cms_scanner 0.0.33 → 0.0.34
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/headers.rb +2 -2
- data/cms_scanner.gemspec +5 -5
- data/lib/cms_scanner.rb +40 -19
- data/lib/cms_scanner/browser.rb +2 -1
- data/lib/cms_scanner/controller.rb +1 -1
- data/lib/cms_scanner/controllers.rb +12 -0
- data/lib/cms_scanner/finders/independent_finders.rb +21 -4
- data/lib/cms_scanner/finders/same_type_finders.rb +2 -4
- data/lib/cms_scanner/finders/unique_finders.rb +5 -7
- data/lib/cms_scanner/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 452fa0c8c2290b87448608c952c7209f789b9ca2
|
4
|
+
data.tar.gz: 5ea8b78419089ff26a041cd62787b785f816a5cb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 16e142c0b57688548e12b6b7e9df53204d40d46ac4dce1c3d27a5bdd7adf8a0af936bb9123dad7d33ca9cb667a3484874797ac339dd5a415a71d89e24721b498
|
7
|
+
data.tar.gz: ca319bb0fcaf4c4f207f8aff69ea31a42119be99d68d473d102f224d2cd435d84808c9e00ffce0928d007b9de9341631a1e46919c292a09e6d39e7868d0de769
|
data/app/models/headers.rb
CHANGED
@@ -23,8 +23,8 @@ module CMSScanner
|
|
23
23
|
# @return [ Array<String> ] Downcased known headers
|
24
24
|
def known_headers
|
25
25
|
%w(
|
26
|
-
age accept-ranges cache-control content-
|
27
|
-
keep-alive location last-modified link pragma set-cookie strict-transport-security
|
26
|
+
age accept-ranges cache-control content-encoding content-length content-type connection date
|
27
|
+
etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
|
28
28
|
transfer-encoding vary x-cache x-content-security-policy x-content-type-options
|
29
29
|
x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
|
30
30
|
x-webkit-csp x-xss-protection
|
data/cms_scanner.gemspec
CHANGED
@@ -9,10 +9,10 @@ Gem::Specification.new do |s|
|
|
9
9
|
s.version = CMSScanner::VERSION
|
10
10
|
s.platform = Gem::Platform::RUBY
|
11
11
|
s.required_ruby_version = '>= 2.1.0'
|
12
|
-
s.authors = ['WPScanTeam
|
13
|
-
s.email = ['
|
14
|
-
s.summary = '
|
15
|
-
s.description = '
|
12
|
+
s.authors = ['WPScanTeam ']
|
13
|
+
s.email = ['team@wpscan.org']
|
14
|
+
s.summary = 'CMS Scanner Framework (experimental)'
|
15
|
+
s.description = 'Framework to provide an easy way to implement CMS Scanners'
|
16
16
|
s.homepage = 'https://github.com/wpscanteam/CMSScanner'
|
17
17
|
s.license = 'MIT'
|
18
18
|
|
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
|
|
31
31
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
32
32
|
s.require_path = 'lib'
|
33
33
|
|
34
|
-
s.add_dependency 'opt_parse_validator', '~> 0.0.
|
34
|
+
s.add_dependency 'opt_parse_validator', '~> 0.0.13'
|
35
35
|
s.add_dependency 'typhoeus', '~> 0.7'
|
36
36
|
s.add_dependency 'nokogiri', '~> 1.6.6'
|
37
37
|
s.add_dependency 'addressable', '~> 2.3.8'
|
data/lib/cms_scanner.rb
CHANGED
@@ -34,25 +34,42 @@ module CMSScanner
|
|
34
34
|
APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
|
35
35
|
NS = self
|
36
36
|
|
37
|
-
def self.included(base)
|
38
|
-
remove_const(:NS)
|
39
|
-
const_set(:NS, base)
|
40
|
-
super(base)
|
41
|
-
end
|
42
|
-
|
43
37
|
# Number of requests performed to display at the end of the scan
|
44
38
|
Typhoeus.on_complete do |response|
|
45
39
|
self.total_requests += 1 unless response.cached?
|
46
40
|
end
|
47
41
|
|
48
|
-
#
|
49
|
-
|
50
|
-
|
42
|
+
# Module to be able to use these class methods when the CMSScanner
|
43
|
+
# is included in another module
|
44
|
+
module ClassMethods
|
45
|
+
# @return [ Integer ]
|
46
|
+
def total_requests
|
47
|
+
@@total_requests ||= 0
|
48
|
+
end
|
49
|
+
|
50
|
+
# @param [ Integer ]
|
51
|
+
def total_requests=(value)
|
52
|
+
@@total_requests = value
|
53
|
+
end
|
54
|
+
|
55
|
+
# The lowercase name of the scanner
|
56
|
+
# Mainly used in directory paths like the default cookie-jar file and
|
57
|
+
# path to load the cli options from files
|
58
|
+
#
|
59
|
+
# @return [ String ]
|
60
|
+
def app_name
|
61
|
+
to_s.underscore
|
62
|
+
end
|
51
63
|
end
|
52
64
|
|
53
|
-
|
54
|
-
|
55
|
-
|
65
|
+
extend ClassMethods
|
66
|
+
|
67
|
+
def self.included(base)
|
68
|
+
remove_const(:NS)
|
69
|
+
const_set(:NS, base)
|
70
|
+
|
71
|
+
base.extend(ClassMethods)
|
72
|
+
super(base)
|
56
73
|
end
|
57
74
|
|
58
75
|
# Scan
|
@@ -106,13 +123,7 @@ module CMSScanner
|
|
106
123
|
# depending on the findings / errors
|
107
124
|
def exit_hook
|
108
125
|
at_exit do
|
109
|
-
if run_error
|
110
|
-
exit(NS::ExitCode::CLI_OPTION_ERROR) if run_error.is_a?(OptParseValidator::Error) ||
|
111
|
-
run_error.is_a?(OptionParser::ParseError)
|
112
|
-
|
113
|
-
exit(NS::ExitCode::INTERRUPTED) if run_error.is_a?(Interrupt)
|
114
|
-
exit(NS::ExitCode::ERROR)
|
115
|
-
end
|
126
|
+
exit(run_error_exit_code) if run_error
|
116
127
|
|
117
128
|
controller = controllers.first
|
118
129
|
|
@@ -121,6 +132,16 @@ module CMSScanner
|
|
121
132
|
exit(NS::ExitCode::OK)
|
122
133
|
end
|
123
134
|
end
|
135
|
+
|
136
|
+
# @return [ Integer ] The exit code related to the run_error
|
137
|
+
def run_error_exit_code
|
138
|
+
return NS::ExitCode::CLI_OPTION_ERROR if run_error.is_a?(OptParseValidator::Error) ||
|
139
|
+
run_error.is_a?(OptionParser::ParseError)
|
140
|
+
|
141
|
+
return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
|
142
|
+
|
143
|
+
NS::ExitCode::ERROR
|
144
|
+
end
|
124
145
|
end
|
125
146
|
end
|
126
147
|
|
data/lib/cms_scanner/browser.rb
CHANGED
@@ -45,7 +45,8 @@ module CMSScanner
|
|
45
45
|
# @return [ Hash ]
|
46
46
|
def default_request_params
|
47
47
|
params = {
|
48
|
-
|
48
|
+
# Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
|
49
|
+
ssl_verifypeer: false, ssl_verifyhost: 0,
|
49
50
|
headers: { 'User-Agent' => user_agent },
|
50
51
|
accept_encoding: 'gzip, deflate',
|
51
52
|
method: :get
|
@@ -3,8 +3,20 @@ module CMSScanner
|
|
3
3
|
class Controllers < Array
|
4
4
|
attr_reader :option_parser
|
5
5
|
|
6
|
+
# @param [ OptParsevalidator::OptParser ] options_parser
|
6
7
|
def initialize(option_parser = OptParseValidator::OptParser.new(nil, 40))
|
7
8
|
@option_parser = option_parser
|
9
|
+
|
10
|
+
register_options_files
|
11
|
+
end
|
12
|
+
|
13
|
+
# Adds the potential option file paths to the option_parser
|
14
|
+
def register_options_files
|
15
|
+
[Dir.home, Dir.pwd].each do |dir|
|
16
|
+
option_parser.options_files.supported_extensions.each do |ext|
|
17
|
+
@option_parser.options_files << File.join(dir, ".#{NS.app_name}", "cli_options.#{ext}")
|
18
|
+
end
|
19
|
+
end
|
8
20
|
end
|
9
21
|
|
10
22
|
# @param [ Controller::Base ] controller
|
@@ -19,15 +19,15 @@ module CMSScanner
|
|
19
19
|
|
20
20
|
each do |finder|
|
21
21
|
methods.each do |symbol|
|
22
|
-
|
23
|
-
findings << found
|
24
|
-
end
|
22
|
+
run_finder(finder, symbol, opts)
|
25
23
|
end
|
26
24
|
end
|
27
25
|
|
28
|
-
|
26
|
+
filter_findings
|
29
27
|
end
|
30
28
|
|
29
|
+
protected
|
30
|
+
|
31
31
|
# @param [ Symbol ] mode :mixed, :passive or :aggressive
|
32
32
|
# @return [ Array<Symbol> ] The symbols to call for the mode
|
33
33
|
def symbols_from_mode(mode)
|
@@ -36,6 +36,23 @@ module CMSScanner
|
|
36
36
|
return symbols if mode.nil? || mode == :mixed
|
37
37
|
symbols.include?(mode) ? [*mode] : []
|
38
38
|
end
|
39
|
+
|
40
|
+
# @param [ CMSScanner::Finders::Finder ] finder
|
41
|
+
# @param [ Symbol ] symbol See return values of #symbols_from_mode
|
42
|
+
# @param [ Hash ] opts
|
43
|
+
def run_finder(finder, symbol, opts)
|
44
|
+
[*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
|
45
|
+
findings << found
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
# Allow child classes to filter the findings, such as return the best one
|
50
|
+
# or remove the low confidence ones.
|
51
|
+
#
|
52
|
+
# @return [ Findings ]
|
53
|
+
def filter_findings
|
54
|
+
findings
|
55
|
+
end
|
39
56
|
end
|
40
57
|
end
|
41
58
|
end
|
@@ -13,15 +13,13 @@ module CMSScanner
|
|
13
13
|
def run(opts = {})
|
14
14
|
symbols_from_mode(opts[:mode]).each do |symbol|
|
15
15
|
each do |finder|
|
16
|
-
|
17
|
-
findings << found
|
18
|
-
end
|
16
|
+
run_finder(finder, symbol, opts)
|
19
17
|
end
|
20
18
|
end
|
21
19
|
|
22
20
|
findings.sort! if opts[:sort]
|
23
21
|
|
24
|
-
|
22
|
+
filter_findings
|
25
23
|
end
|
26
24
|
end
|
27
25
|
end
|
@@ -19,9 +19,7 @@ module CMSScanner
|
|
19
19
|
|
20
20
|
symbols_from_mode(opts[:mode]).each do |symbol|
|
21
21
|
each do |finder|
|
22
|
-
|
23
|
-
findings << found
|
24
|
-
end
|
22
|
+
run_finder(finder, symbol, opts)
|
25
23
|
|
26
24
|
next if opts[:confidence_threshold] <= 0
|
27
25
|
|
@@ -29,13 +27,13 @@ module CMSScanner
|
|
29
27
|
end
|
30
28
|
end
|
31
29
|
|
32
|
-
|
30
|
+
filter_findings
|
33
31
|
end
|
34
32
|
|
35
|
-
|
36
|
-
|
33
|
+
protected
|
34
|
+
|
37
35
|
# @return [ Object, false ] The best finding or false if none
|
38
|
-
def
|
36
|
+
def filter_findings
|
39
37
|
# results are sorted by confidence ASC
|
40
38
|
findings.sort_by!(&:confidence)
|
41
39
|
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.34
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
- WPScanTeam
|
7
|
+
- 'WPScanTeam '
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-07-
|
11
|
+
date: 2015-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: opt_parse_validator
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.0.
|
19
|
+
version: 0.0.13
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.0.
|
26
|
+
version: 0.0.13
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: typhoeus
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -206,9 +206,9 @@ dependencies:
|
|
206
206
|
- - "~>"
|
207
207
|
- !ruby/object:Gem::Version
|
208
208
|
version: '0.10'
|
209
|
-
description:
|
209
|
+
description: Framework to provide an easy way to implement CMS Scanners
|
210
210
|
email:
|
211
|
-
-
|
211
|
+
- team@wpscan.org
|
212
212
|
executables: []
|
213
213
|
extensions: []
|
214
214
|
extra_rdoc_files: []
|
@@ -319,6 +319,6 @@ rubyforge_project:
|
|
319
319
|
rubygems_version: 2.4.8
|
320
320
|
signing_key:
|
321
321
|
specification_version: 4
|
322
|
-
summary:
|
322
|
+
summary: CMS Scanner Framework (experimental)
|
323
323
|
test_files: []
|
324
324
|
has_rdoc:
|