cms_scanner 0.0.37.11 → 0.0.37.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c376858b468a812426ee0a8a03e0ed1b8438aa9a
-  data.tar.gz: 8bef1d95502b66606ed62a047adb148c478ea890
+  metadata.gz: 92c1a1bc745065a29c4770a7ff9143749f5373ea
+  data.tar.gz: 3ee76b460d6cd72f72aa03eb0beb095e367aa663
 SHA512:
-  metadata.gz: 169a9923ed5278e55f84b316aea96ce43d8b0880474d6683c4d4d814a4efaa3d6039ad024bb8e6d869a7844f547d84d8f7886f4a8961735368cd6b7e35890704
-  data.tar.gz: 2be9cdba79eb8fbaf4dd70e834815abcc50fce34f75eff1d76e928b103c43bc941c2d981b4b57d658fa7e959c54cca8a90ec3ba66739eb09d0d58ef4c30ddc36
+  metadata.gz: 756dd179151bbf8a904b1a8ee2a206e39b9a76cbe8891a3cabc80b71670cb87550385709246bb5c67f82309cb9f675c03ee622cc2116fccf038442820aac5ab9
+  data.tar.gz: 45eacba22c283773bf2cb8eb8e7dcc0694fa263a54d5932b6e6d2bf2a3adc0437de2d7db2566b9aab9903ccdc7c8a6836542a267d400b637000c5ce1b25a58f6

data/app/controllers/core/cli_options.rb

@@ -15,7 +15,7 @@ module CMSScanner
           OptChoice.new(['--detection-mode MODE'],
                         choices: %w[mixed passive aggressive],
                         normalize: :to_sym,
-                        default: :mixed),
+                        default: 'mixed'),
           OptArray.new(['--scope DOMAINS',
                         'Comma separated (sub-)domains to consider in scope. ',
                         'Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld'])
@@ -31,13 +31,13 @@ module CMSScanner
                            'List of agents to use with --random-user-agent'], exists: true),
           OptCredentials.new(['--http-auth login:password']),
           OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
-                                 default: 5),
+                                 default: '5'),
           OptPositiveInteger.new(['--throttle MilliSeconds', 'Milliseconds to wait before doing another web request. ' \
                                   'If used, the max threads will be set to 1.']),
           OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
-                                 default: 60),
+                                 default: '60'),
           OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
-                                 default: 30)
+                                 default: '30')
         ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
       end
 
@@ -67,7 +67,8 @@ module CMSScanner
                          'format: cookie1=value1[; cookie2=value2]']),
           OptFilePath.new(['--cookie-jar FILE-PATH', 'File to read and write cookies'],
                           writable: true,
-                          exists: false,
+                          readable: true,
+                          create: true,
                           default: File.join(tmp_directory, 'cookie_jar.txt'))
         ]
       end
@@ -75,11 +76,12 @@ module CMSScanner
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_browser_cache_options
         [
-          OptInteger.new(['--cache-ttl TIME_TO_LIVE', 'The cache time to live in seconds'], default: 600),
+          OptInteger.new(['--cache-ttl TIME_TO_LIVE', 'The cache time to live in seconds'], default: '600'),
           OptBoolean.new(['--clear-cache', 'Clear the cache before the scan']),
           OptDirectoryPath.new(['--cache-dir PATH'],
                                readable: true,
                                writable: true,
+                               create: true,
                                default: File.join(tmp_directory, 'cache'))
         ]
       end

data/cms_scanner.gemspec

@@ -37,7 +37,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
   s.add_dependency 'public_suffix', '~> 3.0.0'
   s.add_dependency 'ruby-progressbar', '~> 1.9.0'
-  s.add_dependency 'opt_parse_validator', '~> 0.0.13.8'
+  s.add_dependency 'opt_parse_validator', '~> 0.0.13.11'
 
   # Already required by opt_parse_validator
   # so version restriction loosen to avoid potential future conflicts
@@ -45,7 +45,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'activesupport', '~> 5.0'
 
   s.add_development_dependency 'rake', '~> 12.0'
-  s.add_development_dependency 'rspec', '~> 3.6.0'
+  s.add_development_dependency 'rspec', '~> 3.7.0'
   s.add_development_dependency 'rspec-its', '~> 1.2.0'
   s.add_development_dependency 'bundler', '~> 1.6'
   s.add_development_dependency 'rubocop', '~> 0.50.0'

data/lib/cms_scanner/finders/finder/fingerprinter.rb

@@ -4,7 +4,7 @@ module CMSScanner
       # Module to provide an easy way to fingerprint things such as versions
       module Fingerprinter
         # @param [ Hash ] fingerprints The fingerprints
-        # Format should be the following:
+        # Format should be like the following:
         # {
         #   file_path_1: {
         #     md5_hash_1: version_1,
@@ -23,7 +23,7 @@ module CMSScanner
         # @yield [ Mixed, String, String ] version/s, url, hash The version associated to the
         #                                                       fingerprint of the url
         def fingerprint(fingerprints, opts = {})
-          create_progress_bar(opts.merge(total: fingerprints.size)) # if opts[:show_progression]
+          create_progress_bar(opts.merge(total: fingerprints.size))
 
           fingerprints.each do |path, f|
             url     = target.url(path.dup)

data/lib/cms_scanner/target/hashes.rb

@@ -9,7 +9,12 @@ module CMSScanner
     def self.page_hash(page)
       page = NS::Browser.get(page, followlocation: true) unless page.is_a?(Typhoeus::Response)
 
-      Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
+      # Removes comments and script tags before computing the hash
+      # to remove any potential cached stuff
+      html = Nokogiri::HTML(page.body)
+      html.xpath('//script|//comment()').each(&:remove)
+
+      Digest::MD5.hexdigest(html)
     end
 
     # @return [ String ] The hash of the homepage

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.37.11'.freeze
+  VERSION = '0.0.37.12'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.37.11
+  version: 0.0.37.12
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-06 00:00:00.000000000 Z
+date: 2017-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.13.8
+        version: 0.0.13.11
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.13.8
+        version: 0.0.13.11
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -142,14 +142,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.7.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement