cms_scanner 0.8.5 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bebd43fa32713b5138420b482dd701f8de2503e131319bd754db325923a263ee
-  data.tar.gz: a4a480c4c2e81301b862d96b08ba086c39aacffe784ffdb7f95278641368a437
+  metadata.gz: 16c22d4a89bddefca45e7f32b260f99c92469ad5f67ea66d1483bc27cb8b603c
+  data.tar.gz: 92fada2aa2d2c5109df300bffb72c2c44dec947fd2fb07d1dcc6ef106775042e
 SHA512:
-  metadata.gz: 529157e94bc055bd5d594e683c533732f286086a4928424616a3cc387cba1fcdd267885a9b0690f736f20139c80c4a8eefeaee6b92c380119fdf1fbb5d9d0b63
-  data.tar.gz: 42488fd971a514c883c262112696bf33dea52f019c95f4c1f28130f9bae3be97bd86fe3fce25306f3c37ed3923215489cc919125026866a13b03f0226ab751de
+  metadata.gz: b0191381badb3aeece273fc5da0b7384efbb29cc041cb3b21d5562e98263775cae3d748b895086e3f8f7d277bf34906b74ac6fcec610ff662a85835c1616b5e1
+  data.tar.gz: 4e41d6e2909160e17025141c6921c3a2e020943a571dd652cca9803c5801a5a56bb3105da82ebdeb44f42043a22504b14dbe0a02819fc683e223dabec9e95359

data/app/models/headers.rb

@@ -19,7 +19,7 @@ module CMSScanner
         entries.each do |header, value|
           next if known_headers.include?(header.downcase)
 
-          results << "#{header}: #{[*value].join(', ')}"
+          results << "#{header}: #{Array(value).join(', ')}"
         end
         results
       end

data/lib/cms_scanner/finders/base_finders.rb

@@ -21,14 +21,14 @@ module CMSScanner
 
         return symbols if mode.nil? || mode == :mixed
 
-        symbols.include?(mode) ? [*mode] : []
+        symbols.include?(mode) ? Array(mode) : []
       end
 
       # @param [ CMSScanner::Finders::Finder ] finder
       # @param [ Symbol ] symbol See return values of #symbols_from_mode
       # @param [ Hash ] opts
       def run_finder(finder, symbol, opts)
-        [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
+        Array(finder.send(symbol, opts.merge(found: findings))).compact.each do |found|
           findings << found
         end
       end

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb

@@ -103,10 +103,12 @@ module CMSScanner
                     'Request timed out.'
                   elsif response.code.zero?
                     "No response from remote server. WAF/IPS? (#{response.return_message})"
-                  elsif /^50/.match?(response.code.to_s)
+                  elsif response.code.to_s.start_with?('50')
                     'Server error, try reducing the number of threads.'
-                  else
+                  elsif NS::ParsedCli.verbose?
                     "Unknown response received Code: #{response.code}\nBody: #{response.body}"
+                  else
+                    "Unknown response received Code: #{response.code}"
                   end
 
           progress_bar.log("Error: #{error}")

data/lib/cms_scanner/finders/finder/enumerator.rb

@@ -55,7 +55,7 @@ module CMSScanner
         # @return [ Typhoeus::Response, nil ]
         def maybe_get_full_response(head_res, opts)
           return head_res unless opts[:check_full_response] == true ||
-                                 [*opts[:check_full_response]].include?(head_res.code)
+                                 Array(opts[:check_full_response]).include?(head_res.code)
 
           full_res = NS::Browser.get(head_res.effective_url, full_request_params)
 

data/lib/cms_scanner/progressbar_null_output.rb

@@ -17,7 +17,7 @@ module CMSScanner
     def log(string = nil)
       return logs if string.nil?
 
-      logs << string
+      logs << string unless logs.include?(string)
     end
   end
 end

data/lib/cms_scanner/references.rb

@@ -9,7 +9,7 @@ module CMSScanner
     module ClassMethods
       # @return [ Array<Symbol> ]
       def references_keys
-        @references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus]
+        @references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus youtube]
       end
     end
 
@@ -18,7 +18,13 @@ module CMSScanner
       @references = {}
 
       self.class.references_keys.each do |key|
-        @references[key] = [*refs[key]].map(&:to_s) if refs.key?(key)
+        next unless refs.key?(key)
+
+        @references[key] = if key == :youtube
+                             Array(refs[:youtube]).map { |id| youtube_url(id) }
+                           else
+                             Array(refs[key]).map(&:to_s)
+                           end
       end
     end
 
@@ -30,7 +36,7 @@ module CMSScanner
     # @return [ Array<String> ] All the references URLs
     def references_urls
       cve_urls + exploitdb_urls + urls + msf_urls +
-        packetstorm_urls + securityfocus_urls
+        packetstorm_urls + securityfocus_urls + youtube_urls
     end
 
     # @return [ Array<String> ] The CVEs
@@ -112,5 +118,15 @@ module CMSScanner
     def securityfocus_url(id)
       "https://www.securityfocus.com/bid/#{id}/"
     end
+
+    # @return [ Array<String> ]
+    def youtube_urls
+      references[:youtube] || []
+    end
+
+    # @return [ String ]
+    def youtube_url(id)
+      "https://www.youtube.com/watch?v=#{id}"
+    end
   end
 end

data/lib/cms_scanner/target.rb

@@ -18,7 +18,7 @@ module CMSScanner
       super(url, opts)
 
       scope << uri.host
-      [*opts[:scope]].each { |s| scope << s }
+      Array(opts[:scope]).each { |s| scope << s }
     end
 
     # @param [ Hash ] opts

data/lib/cms_scanner/target/platform/php.rb

@@ -5,7 +5,7 @@ module CMSScanner
     module Platform
       # Some PHP specific implementation
       module PHP
-        DEBUG_LOG_PATTERN = /(?:\[\d{2}\-[a-zA-Z]{3}\-\d{4}\s\d{2}\:\d{2}:\d{2}\s[A-Z]{3}\]|
+        DEBUG_LOG_PATTERN = /(?:\[\d{2}-[a-zA-Z]{3}-\d{4}\s\d{2}:\d{2}:\d{2}\s[A-Z]{3}\]|
                               PHP\s(?:Fatal|Warning|Strict|Error|Notice):)/x.freeze
         FPD_PATTERN       = /Fatal error:.+? in (.+?) on/.freeze
         ERROR_LOG_PATTERN = /PHP Fatal error/i.freeze

data/lib/cms_scanner/target/scope.rb

@@ -53,12 +53,12 @@ module CMSScanner
       domains = [uri.host + uri.path]
 
       domains += if scope.domains.empty?
-                   [*scope.invalid_domains[1..-1]]
+                   Array(scope.invalid_domains[1..-1])
                  else
-                   [*scope.domains[1..-1]].map(&:to_s) + scope.invalid_domains
+                   Array(scope.domains[1..-1]).map(&:to_s) + scope.invalid_domains
                  end
 
-      domains.map! { |d| Regexp.escape(d.gsub(%r{/$}, '')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
+      domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
 
       domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
 

data/lib/cms_scanner/target/server/generic.rb

@@ -41,7 +41,7 @@ module CMSScanner
         def directory_listing?(path = nil, params = {})
           res = NS::Browser.get(url(path), params)
 
-          res.code == 200 && res.body =~ /<h1>Index of/ ? true : false
+          res.code == 200 && res.body.include?('<h1>Index of') ? true : false
         end
 
         # @param [ String ] path

data/lib/cms_scanner/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module CMSScanner
-  VERSION = '0.8.5'
+  VERSION = '0.11.0'
 end

data/lib/cms_scanner/vulnerability.rb

@@ -5,22 +5,27 @@ module CMSScanner
   class Vulnerability
     include References
 
-    attr_reader :title, :type, :fixed_in
+    attr_reader :title, :type, :fixed_in, :cvss
 
     # @param [ String ] title
     # @param [ Hash ] references
-    # @option references [ Array<String>, String ] cve
-    # @option references [ Array<String>, String ] secunia
-    # @option references [ Array<String>, String ] osvdb
-    # @option references [ Array<String>, String ] exploitdb
-    # @option references [ Array<String> ] url URL(s) to related advisories etc
-    # @option references [ Array<String>, String ] metasploit The related metasploit module(s)
+    # @option references [ Array<String>, String ] :cve
+    # @option references [ Array<String>, String ] :secunia
+    # @option references [ Array<String>, String ] :osvdb
+    # @option references [ Array<String>, String ] :exploitdb
+    # @option references [ Array<String> ] :url URL(s) to related advisories etc
+    # @option references [ Array<String>, String ] :metasploit The related metasploit module(s)
+    # @option references [ Array<String> ] :youtube
     # @param [ String ] type
     # @param [ String ] fixed_in
-    def initialize(title, references = {}, type = nil, fixed_in = nil)
+    # @param [ HashSymbol ] cvss
+    # @option cvss [ String ] :score
+    # @option cvss [ String ] :vector
+    def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
       @title    = title
       @type     = type
       @fixed_in = fixed_in
+      @cvss     = { score: cvss[:score], vector: cvss[:vector] } if cvss
 
       self.references = references
     end
@@ -32,7 +37,8 @@ module CMSScanner
       title == other.title &&
         type == other.type &&
         references == other.references &&
-        fixed_in == other.fixed_in
+        fixed_in == other.fixed_in &&
+        cvss == other.cvss
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.8.5
+  version: 0.11.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-09 00:00:00.000000000 Z
+date: 2020-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: get_process_mem
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: 1.9.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: 1.9.1
 - !ruby/object:Gem::Dependency
   name: public_suffix
   requirement: !ruby/object:Gem::Requirement
@@ -84,16 +84,22 @@ dependencies:
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: '1.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: '1.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: xmlrpc
   requirement: !ruby/object:Gem::Requirement
@@ -198,28 +204,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.80.0
+        version: 0.88.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.80.0
+        version: 0.88.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: 1.7.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -374,7 +380,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="