Vulnerability Assessment

Vulnerability Assessment

Menu key: 4 · File: lib/modules/vuln.sh · Entry point: kraken_vuln_run

A lightweight, non-intrusive sanity check of common misconfigurations. It is intentionally shallow, use dedicated scanners (nuclei, nikto, sslyze, …) for depth.

What it checks

Check	Output	Tool	Detail
SSL/TLS certificate	ssl_cert.txt	openssl	dumps the parsed x509 cert from :443
HTTP methods	findings.txt	curl	records the Allow: header from an OPTIONS request
Security headers	findings.txt	curl	flags missing X-Frame-Options, Content-Security-Policy, Strict-Transport-Security
Server banner	findings.txt	curl	records an exposed Server: header (information disclosure)

findings.txt format

Findings are written as machine-readable, prefixed lines so the report module can count and categorise them:

HTTP_METHODS: Allow: GET, POST, OPTIONS, HEAD
MISSING_HEADER: content-security-policy
MISSING_HEADER: strict-transport-security
INFO_DISCLOSURE: Server: nginx/1.18.0

The executive summary in the report counts lines matching MISSING_HEADER, HTTP_METHODS and INFO_DISCLOSURE. See Reporting.

Example session

[*] Launching vulnerability assessment...
[?] Enter target (IP/domain): example.com
[+] Output directory: kraken_output/demo/vuln_example.com
[*] Testing SSL/TLS configuration...
[+] SSL certificate analyzed
[*] Checking common misconfigurations...
═══ Basic Security Checks ═══
  [!] Allowed HTTP methods: Allow: GET, HEAD, POST, OPTIONS
  [x] Missing: content-security-policy
  [x] Missing: strict-transport-security
  [!] Server banner exposed: Server: ECS (dcb/7F83)
[+] Vulnerability assessment complete!

Scope and limitations

This module is a quick triage step, not a full scanner. It does not test for injection, authentication flaws, outdated components or known CVEs. Treat its output as a starting point and follow up with specialised tooling. See the upstream tools listed in requirements.txt.

Output location

kraken_output/<session>/vuln_<target>/
  ssl_cert.txt
  findings.txt