cms_scanner 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f568051a37f6bcd75abe28d026dea5e2ff8a1372
+  data.tar.gz: d9399f063d4bc5b3929f566e2a018788dc708615
+SHA512:
+  metadata.gz: 60523f8ef6495c41045f34e16bf18287f677b0c8749678d8cc9e4bfd4620b21ec357e06a9e230b6b83f3604d0cdfb24f159796a902939d1b9c239c7a5051fe7a
+  data.tar.gz: 38d4c48bf4e4b682732ce4f37b7eba45cca00c19b5edffbf89abd3a362bc8e782c10d842948a3fd657fa16737c09ceb7eb3461ed1551ebc795e2be5d0d3e8861

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--fail-fast

data/.rubocop.yml

@@ -0,0 +1,6 @@
+LineLength:
+  Max: 100
+ClassVars:
+  Enabled: false
+MethodLength:
+  Max: 15

data/.travis.yml

@@ -0,0 +1,14 @@
+language: ruby
+rvm:
+  - 2.0.0
+  - 2.1.0
+  - 2.1.1
+  - 2.1.2
+  - 2.1.3
+  - ruby-head
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+script:
+  - bundle exec rspec
+  - bundle exec rubocop

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec
+
+group :test do
+  gem 'coveralls', require: false
+end

data/README.md

@@ -0,0 +1,20 @@
+# CMSScanner
+
+[![Build Status](https://img.shields.io/travis/wpscanteam/CMSScanner.svg)](https://travis-ci.org/wpscanteam/CMSScanner)
+[![Coverage Status](https://img.shields.io/coveralls/wpscanteam/CMSScanner.svg)](https://coveralls.io/r/wpscanteam/CMSScanner)
+[![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/CMSScanner.svg)](https://codeclimate.com/github/wpscanteam/CMSScanner)
+[![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/CMSScanner.svg)](https://gemnasium.com/wpscanteam/CMSScanner)
+
+The goal of this gem is to provide a quick and easy way to create a CMS/WebSite Scanner by acting like a Framework and providing classes, formatters etc.
+
+## /!\ This gem is currently Experimental /!\
+
+Install Dependencies: ```bundle install```
+
+## Contributing
+
+1. Fork it ( https://github.com/wpscanteam/CMSScanner/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+RSpec::Core::RakeTask.new(:spec)
+
+# Run rubocop & rspec before the build
+task build: [:rubocop, :spec]

data/app/app.rb

@@ -0,0 +1,4 @@
+require_relative 'formatters'
+require_relative 'controllers'
+require_relative 'models'
+require_relative 'finders'

data/app/controllers.rb

@@ -0,0 +1,2 @@
+require_relative 'controllers/core'
+require_relative 'controllers/interesting_files'

data/app/controllers/core.rb

@@ -0,0 +1,46 @@
+require_relative 'core/cli_options'
+
+module CMSScanner
+  module Controller
+    # Core Controller
+    class Core < Base
+      def setup_cache
+        return unless parsed_options[:cache_dir]
+
+        storage_path = File.join(parsed_options[:cache_dir], Digest::MD5.hexdigest(target.url))
+
+        Typhoeus::Config.cache = Cache::Typhoeus.new(storage_path)
+        Typhoeus::Config.cache.clean if parsed_options[:clear_cache]
+      end
+
+      def before_scan
+        setup_cache
+
+        fail "The url supplied '#{target.url}' seems to be down" unless target.online?
+
+        fail HTTPAuthRequiredError if target.http_auth?
+        fail ProxyAuthRequiredError if target.proxy_auth?
+
+        # TODO: ask if the redirection should be followed
+        # if user_interaction? is allowed (if followed, the Cache#storage_path should be updated)
+        redirection = target.redirection
+        fail "The url supplied redirects to #{redirection}" if redirection
+      end
+
+      def run
+        @start_time   = Time.now
+        @start_memory = memory_usage
+
+        output('started', url: target.url)
+      end
+
+      def after_scan
+        @stop_time   = Time.now
+        @elapsed     = @stop_time - @start_time
+        @used_memory = memory_usage - @start_memory
+
+        output('finished')
+      end
+    end
+  end
+end

data/app/controllers/core/cli_options.rb

@@ -0,0 +1,68 @@
+module CMSScanner
+  module Controller
+    # CLI Options for the Core Controller
+    class Core < Base
+      def cli_options
+        formats = NS::Formatter.availables
+
+        [
+          OptURL.new(['-u', '--url URL'], required: true),
+          OptBoolean.new(%w(-v --verbose)),
+          OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
+          OptChoice.new(['-f', '--format FORMAT',
+                         "Available formats: #{formats.join(', ')}"], choices: formats),
+          OptChoice.new(['--detection-mode MODE', 'Modes: mixed (default), passive, aggressive'],
+                        choices: %w(mixed passive aggressive),
+                        normalize: :to_sym,
+                        default: :mixed)
+        ] + cli_browser_options
+      end
+
+      # @return [ Array<OptParseValidator::OptBase> ]
+      def cli_browser_options
+        [
+          OptString.new(['--user-agent VALUE', '--ua']),
+          OptCredentials.new(['--http-auth login:password']),
+          OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use']),
+          OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds']),
+          OptPositiveInteger.new(['--connect-timeout SECONDS',
+                                  'The connection timeout in seconds'])
+        ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
+      end
+
+      # @return [ Array<OptParseValidator::OptBase> ]
+      def cli_browser_proxy_options
+        [
+          OptProxy.new(['--proxy protocol://IP:port',
+                        'Supported protocols depend on the cURL installed']),
+          OptCredentials.new(['--proxy-auth login:password'])
+        ]
+      end
+
+      # @return [ Array<OptParseValidator::OptBase> ]
+      def cli_browser_cookies_options
+        [
+          OptString.new(['--cookie-string COOKIE',
+                         'Cookie string to use in requests, ' \
+                         'format: cookie1=value1[; cookie2=value2]']),
+          OptFilePath.new(['--cookie-jar FILE-PATH', 'File to read and write cookies'],
+                          writable: true,
+                          exists: false,
+                          default: '/tmp/cms_scanner/cookie_jar.txt')
+        ]
+      end
+
+      # @return [ Array<OptParseValidator::OptBase> ]
+      def cli_browser_cache_options
+        [
+          OptInteger.new(['--cache-ttl TIME_TO_LIVE'], default: 600),
+          OptBoolean.new(['--clear-cache', 'Clear the cache before the scan']),
+          OptDirectoryPath.new(['--cache-dir PATH'],
+                               readable: true,
+                               writable: true,
+                               default: '/tmp/cms_scanner/cache/')
+        ]
+      end
+    end
+  end
+end

data/app/controllers/interesting_files.rb

@@ -0,0 +1,12 @@
+module CMSScanner
+  module Controller
+    # InterestingFiles Controller
+    class InterestingFiles < Base
+      def run
+        findings = target.interesting_files(mode: parsed_options[:detection_mode])
+
+        output('findings', findings: findings) unless findings.empty?
+      end
+    end
+  end
+end

data/app/finders.rb

@@ -0,0 +1 @@
+require_relative 'finders/interesting_files'

data/app/finders/interesting_files.rb

@@ -0,0 +1,21 @@
+require_relative 'interesting_files/headers'
+require_relative 'interesting_files/robots_txt'
+require_relative 'interesting_files/fantastico_fileslist'
+require_relative 'interesting_files/search_replace_db_2'
+require_relative 'interesting_files/xml_rpc'
+
+module CMSScanner
+  module Finders
+    # Interesting Files Finder
+    class InterestingFiles
+      include IndependentFinder
+
+      # @param [ CMSScanner::Target ] target
+      def initialize(target)
+        %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
+          finders << NS.const_get("Finders::InterestingFile::#{f}").new(target)
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_files/fantastico_fileslist.rb

@@ -0,0 +1,23 @@
+module CMSScanner
+  module Finders
+    module InterestingFile
+      # FantasticoFileslist finder
+      class FantasticoFileslist < Finder
+        # @return [ String ] The url of the fantastico_fileslist.txt file
+        def url
+          target.url('fantastico_fileslist.txt')
+        end
+
+        # @return [ InterestingFile ]
+        def aggressive(_opts = {})
+          res = NS::Browser.get(url)
+
+          return unless res && res.code == 200 && res.body.length > 0
+          return unless res.headers && res.headers['Content-Type'] =~ /\Atext\/plain/
+
+          NS::FantasticoFileslist.new(url, confidence: 100, found_by: found_by)
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_files/headers.rb

@@ -0,0 +1,15 @@
+module CMSScanner
+  module Finders
+    module InterestingFile
+      # Interesting Headers finder
+      class Headers < Finder
+        # @return [ InterestingFile ]
+        def passive(_opts = {})
+          r = NS::Headers.new(target.url, confidence: 100, found_by: found_by)
+
+          r.interesting_entries.empty? ? nil : r
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_files/robots_txt.rb

@@ -0,0 +1,22 @@
+module CMSScanner
+  module Finders
+    module InterestingFile
+      # Robots.txt finder
+      class RobotsTxt < Finder
+        # @return [ String ] The url of the robots.txt file
+        def url
+          target.url('robots.txt')
+        end
+
+        # @return [ InterestingFile ]
+        def aggressive(_opts = {})
+          res = NS::Browser.get(url)
+
+          return unless res && res.code == 200 && res.body =~ /(?:user-agent|(?:dis)?allow):/i
+
+          NS::RobotsTxt.new(url, confidence: 100, found_by: found_by)
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_files/search_replace_db_2.rb

@@ -0,0 +1,28 @@
+module CMSScanner
+  module Finders
+    module InterestingFile
+      # SearchReplaceDB2 finder
+      class SearchReplaceDB2 < Finder
+        # @return [ String ] The url to the searchreplacedb2 PHP file
+        def url
+          target.url('searchreplacedb2.php')
+        end
+
+        # @return [ InterestingFile ]
+        def aggressive(_opts = {})
+          res = NS::Browser.get(url)
+
+          return unless res && res.code == 200 && res.body =~ /by interconnect/i
+
+          NS::InterestingFile.new(url, confidence: 100,
+                                       found_by: found_by,
+                                       references: references)
+        end
+
+        def references
+          %w(https://interconnectit.com/products/search-and-replace-for-wordpress-databases/)
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_files/xml_rpc.rb

@@ -0,0 +1,62 @@
+module CMSScanner
+  module Finders
+    module InterestingFile
+      # XML RPC finder
+      class XMLRPC < Finder
+        # @return [ Array<String> ] The potential urls to the XMl RPC file
+        def potential_urls
+          @potential_urls ||= []
+        end
+
+        # @return [ Array<XMLRPC> ]
+        def passive(opts = {})
+          [passive_headers(opts), passive_body(opts)].compact
+        end
+
+        # @return [ XMLRPC ]
+        def passive_headers(_opts = {})
+          url = NS::Browser.get(target.url).headers['X-Pingback']
+
+          return unless target.in_scope?(url)
+          potential_urls << url
+
+          NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (passive detection)')
+        end
+
+        # @return [ XMLRPC ]
+        def passive_body(_opts = {})
+          page = Nokogiri::HTML(NS::Browser.get(target.url).body)
+
+          page.css('link[rel="pingback"]').each do |tag|
+            url = tag.attribute('href').to_s
+
+            next unless target.in_scope?(url)
+            potential_urls << url
+
+            return NS::XMLRPC.new(url, confidence: 30,
+                                       found_by: 'Link Tag (passive detection)')
+          end
+          nil
+        end
+
+        # @return [ XMLRPC ]
+        def aggressive(_opts = {})
+          potential_urls << target.url('xmlrpc.php')
+
+          potential_urls.uniq.each do |potential_url|
+            next unless target.in_scope?(potential_url)
+
+            res = NS::Browser.get(potential_url)
+
+            next unless res && res.body =~ /XML-RPC server accepts POST requests only/i
+
+            return NS::XMLRPC.new(potential_url,
+                                  confidence: 100,
+                                  found_by: DIRECT_FILE_ACCESS)
+          end
+          nil
+        end
+      end
+    end
+  end
+end

data/app/formatters.rb

@@ -0,0 +1,3 @@
+require_relative 'formatters/cli'
+require_relative 'formatters/cli_no_colour'
+require_relative 'formatters/json'

data/app/formatters/cli.rb

@@ -0,0 +1,18 @@
+module CMSScanner
+  module Formatter
+    # CLI Formatter
+    class Cli < Base
+      def red(text)
+        colorize(text, 31)
+      end
+
+      def green(text)
+        colorize(text, 32)
+      end
+
+      def colorize(text, color_code)
+        "\e[#{color_code}m#{text}\e[0m"
+      end
+    end
+  end
+end