cms_scanner 0.0.37.9 → 0.0.37.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 51512e1c22d92caefdd529903641464e1773f5a0
-  data.tar.gz: 1347eebde5a09c12a85a68d6183c6483ef94065c
+  metadata.gz: 1916be2912eec9204b9acf8c0cb4d145e7f7dd76
+  data.tar.gz: 4235cf913d353741905ba1ba5e4114d5fa2a7316
 SHA512:
-  metadata.gz: cc50993c008256b054b070e52a247063147a4d5c0230c13c59bc76dcc8bd1472e4f7c15aa244944bbfaa1fd9fea4272419925cac28973394a66e1a97d552c484
-  data.tar.gz: 9bad381206895359dd2c28a2df3f37b990e9b41ee14006190aab5fcbbd1140fd1d83ee5fa26cdff3c34de9c4d9f51fa7527a8ce959a968036c38f5d004cdce0b
+  metadata.gz: 16f5b5dd3ab709a33330650979255ee639d757a93c7c1b15c9e27b20b16fc7e91b09cef99bd6c4b218fe592b904e32ca549f9cbe4952be5129b3d23e8c9dcb45
+  data.tar.gz: c0825cfe663eb1ae87bfa8fc27eaf9f489cad2400eb64a22fcb2f15cc5bf69b6ae9886c856fba7430b9bd51609c9b3367f2360a0e9b0f8ae15028217c02942a4

data/app/controllers/core/cli_options.rb

@@ -8,12 +8,12 @@ module CMSScanner
         [
           OptURL.new(['-u', '--url URL', 'The URL to scan'], required: true, default_protocol: 'http'),
           OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect if any and scan the target url']),
-          OptBoolean.new(%w(-v --verbose)),
+          OptBoolean.new(%w[-v --verbose]),
           OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
           OptChoice.new(['-f', '--format FORMAT',
                          'Output results in the format supplied'], choices: formats),
           OptChoice.new(['--detection-mode MODE'],
-                        choices: %w(mixed passive aggressive),
+                        choices: %w[mixed passive aggressive],
                         normalize: :to_sym,
                         default: :mixed),
           OptArray.new(['--scope DOMAINS',
@@ -24,9 +24,7 @@ module CMSScanner
 
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_browser_options
-        [
-          OptString.new(['--user-agent VALUE', '--ua']),
-          OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests']),
+        cli_browser_headers_options + [
           OptBoolean.new(['--random-user-agent', '--rua',
                           'Use a random user-agent for each scan']),
           OptFilePath.new(['--user-agents-list FILE-PATH',
@@ -43,6 +41,15 @@ module CMSScanner
         ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
       end
 
+      # @return [ Array<OptParseValidator::OptBase> ]
+      def cli_browser_headers_options
+        [
+          OptString.new(['--user-agent VALUE', '--ua']),
+          OptHeaders.new(['--headers HEADERS', 'Additional headers to append in requests']),
+          OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests'])
+        ]
+      end
+
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_browser_proxy_options
         [

data/app/controllers/interesting_findings.rb

@@ -7,7 +7,7 @@ module CMSScanner
           OptChoice.new(
             ['--interesting-findings-detection MODE',
              'Use the supplied mode for the interesting findings detection. '],
-            choices: %w(mixed passive aggressive),
+            choices: %w[mixed passive aggressive],
             normalize: :to_sym
           )
         ]

data/app/finders/interesting_findings.rb

@@ -13,7 +13,7 @@ module CMSScanner
 
         # @param [ CMSScanner::Target ] target
         def initialize(target)
-          %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
+          %w[Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC].each do |f|
             finders << NS::Finders::InterestingFindings.const_get(f).new(target)
           end
         end

data/app/models/headers.rb

@@ -22,13 +22,13 @@ module CMSScanner
 
     # @return [ Array<String> ] Downcased known headers
     def known_headers
-      %w(
+      %w[
         age accept-ranges cache-control content-encoding content-length content-type connection date
         etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
         transfer-encoding vary x-cache x-content-security-policy x-content-type-options
         x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
         x-webkit-csp x-xss-protection
-      )
+      ]
     end
 
     def eql?(other)

data/cms_scanner.gemspec

@@ -32,20 +32,24 @@ Gem::Specification.new do |s|
   s.executables           = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.require_path          = 'lib'
 
-  s.add_dependency 'typhoeus', '~> 1.1.0'
-  s.add_dependency 'nokogiri', '~> 1.7.1'
+  s.add_dependency 'typhoeus', '~> 1.3.0'
+  s.add_dependency 'nokogiri', '~> 1.8.0'
   s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
-  s.add_dependency 'addressable', '~> 2.5.0'
-  s.add_dependency 'activesupport', '~> 5.0.1'
-  s.add_dependency 'public_suffix', '~> 2.0.3'
+  s.add_dependency 'public_suffix', '~> 3.0.0'
   s.add_dependency 'ruby-progressbar', '~> 1.8.1'
-  s.add_dependency 'opt_parse_validator', '~> 0.0.13.5'
+  s.add_dependency 'opt_parse_validator', '~> 0.0.13.7'
+
+  # Already required by opt_parse_validator
+  # so version restriction loosen to avoid potential future conflicts
+  s.add_dependency 'addressable', '~> 2.5'
+  s.add_dependency 'activesupport', '~> 5.0'
 
   s.add_development_dependency 'rake', '~> 12.0'
-  s.add_development_dependency 'rspec', '~> 3.5.0'
+  s.add_development_dependency 'rspec', '~> 3.6.0'
   s.add_development_dependency 'rspec-its', '~> 1.2.0'
   s.add_development_dependency 'bundler', '~> 1.6'
-  s.add_development_dependency 'rubocop', '~> 0.47.1'
+  s.add_development_dependency 'rubocop', '~> 0.50.0'
   s.add_development_dependency 'webmock', '~> 1.22.0'
-  s.add_development_dependency 'simplecov', '~> 0.12.0' # Can't update to 0.13 as it breaks coveralls dep
+  s.add_development_dependency 'simplecov', '~> 0.14.0' # Can't update to 0.15 as it breaks coveralls dep
+  s.add_development_dependency 'coveralls', '~> 0.8.0'
 end

data/example/cmsscan.gemspec

@@ -1,4 +1,5 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
@@ -33,9 +34,9 @@ Gem::Specification.new do |s|
   s.executables           = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.require_path          = 'lib'
 
-  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
+  s.add_dependency 'yajl-ruby', '~> 1.3' # Better JSON parser regarding memory usage
   s.add_dependency 'cms_scanner', '~> 0.0.37.5'
-  s.add_dependency 'activesupport', '~> 5.0.0.1' # Not sure if needed there as already needed in the CMSScanner
+  s.add_dependency 'activesupport', '~> 5.0'
   # DB dependencies
   s.add_dependency 'dm-core', '~> 1.2.0'
   s.add_dependency 'dm-migrations', '~> 1.2.0'

data/lib/cms_scanner/browser.rb

@@ -48,7 +48,7 @@ module CMSScanner
       params = {
         # Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
         ssl_verifypeer: false, ssl_verifyhost: 0,
-        headers: { 'User-Agent' => user_agent },
+        headers: { 'User-Agent' => user_agent }.merge(headers || {}),
         accept_encoding: 'gzip, deflate',
         method: :get
       }

data/lib/cms_scanner/browser/options.rb

@@ -1,21 +1,22 @@
 module CMSScanner
   # Options available in the Browser
   class Browser
-    OPTIONS = [
-      :cache_ttl,
-      :cookie_jar,
-      :cookie_string,
-      :connect_timeout,
-      :http_auth,
-      :max_threads,
-      :proxy,
-      :proxy_auth,
-      :random_user_agent,
-      :request_timeout,
-      :throttle,
-      :user_agent,
-      :user_agents_list,
-      :vhost
+    OPTIONS = %i[
+      cache_ttl
+      cookie_jar
+      cookie_string
+      connect_timeout
+      headers
+      http_auth
+      max_threads
+      proxy
+      proxy_auth
+      random_user_agent
+      request_timeout
+      throttle
+      user_agent
+      user_agents_list
+      vhost
     ].freeze
 
     attr_accessor(*OPTIONS)

data/lib/cms_scanner/finders/base_finders.rb

@@ -15,7 +15,7 @@ module CMSScanner
       # @param [ Symbol ] mode :mixed, :passive or :aggressive
       # @return [ Array<Symbol> ] The symbols to call for the mode
       def symbols_from_mode(mode)
-        symbols = [:passive, :aggressive]
+        symbols = %i[passive aggressive]
 
         return symbols if mode.nil? || mode == :mixed
         symbols.include?(mode) ? [*mode] : []

data/lib/cms_scanner/finders/finder.rb

@@ -51,7 +51,7 @@ module CMSScanner
         caller_locations.each do |call|
           label = call.label
 
-          next unless label == 'aggressive' || label == 'passive'
+          next unless %w[aggressive passive].include? label
 
           return "#{titleize} (#{label.capitalize} Detection)"
         end

data/lib/cms_scanner/finders/finding.rb

@@ -8,7 +8,7 @@ module CMSScanner
         super(base)
       end
 
-      FINDING_OPTS = [:confidence, :confirmed_by, :references, :found_by, :interesting_entries].freeze
+      FINDING_OPTS = %i[confidence confirmed_by references found_by interesting_entries].freeze
 
       attr_accessor(*FINDING_OPTS)
 

data/lib/cms_scanner/numeric.rb

@@ -2,7 +2,7 @@
 class Numeric
   # @return [ String ] A human readable string of the value
   def bytes_to_human
-    units = %w(B KB MB GB TB)
+    units = %w[B KB MB GB TB]
     e     = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
     s     = format('%.3f', (abs.to_f / 1024**e))
 

data/lib/cms_scanner/references.rb

@@ -7,7 +7,7 @@ module CMSScanner
     module ClassMethods
       # @return [ Array<Symbol> ]
       def references_keys
-        @references_keys ||= [:cve, :secunia, :osvdb, :exploitdb, :url, :metasploit, :packetstorm, :securityfocus]
+        @references_keys ||= %i[cve secunia osvdb exploitdb url metasploit packetstorm securityfocus]
       end
     end
 

data/lib/cms_scanner/target.rb

@@ -62,7 +62,7 @@ module CMSScanner
     # @yield [ String, Nokogiri::XML::Element ] The url and its associated tag
     #
     # @return [ Array<String> ] The absolute URLs detected in the response's body from the HTML tags
-    def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
+    def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
       page    = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
       found   = []
 

data/lib/cms_scanner/target/scope.rb

@@ -22,7 +22,7 @@ module CMSScanner
     # @yield [ String, Nokogiri::XML::Element ] The in scope url and its associated tag
     #
     # @return [ Array<String> ] The in scope absolute URLs detected in the response's body
-    def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
+    def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
       found = []
 
       urls_from_page(res, xpath, attributes) do |url, tag|

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.37.9'.freeze
+  VERSION = '0.0.37.10'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.37.9
+  version: 0.0.37.10
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-21 00:00:00.000000000 Z
+date: 2017-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: yajl-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -53,75 +53,75 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.3.0
 - !ruby/object:Gem::Dependency
-  name: addressable
+  name: public_suffix
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.1
+        version: 1.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.0.1
+        version: 1.8.1
 - !ruby/object:Gem::Dependency
-  name: public_suffix
+  name: opt_parse_validator
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 0.0.13.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 0.0.13.7
 - !ruby/object:Gem::Dependency
-  name: ruby-progressbar
+  name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: '2.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.1
+        version: '2.5'
 - !ruby/object:Gem::Dependency
-  name: opt_parse_validator
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.13.5
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.13.5
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: 3.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.5.0
+        version: 3.6.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.47.1
+        version: 0.50.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.47.1
+        version: 0.50.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -212,14 +212,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: 0.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.12.0
+        version: 0.8.0
 description: Framework to provide an easy way to implement CMS Scanners
 email:
 - team@wpscan.org