cms_scanner 0.8.4 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +1 -1
- data/lib/cms_scanner/references.rb +19 -3
- data/lib/cms_scanner/target/scope.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability.rb +15 -9
- data/lib/cms_scanner/web_site.rb +1 -1
- metadata +19 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ee896090149c3f5dfd501ce88374b708aba187927bdac0c593f3608c801ae0d3
|
|
4
|
+
data.tar.gz: 24f17ebbab747417216229057783c1545ebbe06ff0a4c6c6e2ff969b67e69f97
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 13f907d61456e051f39e2988755537e6ad6ccdbd473144a5e756cb9f91a680d23539ced35cb9e29925f7d1832e4d84fe8d975871c4d5aa230c863a9e92133eee
|
|
7
|
+
data.tar.gz: 6fd87965f3fe9385583f5c8fef0ea82fc7b03c8a803e68b6117f410dac554b0c8677d975b894b37cf4c29e87260cb06f2d2e17c75c8e873912060d5707fe2804
|
|
@@ -103,7 +103,7 @@ module CMSScanner
|
|
|
103
103
|
'Request timed out.'
|
|
104
104
|
elsif response.code.zero?
|
|
105
105
|
"No response from remote server. WAF/IPS? (#{response.return_message})"
|
|
106
|
-
elsif
|
|
106
|
+
elsif response.code.to_s.start_with?('50')
|
|
107
107
|
'Server error, try reducing the number of threads.'
|
|
108
108
|
else
|
|
109
109
|
"Unknown response received Code: #{response.code}\nBody: #{response.body}"
|
|
@@ -9,7 +9,7 @@ module CMSScanner
|
|
|
9
9
|
module ClassMethods
|
|
10
10
|
# @return [ Array<Symbol> ]
|
|
11
11
|
def references_keys
|
|
12
|
-
@references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus]
|
|
12
|
+
@references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus youtube]
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
15
|
|
|
@@ -18,7 +18,13 @@ module CMSScanner
|
|
|
18
18
|
@references = {}
|
|
19
19
|
|
|
20
20
|
self.class.references_keys.each do |key|
|
|
21
|
-
|
|
21
|
+
next unless refs.key?(key)
|
|
22
|
+
|
|
23
|
+
@references[key] = if key == :youtube
|
|
24
|
+
[*refs[:youtube]].map { |id| youtube_url(id) }
|
|
25
|
+
else
|
|
26
|
+
[*refs[key]].map(&:to_s)
|
|
27
|
+
end
|
|
22
28
|
end
|
|
23
29
|
end
|
|
24
30
|
|
|
@@ -30,7 +36,7 @@ module CMSScanner
|
|
|
30
36
|
# @return [ Array<String> ] All the references URLs
|
|
31
37
|
def references_urls
|
|
32
38
|
cve_urls + exploitdb_urls + urls + msf_urls +
|
|
33
|
-
packetstorm_urls + securityfocus_urls
|
|
39
|
+
packetstorm_urls + securityfocus_urls + youtube_urls
|
|
34
40
|
end
|
|
35
41
|
|
|
36
42
|
# @return [ Array<String> ] The CVEs
|
|
@@ -112,5 +118,15 @@ module CMSScanner
|
|
|
112
118
|
def securityfocus_url(id)
|
|
113
119
|
"https://www.securityfocus.com/bid/#{id}/"
|
|
114
120
|
end
|
|
121
|
+
|
|
122
|
+
# @return [ Array<String> ]
|
|
123
|
+
def youtube_urls
|
|
124
|
+
references[:youtube] || []
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# @return [ String ]
|
|
128
|
+
def youtube_url(id)
|
|
129
|
+
"https://www.youtube.com/watch?v=#{id}"
|
|
130
|
+
end
|
|
115
131
|
end
|
|
116
132
|
end
|
|
@@ -58,7 +58,7 @@ module CMSScanner
|
|
|
58
58
|
[*scope.domains[1..-1]].map(&:to_s) + scope.invalid_domains
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
domains.map! { |d| Regexp.escape(d.
|
|
61
|
+
domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
|
|
62
62
|
|
|
63
63
|
domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
|
|
64
64
|
|
data/lib/cms_scanner/version.rb
CHANGED
|
@@ -5,22 +5,27 @@ module CMSScanner
|
|
|
5
5
|
class Vulnerability
|
|
6
6
|
include References
|
|
7
7
|
|
|
8
|
-
attr_reader :title, :type, :fixed_in
|
|
8
|
+
attr_reader :title, :type, :fixed_in, :cvss
|
|
9
9
|
|
|
10
10
|
# @param [ String ] title
|
|
11
11
|
# @param [ Hash ] references
|
|
12
|
-
# @option references [ Array<String>, String ] cve
|
|
13
|
-
# @option references [ Array<String>, String ] secunia
|
|
14
|
-
# @option references [ Array<String>, String ] osvdb
|
|
15
|
-
# @option references [ Array<String>, String ] exploitdb
|
|
16
|
-
# @option references [ Array<String> ] url URL(s) to related advisories etc
|
|
17
|
-
# @option references [ Array<String>, String ] metasploit The related metasploit module(s)
|
|
12
|
+
# @option references [ Array<String>, String ] :cve
|
|
13
|
+
# @option references [ Array<String>, String ] :secunia
|
|
14
|
+
# @option references [ Array<String>, String ] :osvdb
|
|
15
|
+
# @option references [ Array<String>, String ] :exploitdb
|
|
16
|
+
# @option references [ Array<String> ] :url URL(s) to related advisories etc
|
|
17
|
+
# @option references [ Array<String>, String ] :metasploit The related metasploit module(s)
|
|
18
|
+
# @option references [ Array<String> ] :youtube
|
|
18
19
|
# @param [ String ] type
|
|
19
20
|
# @param [ String ] fixed_in
|
|
20
|
-
|
|
21
|
+
# @param [ HashSymbol ] cvss
|
|
22
|
+
# @option cvss [ String ] :score
|
|
23
|
+
# @option cvss [ String ] :vector
|
|
24
|
+
def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
|
|
21
25
|
@title = title
|
|
22
26
|
@type = type
|
|
23
27
|
@fixed_in = fixed_in
|
|
28
|
+
@cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
|
|
24
29
|
|
|
25
30
|
self.references = references
|
|
26
31
|
end
|
|
@@ -32,7 +37,8 @@ module CMSScanner
|
|
|
32
37
|
title == other.title &&
|
|
33
38
|
type == other.type &&
|
|
34
39
|
references == other.references &&
|
|
35
|
-
fixed_in == other.fixed_in
|
|
40
|
+
fixed_in == other.fixed_in &&
|
|
41
|
+
cvss == other.cvss
|
|
36
42
|
end
|
|
37
43
|
end
|
|
38
44
|
end
|
data/lib/cms_scanner/web_site.rb
CHANGED
|
@@ -57,7 +57,7 @@ module CMSScanner
|
|
|
57
57
|
|
|
58
58
|
# @return [ Typhoeus::Response ]
|
|
59
59
|
def error_404_res
|
|
60
|
-
@error_404_res ||= NS::Browser.
|
|
60
|
+
@error_404_res ||= NS::Browser.get_and_follow_location(error_404_url)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
# @return [ String ] The URL of an unlikely existant page
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: get_process_mem
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.
|
|
47
|
+
version: 1.9.1
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.
|
|
54
|
+
version: 1.9.1
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: public_suffix
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -84,16 +84,22 @@ dependencies:
|
|
|
84
84
|
name: typhoeus
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
|
-
- - "
|
|
87
|
+
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 1.3
|
|
89
|
+
version: '1.3'
|
|
90
|
+
- - "<"
|
|
91
|
+
- !ruby/object:Gem::Version
|
|
92
|
+
version: '1.5'
|
|
90
93
|
type: :runtime
|
|
91
94
|
prerelease: false
|
|
92
95
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
96
|
requirements:
|
|
94
|
-
- - "
|
|
97
|
+
- - ">="
|
|
95
98
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 1.3
|
|
99
|
+
version: '1.3'
|
|
100
|
+
- - "<"
|
|
101
|
+
- !ruby/object:Gem::Version
|
|
102
|
+
version: '1.5'
|
|
97
103
|
- !ruby/object:Gem::Dependency
|
|
98
104
|
name: xmlrpc
|
|
99
105
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -198,28 +204,28 @@ dependencies:
|
|
|
198
204
|
requirements:
|
|
199
205
|
- - "~>"
|
|
200
206
|
- !ruby/object:Gem::Version
|
|
201
|
-
version: 0.
|
|
207
|
+
version: 0.85.0
|
|
202
208
|
type: :development
|
|
203
209
|
prerelease: false
|
|
204
210
|
version_requirements: !ruby/object:Gem::Requirement
|
|
205
211
|
requirements:
|
|
206
212
|
- - "~>"
|
|
207
213
|
- !ruby/object:Gem::Version
|
|
208
|
-
version: 0.
|
|
214
|
+
version: 0.85.0
|
|
209
215
|
- !ruby/object:Gem::Dependency
|
|
210
216
|
name: rubocop-performance
|
|
211
217
|
requirement: !ruby/object:Gem::Requirement
|
|
212
218
|
requirements:
|
|
213
219
|
- - "~>"
|
|
214
220
|
- !ruby/object:Gem::Version
|
|
215
|
-
version: 1.
|
|
221
|
+
version: 1.6.0
|
|
216
222
|
type: :development
|
|
217
223
|
prerelease: false
|
|
218
224
|
version_requirements: !ruby/object:Gem::Requirement
|
|
219
225
|
requirements:
|
|
220
226
|
- - "~>"
|
|
221
227
|
- !ruby/object:Gem::Version
|
|
222
|
-
version: 1.
|
|
228
|
+
version: 1.6.0
|
|
223
229
|
- !ruby/object:Gem::Dependency
|
|
224
230
|
name: simplecov
|
|
225
231
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -374,7 +380,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
374
380
|
requirements:
|
|
375
381
|
- - ">="
|
|
376
382
|
- !ruby/object:Gem::Version
|
|
377
|
-
version: '2.
|
|
383
|
+
version: '2.5'
|
|
378
384
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
379
385
|
requirements:
|
|
380
386
|
- - ">="
|