Production hardening: security fixes, code quality, 724 skills complete

- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
This commit is contained in:
mukul975
2026-03-19 13:26:49 +01:00
parent 63b442d347
commit c47eed6a64
900 changed files with 23085 additions and 2720 deletions
@@ -1,9 +1,9 @@
#!/usr/bin/env python3
"""Agent for testing CORS misconfiguration vulnerabilities during authorized assessments."""
import os
import requests
import json
import sys
import argparse
import urllib3
from datetime import datetime
@@ -40,7 +40,7 @@ def test_origin_reflection(url, origins, cookies=None):
try:
headers = {"Origin": origin}
resp = requests.get(url, headers=headers, cookies=cookies,
timeout=10, verify=False)
timeout=10, verify=not os.environ.get("SKIP_TLS_VERIFY", "").lower() == "true") # Set SKIP_TLS_VERIFY=true for self-signed certs in lab environments
acao = resp.headers.get("Access-Control-Allow-Origin", "")
acac = resp.headers.get("Access-Control-Allow-Credentials", "")
if acao and acao != "":
@@ -73,7 +73,7 @@ def test_preflight(url, origin="https://evil.com"):
"Access-Control-Request-Method": method,
"Access-Control-Request-Headers": "Authorization, Content-Type",
}
resp = requests.options(url, headers=headers, timeout=10, verify=False)
resp = requests.options(url, headers=headers, timeout=10, verify=not os.environ.get("SKIP_TLS_VERIFY", "").lower() == "true") # Set SKIP_TLS_VERIFY=true for self-signed certs in lab environments
acam = resp.headers.get("Access-Control-Allow-Methods", "")
acah = resp.headers.get("Access-Control-Allow-Headers", "")
max_age = resp.headers.get("Access-Control-Max-Age", "")
@@ -95,7 +95,7 @@ def test_wildcard_with_credentials(url):
print(f"\n[*] Testing wildcard + credentials on {url}")
try:
resp = requests.get(url, headers={"Origin": "https://any.com"},
timeout=10, verify=False)
timeout=10, verify=not os.environ.get("SKIP_TLS_VERIFY", "").lower() == "true") # Set SKIP_TLS_VERIFY=true for self-signed certs in lab environments
acao = resp.headers.get("Access-Control-Allow-Origin", "")
acac = resp.headers.get("Access-Control-Allow-Credentials", "")
if acao == "*" and acac.lower() == "true":
@@ -113,7 +113,7 @@ def test_null_origin(url, cookies=None):
print(f"\n[*] Testing null origin on {url}")
try:
resp = requests.get(url, headers={"Origin": "null"}, cookies=cookies,
timeout=10, verify=False)
timeout=10, verify=not os.environ.get("SKIP_TLS_VERIFY", "").lower() == "true") # Set SKIP_TLS_VERIFY=true for self-signed certs in lab environments
acao = resp.headers.get("Access-Control-Allow-Origin", "")
acac = resp.headers.get("Access-Control-Allow-Credentials", "")
if acao == "null":
@@ -140,7 +140,7 @@ def test_internal_origins(url, cookies=None):
for origin in internal:
try:
resp = requests.get(url, headers={"Origin": origin}, cookies=cookies,
timeout=10, verify=False)
timeout=10, verify=not os.environ.get("SKIP_TLS_VERIFY", "").lower() == "true") # Set SKIP_TLS_VERIFY=true for self-signed certs in lab environments
acao = resp.headers.get("Access-Control-Allow-Origin", "")
if acao == origin:
findings.append({"url": url, "origin": origin, "severity": "MEDIUM"})