cms_scanner 0.10.1 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee896090149c3f5dfd501ce88374b708aba187927bdac0c593f3608c801ae0d3
-  data.tar.gz: 24f17ebbab747417216229057783c1545ebbe06ff0a4c6c6e2ff969b67e69f97
+  metadata.gz: 72a6af6653b611521780cf690b877be65574e84416fd85f6cb510252cbd63f37
+  data.tar.gz: 9004450478afb99a08c26e7fc6256d4c614491fe2fae1c91cf23a95d36583f5c
 SHA512:
-  metadata.gz: 13f907d61456e051f39e2988755537e6ad6ccdbd473144a5e756cb9f91a680d23539ced35cb9e29925f7d1832e4d84fe8d975871c4d5aa230c863a9e92133eee
-  data.tar.gz: 6fd87965f3fe9385583f5c8fef0ea82fc7b03c8a803e68b6117f410dac554b0c8677d975b894b37cf4c29e87260cb06f2d2e17c75c8e873912060d5707fe2804
+  metadata.gz: 23a881867063dc089d9bc6efe581c3e631ead8ac0b09408d085ba54d4cd5584da9988cc947dbdeb707a2b74bfde3408c1e48f025942d782e7427ccf64d6380f1
+  data.tar.gz: 0cda187347c63f48bb1bea47f2cb2d45089aa38aaa885e6c5a4e32384409e7b2eb71453187b7db0531e1850ed3d48390cd823b53fcd93e7f531ee386cd9646a1

data/app/controllers/core.rb

@@ -43,7 +43,7 @@ module CMSScanner
         when 401
           raise Error::HTTPAuthRequired
         when 403
-          raise Error::AccessForbidden, NS::ParsedCli.random_user_agent
+          raise Error::AccessForbidden, NS::ParsedCli.random_user_agent unless NS::ParsedCli.force
         when 407
           raise Error::ProxyAuthRequired
         end

data/app/controllers/core/cli_options.rb

@@ -10,7 +10,8 @@ module CMSScanner
         [
           OptURL.new(['-u', '--url URL', 'The URL to scan'],
                      required_unless: %i[help hh version],
-                     default_protocol: 'http')
+                     default_protocol: 'http'),
+          OptBoolean.new(['--force', 'Do not check if target returns a 403'])
         ] + mixed_cli_options + [
           OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
           OptChoice.new(['-f', '--format FORMAT',

data/app/models/fantastico_fileslist.rb

@@ -2,8 +2,16 @@
 
 module CMSScanner
   module Model
-    # FantasticoFileslist
+    # Fantastico is a commercial script library that automates the installation of web applications to a website.
+    # Fantastico scripts are executed from the administration area of a website control panel such as cPanel.
+    # It creates a file named fantastico_fileslist.txt that is publicly available and contains a list of all the
+    # files from the current directory. The contents of this file may expose sensitive information to an attacker.
     class FantasticoFileslist < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Fantastico list found: #{url}"
+      end
+
       # @return [ Array<String> ] The interesting files/dirs detected
       def interesting_entries
         results = []
@@ -17,7 +25,9 @@ module CMSScanner
       end
 
       def references
-        @references ||= { url: ['http://www.acunetix.com/vulnerabilities/fantastico-fileslist/'] }
+        @references ||= {
+          url: ['https://web.archive.org/web/20140518040021/http://www.acunetix.com/vulnerabilities/fantastico-fileslist/']
+        }
       end
     end
   end

data/app/models/headers.rb

@@ -19,7 +19,7 @@ module CMSScanner
         entries.each do |header, value|
           next if known_headers.include?(header.downcase)
 
-          results << "#{header}: #{[*value].join(', ')}"
+          results << "#{header}: #{Array(value).join(', ')}"
         end
         results
       end

data/app/models/robots_txt.rb

@@ -4,6 +4,11 @@ module CMSScanner
   module Model
     # Robots.txt
     class RobotsTxt < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "robots.txt found: #{url}"
+      end
+
       # @todo Better detection, currently everything not empty or / is returned
       #
       # @return [ Array<String> ] The interesting Allow/Disallow rules detected

data/app/models/search_replace_db_2.rb

@@ -4,6 +4,11 @@ module CMSScanner
   module Model
     # SearchReplaceDB2
     class SearchReplaceDB2 < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Search Replace DB script found: #{url}"
+      end
+
       def references
         @references ||= { url: ['https://interconnectit.com/products/search-and-replace-for-wordpress-databases/'] }
       end

data/app/views/json/scan_aborted.erb

@@ -1,4 +1,5 @@
 "scan_aborted": <%= @reason.to_json %>,
+"target_url": <%= @url.to_json %>,
 <% if @verbose -%>
 "trace": <%= @trace.to_json %>,
 <% end %>

data/lib/cms_scanner/cache/file_store.rb

@@ -59,7 +59,7 @@ module CMSScanner
       #
       # @return [ String ] The expiration file path associated to the key
       def entry_expiration_path(key)
-        entry_path(key) + '.expiration'
+        "#{entry_path(key)}.expiration"
       end
 
       private

data/lib/cms_scanner/errors/http.rb

@@ -44,7 +44,7 @@ module CMSScanner
 
       def to_s
         msg = if random_user_agent_used
-                'Well... --random-user-agent didn\'t work, you\'re on your own now!'
+                'Well... --random-user-agent didn\'t work, use --force to skip this check if needed.'
               else
                 'Please re-try with --random-user-agent'
               end

data/lib/cms_scanner/finders/base_finders.rb

@@ -21,14 +21,14 @@ module CMSScanner
 
         return symbols if mode.nil? || mode == :mixed
 
-        symbols.include?(mode) ? [*mode] : []
+        symbols.include?(mode) ? Array(mode) : []
       end
 
       # @param [ CMSScanner::Finders::Finder ] finder
       # @param [ Symbol ] symbol See return values of #symbols_from_mode
       # @param [ Hash ] opts
       def run_finder(finder, symbol, opts)
-        [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
+        Array(finder.send(symbol, opts.merge(found: findings))).compact.each do |found|
           findings << found
         end
       end

data/lib/cms_scanner/finders/finder.rb

@@ -57,10 +57,12 @@ module CMSScanner
       # @param [String, Class ] klass
       # @return [ String ]
       def found_by(klass = self.class)
+        labels = %w[aggressive passive]
+
         caller_locations.each do |call|
           label = call.label
 
-          next unless %w[aggressive passive].include? label
+          next unless labels.include? label
 
           title = klass.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)
 

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb

@@ -6,20 +6,22 @@ module CMSScanner
       # Module to provide an easy way to perform password attacks
       module BreadthFirstDictionaryAttack
         # @param [ Array<CMSScanner::Model::User> ] users
-        # @param [ Array<String> ] passwords
+        # @param [ String ] wordlist_path
         # @param [ Hash ] opts
         # @option opts [ Boolean ] :show_progression
         #
         # @yield [ CMSScanner::User ] When a valid combination is found
         #
         # Due to Typhoeus threads shenanigans, in rare cases the progress-bar might
-        # be incorrect updated, hence the 'rescue ProgressBar::InvalidProgressError'
+        # be incorrectly updated, hence the 'rescue ProgressBar::InvalidProgressError'
         #
         # TODO: Make rubocop happy about metrics etc
         #
         # rubocop:disable all
-        def attack(users, passwords, opts = {})
-          create_progress_bar(total: users.size * passwords.size, show_progression: opts[:show_progression])
+        def attack(users, wordlist_path, opts = {})
+          wordlist = File.open(wordlist_path)
+
+          create_progress_bar(total: users.size * wordlist.count, show_progression: opts[:show_progression])
 
           queue_count         = 0
           # Keep the number of requests sent for each users
@@ -28,7 +30,7 @@ module CMSScanner
 
           users.each { |u| user_requests_count[u.username] = 0 }
 
-          passwords.each do |password|
+          File.foreach(wordlist, chomp: true) do |password|
             remaining_users = users.select { |u| u.password.nil? }
 
             break if remaining_users.empty?
@@ -47,7 +49,7 @@ module CMSScanner
                   user.password = password
 
                   begin
-                    progress_bar.total -= passwords.size - user_requests_count[user.username]
+                    progress_bar.total -= wordlist.count - user_requests_count[user.username]
                   rescue ProgressBar::InvalidProgressError
                   end
 
@@ -105,8 +107,10 @@ module CMSScanner
                     "No response from remote server. WAF/IPS? (#{response.return_message})"
                   elsif response.code.to_s.start_with?('50')
                     'Server error, try reducing the number of threads.'
-                  else
+                  elsif NS::ParsedCli.verbose?
                     "Unknown response received Code: #{response.code}\nBody: #{response.body}"
+                  else
+                    "Unknown response received Code: #{response.code}"
                   end
 
           progress_bar.log("Error: #{error}")

data/lib/cms_scanner/finders/finder/enumerator.rb

@@ -55,7 +55,7 @@ module CMSScanner
         # @return [ Typhoeus::Response, nil ]
         def maybe_get_full_response(head_res, opts)
           return head_res unless opts[:check_full_response] == true ||
-                                 [*opts[:check_full_response]].include?(head_res.code)
+                                 Array(opts[:check_full_response]).include?(head_res.code)
 
           full_res = NS::Browser.get(head_res.effective_url, full_request_params)
 

data/lib/cms_scanner/numeric.rb

@@ -8,6 +8,6 @@ class Numeric
     e     = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
     s     = format('%<s>.3f', s: (abs.to_f / 1024**e))
 
-    s.sub(/\.?0*$/, ' ' + units[e])
+    s.sub(/\.?0*$/, " #{units[e]}")
   end
 end

data/lib/cms_scanner/progressbar_null_output.rb

@@ -17,7 +17,7 @@ module CMSScanner
     def log(string = nil)
       return logs if string.nil?
 
-      logs << string
+      logs << string unless logs.include?(string)
     end
   end
 end

data/lib/cms_scanner/references.rb

@@ -21,9 +21,9 @@ module CMSScanner
         next unless refs.key?(key)
 
         @references[key] = if key == :youtube
-                             [*refs[:youtube]].map { |id| youtube_url(id) }
+                             Array(refs[:youtube]).map { |id| youtube_url(id) }
                            else
-                             [*refs[key]].map(&:to_s)
+                             Array(refs[key]).map(&:to_s)
                            end
       end
     end

data/lib/cms_scanner/scan.rb

@@ -30,6 +30,7 @@ module CMSScanner
       @run_error = e
 
       formatter.output('@scan_aborted',
+                       url: controllers.first.target.url,
                        reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
                        trace: e.backtrace,
                        verbose: NS::ParsedCli.verbose ||

data/lib/cms_scanner/target.rb

@@ -18,7 +18,7 @@ module CMSScanner
       super(url, opts)
 
       scope << uri.host
-      [*opts[:scope]].each { |s| scope << s }
+      Array(opts[:scope]).each { |s| scope << s }
     end
 
     # @param [ Hash ] opts
@@ -105,11 +105,11 @@ module CMSScanner
         next unless attr_value && !attr_value.empty?
 
         node_uri = begin
-                     uri.join(attr_value.strip)
-                   rescue StandardError
-                     # Skip potential malformed URLs etc.
-                     next
-                   end
+          uri.join(attr_value.strip)
+        rescue StandardError
+          # Skip potential malformed URLs etc.
+          next
+        end
 
         next unless node_uri.host
 

data/lib/cms_scanner/target/platform/php.rb

@@ -5,7 +5,7 @@ module CMSScanner
     module Platform
       # Some PHP specific implementation
       module PHP
-        DEBUG_LOG_PATTERN = /(?:\[\d{2}\-[a-zA-Z]{3}\-\d{4}\s\d{2}\:\d{2}:\d{2}\s[A-Z]{3}\]|
+        DEBUG_LOG_PATTERN = /(?:\[\d{2}-[a-zA-Z]{3}-\d{4}\s\d{2}:\d{2}:\d{2}\s[A-Z]{3}\]|
                               PHP\s(?:Fatal|Warning|Strict|Error|Notice):)/x.freeze
         FPD_PATTERN       = /Fatal error:.+? in (.+?) on/.freeze
         ERROR_LOG_PATTERN = /PHP Fatal error/i.freeze

data/lib/cms_scanner/target/scope.rb

@@ -53,14 +53,14 @@ module CMSScanner
       domains = [uri.host + uri.path]
 
       domains += if scope.domains.empty?
-                   [*scope.invalid_domains[1..-1]]
+                   Array(scope.invalid_domains[1..-1])
                  else
-                   [*scope.domains[1..-1]].map(&:to_s) + scope.invalid_domains
+                   Array(scope.domains[1..-1]).map(&:to_s) + scope.invalid_domains
                  end
 
       domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
 
-      domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
+      domains[0].gsub!(Regexp.escape(uri.host), "#{Regexp.escape(uri.host)}(?::\\d+)?") if uri.port
 
       @scope_url_pattern = %r{https?:\\?/\\?/(?:#{domains.join('|')})\\?/?}i
     end

data/lib/cms_scanner/target/server/generic.rb

@@ -41,7 +41,7 @@ module CMSScanner
         def directory_listing?(path = nil, params = {})
           res = NS::Browser.get(url(path), params)
 
-          res.code == 200 && res.body =~ /<h1>Index of/ ? true : false
+          res.code == 200 && res.body.include?('<h1>Index of') ? true : false
         end
 
         # @param [ String ] path

data/lib/cms_scanner/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module CMSScanner
-  VERSION = '0.10.1'
+  VERSION = '0.13.0'
 end

data/lib/cms_scanner/web_site.rb

@@ -62,7 +62,7 @@ module CMSScanner
 
     # @return [ String ] The URL of an unlikely existant page
     def error_404_url
-      @error_404_url ||= uri.join(Digest::MD5.hexdigest(rand(999_999).to_s)[0..6] + '.html').to_s
+      @error_404_url ||= uri.join("#{Digest::MD5.hexdigest(rand(999_999).to_s)[0..6]}.html").to_s
     end
 
     # Checks if the remote website is up.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.10.1
+  version: 0.13.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-06-08 00:00:00.000000000 Z
+date: 2021-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: get_process_mem
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.8
+        version: 1.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.8
+        version: 1.11.0
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: 1.9.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: 1.9.3
 - !ruby/object:Gem::Dependency
   name: public_suffix
   requirement: !ruby/object:Gem::Requirement
@@ -70,16 +70,22 @@ dependencies:
   name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: '1.12'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: '1.12'
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
@@ -176,14 +182,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: 3.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -204,42 +210,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.85.0
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.85.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.9.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.18.2
+        version: 0.21.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.18.2
+        version: 0.21.0
 - !ruby/object:Gem::Dependency
   name: simplecov-lcov
   requirement: !ruby/object:Gem::Requirement
@@ -260,14 +266,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.11.0
 description: Framework to provide an easy way to implement CMS Scanners
 email:
 - team@wpscan.org