cms_scanner 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4678e465b2b4eaf41a295ca51d5c8e19036cd608
-  data.tar.gz: 4791201f53009021294db6cb8ebbf8a502fe996a
+  metadata.gz: 0866fc4bfc65ce2c0b92ac2b4d8b0e6d412f0f4e
+  data.tar.gz: d1a849df9cfb4d7e2efb41bf836b62df007e02b8
 SHA512:
-  metadata.gz: aa604fb6779740c7a82aa02d435b8281ed80bd422cf843660803d1eb12e5544c5b96686c5234d41aad53b61cdf101d4cded4c4731595ca1db9745b16fb78d312
-  data.tar.gz: 3fae9b03e48e97719cc01404a1cef60fc418b29137dd2cedf7892923a07ad243a69a3274b50758653f3ca676ad28d85fc69028d343a82145fa19b34b6053a519
+  metadata.gz: 6351f6c0f03e6c4a7983933c723a9f479cc1b9a39d5ff4683930f9bb91b1c6f9b4f087b0ffaa5e193c7fcbfb00bb41317884cd9da25d062d0df4604e416c8e15
+  data.tar.gz: 40fa45e9e46359b1f9b5c818ed470213fe7434c73fdbf93eeed173ea27c5c0f8a3ef589f7c61c510cb6c90ae7da19568947a2d571a5723695dadb32a3a5ed00d

data/app/finders/interesting_files/xml_rpc.rb

@@ -25,9 +25,7 @@ module CMSScanner
 
         # @return [ XMLRPC ]
         def passive_body(_opts = {})
-          page = Nokogiri::HTML(NS::Browser.get(target.url).body)
-
-          page.css('link[rel="pingback"]').each do |tag|
+          NS::Browser.get(target.url).html.css('link[rel="pingback"]').each do |tag|
             url = tag.attribute('href').to_s
 
             next unless target.in_scope?(url)

data/app/models.rb

@@ -3,3 +3,4 @@ require_relative 'models/robots_txt'
 require_relative 'models/fantastico_fileslist'
 require_relative 'models/headers'
 require_relative 'models/xml_rpc'
+require_relative 'models/version'

data/app/models/interesting_file.rb

@@ -22,9 +22,5 @@ module CMSScanner
     def ==(other)
       url == other.url
     end
-
-    def eql?(other)
-      url == other.url && confidence == other.confidence && found_by == other.found_by
-    end
   end
 end

data/app/models/version.rb

@@ -0,0 +1,17 @@
+module CMSScanner
+  # Version
+  class Version
+    include NS::Finders::Finding
+
+    attr_reader :number
+
+    def initialize(number, opts = {})
+      @number = number
+      parse_finding_options(opts)
+    end
+
+    def ==(other)
+      number == other.number
+    end
+  end
+end

data/app/views/cli/core/finished.erb

@@ -1,4 +1,3 @@
-
 <%= green('[+]') %> Finished: <%= @stop_time.asctime %>
 <%= green('[+]') %> Memory used: <%= @used_memory.bytes_to_human %>
 <%= green('[+]') %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>

data/app/views/cli/interesting_files/findings.erb

@@ -18,4 +18,4 @@ Interesting Findings: <%= @findings.size %>
 <% end -%>
 <%= render('_array', a: finding.references, s: 'Reference', p: 'References') -%>
 <%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
-<% end -%>
+<% end %>

data/cms_scanner.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
   s.version               = CMSScanner::VERSION
   s.platform              = Gem::Platform::RUBY
   s.required_ruby_version = '>= 2.0.0'
-  s.authors               = ['WPScanTeam - Erwan le Rousseau']
+  s.authors               = ['WPScanTeam - Erwan Le Rousseau']
   s.email                 = ['erwan.lr@gmail.com']
   s.summary               = 'Experimental CMSScanner'
   s.description           = 'Experimental CMSScanner'
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec', '~> 3.1'
   s.add_development_dependency 'rspec-its'
   s.add_development_dependency 'bundler', '~> 1.6'
-  s.add_development_dependency 'rubocop', '~> 0.27'
+  s.add_development_dependency 'rubocop', '~> 0.28'
   s.add_development_dependency 'webmock', '>= 1.18'
   s.add_development_dependency 'simplecov', '~> 0.9'
 end

data/lib/cms_scanner.rb

@@ -10,6 +10,7 @@ require 'fileutils'
 require 'pathname'
 # Custom Libs
 require 'helper'
+require 'cms_scanner/typhoeus/response'
 require 'cms_scanner/errors/auth_errors'
 require 'cms_scanner/cache/typhoeus'
 require 'cms_scanner/target'

data/lib/cms_scanner/finders.rb

@@ -3,3 +3,5 @@ require 'cms_scanner/finders/finding'
 require 'cms_scanner/finders/findings'
 require 'cms_scanner/finders/independent_finders'
 require 'cms_scanner/finders/independent_finder'
+require 'cms_scanner/finders/unique_finders'
+require 'cms_scanner/finders/unique_finder'

data/lib/cms_scanner/finders/finding.rb

@@ -32,6 +32,10 @@ module CMSScanner
       def parse_finding_options(opts = {})
         FINDING_OPTS.each { |opt| send("#{opt}=", opts[opt]) if opts.key?(opt) }
       end
+
+      def eql?(other)
+        self == other && confidence == other.confidence && found_by == other.found_by
+      end
     end
   end
 end

data/lib/cms_scanner/finders/independent_finders.rb

@@ -2,7 +2,7 @@ module CMSScanner
   module Finders
     # Independent Finders container
     # This class is designed to handle independent results
-    # which are not related with others
+    # which are not related with each others
     # e.g: interesting files
     class IndependentFinders < Array
       # @return [ Findings ]

data/lib/cms_scanner/finders/unique_finder.rb

@@ -0,0 +1,17 @@
+module CMSScanner
+  module Finders
+    # Unique Finder
+    module UniqueFinder
+      def self.included(klass)
+        klass.class_eval do
+          include IndependentFinder
+
+          # @return [ Array ]
+          def finders
+            @finders ||= NS::Finders::UniqueFinders.new
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cms_scanner/finders/unique_finders.rb

@@ -0,0 +1,39 @@
+module CMSScanner
+  module Finders
+    # Unique Finders container
+    #
+    # This class is designed to return a unique result such as a version
+    # Note: Finders contained can return multiple results but the #run will only
+    # returned the best finding
+    class UniqueFinders < IndependentFinders
+      # @param [ Hash ] opts
+      # @option opts [ Symbol ] mode :mixed, :passive or :aggressive
+      # @option opts [ Int ] :confidence_threshold  If a finding's confidence reaches this value,
+      #                                             it will be returned as the best finding.
+      #                                             Default is 100.
+      #                                             If <= 0, all finders will be ran.
+      #
+      # @return [ Object ]
+      def run(opts = {})
+        opts[:confidence_threshold] ||= 100
+
+        symbols_from_mode(opts[:mode]).each do |symbol|
+          each do |finder|
+            [*finder.send(symbol, opts)].each do |found|
+              findings << found
+            end
+
+            next if opts[:confidence_threshold] <= 0
+
+            findings.each do |f|
+              return f if f.confidence >= opts[:confidence_threshold]
+            end
+          end
+        end
+
+        # results are sorted by confidence ASC
+        findings.sort_by(&:confidence).last
+      end
+    end
+  end
+end

data/lib/cms_scanner/target.rb

@@ -6,6 +6,7 @@ module CMSScanner
   # Target to Scan
   class Target < WebSite
     include Server::Generic
+
     # @note Subdomains are considered out of scope (maybe consider them in ?)
     #       Also, // are handled by Addressable::URI, but worngly :/
     #       e.g: Addressable::URI.parse('//file').host => file

data/lib/cms_scanner/target/platform/wordpress.rb

@@ -9,12 +9,10 @@ module CMSScanner
       module WordPress
         include PHP
 
-        WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|plugins|plugins))|wp-includes)/}i
+        WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|plugins|uploads))|wp-includes)/}i
 
         def wordpress?
-          page = Nokogiri::HTML(Browser.get(url).body)
-
-          page.css('script, link').each do |tag|
+          NS::Browser.get(url).html.css('script, link').each do |tag|
             tag_url = tag.attribute('href').to_s
 
             next unless in_scope?(tag_url)

data/lib/cms_scanner/target/platform/wordpress/custom_directories.rb

@@ -14,11 +14,10 @@ module CMSScanner
         # @return [ String ] The wp-content directory
         def content_dir
           unless @content_dir
-            page        = Nokogiri::HTML(Browser.get(url).body)
             escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?')
             pattern     = %r{#{escaped_url}(.+?)\/(?:themes|plugins|uploads)\/}i
 
-            page.css('link,script,style,img').each do |tag|
+            NS::Browser.get(url).html.css('link,script,style,img').each do |tag|
               %w(href src).each do |attribute|
                 attr_value = tag.attribute(attribute).to_s
 

data/lib/cms_scanner/target/server/apache.rb

@@ -30,10 +30,11 @@ module CMSScanner
         def directory_listing_entries(path = nil, params = {})
           return [] unless directory_listing?(path, params)
 
-          doc   = Nokogiri::HTML(NS::Browser.get(url(path), params).body)
           found = []
 
-          doc.css('td a').each { |node| found << node.text.to_s }
+          NS::Browser.get(url(path), params).html.css('td a').each do |node|
+            found << node.text.to_s
+          end
 
           found[1..-1] # returns the array w/o the first element 'Parent Directory'
         end

data/lib/cms_scanner/target/server/iis.rb

@@ -30,10 +30,9 @@ module CMSScanner
         def directory_listing_entries(path = nil, params = {})
           return [] unless directory_listing?(path, params)
 
-          doc   = Nokogiri::HTML(NS::Browser.get(url(path), params).body)
           found = []
 
-          doc.css('pre a').each do |node|
+          NS::Browser.get(url(path), params).html.css('pre a').each do |node|
             entry = node.text.to_s
 
             next if entry == '[To Parent Directory]'

data/lib/cms_scanner/typhoeus/response.rb

@@ -0,0 +1,9 @@
+module Typhoeus
+  # Custom Response class
+  class Response
+    # @return [ Nokogiri::HTML ] The response's body parsed by Nokogiri
+    def html
+      Nokogiri::HTML(body)
+    end
+  end
+end

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.6'
+  VERSION = '0.0.7'
 end

data/spec/app/controllers/core_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Controller::Core do
-
   subject(:core)       { described_class.new }
   let(:target_url)     { 'http://example.com/' }
   let(:parsed_options) { { url: target_url } }
@@ -148,5 +147,4 @@ describe CMSScanner::Controller::Core do
       core.after_scan
     end
   end
-
 end

data/spec/app/controllers/interesting_files_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Controller::InterestingFiles do
-
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://example.com/' }
   let(:parsed_options) { { url: target_url } }
@@ -46,5 +45,4 @@ describe CMSScanner::Controller::InterestingFiles do
       end
     end
   end
-
 end

data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Finders::InterestingFile::FantasticoFileslist do
-
   subject(:finder) { described_class.new(target) }
   let(:target)     { CMSScanner::Target.new(url) }
   let(:url)        { 'http://example.com/' }
@@ -64,5 +63,4 @@ describe CMSScanner::Finders::InterestingFile::FantasticoFileslist do
       end
     end
   end
-
 end

data/spec/app/finders/interesting_files/headers_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Finders::InterestingFile::Headers do
-
   subject(:finder) { described_class.new(target) }
   let(:target)     { CMSScanner::Target.new(url) }
   let(:url)        { 'http://example.com/' }
@@ -34,5 +33,4 @@ describe CMSScanner::Finders::InterestingFile::Headers do
       end
     end
   end
-
 end

data/spec/app/finders/interesting_files/robots_txt_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Finders::InterestingFile::RobotsTxt do
-
   subject(:finder) { described_class.new(target) }
   let(:target)     { CMSScanner::Target.new(url) }
   let(:url)        { 'http://example.com/' }
@@ -52,5 +51,4 @@ describe CMSScanner::Finders::InterestingFile::RobotsTxt do
       end
     end
   end
-
 end

data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Finders::InterestingFile::SearchReplaceDB2 do
-
   subject(:finder) { described_class.new(target) }
   let(:target)     { CMSScanner::Target.new(url) }
   let(:url)        { 'http://example.com/' }
@@ -51,5 +50,4 @@ describe CMSScanner::Finders::InterestingFile::SearchReplaceDB2 do
       end
     end
   end
-
 end

data/spec/app/finders/interesting_files/xml_rpc_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Finders::InterestingFile::XMLRPC do
-
   subject(:finder)  { described_class.new(target) }
   let(:target)      { CMSScanner::Target.new(url) }
   let(:url)         { 'http://ex.lo/' }
@@ -134,5 +133,4 @@ describe CMSScanner::Finders::InterestingFile::XMLRPC do
       end
     end
   end
-
 end

data/spec/app/finders/interesting_files_spec.rb

@@ -1,13 +1,12 @@
 require 'spec_helper'
 
 describe CMSScanner::Finders::InterestingFiles do
-
   it_behaves_like CMSScanner::Finders::IndependentFinder do
     let(:expected_finders) { %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC) }
+    let(:expected_finders_class) { CMSScanner::Finders::IndependentFinders }
   end
 
   subject(:files) { described_class.new(target) }
   let(:target)    { CMSScanner::Target.new(url) }
   let(:url)       { 'http://example.com/' }
-
 end

data/spec/app/formatters/cli_no_colour_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Formatter::CliNoColour do
-
   subject(:formatter) { described_class.new }
 
   describe '#format' do
@@ -13,5 +12,4 @@ describe CMSScanner::Formatter::CliNoColour do
       expect(formatter.red('Text')).to eq 'Text'
     end
   end
-
 end

data/spec/app/formatters/cli_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Formatter::Cli do
-
   subject(:formatter) { described_class.new }
 
   describe '#format' do
@@ -17,5 +16,4 @@ describe CMSScanner::Formatter::Cli do
       expect(formatter.green('Another Text')).to eq "\e[32mAnother Text\e[0m"
     end
   end
-
 end

data/spec/app/formatters/json_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::Formatter::Json do
-
   it_behaves_like CMSScanner::Formatter::Buffer
 
   subject(:formatter) { described_class.new }
@@ -29,5 +28,4 @@ describe CMSScanner::Formatter::Json do
       formatter.beautify
     end
   end
-
 end

data/spec/app/models/fantastico_fileslist_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe CMSScanner::FantasticoFileslist do
-
   subject(:file) { described_class.new(url) }
   let(:url)      { 'http://example.com/robots.txt' }
   let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'fantastico_fileslist') }