Skip to content

alonz22/vulnerability-scanner-webserver

Repository files navigation

Web Server and DNS Records Vulnerabilities Checker

GitHub license

This repository contains PowerShell scripts to check for common vulnerabilities in web servers such as Microsoft Internet Information Services (IIS), Apache, and Nginx. Additionally, there is a dns-vuln-check script to scan DNS records for vulnerabilities. These scripts help identify potential security weaknesses in your web server configurations and DNS records, and provide information about discovered issues along with related Common Vulnerabilities and Exposures (CVEs) and suggested fixes.

Features

Common Features for IIS, Apache, and Nginx Scripts:

  • SSL Certificate Validation: The scripts include a custom SSL validation callback that allows them to ignore self-signed certificates during the scan.

  • Security Headers Check: The scripts analyze HTTP response headers to identify missing security headers such as Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, and Content-Security-Policy. They provide information about missing headers, their related CVEs, and suggested fixes.

  • Insecure Cookies Detection: The scripts check for insecure cookies by inspecting the Set-Cookie headers. They identify cookies that are missing the Secure, HttpOnly, or SameSite attributes.

  • Web Server and Framework Version Check: The scripts extract information about the web server and framework versions. They provide information about the detected versions and advise on the removal of sensitive headers.

  • TLS Version Check: The scripts check the supported TLS versions and alert if insecure TLS versions (TLS 1.0 or TLS 1.1) are detected.

  • HTTP to HTTPS Redirect Check: The scripts check whether the domain redirects HTTP traffic to HTTPS, helping ensure secure communication.

  • Scoring System: The scripts assign scores to each security check and calculate a total score, providing an overall assessment of the server's security.

  • PDF Export: You can export the scan results to a PDF file for documentation and sharing.

Script-Specific Features:

iis-vuln-check.ps1 (for IIS)

  • Additional IIS-specific checks and recommendations.

apache-vuln-check.ps1 (for Apache)

  • Additional Apache-specific checks and recommendations.

nginx-vuln-check.ps1 (for Nginx)

  • Additional Nginx-specific checks and recommendations.

DNS Records Vulnerabilities Checker:

  • The dns-vuln-check.ps1 script allows you to scan domain DNS records for vulnerabilities.

  • It checks for missing or incorrect DNS records, such as missing PTR records, missing validation records, such as SPF, DKIM, DMARC and recognizing if there is a WAF service enabled for the domain.

Prerequisites

  • PowerShell installed on your system.
  • Appropriate permissions to run the scripts against the target server.

Usage

Running the Web Server Scripts:

  1. Open a PowerShell terminal.

  2. Navigate to the directory containing the desired script (iis-vuln-check.ps1, apache-vuln-check.ps1, or nginx-vuln-check.ps1).

  3. Run the script by executing the following command:

    .\script-name.ps1

Follow the on-screen prompts to enter the domain to check.

Review the scan results to identify vulnerabilities, related CVEs, and suggested fixes.

Implement recommended solutions and best practices to improve server security.

Running the DNS Records Script: Open a PowerShell terminal.

Navigate to the directory containing the dns-vuln-check.ps1 script.

Run the script by executing the following command:

Copy code .\dns-vuln-check.ps1 Follow the on-screen prompts to enter the domain to check.

Review the scan results to identify DNS record vulnerabilities, related CVEs, and suggested fixes.

Implement recommended DNS record configurations to enhance security.

Example Usage: powershell Copy code

Run the IIS vulnerabilities checker script

.\iis-vuln-check.ps1

optional Enter the PDF file path to save the results (e.g., C:\Path\To\Results.pdf).

Run the Apache vulnerabilities checker script

.\apache-vuln-check.ps1

optional Enter the PDF file path to save the results (e.g., C:\Path\To\Results.pdf).

Run the Nginx vulnerabilities checker script

.\nginx-vuln-check.ps1

optional Enter the PDF file path to save the results (e.g., C:\Path\To\Results.pdf).

Run the DNS records vulnerabilities checker script

.\dns-vuln-check.ps1

Contributing

Contributions are welcome! If you have ideas for improvements, additional vulnerability checks, or bug fixes, please open an issue or submit a pull request. Your contributions will help enhance the scripts' functionality and security.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Note:

These scripts are provided for informational purposes and should be used responsibly and with appropriate permissions. They do not guarantee the absence of vulnerabilities or security issues. Always follow security best practices and perform regular security audits to ensure the safety of your systems.