Creating your own API endpoint
Vulnerability Scanner consists of 2 parts.
1st part is a backend API that scans a website to see if it contains any security vulnerabilities.
2nd part is a frontend Vue application to call the API and display the scan results.
Users can select what type of vulnerabilities they would like to scan in the frontend.
If the scan finds a vulnerability, it will show the user where it is and the recommended remedy.
-
Node.js https://nodejs.org/en/
-
Public Suffix List https://www.npmjs.com/package/psl
-
Bootstrap 5 https://getbootstrap.com/docs/5.1/getting-started/introduction/
-
Bootstrap Icons https://icons.getbootstrap.com/
-
Vuelidate https://vuelidate.js.org/
-
Floating Vue https://www.npmjs.com/package/floating-vue
-
Vue Loading Overlay https://www.npmjs.com/package/vue-loading-overlay
-
Insomnia (For testing the API's endpoints.) https://insomnia.rest/
NOTE: Make sure Node.js is up to date. To check Node.js version, type in node -v in your CLI
node -v
v18.13.0 <- latest version at the making of this program.
- Open your CLI in the Backend folder and run npm i (node_modules have been added too .gitignore)
npm i
- Open your CLI in the Frontend folder and run npm i (node_modules have been added too .gitignore)
npm i
- Create a file named .env in the Backend folder and add your desired port you want the API to run on. Don't commit .env!
PORT=1337
- Create a file named .env in the Frontend folder and add your API's address (The address must use the same port number you used in the backend .env). Don't commit .env!
VITE_BACKEND_URL="http://localhost:1337/"
- Open your CLI in the Backend folder and run npm start to launch the API
npm start
- Open your CLI in the Frontend folder and run npm run dev to start the frontend
npm run dev
- To access the running frontend website, copy the link in the CLI to your browser
VITE v4.2.1 ready in 342 ms
➜ Local: http://localhost:5174/ <--- this link
➜ Network: use --host to expose
➜ press h to show help
If you successfully call one of the API's endpoints, it will return an object containing information about the scanned vulnerability.
The object contains:
-
statusCode - Will tell you if the scan succeeded, failed or was canceled due to reaching the timeout value.
-
statusText - Will tell you the exact reason why the scan succeeded, failed or timed out.
-
url - The scanned vulnerabilities location. (NOTE: this value will always contain the scanned vulnerabilities location even if it does not exist.)
-
vulnerabilityName - The name of the scanned vulnerability.
-
vulnerabilityDescription - The description of the scanned vulnerability.
-
vulnerabilityRemedy - The recommended fix for the scanned vulnerability.
List of all endpoints:
-
/phpinfo
-
/gitconfig
-
/dockercompose
-
/laravellog
-
/wpdebuglog
-
/wpconfig
-
/apachestatus
-
/symfony
-
/lifigen
-
/lifidupe
-
/errorlog
-
/wplogin
-
/phpmyadmin
-
/jckeditor
-
/joomlaconfig
-
/sqldump
-
/backup
You can find more information about the endpoints in Backend/routes/mainRoutes.js
To call an endpoint you need to provide a timeout value and the url of the website you want to scan as query parameters.
NOTE: The timeout value is in milliseconds and the url must contain either a HTTP protocol or a HTTPS protocol.
Example API request:
http://localhost:1337/jckeditor?url=https://unsecuresite.com/&timeout=3000
Example API response:Navigate to Backend/routes/mainRoutes.js in your code editor and create a new router.get() method.
Example router.get() method:
{
"statusCode":200,
"statusText":"Vulnerability found.",
"url":"https//:unsecuresite.com/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&parent=\"%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),NULL,NULL,NULL,NULL,NULL--%20aa&view=menu",
"vulnerabilityName":"JCK Editor SQL injection",
"vulnerabilityDescription":"An outdated JCKEditor plugin can be used by an attacker to perform SQL injection attacks.",
"vulnerabilityRemedy":"Update the JCK editor for Joomla!"
}
Navigate to Backend/routes/mainRoutes.js in your code editor and create a new router.get() method.
Example router.get() method:
router.get("/env", mainController.getDotENV);
"/env" is the endpoint the you will call using the API
mainController.getDotENV is a method in the mainController that handles the API call.
Navigate to Backend/controllers/mainController.js in your code editor and create a new export method.
To create a new export method you need to use the getRequest function.
Example export method:
exports.getDotENV = (req, res) => {
getRequest(["/.env"],"SECRET","Enviormental variable exposure","Exposed enviormental variables can lead to passwords getting stolen etc.",standardRemedyText+"file.",req,res)
}
getRequest(endpoints,regex,vulnerabilityName,vulnerabilityDescription,vulnerabilityRemedy,req,res)
-
endpoints - A array that contains at least 1 vulnerability location.
-
regex - A regular expression is used to lessen false positives. It works by checking if the page/file contains a word that indicates that the vulnerability exists. It can be either a string or if you need more accuracy a regular expression containing 2 or more words.
-
vulnerabilityName - The name of the scanned vulnerability.
-
vulnerabilityDescription - The description of the scanned vulnerability.
-
vulnerabilityRemedy - The recommended fix for the scanned vulnerability.
-
req - Variable that interacts with the query parameters.
-
res - Variable that contains the API's initial call response.