cms_scanner 0.0.35.1 → 0.0.36

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ae82b795bcfbedd43f9dfd6b3cce5477854e80dc
-  data.tar.gz: e76da82f4417c94491c25719ffce22b2cc259608
+  metadata.gz: 4bfb8bab5a963e2803fa4991564f4affe3e7415d
+  data.tar.gz: 50faf8b01e45138166d74d3b4d769dbf5bf828ea
 SHA512:
-  metadata.gz: db37c59c93b0ffbf9d1ea2f833fbe194aa1f8442a1a028467f28b21aeae4e5e59596d4fa36e711f4f80ef845720e29f2c8992c087be7079200a4d4c9de6f5e2a
-  data.tar.gz: 4a9b8a614e849658775bd76f9084b1f53779599c147874b6a4cb5d10fcc25833b5ec32ee8767882bce4c9fc0810514f58f97ae7dcd10812237c38059582ed51b
+  metadata.gz: a49537023c9c2ba55ab12641dc6fb9407e357e88ca358b1c9428d533bb984df8f1f6e07e7218c9195cd9459f20da24c4f4e268c63ae30bc75a083db5fae58309
+  data.tar.gz: 7ad19781bcda3f02d744eb0eceb0b3e43289cc3d323950df3b2060b051426053cf1ef3957c9ae5df417ce5f18006881e908b3cbcca6b9e63afc1981a07856d77

data/app/models/interesting_finding.rb

@@ -1,7 +1,7 @@
 module CMSScanner
   # Interesting Finding
   class InterestingFinding
-    include NS::Finders::Finding
+    include Finders::Finding
 
     attr_reader :url
     attr_writer :to_s

data/app/models/version.rb

@@ -1,7 +1,7 @@
 module CMSScanner
   # Version
   class Version
-    include NS::Finders::Finding
+    include Finders::Finding
 
     attr_reader :number
 

data/lib/cms_scanner.rb

@@ -3,6 +3,7 @@ require 'opt_parse_validator'
 require 'typhoeus'
 require 'nokogiri'
 require 'active_support/inflector'
+require 'active_support/concern'
 require 'addressable/uri'
 require 'public_suffix'
 require 'ruby-progressbar'
@@ -26,6 +27,7 @@ require 'cms_scanner/version'
 require 'cms_scanner/controller'
 require 'cms_scanner/controllers'
 require 'cms_scanner/formatter'
+require 'cms_scanner/references'
 require 'cms_scanner/finders'
 require 'cms_scanner/vulnerability'
 

data/lib/cms_scanner/controllers.rb

@@ -14,7 +14,7 @@ module CMSScanner
     def register_options_files
       [Dir.home, Dir.pwd].each do |dir|
         option_parser.options_files.supported_extensions.each do |ext|
-          @option_parser.options_files << File.join(dir, ".#{NS.app_name}", "cli_options.#{ext}")
+          @option_parser.options_files << Pathname.new(dir).join(".#{NS.app_name}", "cli_options.#{ext}").to_s
         end
       end
     end

data/lib/cms_scanner/finders.rb

@@ -1,6 +1,7 @@
 require 'cms_scanner/finders/finder'
 require 'cms_scanner/finders/finding'
 require 'cms_scanner/finders/findings'
+require 'cms_scanner/finders/base_finders'
 require 'cms_scanner/finders/independent_finders'
 require 'cms_scanner/finders/independent_finder'
 require 'cms_scanner/finders/unique_finders'

data/lib/cms_scanner/finders/base_finders.rb

@@ -0,0 +1,42 @@
+module CMSScanner
+  module Finders
+    # Base class container for the Finders (i.e IndependentFinders etc)
+    class BaseFinders < Array
+      # @return [ Findings ]
+      def findings
+        @findings ||= NS::Finders::Findings.new
+      end
+
+      # Should be implemented in child classes
+      def run; end
+
+      protected
+
+      # @param [ Symbol ] mode :mixed, :passive or :aggressive
+      # @return [ Array<Symbol> ] The symbols to call for the mode
+      def symbols_from_mode(mode)
+        symbols = [:passive, :aggressive]
+
+        return symbols if mode.nil? || mode == :mixed
+        symbols.include?(mode) ? [*mode] : []
+      end
+
+      # @param [ CMSScanner::Finders::Finder ] finder
+      # @param [ Symbol ] symbol See return values of #symbols_from_mode
+      # @param [ Hash ] opts
+      def run_finder(finder, symbol, opts)
+        [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
+          findings << found
+        end
+      end
+
+      # Allow child classes to filter the findings, such as return the best one
+      # or remove the low confidence ones.
+      #
+      # @return [ Findings ]
+      def filter_findings
+        findings
+      end
+    end
+  end
+end

data/lib/cms_scanner/finders/finding.rb

@@ -1,12 +1,11 @@
-require 'cms_scanner/references'
-
 module CMSScanner
   module Finders
     # Finding
     module Finding
       # Fix for "Double/Dynamic Inclusion Problem"
       def self.included(base)
-        base.send(:include, References)
+        base.include References
+        super(base)
       end
 
       FINDING_OPTS = [:confidence, :confirmed_by, :references, :found_by, :interesting_entries]

data/lib/cms_scanner/finders/independent_finder.rb

@@ -2,11 +2,9 @@ module CMSScanner
   module Finders
     # Independent Finder
     module IndependentFinder
-      def self.included(base)
-        base.extend(ClassMethods)
-      end
+      extend ActiveSupport::Concern
 
-      # Hack to have the #find as a class method
+      # See ActiveSupport::Concern
       module ClassMethods
         def find(target, opts = {})
           new(target).find(opts)

data/lib/cms_scanner/finders/independent_finders.rb

@@ -1,15 +1,9 @@
 module CMSScanner
   module Finders
-    # Independent Finders container
     # This class is designed to handle independent results
     # which are not related with each others
     # e.g: interesting files
-    class IndependentFinders < Array
-      # @return [ Findings ]
-      def findings
-        @findings ||= NS::Finders::Findings.new
-      end
-
+    class IndependentFinders < BaseFinders
       # @param [ Hash ] opts
       # @option opts [ Symbol ] mode :mixed, :passive or :aggressive
       #
@@ -25,34 +19,6 @@ module CMSScanner
 
         filter_findings
       end
-
-      protected
-
-      # @param [ Symbol ] mode :mixed, :passive or :aggressive
-      # @return [ Array<Symbol> ] The symbols to call for the mode
-      def symbols_from_mode(mode)
-        symbols = [:passive, :aggressive]
-
-        return symbols if mode.nil? || mode == :mixed
-        symbols.include?(mode) ? [*mode] : []
-      end
-
-      # @param [ CMSScanner::Finders::Finder ] finder
-      # @param [ Symbol ] symbol See return values of #symbols_from_mode
-      # @param [ Hash ] opts
-      def run_finder(finder, symbol, opts)
-        [*finder.send(symbol, opts.merge(found: findings))].compact.each do |found|
-          findings << found
-        end
-      end
-
-      # Allow child classes to filter the findings, such as return the best one
-      # or remove the low confidence ones.
-      #
-      # @return [ Findings ]
-      def filter_findings
-        findings
-      end
     end
   end
 end

data/lib/cms_scanner/finders/same_type_finders.rb

@@ -1,10 +1,8 @@
 module CMSScanner
   module Finders
-    # Same Type Finders container
-    #
     # This class is designed to handle same type results, such as enumeration of plugins,
     # themes etc.
-    class SameTypeFinders < IndependentFinders
+    class SameTypeFinders < BaseFinders
       # @param [ Hash ] opts
       # @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
       # @option opts [ Boolean ] :sort Wether or not to sort the findings

data/lib/cms_scanner/finders/unique_finders.rb

@@ -1,11 +1,9 @@
 module CMSScanner
   module Finders
-    # Unique Finders container
-    #
     # This class is designed to return a unique result such as a version
     # Note: Finders contained can return multiple results but the #run will only
     # returned the best finding
-    class UniqueFinders < IndependentFinders
+    class UniqueFinders < BaseFinders
       # @param [ Hash ] opts
       # @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
       # @option opts [ Int ] :confidence_threshold  If a finding's confidence reaches this value,

data/lib/cms_scanner/formatter.rb

@@ -128,7 +128,10 @@ module CMSScanner
 
       # @return [ Array<String> ] The directories to look into for views
       def views_directories
-        @views_directories ||= [APP_DIR, NS::APP_DIR].uniq.reduce([]) { |a, e| a << Pathname.new(e).join('views').to_s }
+        @views_directories ||= [
+          APP_DIR, NS::APP_DIR,
+          File.join(Dir.home, ".#{NS.app_name}"), File.join(Dir.pwd, ".#{NS.app_name}")
+        ].uniq.reduce([]) { |a, e| a << Pathname.new(e).join('views').to_s }
       end
     end
   end

data/lib/cms_scanner/references.rb

@@ -1,16 +1,21 @@
 module CMSScanner
   # References related to the issue
   module References
-    # @return [ Array<Symbol> ]
-    def references_keys
-      [:cve, :secunia, :osvdb, :exploitdb, :url, :metasploit, :packetstorm, :securityfocus]
+    extend ActiveSupport::Concern
+
+    # See ActiveSupport::Concern
+    module ClassMethods
+      # @return [ Array<Symbol> ]
+      def references_keys
+        @references_keys ||= [:cve, :secunia, :osvdb, :exploitdb, :url, :metasploit, :packetstorm, :securityfocus]
+      end
     end
 
     # @param [ Hash ] refs
     def references=(refs)
       @references = {}
 
-      references_keys.each do |key|
+      self.class.references_keys.each do |key|
         @references[key] = [*refs[key]].map(&:to_s) if refs.key?(key)
       end
     end
@@ -28,7 +33,7 @@ module CMSScanner
 
     # @return [ Array<String> ] The CVEs
     def cves
-      @cve ||= references[:cve] || []
+      references[:cve] || []
     end
 
     # @return [ Array<String> ]
@@ -43,7 +48,7 @@ module CMSScanner
 
     # @return [ Array<String> ] The Secunia IDs
     def secunia_ids
-      @secunia_ids ||= references[:secunia] || []
+      references[:secunia] || []
     end
 
     # @return [ Array<String> ]
@@ -58,7 +63,7 @@ module CMSScanner
 
     # @return [ Array<String> ] The OSVDB IDs
     def osvdb_ids
-      @osvdb_ids ||= references[:osvdb] || []
+      references[:osvdb] || []
     end
 
     # @return [ Array<String> ]
@@ -73,7 +78,7 @@ module CMSScanner
 
     # @return [ Array<String> ] The ExploitDB ID
     def exploitdb_ids
-      @exploitdb_ids ||= references[:exploitdb] || []
+      references[:exploitdb] || []
     end
 
     # @return [ Array<String> ]
@@ -88,12 +93,12 @@ module CMSScanner
 
     # @return [ String<Array> ]
     def urls
-      @urls ||= references[:url] || []
+      references[:url] || []
     end
 
     # @return [ Array<String> ] The metasploit modules
     def msf_modules
-      @msf_modules ||= references[:metasploit] || []
+      references[:metasploit] || []
     end
 
     # @return [ Array<String> ]
@@ -123,7 +128,7 @@ module CMSScanner
 
     # @return [ Array<String> ] The Security Focus IDs
     def securityfocus_ids
-      @securityfocus_ids ||= references[:securityfocus] || []
+      references[:securityfocus] || []
     end
 
     # @return [ Array<String> ]

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.35.1'
+  VERSION = '0.0.36'
 end

data/lib/cms_scanner/vulnerability.rb

@@ -1,5 +1,3 @@
-require 'cms_scanner/references'
-
 module CMSScanner
   # Generic Vulnerability
   class Vulnerability

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.35.1
+  version: 0.0.36
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-07-17 00:00:00.000000000 Z
+date: 2015-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -263,6 +263,7 @@ files:
 - lib/cms_scanner/errors/http.rb
 - lib/cms_scanner/exit_code.rb
 - lib/cms_scanner/finders.rb
+- lib/cms_scanner/finders/base_finders.rb
 - lib/cms_scanner/finders/finder.rb
 - lib/cms_scanner/finders/finder/enumerator.rb
 - lib/cms_scanner/finders/finder/fingerprinter.rb