cms_scanner 0.0.34 → 0.0.35
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/finders/interesting_findings/search_replace_db_2.rb +1 -1
- data/app/models/fantastico_fileslist.rb +1 -1
- data/app/views/cli/interesting_findings/findings.erb +1 -1
- data/cms_scanner.gemspec +1 -1
- data/lib/cms_scanner/finders/finding.rb +7 -6
- data/lib/cms_scanner/{vulnerability/references.rb → references.rb} +29 -10
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/vulnerability.rb +9 -6
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 49d944ff5035f864246c90eb6044bdb6064e96e2
|
4
|
+
data.tar.gz: cba3e1cb7d04fd52896abf993fa65566d326bbee
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: be3c89a67f52b7311cfb50e3008244fc9a8d8c4a0edb95194cc5973380deae385d9d5cd6fca207724a8450eff39e2137dd663ba8e8ebf7328e0e3812a6860167
|
7
|
+
data.tar.gz: d87566916dd0aba9415eda327b1ade9fe4724c1b5e826450ad085c189e170846fd65b0ddd3a500ba814cadb18785c30d4720f0366f4ae5b5637aa724d98c967f
|
@@ -18,6 +18,6 @@ Interesting Finding(s):
|
|
18
18
|
<% end -%>
|
19
19
|
<% end -%>
|
20
20
|
<% end -%>
|
21
|
-
<%= render('_array', a: finding.
|
21
|
+
<%= render('_array', a: finding.references_urls, s: 'Reference', p: 'References') -%>
|
22
22
|
<% end -%>
|
23
23
|
<% end %>
|
data/cms_scanner.gemspec
CHANGED
@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
|
|
9
9
|
s.version = CMSScanner::VERSION
|
10
10
|
s.platform = Gem::Platform::RUBY
|
11
11
|
s.required_ruby_version = '>= 2.1.0'
|
12
|
-
s.authors = ['WPScanTeam
|
12
|
+
s.authors = ['WPScanTeam']
|
13
13
|
s.email = ['team@wpscan.org']
|
14
14
|
s.summary = 'CMS Scanner Framework (experimental)'
|
15
15
|
s.description = 'Framework to provide an easy way to implement CMS Scanners'
|
@@ -1,16 +1,18 @@
|
|
1
|
+
require 'cms_scanner/references'
|
2
|
+
|
1
3
|
module CMSScanner
|
2
4
|
module Finders
|
3
5
|
# Finding
|
4
6
|
module Finding
|
7
|
+
# Fix for "Double/Dynamic Inclusion Problem"
|
8
|
+
def self.included(base)
|
9
|
+
base.send(:include, References)
|
10
|
+
end
|
11
|
+
|
5
12
|
FINDING_OPTS = [:confidence, :confirmed_by, :references, :found_by, :interesting_entries]
|
6
13
|
|
7
14
|
attr_accessor(*FINDING_OPTS)
|
8
15
|
|
9
|
-
# @return [ Array ]
|
10
|
-
def references
|
11
|
-
@references ||= []
|
12
|
-
end
|
13
|
-
|
14
16
|
# @return [ Array ]
|
15
17
|
def confirmed_by
|
16
18
|
@confirmed_by ||= []
|
@@ -33,7 +35,6 @@ module CMSScanner
|
|
33
35
|
end
|
34
36
|
|
35
37
|
# @param [ Hash ] opts
|
36
|
-
# TODO: Maybe use instance_variable_set ?
|
37
38
|
def parse_finding_options(opts = {})
|
38
39
|
FINDING_OPTS.each { |opt| send("#{opt}=", opts[opt]) if opts.key?(opt) }
|
39
40
|
end
|
@@ -1,6 +1,25 @@
|
|
1
1
|
module CMSScanner
|
2
|
-
# References related to the
|
3
|
-
|
2
|
+
# References related to the issue
|
3
|
+
module References
|
4
|
+
# @return [ Array<Symbol> ]
|
5
|
+
def references_keys
|
6
|
+
[:cve, :secunia, :osvdb, :exploitdb, :url, :metasploit, :packetstorm, :securityfocus]
|
7
|
+
end
|
8
|
+
|
9
|
+
# @param [ Hash ] refs
|
10
|
+
def references=(refs)
|
11
|
+
@references = {}
|
12
|
+
|
13
|
+
references_keys.each do |key|
|
14
|
+
@references[key] = [*refs[key]].map(&:to_s) if refs.key?(key)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
# @return [ Hash ]
|
19
|
+
def references
|
20
|
+
@references ||= {}
|
21
|
+
end
|
22
|
+
|
4
23
|
# @return [ Array<String> ] All the references URLs
|
5
24
|
def references_urls
|
6
25
|
cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls +
|
@@ -9,7 +28,7 @@ module CMSScanner
|
|
9
28
|
|
10
29
|
# @return [ Array<String> ] The CVEs
|
11
30
|
def cves
|
12
|
-
@cve ||=
|
31
|
+
@cve ||= references[:cve] || []
|
13
32
|
end
|
14
33
|
|
15
34
|
# @return [ Array<String> ]
|
@@ -24,7 +43,7 @@ module CMSScanner
|
|
24
43
|
|
25
44
|
# @return [ Array<String> ] The Secunia IDs
|
26
45
|
def secunia_ids
|
27
|
-
@secunia_ids ||=
|
46
|
+
@secunia_ids ||= references[:secunia] || []
|
28
47
|
end
|
29
48
|
|
30
49
|
# @return [ Array<String> ]
|
@@ -39,7 +58,7 @@ module CMSScanner
|
|
39
58
|
|
40
59
|
# @return [ Array<String> ] The OSVDB IDs
|
41
60
|
def osvdb_ids
|
42
|
-
@osvdb_ids ||=
|
61
|
+
@osvdb_ids ||= references[:osvdb] || []
|
43
62
|
end
|
44
63
|
|
45
64
|
# @return [ Array<String> ]
|
@@ -54,7 +73,7 @@ module CMSScanner
|
|
54
73
|
|
55
74
|
# @return [ Array<String> ] The ExploitDB ID
|
56
75
|
def exploitdb_ids
|
57
|
-
@exploitdb_ids ||=
|
76
|
+
@exploitdb_ids ||= references[:exploitdb] || []
|
58
77
|
end
|
59
78
|
|
60
79
|
# @return [ Array<String> ]
|
@@ -69,12 +88,12 @@ module CMSScanner
|
|
69
88
|
|
70
89
|
# @return [ String<Array> ]
|
71
90
|
def urls
|
72
|
-
@urls ||=
|
91
|
+
@urls ||= references[:url] || []
|
73
92
|
end
|
74
93
|
|
75
94
|
# @return [ Array<String> ] The metasploit modules
|
76
95
|
def msf_modules
|
77
|
-
@msf_modules ||=
|
96
|
+
@msf_modules ||= references[:metasploit] || []
|
78
97
|
end
|
79
98
|
|
80
99
|
# @return [ Array<String> ]
|
@@ -89,7 +108,7 @@ module CMSScanner
|
|
89
108
|
|
90
109
|
# @return [ Array<String> ] The Packetstormsecurity IDs
|
91
110
|
def packetstorm_ids
|
92
|
-
@packetstorm_ids ||=
|
111
|
+
@packetstorm_ids ||= references[:packetstorm] || []
|
93
112
|
end
|
94
113
|
|
95
114
|
# @return [ Array<String> ]
|
@@ -104,7 +123,7 @@ module CMSScanner
|
|
104
123
|
|
105
124
|
# @return [ Array<String> ] The Security Focus IDs
|
106
125
|
def securityfocus_ids
|
107
|
-
@securityfocus_ids ||=
|
126
|
+
@securityfocus_ids ||= references[:securityfocus] || []
|
108
127
|
end
|
109
128
|
|
110
129
|
# @return [ Array<String> ]
|
data/lib/cms_scanner/version.rb
CHANGED
@@ -1,9 +1,11 @@
|
|
1
|
-
require 'cms_scanner/
|
1
|
+
require 'cms_scanner/references'
|
2
2
|
|
3
3
|
module CMSScanner
|
4
4
|
# Generic Vulnerability
|
5
5
|
class Vulnerability
|
6
|
-
|
6
|
+
include References
|
7
|
+
|
8
|
+
attr_reader :title, :type, :fixed_in
|
7
9
|
|
8
10
|
# @param [ String ] title
|
9
11
|
# @param [ Hash ] references
|
@@ -16,10 +18,11 @@ module CMSScanner
|
|
16
18
|
# @param [ String ] type
|
17
19
|
# @param [ String ] fixed_in
|
18
20
|
def initialize(title, references = {}, type = nil, fixed_in = nil)
|
19
|
-
@title
|
20
|
-
@
|
21
|
-
@
|
22
|
-
|
21
|
+
@title = title
|
22
|
+
@type = type
|
23
|
+
@fixed_in = fixed_in
|
24
|
+
|
25
|
+
self.references = references
|
23
26
|
end
|
24
27
|
|
25
28
|
# param [ Vulnerability ] other
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.35
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
-
-
|
7
|
+
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-07-
|
11
|
+
date: 2015-07-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: opt_parse_validator
|
@@ -280,6 +280,7 @@ files:
|
|
280
280
|
- lib/cms_scanner/formatter/buffer.rb
|
281
281
|
- lib/cms_scanner/helper.rb
|
282
282
|
- lib/cms_scanner/public_suffix/domain.rb
|
283
|
+
- lib/cms_scanner/references.rb
|
283
284
|
- lib/cms_scanner/target.rb
|
284
285
|
- lib/cms_scanner/target/hashes.rb
|
285
286
|
- lib/cms_scanner/target/platform.rb
|
@@ -294,7 +295,6 @@ files:
|
|
294
295
|
- lib/cms_scanner/typhoeus/response.rb
|
295
296
|
- lib/cms_scanner/version.rb
|
296
297
|
- lib/cms_scanner/vulnerability.rb
|
297
|
-
- lib/cms_scanner/vulnerability/references.rb
|
298
298
|
- lib/cms_scanner/web_site.rb
|
299
299
|
homepage: https://github.com/wpscanteam/CMSScanner
|
300
300
|
licenses:
|