├── LICENSE ├── README.md ├── sec-tools-installer.sh └── sec-tools-scanner.sh /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2021, lisenet (tomas at lisenet dot com) 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # security-scripts-for-linux 2 | Various scripts to check for web applications, Linux OS etc vulnerabilities. Damn Vulnerable Web App (DVWA) is a good starting point. 3 | 4 | ## DISCLAIMER 5 | 6 | Consider using Kali Linux for pentesting and vulnerability scanning. 7 | 8 | ## sec-tools-installer 9 | Bash script that installs the following tools: 10 | * Nmap 11 | * Lynis 12 | * Nikto 13 | * Wapiti 14 | * W3AF 15 | * Arachni 16 | * Skipfish 17 | 18 | Download links tend to break, therefore consider yourself warned. 19 | 20 | The script was developed and tested on Ubuntu 14.04 x64. It may work on other Ubuntu/Debian distributions, but YMMV. 21 | 22 | ## sec-tools-scanner 23 | Bash script that scans a web application for vulnerabilities. 24 | 25 | The `sec-tools-scanner` uses the security tools that were installed by using the `sec-tools-installer` script. 26 | -------------------------------------------------------------------------------- /sec-tools-installer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #-------------------------------------------- 3 | # Name: SECURITY TOOLS INSTALLER 4 | # Author: Tomas Nevar (tomas@lisenet.com) 5 | # Version: v1.0 6 | # Licence: copyleft free software 7 | #-------------------------------------------- 8 | # 9 | # Developed and tested on Ubuntu 14.04 x64 10 | # May work on other Ubuntu/Debian, but YMMV 11 | # 12 | # Installation directory 13 | DIR="/home/"$USER"/bin"; 14 | 15 | ############################################# 16 | # CHECK IF RUNNING AS ROOT # 17 | ############################################# 18 | if [ "$EUID" -eq "0" ]; then 19 | echo "Please be nice and don't run as root."; 20 | exit 1; 21 | fi 22 | 23 | ############################################# 24 | # CHECK IF USER BELONGS TO SUDO GROUP # 25 | ############################################# 26 | if ! grep -qe sudo.*$USER /etc/group ; then 27 | echo "User "$USER" does not belong to sudo group. Exiting."; 28 | exit 1; 29 | fi 30 | 31 | ############################################# 32 | # CHECK FOR INSTALLATION DIRECTORY # 33 | ############################################# 34 | if [ -d "$DIR" ]; then 35 | echo ""$DIR" already exists. Aborting." 36 | exit 1; 37 | else 38 | mkdir -pv "$DIR"; 39 | cd "$DIR"; 40 | fi 41 | # 42 | # PREREQUISITES 43 | # 44 | sudo apt-get update -q; 45 | sudo apt-get install -y perl perl-modules libnet-ssleay-perl libwhisker2-perl \ 46 | python2.7 python2.7-dev python-requests python-ctypes python-beautifulsoup \ 47 | python-pip python-gitdb python-yaml libssl-dev libxml2-dev libxslt1-dev wget \ 48 | libyaml-dev libsqlite3-dev libpcre3 libpcre3-dev libidn11-dev openssl git \ 49 | build-essential libffi-dev; 50 | 51 | # Required by Wapiti 52 | sudo pip install BeautifulSoup4; 53 | # Required by W3AF 54 | sudo pip install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 \ 55 | pybloomfiltermmap==0.3.11 esmre==0.3.1 phply==0.9.1 stopit==1.1.0 nltk==3.0.1 \ 56 | chardet==2.1.1 tblib==0.2.0 pdfminer==20140328 futures==2.1.5 pyOpenSSL==0.13.1 \ 57 | ndg-httpsclient==0.3.3 pyasn1==0.1.3 lxml==2.3.2 scapy-real==2.2.0-dev \ 58 | guess-language==0.2 cluster==1.1.1b3 msgpack-python==0.4.4 python-ntlm==1.0.1 \ 59 | halberd==0.2.4 darts.util.lru==0.5 Jinja2==2.7.3; 60 | 61 | # 62 | # NMAP 63 | # 64 | sudo apt-get install nmap -y; 65 | # 66 | # LYNIS from GitHub 67 | # 68 | git clone https://github.com/CISOfy/Lynis.git; 69 | sudo chown -R root:root ./Lynis/include; 70 | sudo chmod 600 ./Lynis/include; 71 | # 72 | # NIKTO from GitHub 73 | # 74 | git clone https://github.com/sullo/nikto.git; 75 | chown -R "$USER":"$USER" ./nikto; 76 | chmod u+x ./nikto/program/nikto.pl; 77 | # 78 | # WAPITI from GitHub 79 | # 80 | git clone https://github.com/IFGHou/wapiti.git; 81 | chown -R "$USER":"$USER" ./wapiti; 82 | chmod u+x ./wapiti/bin/wapiti; 83 | # 84 | # W3AF from GitHub 85 | # 86 | git clone https://github.com/andresriancho/w3af.git; 87 | chown -R "$USER":"$USER" ./w3af; 88 | chmod u+x ./w3af/w3af_console; 89 | # 90 | # ARACHNI 91 | # 92 | wget http://downloads.arachni-scanner.com/arachni-1.0.6-0.5.6-linux-x86_64.tar.gz; 93 | tar xfz arachni-1.0.6-0.5.6-linux-x86_64.tar.gz; 94 | mv arachni-1.0.6-0.5.6 arachni; 95 | chown -R "$USER":"$USER" ./arachni; 96 | # 97 | # SKIPFISH 98 | # 99 | wget http://skipfish.googlecode.com/files/skipfish-2.10b.tgz; 100 | tar xfz ./skipfish-2.10b.tgz; 101 | mv ./skipfish-2.10b ./skipfish; 102 | chown -R "$USER":"$USER" ./skipfish; 103 | cd ./skipfish && make; 104 | 105 | # Remote all tarballs as these are no longer needed 106 | rm -v "$DIR"/*gz; 107 | 108 | exit 0 109 | -------------------------------------------------------------------------------- /sec-tools-scanner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #-------------------------------------------- 3 | # Name: SECURITY SCANNER 4 | # Author: Tomas Nevar (tomas@lisenet.com) 5 | # Version: v1.0 6 | # Licence: copyleft free software 7 | #-------------------------------------------- 8 | # 9 | # Target DNS (not URL!) to scan 10 | TARGET="127.0.0.1"; 11 | HTTP_USER="Admin"; 12 | HTTP_PASS="password"; 13 | USER_AGENT="sec-tools-scanner.sh"; 14 | 15 | # Maximum testing time per host in sec/min 16 | MAX_SCAN_SECONDS="1200"; 17 | MAX_SCAN_MINUTES="20"; 18 | # Timeout for requests in seconds 19 | TIMEOUT="30"; 20 | 21 | # 22 | # You do not have to change anything else 23 | # 24 | URL="http://"; 25 | PORT="80"; 26 | OUT1="/tmp/scan-nmap.txt"; 27 | OUT2="/tmp/scan-nikto.txt"; 28 | OUT3="/tmp/scan-wapiti.txt"; 29 | OUT4="/tmp/scan-arachni.txt"; 30 | OUT5="/tmp/scan-w3af.txt"; 31 | TMP1="/tmp/tmp1"; 32 | TMP2="/tmp/tmp2"; 33 | TMP3="/tmp/tmp3"; 34 | TMP4="/tmp/tmp4"; 35 | TMP5="/tmp/tmp5"; 36 | OUTRESULT="/tmp/"$TARGET".txt"; 37 | W3AF_SCRIPT="/tmp/w3af-script.w3af"; 38 | # Paths to Nikto, Wapiti, Arachni and W3AF installation 39 | PATH_NIKTO="/home/"$USER"/bin/nikto/program"; 40 | PATH_WAPITI="/home/"$USER"/bin/wapiti/bin"; 41 | PATH_ARACHNI="/home/"$USER"/bin/arachni/bin"; 42 | PATH_W3AF="/home/"$USER"/bin/w3af"; 43 | 44 | # Append the PATH variable to be able to find 45 | # manually installed packages 46 | PATH="$PATH:"$PATH_NIKTO":"$PATH_WAPITI":"$PATH_ARACHNI":"$PATH_W3AF""; 47 | 48 | ############################################# 49 | # CHECK IF RUNNING AS ROOT # 50 | ############################################# 51 | if [ "$EUID" -eq "0" ]; then 52 | echo "Please be nice and don't run as root."; 53 | exit 1; 54 | fi 55 | 56 | ############################################# 57 | # CHECK IF SCANNERS ARE INSTALLED # 58 | ############################################# 59 | echo "Assuming that the sec tools were installed by using sec-tools-installer.sh"; 60 | echo "Checking for tools and scanners."; 61 | type pip >/dev/null 2>&1 || { echo "I require python-pip but it's not installed. Aborting."; exit 1; }; 62 | echo "pip: FOUND"; 63 | type nmap >/dev/null 2>&1 || { echo "I require Nmap but it's not installed. Aborting."; exit 1; }; 64 | echo "Nmap: FOUND"; 65 | type nikto.pl >/dev/null 2>&1 || { echo "I require Nikto but it's not installed. Aborting."; exit 1; }; 66 | echo "Nikto: FOUND"; 67 | type wapiti >/dev/null 2>&1 || { echo "I require Wapiti but it's not installed. Aborting."; exit 1; }; 68 | echo "Wapiti: FOUND"; 69 | type arachni >/dev/null 2>&1 || { echo "I require Arachni but it's not installed. Aborting."; exit 1; }; 70 | echo "Arachni: FOUND"; 71 | type w3af_console >/dev/null 2>&1 || { echo "I require w3af_console but it's not installed. Aborting."; exit 1; }; 72 | echo "w3af_console: FOUND"; 73 | 74 | ############################################# 75 | # CHECK FOR LOW RAM INSTALLATION # 76 | ############################################# 77 | RAM=$(grep MemTotal /proc/meminfo|awk '{print $2}'); 78 | 79 | if [[ "$RAM" -lt "1024000" ]]; then 80 | echo -e "\nLess than one 1GB of RAM was found on the system: "$RAM"kB. 81 | You may run out of memory. Consider yourself warned."; 82 | fi 83 | 84 | ############################################# 85 | # ASK FOR PIP UPGRADE # 86 | ############################################# 87 | echo ""; 88 | while true; do 89 | read -p "Do you want to upgrade pip (y/n)? Saying yes is a good idea: " yn 90 | case $yn in 91 | [Yy]* ) 92 | echo "Upgrading pip."; 93 | sudo pip install --upgrade pip; 94 | break;; 95 | [Nn]* ) 96 | break;; 97 | * ) echo "Please answer 'y' or 'n'.";; 98 | esac 99 | done 100 | 101 | # Erase any previous scans results 102 | >"$OUT1";>"$OUT2";>"$OUT3";>"$OUT4";>"$OUT5"; 103 | 104 | ########################################### 105 | # RUN NMAP PORT SCAN # 106 | ########################################### 107 | while true; do 108 | read -p "Press 'y' to start an Nmap port scan, or 'n' to exit: " yn 109 | case $yn in 110 | [Yy]* ) 111 | break;; 112 | [Nn]* ) 113 | exit 0;; 114 | * ) echo "Please answer 'y' or 'n'.";; 115 | esac 116 | done 117 | 118 | echo -e "\nStarted Nmap port scan against: "$TARGET""; 119 | 120 | # Start with Nmap scan and get port states (open/closed/filtered) for 80 and 443 121 | /usr/bin/nmap -Pn -p T:21,22,80,443,1433,3306,3389 -sV -T4 -oN "$OUT1" "$TARGET"; 122 | STATE_HTTP=$(grep '80/tcp' "$OUT1"|awk '{ print $2 }'); 123 | STATE_HTTPS=$(grep '443/tcp' "$OUT1"|awk '{ print $2 }'); 124 | 125 | # Check for ports 80 and 443, if 443 is open, run a scan against it. 126 | # If 443 is closed but 80 is open, run a scan against it. 127 | # Exit if both ports 80 and 443 are closed. 128 | if [[ "$STATE_HTTPS" == *open* ]] 129 | then 130 | echo "443 port is" "$STATE_HTTPS"; 131 | URL="https://"; 132 | PORT="443"; 133 | elif [[ "$STATE_HTTP" == *open* ]]; then 134 | echo "80 port is" "$STATE_HTTP"; 135 | URL="http://"; 136 | PORT="80"; 137 | else 138 | echo "According to Nmap, ports 80 and 443 are closed. Script exits here."; 139 | exit 0; 140 | fi 141 | 142 | ########################################### 143 | # RUN NIKTO SCAN # 144 | ########################################### 145 | echo ""; 146 | while true; do 147 | read -p "Do you want to run a Nikto scan (y/n)? " yn 148 | case $yn in 149 | [Yy]* ) 150 | START_T="$SECONDS"; 151 | 152 | nikto.pl -h "$TARGET" -p "$PORT" -id "$HTTP_USER":"$HTTP_PASS" \ 153 | -useragent "$USER_AGENT" -maxtime "$MAX_SCAN_SECONDS" -Format txt \ 154 | -o "$OUT2" -timeout "$TIMEOUT" -T x6; 155 | 156 | SCAN_T="$(($SECONDS - $START_T))"; 157 | echo "Nikto scan took "$SCAN_T" seconds."; 158 | break;; 159 | [Nn]* ) 160 | break;; 161 | * ) echo "Please answer 'y' or 'n'.";; 162 | esac 163 | done 164 | 165 | ########################################### 166 | # RUN WAPITI SCAN # 167 | ########################################### 168 | echo ""; 169 | while true; do 170 | read -p "Do you want to run a Wapiti scan (y/n)? " yn 171 | case $yn in 172 | [Yy]* ) 173 | rm /home/"$USER"/.wapiti/scans -rf; 174 | START_T="$SECONDS"; 175 | 176 | wapiti "$URL""$TARGET" -n 1 -b folder -f txt -o "$OUT3" -v 2 -t "$TIMEOUT" \ 177 | --auth "$HTTP_USER"%"$HTTP_PASS" -u --verify-ssl 0 -m "common:post"; 178 | 179 | SCAN_T="$(($SECONDS - $START_T))"; 180 | echo "Wapiti scan took "$SCAN_T" seconds."; 181 | break;; 182 | [Nn]* ) 183 | break;; 184 | * ) echo "Please answer 'y' or 'n'.";; 185 | esac 186 | done 187 | 188 | ########################################### 189 | # RUN ARACHNI SCAN # 190 | ########################################### 191 | echo ""; 192 | while true; do 193 | read -p "Do you want to run an Arachni scan (y/n)? " yn 194 | case $yn in 195 | [Yy]* ) 196 | START_T="$SECONDS"; 197 | 198 | arachni --http-request-timeout ""$TIMEOUT"00" --http-user-agent="$USER_AGENT" \ 199 | --output-only-positives --http-authentication-username "$HTTP_USER" \ 200 | --http-authentication-password "$HTTP_PASS" "$URL""$TARGET"|tee "$OUT4"; 201 | 202 | SCAN_T="$(($SECONDS - $START_T))"; 203 | echo "Arachni scan took "$SCAN_T" seconds."; 204 | break;; 205 | [Nn]* ) 206 | break;; 207 | * ) echo "Please answer 'y' or 'n'.";; 208 | esac 209 | done 210 | 211 | 212 | ########################################### 213 | # RUN W3AF SCAN # 214 | ########################################### 215 | cat > "$W3AF_SCRIPT" <"$TMP1"; 256 | echo "### NMAP SCAN ####" >>"$TMP1"; 257 | echo "############################" >>"$TMP1"; 258 | echo "############################" >"$TMP2"; 259 | echo "### NIKTO SCAN ####" >>"$TMP2"; 260 | echo "############################" >>"$TMP2"; 261 | echo "############################" >"$TMP3"; 262 | echo "### WAPITI SCAN ####" >>"$TMP3"; 263 | echo "############################" >>"$TMP3"; 264 | echo "############################" >"$TMP4"; 265 | echo "### ARACHNI SCAN ####" >>"$TMP4"; 266 | echo "############################" >>"$TMP4"; 267 | echo "############################" >"$TMP5"; 268 | echo "### W3AF SCAN ####" >>"$TMP5"; 269 | echo "############################" >>"$TMP5"; 270 | 271 | echo ""; 272 | while true; do 273 | read -p "Do you want to run a W3AF scan (y/n)? " yn 274 | case $yn in 275 | [Yy]* ) 276 | START_T="$SECONDS"; 277 | 278 | w3af_console -s "$W3AF_SCRIPT"; 279 | 280 | SCAN_T="$(($SECONDS - $START_T))"; 281 | echo "W3AF scan took "$SCAN_T" seconds."; 282 | break;; 283 | [Nn]* ) 284 | break;; 285 | * ) echo "Please answer 'y' or 'n'.";; 286 | esac 287 | done 288 | 289 | ########################################### 290 | # CREATE A RESULTS FILE # 291 | ########################################### 292 | sed -i -n '/vulnerability/p' "$OUT5"; 293 | 294 | cat "$TMP1" "$OUT1" "$TMP2" "$OUT2" "$TMP3" "$OUT3" "$TMP4" \ 295 | "$OUT4" "$TMP5" "$OUT5" >"$OUTRESULT"; 296 | 297 | rm -f "$TMP1" "$TMP2" "$TMP3" "$TMP4" "$TMP5" \ 298 | "$OUT1" "$OUT2" "$OUT3" "$OUT4" "$TMP5" "$OUT5" \ 299 | "$W3AF_SCRIPT"; 300 | 301 | echo -e "View the log report by issuing:\nless "$OUTRESULT""; 302 | 303 | exit 0 304 | --------------------------------------------------------------------------------