From 03cfe3c767c0bde31e48915709a2ef079f00154d Mon Sep 17 00:00:00 2001
From: TheFrogEcliptia <frogninja@openclaw.ai>
Date: Mon, 9 Feb 2026 23:56:22 -0400
Subject: [PATCH] feat: implement security vulnerability scanner (Bounty #57)

---
 tools/vulnerability-scanner/scanner.py | 68 ++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 tools/vulnerability-scanner/scanner.py

diff --git a/tools/vulnerability-scanner/scanner.py b/tools/vulnerability-scanner/scanner.py
new file mode 100644
index 0000000..62259cc
--- /dev/null
+++ b/tools/vulnerability-scanner/scanner.py
@@ -0,0 +1,68 @@
+import requests
+import json
+import click
+import urllib3
+import os
+
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+NODE_URL = "https://50.28.86.131"
+
+@click.group()
+def cli():
+    """RustChain Security Scanner - Find common vulnerabilities in node configuration."""
+    pass
+
+@cli.command()
+def scan_traversal():
+    """Test for Path Traversal vulnerabilities (#81)."""
+    payloads = [
+        "../../rustchain_v2.db",
+        "../../../root/.ssh/id_rsa",
+        "../../etc/passwd"
+    ]
+    click.echo(f"[*] Testing Path Traversal on {NODE_URL}/downloads/...")
+    for p in payloads:
+        url = f"{NODE_URL}/downloads/{p}"
+        try:
+            r = requests.get(url, verify=False, timeout=5)
+            if r.status_code == 200:
+                click.echo(f"🚨 VULNERABLE: Found accessible file via {p}")
+            else:
+                click.echo(f"[✓] Secure: {p} returned {r.status_code}")
+        except Exception as e:
+            click.echo(f"Error testing {p}: {e}")
+
+@cli.command()
+def scan_errors():
+    """Test for Verbose Error Leaks (#83)."""
+    click.echo(f"[*] Testing for Stack Trace leaks on {NODE_URL}...")
+    url = f"{NODE_URL}/attest/submit"
+    try:
+        r = requests.post(url, json={"malformed": True}, verify=False, timeout=5)
+        data = r.text
+        if "traceback" in data.lower() or "File \"" in data:
+            click.echo("🚨 VULNERABLE: Stack trace leaked in response!")
+        else:
+            click.echo("[✓] Secure: No obvious stack traces found.")
+    except Exception as e:
+        click.echo(f"Error testing: {e}")
+
+@cli.command()
+def scan_secrets():
+    """Check for exposed secrets in common directories (#78)."""
+    paths = [".env", "config.json", "apiKey.txt", ".git/config"]
+    click.echo(f"[*] Scanning for sensitive files on {NODE_URL}...")
+    for p in paths:
+        url = f"{NODE_URL}/{p}"
+        try:
+            r = requests.get(url, verify=False, timeout=5)
+            if r.status_code == 200:
+                click.echo(f"🚨 EXPOSED: {p} is publicly accessible!")
+            else:
+                click.echo(f"[✓] Secure: {p} is not public.")
+        except Exception as e:
+            click.echo(f"Error scanning {p}: {e}")
+
+if __name__ == "__main__":
+    cli()