pentest-tool-lite 3.9.3 → 3.10.8

package/{src → dist}/security/index.js

@@ -1,13 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -27,10 +18,11 @@ const RobotsTXT_1 = __importDefault(require("./RobotsTXT"));
 const PermissionsPolicy_1 = __importDefault(require("./PermissionsPolicy"));
 const SSL_1 = __importDefault(require("./SSL"));
 const GoogleWebRisk_1 = __importDefault(require("./GoogleWebRisk"));
+const Redirect_1 = __importDefault(require("./Redirect"));
 class Security extends Test_1.default {
+    name = 'Security';
     constructor() {
         super();
-        this.name = 'Security';
         this.tests = [
             new HTTPS_1.default(),
             new HSTS_1.default(),
@@ -46,33 +38,28 @@ class Security extends Test_1.default {
             new RobotsTXT_1.default(),
             new SSL_1.default(),
             new GoogleWebRisk_1.default(),
+            new Redirect_1.default(),
         ];
     }
-    test(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const tests = this.getTests();
-            const results = [];
-            for (const test of tests) {
-                let result = null;
-                try {
-                    result = yield test.run(params);
-                }
-                catch (error) {
-                    result = {
-                        status: 'ERROR',
-                        title: test.name,
-                        description: 'Test failed or cannot be run!',
-                    };
-                }
-                results.push(result);
-            }
-            return {
-                status: this.getStatus(results.map(result => result.status)),
-                title: this.name,
-                description: '',
-                results,
-            };
-        });
+    async test(params) {
+        const tests = this.getTests();
+        const results = [];
+        for (const test of tests) {
+            const result = await test.run(params).catch(() => {
+                return {
+                    status: 'ERROR',
+                    title: test.name,
+                    description: 'Test failed or cannot be run!',
+                };
+            });
+            results.push(result);
+        }
+        return {
+            status: this.getStatus(results.map(result => result.status)),
+            title: this.name,
+            description: '',
+            results,
+        };
     }
 }
 exports.default = Security;

package/dist/seo/Heading.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class Heading extends Test_1.default {
+    name = 'Heading';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const response = await request_1.default.get(url);
+        const html = await (0, functions_1.parseHtml)(response);
+        const heading = (0, functions_1.getHeading)(html);
+        const subTests = this.checkHeading(heading);
+        return {
+            status: this.getStatus(subTests.map(test => test.status)),
+            title: this.constructor.name,
+            description: '',
+            results: subTests,
+        };
+    }
+    checkHeading(title) {
+        const results = [];
+        if (typeof title === 'undefined') {
+            return [{
+                    status: 'ERROR',
+                    title: 'H1 tag',
+                    description: 'HTML should contain H1 tag.',
+                }];
+        }
+        results.push({
+            status: typeof title !== 'undefined' && title.length > 0 ? 'SUCCESS' : 'WARNING',
+            title: 'H1 tag',
+        });
+        results.push({
+            status: Array.isArray(title) ? 'ERROR' : 'SUCCESS',
+            title: 'Duplicate H1 tag',
+            description: `HTML should contain just one H1 tag.`,
+        });
+        results.push({
+            status: title.length <= 60 ? 'SUCCESS' : 'WARNING',
+            title: 'H1 length',
+            description: `H1 length should be under 60 characters and it is ${title.length}.`,
+        });
+        return results;
+    }
+}
+exports.default = Heading;

package/dist/seo/Robots.js

@@ -0,0 +1,21 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+class Robots extends Test_1.default {
+    name = 'Robots';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const response = await request_1.default.get(`${url}/robots.txt`);
+        return {
+            status: Math.floor(response.statusCode / 100) === 2 ? 'SUCCESS' : 'WARNING',
+            title: 'Robots.txt',
+            description: '',
+        };
+    }
+}
+exports.default = Robots;

package/dist/seo/Sitemap.js

@@ -0,0 +1,32 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class Sitemap extends Test_1.default {
+    name = 'Sitemap';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const robotsResponse = await request_1.default.get(`${url}/robots.txt`);
+        let sitemapUrl = `${url}/sitemap.xml`;
+        if (Math.floor(robotsResponse.statusCode / 100) === 2) {
+            const lines = robotsResponse.body.split(/\r?\n/);
+            const sitemap = lines.find(line => line.startsWith('Sitemap'));
+            if (typeof sitemap !== 'undefined') {
+                sitemapUrl = sitemap.split(' ')[1];
+            }
+        }
+        const response = await request_1.default.get(sitemapUrl);
+        const xml = await (0, functions_1.parseXml)(response);
+        return {
+            status: 'sitemapindex' in xml || 'urlset' in xml ? 'SUCCESS' : 'WARNING',
+            title: this.constructor.name,
+            description: '',
+        };
+    }
+}
+exports.default = Sitemap;

package/dist/seo/Title.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class Title extends Test_1.default {
+    name = 'Title';
+    async test({ url }) {
+        logger_1.default.info(`Starting ${this.constructor.name} test...`);
+        const response = await request_1.default.get(url);
+        const html = await (0, functions_1.parseHtml)(response);
+        const title = (0, functions_1.getTitle)(html);
+        const subTests = this.checkTitle(title);
+        return {
+            status: this.getStatus(subTests.map(test => test.status)),
+            title: this.constructor.name,
+            description: '',
+            results: subTests,
+        };
+    }
+    checkTitle(title) {
+        const results = [];
+        results.push({
+            status: typeof title !== 'undefined' && title.length > 0 ? 'SUCCESS' : 'WARNING',
+            title: 'Title tag',
+        });
+        results.push({
+            status: Array.isArray(title) ? 'ERROR' : 'SUCCESS',
+            title: 'Duplicate title tag',
+            description: `HTML should contain just one title tag.`,
+        });
+        results.push({
+            status: title.length <= 60 ? 'SUCCESS' : 'WARNING',
+            title: 'Title length',
+            description: `Title length should be under 60 characters and it is ${title.length}.`,
+        });
+        return results;
+    }
+}
+exports.default = Title;

package/dist/seo/index.js

@@ -0,0 +1,47 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const Title_1 = __importDefault(require("./Title"));
+const Heading_1 = __importDefault(require("./Heading"));
+const Sitemap_1 = __importDefault(require("./Sitemap"));
+const Robots_1 = __importDefault(require("./Robots"));
+class SEO extends Test_1.default {
+    name = 'SEO';
+    constructor() {
+        super();
+        this.tests = [
+            new Title_1.default(),
+            new Heading_1.default(),
+            new Sitemap_1.default(),
+            new Robots_1.default(),
+        ];
+    }
+    async test(params) {
+        const tests = this.getTests();
+        const results = [];
+        for (const test of tests) {
+            let result = null;
+            try {
+                result = await test.run(params);
+            }
+            catch {
+                result = {
+                    status: 'ERROR',
+                    title: test.name,
+                    description: 'Test failed or cannot be run!',
+                };
+            }
+            results.push(result);
+        }
+        return {
+            status: this.getStatus(results.map(result => result.status)),
+            title: this.name,
+            description: '',
+            results,
+        };
+    }
+}
+exports.default = SEO;

package/dist/wordpress/DefaultFiles.js

@@ -0,0 +1,50 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+class DefaultFiles extends Test_1.default {
+    name = 'Default files';
+    files = [
+        'readme.html',
+        'licence.txt',
+        'wp-config-sample.php',
+        'wp-admin/install.php',
+        'wp-admin/upgrade.php',
+    ];
+    async test({ url }) {
+        logger_1.default.info('Starting default files test...');
+        let results = [];
+        results = await this.checkFiles(url);
+        return {
+            status: this.getStatus(results.map(result => result.status)),
+            title: 'Default files',
+            description: '',
+            results: results,
+        };
+    }
+    async checkFiles(url) {
+        const results = [];
+        for (const file of this.files) {
+            const response = await request_1.default.get(`${url.endsWith('/') ? url.substring(0, url.length - 1) : url}/${file}`);
+            if (Math.floor(response.statusCode / 100) === 2 || Math.floor(response.statusCode / 100) === 5) {
+                results.push({
+                    status: 'WARNING',
+                    title: file,
+                    description: `The ${file} file is reachable on the server!`
+                });
+                continue;
+            }
+            results.push({
+                status: 'SUCCESS',
+                title: file,
+                description: `The ${file} file is not reachable on the server.`,
+            });
+        }
+        return results;
+    }
+}
+exports.default = DefaultFiles;

package/dist/wordpress/Generator.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const request_1 = __importDefault(require("../request"));
+const logger_1 = __importDefault(require("../logger"));
+const functions_1 = require("../functions");
+class Generator extends Test_1.default {
+    name = 'Generator';
+    async test({ url }) {
+        logger_1.default.info('Starting default files test...');
+        const results = [];
+        results.push(await this.checkHTML(url));
+        results.push(await this.checkRSSFeed(url));
+        return {
+            status: this.getStatus(results.map(result => result.status)),
+            title: this.name,
+            description: '',
+            results: results,
+        };
+    }
+    async checkHTML(url) {
+        const response = await request_1.default.get(url);
+        const html = await (0, functions_1.parseHtml)(response);
+        const generators = (0, functions_1.getGenerator)(html);
+        /* eslint-disable-next-line  @typescript-eslint/no-explicit-any */
+        if (generators.some((generator) => generator.attribs.content.toLowerCase().includes('wordpress'))) {
+            return {
+                status: 'WARNING',
+                title: 'HTML Tag',
+                description: 'Page contains inmformation about its generator!',
+            };
+        }
+        return {
+            status: 'SUCCESS',
+            title: 'HTML Tag',
+            description: 'Page doesn\t contain any information about its generator.',
+        };
+    }
+    async checkRSSFeed(url) {
+        const response = await request_1.default.get(`${url.endsWith('/') ? url.substring(0, url.length - 1) : url}/feed/`);
+        if (response.response.headers.get('content-type').startsWith('application/rss+xml') && response.body.includes('<generator>https://wordpress.org')) {
+            return {
+                status: 'WARNING',
+                title: 'RSS Feed',
+                description: 'RSS feed contains information about its generator!',
+            };
+        }
+        return {
+            status: 'SUCCESS',
+            title: 'RSS Feed',
+            description: 'RSS feed doesn\t contain any information about its generator.',
+        };
+    }
+}
+exports.default = Generator;

package/dist/wordpress/index.js

@@ -0,0 +1,43 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const Test_1 = __importDefault(require("../Test"));
+const DefaultFiles_1 = __importDefault(require("./DefaultFiles"));
+const Generator_1 = __importDefault(require("./Generator"));
+class WordPress extends Test_1.default {
+    name = 'WordPress';
+    constructor() {
+        super();
+        this.tests = [
+            new DefaultFiles_1.default(),
+            new Generator_1.default(),
+        ];
+    }
+    async test(params) {
+        const tests = this.getTests();
+        const results = [];
+        for (const test of tests) {
+            let result = null;
+            try {
+                result = await test.run(params);
+            }
+            catch {
+                result = {
+                    status: 'ERROR',
+                    title: test.name,
+                    description: 'Test failed or cannot be run!',
+                };
+            }
+            results.push(result);
+        }
+        return {
+            status: this.getStatus(results.map(result => result.status)),
+            title: this.name,
+            description: '',
+            results,
+        };
+    }
+}
+exports.default = WordPress;

package/package.json

@@ -1,60 +1,69 @@
 {
-    "name": "pentest-tool-lite",
-    "description": "Check your website ( or any other website ) for common vulnerabilities.",
-    "version": "3.9.3",
-    "homepage": "https://pentest-tool-lite.com",
-    "license": "MIT",
-    "author": {
-        "name": "Matej Jellus",
-        "email": "juffalow@juffalow.com",
-        "url": "https://juffalow.com"
-    },
-    "bin": {
-        "pentest-tool-lite": "./src/index"
-    },
-    "dependencies": {
-        "@google-cloud/web-risk": "^4.0.1",
-        "commander": "^6.0.0",
-        "csso": "^5.0.5",
-        "domhandler": "^4.2.2",
-        "htmlparser2": "^7.1.2",
-        "node-fetch": "^2.6.0",
-        "ssl-checker": "^2.0.7",
-        "uglify-js": "^3.6.1",
-        "whois": "^2.14.2",
-        "xml2js": "^0.6.2"
-    },
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/juffalow/pentest-tool-lite.git"
-    },
-    "bugs": {
-        "url": "https://github.com/juffalow/pentest-tool-lite/issues"
-    },
-    "scripts": {
-        "start": "tsc && node dist/src/index.js",
-        "build": "tsc",
-        "lint": "eslint . --ext .ts",
-        "test": "jest"
-    },
-    "devDependencies": {
-        "@types/jest": "^29.4.0",
-        "@types/node": "^20.12.2",
-        "@types/node-fetch": "^2.5.7",
-        "@types/uglify-js": "^3.0.4",
-        "@types/xml2js": "^0.4.5",
-        "@typescript-eslint/eslint-plugin": "^5.1.0",
-        "@typescript-eslint/parser": "^5.1.0",
-        "eslint": "^8.0.1",
-        "jest": "^29.4.3",
-        "ts-jest": "^29.0.5",
-        "typescript": "^5.2.2"
-    },
-    "keywords": [
-        "pentest-tool",
-        "pentesting",
-        "penetration-test",
-        "analyzer",
-        "analyser"
-    ]
-}
+  "name": "pentest-tool-lite",
+  "description": "Check your website ( or any other website ) for common vulnerabilities.",
+  "version": "3.10.8",
+  "homepage": "https://pentest-tool-lite.com",
+  "license": "MIT",
+  "author": {
+    "name": "Matej Jellus",
+    "email": "juffalow@juffalow.com",
+    "url": "https://juffalow.com"
+  },
+  "bin": "./dist/index",
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": "./dist/index.js",
+    "./dist": "./dist/index.js",
+    "./package.json": "./package.json"
+  },
+  "dependencies": {
+    "@google-cloud/web-risk": "^4.0.1",
+    "commander": "^6.0.0",
+    "csso": "^5.0.5",
+    "domhandler": "^4.2.2",
+    "htmlparser2": "^7.1.2",
+    "node-html-markdown": "^2.0.0",
+    "ssl-checker": "^2.0.7",
+    "uglify-js": "^3.6.1",
+    "whois": "^2.14.2",
+    "xml2js": "^0.6.2"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/juffalow/pentest-tool-lite.git"
+  },
+  "bugs": {
+    "url": "https://github.com/juffalow/pentest-tool-lite/issues"
+  },
+  "scripts": {
+    "start": "tsc && node dist/src/index.js",
+    "start-build": "tsc -w --preserveWatchOutput",
+    "start-test": "node dist/src/index.js",
+    "build": "tsc",
+    "lint": "eslint",
+    "test": "jest"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.17.0",
+    "@types/jest": "^29.4.0",
+    "@types/node": "^22.5.0",
+    "@types/uglify-js": "^3.0.4",
+    "@types/xml2js": "^0.4.5",
+    "eslint": "^9.17.0",
+    "globals": "^15.14.0",
+    "jest": "^29.4.3",
+    "ts-jest": "^29.0.5",
+    "typescript": "^5.2.2",
+    "typescript-eslint": "^8.18.1"
+  },
+  "keywords": [
+    "pentest-tool",
+    "pentesting",
+    "penetration-test",
+    "analyzer",
+    "analyser"
+  ],
+  "packageManager": "yarn@4.12.0"
+}

package/src/Pentest.js

@@ -1,43 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const security_1 = __importDefault(require("./security"));
-const dns_1 = __importDefault(require("./dns"));
-const html_1 = __importDefault(require("./html"));
-const seo_1 = __importDefault(require("./seo"));
-const wordpress_1 = __importDefault(require("./wordpress"));
-class Pentest {
-    run(url) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const general = new dns_1.default();
-            const security = new security_1.default();
-            const html = new html_1.default();
-            const seo = new seo_1.default();
-            const wordPress = new wordpress_1.default();
-            const generalResult = yield general.run({ url });
-            const securityResult = yield security.run({ url });
-            const htmlResult = yield html.run({ url });
-            const seoResult = yield seo.run({ url });
-            const wordPressResult = yield wordPress.run({ url });
-            return {
-                security: securityResult,
-                dns: generalResult,
-                html: htmlResult,
-                seo: seoResult,
-                wordpress: wordPressResult,
-            };
-        });
-    }
-}
-exports.default = Pentest;