Website Security Audit Tool Comprehensive security audit tool for websites. Analyzes security headers, SSL/TLS configuration, CMS vulnerabilities, exposed information, and common security issues. Supports WordPress, Shopify, Webflow, Framer, Drupal, Joomla, Magento, and other CMS platforms. ## Description This actor performs a thorough security audit of websites, identifying vulnerabilities, misconfigurations, and security best practices. It provides detailed scores, actionable recommendations, and categorized security issues. ## Features ### Security Headers Analysis ✅ Content-Security-Policy (CSP): Checks for presence and unsafe directives ✅ Strict-Transport-Security (HSTS): Validates HSTS configuration and max-age ✅ X-Frame-Options: Prevents clickjacking attacks ✅ X-Content-Type-Options: Prevents MIME type sniffing ✅ X-XSS-Protection: Legacy XSS protection ✅ Referrer-Policy: Controls referrer information leakage ✅ Permissions-Policy: Restricts browser features access ✅ Cross-Origin Policies: COEP, COOP, CORP headers ### SSL/TLS Audit ✅ Certificate Validation: Checks certificate validity and expiration ✅ Certificate Details: Extracts issuer and expiry information ✅ Mixed Content: Detects HTTP resources on HTTPS pages ✅ TLS Protocols: Verifies supported TLS versions ### CMS Detection & Analysis ✅ WordPress: - Detects WordPress version and core updates - Identifies installed plugins and themes with versions - Checks for plugin/theme updates via WordPress.org API - Verifies plugin vulnerabilities via WPVulnerability.net database - Detects admin panel accessibility - Checks REST API security - Uses Wappalyzer-like detection patterns for comprehensive plugin discovery - Extracts plugin versions from CSS/JS assets, JavaScript variables, HTML attributes, and meta tags - Internal mapping of 150+ popular plugins for accurate slug detection ✅ Shopify: Checks admin panel security, storefront configuration ✅ Webflow: Validates custom domain configuration ✅ Framer: Detects Framer sites and configuration ✅ Drupal, Joomla, Magento: Version detection and security checks ✅ Sensitive Files: Checks for accessible configuration files ### Vulnerability Scanning ✅ SQL Injection: Basic pattern detection ✅ XSS (Cross-Site Scripting): Identifies potential XSS vectors ✅ CSRF Protection: Checks forms for CSRF tokens ✅ Admin Access: Verifies admin panels require authentication ✅ Default Credentials: Warns about default login pages ✅ Insecure APIs: Identifies unprotected API endpoints ### WordPress Plugin & Theme Vulnerability Detection ✅ WPVulnerability.net Integration: Real-time vulnerability checking against WPVulnerability.net database ✅ CVE Information: Extracts CVE numbers and vulnerability details ✅ Vulnerability Types: Identifies XSS, SQL Injection, Object Injection, Open Redirect, and more ✅ Fixed Versions: Reports which plugin/theme versions fix vulnerabilities ✅ Update Recommendations: Suggests updates when vulnerabilities are found ✅ Comprehensive Detection: Checks all detected plugins and themes for known vulnerabilities ### Exposed Information Detection ✅ Server Versions: Detects exposed server and technology stack ✅ CMS Versions: Identifies exposed CMS and plugin versions ✅ Error Messages: Finds error messages revealing system information ✅ Sensitive Files: Checks for accessible .env, config files, backups ✅ Directory Listing: Detects enabled directory listings ✅ Robots.txt & Sitemap: Analyzes for sensitive path exposure ### Performance & Reliability ✅ Smart Page Loading: Fallback strategy (networkidle → load → domcontentloaded) for sites with continuous network activity ✅ Extended Timeouts: 5-minute timeout for complete audit process ✅ Robust Error Handling: Continues audit even if some checks fail ✅ Page State Validation: Checks page availability before operations ## Input Parameters - startUrl (string, required): Website URL to audit - timeout (integer, default: 30000): Page load timeout in milliseconds (per navigation attempt) - checkHeaders (boolean, default: true): Audit security headers - checkSSL (boolean, default: true): Audit SSL/TLS - checkCMS (boolean, default: true): Detect and audit CMS - checkVulnerabilities (boolean, default: true): Scan for vulnerabilities - checkExposed (boolean, default: true): Check for exposed information - userAgent (string): Custom user agent string ## Output The actor outputs detailed security audit results for each page, including: - Overall Security Score (0-100): Weighted score based on all checks - Categorized Issues: Critical, High, Medium, Low, Info - Detailed Findings: - Headers analysis with recommendations - SSL/TLS certificate details - CMS detection with plugin/theme versions - Plugin/theme update availability - Vulnerability details with CVE numbers, types, and fixed versions - Exposed information risks - Actionable Recommendations: Specific steps to improve security - Site Summary: Aggregated statistics across all audited pages ### WordPress Plugin/Theme Output Format For each detected plugin/theme: json { "name": "Plugin Name", "version": "1.2.3", "vulnerable": true, "vulnerabilities": [ { "id": "uuid", "title": "Vulnerability Title", "type": "XSS", "cve": "CVE-2024-12345", "fixedIn": "1.2.4", "references": "https://..." } ], "updateAvailable": true, "latestVersion": "1.3.0" } ## Security Score Breakdown - Headers (25%): Security headers configuration - SSL/TLS (30%): Certificate and encryption security - CMS (15%): CMS-specific security issues (includes plugin vulnerabilities) - Vulnerabilities (20%): Common vulnerability detection - Exposed Info (10%): Information disclosure risks ## Use Cases - Security Audits: Regular security assessments of websites - Pre-Launch Checks: Verify security before going live - Compliance: Meet security standards and regulations - Penetration Testing: Identify security weaknesses - CMS Security: WordPress, Shopify, and other CMS security audits - Plugin Management: Identify outdated and vulnerable WordPress plugins - Vulnerability Tracking: Monitor known vulnerabilities in installed plugins/themes ## Technical Details ### WordPress Plugin Detection Methods The actor uses multiple detection methods for comprehensive plugin discovery: 1. Asset URLs: Extracts plugin slugs and versions from CSS/JS file URLs in HTML head 2. JavaScript Variables: Reads plugin versions from window objects (e.g., window.rankMath.version) 3. HTML Attributes: Detects plugins from data-* attributes and CSS classes 4. Meta Tags: Extracts plugin information from meta tags 5. REST API: Queries WordPress REST API for plugin information 6. Wappalyzer Patterns: Uses Wappalyzer-like detection patterns for comprehensive coverage 7. URL Scanning: Exhaustive scan of all URLs containing wp-content/plugins/ ### Version Detection Priority Plugin versions are extracted with priority: 1. Main plugin files (style.css, plugin.php) - highest priority 2. Asset files (assets/css/, js/) - medium priority 3. Third-party libraries are filtered out to avoid false positives ### Update & Vulnerability Checking - WordPress.org API: Checks for available updates using multiple API endpoints - Internal Mapping: Uses internal table of 150+ popular plugins for fast slug lookup - Dynamic Search: Falls back to WordPress.org search API if direct lookup fails - WPVulnerability.net: Real-time vulnerability database queries with CVE information - Slug Variations: Tries multiple slug variations for better detection rates ## Changelog ### Recent Improvements - ✅ WPVulnerability.net Integration: Real-time vulnerability checking with CVE details - ✅ Enhanced Plugin Detection: Multiple detection methods including Wappalyzer patterns - ✅ Update Checking: WordPress.org API integration for plugin/theme updates - ✅ Improved Timeout Handling: Smart fallback strategy for sites with continuous network activity - ✅ Better Error Handling: Continues audit even if some operations fail - ✅ Version Priority System: Filters out third-party library versions - ✅ Comprehensive Logging: Detailed logs for debugging and transparency