#!/bin/bash # Red-team: Client-side security — CSP analysis, supply chain, DOM clobbering SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/../config.sh" OUT="$OUT/client_side" mkdir -p "$OUT" echo '=== CLIENT-SIDE SECURITY RED-TEAM ===' | tee "$OUT/summary.txt" # Fetch main page and analyze CSP echo '--- CSP Analysis ---' | tee -a "$OUT/summary.txt" CSP=$(curl -sk -I --max-time 10 "$TARGET/" | grep -i 'content-security-policy') echo "$CSP" | tee -a "$OUT/summary.txt" # Check for unsafe-inline or unsafe-eval if echo "$CSP" | grep -qi 'unsafe-inline'; then echo ' [FAIL] unsafe-inline present!' | tee -a "$OUT/summary.txt" else echo ' [PASS] No unsafe-inline' | tee -a "$OUT/summary.txt" fi if echo "$CSP" | grep -qi 'unsafe-eval'; then echo ' [FAIL] unsafe-eval present!' | tee -a "$OUT/summary.txt" else echo ' [PASS] No unsafe-eval' | tee -a "$OUT/summary.txt" fi if echo "$CSP" | grep -qi "script-src.*'\*'"; then echo ' [FAIL] Wildcard script-src!' | tee -a "$OUT/summary.txt" fi # Check nonce uniqueness — fetch page twice, compare nonces echo '' | tee -a "$OUT/summary.txt" echo '--- Nonce Uniqueness Check ---' | tee -a "$OUT/summary.txt" NONCE1=$(curl -sk -I --max-time 10 "$TARGET/" | grep -oi "nonce-[A-Za-z0-9+/=]*" | head -1) sleep 1 NONCE2=$(curl -sk -I --max-time 10 "$TARGET/" | grep -oi "nonce-[A-Za-z0-9+/=]*" | head -1) echo " Request 1 nonce: $NONCE1" | tee -a "$OUT/summary.txt" echo " Request 2 nonce: $NONCE2" | tee -a "$OUT/summary.txt" if [ "$NONCE1" = "$NONCE2" ] && [ -n "$NONCE1" ]; then echo ' [FAIL] Static nonce — reused across requests!' | tee -a "$OUT/summary.txt" else echo ' [PASS] Nonces differ between requests' | tee -a "$OUT/summary.txt" fi # Check script SRI (subresource integrity) echo '' | tee -a "$OUT/summary.txt" echo '--- Subresource Integrity ---' | tee -a "$OUT/summary.txt" PAGE=$(curl -sk --max-time 15 "$TARGET/") SCRIPTS_NO_SRI=$(echo "$PAGE" | grep '