cms_scanner 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/core/cli_options.rb +4 -1
- data/cms_scanner.gemspec +8 -7
- data/lib/cms_scanner.rb +5 -1
- data/lib/cms_scanner/controller.rb +1 -1
- data/lib/cms_scanner/public_suffix/domain.rb +33 -0
- data/lib/cms_scanner/target.rb +23 -5
- data/lib/cms_scanner/target/scope.rb +37 -0
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/web_site.rb +5 -2
- data/spec/app/finders/interesting_files/xml_rpc_spec.rb +2 -2
- data/spec/app/models/interesting_file_spec.rb +1 -1
- data/spec/app/views_spec.rb +1 -1
- data/spec/fixtures/interesting_files/xml_rpc/homepage_in_scope_pingback.html +1 -1
- data/spec/fixtures/target/server/iis/directory_listing/no_parent.html +1 -1
- data/spec/fixtures/target/server/iis/directory_listing/with_parent.html +1 -1
- data/spec/lib/controller_spec.rb +4 -3
- data/spec/lib/public_suffix/domain_spec.rb +49 -0
- data/spec/lib/target/platforms_spec.rb +1 -1
- data/spec/lib/target/servers_spec.rb +1 -1
- data/spec/lib/target_spec.rb +49 -11
- data/spec/lib/web_site_spec.rb +16 -5
- data/spec/output/core/started.cli_no_colour +1 -1
- data/spec/output/core/started.json +1 -1
- metadata +36 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b93921cef0886b572b23fb68c0eb79fc3ba4f99d
|
|
4
|
+
data.tar.gz: b77bf4aa78297bd4eee19634a8afb7a57db3b627
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 00c2b526a36a7cd7f5b91861ab1a9d9ec990e584f0a09101b5fb8b992c42f2e7b5fb80eb5d0b97230f6f0ad9d68543bd4c0233256f13d1a6674ce91efdc40630
|
|
7
|
+
data.tar.gz: d9375a980fac1ddaed54c144dcffcec45251a5cb9c773a2d327852ebb8cecc3c8fddd9f373dc3fa502ffeef7acf03ebd0e4884b443626026fbb45e61356b08aa
|
|
@@ -14,7 +14,10 @@ module CMSScanner
|
|
|
14
14
|
OptChoice.new(['--detection-mode MODE', 'Modes: mixed (default), passive, aggressive'],
|
|
15
15
|
choices: %w(mixed passive aggressive),
|
|
16
16
|
normalize: :to_sym,
|
|
17
|
-
default: :mixed)
|
|
17
|
+
default: :mixed),
|
|
18
|
+
OptArray.new(['--scope DOMAINS',
|
|
19
|
+
'Coma separated (sub-)domains to consider in scope. ' \
|
|
20
|
+
'Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld'])
|
|
18
21
|
] + cli_browser_options
|
|
19
22
|
end
|
|
20
23
|
|
data/cms_scanner.gemspec
CHANGED
|
@@ -21,17 +21,18 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
s.test_files = s.files.grep(/^(test|spec|features)\//)
|
|
22
22
|
s.require_path = 'lib'
|
|
23
23
|
|
|
24
|
-
s.add_dependency 'opt_parse_validator', '~> 0.0.
|
|
24
|
+
s.add_dependency 'opt_parse_validator', '~> 0.0.6'
|
|
25
25
|
s.add_dependency 'typhoeus', '~> 0.7'
|
|
26
|
-
s.add_dependency 'nokogiri', '~> 1.6
|
|
27
|
-
s.add_dependency 'addressable', '~> 2.3
|
|
28
|
-
s.add_dependency 'activesupport', '~> 4.
|
|
26
|
+
s.add_dependency 'nokogiri', '~> 1.6'
|
|
27
|
+
s.add_dependency 'addressable', '~> 2.3'
|
|
28
|
+
s.add_dependency 'activesupport', '~> 4.2'
|
|
29
|
+
s.add_dependency 'public_suffix', '~> 1.4'
|
|
29
30
|
|
|
30
31
|
s.add_development_dependency 'rake', '~> 10.4'
|
|
31
|
-
s.add_development_dependency 'rspec', '~> 3.
|
|
32
|
+
s.add_development_dependency 'rspec', '~> 3.2'
|
|
32
33
|
s.add_development_dependency 'rspec-its', '~> 1.1'
|
|
33
|
-
s.add_development_dependency 'bundler', '~> 1.
|
|
34
|
+
s.add_development_dependency 'bundler', '~> 1.7'
|
|
34
35
|
s.add_development_dependency 'rubocop', '~> 0.28'
|
|
35
|
-
s.add_development_dependency 'webmock', '
|
|
36
|
+
s.add_development_dependency 'webmock', '~> 1.20'
|
|
36
37
|
s.add_development_dependency 'simplecov', '~> 0.9'
|
|
37
38
|
end
|
data/lib/cms_scanner.rb
CHANGED
|
@@ -4,13 +4,17 @@ require 'typhoeus'
|
|
|
4
4
|
require 'nokogiri'
|
|
5
5
|
require 'active_support/inflector'
|
|
6
6
|
require 'addressable/uri'
|
|
7
|
+
require 'public_suffix'
|
|
7
8
|
# Standard Libs
|
|
8
9
|
require 'erb'
|
|
9
10
|
require 'fileutils'
|
|
10
11
|
require 'pathname'
|
|
11
|
-
#
|
|
12
|
+
# Helpers
|
|
12
13
|
require 'helper'
|
|
14
|
+
# Monkey Patches
|
|
13
15
|
require 'cms_scanner/typhoeus/response'
|
|
16
|
+
require 'cms_scanner/public_suffix/domain'
|
|
17
|
+
# Custom Libs
|
|
14
18
|
require 'cms_scanner/errors/auth_errors'
|
|
15
19
|
require 'cms_scanner/cache/typhoeus'
|
|
16
20
|
require 'cms_scanner/target'
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module PublicSuffix
|
|
2
|
+
# Monkey Patch to include the match logic
|
|
3
|
+
class Domain
|
|
4
|
+
# For Sanity
|
|
5
|
+
def ==(other)
|
|
6
|
+
name == other.name
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
# TODO: better code for this method
|
|
10
|
+
# rubocop:disable all
|
|
11
|
+
def match(pattern)
|
|
12
|
+
pattern = PublicSuffix.parse(pattern) unless pattern.is_a?(PublicSuffix::Domain)
|
|
13
|
+
|
|
14
|
+
return name == pattern.name unless pattern.trd
|
|
15
|
+
return false unless tld == pattern.tld && sld == pattern.sld
|
|
16
|
+
|
|
17
|
+
pattern_trds = pattern.trd.split('.')
|
|
18
|
+
domain_trds = trd.split('.')
|
|
19
|
+
|
|
20
|
+
case pattern_trds.first
|
|
21
|
+
when '*'
|
|
22
|
+
pattern_trds[1..pattern_trds.size] == domain_trds[1..domain_trds.size]
|
|
23
|
+
when '**'
|
|
24
|
+
pa = pattern_trds[1..pattern_trds.size]
|
|
25
|
+
|
|
26
|
+
domain_trds[domain_trds.size - pa.size, pa.size] == pa
|
|
27
|
+
else
|
|
28
|
+
name == pattern.name
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
# rubocop:enable all
|
|
32
|
+
end
|
|
33
|
+
end
|
data/lib/cms_scanner/target.rb
CHANGED
|
@@ -1,23 +1,41 @@
|
|
|
1
1
|
require 'cms_scanner/web_site'
|
|
2
2
|
require 'cms_scanner/target/platform'
|
|
3
3
|
require 'cms_scanner/target/server'
|
|
4
|
+
require 'cms_scanner/target/scope'
|
|
4
5
|
|
|
5
6
|
module CMSScanner
|
|
6
7
|
# Target to Scan
|
|
7
8
|
class Target < WebSite
|
|
8
9
|
include Server::Generic
|
|
9
10
|
|
|
10
|
-
# @
|
|
11
|
-
#
|
|
12
|
-
#
|
|
11
|
+
# @param [ String ] url
|
|
12
|
+
# @param [ Hash ] opts
|
|
13
|
+
# @option opts [ Array<PublicSuffix::Domain, String> ] :scope
|
|
14
|
+
def initialize(url, opts = {})
|
|
15
|
+
super(url, opts)
|
|
16
|
+
|
|
17
|
+
scope << uri.host
|
|
18
|
+
[*opts[:scope]].each { |s| scope << s }
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# @return [ Array<PublicSuffix::Domain, String> ]
|
|
22
|
+
def scope
|
|
23
|
+
@scope ||= Scope.new
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# // are handled by Addressable::URI, but worngly :/
|
|
27
|
+
# e.g: Addressable::URI.parse('//file').host => file
|
|
28
|
+
#
|
|
29
|
+
# Idea: parse the // with PublicSuffix to see if a valid
|
|
30
|
+
# domain is used
|
|
13
31
|
#
|
|
14
32
|
# @param [ String ] url
|
|
15
33
|
#
|
|
16
|
-
# @return [ Boolean ] true if the url given
|
|
34
|
+
# @return [ Boolean ] true if the url given is in scope
|
|
17
35
|
def in_scope?(url)
|
|
18
36
|
return true if url[0, 1] == '/' && url[1, 1] != '/'
|
|
19
37
|
|
|
20
|
-
Addressable::URI.parse(url).host
|
|
38
|
+
scope.include?(Addressable::URI.parse(url).host)
|
|
21
39
|
rescue
|
|
22
40
|
false
|
|
23
41
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module CMSScanner
|
|
2
|
+
class Target < WebSite
|
|
3
|
+
# Scope Implementation
|
|
4
|
+
class Scope
|
|
5
|
+
# @return [ Array<PublicSuffix::Domain ] The valid domains in scope
|
|
6
|
+
def domains
|
|
7
|
+
@domains ||= []
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# @return [ Array<String> ] The invalid domains in scope (such as IP addresses etc)
|
|
11
|
+
def invalid_domains
|
|
12
|
+
@invalid_domains ||= []
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def <<(element)
|
|
16
|
+
if PublicSuffix.valid?(element)
|
|
17
|
+
domains << PublicSuffix.parse(element)
|
|
18
|
+
else
|
|
19
|
+
invalid_domains << element
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# @return [ Boolean ] Wether or not the host is in the scope
|
|
24
|
+
def include?(host)
|
|
25
|
+
if PublicSuffix.valid?(host)
|
|
26
|
+
domain = PublicSuffix.parse(host)
|
|
27
|
+
|
|
28
|
+
domains.each { |d| return true if domain.match(d) }
|
|
29
|
+
else
|
|
30
|
+
invalid_domains.each { |d| return true if host == d }
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
false
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
data/lib/cms_scanner/version.rb
CHANGED
data/lib/cms_scanner/web_site.rb
CHANGED
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
module CMSScanner
|
|
2
2
|
# WebSite Implementation
|
|
3
3
|
class WebSite
|
|
4
|
-
attr_reader :uri
|
|
4
|
+
attr_reader :uri, :opts
|
|
5
5
|
|
|
6
|
-
|
|
6
|
+
# @param [ String ] site_url
|
|
7
|
+
# @param [ Hash ] opts
|
|
8
|
+
def initialize(site_url, opts = {})
|
|
7
9
|
self.url = site_url.dup
|
|
10
|
+
@opts = opts
|
|
8
11
|
end
|
|
9
12
|
|
|
10
13
|
def url=(site_url)
|
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
|
3
3
|
describe CMSScanner::Finders::InterestingFile::XMLRPC do
|
|
4
4
|
subject(:finder) { described_class.new(target) }
|
|
5
5
|
let(:target) { CMSScanner::Target.new(url) }
|
|
6
|
-
let(:url) { 'http://
|
|
6
|
+
let(:url) { 'http://e.org/' }
|
|
7
7
|
let(:xml_rpc_url) { url + 'xmlrpc.php' }
|
|
8
8
|
let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'xml_rpc') }
|
|
9
9
|
|
|
@@ -85,7 +85,7 @@ describe CMSScanner::Finders::InterestingFile::XMLRPC do
|
|
|
85
85
|
|
|
86
86
|
context 'when URL is in scope' do
|
|
87
87
|
let(:body) { File.new(File.join(fixtures, 'homepage_in_scope_pingback.html')).read }
|
|
88
|
-
let(:expected_url) { 'http://
|
|
88
|
+
let(:expected_url) { 'http://e.org/wp/xmlrpc.php' }
|
|
89
89
|
|
|
90
90
|
it 'adds the URL to the #potential_urls and returns the XMLRPC' do
|
|
91
91
|
result = finder.passive_body
|
|
@@ -42,7 +42,7 @@ describe CMSScanner::InterestingFile do
|
|
|
42
42
|
|
|
43
43
|
context 'when not the same URL' do
|
|
44
44
|
it 'returns false' do
|
|
45
|
-
expect(file == described_class.new('http://
|
|
45
|
+
expect(file == described_class.new('http://e.org')).to be false
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
48
|
end
|
data/spec/app/views_spec.rb
CHANGED
|
@@ -3,5 +3,5 @@
|
|
|
3
3
|
<meta name="viewport" content="width=device-width">
|
|
4
4
|
<title>WordPress 4.0 | Just another WordPress site</title>
|
|
5
5
|
<link rel="profile" href="http://gmpg.org/xfn/11">
|
|
6
|
-
<link rel="pingback" href="http://
|
|
6
|
+
<link rel="pingback" href="http://e.org/wp/xmlrpc.php">
|
|
7
7
|
</head>
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
<html><head><title>
|
|
1
|
+
<html><head><title>e.org - /dir/</title></head><body><H1>e.org - /dir/</H1><hr>
|
|
2
2
|
|
|
3
3
|
<pre>10/8/2014 11:00 PM <dir> <A HREF="/sub-dir/">sub-dir</A>10/10/2014 10:00 PM 168 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
<html><head><title>
|
|
1
|
+
<html><head><title>e.org - /dir/</title></head><body><H1>e.org - /dir/</H1><hr>
|
|
2
2
|
|
|
3
3
|
<pre><A HREF="/">[To Parent Directory]</A><br><br> 10/8/2014 11:00 PM <dir> <A HREF="/sub-dir/">sub-dir</A>10/10/2014 10:00 PM 168 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>
|
data/spec/lib/controller_spec.rb
CHANGED
|
@@ -8,9 +8,10 @@ describe CMSScanner::Controller do
|
|
|
8
8
|
|
|
9
9
|
let(:parsed_options) { { url: 'http://example.com/' } }
|
|
10
10
|
|
|
11
|
-
its(:parsed_options)
|
|
12
|
-
its(:formatter)
|
|
13
|
-
its(:target)
|
|
11
|
+
its(:parsed_options) { should eq(parsed_options) }
|
|
12
|
+
its(:formatter) { should be_a CMSScanner::Formatter::Cli }
|
|
13
|
+
its(:target) { should be_a CMSScanner::Target }
|
|
14
|
+
its('target.scope.domains') { should eq [PublicSuffix.parse('example.com')] }
|
|
14
15
|
|
|
15
16
|
describe '#render' do
|
|
16
17
|
it 'calls the formatter#render' do
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe PublicSuffix::Domain do
|
|
4
|
+
describe '#match' do
|
|
5
|
+
it 'returns true' do
|
|
6
|
+
expect(PublicSuffix.parse('g.com').match('g.com')).to eql true
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
it 'returns true' do
|
|
10
|
+
expect(PublicSuffix.parse('s.g.com').match('*.g.com')).to eql true
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it 'returns false' do
|
|
14
|
+
expect(PublicSuffix.parse('a.b.g.com').match('*.g.com')).to eql false
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it 'returns true' do
|
|
18
|
+
expect(PublicSuffix.parse('a.b.g.com').match('*.b.g.com')).to eql true
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it 'returns true' do
|
|
22
|
+
expect(PublicSuffix.parse('a.b.g.com').match('**.g.com')).to eql true
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
it 'returns false' do
|
|
26
|
+
expect(PublicSuffix.parse('a.b.y.g.com').match('**.b.g.com')).to eql false
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
it 'returns false' do
|
|
30
|
+
expect(PublicSuffix.parse('w.g.com').match('*.g2.com')).to eql false
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
it 'returns true' do
|
|
34
|
+
expect(PublicSuffix.parse('a.b.g.com').match('a.b.g.com')).to eql true
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it 'returns false' do
|
|
38
|
+
expect(PublicSuffix.parse('a.b.g.com').match('a.y.g.com')).to eql false
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it 'returns true' do
|
|
42
|
+
expect(PublicSuffix.parse('a.b.c.d.g.com').match('**.c.d.g.com')).to eql true
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
it 'returns true' do
|
|
46
|
+
expect(PublicSuffix.parse('a.b.c.d.g.com').match('*.b.c.d.g.com')).to eql true
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -5,7 +5,7 @@ require 'spec_helper'
|
|
|
5
5
|
subject(:target) do
|
|
6
6
|
described_class.new(url).extend(described_class::Platform.const_get(platform))
|
|
7
7
|
end
|
|
8
|
-
let(:url) { 'http://
|
|
8
|
+
let(:url) { 'http://e.org' }
|
|
9
9
|
let(:fixtures) { File.join(FIXTURES, 'target', 'platform', platform.to_s.downcase) }
|
|
10
10
|
|
|
11
11
|
it_behaves_like described_class::Platform.const_get(platform)
|
|
@@ -5,7 +5,7 @@ require 'spec_helper'
|
|
|
5
5
|
subject(:target) do
|
|
6
6
|
described_class.new(url).extend(described_class::Server.const_get(server))
|
|
7
7
|
end
|
|
8
|
-
let(:url) { 'http://
|
|
8
|
+
let(:url) { 'http://e.org' }
|
|
9
9
|
let(:fixtures) { File.join(FIXTURES, 'target', 'server', server.to_s.downcase) }
|
|
10
10
|
|
|
11
11
|
it_behaves_like described_class::Server.const_get(server)
|
data/spec/lib/target_spec.rb
CHANGED
|
@@ -1,23 +1,61 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe CMSScanner::Target do
|
|
4
|
-
subject(:target) { described_class.new(url) }
|
|
5
|
-
let(:url) { 'http://
|
|
4
|
+
subject(:target) { described_class.new(url, opts) }
|
|
5
|
+
let(:url) { 'http://e.org' }
|
|
6
|
+
let(:opts) { { scope: nil } }
|
|
7
|
+
|
|
8
|
+
describe '#scope' do
|
|
9
|
+
let(:default_domains) { [PublicSuffix.parse('e.org')] }
|
|
10
|
+
|
|
11
|
+
context 'when none supplied' do
|
|
12
|
+
its('scope.domains') { should eq default_domains }
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
context 'when scope provided' do
|
|
16
|
+
let(:opts) { super().merge(scope: ['*.e.org']) }
|
|
17
|
+
|
|
18
|
+
its('scope.domains') { should eq default_domains << PublicSuffix.parse(opts[:scope].first) }
|
|
19
|
+
|
|
20
|
+
context 'when invalid domains provided' do
|
|
21
|
+
let(:opts) { super().merge(scope: ['wp-lamp', '192.168.1.12']) }
|
|
22
|
+
|
|
23
|
+
it 'adds them in the invalid_domains attribute' do
|
|
24
|
+
expect(target.scope.domains).to eq default_domains
|
|
25
|
+
expect(target.scope.invalid_domains).to eq opts[:scope]
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
6
30
|
|
|
7
31
|
describe '#in_scope?' do
|
|
8
|
-
|
|
32
|
+
context 'when default scope (target domain)' do
|
|
33
|
+
[nil, '', 'http://out-of-scope.com', '//jquery.com/j.js'].each do |url|
|
|
34
|
+
it "returns false for #{url}" do
|
|
35
|
+
expect(target.in_scope?(url)).to eql false
|
|
36
|
+
end
|
|
37
|
+
end
|
|
9
38
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
39
|
+
%w(https://e.org/file.txt http://e.org/ /relative).each do |url|
|
|
40
|
+
it "returns true for #{url}" do
|
|
41
|
+
expect(target.in_scope?(url)).to eql true
|
|
42
|
+
end
|
|
14
43
|
end
|
|
15
44
|
end
|
|
16
45
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
46
|
+
context 'when custom scope' do
|
|
47
|
+
let(:opts) { { scope: ['*.e.org', '192.168.1.12'] } }
|
|
48
|
+
|
|
49
|
+
[nil, '', 'http://out-of-scope.com', '//jquery.com/j.js', 'http://192.168.1.2/'].each do |url|
|
|
50
|
+
it "returns false for #{url}" do
|
|
51
|
+
expect(target.in_scope?(url)).to eql false
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
%w(https://cdn.e.org/file.txt http://www.e.org/ https://192.168.1.12/home).each do |url|
|
|
56
|
+
it "returns true for #{url}" do
|
|
57
|
+
expect(target.in_scope?(url)).to eql true
|
|
58
|
+
end
|
|
21
59
|
end
|
|
22
60
|
end
|
|
23
61
|
end
|
data/spec/lib/web_site_spec.rb
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe CMSScanner::WebSite do
|
|
4
|
-
subject(:web_site) { described_class.new(url) }
|
|
5
|
-
let(:url) { 'http://
|
|
4
|
+
subject(:web_site) { described_class.new(url, opts) }
|
|
5
|
+
let(:url) { 'http://e.org' }
|
|
6
|
+
let(:opts) { {} }
|
|
6
7
|
|
|
7
8
|
describe '#url=' do
|
|
8
9
|
context 'when the url is incorrect' do
|
|
@@ -31,7 +32,7 @@ describe CMSScanner::WebSite do
|
|
|
31
32
|
|
|
32
33
|
describe '#url' do
|
|
33
34
|
context 'when no path argument' do
|
|
34
|
-
its(:url) { should eql 'http://
|
|
35
|
+
its(:url) { should eql 'http://e.org/' }
|
|
35
36
|
end
|
|
36
37
|
|
|
37
38
|
context 'when a path argument' do
|
|
@@ -40,15 +41,25 @@ describe CMSScanner::WebSite do
|
|
|
40
41
|
end
|
|
41
42
|
|
|
42
43
|
context 'when relative path' do
|
|
43
|
-
let(:url) { 'http://
|
|
44
|
+
let(:url) { 'http://e.org/dir/' }
|
|
44
45
|
|
|
45
46
|
it 'appends it from the host/domain' do
|
|
46
|
-
expect(web_site.url('/sub/file.txt')).to eql 'http://
|
|
47
|
+
expect(web_site.url('/sub/file.txt')).to eql 'http://e.org/sub/file.txt'
|
|
47
48
|
end
|
|
48
49
|
end
|
|
49
50
|
end
|
|
50
51
|
end
|
|
51
52
|
|
|
53
|
+
describe '#opts' do
|
|
54
|
+
its(:opts) { should eql({}) }
|
|
55
|
+
|
|
56
|
+
context 'when opts' do
|
|
57
|
+
let(:opts) { { test: 'mm' } }
|
|
58
|
+
|
|
59
|
+
its(:opts) { should eql opts }
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
|
|
52
63
|
describe '#online?, #http_auth?, #access_forbidden?, #proxy_auth?' do
|
|
53
64
|
before { stub_request(:get, web_site.url(path)).to_return(status: status) }
|
|
54
65
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-02-
|
|
11
|
+
date: 2015-02-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.0.
|
|
19
|
+
version: 0.0.6
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.0.
|
|
26
|
+
version: 0.0.6
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: typhoeus
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -44,42 +44,56 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.6
|
|
47
|
+
version: '1.6'
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.6
|
|
54
|
+
version: '1.6'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: addressable
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version: 2.3
|
|
61
|
+
version: '2.3'
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version: 2.3
|
|
68
|
+
version: '2.3'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: activesupport
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '4.
|
|
75
|
+
version: '4.2'
|
|
76
76
|
type: :runtime
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '4.
|
|
82
|
+
version: '4.2'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: public_suffix
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '1.4'
|
|
90
|
+
type: :runtime
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '1.4'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: rake
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +114,14 @@ dependencies:
|
|
|
100
114
|
requirements:
|
|
101
115
|
- - "~>"
|
|
102
116
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '3.
|
|
117
|
+
version: '3.2'
|
|
104
118
|
type: :development
|
|
105
119
|
prerelease: false
|
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
121
|
requirements:
|
|
108
122
|
- - "~>"
|
|
109
123
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '3.
|
|
124
|
+
version: '3.2'
|
|
111
125
|
- !ruby/object:Gem::Dependency
|
|
112
126
|
name: rspec-its
|
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +142,14 @@ dependencies:
|
|
|
128
142
|
requirements:
|
|
129
143
|
- - "~>"
|
|
130
144
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: '1.
|
|
145
|
+
version: '1.7'
|
|
132
146
|
type: :development
|
|
133
147
|
prerelease: false
|
|
134
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
149
|
requirements:
|
|
136
150
|
- - "~>"
|
|
137
151
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: '1.
|
|
152
|
+
version: '1.7'
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -154,16 +168,16 @@ dependencies:
|
|
|
154
168
|
name: webmock
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
|
156
170
|
requirements:
|
|
157
|
-
- - "
|
|
171
|
+
- - "~>"
|
|
158
172
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: '1.
|
|
173
|
+
version: '1.20'
|
|
160
174
|
type: :development
|
|
161
175
|
prerelease: false
|
|
162
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
177
|
requirements:
|
|
164
|
-
- - "
|
|
178
|
+
- - "~>"
|
|
165
179
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: '1.
|
|
180
|
+
version: '1.20'
|
|
167
181
|
- !ruby/object:Gem::Dependency
|
|
168
182
|
name: simplecov
|
|
169
183
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -251,9 +265,11 @@ files:
|
|
|
251
265
|
- lib/cms_scanner/finders/unique_finders.rb
|
|
252
266
|
- lib/cms_scanner/formatter.rb
|
|
253
267
|
- lib/cms_scanner/formatter/buffer.rb
|
|
268
|
+
- lib/cms_scanner/public_suffix/domain.rb
|
|
254
269
|
- lib/cms_scanner/target.rb
|
|
255
270
|
- lib/cms_scanner/target/platform.rb
|
|
256
271
|
- lib/cms_scanner/target/platform/php.rb
|
|
272
|
+
- lib/cms_scanner/target/scope.rb
|
|
257
273
|
- lib/cms_scanner/target/server.rb
|
|
258
274
|
- lib/cms_scanner/target/server/apache.rb
|
|
259
275
|
- lib/cms_scanner/target/server/generic.rb
|
|
@@ -321,6 +337,7 @@ files:
|
|
|
321
337
|
- spec/lib/finders/unique_finder_spec.rb
|
|
322
338
|
- spec/lib/finders/unique_finders_spec.rb
|
|
323
339
|
- spec/lib/formatter_spec.rb
|
|
340
|
+
- spec/lib/public_suffix/domain_spec.rb
|
|
324
341
|
- spec/lib/sub_scanner_spec.rb
|
|
325
342
|
- spec/lib/target/platforms_spec.rb
|
|
326
343
|
- spec/lib/target/servers_spec.rb
|
|
@@ -431,6 +448,7 @@ test_files:
|
|
|
431
448
|
- spec/lib/finders/unique_finder_spec.rb
|
|
432
449
|
- spec/lib/finders/unique_finders_spec.rb
|
|
433
450
|
- spec/lib/formatter_spec.rb
|
|
451
|
+
- spec/lib/public_suffix/domain_spec.rb
|
|
434
452
|
- spec/lib/sub_scanner_spec.rb
|
|
435
453
|
- spec/lib/target/platforms_spec.rb
|
|
436
454
|
- spec/lib/target/servers_spec.rb
|