InsecRes - Kayan aiki don Nemo Albarkatun Rashin Tsaro akan Shafukan HTTPS

Bayan canza rukunin yanar gizon ku zuwa HTTPS, ƙila kuna son gwadawa idan albarkatun kamar hotuna, nunin faifai, bidiyon da aka haɗa da sauransu, ana nuna su daidai ga ka'idar HTTPS ko nuna gargaɗi game da abubuwan da ba su da tsaro a shafukan. Bayan wasu bincike na sami kayan aiki mai amfani don wannan dalili, mai suna insecuRes.

InsecuRes ƙarami ne, kyauta kuma buɗaɗɗen tushen layin umarni tushen kayan aiki don nemo albarkatu marasa tsaro akan rukunin yanar gizon HTTPS, wanda aka rubuta cikin yaren shirye-shiryen Go. Yana amfani da ikon multi-threading (goroutines) don rarrafe da rarraba shafukan yanar gizo.

Yana zazzage duk shafukan yanar gizon ku a layi daya, dubawa da kamawa: IMG, IFRAME, OBJECT, AUDIO, VIDEO, SOURCE da TRACK albarkatun tare da cikakkun urls HTTP (marasa tsaro). Don hana baƙar lissafin sabar gidan yanar gizo, tana amfani da jinkiri tsakanin buƙatun. Bugu da ƙari, za ka iya tura fitarwa zuwa fayil ɗin CSV don bincike na gaba.

1. Saka Go Programming Language a Linux

Shigar da InsecuRes a cikin Linux Systems

Da zarar Go Programming Language ya shigar a kan tsarin, gudanar da umarnin da ke ƙasa akan tashar don samun ɓarna.

$ go get github.com/kkomelin/insecres

Da zarar kun zazzage ku kuma shigar da insecres, gudanar da umarnin da ke ƙasa don bincika rukunin yanar gizon ku don albarkatun marasa tsaro. Idan ya nuna babu fitarwa, wannan yana nufin babu albarkatu marasa tsaro akan rukunin yanar gizon ku.

$ $GOPATH/bin/insecres https://example.com

Don ajiye fitarwa a cikin fayil ɗin CSV don gwaji na gaba, yi amfani da tutar -f.

$ $GOPATH/bin/insecres -f="/path/to/scan_report.csv" https://example.com

Nuna jagorar amfani.

$ $GOPATH/bin/insecres -h

Wasu daga cikin fasalulluka da za a ƙara sun haɗa da ƙididdigan sakamako na nuni da kwatancen aikin sassauƙan regex parsing da alama mai ƙima.

Ma'ajiyar InsecRes Github: https://github.com/kkomelin/insecres

A cikin wannan labarin, mun nuna muku yadda ake samun albarkatu marasa tsaro akan rukunin yanar gizon HTTPS, ta amfani da kayan aikin layin umarni mai sauƙi da ake kira insecres. Kuna iya yin tambayoyi ko raba ra'ayoyinku ta sashin sharhin da ke ƙasa. Idan kun san kowane irin kayan aikin da ke can, raba bayanai game da su kuma.