cms_scanner 0.8.4 → 0.10.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +1 -1
  3. data/lib/cms_scanner/references.rb +19 -3
  4. data/lib/cms_scanner/target/scope.rb +1 -1
  5. data/lib/cms_scanner/version.rb +1 -1
  6. data/lib/cms_scanner/vulnerability.rb +15 -9
  7. data/lib/cms_scanner/web_site.rb +1 -1
  8. metadata +19 -13
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d2ba75baf0bd8f3ee38106845a617e3b82b15550d2fe389bdd8caa9e01e4ed74
4
- data.tar.gz: a61488048c346fdd6f484a34b1a75b38cc8cf996c7053830c0aa9bae2d849dff
3
+ metadata.gz: ee896090149c3f5dfd501ce88374b708aba187927bdac0c593f3608c801ae0d3
4
+ data.tar.gz: 24f17ebbab747417216229057783c1545ebbe06ff0a4c6c6e2ff969b67e69f97
5
5
  SHA512:
6
- metadata.gz: 9786135ac1b578a2fdf8ce4413840c719c6e335238343e6f1b7141877bc4d57702259c8feeaecf91640d5af47e66c2a914486ee7afb836f1bf2ab162283dda18
7
- data.tar.gz: 178999de4b3de5da6c01dfad1ba48e79e8757b3401742184e8cc871423907522c0e6cbcda8006635f6370651521e0a21b29c29677d9ceb8bbb39ebad9df86e55
6
+ metadata.gz: 13f907d61456e051f39e2988755537e6ad6ccdbd473144a5e756cb9f91a680d23539ced35cb9e29925f7d1832e4d84fe8d975871c4d5aa230c863a9e92133eee
7
+ data.tar.gz: 6fd87965f3fe9385583f5c8fef0ea82fc7b03c8a803e68b6117f410dac554b0c8677d975b894b37cf4c29e87260cb06f2d2e17c75c8e873912060d5707fe2804
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb CHANGED
@@ -103,7 +103,7 @@ module CMSScanner
103
103
  'Request timed out.'
104
104
  elsif response.code.zero?
105
105
  "No response from remote server. WAF/IPS? (#{response.return_message})"
106
- elsif /^50/.match?(response.code.to_s)
106
+ elsif response.code.to_s.start_with?('50')
107
107
  'Server error, try reducing the number of threads.'
108
108
  else
109
109
  "Unknown response received Code: #{response.code}\nBody: #{response.body}"
data/lib/cms_scanner/references.rb CHANGED
@@ -9,7 +9,7 @@ module CMSScanner
9
9
  module ClassMethods
10
10
  # @return [ Array<Symbol> ]
11
11
  def references_keys
12
- @references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus]
12
+ @references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus youtube]
13
13
  end
14
14
  end
15
15
 
@@ -18,7 +18,13 @@ module CMSScanner
18
18
  @references = {}
19
19
 
20
20
  self.class.references_keys.each do |key|
21
- @references[key] = [*refs[key]].map(&:to_s) if refs.key?(key)
21
+ next unless refs.key?(key)
22
+
23
+ @references[key] = if key == :youtube
24
+ [*refs[:youtube]].map { |id| youtube_url(id) }
25
+ else
26
+ [*refs[key]].map(&:to_s)
27
+ end
22
28
  end
23
29
  end
24
30
 
@@ -30,7 +36,7 @@ module CMSScanner
30
36
  # @return [ Array<String> ] All the references URLs
31
37
  def references_urls
32
38
  cve_urls + exploitdb_urls + urls + msf_urls +
33
- packetstorm_urls + securityfocus_urls
39
+ packetstorm_urls + securityfocus_urls + youtube_urls
34
40
  end
35
41
 
36
42
  # @return [ Array<String> ] The CVEs
@@ -112,5 +118,15 @@ module CMSScanner
112
118
  def securityfocus_url(id)
113
119
  "https://www.securityfocus.com/bid/#{id}/"
114
120
  end
121
+
122
+ # @return [ Array<String> ]
123
+ def youtube_urls
124
+ references[:youtube] || []
125
+ end
126
+
127
+ # @return [ String ]
128
+ def youtube_url(id)
129
+ "https://www.youtube.com/watch?v=#{id}"
130
+ end
115
131
  end
116
132
  end
data/lib/cms_scanner/target/scope.rb CHANGED
@@ -58,7 +58,7 @@ module CMSScanner
58
58
  [*scope.domains[1..-1]].map(&:to_s) + scope.invalid_domains
59
59
  end
60
60
 
61
- domains.map! { |d| Regexp.escape(d.gsub(%r{/$}, '')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
61
+ domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
62
62
 
63
63
  domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
64
64
 
data/lib/cms_scanner/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module CMSScanner
5
- VERSION = '0.8.4'
5
+ VERSION = '0.10.1'
6
6
  end
data/lib/cms_scanner/vulnerability.rb CHANGED
@@ -5,22 +5,27 @@ module CMSScanner
5
5
  class Vulnerability
6
6
  include References
7
7
 
8
- attr_reader :title, :type, :fixed_in
8
+ attr_reader :title, :type, :fixed_in, :cvss
9
9
 
10
10
  # @param [ String ] title
11
11
  # @param [ Hash ] references
12
- # @option references [ Array<String>, String ] cve
13
- # @option references [ Array<String>, String ] secunia
14
- # @option references [ Array<String>, String ] osvdb
15
- # @option references [ Array<String>, String ] exploitdb
16
- # @option references [ Array<String> ] url URL(s) to related advisories etc
17
- # @option references [ Array<String>, String ] metasploit The related metasploit module(s)
12
+ # @option references [ Array<String>, String ] :cve
13
+ # @option references [ Array<String>, String ] :secunia
14
+ # @option references [ Array<String>, String ] :osvdb
15
+ # @option references [ Array<String>, String ] :exploitdb
16
+ # @option references [ Array<String> ] :url URL(s) to related advisories etc
17
+ # @option references [ Array<String>, String ] :metasploit The related metasploit module(s)
18
+ # @option references [ Array<String> ] :youtube
18
19
  # @param [ String ] type
19
20
  # @param [ String ] fixed_in
20
- def initialize(title, references = {}, type = nil, fixed_in = nil)
21
+ # @param [ HashSymbol ] cvss
22
+ # @option cvss [ String ] :score
23
+ # @option cvss [ String ] :vector
24
+ def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
21
25
  @title = title
22
26
  @type = type
23
27
  @fixed_in = fixed_in
28
+ @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
24
29
 
25
30
  self.references = references
26
31
  end
@@ -32,7 +37,8 @@ module CMSScanner
32
37
  title == other.title &&
33
38
  type == other.type &&
34
39
  references == other.references &&
35
- fixed_in == other.fixed_in
40
+ fixed_in == other.fixed_in &&
41
+ cvss == other.cvss
36
42
  end
37
43
  end
38
44
  end
data/lib/cms_scanner/web_site.rb CHANGED
@@ -57,7 +57,7 @@ module CMSScanner
57
57
 
58
58
  # @return [ Typhoeus::Response ]
59
59
  def error_404_res
60
- @error_404_res ||= NS::Browser.get(error_404_url)
60
+ @error_404_res ||= NS::Browser.get_and_follow_location(error_404_url)
61
61
  end
62
62
 
63
63
  # @return [ String ] The URL of an unlikely existant page
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.4
4
+ version: 0.10.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-02 00:00:00.000000000 Z
11
+ date: 2020-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: get_process_mem
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.8.1
47
+ version: 1.9.1
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.8.1
54
+ version: 1.9.1
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: public_suffix
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -84,16 +84,22 @@ dependencies:
84
84
  name: typhoeus
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - "~>"
87
+ - - ">="
88
88
  - !ruby/object:Gem::Version
89
- version: 1.3.0
89
+ version: '1.3'
90
+ - - "<"
91
+ - !ruby/object:Gem::Version
92
+ version: '1.5'
90
93
  type: :runtime
91
94
  prerelease: false
92
95
  version_requirements: !ruby/object:Gem::Requirement
93
96
  requirements:
94
- - - "~>"
97
+ - - ">="
95
98
  - !ruby/object:Gem::Version
96
- version: 1.3.0
99
+ version: '1.3'
100
+ - - "<"
101
+ - !ruby/object:Gem::Version
102
+ version: '1.5'
97
103
  - !ruby/object:Gem::Dependency
98
104
  name: xmlrpc
99
105
  requirement: !ruby/object:Gem::Requirement
@@ -198,28 +204,28 @@ dependencies:
198
204
  requirements:
199
205
  - - "~>"
200
206
  - !ruby/object:Gem::Version
201
- version: 0.80.0
207
+ version: 0.85.0
202
208
  type: :development
203
209
  prerelease: false
204
210
  version_requirements: !ruby/object:Gem::Requirement
205
211
  requirements:
206
212
  - - "~>"
207
213
  - !ruby/object:Gem::Version
208
- version: 0.80.0
214
+ version: 0.85.0
209
215
  - !ruby/object:Gem::Dependency
210
216
  name: rubocop-performance
211
217
  requirement: !ruby/object:Gem::Requirement
212
218
  requirements:
213
219
  - - "~>"
214
220
  - !ruby/object:Gem::Version
215
- version: 1.5.0
221
+ version: 1.6.0
216
222
  type: :development
217
223
  prerelease: false
218
224
  version_requirements: !ruby/object:Gem::Requirement
219
225
  requirements:
220
226
  - - "~>"
221
227
  - !ruby/object:Gem::Version
222
- version: 1.5.0
228
+ version: 1.6.0
223
229
  - !ruby/object:Gem::Dependency
224
230
  name: simplecov
225
231
  requirement: !ruby/object:Gem::Requirement
@@ -374,7 +380,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
374
380
  requirements:
375
381
  - - ">="
376
382
  - !ruby/object:Gem::Version
377
- version: '2.4'
383
+ version: '2.5'
378
384
  required_rubygems_version: !ruby/object:Gem::Requirement
379
385
  requirements:
380
386
  - - ">="