cms_scanner 0.0.31 → 0.0.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/core.rb +1 -1
- data/app/controllers/core/cli_options.rb +4 -2
- data/app/formatters/cli.rb +33 -0
- data/app/views/cli/core/finished.erb +4 -4
- data/app/views/cli/core/started.erb +2 -2
- data/app/views/cli/interesting_findings/findings.erb +1 -1
- data/app/views/json/core/banner.erb +1 -0
- data/cms_scanner.gemspec +6 -6
- data/lib/cms_scanner.rb +2 -0
- data/lib/cms_scanner/browser.rb +3 -1
- data/lib/cms_scanner/browser/options.rb +5 -4
- data/lib/cms_scanner/controller.rb +14 -0
- data/lib/cms_scanner/finders/same_type_finder.rb +2 -0
- data/lib/cms_scanner/finders/unique_finder.rb +2 -0
- data/lib/cms_scanner/formatter.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- metadata +16 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5e7b45d83448abe095a219641c27db1ccb6c62d3
|
|
4
|
+
data.tar.gz: c0a503b8cb376ce46bd620017e33c72d64b2f439
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1c5889f4ba15eac53f58a60037ee7a28e2c99a95ca8b520c880b0feef81d038817e2bcccefe423dabe3506ee93b7bb9d10bfba53bfc7a4a8dafe809a83ee3005
|
|
7
|
+
data.tar.gz: 0565e658a23e0f67cbb4dff6abfd2cb438277c3cec173c5cdaec40d0a3d1c10e07b05011b0936cb735c31f028c3fd72d8bd25d8146878d1c5a7df6bf62717277
|
data/app/controllers/core.rb
CHANGED
|
@@ -25,7 +25,7 @@ module CMSScanner
|
|
|
25
25
|
fail ProxyAuthRequiredError if target.proxy_auth?
|
|
26
26
|
|
|
27
27
|
redirection = target.redirection
|
|
28
|
-
fail HTTPRedirectError, redirection if redirection
|
|
28
|
+
fail HTTPRedirectError, redirection if redirection && !parsed_options[:ignore_main_redirect]
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
def run
|
|
@@ -7,6 +7,7 @@ module CMSScanner
|
|
|
7
7
|
|
|
8
8
|
[
|
|
9
9
|
OptURL.new(['-u', '--url URL'], required: true, default_protocol: 'http'),
|
|
10
|
+
OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect if any and scan the target url']),
|
|
10
11
|
OptBoolean.new(%w(-v --verbose)),
|
|
11
12
|
OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
|
|
12
13
|
OptChoice.new(['-f', '--format FORMAT',
|
|
@@ -25,6 +26,7 @@ module CMSScanner
|
|
|
25
26
|
def cli_browser_options
|
|
26
27
|
[
|
|
27
28
|
OptString.new(['--user-agent VALUE', '--ua']),
|
|
29
|
+
OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests']),
|
|
28
30
|
OptBoolean.new(['--random-user-agent', '--rua',
|
|
29
31
|
'Use a random user-agent for each scan']),
|
|
30
32
|
OptFilePath.new(['--user-agents-list FILE-PATH',
|
|
@@ -57,7 +59,7 @@ module CMSScanner
|
|
|
57
59
|
OptFilePath.new(['--cookie-jar FILE-PATH', 'File to read and write cookies'],
|
|
58
60
|
writable: true,
|
|
59
61
|
exists: false,
|
|
60
|
-
default: '
|
|
62
|
+
default: File.join(tmp_directory, 'cookie_jar.txt'))
|
|
61
63
|
]
|
|
62
64
|
end
|
|
63
65
|
|
|
@@ -69,7 +71,7 @@ module CMSScanner
|
|
|
69
71
|
OptDirectoryPath.new(['--cache-dir PATH'],
|
|
70
72
|
readable: true,
|
|
71
73
|
writable: true,
|
|
72
|
-
default: '
|
|
74
|
+
default: File.join(tmp_directory, 'cache'))
|
|
73
75
|
]
|
|
74
76
|
end
|
|
75
77
|
end
|
data/app/formatters/cli.rb
CHANGED
|
@@ -2,26 +2,59 @@ module CMSScanner
|
|
|
2
2
|
module Formatter
|
|
3
3
|
# CLI Formatter
|
|
4
4
|
class Cli < Base
|
|
5
|
+
# @return [ String ]
|
|
6
|
+
def info_icon
|
|
7
|
+
green('[+]')
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# @return [ String ]
|
|
11
|
+
def notice_icon
|
|
12
|
+
blue('[i]')
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
# @return [ String ]
|
|
16
|
+
def warning_icon
|
|
17
|
+
amber('[!]')
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# @return [ String ]
|
|
21
|
+
def critical_icon
|
|
22
|
+
red('[!]')
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# @param [ String ] text
|
|
26
|
+
# @return [ String ]
|
|
5
27
|
def bold(text)
|
|
6
28
|
colorize(text, 1)
|
|
7
29
|
end
|
|
8
30
|
|
|
31
|
+
# @param [ String ] text
|
|
32
|
+
# @return [ String ]
|
|
9
33
|
def red(text)
|
|
10
34
|
colorize(text, 31)
|
|
11
35
|
end
|
|
12
36
|
|
|
37
|
+
# @param [ String ] text
|
|
38
|
+
# @return [ String ]
|
|
13
39
|
def green(text)
|
|
14
40
|
colorize(text, 32)
|
|
15
41
|
end
|
|
16
42
|
|
|
43
|
+
# @param [ String ] text
|
|
44
|
+
# @return [ String ]
|
|
17
45
|
def amber(text)
|
|
18
46
|
colorize(text, 33)
|
|
19
47
|
end
|
|
20
48
|
|
|
49
|
+
# @param [ String ] text
|
|
50
|
+
# @return [ String ]
|
|
21
51
|
def blue(text)
|
|
22
52
|
colorize(text, 34)
|
|
23
53
|
end
|
|
24
54
|
|
|
55
|
+
# @param [ String ] text
|
|
56
|
+
# @param [ Integer ] color_code
|
|
57
|
+
# @return [ String ]
|
|
25
58
|
def colorize(text, color_code)
|
|
26
59
|
"\e[#{color_code}m#{text}\e[0m"
|
|
27
60
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
<%=
|
|
2
|
-
<%=
|
|
3
|
-
<%=
|
|
4
|
-
<%=
|
|
1
|
+
<%= info_icon %> Finished: <%= @stop_time.asctime %>
|
|
2
|
+
<%= info_icon %> Requests Done: <%= @requests_done %>
|
|
3
|
+
<%= info_icon %> Memory used: <%= @used_memory.bytes_to_human %>
|
|
4
|
+
<%= info_icon %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
<%=
|
|
2
|
-
<%=
|
|
1
|
+
<%= info_icon %> URL: <%= @url %>
|
|
2
|
+
<%= info_icon %> Started: <%= @start_time.asctime %>
|
|
3
3
|
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Interesting Finding(s):
|
|
3
3
|
<% @findings.each do |finding| -%>
|
|
4
4
|
|
|
5
|
-
<%=
|
|
5
|
+
<%= info_icon %> <%= finding %>
|
|
6
6
|
<%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
|
|
7
7
|
| Found By: <%= finding.found_by %>
|
|
8
8
|
<% if finding.confidence > 0 -%>
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<% # Empty file, the banner should be implemented in each scanner %>
|
data/cms_scanner.gemspec
CHANGED
|
@@ -33,17 +33,17 @@ Gem::Specification.new do |s|
|
|
|
33
33
|
|
|
34
34
|
s.add_dependency 'opt_parse_validator', '~> 0.0.11'
|
|
35
35
|
s.add_dependency 'typhoeus', '~> 0.7'
|
|
36
|
-
s.add_dependency 'nokogiri', '~> 1.6'
|
|
37
|
-
s.add_dependency 'addressable', '~> 2.3'
|
|
36
|
+
s.add_dependency 'nokogiri', '~> 1.6.6'
|
|
37
|
+
s.add_dependency 'addressable', '~> 2.3.8'
|
|
38
38
|
s.add_dependency 'activesupport', '~> 4.2'
|
|
39
39
|
s.add_dependency 'public_suffix', '~> 1.5'
|
|
40
|
-
s.add_dependency 'ruby-progressbar', '~> 1.7'
|
|
40
|
+
s.add_dependency 'ruby-progressbar', '~> 1.7.5'
|
|
41
41
|
|
|
42
|
-
s.add_development_dependency 'rake', '~> 10.4'
|
|
43
|
-
s.add_development_dependency 'rspec', '~> 3.
|
|
42
|
+
s.add_development_dependency 'rake', '~> 10.4.2'
|
|
43
|
+
s.add_development_dependency 'rspec', '~> 3.3'
|
|
44
44
|
s.add_development_dependency 'rspec-its', '~> 1.2'
|
|
45
45
|
s.add_development_dependency 'bundler', '~> 1.6'
|
|
46
|
-
s.add_development_dependency 'rubocop', '~> 0.
|
|
46
|
+
s.add_development_dependency 'rubocop', '~> 0.32'
|
|
47
47
|
s.add_development_dependency 'webmock', '~> 1.21'
|
|
48
48
|
s.add_development_dependency 'simplecov', '~> 0.10'
|
|
49
49
|
end
|
data/lib/cms_scanner.rb
CHANGED
|
@@ -44,10 +44,12 @@ module CMSScanner
|
|
|
44
44
|
self.total_requests += 1 unless response.cached?
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
+
# @return [ Integer ]
|
|
47
48
|
def self.total_requests
|
|
48
49
|
@@total_requests ||= 0
|
|
49
50
|
end
|
|
50
51
|
|
|
52
|
+
# @param [ Integer ]
|
|
51
53
|
def self.total_requests=(value)
|
|
52
54
|
@@total_requests = value
|
|
53
55
|
end
|
data/lib/cms_scanner/browser.rb
CHANGED
|
@@ -57,7 +57,9 @@ module CMSScanner
|
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
params[:proxyauth] = "#{proxy_auth[:username]}:#{proxy_auth[:password]}" if proxy_auth
|
|
60
|
-
params[:userpwd]
|
|
60
|
+
params[:userpwd] = "#{http_auth[:username]}:#{http_auth[:password]}" if http_auth
|
|
61
|
+
|
|
62
|
+
params[:headers].merge!('Host' => vhost) if vhost
|
|
61
63
|
|
|
62
64
|
params
|
|
63
65
|
end
|
|
@@ -8,12 +8,13 @@ module CMSScanner
|
|
|
8
8
|
:connect_timeout,
|
|
9
9
|
:http_auth,
|
|
10
10
|
:max_threads,
|
|
11
|
-
:user_agent,
|
|
12
|
-
:user_agents_list,
|
|
13
11
|
:proxy,
|
|
14
12
|
:proxy_auth,
|
|
15
13
|
:random_user_agent,
|
|
16
|
-
:request_timeout
|
|
14
|
+
:request_timeout,
|
|
15
|
+
:user_agent,
|
|
16
|
+
:user_agents_list,
|
|
17
|
+
:vhost
|
|
17
18
|
]
|
|
18
19
|
|
|
19
20
|
attr_accessor(*OPTIONS)
|
|
@@ -59,7 +60,7 @@ module CMSScanner
|
|
|
59
60
|
|
|
60
61
|
# @return [ String ]
|
|
61
62
|
def default_user_agent
|
|
62
|
-
"
|
|
63
|
+
"#{NS} v#{NS::VERSION}"
|
|
63
64
|
end
|
|
64
65
|
|
|
65
66
|
# @return [ String ] The user agent
|
|
@@ -17,6 +17,15 @@ module CMSScanner
|
|
|
17
17
|
self.class == other.class
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
+
# Reset all the class attibutes
|
|
21
|
+
# Currently only used in specs
|
|
22
|
+
def self.reset
|
|
23
|
+
@@target = nil
|
|
24
|
+
@@parsed_options = nil
|
|
25
|
+
@@datastore = nil
|
|
26
|
+
@@formatter = nil
|
|
27
|
+
end
|
|
28
|
+
|
|
20
29
|
# @return [ Target ]
|
|
21
30
|
def target
|
|
22
31
|
@@target ||= NS::Target.new(parsed_options[:url], parsed_options)
|
|
@@ -66,6 +75,11 @@ module CMSScanner
|
|
|
66
75
|
formatter.user_interaction? && !parsed_options[:output]
|
|
67
76
|
end
|
|
68
77
|
|
|
78
|
+
# @return [ String ]
|
|
79
|
+
def tmp_directory
|
|
80
|
+
File.join('/tmp', NS.to_s.underscore)
|
|
81
|
+
end
|
|
82
|
+
|
|
69
83
|
protected
|
|
70
84
|
|
|
71
85
|
# @param [ String ] tpl
|
|
@@ -128,7 +128,7 @@ module CMSScanner
|
|
|
128
128
|
|
|
129
129
|
# @return [ Array<String> ] The directories to look into for views
|
|
130
130
|
def views_directories
|
|
131
|
-
@views_directories ||= [Pathname.new(
|
|
131
|
+
@views_directories ||= [APP_DIR, NS::APP_DIR].uniq.reduce([]) { |a, e| a << Pathname.new(e).join('views').to_s }
|
|
132
132
|
end
|
|
133
133
|
end
|
|
134
134
|
end
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.32
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-06-
|
|
11
|
+
date: 2015-06-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|
|
@@ -44,28 +44,28 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
47
|
+
version: 1.6.6
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
54
|
+
version: 1.6.6
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: addressable
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 2.3.8
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 2.3.8
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: activesupport
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,42 +100,42 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
103
|
+
version: 1.7.5
|
|
104
104
|
type: :runtime
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 1.7.5
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rake
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version:
|
|
117
|
+
version: 10.4.2
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version:
|
|
124
|
+
version: 10.4.2
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rspec
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: '3.
|
|
131
|
+
version: '3.3'
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: '3.
|
|
138
|
+
version: '3.3'
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: rspec-its
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -170,14 +170,14 @@ dependencies:
|
|
|
170
170
|
requirements:
|
|
171
171
|
- - "~>"
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: '0.
|
|
173
|
+
version: '0.32'
|
|
174
174
|
type: :development
|
|
175
175
|
prerelease: false
|
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
|
178
178
|
- - "~>"
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: '0.
|
|
180
|
+
version: '0.32'
|
|
181
181
|
- !ruby/object:Gem::Dependency
|
|
182
182
|
name: webmock
|
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -246,6 +246,7 @@ files:
|
|
|
246
246
|
- app/views/cli/interesting_findings/findings.erb
|
|
247
247
|
- app/views/cli/scan_aborted.erb
|
|
248
248
|
- app/views/cli/usage.erb
|
|
249
|
+
- app/views/json/core/banner.erb
|
|
249
250
|
- app/views/json/core/finished.erb
|
|
250
251
|
- app/views/json/core/started.erb
|
|
251
252
|
- app/views/json/interesting_findings/findings.erb
|
|
@@ -314,7 +315,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
314
315
|
version: '0'
|
|
315
316
|
requirements: []
|
|
316
317
|
rubyforge_project:
|
|
317
|
-
rubygems_version: 2.4.
|
|
318
|
+
rubygems_version: 2.4.8
|
|
318
319
|
signing_key:
|
|
319
320
|
specification_version: 4
|
|
320
321
|
summary: Experimental CMSScanner
|