cms_scanner 0.0.20 → 0.0.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5dff32b05d6da49f0ad5697263e3a1e0a3d011a7
-  data.tar.gz: 5373a9c0a91523b45287aa577f07ce53a59fd59e
+  metadata.gz: a6741a1ed0e43eb4ee6a3b37a9b61f1299d9446d
+  data.tar.gz: 3b43b6dd3e55518d83f4995dd4d7770e41217731
 SHA512:
-  metadata.gz: a8c5b0c833ac6514ab85a5a1c5d00a7932eb41c33ad44bfcba544935b84c7405771b06b8ec833d3b211317af4412515db9b075cc88f17a56adcb1a64b2907ed5
-  data.tar.gz: 1a568813897294b4958f5f3f23ce245b64fa5322698a353bf5504bf599f8ef02a90c5a96dcf52b53dce0e3ccd7acc3225a9feae590cbc6f7b1c7bee41c4f6ba4
+  metadata.gz: 1ecfc37f369814a5ffe4e7d9bd7e024555709cc92b4a4775bfbac3040b012b4995f0fb1a4fd35c77a16ce704e6b3549d981f4cf3abe7520ba020528b704582d3
+  data.tar.gz: a97daef772ba84ccf58768c38f5705c41da72174fc30f44badea0e0420f97bec73df414bd0c40f065c21609701b621fe56bb0a54f8b9e93633fea6af3e81cf79

data/app/controllers/core/cli_options.rb

@@ -25,6 +25,10 @@ module CMSScanner
       def cli_browser_options
         [
           OptString.new(['--user-agent VALUE', '--ua']),
+          OptBoolean.new(['--random-user-agent', '--rua',
+                          'Use a random user-agent for each scan']),
+          OptFilePath.new(['--user-agents-list FILE-PATH',
+                           'List of agents to use with --random-user-agent'], exists: true),
           OptCredentials.new(['--http-auth login:password']),
           OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
                                  default: 5),

data/app/user_agents.txt

@@ -0,0 +1,46 @@
+# Windows
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
+Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
+Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
+Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
+Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
+Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
+
+# MAC
+Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
+
+# Linux
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
+Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
+Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
+Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
+Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0
+
+# iPad
+Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25
+
+# iPhone
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_3 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B511 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53

data/lib/cms_scanner/browser/options.rb

@@ -8,10 +8,12 @@ module CMSScanner
       :connect_timeout,
       :http_auth,
       :max_threads,
+      :user_agent,
+      :user_agents_list,
       :proxy,
       :proxy_auth,
-      :request_timeout,
-      :user_agent
+      :random_user_agent,
+      :request_timeout
     ]
 
     attr_accessor(*OPTIONS)
@@ -36,9 +38,33 @@ module CMSScanner
       hydra.max_concurrency = @max_threads
     end
 
-    # Default user agent
+    # @return [ String ] The path to the user agents list
+    def user_agents_list
+      @user_agents_list ||= File.join(APP_DIR, 'user_agents.txt')
+    end
+
+    # @return [ Array<String> ]
+    def user_agents
+      return @user_agents if @user_agents
+
+      @user_agents = []
+
+      File.open(user_agents_list).each do |line|
+        next if line == "\n" || line[0, 1] == '#'
+        @user_agents << line.chomp
+      end
+
+      @user_agents
+    end
+
+    # @return [ String ]
+    def default_user_agent
+      "CMSScanner v#{VERSION}"
+    end
+
+    # @return [ String ] The user agent
     def user_agent
-      @user_agent ||= "CMSScanner v#{VERSION}"
+      @user_agent ||= random_user_agent ? user_agents.sample : default_user_agent
     end
   end
 end

data/lib/cms_scanner/finders/independent_finders.rb

@@ -15,8 +15,10 @@ module CMSScanner
       #
       # @return [ Findings ]
       def run(opts = {})
+        methods = symbols_from_mode(opts[:mode])
+
         each do |finder|
-          symbols_from_mode(opts[:mode]).each do |symbol|
+          methods.each do |symbol|
             [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
               findings << found
             end

data/lib/cms_scanner/target/server.rb

@@ -1,3 +1,4 @@
 require 'cms_scanner/target/server/generic'
 require 'cms_scanner/target/server/apache'
 require 'cms_scanner/target/server/iis'
+require 'cms_scanner/target/server/nginx'

data/lib/cms_scanner/target/server/apache.rb

@@ -6,37 +6,18 @@ module CMSScanner
         # @param [ String ] path
         # @param [ Hash ] params The request params
         #
-        # @return [ Symbol ] :apache
+        # @return [ Symbol ] :Apache
         def server(_path = nil, _params = {})
           :Apache
         end
 
-        # @param [ String ] path
-        # @param [ Hash ] params The request params
-        #
-        # @return [ Boolean ] true if url(path) has the directory
-        #                          listing enabled, false otherwise
-        def directory_listing?(path = nil, params = {})
-          res = NS::Browser.get(url(path), params)
-
-          res.code == 200 && res.body =~ /<h1>Index of/ ? true : false
-        end
-
         # @param [ String ] path
         # @param [ Hash ] params The request params
         #
         # @return [ Array<String> ] The first level of directories/files listed,
         #                           or an empty array if none
         def directory_listing_entries(path = nil, params = {})
-          return [] unless directory_listing?(path, params)
-
-          found = []
-
-          NS::Browser.get(url(path), params).html.css('td a').each do |node|
-            found << node.text.to_s
-          end
-
-          found[1..-1] # returns the array w/o the first element 'Parent Directory'
+          super(path, params, 'td a')
         end
       end
     end

data/lib/cms_scanner/target/server/generic.rb

@@ -1,12 +1,12 @@
 module CMSScanner
   class Target < WebSite
     module Server
-      # Some Apche specific implementation
+      # Generic Server methods
       module Generic
         # @param [ String ] path
         # @param [ Hash ] params The request params
         #
-        # @return [ Symbol ] The detected remote server (:Apache, :IIS)
+        # @return [ Symbol ] The detected remote server (:Apache, :IIS, :Nginx)
         def server(path = nil, params = {})
           headers = headers(path, params)
 
@@ -17,6 +17,8 @@ module CMSScanner
             :Apache
           when /\AMicrosoft-IIS/i
             :IIS
+          when /\Anginx/
+            :Nginx
           end
         end
 
@@ -28,6 +30,42 @@ module CMSScanner
           # The HEAD method might be rejected by some servers ... maybe switch to GET ?
           NS::Browser.head(url(path), params).headers
         end
+
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Boolean ] true if url(path) has the directory
+        #                          listing enabled, false otherwise
+        def directory_listing?(path = nil, params = {})
+          res = NS::Browser.get(url(path), params)
+
+          res.code == 200 && res.body =~ /<h1>Index of/ ? true : false
+        end
+
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        # @param [ String ] selector
+        # @param [ Regexp ] ignore
+        #
+        # @return [ Array<String> ] The first level of directories/files listed,
+        #                           or an empty array if none
+        def directory_listing_entries(
+          path = nil, params = {},
+          selector = 'pre a', ignore = /parent directory/i
+        )
+          return [] unless directory_listing?(path, params)
+
+          found = []
+
+          NS::Browser.get(url(path), params).html.css(selector).each do |node|
+            entry = node.text.to_s
+
+            next if entry =~ ignore
+            found << entry
+          end
+
+          found
+        end
       end
     end
   end

data/lib/cms_scanner/target/server/iis.rb

@@ -6,7 +6,7 @@ module CMSScanner
         # @param [ String ] path
         # @param [ Hash ] params The request params
         #
-        # @return [ Symbol ] :iis
+        # @return [ Symbol ] :IIS
         def server(_path = nil, _params = {})
           :IIS
         end
@@ -21,26 +21,6 @@ module CMSScanner
 
           res.code == 200 && res.body =~ /<H1>#{uri.host} - \// ? true : false
         end
-
-        # @param [ String ] path
-        # @param [ Hash ] params The request params
-        #
-        # @return [ Array<String> ] The first level of directories/files listed,
-        #                           or an empty array if none
-        def directory_listing_entries(path = nil, params = {})
-          return [] unless directory_listing?(path, params)
-
-          found = []
-
-          NS::Browser.get(url(path), params).html.css('pre a').each do |node|
-            entry = node.text.to_s
-
-            next if entry == '[To Parent Directory]'
-            found << entry
-          end
-
-          found
-        end
       end
     end
   end

data/lib/cms_scanner/target/server/nginx.rb

@@ -0,0 +1,25 @@
+module CMSScanner
+  class Target < WebSite
+    module Server
+      # Some Nginx specific implementation
+      module Nginx
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Symbol ] :Nginx
+        def server(_path = nil, _params = {})
+          :Nginx
+        end
+
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Array<String> ] The first level of directories/files listed,
+        #                           or an empty array if none
+        def directory_listing_entries(path = nil, params = {})
+          super(path, params, 'pre a', /\A\.\./i)
+        end
+      end
+    end
+  end
+end

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.20'
+  VERSION = '0.0.21'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.20
+  version: 0.0.21
 platform: ruby
 authors:
 - WPScanTeam - Erwan Le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-13 00:00:00.000000000 Z
+date: 2015-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -238,6 +238,7 @@ files:
 - app/models/robots_txt.rb
 - app/models/version.rb
 - app/models/xml_rpc.rb
+- app/user_agents.txt
 - app/views/cli/core/banner.erb
 - app/views/cli/core/finished.erb
 - app/views/cli/core/started.erb
@@ -285,6 +286,7 @@ files:
 - lib/cms_scanner/target/server/apache.rb
 - lib/cms_scanner/target/server/generic.rb
 - lib/cms_scanner/target/server/iis.rb
+- lib/cms_scanner/target/server/nginx.rb
 - lib/cms_scanner/typhoeus/hydra.rb
 - lib/cms_scanner/typhoeus/response.rb
 - lib/cms_scanner/version.rb