1-)What is S4E Create with AI ?
Our AI-powered solution enables you to develop scans tailored to your specific needs and confidently test them directly on your digital assets, allowing you to continuously improve your systems and enhance your preparedness against potential threats.
2-)From Problem to Solution: AI-Generated Scans
2.1-) Are there any hardcoded API_KEY, SECRET, or TOKEN Values in My Assets?
Let’s start with our first example. Imagine you suspect there might be sensitive data like API keys, secrets, or tokens accidentally left exposed in your assets. This could happen during development when developers hardcode these values for testing or convenience but forget to remove them before deployment. Such leaks can lead to serious security breaches if attackers gain access to your repositories or deployed assets.
With S4E Create with AI you can create a custom scan tailored to detect any hardcoded sensitive information across your assets.
Prompt:
Create a microservice that scans my asset’s endpoints for strings that contain sensitive keywords such as API_KEY, SECRET, or TOKEN
Result:
from s4e.config import *
from s4e.task import Task
from s4e.utils.commons import http_or_https
class Job(Task):
def run(self):
asset = http_or_https(asset=self.asset, _headers=self.headers, session=self.session)
sensitive_keywords = ['API_KEY', 'SECRET', 'TOKEN']
found_keywords = []
try:
response = self.session.get(asset)
for keyword in sensitive_keywords:
if keyword in response.text:
found_keywords.append(keyword)
if found_keywords:
self.output['detail'] = [f'Sensitive keywords found: {", ".join(found_keywords)}']
self.output['compact'] = ['Sensitive data vulnerability detected.']
self.output['video'] = [
f"Scanning endpoint: {asset}",
f"Found sensitive keywords: {', '.join(found_keywords)}"
]
else:
self.output['detail'] = ['No sensitive keywords found.']
self.output['compact'] = ['No vulnerability detected.']
self.output['video'] = [
f"Scanning endpoint: {asset}",
"No sensitive keywords found."
]
except Exception as e:
self.output['detail'] = ['Error accessing the asset.']
self.output['compact'] = ['Asset scan failed.']
self.output['video'] = [f"Scanning endpoint: {asset}", f"Error: {str(e)}"]
def calculate_score(self):
if 'Sensitive keywords found' in self.output['detail'][0]:
self.score = self.param['max_score'] * 0.9
elif 'Error accessing the asset.' in self.output['detail'][0]:
self.score = 5
else:
self.score = 12.2-)Are legacy endpoints like /api/v1 still active in my system?
Let’s move on to our second example. Imagine you have recently updated your API to a new version, but you’re unsure if older endpoints like /api/v1 or /api/v2 are still accessible in your system. During development or migration, it’s common for legacy endpoints to be left unintentionally active to maintain backward compatibility or for testing purposes. However, leaving such endpoints exposed can present security risks, as outdated APIs may not follow current security standards and could be targeted by attackers exploiting known vulnerabilities.
S4E Create with AI lets you build a scan that identifies legacy API versions still exposed in your systems.
Prompt:
Create a microservice that discovers and tests all API endpoints in my assets to check if outdated versions like /api/v1 and all their possible subpaths (e.g., /api/v1/users, /api/v1/orders, /api/v1/admin, etc.) are still accessible. Ensure the microservice uses an extensive wordlist or dynamic discovery to cover as many potential subpaths as possible under these legacy paths.
Result:
from s4e.config import *
from s4e.task import Task
from s4e.utils.commons import http_or_https
class Job(Task):
def run(self):
asset = http_or_https(asset=self.asset, _headers=self.headers, session=self.session)
self.output['detail'] = []
self.output['compact'] = []
self.output['video'] = []
possible_endpoints = ['/api/v1', '/api/v2']
wordlist = ['/', '/users', '/orders', '/admin', '/products', '/settings', '/profile', '/logout']
accessible_versions = []
for endpoint in possible_endpoints:
for subpath in wordlist:
full_url = f"{asset}{endpoint}{subpath}"
self.output['video'].append(f"Checking {full_url}")
try:
response = self.session.get(full_url, headers=self.headers)
if response.status_code == 200:
accessible_versions.append(full_url)
self.output['detail'].append(f"Accessible: {full_url}")
self.output['video'].append(f"Success: {full_url} is accessible")
else:
self.output['video'].append(f"Failed: {full_url} is not accessible ({response.status_code})")
except Exception as e:
self.output['video'].append(f"Error accessing {full_url}: {str(e)}")
self.output['compact'].append(f"Checked endpoints: {', '.join(possible_endpoints)} with extensive wordlist subpaths")
if accessible_versions:
self.output['compact'].append(f"Accessible versions and subpaths: {', '.join(accessible_versions)}")
else:
self.output['compact'].append("No accessible versions or subpaths found")
def calculate_score(self):
max_score = self.param['max_score']
accessible_endpoints = len(self.output['detail'])
if accessible_endpoints > 5:
self.score = max_score * 0.9
elif 1 <= accessible_endpoints <= 5:
self.score = max_score * 0.5
else:
self.score = max_score * 0.12.3-)Does my website automatically redirect HTTP requests to HTTPS?
Let’s now consider a third example. Suppose you want to ensure that your website enforces HTTPS by redirecting all HTTP requests automatically. This is a fundamental security practice, but developers often forget to enforce redirection on subdomains, staging environments, or non-standard routes. If redirection isn’t configured properly, attackers could intercept user traffic, leading to potential data exposure.
With S4E Create with AI, you can build a scan that verifies whether HTTP requests across your website and subdomains are properly redirected to HTTPS.
Prompt:
Create a microservice that tests all domains and subdomains in my assets to verify if they automatically redirect HTTP requests to HTTPS.
Result:
from s4e.config import *
from s4e.task import Task
import requests
class Job(Task):
def run(self):
asset = self.asset
self.output['detail'] = []
self.output['compact'] = []
self.output['video'] = []
domains = self.param.get('domains', [])
successfully_redirected = []
for domain in domains:
url = f"http://{domain}"
self.output['video'].append(f"Checking HTTP to HTTPS redirect for {url}")
try:
response = requests.get(url, allow_redirects=True)
if response.history:
for resp in response.history:
if resp.status_code in (301, 302) and 'https' in resp.headers.get('Location', ''):
successfully_redirected.append(domain)
self.output['detail'].append(f"Redirects to HTTPS: {domain}")
self.output['video'].append(f"Success: {domain} redirects to HTTPS")
break
else:
self.output['video'].append(f"Failed: {domain} does not redirect to HTTPS")
except Exception as e:
self.output['video'].append(f"Error accessing {url}: {str(e)}")
self.output['compact'].append(f"Checked domains for HTTP to HTTPS redirection")
if successfully_redirected:
self.output['compact'].append(f"Domains redirecting to HTTPS: {', '.join(successfully_redirected)}")
else:
self.output['compact'].append("No domains redirecting to HTTPS found")
def calculate_score(self):
max_score = self.param['max_score']
domains_redirected = len(self.output['detail'])
if domains_redirected > 5:
self.score = max_score * 0.90
elif 1 <= domains_redirected <= 5:
self.score = max_score * 0.60
else:
self.score = max_score * 0.102.4-) Are all cookies in my application set with Secure and HttpOnly flags ?
Many web applications use cookies to store session information, authentication tokens, or user preferences. However, if these cookies are not configured properly with Secure and HttpOnly flags, they can be exposed to client-side scripts or transmitted over unencrypted HTTP connections. This misconfiguration increases the risk of session hijacking and cross-site scripting (XSS) attacks.
With S4E Create with AI, you can design a scan that detects cookies missing Secure and HttpOnly attributes across your application.
Prompt:
Create a microservice that checks my web application’s cookies and lists the ones missing Secure and HttpOnly flags.Do this for my crawled assets. Use all the crawl endpoints you get
Result:
from s4e.config import *
from s4e.task import Task
from s4e.utils.commons import http_or_https
class Job(Task):
def run(self):
asset = http_or_https(asset=self.asset, _headers=self.headers, session=self.session)
self.output['detail'] = []
self.output['compact'] = []
self.output['video'] = []
crawled_endpoints = self.param.get('crawled_endpoints', [])
cookies_missing_flags = {}
for endpoint in crawled_endpoints:
full_url = f"{asset}{endpoint}"
self.output['video'].append(f"Checking cookies for {full_url}")
try:
response = self.session.get(full_url, headers=self.headers)
set_cookie_headers = response.headers.get('Set-Cookie')
if set_cookie_headers:
for cookie in set_cookie_headers.split(','):
cookie_attrs = {attr.strip().lower() for attr in cookie.split(';')}
cookie_name = cookie.split('=')[0].strip()
if 'secure' not in cookie_attrs or 'httponly' not in cookie_attrs:
if full_url not in cookies_missing_flags:
cookies_missing_flags[full_url] = []
cookies_missing_flags[full_url].append((cookie_name, 'Secure' not in cookie_attrs, 'HttpOnly' not in cookie_attrs))
except Exception as e:
self.output['video'].append(f"Error accessing {full_url}: {str(e)}")
for url, cookies in cookies_missing_flags.items():
for cookie_name, missing_secure, missing_httponly in cookies:
missing_flags = []
if missing_secure:
missing_flags.append('Secure')
if missing_httponly:
missing_flags.append('HttpOnly')
self.output['detail'].append(f"Cookie {cookie_name} on {url} missing flags: {', '.join(missing_flags)}")
self.output['compact'].append("Checked endpoints for Secure and HttpOnly cookie flags")
if cookies_missing_flags:
self.output['compact'].append("Cookies missing security flags found")
else:
self.output['compact'].append("All cookies have Secure and HttpOnly flags")
def calculate_score(self):
max_score = self.param['max_score']
issues_found = len(self.output['detail'])
if issues_found > 5:
self.score = max_score * 0.8
elif 1 <= issues_found <= 5:
self.score = max_score * 0.5
else:
self.score = max_score * 0.12.5-) Design Custom Scans to Address Your Problems and Needs
Under this heading, let’s showcase a scan created from a different perspective. This scan analyzes the robots.txt file on the asset and lists all the endpoints found within.
Prompt:
Write the crawl to list all endpoints in the robots.txt file in my assets.
Result:
from s4e.config import *
from s4e.task import Task
from s4e.utils.commons import http_or_https
class Job(Task):
def run(self):
asset = http_or_https(asset=self.asset, _headers=self.headers, session=self.session)
self.output['detail'] = []
self.output['compact'] = []
self.output['video'] = []
endpoints = []
robots_url = f"{asset}/robots.txt"
self.output['video'].append(f"Fetching {robots_url}")
try:
response = self.session.get(robots_url, headers=self.headers)
if response.status_code == 200:
lines = response.text.splitlines()
for line in lines:
if line.strip().startswith(('Disallow:', 'Allow:')):
path = line.split(':', 1)[1].strip()
if path:
full_path = f"{asset}{path}"
endpoints.append(full_path)
self.output['detail'].append(f"Listed path: {full_path}")
self.output['video'].append(f"Extracted path: {full_path}")
else:
self.output['video'].append(f"Failed to fetch robots.txt (status code: {response.status_code})")
except Exception as e:
self.output['video'].append(f"Error accessing {robots_url}: {str(e)}")
self.output['compact'].append("Listed paths in robots.txt")
if endpoints:
self.output['compact'].append("Endpoints found")
else:
self.output['compact'].append("No endpoints found in robots.txt")
def calculate_score(self):
max_score = self.param['max_score']
endpoints_found = len(self.output['detail'])
if endpoints_found > 5:
self.score = max_score * 0.65
elif 1 <= endpoints_found <= 5:
self.score = max_score * 0.35
else:
self.score = max_score * 0.1
control security posture