#!/usr/bin/env python3 """ Professional Security Assessment Tool For authorized testing of your own applications """ import requests import json import time import re import hashlib from urllib.parse import urljoin, urlparse from concurrent.futures import ThreadPoolExecutor import logging class SecurityAssessmentTool: def __init__(self, target_url, output_dir="security_results"): self.target_url = target_url self.output_dir = output_dir self.session = requests.Session() self.session.headers.update({ 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'keep-alive', 'Upgrade-Insecure-Requests': '1' }) # Setup logging logging.basicConfig( level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s', handlers=[ logging.FileHandler(f'{output_dir}/security_assessment.log'), logging.StreamHandler() ] ) self.logger = logging.getLogger(__name__) # Results storage self.vulnerabilities = [] self.recommendations = [] def run_security_assessment(self): """Run comprehensive security assessment""" self.logger.info(f"🔒 Starting security assessment for {self.target_url}") try: # 1. Authentication Security Assessment self.assess_authentication_security() # 2. Session Management Assessment self.assess_session_management() # 3. Input Validation Assessment self.assess_input_validation() # 4. Data Exposure Assessment self.assess_data_exposure() # 5. Configuration Security Assessment self.assess_configuration_security() # 6. Generate Security Report self.generate_security_report() except Exception as e: self.logger.error(f"❌ Assessment failed: {e}") def assess_authentication_security(self): """Assess authentication mechanisms""" self.logger.info("🔐 Assessing authentication security...") auth_endpoints = [ '/login', '/signin', '/auth', '/register', '/signup', '/password-reset', '/forgot-password', '/change-password', '/two-factor', '/2fa', '/otp' ] for endpoint in auth_endpoints: url = urljoin(self.target_url, endpoint) try: response = self.session.get(url, timeout=10) if response.status_code == 200: # Check for common authentication vulnerabilities self.check_auth_vulnerabilities(url, response) except Exception as e: self.logger.debug(f"Error testing {url}: {e}") def check_auth_vulnerabilities(self, url, response): """Check for authentication vulnerabilities""" content = response.text.lower() # Check for weak password policies if 'password' in content: if 'minlength' not in content and 'minimum' not in content: self.add_vulnerability( 'AUTH-001', 'Weak Password Policy', 'No minimum password length requirement detected', 'HIGH', url ) # Check for account enumeration if 'invalid' in content or 'incorrect' in content: self.add_vulnerability( 'AUTH-002', 'Account Enumeration Risk', 'Login forms may allow account enumeration', 'MEDIUM', url ) # Check for missing HTTPS if url.startswith('http://'): self.add_vulnerability( 'AUTH-003', 'Insecure Authentication', 'Authentication over HTTP instead of HTTPS', 'HIGH', url ) def assess_session_management(self): """Assess session management security""" self.logger.info("🎫 Assessing session management...") try: response = self.session.get(self.target_url) cookies = response.cookies for cookie in cookies: # Check for secure flag if not cookie.secure and urlparse(self.target_url).scheme == 'https': self.add_vulnerability( 'SESSION-001', 'Insecure Cookie', f'Cookie {cookie.name} missing secure flag', 'MEDIUM', self.target_url ) # Check for HttpOnly flag if not cookie.has_nonstandard_attr('HttpOnly'): self.add_vulnerability( 'SESSION-002', 'XSS Vulnerable Cookie', f'Cookie {cookie.name} missing HttpOnly flag', 'MEDIUM', self.target_url ) # Check for SameSite attribute if not cookie.has_nonstandard_attr('SameSite'): self.add_vulnerability( 'SESSION-003', 'CSRF Vulnerable Cookie', f'Cookie {cookie.name} missing SameSite attribute', 'MEDIUM', self.target_url ) except Exception as e: self.logger.error(f"Session assessment error: {e}") def assess_input_validation(self): """Assess input validation and injection vulnerabilities""" self.logger.info("🔍 Assessing input validation...") # Test for SQL injection self.test_sql_injection() # Test for XSS self.test_xss() # Test for path traversal self.test_path_traversal() def test_sql_injection(self): """Test for SQL injection vulnerabilities""" test_payloads = [ "' OR '1'='1", "'; DROP TABLE users; --", "' UNION SELECT NULL--", "admin'--", "' OR 1=1#" ] # Test common endpoints test_endpoints = ['/login', '/search', '/api/login', '/api/search'] for endpoint in test_endpoints: url = urljoin(self.target_url, endpoint) for payload in test_payloads: try: # Test GET parameters response = self.session.get(url, params={'q': payload}, timeout=5) if self.check_sql_injection_response(response): self.add_vulnerability( 'SQL-001', 'SQL Injection', f'Potential SQL injection in {endpoint}', 'HIGH', url ) break except Exception: continue def check_sql_injection_response(self, response): """Check if response indicates SQL injection""" error_indicators = [ 'mysql_fetch_array', 'ORA-01756', 'Microsoft OLE DB Provider', 'SQLServer JDBC Driver', 'PostgreSQL query failed', 'Warning: mysql_', 'MySQLSyntaxErrorException', 'valid MySQL result' ] content = response.text.lower() return any(indicator in content for indicator in error_indicators) def test_xss(self): """Test for XSS vulnerabilities""" xss_payloads = [ '', '">', "'>", 'javascript:alert("XSS")', '' ] # Test common endpoints test_endpoints = ['/search', '/comment', '/api/search', '/api/comment'] for endpoint in test_endpoints: url = urljoin(self.target_url, endpoint) for payload in xss_payloads: try: response = self.session.get(url, params={'q': payload}, timeout=5) if payload in response.text: self.add_vulnerability( 'XSS-001', 'Cross-Site Scripting', f'Potential XSS in {endpoint}', 'HIGH', url ) break except Exception: continue def test_path_traversal(self): """Test for path traversal vulnerabilities""" traversal_payloads = [ '../../../etc/passwd', '..\\..\\..\\windows\\system32\\drivers\\etc\\hosts', '....//....//....//etc/passwd', '%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd' ] test_endpoints = ['/file', '/download', '/api/file', '/api/download'] for endpoint in test_endpoints: url = urljoin(self.target_url, endpoint) for payload in traversal_payloads: try: response = self.session.get(f"{url}?file={payload}", timeout=5) if 'root:' in response.text or 'bin/bash' in response.text: self.add_vulnerability( 'PATH-001', 'Path Traversal', f'Potential path traversal in {endpoint}', 'HIGH', url ) break except Exception: continue def assess_data_exposure(self): """Assess for sensitive data exposure""" self.logger.info("📊 Assessing data exposure...") sensitive_patterns = [ r'password["\']?\s*[:=]\s*["\'][^"\']+["\']', r'api[_-]?key["\']?\s*[:=]\s*["\'][^"\']+["\']', r'secret["\']?\s*[:=]\s*["\'][^"\']+["\']', r'token["\']?\s*[:=]\s*["\'][^"\']+["\']', r'private[_-]?key["\']?\s*[:=]\s*["\'][^"\']+["\']' ] try: response = self.session.get(self.target_url) content = response.text for pattern in sensitive_patterns: matches = re.findall(pattern, content, re.IGNORECASE) if matches: self.add_vulnerability( 'DATA-001', 'Sensitive Data Exposure', f'Potential sensitive data in source code: {matches[0][:50]}...', 'HIGH', self.target_url ) except Exception as e: self.logger.error(f"Data exposure assessment error: {e}") def assess_configuration_security(self): """Assess security configuration""" self.logger.info("⚙️ Assessing security configuration...") # Check security headers try: response = self.session.get(self.target_url) headers = response.headers security_headers = { 'X-Content-Type-Options': 'nosniff', 'X-Frame-Options': 'DENY', 'X-XSS-Protection': '1; mode=block', 'Strict-Transport-Security': 'max-age', 'Content-Security-Policy': 'default-src' } for header, expected in security_headers.items(): if header not in headers: self.add_vulnerability( 'CONFIG-001', f'Missing Security Header', f'Missing {header} security header', 'MEDIUM', self.target_url ) except Exception as e: self.logger.error(f"Configuration assessment error: {e}") def add_vulnerability(self, id, title, description, severity, url): """Add vulnerability to results""" vulnerability = { 'id': id, 'title': title, 'description': description, 'severity': severity, 'url': url, 'timestamp': time.strftime('%Y-%m-%d %H:%M:%S') } self.vulnerabilities.append(vulnerability) self.logger.warning(f"🚨 {severity}: {title} - {description}") def generate_security_report(self): """Generate comprehensive security report""" self.logger.info("📋 Generating security report...") # Create output directory import os os.makedirs(self.output_dir, exist_ok=True) # Generate recommendations self.generate_recommendations() # Create report report = { 'target': self.target_url, 'assessment_date': time.strftime('%Y-%m-%d %H:%M:%S'), 'total_vulnerabilities': len(self.vulnerabilities), 'severity_breakdown': self.get_severity_breakdown(), 'vulnerabilities': self.vulnerabilities, 'recommendations': self.recommendations } # Save JSON report with open(f'{self.output_dir}/security_report.json', 'w') as f: json.dump(report, f, indent=2) # Save HTML report self.generate_html_report(report) # Print summary self.print_summary(report) def generate_recommendations(self): """Generate security recommendations""" recommendations = [ { 'category': 'Authentication', 'recommendations': [ 'Implement strong password policies (minimum 8 characters, mixed case, numbers, symbols)', 'Use multi-factor authentication (MFA) for all user accounts', 'Implement account lockout policies after failed login attempts', 'Use HTTPS for all authentication endpoints', 'Implement proper session management with secure cookies' ] }, { 'category': 'Input Validation', 'recommendations': [ 'Implement server-side input validation for all user inputs', 'Use parameterized queries to prevent SQL injection', 'Implement proper output encoding to prevent XSS', 'Validate file uploads and implement proper file type checking', 'Use Content Security Policy (CSP) headers' ] }, { 'category': 'Data Protection', 'recommendations': [ 'Encrypt sensitive data at rest and in transit', 'Implement proper access controls and authorization', 'Regular security audits and penetration testing', 'Implement logging and monitoring for security events', 'Keep all software and dependencies updated' ] } ] self.recommendations = recommendations def get_severity_breakdown(self): """Get vulnerability severity breakdown""" breakdown = {'HIGH': 0, 'MEDIUM': 0, 'LOW': 0} for vuln in self.vulnerabilities: breakdown[vuln['severity']] += 1 return breakdown def generate_html_report(self, report): """Generate HTML security report""" html_content = f""" Security Assessment Report - {report['target']}

🔒 Security Assessment Report

Target: {report['target']}

Assessment Date: {report['assessment_date']}

Total Vulnerabilities: {report['total_vulnerabilities']}

📊 Severity Breakdown

High: {report['severity_breakdown']['HIGH']}

Medium: {report['severity_breakdown']['MEDIUM']}

Low: {report['severity_breakdown']['LOW']}

🚨 Vulnerabilities Found

""" for vuln in report['vulnerabilities']: html_content += f"""

{vuln['id']}: {vuln['title']}

Severity: {vuln['severity']}

URL: {vuln['url']}

Description: {vuln['description']}

Timestamp: {vuln['timestamp']}

""" html_content += """

💡 Security Recommendations

""" for category in report['recommendations']: html_content += f"""

{category['category']}

" html_content += """ """ with open(f'{self.output_dir}/security_report.html', 'w') as f: f.write(html_content) def print_summary(self, report): """Print assessment summary""" print("\n" + "="*60) print("🔒 SECURITY ASSESSMENT COMPLETE") print("="*60) print(f"🎯 Target: {report['target']}") print(f"📅 Date: {report['assessment_date']}") print(f"🚨 Total Vulnerabilities: {report['total_vulnerabilities']}") print(f"🔴 High: {report['severity_breakdown']['HIGH']}") print(f"🟡 Medium: {report['severity_breakdown']['MEDIUM']}") print(f"🟢 Low: {report['severity_breakdown']['LOW']}") print(f"📁 Reports saved to: {self.output_dir}/") print("="*60) def main(): import sys if len(sys.argv) < 2: print("Usage: python3 security_assessment.py [output_dir]") print("Example: python3 security_assessment.py https://app.freewallet.org/") sys.exit(1) target_url = sys.argv[1] output_dir = sys.argv[2] if len(sys.argv) > 2 else "security_results" print("🔒 Professional Security Assessment Tool") print("⚠️ For authorized testing only!") print(f"🎯 Target: {target_url}") print(f"📁 Output: {output_dir}") print() assessment = SecurityAssessmentTool(target_url, output_dir) assessment.run_security_assessment() if __name__ == '__main__': main()