BETA 0.6.3

freeauditor.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ###############################################################################
-################### FREE OCSAF AUDITOR MAIN - 0.6.2 (BETA) ####################
+################### FREE OCSAF AUDITOR MAIN - 0.6.3 (BETA) ####################
 ###############################################################################
 
 #########################################################################################################################
@@ -25,12 +25,22 @@
 time=$(date +%d.%m.%Y-%H:%M)
 echo nameserver 9.9.9.9 > /etc/resolv.conf  #Comment out if not necessary. With Security look https://www.quad9.net.
 #echo nameserver 9.9.9.10 > /etc/resolv.conf  #Comment out if not necessary. No Security look https://www.quad9.net.
-#Check if vulnreport folder exists and create otherwise
 
+#Check if vulnreport folder exists and create otherwise
 if ! [ -d "./inputs/temp" ]; then
 	mkdir ./inputs/temp
 fi
 
+#Check if the required programs are installed
+program=(python3 dig host jq geoiplookup)
+for i in "${program[@]}"; do
+	if [ -z $(command -v ${i}) ]; then
+		echo "${i} is not installed."
+		exit
+	fi
+done
+unset program
+
 
 ############################
 ### Integrated functions ###
@@ -46,7 +56,7 @@ fi
 
 #script usage
 usage() {
-	echo "Free OCSAF Security Auditor BETA 0.6.1 - GPLv3 (https://freecybersecurity.org)"
+	echo "Free OCSAF Security Auditor BETA 0.6.3 - GPLv3 (https://freecybersecurity.org)"
 	echo "Use only with legal authorization and at your own risk!"
        	echo "ANY LIABILITY WILL BE REJECTED!"
        	echo ""	
@@ -159,7 +169,7 @@ echo ""
 echo "####################################################################"
 echo "########## Free OCSAF Security Auditor - GNU GPLv3        ##########"
 echo "########## https://freecybersecurity.org                  ##########"
-echo "########## MG(), Version 0.6.2 - Beta (06.05.19)          ##########"
+echo "########## MG(), Version 0.6.3 - Beta (06.05.19)          ##########"
 echo "####################################################################"
 echo ""
 echo $time

libraries/bash/ocsaf_scan_sh_functions.sh

@@ -125,7 +125,11 @@ do
 	# Check if security header is set
 	sHeaderCheck=$(echo "${urlHeader}" | grep "$shFileValue1")
 	if [ -z "$sHeaderCheck" ]; then
-    		echo -e "${shFileColor}${shFileValue1} not set!${cOFF}"
+		if [ "$shFileColor" == "red" ]; then
+    			echo -e "${rON}${shFileValue1} not set!${cOFF}"
+		elif [ "$shFileColor" == "yellow" ]; then
+    			echo -e "${yON}${shFileValue1} not set!${cOFF}"
+		fi
 	else
     		echo -e "${gON}${sHeaderCheck}${cOFF}"
 	fi

libraries/python/httpheader.py

@@ -1,4 +1,5 @@
 #!/usr/bin/python3
+
 #######################################################################
 ################### FREE OCSAF HTTP Header FUNCTION ###################
 #######################################################################
@@ -23,27 +24,27 @@
 ############# HTTP Header ##############
 
 def funcHTTPHeader(url):
-
+    
     agent = { 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:62.0) Gecko/20100101 Firefox/62.0' }
+    #agent = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0'}
 
-    #url = input("URL eingeben / z.B. http://www.test.ch: ")
     req = urllib.request.Request(
             url,
             data=None,
             headers=agent
             )
-    http = urllib.request.urlopen(req)
+    try:http = urllib.request.urlopen(req)
+    except urllib.error.URLError as err:
+        print("ERROR: {} {}".format(err.code,err.reason))
 
-   # print()
-   # print("HTTP-Header for {}:".format(args["url"]))
-   # print()
     print(http.headers)
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
     parser.add_argument("-u", "--url", required=True,
             help="Full URL - http://www.freecybersecurity.org")
     args = vars(parser.parse_args())
-    funcHTTPHeader(args["url"])
+    url = args["url"]
+    funcHTTPHeader(url)
 
 ############# END #############