cms_scanner 0.0.2

data/app/formatters/cli_no_colour.rb

@@ -0,0 +1,15 @@
+module CMSScanner
+  module Formatter
+    # CLI No Colour Formatter
+    class CliNoColour < Cli
+      # Override to get the cli views
+      def format
+        'cli'
+      end
+
+      def colorize(text, _color_code)
+        text
+      end
+    end
+  end
+end

data/app/formatters/json.rb

@@ -0,0 +1,12 @@
+module CMSScanner
+  module Formatter
+    # JSON Formatter
+    class Json < Base
+      include Buffer
+
+      def beautify
+        puts JSON.pretty_generate(JSON.parse("{#{buffer.chomp.chomp(',')}}"))
+      end
+    end
+  end
+end

data/app/models.rb

@@ -0,0 +1,5 @@
+require_relative 'models/interesting_file'
+require_relative 'models/robots_txt'
+require_relative 'models/fantastico_fileslist'
+require_relative 'models/headers'
+require_relative 'models/xml_rpc'

data/app/models/fantastico_fileslist.rb

@@ -0,0 +1,20 @@
+module CMSScanner
+  # FantasticoFileslist
+  class FantasticoFileslist < InterestingFile
+    # @return [ Array<String> ] The interesting files/dirs detected
+    def interesting_entries
+      results = []
+
+      entries.each do |entry|
+        next unless entry =~ /(?:admin|\.log|\.sql|\.db)/i
+
+        results << entry
+      end
+      results
+    end
+
+    def references
+      %w(http://www.acunetix.com/vulnerabilities/fantastico-fileslist/)
+    end
+  end
+end

data/app/models/headers.rb

@@ -0,0 +1,37 @@
+module CMSScanner
+  # Not really an interesting file, but will use this class for convenience
+  class Headers < InterestingFile
+    # @return [ Hash ] The headers
+    def entries
+      res = NS::Browser.get(url)
+      return [] unless res && res.headers
+      res.headers
+    end
+
+    # @return [ Array<String> ] The interesting headers detected
+    def interesting_entries
+      results = []
+
+      entries.each do |header, value|
+        next if known_headers.include?(header.downcase)
+
+        results << "#{header}: #{value}"
+      end
+      results
+    end
+
+    # @return [ Array<String> ] Downcased known headers
+    def known_headers
+      %w(
+        age accept-ranges cache-control content-type content-length connection date etag expires
+        location last-modified link pragma set-cookie strict-transport-security transfer-encoding
+        vary x-cache x-content-security-policy x-content-type-options x-frame-options x-language
+        x-permitted-cross-domain-policies x-pingback x-varnish x-webkit-csp x-xss-protection
+      )
+    end
+
+    def eql?(other)
+      super(other) && interesting_entries == other.interesting_entries
+    end
+  end
+end

data/app/models/interesting_file.rb

@@ -0,0 +1,30 @@
+module CMSScanner
+  # Interesting File
+  class InterestingFile
+    include NS::Finders::Finding
+
+    attr_reader :url
+
+    def initialize(url, opts = {})
+      @url = url
+      parse_finding_options(opts)
+    end
+
+    # @return [ Array<String> ]
+    def entries
+      res = NS::Browser.get(url)
+
+      return [] unless res && res.headers['Content-Type'] =~ /\Atext\/plain;/i
+
+      res.body.split("\n").reject { |s| s.strip.empty? }
+    end
+
+    def ==(other)
+      url == other.url
+    end
+
+    def eql?(other)
+      url == other.url && confidence == other.confidence && found_by == other.found_by
+    end
+  end
+end

data/app/models/robots_txt.rb

@@ -0,0 +1,20 @@
+module CMSScanner
+  # Robots.txt
+  class RobotsTxt < InterestingFile
+    # @todo Better detection, currently everythinh not empty or / is returned
+    #
+    # @return [ Array<String> ] The interesting Allow/Disallow rules detected
+    def interesting_entries
+      results = []
+
+      entries.each do |entry|
+        next unless entry =~ /\A(?:dis)?allow:\s*(.+)\z/i
+        match = Regexp.last_match(1)
+        next if match == '/'
+
+        results << match
+      end
+      results
+    end
+  end
+end

data/app/models/xml_rpc.rb

@@ -0,0 +1,35 @@
+module CMSScanner
+  # XML RPC
+  class XMLRPC < InterestingFile
+    # @param [ String ] method
+    # @param [ Array ] params
+    # @param [ Hash ] request_params
+    #
+    # @return [ Typhoeus::Response ]
+    def call(method, params = [], request_params = {})
+      NS::Browser.post(url, request_params.merge(body: request_body(method, params)))
+    end
+
+    # Might be better to use Nokogiri to create the XML body ?
+    #
+    # @param [ String ] method
+    # @param [ Array ] params
+    #
+    # @return [ String ] The body of the XML RPC request
+    def request_body(method, params = [])
+      p_body = ''
+
+      params.each { |p| p_body << "<param><value><string>#{p}</string></value></param>" }
+
+      body = '<?xml version="1.0"?><methodCall>'
+      body << "<methodName>#{method}</methodName>"
+      body << "<params>#{p_body}</params>" unless p_body.length == 0
+      body << '</methodCall>'
+    end
+
+    # Use the system.listMethods to get the list of available methods ?
+    # def entries
+    #
+    # end
+  end
+end

data/app/views/cli/core/finished.erb

@@ -0,0 +1,4 @@
+
+<%= green('[+]') %> Finished: <%= @stop_time.asctime %>
+<%= green('[+]') %> Memory used: <%= @used_memory.bytes_to_human %>
+<%= green('[+]') %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>

data/app/views/cli/core/started.erb

@@ -0,0 +1,3 @@
+<%= green('[+]') %> URL: <%= @url %>
+<%= green('[+]') %> Started: <%= @start_time.asctime %>
+

data/app/views/cli/interesting_files/findings.erb

@@ -0,0 +1,19 @@
+Interesting Findings: <%= @findings.size %>
+
+<% @findings.each do |finding| -%>
+[+] <%= finding.url %>
+ | Confidence: <%= finding.confidence %>%
+ | Found By: <%= finding.found_by %>
+<% unless (confirmed = finding.confirmed_by).empty? -%>
+ | Confirmed By:
+<% confirmed.each do |c| -%>
+ |  - <%= c.found_by %>, <%= c.confidence %>% confidence
+<% end -%>
+<% end -%>
+<% unless (entries = finding.interesting_entries).empty? -%>
+ | Interesting Entries:
+<% entries.each do |entry| -%>
+ |  - <%= entry %>
+<% end -%>
+<% end %>
+<% end %>

data/app/views/cli/scan_aborted.erb

@@ -0,0 +1,4 @@
+Scan Aborted: <%= @reason %>
+<% if @verbose -%>
+Trace: <%= @trace.join("\n") %>
+<% end %>

data/app/views/json/core/finished.erb

@@ -0,0 +1,3 @@
+"stop_time": <%= @stop_time.to_i %>,
+"elapsed": <%= @elapsed %>,
+"used_memory": <%= @used_memory %>,

data/app/views/json/core/started.erb

@@ -0,0 +1,3 @@
+"start_time": <%= @start_time.to_i %>,
+"start_memory": <%= @start_memory %>,
+"target_url": "<%= @url %>",

data/app/views/json/interesting_files/findings.erb

@@ -0,0 +1 @@
+"todo": "Not yet done",

data/app/views/json/scan_aborted.erb

@@ -0,0 +1,4 @@
+"scan_aborted": "<%= @reason %>",
+<% if @verbose -%>
+"trace": <%= @trace %>,
+<% end %>

data/cms_scanner.gemspec

@@ -0,0 +1,37 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'cms_scanner/version'
+
+Gem::Specification.new do |s|
+  s.name                  = 'cms_scanner'
+  s.version               = CMSScanner::VERSION
+  s.platform              = Gem::Platform::RUBY
+  s.required_ruby_version = '>= 2.0.0'
+  s.authors               = ['WPScanTeam - Erwan le Rousseau']
+  s.email                 = ['erwan.lr@gmail.com']
+  s.summary               = 'Experimental CMSScanner'
+  s.description           = 'Experimental CMSScanner'
+  s.homepage              = 'https://github.com/wpscanteam/CMSScanner'
+  s.license               = 'MIT'
+
+  s.files                 = `git ls-files -z`.split("\x0")
+  s.executables           = s.files.grep(/^bin\//) { |f| File.basename(f) }
+  s.test_files            = s.files.grep(/^(test|spec|features)\//)
+  s.require_path         = 'lib'
+
+  s.add_dependency 'opt_parse_validator', '~> 0.0.2'
+  s.add_dependency 'typhoeus'
+  s.add_dependency 'nokogiri'
+  s.add_dependency 'addressable'
+  s.add_dependency 'activesupport'
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec', '~> 3.1'
+  s.add_development_dependency 'rspec-its'
+  s.add_development_dependency 'bundler', '~> 1.6'
+  s.add_development_dependency 'rubocop', '~> 0.26'
+  s.add_development_dependency 'webmock', '>= 1.18'
+  s.add_development_dependency 'simplecov', '~> 0.9'
+end

data/examples/views/cli/wp_custom/test.erb

@@ -0,0 +1 @@
+Testing! --wpscan-option = <%= @option %>

data/examples/views/json/wp_custom/test.erb

@@ -0,0 +1 @@
+"--wpscan-option": <%= @option.to_json %>,

data/examples/wpscan.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+
+require 'cms_scanner'
+
+# Custom WPScan Scanner
+module WPScan
+  include CMSScanner
+
+  module Controller
+    # Custom WPScan Controller
+    class WpCustom < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptString.new(['--wpscan-option VALUE'])
+        ]
+      end
+
+      def run
+        output('test', option: parsed_options[:wpscan_option])
+      end
+    end
+  end
+end
+
+WPScan::Scan.new do |s|
+  s.controllers << WPScan::Controller::WpCustom.new
+  s.views_directories << Pathname.new(__FILE__).dirname.join('views').to_s
+  s.run
+end

data/lib/cms_scanner.rb

@@ -0,0 +1,71 @@
+# Gems
+require 'opt_parse_validator'
+require 'typhoeus'
+require 'nokogiri'
+require 'active_support/inflector'
+require 'addressable/uri'
+# Standard Libs
+require 'erb'
+require 'fileutils'
+require 'pathname'
+# Custom Libs
+require 'helper'
+require 'cms_scanner/errors/auth_errors'
+require 'cms_scanner/cache/typhoeus'
+require 'cms_scanner/target'
+require 'cms_scanner/browser'
+require 'cms_scanner/version'
+require 'cms_scanner/controller'
+require 'cms_scanner/controllers'
+require 'cms_scanner/formatter'
+require 'cms_scanner/finders'
+
+# Module
+module CMSScanner
+  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
+  NS      = self
+
+  def self.included(base)
+    remove_const(:NS)
+    const_set(:NS, base)
+    super(base)
+  end
+
+  # Scan
+  class Scan
+    def initialize
+      controllers << NS::Controller::Core.new
+
+      yield self if block_given?
+    end
+
+    # @return [ Controllers ]
+    def controllers
+      @controllers ||= NS::Controllers.new
+    end
+
+    def run
+      controllers.run
+    rescue => e
+      formatter.output('@scan_aborted',
+                       reason: e.message,
+                       trace: e.backtrace,
+                       verbose: controllers.first.parsed_options[:verbose])
+    ensure
+      formatter.beautify
+    end
+
+    # Used for convenience
+    # @See Formatter
+    def formatter
+      controllers.first.formatter
+    end
+
+    # @return [ Hash ]
+    def datastore
+      controllers.first.datastore
+    end
+  end
+end
+
+require "#{CMSScanner::APP_DIR}/app"

data/lib/cms_scanner/browser.rb

@@ -0,0 +1,68 @@
+require 'cms_scanner/browser/actions'
+require 'cms_scanner/browser/options'
+
+module CMSScanner
+  # Singleton used to perform HTTP/HTTPS request to the target
+  class Browser
+    extend Actions
+
+    # @param [ Hash ] parsed_options
+    #
+    # @return [ Void ]
+    def initialize(parsed_options = {})
+      load_options(parsed_options)
+    end
+
+    private_class_method :new
+
+    # @param [ Hash ] parsed_options
+    #
+    # @return [ Browser ] The instance
+    def self.instance(parsed_options = {})
+      @@instance ||= new(parsed_options)
+    end
+
+    def self.reset
+      @@instance = nil
+    end
+
+    # @param [ String ] url
+    # @param [ Hash ] params
+    #
+    # @return [ Typhoeus::Request ]
+    def forge_request(url, params = {})
+      Typhoeus::Request.new(url, request_params(params))
+    end
+
+    # @return [ Hash ]
+    def default_request_params
+      params = {
+        ssl_verifypeer: false, # Disable SSL-Certificate checks
+        ssl_verifyhost: 2, # Disable SSL-Certificate checks
+        headers: { 'User-Agent' => user_agent }
+      }
+
+      { connecttimeout: :connect_timeout, cache_ttl: :cache_ttl,
+        proxy: :proxy, timeout: :request_timeout, cookiejar: :cookie_jar,
+        cookiefile: :cookie_jar, cookie: :cookie_string
+      }.each do |typhoeus_opt, browser_opt|
+        attr_value = public_send(browser_opt)
+        params[typhoeus_opt] = attr_value unless attr_value.nil?
+      end
+
+      params[:proxyauth] = "#{proxy_auth[:username]}:#{proxy_auth[:password]}" if proxy_auth
+      params[:userpwd] = "#{http_auth[:username]}:#{http_auth[:password]}" if http_auth
+
+      params
+    end
+
+    # @param [ Hash ] params
+    #
+    # @return [ Hash ]
+    def request_params(params = {})
+      default_request_params.merge(params) do |key, oldval, newval|
+        key == :headers ? oldval.merge(newval) : newval
+      end
+    end
+  end
+end