cms_scanner 0.0.17 → 0.0.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/interesting_file.rb +1 -0
- data/app/models/robots_txt.rb +1 -1
- data/lib/cms_scanner/target.rb +20 -0
- data/lib/cms_scanner/version.rb +1 -1
- data/spec/fixtures/target/comments.html +29 -0
- data/spec/lib/target_spec.rb +39 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4967adc46d0b17b3762f4aa25608fbd5fa7372f4
|
|
4
|
+
data.tar.gz: d8b5abec16cff468b52d2596c8544b279dbfc347
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a807670ea5bdf871cd0f70779f939ddfb8c1dbd83262447e1427369109db103cc38192bbf6f95531264081e003200cf29be0c3af0849544b0d943824d6a0c734
|
|
7
|
+
data.tar.gz: d9c5c442e85d106dc960eee3db9a5277e2078816fd2dd331e73ac6206ffdcf08d6945ef071cdbf035d278ef6bf361ae11b22842be6190404f57e0b87d59025db
|
data/app/models/robots_txt.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module CMSScanner
|
|
2
2
|
# Robots.txt
|
|
3
3
|
class RobotsTxt < InterestingFile
|
|
4
|
-
# @todo Better detection, currently
|
|
4
|
+
# @todo Better detection, currently everything not empty or / is returned
|
|
5
5
|
#
|
|
6
6
|
# @return [ Array<String> ] The interesting Allow/Disallow rules detected
|
|
7
7
|
def interesting_entries
|
data/lib/cms_scanner/target.rb
CHANGED
|
@@ -25,5 +25,25 @@ module CMSScanner
|
|
|
25
25
|
def interesting_files(opts = {})
|
|
26
26
|
@interesting_files ||= NS::Finders::InterestingFiles::Base.find(self, opts)
|
|
27
27
|
end
|
|
28
|
+
|
|
29
|
+
# @param [ Regexp ] pattern
|
|
30
|
+
# @param [ Typhoeus::Response, String ] page
|
|
31
|
+
#
|
|
32
|
+
# @return [ Array<Array<MatchData, Nokogiri::XML::Comment>> ]
|
|
33
|
+
# @yield [ MatchData, Nokogiri::XML::Comment ]
|
|
34
|
+
def comments_from_page(pattern, page = nil)
|
|
35
|
+
page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
|
|
36
|
+
matches = []
|
|
37
|
+
|
|
38
|
+
page.html.xpath('//comment()').each do |node|
|
|
39
|
+
next unless node.text.to_s.strip =~ pattern
|
|
40
|
+
|
|
41
|
+
yield Regexp.last_match, node if block_given?
|
|
42
|
+
|
|
43
|
+
matches << [Regexp.last_match, node]
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
matches
|
|
47
|
+
end
|
|
28
48
|
end
|
|
29
49
|
end
|
data/lib/cms_scanner/version.rb
CHANGED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en-US" class="no-js">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<meta name="viewport" content="width=device-width">
|
|
6
|
+
<link rel="profile" href="http://gmpg.org/xfn/11">
|
|
7
|
+
<link rel="pingback" href="http://wp.lab/wordpress-4.1.1/xmlrpc.php">
|
|
8
|
+
<!--[if lt IE 9]>
|
|
9
|
+
<script src="http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/js/html5.js"></script>
|
|
10
|
+
<![endif]-->
|
|
11
|
+
<script>(function(){document.documentElement.className='js'})();</script>
|
|
12
|
+
<title>WP 4.1.1 | Just another WordPress site</title>
|
|
13
|
+
<meta name='robots' content='noindex,follow' />
|
|
14
|
+
|
|
15
|
+
<!-- All in One SEO Pack 2.2.5.1 by Michael Torbert of Semper Fi Web Design -->
|
|
16
|
+
<link rel="canonical" href="http://wp.lab/wordpress-4.1.1/" />
|
|
17
|
+
<!-- /all in one seo pack -->
|
|
18
|
+
<!--[if lt IE 9]>
|
|
19
|
+
<link rel='stylesheet' id='twentyfifteen-ie-css' href='http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/css/ie.css?ver=20141010' type='text/css' media='all' />
|
|
20
|
+
<![endif]-->
|
|
21
|
+
<!--[if lt IE 8]>
|
|
22
|
+
<link rel='stylesheet' id='twentyfifteen-ie7-css' href='http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/css/ie7.css?ver=20141010' type='text/css' media='all' />
|
|
23
|
+
<![endif]-->
|
|
24
|
+
|
|
25
|
+
<!-- .site-branding -->
|
|
26
|
+
<!-- .site-header -->
|
|
27
|
+
|
|
28
|
+
</body>
|
|
29
|
+
</html>
|
data/spec/lib/target_spec.rb
CHANGED
|
@@ -27,4 +27,43 @@ describe CMSScanner::Target do
|
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
|
+
|
|
31
|
+
describe '#comments_from_page' do
|
|
32
|
+
let(:fixture) { File.join(FIXTURES, 'target', 'comments.html') }
|
|
33
|
+
let(:page) { Typhoeus::Response.new(body: File.read(fixture)) }
|
|
34
|
+
|
|
35
|
+
context 'when the pattern does not match anything' do
|
|
36
|
+
it 'returns an empty array' do
|
|
37
|
+
expect(target.comments_from_page(/none/, page)).to eql([])
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
context 'when the pattern matches' do
|
|
42
|
+
let(:pattern) { /all in one seo pack/i }
|
|
43
|
+
let(:s1) { 'All in One SEO Pack 2.2.5.1 by Michael Torbert of Semper Fi Web Design' }
|
|
44
|
+
let(:s2) { '/all in one seo pack' }
|
|
45
|
+
|
|
46
|
+
context 'when no block given' do
|
|
47
|
+
it 'returns the expected matches' do
|
|
48
|
+
results = target.comments_from_page(pattern, page)
|
|
49
|
+
|
|
50
|
+
[s1, s2].each_with_index do |s, i|
|
|
51
|
+
expect(results[i].first).to eql s.match(pattern)
|
|
52
|
+
expect(results[i].last.to_s).to eql "<!-- #{s} -->"
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# The below doesn't work, dunno why
|
|
58
|
+
context 'when block given' do
|
|
59
|
+
it 'yield the MatchData' do
|
|
60
|
+
expect { |b| target.comments_from_page(pattern, page, &b) }
|
|
61
|
+
.to yield_successive_args(
|
|
62
|
+
[MatchData, Nokogiri::XML::Comment],
|
|
63
|
+
[MatchData, Nokogiri::XML::Comment]
|
|
64
|
+
)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
end
|
|
30
69
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.18
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-02-
|
|
11
|
+
date: 2015-02-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|
|
@@ -328,6 +328,7 @@ files:
|
|
|
328
328
|
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
|
329
329
|
- spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
|
|
330
330
|
- spec/fixtures/output.txt
|
|
331
|
+
- spec/fixtures/target/comments.html
|
|
331
332
|
- spec/fixtures/target/platform/php/debug_log/debug.log
|
|
332
333
|
- spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
|
|
333
334
|
- spec/fixtures/target/scope/index.html
|
|
@@ -449,6 +450,7 @@ test_files:
|
|
|
449
450
|
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
|
450
451
|
- spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
|
|
451
452
|
- spec/fixtures/output.txt
|
|
453
|
+
- spec/fixtures/target/comments.html
|
|
452
454
|
- spec/fixtures/target/platform/php/debug_log/debug.log
|
|
453
455
|
- spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
|
|
454
456
|
- spec/fixtures/target/scope/index.html
|