Merging (#119)

* fix linter warning

* complete exploit to none attack

* fix test-on-ubuntu.yml and update zarn.yml (#116)

* address linter warnings

* update test-on-ubuntu.yml

* ci: update dependencies installation in Ubuntu workflow

* update test-on-ubuntu.yml

* update zarn.yml

* update .perlcriticrc

* update security-gate.yml

- remove push trigger
- add pull request trigger on develop branch
- rename verification step

* draft modules

* update the license year

* draft module to identify hash or crypto type on data strings

* new module to identify the account id from AWS key

* adding strict/warnings modules

---------

Co-authored-by: priv <[email protected]>

.config/modules.json

@@ -395,6 +395,18 @@
             "category": "crypto",
             "module": "JWT_Content",
             "description": "Visualize the content of a JWT"
+        },
+        {
+            "id": "0066",
+            "category": "crypto",
+            "module": "Algorithm_Identifier",
+            "description": "Identify the type of hashing or encryption used in a string"
+        },
+        {
+            "id": "0067",
+            "category": "Cloud",
+            "module": "Account_Identifier",
+            "description": "Provides the AWS key for extracting the account ID"
         }
     ]
 }

.github/workflows/security-gate.yml

@@ -1,12 +1,14 @@
 name: Security Gate - LESIS
 
 on:
-  push:
-    branches:
-      - main
   pull_request:
     branches:
       - main
+      - develop
+
+permissions:
+  security-events: read
+  contents: read
 
 jobs:
   build:
@@ -24,15 +26,15 @@ jobs:
     - name: Pull Docker image from GitHub Container Registry
       run: docker pull ghcr.io/instriq/security-gate/security-gate:latest
 
-    - name: Verify security alerts from dependabot
+    - name: Verify security alerts from GHAS
       run: |
         docker run ghcr.io/instriq/security-gate/security-gate:latest \
-        -t $GITHUB_TOKEN \
-        -r ${{ github.repository }} \
-        --critical $MAX_CRITICAL \
-        --high $MAX_HIGH \
-        --medium $MAX_MEDIUM \
-        --low $MAX_LOW \
+        -t "$GITHUB_TOKEN" \
+        -r "${{ github.repository }}" \
+        -c "$MAX_CRITICAL" \
+        -h "$MAX_HIGH" \
+        -m "$MAX_MEDIUM" \
+        -l "$MAX_LOW" \
         --dependency-alerts \
-        --code-alerts \
-        --secret-alerts 
+        --secret-alerts \
+        --code-alerts

.github/workflows/test-on-ubuntu.yml

@@ -9,7 +9,8 @@ jobs:
     - uses: actions/checkout@v4
     - name: Install dependencies
       run: |
-        sudo apt install -y perl cpanminus
+        sudo apt-get update
+        sudo apt-get install -y perl cpanminus build-essential libdatetime-perl libssl-dev libexpat1-dev libpcap-dev masscan 
         sudo cpanm --installdeps .
     - name: Verify the basic usage
       run: |

.github/workflows/zarn.yml

@@ -2,9 +2,11 @@ name: ZARN SAST
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "develop" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "develop" ]
+  schedule:
+    - cron: '28 23 * * 1'
 
 jobs:
   zarn:

.perlcriticrc

@@ -1,4 +1,7 @@
 severity = 3
 
 [-TestingAndDebugging::RequireUseStrict]
-[-TestingAndDebugging::RequireUseWarnings]
+[-TestingAndDebugging::RequireUseWarnings]
+
+[TestingAndDebugging::ProhibitNoWarnings]
+allow = once

LICENSE.md

@@ -2,7 +2,7 @@ License
 ==============
 The MIT License (MIT)
 
-Copyright (c) 2016 - 2024 | Heitor Gouvêa.
+Copyright (c) 2016 - 2025 | Heitor Gouvêa.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

cpanfile

@@ -9,4 +9,7 @@ requires "Net::IP";
 requires "UUID::Tiny", "1.04";
 requires "WWW::Mechanize";
 requires "WWW::Wappalyzer";
-requires "Redis";
+requires "Redis";
+requires "IO::Socket::SSL";
+requires "DateTime::TimeZone";
+requires "Masscan::Scanner";

lib/Spellbook/Android/Schemes.pm

@@ -1 +1,8 @@
+package Spellbook::Android::Schemes {
+    use strict;
+    use warnings;
+
+}
+
+1;
 # https://github.com/teknogeek/get_schemas

lib/Spellbook/Cloud/Account_Identifier.pm

@@ -0,0 +1,42 @@
+package Spellbook::Cloud::Account_Identifier {
+    use strict;
+    use warnings;
+    use MIME::Base32 qw(decode_base32);
+    use Math::BigInt;
+
+    sub new {
+        my ($self, $parameters) = @_;
+        my ($help, $key);
+
+        Getopt::Long::GetOptionsFromArray (
+            $parameters,
+            "h|help"  => \$help,
+            "k|key=s" => \$key
+        );
+
+        if ($key) {
+            my $trimmed_AWSKeyID = substr($key, 4);
+            my $decoded          = decode_base32($trimmed_AWSKeyID);
+
+            my $decoded_prefix = substr($decoded, 0, 6);
+            my $bigint_value = Math::BigInt -> new('0x' . unpack("H*", $decoded_prefix));
+
+            my $mask      = Math::BigInt -> new('0x7fffffffff80');
+            my $accountID = ($bigint_value & $mask) >> 7;
+
+            return $accountID;
+        }
+
+        if ($help) {
+            return "
+                \rCloud::Account_Identifier
+                \r==============
+                \r-h, --help       See this menu
+                \r-k, --key        Provides the AWS key for extracting the account ID.\n\n";
+        }
+
+        return 0;
+    }    
+}
+
+1;

lib/Spellbook/Crypto/Algorithm_Identifier.pm

@@ -0,0 +1,78 @@
+package Spellbook::Crypto::Algorithm_Identifier {
+    use strict;
+    use warnings;
+
+    sub new {
+        my ($self, $parameters) = @_;
+        my ($help, $data);
+
+        Getopt::Long::GetOptionsFromArray(
+            $parameters,
+            "h|help"   => \$help,
+            "d|data=s" => \$data
+        );
+
+        if ($data) {
+            $data =~ s/^\s+|\s+$//g;
+
+            my %patterns = (
+                'Base64'    => qr/^[A-Za-z0-9+\/]+={0,2}$/,
+                'MD5'       => qr/^[a-fA-F0-9]{32}$/,
+                'SHA-1'     => qr/^[a-fA-F0-9]{40}$/,
+                'SHA-256'   => qr/^[a-fA-F0-9]{64}$/,
+                'UUID'      => qr/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/,
+                'Bcrypt'    => qr/^\$2[aby]\$\d{2}\$[A-Za-z0-9\.\/]{53}$/,
+            );
+
+            foreach my $type (keys %patterns) {
+                if ($data =~ $patterns{$type}) {
+                    if ($type eq 'Base64') {
+                        if (length($data) % 4 != 0 || $data !~ /[+\/=]/) {
+                            next;
+                        }
+                    }
+
+                    if ($type eq 'MD5') {
+                        if (length($data) != 32) {
+                            next;
+                        }
+                    }
+
+                    if ($type eq 'SHA-1') {
+                        if (length($data) != 40) {
+                            next;
+                        }
+                    }
+
+                    if ($type eq 'SHA-256') {
+                        if (length($data) != 64) {
+                            next;
+                        }
+                    }
+
+                    if ($type eq 'Bcrypt') {
+                        if (length($data) != 60) {
+                            next;
+                        }
+                    }
+
+                    return $type;
+                }
+            }
+
+            return "Desconhecido";
+        }
+
+        if ($help) {
+            return "
+                \rHelper::Algorithm_Identifier
+                \r=====================
+                \r\t-h, --help     See this menu
+                \r\t-d, --data     Define the payload data to be identified\n\n";
+        }
+
+        return 0;
+    }   
+}
+
+1;

lib/Spellbook/Crypto/JWT_Content.pm

@@ -15,7 +15,7 @@ package Spellbook::Crypto::JWT_Content {
         );
 
         if ($data) {
-            my ($header_b64, $payload_b64, $signature_b64) = split(/\./, $data);
+            my ($header_b64, $payload_b64, $signature_b64) = split(/\./x, $data);
 
             if ($header_b64 && $payload_b64 && $signature_b64) {
                 my $header  = decode_base64($header_b64);

lib/Spellbook/Exploit/None_Attack.pm

@@ -1,25 +1,40 @@
 package Spellbook::Exploit::None_Attack {
     use strict;
     use warnings;
-    
-    sub new {        
+
+    sub new {
         my ($self, $parameters) = @_;
-        my ($help, @result);
+        my ($help, $token, $attack, @result);
 
         Getopt::Long::GetOptionsFromArray (
             $parameters,
-            "h|help" => \$help
+            "h|help"   => \$help,
+            "token=s"  => \$token,
+            "attack=s" => \$attack
         );
 
-        if (1) {
+        if ($token) {
+            my $attacks = {
+                none  => "eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0",
+                false => "eyJhbGciOmZhbHNlLCJ0eXAiOiJKV1QifQ",
+                null  => "eyJhbGciOm51bGwsInR5cCI6IkpXVCJ9",
+                empty => "eyJhbGciOiIiLCJ0eXAiOiJKV1QifQ"
+            };
+
+            my ($header_b64, $payload_b64, $signature_b64) = split(/\./x, $token);
+
+            push @result, $attacks -> {$attack} . "." . $payload_b64 . ".";
+
             return @result;
-        } 
+        }
 
         if ($help) {
             return "
                 \rExploit::None_Attack
                 \r=====================
-                \r-h, --help     See this menu\n\n";
+                \r-h, --help     See this menu
+                \r--token        Define a token to perform attacks
+                \r--attack       Options avaiable: none, false, null and empty\n\n";
         }
 
         return 0;

lib/Spellbook/Recon/FavIcon.pm

@@ -1 +1,8 @@
+package Spellbook::Recon::FavIcon {
+    use strict;
+    use warnings;
+}
+
+1;
+
 # https://github.com/devanshbatham/FavFreak