sentinel-scanner 2.4.1 → 2.5.0

package/src/modules/headers/index.ts

@@ -1,179 +0,0 @@
-import type { Vulnerability } from "../../index.js";
-import { generateCVSS } from "../../utils/index.js";
-import { createLogger } from "../../utils/index.js";
-import { informationLeakChecks, securityChecks } from "./headers.js";
-
-const DEFAULT_CVSS_BASE = {
-	attackVector: "N",
-	attackComplexity: "L",
-	privilegesRequired: "N",
-	userInteraction: "N",
-	scope: "U",
-	confidentialityImpact: "N",
-	integrityImpact: "N",
-	availabilityImpact: "N",
-};
-
-export type HeaderScannerOptions = {
-	spiderResults: Array<string>;
-	retries?: number;
-	timeout?: number;
-	concurrency?: number;
-};
-
-export type HeadersData = {
-	name: string;
-	description: string;
-	recommendation: string;
-	check: (value: string) => boolean;
-};
-
-export default class HeaderScanner {
-	private securityHeaders: HeadersData[];
-	private informationalHeaders: HeadersData[];
-	private spiderResults: Array<string>;
-	private logger = createLogger("Header Scanner");
-	private retries = 3;
-	private timeout = 5000;
-	private concurrency = 10;
-	private vulnerabilities: Array<Vulnerability> = [];
-
-	constructor(options: HeaderScannerOptions) {
-		this.spiderResults = options.spiderResults;
-
-		if (options.retries) {
-			this.retries = options.retries;
-		}
-
-		if (options.timeout) {
-			this.timeout = options.timeout;
-		}
-
-		if (options.concurrency) {
-			this.concurrency = options.concurrency;
-		}
-
-		this.securityHeaders = securityChecks;
-		this.informationalHeaders = informationLeakChecks;
-	}
-
-	private withRetries = async <T>(
-		fn: () => Promise<T>,
-		retries: number,
-	): Promise<T> => {
-		let lastError: Error | undefined;
-		for (let i = 0; i < retries; i++) {
-			try {
-				return await fn();
-			} catch (error) {
-				lastError = error as Error;
-			}
-		}
-		throw lastError;
-	};
-
-	private getHeaders = async (url: string): Promise<Headers> => {
-		const response = await fetch(url);
-		return response.headers;
-	};
-
-	private chunkArray = <T>(
-		array: Array<T>,
-		chunkSize: number,
-	): Array<Array<T>> => {
-		const chunks = [];
-		for (let i = 0; i < array.length; i += chunkSize) {
-			chunks.push(array.slice(i, i + chunkSize));
-		}
-		return chunks;
-	};
-
-	private checkHeaders = (headers: Headers, url: string): void => {
-		for (const header of this.securityHeaders) {
-			const hasheader = headers.has(header.name);
-			if (hasheader) {
-				const value = headers.get(header.name);
-				if (!value) {
-					// handle Missing Security Headers
-					const { baseScore: score, severity: level } = generateCVSS(
-						"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-					);
-
-					this.vulnerabilities.push({
-						type: level,
-						severity: score,
-						url,
-						description: `Header ${header.name} was not found. ${header.description} recommendation: ${header.recommendation}`,
-					});
-
-					continue;
-				}
-
-				const check = header.check(value);
-
-				if (!check) {
-					// handle Insecure value for header
-					const { baseScore: score, severity: level } = generateCVSS(
-						"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-					);
-
-					this.vulnerabilities.push({
-						type: level,
-						severity: score,
-						url,
-						description: `Header ${header.name} was found it had the following value ${value} it ${header.description} recommendation: ${header.recommendation}`,
-					});
-				}
-			}
-		}
-
-		for (const infoHeader of this.informationalHeaders) {
-			// Should Not Have Informational Headers
-			const hasheader = headers.has(infoHeader.name);
-			if (hasheader) {
-				const value = headers.get(infoHeader.name);
-				if (!value) {
-					continue;
-				}
-
-				const check = infoHeader.check(value);
-
-				if (!check) {
-					// handle Insecure value for header
-					const { baseScore: score, severity: level } = generateCVSS(
-						"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-					);
-
-					this.vulnerabilities.push({
-						type: level,
-						severity: score,
-						url,
-						description: `Header ${infoHeader.name} was found it ${infoHeader.description} recommendation: ${infoHeader.recommendation}`,
-					});
-				}
-			}
-		}
-	};
-
-	async scan(): Promise<Array<Vulnerability>> {
-		const chunks = this.chunkArray(this.spiderResults, 10);
-
-		for (const chunk of chunks) {
-			await Promise.all(
-				chunk.map(async (url) => {
-					try {
-						const headers = await this.withRetries(
-							() => this.getHeaders(url),
-							this.retries,
-						);
-						this.checkHeaders(headers, url);
-					} catch (error) {
-						this.logger.error(`Error scanning headers for ${url}: ${error}`);
-					}
-				}),
-			);
-		}
-
-		return this.vulnerabilities;
-	}
-}

package/src/modules/ports/index.ts

@@ -1,311 +0,0 @@
-import dns from "node:dns";
-import net from "node:net";
-import { createLogger, generateCVSS } from "../../utils/index.js";
-import type { Vulnerability } from "../../utils/types.js"; // Assuming this interface is in types.ts
-
-export interface PortsScannerOpts {
-	spiderResults: Array<string>;
-	fromPort?: number;
-	toPort?: number;
-	allowList?: Array<number>;
-	concurrency?: number;
-	timeout?: number;
-}
-
-export default class PortsScanner {
-	private allowList: Array<number> = [22, 80, 443];
-	private toScan: Array<number> = [];
-	private spiderResults: Array<string> = [];
-	private concurrency = 30;
-	private timeout = 10000;
-	private domain: Set<string> = new Set();
-	private logger = createLogger("PortsScanner");
-
-	constructor(opts: PortsScannerOpts) {
-		this.spiderResults = opts.spiderResults;
-		this.allowList = opts.allowList || this.allowList;
-		this.toScan = this.getPortsToScan(opts.fromPort, opts.toPort);
-		this.concurrency = opts.concurrency || this.concurrency;
-		this.timeout = opts.timeout || this.timeout;
-
-		this.validateSpiderResults(this.spiderResults);
-
-		this.spiderResults.map((url) => {
-			this.domain.add(this.getDomainFromUrl(url));
-		});
-
-		this.logger.info(
-			`PortsScanner initialized with ${this.domain.size} domains and ${this.toScan.length} ports to scan`,
-		);
-	}
-
-	private validateSpiderResults(spiderResults: Array<string>) {
-		if (!spiderResults) {
-			throw new Error("Missing required spiderResults parameter");
-		}
-
-		if (!Array.isArray(spiderResults)) {
-			throw new Error("spiderResults must be an array");
-		}
-
-		if (Array.isArray(spiderResults) && spiderResults.length === 0) {
-			throw new Error("spiderResults array cannot be empty");
-		}
-
-		spiderResults.some((url) => {
-			if (typeof url !== "string") {
-				throw new Error("spiderResults array must contain only strings");
-			}
-		});
-	}
-
-	private getPortsToScan(fromPort = 1, toPort = 65535): Array<number> {
-		const allowSet = new Set(this.allowList);
-		const ports = [];
-
-		for (let i = fromPort; i <= toPort; i++) {
-			if (!allowSet.has(i)) {
-				ports.push(i);
-			}
-		}
-
-		this.logger.info(`Scanning ports from ${fromPort} to ${toPort}`);
-
-		return ports;
-	}
-
-	private getDomainFromUrl(url: string): string {
-		const urlObj = new URL(url);
-		return urlObj.hostname;
-	}
-
-	// Scan a specific port on a given IP
-	private async scanPort(host: string, port: number): Promise<boolean> {
-		this.logger.info(`Scanning port ${port} on ${host}`);
-		return new Promise((resolve, reject) => {
-			const socket = new net.Socket();
-
-			// Create a timeout using setTimeout
-			const timeout = setTimeout(() => {
-				socket.destroy();
-				this.logger.info(`Timeout occurred for ${host}:${port}`);
-				resolve(false); // Timeout occurred
-			}, this.timeout);
-
-			socket.on("connect", () => {
-				clearTimeout(timeout); // Clear timeout when connection is successful
-				socket.destroy();
-				this.logger.info(`Port ${port} is open on ${host}`);
-				resolve(true); // Port is open
-			});
-
-			socket.on("timeout", () => {
-				clearTimeout(timeout); // Clear timeout in case of socket timeout event
-				socket.destroy();
-				this.logger.info(`Timeout for ${host}:${port}`);
-				resolve(false); // Timeout event triggered
-			});
-
-			socket.on("error", (err) => {
-				clearTimeout(timeout); // Clear timeout in case of socket error
-				socket.destroy();
-				this.logger.info(`Error for ${host}:${port} - ${err.message}`);
-				resolve(false); // Port closed or connection failed
-			});
-
-			socket.connect(port, host); // Initiates connection to the port
-		});
-	}
-
-	private async scanDomain(domain: string): Promise<Vulnerability[]> {
-		const vulnerabilities: Vulnerability[] = [];
-		for (const port of this.toScan) {
-			try {
-				const isOpen = await this.scanPort(domain, port);
-				if (isOpen) {
-					const vulnerability = await this.generateVulnerability(domain, port);
-					this.logger.info(
-						`Vulnerability found: ${vulnerability.severity} - ${vulnerability.description} - ${vulnerability.url} - ${vulnerability.type}`,
-					);
-					if (vulnerability) vulnerabilities.push(vulnerability);
-				}
-			} catch (err) {
-				this.logger.error(`Error scanning port ${port} on ${domain}: ${err}`);
-			}
-		}
-		return vulnerabilities;
-	}
-
-	// Limit the number of concurrent scans
-	private async executeWithConcurrency<T>(
-		tasks: (() => Promise<T>)[],
-		concurrency: number,
-	): Promise<T[]> {
-		const results: T[] = [];
-		const queue: Array<() => Promise<T>> = [...tasks];
-		let activePromises = 0;
-
-		this.logger.info(
-			`Executing ${tasks.length} tasks with concurrency ${concurrency}`,
-		);
-
-		// Helper to process a task
-		const processQueue = async () => {
-			if (queue.length === 0 && activePromises === 0) return; // All tasks done
-
-			if (activePromises < concurrency && queue.length > 0) {
-				const nextTask = queue.shift();
-				if (!nextTask) return;
-				activePromises++;
-				try {
-					const result = await nextTask();
-					results.push(result);
-				} catch (err) {
-					console.error(err);
-				} finally {
-					activePromises--;
-					// Continue processing the queue recursively
-					await processQueue(); // Await the recursive call
-				}
-			}
-		};
-
-		// Start processing the queue
-		await processQueue();
-
-		return results;
-	}
-
-	private getBanner(host: string, port: number): Promise<string> {
-		return new Promise((resolve, reject) => {
-			const socket = new net.Socket();
-			let banner = "";
-
-			socket.setTimeout(this.timeout);
-
-			socket.on("data", (data) => {
-				this.logger.info(`Received data from ${host}:${port} - ${data}`);
-				banner += data.toString();
-			});
-
-			socket.on("end", () => {
-				socket.destroy();
-				this.logger.info(`Banner for ${host}:${port} - ${banner}`);
-				resolve(banner);
-			});
-
-			socket.on("timeout", () => {
-				socket.destroy();
-				this.logger.info(`Timeout for ${host}:${port}`);
-				resolve(banner);
-			});
-
-			socket.on("error", () => {
-				socket.destroy();
-				this.logger.info(`Error for ${host}:${port}`);
-				resolve(banner);
-			});
-
-			socket.connect(port, host);
-		});
-	}
-
-	// Generate a vulnerability report based on the open port
-	private async generateVulnerability(
-		domain: string,
-		port: number,
-	): Promise<Vulnerability> {
-		let type: Vulnerability["type"] = "Info";
-		let severity = 1;
-		let description = `Port ${port} is open on ${domain}`;
-		let payloads: string[] | undefined;
-
-		const banner = await this.getBanner(domain, port);
-
-		if (banner.includes("SSH")) {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
-			).baseScore;
-			description = "SSH service detected. Ensure strong credentials.";
-		} else if (banner.includes("HTTP")) {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-			).baseScore;
-			description =
-				"HTTP service detected. Check for outdated software or misconfigurations.";
-		} else if (banner.includes("HTTPS")) {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
-			).baseScore;
-			description =
-				"HTTPS service detected. Ensure SSL/TLS is properly configured.";
-		} else if (banner.includes("MySQL")) {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
-			).baseScore;
-			description =
-				"MySQL service detected. Verify access restrictions and secure configurations.";
-		} else if (banner.includes("SMTP")) {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
-			).baseScore;
-			description =
-				"SMTP service detected. Verify access restrictions and secure configurations.";
-		} else if (banner.includes("FTP")) {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-			).baseScore;
-			description =
-				"FTP service detected. Verify access restrictions and secure configurations.";
-		} else {
-			type = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:U/UI:N/S:U/C:U/I:U/A:U",
-			).severity;
-			severity = generateCVSS(
-				"CVSS:3.0/AV:N/AC:L/PR:U/UI:N/S:U/C:U/I:U/A:U",
-			).baseScore;
-			description = `Unknown service on port ${port}. Investigate further. Banner of the service: ${banner}`;
-		}
-
-		return {
-			type,
-			severity,
-			url: `${domain}:${port}`,
-			description,
-			payloads,
-		};
-	}
-
-	// Start scanning
-	public async scan(): Promise<Vulnerability[]> {
-		this.logger.info("Starting scan");
-		const tasks = Array.from(this.domain).map((domain) => () => {
-			this.logger.info(`Scanning domain ${domain}`);
-			return this.scanDomain(domain);
-		});
-
-		const vulnerabilities = await this.executeWithConcurrency(
-			tasks,
-			this.concurrency,
-		);
-		return vulnerabilities.flat();
-	}
-}

package/src/modules/spider/index.ts

@@ -1,178 +0,0 @@
-import jsdom from "jsdom";
-import UserAgent from "user-agents";
-import { createLogger } from "../../utils/index.js";
-
-export interface SpiderScannerOptions {
-	depth?: number;
-	concurrency?: number;
-	retries?: number;
-	timeout?: number;
-}
-
-export default class SpiderScanner {
-	private header: Record<string, string> = {
-		"User-Agent": new UserAgent().toString(),
-	};
-	private url: URL;
-	private logger = createLogger("SpiderScanner");
-
-	private depth: number;
-	private concurrency: number;
-	private retries: number;
-	private timeout: number;
-
-	constructor(url: string, options: SpiderScannerOptions = {}) {
-		const {
-			depth = 250,
-			concurrency = 5,
-			retries = 3,
-			timeout = 5000,
-		} = options;
-		this.depth = depth;
-		this.concurrency = concurrency;
-		this.retries = retries;
-		this.timeout = timeout;
-
-		try {
-			this.url = new URL(url);
-			this.logger.info(
-				`Initialized with URL: ${url}, User-Agent: ${this.header["User-Agent"]}`,
-			);
-		} catch (error) {
-			if (error instanceof TypeError) {
-				this.logger.error("Invalid URL");
-				throw new Error("Invalid URL");
-			}
-			this.logger.error(`Unexpected error in constructor: ${error}`);
-			throw error;
-		}
-	}
-
-	private normalizeDomain(domain: string): string {
-		return domain.startsWith("www.") ? domain.slice(4) : domain;
-	}
-
-	private convertRelativeUrlToAbsolute(url: string): string {
-		return new URL(url, this.url.toString()).toString();
-	}
-
-	private isInternalLink(url: string): boolean {
-		try {
-			const parsedUrl = new URL(url, this.url.href);
-			if (!["http:", "https:"].includes(parsedUrl.protocol)) {
-				return false;
-			}
-			const baseDomain = this.normalizeDomain(this.url.hostname);
-			const parsedDomain = this.normalizeDomain(parsedUrl.hostname);
-			return parsedDomain === baseDomain;
-		} catch (error) {
-			this.logger.warn(`Error parsing URL: ${url} - ${error}`);
-			return false;
-		}
-	}
-
-	private async fetchWithRetries(
-		url: string,
-		retries: number,
-	): Promise<string | null> {
-		for (let attempt = 1; attempt <= retries; attempt++) {
-			const controller = new AbortController();
-			const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-
-			try {
-				this.logger.debug(`Fetching URL (Attempt ${attempt}): ${url}`);
-				const randomUserAgent = new UserAgent().toString();
-				this.logger.info(`Changing User-Agent to: ${randomUserAgent}`);
-				this.header["User-Agent"] = randomUserAgent;
-
-				const response = await fetch(url, {
-					headers: this.header,
-					signal: controller.signal,
-				});
-
-				clearTimeout(timeoutId);
-
-				if (response.ok) {
-					this.logger.info(`Successfully fetched URL: ${url}`);
-					return await response.text();
-				}
-
-				this.logger.warn(`Failed to fetch URL (${response.status}): ${url}`);
-			} catch (error) {
-				if ((error as Error).name === "AbortError") {
-					this.logger.warn(`Fetch timed out: ${url}`);
-				} else {
-					this.logger.error(`Error fetching URL: ${url} - ${error}`);
-				}
-			}
-		}
-		return null;
-	}
-
-	private extractLinks(html: string): string[] {
-		const { JSDOM } = jsdom;
-		const dom = new JSDOM(html);
-		const links = Array.from(dom.window.document.querySelectorAll("a"));
-		const hrefs = links.map((link) => link.href);
-		const internalLinks = hrefs.filter((href) => this.isInternalLink(href));
-		this.logger.debug(
-			`Extracted ${internalLinks.length} internal links from HTML content`,
-		);
-		const assetRegex = new RegExp(
-			/https?:\/\/(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}\/(?:[^ ]*\.(?:jpg|jpeg|png|gif|css|js|svg|woff|woff2|ttf|eot|ico|mp4|webp|pdf))/,
-		);
-
-		return internalLinks
-			.map((link) => this.convertRelativeUrlToAbsolute(link))
-			.filter((link) => !assetRegex.test(link));
-	}
-
-	public async crawl(): Promise<Array<string>> {
-		const visited = new Set<string>();
-		const queue = new Set<string>([this.url.href]);
-		const resultLinks = new Set<string>();
-
-		const fetchAndExtract = async (currentUrl: string) => {
-			if (visited.has(currentUrl)) {
-				this.logger.debug(`Skipping already visited URL: ${currentUrl}`);
-				return;
-			}
-			visited.add(currentUrl);
-			this.logger.info(`Visiting URL: ${currentUrl}`);
-
-			const html = await this.fetchWithRetries(currentUrl, this.retries);
-			if (!html) return;
-
-			const links = this.extractLinks(html);
-
-			for (const link of links) {
-				if (!visited.has(link) && queue.size < this.depth) {
-					queue.add(link);
-					this.logger.debug(`Added to queue: ${link}`);
-				}
-			}
-			resultLinks.add(currentUrl);
-		};
-
-		const processBatch = async () => {
-			const batch = Array.from(queue).slice(0, this.concurrency);
-			for (const url of batch) {
-				queue.delete(url);
-			}
-			await Promise.allSettled(batch.map((url) => fetchAndExtract(url)));
-		};
-
-		this.logger.info(
-			`Starting crawl with depth: ${this.depth}, concurrency: ${this.concurrency}`,
-		);
-		while (queue.size > 0 && visited.size < this.depth) {
-			await processBatch();
-		}
-
-		this.logger.info(
-			`Crawling completed. Total pages visited: ${resultLinks.size}`,
-		);
-
-		return Array.from(resultLinks);
-	}
-}