cms_scanner 0.13.5 → 0.13.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/core/cli_options.rb +1 -1
- data/app/controllers/core.rb +17 -3
- data/lib/cms_scanner/errors/http.rb +2 -1
- data/lib/cms_scanner/finders/finder/enumerator.rb +1 -1
- data/lib/cms_scanner/formatter.rb +8 -1
- data/lib/cms_scanner/numeric.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/web_site.rb +1 -1
- metadata +40 -28
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c30dcbc053e4087d1f308d8390d026a028ddb2ca7c8f5f01108e72beed649e76
|
|
4
|
+
data.tar.gz: fdd30f85d4a8847da231678c1a785002421f322d65623a9ad66168a007cba420
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a63a0447cc9f8dcc69974e6b82e93db96d534006e5a5a35b5de56a2374d8a28750034b3490e6180e8d1706a01132eb90ca49e6dc8060c4c625b704a93a76e862
|
|
7
|
+
data.tar.gz: 9b5e1f8fa8cbee20c75b163814196cc08292fbff28a6feb6d5f52f58cf36ecd9bbbd161b8c38abf3476fb7a87e564fcdb5bbb554c0611d4ba0a146dc083cb3e2
|
|
@@ -55,7 +55,7 @@ module CMSScanner
|
|
|
55
55
|
OptPositiveInteger.new(['-t', '--max-threads VALUE', 'The max threads to use'],
|
|
56
56
|
default: 5),
|
|
57
57
|
OptPositiveInteger.new(['--throttle MilliSeconds', 'Milliseconds to wait before doing another web request. ' \
|
|
58
|
-
|
|
58
|
+
'If used, the max threads will be set to 1.']),
|
|
59
59
|
OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
|
|
60
60
|
default: 60),
|
|
61
61
|
OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
|
data/app/controllers/core.rb
CHANGED
|
@@ -48,14 +48,28 @@ module CMSScanner
|
|
|
48
48
|
raise Error::ProxyAuthRequired
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
51
|
+
handle_redirection(res)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
# Checks for redirects, an out of scope redirect will raise an Error::HTTPRedirect
|
|
55
|
+
#
|
|
56
|
+
# @param [ Typhoeus::Response ] res
|
|
57
|
+
def handle_redirection(res)
|
|
58
|
+
effective_url = target.homepage_res.effective_url # Basically get and follow location of target.url
|
|
59
|
+
effective_uri = Addressable::URI.parse(effective_url)
|
|
60
|
+
|
|
61
|
+
# Case of http://a.com => https://a.com (or the opposite)
|
|
62
|
+
if !NS::ParsedCli.ignore_main_redirect && target.uri.domain == effective_uri.domain &&
|
|
63
|
+
target.uri.path == effective_uri.path && target.uri.scheme != effective_uri.scheme
|
|
64
|
+
|
|
65
|
+
target.url = effective_url
|
|
66
|
+
end
|
|
54
67
|
|
|
55
68
|
return if target.in_scope?(effective_url)
|
|
56
69
|
|
|
57
70
|
raise Error::HTTPRedirect, effective_url unless NS::ParsedCli.ignore_main_redirect
|
|
58
71
|
|
|
72
|
+
# Sets back homepage_res to unfollowed location in case of ignore_main_redirect used
|
|
59
73
|
target.homepage_res = res
|
|
60
74
|
end
|
|
61
75
|
|
|
@@ -64,7 +64,8 @@ module CMSScanner
|
|
|
64
64
|
|
|
65
65
|
def to_s
|
|
66
66
|
"The URL supplied redirects to #{redirect_uri}. Use the --ignore-main-redirect "\
|
|
67
|
-
|
|
67
|
+
'option to ignore the redirection and scan the target, or change the --url option ' \
|
|
68
|
+
'value to the redirected URL.'
|
|
68
69
|
end
|
|
69
70
|
end
|
|
70
71
|
end
|
|
@@ -62,7 +62,7 @@ module CMSScanner
|
|
|
62
62
|
return unless valid_response_codes.include?(full_res.code)
|
|
63
63
|
|
|
64
64
|
return if target.homepage_or_404?(full_res) ||
|
|
65
|
-
opts[:exclude_content] && full_res.body&.match(opts[:exclude_content])
|
|
65
|
+
(opts[:exclude_content] && full_res.body&.match(opts[:exclude_content]))
|
|
66
66
|
|
|
67
67
|
full_res
|
|
68
68
|
end
|
|
@@ -84,6 +84,8 @@ module CMSScanner
|
|
|
84
84
|
puts render(tpl, vars, controller_name)
|
|
85
85
|
end
|
|
86
86
|
|
|
87
|
+
ERB_SUPPORTS_KVARGS = ::ERB.instance_method(:initialize).parameters.assoc(:key) # Ruby 2.6+
|
|
88
|
+
|
|
87
89
|
# @param [ String ] tpl
|
|
88
90
|
# @param [ Hash ] vars
|
|
89
91
|
# @param [ String ] controller_name
|
|
@@ -93,7 +95,12 @@ module CMSScanner
|
|
|
93
95
|
|
|
94
96
|
# '-' is used to disable new lines when -%> is used
|
|
95
97
|
# See http://www.ruby-doc.org/stdlib-2.1.1/libdoc/erb/rdoc/ERB.html
|
|
96
|
-
|
|
98
|
+
# Since ruby 2.6, KVARGS are supported and passing argument is deprecated in ruby 3+
|
|
99
|
+
if ERB_SUPPORTS_KVARGS
|
|
100
|
+
ERB.new(File.read(view_path(tpl)), trim_mode: '-').result(binding)
|
|
101
|
+
else
|
|
102
|
+
ERB.new(File.read(view_path(tpl)), nil, '-').result(binding)
|
|
103
|
+
end
|
|
97
104
|
end
|
|
98
105
|
|
|
99
106
|
# @param [ Hash ] vars
|
data/lib/cms_scanner/numeric.rb
CHANGED
|
@@ -6,7 +6,7 @@ class Numeric
|
|
|
6
6
|
def bytes_to_human
|
|
7
7
|
units = %w[B KB MB GB TB]
|
|
8
8
|
e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
|
|
9
|
-
s = format('%<s>.3f', s: (abs.to_f / 1024**e))
|
|
9
|
+
s = format('%<s>.3f', s: (abs.to_f / (1024**e)))
|
|
10
10
|
|
|
11
11
|
s.sub(/\.?0*$/, " #{units[e]}")
|
|
12
12
|
end
|
data/lib/cms_scanner/version.rb
CHANGED
data/lib/cms_scanner/web_site.rb
CHANGED
|
@@ -115,7 +115,7 @@ module CMSScanner
|
|
|
115
115
|
|
|
116
116
|
# @return [ Hash ] The Typhoeus params to use to perform head requests
|
|
117
117
|
def head_or_get_params
|
|
118
|
-
@head_or_get_params ||= if NS::Browser.head(homepage_url).code
|
|
118
|
+
@head_or_get_params ||= if [0, 405, 501].include?(NS::Browser.head(homepage_url).code)
|
|
119
119
|
{ method: :get, maxfilesize: 1 }
|
|
120
120
|
else
|
|
121
121
|
{ method: :head }
|
metadata
CHANGED
|
@@ -1,15 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.13.
|
|
4
|
+
version: 0.13.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: ethon
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.14'
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '0.16'
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0.14'
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '0.16'
|
|
13
33
|
- !ruby/object:Gem::Dependency
|
|
14
34
|
name: get_process_mem
|
|
15
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -28,30 +48,36 @@ dependencies:
|
|
|
28
48
|
name: nokogiri
|
|
29
49
|
requirement: !ruby/object:Gem::Requirement
|
|
30
50
|
requirements:
|
|
31
|
-
- - "
|
|
51
|
+
- - ">="
|
|
32
52
|
- !ruby/object:Gem::Version
|
|
33
53
|
version: 1.11.4
|
|
54
|
+
- - "<"
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 1.14.0
|
|
34
57
|
type: :runtime
|
|
35
58
|
prerelease: false
|
|
36
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
60
|
requirements:
|
|
38
|
-
- - "
|
|
61
|
+
- - ">="
|
|
39
62
|
- !ruby/object:Gem::Version
|
|
40
63
|
version: 1.11.4
|
|
64
|
+
- - "<"
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: 1.14.0
|
|
41
67
|
- !ruby/object:Gem::Dependency
|
|
42
68
|
name: opt_parse_validator
|
|
43
69
|
requirement: !ruby/object:Gem::Requirement
|
|
44
70
|
requirements:
|
|
45
71
|
- - "~>"
|
|
46
72
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.9.
|
|
73
|
+
version: 1.9.5
|
|
48
74
|
type: :runtime
|
|
49
75
|
prerelease: false
|
|
50
76
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
77
|
requirements:
|
|
52
78
|
- - "~>"
|
|
53
79
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.9.
|
|
80
|
+
version: 1.9.5
|
|
55
81
|
- !ruby/object:Gem::Dependency
|
|
56
82
|
name: public_suffix
|
|
57
83
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,20 +132,6 @@ dependencies:
|
|
|
106
132
|
- - "<"
|
|
107
133
|
- !ruby/object:Gem::Version
|
|
108
134
|
version: '1.5'
|
|
109
|
-
- !ruby/object:Gem::Dependency
|
|
110
|
-
name: ethon
|
|
111
|
-
requirement: !ruby/object:Gem::Requirement
|
|
112
|
-
requirements:
|
|
113
|
-
- - "~>"
|
|
114
|
-
- !ruby/object:Gem::Version
|
|
115
|
-
version: 0.14.0
|
|
116
|
-
type: :runtime
|
|
117
|
-
prerelease: false
|
|
118
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
119
|
-
requirements:
|
|
120
|
-
- - "~>"
|
|
121
|
-
- !ruby/object:Gem::Version
|
|
122
|
-
version: 0.14.0
|
|
123
135
|
- !ruby/object:Gem::Dependency
|
|
124
136
|
name: xmlrpc
|
|
125
137
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -196,14 +208,14 @@ dependencies:
|
|
|
196
208
|
requirements:
|
|
197
209
|
- - "~>"
|
|
198
210
|
- !ruby/object:Gem::Version
|
|
199
|
-
version: 3.
|
|
211
|
+
version: 3.11.0
|
|
200
212
|
type: :development
|
|
201
213
|
prerelease: false
|
|
202
214
|
version_requirements: !ruby/object:Gem::Requirement
|
|
203
215
|
requirements:
|
|
204
216
|
- - "~>"
|
|
205
217
|
- !ruby/object:Gem::Version
|
|
206
|
-
version: 3.
|
|
218
|
+
version: 3.11.0
|
|
207
219
|
- !ruby/object:Gem::Dependency
|
|
208
220
|
name: rspec-its
|
|
209
221
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -224,28 +236,28 @@ dependencies:
|
|
|
224
236
|
requirements:
|
|
225
237
|
- - "~>"
|
|
226
238
|
- !ruby/object:Gem::Version
|
|
227
|
-
version: 1.
|
|
239
|
+
version: 1.26.0
|
|
228
240
|
type: :development
|
|
229
241
|
prerelease: false
|
|
230
242
|
version_requirements: !ruby/object:Gem::Requirement
|
|
231
243
|
requirements:
|
|
232
244
|
- - "~>"
|
|
233
245
|
- !ruby/object:Gem::Version
|
|
234
|
-
version: 1.
|
|
246
|
+
version: 1.26.0
|
|
235
247
|
- !ruby/object:Gem::Dependency
|
|
236
248
|
name: rubocop-performance
|
|
237
249
|
requirement: !ruby/object:Gem::Requirement
|
|
238
250
|
requirements:
|
|
239
251
|
- - "~>"
|
|
240
252
|
- !ruby/object:Gem::Version
|
|
241
|
-
version: 1.
|
|
253
|
+
version: 1.13.0
|
|
242
254
|
type: :development
|
|
243
255
|
prerelease: false
|
|
244
256
|
version_requirements: !ruby/object:Gem::Requirement
|
|
245
257
|
requirements:
|
|
246
258
|
- - "~>"
|
|
247
259
|
- !ruby/object:Gem::Version
|
|
248
|
-
version: 1.
|
|
260
|
+
version: 1.13.0
|
|
249
261
|
- !ruby/object:Gem::Dependency
|
|
250
262
|
name: simplecov
|
|
251
263
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -280,14 +292,14 @@ dependencies:
|
|
|
280
292
|
requirements:
|
|
281
293
|
- - "~>"
|
|
282
294
|
- !ruby/object:Gem::Version
|
|
283
|
-
version: 3.
|
|
295
|
+
version: 3.14.0
|
|
284
296
|
type: :development
|
|
285
297
|
prerelease: false
|
|
286
298
|
version_requirements: !ruby/object:Gem::Requirement
|
|
287
299
|
requirements:
|
|
288
300
|
- - "~>"
|
|
289
301
|
- !ruby/object:Gem::Version
|
|
290
|
-
version: 3.
|
|
302
|
+
version: 3.14.0
|
|
291
303
|
description: Framework to provide an easy way to implement CMS Scanners
|
|
292
304
|
email:
|
|
293
305
|
- contact@wpscan.com
|