AUTONOMY DIRECTORATE

๐Ÿ  Main

๐Ÿ  Home
โฐ Q-Day Countdown
0
Y
0
D
0
H
0
M
0
S
0
MS

๐Ÿงช Interactive Apps

๐Ÿ” Encrypt & Share ๐Ÿ”’ Encryption ๐Ÿ—œ๏ธ Compression ๐Ÿ“„ PDF Tools ๐ŸŽต Music โœจ Quantum Sandbox ๐Ÿ” Challenge Mode ๐Ÿ” Regex Designer ๐Ÿ—„๏ธ SQL Generator ๐Ÿ”ฌ PQC Scanner โšก HTTP/3 Scanner ๐Ÿš€ WebTransport Test ๐ŸŒ Speed Test ๐Ÿ“ก Telemetry Wall ๐ŸŽฒ Entropy

๐Ÿ“ฐ News

๐Ÿ“ฐ News
๐Ÿ—ž๏ธ Latest Headlines
Loading news...
Loading... โ€ข Just now

๐Ÿ›ก๏ธ PQ Crypta Proxy

๐ŸŒ Proxy Whitepaper ๐Ÿ–ฅ๏ธ Control Plane ๐Ÿ™ GitHub ๐ŸŽฏ Red Team Tests

๐Ÿ‘ค Account

๐Ÿ“ Sign Up ๐Ÿ”‘ Login ๐Ÿ“Š Dashboard ๐Ÿฉบ Health Monitor ๐Ÿ“ก System Telemetry ๐Ÿšช Logout

โŸจ QUANTUM ERROR PORTAL โŸฉ

Navigate the Error Dimensions

PQ Crypta Logo

Script Viewer

Red Team Suite › 05_api_auth.sh

05_api_auth.sh 42 lines
Download ← All Scripts
1 #!/bin/bash
2 # API authentication & authorization tests
3 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
4 source "$SCRIPT_DIR/../config.sh"
5 OUT="$OUT/api_auth"
6 mkdir -p "$OUT"
7
8 echo '=== API AUTH & AUTHZ TESTS ===' | tee "$OUT/summary.txt"
9
10 # No auth key
11 echo '--- No API Key ---' | tee -a "$OUT/summary.txt"
12 for ep in '/encrypt' '/decrypt' '/generate-keys' '/health' '/metrics' '/admin' '/keys' '/users' '/config'; do
13 resp=$(curl -sk -o "$OUT/no_auth_$(echo $ep | tr '/' '_').txt" -w '%{http_code}' --max-time 10 -X POST -H 'Content-Type: application/json' -d '{}' "$API_TARGET$ep")
14 echo "[$resp] POST $ep (no auth)" | tee -a "$OUT/summary.txt"
15 done
16
17 # Malformed auth tokens
18 echo '' | tee -a "$OUT/summary.txt"
19 echo '--- Malformed Auth Tokens ---' | tee -a "$OUT/summary.txt"
20 BAD_TOKENS=('invalid' 'null' 'undefined' '{}' 'Bearer ' 'Bearer null' "Bearer $(python3 -c 'print("A"*1000)')" 'Bearer ../../../etc/passwd')
21 for tok in "${BAD_TOKENS[@]}"; do
22 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -X POST -H "Authorization: $tok" -H 'Content-Type: application/json' -d '{}' "$API_TARGET/encrypt")
23 echo "[$resp] Auth: $tok" | tee -a "$OUT/summary.txt"
24 done
25
26 # JWT algorithm confusion (none algorithm)
27 echo '' | tee -a "$OUT/summary.txt"
28 echo '--- JWT Algorithm Confusion ---' | tee -a "$OUT/summary.txt"
29 NONE_JWT='eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhZG1pbiIsInJvbGUiOiJhZG1pbiJ9.'
30 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 -X POST -H "Authorization: Bearer $NONE_JWT" -H 'Content-Type: application/json' -d '{}' "$API_TARGET/encrypt")
31 echo "[$resp] JWT alg:none" | tee -a "$OUT/summary.txt"
32
33 # IDOR - try to access other users' keys by guessing IDs
34 echo '' | tee -a "$OUT/summary.txt"
35 echo '--- IDOR Key Enumeration ---' | tee -a "$OUT/summary.txt"
36 for id in '1' '2' '100' '1000' '00000000-0000-0000-0000-000000000001' 'admin'; do
37 resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 "$API_TARGET/keys/$id")
38 echo "[$resp] GET /keys/$id" | tee -a "$OUT/summary.txt"
39 done
40
41 cat "$OUT/summary.txt"
42