cms_scanner 0.0.37.11 → 0.0.37.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/core/cli_options.rb +8 -6
  3. data/cms_scanner.gemspec +2 -2
  4. data/lib/cms_scanner/finders/finder/fingerprinter.rb +2 -2
  5. data/lib/cms_scanner/target/hashes.rb +6 -1
  6. data/lib/cms_scanner/version.rb +1 -1
  7. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c376858b468a812426ee0a8a03e0ed1b8438aa9a
4
- data.tar.gz: 8bef1d95502b66606ed62a047adb148c478ea890
3
+ metadata.gz: 92c1a1bc745065a29c4770a7ff9143749f5373ea
4
+ data.tar.gz: 3ee76b460d6cd72f72aa03eb0beb095e367aa663
5
5
  SHA512:
6
- metadata.gz: 169a9923ed5278e55f84b316aea96ce43d8b0880474d6683c4d4d814a4efaa3d6039ad024bb8e6d869a7844f547d84d8f7886f4a8961735368cd6b7e35890704
7
- data.tar.gz: 2be9cdba79eb8fbaf4dd70e834815abcc50fce34f75eff1d76e928b103c43bc941c2d981b4b57d658fa7e959c54cca8a90ec3ba66739eb09d0d58ef4c30ddc36
6
+ metadata.gz: 756dd179151bbf8a904b1a8ee2a206e39b9a76cbe8891a3cabc80b71670cb87550385709246bb5c67f82309cb9f675c03ee622cc2116fccf038442820aac5ab9
7
+ data.tar.gz: 45eacba22c283773bf2cb8eb8e7dcc0694fa263a54d5932b6e6d2bf2a3adc0437de2d7db2566b9aab9903ccdc7c8a6836542a267d400b637000c5ce1b25a58f6
data/app/controllers/core/cli_options.rb CHANGED
@@ -15,7 +15,7 @@ module CMSScanner
15
15
  OptChoice.new(['--detection-mode MODE'],
16
16
  choices: %w[mixed passive aggressive],
17
17
  normalize: :to_sym,
18
- default: :mixed),
18
+ default: 'mixed'),
19
19
  OptArray.new(['--scope DOMAINS',
20
20
  'Comma separated (sub-)domains to consider in scope. ',
21
21
  'Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld'])
@@ -31,13 +31,13 @@ module CMSScanner
31
31
  'List of agents to use with --random-user-agent'], exists: true),
32
32
  OptCredentials.new(['--http-auth login:password']),
33
33
  OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
34
- default: 5),
34
+ default: '5'),
35
35
  OptPositiveInteger.new(['--throttle MilliSeconds', 'Milliseconds to wait before doing another web request. ' \
36
36
  'If used, the max threads will be set to 1.']),
37
37
  OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
38
- default: 60),
38
+ default: '60'),
39
39
  OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
40
- default: 30)
40
+ default: '30')
41
41
  ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
42
42
  end
43
43
 
@@ -67,7 +67,8 @@ module CMSScanner
67
67
  'format: cookie1=value1[; cookie2=value2]']),
68
68
  OptFilePath.new(['--cookie-jar FILE-PATH', 'File to read and write cookies'],
69
69
  writable: true,
70
- exists: false,
70
+ readable: true,
71
+ create: true,
71
72
  default: File.join(tmp_directory, 'cookie_jar.txt'))
72
73
  ]
73
74
  end
@@ -75,11 +76,12 @@ module CMSScanner
75
76
  # @return [ Array<OptParseValidator::OptBase> ]
76
77
  def cli_browser_cache_options
77
78
  [
78
- OptInteger.new(['--cache-ttl TIME_TO_LIVE', 'The cache time to live in seconds'], default: 600),
79
+ OptInteger.new(['--cache-ttl TIME_TO_LIVE', 'The cache time to live in seconds'], default: '600'),
79
80
  OptBoolean.new(['--clear-cache', 'Clear the cache before the scan']),
80
81
  OptDirectoryPath.new(['--cache-dir PATH'],
81
82
  readable: true,
82
83
  writable: true,
84
+ create: true,
83
85
  default: File.join(tmp_directory, 'cache'))
84
86
  ]
85
87
  end
data/cms_scanner.gemspec CHANGED
@@ -37,7 +37,7 @@ Gem::Specification.new do |s|
37
37
  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
38
38
  s.add_dependency 'public_suffix', '~> 3.0.0'
39
39
  s.add_dependency 'ruby-progressbar', '~> 1.9.0'
40
- s.add_dependency 'opt_parse_validator', '~> 0.0.13.8'
40
+ s.add_dependency 'opt_parse_validator', '~> 0.0.13.11'
41
41
 
42
42
  # Already required by opt_parse_validator
43
43
  # so version restriction loosen to avoid potential future conflicts
@@ -45,7 +45,7 @@ Gem::Specification.new do |s|
45
45
  s.add_dependency 'activesupport', '~> 5.0'
46
46
 
47
47
  s.add_development_dependency 'rake', '~> 12.0'
48
- s.add_development_dependency 'rspec', '~> 3.6.0'
48
+ s.add_development_dependency 'rspec', '~> 3.7.0'
49
49
  s.add_development_dependency 'rspec-its', '~> 1.2.0'
50
50
  s.add_development_dependency 'bundler', '~> 1.6'
51
51
  s.add_development_dependency 'rubocop', '~> 0.50.0'
data/lib/cms_scanner/finders/finder/fingerprinter.rb CHANGED
@@ -4,7 +4,7 @@ module CMSScanner
4
4
  # Module to provide an easy way to fingerprint things such as versions
5
5
  module Fingerprinter
6
6
  # @param [ Hash ] fingerprints The fingerprints
7
- # Format should be the following:
7
+ # Format should be like the following:
8
8
  # {
9
9
  # file_path_1: {
10
10
  # md5_hash_1: version_1,
@@ -23,7 +23,7 @@ module CMSScanner
23
23
  # @yield [ Mixed, String, String ] version/s, url, hash The version associated to the
24
24
  # fingerprint of the url
25
25
  def fingerprint(fingerprints, opts = {})
26
- create_progress_bar(opts.merge(total: fingerprints.size)) # if opts[:show_progression]
26
+ create_progress_bar(opts.merge(total: fingerprints.size))
27
27
 
28
28
  fingerprints.each do |path, f|
29
29
  url = target.url(path.dup)
data/lib/cms_scanner/target/hashes.rb CHANGED
@@ -9,7 +9,12 @@ module CMSScanner
9
9
  def self.page_hash(page)
10
10
  page = NS::Browser.get(page, followlocation: true) unless page.is_a?(Typhoeus::Response)
11
11
 
12
- Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
12
+ # Removes comments and script tags before computing the hash
13
+ # to remove any potential cached stuff
14
+ html = Nokogiri::HTML(page.body)
15
+ html.xpath('//script|//comment()').each(&:remove)
16
+
17
+ Digest::MD5.hexdigest(html)
13
18
  end
14
19
 
15
20
  # @return [ String ] The hash of the homepage
data/lib/cms_scanner/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.37.11'.freeze
3
+ VERSION = '0.0.37.12'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.37.11
4
+ version: 0.0.37.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-06 00:00:00.000000000 Z
11
+ date: 2017-10-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: typhoeus
@@ -86,14 +86,14 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 0.0.13.8
89
+ version: 0.0.13.11
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 0.0.13.8
96
+ version: 0.0.13.11
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: addressable
99
99
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 3.6.0
145
+ version: 3.7.0
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 3.6.0
152
+ version: 3.7.0
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: rspec-its
155
155
  requirement: !ruby/object:Gem::Requirement