diff --git a/Index.md b/Index.md index 2b92c4f232..9f0f071c63 100644 --- a/Index.md +++ b/Index.md @@ -1,6 +1,6 @@ # Index Alphabetical -**91** cheat sheets available. +**94** cheat sheets available. *Icons beside the cheat sheet name indicate in which language(s) code snippet(s) are provided.* @@ -24,6 +24,8 @@ ## B +[Browser Extension Vulnerabilities Cheat Sheet](cheatsheets/Browser_Extension_Vulnerabilities_Cheat_Sheet.md) + [Bean Validation Cheat Sheet](cheatsheets/Bean_Validation_Cheat_Sheet.md) ![Java](assets/Index_Java.svg) ![Xml](assets/Index_Xml.svg) ## C @@ -122,10 +124,12 @@ [Laravel Cheat Sheet](cheatsheets/Laravel_Cheat_Sheet.md) ![Html](assets/Index_Html.svg) ![Php](assets/Index_Php.svg) ![Sql](assets/Index_Sql.svg) ![Bash](assets/Index_Bash.svg) -[LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md) +[LDAP Injection Prevention Cheat Sheet](cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.md) ![Java](assets/Index_Java.svg) [Logging Vocabulary Cheat Sheet](cheatsheets/Logging_Vocabulary_Cheat_Sheet.md) +[Legacy Application Management Cheat Sheet](cheatsheets/Legacy_Application_Management_Cheat_Sheet.md) + ## M [Microservices Security Cheat Sheet](cheatsheets/Microservices_Security_Cheat_Sheet.md) @@ -192,6 +196,8 @@ [Session Management Cheat Sheet](cheatsheets/Session_Management_Cheat_Sheet.md) +[Software Supply Chain Security Cheat Sheet](cheatsheets/Software_Supply_Chain_Security_Cheat_Sheet.md) + [Secrets Management Cheat Sheet](cheatsheets/Secrets_Management_Cheat_Sheet.md) [Symfony Cheat Sheet](cheatsheets/Symfony_Cheat_Sheet.md) ![Php](assets/Index_Php.svg) ![Bash](assets/Index_Bash.svg) @@ -202,7 +208,7 @@ [TLS Cipher String Cheat Sheet](cheatsheets/TLS_Cipher_String_Cheat_Sheet.md) -[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) ![Bash](assets/Index_Bash.svg) +[Transport Layer Security Cheat Sheet](cheatsheets/Transport_Layer_Security_Cheat_Sheet.md) [Transport Layer Protection Cheat Sheet](cheatsheets/Transport_Layer_Protection_Cheat_Sheet.md) diff --git a/scripts/Generate_Site_mkDocs.sh b/scripts/Generate_Site_mkDocs.sh index 0a01a3a529..53a4c845bf 100755 --- a/scripts/Generate_Site_mkDocs.sh +++ b/scripts/Generate_Site_mkDocs.sh @@ -4,12 +4,61 @@ # pip install mkdocs-material # pip install pymdown-extensions +set -e # Exit on error + GENERATED_SITE=site WORK=../generated +SITE_DIR="$WORK/site" +CHEATSHEETS_DIR="$WORK/cheatsheets" + +check_dependencies() { + local deps=("mkdocs" "mkdocs-material" "pymdown-extensions") + python -c "import ${dep//-/_}" 2>/dev/null || { + echo "Missing dependency: $dep" + echo "Install with: pip install mkdocs mkdocs-material pymdown-extensions" + exit 1 + } + done +} + +add_title() { + local file=$1 + local title=$2 + + if [[ "$OSTYPE" == "darwin"* ]]; then + sed -i '' "1i\\ +Title: $title\\ +" "$file" + else + sed -i "1iTitle: $title\n" "$file" + fi +} + +# Create redirect HTML page +create_redirect() { + local shortcut=$1 + local target=$2 + local output_file="$SITE_DIR/${shortcut}.html" + + cat > "$output_file" << EOF + + + + + + + + + Redirecting to ${target}... + + +EOF +} echo "Generate a offline portable website with all the cheat sheets..." echo "Step 1/7: Init work folder." +mkdir -p "$CHEATSHEETS_DIR"/{cheatsheets,assets} rm -rf $WORK 1>/dev/null 2>&1 mkdir $WORK mkdir $WORK/cheatsheets @@ -38,121 +87,172 @@ cp ../assets/WebSite_Favicon.png $WORK/custom_theme/img/apple-touch-icon-precomp cp ./404.html $WORK/custom_theme/ +add_title "$CHEATSHEETS_DIR/index.md" "Introduction" +add_title "$CHEATSHEETS_DIR/Glossary.md" "Index Alphabetical" +add_title "$CHEATSHEETS_DIR/IndexASVS.md" "Index ASVS" +add_title "$CHEATSHEETS_DIR/IndexMASVS.md" "Index MASVS" +add_title "$CHEATSHEETS_DIR/IndexProactiveControls.md" "Index Proactive Controls" +add_title "$CHEATSHEETS_DIR/IndexTopTen.md" "Index Top 10" + if [[ "$OSTYPE" == "darwin"* ]]; then - # MacOS - sed -i '' "1i\\ - Title: Introduction\\ " "$WORK/cheatsheets/index.md" - sed -i '' 's/Index.md/Glossary.md/g' "$WORK/cheatsheets/Glossary.md" - sed -i '' "1i\\ - Title: Index Alphabetical\\ - " "$WORK/cheatsheets/Glossary.md" - sed -i '' "1i\\ - Title: Index ASVS\\ " "$WORK/cheatsheets/IndexASVS.md" - sed -i '' "1i\\ - Title: Index MASVS\\ - " "$WORK/cheatsheets/IndexMASVS.md" - sed -i '' "1i\\ - Title: Index Proactive Controls\\ - " "$WORK/cheatsheets/IndexProactiveControls.md" - sed -i '' "1i\\ - Title: Index Top 10\\ - " "$WORK/cheatsheets/IndexTopTen.md" + sed -i '' 's/Index.md/Glossary.md/g' "$CHEATSHEETS_DIR/Glossary.md" else - sed -i "1iTitle: Introduction\n" $WORK/cheatsheets/index.md - sed -i 's/Index.md/Glossary.md/g' $WORK/cheatsheets/Glossary.md - sed -i "1iTitle: Index Alphabetical\n" $WORK/cheatsheets/Glossary.md - sed -i "1iTitle: Index ASVS\n" $WORK/cheatsheets/IndexASVS.md - sed -i "1iTitle: Index MASVS\n" $WORK/cheatsheets/IndexMASVS.md sed -i "1iTitle: Index Proactive Controls\n" $WORK/cheatsheets/IndexProactiveControls.md - sed -i "1iTitle: Index Top 10\n" $WORK/cheatsheets/IndexTopTen.md + sed -i 's/Index.md/Glossary.md/g' "$CHEATSHEETS_DIR/Glossary.md" fi -echo "Step 4/7: Inserting markdown metadata." -for fullfile in "$WORK"/cheatsheets/cheatsheets/*.md -do - filename=$(basename -- "$fullfile") - filename="${filename%_Cheat_Sheet.*}" - - echo "Processing file: $fullfile - $filename" - if [[ "$OSTYPE" == "darwin"* ]]; then - # MacOS - sed -i '' "1i\\ - Title: ${filename//[_]/ }\\ - " "$fullfile" - else - sed -i "1iTitle: ${filename//[_]/ }\n" "$fullfile" - fi +# Add titles to cheat sheets +for file in "$CHEATSHEETS_DIR/cheatsheets"/*.md; do + filename=$(basename "$file" .md) + filename="${filename%_Cheat_Sheet}" + title="${filename//_/ }" + add_title "$file" "$title" done -echo "Step 5/7: Generate the site." +echo "Step 4/5: Building site with MkDocs..." +echo "(This may take a few minutes for large sites...)" +cd "$WORK" || exit 1 -cd $WORK || exit +python -m mkdocs build --verbose || { + echo "ERROR: MkDocs build failed!" + exit 1 +} -if ! python -m mkdocs build; then - echo "Error detected during the generation of the site, generation failed!" +if [ ! -d "$SITE_DIR" ]; then + echo "ERROR: Site directory was not created!" exit 1 fi -echo "Step 6/7: Handling redirect for files that have changed" -#Authorization_Testing_Automation.md -> Authorization_Testing_Automation_Cheat_Sheet.md -#Drone_security_sheet.html -> Drone_Security_Cheat_Sheet.html -#Injection_Prevention_Cheat_Sheet_in_Java.md -> Injection_Prevention_in_Java_Cheat_Sheet.md -#JSON_WEB_Token_Cheat_Sheet_for_Java.md -> JSON_WEB_Token_for_Java_Cheat_Sheet.md -#Ruby_on_Rails_Cheatsheet.md -> Ruby_on_Rails_Cheat_Sheet.md -#Nodejs_security_cheat_sheet.html -> Nodejs_security_Cheat_Sheet.html -if [[ "$OSTYPE" == "darwin"* ]]; then - # MacOS - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Drone_security_sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Drone_Security_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html" - sed -i '' "1i\\ - ---\\ - redirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\\ - ---\\ - " "$WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html" +echo "Site built successfully" + +cat > "$SITE_DIR/.htaccess" << 'EOF' +RewriteEngine On +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME}.html -f +RewriteRule ^(.*)$ $1.html [L] +EOF + +echo "Step 5/7: Generating URL shortcuts..." +if [ -f "../scripts/redirects.yml" ]; then + python3 << PYTHON_SCRIPT +import yaml +import os +import shutil + +site_dir = "$SITE_DIR" + +def create_redirect(shortcut, target, site_dir): + # Create a directory for the shortcut to allow /shortcut/ access + target_path = os.path.join(site_dir, shortcut) + + # If a file exists with the shortcut name, remove it to avoid conflicts + if os.path.isfile(target_path): + os.remove(target_path) + + os.makedirs(target_path, exist_ok=True) + + # The 'index.html' inside the folder makes the clean URL work + output_file = os.path.join(target_path, "index.html") + target_url = target if target.startswith('http') else f'/{target}' + + html = f""" + + + + + + + Redirecting... + + + Redirecting to {target_url}... + +""" + + with open(output_file, 'w') as f: + f.write(html) + print(f"{shortcut} → {target}") + +# Load redirects +try: + with open('../scripts/redirects.yml', 'r') as f: + redirects = yaml.safe_load(f) + if redirects: + for shortcut, target in redirects.items(): + # Clean the shortcut name (remove leading slashes or .html) + clean_shortcut = shortcut.lstrip('/').replace('.html', '') + create_redirect(clean_shortcut, target, site_dir) + print(f"Created {len(redirects)} clean URL redirects") + else: + print("No redirects found in redirects.yml") +except Exception as e: + print(f"Error processing redirects: {e}") + import sys + sys.exit(1) +PYTHON_SCRIPT else - sed -i "1i---\nredirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Drone_security_sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Drone_Security_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html - sed -i "1i---\nredirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html + echo "Warning: redirects.yml not found, skipping redirects" fi +# echo "Step 6/7: Handling redirect for files that have changed" +# #Authorization_Testing_Automation.md -> Authorization_Testing_Automation_Cheat_Sheet.md +# #Drone_security_sheet.html -> Drone_Security_Cheat_Sheet.html +# #Injection_Prevention_Cheat_Sheet_in_Java.md -> Injection_Prevention_in_Java_Cheat_Sheet.md +# #JSON_WEB_Token_Cheat_Sheet_for_Java.md -> JSON_WEB_Token_for_Java_Cheat_Sheet.md +# #Ruby_on_Rails_Cheatsheet.md -> Ruby_on_Rails_Cheat_Sheet.md +# #Nodejs_security_cheat_sheet.html -> Nodejs_security_Cheat_Sheet.html + +# if [[ "$OSTYPE" == "darwin"* ]]; then +# # MacOS +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html" +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/Drone_security_sheet.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/Drone_Security_Cheat_Sheet.html" +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html" +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html" +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html" +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html" +# sed -i '' "1i\\ +# ---\\ +# redirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\\ +# ---\\ +# " "$WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html" +# else +# sed -i "1i---\nredirect_from: \"/cheatsheets/Authorization_Testing_Automation.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html +# sed -i "1i---\nredirect_from: \"/cheatsheets/Drone_security_sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Drone_Security_Cheat_Sheet.html +# sed -i "1i---\nredirect_from: \"/cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html +# sed -i "1i---\nredirect_from: \"/cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html +# sed -i "1i---\nredirect_from: \"/cheatsheets/Ruby_on_Rails_Cheatsheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Ruby_on_Rails_Cheat_Sheet.html +# sed -i "1i---\nredirect_from: \"/cheatsheets/Nodejs_security_cheat_sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Nodejs_Security_Cheat_Sheet.html +# sed -i "1i---\nredirect_from: \"/cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet.html\"\n---\n" $WORK/$GENERATED_SITE/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html +# fi + echo "Step 7/7 Cleanup." -rm -rf cheatsheets -rm -rf custom_theme -rm mkdocs.yml +rm -rf cheatsheets custom_theme mkdocs.yml -echo "Generation finished to the folder: $WORK/$GENERATED_SITE" +echo "Generation finished to the folder: $SITE_DIR" \ No newline at end of file diff --git a/scripts/redirects.yml b/scripts/redirects.yml new file mode 100644 index 0000000000..7ba293d2b9 --- /dev/null +++ b/scripts/redirects.yml @@ -0,0 +1,58 @@ +# Common cheatsheet shortcuts +xss: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +auth: cheatsheets/Authentication_Cheat_Sheet.html +injection: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +csrf: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html + +# Common guide shortcuts +newdev: cheatsheets/Guide_for_New_Developers.html +secarch: cheatsheets/Security_Architecture_Cheat_Sheet.html + +# Tool shortcuts +webgoat: https://owasp.org/www-project-webgoat/ +juice: https://owasp.org/www-project-juice-shop/ + +# Legacy redirects +old_xss: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html # Maintain backwards compatibility + +# Direct topic shortcuts +SSRF: cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html +XSS: cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +SQLi: cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +JWT: cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html +DOS: cheatsheets/Denial_of_Service_Cheat_Sheet.html +XSRF: cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html +Docker: cheatsheets/Docker_Security_Cheat_Sheet.html +GraphQL: cheatsheets/GraphQL_Cheat_Sheet.html +Kubernetes: cheatsheets/Kubernetes_Security_Cheat_Sheet.html +LDAP: cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html +OAuth: cheatsheets/OAuth_2.0_Cheat_Sheet.html +SAML: cheatsheets/SAML_Security_Cheat_Sheet.html +TLP: cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html + +# Language-specific shortcuts +Java: cheatsheets/Java_Security_Cheat_Sheet.html +NodeJS: cheatsheets/Nodejs_Security_Cheat_Sheet.html +PHP: cheatsheets/PHP_Security_Cheat_Sheet.html +Python: cheatsheets/Python_Security_Cheat_Sheet.html +Ruby: cheatsheets/Ruby_on_Rails_Cheat_Sheet.html +DotNet: cheatsheets/DotNet_Security_Cheat_Sheet.html + +# Category-based shortcuts +Mobile: cheatsheets/Mobile_Application_Security_Cheat_Sheet.html +REST: cheatsheets/REST_Security_Cheat_Sheet.html +Cloud: cheatsheets/Cloud_Security_Cheat_Sheet.html +Crypto: cheatsheets/Cryptographic_Storage_Cheat_Sheet.html +Password: cheatsheets/Password_Storage_Cheat_Sheet.html +Session: cheatsheets/Session_Management_Cheat_Sheet.html + +# old redirects to the updated redirects +cheatsheets/Authorization_Testing_Automation: cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html +cheatsheets/Drone_security_sheet: cheatsheets/Drone_Security_Cheat_Sheet.html +cheatsheets/Injection_Prevention_Cheat_Sheet_in_Java: cheatsheets/Injection_Prevention_in_Java_Cheat_Sheet.html +cheatsheets/JSON_Web_Token_Cheat_Sheet_for_Java: cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html +cheatsheets/Ruby_on_Rails_Cheatsheet: cheatsheets/Ruby_on_Rails_Cheat_Sheet.html +cheatsheets/Nodejs_security_cheat_sheet: cheatsheets/Nodejs_Security_Cheat_Sheet.html +cheatsheets/Application_Logging_Vocabulary_Cheat_Sheet: cheatsheets/Logging_Vocabulary_Cheat_Sheet.html + +# Add more redirects as needed \ No newline at end of file