RubyGems - XSpear - Versions diffs - 1.1.0 → 1.1.1 - Mend

XSpear 1.1.0 → 1.1.1

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ea6588ae83ee1f89c3eff1f387b0b703d6862e471bef37c87ded1e356df39a7b
-  data.tar.gz: 9036a2080e929353daaeea7146253169b05ec65d204305345a53f8ee80419750
+  metadata.gz: 04f26c164cd4c7570977a05e5f81d3a9592ea6d7ece5cda306430b6a798b43c1
+  data.tar.gz: d8fc3996277015dd5b0ea0976274c137500c206d4ffdb07f1a707f98ac56b60b
 SHA512:
-  metadata.gz: 2c55c310fbe45360257fff7e15b2850c96a09d5f94ac274fd551b45c6e9f9b45c757366fa466ca6405ce5e310c591f65c67f7dee9ac2764bf3ebeadd423f8691
-  data.tar.gz: 9271357e4283226c530ec50808bef585c4fb3f03e238f370b6090ba8c48f173a30fbf67f8209f2587f3cd85263f876c25b21e9542be97f5536e694ec854d668a
+  metadata.gz: c240f65c655a99058a0c8bb761cf59fc1f5c66c4a5ad5b9734a4bf28ecd2c855df3b3c7fd22b97d0326be3f8ce34359f7548b8c19138121cc6b019b85120a9f4
+  data.tar.gz: 1e919c4c91804ac1299c4d3bfbfd7bfeb4413bc44c95612abe4e7179a411ce225c42bccacaf0d912910f55636888d67d8ef66284a28ac1f756d3db3595bda76d

data/.idea/workspace.xml CHANGED Viewed

@@ -1,12 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="ChangeListManager">
-    <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="(1.1.0) [Fixed #15] Maqke">
+    <list default="true" id="4ee2e581-45d7-4c90-b6a1-e92e4b5829dd" name="Default Changelist" comment="(1.1.1) Add reporter method">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear.rb" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/lib/XSpear/banner.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/banner.rb" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/lib/XSpear/version.rb" beforeDir="false" afterPath="$PROJECT_DIR$/lib/XSpear/version.rb" afterDir="false" />
     </list>
     <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
     <option name="SHOW_DIALOG" value="false" />
@@ -19,37 +17,34 @@
   </component>
   <component name="FileEditorManager">
     <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
-      <file pinned="false" current-in-tab="false">
-        <entry file="file://$PROJECT_DIR$/README.md">
-          <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-            <state split_layout="SPLIT">
-              <first_editor relative-caret-position="1648">
-                <caret line="189" column="13" selection-start-line="189" selection-start-column="13" selection-end-line="189" selection-end-column="13" />
-              </first_editor>
-              <second_editor />
-            </state>
-          </provider>
-        </entry>
-      </file>
       <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
           <provider selected="true" editor-type-id="text-editor" />
         </entry>
       </file>
-      <file pinned="false" current-in-tab="false">
+      <file pinned="false" current-in-tab="true">
         <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="190">
-              <caret line="402" column="87" selection-start-line="402" selection-start-column="87" selection-end-line="402" selection-end-column="87" />
+            <state relative-caret-position="399">
+              <caret line="112" selection-start-line="112" selection-end-line="112" />
             </state>
           </provider>
         </entry>
       </file>
-      <file pinned="false" current-in-tab="true">
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$USER_HOME$/.rvm/rubies/ruby-2.4.6/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="207">
+              <caret line="53" selection-start-line="53" selection-end-line="53" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
         <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
           <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="1585">
-              <caret line="113" column="8" selection-start-line="113" selection-start-column="8" selection-end-line="113" selection-end-column="8" />
+            <state relative-caret-position="457">
+              <caret line="54" column="10" selection-start-line="54" selection-start-column="10" selection-end-line="54" selection-end-column="10" />
             </state>
           </provider>
         </entry>
@@ -113,9 +108,9 @@
         <option value="$PROJECT_DIR$/exe/XSpear" />
         <option value="$PROJECT_DIR$/README.md" />
         <option value="$PROJECT_DIR$/lib/XSpear/version.rb" />
-        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
         <option value="$PROJECT_DIR$/lib/XSpear/banner.rb" />
         <option value="$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb" />
+        <option value="$PROJECT_DIR$/lib/XSpear.rb" />
       </list>
     </option>
   </component>
@@ -229,7 +224,8 @@
       <workItem from="1563638656518" duration="4985000" />
       <workItem from="1563809961097" duration="4237000" />
       <workItem from="1563893538891" duration="11917000" />
-      <workItem from="1564151699165" duration="2215000" />
+      <workItem from="1564151699165" duration="2494000" />
+      <workItem from="1564413097342" duration="2893000" />
     </task>
     <task id="LOCAL-00001" summary="init update">
       <created>1562945899597</created>
@@ -567,16 +563,23 @@
       <option name="project" value="LOCAL" />
       <updated>1564152655489</updated>
     </task>
-    <option name="localTasksCounter" value="49" />
+    <task id="LOCAL-00049" summary="(1.1.0) Releases 1.1.0 / Fixed bug, modify report format, etc..">
+      <created>1564154233169</created>
+      <option name="number" value="00049" />
+      <option name="presentableId" value="LOCAL-00049" />
+      <option name="project" value="LOCAL" />
+      <updated>1564154233169</updated>
+    </task>
+    <option name="localTasksCounter" value="50" />
     <servers />
   </component>
   <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="38691000" />
+    <option name="totallyTimeSpent" value="41863000" />
   </component>
   <component name="ToolWindowManager">
     <frame x="0" y="0" width="1680" height="1050" extended-state="0" />
     <layout>
-      <window_info content_ui="combo" id="Project" order="0" visible="true" weight="0.16605617" />
+      <window_info content_ui="combo" id="Project" order="0" visible="true" weight="0.16788767" />
       <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
       <window_info id="Favorites" order="2" side_tool="true" />
       <window_info anchor="bottom" id="Message" order="0" />
@@ -602,7 +605,6 @@
     <option name="version" value="1" />
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value="Add show version &amp; edit help, version in banner" />
     <MESSAGE value="Edit version , release 1.0.2" />
     <MESSAGE value="Add EventHandler Test logic (1.0.3), edit description on report" />
     <MESSAGE value="verbose가 1일 떄 배너 출력되지 않도록 수정" />
@@ -627,7 +629,8 @@
     <MESSAGE value="(1.0.9) Releases 1.0.9 / Add --raw options, code refactoring, fixed bugs" />
     <MESSAGE value="(1.1.0) [Fixed #14] Edit raw query print code" />
     <MESSAGE value="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정" />
-    <option name="LAST_COMMIT_MESSAGE" value="(1.1.0) [Fixed #15] makeQueryPattern 내 페이로드 생성 코드 수정" />
+    <MESSAGE value="(1.1.0) Releases 1.1.0 / Fixed bug, modify report format, etc.." />
+    <option name="LAST_COMMIT_MESSAGE" value="(1.1.0) Releases 1.1.0 / Fixed bug, modify report format, etc.." />
   </component>
   <component name="editorHistoryManager">
     <entry file="file://$USER_HOME$/.rvm/gems/ruby-2.4.6/gems/bundler-2.0.1/lib/bundler/rubygems_integration.rb">
@@ -650,9 +653,26 @@
         </state>
       </provider>
     </entry>
+    <entry file="file://$PROJECT_DIR$/README.md">
+      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
+        <state split_layout="SPLIT">
+          <first_editor relative-caret-position="2865">
+            <caret line="191" column="13" selection-start-line="191" selection-start-column="13" selection-end-line="191" selection-end-column="13" />
+          </first_editor>
+          <second_editor />
+        </state>
+      </provider>
+    </entry>
     <entry file="file://$PROJECT_DIR$/spec/XSpear_spec.rb">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="150">
+          <caret line="10" column="35" selection-start-line="10" selection-start-column="35" selection-end-line="10" selection-end-column="35" />
+        </state>
+      </provider>
+    </entry>
     <entry file="file://$PROJECT_DIR$/lib/XSpear/log.rb">
       <provider selected="true" editor-type-id="text-editor">
         <state relative-caret-position="195">
@@ -660,6 +680,13 @@
         </state>
       </provider>
     </entry>
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="45">
+          <caret line="3" lean-forward="true" selection-start-line="3" selection-end-line="3" />
+        </state>
+      </provider>
+    </entry>
     <entry file="file://$PROJECT_DIR$/XSpear.gemspec">
       <provider selected="true" editor-type-id="text-editor">
         <state relative-caret-position="105">
@@ -673,41 +700,24 @@
     <entry file="file:///usr/local/bin/rake">
       <provider selected="true" editor-type-id="text-editor" />
     </entry>
-    <entry file="file://$PROJECT_DIR$/README.md">
-      <provider selected="true" editor-type-id="split-provider[text-editor;markdown-preview-editor]">
-        <state split_layout="SPLIT">
-          <first_editor relative-caret-position="1648">
-            <caret line="189" column="13" selection-start-line="189" selection-start-column="13" selection-end-line="189" selection-end-column="13" />
-          </first_editor>
-          <second_editor />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/version.rb">
+    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="45">
-          <caret line="3" lean-forward="true" selection-start-line="3" selection-end-line="3" />
+        <state relative-caret-position="457">
+          <caret line="54" column="10" selection-start-line="54" selection-start-column="10" selection-end-line="54" selection-end-column="10" />
         </state>
       </provider>
     </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/banner.rb">
+    <entry file="file://$USER_HOME$/.rvm/rubies/ruby-2.4.6/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="150">
-          <caret line="10" column="35" selection-start-line="10" selection-start-column="35" selection-end-line="10" selection-end-column="35" />
+        <state relative-caret-position="207">
+          <caret line="53" selection-start-line="53" selection-end-line="53" />
         </state>
       </provider>
     </entry>
     <entry file="file://$PROJECT_DIR$/lib/XSpear.rb">
       <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="190">
-          <caret line="402" column="87" selection-start-line="402" selection-start-column="87" selection-end-line="402" selection-end-column="87" />
-        </state>
-      </provider>
-    </entry>
-    <entry file="file://$PROJECT_DIR$/lib/XSpear/XSpearRepoter.rb">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="1585">
-          <caret line="113" column="8" selection-start-line="113" selection-start-column="8" selection-end-line="113" selection-end-column="8" />
+        <state relative-caret-position="399">
+          <caret line="112" selection-start-line="112" selection-end-line="112" />
         </state>
       </provider>
     </entry>

data/README.md CHANGED Viewed

@@ -1,3 +1,5 @@
+<img src="https://user-images.githubusercontent.com/13212227/62058818-ffcef780-b25c-11e9-9a35-36537efbcca7.png" width=100%>
 # XSpear
 XSpear is XSS Scanner on ruby gems
@@ -300,7 +302,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/XSpear. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/hahwul/XSpear. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 ## License

data/lib/XSpear.rb CHANGED Viewed

@@ -74,6 +74,56 @@ class XspearScan
     end
   end
+  class CallbackCheckWAF < ScanCallbackFunc
+    def run
+      pattern = {}
+      pattern['AWS'] = 'AWS Web Application FW'
+      pattern['ACE XML Gateway'] = 'Cisco ACE XML Gateway'
+      pattern['cloudflare'] = 'CloudFlare'
+      pattern['cf-ray'] = 'CloudFlare'
+      pattern['Error from cloudfront'] = 'Amazone CloudFront'
+      pattern['Protected by COMODO WAF'] = 'Comodo Web Application FW'
+      pattern['X-Backside-Transport.*?(OK|FAIL)'] = 'IBM WebSphere DataPower'
+      pattern['FORTIWAFSID'] = 'FortiWeb Web Application FW'
+      pattern['ODSESSION'] = 'Hyperguard Web Application FW'
+      pattern['AkamaiGHost'] = 'KONA(AKAMAIGHOST)'
+      pattern['Mod_Security|NOYB'] = 'ModSecurity'
+      pattern['naxsi/waf'] = 'NAXSI'
+      pattern['NCI__SessionId='] = 'NetContinuum Web Application FW'
+      pattern['citrix_ns_id'] = 'Citrix NetScaler'
+      pattern['NSC_'] = 'Citrix NetScaler'
+      pattern['NS-CACHE'] = 'Citrix NetScaler'
+      pattern['newdefend'] = 'Newdefend Web Application FW'
+      pattern['NSFocus'] = 'NSFOCUS Web Application FW'
+      pattern['PLBSID'] = 'Profense Web Application Firewall'
+      pattern['X-SL-CompState'] = 'AppWall (Radware)'
+      pattern['safedog'] = 'Safedog Web Application FW'
+      pattern['Sucuri/Cloudproxy|X-Sucuri'] = 'CloudProxy WebSite FW'
+      pattern['X-Sucuri'] = 'CloudProxy WebSite FW'
+      pattern['st8(id)'] = 'Teros/Citrix Application FW'
+      pattern['st8(_wat)'] = 'Teros/Citrix Application FW'
+      pattern['st8(_wlf)'] = 'Teros/Citrix Application FW'
+      pattern['F5-TrafficShield'] = 'TrafficShield'
+      pattern['Rejected-By-UrlScan'] = 'MS UrlScan'
+      pattern['Secure Entry Server'] = 'USP Secure Entry Server'
+      pattern['nginx-wallarm'] = 'Wallarm Web Application FW'
+      pattern['WatchGuard'] = 'WatchGuard '
+      pattern['X-Powered-By-360wzb'] = '360 Web Application'
+      pattern['WebKnight'] = 'WebKnight Application FW'
+      pattern.each do |key,value|
+        if !@response[key].nil?
+          time = Time.now
+          puts '[I]'.blue + " [#{time.strftime('%H:%M:%S')}] Found WAF: #{value}"
+          @report.add_issue("i","d","-","-","<original query>","Found WAF: #{value}")
+        end
+      end
+      [false, "not reflected #{@query}"]
+    end
+  end
   class CallbackCheckHeaders < ScanCallbackFunc
     def run
       if !@response['Server'].nil?
@@ -96,6 +146,7 @@ class XspearScan
         @report.add_issue("i","s","-","-","<original query>","Not set X-XSS-Protection")
       end
       if !@response['X-Frame-Options'].nil?
         @report.add_issue("i","s","-","-","<original query>","X-Frame-Options: #{@response['X-Frame-Options']}")
       else
@@ -360,6 +411,7 @@ class XspearScan
     log('s', 'creating a test query.')
+    r.push makeQueryPattern('x', '<script>alert(45)</script>', '<script>alert(45)</script>', 'i', "Found WAF", CallbackCheckWAF)
     r.push makeQueryPattern('s', '', '', 'i', "-", CallbackCheckHeaders)
     r.push makeQueryPattern('d', 'XsPeaR"', 'XsPeaR"', 'i', "Found SQL Error Pattern", CallbackErrorPatternMatch)
     r.push makeQueryPattern('r', 'rEfe6', 'rEfe6', 'i', 'reflected parameter', CallbackStringMatch)
@@ -469,6 +521,10 @@ class XspearScan
     end
   end
+  def reporter
+    @report
+  end
   def makeQueryPattern(type, payload, pattern, category, desc, callback)
     # type: [r]eflected param
     #       [f]ilted rule

data/lib/XSpear/XSpearRepoter.rb CHANGED Viewed

@@ -47,6 +47,14 @@ class XspearRepoter
     @query.push payload
   end
+  def filtered_objects
+    @filtered_objects
+  end
+  def issues
+    @issue
+  end
   def set_filtered f
     @filtered_objects = f
   end

data/lib/XSpear/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module XSpear
-  VERSION = "1.1.0"
+  VERSION = "1.1.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: XSpear
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - hahwul
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-07-26 00:00:00.000000000 Z
+date: 2019-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize