cms_scanner 0.0.23 → 0.0.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/core/cli_options.rb +4 -3
- data/app/finders/interesting_findings/fantastico_fileslist.rb +1 -1
- data/app/models/interesting_finding.rb +1 -1
- data/cms_scanner.gemspec +7 -7
- data/lib/cms_scanner/controllers.rb +1 -1
- data/lib/cms_scanner/finders/same_type_finders.rb +1 -4
- data/lib/cms_scanner/formatter.rb +3 -3
- data/lib/cms_scanner/target.rb +1 -1
- data/lib/cms_scanner/target/server/iis.rb +1 -1
- data/lib/cms_scanner/typhoeus/response.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability/references.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6ba0eb7b854b3284b9c15c6ccba0e7435510c0e1
|
4
|
+
data.tar.gz: 61f20c09a8911a41aaf9140f4efb80d14ef527b3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e2c771210af4df78d1b3a99db98c7f05547d46d17816f64eac932918d7875199bc9ea395babf901636bda4ee610691d7888a12de6e34be931ddc5713a98316c
|
7
|
+
data.tar.gz: 2a06183adab57a03f14f699cf2b4d204d4c3fc123bdd509a34f56843edb7e5f8e8d835fcf67d4fdeec52eb36c4c708d9557db21aa01bc9c1ffb900b6c3b0c73c
|
@@ -32,9 +32,10 @@ module CMSScanner
|
|
32
32
|
OptCredentials.new(['--http-auth login:password']),
|
33
33
|
OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
|
34
34
|
default: 5),
|
35
|
-
OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds']
|
36
|
-
|
37
|
-
|
35
|
+
OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
|
36
|
+
default: 60),
|
37
|
+
OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
|
38
|
+
default: 5)
|
38
39
|
] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
|
39
40
|
end
|
40
41
|
|
@@ -13,7 +13,7 @@ module CMSScanner
|
|
13
13
|
res = NS::Browser.get(url)
|
14
14
|
|
15
15
|
return unless res && res.code == 200 && res.body.length > 0
|
16
|
-
return unless res.headers && res.headers['Content-Type'] =~
|
16
|
+
return unless res.headers && res.headers['Content-Type'] =~ %r{\Atext/plain}
|
17
17
|
|
18
18
|
NS::FantasticoFileslist.new(url, confidence: 70, found_by: found_by)
|
19
19
|
end
|
@@ -21,7 +21,7 @@ module CMSScanner
|
|
21
21
|
def entries
|
22
22
|
res = NS::Browser.get(url)
|
23
23
|
|
24
|
-
return [] unless res && res.headers['Content-Type'] =~
|
24
|
+
return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
|
25
25
|
|
26
26
|
res.body.split("\n").reject { |s| s.strip.empty? }
|
27
27
|
end
|
data/cms_scanner.gemspec
CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
|
|
17
17
|
s.license = 'MIT'
|
18
18
|
|
19
19
|
s.files = `git ls-files -z`.split("\x0").reject do |file|
|
20
|
-
file =~
|
20
|
+
file =~ %r{^(?:
|
21
21
|
spec\/.*
|
22
22
|
|Gemfile
|
23
23
|
|Rakefile
|
@@ -25,10 +25,10 @@ Gem::Specification.new do |s|
|
|
25
25
|
|\.gitignore
|
26
26
|
|\.rubocop.yml
|
27
27
|
|\.travis.yml
|
28
|
-
)
|
28
|
+
)$}x
|
29
29
|
end
|
30
30
|
s.test_files = []
|
31
|
-
s.executables = s.files.grep(
|
31
|
+
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
32
32
|
s.require_path = 'lib'
|
33
33
|
|
34
34
|
s.add_dependency 'opt_parse_validator', '~> 0.0.9'
|
@@ -36,14 +36,14 @@ Gem::Specification.new do |s|
|
|
36
36
|
s.add_dependency 'nokogiri', '~> 1.6'
|
37
37
|
s.add_dependency 'addressable', '~> 2.3'
|
38
38
|
s.add_dependency 'activesupport', '~> 4.2'
|
39
|
-
s.add_dependency 'public_suffix', '~> 1.
|
40
|
-
s.add_dependency 'ruby-progressbar', '~> 1.7
|
39
|
+
s.add_dependency 'public_suffix', '~> 1.5'
|
40
|
+
s.add_dependency 'ruby-progressbar', '~> 1.7'
|
41
41
|
|
42
42
|
s.add_development_dependency 'rake', '~> 10.4'
|
43
43
|
s.add_development_dependency 'rspec', '~> 3.2'
|
44
44
|
s.add_development_dependency 'rspec-its', '~> 1.2'
|
45
45
|
s.add_development_dependency 'bundler', '~> 1.6'
|
46
|
-
s.add_development_dependency 'rubocop', '~> 0.
|
47
|
-
s.add_development_dependency 'webmock', '~> 1.
|
46
|
+
s.add_development_dependency 'rubocop', '~> 0.30'
|
47
|
+
s.add_development_dependency 'webmock', '~> 1.21'
|
48
48
|
s.add_development_dependency 'simplecov', '~> 0.9'
|
49
49
|
end
|
@@ -7,8 +7,6 @@ module CMSScanner
|
|
7
7
|
class SameTypeFinders < IndependentFinders
|
8
8
|
# @param [ Hash ] opts
|
9
9
|
# @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
|
10
|
-
# @option opts [ Boolean ] :vulnerable Only return vulnerable findings
|
11
|
-
# (which must respond to :vulnerable?)
|
12
10
|
# @option opts [ Boolean ] :sort Wether or not to sort the findings
|
13
11
|
#
|
14
12
|
# @return [ Findings ]
|
@@ -21,8 +19,7 @@ module CMSScanner
|
|
21
19
|
end
|
22
20
|
end
|
23
21
|
|
24
|
-
findings.
|
25
|
-
findings.sort! if opts[:sort]
|
22
|
+
findings.sort! if opts[:sort]
|
26
23
|
|
27
24
|
findings
|
28
25
|
end
|
@@ -11,7 +11,7 @@ module CMSScanner
|
|
11
11
|
#
|
12
12
|
# @return [ Formatter::Base ]
|
13
13
|
def load(format = nil, custom_views = nil)
|
14
|
-
format
|
14
|
+
format ||= 'cli'
|
15
15
|
custom_views ||= []
|
16
16
|
|
17
17
|
f = const_get(format.gsub(/-/, '_').camelize).new
|
@@ -113,9 +113,9 @@ module CMSScanner
|
|
113
113
|
tpl = "#{controller_name}/#{tpl}"
|
114
114
|
end
|
115
115
|
|
116
|
-
fail "Wrong tpl format: '#{tpl}'" unless tpl =~
|
116
|
+
fail "Wrong tpl format: '#{tpl}'" unless tpl =~ %r{\A[\w/_]+\z}
|
117
117
|
|
118
|
-
views_directories.
|
118
|
+
views_directories.reverse_each do |dir|
|
119
119
|
formats.each do |format|
|
120
120
|
potential_file = File.join(dir, format, "#{tpl}.erb")
|
121
121
|
|
data/lib/cms_scanner/target.rb
CHANGED
@@ -19,7 +19,7 @@ module CMSScanner
|
|
19
19
|
def directory_listing?(path = nil, params = {})
|
20
20
|
res = NS::Browser.get(url(path), params)
|
21
21
|
|
22
|
-
res.code == 200 && res.body =~
|
22
|
+
res.code == 200 && res.body =~ %r{<H1>#{uri.host} - /} ? true : false
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
data/lib/cms_scanner/version.rb
CHANGED
@@ -83,7 +83,7 @@ module CMSScanner
|
|
83
83
|
|
84
84
|
# @return [ String ] The URL to the metasploit module page
|
85
85
|
def msf_url(mod)
|
86
|
-
"http://www.rapid7.com/db/modules/#{mod.sub(
|
86
|
+
"http://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
|
87
87
|
end
|
88
88
|
|
89
89
|
# @return [ Array<String> ] The Packetstormsecurity ID
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.24
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-04-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: opt_parse_validator
|
@@ -86,28 +86,28 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: '1.
|
89
|
+
version: '1.5'
|
90
90
|
type: :runtime
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: '1.
|
96
|
+
version: '1.5'
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: ruby-progressbar
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.7
|
103
|
+
version: '1.7'
|
104
104
|
type: :runtime
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.7
|
110
|
+
version: '1.7'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rake
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -170,28 +170,28 @@ dependencies:
|
|
170
170
|
requirements:
|
171
171
|
- - "~>"
|
172
172
|
- !ruby/object:Gem::Version
|
173
|
-
version: '0.
|
173
|
+
version: '0.30'
|
174
174
|
type: :development
|
175
175
|
prerelease: false
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
177
177
|
requirements:
|
178
178
|
- - "~>"
|
179
179
|
- !ruby/object:Gem::Version
|
180
|
-
version: '0.
|
180
|
+
version: '0.30'
|
181
181
|
- !ruby/object:Gem::Dependency
|
182
182
|
name: webmock
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
184
184
|
requirements:
|
185
185
|
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: '1.
|
187
|
+
version: '1.21'
|
188
188
|
type: :development
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
192
|
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: '1.
|
194
|
+
version: '1.21'
|
195
195
|
- !ruby/object:Gem::Dependency
|
196
196
|
name: simplecov
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|