RubyGems - cms_scanner - Versions diffs - 0.0.40.3 → 0.0.41.0 - Mend

cms_scanner 0.0.40.3 → 0.0.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/cms_scanner.rb +5 -2
data/lib/cms_scanner/exit_code.rb +6 -3
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +11 -5
data/lib/cms_scanner/helper.rb +0 -1
data/lib/cms_scanner/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 01e63c37ec8c7413a1b6126e934cdd523cb6fd54
-  data.tar.gz: b50738731d6a0c9886d304c56c716760f6602dc4
+  metadata.gz: f053017d2b3503063c8f2de1e5668227490b0972
+  data.tar.gz: d66e1ac7019b9fa5fb54b2a335030aafb8874692
 SHA512:
-  metadata.gz: 01fe765af31f1c9eda786feca8898c7c852e65666a667582a842e516b9dbfa4d1494137708bd0893c83cd13d356599daaa6d1ec9496494348ad3424df42fd7b5
-  data.tar.gz: c9a9a25b7ae82f9d21fa526f0206f330d697e0390e1de70ed443f228b9edb96f5ea96ca69a6317b34fedb7675d7ad843c6a967c90bd70f584be41ee9a1aa1f15
+  metadata.gz: 74ec18f3e50f25bf25940d9f76aa53e7544a75eae13fe4f2a498cfdffc11b6fe2c0f0f9f25fc16565b6ed400f6b77fb6000c31593685d0304e7ca607ab32f674
+  data.tar.gz: '084b94da489240b2757dd990e8b3371186ef2023d5b37bbc9f5e4863dc81d70f7d86af7f872e6b2f19995a0aa9061c320fca72f12a29e31fb28fc572d22a68b3'

data/lib/cms_scanner.rb CHANGED Viewed

@@ -145,7 +145,8 @@ module CMSScanner
       formatter.output('@scan_aborted',
                        reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
                        trace: e.backtrace,
-                       verbose: controllers.first.parsed_options[:verbose])
+                       verbose: controllers.first.parsed_options[:verbose] ||
+                                run_error_exit_code == NS::ExitCode::EXCEPTION)
     ensure
       Browser.instance.hydra.abort
@@ -184,7 +185,9 @@ module CMSScanner
       return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
-      NS::ExitCode::ERROR
+      return NS::ExitCode::ERROR if run_error.is_a?(NS::Error)
+      NS::ExitCode::EXCEPTION
     end
   end
 end

data/lib/cms_scanner/exit_code.rb CHANGED Viewed

@@ -10,11 +10,14 @@ module CMSScanner
     # Interrupt received
     INTERRUPTED      = 2
-    # Exceptions
-    ERROR            = 3
+    # Unhandled/unexpected Exception occured
+    EXCEPTION        = 3
+    # Error, scan did not finish
+    ERROR            = 4
     # The target has at least one vulnerability.
     # Currently, the interesting findings do not count as vulnerable things
-    VULNERABLE       = 4
+    VULNERABLE       = 5
   end
 end

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb CHANGED Viewed

@@ -15,9 +15,15 @@ module CMSScanner
         # rubocop:disable all
         def attack(users, passwords, opts = {})
           create_progress_bar(total: users.size * passwords.size, show_progression: opts[:show_progression])
-          queue_count = 0
-          passwords.each_with_index do |password, password_index|
+          queue_count         = 0
+          # Keep the number of requests sent for each users
+          # to be able to correctly update the progress when a password is found
+          user_requests_count = {}
+          users.each { |u| user_requests_count[u.username] = 0 }
+          passwords.each do |password|
             remaining_users = users.select { |u| u.password.nil? }
             break if remaining_users.empty?
@@ -25,6 +31,8 @@ module CMSScanner
             remaining_users.each do |user|
               request = login_request(user.username, password)
+              user_requests_count[user.username] += 1
               request.on_complete do |res|
                 progress_bar.title = "Trying #{user.username} / #{password}"
                 progress_bar.increment
@@ -34,9 +42,7 @@ module CMSScanner
                   yield user
-                  offset = progress_bar.total - progress_bar.progress < hydra.max_concurrency ? 2 : 1
-                  progress_bar.total -= passwords.size - password_index - offset
+                  progress_bar.total -= passwords.size - user_requests_count[user.username]
                 elsif errored_response?(res)
                   output_error(res)
                 end

data/lib/cms_scanner/helper.rb CHANGED Viewed

@@ -2,7 +2,6 @@
 def redirect_output_to_file(file)
   $stdout.reopen(file, 'w')
   $stdout.sync = true
-  $stderr.reopen($stdout) # Not sure if this is needed
 end
 # @return [ Integer ] The memory of the current process in Bytes

data/lib/cms_scanner/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.40.3'.freeze
+  VERSION = '0.0.41.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.40.3
+  version: 0.0.41.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-02 00:00:00.000000000 Z
+date: 2018-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri