Website Security Audit Tool

Comprehensive security audit tool for websites. Analyzes security headers, SSL/TLS configuration, CMS vulnerabilities, exposed information, and common security issues. Supports WordPress, Shopify, Webflow, Framer, Drupal, Joomla, Magento, and other CMS platforms.

Description

This actor performs a thorough security audit of websites, identifying vulnerabilities, misconfigurations, and security best practices. It provides detailed scores, actionable recommendations, and categorized security issues.

Features

Security Headers Analysis

✅ Content-Security-Policy (CSP): Checks for presence and unsafe directives
✅ Strict-Transport-Security (HSTS): Validates HSTS configuration and max-age
✅ X-Frame-Options: Prevents clickjacking attacks
✅ X-Content-Type-Options: Prevents MIME type sniffing
✅ X-XSS-Protection: Legacy XSS protection
✅ Referrer-Policy: Controls referrer information leakage
✅ Permissions-Policy: Restricts browser features access
✅ Cross-Origin Policies: COEP, COOP, CORP headers

SSL/TLS Audit

✅ Certificate Validation: Checks certificate validity and expiration
✅ Certificate Details: Extracts issuer and expiry information
✅ Mixed Content: Detects HTTP resources on HTTPS pages
✅ TLS Protocols: Verifies supported TLS versions

CMS Detection & Analysis

✅ WordPress:

• Detects WordPress version and core updates
• Identifies installed plugins and themes with versions
• Checks for plugin/theme updates via WordPress.org API
• Verifies plugin vulnerabilities via WPVulnerability.net database
• Detects admin panel accessibility
• Checks REST API security
• Uses Wappalyzer-like detection patterns for comprehensive plugin discovery
• Extracts plugin versions from CSS/JS assets, JavaScript variables, HTML attributes, and meta tags
• Internal mapping of 150+ popular plugins for accurate slug detection

✅ Shopify: Checks admin panel security, storefront configuration
✅ Webflow: Validates custom domain configuration
✅ Framer: Detects Framer sites and configuration
✅ Drupal, Joomla, Magento: Version detection and security checks
✅ Sensitive Files: Checks for accessible configuration files

Vulnerability Scanning

✅ SQL Injection: Basic pattern detection
✅ XSS (Cross-Site Scripting): Identifies potential XSS vectors
✅ CSRF Protection: Checks forms for CSRF tokens
✅ Admin Access: Verifies admin panels require authentication
✅ Default Credentials: Warns about default login pages
✅ Insecure APIs: Identifies unprotected API endpoints

WordPress Plugin & Theme Vulnerability Detection

✅ WPVulnerability.net Integration: Real-time vulnerability checking against WPVulnerability.net database
✅ CVE Information: Extracts CVE numbers and vulnerability details
✅ Vulnerability Types: Identifies XSS, SQL Injection, Object Injection, Open Redirect, and more
✅ Fixed Versions: Reports which plugin/theme versions fix vulnerabilities
✅ Update Recommendations: Suggests updates when vulnerabilities are found
✅ Comprehensive Detection: Checks all detected plugins and themes for known vulnerabilities

Exposed Information Detection

✅ Server Versions: Detects exposed server and technology stack
✅ CMS Versions: Identifies exposed CMS and plugin versions
✅ Error Messages: Finds error messages revealing system information
✅ Sensitive Files: Checks for accessible .env, config files, backups
✅ Directory Listing: Detects enabled directory listings
✅ Robots.txt & Sitemap: Analyzes for sensitive path exposure

Performance & Reliability

✅ Smart Page Loading: Fallback strategy (networkidle → load → domcontentloaded) for sites with continuous network activity
✅ Extended Timeouts: 5-minute timeout for complete audit process
✅ Robust Error Handling: Continues audit even if some checks fail
✅ Page State Validation: Checks page availability before operations

Input Parameters

• startUrl (string, required): Website URL to audit
• timeout (integer, default: 30000): Page load timeout in milliseconds (per navigation attempt)
• checkHeaders (boolean, default: true): Audit security headers
• checkSSL (boolean, default: true): Audit SSL/TLS
• checkCMS (boolean, default: true): Detect and audit CMS
• checkVulnerabilities (boolean, default: true): Scan for vulnerabilities
• checkExposed (boolean, default: true): Check for exposed information
• userAgent (string): Custom user agent string

Output

The actor outputs detailed security audit results for each page, including:

• Overall Security Score (0-100): Weighted score based on all checks
• Categorized Issues: Critical, High, Medium, Low, Info
• Detailed Findings:
  • Headers analysis with recommendations
  • SSL/TLS certificate details
  • CMS detection with plugin/theme versions
  • Plugin/theme update availability
  • Vulnerability details with CVE numbers, types, and fixed versions
  • Exposed information risks
• Actionable Recommendations: Specific steps to improve security
• Site Summary: Aggregated statistics across all audited pages

WordPress Plugin/Theme Output Format

For each detected plugin/theme:

{
  "name": "Plugin Name",
  "version": "1.2.3",
  "vulnerable": true,
  "vulnerabilities": [
    {
      "id": "uuid",
      "title": "Vulnerability Title",
      "type": "XSS",
      "cve": "CVE-2024-12345",
      "fixedIn": "1.2.4",
      "references": "https://..."
    }
  ],
  "updateAvailable": true,
  "latestVersion": "1.3.0"
}

Security Score Breakdown

• Headers (25%): Security headers configuration
• SSL/TLS (30%): Certificate and encryption security
• CMS (15%): CMS-specific security issues (includes plugin vulnerabilities)
• Vulnerabilities (20%): Common vulnerability detection
• Exposed Info (10%): Information disclosure risks

Use Cases

• Security Audits: Regular security assessments of websites
• Pre-Launch Checks: Verify security before going live
• Compliance: Meet security standards and regulations
• Penetration Testing: Identify security weaknesses
• CMS Security: WordPress, Shopify, and other CMS security audits
• Plugin Management: Identify outdated and vulnerable WordPress plugins
• Vulnerability Tracking: Monitor known vulnerabilities in installed plugins/themes

Technical Details

WordPress Plugin Detection Methods

The actor uses multiple detection methods for comprehensive plugin discovery:

1. Asset URLs: Extracts plugin slugs and versions from CSS/JS file URLs in HTML head
2. JavaScript Variables: Reads plugin versions from window objects (e.g., window.rankMath.version)
3. HTML Attributes: Detects plugins from data-* attributes and CSS classes
4. Meta Tags: Extracts plugin information from meta tags
5. REST API: Queries WordPress REST API for plugin information
6. Wappalyzer Patterns: Uses Wappalyzer-like detection patterns for comprehensive coverage
7. URL Scanning: Exhaustive scan of all URLs containing wp-content/plugins/

Version Detection Priority

Plugin versions are extracted with priority:

1. Main plugin files (style.css, plugin.php) - highest priority
2. Asset files (assets/css/, js/) - medium priority
3. Third-party libraries are filtered out to avoid false positives

Update & Vulnerability Checking

• WordPress.org API: Checks for available updates using multiple API endpoints
• Internal Mapping: Uses internal table of 150+ popular plugins for fast slug lookup
• Dynamic Search: Falls back to WordPress.org search API if direct lookup fails
• WPVulnerability.net: Real-time vulnerability database queries with CVE information
• Slug Variations: Tries multiple slug variations for better detection rates

Changelog

Recent Improvements

• ✅ WPVulnerability.net Integration: Real-time vulnerability checking with CVE details
• ✅ Enhanced Plugin Detection: Multiple detection methods including Wappalyzer patterns
• ✅ Update Checking: WordPress.org API integration for plugin/theme updates
• ✅ Improved Timeout Handling: Smart fallback strategy for sites with continuous network activity
• ✅ Better Error Handling: Continues audit even if some operations fail
• ✅ Version Priority System: Filters out third-party library versions
• ✅ Comprehensive Logging: Detailed logs for debugging and transparency