cms_scanner 0.0.37.2 → 0.0.37.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/core.rb +10 -3
- data/app/finders/interesting_findings/headers.rb +1 -1
- data/app/finders/interesting_findings/xml_rpc.rb +2 -2
- data/app/views/cli/core/started.erb +3 -0
- data/app/views/json/core/started.erb +2 -1
- data/cms_scanner.gemspec +1 -1
- data/lib/cms_scanner/finders/finder.rb +8 -4
- data/lib/cms_scanner/finders/finder/enumerator.rb +2 -2
- data/lib/cms_scanner/finders/finder/fingerprinter.rb +2 -2
- data/lib/cms_scanner/finders/finder/smart_url_checker.rb +1 -1
- data/lib/cms_scanner/mocked_progress_bar.rb +38 -0
- data/lib/cms_scanner/version.rb +1 -1
- data/lib/cms_scanner/web_site.rb +16 -0
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 611e0d1894e5db176095c3b09feefa68077b2260
|
4
|
+
data.tar.gz: 8428392f787410217a9d421bcdc02ecc6abcdb36
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9c908a4747c6b4c3f2c388d091b151de36db62f0267504a22d2c2826d34e7364e5f90f835d214c4e22b8d9170662a93aa5dfba0c7a55bb0919c4069b570cb588
|
7
|
+
data.tar.gz: d45977ecf51a409ce89ad85ff1305539bf44f4e4a2a4296566850d39016c5de4338769dae986a35e9b2ebe85c228d71007fe150cba88ad6bf8fb56a04dbce082
|
data/app/controllers/core.rb
CHANGED
@@ -38,15 +38,22 @@ module CMSScanner
|
|
38
38
|
fail ProxyAuthRequiredError
|
39
39
|
end
|
40
40
|
|
41
|
-
|
42
|
-
|
41
|
+
# Checks for redirects
|
42
|
+
# An out of scope redirect will raise an HTTPRedirectError
|
43
|
+
effective_url = target.homepage_res.effective_url
|
44
|
+
|
45
|
+
return if target.in_scope?(effective_url)
|
46
|
+
|
47
|
+
fail HTTPRedirectError, effective_url unless parsed_options[:ignore_main_redirect]
|
48
|
+
|
49
|
+
target.homepage_res = res
|
43
50
|
end
|
44
51
|
|
45
52
|
def run
|
46
53
|
@start_time = Time.now
|
47
54
|
@start_memory = memory_usage
|
48
55
|
|
49
|
-
output('started', url: target.url)
|
56
|
+
output('started', url: target.url, effective_url: target.homepage_url)
|
50
57
|
end
|
51
58
|
|
52
59
|
def after_scan
|
@@ -5,7 +5,7 @@ module CMSScanner
|
|
5
5
|
class Headers < Finder
|
6
6
|
# @return [ InterestingFinding ]
|
7
7
|
def passive(_opts = {})
|
8
|
-
r = NS::Headers.new(target.
|
8
|
+
r = NS::Headers.new(target.homepage_url, confidence: 100, found_by: found_by)
|
9
9
|
|
10
10
|
r.interesting_entries.empty? ? nil : r
|
11
11
|
end
|
@@ -15,7 +15,7 @@ module CMSScanner
|
|
15
15
|
|
16
16
|
# @return [ XMLRPC ]
|
17
17
|
def passive_headers(_opts = {})
|
18
|
-
url =
|
18
|
+
url = target.homepage_res.headers['X-Pingback']
|
19
19
|
|
20
20
|
return unless target.in_scope?(url)
|
21
21
|
potential_urls << url
|
@@ -25,7 +25,7 @@ module CMSScanner
|
|
25
25
|
|
26
26
|
# @return [ XMLRPC ]
|
27
27
|
def passive_body(_opts = {})
|
28
|
-
|
28
|
+
target.homepage_res.html.css('link[rel="pingback"]').each do |tag|
|
29
29
|
url = tag.attribute('href').to_s
|
30
30
|
|
31
31
|
next unless target.in_scope?(url)
|
data/cms_scanner.gemspec
CHANGED
@@ -34,7 +34,7 @@ Gem::Specification.new do |s|
|
|
34
34
|
s.add_dependency 'typhoeus', '~> 0.8.0'
|
35
35
|
s.add_dependency 'nokogiri', '~> 1.6.7.0'
|
36
36
|
s.add_dependency 'yajl-ruby', '~> 1.2.1' # Better JSON parser regarding memory usage
|
37
|
-
s.add_dependency 'addressable', '~> 2.
|
37
|
+
s.add_dependency 'addressable', '~> 2.4.0'
|
38
38
|
s.add_dependency 'activesupport', '~> 4.2.0'
|
39
39
|
s.add_dependency 'public_suffix', '~> 1.5.0'
|
40
40
|
s.add_dependency 'ruby-progressbar', '~> 1.7.5'
|
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'cms_scanner/mocked_progress_bar'
|
1
2
|
require 'cms_scanner/finders/finder/smart_url_checker'
|
2
3
|
require 'cms_scanner/finders/finder/enumerator'
|
3
4
|
require 'cms_scanner/finders/finder/fingerprinter'
|
@@ -9,7 +10,7 @@ module CMSScanner
|
|
9
10
|
# Constants for common found_by
|
10
11
|
DIRECT_ACCESS = 'Direct Access (Aggressive Detection)'
|
11
12
|
|
12
|
-
attr_accessor :target
|
13
|
+
attr_accessor :target, :progress_bar
|
13
14
|
|
14
15
|
def initialize(target)
|
15
16
|
@target = target
|
@@ -29,10 +30,13 @@ module CMSScanner
|
|
29
30
|
end
|
30
31
|
|
31
32
|
# @param [ Hash ] opts See https://github.com/jfelchner/ruby-progressbar/wiki/Options
|
33
|
+
# @option opts [ Boolean ] :show_progression
|
32
34
|
#
|
33
|
-
# @return [ ProgressBar::Base ]
|
34
|
-
def
|
35
|
-
|
35
|
+
# @return [ ProgressBar::Base, CMSScanner::MockedProgressBar ]
|
36
|
+
def create_progress_bar(opts = {})
|
37
|
+
klass = opts[:show_progression] ? ProgressBar : MockedProgressBar
|
38
|
+
|
39
|
+
@progress_bar = klass.create({ format: '%t %a <%B> (%c / %C) %P%% %e' }.merge(opts))
|
36
40
|
end
|
37
41
|
|
38
42
|
# @return [ Browser ]
|
@@ -10,13 +10,13 @@ module CMSScanner
|
|
10
10
|
#
|
11
11
|
# @yield [ Typhoeus::Response, String ]
|
12
12
|
def enumerate(target_urls, opts = {})
|
13
|
-
|
13
|
+
create_progress_bar(opts.merge(total: target_urls.size)) # if opts[:show_progression]
|
14
14
|
|
15
15
|
target_urls.each do |url, id|
|
16
16
|
request = browser.forge_request(url, request_params)
|
17
17
|
|
18
18
|
request.on_complete do |res|
|
19
|
-
|
19
|
+
progress_bar.increment
|
20
20
|
|
21
21
|
next if target.homepage_or_404?(res)
|
22
22
|
next if opts[:exclude_content] && res.body.match(opts[:exclude_content])
|
@@ -23,14 +23,14 @@ module CMSScanner
|
|
23
23
|
# @yield [ Mixed, String, String ] version/s, url, hash The version associated to the
|
24
24
|
# fingerprint of the url
|
25
25
|
def fingerprint(fingerprints, opts = {})
|
26
|
-
|
26
|
+
create_progress_bar(opts.merge(total: fingerprints.size)) # if opts[:show_progression]
|
27
27
|
|
28
28
|
fingerprints.each do |path, f|
|
29
29
|
url = target.url(path.dup)
|
30
30
|
request = browser.forge_request(url, request_params)
|
31
31
|
|
32
32
|
request.on_complete do |res|
|
33
|
-
|
33
|
+
progress_bar.increment
|
34
34
|
|
35
35
|
md5sum = hexdigest(res.body)
|
36
36
|
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module CMSScanner
|
2
|
+
# ProgressBar to be used in formatter w/o user_interaction such as
|
3
|
+
# JSON etc, to still be able to have a log of messages to output.
|
4
|
+
# The object must implement the methods in ruby-progressbar
|
5
|
+
# and used in CMSScanner, See https://github.com/jfelchner/ruby-progressbar
|
6
|
+
class MockedProgressBar
|
7
|
+
attr_reader :increment, :finish
|
8
|
+
|
9
|
+
def self.create(opts = {})
|
10
|
+
new(opts)
|
11
|
+
end
|
12
|
+
|
13
|
+
def initialize(_opts = {})
|
14
|
+
end
|
15
|
+
|
16
|
+
# @return [ Integer ]
|
17
|
+
def total
|
18
|
+
0
|
19
|
+
end
|
20
|
+
|
21
|
+
def total=(_total)
|
22
|
+
end
|
23
|
+
|
24
|
+
# @return [ Array<String> ]
|
25
|
+
def logs
|
26
|
+
@logs ||= []
|
27
|
+
end
|
28
|
+
|
29
|
+
# @param [ String, nil ] message
|
30
|
+
#
|
31
|
+
# @return [ Mixed ]
|
32
|
+
def log(message = nil)
|
33
|
+
return logs unless message
|
34
|
+
|
35
|
+
logs << message
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/lib/cms_scanner/version.rb
CHANGED
data/lib/cms_scanner/web_site.rb
CHANGED
@@ -36,6 +36,22 @@ module CMSScanner
|
|
36
36
|
@uri.join(URI.encode(path)).to_s
|
37
37
|
end
|
38
38
|
|
39
|
+
attr_writer :homepage_res
|
40
|
+
|
41
|
+
# @return [ Typhoeus::Response ]
|
42
|
+
#
|
43
|
+
# As webmock does not support redirects mocking, coverage is ignored
|
44
|
+
# :nocov:
|
45
|
+
def homepage_res
|
46
|
+
@homepage_res ||= NS::Browser.get_and_follow_location(url)
|
47
|
+
end
|
48
|
+
# :nocov:
|
49
|
+
|
50
|
+
# @return [ String ]
|
51
|
+
def homepage_url
|
52
|
+
@homepage_url ||= homepage_res.effective_url
|
53
|
+
end
|
54
|
+
|
39
55
|
# Checks if the remote website is up.
|
40
56
|
#
|
41
57
|
# @param [ String ] path
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.37.
|
4
|
+
version: 0.0.37.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-12-
|
11
|
+
date: 2015-12-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: typhoeus
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 2.
|
61
|
+
version: 2.4.0
|
62
62
|
type: :runtime
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 2.
|
68
|
+
version: 2.4.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: activesupport
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -294,6 +294,7 @@ files:
|
|
294
294
|
- lib/cms_scanner/formatter.rb
|
295
295
|
- lib/cms_scanner/formatter/buffer.rb
|
296
296
|
- lib/cms_scanner/helper.rb
|
297
|
+
- lib/cms_scanner/mocked_progress_bar.rb
|
297
298
|
- lib/cms_scanner/numeric.rb
|
298
299
|
- lib/cms_scanner/public_suffix/domain.rb
|
299
300
|
- lib/cms_scanner/references.rb
|