This repository contains PowerShell scripts to check for common vulnerabilities in web servers such as Microsoft Internet Information Services (IIS), Apache, and Nginx. Additionally, there is a dns-vuln-check script to scan DNS records for vulnerabilities. These scripts help identify potential security weaknesses in your web server configurations and DNS records, and provide information about discovered issues along with related Common Vulnerabilities and Exposures (CVEs) and suggested fixes.
-
SSL Certificate Validation: The scripts include a custom SSL validation callback that allows them to ignore self-signed certificates during the scan.
-
Security Headers Check: The scripts analyze HTTP response headers to identify missing security headers such as
Strict-Transport-Security,X-Content-Type-Options,X-Frame-Options,X-XSS-Protection, andContent-Security-Policy. They provide information about missing headers, their related CVEs, and suggested fixes. -
Insecure Cookies Detection: The scripts check for insecure cookies by inspecting the
Set-Cookieheaders. They identify cookies that are missing theSecure,HttpOnly, orSameSiteattributes. -
Web Server and Framework Version Check: The scripts extract information about the web server and framework versions. They provide information about the detected versions and advise on the removal of sensitive headers.
-
TLS Version Check: The scripts check the supported TLS versions and alert if insecure TLS versions (TLS 1.0 or TLS 1.1) are detected.
-
HTTP to HTTPS Redirect Check: The scripts check whether the domain redirects HTTP traffic to HTTPS, helping ensure secure communication.
-
Scoring System: The scripts assign scores to each security check and calculate a total score, providing an overall assessment of the server's security.
-
PDF Export: You can export the scan results to a PDF file for documentation and sharing.
- Additional IIS-specific checks and recommendations.
- Additional Apache-specific checks and recommendations.
- Additional Nginx-specific checks and recommendations.
-
The
dns-vuln-check.ps1script allows you to scan domain DNS records for vulnerabilities. -
It checks for missing or incorrect DNS records, such as missing PTR records, missing validation records, such as SPF, DKIM, DMARC and recognizing if there is a WAF service enabled for the domain.
- PowerShell installed on your system.
- Appropriate permissions to run the scripts against the target server.
-
Open a PowerShell terminal.
-
Navigate to the directory containing the desired script (
iis-vuln-check.ps1,apache-vuln-check.ps1, ornginx-vuln-check.ps1). -
Run the script by executing the following command:
.\script-name.ps1
Follow the on-screen prompts to enter the domain to check.
Review the scan results to identify vulnerabilities, related CVEs, and suggested fixes.
Implement recommended solutions and best practices to improve server security.
Running the DNS Records Script: Open a PowerShell terminal.
Navigate to the directory containing the dns-vuln-check.ps1 script.
Run the script by executing the following command:
Copy code .\dns-vuln-check.ps1 Follow the on-screen prompts to enter the domain to check.
Review the scan results to identify DNS record vulnerabilities, related CVEs, and suggested fixes.
Implement recommended DNS record configurations to enhance security.
Example Usage: powershell Copy code
.\iis-vuln-check.ps1
optional Enter the PDF file path to save the results (e.g., C:\Path\To\Results.pdf).
.\apache-vuln-check.ps1
optional Enter the PDF file path to save the results (e.g., C:\Path\To\Results.pdf).
.\nginx-vuln-check.ps1
optional Enter the PDF file path to save the results (e.g., C:\Path\To\Results.pdf).
.\dns-vuln-check.ps1
Contributions are welcome! If you have ideas for improvements, additional vulnerability checks, or bug fixes, please open an issue or submit a pull request. Your contributions will help enhance the scripts' functionality and security.
This project is licensed under the MIT License - see the LICENSE file for details.
These scripts are provided for informational purposes and should be used responsibly and with appropriate permissions. They do not guarantee the absence of vulnerabilities or security issues. Always follow security best practices and perform regular security audits to ensure the safety of your systems.