Security Testing Platform

A professional web-based security testing and vulnerability discovery tool built with Python and Flask. This platform provides comprehensive security assessment capabilities for authorized testing of your company's websites and applications.

Features

🔍 Vulnerability Scanning

• Security Headers Analysis: Detects missing security headers (X-Frame-Options, CSP, HSTS, etc.)
• XSS Testing: Automated Cross-Site Scripting vulnerability detection
• SQL Injection Testing: Identifies potential SQL injection vulnerabilities
• SSL/TLS Analysis: Comprehensive SSL certificate and configuration analysis
• Directory Scanning: Discovers common directories and files
• Subdomain Discovery: Finds subdomains associated with target domains

🔧 Header Testing

• Custom Header Injection: Test custom headers including X-Headers
• Multiple HTTP Methods: Support for GET, POST, PUT, DELETE
• Response Analysis: Detailed response header and content analysis

🌐 IP Information Gathering

• IP Geolocation: Get location information for IP addresses
• Reverse DNS Lookup: Discover domain names associated with IPs
• ASN Information: Network and organization details
• Port Scanning: Scan common ports for open services
• HTTP Server Detection: Identify web servers and their configurations

🛡️ Firewall Bypass

• User-Agent Rotation: Bypass filters using different user agents
• Header Manipulation: Use X-Forwarded-For and other headers
• URL Encoding: Bypass using encoding techniques
• IP Rotation: Simulate different source IPs

📥 Resource Fetching

• External Resource Access: Fetch resources from external sites
• Bypass Techniques: Built-in firewall bypass capabilities
• Custom Headers: Support for custom authentication and headers
• Full Content Retrieval: Get complete response content

Installation

1. Clone or navigate to the project directory:

   cd /home/ahmedelsayed/Pictures/testify

2. Create a virtual environment (recommended):

   python3 -m venv venv
   source venv/bin/activate  # On Linux/Mac
   # or
   venv\Scripts\activate  # On Windows

3. Install dependencies:

   pip install -r requirements.txt

Usage

1. Start the application:

   python app.py

2. Access the web interface: Open your browser and navigate to:

   http://localhost:5000
   

3. Use the interface:

   • Select a tab for the type of test you want to perform
   • Enter the target URL or IP address
   • Configure test parameters
   • Click the action button to start the test
   • View results in the results panel

API Endpoints

The application provides RESTful API endpoints for programmatic access:

• POST /api/scan - Perform vulnerability scan
• POST /api/test-header - Test custom headers
• POST /api/ip-info - Get IP information
• POST /api/bypass-firewall - Attempt firewall bypass
• POST /api/fetch-resource - Fetch external resource
• POST /api/scan-comprehensive - Comprehensive security scan
• POST /api/test-ports-comprehensive - Comprehensive port-based testing
• POST /api/test-http-access - Test HTTP/HTTPS access
• POST /api/test-ftp-access - Test FTP access
• POST /api/test-ssh-access - Test SSH access
• POST /api/test-email-service - Test email services (SMTP, POP3, IMAP)
• POST /api/enumerate-files-http - Enumerate files via HTTP/HTTPS
• POST /api/test-file-access - Test access to specific file
• POST /api/brute-force-access - Brute force directory/file access

Security & Legal Notice

⚠️ IMPORTANT: This tool is designed for authorized security testing only.

• Only use this tool on systems you own or have explicit written permission to test
• Unauthorized access to computer systems is illegal
• Always obtain proper authorization before conducting security tests
• The developers are not responsible for misuse of this tool
• Use responsibly and ethically

Project Structure

testify/
├── app.py                 # Main Flask application
├── requirements.txt       # Python dependencies
├── README.md             # This file
├── test_website.py       # Standalone website testing script
├── modules/              # Security testing modules
│   ├── __init__.py
│   ├── vulnerability_scanner.py
│   ├── header_tester.py
│   ├── ip_info.py
│   ├── firewall_bypass.py
│   ├── port_based_tester.py  # NEW: Port-based testing
│   ├── directory_tester.py
│   ├── access_bypass.py
│   └── ...
├── templates/            # HTML templates
│   └── index.html
└── static/              # Static files
    ├── css/
    │   └── style.css
    └── js/
        └── app.js

Quick Start: Testing Your Website

Based on your open ports scan, you can test your website comprehensively:

# 1. Install dependencies
pip install -r requirements.txt

# 2. Run comprehensive tests on your website
python test_website.py your-domain.com

# 3. Or test specific ports
python test_website.py your-domain.com --ports 80,443,21,2222

# 4. Save results to JSON file
python test_website.py your-domain.com --output test_results.json

The script will automatically:

• Test HTTP/HTTPS access (ports 80, 443)
• Test FTP access (port 21) and check for anonymous login
• Test SSH access (port 2222) and grab banner
• Test email services (ports 25, 110, 143, 465, 587, 993, 995)
• Enumerate sensitive files and directories
• Attempt access bypass techniques
• Generate a comprehensive security report

Port-Based Testing (NEW)

Comprehensive Port Testing

Test your website based on open ports discovered via port scanning:

# Test all open ports
python test_website.py your-domain.com

# Test specific ports
python test_website.py your-domain.com --ports 80,443,8080

# Save results to file
python test_website.py your-domain.com --output results.json

Features:

• HTTP/HTTPS Access Testing: Tests web server accessibility, gathers server information, detects technologies
• FTP Testing: Tests FTP access, checks for anonymous login, enumerates files and directories
• SSH Testing: Tests SSH access, grabs banners, checks authentication
• Email Service Testing: Tests SMTP, POP3, IMAP services and grabs banners
• File Enumeration: Automatically enumerates sensitive files and directories on web servers
• Access Bypass: Uses multiple bypass techniques to access protected resources

Supported Ports:

• 21 (FTP)
• 25, 465, 587 (SMTP/SMTPS)
• 80, 443 (HTTP/HTTPS)
• 110, 995 (POP3/POP3S)
• 143, 993 (IMAP/IMAPS)
• 2222 (SSH)

Features in Detail

Vulnerability Scanner

• Scans for missing security headers
• Tests for XSS vulnerabilities with multiple payloads
• Detects SQL injection vulnerabilities
• Analyzes SSL/TLS configuration
• Scans for common directories
• Discovers subdomains

Header Tester

• Test any custom header including X-Headers
• Support for all HTTP methods
• Detailed response analysis
• Header manipulation for testing

IP Information

• Geolocation data
• Reverse DNS resolution
• ASN and network information
• Port scanning
• HTTP server fingerprinting

Firewall Bypass

• Multiple bypass techniques
• User-Agent spoofing
• Header manipulation
• IP rotation simulation
• URL encoding techniques

Requirements

• Python 3.7+
• Flask 3.0.0+
• requests 2.31.0+
• dnspython 2.4.2+
• paramiko 3.4.0+ (for SSH testing)
• beautifulsoup4 4.12.2+ (for HTML parsing)

Troubleshooting

If you encounter issues:

1. Port already in use: Change the port in app.py (default: 5000)
2. DNS resolution errors: Ensure your network connection is working
3. SSL verification errors: Some features disable SSL verification for testing purposes
4. Timeout errors: Increase timeout values in the modules if needed

Contributing

This is a professional security testing tool. Contributions should focus on:

• Improving accuracy of vulnerability detection
• Adding new security test capabilities
• Enhancing user interface
• Performance optimization

License

This tool is provided for authorized security testing purposes. Use responsibly and in compliance with all applicable laws and regulations.

Support

For issues or questions, please ensure you're using this tool only for authorized testing on systems you own or have permission to test.

---

Remember: Always obtain proper authorization before testing any system. Unauthorized access is illegal.