cms_scanner 0.0.44.3 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e65984931fa24f33ef5325d00f07d25e954e76b89df0185491cb9eccce9ed274
|
|
4
|
+
data.tar.gz: c8d1a85d06ac5fec7c1f4b68e942e6e276804b29b945b089f057ee7025af74bb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3fdddf99a93d0fab51617313c1af2ef9695d9bd137cd3f4cc32e7edf73828eeb4f5be51c31cd4773a13c1626ad635342f673d479a5d17dc91b148bd5efc30e8a
|
|
7
|
+
data.tar.gz: 876ea5b47fe468001c846aca035a3fee83ab07019335505da3a3420d441ba40905e93e4b722fe06396f84d3168ffe894264481cc1d019f606c238b3506e5986d
|
|
@@ -29,7 +29,7 @@ module CMSScanner
|
|
|
29
29
|
#
|
|
30
30
|
# @return [ Array<String> ]
|
|
31
31
|
def passive_urls(_opts = {})
|
|
32
|
-
target.
|
|
32
|
+
target.in_scope_uris(target.homepage_res, passive_urls_xpath).map(&:to_s)
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
# @return [ String ]
|
data/lib/cms_scanner/target.rb
CHANGED
|
@@ -89,10 +89,10 @@ module CMSScanner
|
|
|
89
89
|
# @param [ Typhoeus::Response, String ] page
|
|
90
90
|
# @param [ String ] xpath
|
|
91
91
|
#
|
|
92
|
-
# @yield [
|
|
92
|
+
# @yield [ Addressable::URI, Nokogiri::XML::Element ] The url and its associated tag
|
|
93
93
|
#
|
|
94
|
-
# @return [ Array<
|
|
95
|
-
def
|
|
94
|
+
# @return [ Array<Addressable::URI> ] The absolute URIs detected in the response's body from the HTML tags
|
|
95
|
+
def uris_from_page(page = nil, xpath = '//@href|//@src|//@data-src')
|
|
96
96
|
page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
|
|
97
97
|
found = []
|
|
98
98
|
|
|
@@ -108,13 +108,11 @@ module CMSScanner
|
|
|
108
108
|
next
|
|
109
109
|
end
|
|
110
110
|
|
|
111
|
-
node_uri_string = node_uri.to_s
|
|
112
|
-
|
|
113
111
|
next unless node_uri.host
|
|
114
112
|
|
|
115
|
-
yield
|
|
113
|
+
yield node_uri, node.parent if block_given? && !found.include?(node_uri)
|
|
116
114
|
|
|
117
|
-
found <<
|
|
115
|
+
found << node_uri
|
|
118
116
|
end
|
|
119
117
|
|
|
120
118
|
found.uniq
|
|
@@ -8,11 +8,13 @@ module CMSScanner
|
|
|
8
8
|
@scope ||= Scope.new
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
# @param [ String ] url An absolute URL
|
|
11
|
+
# @param [ String, Addressable::URI ] url An absolute URL or URI
|
|
12
12
|
#
|
|
13
13
|
# @return [ Boolean ] true if the url given is in scope
|
|
14
|
-
def in_scope?(
|
|
15
|
-
|
|
14
|
+
def in_scope?(url_or_uri)
|
|
15
|
+
url_or_uri = Addressable::URI.parse(url_or_uri.strip) unless url_or_uri.is_a?(Addressable::URI)
|
|
16
|
+
|
|
17
|
+
scope.include?(url_or_uri.host)
|
|
16
18
|
rescue StandardError
|
|
17
19
|
false
|
|
18
20
|
end
|
|
@@ -20,18 +22,18 @@ module CMSScanner
|
|
|
20
22
|
# @param [ Typhoeus::Response ] res
|
|
21
23
|
# @param [ String ] xpath
|
|
22
24
|
#
|
|
23
|
-
# @yield [
|
|
25
|
+
# @yield [ Addressable::URI, Nokogiri::XML::Element ] The in scope url and its associated tag
|
|
24
26
|
#
|
|
25
|
-
# @return [ Array<
|
|
26
|
-
def
|
|
27
|
+
# @return [ Array<Addressable::URI> ] The in scope absolute URIs detected in the response's body
|
|
28
|
+
def in_scope_uris(res, xpath = '//@href|//@src|//@data-src')
|
|
27
29
|
found = []
|
|
28
30
|
|
|
29
|
-
|
|
30
|
-
next unless in_scope?(
|
|
31
|
+
uris_from_page(res, xpath) do |uri, tag|
|
|
32
|
+
next unless in_scope?(uri)
|
|
31
33
|
|
|
32
|
-
yield
|
|
34
|
+
yield uri, tag if block_given?
|
|
33
35
|
|
|
34
|
-
found <<
|
|
36
|
+
found << uri
|
|
35
37
|
end
|
|
36
38
|
|
|
37
39
|
found
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 1.7.2
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 1.7.2
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: public_suffix
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -184,14 +184,14 @@ dependencies:
|
|
|
184
184
|
requirements:
|
|
185
185
|
- - "~>"
|
|
186
186
|
- !ruby/object:Gem::Version
|
|
187
|
-
version: 0.67.
|
|
187
|
+
version: 0.67.2
|
|
188
188
|
type: :development
|
|
189
189
|
prerelease: false
|
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
|
191
191
|
requirements:
|
|
192
192
|
- - "~>"
|
|
193
193
|
- !ruby/object:Gem::Version
|
|
194
|
-
version: 0.67.
|
|
194
|
+
version: 0.67.2
|
|
195
195
|
- !ruby/object:Gem::Dependency
|
|
196
196
|
name: simplecov
|
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|