Skip to content

Instantly share code, notes, and snippets.

@goeroeku

goeroeku/bash-checking.md

Last active April 8, 2019 22:51
Show Gist options
  • Save goeroeku/617a3558fb1d800abf05d43ea150ac44 to your computer and use it in GitHub Desktop.
Save goeroeku/617a3558fb1d800abf05d43ea150ac44 to your computer and use it in GitHub Desktop.
Download ZIP
Bash for checking Vuln
Raw
bash-checking.md

Bash scripting for Vuln Checking

#!/bin/bash
# TheBashter V 1.0 Beta

rm *.bshtr 2> /dev/null

RED='\e[31m'
GRN='\e[32m'
YEL='\e[33m'
CLR='\e[0m'

echo -ne "" > formlist.bshtr

echo ' _____ _          ____            _     _  V 1.0 Beta'
echo '|_   _| |__   ___| __ )  __ _ ___| |__ | |_ ___ _ __ '
echo '  | | | `_ \ / _ \  _ \ / _` / __| `_ \| __/ _ \ `__|'
echo '  | | | | | |  __/ |_) | (_| \__ \ | | | ||  __/ |   '
echo '  |_| |_| |_|\___|____/ \__,_|___/_| |_|\__\___|_|   '
echo '.:: FIND SOMETHING SHIT ON SITE - By @ZeroByte.ID ::.';
echo '';

function UrlSelector() {
	WebSite=${1}
	TargetSite=${2}
	WHTP=$(echo ${TargetSite} | sed 's|//| |g' | awk '{print $1}')
	if [[ ${WebSite} == "#" ]] ;
	then
		echo -ne ""
	elif [[ ! -z $(echo "${WebSite}" | grep -i "[.]pdf\|[.]doc\|docx\|[.]png\|[.]gif\|[.]jpg\|[.]jpeg\|[.]ico\|[.]svg\|[.]css\|[.]js") ]]
	then
		echo -ne ""
	elif [[ ${WebSite} =~ ^"//" ]];
	then
		if [[ ${WebSite} =~ $(echo $TargetSite | sed 's/www.//g' | sed 's/\// /g' | awk '{print $2}') ]];
		then
			PARSEDURI=$(echo ${WebSite} | sed 's|//|/|g')
			echo "[GET] ${WHTP}/${PARSEDURI}"
		fi
	elif [[ ${WebSite} =~ ^"/"[a-zA-Z0-9]* ]];
	then
		PARSEDURI=$(echo "${TargetSite}${WebSite}" | sed 's|//|/|g' | awk '{print $1}' | sed 's|:/|://|g')
		echo "[GET] ${PARSEDURI}"
	elif [[ ${WebSite} =~ ^"http" ]];
	then
		if [[ ${WebSite} =~ $(echo $TargetSite | sed 's/www.//g' | sed 's/\// /g' | awk '{print $2}') ]];
		then
			echo "[GET] ${WebSite}"
		fi
	elif [[ $(echo ${WebSite} | grep -v ^"http" | grep ^"[a-zA-Z0-9]" | grep -v ^'javascript:' | grep -v ^'android-app://' | grep -v ^'ios-app://') ]];
	then
		echo "[GET] ${TargetSite}/${WebSite}" | sed 's|//|/|g' | sed 's|:/|://|g'
	else
		echo -ne ""
	fi	
}

function ChkUrlXSS() {
	FullpathSite=${1}
	if [[ ! -z $(curl -sk "${FullpathSite}/Ghost%3Cbashter%22XSS" | grep 'Ghost<bashter"XSS') ]];
	then
		echo -e "${VulnFound}"
	elif [[ ${FullpathSite} =~ "=" ]];
	then
		FullpathSite2=$(echo ${FullpathSite} | sed 's/=/=Ghost%3Cbashter%22XSS/g')
		if [[ ! -z $(curl -sk "${FullpathSite2}" | grep 'Ghost<bashter"XSS') ]];
		then
			echo -e "${RED}$(date +"[%H:%M:%S]") FATAL: XSS on ${FullpathSite}${CLR}"
		fi
	fi
}

function ChkCORS() {
	FullpathSite=${1}
	WebSource=${2}
	if [[ ! -z $(cat ${WebSource} | grep ^'^' | grep -i "access-control-allow") ]]
	then
		curl -vsk -H "Origin: http://example.com/" ${FullpathSite} &> CORS-Test.gbash
		if [[ $(cat CORS-Test.gbash | grep -i "Access-Control-Allow-Origin" | grep "example.com") ]];
		then
			echo -e "${YEL}$(date +"[%H:%M:%S]") WARN: CORS Missconfiguration on ${FullpathSite}${CLR}"
		fi
	fi
}

function ChkClickjacking() {
	FullpathSite=${1}
	WebSource=${2}
	if [[ -z $(cat ${WebSource} | grep ^'<' | grep -i x-frame-options) ]];
	then
		echo -e "${YEL}$(date +"[%H:%M:%S]") WARN: Clickjacking on \"${FullpathSite}\" X-Frame-Options is not present${CLR}"
	fi
}

function GetSource() {
	WebSrc="${1}"
	cat ${WebSrc} | grep -o 'href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^href=["'"'"']//' -e 's/["'"'"']$//'
	cat ${WebSrc} | grep -o 'src=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^src=["'"'"']//' -e 's/["'"'"']$//'
}

function ChkForm() {
	WEBSRC="${1}"
	FILESRC="${2}"
	IFS=$'\n'
	for FORM in $(cat ${FILESRC} | grep -Po '<form\K.*?(?=>)' | sed 's/^/<form/g' | sed 's/$/>/g')
	do
		FORMPOST=$(echo $FORM | grep -o 'method=['"'"'"][^"'"'"']*['"'"'"]' | grep -i post)
		if [[ $(cat formlist.bshtr | grep ''$FORM'') ]]
		then
			echo -ne ""
		elif [[ -z $FORMPOST ]]
		then
			echo "$(date +"[%H:%M:%S]") INFO: Form GET on \"${WEBSRC}\""
		else 
			echo "$(date +"[%H:%M:%S]") INFO: Form POST on \"${WEBSRC}\""
		fi
		echo $FORM >> formlist.bshtr
	done
}

echo -ne "[?] Input Website : "
read TargetSite
curl -vsk ${TargetSite} &> websourcetemp.bshtr
echo -ne "" > webpathtemp.bshtr
echo -ne "" > websiteslist.bshtr
echo ""
echo "$(date +"[%H:%M:%S]") INFO: Scanning ${TargetSite}..."
ChkForm ${TargetSite} websourcetemp.bshtr
ChkUrlXSS ${TargetSite}
ChkClickjacking ${TargetSite} websourcetemp.bshtr
ChkCORS ${TargetSite} websourcetemp.bshtr
for WebPath in $(GetSource websourcetemp.bshtr)
do
	UrlSelector ${WebPath} ${TargetSite} | awk '{print $2}' >> websiteslist.bshtr
done
echo "${TargetSite}" > websitedone.bshtr
########## SECOND ##########
COMPARV=0
while true
do
	for TargetSite2 in $(cat websiteslist.bshtr)
	do
		if [[ -z $(cat websitedone.bshtr | grep "${TargetSite2}"$) ]]
		then
			curl -vsk ${TargetSite2} &> websourcetemp.bshtr
			ChkForm ${TargetSite2} websourcetemp.bshtr
			ChkUrlXSS ${TargetSite2}
			ChkClickjacking ${TargetSite2} websourcetemp.bshtr
			ChkCORS ${TargetSite2} websourcetemp.bshtr
			for WebPath in $(GetSource websourcetemp.bshtr)
			do
				UrlSelector ${WebPath} ${TargetSite} | awk '{print $2}' >> websiteslist.bshtr
			done
			echo "${TargetSite2}" >> websitedone.bshtr
			COMPART=$(cat websitedone.bshtr | wc -l)
		fi
	done
	if [[ $COMPARV -eq $COMPART ]];
	then
		break
	else
		COMPARV=${COMPART}
	fi
done
rm *.bshtr 2> /dev/null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment