cms_scanner 0.0.33 → 0.0.34
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/headers.rb +2 -2
- data/cms_scanner.gemspec +5 -5
- data/lib/cms_scanner.rb +40 -19
- data/lib/cms_scanner/browser.rb +2 -1
- data/lib/cms_scanner/controller.rb +1 -1
- data/lib/cms_scanner/controllers.rb +12 -0
- data/lib/cms_scanner/finders/independent_finders.rb +21 -4
- data/lib/cms_scanner/finders/same_type_finders.rb +2 -4
- data/lib/cms_scanner/finders/unique_finders.rb +5 -7
- data/lib/cms_scanner/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 452fa0c8c2290b87448608c952c7209f789b9ca2
|
|
4
|
+
data.tar.gz: 5ea8b78419089ff26a041cd62787b785f816a5cb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 16e142c0b57688548e12b6b7e9df53204d40d46ac4dce1c3d27a5bdd7adf8a0af936bb9123dad7d33ca9cb667a3484874797ac339dd5a415a71d89e24721b498
|
|
7
|
+
data.tar.gz: ca319bb0fcaf4c4f207f8aff69ea31a42119be99d68d473d102f224d2cd435d84808c9e00ffce0928d007b9de9341631a1e46919c292a09e6d39e7868d0de769
|
data/app/models/headers.rb
CHANGED
|
@@ -23,8 +23,8 @@ module CMSScanner
|
|
|
23
23
|
# @return [ Array<String> ] Downcased known headers
|
|
24
24
|
def known_headers
|
|
25
25
|
%w(
|
|
26
|
-
age accept-ranges cache-control content-
|
|
27
|
-
keep-alive location last-modified link pragma set-cookie strict-transport-security
|
|
26
|
+
age accept-ranges cache-control content-encoding content-length content-type connection date
|
|
27
|
+
etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
|
|
28
28
|
transfer-encoding vary x-cache x-content-security-policy x-content-type-options
|
|
29
29
|
x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
|
|
30
30
|
x-webkit-csp x-xss-protection
|
data/cms_scanner.gemspec
CHANGED
|
@@ -9,10 +9,10 @@ Gem::Specification.new do |s|
|
|
|
9
9
|
s.version = CMSScanner::VERSION
|
|
10
10
|
s.platform = Gem::Platform::RUBY
|
|
11
11
|
s.required_ruby_version = '>= 2.1.0'
|
|
12
|
-
s.authors = ['WPScanTeam
|
|
13
|
-
s.email = ['
|
|
14
|
-
s.summary = '
|
|
15
|
-
s.description = '
|
|
12
|
+
s.authors = ['WPScanTeam ']
|
|
13
|
+
s.email = ['team@wpscan.org']
|
|
14
|
+
s.summary = 'CMS Scanner Framework (experimental)'
|
|
15
|
+
s.description = 'Framework to provide an easy way to implement CMS Scanners'
|
|
16
16
|
s.homepage = 'https://github.com/wpscanteam/CMSScanner'
|
|
17
17
|
s.license = 'MIT'
|
|
18
18
|
|
|
@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
|
|
|
31
31
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
32
32
|
s.require_path = 'lib'
|
|
33
33
|
|
|
34
|
-
s.add_dependency 'opt_parse_validator', '~> 0.0.
|
|
34
|
+
s.add_dependency 'opt_parse_validator', '~> 0.0.13'
|
|
35
35
|
s.add_dependency 'typhoeus', '~> 0.7'
|
|
36
36
|
s.add_dependency 'nokogiri', '~> 1.6.6'
|
|
37
37
|
s.add_dependency 'addressable', '~> 2.3.8'
|
data/lib/cms_scanner.rb
CHANGED
|
@@ -34,25 +34,42 @@ module CMSScanner
|
|
|
34
34
|
APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
|
|
35
35
|
NS = self
|
|
36
36
|
|
|
37
|
-
def self.included(base)
|
|
38
|
-
remove_const(:NS)
|
|
39
|
-
const_set(:NS, base)
|
|
40
|
-
super(base)
|
|
41
|
-
end
|
|
42
|
-
|
|
43
37
|
# Number of requests performed to display at the end of the scan
|
|
44
38
|
Typhoeus.on_complete do |response|
|
|
45
39
|
self.total_requests += 1 unless response.cached?
|
|
46
40
|
end
|
|
47
41
|
|
|
48
|
-
#
|
|
49
|
-
|
|
50
|
-
|
|
42
|
+
# Module to be able to use these class methods when the CMSScanner
|
|
43
|
+
# is included in another module
|
|
44
|
+
module ClassMethods
|
|
45
|
+
# @return [ Integer ]
|
|
46
|
+
def total_requests
|
|
47
|
+
@@total_requests ||= 0
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# @param [ Integer ]
|
|
51
|
+
def total_requests=(value)
|
|
52
|
+
@@total_requests = value
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# The lowercase name of the scanner
|
|
56
|
+
# Mainly used in directory paths like the default cookie-jar file and
|
|
57
|
+
# path to load the cli options from files
|
|
58
|
+
#
|
|
59
|
+
# @return [ String ]
|
|
60
|
+
def app_name
|
|
61
|
+
to_s.underscore
|
|
62
|
+
end
|
|
51
63
|
end
|
|
52
64
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
65
|
+
extend ClassMethods
|
|
66
|
+
|
|
67
|
+
def self.included(base)
|
|
68
|
+
remove_const(:NS)
|
|
69
|
+
const_set(:NS, base)
|
|
70
|
+
|
|
71
|
+
base.extend(ClassMethods)
|
|
72
|
+
super(base)
|
|
56
73
|
end
|
|
57
74
|
|
|
58
75
|
# Scan
|
|
@@ -106,13 +123,7 @@ module CMSScanner
|
|
|
106
123
|
# depending on the findings / errors
|
|
107
124
|
def exit_hook
|
|
108
125
|
at_exit do
|
|
109
|
-
if run_error
|
|
110
|
-
exit(NS::ExitCode::CLI_OPTION_ERROR) if run_error.is_a?(OptParseValidator::Error) ||
|
|
111
|
-
run_error.is_a?(OptionParser::ParseError)
|
|
112
|
-
|
|
113
|
-
exit(NS::ExitCode::INTERRUPTED) if run_error.is_a?(Interrupt)
|
|
114
|
-
exit(NS::ExitCode::ERROR)
|
|
115
|
-
end
|
|
126
|
+
exit(run_error_exit_code) if run_error
|
|
116
127
|
|
|
117
128
|
controller = controllers.first
|
|
118
129
|
|
|
@@ -121,6 +132,16 @@ module CMSScanner
|
|
|
121
132
|
exit(NS::ExitCode::OK)
|
|
122
133
|
end
|
|
123
134
|
end
|
|
135
|
+
|
|
136
|
+
# @return [ Integer ] The exit code related to the run_error
|
|
137
|
+
def run_error_exit_code
|
|
138
|
+
return NS::ExitCode::CLI_OPTION_ERROR if run_error.is_a?(OptParseValidator::Error) ||
|
|
139
|
+
run_error.is_a?(OptionParser::ParseError)
|
|
140
|
+
|
|
141
|
+
return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
|
|
142
|
+
|
|
143
|
+
NS::ExitCode::ERROR
|
|
144
|
+
end
|
|
124
145
|
end
|
|
125
146
|
end
|
|
126
147
|
|
data/lib/cms_scanner/browser.rb
CHANGED
|
@@ -45,7 +45,8 @@ module CMSScanner
|
|
|
45
45
|
# @return [ Hash ]
|
|
46
46
|
def default_request_params
|
|
47
47
|
params = {
|
|
48
|
-
|
|
48
|
+
# Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
|
|
49
|
+
ssl_verifypeer: false, ssl_verifyhost: 0,
|
|
49
50
|
headers: { 'User-Agent' => user_agent },
|
|
50
51
|
accept_encoding: 'gzip, deflate',
|
|
51
52
|
method: :get
|
|
@@ -3,8 +3,20 @@ module CMSScanner
|
|
|
3
3
|
class Controllers < Array
|
|
4
4
|
attr_reader :option_parser
|
|
5
5
|
|
|
6
|
+
# @param [ OptParsevalidator::OptParser ] options_parser
|
|
6
7
|
def initialize(option_parser = OptParseValidator::OptParser.new(nil, 40))
|
|
7
8
|
@option_parser = option_parser
|
|
9
|
+
|
|
10
|
+
register_options_files
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# Adds the potential option file paths to the option_parser
|
|
14
|
+
def register_options_files
|
|
15
|
+
[Dir.home, Dir.pwd].each do |dir|
|
|
16
|
+
option_parser.options_files.supported_extensions.each do |ext|
|
|
17
|
+
@option_parser.options_files << File.join(dir, ".#{NS.app_name}", "cli_options.#{ext}")
|
|
18
|
+
end
|
|
19
|
+
end
|
|
8
20
|
end
|
|
9
21
|
|
|
10
22
|
# @param [ Controller::Base ] controller
|
|
@@ -19,15 +19,15 @@ module CMSScanner
|
|
|
19
19
|
|
|
20
20
|
each do |finder|
|
|
21
21
|
methods.each do |symbol|
|
|
22
|
-
|
|
23
|
-
findings << found
|
|
24
|
-
end
|
|
22
|
+
run_finder(finder, symbol, opts)
|
|
25
23
|
end
|
|
26
24
|
end
|
|
27
25
|
|
|
28
|
-
|
|
26
|
+
filter_findings
|
|
29
27
|
end
|
|
30
28
|
|
|
29
|
+
protected
|
|
30
|
+
|
|
31
31
|
# @param [ Symbol ] mode :mixed, :passive or :aggressive
|
|
32
32
|
# @return [ Array<Symbol> ] The symbols to call for the mode
|
|
33
33
|
def symbols_from_mode(mode)
|
|
@@ -36,6 +36,23 @@ module CMSScanner
|
|
|
36
36
|
return symbols if mode.nil? || mode == :mixed
|
|
37
37
|
symbols.include?(mode) ? [*mode] : []
|
|
38
38
|
end
|
|
39
|
+
|
|
40
|
+
# @param [ CMSScanner::Finders::Finder ] finder
|
|
41
|
+
# @param [ Symbol ] symbol See return values of #symbols_from_mode
|
|
42
|
+
# @param [ Hash ] opts
|
|
43
|
+
def run_finder(finder, symbol, opts)
|
|
44
|
+
[*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
|
|
45
|
+
findings << found
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
# Allow child classes to filter the findings, such as return the best one
|
|
50
|
+
# or remove the low confidence ones.
|
|
51
|
+
#
|
|
52
|
+
# @return [ Findings ]
|
|
53
|
+
def filter_findings
|
|
54
|
+
findings
|
|
55
|
+
end
|
|
39
56
|
end
|
|
40
57
|
end
|
|
41
58
|
end
|
|
@@ -13,15 +13,13 @@ module CMSScanner
|
|
|
13
13
|
def run(opts = {})
|
|
14
14
|
symbols_from_mode(opts[:mode]).each do |symbol|
|
|
15
15
|
each do |finder|
|
|
16
|
-
|
|
17
|
-
findings << found
|
|
18
|
-
end
|
|
16
|
+
run_finder(finder, symbol, opts)
|
|
19
17
|
end
|
|
20
18
|
end
|
|
21
19
|
|
|
22
20
|
findings.sort! if opts[:sort]
|
|
23
21
|
|
|
24
|
-
|
|
22
|
+
filter_findings
|
|
25
23
|
end
|
|
26
24
|
end
|
|
27
25
|
end
|
|
@@ -19,9 +19,7 @@ module CMSScanner
|
|
|
19
19
|
|
|
20
20
|
symbols_from_mode(opts[:mode]).each do |symbol|
|
|
21
21
|
each do |finder|
|
|
22
|
-
|
|
23
|
-
findings << found
|
|
24
|
-
end
|
|
22
|
+
run_finder(finder, symbol, opts)
|
|
25
23
|
|
|
26
24
|
next if opts[:confidence_threshold] <= 0
|
|
27
25
|
|
|
@@ -29,13 +27,13 @@ module CMSScanner
|
|
|
29
27
|
end
|
|
30
28
|
end
|
|
31
29
|
|
|
32
|
-
|
|
30
|
+
filter_findings
|
|
33
31
|
end
|
|
34
32
|
|
|
35
|
-
|
|
36
|
-
|
|
33
|
+
protected
|
|
34
|
+
|
|
37
35
|
# @return [ Object, false ] The best finding or false if none
|
|
38
|
-
def
|
|
36
|
+
def filter_findings
|
|
39
37
|
# results are sorted by confidence ASC
|
|
40
38
|
findings.sort_by!(&:confidence)
|
|
41
39
|
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.34
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
- WPScanTeam
|
|
7
|
+
- 'WPScanTeam '
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.0.
|
|
19
|
+
version: 0.0.13
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.0.
|
|
26
|
+
version: 0.0.13
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: typhoeus
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,9 +206,9 @@ dependencies:
|
|
|
206
206
|
- - "~>"
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0.10'
|
|
209
|
-
description:
|
|
209
|
+
description: Framework to provide an easy way to implement CMS Scanners
|
|
210
210
|
email:
|
|
211
|
-
-
|
|
211
|
+
- team@wpscan.org
|
|
212
212
|
executables: []
|
|
213
213
|
extensions: []
|
|
214
214
|
extra_rdoc_files: []
|
|
@@ -319,6 +319,6 @@ rubyforge_project:
|
|
|
319
319
|
rubygems_version: 2.4.8
|
|
320
320
|
signing_key:
|
|
321
321
|
specification_version: 4
|
|
322
|
-
summary:
|
|
322
|
+
summary: CMS Scanner Framework (experimental)
|
|
323
323
|
test_files: []
|
|
324
324
|
has_rdoc:
|