You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
147 lines
2.9 KiB
147 lines
2.9 KiB
#!/usr/bin/env bash |
|
|
|
error(){ |
|
echo "$@" >&2 |
|
exit 1 |
|
} |
|
|
|
maybeMkdir(){ |
|
[ -d "$1" ] || mkdir "$1" |
|
} |
|
|
|
|
|
RED='\033[0;31m' |
|
LRED='\033[1;31m' |
|
YELLOW='\033[1;33m' |
|
GREEN='\033[0;32m' |
|
LGREEN='\033[1;32m' |
|
LBLUE='\033[1;34m' |
|
CYAN='\033[0;36m' |
|
LCYAN='\033[1;36m' |
|
ORANGE='\033[0;33m' |
|
LGREY='\033[0;37m' |
|
WHITE='\033[1;37m' |
|
NC='\033[0m' # No Color |
|
|
|
stripAnsi(){ |
|
sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g" |
|
} |
|
|
|
drawInBox(){ |
|
innerWidth="45" |
|
echo -en "${LBLUE}╭" |
|
head -c $innerWidth /dev/zero | tr '\0' '-' |
|
echo -e "╮${NC}" |
|
while IFS= read -r line; do |
|
# The ansi characters mess up the string length so we need to strip them to calculate the width |
|
stripped="$(echo -n "$line" | stripAnsi)" |
|
leftPad=$(( ( innerWidth - ${#stripped} ) / 2)) |
|
rightPad=$(( ( innerWidth - leftPad ) - ${#stripped} )) |
|
echo -en "${LBLUE}|${NC}" |
|
head -c $leftPad /dev/zero | tr '\0' ' ' |
|
echo -n "$line" |
|
head -c $rightPad /dev/zero | tr '\0' ' ' |
|
echo -e "${LBLUE}|${NC}" |
|
done |
|
echo -en "${LBLUE}╰" |
|
head -c $innerWidth /dev/zero | tr '\0' '-' |
|
echo -e "╯${NC}" |
|
} |
|
|
|
portOpen(){ |
|
nc -z -w5 "$domain" "$1" |
|
} |
|
|
|
portStatus(){ |
|
portOpen "$1" && |
|
echo "Port $1 open" || |
|
echo "Port $1 closed" |
|
} |
|
|
|
action_nmap(){ |
|
echo "Running nmap" | drawInBox |
|
maybeMkdir nmap |
|
nmap -sC -sV -Pn -oA "nmap/$domain" "$domain" |
|
} |
|
|
|
action_testredirect(){ |
|
echo "Testing that http redirects to https" | drawInBox |
|
finalUrl="$(curl -Ls -o /dev/null -w %{url_effective} "http://$domain")" |
|
case "$finalUrl" in |
|
"http://"*) echo -e "${RED} http://$domain -> $finalUrl${NC}" ;; |
|
"https://"*) echo -e "${GREEN} http://$domain -> $finalUrl${NC}" ;; |
|
esac |
|
} |
|
|
|
action_testssl(){ |
|
echo "testssl on 443" | drawInBox |
|
testssl --color 2 --logfile "ssl/testssl.out" "$domain" |
|
} |
|
|
|
action_clickjacking(){ |
|
echo "Testing for clickjacking" | drawInBox |
|
finalUrl="$(curl -Ls -o /dev/null -w %{url_effective} "http://$domain")" |
|
if curl -s --head "$finalUrl" | grep -q 'X-Frame-Options'; then |
|
echo -e "${GREEN}$domain doesnt appear to be susceptible to clickjacking${NC}" |
|
else |
|
echo -e "${RED}$domain does appear to be susceptible to clickjacking${NC}" |
|
echo "Evidence in clickjacking folder" |
|
maybeMkdir clickjacking |
|
curl --head -s "$finalUrl" >> clickjacking/headers |
|
clickjacking "$finalUrl" clickjacking/screenshot.png |
|
fi |
|
} |
|
|
|
action_all(){ |
|
action_nmap |
|
action_clickjacking |
|
# Xss header |
|
# determine cms? |
|
# cms specific enum |
|
# spider a bit |
|
# Look for login, password reset, signup pages |
|
|
|
# Check for username enum |
|
|
|
|
|
|
|
if portOpen 443; then |
|
action_testredirect |
|
action_testssl |
|
#action_hsts |
|
fi |
|
|
|
} |
|
|
|
domain="" |
|
action="all" |
|
|
|
while [ -n "$1" ]; do |
|
case "$1" in |
|
"-d"|"--domain") |
|
domain="${2##*//}" |
|
shift; shift |
|
;; |
|
"-a"|"--action") |
|
action="$2" |
|
shift; shift |
|
;; |
|
"--") |
|
shift |
|
break |
|
;; |
|
*) |
|
error "Unknown option $1" |
|
;; |
|
esac |
|
done |
|
|
|
|
|
[ -z "$domain" ] && error "You need to give a domain or ip address" |
|
|
|
|
|
|
|
maybeMkdir "$domain" |
|
cd "$domain" |
|
|
|
"action_$action" "$@"
|
|
|