════════════
|
|
314
|
+
|
|
315
|
+
Write-Host ""
|
|
316
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
317
|
+
Write-Host "✅ Report Generated Successfully!" -ForegroundColor Green
|
|
318
|
+
Write-Host "═══════════════════════════════════════════════════" -ForegroundColor Cyan
|
|
319
|
+
Write-Host ""
|
|
320
|
+
Write-Host "📄 Report Location: $OutputFile" -ForegroundColor White
|
|
321
|
+
Write-Host "📊 Header Score: $HeaderScore/100" -ForegroundColor $(if($HeaderScore -ge 70){"Green"}else{"Red"})
|
|
322
|
+
Write-Host "⚠️ Issues Found: $($Issues.Count)" -ForegroundColor $(if($Issues.Count -gt 0){"Yellow"}else{"Green"})
|
|
323
|
+
Write-Host ""
|
|
324
|
+
Write-Host "🔗 Online Tools:" -ForegroundColor Cyan
|
|
325
|
+
Write-Host " Headers: https://securityheaders.com/?q=$Domain"
|
|
326
|
+
Write-Host " SSL: https://ssllabs.com/ssltest/analyze.html?d=$Domain"
|
|
327
|
+
Write-Host ""
|