cms_scanner 0.0.31 → 0.0.32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/core.rb +1 -1
  3. data/app/controllers/core/cli_options.rb +4 -2
  4. data/app/formatters/cli.rb +33 -0
  5. data/app/views/cli/core/finished.erb +4 -4
  6. data/app/views/cli/core/started.erb +2 -2
  7. data/app/views/cli/interesting_findings/findings.erb +1 -1
  8. data/app/views/json/core/banner.erb +1 -0
  9. data/cms_scanner.gemspec +6 -6
  10. data/lib/cms_scanner.rb +2 -0
  11. data/lib/cms_scanner/browser.rb +3 -1
  12. data/lib/cms_scanner/browser/options.rb +5 -4
  13. data/lib/cms_scanner/controller.rb +14 -0
  14. data/lib/cms_scanner/finders/same_type_finder.rb +2 -0
  15. data/lib/cms_scanner/finders/unique_finder.rb +2 -0
  16. data/lib/cms_scanner/formatter.rb +1 -1
  17. data/lib/cms_scanner/version.rb +1 -1
  18. metadata +16 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 262fa29651e85bd873da5de15eddfc52f164b4e1
4
- data.tar.gz: a30d0c63d358be3d8b759229093afeb90a104b8b
3
+ metadata.gz: 5e7b45d83448abe095a219641c27db1ccb6c62d3
4
+ data.tar.gz: c0a503b8cb376ce46bd620017e33c72d64b2f439
5
5
  SHA512:
6
- metadata.gz: 39c20221b8fc77ce4cc06275b3b7c651921044698c5994af60792f09f73c2fecc9159a5ab6bb6f25fe41f7b64f84d0d0d7733ebe19dbacd100f51f4526af9b60
7
- data.tar.gz: 1f3c35697e6a0b8783c6f91765b4a3266a18825ff4fe1797518981705cac6314877ddd9f6652f4bd62ee8205ba8f53f5d034c74e26d9c7958c7b26505a085fc6
6
+ metadata.gz: 1c5889f4ba15eac53f58a60037ee7a28e2c99a95ca8b520c880b0feef81d038817e2bcccefe423dabe3506ee93b7bb9d10bfba53bfc7a4a8dafe809a83ee3005
7
+ data.tar.gz: 0565e658a23e0f67cbb4dff6abfd2cb438277c3cec173c5cdaec40d0a3d1c10e07b05011b0936cb735c31f028c3fd72d8bd25d8146878d1c5a7df6bf62717277
data/app/controllers/core.rb CHANGED
@@ -25,7 +25,7 @@ module CMSScanner
25
25
  fail ProxyAuthRequiredError if target.proxy_auth?
26
26
 
27
27
  redirection = target.redirection
28
- fail HTTPRedirectError, redirection if redirection
28
+ fail HTTPRedirectError, redirection if redirection && !parsed_options[:ignore_main_redirect]
29
29
  end
30
30
 
31
31
  def run
data/app/controllers/core/cli_options.rb CHANGED
@@ -7,6 +7,7 @@ module CMSScanner
7
7
 
8
8
  [
9
9
  OptURL.new(['-u', '--url URL'], required: true, default_protocol: 'http'),
10
+ OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect if any and scan the target url']),
10
11
  OptBoolean.new(%w(-v --verbose)),
11
12
  OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
12
13
  OptChoice.new(['-f', '--format FORMAT',
@@ -25,6 +26,7 @@ module CMSScanner
25
26
  def cli_browser_options
26
27
  [
27
28
  OptString.new(['--user-agent VALUE', '--ua']),
29
+ OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests']),
28
30
  OptBoolean.new(['--random-user-agent', '--rua',
29
31
  'Use a random user-agent for each scan']),
30
32
  OptFilePath.new(['--user-agents-list FILE-PATH',
@@ -57,7 +59,7 @@ module CMSScanner
57
59
  OptFilePath.new(['--cookie-jar FILE-PATH', 'File to read and write cookies'],
58
60
  writable: true,
59
61
  exists: false,
60
- default: '/tmp/cms_scanner/cookie_jar.txt')
62
+ default: File.join(tmp_directory, 'cookie_jar.txt'))
61
63
  ]
62
64
  end
63
65
 
@@ -69,7 +71,7 @@ module CMSScanner
69
71
  OptDirectoryPath.new(['--cache-dir PATH'],
70
72
  readable: true,
71
73
  writable: true,
72
- default: '/tmp/cms_scanner/cache/')
74
+ default: File.join(tmp_directory, 'cache'))
73
75
  ]
74
76
  end
75
77
  end
data/app/formatters/cli.rb CHANGED
@@ -2,26 +2,59 @@ module CMSScanner
2
2
  module Formatter
3
3
  # CLI Formatter
4
4
  class Cli < Base
5
+ # @return [ String ]
6
+ def info_icon
7
+ green('[+]')
8
+ end
9
+
10
+ # @return [ String ]
11
+ def notice_icon
12
+ blue('[i]')
13
+ end
14
+
15
+ # @return [ String ]
16
+ def warning_icon
17
+ amber('[!]')
18
+ end
19
+
20
+ # @return [ String ]
21
+ def critical_icon
22
+ red('[!]')
23
+ end
24
+
25
+ # @param [ String ] text
26
+ # @return [ String ]
5
27
  def bold(text)
6
28
  colorize(text, 1)
7
29
  end
8
30
 
31
+ # @param [ String ] text
32
+ # @return [ String ]
9
33
  def red(text)
10
34
  colorize(text, 31)
11
35
  end
12
36
 
37
+ # @param [ String ] text
38
+ # @return [ String ]
13
39
  def green(text)
14
40
  colorize(text, 32)
15
41
  end
16
42
 
43
+ # @param [ String ] text
44
+ # @return [ String ]
17
45
  def amber(text)
18
46
  colorize(text, 33)
19
47
  end
20
48
 
49
+ # @param [ String ] text
50
+ # @return [ String ]
21
51
  def blue(text)
22
52
  colorize(text, 34)
23
53
  end
24
54
 
55
+ # @param [ String ] text
56
+ # @param [ Integer ] color_code
57
+ # @return [ String ]
25
58
  def colorize(text, color_code)
26
59
  "\e[#{color_code}m#{text}\e[0m"
27
60
  end
data/app/views/cli/core/finished.erb CHANGED
@@ -1,4 +1,4 @@
1
- <%= green('[+]') %> Finished: <%= @stop_time.asctime %>
2
- <%= green('[+]') %> Requests Done: <%= @requests_done %>
3
- <%= green('[+]') %> Memory used: <%= @used_memory.bytes_to_human %>
4
- <%= green('[+]') %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>
1
+ <%= info_icon %> Finished: <%= @stop_time.asctime %>
2
+ <%= info_icon %> Requests Done: <%= @requests_done %>
3
+ <%= info_icon %> Memory used: <%= @used_memory.bytes_to_human %>
4
+ <%= info_icon %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>
data/app/views/cli/core/started.erb CHANGED
@@ -1,3 +1,3 @@
1
- <%= green('[+]') %> URL: <%= @url %>
2
- <%= green('[+]') %> Started: <%= @start_time.asctime %>
1
+ <%= info_icon %> URL: <%= @url %>
2
+ <%= info_icon %> Started: <%= @start_time.asctime %>
3
3
 
data/app/views/cli/interesting_findings/findings.erb CHANGED
@@ -2,7 +2,7 @@
2
2
  Interesting Finding(s):
3
3
  <% @findings.each do |finding| -%>
4
4
 
5
- <%= green('[+]') %> <%= finding %>
5
+ <%= info_icon %> <%= finding %>
6
6
  <%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
7
7
  | Found By: <%= finding.found_by %>
8
8
  <% if finding.confidence > 0 -%>
data/app/views/json/core/banner.erb ADDED
@@ -0,0 +1 @@
1
+ <% # Empty file, the banner should be implemented in each scanner %>
data/cms_scanner.gemspec CHANGED
@@ -33,17 +33,17 @@ Gem::Specification.new do |s|
33
33
 
34
34
  s.add_dependency 'opt_parse_validator', '~> 0.0.11'
35
35
  s.add_dependency 'typhoeus', '~> 0.7'
36
- s.add_dependency 'nokogiri', '~> 1.6'
37
- s.add_dependency 'addressable', '~> 2.3'
36
+ s.add_dependency 'nokogiri', '~> 1.6.6'
37
+ s.add_dependency 'addressable', '~> 2.3.8'
38
38
  s.add_dependency 'activesupport', '~> 4.2'
39
39
  s.add_dependency 'public_suffix', '~> 1.5'
40
- s.add_dependency 'ruby-progressbar', '~> 1.7'
40
+ s.add_dependency 'ruby-progressbar', '~> 1.7.5'
41
41
 
42
- s.add_development_dependency 'rake', '~> 10.4'
43
- s.add_development_dependency 'rspec', '~> 3.2'
42
+ s.add_development_dependency 'rake', '~> 10.4.2'
43
+ s.add_development_dependency 'rspec', '~> 3.3'
44
44
  s.add_development_dependency 'rspec-its', '~> 1.2'
45
45
  s.add_development_dependency 'bundler', '~> 1.6'
46
- s.add_development_dependency 'rubocop', '~> 0.31'
46
+ s.add_development_dependency 'rubocop', '~> 0.32'
47
47
  s.add_development_dependency 'webmock', '~> 1.21'
48
48
  s.add_development_dependency 'simplecov', '~> 0.10'
49
49
  end
data/lib/cms_scanner.rb CHANGED
@@ -44,10 +44,12 @@ module CMSScanner
44
44
  self.total_requests += 1 unless response.cached?
45
45
  end
46
46
 
47
+ # @return [ Integer ]
47
48
  def self.total_requests
48
49
  @@total_requests ||= 0
49
50
  end
50
51
 
52
+ # @param [ Integer ]
51
53
  def self.total_requests=(value)
52
54
  @@total_requests = value
53
55
  end
data/lib/cms_scanner/browser.rb CHANGED
@@ -57,7 +57,9 @@ module CMSScanner
57
57
  end
58
58
 
59
59
  params[:proxyauth] = "#{proxy_auth[:username]}:#{proxy_auth[:password]}" if proxy_auth
60
- params[:userpwd] = "#{http_auth[:username]}:#{http_auth[:password]}" if http_auth
60
+ params[:userpwd] = "#{http_auth[:username]}:#{http_auth[:password]}" if http_auth
61
+
62
+ params[:headers].merge!('Host' => vhost) if vhost
61
63
 
62
64
  params
63
65
  end
data/lib/cms_scanner/browser/options.rb CHANGED
@@ -8,12 +8,13 @@ module CMSScanner
8
8
  :connect_timeout,
9
9
  :http_auth,
10
10
  :max_threads,
11
- :user_agent,
12
- :user_agents_list,
13
11
  :proxy,
14
12
  :proxy_auth,
15
13
  :random_user_agent,
16
- :request_timeout
14
+ :request_timeout,
15
+ :user_agent,
16
+ :user_agents_list,
17
+ :vhost
17
18
  ]
18
19
 
19
20
  attr_accessor(*OPTIONS)
@@ -59,7 +60,7 @@ module CMSScanner
59
60
 
60
61
  # @return [ String ]
61
62
  def default_user_agent
62
- "CMSScanner v#{VERSION}"
63
+ "#{NS} v#{NS::VERSION}"
63
64
  end
64
65
 
65
66
  # @return [ String ] The user agent
data/lib/cms_scanner/controller.rb CHANGED
@@ -17,6 +17,15 @@ module CMSScanner
17
17
  self.class == other.class
18
18
  end
19
19
 
20
+ # Reset all the class attibutes
21
+ # Currently only used in specs
22
+ def self.reset
23
+ @@target = nil
24
+ @@parsed_options = nil
25
+ @@datastore = nil
26
+ @@formatter = nil
27
+ end
28
+
20
29
  # @return [ Target ]
21
30
  def target
22
31
  @@target ||= NS::Target.new(parsed_options[:url], parsed_options)
@@ -66,6 +75,11 @@ module CMSScanner
66
75
  formatter.user_interaction? && !parsed_options[:output]
67
76
  end
68
77
 
78
+ # @return [ String ]
79
+ def tmp_directory
80
+ File.join('/tmp', NS.to_s.underscore)
81
+ end
82
+
69
83
  protected
70
84
 
71
85
  # @param [ String ] tpl
data/lib/cms_scanner/finders/same_type_finder.rb CHANGED
@@ -7,9 +7,11 @@ module CMSScanner
7
7
  include IndependentFinder
8
8
 
9
9
  # @return [ Array ]
10
+ # rubocop:disable Lint/NestedMethodDefinition
10
11
  def finders
11
12
  @finders ||= NS::Finders::SameTypeFinders.new
12
13
  end
14
+ # rubocop:enable all
13
15
  end
14
16
  end
15
17
  end
data/lib/cms_scanner/finders/unique_finder.rb CHANGED
@@ -7,9 +7,11 @@ module CMSScanner
7
7
  include IndependentFinder
8
8
 
9
9
  # @return [ Array ]
10
+ # rubocop:disable Lint/NestedMethodDefinition
10
11
  def finders
11
12
  @finders ||= NS::Finders::UniqueFinders.new
12
13
  end
14
+ # rubocop:enable all
13
15
  end
14
16
  end
15
17
  end
data/lib/cms_scanner/formatter.rb CHANGED
@@ -128,7 +128,7 @@ module CMSScanner
128
128
 
129
129
  # @return [ Array<String> ] The directories to look into for views
130
130
  def views_directories
131
- @views_directories ||= [Pathname.new(APP_DIR).join('views').to_s]
131
+ @views_directories ||= [APP_DIR, NS::APP_DIR].uniq.reduce([]) { |a, e| a << Pathname.new(e).join('views').to_s }
132
132
  end
133
133
  end
134
134
  end
data/lib/cms_scanner/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.31'
3
+ VERSION = '0.0.32'
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.31
4
+ version: 0.0.32
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam - Erwan Le Rousseau
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-01 00:00:00.000000000 Z
11
+ date: 2015-06-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: opt_parse_validator
@@ -44,28 +44,28 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '1.6'
47
+ version: 1.6.6
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '1.6'
54
+ version: 1.6.6
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: addressable
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '2.3'
61
+ version: 2.3.8
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '2.3'
68
+ version: 2.3.8
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: activesupport
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -100,42 +100,42 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '1.7'
103
+ version: 1.7.5
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '1.7'
110
+ version: 1.7.5
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rake
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: '10.4'
117
+ version: 10.4.2
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: '10.4'
124
+ version: 10.4.2
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rspec
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: '3.2'
131
+ version: '3.3'
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: '3.2'
138
+ version: '3.3'
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rspec-its
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: '0.31'
173
+ version: '0.32'
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: '0.31'
180
+ version: '0.32'
181
181
  - !ruby/object:Gem::Dependency
182
182
  name: webmock
183
183
  requirement: !ruby/object:Gem::Requirement
@@ -246,6 +246,7 @@ files:
246
246
  - app/views/cli/interesting_findings/findings.erb
247
247
  - app/views/cli/scan_aborted.erb
248
248
  - app/views/cli/usage.erb
249
+ - app/views/json/core/banner.erb
249
250
  - app/views/json/core/finished.erb
250
251
  - app/views/json/core/started.erb
251
252
  - app/views/json/interesting_findings/findings.erb
@@ -314,7 +315,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
314
315
  version: '0'
315
316
  requirements: []
316
317
  rubyforge_project:
317
- rubygems_version: 2.4.6
318
+ rubygems_version: 2.4.8
318
319
  signing_key:
319
320
  specification_version: 4
320
321
  summary: Experimental CMSScanner