cms_scanner 0.0.33 → 0.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1f93aa617ff534c907d09aed61fc22f2cebb924d
4
- data.tar.gz: cbb4ade08697eaec5c6dbdc8c1a73ec950093a85
3
+ metadata.gz: 452fa0c8c2290b87448608c952c7209f789b9ca2
4
+ data.tar.gz: 5ea8b78419089ff26a041cd62787b785f816a5cb
5
5
  SHA512:
6
- metadata.gz: eccfe8a5c8748f6230e8ab5ac0c6d71ffdc1d1ad2e6946436f27407ee9b5878d7eaebcd3c637fe8ee6a7104cfd376cfe8f86cf33d8e69efadebc234b85d1799a
7
- data.tar.gz: a407110fcb4b2e2f4460b167a7112c099890a874f0bde0b3ebf5a3b66d19e065525c2bcb7c7f87585624b0274862e96c11981e7ae62839737650542b69a3145b
6
+ metadata.gz: 16e142c0b57688548e12b6b7e9df53204d40d46ac4dce1c3d27a5bdd7adf8a0af936bb9123dad7d33ca9cb667a3484874797ac339dd5a415a71d89e24721b498
7
+ data.tar.gz: ca319bb0fcaf4c4f207f8aff69ea31a42119be99d68d473d102f224d2cd435d84808c9e00ffce0928d007b9de9341631a1e46919c292a09e6d39e7868d0de769
@@ -23,8 +23,8 @@ module CMSScanner
23
23
  # @return [ Array<String> ] Downcased known headers
24
24
  def known_headers
25
25
  %w(
26
- age accept-ranges cache-control content-type content-length connection date etag expires
27
- keep-alive location last-modified link pragma set-cookie strict-transport-security
26
+ age accept-ranges cache-control content-encoding content-length content-type connection date
27
+ etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
28
28
  transfer-encoding vary x-cache x-content-security-policy x-content-type-options
29
29
  x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
30
30
  x-webkit-csp x-xss-protection
data/cms_scanner.gemspec CHANGED
@@ -9,10 +9,10 @@ Gem::Specification.new do |s|
9
9
  s.version = CMSScanner::VERSION
10
10
  s.platform = Gem::Platform::RUBY
11
11
  s.required_ruby_version = '>= 2.1.0'
12
- s.authors = ['WPScanTeam - Erwan Le Rousseau']
13
- s.email = ['erwan.lr@gmail.com']
14
- s.summary = 'Experimental CMSScanner'
15
- s.description = 'Experimental CMSScanner'
12
+ s.authors = ['WPScanTeam ']
13
+ s.email = ['team@wpscan.org']
14
+ s.summary = 'CMS Scanner Framework (experimental)'
15
+ s.description = 'Framework to provide an easy way to implement CMS Scanners'
16
16
  s.homepage = 'https://github.com/wpscanteam/CMSScanner'
17
17
  s.license = 'MIT'
18
18
 
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
31
31
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
32
32
  s.require_path = 'lib'
33
33
 
34
- s.add_dependency 'opt_parse_validator', '~> 0.0.12.1'
34
+ s.add_dependency 'opt_parse_validator', '~> 0.0.13'
35
35
  s.add_dependency 'typhoeus', '~> 0.7'
36
36
  s.add_dependency 'nokogiri', '~> 1.6.6'
37
37
  s.add_dependency 'addressable', '~> 2.3.8'
data/lib/cms_scanner.rb CHANGED
@@ -34,25 +34,42 @@ module CMSScanner
34
34
  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
35
35
  NS = self
36
36
 
37
- def self.included(base)
38
- remove_const(:NS)
39
- const_set(:NS, base)
40
- super(base)
41
- end
42
-
43
37
  # Number of requests performed to display at the end of the scan
44
38
  Typhoeus.on_complete do |response|
45
39
  self.total_requests += 1 unless response.cached?
46
40
  end
47
41
 
48
- # @return [ Integer ]
49
- def self.total_requests
50
- @@total_requests ||= 0
42
+ # Module to be able to use these class methods when the CMSScanner
43
+ # is included in another module
44
+ module ClassMethods
45
+ # @return [ Integer ]
46
+ def total_requests
47
+ @@total_requests ||= 0
48
+ end
49
+
50
+ # @param [ Integer ]
51
+ def total_requests=(value)
52
+ @@total_requests = value
53
+ end
54
+
55
+ # The lowercase name of the scanner
56
+ # Mainly used in directory paths like the default cookie-jar file and
57
+ # path to load the cli options from files
58
+ #
59
+ # @return [ String ]
60
+ def app_name
61
+ to_s.underscore
62
+ end
51
63
  end
52
64
 
53
- # @param [ Integer ]
54
- def self.total_requests=(value)
55
- @@total_requests = value
65
+ extend ClassMethods
66
+
67
+ def self.included(base)
68
+ remove_const(:NS)
69
+ const_set(:NS, base)
70
+
71
+ base.extend(ClassMethods)
72
+ super(base)
56
73
  end
57
74
 
58
75
  # Scan
@@ -106,13 +123,7 @@ module CMSScanner
106
123
  # depending on the findings / errors
107
124
  def exit_hook
108
125
  at_exit do
109
- if run_error
110
- exit(NS::ExitCode::CLI_OPTION_ERROR) if run_error.is_a?(OptParseValidator::Error) ||
111
- run_error.is_a?(OptionParser::ParseError)
112
-
113
- exit(NS::ExitCode::INTERRUPTED) if run_error.is_a?(Interrupt)
114
- exit(NS::ExitCode::ERROR)
115
- end
126
+ exit(run_error_exit_code) if run_error
116
127
 
117
128
  controller = controllers.first
118
129
 
@@ -121,6 +132,16 @@ module CMSScanner
121
132
  exit(NS::ExitCode::OK)
122
133
  end
123
134
  end
135
+
136
+ # @return [ Integer ] The exit code related to the run_error
137
+ def run_error_exit_code
138
+ return NS::ExitCode::CLI_OPTION_ERROR if run_error.is_a?(OptParseValidator::Error) ||
139
+ run_error.is_a?(OptionParser::ParseError)
140
+
141
+ return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
142
+
143
+ NS::ExitCode::ERROR
144
+ end
124
145
  end
125
146
  end
126
147
 
@@ -45,7 +45,8 @@ module CMSScanner
45
45
  # @return [ Hash ]
46
46
  def default_request_params
47
47
  params = {
48
- ssl_verifypeer: false, ssl_verifyhost: 2, # Disable SSL-Certificate checks
48
+ # Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
49
+ ssl_verifypeer: false, ssl_verifyhost: 0,
49
50
  headers: { 'User-Agent' => user_agent },
50
51
  accept_encoding: 'gzip, deflate',
51
52
  method: :get
@@ -77,7 +77,7 @@ module CMSScanner
77
77
 
78
78
  # @return [ String ]
79
79
  def tmp_directory
80
- File.join('/tmp', NS.to_s.underscore)
80
+ File.join('/tmp', NS.app_name)
81
81
  end
82
82
 
83
83
  protected
@@ -3,8 +3,20 @@ module CMSScanner
3
3
  class Controllers < Array
4
4
  attr_reader :option_parser
5
5
 
6
+ # @param [ OptParsevalidator::OptParser ] options_parser
6
7
  def initialize(option_parser = OptParseValidator::OptParser.new(nil, 40))
7
8
  @option_parser = option_parser
9
+
10
+ register_options_files
11
+ end
12
+
13
+ # Adds the potential option file paths to the option_parser
14
+ def register_options_files
15
+ [Dir.home, Dir.pwd].each do |dir|
16
+ option_parser.options_files.supported_extensions.each do |ext|
17
+ @option_parser.options_files << File.join(dir, ".#{NS.app_name}", "cli_options.#{ext}")
18
+ end
19
+ end
8
20
  end
9
21
 
10
22
  # @param [ Controller::Base ] controller
@@ -19,15 +19,15 @@ module CMSScanner
19
19
 
20
20
  each do |finder|
21
21
  methods.each do |symbol|
22
- [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
23
- findings << found
24
- end
22
+ run_finder(finder, symbol, opts)
25
23
  end
26
24
  end
27
25
 
28
- findings
26
+ filter_findings
29
27
  end
30
28
 
29
+ protected
30
+
31
31
  # @param [ Symbol ] mode :mixed, :passive or :aggressive
32
32
  # @return [ Array<Symbol> ] The symbols to call for the mode
33
33
  def symbols_from_mode(mode)
@@ -36,6 +36,23 @@ module CMSScanner
36
36
  return symbols if mode.nil? || mode == :mixed
37
37
  symbols.include?(mode) ? [*mode] : []
38
38
  end
39
+
40
+ # @param [ CMSScanner::Finders::Finder ] finder
41
+ # @param [ Symbol ] symbol See return values of #symbols_from_mode
42
+ # @param [ Hash ] opts
43
+ def run_finder(finder, symbol, opts)
44
+ [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
45
+ findings << found
46
+ end
47
+ end
48
+
49
+ # Allow child classes to filter the findings, such as return the best one
50
+ # or remove the low confidence ones.
51
+ #
52
+ # @return [ Findings ]
53
+ def filter_findings
54
+ findings
55
+ end
39
56
  end
40
57
  end
41
58
  end
@@ -13,15 +13,13 @@ module CMSScanner
13
13
  def run(opts = {})
14
14
  symbols_from_mode(opts[:mode]).each do |symbol|
15
15
  each do |finder|
16
- [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
17
- findings << found
18
- end
16
+ run_finder(finder, symbol, opts)
19
17
  end
20
18
  end
21
19
 
22
20
  findings.sort! if opts[:sort]
23
21
 
24
- findings
22
+ filter_findings
25
23
  end
26
24
  end
27
25
  end
@@ -19,9 +19,7 @@ module CMSScanner
19
19
 
20
20
  symbols_from_mode(opts[:mode]).each do |symbol|
21
21
  each do |finder|
22
- [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
23
- findings << found
24
- end
22
+ run_finder(finder, symbol, opts)
25
23
 
26
24
  next if opts[:confidence_threshold] <= 0
27
25
 
@@ -29,13 +27,13 @@ module CMSScanner
29
27
  end
30
28
  end
31
29
 
32
- best_finding(findings)
30
+ filter_findings
33
31
  end
34
32
 
35
- # @param [ Array<Object> ] findings
36
- #
33
+ protected
34
+
37
35
  # @return [ Object, false ] The best finding or false if none
38
- def best_finding(findings)
36
+ def filter_findings
39
37
  # results are sorted by confidence ASC
40
38
  findings.sort_by!(&:confidence)
41
39
 
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.33'
3
+ VERSION = '0.0.34'
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.33
4
+ version: 0.0.34
5
5
  platform: ruby
6
6
  authors:
7
- - WPScanTeam - Erwan Le Rousseau
7
+ - 'WPScanTeam '
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-07-06 00:00:00.000000000 Z
11
+ date: 2015-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: opt_parse_validator
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.12.1
19
+ version: 0.0.13
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.12.1
26
+ version: 0.0.13
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: typhoeus
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -206,9 +206,9 @@ dependencies:
206
206
  - - "~>"
207
207
  - !ruby/object:Gem::Version
208
208
  version: '0.10'
209
- description: Experimental CMSScanner
209
+ description: Framework to provide an easy way to implement CMS Scanners
210
210
  email:
211
- - erwan.lr@gmail.com
211
+ - team@wpscan.org
212
212
  executables: []
213
213
  extensions: []
214
214
  extra_rdoc_files: []
@@ -319,6 +319,6 @@ rubyforge_project:
319
319
  rubygems_version: 2.4.8
320
320
  signing_key:
321
321
  specification_version: 4
322
- summary: Experimental CMSScanner
322
+ summary: CMS Scanner Framework (experimental)
323
323
  test_files: []
324
324
  has_rdoc: