cms_scanner 0.12.0 → 0.13.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/core.rb +1 -1
  3. data/app/controllers/core/cli_options.rb +2 -1
  4. data/app/models/fantastico_fileslist.rb +12 -2
  5. data/app/models/robots_txt.rb +5 -0
  6. data/app/models/search_replace_db_2.rb +5 -0
  7. data/app/views/json/scan_aborted.erb +1 -0
  8. data/lib/cms_scanner/cache/file_store.rb +1 -1
  9. data/lib/cms_scanner/errors/http.rb +1 -1
  10. data/lib/cms_scanner/finders/finder.rb +3 -1
  11. data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +1 -2
  12. data/lib/cms_scanner/numeric.rb +1 -1
  13. data/lib/cms_scanner/references.rb +1 -1
  14. data/lib/cms_scanner/scan.rb +9 -5
  15. data/lib/cms_scanner/target.rb +5 -5
  16. data/lib/cms_scanner/target/scope.rb +1 -1
  17. data/lib/cms_scanner/target/server/generic.rb +1 -1
  18. data/lib/cms_scanner/version.rb +1 -1
  19. data/lib/cms_scanner/vulnerability.rb +8 -6
  20. data/lib/cms_scanner/web_site.rb +1 -1
  21. metadata +27 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7a8c1343f1468a7f2c486b3a4e01ab78908a3148463a06f1368e53e748a6c269
4
- data.tar.gz: 9613a2df1e556a49a8f6dc9c7e934c2cd35a7aed0fbba4d42c22300901dd6b6b
3
+ metadata.gz: fffe0c16f6997feb9d468326198beacc87eebffbf420704f06d4f0fcf75a1041
4
+ data.tar.gz: a3bd4c7f63fb7b623a06a9d31383900dc00d0a28bbb4d453a22423feb28a8e82
5
5
  SHA512:
6
- metadata.gz: 7e7c1b97e79859d7bc38a3b9022ddc461ed0d9a91d275255f1f2430998ae46a2c591514165d6e21e6e6304b1f032eb8e9bf5f581bdc8e49f0dba43dceb640573
7
- data.tar.gz: 25745b31c7217ce451cf30833fc180f2416af4cb5842cece2c0e73f543d8a9a021cbd5d03fcef8a2e3e06f29868987dd2fa02723d1fe98e0d22e9460105ad7da
6
+ metadata.gz: 4bffc3ece3ecd360750bb67e82718b1bb13f7026d0c7aa84786db2f85122033b6df1273c558879c48feb364b69ea08e3d4c4df69580e39001bf63dc375a45490
7
+ data.tar.gz: 57ccf22b7947670c969b72720e302c819c7aab0943a252c33b049d11664bc4f3b5c718dc3bd7c1904d48ba3d7c5c5b7ae0fbfe79402429e267ce55484e7f7f92
data/app/controllers/core.rb CHANGED
@@ -43,7 +43,7 @@ module CMSScanner
43
43
  when 401
44
44
  raise Error::HTTPAuthRequired
45
45
  when 403
46
- raise Error::AccessForbidden, NS::ParsedCli.random_user_agent
46
+ raise Error::AccessForbidden, NS::ParsedCli.random_user_agent unless NS::ParsedCli.force
47
47
  when 407
48
48
  raise Error::ProxyAuthRequired
49
49
  end
data/app/controllers/core/cli_options.rb CHANGED
@@ -10,7 +10,8 @@ module CMSScanner
10
10
  [
11
11
  OptURL.new(['-u', '--url URL', 'The URL to scan'],
12
12
  required_unless: %i[help hh version],
13
- default_protocol: 'http')
13
+ default_protocol: 'http'),
14
+ OptBoolean.new(['--force', 'Do not check if target returns a 403'])
14
15
  ] + mixed_cli_options + [
15
16
  OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
16
17
  OptChoice.new(['-f', '--format FORMAT',
data/app/models/fantastico_fileslist.rb CHANGED
@@ -2,8 +2,16 @@
2
2
 
3
3
  module CMSScanner
4
4
  module Model
5
- # FantasticoFileslist
5
+ # Fantastico is a commercial script library that automates the installation of web applications to a website.
6
+ # Fantastico scripts are executed from the administration area of a website control panel such as cPanel.
7
+ # It creates a file named fantastico_fileslist.txt that is publicly available and contains a list of all the
8
+ # files from the current directory. The contents of this file may expose sensitive information to an attacker.
6
9
  class FantasticoFileslist < InterestingFinding
10
+ # @return [ String ]
11
+ def to_s
12
+ @to_s ||= "Fantastico list found: #{url}"
13
+ end
14
+
7
15
  # @return [ Array<String> ] The interesting files/dirs detected
8
16
  def interesting_entries
9
17
  results = []
@@ -17,7 +25,9 @@ module CMSScanner
17
25
  end
18
26
 
19
27
  def references
20
- @references ||= { url: ['http://www.acunetix.com/vulnerabilities/fantastico-fileslist/'] }
28
+ @references ||= {
29
+ url: ['https://web.archive.org/web/20140518040021/http://www.acunetix.com/vulnerabilities/fantastico-fileslist/']
30
+ }
21
31
  end
22
32
  end
23
33
  end
data/app/models/robots_txt.rb CHANGED
@@ -4,6 +4,11 @@ module CMSScanner
4
4
  module Model
5
5
  # Robots.txt
6
6
  class RobotsTxt < InterestingFinding
7
+ # @return [ String ]
8
+ def to_s
9
+ @to_s ||= "robots.txt found: #{url}"
10
+ end
11
+
7
12
  # @todo Better detection, currently everything not empty or / is returned
8
13
  #
9
14
  # @return [ Array<String> ] The interesting Allow/Disallow rules detected
data/app/models/search_replace_db_2.rb CHANGED
@@ -4,6 +4,11 @@ module CMSScanner
4
4
  module Model
5
5
  # SearchReplaceDB2
6
6
  class SearchReplaceDB2 < InterestingFinding
7
+ # @return [ String ]
8
+ def to_s
9
+ @to_s ||= "Search Replace DB script found: #{url}"
10
+ end
11
+
7
12
  def references
8
13
  @references ||= { url: ['https://interconnectit.com/products/search-and-replace-for-wordpress-databases/'] }
9
14
  end
data/app/views/json/scan_aborted.erb CHANGED
@@ -1,4 +1,5 @@
1
1
  "scan_aborted": <%= @reason.to_json %>,
2
+ "target_url": <%= @url.to_json %>,
2
3
  <% if @verbose -%>
3
4
  "trace": <%= @trace.to_json %>,
4
5
  <% end %>
data/lib/cms_scanner/cache/file_store.rb CHANGED
@@ -59,7 +59,7 @@ module CMSScanner
59
59
  #
60
60
  # @return [ String ] The expiration file path associated to the key
61
61
  def entry_expiration_path(key)
62
- entry_path(key) + '.expiration'
62
+ "#{entry_path(key)}.expiration"
63
63
  end
64
64
 
65
65
  private
data/lib/cms_scanner/errors/http.rb CHANGED
@@ -44,7 +44,7 @@ module CMSScanner
44
44
 
45
45
  def to_s
46
46
  msg = if random_user_agent_used
47
- 'Well... --random-user-agent didn\'t work, you\'re on your own now!'
47
+ 'Well... --random-user-agent didn\'t work, use --force to skip this check if needed.'
48
48
  else
49
49
  'Please re-try with --random-user-agent'
50
50
  end
data/lib/cms_scanner/finders/finder.rb CHANGED
@@ -57,10 +57,12 @@ module CMSScanner
57
57
  # @param [String, Class ] klass
58
58
  # @return [ String ]
59
59
  def found_by(klass = self.class)
60
+ labels = %w[aggressive passive]
61
+
60
62
  caller_locations.each do |call|
61
63
  label = call.label
62
64
 
63
- next unless %w[aggressive passive].include? label
65
+ next unless labels.include? label
64
66
 
65
67
  title = klass.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)
66
68
 
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb CHANGED
@@ -30,8 +30,7 @@ module CMSScanner
30
30
 
31
31
  users.each { |u| user_requests_count[u.username] = 0 }
32
32
 
33
- File.foreach(wordlist) do |password|
34
- password.chomp!
33
+ File.foreach(wordlist, chomp: true) do |password|
35
34
  remaining_users = users.select { |u| u.password.nil? }
36
35
 
37
36
  break if remaining_users.empty?
data/lib/cms_scanner/numeric.rb CHANGED
@@ -8,6 +8,6 @@ class Numeric
8
8
  e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
9
9
  s = format('%<s>.3f', s: (abs.to_f / 1024**e))
10
10
 
11
- s.sub(/\.?0*$/, ' ' + units[e])
11
+ s.sub(/\.?0*$/, " #{units[e]}")
12
12
  end
13
13
  end
data/lib/cms_scanner/references.rb CHANGED
@@ -86,7 +86,7 @@ module CMSScanner
86
86
 
87
87
  # @return [ String ] The URL to the metasploit module page
88
88
  def msf_url(mod)
89
- "https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
89
+ "https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}/"
90
90
  end
91
91
 
92
92
  # @return [ Array<String> ] The Packetstormsecurity IDs
data/lib/cms_scanner/scan.rb CHANGED
@@ -29,11 +29,15 @@ module CMSScanner
29
29
  rescue NoMemoryError, ScriptError, SecurityError, SignalException, StandardError, SystemStackError => e
30
30
  @run_error = e
31
31
 
32
- formatter.output('@scan_aborted',
33
- reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
34
- trace: e.backtrace,
35
- verbose: NS::ParsedCli.verbose ||
36
- run_error_exit_code == NS::ExitCode::EXCEPTION)
32
+ output_params = {
33
+ reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
34
+ trace: e.backtrace,
35
+ verbose: NS::ParsedCli.verbose || run_error_exit_code == NS::ExitCode::EXCEPTION
36
+ }
37
+
38
+ output_params[:url] = controllers.first.target.url if NS::ParsedCli.url
39
+
40
+ formatter.output('@scan_aborted', output_params)
37
41
  ensure
38
42
  formatter.beautify
39
43
  end
data/lib/cms_scanner/target.rb CHANGED
@@ -105,11 +105,11 @@ module CMSScanner
105
105
  next unless attr_value && !attr_value.empty?
106
106
 
107
107
  node_uri = begin
108
- uri.join(attr_value.strip)
109
- rescue StandardError
110
- # Skip potential malformed URLs etc.
111
- next
112
- end
108
+ uri.join(attr_value.strip)
109
+ rescue StandardError
110
+ # Skip potential malformed URLs etc.
111
+ next
112
+ end
113
113
 
114
114
  next unless node_uri.host
115
115
 
data/lib/cms_scanner/target/scope.rb CHANGED
@@ -60,7 +60,7 @@ module CMSScanner
60
60
 
61
61
  domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
62
62
 
63
- domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
63
+ domains[0].gsub!(Regexp.escape(uri.host), "#{Regexp.escape(uri.host)}(?::\\d+)?") if uri.port
64
64
 
65
65
  @scope_url_pattern = %r{https?:\\?/\\?/(?:#{domains.join('|')})\\?/?}i
66
66
  end
data/lib/cms_scanner/target/server/generic.rb CHANGED
@@ -41,7 +41,7 @@ module CMSScanner
41
41
  def directory_listing?(path = nil, params = {})
42
42
  res = NS::Browser.get(url(path), params)
43
43
 
44
- res.code == 200 && res.body.include?('<h1>Index of') ? true : false
44
+ res.code == 200 && res.body.include?('<h1>Index of')
45
45
  end
46
46
 
47
47
  # @param [ String ] path
data/lib/cms_scanner/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module CMSScanner
5
- VERSION = '0.12.0'
5
+ VERSION = '0.13.2'
6
6
  end
data/lib/cms_scanner/vulnerability.rb CHANGED
@@ -5,7 +5,7 @@ module CMSScanner
5
5
  class Vulnerability
6
6
  include References
7
7
 
8
- attr_reader :title, :type, :fixed_in, :cvss
8
+ attr_reader :title, :type, :fixed_in, :introduced_in, :cvss
9
9
 
10
10
  # @param [ String ] title
11
11
  # @param [ Hash ] references
@@ -18,14 +18,16 @@ module CMSScanner
18
18
  # @option references [ Array<String> ] :youtube
19
19
  # @param [ String ] type
20
20
  # @param [ String ] fixed_in
21
+ # @param [ String ] introduced_in
21
22
  # @param [ HashSymbol ] cvss
22
23
  # @option cvss [ String ] :score
23
24
  # @option cvss [ String ] :vector
24
- def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
25
- @title = title
26
- @type = type
27
- @fixed_in = fixed_in
28
- @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
25
+ def initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil)
26
+ @title = title
27
+ @type = type
28
+ @fixed_in = fixed_in
29
+ @introduced_in = introduced_in
30
+ @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
29
31
 
30
32
  self.references = references
31
33
  end
data/lib/cms_scanner/web_site.rb CHANGED
@@ -62,7 +62,7 @@ module CMSScanner
62
62
 
63
63
  # @return [ String ] The URL of an unlikely existant page
64
64
  def error_404_url
65
- @error_404_url ||= uri.join(Digest::MD5.hexdigest(rand(999_999).to_s)[0..6] + '.html').to_s
65
+ @error_404_url ||= uri.join("#{Digest::MD5.hexdigest(rand(999_999).to_s)[0..6]}.html").to_s
66
66
  end
67
67
 
68
68
  # Checks if the remote website is up.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.0
4
+ version: 0.13.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-16 00:00:00.000000000 Z
11
+ date: 2021-03-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: get_process_mem
@@ -30,28 +30,28 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.10.8
33
+ version: 1.11.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.10.8
40
+ version: 1.11.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: opt_parse_validator
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.9.1
47
+ version: 1.9.4
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.9.1
54
+ version: 1.9.4
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: public_suffix
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -70,16 +70,22 @@ dependencies:
70
70
  name: ruby-progressbar
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - "~>"
73
+ - - ">="
74
74
  - !ruby/object:Gem::Version
75
- version: 1.10.0
75
+ version: '1.10'
76
+ - - "<"
77
+ - !ruby/object:Gem::Version
78
+ version: '1.12'
76
79
  type: :runtime
77
80
  prerelease: false
78
81
  version_requirements: !ruby/object:Gem::Requirement
79
82
  requirements:
80
- - - "~>"
83
+ - - ">="
81
84
  - !ruby/object:Gem::Version
82
- version: 1.10.0
85
+ version: '1.10'
86
+ - - "<"
87
+ - !ruby/object:Gem::Version
88
+ version: '1.12'
83
89
  - !ruby/object:Gem::Dependency
84
90
  name: typhoeus
85
91
  requirement: !ruby/object:Gem::Requirement
@@ -176,14 +182,14 @@ dependencies:
176
182
  requirements:
177
183
  - - "~>"
178
184
  - !ruby/object:Gem::Version
179
- version: 3.9.0
185
+ version: 3.10.0
180
186
  type: :development
181
187
  prerelease: false
182
188
  version_requirements: !ruby/object:Gem::Requirement
183
189
  requirements:
184
190
  - - "~>"
185
191
  - !ruby/object:Gem::Version
186
- version: 3.9.0
192
+ version: 3.10.0
187
193
  - !ruby/object:Gem::Dependency
188
194
  name: rspec-its
189
195
  requirement: !ruby/object:Gem::Requirement
@@ -204,42 +210,42 @@ dependencies:
204
210
  requirements:
205
211
  - - "~>"
206
212
  - !ruby/object:Gem::Version
207
- version: 0.88.0
213
+ version: 1.11.0
208
214
  type: :development
209
215
  prerelease: false
210
216
  version_requirements: !ruby/object:Gem::Requirement
211
217
  requirements:
212
218
  - - "~>"
213
219
  - !ruby/object:Gem::Version
214
- version: 0.88.0
220
+ version: 1.11.0
215
221
  - !ruby/object:Gem::Dependency
216
222
  name: rubocop-performance
217
223
  requirement: !ruby/object:Gem::Requirement
218
224
  requirements:
219
225
  - - "~>"
220
226
  - !ruby/object:Gem::Version
221
- version: 1.7.0
227
+ version: 1.10.0
222
228
  type: :development
223
229
  prerelease: false
224
230
  version_requirements: !ruby/object:Gem::Requirement
225
231
  requirements:
226
232
  - - "~>"
227
233
  - !ruby/object:Gem::Version
228
- version: 1.7.0
234
+ version: 1.10.0
229
235
  - !ruby/object:Gem::Dependency
230
236
  name: simplecov
231
237
  requirement: !ruby/object:Gem::Requirement
232
238
  requirements:
233
239
  - - "~>"
234
240
  - !ruby/object:Gem::Version
235
- version: 0.18.2
241
+ version: 0.21.0
236
242
  type: :development
237
243
  prerelease: false
238
244
  version_requirements: !ruby/object:Gem::Requirement
239
245
  requirements:
240
246
  - - "~>"
241
247
  - !ruby/object:Gem::Version
242
- version: 0.18.2
248
+ version: 0.21.0
243
249
  - !ruby/object:Gem::Dependency
244
250
  name: simplecov-lcov
245
251
  requirement: !ruby/object:Gem::Requirement
@@ -260,17 +266,17 @@ dependencies:
260
266
  requirements:
261
267
  - - "~>"
262
268
  - !ruby/object:Gem::Version
263
- version: 3.8.0
269
+ version: 3.12.0
264
270
  type: :development
265
271
  prerelease: false
266
272
  version_requirements: !ruby/object:Gem::Requirement
267
273
  requirements:
268
274
  - - "~>"
269
275
  - !ruby/object:Gem::Version
270
- version: 3.8.0
276
+ version: 3.12.0
271
277
  description: Framework to provide an easy way to implement CMS Scanners
272
278
  email:
273
- - team@wpscan.org
279
+ - contact@wpscan.com
274
280
  executables: []
275
281
  extensions: []
276
282
  extra_rdoc_files: []