cms_scanner 0.0.16 → 0.0.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/app/finders/interesting_files.rb +9 -7
- data/app/finders/interesting_files/fantastico_fileslist.rb +1 -1
- data/app/finders/interesting_files/headers.rb +1 -1
- data/app/finders/interesting_files/robots_txt.rb +1 -1
- data/app/finders/interesting_files/search_replace_db_2.rb +1 -1
- data/app/finders/interesting_files/xml_rpc.rb +1 -1
- data/app/models/interesting_file.rb +4 -0
- data/lib/cms_scanner.rb +1 -0
- data/lib/cms_scanner/finders/finder.rb +9 -0
- data/lib/cms_scanner/finders/finder/enumerator.rb +1 -14
- data/lib/cms_scanner/finders/finding.rb +4 -0
- data/lib/cms_scanner/finders/same_type_finders.rb +6 -0
- data/lib/cms_scanner/finders/unique_finders.rb +5 -5
- data/lib/cms_scanner/target.rb +1 -3
- data/lib/cms_scanner/target/scope.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/web_site.rb +8 -1
- data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb +2 -2
- data/spec/app/finders/interesting_files/headers_spec.rb +2 -2
- data/spec/app/finders/interesting_files/robots_txt_spec.rb +2 -2
- data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb +2 -2
- data/spec/app/finders/interesting_files/xml_rpc_spec.rb +2 -2
- data/spec/app/finders/interesting_files_spec.rb +1 -1
- data/spec/app/models/fantastico_fileslist_spec.rb +1 -1
- data/spec/app/models/headers_spec.rb +1 -1
- data/spec/app/models/interesting_file_spec.rb +21 -1
- data/spec/app/models/robots_txt_spec.rb +1 -1
- data/spec/dummy_finding.rb +4 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/fantastico_fileslist/fantastico_fileslist.txt +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/file.txt +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/headers/interesting.txt +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/headers/no_interesting.txt +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/robots_txt/robots.txt +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/search_replace_db_2/searchreplacedb2.php +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/xml_rpc/homepage_in_scope_pingback.html +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/xml_rpc/homepage_out_of_scope_pingback.html +0 -0
- data/spec/fixtures/{interesting_files → finders/interesting_files}/xml_rpc/xmlrpc.php +0 -0
- data/spec/lib/finders/finder/enumerator_spec.rb +3 -3
- data/spec/lib/finders/finder_spec.rb +11 -0
- data/spec/lib/finders/same_type_finders_spec.rb +28 -3
- data/spec/lib/finders/unique_finders_spec.rb +2 -2
- data/spec/lib/target_spec.rb +1 -1
- data/spec/lib/web_site_spec.rb +6 -0
- data/spec/shared_examples/finding.rb +4 -0
- data/spec/spec_helper.rb +6 -5
- metadata +22 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 91053b9464fd4d16411c4f52a959987ab4db4547
|
4
|
+
data.tar.gz: 6b28b180d3eb7383949e981fb5d0c7f609d55d53
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4f4bcb4032ea19eebb855078d12c988157145aa56c957bef7d4a3d6ce49b29274c6f647729592392ccfd3ee0935e1647bcd09683f286cffc0935b13a7025a864
|
7
|
+
data.tar.gz: 364c291673d0978de579b1201c2d9159e91b86bf9604bd3e5e5c20b0aa7bd2a72e68297a91c10275742b9479fc79907cf20c68a5b3165f12b5a45b9e8a1f667c
|
data/.rubocop.yml
CHANGED
@@ -6,14 +6,16 @@ require_relative 'interesting_files/xml_rpc'
|
|
6
6
|
|
7
7
|
module CMSScanner
|
8
8
|
module Finders
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
module InterestingFiles
|
10
|
+
# Interesting Files Finder
|
11
|
+
class Base
|
12
|
+
include IndependentFinder
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
14
|
+
# @param [ CMSScanner::Target ] target
|
15
|
+
def initialize(target)
|
16
|
+
%w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
|
17
|
+
finders << NS.const_get("Finders::InterestingFiles::#{f}").new(target)
|
18
|
+
end
|
17
19
|
end
|
18
20
|
end
|
19
21
|
end
|
data/lib/cms_scanner.rb
CHANGED
@@ -27,6 +27,15 @@ module CMSScanner
|
|
27
27
|
def aggressive(_opts = {})
|
28
28
|
end
|
29
29
|
|
30
|
+
# @param [ Integer ] total
|
31
|
+
# @param [ String ] title
|
32
|
+
# @param [ String ] format See https://github.com/jfelchner/ruby-progressbar/wiki/Formatting
|
33
|
+
#
|
34
|
+
# @return [ ProgressBar ]
|
35
|
+
def progress_bar(total, title = '', format = '%t %a <%B> (%c / %C) %P%% %e')
|
36
|
+
ProgressBar.create(total: total, title: title, format: format)
|
37
|
+
end
|
38
|
+
|
30
39
|
def found_by
|
31
40
|
caller_locations.each do |call|
|
32
41
|
label = call.label
|
@@ -10,7 +10,7 @@ module CMSScanner
|
|
10
10
|
# @yield [ Typhoeus::Response, String ]
|
11
11
|
def enumerate(opts = {})
|
12
12
|
targets = target_urls(opts)
|
13
|
-
bar = progress_bar(targets.size) if opts[:show_progression]
|
13
|
+
bar = progress_bar(targets.size, progress_bar_title) if opts[:show_progression]
|
14
14
|
|
15
15
|
targets.each do |url, id|
|
16
16
|
request = browser.forge_request(url, request_params)
|
@@ -37,19 +37,6 @@ module CMSScanner
|
|
37
37
|
fail NotImplementedError
|
38
38
|
end
|
39
39
|
|
40
|
-
# @param [ Integer ] total
|
41
|
-
#
|
42
|
-
# @return [ ProgressBar ]
|
43
|
-
# :nocov:
|
44
|
-
def progress_bar(total)
|
45
|
-
ProgressBar.create(
|
46
|
-
format: '%t %a <%B> (%c / %C) %P%% %e',
|
47
|
-
title: progress_bar_title,
|
48
|
-
total: total
|
49
|
-
)
|
50
|
-
end
|
51
|
-
# :nocov:
|
52
|
-
|
53
40
|
# Progress Bar title to use, allow instance using this module
|
54
41
|
# to display a custom title if needed
|
55
42
|
#
|
@@ -7,6 +7,9 @@ module CMSScanner
|
|
7
7
|
class SameTypeFinders < IndependentFinders
|
8
8
|
# @param [ Hash ] opts
|
9
9
|
# @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
|
10
|
+
# @option opts [ Boolean ] :vulnerable Only return vulnerable findings
|
11
|
+
# (which must respond to :vulnerable?)
|
12
|
+
# @option opts [ Boolean ] :sort Wether or not to sort the findings
|
10
13
|
#
|
11
14
|
# @return [ Findings ]
|
12
15
|
def run(opts = {})
|
@@ -18,6 +21,9 @@ module CMSScanner
|
|
18
21
|
end
|
19
22
|
end
|
20
23
|
|
24
|
+
findings.select!(&:vulnerable?) if opts[:vulnerable]
|
25
|
+
findings.sort! if opts[:sort]
|
26
|
+
|
21
27
|
findings
|
22
28
|
end
|
23
29
|
end
|
@@ -13,7 +13,7 @@ module CMSScanner
|
|
13
13
|
# Default is 100.
|
14
14
|
# If <= 0, all finders will be ran.
|
15
15
|
#
|
16
|
-
# @return [ Object ] The best finding
|
16
|
+
# @return [ Object, false ] The best finding or false if none
|
17
17
|
def run(opts = {})
|
18
18
|
opts[:confidence_threshold] ||= 100
|
19
19
|
|
@@ -34,15 +34,15 @@ module CMSScanner
|
|
34
34
|
|
35
35
|
# @param [ Array<Object> ] findings
|
36
36
|
#
|
37
|
-
# @return [ Object ] The best finding
|
37
|
+
# @return [ Object, false ] The best finding or false if none
|
38
38
|
def best_finding(findings)
|
39
39
|
# results are sorted by confidence ASC
|
40
40
|
findings.sort_by!(&:confidence)
|
41
41
|
|
42
|
-
# If all findings have the same confidence,
|
43
|
-
return if findings.size > 1 && findings.first.confidence == findings.last.confidence
|
42
|
+
# If all findings have the same confidence, false is returned
|
43
|
+
return false if findings.size > 1 && findings.first.confidence == findings.last.confidence
|
44
44
|
|
45
|
-
findings.last
|
45
|
+
findings.last || false
|
46
46
|
end
|
47
47
|
end
|
48
48
|
end
|
data/lib/cms_scanner/target.rb
CHANGED
@@ -19,13 +19,11 @@ module CMSScanner
|
|
19
19
|
[*opts[:scope]].each { |s| scope << s }
|
20
20
|
end
|
21
21
|
|
22
|
-
# TODO: add a force option to re-call the #find rather than return the @interesting_files ?
|
23
|
-
#
|
24
22
|
# @param [ Hash ] opts
|
25
23
|
#
|
26
24
|
# @return [ Findings ]
|
27
25
|
def interesting_files(opts = {})
|
28
|
-
@interesting_files ||= NS::Finders::InterestingFiles.find(self, opts)
|
26
|
+
@interesting_files ||= NS::Finders::InterestingFiles::Base.find(self, opts)
|
29
27
|
end
|
30
28
|
end
|
31
29
|
end
|
@@ -19,7 +19,7 @@ module CMSScanner
|
|
19
19
|
# @param [ String ] xpath
|
20
20
|
# @param [ Array<String> ] attributes
|
21
21
|
#
|
22
|
-
# @return [ Array<String> ] The in scope URLs detected in the response's body
|
22
|
+
# @return [ Array<String> ] The in scope absolute URLs detected in the response's body
|
23
23
|
def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
|
24
24
|
found = []
|
25
25
|
|
data/lib/cms_scanner/version.rb
CHANGED
data/lib/cms_scanner/web_site.rb
CHANGED
@@ -22,11 +22,18 @@ module CMSScanner
|
|
22
22
|
|
23
23
|
# Used for convenience
|
24
24
|
#
|
25
|
+
# URI.encode is preferered over Addressable::URI.encode as it will encode
|
26
|
+
# leading # character:
|
27
|
+
# URI.encode('#t#') => %23t%23
|
28
|
+
# Addressable::URI.encode('#t#') => #t%23
|
29
|
+
#
|
25
30
|
# @param [ String ] path Optional path to merge with the uri
|
26
31
|
#
|
27
32
|
# @return [ String ]
|
28
33
|
def url(path = nil)
|
29
|
-
@uri.
|
34
|
+
return @uri.to_s unless path
|
35
|
+
|
36
|
+
@uri.join(URI.encode(path)).to_s
|
30
37
|
end
|
31
38
|
|
32
39
|
# Checks if the remote website is up.
|
@@ -1,11 +1,11 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe CMSScanner::Finders::
|
3
|
+
describe CMSScanner::Finders::InterestingFiles::FantasticoFileslist do
|
4
4
|
subject(:finder) { described_class.new(target) }
|
5
5
|
let(:target) { CMSScanner::Target.new(url) }
|
6
6
|
let(:url) { 'http://example.com/' }
|
7
7
|
let(:file) { url + 'fantastico_fileslist.txt' }
|
8
|
-
let(:fixtures) { File.join(
|
8
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'fantastico_fileslist') }
|
9
9
|
|
10
10
|
describe '#url' do
|
11
11
|
its(:url) { should eq file }
|
@@ -1,10 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe CMSScanner::Finders::
|
3
|
+
describe CMSScanner::Finders::InterestingFiles::Headers do
|
4
4
|
subject(:finder) { described_class.new(target) }
|
5
5
|
let(:target) { CMSScanner::Target.new(url) }
|
6
6
|
let(:url) { 'http://example.com/' }
|
7
|
-
let(:fixtures) { File.join(
|
7
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'headers') }
|
8
8
|
let(:fixture) { File.join(fixtures, 'interesting.txt') }
|
9
9
|
let(:headers) { parse_headers_file(fixture) }
|
10
10
|
|
@@ -1,11 +1,11 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe CMSScanner::Finders::
|
3
|
+
describe CMSScanner::Finders::InterestingFiles::RobotsTxt do
|
4
4
|
subject(:finder) { described_class.new(target) }
|
5
5
|
let(:target) { CMSScanner::Target.new(url) }
|
6
6
|
let(:url) { 'http://example.com/' }
|
7
7
|
let(:robots_txt) { url + 'robots.txt' }
|
8
|
-
let(:fixtures) { File.join(
|
8
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'robots_txt') }
|
9
9
|
|
10
10
|
describe '#url' do
|
11
11
|
its(:url) { should eq robots_txt }
|
@@ -1,11 +1,11 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe CMSScanner::Finders::
|
3
|
+
describe CMSScanner::Finders::InterestingFiles::SearchReplaceDB2 do
|
4
4
|
subject(:finder) { described_class.new(target) }
|
5
5
|
let(:target) { CMSScanner::Target.new(url) }
|
6
6
|
let(:url) { 'http://example.com/' }
|
7
7
|
let(:file) { url + 'searchreplacedb2.php' }
|
8
|
-
let(:fixtures) { File.join(
|
8
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'search_replace_db_2') }
|
9
9
|
|
10
10
|
describe '#url' do
|
11
11
|
its(:url) { should eq file }
|
@@ -1,11 +1,11 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe CMSScanner::Finders::
|
3
|
+
describe CMSScanner::Finders::InterestingFiles::XMLRPC do
|
4
4
|
subject(:finder) { described_class.new(target) }
|
5
5
|
let(:target) { CMSScanner::Target.new(url) }
|
6
6
|
let(:url) { 'http://e.org/' }
|
7
7
|
let(:xml_rpc_url) { url + 'xmlrpc.php' }
|
8
|
-
let(:fixtures) { File.join(
|
8
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'xml_rpc') }
|
9
9
|
|
10
10
|
describe '#potential_urls' do
|
11
11
|
its(:potential_urls) { should be_empty }
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe CMSScanner::Finders::InterestingFiles do
|
3
|
+
describe CMSScanner::Finders::InterestingFiles::Base do
|
4
4
|
it_behaves_like CMSScanner::Finders::IndependentFinder do
|
5
5
|
let(:expected_finders) { %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC) }
|
6
6
|
let(:expected_finders_class) { CMSScanner::Finders::IndependentFinders }
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
describe CMSScanner::FantasticoFileslist do
|
4
4
|
subject(:file) { described_class.new(url) }
|
5
5
|
let(:url) { 'http://example.com/robots.txt' }
|
6
|
-
let(:fixtures) { File.join(
|
6
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'fantastico_fileslist') }
|
7
7
|
|
8
8
|
describe '#interesting_entries' do
|
9
9
|
let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
describe CMSScanner::Headers do
|
4
4
|
subject(:file) { described_class.new(url) }
|
5
5
|
let(:url) { 'http://example.com/' }
|
6
|
-
let(:fixtures) { File.join(
|
6
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'headers') }
|
7
7
|
let(:fixture) { File.join(fixtures, 'interesting.txt') }
|
8
8
|
let(:headers) { {} }
|
9
9
|
|
@@ -6,7 +6,7 @@ describe CMSScanner::InterestingFile do
|
|
6
6
|
subject(:file) { described_class.new(url, opts) }
|
7
7
|
let(:opts) { {} }
|
8
8
|
let(:url) { 'http://example.com/' }
|
9
|
-
let(:fixtures) { File.join(
|
9
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files') }
|
10
10
|
|
11
11
|
describe '#entries' do
|
12
12
|
after do
|
@@ -46,4 +46,24 @@ describe CMSScanner::InterestingFile do
|
|
46
46
|
end
|
47
47
|
end
|
48
48
|
end
|
49
|
+
|
50
|
+
describe '#<=>' do
|
51
|
+
context 'when same URL' do
|
52
|
+
it 'returns 0' do
|
53
|
+
expect(file <=> described_class.new(url)).to eql 0
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
context 'when the other URL <= current one' do
|
58
|
+
it 'returns 1' do
|
59
|
+
expect(file <=> described_class.new('http://e.org')).to eql 1
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
context 'when the other URL >= current one' do
|
64
|
+
it 'returns -1' do
|
65
|
+
expect(file <=> described_class.new('http://exi.org/')).to eql(-1)
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
49
69
|
end
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
describe CMSScanner::RobotsTxt do
|
4
4
|
subject(:file) { described_class.new(url) }
|
5
5
|
let(:url) { 'http://example.com/robots.txt' }
|
6
|
-
let(:fixtures) { File.join(
|
6
|
+
let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'robots_txt') }
|
7
7
|
|
8
8
|
describe '#interesting_entries' do
|
9
9
|
let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
|
data/spec/dummy_finding.rb
CHANGED
File without changes
|
File without changes
|
File without changes
|
data/spec/fixtures/{interesting_files → finders/interesting_files}/headers/no_interesting.txt
RENAMED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
@@ -15,9 +15,9 @@ describe CMSScanner::Finders::Finder::Enumerator do
|
|
15
15
|
end
|
16
16
|
end
|
17
17
|
|
18
|
-
describe '#
|
19
|
-
it 'returns a
|
20
|
-
expect(finder.
|
18
|
+
describe '#progress_bar_title' do
|
19
|
+
it 'returns a space' do
|
20
|
+
expect(finder.progress_bar_title).to eql ' '
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe CMSScanner::Finders::Finder do
|
4
|
+
subject(:finder) { described_class.new('target') }
|
5
|
+
|
6
|
+
describe '#progress_bar' do
|
7
|
+
it 'returns a ProgressBar::Base' do
|
8
|
+
expect(finder.progress_bar(12)).to be_a ProgressBar::Base
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -31,7 +31,7 @@ describe CMSScanner::Finders::SameTypeFinders do
|
|
31
31
|
context 'when :mixed mode' do
|
32
32
|
let(:opts) { super().merge(mode: :mixed) }
|
33
33
|
|
34
|
-
it 'calls all #passive then #aggressive on finders and returns the
|
34
|
+
it 'calls all #passive then #aggressive on finders and returns the results' do
|
35
35
|
expect(finders[0]).to receive(:passive)
|
36
36
|
.with(hash_including(found: [])).ordered
|
37
37
|
.and_return(dummy_passive)
|
@@ -63,7 +63,7 @@ describe CMSScanner::Finders::SameTypeFinders do
|
|
63
63
|
context 'when :passive mode' do
|
64
64
|
let(:opts) { super().merge(mode: :passive) }
|
65
65
|
|
66
|
-
|
66
|
+
before do
|
67
67
|
expect(finders[0]).to receive(:passive)
|
68
68
|
.with(hash_including(found: [])).ordered
|
69
69
|
.and_return(dummy_passive)
|
@@ -73,18 +73,43 @@ describe CMSScanner::Finders::SameTypeFinders do
|
|
73
73
|
.and_return(noaggressive)
|
74
74
|
|
75
75
|
finders.each { |f| expect(f).to_not receive(:aggressive) }
|
76
|
+
end
|
76
77
|
|
78
|
+
it 'calls #passive on all finders and returns the results' do
|
77
79
|
@expected = []
|
78
80
|
@expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
|
79
81
|
@expected << finding.new('spotted', confidence: 10,
|
80
82
|
found_by: 'No Aggressive Result (Passive Detection)')
|
81
83
|
end
|
84
|
+
|
85
|
+
context 'when :sort used' do
|
86
|
+
let(:opts) { super().merge(sort: true) }
|
87
|
+
|
88
|
+
it 'returns the sorted results' do
|
89
|
+
@expected = []
|
90
|
+
@expected << finding.new('spotted', confidence: 10,
|
91
|
+
found_by: 'No Aggressive Result (Passive Detection)')
|
92
|
+
@expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
# TODO: make this work
|
97
|
+
# context 'when :vulnerable used' do
|
98
|
+
# let(:opts) { super().merge(vulnerable: true) }
|
99
|
+
|
100
|
+
# it 'returns the vulnerable results' do
|
101
|
+
# expect(dummy_passive).to receive(:vulnerable?).and_return(true)
|
102
|
+
# expect(noaggressive).to receive(:vulnerable?)
|
103
|
+
|
104
|
+
# @expected = [finding.new('test', found_by: 'Dummy Finder (Passive Detection)')]
|
105
|
+
# end
|
106
|
+
# end
|
82
107
|
end
|
83
108
|
|
84
109
|
context 'when :aggressive mode' do
|
85
110
|
let(:opts) { super().merge(mode: :aggressive) }
|
86
111
|
|
87
|
-
it 'calls #aggressive on all finders and returns the
|
112
|
+
it 'calls #aggressive on all finders and returns the results' do
|
88
113
|
finders.each { |f| expect(f).to_not receive(:passive) }
|
89
114
|
|
90
115
|
expect(finders[0]).to receive(:aggressive)
|
@@ -12,7 +12,7 @@ describe CMSScanner::Finders::UniqueFinders do
|
|
12
12
|
|
13
13
|
context 'when no findings' do
|
14
14
|
it 'returns nil' do
|
15
|
-
@expected =
|
15
|
+
@expected = false
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
@@ -31,7 +31,7 @@ describe CMSScanner::Finders::UniqueFinders do
|
|
31
31
|
|
32
32
|
context 'when they have the same confidence' do
|
33
33
|
it 'returns nil' do
|
34
|
-
@expected =
|
34
|
+
@expected = false
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
data/spec/lib/target_spec.rb
CHANGED
@@ -6,7 +6,7 @@ describe CMSScanner::Target do
|
|
6
6
|
|
7
7
|
describe '#interesting_files' do
|
8
8
|
before do
|
9
|
-
expect(CMSScanner::Finders::InterestingFiles).to receive(:find).and_return(stubbed)
|
9
|
+
expect(CMSScanner::Finders::InterestingFiles::Base).to receive(:find).and_return(stubbed)
|
10
10
|
end
|
11
11
|
|
12
12
|
context 'when no findings' do
|
data/spec/lib/web_site_spec.rb
CHANGED
@@ -40,6 +40,12 @@ describe CMSScanner::WebSite do
|
|
40
40
|
expect(web_site.url('file.txt')).to eql "#{url}/file.txt"
|
41
41
|
end
|
42
42
|
|
43
|
+
it 'encodes the path' do
|
44
|
+
expect(web_site.url('f ile.txt')).to eql "#{url}/f%20ile.txt"
|
45
|
+
expect(web_site.url('s/a%.txt')).to eql "#{url}/s/a%25.txt"
|
46
|
+
expect(web_site.url('#file.txt#')).to eql "#{url}/%23file.txt%23"
|
47
|
+
end
|
48
|
+
|
43
49
|
context 'when relative path' do
|
44
50
|
let(:url) { 'http://e.org/dir/' }
|
45
51
|
|
data/spec/spec_helper.rb
CHANGED
@@ -35,8 +35,9 @@ end
|
|
35
35
|
require 'cms_scanner'
|
36
36
|
require 'shared_examples'
|
37
37
|
|
38
|
-
SPECS
|
39
|
-
CACHE
|
40
|
-
FIXTURES
|
41
|
-
FIXTURES_VIEWS
|
42
|
-
|
38
|
+
SPECS = Pathname.new(__FILE__).dirname.to_s
|
39
|
+
CACHE = File.join(SPECS, 'cache')
|
40
|
+
FIXTURES = File.join(SPECS, 'fixtures')
|
41
|
+
FIXTURES_VIEWS = File.join(FIXTURES, 'views')
|
42
|
+
FIXTURES_FINDERS = File.join(FIXTURES, 'finders')
|
43
|
+
APP_VIEWS = File.join(CMSScanner::APP_DIR, 'views')
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.17
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-02-
|
11
|
+
date: 2015-02-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: opt_parse_validator
|
@@ -318,15 +318,15 @@ files:
|
|
318
318
|
- spec/dummy_finding.rb
|
319
319
|
- spec/dummy_independent_finders.rb
|
320
320
|
- spec/dummy_unique_finders.rb
|
321
|
-
- spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
|
322
|
-
- spec/fixtures/interesting_files/file.txt
|
323
|
-
- spec/fixtures/interesting_files/headers/interesting.txt
|
324
|
-
- spec/fixtures/interesting_files/headers/no_interesting.txt
|
325
|
-
- spec/fixtures/interesting_files/robots_txt/robots.txt
|
326
|
-
- spec/fixtures/interesting_files/search_replace_db_2/searchreplacedb2.php
|
327
|
-
- spec/fixtures/interesting_files/xml_rpc/homepage_in_scope_pingback.html
|
328
|
-
- spec/fixtures/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
329
|
-
- spec/fixtures/interesting_files/xml_rpc/xmlrpc.php
|
321
|
+
- spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
|
322
|
+
- spec/fixtures/finders/interesting_files/file.txt
|
323
|
+
- spec/fixtures/finders/interesting_files/headers/interesting.txt
|
324
|
+
- spec/fixtures/finders/interesting_files/headers/no_interesting.txt
|
325
|
+
- spec/fixtures/finders/interesting_files/robots_txt/robots.txt
|
326
|
+
- spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php
|
327
|
+
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html
|
328
|
+
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
329
|
+
- spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
|
330
330
|
- spec/fixtures/output.txt
|
331
331
|
- spec/fixtures/target/platform/php/debug_log/debug.log
|
332
332
|
- spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
|
@@ -353,6 +353,7 @@ files:
|
|
353
353
|
- spec/lib/finders/finder/enumerator_spec.rb
|
354
354
|
- spec/lib/finders/finder/smart_url_checker/findings_spec.rb
|
355
355
|
- spec/lib/finders/finder/smart_url_checker_spec.rb
|
356
|
+
- spec/lib/finders/finder_spec.rb
|
356
357
|
- spec/lib/finders/findings_spec.rb
|
357
358
|
- spec/lib/finders/independent_finders_spec.rb
|
358
359
|
- spec/lib/finders/same_type_finder_spec.rb
|
@@ -438,15 +439,15 @@ test_files:
|
|
438
439
|
- spec/dummy_finding.rb
|
439
440
|
- spec/dummy_independent_finders.rb
|
440
441
|
- spec/dummy_unique_finders.rb
|
441
|
-
- spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
|
442
|
-
- spec/fixtures/interesting_files/file.txt
|
443
|
-
- spec/fixtures/interesting_files/headers/interesting.txt
|
444
|
-
- spec/fixtures/interesting_files/headers/no_interesting.txt
|
445
|
-
- spec/fixtures/interesting_files/robots_txt/robots.txt
|
446
|
-
- spec/fixtures/interesting_files/search_replace_db_2/searchreplacedb2.php
|
447
|
-
- spec/fixtures/interesting_files/xml_rpc/homepage_in_scope_pingback.html
|
448
|
-
- spec/fixtures/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
449
|
-
- spec/fixtures/interesting_files/xml_rpc/xmlrpc.php
|
442
|
+
- spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
|
443
|
+
- spec/fixtures/finders/interesting_files/file.txt
|
444
|
+
- spec/fixtures/finders/interesting_files/headers/interesting.txt
|
445
|
+
- spec/fixtures/finders/interesting_files/headers/no_interesting.txt
|
446
|
+
- spec/fixtures/finders/interesting_files/robots_txt/robots.txt
|
447
|
+
- spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php
|
448
|
+
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html
|
449
|
+
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
450
|
+
- spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
|
450
451
|
- spec/fixtures/output.txt
|
451
452
|
- spec/fixtures/target/platform/php/debug_log/debug.log
|
452
453
|
- spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
|
@@ -473,6 +474,7 @@ test_files:
|
|
473
474
|
- spec/lib/finders/finder/enumerator_spec.rb
|
474
475
|
- spec/lib/finders/finder/smart_url_checker/findings_spec.rb
|
475
476
|
- spec/lib/finders/finder/smart_url_checker_spec.rb
|
477
|
+
- spec/lib/finders/finder_spec.rb
|
476
478
|
- spec/lib/finders/findings_spec.rb
|
477
479
|
- spec/lib/finders/independent_finders_spec.rb
|
478
480
|
- spec/lib/finders/same_type_finder_spec.rb
|