Skip to content

Commit

Permalink
Add Google Web Risk security check
Browse files Browse the repository at this point in the history
  • Loading branch information
juffalow committed Oct 15, 2023
1 parent 5ae73d9 commit 466ccbd
Show file tree
Hide file tree
Showing 4 changed files with 396 additions and 5 deletions.
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
"pentest-tool-lite": "./src/index"
},
"dependencies": {
"@google-cloud/web-risk": "^4.0.1",
"commander": "^6.0.0",
"csso": "^5.0.5",
"domhandler": "^4.2.2",
Expand Down
48 changes: 48 additions & 0 deletions src/security/GoogleWebRisk.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
import { WebRiskServiceClient, protos } from '@google-cloud/web-risk';
import Test, { TestParameters, Result } from '../Test';
import logger from '../logger';

/**
*
* @see https://cloud.google.com/web-risk
* @see https://safebrowsing.google.com
* @see https://transparencyreport.google.com/safe-browsing/search
*/
class GoogleWebRisk extends Test {
public name = 'GoogleWebRisk';

public async test({ url }: TestParameters): Promise<Result> {
logger.info('Starting Google Web Risk test...');

const client = new WebRiskServiceClient();

const request = {
uri: url,
threatTypes: [
protos.google.cloud.webrisk.v1.ThreatType.MALWARE,
protos.google.cloud.webrisk.v1.ThreatType.SOCIAL_ENGINEERING,
protos.google.cloud.webrisk.v1.ThreatType.UNWANTED_SOFTWARE,
],
};

const response = await client.searchUris(request);

const { threat } = response[0];

if (threat !== null) {
return {
status: 'ERROR',
title: this.name,
description: `This url contains ${threat.threatTypes.join(', ').toLowerCase()}!`,
};
}

return {
status: 'SUCCESS',
title: this.name,
description: 'This URL is safe.',
};
}
}

export default GoogleWebRisk;
2 changes: 2 additions & 0 deletions src/security/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import ReferrerPolicy from './ReferrerPolicy';
import RobotsTXT from './RobotsTXT';
import PermissionsPolicy from './PermissionsPolicy';
import SSL from './SSL';
import GoogleWebRisk from './GoogleWebRisk';

export default class Security extends Test {
public name = 'Security';
Expand All @@ -32,6 +33,7 @@ export default class Security extends Test {
new ContentEncoding(),
new RobotsTXT(),
new SSL(),
new GoogleWebRisk(),
];
}

Expand Down
Loading

0 comments on commit 466ccbd

Please sign in to comment.