Lecteur Markdown
INTRUSION_SCANNER_DOCUMENTATION_EN
BeamReactor Intrusion Scanner #
Description #
Security scanning tool that tests direct access to all PHP files in the BeamReactor installation to verify they are properly protected.
Features #
- Recursive Scan: Automatically traverses all directories (modules/, plugins/, rss/, members/)
- Categorisation: Identifies the type of each file (handler, config, library, locale, etc.)
- HTTP Tests: Verifies that direct access correctly returns "forbidden" or 401/403
- Leak Detection: Identifies files that expose content without protection
- Detailed Report: Displays results with HTTP code and response excerpt
Plugin Structure #
plugins/intrusion_scanner/
├── intrusion_scanner.php # Main interface
├── conf/
│ └── intrusion_scanner.conf.inc.php # Configuration
└── locale/
└── intrusion_scanner.fr.inc.php # French translations
Installation #
1. Create the `plugins/intrusion_scanner/` directory
2. Copy files into the structure above
3. Access `index.php?obj=intrusion_scanner.php` (OVERMIND level required)
Usage #
Running a Scan #
1. Access the plugin: `?obj=intrusion_scanner.php`
2. Click "Run Scan"
3. Wait for the scan to complete (may take a few minutes)
Interpreting Results #
The scanner classifies files into 4 categories:
✓ Protected Files (Green) #
Files correctly secured that return:
- The text "forbidden"
- HTTP code 401 or 403
- Any other configured denial message
Action: No action required
✗ Vulnerable Files (Red) #
Files that return content (>50 characters) without protection.
URGENT Action: Check each file and add protection:
if(!function_exists('frameheader')) die('forbidden');
? Manual Verification Required (Orange) #
Files with an ambiguous response (short but not "forbidden").
Action: Manually verify each file
⚠ Errors (Red) #
Files that could not be tested (cURL error, timeout, etc.).
Action: Check network configuration and retry
Configuration #
Scanned Directories #
By default:
- `modules/`
- `plugins/`
- `rss/`
- `members/`
Excluded Directories #
- `data/`, `var/` (data)
- `ui/`, `css/`, `js/` (assets)
- `doc/`, `sql/`, `tests/` (dev)
- `.git/`, `node_modules/` (version control)
Excluded Files #
- `index.php` (legitimate entry point)
- `.htaccess`
- `README.md`
Expected Responses #
The scanner considers a file protected if it contains:
- `forbidden`
- `401`
- `unauthorized`
- `access denied`
- `direct access not permitted`
Security #
Access Level #
OVERMIND only: This tool can reveal the internal structure of the system and must be strictly limited to system administrators.
Data Protection #
- Limits the size of captured response (500 characters)
- Does not store complete responses
- 10-second timeout per file
Performance #
- Total timeout: 300 seconds (5 minutes)
- Per-file timeout: 10 seconds
- Progress: Real-time display via JavaScript
Troubleshooting #
Scan does not start #
- Verify you have OVERMIND level
- Verify that cURL is enabled in PHP
All files show errors #
- Check network configuration
- Verify that the web server is accessible locally
False positives #
- Manually verify "ambiguous" files
- Adjust `max_response_length` if necessary
Recommendations #
After a Scan #
1. Immediately fix all vulnerable files
2. Verify ambiguous files
3. Document legitimate exceptions
4. Re-scan after fixing
Best Practices #
- Run a scan after each plugin addition
- Run a scan after each major update
- Check .htaccess files in sensitive directories
BeamReactor Architecture #
Reminder: No PHP file should be directly accessible
All access goes through `index.php`:
- `members/edit_profile.php` → `index.php?obj=edit_profile.php`
- `plugins/mailbox/mailbox.php` → `index.php?obj=mailbox.php`
- `modules/handler.mod.php` → `index.php?obj=handler.mod`
Each file must begin with:
if(!function_exists('frameheader')) die('forbidden');
Version #
- Version: 1.0.0
- Date: 2025-12-27
- Author: Treveur Bretaudière
Support #
For any questions or issues, contact the BeamReactor/AEGIS IA team.
