This feature is currently in BETA. If you wish to use it, please contact us at contact or https://twitter.com/kannthu1

Our take on Javascript modules

We belive that if you can read Javascript, so you can write Vidoc modules. Yes, it is that simple.

Features

  • An embedded JavaScript engine. (BETA) Real Javascript, not string embedded in YAML.
  • Multiple Protocol support. HTTP, DNS, WebSockets, gRPC…
  • Speed. Javascript is only used for scripting, the rest is written in Go.
  • Typescript support. Write your modules with type safety.

Multi protocol module

Example of module that checks if S3 bucket is writable.

multi_protocol.js
import { http, dns, report } from '@vidoc/modules'

// Module metadata
export const metadata = {
  id: 'multi-protocol',
  name: 'Multi Protocol',
  description: 'Check s3 bucket misconfigurations',
  severity: 'medium',
};

// Module that checks if S3 bucket is writable - uses multiple protocols
const Module = async function(target) {
  // resolve CNAME record
  const cnameRecord = await dns.resolve(target, {
    type: 'CNAME'
  });

  // check if its an S3 bucket
  if(!cnameRecord.value.includes('s3.aws')) {
    return;
  }

  // try writing to bucket and check if its writable
  const response = await http.put(target, {
    path: '/test213213213',
    body: 'test',
  });

  // check if response is 200
  if(response.status === 200) {
    report.issue(target, 'S3 bucket is writable');
  }
}

export default Module

Extracting data from responses

Example of module that extracts urls from HTTP response.

extract_urls.js
import { http, html, report } from '@vidoc/modules';

// Module metadata
export const metadata = {
  id: 'extract-all-javascript-files',
  name: 'Extract all Javascript files',
  description: 'Extract all Javascript files from target',
  severity: 'informative',
};

// Extract all Javascript files from target page
const Module = async (target) => {
  // send simple HTTP request to target
  const response = await http.get(target);

  // parse HTML response
  const doc = html.parse(response.body);

  // find all <script> tags
  const scripts = doc.findAll('script');

  // extract src attribute from each script tag
  const scriptSources = scripts.map((script) => {
    return script.attr('src');
  });

  // report the script sources
  // all of them will be displayed in the report
  report.metadata(target, scriptSources);
}

export default Module

Fuzzing

Example of module that fuzzes HTTP requests.

fuzzing.js
import { http, match, report } from '../vidoc'

// Module metadata
export const metadata = {
  id: 'detect-exposed-settings-file',
  name: 'Detect exposed settings file',
  description: 'Detect exposed settings file',
  severity: 'critical',
};

// Simple HTTP request to detect exposed settings file
const Module = async (target) => {
  // create HTTP request template
  // it can be used for bruteforcing, fuzzing, etc.
  const template = http
    .newTemplate()
    .method('GET')
    // define list of paths to check
    .path([
      '/settings.php.bak',
      '/settings.php.dist',
      '/settings.php.old',
    ]);

  const responses = await http.send(target, {
    template
  });

  // check each response
  responses.forEach((response) => {
    // check if response contains DB_NAME
    if (response.status === 200 && response.body.includes('DB_NAME')) {
      // report issue
      report.issue(target, 'Settings file is exposed');
    }
  });
}

export default Module
Vulnerability Report generationPassive Modules