pentest-tool-lite 3.10.6 → 3.10.8

package/dist/Pentest.js

@@ -0,0 +1,46 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const security_1 = __importDefault(require("./security"));
+const dns_1 = __importDefault(require("./dns"));
+const html_1 = __importDefault(require("./html"));
+const seo_1 = __importDefault(require("./seo"));
+const wordpress_1 = __importDefault(require("./wordpress"));
+const metadata_1 = __importDefault(require("./metadata"));
+class Pentest {
+    async run(url) {
+        const general = new dns_1.default();
+        const security = new security_1.default();
+        const html = new html_1.default();
+        const seo = new seo_1.default();
+        const wordPress = new wordpress_1.default();
+        const metadata = new metadata_1.default();
+        const [generalResult, securityResult, htmlResult, seoResult, wordPressResult, metadataResult] = await Promise.all([
+            general.run({ url }),
+            security.run({ url }),
+            html.run({ url }),
+            seo.run({ url }),
+            wordPress.run({ url }),
+            metadata.run({ url }),
+        ]);
+        // const [ generalResult, securityResult, htmlResult, seoResult, wordPressResult ] = result.map(promise => promise.status === 'fulfilled' ? promise.value : {});
+        // const [ generalResult, securityResult, htmlResult, seoResult, wordPressResult ] = result;
+        // const generalResult = <Result> await general.run({ url });
+        // const securityResult = <Result> await security.run({ url });
+        // const htmlResult = <Result> await html.run({ url });
+        // const seoResult = <Result> await seo.run({ url });
+        // const wordPressResult = <Result> await wordPress.run({ url });
+        // console.log(metadataResult);
+        return {
+            security: securityResult,
+            dns: generalResult,
+            html: htmlResult,
+            seo: seoResult,
+            wordpress: wordPressResult,
+            metadata: metadataResult,
+        };
+    }
+}
+exports.default = Pentest;

package/dist/{src/Test.js → Test.js}

@@ -1,13 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -19,22 +10,18 @@ const logger_1 = __importDefault(require("./logger"));
  */
 delete require.cache[__filename];
 class Test {
-    constructor() {
-        this.tests = [];
-    }
-    run(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            logger_1.default.debug(`Running ${this.name} tests...`);
-            const result = yield this.test(params).catch((err) => {
-                console.error(err);
-                return {
-                    status: 'ERROR',
-                    title: test.name,
-                    description: 'Test failed or cannot be run!',
-                };
-            });
-            return result;
+    tests = [];
+    async run(params) {
+        logger_1.default.debug(`Running ${this.name} tests...`);
+        const result = await this.test(params).catch((err) => {
+            console.error(err);
+            return {
+                status: 'ERROR',
+                title: test.name,
+                description: 'Test failed or cannot be run!',
+            };
         });
+        return result;
     }
     getTests() {
         return this.tests.filter((test) => {

package/dist/commands/Sitemap.js

@@ -0,0 +1,79 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = __importDefault(require("../request"));
+const functions_1 = require("../functions");
+/**
+ * Check URL if contains sitemap data. If URL is not direct link
+ * to *.xml file, it will try to search it. For example by default
+ * it is located in the root of the page (/sitemap.xml) or it can
+ * be mentioned in /robots.txt.
+ *
+ * There are 2 types of sitemap. One is common, which starts with
+ * <urlset> tag and then there is sitemap index, wich is used
+ * to group multiple sitemap files. This starts with <sitemapindex>
+ * tag.
+ *
+ * Example:
+ *
+ * <?xml version="1.0" encoding="utf-8"?>
+ * <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+ *  <url>
+ *    <loc>http://example.com/</loc>
+ *  </url>
+ * </urlset>
+ *
+ * <?xml version="1.0" encoding="UTF-8"?>
+ * <sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+ *  <sitemap>
+ *    <loc>http://www.example.com/sitemap.xml</loc>
+ *  </sitemap>
+ * </sitemapindex>
+ *
+ * @see https://en.wikipedia.org/wiki/Sitemaps
+ * @see https://www.sitemaps.org/protocol.html
+ * @see https://technicalseo.com/tools/docs/robots-txt/
+ */
+class Sitemap {
+    async run(url) {
+        /*
+        if (!url.endsWith('.xml')) {}
+        */
+        const sitemap = await this.loadSitemap(url);
+        // console.log(sitemap);
+        return sitemap.urlset.url.map((line) => line.loc[0]);
+    }
+    async searchSitemaps() {
+        // check /sitemap.xml
+        // check /robots.txt
+    }
+    async loadSitemap(url) {
+        const xml = await request_1.default.get(url);
+        const sitemap = await (0, functions_1.parseXml)(xml);
+        if (!this.isIndex(sitemap)) {
+            return sitemap;
+        }
+        const sitemapUrls = this.getSitemapUrls(sitemap);
+        return this.loadMultiple(sitemapUrls);
+    }
+    isIndex(sitemap) {
+        return 'sitemapindex' in sitemap;
+    }
+    /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+    getSitemapUrls(sitemapIndex) {
+        /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+        return sitemapIndex.sitemapindex.sitemap.map((sitemap) => sitemap.loc[0]);
+    }
+    async loadMultiple(sitemapUrls) {
+        const sitemaps = await Promise.all(sitemapUrls.map(async (sitemapUrl) => await this.loadSitemap(sitemapUrl)));
+        const urls = sitemaps.map((s) => s.urlset.url).reduce((arr, s) => arr.concat(s), []);
+        return {
+            urlset: {
+                url: urls,
+            },
+        };
+    }
+}
+exports.default = Sitemap;

package/dist/dns/A.js

@@ -0,0 +1,49 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const dns_1 = __importDefault(require("dns"));
+const whois_1 = __importDefault(require("whois"));
+const Test_1 = __importDefault(require("../Test"));
+const logger_1 = __importDefault(require("../logger"));
+class A extends Test_1.default {
+    name = 'A';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const response = await new Promise((resolve, reject) => {
+            dns_1.default.lookup((new URL(url).hostname), { all: true }, (err, addresses) => {
+                if (err) {
+                    return reject(err);
+                }
+                resolve(addresses);
+            });
+        });
+        /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+        const addresses = await Promise.all(response.map(async (address) => {
+            const organization = await this.getOrganization(address.address);
+            return `${address.address} - ${organization}`;
+        }));
+        return {
+            status: 'SUCCESS',
+            title: this.constructor.name,
+            description: addresses.join('\n'),
+        };
+    }
+    async getOrganization(ip) {
+        const organization = await new Promise((resolve, reject) => {
+            whois_1.default.lookup(ip, function (err, data) {
+                if (err) {
+                    return reject(err);
+                }
+                const organization = (typeof data === 'string' ? data.split('\n') : data)
+                    .filter((line) => line.includes('OrgName'))
+                    .map((line) => line.split(':')[1].trim())
+                    .pop();
+                resolve(organization);
+            });
+        });
+        return organization;
+    }
+}
+exports.default = A;

package/dist/dns/DMARC.js

@@ -0,0 +1,59 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const dns_1 = __importDefault(require("dns"));
+const Test_1 = __importDefault(require("../Test"));
+const logger_1 = __importDefault(require("../logger"));
+const getDomain_1 = __importDefault(require("../functions/getDomain"));
+class DMARC extends Test_1.default {
+    name = 'DMARC';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+        const response = await new Promise((resolve, reject) => {
+            dns_1.default.resolveTxt(`_dmarc.${(0, getDomain_1.default)(url)}`, (err, records) => {
+                if (err) {
+                    return reject(err);
+                }
+                resolve(records);
+            });
+        });
+        if (response.length === 0) {
+            return {
+                status: 'WARNING',
+                title: this.constructor.name,
+                description: 'No DMARC record found for this domain.',
+            };
+        }
+        const record = response.shift().shift();
+        if (record.includes('p=none')) {
+            return {
+                status: 'ERROR',
+                title: this.constructor.name,
+                description: 'Email that fails DMARC Compliance tests will be delivered to the recipient\'s inbox.',
+            };
+        }
+        if (record.includes('p=quarantine')) {
+            return {
+                status: 'WARNING',
+                title: this.constructor.name,
+                description: 'Email that fails DMARC Compliance tests will be marked as spam.',
+            };
+        }
+        if (record.includes('p=reject')) {
+            return {
+                status: 'SUCCESS',
+                title: this.constructor.name,
+                description: 'Email that fails DMARC Compliance tests will be rejected.',
+            };
+        }
+        return {
+            status: 'ERROR',
+            title: this.constructor.name,
+            description: 'Invalid DMARC policy found!',
+        };
+    }
+}
+exports.default = DMARC;

package/dist/dns/NS.js

@@ -0,0 +1,36 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const whois_1 = __importDefault(require("whois"));
+const Test_1 = __importDefault(require("../Test"));
+const logger_1 = __importDefault(require("../logger"));
+const getDomain_1 = __importDefault(require("../functions/getDomain"));
+class NS extends Test_1.default {
+    name = 'NS';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const nameServers = await this.getNameServers((0, getDomain_1.default)(url));
+        return {
+            status: 'SUCCESS',
+            title: this.constructor.name,
+            description: nameServers.join('\n'),
+        };
+    }
+    async getNameServers(domain) {
+        const nameServers = await new Promise((resolve, reject) => {
+            whois_1.default.lookup(domain, function (err, data) {
+                if (err) {
+                    return reject(err);
+                }
+                const nameServers = (typeof data === 'string' ? data.split('\n') : data)
+                    .filter((line) => line.includes('Name Server'))
+                    .map((line) => line.split(':')[1].trim());
+                resolve(nameServers);
+            });
+        });
+        return nameServers;
+    }
+}
+exports.default = NS;

package/dist/dns/RegistrationDate.js

@@ -0,0 +1,39 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const whois_1 = __importDefault(require("whois"));
+const Test_1 = __importDefault(require("../Test"));
+const logger_1 = __importDefault(require("../logger"));
+const getDomain_1 = __importDefault(require("../functions/getDomain"));
+class RegistrationDate extends Test_1.default {
+    name = 'RegistrationDate';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const registrationDate = await this.getRegistrationDate((0, getDomain_1.default)(url));
+        const diffInMs = (new Date(registrationDate)).getTime() - (new Date()).getTime();
+        const diffInDays = diffInMs / (1000 * 60 * 60 * 24);
+        return {
+            status: diffInDays < 7 ? 'ERROR' : diffInDays < 30 ? 'WARNING' : 'SUCCESS',
+            title: this.constructor.name,
+            description: `Approximately ${Math.floor(diffInDays)} days until domain expires.`,
+        };
+    }
+    async getRegistrationDate(domain) {
+        const date = await new Promise((resolve, reject) => {
+            whois_1.default.lookup(domain, function (err, data) {
+                if (err) {
+                    return reject(err);
+                }
+                const d = (typeof data === 'string' ? data.split('\n') : data)
+                    .filter((line) => line.includes('Expiration Date') || line.includes('Valid Until'))
+                    .map((line) => line.split(': ')[1].trim())
+                    .shift();
+                resolve(d);
+            });
+        });
+        return date;
+    }
+}
+exports.default = RegistrationDate;

package/dist/dns/index.js

@@ -0,0 +1,47 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const A_1 = __importDefault(require("./A"));
+const NS_1 = __importDefault(require("./NS"));
+const DMARC_1 = __importDefault(require("./DMARC"));
+const RegistrationDate_1 = __importDefault(require("./RegistrationDate"));
+class DNS extends Test_1.default {
+    name = 'DNS';
+    constructor() {
+        super();
+        this.tests = [
+            new RegistrationDate_1.default(),
+            new NS_1.default(),
+            new A_1.default(),
+            new DMARC_1.default(),
+        ];
+    }
+    async test(params) {
+        const tests = this.getTests();
+        const results = [];
+        for (const test of tests) {
+            let result = null;
+            try {
+                result = await test.run(params);
+            }
+            catch {
+                result = {
+                    status: 'ERROR',
+                    title: test.name,
+                    description: 'Test failed or cannot be run!',
+                };
+            }
+            results.push(result);
+        }
+        return {
+            status: this.getStatus(results.map(result => result.status)),
+            title: this.name,
+            description: '',
+            results,
+        };
+    }
+}
+exports.default = DNS;

package/dist/functions/parseSitemap.js

@@ -0,0 +1,12 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = default_1;
+const parseXml_1 = __importDefault(require("./parseXml"));
+/* eslint-disable  @typescript-eslint/no-explicit-any */
+async function default_1(sitemap) {
+    const data = await (0, parseXml_1.default)(sitemap);
+    return data.urlset.url.map((url) => url.loc[0]);
+}

package/dist/html/Anchor.js

@@ -0,0 +1,56 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class Anchor extends Test_1.default {
+    name = 'Anchor';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const response = await request_1.default.get(url);
+        const html = await (0, functions_1.parseHtml)(response);
+        const anchors = (0, functions_1.getAnchors)(html);
+        const subTests = await this.check(anchors);
+        return {
+            status: this.getStatus(subTests.map(test => test.status)),
+            title: this.constructor.name,
+            description: '',
+            results: subTests,
+        };
+    }
+    async check(anchors) {
+        const results = [];
+        for (const anchor of anchors) {
+            logger_1.default.verbose(`Checking ${anchor}...`);
+            const result = await request_1.default.get(anchor);
+            const isFileAvailabe = {
+                status: this.isFileAvailable(result) ? 'SUCCESS' : 'ERROR',
+                title: 'Available',
+                description: '',
+            };
+            results.push({
+                status: this.getStatus([
+                    isFileAvailabe.status,
+                ]), // eslint-disable-line  @typescript-eslint/no-explicit-any
+                title: anchor,
+                description: '',
+                results: [
+                    isFileAvailabe,
+                ],
+            });
+        }
+        return results;
+    }
+    /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+    isFileAvailable(result) {
+        if (result.response.statusCode === 404 || result.response.statusCode === 500) {
+            return false;
+        }
+        return true;
+    }
+}
+exports.default = Anchor;

package/dist/html/CSS.js

@@ -0,0 +1,92 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const csso_1 = __importDefault(require("csso"));
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class CSS extends Test_1.default {
+    name = 'CSS';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const response = await request_1.default.get(url);
+        const html = await (0, functions_1.parseHtml)(response);
+        const stylesheets = (0, functions_1.getStylesheets)(html);
+        const subTests = await this.check(stylesheets);
+        return {
+            status: this.getStatus(subTests.map(test => test.status)),
+            title: this.constructor.name,
+            description: '',
+            results: subTests,
+        };
+    }
+    async check(stylesheets) {
+        const results = [];
+        for (const stylesheet of stylesheets) {
+            const filename = stylesheet.substring(stylesheet.lastIndexOf('/') + 1);
+            logger_1.default.verbose(`Checking ${filename}...`);
+            const result = await request_1.default.get(stylesheet);
+            const isFileAvailabe = {
+                status: this.isFileAvailable(result) ? 'SUCCESS' : 'ERROR',
+                title: 'Available',
+                description: '',
+            };
+            const isCached = {
+                status: this.isCached(result) ? 'SUCCESS' : 'ERROR',
+                title: 'Cached',
+                description: '',
+            };
+            const hasXContentTypeOptionsHeader = {
+                status: this.hasXContentTypeOptionsHeader(result) ? 'SUCCESS' : 'WARNING',
+                title: 'X-Content-Type-Options',
+                description: '',
+            };
+            const isMinified = {
+                status: this.isMinified(result) ? 'SUCCESS' : 'WARNING',
+                title: 'Minified',
+                description: '',
+            };
+            results.push({
+                status: this.getStatus([
+                    isFileAvailabe.status,
+                    isCached.status,
+                    hasXContentTypeOptionsHeader.status,
+                    isMinified.status,
+                ]), // eslint-disable-line  @typescript-eslint/no-explicit-any
+                title: filename,
+                description: '',
+                results: [
+                    isFileAvailabe,
+                    isCached,
+                    hasXContentTypeOptionsHeader,
+                    isMinified,
+                ],
+            });
+        }
+        return results;
+    }
+    /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+    isFileAvailable(result) {
+        if (result.response.statusCode === 404 || result.response.statusCode === 500) {
+            return false;
+        }
+        return true;
+    }
+    /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+    isCached(result) {
+        return result.response.headers.has('cache-control');
+    }
+    /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+    hasXContentTypeOptionsHeader(result) {
+        return result.response.headers.has('x-content-type-options');
+    }
+    /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+    isMinified(result) {
+        const r = csso_1.default.minify(result.body, { restructure: false }).css;
+        return r.length === result.body.length;
+    }
+}
+exports.default = CSS;

package/dist/html/DuplicateId.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class DuplicateId extends Test_1.default {
+    name = 'Duplicate ID';
+    async test({ url }) {
+        logger_1.default.info('Starting DuplicateId test...');
+        const response = await request_1.default.get(url);
+        const duplicates = await (0, functions_1.getDuplicates)(response);
+        if (duplicates.length > 0) {
+            return {
+                status: 'WARNING',
+                title: 'Duplicate IDs',
+                description: '',
+                results: duplicates.map(duplicate => ({
+                    status: 'WARNING',
+                    title: `<${duplicate.name} id="${duplicate.attribs.id}" ... />`,
+                    description: '',
+                }))
+            };
+        }
+        return {
+            status: 'SUCCESS',
+            title: 'Duplicate IDs',
+            description: ''
+        };
+    }
+}
+exports.default = DuplicateId;

package/dist/html/Generator.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class Generator extends Test_1.default {
+    name = 'Generator';
+    async test({ url }) {
+        logger_1.default.info('Starting DuplicateId test...');
+        const response = await request_1.default.get(url);
+        const html = await (0, functions_1.parseHtml)(response);
+        const generators = await (0, functions_1.getGenerator)(html);
+        if (generators.length > 0) {
+            return {
+                status: 'WARNING',
+                title: this.name,
+                description: 'Page contains inmformation about its generator!',
+            };
+        }
+        return {
+            status: 'SUCCESS',
+            title: this.name,
+            description: 'Page doesn\t contain any information about its generator.',
+        };
+    }
+}
+exports.default = Generator;