cms_scanner 0.0.28 → 0.0.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/finders/interesting_findings/xml_rpc.rb +2 -2
- data/lib/cms_scanner/browser.rb +1 -1
- data/lib/cms_scanner/target.rb +30 -0
- data/lib/cms_scanner/target/scope.rb +5 -13
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability/references.rb +22 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 441069f2ffae8a62a08841e3361ea5461d5c38cd
|
|
4
|
+
data.tar.gz: 7fefe3f58187c7ad841d7e737e27ddf62adc9bc9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f57bedae28d9c4fae20faa71d44f10e87ccdeda7114a49763508fa973569db20313525ec6d60fb64ce5c2c09b86b2ab61c5e636d1ca22ce981246d064b7362e2
|
|
7
|
+
data.tar.gz: a567650f2e688d00f0414ed425db25446ca3d9e33bf8b4ef43b517e66c6396eb466788b006bde0698d3119494aa9921ea28364f9f87164b6bef9871f11adc07c
|
|
@@ -20,7 +20,7 @@ module CMSScanner
|
|
|
20
20
|
return unless target.in_scope?(url)
|
|
21
21
|
potential_urls << url
|
|
22
22
|
|
|
23
|
-
NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (
|
|
23
|
+
NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)')
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
# @return [ XMLRPC ]
|
|
@@ -32,7 +32,7 @@ module CMSScanner
|
|
|
32
32
|
potential_urls << url
|
|
33
33
|
|
|
34
34
|
return NS::XMLRPC.new(url, confidence: 30,
|
|
35
|
-
found_by: 'Link Tag (
|
|
35
|
+
found_by: 'Link Tag (Passive Detection)')
|
|
36
36
|
end
|
|
37
37
|
nil
|
|
38
38
|
end
|
data/lib/cms_scanner/browser.rb
CHANGED
|
@@ -38,7 +38,7 @@ module CMSScanner
|
|
|
38
38
|
def default_request_params
|
|
39
39
|
params = {
|
|
40
40
|
ssl_verifypeer: false, ssl_verifyhost: 2, # Disable SSL-Certificate checks
|
|
41
|
-
headers: { 'User-Agent' => user_agent },
|
|
41
|
+
headers: { 'Accept-Encoding' => 'gzip, deflate', 'User-Agent' => user_agent },
|
|
42
42
|
method: :get
|
|
43
43
|
}
|
|
44
44
|
|
data/lib/cms_scanner/target.rb
CHANGED
|
@@ -45,5 +45,35 @@ module CMSScanner
|
|
|
45
45
|
|
|
46
46
|
matches
|
|
47
47
|
end
|
|
48
|
+
|
|
49
|
+
# @param [ Typhoeus::Response, String ] page
|
|
50
|
+
# @param [ String ] xpath
|
|
51
|
+
# @param [ Array<String> ] attributes
|
|
52
|
+
#
|
|
53
|
+
# @yield [ String, Nokogiri::XML::Element ] The url and its associated tag
|
|
54
|
+
#
|
|
55
|
+
# @return [ Array<String> ] The absolute URLs detected in the response's body from the HTML tags
|
|
56
|
+
def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
|
|
57
|
+
page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
|
|
58
|
+
found = []
|
|
59
|
+
|
|
60
|
+
page.html.xpath(xpath).each do |tag|
|
|
61
|
+
attributes.each do |attribute|
|
|
62
|
+
attr_value = tag[attribute]
|
|
63
|
+
|
|
64
|
+
next unless attr_value && !attr_value.empty?
|
|
65
|
+
|
|
66
|
+
tag_uri = uri.join(attr_value.strip) rescue next
|
|
67
|
+
|
|
68
|
+
next unless tag_uri.host
|
|
69
|
+
|
|
70
|
+
yield tag_uri.to_s, tag if block_given? && !found.include?(tag_uri.to_s)
|
|
71
|
+
|
|
72
|
+
found << tag_uri.to_s
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
found.uniq
|
|
77
|
+
end
|
|
48
78
|
end
|
|
49
79
|
end
|
|
@@ -25,23 +25,15 @@ module CMSScanner
|
|
|
25
25
|
def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
|
|
26
26
|
found = []
|
|
27
27
|
|
|
28
|
-
res
|
|
29
|
-
|
|
30
|
-
attr_value = tag[attribute]
|
|
28
|
+
urls_from_page(res, xpath, attributes) do |url, tag|
|
|
29
|
+
next unless in_scope?(url)
|
|
31
30
|
|
|
32
|
-
|
|
31
|
+
yield url, tag if block_given?
|
|
33
32
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
next unless in_scope?(url)
|
|
37
|
-
|
|
38
|
-
yield url, tag if block_given? && !found.include?(url)
|
|
39
|
-
|
|
40
|
-
found << url
|
|
41
|
-
end
|
|
33
|
+
found << url
|
|
42
34
|
end
|
|
43
35
|
|
|
44
|
-
found
|
|
36
|
+
found
|
|
45
37
|
end
|
|
46
38
|
|
|
47
39
|
# Scope Implementation
|
data/lib/cms_scanner/version.rb
CHANGED
|
@@ -3,7 +3,8 @@ module CMSScanner
|
|
|
3
3
|
class Vulnerability
|
|
4
4
|
# @return [ Array<String> ] All the references URLs
|
|
5
5
|
def references_urls
|
|
6
|
-
cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls +
|
|
6
|
+
cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls +
|
|
7
|
+
packetstorm_urls + securityfocus_urls
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
# @return [ Array<String> ] The CVEs
|
|
@@ -18,7 +19,7 @@ module CMSScanner
|
|
|
18
19
|
|
|
19
20
|
# @return [ String ] The URL to the CVE
|
|
20
21
|
def cve_url(cve)
|
|
21
|
-
"
|
|
22
|
+
"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-#{cve}"
|
|
22
23
|
end
|
|
23
24
|
|
|
24
25
|
# @return [ Array<String> ] The Secunia IDs
|
|
@@ -33,7 +34,7 @@ module CMSScanner
|
|
|
33
34
|
|
|
34
35
|
# @return [ String ] The URL to the Secunia advisory
|
|
35
36
|
def secunia_url(id)
|
|
36
|
-
"https://secunia.com/advisories/#{id}"
|
|
37
|
+
"https://secunia.com/advisories/#{id}/"
|
|
37
38
|
end
|
|
38
39
|
|
|
39
40
|
# @return [ Array<String> ] The OSVDB IDs
|
|
@@ -48,7 +49,7 @@ module CMSScanner
|
|
|
48
49
|
|
|
49
50
|
# @return [ String ] The URL to the ExploitDB advisory
|
|
50
51
|
def osvdb_url(id)
|
|
51
|
-
"http://osvdb.org/#{id}"
|
|
52
|
+
"http://osvdb.org/show/osvdb/#{id}"
|
|
52
53
|
end
|
|
53
54
|
|
|
54
55
|
# @return [ Array<String> ] The ExploitDB ID
|
|
@@ -83,10 +84,10 @@ module CMSScanner
|
|
|
83
84
|
|
|
84
85
|
# @return [ String ] The URL to the metasploit module page
|
|
85
86
|
def msf_url(mod)
|
|
86
|
-
"
|
|
87
|
+
"https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
|
|
87
88
|
end
|
|
88
89
|
|
|
89
|
-
# @return [ Array<String> ] The Packetstormsecurity
|
|
90
|
+
# @return [ Array<String> ] The Packetstormsecurity IDs
|
|
90
91
|
def packetstorm_ids
|
|
91
92
|
@packetstorm_ids ||= [*references[:packetstorm]].map(&:to_s)
|
|
92
93
|
end
|
|
@@ -100,5 +101,20 @@ module CMSScanner
|
|
|
100
101
|
def packetstorm_url(id)
|
|
101
102
|
"http://packetstormsecurity.com/files/#{id}/"
|
|
102
103
|
end
|
|
104
|
+
|
|
105
|
+
# @return [ Array<String> ] The Security Focus IDs
|
|
106
|
+
def securityfocus_ids
|
|
107
|
+
@securityfocus_ids ||= [*references[:securityfocus]].map(&:to_s)
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
# @return [ Array<String> ]
|
|
111
|
+
def securityfocus_urls
|
|
112
|
+
securityfocus_ids.reduce([]) { |a, e| a << securityfocus_url(e) }
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
# @return [ String ]
|
|
116
|
+
def securityfocus_url(id)
|
|
117
|
+
"http://www.securityfocus.com/bid/#{id}/"
|
|
118
|
+
end
|
|
103
119
|
end
|
|
104
120
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.29
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-05-
|
|
11
|
+
date: 2015-05-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|