Bash scripting for Vuln Checking
#!/bin/bash
# TheBashter V 1.0 Beta
rm *.bshtr 2> /dev/null
RED='\e[31m'
GRN='\e[32m'
YEL='\e[33m'
CLR='\e[0m'
echo -ne "" > formlist.bshtr
echo ' _____ _ ____ _ _ V 1.0 Beta'
echo '|_ _| |__ ___| __ ) __ _ ___| |__ | |_ ___ _ __ '
echo ' | | | `_ \ / _ \ _ \ / _` / __| `_ \| __/ _ \ `__|'
echo ' | | | | | | __/ |_) | (_| \__ \ | | | || __/ | '
echo ' |_| |_| |_|\___|____/ \__,_|___/_| |_|\__\___|_| '
echo '.:: FIND SOMETHING SHIT ON SITE - By @ZeroByte.ID ::.';
echo '';
function UrlSelector() {
WebSite=${1}
TargetSite=${2}
WHTP=$(echo ${TargetSite} | sed 's|//| |g' | awk '{print $1}')
if [[ ${WebSite} == "#" ]] ;
then
echo -ne ""
elif [[ ! -z $(echo "${WebSite}" | grep -i "[.]pdf\|[.]doc\|docx\|[.]png\|[.]gif\|[.]jpg\|[.]jpeg\|[.]ico\|[.]svg\|[.]css\|[.]js") ]]
then
echo -ne ""
elif [[ ${WebSite} =~ ^"//" ]];
then
if [[ ${WebSite} =~ $(echo $TargetSite | sed 's/www.//g' | sed 's/\// /g' | awk '{print $2}') ]];
then
PARSEDURI=$(echo ${WebSite} | sed 's|//|/|g')
echo "[GET] ${WHTP}/${PARSEDURI}"
fi
elif [[ ${WebSite} =~ ^"/"[a-zA-Z0-9]* ]];
then
PARSEDURI=$(echo "${TargetSite}${WebSite}" | sed 's|//|/|g' | awk '{print $1}' | sed 's|:/|://|g')
echo "[GET] ${PARSEDURI}"
elif [[ ${WebSite} =~ ^"http" ]];
then
if [[ ${WebSite} =~ $(echo $TargetSite | sed 's/www.//g' | sed 's/\// /g' | awk '{print $2}') ]];
then
echo "[GET] ${WebSite}"
fi
elif [[ $(echo ${WebSite} | grep -v ^"http" | grep ^"[a-zA-Z0-9]" | grep -v ^'javascript:' | grep -v ^'android-app://' | grep -v ^'ios-app://') ]];
then
echo "[GET] ${TargetSite}/${WebSite}" | sed 's|//|/|g' | sed 's|:/|://|g'
else
echo -ne ""
fi
}
function ChkUrlXSS() {
FullpathSite=${1}
if [[ ! -z $(curl -sk "${FullpathSite}/Ghost%3Cbashter%22XSS" | grep 'Ghost<bashter"XSS') ]];
then
echo -e "${VulnFound}"
elif [[ ${FullpathSite} =~ "=" ]];
then
FullpathSite2=$(echo ${FullpathSite} | sed 's/=/=Ghost%3Cbashter%22XSS/g')
if [[ ! -z $(curl -sk "${FullpathSite2}" | grep 'Ghost<bashter"XSS') ]];
then
echo -e "${RED}$(date +"[%H:%M:%S]") FATAL: XSS on ${FullpathSite}${CLR}"
fi
fi
}
function ChkCORS() {
FullpathSite=${1}
WebSource=${2}
if [[ ! -z $(cat ${WebSource} | grep ^'^' | grep -i "access-control-allow") ]]
then
curl -vsk -H "Origin: http://example.com/" ${FullpathSite} &> CORS-Test.gbash
if [[ $(cat CORS-Test.gbash | grep -i "Access-Control-Allow-Origin" | grep "example.com") ]];
then
echo -e "${YEL}$(date +"[%H:%M:%S]") WARN: CORS Missconfiguration on ${FullpathSite}${CLR}"
fi
fi
}
function ChkClickjacking() {
FullpathSite=${1}
WebSource=${2}
if [[ -z $(cat ${WebSource} | grep ^'<' | grep -i x-frame-options) ]];
then
echo -e "${YEL}$(date +"[%H:%M:%S]") WARN: Clickjacking on \"${FullpathSite}\" X-Frame-Options is not present${CLR}"
fi
}
function GetSource() {
WebSrc="${1}"
cat ${WebSrc} | grep -o 'href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^href=["'"'"']//' -e 's/["'"'"']$//'
cat ${WebSrc} | grep -o 'src=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^src=["'"'"']//' -e 's/["'"'"']$//'
}
function ChkForm() {
WEBSRC="${1}"
FILESRC="${2}"
IFS=$'\n'
for FORM in $(cat ${FILESRC} | grep -Po '<form\K.*?(?=>)' | sed 's/^/<form/g' | sed 's/$/>/g')
do
FORMPOST=$(echo $FORM | grep -o 'method=['"'"'"][^"'"'"']*['"'"'"]' | grep -i post)
if [[ $(cat formlist.bshtr | grep ''$FORM'') ]]
then
echo -ne ""
elif [[ -z $FORMPOST ]]
then
echo "$(date +"[%H:%M:%S]") INFO: Form GET on \"${WEBSRC}\""
else
echo "$(date +"[%H:%M:%S]") INFO: Form POST on \"${WEBSRC}\""
fi
echo $FORM >> formlist.bshtr
done
}
echo -ne "[?] Input Website : "
read TargetSite
curl -vsk ${TargetSite} &> websourcetemp.bshtr
echo -ne "" > webpathtemp.bshtr
echo -ne "" > websiteslist.bshtr
echo ""
echo "$(date +"[%H:%M:%S]") INFO: Scanning ${TargetSite}..."
ChkForm ${TargetSite} websourcetemp.bshtr
ChkUrlXSS ${TargetSite}
ChkClickjacking ${TargetSite} websourcetemp.bshtr
ChkCORS ${TargetSite} websourcetemp.bshtr
for WebPath in $(GetSource websourcetemp.bshtr)
do
UrlSelector ${WebPath} ${TargetSite} | awk '{print $2}' >> websiteslist.bshtr
done
echo "${TargetSite}" > websitedone.bshtr
########## SECOND ##########
COMPARV=0
while true
do
for TargetSite2 in $(cat websiteslist.bshtr)
do
if [[ -z $(cat websitedone.bshtr | grep "${TargetSite2}"$) ]]
then
curl -vsk ${TargetSite2} &> websourcetemp.bshtr
ChkForm ${TargetSite2} websourcetemp.bshtr
ChkUrlXSS ${TargetSite2}
ChkClickjacking ${TargetSite2} websourcetemp.bshtr
ChkCORS ${TargetSite2} websourcetemp.bshtr
for WebPath in $(GetSource websourcetemp.bshtr)
do
UrlSelector ${WebPath} ${TargetSite} | awk '{print $2}' >> websiteslist.bshtr
done
echo "${TargetSite2}" >> websitedone.bshtr
COMPART=$(cat websitedone.bshtr | wc -l)
fi
done
if [[ $COMPARV -eq $COMPART ]];
then
break
else
COMPARV=${COMPART}
fi
done
rm *.bshtr 2> /dev/null