cms_scanner 0.0.37.9 → 0.0.37.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 51512e1c22d92caefdd529903641464e1773f5a0
4
- data.tar.gz: 1347eebde5a09c12a85a68d6183c6483ef94065c
3
+ metadata.gz: 1916be2912eec9204b9acf8c0cb4d145e7f7dd76
4
+ data.tar.gz: 4235cf913d353741905ba1ba5e4114d5fa2a7316
5
5
  SHA512:
6
- metadata.gz: cc50993c008256b054b070e52a247063147a4d5c0230c13c59bc76dcc8bd1472e4f7c15aa244944bbfaa1fd9fea4272419925cac28973394a66e1a97d552c484
7
- data.tar.gz: 9bad381206895359dd2c28a2df3f37b990e9b41ee14006190aab5fcbbd1140fd1d83ee5fa26cdff3c34de9c4d9f51fa7527a8ce959a968036c38f5d004cdce0b
6
+ metadata.gz: 16f5b5dd3ab709a33330650979255ee639d757a93c7c1b15c9e27b20b16fc7e91b09cef99bd6c4b218fe592b904e32ca549f9cbe4952be5129b3d23e8c9dcb45
7
+ data.tar.gz: c0825cfe663eb1ae87bfa8fc27eaf9f489cad2400eb64a22fcb2f15cc5bf69b6ae9886c856fba7430b9bd51609c9b3367f2360a0e9b0f8ae15028217c02942a4
@@ -8,12 +8,12 @@ module CMSScanner
8
8
  [
9
9
  OptURL.new(['-u', '--url URL', 'The URL to scan'], required: true, default_protocol: 'http'),
10
10
  OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect if any and scan the target url']),
11
- OptBoolean.new(%w(-v --verbose)),
11
+ OptBoolean.new(%w[-v --verbose]),
12
12
  OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
13
13
  OptChoice.new(['-f', '--format FORMAT',
14
14
  'Output results in the format supplied'], choices: formats),
15
15
  OptChoice.new(['--detection-mode MODE'],
16
- choices: %w(mixed passive aggressive),
16
+ choices: %w[mixed passive aggressive],
17
17
  normalize: :to_sym,
18
18
  default: :mixed),
19
19
  OptArray.new(['--scope DOMAINS',
@@ -24,9 +24,7 @@ module CMSScanner
24
24
 
25
25
  # @return [ Array<OptParseValidator::OptBase> ]
26
26
  def cli_browser_options
27
- [
28
- OptString.new(['--user-agent VALUE', '--ua']),
29
- OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests']),
27
+ cli_browser_headers_options + [
30
28
  OptBoolean.new(['--random-user-agent', '--rua',
31
29
  'Use a random user-agent for each scan']),
32
30
  OptFilePath.new(['--user-agents-list FILE-PATH',
@@ -43,6 +41,15 @@ module CMSScanner
43
41
  ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
44
42
  end
45
43
 
44
+ # @return [ Array<OptParseValidator::OptBase> ]
45
+ def cli_browser_headers_options
46
+ [
47
+ OptString.new(['--user-agent VALUE', '--ua']),
48
+ OptHeaders.new(['--headers HEADERS', 'Additional headers to append in requests']),
49
+ OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests'])
50
+ ]
51
+ end
52
+
46
53
  # @return [ Array<OptParseValidator::OptBase> ]
47
54
  def cli_browser_proxy_options
48
55
  [
@@ -7,7 +7,7 @@ module CMSScanner
7
7
  OptChoice.new(
8
8
  ['--interesting-findings-detection MODE',
9
9
  'Use the supplied mode for the interesting findings detection. '],
10
- choices: %w(mixed passive aggressive),
10
+ choices: %w[mixed passive aggressive],
11
11
  normalize: :to_sym
12
12
  )
13
13
  ]
@@ -13,7 +13,7 @@ module CMSScanner
13
13
 
14
14
  # @param [ CMSScanner::Target ] target
15
15
  def initialize(target)
16
- %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
16
+ %w[Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC].each do |f|
17
17
  finders << NS::Finders::InterestingFindings.const_get(f).new(target)
18
18
  end
19
19
  end
@@ -22,13 +22,13 @@ module CMSScanner
22
22
 
23
23
  # @return [ Array<String> ] Downcased known headers
24
24
  def known_headers
25
- %w(
25
+ %w[
26
26
  age accept-ranges cache-control content-encoding content-length content-type connection date
27
27
  etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
28
28
  transfer-encoding vary x-cache x-content-security-policy x-content-type-options
29
29
  x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
30
30
  x-webkit-csp x-xss-protection
31
- )
31
+ ]
32
32
  end
33
33
 
34
34
  def eql?(other)
@@ -32,20 +32,24 @@ Gem::Specification.new do |s|
32
32
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
33
33
  s.require_path = 'lib'
34
34
 
35
- s.add_dependency 'typhoeus', '~> 1.1.0'
36
- s.add_dependency 'nokogiri', '~> 1.7.1'
35
+ s.add_dependency 'typhoeus', '~> 1.3.0'
36
+ s.add_dependency 'nokogiri', '~> 1.8.0'
37
37
  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
38
- s.add_dependency 'addressable', '~> 2.5.0'
39
- s.add_dependency 'activesupport', '~> 5.0.1'
40
- s.add_dependency 'public_suffix', '~> 2.0.3'
38
+ s.add_dependency 'public_suffix', '~> 3.0.0'
41
39
  s.add_dependency 'ruby-progressbar', '~> 1.8.1'
42
- s.add_dependency 'opt_parse_validator', '~> 0.0.13.5'
40
+ s.add_dependency 'opt_parse_validator', '~> 0.0.13.7'
41
+
42
+ # Already required by opt_parse_validator
43
+ # so version restriction loosen to avoid potential future conflicts
44
+ s.add_dependency 'addressable', '~> 2.5'
45
+ s.add_dependency 'activesupport', '~> 5.0'
43
46
 
44
47
  s.add_development_dependency 'rake', '~> 12.0'
45
- s.add_development_dependency 'rspec', '~> 3.5.0'
48
+ s.add_development_dependency 'rspec', '~> 3.6.0'
46
49
  s.add_development_dependency 'rspec-its', '~> 1.2.0'
47
50
  s.add_development_dependency 'bundler', '~> 1.6'
48
- s.add_development_dependency 'rubocop', '~> 0.47.1'
51
+ s.add_development_dependency 'rubocop', '~> 0.50.0'
49
52
  s.add_development_dependency 'webmock', '~> 1.22.0'
50
- s.add_development_dependency 'simplecov', '~> 0.12.0' # Can't update to 0.13 as it breaks coveralls dep
53
+ s.add_development_dependency 'simplecov', '~> 0.14.0' # Can't update to 0.15 as it breaks coveralls dep
54
+ s.add_development_dependency 'coveralls', '~> 0.8.0'
51
55
  end
@@ -1,4 +1,5 @@
1
1
  # coding: utf-8
2
+
2
3
  lib = File.expand_path('../lib', __FILE__)
3
4
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
5
 
@@ -33,9 +34,9 @@ Gem::Specification.new do |s|
33
34
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
34
35
  s.require_path = 'lib'
35
36
 
36
- s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
37
+ s.add_dependency 'yajl-ruby', '~> 1.3' # Better JSON parser regarding memory usage
37
38
  s.add_dependency 'cms_scanner', '~> 0.0.37.5'
38
- s.add_dependency 'activesupport', '~> 5.0.0.1' # Not sure if needed there as already needed in the CMSScanner
39
+ s.add_dependency 'activesupport', '~> 5.0'
39
40
  # DB dependencies
40
41
  s.add_dependency 'dm-core', '~> 1.2.0'
41
42
  s.add_dependency 'dm-migrations', '~> 1.2.0'
@@ -48,7 +48,7 @@ module CMSScanner
48
48
  params = {
49
49
  # Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
50
50
  ssl_verifypeer: false, ssl_verifyhost: 0,
51
- headers: { 'User-Agent' => user_agent },
51
+ headers: { 'User-Agent' => user_agent }.merge(headers || {}),
52
52
  accept_encoding: 'gzip, deflate',
53
53
  method: :get
54
54
  }
@@ -1,21 +1,22 @@
1
1
  module CMSScanner
2
2
  # Options available in the Browser
3
3
  class Browser
4
- OPTIONS = [
5
- :cache_ttl,
6
- :cookie_jar,
7
- :cookie_string,
8
- :connect_timeout,
9
- :http_auth,
10
- :max_threads,
11
- :proxy,
12
- :proxy_auth,
13
- :random_user_agent,
14
- :request_timeout,
15
- :throttle,
16
- :user_agent,
17
- :user_agents_list,
18
- :vhost
4
+ OPTIONS = %i[
5
+ cache_ttl
6
+ cookie_jar
7
+ cookie_string
8
+ connect_timeout
9
+ headers
10
+ http_auth
11
+ max_threads
12
+ proxy
13
+ proxy_auth
14
+ random_user_agent
15
+ request_timeout
16
+ throttle
17
+ user_agent
18
+ user_agents_list
19
+ vhost
19
20
  ].freeze
20
21
 
21
22
  attr_accessor(*OPTIONS)
@@ -15,7 +15,7 @@ module CMSScanner
15
15
  # @param [ Symbol ] mode :mixed, :passive or :aggressive
16
16
  # @return [ Array<Symbol> ] The symbols to call for the mode
17
17
  def symbols_from_mode(mode)
18
- symbols = [:passive, :aggressive]
18
+ symbols = %i[passive aggressive]
19
19
 
20
20
  return symbols if mode.nil? || mode == :mixed
21
21
  symbols.include?(mode) ? [*mode] : []
@@ -51,7 +51,7 @@ module CMSScanner
51
51
  caller_locations.each do |call|
52
52
  label = call.label
53
53
 
54
- next unless label == 'aggressive' || label == 'passive'
54
+ next unless %w[aggressive passive].include? label
55
55
 
56
56
  return "#{titleize} (#{label.capitalize} Detection)"
57
57
  end
@@ -8,7 +8,7 @@ module CMSScanner
8
8
  super(base)
9
9
  end
10
10
 
11
- FINDING_OPTS = [:confidence, :confirmed_by, :references, :found_by, :interesting_entries].freeze
11
+ FINDING_OPTS = %i[confidence confirmed_by references found_by interesting_entries].freeze
12
12
 
13
13
  attr_accessor(*FINDING_OPTS)
14
14
 
@@ -2,7 +2,7 @@
2
2
  class Numeric
3
3
  # @return [ String ] A human readable string of the value
4
4
  def bytes_to_human
5
- units = %w(B KB MB GB TB)
5
+ units = %w[B KB MB GB TB]
6
6
  e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
7
7
  s = format('%.3f', (abs.to_f / 1024**e))
8
8
 
@@ -7,7 +7,7 @@ module CMSScanner
7
7
  module ClassMethods
8
8
  # @return [ Array<Symbol> ]
9
9
  def references_keys
10
- @references_keys ||= [:cve, :secunia, :osvdb, :exploitdb, :url, :metasploit, :packetstorm, :securityfocus]
10
+ @references_keys ||= %i[cve secunia osvdb exploitdb url metasploit packetstorm securityfocus]
11
11
  end
12
12
  end
13
13
 
@@ -62,7 +62,7 @@ module CMSScanner
62
62
  # @yield [ String, Nokogiri::XML::Element ] The url and its associated tag
63
63
  #
64
64
  # @return [ Array<String> ] The absolute URLs detected in the response's body from the HTML tags
65
- def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
65
+ def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
66
66
  page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
67
67
  found = []
68
68
 
@@ -22,7 +22,7 @@ module CMSScanner
22
22
  # @yield [ String, Nokogiri::XML::Element ] The in scope url and its associated tag
23
23
  #
24
24
  # @return [ Array<String> ] The in scope absolute URLs detected in the response's body
25
- def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
25
+ def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
26
26
  found = []
27
27
 
28
28
  urls_from_page(res, xpath, attributes) do |url, tag|
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.37.9'.freeze
3
+ VERSION = '0.0.37.10'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.37.9
4
+ version: 0.0.37.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-04-21 00:00:00.000000000 Z
11
+ date: 2017-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: typhoeus
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.1.0
19
+ version: 1.3.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.1.0
26
+ version: 1.3.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: nokogiri
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 1.7.1
33
+ version: 1.8.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 1.7.1
40
+ version: 1.8.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: yajl-ruby
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -53,75 +53,75 @@ dependencies:
53
53
  - !ruby/object:Gem::Version
54
54
  version: 1.3.0
55
55
  - !ruby/object:Gem::Dependency
56
- name: addressable
56
+ name: public_suffix
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 2.5.0
61
+ version: 3.0.0
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 2.5.0
68
+ version: 3.0.0
69
69
  - !ruby/object:Gem::Dependency
70
- name: activesupport
70
+ name: ruby-progressbar
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 5.0.1
75
+ version: 1.8.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 5.0.1
82
+ version: 1.8.1
83
83
  - !ruby/object:Gem::Dependency
84
- name: public_suffix
84
+ name: opt_parse_validator
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 2.0.3
89
+ version: 0.0.13.7
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 2.0.3
96
+ version: 0.0.13.7
97
97
  - !ruby/object:Gem::Dependency
98
- name: ruby-progressbar
98
+ name: addressable
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.8.1
103
+ version: '2.5'
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.8.1
110
+ version: '2.5'
111
111
  - !ruby/object:Gem::Dependency
112
- name: opt_parse_validator
112
+ name: activesupport
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.0.13.5
117
+ version: '5.0'
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.0.13.5
124
+ version: '5.0'
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rake
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 3.5.0
145
+ version: 3.6.0
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 3.5.0
152
+ version: 3.6.0
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: rspec-its
155
155
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: 0.47.1
187
+ version: 0.50.0
188
188
  type: :development
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: 0.47.1
194
+ version: 0.50.0
195
195
  - !ruby/object:Gem::Dependency
196
196
  name: webmock
197
197
  requirement: !ruby/object:Gem::Requirement
@@ -212,14 +212,28 @@ dependencies:
212
212
  requirements:
213
213
  - - "~>"
214
214
  - !ruby/object:Gem::Version
215
- version: 0.12.0
215
+ version: 0.14.0
216
+ type: :development
217
+ prerelease: false
218
+ version_requirements: !ruby/object:Gem::Requirement
219
+ requirements:
220
+ - - "~>"
221
+ - !ruby/object:Gem::Version
222
+ version: 0.14.0
223
+ - !ruby/object:Gem::Dependency
224
+ name: coveralls
225
+ requirement: !ruby/object:Gem::Requirement
226
+ requirements:
227
+ - - "~>"
228
+ - !ruby/object:Gem::Version
229
+ version: 0.8.0
216
230
  type: :development
217
231
  prerelease: false
218
232
  version_requirements: !ruby/object:Gem::Requirement
219
233
  requirements:
220
234
  - - "~>"
221
235
  - !ruby/object:Gem::Version
222
- version: 0.12.0
236
+ version: 0.8.0
223
237
  description: Framework to provide an easy way to implement CMS Scanners
224
238
  email:
225
239
  - team@wpscan.org