| 1 | #!/bin/bash |
| 2 | # Bot detection bypass - tests whether fake UAs, headless markers, missing headers slip through |
| 3 | SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" |
| 4 | source "$SCRIPT_DIR/../config.sh" |
| 5 | OUT="$OUT/bot_detection" |
| 6 | mkdir -p "$OUT" |
| 7 | |
| 8 | echo '=== BOT DETECTION BYPASS TESTS ===' | tee "$OUT/summary.txt" |
| 9 | |
| 10 | # 1. No User-Agent (raw bot) |
| 11 | echo '' | tee -a "$OUT/summary.txt" |
| 12 | echo '--- No User-Agent ---' | tee -a "$OUT/summary.txt" |
| 13 | resp=$(curl -sk -o "$OUT/no_ua_body.txt" -w '%{http_code}' --max-time 10 -H 'User-Agent:' "$TARGET/") |
| 14 | echo "[$resp] No User-Agent" | tee -a "$OUT/summary.txt" |
| 15 | |
| 16 | # 2. Known bad bot UAs (should be blocked) |
| 17 | BAD_UAS=( |
| 18 | 'sqlmap/1.7' |
| 19 | 'nikto/2.1.6' |
| 20 | 'masscan/1.3' |
| 21 | 'nmap scripting engine' |
| 22 | 'zgrab/0.x' |
| 23 | 'python-requests/2.28' |
| 24 | 'Go-http-client/1.1' |
| 25 | 'curl/7.88.1' |
| 26 | 'Wget/1.21' |
| 27 | ) |
| 28 | |
| 29 | echo '' | tee -a "$OUT/summary.txt" |
| 30 | echo '--- Known Bad Bot UAs ---' | tee -a "$OUT/summary.txt" |
| 31 | for ua in "${BAD_UAS[@]}"; do |
| 32 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -A "$ua" "$TARGET/") |
| 33 | echo "[$resp] UA: $ua" | tee -a "$OUT/summary.txt" |
| 34 | done |
| 35 | |
| 36 | # 3. Headless browser markers |
| 37 | echo '' | tee -a "$OUT/summary.txt" |
| 38 | echo '--- Headless Browser Markers ---' | tee -a "$OUT/summary.txt" |
| 39 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/120.0.0.0 Safari/537.36' "$TARGET/") |
| 40 | echo "[$resp] HeadlessChrome UA" | tee -a "$OUT/summary.txt" |
| 41 | |
| 42 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36' -H 'X-Forwarded-For: 127.0.0.1' "$TARGET/") |
| 43 | echo "[$resp] X-Forwarded-For: 127.0.0.1 (EXPECTED 200 โ XFF from untrusted source is ignored by proxy, real IP still tracked)" | tee -a "$OUT/summary.txt" |
| 44 | |
| 45 | # 4. Scanner-like rapid paths (not DoS, just pattern) |
| 46 | echo '' | tee -a "$OUT/summary.txt" |
| 47 | echo '--- Scanner Path Probes ---' | tee -a "$OUT/summary.txt" |
| 48 | SCAN_PATHS=('/.env' '/.git/config' '/wp-admin/' '/admin/' '/phpmyadmin/' '/phpinfo.php' '/config.php' '/backup.sql' '/.htaccess' '/server-status' '/api/v1/users' '/actuator/health') |
| 49 | for path in "${SCAN_PATHS[@]}"; do |
| 50 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 "$TARGET$path") |
| 51 | echo "[$resp] $path" | tee -a "$OUT/summary.txt" |
| 52 | done |
| 53 | |
| 54 | # 5. Realistic browser headers - should pass |
| 55 | echo '' | tee -a "$OUT/summary.txt" |
| 56 | echo '--- Legitimate Browser (should PASS) ---' | tee -a "$OUT/summary.txt" |
| 57 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' "$TARGET/") |
| 58 | echo "[$resp] Realistic Chrome UA (should be 200/301)" | tee -a "$OUT/summary.txt" |
| 59 | |
| 60 | cat "$OUT/summary.txt" |
| 61 |
Script Viewer
Red Team Suite › 02_bot_detection.sh