17_client_side_csp.sh — PQCrypta Pentest Suite

1	#!/bin/bash
2	# Red-team: Client-side security — CSP analysis, supply chain, DOM clobbering
3	SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
4	source "$SCRIPT_DIR/../config.sh"
5	OUT="$OUT/client_side"
6	mkdir -p "$OUT"
7
8	echo '=== CLIENT-SIDE SECURITY RED-TEAM ===' \| tee "$OUT/summary.txt"
9
10	# Fetch main page and analyze CSP
11	echo '--- CSP Analysis ---' \| tee -a "$OUT/summary.txt"
12	CSP=$(curl -sk -I --max-time 10 "$TARGET/" \| grep -i 'content-security-policy')
13	echo "$CSP" \| tee -a "$OUT/summary.txt"
14
15	# Check for unsafe-inline or unsafe-eval
16	if echo "$CSP" \| grep -qi 'unsafe-inline'; then
17	echo ' [FAIL] unsafe-inline present!' \| tee -a "$OUT/summary.txt"
18	else
19	echo ' [PASS] No unsafe-inline' \| tee -a "$OUT/summary.txt"
20	fi
21	if echo "$CSP" \| grep -qi 'unsafe-eval'; then
22	echo ' [FAIL] unsafe-eval present!' \| tee -a "$OUT/summary.txt"
23	else
24	echo ' [PASS] No unsafe-eval' \| tee -a "$OUT/summary.txt"
25	fi
26	if echo "$CSP" \| grep -qi "script-src.'\'"; then
27	echo ' [FAIL] Wildcard script-src!' \| tee -a "$OUT/summary.txt"
28	fi
29
30	# Check nonce uniqueness — fetch page twice, compare nonces
31	echo '' \| tee -a "$OUT/summary.txt"
32	echo '--- Nonce Uniqueness Check ---' \| tee -a "$OUT/summary.txt"
33	NONCE1=$(curl -sk -I --max-time 10 "$TARGET/" \| grep -oi "nonce-[A-Za-z0-9+/=]*" \| head -1)
34	sleep 1
35	NONCE2=$(curl -sk -I --max-time 10 "$TARGET/" \| grep -oi "nonce-[A-Za-z0-9+/=]*" \| head -1)
36	echo " Request 1 nonce: $NONCE1" \| tee -a "$OUT/summary.txt"
37	echo " Request 2 nonce: $NONCE2" \| tee -a "$OUT/summary.txt"
38	if [ "$NONCE1" = "$NONCE2" ] && [ -n "$NONCE1" ]; then
39	echo ' [FAIL] Static nonce — reused across requests!' \| tee -a "$OUT/summary.txt"
40	else
41	echo ' [PASS] Nonces differ between requests' \| tee -a "$OUT/summary.txt"
42	fi
43
44	# Check script SRI (subresource integrity)
45	echo '' \| tee -a "$OUT/summary.txt"
46	echo '--- Subresource Integrity ---' \| tee -a "$OUT/summary.txt"
47	PAGE=$(curl -sk --max-time 15 "$TARGET/")
48	SCRIPTS_NO_SRI=$(echo "$PAGE" \| grep '<script' \| grep -v 'integrity=' \| grep 'src=' \| head -5)
49	if [ -n "$SCRIPTS_NO_SRI" ]; then
50	echo ' [WARN] Scripts without SRI:' \| tee -a "$OUT/summary.txt"
51	echo "$SCRIPTS_NO_SRI" \| head -3 \| tee -a "$OUT/summary.txt"
52	else
53	echo ' [PASS] All external scripts have SRI or are self-hosted' \| tee -a "$OUT/summary.txt"
54	fi
55
56	# Check CORS on API
57	echo '' \| tee -a "$OUT/summary.txt"
58	echo '--- CORS Policy (API) ---' \| tee -a "$OUT/summary.txt"
59	cors_resp=$(curl -sk -I --max-time 10 -H 'Origin: https://evil.com' -H 'Access-Control-Request-Method: POST' -X OPTIONS "$API_TARGET/encrypt")
60	echo "$cors_resp" \| grep -i 'access-control' \| tee -a "$OUT/summary.txt"
61	if echo "$cors_resp" \| grep -qi 'access-control-allow-origin: \*'; then
62	echo ' [FAIL] Wildcard CORS origin!' \| tee -a "$OUT/summary.txt"
63	elif echo "$cors_resp" \| grep -qi 'access-control-allow-origin: https://evil.com'; then
64	echo ' [FAIL] Reflects evil.com as allowed origin!' \| tee -a "$OUT/summary.txt"
65	else
66	echo ' [PASS] CORS does not reflect evil.com' \| tee -a "$OUT/summary.txt"
67	fi
68
69	cat "$OUT/summary.txt"
70

AUTONOMY DIRECTORATE

🏠 Main

🧪 Interactive Apps

📰 News

📚 Documents ▼

🛡️ PQ Crypta Proxy

🎓 Educational Animations ▼

👤 Account

🧬 Company & Legal ▼

🛠️ Utilities ▼

🛡️ Security ▼

🚧 Under Development ▼

⟨ QUANTUM ERROR PORTAL ⟩

Script Viewer