Restructure repo into package/ and standalone/ directories

Moves automated scan scripts and setup.sh into package/. bind-ssh-tailscale.sh remains in standalone/ as a manual-run tool. Updates README.md setup instructions to reflect new paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-19 14:25:11 +01:00
parent 50aa38712e
commit 7585a12b6d
6 changed files with 4 additions and 4 deletions
--- a/check-nextjs-rce.sh
+++ b/check-nextjs-rce.sh
@@ -1,140 +0,0 @@
-#!/bin/bash
-# Next.js CVE-2025-66478 / CVE-2025-55182 Vulnerability Checker
-# Checks if Next.js installations are vulnerable to critical RCE
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-source "$SCRIPT_DIR/config.sh"
-
-send_telegram() {
-    curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-        -d chat_id="${TELEGRAM_CHAT_ID}" \
-        -d text="$1" \
-        -d parse_mode="HTML" > /dev/null || true
-}
-
-HOSTNAME=$(hostname)
-
-echo "=== Next.js RCE Vulnerability Scanner ==="
-echo "CVE-2025-66478 / CVE-2025-55182 (CVSS 10.0)"
-echo ""
-
-# Colors
-RED='\033[0;31m'
-GREEN='\033[0;32m'
-YELLOW='\033[1;33m'
-NC='\033[0m' # No Color
-
-VULNERABLE=0
-SAFE=0
-UNKNOWN=0
-
-# Function to check if version is vulnerable
-check_version() {
-    local version=$1
-    local major=$(echo $version | cut -d. -f1)
-    local minor=$(echo $version | cut -d. -f2)
-    local patch=$(echo $version | cut -d. -f3)
-    
-    # Vulnerable versions:
-    # 15.0.0 - 15.0.4
-    # 15.1.0 - 15.1.8
-    # 15.2.0 - 15.2.5
-    # 15.3.0 - 15.3.5
-    # 15.4.0 - 15.4.7
-    # 15.5.0 - 15.5.6
-    # 16.0.0 - 16.0.6
-    
-    if [ "$major" = "15" ]; then
-        if [ "$minor" = "0" ] && [ "$patch" -le "4" ]; then
-            return 1  # Vulnerable
-        elif [ "$minor" = "1" ] && [ "$patch" -le "8" ]; then
-            return 1
-        elif [ "$minor" = "2" ] && [ "$patch" -le "5" ]; then
-            return 1
-        elif [ "$minor" = "3" ] && [ "$patch" -le "5" ]; then
-            return 1
-        elif [ "$minor" = "4" ] && [ "$patch" -le "7" ]; then
-            return 1
-        elif [ "$minor" = "5" ] && [ "$patch" -le "6" ]; then
-            return 1
-        fi
-    elif [ "$major" = "16" ]; then
-        if [ "$minor" = "0" ] && [ "$patch" -le "6" ]; then
-            return 1
-        fi
-    fi
-    
-    return 0  # Safe
-}
-
-echo "Searching for Next.js installations..."
-echo ""
-
-# Method 1: Check package.json files
-find / -name "package.json" -type f 2>/dev/null | while read pkg; do
-    next_version=$(grep -o '"next"[[:space:]]*:[[:space:]]*"[^"]*"' "$pkg" 2>/dev/null | grep -o '[0-9][0-9.]*' | head -1)
-    
-    if [ -n "$next_version" ]; then
-        echo "Found: $pkg"
-        echo "  Next.js version: $next_version"
-        
-        if check_version "$next_version"; then
-            echo -e "  Status: ${GREEN}SAFE${NC}"
-            SAFE=$((SAFE + 1))
-        else
-            echo -e "  Status: ${RED}VULNERABLE${NC} - Update to 15.5.7+ or 16.0.7+"
-            VULNERABLE=$((VULNERABLE + 1))
-        fi
-        echo ""
-    fi
-done
-
-# Method 2: Check Docker containers
-echo "Checking Docker containers..."
-docker ps --format '{{.Names}}' 2>/dev/null | while read container; do
-    echo "Checking container: $container"
-    
-    # Try to find Next.js version in container
-    next_version=$(docker exec "$container" sh -c 'cat /*/package.json 2>/dev/null | grep -o "\"next\"[[:space:]]*:[[:space:]]*\"[^\"]*\"" | grep -o "[0-9][0-9.]*" | head -1' 2>/dev/null)
-    
-    if [ -n "$next_version" ]; then
-        echo "  Next.js version: $next_version"
-        
-        if check_version "$next_version"; then
-            echo -e "  Status: ${GREEN}SAFE${NC}"
-        else
-            echo -e "  Status: ${RED}VULNERABLE${NC}"
-        fi
-    else
-        echo -e "  Status: ${YELLOW}No Next.js found${NC}"
-    fi
-    echo ""
-done
-
-echo "=== Summary ==="
-echo -e "${GREEN}Safe installations: $SAFE${NC}"
-echo -e "${RED}Vulnerable installations: $VULNERABLE${NC}"
-echo ""
-
-if [ $VULNERABLE -gt 0 ]; then
-    echo -e "${RED}⚠️  ACTION REQUIRED${NC}"
-    echo "Vulnerable Next.js installations found!"
-    echo ""
-    echo "Patched versions:"
-    echo "  - Next.js 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7+"
-    echo "  - Next.js 16.0.7+"
-    echo ""
-    echo "Update command:"
-    echo "  npm install next@latest"
-    echo "  # or"
-    echo "  yarn upgrade next@15.5.7"
-    send_telegram "🚨 <b>Vulnerable Next.js Found — CVE-2025-66478</b>
-Host: <code>${HOSTNAME}</code>
-Vulnerable installations: ${VULNERABLE}
-Update to Next.js 15.5.7+ or 16.0.7+
-Run manually: bash check-nextjs-rce.sh"
-    exit 1
-else
-    echo -e "${GREEN}✓ All Next.js installations are safe${NC}"
-    exit 0
-fi