cms_scanner 0.0.2

data/lib/cms_scanner/version.rb

@@ -0,0 +1,4 @@
+# Version
+module CMSScanner
+  VERSION = '0.0.2'
+end

data/lib/cms_scanner/web_site.rb

@@ -0,0 +1,68 @@
+module CMSScanner
+  # WebSite Implementation
+  class WebSite
+    attr_reader :uri
+
+    def initialize(site_url)
+      self.url = site_url.dup
+    end
+
+    def url=(site_url)
+      # Add a trailing slash to the site url
+      site_url << '/' if site_url[-1, 1] != '/'
+
+      # Use the validator to ensure the site_url has a correct format
+      OptParseValidator::OptURL.new([]).validate(site_url)
+
+      @uri = Addressable::URI.parse(site_url)
+    end
+
+    # Used for convenience
+    #
+    # @param [ String ] path Optional path to merge with the uri
+    #
+    # @return [ String ]
+    def url(path = nil)
+      @uri.join(path || '').to_s
+    end
+
+    # Checks if the remote website is up.
+    #
+    # @return [ Boolean ]
+    def online?
+      NS::Browser.get(url).code != 0
+    end
+
+    # @return [ Boolean ]
+    def http_auth?
+      NS::Browser.get(url).code == 401
+    end
+
+    # @return [ Boolean ]
+    def proxy_auth?
+      NS::Browser.get(url).code == 407
+    end
+
+    # See if the remote url returns 30x redirect
+    # This method is recursive
+    #
+    # @param [ String ] url
+    #
+    # @return [ String ] The redirection url or nil
+    def redirection(url = nil)
+      url    ||= @uri.to_s
+      response = NS::Browser.get(url)
+
+      if response.code == 301 || response.code == 302
+        redirection = response.headers_hash['location']
+
+        # Let's check if there is a redirection in the redirection
+        if (other_redirection = redirection(redirection))
+          redirection = other_redirection
+        end
+      end
+
+      redirection
+    end
+  end
+end

data/lib/helper.rb

@@ -0,0 +1,24 @@
+
+# @param [ String ] file The file path
+def redirect_output_to_file(file)
+  $stdout.reopen(file, 'w')
+  $stdout.sync = true
+  $stderr.reopen($stdout) # Not sure if this is needed
+end
+
+# @return [ Integer ] The memory of the current process in Bytes
+def memory_usage
+  `ps -o rss= -p #{Process.pid}`.to_i * 1024 # ps returns the value in KB
+end
+
+# Hack of the Numeric class
+class Numeric
+  # @return [ String ] A human readable string of the value
+  def bytes_to_human
+    units = %w(B KB MB GB TB)
+    e     = self > 0 ? (Math.log(self) / Math.log(1024)).floor : 0
+    s     = format('%.3f', (to_f / 1024**e))
+
+    s.sub(/\.?0*$/, ' ' + units[e])
+  end
+end

data/spec/app/controllers/core_spec.rb

@@ -0,0 +1,152 @@
+require 'spec_helper'
+
+describe CMSScanner::Controller::Core do
+
+  subject(:core)       { described_class.new }
+  let(:target_url)     { 'http://example.com/' }
+  let(:parsed_options) { { url: target_url } }
+
+  before do
+    CMSScanner::Browser.reset
+    described_class.parsed_options = parsed_options
+  end
+
+  its(:cli_options) { should_not be_empty }
+  its(:cli_options) { should be_a Array }
+
+  describe '#setup_cache' do
+    context 'when no cache_dir supplied (or default)' do
+      it 'returns nil' do
+        expect(core.setup_cache).to eq nil
+      end
+    end
+
+    context 'when cache_dir' do
+      let(:parsed_options) { super().merge(cache_dir: CACHE) }
+      let(:cache)          { Typhoeus::Config.cache }
+      let(:storage) { File.join(parsed_options[:cache_dir], Digest::MD5.hexdigest(target_url)) }
+
+      before { core.setup_cache }
+      after  { Typhoeus::Config.cache = nil }
+
+      it 'sets up the cache' do
+        expect(cache).to be_a CMSScanner::Cache::Typhoeus
+        expect(cache.storage_path).to eq storage
+      end
+    end
+  end
+
+  describe '#before_scan' do
+    it 'raise an error when the site is down' do
+      stub_request(:get, target_url).to_return(status: 0)
+
+      expect { core.before_scan }
+        .to raise_error("The url supplied '#{target_url}' seems to be down")
+    end
+
+    it 'raises an error when the site redirects' do
+      redirection = 'http://somewhere.com'
+
+      stub_request(:get, target_url).to_return(status: 301, headers: { location: redirection })
+      stub_request(:get, redirection).to_return(status: 200)
+
+      expect { core.before_scan }
+        .to raise_error("The url supplied redirects to #{redirection}")
+    end
+
+    # This is quite a mess (as Webmock doesn't issue itself another 401
+    # when credential are incorrect :/)
+    context 'when http authentication' do
+      context 'when no credentials' do
+        before { stub_request(:get, target_url).to_return(status: 401) }
+
+        it 'raises an error' do
+          expect { core.before_scan }.to raise_error(CMSScanner::HTTPAuthRequiredError)
+        end
+      end
+
+      context 'when credentials' do
+        context 'when valid' do
+          before { stub_request(:get, 'http://user:pass@example.com') }
+
+          let(:parsed_options) { super().merge(http_auth: { username: 'user', password: 'pass' }) }
+
+          it 'does not raise any error' do
+            expect { core.before_scan }.to_not raise_error
+          end
+        end
+
+        context 'when invalid' do
+          before { stub_request(:get, 'http://user:p@ss@example.com').to_return(status: 401) }
+
+          let(:parsed_options) { super().merge(http_auth: { username: 'user', password: 'p@ss' }) }
+
+          it 'raises an error' do
+            expect { core.before_scan }.to raise_error(CMSScanner::HTTPAuthRequiredError)
+          end
+        end
+      end
+    end
+
+    context 'when proxy authentication' do
+      before { stub_request(:get, target_url).to_return(status: 407) }
+
+      context 'when no credentials' do
+        it 'raises an error' do
+          expect { core.before_scan }.to raise_error(CMSScanner::ProxyAuthRequiredError)
+        end
+      end
+
+      context 'when invalid credentials' do
+        let(:parsed_options) { super().merge(proxy_auth: { username: 'user', password: 'p@ss' }) }
+
+        it 'raises an error' do
+          expect(CMSScanner::Browser.instance.proxy_auth).to eq(parsed_options[:proxy_auth])
+
+          expect { core.before_scan }.to raise_error(CMSScanner::ProxyAuthRequiredError)
+        end
+      end
+
+      context 'when valid credentials' do
+        before { stub_request(:get, target_url) }
+
+        let(:parsed_options) { super().merge(proxy_auth: { username: 'user', password: 'pass' }) }
+
+        it 'raises an error' do
+          expect(CMSScanner::Browser.instance.proxy_auth).to eq(parsed_options[:proxy_auth])
+
+          expect { core.before_scan }.to_not raise_error
+        end
+      end
+    end
+  end
+
+  describe '#run' do
+    it 'calls the formatter with the correct parameters' do
+      expect(core.formatter).to receive(:output)
+        .with('started',
+              hash_including(:start_memory, :start_time, :verbose, url: target_url),
+              'core')
+
+      core.run
+    end
+  end
+
+  describe '#after_scan' do
+    let(:keys) { [:verbose, :start_time, :stop_time, :start_memory, :elapsed, :used_memory] }
+
+    it 'calles the formatter with the correct parameters' do
+      # Call the #run once to ensure that @start_time & @start_memory are set
+      expect(core).to receive(:output).with('started', url: target_url)
+      core.run
+
+      RSpec::Mocks.space.proxy_for(core).reset # Must reset due to the above statements
+
+      expect(core.formatter).to receive(:output)
+        .with('finished', hash_including(*keys), 'core')
+
+      core.after_scan
+    end
+  end
+
+end

data/spec/app/controllers/interesting_files_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe CMSScanner::Controller::InterestingFiles do
+
+  subject(:controller) { described_class.new }
+  let(:target_url)     { 'http://example.com/' }
+  let(:parsed_options) { { url: target_url } }
+
+  before do
+    CMSScanner::Browser.reset
+    described_class.parsed_options = parsed_options
+  end
+
+  its(:cli_options) { should be_nil }
+  its(:before_scan) { should be_nil }
+  its(:after_scan)  { should be_nil }
+
+  describe '#run' do
+    before do
+      expect(controller.target).to receive(:interesting_files)
+        .with(mode: parsed_options[:detection_mode]).and_return(stubbed)
+    end
+    after { controller.run }
+
+    [:mixed, :passive, :aggressive].each do |mode|
+      context "when #{mode} mode" do
+        let(:parsed_options) { super().merge(detection_mode: mode) }
+
+        context 'when no findings' do
+          let(:stubbed) { [] }
+
+          it 'does not call the formatter' do
+            expect(controller.formatter).to_not receive(:output)
+          end
+        end
+
+        # TODO: Test the output with a dummy finding ?
+        context 'when findings' do
+          let(:stubbed) { ['yolo'] }
+
+          it 'calls the formatter with the correct parameter' do
+            expect(controller.formatter).to receive(:output)
+              .with('findings', hash_including(findings: stubbed), 'interesting_files')
+          end
+        end
+      end
+    end
+  end
+
+end

data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::InterestingFile::FantasticoFileslist do
+
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { CMSScanner::Target.new(url) }
+  let(:url)        { 'http://example.com/' }
+  let(:file)       { url + 'fantastico_fileslist.txt' }
+  let(:fixtures)   { File.join(FIXTURES, 'interesting_files', 'fantastico_fileslist') }
+
+  describe '#url' do
+    its(:url) { should eq file }
+  end
+
+  describe '#aggressive' do
+    after do
+      stub_request(:get, file).to_return(status: status, body: body, headers: headers)
+
+      result = finder.aggressive
+
+      expect(result).to be_a CMSScanner::FantasticoFileslist if @expected
+      expect(result).to eql @expected
+    end
+
+    let(:body)    { '' }
+    let(:headers) { { 'Content-Type' => 'text/html ' } }
+
+    context 'when 404' do
+      let(:status) { 404 }
+
+      it 'returns nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when 200' do
+      let(:status) { 200 }
+
+      context 'when the body is empty' do
+        it 'returns nil' do
+          @expected = nil
+        end
+      end
+
+      context 'when not a text/plain Content-Type' do
+        let(:body) { 'not an empty body' }
+
+        it 'returns nil' do
+          @expected = nil
+        end
+      end
+
+      context 'when the body matches and Content-Type = text/plain' do
+        let(:body)    { File.new(File.join(fixtures, 'fantastico_fileslist.txt')).read }
+        let(:headers) { { 'Content-Type' => 'text/plain' } }
+
+        it 'returns the InterestingFile result' do
+          @expected = CMSScanner::FantasticoFileslist.new(
+            file,
+            confidence: 100,
+            found_by: 'FantasticoFileslist (aggressive detection)'
+          )
+        end
+      end
+    end
+  end
+
+end

data/spec/app/finders/interesting_files/headers_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::InterestingFile::Headers do
+
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { CMSScanner::Target.new(url) }
+  let(:url)        { 'http://example.com/' }
+  let(:fixtures)   { File.join(FIXTURES, 'interesting_files', 'headers') }
+  let(:fixture)    { File.join(fixtures, 'interesting.txt') }
+  let(:headers)    { parse_headers_file(fixture) }
+
+  describe '#passive' do
+    before { stub_request(:get, url).to_return(headers: headers) }
+
+    after do
+      if @expected
+        result = finder.passive
+
+        expect(result).to be_a CMSScanner::Headers
+        expect(result).to eql @expected
+      end
+    end
+
+    context 'when no headers' do
+      let(:headers) { {} }
+
+      its(:passive) { should be nil }
+    end
+
+    context 'when headers' do
+      it 'returns the result' do
+        opts      = { confidence: 100, found_by: 'Headers (passive detection)' }
+        @expected = CMSScanner::Headers.new(url, opts)
+      end
+    end
+  end
+
+end

data/spec/app/finders/interesting_files/robots_txt_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::InterestingFile::RobotsTxt do
+
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { CMSScanner::Target.new(url) }
+  let(:url)        { 'http://example.com/' }
+  let(:robots_txt) { url + 'robots.txt' }
+  let(:fixtures)   { File.join(FIXTURES, 'interesting_files', 'robots_txt') }
+
+  describe '#url' do
+    its(:url) { should eq robots_txt }
+  end
+
+  describe '#aggressive' do
+    after do
+      stub_request(:get, robots_txt).to_return(status: status, body: body)
+
+      result = finder.aggressive
+
+      expect(result).to be_a CMSScanner::RobotsTxt if @expected
+      expect(finder.aggressive).to eql @expected
+    end
+
+    let(:body) { '' }
+
+    context 'when 404' do
+      let(:status) { 404 }
+
+      it 'returns nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when 200' do
+      let(:status) { 200 }
+
+      context 'when the body is empty' do
+        it 'returns nil' do
+          @expected = nil
+        end
+      end
+
+      context 'when the body matches a robots.txt' do
+        let(:body) { File.new(File.join(fixtures, 'robots.txt')).read }
+
+        it 'returns the InterestingFile result' do
+          @expected = CMSScanner::RobotsTxt.new(robots_txt,
+                                                confidence: 100,
+                                                found_by: 'RobotsTxt (aggressive detection)')
+        end
+      end
+    end
+  end
+
+end