cms_scanner 0.13.5 → 0.13.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/core/cli_options.rb +1 -1
- data/app/controllers/core.rb +17 -3
- data/lib/cms_scanner/errors/http.rb +2 -1
- data/lib/cms_scanner/finders/finder/enumerator.rb +1 -1
- data/lib/cms_scanner/formatter.rb +8 -1
- data/lib/cms_scanner/numeric.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/web_site.rb +1 -1
- metadata +40 -28
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c30dcbc053e4087d1f308d8390d026a028ddb2ca7c8f5f01108e72beed649e76
|
|
4
|
+
data.tar.gz: fdd30f85d4a8847da231678c1a785002421f322d65623a9ad66168a007cba420
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a63a0447cc9f8dcc69974e6b82e93db96d534006e5a5a35b5de56a2374d8a28750034b3490e6180e8d1706a01132eb90ca49e6dc8060c4c625b704a93a76e862
|
|
7
|
+
data.tar.gz: 9b5e1f8fa8cbee20c75b163814196cc08292fbff28a6feb6d5f52f58cf36ecd9bbbd161b8c38abf3476fb7a87e564fcdb5bbb554c0611d4ba0a146dc083cb3e2
|
|
@@ -55,7 +55,7 @@ module CMSScanner
|
|
|
55
55
|
OptPositiveInteger.new(['-t', '--max-threads VALUE', 'The max threads to use'],
|
|
56
56
|
default: 5),
|
|
57
57
|
OptPositiveInteger.new(['--throttle MilliSeconds', 'Milliseconds to wait before doing another web request. ' \
|
|
58
|
-
|
|
58
|
+
'If used, the max threads will be set to 1.']),
|
|
59
59
|
OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
|
|
60
60
|
default: 60),
|
|
61
61
|
OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
|
data/app/controllers/core.rb
CHANGED
|
@@ -48,14 +48,28 @@ module CMSScanner
|
|
|
48
48
|
raise Error::ProxyAuthRequired
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
51
|
+
handle_redirection(res)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
# Checks for redirects, an out of scope redirect will raise an Error::HTTPRedirect
|
|
55
|
+
#
|
|
56
|
+
# @param [ Typhoeus::Response ] res
|
|
57
|
+
def handle_redirection(res)
|
|
58
|
+
effective_url = target.homepage_res.effective_url # Basically get and follow location of target.url
|
|
59
|
+
effective_uri = Addressable::URI.parse(effective_url)
|
|
60
|
+
|
|
61
|
+
# Case of http://a.com => https://a.com (or the opposite)
|
|
62
|
+
if !NS::ParsedCli.ignore_main_redirect && target.uri.domain == effective_uri.domain &&
|
|
63
|
+
target.uri.path == effective_uri.path && target.uri.scheme != effective_uri.scheme
|
|
64
|
+
|
|
65
|
+
target.url = effective_url
|
|
66
|
+
end
|
|
54
67
|
|
|
55
68
|
return if target.in_scope?(effective_url)
|
|
56
69
|
|
|
57
70
|
raise Error::HTTPRedirect, effective_url unless NS::ParsedCli.ignore_main_redirect
|
|
58
71
|
|
|
72
|
+
# Sets back homepage_res to unfollowed location in case of ignore_main_redirect used
|
|
59
73
|
target.homepage_res = res
|
|
60
74
|
end
|
|
61
75
|
|
|
@@ -64,7 +64,8 @@ module CMSScanner
|
|
|
64
64
|
|
|
65
65
|
def to_s
|
|
66
66
|
"The URL supplied redirects to #{redirect_uri}. Use the --ignore-main-redirect "\
|
|
67
|
-
|
|
67
|
+
'option to ignore the redirection and scan the target, or change the --url option ' \
|
|
68
|
+
'value to the redirected URL.'
|
|
68
69
|
end
|
|
69
70
|
end
|
|
70
71
|
end
|
|
@@ -62,7 +62,7 @@ module CMSScanner
|
|
|
62
62
|
return unless valid_response_codes.include?(full_res.code)
|
|
63
63
|
|
|
64
64
|
return if target.homepage_or_404?(full_res) ||
|
|
65
|
-
opts[:exclude_content] && full_res.body&.match(opts[:exclude_content])
|
|
65
|
+
(opts[:exclude_content] && full_res.body&.match(opts[:exclude_content]))
|
|
66
66
|
|
|
67
67
|
full_res
|
|
68
68
|
end
|
|
@@ -84,6 +84,8 @@ module CMSScanner
|
|
|
84
84
|
puts render(tpl, vars, controller_name)
|
|
85
85
|
end
|
|
86
86
|
|
|
87
|
+
ERB_SUPPORTS_KVARGS = ::ERB.instance_method(:initialize).parameters.assoc(:key) # Ruby 2.6+
|
|
88
|
+
|
|
87
89
|
# @param [ String ] tpl
|
|
88
90
|
# @param [ Hash ] vars
|
|
89
91
|
# @param [ String ] controller_name
|
|
@@ -93,7 +95,12 @@ module CMSScanner
|
|
|
93
95
|
|
|
94
96
|
# '-' is used to disable new lines when -%> is used
|
|
95
97
|
# See http://www.ruby-doc.org/stdlib-2.1.1/libdoc/erb/rdoc/ERB.html
|
|
96
|
-
|
|
98
|
+
# Since ruby 2.6, KVARGS are supported and passing argument is deprecated in ruby 3+
|
|
99
|
+
if ERB_SUPPORTS_KVARGS
|
|
100
|
+
ERB.new(File.read(view_path(tpl)), trim_mode: '-').result(binding)
|
|
101
|
+
else
|
|
102
|
+
ERB.new(File.read(view_path(tpl)), nil, '-').result(binding)
|
|
103
|
+
end
|
|
97
104
|
end
|
|
98
105
|
|
|
99
106
|
# @param [ Hash ] vars
|
data/lib/cms_scanner/numeric.rb
CHANGED
|
@@ -6,7 +6,7 @@ class Numeric
|
|
|
6
6
|
def bytes_to_human
|
|
7
7
|
units = %w[B KB MB GB TB]
|
|
8
8
|
e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
|
|
9
|
-
s = format('%<s>.3f', s: (abs.to_f / 1024**e))
|
|
9
|
+
s = format('%<s>.3f', s: (abs.to_f / (1024**e)))
|
|
10
10
|
|
|
11
11
|
s.sub(/\.?0*$/, " #{units[e]}")
|
|
12
12
|
end
|
data/lib/cms_scanner/version.rb
CHANGED
data/lib/cms_scanner/web_site.rb
CHANGED
|
@@ -115,7 +115,7 @@ module CMSScanner
|
|
|
115
115
|
|
|
116
116
|
# @return [ Hash ] The Typhoeus params to use to perform head requests
|
|
117
117
|
def head_or_get_params
|
|
118
|
-
@head_or_get_params ||= if NS::Browser.head(homepage_url).code
|
|
118
|
+
@head_or_get_params ||= if [0, 405, 501].include?(NS::Browser.head(homepage_url).code)
|
|
119
119
|
{ method: :get, maxfilesize: 1 }
|
|
120
120
|
else
|
|
121
121
|
{ method: :head }
|
metadata
CHANGED
|
@@ -1,15 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.13.
|
|
4
|
+
version: 0.13.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: ethon
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.14'
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '0.16'
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0.14'
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '0.16'
|
|
13
33
|
- !ruby/object:Gem::Dependency
|
|
14
34
|
name: get_process_mem
|
|
15
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -28,30 +48,36 @@ dependencies:
|
|
|
28
48
|
name: nokogiri
|
|
29
49
|
requirement: !ruby/object:Gem::Requirement
|
|
30
50
|
requirements:
|
|
31
|
-
- - "
|
|
51
|
+
- - ">="
|
|
32
52
|
- !ruby/object:Gem::Version
|
|
33
53
|
version: 1.11.4
|
|
54
|
+
- - "<"
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: 1.14.0
|
|
34
57
|
type: :runtime
|
|
35
58
|
prerelease: false
|
|
36
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
60
|
requirements:
|
|
38
|
-
- - "
|
|
61
|
+
- - ">="
|
|
39
62
|
- !ruby/object:Gem::Version
|
|
40
63
|
version: 1.11.4
|
|
64
|
+
- - "<"
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: 1.14.0
|
|
41
67
|
- !ruby/object:Gem::Dependency
|
|
42
68
|
name: opt_parse_validator
|
|
43
69
|
requirement: !ruby/object:Gem::Requirement
|
|
44
70
|
requirements:
|
|
45
71
|
- - "~>"
|
|
46
72
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.9.
|
|
73
|
+
version: 1.9.5
|
|
48
74
|
type: :runtime
|
|
49
75
|
prerelease: false
|
|
50
76
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
77
|
requirements:
|
|
52
78
|
- - "~>"
|
|
53
79
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.9.
|
|
80
|
+
version: 1.9.5
|
|
55
81
|
- !ruby/object:Gem::Dependency
|
|
56
82
|
name: public_suffix
|
|
57
83
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,20 +132,6 @@ dependencies:
|
|
|
106
132
|
- - "<"
|
|
107
133
|
- !ruby/object:Gem::Version
|
|
108
134
|
version: '1.5'
|
|
109
|
-
- !ruby/object:Gem::Dependency
|
|
110
|
-
name: ethon
|
|
111
|
-
requirement: !ruby/object:Gem::Requirement
|
|
112
|
-
requirements:
|
|
113
|
-
- - "~>"
|
|
114
|
-
- !ruby/object:Gem::Version
|
|
115
|
-
version: 0.14.0
|
|
116
|
-
type: :runtime
|
|
117
|
-
prerelease: false
|
|
118
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
119
|
-
requirements:
|
|
120
|
-
- - "~>"
|
|
121
|
-
- !ruby/object:Gem::Version
|
|
122
|
-
version: 0.14.0
|
|
123
135
|
- !ruby/object:Gem::Dependency
|
|
124
136
|
name: xmlrpc
|
|
125
137
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -196,14 +208,14 @@ dependencies:
|
|
|
196
208
|
requirements:
|
|
197
209
|
- - "~>"
|
|
198
210
|
- !ruby/object:Gem::Version
|
|
199
|
-
version: 3.
|
|
211
|
+
version: 3.11.0
|
|
200
212
|
type: :development
|
|
201
213
|
prerelease: false
|
|
202
214
|
version_requirements: !ruby/object:Gem::Requirement
|
|
203
215
|
requirements:
|
|
204
216
|
- - "~>"
|
|
205
217
|
- !ruby/object:Gem::Version
|
|
206
|
-
version: 3.
|
|
218
|
+
version: 3.11.0
|
|
207
219
|
- !ruby/object:Gem::Dependency
|
|
208
220
|
name: rspec-its
|
|
209
221
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -224,28 +236,28 @@ dependencies:
|
|
|
224
236
|
requirements:
|
|
225
237
|
- - "~>"
|
|
226
238
|
- !ruby/object:Gem::Version
|
|
227
|
-
version: 1.
|
|
239
|
+
version: 1.26.0
|
|
228
240
|
type: :development
|
|
229
241
|
prerelease: false
|
|
230
242
|
version_requirements: !ruby/object:Gem::Requirement
|
|
231
243
|
requirements:
|
|
232
244
|
- - "~>"
|
|
233
245
|
- !ruby/object:Gem::Version
|
|
234
|
-
version: 1.
|
|
246
|
+
version: 1.26.0
|
|
235
247
|
- !ruby/object:Gem::Dependency
|
|
236
248
|
name: rubocop-performance
|
|
237
249
|
requirement: !ruby/object:Gem::Requirement
|
|
238
250
|
requirements:
|
|
239
251
|
- - "~>"
|
|
240
252
|
- !ruby/object:Gem::Version
|
|
241
|
-
version: 1.
|
|
253
|
+
version: 1.13.0
|
|
242
254
|
type: :development
|
|
243
255
|
prerelease: false
|
|
244
256
|
version_requirements: !ruby/object:Gem::Requirement
|
|
245
257
|
requirements:
|
|
246
258
|
- - "~>"
|
|
247
259
|
- !ruby/object:Gem::Version
|
|
248
|
-
version: 1.
|
|
260
|
+
version: 1.13.0
|
|
249
261
|
- !ruby/object:Gem::Dependency
|
|
250
262
|
name: simplecov
|
|
251
263
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -280,14 +292,14 @@ dependencies:
|
|
|
280
292
|
requirements:
|
|
281
293
|
- - "~>"
|
|
282
294
|
- !ruby/object:Gem::Version
|
|
283
|
-
version: 3.
|
|
295
|
+
version: 3.14.0
|
|
284
296
|
type: :development
|
|
285
297
|
prerelease: false
|
|
286
298
|
version_requirements: !ruby/object:Gem::Requirement
|
|
287
299
|
requirements:
|
|
288
300
|
- - "~>"
|
|
289
301
|
- !ruby/object:Gem::Version
|
|
290
|
-
version: 3.
|
|
302
|
+
version: 3.14.0
|
|
291
303
|
description: Framework to provide an easy way to implement CMS Scanners
|
|
292
304
|
email:
|
|
293
305
|
- contact@wpscan.com
|