utils/vuln-scanner.sh at main · atscan.net/atscand

atscan.net / atscand
wip
atscand / utils / vuln-scanner.sh
at main 3.3 kB view raw
  1#!/bin/bash
  2
  3# Configuration
  4API_HOST="${API_HOST:-http://localhost:8080}"
  5TIMEOUT=5
  6OUTPUT_DIR="./pds_scan_results"
  7TIMESTAMP=$(date +%Y%m%d_%H%M%S)
  8RESULTS_FILE="${OUTPUT_DIR}/scan_${TIMESTAMP}.txt"
  9FOUND_FILE="${OUTPUT_DIR}/found_${TIMESTAMP}.txt"
 10
 11# Paths to check (one per line for easier editing)
 12PATHS=(
 13    "/info.php"
 14    "/phpinfo.php"
 15    "/test.php"
 16    "/admin"
 17    "/admin.php"
 18    "/wp-admin"
 19    "/robots.txt"
 20    "/.env"
 21    "/.git/config"
 22    "/config.php"
 23    "/backup"
 24    "/db.sql"
 25    "/.DS_Store"
 26    "/server-status"
 27    "/.well-known/security.txt"
 28)
 29
 30# Colors
 31RED='\033[0;31m'
 32GREEN='\033[0;32m'
 33YELLOW='\033[1;33m'
 34BLUE='\033[0;34m'
 35NC='\033[0m'
 36
 37mkdir -p "$OUTPUT_DIR"
 38
 39echo -e "${BLUE}=== PDS Security Scanner ===${NC}"
 40echo "API Host: $API_HOST"
 41echo "Timeout: ${TIMEOUT}s"
 42echo "Scanning for ${#PATHS[@]} paths"
 43echo "Results: $RESULTS_FILE"
 44echo ""
 45
 46# Fetch active PDS endpoints
 47echo -e "${YELLOW}Fetching active PDS endpoints...${NC}"
 48ENDPOINTS=$(curl -s "${API_HOST}/api/v1/pds?status=online&limit=10000" | \
 49    jq -r '.[].endpoint' 2>/dev/null)
 50
 51if [ -z "$ENDPOINTS" ]; then
 52    echo -e "${RED}Error: Could not fetch endpoints from API${NC}"
 53    exit 1
 54fi
 55
 56ENDPOINT_COUNT=$(echo "$ENDPOINTS" | wc -l)
 57echo -e "${GREEN}Found ${ENDPOINT_COUNT} active PDS endpoints${NC}"
 58echo ""
 59
 60# Write header
 61echo "PDS Security Scan - $(date)" > "$RESULTS_FILE"
 62echo "========================================" >> "$RESULTS_FILE"
 63echo "" >> "$RESULTS_FILE"
 64
 65# Counters
 66CURRENT=0
 67TOTAL_FOUND=0
 68TOTAL_MAYBE=0
 69
 70# Scan each endpoint sequentially
 71while IFS= read -r endpoint; do
 72    CURRENT=$((CURRENT + 1))
 73    
 74    echo -e "${BLUE}[$CURRENT/$ENDPOINT_COUNT]${NC} Scanning: $endpoint"
 75    
 76    # Scan each path
 77    for path in "${PATHS[@]}"; do
 78        url="${endpoint}${path}"
 79        
 80        # Make request with timeout
 81        response=$(curl -s -o /dev/null -w "%{http_code}" \
 82            --max-time "$TIMEOUT" \
 83            --connect-timeout "$TIMEOUT" \
 84            -L \
 85            -A "Mozilla/5.0 (Security Scanner)" \
 86            "$url" 2>/dev/null)
 87        
 88        # Check response
 89        if [ -n "$response" ] && [ "$response" != "404" ] && [ "$response" != "000" ]; then
 90            if [ "$response" = "200" ] || [ "$response" = "301" ] || [ "$response" = "302" ]; then
 91                echo -e "  ${GREEN}✓ FOUND${NC} $path ${YELLOW}[$response]${NC}"
 92                echo "FOUND: $endpoint$path [$response]" >> "$RESULTS_FILE"
 93                echo "$endpoint$path" >> "$FOUND_FILE"
 94                TOTAL_FOUND=$((TOTAL_FOUND + 1))
 95            elif [ "$response" != "403" ]; then
 96                echo -e "  ${YELLOW}? MAYBE${NC} $path ${YELLOW}[$response]${NC}"
 97                echo "MAYBE: $endpoint$path [$response]" >> "$RESULTS_FILE"
 98                TOTAL_MAYBE=$((TOTAL_MAYBE + 1))
 99            fi
100        fi
101    done
102    
103    echo "" >> "$RESULTS_FILE"
104    
105done <<< "$ENDPOINTS"
106
107# Summary
108echo ""
109echo -e "${BLUE}========================================${NC}"
110echo -e "${GREEN}Scan Complete!${NC}"
111echo "Scanned: ${ENDPOINT_COUNT} endpoints"
112echo "Paths checked per endpoint: ${#PATHS[@]}"
113echo -e "${GREEN}Found (200/301/302): ${TOTAL_FOUND}${NC}"
114echo -e "${YELLOW}Maybe (other codes): ${TOTAL_MAYBE}${NC}"
115echo ""
116echo "Full results: $RESULTS_FILE"
117[ -f "$FOUND_FILE" ] && echo "Found URLs: $FOUND_FILE"