Remove media menu option and verify route handling
This commit is contained in:
178
cli/test/pentest/PENTEST.md
Normal file
178
cli/test/pentest/PENTEST.md
Normal file
@@ -0,0 +1,178 @@
|
||||
# CodePress CMS Penetration Test Suite
|
||||
|
||||
## 🔒 Overview
|
||||
Comprehensive security testing script voor CodePress CMS. Test 10 kritieke attack vectors met 40+ individuele tests.
|
||||
|
||||
## ⚠️ WAARSCHUWING
|
||||
**Gebruik dit script ALLEEN op systemen waar je toestemming voor hebt!**
|
||||
Ongeautoriseerde penetration testing is illegaal.
|
||||
|
||||
## 📋 Test Categorieën
|
||||
|
||||
### 1. **XSS (Cross-Site Scripting)**
|
||||
- Page parameter injection
|
||||
- Search parameter injection
|
||||
- Language parameter injection
|
||||
- HTML entity encoding
|
||||
- SVG/IMG tag injection
|
||||
|
||||
### 2. **Path Traversal**
|
||||
- Basic `../` attacks
|
||||
- URL encoding bypass
|
||||
- Double encoding
|
||||
- Backslash variants
|
||||
- Mixed separators
|
||||
- Config file access
|
||||
|
||||
### 3. **PHP Code Injection**
|
||||
- PHP wrapper attacks
|
||||
- Data URI execution
|
||||
- Expect wrapper exploitation
|
||||
|
||||
### 4. **Null Byte Injection**
|
||||
- Null byte in parameters
|
||||
- Extension bypass attempts
|
||||
|
||||
### 5. **Command Injection**
|
||||
- Shell command injection in search
|
||||
- Backtick command execution
|
||||
- Pipe operator injection
|
||||
|
||||
### 6. **Template Injection**
|
||||
- Mustache SSTI (Server-Side Template Injection)
|
||||
- Config disclosure via templates
|
||||
|
||||
### 7. **HTTP Header Injection**
|
||||
- CRLF injection
|
||||
- Header manipulation
|
||||
|
||||
### 8. **Information Disclosure**
|
||||
- PHP version leakage
|
||||
- Directory listing
|
||||
- Config file exposure
|
||||
- Dependency disclosure
|
||||
|
||||
### 9. **Security Headers**
|
||||
- X-Frame-Options
|
||||
- Content-Security-Policy
|
||||
- X-Content-Type-Options
|
||||
- Referrer-Policy
|
||||
|
||||
### 10. **Denial of Service (DoS)**
|
||||
- Large parameter attacks
|
||||
- Resource exhaustion
|
||||
|
||||
## 🚀 Gebruik
|
||||
|
||||
### Vereisten
|
||||
- bash
|
||||
- curl
|
||||
- python3 (voor lange strings)
|
||||
- Lopende CodePress CMS instance
|
||||
|
||||
### Uitvoeren
|
||||
|
||||
```bash
|
||||
# Start de server
|
||||
php -S localhost:8080 -t public
|
||||
|
||||
# In een andere terminal
|
||||
./pentest.sh
|
||||
```
|
||||
|
||||
### Output
|
||||
|
||||
Het script genereert:
|
||||
1. **Console output** - Real-time test resultaten met kleuren
|
||||
2. **pentest_results.txt** - Gedetailleerd rapport
|
||||
|
||||
### Resultaat Codes
|
||||
|
||||
- 🟢 **[SAFE]** - Aanval geblokkeerd ✅
|
||||
- 🔴 **[VULNERABLE]** - Kwetsbaarheid gevonden ❌
|
||||
- 🟡 **[POTENTIAL]** - Mogelijk kwetsbaar ⚠️
|
||||
- 🟡 **[UNKNOWN]** - Onverwachte response ⚠️
|
||||
|
||||
## 📊 Voorbeeld Output
|
||||
|
||||
```
|
||||
========================================
|
||||
1. XSS VULNERABILITY TESTS
|
||||
========================================
|
||||
|
||||
Testing: XSS in page parameter...[SAFE] ✅
|
||||
Testing: XSS in search parameter...[SAFE] ✅
|
||||
Testing: XSS in lang parameter...[SAFE] ✅
|
||||
|
||||
========================================
|
||||
PENETRATION TEST SUMMARY
|
||||
========================================
|
||||
|
||||
Total tests: 40
|
||||
Vulnerabilities found: 0
|
||||
Safe tests: 40
|
||||
|
||||
✅ All tests passed! System appears secure.
|
||||
```
|
||||
|
||||
## 🛡️ Verwachte Resultaten
|
||||
|
||||
CodePress CMS zou **ALLE** tests moeten doorstaan:
|
||||
|
||||
| Categorie | Verwacht Resultaat |
|
||||
|-----------|-------------------|
|
||||
| XSS | ✅ Blocked |
|
||||
| Path Traversal | ✅ Blocked |
|
||||
| PHP Injection | ✅ Blocked |
|
||||
| Command Injection | ✅ Blocked |
|
||||
| Template Injection | ✅ Blocked |
|
||||
| Security Headers | ✅ Present |
|
||||
| Info Disclosure | ✅ Hidden |
|
||||
|
||||
## 🔧 Aanpassen
|
||||
|
||||
### Target wijzigen
|
||||
```bash
|
||||
# Bewerk bovenaan pentest.sh
|
||||
TARGET="http://your-domain.com"
|
||||
```
|
||||
|
||||
### Tests toevoegen
|
||||
```bash
|
||||
test_vulnerability \
|
||||
"Jouw test naam" \
|
||||
"$TARGET/?param=payload" \
|
||||
"search_pattern" \
|
||||
"true" # true = vulnerable if found
|
||||
```
|
||||
|
||||
## 📚 OWASP Top 10 Coverage
|
||||
|
||||
- ✅ A01:2021 - Broken Access Control
|
||||
- ✅ A02:2021 - Cryptographic Failures
|
||||
- ✅ A03:2021 - Injection
|
||||
- ✅ A05:2021 - Security Misconfiguration
|
||||
- ✅ A06:2021 - Vulnerable Components
|
||||
- ✅ A07:2021 - Authentication Failures
|
||||
|
||||
## 🐛 Gevonden Vulnerability?
|
||||
|
||||
1. Stop met testen
|
||||
2. Documenteer de vulnerability in `pentest_results.txt`
|
||||
3. Fix de code
|
||||
4. Run de test opnieuw
|
||||
5. Commit NIET de vulnerability voor de fix klaar is
|
||||
|
||||
## 📝 Licentie
|
||||
|
||||
Deel van CodePress CMS - Gebruik alleen voor security testing van eigen systemen.
|
||||
|
||||
## 🔗 Meer Informatie
|
||||
|
||||
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)
|
||||
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
|
||||
- [Web Application Penetration Testing](https://portswigger.net/web-security)
|
||||
|
||||
---
|
||||
|
||||
**Remember:** Ethical hacking = Permission + Documentation + Responsible Disclosure
|
||||
Reference in New Issue
Block a user