#!/usr/bin/env bash error(){ echo "$@" >&2 exit 1 } maybeMkdir(){ [ -d "$1" ] || mkdir "$1" } RED='\033[0;31m' LRED='\033[1;31m' YELLOW='\033[1;33m' GREEN='\033[0;32m' LGREEN='\033[1;32m' LBLUE='\033[1;34m' CYAN='\033[0;36m' LCYAN='\033[1;36m' ORANGE='\033[0;33m' LGREY='\033[0;37m' WHITE='\033[1;37m' NC='\033[0m' # No Color stripAnsi(){ sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g" } drawInBox(){ innerWidth="45" echo -en "${LBLUE}╭" head -c $innerWidth /dev/zero | tr '\0' '-' echo -e "╮${NC}" while IFS= read -r line; do # The ansi characters mess up the string length so we need to strip them to calculate the width stripped="$(echo -n "$line" | stripAnsi)" leftPad=$(( ( innerWidth - ${#stripped} ) / 2)) rightPad=$(( ( innerWidth - leftPad ) - ${#stripped} )) echo -en "${LBLUE}|${NC}" head -c $leftPad /dev/zero | tr '\0' ' ' echo -n "$line" head -c $rightPad /dev/zero | tr '\0' ' ' echo -e "${LBLUE}|${NC}" done echo -en "${LBLUE}╰" head -c $innerWidth /dev/zero | tr '\0' '-' echo -e "╯${NC}" } portOpen(){ nc -z -w5 "$domain" "$1" } portStatus(){ portOpen "$1" && echo "Port $1 open" || echo "Port $1 closed" } action_nmap(){ echo "Running nmap" | drawInBox maybeMkdir nmap nmap -sC -sV -Pn -oA "nmap/$domain" "$domain" } action_testredirect(){ echo "Testing that http redirects to https" | drawInBox finalUrl="$(curl -Ls -o /dev/null -w %{url_effective} "http://$domain")" case "$finalUrl" in "http://"*) echo -e "${RED} http://$domain -> $finalUrl${NC}" ;; "https://"*) echo -e "${GREEN} http://$domain -> $finalUrl${NC}" ;; esac } action_testssl(){ echo "testssl on 443" | drawInBox testssl --color 2 --logfile "ssl/testssl.out" "$domain" } action_clickjacking(){ echo "Testing for clickjacking" | drawInBox finalUrl="$(curl -Ls -o /dev/null -w %{url_effective} "http://$domain")" if curl -s --head "$finalUrl" | grep -q 'X-Frame-Options'; then echo -e "${GREEN}$domain doesnt appear to be susceptible to clickjacking${NC}" else echo -e "${RED}$domain does appear to be susceptible to clickjacking${NC}" echo "Evidence in clickjacking folder" maybeMkdir clickjacking curl --head -s "$finalUrl" >> clickjacking/headers clickjacking "$finalUrl" clickjacking/screenshot.png fi } action_all(){ action_nmap action_clickjacking # Xss header # determine cms? # cms specific enum # spider a bit # Look for login, password reset, signup pages # Check for username enum if portOpen 443; then action_testredirect action_testssl #action_hsts fi } domain="" action="all" while [ -n "$1" ]; do case "$1" in "-d"|"--domain") domain="${2##*//}" shift; shift ;; "-a"|"--action") action="$2" shift; shift ;; "--") shift break ;; *) error "Unknown option $1" ;; esac done [ -z "$domain" ] && error "You need to give a domain or ip address" maybeMkdir "$domain" cd "$domain" "action_$action" "$@"