Update nextcheck.sh
This commit is contained in:
57
nextcheck.sh
57
nextcheck.sh
@@ -1,16 +1,51 @@
|
||||
#!/bin/bash
|
||||
# Loop through all running containers
|
||||
for container in $(docker ps --format '{{.Names}}'); do
|
||||
echo "------------------------------------------------"
|
||||
echo "Checking container: $container"
|
||||
|
||||
# Try to list the installed next version inside the container
|
||||
# Most Coolify/Nixpacks containers place source in /app
|
||||
version=$(docker exec "$container" npm list next --depth=0 2>/dev/null | grep 'next@')
|
||||
# Counters
|
||||
TOTAL_SCANNED=0
|
||||
NODE_CONTAINERS=0
|
||||
VULNERABLE_COUNT=0
|
||||
|
||||
if [ ! -z "$version" ]; then
|
||||
echo -e "\033[31mFOUND NEXT.JS:\033[0m $version"
|
||||
else
|
||||
echo "Next.js not detected (or not a Node container)"
|
||||
echo "========================================================"
|
||||
echo " Next.js Vulnerability Scanner (CVE-2025-55182) "
|
||||
echo "========================================================"
|
||||
|
||||
# Get all running container IDs and Names
|
||||
# We use a while loop to handle spaces in names correctly
|
||||
docker ps --format '{{.ID}}|{{.Names}}' | while IFS='|' read -r id name; do
|
||||
((TOTAL_SCANNED++))
|
||||
|
||||
# 1. HEURISTIC CHECK: Is this a Node/JS app?
|
||||
# We check for package.json in common paths (/app is Coolify standard)
|
||||
# OR if the 'node' binary exists in the path.
|
||||
is_node=$(docker exec "$id" sh -c "test -f /app/package.json || test -f /usr/src/app/package.json || command -v node" 2>/dev/null && echo "yes" || echo "no")
|
||||
|
||||
if [ "$is_node" == "yes" ]; then
|
||||
((NODE_CONTAINERS++))
|
||||
|
||||
# 2. VERSION CHECK
|
||||
# Check package.json for "next" version
|
||||
version_check=$(docker exec "$id" grep -Po '"next":\s*"\^?\K[0-9.]+' /app/package.json 2>/dev/null)
|
||||
# Check for Standalone server (Production builds)
|
||||
is_standalone=$(docker exec "$id" ls /app/.next/standalone/server.js 2>/dev/null)
|
||||
|
||||
if [[ ! -z "$version_check" ]]; then
|
||||
echo -e "[\033[31mVULN\033[0m] $name \t-> Next.js $version_check"
|
||||
((VULNERABLE_COUNT++))
|
||||
elif [[ ! -z "$is_standalone" ]]; then
|
||||
echo -e "[\033[33mWARN\033[0m] $name \t-> Detected (Standalone Mode) - Check manually"
|
||||
((VULNERABLE_COUNT++))
|
||||
else
|
||||
# Uncomment the line below if you want to see SAFE node apps too
|
||||
# echo -e "[\033[32mSAFE\033[0m] $name \t-> Node app (No Next.js detected)"
|
||||
:
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
echo "========================================================"
|
||||
echo "SCAN COMPLETE"
|
||||
echo "--------------------------------------------------------"
|
||||
echo "Total Containers Scanned: $TOTAL_SCANNED"
|
||||
echo "Node/JS Environments: $NODE_CONTAINERS"
|
||||
echo "Next.js Apps Found: $VULNERABLE_COUNT"
|
||||
echo "========================================================"
|
||||
|
||||
Reference in New Issue
Block a user