cms_scanner 0.12.1 → 0.13.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/core.rb +1 -1
  3. data/app/controllers/core/cli_options.rb +2 -1
  4. data/app/views/json/scan_aborted.erb +1 -0
  5. data/lib/cms_scanner/cache/file_store.rb +1 -1
  6. data/lib/cms_scanner/errors/http.rb +1 -1
  7. data/lib/cms_scanner/finders/finder.rb +3 -1
  8. data/lib/cms_scanner/finders/finder/enumerator.rb +2 -0
  9. data/lib/cms_scanner/numeric.rb +1 -1
  10. data/lib/cms_scanner/references.rb +1 -1
  11. data/lib/cms_scanner/scan.rb +9 -5
  12. data/lib/cms_scanner/target.rb +5 -5
  13. data/lib/cms_scanner/target/scope.rb +1 -1
  14. data/lib/cms_scanner/target/server/generic.rb +1 -1
  15. data/lib/cms_scanner/version.rb +1 -1
  16. data/lib/cms_scanner/vulnerability.rb +8 -6
  17. data/lib/cms_scanner/web_site.rb +1 -1
  18. metadata +27 -21
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4bd03cf29a3233e11bb14e25cc34876158525f2c6fb5c1ab52319c169e4de474
4
- data.tar.gz: b3488745cffc83aea82ea33d6f44c6c52fc5da794d2b2d7d8e0176fe0a9a7a32
3
+ metadata.gz: 89d37ba77ff1070c9addc53d0ecabaf1252e3cf2bf88a91b3af80f91342adbf3
4
+ data.tar.gz: 8f3b10edf7482677f61b50725fb8567149fec6d2df40ad47f45a98f8452cd774
5
5
  SHA512:
6
- metadata.gz: 3029e64fb9f68e040a01a894065b44fb71c15f0e14097fce7534eeeceb09162b4ee836dac56eb6887f2c7bb5fb947e29b59c84b11e82d52494c9de612d59d8d6
7
- data.tar.gz: c182f889010dfa7fd9536d560adae2b23cc479dae31dbe20127b51c79e2f30bd88f3c8c77006341ad0a872f3871826eb9a1e04c4314fbab142f7afed2ff68fab
6
+ metadata.gz: acd1f06bbc57f14b3c82de562f424892e9af6b1eda64e7dcdbc9a8ade93cd87ed5bab4f449cedf0653dab7df3ba9e9f3cdb84e2847da9a68f958cd8d7e0531a1
7
+ data.tar.gz: 1d0f21bd6935c6fa2e4302db95a70932b7a472ec68dceb42b7cd44ed2a999b893313e924b7b8bd5396eac2ce2739f3d5ef675b2d5a3c408e4bd12666904a99cf
data/app/controllers/core.rb CHANGED
@@ -43,7 +43,7 @@ module CMSScanner
43
43
  when 401
44
44
  raise Error::HTTPAuthRequired
45
45
  when 403
46
- raise Error::AccessForbidden, NS::ParsedCli.random_user_agent
46
+ raise Error::AccessForbidden, NS::ParsedCli.random_user_agent unless NS::ParsedCli.force
47
47
  when 407
48
48
  raise Error::ProxyAuthRequired
49
49
  end
data/app/controllers/core/cli_options.rb CHANGED
@@ -10,7 +10,8 @@ module CMSScanner
10
10
  [
11
11
  OptURL.new(['-u', '--url URL', 'The URL to scan'],
12
12
  required_unless: %i[help hh version],
13
- default_protocol: 'http')
13
+ default_protocol: 'http'),
14
+ OptBoolean.new(['--force', 'Do not check if target returns a 403'])
14
15
  ] + mixed_cli_options + [
15
16
  OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
16
17
  OptChoice.new(['-f', '--format FORMAT',
data/app/views/json/scan_aborted.erb CHANGED
@@ -1,4 +1,5 @@
1
1
  "scan_aborted": <%= @reason.to_json %>,
2
+ "target_url": <%= @url.to_json %>,
2
3
  <% if @verbose -%>
3
4
  "trace": <%= @trace.to_json %>,
4
5
  <% end %>
data/lib/cms_scanner/cache/file_store.rb CHANGED
@@ -59,7 +59,7 @@ module CMSScanner
59
59
  #
60
60
  # @return [ String ] The expiration file path associated to the key
61
61
  def entry_expiration_path(key)
62
- entry_path(key) + '.expiration'
62
+ "#{entry_path(key)}.expiration"
63
63
  end
64
64
 
65
65
  private
data/lib/cms_scanner/errors/http.rb CHANGED
@@ -44,7 +44,7 @@ module CMSScanner
44
44
 
45
45
  def to_s
46
46
  msg = if random_user_agent_used
47
- 'Well... --random-user-agent didn\'t work, you\'re on your own now!'
47
+ 'Well... --random-user-agent didn\'t work, use --force to skip this check if needed.'
48
48
  else
49
49
  'Please re-try with --random-user-agent'
50
50
  end
data/lib/cms_scanner/finders/finder.rb CHANGED
@@ -57,10 +57,12 @@ module CMSScanner
57
57
  # @param [String, Class ] klass
58
58
  # @return [ String ]
59
59
  def found_by(klass = self.class)
60
+ labels = %w[aggressive passive]
61
+
60
62
  caller_locations.each do |call|
61
63
  label = call.label
62
64
 
63
- next unless %w[aggressive passive].include? label
65
+ next unless labels.include? label
64
66
 
65
67
  title = klass.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)
66
68
 
data/lib/cms_scanner/finders/finder/enumerator.rb CHANGED
@@ -59,6 +59,8 @@ module CMSScanner
59
59
 
60
60
  full_res = NS::Browser.get(head_res.effective_url, full_request_params)
61
61
 
62
+ return unless valid_response_codes.include?(full_res.code)
63
+
62
64
  return if target.homepage_or_404?(full_res) ||
63
65
  opts[:exclude_content] && full_res.body&.match(opts[:exclude_content])
64
66
 
data/lib/cms_scanner/numeric.rb CHANGED
@@ -8,6 +8,6 @@ class Numeric
8
8
  e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
9
9
  s = format('%<s>.3f', s: (abs.to_f / 1024**e))
10
10
 
11
- s.sub(/\.?0*$/, ' ' + units[e])
11
+ s.sub(/\.?0*$/, " #{units[e]}")
12
12
  end
13
13
  end
data/lib/cms_scanner/references.rb CHANGED
@@ -86,7 +86,7 @@ module CMSScanner
86
86
 
87
87
  # @return [ String ] The URL to the metasploit module page
88
88
  def msf_url(mod)
89
- "https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
89
+ "https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}/"
90
90
  end
91
91
 
92
92
  # @return [ Array<String> ] The Packetstormsecurity IDs
data/lib/cms_scanner/scan.rb CHANGED
@@ -29,11 +29,15 @@ module CMSScanner
29
29
  rescue NoMemoryError, ScriptError, SecurityError, SignalException, StandardError, SystemStackError => e
30
30
  @run_error = e
31
31
 
32
- formatter.output('@scan_aborted',
33
- reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
34
- trace: e.backtrace,
35
- verbose: NS::ParsedCli.verbose ||
36
- run_error_exit_code == NS::ExitCode::EXCEPTION)
32
+ output_params = {
33
+ reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
34
+ trace: e.backtrace,
35
+ verbose: NS::ParsedCli.verbose || run_error_exit_code == NS::ExitCode::EXCEPTION
36
+ }
37
+
38
+ output_params[:url] = controllers.first.target.url if NS::ParsedCli.url
39
+
40
+ formatter.output('@scan_aborted', output_params)
37
41
  ensure
38
42
  formatter.beautify
39
43
  end
data/lib/cms_scanner/target.rb CHANGED
@@ -105,11 +105,11 @@ module CMSScanner
105
105
  next unless attr_value && !attr_value.empty?
106
106
 
107
107
  node_uri = begin
108
- uri.join(attr_value.strip)
109
- rescue StandardError
110
- # Skip potential malformed URLs etc.
111
- next
112
- end
108
+ uri.join(attr_value.strip)
109
+ rescue StandardError
110
+ # Skip potential malformed URLs etc.
111
+ next
112
+ end
113
113
 
114
114
  next unless node_uri.host
115
115
 
data/lib/cms_scanner/target/scope.rb CHANGED
@@ -60,7 +60,7 @@ module CMSScanner
60
60
 
61
61
  domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
62
62
 
63
- domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
63
+ domains[0].gsub!(Regexp.escape(uri.host), "#{Regexp.escape(uri.host)}(?::\\d+)?") if uri.port
64
64
 
65
65
  @scope_url_pattern = %r{https?:\\?/\\?/(?:#{domains.join('|')})\\?/?}i
66
66
  end
data/lib/cms_scanner/target/server/generic.rb CHANGED
@@ -41,7 +41,7 @@ module CMSScanner
41
41
  def directory_listing?(path = nil, params = {})
42
42
  res = NS::Browser.get(url(path), params)
43
43
 
44
- res.code == 200 && res.body.include?('<h1>Index of') ? true : false
44
+ res.code == 200 && res.body.include?('<h1>Index of')
45
45
  end
46
46
 
47
47
  # @param [ String ] path
data/lib/cms_scanner/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module CMSScanner
5
- VERSION = '0.12.1'
5
+ VERSION = '0.13.3'
6
6
  end
data/lib/cms_scanner/vulnerability.rb CHANGED
@@ -5,7 +5,7 @@ module CMSScanner
5
5
  class Vulnerability
6
6
  include References
7
7
 
8
- attr_reader :title, :type, :fixed_in, :cvss
8
+ attr_reader :title, :type, :fixed_in, :introduced_in, :cvss
9
9
 
10
10
  # @param [ String ] title
11
11
  # @param [ Hash ] references
@@ -18,14 +18,16 @@ module CMSScanner
18
18
  # @option references [ Array<String> ] :youtube
19
19
  # @param [ String ] type
20
20
  # @param [ String ] fixed_in
21
+ # @param [ String ] introduced_in
21
22
  # @param [ HashSymbol ] cvss
22
23
  # @option cvss [ String ] :score
23
24
  # @option cvss [ String ] :vector
24
- def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
25
- @title = title
26
- @type = type
27
- @fixed_in = fixed_in
28
- @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
25
+ def initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil)
26
+ @title = title
27
+ @type = type
28
+ @fixed_in = fixed_in
29
+ @introduced_in = introduced_in
30
+ @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
29
31
 
30
32
  self.references = references
31
33
  end
data/lib/cms_scanner/web_site.rb CHANGED
@@ -62,7 +62,7 @@ module CMSScanner
62
62
 
63
63
  # @return [ String ] The URL of an unlikely existant page
64
64
  def error_404_url
65
- @error_404_url ||= uri.join(Digest::MD5.hexdigest(rand(999_999).to_s)[0..6] + '.html').to_s
65
+ @error_404_url ||= uri.join("#{Digest::MD5.hexdigest(rand(999_999).to_s)[0..6]}.html").to_s
66
66
  end
67
67
 
68
68
  # Checks if the remote website is up.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.1
4
+ version: 0.13.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-25 00:00:00.000000000 Z
11
+ date: 2021-03-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: get_process_mem
@@ -30,28 +30,28 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.10.8
33
+ version: 1.11.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.10.8
40
+ version: 1.11.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: opt_parse_validator
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.9.2
47
+ version: 1.9.4
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.9.2
54
+ version: 1.9.4
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: public_suffix
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -70,16 +70,22 @@ dependencies:
70
70
  name: ruby-progressbar
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - "~>"
73
+ - - ">="
74
74
  - !ruby/object:Gem::Version
75
- version: 1.10.0
75
+ version: '1.10'
76
+ - - "<"
77
+ - !ruby/object:Gem::Version
78
+ version: '1.12'
76
79
  type: :runtime
77
80
  prerelease: false
78
81
  version_requirements: !ruby/object:Gem::Requirement
79
82
  requirements:
80
- - - "~>"
83
+ - - ">="
81
84
  - !ruby/object:Gem::Version
82
- version: 1.10.0
85
+ version: '1.10'
86
+ - - "<"
87
+ - !ruby/object:Gem::Version
88
+ version: '1.12'
83
89
  - !ruby/object:Gem::Dependency
84
90
  name: typhoeus
85
91
  requirement: !ruby/object:Gem::Requirement
@@ -176,14 +182,14 @@ dependencies:
176
182
  requirements:
177
183
  - - "~>"
178
184
  - !ruby/object:Gem::Version
179
- version: 3.9.0
185
+ version: 3.10.0
180
186
  type: :development
181
187
  prerelease: false
182
188
  version_requirements: !ruby/object:Gem::Requirement
183
189
  requirements:
184
190
  - - "~>"
185
191
  - !ruby/object:Gem::Version
186
- version: 3.9.0
192
+ version: 3.10.0
187
193
  - !ruby/object:Gem::Dependency
188
194
  name: rspec-its
189
195
  requirement: !ruby/object:Gem::Requirement
@@ -204,42 +210,42 @@ dependencies:
204
210
  requirements:
205
211
  - - "~>"
206
212
  - !ruby/object:Gem::Version
207
- version: 0.88.0
213
+ version: 1.11.0
208
214
  type: :development
209
215
  prerelease: false
210
216
  version_requirements: !ruby/object:Gem::Requirement
211
217
  requirements:
212
218
  - - "~>"
213
219
  - !ruby/object:Gem::Version
214
- version: 0.88.0
220
+ version: 1.11.0
215
221
  - !ruby/object:Gem::Dependency
216
222
  name: rubocop-performance
217
223
  requirement: !ruby/object:Gem::Requirement
218
224
  requirements:
219
225
  - - "~>"
220
226
  - !ruby/object:Gem::Version
221
- version: 1.7.0
227
+ version: 1.10.0
222
228
  type: :development
223
229
  prerelease: false
224
230
  version_requirements: !ruby/object:Gem::Requirement
225
231
  requirements:
226
232
  - - "~>"
227
233
  - !ruby/object:Gem::Version
228
- version: 1.7.0
234
+ version: 1.10.0
229
235
  - !ruby/object:Gem::Dependency
230
236
  name: simplecov
231
237
  requirement: !ruby/object:Gem::Requirement
232
238
  requirements:
233
239
  - - "~>"
234
240
  - !ruby/object:Gem::Version
235
- version: 0.18.2
241
+ version: 0.21.0
236
242
  type: :development
237
243
  prerelease: false
238
244
  version_requirements: !ruby/object:Gem::Requirement
239
245
  requirements:
240
246
  - - "~>"
241
247
  - !ruby/object:Gem::Version
242
- version: 0.18.2
248
+ version: 0.21.0
243
249
  - !ruby/object:Gem::Dependency
244
250
  name: simplecov-lcov
245
251
  requirement: !ruby/object:Gem::Requirement
@@ -260,17 +266,17 @@ dependencies:
260
266
  requirements:
261
267
  - - "~>"
262
268
  - !ruby/object:Gem::Version
263
- version: 3.8.0
269
+ version: 3.12.0
264
270
  type: :development
265
271
  prerelease: false
266
272
  version_requirements: !ruby/object:Gem::Requirement
267
273
  requirements:
268
274
  - - "~>"
269
275
  - !ruby/object:Gem::Version
270
- version: 3.8.0
276
+ version: 3.12.0
271
277
  description: Framework to provide an easy way to implement CMS Scanners
272
278
  email:
273
- - team@wpscan.org
279
+ - contact@wpscan.com
274
280
  executables: []
275
281
  extensions: []
276
282
  extra_rdoc_files: []