cms_scanner 0.0.36 → 0.0.37
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/core.rb +18 -4
- data/app/controllers/core/cli_options.rb +2 -0
- data/app/models/interesting_finding.rb +3 -2
- data/app/models/robots_txt.rb +2 -1
- data/app/views/json/interesting_findings/findings.erb +4 -5
- data/cms_scanner.gemspec +5 -4
- data/lib/cms_scanner.rb +10 -5
- data/lib/cms_scanner/browser.rb +2 -0
- data/lib/cms_scanner/browser/options.rb +31 -14
- data/lib/cms_scanner/errors/http.rb +14 -1
- data/lib/cms_scanner/formatter.rb +1 -1
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/web_site.rb +1 -1
- metadata +29 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: acd54c82dac47f135bd9a9eb739493617a114f8c
|
|
4
|
+
data.tar.gz: 0cd17341caa2bd782beb2d07b2666d2dbf132d06
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d5d16f8d26a3873ea5a76c09c48e69f4c67f1dddca9e30a41f775060cccb4543b998845133be7ee937bb21bc0cb63dcf8523c12facc5e773fb8959d20ba5b752
|
|
7
|
+
data.tar.gz: 581b8ea2a409f4854fbbb214f09b3c3dc7cb00c308665a9545bef7e507475da3da3d56841ee4e6022adb903d66f37fa771610ae3c8d4879f24b15ca9e64c8fb4
|
data/app/controllers/core.rb
CHANGED
|
@@ -18,11 +18,25 @@ module CMSScanner
|
|
|
18
18
|
|
|
19
19
|
setup_cache
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
check_target_availability
|
|
22
|
+
end
|
|
22
23
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
# Checks that the target is accessible, raises related errors otherwise
|
|
25
|
+
#
|
|
26
|
+
# @return [ Void ]
|
|
27
|
+
def check_target_availability
|
|
28
|
+
res = NS::Browser.get(target.url)
|
|
29
|
+
|
|
30
|
+
case res.code
|
|
31
|
+
when 0
|
|
32
|
+
fail TargetDownError, res
|
|
33
|
+
when 401
|
|
34
|
+
fail HTTPAuthRequiredError
|
|
35
|
+
when 403
|
|
36
|
+
fail AccessForbiddenError
|
|
37
|
+
when 407
|
|
38
|
+
fail ProxyAuthRequiredError
|
|
39
|
+
end
|
|
26
40
|
|
|
27
41
|
redirection = target.redirection
|
|
28
42
|
fail HTTPRedirectError, redirection if redirection && !parsed_options[:ignore_main_redirect]
|
|
@@ -34,6 +34,8 @@ module CMSScanner
|
|
|
34
34
|
OptCredentials.new(['--http-auth login:password']),
|
|
35
35
|
OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
|
|
36
36
|
default: 5),
|
|
37
|
+
OptPositiveInteger.new(['--throttle MilliSeconds', 'Milliseconds to wait before doing another web request. ' \
|
|
38
|
+
'If used, the max threads will be set to 1.']),
|
|
37
39
|
OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
|
|
38
40
|
default: 60),
|
|
39
41
|
OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
|
|
@@ -26,13 +26,14 @@ module CMSScanner
|
|
|
26
26
|
res.body.split("\n").reject { |s| s.strip.empty? }
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
+
# @return [ String ]
|
|
29
30
|
def to_s
|
|
30
31
|
@to_s || url
|
|
31
32
|
end
|
|
32
33
|
|
|
34
|
+
# @return [ Bollean ]
|
|
33
35
|
def ==(other)
|
|
34
|
-
|
|
35
|
-
to_s == other.to_s
|
|
36
|
+
self.class == other.class && to_s == other.to_s
|
|
36
37
|
end
|
|
37
38
|
end
|
|
38
39
|
end
|
data/app/models/robots_txt.rb
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
"interesting_findings":
|
|
1
|
+
"interesting_findings": {
|
|
2
2
|
<% unless @findings.empty? -%>
|
|
3
|
-
{
|
|
4
3
|
<% last_index = @findings.size - 1 %>
|
|
5
4
|
<% @findings.each.with_index do |finding, index| -%>
|
|
6
|
-
<%= finding.
|
|
5
|
+
<%= finding.to_s.to_json %>: {
|
|
6
|
+
"url": <%= finding.url.to_s.to_json %>,
|
|
7
7
|
"found_by": <%= finding.found_by.to_s.to_json %>,
|
|
8
8
|
"confidence": <%= finding.confidence.to_json %>,
|
|
9
9
|
"confirmed_by": [
|
|
@@ -20,6 +20,5 @@
|
|
|
20
20
|
"interesting_entries": <%= finding.interesting_entries.to_json %>
|
|
21
21
|
}<% unless index == last_index %>,<% end %>
|
|
22
22
|
<% end -%>
|
|
23
|
-
}
|
|
24
23
|
<% end -%>
|
|
25
|
-
|
|
24
|
+
},
|
data/cms_scanner.gemspec
CHANGED
|
@@ -31,19 +31,20 @@ Gem::Specification.new do |s|
|
|
|
31
31
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
32
32
|
s.require_path = 'lib'
|
|
33
33
|
|
|
34
|
-
s.add_dependency '
|
|
35
|
-
s.add_dependency 'typhoeus', '~> 0.7'
|
|
34
|
+
s.add_dependency 'typhoeus', '~> 0.8'
|
|
36
35
|
s.add_dependency 'nokogiri', '~> 1.6.6'
|
|
36
|
+
s.add_dependency 'yajl-ruby', '~> 1.2.1' # Better JSON parser regarding memory usage
|
|
37
37
|
s.add_dependency 'addressable', '~> 2.3.8'
|
|
38
38
|
s.add_dependency 'activesupport', '~> 4.2'
|
|
39
39
|
s.add_dependency 'public_suffix', '~> 1.5'
|
|
40
40
|
s.add_dependency 'ruby-progressbar', '~> 1.7.5'
|
|
41
|
+
s.add_dependency 'opt_parse_validator', '~> 0.0.13'
|
|
41
42
|
|
|
42
43
|
s.add_development_dependency 'rake', '~> 10.4.2'
|
|
43
44
|
s.add_development_dependency 'rspec', '~> 3.3'
|
|
44
45
|
s.add_development_dependency 'rspec-its', '~> 1.2'
|
|
45
46
|
s.add_development_dependency 'bundler', '~> 1.6'
|
|
46
|
-
s.add_development_dependency 'rubocop', '~> 0.
|
|
47
|
-
s.add_development_dependency 'webmock', '~> 1.
|
|
47
|
+
s.add_development_dependency 'rubocop', '~> 0.34'
|
|
48
|
+
s.add_development_dependency 'webmock', '~> 1.22'
|
|
48
49
|
s.add_development_dependency 'simplecov', '~> 0.10'
|
|
49
50
|
end
|
data/lib/cms_scanner.rb
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
# Gems
|
|
2
|
-
require 'opt_parse_validator'
|
|
3
2
|
require 'typhoeus'
|
|
4
3
|
require 'nokogiri'
|
|
5
|
-
require '
|
|
6
|
-
require 'active_support/concern'
|
|
7
|
-
require 'addressable/uri'
|
|
4
|
+
require 'yajl/json_gem'
|
|
8
5
|
require 'public_suffix'
|
|
6
|
+
require 'addressable/uri'
|
|
9
7
|
require 'ruby-progressbar'
|
|
8
|
+
require 'opt_parse_validator'
|
|
9
|
+
require 'active_support/concern'
|
|
10
|
+
require 'active_support/inflector'
|
|
10
11
|
# Standard Libs
|
|
11
12
|
require 'erb'
|
|
12
13
|
require 'uri'
|
|
@@ -38,7 +39,11 @@ module CMSScanner
|
|
|
38
39
|
|
|
39
40
|
# Number of requests performed to display at the end of the scan
|
|
40
41
|
Typhoeus.on_complete do |response|
|
|
41
|
-
|
|
42
|
+
next if response.cached?
|
|
43
|
+
|
|
44
|
+
self.total_requests += 1
|
|
45
|
+
|
|
46
|
+
NS::Browser.instance.trottle!
|
|
42
47
|
end
|
|
43
48
|
|
|
44
49
|
# Module to be able to use these class methods when the CMSScanner
|
data/lib/cms_scanner/browser.rb
CHANGED
|
@@ -12,6 +12,7 @@ module CMSScanner
|
|
|
12
12
|
:proxy_auth,
|
|
13
13
|
:random_user_agent,
|
|
14
14
|
:request_timeout,
|
|
15
|
+
:throttle,
|
|
15
16
|
:user_agent,
|
|
16
17
|
:user_agents_list,
|
|
17
18
|
:vhost
|
|
@@ -19,6 +20,15 @@ module CMSScanner
|
|
|
19
20
|
|
|
20
21
|
attr_accessor(*OPTIONS)
|
|
21
22
|
|
|
23
|
+
# @return [ String ]
|
|
24
|
+
def default_user_agent
|
|
25
|
+
"#{NS} v#{NS::VERSION}"
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def hydra
|
|
29
|
+
@hydra ||= Typhoeus::Hydra.new(max_concurrency: max_threads || 1)
|
|
30
|
+
end
|
|
31
|
+
|
|
22
32
|
# @param [ Hash ] options
|
|
23
33
|
def load_options(options = {})
|
|
24
34
|
OPTIONS.each do |sym|
|
|
@@ -26,22 +36,21 @@ module CMSScanner
|
|
|
26
36
|
end
|
|
27
37
|
end
|
|
28
38
|
|
|
29
|
-
def hydra
|
|
30
|
-
@hydra ||= Typhoeus::Hydra.new(max_concurrency: max_threads || 1)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
39
|
# Set the threads attribute and update
|
|
34
40
|
# the max_concurrency of Typhoeus::Hydra
|
|
35
41
|
#
|
|
42
|
+
# If the throttle attribute is > 0, max_threads will be forced to 1
|
|
43
|
+
#
|
|
36
44
|
# @param [ Integer ] number
|
|
37
45
|
def max_threads=(number)
|
|
38
|
-
@max_threads = number.to_i > 0 ? number.to_i : 1
|
|
46
|
+
@max_threads = number.to_i > 0 && throttle == 0 ? number.to_i : 1
|
|
47
|
+
|
|
39
48
|
hydra.max_concurrency = @max_threads
|
|
40
49
|
end
|
|
41
50
|
|
|
42
|
-
# @return [ String ] The
|
|
43
|
-
def
|
|
44
|
-
@
|
|
51
|
+
# @return [ String ] The user agent
|
|
52
|
+
def user_agent
|
|
53
|
+
@user_agent ||= random_user_agent ? user_agents.sample : default_user_agent
|
|
45
54
|
end
|
|
46
55
|
|
|
47
56
|
# @return [ Array<String> ]
|
|
@@ -58,14 +67,22 @@ module CMSScanner
|
|
|
58
67
|
@user_agents
|
|
59
68
|
end
|
|
60
69
|
|
|
61
|
-
# @return [ String ]
|
|
62
|
-
def
|
|
63
|
-
|
|
70
|
+
# @return [ String ] The path to the user agents list
|
|
71
|
+
def user_agents_list
|
|
72
|
+
@user_agents_list ||= File.join(APP_DIR, 'user_agents.txt')
|
|
64
73
|
end
|
|
65
74
|
|
|
66
|
-
# @
|
|
67
|
-
|
|
68
|
-
|
|
75
|
+
# @param [ value ] The throttle time in milliseconds
|
|
76
|
+
#
|
|
77
|
+
# if value > 0, the max_threads will be set to 1
|
|
78
|
+
def throttle=(value)
|
|
79
|
+
@throttle = value.to_i.abs / 1000.0
|
|
80
|
+
|
|
81
|
+
self.max_threads = 1 if @throttle > 0
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def trottle!
|
|
85
|
+
sleep(throttle) if throttle > 0
|
|
69
86
|
end
|
|
70
87
|
end
|
|
71
88
|
end
|
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
module CMSScanner
|
|
2
|
-
class Error <
|
|
2
|
+
class Error < StandardError
|
|
3
|
+
end
|
|
4
|
+
|
|
5
|
+
# Target Down Error
|
|
6
|
+
class TargetDownError < Error
|
|
7
|
+
attr_reader :response
|
|
8
|
+
|
|
9
|
+
def initialize(response)
|
|
10
|
+
@response = response
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def to_s
|
|
14
|
+
"The url supplied '#{response.request.url}' seems to be down (#{response.return_message})"
|
|
15
|
+
end
|
|
3
16
|
end
|
|
4
17
|
|
|
5
18
|
# HTTP Authentication Required Error
|
data/lib/cms_scanner/version.rb
CHANGED
data/lib/cms_scanner/web_site.rb
CHANGED
metadata
CHANGED
|
@@ -1,57 +1,57 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.37
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-10-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: typhoeus
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: '0.8'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: '0.8'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: nokogiri
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 1.6.6
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 1.6.6
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
|
-
name:
|
|
42
|
+
name: yajl-ruby
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.
|
|
47
|
+
version: 1.2.1
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.
|
|
54
|
+
version: 1.2.1
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: addressable
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -108,6 +108,20 @@ dependencies:
|
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: 1.7.5
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: opt_parse_validator
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - "~>"
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: 0.0.13
|
|
118
|
+
type: :runtime
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - "~>"
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: 0.0.13
|
|
111
125
|
- !ruby/object:Gem::Dependency
|
|
112
126
|
name: rake
|
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -170,28 +184,28 @@ dependencies:
|
|
|
170
184
|
requirements:
|
|
171
185
|
- - "~>"
|
|
172
186
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: '0.
|
|
187
|
+
version: '0.34'
|
|
174
188
|
type: :development
|
|
175
189
|
prerelease: false
|
|
176
190
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
191
|
requirements:
|
|
178
192
|
- - "~>"
|
|
179
193
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: '0.
|
|
194
|
+
version: '0.34'
|
|
181
195
|
- !ruby/object:Gem::Dependency
|
|
182
196
|
name: webmock
|
|
183
197
|
requirement: !ruby/object:Gem::Requirement
|
|
184
198
|
requirements:
|
|
185
199
|
- - "~>"
|
|
186
200
|
- !ruby/object:Gem::Version
|
|
187
|
-
version: '1.
|
|
201
|
+
version: '1.22'
|
|
188
202
|
type: :development
|
|
189
203
|
prerelease: false
|
|
190
204
|
version_requirements: !ruby/object:Gem::Requirement
|
|
191
205
|
requirements:
|
|
192
206
|
- - "~>"
|
|
193
207
|
- !ruby/object:Gem::Version
|
|
194
|
-
version: '1.
|
|
208
|
+
version: '1.22'
|
|
195
209
|
- !ruby/object:Gem::Dependency
|
|
196
210
|
name: simplecov
|
|
197
211
|
requirement: !ruby/object:Gem::Requirement
|