The performance of Go, the scripting familiarity of JavaScript
import { http, dns, report } from '@vidoc/modules' // Module metadata export const metadata = { id: 'multi-protocol', name: 'Multi Protocol', description: 'Check s3 bucket misconfigurations', severity: 'medium', }; // Module that checks if S3 bucket is writable - uses multiple protocols const Module = async function(target) { // resolve CNAME record const cnameRecord = await dns.resolve(target, { type: 'CNAME' }); // check if its an S3 bucket if(!cnameRecord.value.includes('s3.aws')) { return; } // try writing to bucket and check if its writable const response = await http.put(target, { path: '/test213213213', body: 'test', }); // check if response is 200 if(response.status === 200) { report.issue(target, 'S3 bucket is writable'); } } export default Module
import { http, html, report } from '@vidoc/modules'; // Module metadata export const metadata = { id: 'extract-all-javascript-files', name: 'Extract all Javascript files', description: 'Extract all Javascript files from target', severity: 'informative', }; // Extract all Javascript files from target page const Module = async (target) => { // send simple HTTP request to target const response = await http.get(target); // parse HTML response const doc = html.parse(response.body); // find all <script> tags const scripts = doc.findAll('script'); // extract src attribute from each script tag const scriptSources = scripts.map((script) => { return script.attr('src'); }); // report the script sources // all of them will be displayed in the report report.metadata(target, scriptSources); } export default Module
import { http, match, report } from '../vidoc' // Module metadata export const metadata = { id: 'detect-exposed-settings-file', name: 'Detect exposed settings file', description: 'Detect exposed settings file', severity: 'critical', }; // Simple HTTP request to detect exposed settings file const Module = async (target) => { // create HTTP request template // it can be used for bruteforcing, fuzzing, etc. const template = http .newTemplate() .method('GET') // define list of paths to check .path([ '/settings.php.bak', '/settings.php.dist', '/settings.php.old', ]); const responses = await http.send(target, { template }); // check each response responses.forEach((response) => { // check if response contains DB_NAME if (response.status === 200 && response.body.includes('DB_NAME')) { // report issue report.issue(target, 'Settings file is exposed'); } }); } export default Module