Home

Awesome

InfoLeak-Scanner

Docker

First run docker run --rm -p 8000:80 siwecos/infoleak-scanner.

Open your browser and use the scanner: http://localhost/?url=<URL>

Install

Get php5, curl and a webserver:

sudo apt-get install apache2 php5 php5-curl

Copy application into webserver:

cp -R . /var/www/html/

What?

Content-Management-System (CMS)

Plugins

Searches plugins for the detected CMS. Biggest list (wordpress) contains 980 different plugins.

JavaScript libraries

Searches for vulnerable and most used JavaScript libraries.

Mail adresses

Searches for mail adresses. Interesting for spam and/or social engineering attacks.

Phone numbers

Searches for phone numbers. Interesting for social engineering attacks and/or scam.

Score

| Finding             | Score (0-100) |
|---------------------+---------------|
| CMS_ONLY            |           100 |
| CMS_VERSION         |            96 |
| CMS_VERSION_VULN    |     see below |
| PLUGIN_ONLY         |            99 |
| PLUGIN_VERSION      |            96 |
| PLUGIN_VERSION_VULN |     see below |
| JS_LIB_ONLY         |            99 |
| JS_LIB_VERSION      |            96 |
| JS_LIB_VULN_VERSION |     see below |
| EMAIL_FOUND         |            96 |
| NUMBER_FOUND        |            98 |

If there was a finding like:

	CMS_VERSION_VULN
	PLUGIN_VERSION_VULN
	JS_LIB_VULN_VERSION

then the overall score will capped to 20 and every additional vulnerability
will decrease the overall score by 10. Which means, that if 
CMS_VERSION_VULN and PLUGIN_VERSION_VULN and JS_LIB_VULN_VERSION is returned, the
overall score will be 0.

Also a finding of jQuery v1.12.4 on a Wordpress website won't be rated like a usual vulnerable library.
This finding will result in a score of 90, but the placeholder will still be JS_LIB_VULN_VERSION as it is a vulnerable library.

Running the scanner

You can run the scanner via POST and GET requests.

POST

If you want to run the scanner with a POST request you have to send the parameters in a JSON encoded format:

{
  "url": "string",
  "dangerLevel": 0,
  "callbackurls": [
    "string"
  ],
  "userAgent": "string"
}

url defines the URL which should be scanned. dangerLevel is not relevant, simply define it to 0. callbackurls is an array of URLs. These URLs will get the result of the scanner (sent via POST). userAgent defines your individual user agent which you want to be sent when scanning.

GET

Running the scanner with a GET request is much simpler. All you have to do is to run the application with a given URL:

http://localhost/?url=<URL>

Output

No findings in any scans:

{
    "name": "InfoLeak-Scanner",
    "version": "1.0.0",
    "hasError": false,
    "errorMessage": null,
    "score": 100,
    "tests": [
        {
            "name": "CMS",
            "hasError": false,
            "errorMessage": null,
            "score": 100,
            "scoreType": "info",
            "testDetails": null
        },
        {
            "name": "CMS_PLUGINS",
            "hasError": false,
            "errorMessage": null,
            "score": 100,
            "scoreType": "warning",
            "testDetails": null
        },
        {
            "name": "JS_LIB",
            "hasError": false,
            "errorMessage": null,
            "score": 100,
            "scoreType": "warning",
            "testDetails": null
        },
        {
            "name": "EMAIL_ADDRESS",
            "hasError": false,
            "errorMessage": null,
            "score": 100,
            "scoreType": "info",
            "testDetails": null
        },
        {
            "name": "PHONE_NUMBER",
            "hasError": false,
            "errorMessage": null,
            "score": 100,
            "scoreType": "info",
            "testDetails": null
        }
    ]
}

At least one finding in every scan:

{
    "name": "InfoLeak-Scanner",
    "version": "1.0.0",
    "hasError": false,
    "errorMessage": null,
    "score": 20,
    "tests": [
        {
            "name": "CMS",
            "hasError": false,
            "errorMessage": null,
            "score": 96,
            "scoreType": "info",
            "testDetails": [
                {
                    "placeholder": "CMS_VERSION",
                    "values": {
                        "cms": "wordpress",
                        "version": "4.9.6",
                        "node": "meta",
                        "node_content": "WordPress 4.9.6"
                    }
                }
            ]
        },
        {
            "name": "CMS_PLUGINS",
            "hasError": false,
            "errorMessage": null,
            "score": 99,
            "scoreType": "warning",
            "testDetails": [
                {
                    "placeholder": "PLUGIN_ONLY",
                    "values": {
                        "plugin": "contact-form-7",
                        "node": "href",
                        "node_content": "https://[...]/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.2"
                    }
                }
            ]
        },
        {
            "name": "JS_LIB",
            "hasError": false,
            "errorMessage": null,
            "score": 0,
            "scoreType": "warning",
            "testDetails": [
                {
                    "placeholder": "JS_LIB_VULN_VERSION",
                    "values": {
                        "js_lib_name": "jquery",
                        "js_lib_version": "1.12.4",
                        "node": "src",
                        "node_content": "https://[...]/wp-includes/js/jquery/jquery.js?ver=1.12.4"
                    }
                }
            ]
        },
        {
            "name": "EMAIL_ADDRESS",
            "hasError": false,
            "errorMessage": null,
            "score": 96,
            "scoreType": "info",
            "testDetails": [
                {
                    "placeholder": "EMAIL_FOUND",
                    "values": {
                        "email_adress": [
                            [
                                "admin@host.de"
                            ]
                        ]
                    }
                }
            ]
        },
        {
            "name": "PHONE_NUMBER",
            "hasError": false,
            "errorMessage": null,
            "score": 98,
            "scoreType": "info",
            "testDetails": [
                {
                    "placeholder": "NUMBER_FOUND",
                    "values": {
                        "number": [
                            "1234-12 11 22-3",
                            "123-11 22 333-4"
                        ]
                    }
                }
            ]
        }
    ]
}

Scanner Interface Values

InfoLeak-Scanner

Messages

PlaceholderMessage
SCAN CMS
CMS_ONLYUsed Content-Management-System {cms} detected.
CMS_VERSIONUsed Content-Management-System {cms} and its version {version} detected.
CMS_VERSION_VULNVulnerable Content-Management-System {cms} version {version} detected
SCAN PLUGIN
PLUGIN_ONLYCMS Plugin {plugin} in DOM-node {node} via node-content {node_content} detected.
PLUGIN_VERSIONCMS Plugin {plugin} and its version {plugin_version} in DOM-node {node} via node-content {node_content} detected.
PLUGIN_VERSION_VULNVulnerable CMS Plugin {plugin} and its version {plugin_version} in DOM-node {node} via node-content {node_content} detected.
SCAN JS
JS_LIB_ONLYUsed JavaScript library {js_lib_name} in DOM-node {node} via node-content {node_content} detected.
JS_LIB_VERSIONUsed JavaScript library {js_lib_name} and its version {js_lib_version} in DOM-node {node} via node-content {node_content} detected.
JS_LIB_VULN_VERSIONVulnerable JavaScript library {js_lib_name} and its version {js_lib_version} in DOM-node {node} via node-content {node_content} detected.
SCAN EMAIL
EMAIL_FOUNDEmail address {email_address} found.
SCAN PHONE
NUMBER_FOUNDTelephone number {number} found.
ERRORS
NO_SOURCE_CODEGiven URL has no source code.
INVALID_URLGiven URL is not a valid URL.
INFOLEAK_LOCALHOST_SCAN_NOT_ALLOWEDScanning localhost ist not permitted.
NO_RESPONSEGiven URL is not reachable.
INFOLEAK_PORT_DISALLOWEDGiven URL contains a disallowed port.
INFOLEAK_DONT_LEAK_USER_CREDSGiven URL contains user credentials.
INFOLEAK_JSON_DECODE_ERRORGiven POST request could not be decoded.
INFOLEAK_REDIRECT_ERRORURL does a forbidden redirect.
UNSUPPORTED_PROTOCOLThe Website is using a protocol which is not supported.
FAILED_INITScanner failed to initialize the connection
URL_MALFORMATURL is not properly formatted
COULDNT_RESOLVE_HOSTThe given remote host was not resolved
COULDNT_CONNECTFailed to connect to host or proxy
REMOTE_ACCESS_DENIEDAccess to the resource given in the URL was denied
HTTP2_ERRORA problem was detected in the HTTP2 framing layer
TOO_MANY_REDIRECTSThere were too many redirects
SEND_ERRORFailed sending network data
RECV_ERRORFailure receiving network data
BAD_CONTENT_ENCODINGUnrecognized transfer encoding
SSL_ENGINE_INITFAILEDInitiating the SSL Engine failed
TIMEOUTThe specified timeout period was reached according to the conditions
CONV_FAILEDCharacter conversion failed
REMOTE_FILE_NOT_FOUNDThe resource referenced in the URL does not exist
HTTP2_STREAMStream error in the HTTP/2 framing layer

Further details

Especially tested on:

	Mozilla Firefox 45.7.0

	PHP 5.6.30-0+deb8u1 (cli) (built: Feb  8 2017 08:50:21)
	Copyright (c) 1997-2016 The PHP Group
	Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies

	Server version: Apache/2.4.10 (Debian)
	Server built:   Feb 24 2017 18:40:28
	Server's Module Magic Number: 20120211:37
	Server loaded:  APR 1.5.1, APR-UTIL 1.5.4
	Compiled using: APR 1.5.1, APR-UTIL 1.5.4
	Architecture:   64-bit
	Server MPM:     prefork
	threaded:     no
	forked:     yes (variable process count)
	Server compiled with....
	-D APR_HAS_SENDFILE
	-D APR_HAS_MMAP
	-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
	-D APR_USE_SYSVSEM_SERIALIZE
	-D APR_USE_PTHREAD_SERIALIZE
	-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
	-D APR_HAS_OTHER_CHILD
	-D AP_HAVE_RELIABLE_PIPED_LOGS
	-D DYNAMIC_MODULE_LIMIT=256
	-D HTTPD_ROOT="/etc/apache2"
	-D SUEXEC_BIN="/usr/lib/apache2/suexec"
	-D DEFAULT_PIDLOG="/var/run/apache2.pid"
	-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
	-D DEFAULT_ERRORLOG="logs/error_log"
	-D AP_TYPES_CONFIG_FILE="mime.types"
	-D SERVER_CONFIG_FILE="apache2.conf"