cms_scanner 0.8.4 → 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +1 -1
- data/lib/cms_scanner/references.rb +19 -3
- data/lib/cms_scanner/target/scope.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability.rb +15 -9
- data/lib/cms_scanner/web_site.rb +1 -1
- metadata +19 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ee896090149c3f5dfd501ce88374b708aba187927bdac0c593f3608c801ae0d3
|
4
|
+
data.tar.gz: 24f17ebbab747417216229057783c1545ebbe06ff0a4c6c6e2ff969b67e69f97
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 13f907d61456e051f39e2988755537e6ad6ccdbd473144a5e756cb9f91a680d23539ced35cb9e29925f7d1832e4d84fe8d975871c4d5aa230c863a9e92133eee
|
7
|
+
data.tar.gz: 6fd87965f3fe9385583f5c8fef0ea82fc7b03c8a803e68b6117f410dac554b0c8677d975b894b37cf4c29e87260cb06f2d2e17c75c8e873912060d5707fe2804
|
@@ -103,7 +103,7 @@ module CMSScanner
|
|
103
103
|
'Request timed out.'
|
104
104
|
elsif response.code.zero?
|
105
105
|
"No response from remote server. WAF/IPS? (#{response.return_message})"
|
106
|
-
elsif
|
106
|
+
elsif response.code.to_s.start_with?('50')
|
107
107
|
'Server error, try reducing the number of threads.'
|
108
108
|
else
|
109
109
|
"Unknown response received Code: #{response.code}\nBody: #{response.body}"
|
@@ -9,7 +9,7 @@ module CMSScanner
|
|
9
9
|
module ClassMethods
|
10
10
|
# @return [ Array<Symbol> ]
|
11
11
|
def references_keys
|
12
|
-
@references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus]
|
12
|
+
@references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus youtube]
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
@@ -18,7 +18,13 @@ module CMSScanner
|
|
18
18
|
@references = {}
|
19
19
|
|
20
20
|
self.class.references_keys.each do |key|
|
21
|
-
|
21
|
+
next unless refs.key?(key)
|
22
|
+
|
23
|
+
@references[key] = if key == :youtube
|
24
|
+
[*refs[:youtube]].map { |id| youtube_url(id) }
|
25
|
+
else
|
26
|
+
[*refs[key]].map(&:to_s)
|
27
|
+
end
|
22
28
|
end
|
23
29
|
end
|
24
30
|
|
@@ -30,7 +36,7 @@ module CMSScanner
|
|
30
36
|
# @return [ Array<String> ] All the references URLs
|
31
37
|
def references_urls
|
32
38
|
cve_urls + exploitdb_urls + urls + msf_urls +
|
33
|
-
packetstorm_urls + securityfocus_urls
|
39
|
+
packetstorm_urls + securityfocus_urls + youtube_urls
|
34
40
|
end
|
35
41
|
|
36
42
|
# @return [ Array<String> ] The CVEs
|
@@ -112,5 +118,15 @@ module CMSScanner
|
|
112
118
|
def securityfocus_url(id)
|
113
119
|
"https://www.securityfocus.com/bid/#{id}/"
|
114
120
|
end
|
121
|
+
|
122
|
+
# @return [ Array<String> ]
|
123
|
+
def youtube_urls
|
124
|
+
references[:youtube] || []
|
125
|
+
end
|
126
|
+
|
127
|
+
# @return [ String ]
|
128
|
+
def youtube_url(id)
|
129
|
+
"https://www.youtube.com/watch?v=#{id}"
|
130
|
+
end
|
115
131
|
end
|
116
132
|
end
|
@@ -58,7 +58,7 @@ module CMSScanner
|
|
58
58
|
[*scope.domains[1..-1]].map(&:to_s) + scope.invalid_domains
|
59
59
|
end
|
60
60
|
|
61
|
-
domains.map! { |d| Regexp.escape(d.
|
61
|
+
domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
|
62
62
|
|
63
63
|
domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
|
64
64
|
|
data/lib/cms_scanner/version.rb
CHANGED
@@ -5,22 +5,27 @@ module CMSScanner
|
|
5
5
|
class Vulnerability
|
6
6
|
include References
|
7
7
|
|
8
|
-
attr_reader :title, :type, :fixed_in
|
8
|
+
attr_reader :title, :type, :fixed_in, :cvss
|
9
9
|
|
10
10
|
# @param [ String ] title
|
11
11
|
# @param [ Hash ] references
|
12
|
-
# @option references [ Array<String>, String ] cve
|
13
|
-
# @option references [ Array<String>, String ] secunia
|
14
|
-
# @option references [ Array<String>, String ] osvdb
|
15
|
-
# @option references [ Array<String>, String ] exploitdb
|
16
|
-
# @option references [ Array<String> ] url URL(s) to related advisories etc
|
17
|
-
# @option references [ Array<String>, String ] metasploit The related metasploit module(s)
|
12
|
+
# @option references [ Array<String>, String ] :cve
|
13
|
+
# @option references [ Array<String>, String ] :secunia
|
14
|
+
# @option references [ Array<String>, String ] :osvdb
|
15
|
+
# @option references [ Array<String>, String ] :exploitdb
|
16
|
+
# @option references [ Array<String> ] :url URL(s) to related advisories etc
|
17
|
+
# @option references [ Array<String>, String ] :metasploit The related metasploit module(s)
|
18
|
+
# @option references [ Array<String> ] :youtube
|
18
19
|
# @param [ String ] type
|
19
20
|
# @param [ String ] fixed_in
|
20
|
-
|
21
|
+
# @param [ HashSymbol ] cvss
|
22
|
+
# @option cvss [ String ] :score
|
23
|
+
# @option cvss [ String ] :vector
|
24
|
+
def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
|
21
25
|
@title = title
|
22
26
|
@type = type
|
23
27
|
@fixed_in = fixed_in
|
28
|
+
@cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
|
24
29
|
|
25
30
|
self.references = references
|
26
31
|
end
|
@@ -32,7 +37,8 @@ module CMSScanner
|
|
32
37
|
title == other.title &&
|
33
38
|
type == other.type &&
|
34
39
|
references == other.references &&
|
35
|
-
fixed_in == other.fixed_in
|
40
|
+
fixed_in == other.fixed_in &&
|
41
|
+
cvss == other.cvss
|
36
42
|
end
|
37
43
|
end
|
38
44
|
end
|
data/lib/cms_scanner/web_site.rb
CHANGED
@@ -57,7 +57,7 @@ module CMSScanner
|
|
57
57
|
|
58
58
|
# @return [ Typhoeus::Response ]
|
59
59
|
def error_404_res
|
60
|
-
@error_404_res ||= NS::Browser.
|
60
|
+
@error_404_res ||= NS::Browser.get_and_follow_location(error_404_url)
|
61
61
|
end
|
62
62
|
|
63
63
|
# @return [ String ] The URL of an unlikely existant page
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: get_process_mem
|
@@ -44,14 +44,14 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.9.1
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1.
|
54
|
+
version: 1.9.1
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: public_suffix
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -84,16 +84,22 @@ dependencies:
|
|
84
84
|
name: typhoeus
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- - "
|
87
|
+
- - ">="
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 1.3
|
89
|
+
version: '1.3'
|
90
|
+
- - "<"
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: '1.5'
|
90
93
|
type: :runtime
|
91
94
|
prerelease: false
|
92
95
|
version_requirements: !ruby/object:Gem::Requirement
|
93
96
|
requirements:
|
94
|
-
- - "
|
97
|
+
- - ">="
|
95
98
|
- !ruby/object:Gem::Version
|
96
|
-
version: 1.3
|
99
|
+
version: '1.3'
|
100
|
+
- - "<"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '1.5'
|
97
103
|
- !ruby/object:Gem::Dependency
|
98
104
|
name: xmlrpc
|
99
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -198,28 +204,28 @@ dependencies:
|
|
198
204
|
requirements:
|
199
205
|
- - "~>"
|
200
206
|
- !ruby/object:Gem::Version
|
201
|
-
version: 0.
|
207
|
+
version: 0.85.0
|
202
208
|
type: :development
|
203
209
|
prerelease: false
|
204
210
|
version_requirements: !ruby/object:Gem::Requirement
|
205
211
|
requirements:
|
206
212
|
- - "~>"
|
207
213
|
- !ruby/object:Gem::Version
|
208
|
-
version: 0.
|
214
|
+
version: 0.85.0
|
209
215
|
- !ruby/object:Gem::Dependency
|
210
216
|
name: rubocop-performance
|
211
217
|
requirement: !ruby/object:Gem::Requirement
|
212
218
|
requirements:
|
213
219
|
- - "~>"
|
214
220
|
- !ruby/object:Gem::Version
|
215
|
-
version: 1.
|
221
|
+
version: 1.6.0
|
216
222
|
type: :development
|
217
223
|
prerelease: false
|
218
224
|
version_requirements: !ruby/object:Gem::Requirement
|
219
225
|
requirements:
|
220
226
|
- - "~>"
|
221
227
|
- !ruby/object:Gem::Version
|
222
|
-
version: 1.
|
228
|
+
version: 1.6.0
|
223
229
|
- !ruby/object:Gem::Dependency
|
224
230
|
name: simplecov
|
225
231
|
requirement: !ruby/object:Gem::Requirement
|
@@ -374,7 +380,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
374
380
|
requirements:
|
375
381
|
- - ">="
|
376
382
|
- !ruby/object:Gem::Version
|
377
|
-
version: '2.
|
383
|
+
version: '2.5'
|
378
384
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
379
385
|
requirements:
|
380
386
|
- - ">="
|