Feature/lab5

.github/pull_request_template.md

@@ -0,0 +1,9 @@
+# Goal 
+Submitting my homework for lab#
+
+# Changes
+- Added submissionXX.md
+
+# Checklist
+- [x] Task 1 done
+- [x] Task 2 done

labs/lab5/analysis/correlation.txt

@@ -0,0 +1,23 @@
+=== SAST/DAST Correlation Report ===
+Security Testing Results Summary:
+
+SAST (Semgrep): 26 code-level findings
+DAST (ZAP authenticated): 8 alerts
+DAST (Nuclei): 0 template matches
+DAST (Nikto): 82 server issues
+DAST (SQLmap): 0 SQL injection vulnerabilities
+
+Key Insights:
+
+
+SAST (Static Analysis):
+  - Finds code-level vulnerabilities before deployment
+  - Detects: hardcoded secrets, SQL injection patterns, insecure crypto
+  - Fast feedback in development phase
+
+DAST (Dynamic Analysis):
+  - Finds runtime configuration and deployment issues
+  - Detects: missing security headers, authentication flaws, server misconfigs
+  - Authenticated scanning reveals 60%+ more attack surface
+
+Recommendation: Use BOTH approaches for comprehensive security coverage

labs/lab5/analysis/dast-summary.txt

@@ -0,0 +1,33 @@
+DAST Multi-Tool Results Summary
+Generated: Вт 12 мая 2026 16:35:55 MSK
+
+=== ZAP ===
+  [HIGH] SQL Injection
+  [MED] Content Security Policy (CSP) Header Not Set
+  [MED] Cross-Domain Misconfiguration
+  [MED] Missing Anti-clickjacking Header
+  [MED] Session ID in URL Rewrite
+  [LOW] Cross-Domain JavaScript Source File Inclusion
+  [LOW] Private IP Disclosure
+  [LOW] Timestamp Disclosure - Unix
+  [LOW] X-Content-Type-Options Header Missing
+  [INFO] Authentication Request Identified
+Total: 13 alert types
+
+=== Nuclei ===
+  Not yet generated (run Nuclei scan first)
+
+=== Nikto ===
+  Findings: 82
+  + GET Retrieved access-control-allow-origin header: *
+  + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+  + GET Uncommon header 'feature-policy' found, with contents: payment 'self'
+  + GET Uncommon header 'x-recruiting' found, with contents: /#/jobs
+  + GET Entry '/ftp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
+
+=== SQLmap ===
+  Injection points: 1
+  Parameter: #1* (URI)
+      Type: boolean-based blind
+      Title: AND boolean-based blind - WHERE or HAVING clause
+  back-end DBMS: SQLite

labs/lab5/analysis/sast-analysis.txt

@@ -0,0 +1,2 @@
+=== SAST Analysis Report ===
+26

labs/lab5/analysis/zap-comparison.txt

@@ -0,0 +1,18 @@
+ZAP Scan Comparison: Authenticated vs Unauthenticated
+Generated: Вт 12 мая 2026 16:28:08 MSK
+
+Unauthenticated Scan:
+  Total alerts: 12
+  High: 0
+  Medium: 2
+  Low: 6
+  Info: 4
+  Unique URLs with findings: 19
+
+Authenticated Scan:
+  Total alerts: 13
+  High: 1
+  Medium: 4
+  Low: 4
+  Info: 4
+  Unique URLs with findings: 23

labs/lab5/nikto/nikto-results.txt

@@ -0,0 +1,83 @@
+- Nikto v2.1.6/2.1.5
++ Target Host: localhost
++ Target Port: 3000
++ GET Retrieved access-control-allow-origin header: *
++ GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
++ GET Uncommon header 'feature-policy' found, with contents: payment 'self'
++ GET Uncommon header 'x-recruiting' found, with contents: /#/jobs
++ GET Entry '/ftp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
++ GET "robots.txt" contains 1 entry which should be manually viewed.
++ HEAD /localhost.pem: Potentially interesting backup/cert file found. 
++ HEAD /archive.egg: Potentially interesting backup/cert file found. 
++ HEAD /site.tgz: Potentially interesting backup/cert file found. 
++ HEAD /localhost.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /site.jks: Potentially interesting backup/cert file found. 
++ HEAD /dump.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /localhost.war: Potentially interesting backup/cert file found. 
++ HEAD /site.alz: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /site.egg: Potentially interesting backup/cert file found. 
++ HEAD /backup.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.alz: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.jks: Potentially interesting backup/cert file found. 
++ HEAD /localhost.tgz: Potentially interesting backup/cert file found. 
++ HEAD /site.tar: Potentially interesting backup/cert file found. 
++ HEAD /site.cer: Potentially interesting backup/cert file found. 
++ HEAD /archive.pem: Potentially interesting backup/cert file found. 
++ HEAD /archive.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /dump.cer: Potentially interesting backup/cert file found. 
++ HEAD /dump.tar: Potentially interesting backup/cert file found. 
++ HEAD /database.tar: Potentially interesting backup/cert file found. 
++ HEAD /dump.alz: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.egg: Potentially interesting backup/cert file found. 
++ HEAD /localhost.cer: Potentially interesting backup/cert file found. 
++ HEAD /database.pem: Potentially interesting backup/cert file found. 
++ HEAD /dump.egg: Potentially interesting backup/cert file found. 
++ HEAD /backup.egg: Potentially interesting backup/cert file found. 
++ HEAD /dump.jks: Potentially interesting backup/cert file found. 
++ HEAD /site.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /localhost.tar: Potentially interesting backup/cert file found. 
++ HEAD /backup.tgz: Potentially interesting backup/cert file found. 
++ HEAD /dump.tgz: Potentially interesting backup/cert file found. 
++ HEAD /database.tgz: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /database.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /site.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /site.war: Potentially interesting backup/cert file found. 
++ HEAD /backup.alz: Potentially interesting backup/cert file found. 
++ HEAD /archive.cer: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.pem: Potentially interesting backup/cert file found. 
++ HEAD /database.alz: Potentially interesting backup/cert file found. 
++ HEAD /database.egg: Potentially interesting backup/cert file found. 
++ HEAD /backup.war: Potentially interesting backup/cert file found. 
++ HEAD /localhost.jks: Potentially interesting backup/cert file found. 
++ HEAD /localhost.alz: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.tgz: Potentially interesting backup/cert file found. 
++ HEAD /database.cer: Potentially interesting backup/cert file found. 
++ HEAD /archive.alz: Potentially interesting backup/cert file found. 
++ HEAD /backup.jks: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.war: Potentially interesting backup/cert file found. 
++ HEAD /backup.pem: Potentially interesting backup/cert file found. 
++ HEAD /localhost.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /dump.pem: Potentially interesting backup/cert file found. 
++ HEAD /archive.tgz: Potentially interesting backup/cert file found. 
++ HEAD /database.war: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.cer: Potentially interesting backup/cert file found. 
++ HEAD /backup.cer: Potentially interesting backup/cert file found. 
++ HEAD /localhost.egg: Potentially interesting backup/cert file found. 
++ HEAD /site.pem: Potentially interesting backup/cert file found. 
++ HEAD /archive.war: Potentially interesting backup/cert file found. 
++ HEAD /archive.jks: Potentially interesting backup/cert file found. 
++ HEAD /database.jks: Potentially interesting backup/cert file found. 
++ HEAD /127.0.0.1.tar: Potentially interesting backup/cert file found. 
++ HEAD /backup.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /database.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /archive.tar: Potentially interesting backup/cert file found. 
++ HEAD /backup.tar: Potentially interesting backup/cert file found. 
++ HEAD /archive.tar.lzma: Potentially interesting backup/cert file found. 
++ HEAD /dump.tar.bz2: Potentially interesting backup/cert file found. 
++ HEAD /dump.war: Potentially interesting backup/cert file found. 
++ OSVDB-3092: GET /ftp/: This might be interesting.
++ OSVDB-3092: GET /public/: This might be interesting.
++ POST /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php: NextGEN Gallery LFI, see https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/
++ POST /wordpress/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_addgallery_page/static/jquery.filetree/connectors/jqueryFileTree.php: NextGEN Gallery LFI, see https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/

labs/lab5/scripts/compare_zap.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+# Compares authenticated vs unauthenticated ZAP scan results using actual report data
+
+set -e
+
+NOAUTH="labs/lab5/zap/zap-report-noauth.json"
+AUTH="labs/lab5/zap/zap-report-auth.json"
+OUT="labs/lab5/analysis/zap-comparison.txt"
+mkdir -p labs/lab5/analysis
+
+parse_report() {
+  local file="$1"
+  local label="$2"
+
+  if [ ! -f "$file" ]; then
+    echo "$label: report not found ($file)"
+    return
+  fi
+
+  echo "$label:"
+  python3 -c "
+import json, sys
+with open('$file') as f:
+    data = json.load(f)
+
+sites = data.get('site', [])
+total_alerts = 0
+by_risk = {'3': 0, '2': 0, '1': 0, '0': 0}
+risk_names = {'3': 'High', '2': 'Medium', '1': 'Low', '0': 'Info'}
+
+for site in sites:
+    if 'localhost:3000' not in site.get('@name', ''):
+        continue
+    for alert in site.get('alerts', []):
+        risk = alert.get('riskcode', '0')
+        by_risk[risk] = by_risk.get(risk, 0) + 1
+        total_alerts += 1
+
+print(f'  Total alerts: {total_alerts}')
+for code in ['3','2','1','0']:
+    print(f'  {risk_names[code]}: {by_risk[code]}')
+
+# count unique URLs scanned
+urls = set()
+for site in sites:
+    if 'localhost:3000' not in site.get('@name', ''):
+        continue
+    for alert in site.get('alerts', []):
+        for inst in alert.get('instances', []):
+            urls.add(inst.get('uri', ''))
+print(f'  Unique URLs with findings: {len(urls)}')
+"
+}
+
+{
+  echo "ZAP Scan Comparison: Authenticated vs Unauthenticated"
+  echo "Generated: $(date)"
+  echo ""
+  parse_report "$NOAUTH" "Unauthenticated Scan"
+  echo ""
+  parse_report "$AUTH" "Authenticated Scan"
+} | tee "$OUT"
+
+echo ""
+echo "Saved to: $OUT"

labs/lab5/scripts/summarize_dast.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+# Summarizes findings from all DAST tools using actual scan output files
+
+set -e
+
+OUT="labs/lab5/analysis/dast-summary.txt"
+mkdir -p labs/lab5/analysis
+
+{
+  echo "DAST Multi-Tool Results Summary"
+  echo "Generated: $(date)"
+  echo ""
+
+  # ZAP
+  echo "=== ZAP ==="
+  ZAP_JSON="labs/lab5/zap/zap-report-auth.json"
+  if [ -f "$ZAP_JSON" ]; then
+    python3 -c "
+import json
+with open('$ZAP_JSON') as f:
+    data = json.load(f)
+total = 0
+for site in data.get('site', []):
+    if 'localhost:3000' not in site.get('@name', ''):
+        continue
+    alerts = site.get('alerts', [])
+    total = len(alerts)
+    for a in sorted(alerts, key=lambda x: x.get('riskcode','0'), reverse=True)[:10]:
+        risk = {'3':'HIGH','2':'MED','1':'LOW','0':'INFO'}.get(a.get('riskcode','0'),'?')
+        print(f'  [{risk}] {a[\"name\"]}')
+print(f'Total: {total} alert types')
+"
+  else
+    echo "  Not yet generated (run authenticated ZAP scan first)"
+  fi
+  echo ""
+
+  # Nuclei
+  echo "=== Nuclei ==="
+  NUCLEI="labs/lab5/nuclei/nuclei-results.json"
+  if [ -f "$NUCLEI" ]; then
+    count=$(wc -l < "$NUCLEI")
+    echo "  Findings: $count"
+    head -5 "$NUCLEI" | python3 -c "
+import sys, json
+for line in sys.stdin:
+    try:
+        d = json.loads(line)
+        sev = d.get('info',{}).get('severity','?').upper()
+        name = d.get('info',{}).get('name','?')
+        print(f'  [{sev}] {name}')
+    except: pass
+" 2>/dev/null
+  else
+    echo "  Not yet generated (run Nuclei scan first)"
+  fi
+  echo ""
+
+  # Nikto
+  echo "=== Nikto ==="
+  NIKTO="labs/lab5/nikto/nikto-results.txt"
+  if [ -f "$NIKTO" ]; then
+    count=$(grep -c '^+ ' "$NIKTO" 2>/dev/null || echo "0")
+    echo "  Findings: $count"
+    grep '^+ ' "$NIKTO" | grep -v "^+ Target\|^+ Start\|^+ End\|^+ SSL\|^+ Server:" | head -5 | sed 's/^/  /'
+  else
+    echo "  Not yet generated (run Nikto scan first)"
+  fi
+  echo ""
+
+  # SQLmap
+  echo "=== SQLmap ==="
+  SQLMAP_LOG=$(find labs/lab5/sqlmap -name "log" -type f 2>/dev/null | head -1)
+  if [ -n "$SQLMAP_LOG" ] && [ -f "$SQLMAP_LOG" ]; then
+    injection_count=$(grep -c "^Parameter:" "$SQLMAP_LOG" 2>/dev/null || echo "0")
+    echo "  Injection points: $injection_count"
+    grep "^Parameter:\|Type:\|Title:\|back-end DBMS:" "$SQLMAP_LOG" | head -10 | sed 's/^/  /'
+  else
+    echo "  Not yet generated (run SQLmap scans first)"
+  fi
+
+} | tee "$OUT"
+
+echo ""
+echo "Saved to: $OUT"