-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathachilles.py
executable file
·86 lines (69 loc) · 2.8 KB
/
achilles.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/env python3
# import sys
# print('The first argument was: ' + sys.argv[1]) #argv[0] = file name
# print(sys.argv)
import argparse
import validators
import requests
import yaml
from urllib.parse import urlparse
from bs4 import BeautifulSoup
from bs4 import Comment
parser = argparse.ArgumentParser(description = 'The Achilles HTML Vulnerability Analyzer Version 1.0')
parser.add_argument('-v', '--version', action = 'version', version = '%(prog)s 1.0')
parser.add_argument('url', type = str, help = 'The URL of the HTML to analyze')
parser.add_argument('-c', '--config', help = 'Path to configuration file')
parser.add_argument('-o', '--output', help = 'Report file output path')
args = parser.parse_args()
# print(args)
# print(args.url)
config = {'forms': True, 'comments': True, 'passwords': True}
if(args.config):
print('Using config file: ' + args.config)
config_file = open(args.config, 'r')
config_from_file = yaml.safe_load(config_file)
if(config_from_file):
# config = config_from_file
config = {**config, **config_from_file}
# print(config)
report = ''
url = args.url
if (validators.url(url)):
# print('That was a good URL')
result_html = requests.get(url).text
# print(result_html)
parsed_html = BeautifulSoup(result_html, 'html.parser')
# print(parsed_html.title)
forms = parsed_html.find_all('form')
# print(parsed_html.find_all('h1'))
comments = parsed_html.find_all(string = lambda text:isinstance(text, Comment))
password_inputs = parsed_html.find_all('input', {'name' : 'password'})
if(config['forms']):
for form in forms:
if((form.get('action').find('https') < 0) and (urlparse(url).scheme != 'https')):
# form_is_secure = False
# print(form_is_secure)
report += 'Form Issue: Insecure form action ' + form.get('action') + ' found in document\n'
if(config['comments']):
for comment in comments:
if(comment.find('key: ') > -1):
report += 'Comment Issue: Key is found in the HTML comments, please remove\n'
if(config['passwords']):
for password in password_inputs:
if(password.find('type') != 'password'):
report += 'Input Issue: PlainText password input found. Please change to password type input\n'
else:
# print('That one wasn\'t so good')
print('Invalid URL. Please include full URL including scheme.')
if(report == ''):
report += 'Nice Job! Your HTML document is secure!'
else:
header = 'Vulnerability Report is as follows: \n'
header += '====================================\n\n'
report = header + report
# print(report)
if(args.output):
f = open(args.output, 'w')
f.write(report)
f.close
print('Report saved to: ' + args.output)