José Antonio Canalo González

Overview

Bash-based tool for passive security audits on owned or authorised websites, generating technical reports with findings, evidence and recommendations.

Stack: Bash, Linux, curl, Nginx, HTTP, HTTPS, TLS, WordPress, Git, GitHub, Administración de sistemas, Seguridad web

What it does

The project was born from a real need: to passively review the basic security of my own websites hosted on an IONOS server without relying on offensive techniques or vulnerability exploitation. The goal was to have a practical base to check HTTP/HTTPS behaviour, headers, certificates, exposed files and visible indicators that can affect website hardening.

How it is built

The tool is developed in Bash and relies on standard Linux utilities such as curl to gather information about redirects, TLS certificates, security headers, cookies and potentially exposed sensitive files. When it detects WordPress, it extends the review with specific checks for the REST API, XML-RPC, visible version, theme, plugins and public files such as readme.html or license.txt. The whole process is aimed at generating structured technical reports with findings, evidence and recommendations.

What it validates or automates

The script automates a passive and repeatable review of owned or authorised websites, making it easier to detect weak configurations without depending on a manual check every time. During testing it helped me identify and correct real settings related to HTTPS, security headers, exposed public files and visible WordPress data, reinforcing its hardening and defensive administration focus.

Key points

• Bash-based tool focused on passive security audits for owned or authorised websites.
• Automatic review of HTTP/HTTPS, redirects, TLS certificates, headers, cookies and exposed files.
• WordPress-specific checks with technical report generation useful for hardening.