Update nextcheck.sh
This commit is contained in:
57
nextcheck.sh
57
nextcheck.sh
@@ -1,16 +1,51 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Loop through all running containers
|
|
||||||
for container in $(docker ps --format '{{.Names}}'); do
|
|
||||||
echo "------------------------------------------------"
|
|
||||||
echo "Checking container: $container"
|
|
||||||
|
|
||||||
# Try to list the installed next version inside the container
|
# Counters
|
||||||
# Most Coolify/Nixpacks containers place source in /app
|
TOTAL_SCANNED=0
|
||||||
version=$(docker exec "$container" npm list next --depth=0 2>/dev/null | grep 'next@')
|
NODE_CONTAINERS=0
|
||||||
|
VULNERABLE_COUNT=0
|
||||||
|
|
||||||
if [ ! -z "$version" ]; then
|
echo "========================================================"
|
||||||
echo -e "\033[31mFOUND NEXT.JS:\033[0m $version"
|
echo " Next.js Vulnerability Scanner (CVE-2025-55182) "
|
||||||
else
|
echo "========================================================"
|
||||||
echo "Next.js not detected (or not a Node container)"
|
|
||||||
|
# Get all running container IDs and Names
|
||||||
|
# We use a while loop to handle spaces in names correctly
|
||||||
|
docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do
|
||||||
|
((TOTAL_SCANNED++))
|
||||||
|
|
||||||
|
# 1. HEURISTIC CHECK: Is this a Node/JS app?
|
||||||
|
# We check for package.json in common paths (/app is Coolify standard)
|
||||||
|
# OR if the 'node' binary exists in the path.
|
||||||
|
is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
|
||||||
|
|
||||||
|
if [ "$is_node" == "yes" ]; then
|
||||||
|
((NODE_CONTAINERS++))
|
||||||
|
|
||||||
|
# 2. VERSION CHECK
|
||||||
|
# Check package.json for "next" version
|
||||||
|
version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null)
|
||||||
|
# Check for Standalone server (Production builds)
|
||||||
|
is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null)
|
||||||
|
|
||||||
|
if [[ ! -z "$version_check" ]]; then
|
||||||
|
echo -e "[\033[31mVULN\033[0m] $name \t-> Next.js $version_check"
|
||||||
|
((VULNERABLE_COUNT++))
|
||||||
|
elif [[ ! -z "$is_standalone" ]]; then
|
||||||
|
echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually"
|
||||||
|
((VULNERABLE_COUNT++))
|
||||||
|
else
|
||||||
|
# Uncomment the line below if you want to see SAFE node apps too
|
||||||
|
# echo -e "[\033[32mSAFE\033[0m] $name \t-> Node app (No Next.js detected)"
|
||||||
|
:
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
echo "========================================================"
|
||||||
|
echo "SCAN COMPLETE"
|
||||||
|
echo "--------------------------------------------------------"
|
||||||
|
echo "Total Containers Scanned: $TOTAL_SCANNED"
|
||||||
|
echo "Node/JS Environments: $NODE_CONTAINERS"
|
||||||
|
echo "Next.js Apps Found: $VULNERABLE_COUNT"
|
||||||
|
echo "========================================================"
|
||||||
|
|||||||
Reference in New Issue
Block a user