In [1]:
import requests
from bs4 import BeautifulSoup

# Function to verify if HTTPS is being used
def verify_https(site_url):
    if site_url.startswith('https'):
        print("✅ HTTPS is enabled.")
    else:
        print("⚠️ HTTPS is not enabled. Consider using HTTPS for better security.")

# Function to detect login and registration links
def detect_auth_links(website_url):
    response = requests.get(website_url)
    soup = BeautifulSoup(response.text, 'html.parser')

    login_pages = []
    signup_pages = []

    for anchor in soup.find_all('a', href=True):
        href = anchor['href']
        if 'login' in href.lower():
            login_pages.append(href)
        if 'signup' in href.lower() or 'register' in href.lower():
            signup_pages.append(href)

    return login_pages, signup_pages

# Function to evaluate login form fields
def evaluate_login_form(page_url):
    response = requests.get(page_url)
    soup = BeautifulSoup(response.text, 'html.parser')

    fields = soup.find_all('input')
    for field in fields:
        print(f"Field Name: {field.get('name')}, Type: {field.get('type')}")

    captcha_detected = soup.find('div', {'class': 'g-recaptcha'})
    if captcha_detected:
        print("✅ CAPTCHA is present, improving security.")
    else:
        print("⚠️ CAPTCHA is missing, increasing vulnerability to brute-force attacks.")

# Function to examine session cookies and authentication tokens
def examine_cookies_tokens(session_obj, login_page, user, pwd):
    credentials = {
        'username': user,
        'password': pwd
    }
    login_attempt = session_obj.post(login_page, data=credentials)

    for cookie in session_obj.cookies:
        print(f"Cookie Name: {cookie.name}, Secure: {cookie.secure}, HttpOnly: {cookie.has_nonstandard_attr('HttpOnly')}")

    token_check = login_attempt.headers.get('Authorization')
    if token_check and 'Bearer' in token_check:
        print("✅ JWT token detected for authentication.")
    else:
        print("⚠️ JWT token not found. Review authentication mechanism.")

# Function to validate session management practices
def validate_session(session_obj):
    session_token = session_obj.cookies.get('sessionid')
    if session_token and len(session_token) > 20:
        print("✅ Session ID is sufficiently long and random.")
    else:
        print("⚠️ Session ID may be too short or predictable, leading to security risks.")

# Function to conduct authorization validation
def check_authorization(session_obj, secure_url):
    secure_response = session_obj.get(secure_url)

    if secure_response.status_code == 403:
        print("✅ Access correctly restricted based on user roles.")
    elif secure_response.status_code == 200:
        print("⚠️ Access granted. Ensure authorization checks are enforced correctly.")
    else:
        print("⚠️ Unexpected response. Review access control measures.")

# Function to review HTTP security headers
def evaluate_http_headers(http_response):
    headers = http_response.headers
    security_policies = [
        'Strict-Transport-Security',
        'Content-Security-Policy',
        'X-Content-Type-Options',
        'X-Frame-Options'
    ]
    for policy in security_policies:
        if policy in headers:
            print(f"✅ {policy} is properly set.")
        else:
            print(f"⚠️ {policy} is missing. Consider implementing it.")

# Main function to execute security checks
def main():
    target_url = 'https://amazon.in'  # Change this to the target site
    session = requests.Session()

    # Step 1: Verify HTTPS security
    verify_https(target_url)

    # Step 2: Identify authentication-related links
    logins, signups = detect_auth_links(target_url)
    print(f"Login Pages Found: {logins}")
    print(f"Signup Pages Found: {signups}")

    # Step 3: Evaluate login form if login page exists
    if logins:
        evaluate_login_form(target_url + logins[0])

    # Step 4: Analyze authentication cookies and tokens
    if logins:
        user_id = 'sample_user'  # Replace with actual username
        user_pwd = 'sample_password'  # Replace with actual password
        examine_cookies_tokens(session, target_url + logins[0], user_id, user_pwd)

    # Step 5: Validate session management security
    validate_session(session)

    # Step 6: Test authorization restrictions
    restricted_area = target_url + '/restricted'  # Modify with actual protected resource
    check_authorization(session, restricted_area)

    # Step 7: Examine HTTP security headers
    http_response = session.get(target_url)
    evaluate_http_headers(http_response)

if __name__ == "__main__":
    main()


✅ HTTPS is enabled.
Login Pages Found: []
Signup Pages Found: []
⚠️ Session ID may be too short or predictable, leading to security risks.
⚠️ Unexpected response. Review access control measures.
✅ Strict-Transport-Security is properly set.
✅ Content-Security-Policy is properly set.
✅ X-Content-Type-Options is properly set.
✅ X-Frame-Options is properly set.


In [12]:
import requests
from bs4 import BeautifulSoup
import re

url = 'https://sitare.org'
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')

# Extract emails
emails = re.findall(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b', soup.text)
print('Emails:', emails)

# Extract phone numbers
phone_numbers = re.findall(r'\b\d{10}\b', soup.text)
print('Phone Numbers:', phone_numbers)

# Extract privacy policy URL
privacy_policy = soup.find('a', href=True, text=re.compile(r'Privacy Policy', re.I))
if privacy_policy:
    privacy_policy_url = privacy_policy['href']
    print(f'Privacy Policy URL: {privacy_policy_url}')


Emails: []
Phone Numbers: []


  privacy_policy = soup.find('a', href=True, text=re.compile(r'Privacy Policy', re.I))
