Automated Security Scanning Implementation
Automated Security Scanning Implementation
Deploy comprehensive automated scanning tools:
#!/bin/bash
# /usr/local/bin/automated-security-scan.sh
# Configuration
TARGET_URL="https://example.com"
SCAN_DIR="/var/log/security-scans/$(date +%Y%m%d)"
ADMIN_EMAIL="[email protected]"
# Create scan directory
mkdir -p "$SCAN_DIR"
# Function to run Nikto scan
run_nikto_scan() {
echo "[$(date)] Starting Nikto scan..."
nikto -h "$TARGET_URL" \
-output "$SCAN_DIR/nikto-report.html" \
-Format html \
-Tuning 123456789 \
-useragent "SecurityAudit/1.0" \
-timeout 10 \
-Pause 2
# Parse results for critical findings
if grep -q "OSVDB-" "$SCAN_DIR/nikto-report.html"; then
echo "WARNING: Nikto found potential vulnerabilities"
fi
}
# Function to run OWASP ZAP scan
run_zap_scan() {
echo "[$(date)] Starting OWASP ZAP scan..."
# Start ZAP in daemon mode
/opt/zap/zap.sh -daemon -port 8090 -config api.key=your-api-key &
ZAP_PID=$!
sleep 30
# Run spider
curl -s "http://localhost:8090/JSON/spider/action/scan/?apikey=your-api-key&url=$TARGET_URL"
# Wait for spider to complete
while [ "$(curl -s 'http://localhost:8090/JSON/spider/view/status/?apikey=your-api-key' | jq -r '.status')" != "100" ]; do
sleep 5
done
# Run active scan
curl -s "http://localhost:8090/JSON/ascan/action/scan/?apikey=your-api-key&url=$TARGET_URL"
# Wait for scan to complete
while [ "$(curl -s 'http://localhost:8090/JSON/ascan/view/status/?apikey=your-api-key' | jq -r '.status')" != "100" ]; do
sleep 10
done
# Generate report
curl -s "http://localhost:8090/OTHER/core/other/htmlreport/?apikey=your-api-key" > "$SCAN_DIR/zap-report.html"
# Stop ZAP
kill $ZAP_PID
}
# Function to run SSL/TLS analysis
run_ssl_scan() {
echo "[$(date)] Starting SSL/TLS scan..."
# testssl.sh scan
/opt/testssl.sh/testssl.sh \
--html \
--csvfile "$SCAN_DIR/ssl-scan.csv" \
--jsonfile "$SCAN_DIR/ssl-scan.json" \
--severity HIGH \
--sneaky \
"$TARGET_URL" > "$SCAN_DIR/ssl-scan.txt"
# Check for critical SSL issues
if grep -E "(VULNERABLE|CRITICAL)" "$SCAN_DIR/ssl-scan.txt"; then
echo "CRITICAL: SSL/TLS vulnerabilities detected"
fi
}
# Function to run security headers check
check_security_headers() {
echo "[$(date)] Checking security headers..."
python3 - << EOF > "$SCAN_DIR/headers-report.json"
import requests
import json
url = "$TARGET_URL"
response = requests.get(url, verify=True)
headers = dict(response.headers)
required_headers = [
'Strict-Transport-Security',
'X-Content-Type-Options',
'X-Frame-Options',
'Content-Security-Policy',
'X-XSS-Protection',
'Referrer-Policy'
]
missing_headers = [h for h in required_headers if h not in headers]
security_score = (len(required_headers) - len(missing_headers)) / len(required_headers) * 100
report = {
'url': url,
'headers_present': {h: headers.get(h, '') for h in required_headers if h in headers},
'headers_missing': missing_headers,
'security_score': security_score,
'all_headers': headers
}
print(json.dumps(report, indent=2))
EOF
}
# Function to check for common vulnerabilities
check_common_vulns() {
echo "[$(date)] Checking for common vulnerabilities..."
# Test paths that should return 404 or 403
vulnerable_paths=(
"/.git/HEAD"
"/.svn/entries"
"/.env"
"/wp-config.php"
"/config.php"
"/.htaccess"
"/.htpasswd"
"/server-status"
"/server-info"
"/phpinfo.php"
"/.DS_Store"
"/web.config"
"/backup.sql"
"/dump.sql"
)
echo "Path,Status,Risk" > "$SCAN_DIR/path-disclosure.csv"
for path in "${vulnerable_paths[@]}"; do
status=$(curl -s -o /dev/null -w "%{http_code}" "${TARGET_URL}${path}")
risk="Low"
if [ "$status" = "200" ]; then
risk="Critical"
echo "CRITICAL: Sensitive file exposed at $path"
elif [ "$status" = "403" ]; then
risk="Medium"
fi
echo "${path},${status},${risk}" >> "$SCAN_DIR/path-disclosure.csv"
done
}
# Function to run nmap security scan
run_nmap_scan() {
echo "[$(date)] Starting nmap scan..."
# Extract hostname
HOSTNAME=$(echo "$TARGET_URL" | sed -e 's|^[^/]*//||' -e 's|/.*$||')
# Run comprehensive nmap scan
nmap -sS -sV -A -T4 \
--script "http-* and not brute" \
-oA "$SCAN_DIR/nmap-scan" \
"$HOSTNAME"
# Check for unexpected open ports
if grep -E "^[0-9]+/(tcp|udp).*open" "$SCAN_DIR/nmap-scan.nmap" | grep -v -E "(80|443)/tcp"; then
echo "WARNING: Unexpected open ports detected"
fi
}
# Function to generate consolidated report
generate_report() {
echo "[$(date)] Generating consolidated report..."
cat > "$SCAN_DIR/executive-summary.html" << EOF
<!DOCTYPE html>
<html>
<head>
<title>Security Scan Report - $(date)</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
.critical { color: red; font-weight: bold; }
.warning { color: orange; font-weight: bold; }
.pass { color: green; }
.section { margin: 20px 0; padding: 10px; border: 1px solid #ddd; }
table { border-collapse: collapse; width: 100%; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
th { background-color: #f2f2f2; }
</style>
</head>
<body>
<h1>Security Scan Report</h1>
<p>Target: $TARGET_URL</p>
<p>Date: $(date)</p>
<div class="section">
<h2>Executive Summary</h2>
<p>This report contains findings from automated security scans.</p>
</div>
<div class="section">
<h2>Scan Results</h2>
<ul>
<li>Nikto Web Scanner: <a href="nikto-report.html">View Report</a></li>
<li>OWASP ZAP: <a href="zap-report.html">View Report</a></li>
<li>SSL/TLS Analysis: <a href="ssl-scan.txt">View Report</a></li>
<li>Security Headers: <a href="headers-report.json">View Report</a></li>
<li>Path Disclosure: <a href="path-disclosure.csv">View Report</a></li>
<li>Port Scan: <a href="nmap-scan.nmap">View Report</a></li>
</ul>
</div>
</body>
</html>
EOF
}
# Main execution
echo "Starting comprehensive security scan of $TARGET_URL"
echo "Results will be saved to: $SCAN_DIR"
# Run all scans
run_nikto_scan
run_ssl_scan
check_security_headers
check_common_vulns
run_nmap_scan
#run_zap_scan # Uncomment if ZAP is installed
# Generate report
generate_report
# Email notification
echo "Security scan completed. Reports available at: $SCAN_DIR" | \
mail -s "Security Scan Complete - $(date)" "$ADMIN_EMAIL"
echo "Scan completed successfully!"