cms_scanner 0.8.6 → 0.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/headers.rb +1 -1
- data/lib/cms_scanner/finders/base_finders.rb +2 -2
- data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +13 -8
- data/lib/cms_scanner/finders/finder/enumerator.rb +1 -1
- data/lib/cms_scanner/progressbar_null_output.rb +1 -1
- data/lib/cms_scanner/references.rb +19 -3
- data/lib/cms_scanner/target.rb +1 -1
- data/lib/cms_scanner/target/platform/php.rb +1 -1
- data/lib/cms_scanner/target/scope.rb +3 -3
- data/lib/cms_scanner/target/server/generic.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability.rb +15 -9
- metadata +19 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7a8c1343f1468a7f2c486b3a4e01ab78908a3148463a06f1368e53e748a6c269
|
4
|
+
data.tar.gz: 9613a2df1e556a49a8f6dc9c7e934c2cd35a7aed0fbba4d42c22300901dd6b6b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e7c1b97e79859d7bc38a3b9022ddc461ed0d9a91d275255f1f2430998ae46a2c591514165d6e21e6e6304b1f032eb8e9bf5f581bdc8e49f0dba43dceb640573
|
7
|
+
data.tar.gz: 25745b31c7217ce451cf30833fc180f2416af4cb5842cece2c0e73f543d8a9a021cbd5d03fcef8a2e3e06f29868987dd2fa02723d1fe98e0d22e9460105ad7da
|
data/app/models/headers.rb
CHANGED
@@ -21,14 +21,14 @@ module CMSScanner
|
|
21
21
|
|
22
22
|
return symbols if mode.nil? || mode == :mixed
|
23
23
|
|
24
|
-
symbols.include?(mode) ?
|
24
|
+
symbols.include?(mode) ? Array(mode) : []
|
25
25
|
end
|
26
26
|
|
27
27
|
# @param [ CMSScanner::Finders::Finder ] finder
|
28
28
|
# @param [ Symbol ] symbol See return values of #symbols_from_mode
|
29
29
|
# @param [ Hash ] opts
|
30
30
|
def run_finder(finder, symbol, opts)
|
31
|
-
|
31
|
+
Array(finder.send(symbol, opts.merge(found: findings))).compact.each do |found|
|
32
32
|
findings << found
|
33
33
|
end
|
34
34
|
end
|
@@ -6,20 +6,22 @@ module CMSScanner
|
|
6
6
|
# Module to provide an easy way to perform password attacks
|
7
7
|
module BreadthFirstDictionaryAttack
|
8
8
|
# @param [ Array<CMSScanner::Model::User> ] users
|
9
|
-
# @param [
|
9
|
+
# @param [ String ] wordlist_path
|
10
10
|
# @param [ Hash ] opts
|
11
11
|
# @option opts [ Boolean ] :show_progression
|
12
12
|
#
|
13
13
|
# @yield [ CMSScanner::User ] When a valid combination is found
|
14
14
|
#
|
15
15
|
# Due to Typhoeus threads shenanigans, in rare cases the progress-bar might
|
16
|
-
# be
|
16
|
+
# be incorrectly updated, hence the 'rescue ProgressBar::InvalidProgressError'
|
17
17
|
#
|
18
18
|
# TODO: Make rubocop happy about metrics etc
|
19
19
|
#
|
20
20
|
# rubocop:disable all
|
21
|
-
def attack(users,
|
22
|
-
|
21
|
+
def attack(users, wordlist_path, opts = {})
|
22
|
+
wordlist = File.open(wordlist_path)
|
23
|
+
|
24
|
+
create_progress_bar(total: users.size * wordlist.count, show_progression: opts[:show_progression])
|
23
25
|
|
24
26
|
queue_count = 0
|
25
27
|
# Keep the number of requests sent for each users
|
@@ -28,7 +30,8 @@ module CMSScanner
|
|
28
30
|
|
29
31
|
users.each { |u| user_requests_count[u.username] = 0 }
|
30
32
|
|
31
|
-
|
33
|
+
File.foreach(wordlist) do |password|
|
34
|
+
password.chomp!
|
32
35
|
remaining_users = users.select { |u| u.password.nil? }
|
33
36
|
|
34
37
|
break if remaining_users.empty?
|
@@ -47,7 +50,7 @@ module CMSScanner
|
|
47
50
|
user.password = password
|
48
51
|
|
49
52
|
begin
|
50
|
-
progress_bar.total -=
|
53
|
+
progress_bar.total -= wordlist.count - user_requests_count[user.username]
|
51
54
|
rescue ProgressBar::InvalidProgressError
|
52
55
|
end
|
53
56
|
|
@@ -103,10 +106,12 @@ module CMSScanner
|
|
103
106
|
'Request timed out.'
|
104
107
|
elsif response.code.zero?
|
105
108
|
"No response from remote server. WAF/IPS? (#{response.return_message})"
|
106
|
-
elsif
|
109
|
+
elsif response.code.to_s.start_with?('50')
|
107
110
|
'Server error, try reducing the number of threads.'
|
108
|
-
|
111
|
+
elsif NS::ParsedCli.verbose?
|
109
112
|
"Unknown response received Code: #{response.code}\nBody: #{response.body}"
|
113
|
+
else
|
114
|
+
"Unknown response received Code: #{response.code}"
|
110
115
|
end
|
111
116
|
|
112
117
|
progress_bar.log("Error: #{error}")
|
@@ -55,7 +55,7 @@ module CMSScanner
|
|
55
55
|
# @return [ Typhoeus::Response, nil ]
|
56
56
|
def maybe_get_full_response(head_res, opts)
|
57
57
|
return head_res unless opts[:check_full_response] == true ||
|
58
|
-
|
58
|
+
Array(opts[:check_full_response]).include?(head_res.code)
|
59
59
|
|
60
60
|
full_res = NS::Browser.get(head_res.effective_url, full_request_params)
|
61
61
|
|
@@ -9,7 +9,7 @@ module CMSScanner
|
|
9
9
|
module ClassMethods
|
10
10
|
# @return [ Array<Symbol> ]
|
11
11
|
def references_keys
|
12
|
-
@references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus]
|
12
|
+
@references_keys ||= %i[cve exploitdb url metasploit packetstorm securityfocus youtube]
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
@@ -18,7 +18,13 @@ module CMSScanner
|
|
18
18
|
@references = {}
|
19
19
|
|
20
20
|
self.class.references_keys.each do |key|
|
21
|
-
|
21
|
+
next unless refs.key?(key)
|
22
|
+
|
23
|
+
@references[key] = if key == :youtube
|
24
|
+
Array(refs[:youtube]).map { |id| youtube_url(id) }
|
25
|
+
else
|
26
|
+
Array(refs[key]).map(&:to_s)
|
27
|
+
end
|
22
28
|
end
|
23
29
|
end
|
24
30
|
|
@@ -30,7 +36,7 @@ module CMSScanner
|
|
30
36
|
# @return [ Array<String> ] All the references URLs
|
31
37
|
def references_urls
|
32
38
|
cve_urls + exploitdb_urls + urls + msf_urls +
|
33
|
-
packetstorm_urls + securityfocus_urls
|
39
|
+
packetstorm_urls + securityfocus_urls + youtube_urls
|
34
40
|
end
|
35
41
|
|
36
42
|
# @return [ Array<String> ] The CVEs
|
@@ -112,5 +118,15 @@ module CMSScanner
|
|
112
118
|
def securityfocus_url(id)
|
113
119
|
"https://www.securityfocus.com/bid/#{id}/"
|
114
120
|
end
|
121
|
+
|
122
|
+
# @return [ Array<String> ]
|
123
|
+
def youtube_urls
|
124
|
+
references[:youtube] || []
|
125
|
+
end
|
126
|
+
|
127
|
+
# @return [ String ]
|
128
|
+
def youtube_url(id)
|
129
|
+
"https://www.youtube.com/watch?v=#{id}"
|
130
|
+
end
|
115
131
|
end
|
116
132
|
end
|
data/lib/cms_scanner/target.rb
CHANGED
@@ -5,7 +5,7 @@ module CMSScanner
|
|
5
5
|
module Platform
|
6
6
|
# Some PHP specific implementation
|
7
7
|
module PHP
|
8
|
-
DEBUG_LOG_PATTERN = /(?:\[\d{2}
|
8
|
+
DEBUG_LOG_PATTERN = /(?:\[\d{2}-[a-zA-Z]{3}-\d{4}\s\d{2}:\d{2}:\d{2}\s[A-Z]{3}\]|
|
9
9
|
PHP\s(?:Fatal|Warning|Strict|Error|Notice):)/x.freeze
|
10
10
|
FPD_PATTERN = /Fatal error:.+? in (.+?) on/.freeze
|
11
11
|
ERROR_LOG_PATTERN = /PHP Fatal error/i.freeze
|
@@ -53,12 +53,12 @@ module CMSScanner
|
|
53
53
|
domains = [uri.host + uri.path]
|
54
54
|
|
55
55
|
domains += if scope.domains.empty?
|
56
|
-
|
56
|
+
Array(scope.invalid_domains[1..-1])
|
57
57
|
else
|
58
|
-
|
58
|
+
Array(scope.domains[1..-1]).map(&:to_s) + scope.invalid_domains
|
59
59
|
end
|
60
60
|
|
61
|
-
domains.map! { |d| Regexp.escape(d.
|
61
|
+
domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
|
62
62
|
|
63
63
|
domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
|
64
64
|
|
@@ -41,7 +41,7 @@ module CMSScanner
|
|
41
41
|
def directory_listing?(path = nil, params = {})
|
42
42
|
res = NS::Browser.get(url(path), params)
|
43
43
|
|
44
|
-
res.code == 200 && res.body
|
44
|
+
res.code == 200 && res.body.include?('<h1>Index of') ? true : false
|
45
45
|
end
|
46
46
|
|
47
47
|
# @param [ String ] path
|
data/lib/cms_scanner/version.rb
CHANGED
@@ -5,22 +5,27 @@ module CMSScanner
|
|
5
5
|
class Vulnerability
|
6
6
|
include References
|
7
7
|
|
8
|
-
attr_reader :title, :type, :fixed_in
|
8
|
+
attr_reader :title, :type, :fixed_in, :cvss
|
9
9
|
|
10
10
|
# @param [ String ] title
|
11
11
|
# @param [ Hash ] references
|
12
|
-
# @option references [ Array<String>, String ] cve
|
13
|
-
# @option references [ Array<String>, String ] secunia
|
14
|
-
# @option references [ Array<String>, String ] osvdb
|
15
|
-
# @option references [ Array<String>, String ] exploitdb
|
16
|
-
# @option references [ Array<String> ] url URL(s) to related advisories etc
|
17
|
-
# @option references [ Array<String>, String ] metasploit The related metasploit module(s)
|
12
|
+
# @option references [ Array<String>, String ] :cve
|
13
|
+
# @option references [ Array<String>, String ] :secunia
|
14
|
+
# @option references [ Array<String>, String ] :osvdb
|
15
|
+
# @option references [ Array<String>, String ] :exploitdb
|
16
|
+
# @option references [ Array<String> ] :url URL(s) to related advisories etc
|
17
|
+
# @option references [ Array<String>, String ] :metasploit The related metasploit module(s)
|
18
|
+
# @option references [ Array<String> ] :youtube
|
18
19
|
# @param [ String ] type
|
19
20
|
# @param [ String ] fixed_in
|
20
|
-
|
21
|
+
# @param [ HashSymbol ] cvss
|
22
|
+
# @option cvss [ String ] :score
|
23
|
+
# @option cvss [ String ] :vector
|
24
|
+
def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil)
|
21
25
|
@title = title
|
22
26
|
@type = type
|
23
27
|
@fixed_in = fixed_in
|
28
|
+
@cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss
|
24
29
|
|
25
30
|
self.references = references
|
26
31
|
end
|
@@ -32,7 +37,8 @@ module CMSScanner
|
|
32
37
|
title == other.title &&
|
33
38
|
type == other.type &&
|
34
39
|
references == other.references &&
|
35
|
-
fixed_in == other.fixed_in
|
40
|
+
fixed_in == other.fixed_in &&
|
41
|
+
cvss == other.cvss
|
36
42
|
end
|
37
43
|
end
|
38
44
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-07-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: get_process_mem
|
@@ -44,14 +44,14 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.9.1
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1.
|
54
|
+
version: 1.9.1
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: public_suffix
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -84,16 +84,22 @@ dependencies:
|
|
84
84
|
name: typhoeus
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- - "
|
87
|
+
- - ">="
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 1.3
|
89
|
+
version: '1.3'
|
90
|
+
- - "<"
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: '1.5'
|
90
93
|
type: :runtime
|
91
94
|
prerelease: false
|
92
95
|
version_requirements: !ruby/object:Gem::Requirement
|
93
96
|
requirements:
|
94
|
-
- - "
|
97
|
+
- - ">="
|
95
98
|
- !ruby/object:Gem::Version
|
96
|
-
version: 1.3
|
99
|
+
version: '1.3'
|
100
|
+
- - "<"
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '1.5'
|
97
103
|
- !ruby/object:Gem::Dependency
|
98
104
|
name: xmlrpc
|
99
105
|
requirement: !ruby/object:Gem::Requirement
|
@@ -198,28 +204,28 @@ dependencies:
|
|
198
204
|
requirements:
|
199
205
|
- - "~>"
|
200
206
|
- !ruby/object:Gem::Version
|
201
|
-
version: 0.
|
207
|
+
version: 0.88.0
|
202
208
|
type: :development
|
203
209
|
prerelease: false
|
204
210
|
version_requirements: !ruby/object:Gem::Requirement
|
205
211
|
requirements:
|
206
212
|
- - "~>"
|
207
213
|
- !ruby/object:Gem::Version
|
208
|
-
version: 0.
|
214
|
+
version: 0.88.0
|
209
215
|
- !ruby/object:Gem::Dependency
|
210
216
|
name: rubocop-performance
|
211
217
|
requirement: !ruby/object:Gem::Requirement
|
212
218
|
requirements:
|
213
219
|
- - "~>"
|
214
220
|
- !ruby/object:Gem::Version
|
215
|
-
version: 1.
|
221
|
+
version: 1.7.0
|
216
222
|
type: :development
|
217
223
|
prerelease: false
|
218
224
|
version_requirements: !ruby/object:Gem::Requirement
|
219
225
|
requirements:
|
220
226
|
- - "~>"
|
221
227
|
- !ruby/object:Gem::Version
|
222
|
-
version: 1.
|
228
|
+
version: 1.7.0
|
223
229
|
- !ruby/object:Gem::Dependency
|
224
230
|
name: simplecov
|
225
231
|
requirement: !ruby/object:Gem::Requirement
|
@@ -374,7 +380,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
374
380
|
requirements:
|
375
381
|
- - ">="
|
376
382
|
- !ruby/object:Gem::Version
|
377
|
-
version: '2.
|
383
|
+
version: '2.5'
|
378
384
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
379
385
|
requirements:
|
380
386
|
- - ">="
|