Add Google Web Risk security check

package.json

@@ -13,6 +13,7 @@
     "pentest-tool-lite": "./src/index"
   },
   "dependencies": {
+    "@google-cloud/web-risk": "^4.0.1",
     "commander": "^6.0.0",
     "csso": "^5.0.5",
     "domhandler": "^4.2.2",

src/security/GoogleWebRisk.ts

@@ -0,0 +1,48 @@
+import { WebRiskServiceClient, protos } from '@google-cloud/web-risk';
+import Test, { TestParameters, Result } from '../Test';
+import logger from '../logger';
+
+/**
+ *
+ * @see https://cloud.google.com/web-risk
+ * @see https://safebrowsing.google.com
+ * @see https://transparencyreport.google.com/safe-browsing/search
+ */
+class GoogleWebRisk extends Test {
+  public name = 'GoogleWebRisk';
+
+  public async test({ url }: TestParameters): Promise<Result> {
+    logger.info('Starting Google Web Risk test...');
+
+    const client = new WebRiskServiceClient();
+
+    const request = {
+      uri: url,
+      threatTypes: [
+        protos.google.cloud.webrisk.v1.ThreatType.MALWARE,
+        protos.google.cloud.webrisk.v1.ThreatType.SOCIAL_ENGINEERING,
+        protos.google.cloud.webrisk.v1.ThreatType.UNWANTED_SOFTWARE,
+      ],
+    };
+
+    const response = await client.searchUris(request);
+
+    const { threat } = response[0];
+
+    if (threat !== null) {
+      return {
+        status: 'ERROR',
+        title: this.name,
+        description: `This url contains ${threat.threatTypes.join(', ').toLowerCase()}!`,
+      };
+    }
+
+    return {
+      status: 'SUCCESS',
+      title: this.name,
+      description: 'This URL is safe.',
+    };
+  }
+}
+
+export default GoogleWebRisk;

src/security/index.ts

@@ -12,6 +12,7 @@ import ReferrerPolicy from './ReferrerPolicy';
 import RobotsTXT from './RobotsTXT';
 import PermissionsPolicy from './PermissionsPolicy';
 import SSL from './SSL';
+import GoogleWebRisk from './GoogleWebRisk';
 
 export default class Security extends Test {
   public name = 'Security';
@@ -32,6 +33,7 @@ export default class Security extends Test {
       new ContentEncoding(),
       new RobotsTXT(),
       new SSL(),
+      new GoogleWebRisk(),
     ];
   }