Lecteur Markdown
Intrusion Scanner Documentation En
BeamReactor Intrusion Scanner #
Description #
Security scanning tool that tests direct access to all PHP files in the BeamReactor installation to verify they are properly protected.
Features #
- Recursive Scan: Automatically traverses all directories (modules/, plugins/, rss/, members/)
- Categorisation: Identifies the type of each file (handler, config, library, locale, etc.)
- HTTP Tests: Verifies that direct access correctly returns "forbidden" or 401/403
- Leak Detection: Identifies files that expose content without protection
- Detailed Report: Displays results with HTTP code and response excerpt
Plugin Structure #
plugins/intrusion_scanner/
├── intrusion_scanner.php # Main interface
├── conf/
│ └── intrusion_scanner.conf.inc.php # Configuration
└── locale/
└── intrusion_scanner.fr.inc.php # French translations
Installation #
1. Create the plugins/intrusion_scanner/ directory
2. Copy files into the structure above
3. Access index.php?obj=intrusion_scanner.php (OVERMIND level required)
Usage #
Running a Scan #
1. Access the plugin: ?obj=intrusion_scanner.php
2. Click "Run Scan"
3. Wait for the scan to complete (may take a few minutes)
Interpreting Results #
The scanner classifies files into 4 categories:
✓ Protected Files (Green) #
Files correctly secured that return:
- The text "forbidden"
- HTTP code 401 or 403
- Any other configured denial message
Action: No action required
✗ Vulnerable Files (Red) #
Files that return content (>50 characters) without protection.
URGENT Action: Check each file and add protection:
if(!function_exists('frameheader')) die('forbidden');
? Manual Verification Required (Orange) #
Files with an ambiguous response (short but not "forbidden").
Action: Manually verify each file
⚠ Errors (Red) #
Files that could not be tested (cURL error, timeout, etc.).
Action: Check network configuration and retry
Configuration #
Scanned Directories #
By default:
modules/plugins/rss/members/
Excluded Directories #
data/,var/(data)ui/,css/,js/(assets)doc/,sql/,tests/(dev).git/,node_modules/(version control)
Excluded Files #
index.php(legitimate entry point).htaccessREADME.md
Expected Responses #
The scanner considers a file protected if it contains:
forbidden401unauthorizedaccess denieddirect access not permitted
Security #
Access Level #
OVERMIND only: This tool can reveal the internal structure of the system and must be strictly limited to system administrators.
Data Protection #
- Limits the size of captured response (500 characters)
- Does not store complete responses
- 10-second timeout per file
Performance #
- Total timeout: 300 seconds (5 minutes)
- Per-file timeout: 10 seconds
- Progress: Real-time display via JavaScript
Troubleshooting #
Scan does not start #
- Verify you have OVERMIND level
- Verify that cURL is enabled in PHP
All files show errors #
- Check network configuration
- Verify that the web server is accessible locally
False positives #
- Manually verify "ambiguous" files
- Adjust
max_response_lengthif necessary
Recommendations #
After a Scan #
1. Immediately fix all vulnerable files
2. Verify ambiguous files
3. Document legitimate exceptions
4. Re-scan after fixing
Best Practices #
- Run a scan after each plugin addition
- Run a scan after each major update
- Check .htaccess files in sensitive directories
BeamReactor Architecture #
Reminder: No PHP file should be directly accessible
All access goes through index.php:
members/edit_profile.php→index.php?obj=edit_profile.phpplugins/mailbox/mailbox.php→index.php?obj=mailbox.phpmodules/handler.mod.php→index.php?obj=handler.mod
Each file must begin with:
if(!function_exists('frameheader')) die('forbidden');
Version #
- Version: 1.0.0
- Date: 2025-12-27
- Author: Treveur Bretaudière
Support #
For any questions or issues, contact the BeamReactor/AEGIS IA team.
