cms_scanner 0.0.37.4 → 0.0.37.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/cms_scanner.gemspec +6 -5
- data/example/.gitignore +13 -0
- data/example/.rspec +2 -0
- data/example/.rubocop.yml +20 -0
- data/example/.travis.yml +25 -0
- data/example/Gemfile +6 -0
- data/example/Rakefile +9 -0
- data/example/app/app.rb +1 -0
- data/example/app/controllers.rb +1 -0
- data/example/app/controllers/example.rb +36 -0
- data/example/app/views/cli/core/banner.erb +3 -0
- data/example/app/views/cli/example/scan_word.erb +5 -0
- data/example/app/views/json/core/banner.erb +3 -0
- data/example/app/views/json/example/scan_word.erb +1 -0
- data/example/bin/cmsscan +9 -0
- data/example/cmsscan.gemspec +52 -0
- data/example/lib/cmsscan.rb +35 -0
- data/example/lib/cmsscan/controller.rb +8 -0
- data/example/lib/cmsscan/target.rb +6 -0
- data/example/lib/cmsscan/version.rb +4 -0
- data/lib/cms_scanner/controllers.rb +2 -0
- data/lib/cms_scanner/formatter.rb +1 -1
- data/lib/cms_scanner/numeric.rb +1 -1
- data/lib/cms_scanner/references.rb +7 -7
- data/lib/cms_scanner/version.rb +1 -1
- metadata +31 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 47d1a0b7f0276e308175ef18ae1b81b82adce2ab
|
4
|
+
data.tar.gz: a4ea66a54e4ff800caf8f00347fe57074a2ae0eb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1462e16abe07489a5a018b7e3190838c24053ac1a2ce77346d865e179c7eb273b6d2e0360f9721a62a143f9cc579ecd3499bfbec4fd7ba68ffc52c6158cb362e
|
7
|
+
data.tar.gz: 052528fc8276c8d4396e7a833164047cf67978d7c10d794b1e7f12fc91faf9053dbbba4cf4aa9d26a5431d9e32b2ea47be91d7f9b78d775e9758ab7acac0c8b0
|
data/README.md
CHANGED
@@ -9,6 +9,12 @@ The goal of this gem is to provide a quick and easy way to create a CMS/WebSite
|
|
9
9
|
|
10
10
|
## /!\ This gem is currently Experimental /!\
|
11
11
|
|
12
|
+
## A basic implementation example is available in the example folder.
|
13
|
+
|
14
|
+
To start to play with it, copy all its files and folders into a new git repository and run ```bundle install && rake install`` inside it.
|
15
|
+
It will create a ```cmsscan``` command that you can run against a target, ie ```cmsscan --url https://www.google.com```
|
16
|
+
|
17
|
+
|
12
18
|
Install Dependencies: ```bundle install```
|
13
19
|
|
14
20
|
## Contributing
|
data/cms_scanner.gemspec
CHANGED
@@ -27,16 +27,17 @@ Gem::Specification.new do |s|
|
|
27
27
|
|\.travis.yml
|
28
28
|
)$}x
|
29
29
|
end
|
30
|
+
|
30
31
|
s.test_files = []
|
31
32
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
32
33
|
s.require_path = 'lib'
|
33
34
|
|
34
35
|
s.add_dependency 'typhoeus', '~> 1.1.0'
|
35
36
|
s.add_dependency 'nokogiri', '~> 1.6.8.1'
|
36
|
-
s.add_dependency 'yajl-ruby', '~> 1.
|
37
|
-
s.add_dependency 'addressable', '~> 2.
|
37
|
+
s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
|
38
|
+
s.add_dependency 'addressable', '~> 2.5.0'
|
38
39
|
s.add_dependency 'activesupport', '~> 5.0.0.1'
|
39
|
-
s.add_dependency 'public_suffix', '~>
|
40
|
+
s.add_dependency 'public_suffix', '~> 2.0.3' # Need to look at changes in the v2
|
40
41
|
s.add_dependency 'ruby-progressbar', '~> 1.8.1'
|
41
42
|
s.add_dependency 'opt_parse_validator', '~> 0.0.13.3'
|
42
43
|
|
@@ -44,7 +45,7 @@ Gem::Specification.new do |s|
|
|
44
45
|
s.add_development_dependency 'rspec', '~> 3.5.0'
|
45
46
|
s.add_development_dependency 'rspec-its', '~> 1.2.0'
|
46
47
|
s.add_development_dependency 'bundler', '~> 1.6'
|
47
|
-
s.add_development_dependency 'rubocop', '~> 0.
|
48
|
-
s.add_development_dependency 'webmock', '~> 1.22'
|
48
|
+
s.add_development_dependency 'rubocop', '~> 0.45.0'
|
49
|
+
s.add_development_dependency 'webmock', '~> 1.22.0'
|
49
50
|
s.add_development_dependency 'simplecov', '~> 0.12.0'
|
50
51
|
end
|
data/example/.gitignore
ADDED
data/example/.rspec
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
AllCops:
|
2
|
+
Exclude:
|
3
|
+
- '*.gemspec'
|
4
|
+
- 'vendor/**/*'
|
5
|
+
LineLength:
|
6
|
+
Max: 120
|
7
|
+
ClassVars:
|
8
|
+
Enabled: false
|
9
|
+
Style/RescueModifier:
|
10
|
+
Enabled: false
|
11
|
+
Style/SignalException:
|
12
|
+
EnforcedStyle: semantic
|
13
|
+
MethodLength:
|
14
|
+
Max: 17
|
15
|
+
Metrics/AbcSize:
|
16
|
+
Max: 25
|
17
|
+
Metrics/CyclomaticComplexity:
|
18
|
+
Max: 10
|
19
|
+
Metrics/PerceivedComplexity:
|
20
|
+
Max: 9
|
data/example/.travis.yml
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# Not setup yet
|
2
|
+
language: ruby
|
3
|
+
sudo: false
|
4
|
+
cache: bundler
|
5
|
+
rvm:
|
6
|
+
- 2.1.0
|
7
|
+
- 2.1.1
|
8
|
+
- 2.1.2
|
9
|
+
- 2.1.3
|
10
|
+
- 2.1.4
|
11
|
+
- 2.1.5
|
12
|
+
- 2.1.6
|
13
|
+
- 2.2.0
|
14
|
+
- 2.2.1
|
15
|
+
- 2.2.2
|
16
|
+
- 2.2.3
|
17
|
+
- ruby-head
|
18
|
+
before_install:
|
19
|
+
- "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
|
20
|
+
matrix:
|
21
|
+
allow_failures:
|
22
|
+
- rvm: ruby-head
|
23
|
+
script:
|
24
|
+
- bundle exec rspec
|
25
|
+
- bundle exec rubocop
|
data/example/Gemfile
ADDED
data/example/Rakefile
ADDED
data/example/app/app.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require_relative 'controllers'
|
@@ -0,0 +1 @@
|
|
1
|
+
require_relative 'controllers/example'
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module CMSScan
|
2
|
+
module Controller
|
3
|
+
# Example Controller
|
4
|
+
class Example < CMSScanner::Controller::Core
|
5
|
+
# @return [ Array<OptParseValidator::Opt> ]
|
6
|
+
def cli_options
|
7
|
+
[
|
8
|
+
OptString.new(['--dummy VALUE', 'Dummy CLI Option'])
|
9
|
+
]
|
10
|
+
end
|
11
|
+
|
12
|
+
def before_scan
|
13
|
+
# Anything to do before ?
|
14
|
+
end
|
15
|
+
|
16
|
+
def run
|
17
|
+
# Let's check and display whether or not the word 'scan' is present in the homepage of the target
|
18
|
+
|
19
|
+
is_present = target.homepage_res.body =~ /scan/ ? true : false
|
20
|
+
|
21
|
+
output('scan_word', is_present: is_present)
|
22
|
+
end
|
23
|
+
|
24
|
+
# Alternative way of doing it
|
25
|
+
def run2
|
26
|
+
@is_present = Browser.get(target.homepage_url).body =~ /scan/ ? true : false
|
27
|
+
|
28
|
+
output('scan_word')
|
29
|
+
end
|
30
|
+
|
31
|
+
def after_scan
|
32
|
+
# Anything after ?
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
"scan_word_present": <%= @is_present.to_json %>,
|
data/example/bin/cmsscan
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
|
5
|
+
require 'cmsscan/version'
|
6
|
+
|
7
|
+
Gem::Specification.new do |s|
|
8
|
+
s.name = 'cmsscan'
|
9
|
+
s.version = CMSScan::VERSION
|
10
|
+
s.platform = Gem::Platform::RUBY
|
11
|
+
s.required_ruby_version = '>= 2.1.0'
|
12
|
+
s.authors = ['WPScanTeam']
|
13
|
+
s.date = Time.now.utc.strftime('%Y-%m-%d')
|
14
|
+
s.email = ['team@wpscan.org']
|
15
|
+
s.summary = 'CMSScan Gem Example'
|
16
|
+
s.description = 'CMSScanner Implementation Example'
|
17
|
+
s.homepage = 'https://github.com/wpscanteam/CMSScanner'
|
18
|
+
s.license = 'MIT'
|
19
|
+
|
20
|
+
s.files = `git ls-files -z`.split("\x0").reject do |file|
|
21
|
+
file =~ %r{^(?:
|
22
|
+
spec\/.*
|
23
|
+
|Gemfile
|
24
|
+
|Rakefile
|
25
|
+
|\.rspec
|
26
|
+
|\.gitignore
|
27
|
+
|\.rubocop.yml
|
28
|
+
|\.travis.yml
|
29
|
+
)$}x
|
30
|
+
end
|
31
|
+
|
32
|
+
s.test_files = []
|
33
|
+
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
34
|
+
s.require_path = 'lib'
|
35
|
+
|
36
|
+
s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
|
37
|
+
s.add_dependency 'cms_scanner', '~> 0.0.37.5'
|
38
|
+
s.add_dependency 'activesupport', '~> 5.0.0.1' # Not sure if needed there as already needed in the CMSScanner
|
39
|
+
# DB dependencies
|
40
|
+
s.add_dependency 'dm-core', '~> 1.2.0'
|
41
|
+
s.add_dependency 'dm-migrations', '~> 1.2.0'
|
42
|
+
s.add_dependency 'dm-constraints', '~> 1.2.0'
|
43
|
+
s.add_dependency 'dm-sqlite-adapter', '~> 1.2.0'
|
44
|
+
|
45
|
+
s.add_development_dependency 'rake', '~> 11.3.0'
|
46
|
+
s.add_development_dependency 'rspec', '~> 3.5.0'
|
47
|
+
s.add_development_dependency 'rspec-its', '~> 1.2.0'
|
48
|
+
s.add_development_dependency 'bundler', '~> 1.6'
|
49
|
+
s.add_development_dependency 'rubocop', '~> 0.45.0'
|
50
|
+
s.add_development_dependency 'webmock', '~> 1.22.0'
|
51
|
+
s.add_development_dependency 'simplecov', '~> 0.12.0'
|
52
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# Gems
|
2
|
+
require 'cms_scanner'
|
3
|
+
require 'yajl/json_gem'
|
4
|
+
require 'addressable/uri'
|
5
|
+
require 'active_support/all'
|
6
|
+
# Standard Lib
|
7
|
+
require 'uri'
|
8
|
+
require 'time'
|
9
|
+
require 'readline'
|
10
|
+
require 'securerandom'
|
11
|
+
# Custom Libs
|
12
|
+
require 'cmsscan/target'
|
13
|
+
require 'cmsscan/version'
|
14
|
+
require 'cmsscan/controller'
|
15
|
+
|
16
|
+
Encoding.default_external = Encoding::UTF_8
|
17
|
+
|
18
|
+
# CMSScan
|
19
|
+
module CMSScan
|
20
|
+
include CMSScanner
|
21
|
+
|
22
|
+
APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
|
23
|
+
# Not needed in this example
|
24
|
+
# DB_DIR = File.join(Dir.home, '.cmsscan', 'db')
|
25
|
+
|
26
|
+
# Override, otherwise it would be returned as 'cms_scan'
|
27
|
+
# doesn't really matter in this example.
|
28
|
+
#
|
29
|
+
# @return [ String ]
|
30
|
+
def self.app_name
|
31
|
+
'cmsscan'
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
require "#{CMSScan::APP_DIR}/app"
|
@@ -131,7 +131,7 @@ module CMSScanner
|
|
131
131
|
@views_directories ||= [
|
132
132
|
APP_DIR, NS::APP_DIR,
|
133
133
|
File.join(Dir.home, ".#{NS.app_name}"), File.join(Dir.pwd, ".#{NS.app_name}")
|
134
|
-
].uniq.reduce([]) { |
|
134
|
+
].uniq.reduce([]) { |acc, elem| acc << Pathname.new(elem).join('views').to_s }
|
135
135
|
end
|
136
136
|
end
|
137
137
|
end
|
data/lib/cms_scanner/numeric.rb
CHANGED
@@ -3,7 +3,7 @@ class Numeric
|
|
3
3
|
# @return [ String ] A human readable string of the value
|
4
4
|
def bytes_to_human
|
5
5
|
units = %w(B KB MB GB TB)
|
6
|
-
e = (Math.log(abs) / Math.log(1024)).floor
|
6
|
+
e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
|
7
7
|
s = format('%.3f', (abs.to_f / 1024**e))
|
8
8
|
|
9
9
|
s.sub(/\.?0*$/, ' ' + units[e])
|
@@ -38,7 +38,7 @@ module CMSScanner
|
|
38
38
|
|
39
39
|
# @return [ Array<String> ]
|
40
40
|
def cve_urls
|
41
|
-
cves.reduce([]) { |
|
41
|
+
cves.reduce([]) { |acc, elem| acc << cve_url(elem) }
|
42
42
|
end
|
43
43
|
|
44
44
|
# @return [ String ] The URL to the CVE
|
@@ -53,7 +53,7 @@ module CMSScanner
|
|
53
53
|
|
54
54
|
# @return [ Array<String> ]
|
55
55
|
def secunia_urls
|
56
|
-
secunia_ids.reduce([]) { |
|
56
|
+
secunia_ids.reduce([]) { |acc, elem| acc << secunia_url(elem) }
|
57
57
|
end
|
58
58
|
|
59
59
|
# @return [ String ] The URL to the Secunia advisory
|
@@ -68,7 +68,7 @@ module CMSScanner
|
|
68
68
|
|
69
69
|
# @return [ Array<String> ]
|
70
70
|
def osvdb_urls
|
71
|
-
osvdb_ids.reduce([]) { |
|
71
|
+
osvdb_ids.reduce([]) { |acc, elem| acc << osvdb_url(elem) }
|
72
72
|
end
|
73
73
|
|
74
74
|
# @return [ String ] The URL to the ExploitDB advisory
|
@@ -83,7 +83,7 @@ module CMSScanner
|
|
83
83
|
|
84
84
|
# @return [ Array<String> ]
|
85
85
|
def exploitdb_urls
|
86
|
-
exploitdb_ids.reduce([]) { |
|
86
|
+
exploitdb_ids.reduce([]) { |acc, elem| acc << exploitdb_url(elem) }
|
87
87
|
end
|
88
88
|
|
89
89
|
# @return [ String ]
|
@@ -103,7 +103,7 @@ module CMSScanner
|
|
103
103
|
|
104
104
|
# @return [ Array<String> ]
|
105
105
|
def msf_urls
|
106
|
-
msf_modules.reduce([]) { |
|
106
|
+
msf_modules.reduce([]) { |acc, elem| acc << msf_url(elem) }
|
107
107
|
end
|
108
108
|
|
109
109
|
# @return [ String ] The URL to the metasploit module page
|
@@ -118,7 +118,7 @@ module CMSScanner
|
|
118
118
|
|
119
119
|
# @return [ Array<String> ]
|
120
120
|
def packetstorm_urls
|
121
|
-
packetstorm_ids.reduce([]) { |
|
121
|
+
packetstorm_ids.reduce([]) { |acc, elem| acc << packetstorm_url(elem) }
|
122
122
|
end
|
123
123
|
|
124
124
|
# @return [ String ]
|
@@ -133,7 +133,7 @@ module CMSScanner
|
|
133
133
|
|
134
134
|
# @return [ Array<String> ]
|
135
135
|
def securityfocus_urls
|
136
|
-
securityfocus_ids.reduce([]) { |
|
136
|
+
securityfocus_ids.reduce([]) { |acc, elem| acc << securityfocus_url(elem) }
|
137
137
|
end
|
138
138
|
|
139
139
|
# @return [ String ]
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.37.
|
4
|
+
version: 0.0.37.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: typhoeus
|
@@ -44,28 +44,28 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.
|
47
|
+
version: 1.3.0
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1.
|
54
|
+
version: 1.3.0
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: addressable
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 2.
|
61
|
+
version: 2.5.0
|
62
62
|
type: :runtime
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 2.
|
68
|
+
version: 2.5.0
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: activesupport
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +86,14 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
89
|
+
version: 2.0.3
|
90
90
|
type: :runtime
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
96
|
+
version: 2.0.3
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: ruby-progressbar
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -184,28 +184,28 @@ dependencies:
|
|
184
184
|
requirements:
|
185
185
|
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
|
-
version: 0.
|
187
|
+
version: 0.45.0
|
188
188
|
type: :development
|
189
189
|
prerelease: false
|
190
190
|
version_requirements: !ruby/object:Gem::Requirement
|
191
191
|
requirements:
|
192
192
|
- - "~>"
|
193
193
|
- !ruby/object:Gem::Version
|
194
|
-
version: 0.
|
194
|
+
version: 0.45.0
|
195
195
|
- !ruby/object:Gem::Dependency
|
196
196
|
name: webmock
|
197
197
|
requirement: !ruby/object:Gem::Requirement
|
198
198
|
requirements:
|
199
199
|
- - "~>"
|
200
200
|
- !ruby/object:Gem::Version
|
201
|
-
version:
|
201
|
+
version: 1.22.0
|
202
202
|
type: :development
|
203
203
|
prerelease: false
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
205
205
|
requirements:
|
206
206
|
- - "~>"
|
207
207
|
- !ruby/object:Gem::Version
|
208
|
-
version:
|
208
|
+
version: 1.22.0
|
209
209
|
- !ruby/object:Gem::Dependency
|
210
210
|
name: simplecov
|
211
211
|
requirement: !ruby/object:Gem::Requirement
|
@@ -266,6 +266,25 @@ files:
|
|
266
266
|
- app/views/json/interesting_findings/findings.erb
|
267
267
|
- app/views/json/scan_aborted.erb
|
268
268
|
- cms_scanner.gemspec
|
269
|
+
- example/.gitignore
|
270
|
+
- example/.rspec
|
271
|
+
- example/.rubocop.yml
|
272
|
+
- example/.travis.yml
|
273
|
+
- example/Gemfile
|
274
|
+
- example/Rakefile
|
275
|
+
- example/app/app.rb
|
276
|
+
- example/app/controllers.rb
|
277
|
+
- example/app/controllers/example.rb
|
278
|
+
- example/app/views/cli/core/banner.erb
|
279
|
+
- example/app/views/cli/example/scan_word.erb
|
280
|
+
- example/app/views/json/core/banner.erb
|
281
|
+
- example/app/views/json/example/scan_word.erb
|
282
|
+
- example/bin/cmsscan
|
283
|
+
- example/cmsscan.gemspec
|
284
|
+
- example/lib/cmsscan.rb
|
285
|
+
- example/lib/cmsscan/controller.rb
|
286
|
+
- example/lib/cmsscan/target.rb
|
287
|
+
- example/lib/cmsscan/version.rb
|
269
288
|
- lib/cms_scanner.rb
|
270
289
|
- lib/cms_scanner/browser.rb
|
271
290
|
- lib/cms_scanner/browser/actions.rb
|