cms_scanner 0.0.28 → 0.0.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/finders/interesting_findings/xml_rpc.rb +2 -2
- data/lib/cms_scanner/browser.rb +1 -1
- data/lib/cms_scanner/target.rb +30 -0
- data/lib/cms_scanner/target/scope.rb +5 -13
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability/references.rb +22 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 441069f2ffae8a62a08841e3361ea5461d5c38cd
|
|
4
|
+
data.tar.gz: 7fefe3f58187c7ad841d7e737e27ddf62adc9bc9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f57bedae28d9c4fae20faa71d44f10e87ccdeda7114a49763508fa973569db20313525ec6d60fb64ce5c2c09b86b2ab61c5e636d1ca22ce981246d064b7362e2
|
|
7
|
+
data.tar.gz: a567650f2e688d00f0414ed425db25446ca3d9e33bf8b4ef43b517e66c6396eb466788b006bde0698d3119494aa9921ea28364f9f87164b6bef9871f11adc07c
|
|
@@ -20,7 +20,7 @@ module CMSScanner
|
|
|
20
20
|
return unless target.in_scope?(url)
|
|
21
21
|
potential_urls << url
|
|
22
22
|
|
|
23
|
-
NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (
|
|
23
|
+
NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)')
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
# @return [ XMLRPC ]
|
|
@@ -32,7 +32,7 @@ module CMSScanner
|
|
|
32
32
|
potential_urls << url
|
|
33
33
|
|
|
34
34
|
return NS::XMLRPC.new(url, confidence: 30,
|
|
35
|
-
found_by: 'Link Tag (
|
|
35
|
+
found_by: 'Link Tag (Passive Detection)')
|
|
36
36
|
end
|
|
37
37
|
nil
|
|
38
38
|
end
|
data/lib/cms_scanner/browser.rb
CHANGED
|
@@ -38,7 +38,7 @@ module CMSScanner
|
|
|
38
38
|
def default_request_params
|
|
39
39
|
params = {
|
|
40
40
|
ssl_verifypeer: false, ssl_verifyhost: 2, # Disable SSL-Certificate checks
|
|
41
|
-
headers: { 'User-Agent' => user_agent },
|
|
41
|
+
headers: { 'Accept-Encoding' => 'gzip, deflate', 'User-Agent' => user_agent },
|
|
42
42
|
method: :get
|
|
43
43
|
}
|
|
44
44
|
|
data/lib/cms_scanner/target.rb
CHANGED
|
@@ -45,5 +45,35 @@ module CMSScanner
|
|
|
45
45
|
|
|
46
46
|
matches
|
|
47
47
|
end
|
|
48
|
+
|
|
49
|
+
# @param [ Typhoeus::Response, String ] page
|
|
50
|
+
# @param [ String ] xpath
|
|
51
|
+
# @param [ Array<String> ] attributes
|
|
52
|
+
#
|
|
53
|
+
# @yield [ String, Nokogiri::XML::Element ] The url and its associated tag
|
|
54
|
+
#
|
|
55
|
+
# @return [ Array<String> ] The absolute URLs detected in the response's body from the HTML tags
|
|
56
|
+
def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
|
|
57
|
+
page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
|
|
58
|
+
found = []
|
|
59
|
+
|
|
60
|
+
page.html.xpath(xpath).each do |tag|
|
|
61
|
+
attributes.each do |attribute|
|
|
62
|
+
attr_value = tag[attribute]
|
|
63
|
+
|
|
64
|
+
next unless attr_value && !attr_value.empty?
|
|
65
|
+
|
|
66
|
+
tag_uri = uri.join(attr_value.strip) rescue next
|
|
67
|
+
|
|
68
|
+
next unless tag_uri.host
|
|
69
|
+
|
|
70
|
+
yield tag_uri.to_s, tag if block_given? && !found.include?(tag_uri.to_s)
|
|
71
|
+
|
|
72
|
+
found << tag_uri.to_s
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
found.uniq
|
|
77
|
+
end
|
|
48
78
|
end
|
|
49
79
|
end
|
|
@@ -25,23 +25,15 @@ module CMSScanner
|
|
|
25
25
|
def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
|
|
26
26
|
found = []
|
|
27
27
|
|
|
28
|
-
res
|
|
29
|
-
|
|
30
|
-
attr_value = tag[attribute]
|
|
28
|
+
urls_from_page(res, xpath, attributes) do |url, tag|
|
|
29
|
+
next unless in_scope?(url)
|
|
31
30
|
|
|
32
|
-
|
|
31
|
+
yield url, tag if block_given?
|
|
33
32
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
next unless in_scope?(url)
|
|
37
|
-
|
|
38
|
-
yield url, tag if block_given? && !found.include?(url)
|
|
39
|
-
|
|
40
|
-
found << url
|
|
41
|
-
end
|
|
33
|
+
found << url
|
|
42
34
|
end
|
|
43
35
|
|
|
44
|
-
found
|
|
36
|
+
found
|
|
45
37
|
end
|
|
46
38
|
|
|
47
39
|
# Scope Implementation
|
data/lib/cms_scanner/version.rb
CHANGED
|
@@ -3,7 +3,8 @@ module CMSScanner
|
|
|
3
3
|
class Vulnerability
|
|
4
4
|
# @return [ Array<String> ] All the references URLs
|
|
5
5
|
def references_urls
|
|
6
|
-
cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls +
|
|
6
|
+
cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls +
|
|
7
|
+
packetstorm_urls + securityfocus_urls
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
# @return [ Array<String> ] The CVEs
|
|
@@ -18,7 +19,7 @@ module CMSScanner
|
|
|
18
19
|
|
|
19
20
|
# @return [ String ] The URL to the CVE
|
|
20
21
|
def cve_url(cve)
|
|
21
|
-
"
|
|
22
|
+
"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-#{cve}"
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
# @return [ Array<String> ] The Secunia IDs
|
|
@@ -33,7 +34,7 @@ module CMSScanner
|
|
|
33
34
|
|
|
34
35
|
# @return [ String ] The URL to the Secunia advisory
|
|
35
36
|
def secunia_url(id)
|
|
36
|
-
"https://secunia.com/advisories/#{id}"
|
|
37
|
+
"https://secunia.com/advisories/#{id}/"
|
|
37
38
|
end
|
|
38
39
|
|
|
39
40
|
# @return [ Array<String> ] The OSVDB IDs
|
|
@@ -48,7 +49,7 @@ module CMSScanner
|
|
|
48
49
|
|
|
49
50
|
# @return [ String ] The URL to the ExploitDB advisory
|
|
50
51
|
def osvdb_url(id)
|
|
51
|
-
"http://osvdb.org/#{id}"
|
|
52
|
+
"http://osvdb.org/show/osvdb/#{id}"
|
|
52
53
|
end
|
|
53
54
|
|
|
54
55
|
# @return [ Array<String> ] The ExploitDB ID
|
|
@@ -83,10 +84,10 @@ module CMSScanner
|
|
|
83
84
|
|
|
84
85
|
# @return [ String ] The URL to the metasploit module page
|
|
85
86
|
def msf_url(mod)
|
|
86
|
-
"
|
|
87
|
+
"https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
|
|
87
88
|
end
|
|
88
89
|
|
|
89
|
-
# @return [ Array<String> ] The Packetstormsecurity
|
|
90
|
+
# @return [ Array<String> ] The Packetstormsecurity IDs
|
|
90
91
|
def packetstorm_ids
|
|
91
92
|
@packetstorm_ids ||= [*references[:packetstorm]].map(&:to_s)
|
|
92
93
|
end
|
|
@@ -100,5 +101,20 @@ module CMSScanner
|
|
|
100
101
|
def packetstorm_url(id)
|
|
101
102
|
"http://packetstormsecurity.com/files/#{id}/"
|
|
102
103
|
end
|
|
104
|
+
|
|
105
|
+
# @return [ Array<String> ] The Security Focus IDs
|
|
106
|
+
def securityfocus_ids
|
|
107
|
+
@securityfocus_ids ||= [*references[:securityfocus]].map(&:to_s)
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
# @return [ Array<String> ]
|
|
111
|
+
def securityfocus_urls
|
|
112
|
+
securityfocus_ids.reduce([]) { |a, e| a << securityfocus_url(e) }
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
# @return [ String ]
|
|
116
|
+
def securityfocus_url(id)
|
|
117
|
+
"http://www.securityfocus.com/bid/#{id}/"
|
|
118
|
+
end
|
|
103
119
|
end
|
|
104
120
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.29
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-05-
|
|
11
|
+
date: 2015-05-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|