SakshSecure

SakshSecure is a Node.js tool designed to investigate login form issues in web applications. It performs comprehensive security and performance tests, including checks for SQL injection, cross-site scripting (XSS), CSRF protection, session management, password policies, rate limiting, HTTPS enforcement, account lockout, and response times. Built for developers, security testers, and QA teams, SakshSecure helps identify vulnerabilities and ensure robust login systems.

Note: This tool is for ethical testing only. Use it only on systems you own or have explicit permission to test.

Installation

Install SakshSecure globally for CLI usage or as a dependency in your project:

npm install -g saksh-secure

Or, for project-specific use:

npm install saksh-secure

Features

SakshSecure performs the following tests to investigate login form issues:

1. Basic Login Test: Verifies if the login form handles valid and invalid credentials correctly.
2. SQL Injection Test: Checks for SQL injection vulnerabilities using common payloads.
3. XSS Vulnerability Test: Tests for cross-site scripting vulnerabilities with XSS payloads.
4. Session Management Test: Analyzes cookie attributes (e.g., Secure, HttpOnly, SameSite) for security.
5. CSRF Protection Test: Verifies if the form enforces CSRF tokens.
6. Password Policy Test: Ensures the form rejects weak passwords (e.g., too short, no special characters).
7. Rate Limiting Test: Detects rate limiting or CAPTCHA mechanisms to prevent brute force attacks.
8. HTTPS Enforcement Test: Confirms that HTTP requests are redirected to HTTPS.
9. Account Lockout Test: Checks if accounts are locked after multiple failed login attempts.
10. Performance Test: Measures average and maximum response times for various inputs.